X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=ecomp-portal-BE-common%2Fsrc%2Fmain%2Fjava%2Forg%2Fopenecomp%2Fportalapp%2Fportal%2Fservice%2FUserRolesCommonServiceImpl.java;h=110bf2ec462838c03b706779fd8537e2a69c685b;hb=b6079b39fc1193a32223933f7d93c08a63809689;hp=588092100674620169a1f7fd806ed52e72924587;hpb=a0b9152f19c4f8dbd925635129d75af9785a1d4a;p=portal.git diff --git a/ecomp-portal-BE-common/src/main/java/org/openecomp/portalapp/portal/service/UserRolesCommonServiceImpl.java b/ecomp-portal-BE-common/src/main/java/org/openecomp/portalapp/portal/service/UserRolesCommonServiceImpl.java index 58809210..110bf2ec 100644 --- a/ecomp-portal-BE-common/src/main/java/org/openecomp/portalapp/portal/service/UserRolesCommonServiceImpl.java +++ b/ecomp-portal-BE-common/src/main/java/org/openecomp/portalapp/portal/service/UserRolesCommonServiceImpl.java @@ -1,25 +1,44 @@ /*- - * ================================================================================ - * ECOMP Portal - * ================================================================================ - * Copyright (C) 2017 AT&T Intellectual Property - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. + * ============LICENSE_START========================================== + * ONAP Portal + * =================================================================== + * Copyright © 2017 AT&T Intellectual Property. All rights reserved. + * =================================================================== + * + * Unless otherwise specified, all software contained herein is licensed + * under the Apache License, Version 2.0 (the “License”); + * you may not use this software except in compliance with the License. * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * + * + * http://www.apache.org/licenses/LICENSE-2.0 + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * ================================================================================ + * + * Unless otherwise specified, all documentation contained herein is licensed + * under the Creative Commons License, Attribution 4.0 Intl. (the “License”); + * you may not use this documentation except in compliance with the License. + * You may obtain a copy of the License at + * + * https://creativecommons.org/licenses/by/4.0/ + * + * Unless required by applicable law or agreed to in writing, documentation + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * ============LICENSE_END============================================ + * + * ECOMP is a trademark and service mark of AT&T Intellectual Property. */ package org.openecomp.portalapp.portal.service; +import java.io.IOException; import java.util.ArrayList; import java.util.Arrays; import java.util.Collection; @@ -30,17 +49,20 @@ import java.util.LinkedHashSet; import java.util.List; import java.util.Map; import java.util.Set; +import java.util.SortedSet; import java.util.TreeSet; +import java.util.stream.Collectors; import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.StringUtils; import org.apache.cxf.transport.http.HTTPException; -import org.hibernate.Query; import org.hibernate.SQLQuery; import org.hibernate.Session; import org.hibernate.SessionFactory; import org.hibernate.Transaction; +import org.json.JSONArray; +import org.json.JSONObject; import org.openecomp.portalapp.externalsystemapproval.model.ExternalSystemRoleApproval; import org.openecomp.portalapp.externalsystemapproval.model.ExternalSystemUser; import org.openecomp.portalapp.portal.domain.EPApp; @@ -48,18 +70,25 @@ import org.openecomp.portalapp.portal.domain.EPRole; import org.openecomp.portalapp.portal.domain.EPUser; import org.openecomp.portalapp.portal.domain.EPUserApp; import org.openecomp.portalapp.portal.domain.EPUserAppCatalogRoles; +import org.openecomp.portalapp.portal.domain.EPUserAppRoles; import org.openecomp.portalapp.portal.domain.EPUserAppRolesRequest; import org.openecomp.portalapp.portal.domain.EPUserAppRolesRequestDetail; -import org.openecomp.portalapp.portal.domain.EpUserAppRoles; import org.openecomp.portalapp.portal.domain.ExternalSystemAccess; import org.openecomp.portalapp.portal.logging.aop.EPMetricsLog; import org.openecomp.portalapp.portal.logging.format.EPAppMessagesEnum; import org.openecomp.portalapp.portal.logging.logic.EPLogUtil; import org.openecomp.portalapp.portal.transport.AppWithRolesForUser; +import org.openecomp.portalapp.portal.transport.CentralRole; +import org.openecomp.portalapp.portal.transport.EPUserAppCurrentRoles; +import org.openecomp.portalapp.portal.transport.EcompUserAppRoles; +import org.openecomp.portalapp.portal.transport.ExternalAccessUser; +import org.openecomp.portalapp.portal.transport.ExternalAccessUserRoleDetail; import org.openecomp.portalapp.portal.transport.ExternalRequestFieldsValidator; +import org.openecomp.portalapp.portal.transport.ExternalRoleDescription; import org.openecomp.portalapp.portal.transport.FieldsValidator; import org.openecomp.portalapp.portal.transport.FunctionalMenuItem; import org.openecomp.portalapp.portal.transport.FunctionalMenuRole; +import org.openecomp.portalapp.portal.transport.RemoteRole; import org.openecomp.portalapp.portal.transport.RemoteUserWithRoles; import org.openecomp.portalapp.portal.transport.RoleInAppForUser; import org.openecomp.portalapp.portal.transport.RolesInAppForUser; @@ -74,18 +103,23 @@ import org.openecomp.portalsdk.core.service.DataAccessService; import org.openecomp.portalsdk.core.service.RoleService; import org.openecomp.portalsdk.core.util.SystemProperties; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.http.HttpEntity; +import org.springframework.http.HttpHeaders; +import org.springframework.http.HttpMethod; +import org.springframework.http.ResponseEntity; +import org.springframework.web.client.RestTemplate; import com.fasterxml.jackson.core.JsonProcessingException; import com.fasterxml.jackson.databind.DeserializationFeature; import com.fasterxml.jackson.databind.ObjectMapper; @EPMetricsLog -public class UserRolesCommonServiceImpl { +public class UserRolesCommonServiceImpl { private static EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(UserRolesCommonServiceImpl.class); private static final Object syncRests = new Object(); - + @Autowired private DataAccessService dataAccessService; @Autowired @@ -100,11 +134,16 @@ public class UserRolesCommonServiceImpl { private EPRoleService epRoleService; @Autowired private RoleService roleService; - + + @Autowired + private ExternalAccessRolesService externalAccessRolesService; + + RestTemplate template = new RestTemplate(); + /** * * @param ecompRoles - * @return HashMap + * @return HashMap */ private static HashMap hashMapFromEcompRoles(EcompRole[] ecompRoles) { HashMap result = new HashMap(); @@ -117,7 +156,7 @@ public class UserRolesCommonServiceImpl { } return result; } - + /** * * @param userId @@ -155,16 +194,19 @@ public class UserRolesCommonServiceImpl { EcompPortalUtils.closeLocalSession(localSession, "searchOrCreateUser"); } } - + /** - * This method return nothing and remove roles before adding any roles for an app + * This method return nothing and remove roles before adding any roles for an + * app + * * @param userRole * @param appId * @param localSession * @param userAppRoles * @param newUserAppRolesMap */ - private static void syncUserRolesExtension(EPUserApp userRole, Long appId, Session localSession, EcompRole[] userAppRoles, HashMap newUserAppRolesMap) { + private static void syncUserRolesExtension(EPUserApp userRole, Long appId, Session localSession, + EcompRole[] userAppRoles, HashMap newUserAppRolesMap) { Long userAppRoleId = 0L; if (appId == PortalConstants.PORTAL_APP_ID) { // local app @@ -179,32 +221,32 @@ public class UserRolesCommonServiceImpl { newUserAppRolesMap.remove(userAppRoleId); } } - + /** * Checks whether the role is inactive - * + * * @param epRole * @throws Exception - * if role is inactive, throws exception + * if role is inactive, throws exception */ - private void checkIfRoleInactive(EPRole epRole) throws Exception{ - if(!epRole.getActive()){ - throw new Exception(epRole.getName()+ " role is unavailable"); + private void checkIfRoleInactive(EPRole epRole) throws Exception { + if (!epRole.getActive()) { + throw new Exception(epRole.getName() + " role is unavailable"); } } - + /** * * @param sessionFactory * @param userId * @param appId * @param userAppRoles - * @param extRequestValue - * set to false if request is from users page otherwise true + * @param extRequestValue + * set to false if request is from users page otherwise true * @throws Exception */ - protected void syncUserRoles(SessionFactory sessionFactory, String userId, Long appId, - EcompRole[] userAppRoles, Boolean extRequestValue, String reqType) throws Exception { + protected void syncUserRoles(SessionFactory sessionFactory, String userId, Long appId, EcompRole[] userAppRoles, + Boolean extRequestValue, String reqType) throws Exception { boolean result = false; Session localSession = null; Transaction transaction = null; @@ -225,28 +267,33 @@ public class UserRolesCommonServiceImpl { @SuppressWarnings("unchecked") List userRoles = localSession.createQuery("from " + EPUserApp.class.getName() + " where app.id=" + appId + roleActive + " and userId=" + client.getId()).list(); - + if ("DELETE".equals(reqType)) { for (EPUserApp userAppRoleList : userRoles) { userAppParams.put("roleName", String.valueOf(userAppRoleList.getRole().getName())); - userAppParams.put("appId", String.valueOf(appId)); + userAppParams.put("appId", String.valueOf(appId)); appParams.put("appRoleName", userAppRoleList.getRole().getName()); @SuppressWarnings("unchecked") - List rolesList = (!userAppRoleList.getRole().getName().equals(PortalConstants.ADMIN_ROLE)) ? (List) dataAccessService.executeNamedQuery("getAppRoles", userAppParams, null) : (List) dataAccessService.executeNamedQuery("getPortalAppRoles", appParams, null); - if(rolesList.size() > 0 || !rolesList.isEmpty()){ - checkIfRoleInactive(rolesList.get(0)); + List rolesList = (!userAppRoleList.getRole().getName() + .equals(PortalConstants.ADMIN_ROLE)) + ? (List) dataAccessService.executeNamedQuery("getAppRoles", + userAppParams, null) + : (List) dataAccessService.executeNamedQuery("getPortalAppRoles", + appParams, null); + if (rolesList.size() > 0 || !rolesList.isEmpty()) { + checkIfRoleInactive(rolesList.get(0)); } } } for (EPUserApp userRole : userRoles) { - if (!userRole.getRoleId().equals(PortalConstants.ACCOUNT_ADMIN_ROLE_ID) && userRole.getRoleId() != PortalConstants.SYS_ADMIN_ROLE_ID && !extRequestValue){ + if (!userRole.getRoleId().equals(PortalConstants.ACCOUNT_ADMIN_ROLE_ID) + && userRole.getRoleId() != PortalConstants.SYS_ADMIN_ROLE_ID && !extRequestValue) { syncUserRolesExtension(userRole, appId, localSession, userAppRoles, newUserAppRolesMap); - } - else if (extRequestValue && ("PUT".equals(reqType) || "POST".equals(reqType) || "DELETE".equals(reqType))){ + } else if (extRequestValue + && ("PUT".equals(reqType) || "POST".equals(reqType) || "DELETE".equals(reqType))) { syncUserRolesExtension(userRole, appId, localSession, userAppRoles, newUserAppRolesMap); - } - else if (extRequestValue && !userRole.getRoleId().equals(PortalConstants.ACCOUNT_ADMIN_ROLE_ID)){ + } else if (extRequestValue && !userRole.getRoleId().equals(PortalConstants.ACCOUNT_ADMIN_ROLE_ID)) { syncUserRolesExtension(userRole, appId, localSession, userAppRoles, newUserAppRolesMap); } } @@ -255,16 +302,15 @@ public class UserRolesCommonServiceImpl { EPApp app = (EPApp) localSession.get(EPApp.class, appId); HashMap rolesMap = new HashMap(); - if (appId == PortalConstants.PORTAL_APP_ID) { // local app - String appIdValue = null; - if(!extRequestValue){ - appIdValue = "and id != " + PortalConstants.PORTAL_APP_ID; - }else{ - appIdValue = ""; + if (appId.equals(PortalConstants.PORTAL_APP_ID)) { // local app + String appIdValue = ""; + if (!extRequestValue) { + appIdValue = "and id != " + PortalConstants.SYS_ADMIN_ROLE_ID; } @SuppressWarnings("unchecked") List roles = localSession - .createQuery("from " + EPRole.class.getName() + " where appId is null " + appIdValue).list(); + .createQuery("from " + EPRole.class.getName() + " where appId is null " + appIdValue) + .list(); for (EPRole role : roles) { role.setAppId(1L); rolesMap.put(role.getId(), role); @@ -274,19 +320,30 @@ public class UserRolesCommonServiceImpl { List roles = localSession .createQuery("from " + EPRole.class.getName() + " where appId=" + appId).list(); for (EPRole role : roles) { - rolesMap.put(role.getAppRoleId(), role); + if (!extRequestValue && app.getCentralAuth()) { + rolesMap.put(role.getId(), role); + } else { + rolesMap.put(role.getAppRoleId(), role); + } } } + EPRole role = null; for (EcompRole userRole : newRolesToAdd) { EPUserApp userApp = new EPUserApp(); - if (("PUT".equals(reqType) || "POST".equals(reqType)) && userRole.getName().equals(PortalConstants.ADMIN_ROLE)) { - role = (EPRole) localSession.get(EPRole.class, new Long(PortalConstants.ACCOUNT_ADMIN_ROLE_ID)); + if (("PUT".equals(reqType) || "POST".equals(reqType)) + && userRole.getName().equals(PortalConstants.ADMIN_ROLE)) { + role = (EPRole) localSession.get(EPRole.class, + new Long(PortalConstants.ACCOUNT_ADMIN_ROLE_ID)); userApp.setRole(role); - } else if (userRole.getId().equals(PortalConstants.ACCOUNT_ADMIN_ROLE_ID) && !extRequestValue){ - continue; + } else if ((userRole.getId().equals(PortalConstants.ACCOUNT_ADMIN_ROLE_ID)) + && !extRequestValue) { + continue; + } else if ((userRole.getId().equals(PortalConstants.SYS_ADMIN_ROLE_ID)) + && app.getId().equals(PortalConstants.PORTAL_APP_ID) && !extRequestValue) { + continue; } else { - userApp.setRole(rolesMap.get(userRole.getId())); + userApp.setRole(rolesMap.get(userRole.getId())); } userApp.setUserId(client.getId()); @@ -297,29 +354,28 @@ public class UserRolesCommonServiceImpl { if (appId == PortalConstants.PORTAL_APP_ID) { /* - * for local app -- hack - always make sure fn_role - * table's app_id is null and not 1 for primary app in - * this case being ecomp portal app; reason: hibernate - * is rightly setting this to 1 while persisting to - * fn_role as per the mapping but SDK role management - * code expects the app_id to be null as there is no + * for local app -- hack - always make sure fn_role table's app_id is null and + * not 1 for primary app in this case being ecomp portal app; reason: hibernate + * is rightly setting this to 1 while persisting to fn_role as per the mapping + * but SDK role management code expects the app_id to be null as there is no * concept of App_id in SDK */ + localSession.flush(); SQLQuery sqlQuery = localSession .createSQLQuery("update fn_role set app_id = null where app_id = 1 "); sqlQuery.executeUpdate(); - } } } transaction.commit(); result = true; } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, "syncUserRoles failed", e); EPLogUtil.logEcompError(logger, EPAppMessagesEnum.BeDaoSystemError, e); EcompPortalUtils.rollbackTransaction(transaction, - "Exception occurred in syncUserRoles, Details: " + EcompPortalUtils.getStackTrace(e)); - if("DELETE".equals(reqType)){ + "Exception occurred in syncUserRoles, Details: " + e.toString()); + if ("DELETE".equals(reqType)) { throw new Exception(e.getMessage()); } } finally { @@ -330,13 +386,13 @@ public class UserRolesCommonServiceImpl { } } } - + /** * Called when getting the list of roles for the user * * @param appRoles * @param userAppRoles - * @return List + * @return List */ protected List constructRolesInAppForUserGet(EcompRole[] appRoles, EcompRole[] userAppRoles) { List rolesInAppForUser = new ArrayList(); @@ -368,11 +424,12 @@ public class UserRolesCommonServiceImpl { * * @param appRoles * @param userAppRoles - * @param extRequestValue - * set to false if request is from users page otherwise true + * @param extRequestValue + * set to false if request is from users page otherwise true * @return List */ - protected List constructRolesInAppForUserGet(List appRoles, EPRole[] userAppRoles, Boolean extRequestValue) { + protected List constructRolesInAppForUserGet(List appRoles, EPRole[] userAppRoles, + Boolean extRequestValue) { List rolesInAppForUser = new ArrayList(); Set userAppRolesMap = new HashSet(); @@ -400,7 +457,6 @@ public class UserRolesCommonServiceImpl { return rolesInAppForUser; } - /** * copies of methods in GetAppsWithUserRoleState * @@ -412,7 +468,6 @@ public class UserRolesCommonServiceImpl { protected void syncAppRoles(SessionFactory sessionFactory, Long appId, EcompRole[] appRoles) throws Exception { logger.debug(EELFLoggerDelegate.debugLogger, "entering syncAppRoles for appId: " + appId); HashMap newRolesMap = hashMapFromEcompRoles(appRoles); - boolean result = false; Session localSession = null; Transaction transaction = null; @@ -444,21 +499,10 @@ public class UserRolesCommonServiceImpl { } } Collection newRolesToAdd = newRolesMap.values(); - for (EcompRole role : newRolesToAdd) { - logger.debug(EELFLoggerDelegate.debugLogger, "about to add missing role: " + role.toString()); - EPRole newRole = new EPRole(); - // Attention! All roles from remote application supposed to be - // active! - newRole.setActive(true); - newRole.setName(role.getName()); - newRole.setAppId(appId); - newRole.setAppRoleId(role.getId()); - localSession.save(newRole); - } if (obsoleteRoles.size() > 0) { - logger.debug(EELFLoggerDelegate.debugLogger, "we have obsolete roles to delete"); + logger.debug(EELFLoggerDelegate.debugLogger, "syncAppRoles: we have obsolete roles to delete"); for (EPRole role : obsoleteRoles) { - logger.debug(EELFLoggerDelegate.debugLogger, "obsolete role: " + role.toString()); + logger.debug(EELFLoggerDelegate.debugLogger, "syncAppRoles: obsolete role: " + role.toString()); Long roleId = role.getId(); // delete obsolete roles here // Must delete all records with foreign key constraints on @@ -474,13 +518,14 @@ public class UserRolesCommonServiceImpl { "from " + EPUserApp.class.getName() + " where app.id=" + appId + " and role_id=" + roleId) .list(); - logger.debug(EELFLoggerDelegate.debugLogger, "number of userRoles to delete: " + userRoles.size()); + logger.debug(EELFLoggerDelegate.debugLogger, + "syncAppRoles: number of userRoles to delete: " + userRoles.size()); for (EPUserApp userRole : userRoles) { logger.debug(EELFLoggerDelegate.debugLogger, - "about to delete userRole: " + userRole.toString()); + "syncAppRoles: about to delete userRole: " + userRole.toString()); localSession.delete(userRole); logger.debug(EELFLoggerDelegate.debugLogger, - "finished deleting userRole: " + userRole.toString()); + "syncAppRoles: