2 * ============LICENSE_START==========================================
4 * ===================================================================
5 * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved.
6 * ===================================================================
8 * Unless otherwise specified, all software contained herein is licensed
9 * under the Apache License, Version 2.0 (the "License");
10 * you may not use this software except in compliance with the License.
11 * You may obtain a copy of the License at
13 * http://www.apache.org/licenses/LICENSE-2.0
15 * Unless required by applicable law or agreed to in writing, software
16 * distributed under the License is distributed on an "AS IS" BASIS,
17 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18 * See the License for the specific language governing permissions and
19 * limitations under the License.
21 * Unless otherwise specified, all documentation contained herein is licensed
22 * under the Creative Commons License, Attribution 4.0 Intl. (the "License");
23 * you may not use this documentation except in compliance with the License.
24 * You may obtain a copy of the License at
26 * https://creativecommons.org/licenses/by/4.0/
28 * Unless required by applicable law or agreed to in writing, documentation
29 * distributed under the License is distributed on an "AS IS" BASIS,
30 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
31 * See the License for the specific language governing permissions and
32 * limitations under the License.
34 * ============LICENSE_END============================================
38 package org.onap.portalapp.portal.service;
40 import java.io.IOException;
41 import java.util.ArrayList;
42 import java.util.HashMap;
43 import java.util.HashSet;
44 import java.util.Iterator;
45 import java.util.List;
48 import java.util.SortedSet;
49 import java.util.TreeSet;
50 import java.util.stream.Collectors;
52 import org.apache.commons.codec.DecoderException;
53 import org.hibernate.Query;
54 import org.hibernate.Session;
55 import org.hibernate.SessionFactory;
56 import org.hibernate.Transaction;
57 import org.hibernate.criterion.Criterion;
58 import org.hibernate.criterion.Restrictions;
59 import org.json.JSONArray;
60 import org.json.JSONObject;
61 import org.onap.portalapp.portal.domain.CentralV2RoleFunction;
62 import org.onap.portalapp.portal.domain.CentralizedApp;
63 import org.onap.portalapp.portal.domain.EPApp;
64 import org.onap.portalapp.portal.domain.EPAppRoleFunction;
65 import org.onap.portalapp.portal.domain.EPRole;
66 import org.onap.portalapp.portal.domain.EPUser;
67 import org.onap.portalapp.portal.domain.EPUserApp;
68 import org.onap.portalapp.portal.domain.ExternalRoleDetails;
69 import org.onap.portalapp.portal.ecomp.model.UploadRoleFunctionExtSystem;
70 import org.onap.portalapp.portal.exceptions.DeleteDomainObjectFailedException;
71 import org.onap.portalapp.portal.exceptions.ExternalAuthSystemException;
72 import org.onap.portalapp.portal.exceptions.InactiveApplicationException;
73 import org.onap.portalapp.portal.exceptions.InvalidApplicationException;
74 import org.onap.portalapp.portal.exceptions.InvalidUserException;
75 import org.onap.portalapp.portal.exceptions.RoleFunctionException;
76 import org.onap.portalapp.portal.logging.aop.EPAuditLog;
77 import org.onap.portalapp.portal.logging.aop.EPMetricsLog;
78 import org.onap.portalapp.portal.logging.logic.EPLogUtil;
79 import org.onap.portalapp.portal.transport.*;
80 import org.onap.portalapp.portal.utils.EPCommonSystemProperties;
81 import org.onap.portalapp.portal.utils.EcompPortalUtils;
82 import org.onap.portalapp.portal.utils.PortalConstants;
83 import org.onap.portalapp.util.EPUserUtils;
84 import org.onap.portalsdk.core.domain.Role;
85 import org.onap.portalsdk.core.domain.RoleFunction;
86 import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
87 import org.onap.portalsdk.core.restful.domain.EcompRole;
88 import org.onap.portalsdk.core.restful.domain.EcompRoleFunction;
89 import org.onap.portalsdk.core.restful.domain.EcompUser;
90 import org.onap.portalsdk.core.service.DataAccessService;
91 import org.onap.portalsdk.core.util.SystemProperties;
92 import org.springframework.beans.factory.annotation.Autowired;
93 import org.springframework.context.annotation.EnableAspectJAutoProxy;
94 import org.springframework.http.HttpEntity;
95 import org.springframework.http.HttpHeaders;
96 import org.springframework.http.HttpMethod;
97 import org.springframework.http.HttpStatus;
98 import org.springframework.http.ResponseEntity;
99 import org.springframework.stereotype.Service;
100 import org.springframework.transaction.annotation.Transactional;
101 import org.springframework.web.client.HttpClientErrorException;
102 import org.springframework.web.client.RestTemplate;
104 import com.fasterxml.jackson.core.JsonProcessingException;
105 import com.fasterxml.jackson.databind.DeserializationFeature;
106 import com.fasterxml.jackson.databind.ObjectMapper;
107 import com.fasterxml.jackson.databind.type.TypeFactory;
109 @Service("externalAccessRolesService")
110 @EnableAspectJAutoProxy
113 public class ExternalAccessRolesServiceImpl implements ExternalAccessRolesService {
114 private static final String APP_ROLE_NAME_PARAM = "appRoleName";
115 private static final String GET_ROLE_TO_UPDATE_IN_EXTERNAL_AUTH_SYSTEM = "getRoletoUpdateInExternalAuthSystem";
116 private static final String GET_PORTAL_APP_ROLES_QUERY = "getPortalAppRoles";
117 private static final String GET_ROLE_FUNCTION_QUERY = "getRoleFunction";
118 private static final String FUNCTION_CODE_PARAMS = "functionCode";
119 private static final String AND_FUNCTION_CD_EQUALS = " and function_cd = '";
120 private static final String OWNER = ".owner";
121 private static final String ADMIN = ".admin";
122 private static final String ACCOUNT_ADMINISTRATOR = ".Account_Administrator";
123 private static final String FUNCTION_PIPE = "|";
124 private static final String EXTERNAL_AUTH_PERMS = "perms";
125 private static final String EXTERNAL_AUTH_ROLE_DESCRIPTION = "description";
126 private static final String IS_EMPTY_JSON_STRING = "{}";
127 private static final String CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE = "Connecting to External Auth system";
128 private static final String APP_ID = "appId";
129 private static final String ROLE_NAME = "name";
130 private static final String APP_ID_EQUALS = " app_id = ";
131 private static EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(ExternalAccessRolesServiceImpl.class);
133 private DataAccessService dataAccessService;
135 private EPAppService epAppService;
137 private SessionFactory sessionFactory;
139 EPRoleService ePRoleService;
140 RestTemplate template = new RestTemplate();
141 // These decode values are based on HexDecoder
142 static final String decodeValueOfForwardSlash = "2f";
143 static final String decodeValueOfHiphen = "2d";
144 static final String decodeValueOfStar = "2a";
146 @SuppressWarnings("unchecked")
148 public List<EPRole> getAppRoles(Long appId) throws Exception {
149 List<EPRole> applicationRoles = null;
150 final Map<String, Long> appParams = new HashMap<>();
153 applicationRoles = dataAccessService.executeNamedQuery("getPortalAppRolesList", null, null);
155 appParams.put("appId", appId);
156 applicationRoles = dataAccessService.executeNamedQuery("getPartnerAppRolesList", appParams, null);
158 } catch (Exception e) {
159 logger.error(EELFLoggerDelegate.errorLogger, "getAppRoles: failed", e);
162 return applicationRoles;
165 @SuppressWarnings("unchecked")
167 public List<EPApp> getApp(String uebkey) throws Exception {
168 List<EPApp> app = null;
170 final Map<String, String> appUebkeyParams = new HashMap<>();
171 appUebkeyParams.put("appKey", uebkey);
172 app = dataAccessService.executeNamedQuery("getMyAppDetailsByUebKey", appUebkeyParams, null);
173 if (!app.isEmpty() && !app.get(0).getEnabled()
174 && !app.get(0).getId().equals(PortalConstants.PORTAL_APP_ID)) {
175 throw new InactiveApplicationException("Application:" + app.get(0).getName() + " is Unavailable");
177 } catch (Exception e) {
178 logger.error(EELFLoggerDelegate.errorLogger, "getApp: failed", e);
185 * It returns single application role from external auth system
189 * @return JSON string which contains application role details
192 private String getSingleAppRole(String addRole, EPApp app) throws Exception {
193 HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth();
194 HttpEntity<String> entity = new HttpEntity<>(headers);
195 ResponseEntity<String> response = null;
196 logger.debug(EELFLoggerDelegate.debugLogger, "getSingleAppRole: Connecting to External Auth system");
197 response = template.exchange(
198 SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "roles/"
199 + app.getNameSpace() + "." + addRole
200 .replaceAll(EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_"),
201 HttpMethod.GET, entity, String.class);
202 logger.debug(EELFLoggerDelegate.debugLogger,
203 "getSingleAppRole: Finished GET app role from External Auth system and status code: {} ",
204 response.getStatusCode().value());
205 return response.getBody();
209 public boolean addRole(Role addRole, String uebkey) throws Exception {
210 boolean response = false;
211 ResponseEntity<String> addResponse = null;
212 HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth();
213 EPApp app = getApp(uebkey).get(0);
214 String newRole = updateExistingRoleInExternalSystem(addRole, app);
215 HttpEntity<String> entity = new HttpEntity<>(newRole, headers);
216 logger.debug(EELFLoggerDelegate.debugLogger, "addRole: Connecting to External Auth system");
217 addResponse = template.exchange(
218 SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "role",
219 HttpMethod.POST, entity, String.class);
220 if (addResponse.getStatusCode().value() == 201) {
222 logger.debug(EELFLoggerDelegate.debugLogger,
223 "addRole: Finished adding role in the External Auth system and response code: {} ",
224 addResponse.getStatusCode().value());
226 if (addResponse.getStatusCode().value() == 406) {
227 logger.error(EELFLoggerDelegate.errorLogger,
228 "addRole: Failed to add in the External Auth system due to {} and status code: {}",
229 addResponse.getBody(), addResponse.getStatusCode().value());
236 * It deletes record in external auth system
239 * @return JSON String which has status code and response body
242 private ResponseEntity<String> deleteRoleInExternalSystem(String delRole) throws Exception {
243 ResponseEntity<String> delResponse = null;
244 HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth();
245 HttpEntity<String> entity = new HttpEntity<>(delRole, headers);
246 logger.debug(EELFLoggerDelegate.debugLogger, "deleteRoleInExternalSystem: {} for DELETE: {}",
247 CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE, delRole);
248 delResponse = template.exchange(
249 SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "role?force=true",
250 HttpMethod.DELETE, entity, String.class);
251 logger.debug(EELFLoggerDelegate.debugLogger,
252 "deleteRoleInExternalSystem: Finished DELETE operation in the External Auth system {} and status code: {} ",
253 delRole, delResponse.getStatusCode().value());
258 * It updates role in external auth system
260 * @param updateExtRole
262 * @return true if success else false
263 * @throws Exception If updateRoleInExternalSystem fails we catch it in logger
266 private boolean updateRoleInExternalSystem(Role updateExtRole, EPApp app, boolean isGlobalRole) throws Exception {
267 boolean response = false;
268 ObjectMapper mapper = new ObjectMapper();
269 ResponseEntity<String> deleteResponse = null;
270 List<EPRole> epRoleList = null;
271 if (app.getId().equals(PortalConstants.PORTAL_APP_ID)
272 || (isGlobalRole && !app.getId().equals(PortalConstants.PORTAL_APP_ID))) {
273 epRoleList = getPortalAppRoleInfo(updateExtRole.getId());
275 epRoleList = getPartnerAppRoleInfo(updateExtRole.getId(), app);
277 // Assigning functions to global role
278 if ((isGlobalRole && !app.getId().equals(PortalConstants.PORTAL_APP_ID))) {
279 List<RoleFunction> globalRoleFunctionListNew = convertSetToListOfRoleFunctions(updateExtRole);
280 EPApp portalAppInfo = epAppService.getApp(PortalConstants.PORTAL_APP_ID);
281 addFunctionsTOGlobalRole(epRoleList, updateExtRole, globalRoleFunctionListNew, mapper, app, portalAppInfo);
284 String appRole = getSingleAppRole(epRoleList.get(0).getName(), app);
285 List<RoleFunction> roleFunctionListNew = convertSetToListOfRoleFunctions(updateExtRole);
286 if (!appRole.equals(IS_EMPTY_JSON_STRING)) {
287 JSONObject jsonObj = new JSONObject(appRole);
288 JSONArray extRole = jsonObj.getJSONArray("role");
289 if (!extRole.getJSONObject(0).has(EXTERNAL_AUTH_ROLE_DESCRIPTION)) {
290 String roleName = extRole.getJSONObject(0).getString(ROLE_NAME);
291 Map<String, String> delRoleKeyMapper = new HashMap<>();
292 delRoleKeyMapper.put(ROLE_NAME, roleName);
293 String delRoleKeyValue = mapper.writeValueAsString(delRoleKeyMapper);
294 deleteResponse = deleteRoleInExternalSystem(delRoleKeyValue);
295 if (deleteResponse.getStatusCode().value() != 200) {
296 throw new ExternalAuthSystemException(deleteResponse.getBody());
298 addRole(updateExtRole, app.getUebKey());
300 String desc = extRole.getJSONObject(0).getString(EXTERNAL_AUTH_ROLE_DESCRIPTION);
301 String name = extRole.getJSONObject(0).getString(ROLE_NAME);
302 List<ExternalAccessPerms> list = new ArrayList<>();
303 if (extRole.getJSONObject(0).has(EXTERNAL_AUTH_PERMS)) {
304 JSONArray perms = extRole.getJSONObject(0).getJSONArray(EXTERNAL_AUTH_PERMS);
305 list = mapper.readValue(perms.toString(), TypeFactory.defaultInstance()
306 .constructCollectionType(List.class, ExternalAccessPerms.class));
308 // If role name or role functions are updated then delete
309 // record in External System and add new record to avoid
311 boolean isRoleNameChanged = false;
312 if (!desc.equals(updateExtRole.getName())) {
313 isRoleNameChanged = true;
314 deleteRoleInExtSystem(mapper, name);
315 addRole(updateExtRole, app.getUebKey());
316 // add partner functions to the global role in External
318 if (!list.isEmpty() && isGlobalRole) {
319 addPartnerHasRoleFunctionsToGlobalRole(list, mapper, app, updateExtRole);
322 perm -> EcompPortalUtils.checkNameSpaceMatching(perm.getType(), app.getNameSpace()));
323 // if role name is changes please ignore the previous
324 // functions in External Auth
325 // and update with user requested functions
326 addRemoveFunctionsToRole(updateExtRole, app, mapper, roleFunctionListNew, name, list);
328 // Delete role in External System if role is inactive
329 if (!updateExtRole.getActive()) {
330 deleteRoleInExtSystem(mapper, name);
332 if (!isRoleNameChanged) {
333 response = addRemoveFunctionsToRole(updateExtRole, app, mapper, roleFunctionListNew, name,
338 // It seems like role exists in local DB but not in External
340 if (updateExtRole.getActive()) {
341 addRole(updateExtRole, app.getUebKey());
342 ExternalAccessRolePerms extAddRolePerms = null;
343 ExternalAccessPerms extAddPerms = null;
344 List<RoleFunction> roleFunctionListAdd = convertSetToListOfRoleFunctions(updateExtRole);
345 HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth();
346 for (RoleFunction roleFunc : roleFunctionListAdd) {
347 extAddPerms = new ExternalAccessPerms(app.getNameSpace() + "." + roleFunc.getType(),
348 roleFunc.getCode(), roleFunc.getAction());
349 extAddRolePerms = new ExternalAccessRolePerms(extAddPerms,
350 app.getNameSpace() + "." + updateExtRole.getName().replaceAll(
351 EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_"));
352 response = addRoleFuncExtSysRestAPI(mapper, extAddRolePerms, headers);
360 private void deleteRoleInExtSystem(ObjectMapper mapper, String name)
361 throws JsonProcessingException, Exception, ExternalAuthSystemException {
362 ResponseEntity<String> deleteResponse;
363 Map<String, String> delRoleKeyMapper = new HashMap<>();
364 delRoleKeyMapper.put(ROLE_NAME, name);
365 String delRoleKeyValue = mapper.writeValueAsString(delRoleKeyMapper);
366 deleteResponse = deleteRoleInExternalSystem(delRoleKeyValue);
367 if (deleteResponse.getStatusCode().value() != 200) {
368 logger.error(EELFLoggerDelegate.errorLogger,
369 "updateRoleInExternalSystem: Failed to delete role in external system due to {} ",
370 deleteResponse.getBody());
371 throw new ExternalAuthSystemException(deleteResponse.getBody());
375 private boolean addRemoveFunctionsToRole(Role updateExtRole, EPApp app, ObjectMapper mapper,
376 List<RoleFunction> roleFunctionListNew, String name, List<ExternalAccessPerms> list) throws Exception {
378 Map<String, RoleFunction> updateRoleFunc = new HashMap<>();
379 for (RoleFunction addPerm : roleFunctionListNew) {
380 updateRoleFunc.put(addPerm.getCode(), addPerm);
382 final Map<String, ExternalAccessPerms> extRolePermMap = new HashMap<>();
383 final Map<String, ExternalAccessPerms> extRolePermMapPipes = new HashMap<>();
384 list.removeIf(perm -> !EcompPortalUtils.checkNameSpaceMatching(perm.getType(), app.getNameSpace()));
385 // Update permissions in the ExternalAccess System
386 HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth();
387 if (!list.isEmpty()) {
388 for (ExternalAccessPerms perm : list) {
389 RoleFunction roleFunc = updateRoleFunc.get(perm.getType().substring(app.getNameSpace().length() + 1)
390 + FUNCTION_PIPE + perm.getInstance() + FUNCTION_PIPE + perm.getAction());
391 if (roleFunc == null) {
392 RoleFunction roleFuncPipeFilter = updateRoleFunc.get(perm.getInstance());
393 if (roleFuncPipeFilter == null)
394 removePermForRole(perm, mapper, name, headers);
396 extRolePermMap.put(perm.getInstance(), perm);
397 extRolePermMapPipes.put(perm.getType().substring(app.getNameSpace().length() + 1) + FUNCTION_PIPE
398 + perm.getInstance() + FUNCTION_PIPE + perm.getAction(), perm);
402 if (!roleFunctionListNew.isEmpty()) {
403 for (RoleFunction roleFunc : roleFunctionListNew) {
404 if (roleFunc.getCode().contains(FUNCTION_PIPE)) {
405 ExternalAccessPerms perm = extRolePermMapPipes.get(roleFunc.getCode());
407 response = addFunctionsToRoleInExternalAuthSystem(updateExtRole, app, mapper, headers,
411 if (!extRolePermMap.containsKey(EcompPortalUtils.getFunctionCode(roleFunc.getCode()))) {
412 response = addFunctionsToRoleInExternalAuthSystem(updateExtRole, app, mapper, headers,
422 * Adds function to the role in the external auth system while editing a role or
423 * updating new functions to a role
426 private boolean addFunctionsToRoleInExternalAuthSystem(Role updateExtRole, EPApp app, ObjectMapper mapper,
427 HttpHeaders headers, RoleFunction roleFunc) throws JsonProcessingException {
429 ExternalAccessRolePerms extRolePerms;
430 ExternalAccessPerms extPerms;
434 if (roleFunc.getCode().contains(FUNCTION_PIPE)) {
435 code = EcompPortalUtils.getFunctionCode(roleFunc.getCode());
436 type = EcompPortalUtils.getFunctionType(roleFunc.getCode());
437 action = getFunctionCodeAction(roleFunc.getCode());
439 code = roleFunc.getCode();
440 type = roleFunc.getCode().contains("menu") ? "menu" : "url";
443 extPerms = new ExternalAccessPerms(app.getNameSpace() + "." + type, code, action);
444 extRolePerms = new ExternalAccessRolePerms(extPerms, app.getNameSpace() + "." + updateExtRole.getName()
445 .replaceAll(EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_"));
446 String updateRolePerms = mapper.writeValueAsString(extRolePerms);
447 HttpEntity<String> entity = new HttpEntity<>(updateRolePerms, headers);
448 logger.debug(EELFLoggerDelegate.debugLogger, "updateRoleInExternalSystem: {} for POST: {}",
449 CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE, updateRolePerms);
450 ResponseEntity<String> addResponse = template.exchange(
451 SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "role/perm",
452 HttpMethod.POST, entity, String.class);
453 if (addResponse.getStatusCode().value() != 201 && addResponse.getStatusCode().value() != 409) {
455 logger.debug(EELFLoggerDelegate.debugLogger,
456 "updateRoleInExternalSystem: Connected to External Auth system but something went wrong! due to {} and statuscode: {}",
457 addResponse.getStatusCode().getReasonPhrase(), addResponse.getStatusCode().value());
460 logger.debug(EELFLoggerDelegate.debugLogger,
461 "updateRoleInExternalSystem: Finished adding permissions to roles in External Auth system {} and status code: {} ",
462 updateRolePerms, addResponse.getStatusCode().value());
467 private void addPartnerHasRoleFunctionsToGlobalRole(List<ExternalAccessPerms> permslist, ObjectMapper mapper,
468 EPApp app, Role updateExtRole) throws Exception {
469 for (ExternalAccessPerms perm : permslist) {
470 if (!EcompPortalUtils.checkNameSpaceMatching(perm.getType(), app.getNameSpace())) {
