* ===================================================================
* Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
* ===================================================================
+ * Modification Copyright © 2020 IBM.
+ * ===================================================================
*
* Unless otherwise specified, all software contained herein is licensed
* under the Apache License, Version 2.0 (the "License");
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import javax.ws.rs.core.Response;
import org.json.JSONObject;
import org.onap.portalapp.controller.EPRestrictedBaseController;
import org.onap.portalapp.validation.DataValidator;
import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
import org.onap.portalsdk.core.util.SystemProperties;
+import org.onap.portalsdk.core.web.support.UserUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.EnableAspectJAutoProxy;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.PutMapping;
+import org.springframework.web.bind.annotation.DeleteMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;
* HttpServletResponse
* @return List of FunctionalMenuItem objects
*/
- @RequestMapping(value = { "/portalApi/functionalMenu" }, method = RequestMethod.GET, produces = "application/json")
+ @GetMapping(value = { "/portalApi/functionalMenu" }, produces = "application/json")
public List<FunctionalMenuItem> getMenuItems(HttpServletRequest request, HttpServletResponse response) {
// TODO: should only the superuser be allowed to use this API?
List<FunctionalMenuItem> menuItems = null;
* HttpServletResponse
* @return PortalRestResponse of ONAP portal title
*/
- @RequestMapping(value = { "/portalApi/ecompTitle" }, method = RequestMethod.GET, produces = "application/json")
+ @GetMapping(value = { "/portalApi/ecompTitle" }, produces = "application/json")
public PortalRestResponse<String> getECOMPTitle(HttpServletRequest request, HttpServletResponse response) {
PortalRestResponse<String> portalRestResponse = null;
try {
* HttpServletResponse
* @return List of FunctionalMenuItem objects
*/
- @RequestMapping(value = {
- "/portalApi/functionalMenuForEditing" }, method = RequestMethod.GET, produces = "application/json")
+ @GetMapping(value = {
+ "/portalApi/functionalMenuForEditing" }, produces = "application/json")
public List<FunctionalMenuItem> getMenuItemsForEditing(HttpServletRequest request, HttpServletResponse response) {
// TODO: should only the superuser be allowed to use this API?
EPUser user = EPUserUtils.getUserSession(request);
* HttpServletResponse
* @return List of FunctionalMenuItem objects
*/
- @RequestMapping(value = {
- "/portalApi/functionalMenuForNotificationTree" }, method = RequestMethod.GET, produces = "application/json")
+ @GetMapping(value = {
+ "/portalApi/functionalMenuForNotificationTree" }, produces = "application/json")
public List<FunctionalMenuItem> getMenuItemsForNotifications(HttpServletRequest request,
HttpServletResponse response) {
// TODO: should only the superuser be allowed to use this API?
* application ID
* @return List of FunctionalMenuItem objects
*/
- @RequestMapping(value = {
- "/portalApi/functionalMenuForApp/{appId}" }, method = RequestMethod.GET, produces = "application/json")
+ @GetMapping(value = {
+ "/portalApi/functionalMenuForApp/{appId}" }, produces = "application/json")
public List<FunctionalMenuItem> getMenuItemsForApp(HttpServletRequest request,
@PathVariable("appId") Integer appId) {
// TODO: should only the superuser be allowed to use this API?
* user ID
* @return List of FunctionalMenuItem objects
*/
- @RequestMapping(value = {
- "/portalApi/functionalMenuForUser/{orgUserId}" }, method = RequestMethod.GET, produces = "application/json")
+ @GetMapping(value = {
+ "/portalApi/functionalMenuForUser/{orgUserId}" }, produces = "application/json")
public List<FunctionalMenuItem> getMenuItemsForUser(HttpServletRequest request,
@PathVariable("orgUserId") String orgUserId) {
// TODO: should only the superuser be allowed to use this API?
