X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=ecomp-portal-BE-common%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Fportalapp%2Fportal%2Fcontroller%2FRoleManageController.java;fp=ecomp-portal-BE-common%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Fportalapp%2Fportal%2Fcontroller%2FRoleManageController.java;h=1433fb21816dec68751a6bbb5187530f88f503b2;hb=21a8761f684745bb300e075c7e98ad897ace9eed;hp=0000000000000000000000000000000000000000;hpb=3af8af1310d5a27cb58be29505573f0bbdc1717c;p=portal.git diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/RoleManageController.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/RoleManageController.java new file mode 100644 index 00000000..1433fb21 --- /dev/null +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/RoleManageController.java @@ -0,0 +1,747 @@ +/*- + * ============LICENSE_START========================================== + * ONAP Portal + * =================================================================== + * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + * =================================================================== + * + * Unless otherwise specified, all software contained herein is licensed + * under the Apache License, Version 2.0 (the "License"); + * you may not use this software except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Unless otherwise specified, all documentation contained herein is licensed + * under the Creative Commons License, Attribution 4.0 Intl. (the "License"); + * you may not use this documentation except in compliance with the License. + * You may obtain a copy of the License at + * + * https://creativecommons.org/licenses/by/4.0/ + * + * Unless required by applicable law or agreed to in writing, documentation + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * ============LICENSE_END============================================ + * + * ECOMP is a trademark and service mark of AT&T Intellectual Property. + */ +package org.onap.portalapp.portal.controller; + +import java.io.IOException; +import java.util.HashMap; +import java.util.Iterator; +import java.util.List; +import java.util.Map; +import java.util.Set; +import java.util.TreeSet; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.lang.StringUtils; +import org.json.JSONObject; +import org.onap.portalapp.controller.EPRestrictedBaseController; +import org.onap.portalapp.controller.core.RoleController; +import org.onap.portalapp.controller.core.RoleListController; +import org.onap.portalapp.portal.domain.CentralV2RoleFunction; +import org.onap.portalapp.portal.domain.CentralizedApp; +import org.onap.portalapp.portal.domain.EPApp; +import org.onap.portalapp.portal.domain.EPUser; +import org.onap.portalapp.portal.domain.EcompAuditLog; +import org.onap.portalapp.portal.ecomp.model.PortalRestResponse; +import org.onap.portalapp.portal.ecomp.model.PortalRestStatusEnum; +import org.onap.portalapp.portal.exceptions.DuplicateRecordException; +import org.onap.portalapp.portal.exceptions.InvalidApplicationException; +import org.onap.portalapp.portal.exceptions.InvalidRoleException; +import org.onap.portalapp.portal.exceptions.NonCentralizedAppException; +import org.onap.portalapp.portal.logging.aop.EPAuditLog; +import org.onap.portalapp.portal.logging.aop.EPEELFLoggerAdvice; +import org.onap.portalapp.portal.logging.logic.EPLogUtil; +import org.onap.portalapp.portal.service.AdminRolesService; +import org.onap.portalapp.portal.service.EPAppService; +import org.onap.portalapp.portal.service.ExternalAccessRolesService; +import org.onap.portalapp.portal.transport.CentralV2Role; +import org.onap.portalapp.portal.transport.ExternalRequestFieldsValidator; +import org.onap.portalapp.portal.utils.EPCommonSystemProperties; +import org.onap.portalapp.portal.utils.EcompPortalUtils; +import org.onap.portalapp.portal.utils.PortalConstants; +import org.onap.portalapp.util.EPUserUtils; +import org.onap.portalsdk.core.domain.AuditLog; +import org.onap.portalsdk.core.domain.Role; +import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; +import org.onap.portalsdk.core.service.AuditService; +import org.onap.portalsdk.core.util.SystemProperties; +import org.onap.portalsdk.core.web.support.JsonMessage; +import org.slf4j.MDC; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.annotation.EnableAspectJAutoProxy; +import