X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=ecomp-portal-BE-common%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Fportalapp%2Fportal%2Fcontroller%2FFunctionalMenuController.java;h=a4d1f798159dbe1a2ffa837deb827e8981275a07;hb=b5d17f2d9bfaa430bbd2ed31ffe588f73ed4cf94;hp=97af437386092618b8b0099171376b12d4d37fc5;hpb=bb6fb4c52904d119ba790d5d9c1f752649a74a0a;p=portal.git diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/FunctionalMenuController.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/FunctionalMenuController.java index 97af4373..a4d1f798 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/FunctionalMenuController.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/FunctionalMenuController.java @@ -4,6 +4,8 @@ * =================================================================== * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. * =================================================================== + * Modification Copyright © 2020 IBM. + * =================================================================== * * Unless otherwise specified, all software contained herein is licensed * under the Apache License, Version 2.0 (the "License"); @@ -49,6 +51,7 @@ import java.util.Map; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import javax.ws.rs.core.Response; import org.json.JSONObject; import org.onap.portalapp.controller.EPRestrictedBaseController; @@ -74,12 +77,17 @@ import org.onap.portalapp.util.EPUserUtils; import org.onap.portalapp.validation.DataValidator; import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; import org.onap.portalsdk.core.util.SystemProperties; +import org.onap.portalsdk.core.web.support.UserUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.EnableAspectJAutoProxy; import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.PostMapping; +import org.springframework.web.bind.annotation.PutMapping; +import org.springframework.web.bind.annotation.DeleteMapping; import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.RestController; @@ -114,7 +122,7 @@ public class FunctionalMenuController extends EPRestrictedBaseController { * HttpServletResponse * @return List of FunctionalMenuItem objects */ - @RequestMapping(value = { "/portalApi/functionalMenu" }, method = RequestMethod.GET, produces = "application/json") + @GetMapping(value = { "/portalApi/functionalMenu" }, produces = "application/json") public List getMenuItems(HttpServletRequest request, HttpServletResponse response) { // TODO: should only the superuser be allowed to use this API? List menuItems = null; @@ -137,7 +145,7 @@ public class FunctionalMenuController extends EPRestrictedBaseController { * HttpServletResponse * @return PortalRestResponse of ONAP portal title */ - @RequestMapping(value = { "/portalApi/ecompTitle" }, method = RequestMethod.GET, produces = "application/json") + @GetMapping(value = { "/portalApi/ecompTitle" }, produces = "application/json") public PortalRestResponse getECOMPTitle(HttpServletRequest request, HttpServletResponse response) { PortalRestResponse portalRestResponse = null; try { @@ -162,8 +170,8 @@ public class FunctionalMenuController extends EPRestrictedBaseController { * HttpServletResponse * @return List of FunctionalMenuItem objects */ - @RequestMapping(value = { - "/portalApi/functionalMenuForEditing" }, method = RequestMethod.GET, produces = "application/json") + @GetMapping(value = { + "/portalApi/functionalMenuForEditing" }, produces = "application/json") public List getMenuItemsForEditing(HttpServletRequest request, HttpServletResponse response) { // TODO: should only the superuser be allowed to use this API? EPUser user = EPUserUtils.getUserSession(request); @@ -192,8 +200,8 @@ public class FunctionalMenuController extends EPRestrictedBaseController { * HttpServletResponse * @return List of FunctionalMenuItem objects */ - @RequestMapping(value = { - "/portalApi/functionalMenuForNotificationTree" }, method = RequestMethod.GET, produces = "application/json") + @GetMapping(value = { + "/portalApi/functionalMenuForNotificationTree" }, produces = "application/json") public List getMenuItemsForNotifications(HttpServletRequest request, HttpServletResponse response) { // TODO: should only the superuser be allowed to use this API? @@ -219,8 +227,8 @@ public class FunctionalMenuController extends EPRestrictedBaseController { * application ID * @return List of FunctionalMenuItem objects */ - @RequestMapping(value = { - "/portalApi/functionalMenuForApp/{appId}" }, method = RequestMethod.GET, produces = "application/json") + @GetMapping(value = { + "/portalApi/functionalMenuForApp/{appId}" }, produces = "application/json") public List getMenuItemsForApp(HttpServletRequest request, @PathVariable("appId") Integer appId) { // TODO: should only the superuser be allowed to use this API? @@ -246,8 +254,8 @@ public class FunctionalMenuController extends EPRestrictedBaseController { * user ID * @return List of FunctionalMenuItem objects */ - @RequestMapping(value = { - "/portalApi/functionalMenuForUser/{orgUserId}" }, method = RequestMethod.GET, produces = "application/json") + @GetMapping(value = { + "/portalApi/functionalMenuForUser/{orgUserId}" }, produces = "application/json") public List getMenuItemsForUser(HttpServletRequest request, @PathVariable("orgUserId") String orgUserId) { // TODO: should only the superuser be allowed to use this API? @@ -274,8 +282,8 @@ public class FunctionalMenuController extends EPRestrictedBaseController { * HttpServletResponse * @return List of FunctionalMenuItem objects */ - @RequestMapping(value = { - "/portalApi/functionalMenuForAuthUser" }, method = RequestMethod.GET, produces = "application/json") + @GetMapping(value = { + "/portalApi/functionalMenuForAuthUser" }, produces = "application/json") public List