Merge "removed code smells"

[portal.git] / ecomp-portal-BE-common / src / main / java / org / onap / portalapp / portal / controller / FunctionalMenuController.java
diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/FunctionalMenuController.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/FunctionalMenuController.java

index 1b54ebb..65abc28 100644 (file)
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/FunctionalMenuController.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/FunctionalMenuController.java
@@ -4,6 +4,8 @@
   * ===================================================================
   * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
   * ===================================================================
+ *  Modification Copyright © 2020 IBM.
+ * ===================================================================
   *
   * Unless otherwise specified, all software contained herein is licensed
   * under the Apache License, Version 2.0 (the "License");
@@ -33,7 +35,7 @@
   *
   * ============LICENSE_END============================================
   *
- * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+ *
   */
  package org.onap.portalapp.portal.controller;
  
@@ -49,6 +51,7 @@ import java.util.Map;
  
  import javax.servlet.http.HttpServletRequest;
  import javax.servlet.http.HttpServletResponse;
+import javax.ws.rs.core.Response;
  
  import org.json.JSONObject;
  import org.onap.portalapp.controller.EPRestrictedBaseController;
@@ -71,13 +74,20 @@ import org.onap.portalapp.portal.transport.FunctionalMenuItemWithRoles;
  import org.onap.portalapp.portal.utils.EPCommonSystemProperties;
  import org.onap.portalapp.portal.utils.EcompPortalUtils;
  import org.onap.portalapp.util.EPUserUtils;
+import org.onap.portalapp.validation.DataValidator;
  import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
  import org.onap.portalsdk.core.util.SystemProperties;
+import org.onap.portalsdk.core.web.support.UserUtils;
  import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Configuration;
  import org.springframework.context.annotation.EnableAspectJAutoProxy;
  import org.springframework.web.bind.annotation.PathVariable;
  import org.springframework.web.bind.annotation.RequestBody;
  import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.PutMapping;
+import org.springframework.web.bind.annotation.DeleteMapping;
  import org.springframework.web.bind.annotation.RequestMethod;
  import org.springframework.web.bind.annotation.RequestParam;
  import org.springframework.web.bind.annotation.RestController;
@@ -86,12 +96,13 @@ import org.springframework.web.bind.annotation.RestController;
   * Supports menus at the top of the Portal app landing page.
   */
  @RestController
-@org.springframework.context.annotation.Configuration
+@Configuration
  @EnableAspectJAutoProxy
  @EPAuditLog
  public class FunctionalMenuController extends EPRestrictedBaseController {
  
         private EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(FunctionalMenuController.class);
+       private final DataValidator dataValidator = new DataValidator();
  
         @Autowired
         private AdminRolesService adminRolesService;
@@ -104,14 +115,14 @@ public class FunctionalMenuController extends EPRestrictedBaseController {
  
         /**
          * RESTful service method to fetch all the FunctionalMenuItems.
-        * 
+        *
          * @param request
          *            HttpServletRequest
          * @param response
          *            HttpServletResponse
          * @return List of FunctionalMenuItem objects
          */
-       @RequestMapping(value = { "/portalApi/functionalMenu" }, method = RequestMethod.GET, produces = "application/json")
+       @GetMapping(value = { "/portalApi/functionalMenu" }, produces = "application/json")
         public List<FunctionalMenuItem> getMenuItems(HttpServletRequest request, HttpServletResponse response) {
                 // TODO: should only the superuser be allowed to use this API?
                 List<FunctionalMenuItem> menuItems = null;
@@ -126,15 +137,15 @@ public class FunctionalMenuController extends EPRestrictedBaseController {
         }
  
