/*-
- * ================================================================================
- * ECOMP Portal
- * ================================================================================
- * Copyright (C) 2017 AT&T Intellectual Property
- * ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
+ * ============LICENSE_START==========================================
+ * ONAP Portal
+ * ===================================================================
+ * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ * ===================================================================
+ *
+ * Unless otherwise specified, all software contained herein is licensed
+ * under the Apache License, Version 2.0 (the “License”);
+ * you may not use this software except in compliance with the License.
* You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
- * ================================================================================
+ *
+ * Unless otherwise specified, all documentation contained herein is licensed
+ * under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+ * you may not use this documentation except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * https://creativecommons.org/licenses/by/4.0/
+ *
+ * Unless required by applicable law or agreed to in writing, documentation
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * ============LICENSE_END============================================
+ *
+ * ECOMP is a trademark and service mark of AT&T Intellectual Property.
*/
package org.openecomp.portalapp.portal.service;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
+import java.util.Map;
import javax.annotation.PostConstruct;
import org.hibernate.Session;
import org.hibernate.SessionFactory;
import org.hibernate.Transaction;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.context.annotation.EnableAspectJAutoProxy;
-import org.springframework.stereotype.Service;
-import org.springframework.transaction.annotation.Transactional;
-
-import org.openecomp.portalsdk.core.logging.logic.EELFLoggerDelegate;
-import org.openecomp.portalsdk.core.service.DataAccessService;
-import org.openecomp.portalsdk.core.util.SystemProperties;
+import org.json.JSONArray;
+import org.json.JSONObject;
import org.openecomp.portalapp.portal.domain.EPApp;
import org.openecomp.portalapp.portal.domain.EPRole;
import org.openecomp.portalapp.portal.domain.EPUser;
import org.openecomp.portalapp.portal.logging.logic.EPLogUtil;
import org.openecomp.portalapp.portal.transport.AppNameIdIsAdmin;
import org.openecomp.portalapp.portal.transport.AppsListWithAdminRole;
+import org.openecomp.portalapp.portal.transport.ExternalAccessUser;
import org.openecomp.portalapp.portal.utils.EPCommonSystemProperties;
import org.openecomp.portalapp.portal.utils.EcompPortalUtils;
+import org.openecomp.portalapp.portal.utils.PortalConstants;
+import org.openecomp.portalsdk.core.logging.logic.EELFLoggerDelegate;
+import org.openecomp.portalsdk.core.service.DataAccessService;
+import org.openecomp.portalsdk.core.util.SystemProperties;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.EnableAspectJAutoProxy;
+import org.springframework.http.HttpEntity;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpMethod;
+import org.springframework.http.ResponseEntity;
+import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
+import org.springframework.web.client.RestTemplate;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
@Service("adminRolesService")
@Transactional
private Long ACCOUNT_ADMIN_ROLE_ID = 999L;
private Long ECOMP_APP_ID = 1L;
- EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(AdminRolesServiceImpl.class);
+ private EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(AdminRolesServiceImpl.class);
@Autowired
private SessionFactory sessionFactory;
@Autowired
private DataAccessService dataAccessService;
@Autowired
- SearchService searchService;
+ private SearchService searchService;
@Autowired
- EPAppService appsService;
+ private EPAppService appsService;
+
+ private RestTemplate template = new RestTemplate();
@PostConstruct
private void init() {
try {
SYS_ADMIN_ROLE_ID = Long.valueOf(SystemProperties.getProperty(EPCommonSystemProperties.SYS_ADMIN_ROLE_ID));
