* ===================================================================
* Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
* ===================================================================
+ * Modifications Copyright (c) 2019 Samsung
+ * ===================================================================
*
* Unless otherwise specified, all software contained herein is licensed
* under the Apache License, Version 2.0 (the "License");
*
* ============LICENSE_END============================================
*
- * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+ *
*/
package org.onap.portalapp.portal.controller;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import javax.validation.ConstraintViolation;
+import javax.validation.Valid;
+import javax.validation.Validation;
+import javax.validation.Validator;
+import javax.validation.ValidatorFactory;
import org.apache.commons.lang.StringUtils;
import org.json.JSONObject;
import org.onap.portalapp.controller.EPRestrictedBaseController;
import org.onap.portalapp.portal.domain.EcompAuditLog;
import org.onap.portalapp.portal.ecomp.model.PortalRestResponse;
import org.onap.portalapp.portal.ecomp.model.PortalRestStatusEnum;
+import org.onap.portalapp.portal.ecomp.model.UploadRoleFunctionExtSystem;
import org.onap.portalapp.portal.exceptions.DuplicateRecordException;
import org.onap.portalapp.portal.exceptions.InvalidApplicationException;
import org.onap.portalapp.portal.exceptions.InvalidRoleException;
import org.onap.portalapp.portal.utils.EcompPortalUtils;
import org.onap.portalapp.portal.utils.PortalConstants;
import org.onap.portalapp.util.EPUserUtils;
+import org.onap.portalapp.validation.SecureString;
import org.onap.portalsdk.core.domain.AuditLog;
import org.onap.portalsdk.core.domain.Role;
import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
@EnableAspectJAutoProxy
@EPAuditLog
public class RoleManageController extends EPRestrictedBaseController {
+ private static final ValidatorFactory VALIDATOR_FACTORY = Validation.buildDefaultValidatorFactory();
+
+ private static final String PIPE = "|";
+
private static final String ROLE_INVALID_CHARS = "%=():,\"\"";
private static EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(RoleManageController.class);
mapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
CentralV2Role domainRole = externalAccessRolesService.getRoleInfo(roleId, requestedApp.getUebKey());
// role. toggle active ind
- boolean active = domainRole.isActive();
+ boolean active = domainRole.getActive();
domainRole.setActive(!active);
String result = mapper.writeValueAsString(domainRole);
List<CentralV2Role> roles = externalAccessRolesService.getRolesForApp(requestedApp.getUebKey());
for (CentralV2Role existRole : roles)
if (existRole.getName().equalsIgnoreCase(role.getName()))
- throw new DuplicateRecordException("role already exists: " + existRole.getName());
+ throw new DuplicateRecordException("Role already exists: " + existRole.getName());
domainRole = new CentralV2Role();
domainRole.setName(role.getName());
domainRole.setPriority(role.getPriority());
+ domainRole.setActive(role.getActive());
if (role.getChildRoles() != null && role.getChildRoles().size() > 0) {
for (Object childRole : childRoles) {
domainRole.addChildRole((CentralV2Role) childRole);
+ " and action: " + roleFunction.getAction() + " found while saving!");
}
roleFunction.setCode(externalAccessRolesService.encodeFunctionCode(roleFunction.getCode()));
- roleFunction.setCode(roleFunction.getType() + "|" + roleFunction.getCode() + "|"
+ roleFunction.setCode(roleFunction.getType() + PIPE + roleFunction.getCode() + PIPE
+ roleFunction.getAction());
domainRole.addRoleFunction((CentralV2RoleFunction) roleFunction);
}
}
@RequestMapping(value = { "/portalApi/role_function_list/saveRoleFunction/{appId}" }, method = RequestMethod.POST)
- public PortalRestResponse<String> saveRoleFunction(HttpServletRequest request, HttpServletResponse response, @RequestBody CentralV2RoleFunction roleFunc,
+ public PortalRestResponse<String> saveRoleFunction(HttpServletRequest request, HttpServletResponse response, @Valid @RequestBody CentralV2RoleFunction roleFunc,
