diff options
137 files changed, 8770 insertions, 5711 deletions
@@ -1,8 +1,17 @@ /.idea/* +*.iml +*/*.iml /.project +**/.project +**/requirements.lock /.settings /dmaapbc /sdk /target/*/*.* /target/* /ecomp-portal-BE-common/jacoco.exec +kubernetes/.classpath +kubernetes/.settings +kubernetes/.classpath/* +kubernetes/.settings/* +ecomp-portal-FE-att/client/bower*
\ No newline at end of file @@ -41,5 +41,10 @@ committers: company: 'ATT' id: 'st782s' timezone: 'America/New_York' + - name: 'Lorraine A Welch' + email: 'lb2391@att.com' + company: 'ATT' + id: 'lorraineawelch' + timezone: 'America/New_York' tsc: approval: 'https://lists.onap.org/pipermail/onap-tsc' diff --git a/deliveries/.env b/deliveries/.env index 898e9a40..babd90e8 100644 --- a/deliveries/.env +++ b/deliveries/.env @@ -2,13 +2,37 @@ # used by docker-compose AND by other shell scripts # The name ".env" is required by docker-compose +# Dockerfile names. To skip building one or more docker images, +# change dockerfile name to "skip" +PORTAL_DOCKERFILE=Dockerfile.portal +SDK_DOCKERFILE=Dockerfile.sdk +DB_DOCKERFILE=Dockerfile.mariadb +WMS_DOCKERFILE=Dockerfile.wms +# These are FE only and BE only docker images. Change to Dockerfile.fe and Dockerfile.be to enable. +FE_DOCKERFILE=skip +BE_DOCKERFILE=skip + +# Relative directories and filenames for builds +SDK_APP_DIR=sdk/ecomp-sdk/epsdk-app-os +SDK_WAR_DIR=sdk/ecomp-sdk/epsdk-app-os/target +SDK_WAR_FILE=epsdk-app-os.war +BE_WAR_DIR=ecomp-portal-BE-os/target +BE_WAR_FILE=portal-be-os.war +FE_DIR=ecomp-portal-FE-os/dist/public +WIDGET_MS_JAR_DIR=ecomp-portal-widget-ms/widget-ms/target +WIDGET_MS_JAR_FILE=widget-ms.jar + # Following are ALSO used in demo/boot/portal_vm_init.sh EP_IMG_NAME=onap/portal-app SDK_IMG_NAME=onap/portal-sdk +FE_IMG_NAME=onap/portal-fe +BE_IMG_NAME=onap/portal-be DB_IMG_NAME=onap/portal-db +WMS_IMG_NAME=onap/portal-wms + CDR_IMG_NAME=onap/music/cassandra_music ZK_IMG_NAME=zookeeper -WMS_IMG_NAME=onap/portal-wms + # Deployed with portal; built elsewhere CLI_IMG_NAME=onap/cli @@ -29,9 +53,9 @@ TOMCAT_KEY=keystoreONAP.keystore TOMCAT_TRUST=truststoreONAPall.jks CERT_PWD=changeit - # Required settings with default values. # Export shell environment variables on ALL hosts. +SERVER_XML_DIR=. LOGS_DIR=./logs PROPS_DIR=./properties_simpledemo @@ -43,3 +67,11 @@ EXTRA_HOST_NAME="" # For example: #EXTRA_HOST_IP="-i 10.11.12.13" #EXTRA_HOST_NAME="-n portal.api.simpledemo.onap.org" + +#Portal Context +PORTALCONTEXT=ONAPPORTAL +FECONTEXT=ONAPPORTAL +SDKCONTEXT=ONAPPORTALSDK + +#Nexus repository for os_docker_base/push/release scripts +NEXUS_REPO=nexus3.onap.org:10003 diff --git a/deliveries/Apps_Users_OnBoarding_Script.sql b/deliveries/Apps_Users_OnBoarding_Script.sql index d1c7b524..8cb05624 100644 --- a/deliveries/Apps_Users_OnBoarding_Script.sql +++ b/deliveries/Apps_Users_OnBoarding_Script.sql @@ -8,10 +8,10 @@ SET FOREIGN_KEY_CHECKS=1; INSERT INTO `fn_app` (`app_id`, `app_name`, `app_image_url`, `app_description`, `app_notes`, `app_url`, `app_alternate_url`, `app_rest_endpoint`, `ml_app_name`, `ml_app_admin_id`, `mots_id`, `app_password`, `open`, `enabled`, `thumbnail`, `app_username`, `ueb_key`, `ueb_secret`, `ueb_topic_name`, `app_type`,`auth_central`,`auth_namespace`) VALUES (2, 'xDemo App', 'images/cache/portal-222865671_37476.png', NULL, NULL, 'http://portal.api.simpledemo.onap.org:8990/ONAPPORTALSDK/welcome.htm', NULL, 'http://portal.api.simpledemo.onap.org:8990/ONAPPORTALSDK/api/v2', '', '', NULL, '2VxipM8Z3SETg32m3Gp0FvKS6zZ2uCbCw46WDyK6T5E=', 'N', 'Y', NULL, 'Default', 'ueb_key', 'ueb_secret', 'ECOMP-PORTAL-OUTBOX', 1,'N',NULL), (3, 'DMaaP Bus Ctrl', 'images/cache/portal944583064_80711.png', NULL, NULL, 'http://portal.api.simpledemo.onap.org:8989/ECOMPDBCAPP/dbc#/dmaap', NULL, 'http://portal.api.simpledemo.onap.org:8989/ECOMPDBCAPP/api/v2', '', '', NULL, 'okYTaDrhzibcbGVq5mjkVQ==', 'N', 'N', NULL, 'Default', 'ueb_key', 'ueb_secret', 'ECOMP-PORTAL-OUTBOX', 1,'N',NULL), -(4, 'SDC', 'images/cache/portal956868231_53879.png', NULL, NULL, 'http://sdc.api.simpledemo.onap.org:8181/sdc1/portal', NULL, 'http://sdc.api.simpledemo.onap.org:8080/api/v3', '', '', NULL, 'j85yNhyIs7zKYbR1VlwEfNhS6b7Om4l0Gx5O8931sCI=', 'N', 'Y', NULL, 'sdc', 'ueb_key', 'ueb_secret', 'ECOMP-PORTAL-OUTBOX', 1,'N',NULL), -(5, 'Policy', 'images/cache/portal1470452815_67021.png', NULL, NULL, 'http://policy.api.simpledemo.onap.org:8443/onap/policy', NULL, 'http://policy.api.simpledemo.onap.org:8443/onap/api/v2', '', '', NULL, '2VxipM8Z3SETg32m3Gp0FvKS6zZ2uCbCw46WDyK6T5E', 'N', 'Y', NULL, 'Default', 'ueb_key_5', 'ueb_secret', 'ECOMP-PORTAL-OUTBOX', 1,'N',NULL), -(6, 'Virtual Infrastructure Deployment', 'images/cache/portal-345993588_92550.png', NULL, NULL, 'https://vid.api.simpledemo.onap.org:8443/vid/welcome.htm', NULL, 'http://vid.api.simpledemo.onap.org:8080/vid/api/v2', '', '', NULL, '2VxipM8Z3SETg32m3Gp0FvKS6zZ2uCbCw46WDyK6T5E', 'N', 'Y', NULL, 'Default', '2Re7Pvdkgw5aeAUD', 'S31PrbOzGgL4hg4owgtx47Da', 'ECOMP-PORTAL-OUTBOX-90', 1,'N',NULL), -(7, 'A&AI UI', 'images/cache/portal-345993588_92550.png', NULL, NULL, 'http://aai.api.simpledemo.onap.org:9517/services/aai/webapp/index.html#/viewInspect', NULL, 'http://aai.api.simpledemo.onap.org:9517/api/v2', '', '', NULL, '4LK69amiIFtuzcl6Gsv97Tt7MLhzo03aoOx7dTvdjKQ=', 'N', 'Y', NULL, 'aaiui', 'ueb_key', 'ueb_secret', 'ECOMP-PORTAL-OUTBOX', 1,'N',NULL), +(4, 'SDC', 'images/cache/portal956868231_53879.png', NULL, NULL, 'http://sdc.api.simpledemo.onap.org:8181/sdc1/portal', NULL, 'http://sdc.api.simpledemo.onap.org:8080/api/v2', '', '', NULL, 'j85yNhyIs7zKYbR1VlwEfNhS6b7Om4l0Gx5O8931sCI=', 'N', 'Y', NULL, 'Default', 'ueb_key', 'ueb_secret', 'ECOMP-PORTAL-OUTBOX', 1,'N',NULL), +(5, 'Policy', 'images/cache/portal1470452815_67021.png', NULL, NULL, 'http://policy.api.simpledemo.onap.org:8443/onap/policy', NULL, 'http://policy.api.simpledemo.onap.org:8443/onap/api/v2', '', '', NULL, 'okYTaDrhzibcbGVq5mjkVQ==', 'N', 'Y', NULL, 'Default', 'ueb_key', 'ueb_secret', 'ECOMP-PORTAL-OUTBOX', 1,'N',NULL), +(6, 'Virtual Infrastructure Deployment', 'images/cache/portal-345993588_92550.png', NULL, NULL, 'https://vid.api.simpledemo.onap.org:8443/vid/welcome.htm', NULL, 'https://vid.api.simpledemo.onap.org:8443/vid/api/v2', '', '', NULL, 'okYTaDrhzibcbGVq5mjkVQ==', 'N', 'Y', NULL, 'Default', '2Re7Pvdkgw5aeAUD', 'S31PrbOzGgL4hg4owgtx47Da', 'ECOMP-PORTAL-OUTBOX-90', 1,'N',NULL), +(7, 'A&AI UI', 'images/cache/portal-345993588_92550.png', NULL, NULL, 'http://aai.api.simpledemo.onap.org:9517/services/aai/webapp/index.html#/viewInspect', NULL, 'http://aai.api.simpledemo.onap.org:9517/api/v2', '', '', NULL, 't1oqm6wCXrGUXUSL8mS7pQ==', 'N', 'Y', NULL, 'aaiui', 'ueb_key', 'ueb_secret', 'ECOMP-PORTAL-OUTBOX', 1,'N',NULL), (8, 'CLI', 'images/cache/portal-345993588_92550.png', NULL, NULL, 'http://portal.api.simpledemo.onap.org:8080/', NULL, NULL, '', '', NULL, '', 'Y', 'Y', NULL, '', '', '', '', 1,'N',NULL), (9, 'MSB', 'images/cache/portal-345993588_92550.png', NULL, NULL, 'http://msb.api.simpledemo.onap.org:80/iui/microservices/default.html', NULL, NULL, '', '', NULL, '', 'Y', 'Y', NULL, '', '', '', '', 2,'N',NULL), (11, 'LF Acumos Marketplace', 'images/cache/portal_907838932_26954.png', NULL, NULL, 'https://marketplace.acumos.org/#/home', NULL, NULL, '', '', NULL, '', 'Y', 'Y', NULL, '', '', '', '', 2,'N',NULL); @@ -21,11 +21,14 @@ INSERT INTO `fn_app` (`app_id`, `app_name`, `app_image_url`, `app_description`, -- add Acumos thumbnail UPDATE`fn_app`SET`thumbnail`=0x89504E470D0A1A0A0000000D494844520000010D0000004408060000009B326018000000017352474200AECE1CE90000000467414D410000B18F0BFC6105000000097048597300000EC400000EC401952B0E1B000051D749444154785EED7D07605555D6F54AEFBDF742120221F41E7A930E0A2A36D451B18E7DFC6C63EF3ACE388EBD6043054511A448EFBD844012D27BEFBD27FF5EFBBD28202558E67766B2E0E625EFB673CB5E67ED7DF639C7A443803F289A9BDB50515E8F152BE2B07A6D124C4C4DE0E06085871F9A0467672B242695A0ADDD048BBF3884E69676B8B8D962D8207F0C1FE887A8084F24A69600268087AB9D2CB63031913FBAD18D6EFC2AFC7F278DC2FC2AC41F2F4479692D2CADCD919F5B0D5F7F27F48EF6C5FAB509D8B93B0BA56575B077B4468B10C3002185E8DEDE58BE2A1E0E7696080E71C5965DE9B07790F56D406D630B5AE592AEBA241A3985B5D8B43713013E8E1814ED8388101739A329C2839CD13FD2D350806E74A31B1784FF6FA471707726962CDE8F92E21A2585BBFE321EC34787E2F18757A3674F2F9C482E415646194C2DCC6061618EC6D636F8783BE1A69B87E3B3250771F0483EEEBF672C3E5A72081DA6663033073ACC4CE507D0C2A5AD1D174F8BC489CC0A1C8C2B8095ADA5F085095ADADB10E2EB84293121F074B3C194E1C1C61275A31BDDE80AFEADA4D12A522023A504AFBFB811B107F2E02C465B5BDB8C19F3FBE1BE4726EB36CDB2CDE5733ED46D69E8266626686BEB40B390C05F1F9D821DBB32F0FDDA440C1D120467576BECDA93250AC502EDE27A989ACBB67239266666FA49A2B9624E1F1C4E2844625AB91CCF02AD72ACB0205704F9D8E3D3D589880872C193B78E44DF080F3D7F37BAD18D7343AAE6DF1759A92538B8331DFF7A76039EB9F73B3C74F357488E2F4280B8080162BC93A6F746700F77E3D6404E6639AAAB1B6069694E6140E180CAAA465CBB70308A44956CDB960A7B714B7CBCEC91935D095321156E632A3FDB4918F20779D054AECC4294C7722198FE3D3D1112E084E6A656D9B203365666B2AD097C3DEC515AD18067DFDF8BC389C5D87630475C20F171BAD18D6E9C15664F088CBFFF66686D6EC3C615C7F1CE4B9B4425B4E3BD57B6E2C89E0CE48991F78CF6C6806181E83F34182EEE7628CCADC4FEDD194200E5B016C5B0757332FAF4F545427C21CCC5E8EBEA5B3054B69F32B5279E7AEA079889AB626F6F891E611E481443178610C63085528709DD13611A3287280F33F9BEADBD0369D9559838320825E50DA8AC6D52F78401D29CC26A580939719BB6D60EFCE3B343D8775C084D088984D28D6E74E3E7F85D94464D5503CA4BAA111EE585CDDFC5C3D1C91A73AE1E827B9F9A0EDF405714E455E3DB2507B0EEDB38A48B12A14BB272D951EC1215B172591CEA6B9A71DB9DA34519B4C04388E5A2A99178F491756AE02489800017716B1A505BD748DB97A55D7F76B4B70B6F1874877E25DB9A8B5C696C6EC5EAADE9983C32183616E2CAC8AACADA46833221C7D0B591ED6C6DCC91955F855B9EDA886D877265AB6E74A31BA7E3778D6964A79562C95BBBE0EBE78CF8B83C242714C1CCDC1466A220CCADCDD121864AA36D1745D0DED20107676BF419E087E5CB6231624C18EEB8670C7C7D9CF0FE7B7BF1CD3747E1EC6A8792D25ADC7DCF587CF6C5117525CCCDCD657F03515068B4CBF13AC465818919AF4E8F4D57A54A148BAD9D05AE9E1D8DE89EEE2815D5F1F83BBB61696E8656F15AE64EEC818D7BB3515A590F37671B0CE8E981876E18063B1B0BC3C574A31BDD50FCA64AA3AEA6D1F89B01813DDC917EA2108BFFB90D19C9C5B013B7C2D6C61216E286988A410B65A82230E96817B7C314B9D915080C71839D9D158E1ECA868DAD052CACCC30615218EAEB5A9095550E7F21A0CCCC72545634A83A686B6B13C26947B3587E93B8450DCDED528E6654563608C1D4A1A0A81AC5A58D701542F2F3B4C7F4B1A1880EF7C0787179E68C0FD37D064779E2C68BFBE09EAB07E0A2114118D4CB03E5D54D4817D7A91BDDE8C6A9F8554AA3BDAD1DA50535D8BF351947F765236A4000D62F3F8A1B1F9D2CC6EF8A7D5B528420CC912A0AE3D8A11C5494D5A343C8C2C2C2523EDBD101337527DACD4415886BD1D8D486E8817EDAA272FC7821264C8D40AFDEBED8B02E11B32FE98BB008778486BAE39147D6E0E0915CB8B8DA6A1CC4D28A8B1C43140609C743C8C1DBD3019E1E767075B245634B2BF28A6B909255851BE747CB3A43BCE2D977F748194CB070566F04FA38EA77052535C8C8AB4589B85835428225423E61FECE18290AC84DDCAC6E74E37F1DBF9834F2324A11BB3303C7850C18836453C7F6EFE331686C0F210A4B34D43521490C7FD2DC3E6896DA9F6E4987FC4B4F2A467A6AA9A80E2B3172C377A6421A8C2FB4B677C02FD0052E1EF6D8B92D0DD3E74623E158018E1D2FC082AB07E3EE7BC7EAB95B455D3CF6F8063838580A5998CB37A259E4FC248DBAFA6694890A2912822A1157A356DC121373463D4C34DFE396AB07C2C949CE2D0AE799F7F68942E9C0B0BEDE78EECE51F866630A36EDCF4190B783B6CA3434B6C2CFCB1EF72F1CACE7ED4637BAF10B5B4FF2C43D483A9287A37BB3509A5F8D82AC0AA4C717C1D1CD0EA3A6F4C2F6B509E839C01F1525B5C84B2F478F282FA42516A140DC8F7E4383316058104E08193436B4AA719A98507188D10B5A5BDBE01BE08ADCCC32F41F1C80C2C26A3489F13258397D666FDD265548870961B1B105881342C9C8AC405A7A2952A55C39B955281375C0E42E4BB6B4385AC1C6CA12E6421C57CE89C2CE43F958B53515FE5E0EC82DAA858D28A176718F2AC5A5F97455BC0665738A6A905520D75552872BA74522C4CF49CF7B5814934F77AB4A37FEC771C1A4919F5186D59F1DC4CAC507909F5E863A632B04839AA3A7F5C291BD99A8AD6A847FB02B6A6B9A502D069C23063D767A14F2B24BB16753AAB8297598B770089CDCAC5155DE246E40931CD9A038D844EBE5EB888A8A460487B9232DA5144D0D2D98785124BEFD260E8D8D2D78E7ED3DEABE4C9A180E5F712B68E8241636B1527958989B69BC8344441DD5D8D48A9821816810923A9258289E503B22A47CCDADEDC828A8C2A59323B0799F2826E12D531353398E09A2C40D9A363A04EF7E7D0CF58D4DC82DAE45627A051EFEE72E38DA5B2032C4CD7043FECD484F4F47515109CA2BCA51525A8ABABA7A383B1B48AD1BDD381D35627F6952515695D6A1BCA0064599557016F5CCC688AE808E48E29E6C146654222FA904D6F69617E69E241ECEC1130B3F1735D00E7B91F8CC99606442BC0538B9DAA0F7D020ECDD9484E6A6360C1917266AA11C456294B4DC167103E6888B117F24178971F9AA307A0D0C44786F4F0D5A1E3D948B8AF23A315C33F41DE48FCAAA06F48EF6C1DAD509983AB30FF2F32AB17D7B3A1A8520DE7C6B3EEEB9F73B58D95868BE464888AB2809536489CA484A2B81B98519CC2CCDE59CEDA86F6E4564B827860DF4C7D2D5F13057774688A4A51DF75E3F148FBDB113B72D18802FD69D1032E980BBB30D068B32AAAD6FC57E51316CAE8D94E3975736C2CED60243FAF860E59654FCF5E6E188E9EFA7C7FA77A1AABA1AB7DF719794A54AAED70C2D52B6007F3FBCFBF6BF8C5B74A31BA762C9939BF1F1131BE1225E80982A8ACA2BB1F8E87D081197BC2B6066F69F7ABC8AAAE27A5434D5E2910F1674BDF5A4A2B806FFBCFF3B357647210833062F850C5833D78981470F0B46767231DA9A8546C4F8E84EB0C6679E9585F61F31C3FA15C7101EE58D9E7D7D5401A4C4E763CDD77128CAADC678511293448D58DB98225D8E13262A836C16DDD7175555F538723817F6F656183E2C5093BF7AF7F28295A5190A0A2AB1735726E2C4DD610BC96C513BE13DDC515FD3027F512C7D7A0A610CF0C39ACD295A16930EBA432668686A41AAB84B93C4553A72A244FE6EC55021A9182197A32965D829E446E5C126597B21272F775BA464552253C86BEAA810DCF7CA367CBE26D17073FE4D484FCF40756DAD90A2B9DE7F0B21C6CAEA2AE4648B4AEA4637CE80836B93606B632DCA9BFDB3E49D811992F6753D07898A9DEADD5AD4B5B5ECCD0AB9CBA4B14C6AE48AA23A58DB592963197E98A059DC054F7F6771356C912A866B2E86CC55861805C39C063010DA2A35E3C6157188EAEF8F3031FA56A9ED2D8484524F1461D5D223C813A39C3AA72FAEB969246EBD672C6EBC7524C27B7A61DBA614588B8190A7AEB86AB09245CCA8505538E6723318AFA8AA6EC4814379DA2BD65A2EF2963F0DC67BAFCEC11BCFCF10C337415E41B5121E6326CCEFA04B532F6ECF8BF78DC590686F5C3A25920D381AEF2816F7C9C64A6E2F133CE41A790D24391B6B33511F4568927D678DED81E73ED8872FD69CD0EBFB7720AFA040DD370B7323695858A05648242D33D3B84537BA712AF2922A602D0A99F6672A2E899D8D0DF67C7B21EFAC89DA0DED598EA079555D228DF48442EC58190F4B1BB28C9108E4477B7B1B3AE40833AF1A88AFDED90D3B472B35311EB8435E6EF57CD4E2E4D4F2BB419D9862F597471035C01F3DA37C34186A618C43241ECFC3CA2F631112E6AAB5285B3B7CFD1C515FDB2C46DE8AFEB24F546F2F9E1DE3C6F5808BB315DAC405A172A08B66656586868666ACDB90AC01CE4E8C1911848B64FB61E24E0CECE38D3E111E1810E98587160DD7F5D7CEEA8D84F412EC1275C1E0A9A5B02955462778CD3C07FFD94859576E4D839790E4D491C178FE83FD2828A9356EF9FB8171A3B4D474BDA72C0BC1CF367906054226DDE8C6E9488BCD47637DB3D8DD4F66CEE127B2C49E7F0DBA441A6B3E3E8086DA4635640365C84B2BFF5B5B3A10D9CF1FC70FE648ED4F16922FD53581760E63A733F15594343AC42DE0BE06C633C1C695C7111CEE8E883EBE68A8695426B31515D3D6DA8A7D3B33F4BC3C46B528883113C25059D1881917472361733ABE7C6E2B02029C1112EA8626512F3421AA045E0CF7099675B572B30A8A6BD1246EC8079FC7E2D0D13CA46694A1B8B4566E648B2A0DF639518821E617D769CCC2688FA7C2F825B7A65C73B4B5C4C7AB12B4235C94B851EF7F7B4CD7FF9E686C6840764E8E14C55066067309733373A4A6A58B826267BC5F86D2B2721C8F4F405CDC71A4A4A619BF3D376A6AEB909B9B2F845588A2A2626D81EA0A2A2A2A919F5F8002594A4B4B8DDF1A617C1C67425171313233B3905F58A0EE6F5751585884CCAC6C3DE7AF459DA8BAE494541C8D3BA69F3535BFAEB2A895FD4F2425EBBD4FCFC8D0BCA7DF12E9B185686E6E517BEB7C5F482035E50D28C9ADD2BF7F09BA14089DEEFD28BC825C55DEB00F28E3027CC2ACFD46CDE885C3DB33505FDF045331AE0E133331E416F4ECE7AB599EF187F345013065DCF0A2B38584BBD34D6017F68BE6F5D5CE6C69C92586B13398013AAD0F32334A515C5CA3B189B03E5E181113825917F7C513B33E959B51808F33EE475C6201EEB97B259C5D6DF5980CC07AFB3A62D28470AC589D48FEC29851C158B12E093636426062F0ADCC3597B25709A98C1E1288BBAE1BA22FE15FFEBE0D85A5F5E2FF9D9A36CE817FFAF52439B5235148874A8460F9A9662E9D128135DB33B1E485E9FAFDEF85FCC2423CF0E0C342A2B55A067D09E47EF3A5F0F1F6C2DF5F7E11F60E17D61CBC69F3567CBBE23B949697CBF3AB5715C3B47C6727470C1F3E14575F7105ECECEC8C5B9F8AE5DFACC0DBEF7F0027074778C9F99F7FFA49383A3A18D79E1D7FFBFB6BD8BE63973C810EF4EAD51B2F3EFBA4710DB0E09AEBE4FEDBA0AAAA0A77DE7E0B468F1A854F967C8E6DDB7748F91A9418593E2B2B4B840405E3F65B6F86A7E7CF8734A8936B79F783C5883B7A4C5CD07AC37EF2AED9D8DA62C4D0A1B8FCF2F9728D5D6F714A494DC5871F7E82ACDC6C51B28D72CF9BA542B494725821223C0CB7DF7233BCBCBA3EA8D3B1F8447CF8F147282E2CD6B2F259D2D5B4B1B6469F3E5172BC9BE020F7F5D7E2ADBB5663CD5BFBE1E06A2395B229DAE59DA50D971556E3E9D50B31647A4FE39667477B5B076E897A0DD5ECEC595287073E9D7F6EA5D12086F5C683AB60EF6CA3014FC801CC483152DBD5D736A1F7E0409497D6A1A2A446D7EB2A13210659DF202E859DAD35CF4A7A817C6DD88635921C877EB954F5F8F6A3FD881A148879D70CC6F5778CC6B44BFA234708E3C4B17CD456376B3F921D9B92111AE18E385119C7B6666A6C65F9ABBBD02FDA0F11F27D436D0B5AEA5BD1A7B73762860663F98A63A8AD6B4249592DECACE56188E2618F59AA040B59AC84CCE86A4489D2197BF5122CF93E01D7CE8ED2DEAD4CE8D20B3905244983DAE8045B2FAAEB5AB0646D12E64D0A47A5361BFF7E28CC93DAB9A0486B0A7B0707C4C4C4FC68E4256565C8931AB8ABC8CECDC51D77DD8FBF3CF81032B2B2D0D8D8A8C7B1104320A83C967CB10CD366CEC5DE7DFBF4BBD3D1D6D62A06D480C6A646DDBFD3653A1F9A5B9AE51E1BF669967D4F46BEB859C5A228D84AF4C3C64D983BEF727CF0E1C7A248CA757B1A575353132A2BABB067FF7E4C9F7B095E7BFD0D253C82EB972DFF0613264FC3AA55DFCB7594EAF6BA9F187A9990E3E7CB9661C6EC8BF1DDCAD57AFFCE052A89E75F7A190BAFBF09878FC66AF336AFD35A8C9B9FBCFE3DFBF663EEA597E39DF73F947B72EE6115CA45653DFEE4B3B8F6FA3F21E944326AEAEAF438DA7F4ACA585D5383F51B3763F28C3958FAF572E35EBF0C3C5EC2CE6CD8DA5BA2BAAC01F31F18A53DB9F96ED3ED4FDCFDCB83E767250DD6BE2FDFFE35B689013AB8D8A9AA2028723AE4E4D622D1C3A27D70786BAA30B8A53E00C37BC3D609533437081B4B4DCCDD648D128D6E4349201BF2A218CD6564F6E0F6345C77C718CC5D301033E645235E5C89BABA66D4892196145523BABF1FA2A27CF1BDB02607E4616067C757F168916D66CC8C4265553D2688E17A78D861D5DA04348BE133586A21ECCA1A8DA9EB94CFDA7222A4C1E65F17276B0D74BA3AD9606F5C81E68AF41577C35D58992ECF8FC4219FBC2EC3B59D0AC63758CE6FB6A42221B5144542A0BF1732A59663262CEF2163436347C7E82789902F7757E5774949291EFEEB13E2D2A4A0478F1EF2C25AA8D151FE17899AA9A8A8D04BF7F4F080938B339E7AF605AC5DFB8361E79340C94BD7882F3C09B9ABE0B6BA8F2CA7E70A58496DCB1A9C2A80AE9289AC670DCE6746A2A91405C2C06F9BBC3BF6A280820202F0FDDA75F8EB134FE9FEFF7AE36DBCFFFE62F8F9F9C2D5D555BFA3A1733FD6E87C193DDCDDE12ECBEB6FBD850F167FACDB9C0D4F3EFBBCAA315F5F1FD8DBDB0B41CAFB5852823CA36BC5BF1D85C0BDBDBCF09518F94B7FFB8771CF9F83E57FE6F917B06BCF6EBDEF241E920CCB5626A4CF67C867EB2AF7DCC7CB1B1F8852FAE8E34F8D7B5F38CAF36B64A916F56E8EA6D666F41E1988B0413E1AE360AA42AA7800BF14674DEE7A6CC12738BE37138ECEB654F5F222D1E06485B046A348E27173FB885B928646A9E5D90C43FFA3C354B7926DE4B593173A24D203A9C70B35B6C17C0E53715D94DDE580A6F2A9BD5CE54F4BB988590B06E879EDEDAD11D4C31DC347F5C0D09860F4EAE38BEB6F1B898AAC2ABC7AC7D770F370D2F3652617C23BD415D32FEF2F72DD547CC20AEC3B98A301513359CF7270F42E929BB5FC5D5ED5242445E33741ADB852F32E8AC4BA9DE92AD7AA453579BAD9A1ACAA01BD42DD902B6E115B584C29E984A4BC3D6C95344BCAEB7FF6A233685A2EFB6517D6A0A2BA51D3CE1DD8C2F41BE3BD0F3E16D96EE84047497CF5950BB062E52A91CAAD526337C1C5D909C3447A9F0F575F7B83D468D56A04AC29298BC78C1E2D527F11E6CE9E8D5E3D7B222B3B5B6B452B3160BA905BB76F47FF7E7DD5383A91909888FD070EC34A5E7E1AF094C993D46D381F76EFD9A33106C2C3C35DF7EB045D114AFECEDA97464E92701302183A7408264F1C0FFFA000A914C4784BCB94F429E9A950D6AD5F8FB8E3C7F5BA181C6E1077C64B5C9751A34662C2D831F0F1F4929ABD560D94C4642DE7D9272AC1598C3452AEF974BC4A376AD72EB9AFCEF22EB4A84B327CC810DC74D30D5878CD9518346080BA3D1999D9FA4ED8885B159F9080D696560C1CD0DF78949FF0F853CFE2C8915838CBF1E8BEB7C812E8EF8FF9975C82C99326C0C7C70BE5E5157ADFA90458C69DBB760B89B8213232C27894AEE3C09A64ECFE3651EE9189DC232B2C78740C9A4419EFFB3E09B68E56EA098CB9AC0F6CD89DE31C904780EFDFDC87A686568D05C65CD2FBCC4A63E5077B706C4F269CC490280CC8017439A8325A9ADBE017ECA646999F5AA63108AD8D4D459AB5B33A66CD2E062B37CFD2D2C2A8500CF91C1DF2309581A4A6903DE49FB8398DCDB0B631C7210EC493558E171F5E8D6D1B92B07CC9413CF9C04A1CDE9F096F4F47ACF8FB6E5881B2507615B8B838E0D34737CB31A05DEF776C4F959ACA4C5F24BD5259CC854CB2B32B85D9DD34206A2A17C3264B27B9515413F57213581C5B7161761CCA41CF6057EC3E928FE9A3427558C056B600C975B3A4C6D39E11DCFF84943D59CE157BA2CCF8ED6F8BD8B8A35A3B35CB0B1C121CA4DF458485C97535C2567CF5838762F5BB73E1F32FBE446945191CC4B0688CBD7AF5C45BFF7A0D0FDC77B71A419FA8DE98356B063E7AFF5D5C77F55572EC668D05D0C0FEFEFABF37818CB5708B18EAEC9933F0F187EFE1A1BFDC87CB2F9D8F3B6FB9056FFFEB9F78F2AF8FC8B336536366DC8535353F196B6240F1E6458BB058AEE39E3BFF8CCB64BFBBEFFE3316BFF70E16CA7551E5B2F2721445B3F893CF548D9C8CC38763B165C74E5511748B78DCA79F7C0C4F3CF608468F1C81F0D0508C17227AF2B147657958899704C2ED7FD8B0116969E9C62319B07BEF3EECD8B1038E8E8E5A5E1AF1C30FDE8FB7DFF827165C360F53A74CC6AD52DE8F3E7817375EBF50EF3B89D343D4DE3FFEF5CBEE7B6A6C3E5A44713339CB23C409F62EB6088CF65295C177B9AEBC1129877E99DAF8196964261661E5FB7BE12CB52B0FAE8BFC508540F690DFC3C52D39BE3F1B162C00BF5362309000C17DF467A7C1A9111BBEE3EFBC2134C60631DAB09E5E183ABA075E796C2D567C7608DB37266947B7F0080F5C76CD50F1170DAC3DED96A1B2B761842DC2D2DA0C1585B558FBEE014D275F70C540D48BABC0726A49F8299BB68A9131C78365D77F42062E4EB6A8956D35182BFC45366EA86F456E41B52671ED921B3E634CA8BA68243D5E3F8F792E38D858E2B0DCBBDDE25A192FF637035D8616216183F2694770908134FAF58BD60021C939F53CAD1ED5D5D5D82852DB450C852F2E7B1A3FFDC4E3521B9F3980B7E0F24B317BC674A9F92AB416E5F11910FC77A15E8C75EA9429B8E3B65BF4BA4FC730511E7F11B2A30A2009D070F91E9697970B09DE8B8B67CF306E792AAEBAE2725CB56081920CF761D075CBB6EDC6B506ACDFB4194D727E3E75BA7F2C0349F54C60396EF8D3427DB7E82E928C491227E34371833A039B54770FFDDF5F306AE448FDFB74CC9F7709AEBEEA0A7D5EBC6E12E3CA95DF1BD7761D25A2CCD95193EEBC5F989BAA73EF1017B87839C87B2DA421AA9895FE2FC1CF9EC6966F8EA2B2B816E63434351543FC81710AB624048A31338DBC30B35C5B4714F45BC44E9434E4C119BE6BD702F36FD11946E313C333AE673F10BF00174D375FF7F551B4092BDAD859C0D6CE5A7BC86E589388267123464F88C0076FED127FCC1753FE3408B5150DBA3FCF66EF6C8DE57FDB857629CF94291122A17D3536A18511B074626BAA2AACD9314DCAC37F9C07A5B8ACE1470223B998C90D8E4D2A45FF087764E456A348D6C70CF4937D0DC1ADCECB3A1B781C2A8E8DFBB2B16C7D8AF1DBDF06FB0F1E9617DC102C6300B957642FFD3EB26784948BD7C001884C909A7E76E2484E4ED5788685100C9B3D6FBDF90695F6E7C22D37DF68787EB2588A81B1D5E3DF01D6DA2E4E8E5824AEC0B9307CD8505C24C4525D5D23F700A815831C346800468B4B722E5C76E9251ADBE0794888DB4E228D969666ECD9BB57BF671075A8B82431230CF93C67C3B42917A17764A46E4F1C893DAACF8AA8A8AC404E7E9E1CCF5ACB396EDC580C1057EF5CB85208DBD3C35355A5B5EC177BEC9851B1770D65F9D5C84928D1CA84EF65483F43CAB8930801375F074365292E555EF26F401AC53995D8BD3A01760E56CA467C59D4E4E95AC817EDE287450D0F46DCAE74B918CA1C59ABEE0037960388FCEFBCB48E16832B63705FD8A2C24D643B395693280CBF00678C98148E355F1E5212222B32BB9379086672A1ACE5A7CCEA836C21A74FDED98D155FC7E2EA47C7C3C9D356FD4682637514A557206177365C84087A84BAA15F5F1F7978CCDD907F72523605B734B7C3D5C95A1E244B67026747A9618469D9BB5624882CE2CA48F92AAA1B50585287617D3DB1F560166CAD2C101DE681EA9A6634C98D56123C07D8FFC55AAE978AE3B704E3077413784F2CAD2DD5FF2502038244C2BA6A6D6B67678B6DDBCF6ED46C31696D6F55A5E2E4ECA43182AE60CCA81891EF75EA021D3B9E60FCF6F705DD8551725EBEF4E743CC88611A07E1B36D1675306FEE6CE39A7363FEFCB9DA4A43E24C3C9164FC562A98C616E4E6E4684C81EFFFC8E1C38C6BCE8DBE7DFB295170BFC2C242D4D51B82E2F1F189F23E1B62798C7D4C1A3F5EBF3F1FA65E344594739D3E77E69A5455767D402806414BB2AB74747E33331304F531BC2F768ED608161785E66A25B6937A300F7555A7B6607505A79046E2A16CD456366820B1D33C9406C48829FDFB8F0D436E7209AAA5B6A7B8A0612AC882FC9555B63C3CB23E13A7DAA586B79207CF422A64A7C6BA4678FA3961A4B8141BBE3D267FB3ED9DC3FD71F42ED9460ED1D0206E4BA427060E0BC28A2F63E5C19A61C907FBE01AEC8411737AA159540A37ACAF6AC2A069E1881CE10F6F0F7B79099A7464AF1E216E22C1DB34D8CA547533291753CB99A52AF7105E6EF6C6B472C335D018D98E6D29E5D87D341F23FBFA098199E2EB8DC9880872C64DF3FB625A4C885E42A9DC9FCA9A46540AE9742E0C80F2B35C1E4095289DEADA66DDF6B7006B85DCDC3C7D199BA416EC21FE742748141E6E547E2D2AB5D3334EF5A54F4683B1F5802D0FCE22959953D315D8D9DBA3B2AA5ADDA092B262E3B7BF2F5AE47AFC7C7C8C7F9D1B0E0EF64268361A0321B1D9D9762D57C5D7DB5B2B1FD6C4AD6DAD3FAA847A1A3B5F0C45071C1CBB962FC15C1955D282063916DD498284AB55AFDC7B4B2B4B25ECAE80DB65E7E46AAB566E5EBEC656BA8A8C6345FADEF09C76A2C67D420D2D490CFA07F47297EFDBD55D29CCA84055E9A9F19CAEE014D2387120076D2DA22CA486A6FD134A00626C6CC2ECD93F0087B7A569932779829B74928AFE4572503211C2905A9929DE6C52D56C41594D77C3D5C31113664561FD37C7502B8646C6E30BCC6DD984C7E1726A2A1BB170D1485494D661FBA6243839D92991FC202ECBC2C727C88368D45A9F893637BD320DFB572763EDBBFB70D32DC3F1AD10D184096172BA0E1D538342889DD148029CBA31C0D711F945D55A460E2DCA1B687CD61ADBE0A03D8744294C1D1D8A8AAA0684FA3962402F4FCC1A1B8AC76E1E81CBA7F4C49FE646E3964BFBE3D605FD71BB2C775C3E00B75D219FF2FB7D0B0763D2B04075E57E0B544A0D939797A7A4C09A67D8905307040A09095183A1FF5B595125EE598D71CD69A00AD440B53C1F7DEAC68B3E0F2E131FFBEF2FBF80179E7B1AF7DF738FF1DBDF0F343C4A71ED72D005E8BB6ABC14EE4BF2EF0AD8818BEF00F7E1313A732CA8167E245429C78F15E379C0B3D21E0883ED18FEB21322D3E3C8319988D7D0D0B566F9A183066AC21E03B0F7DF7B175C5C9C8D6BCE8F9443B91AFBA38DDA89C20E8AFA296EE51DEAA2F796EF404B633B724E9418D7741DA7DCE18C8442F179E526C9C90C2F9618BFBC68EC68367EDE006CFEFAB0484133BDA97A33C528F9A9FE96BC94FCCAB4DD38C0AFB0378D941314313FA2A9A1195E3ECE9830A70F562E39887AA9ADA942E404421386F8079B4E1BEADA30626C0F0C15A37DFD858D1