2 * ================================================================================
4 * ================================================================================
5 * Copyright (C) 2017 AT&T Intellectual Property
6 * ================================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ================================================================================
21 package org.openecomp.portalapp.portal.controller;
23 import java.util.ArrayList;
25 import javax.servlet.http.HttpServletRequest;
26 import javax.servlet.http.HttpServletResponse;
28 import org.openecomp.portalapp.externalsystemapproval.model.ExternalSystemRoleApproval;
29 import org.openecomp.portalapp.externalsystemapproval.model.ExternalSystemUser;
30 import org.openecomp.portalapp.portal.ecomp.model.PortalRestResponse;
31 import org.openecomp.portalapp.portal.ecomp.model.PortalRestStatusEnum;
32 import org.openecomp.portalapp.portal.logging.aop.EPAuditLog;
33 import org.openecomp.portalapp.portal.service.UserRolesService;
34 import org.openecomp.portalapp.portal.transport.ExternalRequestFieldsValidator;
35 import org.openecomp.portalsdk.core.logging.logic.EELFLoggerDelegate;
36 import org.springframework.beans.factory.annotation.Autowired;
37 import org.springframework.context.annotation.Configuration;
38 import org.springframework.context.annotation.EnableAspectJAutoProxy;
39 import org.springframework.web.bind.annotation.RequestBody;
40 import org.springframework.web.bind.annotation.RequestMapping;
41 import org.springframework.web.bind.annotation.RequestMethod;
42 import org.springframework.web.bind.annotation.RestController;
44 import io.swagger.annotations.ApiOperation;
47 @RequestMapping("/auxapi")
49 @EnableAspectJAutoProxy
51 public class RolesApprovalSystemController implements BasicAuthenticationController {
53 private EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(RolesApprovalSystemController.class);
56 private UserRolesService userRolesService;
59 * Creates an application user with the specified roles.
63 * @return PortalRestResponse with appropriate status value and message
65 @ApiOperation(value = "Creates an application user with the specified roles.", response = PortalRestResponse.class)
66 @RequestMapping(value = { "/userProfile" }, method = RequestMethod.POST, produces = "application/json")
67 public PortalRestResponse<String> postUserProfile(HttpServletRequest request,
68 @RequestBody ExternalSystemUser extSysUser, HttpServletResponse response) {
69 ExternalRequestFieldsValidator reqResult = null;
71 logger.info(EELFLoggerDelegate.debugLogger, "postUserProfile: request received for app {}, user {}",
72 extSysUser.getApplicationName(), extSysUser.getLoginId());
74 validateExtSystemUser(extSysUser, true);
75 reqResult = userRolesService.setExternalRequestUserAppRole(extSysUser, "POST");
76 if (!reqResult.isResult())
77 throw new Exception(reqResult.getDetailMessage());
78 } catch (Exception e) {
79 logger.error(EELFLoggerDelegate.errorLogger, "postUserProfile: failed for app {}, user {}",
80 extSysUser.getApplicationName(), extSysUser.getLoginId(), e);
81 if(reqResult == null || (!reqResult.isResult() && !e.getMessage().contains("404") && !e.getMessage().contains("405"))){
82 response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
83 return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR,
84 e.getMessage(), "save user profile failed");
85 } else if(e.getMessage().contains("404")){
86 response.setStatus(HttpServletResponse.SC_NOT_FOUND);
87 return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR,
88 e.getMessage(), "save user profile failed");
89 } else if (e.getMessage().contains("405")) {
90 response.setStatus(HttpServletResponse.SC_METHOD_NOT_ALLOWED);
91 return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, e.getMessage(),
92 "save user profile failed");
94 response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
95 return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, e.getMessage(),
96 "save user profile failed");
99 return new PortalRestResponse<String>(PortalRestStatusEnum.OK, reqResult.getDetailMessage(), "Success");
103 * Updates an application user to have only the specified roles.