@PathVariable("appId") Long appId) throws Exception {
+ if (roleFunc!=null) {
+ Validator validator = VALIDATOR_FACTORY.getValidator();
+ Set<ConstraintViolation<CentralV2RoleFunction>> constraintViolations = validator.validate(roleFunc);
+
+ if(!constraintViolations.isEmpty()){
+ logger.error(EELFLoggerDelegate.errorLogger, "saveRoleFunction: Failed");
+ return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "Data is not valid", "ERROR");
+ }
+ }
EPUser user = EPUserUtils.getUserSession(request);
boolean saveOrUpdateResponse = false;
try {
if (isAuthorizedUser(user, requestedApp)) {
fieldsValidation(requestedApp);
if (requestedApp.getCentralAuth()) {
- CentralV2RoleFunction domainRoleFunction = externalAccessRolesService.getRoleFunction(roleFunc.getCode(),
+ String code = roleFunc.getType()+PIPE+roleFunc.getCode()+PIPE+roleFunc.getAction();
+ CentralV2RoleFunction domainRoleFunction = externalAccessRolesService.getRoleFunction(code,
requestedApp.getUebKey());
+ if(domainRoleFunction != null && (domainRoleFunction.getType() == null || domainRoleFunction.getAction() == null)) {
+ addIfTypeActionDoesNotExits(domainRoleFunction);
+ }
+ boolean isSave = true;
if (domainRoleFunction != null && domainRoleFunction.getCode().equals(roleFunc.getCode())
&& domainRoleFunction.getType().equals(roleFunc.getType())
&& domainRoleFunction.getAction().equals(roleFunc.getAction())) {
domainRoleFunction.setName(roleFunc.getName());
saveOrUpdateResponse = externalAccessRolesService.saveCentralRoleFunction(domainRoleFunction,
requestedApp);
+ isSave = false;
} else {
roleFunc.setAppId(requestedApp.getId());
saveOrUpdateResponse = externalAccessRolesService.saveCentralRoleFunction(roleFunc,
if (saveOrUpdateResponse) {
EPUser requestedUser = externalAccessRolesService.getUser(user.getOrgUserId()).get(0);
EPApp app = externalAccessRolesService.getApp(requestedApp.getUebKey()).get(0);
- CentralV2RoleFunction function = externalAccessRolesService.getRoleFunction(roleFunc.getCode(),
- requestedApp.getUebKey());
- String activityCode = (function.getCode() == null)
+ String activityCode = (isSave)
? EcompAuditLog.CD_ACTIVITY_EXTERNAL_AUTH_ADD_FUNCTION
: EcompAuditLog.CD_ACTIVITY_EXTERNAL_AUTH_UPDATE_FUNCTION;
- logger.info(EELFLoggerDelegate.applicationLogger,
- "saveRoleFunction: succeeded for app {}, function {}", app.getId(), roleFunc.getCode());
- AuditLog auditLog = getAuditInfo(requestedUser, activityCode);
- auditLog.setComments(EcompPortalUtils.truncateString("saveRoleFunction role for app:"
- + app.getId() + " and function:'" + roleFunc.getCode() + "'",
- PortalConstants.AUDIT_LOG_COMMENT_SIZE));
- auditService.logActivity(auditLog, null);
- MDC.put(EPCommonSystemProperties.AUDITLOG_BEGIN_TIMESTAMP,
- EPEELFLoggerAdvice.getCurrentDateTimeUTC());
- MDC.put(EPCommonSystemProperties.AUDITLOG_END_TIMESTAMP,
- EPEELFLoggerAdvice.getCurrentDateTimeUTC());
- EcompPortalUtils.calculateDateTimeDifferenceForLog(
- MDC.get(EPCommonSystemProperties.AUDITLOG_BEGIN_TIMESTAMP),
- MDC.get(EPCommonSystemProperties.AUDITLOG_END_TIMESTAMP));
- logger.info(EELFLoggerDelegate.auditLogger,
- EPLogUtil.formatAuditLogMessage("RoleManageController.saveRoleFunction", activityCode,
- String.valueOf(requestedUser.getId()), requestedUser.getOrgUserId(),
- roleFunc.getCode()));
- MDC.remove(EPCommonSystemProperties.AUDITLOG_BEGIN_TIMESTAMP);
- MDC.remove(EPCommonSystemProperties.AUDITLOG_END_TIMESTAMP);
- MDC.remove(SystemProperties.MDC_TIMER);
+ logExterlaAuthRoleFunctionActivity(code, requestedUser, app, activityCode);
}
} else
throw new NonCentralizedAppException(requestedApp.getName() + " is not Centralized Application");
}
return new PortalRestResponse<>(PortalRestStatusEnum.OK, "Saved Successfully!", "Success");
}
+
+ private void logExterlaAuthRoleFunctionActivity(String code, EPUser requestedUser, EPApp app, String activityCode) {
+ logger.info(EELFLoggerDelegate.applicationLogger,
+ "saveRoleFunction: succeeded for app {}, function {}", app.getId(), code);
+ AuditLog auditLog = getAuditInfo(requestedUser, activityCode);
+ auditLog.setComments(EcompPortalUtils.truncateString("saveRoleFunction role for app:"
+ + app.getId() + " and function:'" + code + "'",