471 ExternalAccessRolePerms extAddGlobalRolePerms = null;
472 ExternalAccessPerms extAddPerms = null;
473 extAddPerms = new ExternalAccessPerms(perm.getType(), perm.getInstance(), perm.getAction());
474 extAddGlobalRolePerms = new ExternalAccessRolePerms(extAddPerms,
475 app.getNameSpace() + "." + updateExtRole.getName().replaceAll(
476 EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_"));
477 String addPerms = mapper.writeValueAsString(extAddGlobalRolePerms);
478 HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth();
479 HttpEntity<String> entity = new HttpEntity<>(addPerms, headers);
480 logger.debug(EELFLoggerDelegate.debugLogger, "addPartnerHasRoleFunctionsToGlobalRole: {} ",
481 CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE);
483 ResponseEntity<String> addResponse = template
484 .exchange(SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL)
485 + "role/perm", HttpMethod.POST, entity, String.class);
486 if (addResponse.getStatusCode().value() != 201) {
487 logger.debug(EELFLoggerDelegate.debugLogger,
488 "addPartnerHasRoleFunctionsToGlobalRole: While adding permission to the role in External Auth system something went wrong! due to {} and statuscode: {}",
489 addResponse.getStatusCode().getReasonPhrase(), addResponse.getStatusCode().value());
491 logger.debug(EELFLoggerDelegate.debugLogger,
492 "addPartnerHasRoleFunctionsToGlobalRole: Finished adding permissions to roles in External Auth system and status code: {} ",
493 addResponse.getStatusCode().value());
495 } catch (Exception e) {
496 logger.error(EELFLoggerDelegate.errorLogger,
497 "addPartnerHasRoleFunctionsToGlobalRole: Failed for POST request: {} due to ", addPerms, e);
503 @SuppressWarnings("unchecked")
504 private void addFunctionsTOGlobalRole(List<EPRole> epRoleList, Role updateExtRole,
505 List<RoleFunction> roleFunctionListNew, ObjectMapper mapper, EPApp app, EPApp portalAppInfo)
508 logger.debug(EELFLoggerDelegate.debugLogger, "Entering into addFunctionsTOGlobalRole");
509 // GET Permissions from External Auth System
510 JSONArray extPerms = getExtAuthPermissions(app);
511 List<ExternalAccessPermsDetail> permsDetailList = getExtAuthPerrmissonList(app, extPerms);
512 final Map<String, ExternalAccessPermsDetail> existingPermsWithRoles = new HashMap<>();
513 final Map<String, ExternalAccessPermsDetail> existingPermsWithRolesWithPipes = new HashMap<>();
514 final Map<String, RoleFunction> userRquestedFunctionsMap = new HashMap<>();
515 final Map<String, RoleFunction> userRquestedFunctionsMapPipesFilter = new HashMap<>();
516 for (ExternalAccessPermsDetail permDetail : permsDetailList) {
517 existingPermsWithRoles.put(EcompPortalUtils.getFunctionCode(permDetail.getInstance()), permDetail);
518 existingPermsWithRolesWithPipes.put(permDetail.getInstance(), permDetail);
520 // Add If function does not exists for role in External Auth System
521 for (RoleFunction roleFunc : roleFunctionListNew) {
522 String roleFuncCode = "";
523 ExternalAccessPermsDetail permsDetail;
524 if (roleFunc.getCode().contains(FUNCTION_PIPE)) {
525 roleFuncCode = roleFunc.getCode();
526 permsDetail = existingPermsWithRolesWithPipes.get(roleFunc.getCode());
528 roleFuncCode = EcompPortalUtils.getFunctionCode(roleFunc.getCode());
529 permsDetail = existingPermsWithRoles.get(roleFuncCode);
531 if (null == permsDetail.getRoles()
532 || !permsDetail.getRoles()
533 .contains(portalAppInfo.getNameSpace() + FUNCTION_PIPE
534 + epRoleList.get(0).getName().replaceAll(
535 EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS,
537 addRoleFunctionsToGlobalRoleInExternalSystem(roleFunc, updateExtRole, mapper, app, portalAppInfo);
539 userRquestedFunctionsMap.put(roleFuncCode, roleFunc);
540 userRquestedFunctionsMapPipesFilter.put(EcompPortalUtils.getFunctionCode(roleFuncCode), roleFunc);
542 // Delete functions if exists in External Auth System but not in
545 final Map<String, Long> epAppRoleFuncParams = new HashMap<>();
546 epAppRoleFuncParams.put("requestedAppId", app.getId());
547 epAppRoleFuncParams.put("roleId", updateExtRole.getId());
548 List<GlobalRoleWithApplicationRoleFunction> globalRoleFunctionList = dataAccessService
549 .executeNamedQuery("getGlobalRoleForRequestedApp", epAppRoleFuncParams, null);
550 for (GlobalRoleWithApplicationRoleFunction globalRoleFunc : globalRoleFunctionList) {
551 String globalRoleFuncWithoutPipes = "";
552 RoleFunction roleFunc = null;
553 if (globalRoleFunc.getFunctionCd().contains(FUNCTION_PIPE)) {
554 globalRoleFuncWithoutPipes = globalRoleFunc.getFunctionCd();
555 roleFunc = userRquestedFunctionsMap.get(globalRoleFuncWithoutPipes);
557 globalRoleFuncWithoutPipes = EcompPortalUtils.getFunctionCode(globalRoleFunc.getFunctionCd());
558 roleFunc = userRquestedFunctionsMapPipesFilter.get(globalRoleFuncWithoutPipes);
560 if (roleFunc == null) {
561 ExternalAccessPermsDetail permDetailFromMap = globalRoleFunc.getFunctionCd().contains(FUNCTION_PIPE)
562 ? existingPermsWithRolesWithPipes.get(globalRoleFuncWithoutPipes)
563 : existingPermsWithRoles.get(globalRoleFuncWithoutPipes);
564 ExternalAccessPerms perm = new ExternalAccessPerms(permDetailFromMap.getType(),
565 EcompPortalUtils.getFunctionCode(permDetailFromMap.getInstance()),
566 permDetailFromMap.getAction());
567 String roleName = portalAppInfo.getNameSpace() + "." + globalRoleFunc.getRoleName()
568 .replaceAll(EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_");
569 HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth();
570 removePermForRole(perm, mapper, roleName, headers);
573 logger.debug(EELFLoggerDelegate.debugLogger, "Finished addFunctionsTOGlobalRole");
574 } catch (Exception e) {
575 logger.error(EELFLoggerDelegate.errorLogger, "addFunctionsTOGlobalRole: Failed", e);
580 private void addRoleFunctionsToGlobalRoleInExternalSystem(RoleFunction addFunction, Role globalRole,
581 ObjectMapper mapper, EPApp app, EPApp portalAppInfo) throws Exception {
583 logger.debug(EELFLoggerDelegate.debugLogger, "Entering into addRoleFunctionsToGlobalRoleInExternalSystem");
584 ExternalAccessRolePerms extAddRolePerms = null;
585 ExternalAccessPerms extAddPerms = null;
586 HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth();
590 if (addFunction.getCode().contains(FUNCTION_PIPE)) {
591 code = EcompPortalUtils.getFunctionCode(addFunction.getCode());
592 type = getFunctionCodeType(addFunction.getCode());
593 action = getFunctionCodeAction(addFunction.getCode());
595 code = addFunction.getCode();
596 type = addFunction.getCode().contains("menu") ? "menu" : "url";
599 extAddPerms = new ExternalAccessPerms(app.getNameSpace() + "." + type, code, action);
600 extAddRolePerms = new ExternalAccessRolePerms(extAddPerms, portalAppInfo.getNameSpace() + "." + globalRole
601 .getName().replaceAll(EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_"));
602 String updateRolePerms = mapper.writeValueAsString(extAddRolePerms);
603 HttpEntity<String> entity = new HttpEntity<>(updateRolePerms, headers);
604 logger.debug(EELFLoggerDelegate.debugLogger, "addRoleFunctionsInExternalSystem: {} ",
605 CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE);
606 ResponseEntity<String> addResponse = template.exchange(
607 SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "role/perm",
608 HttpMethod.POST, entity, String.class);
609 if (addResponse.getStatusCode().value() != 201) {
610 logger.debug(EELFLoggerDelegate.debugLogger,
611 "addRoleFunctionsInExternalSystem: While adding permission to the role in External Auth system something went wrong! due to {} and statuscode: {}",
612 addResponse.getStatusCode().getReasonPhrase(), addResponse.getStatusCode().value());
614 logger.debug(EELFLoggerDelegate.debugLogger,
615 "addRoleFunctionsInExternalSystem: Finished adding permissions to roles in External Auth system and status code: {} ",
616 addResponse.getStatusCode().value());
618 logger.debug(EELFLoggerDelegate.debugLogger, "Finished addRoleFunctionsToGlobalRoleInExternalSystem");
619 } catch (Exception e) {
620 logger.error(EELFLoggerDelegate.errorLogger, "addRoleFunctionsToGlobalRoleInExternalSystem: Failed", e);
625 private boolean addRoleFuncExtSysRestAPI(ObjectMapper addPermsMapper, ExternalAccessRolePerms extAddRolePerms,
626 HttpHeaders headers) throws JsonProcessingException {
628 String updateRolePerms = addPermsMapper.writeValueAsString(extAddRolePerms);
629 HttpEntity<String> entity = new HttpEntity<>(updateRolePerms, headers);
630 logger.debug(EELFLoggerDelegate.debugLogger, "addRoleFunctionsInExternalSystem: {} for POST: {} ",
631 CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE, updateRolePerms);
632 ResponseEntity<String> addResponse = template.exchange(
633 SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "role/perm",
634 HttpMethod.POST, entity, String.class);
635 if (addResponse.getStatusCode().value() != 201 && addResponse.getStatusCode().value() != 409) {
637 logger.debug(EELFLoggerDelegate.debugLogger,
638 "addRoleFunctionsInExternalSystem: While adding permission to the role in External Auth system something went wrong! due to {} and statuscode: {}",
639 addResponse.getStatusCode().getReasonPhrase(), addResponse.getStatusCode().value());
642 logger.debug(EELFLoggerDelegate.debugLogger,
643 "addRoleFunctionsInExternalSystem: Finished adding permissions to roles in External Auth system {} and status code: {} ",
644 updateRolePerms, addResponse.getStatusCode().value());
651 * It converts list of functions in updateExtRole parameter to the RoleFunction
654 * @param updateExtRole
655 * @return list of functions
657 @SuppressWarnings("unchecked")
658 private List<RoleFunction> convertSetToListOfRoleFunctions(Role updateExtRole) {
659 Set<RoleFunction> roleFunctionSetList = updateExtRole.getRoleFunctions();
660 List<RoleFunction> roleFunctionList = new ArrayList<>();
661 ObjectMapper roleFuncMapper = new ObjectMapper();
662 Iterator<RoleFunction> itetaror = roleFunctionSetList.iterator();
663 while (itetaror.hasNext()) {
664 Object nextValue = itetaror.next();
665 RoleFunction roleFunction = roleFuncMapper.convertValue(nextValue, RoleFunction.class);
666 roleFunctionList.add(roleFunction);
668 return roleFunctionList.stream().distinct().collect(Collectors.toList());
672 * It delete permissions/functions in the external auth system
678 * @throws JsonProcessingException
681 private void removePermForRole(ExternalAccessPerms perm, ObjectMapper permMapper, String name, HttpHeaders headers)
682 throws ExternalAuthSystemException, JsonProcessingException {
683 ExternalAccessRolePerms extAccessRolePerms = new ExternalAccessRolePerms(perm, name);
684 String permDetails = permMapper.writeValueAsString(extAccessRolePerms);
686 HttpEntity<String> deleteEntity = new HttpEntity<>(permDetails, headers);
687 logger.debug(EELFLoggerDelegate.debugLogger, "removePermForRole: {} for DELETE: {} ",
688 CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE, permDetails);
689 ResponseEntity<String> deletePermResponse = template
690 .exchange(SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL)
691 + "role/" + name + "/perm", HttpMethod.DELETE, deleteEntity, String.class);
692 if (deletePermResponse.getStatusCode().value() != 200) {
693 throw new ExternalAuthSystemException(deletePermResponse.getBody());
695 logger.debug(EELFLoggerDelegate.debugLogger,
696 "removePermForRole: Finished deleting permission to role in External Auth system: {} and status code: {}",
697 permDetails, deletePermResponse.getStatusCode().value());
698 } catch (Exception e) {
699 if (e.getMessage().contains("404")) {
700 logger.error(EELFLoggerDelegate.errorLogger, "Failed to add role for DELETE request: {} due to {}",
701 permDetails, e.getMessage());
709 * It will create new role in the External Auth System
713 * @return true if successfully added in the system else false
714 * @throws Exception If fails to add role in the system
716 private void addNewRoleInExternalSystem(List<EPRole> newRole, EPApp app)
717 throws Exception, HttpClientErrorException {
719 HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth();
720 ObjectMapper mapper = new ObjectMapper();
721 String addNewRole = "";
722 ExternalAccessRole extRole = new ExternalAccessRole();
723 extRole.setName(app.getNameSpace() + "." + newRole.get(0).getName()
724 .replaceAll(EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_"));
725 extRole.setDescription(String.valueOf(newRole.get(0).getName()));
726 addNewRole = mapper.writeValueAsString(extRole);
727 HttpEntity<String> postEntity = new HttpEntity<>(addNewRole, headers);
728 logger.debug(EELFLoggerDelegate.debugLogger, "addNewRoleInExternalSystem: {} for POST: {} ",
729 CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE, addNewRole);
730 ResponseEntity<String> addNewRoleInExternalSystem = template.exchange(
731 SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "role",
732 HttpMethod.POST, postEntity, String.class);
733 if (addNewRoleInExternalSystem.getStatusCode().value() == 201) {
734 logger.debug(EELFLoggerDelegate.debugLogger,
735 "addNewRoleInExternalSystem: Finished adding into External Auth system for POST: {} and status code: {}",
736 addNewRole, addNewRoleInExternalSystem.getStatusCode().value());
738 } catch (HttpClientErrorException ht) {
739 dataAccessService.deleteDomainObjects(EPRole.class, " role_id = " + newRole.get(0).getId(), null);
740 logger.error(EELFLoggerDelegate.debugLogger,
741 "addNewRoleInExternalSystem: Failed to add in External Auth system and status code: {}", ht);
742 throw new HttpClientErrorException(ht.getStatusCode());
748 * It updates existing role in the External Auth System
750 * @param addRole It Contains role information
752 * @return string which is formatted to match with the external auth system
753 * @throws JsonProcessingException
755 private String updateExistingRoleInExternalSystem(Role addRole, EPApp app) throws JsonProcessingException {
756 ObjectMapper mapper = new ObjectMapper();
757 String addNewRole = "";
758 ExternalAccessRole extRole = new ExternalAccessRole();
759 extRole.setName(app.getNameSpace() + "." + addRole.getName()
760 .replaceAll(EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_"));
761 extRole.setDescription(String.valueOf(addRole.getName()));
762 addNewRole = mapper.writeValueAsString(extRole);
767 * It create a role in the external auth system and then in our local
771 * @return true else false
774 @SuppressWarnings("unchecked")
775 @Transactional(rollbackFor = Exception.class)
776 public boolean addRoleInEcompDB(Role addRoleInDB, EPApp app) throws Exception {
777 boolean result = false;
778 EPRole epRole = null;
779 Set<RoleFunction> roleFunctionList = addRoleInDB.getRoleFunctions();
780 List<RoleFunction> roleFunctionListNew = new ArrayList<>();
781 ObjectMapper mapper = new ObjectMapper();
782 Iterator<RoleFunction> itetaror = roleFunctionList.iterator();
783 while (itetaror.hasNext()) {
784 Object nextValue = itetaror.next();
785 RoleFunction roleFunction = mapper.convertValue(nextValue, RoleFunction.class);
786 roleFunctionListNew.add(roleFunction);
788 List<RoleFunction> listWithoutDuplicates = roleFunctionListNew.stream().distinct().collect(Collectors.toList());
790 if (addRoleInDB.getId() == null) { // check if it is new role
791 if (EcompPortalUtils.checkIfRemoteCentralAccessAllowed()) {
792 checkIfRoleExitsInExternalSystem(addRoleInDB, app);
794 EPRole epRoleNew = new EPRole();
795 epRoleNew.setActive(addRoleInDB.getActive());
796 epRoleNew.setName(addRoleInDB.getName());
797 epRoleNew.setPriority(addRoleInDB.getPriority());
798 if (app.getId().equals(PortalConstants.PORTAL_APP_ID)) {
799 epRoleNew.setAppId(null);
801 epRoleNew.setAppId(app.getId());
803 dataAccessService.saveDomainObject(epRoleNew, null);
804 List<EPRole> getRoleCreated = null;
805 final Map<String, String> epAppRoleParams = new HashMap<>();
806 final Map<String, String> epAppPortalRoleParams = new HashMap<>();
807 if (!app.getId().equals(PortalConstants.PORTAL_APP_ID)) {
808 epAppRoleParams.put("appId", String.valueOf(app.getId()));
809 epAppRoleParams.put(APP_ROLE_NAME_PARAM, addRoleInDB.getName());
810 List<EPRole> roleCreated = dataAccessService
811 .executeNamedQuery(GET_ROLE_TO_UPDATE_IN_EXTERNAL_AUTH_SYSTEM, epAppRoleParams, null);
812 EPRole epUpdateRole = roleCreated.get(0);
813 epUpdateRole.setAppRoleId(epUpdateRole.getId());
814 dataAccessService.saveDomainObject(epUpdateRole, null);
815 getRoleCreated = dataAccessService.executeNamedQuery(GET_ROLE_TO_UPDATE_IN_EXTERNAL_AUTH_SYSTEM,
816 epAppRoleParams, null);
818 epAppPortalRoleParams.put(APP_ROLE_NAME_PARAM, addRoleInDB.getName());
819 getRoleCreated = dataAccessService.executeNamedQuery(GET_PORTAL_APP_ROLES_QUERY,
820 epAppPortalRoleParams, null);
822 // Add role in External Auth system
823 if (EcompPortalUtils.checkIfRemoteCentralAccessAllowed()) {
824 addNewRoleInExternalSystem(getRoleCreated, app);
827 } else { // if role already exists then update it
828 EPRole globalRole = null;
829 List<EPRole> applicationRoles;
830 List<EPRole> globalRoleList = getGlobalRolesOfPortal();
831 boolean isGlobalRole = false;
832 if (!globalRoleList.isEmpty()) {
833 EPRole role = globalRoleList.stream().filter(x -> addRoleInDB.getId().equals(x.getId())).findAny()
840 if (app.getId().equals(PortalConstants.PORTAL_APP_ID)
841 || (globalRole != null && app.getId() != globalRole.getAppId())) {
842 applicationRoles = getPortalAppRoleInfo(addRoleInDB.getId());
844 applicationRoles = getPartnerAppRoleInfo(addRoleInDB.getId(), app);
846 if (EcompPortalUtils.checkIfRemoteCentralAccessAllowed()) {
847 updateRoleInExternalSystem(addRoleInDB, app, isGlobalRole);
848 // Add all user to the re-named role in external auth system
849 if (!applicationRoles.isEmpty()
850 && !addRoleInDB.getName().equals(applicationRoles.get(0).getName())) {
851 bulkUploadUsersSingleRole(app.getUebKey(), applicationRoles.get(0).getId(),
852 addRoleInDB.getName());
855 deleteRoleFunction(app, applicationRoles);
856 if (!applicationRoles.isEmpty()) {
857 epRole = applicationRoles.get(0);
858 epRole.setName(addRoleInDB.getName());
859 epRole.setPriority(addRoleInDB.getPriority());
860 epRole.setActive(addRoleInDB.getActive());
861 if (app.getId().equals(PortalConstants.PORTAL_APP_ID)) {
862 epRole.setAppId(null);
863 epRole.setAppRoleId(null);
864 } else if (!app.getId().equals(PortalConstants.PORTAL_APP_ID)
865 && applicationRoles.get(0).getAppRoleId() == null) {
866 epRole.setAppRoleId(epRole.getId());
868 dataAccessService.saveDomainObject(epRole, null);
870 Long roleAppId = null;
871 if (globalRole != null && !app.getId().equals(globalRole.getAppId()))
872 roleAppId = PortalConstants.PORTAL_APP_ID;
873 saveRoleFunction(listWithoutDuplicates, app, applicationRoles, roleAppId);
876 } catch (Exception e) {
877 logger.error(EELFLoggerDelegate.errorLogger, "addRoleInEcompDB is failed", e);
885 * It validates whether role exists in external auth system
889 * @throws Exception If role exits
891 private void checkIfRoleExitsInExternalSystem(Role checkRole, EPApp app) throws Exception {
892 getNameSpaceIfExists(app);
893 HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth();
894 String roleName = app.getNameSpace() + "." + checkRole.getName()
895 .replaceAll(EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_");
896 HttpEntity<String> checkRoleEntity = new HttpEntity<>(headers);
897 logger.debug(EELFLoggerDelegate.debugLogger, "checkIfRoleExitsInExternalSystem: {} ",
898 CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE);
899 ResponseEntity<String> checkRoleInExternalSystem = template
900 .exchange(SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "roles/"
901 + roleName, HttpMethod.GET, checkRoleEntity, String.class);
902 if (!checkRoleInExternalSystem.getBody().equals(IS_EMPTY_JSON_STRING)) {
904 "checkIfRoleExitsInExternalSystem: Role already exists in external system {} and status code: {} ",
905 checkRoleInExternalSystem.getBody(), checkRoleInExternalSystem.getStatusCode().value());
906 throw new ExternalAuthSystemException(" Role already exists in external system");
911 * It saves list of functions to the role in portal
913 * @param roleFunctionListNew
915 * @param applicationRoles
918 @SuppressWarnings("unchecked")
919 private void saveRoleFunction(List<RoleFunction> roleFunctionListNew, EPApp app, List<EPRole> applicationRoles,
920 Long roleAppId) throws Exception {
921 final Map<String, String> getAppFunctionParams = new HashMap<>();
922 for (RoleFunction roleFunc : roleFunctionListNew) {
923 String code = EcompPortalUtils.getFunctionCode(roleFunc.getCode());
924 EPAppRoleFunction appRoleFunc = new EPAppRoleFunction();
925 appRoleFunc.setAppId(app.getId());
926 appRoleFunc.setRoleId(applicationRoles.get(0).getId());
