X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=ecomp-portal-BE-common%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Fportalapp%2Fportal%2Fcontroller%2FDashboardController.java;h=17a2847672406723009550cd665eca32c18b311a;hb=6735f1d7ac1181dee536b6deaa024085f5ef2e75;hp=d8e8aeb0fea41f50e4ce0206700581269c9e0aa0;hpb=21a8761f684745bb300e075c7e98ad897ace9eed;p=portal.git diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/DashboardController.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/DashboardController.java index d8e8aeb0..17a28476 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/DashboardController.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/DashboardController.java @@ -33,7 +33,7 @@ * * ============LICENSE_END============================================ * - * ECOMP is a trademark and service mark of AT&T Intellectual Property. + * */ package org.onap.portalapp.portal.controller; @@ -66,6 +66,8 @@ import org.onap.portalapp.portal.utils.EPCommonSystemProperties; import org.onap.portalapp.portal.utils.EcompPortalUtils; import org.onap.portalapp.portal.utils.PortalConstants; import org.onap.portalapp.util.EPUserUtils; +import org.onap.portalapp.validation.DataValidator; +import org.onap.portalapp.validation.SecureString; import org.onap.portalsdk.core.domain.AuditLog; import org.onap.portalsdk.core.domain.support.CollaborateList; import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; @@ -76,6 +78,10 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Configuration; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.PostMapping; +import org.springframework.web.bind.annotation.PutMapping; +import org.springframework.web.bind.annotation.DeleteMapping; import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.RestController; @@ -87,19 +93,23 @@ import org.springframework.web.bind.annotation.RestController; @RestController @RequestMapping("/portalApi/dashboard") public class DashboardController extends EPRestrictedBaseController { + private static final DataValidator DATA_VALIDATOR = new DataValidator(); + private static final EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(DashboardController.class); - private static EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(DashboardController.class); - - @Autowired private DashboardSearchService searchService; - @Autowired private AuditService auditService; - - @Autowired private AdminRolesService adminRolesService; - + + @Autowired + public DashboardController(DashboardSearchService searchService, + AuditService auditService, AdminRolesService adminRolesService) { + this.searchService = searchService; + this.auditService = auditService; + this.adminRolesService = adminRolesService; + } + public enum WidgetCategory { - EVENTS, NEWS, IMPORTANTRESOURCES; + EVENTS, NEWS, IMPORTANTRESOURCES } /** @@ -126,14 +136,18 @@ public class DashboardController extends EPRestrictedBaseController { * Request parameter. * @return Rest response wrapped around a CommonWidgetMeta object. */ - @RequestMapping(value = "/widgetData", method = RequestMethod.GET, produces = "application/json") + @GetMapping(value = "/widgetData", produces = "application/json") public PortalRestResponse getWidgetData(HttpServletRequest request, @RequestParam String resourceType) { - if (!isValidResourceType(resourceType)) - return new PortalRestResponse(PortalRestStatusEnum.ERROR, - "Unexpected resource type " + resourceType, null); - return new PortalRestResponse(PortalRestStatusEnum.OK, "success", - searchService.getWidgetData(resourceType)); + if (!isValidResourceType(resourceType)) { + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, + "Unexpected resource type " + resourceType, null); + }else if (!DATA_VALIDATOR.isValid(new SecureString(resourceType))){ + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, + "Unsafe resource type " + resourceType, null); + } + return new PortalRestResponse<>(PortalRestStatusEnum.OK, "success", + searchService.getWidgetData(resourceType)); } @@ -144,23 +158,26 @@ public class