+
+ /**
+ * It adds user roles in External system and also make data consistent in both
+ * local and in External System
+ *
+ * @param app
+ * details
+ * @param orgUserId
+ * @param roleInAppUser
+ * Contains list of active roles
+ */
+ @SuppressWarnings("unchecked")
+ private void updateUserRolesInExternalSystem(EPApp app, String orgUserId, List<RoleInAppForUser> roleInAppUser,
+ boolean isPortalRequest) {
+ try {
+ // check if user exists
+ final Map<String, String> userParams = new HashMap<>();
+ userParams.put("orgUserIdValue", orgUserId);
+ List<EPUser> userInfo = checkIfUserExists(userParams);
+ if (userInfo.isEmpty()) {
+ createLocalUserIfNecessary(orgUserId);
+ }
+ String name = "";
+ if (EPCommonSystemProperties
+ .containsProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_USER_DOMAIN)) {
+ name = orgUserId
+ + SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_USER_DOMAIN);
+ }
+ ObjectMapper mapper = new ObjectMapper();
+ HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth();
+ HttpEntity<String> getUserRolesEntity = new HttpEntity<>(headers);
+ logger.debug(EELFLoggerDelegate.debugLogger, "Connecting to external system to get current user roles");
+ ResponseEntity<String> getResponse = template
+ .exchange(SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL)
+ + "roles/user/" + name, HttpMethod.GET, getUserRolesEntity, String.class);
+ if (getResponse.getStatusCode().value() == 200) {
+ logger.debug(EELFLoggerDelegate.debugLogger,
+ "updateUserRolesInExternalSystem: Finished GET user roles from external system and received user roles {}",
+ getResponse.getBody());
+
+ }
+ List<ExternalAccessUserRoleDetail> userRoleDetailList = new ArrayList<>();
+ String res = getResponse.getBody();
+ JSONObject jsonObj = null;
+ JSONArray extRoles = null;
+ if (!res.equals("{}")) {
+ jsonObj = new JSONObject(res);
+ extRoles = jsonObj.getJSONArray("role");
+ }
+ ExternalAccessUserRoleDetail userRoleDetail = null;
+ if (extRoles != null) {
+ for (int i = 0; i < extRoles.length(); i++) {
+ if (extRoles.getJSONObject(i).getString("name").startsWith(app.getNameSpace() + ".")
+ && !extRoles.getJSONObject(i).getString("name").equals(app.getNameSpace() + ".admin")
+ && !extRoles.getJSONObject(i).getString("name").equals(app.getNameSpace() + ".owner")) {
+ ObjectMapper descMapper = new ObjectMapper();
+ if (extRoles.getJSONObject(i).has("description")) {
+ ExternalRoleDescription desc = descMapper.readValue(
+ extRoles.getJSONObject(i).getString("description"), ExternalRoleDescription.class);
+ userRoleDetail = new ExternalAccessUserRoleDetail(
+ extRoles.getJSONObject(i).getString("name"), desc);
+ userRoleDetailList.add(userRoleDetail);
+ } else {
+ userRoleDetail = new ExternalAccessUserRoleDetail(
+ extRoles.getJSONObject(i).getString("name"), null);
+ userRoleDetailList.add(userRoleDetail);
+ }
+
+ }
+ }
+ }
+ // If request coming from portal not from external role approval system then we
+ // have to check if user already
+ // have account admin or system admin as GUI will not send these roles
+ if (!isPortalRequest) {
+ final Map<String, String> loginIdParams = new HashMap<>();
+ loginIdParams.put("orgUserIdValue", orgUserId);
+ EPUser user = (EPUser) dataAccessService.executeNamedQuery("epUserAppId", loginIdParams, null).get(0);
+ final Map<String, Long> params = new HashMap<>();
+ params.put("appId", app.getId());
+ params.put("userId", user.getId());
+ List<EcompUserAppRoles> userAppList = dataAccessService.executeNamedQuery("getUserAppExistingRoles",
+ params, null);
+ if (!roleInAppUser.isEmpty()) {
+ for (EcompUserAppRoles userApp : userAppList) {
+ if (userApp.getRoleId().equals(PortalConstants.SYS_ADMIN_ROLE_ID)