927 appRoleFunc.setRoleAppId(String.valueOf(roleAppId));
928 getAppFunctionParams.put("appId", String.valueOf(app.getId()));
929 getAppFunctionParams.put(FUNCTION_CODE_PARAMS, roleFunc.getCode());
930 // query to check if function code has pipes
931 List<CentralV2RoleFunction> roleFunction = dataAccessService.executeNamedQuery(GET_ROLE_FUNCTION_QUERY,
932 getAppFunctionParams, null);
933 if (roleFunction.isEmpty()) {
934 getAppFunctionParams.put(FUNCTION_CODE_PARAMS, code);
935 roleFunction = dataAccessService.executeNamedQuery(GET_ROLE_FUNCTION_QUERY, getAppFunctionParams, null);
937 if (roleFunction.size() > 1) {
938 CentralV2RoleFunction getExactFunctionCode = appFunctionListFilter(code, roleFunction);
939 appRoleFunc.setCode(getExactFunctionCode.getCode());
941 appRoleFunc.setCode(roleFunction.get(0).getCode());
943 dataAccessService.saveDomainObject(appRoleFunc, null);
949 * It filters the app functions which starts with similar name in the result set
952 * @param roleFunction
953 * @return CentralRoleFunction
955 private CentralV2RoleFunction appFunctionListFilter(String roleFuncCode, List<CentralV2RoleFunction> roleFunction) {
956 final Map<String, CentralV2RoleFunction> appFunctionsFilter = new HashMap<>();
957 final Map<String, CentralV2RoleFunction> appFunctionsFilterPipes = new HashMap<>();
958 CentralV2RoleFunction getExactFunctionCode = null;
959 for (CentralV2RoleFunction cenRoleFunction : roleFunction) {
960 appFunctionsFilter.put(cenRoleFunction.getCode(), cenRoleFunction);
961 appFunctionsFilterPipes.put(EcompPortalUtils.getFunctionCode(cenRoleFunction.getCode()), cenRoleFunction);
963 getExactFunctionCode = appFunctionsFilter.get(roleFuncCode);
964 if (getExactFunctionCode == null) {
965 getExactFunctionCode = appFunctionsFilterPipes.get(roleFuncCode);
967 return getExactFunctionCode;
971 * It deletes all EPAppRoleFunction records in the portal
976 @SuppressWarnings("unchecked")
977 private void deleteRoleFunction(EPApp app, List<EPRole> role) {
978 final Map<String, Long> appRoleFuncsParams = new HashMap<>();
979 appRoleFuncsParams.put("appId", app.getId());
980 appRoleFuncsParams.put("roleId", role.get(0).getId());
981 List<EPAppRoleFunction> appRoleFunctionList = dataAccessService
982 .executeNamedQuery("getAppRoleFunctionOnRoleIdandAppId", appRoleFuncsParams, null);
983 if (!appRoleFunctionList.isEmpty()) {
984 for (EPAppRoleFunction approleFunction : appRoleFunctionList) {
985 dataAccessService.deleteDomainObject(approleFunction, null);
991 @SuppressWarnings("unchecked")
992 public List<EPUser> getUser(String loginId) throws InvalidUserException {
993 final Map<String, String> userParams = new HashMap<>();
994 userParams.put("org_user_id", loginId);
995 List<EPUser> userList = dataAccessService.executeNamedQuery("getEPUserByOrgUserId", userParams, null);
996 if (userList.isEmpty()) {
997 throw new InvalidUserException("User not found");
1003 public String getV2UserWithRoles(String loginId, String uebkey) throws Exception {
1004 final Map<String, String> params = new HashMap<>();
1005 List<EPUser> userList = null;
1006 CentralV2User cenV2User = null;
1007 String result = null;
1009 params.put("orgUserIdValue", loginId);
1010 List<EPApp> appList = getApp(uebkey);
1011 if (!appList.isEmpty()) {
1012 userList = getUser(loginId);
1013 if (!userList.isEmpty()) {
1014 ObjectMapper mapper = new ObjectMapper();
1015 cenV2User = getV2UserAppRoles(loginId, uebkey);
1016 result = mapper.writeValueAsString(cenV2User);
1017 } else if (userList.isEmpty()) {
1018 throw new InvalidUserException("User not found");
1021 throw new InactiveApplicationException("Application not found");
1023 } catch (Exception e) {
1024 logger.error(EELFLoggerDelegate.errorLogger, "getUser: failed", e);
1031 public List<CentralV2Role> getRolesForApp(String uebkey) throws Exception {
1032 logger.debug(EELFLoggerDelegate.debugLogger, "getRolesForApp: Entering into getRolesForApp");
1033 List<CentralV2Role> roleList = new ArrayList<>();
1034 final Map<String, Long> params = new HashMap<>();
1036 List<EPApp> app = getApp(uebkey);
1037 List<EPRole> appRolesList = getAppRoles(app.get(0).getId());
1038 roleList = createCentralRoleObject(app, appRolesList, roleList, params);
1039 if (app.get(0).getId() != PortalConstants.PORTAL_APP_ID) {
1040 List<CentralV2Role> globalRoleList = getGlobalRolesOfApplication(app.get(0).getId());
1041 List<EPRole> globalRolesList = getGlobalRolesOfPortal();
1042 List<CentralV2Role> portalsGlobalRolesFinlaList = new ArrayList<>();
1043 if (!globalRolesList.isEmpty()) {
1044 for (EPRole eprole : globalRolesList) {
1045 CentralV2Role cenRole = convertRoleToCentralV2Role(eprole);
1046 portalsGlobalRolesFinlaList.add(cenRole);
1048 roleList.addAll(globalRoleList);
1049 for (CentralV2Role role : portalsGlobalRolesFinlaList) {
1050 CentralV2Role result = roleList.stream().filter(x -> role.getId().equals(x.getId())).findAny()
1056 for (EPRole role : globalRolesList) {
1057 CentralV2Role cenRole = convertRoleToCentralV2Role(role);
1058 roleList.add(cenRole);
1062 } catch (Exception e) {
1063 logger.error(EELFLoggerDelegate.errorLogger, "getRolesForApp: Failed!", e);
1066 logger.debug(EELFLoggerDelegate.debugLogger, "getRolesForApp: Finished!");
1067 return roleList.stream().distinct().collect(Collectors.toList());
1070 @SuppressWarnings("unchecked")
1072 public List<CentralV2RoleFunction> getRoleFuncList(String uebkey) throws Exception {
1073 EPApp app = getApp(uebkey).get(0);
1074 List<CentralV2RoleFunction> finalRoleList = new ArrayList<>();
1075 final Map<String, Long> params = new HashMap<>();
1076 params.put(APP_ID, app.getId());
1077 List<CentralV2RoleFunction> getRoleFuncList = dataAccessService.executeNamedQuery("getAllRoleFunctions", params,
1079 for (CentralV2RoleFunction roleFuncItem : getRoleFuncList) {
1080 String code = EcompPortalUtils.getFunctionCode(roleFuncItem.getCode());
1082 if (roleFuncItem.getCode().contains("|"))
1083 type = EcompPortalUtils.getFunctionType(roleFuncItem.getCode());
1085 type = getFunctionCodeType(roleFuncItem.getCode());
1086 String action = getFunctionCodeAction(roleFuncItem.getCode());
1087 roleFuncItem.setCode(EPUserUtils.decodeFunctionCode(code));
1088 roleFuncItem.setType(type);
1089 roleFuncItem.setAction(action);
1090 finalRoleList.add(roleFuncItem);
1092 return finalRoleList;
1096 public String getFunctionCodeAction(String roleFuncItem) {
1097 return (!roleFuncItem.contains(FUNCTION_PIPE)) ? "*" : EcompPortalUtils.getFunctionAction(roleFuncItem);
1101 public String getFunctionCodeType(String roleFuncItem) {
1103 if ((roleFuncItem.contains(FUNCTION_PIPE) && roleFuncItem.contains("menu"))
1104 || (!roleFuncItem.contains(FUNCTION_PIPE) && roleFuncItem.contains("menu"))) {
1106 } else if (checkIfCodeHasNoPipesAndHasTypeUrl(roleFuncItem) || checkIfCodeHasPipesAndHasTypeUrl(roleFuncItem)
1107 || checkIfCodeHasNoPipesAndHasNoTypeUrl(roleFuncItem)) {
1109 } else if (roleFuncItem.contains(FUNCTION_PIPE)
1110 && (!roleFuncItem.contains("menu") || roleFuncItem.contains("url"))) {
1111 type = EcompPortalUtils.getFunctionType(roleFuncItem);
1118 * It check whether function code has no pipes and no url string in it
1120 * @param roleFuncItem
1121 * @return true or false
1123 private boolean checkIfCodeHasNoPipesAndHasNoTypeUrl(String roleFuncItem) {
1124 return !roleFuncItem.contains(FUNCTION_PIPE) && !roleFuncItem.contains("url");
1129 * It check whether function code has pipes and url string in it
1131 * @param roleFuncItem
1132 * @return true or false
1134 private boolean checkIfCodeHasPipesAndHasTypeUrl(String roleFuncItem) {
1135 return roleFuncItem.contains(FUNCTION_PIPE) && roleFuncItem.contains("url");
1140 * It check whether function code has no pipes and has url string in it
1142 * @param roleFuncItem
1143 * @return true or false
1145 private boolean checkIfCodeHasNoPipesAndHasTypeUrl(String roleFuncItem) {
1146 return !roleFuncItem.contains(FUNCTION_PIPE) && roleFuncItem.contains("url");
1150 * It returns user detail information which is deep copy of EPUser.class object
1158 @SuppressWarnings("unchecked")
1159 private CentralV2User createEPUser(EPUser userInfo, Set<EPUserApp> userAppSet, EPApp app) throws Exception {
1160 final Map<String, Long> params = new HashMap<>();
1161 CentralV2User userAppList = new CentralV2User.CentralV2UserBuilder().createCentralV2User();
1162 CentralV2User user1 = null;
1163 final Map<String, Long> params1 = new HashMap<>();
1164 List<EPRole> globalRoleList = new ArrayList<>();
1166 if (app.getId() != PortalConstants.PORTAL_APP_ID) {
1167 params1.put("userId", userInfo.getId());
1168 params1.put("appId", app.getId());
1169 globalRoleList = dataAccessService.executeNamedQuery("userAppGlobalRoles", params1, null);
1171 userAppList.setUserApps(new TreeSet<CentralV2UserApp>());
1172 for (EPUserApp userApp : userAppSet) {
1173 if (userApp.getRole().getActive()) {
1174 EPApp epApp = userApp.getApp();
1175 String globalRole = userApp.getRole().getName().toLowerCase();
1176 if (((epApp.getId().equals(app.getId()))
1177 && (!userApp.getRole().getId().equals(PortalConstants.ACCOUNT_ADMIN_ROLE_ID)))
1178 || ((epApp.getId().equals(PortalConstants.PORTAL_APP_ID))
1179 && (globalRole.toLowerCase().startsWith("global_")))) {
1180 CentralV2UserApp cua = new CentralV2UserApp();
1181 cua.setUserId(null);
1182 CentralApp cenApp = new CentralApp.CentralAppBuilder().setId(1L).setCreated(epApp.getCreated())
1183 .setModified(epApp.getModified()).setCreatedId(epApp.getCreatedId())
1184 .setModifiedId(epApp.getModifiedId()).setRowNum(epApp.getRowNum())
1185 .setName(epApp.getName()).setImageUrl(epApp.getImageUrl())
1186 .setDescription(epApp.getDescription()).setNotes(epApp.getNotes())
1187 .setUrl(epApp.getUrl()).setAlternateUrl(epApp.getAlternateUrl())
1188 .setRestEndpoint(epApp.getAppRestEndpoint()).setMlAppName(epApp.getMlAppName())
1189 .setMlAppAdminId(epApp.getMlAppAdminId()).setMotsId(String.valueOf(epApp.getMotsId()))
1190 .setAppPassword(epApp.getAppPassword()).setOpen(String.valueOf(epApp.getOpen()))
1191 .setEnabled(String.valueOf(epApp.getEnabled())).setThumbnail(epApp.getThumbnail())
1192 .setUsername(epApp.getUsername()).setUebKey(epApp.getUebKey())
1193 .setUebSecret(epApp.getUebSecret()).setUebTopicName(epApp.getUebTopicName())
1194 .createCentralApp();
1195 cenApp.setAppPassword(EPCommonSystemProperties.APP_DISPLAY_PASSWORD);
1198 if (globalRole.toLowerCase().startsWith("global_")
1199 && epApp.getId().equals(PortalConstants.PORTAL_APP_ID)
1200 && !epApp.getId().equals(app.getId())) {
1201 appId = app.getId();
1202 EPRole result = null;
1203 if (globalRoleList.size() > 0)
1204 result = globalRoleList.stream()
1205 .filter(x -> userApp.getRole().getId().equals(x.getId())).findAny()
1210 appId = userApp.getApp().getId();
1212 params.put("roleId", userApp.getRole().getId());
1213 params.put(APP_ID, appId);
1214 List<CentralV2RoleFunction> appRoleFunctionList = dataAccessService
1215 .executeNamedQuery("getAppRoleFunctionList", params, null);
1216 SortedSet<CentralV2RoleFunction> roleFunctionSet = new TreeSet<>();
1217 for (CentralV2RoleFunction roleFunc : appRoleFunctionList) {
1218 String functionCode = EcompPortalUtils.getFunctionCode(roleFunc.getCode());
1219 String type = getFunctionCodeType(roleFunc.getCode());
1220 String action = getFunctionCodeAction(roleFunc.getCode());
1221 CentralV2RoleFunction cenRoleFunc = new CentralV2RoleFunction(roleFunc.getId(),
1222 functionCode, roleFunc.getName(), null, type, action, null);
1223 roleFunctionSet.add(cenRoleFunc);
1225 Long userRoleId = null;
1226 if (globalRole.toLowerCase().startsWith("global_")
1227 || epApp.getId().equals(PortalConstants.PORTAL_APP_ID)) {
1228 userRoleId = userApp.getRole().getId();
1230 userRoleId = userApp.getRole().getAppRoleId();
1232 CentralV2Role cenRole = new CentralV2Role.CentralV2RoleBuilder().setId(userRoleId)
1233 .setCreated(userApp.getRole().getCreated()).setModified(userApp.getRole().getModified())
1234 .setCreatedId(userApp.getRole().getCreatedId())
1235 .setModifiedId(userApp.getRole().getModifiedId())
1236 .setRowNum(userApp.getRole().getRowNum()).setName(userApp.getRole().getName())
1237 .setActive(userApp.getRole().getActive()).setPriority(userApp.getRole().getPriority())
1238 .setRoleFunctions(roleFunctionSet).setChildRoles(null).setParentRoles(null)
1239 .createCentralV2Role();
1240 cua.setRole(cenRole);
1241 userAppList.getUserApps().add(cua);
1245 user1 = new CentralV2User.CentralV2UserBuilder().setId(null).setCreated(userInfo.getCreated())
1246 .setModified(userInfo.getModified()).setCreatedId(userInfo.getCreatedId())
1247 .setModifiedId(userInfo.getModifiedId()).setRowNum(userInfo.getRowNum())
1248 .setOrgId(userInfo.getOrgId()).setManagerId(userInfo.getManagerId())
1249 .setFirstName(userInfo.getFirstName()).setMiddleInitial(userInfo.getMiddleInitial())
1250 .setLastName(userInfo.getLastName()).setPhone(userInfo.getPhone()).setFax(userInfo.getFax())
1251 .setCellular(userInfo.getCellular()).setEmail(userInfo.getEmail())
1252 .setAddressId(userInfo.getAddressId()).setAlertMethodCd(userInfo.getAlertMethodCd())
1253 .setHrid(userInfo.getHrid()).setOrgUserId(userInfo.getOrgUserId()).setOrgCode(userInfo.getOrgCode())
1254 .setAddress1(userInfo.getAddress1()).setAddress2(userInfo.getAddress2()).setCity(userInfo.getCity())
1255 .setState(userInfo.getState()).setZipCode(userInfo.getZipCode()).setCountry(userInfo.getCountry())
1256 .setOrgManagerUserId(userInfo.getOrgManagerUserId()).setLocationClli(userInfo.getLocationClli())
1257 .setBusinessCountryCode(userInfo.getBusinessCountryCode())
1258 .setBusinessCountryName(userInfo.getBusinessCountryName())
1259 .setBusinessUnit(userInfo.getBusinessUnit()).setBusinessUnitName(userInfo.getBusinessUnitName())
1260 .setDepartment(userInfo.getDepartment()).setDepartmentName(userInfo.getDepartmentName())
1261 .setCompanyCode(userInfo.getCompanyCode()).setCompany(userInfo.getCompany())
1262 .setZipCodeSuffix(userInfo.getZipCodeSuffix()).setJobTitle(userInfo.getJobTitle())
1263 .setCommandChain(userInfo.getCommandChain()).setSiloStatus(userInfo.getSiloStatus())
1264 .setCostCenter(userInfo.getCostCenter()).setFinancialLocCode(userInfo.getFinancialLocCode())
1265 .setLoginId(userInfo.getLoginId()).setLoginPwd(userInfo.getLoginPwd())
1266 .setLastLoginDate(userInfo.getLastLoginDate()).setActive(userInfo.getActive())
1267 .setInternal(userInfo.getInternal()).setSelectedProfileId(userInfo.getSelectedProfileId())
1268 .setTimeZoneId(userInfo.getTimeZoneId()).setOnline(userInfo.isOnline())
1269 .setChatId(userInfo.getChatId()).setUserApps(userAppList.getUserApps()).setPseudoRoles(null)
1270 .createCentralV2User();
1271 } catch (Exception e) {
1272 logger.error(EELFLoggerDelegate.errorLogger, "createEPUser: createEPUser failed", e);
1279 public CentralV2Role getRoleInfo(Long roleId, String uebkey) throws Exception {
1280 final Map<String, Long> params = new HashMap<>();
1281 List<CentralV2Role> roleList = new ArrayList<>();
1282 CentralV2Role cenRole = new CentralV2Role.CentralV2RoleBuilder().createCentralV2Role();
1283 List<EPRole> roleInfo = null;
1284 List<EPApp> app = null;
1286 app = getApp(uebkey);
1287 if (app.isEmpty()) {
1288 throw new InactiveApplicationException("Application not found");
1290 if (app.get(0).getId() != PortalConstants.PORTAL_APP_ID) {
1291 List<EPRole> globalRoleList = new ArrayList<>();
1292 globalRoleList = getGlobalRolesOfPortal();
1293 if (globalRoleList.size() > 0) {
1294 EPRole result = globalRoleList.stream().filter(x -> roleId.equals(x.getId())).findAny()
1297 return getGlobalRoleForRequestedApp(app.get(0).getId(), roleId);
1300 if (app.get(0).getId().equals(PortalConstants.PORTAL_APP_ID)) {
1301 roleInfo = getPortalAppRoleInfo(roleId);
1303 roleInfo = getPartnerAppRoleInfo(roleId, app.get(0));
1305 roleList = createCentralRoleObject(app, roleInfo, roleList, params);
1306 if (roleList.isEmpty()) {
1309 } catch (Exception e) {
1310 logger.error(EELFLoggerDelegate.errorLogger, "getRoleInfo: failed", e);
1313 return roleList.get(0);
1316 @SuppressWarnings("unchecked")
1317 private List<EPRole> getPartnerAppRoleInfo(Long roleId, EPApp app) {
1318 List<EPRole> roleInfo;
1319 final Map<String, Long> getPartnerAppRoleParams = new HashMap<>();
1320 getPartnerAppRoleParams.put("appRoleId", roleId);
1321 getPartnerAppRoleParams.put("appId", app.getId());
1322 roleInfo = dataAccessService.executeNamedQuery("getPartnerAppRoleByRoleId", getPartnerAppRoleParams, null);
1323 if (roleInfo.isEmpty()) {
1324 getPartnerAppRoleParams.put("appRoleId", roleId);
1325 roleInfo = dataAccessService.executeNamedQuery("getPartnerAppRoleById", getPartnerAppRoleParams, null);
1331 @SuppressWarnings("unchecked")
1332 public List<EPRole> getPortalAppRoleInfo(Long roleId) {
1333 List<EPRole> roleInfo;
1334 final Map<String, Long> getPortalAppRoleParams = new HashMap<>();
1335 getPortalAppRoleParams.put("roleId", roleId);
1336 roleInfo = dataAccessService.executeNamedQuery("getPortalAppRoleByRoleId", getPortalAppRoleParams, null);
1342 * It returns list of app roles along with role functions and which went through
1350 * @throws DecoderException
1352 @SuppressWarnings("unchecked")
1354 public List<CentralV2Role> createCentralRoleObject(List<EPApp> app, List<EPRole> roleInfo,
1355 List<CentralV2Role> roleList, Map<String, Long> params) throws RoleFunctionException {
1356 for (EPRole role : roleInfo) {
1357 params.put("roleId", role.getId());
1358 params.put(APP_ID, app.get(0).getId());
1359 List<CentralV2RoleFunction> cenRoleFuncList = dataAccessService.executeNamedQuery("getAppRoleFunctionList",
1361 SortedSet<CentralV2RoleFunction> roleFunctionSet = new TreeSet<>();
1362 for (CentralV2RoleFunction roleFunc : cenRoleFuncList) {
1363 String functionCode = EcompPortalUtils.getFunctionCode(roleFunc.getCode());
1364 functionCode = EPUserUtils.decodeFunctionCode(functionCode);
1365 String type = getFunctionCodeType(roleFunc.getCode());
1366 String action = getFunctionCodeAction(roleFunc.getCode());
1367 CentralV2RoleFunction cenRoleFunc = new CentralV2RoleFunction(role.getId(), functionCode,
1368 roleFunc.getName(), null, type, action, null);
1369 roleFunctionSet.add(cenRoleFunc);
1371 SortedSet<CentralV2Role> childRoles = new TreeSet<>();
1372 SortedSet<CentralV2Role> parentRoles = new TreeSet<>();
1373 CentralV2Role cenRole = null;
1374 if (role.getAppRoleId() == null) {
1375 cenRole = new CentralV2Role.CentralV2RoleBuilder().setId(role.getId()).setCreated(role.getCreated())
1376 .setModified(role.getModified()).setCreatedId(role.getCreatedId())
1377 .setModifiedId(role.getModifiedId()).setRowNum(role.getRowNum()).setName(role.getName())
1378 .setActive(role.getActive()).setPriority(role.getPriority()).setRoleFunctions(roleFunctionSet)
1379 .setChildRoles(childRoles).setParentRoles(parentRoles).createCentralV2Role();
1381 cenRole = new CentralV2Role.CentralV2RoleBuilder().setId(role.getAppRoleId())
1382 .setCreated(role.getCreated()).setModified(role.getModified()).setCreatedId(role.getCreatedId())
1383 .setModifiedId(role.getModifiedId()).setRowNum(role.getRowNum()).setName(role.getName())
1384 .setActive(role.getActive()).setPriority(role.getPriority()).setRoleFunctions(roleFunctionSet)
1385 .setChildRoles(childRoles).setParentRoles(parentRoles).createCentralV2Role();
1387 roleList.add(cenRole);
1392 @SuppressWarnings("unchecked")
1394 public CentralV2RoleFunction getRoleFunction(String functionCode, String uebkey) throws Exception {
1395 String code = EcompPortalUtils.getFunctionCode(functionCode);
1396 String encodedCode = EcompPortalUtils.encodeFunctionCode(code);
1397 CentralV2RoleFunction roleFunc = null;
1398 EPApp app = getApp(uebkey).get(0);
1399 List<CentralV2RoleFunction> getRoleFuncList = null;
1400 final Map<String, String> params = new HashMap<>();
1402 params.put(FUNCTION_CODE_PARAMS, functionCode);
1403 params.put(APP_ID, String.valueOf(app.getId()));
1404 getRoleFuncList = dataAccessService.executeNamedQuery(GET_ROLE_FUNCTION_QUERY, params, null);
1405 if (getRoleFuncList.isEmpty()) {
1406 params.put(FUNCTION_CODE_PARAMS, encodedCode);
1407 getRoleFuncList = dataAccessService.executeNamedQuery(GET_ROLE_FUNCTION_QUERY, params, null);
1408 if (getRoleFuncList.isEmpty()) {
1412 if (getRoleFuncList.size() > 1) {
1413 CentralV2RoleFunction cenV2RoleFunction = appFunctionListFilter(encodedCode, getRoleFuncList);
1414 if (cenV2RoleFunction == null)
1416 roleFunc = checkIfPipesExitsInFunctionCode(cenV2RoleFunction);
1418 // Check even if single record have pipes
1419 if (!getRoleFuncList.isEmpty() && getRoleFuncList.get(0).getCode().contains(FUNCTION_PIPE)) {
1420 roleFunc = checkIfPipesExitsInFunctionCode(getRoleFuncList.get(0));
