/*- * ================================================================================ * ECOMP Portal * ================================================================================ * Copyright (C) 2017 AT&T Intellectual Property * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * ================================================================================ */ package org.openecomp.portalapp.portal.service; import java.util.ArrayList; import java.util.Arrays; import java.util.Collection; import java.util.HashMap; import java.util.HashSet; import java.util.List; import java.util.Set; import java.util.TreeSet; import javax.annotation.PostConstruct; import org.apache.commons.lang.StringUtils; import org.apache.cxf.transport.http.HTTPException; import org.hibernate.Query; import org.hibernate.Session; import org.hibernate.SessionFactory; import org.hibernate.Transaction; import org.openecomp.portalapp.portal.domain.EPApp; import org.openecomp.portalapp.portal.domain.EPRole; import org.openecomp.portalapp.portal.domain.EPUser; import org.openecomp.portalapp.portal.domain.EPUserApp; import org.openecomp.portalapp.portal.logging.aop.EPMetricsLog; import org.openecomp.portalapp.portal.logging.format.EPAppMessagesEnum; import org.openecomp.portalapp.portal.logging.logic.EPLogUtil; import org.openecomp.portalapp.portal.transport.AppWithRolesForUser; import org.openecomp.portalapp.portal.transport.FunctionalMenuItem; import org.openecomp.portalapp.portal.transport.FunctionalMenuRole; import org.openecomp.portalapp.portal.transport.RemoteUserWithRoles; import org.openecomp.portalapp.portal.transport.RoleInAppForUser; import org.openecomp.portalapp.portal.transport.RolesInAppForUser; import org.openecomp.portalapp.portal.transport.UserApplicationRoles; import org.openecomp.portalapp.portal.utils.EPSystemProperties; import org.openecomp.portalapp.portal.utils.EcompPortalUtils; import org.openecomp.portalsdk.core.logging.logic.EELFLoggerDelegate; import org.openecomp.portalsdk.core.restful.domain.EcompRole; import org.openecomp.portalsdk.core.service.DataAccessService; import org.openecomp.portalsdk.core.service.UserProfileService; import org.openecomp.portalsdk.core.util.SystemProperties; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.EnableAspectJAutoProxy; import org.springframework.stereotype.Service; import org.springframework.transaction.annotation.Transactional; import com.fasterxml.jackson.core.JsonProcessingException; import com.fasterxml.jackson.databind.DeserializationFeature; import com.fasterxml.jackson.databind.ObjectMapper; @Service("userRolesService") @Transactional @org.springframework.context.annotation.Configuration @EnableAspectJAutoProxy @EPMetricsLog public class UserRolesServiceImpl implements UserRolesService { private static Long ACCOUNT_ADMIN_ROLE_ID = 999L; private static EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(UserRolesServiceImpl.class); @Autowired private SessionFactory sessionFactory; @Autowired private DataAccessService dataAccessService; @Autowired SearchService searchService; @Autowired EPAppService appsService; @Autowired EPLdapService ldapService; @Autowired ApplicationsRestClientService applicationsRestClientService; @Autowired EPRoleService epRoleService; @Autowired UserProfileService userProfileService; @PostConstruct private void init() { try { ACCOUNT_ADMIN_ROLE_ID = Long .valueOf(SystemProperties.getProperty(EPSystemProperties.ACCOUNT_ADMIN_ROLE_ID)); } catch (Exception e) { logger.error(EELFLoggerDelegate.errorLogger, EcompPortalUtils.getStackTrace(e)); } } private static HashMap hashMapFromEcompRoles(EcompRole[] ecompRoles) { HashMap result = new HashMap(); if (ecompRoles != null) { for (int i = 0; i < ecompRoles.length; i++) { if (ecompRoles[i].getId() != null) { result.put(ecompRoles[i].getId(), ecompRoles[i]); } } } return