Code Review / portal.git / blob
? search:


fa49d5b2b01b064cace9092db5462c8d6f3d9474
[portal.git] /
1 /*-\r
2  * ================================================================================\r
3  * ECOMP Portal\r
4  * ================================================================================\r
5  * Copyright (C) 2017 AT&T Intellectual Property\r
6  * ================================================================================\r
7  * Licensed under the Apache License, Version 2.0 (the "License");\r
8  * you may not use this file except in compliance with the License.\r
9  * You may obtain a copy of the License at\r
10  * \r
11  *      http://www.apache.org/licenses/LICENSE-2.0\r
12  * \r
13  * Unless required by applicable law or agreed to in writing, software\r
14  * distributed under the License is distributed on an "AS IS" BASIS,\r
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
16  * See the License for the specific language governing permissions and\r
17  * limitations under the License.\r
18  * ================================================================================\r
19  */\r
20 package org.openecomp.portalapp.portal.controller;\r
21 \r
22 import java.util.List;\r
23 \r
24 import javax.servlet.http.HttpServletRequest;\r
25 import javax.servlet.http.HttpServletResponse;\r
26 \r
27 import org.openecomp.portalapp.portal.domain.EPApp;\r
28 import org.openecomp.portalapp.portal.domain.EPUser;\r
29 import org.openecomp.portalapp.portal.ecomp.model.PortalRestResponse;\r
30 import org.openecomp.portalapp.portal.ecomp.model.PortalRestStatusEnum;\r
31 import org.openecomp.portalapp.portal.logging.aop.EPAuditLog;\r
32 import org.openecomp.portalapp.portal.service.AdminRolesService;\r
33 import org.openecomp.portalapp.portal.service.EPAppService;\r
34 import org.openecomp.portalapp.portal.service.PortalAdminService;\r
35 import org.openecomp.portalapp.portal.service.UserService;\r
36 import org.openecomp.portalapp.portal.transport.FieldsValidator;\r
37 import org.openecomp.portalapp.portal.transport.OnboardingApp;\r
38 import org.openecomp.portalapp.portal.utils.EcompPortalUtils;\r
39 import org.openecomp.portalapp.portal.utils.PortalConstants;\r
40 import org.openecomp.portalsdk.core.logging.logic.EELFLoggerDelegate;\r
41 import org.springframework.beans.factory.annotation.Autowired;\r
42 import org.springframework.context.annotation.Configuration;\r
43 import org.springframework.context.annotation.EnableAspectJAutoProxy;\r
44 import org.springframework.web.bind.annotation.PathVariable;\r
45 import org.springframework.web.bind.annotation.RequestBody;\r
46 import org.springframework.web.bind.annotation.RequestMapping;\r
47 import org.springframework.web.bind.annotation.RequestMethod;\r
48 import org.springframework.web.bind.annotation.ResponseBody;\r
49 import org.springframework.web.bind.annotation.RestController;\r
50 \r
51 import io.swagger.annotations.ApiOperation;\r
52 \r
53 /**\r
54  * Processes requests from external systems (i.e., not the front-end web UI).\r
55  * First use case is ECOMP Controller, which has to create an admin and onboard\r
56  * itself upon launch of a fresh Portal.\r
57  * \r
58  * Listens on the "auxapi" path prefix. Provides alternate implementations of\r
59  * methods in several existing controllers because an EPUser object is not\r
60  * available in the session for these requests.\r
61  * \r
62  * Checks credentials sent via HTTP Basic Authentication. The Portal's basic\r
63  * HTTP authentication system requires that the user names and endpoints are\r
64  * registered together.\r
65  */\r
66 @RestController\r
67 @RequestMapping(PortalConstants.REST_AUX_API)\r
68 @Configuration\r
69 @EnableAspectJAutoProxy\r
70 @EPAuditLog\r
71 public class AppsControllerExternalRequest implements BasicAuthenticationController {\r
72 \r
73         private EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(AppsControllerExternalRequest.class);\r
74 \r
75         private static final String ONBOARD_APP = "/onboardApp";\r
76 \r
77         // Where is this used?\r
78         public boolean isAuxRESTfulCall() {\r
79                 return true;\r
80         }\r
81 \r
82         /**\r
83          * For testing whether a user is a superadmin.\r
84          */\r
85         @Autowired\r
86         private AdminRolesService adminRolesService;\r
87 \r
88         /**\r
89          * For onboarding or updating an app\r
90          */\r
91         @Autowired\r
92         private EPAppService appService;\r
93 \r
94         /**\r
95          * For promoting a user to Portal admin\r
96          */\r
97         @Autowired\r
98         private PortalAdminService portalAdminService;\r
99 \r
100         /**\r
101          * For creating a new user\r
102          */\r
103         @Autowired\r
104         private UserService userService;\r
105 \r
106         /**\r
107          * Creates a new user as a Portal administrator.\r
108          * \r
109          * <PRE>\r
110          { \r
111                 "loginId" : "abc123",\r
112                 "loginPwd": "",\r
113                 "email":"ecomp@controller" \r
114          }\r
115          * </PRE>\r
116          * \r
117          * @param request\r
118          *            HttpServletRequest\r
119          * @param epUser\r
120          *            User details; the email and orgUserId fields are mandatory\r
