2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
6 * ================================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END=========================================================
20 package org.openecomp.sdc.be.servlets;
22 import com.jcabi.aspects.Loggable;
23 import io.swagger.v3.oas.annotations.Operation;
24 import io.swagger.v3.oas.annotations.Parameter;
25 import io.swagger.v3.oas.annotations.media.ArraySchema;
26 import io.swagger.v3.oas.annotations.media.Content;
27 import io.swagger.v3.oas.annotations.media.Schema;
28 import io.swagger.v3.oas.annotations.responses.ApiResponse;
29 import io.swagger.v3.oas.annotations.servers.Server;
30 import io.swagger.v3.oas.annotations.servers.Servers;
31 import io.swagger.v3.oas.annotations.tags.Tag;
32 import io.swagger.v3.oas.annotations.tags.Tags;
33 import java.util.ArrayList;
34 import java.util.List;
35 import javax.servlet.http.HttpServletRequest;
36 import javax.ws.rs.Consumes;
37 import javax.ws.rs.DELETE;
38 import javax.ws.rs.GET;
39 import javax.ws.rs.HeaderParam;
40 import javax.ws.rs.POST;
41 import javax.ws.rs.Path;
42 import javax.ws.rs.PathParam;
43 import javax.ws.rs.Produces;
44 import javax.ws.rs.QueryParam;
45 import javax.ws.rs.core.Context;
46 import javax.ws.rs.core.MediaType;
47 import javax.ws.rs.core.Response;
48 import org.eclipse.jetty.http.HttpStatus;
49 import org.openecomp.sdc.be.components.impl.aaf.AafPermission;
50 import org.openecomp.sdc.be.components.impl.aaf.PermissionAllowed;
51 import org.openecomp.sdc.be.impl.ComponentsUtils;
52 import org.openecomp.sdc.be.model.User;
53 import org.openecomp.sdc.be.user.Role;
54 import org.openecomp.sdc.be.user.UserBusinessLogic;
55 import org.openecomp.sdc.be.user.UserBusinessLogicExt;
56 import org.openecomp.sdc.common.api.Constants;
57 import org.openecomp.sdc.common.log.wrappers.Logger;
58 import org.springframework.stereotype.Controller;
60 @Loggable(prepend = true, value = Loggable.DEBUG, trim = false)
62 @Tags({@Tag(name = "SDCE-2 APIs")})
63 @Servers({@Server(url = "/sdc2/rest")})
65 public class UserAdminServlet extends BeGenericServlet {
67 private static final String ROLE_DELIMITER = ",";
68 private static final Logger log = Logger.getLogger(UserAdminServlet.class);
69 private final UserBusinessLogic userBusinessLogic;
70 private final UserBusinessLogicExt userBusinessLogicExt;
72 UserAdminServlet(UserBusinessLogic userBusinessLogic, ComponentsUtils componentsUtils, UserBusinessLogicExt userBusinessLogicExt) {
73 super(componentsUtils);
74 this.userBusinessLogic = userBusinessLogic;
75 this.userBusinessLogicExt = userBusinessLogicExt;
78 // retrieve all user details
81 @Consumes(MediaType.APPLICATION_JSON)
82 @Produces(MediaType.APPLICATION_JSON)
83 @Operation(description = "retrieve user details", method = "GET", summary = "Returns user details according to userId", responses = {
84 @ApiResponse(content = @Content(array = @ArraySchema(schema = @Schema(implementation = User.class)))),
85 @ApiResponse(responseCode = "200", description = "Returns user Ok"), @ApiResponse(responseCode = "404", description = "User not found"),
86 @ApiResponse(responseCode = "405", description = "Method Not Allowed"),
87 @ApiResponse(responseCode = "500", description = "Internal Server Error")})
88 @PermissionAllowed(AafPermission.PermNames.INTERNAL_ALL_VALUE)
89 public User get(@Parameter(description = "userId of user to get", required = true) @PathParam("userId") final String userId,
90 @Context final HttpServletRequest request) {
91 return userBusinessLogic.getUser(userId, false);
93 /////////////////////////////////////////////////////////////////////////////////////////////////////
96 @Path("/{userId}/role")
97 @Consumes(MediaType.APPLICATION_JSON)
98 @Produces(MediaType.APPLICATION_JSON)
99 @Operation(description = "retrieve user role", summary = "Returns user role according to userId", responses = {
100 @ApiResponse(content = @Content(array = @ArraySchema(schema = @Schema(implementation = String.class)))),
