2 * ============LICENSE_START==========================================
4 * ===================================================================
5 * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
6 * ===================================================================
8 * Unless otherwise specified, all software contained herein is licensed
9 * under the Apache License, Version 2.0 (the "License");
10 * you may not use this software except in compliance with the License.
11 * You may obtain a copy of the License at
13 * http://www.apache.org/licenses/LICENSE-2.0
15 * Unless required by applicable law or agreed to in writing, software
16 * distributed under the License is distributed on an "AS IS" BASIS,
17 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18 * See the License for the specific language governing permissions and
19 * limitations under the License.
21 * Unless otherwise specified, all documentation contained herein is licensed
22 * under the Creative Commons License, Attribution 4.0 Intl. (the "License");
23 * you may not use this documentation except in compliance with the License.
24 * You may obtain a copy of the License at
26 * https://creativecommons.org/licenses/by/4.0/
28 * Unless required by applicable law or agreed to in writing, documentation
29 * distributed under the License is distributed on an "AS IS" BASIS,
30 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
31 * See the License for the specific language governing permissions and
32 * limitations under the License.
34 * ============LICENSE_END============================================
39 package org.onap.portalapp.portal.service;
41 import java.io.IOException;
42 import java.util.ArrayList;
43 import java.util.Arrays;
44 import java.util.Collection;
45 import java.util.Date;
46 import java.util.HashMap;
47 import java.util.HashSet;
48 import java.util.LinkedHashSet;
49 import java.util.List;
52 import java.util.SortedSet;
53 import java.util.TreeSet;
54 import java.util.stream.Collectors;
56 import javax.servlet.http.HttpServletResponse;
58 import org.apache.commons.lang.StringUtils;
59 import org.apache.cxf.transport.http.HTTPException;
60 import org.hibernate.SQLQuery;
61 import org.hibernate.Session;
62 import org.hibernate.SessionFactory;
63 import org.hibernate.Transaction;
64 import org.json.JSONArray;
65 import org.json.JSONObject;
66 import org.onap.portalapp.externalsystemapproval.model.ExternalSystemRoleApproval;
67 import org.onap.portalapp.externalsystemapproval.model.ExternalSystemUser;
68 import org.onap.portalapp.portal.domain.CentralV2RoleFunction;
69 import org.onap.portalapp.portal.domain.EPApp;
70 import org.onap.portalapp.portal.domain.EPRole;
71 import org.onap.portalapp.portal.domain.EPUser;
72 import org.onap.portalapp.portal.domain.EPUserApp;
73 import org.onap.portalapp.portal.domain.EPUserAppCatalogRoles;
74 import org.onap.portalapp.portal.domain.EPUserAppRoles;
75 import org.onap.portalapp.portal.domain.EPUserAppRolesRequest;
76 import org.onap.portalapp.portal.domain.EPUserAppRolesRequestDetail;
77 import org.onap.portalapp.portal.domain.ExternalSystemAccess;
78 import org.onap.portalapp.portal.exceptions.SyncUserRolesException;
79 import org.onap.portalapp.portal.logging.aop.EPMetricsLog;
80 import org.onap.portalapp.portal.logging.format.EPAppMessagesEnum;
81 import org.onap.portalapp.portal.logging.logic.EPLogUtil;
82 import org.onap.portalapp.portal.transport.AppWithRolesForUser;
83 import org.onap.portalapp.portal.transport.CentralV2Role;
84 import org.onap.portalapp.portal.transport.EPUserAppCurrentRoles;
85 import org.onap.portalapp.portal.transport.EcompUserAppRoles;
86 import org.onap.portalapp.portal.transport.ExternalAccessUser;
87 import org.onap.portalapp.portal.transport.ExternalAccessUserRoleDetail;
88 import org.onap.portalapp.portal.transport.ExternalRequestFieldsValidator;
89 import org.onap.portalapp.portal.transport.ExternalRoleDescription;
90 import org.onap.portalapp.portal.transport.FieldsValidator;
91 import org.onap.portalapp.portal.transport.FunctionalMenuItem;
92 import org.onap.portalapp.portal.transport.FunctionalMenuRole;
93 import org.onap.portalapp.portal.transport.RemoteRole;
94 import org.onap.portalapp.portal.transport.RemoteRoleV1;
95 import org.onap.portalapp.portal.transport.RemoteUserWithRoles;
96 import org.onap.portalapp.portal.transport.RoleInAppForUser;
97 import org.onap.portalapp.portal.transport.RolesInAppForUser;
98 import org.onap.portalapp.portal.transport.UserApplicationRoles;
99 import org.onap.portalapp.portal.utils.EPCommonSystemProperties;
100 import org.onap.portalapp.portal.utils.EcompPortalUtils;
101 import org.onap.portalapp.portal.utils.PortalConstants;
102 import org.onap.portalapp.util.EPUserUtils;
103 import org.onap.portalapp.util.SystemType;
104 import org.onap.portalsdk.core.domain.Role;
105 import org.onap.portalsdk.core.domain.RoleFunction;
106 import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
107 import org.onap.portalsdk.core.restful.domain.EcompRole;
108 import org.onap.portalsdk.core.service.DataAccessService;
109 import org.onap.portalsdk.core.service.RoleService;
110 import org.onap.portalsdk.core.util.SystemProperties;
111 import org.springframework.beans.factory.annotation.Autowired;
112 import org.springframework.http.HttpEntity;
113 import org.springframework.http.HttpHeaders;
114 import org.springframework.http.HttpMethod;
115 import org.springframework.http.HttpStatus;
116 import org.springframework.http.ResponseEntity;
117 import org.springframework.web.client.HttpClientErrorException;
118 import org.springframework.web.client.RestTemplate;
120 import com.fasterxml.jackson.core.JsonProcessingException;
121 import com.fasterxml.jackson.databind.DeserializationFeature;
122 import com.fasterxml.jackson.databind.ObjectMapper;
125 public class UserRolesCommonServiceImpl {
127 private static EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(UserRolesCommonServiceImpl.class);
129 private static final Object syncRests = new Object();
131 private static final String APP_ID = "appId";
134 private DataAccessService dataAccessService;
136 private SessionFactory sessionFactory;
138 private SearchService searchService;
140 private EPAppService appsService;
142 private ApplicationsRestClientService applicationsRestClientService;
144 private EPRoleService epRoleService;
146 private RoleService roleService;
148 private AdminRolesService adminRolesService;
150 private EPAppService appService;
152 private ExternalAccessRolesService externalAccessRolesService;
155 private AppsCacheService appsCacheService;
157 RestTemplate template = new RestTemplate();
162 * @return HashMap<Long, EcompRole>
164 private static HashMap<Long, EcompRole> hashMapFromEcompRoles(EcompRole[] ecompRoles) {
165 HashMap<Long, EcompRole> result = new HashMap<Long, EcompRole>();
166 if (ecompRoles != null) {
167 for (int i = 0; i < ecompRoles.length; i++) {
168 if (ecompRoles[i].getId() != null) {
169 result.put(ecompRoles[i].getId(), ecompRoles[i]);
180 protected void createLocalUserIfNecessary(String userId,boolean isSystemUser) {
181 if (StringUtils.isEmpty(userId)) {
182 logger.error(EELFLoggerDelegate.errorLogger, "createLocalUserIfNecessary : empty userId!");
185 Session localSession = null;
186 Transaction transaction = null;
188 localSession = sessionFactory.openSession();
189 transaction = localSession.beginTransaction();
190 @SuppressWarnings("unchecked")
191 List<EPUser> userList = localSession
192 .createQuery("from :name where orgUserId=:userId")
193 .setParameter("name",EPUser.class.getName())
194 .setParameter("userId",userId)
196 if (userList.size() == 0) {
197 EPUser client = null;
199 client = searchService.searchUserByUserId(userId);
201 client = new EPUser();
202 client.setOrgUserId(userId);
203 client.setSystemUser(true);
204 client.setFirstName(userId.substring(0,userId.indexOf("@")));
206 if (client == null) {
207 String msg = "createLocalUserIfNecessary: cannot create user " + userId
208 + ", because not found in phonebook";
209 logger.error(EELFLoggerDelegate.errorLogger, msg);
211 client.setLoginId(userId);
212 client.setActive(true);
213 localSession.save(client);
216 transaction.commit();
217 } catch (Exception e) {
218 EPLogUtil.logEcompError(logger, EPAppMessagesEnum.BeDaoSystemError, e);
219 EcompPortalUtils.rollbackTransaction(transaction, "searchOrCreateUser rollback, exception = " + e);
221 EcompPortalUtils.closeLocalSession(localSession, "searchOrCreateUser");
226 * This method return nothing and remove roles before adding any roles for an app
229 * @param localSession
230 * @param userAppRoles
231 * @param newUserAppRolesMap
233 private static void syncUserRolesExtension(EPUserApp userRole, Long appId, Session localSession, EcompRole[] userAppRoles, HashMap<Long, EcompRole> newUserAppRolesMap) {
235 Long userAppRoleId = 0L;
236 if (appId == PortalConstants.PORTAL_APP_ID) { // local app
237 userAppRoleId = userRole.getRoleId();
238 } else { // remote app
239 userAppRoleId = userRole.getAppRoleId();
242 if (!newUserAppRolesMap.containsKey(userAppRoleId)) {
243 localSession.delete(userRole);
245 newUserAppRolesMap.remove(userAppRoleId);
250 * Checks whether the role is inactive
254 * if role is inactive, throws exception
256 private void checkIfRoleInactive(EPRole epRole) throws Exception{
257 if(!epRole.getActive()){
258 throw new Exception(epRole.getName()+ " role is unavailable");
264 * @param sessionFactory
267 * @param userAppRoles
268 * @param extRequestValue
269 * set to false if request is from users page otherwise true
272 protected void syncUserRoles(SessionFactory sessionFactory, String userId, Long appId,
273 EcompRole[] userAppRoles, Boolean extRequestValue, String reqType) throws Exception {
274 Session localSession = null;
275 Transaction transaction = null;
276 String roleActive = null;
277 final Map<String, String> userAppParams = new HashMap<>();
278 final Map<String, String> appParams = new HashMap<>();
279 HashMap<Long, EcompRole> newUserAppRolesMap = hashMapFromEcompRoles(userAppRoles);
282 localSession = sessionFactory.openSession();
283 transaction = localSession.beginTransaction();
284 @SuppressWarnings("unchecked")
285 List<EPUser> userList = localSession
286 .createQuery("from :name where orgUserId=:userId")
287 .setParameter("name",EPUser.class.getName())
288 .setParameter("userId",userId)
290 if (userList.size() > 0) {
291 EPUser client = userList.get(0);
292 roleActive = ("DELETE".equals(reqType)) ? "" : " and role.active = 'Y'";
293 @SuppressWarnings("unchecked")
294 List<EPUserApp> userRoles = localSession.createQuery("from :name where app.id=:appId :roleActive and userId=:userId")
295 .setParameter("name",EPUserApp.class.getName())
296 .setParameter("appId",appId)
297 .setParameter("roleActive",roleActive)
298 .setParameter("userId",client.getId())
301 if ("DELETE".equals(reqType)) {
302 for (EPUserApp userAppRoleList : userRoles) {
303 userAppParams.put("roleName", String.valueOf(userAppRoleList.getRole().getName()));
304 userAppParams.put("appId", String.valueOf(appId));
305 appParams.put("appRoleName", userAppRoleList.getRole().getName());
306 @SuppressWarnings("unchecked")
307 List<EPRole> rolesList = (!userAppRoleList.getRole().getName().equals(PortalConstants.ADMIN_ROLE)) ? (List<EPRole>) dataAccessService.executeNamedQuery("getAppRoles", userAppParams, null) : (List<EPRole>) dataAccessService.executeNamedQuery("getPortalAppRoles", appParams, null);
308 if(rolesList.size() > 0 || !rolesList.isEmpty()){
309 checkIfRoleInactive(rolesList.get(0));
314 for (EPUserApp userRole : userRoles) {
315 if (!userRole.getRoleId().equals(PortalConstants.ACCOUNT_ADMIN_ROLE_ID) && userRole.getRoleId() != PortalConstants.SYS_ADMIN_ROLE_ID && !extRequestValue){
316 syncUserRolesExtension(userRole, appId, localSession, userAppRoles, newUserAppRolesMap);
318 else if (extRequestValue && ("PUT".equals(reqType) || "POST".equals(reqType) || "DELETE".equals(reqType))){
319 syncUserRolesExtension(userRole, appId, localSession, userAppRoles, newUserAppRolesMap);
321 else if (extRequestValue && !userRole.getRoleId().equals(PortalConstants.ACCOUNT_ADMIN_ROLE_ID)){
322 syncUserRolesExtension(userRole, appId, localSession, userAppRoles, newUserAppRolesMap);
325 Collection<EcompRole> newRolesToAdd = newUserAppRolesMap.values();
326 if (newRolesToAdd.size() > 0) {
327 EPApp app = (EPApp) localSession.get(EPApp.class, appId);
329 HashMap<Long, EPRole> rolesMap = new HashMap<Long, EPRole>();
