2 * ================================================================================
\r
4 * ================================================================================
\r
5 * Copyright (C) 2017 AT&T Intellectual Property
\r
6 * ================================================================================
\r
7 * Licensed under the Apache License, Version 2.0 (the "License");
\r
8 * you may not use this file except in compliance with the License.
\r
9 * You may obtain a copy of the License at
\r
11 * http://www.apache.org/licenses/LICENSE-2.0
\r
13 * Unless required by applicable law or agreed to in writing, software
\r
14 * distributed under the License is distributed on an "AS IS" BASIS,
\r
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
\r
16 * See the License for the specific language governing permissions and
\r
17 * limitations under the License.
\r
18 * ================================================================================
\r
20 package org.openecomp.portalapp.portal.controller;
\r
22 import java.util.List;
\r
24 import javax.servlet.http.HttpServletRequest;
\r
25 import javax.servlet.http.HttpServletResponse;
\r
27 import org.openecomp.portalapp.portal.domain.EPApp;
\r
28 import org.openecomp.portalapp.portal.domain.EPUser;
\r
29 import org.openecomp.portalapp.portal.ecomp.model.PortalRestResponse;
\r
30 import org.openecomp.portalapp.portal.ecomp.model.PortalRestStatusEnum;
\r
31 import org.openecomp.portalapp.portal.logging.aop.EPAuditLog;
\r
32 import org.openecomp.portalapp.portal.service.AdminRolesService;
\r
33 import org.openecomp.portalapp.portal.service.EPAppService;
\r
34 import org.openecomp.portalapp.portal.service.PortalAdminService;
\r
35 import org.openecomp.portalapp.portal.service.UserService;
\r
36 import org.openecomp.portalapp.portal.transport.FieldsValidator;
\r
37 import org.openecomp.portalapp.portal.transport.OnboardingApp;
\r
38 import org.openecomp.portalapp.portal.utils.EcompPortalUtils;
\r
39 import org.openecomp.portalapp.portal.utils.PortalConstants;
\r
40 import org.openecomp.portalsdk.core.logging.logic.EELFLoggerDelegate;
\r
41 import org.springframework.beans.factory.annotation.Autowired;
\r
42 import org.springframework.context.annotation.Configuration;
\r
43 import org.springframework.context.annotation.EnableAspectJAutoProxy;
\r
44 import org.springframework.web.bind.annotation.PathVariable;
\r
45 import org.springframework.web.bind.annotation.RequestBody;
\r
46 import org.springframework.web.bind.annotation.RequestMapping;
\r
47 import org.springframework.web.bind.annotation.RequestMethod;
\r
48 import org.springframework.web.bind.annotation.ResponseBody;
\r
49 import org.springframework.web.bind.annotation.RestController;
\r
51 import io.swagger.annotations.ApiOperation;
\r
54 * Processes requests from external systems (i.e., not the front-end web UI).
\r
55 * First use case is ECOMP Controller, which has to create an admin and onboard
\r
56 * itself upon launch of a fresh Portal.
\r
58 * Listens on the "auxapi" path prefix. Provides alternate implementations of
\r
59 * methods in several existing controllers because an EPUser object is not
\r
60 * available in the session for these requests.
\r
62 * Checks credentials sent via HTTP Basic Authentication. The Portal's basic
\r
63 * HTTP authentication system requires that the user names and endpoints are
\r
64 * registered together.
\r
67 @RequestMapping(PortalConstants.REST_AUX_API)
\r
69 @EnableAspectJAutoProxy
\r
71 public class AppsControllerExternalRequest implements BasicAuthenticationController {
\r
73 private EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(AppsControllerExternalRequest.class);
\r
75 private static final String ONBOARD_APP = "/onboardApp";
\r
77 // Where is this used?
\r
78 public boolean isAuxRESTfulCall() {
\r
83 * For testing whether a user is a superadmin.
\r
86 private AdminRolesService adminRolesService;
\r
89 * For onboarding or updating an app
\r
92 private EPAppService appService;
\r
95 * For promoting a user to Portal admin
\r
98 private PortalAdminService portalAdminService;
\r
101 * For creating a new user
\r
104 private UserService userService;
\r
107 * Creates a new user as a Portal administrator.
