2 * ============LICENSE_START==========================================
4 * ===================================================================
5 * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
6 * ===================================================================
8 * Unless otherwise specified, all software contained herein is licensed
9 * under the Apache License, Version 2.0 (the "License");
10 * you may not use this software except in compliance with the License.
11 * You may obtain a copy of the License at
13 * http://www.apache.org/licenses/LICENSE-2.0
15 * Unless required by applicable law or agreed to in writing, software
16 * distributed under the License is distributed on an "AS IS" BASIS,
17 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18 * See the License for the specific language governing permissions and
19 * limitations under the License.
21 * Unless otherwise specified, all documentation contained herein is licensed
22 * under the Creative Commons License, Attribution 4.0 Intl. (the "License");
23 * you may not use this documentation except in compliance with the License.
24 * You may obtain a copy of the License at
26 * https://creativecommons.org/licenses/by/4.0/
28 * Unless required by applicable law or agreed to in writing, documentation
29 * distributed under the License is distributed on an "AS IS" BASIS,
30 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
31 * See the License for the specific language governing permissions and
32 * limitations under the License.
34 * ============LICENSE_END============================================
39 package org.onap.portalapp.portal.controller;
41 import java.util.ArrayList;
43 import javax.servlet.http.HttpServletRequest;
44 import javax.servlet.http.HttpServletResponse;
46 import org.onap.portalapp.externalsystemapproval.model.ExternalSystemRoleApproval;
47 import org.onap.portalapp.externalsystemapproval.model.ExternalSystemUser;
48 import org.onap.portalapp.portal.ecomp.model.PortalRestResponse;
49 import org.onap.portalapp.portal.ecomp.model.PortalRestStatusEnum;
50 import org.onap.portalapp.portal.logging.aop.EPAuditLog;
51 import org.onap.portalapp.portal.service.UserRolesService;
52 import org.onap.portalapp.portal.transport.ExternalRequestFieldsValidator;
53 import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
54 import org.springframework.beans.factory.annotation.Autowired;
55 import org.springframework.context.annotation.Configuration;
56 import org.springframework.context.annotation.EnableAspectJAutoProxy;
57 import org.springframework.web.bind.annotation.RequestBody;
58 import org.springframework.web.bind.annotation.RequestMapping;
59 import org.springframework.web.bind.annotation.PostMapping;
60 import org.springframework.web.bind.annotation.PutMapping;
61 import org.springframework.web.bind.annotation.DeleteMapping;
62 import org.springframework.web.bind.annotation.RestController;
64 import io.swagger.annotations.ApiOperation;
67 @RequestMapping("/auxapi")
69 @EnableAspectJAutoProxy
71 public class RolesApprovalSystemController implements BasicAuthenticationController {
73 private EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(RolesApprovalSystemController.class);
76 private UserRolesService userRolesService;
79 * Creates an application user with the specified roles.
83 * @return PortalRestResponse with appropriate status value and message
85 @ApiOperation(value = "Creates an application user with the specified roles.", response = PortalRestResponse.class)
86 @PostMapping(value = { "/userProfile" }, produces = "application/json")
87 public PortalRestResponse<String> postUserProfile(HttpServletRequest request,
88 @RequestBody ExternalSystemUser extSysUser, HttpServletResponse response) {
89 ExternalRequestFieldsValidator reqResult = null;
91 logger.info(EELFLoggerDelegate.debugLogger, "postUserProfile: request received for app {}, user {}",
92 extSysUser.getApplicationName(), extSysUser.getLoginId());
94 validateExtSystemUser(extSysUser, true);
95 reqResult = userRolesService.setExternalRequestUserAppRole(extSysUser, "POST");
96 if (!reqResult.isResult())
97 throw new Exception(reqResult.getDetailMessage());
98 } catch (Exception e) {
99 logger.error(EELFLoggerDelegate.errorLogger, "postUserProfile: failed for app {}, user {}",
100 extSysUser.getApplicationName(), extSysUser.getLoginId(), e);
101 if(reqResult == null || (!reqResult.isResult() && !e.getMessage().contains("404") && !e.getMessage().contains("405"))){
102 response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
103 return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR,
104 e.getMessage(), "save user profile failed");
105 } else if(e.getMessage().contains("404")){
106 response.setStatus(HttpServletResponse.SC_NOT_FOUND);
107 return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR,
108 e.getMessage(), "save user profile failed");
109 } else if(e.getMessage().contains("500")){
110 response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
111 return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR,
112 e.getMessage(), "save user profile failed");
113 } else if (e.getMessage().contains("405")) {
114 response.setStatus(HttpServletResponse.SC_METHOD_NOT_ALLOWED);
115 return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, e.getMessage(),
116 "save user profile failed");
118 response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
119 return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, e.getMessage(),
120 "save user profile failed");
123 return new PortalRestResponse<String>(PortalRestStatusEnum.OK, reqResult.getDetailMessage(), "Success");
127 * Updates an application user to have only the specified roles.
