X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=ecomp-portal-BE-common%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Fportalapp%2Fportal%2Fservice%2FUserRolesCommonServiceImpl.java;h=7a7f9ee4c92513d5a6beb3f2e8011a4cb652b6c9;hb=fca38e174e85b66c67ab9e8b754a9b53d70fbfd9;hp=522579d838af74e9a04882113c0eed30b1d977fb;hpb=71525f539001ffab18215acbbbb92fef1d863860;p=portal.git diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java index 522579d8..7a7f9ee4 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java @@ -2,7 +2,7 @@ * ============LICENSE_START========================================== * ONAP Portal * =================================================================== - * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. + * Copyright (C) 2020 AT&T Intellectual Property. All rights reserved. * =================================================================== * * Unless otherwise specified, all software contained herein is licensed @@ -189,8 +189,7 @@ public class UserRolesCommonServiceImpl { transaction = localSession.beginTransaction(); @SuppressWarnings("unchecked") List userList = localSession - .createQuery("from :name where orgUserId=:userId") - .setParameter("name",EPUser.class.getName()) + .createQuery("from EPUser where orgUserId=:userId") .setParameter("userId",userId) .list(); if (userList.size() == 0) { @@ -201,7 +200,12 @@ public class UserRolesCommonServiceImpl { client = new EPUser(); client.setOrgUserId(userId); client.setSystemUser(true); - client.setFirstName(userId.substring(0,userId.indexOf("@"))); + if (userId.indexOf("@") != -1) { + client.setFirstName(userId.substring(0,userId.indexOf("@"))); + } + else { + client.setFirstName(userId); + } } if (client == null) { String msg = "createLocalUserIfNecessary: cannot create user " + userId @@ -269,32 +273,37 @@ public class UserRolesCommonServiceImpl { * set to false if request is from users page otherwise true * @throws Exception */ + @SuppressWarnings("unchecked") protected void syncUserRoles(SessionFactory sessionFactory, String userId, Long appId, - EcompRole[] userAppRoles, Boolean extRequestValue, String reqType) throws Exception { + EcompRole[] userAppRoles, Boolean extRequestValue, String reqType,boolean checkIfUserisRoleAdmin,EcompRole[] appRoles) throws Exception { Session localSession = null; Transaction transaction = null; String roleActive = null; final Map userAppParams = new HashMap<>(); final Map appParams = new HashMap<>(); HashMap newUserAppRolesMap = hashMapFromEcompRoles(userAppRoles); - + List roleInfo = externalAccessRolesService.getPortalAppRoleInfo(PortalConstants.ACCOUNT_ADMIN_ROLE_ID); + + EPRole adminRole = new EPRole(); + if(roleInfo.size()>0) + { + adminRole = roleInfo.get(0); + logger.debug(EELFLoggerDelegate.debugLogger, "Admin RoleName form DB: " + adminRole.getName()); + } try { localSession = sessionFactory.openSession(); transaction = localSession.beginTransaction(); @SuppressWarnings("unchecked") List userList = localSession - .createQuery("from :name where orgUserId=:userId") - .setParameter("name",EPUser.class.getName()) + .createQuery("from EPUser where orgUserId=:userId") .setParameter("userId",userId) .list(); if (userList.size() > 0) { EPUser client = userList.get(0); roleActive = ("DELETE".equals(reqType)) ? "" : " and role.active = 'Y'"; @SuppressWarnings("unchecked") - List userRoles = localSession.createQuery("from :name where app.id=:appId :roleActive and userId=:userId") - .setParameter("name",EPUserApp.class.getName()) + List userRoles = localSession.createQuery("from EPUserApp where app.id=:appId and userId=:userId" + roleActive) .setParameter("appId",appId) - .setParameter("roleActive",roleActive) .setParameter("userId",client.getId()) .list(); @@ -304,13 +313,32 @@ public class UserRolesCommonServiceImpl { userAppParams.put("appId", String.valueOf(appId)); appParams.put("appRoleName", userAppRoleList.getRole().getName()); @SuppressWarnings("unchecked") - List rolesList = (!userAppRoleList.getRole().getName().equals(PortalConstants.ADMIN_ROLE)) ? (List) dataAccessService.executeNamedQuery("getAppRoles", userAppParams, null) : (List) dataAccessService.executeNamedQuery("getPortalAppRoles", appParams, null); + List rolesList = (!userAppRoleList.getRole().getName().equals(adminRole.getName())) ? (List) dataAccessService.executeNamedQuery("getAppRoles", userAppParams, null) : (List) dataAccessService.executeNamedQuery("getPortalAppRoles", appParams, null); if(rolesList.size() > 0 || !rolesList.isEmpty()){ checkIfRoleInactive(rolesList.get(0)); } } } + + if (appRoles != null) { + List appRolesList = Arrays.stream(appRoles).collect(Collectors.toList()); + List finalUserRolesList = new ArrayList<>(); + if (checkIfUserisRoleAdmin) { + for (EcompRole role : appRolesList) { + for (EPUserApp userAppRoleList : userRoles) { + if (userAppRoleList.getRole().getName().equals(role.getName())) + + { + finalUserRolesList.add(userAppRoleList); + } + } + } + userRoles = new ArrayList<>(); + userRoles.addAll(finalUserRolesList); + } + } + for (EPUserApp userRole : userRoles) { if (!userRole.getRoleId().equals(PortalConstants.ACCOUNT_ADMIN_ROLE_ID) && userRole.getRoleId() != PortalConstants.SYS_ADMIN_ROLE_ID && !extRequestValue){ syncUserRolesExtension(userRole, appId, localSession, userAppRoles, newUserAppRolesMap); @@ -322,6 +350,8 @@ public class UserRolesCommonServiceImpl { syncUserRolesExtension(userRole, appId, localSession, userAppRoles, newUserAppRolesMap); } } + + Collection newRolesToAdd = newUserAppRolesMap.values(); if (newRolesToAdd.size() > 0) { EPApp app = (EPApp) localSession.get(EPApp.class, appId); @@ -342,12 +372,11 @@ public class UserRolesCommonServiceImpl { } else { // remote app @SuppressWarnings("unchecked") List roles = localSession - .createQuery("from :name where appId=:appId") - .setParameter("name",EPRole.class.getName()) + .createQuery("from EPRole where appId=:appId") .setParameter("appId",appId) .list(); for (EPRole role : roles) { - if (!extRequestValue && app.getCentralAuth()) { + if (!extRequestValue && app.getRolesInAAF()) { rolesMap.put(role.getId(), role); } else { rolesMap.put(role.getAppRoleId(), role); @@ -358,7 +387,7 @@ public class UserRolesCommonServiceImpl { EPRole role = null; for (EcompRole userRole : newRolesToAdd) { EPUserApp userApp = new EPUserApp(); - if (("PUT".equals(reqType) || "POST".equals(reqType)) && userRole.getName().equals(PortalConstants.ADMIN_ROLE)) { + if (("PUT".equals(reqType) || "POST".equals(reqType)) && userRole.getName().equals(adminRole.getName())) { role = (EPRole) localSession.get(EPRole.class, new Long(PortalConstants.ACCOUNT_ADMIN_ROLE_ID)); userApp.setRole(role); } else if ((userRole.getId().equals(PortalConstants.ACCOUNT_ADMIN_ROLE_ID)) && !extRequestValue){ @@ -507,8 +536,7 @@ public class UserRolesCommonServiceImpl { // active! @SuppressWarnings("unchecked") - List currentAppRoles = localSession.createQuery("from :name where appId = :appId") - .setParameter("name",EPRole.class.getName()) + List currentAppRoles = localSession.createQuery("from EPRole where appId = :appId") .setParameter("appId",appId) .list(); @@ -549,8 +577,7 @@ public class UserRolesCommonServiceImpl { // Delete from fn_user_role @SuppressWarnings("unchecked") List userRoles = localSession.createQuery( - "from :name where app.id=:appId and role_id=:roleId") - .setParameter("name",EPUserApp.class.getName()) + "from EPUserApp where app.id=:appId and role_id=:roleId") .setParameter("appId",appId) .setParameter("roleId",roleId) .list(); @@ -567,8 +594,7 @@ public class UserRolesCommonServiceImpl { // Delete from fn_menu_functional_roles @SuppressWarnings("unchecked") List funcMenuRoles = localSession - .createQuery("from :name where roleId=:roleId") - .setParameter("name",FunctionalMenuRole.class.getName()) + .createQuery("from FunctionalMenuRole where roleId=:roleId") .setParameter("roleId",roleId) .list(); int numMenuRoles = funcMenuRoles.size(); @@ -581,8 +607,7 @@ public class UserRolesCommonServiceImpl { // so must null out the url