2 * ================================================================================
\r
4 * ================================================================================
\r
5 * Copyright (C) 2017 AT&T Intellectual Property
\r
6 * ================================================================================
\r
7 * Licensed under the Apache License, Version 2.0 (the "License");
\r
8 * you may not use this file except in compliance with the License.
\r
9 * You may obtain a copy of the License at
\r
11 * http://www.apache.org/licenses/LICENSE-2.0
\r
13 * Unless required by applicable law or agreed to in writing, software
\r
14 * distributed under the License is distributed on an "AS IS" BASIS,
\r
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
\r
16 * See the License for the specific language governing permissions and
\r
17 * limitations under the License.
\r
18 * ================================================================================
\r
20 package org.openecomp.portalapp.portal.service;
\r
22 import java.util.ArrayList;
\r
23 import java.util.HashMap;
\r
24 import java.util.List;
\r
26 import javax.annotation.PostConstruct;
\r
28 import org.apache.cxf.common.util.StringUtils;
\r
29 import org.hibernate.Session;
\r
30 import org.hibernate.SessionFactory;
\r
31 import org.hibernate.Transaction;
\r
32 import org.springframework.beans.factory.annotation.Autowired;
\r
33 import org.springframework.context.annotation.EnableAspectJAutoProxy;
\r
34 import org.springframework.stereotype.Service;
\r
35 import org.springframework.transaction.annotation.Transactional;
\r
37 import org.openecomp.portalsdk.core.logging.logic.EELFLoggerDelegate;
\r
38 import org.openecomp.portalsdk.core.service.DataAccessService;
\r
39 import org.openecomp.portalsdk.core.util.SystemProperties;
\r
40 import org.openecomp.portalapp.portal.domain.EPApp;
\r
41 import org.openecomp.portalapp.portal.domain.EPRole;
\r
42 import org.openecomp.portalapp.portal.domain.EPUser;
\r
43 import org.openecomp.portalapp.portal.domain.EPUserApp;
\r
44 import org.openecomp.portalapp.portal.domain.UserIdRoleId;
\r
45 import org.openecomp.portalapp.portal.domain.UserRole;
\r
46 import org.openecomp.portalapp.portal.logging.aop.EPMetricsLog;
\r
47 import org.openecomp.portalapp.portal.logging.format.EPAppMessagesEnum;
\r
48 import org.openecomp.portalapp.portal.logging.logic.EPLogUtil;
\r
49 import org.openecomp.portalapp.portal.transport.AppNameIdIsAdmin;
\r
50 import org.openecomp.portalapp.portal.transport.AppsListWithAdminRole;
\r
51 import org.openecomp.portalapp.portal.utils.EPCommonSystemProperties;
\r
52 import org.openecomp.portalapp.portal.utils.EcompPortalUtils;
\r
54 @Service("adminRolesService")
\r
56 @org.springframework.context.annotation.Configuration
\r
57 @EnableAspectJAutoProxy
\r
59 public class AdminRolesServiceImpl implements AdminRolesService {
\r
61 private Long SYS_ADMIN_ROLE_ID = 1L;
\r
62 private Long ACCOUNT_ADMIN_ROLE_ID = 999L;
\r
63 private Long ECOMP_APP_ID = 1L;
\r
65 EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(AdminRolesServiceImpl.class);
