X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=portal-BE%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Fportal%2Fcontroller%2FUserRolesController.java;fp=portal-BE%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Fportal%2Fcontroller%2FUserRolesController.java;h=120b8bc53f9480db1ed6a7b604f2e9af3beb20aa;hb=786310021cda6f7cd181da7aed8afa38e3f10efa;hp=2298e4d3e4705b79c1056f8522a0f317d490957e;hpb=ca3d9f4b725774763f12488940033a294b778244;p=portal.git diff --git a/portal-BE/src/main/java/org/onap/portal/controller/UserRolesController.java b/portal-BE/src/main/java/org/onap/portal/controller/UserRolesController.java index 2298e4d3..120b8bc5 100644 --- a/portal-BE/src/main/java/org/onap/portal/controller/UserRolesController.java +++ b/portal-BE/src/main/java/org/onap/portal/controller/UserRolesController.java @@ -66,6 +66,7 @@ import org.onap.portal.logging.aop.EPEELFLoggerAdvice; import org.onap.portal.logging.logic.EPLogUtil; import org.onap.portal.service.AdminRolesService; import org.onap.portal.service.ApplicationsRestClientService; +import org.onap.portal.service.SearchService; import org.onap.portal.service.userRole.FnUserRoleService; import org.onap.portal.service.user.FnUserService; import org.onap.portal.utils.EPCommonSystemProperties; @@ -79,6 +80,7 @@ import org.onap.portalsdk.core.util.SystemProperties; import org.slf4j.MDC; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Configuration; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestMapping; @@ -90,481 +92,488 @@ import org.springframework.web.bind.annotation.RestController; @Configuration public class UserRolesController { - private final EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(UserRolesController.class); - - private final FnUserService fnUserService; - private final FnUserRoleService fnUserRoleService; - private final AdminRolesService adminRolesService; - private final ApplicationsRestClientService applicationsRestClientService; - private final AuditServiceImpl auditService = new AuditServiceImpl(); - - private static final String FAILURE = "failure"; - - @Autowired - public UserRolesController(final FnUserService fnUserService, - FnUserRoleService fnUserRoleService, - final AdminRolesService adminRolesService, - ApplicationsRestClientService applicationsRestClientService) { - this.fnUserService = fnUserService; - this.fnUserRoleService = fnUserRoleService; - this.adminRolesService = adminRolesService; - this.applicationsRestClientService = applicationsRestClientService; - } - - - /* - @RequestMapping(value = {"/portalApi/queryUsers"}, method = RequestMethod.GET, produces = "application/json") - @PreAuthorize("hasRole('System_Administrator') and hasRole('Account_Administrator')") - public String getPhoneBookSearchResult(Principal principal, @RequestParam("search") String searchString, - HttpServletResponse response) { - FnUser user = fnUserService.loadUserByUsername(principal.getName()); - - String searchResult = null; - if (!adminRolesService.isSuperAdmin(user) && !adminRolesService.isAccountAdmin(user) - && !adminRolesService.isRoleAdmin(user)) { - EcompPortalUtils.setBadPermissions(user, response, "getPhoneBookSearchResult"); - } else { - searchString = searchString.trim(); - if (searchString.length() > 2) { - searchResult = searchService.searchUsersInPhoneBook(searchString); - } else { - logger.info(EELFLoggerDelegate.errorLogger, - "getPhoneBookSearchResult - too short search string: " + searchString); - } - } - EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/queryUsers", "result =", searchResult); - - return searchResult; - } - - - @RequestMapping(value = {"/portalApi/adminAppsRoles"}, method = { - RequestMethod.GET}, produces = "application/json") - public AppsListWithAdminRole getAppsWithAdminRoleStateForUser(Principal principal, - @RequestParam("user") String orgUserId, HttpServletResponse response) { - - FnUser user = fnUserService.loadUserByUsername(principal.getName()); - - AppsListWithAdminRole result = null; - if (!adminRolesService.isSuperAdmin(user)) { - EcompPortalUtils.setBadPermissions(user, response, "getAppsWithAdminRoleStateForUser"); - } else { - if (EcompPortalUtils.legitimateUserId(orgUserId)) { - result = adminRolesService.getAppsWithAdminRoleStateForUser(orgUserId); - } else { - logger.info(EELFLoggerDelegate.errorLogger, - "getAppsWithAdminRoleStateForUser - parms error, no Organization User ID"); - response.setStatus(HttpServletResponse.SC_BAD_REQUEST); - } - } + private final EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(UserRolesController.class); + + private final SearchService searchService; + private final FnUserService fnUserService; + private final FnUserRoleService fnUserRoleService; + private final AdminRolesService adminRolesService; + private final ApplicationsRestClientService applicationsRestClientService; + private final AuditServiceImpl auditService = new AuditServiceImpl(); + + private static final String FAILURE = "failure"; + + @Autowired + public UserRolesController(SearchService searchService, final FnUserService fnUserService, + FnUserRoleService fnUserRoleService, + final AdminRolesService adminRolesService, + ApplicationsRestClientService applicationsRestClientService) { + this.searchService = searchService; + this.fnUserService = fnUserService; + this.fnUserRoleService = fnUserRoleService; + this.adminRolesService = adminRolesService; + this.applicationsRestClientService = applicationsRestClientService; + } - StringBuilder adminAppRoles = new StringBuilder(); - if (result != null) { - if (!result.appsRoles.isEmpty()) { - adminAppRoles.append("User '" + result.orgUserId + "' has admin role to the apps = {"); - for (AppNameIdIsAdmin adminAppRole : result.appsRoles) { - if (adminAppRole.isAdmin) { - adminAppRoles.append(adminAppRole.appName + ", "); - } - } - adminAppRoles.append("}."); - } else { - adminAppRoles.append("User '" + result.orgUserId + "' has no Apps with Admin Role."); - } - } else { - logger.error(EELFLoggerDelegate.errorLogger, - "putAppWithUserRoleStateForUser: getAppsWithAdminRoleStateForUser result is null"); - } - logger.info(EELFLoggerDelegate.errorLogger, adminAppRoles.toString()); - - EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/adminAppsRoles", "get result =", result); - - return result; - } -*/ - @RequestMapping(value = {"/portalApi/adminAppsRoles"}, method = { - RequestMethod.PUT}, produces = "application/json") - public FieldsValidator putAppsWithAdminRoleStateForUser(Principal principal, - @RequestBody AppsListWithAdminRole newAppsListWithAdminRoles, HttpServletResponse response) { - // newAppsListWithAdminRoles.appsRoles - FieldsValidator fieldsValidator = new FieldsValidator(); - StringBuilder newAppRoles = new StringBuilder(); - if (newAppsListWithAdminRoles != null) { - if (!newAppsListWithAdminRoles.getAppsRoles().isEmpty()) { - newAppRoles.append("User '").append(newAppsListWithAdminRoles.getOrgUserId()) - .append("' has admin role to the apps = { "); - for (AppNameIdIsAdmin adminAppRole : newAppsListWithAdminRoles.getAppsRoles()) { - if (adminAppRole.getIsAdmin()) { - newAppRoles.append(adminAppRole.getAppName()).append(" ,"); - } + @RequestMapping(value = {"/portalApi/queryUsers"}, method = RequestMethod.GET, produces = "application/json") + @PreAuthorize("hasRole('System_Administrator') and hasRole('Account_Administrator')") + public String getPhoneBookSearchResult(Principal principal, @RequestParam("search") String searchString, + HttpServletResponse response) { + FnUser user = fnUserService.loadUserByUsername(principal.getName()); + + String searchResult = null; + if (!adminRolesService.isSuperAdmin(user.getLoginId()) && !adminRolesService + .isAccountAdmin(user.getId(), user.getOrgUserId(), user.getUserApps()) + && !adminRolesService.isRoleAdmin(user.getId())) { + EcompPortalUtils.setBadPermissions(user, response, "getPhoneBookSearchResult"); + } else { + searchString = searchString.trim(); + if (searchString.length() > 2) { + searchResult = searchService.searchUsersInPhoneBook(searchString); + } else { + logger.info(EELFLoggerDelegate.errorLogger, + "getPhoneBookSearchResult - too short search string: " + searchString); + } } - newAppRoles.deleteCharAt(newAppRoles.length() - 1); - newAppRoles.append("}."); - } else { - newAppRoles.append("User '").append(newAppsListWithAdminRoles.getOrgUserId()) - .append("' has no Apps with Admin Role."); - } - } else { - logger.error(EELFLoggerDelegate.errorLogger, - "putAppWithUserRoleStateForUser: putAppsWithAdminRoleStateForUser result is null"); - fieldsValidator.setHttpStatusCode((long) HttpServletResponse.SC_INTERNAL_SERVER_ERROR); - } + EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/queryUsers", "result =", searchResult); - logger.info(EELFLoggerDelegate.errorLogger, newAppRoles.toString()); - - FnUser user = fnUserService.loadUserByUsername(principal.getName()); - - boolean changesApplied = false; - - if (!adminRolesService.isSuperAdmin(user.getLoginId())) { - EcompPortalUtils.setBadPermissions(user, response, "putAppsWithAdminRoleStateForUser"); - } else { - changesApplied = adminRolesService.setAppsWithAdminRoleStateForUser(newAppsListWithAdminRoles); - AuditLog auditLog = new AuditLog(); - auditLog.setUserId(user.getId()); - auditLog.setActivityCode(EcompAuditLog.CD_ACTIVITY_UPDATE_ACCOUNT_ADMIN); - if (newAppsListWithAdminRoles != null) { - auditLog.setAffectedRecordId(newAppsListWithAdminRoles.getOrgUserId()); - } - auditLog.setComments( - EcompPortalUtils - .truncateString(newAppRoles.toString(), PortalConstants.AUDIT_LOG_COMMENT_SIZE)); - auditService.logActivity(auditLog, null); - - MDC.put(EPCommonSystemProperties.AUDITLOG_BEGIN_TIMESTAMP, - EPEELFLoggerAdvice.getCurrentDateTimeUTC()); - MDC.put(EPCommonSystemProperties.AUDITLOG_END_TIMESTAMP, - EPEELFLoggerAdvice.getCurrentDateTimeUTC()); - EcompPortalUtils.calculateDateTimeDifferenceForLog( - MDC.get(EPCommonSystemProperties.AUDITLOG_BEGIN_TIMESTAMP), - MDC.get(EPCommonSystemProperties.AUDITLOG_END_TIMESTAMP)); - if (newAppsListWithAdminRoles != null) { - logger.info(EELFLoggerDelegate.auditLogger, - EPLogUtil.formatAuditLogMessage( - "UserRolesController.putAppsWithAdminRoleStateForUser", - EcompAuditLog.CD_ACTIVITY_UPDATE_ACCOUNT_ADMIN, user.getOrgUserId(), - newAppsListWithAdminRoles.getOrgUserId(), newAppRoles.toString())); - } - MDC.remove(EPCommonSystemProperties.AUDITLOG_BEGIN_TIMESTAMP); - MDC.remove(EPCommonSystemProperties.AUDITLOG_END_TIMESTAMP); - MDC.remove(SystemProperties.MDC_TIMER); + return searchResult; } - EcompPortalUtils - .logAndSerializeObject(logger, "/portalApi/adminAppsRoles", "put