X-Git-Url: https://gerrit.onap.org/r/gitweb?p=policy%2Fengine.git;a=blobdiff_plain;f=POLICY-SDK-APP%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Fpolicy%2Fcontroller%2FPolicyController.java;h=78fb87346edab056c1df8caff0ab65096776bc07;hp=3b4d03de8a4108189977cc1e400ed3159ad44742;hb=dfd9c0a09c35e4b5b4b61be08b8424e4a3d0d500;hpb=9efe59e93578e0ee495c85dad691fa9864512113 diff --git a/POLICY-SDK-APP/src/main/java/org/onap/policy/controller/PolicyController.java b/POLICY-SDK-APP/src/main/java/org/onap/policy/controller/PolicyController.java index 3b4d03de8..78fb87346 100644 --- a/POLICY-SDK-APP/src/main/java/org/onap/policy/controller/PolicyController.java +++ b/POLICY-SDK-APP/src/main/java/org/onap/policy/controller/PolicyController.java @@ -2,8 +2,9 @@ * ============LICENSE_START======================================================= * ONAP Policy Engine * ================================================================================ - * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved. + * Copyright (C) 2017-2019 AT&T Intellectual Property. All rights reserved. * Modified Copyright (C) 2018 Samsung Electronics Co., Ltd. + * Modifications Copyright (C) 2019 Bell Canada * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -23,10 +24,13 @@ package org.onap.policy.controller; import com.att.research.xacml.util.XACMLProperties; import com.fasterxml.jackson.databind.ObjectMapper; + +import java.io.ByteArrayInputStream; import java.io.File; import java.io.FileInputStream; import java.io.IOException; import java.io.InputStream; +import java.nio.charset.StandardCharsets; import java.util.ArrayList; import java.util.HashMap; import java.util.List; @@ -34,15 +38,20 @@ import java.util.Map; import java.util.Map.Entry; import java.util.Properties; import java.util.Set; -import java.util.TreeMap; + import javax.annotation.PostConstruct; -import javax.mail.MessagingException; import javax.script.SimpleBindings; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; + +import oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicySetType; +import oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicyType; + import org.json.JSONObject; import org.onap.policy.admin.PolicyNotificationMail; import org.onap.policy.admin.RESTfulPAPEngine; +import org.onap.policy.common.logging.eelf.MessageCodes; +import org.onap.policy.common.logging.eelf.PolicyLogger; import org.onap.policy.common.logging.flexlogger.FlexLogger; import org.onap.policy.common.logging.flexlogger.Logger; import org.onap.policy.model.PDPGroupContainer; @@ -54,9 +63,11 @@ import org.onap.policy.rest.jpa.FunctionDefinition; import org.onap.policy.rest.jpa.PolicyEntity; import org.onap.policy.rest.jpa.PolicyVersion; import org.onap.policy.rest.jpa.UserInfo; +import org.onap.policy.utils.PeCryptoUtils; import org.onap.policy.utils.UserUtils.Pair; import org.onap.policy.xacml.api.XACMLErrorConstants; import org.onap.policy.xacml.api.pap.PAPPolicyEngine; +import org.onap.policy.xacml.util.XACMLPolicyScanner; import org.onap.portalsdk.core.controller.RestrictedBaseController; import org.onap.portalsdk.core.domain.UserApp; import org.onap.portalsdk.core.web.support.JsonMessage; @@ -68,7 +79,6 @@ import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.servlet.ModelAndView; - @Controller @RequestMapping("/") public class PolicyController extends RestrictedBaseController { @@ -105,6 +115,9 @@ public class PolicyController extends RestrictedBaseController { private static final String characterEncoding = "UTF-8"; private static final String contentType = "application/json"; private static final String file = "file"; + private static final String SUPERADMIN = "super-admin"; + private static final String POLICYGUEST = "Policy Guest"; + private static final String LOGINID = "loginId"; // Smtp Java Mail Properties private static String smtpHost = null; @@ -147,7 +160,6 @@ public class PolicyController extends RestrictedBaseController { private static boolean jUnit = false; - public static boolean isjUnit() { return jUnit; } @@ -201,12 +213,12 @@ public class PolicyController extends RestrictedBaseController { setLogdbDriver(prop.getProperty("xacml.log.db.driver")); setLogdbUrl(prop.getProperty("xacml.log.db.url")); setLogdbUserName(prop.getProperty("xacml.log.db.user")); - setLogdbPassword(prop.getProperty("xacml.log.db.password")); + setLogdbPassword(PeCryptoUtils.decrypt(prop.getProperty("xacml.log.db.password"))); setLogdbDialect(prop.getProperty("onap.dialect")); // Xacml Database Properties setXacmldbUrl(prop.getProperty("javax.persistence.jdbc.url")); setXacmldbUserName(prop.getProperty("javax.persistence.jdbc.user")); - setXacmldbPassword(prop.getProperty("javax.persistence.jdbc.password")); + setXacmldbPassword(PeCryptoUtils.decrypt(prop.getProperty("javax.persistence.jdbc.password"))); // AutoPuh setAutoPushAvailable(prop.getProperty("xacml.automatic.push")); setAutoPushDSClosedLoop(prop.getProperty("xacml.autopush.closedloop")); @@ -253,7 +265,7 @@ public class PolicyController extends RestrictedBaseController { /** * Get FunctionData Type from DB. - * + * * @return list of FunctionData. */ public static Map> getFunctionDatatypeMap() { @@ -267,7 +279,7 @@ public class PolicyController extends RestrictedBaseController { /** * Get Function ID. - * + * * @return Function ID. */ public static Map getFunctionIdMap() { @@ -295,11 +307,12 @@ public class PolicyController extends RestrictedBaseController { /** * Get Functional Definition data. - * + * * @param request HttpServletRequest. * @param response HttpServletResponse. */ - @RequestMapping(value = {"/get_FunctionDefinitionDataByName"}, + @RequestMapping( + value = {"/get_FunctionDefinitionDataByName"}, method = {org.springframework.web.bind.annotation.RequestMethod.GET}, produces = MediaType.APPLICATION_JSON_VALUE) public void getFunctionDefinitionData(HttpServletRequest request, HttpServletResponse response) { @@ -319,7 +332,7 @@ public class PolicyController extends RestrictedBaseController { /** * Get PolicyEntity Data from db. - * + * * @param scope scopeName. * @param policyName policyName. * @return policyEntity data. @@ -332,13 +345,13 @@ public class PolicyController extends RestrictedBaseController { /** * Get Policy User Roles from db. - * + * * @param userId LoginID. * @return list of Roles. */ public List getRolesOfUser(String userId) { List rolesList = new ArrayList<>(); - List roles = commonClassDao.getDataById(Roles.class, "loginId", userId); + List roles = commonClassDao.getDataById(Roles.class, LOGINID, userId); for (Object role : roles) { rolesList.add(((Roles) role).getRole()); } @@ -346,16 +359,17 @@ public class PolicyController extends RestrictedBaseController { } public List getRoles(String userId) { - return commonClassDao.getDataById(Roles.class, "loginId", userId); + return commonClassDao.getDataById(Roles.class, LOGINID, userId); } /** * Get List of User Roles. - * + * * @param request HttpServletRequest. * @param response HttpServletResponse. */ - @RequestMapping(value = {"/get_UserRolesData"}, + @RequestMapping( + value = {"/get_UserRolesData"}, method = {org.springframework.web.bind.annotation.RequestMethod.GET}, produces = MediaType.APPLICATION_JSON_VALUE) public void getUserRolesEntityData(HttpServletRequest request, HttpServletResponse response) { @@ -374,7 +388,7 @@ public class PolicyController extends RestrictedBaseController { /** * Policy tabs Model and View. - * + * * @param request Request input. * @return view model. */ @@ -386,8 +400,8 @@ public class PolicyController extends RestrictedBaseController { // // Set the URL for the RESTful PAP Engine // - setPapEngine((PAPPolicyEngine) new RESTfulPAPEngine(myRequestUrl)); - new PDPGroupContainer((PAPPolicyEngine) new RESTfulPAPEngine(myRequestUrl)); + setPapEngine(new RESTfulPAPEngine(myRequestUrl)); + new PDPGroupContainer(new RESTfulPAPEngine(myRequestUrl)); } catch (Exception e) { policyLogger.error(XACMLErrorConstants.ERROR_SYSTEM_ERROR + "Exception Occured while loading PAP" + e); } @@ -396,9 +410,9 @@ public class PolicyController extends RestrictedBaseController { } /** - * Read the role from session. - * - * @param request Request input. + * Read the role from session for inserting into the database. + * + * @param request Request input for Role. */ public void getUserRoleFromSession(HttpServletRequest request) { // While user landing on Policy page, fetch the userId and Role from @@ -415,23 +429,47 @@ public class PolicyController extends RestrictedBaseController { newRoles.add(userApp.getRole().getName()); } List userRoles = getRoles(userId); - String filteredRole = filterRole(newRoles); - if (userRoles == null || userRoles.isEmpty()) { - savePolicyRoles(name, filteredRole, userId); - } else { - Pair, List> pair = org.onap.policy.utils.UserUtils.checkRoleAndScope(userRoles); - roles = pair.u; - if (!roles.contains(filteredRole)) { - String query = "delete from Roles where loginid='" + userId + "'"; - commonClassDao.updateQuery(query); + List filteredRoles = filterRole(newRoles); + if (!filteredRoles.isEmpty()) { + cleanUpRoles(filteredRoles, userId); + } + for (String filteredRole : filteredRoles) { + if (userRoles == null || userRoles.isEmpty()) { savePolicyRoles(name, filteredRole, userId); + } else { + userRoles = getRoles(userId); + Pair, List> pair = org.onap.policy.utils.UserUtils.checkRoleAndScope(userRoles); + roles = pair.u; + if (!roles.contains(filteredRole)) { + savePolicyRoles(name, filteredRole, userId); + } } } } + /** + * Build a delete query for cleaning up roles and execute it. + * + * @param filteredRoles Filtered roles list. + * @param userId UserID. + */ + private void cleanUpRoles(List filteredRoles, String userId) { + StringBuilder query = new StringBuilder(); + query.append("delete from Roles where loginid = '" + userId + "'"); + if (filteredRoles.contains(SUPERADMIN)) { + query.append("and not role = '" + SUPERADMIN + "'"); + } else { + for (String filteredRole : filteredRoles) { + query.append("and not role = '" + filteredRole + "'"); + } + } + query.append("and id > 0"); + commonClassDao.updateQuery(query.toString()); + } + /** * Save the Role to DB. - * + * * @param name User Name. * @param filteredRole Role Name. * @param userId User LoginID. @@ -450,29 +488,39 @@ public class PolicyController extends RestrictedBaseController { /** * Filter the list of roles hierarchy wise. - * + * * @param newRoles list of roles from request. * @return */ - private String filterRole(List newRoles) { - Map roleMap = new TreeMap<>(); - roleMap.put(6, "guest"); + private List filterRole(List newRoles) { + List roles = new ArrayList<>(); + boolean superCheck = false; for (String role : newRoles) { - if ("Policy Super Admin".equalsIgnoreCase(role.trim()) + if ("Policy Super Guest".equalsIgnoreCase(role.trim())) { + superCheck = true; + roles.add("super-guest"); + } else if ("Policy Super Editor".equalsIgnoreCase(role.trim())) { + superCheck = true; + roles.clear(); + roles.add("super-editor"); + } else if ("Policy Super Admin".equalsIgnoreCase(role.trim()) || "System Administrator".equalsIgnoreCase(role.trim()) || "Standard User".equalsIgnoreCase(role.trim())) { - roleMap.put(1, "super-admin"); - } else if ("Policy Super Editor".equalsIgnoreCase(role.trim())) { - roleMap.put(2, "super-editor"); - } else if ("Policy Super Guest".equalsIgnoreCase(role.trim())) { - roleMap.put(3, "super-guest"); - } else if ("Policy Admin".equalsIgnoreCase(role.trim())) { - roleMap.put(4, "admin"); - } else if ("Policy Editor".equalsIgnoreCase(role.trim())) { - roleMap.put(5, "editor"); + superCheck = true; + roles.clear(); + roles.add(SUPERADMIN); + } + if (!roles.contains(SUPERADMIN) || (POLICYGUEST.equalsIgnoreCase(role) && !superCheck)) { + if ("Policy Admin".equalsIgnoreCase(role.trim())) { + roles.add("admin"); + } else if ("Policy Editor".equalsIgnoreCase(role.trim())) { + roles.add("editor"); + } else if (POLICYGUEST.equalsIgnoreCase(role.trim())) { + roles.add("guest"); + } } } - return roleMap.entrySet().iterator().next().getValue(); + return roles; } public PAPPolicyEngine getPapEngine() { @@ -485,18 +533,19 @@ public class PolicyController extends RestrictedBaseController { /** * Get UserName based on LoginID. - * + * * @param createdBy loginID. * @return name. */ public String getUserName(String createdBy) { String loginId = createdBy; - List data = commonClassDao.getDataById(UserInfo.class, "loginId", loginId); + List data = commonClassDao.getDataById(UserInfo.class, LOGINID, loginId); return data.get(0).toString(); } /** * Check if the Policy is Active or not. + * * @param query sql query. * @return boolean. */ @@ -532,33 +581,26 @@ public class PolicyController extends RestrictedBaseController { return commonClassDao.getDataByQuery(query, params); } - @SuppressWarnings("rawtypes") public Object getEntityItem(Class className, String columname, String key) { return