2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
6 * ================================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END=========================================================
20 package org.openecomp.sdc.be.servlets;
22 import com.jcabi.aspects.Loggable;
23 import io.swagger.v3.oas.annotations.Operation;
24 import io.swagger.v3.oas.annotations.Parameter;
25 import io.swagger.v3.oas.annotations.media.ArraySchema;
26 import io.swagger.v3.oas.annotations.media.Content;
27 import io.swagger.v3.oas.annotations.media.Schema;
28 import io.swagger.v3.oas.annotations.responses.ApiResponse;
29 import io.swagger.v3.oas.annotations.servers.Server;
30 import io.swagger.v3.oas.annotations.servers.Servers;
31 import io.swagger.v3.oas.annotations.tags.Tag;
32 import io.swagger.v3.oas.annotations.tags.Tags;
33 import java.util.ArrayList;
34 import java.util.List;
35 import javax.servlet.http.HttpServletRequest;
36 import javax.ws.rs.Consumes;
37 import javax.ws.rs.DELETE;
38 import javax.ws.rs.GET;
39 import javax.ws.rs.HeaderParam;
40 import javax.ws.rs.POST;
41 import javax.ws.rs.Path;
42 import javax.ws.rs.PathParam;
43 import javax.ws.rs.Produces;
44 import javax.ws.rs.QueryParam;
45 import javax.ws.rs.core.Context;
46 import javax.ws.rs.core.MediaType;
47 import javax.ws.rs.core.Response;
48 import org.eclipse.jetty.http.HttpStatus;
49 import org.openecomp.sdc.be.impl.ComponentsUtils;
50 import org.openecomp.sdc.be.model.User;
51 import org.openecomp.sdc.be.user.Role;
52 import org.openecomp.sdc.be.user.UserBusinessLogic;
53 import org.openecomp.sdc.be.user.UserBusinessLogicExt;
54 import org.openecomp.sdc.common.api.Constants;
55 import org.openecomp.sdc.common.log.wrappers.Logger;
56 import org.springframework.stereotype.Controller;
58 @Loggable(prepend = true, value = Loggable.DEBUG, trim = false)
60 @Tags({@Tag(name = "SDCE-2 APIs")})
61 @Servers({@Server(url = "/sdc2/rest")})
63 public class UserAdminServlet extends BeGenericServlet {
65 private static final String ROLE_DELIMITER = ",";
66 private static final Logger log = Logger.getLogger(UserAdminServlet.class);
67 private final UserBusinessLogic userBusinessLogic;
68 private final UserBusinessLogicExt userBusinessLogicExt;
70 UserAdminServlet(UserBusinessLogic userBusinessLogic, ComponentsUtils componentsUtils, UserBusinessLogicExt userBusinessLogicExt) {
71 super(componentsUtils);
72 this.userBusinessLogic = userBusinessLogic;
73 this.userBusinessLogicExt = userBusinessLogicExt;
76 // retrieve all user details
79 @Consumes(MediaType.APPLICATION_JSON)
80 @Produces(MediaType.APPLICATION_JSON)
81 @Operation(description = "retrieve user details", method = "GET", summary = "Returns user details according to userId", responses = {
82 @ApiResponse(content = @Content(array = @ArraySchema(schema = @Schema(implementation = User.class)))),
83 @ApiResponse(responseCode = "200", description = "Returns user Ok"), @ApiResponse(responseCode = "404", description = "User not found"),
84 @ApiResponse(responseCode = "405", description = "Method Not Allowed"),
85 @ApiResponse(responseCode = "500", description = "Internal Server Error")})
86 public User get(@Parameter(description = "userId of user to get", required = true) @PathParam("userId") final String userId,
87 @Context final HttpServletRequest request) {
88 return userBusinessLogic.getUser(userId, false);
90 /////////////////////////////////////////////////////////////////////////////////////////////////////
93 @Path("/{userId}/role")
94 @Consumes(MediaType.APPLICATION_JSON)
95 @Produces(MediaType.APPLICATION_JSON)
96 @Operation(description = "retrieve user role", summary = "Returns user role according to userId", responses = {
97 @ApiResponse(content = @Content(array = @ArraySchema(schema = @Schema(implementation = String.class)))),
