*
* ============LICENSE_END============================================
*
- * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+ *
*/
package org.onap.portalapp.portal.controller;
import javax.servlet.http.HttpServletRequest;
import org.onap.portalapp.controller.EPRestrictedBaseController;
-import org.onap.portalapp.portal.controller.DashboardSearchResultController;
import org.onap.portalapp.portal.domain.EPUser;
import org.onap.portalapp.portal.ecomp.model.PortalRestResponse;
import org.onap.portalapp.portal.ecomp.model.PortalRestStatusEnum;
import org.onap.portalapp.portal.transport.CommonWidget;
import org.onap.portalapp.portal.transport.CommonWidgetMeta;
import org.onap.portalapp.util.EPUserUtils;
+import org.onap.portalapp.validation.DataValidator;
+import org.onap.portalapp.validation.SecureString;
import org.onap.portalsdk.core.domain.support.CollaborateList;
import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.PutMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;
public class DashboardSearchResultController extends EPRestrictedBaseController {
private static EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(DashboardSearchResultController.class);
+ private DataValidator dataValidator = new DataValidator();
@Autowired
private DashboardSearchService searchService;
* Request parameter.
* @return Rest response wrapped around a CommonWidgetMeta object.
*/
- @RequestMapping(value = "/widgetData", method = RequestMethod.GET, produces = "application/json")
+ @GetMapping(value = "/widgetData", produces = "application/json")
public PortalRestResponse<CommonWidgetMeta> getWidgetData(HttpServletRequest request,
@RequestParam String resourceType) {
- return new PortalRestResponse<CommonWidgetMeta>(PortalRestStatusEnum.OK, "success",
+ if (resourceType !=null){
+ SecureString secureString = new SecureString(resourceType);
+ if (!dataValidator.isValid(secureString))
+ return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "Provided data is invalid", null);
+ }
+ return new PortalRestResponse<>(PortalRestStatusEnum.OK, "success",
searchService.getWidgetData(resourceType));
}
* read from POST body.
* @return Rest response wrapped around a String; e.g., "success" or "ERROR"
*/
- @RequestMapping(value = "/widgetDataBulk", method = RequestMethod.POST, produces = "application/json")
+ @PostMapping(value = "/widgetDataBulk", produces = "application/json")
public PortalRestResponse<String> saveWidgetDataBulk(@RequestBody CommonWidgetMeta commonWidgetMeta) {
logger.debug(EELFLoggerDelegate.debugLogger, "saveWidgetDataBulk: argument is {}", commonWidgetMeta);
- if (commonWidgetMeta.getCategory() == null || commonWidgetMeta.getCategory().trim().equals(""))
+ if (commonWidgetMeta.getCategory() == null || commonWidgetMeta.getCategory().trim().equals("")){
return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, "ERROR",
"Category cannot be null or empty");
+ }else {
+ if(!dataValidator.isValid(commonWidgetMeta))
+ return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, "ERROR",
+ "Category is not valid");
+ }
// validate dates
for (CommonWidget cw : commonWidgetMeta.getItems()) {
String err = validateCommonWidget(cw);
* read from POST body
* @return Rest response wrapped around a String; e.g., "success" or "ERROR"
*/
- @RequestMapping(value = "/widgetData", method = RequestMethod.POST, produces = "application/json")
+ @PostMapping(value = "/widgetData", produces = "application/json")
public PortalRestResponse<String> saveWidgetData(@RequestBody CommonWidget commonWidget) {
logger.debug(EELFLoggerDelegate.debugLogger, "saveWidgetData: argument is {}", commonWidget);
- if (commonWidget.getCategory() == null || commonWidget.getCategory().trim().equals(""))
- return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, "ERROR",
+ if (commonWidget.getCategory() == null || commonWidget.getCategory().trim().equals("")){
+ return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "ERROR",
"Cateogry cannot be null or empty");
+ }else {
+ if(!dataValidator.isValid(commonWidget))
+ return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "ERROR",
+ "Category is not valid");
+ }
String err = validateCommonWidget(commonWidget);
if (err != null)
- return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, err, null);
- return new PortalRestResponse<String>(PortalRestStatusEnum.OK, "success",
+ return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, err, null);
+ return new PortalRestResponse<>(PortalRestStatusEnum.OK, "success",
searchService.saveWidgetData(commonWidget));
}
* read from POST body
* @return Rest response wrapped around a String; e.g., "success" or "ERROR"
*/
- @RequestMapping(value = "/deleteData", method = RequestMethod.POST, produces = "application/json")
+ @PostMapping(value = "/deleteData", produces = "application/json")
public PortalRestResponse<String> deleteWidgetData(@RequestBody CommonWidget commonWidget) {
logger.debug(EELFLoggerDelegate.debugLogger, "deleteWidgetData: argument is {}", commonWidget);
- return new PortalRestResponse<String>(PortalRestStatusEnum.OK, "success",
+ if(!dataValidator.isValid(commonWidget))
+ return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "ERROR",
+ "Data is not valid");
+ return new PortalRestResponse<>(PortalRestStatusEnum.OK, "success",
searchService.deleteWidgetData(commonWidget));
}
* @return Rest response wrapped around a Map of String to List of Search
* Result Item.
*/
- @RequestMapping(value = "/allPortal", method = RequestMethod.GET, produces = "application/json")
+ @GetMapping(value = "/allPortal", produces = "application/json")
public PortalRestResponse<Map<String, List<SearchResultItem>>> searchPortal(HttpServletRequest request,
@RequestParam String searchString) {
+ if(searchString!=null){
+ SecureString secureString = new SecureString(searchString);
+ if(!dataValidator.isValid(secureString)){
+ return new PortalRestResponse<>(PortalRestStatusEnum.ERROR,
+ "searchPortal: User object is invalid",
+ null);
+ }
+ }
EPUser user = EPUserUtils.getUserSession(request);
try {
if (user == null) {
return new PortalRestResponse<>(PortalRestStatusEnum.ERROR,
"searchPortal: User object is null? - check logs",
- new HashMap<String, List<SearchResultItem>>());
+ new HashMap<>());
} else if (searchString == null || searchString.trim().length() == 0) {
return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "searchPortal: String string is null",
- new HashMap<String, List<SearchResultItem>>());
+ new HashMap<>());
} else {
logger.debug(EELFLoggerDelegate.debugLogger, "searchPortal: user {}, search string '{}'",
user.getLoginId(), searchString);
} catch (Exception e) {
logger.error(EELFLoggerDelegate.errorLogger, "searchPortal failed", e);
return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, e.getMessage() + " - check logs.",
- new HashMap<String, List<SearchResultItem>>());
+ new HashMap<>());
}
}
* @param request
* @return Rest response wrapped around a list of String
*/
- @RequestMapping(value = "/activeUsers", method = RequestMethod.GET, produces = "application/json")
+ @GetMapping(value = "/activeUsers", produces = "application/json")
public List<String> getActiveUsers(HttpServletRequest request) {
List<String> activeUsers = null;
List<String> onlineUsers = new ArrayList<>();
* @param request
* @return Rest response wrapped around a List of String
*/
- @RequestMapping(value = "/relatedUsers", method = RequestMethod.GET, produces = "application/json")
+ @GetMapping(value = "/relatedUsers", produces = "application/json")
public PortalRestResponse<List<String>> activeUsers(HttpServletRequest request) {
EPUser user = EPUserUtils.getUserSession(request);
try {