2 * ============LICENSE_START==========================================
4 * ===================================================================
5 * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
6 * ===================================================================
7 * Modifications Copyright (c) 2019 Samsung
8 * ===================================================================
10 * Unless otherwise specified, all software contained herein is licensed
11 * under the Apache License, Version 2.0 (the "License");
12 * you may not use this software except in compliance with the License.
13 * You may obtain a copy of the License at
15 * http://www.apache.org/licenses/LICENSE-2.0
17 * Unless required by applicable law or agreed to in writing, software
18 * distributed under the License is distributed on an "AS IS" BASIS,
19 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
20 * See the License for the specific language governing permissions and
21 * limitations under the License.
23 * Unless otherwise specified, all documentation contained herein is licensed
24 * under the Creative Commons License, Attribution 4.0 Intl. (the "License");
25 * you may not use this documentation except in compliance with the License.
26 * You may obtain a copy of the License at
28 * https://creativecommons.org/licenses/by/4.0/
30 * Unless required by applicable law or agreed to in writing, documentation
31 * distributed under the License is distributed on an "AS IS" BASIS,
32 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
33 * See the License for the specific language governing permissions and
34 * limitations under the License.
36 * ============LICENSE_END============================================
41 package org.onap.portal.service;
43 import java.util.ArrayList;
44 import java.util.List;
45 import javax.persistence.EntityManager;
46 import javax.servlet.http.HttpServletResponse;
47 import org.onap.portal.dao.fn.FnWidgetDao;
48 import org.onap.portal.domain.db.fn.FnUser;
49 import org.onap.portal.domain.db.fn.FnUserRole;
50 import org.onap.portal.domain.db.fn.FnWidget;
51 import org.onap.portal.domain.dto.transport.FieldsValidator;
52 import org.onap.portal.domain.dto.transport.OnboardingWidget;
53 import org.onap.portal.service.fn.FnUserRoleService;
54 import org.onap.portal.utils.EPCommonSystemProperties;
55 import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
56 import org.springframework.beans.factory.annotation.Autowired;
57 import org.springframework.context.annotation.EnableAspectJAutoProxy;
58 import org.springframework.security.access.prepost.PreAuthorize;
59 import org.springframework.stereotype.Service;
60 import org.springframework.transaction.annotation.Transactional;
63 @EnableAspectJAutoProxy
65 public class WidgetService {
67 private final EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(WidgetService.class);
68 private final Long ACCOUNT_ADMIN_ROLE_ID = 999L;
70 private static final String baseSqlToken =
71 " new org.onap.portal.domain.dto.transport.OnboardingWidget("
72 + "widget.WIDGET_ID,widget.WDG_NAME,widget.APP_ID,"
73 + "app.APP_NAME,widget.WDG_WIDTH,widget.WDG_HEIGHT,"
74 + "widget.WDG_URL, widget.WIDGET_ID,widget.WDG_NAME,widget.APP_ID,app.APP_NAME,widget.WDG_WIDTH,widget.WDG_HEIGHT,widget.WDG_URL) from FN_WIDGET widget join FN_APP app ON widget.APP_ID = app.APP_ID";
76 private static final String urlField = "url";
77 private static final Long DUBLICATED_FIELD_VALUE_ECOMP_ERROR = new Long(
78 EPCommonSystemProperties.DUBLICATED_FIELD_VALUE_ECOMP_ERROR);
79 private static final String nameField = "name";
81 private final AdminRolesService adminRolesService;
82 private final EntityManager entityManager;
83 private final FnWidgetDao fnWidgetDao;
84 private final FnUserRoleService fnUserRoleService;
87 public WidgetService(final AdminRolesService adminRolesService, final EntityManager entityManager,
88 final FnWidgetDao fnWidgetDao, FnUserRoleService fnUserRoleService) {
89 this.adminRolesService = adminRolesService;
90 this.entityManager = entityManager;
91 this.fnWidgetDao = fnWidgetDao;
92 this.fnUserRoleService = fnUserRoleService;
95 private static final Object syncRests = new Object();
97 public List<OnboardingWidget> getOnboardingWidgets(FnUser user, boolean managed) {
98 if (adminRolesService.isSuperAdmin(user.getOrgUserId())) {
99 return entityManager.createQuery(sqlWidgetsForAllApps(), OnboardingWidget.class).getResultList();
100 } else if (managed) {
101 if (adminRolesService.isAccountAdmin(user)) {
103 .createQuery(sqlWidgetsForAllAppsWhereUserIsAdmin(), OnboardingWidget.class)
104 .setParameter("USERID", user.getId()).getResultList();
106 } else if (adminRolesService.isAccountAdmin(user) || adminRolesService.isUser(user)) {
108 .createQuery(sqlWidgetsForAllAppsWhereUserHasAnyRole(), OnboardingWidget.class)
109 .setParameter("USERID", user.getId()).getResultList();
