Code Review / portal / sdk.git / blob
? search:


0466c1cd3883023ebe14b183632ae5297e64835c
[portal/sdk.git] /
1 /*-
2  * ================================================================================
3  * ECOMP Portal SDK
4  * ================================================================================
5  * Copyright (C) 2017 AT&T Intellectual Property
6  * ================================================================================
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  * 
11  *      http://www.apache.org/licenses/LICENSE-2.0
12  * 
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  * ================================================================================
19  */
20 package org.openecomp.portalsdk.analytics.model.base;
21
22 import java.io.*;
23 import java.sql.*;
24 import java.util.*;
25
26 import javax.servlet.http.HttpServletRequest;
27 import javax.servlet.http.HttpSession;
28
29 import org.openecomp.portalsdk.analytics.controller.ActionHandler;
30 import org.openecomp.portalsdk.analytics.error.*;
31 import org.openecomp.portalsdk.analytics.model.base.*;
32 import org.openecomp.portalsdk.analytics.model.definition.*;
33 import org.openecomp.portalsdk.analytics.system.*;
34 import org.openecomp.portalsdk.analytics.util.*;
35 import org.openecomp.portalsdk.core.logging.logic.EELFLoggerDelegate;
36
37 public class ReportSecurity extends org.openecomp.portalsdk.analytics.RaptorObject {
38
39         EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(ReportSecurity.class);
40
41         
42         private String reportID = null;
43
44         private String ownerID = null;
45
46         private String createID = null;
47
48         private String createDate = null;
49
50         private String updateID = null;
51
52         private String updateDate = null;
53
54         private boolean isPublic = false;
55
56         private Hashtable reportRoles = new Hashtable();
57
58         private Hashtable reportUsers = new Hashtable();
59
60         public ReportSecurity(String reportID) {
61                 this(reportID, null, null, null, null, null, false);
62         } // ReportSecurity
63
64         public ReportSecurity(String reportID, String ownerID, String createID, String createDate,
65                         String updateID, String updateDate, boolean isPublic) {
66                 super();
67
68                 if (ownerID == null)
69                         // Need to load the report record from the database
70                         if (!reportID.equals("-1"))
71                                 try {
72                                         /*DataSet ds = DbUtils
73                                                         .executeQuery("SELECT NVL(cr.owner_id, cr.create_id) owner_id, cr.create_id, TO_CHAR(cr.create_date, '"
74                                                                         + Globals.getOracleTimeFormat()
75                                                                         + "') create_date, maint_id, TO_CHAR(cr.maint_date, '"
76                                                                         + Globals.getOracleTimeFormat()
77                                                                         + "') update_date, cr.public_yn FROM cr_report cr WHERE cr.rep_id="
78                                                                         + reportID);*/
79                                         String sql = Globals.getReportSecurity();
80                                         sql = sql.replace("[rw.getReportID()]", reportID);
81                                         DataSet ds = DbUtils.executeQuery(sql);
82                                         ownerID = ds.getString(0, 0);
83                                         createID = ds.getString(0, 1);
84                                         createDate = ds.getString(0, 2);
85                                         updateID = ds.getString(0, 3);
86                                         updateDate = ds.getString(0, 4);
87                                         isPublic = nvl(ds.getString(0, 5)).equals("Y");
88                                 } catch (Exception e) {
89                                         String eMsg = "ReportSecurity.ReportSecurity: Unable to load report record details. Exception: "
90                                                         + e.getMessage();
91                                         //Log.write(eMsg);
92                                         logger.debug(EELFLoggerDelegate.debugLogger, ("[EXCEPTION ENCOUNTERED IN RAPTOR] "+eMsg));
93                                         throw new RuntimeException(eMsg);
94                                 }
95
96                 this.reportID = reportID;
97                 this.ownerID = ownerID;
98                 this.createID = createID;
99                 this.createDate = createDate;
100                 this.updateID = updateID;
101                 this.updateDate = updateDate;
102                 this.isPublic = isPublic;
103
104                 /*
105                  * reportUsers.put(ownerID, "N"); // Owner has full access
106                  * reportRoles.put(AppUtils.getSuperRoleID(), "N"); // Super role has