330 if (appId.equals(PortalConstants.PORTAL_APP_ID)) { // local app
331 String appIdValue = "";
332 if(!extRequestValue){
333 appIdValue = "and id != " + PortalConstants.SYS_ADMIN_ROLE_ID;
335 @SuppressWarnings("unchecked")
336 List<EPRole> roles = localSession
337 .createQuery("from " + EPRole.class.getName() + " where appId is null " + appIdValue).list();
338 for (EPRole role : roles) {
340 rolesMap.put(role.getId(), role);
342 } else { // remote app
343 @SuppressWarnings("unchecked")
344 List<EPRole> roles = localSession
345 .createQuery("from :name where appId=:appId")
346 .setParameter("name",EPRole.class.getName())
347 .setParameter("appId",appId)
349 for (EPRole role : roles) {
350 if (!extRequestValue && app.getCentralAuth()) {
351 rolesMap.put(role.getId(), role);
353 rolesMap.put(role.getAppRoleId(), role);
359 for (EcompRole userRole : newRolesToAdd) {
360 EPUserApp userApp = new EPUserApp();
361 if (("PUT".equals(reqType) || "POST".equals(reqType)) && userRole.getName().equals(PortalConstants.ADMIN_ROLE)) {
362 role = (EPRole) localSession.get(EPRole.class, new Long(PortalConstants.ACCOUNT_ADMIN_ROLE_ID));
363 userApp.setRole(role);
364 } else if ((userRole.getId().equals(PortalConstants.ACCOUNT_ADMIN_ROLE_ID)) && !extRequestValue){
366 }else if((userRole.getId().equals(PortalConstants.SYS_ADMIN_ROLE_ID)) && app.getId().equals(PortalConstants.PORTAL_APP_ID) && !extRequestValue){
370 userApp.setRole(rolesMap.get(userRole.getId()));
373 userApp.setUserId(client.getId());
375 localSession.save(userApp);
376 localSession.flush();
379 if (appId == PortalConstants.PORTAL_APP_ID) {
381 * for local app -- hack - always make sure fn_role
382 * table's app_id is null and not 1 for primary app in
383 * this case being onap portal app; reason: hibernate
384 * is rightly setting this to 1 while persisting to
385 * fn_role as per the mapping but SDK role management
386 * code expects the app_id to be null as there is no
387 * concept of App_id in SDK
389 localSession.flush();
390 SQLQuery sqlQuery = localSession
391 .createSQLQuery("update fn_role set app_id = null where app_id = 1 ");
392 sqlQuery.executeUpdate();
397 transaction.commit();
398 } catch (Exception e) {
399 logger.error(EELFLoggerDelegate.errorLogger, "syncUserRoles failed", e);
400 EPLogUtil.logEcompError(logger, EPAppMessagesEnum.BeDaoSystemError, e);
401 EcompPortalUtils.rollbackTransaction(transaction,
402 "Exception occurred in syncUserRoles, Details: " + e.toString());
403 if("DELETE".equals(reqType)){
404 throw new SyncUserRolesException(e.getMessage());
407 if(localSession != null)
408 localSession.close();
413 * Called when getting the list of roles for the user
416 * @param userAppRoles
417 * @return List<RoleInAppForUser>
419 protected List<RoleInAppForUser> constructRolesInAppForUserGet(EcompRole[] appRoles, EcompRole[] userAppRoles) {
420 List<RoleInAppForUser> rolesInAppForUser = new ArrayList<RoleInAppForUser>();
422 Set<Long> userAppRolesMap = new HashSet<Long>();
423 if (userAppRoles != null) {
424 for (EcompRole ecompRole : userAppRoles) {
425 userAppRolesMap.add(ecompRole.getId());
428 logger.error(EELFLoggerDelegate.errorLogger,
429 "constructRolesInAppForUserGet has received userAppRoles list empty");
432 if (appRoles != null) {
433 for (EcompRole ecompRole : appRoles) {
434 RoleInAppForUser roleForUser = new RoleInAppForUser(ecompRole.getId(), ecompRole.getName());
435 roleForUser.isApplied = userAppRolesMap.contains(ecompRole.getId());
436 rolesInAppForUser.add(roleForUser);
439 logger.error(EELFLoggerDelegate.errorLogger, "constructRolesInAppForUser has received appRoles list empty");
441 return rolesInAppForUser;
445 * Called when getting the list of roles for the user
448 * @param userAppRoles
449 * @param extRequestValue
450 * set to false if request is from users page otherwise true
451 * @return List<RoleInAppForUser>
453 protected List<RoleInAppForUser> constructRolesInAppForUserGet(List<Role> appRoles, EPRole[] userAppRoles, Boolean extRequestValue) {
454 List<RoleInAppForUser> rolesInAppForUser = new ArrayList<RoleInAppForUser>();
456 Set<Long> userAppRolesMap = new HashSet<Long>();
457 if (userAppRoles != null) {
458 for (EPRole ecompRole : userAppRoles) {
459 userAppRolesMap.add(ecompRole.getId());
461 logger.debug(EELFLoggerDelegate.debugLogger, "In constructRolesInAppForUserGet() - userAppRolesMap = {}", userAppRolesMap);
464 logger.error(EELFLoggerDelegate.errorLogger,
465 "constructRolesInAppForUserGet has received userAppRoles list empty.");
468 if (appRoles != null) {
470 for (Role ecompRole : appRoles) {
471 logger.debug(EELFLoggerDelegate.debugLogger, "In constructRolesInAppForUserGet() - appRoles not null = {}", ecompRole);
473 if (ecompRole.getId().equals(PortalConstants.ACCOUNT_ADMIN_ROLE_ID) && !extRequestValue)
475 RoleInAppForUser roleForUser = new RoleInAppForUser(ecompRole.getId(), ecompRole.getName());
476 roleForUser.isApplied = userAppRolesMap.contains(ecompRole.getId());
477 rolesInAppForUser.add(roleForUser);
478 logger.debug(EELFLoggerDelegate.debugLogger, "In constructRolesInAppForUserGet() - rolesInAppForUser = {}", rolesInAppForUser);
482 logger.error(EELFLoggerDelegate.errorLogger,
483 "constructRolesInAppForUser has received appRoles list empty.");
485 return rolesInAppForUser;
490 * copies of methods in GetAppsWithUserRoleState
492 * @param sessionFactory
497 protected void syncAppRoles(SessionFactory sessionFactory, Long appId, EcompRole[] appRoles) throws Exception {
498 logger.debug(EELFLoggerDelegate.debugLogger, "entering syncAppRoles for appId: " + appId);
499 HashMap<Long, EcompRole> newRolesMap = hashMapFromEcompRoles(appRoles);
500 Session localSession = null;
501 Transaction transaction = null;
504 localSession = sessionFactory.openSession();
505 transaction = localSession.beginTransaction();
506 // Attention! All roles from remote application supposed to be
509 @SuppressWarnings("unchecked")
510 List<EPRole> currentAppRoles = localSession.createQuery("from :name where appId = :appId")
511 .setParameter("name",EPRole.class.getName())
512 .setParameter("appId",appId)
515 List<EPRole> obsoleteRoles = new ArrayList<EPRole>();
516 for (int i = 0; i < currentAppRoles.size(); i++) {
517 EPRole oldAppRole = currentAppRoles.get(i);
518 if (oldAppRole.getAppRoleId() != null) {
519 EcompRole role = null;
520 role = newRolesMap.get(oldAppRole.getAppRoleId());
522 if (!(role.getName() == null || oldAppRole.getName().equals(role.getName()))) {
523 oldAppRole.setName(role.getName());
524 localSession.update(oldAppRole);
526 oldAppRole.setActive(true);
527 newRolesMap.remove(oldAppRole.getAppRoleId());
529 obsoleteRoles.add(oldAppRole);
532 obsoleteRoles.add(oldAppRole);
535 Collection<EcompRole> newRolesToAdd = newRolesMap.values();
536 if (obsoleteRoles.size() > 0) {
537 logger.debug(EELFLoggerDelegate.debugLogger, "syncAppRoles: we have obsolete roles to delete");
538 for (EPRole role : obsoleteRoles) {
539 logger.debug(EELFLoggerDelegate.debugLogger, "syncAppRoles: obsolete role: " + role.toString());
540 Long roleId = role.getId();
541 // delete obsolete roles here
542 // Must delete all records with foreign key constraints on
544 // fn_user_role, fn_role_composite, fn_role_function,
545 // fn_user_pseudo_role, fn_menu_functional_roles.
546 // And for fn_menu_functional, if no other roles for that
547 // menu item, remove the url.
549 // Delete from fn_user_role
550 @SuppressWarnings("unchecked")
551 List<EPUserApp> userRoles = localSession.createQuery(
552 "from :name where app.id=:appId and role_id=:roleId")
553 .setParameter("name",EPUserApp.class.getName())
554 .setParameter("appId",appId)
555 .setParameter("roleId",roleId)
558 logger.debug(EELFLoggerDelegate.debugLogger, "syncAppRoles: number of userRoles to delete: " + userRoles.size());
559 for (EPUserApp userRole : userRoles) {
560 logger.debug(EELFLoggerDelegate.debugLogger,
561 "syncAppRoles: about to delete userRole: " + userRole.toString());
562 localSession.delete(userRole);
563 logger.debug(EELFLoggerDelegate.debugLogger,
564 "syncAppRoles: finished deleting userRole: " + userRole.toString());
567 // Delete from fn_menu_functional_roles
568 @SuppressWarnings("unchecked")
569 List<FunctionalMenuRole> funcMenuRoles = localSession
570 .createQuery("from :name where roleId=:roleId")
571 .setParameter("name",FunctionalMenuRole.class.getName())
572 .setParameter("roleId",roleId)
574 int numMenuRoles = funcMenuRoles.size();
575 logger.debug(EELFLoggerDelegate.debugLogger,
576 "syncAppRoles: number of funcMenuRoles for roleId: " + roleId + ": " + numMenuRoles);
577 for (FunctionalMenuRole funcMenuRole : funcMenuRoles) {
578 Long menuId = funcMenuRole.menuId;
579 // If this is the only role for this menu item, then the
580 // app and roles will be gone,
581 // so must null out the url too, to be consistent
582 @SuppressWarnings("unchecked")
583 List<FunctionalMenuRole> funcMenuRoles2 = localSession
584 .createQuery("from :name where menuId=:menuId")
585 .setParameter("name",FunctionalMenuRole.class.getName())
586 .setParameter("menuId",menuId)
588 int numMenuRoles2 = funcMenuRoles2.size();
589 logger.debug(EELFLoggerDelegate.debugLogger,
590 "syncAppRoles: number of funcMenuRoles for menuId: " + menuId + ": " + numMenuRoles2);
591 localSession.delete(funcMenuRole);
592 if (numMenuRoles2 == 1) {
593 // If this is the only role for this menu item, then
594 // the app and roles will be gone,
595 // so must null out the url too, to be consistent
596 logger.debug(EELFLoggerDelegate.debugLogger,
597 "syncAppRoles: There is exactly 1 menu item for this role, so emptying the url");
598 @SuppressWarnings("unchecked")
599 List<FunctionalMenuItem> funcMenuItems = localSession
600 .createQuery("from :name where menuId=:menuId")
601 .setParameter("name",FunctionalMenuItem.class.getName())
602 .setParameter("menuId",menuId)
604 if (funcMenuItems.size() > 0) {
605 logger.debug(EELFLoggerDelegate.debugLogger, "got the menu item");
606 FunctionalMenuItem funcMenuItem = funcMenuItems.get(0);
607 funcMenuItem.url = "";
608 localSession.update(funcMenuItem);
612 boolean isPortalRequest = true;
613 externalAccessRolesService.deleteRoleDependencyRecords(localSession, roleId, appId, isPortalRequest);
614 logger.debug(EELFLoggerDelegate.debugLogger, "syncAppRoles: about to delete the role: " + role.toString());
615 localSession.delete(role);
616 logger.debug(EELFLoggerDelegate.debugLogger, "syncAppRoles: deleted the role");
619 for (EcompRole role : newRolesToAdd) {
620 logger.debug(EELFLoggerDelegate.debugLogger, "syncAppRoles: about to add missing role: " + role.toString());
621 EPRole newRole = new EPRole();
622 // Attention! All roles from remote application supposed to be
624 newRole.setActive(true);
625 newRole.setName(role.getName());
626 newRole.setAppId(appId);
627 newRole.setAppRoleId(role.getId());
628 localSession.save(newRole);
630 logger.debug(EELFLoggerDelegate.debugLogger, "syncAppRoles: about to commit the transaction");
631 transaction.commit();
632 logger.debug(EELFLoggerDelegate.debugLogger, "syncAppRoles: committed the transaction");
633 } catch (Exception e) {
634 logger.error(EELFLoggerDelegate.errorLogger, "syncAppRoles failed", e);
635 EPLogUtil.logEcompError(logger, EPAppMessagesEnum.BeDaoSystemError, e);
636 EcompPortalUtils.rollbackTransaction(transaction,
637 "Exception occurred in syncAppRoles, Details: " + e.toString());
638 throw new Exception(e);
640 localSession.close();
649 * Called when updating the list of roles for the user
653 * @param userRolesInRemoteApp
654 * @return RolesInAppForUser
656 protected RolesInAppForUser constructRolesInAppForUserUpdate(String userId, Long appId,
657 Set<EcompRole> userRolesInRemoteApp) {
658 RolesInAppForUser result;
659 result = new RolesInAppForUser();
660 result.appId = appId;
661 result.orgUserId = userId;
663 for (EcompRole role : userRolesInRemoteApp) {
664 RoleInAppForUser roleInAppForUser = new RoleInAppForUser();
665 roleInAppForUser.roleId = role.getId();
666 roleInAppForUser.roleName = role.getName();
667 roleInAppForUser.isApplied = new Boolean(true);
668 result.roles.add(roleInAppForUser);
675 * @param roleInAppForUserList
678 protected boolean remoteUserShouldBeCreated(List<RoleInAppForUser> roleInAppForUserList) {
679 for (RoleInAppForUser roleInAppForUser : roleInAppForUserList) {
680 if (roleInAppForUser.isApplied.booleanValue()) {
688 * Builds JSON and posts it to a remote application to update user roles.
