X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=ecomp-portal-BE-common%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Fportalapp%2Fportal%2Fcontroller%2FUserRolesController.java;h=0d665a987bad8f9be88809692ff1f41396d88a6b;hb=3f56b9fdb4d2ec891344d6c9048363e1cac587d2;hp=167fa2e8528b4e2dcc2ca3bdc843ecf87eb31ab9;hpb=21a8761f684745bb300e075c7e98ad897ace9eed;p=portal.git

diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/UserRolesController.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/UserRolesController.java
index 167fa2e8..0d665a98 100644
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/UserRolesController.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/UserRolesController.java
@@ -2,7 +2,7 @@
  * ============LICENSE_START==========================================
  * ONAP Portal
  * ===================================================================
- * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+ * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
  * ===================================================================
  *
  * Unless otherwise specified, all software contained herein is licensed
@@ -33,7 +33,7 @@
  *
  * ============LICENSE_END============================================
  *
- * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+ * 
  */
 package org.onap.portalapp.portal.controller;
 
@@ -65,6 +65,8 @@ import org.onap.portalapp.portal.service.UserRolesService;
 import org.onap.portalapp.portal.transport.AppNameIdIsAdmin;
 import org.onap.portalapp.portal.transport.AppWithRolesForUser;
 import org.onap.portalapp.portal.transport.AppsListWithAdminRole;
+import org.onap.portalapp.portal.transport.EpNotificationItem;
+import org.onap.portalapp.portal.transport.ExternalRequestFieldsValidator;
 import org.onap.portalapp.portal.transport.FieldsValidator;
 import org.onap.portalapp.portal.transport.RoleInAppForUser;
 import org.onap.portalapp.portal.transport.UserApplicationRoles;
@@ -80,6 +82,7 @@ import org.onap.portalsdk.core.util.SystemProperties;
 import org.slf4j.MDC;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.EnableAspectJAutoProxy;
+import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -123,7 +126,7 @@ public class UserRolesController extends EPRestrictedBaseController {
 			HttpServletResponse response) {
 		EPUser user = EPUserUtils.getUserSession(request);
 		String searchResult = null;
-		if (!adminRolesService.isSuperAdmin(user) && !adminRolesService.isAccountAdmin(user)) {
+		if (!adminRolesService.isSuperAdmin(user) && !adminRolesService.isAccountAdmin(user) && !adminRolesService.isRoleAdmin(user)  ) {
 			EcompPortalUtils.setBadPermissions(user, response, "getPhoneBookSearchResult");
 		} else {
 			searchString = searchString.trim();
@@ -227,6 +230,7 @@ public class UserRolesController extends EPRestrictedBaseController {
 			}
 		}else{
 			logger.error(EELFLoggerDelegate.errorLogger, "putAppWithUserRoleStateForUser: putAppsWithAdminRoleStateForUser result is null");
+			fieldsValidator.httpStatusCode = new Long(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
 		}
 		
 		logger.info(EELFLoggerDelegate.errorLogger, newAppRoles.toString());
@@ -281,24 +285,26 @@ public class UserRolesController extends EPRestrictedBaseController {
 	@RequestMapping(value = { "/portalApi/userAppRoles" }, method = {
 			RequestMethod.GET }, produces = "application/json")
 	public List<RoleInAppForUser> getAppRolesForUser(HttpServletRequest request, @RequestParam("user") String orgUserId,
-			@RequestParam("app") Long appid, @RequestParam("externalRequest") Boolean extRequestValue,
+			@RequestParam("app") Long appid, @RequestParam("externalRequest") Boolean extRequestValue,@RequestParam("isSystemUser") Boolean isSystemUser,
 			HttpServletResponse response) {
 		EPUser user = EPUserUtils.getUserSession(request);
 		List<RoleInAppForUser> result = null;
 		String feErrorString = "";
-		if (!adminRolesService.isAccountAdmin(user)) {
+		if (!adminRolesService.isAccountAdmin(user) && !adminRolesService.isRoleAdmin(user) ) {
+			logger.debug(EELFLoggerDelegate.debugLogger, "getAppRolesForUser: Accountadminpermissioncheck {}, RoleAdmincheck {}", adminRolesService.isAccountAdmin(user) , adminRolesService.isRoleAdmin(user));
 			EcompPortalUtils.setBadPermissions(user, response, "getAppRolesForUser");
 			feErrorString = EcompPortalUtils.getFEErrorString(true, response.getStatus());
 		} else {
-			if (EcompPortalUtils.legitimateUserId(orgUserId)) {
-				result = userRolesService.getAppRolesForUser(appid, orgUserId, extRequestValue);
+			if ((!isSystemUser && EcompPortalUtils.legitimateUserId(orgUserId)) || isSystemUser) {
+				result = userRolesService.getAppRolesForUser(appid, orgUserId, extRequestValue, user);
+				logger.debug(EELFLoggerDelegate.debugLogger, "getAppRolesForUser: result {}, appId {}", result , appid);
 				int responseCode = EcompPortalUtils.getExternalAppResponseCode();
 				if (responseCode != 0 && responseCode != 200) {
 					// external error
 					response.setStatus(responseCode);
 					feErrorString = EcompPortalUtils.getFEErrorString(false, responseCode);
 				} else if (result == null) {
-					// If the result is null, there was an internal ecomp error
+					// If the result is null, there was an internal onap error
 					// in the service call.
 					response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
 					feErrorString = EcompPortalUtils.getFEErrorString(true,
@@ -342,45 +348,49 @@ public class UserRolesController extends EPRestrictedBaseController {
 