org.springframework.http.ResponseEntity; +import org.springframework.web.bind.annotation.PathVariable; +import org.springframework.web.bind.annotation.RequestBody; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; +import org.springframework.web.bind.annotation.RestController; +import org.springframework.web.servlet.ModelAndView; + +import com.fasterxml.jackson.databind.DeserializationFeature; +import com.fasterxml.jackson.databind.JsonNode; +import com.fasterxml.jackson.databind.ObjectMapper; +import com.fasterxml.jackson.databind.type.TypeFactory; + +/** + * Proxies REST calls to role-management functions that arrive on paths + * /portalApi/* over to controller methods provided by the SDK-Core library. + * Those controller methods are mounted on paths not exposed by the Portal FE. + */ +@RestController +@org.springframework.context.annotation.Configuration +@EnableAspectJAutoProxy +@EPAuditLog +public class RoleManageController extends EPRestrictedBaseController { + private static final String ROLE_INVALID_CHARS = "%=():,\"\""; + + private static EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(RoleManageController.class); + + @Autowired + private RoleController roleController; + + @Autowired + private RoleListController roleListController; + + @Autowired + private EPAppService appService; + + @Autowired + private AuditService auditService; + + @Autowired + private ExternalAccessRolesService externalAccessRolesService; + + + @Autowired + private AdminRolesService adminRolesService; + + /** + * Calls an SDK-Core library method that gets the available roles and writes + * them to the request object. Portal specifies a Hibernate mappings from + * the Role class to the fn_role_v view, which ensures that only Portal + * (app_id is null) roles are fetched. + * + * Any method declared void (no return value) or returning null causes the + * audit log aspect method to declare failure. TODO: should return a JSON + * string. + * + * @param request + * @param response + * @throws Exception + */ + + @RequestMapping(value = { "/portalApi/get_roles/{appId}" }, method = RequestMethod.GET) + public void getRoles(HttpServletRequest request, HttpServletResponse response, @PathVariable("appId") Long appId) throws Exception { + try { + EPUser user = EPUserUtils.getUserSession(request); + EPApp requestedApp = appService.getApp(appId); + if (isAuthorizedUser(user, requestedApp)) { + fieldsValidation(requestedApp); + if (requestedApp.getCentralAuth()) { + List answer = null; + Map model = new HashMap<>(); + ObjectMapper mapper = new ObjectMapper(); + answer = externalAccessRolesService.getRolesForApp(requestedApp.getUebKey()); + model.put("availableRoles", answer); + JsonMessage msg = new JsonMessage(mapper.writeValueAsString(model)); + JSONObject j = new JSONObject(msg); + response.getWriter().write(j.toString()); + } else + throw new NonCentralizedAppException(requestedApp.getName()); + } else { + logger.info(EELFLoggerDelegate.auditLogger, "RoleManageController.getRoles, Unauthorized user"); + SendErrorForUnauthorizedUser(response, user); + } + + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, "getRoles failed", e); + } + } + + + + @RequestMapping(value = { "/portalApi/role_list/toggleRole/{appId}/{roleId}" }, method = RequestMethod.POST) + public Map toggleRole(HttpServletRequest request, HttpServletResponse response, @PathVariable("appId") Long appId, + @PathVariable("roleId") Long roleId) throws Exception { + EPApp requestedApp = null; + String restcallStatus = null; + HashMap responseMap = new HashMap<>(); + EPUser user = EPUserUtils.getUserSession(request); + try { + requestedApp = appService.getApp(appId); + if (isAuthorizedUser(user, requestedApp)) { + fieldsValidation(requestedApp); + ObjectMapper mapper = new ObjectMapper(); + mapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false); + CentralV2Role domainRole = externalAccessRolesService.getRoleInfo(roleId, requestedApp.getUebKey()); + // role. toggle active ind + boolean active = domainRole.isActive(); + domainRole.setActive(!active); + + String result = mapper.writeValueAsString(domainRole); + Role newRole = externalAccessRolesService.ConvertCentralRoleToRole(result); + ExternalRequestFieldsValidator externalRequestFieldsValidator = externalAccessRolesService + .saveRoleForApplication(newRole, requestedApp.getUebKey()); + boolean