* ===================================================================
* Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
* ===================================================================
+ * Modification Copyright © 2020 IBM.
+ * ===================================================================
*
* Unless otherwise specified, all software contained herein is licensed
* under the Apache License, Version 2.0 (the "License");
*
* ============LICENSE_END============================================
*
- * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+ *
*/
package org.onap.portalapp.portal.controller;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import javax.ws.rs.core.Response;
import org.json.JSONObject;
import org.onap.portalapp.controller.EPRestrictedBaseController;
import org.onap.portalapp.portal.utils.EPCommonSystemProperties;
import org.onap.portalapp.portal.utils.EcompPortalUtils;
import org.onap.portalapp.util.EPUserUtils;
+import org.onap.portalapp.validation.DataValidator;
import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
import org.onap.portalsdk.core.util.SystemProperties;
+import org.onap.portalsdk.core.web.support.UserUtils;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.EnableAspectJAutoProxy;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestBody;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.PutMapping;
+import org.springframework.web.bind.annotation.DeleteMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;
* Supports menus at the top of the Portal app landing page.
*/
@RestController
-@org.springframework.context.annotation.Configuration
+@Configuration
@EnableAspectJAutoProxy
@EPAuditLog
public class FunctionalMenuController extends EPRestrictedBaseController {
private EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(FunctionalMenuController.class);
+ private final DataValidator dataValidator = new DataValidator();
@Autowired
private AdminRolesService adminRolesService;
/**
* RESTful service method to fetch all the FunctionalMenuItems.
- *
+ *
* @param request
* HttpServletRequest
* @param response
* HttpServletResponse
* @return List of FunctionalMenuItem objects
*/
- @RequestMapping(value = { "/portalApi/functionalMenu" }, method = RequestMethod.GET, produces = "application/json")
+ @GetMapping(value = { "/portalApi/functionalMenu" }, produces = "application/json")
public List<FunctionalMenuItem> getMenuItems(HttpServletRequest request, HttpServletResponse response) {
// TODO: should only the superuser be allowed to use this API?
List<FunctionalMenuItem> menuItems = null;
}
/**
- * RESTful service method to get ECOMP Portal Title.
- *
+ * RESTful service method to get ONAP Portal Title.
+ *
* @param request
* HttpServletRequest
* @param response
* HttpServletResponse
- * @return PortalRestResponse of ECOMP portal title
+ * @return PortalRestResponse of ONAP portal title
*/
- @RequestMapping(value = { "/portalApi/ecompTitle" }, method = RequestMethod.GET, produces = "application/json")
+ @GetMapping(value = { "/portalApi/ecompTitle" }, produces = "application/json")
public PortalRestResponse<String> getECOMPTitle(HttpServletRequest request, HttpServletResponse response) {
PortalRestResponse<String> portalRestResponse = null;
try {
* RESTful service method to fetch all the FunctionalMenuItems, both active and
* inactive, for the EditFunctionalMenu feature. Can only be accessed by the
* portal admin.
- *
+ *
* @param request
* HttpServletRequest
* @param response
* HttpServletResponse
* @return List of FunctionalMenuItem objects
*/
- @RequestMapping(value = {
- "/portalApi/functionalMenuForEditing" }, method = RequestMethod.GET, produces = "application/json")
+ @GetMapping(value = {
+ "/portalApi/functionalMenuForEditing" }, produces = "application/json")
public List<FunctionalMenuItem> getMenuItemsForEditing(HttpServletRequest request, HttpServletResponse response) {
// TODO: should only the superuser be allowed to use this API?
EPUser user = EPUserUtils.getUserSession(request);
/**
* RESTful service method to fetch all the FunctionalMenuItems, active , for the
* Functional menu in notification Tree feature.
- *
+ *
* @param request
* HttpServletRequest
* @param response
* HttpServletResponse
* @return List of FunctionalMenuItem objects
*/
- @RequestMapping(value = {
- "/portalApi/functionalMenuForNotificationTree" }, method = RequestMethod.GET, produces = "application/json")
+ @GetMapping(value = {
+ "/portalApi/functionalMenuForNotificationTree" }, produces = "application/json")
public List<FunctionalMenuItem> getMenuItemsForNotifications(HttpServletRequest request,
HttpServletResponse response) {
// TODO: should only the superuser be allowed to use this API?