690 * @param roleInAppForUserList
692 * @param applicationsRestClientService
695 * @return Set of roles as sent; NOT the response from the app.
696 * @throws JsonProcessingException
697 * @throws HTTPException
699 protected Set<EcompRole> postUsersRolesToRemoteApp(List<RoleInAppForUser> roleInAppForUserList, ObjectMapper mapper,
700 ApplicationsRestClientService applicationsRestClientService, Long appId, String userId,boolean systemUser)
701 throws JsonProcessingException, HTTPException {
702 Set<EcompRole> updatedUserRolesinRemote = constructUsersRemoteAppRoles(roleInAppForUserList);
703 Set<EcompRole> updateUserRolesInEcomp = constructUsersEcompRoles(roleInAppForUserList);
704 String userRolesAsString = mapper.writeValueAsString(updatedUserRolesinRemote);
705 EPApp externalApp = null;
706 SystemType type = SystemType.APPLICATION;
707 externalApp = appsCacheService.getApp(appId);
708 String appBaseUri = null;
709 Set<RemoteRoleV1> updatedUserRolesinRemoteV1 = new TreeSet<>();
710 if (externalApp != null) {
711 appBaseUri = (type == SystemType.APPLICATION) ? externalApp.getAppRestEndpoint() : "";
713 if(appBaseUri != null && appBaseUri.endsWith("/api")){
714 for(EcompRole eprole :updatedUserRolesinRemote)
716 RemoteRoleV1 role = new RemoteRoleV1();
717 role.setId(eprole.getId());
718 role.setName(eprole.getName());
719 updatedUserRolesinRemoteV1.add(role);
721 userRolesAsString = mapper.writeValueAsString(updatedUserRolesinRemoteV1);
723 applicationsRestClientService.post(EcompRole.class, appId, userRolesAsString,
724 String.format("/user/%s/roles", userId));
725 // TODO: We should add code that verifies that the post operation did
726 // succeed. Because the SDK may still return 200 OK with an html page
727 // even when it fails!
728 return updateUserRolesInEcomp;
733 * @param roleInAppForUserList
734 * @return Set<EcompRole>
736 protected Set<EcompRole> constructUsersEcompRoles(List<RoleInAppForUser> roleInAppForUserList) {
737 Set<EcompRole> existingUserRoles = new TreeSet<EcompRole>();
738 for (RoleInAppForUser roleInAppForUser : roleInAppForUserList) {
739 if (roleInAppForUser.isApplied) {
740 EcompRole ecompRole = new EcompRole();
741 ecompRole.setId(roleInAppForUser.roleId);
742 ecompRole.setName(roleInAppForUser.roleName);
743 existingUserRoles.add(ecompRole);
746 return existingUserRoles;
750 * Constructs user app roles excluding Account Administrator role
752 * @param roleInAppForUserList
754 * List of roles with Role name, Role Id
756 protected Set<EcompRole> constructUsersRemoteAppRoles(List<RoleInAppForUser> roleInAppForUserList) {
757 Set<EcompRole> existingUserRoles = new TreeSet<EcompRole>();
758 for (RoleInAppForUser roleInAppForUser : roleInAppForUserList) {
759 if (roleInAppForUser.isApplied && !roleInAppForUser.getRoleId().equals(PortalConstants.ACCOUNT_ADMIN_ROLE_ID)) {
760 EcompRole ecompRole = new EcompRole();
761 ecompRole.setId(roleInAppForUser.roleId);
762 ecompRole.setName(roleInAppForUser.roleName);
763 existingUserRoles.add(ecompRole);
766 return existingUserRoles;
770 * This is for a single app
772 * @param rolesInAppForUser
773 * @param externalSystemRequest
774 * set to false if requests from Users page otherwise true
775 * @return true on success, false otherwise
777 protected boolean applyChangesInUserRolesForAppToEcompDB(RolesInAppForUser rolesInAppForUser, boolean externalSystemRequest, String reqType,boolean isSystemUser) throws Exception {
778 boolean result = false;
779 String userId = rolesInAppForUser.orgUserId;
780 Long appId = rolesInAppForUser.appId;
781 synchronized (syncRests) {
782 if (rolesInAppForUser != null) {
783 createLocalUserIfNecessary(userId, isSystemUser);
786 if (rolesInAppForUser != null) {
787 EcompRole[] userAppRoles = new EcompRole[rolesInAppForUser.roles.stream().distinct().collect(Collectors.toList()).size()];
788 for (int i = 0; i < rolesInAppForUser.roles.stream().distinct().collect(Collectors.toList()).size(); i++) {
789 RoleInAppForUser roleInAppForUser = rolesInAppForUser.roles.get(i);
790 EcompRole role = new EcompRole();
791 role.setId(roleInAppForUser.roleId);
792 role.setName(roleInAppForUser.roleName);
793 userAppRoles[i] = role;
796 syncUserRoles(sessionFactory, userId, appId, userAppRoles, externalSystemRequest, reqType);
798 } catch (Exception e) {
799 logger.error(EELFLoggerDelegate.errorLogger,
800 "applyChangesInUserRolesForAppToEcompDB: failed to syncUserRoles for orgUserId " + userId, e);
801 if("DELETE".equals(reqType)){
802 throw new Exception(e.getMessage());
814 * @return UserApplicationRoles
816 protected UserApplicationRoles convertToUserApplicationRoles(Long appId, RemoteUserWithRoles remoteUser) {
817 UserApplicationRoles userWithRemoteAppRoles = new UserApplicationRoles();
818 userWithRemoteAppRoles.setAppId(appId);
819 userWithRemoteAppRoles.setOrgUserId(remoteUser.getOrgUserId());
820 userWithRemoteAppRoles.setFirstName(remoteUser.getFirstName());
821 userWithRemoteAppRoles.setLastName(remoteUser.getLastName());
822 userWithRemoteAppRoles.setRoles(remoteUser.getRoles());
823 return userWithRemoteAppRoles;
829 * @see org.onap.portalapp.portal.service.UserRolesService#
830 * importRolesFromRemoteApplication(java.lang.Long)
832 public List<EPRole> importRolesFromRemoteApplication(Long appId) throws HTTPException {
833 EPRole[] appRolesFull = applicationsRestClientService.get(EPRole[].class, appId, "/rolesFull");
834 List<EPRole> rolesList = Arrays.asList(appRolesFull);
835 for (EPRole externalAppRole : rolesList) {
837 // Try to find an existing extern role for the app in the local
838 // onap DB. If so, then use its id to update the existing external
839 // application role record.
840 Long externAppId = externalAppRole.getId();
841 EPRole existingAppRole = epRoleService.getRole(appId, externAppId);
842 if (existingAppRole != null) {
843 logger.debug(EELFLoggerDelegate.debugLogger,
844 String.format("ecomp role already exists for app=%s; appRoleId=%s. No need to import this one.",
845 appId, externAppId));
848 // persistExternalRoleInEcompDb(externalAppRole, appId,
856 * It adds new user for remote application
858 * @param roleInAppForUserList
859 * @param remoteAppUser
863 * @param searchService
864 * @param applicationsRestClientService
868 private EPUser addRemoteUser(List<RoleInAppForUser> roleInAppForUserList, String userId, EPApp app,
869 ObjectMapper mapper, SearchService searchService,
870 ApplicationsRestClientService applicationsRestClientService) throws Exception {
871 EPUser addRemoteUser = null;
872 if (remoteUserShouldBeCreated(roleInAppForUserList)) {
873 createNewUserOnRemoteApp(userId, app, applicationsRestClientService, searchService, mapper,
874 isAppUpgradeVersion(app));
876 return addRemoteUser;
879 private EPUser pushRemoteUser(List<RoleInAppForUser> roleInAppForUserList, String userId, EPApp app,
880 ObjectMapper mapper, SearchService searchService,
881 ApplicationsRestClientService applicationsRestClientService,boolean appRoleIdUsed) throws Exception {
882 EPUser addRemoteUser = null;
883 // if (remoteUserShouldBeCreated(roleInAppForUserList)) {
884 pushUserOnRemoteApp(userId, app, applicationsRestClientService, searchService, mapper,
885 isAppUpgradeVersion(app), roleInAppForUserList, appRoleIdUsed);
887 return addRemoteUser;
890 @SuppressWarnings("unchecked")
891 protected void pushUserOnRemoteApp(String userId, EPApp app,
892 ApplicationsRestClientService applicationsRestClientService, SearchService searchService,
893 ObjectMapper mapper, boolean postOpenSource, List<RoleInAppForUser> roleInAppForUserList,boolean appRoleIdUsed) throws Exception {
895 EPUser client = null;
896 client = searchService.searchUserByUserId(userId);
898 mapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
899 if (client == null) {
900 String msg = "cannot create user " + userId + ", because he/she cannot be found in directory.";
901 logger.error(EELFLoggerDelegate.errorLogger, msg);
902 // throw new Exception(msg);
903 final Map<String, String> loginIdParams = new HashMap<>();
904 loginIdParams.put("orgUserIdValue", userId);
905 List<EPUser> userList = new ArrayList<>();
906 userList = dataAccessService.executeNamedQuery("epUserAppId", loginIdParams, null);
907 if (userList.size() > 0) {
908 logger.debug(EELFLoggerDelegate.debugLogger,
909 userList.get(0).getOrgUserId() + " User was found in Portal");
910 client = userList.get(0);
911 SortedSet<EPUserApp> userApps = new TreeSet<>();
912 client.setEPUserApps(userApps);
913 client.setSystemUser(false);
915 logger.error(EELFLoggerDelegate.errorLogger, "user cannot be found be in directory or in portal");
916 throw new Exception(msg);
921 client.setLoginId(userId);
922 client.setActive(true);
923 client.setOrgUserId(userId);
926 roleInAppForUserList.removeIf(role -> role.isApplied.equals(false));
927 SortedSet<Role> roles = new TreeSet<>();
929 List<EPRole> getAppRoles = externalAccessRolesService.getAppRoles(app.getId());
930 List<EPApp> appList = new ArrayList<>();
932 List<CentralV2Role> roleList = new ArrayList<>();
933 Map<String, Long> params = new HashMap<>();
935 List<EPRole> userRoles = new ArrayList<>();
937 for (RoleInAppForUser roleInappForUser : roleInAppForUserList) {
938 EPRole role = new EPRole();
939 role.setId(roleInappForUser.getRoleId());
940 role.setName(roleInappForUser.getRoleName());
945 List<EPRole> userAppRoles = new ArrayList<>();
946 for (EPRole role : userRoles) {
947 EPRole appRole = getAppRoles.stream()
948 .filter(applicationRole -> role.getId().equals(applicationRole.getAppRoleId())).findAny()
950 EPRole epRole = new EPRole();
951 if (appRole != null) {
952 epRole.setId(appRole.getId());
953 epRole.setName(appRole.getName());
955 userAppRoles.add(epRole);
957 userRoles = new ArrayList<>();
958 userRoles.addAll(userAppRoles);
960 roleList = externalAccessRolesService.createCentralRoleObject(appList, userRoles, roleList, params);
962 for (CentralV2Role epRole : roleList) {
963 Role role = new Role();
964 EPRole appRole = getAppRoles.stream()
965 .filter(applicationRole -> epRole.getId().equals(applicationRole.getId())).findAny().orElse(null);
966 if (appRole != null){
967 role.setId(appRole.getAppRoleId());
968 role.setName(epRole.getName());
969 role.setRoleFunctions(epRole.getRoleFunctions());
973 client.setRoles(roles);
974 String userInString = null;
975 userInString = mapper.writerFor(EPUser.class).writeValueAsString(client);
976 logger.debug(EELFLoggerDelegate.debugLogger,
977 "about to post a client to remote application, users json = " + userInString);
978 applicationsRestClientService.post(EPUser.class, app.getId(), userInString, String.format("/user/%s", userId));
982 * It checks whether the remote user exists or not
983 * if exits returns user object else null
987 * @param applicationsRestClientService
989 * @throws HTTPException
991 private EPUser checkIfRemoteUserExits(String userId, EPApp app, ApplicationsRestClientService applicationsRestClientService) throws HTTPException{
992 EPUser checkRemoteUser = null;
994 checkRemoteUser = getUserFromApp(userId, app, applicationsRestClientService);
995 } catch (HTTPException e) {
996 // Some apps are returning 400 if user is not found.
