* ============LICENSE_START==========================================
* ONAP Portal
* ===================================================================
- * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved.
+ * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
* ===================================================================
*
* Unless otherwise specified, all software contained herein is licensed
import org.json.JSONObject;
import org.onap.portalapp.externalsystemapproval.model.ExternalSystemRoleApproval;
import org.onap.portalapp.externalsystemapproval.model.ExternalSystemUser;
+import org.onap.portalapp.portal.domain.CentralV2RoleFunction;
import org.onap.portalapp.portal.domain.EPApp;
import org.onap.portalapp.portal.domain.EPRole;
import org.onap.portalapp.portal.domain.EPUser;
import org.onap.portalapp.portal.utils.EPCommonSystemProperties;
import org.onap.portalapp.portal.utils.EcompPortalUtils;
import org.onap.portalapp.portal.utils.PortalConstants;
+import org.onap.portalapp.util.EPUserUtils;
import org.onap.portalapp.util.SystemType;
import org.onap.portalsdk.core.domain.Role;
+import org.onap.portalsdk.core.domain.RoleFunction;
import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
import org.onap.portalsdk.core.restful.domain.EcompRole;
import org.onap.portalsdk.core.service.DataAccessService;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
+import org.springframework.web.client.HttpClientErrorException;
import org.springframework.web.client.RestTemplate;
import com.fasterxml.jackson.core.JsonProcessingException;
private static EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(UserRolesCommonServiceImpl.class);
private static final Object syncRests = new Object();
+
+ private static final String APP_ID = "appId";
@Autowired
private DataAccessService dataAccessService;
private EPRoleService epRoleService;
@Autowired
private RoleService roleService;
-
+ @Autowired
+ private AdminRolesService adminRolesService;
+ @Autowired
+ private EPAppService appService;
@Autowired
private ExternalAccessRolesService externalAccessRolesService;
*
* @param userId
*/
- protected void createLocalUserIfNecessary(String userId) {
+ protected void createLocalUserIfNecessary(String userId,boolean isSystemUser) {
if (StringUtils.isEmpty(userId)) {
logger.error(EELFLoggerDelegate.errorLogger, "createLocalUserIfNecessary : empty userId!");
return;
transaction = localSession.beginTransaction();
@SuppressWarnings("unchecked")
List<EPUser> userList = localSession
- .createQuery("from " + EPUser.class.getName() + " where orgUserId='" + userId + "'").list();
+ .createQuery("from EPUser where orgUserId=:userId")
+ .setParameter("userId",userId)
+ .list();
if (userList.size() == 0) {
- EPUser client = searchService.searchUserByUserId(userId);
+ EPUser client = null;
+ if (!isSystemUser) {
+ client = searchService.searchUserByUserId(userId);
+ } else {
+ client = new EPUser();
+ client.setOrgUserId(userId);
+ client.setSystemUser(true);
+ client.setFirstName(userId.substring(0,userId.indexOf("@")));
+ }
if (client == null) {
String msg = "createLocalUserIfNecessary: cannot create user " + userId
+ ", because not found in phonebook";
* set to false if request is from users page otherwise true
* @throws Exception
*/
+ @SuppressWarnings("unchecked")
protected void syncUserRoles(SessionFactory sessionFactory, String userId, Long appId,
- EcompRole[] userAppRoles, Boolean extRequestValue, String reqType) throws Exception {
+ EcompRole[] userAppRoles, Boolean extRequestValue, String reqType,boolean checkIfUserisRoleAdmin,EcompRole[] appRoles) throws Exception {
Session localSession = null;
Transaction transaction = null;
String roleActive = null;
final Map<String, String> userAppParams = new HashMap<>();
final Map<String, String> appParams = new HashMap<>();
HashMap<Long, EcompRole> newUserAppRolesMap = hashMapFromEcompRoles(userAppRoles);
-
+ List<EPRole> roleInfo = externalAccessRolesService.getPortalAppRoleInfo(PortalConstants.ACCOUNT_ADMIN_ROLE_ID);
+
+ EPRole adminRole = new EPRole();
+ if(roleInfo.size()>0)
+ {
+ adminRole = roleInfo.get(0);
+ logger.debug(EELFLoggerDelegate.debugLogger, "Admin RoleName form DB: " + adminRole.getName());
+ }
try {
localSession = sessionFactory.openSession();
transaction = localSession.beginTransaction();
@SuppressWarnings("unchecked")
List<EPUser> userList = localSession
- .createQuery("from " + EPUser.class.getName() + " where orgUserId='" + userId + "'").list();
+ .createQuery("from EPUser where orgUserId=:userId")
+ .setParameter("userId",userId)
+ .list();
if (userList.size() > 0) {
EPUser client = userList.get(0);
roleActive = ("DELETE".equals(reqType)) ? "" : " and role.active = 'Y'";
@SuppressWarnings("unchecked")
- List<EPUserApp> userRoles = localSession.createQuery("from " + EPUserApp.class.getName()
- + " where app.id=" + appId + roleActive + " and userId=" + client.getId()).list();
+ List<EPUserApp> userRoles = localSession.createQuery("from EPUserApp where app.id=:appId and userId=:userId" + roleActive)
+ .setParameter("appId",appId)
+ .setParameter("userId",client.getId())
+ .list();
if ("DELETE".equals(reqType)) {
for (EPUserApp userAppRoleList : userRoles) {
userAppParams.put("appId", String.valueOf(appId));
appParams.put("appRoleName", userAppRoleList.getRole().getName());
@SuppressWarnings("unchecked")
- List<EPRole> rolesList = (!userAppRoleList.getRole().getName().equals(PortalConstants.ADMIN_ROLE)) ? (List<EPRole>) dataAccessService.executeNamedQuery("getAppRoles", userAppParams, null) : (List<EPRole>) dataAccessService.executeNamedQuery("getPortalAppRoles", appParams, null);
+ List<EPRole> rolesList = (!userAppRoleList.getRole().getName().equals(adminRole.getName())) ? (List<EPRole>) dataAccessService.executeNamedQuery("getAppRoles", userAppParams, null) : (List<EPRole>) dataAccessService.executeNamedQuery("getPortalAppRoles", appParams, null);
if(rolesList.size() > 0 || !rolesList.isEmpty()){
checkIfRoleInactive(rolesList.get(0));
}
}
}
+
+ if (appRoles != null) {
+ List<EcompRole> appRolesList = Arrays.stream(appRoles).collect(Collectors.toList());
+ List<EPUserApp> finalUserRolesList = new ArrayList<>();
+ if (checkIfUserisRoleAdmin) {
+ for (EcompRole role : appRolesList) {
+ for (EPUserApp userAppRoleList : userRoles) {
+ if (userAppRoleList.getRole().getName().equals(role.getName()))
+
+ {
+ finalUserRolesList.add(userAppRoleList);
+ }
+ }
+ }
+ userRoles = new ArrayList<>();
+ userRoles.addAll(finalUserRolesList);
+ }
+ }
+
for (EPUserApp userRole : userRoles) {
if (!userRole.getRoleId().equals(PortalConstants.ACCOUNT_ADMIN_ROLE_ID) && userRole.getRoleId() != PortalConstants.SYS_ADMIN_ROLE_ID && !extRequestValue){
syncUserRolesExtension(userRole, appId, localSession, userAppRoles, newUserAppRolesMap);
syncUserRolesExtension(userRole, appId, localSession, userAppRoles, newUserAppRolesMap);
}
}
+
+
Collection<EcompRole> newRolesToAdd = newUserAppRolesMap.values();
if (newRolesToAdd.size() > 0) {
EPApp app = (EPApp) localSession.get(EPApp.class, appId);
} else { // remote app
@SuppressWarnings("unchecked")
List<EPRole> roles = localSession
- .createQuery("from " + EPRole.class.getName() + " where appId=" + appId).list();
+ .createQuery("from EPRole where appId=:appId")
+ .setParameter("appId",appId)
+ .list();
for (EPRole role : roles) {
if (!extRequestValue && app.getCentralAuth()) {
rolesMap.put(role.getId(), role);
EPRole role = null;
for (EcompRole userRole : newRolesToAdd) {
EPUserApp userApp = new EPUserApp();
- if (("PUT".equals(reqType) || "POST".equals(reqType)) && userRole.getName().equals(PortalConstants.ADMIN_ROLE)) {
+ if (("PUT".equals(reqType) || "POST".equals(reqType)) && userRole.getName().equals(adminRole.getName())) {
role = (EPRole) localSession.get(EPRole.class, new Long(PortalConstants.ACCOUNT_ADMIN_ROLE_ID));
userApp.setRole(role);
} else if ((userRole.getId().equals(PortalConstants.ACCOUNT_ADMIN_ROLE_ID)) && !extRequestValue){
for (EPRole ecompRole : userAppRoles) {
userAppRolesMap.add(ecompRole.getId());
}
+ logger.debug(EELFLoggerDelegate.debugLogger, "In constructRolesInAppForUserGet() - userAppRolesMap = {}", userAppRolesMap);
+
} else {
logger.error(EELFLoggerDelegate.errorLogger,
"constructRolesInAppForUserGet has received userAppRoles list empty.");
}
if (appRoles != null) {
+
for (Role ecompRole : appRoles) {
+ logger.debug(EELFLoggerDelegate.debugLogger, "In constructRolesInAppForUserGet() - appRoles not null = {}", ecompRole);
+
if (ecompRole.getId().equals(PortalConstants.ACCOUNT_ADMIN_ROLE_ID) && !extRequestValue)
continue;
RoleInAppForUser roleForUser = new RoleInAppForUser(ecompRole.getId(), ecompRole.getName());
roleForUser.isApplied = userAppRolesMap.contains(ecompRole.getId());
rolesInAppForUser.add(roleForUser);
+ logger.debug(EELFLoggerDelegate.debugLogger, "In constructRolesInAppForUserGet() - rolesInAppForUser = {}", rolesInAppForUser);
+
}
} else {
logger.error(EELFLoggerDelegate.errorLogger,
transaction = localSession.beginTransaction();
// Attention! All roles from remote application supposed to be
// active!
