VOLUME ${TOMCATHOME}/logs
+# Switch to unprivileged user
RUN addgroup -g 1000 -S portal && adduser -u 1000 -S portal -G portal && chown -R portal:portal . && chmod -R 777 /etc/ssl/certs/java /var/
+USER portal
# Switch back to root
WORKDIR /
VOLUME ${TOMCATHOME}/logs
+# Switch to unprivileged user
+RUN addgroup -g 1000 -S portal && adduser -u 1000 -S portal -G portal
+USER portal
+
# Switch back to root
WORKDIR /
VOLUME ${TOMCATHOME}/logs
+# Switch to unprivileged user
+RUN addgroup -g 1000 -S portal && adduser -u 1000 -S portal -G portal
+USER portal
+
# Switch back to root
WORKDIR /
# Launch script
COPY start-wms.sh /
+# Switch to unprivileged user
RUN addgroup -g 1000 -S portal && adduser -u 1000 -S portal -G portal && mkdir logs / && chown -R portal:portal /start-wms.sh /tmp /etc/ssl/certs/java /logs && chmod -R 755 /start-wms.sh /etc/ssl/certs/java /logs /tmp
+USER portal
# Define default command
CMD /start-wms.sh
* ============LICENSE_START==========================================
* ONAP Portal
* ===================================================================
- * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
+ * Copyright (C) 2020 AT&T Intellectual Property. All rights reserved.
* ===================================================================
*
* Unless otherwise specified, all software contained herein is licensed
import javax.servlet.http.HttpServletResponse;
import org.apache.cxf.transport.http.HTTPException;
import org.onap.portalapp.controller.EPRestrictedBaseController;
+import org.onap.portalapp.portal.domain.EPApp;
import org.onap.portalapp.portal.domain.EPRole;
import org.onap.portalapp.portal.domain.EPUser;
import org.onap.portalapp.portal.domain.EPUserAppCatalogRoles;
import org.onap.portalapp.portal.logging.logic.EPLogUtil;
import org.onap.portalapp.portal.service.AdminRolesService;
import org.onap.portalapp.portal.service.ApplicationsRestClientService;
+import org.onap.portalapp.portal.service.EPAppService;
import org.onap.portalapp.portal.service.SearchService;
import org.onap.portalapp.portal.service.UserRolesService;
import org.onap.portalapp.portal.transport.AppNameIdIsAdmin;
import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
import org.onap.portalsdk.core.restful.domain.EcompRole;
import org.onap.portalsdk.core.service.AuditService;
+import org.onap.portalsdk.core.service.DataAccessService;
import org.onap.portalsdk.core.util.SystemProperties;
import org.slf4j.MDC;
import org.springframework.beans.factory.annotation.Autowired;
private ApplicationsRestClientService applicationsRestClientService;
@Autowired
private AuditService auditService;
+ @Autowired
+ private DataAccessService dataAccessService;
private static final String FAILURE = "failure";
EcompPortalUtils.setBadPermissions(user, response, "getAppRolesForUser");
feErrorString = EcompPortalUtils.getFEErrorString(true, response.getStatus());
} else {
+ try {
+ if(orgUserId!=null) {
+ EPUser localUser = getUserInfo(orgUserId,applicationsRestClientService);
+ if(localUser !=null) {
+ if(localUser.isSystemUser()) {
+ isSystemUser = true;
+ }
+ }
+ }
+ } catch (Exception e) {
+ logger.error(EELFLoggerDelegate.errorLogger, "isSystemUser update failed", e);
+ }
if ((!isSystemUser && EcompPortalUtils.legitimateUserId(orgUserId)) || isSystemUser) {
result = userRolesService.getAppRolesForUser(appid, orgUserId, extRequestValue, user);
logger.debug(EELFLoggerDelegate.debugLogger, "getAppRolesForUser: result {}, appId {}", result, appid);
}
return isSuperAdmin;
}
+
+ /**
+ *
+ * @param userId
+ * @param app
+ * @param applicationsRestClientService
+ * @return EPUser
+ * @throws HTTPException
+ */
+ protected EPUser getUserInfo(String userId, ApplicationsRestClientService applicationsRestClientService)
+ throws HTTPException {
+ @SuppressWarnings("unchecked")
+ List<EPUser> userList = (List<EPUser>) dataAccessService
+ .executeQuery("from EPUser where orgUserId='" + userId + "'", null);
+ if (userList != null && !userList.isEmpty())
+ return userList.get(0);
+ else
+ return null;
+ }
}
* ============LICENSE_START==========================================
* ONAP Portal
* ===================================================================
- * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
+ * Copyright (C) 2020 AT&T Intellectual Property. All rights reserved.