         /**
-        * RESTful service method to get ECOMP Portal Title.
-        * 
+        * RESTful service method to get ONAP Portal Title.
+        *
          * @param request
          *            HttpServletRequest
          * @param response
          *            HttpServletResponse
-        * @return PortalRestResponse of ECOMP portal title
+        * @return PortalRestResponse of ONAP portal title
          */
-       @RequestMapping(value = { "/portalApi/ecompTitle" }, method = RequestMethod.GET, produces = "application/json")
+       @GetMapping(value = { "/portalApi/ecompTitle" }, produces = "application/json")
         public PortalRestResponse<String> getECOMPTitle(HttpServletRequest request, HttpServletResponse response) {
                 PortalRestResponse<String> portalRestResponse = null;
                 try {
@@ -152,15 +163,15 @@ public class FunctionalMenuController extends EPRestrictedBaseController {
          * RESTful service method to fetch all the FunctionalMenuItems, both active and
          * inactive, for the EditFunctionalMenu feature. Can only be accessed by the
          * portal admin.
-        * 
+        *
          * @param request
          *            HttpServletRequest
          * @param response
          *            HttpServletResponse
          * @return List of FunctionalMenuItem objects
          */
-       @RequestMapping(value = {
-                       "/portalApi/functionalMenuForEditing" }, method = RequestMethod.GET, produces = "application/json")
+       @GetMapping(value = {
+                       "/portalApi/functionalMenuForEditing" }, produces = "application/json")
         public List<FunctionalMenuItem> getMenuItemsForEditing(HttpServletRequest request, HttpServletResponse response) {
                 // TODO: should only the superuser be allowed to use this API?
                 EPUser user = EPUserUtils.getUserSession(request);
@@ -182,15 +193,15 @@ public class FunctionalMenuController extends EPRestrictedBaseController {
         /**
          * RESTful service method to fetch all the FunctionalMenuItems, active , for the
          * Functional menu in notification Tree feature.
-        * 
+        *
          * @param request
          *            HttpServletRequest
          * @param response
          *            HttpServletResponse
          * @return List of FunctionalMenuItem objects
          */
-       @RequestMapping(value = {
-                       "/portalApi/functionalMenuForNotificationTree" }, method = RequestMethod.GET, produces = "application/json")
+       @GetMapping(value = {
+                       "/portalApi/functionalMenuForNotificationTree" }, produces = "application/json")
         public List<FunctionalMenuItem> getMenuItemsForNotifications(HttpServletRequest request,
                         HttpServletResponse response) {
                 // TODO: should only the superuser be allowed to use this API?
@@ -209,15 +220,15 @@ public class FunctionalMenuController extends EPRestrictedBaseController {
         /**
          * RESTful service method to fetch all FunctionalMenuItems associated with an
          * application.
-        * 
+        *
          * @param request
          *            HttpServletRequest
          * @param appId
          *            application ID
          * @return List of FunctionalMenuItem objects
          */
-       @RequestMapping(value = {
-                       "/portalApi/functionalMenuForApp/{appId}" }, method = RequestMethod.GET, produces = "application/json")
+       @GetMapping(value = {
+                       "/portalApi/functionalMenuForApp/{appId}" }, produces = "application/json")
         public List<FunctionalMenuItem> getMenuItemsForApp(HttpServletRequest request,
                         @PathVariable("appId") Integer appId) {
                 // TODO: should only the superuser be allowed to use this API?
@@ -236,15 +247,15 @@ public class FunctionalMenuController extends EPRestrictedBaseController {
         /**
          * RESTful service method to fetch all FunctionalMenuItems associated with the
          * applications and roles that a user has access to.
-        * 
+        *
          * @param request
          *            HttpServletRequest
          * @param orgUserId
          *            user ID
          * @return List of FunctionalMenuItem objects
          */
-       @RequestMapping(value = {
-                       "/portalApi/functionalMenuForUser/{orgUserId}" }, method = RequestMethod.GET, produces = "application/json")
+       @GetMapping(value = {
+                       "/portalApi/functionalMenuForUser/{orgUserId}" }, produces = "application/json")
         public List<FunctionalMenuItem> getMenuItemsForUser(HttpServletRequest request,
                         @PathVariable("orgUserId") String orgUserId) {
                 // TODO: should only the superuser be allowed to use this API?
@@ -264,15 +275,15 @@ public class FunctionalMenuController extends EPRestrictedBaseController {
         /**
          * RESTful service method to fetch all FunctionalMenuItems associated with the
          * applications and roles that the authenticated user has access to.
-        * 
+        *
          * @param request
          *            HttpServletRequest
          * @param response
          *            HttpServletResponse
          * @return List of FunctionalMenuItem objects
          */
-       @RequestMapping(value = {
-                       "/portalApi/functionalMenuForAuthUser" }, method = RequestMethod.GET, produces = "application/json")
+       @GetMapping(value = {
+                       "/portalApi/functionalMenuForAuthUser" }, produces = "application/json")
         public List<FunctionalMenuItem> getMenuItemsForAuthUser(HttpServletRequest request, HttpServletResponse response) {
  