1422 roleFunc = getRoleFuncList.get(0);
1425 } catch (Exception e) {
1426 logger.error(EELFLoggerDelegate.errorLogger, "getRoleFunction: failed", e);
1432 private CentralV2RoleFunction checkIfPipesExitsInFunctionCode(CentralV2RoleFunction getRoleFuncList) {
1433 CentralV2RoleFunction roleFunc;
1434 String functionCodeFormat = getRoleFuncList.getCode();
1435 if (functionCodeFormat.contains(FUNCTION_PIPE)) {
1436 String newfunctionCodeFormat = EcompPortalUtils.getFunctionCode(functionCodeFormat);
1437 String newfunctionTypeFormat = EcompPortalUtils.getFunctionType(functionCodeFormat);
1438 String newfunctionActionFormat = EcompPortalUtils.getFunctionAction(functionCodeFormat);
1439 roleFunc = new CentralV2RoleFunction(getRoleFuncList.getId(), newfunctionCodeFormat,
1440 getRoleFuncList.getName(), getRoleFuncList.getAppId(), newfunctionTypeFormat,
1441 newfunctionActionFormat, getRoleFuncList.getEditUrl());
1443 roleFunc = new CentralV2RoleFunction(getRoleFuncList.getId(), functionCodeFormat, getRoleFuncList.getName(),
1444 getRoleFuncList.getAppId(), getRoleFuncList.getEditUrl());
1450 public boolean saveCentralRoleFunction(CentralV2RoleFunction domainCentralRoleFunction, EPApp app)
1452 boolean saveOrUpdateFunction = false;
1454 if(EcompPortalUtils.checkFunctionCodeHasEncodePattern(domainCentralRoleFunction.getCode()))
1455 domainCentralRoleFunction.setCode(EcompPortalUtils.encodeFunctionCode(domainCentralRoleFunction.getCode()));
1456 final Map<String, String> functionParams = new HashMap<>();
1457 functionParams.put("appId", String.valueOf(app.getId()));
1458 if (EcompPortalUtils.checkIfRemoteCentralAccessAllowed()) {
1459 addRoleFunctionInExternalSystem(domainCentralRoleFunction, app);
1461 if (domainCentralRoleFunction.getType() != null && domainCentralRoleFunction.getAction() != null) {
1462 domainCentralRoleFunction.setCode(domainCentralRoleFunction.getType() + FUNCTION_PIPE
1463 + domainCentralRoleFunction.getCode() + FUNCTION_PIPE + domainCentralRoleFunction.getAction());
1465 domainCentralRoleFunction.setAppId(app.getId());
1466 dataAccessService.saveDomainObject(domainCentralRoleFunction, null);
1467 saveOrUpdateFunction = true;
1468 } catch (Exception e) {
1469 logger.error(EELFLoggerDelegate.errorLogger, "saveCentralRoleFunction: failed", e);
1472 return saveOrUpdateFunction;
1476 * It creates application permission in external auth system
1478 * @param domainCentralRoleFunction
1482 private void addRoleFunctionInExternalSystem(CentralV2RoleFunction domainCentralRoleFunction, EPApp app)
1484 ObjectMapper mapper = new ObjectMapper();
1485 ExternalAccessPerms extPerms = new ExternalAccessPerms();
1486 HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth();
1488 String instance = "";
1490 if ((domainCentralRoleFunction.getType() != null && domainCentralRoleFunction.getAction() != null)
1491 || domainCentralRoleFunction.getCode().contains(FUNCTION_PIPE)) {
1492 type = domainCentralRoleFunction.getCode().contains(FUNCTION_PIPE)
1493 ? EcompPortalUtils.getFunctionType(domainCentralRoleFunction.getCode())
1494 : domainCentralRoleFunction.getType();
1495 instance = domainCentralRoleFunction.getCode().contains(FUNCTION_PIPE)
1496 ? EcompPortalUtils.getFunctionCode(domainCentralRoleFunction.getCode())
1497 : domainCentralRoleFunction.getCode();
1498 action = domainCentralRoleFunction.getCode().contains(FUNCTION_PIPE)
1499 ? EcompPortalUtils.getFunctionAction(domainCentralRoleFunction.getCode())
1500 : domainCentralRoleFunction.getAction();
1502 type = domainCentralRoleFunction.getCode().contains("menu") ? "menu" : "url";
1503 instance = domainCentralRoleFunction.getCode();
1506 // get Permissions from External Auth System
1507 JSONArray extPermsList = getExtAuthPermissions(app);
1508 List<ExternalAccessPermsDetail> permsDetailList = getExtAuthPerrmissonList(app, extPermsList);
1509 String requestedPerm = type + FUNCTION_PIPE + instance + FUNCTION_PIPE + action;
1510 boolean checkIfFunctionsExits = permsDetailList.stream()
1511 .anyMatch(permsDetail -> permsDetail.getInstance().equals(requestedPerm));
1512 if (!checkIfFunctionsExits) {
1514 extPerms.setAction(action);
1515 extPerms.setInstance(instance);
1516 extPerms.setType(app.getNameSpace() + "." + type);
1517 extPerms.setDescription(domainCentralRoleFunction.getName());
1518 String addFunction = mapper.writeValueAsString(extPerms);
1519 HttpEntity<String> entity = new HttpEntity<>(addFunction, headers);
1520 logger.debug(EELFLoggerDelegate.debugLogger, "addRoleFunctionInExternalSystem: {} for POST: {}",
1521 CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE, addFunction);
1522 ResponseEntity<String> addPermResponse = template.exchange(
1523 SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "perm",
1524 HttpMethod.POST, entity, String.class);
1525 logger.debug(EELFLoggerDelegate.debugLogger,
1526 "addRoleFunctionInExternalSystem: Finished adding permission for POST: {} and status code: {} ",
1527 addPermResponse.getStatusCode().value(), addFunction);
1528 } catch (HttpClientErrorException e) {
1529 logger.error(EELFLoggerDelegate.errorLogger,
1530 "HttpClientErrorException - Failed to add function in external central auth system", e);
1531 EPLogUtil.logExternalAuthAccessAlarm(logger, e.getStatusCode());
1533 } catch (Exception e) {
1534 logger.error(EELFLoggerDelegate.errorLogger,
1535 "addRoleFunctionInExternalSystem: Failed to add fucntion in external central auth system", e);
1540 extPerms.setAction(action);
1541 extPerms.setInstance(instance);
1542 extPerms.setType(app.getNameSpace() + "." + type);
1543 extPerms.setDescription(domainCentralRoleFunction.getName());
1544 String updateRoleFunction = mapper.writeValueAsString(extPerms);
1545 HttpEntity<String> entity = new HttpEntity<>(updateRoleFunction, headers);
1546 logger.debug(EELFLoggerDelegate.debugLogger, "addRoleFunctionInExternalSystem: {} for PUT: {}",
1547 CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE, updateRoleFunction);
1548 ResponseEntity<String> updatePermResponse = template.exchange(
1549 SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "perm",
1550 HttpMethod.PUT, entity, String.class);
1551 logger.debug(EELFLoggerDelegate.debugLogger,
1552 "addRoleFunctionInExternalSystem: Finished updating permission in External Auth system {} and response: {} ",
1553 updateRoleFunction, updatePermResponse.getStatusCode().value());
1554 } catch (HttpClientErrorException e) {
1555 logger.error(EELFLoggerDelegate.errorLogger,
1556 "HttpClientErrorException - Failed to add function in external central auth system", e);
1557 EPLogUtil.logExternalAuthAccessAlarm(logger, e.getStatusCode());
1559 } catch (Exception e) {
1560 logger.error(EELFLoggerDelegate.errorLogger,
1561 "addRoleFunctionInExternalSystem: Failed to update function in external central auth system",
1568 @SuppressWarnings("unchecked")
1570 @Transactional(rollbackFor = Exception.class)
1571 public boolean deleteCentralRoleFunction(String code, EPApp app) {
1572 boolean deleteFunctionResponse = false;
1574 final Map<String, String> params = new HashMap<>();
1575 params.put(FUNCTION_CODE_PARAMS, code);
1576 params.put(APP_ID, String.valueOf(app.getId()));
1577 List<CentralV2RoleFunction> domainCentralRoleFunction = dataAccessService
1578 .executeNamedQuery(GET_ROLE_FUNCTION_QUERY, params, null);
1579 CentralV2RoleFunction appFunctionCode = appFunctionListFilter(code, domainCentralRoleFunction);
1580 if (EcompPortalUtils.checkIfRemoteCentralAccessAllowed()) {
1581 deleteRoleFunctionInExternalSystem(appFunctionCode, app);
1582 // Delete role function dependency records
1583 deleteAppRoleFunctions(appFunctionCode.getCode(), app);
1585 dataAccessService.deleteDomainObject(appFunctionCode, null);
1586 deleteFunctionResponse = true;
1587 } catch (Exception e) {
1588 logger.error(EELFLoggerDelegate.errorLogger, "deleteCentralRoleFunction: failed", e);
1590 return deleteFunctionResponse;
1594 * It deletes app function record in portal
1599 private void deleteAppRoleFunctions(String code, EPApp app) {
1600 dataAccessService.deleteDomainObjects(EPAppRoleFunction.class,
1601 APP_ID_EQUALS + app.getId() + AND_FUNCTION_CD_EQUALS + code + "'", null);
1606 * It deletes permission in the external auth system
1608 * @param domainCentralRoleFunction
1612 private void deleteRoleFunctionInExternalSystem(CentralV2RoleFunction domainCentralRoleFunction, EPApp app)
1615 ObjectMapper mapper = new ObjectMapper();
1616 ExternalAccessPerms extPerms = new ExternalAccessPerms();
1617 String instanceValue = EcompPortalUtils.getFunctionCode(domainCentralRoleFunction.getCode());
1618 String checkType = getFunctionCodeType(domainCentralRoleFunction.getCode());
1619 String actionValue = getFunctionCodeAction(domainCentralRoleFunction.getCode());
1620 HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth();
1621 extPerms.setAction(actionValue);
1622 extPerms.setInstance(instanceValue);
1623 extPerms.setType(app.getNameSpace() + "." + checkType);
1624 extPerms.setDescription(domainCentralRoleFunction.getName());
1625 String deleteRoleFunction = mapper.writeValueAsString(extPerms);
1626 HttpEntity<String> entity = new HttpEntity<>(deleteRoleFunction, headers);
1627 logger.debug(EELFLoggerDelegate.debugLogger, "deleteRoleFunctionInExternalSystem: {} for DELETE: {} ",
1628 CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE, deleteRoleFunction);
1629 ResponseEntity<String> delPermResponse = template
1630 .exchange(SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL)
1631 + "perm?force=true", HttpMethod.DELETE, entity, String.class);
1632 logger.debug(EELFLoggerDelegate.debugLogger,
1633 "deleteRoleFunctionInExternalSystem: Finished deleting permission in External Auth system {} and status code: {} ",
1634 deleteRoleFunction, delPermResponse.getStatusCode().value());
1635 } catch (HttpClientErrorException e) {
1636 logger.error(EELFLoggerDelegate.errorLogger,
1637 "HttpClientErrorException - Failed to delete functions in External System", e);
1638 EPLogUtil.logExternalAuthAccessAlarm(logger, e.getStatusCode());
1639 } catch (Exception e) {
1640 if (e.getMessage().equalsIgnoreCase("404 Not Found")) {
1641 logger.debug(EELFLoggerDelegate.debugLogger,
1642 " deleteRoleFunctionInExternalSystem: It seems like function is already deleted in external central auth system but exists in local DB",
1645 logger.error(EELFLoggerDelegate.errorLogger,
1646 "deleteRoleFunctionInExternalSystem: Failed to delete functions in External System", e);
1652 public ExternalRequestFieldsValidator saveRoleForApplication(Role saveRole, String uebkey) throws Exception {
1653 boolean response = false;
1654 String message = "";
1656 EPApp app = getApp(uebkey).get(0);
1657 addRoleInEcompDB(saveRole, app);
1659 } catch (Exception e) {
1660 message = e.getMessage();
1661 logger.error(EELFLoggerDelegate.errorLogger, "saveRoleForApplication failed", e);
1663 return new ExternalRequestFieldsValidator(response, message);
1666 @SuppressWarnings("unchecked")
1668 public boolean deleteRoleForApplication(String deleteRole, String uebkey) throws Exception {
1669 Session localSession = sessionFactory.openSession();
1670 Transaction transaction = null;
1671 boolean result = false;
1673 List<EPRole> epRoleList = null;
1674 EPApp app = getApp(uebkey).get(0);
1675 final Map<String, String> deleteRoleParams = new HashMap<>();
1676 deleteRoleParams.put(APP_ROLE_NAME_PARAM, deleteRole);
1677 if (app.getId().equals(PortalConstants.PORTAL_APP_ID)) {
1678 epRoleList = dataAccessService.executeNamedQuery(GET_PORTAL_APP_ROLES_QUERY, deleteRoleParams, null);
1680 deleteRoleParams.put(APP_ID, String.valueOf(app.getId()));
1681 epRoleList = dataAccessService.executeNamedQuery(GET_ROLE_TO_UPDATE_IN_EXTERNAL_AUTH_SYSTEM,
1682 deleteRoleParams, null);
1684 if (!epRoleList.isEmpty()) {
1685 transaction = localSession.beginTransaction();
1686 // Delete app role functions before deleting role
1687 deleteRoleFunction(app, epRoleList);
1688 if (app.getId() == 1) {
1689 // Delete fn_user_ role
1690 dataAccessService.deleteDomainObjects(EPUserApp.class,
1691 APP_ID_EQUALS + app.getId() + " and role_id = " + epRoleList.get(0).getId(), null);
1692 boolean isPortalRequest = false;
1693 deleteRoleDependencyRecords(localSession, epRoleList.get(0).getId(), app.getId(), isPortalRequest);
1695 deleteRoleInExternalAuthSystem(epRoleList, app);
1696 transaction.commit();
1697 logger.debug(EELFLoggerDelegate.debugLogger, "deleteRoleForApplication: committed the transaction");
1698 dataAccessService.deleteDomainObject(epRoleList.get(0), null);
1701 } catch (Exception e) {
1702 logger.error(EELFLoggerDelegate.errorLogger, "deleteRoleForApplication: failed", e);
1705 localSession.close();
1712 * It deletes role for application in external auth system
1714 * @param epRoleList contains role information
1715 * @param app contains application information
1718 private void deleteRoleInExternalAuthSystem(List<EPRole> epRoleList, EPApp app) throws Exception {
1719 ResponseEntity<String> deleteResponse;
1720 ResponseEntity<String> res = getNameSpaceIfExists(app);
1721 if (res.getStatusCode() == HttpStatus.OK) {
1722 // Delete Role in External System
1723 String deleteRoleKey = "{\"name\":\"" + app.getNameSpace() + "." + epRoleList.get(0).getName()
1724 .replaceAll(EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_") + "\"}";
1725 deleteResponse = deleteRoleInExternalSystem(deleteRoleKey);
1726 if (deleteResponse.getStatusCode().value() != 200 && deleteResponse.getStatusCode().value() != 404) {
1727 EPLogUtil.logExternalAuthAccessAlarm(logger, deleteResponse.getStatusCode());
1728 logger.error(EELFLoggerDelegate.errorLogger,
1729 "deleteRoleForApplication: Failed to delete role in external auth system! due to {} ",
1730 deleteResponse.getBody());
1732 logger.debug(EELFLoggerDelegate.debugLogger, "deleteRoleForApplication: about to commit the transaction");
1738 * It deletes application user role in external auth system
1745 private void deleteUserRoleInExternalSystem(EPRole role, EPApp app, String LoginId) throws Exception {
1746 HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth();
1747 HttpEntity<String> entity = new HttpEntity<>(headers);
1748 getNameSpaceIfExists(app);
1749 logger.debug(EELFLoggerDelegate.debugLogger, "deleteUserRoleInExternalSystem: {} ",
1750 CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE);
1751 ResponseEntity<String> getResponse = template.exchange(
1752 SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "userRole/"
1754 + SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_USER_DOMAIN)
1755 + "/" + app.getNameSpace() + "."
1757 .replaceAll(EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_"),
1758 HttpMethod.GET, entity, String.class);
1759 logger.debug(EELFLoggerDelegate.debugLogger,
1760 "deleteUserRoleInExternalSystem: Finished GET user roles from External Auth system and response: {} ",
1761 getResponse.getBody());
1762 if (getResponse.getStatusCode().value() != 200) {
1763 throw new ExternalAuthSystemException(getResponse.getBody());
1765 String res = getResponse.getBody();
1766 if (!res.equals(IS_EMPTY_JSON_STRING)) {
1767 HttpEntity<String> userRoleentity = new HttpEntity<>(headers);
1768 logger.debug(EELFLoggerDelegate.debugLogger, "deleteUserRoleInExternalSystem: {} ",
1769 CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE);
1770 ResponseEntity<String> deleteResponse = template.exchange(
1771 SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "userRole/"
1773 + SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_USER_DOMAIN)
1774 + "/" + app.getNameSpace() + "."
1775 + role.getName().replaceAll(
1776 EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_"),
1777 HttpMethod.DELETE, userRoleentity, String.class);
1778 if (deleteResponse.getStatusCode().value() != 200) {
1779 throw new ExternalAuthSystemException("Failed to delete user role");
1781 logger.debug(EELFLoggerDelegate.debugLogger,
1782 "deleteUserRoleInExternalSystem: Finished deleting user role in External Auth system and status code: {} ",
1783 deleteResponse.getStatusCode().value());
1787 @SuppressWarnings("unchecked")
1789 public List<CentralV2Role> getActiveRoles(String uebkey) throws Exception {
1790 List<CentralV2Role> roleList = new ArrayList<>();
1792 List<EPApp> app = getApp(uebkey);
1793 final Map<String, Long> params = new HashMap<>();
1796 if (!app.get(0).getId().equals(PortalConstants.PORTAL_APP_ID)) {
1797 appId = app.get(0).getId();
1799 List<Criterion> restrictionsList = new ArrayList<Criterion>();
1800 Criterion active_ynCrt = Restrictions.eq("active", Boolean.TRUE);
1803 appIdCrt = Restrictions.isNull("appId");
1805 appIdCrt = Restrictions.eq("appId", appId);
1806 Criterion andCrit = Restrictions.and(active_ynCrt, appIdCrt);
1807 restrictionsList.add(andCrit);
1808 List<EPRole> epRole = (List<EPRole>) dataAccessService.getList(EPRole.class, null, restrictionsList, null);
1809 roleList = createCentralRoleObject(app, epRole, roleList, params);
1810 List<CentralV2Role> globalRoleList = getGlobalRolesOfApplication(app.get(0).getId());
1811 if (globalRoleList.size() > 0)
1812 roleList.addAll(globalRoleList);
1813 } catch (Exception e) {
1814 logger.error(EELFLoggerDelegate.errorLogger, "getActiveRoles: failed", e);
1821 @Transactional(rollbackFor = Exception.class)
1822 public ExternalRequestFieldsValidator deleteDependencyRoleRecord(Long roleId, String uebkey, String LoginId)
1824 Session localSession = sessionFactory.openSession();
1825 String message = "";
1826 Transaction transaction = null;
1827 boolean response = false;
1830 transaction = localSession.beginTransaction();
1831 List<EPRole> epRoleList = null;
1832 app = getApp(uebkey).get(0);
1833 if (app.getId().equals(PortalConstants.PORTAL_APP_ID)) {
1834 epRoleList = getPortalAppRoleInfo(roleId);
1836 epRoleList = getPartnerAppRoleInfo(roleId, app);
1838 if (EcompPortalUtils.checkIfRemoteCentralAccessAllowed()) {
1839 // Delete User Role in External System before deleting role
1840 deleteUserRoleInExternalSystem(epRoleList.get(0), app, LoginId);
1842 // Delete user app roles
1843 dataAccessService.deleteDomainObjects(EPUserApp.class,
1844 APP_ID_EQUALS + app.getId() + " and role_id = " + epRoleList.get(0).getId(), null);
1845 boolean isPortalRequest = false;
1846 deleteRoleDependencyRecords(localSession, epRoleList.get(0).getId(), app.getId(), isPortalRequest);
1847 transaction.commit();
1848 if (EcompPortalUtils.checkIfRemoteCentralAccessAllowed()) {
1849 // Final call to delete role once all dependencies has been
1851 deleteRoleInExternalAuthSystem(epRoleList, app);
1853 dataAccessService.deleteDomainObjects(EPRole.class, " role_id = " + epRoleList.get(0).getId(), null);
1854 logger.debug(EELFLoggerDelegate.debugLogger, "deleteDependencyRoleRecord: committed the transaction");
1856 } catch (HttpClientErrorException e) {
1857 logger.error(EELFLoggerDelegate.errorLogger, "deleteDependencyRoleRecord: HttpClientErrorException", e);
1858 EPLogUtil.logExternalAuthAccessAlarm(logger, e.getStatusCode());
1859 message = e.getMessage();
1860 } catch (Exception e) {
1861 logger.error(EELFLoggerDelegate.errorLogger, "deleteDependencyRoleRecord failed", e);
1862 EcompPortalUtils.rollbackTransaction(transaction,
1863 "deleteDependencyRoleRecord rollback, exception = " + e.toString());
1864 message = e.getMessage();
1866 localSession.close();
1868 return new ExternalRequestFieldsValidator(response, message);
1872 @SuppressWarnings("unchecked")
1874 public void syncRoleFunctionFromExternalAccessSystem(EPApp app) {
1876 // get Permissions from External Auth System
1877 JSONArray extPerms = getExtAuthPermissions(app);
1878 List<ExternalAccessPermsDetail> permsDetailList = getExtAuthPerrmissonList(app, extPerms);
1879 // get functions in DB
1880 final Map<String, Long> params = new HashMap<>();
1881 final Map<String, CentralV2RoleFunction> roleFuncMap = new HashMap<>();
1882 params.put(APP_ID, app.getId());
1883 List<CentralV2RoleFunction> appFunctions = dataAccessService.executeNamedQuery("getAllRoleFunctions",
1885 if (!appFunctions.isEmpty()) {
1886 for (CentralV2RoleFunction roleFunc : appFunctions) {
1887 roleFuncMap.put(roleFunc.getCode(), roleFunc);
1890 // get Roles for portal in DB
1891 List<EPRole> portalRoleList = getGlobalRolesOfPortal();
1892 final Map<String, EPRole> existingPortalRolesMap = new HashMap<>();
1893 for (EPRole epRole : portalRoleList) {
1894 existingPortalRolesMap.put(epRole.getName().replaceAll(
1895 EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_"), epRole);
1898 final Map<String, EPRole> currentRolesInDB = getAppRoleNamesWithUnderscoreMap(app);
1899 // store External Permissions with Pipe and without Pipe (just