finished deleting userRole: " + userRole.toString()); } // Delete from fn_menu_functional_roles @@ -490,7 +535,7 @@ public class UserRolesCommonServiceImpl { .list(); int numMenuRoles = funcMenuRoles.size(); logger.debug(EELFLoggerDelegate.debugLogger, - "number of funcMenuRoles for roleId: " + roleId + ": " + numMenuRoles); + "syncAppRoles: number of funcMenuRoles for roleId: " + roleId + ": " + numMenuRoles); for (FunctionalMenuRole funcMenuRole : funcMenuRoles) { Long menuId = funcMenuRole.menuId; // If this is the only role for this menu item, then the @@ -502,14 +547,14 @@ public class UserRolesCommonServiceImpl { .list(); int numMenuRoles2 = funcMenuRoles2.size(); logger.debug(EELFLoggerDelegate.debugLogger, - "number of funcMenuRoles for menuId: " + menuId + ": " + numMenuRoles2); + "syncAppRoles: number of funcMenuRoles for menuId: " + menuId + ": " + numMenuRoles2); localSession.delete(funcMenuRole); if (numMenuRoles2 == 1) { // If this is the only role for this menu item, then // the app and roles will be gone, // so must null out the url too, to be consistent logger.debug(EELFLoggerDelegate.debugLogger, - "There is exactly 1 menu item for this role, so emptying the url"); + "syncAppRoles: There is exactly 1 menu item for this role, so emptying the url"); @SuppressWarnings("unchecked") List funcMenuItems = localSession .createQuery( @@ -523,54 +568,40 @@ public class UserRolesCommonServiceImpl { } } } - - // Delete from fn_role_function - String sql = "DELETE FROM fn_role_function WHERE role_id=" + roleId; - logger.debug(EELFLoggerDelegate.debugLogger, "Executing query: " + sql); - Query query = localSession.createSQLQuery(sql); - query.executeUpdate(); - - // Delete from ep_role_notification - sql = "DELETE FROM ep_role_notification WHERE role_id=" + roleId; - logger.debug(EELFLoggerDelegate.debugLogger, "Executing query: " + sql); - query = localSession.createSQLQuery(sql); - query.executeUpdate(); - - // Delete from fn_role_composite - sql = "DELETE FROM fn_role_composite WHERE parent_role_id=" + roleId + " OR child_role_id=" - + roleId; - logger.debug(EELFLoggerDelegate.debugLogger, "Executing query: " + sql); - query = localSession.createSQLQuery(sql); - query.executeUpdate(); - - // Delete from fn_user_pseudo_role - sql = "DELETE FROM fn_user_pseudo_role WHERE pseudo_role_id=" + roleId; - logger.debug(EELFLoggerDelegate.debugLogger, "Executing query: " + sql); - query = localSession.createSQLQuery(sql); - query.executeUpdate(); - - logger.debug(EELFLoggerDelegate.debugLogger, "about to delete the role: " + role.toString()); + externalAccessRolesService.deleteRoleDependencyRecords(localSession, roleId, appId); + logger.debug(EELFLoggerDelegate.debugLogger, + "syncAppRoles: about to delete the role: " + role.toString()); localSession.delete(role); - logger.debug(EELFLoggerDelegate.debugLogger, "deleted the role"); + localSession.flush(); + logger.debug(EELFLoggerDelegate.debugLogger, "syncAppRoles: deleted the role"); } } - logger.debug(EELFLoggerDelegate.debugLogger, "about to commit the transaction"); + for (EcompRole role : newRolesToAdd) { + logger.debug(EELFLoggerDelegate.debugLogger, + "syncAppRoles: about to add missing role: " + role.toString()); + EPRole newRole = new EPRole(); + // Attention! All roles from remote application supposed to be + // active! + newRole.setActive(true); + newRole.setName(role.getName()); + newRole.setAppId(appId); + newRole.setAppRoleId(role.getId()); + localSession.save(newRole); + } + logger.debug(EELFLoggerDelegate.debugLogger, "syncAppRoles: about to commit the transaction"); transaction.commit(); - logger.debug(EELFLoggerDelegate.debugLogger, "committed the transaction"); - result = true; + logger.debug(EELFLoggerDelegate.debugLogger, "syncAppRoles: committed the transaction"); } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, "syncAppRoles failed", e); EPLogUtil.logEcompError(logger, EPAppMessagesEnum.BeDaoSystemError, e); EcompPortalUtils.rollbackTransaction(transaction, - "Exception occurred in syncAppRoles, Details: " + EcompPortalUtils.getStackTrace(e)); + "Exception occurred in syncAppRoles, Details: " + e.toString()); + throw new Exception(e); } finally { localSession.close(); - if (!result) { - throw new Exception( - "Exception occurred in syncAppRoles while closing database session for app: '" + appId + "'."); - } } } - + /** * Called when updating the list of roles for the user * @@ -594,7 +625,7 @@ public class UserRolesCommonServiceImpl { } return result; } - + /** * * @param roleInAppForUserList @@ -608,7 +639,7 @@ public class UserRolesCommonServiceImpl { } return false; } - + /** * Builds JSON and posts it to a remote application to update user roles. * @@ -634,11 +665,11 @@ public class UserRolesCommonServiceImpl { // even when it fails! return updateUserRolesInEcomp; } - + /** * * @param roleInAppForUserList - * @return Set + * @return Set */ protected Set constructUsersEcompRoles(List roleInAppForUserList) { Set existingUserRoles = new TreeSet(); @@ -652,18 +683,18 @@ public class UserRolesCommonServiceImpl { } return existingUserRoles; } - + /** * Constructs user app roles excluding Account Administrator role * * @param roleInAppForUserList - * @return - * List of roles with Role name, Role Id + * @return List of roles with Role name, Role Id */ protected Set constructUsersRemoteAppRoles(List roleInAppForUserList) { Set existingUserRoles = new TreeSet(); for (RoleInAppForUser roleInAppForUser : roleInAppForUserList) { - if (roleInAppForUser.isApplied && !roleInAppForUser.getRoleId().equals(PortalConstants.ACCOUNT_ADMIN_ROLE_ID)) { + if (roleInAppForUser.isApplied + && !roleInAppForUser.getRoleId().equals(PortalConstants.ACCOUNT_ADMIN_ROLE_ID)) { EcompRole ecompRole = new EcompRole(); ecompRole.setId(roleInAppForUser.roleId); ecompRole.setName(roleInAppForUser.roleName); @@ -672,16 +703,17 @@ public class UserRolesCommonServiceImpl { } return existingUserRoles; } - + /** * This is for a single app * * @param rolesInAppForUser - * @param externalSystemRequest - * set to false if requests from Users page otherwise true + * @param externalSystemRequest + * set to false if requests from Users page otherwise true * @return true on success, false otherwise */ - protected boolean applyChangesInUserRolesForAppToEcompDB(RolesInAppForUser rolesInAppForUser, boolean externalSystemRequest, String reqType) throws Exception { + protected boolean applyChangesInUserRolesForAppToEcompDB(RolesInAppForUser rolesInAppForUser, + boolean externalSystemRequest, String reqType) throws Exception { boolean result = false; String userId = rolesInAppForUser.orgUserId; Long appId = rolesInAppForUser.appId; @@ -691,8 +723,10 @@ public class UserRolesCommonServiceImpl { } if (rolesInAppForUser != null) { - EcompRole[] userAppRoles = new EcompRole[rolesInAppForUser.roles.size()]; - for (int i = 0; i < rolesInAppForUser.roles.size(); i++) { + EcompRole[] userAppRoles = new EcompRole[rolesInAppForUser.roles.stream().distinct() + .collect(Collectors.toList()).size()]; + for (int i = 0; i < rolesInAppForUser.roles.stream().distinct().collect(Collectors.toList()) + .size(); i++) { RoleInAppForUser roleInAppForUser = rolesInAppForUser.roles.get(i); EcompRole role = new EcompRole(); role.setId(roleInAppForUser.roleId); @@ -704,8 +738,9 @@ public class UserRolesCommonServiceImpl { result = true; } catch (Exception e) { logger.error(EELFLoggerDelegate.errorLogger, - "applyChangesInUserRolesForAppToEcompDB: failed to syncUserRoles for orgUserId " + userId, e); - if("DELETE".equals(reqType)){ + "applyChangesInUserRolesForAppToEcompDB: failed to syncUserRoles for orgUserId " + userId, + e); + if ("DELETE".equals(reqType)) { throw new Exception(e.getMessage()); } } @@ -713,7 +748,7 @@ public class UserRolesCommonServiceImpl { } return result; } - + /** * * @param appId @@ -729,7 +764,7 @@ public class UserRolesCommonServiceImpl { userWithRemoteAppRoles.setRoles(remoteUser.getRoles()); return userWithRemoteAppRoles; } - + /* * (non-Javadoc) * @@ -758,13 +793,79 @@ public class UserRolesCommonServiceImpl { return rolesList; } - + + /** + * It adds new user for remote application + * + * @param roleInAppForUserList + * @param remoteAppUser + * @param userId + * @param app + * @param mapper + * @param searchService + * @param applicationsRestClientService + * @return + * @throws Exception + */ + private EPUser addRemoteUser(List roleInAppForUserList, String userId, EPApp app, + ObjectMapper mapper, SearchService searchService, + ApplicationsRestClientService applicationsRestClientService) throws Exception { + EPUser addRemoteUser = null; + if (remoteUserShouldBeCreated(roleInAppForUserList)) { + + createNewUserOnRemoteApp(userId, app, applicationsRestClientService, searchService, mapper, + isAppUpgradeVersion(app)); + // If we succeed, we know that the new user was + // persisted on remote app. + addRemoteUser = getUserFromApp(userId, app, applicationsRestClientService); + if (addRemoteUser == null) { + logger.error(EELFLoggerDelegate.errorLogger, + "Failed to persist new user: " + userId + " in remote app. appId = " + app.getId()); + // return null; + } + } + return addRemoteUser; + } + + /** + * It checks whether the remote user exists or not