                 EPUser user = EPUserUtils.getUserSession(request);
@@ -298,8 +309,8 @@ public class FunctionalMenuController extends EPRestrictedBaseController {
  
         /**
          * RESTful service method to fetch the details for a functional menu item.
-        * Requirement: you must be the Ecomp portal super admin user.
-        * 
+        * Requirement: you must be the ONAP portal super admin user.
+        *
          * @param request
          *            HttpServletRequest
          * @param response
@@ -308,8 +319,8 @@ public class FunctionalMenuController extends EPRestrictedBaseController {
          *            menu ID
          * @return FunctionalMenuItem object
          */
-       @RequestMapping(value = {
-                       "/portalApi/functionalMenuItemDetails/{menuId}" }, method = RequestMethod.GET, produces = "application/json")
+       @GetMapping(value = {
+                       "/portalApi/functionalMenuItemDetails/{menuId}" }, produces = "application/json")
         public FunctionalMenuItem getFunctionalMenuItemDetails(HttpServletRequest request,
                         @PathVariable("menuId") Long menuId, HttpServletResponse response) {
                 // TODO: return FunctionalMenuItemJson
@@ -333,9 +344,9 @@ public class FunctionalMenuController extends EPRestrictedBaseController {
  
         /**
          * RESTful service method to create a new menu item.
-        * 
-        * Requirement: you must be the Ecomp portal super admin user.
-        * 
+        *
+        * Requirement: you must be the ONAP portal super admin user.
+        *
          * @param request
          *            HttpServletRequest
          * @param response
@@ -344,11 +355,19 @@ public class FunctionalMenuController extends EPRestrictedBaseController {
          *            FunctionalMenuItemWithRoles
          * @return FieldsValidator
          */
-       @RequestMapping(value = { "/portalApi/functionalMenuItem" }, method = RequestMethod.POST)
+       @PostMapping(value = { "/portalApi/functionalMenuItem" })
         public FieldsValidator createFunctionalMenuItem(HttpServletRequest request,
                         @RequestBody FunctionalMenuItemWithRoles menuItemJson, HttpServletResponse response) {
                 EPUser user = EPUserUtils.getUserSession(request);
                 FieldsValidator fieldsValidator = null;
+
+               if(!dataValidator.isValid(menuItemJson)){
+                       fieldsValidator = new FieldsValidator();
+                       logger.warn(EELFLoggerDelegate.debugLogger,"FunctionalMenuController.createFunctionalMenuItem not valid object");
+                       fieldsValidator.httpStatusCode = (long)HttpServletResponse.SC_NOT_ACCEPTABLE;
+                       return fieldsValidator;
+               }
+
                 if (!adminRolesService.isSuperAdmin(user)) {
                         logger.debug(EELFLoggerDelegate.debugLogger,
                                         "FunctionalMenuController.createFunctionalMenuItem bad permissions");
@@ -365,9 +384,9 @@ public class FunctionalMenuController extends EPRestrictedBaseController {
  
         /**
          * RESTful service method to update an existing menu item
-        * 
-        * Requirement: you must be the Ecomp portal super admin user.
-        * 
+        *
+        * Requirement: you must be the ONAP portal super admin user.
+        *
          * @param request
          *            HttpServletRequest
          * @param response
@@ -376,11 +395,19 @@ public class FunctionalMenuController extends EPRestrictedBaseController {
          *            FunctionalMenuItemWithRoles
          * @return FieldsValidator
          */
-       @RequestMapping(value = { "/portalApi/functionalMenuItem" }, method = RequestMethod.PUT)
+       @PutMapping(value = { "/portalApi/functionalMenuItem" })
         public FieldsValidator editFunctionalMenuItem(HttpServletRequest request,
                         @RequestBody FunctionalMenuItemWithRoles menuItemJson, HttpServletResponse response) {
                 EPUser user = EPUserUtils.getUserSession(request);
                 FieldsValidator fieldsValidator = null;
+
+           if(!dataValidator.isValid(menuItemJson)){
+                          fieldsValidator = new FieldsValidator();
+                          logger.warn(EELFLoggerDelegate.debugLogger,"FunctionalMenuController.createFunctionalMenuItem not valid object");
+                          fieldsValidator.httpStatusCode = (long)HttpServletResponse.SC_NOT_ACCEPTABLE;
+                          return fieldsValidator;
+           }
+
                 if (!adminRolesService.isSuperAdmin(user)) {
                         EcompPortalUtils.setBadPermissions(user, response, "editFunctionalMenuItem");
                 } else {
@@ -395,7 +422,7 @@ public class FunctionalMenuController extends EPRestrictedBaseController {
  
