* ============LICENSE_START==========================================
* ONAP Portal
* ===================================================================
- * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved.
+ * Copyright (C) 2020 AT&T Intellectual Property. All rights reserved.
* ===================================================================
*
* Unless otherwise specified, all software contained herein is licensed
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
+import org.springframework.web.client.HttpClientErrorException;
import org.springframework.web.client.RestTemplate;
import com.fasterxml.jackson.core.JsonProcessingException;
*
* @param userId
*/
- protected boolean createLocalUserIfNecessary(String userId) {
+ protected void createLocalUserIfNecessary(String userId,boolean isSystemUser) {
if (StringUtils.isEmpty(userId)) {
logger.error(EELFLoggerDelegate.errorLogger, "createLocalUserIfNecessary : empty userId!");
- return false;
+ return;
}
Session localSession = null;
Transaction transaction = null;
transaction = localSession.beginTransaction();
@SuppressWarnings("unchecked")
List<EPUser> userList = localSession
- .createQuery("from :name where orgUserId=:userId")
- .setParameter("name",EPUser.class.getName())
+ .createQuery("from EPUser where orgUserId=:userId")
.setParameter("userId",userId)
.list();
if (userList.size() == 0) {
- EPUser client = searchService.searchUserByUserId(userId);
+ EPUser client = null;
+ if (!isSystemUser) {
+ client = searchService.searchUserByUserId(userId);
+ } else {
+ client = new EPUser();
+ client.setOrgUserId(userId);
+ client.setSystemUser(true);
+ if (userId.indexOf("@") != -1) {
+ client.setFirstName(userId.substring(0,userId.indexOf("@")));
+ }
+ else {
+ client.setFirstName(userId);
+ }
+ }
if (client == null) {
String msg = "createLocalUserIfNecessary: cannot create user " + userId
+ ", because not found in phonebook";
}
}
transaction.commit();
- return true;
} catch (Exception e) {
EPLogUtil.logEcompError(logger, EPAppMessagesEnum.BeDaoSystemError, e);
EcompPortalUtils.rollbackTransaction(transaction, "searchOrCreateUser rollback, exception = " + e);
- return false;
} finally {
EcompPortalUtils.closeLocalSession(localSession, "searchOrCreateUser");
}
* set to false if request is from users page otherwise true
* @throws Exception
*/
+ @SuppressWarnings("unchecked")
protected void syncUserRoles(SessionFactory sessionFactory, String userId, Long appId,
- EcompRole[] userAppRoles, Boolean extRequestValue, String reqType) throws Exception {
+ EcompRole[] userAppRoles, Boolean extRequestValue, String reqType,boolean checkIfUserisRoleAdmin,EcompRole[] appRoles) throws Exception {
Session localSession = null;
Transaction transaction = null;
String roleActive = null;
final Map<String, String> userAppParams = new HashMap<>();
final Map<String, String> appParams = new HashMap<>();
HashMap<Long, EcompRole> newUserAppRolesMap = hashMapFromEcompRoles(userAppRoles);
-
+ List<EPRole> roleInfo = externalAccessRolesService.getPortalAppRoleInfo(PortalConstants.ACCOUNT_ADMIN_ROLE_ID);
+
+ EPRole adminRole = new EPRole();
+ if(roleInfo.size()>0)
+ {
+ adminRole = roleInfo.get(0);
+ logger.debug(EELFLoggerDelegate.debugLogger, "Admin RoleName form DB: " + adminRole.getName());
+ }
try {
localSession = sessionFactory.openSession();
transaction = localSession.beginTransaction();
@SuppressWarnings("unchecked")
List<EPUser> userList = localSession
- .createQuery("from " + EPUser.class.getName() + " where orgUserId='" + userId + "'").list();
+ .createQuery("from EPUser where orgUserId=:userId")
+ .setParameter("userId",userId)
+ .list();
if (userList.size() > 0) {
EPUser client = userList.get(0);
roleActive = ("DELETE".equals(reqType)) ? "" : " and role.active = 'Y'";
@SuppressWarnings("unchecked")
- List<EPUserApp> userRoles = localSession.createQuery("from " + EPUserApp.class.getName()
- + " where app.id=" + appId + roleActive + " and userId=" + client.getId()).list();
+ List<EPUserApp> userRoles = localSession.createQuery("from EPUserApp where app.id=:appId and userId=:userId" + roleActive)
+ .setParameter("appId",appId)
+ .setParameter("userId",client.getId())
+ .list();
if ("DELETE".equals(reqType)) {
for (EPUserApp userAppRoleList : userRoles) {
userAppParams.put("appId", String.valueOf(appId));
appParams.put("appRoleName", userAppRoleList.getRole().getName());
@SuppressWarnings("unchecked")
- List<EPRole> rolesList = (!userAppRoleList.getRole().getName().equals(PortalConstants.ADMIN_ROLE)) ? (List<EPRole>) dataAccessService.executeNamedQuery("getAppRoles", userAppParams, null) : (List<EPRole>) dataAccessService.executeNamedQuery("getPortalAppRoles", appParams, null);
+ List<EPRole> rolesList = (!userAppRoleList.getRole().getName().equals(adminRole.getName())) ? (List<EPRole>) dataAccessService.executeNamedQuery("getAppRoles", userAppParams, null) : (List<EPRole>) dataAccessService.executeNamedQuery("getPortalAppRoles", appParams, null);
