2 * ================================================================================
4 * ================================================================================
5 * Copyright (C) 2017 AT&T Intellectual Property
6 * ================================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ================================================================================
20 package org.openecomp.portalapp.portal.controller;
22 import java.util.ArrayList;
23 import java.util.Arrays;
24 import java.util.List;
26 import javax.servlet.http.HttpServletRequest;
27 import javax.servlet.http.HttpServletResponse;
29 import org.apache.cxf.transport.http.HTTPException;
30 import org.openecomp.portalapp.controller.EPRestrictedBaseController;
31 import org.openecomp.portalapp.portal.domain.EPRole;
32 import org.openecomp.portalapp.portal.domain.EPUser;
33 import org.openecomp.portalapp.portal.ecomp.model.PortalRestResponse;
34 import org.openecomp.portalapp.portal.ecomp.model.PortalRestStatusEnum;
35 import org.openecomp.portalapp.portal.logging.aop.EPAuditLog;
36 import org.openecomp.portalapp.portal.service.AdminRolesService;
37 import org.openecomp.portalapp.portal.service.ApplicationsRestClientService;
38 import org.openecomp.portalapp.portal.service.SearchService;
39 import org.openecomp.portalapp.portal.service.UserRolesService;
40 import org.openecomp.portalapp.portal.transport.AppNameIdIsAdmin;
41 import org.openecomp.portalapp.portal.transport.AppWithRolesForUser;
42 import org.openecomp.portalapp.portal.transport.AppsListWithAdminRole;
43 import org.openecomp.portalapp.portal.transport.FieldsValidator;
44 import org.openecomp.portalapp.portal.transport.RoleInAppForUser;
45 import org.openecomp.portalapp.portal.transport.UserApplicationRoles;
46 import org.openecomp.portalapp.portal.utils.EcompPortalUtils;
47 import org.openecomp.portalapp.util.EPUserUtils;
48 import org.openecomp.portalsdk.core.logging.logic.EELFLoggerDelegate;
49 import org.openecomp.portalsdk.core.restful.domain.EcompRole;
50 import org.openecomp.portalsdk.core.service.RoleService;
51 import org.springframework.beans.factory.annotation.Autowired;
52 import org.springframework.context.annotation.EnableAspectJAutoProxy;
53 import org.springframework.web.bind.annotation.PathVariable;
54 import org.springframework.web.bind.annotation.RequestBody;
55 import org.springframework.web.bind.annotation.RequestMapping;
56 import org.springframework.web.bind.annotation.RequestMethod;
57 import org.springframework.web.bind.annotation.RequestParam;
58 import org.springframework.web.bind.annotation.RestController;
61 @org.springframework.context.annotation.Configuration
62 @EnableAspectJAutoProxy
64 public class UserRolesController extends EPRestrictedBaseController {
66 static final String FAILURE = "failure";
69 SearchService searchService;
71 AdminRolesService adminRolesService;
73 UserRolesService userRolesService;
75 ApplicationsRestClientService applicationsRestClientService;
77 RoleService roleService;
79 EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(UserRolesController.class);
82 * RESTful service method to fetch users in the WebPhone external service
84 * @return array of found users as json
86 @RequestMapping(value = { "/portalApi/queryUsers" }, method = RequestMethod.GET, produces = "application/json")
87 public String getPhoneBookSearchResult(HttpServletRequest request, @RequestParam("search") String searchString, HttpServletResponse response) {
88 EPUser user = EPUserUtils.getUserSession(request);
89 String searchResult = null;
90 if (!adminRolesService.isSuperAdmin(user) && !adminRolesService.isAccountAdmin(user)) {
91 EcompPortalUtils.setBadPermissions(user, response, "getPhoneBookSearchResult");
93 searchString = searchString.trim();
94 if (searchString.length() > 0) {
95 //searchResult = searchService.searchUsersInPhoneBook(searchString);
96 searchResult = searchService.searchUsersInFnTable(searchString);
98 logger.info(EELFLoggerDelegate.errorLogger, "getPhoneBookSearchResult - too short search string: " + searchString);
101 EcompPortalUtils.logAndSerializeObject("/portalApi/queryUsers", "result =", searchResult);
107 * RESTful service method to fetch applications where user is admin