         /**
          * RESTful service method to delete a menu item
-        * 
+        *
          * @param request
          *            HttpServletRequest
          * @param response
@@ -404,7 +431,7 @@ public class FunctionalMenuController extends EPRestrictedBaseController {
          *            menu identifier
          * @return FieldsValidator
          */
-       @RequestMapping(value = { "/portalApi/functionalMenuItem/{menuId}" }, method = RequestMethod.DELETE)
+       @DeleteMapping(value = { "/portalApi/functionalMenuItem/{menuId}" })
         public FieldsValidator deleteFunctionalMenuItem(HttpServletRequest request, @PathVariable("menuId") Long menuId,
                         HttpServletResponse response) {
                 EPUser user = EPUserUtils.getUserSession(request);
@@ -423,14 +450,14 @@ public class FunctionalMenuController extends EPRestrictedBaseController {
  
         /**
          * RESTful service to regenerate table
-        * 
+        *
          * @param request
          *            HttpServletRequest
          * @param response
          *            HttpServletResponse
          * @return FieldsValidator
          */
-       @RequestMapping(value = { "/portalApi/regenerateFunctionalMenuAncestors" }, method = RequestMethod.GET)
+       @GetMapping(value = { "/portalApi/regenerateFunctionalMenuAncestors" })
         public FieldsValidator regenerateAncestorTable(HttpServletRequest request, HttpServletResponse response) {
                 // TODO: should only the superuser be allowed to use this API?
                 EPUser user = EPUserUtils.getUserSession(request);
@@ -450,7 +477,7 @@ public class FunctionalMenuController extends EPRestrictedBaseController {
  
         /**
          * RESful service to set a favorite item.
-        * 
+        *
          * @param request
          *            HttpServletRequest
          * @param response
@@ -459,7 +486,7 @@ public class FunctionalMenuController extends EPRestrictedBaseController {
          *            FunctionalMenuItemWithRoles
          * @return FieldsValidator
          */
-       @RequestMapping(value = { "/portalApi/setFavoriteItem" }, method = RequestMethod.POST)
+       @PostMapping(value = { "/portalApi/setFavoriteItem" })
         public FieldsValidator addFavoriteItem(HttpServletRequest request,
                         @RequestBody FavoritesFunctionalMenuItem menuItemJson, HttpServletResponse response) {
                 EPUser user = EPUserUtils.getUserSession(request);
@@ -476,15 +503,15 @@ public class FunctionalMenuController extends EPRestrictedBaseController {
         /**
          * RESTful service to get favorites for the current user as identified in the
          * session
-        * 
+        *
          * @param request
          *            HttpServletRequest
          * @param response
          *            HttpServletResponse
          * @return List of FavoritesFunctionalMenuItemJson
          */
-       @RequestMapping(value = {
-                       "/portalApi/getFavoriteItems" }, method = RequestMethod.GET, produces = "application/json")
+       @GetMapping(value = {
+                       "/portalApi/getFavoriteItems" }, produces = "application/json")
         public List<FavoritesFunctionalMenuItemJson> getFavoritesForUser(HttpServletRequest request,
                         HttpServletResponse response) {
                 EPUser user = EPUserUtils.getUserSession(request);
@@ -499,7 +526,7 @@ public class FunctionalMenuController extends EPRestrictedBaseController {
         /**
          * RESTful service to delete a favorite menu item for the current user as
          * identified in the session.
-        * 
+        *
          * @param request
          *            HttpServletRequest
          * @param response
@@ -508,7 +535,7 @@ public class FunctionalMenuController extends EPRestrictedBaseController {
          *            menu identifier
          * @return FieldsValidator
          */
-       @RequestMapping(value = { "/portalApi/removeFavoriteItem/{menuId}" }, method = RequestMethod.DELETE)
+       @DeleteMapping(value = { "/portalApi/removeFavoriteItem/{menuId}" })
         public FieldsValidator deleteFavoriteItem(HttpServletRequest request, @PathVariable("menuId") Long menuId,
                         HttpServletResponse response) {
                 EPUser user = EPUserUtils.getUserSession(request);
@@ -528,22 +555,26 @@ public class FunctionalMenuController extends EPRestrictedBaseController {
          * session (i.e., the CSP cookie); if that fails, calls the shared context
          * service to read the information from the database. Gives back what it found,
          * any of which may be null, as a JSON collection.
-        * 
+        *
          * @param request
          *            HttpServletRequest
          * @param response
          *            HttpServletResponse
          * @return JSON collection of key-value pairs shown below.
          */
-       @RequestMapping(value = {
-                       "/portalApi/functionalMenuStaticInfo" }, method = RequestMethod.GET, produces = "application/json")
+       @GetMapping(value = {
+                       "/portalApi/functionalMenuStaticInfo" }, produces = "application/json")
         public String getFunctionalMenuStaticInfo(HttpServletRequest request, HttpServletResponse response) {
  