if(rolesList.size() > 0 || !rolesList.isEmpty()){
checkIfRoleInactive(rolesList.get(0));
}
}
}
+
+ if (appRoles != null) {
+ List<EcompRole> appRolesList = Arrays.stream(appRoles).collect(Collectors.toList());
+ List<EPUserApp> finalUserRolesList = new ArrayList<>();
+ if (checkIfUserisRoleAdmin) {
+ for (EcompRole role : appRolesList) {
+ for (EPUserApp userAppRoleList : userRoles) {
+ if (userAppRoleList.getRole().getName().equals(role.getName()))
+
+ {
+ finalUserRolesList.add(userAppRoleList);
+ }
+ }
+ }
+ userRoles = new ArrayList<>();
+ userRoles.addAll(finalUserRolesList);
+ }
+ }
+
for (EPUserApp userRole : userRoles) {
if (!userRole.getRoleId().equals(PortalConstants.ACCOUNT_ADMIN_ROLE_ID) && userRole.getRoleId() != PortalConstants.SYS_ADMIN_ROLE_ID && !extRequestValue){
syncUserRolesExtension(userRole, appId, localSession, userAppRoles, newUserAppRolesMap);
syncUserRolesExtension(userRole, appId, localSession, userAppRoles, newUserAppRolesMap);
}
}
+
+
Collection<EcompRole> newRolesToAdd = newUserAppRolesMap.values();
if (newRolesToAdd.size() > 0) {
EPApp app = (EPApp) localSession.get(EPApp.class, appId);
} else { // remote app
@SuppressWarnings("unchecked")
List<EPRole> roles = localSession
- .createQuery("from " + EPRole.class.getName() + " where appId=" + appId).list();
+ .createQuery("from EPRole where appId=:appId")
+ .setParameter("appId",appId)
+ .list();
for (EPRole role : roles) {
- if (!extRequestValue && app.getCentralAuth()) {
+ if (!extRequestValue && app.getRolesInAAF()) {
rolesMap.put(role.getId(), role);
} else {
rolesMap.put(role.getAppRoleId(), role);
EPRole role = null;
for (EcompRole userRole : newRolesToAdd) {
EPUserApp userApp = new EPUserApp();
- if (("PUT".equals(reqType) || "POST".equals(reqType)) && userRole.getName().equals(PortalConstants.ADMIN_ROLE)) {
+ if (("PUT".equals(reqType) || "POST".equals(reqType)) && userRole.getName().equals(adminRole.getName())) {
role = (EPRole) localSession.get(EPRole.class, new Long(PortalConstants.ACCOUNT_ADMIN_ROLE_ID));
userApp.setRole(role);
} else if ((userRole.getId().equals(PortalConstants.ACCOUNT_ADMIN_ROLE_ID)) && !extRequestValue){
transaction = localSession.beginTransaction();
// Attention! All roles from remote application supposed to be
// active!
+
@SuppressWarnings("unchecked")
- List<EPRole> currentAppRoles = localSession
- .createQuery("from " + EPRole.class.getName() + " where appId=" + appId).list();
+ List<EPRole> currentAppRoles = localSession.createQuery("from EPRole where appId = :appId")
+ .setParameter("appId",appId)
+ .list();
+
List<EPRole> obsoleteRoles = new ArrayList<EPRole>();
for (int i = 0; i < currentAppRoles.size(); i++) {
EPRole oldAppRole = currentAppRoles.get(i);
// Delete from fn_user_role
@SuppressWarnings("unchecked")
List<EPUserApp> userRoles = localSession.createQuery(
- "from " + EPUserApp.class.getName() + " where app.id=" + appId + " and role_id=" + roleId)
+ "from EPUserApp where app.id=:appId and role_id=:roleId")
+ .setParameter("appId",appId)
+ .setParameter("roleId",roleId)
.list();
logger.debug(EELFLoggerDelegate.debugLogger, "syncAppRoles: number of userRoles to delete: " + userRoles.size());
// Delete from fn_menu_functional_roles
@SuppressWarnings("unchecked")
List<FunctionalMenuRole> funcMenuRoles = localSession
- .createQuery("from " + FunctionalMenuRole.class.getName() + " where roleId=" + roleId)
+ .createQuery("from FunctionalMenuRole where roleId=:roleId")
+ .setParameter("roleId",roleId)
.list();
int numMenuRoles = funcMenuRoles.size();
logger.debug(EELFLoggerDelegate.debugLogger,
// so must null out the url too, to be consistent
@SuppressWarnings("unchecked")
List<FunctionalMenuRole> funcMenuRoles2 = localSession
- .createQuery("from " + FunctionalMenuRole.class.getName() + " where menuId=" + menuId)
+ .createQuery("from FunctionalMenuRole where menuId=:menuId")
+ .setParameter("menuId",menuId)
.list();
int numMenuRoles2 = funcMenuRoles2.size();
logger.debug(EELFLoggerDelegate.debugLogger,
"syncAppRoles: There is exactly 1 menu item for this role, so emptying the url");
@SuppressWarnings("unchecked")
List<FunctionalMenuItem> funcMenuItems = localSession
- .createQuery(
- "from " + FunctionalMenuItem.class.getName() + " where menuId=" + menuId)
+ .createQuery("from FunctionalMenuItem where menuId=:menuId")
+ .setParameter("menuId",menuId)
.list();
if (funcMenuItems.size() > 0) {
logger.debug(EELFLoggerDelegate.debugLogger, "got the menu item");
result = new RolesInAppForUser();
result.appId = appId;
result.orgUserId = userId;
+
for (EcompRole role : userRolesInRemoteApp) {
RoleInAppForUser roleInAppForUser = new RoleInAppForUser();
roleInAppForUser.roleId = role.getId();
* @throws HTTPException
*/