109 * @return for GET: array of all applications with boolean isAdmin=true/false for each application
111 @RequestMapping(value = { "/portalApi/adminAppsRoles" }, method = { RequestMethod.GET }, produces = "application/json")
112 public AppsListWithAdminRole getAppsWithAdminRoleStateForUser(HttpServletRequest request, @RequestParam("orgUserId") String orgUserId,
113 HttpServletResponse response) {
115 EPUser user = EPUserUtils.getUserSession(request);
116 AppsListWithAdminRole result = null;
117 if (!adminRolesService.isSuperAdmin(user)) {
118 EcompPortalUtils.setBadPermissions(user, response, "getAppsWithAdminRoleStateForUser");
120 if (EcompPortalUtils.legitimateUserId(orgUserId)) {
121 result = adminRolesService.getAppsWithAdminRoleStateForUser(orgUserId);
123 logger.info(EELFLoggerDelegate.errorLogger, "getAppsWithAdminRoleStateForUser - parms error, no orgUserId");
124 response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
128 StringBuilder adminAppRoles = new StringBuilder();
129 if(result != null && result.appsRoles.size() >= 1) {
130 adminAppRoles.append("User '" + result.orgUserId + "' has admin role to the apps = {");
131 for(AppNameIdIsAdmin adminAppRole : result.appsRoles) {
132 if (adminAppRole.isAdmin) {
133 adminAppRoles.append(adminAppRole.appName + ", ");
136 adminAppRoles.append("}.");
138 adminAppRoles.append("User '" + result.orgUserId + "' has no Apps with Admin Role.");
140 logger.info(EELFLoggerDelegate.errorLogger, adminAppRoles.toString());
142 EcompPortalUtils.logAndSerializeObject("/portalApi/adminAppsRoles", "get result =", result);
147 @RequestMapping(value = { "/portalApi/adminAppsRoles" }, method = { RequestMethod.PUT }, produces = "application/json")
148 public FieldsValidator putAppsWithAdminRoleStateForUser(HttpServletRequest request, @RequestBody AppsListWithAdminRole newAppsListWithAdminRoles,
149 HttpServletResponse response) {
151 //newAppsListWithAdminRoles.appsRoles
152 FieldsValidator fieldsValidator = new FieldsValidator();
153 StringBuilder newAppRoles = new StringBuilder();
154 if(newAppsListWithAdminRoles != null && newAppsListWithAdminRoles.appsRoles.size() >= 1) {
155 newAppRoles.append("User '" + newAppsListWithAdminRoles.orgUserId + "' has admin role to the apps = {");
156 for(AppNameIdIsAdmin adminAppRole : newAppsListWithAdminRoles.appsRoles) {
157 if (adminAppRole.isAdmin) {
158 newAppRoles.append(adminAppRole.appName + ", ");
161 newAppRoles.append("}.");
163 newAppRoles.append("User '" + newAppsListWithAdminRoles.orgUserId + "' has no Apps with Admin Role.");
165 logger.info(EELFLoggerDelegate.errorLogger, newAppRoles.toString());
167 EPUser user = EPUserUtils.getUserSession(request);
168 boolean changesApplied = false;
170 if (!adminRolesService.isSuperAdmin(user)) {
171 EcompPortalUtils.setBadPermissions(user, response, "putAppsWithAdminRoleStateForUser");
173 changesApplied = adminRolesService.setAppsWithAdminRoleStateForUser(newAppsListWithAdminRoles);
175 EcompPortalUtils.logAndSerializeObject("/portalApi/adminAppsRoles", "put result =", changesApplied);
177 return fieldsValidator;
180 @RequestMapping(value = { "/portalApi/userAppRoles" }, method = { RequestMethod.GET }, produces = "application/json")
181 public List<RoleInAppForUser> getAppRolesForUser(HttpServletRequest request, @RequestParam("orgUserId") String orgUserId, @RequestParam("app") Long appid, HttpServletResponse response) {
182 EPUser user = EPUserUtils.getUserSession(request);
183 List<RoleInAppForUser> result = null;
184 String feErrorString = "";
185 if (!adminRolesService.isAccountAdmin(user)) {
186 EcompPortalUtils.setBadPermissions(user, response, "getAppRolesForUser");
187 feErrorString = EcompPortalUtils.getFEErrorString(true, response.getStatus());
189 if (EcompPortalUtils.legitimateUserId(orgUserId)) {
190 result = userRolesService.getAppRolesForUser(appid, orgUserId);
191 int responseCode = EcompPortalUtils.getExternalAppResponseCode();
192 if (responseCode != 0 && responseCode != 200) {
194 response.setStatus(responseCode);
195 feErrorString = EcompPortalUtils.getFEErrorString(false, responseCode);
196 } else if (result == null) {
197 // If the result is null, there was an internal ecomp error in the service call.
