diff options
Diffstat (limited to 'vid-app-common/src/main/java/org/onap/vid/roles')
4 files changed, 248 insertions, 0 deletions
diff --git a/vid-app-common/src/main/java/org/onap/vid/roles/EcompRole.java b/vid-app-common/src/main/java/org/onap/vid/roles/EcompRole.java new file mode 100644 index 000000000..63492cd97 --- /dev/null +++ b/vid-app-common/src/main/java/org/onap/vid/roles/EcompRole.java @@ -0,0 +1,5 @@ +package org.onap.vid.roles; + +public enum EcompRole { + READ; +} diff --git a/vid-app-common/src/main/java/org/onap/vid/roles/Role.java b/vid-app-common/src/main/java/org/onap/vid/roles/Role.java new file mode 100644 index 000000000..902da5bcd --- /dev/null +++ b/vid-app-common/src/main/java/org/onap/vid/roles/Role.java @@ -0,0 +1,48 @@ +package org.onap.vid.roles; + +/** + * Created by Oren on 7/1/17. + */ + +public class Role { + + private EcompRole ecompRole; + + private String subscribeName; + + private String serviceType; + + private String tenant; + + public Role(EcompRole ecompRole, String subscribeName, String serviceType, String tenant) { + this.ecompRole = ecompRole; + this.subscribeName = subscribeName; + this.serviceType = serviceType; + this.tenant = tenant; + } + + public EcompRole getEcompRole() { + return ecompRole; + } + + + public String getSubscribeName() { + return subscribeName; + } + + public void setSubscribeName(String subscribeName) { + this.subscribeName = subscribeName; + } + + public String getServiceType() { + return serviceType; + } + + + public String getTenant() { + return tenant; + } + + + +} diff --git a/vid-app-common/src/main/java/org/onap/vid/roles/RoleProvider.java b/vid-app-common/src/main/java/org/onap/vid/roles/RoleProvider.java new file mode 100644 index 000000000..63cc2bbb0 --- /dev/null +++ b/vid-app-common/src/main/java/org/onap/vid/roles/RoleProvider.java @@ -0,0 +1,138 @@ +package org.onap.vid.roles; + +import com.fasterxml.jackson.core.JsonProcessingException; +import com.fasterxml.jackson.databind.ObjectMapper; +import org.openecomp.portalsdk.core.logging.logic.EELFLoggerDelegate; +import org.openecomp.portalsdk.core.web.support.UserUtils; +import org.onap.vid.aai.AaiResponse; +import org.onap.vid.aai.exceptions.RoleParsingException; +import org.onap.vid.model.ModelConstants; +import org.onap.vid.model.Subscriber; +import org.onap.vid.model.SubscriberList; +import org.onap.vid.services.AaiService; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; + +import javax.annotation.PostConstruct; +import javax.servlet.http.HttpServletRequest; +import java.util.*; + +//import org.codehaus.jackson.map.ObjectMapper; + +/** + * Created by Oren on 7/1/17. + */ + +@Component +public class RoleProvider { + + private static final EELFLoggerDelegate LOG = EELFLoggerDelegate.getLogger(RoleProvider.class); + final String readPermissionString = "read"; + SubscriberList subscribers; + ObjectMapper om = new ObjectMapper(); + @Autowired + private AaiService aaiService; + + public static List<String> extractRoleFromSession(HttpServletRequest request) { + + return new ArrayList<String>(); + + } + + @PostConstruct + public void init() { + LOG.debug(EELFLoggerDelegate.debugLogger, "Role provider => init method started"); + AaiResponse<SubscriberList> subscribersResponse = aaiService.getFullSubscriberList(); + subscribers = subscribersResponse.getT(); + LOG.debug(EELFLoggerDelegate.debugLogger, "Role provider => init method finished"); + } + + public List<Role> getUserRoles(HttpServletRequest request) throws JsonProcessingException { + String logPrefix = "Role Provider (" + UserUtils.getUserId(request) + ") ==>"; + + LOG.debug(EELFLoggerDelegate.debugLogger, logPrefix + "Entering to get user role for user " + UserUtils.getUserId(request)); + + List<Role> roleList = new ArrayList<>(); + HashMap roles = UserUtils.getRoles(request); + for (Object role : roles.keySet()) { + org.openecomp.portalsdk.core.domain.Role sdkRol = (org.openecomp.portalsdk.core.domain.Role) roles.get(role); + + LOG.debug(EELFLoggerDelegate.debugLogger, logPrefix + "Role " + sdkRol.getName() + " is being proccessed"); + try { + if (sdkRol.getName().contains(readPermissionString)) { + LOG.debug(EELFLoggerDelegate.debugLogger, logPrefix + " Role " + sdkRol.getName() + " contain " + readPermissionString); + + continue; + } + String[] roleParts = splitRole((sdkRol.getName()), logPrefix); + roleList.add(createRoleFromStringArr(roleParts, logPrefix)); + String msg = String.format(logPrefix + " User %s got permissions %s", UserUtils.getUserId(request), Arrays.toString(roleParts)); + LOG.debug(EELFLoggerDelegate.debugLogger, msg); + } catch (RoleParsingException e) { + LOG.error(logPrefix + " Failed to parse permission"); + + } + } + + return roleList; + } + + public String[] splitRole(String roleAsString, String logPrefix) { + LOG.debug(EELFLoggerDelegate.debugLogger, logPrefix + "Spliting role = " + roleAsString + "With delimeter = " + ModelConstants.ROLE_DELIMITER); + return roleAsString.split(ModelConstants.ROLE_DELIMITER); + } + + public boolean userPermissionIsReadOnly(List<Role> roles) { + + return (!