too, to be consistent @SuppressWarnings("unchecked") List funcMenuRoles2 = localSession - .createQuery("from :name where menuId=:menuId") - .setParameter("name",FunctionalMenuRole.class.getName()) + .createQuery("from FunctionalMenuRole where menuId=:menuId") .setParameter("menuId",menuId) .list(); int numMenuRoles2 = funcMenuRoles2.size(); @@ -597,8 +622,8 @@ public class UserRolesCommonServiceImpl { "syncAppRoles: There is exactly 1 menu item for this role, so emptying the url"); @SuppressWarnings("unchecked") List funcMenuItems = localSession - .createQuery( - "from " + FunctionalMenuItem.class.getName() + " where menuId=" + menuId) + .createQuery("from FunctionalMenuItem where menuId=:menuId") + .setParameter("menuId",menuId) .list(); if (funcMenuItems.size() > 0) { logger.debug(EELFLoggerDelegate.debugLogger, "got the menu item"); @@ -773,7 +798,7 @@ public class UserRolesCommonServiceImpl { * set to false if requests from Users page otherwise true * @return true on success, false otherwise */ - protected boolean applyChangesInUserRolesForAppToEcompDB(RolesInAppForUser rolesInAppForUser, boolean externalSystemRequest, String reqType,boolean isSystemUser) throws Exception { + protected boolean applyChangesInUserRolesForAppToEcompDB(RolesInAppForUser rolesInAppForUser, boolean externalSystemRequest, String reqType,boolean isSystemUser,Set rolesDeletedByApprover ,boolean isLoggedInUserRoleAdminOfApp ) throws Exception { boolean result = false; String userId = rolesInAppForUser.orgUserId; Long appId = rolesInAppForUser.appId; @@ -792,7 +817,16 @@ public class UserRolesCommonServiceImpl { userAppRoles[i] = role; } try { - syncUserRoles(sessionFactory, userId, appId, userAppRoles, externalSystemRequest, reqType); + EcompRole[] applicationRoles = null; + + if(isLoggedInUserRoleAdminOfApp){ + List roles = Arrays.stream(userAppRoles).collect(Collectors.toList()); + List roles1 = rolesDeletedByApprover.stream().collect(Collectors.toList()); + roles.addAll(roles1); + applicationRoles = roles.stream().toArray(n -> new EcompRole[n]); + } + + syncUserRoles(sessionFactory, userId, appId, userAppRoles, externalSystemRequest, reqType,isLoggedInUserRoleAdminOfApp,applicationRoles); result = true; } catch (Exception e) { logger.error(EELFLoggerDelegate.errorLogger, @@ -1027,37 +1061,62 @@ public class UserRolesCommonServiceImpl { } Long appId = newAppRolesForUser.getAppId(); List roleInAppForUserList = newAppRolesForUser.getAppRoles(); + + + if (userId.length() > 0 ) { ObjectMapper mapper = new ObjectMapper(); mapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false); try { EPApp app = appsService.getApp(appId); + + boolean checkIfUserisApplicationAccAdmin = adminRolesService.isAccountAdminOfApplication(user, + app); + Set rolesGotDeletedFromApprover = new TreeSet(); + + boolean checkIfUserisOnlyRoleAdmin = adminRolesService.isRoleAdmin(user) && !checkIfUserisApplicationAccAdmin; + if (checkIfUserisOnlyRoleAdmin) { + for (RoleInAppForUser roleInAppForUser : roleInAppForUserList) { + if (!roleInAppForUser.isApplied) { + EcompRole ecompRole = new EcompRole(); + ecompRole.setId(roleInAppForUser.roleId); + ecompRole.setName(roleInAppForUser.roleName); + rolesGotDeletedFromApprover.add(ecompRole); + } + } + } applyChangesToUserAppRolesForMyLoginsRequest(user, appId); - boolean systemUser = newAppRolesForUser.isSystemUser(); - if ((app.getCentralAuth() || app.getId().equals(PortalConstants.PORTAL_APP_ID)) && systemUser) { + Boolean systemUser = (newAppRolesForUser.getIsSystemUser() != null ? newAppRolesForUser.getIsSystemUser() : false); + + if ((app.getRolesInAAF() || app.getId().equals(PortalConstants.PORTAL_APP_ID)) && systemUser) { Set userRolesInLocalApp = postUsersRolesToLocalApp(roleInAppForUserList, mapper, applicationsRestClientService, appId, userId); RolesInAppForUser rolesInAppForUser = constructRolesInAppForUserUpdate(userId, appId, userRolesInLocalApp); List roleAppUserList = rolesInAppForUser.roles; + Set rolesGotDeletedByApprover = new TreeSet<>(); if (EcompPortalUtils.checkIfRemoteCentralAccessAllowed()) { // Apply changes in external Access system + updateUserRolesInExternalSystem(app, rolesInAppForUser.orgUserId, roleAppUserList, - epRequestValue, systemUser); + epRequestValue, systemUser,rolesGotDeletedByApprover,false); } result = applyChangesInUserRolesForAppToEcompDB(rolesInAppForUser, epRequestValue, "Portal", - systemUser); + systemUser,rolesGotDeletedByApprover,false); - }else if (!app.getCentralAuth() && systemUser) + }else if (!app.getRolesInAAF() && systemUser) { throw new Exception("For non-centralized application we cannot add systemUser"); } else{ // if centralized app - if (app.getCentralAuth()) { - if (!app.getId().equals(PortalConstants.PORTAL_APP_ID)) { + if (app.getRolesInAAF()) { + + if (!app.getId().equals(PortalConstants.PORTAL_APP_ID) && (app.getAppAck() != null && app.getAppAck())) { + logger.debug(EELFLoggerDelegate.debugLogger,"setAppWithUserRoleStateForUser: calling pushRemoteUser method for Central application"); + logger.debug(EELFLoggerDelegate.debugLogger,"setAppWithUserRoleStateForUser:"+app.getAppAck()); pushRemoteUser(roleInAppForUserList, userId, app, mapper, searchService, applicationsRestClientService,false); } @@ -1070,23 +1129,24 @@ public class UserRolesCommonServiceImpl { if (EcompPortalUtils.checkIfRemoteCentralAccessAllowed()) { // Apply changes in external Access system updateUserRolesInExternalSystem(app, rolesInAppForUser.orgUserId, roleAppUserList, - epRequestValue,false); + epRequestValue,false,rolesGotDeletedFromApprover,checkIfUserisOnlyRoleAdmin); } - result = applyChangesInUserRolesForAppToEcompDB(rolesInAppForUser, epRequestValue, "Portal", systemUser); + result = applyChangesInUserRolesForAppToEcompDB(rolesInAppForUser, epRequestValue, "Portal", systemUser,rolesGotDeletedFromApprover,checkIfUserisOnlyRoleAdmin); } // In case if portal is not centralized then follow existing approach - else if(!app.getCentralAuth() && app.getId().equals(PortalConstants.PORTAL_APP_ID)){ + else if(!app.getRolesInAAF() && app.getId().equals(PortalConstants.PORTAL_APP_ID)){ Set userRolesInLocalApp = postUsersRolesToLocalApp(roleInAppForUserList, mapper, applicationsRestClientService, appId, userId); RolesInAppForUser rolesInAppForUser = constructRolesInAppForUserUpdate(userId, appId, userRolesInLocalApp); - result = applyChangesInUserRolesForAppToEcompDB(rolesInAppForUser, epRequestValue, "Portal",false); + Set rolesGotDeletedByApprover = new TreeSet<>(); + result = applyChangesInUserRolesForAppToEcompDB(rolesInAppForUser, epRequestValue, "Portal",false,rolesGotDeletedByApprover,false); } else{// remote app EPUser remoteAppUser = null; - if(!app.getCentralAuth() && !app.getId().equals(PortalConstants.PORTAL_APP_ID)){ + if(!app.getRolesInAAF() && !app.getId().equals(PortalConstants.PORTAL_APP_ID)){ remoteAppUser = checkIfRemoteUserExits(userId, app, applicationsRestClientService); - + if (remoteAppUser == null) { remoteAppUser = addRemoteUser(roleInAppForUserList, userId, app, mapper, searchService, applicationsRestClientService); } @@ -1094,7 +1154,8 @@ public class UserRolesCommonServiceImpl { applicationsRestClientService, appId, userId,systemUser); RolesInAppForUser rolesInAppForUser = constructRolesInAppForUserUpdate(userId, appId, userRolesInRemoteApp); - result = applyChangesInUserRolesForAppToEcompDB(rolesInAppForUser, epRequestValue, null,false); + Set rolesGotDeletedByApprover = new TreeSet<>(); + result = applyChangesInUserRolesForAppToEcompDB(rolesInAppForUser, epRequestValue, null,false,rolesGotDeletedByApprover,false); // If no roles remain, request app to set user inactive. if (userRolesInRemoteApp.size() == 0) { @@ -1137,7 +1198,7 @@ public class UserRolesCommonServiceImpl { * @param roleInAppUser Contains list of active roles */ @SuppressWarnings("unchecked") - private void updateUserRolesInExternalSystem(EPApp app, String orgUserId, List roleInAppUser, boolean isPortalRequest,boolean isSystemUser) throws Exception + private void updateUserRolesInExternalSystem(EPApp