getMenuItemsForAuthUser(HttpServletRequest request, HttpServletResponse response) { EPUser user = EPUserUtils.getUserSession(request); @@ -311,8 +319,8 @@ public class FunctionalMenuController extends EPRestrictedBaseController { * menu ID * @return FunctionalMenuItem object */ - @RequestMapping(value = { - "/portalApi/functionalMenuItemDetails/{menuId}" }, method = RequestMethod.GET, produces = "application/json") + @GetMapping(value = { + "/portalApi/functionalMenuItemDetails/{menuId}" }, produces = "application/json") public FunctionalMenuItem getFunctionalMenuItemDetails(HttpServletRequest request, @PathVariable("menuId") Long menuId, HttpServletResponse response) { // TODO: return FunctionalMenuItemJson @@ -347,7 +355,7 @@ public class FunctionalMenuController extends EPRestrictedBaseController { * FunctionalMenuItemWithRoles * @return FieldsValidator */ - @RequestMapping(value = { "/portalApi/functionalMenuItem" }, method = RequestMethod.POST) + @PostMapping(value = { "/portalApi/functionalMenuItem" }) public FieldsValidator createFunctionalMenuItem(HttpServletRequest request, @RequestBody FunctionalMenuItemWithRoles menuItemJson, HttpServletResponse response) { EPUser user = EPUserUtils.getUserSession(request); @@ -387,7 +395,7 @@ public class FunctionalMenuController extends EPRestrictedBaseController { * FunctionalMenuItemWithRoles * @return FieldsValidator */ - @RequestMapping(value = { "/portalApi/functionalMenuItem" }, method = RequestMethod.PUT) + @PutMapping(value = { "/portalApi/functionalMenuItem" }) public FieldsValidator editFunctionalMenuItem(HttpServletRequest request, @RequestBody FunctionalMenuItemWithRoles menuItemJson, HttpServletResponse response) { EPUser user = EPUserUtils.getUserSession(request); @@ -423,7 +431,7 @@ public class FunctionalMenuController extends EPRestrictedBaseController { * menu identifier * @return FieldsValidator */ - @RequestMapping(value = { "/portalApi/functionalMenuItem/{menuId}" }, method = RequestMethod.DELETE) + @DeleteMapping(value = { "/portalApi/functionalMenuItem/{menuId}" }) public FieldsValidator deleteFunctionalMenuItem(HttpServletRequest request, @PathVariable("menuId") Long menuId, HttpServletResponse response) { EPUser user = EPUserUtils.getUserSession(request); @@ -449,7 +457,7 @@ public class FunctionalMenuController extends EPRestrictedBaseController { * HttpServletResponse * @return FieldsValidator */ - @RequestMapping(value = { "/portalApi/regenerateFunctionalMenuAncestors" }, method = RequestMethod.GET) + @GetMapping(value = { "/portalApi/regenerateFunctionalMenuAncestors" }) public FieldsValidator regenerateAncestorTable(HttpServletRequest request, HttpServletResponse response) { // TODO: should only the superuser be allowed to use this API? EPUser user = EPUserUtils.getUserSession(request); @@ -478,7 +486,7 @@ public class FunctionalMenuController extends EPRestrictedBaseController { * FunctionalMenuItemWithRoles * @return FieldsValidator */ - @RequestMapping(value = { "/portalApi/setFavoriteItem" }, method = RequestMethod.POST) + @PostMapping(value = { "/portalApi/setFavoriteItem" }) public FieldsValidator addFavoriteItem(HttpServletRequest request, @RequestBody FavoritesFunctionalMenuItem menuItemJson, HttpServletResponse response) { EPUser user = EPUserUtils.getUserSession(request); @@ -502,8 +510,8 @@ public class FunctionalMenuController extends EPRestrictedBaseController { * HttpServletResponse * @return List of FavoritesFunctionalMenuItemJson */ - @RequestMapping(value = { - "/portalApi/getFavoriteItems" }, method = RequestMethod.GET, produces = "application/json") + @GetMapping(value = { + "/portalApi/getFavoriteItems" }, produces = "application/json") public List getFavoritesForUser(HttpServletRequest request, HttpServletResponse response) { EPUser user = EPUserUtils.getUserSession(request); @@ -527,7 +535,7 @@ public class FunctionalMenuController extends EPRestrictedBaseController { * menu identifier * @return FieldsValidator */ - @RequestMapping(value = { "/portalApi/removeFavoriteItem/{menuId}" }, method = RequestMethod.DELETE) + @DeleteMapping(value = { "/portalApi/removeFavoriteItem/{menuId}" }) public FieldsValidator deleteFavoriteItem(HttpServletRequest request, @PathVariable("menuId") Long menuId, HttpServletResponse response) { EPUser user = EPUserUtils.getUserSession(request); @@ -554,8 +562,8 @@ public class FunctionalMenuController extends EPRestrictedBaseController { * HttpServletResponse * @return JSON collection of key-value pairs shown below. */ - @RequestMapping(value = { - "/portalApi/functionalMenuStaticInfo" }, method = RequestMethod.GET, produces = "application/json") + @GetMapping(value = { + "/portalApi/functionalMenuStaticInfo" }, produces = "application/json") public String getFunctionalMenuStaticInfo(HttpServletRequest request, HttpServletResponse response) { // Get user details from session @@ -639,12 +647,20 @@ public class FunctionalMenuController extends EPRestrictedBaseController { * @throws IOException * on error */ - @RequestMapping(value = { - "/portalApi/userApplicationRoles" }, method = RequestMethod.GET, produces = "application/json") - public List getAppList(HttpServletRequest request, + @GetMapping(value = { + "/portalApi/userApplicationRoles" }, produces = "application/json") + public List getAppList(HttpServletRequest request, HttpServletResponse response, @RequestParam("userId") String userId) throws IOException { List AppRoles = null; + + if(!UserUtils.getUserSession(request).getOrgUserId().equalsIgnoreCase(userId)) { + logger.error(EELFLoggerDelegate.errorLogger, "Not authorized to view roles of others "); + response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); + response.getWriter().flush(); + return null; + } + try { List userAppRoleList = functionalMenuService.getUserAppRolesList(userId);