1901 final Map<String, ExternalAccessPermsDetail> extAccessPermsContainsPipeMap = new HashMap<>();
1902 final Map<String, ExternalAccessPermsDetail> extAccessPermsMap = new HashMap<>();
1903 for (ExternalAccessPermsDetail permsDetailInfoWithPipe : permsDetailList) {
1904 extAccessPermsContainsPipeMap.put(permsDetailInfoWithPipe.getInstance(), permsDetailInfoWithPipe);
1905 String finalFunctionCodeVal = EcompPortalUtils.getFunctionCode(permsDetailInfoWithPipe.getInstance());
1906 extAccessPermsMap.put(finalFunctionCodeVal, permsDetailInfoWithPipe);
1908 // Add if new functions and app role functions were added in
1909 // external auth system
1910 for (ExternalAccessPermsDetail permsDetail : permsDetailList) {
1911 String code = permsDetail.getInstance();
1912 CentralV2RoleFunction getFunctionCodeKey = roleFuncMap.get(permsDetail.getInstance());
1913 List<CentralV2RoleFunction> roleFunctionList = addGetLocalFunction(app, roleFuncMap, permsDetail, code,
1914 getFunctionCodeKey);
1915 List<String> roles = permsDetail.getRoles();
1916 if (roles != null) {
1917 // Check if function has any roles and which does not exist
1918 // in External Auth System. If exists delete in local
1919 addRemoveIfFunctionsRolesIsSyncWithExternalAuth(app, currentRolesInDB, roleFunctionList, roles,
1920 existingPortalRolesMap);
1923 // Check if function does exits in External Auth System but exits in
1924 // local then delete function and its dependencies
1925 for (CentralV2RoleFunction roleFunc : appFunctions) {
1927 ExternalAccessPermsDetail getFunctionCodeContainsPipeKey = extAccessPermsContainsPipeMap
1928 .get(roleFunc.getCode());
1929 if (null == getFunctionCodeContainsPipeKey) {
1930 ExternalAccessPermsDetail getFunctionCodeKey = extAccessPermsMap.get(roleFunc.getCode());
1931 if (null == getFunctionCodeKey) {
1932 deleteAppRoleFuncDoesNotExitsInExtSystem(app, roleFunc);
1935 } catch (Exception e) {
1936 logger.error(EELFLoggerDelegate.errorLogger,
1937 "syncRoleFunctionFromExternalAccessSystem: Failed to delete function", e);
1940 logger.debug(EELFLoggerDelegate.debugLogger,
1941 "syncRoleFunctionFromExternalAccessSystem: Finished syncRoleFunctionFromExternalAccessSystem");
1942 } catch (Exception e) {
1943 logger.error(EELFLoggerDelegate.errorLogger,
1944 "syncRoleFunctionFromExternalAccessSystem: Failed syncRoleFunctionFromExternalAccessSystem", e);
1948 @SuppressWarnings("unchecked")
1949 private void addRemoveIfFunctionsRolesIsSyncWithExternalAuth(EPApp app, final Map<String, EPRole> currentRolesInDB,
1950 List<CentralV2RoleFunction> roleFunctionList, List<String> roles,
1951 Map<String, EPRole> existingPortalRolesMap) throws Exception {
1952 if (!roleFunctionList.isEmpty()) {
1953 final Map<String, String> appRoleFuncParams = new HashMap<>();
1954 final Map<String, LocalRole> currentAppRoleFunctionsMap = new HashMap<>();
1955 final Map<String, String> currentRolesInExtSystem = new HashMap<>();
1956 appRoleFuncParams.put("functionCd", roleFunctionList.get(0).getCode());
1957 appRoleFuncParams.put("appId", String.valueOf(app.getId()));
1958 List<LocalRole> localRoleList = dataAccessService.executeNamedQuery("getCurrentAppRoleFunctions",
1959 appRoleFuncParams, null);
1960 for (LocalRole localRole : localRoleList) {
1961 currentAppRoleFunctionsMap.put(localRole.getRolename().replaceAll(
1962 EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_"), localRole);
1964 for (String addRole : roles) {
1965 currentRolesInExtSystem.put(addRole.substring(addRole.indexOf(FUNCTION_PIPE) + 1), addRole);
1967 for (String extAuthrole : roles) {
1968 String roleNameSpace = extAuthrole.substring(0, extAuthrole.indexOf(FUNCTION_PIPE));
1969 boolean isNameSpaceMatching = EcompPortalUtils.checkNameSpaceMatching(roleNameSpace,
1970 app.getNameSpace());
1971 if (isNameSpaceMatching) {
1972 if (!currentAppRoleFunctionsMap
1973 .containsKey(extAuthrole.substring(app.getNameSpace().length() + 1))) {
1974 EPRole localAddFuntionRole = currentRolesInDB
1975 .get(extAuthrole.substring(app.getNameSpace().length() + 1));
1976 if (localAddFuntionRole == null) {
1977 checkAndAddRoleInDB(app, currentRolesInDB, roleFunctionList, extAuthrole);
1979 EPAppRoleFunction addAppRoleFunc = new EPAppRoleFunction();
1980 addAppRoleFunc.setAppId(app.getId());
1981 addAppRoleFunc.setCode(roleFunctionList.get(0).getCode());
1982 addAppRoleFunc.setRoleId(localAddFuntionRole.getId());
1983 dataAccessService.saveDomainObject(addAppRoleFunc, null);
1986 // This block is to save global role function if exists
1988 String extAuthAppRoleName = extAuthrole.substring(extAuthrole.indexOf(FUNCTION_PIPE) + 1);
1989 boolean checkIfGlobalRoleExists = existingPortalRolesMap.containsKey(extAuthAppRoleName);
1990 if (checkIfGlobalRoleExists) {
1991 final Map<String, Long> params = new HashMap<>();
1992 EPRole role = existingPortalRolesMap.get(extAuthAppRoleName);
1993 EPAppRoleFunction addGlobalRoleFunctions = new EPAppRoleFunction();
1994 params.put("appId", app.getId());
1995 params.put("roleId", role.getId());
1996 List<EPAppRoleFunction> currentGlobalRoleFunctionsList = dataAccessService
1997 .executeNamedQuery("getAppRoleFunctionOnRoleIdandAppId", params, null);
1998 boolean checkIfRoleFunctionExists = currentGlobalRoleFunctionsList.stream()
1999 .anyMatch(currentGlobalRoleFunction -> currentGlobalRoleFunction.getCode()
2000 .equals(roleFunctionList.get(0).getCode()));
2001 if (role != null && !checkIfRoleFunctionExists) {
2002 addGlobalRoleFunctions.setAppId(app.getId());
2003 addGlobalRoleFunctions.setRoleId(role.getId());
2004 if (!app.getId().equals(role.getAppRoleId())) {
2005 addGlobalRoleFunctions.setRoleAppId((PortalConstants.PORTAL_APP_ID).toString());
2007 addGlobalRoleFunctions.setRoleAppId(null);
2009 addGlobalRoleFunctions.setCode(roleFunctionList.get(0).getCode());
2010 dataAccessService.saveDomainObject(addGlobalRoleFunctions, null);
2015 for (LocalRole localRoleDelete : localRoleList) {
2016 if (!currentRolesInExtSystem.containsKey(localRoleDelete.getRolename()
2017 .replaceAll(EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_"))) {
2018 dataAccessService.deleteDomainObjects(EPAppRoleFunction.class,
2019 APP_ID_EQUALS + app.getId() + AND_FUNCTION_CD_EQUALS + roleFunctionList.get(0).getCode()
2020 + "'" + " and role_id = " + localRoleDelete.getRoleId().longValue(),
2027 private void deleteAppRoleFuncDoesNotExitsInExtSystem(EPApp app, CentralV2RoleFunction roleFunc) {
2028 logger.debug(EELFLoggerDelegate.debugLogger,
2029 "syncRoleFunctionFromExternalAccessSystem: Deleting app role function {}", roleFunc.getCode());
2030 dataAccessService.deleteDomainObjects(EPAppRoleFunction.class,
2031 APP_ID_EQUALS + app.getId() + AND_FUNCTION_CD_EQUALS + roleFunc.getCode() + "'", null);
2032 logger.debug(EELFLoggerDelegate.debugLogger,
2033 "syncRoleFunctionFromExternalAccessSystem: Deleted app role function {}", roleFunc.getCode());
2034 logger.debug(EELFLoggerDelegate.debugLogger,
2035 "syncRoleFunctionFromExternalAccessSystem: Deleting app function {}", roleFunc.getCode());
2036 dataAccessService.deleteDomainObjects(CentralV2RoleFunction.class,
2037 APP_ID_EQUALS + app.getId() + AND_FUNCTION_CD_EQUALS + roleFunc.getCode() + "'", null);
2038 logger.debug(EELFLoggerDelegate.debugLogger,
2039 "syncRoleFunctionFromExternalAccessSystem: Deleted app function {}", roleFunc.getCode());
2042 private void checkAndAddRoleInDB(EPApp app, final Map<String, EPRole> currentRolesInDB,
2043 List<CentralV2RoleFunction> roleFunctionList, String roleList) throws Exception {
2044 if (!currentRolesInDB.containsKey(roleList.substring(app.getNameSpace().length() + 1))) {
2045 Role role = addRoleInDBIfDoesNotExists(app, roleList.substring(app.getNameSpace().length() + 1));
2046 addRoleDescriptionInExtSystem(role, app);
2047 if (!roleFunctionList.isEmpty()) {
2049 if (!roleFunctionList.isEmpty()) {
2050 EPAppRoleFunction addAppRoleFunc = new EPAppRoleFunction();
2051 addAppRoleFunc.setAppId(app.getId());
2052 addAppRoleFunc.setCode(roleFunctionList.get(0).getCode());
2053 addAppRoleFunc.setRoleId(role.getId());
2054 dataAccessService.saveDomainObject(addAppRoleFunc, null);
2056 } catch (Exception e) {
2057 logger.error(EELFLoggerDelegate.errorLogger,
2058 "syncRoleFunctionFromExternalAccessSystem: Failed to save app role function ", e);
2064 @SuppressWarnings("unchecked")
2065 private List<CentralV2RoleFunction> addGetLocalFunction(EPApp app,
2066 final Map<String, CentralV2RoleFunction> roleFuncMap, ExternalAccessPermsDetail permsDetail, String code,
2067 CentralV2RoleFunction getFunctionCodeKey) {
2068 String finalFunctionCodeVal = addToLocalIfFunctionNotExists(app, roleFuncMap, permsDetail, code,
2069 getFunctionCodeKey);
2070 final Map<String, String> appSyncFuncsParams = new HashMap<>();
2071 appSyncFuncsParams.put("appId", String.valueOf(app.getId()));
2072 appSyncFuncsParams.put("functionCd", finalFunctionCodeVal);
2073 List<CentralV2RoleFunction> roleFunctionList = null;
2074 roleFunctionList = dataAccessService.executeNamedQuery("getAppFunctionOnCodeAndAppId", appSyncFuncsParams,
2076 if (roleFunctionList.isEmpty()) {
2077 appSyncFuncsParams.put("functionCd", code);
2078 roleFunctionList = dataAccessService.executeNamedQuery("getAppFunctionOnCodeAndAppId", appSyncFuncsParams,
2081 return roleFunctionList;
2084 private String addToLocalIfFunctionNotExists(EPApp app, final Map<String, CentralV2RoleFunction> roleFuncMap,
2085 ExternalAccessPermsDetail permsDetail, String code, CentralV2RoleFunction getFunctionCodeKey) {
2086 String finalFunctionCodeVal = "";
2087 if (null == getFunctionCodeKey) {
2088 finalFunctionCodeVal = EcompPortalUtils.getFunctionCode(permsDetail.getInstance());
2089 CentralV2RoleFunction checkIfCodeStillExits = roleFuncMap.get(finalFunctionCodeVal);
2090 // If function does not exist in local then add!
2091 if (null == checkIfCodeStillExits) {
2092 logger.debug(EELFLoggerDelegate.debugLogger,
2093 "syncRoleFunctionFromExternalAccessSystem: Adding function: {} ", code);
2094 addFunctionInEcompDB(app, permsDetail, code);
2095 logger.debug(EELFLoggerDelegate.debugLogger,
2096 "syncRoleFunctionFromExternalAccessSystem: Finished adding function: {} ", code);
2099 return finalFunctionCodeVal;
2102 @SuppressWarnings("unchecked")
2104 public Map<String, EPRole> getAppRoleNamesWithUnderscoreMap(EPApp app) {
2105 final Map<String, EPRole> currentRolesInDB = new HashMap<>();
2106 List<EPRole> getCurrentRoleList = null;
2107 final Map<String, Long> appParams = new HashMap<>();
2108 if (app.getId().equals(PortalConstants.PORTAL_APP_ID)) {
2109 getCurrentRoleList = dataAccessService.executeNamedQuery("getPortalAppRolesList", null, null);
2111 appParams.put("appId", app.getId());
2112 getCurrentRoleList = dataAccessService.executeNamedQuery("getPartnerAppRolesList", appParams, null);
2114 for (EPRole role : getCurrentRoleList) {
2115 currentRolesInDB.put(role.getName()
2116 .replaceAll(EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_"), role);
2118 return currentRolesInDB;
2121 @SuppressWarnings("unchecked")
2122 private Map<String, EPRole> getAppRoleNamesMap(EPApp app) {
2123 final Map<String, EPRole> currentRolesInDB = new HashMap<>();
2124 List<EPRole> getCurrentRoleList = null;
2125 final Map<String, Long> appParams = new HashMap<>();
2126 if (app.getId().equals(PortalConstants.PORTAL_APP_ID)) {
2127 getCurrentRoleList = dataAccessService.executeNamedQuery("getPortalAppRolesList", null, null);
2129 appParams.put("appId", app.getId());
2130 getCurrentRoleList = dataAccessService.executeNamedQuery("getPartnerAppRolesList", appParams, null);
2132 for (EPRole role : getCurrentRoleList) {
2133 currentRolesInDB.put(role.getName(), role);
2135 return currentRolesInDB;
2138 private List<ExternalAccessPermsDetail> getExtAuthPerrmissonList(EPApp app, JSONArray extPerms) throws IOException {
2139 ExternalAccessPermsDetail permDetails = null;
2140 List<ExternalAccessPermsDetail> permsDetailList = new ArrayList<>();
2141 for (int i = 0; i < extPerms.length(); i++) {
2142 String description = null;
2143 if (extPerms.getJSONObject(i).has("description")) {
2144 description = extPerms.getJSONObject(i).getString(EXTERNAL_AUTH_ROLE_DESCRIPTION);
2146 description = extPerms.getJSONObject(i).getString("type").substring(app.getNameSpace().length() + 1) + "|"
2147 + extPerms.getJSONObject(i).getString("instance") + "|"
2148 + extPerms.getJSONObject(i).getString("action");
2150 if (extPerms.getJSONObject(i).has("roles")) {
2151 ObjectMapper rolesListMapper = new ObjectMapper();
2152 JSONArray resRoles = extPerms.getJSONObject(i).getJSONArray("roles");
2153 List<String> list = rolesListMapper.readValue(resRoles.toString(),
2154 TypeFactory.defaultInstance().constructCollectionType(List.class, String.class));
2155 permDetails = new ExternalAccessPermsDetail(extPerms.getJSONObject(i).getString("type"),
2156 extPerms.getJSONObject(i).getString("type").substring(app.getNameSpace().length() + 1)
2157 + FUNCTION_PIPE + extPerms.getJSONObject(i).getString("instance") + FUNCTION_PIPE
2158 + extPerms.getJSONObject(i).getString("action"),
2159 extPerms.getJSONObject(i).getString("action"), list, description);
2160 permsDetailList.add(permDetails);
2162 permDetails = new ExternalAccessPermsDetail(extPerms.getJSONObject(i).getString("type"),
2163 extPerms.getJSONObject(i).getString("type").substring(app.getNameSpace().length() + 1)
2164 + FUNCTION_PIPE + extPerms.getJSONObject(i).getString("instance") + FUNCTION_PIPE
2165 + extPerms.getJSONObject(i).getString("action"),
2166 extPerms.getJSONObject(i).getString("action"), description);
2167 permsDetailList.add(permDetails);
2170 return permsDetailList;
2173 private JSONArray getExtAuthPermissions(EPApp app) throws Exception {
2174 ResponseEntity<String> response = null;
2175 HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth();
2176 HttpEntity<String> entity = new HttpEntity<>(headers);
2177 logger.debug(EELFLoggerDelegate.debugLogger, "syncRoleFunctionFromExternalAccessSystem: {} ",
2178 CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE);
2179 response = template.exchange(SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL)
2180 + "perms/ns/" + app.getNameSpace(), HttpMethod.GET, entity, String.class);
2181 String res = response.getBody();
2182 logger.debug(EELFLoggerDelegate.debugLogger,
2183 "syncRoleFunctionFromExternalAccessSystem: Finished GET permissions from External Auth system and response: {} ",
2184 response.getBody());
2185 JSONObject jsonObj = new JSONObject(res);
2186 JSONArray extPerms = jsonObj.getJSONArray("perm");
2187 for (int i = 0; i < extPerms.length(); i++) {
2188 if (extPerms.getJSONObject(i).getString("type").equals(app.getNameSpace() + ".access")) {
2198 * Add function into local DB
2201 * @param permsDetail
2204 private void addFunctionInEcompDB(EPApp app, ExternalAccessPermsDetail permsDetail, String code) {
2206 CentralV2RoleFunction addFunction = new CentralV2RoleFunction();
2207 addFunction.setAppId(app.getId());
2208 addFunction.setCode(code);
2209 addFunction.setName(permsDetail.getDescription());
2210 dataAccessService.saveDomainObject(addFunction, null);
2211 } catch (Exception e) {
2212 logger.error(EELFLoggerDelegate.errorLogger, "addFunctionInEcompDB: Failed to add function", e);
2218 * It updates description of a role in external auth system
2224 private boolean addRoleDescriptionInExtSystem(Role role, EPApp app) throws Exception {
2225 boolean status = false;
2227 String addRoleNew = updateExistingRoleInExternalSystem(role, app);
2228 HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth();
2229 HttpEntity<String> entity = new HttpEntity<>(addRoleNew, headers);
2231 SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "role",
2232 HttpMethod.PUT, entity, String.class);
2234 } catch (HttpClientErrorException e) {
2235 logger.error(EELFLoggerDelegate.errorLogger,
2236 "HttpClientErrorException - Failed to addRoleDescriptionInExtSystem", e);
2237 EPLogUtil.logExternalAuthAccessAlarm(logger, e.getStatusCode());
2238 } catch (Exception e) {
2239 logger.error(EELFLoggerDelegate.errorLogger, "addRoleDescriptionInExtSystem: Failed", e);
2246 * While sync functions form external auth system if new role found we should
2247 * add in local and return Role.class object
2253 @SuppressWarnings("unchecked")
2254 private Role addRoleInDBIfDoesNotExists(EPApp app, String role) {
2255 Role setNewRole = new Role();
2257 // functions can have new role created in External Auth System
2260 boolean isCreated = checkIfRoleExitsElseCreateInSyncFunctions(role, app);
2261 final Map<String, String> getRoleByNameParams = new HashMap<>();
2262 List<EPRole> getRoleCreated = null;
2263 getRoleByNameParams.put(APP_ROLE_NAME_PARAM, role);
2264 if (!app.getId().equals(PortalConstants.PORTAL_APP_ID)) {
2265 getRoleByNameParams.put("appId", String.valueOf(app.getId()));
2266 List<EPRole> roleCreated = dataAccessService
2267 .executeNamedQuery(GET_ROLE_TO_UPDATE_IN_EXTERNAL_AUTH_SYSTEM, getRoleByNameParams, null);
2269 EPRole epUpdateRole = roleCreated.get(0);
2270 epUpdateRole.setAppRoleId(epUpdateRole.getId());
2271 dataAccessService.saveDomainObject(epUpdateRole, null);
2272 getRoleCreated = dataAccessService.executeNamedQuery(GET_ROLE_TO_UPDATE_IN_EXTERNAL_AUTH_SYSTEM,
2273 getRoleByNameParams, null);
2275 getRoleCreated = roleCreated;
2278 getRoleCreated = dataAccessService.executeNamedQuery(GET_PORTAL_APP_ROLES_QUERY, getRoleByNameParams,
2281 if (getRoleCreated != null && !getRoleCreated.isEmpty()) {
2282 EPRole roleObject = getRoleCreated.get(0);
2283 setNewRole.setId(roleObject.getId());
2284 setNewRole.setName(roleObject.getName());
2285 setNewRole.setActive(roleObject.getActive());
2286 setNewRole.setPriority(roleObject.getPriority());
2288 } catch (Exception e) {
2289 logger.error(EELFLoggerDelegate.errorLogger, "addRoleInDBIfDoesNotExists: Failed", e);
2294 @SuppressWarnings("unchecked")
2295 private boolean checkIfRoleExitsElseCreateInSyncFunctions(String role, EPApp app) {
2296 boolean isCreated = false;
2297 final Map<String, String> roleParams = new HashMap<>();
2298 roleParams.put(APP_ROLE_NAME_PARAM, role);
2299 List<EPRole> roleCreated = null;
2300 if (app.getId().equals(PortalConstants.PORTAL_APP_ID)) {
2301 roleCreated = dataAccessService.executeNamedQuery(GET_PORTAL_APP_ROLES_QUERY, roleParams, null);
2303 roleParams.put("appId", String.valueOf(app.getId()));
2304 roleCreated = dataAccessService.executeNamedQuery(GET_ROLE_TO_UPDATE_IN_EXTERNAL_AUTH_SYSTEM, roleParams,
2307 if (roleCreated == null || roleCreated.isEmpty()) {
2308 roleParams.put("appId", String.valueOf(app.getId()));
2309 EPRole epRoleNew = new EPRole();
2310 epRoleNew.setActive(true);
2311 epRoleNew.setName(role);
2312 if (app.getId().equals(PortalConstants.PORTAL_APP_ID)) {
2313 epRoleNew.setAppId(null);
2315 epRoleNew.setAppId(app.getId());
2317 dataAccessService.saveDomainObject(epRoleNew, null);
2326 @SuppressWarnings("unchecked")
2327 public Integer bulkUploadFunctions(String uebkey) throws Exception {
2328 EPApp app = getApp(uebkey).get(0);
2329 List<RoleFunction> roleFuncList = dataAccessService.executeNamedQuery("getAllFunctions", null, null);
2330 CentralV2RoleFunction cenRoleFunc = null;
2331 Integer functionsAdded = 0;
2333 for (RoleFunction roleFunc : roleFuncList) {
2334 cenRoleFunc = new CentralV2RoleFunction(roleFunc.getCode(), roleFunc.getName());
2335 addRoleFunctionInExternalSystem(cenRoleFunc, app);
2338 } catch (HttpClientErrorException e) {
2339 logger.error(EELFLoggerDelegate.errorLogger, "HttpClientErrorException - bulkUploadFunctions failed", e);
2340 EPLogUtil.logExternalAuthAccessAlarm(logger, e.getStatusCode());
2341 } catch (Exception e) {
2342 logger.error(EELFLoggerDelegate.errorLogger, "bulkUploadFunctions: failed", e.getMessage(), e);
2344 return functionsAdded;
2348 public Integer bulkUploadRoles(String uebkey) throws Exception {
2349 List<EPApp> app = getApp(uebkey);
2350 List<EPRole> roles = getAppRoles(app.get(0).getId());
2351 List<CentralV2Role> cenRoleList = new ArrayList<>();
2352 final Map<String, Long> params = new HashMap<>();
2353 Integer rolesListAdded = 0;
2355 cenRoleList = createCentralRoleObject(app, roles, cenRoleList, params);
2356 ObjectMapper mapper = new ObjectMapper();
2357 mapper.configure(DeserializationFeature.FAIL_ON_IGNORED_PROPERTIES, false);
2358 String roleList = mapper.writeValueAsString(cenRoleList);
2359 List<Role> roleObjectList = mapper.readValue(roleList,
2360 TypeFactory.defaultInstance().constructCollectionType(List.class, Role.class));
2361 for (Role role : roleObjectList) {
2362 addRoleInExternalSystem(role, app.get(0));
2365 if (!app.get(0).getId().equals(PortalConstants.PORTAL_APP_ID)) {
2366 // Add Account Admin role in External AUTH System
