Added portal-FE-common - angular upgrade code
[portal.git] / portal-BE / src / main / java / org / onap / portal / service / widget / WidgetService.java
1 /*
2  * ============LICENSE_START==========================================
3  * ONAP Portal
4  * ===================================================================
5  * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
6  * ===================================================================
7  * Modifications Copyright (c) 2019 Samsung
8  * ===================================================================
9  *
10  * Unless otherwise specified, all software contained herein is licensed
11  * under the Apache License, Version 2.0 (the "License");
12  * you may not use this software except in compliance with the License.
13  * You may obtain a copy of the License at
14  *
15  *             http://www.apache.org/licenses/LICENSE-2.0
16  *
17  * Unless required by applicable law or agreed to in writing, software
18  * distributed under the License is distributed on an "AS IS" BASIS,
19  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
20  * See the License for the specific language governing permissions and
21  * limitations under the License.
22  *
23  * Unless otherwise specified, all documentation contained herein is licensed
24  * under the Creative Commons License, Attribution 4.0 Intl. (the "License");
25  * you may not use this documentation except in compliance with the License.
26  * You may obtain a copy of the License at
27  *
28  *             https://creativecommons.org/licenses/by/4.0/
29  *
30  * Unless required by applicable law or agreed to in writing, documentation
31  * distributed under the License is distributed on an "AS IS" BASIS,
32  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
33  * See the License for the specific language governing permissions and
34  * limitations under the License.
35  *
36  * ============LICENSE_END============================================
37  *
38  *
39  */
40
41 package org.onap.portal.service.widget;
42
43 import java.util.ArrayList;
44 import java.util.List;
45 import javax.persistence.EntityManager;
46 import javax.servlet.http.HttpServletResponse;
47
48 import org.onap.portal.domain.db.fn.FnUser;
49 import org.onap.portal.domain.db.fn.FnUserRole;
50 import org.onap.portal.domain.db.fn.FnWidget;
51 import org.onap.portal.domain.dto.transport.FieldsValidator;
52 import org.onap.portal.domain.dto.transport.OnboardingWidget;
53 import org.onap.portal.service.AdminRolesService;
54 import org.onap.portal.service.userRole.FnUserRoleService;
55 import org.onap.portal.utils.EPCommonSystemProperties;
56 import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
57 import org.springframework.beans.factory.annotation.Autowired;
58 import org.springframework.context.annotation.EnableAspectJAutoProxy;
59 import org.springframework.security.access.prepost.PreAuthorize;
60 import org.springframework.stereotype.Service;
61 import org.springframework.transaction.annotation.Transactional;
62
63 @Service
64 @EnableAspectJAutoProxy
65 @Transactional
66 public class WidgetService {
67
68        private final EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(WidgetService.class);
69        private final Long ACCOUNT_ADMIN_ROLE_ID = 999L;
70
71        private static final String baseSqlToken =
72                " new org.onap.portal.domain.dto.transport.OnboardingWidget("
73                        + "widget.WIDGET_ID,widget.WDG_NAME,widget.APP_ID,"
74                        + "app.APP_NAME,widget.WDG_WIDTH,widget.WDG_HEIGHT,"
75                        + "widget.WDG_URL, widget.WIDGET_ID,widget.WDG_NAME,widget.APP_ID,app.APP_NAME,widget.WDG_WIDTH,widget.WDG_HEIGHT,widget.WDG_URL) from FN_WIDGET widget join FN_APP app ON widget.APP_ID = app.APP_ID";
76
77        private static final String urlField = "url";
78        private static final Long DUBLICATED_FIELD_VALUE_ECOMP_ERROR = new Long(
79                EPCommonSystemProperties.DUBLICATED_FIELD_VALUE_ECOMP_ERROR);
80        private static final String nameField = "name";
81
82        private final AdminRolesService adminRolesService;
83        private final EntityManager entityManager;
84        private final FnWidgetDao fnWidgetDao;
85        private final FnUserRoleService fnUserRoleService;
86
87        @Autowired
88        public WidgetService(final AdminRolesService adminRolesService, final EntityManager entityManager,
89                final FnWidgetDao fnWidgetDao, FnUserRoleService fnUserRoleService) {
