ecomp-portal-BE-common/src/main/java/org/openecomp/portalapp/portal/controller/PortalAdminController.java

   1 /*-
   2  * ============LICENSE_START==========================================
   3  * ONAP Portal
   4  * ===================================================================
   5  * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
   6  * ===================================================================
   7  *
   8  * Unless otherwise specified, all software contained herein is licensed
   9  * under the Apache License, Version 2.0 (the “License”);
  10  * you may not use this software except in compliance with the License.
  11  * You may obtain a copy of the License at
  12  *
  13  *             http://www.apache.org/licenses/LICENSE-2.0
  14  *
  15  * Unless required by applicable law or agreed to in writing, software
  16  * distributed under the License is distributed on an "AS IS" BASIS,
  17  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  18  * See the License for the specific language governing permissions and
  19  * limitations under the License.
  20  *
  21  * Unless otherwise specified, all documentation contained herein is licensed
  22  * under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
  23  * you may not use this documentation except in compliance with the License.
  24  * You may obtain a copy of the License at
  25  *
  26  *             https://creativecommons.org/licenses/by/4.0/
  27  *
  28  * Unless required by applicable law or agreed to in writing, documentation
  29  * distributed under the License is distributed on an "AS IS" BASIS,
  30  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  31  * See the License for the specific language governing permissions and
  32  * limitations under the License.
  33  *
  34  * ============LICENSE_END============================================
  35  *
  36  * ECOMP is a trademark and service mark of AT&T Intellectual Property.
  37  */
  38 package org.openecomp.portalapp.portal.controller;
  39
  40 import java.util.List;
  41
  42 import javax.servlet.http.HttpServletRequest;
  43 import javax.servlet.http.HttpServletResponse;
  44
  45 import org.openecomp.portalapp.controller.EPRestrictedBaseController;
  46 import org.openecomp.portalapp.portal.domain.EPRole;
  47 import org.openecomp.portalapp.portal.domain.EPUser;
  48 import org.openecomp.portalapp.portal.domain.EcompAuditLog;
  49 import org.openecomp.portalapp.portal.logging.aop.EPAuditLog;
  50 import org.openecomp.portalapp.portal.logging.aop.EPEELFLoggerAdvice;
  51 import org.openecomp.portalapp.portal.logging.logic.EPLogUtil;
  52 import org.openecomp.portalapp.portal.service.AdminRolesService;
  53 import org.openecomp.portalapp.portal.service.PortalAdminService;
  54 import org.openecomp.portalapp.portal.transport.FieldsValidator;
  55 import org.openecomp.portalapp.portal.transport.PortalAdmin;
  56 import org.openecomp.portalapp.portal.utils.EPCommonSystemProperties;
  57 import org.openecomp.portalapp.portal.utils.EcompPortalUtils;
  58 import org.openecomp.portalapp.util.EPUserUtils;
  59 import org.openecomp.portalsdk.core.domain.AuditLog;
  60 import org.openecomp.portalsdk.core.logging.logic.EELFLoggerDelegate;
  61 import org.openecomp.portalsdk.core.service.AuditService;
  62 import org.openecomp.portalsdk.core.util.SystemProperties;
  63 import org.slf4j.MDC;
  64 import org.springframework.beans.factory.annotation.Autowired;
  65 import org.springframework.context.annotation.EnableAspectJAutoProxy;
  66 import org.springframework.web.bind.annotation.PathVariable;
  67 import org.springframework.web.bind.annotation.RequestBody;
  68 import org.springframework.web.bind.annotation.RequestMapping;
  69 import org.springframework.web.bind.annotation.RequestMethod;
  70 import org.springframework.web.bind.annotation.RestController;
  71
  72 @RestController
  73 @org.springframework.context.annotation.Configuration
  74 @EnableAspectJAutoProxy
  75 @EPAuditLog
  76 public class PortalAdminController extends EPRestrictedBaseController {
  77         @Autowired
  78         PortalAdminService portalAdminService;
  79         @Autowired
  80         AdminRolesService adminRolesService;
  81         @Autowired
  82         AuditService auditService;
  83
  84         EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(PortalAdminController.class);
  85
  86         @RequestMapping(value = { "/portalApi/portalAdmins" }, method = RequestMethod.GET, produces = "application/json")
  87         public List<PortalAdmin> getPortalAdmins(HttpServletRequest request, HttpServletResponse response) {
  88                 EPUser user = EPUserUtils.getUserSession(request);
  89                 List<PortalAdmin> portalAdmins = null;
  90                 if (user == null) {
  91                         logger.debug(EELFLoggerDelegate.debugLogger, "PortalAdminController.getPortalAdmins, null user");
  92                         EcompPortalUtils.setBadPermissions(user, response, "getPortalAdmins");
  93                 } else if (!adminRolesService.isSuperAdmin(user)) {
  94                         logger.debug(EELFLoggerDelegate.debugLogger, "PortalAdminController.getPortalAdmins, bad permissions");
  95                         EcompPortalUtils.setBadPermissions(user, response, "createPortalAdmin");
  96                 } else {
  97                         // return the list of portal admins
  98                         portalAdmins = portalAdminService.getPortalAdmins();
  99                         logger.debug(EELFLoggerDelegate.debugLogger, "portalAdmins: called getPortalAdmins()");
 100                         EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/getPortalAdmins", "result =", portalAdmins);
 101                 }
 102
 103                 return portalAdmins;
 104         }
 105
 106         /**
 107          * RESTful service method to create a new portal admin. Requirement: you
 108          * must be the Ecomp portal super admin user.