/**
* RESTful service method to fetch all FunctionalMenuItems associated with an
* application.
- *
+ *
* @param request
* HttpServletRequest
* @param appId
* application ID
* @return List of FunctionalMenuItem objects
*/
- @RequestMapping(value = {
- "/portalApi/functionalMenuForApp/{appId}" }, method = RequestMethod.GET, produces = "application/json")
+ @GetMapping(value = {
+ "/portalApi/functionalMenuForApp/{appId}" }, produces = "application/json")
public List<FunctionalMenuItem> getMenuItemsForApp(HttpServletRequest request,
@PathVariable("appId") Integer appId) {
// TODO: should only the superuser be allowed to use this API?
/**
* RESTful service method to fetch all FunctionalMenuItems associated with the
* applications and roles that a user has access to.
- *
+ *
* @param request
* HttpServletRequest
* @param orgUserId
* user ID
* @return List of FunctionalMenuItem objects
*/
- @RequestMapping(value = {
- "/portalApi/functionalMenuForUser/{orgUserId}" }, method = RequestMethod.GET, produces = "application/json")
+ @GetMapping(value = {
+ "/portalApi/functionalMenuForUser/{orgUserId}" }, produces = "application/json")
public List<FunctionalMenuItem> getMenuItemsForUser(HttpServletRequest request,
@PathVariable("orgUserId") String orgUserId) {
// TODO: should only the superuser be allowed to use this API?
/**
* RESTful service method to fetch all FunctionalMenuItems associated with the
* applications and roles that the authenticated user has access to.
- *
+ *
* @param request
* HttpServletRequest
* @param response
* HttpServletResponse
* @return List of FunctionalMenuItem objects
*/
- @RequestMapping(value = {
- "/portalApi/functionalMenuForAuthUser" }, method = RequestMethod.GET, produces = "application/json")
+ @GetMapping(value = {
+ "/portalApi/functionalMenuForAuthUser" }, produces = "application/json")
public List<FunctionalMenuItem> getMenuItemsForAuthUser(HttpServletRequest request, HttpServletResponse response) {
EPUser user = EPUserUtils.getUserSession(request);
/**
* RESTful service method to fetch the details for a functional menu item.
- * Requirement: you must be the Ecomp portal super admin user.
- *
+ * Requirement: you must be the ONAP portal super admin user.
+ *
* @param request
* HttpServletRequest
* @param response
* menu ID
* @return FunctionalMenuItem object
*/
- @RequestMapping(value = {
- "/portalApi/functionalMenuItemDetails/{menuId}" }, method = RequestMethod.GET, produces = "application/json")
+ @GetMapping(value = {
+ "/portalApi/functionalMenuItemDetails/{menuId}" }, produces = "application/json")
public FunctionalMenuItem getFunctionalMenuItemDetails(HttpServletRequest request,
@PathVariable("menuId") Long menuId, HttpServletResponse response) {
// TODO: return FunctionalMenuItemJson
/**
* RESTful service method to create a new menu item.
- *
- * Requirement: you must be the Ecomp portal super admin user.
- *
+ *
+ * Requirement: you must be the ONAP portal super admin user.
+ *
* @param request
* HttpServletRequest
* @param response
* FunctionalMenuItemWithRoles
* @return FieldsValidator
*/
- @RequestMapping(value = { "/portalApi/functionalMenuItem" }, method = RequestMethod.POST)
+ @PostMapping(value = { "/portalApi/functionalMenuItem" })
public FieldsValidator createFunctionalMenuItem(HttpServletRequest request,
@RequestBody FunctionalMenuItemWithRoles menuItemJson, HttpServletResponse response) {
EPUser user = EPUserUtils.getUserSession(request);
FieldsValidator fieldsValidator = null;
+
+ if(!dataValidator.isValid(menuItemJson)){
+ fieldsValidator = new FieldsValidator();
+ logger.warn(EELFLoggerDelegate.debugLogger,"FunctionalMenuController.createFunctionalMenuItem not valid object");
+ fieldsValidator.httpStatusCode = (long)HttpServletResponse.SC_NOT_ACCEPTABLE;
+ return fieldsValidator;
+ }
+
if (!adminRolesService.isSuperAdmin(user)) {
logger.debug(EELFLoggerDelegate.debugLogger,
"FunctionalMenuController.createFunctionalMenuItem bad permissions");
/**
* RESTful service method to update an existing menu item
- *
- * Requirement: you must be the Ecomp portal super admin user.