90               this.adminRolesService = adminRolesService;
91               this.entityManager = entityManager;
92               this.fnWidgetDao = fnWidgetDao;
93               this.fnUserRoleService = fnUserRoleService;
94        }
95
96        private static final Object syncRests = new Object();
97
98        public List<OnboardingWidget> getOnboardingWidgets(FnUser user, boolean managed) {
99               if (adminRolesService.isSuperAdmin(user.getOrgUserId())) {
100                      return entityManager.createQuery(sqlWidgetsForAllApps(), OnboardingWidget.class).getResultList();
101               } else if (managed) {
102                      if (adminRolesService.isAccountAdmin(user)) {
103                             return entityManager
104                                     .createQuery(sqlWidgetsForAllAppsWhereUserIsAdmin(), OnboardingWidget.class)
105                                     .setParameter("USERID", user.getId()).getResultList();
106                      }
107               } else if (adminRolesService.isAccountAdmin(user) || adminRolesService.isUser(user)) {
108                      return entityManager
109                              .createQuery(sqlWidgetsForAllAppsWhereUserHasAnyRole(), OnboardingWidget.class)
110                              .setParameter("USERID", user.getId()).getResultList();
111               }
112               return new ArrayList<>();
113        }
114
115        private String sqlWidgetsForAllApps() {
116               return "SELECT" + baseSqlToken;
117        }
118
119        private String sqlWidgetsForAllAppsWhereUserIsAdmin() {
120               return "SELECT" + baseSqlToken
121                       + " join FN_USER_ROLE ON FN_USER_ROLE.APP_ID = app.APP_ID where FN_USER_ROLE.USER_ID = :USERID AND FN_USER_ROLE.ROLE_ID = "
122                       + ACCOUNT_ADMIN_ROLE_ID;
123        }
124
125        private String sqlWidgetsForAllAppsWhereUserHasAnyRole() {
126               return "SELECT DISTINCT" + baseSqlToken
127                       + " join FN_USER_ROLE ON FN_USER_ROLE.APP_ID = app.APP_ID where FN_USER_ROLE.USER_ID = "
128                       + ":USERID";
129        }
130
131        @PreAuthorize("hasRole('System_Administrator')")
132        public FieldsValidator setOnboardingWidget(final Long userId, final OnboardingWidget onboardingWidget) {
133               return this.updateOrSaveWidget(true, userId, onboardingWidget);
134        }
135
136        private FieldsValidator updateOrSaveWidget(boolean superAdmin, Long userId, OnboardingWidget onboardingWidget) {
137               FieldsValidator fieldsValidator = new FieldsValidator();
138               if (!this.isUserAdminOfAppForWidget(superAdmin, userId, onboardingWidget.getAppId())) {
139                      fieldsValidator.setHttpStatusCode((long) HttpServletResponse.SC_FORBIDDEN);
140                      return fieldsValidator;
141               }
142               synchronized (syncRests) {
143                      if (onboardingWidget.getId() == null) {
144                             this.validateOnboardingWidget(onboardingWidget, fieldsValidator);
145                      } else {
146                             FnWidget widget = fnWidgetDao.getOne(onboardingWidget.getId());
147                             if (widget == null || widget.getAppId() == null) {
148                                    fieldsValidator.setHttpStatusCode((long) HttpServletResponse.SC_NOT_FOUND);
149                                    return fieldsValidator;
150                             }
151                             this.validateOnboardingWidget(onboardingWidget, fieldsValidator);
152                      }
153                      if (fieldsValidator.getHttpStatusCode() == HttpServletResponse.SC_OK) {
154                             this.applyOnboardingWidget(onboardingWidget, fieldsValidator);
155                      }
156               }
157               return fieldsValidator;
158        }
159
160        private boolean isUserAdminOfAppForWidget(boolean superAdmin, Long userId, Long appId) {
161               if (!superAdmin) {
162                      List<FnUserRole> userRoles = getAdminUserRoles(userId, appId);
163                      return (userRoles.size() > 0);
164               }
165               return true;
166        }
167
168        private List<FnUserRole> getAdminUserRoles(Long userId, Long appId) {
169               return fnUserRoleService.getAdminUserRoles(userId, ACCOUNT_ADMIN_ROLE_ID, appId);
170        }
