X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=ecomp-portal-BE-common%2Fsrc%2Fmain%2Fjava%2Forg%2Fopenecomp%2Fportalapp%2Fportal%2Fservice%2FAdminRolesServiceImpl.java;h=e9ca4e9bdb68942705a5b7159182266d7f58fe34;hb=51d83152697da4f2ef2242471ee43f36e6b64300;hp=20daa4fc746a03cd6f59cc1a2d5de6444a131e81;hpb=627badaf69987c01811c477219fd943757a635f5;p=portal.git diff --git a/ecomp-portal-BE-common/src/main/java/org/openecomp/portalapp/portal/service/AdminRolesServiceImpl.java b/ecomp-portal-BE-common/src/main/java/org/openecomp/portalapp/portal/service/AdminRolesServiceImpl.java index 20daa4fc..e9ca4e9b 100644 --- a/ecomp-portal-BE-common/src/main/java/org/openecomp/portalapp/portal/service/AdminRolesServiceImpl.java +++ b/ecomp-portal-BE-common/src/main/java/org/openecomp/portalapp/portal/service/AdminRolesServiceImpl.java @@ -1,27 +1,46 @@ /*- - * ================================================================================ - * ECOMP Portal - * ================================================================================ - * Copyright (C) 2017 AT&T Intellectual Property - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. + * ============LICENSE_START========================================== + * ONAP Portal + * =================================================================== + * Copyright © 2017 AT&T Intellectual Property. All rights reserved. + * =================================================================== + * + * Unless otherwise specified, all software contained herein is licensed + * under the Apache License, Version 2.0 (the “License”); + * you may not use this software except in compliance with the License. * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * + * + * http://www.apache.org/licenses/LICENSE-2.0 + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * ================================================================================ + * + * Unless otherwise specified, all documentation contained herein is licensed + * under the Creative Commons License, Attribution 4.0 Intl. (the “License”); + * you may not use this documentation except in compliance with the License. + * You may obtain a copy of the License at + * + * https://creativecommons.org/licenses/by/4.0/ + * + * Unless required by applicable law or agreed to in writing, documentation + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * ============LICENSE_END============================================ + * + * ECOMP is a trademark and service mark of AT&T Intellectual Property. */ package org.openecomp.portalapp.portal.service; import java.util.ArrayList; import java.util.HashMap; import java.util.List; +import java.util.Map; import javax.annotation.PostConstruct; @@ -29,14 +48,8 @@ import org.apache.cxf.common.util.StringUtils; import org.hibernate.Session; import org.hibernate.SessionFactory; import org.hibernate.Transaction; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.context.annotation.EnableAspectJAutoProxy; -import org.springframework.stereotype.Service; -import org.springframework.transaction.annotation.Transactional; - -import org.openecomp.portalsdk.core.logging.logic.EELFLoggerDelegate; -import org.openecomp.portalsdk.core.service.DataAccessService; -import org.openecomp.portalsdk.core.util.SystemProperties; +import org.json.JSONArray; +import org.json.JSONObject; import org.openecomp.portalapp.portal.domain.EPApp; import org.openecomp.portalapp.portal.domain.EPRole; import org.openecomp.portalapp.portal.domain.EPUser; @@ -48,8 +61,24 @@ import org.openecomp.portalapp.portal.logging.format.EPAppMessagesEnum; import org.openecomp.portalapp.portal.logging.logic.EPLogUtil; import org.openecomp.portalapp.portal.transport.AppNameIdIsAdmin; import