result; } private void createLocalUserIfNecessary(String orgUserId) { if (StringUtils.isEmpty(orgUserId)) { logger.error(EELFLoggerDelegate.errorLogger, "createLocalUserIfNecessary : empty orgUserId!"); return; } Session localSession = null; Transaction transaction = null; try { localSession = sessionFactory.openSession(); transaction = localSession.beginTransaction(); @SuppressWarnings("unchecked") List userList = localSession .createQuery("from " + EPUser.class.getName() + " where org_user_id='" + orgUserId + "'").list(); if (userList.size() == 0) { EPUser client = searchService.searchUserByUserId(orgUserId); if (client == null) { String msg = "cannot create user " + orgUserId + ", because he cannot be found in phonebook"; logger.error(EELFLoggerDelegate.errorLogger, msg); } else { client.setLoginId(orgUserId); client.setActive(true); localSession.save(client); } } transaction.commit(); } catch (Exception e) { EPLogUtil.logEcompError(EPAppMessagesEnum.BeDaoSystemError); EcompPortalUtils.rollbackTransaction(transaction, "searchOrCreateUser rollback, exception = " + e); } finally { EcompPortalUtils.closeLocalSession(localSession, "searchOrCreateUser"); } } private static void syncUserRoles(SessionFactory sessionFactory, String orgUserId, Long appId, EcompRole[] userAppRoles) throws Exception { HashMap newUserAppRolesMap = hashMapFromEcompRoles(userAppRoles); boolean result = false; Session localSession = null; Transaction transaction = null; try { localSession = sessionFactory.openSession(); transaction = localSession.beginTransaction(); @SuppressWarnings("unchecked") List userList = localSession .createQuery("from " + EPUser.class.getName() + " where org_user_id='" + orgUserId + "'").list(); if (userList.size() > 0) { EPUser client = userList.get(0); @SuppressWarnings("unchecked") List userRoles = localSession.createQuery("from " + EPUserApp.class.getName() + " where app.id=" + appId + " and userId=" + client.getId()).list(); for (EPUserApp userRole : userRoles) { if (!userRole.getRoleId().equals(ACCOUNT_ADMIN_ROLE_ID)) { Long userAppRoleId = userRole.getAppRoleId(); if (!newUserAppRolesMap.containsKey(userAppRoleId)) { localSession.delete(userRole); } else { newUserAppRolesMap.remove(userAppRoleId); } } } Collection newRolesToAdd = newUserAppRolesMap.values(); if (newRolesToAdd.size() > 0) { EPApp app = (EPApp) localSession.get(EPApp.class, appId); @SuppressWarnings("unchecked") List roles = localSession .createQuery("from " + EPRole.class.getName() + " where appId=" + appId).list(); HashMap rolesMap = new HashMap(); for (EPRole role : roles) { rolesMap.put(role.getAppRoleId(), role); } for (EcompRole userRole : newRolesToAdd) { EPUserApp userApp = new EPUserApp(); userApp.setUserId(client.getId()); userApp.setApp(app); userApp.setRole(rolesMap.get(userRole.getId())); localSession.save(userApp); } } } transaction.commit(); result = true; } catch (Exception e) { EPLogUtil.logEcompError(EPAppMessagesEnum.BeDaoSystemError); EcompPortalUtils.rollbackTransaction(transaction, "Exception occurred in syncUserRoles, Details: " + EcompPortalUtils.getStackTrace(e)); } finally { localSession.close(); if (!result) { throw new Exception( "Exception occurred in syncUserRoles while closing database session for app: '" + appId + "'."); } } } // Called when getting the list of roles for the user private List constructRolesInAppForUserGet(EcompRole[] appRoles, EcompRole[] userAppRoles) { List rolesInAppForUser = new ArrayList(); Set userAppRolesMap = new HashSet(); if (userAppRoles != null) { for (EcompRole ecompRole : userAppRoles) { userAppRolesMap.add(ecompRole.getId()); } } else { String message = String .format("UserRolesServiceImpl.constructRolesInAppForUserGet has received userAppRoles list empty."); logger.info(EELFLoggerDelegate.errorLogger, message); } if (appRoles != null) { for (EcompRole ecompRole : appRoles) { RoleInAppForUser roleForUser = new RoleInAppForUser(ecompRole.getId(), ecompRole.getName()); roleForUser.isApplied = userAppRolesMap.contains(ecompRole.getId()); rolesInAppForUser.add(roleForUser); } } else { String message = String .format("UserRolesServiceImpl.constructRolesInAppForUser has received appRoles list empty."); logger.info(EELFLoggerDelegate.errorLogger, message); } return rolesInAppForUser; } public List getAppRolesForUser(Long appId, String orgUserId) { List rolesInAppForUser = null; try { EcompRole[] appRoles = applicationsRestClientService.get(EcompRole[].class, appId, "/roles"); // Test this error case, for generating an internal Ecomp Portal // error // EcompRole[] appRoles = null; // If there is an exception in the rest client api, then null will // be returned. if (appRoles != null) { syncAppRoles(sessionFactory, appId, appRoles); EcompRole[] userAppRoles; try { userAppRoles = applicationsRestClientService.get(EcompRole[].class, appId, String.format("/user/%s/roles", orgUserId)); if (userAppRoles == null) { if (EcompPortalUtils.getExternalAppResponseCode() == 400) { EcompPortalUtils.setExternalAppResponseCode(200); logger.error(EELFLoggerDelegate.errorLogger, "400 returned from /user/{userid}/roles, assuming user doesn't exist, app is framework SDK based, and things are ok. Overriding to 200 until framework SDK returns a useful response."); logger.debug(EELFLoggerDelegate.debugLogger, "400 returned from /user/{userid}/roles, assuming user doesn't exist, app is framework SDK based, and things are ok. Overriding to 200 until framework SDK returns a useful response."); } } // If the remote application isn't down we MUST to sync user // roles here in case we have this user here! syncUserRoles(sessionFactory, orgUserId, appId, userAppRoles); } catch (Exception e) { // TODO: we may need to check if user exists, maybe remote // app is down. logger.error(EELFLoggerDelegate.errorLogger, EcompPortalUtils.getStackTrace(e)); logger.error(EELFLoggerDelegate.errorLogger, "LR: user " + orgUserId + " does not exist in remote application: " + appId + "."); userAppRoles = new EcompRole[0]; } rolesInAppForUser = constructRolesInAppForUserGet(appRoles, userAppRoles); // Test this error case, for generating an external app error // EcompPortalUtils.setResponseCode(404); } } catch (Exception e) { String message = String.format( "Received an exception while performing getAppRolesForUser for the User %s, and for the AppId %s, Details: %s", orgUserId, Long.toString(appId), EcompPortalUtils.getStackTrace(e)); logger.error(EELFLoggerDelegate.errorLogger, message); } return rolesInAppForUser; } // copies of methods in GetAppsWithUserRoleState private void syncAppRoles(SessionFactory sessionFactory, Long appId, EcompRole[] appRoles) throws Exception { logger.debug(EELFLoggerDelegate.debugLogger, "entering syncAppRoles for appId: " + appId); HashMap newRolesMap = hashMapFromEcompRoles(appRoles); boolean result = false; Session localSession = null; Transaction transaction = null; try { localSession = sessionFactory.openSession(); transaction = localSession.beginTransaction(); // Attention! All roles from remote application supposed to be // active! @SuppressWarnings("unchecked") List currentAppRoles = localSession .createQuery("from " + EPRole.class.getName() + " where appId=" + appId).list(); List obsoleteRoles = new ArrayList(); for (int i = 0; i < currentAppRoles.size(); i++) { EPRole oldAppRole = currentAppRoles.get(i); if (oldAppRole.getAppRoleId() != null) { EcompRole role = null; role = newRolesMap.get(oldAppRole.getAppRoleId()); if (role != null) { if (!