result =", changesApplied); - - return fieldsValidator; - } - - @RequestMapping(value = {"/portalApi/userAppRoles"}, method = { - RequestMethod.GET}, produces = "application/json") - public List getAppRolesForUser(Principal principal, - @RequestParam("user") String orgUserId, - @RequestParam("app") Long appid, @RequestParam("externalRequest") Boolean extRequestValue, - @RequestParam("isSystemUser") Boolean isSystemUser, - HttpServletResponse response) { - FnUser user = fnUserService.loadUserByUsername(principal.getName()); - List result = null; - String feErrorString = ""; - if (!adminRolesService.isAccountAdmin(user.getId(), user.getOrgUserId(), user.getUserApps()) && !adminRolesService.isRoleAdmin(user.getId())) { - logger.debug(EELFLoggerDelegate.debugLogger, - "getAppRolesForUser: Accountadminpermissioncheck {}, RoleAdmincheck {}", - adminRolesService.isAccountAdmin(user.getId(), user.getOrgUserId(), user.getUserApps()), adminRolesService.isRoleAdmin(user.getId())); - EcompPortalUtils.setBadPermissions(user, response, "getAppRolesForUser"); - feErrorString = EcompPortalUtils.getFEErrorString(true, response.getStatus()); - } else { - if (isSystemUser || EcompPortalUtils.legitimateUserId(orgUserId)) { - result = adminRolesService.getAppRolesForUser(appid, orgUserId, extRequestValue, user.getId()); - logger.debug(EELFLoggerDelegate.debugLogger, "getAppRolesForUser: result {}, appId {}", - result, appid); - int responseCode = EcompPortalUtils.getExternalAppResponseCode(); - if (responseCode != 0 && responseCode != 200) { - // external error - response.setStatus(responseCode); - feErrorString = EcompPortalUtils.getFEErrorString(false, responseCode); - } else if (result == null) { - // If the result is null, there was an internal onap error - // in the service call. - response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); - feErrorString = EcompPortalUtils.getFEErrorString(true, - HttpServletResponse.SC_INTERNAL_SERVER_ERROR); + + + @RequestMapping(value = {"/portalApi/adminAppsRoles"}, method = { + RequestMethod.GET}, produces = "application/json") + public AppsListWithAdminRole getAppsWithAdminRoleStateForUser(Principal principal, + @RequestParam("user") String orgUserId, HttpServletResponse response) { + + FnUser user = fnUserService.loadUserByUsername(principal.getName()); + + AppsListWithAdminRole result = null; + if (!adminRolesService.isSuperAdmin(user.getLoginId())) { + EcompPortalUtils.setBadPermissions(user, response, "getAppsWithAdminRoleStateForUser"); + } else { + if (EcompPortalUtils.legitimateUserId(orgUserId)) { + result = adminRolesService.getAppsWithAdminRoleStateForUser(orgUserId); + } else { + logger.info(EELFLoggerDelegate.errorLogger, + "getAppsWithAdminRoleStateForUser - parms error, no Organization User ID"); + response.setStatus(HttpServletResponse.SC_BAD_REQUEST); + } } - } else { - logger.info(EELFLoggerDelegate.errorLogger, "getAppRolesForUser - no Organization User ID"); - response.setStatus(HttpServletResponse.SC_BAD_REQUEST); - feErrorString = EcompPortalUtils.getFEErrorString(true, HttpServletResponse.SC_BAD_REQUEST); - } - } - StringBuilder sbUserApps = new StringBuilder(); - if (result != null && !result.isEmpty()) { - sbUserApps.append("User '").append(orgUserId).append("' has Roles={"); - for (RoleInAppForUser appRole : result) { - if (appRole.getIsApplied()) { - sbUserApps.append(appRole.getRoleName()).append(", "); + StringBuilder adminAppRoles = new StringBuilder(); + if (result != null) { + if (!result.getAppsRoles().isEmpty()) { + adminAppRoles.append("User '").append(result.getOrgUserId()) + .append("' has admin role to the apps = {"); + for (AppNameIdIsAdmin adminAppRole : result.getAppsRoles()) { + if (adminAppRole.getIsAdmin()) { + adminAppRoles.append(adminAppRole.getAppName()).append(", "); + } + } + adminAppRoles.append("}."); + } else { + adminAppRoles.append("User '").append(result.getOrgUserId()) + .append("' has no Apps with Admin Role."); + } + } else { + logger.error(EELFLoggerDelegate.errorLogger, + "putAppWithUserRoleStateForUser: getAppsWithAdminRoleStateForUser result is null"); } - } - sbUserApps.append("} assigned to the appId '").append(appid).append("'."); - } else { - // Not sure creating an empty object will make any difference - // but would like to give it a shot for defect #DE221057 - if (result == null) { - result = new ArrayList<>(); - } - sbUserApps.append("User '").append(orgUserId).append("' and appid ").append(appid).append(" has no roles"); - } - logger.info(EELFLoggerDelegate.errorLogger, sbUserApps.toString()); - EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/userAppRoles", "get result =", result); - if (!feErrorString.isEmpty()) { - logger.debug(EELFLoggerDelegate.debugLogger, "LR: FEErrorString to header: " + feErrorString); + logger.info(EELFLoggerDelegate.errorLogger, adminAppRoles.toString()); + + EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/adminAppsRoles", "get result =", result); - response.addHeader("FEErrorString", feErrorString); - response.addHeader("Access-Control-Expose-Headers", "FEErrorString"); + return result; } - return result; - } - - - @RequestMapping(value = {"/portalApi/userAppRoles"}, method = { - RequestMethod.PUT}, produces = "application/json") - public