+
@SuppressWarnings("unchecked")
- List<EPRole> currentAppRoles = localSession
- .createQuery("from " + EPRole.class.getName() + " where appId=" + appId).list();
+ List<EPRole> currentAppRoles = localSession.createQuery("from EPRole where appId = :appId")
+ .setParameter("appId",appId)
+ .list();
+
List<EPRole> obsoleteRoles = new ArrayList<EPRole>();
for (int i = 0; i < currentAppRoles.size(); i++) {
EPRole oldAppRole = currentAppRoles.get(i);
// Delete from fn_user_role
@SuppressWarnings("unchecked")
List<EPUserApp> userRoles = localSession.createQuery(
- "from " + EPUserApp.class.getName() + " where app.id=" + appId + " and role_id=" + roleId)
+ "from EPUserApp where app.id=:appId and role_id=:roleId")
+ .setParameter("appId",appId)
+ .setParameter("roleId",roleId)
.list();
logger.debug(EELFLoggerDelegate.debugLogger, "syncAppRoles: number of userRoles to delete: " + userRoles.size());
// Delete from fn_menu_functional_roles
@SuppressWarnings("unchecked")
List<FunctionalMenuRole> funcMenuRoles = localSession
- .createQuery("from " + FunctionalMenuRole.class.getName() + " where roleId=" + roleId)
+ .createQuery("from FunctionalMenuRole where roleId=:roleId")
+ .setParameter("roleId",roleId)
.list();
int numMenuRoles = funcMenuRoles.size();
logger.debug(EELFLoggerDelegate.debugLogger,
// so must null out the url too, to be consistent
@SuppressWarnings("unchecked")
List<FunctionalMenuRole> funcMenuRoles2 = localSession
- .createQuery("from " + FunctionalMenuRole.class.getName() + " where menuId=" + menuId)
+ .createQuery("from FunctionalMenuRole where menuId=:menuId")
+ .setParameter("menuId",menuId)
.list();
int numMenuRoles2 = funcMenuRoles2.size();
logger.debug(EELFLoggerDelegate.debugLogger,
"syncAppRoles: There is exactly 1 menu item for this role, so emptying the url");
@SuppressWarnings("unchecked")
List<FunctionalMenuItem> funcMenuItems = localSession
- .createQuery(
- "from " + FunctionalMenuItem.class.getName() + " where menuId=" + menuId)
+ .createQuery("from FunctionalMenuItem where menuId=:menuId")
+ .setParameter("menuId",menuId)
.list();
if (funcMenuItems.size() > 0) {
logger.debug(EELFLoggerDelegate.debugLogger, "got the menu item");
result = new RolesInAppForUser();
result.appId = appId;
result.orgUserId = userId;
+
for (EcompRole role : userRolesInRemoteApp) {
RoleInAppForUser roleInAppForUser = new RoleInAppForUser();
roleInAppForUser.roleId = role.getId();
* @throws HTTPException
*/
protected Set<EcompRole> postUsersRolesToRemoteApp(List<RoleInAppForUser> roleInAppForUserList, ObjectMapper mapper,
- ApplicationsRestClientService applicationsRestClientService, Long appId, String userId)
+ ApplicationsRestClientService applicationsRestClientService, Long appId, String userId,boolean systemUser)
throws JsonProcessingException, HTTPException {
Set<EcompRole> updatedUserRolesinRemote = constructUsersRemoteAppRoles(roleInAppForUserList);
Set<EcompRole> updateUserRolesInEcomp = constructUsersEcompRoles(roleInAppForUserList);
* set to false if requests from Users page otherwise true
* @return true on success, false otherwise
*/
- protected boolean applyChangesInUserRolesForAppToEcompDB(RolesInAppForUser rolesInAppForUser, boolean externalSystemRequest, String reqType) throws Exception {
+ protected boolean applyChangesInUserRolesForAppToEcompDB(RolesInAppForUser rolesInAppForUser, boolean externalSystemRequest, String reqType,boolean isSystemUser,Set<EcompRole> rolesDeletedByApprover ,boolean isLoggedInUserRoleAdminOfApp ) throws Exception {
boolean result = false;
String userId = rolesInAppForUser.orgUserId;
Long appId = rolesInAppForUser.appId;
synchronized (syncRests) {
if (rolesInAppForUser != null) {
- createLocalUserIfNecessary(userId);
+ createLocalUserIfNecessary(userId, isSystemUser);
}
if (rolesInAppForUser != null) {
userAppRoles[i] = role;
}
try {
- syncUserRoles(sessionFactory, userId, appId, userAppRoles, externalSystemRequest, reqType);
+ EcompRole[] applicationRoles = null;
+
+ if(isLoggedInUserRoleAdminOfApp){
+ List<EcompRole> roles = Arrays.stream(userAppRoles).collect(Collectors.toList());
+ List<EcompRole> roles1 = rolesDeletedByApprover.stream().collect(Collectors.toList());
+ roles.addAll(roles1);
+ applicationRoles = roles.stream().toArray(n -> new EcompRole[n]);
+ }
+
+ syncUserRoles(sessionFactory, userId, appId, userAppRoles, externalSystemRequest, reqType,isLoggedInUserRoleAdminOfApp,applicationRoles);
result = true;
} catch (Exception e) {
logger.error(EELFLoggerDelegate.errorLogger,
* @return
* @throws Exception
*/
- private EPUser addRemoteUser(List<RoleInAppForUser> roleInAppForUserList, String userId, EPApp app, ObjectMapper mapper, SearchService searchService, ApplicationsRestClientService applicationsRestClientService) throws Exception{
+ private EPUser addRemoteUser(List<RoleInAppForUser> roleInAppForUserList, String userId, EPApp app,
+ ObjectMapper mapper, SearchService searchService,
+ ApplicationsRestClientService applicationsRestClientService) throws Exception {
EPUser addRemoteUser = null;
if (remoteUserShouldBeCreated(roleInAppForUserList)) {
- createNewUserOnRemoteApp(userId, app, applicationsRestClientService, searchService, mapper, isAppUpgradeVersion(app));
+ createNewUserOnRemoteApp(userId, app, applicationsRestClientService, searchService, mapper,
+ isAppUpgradeVersion(app));
}
return addRemoteUser;
}
+ private EPUser pushRemoteUser(List<RoleInAppForUser> roleInAppForUserList, String userId, EPApp app,
+ ObjectMapper mapper, SearchService searchService,
+ ApplicationsRestClientService applicationsRestClientService,boolean appRoleIdUsed) throws Exception {
+ EPUser addRemoteUser = null;
+// if (remoteUserShouldBeCreated(roleInAppForUserList)) {
+ pushUserOnRemoteApp(userId, app, applicationsRestClientService, searchService, mapper,
+ isAppUpgradeVersion(app), roleInAppForUserList, appRoleIdUsed);
+// }
+ return addRemoteUser;
+ }
+
+ @SuppressWarnings("unchecked")
+ protected void pushUserOnRemoteApp(String userId, EPApp app,
+ ApplicationsRestClientService applicationsRestClientService, SearchService searchService,
+ ObjectMapper mapper, boolean postOpenSource, List<RoleInAppForUser> roleInAppForUserList,boolean appRoleIdUsed) throws Exception {
+
+ EPUser client = null;
+ client = searchService.searchUserByUserId(userId);
+
+ mapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
+ if (client == null) {
+ String msg = "cannot create user " + userId + ", because he/she cannot be found in directory.";
+ logger.error(EELFLoggerDelegate.errorLogger, msg);
+ // throw new Exception(msg);
+ final Map<String, String> loginIdParams = new HashMap<>();
+ loginIdParams.put("orgUserIdValue", userId);
+ List<EPUser> userList = new ArrayList<>();
+ userList = dataAccessService.executeNamedQuery("epUserAppId", loginIdParams, null);
+ if (userList.size() > 0) {
+ logger.debug(EELFLoggerDelegate.debugLogger,
+ userList.get(0).getOrgUserId() + " User was found in Portal");
+ client = userList.get(0);
+ SortedSet<EPUserApp> userApps = new TreeSet<>();
+ client.setEPUserApps(userApps);
+ client.setSystemUser(false);
+ } else {
+ logger.error(EELFLoggerDelegate.errorLogger, "user cannot be found be in directory or in portal");
+ throw new Exception(msg);
+ }
+
+ }
+
+ client.setLoginId(userId);
+ client.setActive(true);
+ client.setOrgUserId(userId);
+
+
+ roleInAppForUserList.removeIf(role -> role.isApplied.equals(false));
+ SortedSet<Role> roles = new TreeSet<>();
+
+ List<EPRole> getAppRoles = externalAccessRolesService.getAppRoles(app.getId());
+ List<EPApp> appList = new ArrayList<>();
+ appList.add(app);
+ List<CentralV2Role> roleList = new ArrayList<>();
+ Map<String, Long> params = new HashMap<>();
+
+ List<EPRole> userRoles = new ArrayList<>();
+
