+ updateUserRolesInExternalSystem(app, rolesInAppForUser.getOrgUserId(),
+ roleAppUserList,
+ epRequestValue, systemUser, rolesGotDeletedByApprover, false);
+ }
+ result = applyChangesInUserRolesForAppToEcompDB(rolesInAppForUser, epRequestValue,
+ "Portal",
+ systemUser, rolesGotDeletedByApprover, false);
+
+ } else if (!app.getAuthCentral() && systemUser) {
+ throw new Exception("For non-centralized application we cannot add systemUser");
+ } else { // if centralized app
+ if (app.getAuthCentral()) {
+ if (!app.getId().equals(PortalConstants.PORTAL_APP_ID)) {
+ pushRemoteUser(roleInAppForUserList, userId, app, mapper,
+ applicationsRestClientService, false);
+ }
+
+ Set<EcompRole> userRolesInLocalApp = postUsersRolesToLocalApp(
+ roleInAppForUserList);
+ RolesInAppForUser rolesInAppForUser = constructRolesInAppForUserUpdate(userId,
+ appId,
+ userRolesInLocalApp);
+ List<RoleInAppForUser> roleAppUserList = rolesInAppForUser.getRoles();
+ if (EcompPortalUtils.checkIfRemoteCentralAccessAllowed()) {
+
+ // Apply changes in external Access system
+ updateUserRolesInExternalSystem(app, rolesInAppForUser.getOrgUserId(),
+ roleAppUserList,
+ epRequestValue, false, rolesGotDeletedFromApprover,
+ checkIfUserIsOnlyRoleAdmin);
+ }
+ result = applyChangesInUserRolesForAppToEcompDB(rolesInAppForUser,
+ epRequestValue, "Portal", systemUser, rolesGotDeletedFromApprover,
+ checkIfUserIsOnlyRoleAdmin);
+ }
+ // In case if portal is not centralized then follow existing approach
+ else if (!app.getAuthCentral() && app.getId()
+ .equals(PortalConstants.PORTAL_APP_ID)) {
+ Set<EcompRole> userRolesInLocalApp = postUsersRolesToLocalApp(
+ roleInAppForUserList);
+ RolesInAppForUser rolesInAppForUser = constructRolesInAppForUserUpdate(userId,
+ appId,
+ userRolesInLocalApp);
+ Set<EcompRole> rolesGotDeletedByApprover = new TreeSet<>();
+ result = applyChangesInUserRolesForAppToEcompDB(rolesInAppForUser,
+ epRequestValue, "Portal", false, rolesGotDeletedByApprover, false);
+ } else {// remote app
+ FnUser remoteAppUser;
+ if (!app.getAuthCentral() && !app.getId()
+ .equals(PortalConstants.PORTAL_APP_ID)) {
+
+ remoteAppUser = checkIfRemoteUserExits(userId, app,
+ applicationsRestClientService);
+
+ if (remoteAppUser == null) {
+ addRemoteUser(roleInAppForUserList, userId, app,
+ mapper, applicationsRestClientService);
+ }
+ Set<EcompRole> userRolesInRemoteApp = postUsersRolesToRemoteApp(
+ roleInAppForUserList, mapper,
+ applicationsRestClientService, appId, userId);
+ RolesInAppForUser rolesInAppForUser = constructRolesInAppForUserUpdate(
+ userId, appId,
+ userRolesInRemoteApp);
+ Set<EcompRole> rolesGotDeletedByApprover = new TreeSet<>();
+ result = applyChangesInUserRolesForAppToEcompDB(rolesInAppForUser,
+ epRequestValue, null, false, rolesGotDeletedByApprover, false);
+
+ // If no roles remain, request app to set user inactive.
+ if (userRolesInRemoteApp.size() == 0) {
+ logger.debug(EELFLoggerDelegate.debugLogger,
+ "setAppWithUserRoleStateForUser: no roles in app {}, set user {} to inactive",
+ app,
+ userId);
+ postUserToRemoteApp(userId, app,
+ applicationsRestClientService);
+ }
+ }
+ }
+ }
+ } catch (Exception e) {
+ String message = String.format(
+ "Failed to create user or update user roles for User %s, AppId %s",
+ userId, Long.toString(appId));
+ logger.error(EELFLoggerDelegate.errorLogger, message, e);
+ result = false;
+ reqMessage = e.getMessage();
+ }
+ }
+ return new ExternalRequestFieldsValidator(result, reqMessage);