org.openecomp.portalapp.portal.transport.AppsListWithAdminRole; +import org.openecomp.portalapp.portal.transport.ExternalAccessUser; import org.openecomp.portalapp.portal.utils.EPCommonSystemProperties; import org.openecomp.portalapp.portal.utils.EcompPortalUtils; +import org.openecomp.portalapp.portal.utils.PortalConstants; +import org.openecomp.portalsdk.core.logging.logic.EELFLoggerDelegate; +import org.openecomp.portalsdk.core.service.DataAccessService; +import org.openecomp.portalsdk.core.util.SystemProperties; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.annotation.EnableAspectJAutoProxy; +import org.springframework.http.HttpEntity; +import org.springframework.http.HttpHeaders; +import org.springframework.http.HttpMethod; +import org.springframework.http.ResponseEntity; +import org.springframework.stereotype.Service; +import org.springframework.transaction.annotation.Transactional; +import org.springframework.web.client.RestTemplate; + +import com.fasterxml.jackson.databind.ObjectMapper; @Service("adminRolesService") @Transactional @@ -62,28 +91,31 @@ public class AdminRolesServiceImpl implements AdminRolesService { private Long ACCOUNT_ADMIN_ROLE_ID = 999L; private Long ECOMP_APP_ID = 1L; - EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(AdminRolesServiceImpl.class); + private EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(AdminRolesServiceImpl.class); @Autowired private SessionFactory sessionFactory; @Autowired private DataAccessService dataAccessService; @Autowired - SearchService searchService; + private SearchService searchService; @Autowired - EPAppService appsService; + private EPAppService appsService; + + private RestTemplate template = new RestTemplate(); @PostConstruct private void init() { try { SYS_ADMIN_ROLE_ID = Long.valueOf(SystemProperties.getProperty(EPCommonSystemProperties.SYS_ADMIN_ROLE_ID)); - ACCOUNT_ADMIN_ROLE_ID = Long.valueOf(SystemProperties.getProperty(EPCommonSystemProperties.ACCOUNT_ADMIN_ROLE_ID)); + ACCOUNT_ADMIN_ROLE_ID = Long + .valueOf(SystemProperties.getProperty(EPCommonSystemProperties.ACCOUNT_ADMIN_ROLE_ID)); ECOMP_APP_ID = Long.valueOf(SystemProperties.getProperty(EPCommonSystemProperties.ECOMP_APP_ID)); - } catch(Exception e) { - logger.error(EELFLoggerDelegate.errorLogger, EcompPortalUtils.getStackTrace(e)); + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, "init failed", e); } } - + @Override @EPMetricsLog @SuppressWarnings("unchecked") @@ -91,8 +123,8 @@ public class AdminRolesServiceImpl implements AdminRolesService { AppsListWithAdminRole appsListWithAdminRole = null; try { - List userList = dataAccessService.getList(EPUser.class, " where orgUserId = '" + orgUserId + "'", null, - null); + List userList = dataAccessService.getList(EPUser.class, " where orgUserId = '" + orgUserId + "'", + null, null); HashMap appsUserAdmin = new HashMap(); if (userList.size() > 0) { EPUser user = userList.get(0); @@ -101,7 +133,7 @@ public class AdminRolesServiceImpl implements AdminRolesService { userAppList = dataAccessService.getList(EPUserApp.class, " where userId = " + user.getId() + " and role.id = " + ACCOUNT_ADMIN_ROLE_ID, null, null); } catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger, EcompPortalUtils.getStackTrace(e)); + logger.error(EELFLoggerDelegate.errorLogger, "getAppsWithAdminRoleStateForUser 1 failed", e); EPLogUtil.logEcompError(EPAppMessagesEnum.BeDaoSystemError); } for (EPUserApp userApp : userAppList) { @@ -113,22 +145,22 @@ public class AdminRolesServiceImpl implements AdminRolesService { appsListWithAdminRole.orgUserId = orgUserId; List appsList = null; try { - appsList = dataAccessService.getList(EPApp.class, " where ( enabled = 'Y' or id = " + ECOMP_APP_ID + ")", null, null); + appsList = dataAccessService.getList(EPApp.class, + " where ( enabled = 'Y' or id = " + ECOMP_APP_ID + ")", null, null); } catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger, EcompPortalUtils.getStackTrace(e)); + logger.error(EELFLoggerDelegate.errorLogger, "getAppsWithAdminRoleStateForUser 2 failed", e); EPLogUtil.logEcompError(EPAppMessagesEnum.BeDaoSystemError); } for (EPApp app : appsList) { AppNameIdIsAdmin appNameIdIsAdmin = new AppNameIdIsAdmin(); appNameIdIsAdmin.id = app.getId(); - appNameIdIsAdmin.appName = app.getName(); + appNameIdIsAdmin.appName = app.getName(); appNameIdIsAdmin.isAdmin = new Boolean(appsUserAdmin.containsKey(app.getId())); appNameIdIsAdmin.restrictedApp = app.isRestrictedApp(); appsListWithAdminRole.appsRoles.add(appNameIdIsAdmin); } } catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger, "Exception occurred while performing AdminRolesServiceImpl.getAppsWithAdminRoleStateForUser operation, Details:" - + EcompPortalUtils.getStackTrace(e)); + logger.error(EELFLoggerDelegate.errorLogger, "getAppsWithAdminRoleStateForUser 3 failed", e); } return appsListWithAdminRole; @@ -161,8 +193,8 @@ public class AdminRolesServiceImpl implements AdminRolesService { EPUser user = null; boolean createNewUser = false; String orgUserId = newAppsListWithAdminRoles.orgUserId.trim(); - List localUserList = dataAccessService.getList(EPUser.class, " where org_user_id='" + orgUserId + "'", - null, null); + List localUserList = dataAccessService.getList(EPUser.class, + " where org_user_id='" + orgUserId + "'", null, null); List oldAppsWhereUserIsAdmin = new ArrayList(); if (localUserList.size() > 0) { EPUser tmpUser = localUserList.get(0); @@ -208,22 +240,30 @@ public class AdminRolesServiceImpl implements AdminRolesService { localSession.save(EPUserApp.class.getName(), newUserApp); } transaction.commit(); - result = true; + + // Add user admin role for list of centralized applications in external system + result = addAdminRoleInExternalSystem(user, localSession, newAppsWhereUserIsAdmin); } catch (Exception e) { EPLogUtil.logEcompError(logger, EPAppMessagesEnum.BeDaoSystemError, e); - logger.error(EELFLoggerDelegate.errorLogger, "setAppsWithAdminRoleStateForUser: exception in point 2", e); + logger.error(EELFLoggerDelegate.errorLogger, + "setAppsWithAdminRoleStateForUser: exception in point 2", e); try { - transaction.rollback(); + if(transaction!=null) + transaction.rollback(); + else + logger.error(EELFLoggerDelegate.errorLogger, "setAppsWithAdminRoleStateForUser: transaction is null cannot rollback"); } catch (Exception ex) { EPLogUtil.logEcompError(logger, EPAppMessagesEnum.BeExecuteRollbackError, e); - logger.error(EELFLoggerDelegate.errorLogger, "setAppsWithAdminRoleStateForUser: exception in point 3", ex); + logger.error(EELFLoggerDelegate.errorLogger, + "setAppsWithAdminRoleStateForUser: exception in point 3", ex); } } finally { try { localSession.close(); } catch (Exception e) { EPLogUtil.logEcompError(logger, EPAppMessagesEnum.BeDaoCloseSessionError, e); - logger.error(EELFLoggerDelegate.errorLogger, "setAppsWithAdminRoleStateForUser: exception in point 4", e); + logger.error(EELFLoggerDelegate.errorLogger, + "setAppsWithAdminRoleStateForUser: exception in point 4", e); } } } @@ -233,6 +273,130 @@ public class AdminRolesServiceImpl implements AdminRolesService { return result; } + @SuppressWarnings("unchecked") + private boolean addAdminRoleInExternalSystem(EPUser user, Session localSession, + List newAppsWhereUserIsAdmin) { + boolean result = false; + try { + // Reset All admin role for centralized applications + List appList = dataAccessService.executeNamedQuery("getCentralizedApps", null, null); + HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth(); + for (EPApp app : appList) { + String name = ""; + if (EPCommonSystemProperties + .containsProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_USER_DOMAIN)) { + name = user.getOrgUserId() + SystemProperties + .getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_USER_DOMAIN); + } + String extRole = app.getNameSpace() + "." + PortalConstants.ADMIN_ROLE.replaceAll(" ", "_"); + HttpEntity entity = new HttpEntity<>(headers); + logger.debug(EELFLoggerDelegate.debugLogger, "Connecting to External Access system"); + try { + ResponseEntity getResponse = template + .exchange(SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + + "roles/" + extRole, HttpMethod.GET, entity, String.class); + + if (getResponse.getBody().equals("{}")) { + String addDesc = "{\"name\":\"" + extRole + "\"}"; + HttpEntity roleEntity = new HttpEntity<>(addDesc, headers); + template.exchange( + SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + + "role", + HttpMethod.POST, roleEntity, String.class); + } else { + try { + HttpEntity deleteUserRole = new HttpEntity<>(headers); + template.exchange( + SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + + "userRole/" + name + "/" + extRole, + HttpMethod.DELETE, deleteUserRole, String.class); + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, + " Role not found for this user may be it gets deleted before", e); + } + } + } catch (Exception e) { + if (e.getMessage().equalsIgnoreCase("404 Not Found")) { + logger.debug(EELFLoggerDelegate.debugLogger, "Application Not found for app {}", + app.getNameSpace(), e.getMessage()); + } else { + logger.error(EELFLoggerDelegate.errorLogger, "Application Not found for app {}", + app.getNameSpace(), e); + } + } + } + // Add admin role in external application + // application + for (AppNameIdIsAdmin appNameIdIsAdmin : newAppsWhereUserIsAdmin) { + EPApp app = (EPApp) localSession.get(EPApp.class, appNameIdIsAdmin.id); + try { + if (app.getCentralAuth()) { + String extRole = app.getNameSpace() + "." + PortalConstants.ADMIN_ROLE.replaceAll(" ", "_"); + HttpEntity entity = new HttpEntity<>(headers); + String name = ""; + if (EPCommonSystemProperties + .containsProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_USER_DOMAIN)) { + name = user.getOrgUserId() + SystemProperties + .getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_USER_DOMAIN); + } + logger.debug(EELFLoggerDelegate.debugLogger, "Connecting to External Access system"); + ResponseEntity getUserRolesResponse = template.exchange( + SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + + "userRoles/user/" + name, + HttpMethod.GET, entity, String.class); + logger.debug(EELFLoggerDelegate.debugLogger, "Connected to External Access system"); + if (!getUserRolesResponse.getBody().equals("{}")) { + JSONObject jsonObj = new JSONObject(getUserRolesResponse.getBody()); + JSONArray extRoles = jsonObj.getJSONArray("userRole"); + final Map extUserRoles = new HashMap<>(); + for (int i = 0; i < extRoles.length(); i++) { + String userRole = extRoles.getJSONObject(i).getString("role"); + if (userRole.startsWith(app.getNameSpace() + ".") + && !userRole.equals(app.getNameSpace() + ".admin") + && !userRole.equals(app.getNameSpace() + ".owner")) { + + extUserRoles.put(userRole, extRoles.getJSONObject(i)); + } + } + if (!extUserRoles.containsKey(extRole)) { + // Assign with new apps user admin + try { + ExternalAccessUser extUser = new ExternalAccessUser(name, extRole); + // Assign user role for an application in external access system + ObjectMapper addUserRoleMapper = new ObjectMapper(); + String userRole = addUserRoleMapper.writeValueAsString(extUser); + HttpEntity addUserRole = new HttpEntity<>(userRole, headers); + template.exchange( + SystemProperties.getProperty( + EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "userRole", + HttpMethod.POST, addUserRole, String.class); + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, "Failed to add user admin role", e); + } + + } + } + } + result = true; + } catch (Exception e) { + if (e.getMessage().equalsIgnoreCase("404 Not Found")) { + logger.debug(EELFLoggerDelegate.errorLogger, + "Application name space not found in External system for app {} due to bad rquest name space ", + app.getNameSpace(), e.getMessage()); + } else { + logger.error(EELFLoggerDelegate.errorLogger, "Failed to assign admin role for application {}", + app.getNameSpace(), e); + result = false; + } + } + } + } catch (Exception e) { + result = false; + logger.error(EELFLoggerDelegate.errorLogger, "Failed to assign admin roles operation", e); + } + return result; + } + @SuppressWarnings("unchecked") @Override public boolean isSuperAdmin(EPUser user) { @@ -248,7 +412,8 @@ public class AdminRolesServiceImpl implements AdminRolesService { } } catch (Exception e) { EPLogUtil.logEcompError(logger, EPAppMessagesEnum.BeDaoSystemError, e); - logger.error(EELFLoggerDelegate.errorLogger, "Exception occurred while executing isSuperAdmin operation", e); + logger.error(EELFLoggerDelegate.errorLogger, + "Exception occurred while executing isSuperAdmin operation", e); } } // else @@ -272,12 +437,13 @@ public class AdminRolesServiceImpl implements AdminRolesService { public boolean isAccountAdmin(EPUser user) { try { EPUser currentUser = user != null - ? (EPUser) dataAccessService.getDomainObject(EPUser.class, user.getId(), null) : null; + ? (EPUser) dataAccessService.getDomainObject(EPUser.class, user.getId(), null) + : null; if (currentUser != null && currentUser.getId() != null) { for (EPUserApp userApp : currentUser.getEPUserApps()) { - if (//!userApp.getApp().getId().equals(ECOMP_APP_ID) - // && - userApp.getRole().getId().equals(ACCOUNT_ADMIN_ROLE_ID)) { + if (// !userApp.getApp().getId().equals(ECOMP_APP_ID) + // && + userApp.getRole().getId().equals(ACCOUNT_ADMIN_ROLE_ID)) { // Account Administrator sees only the applications // he/she is Administrator return true; @@ -286,7 +452,8 @@ public class AdminRolesServiceImpl implements AdminRolesService { } } catch (Exception e) { EPLogUtil.logEcompError(logger, EPAppMessagesEnum.BeDaoSystemError, e); - logger.error(EELFLoggerDelegate.errorLogger, "Exception occurred while executing isAccountAdmin operation", e); + logger.error(EELFLoggerDelegate.errorLogger, "Exception occurred while executing isAccountAdmin operation", + e); } return false; } @@ -294,7 +461,8 @@ public class AdminRolesServiceImpl implements AdminRolesService { public boolean isUser(EPUser user) { try { EPUser currentUser = user != null - ? (EPUser) dataAccessService.getDomainObject(EPUser.class, user.getId(), null) : null; + ? (EPUser) dataAccessService.getDomainObject(EPUser.class, user.getId(), null) + : null; if (currentUser != null && currentUser.getId() != null) { for (EPUserApp userApp : currentUser.getEPUserApps()) { if (!userApp.getApp().getId().equals(ECOMP_APP_ID)) { @@ -318,10 +486,10 @@ public class AdminRolesServiceImpl implements AdminRolesService { @EPMetricsLog public List getRolesByApp(EPUser user, Long appId) { List list = new ArrayList<>(); - String sql = "SELECT * FROM FN_ROLE WHERE APP_ID = " + appId; + String sql = "SELECT * FROM FN_ROLE WHERE UPPER(ACTIVE_YN) = 'Y' AND APP_ID = " + appId; @SuppressWarnings("unchecked") List roles = dataAccessService.executeSQLQuery(sql, EPRole.class, null); - for (EPRole role: roles) { + for (EPRole role : roles) { list.add(role); } return list;