getAddResponse = externalRequestFieldsValidator.isResult(); + if (getAddResponse) { + restcallStatus = "Success"; + logger.info(EELFLoggerDelegate.auditLogger, "Toggle active status for role " + domainRole.getId()); + } else { + restcallStatus = "Toggle Role Failed"; + logger.info(EELFLoggerDelegate.auditLogger, "Toggle Role Failed " + domainRole.getId()); + } + responseMap.put("restcallStatus", restcallStatus); + responseMap.put("availableRoles", externalAccessRolesService.getRolesForApp(requestedApp.getUebKey())); + } else { + logger.info(EELFLoggerDelegate.auditLogger, "RoleManageController.toggleRole, Unauthorized user"); + EcompPortalUtils.setBadPermissions(user, response, "createAdmin"); + responseMap.put("restcallStatus", " Unauthorized user"); + } + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, "toggleRole failed", e); + throw e; + } + return responseMap; + } + + @RequestMapping(value = { "/portalApi/role_list/removeRole/{appId}/{roleId}" }, method = RequestMethod.POST) + public Map removeRole(HttpServletRequest request, HttpServletResponse response, @PathVariable("appId") Long appId, + @PathVariable("roleId") Long roleId) throws Exception { + + EPUser user = EPUserUtils.getUserSession(request); + EPApp requestedApp = null; + String restCallStatus = null; + HashMap responseMap = new HashMap<>(); + ExternalRequestFieldsValidator externalRequestFieldsValidator = null; + try { + requestedApp = appService.getApp(appId); + if (isAuthorizedUser(user, requestedApp)) { + fieldsValidation(requestedApp); + if (requestedApp.getCentralAuth()) { + externalRequestFieldsValidator = externalAccessRolesService.deleteDependencyRoleRecord(roleId, + requestedApp.getUebKey(), user.getOrgUserId()); + boolean deleteResponse = externalRequestFieldsValidator.isResult(); + if (deleteResponse) { + restCallStatus = "Success"; + EPUser requestedUser = (EPUser) externalAccessRolesService.getUser(user.getOrgUserId()).get(0); + EPApp app = (EPApp) externalAccessRolesService.getApp(requestedApp.getUebKey()).get(0); + logger.info(EELFLoggerDelegate.applicationLogger, "deleteRole: succeeded for app {}, role {}", + app.getId(), roleId); + String activityCode = EcompAuditLog.CD_ACTIVITY_EXTERNAL_AUTH_DELETE_ROLE; + AuditLog auditLog = getAuditInfo(requestedUser, activityCode); + auditLog.setComments(EcompPortalUtils.truncateString( + "Deleted role for app:" + app.getId() + " and role:'" + roleId + "'", + PortalConstants.AUDIT_LOG_COMMENT_SIZE)); + auditService.logActivity(auditLog, null); + MDC.put(EPCommonSystemProperties.AUDITLOG_BEGIN_TIMESTAMP, + EPEELFLoggerAdvice.getCurrentDateTimeUTC()); + MDC.put(EPCommonSystemProperties.AUDITLOG_END_TIMESTAMP, + EPEELFLoggerAdvice.getCurrentDateTimeUTC()); + EcompPortalUtils.calculateDateTimeDifferenceForLog( + MDC.get(EPCommonSystemProperties.AUDITLOG_BEGIN_TIMESTAMP), + MDC.get(EPCommonSystemProperties.AUDITLOG_END_TIMESTAMP)); + logger.info(EELFLoggerDelegate.auditLogger, + EPLogUtil.formatAuditLogMessage("RoleManageController.removeRole", + EcompAuditLog.CD_ACTIVITY_EXTERNAL_AUTH_DELETE_ROLE, + String.valueOf(requestedUser.getId()), requestedUser.getOrgUserId(), + roleId.toString())); + MDC.remove(EPCommonSystemProperties.AUDITLOG_BEGIN_TIMESTAMP); + MDC.remove(EPCommonSystemProperties.AUDITLOG_END_TIMESTAMP); + MDC.remove(SystemProperties.MDC_TIMER); + } else { + restCallStatus = "Remove Role failed"; + responseMap.put("error", externalRequestFieldsValidator.getDetailMessage()); + logger.error(EELFLoggerDelegate.errorLogger, "removeRole failed"); + } + responseMap.put("restCallStatus", restCallStatus); + responseMap.put("availableRoles", + externalAccessRolesService.getRolesForApp(requestedApp.getUebKey())); + } else + throw new NonCentralizedAppException(requestedApp.getName()); + } else { + logger.info(EELFLoggerDelegate.auditLogger, "RoleManageController.removeRole, Unauthorized user"); + EcompPortalUtils.setBadPermissions(user, response, "createAdmin"); + responseMap.put("restCallStatus", " Unauthorized user"); + } + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, "removeRole failed", e); + throw e; + } + return responseMap; + } + + @RequestMapping(value = { "/portalApi/role/saveRole/{appId}" }, method = RequestMethod.POST) + public Map saveRole(HttpServletRequest request, HttpServletResponse response, + @PathVariable("appId") Long