 109          * @param request
 110          * @param userId
 111          * @param response
 112          * @return FieldsValidator
 113          */
 114         @RequestMapping(value = { "/portalApi/portalAdmin" }, method = RequestMethod.POST)
 115         public FieldsValidator createPortalAdmin(HttpServletRequest request, @RequestBody String userId,
 116                         HttpServletResponse response) {
 117                 EPUser user = EPUserUtils.getUserSession(request);
 118                 FieldsValidator fieldsValidator = null;
 119                 if (user == null) {
 120                         logger.debug(EELFLoggerDelegate.debugLogger, "PortalAdminController.createPortalAdmin, null user");
 121                         EcompPortalUtils.setBadPermissions(user, response, "createPortalAdmin");
 122                 } else if (!adminRolesService.isSuperAdmin(user)) {
 123                         logger.debug(EELFLoggerDelegate.debugLogger, "PortalAdminController.createPortalAdmin bad permissions");
 124                         EcompPortalUtils.setBadPermissions(user, response, "createPortalAdmin");
 125                 } else {
 126                         fieldsValidator = portalAdminService.createPortalAdmin(userId);
 127                         int statusCode = fieldsValidator.httpStatusCode.intValue();
 128                         response.setStatus(statusCode);
 129                         if (statusCode == 200) {
 130                                 AuditLog auditLog = new AuditLog();
 131                                 auditLog.setUserId(user.getId());
 132                                 auditLog.setActivityCode(EcompAuditLog.CD_ACTIVITY_ADD_PORTAL_ADMIN);
 133                                 auditLog.setAffectedRecordId(userId);
 134                                 try {
 135                                         auditService.logActivity(auditLog, null);
 136                                 } catch (Exception e) {
 137                                         logger.error(EELFLoggerDelegate.errorLogger, "createPortalAdmin: failed for save audit log", e);
 138                                 }
 139                                 MDC.put(EPCommonSystemProperties.AUDITLOG_BEGIN_TIMESTAMP, EPEELFLoggerAdvice.getCurrentDateTimeUTC());
 140                                 MDC.put(EPCommonSystemProperties.AUDITLOG_END_TIMESTAMP, EPEELFLoggerAdvice.getCurrentDateTimeUTC());
 141                                 EcompPortalUtils.calculateDateTimeDifferenceForLog(
 142                                                 MDC.get(EPCommonSystemProperties.AUDITLOG_BEGIN_TIMESTAMP),
 143                                                 MDC.get(EPCommonSystemProperties.AUDITLOG_END_TIMESTAMP));
 144                                 logger.info(EELFLoggerDelegate.auditLogger,
 145                                                 EPLogUtil.formatAuditLogMessage("PortalAdminController.createPortalAdmin",
 146                                                                 EcompAuditLog.CD_ACTIVITY_ADD_PORTAL_ADMIN, user.getOrgUserId(), userId,
 147                                                                 "A new Portal Admin has been added"));
 148                                 MDC.remove(EPCommonSystemProperties.AUDITLOG_BEGIN_TIMESTAMP);
 149                                 MDC.remove(EPCommonSystemProperties.AUDITLOG_END_TIMESTAMP);
 150                                 MDC.remove(SystemProperties.MDC_TIMER);
 151                         }
 152                 }
 153                 EcompPortalUtils.logAndSerializeObject(logger, "/portalAdmin", "POST result =", response.getStatus());
 154
 155                 return fieldsValidator;
 156         }
 157
 158         @RequestMapping(value = { "/portalApi/portalAdmin/{userInfo}" }, method = RequestMethod.DELETE)
 159         public FieldsValidator deletePortalAdmin(HttpServletRequest request, @PathVariable("userInfo") String userInfo,
 160                         HttpServletResponse response) {
 161                 int userIdIdx = userInfo.indexOf("-");
 162                 Long userId = null;
 163                 String sbcid = null;
 164                 FieldsValidator fieldsValidator = null;
 165                 try {
 166                         if (userIdIdx == -1) {