+ for (RoleInAppForUser roleInappForUser : roleInAppForUserList) {
+ EPRole role = new EPRole();
+ role.setId(roleInappForUser.getRoleId());
+ role.setName(roleInappForUser.getRoleName());
+ userRoles.add(role);
+ }
+
+ if (appRoleIdUsed) {
+ List<EPRole> userAppRoles = new ArrayList<>();
+ for (EPRole role : userRoles) {
+ EPRole appRole = getAppRoles.stream()
+ .filter(applicationRole -> role.getId().equals(applicationRole.getAppRoleId())).findAny()
+ .orElse(null);
+ EPRole epRole = new EPRole();
+ if (appRole != null) {
+ epRole.setId(appRole.getId());
+ epRole.setName(appRole.getName());
+ }
+ userAppRoles.add(epRole);
+ }
+ userRoles = new ArrayList<>();
+ userRoles.addAll(userAppRoles);
+ }
+ roleList = externalAccessRolesService.createCentralRoleObject(appList, userRoles, roleList, params);
+
+ for (CentralV2Role epRole : roleList) {
+ Role role = new Role();
+ EPRole appRole = getAppRoles.stream()
+ .filter(applicationRole -> epRole.getId().equals(applicationRole.getId())).findAny().orElse(null);
+ if (appRole != null){
+ role.setId(appRole.getAppRoleId());
+ role.setName(epRole.getName());
+ role.setRoleFunctions(epRole.getRoleFunctions());
+ }
+ roles.add(role);
+ }
+ client.setRoles(roles);
+ String userInString = null;
+ userInString = mapper.writerFor(EPUser.class).writeValueAsString(client);
+ logger.debug(EELFLoggerDelegate.debugLogger,
+ "about to post a client to remote application, users json = " + userInString);
+ applicationsRestClientService.post(EPUser.class, app.getId(), userInString, String.format("/user/%s", userId));
+ }
+
/**
* It checks whether the remote user exists or not
* if exits returns user object else null
* setAppWithUserRoleStateForUser(org.onap.portalapp.portal.domain.
* EPUser, org.onap.portalapp.portal.transport.AppWithRolesForUser)
*/
- public boolean setAppWithUserRoleStateForUser(EPUser user, AppWithRolesForUser newAppRolesForUser) {
+ public ExternalRequestFieldsValidator setAppWithUserRoleStateForUser(EPUser user, AppWithRolesForUser newAppRolesForUser) {
boolean result = false;
boolean epRequestValue = false;
String userId = "";
- if (newAppRolesForUser != null && newAppRolesForUser.orgUserId != null) {
- userId = newAppRolesForUser.orgUserId.trim();
+ String reqMessage = "";
+ if (newAppRolesForUser != null && newAppRolesForUser.getOrgUserId() != null) {
+ userId = newAppRolesForUser.getOrgUserId().trim();
}
- Long appId = newAppRolesForUser.appId;
- List<RoleInAppForUser> roleInAppForUserList = newAppRolesForUser.appRoles;
- if (userId.length() > 0) {
+ Long appId = newAppRolesForUser.getAppId();
+ List<RoleInAppForUser> roleInAppForUserList = newAppRolesForUser.getAppRoles();
+
+
+
+ if (userId.length() > 0 ) {
ObjectMapper mapper = new ObjectMapper();
mapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
try {
EPApp app = appsService.getApp(appId);
+
+ boolean checkIfUserisApplicationAccAdmin = adminRolesService.isAccountAdminOfApplication(user,
+ app);
+ Set<EcompRole> rolesGotDeletedFromApprover = new TreeSet<EcompRole>();
+
+ boolean checkIfUserisOnlyRoleAdmin = adminRolesService.isRoleAdmin(user) && !checkIfUserisApplicationAccAdmin;
+ if (checkIfUserisOnlyRoleAdmin) {
+ for (RoleInAppForUser roleInAppForUser : roleInAppForUserList) {
+ if (!roleInAppForUser.isApplied) {
+ EcompRole ecompRole = new EcompRole();
+ ecompRole.setId(roleInAppForUser.roleId);
+ ecompRole.setName(roleInAppForUser.roleName);
+ rolesGotDeletedFromApprover.add(ecompRole);
+ }
+ }
+ }
+
applyChangesToUserAppRolesForMyLoginsRequest(user, appId);
- // if centralized app
+ boolean systemUser = newAppRolesForUser.isSystemUser();
+
+ if ((app.getCentralAuth() || app.getId().equals(PortalConstants.PORTAL_APP_ID)) && systemUser) {
+
+ Set<EcompRole> userRolesInLocalApp = postUsersRolesToLocalApp(roleInAppForUserList, mapper,
+ applicationsRestClientService, appId, userId);
+ RolesInAppForUser rolesInAppForUser = constructRolesInAppForUserUpdate(userId, appId,
+ userRolesInLocalApp);
+ List<RoleInAppForUser> roleAppUserList = rolesInAppForUser.roles;
+ Set<EcompRole> rolesGotDeletedByApprover = new TreeSet<>();
+ if (EcompPortalUtils.checkIfRemoteCentralAccessAllowed()) {
+ // Apply changes in external Access system
+
+ updateUserRolesInExternalSystem(app, rolesInAppForUser.orgUserId, roleAppUserList,
+ epRequestValue, systemUser,rolesGotDeletedByApprover,false);
+ }
+ result = applyChangesInUserRolesForAppToEcompDB(rolesInAppForUser, epRequestValue, "Portal",
+ systemUser,rolesGotDeletedByApprover,false);
+
+ }else if (!app.getCentralAuth() && systemUser)
+ {
+ throw new Exception("For non-centralized application we cannot add systemUser");
+ }
+ else{ // if centralized app
if (app.getCentralAuth()) {
if (!app.getId().equals(PortalConstants.PORTAL_APP_ID)) {
- try {
- addRemoteUser(roleInAppForUserList, userId, app, mapper, searchService,
- applicationsRestClientService);
- } catch (Exception e) {
- String message=e.getMessage();
- logger.error(EELFLoggerDelegate.errorLogger, message, e);
- }
+ pushRemoteUser(roleInAppForUserList, userId, app, mapper, searchService,
+ applicationsRestClientService,false);
}
- Set<EcompRole> userRolesInLocalApp = postUsersRolesToLocalApp(roleInAppForUserList, mapper,
+ Set<EcompRole> userRolesInLocalApp = postUsersRolesToLocalApp(roleInAppForUserList, mapper,
applicationsRestClientService, appId, userId);
RolesInAppForUser rolesInAppForUser = constructRolesInAppForUserUpdate(userId, appId,
userRolesInLocalApp);
List<RoleInAppForUser> roleAppUserList = rolesInAppForUser.roles;
if (EcompPortalUtils.checkIfRemoteCentralAccessAllowed()) {
+
// Apply changes in external Access system
updateUserRolesInExternalSystem(app, rolesInAppForUser.orgUserId, roleAppUserList,
- epRequestValue);
+ epRequestValue,false,rolesGotDeletedFromApprover,checkIfUserisOnlyRoleAdmin);
}
- result = applyChangesInUserRolesForAppToEcompDB(rolesInAppForUser, epRequestValue, "Portal");
+ result = applyChangesInUserRolesForAppToEcompDB(rolesInAppForUser, epRequestValue, "Portal", systemUser,rolesGotDeletedFromApprover,checkIfUserisOnlyRoleAdmin);
}
// In case if portal is not centralized then follow existing approach
else if(!app.getCentralAuth() && app.getId().equals(PortalConstants.PORTAL_APP_ID)){
applicationsRestClientService, appId, userId);
RolesInAppForUser rolesInAppForUser = constructRolesInAppForUserUpdate(userId, appId,
userRolesInLocalApp);
- result = applyChangesInUserRolesForAppToEcompDB(rolesInAppForUser, epRequestValue, "Portal");
+ Set<EcompRole> rolesGotDeletedByApprover = new TreeSet<>();
+ result = applyChangesInUserRolesForAppToEcompDB(rolesInAppForUser, epRequestValue, "Portal",false,rolesGotDeletedByApprover,false);
} else{// remote app
EPUser remoteAppUser = null;
if(!app.getCentralAuth() && !app.getId().equals(PortalConstants.PORTAL_APP_ID)){
if (remoteAppUser == null) {
remoteAppUser = addRemoteUser(roleInAppForUserList, userId, app, mapper, searchService, applicationsRestClientService);
}
- if (remoteAppUser != null) {
- Set<EcompRole> userRolesInRemoteApp = postUsersRolesToRemoteApp(roleInAppForUserList, mapper,
- applicationsRestClientService, appId, userId);
+ Set<EcompRole> userRolesInRemoteApp = postUsersRolesToRemoteApp(roleInAppForUserList, mapper,
+ applicationsRestClientService, appId, userId,systemUser);
RolesInAppForUser rolesInAppForUser = constructRolesInAppForUserUpdate(userId, appId,
userRolesInRemoteApp);
- result = applyChangesInUserRolesForAppToEcompDB(rolesInAppForUser, epRequestValue, null);
+ Set<EcompRole> rolesGotDeletedByApprover = new TreeSet<>();
+ result = applyChangesInUserRolesForAppToEcompDB(rolesInAppForUser, epRequestValue, null,false,rolesGotDeletedByApprover,false);
// If no roles remain, request app to set user inactive.