appId) throws Exception { + EPUser user = EPUserUtils.getUserSession(request); + String responseString = null; + HashMap responseMap = new HashMap<>(); + try { + EPApp requestedApp = appService.getApp(appId); + if (isAuthorizedUser(user, requestedApp)) { + fieldsValidation(requestedApp); + if (requestedApp != null && requestedApp.getCentralAuth().equals(true)) { + ObjectMapper mapper = new ObjectMapper(); + mapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false); + JsonNode root = mapper.readTree(request.getReader()); + CentralV2Role role = mapper.readValue(root.get("role").toString(), CentralV2Role.class); + + List childRoles = mapper.readValue(root.get("childRoles").toString(), + TypeFactory.defaultInstance().constructCollectionType(List.class, CentralV2Role.class)); + List roleFunctions = mapper.readValue(root.get("roleFunctions").toString(), + TypeFactory.defaultInstance().constructCollectionType(List.class, + CentralV2RoleFunction.class)); + if (role.getId() != null && StringUtils.containsAny(role.getName(), ROLE_INVALID_CHARS)) { + throw new InvalidRoleException("Invalid role name found for '" + role.getName() + + "'. Any one of the following characters '%,(),=,:,comma, and double quotes' are not allowed"); + } + CentralV2Role domainRole; + if (role.getId() != null) { + domainRole = externalAccessRolesService.getRoleInfo(role.getId(), requestedApp.getUebKey()); + domainRole.setName(role.getName()); + domainRole.setPriority(role.getPriority()); + } else { + // check for existing role of same name + List roles = externalAccessRolesService.getRolesForApp(requestedApp.getUebKey()); + for (CentralV2Role existRole : roles) + if (existRole.getName().equalsIgnoreCase(role.getName())) + throw new DuplicateRecordException("role already exists: " + existRole.getName()); + + domainRole = new CentralV2Role(); + domainRole.setName(role.getName()); + domainRole.setPriority(role.getPriority()); + if (role.getChildRoles() != null && role.getChildRoles().size() > 0) { + for (Object childRole : childRoles) { + domainRole.addChildRole((CentralV2Role) childRole); + } + } + } + if (role.getRoleFunctions() != null && role.getRoleFunctions().size() > 0) { + domainRole.setRoleFunctions(new TreeSet()); + for (CentralV2RoleFunction roleFunction : roleFunctions) { + if (roleFunction.getType() == null && roleFunction.getAction() == null) { + throw new InvalidRoleException("Invalid role function type:" + roleFunction.getType() + + " and action: " + roleFunction.getAction() + " found while saving!"); + } + roleFunction.setCode(externalAccessRolesService.encodeFunctionCode(roleFunction.getCode())); + roleFunction.setCode(roleFunction.getType() + "|" + roleFunction.getCode() + "|" + + roleFunction.getAction()); + domainRole.addRoleFunction((CentralV2RoleFunction) roleFunction); + } + } else { + domainRole.setRoleFunctions(new TreeSet<>()); + } + String result = mapper.writeValueAsString(domainRole); + Role newRole = externalAccessRolesService.ConvertCentralRoleToRole(result); + ExternalRequestFieldsValidator externalRequestFieldsValidator = externalAccessRolesService + .saveRoleForApplication(newRole, requestedApp.getUebKey()); + boolean getAddResponse = externalRequestFieldsValidator.isResult(); + if (getAddResponse) { + String activityCode = (role.getId() == null) ? EcompAuditLog.CD_ACTIVITY_EXTERNAL_AUTH_ADD_ROLE + : EcompAuditLog.CD_ACTIVITY_EXTERNAL_AUTH_UPDATE_ROLE_AND_FUNCTION; + logger.info(EELFLoggerDelegate.applicationLogger, "saveRole: succeeded for app {}, role {}", + requestedApp.getId(), role.getName()); + AuditLog auditLog = new AuditLog(); + auditLog.setUserId(user.getId()); + auditLog.setActivityCode(activityCode); + auditLog.setComments(EcompPortalUtils.truncateString( + "saveRole role for app:" + requestedApp.getId() + " and role:'" + role.getName() + "'", + PortalConstants.AUDIT_LOG_COMMENT_SIZE)); + auditLog.setAffectedRecordId(user.getOrgUserId()); + auditService.logActivity(auditLog, null); + MDC.put(EPCommonSystemProperties.AUDITLOG_BEGIN_TIMESTAMP, + EPEELFLoggerAdvice.getCurrentDateTimeUTC()); + MDC.put(EPCommonSystemProperties.AUDITLOG_END_TIMESTAMP, + EPEELFLoggerAdvice.getCurrentDateTimeUTC()); + EcompPortalUtils.calculateDateTimeDifferenceForLog( + MDC.get(EPCommonSystemProperties.AUDITLOG_BEGIN_TIMESTAMP), + MDC.get(EPCommonSystemProperties.AUDITLOG_END_TIMESTAMP)); + logger.info(EELFLoggerDelegate.auditLogger, + EPLogUtil.formatAuditLogMessage("RoleManageController.saveRole", activityCode, + String.valueOf(user.getId()), user.getOrgUserId(), role.getName())); + MDC.remove(EPCommonSystemProperties.AUDITLOG_BEGIN_TIMESTAMP); + MDC.remove(EPCommonSystemProperties.AUDITLOG_END_TIMESTAMP); + MDC.remove(SystemProperties.MDC_TIMER); + responseMap.put("status", "Success"); + responseMap.put("role", domainRole); + } else { + if (externalRequestFieldsValidator.getDetailMessage().contains("406")) { + externalRequestFieldsValidator.setDetailMessage("Failed to save role for '" + role.getName() + + "'. Any one of the following characters '%,(),=,:,comma, and double quotes' are not allowed"); + } + responseMap.put("status", "SaveRole Failed"); + responseMap.put("role", responseString); + responseMap.put("error", externalRequestFieldsValidator.getDetailMessage()); + logger.error(EELFLoggerDelegate.errorLogger, "saveRole failed"); + } + } + } else { + logger.info(EELFLoggerDelegate.auditLogger, "RoleManageController.saveRole, Unauthorized user"); + EcompPortalUtils.setBadPermissions(user, response, "createAdmin"); + responseMap.put("error", " Unauthorized user"); + } + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, "saveRole failed", e); + responseMap.put("error", e.getMessage()); + } + return responseMap; + } + + @RequestMapping(value = { "/portalApi/role/removeRoleFunction" }, method = RequestMethod.POST) + public ModelAndView removeRoleRoleFunction(HttpServletRequest request, HttpServletResponse response) + throws Exception { + return getRoleController().removeRoleFunction(request, response); + } + + @RequestMapping(value = { "/portalApi/role/addRoleFunction" }, method = RequestMethod.POST) + public ModelAndView addRoleRoRoleFunction(HttpServletRequest request, HttpServletResponse response) + throws Exception { + return getRoleController().addRoleFunction(request, response); + } + + @RequestMapping(value = { "/portalApi/role/removeChildRole" }, method = RequestMethod.POST) + public ModelAndView removeChildRole(HttpServletRequest request, HttpServletResponse response) throws Exception { + return getRoleController().removeChildRole(request, response); + } + + @RequestMapping(value = { "/portalApi/role/addChildRole" }, method = RequestMethod.POST) + public ModelAndView addChildRole(HttpServletRequest request, HttpServletResponse response) throws Exception { + return getRoleController().addChildRole(request, response); + } + + @RequestMapping(value = { "/portalApi/get_role/{appId}/{roleId}" }, method = RequestMethod.GET) + public void getRole(HttpServletRequest request, HttpServletResponse response, @PathVariable("appId") Long appId, + @PathVariable("roleId") Long roleId) throws Exception { + try { + EPUser user = EPUserUtils.getUserSession(request); + ObjectMapper mapper = new ObjectMapper(); + EPApp requestedApp = appService.getApp(appId); + if (isAuthorizedUser(user, requestedApp)) { + fieldsValidation(requestedApp); + if (requestedApp.getCentralAuth()) { + CentralV2Role answer = externalAccessRolesService.getRoleInfo(roleId, requestedApp.getUebKey()); + logger.info(EELFLoggerDelegate.applicationLogger, "role_id" + roleId); + Map model = new HashMap<>(); + model.put("availableRoleFunctions", mapper.writeValueAsString( + externalAccessRolesService.getRoleFuncList(requestedApp.getUebKey()))); + model.put("availableRoles", + mapper.writeValueAsString(getAvailableChildRoles(requestedApp.getUebKey(), roleId))); + model.put("role", mapper.writeValueAsString(answer)); + JsonMessage msg = new JsonMessage(mapper.writeValueAsString(model)); + JSONObject j = new JSONObject(msg); + response.getWriter().write(j.toString()); + } else + throw new NonCentralizedAppException(requestedApp.getName()); + } else { + logger.info(EELFLoggerDelegate.auditLogger, + "RoleManageController.getRoleFunctionList, Unauthorized user"); + SendErrorForUnauthorizedUser(response, user); + } + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, "getRole failed", e); + throw e; + } + } + + @RequestMapping(value = { "/portalApi/get_role_functions/{appId}" }, method = RequestMethod.GET) + public void getRoleFunctionList(HttpServletRequest request, HttpServletResponse response, + @PathVariable("appId") Long appId) throws Exception { + try { + EPUser user = EPUserUtils.getUserSession(request); + EPApp requestedApp = appService.getApp(appId); + if (isAuthorizedUser(user, requestedApp)) { + fieldsValidation(requestedApp); + if (requestedApp.getCentralAuth()) { + List answer = null; + Map model = new HashMap<>(); + ObjectMapper mapper = new ObjectMapper(); + answer = externalAccessRolesService.getRoleFuncList(requestedApp.getUebKey()); + model.put("availableRoleFunctions", answer); + JsonMessage msg = new JsonMessage(mapper.writeValueAsString(model)); + JSONObject j = new JSONObject(msg); + response.getWriter().write(j.toString()); + } else + throw new NonCentralizedAppException(requestedApp.getName()); + } else { + logger.info(EELFLoggerDelegate.auditLogger, + "RoleManageController.getRoleFunctionList, Unauthorized user"); + EcompPortalUtils.setBadPermissions(user, response, "createAdmin"); + response.getWriter().write("Unauthorized User"); + } + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, "getRoleFunctionList failed", e); + throw e; + } + } + + @RequestMapping(value = { "/portalApi/role_function_list/saveRoleFunction/{appId}" }, method = RequestMethod.POST) + public PortalRestResponse saveRoleFunction(HttpServletRequest request, HttpServletResponse response, @RequestBody CentralV2RoleFunction roleFunc, + @PathVariable("appId") Long appId) throws Exception { + EPUser user = EPUserUtils.getUserSession(request); + boolean saveOrUpdateResponse = false; + try { + EPApp requestedApp = appService.getApp(appId); + if (isAuthorizedUser(user, requestedApp)) { + fieldsValidation(requestedApp); + if (requestedApp.getCentralAuth()) { + saveOrUpdateResponse = externalAccessRolesService.saveCentralRoleFunction(roleFunc, requestedApp); + if (saveOrUpdateResponse) { + EPUser requestedUser = externalAccessRolesService.getUser(user.getOrgUserId()).get(0); + EPApp app = externalAccessRolesService.getApp(requestedApp.getUebKey()).get(0); + CentralV2RoleFunction function = externalAccessRolesService.getRoleFunction(roleFunc.getCode(), + requestedApp.getUebKey()); + String activityCode = (function.getCode() == null) + ? EcompAuditLog.CD_ACTIVITY_EXTERNAL_AUTH_ADD_FUNCTION + : EcompAuditLog.CD_ACTIVITY_EXTERNAL_AUTH_UPDATE_FUNCTION; + logger.info(EELFLoggerDelegate.applicationLogger, + "saveRoleFunction: succeeded for app {}, function {}", app.getId(), roleFunc.getCode()); + AuditLog auditLog = getAuditInfo(requestedUser, activityCode); + auditLog.setComments(EcompPortalUtils.truncateString("saveRoleFunction role for app:" + + app.getId() + " and function:'" + roleFunc.getCode() + "'", + PortalConstants.AUDIT_LOG_COMMENT_SIZE)); + auditService.logActivity(auditLog, null); + MDC.put(EPCommonSystemProperties.AUDITLOG_BEGIN_TIMESTAMP, + EPEELFLoggerAdvice.getCurrentDateTimeUTC()); + MDC.put(EPCommonSystemProperties.AUDITLOG_END_TIMESTAMP, + EPEELFLoggerAdvice.getCurrentDateTimeUTC()); + EcompPortalUtils.calculateDateTimeDifferenceForLog( + MDC.get(EPCommonSystemProperties.AUDITLOG_BEGIN_TIMESTAMP), + MDC.get(EPCommonSystemProperties.AUDITLOG_END_TIMESTAMP)); + logger.info(EELFLoggerDelegate.auditLogger, + EPLogUtil.formatAuditLogMessage("RoleManageController.saveRoleFunction", activityCode, + String.valueOf(requestedUser.getId()), requestedUser.getOrgUserId(), + roleFunc.getCode())); + MDC.remove(EPCommonSystemProperties.AUDITLOG_BEGIN_TIMESTAMP); + MDC.remove(EPCommonSystemProperties.AUDITLOG_END_TIMESTAMP); + MDC.remove(SystemProperties.MDC_TIMER); + } + } else + throw new NonCentralizedAppException(requestedApp.getName() + " is not Centralized Application"); + } else { + logger.info(EELFLoggerDelegate.auditLogger, + "RoleManageController.saveRoleFunction, Unauthorized user"); + EcompPortalUtils.setBadPermissions(user, response, "createAdmin"); + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "Unauthorized User", "Failure"); + } + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, "saveRoleFunction: Failed", e); + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, e.getMessage(), "Failure"); + } + return new PortalRestResponse<>(PortalRestStatusEnum.OK, "Saved Successfully!", "Success"); + } + + @RequestMapping(value = { "/portalApi/role_function_list/removeRoleFunction/{appId}" }, method = RequestMethod.POST) + public PortalRestResponse removeRoleFunction(HttpServletRequest request, HttpServletResponse response, + @RequestBody String roleFunc, @PathVariable("appId") Long