X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=ecomp-portal-BE-common%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Fportalapp%2Fportal%2Fcontroller%2FRoleManageController.java;h=3fda53929a62cb7d97536bce407e64a9e7a9bc90;hb=37f9e0c51405b634fea0d9fadafdb7d55190233d;hp=4956e3fdde6483cc70cf0b1d7ea7d66712870daa;hpb=2845910b34682056c1949f82e39d9205a26554e9;p=portal.git

diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/RoleManageController.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/RoleManageController.java
index 4956e3fd..3fda5392 100644
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/RoleManageController.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/RoleManageController.java
@@ -4,6 +4,8 @@
  * ===================================================================
  * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
  * ===================================================================
+ * Modifications Copyright (c) 2019 Samsung
+ * ===================================================================
  *
  * Unless otherwise specified, all software contained herein is licensed
  * under the Apache License, Version 2.0 (the "License");
@@ -48,6 +50,11 @@ import java.util.TreeSet;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import javax.validation.ConstraintViolation;
+import javax.validation.Valid;
+import javax.validation.Validation;
+import javax.validation.Validator;
+import javax.validation.ValidatorFactory;
 import org.apache.commons.lang.StringUtils;
 import org.json.JSONObject;
 import org.onap.portalapp.controller.EPRestrictedBaseController;
@@ -77,6 +84,7 @@ import org.onap.portalapp.portal.utils.EPCommonSystemProperties;
 import org.onap.portalapp.portal.utils.EcompPortalUtils;
 import org.onap.portalapp.portal.utils.PortalConstants;
 import org.onap.portalapp.util.EPUserUtils;
+import org.onap.portalapp.validation.SecureString;
 import org.onap.portalsdk.core.domain.AuditLog;
 import org.onap.portalsdk.core.domain.Role;
 import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
@@ -109,6 +117,8 @@ import com.fasterxml.jackson.databind.type.TypeFactory;
 @EnableAspectJAutoProxy
 @EPAuditLog
 public class RoleManageController extends EPRestrictedBaseController {
+	private static final ValidatorFactory VALIDATOR_FACTORY = Validation.buildDefaultValidatorFactory();
+
 	private static final String PIPE = "|";
 
 	private static final String ROLE_INVALID_CHARS = "%=():,\"\"";
@@ -495,8 +505,17 @@ public class RoleManageController extends EPRestrictedBaseController {
 	}
 
 	@RequestMapping(value = { "/portalApi/role_function_list/saveRoleFunction/{appId}" }, method = RequestMethod.POST)
-	public PortalRestResponse<String> saveRoleFunction(HttpServletRequest request, HttpServletResponse response, @RequestBody CentralV2RoleFunction roleFunc,
+	public PortalRestResponse<String> saveRoleFunction(HttpServletRequest request, HttpServletResponse response, @Valid @RequestBody CentralV2RoleFunction roleFunc,
 			@PathVariable("appId") Long appId) throws Exception {
+		if (roleFunc!=null) {
+			Validator validator = VALIDATOR_FACTORY.getValidator();
+			Set<ConstraintViolation<CentralV2RoleFunction>> constraintViolations = validator.validate(roleFunc);
+
+			if(!constraintViolations.isEmpty()){
+				logger.error(EELFLoggerDelegate.errorLogger, "saveRoleFunction: Failed");
+				return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "Data is not valid", "ERROR");
+			}
+		}
 		EPUser user = EPUserUtils.getUserSession(request);
 		boolean saveOrUpdateResponse = false;
 		try {
@@ -592,6 +611,19 @@ public class RoleManageController extends EPRestrictedBaseController {
 	public PortalRestResponse<String> removeRoleFunction(HttpServletRequest request, HttpServletResponse response,
 			@RequestBody String roleFunc, @PathVariable("appId") Long appId) throws Exception {
 		EPUser user = EPUserUtils.getUserSession(request);
+
+		if (roleFunc!=null) {
+			SecureString secureString = new SecureString(roleFunc);
+
+			Validator validator = VALIDATOR_FACTORY.getValidator();
+			Set<ConstraintViolation<SecureString>> constraintViolations = validator.validate(secureString);
+
+			if(!constraintViolations.isEmpty()){
+				logger.error(EELFLoggerDelegate.errorLogger, "removeRoleFunction: Failed");
+				return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "Data is not valid", "ERROR");
+			}
+		}
+
 		try {
 			EPApp requestedApp = appService.getApp(appId);
 			if (isAuthorizedUser(user, requestedApp)) {
@@ -654,9 +686,21 @@ public class RoleManageController extends EPRestrictedBaseController {
 