 	@RequestMapping(value = { "/portalApi/userAppRoles" }, method = {
 			RequestMethod.PUT }, produces = "application/json")
-	public FieldsValidator putAppWithUserRoleStateForUser(HttpServletRequest request,
+	public PortalRestResponse<String> putAppWithUserRoleStateForUser(HttpServletRequest request,
 			@RequestBody AppWithRolesForUser newAppRolesForUser, HttpServletResponse response) {
-		FieldsValidator fieldsValidator = new FieldsValidator();
+		//FieldsValidator fieldsValidator = new FieldsValidator();
+		PortalRestResponse<String> portalResponse = new PortalRestResponse<>();
 		StringBuilder sbUserApps = new StringBuilder();
 		if (newAppRolesForUser != null) {
-			sbUserApps.append("User '" + newAppRolesForUser.orgUserId);
-			if (newAppRolesForUser.appRoles != null && newAppRolesForUser.appRoles.size() >= 1) {
+			sbUserApps.append("User '" + newAppRolesForUser.getOrgUserId());
+			if (newAppRolesForUser.getAppId() != null && !newAppRolesForUser.getAppRoles().isEmpty()) {
 				sbUserApps.append("' has roles = { ");
-				for (RoleInAppForUser appRole : newAppRolesForUser.appRoles) {
+				for (RoleInAppForUser appRole : newAppRolesForUser.getAppRoles()) {
 					if (appRole.isApplied) {
 						sbUserApps.append(appRole.roleName + " ,");
 					}
 				}
 				sbUserApps.deleteCharAt(sbUserApps.length() - 1);
-				sbUserApps.append("} assigned for the app " + newAppRolesForUser.appId);
+				sbUserApps.append("} assigned for the app " + newAppRolesForUser.getAppId());
 			} else {
-				sbUserApps.append("' has no roles assigned for app " + newAppRolesForUser.appId);
+				sbUserApps.append("' has no roles assigned for app " + newAppRolesForUser.getAppId());
 			}
 		}
 		logger.info(EELFLoggerDelegate.applicationLogger, "putAppWithUserRoleStateForUser: {}", sbUserApps.toString());
 
 		EPUser user = EPUserUtils.getUserSession(request);
-		boolean changesApplied = false;
-		if (!adminRolesService.isAccountAdmin(user)) {
+		//boolean changesApplied = false;
+		ExternalRequestFieldsValidator changesApplied = null;
+
+		if (!adminRolesService.isAccountAdmin(user) && !adminRolesService.isRoleAdmin(user) ) {
 			EcompPortalUtils.setBadPermissions(user, response, "putAppWithUserRoleStateForUser");
 		} else if(newAppRolesForUser==null){
 			logger.error(EELFLoggerDelegate.errorLogger, "putAppWithUserRoleStateForUser: newAppRolesForUser is null");
 		} else{
-			changesApplied = userRolesService.setAppWithUserRoleStateForUser(user, newAppRolesForUser);
-			if (changesApplied) {
+			changesApplied= userRolesService.setAppWithUserRoleStateForUser(user, newAppRolesForUser);
+			try{
+				if (changesApplied.isResult()) {
 				logger.info(EELFLoggerDelegate.applicationLogger,
-						"putAppWithUserRoleStateForUser: succeeded for app {}, user {}", newAppRolesForUser.appId,
-						newAppRolesForUser.orgUserId);
+						"putAppWithUserRoleStateForUser: succeeded for app {}, user {}", newAppRolesForUser.getAppId(),
+						newAppRolesForUser.getAppId());
 