ADF3097F7C7CAD214CB3EDE0F73776B4CBB7E08F28A4B31E78E91F00A71C66B37ADC0A78F6D85B3BD15AEBD76089E7F710B6EBF6504EC6C2CF502B3322BE1EFEF84DADA464C1EDD039B77640A9919A2C86C5161F9DAE5A5E1C3B61355B3FB709E267A3197C3C5591EBA11EEAED6281195B5431ECA27E2C6BDF6E921FC4B94D0BBDFC4E1BDAFE2F0CED771787F791C5EFA683F46DFB014B9856731E00B405A7ABA1099210988FD6F4EF7D7478E1CAEE3A3B28992E9DC59523B9D11BC58230CAF73D7C0969A91E2D30F1D3CE8BCBEF8FF179C7631AC2CBA02D6C23F816F89F1067512C685A2B3963D0D43878B1BA8F6C23398E09D7717D3AA0C2BCF011F1F6FCC9C310D93274C5017D1DADAC6B8E6FC48DE97AFEA9D15B157D0A9CAA6FFC41EB07660ACC3545CB166C46D3CBB3A3D1B4E218D9A8A7AED1B42A864978BA50FECEEE388C6FA46D494378A9F644898D25B4072E00DE08DD687209FFC2F44D32E4CD72612894A8299A5B6F6D61833B31776AC494093B83A1C8D9C7E0B9B67D97B8E8F9B29E6249149337BA3A2BC16FB76A58B3CB4963398889C3247B1B814EBBF4BC0C26726C0C5CA5EB3DC7EF8E020EA2AC43510F5B0E38B384C9FDD0B9EEE36F8528C79EA9408D8D858A0B4B4162E0EC2B801CE48CF2A975A9BE794F24A99D98AC3739BC9C568DC465D1513EC8DCDC7A8FE7E282EAFC396FDD9D8139B87A7DEDEAB4DC4D1E1EE9837310C574FEF8D20512E0DE2073343D456AE89FD57DC8468189C5DB7FBD7F73E4DCFCC56A5C71AD0CFD7578E7F6A5A3765B185B156A6FB525C7AE13547377E3F589A5B62A8A843B642D9DBDB69B0FAF1279E4195B87CBF07182FCC4B2D85A58DB9DA59FF2961C6350670D6421B3B4B7D9F989290117FE1F1B71F49E318FB7F70701C3118150DF283E4502F7E7ACF8101C817FF877E9A2637899D71ADEE2E864716FD31206A0447CBAA979ABD4E5C0D5B29E4DCEB0663EDD2232893DA9783F7980AB1F03CCA32240F35D876788B22183BB5173EFCC70E752998F04D22A1BAB1950B7EFBD5ED70F575C23F0FDD0A3731D88F1FD9A8AD288E2EB678EF8175F076B3C784F111484E29C521510C93C7856917782670B9CA368C653053B4336783B114CDD9901BDCC84C5271919CED2DE1EFE380C76F1B816F37A6E858A22BB7A7A14CAEE5586A197E103258B72B03C9B9E5983F290C8F2E1A0E2F371B1D098C933BD12D627F1B8ED3F16B9199912EB7A75D9B49434282B46FC6C9707674D20C48CA6B76F6CB48EBEE26FF47C3BD77DEAEA3ABD58A7BC96CD783878F60D16D7760F3D66DC62D7E3B146555C87B5AAD71C9BAB6460C9BF9F3C4B5DE314168A869520249FB0599A14A1A1C1323764B0AE6DC3412EE62904DA20C18372053B9FB39C1C5D316F1FB45D25B5BA87A205DD0255135220BA55EBB100AFD282693B00DD83FC405F3E478D73F380193E6F5C35AA9F91B6A9A6121F29F2D2406CA919F240C2106D6FD9C64E9D607262235B110077667E81406EA73CA5A06312D2C99CCD3847FBDBA4DFC342FBC7AFD724346AAA5B996ADAAB4012BFEB60B77DF351A33847838C87071492DA6882AE817ED8D0517472345589803F070D8401DB9DCCD4E7BAA4E1BDF03B3274660EA9810CC1A178E948C723C2BCAA257A8AB8E48EEED6AAF2D23D65206A6423736B7214988F4F9F70FE05D714BA68E0CC575B3A330634C0FF879D8C9353139ECDC7D11CE07F695C8C894FB6E69A81998CCD5D93FA413EE1E1CA13D5454468B3E07E652B0A9AE1B7F1C383939E31FAFBC02773737CDBF60C09681D7871E7D1CB7FDF96E6CDBB14353D27F0B6CFF2A1EB626563ACBA1B7872B3C835C8C6B7EC2F8ABFBA1BAA9415B368BCA2A50947D6153752869EC5A158F0DAA02AAD137A607265F31087D4784E0CFAFCCC5D34BAFC5C7CF6D109FCA122DA21E480C6D523B33D049D7857641DF89C1155B276BB8793B20A8A71716DE3701BD06FA638818A0871051694115CCA590745D0C1E5E2759C83F2111CAF946510403460663A39487C4C5E09E12926CC920255B66786E9F00839F66EF62A8753BFD53DE845DDF26A043882BBCA79BEC63AA599DE3C78661DAE49E18C39EB25323316E6408A68CEB81417DBC1115E1A199A4F12925D8272EC88A0DC958FCCD511D7478EBC11C8C18E0077B212492048FC773D17DE1EF9CF1CD5B08A249CAF4CED7B1F876530AF28A6A30B09717668E09C56C39C7D603BFBC6310D38AF30B0AF53E30101A1814605C732AD8078339272497DCDC5C7476E0EAC61F0741F2EC9E79F2714446466A65400406F823332B0B2FBCF8373CFED433DA09EFD722767D0A6C1CACD44DE931E0CC2D503DFAF9E8085E740C6C618D436B928D6BBA06531AFE916DA93A18F0814D4958FEC6766C5F1187BFBC7D29864B6DEDE6ED88EB1E9A8251337B63D2E5FD31FD9AC1987DE308CCBB3D0657DC331E57DD370E57DF3B1E178B441F3F371AFD4785C027D8552CD9780601ED9DC4221667F446D86221EA41B7216130FFC00C834787A24654CA66210D8EDD41462365304F84CA8663657096B57997F65797E28697A68A41B175C770322B31EE9423F9D8B5E204E6CCED8394B412AC597B420C4EB95131697C1876EFCBC61E21841DFBB2B079473A62138A5020245121F780238939DA5BA9A2609EC6BA1D9998333E140919A5F017426C6939E9C204BC060B7353383958A34E48EF6872093E5D2DC425DFD7335FBFE997AB8DA2E222D4371A92D94808BE3EBEFAFBE90813A541523113D78A636ED49E9616DD8D3F06820203F0F2F3CFE09A2BAF906754ABFD4CA83A98C075FC783C9E78F2193CF4C863F2DC7FB95B5B985E29B6648E5679EF7A0CF8A9AFD0C9B077B5416098A776ECB411577CEFAA9FF254BA025376712F2F96DA5164F54221873B5EB9180327448832F829505353598F0431B24352936E5A1E8B95EFEFC1672F6FC63B7FFD1E6F3FB2066F3DFA3D168B1AF9F2F5ED58FDD1416C5F790C6F3EB606B13BD3B1EA9383CA1F0347F740A3B827DAB4C51A5B3844DD0E59C7C2F71D168CC131A178FDC91FB4C544C7E0602C83D4411746544643631BFEFC9771422C0DB8FDFA2FD061698A2B1E9B809A52C3602854004C8679FFFEB5B0B630C7FD778FC30DD70FC3B7DFC5232BBB02B97955F87C692C6EB87A304244B63166C24E6DA41473EDB569D0403C17E3289C802921AD0C6EAEB64A003D7C1DB5A5E24C20A9B1BF8A839D05AE9D19A54DC45BF7E768B098B3D177AAA10BC1A1234785C4D853B8035EEE1E67CD5D0809098615631DBC4FB26D6CEC61E39A6EFCD1C044B43F5DB7102BBF5A863933A76B9C83791DAC141C1C1CE499C7E28AABAFC5D7DF7E6BDCA3EB483A90AB7147BE031636E6E815136C5CF373840AA1508D305C50927981EE495D7513FC42DC44DA5B60F3D24358F2D206EC5C791C2F2D5AAA999F6545D5F8FCD5ADA82AAB456579BD32189B73EC1DADE1222A84B9EC74495CDC1DE0EC6E0B7B7151189D8D1A1288951FEDC7472F6D4296487F374F7B8C12D78064A18381C8C9D54151FB6CC7F4F9FD34B6B26D5D229C5D6CB58F080D98A0BDB536B76B7F940917F5C292C5FB112B3768B3A888E9370D82AB9FA3BA4E848DA395104411F6AF4A44CC9860EC946BF8E18713D8BD374B5B4E366F4FC357E27E70D4F1A913C230415C155F2F3BED7BD2748A2A10BA1235C4806E49590382FD9C747473954AA741B311C5250A0B70C68C3161A811D2B3B1B1E421B06A5B1A0E8992F97194B00BC0891349DA94DA2244E5EEE90157D79FFBA704BF0FF0F3D52659F6F2DCBE73AF714D37FEA8B0B5B7C39D77DC867FBCF222A64C9CA041F9BADA3A1DC888CB3BEF7D88F73E586CDCBA6BC8385A8016A9586963D6527985449F7DC4F188C1FEE0F0066C8D600C3233AEEB43009A16A4976205E711D99381FADA16F1D54596DB5AA238BF123F2C398C6FDEDC8509F3FAE928E3E652B36B2F52A9D1D5748C06CF58039B2E69DCFC9B391001611EC816A9CE74F3CA925A241DCD07C79E9872991C4B24BEE6BF930C5ADAE1EC668721A274BE786B37EC8470D80CABAC42188D8DA9E131E37BE8EF5F7E7C4088C5068BDFDE0D07773B4CB8B29F0E61C6425125B8393AE3B3C736C3D9DE1AC1E22A31C18C6AA1A8B01691E11E62D4CD58BF350D1BB7A6A2A2A20183FBF9E1C605FDD4FD282EA9D332F1CEB37C74AD9233CB94102A850C1CE56118D2D10DA0A1322374CAF0204C1C1E28F7A70385A50D3ADEE8D1A462047A39A24E941453E32F046C2D292D2B53D260AB88CF394686622DC5E658068959932526FE7B4749EFC62F07BBE5DF7BD79FF1F4937F4540803F8AC535A1EBCEE106BE5CF6B528E365C62DCF8FA28C4AD99759C4EDDAC7C4DEEDECB91D3D870B6998339E086DA02848AF30AE393F4CD9D468C3E1C96D3962B1D81D9BFCE540AC299D4439FC20EEC584CB07E877ED5299B79BB2B615A391B39930218A2422166E224C492A61EE7EAF210128C828456D65A3924CA618CF00914ABBD726E2D8DE6C5C7CE3102513C628CA8BAB71FF0BB3502424B5ED87C41FBBEE1A5A650C6569935ADCDDDD1E975E33043B36A760E2E4484C9DD95B9487A7D4C6459871CB5078048A1210E324380072F689526CF9E408EEBB6F9C1CC29038969C528C90401725167BB95E2A8BA30985F86A550296AF49C298C101B87FD17084FA3B69AC84528F6549CAAC90BF4D10E0E928FB59A94B43E2600CC3C1D61A2FDC3D0AE181AE3896528A2FD625238E5339C87AE66E84C8B102BDEDD575BA10A4A6A7A3B4A44449835DA5274E9E685C73660CECD74F5B6BF8C23112CFDE9EDDF8CF41BFE868BCFBD6BF70E7ED37EBF3A68BE1E4E488D7DF780B79F9EC397D6ED063483B92AFF6D82236D86F620FED437636F845B88B7DDBFF58D1A7C7757DE43753361FAA0F6F30553A0CCA09CCA560B771CE7770684312A245C63333D4A49D244183E6468CC08A93A1BBCABE721CFAF011D17E38B63F5B0393661626282BA84695D4E8034787E284D4C0DBBE4BC084397DE1E5EB8C88BE7E88ECE78B4DDFC5EBCC6B8651A0581E39243FE43CEC421F332E14B93995080876C34D778FC6D5370CC3ED42081C04C725D809E3456D340A01B25C6C6DE0540AABDF3B085771A3E6CC8E467E7E2D32B32A101AE26A28BB94952D3296B29D9D101573393E581A8BAF57272042B699383C5849C4C3C55AC8A34DF335C60FF597ED9AB58F4B656D232EBB28024FDF3142DC8F627C2E84C8D6160645D9A396E5E6F1796CED9A7F81E0C8E324015E8B95B5158EC6C6E29B15DFE1ABE5CB65F9E6A7E5EBE558F9FDF7481192E1B817DC9E2FC1B1F87F4FE7B26EFCB6983F6F9E0E88545D53AB158093A323967DF58D71EDD951535E8FC2CC4A7539F8EEB3C3DA9A77F6E3DB5777FD6C59F18F5DD8F6459C0805434F769A5BE6B1628D2D7605A694EE6CC6645E01FF913668549A192AFF5970BA199E81CEFA1D5B334C384AB06CA3C627309A3838E3975F30272A6A5077A1B3431893BBB67D770C03C6F68083938D065E37AF8843589437FEFCF4547DC9BFFBE4006CAD2DF5B86421CDCC947F3CBA9DB8043BB7A4E1A15B97E1D13BBFC1BD8B96E1BE9B97E1DE5B64B9F56B2CFBEC10AE7C688C468D7F6C491125C131128F6E4AC14D8B862127AF123672FCA3C70A10DDDB5BBBBCB3FC1A8A95FF9672B399365E55DB84EFB7A462F7E15C1416D761D4403FDC7EE5202109A6B39BE1D93B47A177A80B5EBD7F9CB82C4EF8DBC787B0666786AE77B4B352A2E03D6339388A57567E159284AC2E14F1274E68649D65A454FDECF3A5F8F0A34FF0F1A79FCBB2E4A7E5B3CFF1EEFB8BB166ED3A1DA487E7668A704ECED99B7A0DF7B56BE0F81094CC1C8794A35E75827EF34FE8FAF10C3D8BFFC030BED3178E9FEEC12F3D4227664C9B8A9E11E1A238E49D13A599939BA7CFE15C28CDAD464D5983D4E326B0167B8BDD9C8EC5FFB71E4B9EDAF2B3E5B327B6E08BA7B7EA40C10C3990688A33CBD54BE80A4CFB8882182FEE0787FFD2F13B694672E3A812B42399D47625F2E2536A734224E10CD9C4D8642ABFAB3010A3E7AD62EFD369570FD6002883A1541DDC486B4BA971F74B6D3D6C4298BEB4D515F5483E96877031E0379F5A8FFABA4698B269942FBD1C8BC76F2741C93FC6591A1B9BD022EE446B738B2A1E76086BD79EACED58F9751C6A65DBB9778D447589B12545F6E7B066FFBC7535AC85EC82839CB5DFCC8103391832C01FEDA21E38D298216E21D7A9D740F210E5214CCD818953B2CA7532A42FD724E05F0F4D4044B00BA2C33DB0F8E969784FCEF9D06BBB74B268E67970391924A5882017A4E5566A30F54271F8D0E11FC7BBD0B89180B930675B884E12E7D81709423AECFDFA230C8F563FB4AF5017F1F77FBE81F1932FC28CD997E0C65B6F377E2BC791676AA8643ACBD7B56372F01B92DAAF35ACDF0B1C6782D765FCEBA4DFCF0DDE03DE0B425EA71FC151DBA3070DC5C0A131183966220A8BBA1670E4A8E91CB087A4C18E881C55FD5C483B9CA7E3E0680F7516597EB0572B33B8CFB4A87D69A7B60E4D6FC84FAD40614AD75C5A534EA9D8536A53CE92C64E657A93E4803459551642240C0C166494212CDA57FB91E8CD64A1C4C6F57D919BC40998A3470623E14096DE3C164A098672C558B0A29C72588A02E0A44AECBA3E536A709E6FD7BA24383A1A460AE3B979D19DF79D464DF2E09804ACC5C98A3AC51C2F5C162A25E698ACFDEE38163C3C46FBA8D09D20AC44A1E4A596E1E0EA645C76697FA9B90DA33B151454C1DBC7116D1D0CC692FC486C72CD525E9687F79C44C5291939C749B9B8565FAEFD6956AAACBC2A1C4F2B83A7AB8DBA477AADA7A15594928F9B1D0A4AEBE1E57EE66900CE869CBC3C343637C9359A89E1B78203F0B05584CAC3D6EE0C8B7CCFF51CA087DB731C8ABCBC7C1DF4A5133A7E279FAB2C8CD2333FA72B607ABF7F4000BCBD3C11141068FC167075711165D962385E5D9D066EBB8292B252AD80FEA8B0B3B5F98904E5B1F25E7505159595FADE12EC02CF1EDB849B9B1B02FDFC34B9CBCBDB531B00BA829A9A6A2566123C9FA799E9B95DDC13FB7235B99121022EECDD7AB6854998EC326FEB64C81CA51D5557D6212FFDB47968CE02531BF1F9930FE5E222510864A956AD15A50611A3616D4EB140D97F58247BDFD1A172435928F9928662346E1A1E47F10A087347F2913C0D721AEF1FDF3A250F1EA7A1AE1935158D70F77680A7AF232E12435EFAF61EA989D9E1CB50FBE8D080DC4DFE19F238A42C727C133929D790C4F82DB7D36EEDB295958D39562C3B8A7629C3FCFB63502F464E704B5B7B2B2C7D7EBBFC06EDE9CA099D2BAB9B0C83F2880B61A89D0DE7309CCB703D1A9F91752437C635DC9D6DB1F5500E12D2CBB0725B1AAE9ADE4B5D1236959D0E9EAB455E0E1F4F079455D623A6DF9993B2CE866371C775AC07AA3C1AE5FDF7DE83575E7C0E2F3DFF0C5E7AEE0C8B7CFFEACB2FE0964537FDE80B9F3E423913C3CC85184944CC484C4AE95A16E0AE3D7BB5BF0BC7D3080BFB692C8FE0C040796686347F9E335194CDF9C0E9127440602A23C363FEC3C1C2C20A9E9E46E3960779E4E851E39A73233E21514D82DDDF3DDCDD748E152258C8822A966A9BC316242777EDBEEF3F74489526DF2F573717D8D99FBBE239B42E453B85D6D73463C49C9E7879C78D787ADDC2332ECF70F9E15A3CB7E13AB8F9396843839585250EAFEBDA708E1AD31832B9273E7F79132EBD638CD6B0CDF5AD70F5B64779A1B01D6B76B9199C6D7DFBB7719830BF9F14CC3031924E0B205293FD51DCBD9D34A6515956A76A8037DCC0D7F276F0006280249F435B5310DADB1757DC3E4AB7FDE1AB233ACC5F3BEFB8323C771283E501480CF2A9E792DF4822BACE786E1D514CD650113088FAE9E27DB8445C144F7145D83243D83A5822F9601E762D3D8E5973FBA81B51284AC3CBD35E4981C76302998EF921903368994972754DCD70177299240AAAB4BC16474F94E0AB0DC9F8E0DBE33AD6C68D17B3AB78C78F430276822D2775A2DA4843574EEB85C1515D9BA1BB13CCEA646DC7C5D1C911D17DFAC0C7DB1B01FEFE675D38D667AFC8087848CD462264EDCF7E2B9D888C0C878BA883565122EC3CF5F2DFFE6E5C73762CF972A98E5942894C793C6ECC58E31AC0D3CB4B0726E67C2224EF4F3EFB5CC7DB3C17962FFF56D50F0DE88F0A2AB211C386E9FD638C68CBB66D421C71C6B567C6E123B13878E8883677F399F5EDD3D730AF8F20383858542087D86B5512F8F093CFF4FB7361EBB6EDC8C9310CBCD4228A93CDB20C729F0B59E5C53A921DFB8BF51D1FAA9D39D94272B6C537CC4D47F38F1CEEAF95B99DA88E1DCBE28D473B37F4E9C5CCEE83E1D322717C6F16864CE9A9BD533DFC9CB52F8A8EAA25352F3B6BA51E2BD06EF29438ECD36130E676D9BE19BD0607203BA9C4207B69D86230AA066886ACB5655B1A24E550716E39C6CF89C6AA4F0FEAC44794AB6C62E5365AC3CB86DC9FBF185E2F2A1EFE4697C8401C9AF7A0E7D1CDE026AEC277CBE26029AA20E6E2DEDAFCCA6311ECCCB6EADDFDF076B1434C4C30F272AB35B8AA2D353C8CA194FCC5B08FFCA72209957B103328003FECC84474B82736EFCD86AB8395CE4EBF715F0E9232CB7199DC2F3B5B73ED1E4FF0A5610AFAD5337A6340A40716CE8ED2EFBB8A26794972F3F38CAE491B0244DA1A5A94CE0F66147A7B7B8942E460BB1D48CFCC32AEA13BE18A0913C669976C1A0695C3934F3F7B4A70B313725BB16ACD1A2CFB6A39DCDD5C512B12BD57644FF489328C4D4AB09BF784F163B4C2E0580F59D93978F99557751CD2D34137E69F6FBEA5031B53FEFFD13169FC58706A0682D7F7AF37DE4262D29953AD3945E3ABAFBDAEC4C967EF24CF60A2DC979371D51597EA044F2495E2A2623CF5CCF3670D6C1E3A74186FBCF39EDE5F1E8FCF72F6AC99C6B567C6A1F529B083B855627BECDF151875E6F4F133217C903F9A1B9B6126EF6C517DD73243F56D64C0E4FAC7A78B4F648EF0817E08EDE32335B4853695AA918A66679E013B9115E757232852E41B7D211AB9487C4E6F10DAC70B2744BE33804AA353A3979F6A8CD4FC84F049B3B822A3C5A0483A3BD7246AEE3B41C3D7FD68C4F283718AD2C21A21AE2A9415F1B31A25F2C9EF4AE5B3443F6BF5772EE525F528CAAFC23B6FEEC482BF8ED3B66A553902BA4BC9FBF270684D126EBB7524B2732B35DF42E76311E3523747889165E6B93938F1005107FD7B7963F9FA2444043AA3A8B45ED58521B80B384AB90F1C2FC49E6385B8E2A2489D74A95ECE49CE614D7AF3BCBEF076BFB069120906BDF272F3953438C176787898F62BE90A6CC42003FCFDF4771DA13C2DED94CE6BD72DBC5A0CDC4A0983C3E9D3F5B8FFA147F0F5B72B703C3E5E0D63EFFE0378FCA9A7F0C69BEFE8C3A06A69696952D7E774CC9E3153550E87C82361ED97DAF69E071EC4A79F7FAE83F3EE93637DB362251E78F8117CBB6215382CDF1F59657482031B0DECDF4FE3191C60989D0639C114A73B88157785F795E9DE1F7CF4311E7BF269255E2A810A515A13268CD75EC72763EEEC590811C541F562B8EF7BF0E0238F61FD864DEA4272F024BA776FBFF73E9E78F6397068463E738EC171F97C4E2179EE2107F7AF4A82BDB85574339C3DEC11D4BBEB534486F6F796774D14BBBCB876B042E2DEF377B0FC31BAC2D60E670F3B1CDF9D89DB5E9C85C29C4A94FE7D3B9C7D1CC0742B1AA08D9D15920E6461D0A4089C607F0A21010ED9B7F0FF26E1CBBF6F3510006B7F1ABE18A1928DC18AF41C4CD5EED9DF1F638434BE7E772F8AC54D7072B553A3A5356A70553E2BCBEA3145DC20E66F68CC408EA5E6AF0C64000FCB2011D54E87B8C83C678B7824765206067AC65CDE073BBE4A80935C135D2C96FFAB9777E3852DD763EEDC286CD8948298618158B5EE84A6BE931B9BDBDAB483D99431A1DA0D7FE58624396E07FACB43D8B23F476A7C294A1B0D89E733D1795FD3B22B7440E22BA6F7C2AA2DA93A695249533D9E7E771F5EB96FAC3C90930ADD05B069939319A9DF2FF017A5D155D0B50C0D09C6D6ED3BF4A54B4FCB503F9A815282B4F8CA0BCFE3C147FFAA64C2F12FCB4ACBF0DEFB1FEAF36259194761F77BC31C22ADA8961AF1BA85D760C8A0817A8C93C111B6FFF6D2F39877D9023508D68E35D5D558F2F952AD25F97C34A02C04E6E6EAA25DF6CDF89D5C1B9FD71F1574B9FFFAC843B8EA9AEB9408D8E4CD7773E9B2AFF0E5D265EAAE711C535E1B49850BA7B21C36648890EBCF4750E7F11E79E87E3CF0D05F75A63706ADE982BEFCEA6B4AA40C74733065B531516D266295548423860DC5CD37FDC97894B32337A9545C130B6DB0F00CB1D5F86257D163901FAC39F1BA54FED61652117E9F845EC3CFDC9BBA13A71CFD4F8F4F4573430B5EFFCB4A78FA3A63E845BDE013E40A8EE8C52EF17CA94A447D70EED4E09E5EDA8E1C18E6AE69E295A575F2B21903A07293A828749C42F993B33355091188A7838B6FE4E8CE2658FAC64E4D19570B145E2068884C170FEAE18E9BEE1B8F11E3C231606810068E08C26059060DE7673006CA2753CA675ED2176326C93603033072540F8C1DD703FDFAF9A9AB70FB5B73B4F5847116C256DC8A235B5370786D326EBE79848E72CE4994B4CBBD180C035896F2325C3CAD9794B705AB44F2F1A58F08729732B523471416F98B1DE9D83242854270C0E2CAAA267CFC5D3CC60D0D44BF084F6DBD49CFA9405ED1858FCE94949CA44A802F2967E3EA9CE3A4AB080A0C82995C07F7E7485E1C9CF664F4E9D31BAFFFE35584F508155553A1D7C8DACFD1D15E89C2C9C949FD71CE2BCA87F7D003F76BAFCCB381FD24967EFE29060E1820954283BE139DC7E1EC641CF897E0E0C4ECC2EFE9E1AE711212C8E92D092C73E7A227EF0AE4F1F1BD3979E90A0CDB1A9A1ECF94ADCB9C9CCF3EF950E31B3A676D63A31A3B1515631D8E0E8E62F076DAE18CD73C67F64CEDC17A36848785E395979E5352E7B8AF8493B383D894A912B5AD9D0D1CE4BE3536362801733472CE4B73BE314F8B332B509455295E82A9A64D746552E793C1F003E743610308BB7F7465CCD09F4DCB386862381C9C6DF08F3BBF86BDB32D82C5151934210279A925282FAE5557860F2A6C801FE2F76469A6684176B9CE2A4D52A1BB4217A2471F6FF41B1D8AFD9B9231784218068D0B130272C1BC453158F6F62E1CDB9BA9FDFE69B0ACE6492F7C88ECE13AF38A81E83B2C08775CF2117E5811872DDF27602397EF8ECB673C36AC3A8ECD3F9C407A4A99B82CB53828C77AEDF94D58BFE604D6CAFA43077230636EB4DED0E403F986D4747939A84AD20E17E0F2FB462129B51469E9A5F2825B2135BD0C2EE25E5C3CB3378E9D28466C62B1BC14E27F0A11DE75C3507CB93A0135F52DB85AD65F33BBB7908B09F61D37B44C903BF89ED637B6E28410D188BEDEE2AAD8E9C03DECE41626AECD8560DD0F1B919C9CA24AC1D9C901D75C75E505497A1AC096AD3BB409942ACD4B8C748048ED934163E6140116E616C8CDCB4392B825242AB68270F46B1B2B6B796927E1969B6ED0C980CE07D6B49CFC2730D05F95526A4AAA48EE2254881F5F2D06E2EDEDA3D348DEBAE8464D3ACBCACE52A3F4F5F5C6A489138C4701FEF1FA9BE2F636699F9B98E1237406F5F38123757FFEE5328DA5D0B59B3C792202859CCE07B66230598E6AAA54D4D69FAE5DA83187934125312A66A4AABD4271218E27C4A3DA38323B9545AD10EB6859BF48D4C0FC8BE71AF73A3BD84C1D337284E6D1C4279CD0B14FD8558144C1C1798AA51C51BD7A61D10D7FC282CBE7FF184C3D17328F1763C34747947C2A6A6B70E3F353E1117061EF5C567C1112F7E4AA1B4F5BE488FFD6C6B001F9FBF469194D84D5CF48E9B1DBD2F0F7BB966BFF11F6629D76ED10ED0D7760638ACE123FE1D2FED8B3F604068D0FC3AEB589689603D2FE59F871F3A371D363D35057D3888DCB8E222DBE0015A5F578E0F58BB5167FE8AA4F74EA0253710118EE603095E383729E14B61DBFB5F2267CF9F61E2C7D6F9761A01D3930678FD7CA87AA5DC8852D142DB2C8AF888CF2C5485119BB7666205B082025A5046F2CBE12FE2EB67868CA6234D5B66A6A2D512DE57870C9A570EAE781D7FFB90BFF77FF387CF5ED71F8FAD863F5C65454D43408C958EAA85FE346896F6AD681551BD3A4E6B4C6BA0F2F37C478044FBCB90719F99CEF94B107B906294B93288C1AD96FECA00084073AC1CED60A13879EFF053E19372CBA0545620094F7C3870FC5630F3D685CD375DC7EE73D2A7FD93B3632A227FEF1B7178D6BCE8C86FA46A4A4A7A901F9FAF8C0DB537C62C365FE22B0E6A4EA68E96885A39D83925EA702E8541252BF6B4571322132E8C7BFB9DEE0C29CBF10DC873912DC962D602ECE2E6A94E7836116F932254E96F7E4796ACF06AA8DDCFC7C550A6CAD62D099FBFF52F058B1B171AA5438E136E780E5B4141782556FECC5470F6F04C7E26516F6E2CCFBE0EED7B569173A11B72D1D778D7B073E5E2E6A6B8F7D770522871B72729896704BD46B2A0A9841FAC0A7F34F754F4E46FFB13DF0F69EBBB1E899E9DA99EDBD27D662DB37C7102E0A234A5440A330CF9839D1422AF57072B5C1D46B8660D153D3F0ECD26B953008469EE3F766A9B1370A8130857C87D4DA745538A319BF37280C060B20C4528B990B06A97FC5161AAA1AB22D0740E55817ECD7C10995D89AC098839DF87136E2129D905AFF9DD7B68BEF698911A26EA832D67E2F4410E18E81E2BE90213BC1710656BF770091216EF8DBCBD31112EC8207EE198D5DFBB2919EC597C84C034A541A21FE8E58BF3503D1911E1831D00FA5E2A6119C28DADCC204413E8EF0F37480AF879D2C0E08F37746FF9E9EC82BAE4190AF1396AE4D425965D7679267F43B39254D836A7C910644471BD75C18428383757F4EE0CC0C440654CF051B5B6BF4955A9DC13F2671FD1AC22068F0F6E296B8383AFFCCF855F19144847C4F5750868184E4F9CA33EF0A6110DC8706C719D3BC3C3CBB441804EF8DAF2820EED715C220E89670C0A3C103076A00F8D71006E1EFEB8B99D3A762DEC5737494F90B250C2223AE5087C264BF91F021BEDA747AA17074B38713BB2C48E5D7D2D4725E17E59CBA973D5D99F4F5D4B2EBF1D28A1B31EBC661FAA07B0F0DC645570DC2FCDB6370F1AD3178EEABEB71ED4313B50B7D70AF9F1E80A38B9DF84966F861E9617171C2A550EDD8FC350796F9A9E661B32C0BC1D803DD8839A268BEFE600F7233C475B0B712792BFE3D7D8076D624861A9D39186CC9A9AD6D1235D3A4DFB393D8813D9938202495256EC7A25B47E9F1E7FFDF281D4A908C4930269172300F8736A4C0CEE6A71B3C636A4FCC99162935A3A5D4D0ED080970D159E22F9F1585406F27A46654E0FE97B6E0B3550978EBCB58AC1676DE7E384F3BA9ED389287DD4773B12B2E1FFB8F152036A90471C9A5F2029B8ADBD2B50C4022252D55DC0AC358911C6BB577EFDEFAFB85222666B8DC9B7A35BEA2C2229414772DD3AF1BFF59A8AF6E425E5299E645913442FB79E37CB3C09F092E5E7608EAE5A1EF1C6D2B33FEDC93629D93343AE1EC6E873E234230FBA691B8ED85999875C3308408397034E390DE3EB0170571368C9D172D4AC416972C1A81551F1F405672B148294B250B064059E3B4494DC85C8F85F71A92872A8A6A1110EA2A6ECA0D98BB70B02A0506CD982549C5C13960FB0E0EC00431F28BE6F4C1745966CDED8B05B2ED1C21AE71137B225B4887F00B77C7E8CB7A8B7433D4F89C82817D58963D6798BFB3BAB6116BD625E1D57FEE444E5E35268FEFA1C1D01993C2E0266A67BD90C3CE83D9AA2EB265FDD6FDD93A0607550E7BB072FE562E36425A9CA18D04E6CF56A89452F878DAC2435CA4AE62CBB6ADDAA24137C1D3D3FD825A4E4EC6B061C3447E372AC153B227249E3F5BB31BFF7928C9AD448E9006BB68507987F6BFB0CCE34EB0853128DA5BFB74B11B46C69142B1B9B3770BE81269FC1A440D0EC45D2FCFD63E221F3EB74147F832382572724E712656C65EB67E212E9879C560BCFDEC7A24C6E662F69583E1244AE5BABBC6E2D29B8663F61503B140486BFAFCFE8888F2D666BCA2FC6A51156548901A7EFB96547CF3E511BCFFE60E7C2A4AE5D9277EC0F2A547B41975C123E361290A824C4AD0F5D9BF2B055922ED92D2CA5052560B1B295F5656053E5A7204ABD69F406D5D0BD66E4943430365BE19D88A65239F1C48884153114BAA9C7E822172CF5884AFA73D0AC4D5AAAC6ED6D695AE62F79E7D7A5F2AABAA743E13ED2FF20B400DC77E22F4BD793C1EB71BFF7D284CAB40B6284956AA8CED0544BA19D75C3882A23C34219236727C5B262A0A8CC96752B973C8090ED5590F4E37D9F6F3D693DF1A4C180B0CF7C0AAC5FB10BB3313B6F686082DC9828954FCC75EA093850CFA8F0846FCFE1CF885BA232CCA47833BE525B5F8E2AD5DD8BF231DC70E6423510822536AF182BC4A9496D4E9D48DB5E2A270B83F364F31026C6B6FA9C65227EE4B4E76A52A92C2D47224EDCF85B5A8232D57BB39D28F16E0DA07C7A1548EC1418539DD818383B5BA27CC300D0A70425246A5AA9B0E792A2C76A3105C9F080FA4E6541A5C7FFAE77A44DEDF0E6D8E1D35C05FE74519D1D71723BBC8FE6D6DAD484E4D838F97B712C6C8E1C3D1BB57A471ED85A34194065B0342434234159D6DFEDDF8EF425662319A4A9B7552E7F0813E187559F42F724F08CEED5A5DDA28C4E3AE794E232FE90D07171B55AAD90986A131BCBC5D307466CFB3B79EFC96600EC7D3377C89A2DC0A5508AA6F8430A83728E739C8CE927DF760DBEA04BCF9F85A38893B34EB1A511AE2D65455D463D907FBB4B9D4D482E6C95610A9E1A5AA67C169E034544B210BED15C86F59E38B298F9ED0035B36A6E0ED8FAE40656A251E9EF6B1F67F610B0F150107567D76ED4258063961F386147CF1F55138898A68956344F5F602F3483834E0816385B0B7B7469B1CB55DC863E2C820EC3C92A70462222E49A75C63E7B6405F7B784AB9B71DCAC3E72F4C47B04FD726FCE56360993A633DA707092F143C5EE7A3E527038CDDF8EFC28F3D95B5F2950F63CBDE2F058F6750CBF2BEC87BDD093D0FDF4B798FD838F1EBDECC2E62C3B223C8482CD20B6312155501A3B42DCDED282FAAC1C5370CD3C140367E15ABBE59CCE49E58BFFC285EBC6F05F66E4EC5A8493DC5CFE70D22D1C885D1A0C41E1807F1F275C4CC79FDF5780C9872E6341A092F8C199BCC5578E78DDDE8393200E31744A34AD409E516C7FE681417E4A3BF6E42A89F13A2FA78C2C3C3FEC7D1C639F6C6A61D19888AF094DADF5EDBD3CDE4A88C379495D523C0DB41632C1A9B11F0A3555899FD55E2D3CA71FDECA82E1306C18745C32659FC5AC22078BCCE637513C67F27D480B90859FC5AC220782C1EE764C2203ACFC14FFD5B7FFE8EA8A96CC09EB509DA2C6BEB680D3B59989D692B6E000730F60974C1823B4661EBCAE3B0B435C7DC1B86EBD080A585B5F0F67541765A29EC1DADE0EA61A7FE166F0D0DB4AABC1E4E2EB678F0B999B86AD17078783A68162A099142C44248884DB7BC4066BBB1DFC8C5F7C6207CB02F027A792030CA1311F23BB35D930FE461C4902084063133AECD7002F9EF2EF26CC50F27306A70A02A9D36F9C76629E663B0795789DEB0A91295159B6B65F71E4242375CFCCB9A4BBBD18D3F3A7E77F784929B4921741FD4BA3A21C6CD7C0B0ECBC7AEB90B635E5337E5E9C557E2E8DE4C6C59755C13B8B80BE310532F1D80CFDFDA21BF5B81B3BF47447BE3FE6767C237C030ACFFD60D27F0FCC3E2DAE808CCA67076B3D51696B5ABE2316E5284C6396EBF734CA785EB3E945D9462ECF64F6CDF9581C79ED90807676B0C88F6436A56B9E6668C1E1E846A295BACA8252689798BF288E8E18EF5BB3285F82C741EDB7A59EFED618BD9637BE09249E1BF685CD06E74E33F01BF7B20943299C119B69E309ED0B950E6337FE3C4913C6C13C33EBA3B13B73C3E056F3FB55E8D7AFCAC28241CCE57E5C04E710D421481E19EA8AE6EC00DF78EC3ED8F4CD164B14E048B11B3D973F7D634915880978F231C9DAC909F5785BEFDFCF0DD8A63484F2FC3F163F9D8BD371B3BC4E05DDD6DB176433212840CBE5F93A0EE0C07182E29AD87AFAF834E1ACDF94C720B6B103324007945B53A7646496523268F0CC6A1F822ED6CC48C42073B2BDC77ED604C1F15AA64D88D6EFCB7E277278DB38135B6A3932DAA2B840C22DC5122C6DD50D7826431EAC2EC0A9D2680533CC6EEC9D06DD971EEF2452330EB8A811830FCCC3347F51672A03F76787F964EB844C5502C6E4E5884078EC515A020B74A08A204A9C9C538129BAF81CED8238699F2BF5F73029C152D44CE939E5E0E5F219DDAFA66B0031D83ADB50DAD1831D81FC7924A8448DA1133D01F87138AC0FE369CCB756A4C302E9D72619D85BAD18DFF44FC5B5A4FBA024E0F59905589F88359A8969A9CB3D68F9C14090F76CDB7B280A30BBB10772DA0979D518655DFC4A9CAA0C2E1644699A2323A5B6E74DC53B96C27671B8C1063DF2BCA63842887152BE371E55503F0E55771888EF64171591D0AC5B5E25CB0354228532786EBDF7B8FE663DCC8203470DE9494523409A9DCB37030E6895BD28D6EFCB7E30F431ABF0798F895975B89679F58077B7191D84D8AF1070D6C88BAE04CF0D3A6478AEA2880BBB82A2666667070B0425E418DBA50B50DCDC82FAED5EEC36DE22771E0A0CBE74663A5B834754D2DB8E692BE78E38B23B011B7E6A367A722F0025A4BBAD18DFF54FC573BDF41A16EDA52C33142080EA843BED01616015B44E2138A316448000E1ECE852B9359841882039D35B5DD446E0F9B54C9AB1C5E902D27FB8FE422667080E668B03F0B6769EB27EE55376174E37F05FFF511BBFE03FCD1B3B70FAAAA0C23940B0B0871086BC887B9A50952928AB5F9D4CFD719078438CCCCCDD0BB1747A366A28B6104746D02975F2C2C4C90262E948D85B99084233272AA7454F3FBAF3BFF9813DDE8C67F0BFE27C2FCCFFE6D16BC4509D45437EB781E1C48954DC166F28FB922DFAD3A8EB9B3A390935581FCC22A9DCB64D8C0001D7884DD63D4ADE9304C914802D9B8271DE3449D5454D5E38DC726C3CFFBC2C62FE84637FE93F15F1DD338194585D5D8BB2B13E9E9A548882FD2690C6AEB5B60EF60ADAEC6C409E1422C0E183A2C10FEBE4E282CAEC57D0FAF41AD900CBBECB3058789951DF283718E6103FDF1C89F4769E7B46E74E37F09FF33A4D1095E6E4D75132ACAEB70F46801F6EFCF425A6639FCFC9DF1E273D3D53D216A6A9B448124205BC885638032C9ABACAA11CD6D1D183AC00F57CF8B4678B0AB6EDB8D6EFCEF00F87F9ED91B4B4AFAE0D90000000049454E44AE426082 