if (userRolesInRemoteApp.size() == 0) {
logger.debug(EELFLoggerDelegate.debugLogger,
"setAppWithUserRoleStateForUser: no roles in app {}, set user {} to inactive", app,
userId);
- remoteAppUser.setActive(false);
+ //remoteAppUser.setActive(false);
postUserToRemoteApp(userId, user, app, applicationsRestClientService);
- }
}
}
}
+ }
} catch (Exception e) {
+ /*String message = String.format(
+ "Failed to create user or update user roles for User %s, AppId %s",
+ userId, Long.toString(appId));
+ logger.error(EELFLoggerDelegate.errorLogger, message, e);
+ result = false;*/
+
String message = String.format(
"Failed to create user or update user roles for User %s, AppId %s",
userId, Long.toString(appId));
logger.error(EELFLoggerDelegate.errorLogger, message, e);
result = false;
+ reqMessage = e.getMessage();
+
+
}
}
- return result;
+ //return result;
+ return new ExternalRequestFieldsValidator(result, reqMessage);
+
}
/**
* It adds user roles in External system and also make data consistent in both local and in External System
* @param roleInAppUser Contains list of active roles
*/
@SuppressWarnings("unchecked")
- private void updateUserRolesInExternalSystem(EPApp app, String orgUserId, List<RoleInAppForUser> roleInAppUser, boolean isPortalRequest) throws Exception
+ private void updateUserRolesInExternalSystem(EPApp app, String orgUserId, List<RoleInAppForUser> roleInAppUser, boolean isPortalRequest,boolean isSystemUser,Set<EcompRole> deletedRolesByApprover,boolean isLoggedInUserRoleAdminofApp) throws Exception
{
try {
// check if user exists
userParams.put("orgUserIdValue", orgUserId);
List<EPUser> userInfo = checkIfUserExists(userParams);
if (userInfo.isEmpty()) {
- createLocalUserIfNecessary(orgUserId);
+ createLocalUserIfNecessary(orgUserId, isSystemUser);
}
String name = "";
if (EPCommonSystemProperties
- .containsProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_USER_DOMAIN)) {
+ .containsProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_USER_DOMAIN) && !isSystemUser) {
name = orgUserId
+ SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_USER_DOMAIN);
+ } else {
+ name = orgUserId;
}
ObjectMapper mapper = new ObjectMapper();
HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth();
HttpEntity<String> getUserRolesEntity = new HttpEntity<>(headers);
ResponseEntity<String> getResponse = externalAccessRolesService.getUserRolesFromExtAuthSystem(name, getUserRolesEntity);
+
+
List<ExternalAccessUserRoleDetail> userRoleDetailList = new ArrayList<>();
String res = getResponse.getBody();
JSONObject jsonObj = null;
if (extRoles.getJSONObject(i).getString("name").startsWith(app.getNameSpace() + ".")
&& !extRoles.getJSONObject(i).getString("name").equals(app.getNameSpace() + ".admin")
&& !extRoles.getJSONObject(i).getString("name").equals(app.getNameSpace() + ".owner")) {
- ObjectMapper descMapper = new ObjectMapper();
- if (extRoles.getJSONObject(i).has("description") && EcompPortalUtils.isJSONValid(extRoles.getJSONObject(i).getString("description"))) {
- ExternalRoleDescription desc = descMapper.readValue(
- extRoles.getJSONObject(i).getString("description"), ExternalRoleDescription.class);
+ if (extRoles.getJSONObject(i).has("description")) {
+ ExternalRoleDescription desc = new ExternalRoleDescription(extRoles.getJSONObject(i).getString("description"));
userRoleDetail = new ExternalAccessUserRoleDetail(
extRoles.getJSONObject(i).getString("name"), desc);
userRoleDetailList.add(userRoleDetail);
List<ExternalAccessUserRoleDetail> userRoleListMatchingInExtAuthAndLocal = CheckIfRoleAreMatchingInUserRoleDetailList(userRoleDetailList,app);
+ List<EcompUserAppRoles> userAppList = new ArrayList<>();
// If request coming from portal not from external role approval system then we have to check if user already
// have account admin or system admin as GUI will not send these roles
if (!isPortalRequest) {
final Map<String, Long> params = new HashMap<>();
params.put("appId", app.getId());
params.put("userId", user.getId());
- List<EcompUserAppRoles> userAppList = dataAccessService.executeNamedQuery("getUserAppExistingRoles",
+ userAppList = dataAccessService.executeNamedQuery("getUserAppExistingRoles",
params, null);
if (!roleInAppUser.isEmpty()) {
for (EcompUserAppRoles userApp : userAppList) {
}
List<RoleInAppForUser> roleInAppUserNonDupls = roleInAppUser.stream().distinct()
.collect(Collectors.toList());
- final Map<String, RoleInAppForUser> currentUserRolesToUpdate = new HashMap<>();
+ Map<String, RoleInAppForUser> currentUserRolesToUpdate = new HashMap<>();
for (RoleInAppForUser roleInAppUserNew : roleInAppUserNonDupls) {
currentUserRolesToUpdate.put(roleInAppUserNew.getRoleName().replaceAll(EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_"), roleInAppUserNew);
}
for (ExternalAccessUserRoleDetail extAccessUserRole : userRoleListMatchingInExtAuthAndLocal) {
currentUserRolesInExternalSystem.put(extAccessUserRole.getName(), extAccessUserRole);
}
+
+ if (isLoggedInUserRoleAdminofApp) {
+ if (deletedRolesByApprover.size() > 0) {
+ List<ExternalAccessUserRoleDetail> newUpdatedRoles = new ArrayList<>();
+ Set<EcompRole> roles = new HashSet<>();
+ for (ExternalAccessUserRoleDetail userRole : userRoleListMatchingInExtAuthAndLocal) {
+ for (EcompRole role : deletedRolesByApprover) {
+ if ((userRole.getName().substring(app.getNameSpace().length() + 1)).equals(role.getName())) {
+ roles.add(role);
+ newUpdatedRoles.add(userRole);
+ }
+ }
+ }
+ if (newUpdatedRoles.size() > 0) {
+ userRoleListMatchingInExtAuthAndLocal = new ArrayList<>();
+ userRoleListMatchingInExtAuthAndLocal.addAll(newUpdatedRoles);
+ } else {
+ userRoleListMatchingInExtAuthAndLocal = new ArrayList<>();
+ currentUserRolesToUpdate = new HashMap<>();
+
+ }
+
+ } else {
+ userRoleListMatchingInExtAuthAndLocal = new ArrayList<>();
+ currentUserRolesToUpdate = new HashMap<>();
+
+ }
+ }
+
// Check if user roles does not exists in local but still there in External Central Auth System delete them all
for (ExternalAccessUserRoleDetail userRole : userRoleListMatchingInExtAuthAndLocal) {
if (!(currentUserRolesToUpdate
for (RoleInAppForUser addUserRole : roleInAppUserNonDupls) {
if (!(currentUserRolesInExternalSystem
.containsKey(app.getNameSpace() + "." + addUserRole.getRoleName().replaceAll(EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_")))) {
- ExternalAccessUser extUser = new ExternalAccessUser(name,
+ ExternalAccessUser extUser = new ExternalAccessUser(name,
app.getNameSpace() + "." + addUserRole.getRoleName().replaceAll(EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_"));
String formattedUserRole = mapper.writeValueAsString(extUser);
HttpEntity<String> entity = new HttpEntity<>(formattedUserRole, headers);
}
}
}
- } catch (Exception e) {
+ } catch (HttpClientErrorException e) {
+ logger.error(EELFLoggerDelegate.errorLogger,
+ "updateUserRolesInExternalSystem: Failed to add user role for application {} due to {}",
+ app.getId(), e);
+ if (e.getStatusCode() == HttpStatus.FORBIDDEN) {
+ logger.error(EELFLoggerDelegate.errorLogger, "Please enter the valid systemUser", orgUserId);
+ throw new HttpClientErrorException(HttpStatus.FORBIDDEN, "Please enter the valid systemUser");
+ }
+ if (e.getStatusCode() == HttpStatus.NOT_FOUND) {
+ logger.error(EELFLoggerDelegate.errorLogger, "Please enter the valid role");
+ throw new HttpClientErrorException(HttpStatus.NOT_FOUND, "Please enter the valid role");
+ }
+ EPLogUtil.logExternalAuthAccessAlarm(logger, HttpStatus.BAD_REQUEST);
+ throw e;
+ }
+
+ catch (Exception e) {