(role.getName() == null || oldAppRole.getName().equals(role.getName()))) { oldAppRole.setName(role.getName()); localSession.update(oldAppRole); } newRolesMap.remove(oldAppRole.getAppRoleId()); } else { obsoleteRoles.add(oldAppRole); } } else { obsoleteRoles.add(oldAppRole); } } Collection newRolesToAdd = newRolesMap.values(); for (EcompRole role : newRolesToAdd) { logger.debug(EELFLoggerDelegate.debugLogger, "about to add missing role: " + role.toString()); EPRole newRole = new EPRole(); // Attention! All roles from remote application supposed to be // active! newRole.setActive(true); newRole.setName(role.getName()); newRole.setAppId(appId); newRole.setAppRoleId(role.getId()); localSession.save(newRole); } if (obsoleteRoles.size() > 0) { logger.debug(EELFLoggerDelegate.debugLogger, "we have obsolete roles to delete"); for (EPRole role : obsoleteRoles) { logger.debug(EELFLoggerDelegate.debugLogger, "obsolete role: " + role.toString()); Long roleId = role.getId(); // delete obsolete roles here // Must delete all records with foreign key constraints on // fn_role: // fn_user_role, fn_role_composite, fn_role_function, // fn_user_pseudo_role, fn_menu_functional_roles. // And for fn_menu_functional, if no other roles for that // menu item, remove the url. // Delete from fn_user_role @SuppressWarnings("unchecked") List userRoles = localSession.createQuery( "from " + EPUserApp.class.getName() + " where app.id=" + appId + " and role_id=" + roleId) .list(); logger.debug(EELFLoggerDelegate.debugLogger, "number of userRoles to delete: " + userRoles.size()); for (EPUserApp userRole : userRoles) { logger.debug(EELFLoggerDelegate.debugLogger, "about to delete userRole: " + userRole.toString()); localSession.delete(userRole); logger.debug(EELFLoggerDelegate.debugLogger, "finished deleting userRole: " + userRole.toString()); } // Delete from fn_menu_functional_roles @SuppressWarnings("unchecked") List funcMenuRoles = localSession .createQuery("from " + FunctionalMenuRole.class.getName() + " where roleId=" + roleId) .list(); int numMenuRoles = funcMenuRoles.size(); logger.debug(EELFLoggerDelegate.debugLogger, "number of funcMenuRoles for roleId: " + roleId + ": " + numMenuRoles); for (FunctionalMenuRole funcMenuRole : funcMenuRoles) { Long menuId = funcMenuRole.menuId; // If this is the only role for this menu item, then the // app and roles will be gone, // so must null out the url too, to be consistent @SuppressWarnings("unchecked") List funcMenuRoles2 = localSession .createQuery("from " + FunctionalMenuRole.class.getName() + " where menuId=" + menuId) .list(); int numMenuRoles2 = funcMenuRoles2.size(); logger.debug(EELFLoggerDelegate.debugLogger, "number of funcMenuRoles for menuId: " + menuId + ": " + numMenuRoles2); localSession.delete(funcMenuRole); if (numMenuRoles2 == 1) { // If this is the only role for this menu item, then // the app and roles will be gone, // so must null out the url too, to be consistent logger.debug(EELFLoggerDelegate.debugLogger, "There is exactly 1 menu item for this role, so emptying the url"); @SuppressWarnings("unchecked") List funcMenuItems = localSession .createQuery( "from " + FunctionalMenuItem.class.getName() + " where menuId=" + menuId) .list(); if (funcMenuItems.size() > 0) { logger.debug(EELFLoggerDelegate.debugLogger, "got the menu item"); FunctionalMenuItem funcMenuItem = funcMenuItems.get(0); funcMenuItem.url = ""; localSession.update(funcMenuItem); } } } // Delete from fn_role_function String sql = "DELETE FROM fn_role_function WHERE role_id=" + roleId; logger.debug(EELFLoggerDelegate.debugLogger, "Executing query: " + sql); Query query = localSession.createSQLQuery(sql); query.executeUpdate(); // Delete from fn_role_composite sql = "DELETE FROM fn_role_composite WHERE parent_role_id=" + roleId + " OR child_role_id=" + roleId; logger.debug(EELFLoggerDelegate.debugLogger, "Executing query: " + sql); query = localSession.createSQLQuery(sql); query.executeUpdate(); // Delete from fn_user_pseudo_role