ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/WidgetsController.java

   1 /*-
   2  * ============LICENSE_START==========================================
   3  * ONAP Portal
   4  * ===================================================================
   5  * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
   6  * ===================================================================
   7  * Modifications Copyright (c) 2020 IBM
   8  * ===================================================================
   9  *
  10  * Unless otherwise specified, all software contained herein is licensed
  11  * under the Apache License, Version 2.0 (the "License");
  12  * you may not use this software except in compliance with the License.
  13  * You may obtain a copy of the License at
  14  *
  15  *             http://www.apache.org/licenses/LICENSE-2.0
  16  *
  17  * Unless required by applicable law or agreed to in writing, software
  18  * distributed under the License is distributed on an "AS IS" BASIS,
  19  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  20  * See the License for the specific language governing permissions and
  21  * limitations under the License.
  22  *
  23  * Unless otherwise specified, all documentation contained herein is licensed
  24  * under the Creative Commons License, Attribution 4.0 Intl. (the "License");
  25  * you may not use this documentation except in compliance with the License.
  26  * You may obtain a copy of the License at
  27  *
  28  *             https://creativecommons.org/licenses/by/4.0/
  29  *
  30  * Unless required by applicable law or agreed to in writing, documentation
  31  * distributed under the License is distributed on an "AS IS" BASIS,
  32  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  33  * See the License for the specific language governing permissions and
  34  * limitations under the License.
  35  *
  36  * ============LICENSE_END============================================
  37  *
  38  *
  39  */
  40 package org.onap.portalapp.portal.controller;
  41
  42 import java.io.IOException;
  43 import java.util.List;
  44
  45 import javax.servlet.http.HttpServletRequest;
  46 import javax.servlet.http.HttpServletResponse;
  47
  48 import org.apache.cxf.common.util.StringUtils;
  49 import org.onap.portalapp.controller.EPRestrictedBaseController;
  50 import org.onap.portalapp.portal.domain.EPUser;
  51 import org.onap.portalapp.portal.logging.aop.EPAuditLog;
  52 import org.onap.portalapp.portal.service.AdminRolesService;
  53 import org.onap.portalapp.portal.service.PersUserWidgetService;
  54 import org.onap.portalapp.portal.service.WidgetService;
  55 import org.onap.portalapp.portal.transport.FieldsValidator;
  56 import org.onap.portalapp.portal.transport.OnboardingWidget;
  57 import org.onap.portalapp.portal.transport.WidgetCatalogPersonalization;
  58 import org.onap.portalapp.portal.utils.EcompPortalUtils;
  59 import org.onap.portalapp.util.EPUserUtils;
  60 import org.onap.portalapp.validation.DataValidator;
  61 import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
  62 import org.springframework.beans.factory.annotation.Autowired;
  63 import org.springframework.context.annotation.Configuration;
  64 import org.springframework.context.annotation.EnableAspectJAutoProxy;
  65 import org.springframework.web.bind.annotation.PathVariable;
  66 import org.springframework.web.bind.annotation.RequestBody;
  67 import org.springframework.web.bind.annotation.GetMapping;
  68 import org.springframework.web.bind.annotation.PostMapping;
  69 import org.springframework.web.bind.annotation.PutMapping;
  70 import org.springframework.web.bind.annotation.DeleteMapping;
  71 import org.springframework.web.bind.annotation.RestController;
  72
  73 @RestController
  74 @Configuration
  75 @EnableAspectJAutoProxy
  76 @EPAuditLog
  77 public class WidgetsController extends EPRestrictedBaseController {
  78     private static final EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(WidgetsController.class);
  79     private static final DataValidator dataValidator = new DataValidator();
  80
  81     private AdminRolesService adminRolesService;
  82     private WidgetService widgetService;
  83     private PersUserWidgetService persUserWidgetService;
  84
  85     @Autowired
  86     public WidgetsController(AdminRolesService adminRolesService,
  87             WidgetService widgetService, PersUserWidgetService persUserWidgetService) {
  88         this.adminRolesService = adminRolesService;
  89         this.widgetService = widgetService;
  90         this.persUserWidgetService = persUserWidgetService;
  91     }
  92
  93     @GetMapping(value = { "/portalApi/widgets" }, produces = "application/json")
  94     public List<OnboardingWidget> getOnboardingWidgets(HttpServletRequest request, HttpServletResponse response) {
  95         EPUser user = EPUserUtils.getUserSession(request);
  96         List<OnboardingWidget> onboardingWidgets = null;
  97
  98         if (user == null || user.isGuest()) {
  99             EcompPortalUtils.setBadPermissions(user, response, "getOnboardingWidgets");
 100         } else {
 101             String getType = request.getHeader("X-Widgets-Type");
 102             if (!StringUtils.isEmpty(getType) && ("managed".equals(getType) || "all".equals(getType))) {
 103                 onboardingWidgets = widgetService.getOnboardingWidgets(user, "managed".equals(getType));
 104             } else {
 105                 logger.debug(EELFLoggerDelegate.debugLogger,
 106                         "WidgetsController.getOnboardingApps - request must contain header 'X-Widgets-Type' with 'all' or 'managed'");
 107                 response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
 108             }
 109         }
 110
 111         EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/widgets", "GET result =", response.getStatus());
 112         return onboardingWidgets;
 113     }
 114
 115     private boolean userHasPermissions(EPUser user, HttpServletResponse response, String invocator) {
 116         if (!adminRolesService.isSuperAdmin(user) && !adminRolesService.isAccountAdmin(user)) {
 117             EcompPortalUtils.setBadPermissions(user, response, invocator);
 118             return false;
 119         }
 120         return true;
 121     }
 122
 123     // Attention: real json has all OnboardingWidget fields except "id", we use OnboardingWidget for not
 124     // to create new class for parsing
 125     @PutMapping(value = { "/portalApi/widgets/{widgetId}" },
 126             produces = "application/json")
 127     public FieldsValidator putOnboardingWidget(HttpServletRequest request, @PathVariable("widgetId") Long widgetId,
 128             @RequestBody OnboardingWidget onboardingWidget, HttpServletResponse response) {
 129         EPUser user = EPUserUtils.getUserSession(request);
 130         FieldsValidator fieldsValidator = null;
 131         if (onboardingWidget != null && !dataValidator.isValid(onboardingWidget)) {
 132             fieldsValidator = new FieldsValidator();
 133             fieldsValidator.setHttpStatusCode((long) HttpServletResponse.SC_NOT_ACCEPTABLE);
 134             return fieldsValidator;
 135         }
 136
 137         if (userHasPermissions(user, response, "putOnboardingWidget")) {
 138             if (onboardingWidget != null) {
 139                 onboardingWidget.id = widgetId; // !