logger.error(EELFLoggerDelegate.errorLogger, "updateUserRolesInExternalSystem: Failed to add user role for application {} due to {}", app.getId(), e);
EPLogUtil.logExternalAuthAccessAlarm(logger, HttpStatus.BAD_REQUEST);
throw e;
private List<ExternalAccessUserRoleDetail> CheckIfRoleAreMatchingInUserRoleDetailList(
List<ExternalAccessUserRoleDetail> userRoleDetailList, EPApp app) {
- Map<String, EPRole> epRoleList = externalAccessRolesService.getCurrentRolesInDB(app);
+ Map<String, EPRole> epRoleList = externalAccessRolesService.getAppRoleNamesWithUnderscoreMap(app);
//Add Account Admin role for partner app to prevent conflict
if(!app.getId().equals(PortalConstants.PORTAL_APP_ID)) {
EPRole role = new EPRole();
final Map<String, Long> params = new HashMap<>();
final Map<String, String> userParams = new HashMap<>();
List<EPUser> userInfo = null;
- EPUser userId = null;
+ EPUser user = null;
List<EPUserAppRolesRequest> epRequestId = null;
String orgUserId = "";
String updateStatus = "";
}
if (userInfo.size() != 0 || !userInfo.isEmpty()) {
validateExternalRequestFields(userInfo, app);
- userId = userInfo.get(0);
+ user = userInfo.get(0);
params.put("appId", app.getId());
- params.put("userId", userId.getId());
+ params.put("userId", user.getId());
epRequestId = (List<EPUserAppRolesRequest>) dataAccessService
.executeNamedQuery("userAppRolesRequestList", params, null);
epRequestIdSize = epRequestId.size();
List<EcompUserAppRoles> userRoleList = null;
if(!userInfo.isEmpty()){
final Map<String, Long> appParams = new HashMap<>();
- appParams.put("userId", userId.getId());
+ appParams.put("userId", user.getId());
appParams.put("appId", app.getId());
userRoleList = dataAccessService.executeNamedQuery("getUserAppExistingRoles", appParams, null);
}
if (app.getCentralAuth()) {
// We should add If user does not exist in remote application
try {
- // If adding just account admin role dont make remote application user call
- if (!app.getId().equals(PortalConstants.PORTAL_APP_ID) && !(checkIfAdminRoleExists
- && reqType.equals("DELETE")) && roleInAppForUserList.size() > 1) {
- EPUser remoteAppUser = null;
- remoteAppUser = checkIfRemoteUserExits(orgUserId, app,
- applicationsRestClientService);
- if (remoteAppUser == null) {
- addRemoteUser(roleInAppForUserList, orgUserId, app, mapper, searchService,
- applicationsRestClientService);
- reqMessage = "Saved Successfully";
- }
+ // If adding just account admin role dont make remote application user call or
+ // if request has only single non admin role then make remote call
+ if (!(app.getId().equals(PortalConstants.PORTAL_APP_ID) && reqType.equals("DELETE"))
+ && ((checkIfAdminRoleExists && roleInAppForUserList.size() > 1)
+ || (!checkIfAdminRoleExists && roleInAppForUserList.size() >= 1))) {
+ // check if admin role exist then delete
+ List<RoleInAppForUser> remoteUserRoles = roleInAppForUserList.stream()
+ .collect(Collectors.toList());
+ remoteUserRoles.removeIf(role -> {
+ return (role.getRoleId().equals(PortalConstants.ACCOUNT_ADMIN_ROLE_ID));
+ });
+ String orgUserIdNewOrExist = (userInfo.size() != 0 || !userInfo.isEmpty()) ? user.getOrgUserId() : orgUserId;
+ pushRemoteUser(remoteUserRoles, orgUserIdNewOrExist , app, mapper, searchService,
+ applicationsRestClientService,true);
}
} catch (Exception e) {
reqMessage = e.getMessage();
RolesInAppForUser rolesInAppForUser = constructRolesInAppForUserUpdate(orgUserId, app.getId(),
userRolesInLocalApp);
List<RoleInAppForUser> roleAppUserList = rolesInAppForUser.roles;
+ Set<EcompRole> rolesGotDeletedByApprover = new TreeSet<>();
+
if(EcompPortalUtils.checkIfRemoteCentralAccessAllowed()) {
// Apply changes in external Access system
- updateUserRolesInExternalSystem(app, rolesInAppForUser.orgUserId, roleAppUserList, externalSystemRequest);
+ updateUserRolesInExternalSystem(app, rolesInAppForUser.orgUserId, roleAppUserList, externalSystemRequest,false,rolesGotDeletedByApprover,false);
}
logger.info(EELFLoggerDelegate.debugLogger, "setExternalRequestUserAppRole: {} user app roles: for app {}, user {}", logMessage,
newAppRolesForUser.getApplicationName(), newAppRolesForUser.getLoginId());
- result = applyChangesInUserRolesForAppToEcompDB(rolesInAppForUser, externalSystemRequest, reqType);
+ result = applyChangesInUserRolesForAppToEcompDB(rolesInAppForUser, externalSystemRequest, reqType,false,rolesGotDeletedByApprover,false);
}
// If local application is not centralized
else if(!app.getCentralAuth() && app.getId().equals(PortalConstants.PORTAL_APP_ID)){
applicationsRestClientService, app.getId(), orgUserId);
RolesInAppForUser rolesInAppForUser = constructRolesInAppForUserUpdate(orgUserId, app.getId(),
userRolesInLocalApp);
- result = applyChangesInUserRolesForAppToEcompDB(rolesInAppForUser, externalSystemRequest, reqType);
+ Set<EcompRole> rolesGotDeletedByApprover = new TreeSet<>();
+
+ result = applyChangesInUserRolesForAppToEcompDB(rolesInAppForUser, externalSystemRequest, reqType,false,rolesGotDeletedByApprover,false);
} else {// remote app
// If adding just account admin role don't do remote application user call
- if(!((roleInAppForUserList.size() == 1 || reqType.equals("DELETE")) && checkIfAdminRoleExists)){
- EPUser remoteAppUser = null;
+ if (!((roleInAppForUserList.size() == 1 || reqType.equals("DELETE")) && checkIfAdminRoleExists)) {
+ EPUser remoteAppUser = null;
remoteAppUser = checkIfRemoteUserExits(orgUserId, app, applicationsRestClientService);
- if (remoteAppUser == null) {
- remoteAppUser = addRemoteUser(roleInAppForUserList, orgUserId, app, mapper, searchService, applicationsRestClientService);
- reqMessage = "Saved Successfully";
- }
- if (remoteAppUser != null) {
- Set<EcompRole> userRolesInRemoteApp = postUsersRolesToRemoteApp(roleInAppForUserList,
- mapper, applicationsRestClientService, app.getId(), orgUserId);
-
- RolesInAppForUser rolesInAppForUser = constructRolesInAppForUserUpdate(orgUserId,
- app.getId(), userRolesInRemoteApp);
- logger.info(EELFLoggerDelegate.debugLogger, "setExternalRequestUserAppRole: {} user app roles: for app {}, user {}",
- logMessage, newAppRolesForUser.getApplicationName(),
- newAppRolesForUser.getLoginId());
- result = applyChangesInUserRolesForAppToEcompDB(rolesInAppForUser, externalSystemRequest,
- reqType);
- // If no roles remain, request app to set user inactive.
- /*if (userRolesInRemoteApp.size() == 0) {
- logger.debug(EELFLoggerDelegate.debugLogger,
- "setAppWithUserRoleStateForUser: no roles in app {}, set user {} to inactive", app,
- orgUserId);
- //TODO Need to fix the logged in user is not set to inactive
- remoteAppUser.setActive(false);
- postUserToRemoteApp(orgUserId, user, app, applicationsRestClientService);
- }*/
+ if (remoteAppUser == null) {
+ addRemoteUser(roleInAppForUserList, orgUserId, app, mapper, searchService,
+ applicationsRestClientService);
+ reqMessage = "Saved Successfully";
}
+
+ Set<EcompRole> userRolesInRemoteApp = postUsersRolesToRemoteApp(roleInAppForUserList, mapper,
+ applicationsRestClientService, app.getId(), orgUserId,false);
+
+ RolesInAppForUser rolesInAppForUser = constructRolesInAppForUserUpdate(orgUserId, app.getId(),
+ userRolesInRemoteApp);
+ logger.info(EELFLoggerDelegate.debugLogger,
+ "setExternalRequestUserAppRole: {} user app roles: for app {}, user {}", logMessage,
+ newAppRolesForUser.getApplicationName(), newAppRolesForUser.getLoginId());
+ Set<EcompRole> rolesGotDeletedByApprover = new TreeSet<>();
+
+ result = applyChangesInUserRolesForAppToEcompDB(rolesInAppForUser, externalSystemRequest,
+ reqType,false,rolesGotDeletedByApprover,false);
+ // If no roles remain, request app to set user inactive.