98 @ApiResponse(responseCode = "200", description = "Returns user role Ok"), @ApiResponse(responseCode = "404", description = "User not found"),
99 @ApiResponse(responseCode = "405", description = "Method Not Allowed"),
100 @ApiResponse(responseCode = "500", description = "Internal Server Error")})
101 public String getRole(@Parameter(description = "userId of user to get", required = true) @PathParam("userId") final String userId,
102 @Context final HttpServletRequest request) {
103 User user = userBusinessLogic.getUser(userId, false);
104 return "{ \"role\" : \"" + user.getRole() + "\" }";
109 @Path("/{userId}/role")
110 @Consumes(MediaType.APPLICATION_JSON)
111 @Produces(MediaType.APPLICATION_JSON)
112 @Operation(description = "update user role", summary = "Update user role", responses = {
113 @ApiResponse(content = @Content(array = @ArraySchema(schema = @Schema(implementation = User.class)))),
114 @ApiResponse(responseCode = "200", description = "Update user OK"), @ApiResponse(responseCode = "400", description = "Invalid Content."),
115 @ApiResponse(responseCode = "403", description = "Missing information/Restricted operation"),
116 @ApiResponse(responseCode = "404", description = "User not found"), @ApiResponse(responseCode = "405", description = "Method Not Allowed"),
117 @ApiResponse(responseCode = "409", description = "User already exists"),
118 @ApiResponse(responseCode = "500", description = "Internal Server Error")})
119 public User updateUserRole(@Parameter(description = "userId of user to get", required = true) @PathParam("userId") final String userIdUpdateUser,
120 @Context final HttpServletRequest request,
121 @Parameter(description = "json describe the update role", required = true) UserRole newRole,
122 @HeaderParam(value = Constants.USER_ID_HEADER) String modifierUserId) {
123 return userBusinessLogic.updateUserRole(modifierUserId, userIdUpdateUser, newRole.getRole().name());
125 /////////////////////////////////////////////////////////////////////////////////////////////////////
128 @Consumes(MediaType.APPLICATION_JSON)
129 @Produces(MediaType.APPLICATION_JSON)
130 @Operation(description = "add user", method = "POST", summary = "Provision new user", responses = {
131 @ApiResponse(content = @Content(array = @ArraySchema(schema = @Schema(implementation = User.class)))),
132 @ApiResponse(responseCode = "201", description = "New user created"), @ApiResponse(responseCode = "400", description = "Invalid Content."),
133 @ApiResponse(responseCode = "403", description = "Missing information"),
134 @ApiResponse(responseCode = "405", description = "Method Not Allowed"),
135 @ApiResponse(responseCode = "409", description = "User already exists"),
136 @ApiResponse(responseCode = "500", description = "Internal Server Error")})
137 public Response createUser(@Context final HttpServletRequest request,
138 @Parameter(description = "json describe the user", required = true) User newUser,
139 @HeaderParam(value = Constants.USER_ID_HEADER) String modifierAttId) {
140 log.debug("modifier id is {}", modifierAttId);
141 User user = userBusinessLogic.createUser(modifierAttId, newUser);
142 return Response.status(HttpStatus.CREATED_201).entity(user).build();
147 @Consumes(MediaType.APPLICATION_JSON)
148 @Produces(MediaType.APPLICATION_JSON)
149 @Operation(description = "authorize", summary = "authorize user", responses = {
150 @ApiResponse(content = @Content(array = @ArraySchema(schema = @Schema(implementation = User.class)))),
151 @ApiResponse(responseCode = "200", description = "Returns user Ok"), @ApiResponse(responseCode = "403", description = "Restricted Access"),
152 @ApiResponse(responseCode = "500", description = "Internal Server Error")})
153 public User authorize(@HeaderParam(value = Constants.USER_ID_HEADER) String userId, @HeaderParam("HTTP_CSP_FIRSTNAME") String firstName,