\r
111 "loginId" : "abc123",
\r
113 "email":"ecomp@controller"
\r
118 * HttpServletRequest
\r
120 * User details; the email and orgUserId fields are mandatory
\r
122 * HttpServletResponse
\r
123 * @return PortalRestResponse with success or failure
\r
125 @ApiOperation(value = "Creates a new user as a Portal administrator.", response = PortalRestResponse.class)
\r
126 @RequestMapping(value = "/portalAdmin", method = RequestMethod.POST, produces = "application/json")
\r
128 public PortalRestResponse<String> postPortalAdmin(HttpServletRequest request, HttpServletResponse response,
\r
129 @RequestBody EPUser epUser) {
\r
130 EcompPortalUtils.logAndSerializeObject(logger, "postPortalAdmin", "request", epUser);
\r
131 PortalRestResponse<String> portalResponse = new PortalRestResponse<>();
\r
133 // Check mandatory fields.
\r
134 if (epUser.getEmail() == null || epUser.getEmail().trim().length() == 0 //
\r
135 || epUser.getLoginId() == null || epUser.getLoginId().trim().length() == 0 //
\r
136 || epUser.getLoginPwd() == null) {
\r
137 portalResponse.setStatus(PortalRestStatusEnum.ERROR);
\r
138 portalResponse.setMessage("Missing required field: email, loginId, or loginPwd");
\r
139 return portalResponse;
\r
143 // Check for existing user; create if not found.
\r
144 List<EPUser> userList = userService.getUserByUserId(epUser.getOrgUserId());
\r
145 if (userList == null || userList.size() == 0) {
\r
146 // Create user with first, last names etc.; do check for
\r
148 String userCreateResult = userService.saveNewUser(epUser, "Yes");
\r
149 if (!"success".equals(userCreateResult)) {
\r
150 portalResponse.setStatus(PortalRestStatusEnum.ERROR);
\r
151 portalResponse.setMessage(userCreateResult);
\r
152 return portalResponse;
\r
156 // Check for Portal admin status; promote if not.
\r
157 if (adminRolesService.isSuperAdmin(epUser)) {
\r
158 portalResponse.setStatus(PortalRestStatusEnum.OK);
\r
160 FieldsValidator fv = portalAdminService.createPortalAdmin(epUser.getOrgUserId());
\r
161 if (fv.httpStatusCode.intValue() == HttpServletResponse.SC_OK) {
\r
162 portalResponse.setStatus(PortalRestStatusEnum.OK);
\r
164 portalResponse.setStatus(PortalRestStatusEnum.ERROR);
\r
165 portalResponse.setMessage(fv.toString());
\r
168 } catch (Exception ex) {
\r
169 // Uncaught exceptions yield 404 and an empty error page
\r
170 response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
\r
171 portalResponse.setStatus(PortalRestStatusEnum.ERROR);
\r
172 portalResponse.setMessage(ex.toString());
\r
175 EcompPortalUtils.logAndSerializeObject(logger, "postPortalAdmin", "response", portalResponse);
\r
176 return portalResponse;
\r
180 * Gets the specified application that is on-boarded in Portal.