sql = "DELETE FROM fn_user_pseudo_role WHERE pseudo_role_id=" + roleId; logger.debug(EELFLoggerDelegate.debugLogger, "Executing query: " + sql); query = localSession.createSQLQuery(sql); query.executeUpdate(); logger.debug(EELFLoggerDelegate.debugLogger, "about to delete the role: " + role.toString()); localSession.delete(role); logger.debug(EELFLoggerDelegate.debugLogger, "deleted the role"); } } logger.debug(EELFLoggerDelegate.debugLogger, "about to commit the transaction"); transaction.commit(); logger.debug(EELFLoggerDelegate.debugLogger, "committed the transaction"); result = true; } catch (Exception e) { EPLogUtil.logEcompError(EPAppMessagesEnum.BeDaoSystemError); EcompPortalUtils.rollbackTransaction(transaction, "Exception occurred in syncAppRoles, Details: " + EcompPortalUtils.getStackTrace(e)); } finally { localSession.close(); if (!result) { throw new Exception( "Exception occurred in syncAppRoles while closing database session for app: '" + appId + "'."); } } } // Called when updating the list of roles for the user private RolesInAppForUser constructRolesInAppForUserUpdate(String orgUserId, Long appId, Set userRolesInRemoteApp) { RolesInAppForUser result; result = new RolesInAppForUser(); result.appId = appId; result.orgUserId = orgUserId; for (EcompRole role : userRolesInRemoteApp) { RoleInAppForUser roleInAppForUser = new RoleInAppForUser(); roleInAppForUser.roleId = role.getId(); roleInAppForUser.roleName = role.getName(); roleInAppForUser.isApplied = new Boolean(true); result.roles.add(roleInAppForUser); } return result; } private EPUser getUserFromRemoteApp(String orgUserId, EPApp app, ApplicationsRestClientService applicationsRestClientService) throws HTTPException { EPUser user = applicationsRestClientService.get(EPUser.class, app.getId(), String.format("/user/%s", orgUserId)); return user; } private boolean remoteUserShouldBeCreated(List roleInAppForUserList) { for (RoleInAppForUser roleInAppForUser : roleInAppForUserList) { if (roleInAppForUser.isApplied.booleanValue()) { return true; } } return false; } private Set postUsersRolesToRemoteApp(List roleInAppForUserList, ObjectMapper mapper, ApplicationsRestClientService applicationsRestClientService, Long appId, String orgUserId) throws JsonProcessingException, HTTPException { Set updatedUserRoles = constructUsersEcompRoles(roleInAppForUserList); String userRolesAsString = mapper.writeValueAsString(updatedUserRoles); applicationsRestClientService.post(EcompRole.class, appId, userRolesAsString, String.format("/user/%s/roles", orgUserId)); // TODO: We should add code that verifies that the post operation did // succeed. Because the SDK may still return 200 OK with an html page // even when it fails! return updatedUserRoles; } private Set constructUsersEcompRoles(List roleInAppForUserList) { Set existingUserRoles = new TreeSet(); for (RoleInAppForUser roleInAppForUser : roleInAppForUserList) { if (roleInAppForUser.isApplied) { EcompRole ecompRole = new EcompRole(); ecompRole.setId(roleInAppForUser.roleId); ecompRole.setName(roleInAppForUser.roleName); existingUserRoles.add(ecompRole); } } return existingUserRoles; } private static void createNewUserOnRemoteApp(String orgUserId, EPApp app, ApplicationsRestClientService applicationsRestClientService, SearchService searchService, ObjectMapper mapper) throws Exception { EPUser client = searchService.searchUserByUserId(orgUserId); if (client == null) { String msg = "cannot create user " + orgUserId + ", because he/she cannot be found in phonebook."; logger.error(EELFLoggerDelegate.errorLogger, msg); throw new Exception(msg); } client.setLoginId(orgUserId); client.setActive(true); // The remote doesn't care about other apps, and this has caused // serialization problems - infinite recursion. client.getEPUserApps().clear(); mapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false); String