 				MDC.put(EPCommonSystemProperties.AUDITLOG_BEGIN_TIMESTAMP, EPEELFLoggerAdvice.getCurrentDateTimeUTC());
 				AuditLog auditLog = new AuditLog();
 				auditLog.setUserId(user.getId());
 				auditLog.setActivityCode(EcompAuditLog.CD_ACTIVITY_UPDATE_USER);
-				auditLog.setAffectedRecordId(newAppRolesForUser.orgUserId);
+				auditLog.setAffectedRecordId(newAppRolesForUser.getOrgUserId());
 				auditLog.setComments(EcompPortalUtils.truncateString(sbUserApps.toString(), PortalConstants.AUDIT_LOG_COMMENT_SIZE));
 				auditService.logActivity(auditLog, null);
 				
@@ -391,21 +401,29 @@ public class UserRolesController extends EPRestrictedBaseController {
 				logger.info(EELFLoggerDelegate.auditLogger,
 						EPLogUtil.formatAuditLogMessage("UserRolesController.putAppWithUserRoleStateForUser",
 								EcompAuditLog.CD_ACTIVITY_UPDATE_USER, user.getOrgUserId(),
-								newAppRolesForUser.orgUserId, sbUserApps.toString()));
+							newAppRolesForUser.getOrgUserId(), sbUserApps.toString()));
 				MDC.remove(EPCommonSystemProperties.AUDITLOG_BEGIN_TIMESTAMP);
 				MDC.remove(EPCommonSystemProperties.AUDITLOG_END_TIMESTAMP);
 				MDC.remove(SystemProperties.MDC_TIMER);
-			} else {
+				portalResponse = new PortalRestResponse<>(PortalRestStatusEnum.OK,"success",null);
+
+			}
+				 if (!changesApplied.isResult())
+						throw new Exception(changesApplied.getDetailMessage());
+			
+		}catch (Exception e){
 				logger.error(EELFLoggerDelegate.errorLogger,
-						"putAppWithUserRoleStateForUser: failed for app {}, user {}", newAppRolesForUser.appId,
-						newAppRolesForUser.orgUserId);
+						"putAppWithUserRoleStateForUser: failed for app {}, user {}", newAppRolesForUser.getAppId(),
+					newAppRolesForUser.getOrgUserId());
+				portalResponse = new PortalRestResponse<>(PortalRestStatusEnum.ERROR, e.getMessage(), null);
 			}
 		}
 
 		EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/userAppRoles", "put result =", changesApplied);
-		return fieldsValidator;
+		return portalResponse;
 	}
-
+	
+	
 	@RequestMapping(value = { "/portalApi/updateRemoteUserProfile" }, method = {
 			RequestMethod.GET }, produces = "application/json")
 	public PortalRestResponse<String> updateRemoteUserProfile(HttpServletRequest request,
@@ -543,4 +561,16 @@ public class UserRolesController extends EPRestrictedBaseController {
 		return result;
 	}
 
+	@RequestMapping(value = { "/portalApi/checkIfUserIsSuperAdmin" }, method = RequestMethod.GET, produces = "application/json")
+	public boolean checkIfUserIsSuperAdmin(HttpServletRequest request,
+			HttpServletResponse response) {
+		EPUser user = EPUserUtils.getUserSession(request);
+		boolean isSuperAdmin = false;
+		try {
+			isSuperAdmin = adminRolesService.isSuperAdmin(user) ;
+		} catch (Exception e) {
+			logger.error(EELFLoggerDelegate.errorLogger, "checkIfUserIsSuperAdmin failed: " + e.getMessage());
+		}
+		return isSuperAdmin;
+	}
 }