101 @ApiResponse(responseCode = "200", description = "Returns user role Ok"), @ApiResponse(responseCode = "404", description = "User not found"),
102 @ApiResponse(responseCode = "405", description = "Method Not Allowed"),
103 @ApiResponse(responseCode = "500", description = "Internal Server Error")})
104 @PermissionAllowed(AafPermission.PermNames.INTERNAL_ALL_VALUE)
105 public String getRole(@Parameter(description = "userId of user to get", required = true) @PathParam("userId") final String userId,
106 @Context final HttpServletRequest request) {
107 User user = userBusinessLogic.getUser(userId, false);
108 return "{ \"role\" : \"" + user.getRole() + "\" }";
113 @Path("/{userId}/role")
114 @Consumes(MediaType.APPLICATION_JSON)
115 @Produces(MediaType.APPLICATION_JSON)
116 @Operation(description = "update user role", summary = "Update user role", responses = {
117 @ApiResponse(content = @Content(array = @ArraySchema(schema = @Schema(implementation = User.class)))),
118 @ApiResponse(responseCode = "200", description = "Update user OK"), @ApiResponse(responseCode = "400", description = "Invalid Content."),
119 @ApiResponse(responseCode = "403", description = "Missing information/Restricted operation"),
120 @ApiResponse(responseCode = "404", description = "User not found"), @ApiResponse(responseCode = "405", description = "Method Not Allowed"),
121 @ApiResponse(responseCode = "409", description = "User already exists"),
122 @ApiResponse(responseCode = "500", description = "Internal Server Error")})
123 @PermissionAllowed(AafPermission.PermNames.INTERNAL_ALL_VALUE)
124 public User updateUserRole(@Parameter(description = "userId of user to get", required = true) @PathParam("userId") final String userIdUpdateUser,
125 @Context final HttpServletRequest request,
126 @Parameter(description = "json describe the update role", required = true) UserRole newRole,
127 @HeaderParam(value = Constants.USER_ID_HEADER) String modifierUserId) {
128 return userBusinessLogic.updateUserRole(modifierUserId, userIdUpdateUser, newRole.getRole().name());
130 /////////////////////////////////////////////////////////////////////////////////////////////////////
133 @Consumes(MediaType.APPLICATION_JSON)
134 @Produces(MediaType.APPLICATION_JSON)
135 @Operation(description = "add user", method = "POST", summary = "Provision new user", responses = {
136 @ApiResponse(content = @Content(array = @ArraySchema(schema = @Schema(implementation = User.class)))),
137 @ApiResponse(responseCode = "201", description = "New user created"), @ApiResponse(responseCode = "400", description = "Invalid Content."),
138 @ApiResponse(responseCode = "403", description = "Missing information"),
139 @ApiResponse(responseCode = "405", description = "Method Not Allowed"),
140 @ApiResponse(responseCode = "409", description = "User already exists"),
141 @ApiResponse(responseCode = "500", description = "Internal Server Error")})
142 public Response createUser(@Context final HttpServletRequest request,
143 @Parameter(description = "json describe the user", required = true) User newUser,
144 @HeaderParam(value = Constants.USER_ID_HEADER) String modifierAttId) {
145 log.debug("modifier id is {}", modifierAttId);
146 User user = userBusinessLogic.createUser(modifierAttId, newUser);
147 return Response.status(HttpStatus.CREATED_201).entity(user).build();
152 @Consumes(MediaType.APPLICATION_JSON)
153 @Produces(MediaType.APPLICATION_JSON)
154 @Operation(description = "authorize", summary = "authorize user", responses = {
155 @ApiResponse(content = @Content(array = @ArraySchema(schema = @Schema(implementation = User.class)))),
156 @ApiResponse(responseCode = "200", description = "Returns user Ok"), @ApiResponse(responseCode = "403", description = "Restricted Access"),
157 @ApiResponse(responseCode = "500", description = "Internal Server Error")})
158 @PermissionAllowed(AafPermission.PermNames.INTERNAL_ALL_VALUE)
159 public User authorize(@HeaderParam(value = Constants.USER_ID_HEADER) String userId, @HeaderParam("HTTP_CSP_FIRSTNAME") String firstName,