                 // Get user details from session
                 logger.debug(EELFLoggerDelegate.debugLogger, "getFunctionalMenuStaticInfo: getting user info");
                 String fnMenuStaticResponse = null;
                 try {
-                       String orgUserIdStr = null, firstNameStr = null, lastNameStr = null, emailStr = null, lastLogin = null;
+                       String orgUserIdStr = null;
+            String firstNameStr = null;
+            String lastNameStr = null;
+            String emailStr = null;
+            String lastLogin = null;
                         EPUser user = EPUserUtils.getUserSession(request);
                         firstNameStr = user.getFirstName();
                         lastNameStr = user.getLastName();
@@ -553,7 +584,7 @@ public class FunctionalMenuController extends EPRestrictedBaseController {
                                 EPUser userResult = searchService.searchUserByUserId(orgUserIdStr);
                                 emailStr = userResult.getEmail();
                         }
-                       SimpleDateFormat sdf = new SimpleDateFormat("MM/dd/yyyy hh:mm:ssZ");
+                       SimpleDateFormat sdf = new SimpleDateFormat("MM/dd/yyyy hh:mm:ss Z a");
                         Date lastLoginDate = user.getLastLoginDate();
                         if (lastLoginDate == null) {
                                 // should never happen
@@ -565,7 +596,10 @@ public class FunctionalMenuController extends EPRestrictedBaseController {
  
                         // If any item is missing from session, try the Shared Context
                         // service.
-                       SharedContext orgUserIdSC = null, firstNameSC = null, lastNameSC = null, emailSC = null;
+                       SharedContext orgUserIdSC = null;
+                       SharedContext firstNameSC = null;
+                       SharedContext lastNameSC = null;
+                       SharedContext emailSC = null;
                         String sessionId = request.getSession().getId();
                         if (firstNameStr == null)
                                 firstNameSC = sharedContextService.getSharedContext(sessionId,
@@ -611,7 +645,7 @@ public class FunctionalMenuController extends EPRestrictedBaseController {
         };
  
         /**
-        * 
+        *
          * @param request
          *            HttpServletRequest
          * @param userId
@@ -620,12 +654,20 @@ public class FunctionalMenuController extends EPRestrictedBaseController {
          * @throws IOException
          *             on error
          */
-       @RequestMapping(value = {
-                       "/portalApi/userApplicationRoles" }, method = RequestMethod.GET, produces = "application/json")
-       public List<BusinessCardApplicationRolesList> getAppList(HttpServletRequest request,
+       @GetMapping(value = {
+                       "/portalApi/userApplicationRoles" }, produces = "application/json")
+       public List<BusinessCardApplicationRolesList> getAppList(HttpServletRequest request, HttpServletResponse response,
                         @RequestParam("userId") String userId) throws IOException {
  
                 List<BusinessCardApplicationRolesList> AppRoles = null;
+               
+               if(!UserUtils.getUserSession(request).getOrgUserId().equalsIgnoreCase(userId)) {
+                       logger.error(EELFLoggerDelegate.errorLogger, "Not authorized to view roles of others ");
+                       response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+                       response.getWriter().flush();
+                       return null;
+               }
+                       
                 try {
                         List<BusinessCardApplicationRole> userAppRoleList = functionalMenuService.getUserAppRolesList(userId);