121          * @param response\r
122          *            HttpServletResponse\r
123          * @return PortalRestResponse with success or failure\r
124          */\r
125         @ApiOperation(value = "Creates a new user as a Portal administrator.", response = PortalRestResponse.class)\r
126         @RequestMapping(value = "/portalAdmin", method = RequestMethod.POST, produces = "application/json")\r
127         @ResponseBody\r
128         public PortalRestResponse<String> postPortalAdmin(HttpServletRequest request, HttpServletResponse response,\r
129                         @RequestBody EPUser epUser) {\r
130                 EcompPortalUtils.logAndSerializeObject(logger, "postPortalAdmin", "request", epUser);\r
131                 PortalRestResponse<String> portalResponse = new PortalRestResponse<>();\r
132 \r
133                 // Check mandatory fields.\r
134                 if (epUser.getEmail() == null || epUser.getEmail().trim().length() == 0 //\r
135                                 || epUser.getLoginId() == null || epUser.getLoginId().trim().length() == 0 //\r
136                                 || epUser.getLoginPwd() == null) {\r
137                         portalResponse.setStatus(PortalRestStatusEnum.ERROR);\r
138                         portalResponse.setMessage("Missing required field: email, loginId, or loginPwd");\r
139                         return portalResponse;\r
140                 }\r
141 \r
142                 try {\r
143                         // Check for existing user; create if not found.\r
144                         List<EPUser> userList = userService.getUserByUserId(epUser.getOrgUserId());\r
145                         if (userList == null || userList.size() == 0) {\r
146                                 // Create user with first, last names etc.; do check for\r
147                                 // duplicates.\r
148                                 String userCreateResult = userService.saveNewUser(epUser, "Yes");\r
149                                 if (!"success".equals(userCreateResult)) {\r
150                                         portalResponse.setStatus(PortalRestStatusEnum.ERROR);\r
151                                         portalResponse.setMessage(userCreateResult);\r
152                                         return portalResponse;\r
153                                 }\r
154                         }\r
155 \r
156                         // Check for Portal admin status; promote if not.\r
157                         if (adminRolesService.isSuperAdmin(epUser)) {\r
158                                 portalResponse.setStatus(PortalRestStatusEnum.OK);\r
159                         } else {\r
160                                 FieldsValidator fv = portalAdminService.createPortalAdmin(epUser.getOrgUserId());\r
161                                 if (fv.httpStatusCode.intValue() == HttpServletResponse.SC_OK) {\r
162                                         portalResponse.setStatus(PortalRestStatusEnum.OK);\r
163                                 } else {\r
164                                         portalResponse.setStatus(PortalRestStatusEnum.ERROR);\r
165                                         portalResponse.setMessage(fv.toString());\r
166                                 }\r
167                         }\r
168                 } catch (Exception ex) {\r
169                         // Uncaught exceptions yield 404 and an empty error page\r
170                         response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);\r
171                         portalResponse.setStatus(PortalRestStatusEnum.ERROR);\r
172                         portalResponse.setMessage(ex.toString());\r
173                 }\r
174 \r
175                 EcompPortalUtils.logAndSerializeObject(logger, "postPortalAdmin", "response", portalResponse);\r
176                 return portalResponse;\r
177         }\r
178 \r
179         /**\r
180          * Gets the specified application that is on-boarded in Portal.\r
181          * \r
182          * @param request\r
183          *            HttpServletRequest\r
184          * @param appId\r
185          *            Application ID to get\r
186          * @param response\r
187          *            httpServletResponse\r
188          * @return OnboardingApp objects\r
189          */\r
190         @ApiOperation(value = "Gets the specified application that is on-boarded in Portal.", response = OnboardingApp.class)\r
191         @RequestMapping(value = { ONBOARD_APP + "/{appId}" }, method = RequestMethod.GET, produces = "application/json")\r
192         @ResponseBody\r
193         public OnboardingApp getOnboardAppExternal(HttpServletRequest request, HttpServletResponse response,\r
194                         @PathVariable("appId") Long appId) {\r
195                 EPApp epApp = appService.getApp(appId);\r
196                 OnboardingApp obApp = new OnboardingApp();\r
197                 appService.createOnboardingFromApp(epApp, obApp);\r
198                 EcompPortalUtils.logAndSerializeObject(logger, "getOnboardAppExternal", "response", obApp);\r
199                 return obApp;\r
200         }\r
201 \r
202         /**\r
203          * Adds a new application to Portal. The My Logins App Owner in the request\r
204          * must be the organization user ID of a person who is a Portal\r
205          * administrator.\r
206          * \r