if exits returns user object + * else null + * + * @param userId + * @param app + * @param applicationsRestClientService + * @return + * @throws HTTPException + */ + private EPUser checkIfRemoteUserExits(String userId, EPApp app, + ApplicationsRestClientService applicationsRestClientService) throws HTTPException { + EPUser checkRemoteUser = null; + try { + checkRemoteUser = getUserFromApp(userId, app, applicationsRestClientService); + } catch (HTTPException e) { + // Some apps are returning 400 if user is not found. + if (e.getResponseCode() == 400) { + logger.debug(EELFLoggerDelegate.debugLogger, + "setAppWithUserRoleStateForUser: getuserFromApp threw exception with response code 400; continuing", + e); + } else if (e.getResponseCode() == 404) { + logger.debug(EELFLoggerDelegate.debugLogger, + "setAppWithUserRoleStateForUser: getuserFromApp threw exception with response code 404; continuing", + e); + } else { + // Other response code, let it come thru. + throw e; + } + } + return checkRemoteUser; + } + /* * (non-Javadoc) * * @see org.openecomp.portalapp.portal.service.UserRolesService# - * setAppWithUserRoleStateForUser(org.openecomp.portalapp.portal.domain. - * EPUser, org.openecomp.portalapp.portal.transport.AppWithRolesForUser) + * setAppWithUserRoleStateForUser(org.openecomp.portalapp.portal.domain. EPUser, + * org.openecomp.portalapp.portal.transport.AppWithRolesForUser) */ public boolean setAppWithUserRoleStateForUser(EPUser user, AppWithRolesForUser newAppRolesForUser) { boolean result = false; @@ -783,64 +884,65 @@ public class UserRolesCommonServiceImpl { EPApp app = appsService.getApp(appId); applyChangesToUserAppRolesForMyLoginsRequest(user, appId); - // if local app - if (appId == PortalConstants.PORTAL_APP_ID) { - // EPUser localUser = getUserFromApp(userId, app, applicationsRestClientService); + // if centralized app + if (app.getCentralAuth()) { + // We should add If user does not exist in remote application + if (!app.getId().equals(PortalConstants.PORTAL_APP_ID)) { + EPUser remoteAppUser = null; + remoteAppUser = checkIfRemoteUserExits(userId, app, applicationsRestClientService); + + if (remoteAppUser == null) { + addRemoteUser(roleInAppForUserList, userId, app, mapper, searchService, + applicationsRestClientService); + } + } + Set userRolesInLocalApp = postUsersRolesToLocalApp(roleInAppForUserList, mapper, applicationsRestClientService, appId, userId); RolesInAppForUser rolesInAppForUser = constructRolesInAppForUserUpdate(userId, appId, userRolesInLocalApp); - result = applyChangesInUserRolesForAppToEcompDB(rolesInAppForUser, epRequestValue, null); - + List roleAppUserList = rolesInAppForUser.roles; + // Apply changes in external Access system + updateUserRolesInExternalSystem(app, rolesInAppForUser.orgUserId, roleAppUserList, epRequestValue); + result = applyChangesInUserRolesForAppToEcompDB(rolesInAppForUser, epRequestValue, "Portal"); + } + // In case if portal is not centralized then follow existing approach + else if (!app.getCentralAuth() && app.getId().equals(PortalConstants.PORTAL_APP_ID)) { + Set userRolesInLocalApp = postUsersRolesToLocalApp(roleInAppForUserList, mapper, + applicationsRestClientService, appId, userId); + RolesInAppForUser rolesInAppForUser = constructRolesInAppForUserUpdate(userId, appId, + userRolesInLocalApp); + result = applyChangesInUserRolesForAppToEcompDB(rolesInAppForUser, epRequestValue, "Portal"); } else {// remote app EPUser remoteAppUser = null; - try { - remoteAppUser = getUserFromApp(userId, app, applicationsRestClientService); - } catch (HTTPException e) { - // Some apps are returning 400 if user is not found. - if (e.getResponseCode() == 400) { - logger.debug(EELFLoggerDelegate.debugLogger, - "setAppWithUserRoleStateForUser: getuserFromApp threw exception with response code 400; continuing", - e); - } else { - // Other response code, let it come thru. - throw e; - } - } - if (remoteAppUser == null) { - if (remoteUserShouldBeCreated(roleInAppForUserList)) { - - createNewUserOnRemoteApp(userId, app, applicationsRestClientService, searchService, mapper, isAppUpgradeVersion(app)); - // If we succeed, we know that the new user was - // persisted on remote app. - remoteAppUser = getUserFromApp(userId, app, applicationsRestClientService); - if (remoteAppUser == null) { - logger.error(EELFLoggerDelegate.errorLogger, - "Failed to persist new user: " + userId + " in remote app. appId = " + appId); - // return null; - } + if (!app.getCentralAuth() && !app.getId().equals(PortalConstants.PORTAL_APP_ID)) { + + remoteAppUser = checkIfRemoteUserExits(userId, app, applicationsRestClientService); + + if (remoteAppUser == null) { + remoteAppUser = addRemoteUser(roleInAppForUserList, userId, app, mapper, searchService, + applicationsRestClientService); } - } - if (remoteAppUser != null) { - Set userRolesInRemoteApp = postUsersRolesToRemoteApp(roleInAppForUserList, mapper, - applicationsRestClientService, appId, userId); - RolesInAppForUser rolesInAppForUser = constructRolesInAppForUserUpdate(userId, appId, - userRolesInRemoteApp); - result = applyChangesInUserRolesForAppToEcompDB(rolesInAppForUser, epRequestValue, null); + if (remoteAppUser != null) { + Set userRolesInRemoteApp = postUsersRolesToRemoteApp(roleInAppForUserList, + mapper, applicationsRestClientService, appId, userId); + RolesInAppForUser rolesInAppForUser = constructRolesInAppForUserUpdate(userId, appId, + userRolesInRemoteApp); + result = applyChangesInUserRolesForAppToEcompDB(rolesInAppForUser, epRequestValue, null); - // If no roles remain, request app to set user inactive. - if (userRolesInRemoteApp.size() == 0) { - logger.debug(EELFLoggerDelegate.debugLogger, - "setAppWithUserRoleStateForUser: no roles in app {}, set user {} to inactive", app, - userId); - remoteAppUser.setActive(false); - postUserToRemoteApp(userId, user, app, applicationsRestClientService); + // If no roles remain, request app to set user inactive. + if (userRolesInRemoteApp.size() == 0) { + logger.debug(EELFLoggerDelegate.debugLogger, + "setAppWithUserRoleStateForUser: no roles in app {}, set user {} to inactive", + app, userId); + remoteAppUser.setActive(false); + postUserToRemoteApp(userId, user, app, applicationsRestClientService); + } } } } } catch (Exception e) { - String message = String.format( - "Failed to create user or update user roles for User %s, AppId %s", + String message = String.format("Failed to create user or update user roles for User %s, AppId %s", userId, Long.toString(appId)); logger.error(EELFLoggerDelegate.errorLogger, message, e); result = false; @@ -849,7 +951,166 @@ public class UserRolesCommonServiceImpl { } return result; } - + + /** + * It adds user roles in External system and also make data consistent in both + * local and in External System + * + * @param app + * details + * @param orgUserId + * @param roleInAppUser + * Contains list of active roles + */ + @SuppressWarnings("unchecked") + private void updateUserRolesInExternalSystem(EPApp app, String orgUserId, List roleInAppUser, + boolean isPortalRequest) { + try { + // check if user exists + final Map userParams = new HashMap<>(); + userParams.put("orgUserIdValue", orgUserId); + List userInfo = checkIfUserExists(userParams); + if (userInfo.isEmpty()) { + createLocalUserIfNecessary(orgUserId); + } + String name = ""; + if (EPCommonSystemProperties + .containsProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_USER_DOMAIN)) { + name = orgUserId + + SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_USER_DOMAIN); + } + ObjectMapper mapper = new ObjectMapper(); + HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth(); + HttpEntity getUserRolesEntity = new HttpEntity<>(headers); + logger.debug(EELFLoggerDelegate.debugLogger, "Connecting to external system to get current user roles"); + ResponseEntity getResponse = template + .exchange(SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + + "roles/user/" + name, HttpMethod.GET, getUserRolesEntity, String.class); + if (getResponse.getStatusCode().value() == 200) { + logger.debug(EELFLoggerDelegate.debugLogger, + "updateUserRolesInExternalSystem: Finished GET user roles from external system and received user roles {}", + getResponse.getBody()); + + } + List userRoleDetailList = new ArrayList<>(); + String res = getResponse.getBody(); + JSONObject jsonObj = null; + JSONArray extRoles = null; + if (!res.equals("{}")) { + jsonObj = new JSONObject(res); + extRoles = jsonObj.getJSONArray("role"); + } + ExternalAccessUserRoleDetail userRoleDetail = null; + if (extRoles != null) { + for (int i = 0; i < extRoles.length(); i++) { + if (extRoles.getJSONObject(i).getString("name").startsWith(app.getNameSpace() + ".") + && !extRoles.getJSONObject(i).getString("name").equals(app.getNameSpace() + ".admin") + && !extRoles.getJSONObject(i).getString("name").equals(app.getNameSpace() + ".owner")) { + ObjectMapper descMapper = new ObjectMapper(); + if (extRoles.getJSONObject(i).has("description")) { + ExternalRoleDescription desc = descMapper.readValue( + extRoles.getJSONObject(i).getString("description"), ExternalRoleDescription.class); + userRoleDetail = new ExternalAccessUserRoleDetail( + extRoles.getJSONObject(i).getString("name"), desc); + userRoleDetailList.add(userRoleDetail); + } else { + userRoleDetail = new ExternalAccessUserRoleDetail( + extRoles.getJSONObject(i).getString("name"), null); + userRoleDetailList.add(userRoleDetail); + } + + } + } + } + // If request coming from portal not from external role approval system then we + // have to check if user already + // have account admin or system admin as GUI will not send these roles + if (!isPortalRequest) { + final Map loginIdParams = new HashMap<>(); + loginIdParams.put("orgUserIdValue", orgUserId); + EPUser user = (EPUser) dataAccessService.executeNamedQuery("epUserAppId", loginIdParams, null).get(0); + final Map params = new HashMap<>(); + params.put("appId", app.getId()); + params.put("userId", user.getId()); + List userAppList = dataAccessService.executeNamedQuery("getUserAppExistingRoles", + params, null); + if (!roleInAppUser.isEmpty()) { + for (EcompUserAppRoles userApp : userAppList) { + if (userApp.getRoleId().equals(PortalConstants.SYS_ADMIN_ROLE_ID) + || userApp.getRoleId().equals(PortalConstants.ACCOUNT_ADMIN_ROLE_ID)) { + RoleInAppForUser addSpecialRole = new RoleInAppForUser(); + addSpecialRole.setIsApplied(true); + addSpecialRole.setRoleId(userApp.getRoleId()); + addSpecialRole.setRoleName(userApp.getRoleName()); + roleInAppUser.add(addSpecialRole); + } + } + } + } + List roleInAppUserNonDupls = roleInAppUser.stream().distinct() + .collect(Collectors.toList()); + final Map currentUserRolesToUpdate = new HashMap<>(); + for (RoleInAppForUser roleInAppUserNew : roleInAppUser) { + currentUserRolesToUpdate.put(roleInAppUserNew.getRoleName(), roleInAppUserNew); + } + final Map currentUserRolesInExternalSystem = new HashMap<>(); + for (ExternalAccessUserRoleDetail extAccessUserRole : userRoleDetailList) { + currentUserRolesInExternalSystem.put(extAccessUserRole.getName(), extAccessUserRole); + } + // Check if roles does not exists in local but still there in External Central + // Auth System delete them all + for (ExternalAccessUserRoleDetail userRole : userRoleDetailList) { + if (!(currentUserRolesToUpdate + .containsKey(userRole.getName().substring(app.getNameSpace().length() + 1).replaceAll("_", " ")) + || currentUserRolesToUpdate + .containsKey(userRole.getName().substring(app.getNameSpace().length() + 1)))) { + HttpEntity entity = new HttpEntity<>(headers); + logger.debug(EELFLoggerDelegate.debugLogger, + "updateUserRolesInExternalSystem: Connecting to external system to DELETE user role {}", + userRole); + ResponseEntity deleteResponse = template.exchange( + SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + + "userRole/" + name + "/" + userRole.getName(), + HttpMethod.DELETE, entity, String.class); + logger.debug(EELFLoggerDelegate.debugLogger, + "updateUserRolesInExternalSystem: Finished DELETE operation in external system for user role {} and the response is {}", + userRole, deleteResponse.getBody()); + } + } + // Check if user roles does not exists in External Central Auth System add them + // all + for (RoleInAppForUser addUserRole : roleInAppUserNonDupls) { + if (!(currentUserRolesInExternalSystem + .containsKey(app.getNameSpace() + "." + addUserRole.getRoleName().replaceAll(" ", "_")))) { + ExternalAccessUser extUser = new ExternalAccessUser(name, + app.getNameSpace() + "." + addUserRole.getRoleName().replaceAll(" ", "_")); + String formattedUserRole = mapper.writeValueAsString(extUser); + HttpEntity entity = new HttpEntity<>(formattedUserRole, headers); + logger.debug(EELFLoggerDelegate.debugLogger, + "updateUserRolesInExternalSystem: Connecting to external system and adding user role", + addUserRole.getRoleName()); + ResponseEntity addResponse = template + .exchange(SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + + "userRole", HttpMethod.POST, entity, String.class); + logger.debug(EELFLoggerDelegate.debugLogger, + "updateUserRolesInExternalSystem: Finished adding user role in external system {} and added user role {}", + getResponse.getBody(), addUserRole.getRoleName()); + if (addResponse.getStatusCode().value() != 201 && addResponse.getStatusCode().value() != 404) { + logger.debug(EELFLoggerDelegate.debugLogger, + "Finished POST operation in external system but unable to save user role", + getResponse.getBody(), addUserRole.getRoleName()); + throw new Exception(addResponse.getBody()); + } + } + } + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, + "updateUserRolesInExternalSystem: Failed to add user role for application {} due to {}", + app.getId(), e); + } + + } + /** * * @param userId @@ -863,30 +1124,30 @@ public class UserRolesCommonServiceImpl { ApplicationsRestClientService applicationsRestClientService, SearchService searchService, ObjectMapper mapper, boolean postOpenSource) throws Exception { - - EPUser client = searchService.searchUserByUserId(userId); - - mapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false); - - if (client == null) { - String msg = "cannot create user " + userId + ", because he/she cannot be found in phonebook."; - logger.error(EELFLoggerDelegate.errorLogger, msg); - throw new Exception(msg); - } + EPUser client = searchService.searchUserByUserId(userId); - client.setLoginId(userId); - client.setActive(true); + mapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false); + + if (client == null) { + String msg = "cannot create user " + userId + ", because he/she cannot be found in phonebook."; + logger.error(EELFLoggerDelegate.errorLogger, msg); + throw new Exception(msg); + } - String userInString = null; - userInString = mapper.writerFor(EPUser.class).writeValueAsString(client); - logger.debug(EELFLoggerDelegate.debugLogger, - "about to post new client to remote application, users json = " + userInString); - applicationsRestClientService.post(EPUser.class, app.getId(), userInString, String.format("/user", userId)); + client.setLoginId(userId); + client.setActive(true); + + String userInString = null; + userInString = mapper.writerFor(EPUser.class).writeValueAsString(client); + logger.debug(EELFLoggerDelegate.debugLogger, + "about to post new client to remote application, users json = " + userInString); + applicationsRestClientService.post(EPUser.class, app.getId(), userInString, String.format("/user", userId)); } - + @SuppressWarnings("unchecked") - protected void applyChangesToAppRolesRequest(Long appId, Long userId, String updateStatus, EPUserAppRolesRequest epUserAppRolesRequest) { + protected void applyChangesToAppRolesRequest(Long appId, Long userId, String updateStatus, + EPUserAppRolesRequest epUserAppRolesRequest) { final Map epRequestParams = new HashMap<>(); try { EPUserAppRolesRequest epAppRolesRequestData = epUserAppRolesRequest; @@ -915,7 +1176,7 @@ public class UserRolesCommonServiceImpl { logger.error(EELFLoggerDelegate.errorLogger, "applyChangesToAppRolesRequest failed", e); } } - + @SuppressWarnings("unchecked") public void applyChangesToUserAppRolesForMyLoginsRequest(EPUser user, Long appId) { final Map params = new HashMap<>(); @@ -954,7 +1215,7 @@ public class UserRolesCommonServiceImpl { logger.error(EELFLoggerDelegate.errorLogger, "applyChangesToUserAppRolesRequest failed", e); } } - + /** * Pushes specified user details to the specified remote app. * @@ -969,30 +1230,29 @@ public class UserRolesCommonServiceImpl { */ protected void postUserToRemoteApp(String userId, EPUser user, EPApp app, ApplicationsRestClientService applicationsRestClientService) throws HTTPException { - - getUser(userId, app, applicationsRestClientService); - + + getUser(userId, app, applicationsRestClientService); + } - + /** * It returns user details for single org user id * * @param userParams - * @return - * if user exists it returns list of user details otherwise empty value + * @return if user exists it returns list of user details otherwise empty value */ @SuppressWarnings("unchecked") - private List checkIfUserExists(Map userParams){ - return (List)dataAccessService.executeNamedQuery("epUserAppId", userParams, null); + private List checkIfUserExists(Map userParams) { + return (List) dataAccessService.executeNamedQuery("epUserAppId", userParams, null); } - + /** * It checks whether the new user is valid or not otherwise throws exception * * @param orgUserId * @param app - * @return - * Checks if user is valid and returns message otherwise throws exception + * @return Checks if user is valid and returns message otherwise throws + * exception * @throws Exception */ private String validateNewUser(String orgUserId, EPApp app) throws Exception { @@ -1006,29 +1266,30 @@ public class UserRolesCommonServiceImpl { } return "Saved Successfully"; } - + /** - * Checks if the fields exists or not - * + * Checks if the fields exists or not + * * @param userList - * contains user information + * contains user information * @param app - * contains app name + * contains app name * @throws Exception - * throws exception if the field is not valid + * throws exception if the field is not valid */ - private void validateExternalRequestFields(List userList, EPApp app) throws Exception{ - if (userList.size() == 0 || userList.isEmpty() ) { + private void validateExternalRequestFields(List userList, EPApp app) throws Exception { + if (userList.size() == 0 || userList.isEmpty()) { throw new Exception("User does not exist"); - } else if(app == null) { + } else