2368 String addAccountAdminRole = "";
2369 ExternalAccessRole extRole = new ExternalAccessRole();
2370 extRole.setName(app.get(0).getNameSpace() + "." + PortalConstants.ADMIN_ROLE
2371 .replaceAll(EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_"));
2372 addAccountAdminRole = mapper.writeValueAsString(extRole);
2373 HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth();
2374 HttpEntity<String> entity = new HttpEntity<>(addAccountAdminRole, headers);
2376 SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "role",
2377 HttpMethod.POST, entity, String.class);
2379 } catch (HttpClientErrorException e) {
2380 logger.error(EELFLoggerDelegate.errorLogger,
2381 "HttpClientErrorException - Failed to create Account Admin role", e);
2382 EPLogUtil.logExternalAuthAccessAlarm(logger, e.getStatusCode());
2383 } catch (Exception e) {
2384 if (e.getMessage().equalsIgnoreCase("409 Conflict")) {
2385 logger.error(EELFLoggerDelegate.errorLogger,
2386 "bulkUploadRoles: Account Admin Role already exits but does not break functionality",
2389 logger.error(EELFLoggerDelegate.errorLogger,
2390 "bulkUploadRoles: Failed to create Account Admin role", e.getMessage());
2394 } catch (Exception e) {
2395 logger.error(EELFLoggerDelegate.errorLogger, "bulkUploadRoles: failed", e);
2398 return rolesListAdded;
2402 * It creating new role in external auth system while doing bulk upload
2408 private void addRoleInExternalSystem(Role role, EPApp app) throws Exception {
2409 String addRoleNew = updateExistingRoleInExternalSystem(role, app);
2410 HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth();
2412 HttpEntity<String> entity = new HttpEntity<>(addRoleNew, headers);
2414 SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "role",
2415 HttpMethod.POST, entity, String.class);
2416 } catch (HttpClientErrorException e) {
2417 logger.error(EELFLoggerDelegate.errorLogger, "HttpClientErrorException - Failed to addRoleInExternalSystem",
2419 EPLogUtil.logExternalAuthAccessAlarm(logger, e.getStatusCode());
2420 } catch (Exception e) {
2421 if (e.getMessage().equalsIgnoreCase("409 Conflict")) {
2422 logger.error(EELFLoggerDelegate.errorLogger,
2423 "addRoleInExternalSystem: Role already exits but does not break functionality", e);
2425 logger.error(EELFLoggerDelegate.errorLogger,
2426 "addRoleInExternalSystem: Failed to addRoleInExternalSystem", e.getMessage());
2432 @SuppressWarnings("unchecked")
2433 public Integer bulkUploadRolesFunctions(String uebkey) throws Exception {
2434 EPApp app = getApp(uebkey).get(0);
2435 List<EPRole> roles = getAppRoles(app.getId());
2436 final Map<String, Long> params = new HashMap<>();
2437 Integer roleFunctions = 0;
2439 for (EPRole role : roles) {
2440 params.put("roleId", role.getId());
2441 List<BulkUploadRoleFunction> appRoleFunc = dataAccessService.executeNamedQuery("uploadAllRoleFunctions",
2443 if (!appRoleFunc.isEmpty()) {
2444 for (BulkUploadRoleFunction addRoleFunc : appRoleFunc) {
2445 addRoleFunctionsInExternalSystem(addRoleFunc, role, app);
2450 } catch (HttpClientErrorException e) {
2451 logger.error(EELFLoggerDelegate.errorLogger,
2452 "HttpClientErrorException - Failed to bulkUploadRolesFunctions", e);
2453 EPLogUtil.logExternalAuthAccessAlarm(logger, e.getStatusCode());
2454 } catch (Exception e) {
2455 logger.error(EELFLoggerDelegate.errorLogger, "bulkUploadRolesFunctions: failed", e);
2457 return roleFunctions;
2461 * Its adding a role function while doing bulk upload
2463 * @param addRoleFunc
2467 private void addRoleFunctionsInExternalSystem(BulkUploadRoleFunction addRoleFunc, EPRole role, EPApp app) {
2469 String instance = "";
2471 if (addRoleFunc.getFunctionCd().contains(FUNCTION_PIPE)) {
2472 type = EcompPortalUtils.getFunctionType(addRoleFunc.getFunctionCd());
2473 instance = EcompPortalUtils.getFunctionCode(addRoleFunc.getFunctionCd());
2474 action = EcompPortalUtils.getFunctionAction(addRoleFunc.getFunctionCd());
2476 type = addRoleFunc.getFunctionCd().contains("menu") ? "menu" : "url";
2477 instance = addRoleFunc.getFunctionCd();
2480 ExternalAccessRolePerms extRolePerms = null;
2481 ExternalAccessPerms extPerms = null;
2482 ObjectMapper mapper = new ObjectMapper();
2484 HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth();
2485 extPerms = new ExternalAccessPerms(app.getNameSpace() + "." + type, instance, action,
2486 addRoleFunc.getFunctionName());
2487 extRolePerms = new ExternalAccessRolePerms(extPerms, app.getNameSpace() + "." + role.getName()
2488 .replaceAll(EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_"));
2489 String updateRolePerms = mapper.writeValueAsString(extRolePerms);
2490 HttpEntity<String> entity = new HttpEntity<>(updateRolePerms, headers);
2492 SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "role/perm",
2493 HttpMethod.POST, entity, String.class);
2494 } catch (Exception e) {
2495 if (e.getMessage().equalsIgnoreCase("409 Conflict")) {
2496 logger.error(EELFLoggerDelegate.errorLogger,
2497 "addRoleFunctionsInExternalSystem: RoleFunction already exits but does not break functionality",
2500 logger.error(EELFLoggerDelegate.errorLogger,
2501 "addRoleFunctionsInExternalSystem: Failed to addRoleFunctionsInExternalSystem", e.getMessage());
2506 @SuppressWarnings("unchecked")
2508 public Integer bulkUploadPartnerFunctions(String uebkey) throws Exception {
2509 EPApp app = getApp(uebkey).get(0);
2510 final Map<String, Long> params = new HashMap<>();
2511 params.put("appId", app.getId());
2512 List<CentralV2RoleFunction> roleFuncList = dataAccessService.executeNamedQuery("getPartnerAppFunctions", params,
2514 Integer functionsAdded = 0;
2516 for (CentralV2RoleFunction roleFunc : roleFuncList) {
2517 addFunctionInExternalSystem(roleFunc, app);
2520 } catch (HttpClientErrorException e) {
2521 logger.error(EELFLoggerDelegate.errorLogger, "HttpClientErrorException - bulkUploadPartnerFunctions failed",
2523 EPLogUtil.logExternalAuthAccessAlarm(logger, e.getStatusCode());
2524 } catch (Exception e) {
2525 logger.error(EELFLoggerDelegate.errorLogger, "bulkUploadPartnerFunctions: failed", e.getMessage(), e);
2527 return functionsAdded;
2530 private void addFunctionInExternalSystem(CentralV2RoleFunction roleFunc, EPApp app) throws Exception {
2531 ObjectMapper mapper = new ObjectMapper();
2532 ExternalAccessPerms extPerms = new ExternalAccessPerms();
2533 HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth();
2535 String instance = "";
2537 if ((roleFunc.getCode().contains(FUNCTION_PIPE))
2538 || (roleFunc.getType() != null && roleFunc.getAction() != null)) {
2539 type = EcompPortalUtils.getFunctionType(roleFunc.getCode());
2540 instance = EcompPortalUtils.getFunctionCode(roleFunc.getCode());
2541 action = EcompPortalUtils.getFunctionAction(roleFunc.getCode());
2543 type = roleFunc.getCode().contains("menu") ? "menu" : "url";
2544 instance = roleFunc.getCode();
2548 extPerms.setAction(action);
2549 extPerms.setInstance(instance);
2550 extPerms.setType(app.getNameSpace() + "." + type);
2551 extPerms.setDescription(roleFunc.getName());
2552 String addFunction = mapper.writeValueAsString(extPerms);
2553 HttpEntity<String> entity = new HttpEntity<>(addFunction, headers);
2554 logger.debug(EELFLoggerDelegate.debugLogger, "addFunctionInExternalSystem: {} for POST: {}",
2555 CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE, addFunction);
2556 ResponseEntity<String> addPermResponse = template.exchange(
2557 SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "perm",
2558 HttpMethod.POST, entity, String.class);
2559 logger.debug(EELFLoggerDelegate.debugLogger,
2560 "addFunctionInExternalSystem: Finished adding permission for POST: {} and status code: {} ",
2561 addPermResponse.getStatusCode().value(), addFunction);
2562 } catch (HttpClientErrorException e) {
2563 logger.error(EELFLoggerDelegate.errorLogger,
2564 "HttpClientErrorException - Failed to add function in external central auth system", e);
2565 EPLogUtil.logExternalAuthAccessAlarm(logger, e.getStatusCode());
2567 } catch (Exception e) {
2568 logger.error(EELFLoggerDelegate.errorLogger,
2569 "addFunctionInExternalSystem: Failed to add fucntion in external central auth system", e);
2575 public void bulkUploadPartnerRoles(String uebkey, List<Role> roleList) throws Exception {
2576 EPApp app = getApp(uebkey).get(0);
2577 for (Role role : roleList) {
2578 addRoleInExternalSystem(role, app);
2582 @SuppressWarnings("unchecked")
2584 public Integer bulkUploadPartnerRoleFunctions(String uebkey) throws Exception {
2585 EPApp app = getApp(uebkey).get(0);
2586 List<EPRole> roles = getAppRoles(app.getId());
2587 final Map<String, Long> params = new HashMap<>();
2588 Integer roleFunctions = 0;
2590 for (EPRole role : roles) {
2591 params.put("roleId", role.getId());
2592 List<BulkUploadRoleFunction> appRoleFunc = dataAccessService
2593 .executeNamedQuery("uploadPartnerRoleFunctions", params, null);
2594 if (!appRoleFunc.isEmpty()) {
2595 for (BulkUploadRoleFunction addRoleFunc : appRoleFunc) {
2596 addRoleFunctionsInExternalSystem(addRoleFunc, role, app);
2601 // upload global role functions to ext auth system
2602 if (!app.getId().equals(PortalConstants.PORTAL_APP_ID)) {
2603 roleFunctions = bulkUploadGlobalRoleFunctions(app, roleFunctions);
2605 } catch (HttpClientErrorException e) {
2606 logger.error(EELFLoggerDelegate.errorLogger,
2607 "HttpClientErrorException - Failed to bulkUploadRolesFunctions", e);
2608 EPLogUtil.logExternalAuthAccessAlarm(logger, e.getStatusCode());
2609 } catch (Exception e) {
2610 logger.error(EELFLoggerDelegate.errorLogger, "bulkUploadRolesFunctions: failed", e);
2612 return roleFunctions;
2615 @SuppressWarnings("unchecked")
2616 private Integer bulkUploadGlobalRoleFunctions(EPApp app, Integer roleFunctions) throws Exception {
2618 EPApp portalApp = epAppService.getApp(1l);
2619 final Map<String, Long> params = new HashMap<>();
2620 params.put("appId", app.getId());
2621 List<GlobalRoleWithApplicationRoleFunction> globalRoleFuncs = dataAccessService
2622 .executeNamedQuery("getBulkUploadPartnerGlobalRoleFunctions", params, null);
2623 ObjectMapper mapper = new ObjectMapper();
2624 HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth();
2625 for (GlobalRoleWithApplicationRoleFunction globalRoleFunc : globalRoleFuncs) {
2626 ExternalAccessRolePerms extRolePerms;
2627 ExternalAccessPerms extPerms;
2629 String instance = "";
2631 if (globalRoleFunc.getFunctionCd().contains(FUNCTION_PIPE)) {
2632 type = EcompPortalUtils.getFunctionType(globalRoleFunc.getFunctionCd());
2633 instance = EcompPortalUtils.getFunctionCode(globalRoleFunc.getFunctionCd());
2634 action = EcompPortalUtils.getFunctionAction(globalRoleFunc.getFunctionCd());
2636 type = globalRoleFunc.getFunctionCd().contains("menu") ? "menu" : "url";
2637 instance = globalRoleFunc.getFunctionCd();
2640 extPerms = new ExternalAccessPerms(app.getNameSpace() + "." + type, instance, action);
2641 extRolePerms = new ExternalAccessRolePerms(extPerms,
2642 portalApp.getNameSpace() + "." + globalRoleFunc.getRoleName().replaceAll(
2643 EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_"));
2644 String updateRolePerms = mapper.writeValueAsString(extRolePerms);
2645 HttpEntity<String> entity = new HttpEntity<>(updateRolePerms, headers);
2646 updateRoleFunctionInExternalSystem(updateRolePerms, entity);
2649 } catch (HttpClientErrorException e) {
2650 logger.error(EELFLoggerDelegate.errorLogger,
2651 "HttpClientErrorException - Failed to add role function in external central auth system", e);
2652 EPLogUtil.logExternalAuthAccessAlarm(logger, e.getStatusCode());
2654 } catch (Exception e) {
2655 logger.error(EELFLoggerDelegate.errorLogger,
2656 "bulkUploadGlobalRoleFunctions: Failed to add role fucntion in external central auth system", e);
2659 return roleFunctions;
2664 public void syncApplicationRolesWithEcompDB(EPApp app) {
2666 logger.debug(EELFLoggerDelegate.debugLogger, "syncRoleFunctionFromExternalAccessSystem: Started");
2667 // Sync functions and roles assigned to it which also creates new roles if does
2668 // not exits in portal
2669 syncRoleFunctionFromExternalAccessSystem(app);
2670 logger.debug(EELFLoggerDelegate.debugLogger, "syncRoleFunctionFromExternalAccessSystem: Finished");
2671 ObjectMapper mapper = new ObjectMapper();
2672 logger.debug(EELFLoggerDelegate.debugLogger, "Entering to getAppRolesJSONFromExtAuthSystem");
2673 // Get Permissions from External Auth System
2674 JSONArray extRole = getAppRolesJSONFromExtAuthSystem(app);
2675 logger.debug(EELFLoggerDelegate.debugLogger, "Entering into getExternalRoleDetailsList");
2677 List<ExternalRoleDetails> externalRoleDetailsList = getExternalRoleDetailsList(app, mapper, extRole);
2678 List<EPRole> finalRoleList = new ArrayList<>();
2679 for (ExternalRoleDetails externalRole : externalRoleDetailsList) {
2680 EPRole ecompRole = convertExternalRoleDetailstoEpRole(externalRole);
2681 finalRoleList.add(ecompRole);
2683 List<EPRole> applicationRolesList;
2684 applicationRolesList = getAppRoles(app.getId());
2685 List<String> applicationRoleIdList = new ArrayList<>();
2686 for (EPRole applicationRole : applicationRolesList) {
2687 applicationRoleIdList.add(applicationRole.getName());
2689 List<EPRole> roleListToBeAddInEcompDB = new ArrayList<>();
2690 for (EPRole aafRole : finalRoleList) {
2691 if (!applicationRoleIdList.contains(aafRole.getName())) {
2692 roleListToBeAddInEcompDB.add(aafRole);
2695 logger.debug(EELFLoggerDelegate.debugLogger, "Entering into inactiveRolesNotInExternalAuthSystem");
2696 // Check if roles exits in external Access system and if not make inactive in DB
2697 inactiveRolesNotInExternalAuthSystem(app, finalRoleList, applicationRolesList);
2698 logger.debug(EELFLoggerDelegate.debugLogger, "Entering into addNewRoleInEcompDBUpdateDescInExtAuthSystem");
2699 // Add new roles in DB and updates role description in External Auth System
2700 addNewRoleInEcompDBUpdateDescInExtAuthSystem(app, roleListToBeAddInEcompDB);
2701 logger.debug(EELFLoggerDelegate.debugLogger, "syncApplicationRolesWithEcompDB: Finished");
2702 } catch (HttpClientErrorException e) {
2703 logger.error(EELFLoggerDelegate.errorLogger,
2704 "syncApplicationRolesWithEcompDB: Failed due to the External Auth System", e);
2705 EPLogUtil.logExternalAuthAccessAlarm(logger, e.getStatusCode());
2706 } catch (Exception e) {
2707 logger.error(EELFLoggerDelegate.errorLogger, "syncApplicationRolesWithEcompDB: Failed ", e);
2713 * It adds new roles in DB and updates description in External Auth System
2716 * @param roleListToBeAddInEcompDB
2718 @SuppressWarnings("unchecked")
2719 private void addNewRoleInEcompDBUpdateDescInExtAuthSystem(EPApp app, List<EPRole> roleListToBeAddInEcompDB) {
2720 EPRole roleToBeAddedInEcompDB;
2721 for (int i = 0; i < roleListToBeAddInEcompDB.size(); i++) {
2723 roleToBeAddedInEcompDB = roleListToBeAddInEcompDB.get(i);
2724 if (app.getId() == 1) {
2725 roleToBeAddedInEcompDB.setAppRoleId(null);
2727 dataAccessService.saveDomainObject(roleToBeAddedInEcompDB, null);
2728 List<EPRole> getRoleCreatedInSync = null;
2729 if (!app.getId().equals(PortalConstants.PORTAL_APP_ID)) {
2730 final Map<String, String> globalRoleParams = new HashMap<>();
2731 globalRoleParams.put("appId", String.valueOf(app.getId()));
2732 globalRoleParams.put("appRoleName", roleToBeAddedInEcompDB.getName());
2733 getRoleCreatedInSync = dataAccessService
2734 .executeNamedQuery(GET_ROLE_TO_UPDATE_IN_EXTERNAL_AUTH_SYSTEM, globalRoleParams, null);
2735 EPRole epUpdateRole = getRoleCreatedInSync.get(0);
2736 epUpdateRole.setAppRoleId(epUpdateRole.getId());
2737 dataAccessService.saveDomainObject(epUpdateRole, null);
2739 List<EPRole> roleList = new ArrayList<>();
2740 final Map<String, String> params = new HashMap<>();
2741 params.put(APP_ROLE_NAME_PARAM, roleToBeAddedInEcompDB.getName());
2742 boolean isPortalRole = false;
2743 if (app.getId() == 1) {
2744 isPortalRole = true;
2745 roleList = dataAccessService.executeNamedQuery(GET_PORTAL_APP_ROLES_QUERY, params, null);
2747 isPortalRole = false;
2748 params.put(APP_ID, app.getId().toString());
2749 roleList = dataAccessService.executeNamedQuery(GET_ROLE_TO_UPDATE_IN_EXTERNAL_AUTH_SYSTEM, params,
2752 EPRole role = roleList.get(0);
2753 Role aaFrole = new Role();
2754 aaFrole.setId(role.getId());
2755 aaFrole.setActive(role.getActive());
2756 aaFrole.setPriority(role.getPriority());
2757 aaFrole.setName(role.getName());
2758 updateRoleInExternalSystem(aaFrole, app, isPortalRole);
2759 } catch (Exception e) {
2760 logger.error(EELFLoggerDelegate.errorLogger,
2761 "SyncApplicationRolesWithEcompDB: Failed to add or update role in external auth system", e);
2768 * It de-activates application roles in DB if not present in External Auth
2772 * @param finalRoleList contains list of current roles present in
2773 * External Auth System
2774 * @param applicationRolesList contains list of current roles present in DB
2776 @SuppressWarnings("unchecked")
2777 private void inactiveRolesNotInExternalAuthSystem(EPApp app, List<EPRole> finalRoleList,
2778 List<EPRole> applicationRolesList) {
2779 final Map<String, EPRole> checkRolesInactive = new HashMap<>();
2780 for (EPRole extrole : finalRoleList) {
2781 checkRolesInactive.put(extrole.getName(), extrole);
2783 for (EPRole role : applicationRolesList) {
2785 final Map<String, String> extRoleParams = new HashMap<>();
2786 List<EPRole> roleList = null;
2787 extRoleParams.put(APP_ROLE_NAME_PARAM, role.getName());
2788 if (!checkRolesInactive.containsKey(role.getName())) {
2789 if (app.getId() == 1) {
2790 roleList = dataAccessService.executeNamedQuery(GET_PORTAL_APP_ROLES_QUERY, extRoleParams, null);
2792 extRoleParams.put(APP_ID, app.getId().toString());
2793 roleList = dataAccessService.executeNamedQuery(GET_ROLE_TO_UPDATE_IN_EXTERNAL_AUTH_SYSTEM,
2794 extRoleParams, null);
2796 if (!roleList.isEmpty()) {
2797 EPRole updateRoleInactive = roleList.get(0);
2798 updateRoleInactive.setActive(false);
2799 dataAccessService.saveDomainObject(updateRoleInactive, null);
2802 } catch (Exception e) {
2803 logger.error(EELFLoggerDelegate.errorLogger,
2804 "syncApplicationRolesWithEcompDB: Failed to de-activate role ", e);
2810 @SuppressWarnings("unchecked")
2811 public List<ExternalRoleDetails> getExternalRoleDetailsList(EPApp app, ObjectMapper mapper, JSONArray extRole)
2812 throws IOException {
2813 List<ExternalRoleDetails> externalRoleDetailsList = new ArrayList<>();
2814 ExternalAccessPerms externalAccessPerms = new ExternalAccessPerms();
2815 List<String> functionCodelist = new ArrayList<>();
2816 Map<String, EPRole> curRolesMap = getAppRoleNamesMap(app);
2817 Map<String, EPRole> curRolesUnderscoreMap = getAppRoleNamesWithUnderscoreMap(app);
2818 for (int i = 0; i < extRole.length(); i++) {
2819 ExternalRoleDetails externalRoleDetail = new ExternalRoleDetails();
2820 EPAppRoleFunction ePAppRoleFunction = new EPAppRoleFunction();
2821 JSONObject Role = (JSONObject) extRole.get(i);
2822 String name = extRole.getJSONObject(i).getString(ROLE_NAME);
2823 String actualRoleName = name.substring(app.getNameSpace().length() + 1);
2824 if (extRole.getJSONObject(i).has(EXTERNAL_AUTH_ROLE_DESCRIPTION)) {
2825 actualRoleName = extRole.getJSONObject(i).getString(EXTERNAL_AUTH_ROLE_DESCRIPTION);
2827 SortedSet<ExternalAccessPerms> externalAccessPermsOfRole = new TreeSet<>();
2828 if (extRole.getJSONObject(i).has(EXTERNAL_AUTH_PERMS)) {
2829 JSONArray extPerm = (JSONArray) Role.get(EXTERNAL_AUTH_PERMS);
2830 for (int j = 0; j < extPerm.length(); j++) {
2831 JSONObject perms = extPerm.getJSONObject(j);
2832 boolean isNamespaceMatching = EcompPortalUtils.checkNameSpaceMatching(perms.getString("type"),
2833 app.getNameSpace());
2834 if (isNamespaceMatching) {
2835 externalAccessPerms = new ExternalAccessPerms(perms.getString("type"),
2836 perms.getString("instance"), perms.getString("action"));
2837 ePAppRoleFunction.setCode(externalAccessPerms.getInstance());
2838 functionCodelist.add(ePAppRoleFunction.getCode());
2839 externalAccessPermsOfRole.add(externalAccessPerms);
2843 externalRoleDetail.setActive(true);
2844 externalRoleDetail.setName(actualRoleName);
2845 if (app.getId() == 1) {
2846 externalRoleDetail.setAppId(null);
2848 externalRoleDetail.setAppId(app.getId());
2850 EPRole currRole = null;
2851 currRole = (!extRole.getJSONObject(i).has(EXTERNAL_AUTH_ROLE_DESCRIPTION))
2852 ? curRolesUnderscoreMap.get(actualRoleName)
2853 : curRolesMap.get(actualRoleName);
2855 if (currRole != null)
2856 roleId = currRole.getId();
2857 final Map<String, EPAppRoleFunction> roleFunctionsMap = new HashMap<>();
2858 final Map<String, Long> appRoleFuncsParams = new HashMap<>();
2859 if (roleId != null) {
2860 appRoleFuncsParams.put("appId", app.getId());
