X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=ecomp-portal-BE-common%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Fportalapp%2Fportal%2Fcontroller%2FFunctionalMenuController.java;h=65abc28074692764995b3494ee23cc4c98a1b75b;hb=fc39621b78e3ca55293c8bce6ef8d37a2fd2bea8;hp=4326eac3530dd359d3afe13dcf5978a476da39c9;hpb=24608a9e1450c409dc3870440d29e91cc3a26bb9;p=portal.git diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/FunctionalMenuController.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/FunctionalMenuController.java index 4326eac3..65abc280 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/FunctionalMenuController.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/FunctionalMenuController.java @@ -4,6 +4,8 @@ * =================================================================== * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. * =================================================================== + * Modification Copyright © 2020 IBM. + * =================================================================== * * Unless otherwise specified, all software contained herein is licensed * under the Apache License, Version 2.0 (the "License"); @@ -33,7 +35,7 @@ * * ============LICENSE_END============================================ * - * + * */ package org.onap.portalapp.portal.controller; @@ -49,6 +51,7 @@ import java.util.Map; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import javax.ws.rs.core.Response; import org.json.JSONObject; import org.onap.portalapp.controller.EPRestrictedBaseController; @@ -71,13 +74,20 @@ import org.onap.portalapp.portal.transport.FunctionalMenuItemWithRoles; import org.onap.portalapp.portal.utils.EPCommonSystemProperties; import org.onap.portalapp.portal.utils.EcompPortalUtils; import org.onap.portalapp.util.EPUserUtils; +import org.onap.portalapp.validation.DataValidator; import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; import org.onap.portalsdk.core.util.SystemProperties; +import org.onap.portalsdk.core.web.support.UserUtils; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.EnableAspectJAutoProxy; import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.PostMapping; +import org.springframework.web.bind.annotation.PutMapping; +import org.springframework.web.bind.annotation.DeleteMapping; import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.RestController; @@ -86,12 +96,13 @@ import org.springframework.web.bind.annotation.RestController; * Supports menus at the top of the Portal app landing page. */ @RestController -@org.springframework.context.annotation.Configuration +@Configuration @EnableAspectJAutoProxy @EPAuditLog public class FunctionalMenuController extends EPRestrictedBaseController { private EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(FunctionalMenuController.class); + private final DataValidator dataValidator = new DataValidator(); @Autowired private AdminRolesService adminRolesService; @@ -104,14 +115,14 @@ public class FunctionalMenuController extends EPRestrictedBaseController { /** * RESTful service method to fetch all the FunctionalMenuItems. - * + * * @param request * HttpServletRequest * @param response * HttpServletResponse * @return List of FunctionalMenuItem objects */ - @RequestMapping(value = { "/portalApi/functionalMenu" }, method = RequestMethod.GET, produces = "application/json") + @GetMapping(value = { "/portalApi/functionalMenu" }, produces = "application/json") public List getMenuItems(HttpServletRequest request, HttpServletResponse response) { // TODO: should only the superuser be allowed to use this API? List menuItems = null; @@ -127,14 +138,14 @@ public class FunctionalMenuController extends EPRestrictedBaseController { /** * RESTful service method to get ONAP Portal Title. - * + * * @param request * HttpServletRequest * @param response * HttpServletResponse * @return PortalRestResponse of ONAP portal title */ - @RequestMapping(value = { "/portalApi/ecompTitle" }, method = RequestMethod.GET, produces = "application/json") + @GetMapping(value = { "/portalApi/ecompTitle" }, produces = "application/json") public PortalRestResponse getECOMPTitle(HttpServletRequest request, HttpServletResponse response) { PortalRestResponse portalRestResponse = null; try { @@ -152,15 +163,15 @@ public class FunctionalMenuController extends EPRestrictedBaseController { * RESTful service method to fetch all the FunctionalMenuItems, both active and * inactive, for the EditFunctionalMenu feature. Can only be accessed by the * portal