- *
+ *
+ * Requirement: you must be the ONAP portal super admin user.
+ *
* @param request
* HttpServletRequest
* @param response
* FunctionalMenuItemWithRoles
* @return FieldsValidator
*/
- @RequestMapping(value = { "/portalApi/functionalMenuItem" }, method = RequestMethod.PUT)
+ @PutMapping(value = { "/portalApi/functionalMenuItem" })
public FieldsValidator editFunctionalMenuItem(HttpServletRequest request,
@RequestBody FunctionalMenuItemWithRoles menuItemJson, HttpServletResponse response) {
EPUser user = EPUserUtils.getUserSession(request);
FieldsValidator fieldsValidator = null;
+
+ if(!dataValidator.isValid(menuItemJson)){
+ fieldsValidator = new FieldsValidator();
+ logger.warn(EELFLoggerDelegate.debugLogger,"FunctionalMenuController.createFunctionalMenuItem not valid object");
+ fieldsValidator.httpStatusCode = (long)HttpServletResponse.SC_NOT_ACCEPTABLE;
+ return fieldsValidator;
+ }
+
if (!adminRolesService.isSuperAdmin(user)) {
EcompPortalUtils.setBadPermissions(user, response, "editFunctionalMenuItem");
} else {
/**
* RESTful service method to delete a menu item
- *
+ *
* @param request
* HttpServletRequest
* @param response
* menu identifier
* @return FieldsValidator
*/
- @RequestMapping(value = { "/portalApi/functionalMenuItem/{menuId}" }, method = RequestMethod.DELETE)
+ @DeleteMapping(value = { "/portalApi/functionalMenuItem/{menuId}" })
public FieldsValidator deleteFunctionalMenuItem(HttpServletRequest request, @PathVariable("menuId") Long menuId,
HttpServletResponse response) {
EPUser user = EPUserUtils.getUserSession(request);
/**
* RESTful service to regenerate table
- *
+ *
* @param request
* HttpServletRequest
* @param response
* HttpServletResponse
* @return FieldsValidator
*/
- @RequestMapping(value = { "/portalApi/regenerateFunctionalMenuAncestors" }, method = RequestMethod.GET)
+ @GetMapping(value = { "/portalApi/regenerateFunctionalMenuAncestors" })
public FieldsValidator regenerateAncestorTable(HttpServletRequest request, HttpServletResponse response) {
// TODO: should only the superuser be allowed to use this API?
EPUser user = EPUserUtils.getUserSession(request);
/**
* RESful service to set a favorite item.
- *
+ *
* @param request
* HttpServletRequest
* @param response
* FunctionalMenuItemWithRoles
* @return FieldsValidator
*/
- @RequestMapping(value = { "/portalApi/setFavoriteItem" }, method = RequestMethod.POST)
+ @PostMapping(value = { "/portalApi/setFavoriteItem" })
public FieldsValidator addFavoriteItem(HttpServletRequest request,
@RequestBody FavoritesFunctionalMenuItem menuItemJson, HttpServletResponse response) {
EPUser user = EPUserUtils.getUserSession(request);
/**
* RESTful service to get favorites for the current user as identified in the
* session
- *
+ *
* @param request
* HttpServletRequest
* @param response
* HttpServletResponse
* @return List of FavoritesFunctionalMenuItemJson
*/
- @RequestMapping(value = {
- "/portalApi/getFavoriteItems" }, method = RequestMethod.GET, produces = "application/json")
+ @GetMapping(value = {
+ "/portalApi/getFavoriteItems" }, produces = "application/json")
public List<FavoritesFunctionalMenuItemJson> getFavoritesForUser(HttpServletRequest request,
HttpServletResponse response) {
EPUser user = EPUserUtils.getUserSession(request);
/**
* RESTful service to delete a favorite menu item for the current user as
* identified in the session.