111 return new ArrayList<>();
114 private String sqlWidgetsForAllApps() {
115 return "SELECT" + baseSqlToken;
118 private String sqlWidgetsForAllAppsWhereUserIsAdmin() {
119 return "SELECT" + baseSqlToken
120 + " join FN_USER_ROLE ON FN_USER_ROLE.APP_ID = app.APP_ID where FN_USER_ROLE.USER_ID = :USERID AND FN_USER_ROLE.ROLE_ID = "
121 + ACCOUNT_ADMIN_ROLE_ID;
124 private String sqlWidgetsForAllAppsWhereUserHasAnyRole() {
125 return "SELECT DISTINCT" + baseSqlToken
126 + " join FN_USER_ROLE ON FN_USER_ROLE.APP_ID = app.APP_ID where FN_USER_ROLE.USER_ID = "
130 @PreAuthorize("hasRole('System_Administrator')")
131 public FieldsValidator setOnboardingWidget(final Long userId, final OnboardingWidget onboardingWidget) {
132 return this.updateOrSaveWidget(true, userId, onboardingWidget);
135 private FieldsValidator updateOrSaveWidget(boolean superAdmin, Long userId, OnboardingWidget onboardingWidget) {
136 FieldsValidator fieldsValidator = new FieldsValidator();
137 if (!this.isUserAdminOfAppForWidget(superAdmin, userId, onboardingWidget.getAppId())) {
138 fieldsValidator.setHttpStatusCode((long) HttpServletResponse.SC_FORBIDDEN);
139 return fieldsValidator;
141 synchronized (syncRests) {
142 if (onboardingWidget.getId() == null) {
143 this.validateOnboardingWidget(onboardingWidget, fieldsValidator);
145 FnWidget widget = fnWidgetDao.getOne(onboardingWidget.getId());
146 if (widget == null || widget.getAppId() == null) {
147 fieldsValidator.setHttpStatusCode((long) HttpServletResponse.SC_NOT_FOUND);
148 return fieldsValidator;
150 this.validateOnboardingWidget(onboardingWidget, fieldsValidator);
152 if (fieldsValidator.getHttpStatusCode() == HttpServletResponse.SC_OK) {
153 this.applyOnboardingWidget(onboardingWidget, fieldsValidator);
156 return fieldsValidator;
159 private boolean isUserAdminOfAppForWidget(boolean superAdmin, Long userId, Long appId) {
161 List<FnUserRole> userRoles = getAdminUserRoles(userId, appId);
162 return (userRoles.size() > 0);
167 private List<FnUserRole> getAdminUserRoles(Long userId, Long appId) {
168 return fnUserRoleService.getAdminUserRoles(userId, ACCOUNT_ADMIN_ROLE_ID, appId);
171 private void applyOnboardingWidget(OnboardingWidget onboardingWidget, FieldsValidator fieldsValidator) {
174 if (onboardingWidget.getId() == null) {
175 widget = new FnWidget();
177 widget = fnWidgetDao.getOne(onboardingWidget.getId());
179 widget.setAppId(onboardingWidget.getAppId());
180 widget.setName(onboardingWidget.getName());
181 widget.setWidth(onboardingWidget.getWidth());
182 widget.setHeight(onboardingWidget.getHeight());
183 widget.setUrl(onboardingWidget.getUrl());
184 result = widget.equals(fnWidgetDao.saveAndFlush(widget));
186 fieldsValidator.setHttpStatusCode((long) HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
190 private void validateOnboardingWidget(OnboardingWidget onboardingWidget, FieldsValidator fieldsValidator) {
191 List<FnWidget> widgets = getWidgets(onboardingWidget);
192 boolean dublicatedUrl = false;
193 boolean dublicatedName = false;
194 for (FnWidget widget : widgets) {
195 if (onboardingWidget.getId() != null && onboardingWidget.getId().equals(widget.getWidgetId())) {
196 // widget should not be compared with itself
199 if (!dublicatedUrl && widget.getUrl().equals(onboardingWidget.getUrl())) {
200 dublicatedUrl = true;
201 if (dublicatedName) {
205 if (!dublicatedName && widget.getName().equalsIgnoreCase(onboardingWidget.getName()) && widget
206 .getAppId().equals(onboardingWidget.getAppId())) {
207 dublicatedName = true;
213 if (dublicatedUrl || dublicatedName) {
215 fieldsValidator.addProblematicFieldName(urlField);
217 if (dublicatedName) {
218 fieldsValidator.addProblematicFieldName(nameField);
220 fieldsValidator.setHttpStatusCode((long) HttpServletResponse.SC_CONFLICT);
221 fieldsValidator.setErrorCode(DUBLICATED_FIELD_VALUE_ECOMP_ERROR);
225 private List<FnWidget> getWidgets(final OnboardingWidget onboardingWidget) {
226 return fnWidgetDao.getForUrlNameAndAppId(onboardingWidget.getUrl(), onboardingWidget.getName(), onboardingWidget.getAppId()).orElse(new ArrayList<>());
229 public FieldsValidator deleteOnboardingWidget(FnUser user, Long onboardingWidgetId) {
230 FieldsValidator fieldsValidator = new FieldsValidator();
231 synchronized (syncRests) {
232 FnWidget widget = fnWidgetDao.getOne(onboardingWidgetId);
233 if (widget != null && widget.getAppId() != null) { // widget exists
234 if (!this.isUserAdminOfAppForWidget(adminRolesService.isSuperAdmin(user.getOrgUserId()), user.getId(),
235 widget.getAppId())) {
236 fieldsValidator.setHttpStatusCode((long) HttpServletResponse.SC_FORBIDDEN);
238 fnWidgetDao.deleteById(onboardingWidgetId);
239 fieldsValidator.setHttpStatusCode(
240 (long) HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
244 return fieldsValidator;
247 public FnWidget saveOne(final FnWidget widget){
248 return fnWidgetDao.saveAndFlush(widget);