+
+ @SuppressWarnings("unchecked")
+ private void updateUserRolesInExternalSystem(EPApp app, String orgUserId, List<RoleInAppForUser> roleInAppUser)
+ {
+ try{
+ //check if user exists
+ final Map<String, String> userParams = new HashMap<>();
+ userParams.put("orgUserIdValue", orgUserId);
+ List<EPUser> userInfo = checkIfUserExists(userParams);
+ if (userInfo.size() == 0 || userInfo.isEmpty()) {
+ createLocalUserIfNecessary(orgUserId);
+ }
+ final Map<String, String> loginIdParams = new HashMap<>();
+ loginIdParams.put("orgUserIdValue", orgUserId);
+ EPUser user = (EPUser) dataAccessService.executeNamedQuery("epUserAppId", loginIdParams, null).get(0);
+ String name = "";
+ if (EPCommonSystemProperties.containsProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_USER_DOMAIN)) {
+ name = orgUserId
+ + SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_USER_DOMAIN);
+ }
+ ObjectMapper mapper = new ObjectMapper();
+ HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth() ;
+ HttpEntity<String> getUserRolesEntity = new HttpEntity<>(headers);
+ logger.debug(EELFLoggerDelegate.debugLogger, "Connecting to external system to get current user roles");
+ ResponseEntity<String> getResponse = template
+ .exchange(SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL)
+ + "roles/user/" + name, HttpMethod.GET, getUserRolesEntity, String.class);
+ if(getResponse.getStatusCode().value() == 200){
+ logger.debug(EELFLoggerDelegate.debugLogger, "Connected to external system and received user roles: ", getResponse.getBody());
+
+ }
+ List<ExternalAccessUserRoleDetail> userRoleDetailList = new ArrayList<>();
+ String res = getResponse.getBody();
+ JSONObject jsonObj = null;
+ JSONArray extRoles = null;
+ if (!res.equals("{}")) {
+ jsonObj = new JSONObject(res);
+ extRoles = jsonObj.getJSONArray("role");
+ }
+ ExternalAccessUserRoleDetail userRoleDetail = null;
+ if (extRoles != null) {
+ for (int i = 0; i < extRoles.length(); i++) {
+ if (extRoles.getJSONObject(i).getString("name").startsWith(app.getNameSpace() + ".") && !extRoles.getJSONObject(i).getString("name").equals(app.getNameSpace()+".admin")
+ && !extRoles.getJSONObject(i).getString("name").equals(app.getNameSpace()+".owner")) {
+ ObjectMapper descMapper = new ObjectMapper();
+ if(extRoles.getJSONObject(i).has("description")){
+ ExternalRoleDescription desc = descMapper.readValue(
+ extRoles.getJSONObject(i).getString("description"), ExternalRoleDescription.class);
+ userRoleDetail = new ExternalAccessUserRoleDetail(extRoles.getJSONObject(i).getString("name"),
+ desc);
+ userRoleDetailList.add(userRoleDetail);
+ }else{
+ userRoleDetail = new ExternalAccessUserRoleDetail(extRoles.getJSONObject(i).getString("name"),
+ null);
+ userRoleDetailList.add(userRoleDetail);
+ }
+
+ }
+ }
+ }
+ for (ExternalAccessUserRoleDetail userRole : userRoleDetailList) {
+ HttpEntity<String> entity = new HttpEntity<>(headers);
+ template.exchange(SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL)
+ + "userRole/" + name + "/" + userRole.getName(), HttpMethod.DELETE, entity, String.class);
+ }
+ final Map<String, RoleInAppForUser> roleInAppUserMap = new HashMap<>();
+ for(RoleInAppForUser roleInAppUserNew: roleInAppUser){
+ roleInAppUserMap.put(roleInAppUserNew.getRoleName(), roleInAppUserNew);
+ }
+ final Map<String, Long> params = new HashMap<>();
+ params.put("appId", app.getId());
+ params.put("userId", user.getId());
