* ============LICENSE_START==========================================
* ONAP Portal
* ===================================================================
- * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+ * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved.
* ===================================================================
*
* Unless otherwise specified, all software contained herein is licensed
*
* ============LICENSE_END============================================
*
- * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+ *
*/
package org.onap.portalapp.portal.service;
import org.onap.portalapp.portal.transport.FunctionalMenuItem;
import org.onap.portalapp.portal.transport.FunctionalMenuRole;
import org.onap.portalapp.portal.transport.RemoteRole;
+import org.onap.portalapp.portal.transport.RemoteRoleV1;
import org.onap.portalapp.portal.transport.RemoteUserWithRoles;
import org.onap.portalapp.portal.transport.RoleInAppForUser;
import org.onap.portalapp.portal.transport.RolesInAppForUser;
import org.onap.portalapp.portal.utils.EPCommonSystemProperties;
import org.onap.portalapp.portal.utils.EcompPortalUtils;
import org.onap.portalapp.portal.utils.PortalConstants;
+import org.onap.portalapp.util.SystemType;
import org.onap.portalsdk.core.domain.Role;
import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
import org.onap.portalsdk.core.restful.domain.EcompRole;
@Autowired
private ExternalAccessRolesService externalAccessRolesService;
+ @Autowired
+ private AppsCacheService appsCacheService;
+
RestTemplate template = new RestTemplate();
/**
/*
* for local app -- hack - always make sure fn_role
* table's app_id is null and not 1 for primary app in
- * this case being ecomp portal app; reason: hibernate
+ * this case being onap portal app; reason: hibernate
* is rightly setting this to 1 while persisting to
* fn_role as per the mapping but SDK role management
* code expects the app_id to be null as there is no
oldAppRole.setName(role.getName());
localSession.update(oldAppRole);
}
+ oldAppRole.setActive(true);
newRolesMap.remove(oldAppRole.getAppRoleId());
} else {
obsoleteRoles.add(oldAppRole);
Set<EcompRole> updatedUserRolesinRemote = constructUsersRemoteAppRoles(roleInAppForUserList);
Set<EcompRole> updateUserRolesInEcomp = constructUsersEcompRoles(roleInAppForUserList);
String userRolesAsString = mapper.writeValueAsString(updatedUserRolesinRemote);
+ EPApp externalApp = null;
+ SystemType type = SystemType.APPLICATION;
+ externalApp = appsCacheService.getApp(appId);
+ String appBaseUri = null;
+ Set<RemoteRoleV1> updatedUserRolesinRemoteV1 = new TreeSet<>();
+ if (externalApp != null) {
+ appBaseUri = (type == SystemType.APPLICATION) ? externalApp.getAppRestEndpoint() : "";
+ }
+ if(appBaseUri != null && appBaseUri.endsWith("/api")){
+ for(EcompRole eprole :updatedUserRolesinRemote)
+ {
+ RemoteRoleV1 role = new RemoteRoleV1();
+ role.setId(eprole.getId());
+ role.setName(eprole.getName());
+ updatedUserRolesinRemoteV1.add(role);
+ }
+ userRolesAsString = mapper.writeValueAsString(updatedUserRolesinRemoteV1);
+ }
applicationsRestClientService.post(EcompRole.class, appId, userRolesAsString,
String.format("/user/%s/roles", userId));
// TODO: We should add code that verifies that the post operation did
for (EPRole externalAppRole : rolesList) {
// Try to find an existing extern role for the app in the local
- // ecomp DB. If so, then use its id to update the existing external
+ // onap DB. If so, then use its id to update the existing external
// application role record.
Long externAppId = externalAppRole.getId();
EPRole existingAppRole = epRoleService.getRole(appId, externAppId);
private EPUser addRemoteUser(List<RoleInAppForUser> roleInAppForUserList, String userId, EPApp app, ObjectMapper mapper, SearchService searchService, ApplicationsRestClientService applicationsRestClientService) throws Exception{
EPUser addRemoteUser = null;
if (remoteUserShouldBeCreated(roleInAppForUserList)) {
-
createNewUserOnRemoteApp(userId, app, applicationsRestClientService, searchService, mapper, isAppUpgradeVersion(app));
- // If we succeed, we know that the new user was
- // persisted on remote app.
