Code Review / portal.git / blob
? search:


c150528ea19eba381a188e0654038aa0651cd71e
[portal.git] /
1 /*-
2  * ================================================================================
3  * ECOMP Portal
4  * ================================================================================
5  * Copyright (C) 2017 AT&T Intellectual Property
6  * ================================================================================
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  * 
11  *      http://www.apache.org/licenses/LICENSE-2.0
12  * 
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  * ================================================================================
19  */
20
21 package org.openecomp.portalapp.portal.controller;
22
23 import java.util.ArrayList;
24
25 import javax.servlet.http.HttpServletRequest;
26 import javax.servlet.http.HttpServletResponse;
27
28 import org.openecomp.portalapp.externalsystemapproval.model.ExternalSystemRoleApproval;
29 import org.openecomp.portalapp.externalsystemapproval.model.ExternalSystemUser;
30 import org.openecomp.portalapp.portal.ecomp.model.PortalRestResponse;
31 import org.openecomp.portalapp.portal.ecomp.model.PortalRestStatusEnum;
32 import org.openecomp.portalapp.portal.logging.aop.EPAuditLog;
33 import org.openecomp.portalapp.portal.service.UserRolesService;
34 import org.openecomp.portalapp.portal.transport.ExternalRequestFieldsValidator;
35 import org.openecomp.portalsdk.core.logging.logic.EELFLoggerDelegate;
36 import org.springframework.beans.factory.annotation.Autowired;
37 import org.springframework.context.annotation.Configuration;
38 import org.springframework.context.annotation.EnableAspectJAutoProxy;
39 import org.springframework.web.bind.annotation.RequestBody;
40 import org.springframework.web.bind.annotation.RequestMapping;
41 import org.springframework.web.bind.annotation.RequestMethod;
42 import org.springframework.web.bind.annotation.RestController;
43
44 import io.swagger.annotations.ApiOperation;
45
46 @RestController
47 @RequestMapping("/auxapi")
48 @Configuration
49 @EnableAspectJAutoProxy
50 @EPAuditLog
51 public class RolesApprovalSystemController implements BasicAuthenticationController {
52         
53         private EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(RolesApprovalSystemController.class);
54
55         @Autowired
56         private UserRolesService userRolesService;
57
58         /**
59          * Creates an application user with the specified roles.
60          * 
61          * @param request
62          * @param extSysUser
63          * @return PortalRestResponse with appropriate status value and message
64          */
65         @ApiOperation(value = "Creates an application user with the specified roles.", response = PortalRestResponse.class)
66         @RequestMapping(value = { "/userProfile" }, method = RequestMethod.POST, produces = "application/json")
67         public PortalRestResponse<String> postUserProfile(HttpServletRequest request,
68                         @RequestBody ExternalSystemUser extSysUser, HttpServletResponse response) {
69                 ExternalRequestFieldsValidator reqResult = null;
70                 try {
71                         logger.info(EELFLoggerDelegate.debugLogger, "postUserProfile: request received for app {}, user {}",
72                                         extSysUser.getApplicationName(), extSysUser.getLoginId());
73                         
74                         validateExtSystemUser(extSysUser, true);
75                  reqResult = userRolesService.setExternalRequestUserAppRole(extSysUser, "POST");
76                  if (!reqResult.isResult())
77                                 throw new Exception(reqResult.getDetailMessage());
78                 } catch (Exception e) {
79                         logger.error(EELFLoggerDelegate.errorLogger, "postUserProfile: failed for app {}, user {}",
80                                         extSysUser.getApplicationName(), extSysUser.getLoginId(), e);
81                         if(reqResult == null || (!reqResult.isResult()  && !e.getMessage().contains("404"))){
82                                 response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
83                                 return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR,
84                                                 e.getMessage(), "save user profile failed"); 
85                     } else if(e.getMessage().contains("404")){
86                                 response.setStatus(HttpServletResponse.SC_NOT_FOUND);
87                                 return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR,
88                                                 e.getMessage(), "save user profile failed");
89                         } else{
90                                 response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
91                                 return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR,
92                                                 e.getMessage(), "save user profile failed");
93                         }
94                 }
95                 return new PortalRestResponse<String>(PortalRestStatusEnum.OK, reqResult.getDetailMessage(), "Success");
96         }
97
98         /**
99          * Updates an application user to have only the specified roles.