160 @HeaderParam("HTTP_CSP_LASTNAME") String lastName, @HeaderParam("HTTP_CSP_EMAIL") String email) {
161 User authUser = new User();
162 authUser.setUserId(userId);
163 authUser.setFirstName(firstName);
164 authUser.setLastName(lastName);
165 authUser.setEmail(email);
166 return userBusinessLogic.authorize(authUser);
171 @Consumes(MediaType.APPLICATION_JSON)
172 @Produces(MediaType.APPLICATION_JSON)
173 @Operation(description = "retrieve all administrators", method = "GET", summary = "Returns all administrators", responses = {
174 @ApiResponse(content = @Content(array = @ArraySchema(schema = @Schema(implementation = User.class)))),
175 @ApiResponse(responseCode = "200", description = "Returns user Ok"), @ApiResponse(responseCode = "405", description = "Method Not Allowed"),
176 @ApiResponse(responseCode = "500", description = "Internal Server Error")})
177 @PermissionAllowed(AafPermission.PermNames.INTERNAL_ALL_VALUE)
178 public List<User> getAdminsUser(@Context final HttpServletRequest request) {
179 return userBusinessLogic.getAllAdminUsers();
184 @Consumes(MediaType.APPLICATION_JSON)
185 @Produces(MediaType.APPLICATION_JSON)
186 @Operation(description = "Retrieve the list of all active ASDC users or only group of users having specific roles.", method = "GET", summary = "Returns list of users with the specified roles, or all of users in the case of empty 'roles' header", responses = {
187 @ApiResponse(content = @Content(array = @ArraySchema(schema = @Schema(implementation = User.class)))),
188 @ApiResponse(responseCode = "200", description = "Returns users Ok"),
189 @ApiResponse(responseCode = "204", description = "No provisioned ASDC users of requested role"),
190 @ApiResponse(responseCode = "403", description = "Restricted Access"), @ApiResponse(responseCode = "400", description = "Missing content"),
191 @ApiResponse(responseCode = "500", description = "Internal Server Error")})
192 public List<User> getUsersList(@Context final HttpServletRequest request,
193 @Parameter(description = "Any active user's USER_ID ") @HeaderParam(Constants.USER_ID_HEADER) final String userId,
194 @Parameter(description = "TESTER,DESIGNER,PRODUCT_STRATEGIST,OPS,PRODUCT_MANAGER,GOVERNOR, ADMIN OR all users by not typing anything") @QueryParam("roles") final String roles) {
195 String url = request.getMethod() + " " + request.getRequestURI();
196 log.debug("Start handle request of {} modifier id is {}", url, userId);
197 List<String> rolesList = new ArrayList<>();
198 if (roles != null && !roles.trim().isEmpty()) {
199 String[] rolesArr = roles.split(ROLE_DELIMITER);
200 for (String role : rolesArr) {
201 rolesList.add(role.trim());
204 return userBusinessLogic.getUsersList(userId, rolesList, roles);
209 @Consumes(MediaType.APPLICATION_JSON)
210 @Produces(MediaType.APPLICATION_JSON)
211 @Operation(description = "delete user", summary = "Delete user", responses = {
212 @ApiResponse(content = @Content(array = @ArraySchema(schema = @Schema(implementation = User.class)))),
213 @ApiResponse(responseCode = "200", description = "Update deleted OK"), @ApiResponse(responseCode = "400", description = "Invalid Content."),
214 @ApiResponse(responseCode = "403", description = "Missing information"), @ApiResponse(responseCode = "404", description = "User not found"),
215 @ApiResponse(responseCode = "405", description = "Method Not Allowed"),
216 @ApiResponse(responseCode = "409", description = "Restricted operation"),
217 @ApiResponse(responseCode = "500", description = "Internal Server Error")})
218 @PermissionAllowed(AafPermission.PermNames.INTERNAL_ALL_VALUE)
219 public User deActivateUser(@Parameter(description = "userId of user to get", required = true) @PathParam("userId") final String userId,
220 @Context final HttpServletRequest request, @HeaderParam(value = Constants.USER_ID_HEADER) String modifierId) {
221 return userBusinessLogicExt.deActivateUser(modifierId, userId);
224 static class UserRole {
228 public Role getRole() {
232 public void setRole(Role role) {