app, String orgUserId, List roleInAppUser, boolean isPortalRequest,boolean nonHumanUserId,Set deletedRolesByApprover,boolean isLoggedInUserRoleAdminofApp) throws Exception { try { // check if user exists @@ -1145,20 +1206,30 @@ public class UserRolesCommonServiceImpl { userParams.put("orgUserIdValue", orgUserId); List userInfo = checkIfUserExists(userParams); if (userInfo.isEmpty()) { - createLocalUserIfNecessary(orgUserId, isSystemUser); + createLocalUserIfNecessary(orgUserId, nonHumanUserId); } String name = ""; if (EPCommonSystemProperties - .containsProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_USER_DOMAIN) && !isSystemUser) { - name = orgUserId - + SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_USER_DOMAIN); + .containsProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_USER_DOMAIN) && !nonHumanUserId) { + if(orgUserId.indexOf("@") ==-1) { + name = orgUserId + SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_USER_DOMAIN); + }else { + name = orgUserId; + } } else { name = orgUserId; + if(nonHumanUserId && orgUserId!=null) { + if(orgUserId.indexOf("@") ==-1) { + name = orgUserId + SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_USER_DOMAIN); + } + } } ObjectMapper mapper = new ObjectMapper(); HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth(); HttpEntity getUserRolesEntity = new HttpEntity<>(headers); ResponseEntity getResponse = externalAccessRolesService.getUserRolesFromExtAuthSystem(name, getUserRolesEntity); + + List userRoleDetailList = new ArrayList<>(); String res = getResponse.getBody(); JSONObject jsonObj = null; @@ -1190,6 +1261,7 @@ public class UserRolesCommonServiceImpl { List userRoleListMatchingInExtAuthAndLocal = CheckIfRoleAreMatchingInUserRoleDetailList(userRoleDetailList,app); + List userAppList = new ArrayList<>(); // If request coming from portal not from external role approval system then we have to check if user already // have account admin or system admin as GUI will not send these roles if (!isPortalRequest) { @@ -1199,7 +1271,7 @@ public class UserRolesCommonServiceImpl { final Map params = new HashMap<>(); params.put("appId", app.getId()); params.put("userId", user.getId()); - List userAppList = dataAccessService.executeNamedQuery("getUserAppExistingRoles", + userAppList = dataAccessService.executeNamedQuery("getUserAppExistingRoles", params, null); if (!roleInAppUser.isEmpty()) { for (EcompUserAppRoles userApp : userAppList) { @@ -1216,7 +1288,7 @@ public class UserRolesCommonServiceImpl { } List roleInAppUserNonDupls = roleInAppUser.stream().distinct() .collect(Collectors.toList()); - final Map currentUserRolesToUpdate = new HashMap<>(); + Map currentUserRolesToUpdate = new HashMap<>(); for (RoleInAppForUser roleInAppUserNew : roleInAppUserNonDupls) { currentUserRolesToUpdate.put(roleInAppUserNew.getRoleName().replaceAll(EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_"), roleInAppUserNew); } @@ -1224,6 +1296,35 @@ public class UserRolesCommonServiceImpl { for (ExternalAccessUserRoleDetail extAccessUserRole : userRoleListMatchingInExtAuthAndLocal) { currentUserRolesInExternalSystem.put(extAccessUserRole.getName(), extAccessUserRole); } + + if (isLoggedInUserRoleAdminofApp) { + if (deletedRolesByApprover.size() > 0) { + List newUpdatedRoles = new ArrayList<>(); + Set roles = new HashSet<>(); + for (ExternalAccessUserRoleDetail userRole : userRoleListMatchingInExtAuthAndLocal) { + for (EcompRole role : deletedRolesByApprover) { + if ((userRole.getName().substring(app.getNameSpace().length() + 1)).equals(role.getName())) { + roles.add(role); + newUpdatedRoles.add(userRole); + } + } + } + if (newUpdatedRoles.size() > 0) { + userRoleListMatchingInExtAuthAndLocal = new ArrayList<>(); + userRoleListMatchingInExtAuthAndLocal.addAll(newUpdatedRoles); + } else { + userRoleListMatchingInExtAuthAndLocal = new ArrayList<>(); + currentUserRolesToUpdate = new HashMap<>(); + + } + + } else { + userRoleListMatchingInExtAuthAndLocal = new ArrayList<>(); + currentUserRolesToUpdate = new HashMap<>(); + + } + } + // Check if user roles does not exists in local but still there in External Central Auth System delete them all for (ExternalAccessUserRoleDetail userRole : userRoleListMatchingInExtAuthAndLocal) { if (!