- *
+ *
* @param request
* HttpServletRequest
* @param response
* menu identifier
* @return FieldsValidator
*/
- @RequestMapping(value = { "/portalApi/removeFavoriteItem/{menuId}" }, method = RequestMethod.DELETE)
+ @DeleteMapping(value = { "/portalApi/removeFavoriteItem/{menuId}" })
public FieldsValidator deleteFavoriteItem(HttpServletRequest request, @PathVariable("menuId") Long menuId,
HttpServletResponse response) {
EPUser user = EPUserUtils.getUserSession(request);
* session (i.e., the CSP cookie); if that fails, calls the shared context
* service to read the information from the database. Gives back what it found,
* any of which may be null, as a JSON collection.
- *
+ *
* @param request
* HttpServletRequest
* @param response
* HttpServletResponse
* @return JSON collection of key-value pairs shown below.
*/
- @RequestMapping(value = {
- "/portalApi/functionalMenuStaticInfo" }, method = RequestMethod.GET, produces = "application/json")
+ @GetMapping(value = {
+ "/portalApi/functionalMenuStaticInfo" }, produces = "application/json")
public String getFunctionalMenuStaticInfo(HttpServletRequest request, HttpServletResponse response) {
// Get user details from session
logger.debug(EELFLoggerDelegate.debugLogger, "getFunctionalMenuStaticInfo: getting user info");
String fnMenuStaticResponse = null;
try {
- String orgUserIdStr = null, firstNameStr = null, lastNameStr = null, emailStr = null, lastLogin = null;
+ String orgUserIdStr = null;
+ String firstNameStr = null;
+ String lastNameStr = null;
+ String emailStr = null;
+ String lastLogin = null;
EPUser user = EPUserUtils.getUserSession(request);
firstNameStr = user.getFirstName();
lastNameStr = user.getLastName();
EPUser userResult = searchService.searchUserByUserId(orgUserIdStr);
emailStr = userResult.getEmail();
}
- SimpleDateFormat sdf = new SimpleDateFormat("MM/dd/yyyy hh:mm:ssZ");
+ SimpleDateFormat sdf = new SimpleDateFormat("MM/dd/yyyy hh:mm:ss Z a");
Date lastLoginDate = user.getLastLoginDate();
if (lastLoginDate == null) {
// should never happen
// If any item is missing from session, try the Shared Context
// service.
- SharedContext orgUserIdSC = null, firstNameSC = null, lastNameSC = null, emailSC = null;
+ SharedContext orgUserIdSC = null;
+ SharedContext firstNameSC = null;
+ SharedContext lastNameSC = null;
+ SharedContext emailSC = null;
String sessionId = request.getSession().getId();
if (firstNameStr == null)
firstNameSC = sharedContextService.getSharedContext(sessionId,
};
/**
- *
+ *
* @param request
* HttpServletRequest
* @param userId
* @throws IOException
* on error
*/
- @RequestMapping(value = {
- "/portalApi/userApplicationRoles" }, method = RequestMethod.GET, produces = "application/json")
- public List<BusinessCardApplicationRolesList> getAppList(HttpServletRequest request,
+ @GetMapping(value = {
+ "/portalApi/userApplicationRoles" }, produces = "application/json")
+ public List<BusinessCardApplicationRolesList> getAppList(HttpServletRequest request, HttpServletResponse response,
@RequestParam("userId") String userId) throws IOException {
List<BusinessCardApplicationRolesList> AppRoles = null;
+
+ if(!UserUtils.getUserSession(request).getOrgUserId().equalsIgnoreCase(userId)) {
+ logger.error(EELFLoggerDelegate.errorLogger, "Not authorized to view roles of others ");
+ response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+ response.getWriter().flush();
+ return null;
+ }
+
try {
List<BusinessCardApplicationRole> userAppRoleList = functionalMenuService.getUserAppRolesList(userId);