admin. - * + * * @param request * HttpServletRequest * @param response * HttpServletResponse * @return List of FunctionalMenuItem objects */ - @RequestMapping(value = { - "/portalApi/functionalMenuForEditing" }, method = RequestMethod.GET, produces = "application/json") + @GetMapping(value = { + "/portalApi/functionalMenuForEditing" }, produces = "application/json") public List getMenuItemsForEditing(HttpServletRequest request, HttpServletResponse response) { // TODO: should only the superuser be allowed to use this API? EPUser user = EPUserUtils.getUserSession(request); @@ -182,15 +193,15 @@ public class FunctionalMenuController extends EPRestrictedBaseController { /** * RESTful service method to fetch all the FunctionalMenuItems, active , for the * Functional menu in notification Tree feature. - * + * * @param request * HttpServletRequest * @param response * HttpServletResponse * @return List of FunctionalMenuItem objects */ - @RequestMapping(value = { - "/portalApi/functionalMenuForNotificationTree" }, method = RequestMethod.GET, produces = "application/json") + @GetMapping(value = { + "/portalApi/functionalMenuForNotificationTree" }, produces = "application/json") public List getMenuItemsForNotifications(HttpServletRequest request, HttpServletResponse response) { // TODO: should only the superuser be allowed to use this API? @@ -209,15 +220,15 @@ public class FunctionalMenuController extends EPRestrictedBaseController { /** * RESTful service method to fetch all FunctionalMenuItems associated with an * application. - * + * * @param request * HttpServletRequest * @param appId * application ID * @return List of FunctionalMenuItem objects */ - @RequestMapping(value = { - "/portalApi/functionalMenuForApp/{appId}" }, method = RequestMethod.GET, produces = "application/json") + @GetMapping(value = { + "/portalApi/functionalMenuForApp/{appId}" }, produces = "application/json") public List getMenuItemsForApp(HttpServletRequest request, @PathVariable("appId") Integer appId) { // TODO: should only the superuser be allowed to use this API? @@ -236,15 +247,15 @@ public class FunctionalMenuController extends EPRestrictedBaseController { /** * RESTful service method to fetch all FunctionalMenuItems associated with the * applications and roles that a user has access to. - * + * * @param request * HttpServletRequest * @param orgUserId * user ID * @return List of FunctionalMenuItem objects */ - @RequestMapping(value = { - "/portalApi/functionalMenuForUser/{orgUserId}" }, method = RequestMethod.GET, produces = "application/json") + @GetMapping(value = { + "/portalApi/functionalMenuForUser/{orgUserId}" }, produces = "application/json") public List getMenuItemsForUser(HttpServletRequest request, @PathVariable("orgUserId") String orgUserId) { // TODO: should only the superuser be allowed to use this API? @@ -264,15 +275,15 @@ public class FunctionalMenuController extends EPRestrictedBaseController { /** * RESTful service method to fetch all FunctionalMenuItems associated with the * applications and roles that the authenticated user has access to. - * + * * @param request * HttpServletRequest * @param response * HttpServletResponse * @return List of FunctionalMenuItem objects */ - @RequestMapping(value = { - "/portalApi/functionalMenuForAuthUser" }, method = RequestMethod.GET, produces = "application/json") + @GetMapping(value = { + "/portalApi/functionalMenuForAuthUser" }, produces = "application/json") public List getMenuItemsForAuthUser(HttpServletRequest request, HttpServletResponse response) { EPUser user = EPUserUtils.getUserSession(request); @@ -299,7 +310,7 @@ public class FunctionalMenuController extends EPRestrictedBaseController { /** * RESTful service method to fetch the details for a functional menu item. * Requirement: you must be the ONAP portal super admin user. - * + * * @param request * HttpServletRequest * @param response @@ -308,8 +319,8 @@ public class FunctionalMenuController extends EPRestrictedBaseController { * menu ID * @return FunctionalMenuItem object */ - @RequestMapping(value = { - "/portalApi/functionalMenuItemDetails/{menuId}" }, method = RequestMethod.GET, produces = "application/json") + @GetMapping(value = { + "/portalApi/functionalMenuItemDetails/{menuId}" }, produces = "application/json") public FunctionalMenuItem getFunctionalMenuItemDetails(HttpServletRequest request, @PathVariable("menuId") Long menuId, HttpServletResponse response) { // TODO: return FunctionalMenuItemJson @@ -333,9 +344,9 @@ public class FunctionalMenuController