- ACCOUNT_ADMIN_ROLE_ID = Long.valueOf(SystemProperties.getProperty(EPCommonSystemProperties.ACCOUNT_ADMIN_ROLE_ID));
+ ACCOUNT_ADMIN_ROLE_ID = Long
+ .valueOf(SystemProperties.getProperty(EPCommonSystemProperties.ACCOUNT_ADMIN_ROLE_ID));
ECOMP_APP_ID = Long.valueOf(SystemProperties.getProperty(EPCommonSystemProperties.ECOMP_APP_ID));
- } catch(Exception e) {
- logger.error(EELFLoggerDelegate.errorLogger, EcompPortalUtils.getStackTrace(e));
+ } catch (Exception e) {
+ logger.error(EELFLoggerDelegate.errorLogger, "init failed", e);
}
}
-
+
@Override
@EPMetricsLog
@SuppressWarnings("unchecked")
AppsListWithAdminRole appsListWithAdminRole = null;
try {
- List<EPUser> userList = dataAccessService.getList(EPUser.class, " where orgUserId = '" + orgUserId + "'", null,
- null);
+ List<EPUser> userList = dataAccessService.getList(EPUser.class, " where orgUserId = '" + orgUserId + "'",
+ null, null);
HashMap<Long, Long> appsUserAdmin = new HashMap<Long, Long>();
if (userList.size() > 0) {
EPUser user = userList.get(0);
userAppList = dataAccessService.getList(EPUserApp.class,
" where userId = " + user.getId() + " and role.id = " + ACCOUNT_ADMIN_ROLE_ID, null, null);
} catch (Exception e) {
- logger.error(EELFLoggerDelegate.errorLogger, EcompPortalUtils.getStackTrace(e));
+ logger.error(EELFLoggerDelegate.errorLogger, "getAppsWithAdminRoleStateForUser 1 failed", e);
EPLogUtil.logEcompError(EPAppMessagesEnum.BeDaoSystemError);
}
for (EPUserApp userApp : userAppList) {
appsListWithAdminRole.orgUserId = orgUserId;
List<EPApp> appsList = null;
try {
- appsList = dataAccessService.getList(EPApp.class, " where ( enabled = 'Y' or id = " + ECOMP_APP_ID + ")", null, null);
+ appsList = dataAccessService.getList(EPApp.class,
+ " where ( enabled = 'Y' or id = " + ECOMP_APP_ID + ")", null, null);
} catch (Exception e) {
- logger.error(EELFLoggerDelegate.errorLogger, EcompPortalUtils.getStackTrace(e));
+ logger.error(EELFLoggerDelegate.errorLogger, "getAppsWithAdminRoleStateForUser 2 failed", e);
EPLogUtil.logEcompError(EPAppMessagesEnum.BeDaoSystemError);
}
for (EPApp app : appsList) {
AppNameIdIsAdmin appNameIdIsAdmin = new AppNameIdIsAdmin();
appNameIdIsAdmin.id = app.getId();
- appNameIdIsAdmin.appName = app.getName();
+ appNameIdIsAdmin.appName = app.getName();
appNameIdIsAdmin.isAdmin = new Boolean(appsUserAdmin.containsKey(app.getId()));
appNameIdIsAdmin.restrictedApp = app.isRestrictedApp();
appsListWithAdminRole.appsRoles.add(appNameIdIsAdmin);
}
} catch (Exception e) {
- logger.error(EELFLoggerDelegate.errorLogger, "Exception occurred while performing AdminRolesServiceImpl.getAppsWithAdminRoleStateForUser operation, Details:"
- + EcompPortalUtils.getStackTrace(e));
+ logger.error(EELFLoggerDelegate.errorLogger, "getAppsWithAdminRoleStateForUser 3 failed", e);
}
return appsListWithAdminRole;
EPUser user = null;
boolean createNewUser = false;
String orgUserId = newAppsListWithAdminRoles.orgUserId.trim();
- List<EPUser> localUserList = dataAccessService.getList(EPUser.class, " where org_user_id='" + orgUserId + "'",
- null, null);
+ List<EPUser> localUserList = dataAccessService.getList(EPUser.class,
+ " where org_user_id='" + orgUserId + "'", null, null);
List<EPUserApp> oldAppsWhereUserIsAdmin = new ArrayList<EPUserApp>();
if (localUserList.size() > 0) {
EPUser tmpUser = localUserList.get(0);
localSession.save(EPUserApp.class.getName(), newUserApp);
}
transaction.commit();
- result = true;
+
+ // Add user admin role for list of centralized applications in external system
+ result = addAdminRoleInExternalSystem(user, localSession, newAppsWhereUserIsAdmin);
} catch (Exception e) {
EPLogUtil.logEcompError(logger, EPAppMessagesEnum.BeDaoSystemError, e);
- logger.error(EELFLoggerDelegate.errorLogger, "setAppsWithAdminRoleStateForUser: exception in point 2", e);
+ logger.error(EELFLoggerDelegate.errorLogger,
+ "setAppsWithAdminRoleStateForUser: exception in point 2", e);
try {
- transaction.rollback();
+ if(transaction!=null)
+ transaction.rollback();
+ else
+ logger.error(EELFLoggerDelegate.errorLogger, "setAppsWithAdminRoleStateForUser: transaction is null cannot rollback");
} catch (Exception ex) {
EPLogUtil.logEcompError(logger, EPAppMessagesEnum.BeExecuteRollbackError, e);