\r
183 * HttpServletRequest
\r
185 * Application ID to get
\r
187 * httpServletResponse
\r
188 * @return OnboardingApp objects
\r
190 @ApiOperation(value = "Gets the specified application that is on-boarded in Portal.", response = OnboardingApp.class)
\r
191 @RequestMapping(value = { ONBOARD_APP + "/{appId}" }, method = RequestMethod.GET, produces = "application/json")
\r
193 public OnboardingApp getOnboardAppExternal(HttpServletRequest request, HttpServletResponse response,
\r
194 @PathVariable("appId") Long appId) {
\r
195 EPApp epApp = appService.getApp(appId);
\r
196 OnboardingApp obApp = new OnboardingApp();
\r
197 appService.createOnboardingFromApp(epApp, obApp);
\r
198 EcompPortalUtils.logAndSerializeObject(logger, "getOnboardAppExternal", "response", obApp);
\r
203 * Adds a new application to Portal. The My Logins App Owner in the request
\r
204 * must be the organization user ID of a person who is a Portal
\r
209 "myLoginsAppOwner" : "abc123",
\r
210 "name": "dashboard",
\r
211 "url": "http://k8s/something",
\r
212 "restUrl" : "http://aic.att.com",
\r
213 "restrictedApp" : true,
\r
220 * HttpServletRequest
\r
222 * httpServletResponse
\r
223 * @param newOnboardApp
\r
224 * Message with details about the app to add
\r
225 * @return PortalRestResponse
\r
227 @ApiOperation(value = "Adds a new application to Portal.", response = PortalRestResponse.class)
\r
228 @RequestMapping(value = { ONBOARD_APP }, method = RequestMethod.POST, produces = "application/json")
\r
230 public PortalRestResponse<String> postOnboardAppExternal(HttpServletRequest request, HttpServletResponse response,
\r
231 @RequestBody OnboardingApp newOnboardApp) {
\r
232 EcompPortalUtils.logAndSerializeObject(logger, "postOnboardAppExternal", "request", newOnboardApp);
\r
233 PortalRestResponse<String> portalResponse = new PortalRestResponse<>();
\r
236 if (newOnboardApp.id != null) {
\r
237 portalResponse.setStatus(PortalRestStatusEnum.ERROR);
\r
238 portalResponse.setMessage("Unexpected field: id");
\r
239 return portalResponse;
\r
241 if (newOnboardApp.name == null || newOnboardApp.name.trim().length() == 0 //
\r
242 || newOnboardApp.url == null || newOnboardApp.url.trim().length() == 0 //
\r
243 || newOnboardApp.restUrl == null || newOnboardApp.restUrl.trim().length() == 0
\r
244 || newOnboardApp.myLoginsAppOwner == null || newOnboardApp.myLoginsAppOwner.trim().length() == 0
\r
245 || newOnboardApp.restrictedApp == null //
\r
246 || newOnboardApp.isOpen == null //
\r
247 || newOnboardApp.isEnabled == null) {
\r
248 portalResponse.setStatus(PortalRestStatusEnum.ERROR);
\r
249 portalResponse.setMessage(
\r
250 "Missing required field: name, url, restUrl, restrictedApp, isOpen, isEnabled, myLoginsAppOwner");
\r
251 return portalResponse;
\r
255 List<EPUser> userList = userService.getUserByUserId(newOnboardApp.myLoginsAppOwner);
\r
256 if (userList == null || userList.size() != 1) {
\r
257 portalResponse.setStatus(PortalRestStatusEnum.ERROR);
\r
258 portalResponse.setMessage("Failed to find user: " + newOnboardApp.myLoginsAppOwner);
\r
259 return portalResponse;
\r
262 EPUser epUser = userList.get(0);
\r
263 // Check for Portal admin status
\r
264 if (! adminRolesService.isSuperAdmin(epUser)) {
\r
265 portalResponse.setStatus(PortalRestStatusEnum.ERROR);
\r
266 portalResponse.setMessage("User lacks Portal admin role: " + epUser.getLoginId());
\r
267 return portalResponse;
\r
270 newOnboardApp.normalize();
\r
271 FieldsValidator fv = appService.addOnboardingApp(newOnboardApp, epUser);
\r
272 if (fv.httpStatusCode.intValue() == HttpServletResponse.SC_OK) {
\r
273 portalResponse.setStatus(PortalRestStatusEnum.OK);
\r
275 portalResponse.setStatus(PortalRestStatusEnum.ERROR);
\r
276 portalResponse.setMessage(fv.toString());
\r
278 } catch (Exception ex) {
\r
279 // Uncaught exceptions yield 404 and an empty error page
\r
280 response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
\r
281 portalResponse.setStatus(PortalRestStatusEnum.ERROR);
\r
282 portalResponse.setMessage(ex.toString());
\r
284 EcompPortalUtils.logAndSerializeObject(logger, "postOnboardAppExternal", "response", portalResponse);
\r
285 return portalResponse;
\r
289 * Updates information about an on-boarded application in Portal. The My
\r
290 * Logins App Owner in the request must be the organization user ID of a
\r
291 * person who is a Portal administrator.
