X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=ecomp-portal-BE-common%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Fportalapp%2Fportal%2Fservice%2FAdminRolesServiceImpl.java;h=969ccc5f8831c8873cdd18a2a182f0fc2e5ef1b6;hb=fca38e174e85b66c67ab9e8b754a9b53d70fbfd9;hp=653e974b403aa5059493a941f76496f23927fe44;hpb=21a8761f684745bb300e075c7e98ad897ace9eed;p=portal.git diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/AdminRolesServiceImpl.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/AdminRolesServiceImpl.java index 653e974b..969ccc5f 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/AdminRolesServiceImpl.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/AdminRolesServiceImpl.java @@ -4,6 +4,8 @@ * =================================================================== * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. * =================================================================== + * Modifications Copyright (c) 2019 Samsung + * =================================================================== * * Unless otherwise specified, all software contained herein is licensed * under the Apache License, Version 2.0 (the "License"); @@ -33,18 +35,18 @@ * * ============LICENSE_END============================================ * - * ECOMP is a trademark and service mark of AT&T Intellectual Property. + * */ package org.onap.portalapp.portal.service; import java.util.ArrayList; import java.util.HashMap; +import java.util.HashSet; import java.util.List; import java.util.Map; -import java.util.SortedSet; - +import java.util.Set; +import java.util.stream.Collectors; import javax.annotation.PostConstruct; - import org.apache.cxf.common.util.StringUtils; import org.hibernate.Session; import org.hibernate.SessionFactory; @@ -57,6 +59,7 @@ import org.onap.portalapp.portal.domain.EPUser; import org.onap.portalapp.portal.domain.EPUserApp; import org.onap.portalapp.portal.domain.UserIdRoleId; import org.onap.portalapp.portal.domain.UserRole; +import org.onap.portalapp.portal.exceptions.RoleFunctionException; import org.onap.portalapp.portal.logging.aop.EPMetricsLog; import org.onap.portalapp.portal.logging.format.EPAppMessagesEnum; import org.onap.portalapp.portal.logging.logic.EPLogUtil; @@ -66,6 +69,7 @@ import org.onap.portalapp.portal.transport.ExternalAccessUser; import org.onap.portalapp.portal.utils.EPCommonSystemProperties; import org.onap.portalapp.portal.utils.EcompPortalUtils; import org.onap.portalapp.portal.utils.PortalConstants; +import org.onap.portalapp.util.EPUserUtils; import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; import org.onap.portalsdk.core.service.DataAccessService; import org.onap.portalsdk.core.util.SystemProperties; @@ -78,7 +82,6 @@ import org.springframework.http.ResponseEntity; import org.springframework.stereotype.Service; import org.springframework.transaction.annotation.Transactional; import org.springframework.web.client.RestTemplate; - import com.fasterxml.jackson.databind.ObjectMapper; @Service("adminRolesService") @@ -91,6 +94,8 @@ public class AdminRolesServiceImpl implements AdminRolesService { private Long SYS_ADMIN_ROLE_ID = 1L; private Long ACCOUNT_ADMIN_ROLE_ID = 999L; private Long ECOMP_APP_ID = 1L; + public static final String TYPE_APPROVER = "approver"; + private static final String ADMIN_ACCOUNT= "Is account admin for user {}"; private EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(AdminRolesServiceImpl.class); @@ -102,6 +107,8 @@ public class AdminRolesServiceImpl implements AdminRolesService { private SearchService searchService; @Autowired private EPAppService