(currentUserRolesToUpdate @@ -1520,7 +1621,7 @@ public class UserRolesCommonServiceImpl { } //If Non-Centralized app make sure you sync app roles before assigning to user - if (!app.getId().equals(PortalConstants.PORTAL_APP_ID) && !app.getCentralAuth()) { + if (!app.getId().equals(PortalConstants.PORTAL_APP_ID) && !app.getRolesInAAF()) { logger.debug(EELFLoggerDelegate.debugLogger, "setExternalRequestUserAppRole: Starting GET roles for app {}",app.getId()); EcompRole[] appRoles = applicationsRestClientService.get(EcompRole[].class, app.getId(), "/roles"); logger.debug(EELFLoggerDelegate.debugLogger, "setExternalRequestUserAppRole: Finshed GET roles for app {} and payload {}",app.getId(), appRoles); @@ -1547,12 +1648,13 @@ public class UserRolesCommonServiceImpl { .anyMatch(roleList -> roleList.getRoleId().equals(PortalConstants.ACCOUNT_ADMIN_ROLE_ID)); } // if Centralized app - if (app.getCentralAuth()) { + if (app.getRolesInAAF()) { // We should add If user does not exist in remote application try { // If adding just account admin role dont make remote application user call or // if request has only single non admin role then make remote call if (!(app.getId().equals(PortalConstants.PORTAL_APP_ID) && reqType.equals("DELETE")) + && (app.getAppAck() != null && app.getAppAck()) && ((checkIfAdminRoleExists && roleInAppForUserList.size() > 1) || (!checkIfAdminRoleExists && roleInAppForUserList.size() >= 1))) { // check if admin role exist then delete @@ -1562,6 +1664,7 @@ public class UserRolesCommonServiceImpl { return (role.getRoleId().equals(PortalConstants.ACCOUNT_ADMIN_ROLE_ID)); }); String orgUserIdNewOrExist = (userInfo.size() != 0 || !userInfo.isEmpty()) ? user.getOrgUserId() : orgUserId; + pushRemoteUser(remoteUserRoles, orgUserIdNewOrExist , app, mapper, searchService, applicationsRestClientService,true); } @@ -1575,21 +1678,25 @@ public class UserRolesCommonServiceImpl { RolesInAppForUser rolesInAppForUser = constructRolesInAppForUserUpdate(orgUserId, app.getId(), userRolesInLocalApp); List roleAppUserList = rolesInAppForUser.roles; + Set rolesGotDeletedByApprover = new TreeSet<>(); + if(EcompPortalUtils.checkIfRemoteCentralAccessAllowed()) { // Apply changes in external Access system - updateUserRolesInExternalSystem(app, rolesInAppForUser.orgUserId, roleAppUserList, externalSystemRequest,false); + updateUserRolesInExternalSystem(app, rolesInAppForUser.orgUserId, roleAppUserList, externalSystemRequest,false,rolesGotDeletedByApprover,false); } logger.info(EELFLoggerDelegate.debugLogger, "setExternalRequestUserAppRole: {} user app roles: for app {}, user {}", logMessage, newAppRolesForUser.getApplicationName(), newAppRolesForUser.getLoginId()); - result = applyChangesInUserRolesForAppToEcompDB(rolesInAppForUser, externalSystemRequest, reqType,false); + result = applyChangesInUserRolesForAppToEcompDB(rolesInAppForUser, externalSystemRequest, reqType,false,rolesGotDeletedByApprover,false); } // If local application is not centralized - else if(!app.getCentralAuth() && app.getId().equals(PortalConstants.PORTAL_APP_ID)){ + else if(!app.getRolesInAAF() && app.getId().equals(PortalConstants.PORTAL_APP_ID)){ Set userRolesInLocalApp = postUsersRolesToLocalApp(roleInAppForUserList, mapper, applicationsRestClientService, app.getId(), orgUserId); RolesInAppForUser rolesInAppForUser = constructRolesInAppForUserUpdate(orgUserId, app.getId(), userRolesInLocalApp); - result = applyChangesInUserRolesForAppToEcompDB(rolesInAppForUser, externalSystemRequest, reqType,false); + Set rolesGotDeletedByApprover = new TreeSet<>(); + + result = applyChangesInUserRolesForAppToEcompDB(rolesInAppForUser, externalSystemRequest, reqType,false,rolesGotDeletedByApprover,false); } else {// remote app // If adding just account admin role don't do remote application user call if (!