Merge "Junit for RestObject scheduler"

[portal.git] / ecomp-portal-BE-common / src / main / java / org / onap / portalapp / portal / controller / FunctionalMenuController.java

diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/FunctionalMenuController.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/FunctionalMenuController.java
index 97af437..4a94748 100644 (file)
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/FunctionalMenuController.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/FunctionalMenuController.java
@@ -49,6 +49,7 @@ import java.util.Map;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import javax.ws.rs.core.Response;
 
 import org.json.JSONObject;
 import org.onap.portalapp.controller.EPRestrictedBaseController;
@@ -74,6 +75,7 @@ import org.onap.portalapp.util.EPUserUtils;
 import org.onap.portalapp.validation.DataValidator;
 import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
 import org.onap.portalsdk.core.util.SystemProperties;
+import org.onap.portalsdk.core.web.support.UserUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.EnableAspectJAutoProxy;
@@ -562,7 +564,11 @@ public class FunctionalMenuController extends EPRestrictedBaseController {
                logger.debug(EELFLoggerDelegate.debugLogger, "getFunctionalMenuStaticInfo: getting user info");
                String fnMenuStaticResponse = null;
                try {
-                       String orgUserIdStr = null, firstNameStr = null, lastNameStr = null, emailStr = null, lastLogin = null;
+                       String orgUserIdStr = null;
+            String firstNameStr = null;
+            String lastNameStr = null;
+            String emailStr = null;
+            String lastLogin = null;
                        EPUser user = EPUserUtils.getUserSession(request);
                        firstNameStr = user.getFirstName();
                        lastNameStr = user.getLastName();
@@ -584,7 +590,10 @@ public class FunctionalMenuController extends EPRestrictedBaseController {
 
                        // If any item is missing from session, try the Shared Context
                        // service.
-                       SharedContext orgUserIdSC = null, firstNameSC = null, lastNameSC = null, emailSC = null;
+                       SharedContext orgUserIdSC = null;
+                       SharedContext firstNameSC = null;
+                       SharedContext lastNameSC = null;
+                       SharedContext emailSC = null;
                        String sessionId = request.getSession().getId();
                        if (firstNameStr == null)
                                firstNameSC = sharedContextService.getSharedContext(sessionId,
@@ -641,10 +650,18 @@ public class FunctionalMenuController extends EPRestrictedBaseController {
         */
        @RequestMapping(value = {
                        "/portalApi/userApplicationRoles" }, method = RequestMethod.GET, produces = "application/json")
-       public List<BusinessCardApplicationRolesList> getAppList(HttpServletRequest request,
+       public List<BusinessCardApplicationRolesList> getAppList(HttpServletRequest request, HttpServletResponse response,
                        @RequestParam("userId") String userId) throws IOException {
 
                List<BusinessCardApplicationRolesList> AppRoles = null;
+               
+               if(!UserUtils.getUserSession(request).getOrgUserId().equalsIgnoreCase(userId)) {
+                       logger.error(EELFLoggerDelegate.errorLogger, "Not authorized to view roles of others ");
+                       response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+                       response.getWriter().flush();
+                       return null;
+               }
+                       
                try {
                        List<BusinessCardApplicationRole> userAppRoleList = functionalMenuService.getUserAppRolesList(userId);