997 if (e.getResponseCode() == 400) {
998 logger.debug(EELFLoggerDelegate.debugLogger,
999 "setAppWithUserRoleStateForUser: getuserFromApp threw exception with response code 400; continuing",
1001 } else if(e.getResponseCode() == 404) {
1002 logger.debug(EELFLoggerDelegate.debugLogger,
1003 "setAppWithUserRoleStateForUser: getuserFromApp threw exception with response code 404; continuing",
1006 // Other response code, let it come thru.
1010 return checkRemoteUser;
1017 * @see org.onap.portalapp.portal.service.UserRolesService#
1018 * setAppWithUserRoleStateForUser(org.onap.portalapp.portal.domain.
1019 * EPUser, org.onap.portalapp.portal.transport.AppWithRolesForUser)
1021 public ExternalRequestFieldsValidator setAppWithUserRoleStateForUser(EPUser user, AppWithRolesForUser newAppRolesForUser) {
1022 boolean result = false;
1023 boolean epRequestValue = false;
1025 String reqMessage = "";
1026 if (newAppRolesForUser != null && newAppRolesForUser.getOrgUserId() != null) {
1027 userId = newAppRolesForUser.getOrgUserId().trim();
1029 Long appId = newAppRolesForUser.getAppId();
1030 List<RoleInAppForUser> roleInAppForUserList = newAppRolesForUser.getAppRoles();
1031 if (userId.length() > 0 ) {
1032 ObjectMapper mapper = new ObjectMapper();
1033 mapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
1036 EPApp app = appsService.getApp(appId);
1037 applyChangesToUserAppRolesForMyLoginsRequest(user, appId);
1039 boolean systemUser = newAppRolesForUser.isSystemUser();
1040 if ((app.getCentralAuth() || app.getId().equals(PortalConstants.PORTAL_APP_ID)) && systemUser) {
1042 Set<EcompRole> userRolesInLocalApp = postUsersRolesToLocalApp(roleInAppForUserList, mapper,
1043 applicationsRestClientService, appId, userId);
1044 RolesInAppForUser rolesInAppForUser = constructRolesInAppForUserUpdate(userId, appId,
1045 userRolesInLocalApp);
1046 List<RoleInAppForUser> roleAppUserList = rolesInAppForUser.roles;
1047 if (EcompPortalUtils.checkIfRemoteCentralAccessAllowed()) {
1048 // Apply changes in external Access system
1049 updateUserRolesInExternalSystem(app, rolesInAppForUser.orgUserId, roleAppUserList,
1050 epRequestValue, systemUser);
1052 result = applyChangesInUserRolesForAppToEcompDB(rolesInAppForUser, epRequestValue, "Portal",
1055 }else if (!app.getCentralAuth() && systemUser)
1057 throw new Exception("For non-centralized application we cannot add systemUser");
1059 else{ // if centralized app
1060 if (app.getCentralAuth()) {
1061 if (!app.getId().equals(PortalConstants.PORTAL_APP_ID)) {
1062 pushRemoteUser(roleInAppForUserList, userId, app, mapper, searchService,
1063 applicationsRestClientService,false);
1066 Set<EcompRole> userRolesInLocalApp = postUsersRolesToLocalApp(roleInAppForUserList, mapper,
1067 applicationsRestClientService, appId, userId);
1068 RolesInAppForUser rolesInAppForUser = constructRolesInAppForUserUpdate(userId, appId,
1069 userRolesInLocalApp);
1070 List<RoleInAppForUser> roleAppUserList = rolesInAppForUser.roles;
1071 if (EcompPortalUtils.checkIfRemoteCentralAccessAllowed()) {
1072 // Apply changes in external Access system
1073 updateUserRolesInExternalSystem(app, rolesInAppForUser.orgUserId, roleAppUserList,
1074 epRequestValue,false);
1076 result = applyChangesInUserRolesForAppToEcompDB(rolesInAppForUser, epRequestValue, "Portal", systemUser);
1078 // In case if portal is not centralized then follow existing approach
1079 else if(!app.getCentralAuth() && app.getId().equals(PortalConstants.PORTAL_APP_ID)){
1080 Set<EcompRole> userRolesInLocalApp = postUsersRolesToLocalApp(roleInAppForUserList, mapper,
1081 applicationsRestClientService, appId, userId);
1082 RolesInAppForUser rolesInAppForUser = constructRolesInAppForUserUpdate(userId, appId,
1083 userRolesInLocalApp);
1084 result = applyChangesInUserRolesForAppToEcompDB(rolesInAppForUser, epRequestValue, "Portal",false);
1085 } else{// remote app
1086 EPUser remoteAppUser = null;
1087 if(!app.getCentralAuth() && !app.getId().equals(PortalConstants.PORTAL_APP_ID)){
1089 remoteAppUser = checkIfRemoteUserExits(userId, app, applicationsRestClientService);
1091 if (remoteAppUser == null) {
1092 remoteAppUser = addRemoteUser(roleInAppForUserList, userId, app, mapper, searchService, applicationsRestClientService);
1094 Set<EcompRole> userRolesInRemoteApp = postUsersRolesToRemoteApp(roleInAppForUserList, mapper,
1095 applicationsRestClientService, appId, userId,systemUser);
1096 RolesInAppForUser rolesInAppForUser = constructRolesInAppForUserUpdate(userId, appId,
1097 userRolesInRemoteApp);
1098 result = applyChangesInUserRolesForAppToEcompDB(rolesInAppForUser, epRequestValue, null,false);
1100 // If no roles remain, request app to set user inactive.
1101 if (userRolesInRemoteApp.size() == 0) {
1102 logger.debug(EELFLoggerDelegate.debugLogger,
1103 "setAppWithUserRoleStateForUser: no roles in app {}, set user {} to inactive", app,
1105 //remoteAppUser.setActive(false);
1106 postUserToRemoteApp(userId, user, app, applicationsRestClientService);
1111 } catch (Exception e) {
1112 /*String message = String.format(
1113 "Failed to create user or update user roles for User %s, AppId %s",
1114 userId, Long.toString(appId));
1115 logger.error(EELFLoggerDelegate.errorLogger, message, e);
1118 String message = String.format(
1119 "Failed to create user or update user roles for User %s, AppId %s",
1120 userId, Long.toString(appId));
1121 logger.error(EELFLoggerDelegate.errorLogger, message, e);
1123 reqMessage = e.getMessage();
1130 return new ExternalRequestFieldsValidator(result, reqMessage);
1134 * It adds user roles in External system and also make data consistent in both local and in External System
1136 * @param app details
1138 * @param roleInAppUser Contains list of active roles
1140 @SuppressWarnings("unchecked")
1141 private void updateUserRolesInExternalSystem(EPApp app, String orgUserId, List<RoleInAppForUser> roleInAppUser, boolean isPortalRequest,boolean isSystemUser) throws Exception
1144 // check if user exists
1145 final Map<String, String> userParams = new HashMap<>();
1146 userParams.put("orgUserIdValue", orgUserId);
1147 List<EPUser> userInfo = checkIfUserExists(userParams);
1148 if (userInfo.isEmpty()) {
1149 createLocalUserIfNecessary(orgUserId, isSystemUser);
1152 if (EPCommonSystemProperties
1153 .containsProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_USER_DOMAIN) && !isSystemUser) {
1155 + SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_USER_DOMAIN);
1159 ObjectMapper mapper = new ObjectMapper();
1160 HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth();
1161 HttpEntity<String> getUserRolesEntity = new HttpEntity<>(headers);
1162 ResponseEntity<String> getResponse = externalAccessRolesService.getUserRolesFromExtAuthSystem(name, getUserRolesEntity);
1163 List<ExternalAccessUserRoleDetail> userRoleDetailList = new ArrayList<>();
1164 String res = getResponse.getBody();
1165 JSONObject jsonObj = null;
1166 JSONArray extRoles = null;
1167 if (!res.equals("{}")) {
1168 jsonObj = new JSONObject(res);
1169 extRoles = jsonObj.getJSONArray("role");
1171 ExternalAccessUserRoleDetail userRoleDetail = null;
1172 if (extRoles != null) {
1173 for (int i = 0; i < extRoles.length(); i++) {
1174 if (extRoles.getJSONObject(i).getString("name").startsWith(app.getNameSpace() + ".")