+ /*
+ * if (userRolesInRemoteApp.size() == 0) {
+ * logger.debug(EELFLoggerDelegate.debugLogger,
+ * "setAppWithUserRoleStateForUser: no roles in app {}, set user {} to inactive"
+ * , app, orgUserId); //TODO Need to fix the logged in user is not set to
+ * inactive remoteAppUser.setActive(false); postUserToRemoteApp(orgUserId, user,
+ * app, applicationsRestClientService); }
+ */
+
} else {
// Here we are adding only we have single account admin in roleInAppForUserList and this should not add in remote
if(!(reqType.equals("DELETE")) && userInfo.isEmpty()){
userRolesInRemoteApp);
logger.info(EELFLoggerDelegate.debugLogger, "setExternalRequestUserAppRole: {} user app roles: for app {}, user {}",
logMessage, newAppRolesForUser.getApplicationName(), newAppRolesForUser.getLoginId());
+ Set<EcompRole> rolesGotDeletedByApprover = new TreeSet<>();
+
result = applyChangesInUserRolesForAppToEcompDB(rolesInAppForUser, externalSystemRequest,
- reqType);
+ reqType,false,rolesGotDeletedByApprover,false);
}
if(!result){
reqMessage = "Failed to save the user app role(s)";
}
if (epRequestIdSize > 0 && !userInfo.isEmpty()) {
updateStatus = "C";
- applyChangesToAppRolesRequest(app.getId(), userId.getId(), updateStatus, epRequestId.get(0));
+ applyChangesToAppRolesRequest(app.getId(), user.getId(), updateStatus, epRequestId.get(0));
}
}
} catch (Exception e) {
reqMessage = e.getMessage();
if(epRequestIdSize > 0 && userInfo!=null && !userInfo.isEmpty()){
updateStatus = "F";
- applyChangesToAppRolesRequest(app.getId(), userId.getId(),
+ applyChangesToAppRolesRequest(app.getId(), user.getId(),
updateStatus, epRequestId.get(0));
}
}
roleInAppForUserList);
throw new Exception(roleInAppForUser.getRoleName() + " role is unavailable for "+ appName + " application");
} else {
- ecompRole.roleId = (appId == 1 || roleInAppForUser.getRoleName().equals(PortalConstants.ADMIN_ROLE)) ? existingAppRole.getId() : existingAppRole.getAppRoleId();
+
+ List<EPRole> roleInfo = externalAccessRolesService.getPortalAppRoleInfo(PortalConstants.ACCOUNT_ADMIN_ROLE_ID);
+ EPRole adminRole = new EPRole();
+ if(roleInfo.size()>0)
+ {
+ adminRole = roleInfo.get(0);
+ logger.debug(EELFLoggerDelegate.debugLogger, "Admin RoleName form DB: " + adminRole.getName());
+ }
+ ecompRole.roleId = (appId == 1 || roleInAppForUser.getRoleName().equals(adminRole.getName())) ? existingAppRole.getId() : existingAppRole.getAppRoleId();
ecompRole.roleName = roleInAppForUser.getRoleName();
ecompRole.isApplied = true;
existingUserRoles.add(ecompRole);
* getAppRolesForUser(java.lang.Long, java.lang.String)
*/
@SuppressWarnings("unchecked")
- public List<RoleInAppForUser> getAppRolesForUser(Long appId, String userId, Boolean extRequestValue) {
-
- List<RoleInAppForUser> rolesInAppForUser = null;
- EPApp app = appsService.getApp(appId);
- try {
- // for onap portal app, no need to make a remote call
- List<Role> roleList = new ArrayList<>();
- if (appId == PortalConstants.PORTAL_APP_ID) {
- if(app.getCentralAuth()){
- List<CentralV2Role> cenRoleList = externalAccessRolesService.getRolesForApp(app.getUebKey());
- for(CentralV2Role cenRole : cenRoleList){
- Role role = new Role();
- role.setActive(cenRole.getActive());
- role.setId(cenRole.getId());
- role.setName(cenRole.getName());
- role.setPriority(cenRole.getPriority());
- roleList.add(role);
- }
- }else{
- roleList = roleService.getAvailableRoles(userId);
+ public List<RoleInAppForUser> getAppRolesForUser(Long appId, String userId, Boolean extRequestValue,EPUser user) {
+ List<RoleInAppForUser> rolesInAppForUser = null;
+ EPApp app = appsService.getApp(appId);
+ logger.debug(EELFLoggerDelegate.debugLogger, "In getAppRolesForUser() - app = {}", app);
+ try {
+ // for onap portal app, no need to make a remote call
+ List<Role> roleList = new ArrayList<>();
+ if (appId == PortalConstants.PORTAL_APP_ID) {
+ if(app.getCentralAuth()){
+ List<CentralV2Role> cenRoleList = externalAccessRolesService.getRolesForApp(app.getUebKey());
+ for(CentralV2Role cenRole : cenRoleList){
+ Role role = new Role();
+ role.setActive(cenRole.getActive());
+ role.setId(cenRole.getId());
+ role.setName(cenRole.getName());
+ role.setPriority(cenRole.getPriority());
+ roleList.add(role);
}
- List<Role> activeRoleList = new ArrayList<Role>();
- for(Role role: roleList) {
- if(role.getActive()) {
- if(role.getId() != 1){ // prevent portal admin from being added
- activeRoleList.add(role);
- } else if(extRequestValue){
- activeRoleList.add(role);
- }
+ }else{
+ roleList = roleService.getAvailableRoles(userId);
+ }
+ List<Role> activeRoleList = new ArrayList<Role>();
+ for(Role role: roleList) {
+ if(role.getActive()) {
+ if(role.getId() != 1){ // prevent portal admin from being added
+ activeRoleList.add(role);
+ } else if(extRequestValue){
+ activeRoleList.add(role);
}
-
- }
- EPUser localUser = getUserFromApp(userId, app, applicationsRestClientService);
- // If localUser does not exists return roles
- Set<EPRole> roleSet = null;
- EPRole[] roleSetList = null;
- if(localUser != null){
- roleSet = localUser.getAppEPRoles(app);
- roleSetList = roleSet.toArray(new EPRole[0]);
}
- rolesInAppForUser = constructRolesInAppForUserGet(activeRoleList, roleSetList, extRequestValue);
- return rolesInAppForUser;
+
}
-
- EcompRole[] appRoles = null;
- List<EcompRole> roles = new ArrayList<>();
- if(app.getCentralAuth()){
- final Map<String, Long> appParams = new HashMap<>();
+ EPUser localUser = getUserFromApp(userId, app, applicationsRestClientService);
+ // If localUser does not exists return roles
+ Set<EPRole> roleSet = null;
+ EPRole[] roleSetList = null;
+ if(localUser != null){
+ roleSet = localUser.getAppEPRoles(app);
+ roleSetList = roleSet.toArray(new EPRole[0]);
+ }
+ rolesInAppForUser = constructRolesInAppForUserGet(activeRoleList, roleSetList, extRequestValue);
+ return rolesInAppForUser;
+ }
+
+ EcompRole[] appRoles = null;
+ boolean checkIfUserisApplicationAccAdmin = false;
+ List<EcompRole> roles = new ArrayList<>();
+ if (app.getCentralAuth()) {
+ final Map<String, Long> appParams = new HashMap<>();
appParams.put("appId", app.getId());
- List<EPRole> applicationRoles = dataAccessService.executeNamedQuery("getActiveRolesOfApplication", appParams, null);
- for(EPRole role : applicationRoles){
+ List<EPRole> applicationRoles = dataAccessService.executeNamedQuery("getActiveRolesOfApplication",
+ appParams, null);
+
+ EPApp application = appService.getApp(appId);
+ checkIfUserisApplicationAccAdmin = adminRolesService.isAccountAdminOfApplication(user,
+ application);
+
+ List<EPRole> rolesetwithfunctioncds = new ArrayList<EPRole>();
+ for (EPRole role : applicationRoles) {
+ Map<String, Long> params = new HashMap<>();
+ params.put("roleId", role.getId());
+ params.put(APP_ID, app.getId());
+ List<CentralV2RoleFunction> cenRoleFuncList = dataAccessService
+ .executeNamedQuery("getAppRoleFunctionList", params, null);
+
+ // SortedSet<CentralV2RoleFunction> roleFunctionSet =
+ // new TreeSet<>();
+ SortedSet<RoleFunction> roleFunctionSet = new TreeSet<>();
+ for (CentralV2RoleFunction roleFunc : cenRoleFuncList) {
+
+ String functionCode = EcompPortalUtils.getFunctionCode(roleFunc.getCode());
+ functionCode = EPUserUtils.decodeFunctionCode(functionCode);
+ String type = externalAccessRolesService.getFunctionCodeType(roleFunc.getCode());
+ String action = externalAccessRolesService.getFunctionCodeAction(roleFunc.getCode());
+ String name = roleFunc.getName();
+
+ RoleFunction function = new RoleFunction();
+ function.setAction(action);
+ function.setType(type);
+ function.setCode(functionCode);
+ function.setName(name);
+ roleFunctionSet.add(function);
+ role.setRoleFunctions(roleFunctionSet);
+
+ }
+ rolesetwithfunctioncds.add(role);
+
+
+ }
+
+ for (EPRole role1 : rolesetwithfunctioncds) {
EcompRole ecompRole = new EcompRole();
- ecompRole.setId(role.getId());
- ecompRole.setName(role.getName());
+ ecompRole.setId(role1.getId());