107                  * full access for(Iterator iter=AppUtils.getAdminRoleIDs().iterator();
108                  * iter.hasNext(); ) reportRoles.put((String) iter.next(), "Y"); //
109                  * Admin role(s) have read-only access
110                  */
111                 try {
112                         String reportUserAccessSql= Globals.getReportUserAccess();
113                         reportUserAccessSql = reportUserAccessSql.replace("[reportID]", reportID);
114
115                         DataSet ds = DbUtils
116                                         .executeQuery(reportUserAccessSql);
117                         for (int i = 0; i < ds.getRowCount(); i++) {
118                                 String roleID = nvl(ds.getString(i, 0));
119                                 if (roleID.length() > 0)
120                                         reportRoles.put(roleID, ds.getString(i, 2));
121
122                                 String userID = nvl(ds.getString(i, 1));
123                                 if (userID.length() > 0)
124                                         reportUsers.put(userID, ds.getString(i, 2));
125                         } // for
126                 } catch (Exception e) {
127                         String eMsg = "ReportSecurity.ReportSecurity: Unable to load access priviledges - error "
128                         + e.getMessage();
129                         logger.error(EELFLoggerDelegate.debugLogger, ("[EXCEPTION ENCOUNTERED IN RAPTOR] " + eMsg));
130                         throw new RuntimeException(eMsg);
131                 }
132         } // ReportSecurity
133
134         public String getOwnerID() {
135                 return ownerID;
136         }
137
138         public String getCreateID() {
139                 return createID;
140         }
141
142         public String getCreateDate() {
143                 return createDate;
144         }
145
146         public String getUpdateID() {
147                 return updateID;
148         }
149
150         public String getUpdateDate() {
151                 return updateDate;
152         }
153
154         public void setOwnerID(String ownerID) {
155                 this.ownerID = ownerID;
156         }
157
158         public void setPublic(boolean isPublic) {
159                 this.isPublic = isPublic;
160         }
161
162         public void reportCreate(String reportID, String userID, boolean isPublic) {
163                 this.reportID = reportID;
164                 this.ownerID = userID;
165                 this.createID = userID;
166                 this.createDate = Utils.getCurrentDateTime();
167                 this.updateID = userID;
168                 this.updateDate = this.createDate;
169                 this.isPublic = isPublic;
170         } // reportCreate
171
172         public void reportUpdate(HttpServletRequest request) throws RaptorException  {
173                 checkUserWriteAccess(request);
174                 String userID = AppUtils.getUserID(request);
175                 this.updateID = userID;
176                 this.updateDate = Utils.getCurrentDateTime();
177         } // reportUpdate
178
179         /** ************************************************************* */
180
181         public Vector getReportUsers(HttpServletRequest request) throws RaptorException {
182                 HttpSession session = request.getSession();
183                 String query = Globals.getCustomizedScheduleQueryForUsers();
184         String[] sessionParameters = Globals.getSessionParams().split(",");
185         session.setAttribute("login_id", AppUtils.getUserBackdoorLoginId(request));
186         String param = "";
187         for (int i = 0; i < sessionParameters.length; i++) {
188                   param = (String)session.getAttribute(sessionParameters[0]);
189               query = Utils.replaceInString(query, "[" + sessionParameters[i].toUpperCase()+"]", (String)session.getAttribute(sessionParameters[i]) );
190         }
191         boolean isAdmin = AppUtils.isAdminUser(request);
192         Vector allUsers = AppUtils.getAllUsers(query,param, isAdmin);
193                 Vector rUsers = new Vector(allUsers.size());
194
195                 for (Iterator iter = allUsers.iterator(); iter.hasNext();) {
196                         IdNameValue user = (IdNameValue) iter.next();
197                         String readOnlyAccess = (String) reportUsers.get(user.getId());
198                         if (readOnlyAccess != null)
199                                 rUsers.add(new SecurityEntry(user.getId(), user.getName(), readOnlyAccess
200                                                 .equals("Y")));
201                 } // for
202
203                 return rUsers;
204         } // getReportUsers
205
206         public Vector getReportRoles(HttpServletRequest request) throws RaptorException {
207                 HttpSession session = request.getSession();
208                 String query = Globals.getCustomizedScheduleQueryForRoles();
209         String[] sessionParameters = Globals.getSessionParams().split(",");
210         String param = "";
211         for (int i = 0; i < sessionParameters.length; i++) {
212                   param = (String)session.getAttribute(sessionParameters[0]);