+ List<EcompUserAppRoles> userAppList = dataAccessService.executeNamedQuery("getUserAppExistingRoles", params, null);
+ // Check if incoming request has sys admin or account admin, if exists add in external system
+ if (!roleInAppUser.isEmpty()) {
+ for (EcompUserAppRoles userApp : userAppList) {
+ if ((userApp.getRoleId().equals(PortalConstants.SYS_ADMIN_ROLE_ID)
+ || userApp.getRoleId().equals(PortalConstants.ACCOUNT_ADMIN_ROLE_ID)) && !roleInAppUserMap.containsKey(userApp.getRoleName())) {
+ RoleInAppForUser addSpecialRole = new RoleInAppForUser();
+ addSpecialRole.setIsApplied(true);
+ addSpecialRole.setRoleId(userApp.getRoleId());
+ addSpecialRole.setRoleName(userApp.getRoleName());
+ roleInAppUser.add(addSpecialRole);
+ }
+ }
+ }
+ List<RoleInAppForUser> roleInAppUserNonDupls = roleInAppUser.stream().distinct().collect(Collectors.toList());
+ for (RoleInAppForUser addRole : roleInAppUserNonDupls) {
+ ExternalAccessUser extUser = null;
+ if ((addRole.getRoleId().equals(PortalConstants.ACCOUNT_ADMIN_ROLE_ID))
+ && !app.getId().equals(PortalConstants.PORTAL_APP_ID)) {
+ try{
+ String extRole = app.getNameSpace()+"."+PortalConstants.ADMIN_ROLE.replaceAll(" ","_");
+ HttpEntity<String> entity = new HttpEntity<>(headers);
+ logger.debug(EELFLoggerDelegate.debugLogger, "Connecting to External Access system");
+ ResponseEntity<String> getRoleResponse = template.exchange(
+ SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "roles/"+extRole,
+ HttpMethod.GET, entity, String.class);
+ String extAdminRole = app.getNameSpace()+"."+PortalConstants.ADMIN_ROLE.replaceAll(" ", "_");
+ if(getRoleResponse.getBody().equals("{}")){
+ String addDesc = "{\"name\":\"" +extAdminRole+ "\"}";
+ HttpEntity<String> roleEntity = new HttpEntity<>(addDesc,headers);
+ template.exchange(
+ SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "role",
+ HttpMethod.POST, roleEntity, String.class);
+ }
+ extUser = new ExternalAccessUser(name,
+ app.getNameSpace() + "." + PortalConstants.ADMIN_ROLE.replaceAll(" ", "_"));
+ } catch(Exception e){
+ logger.error(EELFLoggerDelegate.errorLogger, "Failed to add admin role for application {} ",app.getId(),e);
+ continue;
+ }
+ } else {
+ extUser = new ExternalAccessUser(name,
+ app.getNameSpace() + "." + addRole.getRoleName().replaceAll(" ", "_"));
+ }
+ // Assign user role for an application in external access system
+ String userRole = mapper.writeValueAsString(extUser);
+ HttpEntity<String> entity = new HttpEntity<>(userRole, headers);
+ if (addRole.getIsApplied()) {
+ logger.debug(EELFLoggerDelegate.debugLogger, "Connecting to external system and adding user role",
+ addRole.getRoleName());
+ ResponseEntity<String> addResponse = template.exchange(
+ SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "userRole",
+ HttpMethod.POST, entity, String.class);
+ logger.debug(EELFLoggerDelegate.debugLogger, "Connected to external system and added user role",
+ getResponse.getBody(), addRole.getRoleName());
+ if (addResponse.getStatusCode().value() != 201) {
+ logger.debug(EELFLoggerDelegate.debugLogger,
+ "Connected to external system unable to save user role", getResponse.getBody(),
+ addRole.getRoleName());
+ throw new Exception("Failed to add user role for application");
+ }
+ }
+ }
+ }catch(Exception e){
+ logger.error(EELFLoggerDelegate.errorLogger, "Failed to add user role for application {}", app.getId(),e);
+ }
+
+ }
+