import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import javax.ws.rs.core.Response;
import org.json.JSONObject;
import org.onap.portalapp.controller.EPRestrictedBaseController;
import org.onap.portalapp.validation.DataValidator;
import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
import org.onap.portalsdk.core.util.SystemProperties;
+import org.onap.portalsdk.core.web.support.UserUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.EnableAspectJAutoProxy;
logger.debug(EELFLoggerDelegate.debugLogger, "getFunctionalMenuStaticInfo: getting user info");
String fnMenuStaticResponse = null;
try {
- String orgUserIdStr = null, firstNameStr = null, lastNameStr = null, emailStr = null, lastLogin = null;
+ String orgUserIdStr = null;
+ String firstNameStr = null;
+ String lastNameStr = null;
+ String emailStr = null;
+ String lastLogin = null;
EPUser user = EPUserUtils.getUserSession(request);
firstNameStr = user.getFirstName();
lastNameStr = user.getLastName();
// If any item is missing from session, try the Shared Context
// service.
- SharedContext orgUserIdSC = null, firstNameSC = null, lastNameSC = null, emailSC = null;
+ SharedContext orgUserIdSC = null;
+ SharedContext firstNameSC = null;
+ SharedContext lastNameSC = null;
+ SharedContext emailSC = null;
String sessionId = request.getSession().getId();
if (firstNameStr == null)
firstNameSC = sharedContextService.getSharedContext(sessionId,
*/
@RequestMapping(value = {
"/portalApi/userApplicationRoles" }, method = RequestMethod.GET, produces = "application/json")
- public List<BusinessCardApplicationRolesList> getAppList(HttpServletRequest request,
+ public List<BusinessCardApplicationRolesList> getAppList(HttpServletRequest request, HttpServletResponse response,
@RequestParam("userId") String userId) throws IOException {
List<BusinessCardApplicationRolesList> AppRoles = null;
+
+ if(!UserUtils.getUserSession(request).getOrgUserId().equalsIgnoreCase(userId)) {
+ logger.error(EELFLoggerDelegate.errorLogger, "Not authorized to view roles of others ");
+ response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+ response.getWriter().flush();
+ return null;
+ }
+
try {
List<BusinessCardApplicationRole> userAppRoleList = functionalMenuService.getUserAppRolesList(userId);