((roleInAppForUserList.size() == 1 || reqType.equals("DELETE")) && checkIfAdminRoleExists)) { @@ -1609,8 +1716,10 @@ public class UserRolesCommonServiceImpl { logger.info(EELFLoggerDelegate.debugLogger, "setExternalRequestUserAppRole: {} user app roles: for app {}, user {}", logMessage, newAppRolesForUser.getApplicationName(), newAppRolesForUser.getLoginId()); + Set rolesGotDeletedByApprover = new TreeSet<>(); + result = applyChangesInUserRolesForAppToEcompDB(rolesInAppForUser, externalSystemRequest, - reqType,false); + reqType,false,rolesGotDeletedByApprover,false); // If no roles remain, request app to set user inactive. /* * if (userRolesInRemoteApp.size() == 0) { @@ -1632,8 +1741,10 @@ public class UserRolesCommonServiceImpl { userRolesInRemoteApp); logger.info(EELFLoggerDelegate.debugLogger, "setExternalRequestUserAppRole: {} user app roles: for app {}, user {}", logMessage, newAppRolesForUser.getApplicationName(), newAppRolesForUser.getLoginId()); + Set rolesGotDeletedByApprover = new TreeSet<>(); + result = applyChangesInUserRolesForAppToEcompDB(rolesInAppForUser, externalSystemRequest, - reqType,false); + reqType,false,rolesGotDeletedByApprover,false); } if(!result){ reqMessage = "Failed to save the user app role(s)"; @@ -1705,7 +1816,15 @@ public class UserRolesCommonServiceImpl { roleInAppForUserList); throw new Exception(roleInAppForUser.getRoleName() + " role is unavailable for "+ appName + " application"); } else { - ecompRole.roleId = (appId == 1 || roleInAppForUser.getRoleName().equals(PortalConstants.ADMIN_ROLE)) ? existingAppRole.getId() : existingAppRole.getAppRoleId(); + + List roleInfo = externalAccessRolesService.getPortalAppRoleInfo(PortalConstants.ACCOUNT_ADMIN_ROLE_ID); + EPRole adminRole = new EPRole(); + if(roleInfo.size()>0) + { + adminRole = roleInfo.get(0); + logger.debug(EELFLoggerDelegate.debugLogger, "Admin RoleName form DB: " + adminRole.getName()); + } + ecompRole.roleId = (appId == 1 || roleInAppForUser.getRoleName().equals(adminRole.getName())) ? existingAppRole.getId() : existingAppRole.getAppRoleId(); ecompRole.roleName = roleInAppForUser.getRoleName(); ecompRole.isApplied = true; existingUserRoles.add(ecompRole); @@ -1780,7 +1899,7 @@ public class UserRolesCommonServiceImpl { // for onap portal app, no need to make a remote call List roleList = new ArrayList<>(); if (appId == PortalConstants.PORTAL_APP_ID) { - if(app.getCentralAuth()){ + if(app.getRolesInAAF()){ List cenRoleList = externalAccessRolesService.getRolesForApp(app.getUebKey()); for(CentralV2Role cenRole : cenRoleList){ Role role = new Role(); @@ -1817,15 +1936,16 @@ public class UserRolesCommonServiceImpl { } EcompRole[] appRoles = null; + boolean checkIfUserisApplicationAccAdmin = false; List roles = new ArrayList<>(); - if (app.getCentralAuth()) { + if (app.getRolesInAAF()) { final Map appParams = new HashMap<>(); appParams.put("appId", app.getId()); List applicationRoles = dataAccessService.executeNamedQuery("getActiveRolesOfApplication", appParams, null); EPApp application = appService.getApp(appId); - boolean checkIfUserisApplicationAccAdmin = adminRolesService.isAccountAdminOfApplication(user, + checkIfUserisApplicationAccAdmin = adminRolesService.isAccountAdminOfApplication(user, application); List rolesetwithfunctioncds = new ArrayList(); @@ -1921,14 +2041,14 @@ public class UserRolesCommonServiceImpl { // If there is an exception in the rest client api, then null will // be returned. if (appRoles != null) { - if(!app.getCentralAuth()) { + if(!app.getRolesInAAF()) { syncAppRoles(sessionFactory, appId, appRoles); } EcompRole[] userAppRoles = null; try { try { - if(app.getCentralAuth()){ + if(app.getRolesInAAF()){ final Map params = new HashMap<>(); final Map userParams = new HashMap<>(); params.put("orgUserIdValue", userId); @@ -1959,19 +2079,23 @@ public class UserRolesCommonServiceImpl { EcompRole epRole = appRolesList.stream() .filter(x -> role.getName().equals(x.getName())).findAny().orElse(null); List