protected Set<EcompRole> postUsersRolesToRemoteApp(List<RoleInAppForUser> roleInAppForUserList, ObjectMapper mapper,
- ApplicationsRestClientService applicationsRestClientService, Long appId, String userId)
+ ApplicationsRestClientService applicationsRestClientService, Long appId, String userId,boolean systemUser)
throws JsonProcessingException, HTTPException {
Set<EcompRole> updatedUserRolesinRemote = constructUsersRemoteAppRoles(roleInAppForUserList);
Set<EcompRole> updateUserRolesInEcomp = constructUsersEcompRoles(roleInAppForUserList);
* set to false if requests from Users page otherwise true
* @return true on success, false otherwise
*/
- protected boolean applyChangesInUserRolesForAppToEcompDB(RolesInAppForUser rolesInAppForUser, boolean externalSystemRequest, String reqType) throws Exception {
+ protected boolean applyChangesInUserRolesForAppToEcompDB(RolesInAppForUser rolesInAppForUser, boolean externalSystemRequest, String reqType,boolean isSystemUser,Set<EcompRole> rolesDeletedByApprover ,boolean isLoggedInUserRoleAdminOfApp ) throws Exception {
boolean result = false;
String userId = rolesInAppForUser.orgUserId;
Long appId = rolesInAppForUser.appId;
synchronized (syncRests) {
if (rolesInAppForUser != null) {
- createLocalUserIfNecessary(userId);
+ createLocalUserIfNecessary(userId, isSystemUser);
}
if (rolesInAppForUser != null) {
userAppRoles[i] = role;
}
try {
- syncUserRoles(sessionFactory, userId, appId, userAppRoles, externalSystemRequest, reqType);
+ EcompRole[] applicationRoles = null;
+
+ if(isLoggedInUserRoleAdminOfApp){
+ List<EcompRole> roles = Arrays.stream(userAppRoles).collect(Collectors.toList());
+ List<EcompRole> roles1 = rolesDeletedByApprover.stream().collect(Collectors.toList());
+ roles.addAll(roles1);
+ applicationRoles = roles.stream().toArray(n -> new EcompRole[n]);
+ }
+
+ syncUserRoles(sessionFactory, userId, appId, userAppRoles, externalSystemRequest, reqType,isLoggedInUserRoleAdminOfApp,applicationRoles);
result = true;
} catch (Exception e) {
logger.error(EELFLoggerDelegate.errorLogger,
return addRemoteUser;
}
+ @SuppressWarnings("unchecked")
protected void pushUserOnRemoteApp(String userId, EPApp app,
ApplicationsRestClientService applicationsRestClientService, SearchService searchService,
ObjectMapper mapper, boolean postOpenSource, List<RoleInAppForUser> roleInAppForUserList,boolean appRoleIdUsed) throws Exception {
- EPUser client = searchService.searchUserByUserId(userId);
+ EPUser client = null;
+ client = searchService.searchUserByUserId(userId);
- mapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
-
- if (client == null) {
- String msg = "cannot create user " + userId + ", because he/she cannot be found in phonebook.";
- logger.error(EELFLoggerDelegate.errorLogger, msg);
- throw new Exception(msg);
- }
+ mapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
+ if (client == null) {
+ String msg = "cannot create user " + userId + ", because he/she cannot be found in directory.";
+ logger.error(EELFLoggerDelegate.errorLogger, msg);
+ // throw new Exception(msg);
+ final Map<String, String> loginIdParams = new HashMap<>();
+ loginIdParams.put("orgUserIdValue", userId);
+ List<EPUser> userList = new ArrayList<>();
+ userList = dataAccessService.executeNamedQuery("epUserAppId", loginIdParams, null);
+ if (userList.size() > 0) {
+ logger.debug(EELFLoggerDelegate.debugLogger,
+ userList.get(0).getOrgUserId() + " User was found in Portal");
+ client = userList.get(0);
+ SortedSet<EPUserApp> userApps = new TreeSet<>();
+ client.setEPUserApps(userApps);
+ client.setSystemUser(false);
+ } else {
+ logger.error(EELFLoggerDelegate.errorLogger, "user cannot be found be in directory or in portal");
+ throw new Exception(msg);
+ }
+ }
+
client.setLoginId(userId);
- client.setActive(true);
+ client.setActive(true);
+ client.setOrgUserId(userId);
+
+
roleInAppForUserList.removeIf(role -> role.isApplied.equals(false));
SortedSet<Role> roles = new TreeSet<>();
boolean epRequestValue = false;
String userId = "";
String reqMessage = "";
- if (newAppRolesForUser != null && newAppRolesForUser.orgUserId != null) {
- userId = newAppRolesForUser.orgUserId.trim();
+ if (newAppRolesForUser != null && newAppRolesForUser.getOrgUserId() != null) {
+ userId = newAppRolesForUser.getOrgUserId().trim();
}
- Long appId = newAppRolesForUser.appId;
- List<RoleInAppForUser> roleInAppForUserList = newAppRolesForUser.appRoles;
- if (userId.length() > 0) {
+ Long appId = newAppRolesForUser.getAppId();
+ List<RoleInAppForUser> roleInAppForUserList = newAppRolesForUser.getAppRoles();
+
+
+
+ if (userId.length() > 0 ) {
ObjectMapper mapper = new ObjectMapper();
mapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
try {
EPApp app = appsService.getApp(appId);
+
+ boolean checkIfUserisApplicationAccAdmin = adminRolesService.isAccountAdminOfApplication(user,
+ app);