- addRemoteUser = getUserFromApp(userId, app, applicationsRestClientService);
- if (addRemoteUser == null) {
- logger.error(EELFLoggerDelegate.errorLogger,
- "Failed to persist new user: " + userId + " in remote app. appId = " + app.getId());
- // return null;
- }
}
return addRemoteUser;
}
+
+ private EPUser pushRemoteUser(List<RoleInAppForUser> roleInAppForUserList, String userId, EPApp app,
+ ObjectMapper mapper, SearchService searchService,
+ ApplicationsRestClientService applicationsRestClientService) throws Exception {
+ EPUser addRemoteUser = null;
+ if (remoteUserShouldBeCreated(roleInAppForUserList)) {
+ pushUserOnRemoteApp(userId, app, applicationsRestClientService, searchService, mapper,
+ isAppUpgradeVersion(app), roleInAppForUserList);
+ }
+ return addRemoteUser;
+ }
+
+ protected void pushUserOnRemoteApp(String userId, EPApp app,
+ ApplicationsRestClientService applicationsRestClientService, SearchService searchService,
+ ObjectMapper mapper, boolean postOpenSource, List<RoleInAppForUser> roleInAppForUserList) throws Exception {
+
+ EPUser client = searchService.searchUserByUserId(userId);
+
+ mapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
+
+ if (client == null) {
+ String msg = "cannot create user " + userId + ", because he/she cannot be found in phonebook.";
+ logger.error(EELFLoggerDelegate.errorLogger, msg);
+ throw new Exception(msg);
+ }
+
+ client.setLoginId(userId);
+ client.setActive(true);
+ roleInAppForUserList.removeIf(role -> role.isApplied.equals(false));
+ Set<EcompRole> userRolesInRemoteApp = constructUsersRemoteAppRoles(roleInAppForUserList);
+ SortedSet<Role> roles = new TreeSet<>();
+ List<EPRole> getAppRoles = getAppRoles(app.getId());
+ for (EcompRole epRole : userRolesInRemoteApp) {
+ Role role = new Role();
+ EPRole appRole = getAppRoles.stream()
+ .filter(applicationRole -> epRole.getId().equals(applicationRole.getId()))
+ .findAny()
+ .orElse(null);
+ if(appRole != null)
+ role.setId(appRole.getAppRoleId());
+ role.setName(epRole.getName());
+ roles.add(role);
+ }
+ client.setRoles(roles);
+ String userInString = null;
+ userInString = mapper.writerFor(EPUser.class).writeValueAsString(client);
+ logger.debug(EELFLoggerDelegate.debugLogger,
+ "about to post a client to remote application, users json = " + userInString);
+ applicationsRestClientService.post(EPUser.class, app.getId(), userInString, String.format("/user/%s", userId));
+
+ }
+
+
+ public List<EPRole> getAppRoles(Long appId) throws Exception {
+ List<EPRole> applicationRoles = null;
+ final Map<String, Long> appParams = new HashMap<>();
+ try {
+ appParams.put("appId", appId);
+ applicationRoles = dataAccessService.executeNamedQuery("getPartnerAppRolesList", appParams, null);
+ } catch (Exception e) {
+ logger.error(EELFLoggerDelegate.errorLogger, "getAppRoles: failed", e);
+ throw e;
+ }
+ return applicationRoles;
+ }
+
/**
* It checks whether the remote user exists or not
* if exits returns user object else null
// if centralized app
if (app.getCentralAuth()) {
- // We should add If user does not exist in remote application
if (!app.getId().equals(PortalConstants.PORTAL_APP_ID)) {
- EPUser remoteAppUser = null;
- remoteAppUser = checkIfRemoteUserExits(userId, app, applicationsRestClientService);
-
- if (remoteAppUser == null) {
- addRemoteUser(roleInAppForUserList, userId, app, mapper, searchService,
+ pushRemoteUser(roleInAppForUserList, userId, app, mapper, searchService,
applicationsRestClientService);
- }
}
- Set<EcompRole> userRolesInLocalApp = postUsersRolesToLocalApp(roleInAppForUserList, mapper,
+
+ Set<EcompRole> userRolesInLocalApp = postUsersRolesToLocalApp(roleInAppForUserList, mapper,
applicationsRestClientService, appId, userId);
RolesInAppForUser rolesInAppForUser = constructRolesInAppForUserUpdate(userId, appId,
userRolesInLocalApp);
ObjectMapper mapper = new ObjectMapper();
HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth();
HttpEntity<String> getUserRolesEntity = new HttpEntity<>(headers);
- logger.debug(EELFLoggerDelegate.debugLogger, "Connecting to external system to get current user roles");
- ResponseEntity<String> getResponse = template
- .exchange(SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL)
- + "roles/user/" + name, HttpMethod.GET, getUserRolesEntity, String.class);
- if (getResponse.getStatusCode().value() == 200) {
- logger.debug(EELFLoggerDelegate.debugLogger, "updateUserRolesInExternalSystem: Finished GET user roles from external system and received user roles {}",
- getResponse.getBody());
-
- }else{
- logger.error(EELFLoggerDelegate.errorLogger, "updateUserRolesInExternalSystem: Failed GET user roles from external system and received user roles {}",getResponse.getBody() );
- EPLogUtil.logExternalAuthAccessAlarm(logger, getResponse.getStatusCode());
- }
+ ResponseEntity<String> getResponse = externalAccessRolesService.getUserRolesFromExtAuthSystem(name, getUserRolesEntity);
List<ExternalAccessUserRoleDetail> userRoleDetailList = new ArrayList<>();
String res = getResponse.getBody();
JSONObject jsonObj = null;
List<RoleInAppForUser> rolesInAppForUser = null;
EPApp app = appsService.getApp(appId);
try {
- // for ecomp portal app, no need to make a remote call
+ // for onap portal app, no need to make a remote call
List<Role> roleList = new ArrayList<>();
if (appId == PortalConstants.PORTAL_APP_ID) {
if(app.getCentralAuth()){
List<CentralV2Role> cenRoleList = externalAccessRolesService.getRolesForApp(app.getUebKey());
for(CentralV2Role cenRole : cenRoleList){
Role role = new Role();
- role.setActive(cenRole.isActive());
+ role.setActive(cenRole.getActive());
role.setId(cenRole.getId());
role.setName(cenRole.getName());
role.setPriority(cenRole.getPriority());
} else{
appRoles = applicationsRestClientService.get(EcompRole[].class, appId, "/roles");
}
- // Test this error case, for generating an internal Ecomp Portal
+ // Test this error case, for generating an internal ONAP Portal
// error
// EcompRole[] appRoles = null;
// If there is an exception in the rest client api, then null will
* @see org.onap.portalapp.portal.service.UserRolesService#
* getCachedAppRolesForUser(java.lang.Long, java.lang.Long)
*/
+ @SuppressWarnings("deprecation")
public List<EPUserApp> getCachedAppRolesForUser(Long appId, Long userId) {
// Find the records for this user-app combo, if any
String filter = " where user_id = " + Long.toString(userId) + " and app_id = " + Long.toString(appId);