roleFunList = new ArrayList<>(); - if(epRole.getRoleFunctions().size()>0) - roleFunList.addAll(epRole.getRoleFunctions()); - boolean checkIfFunctionsExits = roleFunList.stream().anyMatch( - roleFunction -> roleFunction.getType().equalsIgnoreCase("Approver")); - if (checkIfFunctionsExits) { - finalUserAppRolesList.add(role); - List filteredList = roleFunList.stream() - .filter(x -> "Approver".equalsIgnoreCase(x.getType())) - .collect(Collectors.toList()); - roleNames = filteredList.stream().map(RoleFunction::getCode) - .collect(Collectors.toList()); + + if (epRole != null) { + if (epRole.getRoleFunctions().size() > 0) + roleFunList.addAll(epRole.getRoleFunctions()); + boolean checkIfFunctionsExits = roleFunList.stream().anyMatch( + roleFunction -> roleFunction.getType().equalsIgnoreCase("Approver")); + if (checkIfFunctionsExits) { + finalUserAppRolesList.add(role); + List filteredList = roleFunList.stream() + .filter(x -> "Approver".equalsIgnoreCase(x.getType())) + .collect(Collectors.toList()); + roleNames = filteredList.stream().map(RoleFunction::getCode) + .collect(Collectors.toList()); + }else{ + roleNames.add(epRole.getName()); + } } - for (String name : roleNames) { EcompRole ecompRole = appRolesList.stream() .filter(x -> name.equals(x.getName())).findAny().orElse(null); @@ -2036,9 +2160,12 @@ public class UserRolesCommonServiceImpl { } EcompRole[] userAppRolesActive = activeRoles.toArray(new EcompRole[activeRoles.size()]); + + boolean checkIfUserisRoleAdmin = adminRolesService.isRoleAdmin(user) && !checkIfUserisApplicationAccAdmin; + // If the remote application isn't down we MUST sync user // roles here in case we have this user here! - syncUserRoles(sessionFactory, userId, appId, userAppRolesActive, extRequestValue, null); + syncUserRoles(sessionFactory, userId, appId, userAppRolesActive, extRequestValue, null,checkIfUserisRoleAdmin,appRoles); } catch (Exception e) { // TODO: we may need to check if user exists, maybe remote // app is down. @@ -2191,11 +2318,16 @@ public class UserRolesCommonServiceImpl { EPApp app = appsService.getApp(appId); //If local or centralized application - if (appId == PortalConstants.PORTAL_APP_ID || app.getCentralAuth()) { + if (appId == PortalConstants.PORTAL_APP_ID || app.getRolesInAAF()) { + Map params = new HashMap<>(); + params.put("id", app.getId()); + params.put("active", true); @SuppressWarnings("unchecked") - List userList = (List) dataAccessService.executeNamedQuery("getActiveUsers", null, null); + //List userList = (List) dataAccessService.executeNamedQuery("getActiveUsers", null, null); + //List userList = (List) dataAccessService.executeNamedQuery("getActiveUsersForApp", params, null); + List userList = (List) dataAccessService.executeNamedQuery("getActiveUsersForApp", params, null); for (EPUser user : userList) { - UserApplicationRoles userWithAppRoles = convertToUserApplicationRoles(appId, user, app); + UserApplicationRoles userWithAppRoles = convertToUserApplicationRoles(user, app.getId()); if (userWithAppRoles.getRoles() != null && userWithAppRoles.getRoles().size() > 0) userApplicationRoles.add(userWithAppRoles); } @@ -2223,6 +2355,29 @@ public class UserRolesCommonServiceImpl { return userApplicationRoles; } + /** + * + * @param user + * @param app_id + * @return + */ + private UserApplicationRoles convertToUserApplicationRoles(EPUser user, Long appId) { + UserApplicationRoles userWithRemoteAppRoles = new UserApplicationRoles(); + userWithRemoteAppRoles.setAppId(appId); + userWithRemoteAppRoles.setOrgUserId(user.getOrgUserId()); + userWithRemoteAppRoles.setFirstName(user.getFirstName()); + userWithRemoteAppRoles.setLastName(user.getLastName()); + List roleList = new ArrayList(); + for(EPUserApp userApp :user.getEPUserApps()) { + RemoteRole remoteRole = new RemoteRole(); + remoteRole.setName(userApp.getRole().getName()); + remoteRole.setId(userApp.getRole().getId()); + roleList.add(remoteRole); + } + userWithRemoteAppRoles.setRoles(roleList); + return userWithRemoteAppRoles; + } + /** * * @param appId