2 * ============LICENSE_START==========================================
4 * ===================================================================
5 * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
6 * ===================================================================
8 * Unless otherwise specified, all software contained herein is licensed
9 * under the Apache License, Version 2.0 (the "License");
10 * you may not use this software except in compliance with the License.
11 * You may obtain a copy of the License at
13 * http://www.apache.org/licenses/LICENSE-2.0
15 * Unless required by applicable law or agreed to in writing, software
16 * distributed under the License is distributed on an "AS IS" BASIS,
17 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18 * See the License for the specific language governing permissions and
19 * limitations under the License.
21 * Unless otherwise specified, all documentation contained herein is licensed
22 * under the Creative Commons License, Attribution 4.0 Intl. (the "License");
23 * you may not use this documentation except in compliance with the License.
24 * You may obtain a copy of the License at
26 * https://creativecommons.org/licenses/by/4.0/
28 * Unless required by applicable law or agreed to in writing, documentation
29 * distributed under the License is distributed on an "AS IS" BASIS,
30 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
31 * See the License for the specific language governing permissions and
32 * limitations under the License.
34 * ============LICENSE_END============================================
39 package org.onap.portal.controller;
41 import io.swagger.annotations.ApiOperation;
42 import java.util.ArrayList;
43 import javax.servlet.http.HttpServletRequest;
44 import javax.servlet.http.HttpServletResponse;
45 import org.onap.portal.domain.dto.PortalRestResponse;
46 import org.onap.portal.domain.dto.PortalRestStatusEnum;
47 import org.onap.portal.domain.dto.model.ExternalSystemRoleApproval;
48 import org.onap.portal.domain.dto.model.ExternalSystemUser;
49 import org.onap.portal.domain.dto.transport.ExternalRequestFieldsValidator;
50 import org.onap.portal.service.AdminRolesService;
51 import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
52 import org.springframework.beans.factory.annotation.Autowired;
53 import org.springframework.context.annotation.Configuration;
54 import org.springframework.context.annotation.EnableAspectJAutoProxy;
55 import org.springframework.web.bind.annotation.RequestBody;
56 import org.springframework.web.bind.annotation.RequestMapping;
57 import org.springframework.web.bind.annotation.RequestMethod;
58 import org.springframework.web.bind.annotation.RestController;
61 @RequestMapping("/auxapi")
63 @EnableAspectJAutoProxy
64 public class RolesApprovalSystemController {
66 private EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(RolesApprovalSystemController.class);
68 private final AdminRolesService userRolesService;
71 public RolesApprovalSystemController(AdminRolesService userRolesService) {
72 this.userRolesService = userRolesService;
75 @ApiOperation(value = "Creates an application user with the specified roles.", response = PortalRestResponse.class)
76 @RequestMapping(value = {"/userProfile"}, method = RequestMethod.POST, produces = "application/json")
77 public PortalRestResponse<String> postUserProfile(HttpServletRequest request,
78 @RequestBody ExternalSystemUser extSysUser, HttpServletResponse response) {
79 ExternalRequestFieldsValidator reqResult = null;
81 logger.info(EELFLoggerDelegate.debugLogger, "postUserProfile: request received for app {}, user {}",
82 extSysUser.getApplicationName(), extSysUser.getLoginId());
84 validateExtSystemUser(extSysUser, true);
85 reqResult = userRolesService.setExternalRequestUserAppRole(extSysUser, "POST");
86 if (!reqResult.isResult()) {
87 throw new Exception(reqResult.getDetailMessage());
89 } catch (Exception e) {
90 logger.error(EELFLoggerDelegate.errorLogger, "postUserProfile: failed for app {}, user {}",
91 extSysUser.getApplicationName(), extSysUser.getLoginId(), e);
92 if (reqResult == null || (!reqResult.isResult() && !e.getMessage().contains("404") && !e.getMessage()
94 response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
95 return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR,
96 e.getMessage(), "save user profile failed");
97 } else if (e.getMessage().contains("404")) {
98 response.setStatus(HttpServletResponse.SC_NOT_FOUND);
99 return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR,
100 e.getMessage(), "save user profile failed");
101 } else if (e.getMessage().contains("500")) {
102 response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
103 return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR,
104 e.getMessage(), "save user profile failed");
105 } else if (e.getMessage().contains("405")) {
106 response.setStatus(HttpServletResponse.SC_METHOD_NOT_ALLOWED);
107 return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, e.getMessage(),
108 "save user profile failed");
110 response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