userAsString = mapper.writeValueAsString(client); logger.debug(EELFLoggerDelegate.debugLogger, "about to post new client to remote application, users json = " + userAsString); applicationsRestClientService.post(EPUser.class, app.getId(), userAsString, String.format("/user", orgUserId)); } public String updateRemoteUserProfile(String orgUserId, Long appId) { ObjectMapper mapper = new ObjectMapper(); mapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false); EPUser client = searchService.searchUserByUserId(orgUserId); EPUser newUser = new EPUser(); newUser.setActive(client.getActive()); newUser.setFirstName(client.getFirstName()); newUser.setLastName(client.getLastName()); newUser.setLoginId(client.getLoginId()); newUser.setLoginPwd(client.getLoginPwd()); newUser.setMiddleInitial(client.getMiddleInitial()); newUser.setEmail(client.getEmail()); newUser.setOrgUserId(client.getLoginId()); try { String userAsString = mapper.writeValueAsString(newUser); List appList = appsService.getUserRemoteApps(client.getId().toString()); // applicationsRestClientService.post(EPUser.class, appId, // userAsString, String.format("/user", orgUserId)); for (EPApp eachApp : appList) { try { applicationsRestClientService.post(EPUser.class, eachApp.getId(), userAsString, String.format("/user/%s", orgUserId)); } catch (Exception e) { logger.error(EELFLoggerDelegate.errorLogger, "Failed to update user: " + client.getOrgUserId() + " in remote app. appId = " + eachApp.getId()); } } } catch (Exception e) { // TODO Auto-generated catch block e.printStackTrace(); return "failure"; } return "success"; } private static final Object syncRests = new Object(); @Override public boolean setAppWithUserRoleStateForUser(EPUser user, AppWithRolesForUser newAppRolesForUser) { boolean result = false; String orgUserId = ""; if (newAppRolesForUser != null && newAppRolesForUser.orgUserId != null) { orgUserId = newAppRolesForUser.orgUserId.trim(); } Long appId = newAppRolesForUser.appId; List roleInAppForUserList = newAppRolesForUser.appRoles; if (orgUserId.length() > 0) { ObjectMapper mapper = new ObjectMapper(); mapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false); try { EPApp app = appsService.getApp(appId); EPUser remoteAppUser = getUserFromRemoteApp(orgUserId, app, applicationsRestClientService); if (remoteAppUser == null) { if (remoteUserShouldBeCreated(roleInAppForUserList)) { createNewUserOnRemoteApp(orgUserId, app, applicationsRestClientService, searchService, mapper); // If we succeed, we know that the new user was // persisted on remote app. remoteAppUser = getUserFromRemoteApp(orgUserId, app, applicationsRestClientService); if (remoteAppUser == null) { logger.error(EELFLoggerDelegate.errorLogger, "Failed to persist new user: " + orgUserId + " in remote app. appId = " + appId); // return null; } } } if (remoteAppUser != null) { Set userRolesInRemoteApp = postUsersRolesToRemoteApp(roleInAppForUserList, mapper, applicationsRestClientService, appId, orgUserId); RolesInAppForUser rolesInAppForUser = constructRolesInAppForUserUpdate(orgUserId, appId, userRolesInRemoteApp); result = applyChangesInUserRolesForAppToEcompDB(rolesInAppForUser); } } catch (Exception e) { String message = String.format( "Failed to create user or update user roles for the User %s, and for the AppId %s, Details: %s", orgUserId, Long.toString(appId), EcompPortalUtils.getStackTrace(e)); logger.error(EELFLoggerDelegate.errorLogger, message); result = false; } } return result; } // This is for a single app private boolean applyChangesInUserRolesForAppToEcompDB(RolesInAppForUser rolesInAppForUser) { boolean result = false; String orgUserId = rolesInAppForUser.orgUserId; Long appId = rolesInAppForUser.appId; synchronized (syncRests) { if (rolesInAppForUser != null) { createLocalUserIfNecessary(orgUserId); } if (rolesInAppForUser != null) { EcompRole[] userAppRoles = new EcompRole[rolesInAppForUser.roles.size()]; for (int i = 0; i < rolesInAppForUser.roles.size(); i++) { RoleInAppForUser roleInAppForUser = rolesInAppForUser.roles.get(i); EcompRole role = new EcompRole(); role.setId(roleInAppForUser.roleId); role.setName(roleInAppForUser.roleName); userAppRoles[i] = role; } try { syncUserRoles(sessionFactory, orgUserId, appId, userAppRoles); result = true; } catch (Exception e) { logger.error(EELFLoggerDelegate.errorLogger, "applyChangesInUserRolesForAppToEcompDB syncUserRoles, orgUserId = " + orgUserId); logger.error(EELFLoggerDelegate.errorLogger, EcompPortalUtils.getStackTrace(e)); } } } return result; } @Override public List getUsersFromAppEndpoint(Long appId) throws HTTPException { RemoteUserWithRoles[] remoteUsers = applicationsRestClientService.get(RemoteUserWithRoles[].class, appId, "/users"); ArrayList userApplicationRoles = new ArrayList(); for (RemoteUserWithRoles remoteUser : remoteUsers) { UserApplicationRoles userWithRemoteAppRoles = convertToUserApplicationRoles(appId, remoteUser); if(userWithRemoteAppRoles.getRoles()!=null && userWithRemoteAppRoles.getRoles().size()>0) { userApplicationRoles.add(userWithRemoteAppRoles); } else { logger.debug(EELFLoggerDelegate.debugLogger, "User " + userWithRemoteAppRoles.getOrgUserId() + " doesn't have any roles assigned to any app."); } } return userApplicationRoles; } private UserApplicationRoles convertToUserApplicationRoles(Long appId, RemoteUserWithRoles remoteUser) { UserApplicationRoles userWithRemoteAppRoles = new UserApplicationRoles(); userWithRemoteAppRoles.setAppId(appId); userWithRemoteAppRoles.setOrgUserId(remoteUser.getLoginId()); userWithRemoteAppRoles.setFirstName(remoteUser.getFirstName()); userWithRemoteAppRoles.setLastName(remoteUser.getLastName()); userWithRemoteAppRoles.setRoles(remoteUser.getRoles()); return userWithRemoteAppRoles; } public static void persistExternalRoleInEcompDb(EPRole externalAppRole, Long appId, EPRoleService roleService) { externalAppRole.setAppId(appId); externalAppRole.setAppRoleId(externalAppRole.getId()); externalAppRole.setId(null); // We will persist a new role, with ecomp // role id which will be different than // external app role id. roleService.saveRole(externalAppRole); logger.debug(EELFLoggerDelegate.debugLogger, String.format("ECOMP persists role from app:%d, app roleId: %d, roleName: %s", appId, externalAppRole.getAppRoleId(), externalAppRole.getName())); } @Override public List importRolesFromRemoteApplication(Long appId) throws HTTPException { EPRole[] appRolesFull = applicationsRestClientService.get(EPRole[].class, appId, "/rolesFull"); List rolesList = Arrays.asList(appRolesFull); for (EPRole externalAppRole : rolesList) { // Try to find an existing extern role for the app in the local // ecomp DB. If so, then use its id to update the existing external // application role record. Long externAppId = externalAppRole.getId(); EPRole existingAppRole = epRoleService.getRole(appId, externAppId); if (existingAppRole != null) { logger.debug(EELFLoggerDelegate.debugLogger, String.format("ecomp role already exists for app=%s; appRoleId=%s. No need to import this one.", appId, externAppId)); continue; } // persistExternalRoleInEcompDb(externalAppRole, appId, // roleService); } return rolesList; } @Override public List getCachedAppRolesForUser(Long appId, Long userId) { // Find the records for this user-app combo, if any String filter = " where user_id = " + Long.toString(userId) + " and app_id = " + Long.toString(appId); @SuppressWarnings("unchecked") List roleList = dataAccessService.getList(EPUserApp.class, filter, null, null); logger.debug(EELFLoggerDelegate.debugLogger, "getCachedAppRolesForUser: list size is {}", roleList.size()); return roleList; } }