From fa9080bc0e2be3198aebbe1da20af73ed91376ce Mon Sep 17 00:00:00 2001
From: "Sonsino, Ofir (os0695)" <os0695@intl.att.com>
Date: Fri, 16 Nov 2018 15:01:29 +0200
Subject: Turn role management off by default

(cherrypicked from casablanca)

Change-Id: Id8611389b80c3a693c989ce3421f08435ad05d2f
Issue-ID: VID-448
Signed-off-by: Wojciech Sliwka <wojciech.sliwka@nokia.com>
Signed-off-by: Ittay Stern <ittay.stern@att.com>
---
 .../src/main/webapp/WEB-INF/conf/system.properties |  4 +-
 .../webapp/WEB-INF/conf/system_template.properties |  2 +
 .../java/org/onap/vid/roles/RoleValidator.java     | 47 ++++++++++++++--------
 .../test/resources/WEB-INF/conf/system.properties  |  2 +
 4 files changed, 37 insertions(+), 18 deletions(-)

diff --git a/epsdk-app-onap/src/main/webapp/WEB-INF/conf/system.properties b/epsdk-app-onap/src/main/webapp/WEB-INF/conf/system.properties
index 1d0a45522..eaaf019ed 100755
--- a/epsdk-app-onap/src/main/webapp/WEB-INF/conf/system.properties
+++ b/epsdk-app-onap/src/main/webapp/WEB-INF/conf/system.properties
@@ -107,6 +107,8 @@ decryption_key				  = AGLDdG4D04BKm2IxIWEr8o==
 element_map_file_path = app/fusionapp/files/
 element_map_icon_path = app/fusionapp/icons/
 
+role_management_activated = false
+
 #aai related properties
 #aai.server.url.base=https://aai.api.openecomp.org:8443/aai/
 #aai.server.url=https://aai.api.openecomp.org:8443/aai/v8/
@@ -206,4 +208,4 @@ scheduler.get.time.slots=/v1/ChangeManagement/schedules/
 scheduler.server.url=http://BYO.scheduler:8989/scheduler
 
 scheduler.submit.new.vnf.change=/v1/ChangeManagement/schedules/{scheduleId}/approvals
-scheduler.get.schedules=/v1/ChangeManagement/schedules/scheduleDetails/
\ No newline at end of file
+scheduler.get.schedules=/v1/ChangeManagement/schedules/scheduleDetails/
diff --git a/epsdk-app-onap/src/main/webapp/WEB-INF/conf/system_template.properties b/epsdk-app-onap/src/main/webapp/WEB-INF/conf/system_template.properties
index 5668b785b..9ab9d77e6 100755
--- a/epsdk-app-onap/src/main/webapp/WEB-INF/conf/system_template.properties
+++ b/epsdk-app-onap/src/main/webapp/WEB-INF/conf/system_template.properties
@@ -64,6 +64,8 @@ decryption_key = ${VID_DECRYPTION_KEY}
 element_map_file_path = /tmp
 element_map_icon_path = app/vid/icons/
 
+role_management_activated = false
+
 #aai related properties
 aai.server.url.base=${VID_AAI_URL}/aai/
 aai.server.url=${VID_AAI_URL}/aai/v13/
diff --git a/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidator.java b/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidator.java
index 315e22dd7..4b92b6413 100644
--- a/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidator.java
+++ b/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidator.java
@@ -7,9 +7,9 @@
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
- * 
+ *
  *      http://www.apache.org/licenses/LICENSE-2.0
- * 
+ *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -20,49 +20,60 @@
 
 package org.onap.vid.roles;
 
-import org.onap.vid.mso.rest.RequestDetails;
-
 import java.util.List;
 import java.util.Map;
+import org.onap.portalsdk.core.util.SystemProperties;
+import org.onap.vid.mso.rest.RequestDetails;
 