if (app == null) { throw new Exception("Application does not exist"); - } else if(!app.getEnabled() && !app.getId().equals(PortalConstants.PORTAL_APP_ID)) { - throw new Exception(app.getMlAppName()+" application is unavailable"); + } else if (!app.getEnabled() && !app.getId().equals(PortalConstants.PORTAL_APP_ID)) { + throw new Exception(app.getMlAppName() + " application is unavailable"); } } - + @SuppressWarnings("unchecked") - public ExternalRequestFieldsValidator setExternalRequestUserAppRole(ExternalSystemUser newAppRolesForUser, String reqType) { + public ExternalRequestFieldsValidator setExternalRequestUserAppRole(ExternalSystemUser newAppRolesForUser, + String reqType) { boolean result = false; boolean externalSystemRequest = true; final Map params = new HashMap<>(); @@ -1044,7 +1305,7 @@ public class UserRolesCommonServiceImpl { orgUserId = newAppRolesForUser.getLoginId().trim(); } String appName = newAppRolesForUser.getApplicationName(); - String logMessage = ("DELETE").equals(reqType) ? "Deleting": "Assigning/Updating" ; + String logMessage = ("DELETE").equals(reqType) ? "Deleting" : "Assigning/Updating"; if (orgUserId.length() > 0) { ObjectMapper mapper = new ObjectMapper(); mapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false); @@ -1066,97 +1327,144 @@ public class UserRolesCommonServiceImpl { .executeNamedQuery("userAppRolesRequestList", params, null); epRequestIdSize = epRequestId.size(); } - if(!app.getId().equals(PortalConstants.PORTAL_APP_ID)){ - EcompRole[] appRoles = applicationsRestClientService.get(EcompRole[].class, app.getId(), "/roles"); - syncAppRoles(sessionFactory, app.getId(), appRoles); + + // If Non-Centralized app make sure you sync app roles before assigning to user + if (!app.getId().equals(PortalConstants.PORTAL_APP_ID) && !app.getCentralAuth()) { + EcompRole[] appRoles = applicationsRestClientService.get(EcompRole[].class, app.getId(), "/roles"); + syncAppRoles(sessionFactory, app.getId(), appRoles); } - List roleInAppForUserList = roleInAppForUserList(newAppRolesForUser.getRoles(), app.getId(), app.getMlAppName()); - // if local app - if (app.getId() == PortalConstants.PORTAL_APP_ID) { - // EPUser localUser = getUserFromApp(orgUserId, app, applicationsRestClientService); + List userRoleList = null; + if (!userInfo.isEmpty()) { + final Map appParams = new HashMap<>(); + appParams.put("userId", userId.getId()); + appParams.put("appId", app.getId()); + userRoleList = dataAccessService.executeNamedQuery("getUserAppExistingRoles", appParams, null); + } + // Check if list contains just account admin role + boolean checkIfAdminRoleExists = false; + if (reqType.equals("DELETE") && userRoleList != null) { + checkIfAdminRoleExists = userRoleList.stream() + .anyMatch(userRole -> userRole.getRoleId().equals(PortalConstants.ACCOUNT_ADMIN_ROLE_ID)); + } else { + checkIfAdminRoleExists = roleInAppForUserList.stream() + .anyMatch(roleList -> roleList.getRoleId().equals(PortalConstants.ACCOUNT_ADMIN_ROLE_ID)); + } + // if Centralized app + if (app.getCentralAuth()) { + // We should add If user does not exist in remote application + try { + // If adding just account admin role dont make remote application user call + if (!app.getId().equals(PortalConstants.PORTAL_APP_ID) + && !(checkIfAdminRoleExists && reqType.equals("DELETE")) + && roleInAppForUserList.size() > 1) { + EPUser remoteAppUser = null; + remoteAppUser = checkIfRemoteUserExits(orgUserId, app, applicationsRestClientService); + if (remoteAppUser == null) { + addRemoteUser(roleInAppForUserList, orgUserId, app, mapper, searchService, + applicationsRestClientService); + reqMessage = "Saved Successfully"; + } + } + } catch (Exception e) { + reqMessage = e.getMessage(); + logger.error(EELFLoggerDelegate.errorLogger, + "setExternalRequestUserAppRole: Failed to added remote user", e); + throw new Exception(reqMessage); + } + Set userRolesInLocalApp = postUsersRolesToLocalApp(roleInAppForUserList, mapper, + applicationsRestClientService, app.getId(), orgUserId); + RolesInAppForUser rolesInAppForUser = constructRolesInAppForUserUpdate(orgUserId, app.getId(), + userRolesInLocalApp); + List roleAppUserList = rolesInAppForUser.roles; + // Apply changes in external Access system + updateUserRolesInExternalSystem(app, rolesInAppForUser.orgUserId, roleAppUserList, + externalSystemRequest); + logger.info(EELFLoggerDelegate.debugLogger, + "setExternalRequestUserAppRole: {} user app roles: for app {}, user {}", logMessage, + newAppRolesForUser.getApplicationName(), newAppRolesForUser.getLoginId()); + result = applyChangesInUserRolesForAppToEcompDB(rolesInAppForUser, externalSystemRequest, reqType); + } + // If local application is not centralized + else if (!app.getCentralAuth() && app.getId().equals(PortalConstants.PORTAL_APP_ID)) { Set userRolesInLocalApp = postUsersRolesToLocalApp(roleInAppForUserList, mapper, applicationsRestClientService, app.getId(), orgUserId); RolesInAppForUser rolesInAppForUser = constructRolesInAppForUserUpdate(orgUserId, app.getId(), userRolesInLocalApp); - logger.info(EELFLoggerDelegate.debugLogger, "{} user app roles: for app {}, user {}", - logMessage, newAppRolesForUser.getApplicationName(), newAppRolesForUser.getLoginId()); result = applyChangesInUserRolesForAppToEcompDB(rolesInAppForUser, externalSystemRequest, reqType); } else {// remote app - EPUser remoteAppUser = null; - try { - remoteAppUser = getUserFromApp(orgUserId, app, applicationsRestClientService); - } catch (HTTPException e) { - // Some apps are returning 400 if user is not found. - if (e.getResponseCode() == 400) { - logger.debug(EELFLoggerDelegate.debugLogger, - "setAppWithUserRoleStateForUser: getuserFromApp threw exception with response code 400; continuing", - e); - } else { - // Other response code, let it come thru. - throw e; - } - } - if (remoteAppUser == null) { - createNewUserOnRemoteApp(orgUserId, app, applicationsRestClientService, searchService, mapper, - isAppUpgradeVersion(app)); - // If we succeed, we know that the new user was - // persisted on remote app. - remoteAppUser = getUserFromApp(orgUserId, app, applicationsRestClientService); + // If adding just account admin role don't do remote application user call + if (!((roleInAppForUserList.size() == 1 || reqType.equals("DELETE")) && checkIfAdminRoleExists)) { + EPUser remoteAppUser = null; + remoteAppUser = checkIfRemoteUserExits(orgUserId, app, applicationsRestClientService); if (remoteAppUser == null) { - logger.error(EELFLoggerDelegate.errorLogger, "Failed to persist new user: " + orgUserId - + " in remote app. appId = " + app.getId()); - // return null; + remoteAppUser = addRemoteUser(roleInAppForUserList, orgUserId, app, mapper, searchService, + applicationsRestClientService); + reqMessage = "Saved Successfully"; } - reqMessage = "Saved Successfully"; - } - if (remoteAppUser != null) { + if (remoteAppUser != null) { Set userRolesInRemoteApp = postUsersRolesToRemoteApp(roleInAppForUserList, - mapper, applicationsRestClientService, app.getId(), orgUserId); - + mapper, applicationsRestClientService, app.getId(), orgUserId); + RolesInAppForUser rolesInAppForUser = constructRolesInAppForUserUpdate(orgUserId, app.getId(), userRolesInRemoteApp); - logger.info(EELFLoggerDelegate.debugLogger, "{} user app roles: for app {}, user {}", - logMessage, newAppRolesForUser.getApplicationName(), newAppRolesForUser.getLoginId()); - result = applyChangesInUserRolesForAppToEcompDB(rolesInAppForUser, externalSystemRequest, reqType); + logger.info(EELFLoggerDelegate.debugLogger, + "setExternalRequestUserAppRole: {} user app roles: for app {}, user {}", logMessage, + newAppRolesForUser.getApplicationName(), newAppRolesForUser.getLoginId()); + result = applyChangesInUserRolesForAppToEcompDB(rolesInAppForUser, externalSystemRequest, + reqType); // If no roles remain, request app to set user inactive. - /*if (userRolesInRemoteApp.size() == 0) { - logger.debug(EELFLoggerDelegate.debugLogger, - "setAppWithUserRoleStateForUser: no roles in app {}, set user {} to inactive", app, - orgUserId); - //TODO Need to fix the logged in user is not set to inactive - remoteAppUser.setActive(false); - postUserToRemoteApp(orgUserId, user, app, applicationsRestClientService); - }*/ + /* + * if (userRolesInRemoteApp.size() == 0) { + * logger.debug(EELFLoggerDelegate.debugLogger, + * "setAppWithUserRoleStateForUser: no roles in app {}, set user {} to inactive" + * , app, orgUserId); //TODO Need to fix the logged in user is not set to + * inactive remoteAppUser.setActive(false); postUserToRemoteApp(orgUserId, user, + * app, applicationsRestClientService); } + */ + } + } else { + // Here we are adding only we have single account admin in roleInAppForUserList + // and this should not add in remote + if (!