X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=portal-BE%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Fportal%2Fcontroller%2FWidgetsController.java;h=6a92fbc373066b519b2b496aa7c99fc65064d5da;hb=ffd9af970318c1f5a0bad46d7aad5d4611414aae;hp=6248a358f22d6809d668375a154e8604de58ede0;hpb=9e4e70f058ee09ae2933e4438f75fea5289f147a;p=portal.git diff --git a/portal-BE/src/main/java/org/onap/portal/controller/WidgetsController.java b/portal-BE/src/main/java/org/onap/portal/controller/WidgetsController.java index 6248a358..6a92fbc3 100644 --- a/portal-BE/src/main/java/org/onap/portal/controller/WidgetsController.java +++ b/portal-BE/src/main/java/org/onap/portal/controller/WidgetsController.java @@ -58,9 +58,9 @@ import org.onap.portal.utils.EcompPortalUtils; import org.onap.portal.validation.DataValidator; import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.EnableAspectJAutoProxy; import org.springframework.http.MediaType; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.web.bind.annotation.DeleteMapping; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.PathVariable; @@ -78,18 +78,13 @@ public class WidgetsController { private final FnUserService fnUserService; private final WidgetService widgetService; - private final AdminRolesService adminRolesService; - private final DataValidator dataValidator; private final PersUserWidgetService persUserWidgetService; @Autowired public WidgetsController(final FnUserService fnUserService, final WidgetService widgetService, - final AdminRolesService adminRolesService, final DataValidator dataValidator, final PersUserWidgetService persUserWidgetService) { this.fnUserService = fnUserService; this.widgetService = widgetService; - this.adminRolesService = adminRolesService; - this.dataValidator = dataValidator; this.persUserWidgetService = persUserWidgetService; } @@ -98,8 +93,7 @@ public class WidgetsController { HttpServletResponse response) { FnUser user = fnUserService.loadUserByUsername(principal.getName()); List onboardingWidgets = null; - - if (user == null || user.isGuest()) { + if (user.getGuest()) { EcompPortalUtils.setBadPermissions(user, response, "getOnboardingWidgets"); } else { String getType = request.getHeader("X-Widgets-Type"); @@ -118,60 +112,50 @@ public class WidgetsController { } @PutMapping(value = {"/portalApi/widgets/{widgetId}"}, produces = MediaType.APPLICATION_JSON_VALUE) - public FieldsValidator putOnboardingWidget(Principal principal, HttpServletRequest request, - @PathVariable("widgetId") Long widgetId, + @PreAuthorize("hasRole('System_Administrator')") + public FieldsValidator putOnboardingWidget(Principal principal, @PathVariable("widgetId") Long widgetId, @RequestBody OnboardingWidget onboardingWidget, HttpServletResponse response) { FnUser user = fnUserService.loadUserByUsername(principal.getName()); FieldsValidator fieldsValidator = null; - if (onboardingWidget != null) { - if (!dataValidator.isValid(onboardingWidget)) { - fieldsValidator = new FieldsValidator(); - fieldsValidator.setHttpStatusCode((long) HttpServletResponse.SC_NOT_ACCEPTABLE); - return fieldsValidator; - } - } - if (userHasPermissions(user, response, "putOnboardingWidget")) { - assert onboardingWidget != null; - onboardingWidget.setId(widgetId); - onboardingWidget.normalize(); - fieldsValidator = widgetService.setOnboardingWidget(user, onboardingWidget); + assert onboardingWidget != null; + onboardingWidget.setId(widgetId); + onboardingWidget.normalize(); + try { + fieldsValidator = widgetService.setOnboardingWidget(user.getId(), onboardingWidget); response.setStatus(fieldsValidator.getHttpStatusCode().intValue()); + } catch (IllegalArgumentException e) { + fieldsValidator = new FieldsValidator(); + fieldsValidator.setHttpStatusCode((long) HttpServletResponse.SC_NOT_ACCEPTABLE); + fieldsValidator.addProblematicFieldName(e.getMessage()); + return fieldsValidator; } + EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/widgets/" + widgetId, "GET result =", response.getStatus()); return fieldsValidator; } - private boolean userHasPermissions(FnUser user, HttpServletResponse response, String invocator) { - if (!adminRolesService.isSuperAdmin(user) && !adminRolesService.isAccountAdmin(user)) { - EcompPortalUtils.setBadPermissions(user, response, invocator); - return false; - } - return true; - } - @PostMapping(value = {"/portalApi/widgets"}, produces = MediaType.APPLICATION_JSON_VALUE) - public FieldsValidator postOnboardingWidget(Principal