X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=ecomp-portal-BE-common%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Fportalapp%2Fportal%2Fcontroller%2FUserRolesController.java;h=9f89051df3de1448822bcc1f22232bac247623b8;hb=54c5ed82662ef681375675e58abc8058e3203466;hp=852e2bb83bc9309322071eb7650a571f74d87584;hpb=a084a8b0c35ddc1ea3a3159043b30f43f221c787;p=portal.git diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/UserRolesController.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/UserRolesController.java index 852e2bb8..9f89051d 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/UserRolesController.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/UserRolesController.java @@ -2,7 +2,7 @@ * ============LICENSE_START========================================== * ONAP Portal * =================================================================== - * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. + * Copyright (C) 2020 AT&T Intellectual Property. All rights reserved. * =================================================================== * * Unless otherwise specified, all software contained herein is licensed @@ -55,6 +55,7 @@ import org.onap.portalapp.portal.ecomp.model.PortalRestResponse; import org.onap.portalapp.portal.ecomp.model.PortalRestStatusEnum; import org.onap.portalapp.portal.logging.aop.EPAuditLog; import org.onap.portalapp.portal.logging.aop.EPEELFLoggerAdvice; +import org.onap.portalapp.portal.logging.format.EPAppMessagesEnum; import org.onap.portalapp.portal.logging.logic.EPLogUtil; import org.onap.portalapp.portal.service.AdminRolesService; import org.onap.portalapp.portal.service.ApplicationsRestClientService; @@ -75,14 +76,15 @@ import org.onap.portalsdk.core.domain.AuditLog; import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; import org.onap.portalsdk.core.restful.domain.EcompRole; import org.onap.portalsdk.core.service.AuditService; +import org.onap.portalsdk.core.service.DataAccessService; import org.onap.portalsdk.core.util.SystemProperties; import org.slf4j.MDC; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.EnableAspectJAutoProxy; import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.RequestBody; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RequestMethod; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.PutMapping; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.RestController; @@ -103,6 +105,8 @@ public class UserRolesController extends EPRestrictedBaseController { private ApplicationsRestClientService applicationsRestClientService; @Autowired private AuditService auditService; + @Autowired + private DataAccessService dataAccessService; private static final String FAILURE = "failure"; @@ -114,7 +118,7 @@ public class UserRolesController extends EPRestrictedBaseController { * @param response HttpServletResponse * @return array of found users as json */ - @RequestMapping(value = { "/portalApi/queryUsers" }, method = RequestMethod.GET, produces = "application/json") + @GetMapping(value = { "/portalApi/queryUsers" }, produces = "application/json") public String getPhoneBookSearchResult(HttpServletRequest request, @RequestParam("search") String searchString, HttpServletResponse response) { EPUser user = EPUserUtils.getUserSession(request); @@ -144,8 +148,7 @@ public class UserRolesController extends EPRestrictedBaseController { * @param response HttpServletResponse * @return for GET: array of all applications with boolean isAdmin=true/false for each application */ - @RequestMapping(value = { "/portalApi/adminAppsRoles" }, method = { - RequestMethod.GET }, produces = "application/json") + @GetMapping(value = { "/portalApi/adminAppsRoles" }, produces = "application/json") public AppsListWithAdminRole getAppsWithAdminRoleStateForUser(HttpServletRequest request, @RequestParam("user") String orgUserId, HttpServletResponse response) { @@ -195,8 +198,7 @@ public class UserRolesController extends EPRestrictedBaseController { * @param response HttpServletResponse * @return FieldsValidator */ - @RequestMapping(value = { "/portalApi/adminAppsRoles" }, method = { - RequestMethod.PUT }, produces = "application/json") + @PutMapping(value = { "/portalApi/adminAppsRoles" }, produces = "application/json") public FieldsValidator putAppsWithAdminRoleStateForUser(HttpServletRequest request, @RequestBody AppsListWithAdminRole newAppsListWithAdminRoles, HttpServletResponse response) { @@ -241,21 +243,12 @@ public class UserRolesController extends EPRestrictedBaseController { auditLog.setComments( EcompPortalUtils.truncateString(newAppRoles.toString(), PortalConstants.AUDIT_LOG_COMMENT_SIZE)); auditService.logActivity(auditLog, null); + String auditMessageInfo = EPLogUtil.formatAuditLogMessage("UserRolesController.putAppsWithAdminRoleStateForUser", + EcompAuditLog.CD_ACTIVITY_UPDATE_ACCOUNT_ADMIN, user.getOrgUserId(), + newAppsListWithAdminRoles.orgUserId, newAppRoles.toString()); - MDC.put(EPCommonSystemProperties.AUDITLOG_BEGIN_TIMESTAMP, EPEELFLoggerAdvice.getCurrentDateTimeUTC()); - MDC.put(EPCommonSystemProperties.AUDITLOG_END_TIMESTAMP, EPEELFLoggerAdvice.getCurrentDateTimeUTC()); - EcompPortalUtils.calculateDateTimeDifferenceForLog( - MDC.get(EPCommonSystemProperties.AUDITLOG_BEGIN_TIMESTAMP), - MDC.get(EPCommonSystemProperties.AUDITLOG_END_TIMESTAMP)); - if (newAppsListWithAdminRoles != null) { - logger.info(EELFLoggerDelegate.auditLogger, - EPLogUtil.formatAuditLogMessage("UserRolesController.putAppsWithAdminRoleStateForUser", - EcompAuditLog.CD_ACTIVITY_UPDATE_ACCOUNT_ADMIN, user.getOrgUserId(), - newAppsListWithAdminRoles.orgUserId, newAppRoles.toString())); - } - MDC.remove(EPCommonSystemProperties.AUDITLOG_BEGIN_TIMESTAMP); - MDC.remove(EPCommonSystemProperties.AUDITLOG_END_TIMESTAMP); - MDC.remove(SystemProperties.MDC_TIMER); + EPLogUtil.logAuditMessage(logger, auditMessageInfo); + } EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/adminAppsRoles", "put result =", changesApplied); @@ -272,8 +265,7 @@ public class UserRolesController extends EPRestrictedBaseController { * @param extRequestValue set to false if request is from users page otherwise true * @return List */ - @RequestMapping(value = { "/portalApi/userAppRoles" }, method = { - RequestMethod.GET }, produces = "application/json") + @GetMapping(value = { "/portalApi/userAppRoles" }, produces = "application/json") public List getAppRolesForUser(HttpServletRequest request, @RequestParam("user") String orgUserId, @RequestParam("app") Long appid, @RequestParam("externalRequest") Boolean extRequestValue, @RequestParam("isSystemUser") Boolean isSystemUser, @@ -288,6 +280,18 @@ public class UserRolesController extends EPRestrictedBaseController { EcompPortalUtils.setBadPermissions(user, response, "getAppRolesForUser"); feErrorString = EcompPortalUtils.getFEErrorString(true, response.getStatus()); } else { + try { + if(orgUserId!=null) { + EPUser localUser = getUserInfo(orgUserId,applicationsRestClientService); + if(localUser !=null) { + if(localUser.isSystemUser()) { + isSystemUser = true; + } + } + } + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, "isSystemUser update failed", e); + } if ((!isSystemUser && EcompPortalUtils.legitimateUserId(orgUserId)) || isSystemUser) { result = userRolesService.getAppRolesForUser(appid, orgUserId, extRequestValue, user); logger.debug(EELFLoggerDelegate.debugLogger, "getAppRolesForUser: result {}, appId {}", result, appid); @@ -339,8 +343,7 @@ public class UserRolesController extends EPRestrictedBaseController { return result; } - @RequestMapping(value = { "/portalApi/userAppRoles" }, method = { - RequestMethod.PUT }, produces = "application/json") + @PutMapping(value = { "/portalApi/userAppRoles" }, produces = "application/json") public PortalRestResponse putAppWithUserRoleStateForUser(HttpServletRequest request, @RequestBody AppWithRolesForUser newAppRolesForUser, HttpServletResponse response) { // FieldsValidator fieldsValidator = new FieldsValidator(); @@ -389,20 +392,13 @@ public class UserRolesController extends EPRestrictedBaseController { auditLog.setComments(EcompPortalUtils.truncateString(sbUserApps.toString(), PortalConstants.AUDIT_LOG_COMMENT_SIZE)); auditService.logActivity(auditLog, null); + String auditMessageInfo = EPLogUtil.formatAuditLogMessage("UserRolesController.putAppWithUserRoleStateForUser", + EcompAuditLog.CD_ACTIVITY_UPDATE_USER, user.getOrgUserId(), + newAppRolesForUser.getOrgUserId(), sbUserApps.toString()); - MDC.put(EPCommonSystemProperties.AUDITLOG_END_TIMESTAMP, - EPEELFLoggerAdvice.getCurrentDateTimeUTC()); - EcompPortalUtils.calculateDateTimeDifferenceForLog( - MDC.get(EPCommonSystemProperties.AUDITLOG_BEGIN_TIMESTAMP), - MDC.get(EPCommonSystemProperties.AUDITLOG_END_TIMESTAMP)); - logger.info(EELFLoggerDelegate.auditLogger, - EPLogUtil.formatAuditLogMessage("UserRolesController.putAppWithUserRoleStateForUser", - EcompAuditLog.CD_ACTIVITY_UPDATE_USER, user.getOrgUserId(), - newAppRolesForUser.getOrgUserId(), sbUserApps.toString())); - MDC.remove(EPCommonSystemProperties.AUDITLOG_BEGIN_TIMESTAMP); - MDC.remove(EPCommonSystemProperties.AUDITLOG_END_TIMESTAMP); - MDC.remove(SystemProperties.MDC_TIMER); - portalResponse = new PortalRestResponse<>(PortalRestStatusEnum.OK, "success", null); + EPLogUtil.logAuditMessage(logger, auditMessageInfo); + + portalResponse = new PortalRestResponse<>(PortalRestStatusEnum.OK, "success", null); } if (!changesApplied.isResult()) @@ -420,8 +416,7 @@ public class UserRolesController extends EPRestrictedBaseController { return portalResponse; } - @RequestMapping(value = { "/portalApi/updateRemoteUserProfile" }, method = { - RequestMethod.GET }, produces = "application/json") + @GetMapping(value = { "/portalApi/updateRemoteUserProfile" }, produces = "application/json") public PortalRestResponse updateRemoteUserProfile(HttpServletRequest request, HttpServletResponse response) { @@ -440,8 +435,7 @@ public class UserRolesController extends EPRestrictedBaseController { } - @RequestMapping(value = { "/portalApi/app/{appId}/users" }, method = { - RequestMethod.GET }, produces = "application/json") + @GetMapping(value = { "/portalApi/app/{appId}/users" }, produces = "application/json") public List getUsersFromAppEndpoint(HttpServletRequest request, @PathVariable("appId") Long appId) throws HTTPException { try { @@ -453,8 +447,7 @@ public class UserRolesController extends EPRestrictedBaseController { } } - @RequestMapping(value = { "/portalApi/app/{appId}/roles" }, method = { - RequestMethod.GET }, produces = "application/json") + @GetMapping(value = { "/portalApi/app/{appId}/roles" }, produces = "application/json") public List testGetRoles(HttpServletRequest request, @PathVariable("appId") Long appId) throws HTTPException { EcompRole[] appRoles = applicationsRestClientService.get(EcompRole[].class, appId, "/roles"); @@ -465,8 +458,7 @@ public class UserRolesController extends EPRestrictedBaseController { return rolesList; } - @RequestMapping(value = { "/portalApi/admin/import/app/{appId}/roles" }, method = { - RequestMethod.GET }, produces = "application/json") + @GetMapping(value = { "/portalApi/admin/import/app/{appId}/roles" }, produces = "application/json") public List importRolesFromRemoteApplication(HttpServletRequest request, @PathVariable("appId") Long appId) throws HTTPException { List rolesList = userRolesService.importRolesFromRemoteApplication(appId); @@ -476,8 +468,7 @@ public class UserRolesController extends EPRestrictedBaseController { return rolesList; } - @RequestMapping(value = { "/portalApi/app/{appId}/user/{orgUserId}/roles" }, method = { - RequestMethod.GET }, produces = "application/json") + @GetMapping(value = { "/portalApi/app/{appId}/user/{orgUserId}/roles" }, produces = "application/json") public EcompRole testGetRoles(HttpServletRequest request, @PathVariable("appId") Long appId, @PathVariable("orgUserId") String orgUserId) throws Exception { if (!EcompPortalUtils.legitimateUserId(orgUserId)) { @@ -498,8 +489,7 @@ public class UserRolesController extends EPRestrictedBaseController { return roles[0]; } - @RequestMapping(value = { "/portalApi/saveUserAppRoles" }, method = { - RequestMethod.PUT }, produces = "application/json") + @PutMapping(value = { "/portalApi/saveUserAppRoles" }, produces = "application/json") public FieldsValidator putAppWithUserRoleRequest(HttpServletRequest request, @RequestBody AppWithRolesForUser newAppRolesForUser, HttpServletResponse response) { FieldsValidator fieldsValidator = null; @@ -519,8 +509,7 @@ public class UserRolesController extends EPRestrictedBaseController { return fieldsValidator; } - @RequestMapping(value = { "/portalApi/appCatalogRoles" }, method = { - RequestMethod.GET }, produces = "application/json") + @GetMapping(value = { "/portalApi/appCatalogRoles" }, produces = "application/json") public List getUserAppCatalogRoles(HttpServletRequest request, @RequestParam("appName") String appName) { EPUser user = EPUserUtils.getUserSession(request); @@ -545,7 +534,7 @@ public class UserRolesController extends EPRestrictedBaseController { } }; - @RequestMapping(value = "/portalApi/externalRequestAccessSystem", method = RequestMethod.GET, + @GetMapping(value = "/portalApi/externalRequestAccessSystem", produces = "application/json") public ExternalSystemAccess readExternalRequestAccess(HttpServletRequest request) { ExternalSystemAccess result = null; @@ -559,8 +548,7 @@ public class UserRolesController extends EPRestrictedBaseController { return result; } - @RequestMapping(value = { "/portalApi/checkIfUserIsSuperAdmin" }, method = RequestMethod.GET, - produces = "application/json") + @GetMapping(value = { "/portalApi/checkIfUserIsSuperAdmin" }, produces = "application/json") public boolean checkIfUserIsSuperAdmin(HttpServletRequest request, HttpServletResponse response) { EPUser user = EPUserUtils.getUserSession(request); @@ -572,4 +560,23 @@ public class UserRolesController extends EPRestrictedBaseController { } return isSuperAdmin; } + + /** + * + * @param userId + * @param app + * @param applicationsRestClientService + * @return EPUser + * @throws HTTPException + */ + protected EPUser getUserInfo(String userId, ApplicationsRestClientService applicationsRestClientService) + throws HTTPException { + @SuppressWarnings("unchecked") + List userList = (List) dataAccessService + .executeQuery("from EPUser where orgUserId='" + userId + "'", null); + if (userList != null && !userList.isEmpty()) + return userList.get(0); + else + return null; + } }