DashboardController extends EPRestrictedBaseController { * read from POST body. * @return Rest response wrapped around a String; e.g., "success" or "ERROR" */ - @RequestMapping(value = "/widgetDataBulk", method = RequestMethod.POST, produces = "application/json") + @PostMapping(value = "/widgetDataBulk", produces = "application/json") public PortalRestResponse saveWidgetDataBulk(@RequestBody CommonWidgetMeta commonWidgetMeta) { logger.debug(EELFLoggerDelegate.debugLogger, "saveWidgetDataBulk: argument is {}", commonWidgetMeta); - if (commonWidgetMeta.getCategory() == null || commonWidgetMeta.getCategory().trim().equals("")) - return new PortalRestResponse(PortalRestStatusEnum.ERROR, "ERROR", - "Category cannot be null or empty"); - if (!isValidResourceType(commonWidgetMeta.getCategory())) - return new PortalRestResponse(PortalRestStatusEnum.ERROR, - "Unexpected resource type " + commonWidgetMeta.getCategory(), null); - // validate dates + if (!DATA_VALIDATOR.isValid(commonWidgetMeta)){ + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, + "Unsafe resource type " + commonWidgetMeta, "ERROR"); + }else if (commonWidgetMeta.getCategory() == null || commonWidgetMeta.getCategory().trim().equals("")) { + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "ERROR", + "Category cannot be null or empty"); + }else if (!isValidResourceType(commonWidgetMeta.getCategory())) { + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, + "Unexpected resource type " + commonWidgetMeta.getCategory(), null); + } for (CommonWidget cw : commonWidgetMeta.getItems()) { String err = validateCommonWidget(cw); if (err != null) - return new PortalRestResponse(PortalRestStatusEnum.ERROR, err, null); + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, err, null); } - return new PortalRestResponse(PortalRestStatusEnum.OK, "success", - searchService.saveWidgetDataBulk(commonWidgetMeta)); + return new PortalRestResponse<>(PortalRestStatusEnum.OK, "success", + searchService.saveWidgetDataBulk(commonWidgetMeta)); } /** @@ -170,23 +187,26 @@ public class DashboardController extends EPRestrictedBaseController { * read from POST body * @return Rest response wrapped around a String; e.g., "success" or "ERROR" */ - @RequestMapping(value = "/widgetData", method = RequestMethod.POST, produces = "application/json") - public PortalRestResponse saveWidgetData(@RequestBody CommonWidget commonWidget, HttpServletRequest request, - HttpServletResponse response) { + @PostMapping(value = "/widgetData", produces = "application/json") + public PortalRestResponse saveWidgetData(@RequestBody CommonWidget commonWidget, HttpServletRequest request, HttpServletResponse response) { logger.debug(EELFLoggerDelegate.debugLogger, "saveWidgetData: argument is {}", commonWidget); EPUser user = EPUserUtils.getUserSession(request); if (adminRolesService.isSuperAdmin(user)) { - if (commonWidget.getCategory() == null || commonWidget.getCategory().trim().isEmpty()) - return new PortalRestResponse(PortalRestStatusEnum.ERROR, "ERROR", - "Category cannot be null or empty"); + if (commonWidget.getCategory() == null || commonWidget.getCategory().trim().isEmpty()) { + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "ERROR", + "Category cannot be null or empty"); + }else if (!DATA_VALIDATOR.isValid(commonWidget)){ + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, + "Unsafe resource type " + commonWidget, "ERROR"); + } String err = validateCommonWidget(commonWidget); if (err != null) - return new PortalRestResponse(PortalRestStatusEnum.ERROR, err, null); - return new PortalRestResponse(PortalRestStatusEnum.OK, "success", - searchService.saveWidgetData(commonWidget)); + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, err, null); + return new PortalRestResponse<>(PortalRestStatusEnum.OK, "success", + searchService.saveWidgetData(commonWidget)); } else { EcompPortalUtils.setBadPermissions(user, response, "saveWidgetData"); - return new PortalRestResponse(PortalRestStatusEnum.ERROR, "Failed", null); + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "Failed", null); } } @@ -233,11 +253,15 @@ public class DashboardController extends EPRestrictedBaseController { * read from POST body * @return Rest response wrapped around a String; e.g., "success" or "ERROR" */ - @RequestMapping(value = "/deleteData", method = RequestMethod.POST, produces = "application/json") + @PostMapping(value = "/deleteData", produces = "application/json") public PortalRestResponse deleteWidgetData(@RequestBody CommonWidget commonWidget) { logger.debug(EELFLoggerDelegate.debugLogger, "deleteWidgetData: argument is {}", commonWidget); - return new PortalRestResponse(PortalRestStatusEnum.OK, "success", - searchService.deleteWidgetData(commonWidget)); + if (!DATA_VALIDATOR.isValid(commonWidget)){ + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, + "Unsafe resource type " + commonWidget, "ERROR"); + } + return new PortalRestResponse<>(PortalRestStatusEnum.OK, "success", + searchService.deleteWidgetData(commonWidget)); } /** @@ -249,10 +273,13 @@ public class DashboardController extends EPRestrictedBaseController { * Result Item. */ @EPAuditLog - @RequestMapping(value = "/search", method = RequestMethod.GET, produces = "application/json") + @GetMapping(value = "/search", produces = "application/json") public PortalRestResponse>> searchPortal(HttpServletRequest request, @RequestParam String searchString) { - + if (!DATA_VALIDATOR.isValid(new SecureString(searchString))){ + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "searchPortal: String string is not safe", + new HashMap<>()); + } if (searchString != null) searchString = searchString.trim(); EPUser user = EPUserUtils.getUserSession(request); @@ -260,10 +287,10 @@ public class DashboardController extends EPRestrictedBaseController { if (user == null) { return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "searchPortal: User object is null? - check logs", - new HashMap>()); + new HashMap<>()); } else if (searchString == null || searchString.length() == 0) { return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "searchPortal: String string is null", - new HashMap>()); + new HashMap<>()); } else { logger.debug(EELFLoggerDelegate.debugLogger, "searchPortal: user {}, search string '{}'", user.getLoginId(), searchString); @@ -274,21 +301,28 @@ public class DashboardController extends EPRestrictedBaseController { auditLog.setUserId(user.getId()); auditLog.setActivityCode(EcompAuditLog.CD_ACTIVITY_SEARCH); auditLog.setComments(EcompPortalUtils.truncateString(searchString, PortalConstants.AUDIT_LOG_COMMENT_SIZE)); - MDC.put(EPCommonSystemProperties.AUDITLOG_BEGIN_TIMESTAMP,EPEELFLoggerAdvice.getCurrentDateTimeUTC()); + MDC.put(EPCommonSystemProperties.AUDITLOG_BEGIN_TIMESTAMP,EPEELFLoggerAdvice.getCurrentDateTimeUTC()); + MDC.put(EPCommonSystemProperties.PARTNER_NAME, EPCommonSystemProperties.ECOMP_PORTAL_FE); + MDC.put(com.att.eelf.configuration.Configuration.MDC_SERVICE_NAME, EPCommonSystemProperties.ECOMP_PORTAL_BE); auditService.logActivity(auditLog, null); MDC.put(EPCommonSystemProperties.AUDITLOG_END_TIMESTAMP,EPEELFLoggerAdvice.getCurrentDateTimeUTC()); + + MDC.put(EPCommonSystemProperties.STATUS_CODE, "COMPLETE"); EcompPortalUtils.calculateDateTimeDifferenceForLog(MDC.get(EPCommonSystemProperties.AUDITLOG_BEGIN_TIMESTAMP),MDC.get(EPCommonSystemProperties.AUDITLOG_END_TIMESTAMP)); logger.info(EELFLoggerDelegate.auditLogger, EPLogUtil.formatAuditLogMessage("DashboardController.PortalRestResponse", EcompAuditLog.CD_ACTIVITY_SEARCH, user.getOrgUserId(), null, searchString)); MDC.remove(EPCommonSystemProperties.AUDITLOG_BEGIN_TIMESTAMP); MDC.remove(EPCommonSystemProperties.AUDITLOG_END_TIMESTAMP); MDC.remove(SystemProperties.MDC_TIMER); + MDC.remove(EPCommonSystemProperties.STATUS_CODE); return new PortalRestResponse<>(PortalRestStatusEnum.OK, "success", results); } } catch (Exception e) { logger.error(EELFLoggerDelegate.errorLogger, "searchPortal failed", e); + MDC.put(EPCommonSystemProperties.STATUS_CODE, "ERROR"); + MDC.remove(EPCommonSystemProperties.STATUS_CODE); return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, e.getMessage() + " - check