+ Set<EcompRole> rolesGotDeletedFromApprover = new TreeSet<EcompRole>();
+
+ boolean checkIfUserisOnlyRoleAdmin = adminRolesService.isRoleAdmin(user) && !checkIfUserisApplicationAccAdmin;
+ if (checkIfUserisOnlyRoleAdmin) {
+ for (RoleInAppForUser roleInAppForUser : roleInAppForUserList) {
+ if (!roleInAppForUser.isApplied) {
+ EcompRole ecompRole = new EcompRole();
+ ecompRole.setId(roleInAppForUser.roleId);
+ ecompRole.setName(roleInAppForUser.roleName);
+ rolesGotDeletedFromApprover.add(ecompRole);
+ }
+ }
+ }
applyChangesToUserAppRolesForMyLoginsRequest(user, appId);
- // if centralized app
- if (app.getCentralAuth()) {
- if (!app.getId().equals(PortalConstants.PORTAL_APP_ID)) {
+ Boolean systemUser = (newAppRolesForUser.getIsSystemUser() != null ? newAppRolesForUser.getIsSystemUser() : false);
+
+ if ((app.getRolesInAAF() || app.getId().equals(PortalConstants.PORTAL_APP_ID)) && systemUser) {
+
+ Set<EcompRole> userRolesInLocalApp = postUsersRolesToLocalApp(roleInAppForUserList, mapper,
+ applicationsRestClientService, appId, userId);
+ RolesInAppForUser rolesInAppForUser = constructRolesInAppForUserUpdate(userId, appId,
+ userRolesInLocalApp);
+ List<RoleInAppForUser> roleAppUserList = rolesInAppForUser.roles;
+ Set<EcompRole> rolesGotDeletedByApprover = new TreeSet<>();
+ if (EcompPortalUtils.checkIfRemoteCentralAccessAllowed()) {
+ // Apply changes in external Access system
+
+ updateUserRolesInExternalSystem(app, rolesInAppForUser.orgUserId, roleAppUserList,
+ epRequestValue, systemUser,rolesGotDeletedByApprover,false);
+ }
+ result = applyChangesInUserRolesForAppToEcompDB(rolesInAppForUser, epRequestValue, "Portal",
+ systemUser,rolesGotDeletedByApprover,false);
+
+ }else if (!app.getRolesInAAF() && systemUser)
+ {
+ throw new Exception("For non-centralized application we cannot add systemUser");
+ }
+ else{ // if centralized app
+ if (app.getRolesInAAF()) {
+
+ if (!app.getId().equals(PortalConstants.PORTAL_APP_ID) && (app.getAppAck() != null && app.getAppAck())) {
+ logger.debug(EELFLoggerDelegate.debugLogger,"setAppWithUserRoleStateForUser: calling pushRemoteUser method for Central application");
+ logger.debug(EELFLoggerDelegate.debugLogger,"setAppWithUserRoleStateForUser:"+app.getAppAck());
pushRemoteUser(roleInAppForUserList, userId, app, mapper, searchService,
applicationsRestClientService,false);
}
userRolesInLocalApp);
List<RoleInAppForUser> roleAppUserList = rolesInAppForUser.roles;
if (EcompPortalUtils.checkIfRemoteCentralAccessAllowed()) {
- // Apply changes in external Access system
+
+ // Apply changes in external Access system
updateUserRolesInExternalSystem(app, rolesInAppForUser.orgUserId, roleAppUserList,
- epRequestValue);
+ epRequestValue,false,rolesGotDeletedFromApprover,checkIfUserisOnlyRoleAdmin);
}
- result = applyChangesInUserRolesForAppToEcompDB(rolesInAppForUser, epRequestValue, "Portal");
+ result = applyChangesInUserRolesForAppToEcompDB(rolesInAppForUser, epRequestValue, "Portal", systemUser,rolesGotDeletedFromApprover,checkIfUserisOnlyRoleAdmin);
}
// In case if portal is not centralized then follow existing approach
- else if(!app.getCentralAuth() && app.getId().equals(PortalConstants.PORTAL_APP_ID)){
+ else if(!app.getRolesInAAF() && app.getId().equals(PortalConstants.PORTAL_APP_ID)){
Set<EcompRole> userRolesInLocalApp = postUsersRolesToLocalApp(roleInAppForUserList, mapper,
applicationsRestClientService, appId, userId);
RolesInAppForUser rolesInAppForUser = constructRolesInAppForUserUpdate(userId, appId,
userRolesInLocalApp);
- result = applyChangesInUserRolesForAppToEcompDB(rolesInAppForUser, epRequestValue, "Portal");
+ Set<EcompRole> rolesGotDeletedByApprover = new TreeSet<>();
+ result = applyChangesInUserRolesForAppToEcompDB(rolesInAppForUser, epRequestValue, "Portal",false,rolesGotDeletedByApprover,false);
} else{// remote app
EPUser remoteAppUser = null;
- if(!app.getCentralAuth() && !app.getId().equals(PortalConstants.PORTAL_APP_ID)){
+ if(!app.getRolesInAAF() && !app.getId().equals(PortalConstants.PORTAL_APP_ID)){
remoteAppUser = checkIfRemoteUserExits(userId, app, applicationsRestClientService);
remoteAppUser = addRemoteUser(roleInAppForUserList, userId, app, mapper, searchService, applicationsRestClientService);
}
Set<EcompRole> userRolesInRemoteApp = postUsersRolesToRemoteApp(roleInAppForUserList, mapper,
- applicationsRestClientService, appId, userId);
+ applicationsRestClientService, appId, userId,systemUser);
RolesInAppForUser rolesInAppForUser = constructRolesInAppForUserUpdate(userId, appId,
userRolesInRemoteApp);
- result = applyChangesInUserRolesForAppToEcompDB(rolesInAppForUser, epRequestValue, null);
+ Set<EcompRole> rolesGotDeletedByApprover = new TreeSet<>();
+ result = applyChangesInUserRolesForAppToEcompDB(rolesInAppForUser, epRequestValue, null,false,rolesGotDeletedByApprover,false);
// If no roles remain, request app to set user inactive.