WHERE`app_id`='11'; + -- aaf centralize update fn_app set auth_central = 'Y' , auth_namespace = 'org.onap.portal' where app_id = 1; +update fn_app set auth_central = 'Y' , auth_namespace = 'org.onap.sdc' where app_id = 4; update fn_app set auth_central = 'Y' , auth_namespace = 'org.onap.policy' where app_id = 5; update fn_app set auth_central = 'Y' , auth_namespace = 'org.onap.vid' where app_id = 6; +update fn_app set auth_central = 'Y' , auth_namespace = 'org.onap.aai' where app_id = 7; -- insert SDC users user id2-8 @@ -191,6 +194,10 @@ INSERT INTO `fn_menu_functional` (`menu_id`,`column_num`,`text`,`parent_menu_id` INSERT INTO `fn_menu_functional` (`menu_id`,`column_num`,`text`,`parent_menu_id`,`url`,`active_yn`,`image_src`) VALUES (317,1,'Message Bus Management',6,'http://portal.api.simpledemo.onap.org:8989/ECOMPDBCAPP/dbc#/dmaap','Y',NULL); INSERT INTO `fn_menu_functional` (`menu_id`,`column_num`,`text`,`parent_menu_id`,`url`,`active_yn`,`image_src`) VALUES (318,1,'Infrastructure Provisioning',3,'','Y',NULL); INSERT INTO `fn_menu_functional` (`menu_id`,`column_num`,`text`,`parent_menu_id`,`url`,`active_yn`,`image_src`) VALUES (319,1,'Infrastructure VNF Provisioning',318,'https://vid.api.simpledemo.onap.org:8443/vid/welcome.htm','Y',NULL); +INSERT INTO `fn_menu_functional` (`menu_id`,`column_num`,`text`,`parent_menu_id`,`url`,`active_yn`,`image_src`) VALUES (321,2,'5G Use Cases',8,'','Y',NULL); +INSERT INTO `fn_menu_functional` (`menu_id`,`column_num`,`text`,`parent_menu_id`,`url`,`active_yn`,`image_src`) VALUES (322,1,'PNF Plug & Play use case - VID',321,'https://vid.api.simpledemo.onap.org:30200/vid/welcome.htm','Y',NULL); +INSERT INTO `fn_menu_functional` (`menu_id`,`column_num`,`text`,`parent_menu_id`,`url`,`active_yn`,`image_src`) VALUES (323,2,'5G - OOF & PCI - Policy',321,'https://policy.api.simpledemo.onap.org:30219/onap/policy','Y',NULL); + -- -- Data for table fn_menu_functional_ancestors -- @@ -210,28 +217,31 @@ INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`d INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (14,318,318,0); INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (15,317,317,0); INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (16,56,56,0); -INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (17,301,301,0); -INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (18,304,304,0); -INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (19,24,24,0); -INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (20,139,139,0); -INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (21,142,142,0); -INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (22,145,145,0); -INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (23,115,115,0); -INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (24,307,307,0); -INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (25,310,310,0); -INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (26,313,313,0); -INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (27,1,1,0); -INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (28,2,2,0); -INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (29,3,3,0); -INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (30,5,5,0); -INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (31,6,6,0); -INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (32,7,7,0); -INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (33,8,8,0); -INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (34,130,130,0); -INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (35,181,181,0); -INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (36,184,184,0); -INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (37,148,148,0); -INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (38,319,319,0); +INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (17,321,321,0); +INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (18,301,301,0); +INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (19,304,304,0); +INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (20,24,24,0); +INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (21,139,139,0); +INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (22,142,142,0); +INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (23,145,145,0); +INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (24,115,115,0); +INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (25,307,307,0); +INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (26,310,310,0); +INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (27,313,313,0); +INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (28,1,1,0); +INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (29,2,2,0); +INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (30,3,3,0); +INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (31,5,5,0); +INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (32,6,6,0); +INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (33,7,7,0); +INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (34,8,8,0); +INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (35,130,130,0); +INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (36,181,181,0); +INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (37,184,184,0); +INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (38,148,148,0); +INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (39,319,319,0); +INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (40,322,322,0); +INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES(41,323,323,0); INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (64,11,1,1); INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (65,12,1,1); INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (66,13,1,1); @@ -246,28 +256,31 @@ INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`d INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (75,318,3,1); INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (76,317,6,1); INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (77,56,8,1); -INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (78,301,11,1); -INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (79,304,11,1); -INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (80,24,12,1); -INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (81,139,12,1); -INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (82,142,12,1); -INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (83,145,15,1); -INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (84,115,16,1); -INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (85,307,20,1); -INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (86,310,20,1); -INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (87,313,20,1); -INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (88,1,175,1); -INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (89,2,175,1); -INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (90,3,175,1); -INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (91,5,175,1); -INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (92,6,175,1); -INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (93,7,175,1); -INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (94,8,175,1); -INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (95,130,175,1); -INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (96,181,178,1); -INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (97,184,178,1); -INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (98,148,316,1); -INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (99,319,318,1); +INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (78,321,8,1); +INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (79,301,11,1); +INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (80,304,11,1); +INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (81,24,12,1); +INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (82,139,12,1); +INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (83,142,12,1); +INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (84,145,15,1); +INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (85,115,16,1); +INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (86,307,20,1); +INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (87,310,20,1); +INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (88,313,20,1); +INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (89,1,175,1); +INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (90,2,175,1); +INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (91,3,175,1); +INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (92,5,175,1); +INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (93,6,175,1); +INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (94,7,175,1); +INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (95,8,175,1); +INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (96,130,175,1); +INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (97,181,178,1); +INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (98,184,178,1); +INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (99,148,316,1); +INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (100,319,318,1); +INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (101,322,321,1); +INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (102,323,321,1); INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (127,301,1,2); INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (128,304,1,2); INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (129,24,1,2); @@ -280,20 +293,23 @@ INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`d INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (136,313,1,2); INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (137,148,1,2); INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (138,319,3,2); -INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (139,11,175,2); -INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (140,12,175,2); -INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (141,13,175,2); -INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (142,14,175,2); -INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (143,15,175,2); -INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (144,16,175,2); -INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (145,17,175,2); -INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (146,18,175,2); -INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (147,19,175,2); -INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (148,20,175,2); -INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (149,316,175,2); -INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (150,318,175,2); -INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (151,317,175,2); -INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (152,56,175,2); +INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (139,322,8,2); +INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (140,323,8,2); +INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (141,11,175,2); +INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (142,12,175,2); +INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (143,13,175,2); +INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (144,14,175,2); +INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (145,15,175,2); +INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (146,16,175,2); +INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (147,17,175,2); +INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (148,18,175,2); +INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (149,19,175,2); +INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (150,20,175,2); +INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (151,316,175,2); +INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (152,318,175,2); +INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (153,317,175,2); +INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (154,56,175,2); +INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (155,321,175,2); INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (158,301,175,3); INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (159,304,175,3); INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (160,24,175,3); @@ -306,6 +322,8 @@ INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`d INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (167,313,175,3); INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (168,148,175,3); INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (169,319,175,3); +INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (170,322,175,3); +INSERT INTO `fn_menu_functional_ancestors` (`id`,`menu_id`,`ancestor_menu_id`,`depth`) VALUES (171,323,175,3); -- new 1610.2 which one? add-on 3rd script insert IGNORE into fn_menu_functional_roles (menu_id, app_id, role_id) @@ -388,8 +406,6 @@ UPDATE `fn_app` SET `thumbnail` = 0x89504E470D0A1A0A0000000D494844520000016800 UPDATE `fn_app` SET `thumbnail` = 0x89504E470D0A1A0A0000000D49484452000001680000012C0806000000EE2C29AF0000200049444154785EED9D079855C5F987BFA54957AA882E282088051535D244EC0876A3222A2AC1462C11A3F2370A0AA8281883062504BB066C815829828A801A4540015B0451A42ABDB848F93FBF91B3DE7B97652B7BCFCCBEF33CFBECEEBDE7CC7CF37E737E3367CECC77328C040108400002B12490114BAB300A02108000040C81A61140000210882901043AA68EC12C0840000208346D00021080404C0920D031750C664100021040A0690310800004624A00818EA963300B02108000024D1B8000042010530208744C1D8359108000041068DA0004200081981240A063EA18CC820004208040D30620000108C49400021D53C7601604200001049A360001084020A60410E8983A06B32000010820D0B4010840000231258040C7D43198050108400081A60D40000210882901043AA68EC12C0840000208346D00021080404C0920D031750C664100021040A0690310800004624A00818EA963300B02108000024D1B8000042010530208744C1D8359108000041068DA0004200081981240A063EA18CC820004208040D30620000108C49400021D53C7601604200001049A360001084020A60410E8983A06B32000010820D0B4010840000231258040C7D43198050108400081A60D40000210882901043AA68EC12C0840000208346D00021080404C0920D031750C664100021040A0690310800004624A00818EA963300B02108000024D1B8000042010530208744C1D8359108000041068DA0004200081981240A063EA18CC820004208040D30620000108C49400021D53C7601604200001049A360001084020A60410E8983A06B32000010820D0B4010840000231258040C7D43198050108400081A60D40000210882901043AA68EC12C0840000208346D00021080404C0920D031750C664100021040A0690310800004624A00818EA963300B02108000024D1B8000042010530208744C1D8359108000041068DA0004200081981240A063EA18CC820004208040D30620000108C49400021D53C7601604200001049A360001084020A60410E8983A06B32000010820D0B4010840000231258040C7D43198050108400081A60D40000210882901043AA68EC12C0840000208346D00021080404C0920D031750C6641000210C8D8B871E33630400002108040FC08646CDBB6ADD408F4EAD5ABAD4C9932F1F3021641000210D801815225D04B962CB12A55AAD010200001087841A05409F40F3FFC60D5AB57F7C23118090108400081A60D40000210882901043AA68EC12C084000024902FDD4B41FECE5E94B774AA5FF59FBDBA199D5BC24C71487976EC36808945A024902FDE0846FEDB559CB770AA3EF194DAC7DD31A5E0243A0BD741B4643A0D412608AA3D4BA9E8A43000271279024D0CFBCBFC89EFF68719E531C8737F073250423E8B83747EC83000412092409F490B716D82B3397ED94D05D6736B176FB33C5413382000420B0AB0930C5B1AB09933F0420008142124812E827A7FE602F7EBC64A759DD7966133B6ADFDD0B595C7A4F638A23BDFC291D021028188124817E78E2773666C6CE97D9F53BAB89B56DC21447C1307334042000818213608AA3E0CC3803021080408910C816E8A5ABB7D9C4CFCD14DA2EA420D1671E9E615576FB9525531C25D2A628040210282602D9023DFA13B38F977F61AD1BD6B41E2FCDB46F7B9F6815CBF91F9AF38BC56607EC854017537B211B0840A004092409F46D6FBF6DB37B75B0F7E6AF70E2DCAAC16F73CD0FCD5A6D0BD6FE6255CB97B116B52AD8B94DAA5AB709CBECE993EADAFC35BF58BDCAE5EC9C3796D898CEF56CF20F1BEDB87D2AD947CBB2AC56C5B2A688D3B52A95B1B92B3659FBFA954AB07A66087489E2A6300840A018092409F4F1076EB6BAFDC759A5F2656DD59D1D938A397FEC12CBAC5A2E49A02F1CBBD44676DC3349A05BD4AE60F7B5A965D316FF6C99D5CAD9F8051B6CE2C28DF6E3CF5BAC41B57236E2F8BAC5687EDE5921D07933E2080840209E049204FAEC96664F4DFFDE2E3D223387B50BD76DB6BA95CBDAC08F57DA21B52A58AF293FD9ECAE0DAC4AF90C27D07B552967E7BFB9C4469C50D75ABFB0D06675CDB455595B6DC2771BECED1F7EB6EE0756B36BDF596EB32F6A50A22410E812C54D611080403112C821D0C598772CB242A063E1068C8000040A41205BA0376C321BF34978AF273CEFA80C2B5FF65732ACE228440BE1140840206D0458079D36F4140C01084060E70410685A48A924F0B7BFFDCD264F9E6C071E78A0DD7CF3CDB6FBEEC51FBE60CB962D76DE79E7D9BFFFFDEF9D32D6CB8C7BF6EC99744C6EE75C73CD3576EFBDF7DA1E7BECB1C33C478F1E6D679F7DB6FBEEA1871EB2F6EDDBDB61871D56641F47BC0E3AE820EBDDBB77915FBE7CE9A597DA3FFFF94FAB50A142A16D7BE38D371C87366DDA14288F49932659870E1DAC4C99F82F2346A00BE45A0E0E81409F3E7DAC65CB9676D65967D9BA75EB6CFAF4E976ECB1C7167BD50A22D02FBFFCB2FDF18F7FCCD38665CB96599D3A752C2363C7DBC9CE39E79CEC0E61EDDAB556B162452B5FBE7C9EF9EEEC80FBEFBFDF0E3FFC703BE9A4934C79CE9831C3097F51D2A2458BAC7EFDFA45C9C20A2BD037DD74930D1C38B0C85C8A647C3E4F46A0F3098AC3C22170C71D77B851D7A9A79E9A542909EAC5175FEC8443CF2B9E7BEE392B5BB6AC1BDDEA77B972E56CF3E6CDF6F0C30FDBFAF5EBEDAEBBEE7202DFAA552BEBD6AD9BFDE52F7F7102B66DDB36AB51A386F5EDDBD78DA03552DBBA75AB13CB7FFDEB5F39406A04BD2381D6B923478E74E75F79E5953662C40827E283070F769FA9CC7DF6D9C724DACF3CF38C4978E6CF9F6FFBEDB79FDD77DF7DF6EAABAF5AD3A64D4DA3DECB2EBBCCD925FBAA54A9E28E57521DDF7BEF3D67DB01071C601D3B76B47DF7DD37C946E5D5BA75EB1CA22C5E5DBA74B1CCCC4CFBEEBBEFEC85175E70769D7BEEB956A95225AB5BB7AEF5E8D1C3A64D9BE67E2BA903515D2FB9E4127BEAA9A71CD7E1C387DBCC9933DD685A9DC9A04183ECDB6FBFB5FEFDFB5BF5EAD5DDDDCD9D77DE99835BA2402B5FD5F5ABAFBE72C7457720BD7AF572EC656BDBB66DEDC71F7FB42953A6381FAB8356C7F3873FFCC1715CBD7AB5FDE94F7FB2430E39C4EEB9E71EEBDCB9B3F3B1923AA9264D9AB8BF2FBAE8225737B50171555B12C70F3EF8C0B50F7D76F4D147DBFFFEF73FBBFBEEBB5D5B58BC78B1F3654113025D50621C1F0481010306D8279F7CE244FA8A2BAE7075BAFAEAAB9DF84A2474B10E1B36CC6EBDF5D6A4FA5E78E185EE62DCB871A31364DDFA2B49602444895315A9236809EA934F3E99E3D65A02AD119DC44249827AE491473AE1FDEB5FFF6AFA5E2226018B047ADCB8714E647EF7BBDF25D9973882D6744724D0BFFFFDEFEDC5175F74236FD557222FE1934D4F3FFDB4CBE3EF7FFFBB9D76DA6939045ADF492C35724EE475DD75D7D99021435C7D366DDA6462DAAF5F3F27D012612589A3044DE2A4CE4CE22BD1534728811647899FCE4B4C3A479CA34EA45DBB76D6B061C3A46352055A9D9F3A9A7FFCE31F6E0AA359B366AE43489D2EDAD9085A763DFBECB34EA035FD251157DD24DC8F3CF288ABA33A4EE51D2509F5D0A143ED965B6EC916707580127E7D5EB972E5425F330874A1D171620804341FA90B5BA3535DCCA973BB8F3FFEB89BA3D6A8F3DA6BAF35895224D0121A898B92845DA3494D3F442955A06FB8E1062750A9F3AEB98DA0958FA663F6DA6B2FD3DCB35224D01AA15E70C1056E54DCBD7B7737F255CA4DA0BB76ED9A3D7A57672091AE55AB961B753FF0C003EEDC51A346B9BB81D41174A29F5F7FFD75577F3153F9E2122509B538260AB4BE133795A10E43234B8DF023811E3F7EBCEB104F3CF1C4A4E6A40E45A367A568547AFCF1C7EF54A0D529A8037AE79D77DCB99AC67AEDB5D74C3EDC73CF3D9DC0EAFB4481163FD5435C0F3DF450676B24D09A27DF7BEFBD5D99E2A539F3D4BAE93BDD81A8038DA6927497F2C4134FB8CEE2FCF3CF7777130F3EF8A01B7517342509F48A152B0A7A7EEC8FAF59B366B68D2CB38BBDBB4AC4405D94D11CAEFED645A751D68E2E3E19A4D153345296D0E902D6C82F51A0256E8D1B37B6A38E3AAAD8047AE5CA95EE81E082050B5C99128044818E0A927D9AB691E01654A0AFBAEA2A37E25492A81C77DC7139043A91978E8B38258EBE131D97CA517717CB972F777724D1C83A12E82FBFFCD23EFCF043BBFCF2CB937CAF291189FDCE52EA087A47021D9DAFBB113DDC9458270AB446BAA79C724AB678268EA07724D0EA841F7BECB1A48E4953195F7FFD758E29B344DB773492CF4F6367049D1F4A1C1314014D4348A0759BFAE9A79F5A8B162DECFAEBAF3789C5983163DCADAAA62B340570F0C107BB51902EE4F7DF7FDF4D03E86FDDBA270AB4FED7ADAF4445F3AABAF5BFEDB6DB925671147404AD919D845923F11B6FBCD11E7DF4D16C81D6A84DA3448D4835BAD3E850237309811E786A24F8CA2BAF644F71E43682D67CA9EE10347DA0FAA803481D41EB7B7548E2356BD62C97A718CD9933C79521E19B3A75AABBFB10AF548196C06B6AA8418306D9771C91408B95F86A84A9C194F8AA3CB1D31CB0E67755374D3FE9D8C49497406BCA481DAB58687A46D342EAC8F46C60B7DD76B34E9D3AB9ECD4396B8E5BD31AB367CF767712FA7B4702BD66CD1AD3BCB63A1BCD93FFF4D34FCE07AA836C974F7497A472C4453C357216FFA8732AC8C58440178416C7064340A2118D0C135744E4F6B90458B7F089A3C9E8B34428FA4C295AC29578CC8E8E8FCE8DCE8BFE8F1E2CA6E69398C78E6C8D3E8B6C557EAA5FEA798975D677FAFFF9E79FCF758AA320BC72E3A232A272538F49E526BB732B3362A4EF73AB5FF4799447A24FF4775467D993CA2CFA2C9551E2B2BCC4F3537D987A5C6AD905B9887208B4EA9CCB0A9E82E41BCB6399E288A55B302A8D04BEFFFE7BB70A4349A358CD67EF8A35E169ACA2D74527BFD57BCA3CFB79F3561BF4EE37B6E8F693AC42D9F82FE42E087D04BA20B438B63410D0148FE6A0B50C4C73CA5AB5408A0F812481DEEFBEB76CDEAD27DADC656B6DF9BA4DD6A151AD6C4B35EFA6B58BBA1DF8F9E79FDD7C979EAEEAC185FED71A51CD95699E48437CFDAF792B3DDD3EF3CC33DDFCD5860D1BDC13CDE8964BE72B1F2D458916E9EB182D4BC9CACA72652B1FDD4E285F7DA627A32A4FF9143421D00525C6F11080403A092409F4B275599679EF5B6EE4BCB65FF222FEFFFEF7BF6ECDA5567AE81648B743BA356AD4A8917B70102D44D7F21BED12FAF39FFFEC045A02ABA7B4126309ADD66E6A82FEDD77DF75EB0CA3759C9AFF6ADEBCB95B485EAF5E3DB714470F1E162E5CE8167A6B725E1D8496BAA84CED642AE80E29043A9D4D8DB22100818212C831073D78F2377663BB4656B64CF256D28F3EFAC8B4665473547ADAAADD387AEABDFFFEFBDBAA55ABDCAD919E324BBCAB55AB66679C7186136889A8D6251E73CC316ED1BD9ED06A6792D639EA69B046D37A1A3B77EE5CF7A45A4F40F53B9A84D712966FBEF9C68DC0C78E1DEB9E866A81BBF2296842A00B4A8CE321008174126015473AE95336042000819D1040A0691E10800004624A00818EA963300B021080409240EB619E7611E9815ED5AA55DDAA0B45A8D2CE2B45ABD2C339C50DD04A0AFDE8819EE20468894EB49632CE4813E7A065BB7E14C12BAE49DB47B5C32BBF3173B5253835A04C71D74DCF066457F4FC20357FADB4D143E01DA52FBEF8C27D9C177305A7513E7A9641824069269043A015C54B1787045A1788566868CBA9B6BE2ACA96B636EA619DF6FD2B5A93A27D69F585B66E6AC5469C53A2402B8297D67D6A758A02A2E83BD5574B04B536F484134EB037DF7CD33DEC548018EDC157D272430544D777A79F7EBAE3A3285D8A68250E7A98AACF274C98E0E232A8E3D203506D1356795A8AA82DA75A7AA80032DA22AA73B42A45DCF5E0554161B49450F10B74BEECD183586DADD5F2426DCFD59662F1D7AA16D9A6F2E4336D6955D017C517506C051DA380318A52A687B68A68A6E3B5ED542124D5E1469D5594AF1E048B83DA42547785AE94CDEAC4552F7D2F16DAD6AB108FB25D11D8548602E8285E81F251EC03D910EDCA52E7AFB6A4B815F3E6CD73211915874151DEB41D58E2AE87C962A8F08DF2C3C71F7FEC98C8663DA056601D715084340D22947F648B56FE6820A1BCB5C5560F97359810BFDC82DCC7B9CD625BE926B04381D6084617A72E420984566A684FBB02AB68B99B0446610725D4DAAFAE2577DABB1EF7942AD08A9DA00B5D9F6B59A04687AAAF56986894A7D082123D8D18A3D0870A5EA33B0A45175327A52581BA8B9050EB78E5276E123EDD7D28908D045AE22D6E1268C54A50BE1220899AA25F291E80BED77A6F2D558CB69B6A1DB946C5B251DFC907EA10140B41211915E376E9D2A556BB766D17E74002267193684ABC155652F629C9A75A65235BF5B7444CC2AAF8B75AF2A8E03CB7DF7EBBF3E9C9279FECCE579C07896A62E72B51543D141FE188238E308582D49D978454E2AD7C159F409D85CA57A84A89A692F252A728A6EA84541FD9AFF8063A473131D41189AB96574AB83540500728C1958D8A4FA1A872126889BA56F928EA9B96668AAD6C136FD55BAB8DD4F12AB2596A2C87B8B757EC8340A99D837EFBEDB75DE42E2509A20276FFF2CB2FEE7F858CD4F240ADD5960068599F8443499D9136D548B0156C45AF4D9238456BC1B5D450EBB5D5C9693427B1D4765A8D5C25D61A792B088C924675FA91B84AACD5112A088EEE46D459A82C95AB7325E8DAC0A3602E2A5F1D66B4645122A7202D0AE7A8BC14B94B235B8DD015B92B8A0D106D02529017E529115647A20E401D93469A2A53C165F4B7C4508163947F9487EEA0C44382AA0D462A471D8C6C175309B6045165EB188D86B56C32124789A7363B296F754AB249DFAB23126BD92F5E1AEDAACE9A5A93C8EA0E409D8B3A27F9450CC54A62AF3A8ABBEE7634D2572C604DA768E9A78ED19D8882EE48F44910F08940A915E8743849C2A48D373ECCD7EF4A3E1A592BD29846DAD1C87A579647DE10F0950002EDABE7B01B0210089E00021DBC8BA9200420E02B812481D6DB8D434B9A138D125BBD43F32EF58140D804184187ED5F6A070108784C0081F6D879980E0108844D2087406FD9BA2D4724BB501030C5118A27A907044A07812481EE39E633BBEC884CEB39FA539B78651BDBBDE26F3B03B53C4C6B59A34D0F05C1A3B5BE5A179CDB6BC7B55141AF454F4DDAD4A06DE4DA2451987253F343A00BE2358E850004D24D2049A05B0E996C1F5E7B8C8D9EB3D89AD6AE6A87D5AF9E6D9F3621684BB43674BCF5D65B6E1DAB767069E75C93264DDCAE3AED0C536C676D858E5E63AF0CB4A9429B34B449415B87B5414431A2B57B4DDB8CB541449B0824A0DAC1A7EDCEDAFAACA4E3B56B51C768A79A369068D384DE1E2C9BF45D7E13029D5F521C070108C481409240676DDE6AD5FBBE69D52A94B31FFB9E92649FC4308AB52031D63666C544D0AE31EDECD2E60BC53DE8D7AF9F7B8DBD624F68C79BB6DF2A69E7DAFCF9F3DD2E37ED4CD3CE33E5A11D631264C5F950BC05ED3E53D20EB448A0B56B4C82AF2DC5DA55A6D1B4768C699BF2C08103F3FD6615043A0E4D0E1B200081FC12C831073DEEABE5764AD33A39CED7565C05B2D1765C05C351901B05F151DC0AFDFEECB3CFDCD65AC54E50AC0A1DAF2DC31AED8E1933C68DB425E8C3860D7379286684A63624D08AE9A1EDD2DA82AC91B93A03C583508A5EB5A511B7B6F00E1F3EDC89BB5E95A500398A0791DF8440E79714C74100027120E0C52A0E6D9196786B34AED80C0D1A3428143B04BA50D8380902104813012F04BAB8D820D0C545927C20008192208040970465CA80000420500802087421A0710A0420008192209024D05A8D115A5200F72831C5119A77A90F04C226C0083A6CFF523B0840C0630208B4C7CEC3740840206C023904FAF365EBDC16EFFAD52B065773A638827369A12BA477362686A22D74469C586402DA613C69D2246BD5AA5591F30A2D8324813EFFB9E976EFA9CD6DC0C4AFECDE8ECDAD5EB5DD5C7DB50E596F6B563C0DBD2F4E2F19CD2D45AF338A2328043A8E5E29799BF47670BDC19C142F027AB72529994092401FF3E8549B70456B7BE4FDF9767AF37AB67FED2AD9476B37