(roles.size() > 0)); + } + + public boolean userPermissionIsReadLogs(List<Role> roles){ + for(Role role: roles){ + if(role.getServiceType().equals("LOGS")){ + if(role.getTenant().equals("PERMITTED")){ + return true; + } + } + } + return false; + } + + private String replaceSubscriberNameToGlobalCustomerID(String subscriberName, String logPrefix) throws JsonProcessingException { + if (subscribers == null) { + LOG.debug(EELFLoggerDelegate.debugLogger, "replaceSubscriberNameToGlobalCustomerID calling init method"); + init(); + } + LOG.debug(EELFLoggerDelegate.debugLogger, logPrefix + "subscribers list size is " + subscribers.customer.size() + " with the values " + om.writeValueAsString(subscribers.customer)); + LOG.debug(EELFLoggerDelegate.debugLogger, logPrefix + "subscribers list size is " + subscribers.customer.size() + " with the values " + om.writeValueAsString(subscribers.customer)); + + + Optional<Subscriber> s = subscribers.customer.stream().filter(x -> x.subscriberName.equals(subscriberName)).findFirst(); + //Fixing bug of logging "optional get" before isPresent + String replacement = s.isPresent() ? s.get().globalCustomerId : ""; + LOG.debug(EELFLoggerDelegate.debugLogger, logPrefix + "Subscribername " + subscriberName + " changed to " + replacement); + return replacement; + } + + public Role createRoleFromStringArr(String[] roleParts, String rolePrefix) throws JsonProcessingException, RoleParsingException { + String globalCustomerID = replaceSubscriberNameToGlobalCustomerID(roleParts[0], rolePrefix); + try { + if (roleParts.length > 2) { + return new Role(EcompRole.READ, globalCustomerID, roleParts[1], roleParts[2]); + } else { + return new Role(EcompRole.READ, globalCustomerID, roleParts[1], null); + } + } catch (ArrayIndexOutOfBoundsException e) { + if (roleParts.length > 0) + LOG.debug(EELFLoggerDelegate.debugLogger, "Could not parse role ", roleParts[0]); + else { + LOG.debug(EELFLoggerDelegate.debugLogger, "Got empty role, Could not parse it "); + + } + throw new RoleParsingException(); + } + + } + +} + diff --git a/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidator.java b/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidator.java new file mode 100644 index 000000000..f4f17facb --- /dev/null +++ b/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidator.java @@ -0,0 +1,57 @@ +package org.onap.vid.roles; + +import org.onap.vid.mso.rest.RequestDetails; + +import java.util.List; +import java.util.Map; + +/** + * Created by Oren on 7/12/17. + */ +public class RoleValidator { + + private List<Role> userRoles; + + public RoleValidator(List<Role> roles) { + this.userRoles = roles; + } + + public boolean isSubscriberPermitted(String subscriberName) { + for (Role role : userRoles) { + if (role.getSubscribeName().equals(subscriberName)) + return true; + } + return false; + } + + public boolean isServicePermitted(String subscriberName, String serviceType) { + for (Role role : userRoles) { + if (role.getSubscribeName().equals(subscriberName) && role.getServiceType().equals(serviceType)) + return true; + } + return false; + } + + public boolean isMsoRequestValid(RequestDetails mso_request) { + try { + String globalSubscriberIdRequested = (String) ((Map) ((Map) mso_request.getAdditionalProperties().get("requestDetails")).get("subscriberInfo")).get("globalSubscriberId"); + String serviceType = (String) ((Map) ((Map) mso_request.getAdditionalProperties().get("requestDetails")).get("requestParameters")).get("subscriptionServiceType"); + return isServicePermitted(globalSubscriberIdRequested, serviceType); + } catch (Exception e) { + //Until we'll get the exact information regarding the tenants and the global customer id, we'll return true on unknown requests to mso + return true; + } +// return false; + } + + public boolean isTenantPermitted(String globalCustomerId, String serviceType, String tenantName) { + for (Role role : userRoles) { + if (role.getSubscribeName().equals(globalCustomerId) + && role.getServiceType().equals(serviceType) + && (role.getTenant() == null || role.getTenant().equalsIgnoreCase(tenantName))) { + return true; + } + } + return false; + } +} |