- logger.error(EELFLoggerDelegate.errorLogger, "setAppsWithAdminRoleStateForUser: exception in point 3", ex);
+ logger.error(EELFLoggerDelegate.errorLogger,
+ "setAppsWithAdminRoleStateForUser: exception in point 3", ex);
}
} finally {
try {
localSession.close();
} catch (Exception e) {
EPLogUtil.logEcompError(logger, EPAppMessagesEnum.BeDaoCloseSessionError, e);
- logger.error(EELFLoggerDelegate.errorLogger, "setAppsWithAdminRoleStateForUser: exception in point 4", e);
+ logger.error(EELFLoggerDelegate.errorLogger,
+ "setAppsWithAdminRoleStateForUser: exception in point 4", e);
}
}
}
return result;
}
+ @SuppressWarnings("unchecked")
+ private boolean addAdminRoleInExternalSystem(EPUser user, Session localSession,
+ List<AppNameIdIsAdmin> newAppsWhereUserIsAdmin) {
+ boolean result = false;
+ try {
+ // Reset All admin role for centralized applications
+ List<EPApp> appList = dataAccessService.executeNamedQuery("getCentralizedApps", null, null);
+ HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth();
+ for (EPApp app : appList) {
+ String name = "";
+ if (EPCommonSystemProperties
+ .containsProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_USER_DOMAIN)) {
+ name = user.getOrgUserId() + SystemProperties
+ .getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_USER_DOMAIN);
+ }
+ String extRole = app.getNameSpace() + "." + PortalConstants.ADMIN_ROLE.replaceAll(" ", "_");
+ HttpEntity<String> entity = new HttpEntity<>(headers);
+ logger.debug(EELFLoggerDelegate.debugLogger, "Connecting to External Access system");
+ try {
+ ResponseEntity<String> getResponse = template
+ .exchange(SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL)
+ + "roles/" + extRole, HttpMethod.GET, entity, String.class);
+
+ if (getResponse.getBody().equals("{}")) {
+ String addDesc = "{\"name\":\"" + extRole + "\"}";
+ HttpEntity<String> roleEntity = new HttpEntity<>(addDesc, headers);
+ template.exchange(
+ SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL)
+ + "role",
+ HttpMethod.POST, roleEntity, String.class);
+ } else {
+ try {
+ HttpEntity<String> deleteUserRole = new HttpEntity<>(headers);
+ template.exchange(
+ SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL)
+ + "userRole/" + name + "/" + extRole,
+ HttpMethod.DELETE, deleteUserRole, String.class);
+ } catch (Exception e) {
+ logger.error(EELFLoggerDelegate.errorLogger,
+ " Role not found for this user may be it gets deleted before", e);
+ }
+ }
+ } catch (Exception e) {
+ if (e.getMessage().equalsIgnoreCase("404 Not Found")) {
+ logger.debug(EELFLoggerDelegate.debugLogger, "Application Not found for app {}",
+ app.getNameSpace(), e.getMessage());
+ } else {
+ logger.error(EELFLoggerDelegate.errorLogger, "Application Not found for app {}",
+ app.getNameSpace(), e);
+ }
+ }
+ }
+ // Add admin role in external application
+ // application
+ for (AppNameIdIsAdmin appNameIdIsAdmin : newAppsWhereUserIsAdmin) {
+ EPApp app = (EPApp) localSession.get(EPApp.class, appNameIdIsAdmin.id);
+ try {
+ if (app.getCentralAuth()) {
+ String extRole = app.getNameSpace() + "." + PortalConstants.ADMIN_ROLE.replaceAll(" ", "_");
+ HttpEntity<String> entity = new HttpEntity<>(headers);
+ String name = "";
+ if (EPCommonSystemProperties
+ .containsProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_USER_DOMAIN)) {
+ name = user.getOrgUserId() + SystemProperties
+ .getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_USER_DOMAIN);
+ }
+ logger.debug(EELFLoggerDelegate.debugLogger, "Connecting to External Access system");
+ ResponseEntity<String> getUserRolesResponse = template.exchange(
+ SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL)
+ + "userRoles/user/" + name,
+ HttpMethod.GET, entity, String.class);
+ logger.debug(EELFLoggerDelegate.debugLogger, "Connected to External Access system");
+ if (!getUserRolesResponse.getBody().equals("{}")) {
+ JSONObject jsonObj = new JSONObject(getUserRolesResponse.getBody());
+ JSONArray extRoles = jsonObj.getJSONArray("userRole");
+ final Map<String, JSONObject> extUserRoles = new HashMap<>();
+ for (int i = 0; i < extRoles.length(); i++) {
+ String userRole = extRoles.getJSONObject(i).getString("role");
+ if (userRole.startsWith(app.getNameSpace() + ".")