A0E26668B38876F4DD7DF7DDEEA5A3EAF524E07ABF5CE3C68DDD4E42357E8D50264E9CE8DE7EADB73A77EBD6CDBD9C349D09814E27FDF894ADB795472105E263159620D039DB4092402BD468D53E6F58A39A556C4EAF0E49474B7815284923E9050B16B8DF3D7AF4703137B4055CAB2514752E12E8112346B8A0491A711F76D8616E6BB8822AA53321D0E9A41F9FB211E8F4FA42033D4D6B282546B144A0F310687DFDE5F275D6AC4ED51C476A7A4391E4A2ADD653A74E75C18BF47AFBAD5BB7BAC8744AD3A64D73236AFD2F2197384BC4EBD4A9136B815610A7281CAA22E7A90E152A54C8C1418D28B7F94B71C8C8C870771AAA2F299E0410E8F4FA4561841F78E00177579D18461881CE8740EF0AD729EA9C46D9E94E3B1B417FF2C9272E509342A67EF4D1473674E8501B356A9475E9D2C545E8D38FEE10F4604902AC8EEACA2BAF74C7D4AE5DDBFAF4E9636BD6ACB19B6FBED956AF5EED824029ACEA8409135C1C6DDD3D2C5AB4C83A75EAE442A516477CEB74F3F4B57C043AFD9E9348EB7A4A4C08749A043AFDCDE1570B7626D01A358F1B37CECDAF2BEEB446FE125AFDADBB028535BDE79E7B5C4C6C8DB6155255E2AC39F6D1A347DBE0C1839D40EB2EE3F2CB2FB7962D5BDADCB973DD485A3FB366CD722155DBB66DEBEE3C24DAA4F41040A0D3C33DAF52116804DAAA57FFED25048938D6AD5B6755AB5635FDD6685F3DBC42A4469FAF5FBFDE854ED58FA63F3495A1E334E2D6D446E5CA95DDE74AFA4CC72969AE4DC7EA1889B7460D3A0E81CEEB72DD75DF23D0BB8E6D517246A011E85C05BA280D8B73FD228040C7D35F08741E02FDF9E79FC7D37345B0AA79F3E6D967B38AA30820033A15818EA733116846D08CA0E3796D96A8557A5D5AD7AE5D4BB44C0ACB9B00028D4023D0795F27A5E288993367DAA1871E5A2AEA1AF74AEA398D5651E93576A464023962716CDDB6CDCA646404C989298E20DD4AA520102C812481DEB465AB55EBF3A6952B9361EBFB774AAAF4800103AC7EFDFAD6BD7BF7A4CFB5A350EB86F5C66FAD6448779AB772832D5F97654767D6B08E8F7F6063BBFF168005814EB777281F021028088124815E9BB5D9F61F34C9BAB5CCB4FB3BFDF6704D19EA4DDB999999F6D34F3F3941AE56AD9A7BBBB7DEE67DDE79E7B92D9B5AEF3B64C8103BEDB4D35C5C8E74A5E3864FB30FBF5F651B523A19043A5D1EA15C0840A030049204FADC673EB6D7BE58EAF259D0FBC4EC687691406B67DC871F7E68471F7DB4CD9933C7962C59628D1A35729B37B4A9A366CD9A367EFC78B79EF898638E298C3DBBF41C047A97E225730840A098092409F4D2B559D6E6D129B677F54AF6CE556DAC4CC254B476DA69A345F43BDA8CA10D17FAD1E60B4DF62B66876258A46EE32C66BB0B951D025D286C9C040108A489006F544913788A85000420901701043A2F427C0F010840204D0410E83481A75808400002791140A0F322C4F710800004D2442049A0B5842EB454AB56ADEC2AF1903034EF521F08844D801174D8FEA576108080C70410688F9D87E9108040D80410E8B0FD4BED2000018F092409F4DC656BADDDA3536DFDA62D967577E7A46AE98D20F3E6CDCB7EF16BF4A691E820C5924E8CBD9C2E265FFDB8DE662E5A6D671D54CF0E1BF2AECDED751C73D0E972468CCBCDEDC5BF313679A7A6E9FA9C346992DBE54B0A87409240EFF697D76DD59D1DEDFFC67E6EB316AFB1B7AF6C935DD3912347BAD7405D70C1056E3BB7760F2E5CB8D06DF1AE57AF9E6B18DA45F8EDB7DFDAF1C71FEF5E1795AE74F5E84F6DE4CC1F6CF55DA72699C043C27479245EE5BEFCF2CB76D96597C5CBA862B266D5AA55BC4EAD9858C6219B24819EB374AD1DF9F07BA690A3A923E80F3EF8C045B3D3BBF6147B63ECD8B1AE2128AEEED9679FEDEA2281D68B5157AC58E1E272C42D21D071F3487AEC09F98D2A08747ADAD4AE2A9539E85D45967C634B200481D69258DDD12A068EEE60A38440C7B6D915CA30047A3BB665CB9659DDBA757340D4DC5EF486EEC42F57AE5CE90247EDE89CC48B456F11E72DDE856A9BBBECA44481966F468D1A65CD9A35B3962D5BBA32A74D9B666DDAFC36BD976A885ECD3479F2646BDDBAF50EEF14259CB9050BD3F4E082050BAC478F1EEE6DEF854D0A4C3678F060EBD2A58B356CD810812E2CC8989F87406F77905EB973F8E187DB4D37DD6477DC71875D77DD75F6ECB3CF9A2EE68B2FBED8CD59F6EEDDDB1E7CF0417BFAE9A79DE8CE9A35CB5E7AE92517BD4FF3F11D3B76B42953A658BB76EDEC9C73CEB15EBD7A59DFBE7DDD05F9C4134FD825975C62F7DD779F2B51F9DE7AEBAD2EEFB66DDBC6BC9984655EEA085A7E79ECB1C7AC7FFFFEB6DF7EFBB90EB943870E56A3460D173AF79B6FBE7142AC51AB845CBE97303EFFFCF3EE554DEFBCF38EA983EFD3A78F55AC58D1962E5DEA62A32F5FBEDCBD624D0FD4D5564E3EF9640772F6ECD9A629C3134E38C11DDBA2450B77AC3A7DC55DBFF1C61BF3055C22AD69C6C4C4083A5FE8BC390881DEEE2A8D86C78D1BE72ECADAB56BBBF9F69E3D7BDAD0A143DDC525D11D346890B56FDFDE5AB5FAF52D2DFA5C6F94C9CACA7217982E565D987AD79D1E940E1C38D0162D5AE4E6E875BE8ED7C5AFEFDF7BEF3DF7D203AD7C89C39B68BC69B1C56068EA085A235EBD68425305F2D58B2FBEE844531DB646B9EBD7AF77A176F500BC69D3A6B661C306F7105C3E9460EB6F75C037DC70838D1831C2BA75EB961D9637BA03D36F897724D0071F7CB0EBA40F39E410F7807DC68C19EED98EF292A8173621D0852517CFF310E8ED7E89960DEA628C045331AFA38B4A17A5DE2023418E56A8E8C2D6C3D2CE9D3BDB6BAFBD66A79F7E7A763C6C65AB63A3F3D5014471B3A3DB5F95A9D1B77E482547202E73D01A317FF9E597D91D7E711040A08B83627CF240A0E3E30B2C2921027111E85D515D047A57504D5F9E0874FAD853729A0820D069024FB10526804017181927F84EE0D5575FB5AE5DBBFA5E8D1DDACF083A2CB72609F49AACCDF6F58FEB6DF3D66D7674E61E61D5D4CCD8A8129C4B0B5D216DB0D283C050921E424E9F3E9DADDEA138747B3D92047ACCDC2576EC7EB5ACDE80F1493B09B5AC68F1E2C5A6DE590F35F424FBEBAFBF764FB9B506533B07F5E4398E2F8A4DF417021D58EBA53A10089C40BE045A0C860F1FEE56253468D0C01A376EEC461FC3860DB3ABAFBE3A5BA0759C845B4BCEB4A44CAB21B49E54C22D01D78A06C54190A05F7FFDF5258E16812E71E4140801081481409240BFFAF952B7CCDFC7480000071A4944415408FFBCE7A6E788C53171E24427CE5A642F81D6FACD175E78C1054F8A46D0D10E2A6DF0D0C27EDD76299D71C6192E129ED608FFE73FFF71427FD5555715C1ECC29D8A40178E1B67410002E92190E321E1A62DBF8A6A85B2658A649176D669E386C4392E09818E8B27B0030210C80F015671E48712C740000210480301043A0DD02912021080407E0820D0F9A1C43110800004D24000814E03748A84000420901F0208747E28710C04200081341040A0D3009D2221000108E48700029D1F4A1C03010840200D0410E83440A74808400002F92180406FA7B4CFBD136DE32F5BF2C3AC588E295726C396DE7E52B1E44526108040980410E8ED7EADD56F7C897BF8F5CB8EB2560D6A9478B914080108F8410081CEA740972F9B61B7B46F6CF74F9E67BF6CDF0E5F5417BFD2ED486BBB6FCDA266C3F9108040A00410E87C0A7493DA556C5DD6665BB236CB9DD1B375436BD3A0862D58B5D1AAED56CE9AD4AA62F5AAEE66173D3FC3BA1F9969FBD6A8EC824EED2C21D0815E55540B02C5440081CEA74047BC1BD6A8640B566EB4DE1D1ADB8C456BAC53B3BA56AB72799BB36CAD8D9AB9D8F6D9A3A2CD5AB4C6F4F283BC12029D1721BE8740E9268040E753A035C571418BFA3672D622EBD2A2BE7DBA648DD5AE52C1366CDA6295CA97B5951B7FB1792B3658950A656DF9BA4DD6B1591D7BFD8B658CA04BF7F545ED2150240208743E05BA489473399911F4AEA04A9E10088700029D4681FEA0675BDBBF7695705A13358100048A950002BD1DE7D8AF96DBA52FCC742FCC2D8934E0E466764DAB86255114654000029E1240A03D751C66430002E11340A0C3F731358400043C2580407BEA38CC860004C227804087EF636A080108784A0081F6D471980D0108844F00810EDFC7D4100210F0940002EDA9E3301B0210089F00021DBE8FA9210420E0290104DA53C761360420103E01043A7C1F53430840C0530208B4A78EC36C0840207C020874F83EA686108080A70410684F1D87D9108040F80410E8F07D4C0D2100014F0920D09E3A0EB3210081F00920D0E1FB981A4200029E1240A03D751C66430002E11340A0C3F731358400043C2580407BEA38CC860004C227804087EF636A080108784A0081F6D471980D0108844F00810EDFC7D4100210F0940002EDA9E3301B0210089F00021DBE8FA9210420E0290104DA53C761360420103E01043A7C1F53430840C0530208B4A78EC36C0840207C020874F83EA686108080A70410684F1D87D9108040F80410E8F07D4C0D2100014F0920D09E3A0EB3210081F00920D0E1FB981A4200029E1240A03D751C66430002E11340A0C3F731358400043C2580407BEA38CC860004C227804087EF636A080108784A0081F6D471980D0108844F00810EDFC7D4100210F0940002EDA9E3301B0210089F00021DBE8FA9210420E0290104DA53C761360420103E01043A7C1F53430840C05302199EDA8DD9108000048227804007EF622A080108F84A0081F6D573D80D0108044F00810EDEC554100210F0950002EDABE7B01B0210089E00021DBC8BA9200420E02B0104DA57CF61370420103C01043A781753410840C0570208B4AF9EC36E08402078020874F02EA682108080AF0410685F3D87DD108040F00410E8E05D4C052100015F0920D0BE7A0EBB210081E00920D0C1BB980A420002BE1240A07DF51C76430002C11340A0837731158400047C258040FBEA39EC8600048227804007EF622A080108F84A0081F6D573D80D0108044F00810EDEC554100210F0950002EDABE7B01B0210089E00021DBC8BA9200420E02B0104DA57CF61370420103C01043A781753410840C0570208B4AF9EC36E08402078020874F02EA682108080AF0410685F3D87DD108040F00410E8E05D4C052100015F0920D0BE7A0EBB210081E00920D0C1BB980A420002BE1240A07DF51C76430002C11340A0837731158400047C258040FBEA39EC8600048227804007EF622A080108F84A0081F6D573D80D0108044F00810EDEC554100210F0950002EDABE7B01B0210089E00021DBC8BA9200420E02B0104DA57CF61370420103C01043A781753410840C0570208B4AF9EC36E08402078020874F02EA682108080AF0410685F3D87DD108040F00410E8E05D4C052100015F0920D0BE7A0EBB210081E00920D0C1BB980A420002BE1240A07DF51C76430002C11340A0837731158400047C258040FBEA39EC8600048227804007EF622A080108F84A0081F6D573D80D0108044F00810EDEC554100210F0950002EDABE7B01B0210089E00021DBC8BA9200420E02B0104DA57CF61370420103C01043A781753410840C0570208B4AF9EC36E08402078020874F02EA682108080AF0410685F3D87DD108040F00410E8E05D4C052100015F0920D0BE7A0EBB210081E00920D0C1BB980A420002BE1240A07DF51C76430002C11340A0837731158400047C258040FBEA39EC8600048227804007EF622A080108F84A0081F6D573D80D0108044F00810EDEC554100210F0950002EDABE7B01B0210089EC0FF036DA3CE30CB0602C40000000049454E44AE426082 WHERE `app_id` = '6'; UPDATE `fn_app` SET `thumbnail` = 0x89504E470D0A1A0A0000000D49484452000001680000012C0806000000EE2C29AF0000200049444154785EECBD07985C57952DBC6EA8D039A8BBA556CE39675996836C30C1806D8CC3100C0C434E33FC93FE6F12330FFE37BC37A4218C8D033080C1D8B2B171002CE728DBB2AC9C73ABA33AA7AA9BFE6FED734FD555BB2575CB92BB35AA82B6BAAB6EDD7BEEB9E7ACB3CFDA6BEF6D60885EB13BB6073E4C78A601D83E0CCF80E9039E11C0924F4C38A605C08411F80810C0E04F60008105183E8C20800F1B811CE7C30ABAE103088C5878570E10F8308C52048103580E3F95FFCB8FC1D358300C1B3E7A6106162C1FF00D0F401C7E1043607A809196F3C5DD243C38F0631E0CDF542D32B21D18F7D2181D0FD0DCE3A0335688C0F0D91898B0E049CB72AF5C0FE47AE0BCEC814F4E8BCCF4B7EF0E86E4A2BC3DEB8E1D816F98080C8B180CD333041C5D9320EC0B180B780BC01134F93E60868818185E088E1602D84040E07541ACF67D82B70D83C7C04760E409221B410AA6C177D4790358847F04BE8FC0F678115881058FE00F0B084C48A39046E073E1C8938522301CB05582F37D007AC594B17863CF0174984918310B81C7EB5AF009D6B957AE07723D707EF6C00507D077ED0994B54B20B4607A81401E41CF277ED29C860F33A02D6DC0353CB19E2DDF80011FAEE9211073D704021BB012804760766897C33613083C176EE0C2B763E0B74CCF4310A441FBDA342C3866026EE0C13003048101C3A4B51E082E7391E0F9D4EF2E2C0B705C1B26AD737E66A8B6F605E825134661EBBE43E88C17CA31B2BCF8862C30B957AE07723D709EF6C08506D0B8636F209C062D509F904900239DC0F76833F3C785E959423D109079A8007400B8B68BC052562F7C521C363F15F0B682344A3C179E6DA1DB00D201298B18EC208698E7A0DC74916701C71C07BDB6095AF2088A60F2DA6E1B4ACC143C33819E20015FAC765740BF302F0F1DDD2E3C338EA02F400740C24B63F954654177DAF9F0030F961583EF04C2CAE45EB91EC8F5C079DA03171A401B77EE0DC44A3600D315A2412C66E16D058A099C81B2A005A05DB1A04DDF16ABD5176ED8156A83C7D0A8B52C1BBEE7213FDD897F7CD72CECAC69C1833B8EA1CD8EC3430249C7C3F25185583C65040A8A93D8B87B1F5ED8D78AF678114CBF105ED08B3CEF383E75D12404AE8D751B0EA0D1CC9376CC1D5F85E5E392B8FF89ED684B94C3336815472CE810A0974D1983CD7B0EA03B5E048F0B0E2DF31CC5719ECECA5CB3733D10F6C08506D0E65D7B03D9F6FB2E92A91412AE0BC37709D1300D039E69A33399079871F537795F3AF482187C43CC6E18A055EDC3F0153D625806E0A430A3D0C66D37CEC6EE3A17DF796403F69AC5E8461CC54E37FECF876662FD935B51D3DA814F5FB702FFF2DB6D386C16C30C12308C1E94FA4DF8F92DABD1D191C6771FD880D7508E1E04B87CD6447C6806F0EFBF7C0DC70A47C1A3639100CDE7C7E644007ACB9E83CA82A62F53AD26390E3A37D3733D703EF7C08506D0C69DFB02C3F061B91DB87EE1447C607A12493FA43C60A0C907BEF8EB6D48E5952A879E410B9A0EC198B01F34B44DF2C5A44108944100C3F451D8D3822F5D371F9D0D298CF4DAB1E18D8378AAA7046DF142E4F5B6E03F6E988D679FDF85E30EF0CE55D3F09FBFDF8966BB04DDBE8DB8D786F72D9D808B475968D95F83DADE387EBEAF13A9781CABA78CC34D734DFCEB2FDF406D4925FC8056FF89009D24C531798CA2386205F0CC502A22FC46CE49783ECFCF5CDB2FF01EB820011A2E926E07D6541978D7F42A24D38E58A49669615F0B70EBF63AB4E79522F0E96A235D403504019AD486098B5237D3814FE7A049D43630D36CC7D7AF998D6FDEF53CD6CCAAC6D4C9A3F1CF8FED423A9EC09462139F5A568D31234660774D1DEEDB741C134795A0B327C0B3C73A5062B4E11BD72FC06F1FDA85D18934DEB17629BE74CFAB688F2570F1ACA9F8B39906BEFEAB4DA82926C511CFF21B94EB690E3A07D017F84CCEDDFEFFC81EB8D0009A4E42133E4A8C1EACAE32B176E22824BB7B94751C98A8F312F8DE6B7BD156504ED20326A570E49A058809D0593DB472345222E7E183D3F270CBF2B1787C73272A8A63583831894FDFF512F2E301FEF2BD73F1E853DB5196CCC33B574DC2FF7E602B6EBC74165E7861135E748BB1A03A1F7FF38E69F8E3B66E94DA1E2E9E5E847FFAFD4E6C6F6AC392393370F3AC18FEBF5FBD82C3A5A3E0D2B1498947487110A069412FCB01F4FFC8F999BBA90BBC072E348026C54180B67BDBB1B02885198900452E19683A0A2DB4D97978E4B88FD6781160DB80A7647614AE09BF21AF501A2194878702A7079FBB680CBCC656EC74E2703D0FEF5E361ABBF7772375EC20AEBC7401BEF6D327E0C48A307F7415FEDFF74EC08EDA1EDCF6E8661C0EE2F8C8CA3128F55CBCDE6AA327D58B8B168C4071CCC0F7EF790533172CC64DB34DFCEB2F5E464DE928F8A0059D03E80B7CDAE66EFF42E9810B0EA07FB22730292EF6525834A104B3CA02C425C084BA3603DD00EEDBD482B49D0CB5C62AFC4F685D58E24C14AC0EE2C243C7D18D2956376E79E732DCF3E04B38E459481BC09C71D5F8E2CA52DCF7C0ABF8C88756E1972F1EC09EC3CD9834B202372C9F80E3AD1D787CCB51EC69E9C547AE5E82471F79053BD27948DB0646C55D7CF3BA79F8D6BDAFA37CEA1C5C37DBC437EE7E1D35855514F385DEC1302231624153C5D191E3A02F94A99BBBCF0BA1072E34808EDDBE27F04C133E290BAF17063D7D0C27F13D188CF6A36ECE64F0099D7F2A1E4549EA18319854E1D8B4A4FDB83807E35E2B568DB23179CC48FC7E43233A8D387A6D2096EEC0D7AF5F80C79FD88DCE542FAEBF72018A933D38DA968747D6BF84CAA23CBCFBB269F8D5639BB17CD542FCEEF1FDA8B31370AD00899E66FCD5958BB0E9600D9A8D625C3E2B0FB73DB015C7F347844A122E126AE1202D93F05CAC985CAD22094F00E8210BD8BC10A64EEE1E733D70CA1EC838F3DF4A3F5D68006DDFB93BA096382030D3720E3B2FC848E818C742EE42E91FC8430B102A37621873187E28A1D92E980B8324B66B508A6781E7A2742FCFEB45400588C148C4B45CCF372D04760CA6EF21F01C04B6054334D631A419BC627A30036AAA1DC633226D9960C60ECAEBA8A90E2CB6818B890B33F0256F47CC0BB0724A15B6ECDE8F365AFE565CC2C8E9C00CE30E33923CCD5D2B9D5E56AAF7B6FC2E1709E999B7326873DFCDF5C030E881306A22D3121D49A1A61583D0B29B5D9D868754EAA0E6DAC7A70F899535241765C7C4EED81DB80468432549A29E99FF95FC1BFC8D099328A313ADB10693FEC2A5255387EA6C5AD71AEF088AF2A7B26E331992784265ACCB7F1470F2453D3503C2B968D007A93E31E53D15B0A871548E91187057A21DD9F62088C3F2022C9F320ADBF6EC41A74D999D5296A85BCB2C412138EAA112695BB808A9B69EC3F7A3F1E9C36082E59A90EB81B7DC0382137A471BCE1D0689454E1C450FF5FEC0E760F0C90B0CA0AD9FEC09486FD026D6C9914817303B9DB29409D04C76C46394F0596F5574E72A1863C225E6D208D986307824F30004A54F0468D229D44DCB47C46B02A92070F8C0981F247CD14A968304D4A87D563942C43A97DFD946BE6CD85E80A533C663C7AE3DE8B26C3812B26E48DE0F394D36895EEEF7AC5113357072BF67C65D6843E4C64C76777D8A3123D3F364E6667497AA0DB830E422625C9F72EC059F9A3A24C6EC905C947D14BF9DE9466D655932C844108C16B30268041E83BD43EB59BFA71D837AB50C019ADF531F85917D2A039E4A51AAED5EF594C4FA0DFF27A02B80CE4522C858C9729CB678FB18ED593E2B4C7F4ADAC38C096D62071EE22EF9730F6ECC80CB044EC2ABD3F9990D6A1916BF2B376B9FDE191E0C4C9433CCFD9E7B46031A0394E09E04CD749EB2BED6B48E021EC87C743E357348B072482ECA21F79947360741600B0093C755004DDB9499E708148C1CE47B613AD113D6515ACBA1C9ACE90BD2256F829B28ED116E77C23BEEBBA82A4E4A511C4C0DAAC19DD18BEAA532D86552D88905CDBF0DB826179010A07D0B0101DAF4E1584C830AD8F2B5E1144918AE6619888EEC0373BFE67AE07CEC012D79157A347B030AB4B5A1161AD9326D355E0CEC666F7DEFDC21C1CA21B928BBE468437DC034A1CCC96C48427CE50A0C100F1D810467460F12FC420B3AD397CA7A95ED89847B872C44F421F101841CB402DE88234EACE390E2D0DF059D824C37CABC195E98EE34900C784C454AA7A1247292AD912116B6D26573E556ADE1596D9FE70D44A2CD2C7A261354BB014C72EBC326E5A81EC1391B3AB76738FFC7809A7959287B33EFAC8C394E3FF9119FD2E09CE463AB2A87042B87E4A2C4C48686BAC0800DCFF560C74DF801415A25161238A5152BD55068851204C9F512E8C284FC3C4A142012DA0293923D2AEF0498D5DF1E734CD3E127CB6810FAE9A29FFBB06D0B8EE3C0B419ADC816510512A8A4FD868118131D312FB4654ACA53A63B65EA3CD30AD4F98D9858C75C4E4CCB86492589D0DEB4FC5D499D1A786A30B04D02DE62D8AB36EABF4FB68E6BAA458A1084F7D6F75C9A92899E5BBFA7AFA5CF23394B42FA46F52F171BB6435BF87A4868764E1DEF33EFAADC83B0392133C5CFB80352560AFB599D5FAF8619062B7C966AD154F711EE58C2C55203A5FA2CF4ADF242B218EABF436B48BEA317591FA66987FDA8DA1C6D83FE9D0BA5EF7B52CC41164DF514C2E3553F64CFA9EE2B7A8CFE5DB74DF56BC4F71B5E57F529FB246B04E8FB55FD1CED9FF31F1C55BF0C8884D004E439385E194C7CB6966872A99CA28748D178BA9795474815E890CA1EE177D41C50E3E664AFAAAAAA21C1CA21B9A802E84631482DCB82EB39A1EA4B292ED828710F1274D9971CD85234CA874DA0745D58026EA1A0261C1FC2251B047B72BE66F87D5FAEC187177DE907C2F76DDB0EF33EAB24FDCC96E79B74EE5196C7B25510758964D163651583B23A5AC774519AF0180169B3AC156BBB28BED90F3D906AA2EA89A9BA3B7A6D9EA3BF575F00EF0FDC4F046D0D646AA04601592D568A42E2FBBA5FE5186EF7C2C542FA2DDC1D084FAFC13C8223AC2C230BA506B030519538D043054E94DCE6F1A6C574B0A1FF20036491F7C3052BFA7DDDA610FAD5E409C1BDEF738CDE6FE6B3C8C8566D668E9750EE18AE3DD1C54A0177E439F5E1C0F4E4CD4CE4485BE4ECE1DF99059563532F466187B0CFA2D739291AE43E18540F48C2487892C387F357CF778E2731EBC4C7CFB91C3EA78867508F01CE8F53194C55179A055D57DB18D8E2C9736158317802684AB32103DB8E21CD20955072C7D54E56455AB3BE0268095C09C1978068D931B1F494354D8DB29A70323168E7FA1E62B1385CC79187C889AB141DB4D643558658C7363CC9FD41300E0364EC185CCE3926E1A7A8841699CB14A8016C2B297486944A0C5C59A12DEAB025FB5EE8AC147F647691E0ED3A4E5ADA9351E0458625277A2AE5A0BBBB53FED51699B678792FDA2A947543163B02B19BB11015C829CB512896701B28D63017C2D06AD0D6875A2CF46EC310508F8296E7F988C763B240F2A5813F0BFA6AC1E4B5FA82A6BE86B23C9555DE7711918537B298CA330AD5363CA70649DD2E35548213BE93DD3D850BA858CB6AB1E9BBC3E0F9F9D2A0291658E4FA5100EFBB28E8FBD08B9EFE9B6D8BC5380E15E0F3EFA88576B2730E0A9172079FD003B296DA406B4B3352DDDD2AC56F38E7619B70B9401BD9621F314B8D4FDF77C5382B2D2DC5B871E332464C7FDD7BC159D08D4DC703234823F0D212364DF506C19225AB3888E92CF4600B18FA6E0ABEAF26683C1693BA827C59EC685ABC0104E8BA7B52B0E3545410344DA452291414E4A3BBA757A80C9E3F9D72E4779ECB66B51306AA10944DD21A161C97F23E17F9090544298545D28E98D0C906528E02A2980124F84110834340E7B8487AF0520EE0D0824FC0E5CA1E33614921DAC82B00BA7B7A909797CC58B6D18F1558D8282E2E423CC66394E5AA64276A9B2C4669C60912EE1CD4D9B29CBB06655AFCB26884AED43E4E92701D525BC590EEE00E820B1FFF55DF535C3BFF16608B7CA61743B5D81134E937085B1D5E53CE935926420A20D3DA2CF5230C5164F1E079B860D242CA5AF9EA3EB58E5D6FB2A34CA48C2379B66A57A65E590A47EE295411292A253C5F8606D2540C0F0B7541E177C2BD5064039DDD4AABBE0C9F56781FB268CB82F0E696E6F0F6ADF70077D8FBF7EC456F57376C93735DE56B7768B0C46292972766C54451253B2A06A2596A47D3D4D484B973E62863EA2434C7C8CA5143C2360CC945F9381A1A8E072652ACDD8D96B66EBCFCCA265C71E51580DF83279F7C0A8B96AEC2BA071FC33BAEBC0C7F7CF4618C193D56B8E2B56B2FC7EF1F7C08EF79CF5528292941437D1DC68E9F80DFFEF65E2C5AB404E3274C806D5978E8A1DFC98ABA68D142CC9E3D179E949FB270C7ED77E283D75F879FDCFA137CF92B5F41617E3EEEBAEB4E5C73CDFBB06DEF11ECDE77185E570B16CD9B8E9EDE5E6CDA711485C545282B8CE38A4B57E057F7DC8F92CAB1E29C9C376B0AE6CE98863BEEFA3592B1189A5A1AB0F8921588053E1A0FD7E1D9173661E9CA155879D11294971487A0A90096A0D1D5D585BC3C16B415EEE14419A7800B50565E86782CAE060E9F56264C2A941646385C050A04500231690E8E38E59C543B095AF43AA827B4ECC39D48067043D0D3F487DAC22819627F0C9D962D4639BC13E899108F32D63AF7116C5BE4BAEABE14588A851969C389ECE6891249C5D084C79F009C272E1EAAFD2136862B9B8E57D256B87A04E174088FD17A790DEC72ADCC795431062E52C46EE5300EF97A2F14D9469F69664555EDE8F3B4DF3A425DE0672095B167D76EA47A7A90306D668808A94A139E01D8B1189C545A7C4C2AE59A32CCB8DBA9AFABC7FC05F305C44F068855552387042B87E4A21C4BF504E8202D72BACECE1EDC7AFB4FF1852F7C113DDDEDF8E5CF7F8A4FFCC567F1D9AFFE3DBEF4854F61FBA64DB8E5968FA1B7B717C5C5C5B8EDBF6EC5ACD933644BF29DEF7C170F3EF4206EBCF146DC76DBED48C61372CC876EB80E9FFFFCE7F0D24B1BF0F77FFFF7686B6F432291C4473FFA51FCAF7FFB377CE31BFF4BD21DFDEC673FC7273FF971FCDDDFFD2DEE7FF419BCEFDA0FA0C00AE0F7B6E181DFFD0ED5539660CD252BF1A95B3E8A1FFEC7D7B1EEE1F5F8D047FF0231C34251D2C30FBFF71D54544DC2B5D7BC176DEDC7F1D2E6ADB86AED25B05C1F1FB8EEE3B8F7FE5F4BAE10521EC2AF1B4CCCA7ACA9CEAE4EE4E7E56B7C3EC1132DD66710A0ACAC14764CC9F5387A3A3A3A919F9F8FCECE4E141515A2A7A71789784214267B76EFC6C44993D0DB93427979195A5A5A51565A2ADF7B62FD13B8F4B24BD1D3D38DFCFC027475F7A0AEEE18E2311B63C68C81EBD2C36A21DD9B4651713EDADA5A515A568AEEEE5E241209A19476EFDC81AA5155300C0BAFBFFE0656AC5C81BC645C38F6C3478EE0A9279FC6B8F1E370E9259728478CF84A2D74B4B763FFFEFD98BF6001DA5A5B656165FB3B3A3A6417316DDA34384EAFEC82FEF8C73F62ECB809983163067ABB7B108B5978FA99A731A27C04E6CC9D2FF7C26D69575727F2924901BAC71F7F1C6BAFB842EE2D954A63DBB66D72AFB4947A7B7A905F5080CE8E0E24F3F26457C5EFF5A65378E38D37B062D972A41D07896402DD9D5D28282C14ABF8D9679FC6D2C54B104F26A4C27BDA75B071E346CC9C395316D5981D83E7BAF258928904DA3B3B505458848E8E769494940AE7F4FC0B2F60F9CA1572EFCDCDCD58B972A5A2D5F8284FE27BB8C071F6F4B79F49FDA0EC15EDC1E1FE74F7EE3D6241C7E8A0374D89F1756C1A4E2DD87FF010C64F988251E52588B929E52B0AE7584B730BE6CD9B2B7320B348F76949E5C88A21C1CA21B9A800747D6D4085867472E0E0073FFE216EBCE923D8BA631F5AEA0FE103EFBD0A1FFDCB7FC4973FF3E7D8F0F493B8E683D7CB13193F763C366F7C03DB77EDC04BAFBC8C19D36760F1B225F8F6F7BE83471E78101DCD2DE84DA7F1C52F7F113DA914FEF33F7F805FFCE297F8CBBFFA2BE1993FF1F18FE39FFFE91F71FFBA7B5151568291D5A3F0FB071FC4BFFEF3D7F18B750FA12B0D5C71D1522C5D380D77DC711BCAC7CDC38A95CBF0E5CFFD396EFFCFEFE2CE9FFF0657BEEF7A246D0B13C68FC0873F7C23EEBDE731781E69985E58B142785E370A0BF2F1AEAB6EC4430FAD43DAE9128F7F945E601F747777CB64EF6F5088E45A00BA4C0089AFFBEFBF5F76115CA82A2A2AB075EB56F93E0166EEFCD9387AF4286AEBEAB16AC56AECD9B317A346560B20BDFFFDEFC1ED3FB91D9ED3231CF29871E371ACA10D89A4896993C760E32BAF61ECF8A978F0A13FE1C337FF19366FD980850B66A2A6AE160112686BEFC5A73EF111BCF0DC134249D5D4352330E258B56A15B80BDAB97337BA531EF61EAC4141320E27D581B815C7F4E9D3316FFE7CB1989F7DF6591C3B760CF3E7CFC7E6CD9B6551A81E3D5ADA77F1EA55D8B7730736BCF232521E29A17CF89E09279D42220EE425E2282C2CC5A1A37502DEFB0EEDC3DCD933F1EA8697F1FEABDF87DFAD5B878B2FBE1875F5F5282C2D41322F894B2FBD14F7DD732F46565662D7CE9D9831672E9E7EE619AC5DBB5680998B426343038E373763F1E2C502BEF3E7CD934569D1C205F8E177FF032525C5385A5B8BD56B2E456373336AEBEBB174C972ECDBBB17B66162D3C6D7B07CC9521CAB3D8645CB5760D78E9D183F6E1C1A1B1B71D38D37E06777FD0CD5532660DFDE7D98396D3ADEF5AEAB32522F4196219B7DA7C7C1E17384DEF1291F4A8FEF637F5D235CD29D4680A963AA4584CB8DE19E3D7BD0DDD589189DFE1C99664CEA91BEBA710BAA274CC52B7B0E62ED82C9981C4FC3A0892D34A925CF8BE3523BD2FBBBF70B8E836E68AA0B028F8E3A03899887471F7B04A61DC7FAA737E06B9FFB042ACB0AF0675FFD477CF50B9FC11FEF5F874BAF5C8B82C212CC9D33171D4D0DF8E92FEE466D731BFEEA4B9FC2F77EF45F9830753ABEF2E7B74836BC4F7EF22FF0C5AF7E055BB76FC7FE03075131A20A9FFBFCE7C57170CB473F8A7FFAA77FC02FFEFBE7F8BBBFFE1ABEF7DD6F63E78E1DF8CEFFFD36F2478CC23616927DF24F282BB691EAEDC6FEFA1E4C9D360533268DC1CCA953F01FDFF901565D76050AE2092C5F3E0FB7DCF211FCE4D6BB5158948069B9686AE84249693E0A8BF270D53B3E88871F7E10DD3D6D198765742B7D2A8026A213D4694193CF25886FD9B205CF3FFF3C5CD7C1F8F1E3D1D6D686499326A1BDA3031B37BE8A2BDF71255E78F165AC5AB95AAC095A7274722E5EBC100F3DF8200A0A929836653265D9D8B4750F8A8B92183FB6022F3CFB1C4ACAAAD1D4D48DCF7CF616DC79C7ED58BD7A311CD7C581C30D48E69560CD45CBB073DB6BF0BD340223819E548059B3660B2575E4E8511856125B77EEC7BC3933B1E5F557B060DE7CB11A972F5F2E2CCBA64D9BB07DFB762C5DBA542C674EA677BEEB2A34343460D2C40928CE4B62DDBA7B317AFC38CC9EB314CF3DFF02E6CC9E8DEECE66343735A0B878041A9ADA5058568EBAC65A4C9F32095B36BD8E0FDF7433EEFFEDBD282D2F434D6D2D0A8A0A3172743566CF9E838663B5D8B97DBBB463DEC2453870F020AEBDF65AB1B8B90BE1E240FE916D7CE699673067CE1CB1EE274F9A80DFDEFDDF58BA7409B6EDDC85254B97E3A5575E41D98811282FAFC0CEED3BD0DED28A919515983861826CAD17AF5C29F754565C22BE8BE5CB96E1B1471EC588F1A365B7505D5185CBD65EAE92D41273CCFE29A3E1038C43DD124D6EA9B40F622B0726BA8200871B9BD1D1DB8BAAD222549716232EEC9F8FDDBBF6A28B16347D4CCC926327D0E0D9786DDF514C5AB612EB37EFC59A91492C8977C92E89AC1A8D1F8EC11C40F779DE750D750135C4B661C1F37AE0B8295C7BDD0D98BB6019BEFFEFFF86EECE16DCFCF9BFC657BEF859EC7CFD357CECE31F4347AF87BC781E62E9767CEE2FFF166BAFBE0ED7BC7305AEBFF123F8C6B77F80A533C6C2320CBCFF9A1BF00FFFF40F22ADF9E297BE8CABDFFB7EFCEDDFFE1D6C3B869B6EBA01FFFAF57FC1CF7EF653FC9F6FFD6F3CFBCCD3F8ECA73F8B471F791877FDE237F8C0F51F42FD9183D8B96DA33810A7CE5B81CB2FBB0C66D08BD6C646FCEC97BFC1473FF917B002A0B0C0C22BAFBE846FFFDF5BF1EDEF7C0BAFBCFA1C5E7E6933FEFDDFBF8182C23CACB9E82A3CBEFE8FE8E9ED384167A92DE6530134396A5ACB23468C9041C4EFB4B7B76754016234F85455C4433EBB03050585B26BA01E9C8A0E7E87D6444141015A8E1F17E967221E87E3F848516520F4743A942DE6C17503949695A0BBAB1D011CD9C2DB89022A9750565282544F1B9DE268EDE886652785FAA00A87DBF69E942399FE0AF2E2707A7B51985F20967E6161A100344159288F50D9C07B2B2A2E462A9D42716101D8E88E8E3698311BB178A1502BC9441C81EC4C3CECD8B10B400233E7CE426FAA572894643C26D7E1B9A9DA217F44C78F158F212F3F1F5D6DED2A9B2059C7507E49A72B81D971A8F2005C4A24439F00DB979FAFEEABA5A116C9FC7CA49D344C2B8694E3209E501489A4E7F294239AFDCBEFA743D59015EAF34B8A8BD1DAD20A2B3F2974515141210A8B0A613068893C57CE821EE00AA072DF5022C5F99CF2811E8FC5A54915062849C4608B23D81380EEE97104A0391E0233861E3B1FAFD534E2D59A26380523B0ACC8C09523131248465A84738B3BBB050B16BC4979146DE0056741D7D613A04D91A97102E6E527B0EEFEFB306BEE52CC9C3201DD1DCDF8C30B1BB16CC912DCFFEB5F22EDA690760C7CE0EA0F60DEF4B178E4F1E73077E92A54151B78E4F1A770D12557A224E6224699146CDC7EC74F505C528A1B6EB8110F3FF298586ED5D5D578F0C107B1E6E2D5D8BCF90D5C7ED92572ED071F7800EF79F7D5A86D388E7B1F78002585F9F8E8876FC0B66D5B51505225562A8182C073F73DF7A2A5BD0BBEE360D5454B71C9256B70E8E011DC73CF3D9830613C6EBCF166A452E44E13B8EFDEDFE1BAEBAE851F38F2F007437168995A79797946FAA565679A9F8E4AD5A2722EE56C53C34B17D4CD48DB94870AA49C2D2B749688DC904013AA2CC489C7F692665165C624AD95687B55C51B5A1FA28E08AF132AF7F8B14A6F1591C569899D76146AEDB796BE8904D067508F9247392EB96BA5BC30696E8A32841F33D5ABF227125C0528459A670BE72B4DA1F6551C770C1072C5A32F1AEC50A3CD7ED2F2BAA8CC4FEF6CB2F240B5B5566D578E521D64A39CAFA11A260C7C60665C19CF5A19C2558D3C68E8A02525E205D42B850ECBD07F3B4094BAE00E535239E6C7099F43266A97F923C38C0B546FD127211302D8B977073ABB3BC549089F11