if (userRolesInRemoteApp.size() == 0) {
}
}
}
+ }
} catch (Exception e) {
/*String message = String.format(
"Failed to create user or update user roles for User %s, AppId %s",
* @param roleInAppUser Contains list of active roles
*/
@SuppressWarnings("unchecked")
- private void updateUserRolesInExternalSystem(EPApp app, String orgUserId, List<RoleInAppForUser> roleInAppUser, boolean isPortalRequest) throws Exception
+ private void updateUserRolesInExternalSystem(EPApp app, String orgUserId, List<RoleInAppForUser> roleInAppUser, boolean isPortalRequest,boolean nonHumanUserId,Set<EcompRole> deletedRolesByApprover,boolean isLoggedInUserRoleAdminofApp) throws Exception
{
try {
// check if user exists
userParams.put("orgUserIdValue", orgUserId);
List<EPUser> userInfo = checkIfUserExists(userParams);
if (userInfo.isEmpty()) {
- createLocalUserIfNecessary(orgUserId);
+ createLocalUserIfNecessary(orgUserId, nonHumanUserId);
}
String name = "";
if (EPCommonSystemProperties
- .containsProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_USER_DOMAIN)) {
- name = orgUserId
- + SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_USER_DOMAIN);
+ .containsProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_USER_DOMAIN) && !nonHumanUserId) {
+ if(orgUserId.indexOf("@") ==-1) {
+ name = orgUserId + SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_USER_DOMAIN);
+ }else {
+ name = orgUserId;
+ }
+ } else {
+ name = orgUserId;
+ if(nonHumanUserId && orgUserId!=null) {
+ if(orgUserId.indexOf("@") ==-1) {
+ name = orgUserId + SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_USER_DOMAIN);
+ }
+ }
}
ObjectMapper mapper = new ObjectMapper();
HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth();
HttpEntity<String> getUserRolesEntity = new HttpEntity<>(headers);
ResponseEntity<String> getResponse = externalAccessRolesService.getUserRolesFromExtAuthSystem(name, getUserRolesEntity);
+
+
List<ExternalAccessUserRoleDetail> userRoleDetailList = new ArrayList<>();
String res = getResponse.getBody();
JSONObject jsonObj = null;
List<ExternalAccessUserRoleDetail> userRoleListMatchingInExtAuthAndLocal = CheckIfRoleAreMatchingInUserRoleDetailList(userRoleDetailList,app);
+ List<EcompUserAppRoles> userAppList = new ArrayList<>();
// If request coming from portal not from external role approval system then we have to check if user already
// have account admin or system admin as GUI will not send these roles
if (!isPortalRequest) {
final Map<String, Long> params = new HashMap<>();
params.put("appId", app.getId());
params.put("userId", user.getId());
- List<EcompUserAppRoles> userAppList = dataAccessService.executeNamedQuery("getUserAppExistingRoles",
+ userAppList = dataAccessService.executeNamedQuery("getUserAppExistingRoles",
params, null);
if (!roleInAppUser.isEmpty()) {
for (EcompUserAppRoles userApp : userAppList) {
}
List<RoleInAppForUser> roleInAppUserNonDupls = roleInAppUser.stream().distinct()
.collect(Collectors.toList());
- final Map<String, RoleInAppForUser> currentUserRolesToUpdate = new HashMap<>();
+ Map<String, RoleInAppForUser> currentUserRolesToUpdate = new HashMap<>();
for (RoleInAppForUser roleInAppUserNew : roleInAppUserNonDupls) {
currentUserRolesToUpdate.put(roleInAppUserNew.getRoleName().replaceAll(EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_"), roleInAppUserNew);
}
for (ExternalAccessUserRoleDetail extAccessUserRole : userRoleListMatchingInExtAuthAndLocal) {
currentUserRolesInExternalSystem.put(extAccessUserRole.getName(), extAccessUserRole);
}
+
+ if (isLoggedInUserRoleAdminofApp) {
+ if (deletedRolesByApprover.size() > 0) {
+ List<ExternalAccessUserRoleDetail> newUpdatedRoles = new ArrayList<>();
+ Set<EcompRole> roles = new HashSet<>();
+ for (ExternalAccessUserRoleDetail userRole : userRoleListMatchingInExtAuthAndLocal) {
+ for (EcompRole role : deletedRolesByApprover) {
+ if ((userRole.getName().substring(app.getNameSpace().length() + 1)).equals(role.getName())) {
+ roles.add(role);
+ newUpdatedRoles.add(userRole);
+ }
+ }
+ }
+ if (newUpdatedRoles.size() > 0) {
+ userRoleListMatchingInExtAuthAndLocal = new ArrayList<>();
+ userRoleListMatchingInExtAuthAndLocal.addAll(newUpdatedRoles);
+ } else {
+ userRoleListMatchingInExtAuthAndLocal = new ArrayList<>();
+ currentUserRolesToUpdate = new HashMap<>();
+
+ }
+
+ } else {
+ userRoleListMatchingInExtAuthAndLocal = new ArrayList<>();
+ currentUserRolesToUpdate = new HashMap<>();
+
+ }
+ }
+
// Check if user roles does not exists in local but still there in External Central Auth System delete them all
for (ExternalAccessUserRoleDetail userRole : userRoleListMatchingInExtAuthAndLocal) {
if (!(currentUserRolesToUpdate
for (RoleInAppForUser addUserRole : roleInAppUserNonDupls) {
if (!(currentUserRolesInExternalSystem
.containsKey(app.getNameSpace() + "." + addUserRole.getRoleName().replaceAll(EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_")))) {
- ExternalAccessUser extUser = new ExternalAccessUser(name,
+ ExternalAccessUser extUser = new ExternalAccessUser(name,