commonClassDao.getEntityItem(className, columname, key); } - /** * Watch Policy Function. - * + * * @param entity PolicyVersion entity. * @param policyName updated policy name. * @param mode type of action rename/delete/import. */ public void watchPolicyFunction(PolicyVersion entity, String policyName, String mode) { PolicyNotificationMail email = new PolicyNotificationMail(); - try { - email.sendMail(entity, policyName, mode, commonClassDao); - } catch (MessagingException e) { - policyLogger.error(XACMLErrorConstants.ERROR_SYSTEM_ERROR - + "Excepton Occured while Renaming/Deleting a Policy or Scope" + e); - } + email.sendMail(entity, policyName, mode, commonClassDao); } /** * Switch Version Policy Content. - * + * * @param pName which is used to find associated versions. * @return list of available versions based on policy name. */ @@ -569,6 +611,8 @@ public class PolicyController extends RestrictedBaseController { dbCheckName = dbCheckName.replace(".Config_", ":Config_"); } else if (dbCheckName.contains("Action_")) { dbCheckName = dbCheckName.replace(".Action_", ":Action_"); + } else if (dbCheckName.contains("Decision_MS_")) { + dbCheckName = dbCheckName.replace(".Decision_MS_", ":Decision_MS_"); } else if (dbCheckName.contains("Decision_")) { dbCheckName = dbCheckName.replace(".Decision_", ":Decision_"); } @@ -583,7 +627,8 @@ public class PolicyController extends RestrictedBaseController { PolicyEntity pEntity = (PolicyEntity) entity; String removeExtension = pEntity.getPolicyName().replace(".xml", ""); String version = removeExtension.substring(removeExtension.lastIndexOf('.') + 1); - av.add(version); + String userName = getUserId(pEntity, "@ModifiedBy:"); + av.add(version + " | " + pEntity.getModifiedDate() + " | " + userName); } if (policyName.contains("/")) { policyName = policyName.replace("/", File.separator); @@ -597,6 +642,54 @@ public class PolicyController extends RestrictedBaseController { return el; } + public String getUserId(PolicyEntity data, String value) { + String userId = ""; + String uValue = value; + String description = getDescription(data); + if (description.contains(uValue)) { + userId = description.substring(description.indexOf(uValue) + uValue.length(), + description.lastIndexOf(uValue)); + } + UserInfo userInfo = (UserInfo) getEntityItem(UserInfo.class, "userLoginId", userId); + if (userInfo == null) { + return SUPERADMIN; + } + return userInfo.getUserName(); + } + + public String getDescription(PolicyEntity data) { + InputStream stream = new ByteArrayInputStream(data.getPolicyData().getBytes(StandardCharsets.UTF_8)); + Object policy = XACMLPolicyScanner.readPolicy(stream); + if (policy instanceof PolicySetType) { + return ((PolicySetType) policy).getDescription(); + } else if (policy instanceof PolicyType) { + return ((PolicyType) policy).getDescription(); + } else { + PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + "Expecting a PolicySet/Policy/Rule object. Got: " + + policy.getClass().getCanonicalName()); + return null; + } + } + + public String[] getUserInfo(PolicyEntity data, List activePolicies) { + String policyName = data.getScope().replace(".", File.separator) + File.separator + + data.getPolicyName().substring(0, data.getPolicyName().indexOf('.')); + PolicyVersion polVersion = + activePolicies.stream().filter(a -> policyName.equals(a.getPolicyName())).findAny().orElse(null); + String[] result = new String[2]; + UserInfo userCreate = null; + UserInfo userModify = null; + if (polVersion != null) { + userCreate = (UserInfo) getEntityItem(UserInfo.class, "userLoginId", polVersion.getCreatedBy()); + userModify = (UserInfo) getEntityItem(UserInfo.class, "userLoginId", polVersion.getModifiedBy()); + } + + result[0] = userCreate != null ? userCreate.getUserName() : SUPERADMIN; + result[1] = userModify != null ? userModify.getUserName() : SUPERADMIN; + + return result; + } + public static String getLogTableLimit() { return logTableLimit; } @@ -851,7 +944,7 @@ public class PolicyController extends RestrictedBaseController { /** * Set File Size limit. - * + * * @param uploadSize value. */ public static void setFileSizeLimit(String uploadSize) { @@ -869,7 +962,7 @@ public class PolicyController extends RestrictedBaseController { /** * Function to convert date. - * + * * @param dateTTL input date value. * @return */