(reqType.equals("DELETE")) && userInfo.isEmpty()) { + reqMessage = "Saved Successfully"; + } + Set userRolesInRemoteApp = constructUsersEcompRoles(roleInAppForUserList); + RolesInAppForUser rolesInAppForUser = constructRolesInAppForUserUpdate(orgUserId, app.getId(), + userRolesInRemoteApp); + logger.info(EELFLoggerDelegate.debugLogger, + "setExternalRequestUserAppRole: {} user app roles: for app {}, user {}", logMessage, + newAppRolesForUser.getApplicationName(), newAppRolesForUser.getLoginId()); + result = applyChangesInUserRolesForAppToEcompDB(rolesInAppForUser, externalSystemRequest, + reqType); } - if(!result){ + if (!result) { reqMessage = "Failed to save the user app role(s)"; } if (epRequestIdSize > 0 && !userInfo.isEmpty()) { updateStatus = "C"; applyChangesToAppRolesRequest(app.getId(), userId.getId(), updateStatus, epRequestId.get(0)); } - } } catch (Exception e) { - String message = String.format("Failed to create user or update user roles for User %s, AppId %s", + String message = String.format( + "setExternalRequestUserAppRole: Failed to create user or update user roles for User %s, AppId %s", orgUserId, appName); logger.error(EELFLoggerDelegate.errorLogger, message, e); result = false; reqMessage = e.getMessage(); - if(epRequestIdSize > 0 && !userInfo.isEmpty()){ - updateStatus = "F"; - applyChangesToAppRolesRequest(app.getId(), userId.getId(), - updateStatus, epRequestId.get(0)); - } + if (epRequestIdSize > 0 && userInfo != null && !userInfo.isEmpty()) { + updateStatus = "F"; + applyChangesToAppRolesRequest(app.getId(), userId.getId(), updateStatus, epRequestId.get(0)); + } } } return new ExternalRequestFieldsValidator(result, reqMessage); } - + /** * * @param roleInAppForUserList @@ -1164,7 +1472,7 @@ public class UserRolesCommonServiceImpl { * @param applicationsRestClientService * @param appId * @param userId - * @return Set + * @return Set * @throws JsonProcessingException * @throws HTTPException */ @@ -1174,16 +1482,16 @@ public class UserRolesCommonServiceImpl { Set updatedUserRoles = constructUsersEcompRoles(roleInAppForUserList); return updatedUserRoles; } - + /** - * It constructs and returns list of user app roles when the external API role approval system calls - * this method + * It constructs and returns list of user app roles when the external API role + * approval system calls this method * * @param roleInAppForUserList * @param appId * @return list of user app roles * @throws Exception - * throws exceptions if role id does not exits + * throws exceptions if role id does not exits */ private List roleInAppForUserList(List roleInAppForUserList, Long appId, String appName) throws Exception { @@ -1195,14 +1503,18 @@ public class UserRolesCommonServiceImpl { if (existingAppRole == null) { logger.error(EELFLoggerDelegate.errorLogger, "roleInAppForUserList failed for the roles {}", roleInAppForUserList); - throw new Exception("'" +roleInAppForUser.getRoleName() + "'" +" role does not exist for " + appName + " application"); + throw new Exception("'" + roleInAppForUser.getRoleName() + "'" + " role does not exist for " + appName + + " application"); } if (!existingAppRole.getActive()) { logger.error(EELFLoggerDelegate.errorLogger, "roleInAppForUserList failed for the roles {}", roleInAppForUserList); - throw new Exception(roleInAppForUser.getRoleName() + " role is unavailable for "+ appName + " application"); + throw new Exception( + roleInAppForUser.getRoleName() + " role is unavailable for " + appName + " application"); } else { - ecompRole.roleId = (appId == 1 || roleInAppForUser.getRoleName().equals(PortalConstants.ADMIN_ROLE)) ? existingAppRole.getId() : existingAppRole.getAppRoleId(); + ecompRole.roleId = (appId == 1 || roleInAppForUser.getRoleName().equals(PortalConstants.ADMIN_ROLE)) + ? existingAppRole.getId() + : existingAppRole.getAppRoleId(); ecompRole.roleName = roleInAppForUser.getRoleName(); ecompRole.isApplied = true; existingUserRoles.add(ecompRole); @@ -1210,8 +1522,6 @@ public class UserRolesCommonServiceImpl { } return existingUserRoles; } - - /** * @@ -1221,8 +1531,8 @@ public class UserRolesCommonServiceImpl { * @return EPUser * @throws HTTPException */ - protected EPUser getUserFromApp(String userId, EPApp app, ApplicationsRestClientService applicationsRestClientService) - throws HTTPException { + protected EPUser getUserFromApp(String userId, EPApp app, + ApplicationsRestClientService applicationsRestClientService) throws HTTPException { // local app if (app.getId() == PortalConstants.PORTAL_APP_ID) { // Map params = new HashMap(); @@ -1236,88 +1546,135 @@ public class UserRolesCommonServiceImpl { return null; } // remote app - + return getUser(userId, app, applicationsRestClientService); } - + protected EPUser getUser(String userId, EPApp app, ApplicationsRestClientService applicationsRestClientService) throws HTTPException { return applicationsRestClientService.get(EPUser.class, app.getId(), String.format("/user/%s", userId)); } - - protected boolean isAppUpgradeVersion(EPApp app){ + + protected boolean isAppUpgradeVersion(EPApp app) { return true; } - - - public ExternalSystemAccess getExternalRequestAccess(){ - ExternalSystemAccess res = null; + + public ExternalSystemAccess getExternalRequestAccess() { + ExternalSystemAccess res = null; try { - res = new ExternalSystemAccess(EPCommonSystemProperties.EXTERNAL_ACCESS_ENABLE, - Boolean.parseBoolean(SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_ACCESS_ENABLE))); + res = new ExternalSystemAccess(EPCommonSystemProperties.EXTERNAL_ACCESS_ENABLE, Boolean + .parseBoolean(SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_ACCESS_ENABLE))); } catch (Exception e) { logger.error(EELFLoggerDelegate.errorLogger, "getExternalRequestAccess failed" + e.getMessage()); } - return res; + return res; } - + /* * (non-Javadoc) * * @see org.openecomp.portalapp.portal.service.UserRolesService# * getAppRolesForUser(java.lang.Long, java.lang.String) */ + @SuppressWarnings("unchecked") public List getAppRolesForUser(Long appId, String userId, Boolean extRequestValue) { List rolesInAppForUser = null; - List userInfo = null; + EPApp app = appsService.getApp(appId); try { - // for ecomp portal app, no need to make a remote call - if (appId == PortalConstants.PORTAL_APP_ID) { - final Map userParams = new HashMap<>(); - userParams.put("orgUserIdValue", userId); - userInfo = checkIfUserExists(userParams); - if(userInfo.size() == 0 || userInfo.isEmpty()) - { - createLocalUserIfNecessary(userId); + List roleList = new ArrayList<>(); + if (appId == PortalConstants.PORTAL_APP_ID) { + if (app.getCentralAuth()) { + List cenRoleList = externalAccessRolesService.getRolesForApp(app.getUebKey()); + for (CentralRole cenRole : cenRoleList) { + Role role = new Role(); + role.setActive(cenRole.isActive()); + role.setId(cenRole.getId()); + role.setName(cenRole.getName()); + role.setPriority(cenRole.getPriority()); + roleList.add(role); + } + } else { + roleList = roleService.getAvailableRoles(userId); } - - List roleList = roleService.getAvailableRoles(); List activeRoleList = new ArrayList(); - for(Role role: roleList) { - if(role.getActive()) { - if(role.getId() != 1){ // prevent portal admin from being added + for (Role role : roleList) { + if (role.getActive()) { + if (role.getId() != 1) { // prevent portal admin from being added activeRoleList.add(role); - } else if(extRequestValue){ + } else if (extRequestValue) { activeRoleList.add(role); } } - + } - - EPApp app = appsService.getApp(appId); EPUser localUser = getUserFromApp(userId, app, applicationsRestClientService); - Set roleSet = localUser.getAppEPRoles(app); - rolesInAppForUser = constructRolesInAppForUserGet(activeRoleList, roleSet.toArray(new EPRole[0]), extRequestValue); + // If localUser does not exists return roles + Set roleSet = null; + EPRole[] roleSetList = null; + if (localUser != null) { + roleSet = localUser.getAppEPRoles(app); + roleSetList = roleSet.toArray(new EPRole[0]); + } + rolesInAppForUser = constructRolesInAppForUserGet(activeRoleList, roleSetList, extRequestValue); return rolesInAppForUser; } - EcompRole[] appRoles = applicationsRestClientService.get(EcompRole[].class, appId, "/roles"); - + EcompRole[] appRoles = null; + List roles = new ArrayList<>(); + if (app.getCentralAuth()) { + // Sync application functions from External Access System + externalAccessRolesService.syncRoleFunctionFromExternalAccessSystem(app); + List applicationRoles = dataAccessService.getList(EPRole.class, + " where app_id = " + app.getId() + " and active_yn = 'Y'", null, null); + ; + for (EPRole role : applicationRoles) { + EcompRole ecompRole = new EcompRole(); + ecompRole.setId(role.getId()); + ecompRole.setName(role.getName()); + roles.add(ecompRole); + } + appRoles = roles.toArray(new EcompRole[roles.size()]); + } else { + appRoles = applicationsRestClientService.get(EcompRole[].class, appId, "/roles"); + } // Test this error case, for generating an internal Ecomp Portal // error // EcompRole[] appRoles = null; // If there is an exception in the rest client api, then null will // be returned. if (appRoles != null) { - syncAppRoles(sessionFactory, appId, appRoles); + if (!app.getCentralAuth()) { + syncAppRoles(sessionFactory, appId, appRoles); + } EcompRole[] userAppRoles = null; try { try { - userAppRoles = applicationsRestClientService.get(EcompRole[].class, appId, - String.format("/user/%s/roles", userId)); + if (app.getCentralAuth()) { + final Map params = new HashMap<>(); + final Map userParams = new HashMap<>(); + params.put("orgUserIdValue", userId); + List user = dataAccessService.executeNamedQuery("epUserAppId", params, null); + userParams.put("appId", app.getId()); + userParams.put("userId", user.get(0).getId()); + List userAppsRolesList = dataAccessService + .executeNamedQuery("getUserAppCurrentRoles", userParams, null); + List setUserRoles = new ArrayList<>(); + for (EPUserAppCurrentRoles role : userAppsRolesList) { + EcompRole ecompRole = new EcompRole(); + ecompRole.setId(role.getRoleId()); + ecompRole.setName(role.getRoleName()); + setUserRoles.add(ecompRole); + } + userAppRoles = setUserRoles.toArray(new EcompRole[setUserRoles.size()]); + rolesInAppForUser = constructRolesInAppForUserGet(appRoles, userAppRoles); + return rolesInAppForUser; + } else { + userAppRoles = applicationsRestClientService.get(EcompRole[].class, appId, + String.format("/user/%s/roles", userId)); + } } catch (HTTPException e) { // Some apps are returning 400 if user is not found. if (e.getResponseCode() == 400) { @@ -1339,9 +1696,10 @@ public class UserRolesCommonServiceImpl { logger.warn(EELFLoggerDelegate.applicationLogger, message); } } - - HashMap appRolesActiveMap =hashMapFromEcompRoles(appRoles); - ArrayList activeRoles = new ArrayList(); + + HashMap appRolesActiveMap = hashMapFromEcompRoles(appRoles); + ArrayList activeRoles = new ArrayList(); + if (userAppRoles != null) { for (int i = 0; i < userAppRoles.length; i++) { if (appRolesActiveMap.containsKey(userAppRoles[i].getId())) { EcompRole role = new EcompRole(); @@ -1350,8 +1708,9 @@ public class UserRolesCommonServiceImpl { activeRoles.add(role); } } - EcompRole[] userAppRolesActive = activeRoles.toArray(new EcompRole[activeRoles.size()]); - + } + EcompRole[] userAppRolesActive = activeRoles.toArray(new EcompRole[activeRoles.size()]); + // If the remote application isn't down we MUST sync user // roles here in case we have this user here! syncUserRoles(sessionFactory, userId, appId, userAppRolesActive, extRequestValue, null); @@ -1374,7 +1733,7 @@ public class UserRolesCommonServiceImpl { return rolesInAppForUser; } - + private boolean postUserRolesToMylogins(AppWithRolesForUser userAppRolesData, ApplicationsRestClientService applicationsRestClientService, Long appId, Long userId) throws JsonProcessingException, HTTPException { @@ -1382,19 +1741,24 @@ public class UserRolesCommonServiceImpl { ObjectMapper mapper = new ObjectMapper(); mapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false); String userRolesAsString = mapper.writeValueAsString(userAppRolesData); - logger.error(EELFLoggerDelegate.errorLogger,"Should not be reached here, as the endpoint is not defined yet from the Mylogins"); - applicationsRestClientService.post(AppWithRolesForUser.class, appId, userRolesAsString, String.format("/user/%s/myLoginroles", userId)); + logger.error(EELFLoggerDelegate.errorLogger, + "Should not be reached here, as the endpoint is not defined yet from the Mylogins"); + applicationsRestClientService.post(AppWithRolesForUser.class, appId, userRolesAsString, + String.format("/user/%s/myLoginroles", userId)); return result; } public FieldsValidator putUserAppRolesRequest(AppWithRolesForUser userAppRolesData, EPUser user) { FieldsValidator fieldsValidator = new FieldsValidator(); final Map params = new HashMap<>(); - EpUserAppRoles appRole= new EpUserAppRoles(); + EPUserAppRoles appRole = new EPUserAppRoles(); try { - logger.error(EELFLoggerDelegate.errorLogger,"Should not be reached here, still the endpoint is yet to be defined"); - boolean result = postUserRolesToMylogins(userAppRolesData, applicationsRestClientService, userAppRolesData.appId, user.getId()); - + logger.error(EELFLoggerDelegate.errorLogger, + "Should not be reached here, still the endpoint is yet to be defined"); + boolean result = postUserRolesToMylogins(userAppRolesData, applicationsRestClientService, + userAppRolesData.appId, user.getId()); + logger.debug(EELFLoggerDelegate.debugLogger, "putUserAppRolesRequest: result {}", result); + params.put("appId", userAppRolesData.appId); EPUserAppRolesRequest epAppRolesRequestData = new EPUserAppRolesRequest(); epAppRolesRequestData.setCreatedDate(new Date()); @@ -1407,15 +1771,15 @@ public class UserRolesCommonServiceImpl { dataAccessService.saveDomainObject(epAppRolesRequestData, null); for (RoleInAppForUser userAppRoles : appRoleIdList) { Boolean isAppliedVal = userAppRoles.isApplied; - params.put("appRoleId", userAppRoles.roleId); + params.put("appRoleId", userAppRoles.roleId); if (isAppliedVal) { - appRole = (EpUserAppRoles) dataAccessService.executeNamedQuery("appRoles", params, null).get(0); + appRole = (EPUserAppRoles) dataAccessService.executeNamedQuery("appRoles", params, null).get(0); EPUserAppRolesRequestDetail epAppRoleDetail = new EPUserAppRolesRequestDetail(); epAppRoleDetail.setReqRoleId(appRole.getRoleId()); epAppRoleDetail.setReqType("P"); epAppRoleDetail.setEpRequestIdData(epAppRolesRequestData); dataAccessService.saveDomainObject(epAppRoleDetail, null); - } + } } epAppRolesRequestData.setEpRequestIdDetail(appRoleDetails); fieldsValidator.httpStatusCode = new Long(HttpServletResponse.SC_OK); @@ -1427,18 +1791,18 @@ public class UserRolesCommonServiceImpl { return fieldsValidator; } - public List getUserAppCatalogRoles(EPUser userid, String appName) { + public List getUserAppCatalogRoles(EPUser userid, String appName) { Map params = new HashMap<>(); params.put("userid", userid.getId().toString()); - //params.put("appid", appid); + // params.put("appid", appid); params.put("appName", appName); - + @SuppressWarnings("unchecked") List userAppRoles = (List) dataAccessService .executeNamedQuery("userAppCatalogRoles", params, null); - return userAppRoles; + return userAppRoles; } - + public String updateRemoteUserProfile(String orgUserId, Long appId) { ObjectMapper mapper = new ObjectMapper(); mapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false); @@ -1474,7 +1838,6 @@ public class UserRolesCommonServiceImpl { return "success"; } - /* * (non-Javadoc) * @@ -1490,4 +1853,100 @@ public class UserRolesCommonServiceImpl { return roleList; } + /** + * Retrieves and returns a list of user app roles for local and remote + * applications based on the app id. + * + * @param appId + * @return list of user app roles + * @throws HTTPException + */ + public List getUsersFromAppEndpoint(Long appId) throws HTTPException { + ArrayList userApplicationRoles = new ArrayList(); + + EPApp app = appsService.getApp(appId); + // If local or centralized application + if (appId == PortalConstants.PORTAL_APP_ID || app.getCentralAuth()) { + @SuppressWarnings("unchecked") + List userList = (List) dataAccessService.executeNamedQuery("getActiveUsers", null, null); + for (EPUser user : userList) { + UserApplicationRoles userWithAppRoles = convertToUserApplicationRoles(appId, user, app); + if (userWithAppRoles.getRoles() != null && userWithAppRoles.getRoles().size() > 0) + userApplicationRoles.add(userWithAppRoles); + } + } + // remote app + else { + RemoteUserWithRoles[] remoteUsers = null; + String remoteUsersString = applicationsRestClientService.getIncomingJsonString(appId, "/users"); + remoteUsers = doGetUsers(isAppUpgradeVersion(app), remoteUsersString); + userApplicationRoles = new ArrayList(); + for (RemoteUserWithRoles remoteUser : remoteUsers) { + UserApplicationRoles userWithRemoteAppRoles = convertToUserApplicationRoles(appId, remoteUser); + if (userWithRemoteAppRoles.getRoles() != null && userWithRemoteAppRoles.getRoles().size() > 0) { + userApplicationRoles.add(userWithRemoteAppRoles); + } else { + logger.debug(EELFLoggerDelegate.debugLogger, "User " + userWithRemoteAppRoles.getOrgUserId() + + " doesn't have any roles assigned to any app."); + } + } + } + return userApplicationRoles; + } + + /** + * + * @param appId + * @param user + * @param appgetUsersFromAppEndpoint + * @return + */ + private UserApplicationRoles convertToUserApplicationRoles(Long appId, EPUser user, EPApp app) { + UserApplicationRoles userWithRemoteAppRoles = new UserApplicationRoles(); + userWithRemoteAppRoles.setAppId(appId); + userWithRemoteAppRoles.setOrgUserId(user.getOrgUserId()); + userWithRemoteAppRoles.setFirstName(user.getFirstName()); + userWithRemoteAppRoles.setLastName(user.getLastName()); + userWithRemoteAppRoles.setRoles(convertToRemoteRoleList(user, app)); + return userWithRemoteAppRoles; + } + + /** + * + * @param user + * @param app + * @return + */ + private List convertToRemoteRoleList(EPUser user, EPApp app) { + List roleList = new ArrayList(); + SortedSet roleSet = user.getAppEPRoles(app); + for (EPRole role : roleSet) { + RemoteRole rRole = new RemoteRole(); + rRole.setId(role.getId()); + rRole.setName(role.getName()); + roleList.add(rRole); + } + return roleList; + } + + /** + * + * Returns RemoteUserWithRoles reading the value from remote application user in the form a string from an ObjectMapper + * @param postOpenSource + * @param remoteUsersString + * @return RemoteUserWithRoles + */ + public RemoteUserWithRoles[] doGetUsers(boolean postOpenSource, String remoteUsersString) { + ObjectMapper mapper = new ObjectMapper(); + try { + return mapper.readValue(remoteUsersString, RemoteUserWithRoles[].class); + } catch (IOException e) { + logger.error(EELFLoggerDelegate.errorLogger, "doGetUsers : Failed : Unexpected property in incoming JSON", + e); + logger.error(EELFLoggerDelegate.errorLogger, + "doGetUsers : Incoming JSON that caused it --> " + remoteUsersString); + } + + return new RemoteUserWithRoles[0]; + } }