1175 && !extRoles.getJSONObject(i).getString("name").equals(app.getNameSpace() + ".admin")
1176 && !extRoles.getJSONObject(i).getString("name").equals(app.getNameSpace() + ".owner")) {
1177 if (extRoles.getJSONObject(i).has("description")) {
1178 ExternalRoleDescription desc = new ExternalRoleDescription(extRoles.getJSONObject(i).getString("description"));
1179 userRoleDetail = new ExternalAccessUserRoleDetail(
1180 extRoles.getJSONObject(i).getString("name"), desc);
1181 userRoleDetailList.add(userRoleDetail);
1183 userRoleDetail = new ExternalAccessUserRoleDetail(
1184 extRoles.getJSONObject(i).getString("name"), null);
1185 userRoleDetailList.add(userRoleDetail);
1192 List<ExternalAccessUserRoleDetail> userRoleListMatchingInExtAuthAndLocal = CheckIfRoleAreMatchingInUserRoleDetailList(userRoleDetailList,app);
1194 // If request coming from portal not from external role approval system then we have to check if user already
1195 // have account admin or system admin as GUI will not send these roles
1196 if (!isPortalRequest) {
1197 final Map<String, String> loginIdParams = new HashMap<>();
1198 loginIdParams.put("orgUserIdValue", orgUserId);
1199 EPUser user = (EPUser) dataAccessService.executeNamedQuery("epUserAppId", loginIdParams, null).get(0);
1200 final Map<String, Long> params = new HashMap<>();
1201 params.put("appId", app.getId());
1202 params.put("userId", user.getId());
1203 List<EcompUserAppRoles> userAppList = dataAccessService.executeNamedQuery("getUserAppExistingRoles",
1205 if (!roleInAppUser.isEmpty()) {
1206 for (EcompUserAppRoles userApp : userAppList) {
1207 if (userApp.getRoleId().equals(PortalConstants.SYS_ADMIN_ROLE_ID)
1208 || userApp.getRoleId().equals(PortalConstants.ACCOUNT_ADMIN_ROLE_ID)) {
1209 RoleInAppForUser addSpecialRole = new RoleInAppForUser();
1210 addSpecialRole.setIsApplied(true);
1211 addSpecialRole.setRoleId(userApp.getRoleId());
1212 addSpecialRole.setRoleName(userApp.getRoleName());
1213 roleInAppUser.add(addSpecialRole);
1218 List<RoleInAppForUser> roleInAppUserNonDupls = roleInAppUser.stream().distinct()
1219 .collect(Collectors.toList());
1220 final Map<String, RoleInAppForUser> currentUserRolesToUpdate = new HashMap<>();
1221 for (RoleInAppForUser roleInAppUserNew : roleInAppUserNonDupls) {
1222 currentUserRolesToUpdate.put(roleInAppUserNew.getRoleName().replaceAll(EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_"), roleInAppUserNew);
1224 final Map<String, ExternalAccessUserRoleDetail> currentUserRolesInExternalSystem = new HashMap<>();
1225 for (ExternalAccessUserRoleDetail extAccessUserRole : userRoleListMatchingInExtAuthAndLocal) {
1226 currentUserRolesInExternalSystem.put(extAccessUserRole.getName(), extAccessUserRole);
1228 // Check if user roles does not exists in local but still there in External Central Auth System delete them all
1229 for (ExternalAccessUserRoleDetail userRole : userRoleListMatchingInExtAuthAndLocal) {
1230 if (!(currentUserRolesToUpdate
1231 .containsKey(userRole.getName().substring(app.getNameSpace().length() + 1)))) {
1232 HttpEntity<String> entity = new HttpEntity<>(headers);
1233 logger.debug(EELFLoggerDelegate.debugLogger,
1234 "updateUserRolesInExternalSystem: Connecting to external system to DELETE user role {}",
1235 userRole.getName());
1236 ResponseEntity<String> deleteResponse = template.exchange(
1237 SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL)
1238 + "userRole/" + name + "/" + userRole.getName(),
1239 HttpMethod.DELETE, entity, String.class);
1240 logger.debug(EELFLoggerDelegate.debugLogger,
1241 "updateUserRolesInExternalSystem: Finished DELETE operation in external system for user role {} and the response is {}",
1242 userRole.getName(), deleteResponse.getBody());
1245 // Check if user roles does not exists in External Central Auth System add them all
1246 for (RoleInAppForUser addUserRole : roleInAppUserNonDupls) {
1247 if (!(currentUserRolesInExternalSystem
1248 .containsKey(app.getNameSpace() + "." + addUserRole.getRoleName().replaceAll(EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_")))) {
1249 ExternalAccessUser extUser = new ExternalAccessUser(name,
1250 app.getNameSpace() + "." + addUserRole.getRoleName().replaceAll(EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_"));
1251 String formattedUserRole = mapper.writeValueAsString(extUser);
1252 HttpEntity<String> entity = new HttpEntity<>(formattedUserRole, headers);
1253 logger.debug(EELFLoggerDelegate.debugLogger, "updateUserRolesInExternalSystem: Connecting to external system for user {} and POST {}",
1254 name , addUserRole.getRoleName());
1255 ResponseEntity<String> addResponse = template
1256 .exchange(SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL)
1257 + "userRole", HttpMethod.POST, entity, String.class);
1258 logger.debug(EELFLoggerDelegate.debugLogger,
1259 "updateUserRolesInExternalSystem: Finished adding user role in external system {} and added user role {}",
1260 addResponse.getBody(), addUserRole.getRoleName());
1261 if (addResponse.getStatusCode().value() != 201 && addResponse.getStatusCode().value() != 404) {
1262 logger.debug(EELFLoggerDelegate.debugLogger,
1263 "Finished POST operation in external system but unable to save user role", addResponse.getBody(),
1264 addUserRole.getRoleName());
1265 throw new Exception(addResponse.getBody());
1269 } catch (HttpClientErrorException e) {
1270 logger.error(EELFLoggerDelegate.errorLogger,
1271 "updateUserRolesInExternalSystem: Failed to add user role for application {} due to {}",
1273 if (e.getStatusCode() == HttpStatus.FORBIDDEN) {
1274 logger.error(EELFLoggerDelegate.errorLogger, "Please enter the valid systemUser", orgUserId);
1275 throw new HttpClientErrorException(HttpStatus.FORBIDDEN, "Please enter the valid systemUser");
1277 if (e.getStatusCode() == HttpStatus.NOT_FOUND) {
1278 logger.error(EELFLoggerDelegate.errorLogger, "Please enter the valid role");
1279 throw new HttpClientErrorException(HttpStatus.NOT_FOUND, "Please enter the valid role");
1281 EPLogUtil.logExternalAuthAccessAlarm(logger, HttpStatus.BAD_REQUEST);
1285 catch (Exception e) {
1286 logger.error(EELFLoggerDelegate.errorLogger, "updateUserRolesInExternalSystem: Failed to add user role for application {} due to {}", app.getId(), e);
1287 EPLogUtil.logExternalAuthAccessAlarm(logger, HttpStatus.BAD_REQUEST);
1293 private List<ExternalAccessUserRoleDetail> CheckIfRoleAreMatchingInUserRoleDetailList(
1294 List<ExternalAccessUserRoleDetail> userRoleDetailList, EPApp app) {
1295 Map<String, EPRole> epRoleList = externalAccessRolesService.getAppRoleNamesWithUnderscoreMap(app);
1296 //Add Account Admin role for partner app to prevent conflict
1297 if(!app.getId().equals(PortalConstants.PORTAL_APP_ID)) {
1298 EPRole role = new EPRole();
1299 role.setName(PortalConstants.ADMIN_ROLE.replaceAll(EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_"));
1300 epRoleList.put(role.getName(), role);
1302 userRoleDetailList.removeIf(userRoleDetail -> !epRoleList.containsKey(userRoleDetail.getName().substring(app.getNameSpace().length()+1)));
1303 return userRoleDetailList;
1310 * @param applicationsRestClientService
1311 * @param searchService
1315 protected void createNewUserOnRemoteApp(String userId, EPApp app,
1316 ApplicationsRestClientService applicationsRestClientService, SearchService searchService,
1317 ObjectMapper mapper, boolean postOpenSource) throws Exception {
1320 EPUser client = searchService.searchUserByUserId(userId);
1322 mapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
1324 if (client == null) {
1325 String msg = "cannot create user " + userId + ", because he/she cannot be found in phonebook.";
1326 logger.error(EELFLoggerDelegate.errorLogger, msg);
1327 throw new Exception(msg);
1330 client.setLoginId(userId);
1331 client.setActive(true);
1333 String userInString = null;
1334 userInString = mapper.writerFor(EPUser.class).writeValueAsString(client);
1335 logger.debug(EELFLoggerDelegate.debugLogger,
1336 "about to post new client to remote application, users json = " + userInString);
1337 applicationsRestClientService.post(EPUser.class, app.getId(), userInString, String.format("/user", userId));
1341 @SuppressWarnings("unchecked")
1342 protected void applyChangesToAppRolesRequest(Long appId, Long userId, String updateStatus, EPUserAppRolesRequest epUserAppRolesRequest) {
1343 final Map<String, Long> epRequestParams = new HashMap<>();
1345 EPUserAppRolesRequest epAppRolesRequestData = epUserAppRolesRequest;
1346 epAppRolesRequestData.setUpdatedDate(new Date());
1347 epAppRolesRequestData.setRequestStatus(updateStatus);
1348 HashMap<String, Long> addiotonalUpdateParam = new HashMap<String, Long>();
1349 addiotonalUpdateParam.put("userId", userId);
1350 dataAccessService.saveDomainObject(epAppRolesRequestData, addiotonalUpdateParam);
1351 epRequestParams.put("reqId", epUserAppRolesRequest.getId());
1352 List<EPUserAppRolesRequestDetail> epUserAppRolessDetailList = new ArrayList<EPUserAppRolesRequestDetail>();
1353 epUserAppRolessDetailList = dataAccessService.executeNamedQuery("userAppRolesRequestDetailList",
1354 epRequestParams, null);
1355 if (epUserAppRolessDetailList.size() > 0) {
1356 for (EPUserAppRolesRequestDetail epRequestUpdateData : epUserAppRolessDetailList) {
1357 EPUserAppRolesRequestDetail epAppRoleDetailData = epRequestUpdateData;
1358 epAppRoleDetailData.setReqType(updateStatus);
1359 epAppRoleDetailData.setEpRequestIdData(epAppRolesRequestData);
1360 HashMap<String, Long> updateDetailsParam = new HashMap<String, Long>();
1361 addiotonalUpdateParam.put("reqId", epUserAppRolesRequest.getId());
1362 dataAccessService.saveDomainObject(epAppRoleDetailData, updateDetailsParam);
1365 logger.debug(EELFLoggerDelegate.debugLogger, "The request is set to complete");
1367 } catch (Exception e) {
1368 logger.error(EELFLoggerDelegate.errorLogger, "applyChangesToAppRolesRequest failed", e);
1372 @SuppressWarnings("unchecked")
1373 public void applyChangesToUserAppRolesForMyLoginsRequest(EPUser user, Long appId) {
1374 final Map<String, Long> params = new HashMap<>();
1375 final Map<String, Long> epDetailParams = new HashMap<>();
1376 List<EPUserAppRolesRequest> epRequestIdVal = new ArrayList<EPUserAppRolesRequest>();
1377 params.put("appId", appId);
1378 params.put("userId", user.getId());
1380 epRequestIdVal = (List<EPUserAppRolesRequest>) dataAccessService
1381 .executeNamedQuery("userAppRolesRequestList", params, null);
1382 if (epRequestIdVal.size() > 0) {
1383 EPUserAppRolesRequest epAppRolesRequestData = epRequestIdVal.get(0);
1384 epAppRolesRequestData.setUpdatedDate(new Date());
1385 epAppRolesRequestData.setRequestStatus("O");
1386 HashMap<String, Long> addiotonalUpdateParam = new HashMap<String, Long>();
1387 addiotonalUpdateParam.put("userId", user.getId());
1388 dataAccessService.saveDomainObject(epAppRolesRequestData, addiotonalUpdateParam);
1389 epDetailParams.put("reqId", epAppRolesRequestData.getId());
1390 List<EPUserAppRolesRequestDetail> epUserAppRolesDetailList = new ArrayList<EPUserAppRolesRequestDetail>();
1391 epUserAppRolesDetailList = dataAccessService.executeNamedQuery("userAppRolesRequestDetailList",
1392 epDetailParams, null);
1393 if (epUserAppRolesDetailList.size() > 0) {
1394 for (EPUserAppRolesRequestDetail epRequestUpdateList : epUserAppRolesDetailList) {
1395 EPUserAppRolesRequestDetail epAppRoleDetailData = epRequestUpdateList;
1396 epAppRoleDetailData.setReqType("O");
1397 epAppRoleDetailData.setEpRequestIdData(epAppRolesRequestData);
1398 HashMap<String, Long> updateDetailsParams = new HashMap<String, Long>();
1399 addiotonalUpdateParam.put("reqId", epAppRolesRequestData.getId());
1400 dataAccessService.saveDomainObject(epAppRoleDetailData, updateDetailsParams);
1402 logger.debug(EELFLoggerDelegate.debugLogger, "User App roles request from User Page is overridden");
1406 } catch (Exception e) {
1407 logger.error(EELFLoggerDelegate.errorLogger, "applyChangesToUserAppRolesRequest failed", e);
1412 * Pushes specified user details to the specified remote app.