* HttpServletResponse
* @return List of FunctionalMenuItem objects
*/
- @RequestMapping(value = {
- "/portalApi/functionalMenuForAuthUser" }, method = RequestMethod.GET, produces = "application/json")
+ @GetMapping(value = {
+ "/portalApi/functionalMenuForAuthUser" }, produces = "application/json")
public List<FunctionalMenuItem> getMenuItemsForAuthUser(HttpServletRequest request, HttpServletResponse response) {
EPUser user = EPUserUtils.getUserSession(request);
* menu ID
* @return FunctionalMenuItem object
*/
- @RequestMapping(value = {
- "/portalApi/functionalMenuItemDetails/{menuId}" }, method = RequestMethod.GET, produces = "application/json")
+ @GetMapping(value = {
+ "/portalApi/functionalMenuItemDetails/{menuId}" }, produces = "application/json")
public FunctionalMenuItem getFunctionalMenuItemDetails(HttpServletRequest request,
@PathVariable("menuId") Long menuId, HttpServletResponse response) {
// TODO: return FunctionalMenuItemJson
* FunctionalMenuItemWithRoles
* @return FieldsValidator
*/
- @RequestMapping(value = { "/portalApi/functionalMenuItem" }, method = RequestMethod.POST)
+ @PostMapping(value = { "/portalApi/functionalMenuItem" })
public FieldsValidator createFunctionalMenuItem(HttpServletRequest request,
@RequestBody FunctionalMenuItemWithRoles menuItemJson, HttpServletResponse response) {
EPUser user = EPUserUtils.getUserSession(request);
* FunctionalMenuItemWithRoles
* @return FieldsValidator
*/
- @RequestMapping(value = { "/portalApi/functionalMenuItem" }, method = RequestMethod.PUT)
+ @PutMapping(value = { "/portalApi/functionalMenuItem" })
public FieldsValidator editFunctionalMenuItem(HttpServletRequest request,
@RequestBody FunctionalMenuItemWithRoles menuItemJson, HttpServletResponse response) {
EPUser user = EPUserUtils.getUserSession(request);
* menu identifier
* @return FieldsValidator
*/
- @RequestMapping(value = { "/portalApi/functionalMenuItem/{menuId}" }, method = RequestMethod.DELETE)
+ @DeleteMapping(value = { "/portalApi/functionalMenuItem/{menuId}" })
public FieldsValidator deleteFunctionalMenuItem(HttpServletRequest request, @PathVariable("menuId") Long menuId,
HttpServletResponse response) {
EPUser user = EPUserUtils.getUserSession(request);
* HttpServletResponse
* @return FieldsValidator
*/
- @RequestMapping(value = { "/portalApi/regenerateFunctionalMenuAncestors" }, method = RequestMethod.GET)
+ @GetMapping(value = { "/portalApi/regenerateFunctionalMenuAncestors" })
public FieldsValidator regenerateAncestorTable(HttpServletRequest request, HttpServletResponse response) {
// TODO: should only the superuser be allowed to use this API?
EPUser user = EPUserUtils.getUserSession(request);
* FunctionalMenuItemWithRoles
* @return FieldsValidator
*/
- @RequestMapping(value = { "/portalApi/setFavoriteItem" }, method = RequestMethod.POST)
+ @PostMapping(value = { "/portalApi/setFavoriteItem" })
public FieldsValidator addFavoriteItem(HttpServletRequest request,
@RequestBody FavoritesFunctionalMenuItem menuItemJson, HttpServletResponse response) {
EPUser user = EPUserUtils.getUserSession(request);
* HttpServletResponse
* @return List of FavoritesFunctionalMenuItemJson
*/
- @RequestMapping(value = {
- "/portalApi/getFavoriteItems" }, method = RequestMethod.GET, produces = "application/json")
+ @GetMapping(value = {
+ "/portalApi/getFavoriteItems" }, produces = "application/json")
public List<FavoritesFunctionalMenuItemJson> getFavoritesForUser(HttpServletRequest request,
HttpServletResponse response) {
EPUser user = EPUserUtils.getUserSession(request);
* menu identifier
* @return FieldsValidator
*/
- @RequestMapping(value = { "/portalApi/removeFavoriteItem/{menuId}" }, method = RequestMethod.DELETE)
+ @DeleteMapping(value = { "/portalApi/removeFavoriteItem/{menuId}" })
public FieldsValidator deleteFavoriteItem(HttpServletRequest request, @PathVariable("menuId") Long menuId,
HttpServletResponse response) {
EPUser user = EPUserUtils.getUserSession(request);
* HttpServletResponse
* @return JSON collection of key-value pairs shown below.