198 response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
199 feErrorString = EcompPortalUtils.getFEErrorString(true, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
202 logger.info(EELFLoggerDelegate.errorLogger, "getAppRolesForUser - no userId");
203 response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
204 feErrorString = EcompPortalUtils.getFEErrorString(true, HttpServletResponse.SC_BAD_REQUEST);
208 StringBuilder sbUserApps = new StringBuilder();
209 if (result!=null && result.size()>=1) {
210 sbUserApps.append("User '" + orgUserId + "' has Roles={");
211 for(RoleInAppForUser appRole : result) {
212 if (appRole.isApplied) {
213 sbUserApps.append(appRole.roleName + ", ");
216 sbUserApps.append("} assigned to the appId '" + appid + "'.");
219 result = new ArrayList<RoleInAppForUser>();
221 sbUserApps.append("User '" + orgUserId + "' and appid " + appid + " has no roles");
223 logger.info(EELFLoggerDelegate.errorLogger, sbUserApps.toString());
225 EcompPortalUtils.logAndSerializeObject("/portalApi/userAppRoles", "get result =", result);
226 if (feErrorString != "") {
227 logger.debug(EELFLoggerDelegate.debugLogger, "LR: FEErrorString to header: "+feErrorString);
229 response.addHeader("FEErrorString", feErrorString);
230 response.addHeader("Access-Control-Expose-Headers", "FEErrorString");
235 @RequestMapping(value = { "/portalApi/userAppRoles" }, method = { RequestMethod.PUT }, produces = "application/json")
236 public FieldsValidator putAppWithUserRoleStateForUser(HttpServletRequest request, @RequestBody AppWithRolesForUser newAppRolesForUser,
237 HttpServletResponse response) {
238 FieldsValidator fieldsValidator = new FieldsValidator();
239 StringBuilder sbUserApps = new StringBuilder();
240 if (newAppRolesForUser!=null) {
241 sbUserApps.append("User '" + newAppRolesForUser.orgUserId);
242 if (newAppRolesForUser.appRoles!=null && newAppRolesForUser.appRoles.size()>=1) {
243 sbUserApps.append("' has roles = {");
244 for(RoleInAppForUser appRole : newAppRolesForUser.appRoles) {
245 if (appRole.isApplied) {
246 sbUserApps.append(appRole.roleName + ", ");
249 sbUserApps.append("} assigned for the app '" + newAppRolesForUser.appName + "'.");
251 sbUserApps.append("' has no roles assigned for the app '" + newAppRolesForUser.appName + "'.");
254 logger.info(EELFLoggerDelegate.errorLogger, sbUserApps.toString());
256 EPUser user = EPUserUtils.getUserSession(request);
258 boolean changesApplied = false;
259 if (!adminRolesService.isAccountAdmin(user)) {
260 EcompPortalUtils.setBadPermissions(user, response, "putAppWithUserRoleStateForUser");
262 changesApplied = userRolesService.setAppWithUserRoleStateForUser(user, newAppRolesForUser);
263 if (changesApplied == false) {
264 logger.debug(EELFLoggerDelegate.debugLogger, "putAppWithUserRoleStateForUser - Set new User Roles failure");
268 EcompPortalUtils.logAndSerializeObject("/portalApi/userAppRoles", "put result =", changesApplied);
270 return fieldsValidator;
273 @RequestMapping(value = { "/portalApi/updateRemoteUserProfile" }, method = { RequestMethod.GET }, produces = "application/json")
274 public PortalRestResponse<String> updateRemoteUserProfile(HttpServletRequest request,HttpServletResponse response) {