2861 appRoleFuncsParams.put("roleId", roleId);
2862 // get role functions from DB
2863 List<EPAppRoleFunction> appRoleFunctions = dataAccessService
2864 .executeNamedQuery("getAppRoleFunctionOnRoleIdandAppId", appRoleFuncsParams, null);
2865 if (!appRoleFunctions.isEmpty()) {
2866 for (EPAppRoleFunction roleFunc : appRoleFunctions) {
2867 roleFunctionsMap.put(roleFunc.getCode(), roleFunc);
2871 if (!externalAccessPermsOfRole.isEmpty()) {
2872 // Adding functions to role
2873 for (ExternalAccessPerms externalpermission : externalAccessPermsOfRole) {
2874 EPAppRoleFunction checkRoleFunctionExits = roleFunctionsMap.get(externalpermission.getInstance());
2875 if (checkRoleFunctionExits == null) {
2876 String funcCode = externalpermission.getType().substring(app.getNameSpace().length() + 1)
2877 + FUNCTION_PIPE + externalpermission.getInstance() + FUNCTION_PIPE
2878 + externalpermission.getAction();
2879 EPAppRoleFunction checkRoleFunctionPipeExits = roleFunctionsMap.get(funcCode);
2880 if (checkRoleFunctionPipeExits == null) {
2882 final Map<String, String> appFuncsParams = new HashMap<>();
2883 appFuncsParams.put("appId", String.valueOf(app.getId()));
2884 appFuncsParams.put("functionCd", externalpermission.getInstance());
2885 logger.debug(EELFLoggerDelegate.debugLogger,
2886 "SyncApplicationRolesWithEcompDB: Adding function to the role: {}",
2887 externalpermission.getInstance());
2888 List<CentralV2RoleFunction> roleFunction = null;
2889 roleFunction = dataAccessService.executeNamedQuery("getAppFunctionOnCodeAndAppId",
2890 appFuncsParams, null);
2891 if (roleFunction.isEmpty()) {
2892 appFuncsParams.put("functionCd", funcCode);
2893 roleFunction = dataAccessService.executeNamedQuery("getAppFunctionOnCodeAndAppId",
2894 appFuncsParams, null);
2896 if (!roleFunction.isEmpty()) {
2897 EPAppRoleFunction apRoleFunction = new EPAppRoleFunction();
2898 apRoleFunction.setAppId(app.getId());
2899 apRoleFunction.setRoleId(roleId);
2900 apRoleFunction.setCode(roleFunction.get(0).getCode());
2901 dataAccessService.saveDomainObject(apRoleFunction, null);
2903 } catch (Exception e) {
2904 logger.error(EELFLoggerDelegate.errorLogger,
2905 "SyncApplicationRolesWithEcompDB: Failed to add role function", e);
2911 externalRoleDetailsList.add(externalRoleDetail);
2913 return externalRoleDetailsList;
2917 public JSONArray getAppRolesJSONFromExtAuthSystem(EPApp app) throws Exception {
2918 ResponseEntity<String> response = null;
2919 HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth();
2920 HttpEntity<String> entity = new HttpEntity<>(headers);
2921 logger.debug(EELFLoggerDelegate.debugLogger, "syncApplicationRolesWithEcompDB: {} ",
2922 CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE);
2923 response = template.exchange(SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL)
2924 + "roles/ns/" + app.getNameSpace(), HttpMethod.GET, entity, String.class);
2925 String res = response.getBody();
2926 logger.debug(EELFLoggerDelegate.debugLogger,
2927 "syncApplicationRolesWithEcompDB: Finished GET roles from External Auth system and the result is :",
2929 JSONObject jsonObj = new JSONObject(res);
2930 JSONArray extRole = jsonObj.getJSONArray("role");
2931 for (int i = 0; i < extRole.length(); i++) {
2932 if (extRole.getJSONObject(i).getString(ROLE_NAME).equals(app.getNameSpace() + ADMIN)
2933 || extRole.getJSONObject(i).getString(ROLE_NAME).equals(app.getNameSpace() + OWNER)
2934 || (extRole.getJSONObject(i).getString(ROLE_NAME).equals(app.getNameSpace() + ACCOUNT_ADMINISTRATOR)
2935 && !app.getId().equals(PortalConstants.PORTAL_APP_ID))) {
2944 public JSONArray getAllUsersByRole(String roleName) throws Exception {
2945 ResponseEntity<String> response = null;
2946 HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth();
2947 HttpEntity<String> entity = new HttpEntity<>(headers);
2948 logger.debug(EELFLoggerDelegate.debugLogger, "getAllUsersByRole: {} ",
2949 CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE);
2950 response = template.exchange(SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL)
2951 + "userRoles/role/" + roleName, HttpMethod.GET, entity, String.class);
2952 String res = response.getBody();
2953 logger.debug(EELFLoggerDelegate.debugLogger,
2954 "syncApplicationRolesWithEcompDB: Finished GET roles from External Auth system and the result is :",
2956 if (res == null || res.trim().isEmpty())
2958 JSONObject jsonObj = new JSONObject(res);
2959 JSONArray extRole = jsonObj.getJSONArray("userRole");
2965 * It converts from ExternalRoleDetails.class object to EPRole.class object
2967 * @param externalRoleDetails
2968 * @return EPRole object
2970 private EPRole convertExternalRoleDetailstoEpRole(ExternalRoleDetails externalRoleDetails) {
2971 EPRole role = new EPRole();
2972 role.setActive(true);
2973 role.setAppId(externalRoleDetails.getAppId());
2974 role.setAppRoleId(externalRoleDetails.getAppRoleId());
2975 role.setName(externalRoleDetails.getName());
2976 role.setPriority(externalRoleDetails.getPriority());
2980 @SuppressWarnings("unchecked")
2982 public Integer bulkUploadUserRoles(String uebkey) throws Exception {
2983 EPApp app = getApp(uebkey).get(0);
2984 final Map<String, String> params = new HashMap<>();
2985 params.put("uebKey", app.getUebKey());
2986 List<BulkUploadUserRoles> userRolesList = null;
2987 Integer userRolesAdded = 0;
2988 if (app.getCentralAuth()) {
2989 userRolesList = dataAccessService.executeNamedQuery("getBulkUserRoles", params, null);
2990 for (BulkUploadUserRoles userRolesUpload : userRolesList) {
2991 if (!userRolesUpload.getOrgUserId().equals("su1234")) {
2992 addUserRoleInExternalSystem(userRolesUpload);
2997 return userRolesAdded;
3001 * Its adding a user role in external auth system while doing bulk upload
3003 * @param userRolesUpload
3005 private void addUserRoleInExternalSystem(BulkUploadUserRoles userRolesUpload) {
3008 ObjectMapper mapper = new ObjectMapper();
3009 if (EPCommonSystemProperties
3010 .containsProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_USER_DOMAIN)) {
3011 name = userRolesUpload.getOrgUserId()
3012 + SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_USER_DOMAIN);
3014 ExternalAccessUser extUser = new ExternalAccessUser(name,
3015 userRolesUpload.getAppNameSpace() + "." + userRolesUpload.getRoleName()
3016 .replaceAll(EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_"));
3017 String userRole = mapper.writeValueAsString(extUser);
3018 HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth();
3019 HttpEntity<String> entity = new HttpEntity<>(userRole, headers);
3021 SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "userRole",
3022 HttpMethod.POST, entity, String.class);
3023 } catch (HttpClientErrorException e) {
3024 logger.error(EELFLoggerDelegate.errorLogger,
3025 "HttpClientErrorException - Failed to addUserRoleInExternalSystem", e);
3026 EPLogUtil.logExternalAuthAccessAlarm(logger, e.getStatusCode());
3027 } catch (Exception e) {
3028 if (e.getMessage().equalsIgnoreCase("409 Conflict")) {
3029 logger.error(EELFLoggerDelegate.errorLogger,
3030 "addUserRoleInExternalSystem: UserRole already exits but does not break functionality");
3032 logger.error(EELFLoggerDelegate.errorLogger,
3033 "addUserRoleInExternalSystem: Failed to addUserRoleInExternalSystem", e);
3039 public void deleteRoleDependencyRecords(Session localSession, Long roleId, Long appId, boolean isPortalRequest)
3044 // It should delete only when it portal's roleId
3045 if (appId.equals(PortalConstants.PORTAL_APP_ID)) {
3046 // Delete from fn_role_function
3047 sql = "DELETE FROM fn_role_function WHERE role_id=" + roleId;
3048 logger.debug(EELFLoggerDelegate.debugLogger, "Executing query: " + sql);
3049 query = localSession.createSQLQuery(sql);
3050 query.executeUpdate();
3051 // Delete from fn_role_composite
3052 sql = "DELETE FROM fn_role_composite WHERE parent_role_id=" + roleId + " OR child_role_id=" + roleId;
3053 logger.debug(EELFLoggerDelegate.debugLogger, "Executing query: " + sql);
3054 query = localSession.createSQLQuery(sql);
3055 query.executeUpdate();
3057 // Delete from ep_app_role_function
3058 sql = "DELETE FROM ep_app_role_function WHERE role_id=" + roleId;
3059 logger.debug(EELFLoggerDelegate.debugLogger, "Executing query: " + sql);
3060 query = localSession.createSQLQuery(sql);
3061 query.executeUpdate();
3062 // Delete from ep_role_notification
3063 sql = "DELETE FROM ep_role_notification WHERE role_id=" + roleId;
3064 logger.debug(EELFLoggerDelegate.debugLogger, "Executing query: " + sql);
3065 query = localSession.createSQLQuery(sql);
3066 query.executeUpdate();
3067 // Delete from fn_user_pseudo_role
3068 sql = "DELETE FROM fn_user_pseudo_role WHERE pseudo_role_id=" + roleId;
3069 logger.debug(EELFLoggerDelegate.debugLogger, "Executing query: " + sql);
3070 query = localSession.createSQLQuery(sql);
3071 query.executeUpdate();
3072 // Delete form EP_WIDGET_CATALOG_ROLE
3073 sql = "DELETE FROM EP_WIDGET_CATALOG_ROLE WHERE role_id=" + roleId;
3074 logger.debug(EELFLoggerDelegate.debugLogger, "Executing query: " + sql);
3075 query = localSession.createSQLQuery(sql);
3076 query.executeUpdate();
3077 // Delete form EP_WIDGET_CATALOG_ROLE
3078 sql = "DELETE FROM ep_user_roles_request_det WHERE requested_role_id=" + roleId;
3079 logger.debug(EELFLoggerDelegate.debugLogger, "Executing query: " + sql);
3080 query = localSession.createSQLQuery(sql);
3081 query.executeUpdate();
3082 if (!isPortalRequest) {
3083 // Delete form fn_menu_functional_roles
3084 sql = "DELETE FROM fn_menu_functional_roles WHERE role_id=" + roleId;
3085 logger.debug(EELFLoggerDelegate.debugLogger, "Executing query: " + sql);
3086 query = localSession.createSQLQuery(sql);
3087 query.executeUpdate();
3089 } catch (Exception e) {
3090 logger.debug(EELFLoggerDelegate.debugLogger, "deleteRoleDependeciesRecord: failed ", e);
3091 throw new DeleteDomainObjectFailedException("delete Failed" + e.getMessage());
3095 @SuppressWarnings("unchecked")
3097 public List<String> getMenuFunctionsList(String uebkey) throws Exception {
3098 List<String> appMenuFunctionsList = null;
3099 List<String> appMenuFunctionsFinalList = new ArrayList<>();
3101 EPApp app = getApp(uebkey).get(0);
3102 final Map<String, Long> appParams = new HashMap<>();
3103 appParams.put(APP_ID, app.getId());
3104 appMenuFunctionsList = dataAccessService.executeNamedQuery("getMenuFunctions", appParams, null);
3105 for (String appMenuFunction : appMenuFunctionsList) {
3106 if (appMenuFunction.contains(FUNCTION_PIPE)) {
3107 appMenuFunctionsFinalList.add(EcompPortalUtils.getFunctionCode(appMenuFunction));
3109 appMenuFunctionsFinalList.add(appMenuFunction);
3112 } catch (Exception e) {
3113 logger.error(EELFLoggerDelegate.errorLogger, "getMenuFunctionsList: Failed", e);
3114 return appMenuFunctionsFinalList;
3116 return appMenuFunctionsFinalList;
3119 @SuppressWarnings({ "unchecked" })
3121 public List<EcompUser> getAllAppUsers(String uebkey) throws Exception {
3122 List<String> usersList = new ArrayList<>();
3123 List<EcompUser> usersfinalList = new ArrayList<>();
3125 EPApp app = getApp(uebkey).get(0);
3126 final Map<String, Long> appParams = new HashMap<>();
3127 appParams.put("appId", app.getId());
3128 List<EcompUserRoles> userList = (List<EcompUserRoles>) dataAccessService
3129 .executeNamedQuery("ApplicationUserRoles", appParams, null);
3130 for (EcompUserRoles ecompUserRole : userList) {
3131 boolean found = false;
3132 Set<EcompRole> roles = null;
3133 for (EcompUser user : usersfinalList) {
3134 if (user.getOrgUserId().equals(ecompUserRole.getOrgUserId())) {
3135 EcompRole ecompRole = new EcompRole();
3136 ecompRole.setId(ecompUserRole.getRoleId());
3137 ecompRole.setName(ecompUserRole.getRoleName());
3138 roles = user.getRoles();
3139 EcompRole role = roles.stream().filter(x -> x.getName().equals(ecompUserRole.getRoleName()))
3140 .findAny().orElse(null);
3141 SortedSet<EcompRoleFunction> roleFunctionSet = new TreeSet<>();
3143 roleFunctionSet = (SortedSet<EcompRoleFunction>) role.getRoleFunctions();
3145 String functionCode = EcompPortalUtils.getFunctionCode(ecompUserRole.getFunctionCode());
3146 functionCode = EPUserUtils.decodeFunctionCode(functionCode);
3147 EcompRoleFunction epRoleFunction = new EcompRoleFunction();
3148 epRoleFunction.setName(ecompUserRole.getFunctionName());
3149 epRoleFunction.setCode(EPUserUtils.decodeFunctionCode(functionCode));
3150 epRoleFunction.setType(getFunctionCodeType(ecompUserRole.getFunctionCode()));
3151 epRoleFunction.setAction(getFunctionCodeAction(ecompUserRole.getFunctionCode()));
3152 roleFunctionSet.add(epRoleFunction);
3153 ecompRole.setRoleFunctions(roleFunctionSet);
3154 roles.add(ecompRole);
3155 user.setRoles(roles);
3161 EcompUser epUser = new EcompUser();
3162 epUser.setOrgId(ecompUserRole.getOrgId());
3163 epUser.setManagerId(ecompUserRole.getManagerId());
3164 epUser.setFirstName(ecompUserRole.getFirstName());
3165 epUser.setLastName(ecompUserRole.getLastName());
3166 epUser.setPhone(ecompUserRole.getPhone());
3167 epUser.setEmail(ecompUserRole.getEmail());
3168 epUser.setOrgUserId(ecompUserRole.getOrgUserId());
3169 epUser.setOrgCode(ecompUserRole.getOrgCode());
3170 epUser.setOrgManagerUserId(ecompUserRole.getOrgManagerUserId());
3171 epUser.setJobTitle(ecompUserRole.getJobTitle());
3172 epUser.setLoginId(ecompUserRole.getLoginId());
3173 epUser.setActive(true);
3174 roles = new HashSet<>();
3175 EcompRole ecompRole = new EcompRole();
3176 ecompRole.setId(ecompUserRole.getRoleId());
3177 ecompRole.setName(ecompUserRole.getRoleName());
3178 SortedSet<EcompRoleFunction> roleFunctionSet = new TreeSet<>();
3179 String functionCode = EcompPortalUtils.getFunctionCode(ecompUserRole.getFunctionCode());
3180 functionCode = EPUserUtils.decodeFunctionCode(functionCode);
3181 EcompRoleFunction epRoleFunction = new EcompRoleFunction();
3182 epRoleFunction.setName(ecompUserRole.getFunctionName());
3183 epRoleFunction.setCode(EPUserUtils.decodeFunctionCode(functionCode));
3184 epRoleFunction.setType(getFunctionCodeType(ecompUserRole.getFunctionCode()));
3185 epRoleFunction.setAction(getFunctionCodeAction(ecompUserRole.getFunctionCode()));
3186 roleFunctionSet.add(epRoleFunction);
3187 ecompRole.setRoleFunctions(roleFunctionSet);
3188 roles.add(ecompRole);
3189 epUser.setRoles(roles);
3190 usersfinalList.add(epUser);
3193 ObjectMapper mapper = new ObjectMapper();
3194 for (EcompUser u1 : usersfinalList) {
3195 String str = mapper.writeValueAsString(u1);
3198 } catch (Exception e) {
3199 logger.error(EELFLoggerDelegate.errorLogger, "getAllUsers failed", e);
3202 return usersfinalList;
3206 public Role ConvertCentralRoleToRole(String result) {
3207 ObjectMapper mapper = new ObjectMapper();
3208 mapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
3209 Role newRole = new Role();
3211 newRole = mapper.readValue(result, Role.class);
3212 } catch (IOException e) {
3213 logger.error(EELFLoggerDelegate.errorLogger, "Failed to convert the result to Role Object", e);
3215 if (newRole.getRoleFunctions() != null) {
3216 @SuppressWarnings("unchecked")
3217 Set<RoleFunction> roleFunctionList = newRole.getRoleFunctions();
3218 Set<RoleFunction> roleFunctionListNew = new HashSet<>();
3219 Iterator<RoleFunction> itetaror = roleFunctionList.iterator();
3220 while (itetaror.hasNext()) {
3221 Object nextValue = itetaror.next();
3222 RoleFunction roleFun = mapper.convertValue(nextValue, RoleFunction.class);
3223 roleFunctionListNew.add(roleFun);
3225 newRole.setRoleFunctions(roleFunctionListNew);
3231 @SuppressWarnings("unchecked")
3232 public List<CentralizedApp> getCentralizedAppsOfUser(String userId) {
3233 Map<String, String> params = new HashMap<>();
3234 params.put("userId", userId);
3235 List<CentralizedApp> centralizedAppsList = new ArrayList<>();
3237 centralizedAppsList = dataAccessService.executeNamedQuery("getCentralizedAppsOfUser", params, null);
3238 } catch (Exception e) {
3239 logger.error(EELFLoggerDelegate.errorLogger, "getCentralizedAppsOfUser failed", e);
3241 return centralizedAppsList;
3244 @SuppressWarnings("unchecked")
3245 public List<CentralV2Role> getGlobalRolesOfApplication(Long appId) {
3246 Map<String, Long> params = new HashMap<>();
3247 params.put("appId", appId);
3248 List<GlobalRoleWithApplicationRoleFunction> globalRoles = new ArrayList<>();
3250 globalRoles = dataAccessService.executeNamedQuery("getGlobalRoleWithApplicationRoleFunctions", params,
3252 } catch (Exception e) {
3253 logger.error(EELFLoggerDelegate.errorLogger, "getCentralizedAppsOfUser failed", e);
3255 List<CentralV2Role> rolesfinalList = new ArrayList<>();
3256 if (globalRoles.size() > 0)
3257 rolesfinalList = finalListOfCentralRoles(globalRoles);
3258 return rolesfinalList;
3261 @SuppressWarnings("unchecked")
3262 private CentralV2Role getGlobalRoleForRequestedApp(long requestedAppId, long roleId) {
3263 CentralV2Role finalGlobalrole = null;
3264 List<GlobalRoleWithApplicationRoleFunction> roleWithApplicationRoleFucntions = new ArrayList<>();
3265 Map<String, Long> params = new HashMap<>();
3266 params.put("roleId", roleId);
3267 params.put("requestedAppId", requestedAppId);
3269 roleWithApplicationRoleFucntions = dataAccessService.executeNamedQuery("getGlobalRoleForRequestedApp",
3271 } catch (Exception e) {
3272 logger.error(EELFLoggerDelegate.errorLogger, "getGlobalRoleForRequestedApp failed", e);
3274 if (roleWithApplicationRoleFucntions.size() > 0) {
3275 List<CentralV2Role> rolesfinalList = finalListOfCentralRoles(roleWithApplicationRoleFucntions);
3276 finalGlobalrole = rolesfinalList.get(0);
3278 List<EPRole> roleList = getPortalAppRoleInfo(roleId);
3279 finalGlobalrole = convertRoleToCentralV2Role(roleList.get(0));
3281 return finalGlobalrole;
3284 private List<CentralV2Role> finalListOfCentralRoles(List<GlobalRoleWithApplicationRoleFunction> globalRoles) {
3285 List<CentralV2Role> rolesfinalList = new ArrayList<>();
3286 for (GlobalRoleWithApplicationRoleFunction role : globalRoles) {
3287 boolean found = false;
3288 for (CentralV2Role cenRole : rolesfinalList) {
3289 if (role.getRoleId().equals(cenRole.getId())) {
3290 SortedSet<CentralV2RoleFunction> roleFunctions = cenRole.getRoleFunctions();
3291 CentralV2RoleFunction cenRoleFun = createCentralRoleFunctionForGlobalRole(role);
3292 roleFunctions.add(cenRoleFun);
3293 cenRole.setRoleFunctions(roleFunctions);
3299 CentralV2Role cenrole = new CentralV2Role.CentralV2RoleBuilder().createCentralV2Role();
3300 cenrole.setName(role.getRoleName());
3301 cenrole.setId(role.getRoleId());
3302 cenrole.setActive(role.isActive());
3303 cenrole.setPriority(role.getPriority());
3304 SortedSet<CentralV2RoleFunction> roleFunctions = new TreeSet<>();
3305 CentralV2RoleFunction cenRoleFun = createCentralRoleFunctionForGlobalRole(role);
3306 roleFunctions.add(cenRoleFun);
3307 cenrole.setRoleFunctions(roleFunctions);
3308 rolesfinalList.add(cenrole);
3311 return rolesfinalList;
3314 private CentralV2RoleFunction createCentralRoleFunctionForGlobalRole(GlobalRoleWithApplicationRoleFunction role) {
3318 CentralV2RoleFunction cenRoleFun;
3319 if (role.getFunctionCd().contains(FUNCTION_PIPE)) {
3320 instance = EcompPortalUtils.getFunctionCode(role.getFunctionCd());
3321 type = EcompPortalUtils.getFunctionType(role.getFunctionCd());
3322 action = EcompPortalUtils.getFunctionAction(role.getFunctionCd());
3323 cenRoleFun = new CentralV2RoleFunction(null, instance, role.getFunctionName(), null, type, action, null);
3325 type = getFunctionCodeType(role.getFunctionCd());
3326 action = getFunctionCodeAction(role.getFunctionCd());
3327 cenRoleFun = new CentralV2RoleFunction(null, role.getFunctionCd(), role.getFunctionName(), null, type,
3333 @SuppressWarnings("unchecked")
3335 public List<EPRole> getGlobalRolesOfPortal() {
3336 List<EPRole> globalRoles = new ArrayList<>();
3338 globalRoles = dataAccessService.executeNamedQuery("getGlobalRolesOfPortal", null, null);
3339 } catch (Exception e) {
3340 logger.error(EELFLoggerDelegate.errorLogger, "getGlobalRolesOfPortal failed", e);
3345 private CentralV2Role convertRoleToCentralV2Role(EPRole role) {
3346 return new CentralV2Role.CentralV2RoleBuilder().setId(role.getId()).setCreated(role.getCreated())
3347 .setModified(role.getModified()).setCreatedId(role.getCreatedId()).setModifiedId(role.getModifiedId())
3348 .setRowNum(role.getRowNum()).setName(role.getName()).setActive(role.getActive())
3349 .setPriority(role.getPriority()).setRoleFunctions(new TreeSet<>()).setChildRoles(new TreeSet<>())
3350 .setParentRoles(new TreeSet<>()).createCentralV2Role();
3354 public List<CentralRoleFunction> convertCentralRoleFunctionToRoleFunctionObject(
3355 List<CentralV2RoleFunction> answer) {
3356 List<CentralRoleFunction> addRoleFuncList = new ArrayList<>();