extends EPRestrictedBaseController { /** * RESTful service method to create a new menu item. - * + * * Requirement: you must be the ONAP portal super admin user. - * + * * @param request * HttpServletRequest * @param response @@ -344,11 +355,19 @@ public class FunctionalMenuController extends EPRestrictedBaseController { * FunctionalMenuItemWithRoles * @return FieldsValidator */ - @RequestMapping(value = { "/portalApi/functionalMenuItem" }, method = RequestMethod.POST) + @PostMapping(value = { "/portalApi/functionalMenuItem" }) public FieldsValidator createFunctionalMenuItem(HttpServletRequest request, @RequestBody FunctionalMenuItemWithRoles menuItemJson, HttpServletResponse response) { EPUser user = EPUserUtils.getUserSession(request); FieldsValidator fieldsValidator = null; + + if(!dataValidator.isValid(menuItemJson)){ + fieldsValidator = new FieldsValidator(); + logger.warn(EELFLoggerDelegate.debugLogger,"FunctionalMenuController.createFunctionalMenuItem not valid object"); + fieldsValidator.httpStatusCode = (long)HttpServletResponse.SC_NOT_ACCEPTABLE; + return fieldsValidator; + } + if (!adminRolesService.isSuperAdmin(user)) { logger.debug(EELFLoggerDelegate.debugLogger, "FunctionalMenuController.createFunctionalMenuItem bad permissions"); @@ -365,9 +384,9 @@ public class FunctionalMenuController extends EPRestrictedBaseController { /** * RESTful service method to update an existing menu item - * + * * Requirement: you must be the ONAP portal super admin user. - * + * * @param request * HttpServletRequest * @param response @@ -376,11 +395,19 @@ public class FunctionalMenuController extends EPRestrictedBaseController { * FunctionalMenuItemWithRoles * @return FieldsValidator */ - @RequestMapping(value = { "/portalApi/functionalMenuItem" }, method = RequestMethod.PUT) + @PutMapping(value = { "/portalApi/functionalMenuItem" }) public FieldsValidator editFunctionalMenuItem(HttpServletRequest request, @RequestBody FunctionalMenuItemWithRoles menuItemJson, HttpServletResponse response) { EPUser user = EPUserUtils.getUserSession(request); FieldsValidator fieldsValidator = null; + + if(!dataValidator.isValid(menuItemJson)){ + fieldsValidator = new FieldsValidator(); + logger.warn(EELFLoggerDelegate.debugLogger,"FunctionalMenuController.createFunctionalMenuItem not valid object"); + fieldsValidator.httpStatusCode = (long)HttpServletResponse.SC_NOT_ACCEPTABLE; + return fieldsValidator; + } + if (!adminRolesService.isSuperAdmin(user)) { EcompPortalUtils.setBadPermissions(user, response, "editFunctionalMenuItem"); } else { @@ -395,7 +422,7 @@ public class FunctionalMenuController extends EPRestrictedBaseController { /** * RESTful service method to delete a menu item - * + * * @param request * HttpServletRequest * @param response @@ -404,7 +431,7 @@ public class FunctionalMenuController extends EPRestrictedBaseController { * menu identifier * @return FieldsValidator */ - @RequestMapping(value = { "/portalApi/functionalMenuItem/{menuId}" }, method = RequestMethod.DELETE) + @DeleteMapping(value = { "/portalApi/functionalMenuItem/{menuId}" }) public FieldsValidator deleteFunctionalMenuItem(HttpServletRequest request, @PathVariable("menuId") Long menuId, HttpServletResponse response) { EPUser user = EPUserUtils.getUserSession(request); @@ -423,14 +450,14 @@ public class FunctionalMenuController extends EPRestrictedBaseController { /** * RESTful service to regenerate table - * + * * @param request * HttpServletRequest * @param response * HttpServletResponse * @return FieldsValidator */ - @RequestMapping(value = { "/portalApi/regenerateFunctionalMenuAncestors" }, method = RequestMethod.GET) + @GetMapping(value = { "/portalApi/regenerateFunctionalMenuAncestors" }) public FieldsValidator regenerateAncestorTable(HttpServletRequest request, HttpServletResponse response) { // TODO: should only the superuser be allowed to use this API? EPUser user = EPUserUtils.getUserSession(request); @@ -450,7 +477,7 @@ public class FunctionalMenuController extends EPRestrictedBaseController { /** * RESful service to set a favorite item. - * + * * @param request * HttpServletRequest * @param response @@ -459,7 +486,7 @@ public class FunctionalMenuController extends EPRestrictedBaseController { * FunctionalMenuItemWithRoles * @return FieldsValidator */ - @RequestMapping(value = { "/portalApi/setFavoriteItem" }, method = RequestMethod.POST) + @PostMapping(value = { "/portalApi/setFavoriteItem" }) public FieldsValidator addFavoriteItem(HttpServletRequest request, @RequestBody