+ ecompRole.setName(role1.getName());
+ ecompRole.setRoleFunctions(role1.getRoleFunctions());
roles.add(ecompRole);
+
+ }
+ if (checkIfUserisApplicationAccAdmin) {
+ appRoles = roles.toArray(new EcompRole[roles.size()]);
+ logger.debug(EELFLoggerDelegate.debugLogger, "In getAppRolesForUser() If Logged in user checkIfUserisApplicationAccAdmin- appRoles = {}", appRoles);
+ } else if (adminRolesService.isRoleAdmin(user) && !checkIfUserisApplicationAccAdmin) {
+ List<EcompRole> roleAdminAppRoles = new ArrayList<>();
+ List<String> roleAdminAppRolesNames = new ArrayList<>();
+ final Map<String, Long> userParams = new HashMap<>();
+ userParams.put("userId", user.getId());
+ List<String> getUserApproverRoles = dataAccessService.executeNamedQuery("getUserApproverRoles", userParams, null);
+
+ List<EcompRole> userapproverRolesList = new ArrayList<>();
+ for (String str : getUserApproverRoles) {
+ EcompRole epRole = roles.stream().filter(x -> str.equals(x.getName())).findAny().orElse(null);
+ if (epRole != null)
+ userapproverRolesList.add(epRole);
+ }
+// roles.removeAll(userapproverRolesList);
+ for (EcompRole role : userapproverRolesList) {
+
+ List<RoleFunction> roleFunList = new ArrayList<>();
+ roleFunList.addAll(role.getRoleFunctions());
+ boolean checkIfFunctionsExits = roleFunList.stream()
+ .anyMatch(roleFunction -> roleFunction.getType().equalsIgnoreCase("Approver"));
+ if (checkIfFunctionsExits) {
+ roleAdminAppRoles.add(role);
+ List<RoleFunction> filteredList = roleFunList.stream()
+ .filter(x -> "Approver".equalsIgnoreCase(x.getType())).collect(Collectors.toList());
+ roleAdminAppRolesNames.addAll(filteredList.stream().map(RoleFunction::getCode)
+ .collect(Collectors.toList()));
+// roleAdminAppRolesNames = filteredList.stream().map(RoleFunction::getCode)
+// .collect(Collectors.toList());
+ }
+ }
+ for (String name : roleAdminAppRolesNames) {
+ EcompRole ecompRole = roles.stream().filter(x -> name.equals(x.getName())).findAny()
+ .orElse(null);
+ if (ecompRole != null)
+ roleAdminAppRoles.add(ecompRole);
+
+ }
+ appRoles = roleAdminAppRoles.toArray(new EcompRole[roleAdminAppRoles.size()]);
+
}
- appRoles = roles.toArray(new EcompRole[roles.size()]);
} else{
- appRoles = applicationsRestClientService.get(EcompRole[].class, appId, "/roles");
+ appRoles = applicationsRestClientService.get(EcompRole[].class, appId, "/roles");
+ }
+ // Test this error case, for generating an internal ONAP Portal
+ // error
+ // EcompRole[] appRoles = null;
+ // If there is an exception in the rest client api, then null will
+ // be returned.
+ if (appRoles != null) {
+ if(!app.getCentralAuth()) {
+ syncAppRoles(sessionFactory, appId, appRoles);
}
- // Test this error case, for generating an internal ONAP Portal
- // error
- // EcompRole[] appRoles = null;
- // If there is an exception in the rest client api, then null will
- // be returned.
- if (appRoles != null) {
- if(!app.getCentralAuth()) {
- syncAppRoles(sessionFactory, appId, appRoles);
- }
- EcompRole[] userAppRoles = null;
+ EcompRole[] userAppRoles = null;
+ try {
try {
- try {
- if(app.getCentralAuth()){
- final Map<String, String> params = new HashMap<>();
- final Map<String, Long> userParams = new HashMap<>();
- params.put("orgUserIdValue", userId);
- List<EPUser> user = dataAccessService.executeNamedQuery("epUserAppId", params, null);
- userParams.put("appId", app.getId());
- userParams.put("userId", user.get(0).getId());
- List<EPUserAppCurrentRoles> userAppsRolesList = dataAccessService.executeNamedQuery("getUserAppCurrentRoles", userParams, null);
- List<EcompRole> setUserRoles = new ArrayList<>();
- for(EPUserAppCurrentRoles role : userAppsRolesList){
- EcompRole ecompRole = new EcompRole();
- ecompRole.setId(role.getRoleId());
- ecompRole.setName(role.getRoleName());
- setUserRoles.add(ecompRole);
+
+ if(app.getCentralAuth()){
+ final Map<String, String> params = new HashMap<>();
+ final Map<String, Long> userParams = new HashMap<>();
+ params.put("orgUserIdValue", userId);
+ List<EPUser> actualUser = dataAccessService.executeNamedQuery("epUserAppId", params, null);
+ userParams.put("appId", app.getId());
+ userParams.put("userId", actualUser.get(0).getId());
+ List<EPUserAppCurrentRoles> userAppsRolesList = dataAccessService.executeNamedQuery("getUserAppCurrentRoles", userParams, null);
+
+ List<EcompRole> setUserRoles = new ArrayList<>();
+ for(EPUserAppCurrentRoles role : userAppsRolesList){
+ logger.debug(EELFLoggerDelegate.debugLogger, "In getAppRolesForUser() - userAppsRolesList get userRolename = {}", role.getRoleName());
+ EcompRole ecompRole = new EcompRole();
+ ecompRole.setId(role.getRoleId());
+ ecompRole.setName(role.getRoleName());
+ setUserRoles.add(ecompRole);
+ }
+
+ boolean checkIfUserisAccAdmin = setUserRoles.stream()
+ .anyMatch(ecompRole -> ecompRole.getId() == 999L);
+
+ if (!checkIfUserisAccAdmin) {
+ List<EcompRole> userApplicationRolesList = setUserRoles;
+ List<EcompRole> appRolesList = Arrays.asList(appRoles);
+ Set<EcompRole> finalUserAppRolesList = new HashSet<>();
+
+ List<String> roleNames = new ArrayList<>();
+ for (EcompRole role : userApplicationRolesList) {
+ EcompRole epRole = appRolesList.stream()
+ .filter(x -> role.getName().equals(x.getName())).findAny().orElse(null);
+ List<RoleFunction> roleFunList = new ArrayList<>();
+
+ if (epRole != null) {
+ if (epRole.getRoleFunctions().size() > 0)
+ roleFunList.addAll(epRole.getRoleFunctions());
+ boolean checkIfFunctionsExits = roleFunList.stream().anyMatch(
+ roleFunction -> roleFunction.getType().equalsIgnoreCase("Approver"));
+ if (checkIfFunctionsExits) {
+ finalUserAppRolesList.add(role);
+ List<RoleFunction> filteredList = roleFunList.stream()
+ .filter(x -> "Approver".equalsIgnoreCase(x.getType()))
+ .collect(Collectors.toList());
+ roleNames = filteredList.stream().map(RoleFunction::getCode)
+ .collect(Collectors.toList());
+ }else{
+ roleNames.add(epRole.getName());
+ }
+ }
+ for (String name : roleNames) {
+ EcompRole ecompRole = appRolesList.stream()
+ .filter(x -> name.equals(x.getName())).findAny().orElse(null);
+ if (ecompRole != null)
+ finalUserAppRolesList.add(ecompRole);
+ }
}
- userAppRoles = setUserRoles.toArray(new EcompRole[setUserRoles.size()]);
- rolesInAppForUser = constructRolesInAppForUserGet(appRoles, userAppRoles);
- return rolesInAppForUser;
- }else{
- userAppRoles = applicationsRestClientService.get(EcompRole[].class, appId,
- String.format("/user/%s/roles", userId));
- }
- } catch (HTTPException e) {
- // Some apps are returning 400 if user is not found.
- if (e.getResponseCode() == 400) {
- logger.debug(EELFLoggerDelegate.debugLogger,
- "getAppRolesForUser caught exception with response code 400; continuing", e);
- } else {
- // Other response code, let it come thru.
- throw e;
- }
+
+
+ for (String name : roleNames) {
+
+ boolean checkIfFunctionsExits = userAppsRolesList.stream().anyMatch(
+ role -> role.getRoleName().equalsIgnoreCase(name));
+ if(checkIfFunctionsExits)
+ {
+ EcompRole epRole = appRolesList.stream().filter(x -> name.equals(x.getName()))
+ .findAny().orElse(null);
+ if(epRole != null)
+ setUserRoles.add(epRole);
+ }
+
+ }
+ userAppRoles = setUserRoles.toArray(new EcompRole[setUserRoles.size()]);
+ }
+ }else{
+ userAppRoles = applicationsRestClientService.get(EcompRole[].class, appId,
+ String.format("/user/%s/roles", userId));
}
- if (userAppRoles == null) {
- if (EcompPortalUtils.getExternalAppResponseCode() == 400) {
- EcompPortalUtils.setExternalAppResponseCode(200);
- String message = String.format(
- "getAppRolesForUser: App %s, User %, endpoint /user/{userid}/roles returned 400, "
- + "assuming user doesn't exist, app is framework SDK based, and things are ok. "
- + "Overriding to 200 until framework SDK returns a useful response.",
- Long.toString(appId), userId);
- logger.warn(EELFLoggerDelegate.applicationLogger, message);
- }
+ } catch (HTTPException e) {
+ // Some apps are returning 400 if user is not found.