213               query = Utils.replaceInString(query, "[" + sessionParameters[i].toUpperCase()+"]", (String)session.getAttribute(sessionParameters[i]) );
214               
215         }
216         boolean isAdmin = AppUtils.isAdminUser(request);
217                 Vector allRoles = AppUtils.getAllRoles(query, param, isAdmin);
218                 Vector rRoles = new Vector(allRoles.size());
219
220                 for (Iterator iter = allRoles.iterator(); iter.hasNext();) {
221                         IdNameValue role = (IdNameValue) iter.next();
222                         String readOnlyAccess = (String) reportRoles.get(role.getId());
223                         if (readOnlyAccess != null)
224                                 rRoles.add(new SecurityEntry(role.getId(), role.getName(), readOnlyAccess
225                                                 .equals("Y")));
226                 } // for
227
228                 return rRoles;
229         } // getReportRoles
230
231         /** ************************************************************* */
232
233         private void validateReadOnlyAccess(String readOnlyAccess) throws Exception {
234                 if (!(readOnlyAccess != null && (readOnlyAccess.equals("Y") || readOnlyAccess
235                                 .equals("N"))))
236                         throw new RuntimeException(
237                                         "[ReportSecurity.validateReadOnlyAccess] Invalid parameter value");
238         } // validateReadOnlyAccess
239
240         public void addUserAccess(String userID, String readOnlyAccess) throws Exception {
241                 validateReadOnlyAccess(readOnlyAccess);
242                 reportUsers.put(userID, readOnlyAccess);
243                 String addUserAccessSql= Globals.getAddUserAccess();
244                 addUserAccessSql = addUserAccessSql.replace("[reportID]", reportID);
245                 addUserAccessSql = addUserAccessSql.replace("[userID]", userID);
246                 addUserAccessSql = addUserAccessSql.replace("[readOnlyAccess]", readOnlyAccess);
247                 DbUtils
248                                 .executeUpdate(addUserAccessSql);
249         } // addUserAccess
250
251         public void updateUserAccess(String userID, String readOnlyAccess) throws Exception {
252                 validateReadOnlyAccess(readOnlyAccess);
253                 reportUsers.remove(userID);
254                 reportUsers.put(userID, readOnlyAccess);
255                 String updateUserAccessSql= Globals.getUpdateUserAccess();
256                 updateUserAccessSql = updateUserAccessSql.replace("[reportID]", reportID);
257                 updateUserAccessSql = updateUserAccessSql.replace("[userID]", userID);
258                 updateUserAccessSql = updateUserAccessSql.replace("[readOnlyAccess]", readOnlyAccess);
259                 DbUtils.executeUpdate(updateUserAccessSql);
260         } // updateUserAccess
261
262         public void removeUserAccess(String userID) throws Exception {
263                 reportUsers.remove(userID);
264                 
265                 String removeUserAccessSql= Globals.getRemoveUserAccess();
266                 removeUserAccessSql = removeUserAccessSql.replace("[reportID]", reportID);
267                 removeUserAccessSql = removeUserAccessSql.replace("[userID]", userID);
268                 DbUtils.executeUpdate(removeUserAccessSql);
269         } // removeUserAccess
270
271         public void addRoleAccess(String roleID, String readOnlyAccess) throws Exception {
272                 validateReadOnlyAccess(readOnlyAccess);
273                 reportRoles.put(roleID, readOnlyAccess);
274                 String addRoleAccessSql= Globals.getAddRoleAccess();
275                 addRoleAccessSql = addRoleAccessSql.replace("[reportID]", reportID);
276                 addRoleAccessSql = addRoleAccessSql.replace("[roleID]", roleID);
277                 addRoleAccessSql = addRoleAccessSql.replace("[readOnlyAccess]", readOnlyAccess);
278                 DbUtils
279                                 .executeUpdate(addRoleAccessSql);
280         } // addRoleAccess
281
282         public void updateRoleAccess(String roleID, String readOnlyAccess) throws Exception {
283                 validateReadOnlyAccess(readOnlyAccess);
284                 reportRoles.remove(roleID);
285                 reportRoles.put(roleID, readOnlyAccess);
286                 String updateRoleAccessSql= Globals.getUpdateRoleAccess();
287                 updateRoleAccessSql = updateRoleAccessSql.replace("[reportID]", reportID);
288                 updateRoleAccessSql = updateRoleAccessSql.replace("[roleID]", roleID);
289                 updateRoleAccessSql = updateRoleAccessSql.replace("[readOnlyAccess]", readOnlyAccess);
290                 DbUtils.executeUpdate(updateRoleAccessSql);
291         } // updateRoleAccess
292
293         public void removeRoleAccess(String roleID) throws Exception {
294                 reportRoles.remove(roleID);
295                 String removeRoleAccessSql= Globals.getRemoveRoleAccess();
296                 removeRoleAccessSql = removeRoleAccessSql.replace("[reportID]", reportID);