131 * @return PortalRestResponse with appropriate status value and message
133 @ApiOperation(value = "Updates an application user to have only the specified roles.", response = PortalRestResponse.class)
134 @PutMapping(value = { "/userProfile" }, produces = "application/json")
135 public PortalRestResponse<String> putUserProfile(HttpServletRequest request,
136 @RequestBody ExternalSystemUser extSysUser, HttpServletResponse response) {
137 ExternalRequestFieldsValidator reqResult = null;
139 logger.info(EELFLoggerDelegate.debugLogger, "putUserProfile: request received for app {}, user {}",
140 extSysUser.getApplicationName(), extSysUser.getLoginId());
141 validateExtSystemUser(extSysUser, true);
142 reqResult = userRolesService.setExternalRequestUserAppRole(extSysUser, "PUT");
143 if (!reqResult.isResult())
144 throw new Exception(reqResult.getDetailMessage());
145 } catch (Exception e) {
146 logger.error(EELFLoggerDelegate.errorLogger, "putUserProfile: failed for app {}, user {}",
147 extSysUser.getApplicationName(), extSysUser.getLoginId(), e);
148 if(reqResult == null || (!reqResult.isResult() && !e.getMessage().contains("404") && !e.getMessage().contains("405"))){
149 response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
150 return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR,
151 e.getMessage(), "save user profile failed");
152 } else if(e.getMessage().contains("404")){
153 response.setStatus(HttpServletResponse.SC_NOT_FOUND);
154 return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR,
155 e.getMessage(), "save user profile failed");
156 } else if(e.getMessage().contains("500")){
157 response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
158 return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR,
159 e.getMessage(), "save user profile failed");
160 } else if (e.getMessage().contains("405")) {
161 response.setStatus(HttpServletResponse.SC_METHOD_NOT_ALLOWED);
162 return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, e.getMessage(), "save user profile failed");
164 response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
165 return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR,
166 e.getMessage(), "save user profile failed");
169 return new PortalRestResponse<String>(PortalRestStatusEnum.OK, reqResult.getDetailMessage() , "Success");
173 * Deletes an application user by removing all assigned roles.
177 * This object must have zero roles.
178 * @return PortalRestResponse with appropriate status value and message
180 @ApiOperation(value = "Processes a request to delete one or more application roles for one specified user who has roles.", response = PortalRestResponse.class)
181 @DeleteMapping(value = { "/userProfile" }, produces = "application/json")
182 public PortalRestResponse<String> deleteUserProfile(HttpServletRequest request,
183 @RequestBody ExternalSystemUser extSysUser, HttpServletResponse response) {
184 ExternalRequestFieldsValidator reqResult = null;
186 logger.info(EELFLoggerDelegate.debugLogger, "deleteUserProfile: request received for app {}, user {}",
187 extSysUser.getApplicationName(), extSysUser.getLoginId());
188 validateExtSystemUser(extSysUser, false);
189 // Ignore any roles that might be mistakenly present in the request
190 extSysUser.setRoles(new ArrayList<ExternalSystemRoleApproval>());
191 reqResult = userRolesService.setExternalRequestUserAppRole(extSysUser, "DELETE");
192 if (!reqResult.isResult())
193 throw new Exception(reqResult.getDetailMessage());
194 } catch (Exception e) {
195 logger.error(EELFLoggerDelegate.errorLogger, "deleteUserProfile: failed for app {}, user {}",
196 extSysUser.getApplicationName(), extSysUser.getLoginId(), e);
197 if(reqResult == null || (!reqResult.isResult() && !e.getMessage().contains("404"))){
198 response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
199 return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR,
200 e.getMessage(), "delete user profile failed");
201 }else if(e.getMessage().contains("404")){
202 response.setStatus(HttpServletResponse.SC_NOT_FOUND);
203 return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR,
204 e.getMessage(), "delete user profile failed");
206 response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
207 return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR,
208 e.getMessage(), "delete user profile failed");
211 return new PortalRestResponse<String>(PortalRestStatusEnum.OK, "Deleted Successfully", "Success");
215 * Checks for presence of required fields.
218 * @param rolesRequired
219 * If true, checks whether roles are present
221 * If any field is missing.
223 private void validateExtSystemUser(ExternalSystemUser extSysUser, boolean rolesRequired) throws Exception {
224 if (extSysUser.getLoginId() == null || extSysUser.getLoginId().equals(""))
225 throw new Exception("Request has no login ID");
226 if (extSysUser.getApplicationName() == null || extSysUser.getApplicationName().equals(""))
227 throw new Exception("Request has no application name");
228 if (extSysUser.getMyloginrequestId() == null)
229 throw new Exception("Request has no request ID");
230 if (rolesRequired && (extSysUser.getRoles() == null || extSysUser.getRoles().size() == 0))
231 throw new Exception("Request has no roles");