+ if (e.getResponseCode() == 400) {
+ logger.debug(EELFLoggerDelegate.debugLogger,
+ "getAppRolesForUser caught exception with response code 400; continuing", e);
+ } else {
+ // Other response code, let it come thru.
+ throw e;
}
-
- HashMap<Long, EcompRole> appRolesActiveMap =hashMapFromEcompRoles(appRoles);
- ArrayList<EcompRole> activeRoles = new ArrayList<EcompRole>();
- if(userAppRoles != null){
- for (int i = 0; i < userAppRoles.length; i++) {
- if (appRolesActiveMap.containsKey(userAppRoles[i].getId())) {
- EcompRole role = new EcompRole();
- role.setId(userAppRoles[i].getId());
- role.setName(userAppRoles[i].getName());
- activeRoles.add(role);
- }
+ }
+ if (userAppRoles == null) {
+ if (EcompPortalUtils.getExternalAppResponseCode() == 400) {
+ EcompPortalUtils.setExternalAppResponseCode(200);
+ String message = String.format(
+ "getAppRolesForUser: App %s, User %, endpoint /user/{userid}/roles returned 400, "
+ + "assuming user doesn't exist, app is framework SDK based, and things are ok. "
+ + "Overriding to 200 until framework SDK returns a useful response.",
+ Long.toString(appId), userId);
+ logger.warn(EELFLoggerDelegate.applicationLogger, message);
+ }
+ }
+
+ HashMap<Long, EcompRole> appRolesActiveMap =hashMapFromEcompRoles(appRoles);
+ ArrayList<EcompRole> activeRoles = new ArrayList<EcompRole>();
+ if(userAppRoles != null){
+ for (int i = 0; i < userAppRoles.length; i++) {
+ if (appRolesActiveMap.containsKey(userAppRoles[i].getId())) {
+ EcompRole role = new EcompRole();
+ role.setId(userAppRoles[i].getId());
+ role.setName(userAppRoles[i].getName());
+ activeRoles.add(role);
}
}
- EcompRole[] userAppRolesActive = activeRoles.toArray(new EcompRole[activeRoles.size()]);
+ }
+ EcompRole[] userAppRolesActive = activeRoles.toArray(new EcompRole[activeRoles.size()]);
+
- // If the remote application isn't down we MUST sync user
- // roles here in case we have this user here!
- syncUserRoles(sessionFactory, userId, appId, userAppRolesActive, extRequestValue, null);
- } catch (Exception e) {
- // TODO: we may need to check if user exists, maybe remote
- // app is down.
- String message = String.format(
- "getAppRolesForUser: user %s does not exist in remote application %s", userId,
- Long.toString(appId));
- logger.error(EELFLoggerDelegate.errorLogger, message, e);
- userAppRoles = new EcompRole[0];
- }
- rolesInAppForUser = constructRolesInAppForUserGet(appRoles, userAppRoles);
+ boolean checkIfUserisRoleAdmin = adminRolesService.isRoleAdmin(user) && !checkIfUserisApplicationAccAdmin;
+
+ // If the remote application isn't down we MUST sync user
+ // roles here in case we have this user here!
+ syncUserRoles(sessionFactory, userId, appId, userAppRolesActive, extRequestValue, null,checkIfUserisRoleAdmin,appRoles);
+ } catch (Exception e) {
+ // TODO: we may need to check if user exists, maybe remote
+ // app is down.
+ String message = String.format(
+ "getAppRolesForUser: user %s does not exist in remote application %s", userId,
+ Long.toString(appId));
+ logger.error(EELFLoggerDelegate.errorLogger, message, e);
+ userAppRoles = new EcompRole[0];
}
- } catch (Exception e) {
- String message = String.format("getAppRolesForUser: failed for User %s, AppId %s", userId,
- Long.toString(appId));
- logger.error(EELFLoggerDelegate.errorLogger, message, e);
+ rolesInAppForUser = constructRolesInAppForUserGet(appRoles, userAppRoles);
}
- return rolesInAppForUser;
-
+ } catch (Exception e) {
+ String message = String.format("getAppRolesForUser: failed for User %s, AppId %s", userId,
+ Long.toString(appId));
+ logger.error(EELFLoggerDelegate.errorLogger, message, e);
+ }
+ return rolesInAppForUser;
}
private boolean postUserRolesToMylogins(AppWithRolesForUser userAppRolesData,
List<EPUserAppRoles> appRole= null;
try {
logger.error(EELFLoggerDelegate.errorLogger,"Should not be reached here, still the endpoint is yet to be defined");
- boolean result = postUserRolesToMylogins(userAppRolesData, applicationsRestClientService, userAppRolesData.appId, user.getId());
+ boolean result = postUserRolesToMylogins(userAppRolesData, applicationsRestClientService,
+ userAppRolesData.getAppId(), user.getId());
logger.debug(EELFLoggerDelegate.debugLogger,"putUserAppRolesRequest: result {}", result);
- params.put("appId", userAppRolesData.appId);
+ params.put("appId", userAppRolesData.getAppId());
EPUserAppRolesRequest epAppRolesRequestData = new EPUserAppRolesRequest();
epAppRolesRequestData.setCreatedDate(new Date());
epAppRolesRequestData.setUpdatedDate(new Date());
epAppRolesRequestData.setUserId(user.getId());
- epAppRolesRequestData.setAppId(userAppRolesData.appId);
+ epAppRolesRequestData.setAppId(userAppRolesData.getAppId());
epAppRolesRequestData.setRequestStatus("P");
- List<RoleInAppForUser> appRoleIdList = userAppRolesData.appRoles;
+ List<RoleInAppForUser> appRoleIdList = userAppRolesData.getAppRoles();
Set<EPUserAppRolesRequestDetail> appRoleDetails = new LinkedHashSet<EPUserAppRolesRequestDetail>();
dataAccessService.saveDomainObject(epAppRolesRequestData, null);
for (RoleInAppForUser userAppRoles : appRoleIdList) {
* @param app
* @return
*/
+ @SuppressWarnings("unchecked")
private List<RemoteRole> convertToRemoteRoleList(EPUser user, EPApp app) {
List<RemoteRole> roleList = new ArrayList<RemoteRole>();
SortedSet<EPRole> roleSet = user.getAppEPRoles(app);
for (EPRole role : roleSet) {
+ logger.debug(EELFLoggerDelegate.debugLogger, "In convertToRemoteRoleList() - for user {}, found Name {}", user.getOrgUserId(), role.getName());
RemoteRole rRole = new RemoteRole();
rRole.setId(role.getId());
rRole.setName(role.getName());
roleList.add(rRole);
}
+
+ //Get the active roles of user for that application using query
+ List<EPRole> userEpRoleList = new ArrayList<>();
+ final Map<String, Long> params = new HashMap<>();
+ params.put("appId", app.getId());
+ params.put("userId", user.getId());
+ userEpRoleList = dataAccessService.executeNamedQuery("getUserRoleOnUserIdAndAppId", params, null);
+
+ for (EPRole remoteUserRoleList : userEpRoleList) {
+
+ RemoteRole remoteRoleListId = roleList.stream().filter(x -> remoteUserRoleList.getId().equals(x.getId()))
+ .findAny().orElse(null);
+ if (remoteRoleListId == null) {
+ logger.debug(EELFLoggerDelegate.debugLogger,
+ "Adding the role to the rolelist () - for user {}, found Name {}", user.getOrgUserId(),
+
+ remoteUserRoleList.getName());
+ RemoteRole role = new RemoteRole();
+ role.setId(remoteUserRoleList.getId());
+ role.setName(remoteUserRoleList.getName());
+
+ roleList.add(role);
+ }
+
+ }
+
+ logger.debug(EELFLoggerDelegate.debugLogger, "rolelist size of the USER() - for user {}, found RoleListSize {}", user.getOrgUserId(), roleList.size());
+
return roleList;
+
+
+
}
public RemoteUserWithRoles[] doGetUsers(boolean postOpenSource, String remoteUsersString) {
return userRoleList;
}
+
+ /*public static void main(String[] args) {
+ List<EcompRole> str1 = new ArrayList<String>();
+ str1.add("A");
+ str1.add("B");
+ str1.add("C");
+ str1.add("D");
+
+ List<String> str2 = new ArrayList<String>();
+ str2.add("D");
+ str2.add("E");
+
+ List<EcompRole> userApplicationRolesList = setUserRoles;
+ List<EcompRole> appRolesList = Arrays.asList(appRoles);
+
+ }*/
}