1415 * OrgUserId identifying user at remote app in REST endpoint path
1417 * User details to be pushed
1420 * @param applicationsRestClientService
1421 * @throws HTTPException
1423 protected void postUserToRemoteApp(String userId, EPUser user, EPApp app,
1424 ApplicationsRestClientService applicationsRestClientService) throws HTTPException {
1426 getUser(userId, app, applicationsRestClientService);
1431 * It returns user details for single org user id
1435 * if user exists it returns list of user details otherwise empty value
1437 @SuppressWarnings("unchecked")
1438 private List<EPUser> checkIfUserExists(Map<String, String> userParams){
1439 return (List<EPUser>)dataAccessService.executeNamedQuery("epUserAppId", userParams, null);
1443 * It checks whether the new user is valid or not otherwise throws exception
1448 * Checks if user is valid and returns message otherwise throws exception
1451 private String validateNewUser(String orgUserId, EPApp app) throws Exception {
1452 EPUser epUser = searchService.searchUserByUserId(orgUserId);
1453 if (epUser == null) {
1454 throw new Exception("User does not exist");
1455 } else if (!epUser.getOrgUserId().equals(orgUserId)) {
1456 throw new Exception("User does not exist");
1457 } else if (app == null) {
1458 throw new Exception("Application does not exist");
1460 return "Saved Successfully";
1464 * Checks if the fields exists or not
1467 * contains user information
1471 * throws exception if the field is not valid
1473 private void validateExternalRequestFields(List<EPUser> userList, EPApp app) throws Exception{
1474 if (userList.size() == 0 || userList.isEmpty() ) {
1475 throw new Exception("User does not exist");
1476 } else if(app == null) {
1477 throw new Exception("Application does not exist");
1478 } else if(!app.getEnabled() && !app.getId().equals(PortalConstants.PORTAL_APP_ID)) {
1479 throw new Exception(app.getMlAppName()+" application is unavailable");
1483 @SuppressWarnings("unchecked")
1484 public ExternalRequestFieldsValidator setExternalRequestUserAppRole(ExternalSystemUser newAppRolesForUser, String reqType) {
1485 boolean result = false;
1486 boolean externalSystemRequest = true;
1487 final Map<String, Long> params = new HashMap<>();
1488 final Map<String, String> userParams = new HashMap<>();
1489 List<EPUser> userInfo = null;
1491 List<EPUserAppRolesRequest> epRequestId = null;
1492 String orgUserId = "";
1493 String updateStatus = "";
1494 String reqMessage = "";
1496 if (newAppRolesForUser != null && newAppRolesForUser.getLoginId() != null) {
1497 orgUserId = newAppRolesForUser.getLoginId().trim();
1499 String appName = newAppRolesForUser.getApplicationName();
1500 String logMessage = ("DELETE").equals(reqType) ? "Deleting": "Assigning/Updating" ;
1501 if (orgUserId.length() > 0) {
1502 ObjectMapper mapper = new ObjectMapper();
1503 mapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
1504 int epRequestIdSize = 0;
1506 app = appsService.getAppDetail(appName);
1507 userParams.put("orgUserIdValue", orgUserId);
1508 userInfo = checkIfUserExists(userParams);
1509 reqMessage = "Updated Successfully";
1510 if (!reqType.equals("DELETE") && (userInfo.size() == 0 || userInfo.isEmpty())) {
1511 reqMessage = validateNewUser(orgUserId, app);
1513 if (userInfo.size() != 0 || !userInfo.isEmpty()) {
1514 validateExternalRequestFields(userInfo, app);
1515 user = userInfo.get(0);
1516 params.put("appId", app.getId());
1517 params.put("userId", user.getId());
1518 epRequestId = (List<EPUserAppRolesRequest>) dataAccessService
1519 .executeNamedQuery("userAppRolesRequestList", params, null);
1520 epRequestIdSize = epRequestId.size();
1523 //If Non-Centralized app make sure you sync app roles before assigning to user
1524 if (!app.getId().equals(PortalConstants.PORTAL_APP_ID) && !app.getCentralAuth()) {
1525 logger.debug(EELFLoggerDelegate.debugLogger, "setExternalRequestUserAppRole: Starting GET roles for app {}",app.getId());
1526 EcompRole[] appRoles = applicationsRestClientService.get(EcompRole[].class, app.getId(), "/roles");
1527 logger.debug(EELFLoggerDelegate.debugLogger, "setExternalRequestUserAppRole: Finshed GET roles for app {} and payload {}",app.getId(), appRoles);
1528 if (appRoles.length > 0) {
1529 syncAppRoles(sessionFactory, app.getId(), appRoles);
1532 List<RoleInAppForUser> roleInAppForUserList = roleInAppForUserList(newAppRolesForUser.getRoles(),
1533 app.getId(), app.getMlAppName());
1534 List<EcompUserAppRoles> userRoleList = null;
1535 if(!userInfo.isEmpty()){
1536 final Map<String, Long> appParams = new HashMap<>();
1537 appParams.put("userId", user.getId());
1538 appParams.put("appId", app.getId());
1539 userRoleList = dataAccessService.executeNamedQuery("getUserAppExistingRoles", appParams, null);
1541 // Check if list contains just account admin role
1542 boolean checkIfAdminRoleExists = false;
1543 if (reqType.equals("DELETE") && userRoleList!=null) {
1544 checkIfAdminRoleExists = userRoleList.stream()
1545 .anyMatch(userRole -> userRole.getRoleId().equals(PortalConstants.ACCOUNT_ADMIN_ROLE_ID));
1547 checkIfAdminRoleExists = roleInAppForUserList.stream()
1548 .anyMatch(roleList -> roleList.getRoleId().equals(PortalConstants.ACCOUNT_ADMIN_ROLE_ID));
1550 // if Centralized app
1551 if (app.getCentralAuth()) {
1552 // We should add If user does not exist in remote application
1554 // If adding just account admin role dont make remote application user call or
1555 // if request has only single non admin role then make remote call
1556 if (!(app.getId().equals(PortalConstants.PORTAL_APP_ID) && reqType.equals("DELETE"))
1557 && ((checkIfAdminRoleExists && roleInAppForUserList.size() > 1)
1558 || (!checkIfAdminRoleExists && roleInAppForUserList.size() >= 1))) {
1559 // check if admin role exist then delete
1560 List<RoleInAppForUser> remoteUserRoles = roleInAppForUserList.stream()
1561 .collect(Collectors.toList());
1562 remoteUserRoles.removeIf(role -> {
1563 return (role.getRoleId().equals(PortalConstants.ACCOUNT_ADMIN_ROLE_ID));
1565 String orgUserIdNewOrExist = (userInfo.size() != 0 || !userInfo.isEmpty()) ? user.getOrgUserId() : orgUserId;
1566 pushRemoteUser(remoteUserRoles, orgUserIdNewOrExist , app, mapper, searchService,
1567 applicationsRestClientService,true);
1569 } catch (Exception e) {
1570 reqMessage = e.getMessage();
1571 logger.error(EELFLoggerDelegate.errorLogger, "setExternalRequestUserAppRole: Failed to added remote user", e);
1572 throw new Exception(reqMessage);
1574 Set<EcompRole> userRolesInLocalApp = postUsersRolesToLocalApp(roleInAppForUserList, mapper,
1575 applicationsRestClientService, app.getId(), orgUserId);
1576 RolesInAppForUser rolesInAppForUser = constructRolesInAppForUserUpdate(orgUserId, app.getId(),
1577 userRolesInLocalApp);
1578 List<RoleInAppForUser> roleAppUserList = rolesInAppForUser.roles;
1579 if(EcompPortalUtils.checkIfRemoteCentralAccessAllowed()) {
1580 // Apply changes in external Access system
1581 updateUserRolesInExternalSystem(app, rolesInAppForUser.orgUserId, roleAppUserList, externalSystemRequest,false);
1583 logger.info(EELFLoggerDelegate.debugLogger, "setExternalRequestUserAppRole: {} user app roles: for app {}, user {}", logMessage,
1584 newAppRolesForUser.getApplicationName(), newAppRolesForUser.getLoginId());
1585 result = applyChangesInUserRolesForAppToEcompDB(rolesInAppForUser, externalSystemRequest, reqType,false);
1587 // If local application is not centralized
1588 else if(!app.getCentralAuth() && app.getId().equals(PortalConstants.PORTAL_APP_ID)){
1589 Set<EcompRole> userRolesInLocalApp = postUsersRolesToLocalApp(roleInAppForUserList, mapper,
1590 applicationsRestClientService, app.getId(), orgUserId);
1591 RolesInAppForUser rolesInAppForUser = constructRolesInAppForUserUpdate(orgUserId, app.getId(),
1592 userRolesInLocalApp);
1593 result = applyChangesInUserRolesForAppToEcompDB(rolesInAppForUser, externalSystemRequest, reqType,false);
1594 } else {// remote app
1595 // If adding just account admin role don't do remote application user call
1596 if (!((roleInAppForUserList.size() == 1 || reqType.equals("DELETE")) && checkIfAdminRoleExists)) {
1597 EPUser remoteAppUser = null;
1598 remoteAppUser = checkIfRemoteUserExits(orgUserId, app, applicationsRestClientService);
1599 if (remoteAppUser == null) {
1600 addRemoteUser(roleInAppForUserList, orgUserId, app, mapper, searchService,
1601 applicationsRestClientService);
1602 reqMessage = "Saved Successfully";
1605 Set<EcompRole> userRolesInRemoteApp = postUsersRolesToRemoteApp(roleInAppForUserList, mapper,
1606 applicationsRestClientService, app.getId(), orgUserId,false);
1608 RolesInAppForUser rolesInAppForUser = constructRolesInAppForUserUpdate(orgUserId, app.getId(),
1609 userRolesInRemoteApp);
1610 logger.info(EELFLoggerDelegate.debugLogger,
1611 "setExternalRequestUserAppRole: {} user app roles: for app {}, user {}", logMessage,
1612 newAppRolesForUser.getApplicationName(), newAppRolesForUser.getLoginId());
1613 result = applyChangesInUserRolesForAppToEcompDB(rolesInAppForUser, externalSystemRequest,
1615 // If no roles remain, request app to set user inactive.
1617 * if (userRolesInRemoteApp.size() == 0) {
1618 * logger.debug(EELFLoggerDelegate.debugLogger,
1619 * "setAppWithUserRoleStateForUser: no roles in app {}, set user {} to inactive"
1620 * , app, orgUserId); //TODO Need to fix the logged in user is not set to
1621 * inactive remoteAppUser.setActive(false); postUserToRemoteApp(orgUserId, user,
1622 * app, applicationsRestClientService); }
1626 // Here we are adding only we have single account admin in roleInAppForUserList and this should not add in remote
1627 if(!(reqType.equals("DELETE")) && userInfo.isEmpty()){
1628 reqMessage = "Saved Successfully";
1630 Set<EcompRole> userRolesInRemoteApp = constructUsersEcompRoles(roleInAppForUserList);
1632 RolesInAppForUser rolesInAppForUser = constructRolesInAppForUserUpdate(orgUserId, app.getId(),
1633 userRolesInRemoteApp);
1634 logger.info(EELFLoggerDelegate.debugLogger, "setExternalRequestUserAppRole: {} user app roles: for app {}, user {}",
1635 logMessage, newAppRolesForUser.getApplicationName(), newAppRolesForUser.getLoginId());
1636 result = applyChangesInUserRolesForAppToEcompDB(rolesInAppForUser, externalSystemRequest,
1640 reqMessage = "Failed to save the user app role(s)";
1642 if (epRequestIdSize > 0 && !userInfo.isEmpty()) {
1644 applyChangesToAppRolesRequest(app.getId(), user.getId(), updateStatus, epRequestId.get(0));
1647 } catch (Exception e) {
1648 String message = String.format("setExternalRequestUserAppRole: Failed to create user or update user roles for User %s, AppId %s",
1649 orgUserId, appName);
1650 logger.error(EELFLoggerDelegate.errorLogger, message, e);
1652 reqMessage = e.getMessage();
1653 if(epRequestIdSize > 0 && userInfo!=null && !userInfo.isEmpty()){
1655 applyChangesToAppRolesRequest(app.getId(), user.getId(),
1656 updateStatus, epRequestId.get(0));
1661 return new ExternalRequestFieldsValidator(result, reqMessage);
1666 * @param roleInAppForUserList
1668 * @param applicationsRestClientService
1671 * @return Set<EcompRole>
1672 * @throws JsonProcessingException
1673 * @throws HTTPException
1675 private Set<EcompRole> postUsersRolesToLocalApp(List<RoleInAppForUser> roleInAppForUserList, ObjectMapper mapper,
1676 ApplicationsRestClientService applicationsRestClientService, Long appId, String userId)
1677 throws JsonProcessingException, HTTPException {
1678 Set<EcompRole> updatedUserRoles = constructUsersEcompRoles(roleInAppForUserList);
1679 return updatedUserRoles;
1683 * It constructs and returns list of user app roles when the external API role approval system calls
1686 * @param roleInAppForUserList
1688 * @return list of user app roles
1690 * throws exceptions if role id does not exits
1692 private List<RoleInAppForUser> roleInAppForUserList(List<ExternalSystemRoleApproval> roleInAppForUserList,
1693 Long appId, String appName) throws Exception {
1694 List<RoleInAppForUser> existingUserRoles = new ArrayList<RoleInAppForUser>();
1695 EPRole existingAppRole = null;
1696 for (ExternalSystemRoleApproval roleInAppForUser : roleInAppForUserList) {
1697 RoleInAppForUser ecompRole = new RoleInAppForUser();
1698 existingAppRole = epRoleService.getAppRole(roleInAppForUser.getRoleName(), appId);
1699 if (existingAppRole == null) {
1700 logger.error(EELFLoggerDelegate.errorLogger, "roleInAppForUserList failed for the roles {}",
1701 roleInAppForUserList);
1702 throw new Exception("'" +roleInAppForUser.getRoleName() + "'" +" role does not exist for " + appName + " application");
1704 if (!existingAppRole.getActive()) {
