X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=portal-BE%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Fportal%2Fservice%2FAdminRolesService.java;fp=portal-BE%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Fportal%2Fservice%2FAdminRolesService.java;h=c948ece4445bf49f01f1fea4fb06c8cf658bad8e;hb=cb3f6ffee6dd5a9a15a6962065a313cc1f97b7c1;hp=0000000000000000000000000000000000000000;hpb=6471284af891d330a49db0d00e2456f757a53ba4;p=portal.git diff --git a/portal-BE/src/main/java/org/onap/portal/service/AdminRolesService.java b/portal-BE/src/main/java/org/onap/portal/service/AdminRolesService.java new file mode 100644 index 00000000..c948ece4 --- /dev/null +++ b/portal-BE/src/main/java/org/onap/portal/service/AdminRolesService.java @@ -0,0 +1,146 @@ +/* + * ============LICENSE_START========================================== + * ONAP Portal + * =================================================================== + * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. + * =================================================================== + * Modifications Copyright (c) 2019 Samsung + * =================================================================== + * + * Unless otherwise specified, all software contained herein is licensed + * under the Apache License, Version 2.0 (the "License"); + * you may not use this software except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Unless otherwise specified, all documentation contained herein is licensed + * under the Creative Commons License, Attribution 4.0 Intl. (the "License"); + * you may not use this documentation except in compliance with the License. + * You may obtain a copy of the License at + * + * https://creativecommons.org/licenses/by/4.0/ + * + * Unless required by applicable law or agreed to in writing, documentation + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * ============LICENSE_END============================================ + * + * + */ + +package org.onap.portal.service; + +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import javax.persistence.EntityManager; +import org.onap.portal.domain.db.fn.FnRole; +import org.onap.portal.domain.db.fn.FnUser; +import org.onap.portal.domain.db.fn.FnUserRole; +import org.onap.portal.domain.dto.ecomp.UserRole; +import org.onap.portal.logging.format.EPAppMessagesEnum; +import org.onap.portal.logging.logic.EPLogUtil; +import org.onap.portal.service.fn.FnUserService; +import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; + +@Service +public class AdminRolesService { + + private EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(AdminRolesService.class); + + private final Long SYS_ADMIN_ROLE_ID = 1L; + private final Long ACCOUNT_ADMIN_ROLE_ID = 999L; + private final Long ECOMP_APP_ID = 1L; + private final String ADMIN_ACCOUNT= "Is account admin for user {}"; + + private final EntityManager entityManager; + private final FnUserService fnUserService; + + @Autowired + public AdminRolesService(final EntityManager entityManager, + FnUserService fnUserService) { + this.entityManager = entityManager; + this.fnUserService = fnUserService; + } + + public boolean isSuperAdmin(FnUser user) { + if ((user != null) && (user.getOrgUserId() != null)) { + String sql = "SELECT user.USER_ID, user.org_user_id, userrole.ROLE_ID, userrole.APP_ID FROM fn_user_role userrole " + + "INNER JOIN fn_user user ON user.USER_ID = userrole.USER_ID " + "WHERE user.org_user_id = '" + + user.getOrgUserId() + "' " + "AND userrole.ROLE_ID = '" + SYS_ADMIN_ROLE_ID + "' " + + "AND userrole.APP_ID = '" + ECOMP_APP_ID + "';"; + try { + List userRoleList = entityManager.createNativeQuery(sql, UserRole.class).getResultList(); + if (userRoleList != null && userRoleList.size() > 0) { + return true; + } + } catch (Exception e) { + EPLogUtil.logEcompError(logger, EPAppMessagesEnum.BeDaoSystemError, e); + logger.error(EELFLoggerDelegate.errorLogger, + "Exception occurred while executing isSuperAdmin operation", e); + } + } + return false; + } + + public boolean isAccountAdmin(FnUser user) { + try { + final Map userParams = new HashMap<>(); + userParams.put("userId", user.getId()); + logger.debug(EELFLoggerDelegate.debugLogger, ADMIN_ACCOUNT, user.getId()); + List userAdminApps; + String query = "select fa.app_id from fn_user_role ur,fn_app fa where ur.user_id =:userId and ur.app_id=fa.app_id and ur.role_id= 999 and (fa.enabled = 'Y' || fa.app_id=1)"; + userAdminApps = entityManager.createQuery(query, Integer.class).setParameter("userId", user.getId()).getResultList(); + logger.debug(EELFLoggerDelegate.debugLogger, "Is account admin for userAdminApps() - for user {}, found userAdminAppsSize {}", user.getOrgUserId(), userAdminApps.size()); + + + if (user.getId() != null) { + for (FnUserRole userApp : user.getFnUserRoles()) { + if (userApp.getRoleId().getId().equals(ACCOUNT_ADMIN_ROLE_ID)||(userAdminApps.size()>1)) { + logger.debug(EELFLoggerDelegate.debugLogger, "Is account admin for userAdminApps() - for user {}, found Id {}", user.getOrgUserId(), userApp.getRoleId().getId()); + return true; + } + } + } + } catch (Exception e) { + EPLogUtil.logEcompError(logger, EPAppMessagesEnum.BeDaoSystemError, e); + logger.error(EELFLoggerDelegate.errorLogger, "Exception occurred while executing isAccountAdmin operation", + e); + } + return false; + } + + public boolean isUser(FnUser user) { + try { + FnUser currentUser = fnUserService.getUser(user.getId()).orElseThrow(Exception::new); + if (currentUser != null && currentUser.getId() != null) { + for (FnUserRole userApp : currentUser.getFnUserRoles()) { + if (!userApp.getAppId().getId().equals(ECOMP_APP_ID)) { + FnRole role = userApp.getRoleId(); + if (!role.getId().equals(SYS_ADMIN_ROLE_ID) && !role.getId().equals(ACCOUNT_ADMIN_ROLE_ID)) { + if (role.getActiveYn()) { + return true; + } + } + } + } + } + } catch (Exception e) { + EPLogUtil.logEcompError(logger, EPAppMessagesEnum.BeDaoSystemError, e); + logger.error(EELFLoggerDelegate.errorLogger, "Exception occurred while executing isUser operation", e); + } + return false; + } +}