* ===================================================================
*
* Unless otherwise specified, all software contained herein is licensed
* @param roleInAppUser Contains list of active roles
*/
@SuppressWarnings("unchecked")
- private void updateUserRolesInExternalSystem(EPApp app, String orgUserId, List<RoleInAppForUser> roleInAppUser, boolean isPortalRequest,boolean isSystemUser,Set<EcompRole> deletedRolesByApprover,boolean isLoggedInUserRoleAdminofApp) throws Exception
+ private void updateUserRolesInExternalSystem(EPApp app, String orgUserId, List<RoleInAppForUser> roleInAppUser, boolean isPortalRequest,boolean nonHumanUserId,Set<EcompRole> deletedRolesByApprover,boolean isLoggedInUserRoleAdminofApp) throws Exception
{
try {
// check if user exists
userParams.put("orgUserIdValue", orgUserId);
List<EPUser> userInfo = checkIfUserExists(userParams);
if (userInfo.isEmpty()) {
- createLocalUserIfNecessary(orgUserId, isSystemUser);
+ createLocalUserIfNecessary(orgUserId, nonHumanUserId);
}
String name = "";
if (EPCommonSystemProperties
- .containsProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_USER_DOMAIN) && !isSystemUser) {
- name = orgUserId
- + SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_USER_DOMAIN);
+ .containsProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_USER_DOMAIN) && !nonHumanUserId) {
+ if(orgUserId.indexOf("@") ==-1) {
+ name = orgUserId + SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_USER_DOMAIN);
+ }else {
+ name = orgUserId;
+ }
} else {
name = orgUserId;
+ if(nonHumanUserId && orgUserId!=null) {
+ if(orgUserId.indexOf("@") ==-1) {
+ name = orgUserId + SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_USER_DOMAIN);
+ }
+ }
}
ObjectMapper mapper = new ObjectMapper();
HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth();
<module>ecomp-portal-BE-os</module>
<module>portal-FE-os</module>
<module>ecomp-portal-widget-ms</module>
- <module>portal-BE</module>
</modules>
<properties>
<nav [ngStyle]="{'right': isOpen ? '18px' : '-75px' }" class="usb-item usb-item-vertical usb-item-right" id="usb-item-s2">
<h3>Online Users</h3>
<div *ngFor="let user of userList" style="font-size: 10px;">
- <a [href]="user.linkQ"><img class="activeUserIcon" [src]="user.linkPic" alt="User Link"></a>
+ <a [href]="user.linkQ" *ngIf="(user.linkPicURL !='')">
+ <img class="activeUserIcon" [src]="user.linkPic" alt="User Link">
+ </a>
+ <a [href]="user.linkQ"><i *ngIf="(user.linkPicURL == '')" class="activeUserIcon default-user-icon icon ion-md-person"></i></a>
<div class="userId-txt">{{user.userId}}</div>
</div>
</nav>
\ No newline at end of file
width: 55px;
border-radius: 50%;
}
+
+.default-user-icon{
+ font-size: 45px;
+ display: block;
+ color: black;
+}
\ No newline at end of file
for (var i = 0; i < maxItems; i++) {
var data = {
userId: _res[i],
- linkQ: this.api.linkQ,
- linkPic: this.api.linkPic
+ linkQ: this.sanitizer.bypassSecurityTrustResourceUrl(this.api.linkQ + _res[i]),
+ linkPic: this.api.linkPic + _res[i],
+ linkPicURL:this.api.linkPic
}
this.userList.push(data);
}
} else {
resJson.index = 3;
- }
-
- this.selectedSortType = this.sortOptions[resJson.index];
+ }
+ this.selectedSortType = this.sortOptions[resJson.index];
//console.log(this.selectedSortType);
- this.getAppCatalogService(data);
+ this.getAppCatalogService(data);
}
+ else {
+ this.sortTypeChanged('N');
+ }
+
+
}, error => {
console.log('getUserAppsSortTypePreference Error Object' + error.message);
});
getAppCatalogService(userAppSortTypePref: string) {
//console.log("getAppCatalogServices called");
+ if(!userAppSortTypePref)
+ {
+ userAppSortTypePref = "N";
+ this.selectedSortType = this.sortOptions[0];
+ //console.log("userAppSortTypePref"+userAppSortTypePref);
+ }
this.applicationCatalogService.getAppsOrderBySortPref(userAppSortTypePref).subscribe(data => {
//console.log("Response data" + data);
this.appCatalogData = data;
* ============LICENSE_START==========================================
* ONAP Portal
* ===================================================================
- * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
+ * Copyright (C) 2020 AT&T Intellectual Property. All rights reserved.