\r
68 private SessionFactory sessionFactory;
\r
70 private DataAccessService dataAccessService;
\r
72 SearchService searchService;
\r
74 EPAppService appsService;
\r
77 private void init() {
\r
79 SYS_ADMIN_ROLE_ID = Long.valueOf(SystemProperties.getProperty(EPCommonSystemProperties.SYS_ADMIN_ROLE_ID));
\r
80 ACCOUNT_ADMIN_ROLE_ID = Long.valueOf(SystemProperties.getProperty(EPCommonSystemProperties.ACCOUNT_ADMIN_ROLE_ID));
\r
81 ECOMP_APP_ID = Long.valueOf(SystemProperties.getProperty(EPCommonSystemProperties.ECOMP_APP_ID));
\r
82 } catch(Exception e) {
\r
83 logger.error(EELFLoggerDelegate.errorLogger, EcompPortalUtils.getStackTrace(e));
\r
89 @SuppressWarnings("unchecked")
\r
90 public AppsListWithAdminRole getAppsWithAdminRoleStateForUser(String orgUserId) {
\r
91 AppsListWithAdminRole appsListWithAdminRole = null;
\r
94 List<EPUser> userList = dataAccessService.getList(EPUser.class, " where orgUserId = '" + orgUserId + "'", null,
\r
96 HashMap<Long, Long> appsUserAdmin = new HashMap<Long, Long>();
\r
97 if (userList.size() > 0) {
\r
98 EPUser user = userList.get(0);
\r
99 List<EPUserApp> userAppList = null;
\r
101 userAppList = dataAccessService.getList(EPUserApp.class,
\r
102 " where userId = " + user.getId() + " and role.id = " + ACCOUNT_ADMIN_ROLE_ID, null, null);
\r
103 } catch (Exception e) {
\r
104 logger.error(EELFLoggerDelegate.errorLogger, EcompPortalUtils.getStackTrace(e));
\r
105 EPLogUtil.logEcompError(EPAppMessagesEnum.BeDaoSystemError);
\r
107 for (EPUserApp userApp : userAppList) {
\r
108 appsUserAdmin.put(userApp.getAppId(), userApp.getUserId());
\r
112 appsListWithAdminRole = new AppsListWithAdminRole();
\r
113 appsListWithAdminRole.orgUserId = orgUserId;
\r
114 List<EPApp> appsList = null;
\r
116 appsList = dataAccessService.getList(EPApp.class, " where ( enabled = 'Y' or id = " + ECOMP_APP_ID + ")", null, null);
\r
117 } catch (Exception e) {
\r
118 logger.error(EELFLoggerDelegate.errorLogger, EcompPortalUtils.getStackTrace(e));
\r
119 EPLogUtil.logEcompError(EPAppMessagesEnum.BeDaoSystemError);
\r
121 for (EPApp app : appsList) {
\r
122 AppNameIdIsAdmin appNameIdIsAdmin = new AppNameIdIsAdmin();
\r
123 appNameIdIsAdmin.id = app.getId();
\r
124 appNameIdIsAdmin.appName = app.getName();
\r
125 appNameIdIsAdmin.isAdmin = new Boolean(appsUserAdmin.containsKey(app.getId()));
\r
126 appNameIdIsAdmin.restrictedApp = app.isRestrictedApp();
\r
127 appsListWithAdminRole.appsRoles.add(appNameIdIsAdmin);
\r
129 } catch (Exception e) {
\r
130 logger.error(EELFLoggerDelegate.errorLogger, "Exception occurred while performing AdminRolesServiceImpl.getAppsWithAdminRoleStateForUser operation, Details:"
\r
131 + EcompPortalUtils.getStackTrace(e));
\r
134 return appsListWithAdminRole;
\r
137 private static final Object syncRests = new Object();
\r
141 @SuppressWarnings("unchecked")
\r
142 public boolean setAppsWithAdminRoleStateForUser(AppsListWithAdminRole newAppsListWithAdminRoles) {
\r
143 boolean result = false;
\r
144 // No changes if no new roles list or no userId.
