Code Review / sdc.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
Removed MDC from four modules
[sdc.git] / openecomp-be / lib / openecomp-item-permissions-lib / openecomp-item-permissions-core / src / main / java / org / openecomp / sdc / itempermissions / servlet / PermissionsFilter.java
diff --git a/openecomp-be/lib/openecomp-item-permissions-lib/openecomp-item-permissions-core/src/main/java/org/openecomp/sdc/itempermissions/servlet/PermissionsFilter.java b/openecomp-be/lib/openecomp-item-permissions-lib/openecomp-item-permissions-core/src/main/java/org/openecomp/sdc/itempermissions/servlet/PermissionsFilter.java
index 21acc07..4a8f446 100644 (file)
--- a/openecomp-be/lib/openecomp-item-permissions-lib/openecomp-item-permissions-core/src/main/java/org/openecomp/sdc/itempermissions/servlet/PermissionsFilter.java
+++ b/openecomp-be/lib/openecomp-item-permissions-lib/openecomp-item-permissions-core/src/main/java/org/openecomp/sdc/itempermissions/servlet/PermissionsFilter.java
@@ -1,3 +1,19 @@
+/*
+ * Copyright © 2016-2017 European Support Limited
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
 package org.openecomp.sdc.itempermissions.servlet;
 
 import org.openecomp.sdc.itempermissions.PermissionsServices;
@@ -19,43 +35,51 @@ import java.io.IOException;
 public class PermissionsFilter implements Filter {
 
   private final PermissionsServices permissionsServices;
-  public static final String IRRELEVANT_REQUEST = "Irrelevant_Request";
-  public static final String EDIT_ITEM = "Edit_Item";
+  private static final String IRRELEVANT_REQUEST = "Irrelevant_Request";
+  private static final String EDIT_ITEM = "Edit_Item";
 
   public PermissionsFilter() {
     this.permissionsServices = PermissionsServicesFactory.getInstance().createInterface();
   }
 
   @Override
-  public void init(FilterConfig filterConfig) throws ServletException {
-
+  public void init(FilterConfig filterConfig) {
+    // required by servlet API
   }
 
   @Override
   public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse,
                        FilterChain filterChain) throws IOException, ServletException {
 
-    if (servletRequest instanceof HttpServletRequest) {
-      if (((HttpServletRequest) servletRequest).getMethod().equals("POST")
-            ||  ((HttpServletRequest) servletRequest).getMethod().equals("PUT")) {
-
-        String userId = ((HttpServletRequest) servletRequest).getHeader("USER_ID");
-        String itemId = parseItemIdFromPath(((HttpServletRequest) servletRequest).getPathInfo());
-        if ( ! itemId.equals(IRRELEVANT_REQUEST)) {
-          if ( !  permissionsServices.isAllowed(itemId,userId,EDIT_ITEM)) {
-            ((HttpServletResponse) servletResponse).setStatus(HttpServletResponse.SC_FORBIDDEN);
-            servletResponse.getWriter().print("Permissions Error. The user does not have " +
-                "permission to perform" +
-                " this action.");
-           return;
-          }
-        }
-      }
+    if ((servletRequest instanceof HttpServletRequest) &&
+      isIrrelevant((HttpServletRequest) servletRequest, servletResponse)) {
+        return;
     }
 
     filterChain.doFilter(servletRequest, servletResponse);
   }
 
+  private boolean isIrrelevant(HttpServletRequest servletRequest, ServletResponse servletResponse) throws IOException {
+
+
+    String method = servletRequest.getMethod();
+    if (method.equals("POST") || method.equals("PUT")) {
+
+      String userId = servletRequest.getHeader("USER_ID");
+      String itemId = parseItemIdFromPath(servletRequest.getPathInfo());
+
+      if (!itemId.equals(IRRELEVANT_REQUEST) && !permissionsServices.isAllowed(itemId,userId,EDIT_ITEM)) {
+          ((HttpServletResponse) servletResponse).setStatus(HttpServletResponse.SC_FORBIDDEN);
+          servletResponse.getWriter().print("Permissions Error. The user does not have " +
+              "permission to perform" +
+              " this action.");
+          return true;
+        }
+    }
+
+    return false;
+  }
+
   private String parseItemIdFromPath(String pathInfo) {
     String[] tokens = pathInfo.split("/");
     if (tokens.length < 4) {
@@ -67,6 +91,6 @@ public class PermissionsFilter implements Filter {
 
   @Override
   public void destroy() {
-
+    // required by serlvet API
   }
 }
SDC Parent Project Catalog FE and BE