X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=ecomp-portal-BE-common%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Fportalapp%2Fportal%2Fcontroller%2FExternalAccessRolesController.java;h=83b5155d8307d4e6230351707fcaf2dd15c1a040;hb=e02f5fbb88b7fabc07121a9dcffd3840e2c1a12a;hp=e0bf7b0110a5a8c20a7a13042f6fd286b8fe26db;hpb=2edaa4d6a5f7066e0c718f85a7bf7b8dabd0c59b;p=portal.git diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/ExternalAccessRolesController.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/ExternalAccessRolesController.java index e0bf7b01..83b5155d 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/ExternalAccessRolesController.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/ExternalAccessRolesController.java @@ -2,7 +2,9 @@ * ============LICENSE_START========================================== * ONAP Portal * =================================================================== - * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved. + * =================================================================== + * Modification Copyright © 2020 IBM. * =================================================================== * * Unless otherwise specified, all software contained herein is licensed @@ -43,6 +45,8 @@ import java.util.ArrayList; import java.util.HashMap; import java.util.List; import java.util.Map; +import java.util.Set; +import java.util.TreeSet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -59,6 +63,7 @@ import org.onap.portalapp.portal.logging.aop.EPAuditLog; import org.onap.portalapp.portal.logging.aop.EPEELFLoggerAdvice; import org.onap.portalapp.portal.logging.logic.EPLogUtil; import org.onap.portalapp.portal.service.ExternalAccessRolesService; +import org.onap.portalsdk.core.service.UserService; import org.onap.portalapp.portal.transport.CentralRole; import org.onap.portalapp.portal.transport.CentralRoleFunction; import org.onap.portalapp.portal.transport.CentralUser; @@ -67,6 +72,8 @@ import org.onap.portalapp.portal.transport.ExternalRequestFieldsValidator; import org.onap.portalapp.portal.utils.EPCommonSystemProperties; import org.onap.portalapp.portal.utils.EcompPortalUtils; import org.onap.portalapp.portal.utils.PortalConstants; +import org.onap.portalapp.validation.DataValidator; +import org.onap.portalapp.validation.SecureString; import org.onap.portalsdk.core.domain.AuditLog; import org.onap.portalsdk.core.domain.Role; import org.onap.portalsdk.core.domain.User; @@ -74,7 +81,6 @@ import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; import org.onap.portalsdk.core.restful.domain.EcompRole; import org.onap.portalsdk.core.restful.domain.EcompUser; import org.onap.portalsdk.core.service.AuditService; -import org.onap.portalsdk.core.service.UserService; import org.onap.portalsdk.core.service.UserServiceCentalizedImpl; import org.onap.portalsdk.core.util.SystemProperties; import org.onap.portalsdk.core.web.support.UserUtils; @@ -86,9 +92,10 @@ import org.springframework.http.ResponseEntity; import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RequestMethod; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.PostMapping; +import org.springframework.web.bind.annotation.DeleteMapping; import org.springframework.web.bind.annotation.RestController; -import org.springframework.web.client.RestTemplate; import com.fasterxml.jackson.databind.DeserializationFeature; import com.fasterxml.jackson.databind.ObjectMapper; @@ -102,24 +109,18 @@ import io.swagger.annotations.ApiOperation; @EnableAspectJAutoProxy @EPAuditLog public class ExternalAccessRolesController implements BasicAuthenticationController { - private static final String ROLE_INVALID_CHARS = "%=():,\"\""; - private static final String SUCCESSFULLY_DELETED = "Successfully Deleted"; - - private static final String INVALID_UEB_KEY = "Invalid uebkey!"; - + private static final String INVALID_UEB_KEY = "Invalid credentials!"; private static final String LOGIN_ID = "LoginId"; - - RestTemplate template = new RestTemplate(); + private static final String UEBKEY = "uebkey"; + + private static final EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(ExternalAccessRolesController.class); + private static final DataValidator DATA_VALIDATOR = new DataValidator(); @Autowired private AuditService auditService; - private static final String UEBKEY = "uebkey"; - - private static EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(ExternalAccessRolesController.class); - @Autowired