 /**
  * Created by Oren on 7/12/17.
  */
 public class RoleValidator {
 
-    private boolean disableRoles = true;
-    private List<Role> userRoles;
+    private boolean disableRoles;
+    private final List<Role> userRoles;
 
     public RoleValidator(List<Role> roles) {
         this.userRoles = roles;
+        disableRoles = SystemProperties.getProperty("role_management_activated").equals("false");
     }
 
     public boolean isSubscriberPermitted(String subscriberName) {
-        if (this.disableRoles) return true;
+        if (this.disableRoles) {
+            return true;
+        }
 
         for (Role role : userRoles) {
-            if (role.getSubscribeName().equals(subscriberName))
+            if (role.getSubscribeName().equals(subscriberName)) {
                 return true;
+            }
         }
         return false;
     }
 
     public boolean isServicePermitted(String subscriberName, String serviceType) {
-        if (this.disableRoles) return true;
+        if (this.disableRoles) {
+            return true;
+        }
 
         for (Role role : userRoles) {
-            if (role.getSubscribeName().equals(subscriberName) && role.getServiceType().equals(serviceType))
+            if (role.getSubscribeName().equals(subscriberName) && role.getServiceType().equals(serviceType)) {
                 return true;
+            }
         }
         return false;
     }
 
-    public boolean isMsoRequestValid(RequestDetails mso_request) {
-        if (this.disableRoles) return true;
+    boolean isMsoRequestValid(RequestDetails msoRequest) {
+        if (this.disableRoles) {
+            return true;
+        }
 
         try {
-            String globalSubscriberIdRequested = (String) ((Map) ((Map) mso_request.getAdditionalProperties().get("requestDetails")).get("subscriberInfo")).get("globalSubscriberId");
-            String serviceType = (String) ((Map) ((Map) mso_request.getAdditionalProperties().get("requestDetails")).get("requestParameters")).get("subscriptionServiceType");
+            String globalSubscriberIdRequested = (String) ((Map) ((Map) msoRequest.getAdditionalProperties()
+                .get("requestDetails")).get("subscriberInfo")).get("globalSubscriberId");
+            String serviceType = (String) ((Map) ((Map) msoRequest.getAdditionalProperties().get("requestDetails"))
+                .get("requestParameters")).get("subscriptionServiceType");
             return isServicePermitted(globalSubscriberIdRequested, serviceType);
         } catch (Exception e) {
             //Until we'll get the exact information regarding the tenants and the global customer id, we'll return true on unknown requests to mso
@@ -71,12 +82,14 @@ public class RoleValidator {
     }
 
     public boolean isTenantPermitted(String globalCustomerId, String serviceType, String tenantName) {
-        if (this.disableRoles) return true;
+        if (this.disableRoles) {
+            return true;
+        }
 
         for (Role role : userRoles) {
             if (role.getSubscribeName().equals(globalCustomerId)
-                    && role.getServiceType().equals(serviceType)
-                    && (role.getTenant() == null || role.getTenant().equalsIgnoreCase(tenantName))) {
+                && role.getServiceType().equals(serviceType)
+                && (role.getTenant() == null || role.getTenant().equalsIgnoreCase(tenantName))) {
                 return true;
             }
         }
diff --git a/vid-app-common/src/test/resources/WEB-INF/conf/system.properties b/vid-app-common/src/test/resources/WEB-INF/conf/system.properties
index 6f19eb31e..208155b53 100644
--- a/vid-app-common/src/test/resources/WEB-INF/conf/system.properties
+++ b/vid-app-common/src/test/resources/WEB-INF/conf/system.properties
@@ -71,6 +71,8 @@ application_name              = Virtual Infrastructure Deployment
 element_map_file_path = app/fusionapp/files/
 element_map_icon_path = app/fusionapp/icons/
 
+role_management_activated = false
+
 #aai related properties
 #dev server
 #ist servers
-- 
cgit 1.2.3-korg