*/
- @RequestMapping(value = {
- "/portalApi/functionalMenuStaticInfo" }, method = RequestMethod.GET, produces = "application/json")
+ @GetMapping(value = {
+ "/portalApi/functionalMenuStaticInfo" }, produces = "application/json")
public String getFunctionalMenuStaticInfo(HttpServletRequest request, HttpServletResponse response) {
// Get user details from session
logger.debug(EELFLoggerDelegate.debugLogger, "getFunctionalMenuStaticInfo: getting user info");
String fnMenuStaticResponse = null;
try {
- String orgUserIdStr = null, firstNameStr = null, lastNameStr = null, emailStr = null, lastLogin = null;
+ String orgUserIdStr = null;
+ String firstNameStr = null;
+ String lastNameStr = null;
+ String emailStr = null;
+ String lastLogin = null;
+ boolean isSystemUser = false;
EPUser user = EPUserUtils.getUserSession(request);
firstNameStr = user.getFirstName();
lastNameStr = user.getLastName();
orgUserIdStr = user.getOrgUserId();
+ isSystemUser = user.isSystemUser();
emailStr = user.getEmail();
if (emailStr == null || emailStr.equals("")) {
- EPUser userResult = searchService.searchUserByUserId(orgUserIdStr);
- emailStr = userResult.getEmail();
+ try {
+ EPUser userResult = searchService.searchUserByUserId(orgUserIdStr);
+ emailStr = userResult.getEmail();
+ }catch(Exception ex) {
+ logger.error(EELFLoggerDelegate.errorLogger, "searchUserByUserId call failed", ex);
+ }
}
SimpleDateFormat sdf = new SimpleDateFormat("MM/dd/yyyy hh:mm:ss Z a");
Date lastLoginDate = user.getLastLoginDate();
// If any item is missing from session, try the Shared Context
// service.
- SharedContext orgUserIdSC = null, firstNameSC = null, lastNameSC = null, emailSC = null;
+ SharedContext orgUserIdSC = null;
+ SharedContext firstNameSC = null;
+ SharedContext lastNameSC = null;
+ SharedContext emailSC = null;
String sessionId = request.getSession().getId();
if (firstNameStr == null)
firstNameSC = sharedContextService.getSharedContext(sessionId,
map.put("userId",
orgUserIdStr != null ? orgUserIdStr : (orgUserIdSC != null ? orgUserIdSC.getCvalue() : null));
map.put("last_login", lastLogin);
+ map.put("isSystemUser", String.valueOf(isSystemUser));
JSONObject j = new JSONObject(map);
fnMenuStaticResponse = j.toString();
// Be chatty in the log
* @throws IOException
* on error
*/
- @RequestMapping(value = {
- "/portalApi/userApplicationRoles" }, method = RequestMethod.GET, produces = "application/json")
- public List<BusinessCardApplicationRolesList> getAppList(HttpServletRequest request,
+ @GetMapping(value = {
+ "/portalApi/userApplicationRoles" }, produces = "application/json")
+ public List<BusinessCardApplicationRolesList> getAppList(HttpServletRequest request, HttpServletResponse response,
@RequestParam("userId") String userId) throws IOException {
List<BusinessCardApplicationRolesList> AppRoles = null;
+
+ if(!UserUtils.getUserSession(request).getOrgUserId().equalsIgnoreCase(userId)) {
+ logger.error(EELFLoggerDelegate.errorLogger, "Not authorized to view roles of others ");
+ response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+ response.getWriter().flush();
+ return null;
+ }
+
try {
List<BusinessCardApplicationRole> userAppRoleList = functionalMenuService.getUserAppRolesList(userId);