CA31B81C87DCB6C492E87192E8AC3F84716509799FCF954E425AD00B172E1443E5642A8E0B0EA0EB1A1A5C7546510000200049444154A4DFC4692225ADD288C52DA9F547599D0483089FEB2261873EEF80BA525FC0D2B69348CBB3EB8561D15165C1777A2437B365DAB062319166893EDA8A094FCBB923123B9F9394166A4A30810E1F5A95D43F8B1C8F2B752FAD44EAA855208D254807B1A294D6DA80EBA6A57D0408FED02BCC874CD0A723CD32132A7A2D5045080603D03A228E1A4DF2C61A70952A4CA90594B39152210D88BABA7956879CD53A0BCE654047A9F542DD7998AD208C055196B568AB55549CE4E8962016AD0A51EA09514744C08B8E4A3EA98C0C2F1230A31126AAF638F177AE06047F95BD906D5116BE8A209511C0A2C1E17555702875EA0602EAE523CE2339948109A2A157578E120A99C54A4BE0C2FE8C6A944505A3B5E33A4252161D755DE93B06E09CF860144067648E2A5042B740DEE7B5D8759467E65E27EF8150ADA4D2FE86CF5F829CD402CDE72F8F87633F949CEEDEB70BDD3D1DC897DC38E4A1998C8D81676925DB74F360D1F0400ABE38EC95ECF4F8F1E3426F9D0C9CD9C80B0EA0EB1949C8AD89610A27CA008F9809A47C0B3689D3809183DCDA73DE7AEA69486875D692E17B12812C1255EA1BA99650323665C7A98929A1C02125A0408120CE7FB536991A583BB4729585A5020DC42453E945C374A3E1DAAD2216C30010ED00D461D0EA7B0449E50552C11E94F56435C87CFF541487BA1E904C72CB1D17303E31B0236B256B052E4FCFB673E1B1B8CDD3C09389E653E7142062ED30C1441549990D4AE1E7EA5ADADA544D611E12DA7FEC578217393C02A40AD737F9CC189E2F61E00A7CB426BABFA0141DD999B1AAA58A0E0D682EAC5EC602E67352A0479DB71CA00296B8B0CB24A5A5AC646DD2BB2138F3583B8C94944C85741B4964AA52D0E8A098EC62E7A988520960F061323294D6B658E059099E3E5E162F2B1B85496380C02BD18AE1B392C5A4CF4E820609ADE9E1943A6B38AE1399BC641C67A2B808FF47B34E3867A571E738945C3886856DDBB6A0A9E1182C5124D9F0641CFAF02C5F9C8A89A04076B3A6EDC1F019DDAAE626E71839688E8993A9382E40806E0A322946A94E24584BC5923047744475AB763B5A00ACB688922E29CCC92CE93168432B447E93737C20F9E925AB9ED64786E0AEE04C4F2565D9C93161218113077678F137552AD19652348A30AB283ED980D0007DAA55FDC4EB4713FCABC45399D00909C0602765894FE9FBF07D65656A678C8AE79429206C88B26CD52BCC3E284443981E3693DC8AA0CE6AEB74D0BCF99E070602CA532F3668864608339169FD71F894327FF639715FAD76562831704854012B2AFA5427D751BB87F062A155A78A49A89F4CCFF6C94B2E5FD3F2EA131A97B3A04F352694DE9CE0AB94FB993E660A87481F33B199C7374C0BB66123C1BCEC0890A67F811A24563B224D85184C2F2E94896F3952D554EF8424A0299485E6288EF0A9D4372880565B4FCAC76981B03395E52B53555754914003992EF209815881B2215557F83B7F344087F455F6F90F40CEA4CEAD4B6A6990E2C4631B95E2528D99F0481941CAB3AC2AAB88AD1C8924E177F83E37DAFAFD81C1943A6A008D3EE9E922E01C1EA3EF417F45AAC084FD295793FB5220A668067DFD907B1650E2D6918B940668F6532C6C2D45FE9C12FC2EE5930307C4E883CA66F0D6DF0FBDF9D2F97A915625CFFAEBA1930374DF4FC25E8E24CC917BCFE425C9463D66AE132E649A37D100ADFA2FFBD4C48088148ED0967D966EC905AA0C6C26A84E95DDAFF6AB069CF3228211F0E6ECF4D51FB2BB33F9AF0E5221F58C5EF8266D700BB6A7AC6AF2CF965076E1F923D183390B3A7C323535B5B2F1D4B38C734FA66264604BADBF30CB98CA4DA5C85196C852095058922AFB7B66029C4166CF30E15DD81C02810ECB25C8B265FC3B4C8023EDE4EF0AB06038DAB43AF15FBE2F56ABCA171D7DF5A53BFA0ED8930D94810DECFE8FCA5AB66A4792DD59848B5308327DDF57E35F5255090073D1CAE6EF561A6DA9809301685221FD03E229DBAF2D7C098BD7246498794EC05903B4DE2DBC95DE50DF8D522D1AA0152828158CFCE8454E28A3EC7D457766274BFA7EB6C6E75BBFD3F3EB0C99F918199302D22138EB11A07C1280E19960D24865A8D1D863621C3EC31E0434A0E84CF40C511AB9060DC2887F6200003D7AF4E8B762319D71E70FC945D9DA9A2347250B27FB9F966FC6EA08B7B6B2C9A48240B25165EB0AAA49A1F32F2BEB3BBAD154CEAB3024F744488CEE5123166A68A185F6B3B26D08CA7C84FCC9FEAE2C4465C567365D3A07B58034918C5554486EE9BF35D00FEE190D9CDAD0E78D2E0061C7462FD9F74987A39D695589D46AC086DCB1F69E07CAD1A6905CEF6E140BAD00984BAC025045A2A8BE622D9CE806FEA4832C82E16A4286A966254DAB0668A673E533E5F21CAEC6991266FD6C34A2EBC20046B706E1687227062E300028AA9AC93A5BFB3FA98C5F5D9F3462415B67C98018DCE839BF8FE6580895CF6280C9EE555200AB872B249A446432777BC83CC9000AEB8DC20D77E2266CDF81E9AB5D2C0D08CFF4C2CA496AE7A75FA73398A64D9B3680D174F6FB7D482E2A968BE7078C91A7851CA3B34E78896CF56BC5F5867F0B8884535EB6DAAAD9EABF2AAB9D721265362D91CDBBB287B204A2FEE69B102BDC9EF3B167DB13263E5519B20480543BB34F560F8AD0EA0BF8E0D91EC5D166817E700F6F50B91A64E046288148E18213AE2AB71C1248217068199340636812AA09A2CE275B46BDAF08FB5E81B95A086937ABA710D22302A30AF0F56B20009D59A1335FD2B520B3A58C94D5AEB9F4F0C0BE273F39C7D1EF03E86F2164A878C5880A71B4669A73AA7CC13A4D8AC6880C05C7020EAAC90492CC9A73063BBCC18D9EF3FB688E3FC9AF2ED588D4B8F48D00AE04F784554AC5925600ADE80F851196E8A55D3874720BB6F8B0FC380C563AB21CD1F7730E683FCB407BEA82731206046849AA8D10A0C3CA24B47E09B59932DA5A66A3805539079557F7C422647C3F14E4840E860C1EBD890FD5567066F3DAC7426475952C0FADE451BC3E1F2EDBA9E127C2C788834C5321B2048520CD0584D2BD810E85F0B8C1300499EDBF5EB04EE2808A027458BD8B002D478779B865132083BECFFB62488B7E43BB10430B5A6D361543AF16C9BEFCF9C0003A5C84F5E6441638FEA1CFCCBFB2EF651D767DFAB5BF7E3B4DDF9FA0CC300C09A1AF0C015A9F4EAB7F4261885AA735B91C2E6072EFA195A74C02E52F1140103A4E5982041BE9A5CC42AA7C18629064EE5FE7B9CA9A1DEA43E5BC8DBE04FCD9538A810B8D15A5C936C2F26DDA07C10557B547AD1C6AB9D6171DE4183D47876B0B9AC06CFB6ABCD17A26D7CC71C92E568E4202B4026FD360EA5F0B96AFA4750468D7225FED2A800E2C78A6A3C408E1181F4CF32F3C80160D58C69E1B4C5F9DD36343FB326B699E3815B4FBB29F3664BF99FD30AB3C39A78D969367D52683B9D69B5A1DBE31E0F70773B1411DDB5F7F2AB07B6B0ED4D33782003DA25C25A9123DB6D4C92467AF803460DA5ACF459239C23D1601B2C53AA6049450E791EE126061CA4B214825902661262562368805303C2EFAAAFEA66FF60854D2FAF37C4B0517191E1C8325D768456A9A4F296484680B33E2F1775FA2197DE43954D204024E2C1DC71212A6DF1B169BE077E388F3BAA0F2C191B6F17C043505D867E2D83D7D7F9EC9117AA12298EAA79EB1C9FA28B5942840CD35BD0B14FB2E637FA95DA0F21B9DD9E8B9F0007AF024EB993CE7DC77723D30E81E10802E2B432CAE2AED5053CB4DB7728492C2F2E47F3673968B3F995BEB009E945FE3DFCCA346B0A0984B297824A882013596C0A330A2DC25CADBA6C06CB837B14427C39C32122024E9593DB11E2DC60804363C46808685217CCB861B3A3413928D8DCA06A50B367C0658057019394A791A532B505D498ED6244FCB95801257D202C30BA007FDD0CEF11772007D8E3B3877FA5C0F0CB4071440974BFA5372F12C7F462B98F440E0C69010DC2485159360169BD49AE72288113C59F32EA5822024F4DB02989FD86718B12311841262CC0458BE0F8F5579EC84142596326FB0608679525C568263C08CE1C363CA5AD742CCB7E45883741B2D738B414C74E64AD48CDC2203A5A4F005CFCFA01809EE8949D42E1712F1ABB00832819DF41BEF2B0CA91E681F5D68C7E500FA427BE2B9FB1DB63D408066D6BA984D8066D425A90D715B01669EE4FA26D0F5C243CC60A161153599320C38868F98E18A554A0A83E5D93CA601302DC445FEA52C5C265BA2A5CCC843CF2419A1E809FAA1854FB57C3848C064A10982AD41E0B6D422C1A34D0781E521CD7C14B4E5030B0E65A901291213A6D7058311B1661C1E2D75522EC217F08E68462B073679DBCCF67FD83E91A16F580EA087FE19E45A90EB01E90101E8B211B0E3AA928D68894C575401293F0F9B0F1DC3D809A351650135F58DC82FAB40257D538C5E630E10AF5734B70C83776D03BB1B8FA3644405CA8D5E98BE0DDFCA037C077104E84CB958BFEB200A8A8B60F6A6B070E64C141ACC57DC0327518098CB2A201E6AD3060AEC380A186D6B2B30A7F829E57A68696A911C312D6E0A13478F45CC49B3C4808442D35A4FD0CA6638BE70DBE4D229355332560DD002DC8375645F40E32507D017D0C3CEDDEAF0EE016541974BC22DBE62BE299C6DDA32D0E9E5E3AE675E835F58882FAD5D88F52F6D42C58C299859508896DA3AA13C465755206EC5D0D6D28ADAE606EC69EDC0C4793331362F86969A26C46345A8AC2840DCE9417D5B177EB56D1F2E5FBD18BDF55D786DC3067CE283EF83954A61D7A1439830B20289FC7CDCF1E48B985655894B664E468BD78BFA86364C193316AE67A0B7B31BF52DCD38D0711CAB972E44C3DE8328CC8F614C4539EC745AC57A32302914F7280B5CE988A92C516A921C409F6A54E6007A78CFD95CEB2EA01E20409795D382563C7122D48CF75A369A61E3F9BD0DD8535B878B668D46434727AAA64C40FDD114DC861A54240C1CA86FC4ACA52BB069E3765C3A732C1E7E69032E7AFF5AECDCD786B2740F7A8ED561FCCC09583E792C5AEB1BB06ED7015CBB76352A61E0B6479EC682C54BB1F1D9E7B16AC10CEC3978108B2E5D8A4737ECC692EA4ACC2E2BC5DDEBD7A372EA421CAD3D8E6B2E9F823D9B0F624469110EB776209DB450525E81EEDAA358503D12D3CA99D03E0597E6B6A5B2228A7055386856BAB66148442C017AF8A83886DB70CB01F4707B22B9F65CB03D20003DA20C71164A60C63EF2C6868DB41947BB6FE3C51D073165E174FCE14F4F21595C8485CB66E3E13F6CC6A7DF7D1146270CDCFAA7E7E0E45763E9DC6A2CCA4F62FD1B5B50346B227EB1EE65DCBC7609E2ED9D385C7310D7AFB9081D0D4D58B76D073E78D525280C4CFCF8F10D88578E859D7630BFCAC4A123473165F17CBCB1AB0E2BC68EC484823C3C79E81052455578EAE9D7F085EB97E0F0B643A828CAC7E1960E948EAE46636B37F26C0FCBC68D41351CC4DC4E04311329910CC6956430B4A24D3F9653710C60A4E7007A009D943B24D7036F470F288AA35492B9D3B94606809234D788A1BB278E5776ECC6EC15B3D0D0D689BB1FF8136EBEF92ABCF8E201AC9D351693AA4AF1DD077E87F1B317A3C4CAC315D32A70DFFA673075F5123CF4E81BB8EEAA5528365C341F398A259326E2787D231EDCB113D75C7D05F6EFDC276599E62C5F8CC3358DF8C09289A8AB6F42C9C89178F9D55D583E612C9CF6663C5B578F194B57E0DE754FE02BD7AFC081AD7B505E988763ADBD983079060A8A0CEC3DD48232B70BAB275723E675C3B17CA49983422C66EAA8C39067F2D0B4A07332BB530EAD1C40BF1D332F778D5C0F0CA00708D015AC05198F878A6552002CEEE0C2718AB1F7680D468EAB4641C2C6ABDB77A37AF26494C62D3CF3E246B4A5BAB07AE51254968FC0734FBF2015D6118B61E9B2C5303D032FBDF2AA1480B864E13C8C2E2E40472A8D9F3EF52C627905185354842B972D15A7E46BDBB7A2A641D5585CB97C198E377563E38BCF63ED6597E2D1D7B7C08B17A3BBA3131FBC7C1E9A0E1F415E2286960E075E5E01F61EAE912217572E9A87729F4EC694241272A804A1CA431C9F94E0A9906715AB97A337721C74A407825CA0CA00A02277C850F480D24157C08A33FA8E0127B4309D30DF754C74D192DB8FCE433B8EB4CF90EE00012B9A1B012CA707B604A5C4E1B01C172D56AA28021BBECD1C113E620E93F850E86C209D2850DFF303E4F7F60AEFEDB322107F3C5F2479CC771CB70CB8E93482780C8E94D83260A628C663CAAA001EA576B625CE4CB627964E23CEEA4160C27A06A730288541350C9566F2AB306D6F2E37C8698759CE823E6D17E50EC8F5C0DBD3035BB76E43597905E2319644A2A44D0135E5692A631F256BACB8C2506DFE8FD6A7AD6A0E3236DB7354A635D3822B55839881CD86EBC5C439C702A7F4D049FC0BABF2F02B4C1064FA92A58D117F5211C473E53A22F4E341AC7EC3D42E6E0AFC85D91224B045624F54D93387FC3283651825E805520351441C4AFD0CCB6068B7CAA92CD546CC407EA8E6C8BD4EDE033980CE8D8E5C0F0C931E501CF408C4241787AAFFA89214A9E2057C4FA5220DDF973C10444E09F98011A424308521D8C44786A1488E083FAE127A09404BB85F08D290325FB0C2F25E52D98BE5B774642097002E0EA654ABB62C55EACD60997616DBE575188CC2F34A522B43405782533CD688D4499A780E43F280B0982E53AC7251A0E48E7548242AD2B64F59FA69983CA2B7BD1939807EDBBB3C77C15C0FF4DF035A074D2761B490AC805F08D8BA66A3543697A443524613362303FD9444F149AD4D29344E25088192259798B343E71557D767CD4D55E95CCAA8ABC83EFE97F51833694E7DA13B6C9BB407230D6320A60B28FB2C861C87C3A2C98C966178B700B44A764BEB5D650FA1354F27A12AF7C4058596B94A36145ADA7DEA66E6C688EA811C40E74642AE0786490F9C0AA03560D2824E330844786226295296AAAAD012A6C8B5543E69DFF5108FC7F1C4FA273065CA148C1B3F4EA2FC68814BBE0E46F78596B9048DA85475F07D172FBFFC0A66CD9A8392922295E6D530E18456B3695AAAF8AF1FA0A9B109955595C24BBB8EC48BAB94A6643A4875300708091AD793A2CC3CB76DC64470175D84A295D687C9E31816CDC801F4B0780CB946E47A200CF52E67B2A4FE2DE8D6D656747676A2A8A808A5A5A5686A6A8293EE4549692962F1189A1A5B85022170575757CBBF6DEDED282C480885C06AEE1D1D1D30CD382A465489C57DFC783D6CCB4245E558016BDB36E07A297475A6505A3602B53547C5F27579CE716391EE4DA1B9E9387CD394CC7B3FFAFEF771C39FDD8CF2F2327476B4C349A75152528EBC8202D4D6D6C9398B8A0A2542B2ABAB0BC75B5A609B36CACB4A60DB266AEB1A6411E1E77C298B3EF7D23D9003E8DC58C8F5C030E9815359D03D3D3D78ECB1C7306FDE3C01DA442281BABA3A8C193D0A478E1EC182C58BF0DDEFFC101FF9F047F0D20BCFE3CA2BDF21E0DCDED581DE5427468EA8C0D62D5BB160D142D4D51EC7FC790BF1E28B4F63CCD82A343634A2B878242E5ABD1AAEDB032B16E00F8FADC7CA956B70EB0F7F884BD7ACC6A1C307317DCE7C34D5D761545525BA7D605CF528DCF3AB5FE0FDD77D10B66DE1E8C10352B2ABB1A9050B97ACC4F7BEFF3D5C7FFD3578FEB9A7F0B15B3E86679F7B0963C64E42477B3B2ACB8BB06DF3464C9E3A13F58D8D18376E1C66CC98213B819C359D1D9039801E269333D78C5C0F9C0AA05DD7C58B2FBE88CD9B37E3E28B2F467D7DBD58A4C9988DE6F666AC7DE73BF0D8234FE2339FFA349A8F37E29E7BEEC1D469D3B164F912BCFADA4B081C47B2E45D71C55AA41D0379C902FCE557BF8835972C472A954247872F00B965EB462C5EB600AD2D1D58B17C357E76E79DF8EC5FFC390E1D3E842D3BF762C9C20578ECE107912CABC4B5EFBF1AFF7DE7EDF8F4E7BF2096FDA30FFD4E9231054602575CF501FCF6BEFBF0D5AF7E06B7FFE407B8ECB2CBB073D741AC5EF30E14E4E7A3B9FE307E7AD77F61F6DC85686E6943414101AEBDF65AA16F72AF1C40E7C640AE07865D0F9C0AA01DC7114A63E4C891B8EDB6DBC492A6D5396EEC68B4B4B5C08CDB78E0FEC7F0A98F7F0231CBC20F7EF8038CACAEC67BDEF75E3CFDCC7A549597E1B55736E2E69B6FC2DEBD87515D3D16F7DF7F0F6EBAE93A710A767604183D7A34EC18B5CB293CF6E8E358B5720D7E7E1701FA933870E020B6ECDA8B8B562C474949215EDBB203F989185E7DF179DCF8E18FE08D37DE40655909AA4655E2C9F5CF61CD6557E1B7EBD60940DF71FB0FB176ED5ABCB17917162F5D0D27954663DD416CDFBA111FBAF1C348A55DA16348DB685E5DF3D37D9DA5A7B3AE6981EBA2BB7DBF3BEC1EF8001A94B3A007D049B943723DF076F4C0A9009AC0B565CB1671AC15171763C28409929E948EB7445E0263C74FC09EDD07B060FE02AAE6B07FFF7EA41C173366CEC0DE7D3B50555181B696361CABAD45CCCEC3ECD9F3D0D3D386030777239D4A63CA94B9A8A8AC90E4FECC087DE4F0318C1E3D11DB36BF8145F3E7A0BDBD0D75CD6D48D8163ADA5AD1131858306736EA8E1E46634B2B2AAB2AD0D2D8A07288C4F23071CA4CECD9B3074B96CCC7E6CD1BC549D9D2DA8963B58D22A79B3D630ADC5427F61D3822CA137E5E525222F446B4D279F4EFFE2A606B550B9F8F9225AA57F4F7B7E3D99DAB6BE400FA5CF56CEEBCB91E18640F9C4E6647071AC14B6B8669298AC68E0A0A8FE5AE62E2642390493E694AEF442297554C284063E27E06095205E2ABE4FD9EAD3420810B532ACED251497DB4AF825A6C1B69DF43CCB4E0A41D98F1047812566181AD026B24B528AF6BD82A809BD23BB64F17F60D98D82E8680118A3CD6776032D31D152711CB37CA4347EF876DD780CDD3EBCFA2601C2DC4FB3F01A873003DC849943B3CD703E7AA074E07D0046672B4FC57C9EA426B31D42E53FFC008424AE2A4D0298F11C064515825C3531AE7B09A49A06A090A208ACC4EE9E32885E33122A7A37E5A6A0E32F2C554E5AB2CD64464815A9E5B05BEA8C2ED61E56FD16CF37B0C3B67860F5E538135B5D7AA7D59B08D82B006DEBE20ADA90FFD39FFE5317A21E2DF3C46EBC3FB5AE2E7EA999DEBF3E600FA5CF770EEFCB91E18600F9C0AA0F52968351384C8490BB0B1ECAB1B88748D793B98E7C263F0475891450246CC245CDF95A84082A5C54840021C43BA4D43E991791C0BC1327787D42F540B00C19AEF13540316919524FBA658E5AE43B025887BCA2AA625CEFC1C6C97EB23C6A016C9C7A18E13C33CD461335085750F696A1358A3C02B581F06E6E8DD4054071EE5A9D91F1AA8294FD4FDC2F734F00FB0FB87E56139801E968FE56C364A9585CFD415CAD074D12C62E789F6542A5DAB0D73A6B27DE477DE110390F9220449804518BEA162EEFAEB87B3D9D76FED5CA7036802D34B2FBD24804425876CF9A91BF659391B787DE3CB98B76801D2AE8FFCBC7CB84E2FD2BD691CD87308B3E6CD830707B615C7B1DA1A74767562FA94A9028EFC71D2296C7E6333962E5D269C30ADF454AA17797909A41D0FBB76EFC2F8B163909757887822893FFDF1115C71C53BA4B415230993F124528E033B2F0627E52066C410B3633870703F468F1B0DD771908C25E132C9522209DFF2B179EB66CC9C3E4BEE835AE8DEDE5EB4B4B4C8DF1515E4C3036907258694EF516D42108E822F8F2710E7E7E763EFDEBD98366D9A7C475BD6E77B6EB41C40BFB53935CCBFCD782DC671313C4C594DCA54092B2C67DEE067E41B2368F736DF597F1E7765D9E994678C5C53DB70666593FC10612A0A02310DB82ED743636FAF843D57E62591E4B65C724778924A53B6F1BAFE92AE902D303E3C5EA702E8B6B6363CFFFCF3A281A693ADB2B25274D017AFB954246EF3E6CEC67FFFFCE798366DAA2C4994E111BCA74F9F81D7376EC2751FBC1E8D4D4DD8BE6D8B009DB63A7564229D8EC78E1D93CF088E04C5B2B2323436360A2852D23773E64C1C3A74480265D89EABAFBE1AAFBEFA6A065493C9243ABA3A85A3EEECE8C0AA55AB44DDC1F612388FD5D488239094C9254C5FFAE8A302C6EDEDED983469925C9FE7183162842856D8B683070F62C18205387CF8B01CD3D6D621C99CDADA5A71E38D3762CF9EDD3874E86028CF3370D965970BD8339F885029E7793AD31C400F8FB9798E5AA1427FC3D4376126317529499E231B5E41EC8C457A8E1A32A8D39E00D6D278D91BABB9161AC1746089734900DBC0E1A6E3A869EE86A40A62D1D4EE4E2C9B3B0B098B5F51FCABDC6540A80EE956FDDB30295A7A2A803E7EFC3876EEDC29C045CDF0A851A304DC36BDB105EF7ED7554824E278E28927306244392CD3106B3495763061C2445153AC5CB90A058545F8E31F1E159024D81D3D7A54AC4D5A9FEC73022581995188353535983871A25C73EEDCB902D4858585D8B76F9F5C97DF2300D382E5F9C98D73D1E075290524B86EDAB40953A74E95EB2C5CB810070E1C10F0E467047B2E386C8B80B6E7C982C3F372813872E488003B178C6BAEB9060F3EF8A09C23954AA3B6B6569EE7CA952B71F8F0211C3B5623CA163A44B903E0391438F3C19EDFF9A673003D28E838BF0E56C09C1DA2D92D7F08D2DA98E69F19C01E1A8BF2A49A557D13D26466630B2D696EED990C1EC0F1DE5E6C3E5C83B163C7E0E97BD661F498F198BD680E366FDB8977AD59853C8349E309D06A29E229B989C8DCE97900D0EC1F02167F08403A24BAA797A1D5C57257B472F92F79651E4790221D41AB3BBFA050002B9DEAC97C9F604AB024E0F25F8230C18F80CCEB1134F5E7DA01177D4E045B02A8E6816518313748A8242168F318CD236B6A82C769BE587F47F3CA5195862CCD4190A137146D41FA422DB8CA52F6E487DFE7D088C5E2619E1272D05497287EFB7C7DE500FA7C7D720368B7C6360D4802D6069D452AD398501AA181CAC29DBEE1B3DE7258E96200173847874479434E465FD256EA5C6B9280131E5C58B0E004168EB477A1A6A60E0FFEE66ED41CDA2715A73FFAE9CFA36CF27854E52730A9AC445A4A4056654AC36C6F4348E9F4D775A7E3A065890A4153EEC734E1FA5446D031A79C65920429FC8CA9444973089DC1674E399CA79D7FBE005CD4A9A6F95DADA088EA9109C27D1D7051A544147CF93BCFC54522FA8ACAE1A4EDB2882840D70B80FE5D7F4F5F5724857AB88699EFB4EC50B7837F6BCA462F1AE77B6E8F1C409F2390191EA7151220EB2094DCC204682654271F4B1DADE26903E6E7359849D81E3280EE2FC526A9182E1B02AA4120CA0397E1C4411AAE1320B00AB0ABCD41BAB515BFF9AFEFA3BBBB0D2927C0F2CBAEC41537BC0F6E4B1BE68F1AA913B5A96C6D1AA087C743CAB4E27400AD9D661AD8646D5509E854AAD0508D41299C8021E99F30B78576AE46C9ACFE762D513DB2B660A3D17B51ED71EE0DDB5D0000200049444154D4AAD660A9178E6850495F479D0E2ED1117FBA03F4FB5150D5CE3EDDAEE8A2A1AFCFEF472D6FBD109C2EEA70983DFE7E9B9303E8F3E1299D711B0945610E5E99C6946211B469D9F0FD98E2646586ABF78D8CFEE18C2FFA96BFC849C9ED312DB6DE544A1C806C63D2B011B32D183103A6C52D6C028E61E3707B278ED5D461DB2BAFE2F13F3C8AFCA2127CEDEFFF1A87DADA70F1ECD918499998CC6225EFE0A657AC4CBD83380F280E0D40517582BC474A833B8C30D08389F575FA516A9E65932079A3952F82001DD50B47F5D4EC229D0D4F07854441BA6F22237D6CDF6092BE0A0ABD1068C0D4FF46A574FD59CA995D824BA99FDA2168F0E577A36D8D82BC5E104E4A9BBDE511FAF69D2007D06F5F5F9FD32B45077B661087502C600420ED078899AA54A7CB01AEDD2852022974152A736CC0AF7EADDE308A8D27D10070226DA122DBA4B2869679398EFCAD23E5B8FDD63FD29850432BBF8B764E59D57412F6063E5EDD7B18F9A5C528B0F3E0F829347675C0EAE9C1AA99D39114CB324479FE26E433551D0AB20673BF03EE983338F07416B406CBA8BEF76420D4375063B88255B45DFDB5B12FB847170C6D39F7B5D0CFA0EB87ED5772003D6C1FCDE01A161DA47D013A05A0A69DD22A17D5A5052860C86D08CA625B3171BB447AA964EB3A34F7542D88F289FADA0457EDC8EADB9EBE5B5ECD3DEAC00BCD31462D2485C551991DDF50DA3AA997A702DF582C0FCDAE896D876B903412F090465E7E1CB3465649515356C5A6E59891D9F156E5DB2CC544567A78BC0692B05FB7B4AF951A7D3FDA87FDFD3E3CEE7660AD88521C510B5CD32151A7E4C0CE787E1D9503E8F3EB799DB2B57DAD68425947CAC193AFEF4241F5582462166AF6EFC4A58BE660647E3E4C3F04385AAE16950ECCE610B21D7DAEA427870661521012E0E05047A11C565417D0EA5532A76C29233D89A2DBE628A0F4059B28F8F3386EE355CD3D559E89E59B849AE12E40AEE3C2830D2E4474DAD39FC4DD414C8C661EAF9C5516397702BBD0EE1AE28746B5D2DF833C1D4047B5CB7D77249AB7ED4B03682BF37C19E6512B3A4A85F4A5534EC6639F2FF739D076E6007AA03D751E1CA707B7F6A8F7027862672D8AE3015A8E1C444F470FE65EB41C1B77EEC77B562E40B1E9C122A279615922E16569712AB580B68635F5A08196004C2F3DFF8D7AD7A35D14F5EA8B4D1E26F0893A70A2C7472DEC13AD41DAB98A8AB0323A6806AA78E8A07AE35803108BC34BA7D178AC0EA3C64F10AD6C7B7B27F28AF3918C9BE86A3B8EE5CB960924F39BAA167620F77ABE501C7A11D32A8E6C7FAA808C6CA15772B5BAE02CA924CDDB865AF2611498A3C7851E139AF252F239D5EE68D4A0EA03B5AFA2844E49F3B47854CE16D9FD0DCFFB1D2C8CE4007AB03D368C8FEF0BD06D8E87DFBFBA155D8DC7F0D4FDF7C1F603CC5DB10297BCF76AC99D30B5BA1CF9BE038B9A5715E2A13297994A17AB7FB475D6977E885A677D01F664807B3A8BEEC4EF29158A025553723928679FCABA565F730C5DDD291C6A6842AAAB03E585F908622652BD3E3CDF44A2A4141D4D8D284AC6B06ACD4561584AA883D63B8541F0EDE7FAD10F84837EB33281098354CD40F5990230F5CA02960455EA2AE0E7FA460671FEA8C5AC7767AC16137548469523A4E908CE5C84383E993B84B94214D82B7DF489F73E7C764883E896CCA139803E935E3BCD77B2F2DA48E85B386754F45E3696ED6C5E3E4A71F0BC8D1D9DD878A4166FBCFA1AB63EFB0C6CC347D5E86A7CFE2FBF8AADFB0EE3E28573502040A5D23E42B29C655FFDF1DA0369EF401C52FD01FA9B796D5A518A8C20406BE851444700782ED229071E130581A930F92E83596C18561C0E7967CF438CFF26949243941BC30894A3FD793A80960A2AC9642621BD72A8320F8789969656E1AB189E4DF012D0169E5E297914E3A4A4780266C2DDAB4C25D9F1A85BA3922D650E19C8433F0BC7B06DA4CC6841EB17C19951944CE6CF484746193A4E1A9D9D5D72AF8EA3005BEF284E8C1C0C73019C85B60DD52972007D967B3E541E87369FAFF247844A012A0E0820B2D10EF9D033018BFEBCD6191DAC5851AEE85F53A6855F3CF11C2A9379F8D36F1F428FD38D2BDEFF2E548C1D8DD9E327A1BA305F38676616532A87508825E750DBE4FE2CE1B3DC65A73C9D8A04A3A3D094643807F61F94CA1F4C9E934C24D0DDD58DAEEE5E24F312E8EC68C3CCD9B370E4C85114E417E0785B9B64552BC84F0A7875F774232F9184E3BA282E2E92C843665E1B2E2F05D0157D8AC62A2B9860BC61C3CBA8AE1E255B7B866413B866CF9A8BCEF63678BE8BDAC6268C1A558192C2221860063B033B76EEC0A20533D0DCD282FC82128CA9AE04635528A89494A2FC4DD28B6AC7AB1AAF56C0237C78F27E644DD3BB186DAB660C8FF0316903F60C3A5559D004682EA98A16A395BC6DDB360947EFECEC861D8BCBEF4D4D8D282B2B41616191245FAAA9A945555595848D937A63BE0E91827358EB95FD246DCA046CC971CAE371AE56F181B447ADA0AA059523AB86C49C18928BCA7DF7876E6730984EF695D03E11CB45863651595C562A4F0F013AEBF01ABCC4EBA45402A793EF23EDD079E78A2ED64F24B1B7A51D758DCDC81760726025E3B09C5EAC62D62F4AEB18B841B3321C107DB5AA511EF02C76D3804FA5B7BA6C07CB2E710DE1046C6E6EC6983163D0DADA0E6A7F351F5E545C80AEAE6EF4F4F6CA82A31D96EC375A66FC5E322F0F6565A5A8ACA8082DCB0137E79C1EF866800E672A20392E76EFDE8DCECE0E4C9D3A4540BAA1A10163C78E87934AE1E8E123309371545694A2A9A101458595088C18EA1AEAB074D10CECDBCFBEB3B070C11CF8812171987C11A04D82B10C551B9E61CB2E4301B42B7FBF1D00AD9D7EF47B6880D677DFDDD5850D1B3660D6AC39A8ADAB17F46291DA8E8E368C1A552DD5C3C78D9B2006C5B871E305E42D4BEDB334F89E0AA4A3004DA7B27A9D23881ACC0E2E00AA72007D36E75C6885CA2AAC86BF3C6F9D0C5D246DEA13A54818DC38E86BD546D71A0219B780B42CB5A2827286CE204073770F761DAB45CA4963F2983118575488227296E24C0ADBC0506AC169ED6052CD1B6A0B5AB7412F14D265929B38EA08535B7AE971096D5609E3D577B3E58FD4EFD9E7AD542567F3F9BFB573BD19A0B3E62833D6F119B7B6B6A2B8B850F26B7477F7A2A0B01805C924DADB5AC16255AC52523D72240E1DAC454151191C378D823C80393BF2F28A503DAA2203D04A1FEFC120184B84A52D202D794A585965C8005A511C519F0A1329959797E3C081432828C81780E63326D53172E42834361E17EB9999F094E5CD31C29D6AF69908A3D3CF6B20C7BCB5277BE6DFCE511C67DE77FD7C5303B4629A694367784F728199ED6008DC8300E82850EADF396125DA8ED6224CD9B66B6FBF067F12043E2D22BE41AF3713D998617E3756C490B06F1F8EA72A75506827A58EA4AD0A04FB2A324EE4F9CE2D4510BD767F9C7856D5103234C2B7AA68399D1758817A76769E29B77E56874A3F273B1D07AD658A3AB190E4AD9000A34095AD621A565637115F590CA6CD7C1864E27B85CEF0034BC0984E5779F24201E8407A3ED5908E9335DB8329795022696ACF61079C6841C74F906946952BB1181D884C8CC4E2B01C9BCA24E5FD657968064851E171A264F464007D0E6FEB2D9F3A07D06FB90BFB9E20BB45D2D5D8D4B00F3DEADA9A1EE44E2AE3DC09B39A9183E48B7C2B338A7141709D3452E9344A4BCB24593A7F9F3E7D0AB66FDD81CA111538B4EF000ACA8A112FCA47CA75E598D6C626941617A1BDA70BC9823C2460A1A7AB1B0B172E00BDE9DAEA540017F590EBFB3EB7001D9D747D6BD0658136DA36D5AEBE6A87BE8ECB289573D687C0199E70203AE8BE0B8D410769C0884C17763C26748FD41134E2E287901250CCF927FE045DED4048B6B095CA94D0651054CE3F95A25505889FDBE7ABC71477454ADAE9A90C78DA828E3C4BB5C652AD425B83CE41BD28EBF7958A458059FC9C598A43CC8D01EC96B2FDA292720DF52B07D067FB09F4D95269A193A835A3CF7B008325DA340D46740C7100D39BCFD7860DAFA0BEBE0179F9F902A87CB92E5345AA4C618B16CEC7ABAFBC06CF0FD0D1D585A2B212049681C07331BA6A24766DDF8144320FC99262D88938CC942396D345175D84A2A2828CDC290BD07D07EDB99DC0510E5A26591FE765B48FA232C0682083FE5EDF47DD3720E66C0F85C19EEF741674DF124EB2BB892A31987B83F44E8635269805AA36A186E02CA795016821B6B433F64D12BD73FB7C75EAAA2840C7E2340C948350C67D267B1D2D63B52B0DE8DC14B9A5A6BA4869E84995CDD921DB477DA7039873D105492D5C43FBCA01F459EC7F256D0A6782EF86BC0233C829317D36BD27493E355AA2965D74EB1D05223A4EC83912ACC8C3F5F7521687B21C18E5C7014FF995E7A56058069C709CB32A735C6449AAE0663A9D423296276D9482A2A79C8F7AB989B6E05C4FE0413EA0C11A3D0398B4836CC1191F7E2A802695C59D5234C56686979714A3DCE62BC052811C063CE68EB66C780272AAB28E1A8B2A67B4244D0ACD4DF53DE59350E755832953E43503DCCA69F1E6053B6A8A0CA60B941495E395A9535DD7473CA60255B4C2868B07DBC9C50786E88E008379A06945ABF1A7683955C59CD4075FD1C5BDBF85BD3F5D3FA5A6A4476C2B4C819A99D03CA32A761B3DAF4A57A52C77452F4A7281B04DF40978617E6A46B3EAE4552A2BB93A5EF5B1EE53D9CF48908E2AB63B79D2842119A14372D11010073B854F39DADEE444F3A9DF08073739416E33657B458DB1760CAA4C103295FAB44673C87C480465BD15A7C5CCC178B2FCB6E17C82EF05D8B56BB77CB7A4B818C7EBEA112B48A0786405DA8F37A3209184159830ED38D28E23C7CD99390BF1BCB82C1AE1BA71927B7EFB298E814FF5B06D03D9C7464F3A6423F1CD77763A0B9ADF88523799B1422B526A137262AB1458945A1A521A8C5676A86FE7A21C52557CCE921B5A00459F57298C644C33317E48CD69D0572D5640A801FDAD07869C08D01E019A1674184948702650133499AB9C8E4C716852BB2FE0AC0C0DE1D87DAA3BC8BBA7A5A5043F05A86A6CA8F328EB3A6A1845FD1C328FC2EF4AE08B04BFE88C80EA5CAA8FD50C36994A200C14123A4E7D3BFC4C596BD1BE328C98CA2CC842BA6AC9CCD03119795F48E5F0318CACAA1892113A24173D9B00DD97D3CC58BF46801E184885AB683E022464FB9875C044B596921E923C61386868D5688F3D6BBFF1A513A96B2751BF16B4F64F1A90A00596462A2D2E41E7F1767831136563AAD0DDDE0EDBF5D1DEDA81B2912351535787DE9E5E2C993F1F166B4399CAE83FFDC3198E0567CFD4821BF81270AE8F3C1540EB2D7F5FCB50D11C814828130C79770218D401FBACCD487A83CAA13CB1D298A3440A7F49156E876A6749BD2AD9C199EC5E1E3C2B77B32F2DB8E25C0ECB8599EA98749A1236EA8CB58725BA682B481FDCEBCD00CDAA28E2F4F41C09C4E11C49C4188C44808EAB44FFCC5F2ED55428CBA3EA43A977141B42EE9D65B94C29A04B0026FD97EAE9956355F51525C1E43D7177C239C69DA77E9FFFFA727D75AFEAFD985085199E9E8B1C35E482E0AA008129518DAA0801C15D392B1510B35A3A6B188873D6601E19FEED885124D67CB8D3763CA657652A60A0AA72C4E9A7E3E03A7C40470FC945CF04A0DF6421F7B93D5935431ECC370CD07577B03B85970EB7A3B228814595F91813B761691357EEDC9749405D2AE59AD104441C2404660E98BE8BC0A97A364A8F642C020E