Code Review
/
portal.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
review
|
tree
raw
|
inline
| side by side
Merge "Fix sql injection vulnerability"
[portal.git]
/
ecomp-portal-BE-common
/
src
/
main
/
java
/
org
/
onap
/
portalapp
/
portal
/
service
/
UserRolesCommonServiceImpl.java
diff --git
a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java
b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java
index
1904d8e
..
656cf9e
100644
(file)
--- a/
ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java
+++ b/
ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java
@@
-2,7
+2,7
@@
* ============LICENSE_START==========================================
* ONAP Portal
* ===================================================================
* ============LICENSE_START==========================================
* ONAP Portal
* ===================================================================
- * Copyright (C) 201
7-2018
AT&T Intellectual Property. All rights reserved.
+ * Copyright (C) 201
9
AT&T Intellectual Property. All rights reserved.
* ===================================================================
*
* Unless otherwise specified, all software contained herein is licensed
* ===================================================================
*
* Unless otherwise specified, all software contained herein is licensed
@@
-495,9
+495,13
@@
public class UserRolesCommonServiceImpl {
transaction = localSession.beginTransaction();
// Attention! All roles from remote application supposed to be
// active!
transaction = localSession.beginTransaction();
// Attention! All roles from remote application supposed to be
// active!
+
@SuppressWarnings("unchecked")
@SuppressWarnings("unchecked")
- List<EPRole> currentAppRoles = localSession
- .createQuery("from " + EPRole.class.getName() + " where appId=" + appId).list();
+ List<EPRole> currentAppRoles = localSession.createQuery("from :name where appId = :appId")
+ .setParameter("name",EPRole.class.getName())
+ .setParameter("appId",appId)
+ .list();
+
List<EPRole> obsoleteRoles = new ArrayList<EPRole>();
for (int i = 0; i < currentAppRoles.size(); i++) {
EPRole oldAppRole = currentAppRoles.get(i);
List<EPRole> obsoleteRoles = new ArrayList<EPRole>();
for (int i = 0; i < currentAppRoles.size(); i++) {
EPRole oldAppRole = currentAppRoles.get(i);
@@
-535,7
+539,10
@@
public class UserRolesCommonServiceImpl {
// Delete from fn_user_role
@SuppressWarnings("unchecked")
List<EPUserApp> userRoles = localSession.createQuery(
// Delete from fn_user_role
@SuppressWarnings("unchecked")
List<EPUserApp> userRoles = localSession.createQuery(
- "from " + EPUserApp.class.getName() + " where app.id=" + appId + " and role_id=" + roleId)
+ "from :name where app.id=:appId and role_id=:roleId")
+ .setParameter("name",EPUserApp.class.getName())
+ .setParameter("appId",appId)
+ .setParameter("roleId",roleId)
.list();
logger.debug(EELFLoggerDelegate.debugLogger, "syncAppRoles: number of userRoles to delete: " + userRoles.size());
.list();
logger.debug(EELFLoggerDelegate.debugLogger, "syncAppRoles: number of userRoles to delete: " + userRoles.size());
@@
-550,7
+557,9
@@
public class UserRolesCommonServiceImpl {
// Delete from fn_menu_functional_roles
@SuppressWarnings("unchecked")
List<FunctionalMenuRole> funcMenuRoles = localSession
// Delete from fn_menu_functional_roles
@SuppressWarnings("unchecked")
List<FunctionalMenuRole> funcMenuRoles = localSession
- .createQuery("from " + FunctionalMenuRole.class.getName() + " where roleId=" + roleId)
+ .createQuery("from :name where roleId=:roleId")
+ .setParameter("name",FunctionalMenuRole.class.getName())
+ .setParameter("roleId",roleId)
.list();
int numMenuRoles = funcMenuRoles.size();
logger.debug(EELFLoggerDelegate.debugLogger,
.list();
int numMenuRoles = funcMenuRoles.size();
logger.debug(EELFLoggerDelegate.debugLogger,
@@
-562,7
+571,9
@@
public class UserRolesCommonServiceImpl {
// so must null out the url too, to be consistent
@SuppressWarnings("unchecked")
List<FunctionalMenuRole> funcMenuRoles2 = localSession
// so must null out the url too, to be consistent
@SuppressWarnings("unchecked")
List<FunctionalMenuRole> funcMenuRoles2 = localSession
- .createQuery("from " + FunctionalMenuRole.class.getName() + " where menuId=" + menuId)
+ .createQuery("from :name where menuId=:menuId")
+ .setParameter("name",FunctionalMenuRole.class.getName())
+ .setParameter("menuId",menuId)
.list();
int numMenuRoles2 = funcMenuRoles2.size();
logger.debug(EELFLoggerDelegate.debugLogger,
.list();
int numMenuRoles2 = funcMenuRoles2.size();
logger.debug(EELFLoggerDelegate.debugLogger,
@@
-1001,11
+1012,11
@@
public class UserRolesCommonServiceImpl {
boolean epRequestValue = false;
String userId = "";
String reqMessage = "";
boolean epRequestValue = false;
String userId = "";
String reqMessage = "";
- if (newAppRolesForUser != null && newAppRolesForUser.