FavoritesFunctionalMenuItem menuItemJson, HttpServletResponse response) { EPUser user = EPUserUtils.getUserSession(request); @@ -476,15 +503,15 @@ public class FunctionalMenuController extends EPRestrictedBaseController { /** * RESTful service to get favorites for the current user as identified in the * session - * + * * @param request * HttpServletRequest * @param response * HttpServletResponse * @return List of FavoritesFunctionalMenuItemJson */ - @RequestMapping(value = { - "/portalApi/getFavoriteItems" }, method = RequestMethod.GET, produces = "application/json") + @GetMapping(value = { + "/portalApi/getFavoriteItems" }, produces = "application/json") public List getFavoritesForUser(HttpServletRequest request, HttpServletResponse response) { EPUser user = EPUserUtils.getUserSession(request); @@ -499,7 +526,7 @@ public class FunctionalMenuController extends EPRestrictedBaseController { /** * RESTful service to delete a favorite menu item for the current user as * identified in the session. - * + * * @param request * HttpServletRequest * @param response @@ -508,7 +535,7 @@ public class FunctionalMenuController extends EPRestrictedBaseController { * menu identifier * @return FieldsValidator */ - @RequestMapping(value = { "/portalApi/removeFavoriteItem/{menuId}" }, method = RequestMethod.DELETE) + @DeleteMapping(value = { "/portalApi/removeFavoriteItem/{menuId}" }) public FieldsValidator deleteFavoriteItem(HttpServletRequest request, @PathVariable("menuId") Long menuId, HttpServletResponse response) { EPUser user = EPUserUtils.getUserSession(request); @@ -528,22 +555,26 @@ public class FunctionalMenuController extends EPRestrictedBaseController { * session (i.e., the CSP cookie); if that fails, calls the shared context * service to read the information from the database. Gives back what it found, * any of which may be null, as a JSON collection. - * + * * @param request * HttpServletRequest * @param response * HttpServletResponse * @return JSON collection of key-value pairs shown below. */ - @RequestMapping(value = { - "/portalApi/functionalMenuStaticInfo" }, method = RequestMethod.GET, produces = "application/json") + @GetMapping(value = { + "/portalApi/functionalMenuStaticInfo" }, produces = "application/json") public String getFunctionalMenuStaticInfo(HttpServletRequest request, HttpServletResponse response) { // Get user details from session logger.debug(EELFLoggerDelegate.debugLogger, "getFunctionalMenuStaticInfo: getting user info"); String fnMenuStaticResponse = null; try { - String orgUserIdStr = null, firstNameStr = null, lastNameStr = null, emailStr = null, lastLogin = null; + String orgUserIdStr = null; + String firstNameStr = null; + String lastNameStr = null; + String emailStr = null; + String lastLogin = null; EPUser user = EPUserUtils.getUserSession(request); firstNameStr = user.getFirstName(); lastNameStr = user.getLastName(); @@ -565,7 +596,10 @@ public class FunctionalMenuController extends EPRestrictedBaseController { // If any item is missing from session, try the Shared Context // service. - SharedContext orgUserIdSC = null, firstNameSC = null, lastNameSC = null, emailSC = null; + SharedContext orgUserIdSC = null; + SharedContext firstNameSC = null; + SharedContext lastNameSC = null; + SharedContext emailSC = null; String sessionId = request.getSession().getId(); if (firstNameStr == null) firstNameSC = sharedContextService.getSharedContext(sessionId, @@ -611,7 +645,7 @@ public class FunctionalMenuController extends EPRestrictedBaseController { }; /** - * + * * @param request * HttpServletRequest * @param userId @@ -620,12 +654,20 @@ public class FunctionalMenuController extends EPRestrictedBaseController { * @throws IOException * on error */ - @RequestMapping(value = { - "/portalApi/userApplicationRoles" }, method = RequestMethod.GET, produces = "application/json") - public List getAppList(HttpServletRequest request, + @GetMapping(value = { + "/portalApi/userApplicationRoles" }, produces = "application/json") + public List getAppList(HttpServletRequest request, HttpServletResponse response, @RequestParam("userId") String userId) throws IOException { List AppRoles = null; + + if(!UserUtils.getUserSession(request).getOrgUserId().equalsIgnoreCase(userId)) { + logger.error(EELFLoggerDelegate.errorLogger, "Not authorized to view roles of others "); + response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); + response.getWriter().flush(); + return null; + } + try { List userAppRoleList = functionalMenuService.getUserAppRolesList(userId);