PortalRestResponse putAppWithUserRoleStateForUser(Principal principal, - @RequestBody AppWithRolesForUser newAppRolesForUser, HttpServletResponse response) { - // FieldsValidator fieldsValidator = new FieldsValidator(); - PortalRestResponse portalResponse = new PortalRestResponse<>(); - StringBuilder sbUserApps = new StringBuilder(); - if (newAppRolesForUser != null) { - sbUserApps.append("User '").append(newAppRolesForUser.getOrgUserId()); - if (newAppRolesForUser.getAppId() != null && !newAppRolesForUser.getAppRoles().isEmpty()) { - sbUserApps.append("' has roles = { "); - for (RoleInAppForUser appRole : newAppRolesForUser.getAppRoles()) { - if (appRole.getIsApplied()) { - sbUserApps.append(appRole.getRoleName()).append(" ,"); - } + + @RequestMapping(value = {"/portalApi/adminAppsRoles"}, method = { + RequestMethod.PUT}, produces = "application/json") + public FieldsValidator putAppsWithAdminRoleStateForUser(Principal principal, + @RequestBody AppsListWithAdminRole newAppsListWithAdminRoles, HttpServletResponse response) { + // newAppsListWithAdminRoles.appsRoles + FieldsValidator fieldsValidator = new FieldsValidator(); + StringBuilder newAppRoles = new StringBuilder(); + if (newAppsListWithAdminRoles != null) { + if (!newAppsListWithAdminRoles.getAppsRoles().isEmpty()) { + newAppRoles.append("User '").append(newAppsListWithAdminRoles.getOrgUserId()) + .append("' has admin role to the apps = { "); + for (AppNameIdIsAdmin adminAppRole : newAppsListWithAdminRoles.getAppsRoles()) { + if (adminAppRole.getIsAdmin()) { + newAppRoles.append(adminAppRole.getAppName()).append(" ,"); + } + } + newAppRoles.deleteCharAt(newAppRoles.length() - 1); + newAppRoles.append("}."); + } else { + newAppRoles.append("User '").append(newAppsListWithAdminRoles.getOrgUserId()) + .append("' has no Apps with Admin Role."); + } + } else { + logger.error(EELFLoggerDelegate.errorLogger, + "putAppWithUserRoleStateForUser: putAppsWithAdminRoleStateForUser result is null"); + fieldsValidator.setHttpStatusCode((long) HttpServletResponse.SC_INTERNAL_SERVER_ERROR); + } + + logger.info(EELFLoggerDelegate.errorLogger, newAppRoles.toString()); + + FnUser user = fnUserService.loadUserByUsername(principal.getName()); + + boolean changesApplied = false; + + if (!adminRolesService.isSuperAdmin(user.getLoginId())) { + EcompPortalUtils.setBadPermissions(user, response, "putAppsWithAdminRoleStateForUser"); + } else { + changesApplied = adminRolesService.setAppsWithAdminRoleStateForUser(newAppsListWithAdminRoles); + AuditLog auditLog = new AuditLog(); + auditLog.setUserId(user.getId()); + auditLog.setActivityCode(EcompAuditLog.CD_ACTIVITY_UPDATE_ACCOUNT_ADMIN); + if (newAppsListWithAdminRoles != null) { + auditLog.setAffectedRecordId(newAppsListWithAdminRoles.getOrgUserId()); + } + auditLog.setComments( + EcompPortalUtils + .truncateString(newAppRoles.toString(), PortalConstants.AUDIT_LOG_COMMENT_SIZE)); + auditService.logActivity(auditLog, null); + + MDC.put(EPCommonSystemProperties.AUDITLOG_BEGIN_TIMESTAMP, + EPEELFLoggerAdvice.getCurrentDateTimeUTC()); + MDC.put(EPCommonSystemProperties.AUDITLOG_END_TIMESTAMP, + EPEELFLoggerAdvice.getCurrentDateTimeUTC()); + EcompPortalUtils.calculateDateTimeDifferenceForLog( + MDC.get(EPCommonSystemProperties.AUDITLOG_BEGIN_TIMESTAMP), + MDC.get(EPCommonSystemProperties.AUDITLOG_END_TIMESTAMP)); + if (newAppsListWithAdminRoles != null) { + logger.info(EELFLoggerDelegate.auditLogger, + EPLogUtil.formatAuditLogMessage( + "UserRolesController.putAppsWithAdminRoleStateForUser", + EcompAuditLog.CD_ACTIVITY_UPDATE_ACCOUNT_ADMIN, user.getOrgUserId(), + newAppsListWithAdminRoles.getOrgUserId(), newAppRoles.toString())); + } + MDC.remove(EPCommonSystemProperties.AUDITLOG_BEGIN_TIMESTAMP); + MDC.remove(EPCommonSystemProperties.AUDITLOG_END_TIMESTAMP); + MDC.remove(SystemProperties.MDC_TIMER); } - sbUserApps.deleteCharAt(sbUserApps.length() - 1); - sbUserApps.append("} assigned for the app ").append(newAppRolesForUser.getAppId()); - } else { - sbUserApps.append("' has no roles assigned for app ").append(newAppRolesForUser.getAppId()); - } + EcompPortalUtils + .logAndSerializeObject(logger, "/portalApi/adminAppsRoles", "put result =", changesApplied); + + return fieldsValidator; } - logger.info(EELFLoggerDelegate.applicationLogger, "putAppWithUserRoleStateForUser: {}", - sbUserApps.toString()); - - FnUser user = fnUserService.loadUserByUsername(principal.getName()); - // boolean changesApplied = false; - ExternalRequestFieldsValidator changesApplied = null; - - if (!adminRolesService.isAccountAdmin(user.getId(), user.getOrgUserId(), user.getUserApps()) && !adminRolesService.isRoleAdmin(user.getId())) { - EcompPortalUtils.setBadPermissions(user, response, "putAppWithUserRoleStateForUser"); - } else if (newAppRolesForUser == null) { - logger.error(EELFLoggerDelegate.errorLogger, - "putAppWithUserRoleStateForUser: newAppRolesForUser is null"); - } else { - changesApplied = adminRolesService.setAppWithUserRoleStateForUser(user, newAppRolesForUser); - try { - if (changesApplied.isResult()) { - logger.info(EELFLoggerDelegate.applicationLogger, - "putAppWithUserRoleStateForUser: succeeded for app {}, user {}", - newAppRolesForUser.getAppId(), - newAppRolesForUser.getAppId()); - - MDC.put(EPCommonSystemProperties.AUDITLOG_BEGIN_TIMESTAMP, - EPEELFLoggerAdvice.getCurrentDateTimeUTC()); - AuditLog