app.getNameSpace() + "." + addUserRole.getRoleName().replaceAll(EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_"));
String formattedUserRole = mapper.writeValueAsString(extUser);
HttpEntity<String> entity = new HttpEntity<>(formattedUserRole, headers);
}
}
}
- } catch (Exception e) {
+ } catch (HttpClientErrorException e) {
+ logger.error(EELFLoggerDelegate.errorLogger,
+ "updateUserRolesInExternalSystem: Failed to add user role for application {} due to {}",
+ app.getId(), e);
+ if (e.getStatusCode() == HttpStatus.FORBIDDEN) {
+ logger.error(EELFLoggerDelegate.errorLogger, "Please enter the valid systemUser", orgUserId);
+ throw new HttpClientErrorException(HttpStatus.FORBIDDEN, "Please enter the valid systemUser");
+ }
+ if (e.getStatusCode() == HttpStatus.NOT_FOUND) {
+ logger.error(EELFLoggerDelegate.errorLogger, "Please enter the valid role");
+ throw new HttpClientErrorException(HttpStatus.NOT_FOUND, "Please enter the valid role");
+ }
+ EPLogUtil.logExternalAuthAccessAlarm(logger, HttpStatus.BAD_REQUEST);
+ throw e;
+ }
+
+ catch (Exception e) {
logger.error(EELFLoggerDelegate.errorLogger, "updateUserRolesInExternalSystem: Failed to add user role for application {} due to {}", app.getId(), e);
EPLogUtil.logExternalAuthAccessAlarm(logger, HttpStatus.BAD_REQUEST);
throw e;
}
//If Non-Centralized app make sure you sync app roles before assigning to user
- if (!app.getId().equals(PortalConstants.PORTAL_APP_ID) && !app.getCentralAuth()) {
+ if (!app.getId().equals(PortalConstants.PORTAL_APP_ID) && !app.getRolesInAAF()) {
logger.debug(EELFLoggerDelegate.debugLogger, "setExternalRequestUserAppRole: Starting GET roles for app {}",app.getId());
EcompRole[] appRoles = applicationsRestClientService.get(EcompRole[].class, app.getId(), "/roles");
logger.debug(EELFLoggerDelegate.debugLogger, "setExternalRequestUserAppRole: Finshed GET roles for app {} and payload {}",app.getId(), appRoles);
.anyMatch(roleList -> roleList.getRoleId().equals(PortalConstants.ACCOUNT_ADMIN_ROLE_ID));
}
// if Centralized app
- if (app.getCentralAuth()) {
+ if (app.getRolesInAAF()) {
// We should add If user does not exist in remote application
try {
// If adding just account admin role dont make remote application user call or
RolesInAppForUser rolesInAppForUser = constructRolesInAppForUserUpdate(orgUserId, app.getId(),
userRolesInLocalApp);
List<RoleInAppForUser> roleAppUserList = rolesInAppForUser.roles;
+ Set<EcompRole> rolesGotDeletedByApprover = new TreeSet<>();
+
if(EcompPortalUtils.checkIfRemoteCentralAccessAllowed()) {
// Apply changes in external Access system
- updateUserRolesInExternalSystem(app, rolesInAppForUser.orgUserId, roleAppUserList, externalSystemRequest);
+ updateUserRolesInExternalSystem(app, rolesInAppForUser.orgUserId, roleAppUserList, externalSystemRequest,false,rolesGotDeletedByApprover,false);
}
logger.info(EELFLoggerDelegate.debugLogger, "setExternalRequestUserAppRole: {} user app roles: for app {}, user {}", logMessage,
newAppRolesForUser.getApplicationName(), newAppRolesForUser.getLoginId());
- result = applyChangesInUserRolesForAppToEcompDB(rolesInAppForUser, externalSystemRequest, reqType);
+ result = applyChangesInUserRolesForAppToEcompDB(rolesInAppForUser, externalSystemRequest, reqType,false,rolesGotDeletedByApprover,false);
}
// If local application is not centralized
- else if(!app.getCentralAuth() && app.getId().equals(PortalConstants.PORTAL_APP_ID)){
+ else if(!app.getRolesInAAF() && app.getId().equals(PortalConstants.PORTAL_APP_ID)){
Set<EcompRole> userRolesInLocalApp = postUsersRolesToLocalApp(roleInAppForUserList, mapper,
applicationsRestClientService, app.getId(), orgUserId);
RolesInAppForUser rolesInAppForUser = constructRolesInAppForUserUpdate(orgUserId, app.getId(),
userRolesInLocalApp);
- result = applyChangesInUserRolesForAppToEcompDB(rolesInAppForUser, externalSystemRequest, reqType);
+ Set<EcompRole> rolesGotDeletedByApprover = new TreeSet<>();
+
+ result = applyChangesInUserRolesForAppToEcompDB(rolesInAppForUser, externalSystemRequest, reqType,false,rolesGotDeletedByApprover,false);
} else {// remote app
// If adding just account admin role don't do remote application user call
if (!((roleInAppForUserList.size() == 1 || reqType.equals("DELETE")) && checkIfAdminRoleExists)) {
}
Set<EcompRole> userRolesInRemoteApp = postUsersRolesToRemoteApp(roleInAppForUserList, mapper,
- applicationsRestClientService, app.getId(), orgUserId);
+ applicationsRestClientService, app.getId(), orgUserId,false);
RolesInAppForUser rolesInAppForUser = constructRolesInAppForUserUpdate(orgUserId, app.getId(),
userRolesInRemoteApp);
logger.info(EELFLoggerDelegate.debugLogger,
"setExternalRequestUserAppRole: {} user app roles: for app {}, user {}", logMessage,
newAppRolesForUser.getApplicationName(), newAppRolesForUser.getLoginId());
+ Set<EcompRole> rolesGotDeletedByApprover = new TreeSet<>();
+
result = applyChangesInUserRolesForAppToEcompDB(rolesInAppForUser, externalSystemRequest,
- reqType);
+ reqType,false,rolesGotDeletedByApprover,false);
// If no roles remain, request app to set user inactive.