appId) throws Exception { + EPUser user = EPUserUtils.getUserSession(request); + try { + EPApp requestedApp = appService.getApp(appId); + if (isAuthorizedUser(user, requestedApp)) { + fieldsValidation(requestedApp); + if (requestedApp.getCentralAuth()) { + ObjectMapper mapper = new ObjectMapper(); + String data = roleFunc; + CentralV2RoleFunction availableRoleFunction = mapper.readValue(data, CentralV2RoleFunction.class); + CentralV2RoleFunction domainRoleFunction = externalAccessRolesService + .getRoleFunction(availableRoleFunction.getCode(), requestedApp.getUebKey()); + boolean getDelFuncResponse = externalAccessRolesService + .deleteCentralRoleFunction(domainRoleFunction.getCode(), requestedApp); + if (getDelFuncResponse) { + logger.info(EELFLoggerDelegate.applicationLogger, + "deleteRoleFunction: succeeded for app {}, role {}", requestedApp.getId(), + domainRoleFunction.getCode()); + String activityCode = EcompAuditLog.CD_ACTIVITY_EXTERNAL_AUTH_DELETE_FUNCTION; + AuditLog auditLog = getAuditInfo(user, activityCode); + auditLog.setComments( + EcompPortalUtils.truncateString( + "Deleted function for app:" + requestedApp.getId() + " and function code:'" + + domainRoleFunction.getCode() + "'", + PortalConstants.AUDIT_LOG_COMMENT_SIZE)); + auditService.logActivity(auditLog, null); + MDC.put(EPCommonSystemProperties.AUDITLOG_BEGIN_TIMESTAMP, + EPEELFLoggerAdvice.getCurrentDateTimeUTC()); + MDC.put(EPCommonSystemProperties.AUDITLOG_END_TIMESTAMP, + EPEELFLoggerAdvice.getCurrentDateTimeUTC()); + EcompPortalUtils.calculateDateTimeDifferenceForLog( + MDC.get(EPCommonSystemProperties.AUDITLOG_BEGIN_TIMESTAMP), + MDC.get(EPCommonSystemProperties.AUDITLOG_END_TIMESTAMP)); + logger.info(EELFLoggerDelegate.auditLogger, + EPLogUtil.formatAuditLogMessage("RoleManageController.removeRoleFunction", + EcompAuditLog.CD_ACTIVITY_EXTERNAL_AUTH_DELETE_FUNCTION, + String.valueOf(user.getId()), user.getOrgUserId(), + domainRoleFunction.getCode())); + MDC.remove(EPCommonSystemProperties.AUDITLOG_BEGIN_TIMESTAMP); + MDC.remove(EPCommonSystemProperties.AUDITLOG_END_TIMESTAMP); + MDC.remove(SystemProperties.MDC_TIMER); + logger.info(EELFLoggerDelegate.auditLogger, + "Remove role function " + domainRoleFunction.getName()); + } + } else + throw new NonCentralizedAppException(requestedApp.getName() + " is not Centralized Application"); + } else { + logger.info(EELFLoggerDelegate.auditLogger, + "RoleManageController.removeRoleFunction, Unauthorized user"); + EcompPortalUtils.setBadPermissions(user, response, "createAdmin"); + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "Unauthorized User", "Failure"); + } + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, "removeRoleFunction failed", e); + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, e.getMessage(), "Failure"); + } + return new PortalRestResponse<>(PortalRestStatusEnum.OK, "Deleted Successfully!", "Success"); + } + + @RequestMapping(value = { "/portalApi/centralizedApps" }, method = RequestMethod.GET) + public List getCentralizedAppRoles(HttpServletRequest request, HttpServletResponse response, String userId) throws IOException { + EPUser user = EPUserUtils.getUserSession(request); + List applicationsList = null; + if (adminRolesService.isAccountAdmin(user) || adminRolesService.isSuperAdmin(user)) { + applicationsList = externalAccessRolesService.getCentralizedAppsOfUser(userId); + } else { + logger.info(EELFLoggerDelegate.auditLogger, + "RoleManageController.getCentralizedAppRoles, Unauthorized user"); + EcompPortalUtils.setBadPermissions(user, response, "createAdmin"); + } + return applicationsList; + } + + public RoleListController getRoleListController() { + return roleListController; + } + + public void setRoleListController(RoleListController roleListController) { + this.roleListController = roleListController; + } + + public RoleController getRoleController() { + return roleController; + } + + public void setRoleController(RoleController roleController) { + this.roleController = roleController; + } + + + @RequestMapping(value = { "/portalApi/syncRoles" }, method = RequestMethod.POST, produces = "application/json") + public PortalRestResponse syncRoles(HttpServletRequest request, HttpServletResponse response, + @RequestBody Long appId) { + EPUser user = EPUserUtils.getUserSession(request); + try { + EPApp app = appService.getApp(appId); + if (isAuthorizedUser(user, app)) { + fieldsValidation(app); + externalAccessRolesService.syncApplicationRolesWithEcompDB(app); + } else { + logger.info(EELFLoggerDelegate.auditLogger, + "RoleManageController.syncRoles, Unauthorized user:" + user.getOrgUserId()); + EcompPortalUtils.setBadPermissions(user, response, "createAdmin"); + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "Unauthorized User", "Failure"); + } + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, "failed syncRoles", e); + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, e.getMessage(), "Failed"); + } + return new PortalRestResponse<>(PortalRestStatusEnum.OK, "Sync roles completed successfully!", "Success"); + } + + @RequestMapping(value = { "/portalApi/syncFunctions" }, method = RequestMethod.POST, produces = "application/json") + public PortalRestResponse syncFunctions(HttpServletRequest request, HttpServletResponse response, + @RequestBody Long appId) { + EPUser user = EPUserUtils.getUserSession(request); + try { + EPApp app = appService.getApp(appId); + if (isAuthorizedUser(user, app)) { + fieldsValidation(app); + externalAccessRolesService.syncRoleFunctionFromExternalAccessSystem(app);; + } else { + logger.info(EELFLoggerDelegate.auditLogger, + "RoleManageController.syncFunctions, Unauthorized user:" + user.getOrgUserId()); + EcompPortalUtils.setBadPermissions(user, response, "createAdmin"); + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "Unauthorized User", "Failure"); + } + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, "failed syncFunctions", e); + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, e.getMessage(), "Failed"); + } + return new PortalRestResponse<>(PortalRestStatusEnum.OK, "Sync Functions completed successfully!", "Success"); + } + + public List getAvailableChildRoles(String uebKey, Long roleId) throws Exception { + List availableChildRoles = externalAccessRolesService.getRolesForApp(uebKey); + if (roleId == null || roleId == 0) { + return availableChildRoles; + } + CentralV2Role currentRole = externalAccessRolesService.getRoleInfo(roleId, uebKey); + Set allParentRoles = new TreeSet<>(); + allParentRoles = getAllParentRolesAsList(currentRole, allParentRoles); + Iterator availableChildRolesIterator = availableChildRoles.iterator(); + while (availableChildRolesIterator.hasNext()) { + CentralV2Role role = availableChildRolesIterator.next(); + if (!role.isActive() || allParentRoles.contains(role) || role.getId().equals(roleId)) { + availableChildRolesIterator.remove(); + } + } + return availableChildRoles; + } + + private Set getAllParentRolesAsList(CentralV2Role role, Set allParentRoles) { + Set parentRoles = role.getParentRoles(); + allParentRoles.addAll(parentRoles); + Iterator parentRolesIterator = parentRoles.iterator(); + while (parentRolesIterator.hasNext()) { + getAllParentRolesAsList(parentRolesIterator.next(), allParentRoles); + } + return allParentRoles; + } + + public AuditLog getAuditInfo(EPUser user, String activityCode) + { + AuditLog auditLog = new AuditLog(); + auditLog.setUserId(user.getId()); + auditLog.setActivityCode(activityCode); + auditLog.setAffectedRecordId(user.getOrgUserId()); + + return auditLog; + } + + private void fieldsValidation(EPApp app) throws Exception{ + app.getUebKey(); + List appInfo = externalAccessRolesService.getApp(app.getUebKey()); + if(appInfo.isEmpty()){ + throw new InvalidApplicationException("Invalid uebkey"); + } + if(!appInfo.isEmpty() && EcompPortalUtils.checkIfRemoteCentralAccessAllowed() && appInfo.get(0).getCentralAuth()){ + ResponseEntity response = externalAccessRolesService.getNameSpaceIfExists(appInfo.get(0)); + if (response.getStatusCode().value() == HttpServletResponse.SC_NOT_FOUND) + throw new InvalidApplicationException("Invalid NameSpace"); + } + } + + private boolean isAuthorizedUser(EPUser user, EPApp requestedApp) { + if (user != null && (adminRolesService.isAccountAdminOfApplication(user, requestedApp) + || (adminRolesService.isSuperAdmin(user) && requestedApp.getId() == PortalConstants.PORTAL_APP_ID))) + return true; + return false; + } + + private void SendErrorForUnauthorizedUser(HttpServletResponse response, EPUser user) throws IOException { + EcompPortalUtils.setBadPermissions(user, response, "createAdmin"); + response.getWriter().write("Unauthorized User"); + } +}