Merge "Fix sql injection vulnerability"

[portal.git] / ecomp-portal-FE-common / client / app / services / users / users.service.js

diff --git a/ecomp-portal-FE-common/client/app/services/users/users.service.js b/ecomp-portal-FE-common/client/app/services/users/users.service.js
index dc415c4..045c674 100644 (file)
--- a/ecomp-portal-FE-common/client/app/services/users/users.service.js
+++ b/ecomp-portal-FE-common/client/app/services/users/users.service.js
@@ -131,7 +131,7 @@
             return deferred.promise;
         }
 
-        getUserAppRoles(appid, orgUserId, extRequestValue){
+        getUserAppRoles(appid, orgUserId, extRequestValue,isSystemUser){
                let canceller = this.$q.defer();
             let isActive = false;
 
@@ -148,7 +148,7 @@
             this.$http({
                 method: 'GET',
                 url: this.conf.api.userAppRoles,
-                params: {user: orgUserId, app: appid, externalRequest: extRequestValue},
+                params: {user: orgUserId, app: appid, externalRequest: extRequestValue,isSystemUser: isSystemUser},
                 cache: false,
                 headers: {
                     'X-ECOMP-RequestID':this.uuid.generate()
@@ -200,8 +200,8 @@
             }).then( res => {
                 // this.$log.debug('getUserAppRoles response: ', JSON.stringify(res))
                 // If response comes back as a redirected HTML page which IS NOT a success
-                if (this.utilsService.isValidJSON(res)== false) {
-                    deferred.reject('UsersService::updateUserAppRoles: Failed');
+                if (this.utilsService.isValidJSON(res)== false ||  res.data.httpStatusCode == '500' || res.data.status == 'ERROR') {
+                    deferred.reject('UsersService::updateUserAppRoles: Failed'  + res.data.message);
                 } else {
                     // this.$log.info('UsersService::updateUserAppRoles: Succeeded');
                     deferred.resolve(res.data);