\r
145 if (!StringUtils.isEmpty(newAppsListWithAdminRoles.orgUserId) && newAppsListWithAdminRoles.appsRoles != null) {
\r
146 synchronized (syncRests) {
\r
147 List<EPApp> apps = appsService.getAppsFullList();
\r
148 HashMap<Long, EPApp> enabledApps = new HashMap<Long, EPApp>();
\r
149 for (EPApp app : apps) {
\r
150 if (app.getEnabled().booleanValue() || app.getId() == ECOMP_APP_ID) {
\r
151 enabledApps.put(app.getId(), app);
\r
154 List<AppNameIdIsAdmin> newAppsWhereUserIsAdmin = new ArrayList<AppNameIdIsAdmin>();
\r
155 for (AppNameIdIsAdmin adminRole : newAppsListWithAdminRoles.appsRoles) {
\r
156 // user Admin role may be added only for enabled apps
\r
157 if (adminRole.isAdmin.booleanValue() && enabledApps.containsKey(adminRole.id)) {
\r
158 newAppsWhereUserIsAdmin.add(adminRole);
\r
161 EPUser user = null;
\r
162 boolean createNewUser = false;
\r
163 String orgUserId = newAppsListWithAdminRoles.orgUserId.trim();
\r
164 List<EPUser> localUserList = dataAccessService.getList(EPUser.class, " where org_user_id='" + orgUserId + "'",
\r
166 List<EPUserApp> oldAppsWhereUserIsAdmin = new ArrayList<EPUserApp>();
\r
167 if (localUserList.size() > 0) {
\r
168 EPUser tmpUser = localUserList.get(0);
\r
169 oldAppsWhereUserIsAdmin = dataAccessService.getList(EPUserApp.class,
\r
170 " where userId = " + tmpUser.getId() + " and role.id = " + ACCOUNT_ADMIN_ROLE_ID, null,
\r
172 if (oldAppsWhereUserIsAdmin.size() > 0 || newAppsWhereUserIsAdmin.size() > 0) {
\r
175 } else if (newAppsWhereUserIsAdmin.size() > 0) {
\r
176 // we create new user only if he has Admin Role for any App
\r
177 createNewUser = true;
\r
179 if (user != null || createNewUser) {
\r
180 Session localSession = null;
\r
181 Transaction transaction = null;
\r
183 localSession = sessionFactory.openSession();
\r
184 transaction = localSession.beginTransaction();
\r
185 if (createNewUser) {
\r
186 user = this.searchService.searchUserByUserId(orgUserId);
\r
187 if (user != null) {
\r
188 // insert the user with active true in order to
\r
189 // pass login phase.
\r
190 user.setActive(true);
\r
191 localSession.save(EPUser.class.getName(), user);
\r
194 for (EPUserApp oldUserApp : oldAppsWhereUserIsAdmin) {
\r
195 // user Admin role may be deleted only for enabled
\r
197 if (enabledApps.containsKey(oldUserApp.getAppId())) {
\r
198 localSession.delete(oldUserApp);
\r
201 for (AppNameIdIsAdmin appNameIdIsAdmin : newAppsWhereUserIsAdmin) {
\r
202 EPApp app = (EPApp) localSession.get(EPApp.class, appNameIdIsAdmin.id);
\r
203 EPRole role = (EPRole) localSession.get(EPRole.class, new Long(ACCOUNT_ADMIN_ROLE_ID));
\r
204 EPUserApp newUserApp = new EPUserApp();
\r
205 newUserApp.setUserId(user.getId());
\r
206 newUserApp.setApp(app);
\r
207 newUserApp.setRole(role);
\r
208 localSession.save(EPUserApp.class.getName(), newUserApp);
\r
210 transaction.commit();
\r
212 } catch (Exception e) {
\r
213 EPLogUtil.logEcompError(logger, EPAppMessagesEnum.BeDaoSystemError, e);
\r
214 logger.error(EELFLoggerDelegate.errorLogger, "setAppsWithAdminRoleStateForUser: exception in point 2", e);
\r
216 transaction.rollback();
\r
217 } catch (Exception ex) {
\r
218 EPLogUtil.logEcompError(logger, EPAppMessagesEnum.BeExecuteRollbackError, e);
\r
219 logger.error(EELFLoggerDelegate.errorLogger, "setAppsWithAdminRoleStateForUser: exception in point 3", ex);
\r
223 localSession.close();
\r
224 } catch (Exception e) {
\r