111 return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, e.getMessage(),
112 "save user profile failed");
115 return new PortalRestResponse<String>(PortalRestStatusEnum.OK, reqResult.getDetailMessage(), "Success");
118 @ApiOperation(value = "Updates an application user to have only the specified roles.", response = PortalRestResponse.class)
119 @RequestMapping(value = {"/userProfile"}, method = RequestMethod.PUT, produces = "application/json")
120 public PortalRestResponse<String> putUserProfile(HttpServletRequest request,
121 @RequestBody ExternalSystemUser extSysUser, HttpServletResponse response) {
122 ExternalRequestFieldsValidator reqResult = null;
124 logger.info(EELFLoggerDelegate.debugLogger, "putUserProfile: request received for app {}, user {}",
125 extSysUser.getApplicationName(), extSysUser.getLoginId());
126 validateExtSystemUser(extSysUser, true);
127 reqResult = userRolesService.setExternalRequestUserAppRole(extSysUser, "PUT");
128 if (!reqResult.isResult()) {
129 throw new Exception(reqResult.getDetailMessage());
131 } catch (Exception e) {
132 logger.error(EELFLoggerDelegate.errorLogger, "putUserProfile: failed for app {}, user {}",
133 extSysUser.getApplicationName(), extSysUser.getLoginId(), e);
134 if (reqResult == null || (!reqResult.isResult() && !e.getMessage().contains("404") && !e.getMessage()
136 response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
137 return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR,
138 e.getMessage(), "save user profile failed");
139 } else if (e.getMessage().contains("404")) {
140 response.setStatus(HttpServletResponse.SC_NOT_FOUND);
141 return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR,
142 e.getMessage(), "save user profile failed");
143 } else if (e.getMessage().contains("500")) {
144 response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
145 return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR,
146 e.getMessage(), "save user profile failed");
147 } else if (e.getMessage().contains("405")) {
148 response.setStatus(HttpServletResponse.SC_METHOD_NOT_ALLOWED);
149 return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, e.getMessage(),
150 "save user profile failed");
152 response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
153 return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR,
154 e.getMessage(), "save user profile failed");
157 return new PortalRestResponse<String>(PortalRestStatusEnum.OK, reqResult.getDetailMessage(), "Success");
160 @ApiOperation(value = "Processes a request to delete one or more application roles for one specified user who has roles.", response = PortalRestResponse.class)
161 @RequestMapping(value = {"/userProfile"}, method = RequestMethod.DELETE, produces = "application/json")
162 public PortalRestResponse<String> deleteUserProfile(HttpServletRequest request,
163 @RequestBody ExternalSystemUser extSysUser, HttpServletResponse response) {
164 ExternalRequestFieldsValidator reqResult = null;
166 logger.info(EELFLoggerDelegate.debugLogger, "deleteUserProfile: request received for app {}, user {}",
167 extSysUser.getApplicationName(), extSysUser.getLoginId());
168 validateExtSystemUser(extSysUser, false);
169 // Ignore any roles that might be mistakenly present in the request
170 extSysUser.setRoles(new ArrayList<ExternalSystemRoleApproval>());
171 reqResult = userRolesService.setExternalRequestUserAppRole(extSysUser, "DELETE");
172 if (!reqResult.isResult()) {
173 throw new Exception(reqResult.getDetailMessage());
175 } catch (Exception e) {
176 logger.error(EELFLoggerDelegate.errorLogger, "deleteUserProfile: failed for app {}, user {}",
177 extSysUser.getApplicationName(), extSysUser.getLoginId(), e);
178 if (reqResult == null || (!reqResult.isResult() && !e.getMessage().contains("404"))) {
179 response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
180 return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR,
181 e.getMessage(), "delete user profile failed");
182 } else if (e.getMessage().contains("404")) {
183 response.setStatus(HttpServletResponse.SC_NOT_FOUND);
184 return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR,
185 e.getMessage(), "delete user profile failed");
187 response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
188 return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR,
189 e.getMessage(), "delete user profile failed");
192 return new PortalRestResponse<String>(PortalRestStatusEnum.OK, "Deleted Successfully", "Success");
195 private void validateExtSystemUser(ExternalSystemUser extSysUser, boolean rolesRequired) throws Exception {
196 if (extSysUser.getLoginId() == null || extSysUser.getLoginId() == "") {
197 throw new Exception("Request has no login ID");
199 if (extSysUser.getApplicationName() == null || extSysUser.getApplicationName() == "") {
200 throw new Exception("Request has no application name");
202 if (extSysUser.getMyloginrequestId() == null) {
203 throw new Exception("Request has no request ID");
205 if (rolesRequired && (extSysUser.getRoles() == null || extSysUser.getRoles().size() == 0)) {
206 throw new Exception("Request has no roles");