From 9a86fc5f609066fb90587c7ccf4a2c340565d79c Mon Sep 17 00:00:00 2001
From: "Sonsino, Ofir (os0695)" <os0695@intl.att.com>
Date: Fri, 16 Nov 2018 15:01:29 +0200
Subject: Turn role management off by default

Change-Id: Ib8cf6d2a556c249f742ead7e628ae7039918c5c2
Issue-ID: VID-348
Signed-off-by: Sonsino, Ofir (os0695) <os0695@intl.att.com>
---
 docs/administration.rst                                        |  5 ++++-
 docs/configuration.rst                                         |  3 +++
 epsdk-app-onap/src/main/webapp/WEB-INF/conf/system.properties  |  2 ++
 .../src/main/webapp/WEB-INF/conf/system_template.properties    |  2 ++
 .../src/main/java/org/onap/vid/roles/RoleValidator.java        | 10 ++++++++++
 .../src/test/resources/WEB-INF/conf/system.properties          |  2 ++
 6 files changed, 23 insertions(+), 1 deletion(-)

diff --git a/docs/administration.rst b/docs/administration.rst
index 7227e702d..1eec480ce 100644
--- a/docs/administration.rst
+++ b/docs/administration.rst
@@ -23,4 +23,7 @@ Actions
   |  ``curl -X POST 'http://vid.api.simpledemo.onap.org:8080/vid/change-management/vnf_workflow_relation' -H 'Accept-Encoding: gzip, deflate' -H 'Content-Type:application/json' -d '{"workflowsDetails":[{"workflowName":"VNF In Place Software Update","vnfDetails":{"UUID":"X-X-X-X","invariantUUID":"Y-Y-Y-Y"}}, {"workflowName":"VNF Scale Out","vnfDetails":{"UUID":"X-X-X-X","invariantUUID":"Y-Y-Y-Y"}}]}'``
   
 - |  **VoLTE E2E services deployment support** 
-  |  VID supports VoLTE E2E services deployment. In order to trigger the E2E flow, the service category in the model (as SDC generates it) has to be set to "E2E Service".
\ No newline at end of file
+  |  VID supports VoLTE E2E services deployment. In order to trigger the E2E flow, the service category in the model (as SDC generates it) has to be set to "E2E Service".
+  
+- |  **Role management support** 
+  |  VID supports role management for its users with AAF integration. This feature is turned off by default. In order to activate it, update "role_management_activated" value in system.properties to "true".
\ No newline at end of file
diff --git a/docs/configuration.rst b/docs/configuration.rst
index 6357d5aac..ab757387c 100644
--- a/docs/configuration.rst
+++ b/docs/configuration.rst
@@ -18,6 +18,9 @@ system.properties file
 ``db.password``
   The password for the VID database
 
+``role_management_activated``
+  Role management activation flag, "false" by defauly. Change to "true" in order to activate this feature.
+  
 ``aai.server.url.base``
   Base URL for the A&AI server
 
diff --git a/epsdk-app-onap/src/main/webapp/WEB-INF/conf/system.properties b/epsdk-app-onap/src/main/webapp/WEB-INF/conf/system.properties
index 049ebf0dd..6dd885a43 100755
--- a/epsdk-app-onap/src/main/webapp/WEB-INF/conf/system.properties
+++ b/epsdk-app-onap/src/main/webapp/WEB-INF/conf/system.properties
@@ -106,6 +106,8 @@ decryption_key				  = AGLDdG4D04BKm2IxIWEr8o==
 element_map_file_path = app/fusionapp/files/
 element_map_icon_path = app/fusionapp/icons/
 
+role_management_activated = false
+
 #aai related properties
 #aai.server.url.base=https://aai.api.openecomp.org:8443/aai/
 #aai.server.url=https://aai.api.openecomp.org:8443/aai/v8/
diff --git a/epsdk-app-onap/src/main/webapp/WEB-INF/conf/system_template.properties b/epsdk-app-onap/src/main/webapp/WEB-INF/conf/system_template.properties
index 06a2e6b53..177a35770 100755
--- a/epsdk-app-onap/src/main/webapp/WEB-INF/conf/system_template.properties
+++ b/epsdk-app-onap/src/main/webapp/WEB-INF/conf/system_template.properties
@@ -63,6 +63,8 @@ decryption_key = ${VID_DECRYPTION_KEY}
 element_map_file_path = /tmp
 element_map_icon_path = app/vid/icons/
 
+role_management_activated = false
+
 #aai related properties
 aai.server.url.base=https://${VID_AAI_HOST}:${VID_AAI_PORT}/aai/
 aai.server.url=https://${VID_AAI_HOST}:${VID_AAI_PORT}/aai/v13/
diff --git a/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidator.java b/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidator.java
index f4f17facb..7ac5708ee 100644
--- a/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidator.java
+++ b/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidator.java
@@ -1,5 +1,6 @@
 package org.onap.vid.roles;
 
+import org.onap.portalsdk.core.util.SystemProperties;
 import org.onap.vid.mso.rest.RequestDetails;
 
 import java.util.List;
@@ -10,6 +11,7 @@ import java.util.Map;
  */
 public class RoleValidator {
 
+    private boolean disableRoles = SystemProperties.getProperty("role_management_activated") == "false";
     private List<Role> userRoles;
 
     public RoleValidator(List<Role> roles) {
@@ -17,6 +19,8 @@ public class RoleValidator {
     }
 
     public boolean isSubscriberPermitted(String subscriberName) {
+        if(this.disableRoles) return true;
+        
         for (Role role : userRoles) {
             if (role.getSubscribeName().equals(subscriberName))
                 return true;
@@ -25,6 +29,8 @@ public class RoleValidator {
     }
 
     public boolean isServicePermitted(String subscriberName, String serviceType) {
+        if(this.disableRoles) return true;
+        
         for (Role role : userRoles) {
             if (role.getSubscribeName().equals(subscriberName) && role.getServiceType().equals(serviceType))
                 return true;
@@ -33,6 +39,8 @@ public class RoleValidator {
     }
 
     public boolean isMsoRequestValid(RequestDetails mso_request) {
+        if(this.disableRoles) return true;
+        
         try {
             String globalSubscriberIdRequested = (String) ((Map) ((Map) mso_request.getAdditionalProperties().get("requestDetails")).get("subscriberInfo")).get("globalSubscriberId");
             String serviceType = (String) ((Map) ((Map) mso_request.getAdditionalProperties().get("requestDetails")).get("requestParameters")).get("subscriptionServiceType");
@@ -45,6 +53,8 @@ public class RoleValidator {
     }
 
     public boolean isTenantPermitted(String globalCustomerId, String serviceType, String tenantName) {
+        if(this.disableRoles) return true;
+        
         for (Role role : userRoles) {
             if (role.getSubscribeName().equals(globalCustomerId)
                     && role.getServiceType().equals(serviceType)
diff --git a/vid-app-common/src/test/resources/WEB-INF/conf/system.properties b/vid-app-common/src/test/resources/WEB-INF/conf/system.properties
index 6a8a1a37a..f9d510a78 100644
--- a/vid-app-common/src/test/resources/WEB-INF/conf/system.properties
+++ b/vid-app-common/src/test/resources/WEB-INF/conf/system.properties
@@ -71,6 +71,8 @@ application_name              = Virtual Infrastructure Deployment
 element_map_file_path = app/fusionapp/files/
 element_map_icon_path = app/fusionapp/icons/
 
+role_management_activated = false
+
 #aai related properties
 #dev server
 #ist servers
-- 
cgit 1.2.3-korg