225 EPLogUtil.logEcompError(logger, EPAppMessagesEnum.BeDaoCloseSessionError, e);
\r
226 logger.error(EELFLoggerDelegate.errorLogger, "setAppsWithAdminRoleStateForUser: exception in point 4", e);
\r
236 @SuppressWarnings("unchecked")
\r
238 public boolean isSuperAdmin(EPUser user) {
\r
239 if ((user != null) /* && (user.getId() == null) */ && (user.getOrgUserId() != null)) {
\r
240 String sql = "SELECT user.USER_ID, user.org_user_id, userrole.ROLE_ID, userrole.APP_ID FROM fn_user_role userrole "
\r
241 + "INNER JOIN fn_user user ON user.USER_ID = userrole.USER_ID " + "WHERE user.org_user_id = '"
\r
242 + user.getOrgUserId() + "' " + "AND userrole.ROLE_ID = '" + SYS_ADMIN_ROLE_ID + "' "
\r
243 + "AND userrole.APP_ID = '" + ECOMP_APP_ID + "';";
\r
245 List<UserRole> userRoleList = dataAccessService.executeSQLQuery(sql, UserIdRoleId.class, null);
\r
246 if (userRoleList != null && userRoleList.size() > 0) {
\r
249 } catch (Exception e) {
\r
250 EPLogUtil.logEcompError(logger, EPAppMessagesEnum.BeDaoSystemError, e);
\r
251 logger.error(EELFLoggerDelegate.errorLogger, "Exception occurred while executing isSuperAdmin operation", e);
\r
256 // User currentUser = user != null ? (User)
\r
257 // dataAccessService.getDomainObject(User.class, user.getId(), null) :
\r
259 // if (currentUser != null && currentUser.getId() != null) {
\r
260 // for (UserApp userApp : currentUser.getUserApps()) {
\r
261 // if (userApp.getApp().getId().equals(ECOMP_APP_ID) &&
\r
262 // userApp.getRole().getId().equals(SYS_ADMIN_ROLE_ID)) {
\r
263 // // Super Administrator role is global, no need to keep iterating
\r
272 public boolean isAccountAdmin(EPUser user) {
\r
274 EPUser currentUser = user != null
\r
275 ? (EPUser) dataAccessService.getDomainObject(EPUser.class, user.getId(), null) : null;
\r
276 if (currentUser != null && currentUser.getId() != null) {
\r
277 for (EPUserApp userApp : currentUser.getEPUserApps()) {
\r
278 if (//!userApp.getApp().getId().equals(ECOMP_APP_ID)
\r
280 userApp.getRole().getId().equals(ACCOUNT_ADMIN_ROLE_ID)) {
\r
281 // Account Administrator sees only the applications
\r
282 // he/she is Administrator
\r
287 } catch (Exception e) {
\r
288 EPLogUtil.logEcompError(logger, EPAppMessagesEnum.BeDaoSystemError, e);
\r
289 logger.error(EELFLoggerDelegate.errorLogger, "Exception occurred while executing isAccountAdmin operation", e);
\r
294 public boolean isUser(EPUser user) {
\r
296 EPUser currentUser = user != null
\r
297 ? (EPUser) dataAccessService.getDomainObject(EPUser.class, user.getId(), null) : null;
\r
298 if (currentUser != null && currentUser.getId() != null) {
\r
299 for (EPUserApp userApp : currentUser.getEPUserApps()) {
\r
300 if (!userApp.getApp().getId().equals(ECOMP_APP_ID)) {
\r
301 EPRole role = userApp.getRole();
\r
302 if (!role.getId().equals(SYS_ADMIN_ROLE_ID) && !role.getId().equals(ACCOUNT_ADMIN_ROLE_ID)) {
\r
303 if (role.getActive()) {
\r
310 } catch (Exception e) {
\r
311 EPLogUtil.logEcompError(logger, EPAppMessagesEnum.BeDaoSystemError, e);
\r
312 logger.error(EELFLoggerDelegate.errorLogger, "Exception occurred while executing isUser operation", e);
\r
319 public List<EPRole> getRolesByApp(EPUser user, Long appId) {
\r
320 List<EPRole> list = new ArrayList<>();
\r
321 String sql = "SELECT * FROM FN_ROLE WHERE APP_ID = " + appId;
\r
322 @SuppressWarnings("unchecked")
\r
323 List<EPRole> roles = dataAccessService.executeSQLQuery(sql, EPRole.class, null);
\r
324 for (EPRole role: roles) {
\r