3357 for (CentralV2RoleFunction cenRoleFunc : answer) {
3358 CentralRoleFunction setRoleFunc = new CentralRoleFunction();
3359 setRoleFunc.setCode(cenRoleFunc.getCode());
3360 setRoleFunc.setName(cenRoleFunc.getName());
3361 addRoleFuncList.add(setRoleFunc);
3363 return addRoleFuncList;
3367 public CentralUser getUserRoles(String loginId, String uebkey) throws Exception {
3368 CentralUser sendUserRoles = null;
3370 CentralV2User cenV2User = getV2UserAppRoles(loginId, uebkey);
3371 sendUserRoles = convertV2UserRolesToOlderVersion(cenV2User);
3372 } catch (Exception e) {
3373 logger.error(EELFLoggerDelegate.errorLogger, "getUserRoles: failed", e);
3376 return sendUserRoles;
3381 * It returns V2 CentralUser object if user has any roles and permissions
3385 * @return CentralUser object
3388 private CentralV2User getV2UserAppRoles(String loginId, String uebkey) throws Exception {
3390 List<EPUser> epUserList;
3391 List<EPApp> appList = getApp(uebkey);
3392 app = appList.get(0);
3393 epUserList = getUser(loginId);
3394 EPUser user = epUserList.get(0);
3395 Set<EPUserApp> userAppSet = user.getEPUserApps();
3396 return createEPUser(user, userAppSet, app);
3399 private List<EcompRole> getUserAppRoles(EPApp app, EPUser user) {
3400 final Map<String, Long> userParams = new HashMap<>();
3401 userParams.put("appId", app.getId());
3402 userParams.put("userId", user.getId());
3403 @SuppressWarnings("unchecked")
3404 List<EPUserAppCurrentRoles> userAppsRolesList = dataAccessService.executeNamedQuery("getUserAppCurrentRoles",
3406 List<EcompRole> setUserRoles = new ArrayList<>();
3407 for (EPUserAppCurrentRoles role : userAppsRolesList) {
3408 logger.debug(EELFLoggerDelegate.debugLogger, "In getUserAppRoles()- get userRolename = {}",
3409 role.getRoleName());
3410 EcompRole ecompRole = new EcompRole();
3411 ecompRole.setId(role.getRoleId());
3412 ecompRole.setName(role.getRoleName());
3413 setUserRoles.add(ecompRole);
3415 logger.debug(EELFLoggerDelegate.debugLogger, "In getUserAppRoles()- get userrole list size = {}",
3416 setUserRoles.size());
3417 return setUserRoles;
3421 public List<EcompRole> missingUserApplicationRoles(String uebkey, String loginId, Set<EcompRole> CurrentUserRoles)
3423 List<EPApp> appList = getApp(uebkey);
3424 EPApp app = appList.get(0);
3425 List<EPUser> epUserList;
3426 epUserList = getUser(loginId);
3427 List<EcompRole> missingUserAppRoles = new ArrayList<>();
3428 List<String> roleNamesList = CurrentUserRoles.stream().map(EcompRole::getName).collect(Collectors.toList());
3429 logger.debug(EELFLoggerDelegate.debugLogger, "Roles of User from hibernate :" + roleNamesList);
3430 List<EcompRole> userApplicationsRolesfromDB = getUserAppRoles(app, epUserList.get(0));
3431 if (userApplicationsRolesfromDB.size() > 0) {
3432 missingUserAppRoles = userApplicationsRolesfromDB.stream().filter(x -> !roleNamesList.contains(x.getName()))
3433 .collect(Collectors.toList());
3435 List<String> MissingroleNamesList = missingUserAppRoles.stream().map(EcompRole::getName)
3436 .collect(Collectors.toList());
3437 logger.debug(EELFLoggerDelegate.debugLogger, "MissingUserAppRoles():" + MissingroleNamesList);
3439 List<EcompRole> finalMissingRoleList = new ArrayList<>();
3440 if (missingUserAppRoles.size() > 0) {
3441 final Map<String, Long> params = new HashMap<>();
3442 for (EcompRole role : missingUserAppRoles) {
3443 params.put("roleId", role.getId());
3444 params.put(APP_ID, app.getId());
3446 EcompRole epRole = new EcompRole();
3447 epRole.setId(role.getId());
3448 epRole.setName(role.getName());
3449 @SuppressWarnings("unchecked")
3450 List<CentralV2RoleFunction> appRoleFunctionList = dataAccessService
3451 .executeNamedQuery("getAppRoleFunctionList", params, null);
3452 SortedSet<EcompRoleFunction> roleFunctionSet = new TreeSet<>();
3453 for (CentralV2RoleFunction roleFunc : appRoleFunctionList) {
3454 String functionCode = EcompPortalUtils.getFunctionCode(roleFunc.getCode());
3455 String type = getFunctionCodeType(roleFunc.getCode());
3456 String action = getFunctionCodeAction(roleFunc.getCode());
3457 EcompRoleFunction fun = new EcompRoleFunction();
3458 fun.setAction(action);
3459 fun.setCode(functionCode);
3461 fun.setName(roleFunc.getName());
3462 roleFunctionSet.add(fun);
3465 epRole.setRoleFunctions(roleFunctionSet);
3466 finalMissingRoleList.add(epRole);
3470 return finalMissingRoleList;
3474 * It converts V2 CentralUser object to old version CentralUser object
3477 * @return EPUser object
3479 private CentralUser convertV2UserRolesToOlderVersion(CentralV2User cenV2User) {
3480 Set<CentralV2UserApp> userV2Apps = cenV2User.getUserApps();
3481 Set<CentralUserApp> userApps = new TreeSet<>();
3482 for (CentralV2UserApp userApp : userV2Apps) {
3483 CentralApp app = userApp.getApp();
3484 CentralUserApp cua = new CentralUserApp();
3485 cua.setUserId(null);
3487 SortedSet<CentralRoleFunction> cenRoleFunction = new TreeSet<>();
3488 for (CentralV2RoleFunction cenV2RoleFunc : userApp.getRole().getRoleFunctions()) {
3489 CentralRoleFunction cenRoleFunc = new CentralRoleFunction(cenV2RoleFunc.getCode(),
3490 cenV2RoleFunc.getName());
3491 cenRoleFunction.add(cenRoleFunc);
3493 CentralRole role = new CentralRole(userApp.getRole().getId(), userApp.getRole().getName(),
3494 userApp.getRole().getActive(), userApp.getRole().getPriority(), cenRoleFunction);
3498 return new CentralUser.CentralUserBuilder().setId(cenV2User.getId()).setCreated(cenV2User.getCreated())
3499 .setModified(cenV2User.getModified()).setCreatedId(cenV2User.getCreatedId())
3500 .setModifiedId(cenV2User.getModifiedId()).setRowNum(cenV2User.getRowNum())
3501 .setOrgId(cenV2User.getOrgId()).setManagerId(cenV2User.getManagerId())
3502 .setFirstName(cenV2User.getFirstName()).setMiddleInitial(cenV2User.getMiddleInitial())
3503 .setLastName(cenV2User.getLastName()).setPhone(cenV2User.getPhone()).setFax(cenV2User.getFax())
3504 .setCellular(cenV2User.getCellular()).setEmail(cenV2User.getEmail())
3505 .setAddressId(cenV2User.getAddressId()).setAlertMethodCd(cenV2User.getAlertMethodCd())
3506 .setHrid(cenV2User.getHrid()).setOrgUserId(cenV2User.getOrgUserId()).setOrgCode(cenV2User.getOrgCode())
3507 .setAddress1(cenV2User.getAddress1()).setAddress2(cenV2User.getAddress2()).setCity(cenV2User.getCity())
3508 .setState(cenV2User.getState()).setZipCode(cenV2User.getZipCode()).setCountry(cenV2User.getCountry())
3509 .setOrgManagerUserId(cenV2User.getOrgManagerUserId()).setLocationClli(cenV2User.getLocationClli())
3510 .setBusinessCountryCode(cenV2User.getBusinessCountryCode())
3511 .setBusinessCountryName(cenV2User.getBusinessCountryName()).setBusinessUnit(cenV2User.getBusinessUnit())
3512 .setBusinessUnitName(cenV2User.getBusinessUnitName()).setDepartment(cenV2User.getDepartment())
3513 .setDepartmentName(cenV2User.getDepartmentName()).setCompanyCode(cenV2User.getCompanyCode())
3514 .setCompany(cenV2User.getCompany()).setZipCodeSuffix(cenV2User.getZipCodeSuffix())
3515 .setJobTitle(cenV2User.getJobTitle()).setCommandChain(cenV2User.getCommandChain())
3516 .setSiloStatus(cenV2User.getSiloStatus()).setCostCenter(cenV2User.getCostCenter())
3517 .setFinancialLocCode(cenV2User.getFinancialLocCode()).setLoginId(cenV2User.getLoginId())
3518 .setLoginPwd(cenV2User.getLoginPwd()).setLastLoginDate(cenV2User.getLastLoginDate())
3519 .setActive(cenV2User.isActive()).setInternal(cenV2User.isInternal())
3520 .setSelectedProfileId(cenV2User.getSelectedProfileId()).setTimeZoneId(cenV2User.getTimeZoneId())
3521 .setOnline(cenV2User.isOnline()).setChatId(cenV2User.getChatId()).setUserApps(userApps)
3522 .createCentralUser();
3526 public List<CentralRole> convertV2CentralRoleListToOldVerisonCentralRoleList(List<CentralV2Role> v2CenRoleList) {
3527 List<CentralRole> cenRoleList = new ArrayList<>();
3528 for (CentralV2Role v2CenRole : v2CenRoleList) {
3529 SortedSet<CentralRoleFunction> cenRoleFuncList = new TreeSet<>();
3530 for (CentralV2RoleFunction v2CenRoleFunc : v2CenRole.getRoleFunctions()) {
3531 CentralRoleFunction roleFunc = new CentralRoleFunction(v2CenRoleFunc.getCode(),
3532 v2CenRoleFunc.getName());
3533 cenRoleFuncList.add(roleFunc);
3535 CentralRole role = new CentralRole(v2CenRole.getId(), v2CenRole.getName(), v2CenRole.getActive(),
3536 v2CenRole.getPriority(), cenRoleFuncList);
3537 cenRoleList.add(role);
3543 public ResponseEntity<String> getNameSpaceIfExists(EPApp app) throws Exception {
3544 HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth();
3545 HttpEntity<String> entity = new HttpEntity<>(headers);
3546 logger.debug(EELFLoggerDelegate.debugLogger, "checkIfNameSpaceExists: Connecting to External Auth system");
3547 ResponseEntity<String> response = null;
3550 .exchange(SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL)
3551 + "nss/" + app.getNameSpace(), HttpMethod.GET, entity, String.class);
3552 logger.debug(EELFLoggerDelegate.debugLogger, "checkIfNameSpaceExists: Finished ",
3553 response.getStatusCode().value());
3554 } catch (HttpClientErrorException e) {
3555 logger.error(EELFLoggerDelegate.errorLogger, "checkIfNameSpaceExists failed", e);
3556 EPLogUtil.logExternalAuthAccessAlarm(logger, e.getStatusCode());
3557 if (e.getStatusCode() == HttpStatus.NOT_FOUND)
3558 throw new InvalidApplicationException("Invalid NameSpace");
3566 public CentralRole convertV2CentralRoleToOldVerisonCentralRole(CentralV2Role v2CenRole) {
3567 SortedSet<CentralRoleFunction> cenRoleFuncList = new TreeSet<>();
3568 for (CentralV2RoleFunction v2CenRoleFunc : v2CenRole.getRoleFunctions()) {
3569 CentralRoleFunction roleFunc = new CentralRoleFunction(v2CenRoleFunc.getCode(), v2CenRoleFunc.getName());
3570 cenRoleFuncList.add(roleFunc);
3572 return new CentralRole(v2CenRole.getId(), v2CenRole.getName(), v2CenRole.getActive(), v2CenRole.getPriority(),
3576 @SuppressWarnings("unchecked")
3578 public Integer bulkUploadUsersSingleRole(String uebkey, Long roleId, String modifiedRoleName) throws Exception {
3579 EPApp app = getApp(uebkey).get(0);
3580 final Map<String, String> params = new HashMap<>();
3581 params.put("uebKey", app.getUebKey());
3582 params.put("roleId", String.valueOf(roleId));
3583 List<BulkUploadUserRoles> userRolesList = null;
3584 Integer userRolesAdded = 0;
3585 if (app.getCentralAuth()) {
3586 userRolesList = dataAccessService.executeNamedQuery("getBulkUsersForSingleRole", params, null);
3587 for (BulkUploadUserRoles userRolesUpload : userRolesList) {
3588 userRolesUpload.setRoleName(modifiedRoleName);
3589 if (!userRolesUpload.getOrgUserId().equals("su1234")) {
3590 addUserRoleInExternalSystem(userRolesUpload);
3595 return userRolesAdded;
3599 public void bulkUploadRoleFunc(UploadRoleFunctionExtSystem data, EPApp app) throws Exception {
3600 ObjectMapper mapper = new ObjectMapper();
3601 HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth();
3603 ExternalAccessRolePerms extRolePerms;
3604 ExternalAccessPerms extPerms;
3605 extPerms = new ExternalAccessPerms(app.getNameSpace() + "." + data.getType(),
3606 EcompPortalUtils.encodeFunctionCode(data.getInstance()), data.getAction());
3607 String appNameSpace = "";
3608 if (data.getIsGlobalRolePartnerFunc()) {
3609 appNameSpace = epAppService.getApp(1l).getNameSpace();
3611 appNameSpace = app.getNameSpace();
3613 extRolePerms = new ExternalAccessRolePerms(extPerms, appNameSpace + "." + data.getRoleName()
3614 .replaceAll(EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_"));
3615 String updateRolePerms = mapper.writeValueAsString(extRolePerms);
3616 HttpEntity<String> entity = new HttpEntity<>(updateRolePerms, headers);
3617 updateRoleFunctionInExternalSystem(updateRolePerms, entity);
3618 } catch (HttpClientErrorException e) {
3619 logger.error(EELFLoggerDelegate.errorLogger,
3620 "HttpClientErrorException - Failed to add role function in external central auth system", e);
3621 EPLogUtil.logExternalAuthAccessAlarm(logger, e.getStatusCode());
3623 } catch (Exception e) {
3624 logger.error(EELFLoggerDelegate.errorLogger,
3625 "addFunctionInExternalSystem: Failed to add role fucntion in external central auth system", e);
3630 private void updateRoleFunctionInExternalSystem(String updateRolePerms, HttpEntity<String> entity) {
3631 logger.debug(EELFLoggerDelegate.debugLogger, "bulkUploadRoleFunc: {} for POST: {}",
3632 CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE, updateRolePerms);
3633 ResponseEntity<String> addPermResponse = template.exchange(
3634 SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "role/perm",
3635 HttpMethod.POST, entity, String.class);
3636 logger.debug(EELFLoggerDelegate.debugLogger,
3637 "bulkUploadRoleFunc: Finished adding permission for POST: {} and status code: {} ",
3638 addPermResponse.getStatusCode().value(), updateRolePerms);
3642 public void syncApplicationUserRolesFromExtAuthSystem(String loginId) throws Exception {
3644 if (EPCommonSystemProperties.containsProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_USER_DOMAIN)) {
3645 name = loginId + SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_USER_DOMAIN);
3647 HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth();
3648 HttpEntity<String> getUserRolesEntity = new HttpEntity<>(headers);
3649 ResponseEntity<String> getResponse = getUserRolesFromExtAuthSystem(name, getUserRolesEntity);
3650 List<ExternalAccessUserRoleDetail> userRoleDetailList = new ArrayList<>();
3651 String res = getResponse.getBody();
3652 JSONObject jsonObj = null;
3653 JSONArray extRoles = null;
3654 if (!res.equals("{}")) {
3655 jsonObj = new JSONObject(res);
3656 extRoles = jsonObj.getJSONArray("role");
3658 updateUserRolesInLocal(userRoleDetailList, extRoles, loginId);
3661 @SuppressWarnings("unchecked")
3662 private void updateUserRolesInLocal(List<ExternalAccessUserRoleDetail> userRoleDetailList, JSONArray extRoles,
3663 String loginId) throws InvalidUserException {
3664 HashMap<String, String> userParams = new HashMap<>();
3665 userParams.put("orgUserId", loginId);
3666 // Get all centralized applications existing user roles from local
3667 List<CentralizedAppRoles> currentUserAppRoles = dataAccessService
3668 .executeNamedQuery("getUserCentralizedAppRoles", userParams, null);
3669 EPUser user = getUser(loginId).get(0);
3670 // Get all centralized applications roles from local
3671 HashMap<String, CentralizedAppRoles> cenAppRolesMap = getCentralizedAppRoleList();
3672 HashMap<String, CentralizedAppRoles> currentCentralizedUserAppRolesMap = getCurrentUserCentralizedAppRoles(
3673 currentUserAppRoles);
3674 // Get all centralized applications + admin role from local
3675 HashMap<String, EPApp> centralisedAppsMap = getCentralizedAdminAppsInfo();
3676 if (extRoles != null) {
3677 ExternalAccessUserRoleDetail userRoleDetail = null;
3678 for (int i = 0; i < extRoles.length(); i++) {
3679 if (!extRoles.getJSONObject(i).getString("name").endsWith(ADMIN)
3680 && !extRoles.getJSONObject(i).getString("name").endsWith(OWNER)) {
3681 userRoleDetail = new ExternalAccessUserRoleDetail(extRoles.getJSONObject(i).getString("name"),
3683 userRoleDetailList.add(userRoleDetail);
3686 addUserRolesInLocal(userRoleDetailList, user, cenAppRolesMap, currentCentralizedUserAppRolesMap,
3687 centralisedAppsMap);
3691 private void addUserRolesInLocal(List<ExternalAccessUserRoleDetail> userRoleDetailList, EPUser user,
3692 HashMap<String, CentralizedAppRoles> cenAppRolesMap,
3693 HashMap<String, CentralizedAppRoles> currentCentralizedUserAppRolesMap,
3694 HashMap<String, EPApp> centralisedAppsMap) {
3695 for (ExternalAccessUserRoleDetail extUserRoleDetail : userRoleDetailList) {
3697 // check if user already has role in local
3698 if (!currentCentralizedUserAppRolesMap.containsKey(extUserRoleDetail.getName())) {
3699 CentralizedAppRoles getCenAppRole = cenAppRolesMap.get(extUserRoleDetail.getName());
3700 if (getCenAppRole != null) {
3701 logger.debug(EELFLoggerDelegate.debugLogger,
3702 "addUserRolesInLocal: Adding user role from external auth system {}",
3703 extUserRoleDetail.toString());
3704 EPUserApp userApp = new EPUserApp();
3705 EPApp app = new EPApp();
3706 app.setId(getCenAppRole.getAppId());
3707 EPRole epRole = new EPRole();
3708 epRole.setId(getCenAppRole.getRoleId());
3709 userApp.setApp(app);
3710 userApp.setUserId(user.getId());
3711 userApp.setRole(epRole);
3712 dataAccessService.saveDomainObject(userApp, null);
3713 logger.debug(EELFLoggerDelegate.debugLogger,
3714 "addUserRolesInLocal: Finished user role from external auth system {}",
3715 extUserRoleDetail.toString());
3716 } else if (getCenAppRole == null // check if user has app
3717 // account admin role
3718 && extUserRoleDetail.getName().endsWith(PortalConstants.ADMIN_ROLE.replaceAll(
3719 EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_"))) {
3720 EPApp app = centralisedAppsMap.get(extUserRoleDetail.getName());
3722 logger.debug(EELFLoggerDelegate.debugLogger,
3723 "addUserRolesInLocal: Adding user role from external auth system {}",
3724 extUserRoleDetail.toString());
3725 EPUserApp userApp = new EPUserApp();
3726 EPRole epRole = new EPRole();
3727 epRole.setId(PortalConstants.ACCOUNT_ADMIN_ROLE_ID);
3728 userApp.setApp(app);
3729 userApp.setUserId(user.getId());
3730 userApp.setRole(epRole);
3731 dataAccessService.saveDomainObject(userApp, null);
3732 logger.debug(EELFLoggerDelegate.debugLogger,
3733 "addUserRolesInLocal: Finished user role from external auth system {}",
3734 extUserRoleDetail.toString());
3738 } catch (Exception e) {
3739 logger.error(EELFLoggerDelegate.errorLogger,
3740 "addUserRolesInLocal - Failed to update user role in local from external auth system {} ",
3741 extUserRoleDetail.toString(), e);
3746 @SuppressWarnings("unchecked")
3747 private HashMap<String, EPApp> getCentralizedAdminAppsInfo() {
3748 List<EPApp> centralizedApps = dataAccessService.executeNamedQuery("getCentralizedApps", null, null);
3749 HashMap<String, EPApp> centralisedAppsMap = new HashMap<>();
3750 for (EPApp cenApp : centralizedApps) {
3751 centralisedAppsMap.put(
3752 cenApp.getNameSpace() + "."
3753 + PortalConstants.ADMIN_ROLE.replaceAll(
3754 EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_"),
3757 return centralisedAppsMap;
3760 private HashMap<String, CentralizedAppRoles> getCurrentUserCentralizedAppRoles(
3761 List<CentralizedAppRoles> currentUserAppRoles) {
3762 HashMap<String, CentralizedAppRoles> currentCentralizedUserAppRolesMap = new HashMap<>();
3763 for (CentralizedAppRoles cenAppUserRole : currentUserAppRoles) {
3764 currentCentralizedUserAppRolesMap.put(
3765 cenAppUserRole.getAppNameSpace() + "."
3766 + cenAppUserRole.getRoleName().replaceAll(
3767 EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_"),
3770 return currentCentralizedUserAppRolesMap;
3773 @SuppressWarnings("unchecked")
3774 private HashMap<String, CentralizedAppRoles> getCentralizedAppRoleList() {
3775 List<CentralizedAppRoles> centralizedAppRoles = dataAccessService
3776 .executeNamedQuery("getAllCentralizedAppsRoles", null, null);
3777 HashMap<String, CentralizedAppRoles> cenAppRolesMap = new HashMap<>();
3778 for (CentralizedAppRoles CentralizedAppRole : centralizedAppRoles) {
3780 CentralizedAppRole.getAppNameSpace() + "."
3781 + CentralizedAppRole.getRoleName().replaceAll(
3782 EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_"),
3783 CentralizedAppRole);
3785 return cenAppRolesMap;
3789 public ResponseEntity<String> getUserRolesFromExtAuthSystem(String name, HttpEntity<String> getUserRolesEntity) {
3790 logger.debug(EELFLoggerDelegate.debugLogger, "Connecting to external system to get current user roles");
3791 ResponseEntity<String> getResponse = template
3792 .exchange(SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL)
3793 + "roles/user/" + name, HttpMethod.GET, getUserRolesEntity, String.class);
3794 if (getResponse.getStatusCode().value() == 200) {
3795 logger.debug(EELFLoggerDelegate.debugLogger,
3796 "getAllUserRoleFromExtAuthSystem: Finished GET user roles from external system and received user roles {}",
3797 getResponse.getBody());
3799 logger.error(EELFLoggerDelegate.errorLogger,
3800 "getAllUserRoleFromExtAuthSystem: Failed GET user roles from external system and received user roles {}",
3801 getResponse.getBody());
3802 EPLogUtil.logExternalAuthAccessAlarm(logger, getResponse.getStatusCode());
3808 public Integer updateAppRoleDescription(String uebkey) {
3809 Integer roleDescUpdated = 0;
3812 app = getApp(uebkey).get(0);
3813 List<EPRole> roles = getAppRoles(app.getId());
3814 for (EPRole epRole : roles) {
3815 Role role = new Role();
3816 role.setName(epRole.getName());
3817 boolean status = addRoleDescriptionInExtSystem(role, app);
3821 } catch (Exception e) {
3822 logger.error(EELFLoggerDelegate.errorLogger, "updateAppRoleDescription: Failed! ", e);
3824 return roleDescUpdated;