+ PortalConstants.AUDIT_LOG_COMMENT_SIZE));
+ auditService.logActivity(auditLog, null);
+ MDC.put(EPCommonSystemProperties.AUDITLOG_BEGIN_TIMESTAMP,
+ EPEELFLoggerAdvice.getCurrentDateTimeUTC());
+ MDC.put(EPCommonSystemProperties.AUDITLOG_END_TIMESTAMP,
+ EPEELFLoggerAdvice.getCurrentDateTimeUTC());
+ EcompPortalUtils.calculateDateTimeDifferenceForLog(
+ MDC.get(EPCommonSystemProperties.AUDITLOG_BEGIN_TIMESTAMP),
+ MDC.get(EPCommonSystemProperties.AUDITLOG_END_TIMESTAMP));
+ logger.info(EELFLoggerDelegate.auditLogger,
+ EPLogUtil.formatAuditLogMessage("RoleManageController.saveRoleFunction", activityCode,
+ String.valueOf(requestedUser.getId()), requestedUser.getOrgUserId(),
+ code));
+ MDC.remove(EPCommonSystemProperties.AUDITLOG_BEGIN_TIMESTAMP);
+ MDC.remove(EPCommonSystemProperties.AUDITLOG_END_TIMESTAMP);
+ MDC.remove(SystemProperties.MDC_TIMER);
+ }
+
+
+
+ private void addIfTypeActionDoesNotExits(CentralV2RoleFunction domainRoleFunction) {
+ if(domainRoleFunction.getCode().contains(PIPE)) {
+ String newfunctionCodeFormat = EcompPortalUtils.getFunctionCode(domainRoleFunction.getCode());
+ String newfunctionTypeFormat = EcompPortalUtils.getFunctionType(domainRoleFunction.getCode());
+ String newfunctionActionFormat = EcompPortalUtils.getFunctionAction(domainRoleFunction.getCode());
+ domainRoleFunction.setType(newfunctionTypeFormat);
+ domainRoleFunction.setAction(newfunctionActionFormat);
+ domainRoleFunction.setCode(newfunctionCodeFormat);
+ } else {
+ String type = externalAccessRolesService.getFunctionCodeType(domainRoleFunction.getCode());
+ String action = externalAccessRolesService.getFunctionCodeAction(domainRoleFunction.getCode());
+ domainRoleFunction.setType(type);
+ domainRoleFunction.setAction(action);
+ }
+ }
@RequestMapping(value = { "/portalApi/role_function_list/removeRoleFunction/{appId}" }, method = RequestMethod.POST)
public PortalRestResponse<String> removeRoleFunction(HttpServletRequest request, HttpServletResponse response,
@RequestBody String roleFunc, @PathVariable("appId") Long appId) throws Exception {
EPUser user = EPUserUtils.getUserSession(request);
+
+ if (roleFunc!=null) {
+ SecureString secureString = new SecureString(roleFunc);
+
+ Validator validator = VALIDATOR_FACTORY.getValidator();
+ Set<ConstraintViolation<SecureString>> constraintViolations = validator.validate(secureString);
+
+ if(!constraintViolations.isEmpty()){
+ logger.error(EELFLoggerDelegate.errorLogger, "removeRoleFunction: Failed");
+ return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "Data is not valid", "ERROR");
+ }
+ }
+
try {
EPApp requestedApp = appService.getApp(appId);
if (isAuthorizedUser(user, requestedApp)) {
String data = roleFunc;
boolean getDelFuncResponse = false;
CentralV2RoleFunction availableRoleFunction = mapper.readValue(data, CentralV2RoleFunction.class);
- String code = availableRoleFunction.getType() + "|" + availableRoleFunction.getCode() + "|"
+ String code = availableRoleFunction.getType() + PIPE + availableRoleFunction.getCode() + PIPE
+ availableRoleFunction.getAction();
CentralV2RoleFunction domainRoleFunction = externalAccessRolesService.getRoleFunction(code,
requestedApp.getUebKey());
- if (domainRoleFunction.getCode().contains("|")) {
- getDelFuncResponse = externalAccessRolesService
- .deleteCentralRoleFunction(code, requestedApp);
- } else {
- getDelFuncResponse = externalAccessRolesService
- .deleteCentralRoleFunction(domainRoleFunction.getCode(), requestedApp);
- }
+ getDelFuncResponse = externalAccessRolesService
+ .deleteCentralRoleFunction(domainRoleFunction.getCode(), requestedApp);
if (getDelFuncResponse) {
logger.info(EELFLoggerDelegate.applicationLogger,
"deleteRoleFunction: succeeded for app {}, role {}", requestedApp.getId(),
@RequestMapping(value = { "/portalApi/centralizedApps" }, method = RequestMethod.GET)
public List<CentralizedApp> getCentralizedAppRoles(HttpServletRequest request, HttpServletResponse response, String userId) throws IOException {
+ if(userId!=null) {
+ SecureString secureString = new SecureString(userId);
+
+ Validator validator = VALIDATOR_FACTORY.getValidator();
+ Set<ConstraintViolation<SecureString>> constraintViolations = validator.validate(secureString);