1705 logger.error(EELFLoggerDelegate.errorLogger, "roleInAppForUserList failed for the roles {}",
1706 roleInAppForUserList);
1707 throw new Exception(roleInAppForUser.getRoleName() + " role is unavailable for "+ appName + " application");
1709 ecompRole.roleId = (appId == 1 || roleInAppForUser.getRoleName().equals(PortalConstants.ADMIN_ROLE)) ? existingAppRole.getId() : existingAppRole.getAppRoleId();
1710 ecompRole.roleName = roleInAppForUser.getRoleName();
1711 ecompRole.isApplied = true;
1712 existingUserRoles.add(ecompRole);
1715 return existingUserRoles;
1724 * @param applicationsRestClientService
1726 * @throws HTTPException
1728 protected EPUser getUserFromApp(String userId, EPApp app, ApplicationsRestClientService applicationsRestClientService)
1729 throws HTTPException {
1731 if (app.getId() == PortalConstants.PORTAL_APP_ID) {
1732 // Map<String,String> params = new HashMap<String,String>();
1733 // params.put("sbcid",userId);
1734 @SuppressWarnings("unchecked")
1735 List<EPUser> userList = (List<EPUser>) dataAccessService
1736 .executeQuery("from EPUser where orgUserId='" + userId + "'", null);
1737 if (userList != null && !userList.isEmpty())
1738 return userList.get(0);
1744 return getUser(userId, app, applicationsRestClientService);
1747 protected EPUser getUser(String userId, EPApp app, ApplicationsRestClientService applicationsRestClientService)
1748 throws HTTPException {
1749 return applicationsRestClientService.get(EPUser.class, app.getId(), String.format("/user/%s", userId), true);
1753 protected boolean isAppUpgradeVersion(EPApp app){
1758 public ExternalSystemAccess getExternalRequestAccess(){
1759 ExternalSystemAccess res = null;
1761 res = new ExternalSystemAccess(EPCommonSystemProperties.EXTERNAL_ACCESS_ENABLE,
1762 Boolean.parseBoolean(SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_ACCESS_ENABLE)));
1763 } catch (Exception e) {
1764 logger.error(EELFLoggerDelegate.errorLogger, "getExternalRequestAccess failed" + e.getMessage());
1772 * @see org.onap.portalapp.portal.service.UserRolesService#
1773 * getAppRolesForUser(java.lang.Long, java.lang.String)
1775 @SuppressWarnings("unchecked")
1776 public List<RoleInAppForUser> getAppRolesForUser(Long appId, String userId, Boolean extRequestValue,EPUser user) {
1777 List<RoleInAppForUser> rolesInAppForUser = null;
1778 EPApp app = appsService.getApp(appId);
1779 logger.debug(EELFLoggerDelegate.debugLogger, "In getAppRolesForUser() - app = {}", app);
1781 // for onap portal app, no need to make a remote call
1782 List<Role> roleList = new ArrayList<>();
1783 if (appId == PortalConstants.PORTAL_APP_ID) {
1784 if(app.getCentralAuth()){
1785 List<CentralV2Role> cenRoleList = externalAccessRolesService.getRolesForApp(app.getUebKey());
1786 for(CentralV2Role cenRole : cenRoleList){
1787 Role role = new Role();
1788 role.setActive(cenRole.getActive());
1789 role.setId(cenRole.getId());
1790 role.setName(cenRole.getName());
1791 role.setPriority(cenRole.getPriority());
1795 roleList = roleService.getAvailableRoles(userId);
1797 List<Role> activeRoleList = new ArrayList<Role>();
1798 for(Role role: roleList) {
1799 if(role.getActive()) {
1800 if(role.getId() != 1){ // prevent portal admin from being added
1801 activeRoleList.add(role);
1802 } else if(extRequestValue){
1803 activeRoleList.add(role);
1808 EPUser localUser = getUserFromApp(userId, app, applicationsRestClientService);
1809 // If localUser does not exists return roles
1810 Set<EPRole> roleSet = null;
1811 EPRole[] roleSetList = null;
1812 if(localUser != null){
1813 roleSet = localUser.getAppEPRoles(app);
1814 roleSetList = roleSet.toArray(new EPRole[0]);
1816 rolesInAppForUser = constructRolesInAppForUserGet(activeRoleList, roleSetList, extRequestValue);
1817 return rolesInAppForUser;
1820 EcompRole[] appRoles = null;
1821 List<EcompRole> roles = new ArrayList<>();
1822 if (app.getCentralAuth()) {
1823 final Map<String, Long> appParams = new HashMap<>();
1824 appParams.put("appId", app.getId());
1825 List<EPRole> applicationRoles = dataAccessService.executeNamedQuery("getActiveRolesOfApplication",
1828 EPApp application = appService.getApp(appId);
1829 boolean checkIfUserisApplicationAccAdmin = adminRolesService.isAccountAdminOfApplication(user,
1832 List<EPRole> rolesetwithfunctioncds = new ArrayList<EPRole>();
1833 for (EPRole role : applicationRoles) {
1834 Map<String, Long> params = new HashMap<>();
1835 params.put("roleId", role.getId());
1836 params.put(APP_ID, app.getId());
1837 List<CentralV2RoleFunction> cenRoleFuncList = dataAccessService
1838 .executeNamedQuery("getAppRoleFunctionList", params, null);
1840 // SortedSet<CentralV2RoleFunction> roleFunctionSet =
1842 SortedSet<RoleFunction> roleFunctionSet = new TreeSet<>();
1843 for (CentralV2RoleFunction roleFunc : cenRoleFuncList) {
1845 String functionCode = EcompPortalUtils.getFunctionCode(roleFunc.getCode());
1846 functionCode = EPUserUtils.decodeFunctionCode(functionCode);
1847 String type = externalAccessRolesService.getFunctionCodeType(roleFunc.getCode());
1848 String action = externalAccessRolesService.getFunctionCodeAction(roleFunc.getCode());
1849 String name = roleFunc.getName();
1851 RoleFunction function = new RoleFunction();
1852 function.setAction(action);
1853 function.setType(type);
1854 function.setCode(functionCode);
1855 function.setName(name);
1856 roleFunctionSet.add(function);
1857 role.setRoleFunctions(roleFunctionSet);
1860 rolesetwithfunctioncds.add(role);
1865 for (EPRole role1 : rolesetwithfunctioncds) {
1866 EcompRole ecompRole = new EcompRole();
1867 ecompRole.setId(role1.getId());
1868 ecompRole.setName(role1.getName());
1869 ecompRole.setRoleFunctions(role1.getRoleFunctions());
1870 roles.add(ecompRole);
1873 if (checkIfUserisApplicationAccAdmin) {
1874 appRoles = roles.toArray(new EcompRole[roles.size()]);
1875 logger.debug(EELFLoggerDelegate.debugLogger, "In getAppRolesForUser() If Logged in user checkIfUserisApplicationAccAdmin- appRoles = {}", appRoles);
1876 } else if (adminRolesService.isRoleAdmin(user) && !checkIfUserisApplicationAccAdmin) {
1877 List<EcompRole> roleAdminAppRoles = new ArrayList<>();
1878 List<String> roleAdminAppRolesNames = new ArrayList<>();
1879 final Map<String, Long> userParams = new HashMap<>();
1880 userParams.put("userId", user.getId());
1881 List<String> getUserApproverRoles = dataAccessService.executeNamedQuery("getUserApproverRoles", userParams, null);
1883 List<EcompRole> userapproverRolesList = new ArrayList<>();
1884 for (String str : getUserApproverRoles) {
1885 EcompRole epRole = roles.stream().filter(x -> str.equals(x.getName())).findAny().orElse(null);
1887 userapproverRolesList.add(epRole);
1889 // roles.removeAll(userapproverRolesList);
1890 for (EcompRole role : userapproverRolesList) {
1892 List<RoleFunction> roleFunList = new ArrayList<>();
1893 roleFunList.addAll(role.getRoleFunctions());
1894 boolean checkIfFunctionsExits = roleFunList.stream()
1895 .anyMatch(roleFunction -> roleFunction.getType().equalsIgnoreCase("Approver"));
1896 if (checkIfFunctionsExits) {
1897 roleAdminAppRoles.add(role);
1898 List<RoleFunction> filteredList = roleFunList.stream()
1899 .filter(x -> "Approver".equalsIgnoreCase(x.getType())).collect(Collectors.toList());
1900 roleAdminAppRolesNames.addAll(filteredList.stream().map(RoleFunction::getCode)
1901 .collect(Collectors.toList()));
1902 // roleAdminAppRolesNames = filteredList.stream().map(RoleFunction::getCode)
1903 // .collect(Collectors.toList());
1906 for (String name : roleAdminAppRolesNames) {
1907 EcompRole ecompRole = roles.stream().filter(x -> name.equals(x.getName())).findAny()
1909 if (ecompRole != null)
1910 roleAdminAppRoles.add(ecompRole);
1913 appRoles = roleAdminAppRoles.toArray(new EcompRole[roleAdminAppRoles.size()]);
1917 appRoles = applicationsRestClientService.get(EcompRole[].class, appId, "/roles");
1919 // Test this error case, for generating an internal ONAP Portal
1921 // EcompRole[] appRoles = null;
1922 // If there is an exception in the rest client api, then null will
1924 if (appRoles != null) {
1925 if(!app.getCentralAuth()) {
1926 syncAppRoles(sessionFactory, appId, appRoles);
1928 EcompRole[] userAppRoles = null;
1932 if(app.getCentralAuth()){
1933 final Map<String, String> params = new HashMap<>();
1934 final Map<String, Long> userParams = new HashMap<>();
1935 params.put("orgUserIdValue", userId);
1936 List<EPUser> actualUser = dataAccessService.executeNamedQuery("epUserAppId", params, null);
1937 userParams.put("appId", app.getId());
1938 userParams.put("userId", actualUser.get(0).getId());
1939 List<EPUserAppCurrentRoles> userAppsRolesList = dataAccessService.executeNamedQuery("getUserAppCurrentRoles", userParams, null);
1941 List<EcompRole> setUserRoles = new ArrayList<>();
1942 for(EPUserAppCurrentRoles role : userAppsRolesList){
1943 logger.debug(EELFLoggerDelegate.debugLogger, "In getAppRolesForUser() - userAppsRolesList get userRolename = {}", role.getRoleName());
1944 EcompRole ecompRole = new EcompRole();
1945 ecompRole.setId(role.getRoleId());
1946 ecompRole.setName(role.getRoleName());
1947 setUserRoles.add(ecompRole);
1950 boolean checkIfUserisAccAdmin = setUserRoles.stream()
1951 .anyMatch(ecompRole -> ecompRole.getId() == 999L);
1953 if (!checkIfUserisAccAdmin) {
1954 List<EcompRole> userApplicationRolesList = setUserRoles;
1955 List<EcompRole> appRolesList = Arrays.asList(appRoles);
1956 Set<EcompRole> finalUserAppRolesList = new HashSet<>();
1958 List<String> roleNames = new ArrayList<>();
1959 for (EcompRole role : userApplicationRolesList) {
1960 EcompRole epRole = appRolesList.stream()
1961 .filter(x -> role.getName().equals(x.getName())).findAny().orElse(null);
1962 List<RoleFunction> roleFunList = new ArrayList<>();
1963 if(epRole.getRoleFunctions().size()>0)
1964 roleFunList.addAll(epRole.getRoleFunctions());
1965 boolean checkIfFunctionsExits = roleFunList.stream().anyMatch(
1966 roleFunction -> roleFunction.getType().equalsIgnoreCase("Approver"));
1967 if (checkIfFunctionsExits) {
1968 finalUserAppRolesList.add(role);
1969 List<RoleFunction> filteredList = roleFunList.stream()
1970 .filter(x -> "Approver".equalsIgnoreCase(x.getType()))
1971 .collect(Collectors.toList());
1972 roleNames = filteredList.stream().map(RoleFunction::getCode)
1973 .collect(Collectors.toList());
1976 for (String name : roleNames) {
1977 EcompRole ecompRole = appRolesList.stream()
1978 .filter(x -> name.equals(x.getName())).findAny().orElse(null);
1979 if (ecompRole != null)
1980 finalUserAppRolesList.add(ecompRole);
1985 for (String name : roleNames) {
1987 boolean checkIfFunctionsExits = userAppsRolesList.stream().anyMatch(
1988 role -> role.getRoleName().equalsIgnoreCase(name));
1989 if(checkIfFunctionsExits)
1991 EcompRole epRole = appRolesList.stream().filter(x -> name.equals(x.getName()))
1992 .findAny().orElse(null);
1994 setUserRoles.add(epRole);
1998 userAppRoles = setUserRoles.toArray(new EcompRole[setUserRoles.size()]);
2001 userAppRoles = applicationsRestClientService.get(EcompRole[].class, appId,
2002 String.format("/user/%s/roles", userId));
2004 } catch (HTTPException e) {
2005 // Some apps are returning 400 if user is not found.
2006 if (e.getResponseCode() == 400) {
2007 logger.debug(EELFLoggerDelegate.debugLogger,
2008 "getAppRolesForUser caught exception with response code 400; continuing", e);
2010 // Other response code, let it come thru.
2014 if (userAppRoles == null) {
2015 if (EcompPortalUtils.getExternalAppResponseCode() == 400) {
2016 EcompPortalUtils.setExternalAppResponseCode(200);
2017 String message = String.format(
2018 "getAppRolesForUser: App %s, User %, endpoint /user/{userid}/roles returned 400, "
2019 + "assuming user doesn't exist, app is framework SDK based, and things are ok. "
2020 + "Overriding to 200 until framework SDK returns a useful response.",
2021 Long.toString(appId), userId);
2022 logger.warn(EELFLoggerDelegate.applicationLogger, message);
2026 HashMap<Long, EcompRole> appRolesActiveMap =hashMapFromEcompRoles(appRoles);
2027 ArrayList<EcompRole> activeRoles = new ArrayList<EcompRole>();
2028 if(userAppRoles != null){
2029 for (int i = 0; i < userAppRoles.length; i++) {
2030 if (appRolesActiveMap.containsKey(userAppRoles[i].getId())) {
2031 EcompRole role = new EcompRole();
2032 role.setId(userAppRoles[i].getId());
2033 role.setName(userAppRoles[i].getName());
2034 activeRoles.add(role);
2038 EcompRole[] userAppRolesActive = activeRoles.toArray(new EcompRole[activeRoles.size()]);
2040 // If the remote application isn't down we MUST sync user
2041 // roles here in case we have this user here!