 	@RequestMapping(value = { "/portalApi/centralizedApps" }, method = RequestMethod.GET)
 	public List<CentralizedApp> getCentralizedAppRoles(HttpServletRequest request, HttpServletResponse response, String userId) throws IOException {
+		if(userId!=null) {
+			SecureString secureString = new SecureString(userId);
+
+			Validator validator = VALIDATOR_FACTORY.getValidator();
+			Set<ConstraintViolation<SecureString>> constraintViolations = validator.validate(secureString);
+
+			if(!constraintViolations.isEmpty()){
+				logger.error(EELFLoggerDelegate.errorLogger, "removeRoleFunction: Failed");
+				return null;
+			}
+		}
+
 		EPUser user = EPUserUtils.getUserSession(request);
 		List<CentralizedApp> applicationsList = null;
-			if (adminRolesService.isAccountAdmin(user) || adminRolesService.isSuperAdmin(user)) {
+			if (adminRolesService.isAccountAdmin(user) || adminRolesService.isSuperAdmin(user) || adminRolesService.isRoleAdmin(user)) {
 				applicationsList = externalAccessRolesService.getCentralizedAppsOfUser(userId);
 			} else {
 				logger.info(EELFLoggerDelegate.auditLogger,
@@ -694,7 +738,7 @@ public class RoleManageController extends EPRestrictedBaseController {
 				externalAccessRolesService.syncApplicationRolesWithEcompDB(app);
 			} else {
 				logger.info(EELFLoggerDelegate.auditLogger,
-						"RoleManageController.syncRoles, Unauthorized user:" + user.getOrgUserId());
+						"RoleManageController.syncRoles, Unauthorized user:{}", user != null ? user.getOrgUserId() : "");
 				EcompPortalUtils.setBadPermissions(user, response, "createAdmin");
 				return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "Unauthorized User", "Failure");
 			}
@@ -713,10 +757,10 @@ public class RoleManageController extends EPRestrictedBaseController {
 			EPApp app = appService.getApp(appId);
 			if (isAuthorizedUser(user, app)) {
 				fieldsValidation(app);
-				externalAccessRolesService.syncRoleFunctionFromExternalAccessSystem(app);;
+				externalAccessRolesService.syncRoleFunctionFromExternalAccessSystem(app);
 			} else {
 				logger.info(EELFLoggerDelegate.auditLogger,
-						"RoleManageController.syncFunctions, Unauthorized user:" + user.getOrgUserId());
+						"RoleManageController.syncFunctions, Unauthorized user:{}", user != null ? user.getOrgUserId() : "");
 				EcompPortalUtils.setBadPermissions(user, response, "createAdmin");
 				return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "Unauthorized User", "Failure");
 			}
@@ -769,7 +813,7 @@ public class RoleManageController extends EPRestrictedBaseController {
 		app.getUebKey();
 		List<EPApp> appInfo = externalAccessRolesService.getApp(app.getUebKey());
 		if(appInfo.isEmpty()){
-			throw new InvalidApplicationException("Invalid uebkey");
+			throw new InvalidApplicationException("Invalid credentials");
 		}
 		if(!appInfo.isEmpty() && EcompPortalUtils.checkIfRemoteCentralAccessAllowed() && appInfo.get(0).getCentralAuth()){
 			ResponseEntity<String> response = externalAccessRolesService.getNameSpaceIfExists(appInfo.get(0));
@@ -804,7 +848,7 @@ public class RoleManageController extends EPRestrictedBaseController {
 				logExterlaAuthRoleFunctionActivity(code , user, app, activityCode);
 			} else {
 				logger.info(EELFLoggerDelegate.auditLogger,
-						"RoleManageController.syncRoles, Unauthorized user:" + user.getOrgUserId());
+						"RoleManageController.syncRoles, Unauthorized user:{}", user != null ? user.getOrgUserId() : "");
 				EcompPortalUtils.setBadPermissions(user, response, "createAdmin");
 				return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "Unauthorized User", "Failure");
 			}