276 String updateRemoteUserFlag = FAILURE;
278 //saveNewUser = userService.saveNewUser(newUser);
279 String orgUserId = request.getParameter("loginId");
280 Long appId = Long.parseLong(request.getParameter("appId"));
281 userRolesService.updateRemoteUserProfile(orgUserId, appId);
283 } catch (Exception e) {
284 return new PortalRestResponse<String>(PortalRestStatusEnum.OK, updateRemoteUserFlag, e.getMessage());
286 return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, updateRemoteUserFlag, "");
290 @RequestMapping(value = { "/portalApi/app/{appId}/users" }, method = { RequestMethod.GET }, produces = "application/json")
291 public List<UserApplicationRoles> getUsersFromAppEndpoint(HttpServletRequest request, @PathVariable("appId") Long appId) throws HTTPException {
293 List<UserApplicationRoles> appUsers = userRolesService.getUsersFromAppEndpoint(appId);
295 } catch(Exception e) {
296 logger.error(EELFLoggerDelegate.errorLogger, "Exception occurred while performing UserRolesController.getUsersFromAppEndpoint. Details: " + EcompPortalUtils.getStackTrace(e));
297 return new ArrayList<UserApplicationRoles>();
301 @RequestMapping(value = { "/portalApi/app/{appId}/roles" }, method = { RequestMethod.GET }, produces = "application/json")
302 public List<EcompRole> testGetRoles(HttpServletRequest request, @PathVariable("appId") Long appId) throws HTTPException {
303 EcompRole[] appRoles = applicationsRestClientService.get(EcompRole[].class, appId, "/roles");
304 List<EcompRole> rolesList = Arrays.asList(appRoles);
305 EcompPortalUtils.logAndSerializeObject("/portalApi/app/{appId}/roles", "response for appId=" + appId, rolesList);
310 @RequestMapping(value = { "/portalApi/admin/import/app/{appId}/roles" }, method = { RequestMethod.GET }, produces = "application/json")
311 public List<EPRole> importRolesFromRemoteApplication(HttpServletRequest request, @PathVariable("appId") Long appId) throws HTTPException {
312 List<EPRole> rolesList = userRolesService.importRolesFromRemoteApplication(appId);
313 EcompPortalUtils.logAndSerializeObject("/portalApi/admin/import/app/{appId}/roles", "response for appId=" + appId, rolesList);
318 @RequestMapping(value = { "/portalApi/app/{appId}/user/{orgUserId}/roles" }, method = { RequestMethod.GET }, produces = "application/json")
319 public EcompRole testGetRoles(HttpServletRequest request, @PathVariable("appId") Long appId, @PathVariable("orgUserId") String orgUserId) throws Exception {
320 if (!EcompPortalUtils.legitimateUserId(orgUserId)) {
321 String msg = "Error /user/<user>/roles not legitimate orgUserId = " + orgUserId;
322 logger.error(EELFLoggerDelegate.errorLogger, msg);
323 throw new Exception(msg);
325 EcompRole[] roles = applicationsRestClientService.get(EcompRole[].class, appId, String.format("/user/%s/roles", orgUserId));
326 if (roles.length != 1) {
327 String msg = "Error /user/<user>/roles returned array. expected size 1 recieved size = " + roles.length;
328 logger.error(EELFLoggerDelegate.errorLogger, msg);
329 throw new Exception(msg);
332 EcompPortalUtils.logAndSerializeObject("/portalApi/app/{appId}/user/{orgUserId}/roles", "response for appId='" + appId + "' and orgUserId='" + orgUserId + "'", roles[0]);