 167                                 logger.error(EELFLoggerDelegate.errorLogger, "deletePortalAdmin missing userId");
 168                                 return fieldsValidator;
 169                         } else {
 170                                 String userIdStr = userInfo.substring(0, userIdIdx);
 171                                 userId = Long.valueOf(userIdStr);
 172                                 sbcid = userInfo.substring(userIdIdx + 1, userInfo.length());
 173                         }
 174                 } catch (Exception e) {
 175                         logger.error(EELFLoggerDelegate.errorLogger, "deletePortalAdmin error while parsing the userInfo", e);
 176                 }
 177                 EPUser user = EPUserUtils.getUserSession(request);
 178                 if (!adminRolesService.isSuperAdmin(user)) {
 179                         EcompPortalUtils.setBadPermissions(user, response, "deletePortalAdmin");
 180                 } else {
 181                         fieldsValidator = portalAdminService.deletePortalAdmin(userId);
 182                         int statusCode = fieldsValidator.httpStatusCode.intValue();
 183                         response.setStatus(statusCode);
 184                         if (statusCode == 200) {
 185                                 AuditLog auditLog = new AuditLog();
 186                                 auditLog.setUserId(user.getId());
 187                                 auditLog.setActivityCode(EcompAuditLog.CD_ACTIVITY_DELETE_PORTAL_ADMIN);
 188                                 auditLog.setAffectedRecordId(sbcid);
 189                                 auditService.logActivity(auditLog, null);
 190
 191                                 MDC.put(EPCommonSystemProperties.AUDITLOG_BEGIN_TIMESTAMP, EPEELFLoggerAdvice.getCurrentDateTimeUTC());
 192                                 MDC.put(EPCommonSystemProperties.AUDITLOG_END_TIMESTAMP, EPEELFLoggerAdvice.getCurrentDateTimeUTC());
 193                                 EcompPortalUtils.calculateDateTimeDifferenceForLog(
 194                                                 MDC.get(EPCommonSystemProperties.AUDITLOG_BEGIN_TIMESTAMP),
 195                                                 MDC.get(EPCommonSystemProperties.AUDITLOG_END_TIMESTAMP));
 196                                 logger.info(EELFLoggerDelegate.auditLogger,
 197                                                 EPLogUtil.formatAuditLogMessage("PortalAdminController.deletePortalAdmin",
 198                                                                 EcompAuditLog.CD_ACTIVITY_DELETE_PORTAL_ADMIN, user.getOrgUserId(), sbcid,
 199                                                                 "A Portal Admin has been deleted"));
 200                                 MDC.remove(EPCommonSystemProperties.AUDITLOG_BEGIN_TIMESTAMP);
 201                                 MDC.remove(EPCommonSystemProperties.AUDITLOG_END_TIMESTAMP);
 202                                 MDC.remove(SystemProperties.MDC_TIMER);
 203                         }
 204                 }
 205                 EcompPortalUtils.logAndSerializeObject(logger, "/portalAdmin", "DELETE result =", response.getStatus());
 206
 207                 return fieldsValidator;
 208         }
 209
 210         @RequestMapping(value = {
 211                         "/portalApi/adminAppsRoles/{appId}" }, method = RequestMethod.GET, produces = "application/json")
 212         public List<EPRole> getRolesByApp(HttpServletRequest request, @PathVariable("appId") Long appId,
 213                         HttpServletResponse response) {
 214                 EPUser user = EPUserUtils.getUserSession(request);
 215                 List<EPRole> rolesByApp = null;
 216
 217                 try {
 218                         if (user == null) {
 219                                 EcompPortalUtils.setBadPermissions(user, response, "getUserApps");
 220                         } else {
 221                                 rolesByApp = adminRolesService.getRolesByApp(user, appId);
 222                         }
 223                 } catch (Exception e) {
 224                         logger.error(EELFLoggerDelegate.errorLogger,    "getRolesByApp failed", e);
 225                 }
 226
 227                 return rolesByApp;
 228         }
 229
 230 }