ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/WidgetsController.java

   1 /*-
   2  * ============LICENSE_START==========================================
   3  * ONAP Portal
   4  * ===================================================================
   5  * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
   6  * ===================================================================
   7  * Modifications Copyright (c) 2020 IBM
   8  * ===================================================================
   9  *
  10  * Unless otherwise specified, all software contained herein is licensed
  11  * under the Apache License, Version 2.0 (the "License");
  12  * you may not use this software except in compliance with the License.
  13  * You may obtain a copy of the License at
  14  *
  15  *             http://www.apache.org/licenses/LICENSE-2.0
  16  *
  17  * Unless required by applicable law or agreed to in writing, software
  18  * distributed under the License is distributed on an "AS IS" BASIS,
  19  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  20  * See the License for the specific language governing permissions and
  21  * limitations under the License.
  22  *
  23  * Unless otherwise specified, all documentation contained herein is licensed
  24  * under the Creative Commons License, Attribution 4.0 Intl. (the "License");
  25  * you may not use this documentation except in compliance with the License.
  26  * You may obtain a copy of the License at
  27  *
  28  *             https://creativecommons.org/licenses/by/4.0/
  29  *
  30  * Unless required by applicable law or agreed to in writing, documentation
  31  * distributed under the License is distributed on an "AS IS" BASIS,
  32  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  33  * See the License for the specific language governing permissions and
  34  * limitations under the License.
  35  *
  36  * ============LICENSE_END============================================
  37  *
  38  *
  39  */
  40 package org.onap.portalapp.portal.controller;
  41
  42 import java.io.IOException;
  43 import java.util.List;
  44
  45 import javax.servlet.http.HttpServletRequest;
  46 import javax.servlet.http.HttpServletResponse;
  47
  48 import org.apache.cxf.common.util.StringUtils;
  49 import org.onap.portalapp.controller.EPRestrictedBaseController;
  50 import org.onap.portalapp.portal.domain.EPUser;
  51 import org.onap.portalapp.portal.logging.aop.EPAuditLog;
  52 import org.onap.portalapp.portal.service.AdminRolesService;
  53 import org.onap.portalapp.portal.service.PersUserWidgetService;
  54 import org.onap.portalapp.portal.service.WidgetService;
  55 import org.onap.portalapp.portal.transport.FieldsValidator;
  56 import org.onap.portalapp.portal.transport.OnboardingWidget;
  57 import org.onap.portalapp.portal.transport.WidgetCatalogPersonalization;
  58 import org.onap.portalapp.portal.utils.EcompPortalUtils;
  59 import org.onap.portalapp.util.EPUserUtils;
  60 import org.onap.portalapp.validation.DataValidator;
  61 import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
  62 import org.springframework.beans.factory.annotation.Autowired;
  63 import org.springframework.context.annotation.Configuration;
  64 import org.springframework.context.annotation.EnableAspectJAutoProxy;
  65 import org.springframework.web.bind.annotation.PathVariable;
  66 import org.springframework.web.bind.annotation.RequestBody;
  67 import org.springframework.web.bind.annotation.RequestMapping;
  68 import org.springframework.web.bind.annotation.GetMapping;
  69 import org.springframework.web.bind.annotation.PostMapping;
  70 import org.springframework.web.bind.annotation.PutMapping;
  71 import org.springframework.web.bind.annotation.DeleteMapping;
  72 import org.springframework.web.bind.annotation.RequestMethod;
  73 import org.springframework.web.bind.annotation.RestController;
  74
  75 @RestController
  76 @Configuration
  77 @EnableAspectJAutoProxy
  78 @EPAuditLog
  79 public class WidgetsController extends EPRestrictedBaseController {
  80     private static final EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(WidgetsController.class);
  81     private static final DataValidator dataValidator = new DataValidator();
  82
  83     private AdminRolesService adminRolesService;
  84     private WidgetService widgetService;
  85     private PersUserWidgetService persUserWidgetService;
  86
  87     @Autowired
  88     public WidgetsController(AdminRolesService adminRolesService,
  89             WidgetService widgetService, PersUserWidgetService persUserWidgetService) {
  90         this.adminRolesService = adminRolesService;
  91         this.widgetService = widgetService;
  92         this.persUserWidgetService = persUserWidgetService;
  93     }
  94
  95     @GetMapping(value = { "/portalApi/widgets" }, produces = "application/json")
  96     public List<OnboardingWidget> getOnboardingWidgets(HttpServletRequest request, HttpServletResponse response) {
  97         EPUser user = EPUserUtils.getUserSession(request);
  98         List<OnboardingWidget> onboardingWidgets = null;
  99
 100         if (user == null || user.isGuest()) {
 101             EcompPortalUtils.setBadPermissions(user, response, "getOnboardingWidgets");
 102         } else {
 103             String getType = request.getHeader("X-Widgets-Type");
 104             if (!StringUtils.isEmpty(getType) && ("managed".equals(getType) || "all".equals(getType))) {
 105                 onboardingWidgets = widgetService.getOnboardingWidgets(user, "managed".equals(getType));
 106             } else {
 107                 logger.debug(EELFLoggerDelegate.debugLogger,
 108                         "WidgetsController.getOnboardingApps - request must contain header 'X-Widgets-Type' with 'all' or 'managed'");
 109                 response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
 110             }
 111         }
 112
 113         EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/widgets", "GET result =", response.getStatus());
 114         return onboardingWidgets;
 115     }
 116
 117     private boolean userHasPermissions(EPUser user, HttpServletResponse response, String invocator) {
 118         if (!adminRolesService.isSuperAdmin(user) && !adminRolesService.isAccountAdmin(user)) {
 119             EcompPortalUtils.setBadPermissions(user, response, invocator);
 120             return false;
 121         }
 122         return true;
 123     }
 124
 125     // Attention: real json has all OnboardingWidget fields except "id", we use OnboardingWidget for not
 126     // to create new class for parsing
 127     @PutMapping(value = { "/portalApi/widgets/{widgetId}" },
 128             produces = "application/json")
 129     public FieldsValidator putOnboardingWidget(HttpServletRequest request, @PathVariable("widgetId") Long widgetId,
 130             @RequestBody OnboardingWidget onboardingWidget, HttpServletResponse response) {
 131         EPUser user = EPUserUtils.getUserSession(request);
 132         FieldsValidator fieldsValidator = null;
 133         if (onboardingWidget != null && !dataValidator.isValid(onboardingWidget)) {
 134             fieldsValidator = new FieldsValidator();
 135             fieldsValidator.setHttpStatusCode((long) HttpServletResponse.SC_NOT_ACCEPTABLE);
 136             return fieldsValidator;
 137         }
 138
 139         if (userHasPermissions(user, response, "putOnboardingWidget")) {
 140             if (onboardingWidget != null) {
 141                 onboardingWidget.id = widgetId; // !