private ExternalAccessRolesService externalAccessRolesService; @@ -127,11 +128,15 @@ public class ExternalAccessRolesController implements BasicAuthenticationControl private UserService userservice = new UserServiceCentalizedImpl(); @ApiOperation(value = "Gets user role for an application.", response = CentralUser.class, responseContainer="List") - @RequestMapping(value = { - "/user/{loginId}" }, method = RequestMethod.GET, produces = "application/json") + @GetMapping(value = { + "/user/{loginId}" }, produces = "application/json") public CentralUser getUser(HttpServletRequest request, HttpServletResponse response, @PathVariable("loginId") String loginId) throws Exception { - + if (!DATA_VALIDATOR.isValid(new SecureString(loginId))){ + sendErrorResponse(response, new Exception("Data is not valid")); + logger.error(EELFLoggerDelegate.errorLogger, "getUser not valid data"); + return null; + } CentralUser answer = null; try { fieldsValidation(request); @@ -144,10 +149,15 @@ public class ExternalAccessRolesController implements BasicAuthenticationControl } @ApiOperation(value = "Gets user roles for an application which is upgraded to newer version.", response = String.class, responseContainer="List") - @RequestMapping(value = { - "/v1/user/{loginId}" }, method = RequestMethod.GET, produces = "application/json") + @GetMapping(value = { + "/v1/user/{loginId}" }, produces = "application/json") public String getV2UserList(HttpServletRequest request, HttpServletResponse response, @PathVariable("loginId") String loginId) throws Exception { + if (!DATA_VALIDATOR.isValid(new SecureString(loginId))){ + sendErrorResponse(response, new Exception("Data is not valid")); + logger.error(EELFLoggerDelegate.errorLogger, "getV2UserList not valid data"); + return "Data is not valid"; + } String answer = null; try { fieldsValidation(request); @@ -160,8 +170,8 @@ public class ExternalAccessRolesController implements BasicAuthenticationControl } @ApiOperation(value = "Gets roles for an application.", response = CentralRole.class, responseContainer="Json") - @RequestMapping(value = { - "/roles" }, method = RequestMethod.GET, produces = "application/json") + @GetMapping(value = { + "/roles" }, produces = "application/json") public List getRolesForApp(HttpServletRequest request, HttpServletResponse response) throws Exception { logger.debug(EELFLoggerDelegate.debugLogger, "Request received for getRolesForApp"); List v2CenRole = null; @@ -184,8 +194,8 @@ public class ExternalAccessRolesController implements BasicAuthenticationControl } @ApiOperation(value = "Gets roles for an application which is upgraded to newer version.", response = CentralV2Role.class, responseContainer="Json") - @RequestMapping(value = { - "/v1/roles" }, method = RequestMethod.GET, produces = "application/json") + @GetMapping(value = { + "/v1/roles" }, produces = "application/json") public List getV2RolesForApp(HttpServletRequest request, HttpServletResponse response) throws Exception { logger.debug(EELFLoggerDelegate.debugLogger, "Request received for getV2RolesForApp"); List answer = null; @@ -206,8 +216,8 @@ public class ExternalAccessRolesController implements BasicAuthenticationControl } @ApiOperation(value = "Gets all role functions for an application for older version.", response = CentralRoleFunction.class, responseContainer="Json") - @RequestMapping(value = { - "/functions" }, method = RequestMethod.GET, produces = "application/json") + @GetMapping(value = { + "/functions" }, produces = "application/json") public List getRoleFunctionsList(HttpServletRequest request, HttpServletResponse response) throws Exception { List answer = null; @@ -231,8 +241,8 @@ public class ExternalAccessRolesController implements BasicAuthenticationControl } @ApiOperation(value = "Gets all role functions for an application which is upgraded to newer version.", response = CentralV2RoleFunction.class, responseContainer="Json") - @RequestMapping(value = { - "/v1/functions" }, method = RequestMethod.GET, produces = "application/json") + @GetMapping(value = { + "/v1/functions" }, produces = "application/json") public List getV2RoleFunctionsList(HttpServletRequest request, HttpServletResponse response) throws Exception { List cenRoleFuncList = null; @@ -255,8 +265,8 @@ public class ExternalAccessRolesController implements BasicAuthenticationControl @ApiOperation(value = "Gets role information for an application.", response = CentralRole.class, responseContainer="Json") - @RequestMapping(value = { - "/role/{role_id}" }, method = RequestMethod.GET, produces = "application/json") + @GetMapping(value = { + "/role/{role_id}" }, produces = "application/json") public CentralRole getRoleInfo(HttpServletRequest request, HttpServletResponse response, @PathVariable("role_id") Long roleId) throws Exception { CentralV2Role answer = null; @@ -275,8 +285,8 @@ public class ExternalAccessRolesController implements BasicAuthenticationControl } @ApiOperation(value = "Gets v2 role information for an application which is upgraded to newer version.", response = CentralV2Role.class, responseContainer="Json") - @RequestMapping(value = { - "/v1/role/{role_id}" }, method = RequestMethod.GET, produces = "application/json") + @GetMapping(value = { + "/v1/role/{role_id}" }, produces = "application/json") public CentralV2Role getV2RoleInfo(HttpServletRequest request, HttpServletResponse response, @PathVariable("role_id") Long roleId) throws Exception { CentralV2Role answer = null; @@ -293,11 +303,15 @@ public class ExternalAccessRolesController implements BasicAuthenticationControl } @ApiOperation(value = "Gets role information for an application provided by function code.", response = CentralRoleFunction.class, responseContainer = "Json") - @RequestMapping(value = { "/function/{code}" }, method = RequestMethod.GET, produces = "application/json") + @GetMapping(value = { "/function/{code}" }, produces = "application/json") public CentralRoleFunction getRoleFunction(HttpServletRequest request, HttpServletResponse response, @PathVariable("code") String code) throws Exception { CentralV2RoleFunction centralV2RoleFunction = null; CentralRoleFunction centralRoleFunction = new CentralRoleFunction(); + if(!DATA_VALIDATOR.isValid(new SecureString(code))){ + sendErrorResponse(response, new Exception("Data is not valid")); + logger.error(EELFLoggerDelegate.errorLogger, "getRoleFunction failed", new Exception("Data is not valid")); + } try { fieldsValidation(request); centralV2RoleFunction = externalAccessRolesService.getRoleFunction(code, request.getHeader(UEBKEY)); @@ -312,10 +326,14 @@ public class ExternalAccessRolesController implements BasicAuthenticationControl } @ApiOperation(value = "Gets role information for an application provided by function code.", response = CentralV2RoleFunction.class, responseContainer = "Json") - @RequestMapping(value = { "/v1/function/{code}" }, method = RequestMethod.GET, produces = "application/json") + @GetMapping(value = { "/v1/function/{code}" }, produces = "application/json") public CentralV2RoleFunction getV2RoleFunction(HttpServletRequest request, HttpServletResponse response, @PathVariable("code") String code) throws Exception { CentralV2RoleFunction centralV2RoleFunction = null; + if(!DATA_VALIDATOR.isValid(new SecureString(code))){ + sendErrorResponse(response, new Exception("Data is not valid")); + logger.error(EELFLoggerDelegate.errorLogger, "getV2RoleFunction failed", new Exception("Data is not valid")); + } try { fieldsValidation(request); centralV2RoleFunction = externalAccessRolesService.getRoleFunction(code, request.getHeader(UEBKEY)); @@ -330,18 +348,22 @@ public class ExternalAccessRolesController implements BasicAuthenticationControl } @ApiOperation(value = "Saves role function for an application.", response = PortalRestResponse.class, responseContainer = "Json") - @RequestMapping(value = { "/roleFunction" }, method = RequestMethod.POST, produces = "application/json") + @PostMapping(value = { "/roleFunction" }, produces = "application/json") public PortalRestResponse saveRoleFunction(HttpServletRequest request, HttpServletResponse response, - @RequestBody String roleFunc) throws Exception { + @RequestBody String roleFunc) { String status = "Successfully saved!"; + if(!DATA_VALIDATOR.isValid(new SecureString(roleFunc))){ + logger.error(EELFLoggerDelegate.errorLogger, "saveRoleFunction failed"); + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, + "Failed to roleFunc, not valid data.", "Failed"); + } try { fieldsValidation(request); - String data = roleFunc; - ObjectMapper mapper = new ObjectMapper(); + ObjectMapper mapper = new ObjectMapper(); List applicationList = externalAccessRolesService.getApp(request.getHeader(UEBKEY)); EPApp requestedApp = applicationList.get(0); mapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false); - CentralV2RoleFunction availableRoleFunction = mapper.readValue(data, CentralV2RoleFunction.class); + CentralV2RoleFunction availableRoleFunction = mapper.readValue(roleFunc, CentralV2RoleFunction.class); CentralV2RoleFunction domainRoleFunction = null; boolean isCentralV2Version = false; if(availableRoleFunction.getType()!