appsService; + @Autowired + private ExternalAccessRolesService externalAccessRolesService; private RestTemplate template = new RestTemplate(); @@ -130,9 +137,9 @@ public class AdminRolesServiceImpl implements AdminRolesService { try { userList = dataAccessService.executeNamedQuery("getEPUserByOrgUserId", userParams, null); } catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger, "getEPUserByOrgUserId failed", e); + logger.error(EELFLoggerDelegate.errorLogger, "getEPUserByOrgUserId failed", e); } - + HashMap appsUserAdmin = new HashMap(); if (userList!= null && userList.size() > 0) { EPUser user = userList.get(0); @@ -153,8 +160,10 @@ public class AdminRolesServiceImpl implements AdminRolesService { appsListWithAdminRole.orgUserId = orgUserId; List appsList = null; try { - appsList = dataAccessService.getList(EPApp.class, - " where ( enabled = 'Y' or id = " + ECOMP_APP_ID + ")", null, null); +// appsList = dataAccessService.getList(EPApp.class, +// null, null, null); + + appsList = dataAccessService.getList(EPApp.class, null); } catch (Exception e) { logger.error(EELFLoggerDelegate.errorLogger, "getAppsWithAdminRoleStateForUser 2 failed", e); EPLogUtil.logEcompError(EPAppMessagesEnum.BeDaoSystemError); @@ -187,9 +196,9 @@ public class AdminRolesServiceImpl implements AdminRolesService { List apps = appsService.getAppsFullList(); HashMap enabledApps = new HashMap(); for (EPApp app : apps) { - if (app.getEnabled().booleanValue() || app.getId() == ECOMP_APP_ID) { +// if (app.getEnabled().booleanValue() || app.getId() == ECOMP_APP_ID) { enabledApps.put(app.getId(), app); - } +// } } List newAppsWhereUserIsAdmin = new ArrayList(); for (AppNameIdIsAdmin adminRole : newAppsListWithAdminRoles.appsRoles) { @@ -251,7 +260,8 @@ public class AdminRolesServiceImpl implements AdminRolesService { if (EcompPortalUtils.checkIfRemoteCentralAccessAllowed()) { // Add user admin role for list of centralized applications in external system addAdminRoleInExternalSystem(user, localSession, newAppsWhereUserIsAdmin); - } + result = true; + } } catch (Exception e) { EPLogUtil.logEcompError(logger, EPAppMessagesEnum.BeDaoSystemError, e); logger.error(EELFLoggerDelegate.errorLogger, @@ -339,7 +349,7 @@ public class AdminRolesServiceImpl implements AdminRolesService { for (AppNameIdIsAdmin appNameIdIsAdmin : newAppsWhereUserIsAdmin) { EPApp app = (EPApp) localSession.get(EPApp.class, appNameIdIsAdmin.id); try { - if (app.getCentralAuth()) { + if (app.getRolesInAAF()) { String extRole = app.getNameSpace() + "." + PortalConstants.ADMIN_ROLE.replaceAll(" ", "_"); HttpEntity entity = new HttpEntity<>(headers); String name = ""; @@ -409,7 +419,7 @@ public class AdminRolesServiceImpl implements AdminRolesService { @SuppressWarnings("unchecked") @Override public boolean isSuperAdmin(EPUser user) { - if ((user != null) /* && (user.getId() == null) */ && (user.getOrgUserId() != null)) { + if ((user != null) && (user.getOrgUserId() != null)) { String sql = "SELECT user.USER_ID, user.org_user_id, userrole.ROLE_ID, userrole.APP_ID FROM fn_user_role userrole " + "INNER JOIN fn_user user ON user.USER_ID = userrole.USER_ID " + "WHERE user.org_user_id = '" + user.getOrgUserId() + "' " + "AND userrole.ROLE_ID = '" + SYS_ADMIN_ROLE_ID + "' " @@ -425,34 +435,32 @@ public class AdminRolesServiceImpl implements AdminRolesService { "Exception occurred while executing isSuperAdmin operation", e); } } - // else - // { - // User currentUser = user != null ? (User) - // dataAccessService.getDomainObject(User.class, user.getId(), null) : - // null; - // if (currentUser != null && currentUser.getId() != null) { - // for (UserApp userApp : currentUser.getUserApps()) { - // if (userApp.getApp().getId().equals(ECOMP_APP_ID) && - // userApp.getRole().getId().equals(SYS_ADMIN_ROLE_ID)) { - // // Super Administrator role is global, no need to keep iterating - // return true; - // } - // } - // } - // } return false; } public boolean isAccountAdmin(EPUser user) { try { - EPUser currentUser = user != null - ? (EPUser) dataAccessService.getDomainObject(EPUser.class, user.getId(), null) - : null; + if (user == null) { + return false; + } + + EPUser currentUser = (EPUser) dataAccessService.getDomainObject(EPUser.class, user.getId(), null); + + final Map userParams = new HashMap<>(); + userParams.put("userId", user.getId()); + logger.debug(EELFLoggerDelegate.debugLogger, ADMIN_ACCOUNT, user.getId()); + List userAdminApps = new ArrayList<>(); + + userAdminApps =dataAccessService.executeNamedQuery("getAdminAppsForTheUser", userParams, null); + logger.debug(EELFLoggerDelegate.debugLogger, "Is account admin for userAdminApps() - for user {}, found userAdminAppsSize {}", user.getOrgUserId(), userAdminApps.size()); + + if (currentUser != null && currentUser.getId() != null) { for (EPUserApp userApp : currentUser.getEPUserApps()) { - if (// !userApp.getApp().getId().equals(ECOMP_APP_ID) - // && - userApp.getRole().getId().equals(ACCOUNT_ADMIN_ROLE_ID)) { + + + if (userApp.getRole().getId().equals(ACCOUNT_ADMIN_ROLE_ID)||(userAdminApps.size()>1)) { + logger.debug(EELFLoggerDelegate.debugLogger, "Is account admin for userAdminApps() - for user {}, found Id {}", user.getOrgUserId(), userApp.getRole().getId()); // Account Administrator sees only the applications // he/she is Administrator return true; @@ -467,6 +475,39 @@ public class AdminRolesServiceImpl implements AdminRolesService { return false; } + + public boolean isRoleAdmin(EPUser user) { + try { + logger.debug(EELFLoggerDelegate.debugLogger, "Checking if user has isRoleAdmin access"); + + final Map userParams = new HashMap<>(); + userParams.put("userId", user.getId()); + List getRoleFuncListOfUser = dataAccessService.executeNamedQuery("getRoleFunctionsOfUserforAlltheApplications", userParams, null); + logger.debug(EELFLoggerDelegate.debugLogger, "Checking if user has isRoleAdmin access :: getRoleFuncListOfUser" , getRoleFuncListOfUser); + Set getRoleFuncListOfPortalSet = new HashSet<>(getRoleFuncListOfUser); + Set getRoleFuncListOfPortalSet1=new HashSet<>(); + Set roleFunSet = new HashSet<>(); + roleFunSet = getRoleFuncListOfPortalSet.stream().filter(x -> x.contains("|")).collect(Collectors.toSet()); + if (!roleFunSet.isEmpty()) + for (String roleFunction : roleFunSet) { + String type = externalAccessRolesService.getFunctionCodeType(roleFunction); + getRoleFuncListOfPortalSet1.add(type); + } + + boolean checkIfFunctionsExits = getRoleFuncListOfPortalSet1.stream() + .anyMatch(roleFunction -> roleFunction.equalsIgnoreCase("Approver")); + logger.debug(EELFLoggerDelegate.debugLogger, "Checking if user has approver rolefunction" , checkIfFunctionsExits); + + return checkIfFunctionsExits; + + } catch (Exception e) { + EPLogUtil.logEcompError(logger, EPAppMessagesEnum.BeDaoSystemError, e); + logger.error(EELFLoggerDelegate.errorLogger, "Exception occurred while executing isRoleAdmin operation", + e); + } + return false; + } + public boolean isUser(EPUser user) { try { EPUser currentUser = user != null @@ -506,24 +547,71 @@ public class AdminRolesServiceImpl implements AdminRolesService { @Override public boolean isAccountAdminOfApplication(EPUser user, EPApp app) { + Boolean isApplicationAccountAdmin=false; try { - EPUser currentUser = user != null - ? (EPUser) dataAccessService.getDomainObject(EPUser.class, user.getId(), null) : null; - if (currentUser != null && currentUser.getId() != null) { - SortedSet userApps = currentUser.getEPUserApps(); - EPUserApp userApp = userApps.stream() - .filter(x -> x.getRole().getId().equals(PortalConstants.ACCOUNT_ADMIN_ROLE_ID) - && x.getApp().getId().equals(app.getId())) - .findAny().orElse(null); - if (userApp != null) { - return true; - } + final Map userParams = new HashMap<>(); + userParams.put("userId", user.getId()); + logger.debug(EELFLoggerDelegate.debugLogger, ADMIN_ACCOUNT, user.getId()); + List userAdminApps = new ArrayList<>(); + userAdminApps =dataAccessService.executeNamedQuery("getAdminAppsForTheUser", userParams, null); + if(!userAdminApps.isEmpty()){ + isApplicationAccountAdmin=userAdminApps.contains((int) (long) app.getId()); + logger.debug(EELFLoggerDelegate.debugLogger, "Is account admin for user is true{} ,appId {}", user.getId(),app.getId()); + } + } catch (Exception e) { + EPLogUtil.logEcompError(logger, EPAppMessagesEnum.BeDaoSystemError, e); + logger.error(EELFLoggerDelegate.errorLogger, + "Exception occurred while executing isAccountAdminOfApplication operation", e); + } + logger.debug(EELFLoggerDelegate.debugLogger, "In AdminRolesServiceImpl() - isAccountAdminOfApplication = {} and userId ={} ", isApplicationAccountAdmin, user.getOrgUserId()); + return isApplicationAccountAdmin; + + } + + @Override + public Set getAllAppsFunctionsOfUser(String OrgUserId) throws RoleFunctionException { + final Map params = new HashMap<>(); + params.put("userId", OrgUserId); + List getRoleFuncListOfPortal = dataAccessService.executeNamedQuery("getAllAppsFunctionsOfUser", params, null); + Set getRoleFuncListOfPortalSet = new HashSet<>(getRoleFuncListOfPortal); + Set roleFunSet = new HashSet<>(); + roleFunSet = getRoleFuncListOfPortalSet.stream().filter(x -> x.contains("|")).collect(Collectors.toSet()); + if (!roleFunSet.isEmpty()) + for (String roleFunction : roleFunSet) { + String roleFun = EcompPortalUtils.getFunctionCode(roleFunction); + getRoleFuncListOfPortalSet.remove(roleFunction); + getRoleFuncListOfPortalSet.add(roleFun); } - } catch (Exception e) { + + Set finalRoleFunctionSet = new HashSet<>(); + for (String roleFn : getRoleFuncListOfPortalSet) { + finalRoleFunctionSet.add(EPUserUtils.decodeFunctionCode(roleFn)); + } + + return finalRoleFunctionSet; + } + + + @Override + public boolean isAccountAdminOfAnyActiveorInactiveApplication(EPUser user, EPApp app) { + Boolean isApplicationAccountAdmin=false; + try { + final Map userParams = new HashMap<>(); + userParams.put("userId", user.getId()); + logger.debug(EELFLoggerDelegate.debugLogger, ADMIN_ACCOUNT, user.getId()); + List userAdminApps = new ArrayList<>(); + userAdminApps =dataAccessService.executeNamedQuery("getAllAdminAppsofTheUser", userParams, null); + if(!userAdminApps.isEmpty()){ + isApplicationAccountAdmin=userAdminApps.contains((int) (long) app.getId()); + logger.debug(EELFLoggerDelegate.debugLogger, "Is account admin for user is true{} ,appId {}", user.getId(),app.getId()); + } + } catch (Exception e) { EPLogUtil.logEcompError(logger, EPAppMessagesEnum.BeDaoSystemError, e); logger.error(EELFLoggerDelegate.errorLogger, "Exception occurred while executing isAccountAdminOfApplication operation", e); } - return false; + logger.debug(EELFLoggerDelegate.debugLogger, "In AdminRolesServiceImpl() - isAccountAdminOfApplication = {} and userId ={} ", isApplicationAccountAdmin, user.getOrgUserId()); + return isApplicationAccountAdmin; + } }