154 @HeaderParam("HTTP_CSP_LASTNAME") String lastName, @HeaderParam("HTTP_CSP_EMAIL") String email) {
155 User authUser = new User();
156 authUser.setUserId(userId);
157 authUser.setFirstName(firstName);
158 authUser.setLastName(lastName);
159 authUser.setEmail(email);
160 return userBusinessLogic.authorize(authUser);
165 @Consumes(MediaType.APPLICATION_JSON)
166 @Produces(MediaType.APPLICATION_JSON)
167 @Operation(description = "retrieve all administrators", method = "GET", summary = "Returns all administrators", responses = {
168 @ApiResponse(content = @Content(array = @ArraySchema(schema = @Schema(implementation = User.class)))),
169 @ApiResponse(responseCode = "200", description = "Returns user Ok"), @ApiResponse(responseCode = "405", description = "Method Not Allowed"),
170 @ApiResponse(responseCode = "500", description = "Internal Server Error")})
171 public List<User> getAdminsUser(@Context final HttpServletRequest request) {
172 return userBusinessLogic.getAllAdminUsers();
177 @Consumes(MediaType.APPLICATION_JSON)
178 @Produces(MediaType.APPLICATION_JSON)
179 @Operation(description = "Retrieve the list of all active ASDC users or only group of users having specific roles.", method = "GET", summary = "Returns list of users with the specified roles, or all of users in the case of empty 'roles' header", responses = {
180 @ApiResponse(content = @Content(array = @ArraySchema(schema = @Schema(implementation = User.class)))),
181 @ApiResponse(responseCode = "200", description = "Returns users Ok"),
182 @ApiResponse(responseCode = "204", description = "No provisioned ASDC users of requested role"),
183 @ApiResponse(responseCode = "403", description = "Restricted Access"), @ApiResponse(responseCode = "400", description = "Missing content"),
184 @ApiResponse(responseCode = "500", description = "Internal Server Error")})
185 public List<User> getUsersList(@Context final HttpServletRequest request,
186 @Parameter(description = "Any active user's USER_ID ") @HeaderParam(Constants.USER_ID_HEADER) final String userId,
187 @Parameter(description = "TESTER,DESIGNER,PRODUCT_STRATEGIST,OPS,PRODUCT_MANAGER,GOVERNOR, ADMIN OR all users by not typing anything") @QueryParam("roles") final String roles) {
188 String url = request.getMethod() + " " + request.getRequestURI();
189 log.debug("Start handle request of {} modifier id is {}", url, userId);
190 List<String> rolesList = new ArrayList<>();
191 if (roles != null && !roles.trim().isEmpty()) {
192 String[] rolesArr = roles.split(ROLE_DELIMITER);
193 for (String role : rolesArr) {
194 rolesList.add(role.trim());
197 return userBusinessLogic.getUsersList(userId, rolesList, roles);
202 @Consumes(MediaType.APPLICATION_JSON)
203 @Produces(MediaType.APPLICATION_JSON)
204 @Operation(description = "delete user", summary = "Delete user", responses = {
205 @ApiResponse(content = @Content(array = @ArraySchema(schema = @Schema(implementation = User.class)))),
206 @ApiResponse(responseCode = "200", description = "Update deleted OK"), @ApiResponse(responseCode = "400", description = "Invalid Content."),
207 @ApiResponse(responseCode = "403", description = "Missing information"), @ApiResponse(responseCode = "404", description = "User not found"),
208 @ApiResponse(responseCode = "405", description = "Method Not Allowed"),
209 @ApiResponse(responseCode = "409", description = "Restricted operation"),
210 @ApiResponse(responseCode = "500", description = "Internal Server Error")})
211 public User deActivateUser(@Parameter(description = "userId of user to get", required = true) @PathParam("userId") final String userId,
212 @Context final HttpServletRequest request, @HeaderParam(value = Constants.USER_ID_HEADER) String modifierId) {
213 return userBusinessLogicExt.deActivateUser(modifierId, userId);
216 static class UserRole {
220 public Role getRole() {
224 public void setRole(Role role) {