=null && availableRoleFunction.getAction()!= null) { @@ -403,8 +425,8 @@ public class ExternalAccessRolesController implements BasicAuthenticationControl MDC.remove(SystemProperties.MDC_TIMER); } else { logger.error(EELFLoggerDelegate.errorLogger, "saveRoleFunction failed"); - return new PortalRestResponse(PortalRestStatusEnum.ERROR, - "Failed to saveRoleFunction for '" + availableRoleFunction.getCode() + "'", "Failed"); + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, + "Failed to saveRoleFunction for '" + availableRoleFunction.getCode() + "'", "Failed"); } } catch (Exception e) { if (e.getMessage() == null ||e.getMessage().contains(INVALID_UEB_KEY)) { @@ -413,15 +435,20 @@ public class ExternalAccessRolesController implements BasicAuthenticationControl response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); } logger.error(EELFLoggerDelegate.errorLogger, "saveRoleFunction failed", e); - return new PortalRestResponse(PortalRestStatusEnum.ERROR, e.getMessage(), "Failed"); + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, e.getMessage(), "Failed"); } - return new PortalRestResponse(PortalRestStatusEnum.OK, status, "Success"); + return new PortalRestResponse<>(PortalRestStatusEnum.OK, status, "Success"); } @ApiOperation(value = "Deletes role function for an application.", response = PortalRestResponse.class, responseContainer = "Json") - @RequestMapping(value = { "/roleFunction/{code}" }, method = RequestMethod.DELETE, produces = "application/json") + @DeleteMapping(value = { "/roleFunction/{code}" }, produces = "application/json") public PortalRestResponse deleteRoleFunction(HttpServletRequest request, HttpServletResponse response, - @PathVariable("code") String code) throws Exception { + @PathVariable("code") String code) { + if(!DATA_VALIDATOR.isValid(new SecureString(code))){ + logger.error(EELFLoggerDelegate.errorLogger, "deleteRoleFunction failed"); + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, + "Failed to deleteRoleFunction, not valid data.", "Failed"); + } try { fieldsValidation(request); EPUser user = externalAccessRolesService.getUser(request.getHeader(LOGIN_ID)).get(0); @@ -452,8 +479,8 @@ public class ExternalAccessRolesController implements BasicAuthenticationControl MDC.remove(SystemProperties.MDC_TIMER); } else { logger.error(EELFLoggerDelegate.errorLogger, "deleteRoleFunction failed"); - return new PortalRestResponse(PortalRestStatusEnum.ERROR, - "Failed to deleteRoleFunction for '" + code + "'", "Failed"); + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, + "Failed to deleteRoleFunction for '" + code + "'", "Failed"); } } catch (Exception e) { if (e.getMessage().contains(INVALID_UEB_KEY)) { @@ -469,9 +496,9 @@ public class ExternalAccessRolesController implements BasicAuthenticationControl } @ApiOperation(value = "Saves role for an application.", response = PortalRestResponse.class, responseContainer = "Json") - @RequestMapping(value = { "/role" }, method = RequestMethod.POST, produces = "application/json") + @PostMapping(value = { "/role" }, produces = "application/json") public PortalRestResponse saveRole(HttpServletRequest request, HttpServletResponse response, - @RequestBody Role role) throws Exception { + @RequestBody Role role) { try { fieldsValidation(request); ExternalRequestFieldsValidator saveRoleResult = null; @@ -524,15 +551,20 @@ public class ExternalAccessRolesController implements BasicAuthenticationControl response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); } logger.error(EELFLoggerDelegate.errorLogger, "saveRole failed", e); - return new PortalRestResponse(PortalRestStatusEnum.ERROR, e.getMessage(), "Failed"); + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, e.getMessage(), "Failed"); } - return new PortalRestResponse(PortalRestStatusEnum.OK, "Successfully Saved", "Success"); + return new PortalRestResponse<>(PortalRestStatusEnum.OK, "Successfully Saved", "Success"); } @ApiOperation(value = "Deletes role for an application.", response = PortalRestResponse.class, responseContainer = "Json") - @RequestMapping(value = { "/deleteRole/{code}" }, method = RequestMethod.DELETE, produces = "application/json") + @DeleteMapping(value = { "/deleteRole/{code}" }, produces = "application/json") public PortalRestResponse deleteRole(HttpServletRequest request, HttpServletResponse response, - @PathVariable String code) throws Exception { + @PathVariable String code) { + if(!DATA_VALIDATOR.isValid(new SecureString(code))){ + logger.error(EELFLoggerDelegate.errorLogger, "deleteRole failed"); + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, + "Failed to deleteRole, not valid data.", "Failed"); + } try { fieldsValidation(request); boolean deleteResponse = externalAccessRolesService.deleteRoleForApplication(code, @@ -564,8 +596,8 @@ public class ExternalAccessRolesController implements BasicAuthenticationControl MDC.remove(SystemProperties.MDC_TIMER); } else { logger.error(EELFLoggerDelegate.errorLogger, "deleteRole failed"); - return new PortalRestResponse(PortalRestStatusEnum.ERROR, - "Failed to deleteRole for '" + code + "'", "Failed"); + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, + "Failed to deleteRole for '" + code + "'", "Failed"); } } catch (Exception e) { if (e.getMessage().contains(INVALID_UEB_KEY)) { @@ -574,13 +606,13 @@ public class ExternalAccessRolesController implements BasicAuthenticationControl response.setStatus(HttpServletResponse.SC_BAD_REQUEST); } logger.error(EELFLoggerDelegate.errorLogger, "deleteRole failed", e); - return new PortalRestResponse(PortalRestStatusEnum.ERROR, e.getMessage(), "Failed"); + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, e.getMessage(), "Failed"); } - return new PortalRestResponse(PortalRestStatusEnum.OK, SUCCESSFULLY_DELETED, "Success"); + return new PortalRestResponse<>(PortalRestStatusEnum.OK, SUCCESSFULLY_DELETED, "Success"); } @ApiOperation(value = "Gets active roles for an application.", response = CentralRole.class, responseContainer = "Json") - @RequestMapping(value = { "/activeRoles" }, method = RequestMethod.GET, produces = "application/json") + @GetMapping(value = { "/activeRoles" }, produces = "application/json") public List getActiveRoles(HttpServletRequest request, HttpServletResponse response) throws Exception { List roles = null; try { @@ -596,7 +628,7 @@ public class ExternalAccessRolesController implements BasicAuthenticationControl } @ApiOperation(value = "Gets active roles for an application.", response = CentralV2Role.class, responseContainer = "Json") - @RequestMapping(value = { "/v1/activeRoles" }, method = RequestMethod.GET, produces = "application/json") + @GetMapping(value = { "/v1/activeRoles" }, produces = "application/json") public List getV2ActiveRoles(HttpServletRequest request, HttpServletResponse response) throws Exception { List cenRole = null; try { @@ -611,9 +643,9 @@ public class ExternalAccessRolesController implements BasicAuthenticationControl } @ApiOperation(value = "deletes user roles for an application.", response = PortalRestResponse.class, responseContainer = "Json") - @RequestMapping(value = { "/deleteDependcyRoleRecord/{roleId}" }, method = RequestMethod.DELETE, produces = "application/json") + @DeleteMapping(value = { "/deleteDependcyRoleRecord/{roleId}" }, produces = "application/json") public PortalRestResponse deleteDependencyRoleRecord(HttpServletRequest request, HttpServletResponse response, - @PathVariable("roleId") Long roleId) throws Exception { + @PathVariable("roleId") Long roleId) { ExternalRequestFieldsValidator removeResult = null; try { fieldsValidation(request); @@ -638,9 +670,9 @@ public class ExternalAccessRolesController implements BasicAuthenticationControl @ApiOperation(value = "deletes roles for an application.", response = PortalRestResponse.class, responseContainer = "Json") - @RequestMapping(value = { "/v2/deleteRole/{roleId}" }, method = RequestMethod.DELETE, produces = "application/json") + @DeleteMapping(value = { "/v2/deleteRole/{roleId}" }, produces = "application/json") public PortalRestResponse deleteRole(HttpServletRequest request, HttpServletResponse response, - @PathVariable("roleId") Long roleId) throws Exception { + @PathVariable("roleId") Long roleId) { ExternalRequestFieldsValidator removeResult = null; try { fieldsValidation(request); @@ -665,64 +697,64 @@ public class ExternalAccessRolesController implements BasicAuthenticationControl @ApiOperation(value = "Bulk upload functions for an application.", response = PortalRestResponse.class, responseContainer = "Json") - @RequestMapping(value = { "/upload/portal/functions" }, method = RequestMethod.POST, produces = "application/json") - public PortalRestResponse