X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=ecomp-portal-BE-common%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Fportalapp%2Fportal%2Fcontroller%2FRoleManageController.java;h=3fda53929a62cb7d97536bce407e64a9e7a9bc90;hb=37f9e0c51405b634fea0d9fadafdb7d55190233d;hp=c9a6f5d111ca9926c3faff7d96fe00de7260e1ef;hpb=1376951553a11ed93a9fde45b7f26b51c0b31e9c;p=portal.git diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/RoleManageController.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/RoleManageController.java index c9a6f5d1..3fda5392 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/RoleManageController.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/RoleManageController.java @@ -4,6 +4,8 @@ * =================================================================== * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. * =================================================================== + * Modifications Copyright (c) 2019 Samsung + * =================================================================== * * Unless otherwise specified, all software contained herein is licensed * under the Apache License, Version 2.0 (the "License"); @@ -33,7 +35,7 @@ * * ============LICENSE_END============================================ * - * ECOMP is a trademark and service mark of AT&T Intellectual Property. + * */ package org.onap.portalapp.portal.controller; @@ -48,6 +50,11 @@ import java.util.TreeSet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import javax.validation.ConstraintViolation; +import javax.validation.Valid; +import javax.validation.Validation; +import javax.validation.Validator; +import javax.validation.ValidatorFactory; import org.apache.commons.lang.StringUtils; import org.json.JSONObject; import org.onap.portalapp.controller.EPRestrictedBaseController; @@ -60,6 +67,7 @@ import org.onap.portalapp.portal.domain.EPUser; import org.onap.portalapp.portal.domain.EcompAuditLog; import org.onap.portalapp.portal.ecomp.model.PortalRestResponse; import org.onap.portalapp.portal.ecomp.model.PortalRestStatusEnum; +import org.onap.portalapp.portal.ecomp.model.UploadRoleFunctionExtSystem; import org.onap.portalapp.portal.exceptions.DuplicateRecordException; import org.onap.portalapp.portal.exceptions.InvalidApplicationException; import org.onap.portalapp.portal.exceptions.InvalidRoleException; @@ -76,6 +84,7 @@ import org.onap.portalapp.portal.utils.EPCommonSystemProperties; import org.onap.portalapp.portal.utils.EcompPortalUtils; import org.onap.portalapp.portal.utils.PortalConstants; import org.onap.portalapp.util.EPUserUtils; +import org.onap.portalapp.validation.SecureString; import org.onap.portalsdk.core.domain.AuditLog; import org.onap.portalsdk.core.domain.Role; import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; @@ -108,6 +117,10 @@ import com.fasterxml.jackson.databind.type.TypeFactory; @EnableAspectJAutoProxy @EPAuditLog public class RoleManageController extends EPRestrictedBaseController { + private static final ValidatorFactory VALIDATOR_FACTORY = Validation.buildDefaultValidatorFactory(); + + private static final String PIPE = "|"; + private static final String ROLE_INVALID_CHARS = "%=():,\"\""; private static EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(RoleManageController.class); @@ -191,7 +204,7 @@ public class RoleManageController extends EPRestrictedBaseController { mapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false); CentralV2Role domainRole = externalAccessRolesService.getRoleInfo(roleId, requestedApp.getUebKey()); // role. toggle active ind - boolean active = domainRole.isActive(); + boolean active = domainRole.getActive(); domainRole.setActive(!active); String result = mapper.writeValueAsString(domainRole); @@ -321,11 +334,12 @@ public class RoleManageController extends EPRestrictedBaseController { List roles = externalAccessRolesService.getRolesForApp(requestedApp.getUebKey()); for (CentralV2Role existRole : roles) if (existRole.getName().equalsIgnoreCase(role.getName())) - throw new DuplicateRecordException("role already exists: " + existRole.getName()); + throw new DuplicateRecordException("Role already exists: " + existRole.getName()); domainRole = new CentralV2Role(); domainRole.setName(role.getName()); domainRole.setPriority(role.getPriority()); + domainRole.setActive(role.getActive()); if (role.getChildRoles() != null && role.getChildRoles().size() > 0) { for (Object childRole : childRoles) { domainRole.addChildRole((CentralV2Role) childRole); @@ -340,7 +354,7 @@ public class RoleManageController extends EPRestrictedBaseController { + " and action: " + roleFunction.getAction() + " found while saving!"); } roleFunction.setCode(externalAccessRolesService.encodeFunctionCode(roleFunction.getCode())); - roleFunction.setCode(roleFunction.getType() + "|" + roleFunction.getCode() + "|" + roleFunction.setCode(roleFunction.getType() + PIPE + roleFunction.getCode() + PIPE + roleFunction.getAction()); domainRole.addRoleFunction((CentralV2RoleFunction) roleFunction); } @@ -491,8 +505,17 @@ public class RoleManageController extends EPRestrictedBaseController { } @RequestMapping(value = { "/portalApi/role_function_list/saveRoleFunction/{appId}" }, method = RequestMethod.POST) - public PortalRestResponse saveRoleFunction(HttpServletRequest request, HttpServletResponse response, @RequestBody CentralV2RoleFunction roleFunc, + public PortalRestResponse saveRoleFunction(HttpServletRequest request, HttpServletResponse response, @Valid @RequestBody CentralV2RoleFunction roleFunc, @PathVariable("appId") Long appId) throws Exception { + if (roleFunc!=null) { + Validator validator = VALIDATOR_FACTORY.getValidator(); + Set> constraintViolations = validator.validate(roleFunc); + + if(!constraintViolations.isEmpty()){ + logger.error(EELFLoggerDelegate.errorLogger, "saveRoleFunction: Failed"); + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "Data is not valid", "ERROR"); + } + } EPUser user = EPUserUtils.getUserSession(request); boolean saveOrUpdateResponse = false; try { @@ -500,14 +523,20 @@ public class RoleManageController extends EPRestrictedBaseController { if (isAuthorizedUser(user, requestedApp)) { fieldsValidation(requestedApp); if (requestedApp.getCentralAuth()) { - CentralV2RoleFunction domainRoleFunction = externalAccessRolesService.getRoleFunction(roleFunc.getCode(), + String code = roleFunc.getType()+PIPE+roleFunc.getCode()+PIPE+roleFunc.getAction(); + CentralV2RoleFunction domainRoleFunction = externalAccessRolesService.getRoleFunction(code, requestedApp.getUebKey()); + if(domainRoleFunction != null && (domainRoleFunction.getType() == null || domainRoleFunction.getAction() == null)) { + addIfTypeActionDoesNotExits(domainRoleFunction); + } + boolean isSave = true; if (domainRoleFunction != null && domainRoleFunction.getCode().equals(roleFunc.getCode()) && domainRoleFunction.getType().equals(roleFunc.getType()) && domainRoleFunction.getAction().equals(roleFunc.getAction())) { domainRoleFunction.setName(roleFunc.getName()); saveOrUpdateResponse = externalAccessRolesService.saveCentralRoleFunction(domainRoleFunction, requestedApp); + isSave = false; } else { roleFunc.setAppId(requestedApp.getId()); saveOrUpdateResponse = externalAccessRolesService.saveCentralRoleFunction(roleFunc, @@ -516,32 +545,10 @@ public class RoleManageController extends EPRestrictedBaseController { if (saveOrUpdateResponse) { EPUser requestedUser = externalAccessRolesService.getUser(user.getOrgUserId()).get(0); EPApp app = externalAccessRolesService.getApp(requestedApp.getUebKey()).get(0); - CentralV2RoleFunction function = externalAccessRolesService.getRoleFunction(roleFunc.getCode(), - requestedApp.getUebKey()); - String activityCode = (function.getCode() == null) + String activityCode = (isSave) ? EcompAuditLog.CD_ACTIVITY_EXTERNAL_AUTH_ADD_FUNCTION : EcompAuditLog.CD_ACTIVITY_EXTERNAL_AUTH_UPDATE_FUNCTION; - logger.info(EELFLoggerDelegate.applicationLogger, - "saveRoleFunction: succeeded for app {}, function {}", app.getId(), roleFunc.getCode()); - AuditLog auditLog = getAuditInfo(requestedUser, activityCode); - auditLog.setComments(EcompPortalUtils.truncateString("saveRoleFunction role for app:" - + app.getId() + " and function:'" + roleFunc.getCode() + "'", - PortalConstants.AUDIT_LOG_COMMENT_SIZE)); - auditService.logActivity(auditLog, null); - MDC.put(EPCommonSystemProperties.AUDITLOG_BEGIN_TIMESTAMP, - EPEELFLoggerAdvice.getCurrentDateTimeUTC()); - MDC.put(EPCommonSystemProperties.AUDITLOG_END_TIMESTAMP, - EPEELFLoggerAdvice.getCurrentDateTimeUTC()); - EcompPortalUtils.calculateDateTimeDifferenceForLog( - MDC.get(EPCommonSystemProperties.AUDITLOG_BEGIN_TIMESTAMP), - MDC.get(EPCommonSystemProperties.AUDITLOG_END_TIMESTAMP)); - logger.info(EELFLoggerDelegate.auditLogger, - EPLogUtil.formatAuditLogMessage("RoleManageController.saveRoleFunction", activityCode, - String.valueOf(requestedUser.getId()), requestedUser.getOrgUserId(), - roleFunc.getCode())); - MDC.remove(EPCommonSystemProperties.AUDITLOG_BEGIN_TIMESTAMP); - MDC.remove(EPCommonSystemProperties.AUDITLOG_END_TIMESTAMP); - MDC.remove(SystemProperties.MDC_TIMER); + logExterlaAuthRoleFunctionActivity(code, requestedUser, app, activityCode); } } else throw new NonCentralizedAppException(requestedApp.getName() + " is not Centralized Application"); @@ -557,11 +564,66 @@ public class RoleManageController extends EPRestrictedBaseController { } return new PortalRestResponse<>(PortalRestStatusEnum.OK, "Saved Successfully!", "Success"); } + + private void logExterlaAuthRoleFunctionActivity(String code, EPUser requestedUser, EPApp app, String activityCode) { + logger.info(EELFLoggerDelegate.applicationLogger, + "saveRoleFunction: succeeded for app {}, function {}", app.getId(), code); + AuditLog auditLog = getAuditInfo(requestedUser, activityCode); + auditLog.setComments(EcompPortalUtils.truncateString("saveRoleFunction role for app:" + + app.getId() + " and function:'" + code + "'", + PortalConstants.AUDIT_LOG_COMMENT_SIZE)); + auditService.logActivity(auditLog, null); + MDC.put(EPCommonSystemProperties.AUDITLOG_BEGIN_TIMESTAMP, + EPEELFLoggerAdvice.getCurrentDateTimeUTC()); + MDC.put(EPCommonSystemProperties.AUDITLOG_END_TIMESTAMP, + EPEELFLoggerAdvice.getCurrentDateTimeUTC()); + EcompPortalUtils.calculateDateTimeDifferenceForLog( + MDC.get(EPCommonSystemProperties.AUDITLOG_BEGIN_TIMESTAMP), + MDC.get(EPCommonSystemProperties.AUDITLOG_END_TIMESTAMP)); + logger.info(EELFLoggerDelegate.auditLogger, + EPLogUtil.formatAuditLogMessage("RoleManageController.saveRoleFunction", activityCode, + String.valueOf(requestedUser.getId()), requestedUser.getOrgUserId(), + code)); + MDC.remove(EPCommonSystemProperties.AUDITLOG_BEGIN_TIMESTAMP); + MDC.remove(EPCommonSystemProperties.AUDITLOG_END_TIMESTAMP); + MDC.remove(SystemProperties.MDC_TIMER); + } + + + + private void addIfTypeActionDoesNotExits(CentralV2RoleFunction domainRoleFunction) { + if(domainRoleFunction.getCode().contains(PIPE)) { + String newfunctionCodeFormat = EcompPortalUtils.getFunctionCode(domainRoleFunction.getCode()); + String newfunctionTypeFormat = EcompPortalUtils.getFunctionType(domainRoleFunction.getCode()); + String newfunctionActionFormat = EcompPortalUtils.getFunctionAction(domainRoleFunction.getCode()); + domainRoleFunction.setType(newfunctionTypeFormat); + domainRoleFunction.setAction(newfunctionActionFormat); + domainRoleFunction.setCode(newfunctionCodeFormat); + } else { + String type = externalAccessRolesService.getFunctionCodeType(domainRoleFunction.getCode()); + String action = externalAccessRolesService.getFunctionCodeAction(domainRoleFunction.getCode()); + domainRoleFunction.setType(type); + domainRoleFunction.setAction(action); + } + } @RequestMapping(value = { "/portalApi/role_function_list/removeRoleFunction/{appId}" }, method = RequestMethod.POST) public PortalRestResponse removeRoleFunction(HttpServletRequest request, HttpServletResponse response, @RequestBody String roleFunc, @PathVariable("appId") Long appId) throws Exception { EPUser user = EPUserUtils.getUserSession(request); + + if (roleFunc!=null) { + SecureString secureString = new SecureString(roleFunc); + + Validator validator = VALIDATOR_FACTORY.getValidator(); + Set> constraintViolations = validator.validate(secureString); + + if(!constraintViolations.isEmpty()){ + logger.error(EELFLoggerDelegate.errorLogger, "removeRoleFunction: Failed"); + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "Data is not valid", "ERROR"); + } + } + try { EPApp requestedApp = appService.getApp(appId); if (isAuthorizedUser(user, requestedApp)) { @@ -571,17 +633,12 @@ public class RoleManageController extends EPRestrictedBaseController { String data = roleFunc; boolean getDelFuncResponse = false; CentralV2RoleFunction availableRoleFunction = mapper.readValue(data, CentralV2RoleFunction.class); - String code = availableRoleFunction.getType() + "|" + availableRoleFunction.getCode() + "|" + String code = availableRoleFunction.getType() + PIPE + availableRoleFunction.getCode() + PIPE + availableRoleFunction.getAction(); CentralV2RoleFunction domainRoleFunction = externalAccessRolesService.getRoleFunction(code, requestedApp.getUebKey()); - if (domainRoleFunction.getCode().contains("|")) { - getDelFuncResponse = externalAccessRolesService - .deleteCentralRoleFunction(code, requestedApp); - } else { - getDelFuncResponse = externalAccessRolesService - .deleteCentralRoleFunction(domainRoleFunction.getCode(), requestedApp); - } + getDelFuncResponse = externalAccessRolesService + .deleteCentralRoleFunction(domainRoleFunction.getCode(), requestedApp); if (getDelFuncResponse) { logger.info(EELFLoggerDelegate.applicationLogger, "deleteRoleFunction: succeeded for app {}, role {}", requestedApp.getId(), @@ -629,9 +686,21 @@ public class RoleManageController extends EPRestrictedBaseController { @RequestMapping(value = { "/portalApi/centralizedApps" }, method = RequestMethod.GET) public List getCentralizedAppRoles(HttpServletRequest request, HttpServletResponse response, String userId) throws IOException { + if(userId!=null) { + SecureString secureString = new SecureString(userId); + + Validator validator = VALIDATOR_FACTORY.getValidator(); + Set> constraintViolations = validator.validate(secureString); + + if(!constraintViolations.isEmpty()){ + logger.error(EELFLoggerDelegate.errorLogger, "removeRoleFunction: Failed"); + return null; + } + } + EPUser user = EPUserUtils.getUserSession(request); List applicationsList = null; - if (adminRolesService.isAccountAdmin(user) || adminRolesService.isSuperAdmin(user)) { + if (adminRolesService.isAccountAdmin(user) || adminRolesService.isSuperAdmin(user) || adminRolesService.isRoleAdmin(user)) { applicationsList = externalAccessRolesService.getCentralizedAppsOfUser(userId); } else { logger.info(EELFLoggerDelegate.auditLogger, @@ -669,7 +738,7 @@ public class RoleManageController extends EPRestrictedBaseController { externalAccessRolesService.syncApplicationRolesWithEcompDB(app); } else { logger.info(EELFLoggerDelegate.auditLogger, - "RoleManageController.syncRoles, Unauthorized user:" + user.getOrgUserId()); + "RoleManageController.syncRoles, Unauthorized user:{}", user != null ? user.getOrgUserId() : ""); EcompPortalUtils.setBadPermissions(user, response, "createAdmin"); return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "Unauthorized User", "Failure"); } @@ -688,10 +757,10 @@ public class RoleManageController extends EPRestrictedBaseController { EPApp app = appService.getApp(appId); if (isAuthorizedUser(user, app)) { fieldsValidation(app); - externalAccessRolesService.syncRoleFunctionFromExternalAccessSystem(app);; + externalAccessRolesService.syncRoleFunctionFromExternalAccessSystem(app); } else { logger.info(EELFLoggerDelegate.auditLogger, - "RoleManageController.syncFunctions, Unauthorized user:" + user.getOrgUserId()); + "RoleManageController.syncFunctions, Unauthorized user:{}", user != null ? user.getOrgUserId() : ""); EcompPortalUtils.setBadPermissions(user, response, "createAdmin"); return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "Unauthorized User", "Failure"); } @@ -713,7 +782,7 @@ public class RoleManageController extends EPRestrictedBaseController { Iterator availableChildRolesIterator = availableChildRoles.iterator(); while (availableChildRolesIterator.hasNext()) { CentralV2Role role = availableChildRolesIterator.next(); - if (!role.isActive() || allParentRoles.contains(role) || role.getId().equals(roleId)) { + if (!role.getActive() || allParentRoles.contains(role) || role.getId().equals(roleId)) { availableChildRolesIterator.remove(); } } @@ -744,7 +813,7 @@ public class RoleManageController extends EPRestrictedBaseController { app.getUebKey(); List appInfo = externalAccessRolesService.getApp(app.getUebKey()); if(appInfo.isEmpty()){ - throw new InvalidApplicationException("Invalid uebkey"); + throw new InvalidApplicationException("Invalid credentials"); } if(!appInfo.isEmpty() && EcompPortalUtils.checkIfRemoteCentralAccessAllowed() && appInfo.get(0).getCentralAuth()){ ResponseEntity response = externalAccessRolesService.getNameSpaceIfExists(appInfo.get(0)); @@ -764,4 +833,29 @@ public class RoleManageController extends EPRestrictedBaseController { EcompPortalUtils.setBadPermissions(user, response, "createAdmin"); response.getWriter().write("Unauthorized User"); } + + @RequestMapping(value = { "/portalApi/uploadRoleFunction/{appId}" }, method = RequestMethod.POST, produces = "application/json") + public PortalRestResponse bulkUploadRoleFunc(HttpServletRequest request, HttpServletResponse response, + @RequestBody UploadRoleFunctionExtSystem data, @PathVariable("appId") Long appId) { + EPUser user = EPUserUtils.getUserSession(request); + try { + EPApp app = appService.getApp(appId); + if (isAuthorizedUser(user, app)) { + fieldsValidation(app); + externalAccessRolesService.bulkUploadRoleFunc(data, app); + String activityCode = EcompAuditLog.CD_ACTIVITY_EXTERNAL_AUTH_UPDATE_ROLE_AND_FUNCTION; + String code = data.getName()+","+data.getType()+ PIPE + data.getInstance() + PIPE + data.getAction(); + logExterlaAuthRoleFunctionActivity(code , user, app, activityCode); + } else { + logger.info(EELFLoggerDelegate.auditLogger, + "RoleManageController.syncRoles, Unauthorized user:{}", user != null ? user.getOrgUserId() : ""); + EcompPortalUtils.setBadPermissions(user, response, "createAdmin"); + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "Unauthorized User", "Failure"); + } + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, "Failed bulkUploadRoleFunc!", e); + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, e.getMessage(), "Failed"); + } + return new PortalRestResponse<>(PortalRestStatusEnum.OK, "Uploaded Role Function successfully!", "Success"); + } }