207          * <pre>\r
208          * { \r
209                 "myLoginsAppOwner" : "abc123",\r
210                 "name": "dashboard",\r
211                 "url": "http://k8s/something",\r
212                 "restUrl" : "http://aic.att.com",\r
213                 "restrictedApp" : true,\r
214                 "isOpen" : true,\r
215                 "isEnabled": false\r
216                 }\r
217          * </pre>\r
218          * \r
219          * @param request\r
220          *            HttpServletRequest\r
221          * @param response\r
222          *            httpServletResponse\r
223          * @param newOnboardApp\r
224          *            Message with details about the app to add\r
225          * @return PortalRestResponse\r
226          */\r
227         @ApiOperation(value = "Adds a new application to Portal.", response = PortalRestResponse.class)\r
228         @RequestMapping(value = { ONBOARD_APP }, method = RequestMethod.POST, produces = "application/json")\r
229         @ResponseBody\r
230         public PortalRestResponse<String> postOnboardAppExternal(HttpServletRequest request, HttpServletResponse response,\r
231                         @RequestBody OnboardingApp newOnboardApp) {\r
232                 EcompPortalUtils.logAndSerializeObject(logger, "postOnboardAppExternal", "request", newOnboardApp);\r
233                 PortalRestResponse<String> portalResponse = new PortalRestResponse<>();\r
234 \r
235                 // Validate fields\r
236                 if (newOnboardApp.id != null) {\r
237                         portalResponse.setStatus(PortalRestStatusEnum.ERROR);\r
238                         portalResponse.setMessage("Unexpected field: id");\r
239                         return portalResponse;\r
240                 }\r
241                 if (newOnboardApp.name == null || newOnboardApp.name.trim().length() == 0 //\r
242                                 || newOnboardApp.url == null || newOnboardApp.url.trim().length() == 0 //\r
243                                 || newOnboardApp.restUrl == null || newOnboardApp.restUrl.trim().length() == 0\r
244                                 || newOnboardApp.myLoginsAppOwner == null || newOnboardApp.myLoginsAppOwner.trim().length() == 0\r
245                                 || newOnboardApp.restrictedApp == null //\r
246                                 || newOnboardApp.isOpen == null //\r
247                                 || newOnboardApp.isEnabled == null) {\r
248                         portalResponse.setStatus(PortalRestStatusEnum.ERROR);\r
249                         portalResponse.setMessage(\r
250                                         "Missing required field: name, url, restUrl, restrictedApp, isOpen, isEnabled, myLoginsAppOwner");\r
251                         return portalResponse;\r
252                 }\r
253 \r
254                 try {\r
255                         List<EPUser> userList = userService.getUserByUserId(newOnboardApp.myLoginsAppOwner);\r
256                         if (userList == null || userList.size() != 1) {\r
257                                 portalResponse.setStatus(PortalRestStatusEnum.ERROR);\r
258                                 portalResponse.setMessage("Failed to find user: " + newOnboardApp.myLoginsAppOwner);\r
259                                 return portalResponse;\r
260                         }\r
261 \r
262                         EPUser epUser = userList.get(0);\r
263                         // Check for Portal admin status\r
264                         if (! adminRolesService.isSuperAdmin(epUser)) {\r
265                                 portalResponse.setStatus(PortalRestStatusEnum.ERROR);\r
266                                 portalResponse.setMessage("User lacks Portal admin role: " + epUser.getLoginId());\r
267                                 return portalResponse;                          \r
268                         }\r
269                                 \r
270                         newOnboardApp.normalize();\r
271                         FieldsValidator fv = appService.addOnboardingApp(newOnboardApp, epUser);\r
272                         if (fv.httpStatusCode.intValue() == HttpServletResponse.SC_OK) {\r
273                                 portalResponse.setStatus(PortalRestStatusEnum.OK);\r
274                         } else {\r
275                                 portalResponse.setStatus(PortalRestStatusEnum.ERROR);\r
276                                 portalResponse.setMessage(fv.toString());\r
277                         }\r
278                 } catch (Exception ex) {\r
279                         // Uncaught exceptions yield 404 and an empty error page\r
280                         response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);\r
281                         portalResponse.setStatus(PortalRestStatusEnum.ERROR);\r
282                         portalResponse.setMessage(ex.toString());\r
283                 }\r
284                 EcompPortalUtils.logAndSerializeObject(logger, "postOnboardAppExternal", "response", portalResponse);\r
285                 return portalResponse;\r
286         }\r
287 \r
288         /**\r
289          * Updates information about an on-boarded application in Portal. The My\r
290          * Logins App Owner in the request must be the organization user ID of a\r
291          * person who is a Portal administrator.\r