 142                 onboardingWidget.normalize();
 143             }
 144
 145             fieldsValidator = widgetService.setOnboardingWidget(user, onboardingWidget);
 146             response.setStatus(fieldsValidator.httpStatusCode.intValue());
 147         }
 148         EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/widgets/" + widgetId, "GET result =",
 149                 response.getStatus());
 150
 151         return fieldsValidator;
 152     }
 153
 154     // Attention: real json has all OnboardingWidget fields except "id", we use OnboardingWidget for not
 155     // to create new class for parsing
 156     @PostMapping(value = { "/portalApi/widgets" }, produces = "application/json")
 157     public FieldsValidator postOnboardingWidget(HttpServletRequest request,
 158             @RequestBody OnboardingWidget onboardingWidget, HttpServletResponse response) {
 159         EPUser user = EPUserUtils.getUserSession(request);
 160         FieldsValidator fieldsValidator = null;
 161
 162         if (onboardingWidget != null && !dataValidator.isValid(onboardingWidget)) {
 163             fieldsValidator = new FieldsValidator();
 164             fieldsValidator.setHttpStatusCode((long) HttpServletResponse.SC_NOT_ACCEPTABLE);
 165             return fieldsValidator;
 166         }
 167
 168         if (userHasPermissions(user, response, "postOnboardingWidget")) {
 169
 170             if (onboardingWidget != null) {
 171                 onboardingWidget.id = null; // !
 172                 onboardingWidget.normalize();
 173             }
 174             fieldsValidator = widgetService.setOnboardingWidget(user, onboardingWidget);
 175             response.setStatus(fieldsValidator.httpStatusCode.intValue());
 176         }
 177
 178         EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/widgets", "POST result =", response.getStatus());
 179         return fieldsValidator;
 180     }
 181
 182     @DeleteMapping(value = { "/portalApi/widgets/{widgetId}" },
 183             produces = "application/json")
 184     public FieldsValidator deleteOnboardingWidget(HttpServletRequest request, @PathVariable("widgetId") Long widgetId,
 185             HttpServletResponse response) {
 186         EPUser user = EPUserUtils.getUserSession(request);
 187         FieldsValidator fieldsValidator = null;
 188
 189         if (userHasPermissions(user, response, "deleteOnboardingWidget")) {
 190             fieldsValidator = widgetService.deleteOnboardingWidget(user, widgetId);
 191             response.setStatus(fieldsValidator.httpStatusCode.intValue());
 192         }
 193
 194         EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/widgets/" + widgetId, "DELETE result =",
 195                 response.getStatus());
 196         return fieldsValidator;
 197     }
 198
 199     /**
 200      * service to accept a user's action made on the application catalog.
 201      *
 202      * @param request
 203      * @param selectRequest JSON with data including application ID
 204      * @param response
 205      * @return FieldsValidator
 206      * @throws IOException
 207      */
 208     @PutMapping(value = { "portalApi/widgetCatalogSelection" },
 209             produces = "application/json")
 210     public FieldsValidator putWidgetCatalogSelection(HttpServletRequest request,
 211             @RequestBody WidgetCatalogPersonalization persRequest, HttpServletResponse response) throws IOException {
 212         FieldsValidator result = new FieldsValidator();
 213         EPUser user = EPUserUtils.getUserSession(request);
 214
 215         if (persRequest != null) {
 216             if (!dataValidator.isValid(persRequest)) {
 217                 result.httpStatusCode = (long) HttpServletResponse.SC_NOT_ACCEPTABLE;
 218                 return result;
 219             }
 220         }
 221
 222         try {
 223             if (persRequest == null || persRequest.getWidgetId() == null || user == null) {
 224                 EcompPortalUtils.setBadPermissions(user, response, "putWidgetCatalogSelection");
 225             } else {
 226                 persUserWidgetService.setPersUserAppValue(user, persRequest.getWidgetId(), persRequest.getSelect());
 227             }
 228         } catch (Exception e) {
 229             logger.error(EELFLoggerDelegate.errorLogger, "Failed in putAppCatalogSelection", e);
 230             response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.toString());
 231         }
 232         result.httpStatusCode = (long) HttpServletResponse.SC_OK;
 233         return result;
 234     }
 235 }