ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/WidgetsController.java

   1 /*-
   2  * ============LICENSE_START==========================================
   3  * ONAP Portal
   4  * ===================================================================
   5  * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
   6  * ===================================================================
   7  *
   8  * Unless otherwise specified, all software contained herein is licensed
   9  * under the Apache License, Version 2.0 (the "License");
  10  * you may not use this software except in compliance with the License.
  11  * You may obtain a copy of the License at
  12  *
  13  *             http://www.apache.org/licenses/LICENSE-2.0
  14  *
  15  * Unless required by applicable law or agreed to in writing, software
  16  * distributed under the License is distributed on an "AS IS" BASIS,
  17  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  18  * See the License for the specific language governing permissions and
  19  * limitations under the License.
  20  *
  21  * Unless otherwise specified, all documentation contained herein is licensed
  22  * under the Creative Commons License, Attribution 4.0 Intl. (the "License");
  23  * you may not use this documentation except in compliance with the License.
  24  * You may obtain a copy of the License at
  25  *
  26  *             https://creativecommons.org/licenses/by/4.0/
  27  *
  28  * Unless required by applicable law or agreed to in writing, documentation
  29  * distributed under the License is distributed on an "AS IS" BASIS,
  30  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  31  * See the License for the specific language governing permissions and
  32  * limitations under the License.
  33  *
  34  * ============LICENSE_END============================================
  35  *
  36  *
  37  */
  38 package org.onap.portalapp.portal.controller;
  39
  40 import java.io.IOException;
  41 import java.util.List;
  42
  43 import javax.servlet.http.HttpServletRequest;
  44 import javax.servlet.http.HttpServletResponse;
  45
  46 import org.apache.cxf.common.util.StringUtils;
  47 import org.onap.portalapp.controller.EPRestrictedBaseController;
  48 import org.onap.portalapp.portal.domain.EPUser;
  49 import org.onap.portalapp.portal.logging.aop.EPAuditLog;
  50 import org.onap.portalapp.portal.service.AdminRolesService;
  51 import org.onap.portalapp.portal.service.PersUserWidgetService;
  52 import org.onap.portalapp.portal.service.WidgetService;
  53 import org.onap.portalapp.portal.transport.FieldsValidator;
  54 import org.onap.portalapp.portal.transport.OnboardingWidget;
  55 import org.onap.portalapp.portal.transport.WidgetCatalogPersonalization;
  56 import org.onap.portalapp.portal.utils.EcompPortalUtils;
  57 import org.onap.portalapp.util.EPUserUtils;
  58 import org.onap.portalapp.validation.DataValidator;
  59 import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
  60 import org.springframework.beans.factory.annotation.Autowired;
  61 import org.springframework.context.annotation.Configuration;
  62 import org.springframework.context.annotation.EnableAspectJAutoProxy;
  63 import org.springframework.web.bind.annotation.PathVariable;
  64 import org.springframework.web.bind.annotation.RequestBody;
  65 import org.springframework.web.bind.annotation.RequestMapping;
  66 import org.springframework.web.bind.annotation.RequestMethod;
  67 import org.springframework.web.bind.annotation.RestController;
  68
  69 @RestController
  70 @Configuration
  71 @EnableAspectJAutoProxy
  72 @EPAuditLog
  73 public class WidgetsController extends EPRestrictedBaseController {
  74         private static final EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(WidgetsController.class);
  75         private static final DataValidator dataValidator = new DataValidator();
  76
  77         private AdminRolesService adminRolesService;
  78         private WidgetService widgetService;
  79         private PersUserWidgetService persUserWidgetService;
  80
  81         @Autowired
  82         public WidgetsController(AdminRolesService adminRolesService,
  83                 WidgetService widgetService, PersUserWidgetService persUserWidgetService) {
  84                 this.adminRolesService = adminRolesService;
  85                 this.widgetService = widgetService;
  86                 this.persUserWidgetService = persUserWidgetService;
  87         }
  88
  89         @RequestMapping(value = { "/portalApi/widgets" }, method = RequestMethod.GET, produces = "application/json")
  90         public List<OnboardingWidget> getOnboardingWidgets(HttpServletRequest request, HttpServletResponse response) {
  91                 EPUser user = EPUserUtils.getUserSession(request);
  92                 List<OnboardingWidget> onboardingWidgets = null;
  93
  94                 if (user == null || user.isGuest()) {
  95                         EcompPortalUtils.setBadPermissions(user, response, "getOnboardingWidgets");
  96                 } else {
  97                         String getType = request.getHeader("X-Widgets-Type");
  98                         if (!StringUtils.isEmpty(getType) && ("managed".equals(getType) || "all".equals(getType))) {
  99                                 onboardingWidgets = widgetService.getOnboardingWidgets(user, "managed".equals(getType));
 100                         } else {
 101                                 logger.debug(EELFLoggerDelegate.debugLogger, "WidgetsController.getOnboardingApps - request must contain header 'X-Widgets-Type' with 'all' or 'managed'");
 102                                 response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
 103                         }
 104                 }
 105
 106                 EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/widgets", "GET result =", response.getStatus());
 107                 return onboardingWidgets;
 108         }
 109
 110         private boolean userHasPermissions(EPUser user, HttpServletResponse response, String invocator) {
 111                 if (!adminRolesService.isSuperAdmin(user) && !adminRolesService.isAccountAdmin(user)) {
 112                         EcompPortalUtils.setBadPermissions(user, response, invocator);
 113                         return false;
 114                 }
 115                 return true;
 116         }
 117
 118         // Attention: real json has all OnboardingWidget fields except "id", we use OnboardingWidget for not to create new class for parsing
 119         @RequestMapping(value = { "/portalApi/widgets/{widgetId}" }, method = { RequestMethod.PUT }, produces = "application/json")
 120         public FieldsValidator putOnboardingWidget(HttpServletRequest request, @PathVariable("widgetId") Long widgetId,
 121                         @RequestBody OnboardingWidget onboardingWidget, HttpServletResponse response) {
 122                 EPUser user = EPUserUtils.getUserSession(request);
 123                 FieldsValidator fieldsValidator = null;
 124                 if (onboardingWidget!=null && !dataValidator.isValid(onboardingWidget)){
 125                                 fieldsValidator = new FieldsValidator();
 126                                 fieldsValidator.setHttpStatusCode((long)HttpServletResponse.SC_NOT_ACCEPTABLE);
 127                                 return fieldsValidator;
 128                 }
 129
 130                 if (userHasPermissions(user, response, "putOnboardingWidget")) {
 131             if (onboardingWidget != null) {
 132                 onboardingWidget.id = widgetId; // !
