pushing error and audit log changes for portal

[portal.git] / ecomp-portal-BE-common / src / main / java / org / onap / portalapp / portal / controller / PortalAdminController.java

diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/PortalAdminController.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/PortalAdminController.java
index e77f8f9..4d687e4 100644 (file)
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/PortalAdminController.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/PortalAdminController.java
@@ -4,6 +4,8 @@
  * ===================================================================
  * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
  * ===================================================================
+ *  Modification Copyright © 2020 IBM.
+ * ===================================================================
  *
  * Unless otherwise specified, all software contained herein is licensed
  * under the Apache License, Version 2.0 (the "License");
@@ -33,7 +35,7 @@
  *
  * ============LICENSE_END============================================
  *
- * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+ * 
  */
 package org.onap.portalapp.portal.controller;
 
@@ -56,34 +58,44 @@ import org.onap.portalapp.portal.transport.PortalAdmin;
 import org.onap.portalapp.portal.utils.EPCommonSystemProperties;
 import org.onap.portalapp.portal.utils.EcompPortalUtils;
 import org.onap.portalapp.util.EPUserUtils;
+import org.onap.portalapp.validation.DataValidator;
+import org.onap.portalapp.validation.SecureString;
 import org.onap.portalsdk.core.domain.AuditLog;
 import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
 import org.onap.portalsdk.core.service.AuditService;
 import org.onap.portalsdk.core.util.SystemProperties;
 import org.slf4j.MDC;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.EnableAspectJAutoProxy;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestBody;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.DeleteMapping;
 import org.springframework.web.bind.annotation.RestController;
 
 @RestController
-@org.springframework.context.annotation.Configuration
+@Configuration
 @EnableAspectJAutoProxy
 @EPAuditLog
 public class PortalAdminController extends EPRestrictedBaseController {
-       @Autowired
-       PortalAdminService portalAdminService;
-       @Autowired
-       AdminRolesService adminRolesService;
-       @Autowired
-       AuditService auditService;
+       private static final EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(PortalAdminController.class);
+       private static final DataValidator DATA_VALIDATOR = new DataValidator();
+
+       private PortalAdminService portalAdminService;
+       private AdminRolesService adminRolesService;
+       private AuditService auditService;
 
-       EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(PortalAdminController.class);
+       @Autowired
+       public PortalAdminController(PortalAdminService portalAdminService,
+               AdminRolesService adminRolesService, AuditService auditService){
+               this.portalAdminService = portalAdminService;
+               this.adminRolesService = adminRolesService;
+               this.auditService = auditService;
+       }
 
-       @RequestMapping(value = { "/portalApi/portalAdmins" }, method = RequestMethod.GET, produces = "application/json")
+       @GetMapping(value = { "/portalApi/portalAdmins" }, produces = "application/json")
        public List<PortalAdmin> getPortalAdmins(HttpServletRequest request, HttpServletResponse response) {
                EPUser user = EPUserUtils.getUserSession(request);
                List<PortalAdmin> portalAdmins = null;
@@ -105,18 +117,21 @@ public class PortalAdminController extends EPRestrictedBaseController {
 
        /**
         * RESTful service method to create a new portal admin. Requirement: you
-        * must be the Ecomp portal super admin user.
+        * must be the ONAP portal super admin user.
         * @param request 
         * @param userId 
         * @param response 
         * @return FieldsValidator 
         */
-       @RequestMapping(value = { "/portalApi/portalAdmin" }, method = RequestMethod.POST)
+       @PostMapping(value = { "/portalApi/portalAdmin" })
        public FieldsValidator createPortalAdmin(HttpServletRequest request, @RequestBody String userId,
                        HttpServletResponse response) {
                EPUser user = EPUserUtils.getUserSession(request);
                FieldsValidator fieldsValidator = null;
-               if (user == null) {
+               if(!DATA_VALIDATOR.isValid(new SecureString(userId))){
+                       logger.debug(EELFLoggerDelegate.debugLogger, "PortalAdminController.createPortalAdmin not valid userId");
+                       EcompPortalUtils.setBadPermissions(user, response, "createPortalAdmin");
+               }else if (user == null) {
                        logger.debug(EELFLoggerDelegate.debugLogger, "PortalAdminController.createPortalAdmin, null user");
                        EcompPortalUtils.setBadPermissions(user, response, "createPortalAdmin");
                } else if (!adminRolesService.isSuperAdmin(user)) {
@@ -136,18 +151,11 @@ public class PortalAdminController extends EPRestrictedBaseController {
                                } catch (Exception e) {
                                        logger.error(EELFLoggerDelegate.errorLogger, "createPortalAdmin: failed for save audit log", e);
                                }
-                               MDC.put(EPCommonSystemProperties.AUDITLOG_BEGIN_TIMESTAMP, EPEELFLoggerAdvice.getCurrentDateTimeUTC());
-                               MDC.put(EPCommonSystemProperties.AUDITLOG_END_TIMESTAMP, EPEELFLoggerAdvice.getCurrentDateTimeUTC());
-                               EcompPortalUtils.calculateDateTimeDifferenceForLog(
-                                               MDC.get(EPCommonSystemProperties.AUDITLOG_BEGIN_TIMESTAMP),
-                                               MDC.get(EPCommonSystemProperties.AUDITLOG_END_TIMESTAMP));
-                               logger.info(EELFLoggerDelegate.auditLogger,
-                                               EPLogUtil.formatAuditLogMessage("PortalAdminController.createPortalAdmin",
-                                                               EcompAuditLog.CD_ACTIVITY_ADD_PORTAL_ADMIN, user.getOrgUserId(), userId,
-                                                               "A new Portal Admin has been added"));
-                               MDC.remove(EPCommonSystemProperties.AUDITLOG_BEGIN_TIMESTAMP);
-                               MDC.remove(EPCommonSystemProperties.AUDITLOG_END_TIMESTAMP);
-                               MDC.remove(SystemProperties.MDC_TIMER);
+                               String auditMessageInfo = EPLogUtil.formatAuditLogMessage("PortalAdminController.createPortalAdmin",
+                                                       EcompAuditLog.CD_ACTIVITY_ADD_PORTAL_ADMIN, user.getOrgUserId(), userId,
+                                                       "A new Portal Admin has been added");           
+                       
+                               EPLogUtil.logAuditMessage(logger, auditMessageInfo);
                        }
                }
                EcompPortalUtils.logAndSerializeObject(logger, "/portalAdmin", "POST result =", response.getStatus());
@@ -155,9 +163,15 @@ public class PortalAdminController extends EPRestrictedBaseController {
                return fieldsValidator;
        }
 