107 * @return PortalRestResponse with appropriate status value and message
109 @ApiOperation(value = "Updates an application user to have only the specified roles.", response = PortalRestResponse.class)
110 @RequestMapping(value = { "/userProfile" }, method = RequestMethod.PUT, produces = "application/json")
111 public PortalRestResponse<String> putUserProfile(HttpServletRequest request,
112 @RequestBody ExternalSystemUser extSysUser, HttpServletResponse response) {
113 ExternalRequestFieldsValidator reqResult = null;
115 logger.info(EELFLoggerDelegate.debugLogger, "putUserProfile: request received for app {}, user {}",
116 extSysUser.getApplicationName(), extSysUser.getLoginId());
117 validateExtSystemUser(extSysUser, true);
118 reqResult = userRolesService.setExternalRequestUserAppRole(extSysUser, "PUT");
119 if (!reqResult.isResult())
120 throw new Exception(reqResult.getDetailMessage());
121 } catch (Exception e) {
122 logger.error(EELFLoggerDelegate.errorLogger, "putUserProfile: failed for app {}, user {}",
123 extSysUser.getApplicationName(), extSysUser.getLoginId(), e);
124 if(reqResult == null || (!reqResult.isResult() && !e.getMessage().contains("404") && !e.getMessage().contains("405"))){
125 response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
126 return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR,
127 e.getMessage(), "save user profile failed");
128 } else if(e.getMessage().contains("404")){
129 response.setStatus(HttpServletResponse.SC_NOT_FOUND);
130 return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR,
131 e.getMessage(), "save user profile failed");
132 } else if (e.getMessage().contains("405")) {
133 response.setStatus(HttpServletResponse.SC_METHOD_NOT_ALLOWED);
134 return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, e.getMessage(), "save user profile failed");
136 response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
137 return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR,
138 e.getMessage(), "save user profile failed");
141 return new PortalRestResponse<String>(PortalRestStatusEnum.OK, reqResult.getDetailMessage() , "Success");
145 * Deletes an application user by removing all assigned roles.
149 * This object must have zero roles.
150 * @return PortalRestResponse with appropriate status value and message
152 @ApiOperation(value = "Processes a request to delete one or more application roles for one specified user who has roles.", response = PortalRestResponse.class)
153 @RequestMapping(value = { "/userProfile" }, method = RequestMethod.DELETE, produces = "application/json")
154 public PortalRestResponse<String> deleteUserProfile(HttpServletRequest request,
155 @RequestBody ExternalSystemUser extSysUser, HttpServletResponse response) {
156 ExternalRequestFieldsValidator reqResult = null;
158 logger.info(EELFLoggerDelegate.debugLogger, "deleteUserProfile: request received for app {}, user {}",
159 extSysUser.getApplicationName(), extSysUser.getLoginId());
160 validateExtSystemUser(extSysUser, false);
161 // Ignore any roles that might be mistakenly present in the request
162 extSysUser.setRoles(new ArrayList<ExternalSystemRoleApproval>());
163 reqResult = userRolesService.setExternalRequestUserAppRole(extSysUser, "DELETE");
164 if (!reqResult.isResult())
165 throw new Exception(reqResult.getDetailMessage());
166 } catch (Exception e) {
167 logger.error(EELFLoggerDelegate.errorLogger, "deleteUserProfile: failed for app {}, user {}",
168 extSysUser.getApplicationName(), extSysUser.getLoginId(), e);
169 if(reqResult == null || (!reqResult.isResult() && !e.getMessage().contains("404"))){
170 response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
171 return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR,
172 e.getMessage(), "delete user profile failed");
173 }else if(e.getMessage().contains("404")){
174 response.setStatus(HttpServletResponse.SC_NOT_FOUND);
175 return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR,
176 e.getMessage(), "delete user profile failed");
178 response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
179 return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR,
180 e.getMessage(), "delete user profile failed");
183 return new PortalRestResponse<String>(PortalRestStatusEnum.OK, "Deleted Successfully", "Success");
187 * Checks for presence of required fields.
190 * @param rolesRequired
191 * If true, checks whether roles are present
193 * If any field is missing.
195 private void validateExtSystemUser(ExternalSystemUser extSysUser, boolean rolesRequired) throws Exception {
196 if (extSysUser.getLoginId() == null || extSysUser.getLoginId() == "")
197 throw new Exception("Request has no login ID");
198 if (extSysUser.getApplicationName() == null || extSysUser.getApplicationName() == "")
199 throw new Exception("Request has no application name");
200 if (extSysUser.getMyloginrequestId() == null)
201 throw new Exception("Request has no request ID");
202 if (rolesRequired && (extSysUser.getRoles() == null || extSysUser.getRoles().size() == 0))
203 throw new Exception("Request has no roles");