auditLog = new AuditLog(); - auditLog.setUserId(user.getId()); - auditLog.setActivityCode(EcompAuditLog.CD_ACTIVITY_UPDATE_USER); - auditLog.setAffectedRecordId(newAppRolesForUser.getOrgUserId()); - auditLog.setComments(EcompPortalUtils.truncateString(sbUserApps.toString(), - PortalConstants.AUDIT_LOG_COMMENT_SIZE)); - auditService.logActivity(auditLog, null); - - MDC.put(EPCommonSystemProperties.AUDITLOG_END_TIMESTAMP, - EPEELFLoggerAdvice.getCurrentDateTimeUTC()); - EcompPortalUtils.calculateDateTimeDifferenceForLog( - MDC.get(EPCommonSystemProperties.AUDITLOG_BEGIN_TIMESTAMP), - MDC.get(EPCommonSystemProperties.AUDITLOG_END_TIMESTAMP)); - logger.info(EELFLoggerDelegate.auditLogger, - EPLogUtil.formatAuditLogMessage( - "UserRolesController.putAppWithUserRoleStateForUser", - EcompAuditLog.CD_ACTIVITY_UPDATE_USER, user.getOrgUserId(), - newAppRolesForUser.getOrgUserId(), sbUserApps.toString())); - MDC.remove(EPCommonSystemProperties.AUDITLOG_BEGIN_TIMESTAMP); - MDC.remove(EPCommonSystemProperties.AUDITLOG_END_TIMESTAMP); - MDC.remove(SystemProperties.MDC_TIMER); - portalResponse = new PortalRestResponse<>(PortalRestStatusEnum.OK, "success", null); + @RequestMapping(value = {"/portalApi/userAppRoles"}, method = { + RequestMethod.GET}, produces = "application/json") + public List getAppRolesForUser(Principal principal, + @RequestParam("user") String orgUserId, + @RequestParam("app") Long appid, @RequestParam("externalRequest") Boolean extRequestValue, + @RequestParam("isSystemUser") Boolean isSystemUser, + HttpServletResponse response) { + FnUser user = fnUserService.loadUserByUsername(principal.getName()); + List result = null; + String feErrorString = ""; + if (!adminRolesService.isAccountAdmin(user.getId(), user.getOrgUserId(), user.getUserApps()) + && !adminRolesService.isRoleAdmin(user.getId())) { + logger.debug(EELFLoggerDelegate.debugLogger, + "getAppRolesForUser: Accountadminpermissioncheck {}, RoleAdmincheck {}", + adminRolesService.isAccountAdmin(user.getId(), user.getOrgUserId(), user.getUserApps()), + adminRolesService.isRoleAdmin(user.getId())); + EcompPortalUtils.setBadPermissions(user, response, "getAppRolesForUser"); + feErrorString = EcompPortalUtils.getFEErrorString(true, response.getStatus()); + } else { + if (isSystemUser || EcompPortalUtils.legitimateUserId(orgUserId)) { + result = adminRolesService.getAppRolesForUser(appid, orgUserId, extRequestValue, user.getId()); + logger.debug(EELFLoggerDelegate.debugLogger, "getAppRolesForUser: result {}, appId {}", + result, appid); + int responseCode = EcompPortalUtils.getExternalAppResponseCode(); + if (responseCode != 0 && responseCode != 200) { + // external error + response.setStatus(responseCode); + feErrorString = EcompPortalUtils.getFEErrorString(false, responseCode); + } else if (result == null) { + // If the result is null, there was an internal onap error + // in the service call. + response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); + feErrorString = EcompPortalUtils.getFEErrorString(true, + HttpServletResponse.SC_INTERNAL_SERVER_ERROR); + } + } else { + logger.info(EELFLoggerDelegate.errorLogger, "getAppRolesForUser - no Organization User ID"); + response.setStatus(HttpServletResponse.SC_BAD_REQUEST); + feErrorString = EcompPortalUtils.getFEErrorString(true, HttpServletResponse.SC_BAD_REQUEST); + } } - if (!changesApplied.isResult()) { - throw new Exception(changesApplied.getDetailMessage()); + + StringBuilder sbUserApps = new StringBuilder(); + if (result != null && !result.isEmpty()) { + sbUserApps.append("User '").append(orgUserId).append("' has Roles={"); + for (RoleInAppForUser appRole : result) { + if (appRole.getIsApplied()) { + sbUserApps.append(appRole.getRoleName()).append(", "); + } + } + sbUserApps.append("} assigned to the appId '").append(appid).append("'."); + } else { + // Not sure creating an empty object will make any difference + // but would like to give it a shot for defect #DE221057 + if (result == null) { + result = new ArrayList<>(); + } + sbUserApps.append("User '").append(orgUserId).append("' and appid ").append(appid).append(" has no roles"); } + logger.info(EELFLoggerDelegate.errorLogger, sbUserApps.toString()); + + EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/userAppRoles", "get result =", result); + if (!feErrorString.isEmpty()) { + logger.debug(EELFLoggerDelegate.debugLogger, "LR: FEErrorString to header: " + feErrorString); - } catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger, - "putAppWithUserRoleStateForUser: failed for app {}, user {}", - newAppRolesForUser.getAppId(), - newAppRolesForUser.getOrgUserId(), e); - portalResponse = new PortalRestResponse<>(PortalRestStatusEnum.ERROR, e.getMessage(), null); - } + response.addHeader("FEErrorString", feErrorString); + response.addHeader("Access-Control-Expose-Headers", "FEErrorString"); + } + return result; } - EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/userAppRoles", "put result =", changesApplied); - return portalResponse; - } - - @RequestMapping(value = {"/portalApi/updateRemoteUserProfile"}, method = { - RequestMethod.GET}, produces = "application/json") - public PortalRestResponse updateRemoteUserProfile(HttpServletRequest request) { - - String