-       @RequestMapping(value = { "/portalApi/portalAdmin/{userInfo}" }, method = RequestMethod.DELETE)
+       @DeleteMapping(value = { "/portalApi/portalAdmin/{userInfo}" })
        public FieldsValidator deletePortalAdmin(HttpServletRequest request, @PathVariable("userInfo") String userInfo,
                        HttpServletResponse response) {
+
+               if(!DATA_VALIDATOR.isValid(new SecureString(userInfo))){
+                       logger.debug(EELFLoggerDelegate.debugLogger, "PortalAdminController.deletePortalAdmin not valid userId");
+                       return null;
+               }
+
                int userIdIdx = userInfo.indexOf("-");
                Long userId = null;
                String sbcid = null;
@@ -187,19 +201,12 @@ public class PortalAdminController extends EPRestrictedBaseController {
                                auditLog.setActivityCode(EcompAuditLog.CD_ACTIVITY_DELETE_PORTAL_ADMIN);
                                auditLog.setAffectedRecordId(sbcid);
                                auditService.logActivity(auditLog, null);
-                               
-                               MDC.put(EPCommonSystemProperties.AUDITLOG_BEGIN_TIMESTAMP, EPEELFLoggerAdvice.getCurrentDateTimeUTC());
-                               MDC.put(EPCommonSystemProperties.AUDITLOG_END_TIMESTAMP, EPEELFLoggerAdvice.getCurrentDateTimeUTC());
-                               EcompPortalUtils.calculateDateTimeDifferenceForLog(
-                                               MDC.get(EPCommonSystemProperties.AUDITLOG_BEGIN_TIMESTAMP),
-                                               MDC.get(EPCommonSystemProperties.AUDITLOG_END_TIMESTAMP));
-                               logger.info(EELFLoggerDelegate.auditLogger,
-                                               EPLogUtil.formatAuditLogMessage("PortalAdminController.deletePortalAdmin",
-                                                               EcompAuditLog.CD_ACTIVITY_DELETE_PORTAL_ADMIN, user.getOrgUserId(), sbcid,
-                                                               "A Portal Admin has been deleted"));
-                               MDC.remove(EPCommonSystemProperties.AUDITLOG_BEGIN_TIMESTAMP);
-                               MDC.remove(EPCommonSystemProperties.AUDITLOG_END_TIMESTAMP);
-                               MDC.remove(SystemProperties.MDC_TIMER);
+                               String auditMessageInfo = EPLogUtil.formatAuditLogMessage("PortalAdminController.deletePortalAdmin",
+                                               EcompAuditLog.CD_ACTIVITY_DELETE_PORTAL_ADMIN, user.getOrgUserId(), sbcid,
+                                               "A Portal Admin has been deleted");             
+               
+                               EPLogUtil.logAuditMessage(logger, auditMessageInfo);
+                       
                        }
                }
                EcompPortalUtils.logAndSerializeObject(logger, "/portalAdmin", "DELETE result =", response.getStatus());
@@ -207,8 +214,8 @@ public class PortalAdminController extends EPRestrictedBaseController {
                return fieldsValidator;
        }
 
-       @RequestMapping(value = {
-                       "/portalApi/adminAppsRoles/{appId}" }, method = RequestMethod.GET, produces = "application/json")
+       @GetMapping(value = {
+                       "/portalApi/adminAppsRoles/{appId}" }, produces = "application/json")
        public List<EPRole> getRolesByApp(HttpServletRequest request, @PathVariable("appId") Long appId,
                        HttpServletResponse response) {
                EPUser user = EPUserUtils.getUserSession(request);