principal, HttpServletRequest request, - @RequestBody OnboardingWidget onboardingWidget, HttpServletResponse response) { + @PreAuthorize("hasRole('System_Administrator') and hasRole('Account_Administrator')") + public FieldsValidator postOnboardingWidget(Principal principal, HttpServletResponse response, + @RequestBody OnboardingWidget onboardingWidget) { FnUser user = fnUserService.loadUserByUsername(principal.getName()); - FieldsValidator fieldsValidator = null; + FieldsValidator fieldsValidator; - if (onboardingWidget != null) { - if (!dataValidator.isValid(onboardingWidget)) { - fieldsValidator = new FieldsValidator(); - fieldsValidator.setHttpStatusCode((long) HttpServletResponse.SC_NOT_ACCEPTABLE); - return fieldsValidator; - } - } + onboardingWidget.setId(null); + onboardingWidget.normalize(); - if (userHasPermissions(user, response, "postOnboardingWidget")) { - onboardingWidget.setId(null); - onboardingWidget.normalize(); - fieldsValidator = widgetService.setOnboardingWidget(user, onboardingWidget); - response.setStatus(fieldsValidator.getHttpStatusCode().intValue()); + try { + fieldsValidator = widgetService.setOnboardingWidget(user.getId(), onboardingWidget); + } catch (IllegalArgumentException e) { + fieldsValidator = new FieldsValidator(); + fieldsValidator.setHttpStatusCode((long) HttpServletResponse.SC_NOT_ACCEPTABLE); + fieldsValidator.addProblematicFieldName(e.getMessage()); + return fieldsValidator; } + response.setStatus(fieldsValidator.getHttpStatusCode().intValue()); EcompPortalUtils .logAndSerializeObject(logger, "/portalApi/widgets", "POST result =", response.getStatus()); @@ -179,15 +163,14 @@ public class WidgetsController { } @DeleteMapping(value = {"/portalApi/widgets/{widgetId}"}, produces = MediaType.APPLICATION_JSON_VALUE) - public FieldsValidator deleteOnboardingWidget(Principal principal, HttpServletRequest request, - @PathVariable("widgetId") Long widgetId, HttpServletResponse response) { + @PreAuthorize("hasRole('System_Administrator') and hasRole('Account_Administrator')") + public FieldsValidator deleteOnboardingWidget(Principal principal, HttpServletResponse response, + @PathVariable("widgetId") Long widgetId) { FnUser user = fnUserService.loadUserByUsername(principal.getName()); - FieldsValidator fieldsValidator = null; + FieldsValidator fieldsValidator; - if (userHasPermissions(user, response, "deleteOnboardingWidget")) { - fieldsValidator = widgetService.deleteOnboardingWidget(user, widgetId); - response.setStatus(fieldsValidator.getHttpStatusCode().intValue()); - } + fieldsValidator = widgetService.deleteOnboardingWidget(user, widgetId); + response.setStatus(fieldsValidator.getHttpStatusCode().intValue()); EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/widgets/" + widgetId, "DELETE result =", response.getStatus()); @@ -195,27 +178,21 @@ public class WidgetsController { } @PutMapping(value = {"portalApi/widgetCatalogSelection"}, produces = MediaType.APPLICATION_JSON_VALUE) - public FieldsValidator putWidgetCatalogSelection(Principal principal, HttpServletRequest request, + public FieldsValidator putWidgetCatalogSelection(Principal principal, @RequestBody WidgetCatalogPersonalization persRequest, HttpServletResponse response) throws IOException { FieldsValidator result = new FieldsValidator(); FnUser user = fnUserService.loadUserByUsername(principal.getName()); - if (persRequest != null) { - if (!dataValidator.isValid(persRequest)) { - result.setHttpStatusCode((long) HttpServletResponse.SC_NOT_ACCEPTABLE); - return result; - } - } try { - if (persRequest.getWidgetId() == null || user == null) { - EcompPortalUtils.setBadPermissions(user, response, "putWidgetCatalogSelection"); - } else { - persUserWidgetService - .setPersUserAppValue(user, persRequest.getWidgetId(), persRequest.getSelect()); - } + assert persRequest != null; + persUserWidgetService + .setPersUserAppValue(user, persRequest); + } catch (IllegalArgumentException iae) { + logger.error(EELFLoggerDelegate.errorLogger, "Failed in putAppCatalogSelection", iae); + response.sendError(HttpServletResponse.SC_NOT_ACCEPTABLE, iae.getMessage()); } catch (Exception e) { logger.error(EELFLoggerDelegate.errorLogger, "Failed in putAppCatalogSelection", e); - response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.toString()); + response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage()); } result.setHttpStatusCode((long) HttpServletResponse.SC_OK); return result;