bulkUploadFunctions(HttpServletRequest request, HttpServletResponse response) throws Exception { + @PostMapping(value = { "/upload/portal/functions" }, produces = "application/json") + public PortalRestResponse bulkUploadFunctions(HttpServletRequest request, HttpServletResponse response) { Integer result = 0; try { result = externalAccessRolesService.bulkUploadFunctions(request.getHeader(UEBKEY)); } catch (Exception e) { response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); logger.error(EELFLoggerDelegate.errorLogger, "bulkUploadFunctions failed", e); - return new PortalRestResponse(PortalRestStatusEnum.ERROR, "Failed to bulkUploadFunctions", "Failed"); + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "Failed to bulkUploadFunctions", "Failed"); } - return new PortalRestResponse(PortalRestStatusEnum.OK, "Successfully added: "+result, "Success"); + return new PortalRestResponse<>(PortalRestStatusEnum.OK, "Successfully added: " + result, "Success"); } @ApiOperation(value = "Bulk upload roles for an application.", response = PortalRestResponse.class, responseContainer = "Json") - @RequestMapping(value = { "/upload/portal/roles" }, method = RequestMethod.POST, produces = "application/json") - public PortalRestResponse bulkUploadRoles(HttpServletRequest request, HttpServletResponse response) throws Exception { + @PostMapping(value = { "/upload/portal/roles" }, produces = "application/json") + public PortalRestResponse bulkUploadRoles(HttpServletRequest request, HttpServletResponse response) { Integer result = 0; try { result = externalAccessRolesService.bulkUploadRoles(request.getHeader(UEBKEY)); } catch (Exception e) { response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); logger.error(EELFLoggerDelegate.errorLogger, "bulkUploadRoles failed", e); - return new PortalRestResponse(PortalRestStatusEnum.ERROR, "Failed to bulkUploadRoles", "Failed"); + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "Failed to bulkUploadRoles", "Failed"); } - return new PortalRestResponse(PortalRestStatusEnum.OK, "Successfully added: "+result, "Success"); + return new PortalRestResponse<>(PortalRestStatusEnum.OK, "Successfully added: " + result, "Success"); } @ApiOperation(value = "Bulk upload role functions for an application.", response = PortalRestResponse.class, responseContainer = "Json") - @RequestMapping(value = { "/upload/portal/roleFunctions" }, method = RequestMethod.POST, produces = "application/json") - public PortalRestResponse bulkUploadRoleFunctions(HttpServletRequest request, HttpServletResponse response) throws Exception { + @PostMapping(value = { "/upload/portal/roleFunctions" }, produces = "application/json") + public PortalRestResponse bulkUploadRoleFunctions(HttpServletRequest request, HttpServletResponse response) { Integer result = 0; try { result = externalAccessRolesService.bulkUploadRolesFunctions(request.getHeader(UEBKEY)); } catch (Exception e) { response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); logger.error(EELFLoggerDelegate.errorLogger, "bulkUploadRoleFunctions failed", e); - return new PortalRestResponse(PortalRestStatusEnum.ERROR, "Failed to bulkUploadRoleFunctions", "Failed"); + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "Failed to bulkUploadRoleFunctions", "Failed"); } - return new PortalRestResponse(PortalRestStatusEnum.OK, "Successfully added: "+result, "Success"); + return new PortalRestResponse<>(PortalRestStatusEnum.OK, "Successfully added: " + result, "Success"); } @ApiOperation(value = "Bulk upload user roles for an application.", response = PortalRestResponse.class, responseContainer = "Json") - @RequestMapping(value = { "/upload/portal/userRoles" }, method = RequestMethod.POST, produces = "application/json") - public PortalRestResponse bulkUploadUserRoles(HttpServletRequest request, HttpServletResponse response) throws Exception { + @PostMapping(value = { "/upload/portal/userRoles" }, produces = "application/json") + public PortalRestResponse bulkUploadUserRoles(HttpServletRequest request, HttpServletResponse response) { Integer result = 0; try { result = externalAccessRolesService.bulkUploadUserRoles(request.getHeader(UEBKEY)); } catch (Exception e) { response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); logger.error(EELFLoggerDelegate.errorLogger, "bulkUploadUserRoles failed", e); - return new PortalRestResponse(PortalRestStatusEnum.ERROR, "Failed to bulkUploadUserRoles", "Failed"); + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "Failed