292          * <pre>\r
293            { \r
294                 "id" : 123,\r
295                 "myLoginsAppOwner" : "abc123",\r
296                 "name": "dashboard",\r
297                 "url": "http://k8s/something",\r
298                 "restUrl" : "http://aic.att.com",\r
299                 "restrictedApp" : true,\r
300                 "isOpen" : true,\r
301                 "isEnabled": false\r
302                 }\r
303                 </pre>\r
304          * @param request\r
305          *            HttpServletRequest\r
306          * @param response\r
307          *            httpServletResponse\r
308          * @param appId\r
309          *            application id\r
310          * @param oldOnboardApp\r
311          *            Message with details about the app to add\r
312          * @return PortalRestResponse\r
313          */\r
314         @ApiOperation(value = "Updates information about an on-boarded application in Portal.", response = PortalRestResponse.class)\r
315         @RequestMapping(value = { ONBOARD_APP + "/{appId}" }, method = RequestMethod.PUT, produces = "application/json")\r
316         @ResponseBody\r
317         public PortalRestResponse<String> putOnboardAppExternal(HttpServletRequest request, HttpServletResponse response,\r
318                         @PathVariable("appId") Long appId, @RequestBody OnboardingApp oldOnboardApp) {\r
319                 EcompPortalUtils.logAndSerializeObject(logger, "putOnboardAppExternal", "request", oldOnboardApp);\r
320                 PortalRestResponse<String> portalResponse = new PortalRestResponse<>();\r
321                 // Validate fields.\r
322                 if (oldOnboardApp.id == null || !appId.equals(oldOnboardApp.id)) {\r
323                         portalResponse.setStatus(PortalRestStatusEnum.ERROR);\r
324                         portalResponse.setMessage("Unexpected value for field: id");\r
325                         return portalResponse;\r
326                 }\r
327                 if (oldOnboardApp.name == null || oldOnboardApp.name.trim().length() == 0 //\r
328                                 || oldOnboardApp.url == null || oldOnboardApp.url.trim().length() == 0 //\r
329                                 || oldOnboardApp.restUrl == null || oldOnboardApp.restUrl.trim().length() == 0\r
330                                 || oldOnboardApp.myLoginsAppOwner == null || oldOnboardApp.myLoginsAppOwner.trim().length() == 0\r
331                                 || oldOnboardApp.restrictedApp == null //\r
332                                 || oldOnboardApp.isOpen == null //\r
333                                 || oldOnboardApp.isEnabled == null) {\r
334                         portalResponse.setStatus(PortalRestStatusEnum.ERROR);\r
335                         portalResponse.setMessage(\r
336                                         "Missing required field: name, url, restUrl, restrictedApp, isOpen, isEnabled, myLoginsAppOwner");\r
337                         return portalResponse;\r
338                 }\r
339 \r
340                 try {\r
341                         List<EPUser> userList = userService.getUserByUserId(oldOnboardApp.myLoginsAppOwner);\r
342                         if (userList == null || userList.size() != 1) {\r
343                                 portalResponse.setStatus(PortalRestStatusEnum.ERROR);\r
344                                 portalResponse.setMessage("Failed to find user: " + oldOnboardApp.myLoginsAppOwner);\r
345                                 return portalResponse;\r
346                         }\r
347 \r
348                         EPUser epUser = userList.get(0);\r
349                         // Check for Portal admin status\r
350                         if (! adminRolesService.isSuperAdmin(epUser)) {\r
351                                 portalResponse.setStatus(PortalRestStatusEnum.ERROR);\r
352                                 portalResponse.setMessage("User lacks Portal admin role: " + epUser.getLoginId());\r
353                                 return portalResponse;                          \r
354                         }\r
355 \r
356                         oldOnboardApp.normalize();\r
357                         FieldsValidator fv = appService.modifyOnboardingApp(oldOnboardApp, epUser);\r
358                         if (fv.httpStatusCode.intValue() == HttpServletResponse.SC_OK) {\r
359                                 portalResponse.setStatus(PortalRestStatusEnum.OK);\r
360                         } else {\r
361                                 portalResponse.setStatus(PortalRestStatusEnum.ERROR);\r
362                                 portalResponse.setMessage(fv.toString());\r
363                         }\r
364                 } catch (Exception ex) {\r
365                         // Uncaught exceptions yield 404 and an empty error page\r
366                         response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);\r
367                         portalResponse.setStatus(PortalRestStatusEnum.ERROR);\r
368                         portalResponse.setMessage(ex.toString());\r
369                 }\r
370                 EcompPortalUtils.logAndSerializeObject(logger, "putOnboardAppExternal", "response", portalResponse);\r
371                 return portalResponse;\r
372         }\r
373 \r
374 }\r
ARCHIVED- 2022-02-15 at the request of the project