/*
* if (userRolesInRemoteApp.size() == 0) {
userRolesInRemoteApp);
logger.info(EELFLoggerDelegate.debugLogger, "setExternalRequestUserAppRole: {} user app roles: for app {}, user {}",
logMessage, newAppRolesForUser.getApplicationName(), newAppRolesForUser.getLoginId());
+ Set<EcompRole> rolesGotDeletedByApprover = new TreeSet<>();
+
result = applyChangesInUserRolesForAppToEcompDB(rolesInAppForUser, externalSystemRequest,
- reqType);
+ reqType,false,rolesGotDeletedByApprover,false);
}
if(!result){
reqMessage = "Failed to save the user app role(s)";
roleInAppForUserList);
throw new Exception(roleInAppForUser.getRoleName() + " role is unavailable for "+ appName + " application");
} else {
- ecompRole.roleId = (appId == 1 || roleInAppForUser.getRoleName().equals(PortalConstants.ADMIN_ROLE)) ? existingAppRole.getId() : existingAppRole.getAppRoleId();
+
+ List<EPRole> roleInfo = externalAccessRolesService.getPortalAppRoleInfo(PortalConstants.ACCOUNT_ADMIN_ROLE_ID);
+ EPRole adminRole = new EPRole();
+ if(roleInfo.size()>0)
+ {
+ adminRole = roleInfo.get(0);
+ logger.debug(EELFLoggerDelegate.debugLogger, "Admin RoleName form DB: " + adminRole.getName());
+ }
+ ecompRole.roleId = (appId == 1 || roleInAppForUser.getRoleName().equals(adminRole.getName())) ? existingAppRole.getId() : existingAppRole.getAppRoleId();
ecompRole.roleName = roleInAppForUser.getRoleName();
ecompRole.isApplied = true;
existingUserRoles.add(ecompRole);
// for onap portal app, no need to make a remote call
List<Role> roleList = new ArrayList<>();
if (appId == PortalConstants.PORTAL_APP_ID) {
- if(app.getCentralAuth()){
+ if(app.getRolesInAAF()){
List<CentralV2Role> cenRoleList = externalAccessRolesService.getRolesForApp(app.getUebKey());
for(CentralV2Role cenRole : cenRoleList){
Role role = new Role();
}
EcompRole[] appRoles = null;
+ boolean checkIfUserisApplicationAccAdmin = false;
List<EcompRole> roles = new ArrayList<>();
- if (app.getCentralAuth()) {
+ if (app.getRolesInAAF()) {
final Map<String, Long> appParams = new HashMap<>();
appParams.put("appId", app.getId());
List<EPRole> applicationRoles = dataAccessService.executeNamedQuery("getActiveRolesOfApplication",
appParams, null);
EPApp application = appService.getApp(appId);
- boolean checkIfUserisApplicationAccAdmin = adminRolesService.isAccountAdminOfApplication(user,
+ checkIfUserisApplicationAccAdmin = adminRolesService.isAccountAdminOfApplication(user,
application);
List<EPRole> rolesetwithfunctioncds = new ArrayList<EPRole>();
// If there is an exception in the rest client api, then null will
// be returned.
if (appRoles != null) {
- if(!app.getCentralAuth()) {
+ if(!app.getRolesInAAF()) {
syncAppRoles(sessionFactory, appId, appRoles);
}
EcompRole[] userAppRoles = null;
try {
try {
- if(app.getCentralAuth()){
+ if(app.getRolesInAAF()){
final Map<String, String> params = new HashMap<>();
final Map<String, Long> userParams = new HashMap<>();
params.put("orgUserIdValue", userId);
EcompRole epRole = appRolesList.stream()
.filter(x -> role.getName().equals(x.getName())).findAny().orElse(null);
List<RoleFunction> roleFunList = new ArrayList<>();
- if(epRole.getRoleFunctions().size()>0)
- roleFunList.addAll(epRole.getRoleFunctions());
- boolean checkIfFunctionsExits = roleFunList.stream().anyMatch(
- roleFunction -> roleFunction.getType().equalsIgnoreCase("Approver"));
- if (checkIfFunctionsExits) {
- finalUserAppRolesList.add(role);
- List<RoleFunction> filteredList = roleFunList.stream()
- .filter(x -> "Approver".equalsIgnoreCase(x.getType()))
- .collect(Collectors.toList());
- roleNames = filteredList.stream().map(RoleFunction::getCode)
- .collect(Collectors.toList());
+
+ if (epRole != null) {
+ if (epRole.getRoleFunctions().size() > 0)
+ roleFunList.addAll(epRole.getRoleFunctions());
+ boolean checkIfFunctionsExits = roleFunList.stream().anyMatch(
+ roleFunction -> roleFunction.getType().equalsIgnoreCase("Approver"));
+ if (checkIfFunctionsExits) {
+ finalUserAppRolesList.add(role);
+ List<RoleFunction> filteredList = roleFunList.stream()
+ .filter(x -> "Approver".equalsIgnoreCase(x.getType()))
+ .collect(Collectors.toList());
+ roleNames = filteredList.stream().map(RoleFunction::getCode)
+ .collect(Collectors.toList());
+ }else{
+ roleNames.add(epRole.getName());
+ }
}
-
for (String name : roleNames) {
EcompRole ecompRole = appRolesList.stream()
.filter(x -> name.equals(x.getName())).findAny().orElse(null);
}
EcompRole[] userAppRolesActive = activeRoles.toArray(new EcompRole[activeRoles.size()]);
+
+ boolean checkIfUserisRoleAdmin = adminRolesService.isRoleAdmin(user) && !checkIfUserisApplicationAccAdmin;
+
// If the remote application isn't down we MUST sync user
// roles here in case we have this user here!