56D7811BB324E0807614B5CF6C02ABA77822ADF211E3273A93DD903D99018D9BFFD1079D4A66C771C17A809491C56296EC7C4879C8B384813163C7A2EEE831E4E717A3B9AD15C93C0B85F909B4B7B563D4E829282A2AC4EE5DDBB9838793EAC5C47163D0D0D08458220FB1781E6A8ED5A2E6C861CC9B3353E498070ED7E08A775C85E3F5C770F0C07E548D1C85BBEFBE1BFFFCCFFF82AEEE9E30078BE6BB95A578664E455D3EC180173050C5433C460B5A011FCFD9D3D5893F3CF628C84D1F6FEDC1656B2F47797931DA3BDA2470E7D08183D8B2651B56AE58898EF6768930ECECEAC073CF3F874B2FBF02D563C6E29BDFFC26BEF6D5AFE2F6DB6FC79CD9B3B068C142DC76DBADB063163EF6B18FE1473FFE31D6AC5983E2E2526CDBBA45EA1C7EF9CB5F96E2BB0C8C61EDC59A9A6398BF70219A9BDBD1DCD626CED835AB5749D1DA8E8E4EA5CB6F6B473299270652221E135F106B3CF27C9595ACB5588B8A2A150DE9A61D8C1F3F0EC9441C5BB66C5121EB868931E3C6E2D8B15A54565461DAD4C943322387E4A2670AD0279368F505EFB461E058DAC17FFCF10D3CB5AF054536F0C955D370D3A289A02D2C369EA1EC0015B867A0A7B72753FAE784FCC77DA0A87FB95BF620D9BA85DCA00AEFE5021EF28E2C2FA4F669928F4306BE845047DB144AFF86ECC9FC8FC6DE01DDDCA902551860B37EFD7AD4D7D7C99698C55819BCF1898FDF82E75F7C490AC23ADDBD282DABC0FA279FC6473E76039E7FF649E1730B4AAA71E9256B70EB8F7F806BAEFB005E7B75034A0AF2D1D4D8847113A760D3E6EDB8F683D7E1B777FF0A17AD5886FD870F61F4B889983E73369CEE0E3CFCF0EF71CD35D7E2FEFBEFC7DFFCEDDF8915AD39E8ACD2E16C02745C516D818F82641C3FFED18F505E5686445E1EEA8F77A0A0A808A954373A3BDBA5606E5B6B1B366E7C1D25C52512594A3D347D2BFBF6EDC7873FFE09B89E872D5B3623D5CDB9E648D18799D367E00F7F780C13268E97809F8E8E0EBCFBDDEFC288119578FEF9E7049459517CCAE4C9D8BD6B17962C5B26E05B545282CD9B77A027D58BA54B1663FC9851D8B8712366CF9E23FD3376EC3858764C8AEE5EBCFA22A93ACE4595DAEDDDBB77A2ABDBC1ECB9B3B17BD74E94141563FAB4A9983D7B16BEF5AD6F61D9B2E5122979ACAE1613274E92E8C8BFFAEA978764460EC945CF04A0A3338B80C6E49AFC69ED48A1B9A911ED6D6D121C52513512C9927C1C6EEFC6371FDF83CEAA69483ADD981B1CC7D72E9F893256970E030BCDC043AABB17DD3D29E433DC3A163BA1D8A6C2D2373B114F39CB4327858C6B061FC8162BAB43128555C897D192A6C51C928C92BE93C9EBB58C69406832EC0FD25BEFC10C354DDD64B7E959FBEEDCDFF0A942BDA9DEF9F18F7F84E5CB9789EE9D0B32ADBA9B6FBA11F7FCF63E4C9A3205FB76EDC2D8B19370A4E618AEFBE0FBF09B5FFF02B61543E5C809B8E6DA6B70EB7FFD0037DC780336BEB641B2F931E8A36AD418F4A41CA41D17BD5D9D282D299490F8F193A661D1D265686DACC313EB1F477149A954E5FEDAD7FE1F3956BDCE9E05AD551CDCDED35051015EA4266C3CB57E3D36BCBC01F3E6CF47A2A01485C52578F9E5E7B178F1622C5EB44040F9CE3BEFC4D429D3D0D2DC2221DF2C804BA08EE5E5E392CB2E43DCB6F1377FFDD7F8E217BF80E6E34D98336B367EFD9BBB0594376FDE2C69046849F3F5FAEBAFE3F2CB2FC7BA75EB24A43E66DBB878CD1A6CDEB255E8C386C66604A689D5AB5662EEEC195877DF7D225B1D37662C9A9A8E4BE839BF3767CE6C3CF9F49358B16C39B66DDB8AE953A7A1A1B919E3C68EC38B2FBD2014C7DAB59763F6AC9962D92F5CB808C9BC7CECDEBB07ED6D1D9838650AAE7BFFFB063380CFDA201D928B9E09408BCB4F1C0794EE0738DCE5E0A5BDF57865F336C40DA0282F89EE740A3D5E80E9336660F18C51F8F5AB47F1E8CE46142285AFAC998C0FCD9F089B593D597DD8F5D1DBDE8A7CE610C84FBEED916CCAC71F91340FD993386B63E9C413092E937755D59CC9AF4AD27F710304707D2A1B42F916F7FBA1FCC534F9A4B9F41A30590A8CCFDB60CE0A75866C8980C172AC03BFCF5371D09CF0DC6ECF983143DD572843237FAACB4129599A2CEFE22863B49DE2585DF8811F2A13C2283B2A15424E95C680CA10A7FA4C49149936807D452E57658BE3FB2A28EAECBD44CA26A42C836EB40E5AC9459533D0178024AD435D379DE05AA5A27377906F6600CB9B5F8A9F4F3B29518124E209E19BF56E5417B6E5DFBC47D248FA3E5522AA6CF5747E2FF3779835D0237D9876B077FF3E4C9E3E0D49EAB7BD303C8D1C366F8B857AA948A163D5A39356519ABC365FBC26FFD6DCB87A166A8CB13FCACBCA8764860EC945CF08A0C532F5903280A31D2EFEF4FC6B706063C2F4C9889595210D0B493380D7D6869AFD0751D7D286792B16CA56A62A2F86E9A5169CE6E3A82E2F97C913B71388C76DED0F18B202AD676F8A0DB333A9EAB2522546B9664D989C29C22A499289D077AE222C61AA3C14866F432A18841E792D8992D349FDD530E8E11CC6869F4EC5C1894B4754B43E5F345FB2D2492B8056BA6615FAAE25952A784349E4A2B2B393E9C1A33E90811C7F262341951D536DCE70D0043AEDD709E57F2247EBA37A52F7D157AB9C851611A3F07BE1353430F75571E876F777DCC976B219354DA8A07119D92855899463960B82A8B99493491909E1B127A846C26022BEA75FD16B8E1C397248B072482E7A26002D468519A02D08F0ABA737C1F40C2C9A3503F5410A0FBFB113875A7A501533F09E39D331A9A404BB1BDAD05C77001F5ABB1CB1AE56FCE0473F428FEB61C2E891F8C2673E27455915FBEB0A9084354CCE646CE7BED35F0F4432BC72C7C3A4FCC45D79F61C75921D4A852010B74D838139045F7ACD5525EC4C3E92FF9FBDF700B2F3BACE04BF9763E71CD00139E740309BA42952924965C9164507057B67EC2A8FD763EF6CD554D9B3B35B5B3B6B595ECD682C590E4A54A4324951CC0104488044CE6834321A9D5FBF7E396D7DE7DEFBDEDF0F0D7440B7BA01BC57D564A3DF1F6FF8EEB9E77CE73BE379496671E44EC4E230D6DD78C55ACD770A9C758CC1024C8AEEA568781381AD01AAE2C49889CE9BCE8014FD170DC60AA0958BC3FCCD802A9F5D59963A7468A5BFC9F9666F38B6838A1799423B8DCD4130F43BF3FD54DF55DA4A688BE49A6B7D853CF2ABC7B6BE93955CA07149B13DF4E2698EADABAB9BC51177ED1E9B939B4E07A039C663D91CCE0E0CE36B3F7D098F7DF04338373482BF7DF56D0CB82B8463EAB1DB51171BC517EE5983BBEA7D787BCF2E2C58D881E8B1BD3875F408B6DE7D1F7EF0BDA7F09FFFEAAFD1D9BE50E43DB3E441DAB9D22A5A4EE933432D60751ACB9C5574302641D8EC2E647276A9121E4D2511CF01D51EB7B8AA9472B2AAC9A8FCF13C8F2E10E5AB679F299FEBDCB838B815167A99CD96A78599EADCE3818B1568F4F2A41351C602B4B5D5AF150C9F2E684DA547955B25233F790693E6081700CCAE32278D58D6984C3F8B05AA85C80C255E2A9F93CA9A4F26313C6EFD849AFC2C9C719DDE4D80B44A0B5C93562B0BBEDE5DD105438076F05E426894EF58968DEE3203DC562EBBD5AAB75ACEA6CD3B3A3AE6041CE6E4A6D302E82C10B2013F78E13578DCE5A85DB206FFE3855D783D1544D415105D67769E379DC092CC10BEF4D85A5079AB279CC0067F06C7F6BD8335EBD7E1D7BFFE15BEF0879F454B638B68CE929297CE51645E09C9973E33D402669E6A473B7DD16AD2D991CCD990B0D971E0E809B8BC7ED89D1EC412692C6AAA46BDDF2581536E4D39E7ECDA1FCDE25802D0A25048FFE2EC15999DC8C5C1096C2C4CC3CD556E0BD6613425A0CC68528257856DBBF97DAC8BC30AEEA6078AB7F5C55B7FE36299A11E93CB1403B45A2A15075BB941E8B6E232AA1268D439C6255570E9A842035AC697D6A826FF89CF9E49391657825C44927A0B017903EAC5006D160903DAA64D142B8B710BD5BEE24DD35D20E941DADD2165DB34985BDBD94A8F1DAF3D4BA9DE138C322EAE9772C0979FFA213EB8651B8E2503F8E2CE93E876542265F3CAA42604D81C7654477AF07F6CAD414B6D3D5EDBB917FFE92377E2BD37DEC089EEE378DFC30F6251DB42D845A83F85ACA4E0DAE154BBEAD267A65AC0E29620A02A4FB40DF6AC1D11BB1D3F7F6B37B6AC5E819E0B3D180A8D60C1B2C5E8EB0F61F3C22654389C797A974C7ED9978A5F44A77C4E271163F22F3619B124038E85EDB24ACE28248F98ADB44AE75769DD2A118A606C804752A91D0C0C16742BF2A063718D58B7E5AAC49472419880DAE4DFEEDA47E6FDCDBA2ABC249ED02A95CD0ADD54EA59730C64C229414F95D751F0F7AA2083E97C93F861433A9383C3E9C8EF3A84E5A4330BB34C0BD7D9B9C6E540374BF14E82C141B37B313538D96E63762EE6BAA214A99250CCA22349376C67AD95623282AFBA8675A1D0167CC9C531C108A3F3FF52C6862F7FEBFBF8D8FDF7606FC88B2FBE7D065D2E376073C39D25412083ACDD8DCAE830FE6643251635D7E3C5D777E03F7FFC115478B5AF536A58181F9A7847650B5D02E79998E2966B685724FFC77E11F6052B8067EC38198EE0EC4818B9F3FDF8B7AFFC03324862CDB6CDD8FEDB0FA3BDB5190BC8AC111F876C8A55C05063729EFD32C38F6BBD1C01BA4A2AAA28853A2BD79893399E484A12049914645D24D349D93E7BBD1EA1862D59B24C808CB200890459070EF87C5E5CBA7449B4C2172C5820DF9391409EEF8E1D3BB075EBD67CE0917F0F0683C2093665A768A99346CAA418F27DEFB8E30E4958F9EC673F2BC932575BEED36F2093B065EEADC282AAB4D9C10307108F2791B1BBB176DD3A11F54FA6E2F0FB7C181E1AC6E5CB17851B9E4A26F32E12D2E756AF5907AFDF07960BE33BBFBD6B17162D5CA4B8D289047C5E1FF6ECDE0D97DB8D152B5688956BDAC8303B582861FDFAF5B2285DB87041DA9FFF663BB18FA40DC892B13B845EC744B3706844F8CC0BDADBC4374DB70DDB92CF104F247060FF7EAC5EBD5A59EF12CCB4E3FC85F39270C4C5C0E9724976E8C28ECE39818839B9A9DEA61496D9498C25A6760E03F8E62F9F4773731B72758BF00FBF7E07076C7E245D7E649359385C0ED833393446FAF08F1F5C8DD1D1611C397F097FF6BE3B5121FA2A5C4D0B928E6ACB4DB856018FD267665B80AD6B4ACD2A9F322D451BF65CBA0C7F4D159EFBDAF77174EF2ED85C19047C417CF44FFE3D9ADA9BB020E88757028639A46959E92AE77447C9967A967BEB7A001D0A85F09DEF7C172B57ADC2E9D3A7E1F678A5CC55435D3D1289980083DBED456363A38011931C98C1B66CD952C95AFBE94F7F2AE04AF71BAFF5BEF7BD4FB8B70F3DF41076EEDC89CECE4E016E728809BCFCFFB163C7845AC6F30281009E7DF6592937F6E69B6FE2EFFFFEEFE53E133123A6D2B3B43299794780A6D017697FCCB2FBFE534FC9BDEA1B1A70F2F4393434360A08F6F65EC67DF7DD8FC18101BCFBEE6ED4D6D4E0724F0F5A9B5BA5B2D0E9EE6E7CECE31F87DBE3C1ABAFBE8AD5AB56E3995FFE12F7DF7F3F8E1C3982B26050DE399D4ACBA2C636D8F3DEBB02F44C5E617A38DB818BDFFBDFFF7E3CFDF4D3D8BC79B3BCF3DAB56BF18B5FFCB772122B000020004944415442E414EC4E077AFA7AA55E228B6034D537E0E8D1A3089497A1B2A61AE565E5B872F9322E5FBC84473FF07EC951D8B777AFB4EF86F51B70A5A747EEE572BBB07ACD1ABCF0C20BF0070270BA9CF88B3FFF0F7302107372D32903B49AE988DB81B74E9EC273EF9DC0030FBD0FEF1CEDC2BFEC3F87414F0532368F583181C8103EB6B61D7FB0AC127B8F1C82AFA109BFB37A21828C3EE7A814C7BB2BE52B138C9ACF054CA732B1E6D3B185D557D502573B15069780D3E108BA7AFBE10DC5F03FBFF4DF44B272CB96BBB1F5C1DF42F3824634960711607F092B4F09DEF01A8AD9AA0388B3F8B21303F453A8AEA9D57C5C07826541AC5DB3063FFAD10F245BCDE954EC074EF664322D40B36AD52A9C3DDB2DE0F2B9CF7D0EDFFEF6B70574962E5D8A9FFDEC6762C5F1BE1D1D1D025004FACB972F0BD0335DB9BDBD5DAC45023501BDADAD0DAFBCF20AFEF99FFF5980DCEA9F2E0EA44DB5A9C6B038324A8F3A180CE09BFFF2AFB8C2F25E6D6D707B7D08965508E0324985C0C9249E6F7CE35FE57DF99CA4B292331E0A8F60FBF6ED58BD768D2C4A7FFD1FFF0A9FF8C42770D75D77C902F3E0830F62DFBE7D9260C205A0B5B555007AC99225387BF6ACB4C1A64D9BA49D04BCF7EC917F5351928BD6CB2FBF8CAE93A750595D85404539D2A99424A57CFDAB5FC3F66DDB303812029C0E4992C9A4D2A29572CFFDF709C0FFE2E73F977BAE5AB952323AB9436199B686C606A9C148706662CEEF7DEA77E7042BE7E4A65306689E905135FBFAD3697CE99937B0A6A3134B1B6AF1EBD317F1DCF18B08D9CAE04BC7F0405B351E59D581D17814870FECC1871FBC171DE565125252B42DE5D630D5A909CED20873D612539D3E37DBF12A5AA860DA46FA33C2C8E1991D6F61DDFA7518ED1BC0D05004D51D2D18EE1FC1B685CDF0B342B6A983934F78E12FC61535FB3EE86BB938087EB1585C32FA98F64D41218FCF2B02474C5F5682403E7165508B62707058C08A5B6A5A89B446E916301578E8CAE056DDF85E6941F2779E23D9737A4BCE6D3DAD67E36F354C0B9ECFADB815A06F748458015A980E5A9680AE835068485C2D3607D5EC28A4941E2322C6FA8454C1631A3ADFC568DA10BCD91E742110044D8208DBC1F8E6F9DCBB77EF96C587A06C449368C9D37D41F1322E7A6C17B605DF9BFF665BF37AFC3D3C3A8A80DF9FDF5150E695F39E520E4E1201EC2AC927501614B7464A44A754D09216BCB89DD8CEB9AC6A7F6653DA6D686D6E99138498939B4E0BA07574368E1CF6F50CE0F51D7BD1B97009EADADA104EDB30301A4759C0856A770EA19E1E1C387C0C77AC5A847B5676C2AF39A934C9146D4B65B6896FD3F8D7F202EA373ABC4BE7ABF6356B9E2A846B92910930E15814F0B870E4CC59D85C41D81D5EC4D3312C6FA84583D72305D89979C6A995A7D5E61D1BB3BFA25ECF82563E16A5D8A6827B225AA977098AA1402D65A3BE6667A5158B26B21AFBF46B9BE415CB5E43070A8DBB82C75A038BE6DFA6D49675A459AD662B7D6CF2A3F1EA441582936263A85D8B8A15AAF6A7B67571A289E1482BFE7781C5A29E4D3D89298166A88926586A7DA7628686F51D8C0EF7557FD33ADBE24766760303B39A66A7FE2661499179CDD3FE747052125644E94EB348549694BA855662A8AF2DF1A0AF3F9674D9766E96D9F8FB2E8FE0D9B70F211D0E6345472B1AAACA301409E1F0F94B4866ED7874DB16AC5A50854A5A63DCA6D1B7A1DD1B05F8503AB62AFF98AC8ED9E3D64E7EA2DCFC476A8F9465521752DA074743F0799CF0BABC48D91C08D1F798032ADD2E78753030A333BF1D020EE358CBB36C564C08D0CCB63300CD67165F8CD2C5E038535AC58632A6E7B9D6432E48DA2AE94C6B5284D58F6CC0D864B61583B63573511B3C5701E654469211BCB766123ADD2CBCA65827A2E1CCEA409A8A6778CA85F7548B8E750EA9F753017911FB976CCADC55B535ADEC112BE759B5A72E68A0CF357F2B5E8484724DA688A472676073399114ED6A05CE5CE809C2C40E03D0F4AFCB02648A10E8B4FD34CB786919024D2C4463FD6D964998CD982241577B178CF595B7C2446B97B0AA8A71B2A113B0239400BACE9EC7C9AED3E8B97259AA2CAF5CBE1C8B3BDA51ED77C9769A5B4F99E496555D69C35A54E33445C00C9499DC2E4E6592DC8CC7D2F2A1C00D2538E90FE4B69F91EF9EBE01343537C90438D77D4602475C0CBD013F3C6E376AAA6BB17BDF5ED435B6C0E7F3E0E4A12358BA78919ABC4E17FA07FAE1F77A313C3C88C6C66655C1847AC45EAF6C6FDF7EFB6D2C5CB808FDFD7DD8B279D335B454A6A7977D3D9A1D9FCF6CCB8D5B428185627B90DE4BAA9D4AEB36F757143BEA6A18CB5A29136B70175A9AA2DE495C841C707E9FA18EBFCE7815EB5A59D4A974A25086EAAAD25926843AF5325185F16F438AB532A95331260B52092771FED10DA2DE4901AF759130BF5B2D6123AE2F82FFDA0E52D633DB4A99AA229E2F9C7153F0609A33C2C2201AB396DF0005A8B5B57596CD82F1DF754E6E2A1D98CDE564001B3D023D30294C62E43AF3ABA46C33F41645066A0E895416703A45CD8A65A4FA07C2F0795CA82CF320160EA3A22CA8565303CE45EF2F2BBF68411BAEA6E2AD5AF9A9C6BA99E630B92D4E2358515D8D00BD72E54A09EA305B3091525B7F6A30545554E04C7737828100EAEAEB100A8D60DDFAF5F8F14F7E82A6E6660135AFD381458B16E1FCF9F302F2F473D2A748BF23A9580CE41030C81AE071AC01C9EFE96678F081FBB5F55AD4E4D2B966EB3EF9DDD144006DE5311B3052C8A2C02B473AA11EAF640D29E0E1A856415291FC92A41B6EB9191151A2F2622DEA19C9BFD96894D3DD2355B10D80A9925AE28BB6589563CD1C3557A6F3518B4C4EF4A08D8B4359ADFA6AAAA694EC3B8DBBC1A1CB5259136B8CF688FA9B7290109C792CC5FD0BEE9182B09411F857BB863983A6719BADB9B9794E1E684E6ECA16C8643239ABC68075CB62B673E6FB9E2B57F0E22BAFA0A2AC0CF1484454B132361BDA162DC5C58B3D58BD6205CE749D473C368A4C2E29B5FFDA5B9A8562D3D0D020560B79991DED1D58B3664DBE030C185B7BC49A245002E889A738DB8B20CD1F822AFFCFD99C92640C06CFED0887C21230221F58C0C9A6180E831455F7780468488BE2F70CFC281781B2A494356AB6C56AA27B3C4CD048C871FC290BFAE5FF525A694C670A7C1648D413BF8E1C3111405B2D46055EDCE129D68940A3B085B4529F521BD1DB7AE546936D3FC56574719F6C5AFB7905A095252D5559E22939864A7E2CF3407093CA1F3AE185D6AB49D898E4AB5DF330EB6E40F1A009D01EBDE0286A2A8FA18F9D3B1917E985192AF131614505FD4C45146355B3128B9CE320F758F5AF2AA2ACDC0AEA7CD63D54FD58289B3567B074CDF6B9ED1255B2D96CCEBAE25AC1B2D8D5101A19C1EEF7F68A255655518E68741476971BE11865096D68A869C0C8D0103C4E2742E121F8021EC4E329C4E3313435354B94971161D2775A5A9AC50250EA5AAA3F8CA80D9F47C8E9B4CC8BB776373A036EE1F3D9565266485B7467CF9FC3A9D367D0D9D121B426A96471F122CACBD97751E1D7D23A1B1E1E862F1090083B3259B4B43609558BEDCFE40346D1693D1B09483621695A0B172E44592098DFE617025233D3C813A57A938530369B2F0EAFC785443203A7CBA70AA6DAB3482513F2ECCCA2235F3A91544C021733013349E55D77B8E538BA32320445974778D507F6EFC5C60D6B1550BABCA259CE76318B20173063B9CECC5BABAB18E0A4B83EF9C0A29DAE65387B7B7B641E55945560F7BBEFA1BDBD03274F9E143A5C77F7696CD8B05ED1E516B44A75133231B8E33971E224962F57BCF1CECE7659782F5C382FB4C15DBB76A3B373A1D008D55C5465B2CCFC9BC977BB916BDD766A76F1783C47A1734E4033D8CD04E7CACA41410A11B7B81CC82C0914898C8A2E6EC0E717EA4F2A93119173AEDE24D247474611F47BC59289B3569BD674B52E046AD576211E8BC1E355DAB512C165643A430A945B683826DBC8D0816EA4736FF573AD0C02023045DA7BFB06A4F61BAB55545656A0A7E74A7ED2912BCC063FDDD585728AB94B2DBB8CF43739BF46EF977D50162C436824247F633FB23F9889E7F3283A9AF5DE06606EB4BDAF07D05C545E7FFD755990489D2358334BB0A1A10EFD0303F0CA73D9E0F705F1DEDE77B17DFB1DE227AFAF6FC0C18387D0D8D884D5AB566160B81F17E90E4AA4104DA74D223C5AEB1A11898EA0A7FF0ADA17758ABBCE96C961381C436B6B1B366CDC209548C4125514F119FF88054DFA9C4EF52660F267F7EE77247184F533CF9C3D8FBFF88BBFC457BEF2153CF1C4A7F1C61B6FA0AAAA52161082337F3EF4A10F491288DF1FC4BE7D0704D0B76FDF86EF7DEFBBB8E79EBB9148B0F6A04DE6F8430FFEB60897A92AE7CA05329F3EB79D16C79E3D7B721CDCFCE18020F791939B9DC5C9C86C2002F6F1E3C7C54D31141A853F18808B05331331D873369407CB1149A670A9B707EBD6AF45CF8573B09115104BC05B5989DE814149063039F7EC748287E1A4F21E4C19E5BFAB2ACBC56A33890104E975EBD60968943E536B016E750787423261159898EDAB11145255D155D61D79A6D448A028BD5332CF84BBAAC1D7E854D08560262DBF376C02657529949AA9497D3D80E66EECB5D75EC3B973E7F0D8638F4932098FA755B076F50A1C3F76146565953429D03F38846D776C44321E971D44782482B5EB37CA986271E0EF7DE3DF50E1F763F3DDF7E17CCF15545456A2A3B61E878F1EC6A1E38751D3DC88B52B96E39D377760D3D6BB10892670F7DD774B1156A5CB9CD562DA53EB9FF18E366D672C680609DD1EB7042B0998BC5F6F5F0F5E7FED35D4D536E0C5975EC1073FF8980072636383EC6C5E7DF5157CE4231FC1AE5D3BB178F1223174984CF3E94F7F065FFFFABFE20B9FFF027EF6F39F221209E3DE7BEF9573588FF1A31FF9A88C118F9795C0E9C251CC91F9F4B9ED2CE89E9E9E9CD93AD152E2F69716B5A998C081C24C21A347108DA5A4F8E3A9AE53E8EC68432A9194EF2F5FE945DA0ED4D4D5A0BFA7077E97138E9C1DE5B5B5088723963A832E21D013148C856E7C6504E8587454267A5D5D9D2C1A9C880477FA4A4B9FF15BA0D87A35A233745370511DF329B6F46ED8401A4F20FE862F2A8F7C3D80E6F8E4D8A021C15A797CCFFEFE5E6CDFBE056FEED8857BEF7D5052B083412FAA2B2B25F3EDB5D77760FD868D387EE228CA026558B16C19B2B9242E5CBC8C8EF68578FED7CF8B1B88EE38BA49687D9605BD58B4B85DB2E6962E5D069B8D3EDF9C365C6459523AE63368415BE96EC68256D2A08A4142CD8DC868044D8DCD387AEC047CBE80BC3F9353589771DBB66DF2EE8CF3D0F0613599E5CB9763EFDE7DD8BEFD6EECD9F3AED4FDF3FBBDD2C674551D3B7602AD2D0BC4CD41D125137B986F73EEB6B3A0E98336568F95EB79ADD59D0BAAE67168A60509E7460C514596878606A4A8A5EA65F5231C55AD7025BF0BE3CE90ECB5E2981149D3D698894E97828445183B8EA56AF51512BCB8008A85E86040ACE853C8859881F93737006DC66C315F379B4BC161770A88CA771C680C7E81FE68FE5DE92BA7526429F14317052D45E5B661728B8C70D9DAF31AD4C3E035150B229B637579ED234EA7E070AA0A2DB3EDE22013CA58D0EA1D9CE22BB73BD4F3A8D891A206F2C37737711C9EA7DA8BCF6AE6A3D2F93065C1184064069F0486B56A9EA12CCEC02099B14BDC76004D1687616E58077BB155966F6185C18A3B4A7FB15441D1B2ED9A231A1A1A42B0BA52A2DE6EA86DB021F45F8515DC424BD45D0D2C157D9FD9ADF28C8D8E797E21B61B771DA4C2319DF737B3B0CD1D409B05DC8C2DA1BC5122955CE62C990B36D81D1ECDDD4F29253F025D3A07267F300027D662868C17BB04116D043C06FEC41221ACD3BE5032B8B94C1A99ACAA6B58603B196B73064D68C348D13E68F2D909D005394FBE9F9647D525BB38344D1660F1FC29C47E0A006EB4A54DB2982AFD652459D5CEA0E4E2284CF899D9134E03408C056DF4704D47AB95B50094790B4D6BC7D25FA906AF02540A24D958E2C60684868711ACAE120EAA64A1E5015DBDA6F1635A7D95565A9DA14F19FAD235178B69BCEFCD7E4A715B58B7C38CEC337E409753E133D93ADC2A576BEA599C1327A158A16B2A037DA2925786074DFF79815AA68059123248BB13BFAD7A35A6AD1B2B40525004F4B406844E9EA0F52829E2F682E03F991D595AAB9205ABB2F08CBBC1CC9BD9603B58697605C693D6B0A6352CC944643C311B92E90863D3D90D4D562D26CA82569F9C58CFF4A19B1883EA774A857297A10AC9CE247D70A6E6DD6DE783CE652553456D7FF43ECD58B385D5D5E4F0EB80886C0185D36F499537D33087D070585801EA30B19F75869245FCDB22C66D3ACF90E9C75B18662AF034530365AEAF63056A4E6482B3D135B68ADE98B69F38E1609A006D1185BF5649F6D90068C5D31E2BB8AF76601C9474EB180343D7E7935470651C081849762BC579A85DAE133EB4268C30180400559A8B23ABDC78521984AE847C3D3DF56604FEC2F8B42E413796A8429AA04954D10EC2425ABAE06C0E991CDD14CEFC0E557B2CD53A3446D7465F41EB71281F7321CDDD003471803E6B1A683A876CAE87FA98FBDF7E99841433303D61014DE95C439FD256837431AB36A8DC581D1F29582534956960338041E16F46F955985F4D24E3BEA0F5ADC697552BA1906966A5E31506DABC1A2733F730F9B4D76BE4BF16FDD9B499D572A65B83006D7CCE63B7B8B36C414F027D2771C8B8ED39998A2A66B765C6936A17055E94795256A34A52C921A3CA3C49511905C0D4B848534AD161432E95868B56357248D1CD415706F358983D287F57413A9B58263AFB957E5FF14DAB4A35922AAD330E8DB53ADDC1422F8BF0A02DA9DE920128D6BC7E473EB79A903AC1A46029F3CF2C6460AC64717971E7CB854D176F30CFACE699D12FB10609D53BCD97CF6DE78316F379863E526BD2064422A46DB9E066258CD2E7DA2D906F79369C1548B53E045D46B277558BA1523319EB76A24BC3B06F6EB5A62E0668BB852A41B049A6B84D7731B7262FB9497EBED39E412C1A81C35B21B97F4E5B0EE94C0236875B454B98FD484684D3298143B18CED76C44746A52289A474D3882080937A483D0F131FA1FEA2839A4C698447A3089655AA406C26A9AC735668A1246F3A2569F3D1684C2870D27BCC40141D109780241756B29332E9B404F4443E34AF1B42CDA1020F5A02EADA5DE8B2DB100D87652790B2B9E115594F96BBA2BB46D1F194CC28EFABABB6EB5D96CBE7021C2E05B9E984B882E87BF7B8A82D429F3C634619793637150D450B4495D562B6217315C2236104CACA9578932EFB457AA694CBD2B2872C48CC1D9DCA368DE977663F29CB3C166556AB4716518753EDCC53499D85CA47D6B2A3BC9FC7AD323F73593B1A9A4A6A76539EE7569C61CFC7A231A97B26DCDA295FED363B41EB54707FA1045895DAB244E5B5DC17653F8D7CA3B896F4CE83343302152DE75BD105743D8026BDEEED777663C58A9538D5D52D1982034303A80878515F5B8563478FA275E15201C8A6867AF45CEE414D5D0356AE58894B674EE2E5575EC392E52BE172BA101A1DC1AAD5ABF0AD7FFD061E7FFC719C397F4E32EF860706859E76AAFBB4D03E63D1A858B49B376D403A95C4B7BEFD5D6CDA7287F8FD2B834A73D94E7AA9CB8763470E61F3C6F5D8F1E65BD8B0618308E6D73736E0E2C54BD8B8699324CA9012C73EA46E32136F1E79E491BC521DC7012BAAA4B33A514554E2B292FD78F8C001ECDDB34784AE4E9DBF2245989B9B1AD0DF77195BB66C121D96B7DFDE8D75EB3788F8BDD7ED4530A04A7AFDF6FB1F45E7A245D8B57327BC6EB54011CCB9A03011C9E3F5A1B9B909478F1D950499C6FA3A49E7A71B25102893E49EA79EFA2E2AABAAC5B2975259C90442A161D4D5D548D92C2E0C274F7563E99265088F8684CEC70F99334CBFBFE79E3BF1D24B2FA0B2A21CE1D138FC7E1F46A321B8DC4E78DC7EF4F78510F0073030D88340C00D87CD858AF26A74779FC5673FFF87730229737253BD2D9C310BDA000789F1FC50F7A1F499A005B469467026198A0381FB0EA98ACC4DAB5433D172117A8742EB82139B0B20AD2E6B80F7566AEFEB0134C7D8F77FF04301E0FA8626F111B36453477B23DE78E555545556E3ECE51E7CFEF39FC38F7FF4235457D74BE511AFD78DA0C786175E7A159F79F20FF1F39FFF1C651541A9D6F1C273CF0B50BFF6E61B2204D5DEBA005DA7BAB071EB66D1E4D8B56B175A16B4A1BAB25C00EFC5975FC5DA751BB06FDF7EF85C0E7CEEF39FC50F9F7E1A2323310C0CF4E2CFFEFDFF82FFF1DFBF22554C08E297AFF448F625DD3265E595924E4F90FEB33FFD7778EFBD7D52D18402464A1F5D5B910CE67954651827EB2BBA5DF8E2DFFD1D36AE5F8791915191F4F50503E83A711C765B56126812C9244E9EECD252AC4E49F53F71F4885461F9DC9FFC094E9C3C2119BF6FBEF196EC3456AF5C8581C1413435354AAA78341197946FB6FF5FFDE5FF8AA79E7A4A1628064FC92767F516BA5F962D5B86969616ECD8F186BCD3FBDFFF28BEF3ED6FC1E70F606868045FF8FC1FE3FFFBF297F0977FF91F447C6BC78E5D686A6CC182B6569C39D385CB972EE283BFF361BCF2EA2BA8A808E091471EC0CF7FF13C76EDDC8F8F7CF8C348A6423879EA30DA5A16C2EF2BC7EEDDEFE2FFFABFFFEB9C60E59CDC74A601DA808311ED61E249E9739D16307139318F559A31E19996B3783C68383BD22AC49A7588921A7D9FA391519556AFAB7EDC8AD633DFFD7A00CDECB7E77EF53C366FDE827DFB0F8A25D7D8548F851DEDD8F3F6DBF0FAFCA8AEAFC75B6FBD85BBEFBC13EFBDB71FCB96AFC2C68DEB70E5F259EC7CEB6DDC73DF03D8F1C69B486612D8B071235E7DF165A9F377B9B74780A8BEA64EACDB3777BD85B6050BF4CED0857BEEBE53DC772FBEF42A52D91C823A03F6F0A183B2F5B7DBB973CCC0E7A5BE471A65E5653877FEBC58D2741D50A69596F9C18307A52622B36A59624B0AD652BC4903348BAB2A2D0E8FACD85C8809D2278F1FC34BBF7E019B366F8637502E5209870E1EC0DA35AB6447313A1AC1F7BEFF432C5ABC18838303282F0B8AF55F5D538DA1E1307EE7773E801D6FBE89E150041EB2409271F8CBAB505F57CB8A547877DF21AC59BB1A5D278F23128BA3BAAA5A2C632E2ED4ED78EEB9E7A4F02B0BBA0E8786C5FAE73B313371786808E5E51548A632F8E0071EC30B2F3E8F586C145555D5C2AEA19EC9C30F3F844307F7898BE3D5D77662DDBA953877BE0BC323615455D6A1EBD4197CE0031FC0FEFDEF6161E702749D3E8986FA5644C329FCEE131F9F13AC9C939B4E07A0AF0E651519E014ECC9649088271028A5674FB83E290F079DA869641964A54F8E143085CAF24371733B5CAC3586F0282B4C3BAFDA9DDC8A207D7590506B8A6B8682B01774208CEE0071FF087D4C9587CAB18A8AE281EAC40D2DAB9B61A56BA7F85E1974133A1EAB50D33FAD772CC2AD56FE24E42866AE2B9A503D3D9B4E28C53EFA53A90297A6FF55C55F541C86FACDDC0F3119C6A114F674E28895BB6D744DF43C143FB4A288E87C000B400BCF44F267C4412BEA83F40B4B554FEA5353579DC1CD2445EEE9D7A56F5E73A599684329D23455F998E0A2FCC5B0BB60A7EE06B2C8D89CC268E1C292B3A9D811255AA98B2D7AD3129854D43B1A070468691EBAE4A4A28D0AC44A4101117612EB028CB28ACF5EFEC00A100EADA3AD5E958B1905ABC40FCDE335FF5A3299993C2322552C64CEF774A1BAA6724EB0724E6E3A5D8096CECB434FDE0C54161F2B1167B322E4122C2B9F10A06EE703C48521342ECEC84C5E839800AD1B53748A6959E7B20E8486E8AFF489B0BE9523AE26D39C0DA159EBC2F1591CAABA8BE2F82AD6906272C85F659B4FAA5D3A9392125E90121F8A6AA734CEE9E127079AE7520C48D14BA56AB616F6E20B19117C8228D3AD850D22CC103B1CC24ACA2AB0CBD92489045926BBA860633623C59EE4B8ACDC5FF58F95816380DAFA7F1E27E1482B40A7291CE651EB8C7CABAA95E40374129CB30980D2BAE663C9DA4E0AA1EE19A11EB2B6249F81C136CD0BE0EF0C3C72312128139C856228EB98A6C7E6E55A4DB92A9D74A60B1D9898884A72A3F56F28BB7C16260A91EDC25A8DEA9954C524F683AAA044D714415B71D7550B98ED2383824A2295EDCFF74FA3A1FE36D3839E2A8BA3D0E9665E2A80B60E3EA6D9D2475812389A18BB18A957255849ED52AE0D87D0BA34C79C4511721944C3A328F304E0F2B826BEE82D72C4447AD0C5A02740C8E168279011A85D52F35200C9460B50201C5966030A7C1198146019C672F1422756A855905F2C55A5392D241BB13655F963A2230B57703185A49CF33994E094953A5AC842BCBAA3242EACCB42898B4303B400B758F766BCE86031AD53EA511348B5C0BEE4F6DA68B9EBFBE6F8BD0256B1E865C1521635192532D6F40E249DCD69612D2E407A5111CBAB109C5656BC7A1E43DB53EFA4D2E7A59559A185D16D1B8B24287F1DD73F8783FE74FAD919304C0BB30539EE3858F99240AE74B6D547A5E0DB6DECC714B2B6249A1B16CC89253227379D510B5AAC0B954ACA41158DC524123E672F76938014278BF06C59A5DA6EC3F0680C57FA876173BBD052578D80C38EE8E808821E0FBC2EB7A6ADDE1EADAA6A12D688BFB73883923B086E83CDF63A2F5320B5EE4C96206963AA4C9BE1F533B3D0E9F220C7B46E52D34CCD151EE4A4F56B0164A100B34CB8768DE8926C52FC8A092EB452ED04E302408B059D75083813A455C95D65A15BF9C8D71A9E06A005E832D4CBC88A0F5AAC67E976DECB80ADA9EFA976AE5C2084362817574B908639A5EF2C9E1A72A11D12407439B8AB50EDE3B0A96C44717B20ADD2E38DC68EA61BE62D6F29CAA0761E62C98B6EBBBABF7227F1FA4A0082FB3F6967592CE80A5196B9DDCE3691D12FCF2469F902CCAAF28D4ADF573C7695BCAC2CEB052D6D7332F8E7E4A6330AD07A2810A409D031D26D7C7EB8945BAFF419A70538EE24AD96969E1D38131EC5BE23DD58BD7211A299348E9F3883D59D6D58565D0637072F01229FAE5BB8603178DD2A8D3D7ED158F5767C678233815A40486B898B8D99A355EB80C3468B2C2D6E089BCD2DBE7E9B3D23B6B57828740D435A9F1CA3D4952140B3AA8CF88CE99F753868900B508BB782C0237EDB0C720E1758F1CDE570219B4928707238914A2BF0918C18FAA98D3898F68517343526B6A0C94D26DD2D2B40A77CEBA4C54B824D26839C9D2E0055C28A2E0AB18C25F74C2D0CEA1C5564961C69FAD0794DFAEF6D5C40C4ED40B70D9F953C6D0E338A403991A6C56DD1FA1050D6D995A6E0ABE87FF0DE92569F91DAA3BC3FC1D56E638C80199F4A2655F9A0EDB0F32064944F5C78D1AABA0F5DF0AADA0B331909C9A142850000200049444154CEFC9DE9ECAAD28BDDEE425D4DF59CC0C99CDC7466019A2BA18AC928804E21E0F7EA62B1B70A64CCEC7B28FB2D83141C88A432F8F1ABBBB069D9323CFFA35FA2B6BE06EB1FDC8E0B4323F8E0F245E2A726A343C95215EAFADD8ABE67D3CAD70368AB7B83C92906A8A548AC9D16A7038E6C42F9332558C81F15B8E392C8B58E9C6202BD8032B1D7CED2600EA93E235B7AAE8976BBB89CE289049C1E5A