 140                 onboardingWidget.normalize();
 141             }
 142
 143             fieldsValidator = widgetService.setOnboardingWidget(user, onboardingWidget);
 144             response.setStatus(fieldsValidator.httpStatusCode.intValue());
 145         }
 146         EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/widgets/" + widgetId, "GET result =",
 147                 response.getStatus());
 148
 149         return fieldsValidator;
 150     }
 151
 152     // Attention: real json has all OnboardingWidget fields except "id", we use OnboardingWidget for not
 153     // to create new class for parsing
 154     @PostMapping(value = { "/portalApi/widgets" }, produces = "application/json")
 155     public FieldsValidator postOnboardingWidget(HttpServletRequest request,
 156             @RequestBody OnboardingWidget onboardingWidget, HttpServletResponse response) {
 157         EPUser user = EPUserUtils.getUserSession(request);
 158         FieldsValidator fieldsValidator = null;
 159
 160         if (onboardingWidget != null && !dataValidator.isValid(onboardingWidget)) {
 161             fieldsValidator = new FieldsValidator();
 162             fieldsValidator.setHttpStatusCode((long) HttpServletResponse.SC_NOT_ACCEPTABLE);
 163             return fieldsValidator;
 164         }
 165
 166         if (userHasPermissions(user, response, "postOnboardingWidget")) {
 167
 168             if (onboardingWidget != null) {
 169                 onboardingWidget.id = null; // !
 170                 onboardingWidget.normalize();
 171             }
 172             fieldsValidator = widgetService.setOnboardingWidget(user, onboardingWidget);
 173             response.setStatus(fieldsValidator.httpStatusCode.intValue());
 174         }
 175
 176         EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/widgets", "POST result =", response.getStatus());
 177         return fieldsValidator;
 178     }
 179
 180     @DeleteMapping(value = { "/portalApi/widgets/{widgetId}" },
 181             produces = "application/json")
 182     public FieldsValidator deleteOnboardingWidget(HttpServletRequest request, @PathVariable("widgetId") Long widgetId,
 183             HttpServletResponse response) {
 184         EPUser user = EPUserUtils.getUserSession(request);
 185         FieldsValidator fieldsValidator = null;
 186
 187         if (userHasPermissions(user, response, "deleteOnboardingWidget")) {
 188             fieldsValidator = widgetService.deleteOnboardingWidget(user, widgetId);
 189             response.setStatus(fieldsValidator.httpStatusCode.intValue());
 190         }
 191
 192         EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/widgets/" + widgetId, "DELETE result =",
 193                 response.getStatus());
 194         return fieldsValidator;
 195     }
 196
 197     /**
 198      * service to accept a user's action made on the application catalog.
 199      *
 200      * @param request
 201      * @param selectRequest JSON with data including application ID
 202      * @param response
 203      * @return FieldsValidator
 204      * @throws IOException
 205      */
 206     @PutMapping(value = { "portalApi/widgetCatalogSelection" },
 207             produces = "application/json")
 208     public FieldsValidator putWidgetCatalogSelection(HttpServletRequest request,
 209             @RequestBody WidgetCatalogPersonalization persRequest, HttpServletResponse response) throws IOException {
 210         FieldsValidator result = new FieldsValidator();
 211         EPUser user = EPUserUtils.getUserSession(request);
 212
 213         if (persRequest != null) {
 214             if (!dataValidator.isValid(persRequest)) {
 215                 result.httpStatusCode = (long) HttpServletResponse.SC_NOT_ACCEPTABLE;
 216                 return result;
 217             }
 218         }
 219
 220         try {
 221             if (persRequest == null || persRequest.getWidgetId() == null || user == null) {
 222                 EcompPortalUtils.setBadPermissions(user, response, "putWidgetCatalogSelection");
 223             } else {
 224                 persUserWidgetService.setPersUserAppValue(user, persRequest.getWidgetId(), persRequest.getSelect());
 225             }
 226         } catch (Exception e) {
 227             logger.error(EELFLoggerDelegate.errorLogger, "Failed in putAppCatalogSelection", e);
 228             response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.toString());
 229         }
 230         result.httpStatusCode = (long) HttpServletResponse.SC_OK;
 231         return result;
 232     }
 233 }