- syncUserRoles(sessionFactory, userId, appId, userAppRolesActive, extRequestValue, null);
+ syncUserRoles(sessionFactory, userId, appId, userAppRolesActive, extRequestValue, null,checkIfUserisRoleAdmin,appRoles);
} catch (Exception e) {
// TODO: we may need to check if user exists, maybe remote
// app is down.
List<EPUserAppRoles> appRole= null;
try {
logger.error(EELFLoggerDelegate.errorLogger,"Should not be reached here, still the endpoint is yet to be defined");
- boolean result = postUserRolesToMylogins(userAppRolesData, applicationsRestClientService, userAppRolesData.appId, user.getId());
+ boolean result = postUserRolesToMylogins(userAppRolesData, applicationsRestClientService,
+ userAppRolesData.getAppId(), user.getId());
logger.debug(EELFLoggerDelegate.debugLogger,"putUserAppRolesRequest: result {}", result);
- params.put("appId", userAppRolesData.appId);
+ params.put("appId", userAppRolesData.getAppId());
EPUserAppRolesRequest epAppRolesRequestData = new EPUserAppRolesRequest();
epAppRolesRequestData.setCreatedDate(new Date());
epAppRolesRequestData.setUpdatedDate(new Date());
epAppRolesRequestData.setUserId(user.getId());
- epAppRolesRequestData.setAppId(userAppRolesData.appId);
+ epAppRolesRequestData.setAppId(userAppRolesData.getAppId());
epAppRolesRequestData.setRequestStatus("P");
- List<RoleInAppForUser> appRoleIdList = userAppRolesData.appRoles;
+ List<RoleInAppForUser> appRoleIdList = userAppRolesData.getAppRoles();
Set<EPUserAppRolesRequestDetail> appRoleDetails = new LinkedHashSet<EPUserAppRolesRequestDetail>();
dataAccessService.saveDomainObject(epAppRolesRequestData, null);
for (RoleInAppForUser userAppRoles : appRoleIdList) {
EPApp app = appsService.getApp(appId);
//If local or centralized application
- if (appId == PortalConstants.PORTAL_APP_ID || app.getCentralAuth()) {
+ if (appId == PortalConstants.PORTAL_APP_ID || app.getRolesInAAF()) {
+ Map<String, Object> params = new HashMap<>();
+ params.put("id", app.getId());
+ params.put("active", true);
@SuppressWarnings("unchecked")
- List<EPUser> userList = (List<EPUser>) dataAccessService.executeNamedQuery("getActiveUsers", null, null);
+ //List<EPUser> userList = (List<EPUser>) dataAccessService.executeNamedQuery("getActiveUsers", null, null);
+ //List<Object[]> userList = (List<Object[]>) dataAccessService.executeNamedQuery("getActiveUsersForApp", params, null);
+ List<EPUser> userList = (List<EPUser>) dataAccessService.executeNamedQuery("getActiveUsersForApp", params, null);
for (EPUser user : userList) {
- UserApplicationRoles userWithAppRoles = convertToUserApplicationRoles(appId, user, app);
+ UserApplicationRoles userWithAppRoles = convertToUserApplicationRoles(user, app.getId());
if (userWithAppRoles.getRoles() != null && userWithAppRoles.getRoles().size() > 0)
userApplicationRoles.add(userWithAppRoles);
}
return userApplicationRoles;
}
+ /**
+ *
+ * @param user
+ * @param app_id
+ * @return
+ */
+ private UserApplicationRoles convertToUserApplicationRoles(EPUser user, Long appId) {
+ UserApplicationRoles userWithRemoteAppRoles = new UserApplicationRoles();
+ userWithRemoteAppRoles.setAppId(appId);
+ userWithRemoteAppRoles.setOrgUserId(user.getOrgUserId());
+ userWithRemoteAppRoles.setFirstName(user.getFirstName());
+ userWithRemoteAppRoles.setLastName(user.getLastName());
+ List<RemoteRole> roleList = new ArrayList<RemoteRole>();
+ for(EPUserApp userApp :user.getEPUserApps()) {
+ RemoteRole remoteRole = new RemoteRole();
+ remoteRole.setName(userApp.getRole().getName());
+ remoteRole.setId(userApp.getRole().getId());
+ roleList.add(remoteRole);
+ }
+ userWithRemoteAppRoles.setRoles(roleList);
+ return userWithRemoteAppRoles;
+ }
+
/**
*
* @param appId