+ && !userRole.equals(app.getNameSpace() + ".admin")
+ && !userRole.equals(app.getNameSpace() + ".owner")) {
+
+ extUserRoles.put(userRole, extRoles.getJSONObject(i));
+ }
+ }
+ if (!extUserRoles.containsKey(extRole)) {
+ // Assign with new apps user admin
+ try {
+ ExternalAccessUser extUser = new ExternalAccessUser(name, extRole);
+ // Assign user role for an application in external access system
+ ObjectMapper addUserRoleMapper = new ObjectMapper();
+ String userRole = addUserRoleMapper.writeValueAsString(extUser);
+ HttpEntity<String> addUserRole = new HttpEntity<>(userRole, headers);
+ template.exchange(
+ SystemProperties.getProperty(
+ EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "userRole",
+ HttpMethod.POST, addUserRole, String.class);
+ } catch (Exception e) {
+ logger.error(EELFLoggerDelegate.errorLogger, "Failed to add user admin role", e);
+ }
+
+ }
+ }
+ }
+ result = true;
+ } catch (Exception e) {
+ if (e.getMessage().equalsIgnoreCase("404 Not Found")) {
+ logger.debug(EELFLoggerDelegate.errorLogger,
+ "Application name space not found in External system for app {} due to bad rquest name space ",
+ app.getNameSpace(), e.getMessage());
+ } else {
+ logger.error(EELFLoggerDelegate.errorLogger, "Failed to assign admin role for application {}",
+ app.getNameSpace(), e);
+ result = false;
+ }
+ }
+ }
+ } catch (Exception e) {
+ result = false;
+ logger.error(EELFLoggerDelegate.errorLogger, "Failed to assign admin roles operation", e);
+ }
+ return result;
+ }
+
@SuppressWarnings("unchecked")
@Override
public boolean isSuperAdmin(EPUser user) {
}
} catch (Exception e) {
EPLogUtil.logEcompError(logger, EPAppMessagesEnum.BeDaoSystemError, e);
- logger.error(EELFLoggerDelegate.errorLogger, "Exception occurred while executing isSuperAdmin operation", e);
+ logger.error(EELFLoggerDelegate.errorLogger,
+ "Exception occurred while executing isSuperAdmin operation", e);
}
}
// else
public boolean isAccountAdmin(EPUser user) {
try {
EPUser currentUser = user != null
- ? (EPUser) dataAccessService.getDomainObject(EPUser.class, user.getId(), null) : null;
+ ? (EPUser) dataAccessService.getDomainObject(EPUser.class, user.getId(), null)
+ : null;
if (currentUser != null && currentUser.getId() != null) {
for (EPUserApp userApp : currentUser.getEPUserApps()) {
- if (//!userApp.getApp().getId().equals(ECOMP_APP_ID)
- // &&
- userApp.getRole().getId().equals(ACCOUNT_ADMIN_ROLE_ID)) {
+ if (// !userApp.getApp().getId().equals(ECOMP_APP_ID)
+ // &&
+ userApp.getRole().getId().equals(ACCOUNT_ADMIN_ROLE_ID)) {
// Account Administrator sees only the applications
// he/she is Administrator
return true;
}
} catch (Exception e) {
EPLogUtil.logEcompError(logger, EPAppMessagesEnum.BeDaoSystemError, e);
- logger.error(EELFLoggerDelegate.errorLogger, "Exception occurred while executing isAccountAdmin operation", e);
+ logger.error(EELFLoggerDelegate.errorLogger, "Exception occurred while executing isAccountAdmin operation",
+ e);
}
return false;
}
public boolean isUser(EPUser user) {
try {
EPUser currentUser = user != null
- ? (EPUser) dataAccessService.getDomainObject(EPUser.class, user.getId(), null) : null;
+ ? (EPUser) dataAccessService.getDomainObject(EPUser.class, user.getId(), null)
+ : null;
if (currentUser != null && currentUser.getId() != null) {
for (EPUserApp userApp : currentUser.getEPUserApps()) {
if (!userApp.getApp().getId().equals(ECOMP_APP_ID)) {
@EPMetricsLog
public List<EPRole> getRolesByApp(EPUser user, Long appId) {
List<EPRole> list = new ArrayList<>();
- String sql = "SELECT * FROM FN_ROLE WHERE APP_ID = " + appId;
+ String sql = "SELECT * FROM FN_ROLE WHERE UPPER(ACTIVE_YN) = 'Y' AND APP_ID = " + appId;
@SuppressWarnings("unchecked")
List<EPRole> roles = dataAccessService.executeSQLQuery(sql, EPRole.class, null);
- for (EPRole role: roles) {
+ for (EPRole role : roles) {
list.add(role);
}
return list;
Code Review / portal.git / blobdiff