\r
295 "myLoginsAppOwner" : "abc123",
\r
296 "name": "dashboard",
\r
297 "url": "http://k8s/something",
\r
298 "restUrl" : "http://aic.att.com",
\r
299 "restrictedApp" : true,
\r
305 * HttpServletRequest
\r
307 * httpServletResponse
\r
310 * @param oldOnboardApp
\r
311 * Message with details about the app to add
\r
312 * @return PortalRestResponse
\r
314 @ApiOperation(value = "Updates information about an on-boarded application in Portal.", response = PortalRestResponse.class)
\r
315 @RequestMapping(value = { ONBOARD_APP + "/{appId}" }, method = RequestMethod.PUT, produces = "application/json")
\r
317 public PortalRestResponse<String> putOnboardAppExternal(HttpServletRequest request, HttpServletResponse response,
\r
318 @PathVariable("appId") Long appId, @RequestBody OnboardingApp oldOnboardApp) {
\r
319 EcompPortalUtils.logAndSerializeObject(logger, "putOnboardAppExternal", "request", oldOnboardApp);
\r
320 PortalRestResponse<String> portalResponse = new PortalRestResponse<>();
\r
321 // Validate fields.
\r
322 if (oldOnboardApp.id == null || !appId.equals(oldOnboardApp.id)) {
\r
323 portalResponse.setStatus(PortalRestStatusEnum.ERROR);
\r
324 portalResponse.setMessage("Unexpected value for field: id");
\r
325 return portalResponse;
\r
327 if (oldOnboardApp.name == null || oldOnboardApp.name.trim().length() == 0 //
\r
328 || oldOnboardApp.url == null || oldOnboardApp.url.trim().length() == 0 //
\r
329 || oldOnboardApp.restUrl == null || oldOnboardApp.restUrl.trim().length() == 0
\r
330 || oldOnboardApp.myLoginsAppOwner == null || oldOnboardApp.myLoginsAppOwner.trim().length() == 0
\r
331 || oldOnboardApp.restrictedApp == null //
\r
332 || oldOnboardApp.isOpen == null //
\r
333 || oldOnboardApp.isEnabled == null) {
\r
334 portalResponse.setStatus(PortalRestStatusEnum.ERROR);
\r
335 portalResponse.setMessage(
\r
336 "Missing required field: name, url, restUrl, restrictedApp, isOpen, isEnabled, myLoginsAppOwner");
\r
337 return portalResponse;
\r
341 List<EPUser> userList = userService.getUserByUserId(oldOnboardApp.myLoginsAppOwner);
\r
342 if (userList == null || userList.size() != 1) {
\r
343 portalResponse.setStatus(PortalRestStatusEnum.ERROR);
\r
344 portalResponse.setMessage("Failed to find user: " + oldOnboardApp.myLoginsAppOwner);
\r
345 return portalResponse;
\r
348 EPUser epUser = userList.get(0);
\r
349 // Check for Portal admin status
\r
350 if (! adminRolesService.isSuperAdmin(epUser)) {
\r
351 portalResponse.setStatus(PortalRestStatusEnum.ERROR);
\r
352 portalResponse.setMessage("User lacks Portal admin role: " + epUser.getLoginId());
\r
353 return portalResponse;
\r
356 oldOnboardApp.normalize();
\r
357 FieldsValidator fv = appService.modifyOnboardingApp(oldOnboardApp, epUser);
\r
358 if (fv.httpStatusCode.intValue() == HttpServletResponse.SC_OK) {
\r
359 portalResponse.setStatus(PortalRestStatusEnum.OK);
\r
361 portalResponse.setStatus(PortalRestStatusEnum.ERROR);
\r
362 portalResponse.setMessage(fv.toString());
\r
364 } catch (Exception ex) {
\r
365 // Uncaught exceptions yield 404 and an empty error page
\r
366 response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
\r
367 portalResponse.setStatus(PortalRestStatusEnum.ERROR);
\r
368 portalResponse.setMessage(ex.toString());
\r
370 EcompPortalUtils.logAndSerializeObject(logger, "putOnboardAppExternal", "response", portalResponse);
\r
371 return portalResponse;
\r