* ===================================================================
*
* Unless otherwise specified, all software contained herein is licensed
openExistingUserModal(userData: any) {
const modalRef = this.ngbModal.open(NewUserModalComponent);
- modalRef.componentInstance.userTitle = `${userData.firstName}, ${userData.lastName} ` + '(' + `${userData.orgUserId}` + ')';
+ let firstName = '';
+ let lastName = '';
+ let orgUserId = '';
+ if(userData && userData.firstName && userData.firstName!=null){
+ firstName = userData.firstName;
+ }
+ if(userData && userData.lastName && userData.lastName!=null){
+ lastName = ',' + userData.lastName;
+ }
+ if(userData && userData.orgUserId && userData.orgUserId!=null){
+ orgUserId = ' (' +userData.orgUserId + ')';
+ }
+ modalRef.componentInstance.userTitle = `${firstName} ${lastName} ${orgUserId}` ;
modalRef.componentInstance.dialogState = 2;
modalRef.componentInstance.userModalData = userData;
modalRef.componentInstance.disableBack = true;
searchUserRadioChange($event: MatRadioChange) {
if ($event.value === 'System') {
this.searchTitleText = 'Enter System UserID';
- this.placeholderText = 'xxxxxx@org.com';
+ this.placeholderText = 'xxxxxx or xxxxxx@org.com';
this.isSystemUserCheck = true;
} else {
this.searchTitleText = 'Enter First Name, Last Name or ATTUID';
import { Observable } from 'rxjs';
import { v4 as uuid } from 'uuid';
import { Injectable } from '@angular/core';
-declare const getWebJunctionXSRFToken: any;
+declare const getXSRFToken: any;
@Injectable()
export class HeaderInterceptor implements HttpInterceptor {
intercept(req: HttpRequest<any>, next: HttpHandler): Observable<HttpEvent<any>> {
// Clone the request to add the new header
// HttpHeader object immutable - copy values
+ var XSRFToken = getXSRFToken();
const headerSettings: { [name: string]: string | string[]; } = {};
headerSettings['X-ECOMP-RequestID'] = uuid();
const requestType = req.params.get('requestType');
+
+ if (XSRFToken && XSRFToken.name && XSRFToken.value)
+ headerSettings['X-XSRF-TOKEN'] = XSRFToken.value;
+
if(requestType!=null && requestType==='fileUpload'){
//headerSettings['Content-Type'] = 'multipart/form-data';
}else if(requestType!=null && requestType==='downloadWidgetFile'){
+function getXSRFToken() {
+ var cookies = getCookies();
+ var XSRFToken = {
+ name:'',
+ value:''
+ };
+ //var contextRoot = getContextRoot();
+ var hasXSRFToken = false;
+ for(var name in cookies) {
+ if(name == "XSRF-TOKEN") {
+ XSRFToken.name = name;
+ XSRFToken.value = cookies[name];
+ hasXSRFToken = true;
+ }
+ }
+
+ return (hasXSRFToken==false)?null:XSRFToken;
+}
+
+
function getCookies() {
var cookies = { };
if (document.cookie && document.cookie != '') {
Code Review / portal.git / commitdiff