+ || userApp.getRoleId().equals(PortalConstants.ACCOUNT_ADMIN_ROLE_ID)) {
+ RoleInAppForUser addSpecialRole = new RoleInAppForUser();
+ addSpecialRole.setIsApplied(true);
+ addSpecialRole.setRoleId(userApp.getRoleId());
+ addSpecialRole.setRoleName(userApp.getRoleName());
+ roleInAppUser.add(addSpecialRole);
+ }
+ }
+ }
+ }
+ List<RoleInAppForUser> roleInAppUserNonDupls = roleInAppUser.stream().distinct()
+ .collect(Collectors.toList());
+ final Map<String, RoleInAppForUser> currentUserRolesToUpdate = new HashMap<>();
+ for (RoleInAppForUser roleInAppUserNew : roleInAppUser) {
+ currentUserRolesToUpdate.put(roleInAppUserNew.getRoleName(), roleInAppUserNew);
+ }
+ final Map<String, ExternalAccessUserRoleDetail> currentUserRolesInExternalSystem = new HashMap<>();
+ for (ExternalAccessUserRoleDetail extAccessUserRole : userRoleDetailList) {
+ currentUserRolesInExternalSystem.put(extAccessUserRole.getName(), extAccessUserRole);
+ }
+ // Check if roles does not exists in local but still there in External Central
+ // Auth System delete them all
+ for (ExternalAccessUserRoleDetail userRole : userRoleDetailList) {
+ if (!(currentUserRolesToUpdate
+ .containsKey(userRole.getName().substring(app.getNameSpace().length() + 1).replaceAll("_", " "))
+ || currentUserRolesToUpdate
+ .containsKey(userRole.getName().substring(app.getNameSpace().length() + 1)))) {
+ HttpEntity<String> entity = new HttpEntity<>(headers);
+ logger.debug(EELFLoggerDelegate.debugLogger,
+ "updateUserRolesInExternalSystem: Connecting to external system to DELETE user role {}",
+ userRole);
+ ResponseEntity<String> deleteResponse = template.exchange(
+ SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL)
+ + "userRole/" + name + "/" + userRole.getName(),
+ HttpMethod.DELETE, entity, String.class);
+ logger.debug(EELFLoggerDelegate.debugLogger,
+ "updateUserRolesInExternalSystem: Finished DELETE operation in external system for user role {} and the response is {}",
+ userRole, deleteResponse.getBody());
+ }
+ }
+ // Check if user roles does not exists in External Central Auth System add them
+ // all
+ for (RoleInAppForUser addUserRole : roleInAppUserNonDupls) {
+ if (!(currentUserRolesInExternalSystem
+ .containsKey(app.getNameSpace() + "." + addUserRole.getRoleName().replaceAll(" ", "_")))) {
+ ExternalAccessUser extUser = new ExternalAccessUser(name,
+ app.getNameSpace() + "." + addUserRole.getRoleName().replaceAll(" ", "_"));
+ String formattedUserRole = mapper.writeValueAsString(extUser);
+ HttpEntity<String> entity = new HttpEntity<>(formattedUserRole, headers);
+ logger.debug(EELFLoggerDelegate.debugLogger,
+ "updateUserRolesInExternalSystem: Connecting to external system and adding user role",
+ addUserRole.getRoleName());
+ ResponseEntity<String> addResponse = template
+ .exchange(SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL)
+ + "userRole", HttpMethod.POST, entity, String.class);
+ logger.debug(EELFLoggerDelegate.debugLogger,
+ "updateUserRolesInExternalSystem: Finished adding user role in external system {} and added user role {}",
+ getResponse.getBody(), addUserRole.getRoleName());
+ if (addResponse.getStatusCode().value() != 201 && addResponse.getStatusCode().value() != 404) {
+ logger.debug(EELFLoggerDelegate.debugLogger,
+ "Finished POST operation in external system but unable to save user role",
+ getResponse.getBody(), addUserRole.getRoleName());
+ throw new Exception(addResponse.getBody());
+ }
+ }
+ }
+ } catch (Exception e) {
+ logger.error(EELFLoggerDelegate.errorLogger,
+ "updateUserRolesInExternalSystem: Failed to add user role for application {} due to {}",
+ app.getId(), e);
+ }
+
+ }
+