+
+ if(!constraintViolations.isEmpty()){
+ logger.error(EELFLoggerDelegate.errorLogger, "removeRoleFunction: Failed");
+ return null;
+ }
+ }
+
EPUser user = EPUserUtils.getUserSession(request);
List<CentralizedApp> applicationsList = null;
- if (adminRolesService.isAccountAdmin(user) || adminRolesService.isSuperAdmin(user)) {
+ if (adminRolesService.isAccountAdmin(user) || adminRolesService.isSuperAdmin(user) || adminRolesService.isRoleAdmin(user)) {
applicationsList = externalAccessRolesService.getCentralizedAppsOfUser(userId);
} else {
logger.info(EELFLoggerDelegate.auditLogger,
externalAccessRolesService.syncApplicationRolesWithEcompDB(app);
} else {
logger.info(EELFLoggerDelegate.auditLogger,
- "RoleManageController.syncRoles, Unauthorized user:" + user.getOrgUserId());
+ "RoleManageController.syncRoles, Unauthorized user:{}", user != null ? user.getOrgUserId() : "");
EcompPortalUtils.setBadPermissions(user, response, "createAdmin");
return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "Unauthorized User", "Failure");
}
EPApp app = appService.getApp(appId);
if (isAuthorizedUser(user, app)) {
fieldsValidation(app);
- externalAccessRolesService.syncRoleFunctionFromExternalAccessSystem(app);;
+ externalAccessRolesService.syncRoleFunctionFromExternalAccessSystem(app);
} else {
logger.info(EELFLoggerDelegate.auditLogger,
- "RoleManageController.syncFunctions, Unauthorized user:" + user.getOrgUserId());
+ "RoleManageController.syncFunctions, Unauthorized user:{}", user != null ? user.getOrgUserId() : "");
EcompPortalUtils.setBadPermissions(user, response, "createAdmin");
return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "Unauthorized User", "Failure");
}
Iterator<CentralV2Role> availableChildRolesIterator = availableChildRoles.iterator();
while (availableChildRolesIterator.hasNext()) {
CentralV2Role role = availableChildRolesIterator.next();
- if (!role.isActive() || allParentRoles.contains(role) || role.getId().equals(roleId)) {
+ if (!role.getActive() || allParentRoles.contains(role) || role.getId().equals(roleId)) {
availableChildRolesIterator.remove();
}
}
app.getUebKey();
List<EPApp> appInfo = externalAccessRolesService.getApp(app.getUebKey());
if(appInfo.isEmpty()){
- throw new InvalidApplicationException("Invalid uebkey");
+ throw new InvalidApplicationException("Invalid credentials");
}
if(!appInfo.isEmpty() && EcompPortalUtils.checkIfRemoteCentralAccessAllowed() && appInfo.get(0).getCentralAuth()){
ResponseEntity<String> response = externalAccessRolesService.getNameSpaceIfExists(appInfo.get(0));
EcompPortalUtils.setBadPermissions(user, response, "createAdmin");
response.getWriter().write("Unauthorized User");
}
+
+ @RequestMapping(value = { "/portalApi/uploadRoleFunction/{appId}" }, method = RequestMethod.POST, produces = "application/json")
+ public PortalRestResponse<String> bulkUploadRoleFunc(HttpServletRequest request, HttpServletResponse response,
+ @RequestBody UploadRoleFunctionExtSystem data, @PathVariable("appId") Long appId) {
+ EPUser user = EPUserUtils.getUserSession(request);
+ try {
+ EPApp app = appService.getApp(appId);
+ if (isAuthorizedUser(user, app)) {
+ fieldsValidation(app);
+ externalAccessRolesService.bulkUploadRoleFunc(data, app);
+ String activityCode = EcompAuditLog.CD_ACTIVITY_EXTERNAL_AUTH_UPDATE_ROLE_AND_FUNCTION;
+ String code = data.getName()+","+data.getType()+ PIPE + data.getInstance() + PIPE + data.getAction();
+ logExterlaAuthRoleFunctionActivity(code , user, app, activityCode);
+ } else {
+ logger.info(EELFLoggerDelegate.auditLogger,
+ "RoleManageController.syncRoles, Unauthorized user:{}", user != null ? user.getOrgUserId() : "");
+ EcompPortalUtils.setBadPermissions(user, response, "createAdmin");
+ return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "Unauthorized User", "Failure");
+ }
+ } catch (Exception e) {
+ logger.error(EELFLoggerDelegate.errorLogger, "Failed bulkUploadRoleFunc!", e);
+ return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, e.getMessage(), "Failed");
+ }
+ return new PortalRestResponse<>(PortalRestStatusEnum.OK, "Uploaded Role Function successfully!", "Success");
+ }
}
Code Review / portal.git / blobdiff