171
172        private void applyOnboardingWidget(OnboardingWidget onboardingWidget, FieldsValidator fieldsValidator) {
173               boolean result;
174               FnWidget widget;
175               if (onboardingWidget.getId() == null) {
176                      widget = new FnWidget();
177               } else {
178                      widget = fnWidgetDao.getOne(onboardingWidget.getId());
179               }
180               widget.setAppId(onboardingWidget.getAppId());
181               widget.setName(onboardingWidget.getName());
182               widget.setWidth(onboardingWidget.getWidth());
183               widget.setHeight(onboardingWidget.getHeight());
184               widget.setUrl(onboardingWidget.getUrl());
185               result = widget.equals(fnWidgetDao.saveAndFlush(widget));
186               if (!result) {
187                      fieldsValidator.setHttpStatusCode((long) HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
188               }
189        }
190
191        private void validateOnboardingWidget(OnboardingWidget onboardingWidget, FieldsValidator fieldsValidator) {
192               List<FnWidget> widgets = getWidgets(onboardingWidget);
193               boolean dublicatedUrl = false;
194               boolean dublicatedName = false;
195               for (FnWidget widget : widgets) {
196                      if (onboardingWidget.getId() != null && onboardingWidget.getId().equals(widget.getWidgetId())) {
197                             // widget should not be compared with itself
198                             continue;
199                      }
200                      if (!dublicatedUrl && widget.getUrl().equals(onboardingWidget.getUrl())) {
201                             dublicatedUrl = true;
202                             if (dublicatedName) {
203                                    break;
204                             }
205                      }
206                      if (!dublicatedName && widget.getName().equalsIgnoreCase(onboardingWidget.getName()) && widget
207                              .getAppId().equals(onboardingWidget.getAppId())) {
208                             dublicatedName = true;
209                             if (dublicatedUrl) {
210                                    break;
211                             }
212                      }
213               }
214               if (dublicatedUrl || dublicatedName) {
215                      if (dublicatedUrl) {
216                             fieldsValidator.addProblematicFieldName(urlField);
217                      }
218                      if (dublicatedName) {
219                             fieldsValidator.addProblematicFieldName(nameField);
220                      }
221                      fieldsValidator.setHttpStatusCode((long) HttpServletResponse.SC_CONFLICT);
222                      fieldsValidator.setErrorCode(DUBLICATED_FIELD_VALUE_ECOMP_ERROR);
223               }
224        }
225
226        private List<FnWidget> getWidgets(final OnboardingWidget onboardingWidget) {
227               return fnWidgetDao.getForUrlNameAndAppId(onboardingWidget.getUrl(), onboardingWidget.getName(), onboardingWidget.getAppId()).orElse(new ArrayList<>());
228        }
229
230        public FieldsValidator deleteOnboardingWidget(FnUser user, Long onboardingWidgetId) {
231               FieldsValidator fieldsValidator = new FieldsValidator();
232               synchronized (syncRests) {
233                      FnWidget widget = fnWidgetDao.getOne(onboardingWidgetId);
234                      if (widget != null && widget.getAppId() != null) { // widget exists
235                             if (!this.isUserAdminOfAppForWidget(adminRolesService.isSuperAdmin(user.getOrgUserId()), user.getId(),
236                                     widget.getAppId())) {
237                                    fieldsValidator.setHttpStatusCode((long) HttpServletResponse.SC_FORBIDDEN);
238                             } else {
239                                    fnWidgetDao.deleteById(onboardingWidgetId);
240                                    fieldsValidator.setHttpStatusCode(
241                                            (long) HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
242                             }
243                      }
244               }
245               return fieldsValidator;
246        }
247
248        public FnWidget saveOne(final FnWidget widget){
249               return fnWidgetDao.saveAndFlush(widget);
250        }
251 }