to bulkUploadUserRoles", "Failed"); } - return new PortalRestResponse(PortalRestStatusEnum.OK, "Successfully added: "+result, "Success"); + return new PortalRestResponse<>(PortalRestStatusEnum.OK, "Successfully added: " + result, "Success"); } @ApiOperation(value = "Bulk upload users for renamed role of an application.", response = PortalRestResponse.class, responseContainer = "Json") - @RequestMapping(value = { "/upload/portal/userRole/{roleId}" }, method = RequestMethod.POST, produces = "application/json") - public PortalRestResponse bulkUploadUsersSingleRole(HttpServletRequest request, HttpServletResponse response, @PathVariable Long roleId) throws Exception { + @PostMapping(value = { "/upload/portal/userRole/{roleId}" }, produces = "application/json") + public PortalRestResponse bulkUploadUsersSingleRole(HttpServletRequest request, HttpServletResponse response, @PathVariable Long roleId) { Integer result = 0; try { String roleName = request.getHeader("RoleName"); @@ -730,54 +762,57 @@ public class ExternalAccessRolesController implements BasicAuthenticationControl } catch (Exception e) { response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); logger.error(EELFLoggerDelegate.errorLogger, "bulkUploadUsersSingleRole failed", e); - return new PortalRestResponse(PortalRestStatusEnum.ERROR, "Failed to bulkUploadUsersSingleRole", "Failed"); + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "Failed to bulkUploadUsersSingleRole", "Failed"); } - return new PortalRestResponse(PortalRestStatusEnum.OK, "Successfully added: "+result, "Success"); + return new PortalRestResponse<>(PortalRestStatusEnum.OK, "Successfully added: " + result, "Success"); } @ApiOperation(value = "Bulk upload functions for an partner application.", response = PortalRestResponse.class, responseContainer = "Json") - @RequestMapping(value = { "/upload/partner/functions" }, method = RequestMethod.POST, produces = "application/json") - public PortalRestResponse bulkUploadPartnerFunctions(HttpServletRequest request, HttpServletResponse response) throws Exception { + @PostMapping(value = { "/upload/partner/functions" }, produces = "application/json") + public PortalRestResponse bulkUploadPartnerFunctions(HttpServletRequest request, HttpServletResponse response) { Integer addedFunctions = 0; try { addedFunctions = externalAccessRolesService.bulkUploadPartnerFunctions(request.getHeader(UEBKEY)); } catch (Exception e) { response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); logger.error(EELFLoggerDelegate.errorLogger, "bulkUploadFunctions failed", e); - return new PortalRestResponse(PortalRestStatusEnum.ERROR, "Failed to bulkUploadFunctions", "Failed"); + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "Failed to bulkUploadFunctions", "Failed"); } - return new PortalRestResponse(PortalRestStatusEnum.OK, "Successfully added: '"+addedFunctions+"' functions", "Success"); + return new PortalRestResponse<>(PortalRestStatusEnum.OK, + "Successfully added: '" + addedFunctions + "' functions", "Success"); } @ApiOperation(value = "Bulk upload roles for an partner application.", response = PortalRestResponse.class, responseContainer = "Json") - @RequestMapping(value = { "/upload/partner/roles" }, method = RequestMethod.POST, produces = "application/json") - public PortalRestResponse bulkUploadPartnerRoles(HttpServletRequest request, HttpServletResponse response, @RequestBody List upload) throws Exception { + @PostMapping(value = { "/upload/partner/roles" }, produces = "application/json") + public PortalRestResponse bulkUploadPartnerRoles(HttpServletRequest request, HttpServletResponse response, @RequestBody List upload) { try { externalAccessRolesService.bulkUploadPartnerRoles(request.getHeader(UEBKEY), upload); } catch (Exception e) { response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); logger.error(EELFLoggerDelegate.errorLogger, "bulkUploadRoles failed", e); - return new PortalRestResponse(PortalRestStatusEnum.ERROR, "Failed to bulkUploadRoles", "Failed"); + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "Failed to bulkUploadRoles", "Failed"); } - return new PortalRestResponse(PortalRestStatusEnum.OK, "Successfully added", "Success"); + return new PortalRestResponse<>(PortalRestStatusEnum.OK, "Successfully added", "Success"); } @ApiOperation(value = "Bulk upload role functions for an partner application.", response = PortalRestResponse.class, responseContainer = "Json") - @RequestMapping(value = { "/upload/partner/roleFunctions" }, method = RequestMethod.POST, produces = "application/json") - public PortalRestResponse bulkUploadPartnerRoleFunctions(HttpServletRequest request, HttpServletResponse response) throws Exception { + @PostMapping(value = { "/upload/partner/roleFunctions" }, produces = "application/json") + public PortalRestResponse bulkUploadPartnerRoleFunctions(HttpServletRequest request, HttpServletResponse response) { Integer addedRoleFunctions = 0; try { addedRoleFunctions = externalAccessRolesService.bulkUploadPartnerRoleFunctions(request.getHeader(UEBKEY)); } catch (Exception e) { response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); - logger.error(EELFLoggerDelegate.errorLogger, "bulkUploadRoles failed", e); - return new PortalRestResponse(PortalRestStatusEnum.ERROR, "Failed to bulkUploadPartnerRoleFunctions", "Failed"); + logger.error(EELFLoggerDelegate.errorLogger, "bulkUploadPartnerRoleFunctions failed", e); + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "Failed to bulkUploadPartnerRoleFunctions", + "Failed"); } - return new PortalRestResponse(PortalRestStatusEnum.OK, "Successfully added: '"+addedRoleFunctions + "' role functions", "Success"); + return new PortalRestResponse<>(PortalRestStatusEnum.OK, + "Successfully added: '" + addedRoleFunctions + "' role functions", "Success"); } @ApiOperation(value = "Gets all functions along with global functions", response = List.class, responseContainer = "Json") - @RequestMapping(value = { "/menuFunctions" }, method = RequestMethod.GET, produces = "application/json") + @GetMapping(value = { "/menuFunctions" }, produces = "application/json") public List getMenuFunctions(HttpServletRequest request, HttpServletResponse response) throws Exception { List functionsList = null; try { @@ -791,7 +826,7 @@ public class ExternalAccessRolesController implements BasicAuthenticationControl } @ApiOperation(value = "Gets all active Users of application", response = String.class, responseContainer = "Json") - @RequestMapping(value = { "/users" }, method = RequestMethod.GET, produces = "application/json") + @GetMapping(value = { "/users" }, produces = "application/json") public List getUsersOfApplication(HttpServletRequest request, HttpServletResponse response) throws Exception { List users = null; try { @@ -851,31 +886,38 @@ public class ExternalAccessRolesController implements BasicAuthenticationControl } @ApiOperation(value = "Gets ecompUser of an application.", response = CentralUser.class, responseContainer = "List") - @RequestMapping(value = { "/v2/user/{loginId}" }, method = RequestMethod.GET, produces = "application/json") + @GetMapping(value = { "/v2/user/{loginId}" }, produces = "application/json") public String getEcompUser(HttpServletRequest request, HttpServletResponse response, @PathVariable("loginId") String loginId) throws Exception { - EcompUser user = null; + if(!DATA_VALIDATOR.isValid(new SecureString(loginId))){ + sendErrorResponse(response, new Exception("getEcompUser failed")); + logger.error(EELFLoggerDelegate.errorLogger, "getEcompUser failed", new Exception("getEcompUser failed")); + } + EcompUser user = new EcompUser(); ObjectMapper mapper = new ObjectMapper(); String answer = null; try { fieldsValidation(request); + answer = externalAccessRolesService.getV2UserWithRoles(loginId, request.getHeader(UEBKEY)); if (answer != null) { User ecompUser = userservice.userMapper(answer); user = UserUtils.convertToEcompUser(ecompUser); + List missingRolesOfUser = externalAccessRolesService.missingUserApplicationRoles(request.getHeader(UEBKEY), loginId, user.getRoles()); + if (missingRolesOfUser.size() > 0) { + Set roles = new TreeSet<>(missingRolesOfUser); + user.getRoles().addAll(roles); + } } } catch (Exception e) { sendErrorResponse(response, e); logger.error(EELFLoggerDelegate.errorLogger, "getEcompUser failed", e); } - if (user != null) { - return mapper.writeValueAsString(user); - } - return null; + return mapper.writeValueAsString(user); } @ApiOperation(value = "Gets user ecomp role for an application.", response = CentralUser.class, responseContainer = "List") - @RequestMapping(value = { "/v2/roles" }, method = RequestMethod.GET, produces = "application/json") + @GetMapping(value = { "/v2/roles" }, produces = "application/json") public List getEcompRolesOfApplication(HttpServletRequest request, HttpServletResponse response) throws Exception { List ecompRoles = null;