orgUserId
!= null) {
- userId = newAppRolesForUser.
orgUserId
.trim();
+ if (newAppRolesForUser != null && newAppRolesForUser.
getOrgUserId()
!= null) {
+ userId = newAppRolesForUser.
getOrgUserId()
.trim();
}
}
- Long appId = newAppRolesForUser.
appId
;
- List<RoleInAppForUser> roleInAppForUserList = newAppRolesForUser.
appRoles
;
+ Long appId = newAppRolesForUser.
getAppId()
;
+ List<RoleInAppForUser> roleInAppForUserList = newAppRolesForUser.
getAppRoles()
;
if (userId.length() > 0 ) {
ObjectMapper mapper = new ObjectMapper();
mapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
if (userId.length() > 0 ) {
ObjectMapper mapper = new ObjectMapper();
mapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
@@
-1014,7
+1025,7
@@
public class UserRolesCommonServiceImpl {
EPApp app = appsService.getApp(appId);
applyChangesToUserAppRolesForMyLoginsRequest(user, appId);
EPApp app = appsService.getApp(appId);
applyChangesToUserAppRolesForMyLoginsRequest(user, appId);
- boolean systemUser = newAppRolesForUser.isSystemUser;
+ boolean systemUser = newAppRolesForUser.isSystemUser
()
;
if ((app.getCentralAuth() || app.getId().equals(PortalConstants.PORTAL_APP_ID)) && systemUser) {
Set<EcompRole> userRolesInLocalApp = postUsersRolesToLocalApp(roleInAppForUserList, mapper,
if ((app.getCentralAuth() || app.getId().equals(PortalConstants.PORTAL_APP_ID)) && systemUser) {
Set<EcompRole> userRolesInLocalApp = postUsersRolesToLocalApp(roleInAppForUserList, mapper,
@@
-2056,17
+2067,18
@@
public class UserRolesCommonServiceImpl {
List<EPUserAppRoles> appRole= null;
try {
logger.error(EELFLoggerDelegate.errorLogger,"Should not be reached here, still the endpoint is yet to be defined");
List<EPUserAppRoles> appRole= null;
try {
logger.error(EELFLoggerDelegate.errorLogger,"Should not be reached here, still the endpoint is yet to be defined");
- boolean result = postUserRolesToMylogins(userAppRolesData, applicationsRestClientService, userAppRolesData.appId, user.getId());
+ boolean result = postUserRolesToMylogins(userAppRolesData, applicationsRestClientService,
+ userAppRolesData.getAppId(), user.getId());
logger.debug(EELFLoggerDelegate.debugLogger,"putUserAppRolesRequest: result {}", result);
logger.debug(EELFLoggerDelegate.debugLogger,"putUserAppRolesRequest: result {}", result);
- params.put("appId", userAppRolesData.
appId
);
+ params.put("appId", userAppRolesData.
getAppId()
);
EPUserAppRolesRequest epAppRolesRequestData = new EPUserAppRolesRequest();
epAppRolesRequestData.setCreatedDate(new Date());
epAppRolesRequestData.setUpdatedDate(new Date());
epAppRolesRequestData.setUserId(user.getId());
EPUserAppRolesRequest epAppRolesRequestData = new EPUserAppRolesRequest();
epAppRolesRequestData.setCreatedDate(new Date());
epAppRolesRequestData.setUpdatedDate(new Date());
epAppRolesRequestData.setUserId(user.getId());
- epAppRolesRequestData.setAppId(userAppRolesData.
appId
);
+ epAppRolesRequestData.setAppId(userAppRolesData.
getAppId()
);
epAppRolesRequestData.setRequestStatus("P");
epAppRolesRequestData.setRequestStatus("P");
- List<RoleInAppForUser> appRoleIdList = userAppRolesData.
appRoles
;
+ List<RoleInAppForUser> appRoleIdList = userAppRolesData.
getAppRoles()
;
Set<EPUserAppRolesRequestDetail> appRoleDetails = new LinkedHashSet<EPUserAppRolesRequestDetail>();
dataAccessService.saveDomainObject(epAppRolesRequestData, null);
for (RoleInAppForUser userAppRoles : appRoleIdList) {
Set<EPUserAppRolesRequestDetail> appRoleDetails = new LinkedHashSet<EPUserAppRolesRequestDetail>();
dataAccessService.saveDomainObject(epAppRolesRequestData, null);
for (RoleInAppForUser userAppRoles : appRoleIdList) {