 133                 onboardingWidget.normalize();
 134             }
 135
 136                         fieldsValidator = widgetService.setOnboardingWidget(user, onboardingWidget);
 137                         response.setStatus(fieldsValidator.httpStatusCode.intValue());
 138                 }
 139                 EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/widgets/" + widgetId, "GET result =", response.getStatus());
 140
 141                 return fieldsValidator;
 142         }
 143
 144         // Attention: real json has all OnboardingWidget fields except "id", we use OnboardingWidget for not to create new class for parsing
 145         @RequestMapping(value = { "/portalApi/widgets" }, method = { RequestMethod.POST }, produces = "application/json")
 146         public FieldsValidator postOnboardingWidget(HttpServletRequest request, @RequestBody OnboardingWidget onboardingWidget, HttpServletResponse response) {
 147                 EPUser user = EPUserUtils.getUserSession(request);
 148                 FieldsValidator fieldsValidator = null;
 149
 150                 if (onboardingWidget!=null && !dataValidator.isValid(onboardingWidget)){
 151                                 fieldsValidator = new FieldsValidator();
 152                                 fieldsValidator.setHttpStatusCode((long)HttpServletResponse.SC_NOT_ACCEPTABLE);
 153                                 return fieldsValidator;
 154                 }
 155
 156                 if (userHasPermissions(user, response, "postOnboardingWidget")) {
 157
 158             if (onboardingWidget != null) {
 159                 onboardingWidget.id = null; // !
 160                 onboardingWidget.normalize();
 161             }
 162                         fieldsValidator = widgetService.setOnboardingWidget(user, onboardingWidget);
 163                         response.setStatus(fieldsValidator.httpStatusCode.intValue());
 164                 }
 165
 166                 EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/widgets", "POST result =", response.getStatus());
 167                 return fieldsValidator;
 168         }
 169
 170         @RequestMapping(value = { "/portalApi/widgets/{widgetId}" }, method = { RequestMethod.DELETE }, produces = "application/json")
 171         public FieldsValidator deleteOnboardingWidget(HttpServletRequest request, @PathVariable("widgetId") Long widgetId, HttpServletResponse response) {
 172                 EPUser user = EPUserUtils.getUserSession(request);
 173                 FieldsValidator fieldsValidator = null;
 174
 175                 if (userHasPermissions(user, response, "deleteOnboardingWidget")) {
 176                         fieldsValidator = widgetService.deleteOnboardingWidget(user, widgetId);
 177                         response.setStatus(fieldsValidator.httpStatusCode.intValue());
 178                 }
 179
 180                 EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/widgets/" + widgetId, "DELETE result =", response.getStatus());
 181                 return fieldsValidator;
 182         }
 183
 184         /**
 185          * service to accept a user's action made on the application
 186          * catalog.
 187          *
 188          * @param request
 189          * @param selectRequest
 190          *            JSON with data including application ID
 191          * @param response
 192          * @return FieldsValidator
 193          * @throws IOException
 194          */
 195         @RequestMapping(value = { "portalApi/widgetCatalogSelection" }, method = RequestMethod.PUT, produces = "application/json")
 196         public FieldsValidator putWidgetCatalogSelection(HttpServletRequest request,
 197                         @RequestBody WidgetCatalogPersonalization persRequest, HttpServletResponse response) throws IOException {
 198                 FieldsValidator result = new FieldsValidator();
 199                 EPUser user = EPUserUtils.getUserSession(request);
 200
 201                 if (persRequest!=null){
 202                         if(!dataValidator.isValid(persRequest)){
 203                                 result.httpStatusCode = (long)HttpServletResponse.SC_NOT_ACCEPTABLE;
 204                                 return result;
 205                         }
 206                 }
 207
 208
 209                 try {
 210                         if (persRequest.getWidgetId() == null || user == null) {
 211                                 EcompPortalUtils.setBadPermissions(user, response, "putWidgetCatalogSelection");
 212                         } else {
 213                                 persUserWidgetService.setPersUserAppValue(user, persRequest.getWidgetId(), persRequest.getSelect());
 214                         }
 215                 } catch (Exception e) {
 216                         logger.error(EELFLoggerDelegate.errorLogger, "Failed in putAppCatalogSelection", e);
 217                         response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.toString());
 218                 }
 219                 result.httpStatusCode = (long) HttpServletResponse.SC_OK;
 220                 return result;
 221         }
 222 }