297                 removeRoleAccessSql = removeRoleAccessSql.replace("[roleID]", roleID);
298                 DbUtils.executeUpdate(removeRoleAccessSql);
299         } // removeRoleAccess
300
301         /** ************************************************************* */
302
303         public void checkUserReadAccess(HttpServletRequest request, String userID) throws RaptorException  {
304                 if(userID == null) 
305                         userID = AppUtils.getUserID(request);
306                 if(userID != null) {
307                         //userID = AppUtils.getUserID(request);
308                         if (nvl(reportID).equals("-1"))
309                                 return;
310         
311                         if (true) //todo: replace with proper check isPublic
312                                 return;
313         
314                         if (userID.equals(ownerID))
315                                 return;
316         
317                         if (reportUsers.get(userID) != null)
318                                 return;
319                 }
320                 Vector userRoles = null;
321                 String userName = null;
322                 if(userID == null) {
323                         userRoles = AppUtils.getUserRoles(request);
324                         userName = AppUtils.getUserName(request);
325                         userID = AppUtils.getUserID(request);
326                 } else {
327                         userRoles = AppUtils.getUserRoles(userID);
328                         userName = AppUtils.getUserName(userID);
329                 }
330                 if (nvl(reportID).equals("-1"))
331                         return;
332
333                 if (isPublic)
334                         return;
335
336                 if (userID.equals(ownerID))
337                         return;
338
339                 if (reportUsers.get(userID) != null)
340                         return;
341                 
342                 for (Iterator iter = userRoles.iterator(); iter.hasNext();) {
343                         String userRole = (String) iter.next();
344                         if (nvl(userRole).equals(AppUtils.getSuperRoleID()))
345                                 return;
346                 }               
347                 for (Iterator iter = userRoles.iterator(); iter.hasNext();) {
348                         String userRole = (String) iter.next();
349
350                         if (nvl(userRole).equals(AppUtils.getSuperRoleID()))
351                                 return;
352
353                         if (reportRoles.get(userRole) != null)
354                                 return;
355
356                         for (Iterator iterA = AppUtils.getAdminRoleIDs().iterator(); iterA.hasNext();)
357                                 if (nvl(userRole).equals((String) iterA.next()))
358                                         return;
359                 } // for
360
361                 throw new UserAccessException(reportID, "[" + userID + "] "
362                                 + userName, AppConstants.UA_READ);
363         } // checkUserReadAccess
364
365         public void checkUserWriteAccess(HttpServletRequest request) throws RaptorException  {
366                 String userID = AppUtils.getUserID(request);
367                 if (nvl(reportID).equals("-1"))
368                         return;
369
370                 if (userID.equals(ownerID))
371                         return;
372
373                 if (nvl((String) reportUsers.get(userID)).equals("N"))
374                         return;
375
376                 for (Iterator iter = AppUtils.getUserRoles(request).iterator(); iter.hasNext();) {
377                         String userRole = (String) iter.next();
378
379                         if (nvl(userRole).equals(AppUtils.getSuperRoleID()))
380                                 return;
381
382                         if (nvl((String) reportRoles.get(userRole)).equals("N"))
383                                 return;
384
385                         for (Iterator iterA = AppUtils.getAdminRoleIDs().iterator(); iterA.hasNext();)
386                                 if (nvl(userRole).equals((String) iterA.next()))
387                                         return;
388                 } // for
389
390                 throw new UserAccessException(reportID, "[" + userID + "] "
391                                 + AppUtils.getUserName(request), AppConstants.UA_WRITE);
392         } // checkUserWriteAccess
393
394         public void checkUserDeleteAccess(HttpServletRequest request)  throws RaptorException  {
395                 String userID = AppUtils.getUserID(request);
396                 if (Globals.getDeleteOnlyByOwner()) {
397                         if (!userID.equals(ownerID))
398                                 throw new UserAccessException(reportID, "[" + userID + "] "
399                                                 + AppUtils.getUserName(request), AppConstants.UA_DELETE);
400                 } else
401                         checkUserWriteAccess(request);
402         } // checkUserDeleteAccess
403
404 } // ReportSecurity
ARCHIVED- 2022-02-15 at the request of the project