logs.", - new HashMap>()); + new HashMap<>()); } } @@ -300,9 +334,9 @@ public class DashboardController extends EPRestrictedBaseController { * @param request * @return Rest response wrapped around a list of String */ - @RequestMapping(value = "/activeUsers", method = RequestMethod.GET, produces = "application/json") + @GetMapping(value = "/activeUsers", produces = "application/json") public List getActiveUsers(HttpServletRequest request) { - List activeUsers = null; + List activeUsers; List onlineUsers = new ArrayList<>(); try { EPUser user = EPUserUtils.getUserSession(request); @@ -328,14 +362,14 @@ public class DashboardController extends EPRestrictedBaseController { * @param request * @return Rest response wrapped around a number that is the number of milliseconds. */ - @RequestMapping(value = "/onlineUserUpdateRate", method = RequestMethod.GET, produces = "application/json") + @GetMapping(value = "/onlineUserUpdateRate", produces = "application/json") public PortalRestResponse> getOnlineUserUpdateRate(HttpServletRequest request) { try { String updateRate = SystemProperties.getProperty(EPCommonSystemProperties.ONLINE_USER_UPDATE_RATE); String updateDuration = SystemProperties.getProperty(EPCommonSystemProperties.ONLINE_USER_UPDATE_DURATION); Integer rateInMiliSec = Integer.valueOf(updateRate)*1000; Integer durationInMiliSec = Integer.valueOf(updateDuration)*1000; - Map results = new HashMap(); + Map results = new HashMap<>(); results.put("onlineUserUpdateRate", String.valueOf(rateInMiliSec)); results.put("onlineUserUpdateDuration", String.valueOf(durationInMiliSec)); return new PortalRestResponse<>(PortalRestStatusEnum.OK, "success", results); @@ -351,12 +385,12 @@ public class DashboardController extends EPRestrictedBaseController { * @param request * @return Rest response wrapped around a number that is the window width threshold to collapse right menu. */ - @RequestMapping(value = "/windowWidthThresholdRightMenu", method = RequestMethod.GET, produces = "application/json") + @GetMapping(value = "/windowWidthThresholdRightMenu", produces = "application/json") public PortalRestResponse> getWindowWidthThresholdForRightMenu(HttpServletRequest request) { try { String windowWidthString = SystemProperties.getProperty(EPCommonSystemProperties.WINDOW_WIDTH_THRESHOLD_RIGHT_MENU); Integer windowWidth = Integer.valueOf(windowWidthString); - Map results = new HashMap(); + Map results = new HashMap<>(); results.put("windowWidth", String.valueOf(windowWidth)); return new PortalRestResponse<>(PortalRestStatusEnum.OK, "success", results); } catch (Exception e) { @@ -372,12 +406,12 @@ public class DashboardController extends EPRestrictedBaseController { * @param request * @return Rest response wrapped around a number that is the window width threshold to collapse the left menu. */ - @RequestMapping(value = "/windowWidthThresholdLeftMenu", method = RequestMethod.GET, produces = "application/json") + @GetMapping(value = "/windowWidthThresholdLeftMenu", produces = "application/json") public PortalRestResponse> getWindowWidthThresholdForLeftMenu(HttpServletRequest request) { try { String windowWidthString = SystemProperties.getProperty(EPCommonSystemProperties.WINDOW_WIDTH_THRESHOLD_LEFT_MENU); Integer windowWidth = Integer.valueOf(windowWidthString); - Map results = new HashMap(); + Map results = new HashMap<>(); results.put("windowWidth", String.valueOf(windowWidth)); return new PortalRestResponse<>(PortalRestStatusEnum.OK, "success", results); } catch (Exception e) { @@ -392,7 +426,7 @@ public class DashboardController extends EPRestrictedBaseController { * @param request * @return Rest response wrapped around a List of String */ - @RequestMapping(value = "/relatedUsers", method = RequestMethod.GET, produces = "application/json") + @GetMapping(value = "/relatedUsers", produces = "application/json") public PortalRestResponse> activeUsers(HttpServletRequest request) { EPUser user = EPUserUtils.getUserSession(request); try {