updateRemoteUserFlag = FAILURE; - try { - // saveNewUser = userService.saveNewUser(newUser); - String orgUserId = request.getParameter("loginId"); - long appId = Long.parseLong(request.getParameter("appId")); - fnUserRoleService.updateRemoteUserProfile(orgUserId, appId); - } catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger, "updateRemoteUserProfile failed", e); - return new PortalRestResponse<>(PortalRestStatusEnum.OK, updateRemoteUserFlag, e.getMessage()); + + @RequestMapping(value = {"/portalApi/userAppRoles"}, method = { + RequestMethod.PUT}, produces = "application/json") + public PortalRestResponse putAppWithUserRoleStateForUser(Principal principal, + @RequestBody AppWithRolesForUser newAppRolesForUser, HttpServletResponse response) { + // FieldsValidator fieldsValidator = new FieldsValidator(); + PortalRestResponse portalResponse = new PortalRestResponse<>(); + StringBuilder sbUserApps = new StringBuilder(); + if (newAppRolesForUser != null) { + sbUserApps.append("User '").append(newAppRolesForUser.getOrgUserId()); + if (newAppRolesForUser.getAppId() != null && !newAppRolesForUser.getAppRoles().isEmpty()) { + sbUserApps.append("' has roles = { "); + for (RoleInAppForUser appRole : newAppRolesForUser.getAppRoles()) { + if (appRole.getIsApplied()) { + sbUserApps.append(appRole.getRoleName()).append(" ,"); + } + } + sbUserApps.deleteCharAt(sbUserApps.length() - 1); + sbUserApps.append("} assigned for the app ").append(newAppRolesForUser.getAppId()); + } else { + sbUserApps.append("' has no roles assigned for app ").append(newAppRolesForUser.getAppId()); + } + } + logger.info(EELFLoggerDelegate.applicationLogger, "putAppWithUserRoleStateForUser: {}", + sbUserApps.toString()); + + FnUser user = fnUserService.loadUserByUsername(principal.getName()); + // boolean changesApplied = false; + ExternalRequestFieldsValidator changesApplied = null; + + if (!adminRolesService.isAccountAdmin(user.getId(), user.getOrgUserId(), user.getUserApps()) + && !adminRolesService.isRoleAdmin(user.getId())) { + EcompPortalUtils.setBadPermissions(user, response, "putAppWithUserRoleStateForUser"); + } else if (newAppRolesForUser == null) { + logger.error(EELFLoggerDelegate.errorLogger, + "putAppWithUserRoleStateForUser: newAppRolesForUser is null"); + } else { + changesApplied = adminRolesService.setAppWithUserRoleStateForUser(user, newAppRolesForUser); + try { + if (changesApplied.isResult()) { + logger.info(EELFLoggerDelegate.applicationLogger, + "putAppWithUserRoleStateForUser: succeeded for app {}, user {}", + newAppRolesForUser.getAppId(), + newAppRolesForUser.getAppId()); + + MDC.put(EPCommonSystemProperties.AUDITLOG_BEGIN_TIMESTAMP, + EPEELFLoggerAdvice.getCurrentDateTimeUTC()); + AuditLog auditLog = new AuditLog(); + auditLog.setUserId(user.getId()); + auditLog.setActivityCode(EcompAuditLog.CD_ACTIVITY_UPDATE_USER); + auditLog.setAffectedRecordId(newAppRolesForUser.getOrgUserId()); + auditLog.setComments(EcompPortalUtils.truncateString(sbUserApps.toString(), + PortalConstants.AUDIT_LOG_COMMENT_SIZE)); + auditService.logActivity(auditLog, null); + + MDC.put(EPCommonSystemProperties.AUDITLOG_END_TIMESTAMP, + EPEELFLoggerAdvice.getCurrentDateTimeUTC()); + EcompPortalUtils.calculateDateTimeDifferenceForLog( + MDC.get(EPCommonSystemProperties.AUDITLOG_BEGIN_TIMESTAMP), + MDC.get(EPCommonSystemProperties.AUDITLOG_END_TIMESTAMP)); + logger.info(EELFLoggerDelegate.auditLogger, + EPLogUtil.formatAuditLogMessage( + "UserRolesController.putAppWithUserRoleStateForUser", + EcompAuditLog.CD_ACTIVITY_UPDATE_USER, user.getOrgUserId(), + newAppRolesForUser.getOrgUserId(), sbUserApps.toString())); + MDC.remove(EPCommonSystemProperties.AUDITLOG_BEGIN_TIMESTAMP); + MDC.remove(EPCommonSystemProperties.AUDITLOG_END_TIMESTAMP); + MDC.remove(SystemProperties.MDC_TIMER); + portalResponse = new PortalRestResponse<>(PortalRestStatusEnum.OK, "success", null); + + } + if (!changesApplied.isResult()) { + throw new Exception(changesApplied.getDetailMessage()); + } + + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, + "putAppWithUserRoleStateForUser: failed for app {}, user {}", + newAppRolesForUser.getAppId(), + newAppRolesForUser.getOrgUserId(), e); + portalResponse = new PortalRestResponse<>(PortalRestStatusEnum.ERROR, e.getMessage(), null); + } + } + + EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/userAppRoles", "put result =", changesApplied); + return portalResponse; } - return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, updateRemoteUserFlag, ""); - - } - - @RequestMapping(value = {"/portalApi/app/{appId}/users"}, method = { - RequestMethod.GET}, produces = "application/json") - public List getUsersFromAppEndpoint(@PathVariable("appId") Long appId) { - try { - logger.debug(EELFLoggerDelegate.debugLogger, "/portalApi/app/{}/users was invoked", appId); - return fnUserRoleService.getUsersFromAppEndpoint(appId); - } catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger, "getUsersFromAppEndpoint failed", e); - return new ArrayList<>(); + + @RequestMapping(value = {"/portalApi/updateRemoteUserProfile"}, method = { + RequestMethod.GET}, produces = "application/json") + public PortalRestResponse updateRemoteUserProfile(HttpServletRequest request) { + + String updateRemoteUserFlag = FAILURE; + try { + // saveNewUser = userService.saveNewUser(newUser); + String orgUserId = request.getParameter("loginId"); + long appId = Long.parseLong(request.getParameter("appId")); + fnUserRoleService.updateRemoteUserProfile(orgUserId, appId); + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, "updateRemoteUserProfile failed", e); + return new PortalRestResponse<>(PortalRestStatusEnum.OK, updateRemoteUserFlag, e.getMessage()); + } + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, updateRemoteUserFlag, ""); + } - } - - @RequestMapping(value = {"/portalApi/app/{appId}/roles"}, method = { - RequestMethod.GET}, produces = "application/json") - public List testGetRoles(HttpServletRequest request, @PathVariable("appId") Long appId) - throws HTTPException { - EcompRole[] appRoles = applicationsRestClientService.get(EcompRole[].class, appId, "/roles"); - List rolesList = Arrays.asList(appRoles); - EcompPortalUtils - .logAndSerializeObject(logger, "/portalApi/app/{appId}/roles", "response for appId=" + appId, - rolesList); - - return rolesList; - } - - - @RequestMapping(value = {"/portalApi/admin/import/app/{appId}/roles"}, method = { - RequestMethod.GET}, produces = "application/json") - public List importRolesFromRemoteApplication(@PathVariable("appId") Long appId) throws HTTPException { - List rolesList = fnUserRoleService.importRolesFromRemoteApplication(appId); - EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/admin/import/app/{appId}/roles", - "response for appId=" + appId, rolesList); - - return rolesList; - } - - - @RequestMapping(value = {"/portalApi/app/{appId}/user/{orgUserId}/roles"}, method = { - RequestMethod.GET}, produces = "application/json") - public EcompRole testGetRoles(@PathVariable("appId") Long appId, - @PathVariable("orgUserId") String orgUserId) throws Exception { - if (!EcompPortalUtils.legitimateUserId(orgUserId)) { - String msg = "Error /user//roles not legitimate orgUserId = " + orgUserId; - logger.error(EELFLoggerDelegate.errorLogger, msg); - throw new Exception(msg); + + @RequestMapping(value = {"/portalApi/app/{appId}/users"}, method = { + RequestMethod.GET}, produces = "application/json") + public List getUsersFromAppEndpoint(@PathVariable("appId") Long appId) { + try { + logger.debug(EELFLoggerDelegate.debugLogger, "/portalApi/app/{}/users was invoked", appId); + return fnUserRoleService.getUsersFromAppEndpoint(appId); + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, "getUsersFromAppEndpoint failed", e); + return new ArrayList<>(); + } } - EcompRole[] roles = applicationsRestClientService.get(EcompRole[].class, appId, - String.format("/user/%s/roles", orgUserId)); - if (roles.length != 1) { - String msg = - "Error /user//roles returned array. expected size 1 recieved size = " + roles.length; - logger.error(EELFLoggerDelegate.errorLogger, msg); - throw new Exception(msg); + + @RequestMapping(value = {"/portalApi/app/{appId}/roles"}, method = { + RequestMethod.GET}, produces = "application/json") + public List testGetRoles(HttpServletRequest request, @PathVariable("appId") Long appId) + throws HTTPException { + EcompRole[] appRoles = applicationsRestClientService.get(EcompRole[].class, appId, "/roles"); + List rolesList = Arrays.asList(appRoles); + EcompPortalUtils + .logAndSerializeObject(logger, "/portalApi/app/{appId}/roles", "response for appId=" + appId, + rolesList); + + return rolesList; } - EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/app/{appId}/user/{orgUserId}/roles", - "response for appId='" + appId + "' and orgUserId='" + orgUserId + "'", roles[0]); - return roles[0]; - } + @RequestMapping(value = {"/portalApi/admin/import/app/{appId}/roles"}, method = { + RequestMethod.GET}, produces = "application/json") + public List importRolesFromRemoteApplication(@PathVariable("appId") Long appId) throws HTTPException { + List rolesList = fnUserRoleService.importRolesFromRemoteApplication(appId); + EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/admin/import/app/{appId}/roles", + "response for appId=" + appId, rolesList); - @RequestMapping(value = {"/portalApi/saveUserAppRoles"}, method = { - RequestMethod.PUT}, produces = "application/json") - public FieldsValidator putAppWithUserRoleRequest(Principal principal, - @RequestBody AppWithRolesForUser newAppRolesForUser, HttpServletResponse response) { - FieldsValidator fieldsValidator = null; - FnUser user = fnUserService.loadUserByUsername(principal.getName()); - try { - fieldsValidator = fnUserRoleService.putUserAppRolesRequest(newAppRolesForUser, user); - response.setStatus(0); + return rolesList; + } - } catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger, "putAppWithUserRoleRequest failed", e); + @RequestMapping(value = {"/portalApi/app/{appId}/user/{orgUserId}/roles"}, method = { + RequestMethod.GET}, produces = "application/json") + public EcompRole testGetRoles(@PathVariable("appId") Long appId, + @PathVariable("orgUserId") String orgUserId) throws Exception { + if (!EcompPortalUtils.legitimateUserId(orgUserId)) { + String msg = "Error /user//roles not legitimate orgUserId = " + orgUserId; + logger.error(EELFLoggerDelegate.errorLogger, msg); + throw new Exception(msg); + } + EcompRole[] roles = applicationsRestClientService.get(EcompRole[].class, appId, + String.format("/user/%s/roles", orgUserId)); + if (roles.length != 1) { + String msg = + "Error /user//roles returned array. expected size 1 recieved size = " + roles.length; + logger.error(EELFLoggerDelegate.errorLogger, msg); + throw new Exception(msg); + } + + EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/app/{appId}/user/{orgUserId}/roles", + "response for appId='" + appId + "' and orgUserId='" + orgUserId + "'", roles[0]); + return roles[0]; } - // return fieldsValidator; - EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/saveUserAppRoles", "PUT result =", - response.getStatus()); - return fieldsValidator; - } - - - @SuppressWarnings("ConstantConditions") - @RequestMapping(value = {"/portalApi/appCatalogRoles"}, method = { - RequestMethod.GET}, produces = "application/json") - public List getUserAppCatalogRoles(Principal principal, - @RequestParam("appName") String appName) { - FnUser user = fnUserService.loadUserByUsername(principal.getName()); - List userAppRoleList = null; - try { - userAppRoleList = fnUserRoleService.getUserAppCatalogRoles(user, appName); - } catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger, "putUserWidgetsSortPref failed", e); + + @RequestMapping(value = {"/portalApi/saveUserAppRoles"}, method = { + RequestMethod.PUT}, produces = "application/json") + public FieldsValidator putAppWithUserRoleRequest(Principal principal, + @RequestBody AppWithRolesForUser newAppRolesForUser, HttpServletResponse response) { + FieldsValidator fieldsValidator = null; + FnUser user = fnUserService.loadUserByUsername(principal.getName()); + try { + fieldsValidator = fnUserRoleService.putUserAppRolesRequest(newAppRolesForUser, user); + response.setStatus(0); + + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, "putAppWithUserRoleRequest failed", e); + + } + // return fieldsValidator; + EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/saveUserAppRoles", "PUT result =", + response.getStatus()); + return fieldsValidator; } - userAppRoleList.sort(getUserAppCatalogRolesComparator); - EcompPortalUtils - .logAndSerializeObject(logger, "/portalApi/userApplicationRoles", "result =", userAppRoleList); - - return userAppRoleList; - - } - - - private final Comparator getUserAppCatalogRolesComparator = - Comparator.comparing(EPUserAppCatalogRoles::getRoleName); - - @RequestMapping(value = "/portalApi/externalRequestAccessSystem", method = RequestMethod.GET, - produces = "application/json") - public ExternalSystemAccess readExternalRequestAccess() { - ExternalSystemAccess result = null; - try { - result = fnUserRoleService.getExternalRequestAccess(); - EcompPortalUtils - .logAndSerializeObject(logger, "/portalApi/externalRequestAccessSystem", "GET result =", - result); - } catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger, - "readExternalRequestAccess failed: " + e.getMessage()); + + + @SuppressWarnings("ConstantConditions") + @RequestMapping(value = {"/portalApi/appCatalogRoles"}, method = { + RequestMethod.GET}, produces = "application/json") + public List getUserAppCatalogRoles(Principal principal, + @RequestParam("appName") String appName) { + FnUser user = fnUserService.loadUserByUsername(principal.getName()); + List userAppRoleList = null; + try { + userAppRoleList = fnUserRoleService.getUserAppCatalogRoles(user, appName); + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, "putUserWidgetsSortPref failed", e); + + } + userAppRoleList.sort(getUserAppCatalogRolesComparator); + EcompPortalUtils + .logAndSerializeObject(logger, "/portalApi/userApplicationRoles", "result =", userAppRoleList); + + return userAppRoleList; + } - return result; - } - @RequestMapping(value = {"/portalApi/checkIfUserIsSuperAdmin"}, method = RequestMethod.GET, - produces = "application/json") - public boolean checkIfUserIsSuperAdmin(Principal principal) { - FnUser user = fnUserService.loadUserByUsername(principal.getName()); + private final Comparator getUserAppCatalogRolesComparator = + Comparator.comparing(EPUserAppCatalogRoles::getRoleName); + + @RequestMapping(value = "/portalApi/externalRequestAccessSystem", method = RequestMethod.GET, + produces = "application/json") + public ExternalSystemAccess readExternalRequestAccess() { + ExternalSystemAccess result = null; + try { + result = fnUserRoleService.getExternalRequestAccess(); + EcompPortalUtils + .logAndSerializeObject(logger, "/portalApi/externalRequestAccessSystem", "GET result =", + result); + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, + "readExternalRequestAccess failed: " + e.getMessage()); + } + return result; + + } + + @RequestMapping(value = {"/portalApi/checkIfUserIsSuperAdmin"}, method = RequestMethod.GET, + produces = "application/json") + public boolean checkIfUserIsSuperAdmin(Principal principal) { + FnUser user = fnUserService.loadUserByUsername(principal.getName()); - boolean isSuperAdmin = false; - try { - isSuperAdmin = adminRolesService.isSuperAdmin(user.getLoginId()); - } catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger, "checkIfUserIsSuperAdmin failed: " + e.getMessage()); + boolean isSuperAdmin = false; + try { + isSuperAdmin = adminRolesService.isSuperAdmin(user.getLoginId()); + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, "checkIfUserIsSuperAdmin failed: " + e.getMessage()); + } + return isSuperAdmin; } - return isSuperAdmin; - } }