100          * 
101          * @param request
102          * @param extSysUser
103          * @return PortalRestResponse with appropriate status value and message
104          */
105         @ApiOperation(value = "Updates an application user to have only the specified roles.", response = PortalRestResponse.class)
106         @RequestMapping(value = { "/userProfile" }, method = RequestMethod.PUT, produces = "application/json")
107         public PortalRestResponse<String> putUserProfile(HttpServletRequest request,
108                         @RequestBody ExternalSystemUser extSysUser, HttpServletResponse response) {
109                 ExternalRequestFieldsValidator reqResult = null;
110                 try {
111                         logger.info(EELFLoggerDelegate.debugLogger, "putUserProfile: request received for app {}, user {}", 
112                                         extSysUser.getApplicationName(), extSysUser.getLoginId());
113                         validateExtSystemUser(extSysUser, true);
114                         reqResult = userRolesService.setExternalRequestUserAppRole(extSysUser, "PUT");
115                          if (!reqResult.isResult())
116                                         throw new Exception(reqResult.getDetailMessage());
117                 } catch (Exception e) {
118                         logger.error(EELFLoggerDelegate.errorLogger, "putUserProfile: failed for app {}, user {}",
119                                         extSysUser.getApplicationName(), extSysUser.getLoginId(), e);
120                         if(reqResult == null || (!reqResult.isResult()  && !e.getMessage().contains("404"))){
121                                 response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
122                                 return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR,
123                                                 e.getMessage(), "save user profile failed"); 
124                     } else if(e.getMessage().contains("404")){
125                                 response.setStatus(HttpServletResponse.SC_NOT_FOUND);
126                                 return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR,
127                                                 e.getMessage(), "save user profile failed");
128                         } else{
129                                 response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
130                                 return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR,
131                                                 e.getMessage(), "save user profile failed");
132                         }
133                 }
134                 return new PortalRestResponse<String>(PortalRestStatusEnum.OK, reqResult.getDetailMessage() , "Success");
135         }
136
137         /**
138          * Deletes an application user by removing all assigned roles.
139          * 
140          * @param request
141          * @param extSysUser
142          *            This object must have zero roles.
143          * @return PortalRestResponse with appropriate status value and message
144          */
145         @ApiOperation(value = "Processes a request to delete one or more application roles for one      specified user who has roles.", response = PortalRestResponse.class)
146         @RequestMapping(value = { "/userProfile" }, method = RequestMethod.DELETE, produces = "application/json")
147         public PortalRestResponse<String> deleteUserProfile(HttpServletRequest request,
148                         @RequestBody ExternalSystemUser extSysUser, HttpServletResponse response) {
149                 ExternalRequestFieldsValidator reqResult  = null;
150                 try {
151                         logger.info(EELFLoggerDelegate.debugLogger, "deleteUserProfile: request received for app {}, user {}", 
152                                         extSysUser.getApplicationName(), extSysUser.getLoginId());
153                         validateExtSystemUser(extSysUser, false);
154                         // Ignore any roles that might be mistakenly present in the request
155                         extSysUser.setRoles(new ArrayList<ExternalSystemRoleApproval>());
156                         reqResult = userRolesService.setExternalRequestUserAppRole(extSysUser, "DELETE");
157                          if (!reqResult.isResult())
158                                         throw new Exception(reqResult.getDetailMessage());
159                 } catch (Exception e) {
160                         logger.error(EELFLoggerDelegate.errorLogger, "deleteUserProfile: failed for app {}, user {}",
161                                         extSysUser.getApplicationName(), extSysUser.getLoginId(), e);
162                         if(reqResult == null || (!reqResult.isResult()  && !e.getMessage().contains("404"))){
163                                 response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
164                                 return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR,
165                                                 e.getMessage(), "delete user profile failed"); 
166                     }else if(e.getMessage().contains("404")){
167                                 response.setStatus(HttpServletResponse.SC_NOT_FOUND);
168                                 return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR,
169                                                 e.getMessage(), "delete user profile failed");
170                         } else{
171                                 response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
172                                 return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR,
173                                                 e.getMessage(), "delete user profile failed");
174                         }
175                 }
176                 return new PortalRestResponse<String>(PortalRestStatusEnum.OK, "Deleted Successfully", "Success");
177         }
178
179         /**
180          * Checks for presence of required fields.
181          * 
182          * @param extSysUser
183          * @param rolesRequired
184          *            If true, checks whether roles are present
185          * @throws Exception
186          *             If any field is missing.
187          */
188         private void validateExtSystemUser(ExternalSystemUser extSysUser, boolean rolesRequired) throws Exception {
189                 if (extSysUser.getLoginId() == null || extSysUser.getLoginId() == "")
190                         throw new Exception("Request has no login ID");
191                 if (extSysUser.getApplicationName() == null || extSysUser.getApplicationName() == "")
192                         throw new Exception("Request has no application name");
193                 if (extSysUser.getMyloginrequestId() == null)
194                         throw new Exception("Request has no request ID");
195                 if (rolesRequired && (extSysUser.getRoles() == null || extSysUser.getRoles().size() == 0))
196                         throw new Exception("Request has no roles");
197         }
198
199 }
ARCHIVED- 2022-02-15 at the request of the project