2042 syncUserRoles(sessionFactory, userId, appId, userAppRolesActive, extRequestValue, null);
2043 } catch (Exception e) {
2044 // TODO: we may need to check if user exists, maybe remote
2046 String message = String.format(
2047 "getAppRolesForUser: user %s does not exist in remote application %s", userId,
2048 Long.toString(appId));
2049 logger.error(EELFLoggerDelegate.errorLogger, message, e);
2050 userAppRoles = new EcompRole[0];
2052 rolesInAppForUser = constructRolesInAppForUserGet(appRoles, userAppRoles);
2054 } catch (Exception e) {
2055 String message = String.format("getAppRolesForUser: failed for User %s, AppId %s", userId,
2056 Long.toString(appId));
2057 logger.error(EELFLoggerDelegate.errorLogger, message, e);
2059 return rolesInAppForUser;
2062 private boolean postUserRolesToMylogins(AppWithRolesForUser userAppRolesData,
2063 ApplicationsRestClientService applicationsRestClientService, Long appId, Long userId)
2064 throws JsonProcessingException, HTTPException {
2065 boolean result = false;
2066 ObjectMapper mapper = new ObjectMapper();
2067 mapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
2068 String userRolesAsString = mapper.writeValueAsString(userAppRolesData);
2069 logger.error(EELFLoggerDelegate.errorLogger,"Should not be reached here, as the endpoint is not defined yet from the Mylogins");
2070 applicationsRestClientService.post(AppWithRolesForUser.class, appId, userRolesAsString, String.format("/user/%s/myLoginroles", userId));
2074 @SuppressWarnings("unchecked")
2075 public FieldsValidator putUserAppRolesRequest(AppWithRolesForUser userAppRolesData, EPUser user) {
2076 FieldsValidator fieldsValidator = new FieldsValidator();
2077 final Map<String, Long> params = new HashMap<>();
2078 List<EPUserAppRoles> appRole= null;
2080 logger.error(EELFLoggerDelegate.errorLogger,"Should not be reached here, still the endpoint is yet to be defined");
2081 boolean result = postUserRolesToMylogins(userAppRolesData, applicationsRestClientService,
2082 userAppRolesData.getAppId(), user.getId());
2083 logger.debug(EELFLoggerDelegate.debugLogger,"putUserAppRolesRequest: result {}", result);
2085 params.put("appId", userAppRolesData.getAppId());
2086 EPUserAppRolesRequest epAppRolesRequestData = new EPUserAppRolesRequest();
2087 epAppRolesRequestData.setCreatedDate(new Date());
2088 epAppRolesRequestData.setUpdatedDate(new Date());
2089 epAppRolesRequestData.setUserId(user.getId());
2090 epAppRolesRequestData.setAppId(userAppRolesData.getAppId());
2091 epAppRolesRequestData.setRequestStatus("P");
2092 List<RoleInAppForUser> appRoleIdList = userAppRolesData.getAppRoles();
2093 Set<EPUserAppRolesRequestDetail> appRoleDetails = new LinkedHashSet<EPUserAppRolesRequestDetail>();
2094 dataAccessService.saveDomainObject(epAppRolesRequestData, null);
2095 for (RoleInAppForUser userAppRoles : appRoleIdList) {
2096 Boolean isAppliedVal = userAppRoles.isApplied;
2097 params.put("appRoleId", userAppRoles.roleId);
2099 appRole = (List<EPUserAppRoles>) dataAccessService.executeNamedQuery("appRoles", params, null);
2100 if (!appRole.isEmpty()) {
2101 EPUserAppRolesRequestDetail epAppRoleDetail = new EPUserAppRolesRequestDetail();
2102 epAppRoleDetail.setReqRoleId(appRole.get(0).getRoleId());
2103 epAppRoleDetail.setReqType("P");
2104 epAppRoleDetail.setEpRequestIdData(epAppRolesRequestData);
2105 dataAccessService.saveDomainObject(epAppRoleDetail, null);
2109 epAppRolesRequestData.setEpRequestIdDetail(appRoleDetails);
2110 fieldsValidator.httpStatusCode = new Long(HttpServletResponse.SC_OK);
2112 } catch (Exception e) {
2113 logger.error(EELFLoggerDelegate.errorLogger, "putUserAppRolesRequest failed", e);
2114 fieldsValidator.httpStatusCode = new Long(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
2116 return fieldsValidator;
2119 public List<EPUserAppCatalogRoles> getUserAppCatalogRoles(EPUser userid, String appName) {
2120 Map<String, String> params = new HashMap<>();
2121 params.put("userid", userid.getId().toString());
2122 //params.put("appid", appid);
2123 params.put("appName", appName);
2125 @SuppressWarnings("unchecked")
2126 List<EPUserAppCatalogRoles> userAppRoles = (List<EPUserAppCatalogRoles>) dataAccessService
2127 .executeNamedQuery("userAppCatalogRoles", params, null);
2128 return userAppRoles;
2131 public String updateRemoteUserProfile(String orgUserId, Long appId) {
2132 ObjectMapper mapper = new ObjectMapper();
2133 mapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
2134 EPUser client = searchService.searchUserByUserId(orgUserId);
2135 EPUser newUser = new EPUser();
2136 newUser.setActive(client.getActive());
2137 newUser.setFirstName(client.getFirstName());
2138 newUser.setLastName(client.getLastName());
2139 newUser.setLoginId(client.getLoginId());
2140 newUser.setLoginPwd(client.getLoginPwd());
2141 newUser.setMiddleInitial(client.getMiddleInitial());
2142 newUser.setEmail(client.getEmail());
2143 newUser.setOrgUserId(client.getLoginId());
2145 String userAsString = mapper.writeValueAsString(newUser);
2146 List<EPApp> appList = appsService.getUserRemoteApps(client.getId().toString());
2147 // applicationsRestClientService.post(EPUser.class, appId,
2148 // userAsString, String.format("/user", orgUserId));
2149 for (EPApp eachApp : appList) {
2151 applicationsRestClientService.post(EPUser.class, eachApp.getId(), userAsString,
2152 String.format("/user/%s", orgUserId));
2153 } catch (Exception e) {
2154 logger.error(EELFLoggerDelegate.errorLogger, "Failed to update user: " + client.getOrgUserId()
2155 + " in remote app. appId = " + eachApp.getId());
2158 } catch (Exception e) {
2159 logger.error(EELFLoggerDelegate.errorLogger, "updateRemoteUserProfile failed", e);
2170 * @see org.onap.portalapp.portal.service.UserRolesService#
2171 * getCachedAppRolesForUser(java.lang.Long, java.lang.Long)
2173 @SuppressWarnings("deprecation")
2174 public List<EPUserApp> getCachedAppRolesForUser(Long appId, Long userId) {
2175 // Find the records for this user-app combo, if any
2176 String filter = " where user_id = " + Long.toString(userId) + " and app_id = " + Long.toString(appId);
2177 @SuppressWarnings("unchecked")
2178 List<EPUserApp> roleList = dataAccessService.getList(EPUserApp.class, filter, null, null);
2179 logger.debug(EELFLoggerDelegate.debugLogger, "getCachedAppRolesForUser: list size is {}", roleList.size());
2184 * It retrieves and returns list of user app roles for local and remote applications based app id
2187 * @return list of user app roles
2188 * @throws HTTPException
2190 public List<UserApplicationRoles> getUsersFromAppEndpoint(Long appId) throws HTTPException {
2191 ArrayList<UserApplicationRoles> userApplicationRoles = new ArrayList<UserApplicationRoles>();
2193 EPApp app = appsService.getApp(appId);
2194 //If local or centralized application
2195 if (appId == PortalConstants.PORTAL_APP_ID || app.getCentralAuth()) {
2196 @SuppressWarnings("unchecked")
2197 List<EPUser> userList = (List<EPUser>) dataAccessService.executeNamedQuery("getActiveUsers", null, null);
2198 for (EPUser user : userList) {
2199 UserApplicationRoles userWithAppRoles = convertToUserApplicationRoles(appId, user, app);
2200 if (userWithAppRoles.getRoles() != null && userWithAppRoles.getRoles().size() > 0)
2201 userApplicationRoles.add(userWithAppRoles);
2207 RemoteUserWithRoles[] remoteUsers = null;
2208 String remoteUsersString = applicationsRestClientService.getIncomingJsonString(appId, "/users");
2210 remoteUsers = doGetUsers(isAppUpgradeVersion(app), remoteUsersString);
2212 userApplicationRoles = new ArrayList<UserApplicationRoles>();
2213 for (RemoteUserWithRoles remoteUser : remoteUsers) {
2214 UserApplicationRoles userWithRemoteAppRoles = convertToUserApplicationRoles(appId, remoteUser);
2215 if (userWithRemoteAppRoles.getRoles() != null && userWithRemoteAppRoles.getRoles().size() > 0) {
2216 userApplicationRoles.add(userWithRemoteAppRoles);
2218 logger.debug(EELFLoggerDelegate.debugLogger,
2219 "User " + userWithRemoteAppRoles.getOrgUserId() + " doesn't have any roles assigned to any app.");
2224 return userApplicationRoles;
2231 * @param appgetUsersFromAppEndpoint
2234 private UserApplicationRoles convertToUserApplicationRoles(Long appId, EPUser user, EPApp app) {
2235 UserApplicationRoles userWithRemoteAppRoles = new UserApplicationRoles();
2236 userWithRemoteAppRoles.setAppId(appId);
2237 userWithRemoteAppRoles.setOrgUserId(user.getOrgUserId());
2238 userWithRemoteAppRoles.setFirstName(user.getFirstName());
2239 userWithRemoteAppRoles.setLastName(user.getLastName());
2240 userWithRemoteAppRoles.setRoles(convertToRemoteRoleList(user, app));
2241 return userWithRemoteAppRoles;
2250 @SuppressWarnings("unchecked")
2251 private List<RemoteRole> convertToRemoteRoleList(EPUser user, EPApp app) {
2252 List<RemoteRole> roleList = new ArrayList<RemoteRole>();
2253 SortedSet<EPRole> roleSet = user.getAppEPRoles(app);
2254 for (EPRole role : roleSet) {
2255 logger.debug(EELFLoggerDelegate.debugLogger, "In convertToRemoteRoleList() - for user {}, found Name {}", user.getOrgUserId(), role.getName());
2256 RemoteRole rRole = new RemoteRole();
2257 rRole.setId(role.getId());
2258 rRole.setName(role.getName());
2259 roleList.add(rRole);
2262 //Get the active roles of user for that application using query
2263 List<EPRole> userEpRoleList = new ArrayList<>();
2264 final Map<String, Long> params = new HashMap<>();
2265 params.put("appId", app.getId());
2266 params.put("userId", user.getId());
2267 userEpRoleList = dataAccessService.executeNamedQuery("getUserRoleOnUserIdAndAppId", params, null);
2269 for (EPRole remoteUserRoleList : userEpRoleList) {
2271 RemoteRole remoteRoleListId = roleList.stream().filter(x -> remoteUserRoleList.getId().equals(x.getId()))
2272 .findAny().orElse(null);
2273 if (remoteRoleListId == null) {
2274 logger.debug(EELFLoggerDelegate.debugLogger,
2275 "Adding the role to the rolelist () - for user {}, found Name {}", user.getOrgUserId(),
2277 remoteUserRoleList.getName());
2278 RemoteRole role = new RemoteRole();
2279 role.setId(remoteUserRoleList.getId());
2280 role.setName(remoteUserRoleList.getName());
2287 logger.debug(EELFLoggerDelegate.debugLogger, "rolelist size of the USER() - for user {}, found RoleListSize {}", user.getOrgUserId(), roleList.size());
2295 public RemoteUserWithRoles[] doGetUsers(boolean postOpenSource, String remoteUsersString) {
2297 ObjectMapper mapper = new ObjectMapper();
2299 return mapper.readValue(remoteUsersString, RemoteUserWithRoles[].class);
2300 } catch (IOException e) {
2301 logger.error(EELFLoggerDelegate.errorLogger,
2302 "doGetUsers : Failed : Unexpected property in incoming JSON",
2304 logger.error(EELFLoggerDelegate.errorLogger,
2305 "doGetUsers : Incoming JSON that caused it --> " + remoteUsersString);
2308 return new RemoteUserWithRoles[0];
2311 @SuppressWarnings("unchecked")
2312 public List<EPUserApp> getEPUserAppList(Long appId, Long userId, Long roleId) {
2313 List<EPUserApp> userRoleList = new ArrayList<EPUserApp>();
2314 final Map<String, Long> params = new HashMap<>();
2315 params.put("appId", appId);
2316 params.put("userId", userId);
2317 params.put("roleId", roleId);
2318 userRoleList = dataAccessService.executeNamedQuery("getUserRoleOnUserIdAndRoleIdAndAppId", params, null);
2319 return userRoleList;
2323 /*public static void main(String[] args) {
2324 List<EcompRole> str1 = new ArrayList<String>();
2330 List<String> str2 = new ArrayList<String>();
2334 List<EcompRole> userApplicationRolesList = setUserRoles;
2335 List<EcompRole> appRolesList = Arrays.asList(appRoles);