9792442E1ED804CF73B2F24A162EFABE6D3649D22AAFA846361517FB312BD6A4760F188B96A0A915E6640E16CD7E31DC75156FEA41F3BEB253A0AE88C9194C517304C83A3D70BA18A84CC24546865EB0685073B120A01258F9CCC2D37633BBD726D573025E9FFC9FC7113F95FA9D4B15DA88C7E57D9C7A01E0EFD48916DB5C74C3154FDBC9DD8D58E1D4F748C1C3D5438C08E50F97EC4D2DA8984E33F147050519C8E502C68416B560296D6DB52B327E721DA03401E05C0E0D75F57382957372D399036895F0C68ECF4847E5904C67E0F1B8E0D2F5E16616DA6E9DAB7170C6EC76BC75F8141A6B6BF1FD7FFB16CE1D3D2C0070D7873E084775359EBCF72E3808062447EB74E25B1998C7076845025739961039556A34B37C1ADD98FC3735CB83C132A4B236D43534E0D2D9D3221C75EEC245D4D4D48189ADD1C8285A3B97A2B9B1016FBEFE2A5C2E37528914162F5E8CEEF367515E560EA7CD2EBCE0DEFE3E2C5CB408894854E87177DE7337CE9CEE428E40E476A16760502C585624A92E57D982C78E9D146EF4F0403F6AAA2A70FADC05B4B57708AF58B921540AB9AA34AEDE650C406BBF84D898AC5C9E5182FD648250908CD0D77BF932DE7CED55D4D535A2EBFC15ACDBB801AD2D8D181E1AC0C285EDB878F1220E1D3A8255AB56A3AFAF1FF5B5F542B33B74F810B66EDF8A8ECE4E7CF5AB5FC5EF7DFA09FCF8E91F62F9B26558B97A0DBEFB9DEF883BEDD34F3C891FFCE007B8FFBE7BE171FB70ECD8512988F0DB0F3F24943AA9633914423C114763531322D1B8F0D149E7DBB4612D0E1F3A2C5996E43C8F8479BC0B172F5E407535935E32686D6DC6E9D327D1D9B100070E1E445BDB4284C32AFB78E9D245280BFAF0EC73CF2118AC909D00E9825DDD27D1D2DA88F5AB37CC0956CEC94D6F04A0CD2452D15815614E833E373B86469338DD7511F575756869AE21414C62B7F98F25D278356D6FAAE03B892BE40FB9FEB156C2E06FA443B4746BC40EFCFA9D77B16EE962FCF72F7E19A1DEF3C8A6D2D8FA810FA0BCA9150FAD5803172D24B7D22CA60563CA51CD16508F6929FD0F15772FC82FA9CDB1716119368F625388DB61AA5D59747CC182A6E6B109B429EB953C682679B0165F64744400F6E48953F8E33FFE77F8C92F7E8605ED6DB0A75370B97D786BE7DBF8F4673E891D6FBC86782C0197AF12EBD7ADC6B3BFFC299E78E249BCB36BB70030E5716B6AAA7168DF013CF9FB9FC157FFE9EBD8BC79338E1D3E82254B97A0BAB6163EAF0BBBDE7A539EA7B9B51D274E9DC6A31F783F7A2F5D402CC63263FD180947B165E37A5C3877162DED1DC209BEF3CE3B752AB47253A87ED301F6620B5AFBCCC9893682FD4A3BC32625C6BEFCA57FC0DA552B118B25309A0228471A0A0D0A40DF7DF79D62099F3A754A8CA6707814D595353266CE9F3F8B27FEE0499C3DD32D9995914412995412B1C828DA3B1763EF7BEF62CDEAE5D8B7EF90F404332617762EC68B2FBE889ADA2A01E9B5EBD6E1DD3D7BF0DB0F3F824B972FA173E1423CFBECF3921CB361DD3AF8BD4EF4F6F661F3963BF04FFFF44F527B349188CA0E60C386CD38B0FF203A1776A2A9A91E2FBCF82B545757A1B36329FA7A87A43EE2F2154BB06471BB24FC6CDD42BEB91F6FEF7E07F7FFD63DD8FDDE4EFCF55FFCA71B1D56D31A957372D3E902B4A18789B39F032797452C1DC6CEA32F23928D23166BC6F2855B313438820B0397F1D09675A83369DFA43AC9DBDAF30A618C2B5B455B26DF828A3E247C4B0307726D2381690A06E8F03E7D929A663546605DF3392D67E5C1E5463B667C412815E4A17F2D9ECC20964AA23F16C389A108E27D97F0C64F7E2C09120F7DEA93B83C9AC027EFDA0CAF16CE61E5666EE7CD8FF2DFD924AB50B6B2F499E6A3E0C2FAD28241059A97720F149408557B6BB0D0C1258917692AB64875DA7318CDE5D04B6BD2668797556F023EF8A9BF20E099111FAFF87785D9A0740C95D16F7221F346A3BAE5351AD72C94B4F86AAA6A15EFD602D07C5666E17DF39BDF1460A6FF9255776835FEDEEF3D81975E7D09A94C1CE1FE105A5ADA71FACC197CEC138FE39BFFF60DB436B7C1E1F3E3D3BFF7297CE98BFF2F3EF9894F61F73BEF88CF9560DFD6DE8E81FE7EC99CEBEEEE968412BA06987475CF3DF7602414C28F9F7E1ACB962FC75028242E8D2D5BB648E5929ECB17E5B9982A3D3ACAA48B4AD4D5378ABB80C798BE9ACCF8E6B1EC63822DFB5635974D5C032FBDF4120E1F38288B86C75F2EC1F89D3B77481209B31199FCC2EC3FB60DC703B34D2F5DBA24D76B6D5B807BEFBE479AFE0F3EFF39FCF57FFC2B444646B074D9327CF77BDFC3A38FBC0FEFEC7A07E72F5CC0E7BFF07919A3070EECC7430F3D846F7CE31BE286606AF77DF7DD8763C78EE3FCF90BD23F43C321DC75E75DD8BA7913BEF3D453F0F97DC216A121416DF2AE93A7B0FD8EEDD8F9D65B92F2CED4F7A6A606C9886D6E69C56BAFBE818E8E765914D6AE5D85BFFBBBBF9724248FD72FBB1216FA65BB7EFC631FBBD1293999E6BFEA9839B9E974005A7C7312FD96B085F8B608D2D1D408761CDD016F59392E9D49E3C0BBC7D058D780471EFF1D2987B56AC90204297C8EB400BAE2699262A37C20B275D5422B93B7BDF45221D11BE34B31969C21C6EBA6956B6B27B946060928EB4FFED7221EE1441D339ED6D4B5685426C3D2048908921E8F4F7C87A4CEBE76E2AC90F15D4C55B1D9108A8E62C9A23674FA1DE207559CDD02B0E6A3EAE2562A80F6D820D4D8C58FD7E00F83317C4E092EE5036CAA7D54FFB23B245543ACE650268D43E72F211C51BE4B3A2133F128B6AD5B0997247964642C70AF94E679A2F266BCE5966798C436E56A80B6B238D4B7043D82222B5933EACFB6255F982E587A999D1E0790E0FB386495B239A83741A17B0740360CFD9FB934EC22526F2AFB28B6014185D727B03145DBEC5A441F453B59588897AE0D321608EECA07CEFB6565AB9E88C7E5FF0CCA997E2A2E88311E5258591C4A0F5A01B48C436D594BDC22A58A34F3FA8A134E1126F51CFC3F7704BC1F1717BA2454956E3B92BC9E8B6249DCFB6A3E398386F495EB925AD4C2E67D6D741EEB0732E7A758AB92E98612E0E6351DFA59DC32AEB8489FEEEE465D7D1DCA2BA9D39154E34CF3CC25C8E966020A45985C923929CFA20B543381C8B8B154B0910607F542B88374A3AEB61424BCFE0A93B78832C889F342D88A48E61278EFCC2954D6B7E07FFFD3BF40B9D3875434850F7EF46368DFB00AF50DB568F07BE1455A9F4562A69EC27AF4092F92B4254B106CC2E5EEAA096FEC7B0DD0722DAD722196760191B5FD2D7F90D09B39554569CCDA31EE231810B4F25BA52D8A1246389138D9CD80E464535ABB9A5624EB06694D69C46D6E5C8CC4D113CDC9E46EF4E6D0E0F5C08BA48E5869F9D6719EC854D328B6D218B85125910AFAC0FC9DCFC3C2A0FC51595E4AE7D8EBF20AB839E84A61143E0BC4EDC0B1A1280606FB70FCBD3D38BDF72836DFB10D6BB66D416FDF156C5BBD0C545D71EA523BE2E2C8C731954B22BF439A36405BB4C4F3AC0D054CB4A00D6048065D2E8D74360577CE09BB830C08D2769392A1C977226E93D160A3FA9BDD296D61AD686FC0CEE84D9BBE962216024A4A92543149C8DA6082078D0DD58E02E4B240B1D155969DB9BE59BCC72D4566495431597B7980163606F727A4C9A97BC8C2A2CB781194791FD5972ABB4F1B60790097B1690AC1EACC485E836352005902805C60359F9989405AF3DD94D39220AC56DCE3BB2B9E3615EB28F26F87D3CE40655AB34014C346F4C965EDD27C736DF548BB3AD8274AB255D5265542F3D28652B498224B5C7CD4F2DF505F3B91CD3421644CE78039B9A9EE40EB9499F8D9E568F61A1B9F047335F792D924DE3BD383405D3DFECB9FFF39CA1D5924E2293CFCF1DF45C78A25686EA8439D00740E4E992063132E1425C86CAC277E8C31478CB17A3940550D360DBB169707E78F9640D5CF4D03C1A8C8E541DAE0895A7DC6FD58AD57E3521046801691E78ACFC015BFA34E81F1195B270D7F5756989ACCD9AC1D71669F51F3970334954619AD1F46FC09E8126D570F6426A25910AC0B85D5AD329E8FDA4CEEF1B494C5CA4F53AE328D6C9A8B0890F538F1F2D12E5478ECF8FE57FE273289A404AFFEE6FFFC2FD87FEE321EBC6B0B7C39C88F22AD524CD904BF1443623A2E2C95A8421787E2D95ADF85EF60CDA63496AF80948D20CA841F8704A568E1C22EA6B58CBB442A2D954820C244DC45281095ACC13429612A53CF808B59784DBBF13B55BF90343E45F733206EAC64B560286A9CC94AB482E6B546B8B5EF941B4CEB41CBC0D149297C76F3119A9C1A0FA60DCCBDCD731B0B3B7F0ED3BEB3597874B6619202FD4EA714A74B723C7ADDAAA4962C0605FEB6E2265BCB7DA945DFD43E14B74C8AE04C09D30CECCE42BB1880E6F815F6B34513DE5C77BC36298C6B6564343696581CD74547B5F52DF2030887348D43178730104B61F87C17F6EDD98DDA86063CF0F8E352E57B755B2B1CD9149C3A5B4E883F1CDC6E8744C41570A974CFC907BE14514D9DCC812317B1383A8D7BC3E8C4695FB509A06B2BD9B83AC451622EA7A3EB0542DBD866B15AD057BB2E7232818DEFD04C946270E6AD76EDD983AA8A6AF45DBEA2DEDF4985780546B148026E5740FCD1A95C0A8D2DCDE8686ABC6EFF148358F1BDAD6053DCCEB2E8E483573464547FA46DC0CFF61C420009FCE01FFF116E9B0DD1440AFFDBDFFE0D4EF60DE1AE2DEB5166033C4AC75E7D7463AA8C3EF50755BD72F21F05D0351AA0AD554BD40EC080B4B11E0B57562E385B96AE169D512719DF6A0155855699B8A1161303BCD6B6B23EA5D505226F429A99708F0B00648E3760A3AC686B49A9B1E9DE13B5820155AB0F9A7440E5C648CAE9628D4BA287EA36734EF118300B8EF93BF7BEE47723A553D895FA7F5EA08B74435E93B3255F264CBFB775E132BF5BC794B83274A92503C4D226B225D53521F5626BDAD5EC2ACCF35B1748F337D5D6392C58D03A95213451334FFAFB39B9A9068C495BD0EA40957B25EE00F54F318E32B624225917F69EBA8C8B97BAB17EDD1AF40F0CE3CCE50B7864EB26D4B93CF954551165C9D173CD12F22924A26119101E8F1FC1A052C09B1C48AB945E659D51EDCDD2DED635C446809692A1F2B8F2EC96EF69454B184B6B20F0723C837FE3D2315EE77070519398BE3E8231FD951C58E6C758D8C593C5FA6F3EFD89336711F405D07FA9579E2F118F209B8DA3B1B119E1D118FAFB87457B2369CBA2AD7301DA1B9BC63262261862568B4CF7F75596A8B9843C9B3427B3151863A0980EA4BAC881FE618C0CF6E3C8AE5DD8F5DA0EDCFD5B0FE0FEF73F8A935D5DB86FCB3A7872004359C657AA5C1C6C64F6B26A7B132A9CEC609FA826A1F5D5C74E6E1588E618930413016165CD8A954780D08B85691FAB0FD75CD70AB0D69D8A017403C2D6F633006D2C5A734F034213218275DC582D68732F71970880AA019CCD2901FC6C56BB59F40DAC606D5C2CC6A8C85BB0922EA8DD79DAE5213107A6C4B3AD2CF3C9BC734118C92407A905CEDC832E2095BDC902BC8542B7BC9658CFFCDEFA778B4689757133ED647628CAFD61673078B2C367A2A69ED2F77372D3E900B414B0673690D9B46A0767D69105EB26F3673099C2A1A35D68AAA9C3D2D61A38981490073A5A87869A279B2899D422B294CE6064949522940F8D16A8298469180A56C09141A3AB8A4B8C5B99F73A214195A39707D5B141E690F1F9783F67460A22691116193D7AC151A3322D13BBF0DCC6BF476B99A0CC7F139429F959EC5EA0CFD950E1F89D494996EBA6D3720EFF260B1107337D76CC624B3BE5DF0E970AD2487A70862D1E874D02420EA493B4AA75545F6F9FCD04B182007F2F667498496D1DFC0640A45DE58D95BC6986D7CEA9C40CEE30065269BC73EC341A9AEA11F0783092C8E1D0E123F8E47D9BE1D1344AA9F7A2036ED2AB04429D4D9735014EDDD456ABF45A8BB1D0EC6AAA45545F89F0684B4F07B724FA910F9C713BAE5D2C747F3025CE4ED683F2CDAA8AD5327A6507480BDA543631F7BFDE56BBD8F5506C3D176FFF95556B529755BB98716DB53CAF87123CCED0EC0C58CAB36A5122A5E0E7CABFA3B8A3F22C29757F53A3D02C361218346BA7CE7034C69629006D9E95FF66C0D000BBF93BDD7779664971993CFA99A9E161E177CBB8946C1D950844F798D5C5915F382DBB92E245CF2C5025809E8445A6E3D522BBC21992CD30CBCD2129B25C1D47010C876328F7781074D0776A479AD592E329C423619497D327AB20BB907A200ECC7C80D0508C4482D16CE7F420A7C5CA1FB5C5332A58A66A94B2FE725995312582F7DA50C8B0DA8B5E2818D47233DB4AFF5B980B6AFEE74B34725008185BD28939B00CA5CD3C97B5C9FAFBFB71ECD831545656221289482205FF662C34B202962E5D2A54A8789C406F87CB6D47343A828A60AD00476D5D15060607446C8673309A0C8B1E83CBE1C568784806797979B93C1BFF4F5F379F95D7E68794305AF7AB56AD92124ECA482A640C9909271698F62B9A924AF237022D015E2C50E5E2206C8FA673E8BED087542A2719649DAD35A8743A44924892300810622913DCB3B0F3DA82060E51EA93BEB2145DB5FAC0C71B765703B44216B1F232199C3EDD2D4920172E5C445959397AFBAFC0E771A3B1A111C78E9EC0E2A58B71F9F2252C5AB41867CF9E476D6D1DAA6BABD0D77309E7841EE6C6C2850B85DF5B53538337DE78039B366D927625758D5430D2ECBABABAA49DD956FC8EF4352EB0A49F353151231291E01AC7249365088C0D0D8DC2D526685247591B4357698A4C16A0B52085005B3412163DE7DADA5A5CBE328055AB57A3A1BE1EE1704878DCBDBD578407BD62C50A8C8C84515FD7209AD35DA74F63D98A65685FD086A1C1415CEABD22B90A7D3DBD686B6BC3E933DDA8ADAB45B93F88935DA750D7D880C1BE7E19C34C7E615BF01D59B880B446B605DFEDCC9933C2B21083C5ED81DBE311595CEE541A1B1B85E2D750C7649918828100AA6B6B3034342422FEF5F575721D566161DB197721E708FB85EFF8FCF3CFE381071E10CDEF12404F64F81390C5A59116E5E293278EE3F88953181A8EC34F71935C0A613BA9463E642249DC7FE71DB834D08BFDC78EA0AEAA02158120EEDC7EA7D233166D095AE48E7C3695D45DD3CF60B508CD96D1802607047F274F92623A8A9EC333E99BA465C1EC2BF277B3C8E44248669C387AE212BAAE5C960174C786F5A8F1F9C4B297B0A1F69410A88475114F8A35E26339295AB596A8B8351064567F03761C6C045F0E264E5C4E7C665FF1590D358ABC501E170E47E0740590B56544D4BCA6AA0EF1E828AAAB83123C64465C5CF47D8154320B9FCB07E458205655AC619B18C54033B0B9787012111C9A9B9BE1A2A68109C868CB93C772D120E8F0BD3C5EAFBCB3CBED923E8D45E352F0D7E5A1F04E0E198AC58B0219E062BB122645F33B2E62F54A361288A71292FA4C660163EE0E2EA8196A10BB118E25E0F1B9A5ADA947CCE7B45AF4E359D15703B4B242D9CBE42AFFE29967D1DABA00030343180987D1D8D4808AA01F4383434824D28827E3D87EE7761C3B725492456814AC5EBB12996402CF3DF32C1EFFC847A53A08DB8BA5AEBEF6B5AFE1D1471FC50B2FBC80868606691FB615FFCF7EDCBF7FBFB4D7EAD5AB6501FEF5AF7F255545C8E5EDEDED173A1BFF4EEA646F6FAFE2070F0DE0631FFB98FCDD30794CF070C2A966B1A0E9DBE5F90C387FE3DFFE053555D5D237834361D15DE7BD2E5E3887471E791F464642387CF8B000269F239BCE61F9F215387CF4283EF9BB9F40243C2A25AFFC654179BFCA20AB95ECC6FA4D1B71EEFC39B43434211A8FE1FCC50BF8FDCF3C89679F7D560099BCF0C71E7B0CCF3CF38C3C0B1737822ADF870B1A01FCC0BEFD88C5E3E83ADD85279EFC0CBEFDED6FE3F77FFFF785077DA6FB0C46C3613CFEE10F4916E8C68D1BF1F4D33FC4D6ADDBB063C75B92F5C9FBB04ACBBE7DFBE4F909E42C9EB066CD1A590C6B6B4B2C8EEB8F1B6A42084067858D71F8E8111C3A7A0C9D1D2B511508209B8EA277B80F8D754D48C65270063CF007838845C2703A191A74A2B56581164A576C10D2F58C55AE521CC6FF580373E688783C29994AC9544CB896EC5497F8BB9D22FD087B18CFECF82212C900D62CFF085CB900721E2F761FD8277EF2B6AA6A38A91896C921311A0123DA6E6A2EFBFD79C5AE62F02876B3582D69AB0FD1F8ED8AF9AFE207D53E35D1CCD51921B2348905AF7C3372BED6F1CD08A3426FE3B50569B540AD819631943B7D4DE547525BFC2B577AF0EEBBEFA2ACBC42B2D068E1A4531904CA2B313834023F9CA80A96A1373E8AB28A0042FDFDB8FBAEBB70EA6437FA87C2E88F84515D5686BA323F366F5E8B575E7E51764983C321A4B276B47574E2D2C58B280B78111919C2E38F7F147BF61DC4E933E7D0D1D684D69626AC5CB9523B9B943F758C35AD7D9F4C5419EBE2280034770D2FBDF4327AFBFAB174E972356A6C36AC5CB1104FFFE0C758D0DA8EFE91416C58BF0E8798BDD6B9542CB79ADA4A0C5EB984175F7A051FFFD4A7F1B39FFD440080E3E6EDB7DF1690397EFCB8586EFC3B175B820F772504BB95AB578926371799BD7BF7CA77870E1E446D4D3DBC3E2FAAAAABE1F70771FCF809343537499592A54C28F178F2C1C5EBC557C443A75721291A6B59CCB873A211F2BDEF7E07951515F2CE5E7F998CD59D3B77A2BD6301DEF7F0C3E8BDD223EF42C0ABA9AE166A21771967CF9DC3C73FF5717191F55EB92225B076EE7C0B8F3FF638FAAEF48AE1C20A295C18EFBEE71E59BC3EFFB93FC22F7FF90CEEBEFB1E014B566C79FAE91F8BC5BC62C572F87C6A71DFBBF73D2979F5DDEF7C4F52B37BAEF4E00F3FFB47F8F297BF8C279F7C12470E1D9636ABADAEC5B295CB6541D8B66D1BBEFE4F5F95CA2C9224D4D6818E8E4E343635CB22B9B0B3432C6CDE77D9D2A5686A6C426D7DA968EC75019A5B59D9324BD9FA34068607114BA751555507B7C38EA1C15E193CA95812A3A3315437D68A3F90CA55D48265F060706000AD2DCD82190A8C7420A788015D0C76565F6FE1217915C95F93899E4C25957FD7E6123F6AD616C5C1EE97E1F5D5E0C09E4BD8F9FC1E04EB6AF0993FF9439CEDBD8C8DCB97A3D2EE802FC76C3C17ECF4598A5F5B2F14161F9B01E2F1160AB38535CF650DD258CFB382B916D915F686F802189C13DEA95188D65534722652AFE419CD27EFEFD5890A63AFAD8F2233C4989DDA671F898CCAF6926A83E2C7640B66B2188D2524BA5F1908223A1AC64034869ACA32C48699EDD58EFEC141246825FBBC28F3FA604BA7102CF7A3BBEB94B210535924D3592CE8E810B740756510A964427613B10417621BE2B188E860D4D4D6C8826A5DEC0A2FA67E23401364B888281F7401A0B90875779FC1C2458B71FAF419048204511FCA826E4446A2C2A0F3960770EEDC192C5EB808A74E9E45755D0DAA6B2A90898D62687804D5750DE8EFEF939D0EB7F8DCC6B3DF083EBC2FAD7C022BFF4E2016EA64222E35FE18E81E1C1C1417127723ACF84170E642452A1F5D1EBD7DBDE2FA696F572E0E3346A603D072AE96FD4C25E338DDD585868666D89D2EA99EC2CCC5CAAA72D94D321847C0E33CA4755F535D87506844DC2EE72E9CC592654B05F4FAAFF4A2B9A505172E5E90EF3C2EE5CF1E1E61A157BFCCDB8B17CFA3ADAD5D3206A927E2F3F931303028EFC28ADDDCADB27D98D24DD78ACFA3C61477630D4D8D721FBA8A16B4B44A1626E3094D2DCDD276DC99F45EB9AC38F9628557C8BB30E188EE3A8E53EA7BB0BDD8CE4CA6A96F6C989378DD9CDC540F9849B338D4F1A2522E2BF9D0C0208E771F47D2060CF60F63D1D24E0C0FF54B265C269995F2ECDBB66F45CF952BB874F13252199BF800D3E904B66DDE22D790CCACBC5B43F9498B276D7180C61AD8D279E3968873C12A4FB1D47C2E8BEECB7D0885C3F8977FFC2A9CA339445349DCF9FE0770F743BF0537D2E8ACAD1316820A6C6832984E0428F6935A178D6BAD64D6009815B08B2D6AF1A74A650F3BB25A08487CB49261A902A0E24717D172155C5554C402F7D51A6C190FEC54B04E77B15C8B0A629A9265347A7359848647C45DE2743990411A9178047E4F506891E1A111F8CA2B914CA4E0F7D964E18B86A3E2A6B2331640FF77282C559FC9CA618D3CBAC1B8E68C84861089C6C42A927542760557B304C68096C582BE1640F35D255142A8674CB450DACFB96C124E1B8B57399064D6AA28EBAB7249B448496174695951327D39700CADCB58F26637626515E403893AA187D620DD0A523E4A2A99E8FC3799C99AC72EC92BD4592E4CB1E285BB780C5DCB8256E86E58329AE2270419AAE5E9D2564CF4D2F100E12BEBD80DCB1C8A41A5294C52424D620C6ABEC9122DA2FD7A97C58D27B30265B7AC7C7F26D149BD8A62C398A4151588557B60B6BB50F3E4BA85C0A8B03BF43BE43318A5C6A24E3612EAA2CA1CCCEB776BDD6D19E39A6552B2A0AF853A160BC00CE4643C81FEA101D96271307362D22F49FF6A2695118B837E50AEB03CA7BA46E92AB01C515565D59438B1E33D96092BB2E33559433311C4F92CF4B0840DB8141E45FF95017CFF9BDF41FFC53E61177CE60F3E8DCAA67A34D757A3BEA25CF9A10D614F2984AB3961E1654F069C2768BE71BE363B88C2FDCD64BCBA8134276AEA3719F70CB313A06F9116973FE047341617BF2A8B9C8A9F9FC916B063EBB66DD8B3E75DF1875314885847AD8473172E883FD8EFF52A7D912C652D999DC80C3397F885D988DC0E2B4DE06BBBB08A1FF27A34BB899A40806E8CD9634688E9DB996DCB899E67B2DF9BB965FA867389567CE9A35AA014249CC44898AC85C84015B7B72695D658261345EF27F108F943C60A1C997F91B9618A1A01E14402874E9C86D3E7C57E5D01BAB3B31D8970046B972F819DDB2BAF47C939EAB242F97C0D2D905F4C619BCA33CED763CD82C3400F591FF4C326922954949723343282744A5989A9744A5C187DBD7D2282C3BFB352B5CBE94468242C404E77006BC7114C08D0B4AAA8DB40638A5BD9B2B28040B361334EA64DAE07D086A668B54E2773CD9BE51833C74C42CCCDF2DCB3FD9CADADA5449509DB384F78D7142DB18A34E1DCFA3B95BD186CB192F7AD01B3096F34C903F2B69016F6A6E59910ABDA0E27998059A02F11C7CBEFBD07B83C188D46B06CE142AC6F69848F81974C5622DB3EBB1D1EAA70B99588AA176B59C200002000494441544A8653A9ADB7EAC7BAD8E6930D0A1E9131AA77AAAA05B7A44A254F38B6F9B62958A422242F63C35020951B4BA5B44FFE3391057DAB82335BA838107D2B8FC1C98F08905D33952134954B5FF7D839B9A91E0853F4418F4DB92D9E24C6C7462026F792F424EBE0B2B20D66A2F5F2B020FE0E155423B2523D575E4C8BBDD0279A1627B372C9523320C0804A9E089D433211477434029BC705BF2FA8448DF2E2372A38373B6E8E996889A95DA3386B6BBC00ACE92BF3CEF964078B2603EF6A1829C57DCBF38AB3D8A6023493C9241C8F6133B596987F47E7FDDD1603E8565E8CA6D20325809EA0B5AC169775525B831F66A232BA4D0BDAD0CAAC053EA7D229D73DD6B2BCA8B46F9D6822E5E76D486633387BFE026C991C7C2E8FD45C639092BE564FC02DBCD2A686FA3C5798E7A71309118D51E9E7AEBC0FD0F80767ECD9E7F84257072DD50359D921C5C060F591F2586B9072BCD729F6A9CE24404FE55A73DCD493BEFD7881DE499F7C1B1C58F2414FA293AD206D1D50D609C3BFD3C5410BDA7C8A417C12B7BAFE21DA22968398A9A8015A027E0C2A53690BC07FFD7FFE1B962F5A8CC87018DEB24A9D28E14277CF596CBFE30EDCB9658BF8468DAA1D4332A49D31EA9F2458279302E456E1F85B051C8A990A13A53BB3698B8FB1B685354BF146FDF6D7B3A08BAD7BB530CFD946F4868772F11C318B9FB53D67EC2637F1854A003DCDCEB36EFD0D6833838EFC519385772DFEF0346FA94ED37E5049E990D46F9ACE4A805CD1926C52E0522A1A8B1C80A2D1712A87C223A8282B137D5DA67393C3CA238C8297AAFAACB408C827E57B918A56AC716105879BDE029A92C36B0A948C6974F2443EE8695CB274CA4DDE0225809E66078EE79B253B805C595A9EE3595ED3BCD598D394F84B41CC3C341292E29F81B23249736EA96FC48573E7E1F17944E798890375A25B10462414128A6082B5EB48F8B73B108BC551DB508F603020AC0EA584A6E43F09D4CC9A32EF4AD6835534C7EA02B1BA066E2AD74809A067625896AE314B2D5002E86936EC7800CD6C20021B818C9FD9B02E959743952262E0EFECB9B33874FC181A17B420154FA0B3B50DA78E1E930C41568A70D99DE858D88923478FA2AEAA1ABD7D7D7079BDA8AF6F407FEF0052A93436DFB11565015F9E1266A41CCDB65A54C6D269C94023AD8C59571305766E85EDF73487C6B44F2B59D0D36EBA5BF6C41240CF50D7128C0962D44C200F76B6005A158D655202F5A50BEE0B919E908A16AA3E1EDD164AB14D05B64425359391CC37A6A51240D571927655908B66C50DCD85B6BA68CC82C44588C904C69AB68AF49B77B6BA4066A8796F8BCB9400FAB6E8E629BD6409A0A7D45C571F6C0D20F25BE6E253BD6DD62C4802AA56CE20406B61CD7C0AB9911CA59B4280D65A0DC60644A2AA24BC646BE553CE553ABB4864E44B5816825086FD20A0AE858F247B52CB92F25AC6AD635A68D6DEFF06FB6B3E9F5E02E8F9DC3B73F36C2580BEC1762FA6E1916A57CC85BEC15B149DAEC0548B78A8EF44D45CFFA9F0ABF89FA5CC914EAAC9D91C484B00308CAACA0A5551C5304344B7208FFD63EE399E7FD9FCCD148965050FBA3EA839AC123C8A8A6799E7D3572EE61F144A45E5F3CD67B6D96E82AB9500FA26E8A4DFF02396007A861BDC50EDC6E34FCFF0AD267DB9313441B2394642280F96E54154828E26496E8ACC2D452AC921958C21121D85D3E182D71380D3E156863E038E22FE220E10A4346E6BC551956A4E811DA5954F6D1F75AC9D9AD953CBC49B7483CCD3034B003D4F3B660E1FAB04D033DCF804682A9229C3562BD7CD315FD500B4E1F3D2EAA51605F526ACFCDAE96886280F8A29EB45E1A034E2B1246C70C0E5768A6605019A40CE2A3323992C2EF40E4BE180B6A66A29BCEAA67FDC4E7FBA5200536A6374B694007A868767E97237590B94007A863B8C3E68037C6233E66BCBCDF08DA670B9F1AC7972B6456ED3A974EDC663A54CFE16AA0289127C547E12EADDC61371245953D01780D3EBC5403C8BE7DF7807EB37AE432E67C7A1437BF1D0D64D68F0B9A418822885DA00D670A6C0A8FC4DC07AF24F72331F59B2A06FE6DE9B9D672F01F40CB76B71B2CA0C5F7E5A97B32E12E67713E4334560A76DED8BAE74415C9EE66F867F73A8EA8B84EBBED028467276ECDCBB17F7AC5D85D75F7D1D2E8F1FEB36AFC3C5C110362C5B8C2A560897E2ADCA8266F92829212562CED37AED9BEEA41240DF745D36EB0F5C02E8196E6266E0314DDA6413CEF0E5A775B9F1AC6332304899E3B31AC6C5B4981746685F287DF435EB5AD976554ED59EB3210507F6749F43657D2D9EFEFAD77062EF5E291EBB66FB76DCF1F08368696C407B3028AE0E8A3C29A399D7D3003DADB7BEF94E2A01F4CDD767B3FDC425809EE116264093CD605C07337CF9295F6E3C178B016CFAA14DE6E3F45D1CA68E84922A356C92942DC73A332AA1060EEC3C7556CA81FDC3DFFE0D52434352F1C35F5B830FFFD193527B6D6159995479518145FEDF5AB571CAAF7D539E5002E89BB2DB66F5A14B003DC3CDCBD4685AA2E406CF07FFF3F55E8F6E0E060CE98BBE118036C40B870168913FA5059C819DA5916C0E1CE91B40286B43F4EC09FCE85BDF46CAE6C0273EF3243CE565686B6E424B30080F83A9363A4C9870C37257AA74932A7BA54CEBF9DEA637329C4A007D23AD776B9E5B02E819EE5702343FB44CE7339898E413FACCC93A993E4093C1ACA279768B059D11F74656AC6A7AA2230EE09DE3A7E1CCD8A550261CD40109A1A1A61A0D15E5F0650027D270FB58C8B650A74DD5189C3F8C98191E2E632E5702E8D96CDD9BF3DA25809EE17EA3554A3A9BD1E398E1CBCFE8E508CAF443935E478B7F3A343BB16A55F959458AD385392570486E9D9423714AA1DD880DE8198AA06F98453FB368A872A221E8878F7CE764024C7661F517BBC30D5F59B958CD4CA62157DA2C28B351A166461BF5062E5602E81B68BC5BF4D41240CF70C7524B999A1CF443CFE78F951BCD92F046C77A5A81428168165BE5870439C5FF2EA49203F17406C28ED66E6A661BBA1C0E24924978DC4E7825638595AAED48A6D2181989C11F08C0E37628A0B66426CEE79DC98DF47909A06FA4F56ECD734B003DC3FD4A70A69B837EDDF9FE3140C76021B53424A964AA493512D0E37F8CFCBF726908574EFEAE3CD4274E9C444F6F1F9C1E17B2A92C464722707ABC48A692D8B67533AA2ACB15C06773C8E9B2F3F1585C0AB3129CE93232CC98293FE37CEF08FD7C2580BE493AEA37F89825809EE1C6A606B300B485BE26B7986755EF0D38936E47970C5D3356CADDA49B45A7702BD6055F936CE6029B239D49C2E9B08B46F595DE5E641C7604BC7E5CB9D8076FB00C417F104D8D8DA8A9AF103C27B52E6DCB81C503E8DEE0731AA9535E9F4A8104EC5B11A44B003DE95177DB1C5802E8A974B555DCDD923C61FD73329311B00BFAFC4A5FD97C69C488A672BF593CD6EA2620405326957E68D203AD99877C84EB82613EDB4FB12E5426216491E275699567695D4BB517269DD8904EA5E55E69967EC9D13542DD0D31B945BB2393C9C1E3750B485B1368D8AED4A436D44029726B49A737CF5DCCF8B8BE4BC4D4332F6A6C595055CD47F529127F9A85BE2901F42C34EA4D7EC912404FA5032701D04C714EC4130888A8BDAEAAAD05DA04EC4CE6F23C4863B60217F9DB0C6C5AEB104EA66972192D86A45F8EA04C3FFCC1830705A409C495D54A7E95F770D89CF27D474787042859099D1F1EC7E359328C7FDBB871832E0CA09E82CF6A0284046AFE10A0B9009867B61674B51E7FFD45462F0C5A30CA9AB5486D10531E8121D0D986E912404F66C4DD5EC794007A26FB9BA4854C0A89780C5EBA3838A96DF4C92A43DAAAE85950C89FC90798DAB5AC004D3EF478C506260AC81980A6B4A9CDC1C20039E1565FB97225CF05F7FA7D02D02CBB655205E9AA20C0864221B1B41954E5F7F4DD13A819B474BB0B3A21069CADCF43D707419E7FE37956D7C778155FC66F1D0B40171DA0722255FD1AF399CDACF312404F6DFCDE0E4797007AA25E2EB274C7357CF3967516D96C1AC958141E5AD0B2A5D75A125A4FD3EAF1986D8B6CC257D362FE86036D849EA69AA67E3D0EB5F9AED88A35B439E3A230006C9EB9D85D617D97E2CADCF4A313E8CD0EC05A3791D7BD5EE56E063195753C8E725E7167E5B73F13B5ECF4BE2F01F4F4DAED563EAB04D013F5AE0591D5AF053F47DE9AB2B83ED2C8201A8BC1EFF5499AB35D978FD21B75E566D59C07A5FD3677A29AC5C04AD783958132195E74F1358AFDD7E67BABFBA1B8C98B7DDC56501FAF7BAC3E662BA01BBF37CFA7DB43AAC6E8CFB5FCE88AC32DCB47C1BB91EF4F4BC74A9184F10B1A4C348426FB7D09A027DB52B7CF7125809EA8AFC705E8F1405A995729E4309A88C3E7F6C061B70B2B586D904D42B43A379F1E6D580F133DC72C7C6F054203ACA6649760D124D2ABAD2E072B388F17A81B2F8837DE7DAE17A4B45ADEC6FAB6360DAD651EC360227FA7EBA3B81C97F5F8AB764479B68D4563644CDBCF5EB0B004D0B330C86FF24B96007A8A1D68B2E6789A04A2A4DC9465D2E67222864FBFAB436B2D4BC2861CA73DD1628CCDF27E798AEF650E3756287DC213F99FA7798B593FCD3C377DD4EC0B5AEF7C1FFEDF6AC9E7AD6A6BF0577CCE5971955B774CAAB7E88D2E2CB933FD2225809EE916BDF9AF5702E829F7A1AA966D009A55B47359BA9AB566443687682402B7CFA3009A3430D6E8337503CDFDE6273E0BE7D854ED9E8C8B63CACD37CB2714FBBC6945D3476D44AC4823B4BA3ED83FB25ECADAC98E540FC8725BAA9F0D52AB4C49F6F76C51EE4A003DCB83E326BC7C09A0A7DC69868FA10CE29C8DAAC7850FFF363A1A85973C5E97531C180EEA49181030C6B3A98D3AE5FBCFEE09C63DC0809B0916DECC96747E3D24FF5A2711193A9FDBEAA336002D9DCA4D9143E2BB795F14B368F81DB31C6789CA5102E8D91DDB37E3D54B003D41AF8DF151CA3F74296CAAB4D9548233FF4C904E01188E27D133144620E0811740655940643419AE72C8CCCF68494D05EB36A9CE377B7ECDE90C4A23A06414F9E439AF91026EF50E5C13B72675D0749E74E273C66370F06FA4F491B35E565E26B10229D42506B32AD9C5BE550571351EEB55587F3DF18DA7714409A0A7D168B7F82925809E0E406B6835004D90E64FCFC030BA2EF58A9CA6CDE1442A1E466D552516B734C26BB7C325842E65818B9F53409B5CDF5932C9A63978E9122080B1B6E244D6F3A4B07752074DF361AF715A71F0D27A98718310A8A3B1A8542527487B3D3ED8EC0EA419ECB501896C0E83A151E99DAA8A3278EC904577B696D31240CFEC18B815AE5602E849F4623EB06FBC1BC64F490D376E9DA10A9DBEF8EA9B58BB7C09FEF95FBE89BEFE213CF0E0FD685AD08CC59DED68282B1B135E329762C8693E7D8CC549853B02343FD7F3454F0A7B2775D0CCB5C2F51695620A1F2DE44C3A85442226198E4E8F1F769F1FFD8924DED97F0CAD0B5A64493D77E132B6AD5D8A16AF47F63CB3F12901F46CB4EACD7DCD12404FA2FF8C8F592CA7BCC3593996397913B0A1BB7F08499B1D075F7F01BFFAD92FE074FAE1F6FAF0E93FFD335435D661456550009A60EED417319C80493CC26FF410436523E58E62FEFCDC8AE2447C2F05E6EC45A51712198921E1F4E357474E63695B1DCE1E7A57AAE02E5AB319DD1707F1E8A64570CB79DCF764158BBDD8FD9367804C6D6F5402E8DFE830BF296E5602E889BA490281AA6A88C32032E733C199FE64FA9E6D0E9C190C61289E40CFA177F1A36F7F172E7719BCC1203EF1277F8CDAC63A2CAD2C136706CF7011A0C5AA9CBD80D344AF75ADEFAD892704686A631851A2E95E733E9F9767A5E748AD53443A56217FBBEB22BA8FEEC3AE177F2D0C9C3B1F7C1F16AD5E8FF56D8D68AC2A17C287685B67B54A8715A44B003D9FBBFCA67AB612404FD45D1AA055C5106D328B4999138026ED2A95B149B5909FBDF81A1EBE730B7EFCF42F70EAD4593CF1074F2096CBA2A5A906AD01BF00B4C2760274A1FAC83C73414B8207AD426A6A70DB7F33685B4FD48DD75C90C48C368B300BDC02A7CE5D44042E3CF3F40F71E6C841E9F98E356BF1D8473F8A402A8E651D6D63005A78EE9682027966DE14A30B250B7ABABD78EB9E5702E889FA561CD08AFB2C006DFD64538AE76C73220AC8CFD32FBE8375EB57A3CC039C3F3F840A6F166B172E40402E439EAD11E7516C81F9F6B1EA5C18195293E431DF9E75269EC7107378AD34C3833607A2391B7EFAC67E789221BCFEE39F206B4BE3C18F7E14596F2D1EDDB61A7E870A148A58613E09493FCD0D746909A067A2476FAD6B94007AD2FD5910D511039A90CD124D02DD0EF13F4BDDBD641A272FF48AAA5D536D2DAA7C4E547A9C70093F4B93F2728AB921D87F03137AD28F3E8503AD2E0EC3896662C7F5D2A5A770F97976A8E23C4B48C06E439A01432A12DA8077BB2E49828B239744DA9645C6EE83D7E1C4868E46786C86D7AE3344B5152E2F7703FD5902E879363CE6C1E394007AD29DA0B41914518EB6744E2CE2443402A7D383ACC30D386C18BC7C11D54D8DC2EEE077B97416E5C14021C59841252280F9CC16676BD2EF35F64063110A38391C79E1FDF95E63717AAF9B55456DB5EA2001DAEC6F12D92C2E8422E8EA1B40DA6147675D2DDA825EF8EC7671555DB5FF1943989FDED394007A7AED762B9F550268DDBBC5023D6214C9F65523A82498D0BAB24B028383209DCBE1E8A1FD0804CA70E0E8710C0C0E03E918BC5555188AC551E3F320319A462E63436363191219E0FE071F40D0E316BB9B0129A9BAA2EF657D86626ADB447CE4D918A4C6DDD1DFDF2F6C8E6269D09B9FD9C1588062A3A7533964722995B4428952BB5D76430E9703996C066E9B1D4E5958D542ED70D891CD64A4028D18CE33B0152A01F46C8CE29BFB9A2580B600B4E9CAB12A6F045143C5CA491203B3CD582FCF9ECB22343488442A85482481742687642282ACCB0587D78B0A9F13BD97FA61B3B91008DA90B5BBB0A07D217C76FAA21990A2F48ED282306048CBB558D06732AA72B3310CCDA2C0CC427E98FE6D05A3B9583466F63D09B6196433361C3C7814239161783D1E24936994955762A06F00EBD6ACC6C123FBE1F5FAE1B0BB108B45A57F183CADA9A9C2D2254B44DB6326744B4A003DB3BD7B2B5CAD04D0E3F42281872A68CCA66B6C6A96ED6C321EE35486D3EB13800EF50FA2B6A61A9954020EB70BB99C1D67CE9C457D4D35E07221924CA1B6C28FD1D1B854AF8E448690CED9110C94C14F710E5A5D0E97A4178B2A9E5D552329063D8233C19B9F9900818906ED78A0CBFB0F0F0F4BE20A9F6726ACC5899EE337F37D16E96C4ACA70ED7A6737B28E1C1C4E3772193B62D151786C2EAC59B91A5D67BB91CA6570BAFB0C92F128962D592AAE9FCE85EDA8AAACBABA40F0341FBE04D0D36CB85BF8B412405B2C68034E2CFD646AEA657376F83D2EB43636E0F4F93392FEEBF397C3E370A1A6AA02E7CE9E41341583D3E14664348A7BEFBD1B23A1118C44A2B878FE22CACBAB104BA6104DC450555189442C86546C14B5755588C66358B7661D76EFDE23E04B4B95BC633E074B3EAD5AB5529771D24AA5BFC1A0A2D5DD62CA55B1FEDF1825B85B60629894FB4C96E9DE36449369715BA42351785D5EA11A3A6C0E649D392499CB92CDC0EF758D0D9A1A2687B53DA6E1932E01F42D30A066F8154A005DE4E22030D162649286DD413E95134EE4E07739D1171A009C1E9ABEA04E9DD36EC795DECBA8ACAB123F66369313AB3AC98AD699AC54AF26B8C59369610890C9918AC7E1F6B8E91F91EB5704CBC452A7C4A7CBA500301E67856D2F2A2ACAB5756D53996B37C01098CAB829D6B1E03B50098E0B171790E2925353B9F67C3B568BD7A9B6CDA470E8D009D89C6E74779F40477B3B7A2EF5A2A23C80F2CA4AA4B34082C5187C5E2C5EBC080E27DD5F6AE72372B225809E6FDD7BD33F4F09A08BBA708C5603DD0B742D307143A76767ED0E49F0A50F9AEE896C2E839CC386483406AFC72BA0ABE4451904A4C75A4DDC0C7248C69270D9E89F760BE14E94D278ACD6F2379AFED6FF67A9256DA79B4351BA7E13205DB09E0B8B026B2D46225111BE77389CD75830741EBC296070D582925735993F13475BBA2C7ACBC4A3C84804FDFDC328AF2BC7C8E808827E1F92B151385C6EA45336B83C1E64D259D4D5D5283956FD8E2C5D5602E8F9D3ADB7CA9394007A829E2C408AA49B15F4DBB5EF98C4BB6C2E87583C86803FA04094D79413AD4AD14A00BAAFAF0F35B5B5CA8F6B8E9D57A389CC06C55C3165F814F92C8B4874146E97072E3BAB746BFAB0A4BC2BAD649B2DAD45B259A84083974E7B56893EE48D5391E437B415986ABB16893AA9BE37B256BCD8EC72224B2E8EA976D8AD7F7C09A06FA08F8DA5C9883E5D14DCFE5FEFC3E3E9D3A4ABA0BCBC5C0E9D6F013705A4053109EA9088FD9F03E8A70D87A3A8AEA840369785CD9E838D991DDC55D8B8ABE07159D88487E82E54275170AF417C7641EE06BA73CE4F2D01F49C77C1BC7B801240DF4097185F2C7DC8F41D338836990FFDDB1315339DCC7566E3987C6C6BCC2F6AF7C03250DCFED75697C366CF22934DC341956B9B036956D2D68C13BB3DA74B4631A14771879539AE2DE7796A40CF467B4EE59A25809E4A6BDD1EC796007A9AFD6CF555533BB9AAAAEABA1434636D13D445285E3336E69B05ADCB2D5ABC10668BCF6018039F718C8E2624804981A074D626AA6ECCAA64520FDD3D4A9F44E5E411A045313B67716D94007ADC515702E8694EC65BF8B412404FB3738DF54CA0E5EF8180F23F4FE4E2E0314C46E17953B1BAA7F998533F4D6B5118DF3B839DF46F30304A39215AD197C254B8F34B709330ECCB66E191231CF2BDF2DD98D2BA5ABD4FDC26CAEF5EFA8CDF0225802E8D8CE2162801F434C784B1A0E9AEA0F52C9834098036B7236D8D205D515131CD2798ADD314181B4D0A072D6206426D368CC67B319208E1DC6800478F9F83DBE1823FE0C5C39B57239849C12602C95AA5420AAF2A0057556398B5A7407CDE060967AB492779DD12404FB2A16EA3C34A003DCDCE36597F23232302B246A7E29AC555753283D5D5C1602113546849179F3711D84FF3B1FFFFF6AEAC398EEB3A7FD33D1B96198000487011297011C5454B28D9946C2596652B6549919D384EB9E24A2AE507975FF2903757C50FCEB32B3F2029BFA4EC2CAE9415DB522A2E57D90E1D45916849259292B883A448821B4080008101304B77A7BE7BFB0E9A43806800B3F4A04FAB280033B7FB9EFECE9DAFCF9C7B96079FA6FCCEBA7810CB4E68AFB1F61F97130E4E9C7F0397478F6143F717F0D0A603AA1605D269DCB8318AC38FED43C6D6354A74F08A1FF15235987524882ED92A1B858B294208BA21ABBAAD2F2A04BD06F5D102662CACD91C0C43AAC124109342CD880E15531B38C25C6B0DA22F79AA8EE208C4D825748954D2EBD9B10F7179E202B2B35BF0A31FFC18A55219CF3CF71C9E7EEE796CDDB6111BBBBB90F12A2AB1878DBD8CA5ACC3F5745D4F4DD0E2E610826EC4EA5D7FD714825E834E19BDC10242B482550534D75DB25E466D9D65E31261781EDD1D4C0059CE0A5F83A8A14E5D080366BC327DC624D38A8AE7F6BC044E5CBB854C5F0FFEE39FFE05E78E1D43D24A209BCDE0EBDFFE1B6CDAB90DDBBAB2E88483A44AD04901AE6F29FB8D6884961FAC06B1A0432DD3580D12825EA5BAB9D1471785215643B8612F67089B3F49F4DC640C43F461AFBFFA71B495FD2D4245D0BA0B8C0B1B97278BB83659C4F8A55378ED9F7F849495C0D0DE3D78F14FFE14835B366273AE0B698F232BB012C985D03A61E650EA10820E0553AC060941AF52DDA65F9F21E80759CF668AA0156D5E23D1D382E6F548D2E6688D8B43BB21E8E470FD08668B49277C95858400FCDF893340CA4269BA8099A949EC7EFC494C8FDFC6A30F6DC240BE473936D4366095947D67F62A718ED36942D071D276B87B15820E87D37DA30A05765249AAAA66A604E783EA232F46E086B04D71A6818181FBCA8DAE52BC559EA60BD8B3294145D5AA066CDDB81CAE0D94E161D671706A7C12274F5F82532C61DBB687F0CCEECDE84B02535333C877E7914EA5AA6E666E369A2DC10856E258254E8D394D08BA31B8B6F35585A097D15E2DE91A526597918D1B37D6A5B29B890861C20BCB8CB6D68AD6511B7EC2B70EEA60E127063DB3671F8B3EF9A9E0D38522F2DD19A4548719864BBB989ABAABFCF2A95452557A73136C4BA0CD6926B2E83C1656E7D3B5AF9B51E3BA5D3EA042D0EDA2A9E6C92904BD0AACB9B1C7FA1BA676F35A36F7826E0FFAA26991332A24485C8BB946562176F853FC56D79E5F418FAC5A761C5CBA7409A363A3E8DDD087D9B979CC146690EBEC84C3D2AA95320E1F3EAC8899D12D74DB64B359A4553303D35C9517B6EE0B297CD0378FF042B7FF4821E8F6D761BDEF40083A24A2411261720AC999A171C17654DA4A5CDD8E984901A7EB84D76EA56559BD57538AD3F354079123478EA822AAF3C5B2AA913AB87933CE9D3A8D6DDBB6A96251AFBCF20A9249EDD0A06F9D0F1C62A41F644C05E73B0B31D04D7FF084D475AB860941B70AF9E8CE2B041D4237412221F1303985D9838BB93F5643D00BF5973D657D1A2BBA5ED70F718BD5219A933DD57040974ED52DAED83895244CAB982DBFE8B5989D2F229B4C2952360D0554E2A1DF63918D5519E962AAF79987CEFA6A9BB512741F3C5608BA7E58AE972B094187D4A4214B5A923C4854F5F86A1E24E7A0E5C9ECC4DAE6B121455DD3304759BA09CC4C4F63F4D6A8DA0865A623AD60126DB15452644CD7F486BE0D9818BD8D64D2561D60D86D84E75A960DC7A9A807CDC040BFC2890F1EDE8FA959C26F0C613657D774336D76B210749B29AC09E20A41AF10645ACFDC04237105ADE5B59275B0AB371F022605DC34935D8B9F7B25B7A802ED5C17C3178671E9C245B56939323282679F7D16D7AE5FC3E8D818F2B95E942B15ECDAB513273FFA58954E257953C6DEDE0D989D2D28421E1A1AC2BE7D8FFA1D615C65819BFA23C46FAD98ADE4BEDA61AC10743B68A9B9320A4187C0DB100937BE4832267B30C4A9AB1EC2880E6345378B9CB57363E1A8F5A607DF33A3CE9F1B56FDF9745B2E761E27C1EB9F8B1DC645440C4D03DAA01FBF99F7BA6AE534E84421E80601DBC69715825E4679411704C985D66D98D2A26B5D132605DC3C0C9A656D3E88A06B099C7FDF1E63B8E1BDF1DBCB35B835F5B0F9D37C1B09E265489AAFADC6A7BF56EC5B75BE1074AB908FEEBC42D02175438234AE0786C1359A386A53C01B3D9F81613982AE1D37363AAAE2C16BADE0A5600D3E68983D4997870EC74B575D1E718D8F16820EF9618CD13021E810CA36A4C2E4149348D268C2E49CB4A24962C178EB10E23675C89D3BDA15C32494B0EE09DE5B30B392E1787C8D81BB162900001A4049444154BE6C1E41BF7BA3716E2A58CB4C26041D256D44431621E8902E0E12E5CCCC0C7A7B7B1B6E3D2B57821FAF363535A50A329994F2482C9B8099CD64954C86A1763AE5DDC8BE40ACF77AB24D0661ED06ABA96DC2CD4315CA1733F706EF57083A12AB3B524208418750074985C92941726EB4656708DAD48CEEEBEB8B0E690508BA582AC2F39C6AD8E1BDC41A68141BC03918571E246CFECE68106669126B7DC326E93C5C0250B5DE47B5E9ED92CE167F4B343ACD0384A0437C18633644083A84C26B49B2591B76C61A25617183921B6AB59665ABB3F118D912DC385D0B36C158735EB3B3AB03764AF56841C2D3ED6735267E2D269641F51C15776DBA863B7E7126DDD5C5EF0DC0D2D6E6CFEA2FAC2A42F28F4E871721E8101FC6980D11820EA17013E35B1B1616E2D4350D0986F791B0160BEF6BB425BFDC0DD48BA0CD83C63C94F850E43DB31A5E67A60349CB062B9F7A16EB53EB46B696B2AEB5CDECB239804532D76F576B5A93867DD7CBBD36B85FA62F421D5E84A0975B6DF17B5F087A199D932848D0246753507F2D5662D825169C83BFB34607FDD0C1F2A6E65ACD906729B949D0C4871B7C613709578241B154C1FCCC3C726C6890B6E0582E1C38AA821E6BEB59245FC743C54AC24BD848A9668A34B17557716D25F3BFE8B83296BA7F21E8B02B233EE384A043103443C1B851D78AD4EBA04539393909FAA2A354AED324EF045B76D5BA61C27C9C82BEE885FB634D265AC71EEE4C4EA033DB815436A34A9E6694554CFAF52D68DFCD61AB9EB7B49A3D382A21DDD38D6C49D0EC101374778411AC896384A09B08769B4C2504BD8CA21A69213E68EA60828C2169F595DF4FEEA86D32DBAAF5669277D6DA53B1F67E15492B9F06E0D97464B8281766E114CBE84877C29A9CC24CAE1B1FDD1E8753B1D0DDDD851D9B7BD063695BD94DF00C36A97591ACF657A475AD9D22EA21D22AD0969857083A620A89803842D0CB28C1902209886444626C864BA136D2C158A5B4A2E94E08D6B268863C4BC164B202CD378CD5CAB2E879BA3088F24393582DCF815BACE0CCAF8EA0F0FE47B832B811BBFEFCAB48A73398B85BC4D8CD51BCFCF45ED53C8087A5AC67DDC04B9739D5512542D011601E1121140242D03E4CB504114C4E09B6A2325FC55B55AF99F1C2B5F5405AB951687CF48C5D262675F743935B13AC7CC74DBD0AFB6E61E49D6378EB07FF86A12F7D0EBF99B88AD3A72FE095575FC5F6471E452A9DC6C19DDB91F4808C4FD2FEAEE1424847A0E64894AC68B1A0437156AC06094107D45D1BB2468B99C929CC9433C76A2DC47AAD2ACE4F994CC81D2DE9561FDCC0E4266AB081417D64F254E406095A15FCE77F151709D7C66FDF38824287837FFFD98F91B26C58C92CFEF6EFBE87A367CFE3A5E77F1F6CBF9BF1DB75293F89652C671DACA77DD7B4A7A343D142D0F55935EBE92A42D035041DCC8633A5455927224A046D6A58F0C1611E18ADB4A2F9C0A0056DFCE2F594457B925D381E89D456D11BE504F0AFBFFD0076E90E7EFDDA6B48C38395CEE23BDFFB2EDE3B731E2F3FFF1C3A01A41CBFBBB89F2F73AF6B43C778043BBCB4FA832D04DD6A0D446F7E21E8808BA3563D2CF969A226A2A23A43C84C01A7151D2C32D42A190D411B6BBE6EDF32940F5A7B265C8B492934842D14011CB97C133DD92CDEFFCFD771E3E2653CF3D21F22BFE361F4D8C081ED5BC1472ADD1C2AAB4539A46B7DCF42D0AD5A2F326F780484A06BB0326E0E5AA9FCC7D2A2513B8C1F9CE9E76CBDD52A7F387131E9D92646BBDE998D2E5D1ACAB74DA704D9DAA6271AA3E5124E5F1A41A2C2C24B36BC149D15653CB76F0FD2AA73B8870493597C4786DA1C24D157B70B75B28B6ADF1591432CE88828224262C490A01D95286C2A3C2CE8827E4EDD7D9A9FDB994201D94C56258698C35460AB9B85B88A85A0E6A6FC1E502A1751AE94D1D1D5093B9888E117A4A8D6A558C53C614FA13CDCB4646E08FDD024418561E0026BF1F2BABC515ACE34A399BFCD8C410FA8242B982C7B98982B29C24E5B16367565D1AD1257D831C090B4329F75F44640109277D5C5B11601C30215629C1074089062362486043DEFB99ECE3A5309673A820B0C0FD0A462A970BAB95211D94C17526C0DA238628172AA7EEA45164BA33FEB7E029D929B8D5DA79D0252D9343ABC8CDEEE523B601E5C2678D0DE24AF3570512B1F71C5C5EC0CBB91F7E8441076555173EAFF2B7AE48B46BE15C85345DD4FDF666CF4ECDCBCAAD151745C541C0756D2865B7190B26D589E07DBB254424B523D6CFD4C421F8460BCB5DA206C24382BB84F0E15825E216031181E3F82764A9E972041EBBD7C9D154CEBCAC31C803BA5044AAE834ECB435FCA46CAB706FD720EF72D89A0A5B80AFE59E11273E0B03810237C5D5B65D9158A05D5713BD799F71F24FE25FD74676579369085B48BD7C3E4C4846A22ABFE4C300259BFAEC43024A84CFA9531A28AE2F04FE35CACC97DFEFCB0B2DAF9CF7CAB617C38372A1DD7433A93C60B9F7F1EDD5D9D7ED956F59D434B44B787C52EE47E14C70AE559A1C256345C087A4570C562700C095A9954CA22AE241CD82E29CCC254A582B74F7C023BD78B59670E994A199F3D38847C92E6203FD40BC4122C36DFDC55C2788692AEDC9648AB9F9EE3E2CED42472FD7DCA5E65B43013356CD6AB509974FCAB717E568FB58B2C6074EC16FAD95945398F74D1A2FBFD1CC6031C1E35B3CFA7FDEE50DDC2C7C66EABCD517ED3E1CFF1F171B0E8FFF6EDDBAB354B060737AAA812EA8AE7A5923AC1887F47250BB3160521E8F0EB222E23E347D06ED9D33519ACEAA6D1BCE7E167EF7D8CBD9B3701E3D3B0520914B2294C958117F7EF40B65A70472F8B051FB4F16306974BE3C850CDEDB8EAE162D92CB1E9A09CB031512CE1BDE14F7073741CE9640AFBF6EFC2EEDE1C3624696B9B0CBAC62D69D22EBB7DB3F5959A8D66AFB14C83D6B311610546343339B9594BAB9751222457A6DF1B1D9070E9FBE6181E2A3BDCF3E0382E52295BFD549BA89EEE7F58CF4EECF5465408BADE88B6FFF56247D0AE57F1122A77D8521667C90246A6A770EA93EB18F9E863BCFD8B5F2291B4F1F9AF7D155D5BB6E0C583FBD1D7A1E3A095CFD22F466CD21DEE351339AAC1046DC2CEE0AA99EE3816FEF7E333D890EFC0F8C83564D25964FB7B91B5D27862E73674FAB5291AB354751C1C6DE6F1094694F4FBFE66E35509FA277C095640CE3CE3F8F1E3CAADC1547292F1D0D010AE5DBBA67A199A10C303070EE0F2E5CBEAFD99C29C7275D0E5C15661C5E2BCB2E653A9243EF399CFDCE3DED0AE93150AD41820D55585A01B086E9B5E3A7604ED798EB6A05D4DADF33670FCF20564D33DF8C90F7F885B978651725C3CF2F4A7F0C24B2FE1E1AE0E3CB471A06A102E94AF34DFE16BBDD08D25680ACD4240CA8AF62C1CBD740D76BE0BFFF3D39FE3D4BBBF83E759F883975FC29E834F62E7F64DD8D29DC5421C4ABD57A99FE1974860FA6E011D1DDDB06C0B3458B57BE3DE5863E59959A108CC5234444A2B59F9991D47FD23B9F21F236D6855F3A828CB39892B5746B075EB163F0E5A47E7B086496D8D1321E8152A4486371581F811B44317874D96536CE1D8C0E8DC1C8E9E1DC19DEB17F1D61BAFAB68802F7CEDCF90E8DE882F1DDA87EE944E90B827BCCE2440282B2C48D2F78E0BB31915BC6EEDEF55AF80BFA9692C56156DE2026F0E5F44DF96417CFF3BDF45D6E1A69987C16D5BF1EA37BE892DDB366247AE53D5A45074A9FCB87A93CCFC1DB61BF762ABD2E4913072A2529855E9D8E9EE2E78094BF9C22D86C7298B9F51257456536A53CAA8A9EBBC2D26130BBA2DD4D454216347D0954A850E5C05B2CD0D242B81622281374F5D40AAA313B3B76FA22399423ADF07B752C1338FEE408A9B4B9E0B5B75F530A163A6978776B71A2226411A023485831EF455BAD6A20BA66ED7BEA7B600FD5E4E092F05D74DE0DDEB37E0E57378EFF537F0FE7F1F612D21FCF15F7C039BB7EFC2EEED8318ECEC408AF6B61FE35DBBBA6AE75BA945A9D0703D788EA3DC0E9DB96E1D2143EB9658F077D74182CF4446A024583BA4C1DF329AFA11AADF6442D0F5C372BD5C2976045D743D8F2E02C619247DE2752C1B775D17C33727706D6C1C5EB18C3DDBB762E7602FBA98C5E617EA0916D8B9A76A9BB2A6FD98DB6032842A36CF4A6CFAABF8830EBDB1C5FE7ABA225CF058207A96DE2C29D746C24DC3F312B8E539F8AFA3EFE185279FC4F4AD51D8691BE57C0FEE8EDDC2A71FD98DB40B24594FD9B7F88316B491CDCCB5AA080707A824B42F7F62721A03BD39F50C49D38BE4D2B5A0BF61A8C817858358D04BAD0321E8F542ABF5BB8FD811B4532E79A53289308D644A87A9D16FCA2E1DC58AA3FADAD95602F3C522D2990C922467CF53197B3A1A2001DB4EAAAFF30CBD23499284186D40FF68B95442369B51244BBFE872D5E64C8D69E372A8256665A092DC2CCBFF99D08CE827CC955300BDB4BF7CFB0394ED349C7209DB37E4F0E9038FA033E122AD73F096B5A06B5D1EA1961823265C4DCEA373B3B83D5F462E6D63534727BA123A7E84563FBD49B4AA19CE28F4BC34B242D0A1565DAC06C58EA0DF79EB4DAFEC59982FBBD8D0DD85345B28792E1EEADB80B3C39750283BE8EAC860B23087439F7A1297872FAA780FC6DAB22EF4DCDC3C2C2B895CAE1BB3B373EAB57C3E8777DF7D1F5BB76E4661661ACF3FFFB9257DBD8BB9188C551BB46883196F869C9565ED5BEB8C70D639282E2A4880B10A455D551359A63E7313112E6C4FC7FFF261622C5A3FDD5089A25FD316BBB6F4C3AF7FBA37E65DE0D2AD314C4C4F31425B65EF95E74A38F4E81EE4D84351E703F9BB830B73859F253E2385A0E3A3EBB0771A3B823E76FC032FDD95C3F0C54FB03197836301C96C12071EDA815FFDFA0886F63D8EE93B13C8E63AB067EF2338FDE10994E68B2ACC8B110503031B71777A468578CDCFCD2397EFC19E3DBB70ECF80995A4D1D991C5534F1DBACF0FBD948B23E802A10FF7CC9933B87AF52ABEF8C52FE2ECD9B38A34E7E78BE8EFEF53997367CE9CC281271EC77CC9414F771ED9245D301EAE5C1D455F6F2F7A7ABAF1D63BEFE0D52FBF823367CEA2B7B717232323989E99C1407FBF8A6450E9D18904F2F9BCFA66307C7E18F99E3C7AF23D3870605FD8B5A3FCDD57666671E5CA75607E16AFFDF4A718DABD0B2FFFD1CB3871F23CBEF2C267D1415F3F5DE7DC3134E53D57F010082DCC3A182804BD0E9458E75B881D41BB9E3AE0F9BE61137FA1929395C354D7DE60FA343710932A7A630175638D9A6408DDE95B338EAB7A946A3FB2B1481F14D6A532DB54676A3D7EA630AB48F9DCB97378F699CFAA9F2CE5D9D7D78F2B97AFE0C9DF7B0263A3373172ED1A868676E2EEDD02FAFA362093C9E2C30F3F52963C93360A85691C3A7408BF7BF71DCCCE16B17DC70EDD5ED571914C25512C95D099CDA23B9753216AE7CF9D4757771776EFDA8D271E3FA8657F805B44B94318430EE0DC5411E3D7AFE3C7FFF07DCC95CA989DAFE0AFBEF5D7E87BF800B6E69318CAA702F54E74FCB91C8B2320042D2BA31681D811F4F9F3E715DDD267FCF0C30FAB9FB48C754AB0A732D5F81A7DC76AD38C111D696EC84195F6BC79F326CAE5922236BA0776ECD881EBD7AFA9F7151907089AE7F3DCAD5BB7AAEBD586B4A90705133DFCD03766C1954A25B559D891ED52F3738E4A85B66A02994C0A6EB9A21F1EA43A5BC56720954EE1D2A54FB065EB566432695520890366E70AB06D1D23CCAA70D94C465DB352D131C4B69D50F75729B350947E0A7564B2DACD714F18E1FD26AF8A21077072BC88C2CDEBF8C93FFE3DE6E6CB28961DBCFAF5BFC4C3879EC54036815D799DFDC7F99547463609976421216821E8D813F49B6FBEE99168E92E2041D34265F17B5A9EFC9D044942E9EFEFC7F0F030BA733DEA3DFEA3BBE0C2850BAA4634098EE43B3838A8B2DD98B5A6D28ED34945DE263D99AF1D3C78F0BEBAD224653E08CE5F3887E9BBD3CA821D18D88472A98C8A538153F1303D338DFDFBF6A154AA2837453269034E45B9288676EEC2E8E82892A9140A73F3B83B7D57F9C39939373D39A52C6B1AE6A964466F5E96CB608718DE1BFFBE78F1220E1F3E8C1B376E546B3A531E62532997D0D1915561737BF7EE55F7597B180BFAF2DD026E5D1BC5AD8BC3F8F9EBBFC0F6A11DF8D6B7BF89B73F3C872F7FFE307A1823CE8D54B5A1BAE25A49B1FAC40A41C74ADDA16E36761634FD1BB5E165C10D39A246174530E42D18A2466227599BD03933AE36CE98EF93144D14C762D63309F1F4E9D3EAA1C07FECDE423224F16ACBB78CDDBBF78085F9F91061E4085D138C2EE9E9EDC1E4E45DCCCDCFAB9E89F45B9378395FFFC0065CBA78117D1BFA50762A4A5EDE130997D634E7215993D0F910E2C3850F15BEDFB7A11F85991935376B5790A0E9ABAEF5A19B2495390F78E7CC0574F6E5D1D5D1A922368E1DFB085F79E619F464B851E920E9A54CE5D185E6DAA19667BC060941C74BDF61EE367604EDD267507304134A167B2FB891574BEE663CAFB1D47BC16B9A718B95BC34E76BB237D97E2ECAE58A224FFA9855E2875F1744A7CC040BE4EB8A6FCA276E0AD2FB19901C4792D70D704D63023D4FD54FAE2F56756F185C82B1D3E65E0C8844932DA83EBA7C1D33F3F39C1C7B87B661A38AE0609B2A172955299F5BA89EEA8EB2F284EF304BB9FDC70841B7BF0EEB7D07B125E820F9D426922C966E1DB48017CBBE3324574BD8C176548B5D3738BE4A7E815AC5C1EBEA303B5D3E53156B0A9440D5A52F34F1EAF86B86D731494687D95589DC1F137C9804936E4C213A52EA83926C4CE49CC79CEE40C53A971983AA0EB47E58249978A38BBBFA0DAB1A5BFEB4DE1F90665E4F08BA9968B7C75CB1236815C2D1D687B19B79134B45442C3F466D50FA641D7CF8D0825616B3FF73B187067DF5EF1CFD1D0E1FFE347EF59B5FA3B77740C5896F1BECE356264E9E3E879D3B3721DDD1053BD38DB9BBE378F1C51755676E5BD5BE5B386AE3BD837F2F977DD9D66A5C447821E8F5A6D1B5DF8F10F4DA316CF21582CF97A5028A971F1374A704DD2DAE9780C586ABBECB267873E69B067DE2C78E1DC7634F3C8EABD72FC36635B97205C5E919F40F6C819DEAC0F5AB17D0D9D589642A8B5271164F3DFD292498A5A92EB8E062D186FFBDC932B5AF3519E0964D2704DD32E8233BB110746455D33CC1744CB7A33B8DF83E6ED7FCCD6E8DE5B2DA44341BA224F772A5825426ADE2B8E9D4D0FD1D2DB82CE5CA96526557D500A14B867E6E8E2ABB096493DA2362AE1574F1D45ACFADEB5CD33CEC83330941B706F728CF2A041D65ED345036921F0F5AC58CE8387AF4A80A05B493696CD9B219B76EDE5011218C5A21413FF5D453AA50FED8D898CAAA64EFBF62B9023B69236927E194CB38F0D8019C3C79168FEDDF87131F1C47672A0D381ECA968B446727C6A7EEA2336561433EAFA256D8818507A35618D1425998E938373787FDFBF7A3A7271F74B337108D685C5A083A1A7A88921442D051D24608596A1DE8ABCD9A0EBA15E853663C3463A027EE4CA1B727AFE2A949A2268283EFD1B5A1B21FFD3E7F1B376DC2C8D5117477E7904EA754ECF4F51BB7B065EB364C4DDC56EDB79814532E17D199CB01B68DF1DB63C8E772EADAE63C923E235518BBCD209BD9D902B66F7F081D1D9D42D021D6840C59BF080841B7996E17DBE15C2D49076FDD10B6EEE9674A832E9429E5D860E53D1D8EC75AFC3AFBC475746951169E4AB01722895C0F4152054DEB71AC6A67B60955A968577944D4A1B331F5DF26A9A51EF7D62E2A160BBA5D34D53C3985A09B87F5FA9CA95AA96EA16ADD222F2DB46E8C13E3AE50E342D02B042C06C385A063A064B9C5F6404008BA3DF4D44C2985A09B89B6CC25083C00012168591EB5080841CB9A10042282801074441411213184A023A40C1125DE080841C75BFF8BDDBD10B4AC09412022080841474411111243083A42CA1051E28D801074BCF52F16B4AEFBD0E6C5926411AF570484A0D7AB66577F5F6241AF1E3B395310A82B0242D07585735D5C4C087A5DA8516E623D202004BD1EB458DF7B1082AE2F9E72354160D5080841AF1ABA757BA210F4BA55ADDC58BB212004DD6E1A6BBCBC42D08DC758661004422120041D0AA6580D12828E95BAE566A38C80107494B5D31AD984A05B83BBCC2A08DC878010B42C8A5A0484A0654D0802114140083A228A88901842D011528688126F0484A0E3ADFFC5EE5E085AD6842010110484A023A288088921041D21658828F14640083ADEFA170B5A6A71C82720C20808414758392D124D2CE816012FD30A02B5080841CB9A90280EA966279F82882220041D51C5B4502CB1A05B08BE4C2D080411108296F52016B458D0F22988280242D011554C0BC5120BBA85E0CBD4828058D0B2061E848010B4AC0F4120220888051D114544480C21E80829434489370242D0F1D6FF62772F042D6B421088080242D011514484C410828E90324494782320041D6FFD8B052D9984F20988300242D011564E8B44130BBA45C0CBB482402D0242D0B2266A1110829635210844040121E888282242620841474819224ABC1110828EB7FEC5072D3E68F90444180121E8082BA745A28905DD22E0655A41407CD0B206964340087A3984E47D41A049088805DD24A0DB681A21E836529688BABE1110825EDFFA5DCDDD0941AF063539471068000242D00D00B5CD2F2904DDE60A14F1D70F0242D0EB4797F5BA1321E87A2129D71104D6888010F41A015C87A70B41AF43A5CA2DB5270242D0EDA9B7464A2D04DD4874E5DA82C00A1010825E015831192A041D1345CB6D461F0121E8E8EBA8D9120A41371B71994F105802012168591AB5080841CB9A10042282801074441411213184A023A40C1125DE080841C75BFF8BDDBD10B4AC09412022080841474411111243083A42CA1051E28D801074BCF52F16B4941B954F40841110828EB0725A249A58D02D025EA615046A111082963521511C9EE7C9321004A28880107414B5D25A99C4826E2DFE32BB20504540085A168358D06241CBA720A20808414754312D144B2CE816822F530B02410484A0653D88052D16B47C0A22800097612291A84AC2BF4F9E3C89BEBE3E249349F57AF0FD08882C22B40001B1A05B00BA4C29081001632B18220E5AD0B508895D11CF35333838B8F0146F22042D99D4FF5048144713152D532D8E80EBBAB02C4BBD69ACE95A1747D08A16828EE74A8A1D41BBAE2B041DCFB51EB9BBA6E54CE235047DEAD4A9AA8BA3D6051239E145A0A620202E8EA6C02C930802F72250EBDEE0DFB4A0FBFBFB914AA5EE717F88F51CDFD5133B0BBA52A988051DDFF51EA93B3756327FD2DD71E5CA1574777757370983C20A49474A754D13A6AFAFAF25EEE0FF0766F1DC443B7D42440000000049454E44AE426082 WHERE `app_id` = '7'; UPDATE `fn_app` SET `thumbnail` = 0x89504E470D0A1A0A0000000D49484452000000D4000000BA0806000000D62063320000200049444154785EECBD09B86557552EFAAF7EB7A76FAA49484B8510087C88A04F405194EBA75E9B400286670BA2A2288D82CDA70F7D8A4A7C220AEA67C305858708DE4B083DF810BC72318020810409E92A55956A4FB3FBD5BEEF1F63CEB5D739D59D537572A1A8BDA152A7CE5EED9CF39F638C7F74CE3DBDB4B8F3F3FF811FFFBEFF829513C7D06CB5E1FB3E5CCF85E33880E3821F47FE7B864FC1EF0A80E714E6EF930EE7410E8F2AAF9703D03B9CE6630E2ECF39CDBF375C542E55BD8B5EFBE4DF8CEF79DAEF367C212F89020E9CA240C177359FCDE32343C063CD17F67B7B39BD921D87420F2C2FB2F1DF85DEF1A43738DD33DB6B57E7AD9C92CDE377C6B1DA7487936EB8F12DCEB6444E9E818D173CCBB2292F7FFA79AC8EAE194CF3881B8677D38356AF371EEB332C49CE7D9E23CF7324698A41B78B99F979BCF1D6F7C379CB7B3E54DCFC3DDF8985F979F87E504EEA498F76C6C1E402E0EA1883A58A2F79B41C285CC0D9CA1C54D7D369578D056D15A4E313E5B79B5168174FA1CFC935BA1108A7B859E5794F1A6CB99D9EA3D7B1DB838E0701377E86CD13B4711A373C49B9E82D90CCF056DE67D337FA3E06C4FA30274176FCEB9376C7F1B1278FC0997E53592595157BFA055F7DAA535F979BB16CE4A7FD9CFC5E1B3635AE3347AF51E4BABF572779E3BA38F926F6EAD5CD683C9AD5B9DEB8BFA5498263C78FEBB6B7B8B4044F245175719A0739D5BCE705721770B93065519E8C12EE36B29A0A2EB6CAE23FC3C08F5FB67253F9F16439566CDA72456228A637EDF666D0CA8B5706D12EFA0DB2CB82720C8EF1E2D573C7CB48BF51A0E914E86DCC1114D6763E3701B33A6AAEA24F267EC3F166FCCADFCB75CD4B1A0969015BCEDC6691B8492E8FAFBF518BB08F2C97DF349D1B1661F95D058425902B1B891DE60DC276B3ACB5FFAEAE3BBD6EC175E39891CD0BC01DCBE8129695B554EE21552C9A35325E4DE39F721470ED82299FD1FEB05140D899D5CBD9F9AE6A5AFA9C945ACE54AB55345A2DB3A3E6708C18D12562102950AF28665590999D39876B1E9067D985369612279DC2A3721D345D5CE39DC96285DF54D580EA6EAF80E2F51DE406D4560D5395CC689FE3AB57944D1DB8F299E4550BE48E53AA9F7965A72CF12C182B64B239979C1059BFE6214F92BEF2023972D7198F8D2C14034B0B227BBEAEA4B1E82C17848E27D715C78BEF2CA7CA2662AF67E4A339DD2CCB8AB092132083C58FEC9F55505915224791BB70F872B9991757D7825D1376F3B06251B732572583D962EC8621671970D81D43E75A4153AE31C73CBF018FD91EE5AEB2F0AD3A61B402D9C8364B64B34116E06AE4F5AD4A643488CAB956652A6472ED809432A0326E7A13BB7D8CB5117DF431A60D5696772DD31890C1752A03E71482613D2137AFC75DC26C5755C0D98991AF8CC8557967752AB3C70BF0EDCF050ADECF8A685918768556179CDE9B67C9E35981630448090B8E2E179A6E3BE580D839D36BF355CDC66016A7DE4996AB192057E16D77FA522018358227E4BC391165B53C1D713B3632017208CF715118DD838FE81A1B53BEAE80C2829B6AA25C56E6515F722C747524E4C6E6FD0BCE0D016B9E99EF99E766ACB8C39700B68BA2B299C89818A94BF594FF20E064F2B889F26FDAD279B938794C2E1B962C0C039F0A302ADB2987896BAAAA3DE8F231D2986BCECCA7DE5667D3BCA10EAEA842150DA5041C377F6E2C7A6FAB74CBEB98B9D561B79B813149E4BB8D8243EEAA3B54E54A7A217942234FE4D6D62E3660CE650C5CC50F6FB1B4BC2CCFC489711D57777B591C66F79249D1ABE80E6454D2D25E2AC0DDDC4A0BB129CCA4C800510C0A70284908512B8D8C583733CAC7E20BC882E3A4C925CDD6E0EAC4E9566157AE284A669B303B988C99EEB09C04873BACD924F4A9F577166DE3E56A67D10CACAC33A3725892C548022E275964A57A3C5E14027DB3802D90EDCEE6968BDB4CB0A8C26630A9425BE928A854E9CD1D448129FBBF9D735D742221F59D38AAE5062EE3A67326E3CE0B98F7D1D560D562057C5E18007359984D54A7620C1601B6AC19AB762921534A649138F284061EFA1D37123E8302D0AA51E3852D6322F3C17750D9A66ADE78531C6B3155E0AB742D3721036E59315595ACA2C7EADEA163A82A76B9A31979A06B4D8580193F0B77B3F1C90E68E6436F99EB3870C4EDD25C5EDEA57BB1058E990C824B0F1A4B149937EE88164C66EB1C6B0E63C1A833A72B46079E2A8B8A7AAB2F5527888B40F6598256D7C058FEDA856044BA9500BAC8CCC0162E0A379745A6D363D8492BE68D8A615508B98F4834A794C0BA1F991D91DF1989C231B0EA4C55CCDBEFAD2A268F6C8063D5205543CDCE6671CBF1330B5D1680CCB6B56155AA7063C9ADEA52EEE3F2F4A5CD6A87D2EA1EBAC875B1C87398CD49259A8262BC0AAD0E61A598D98D453C5875DCA895E57554BD14E96DE652CD3ABBB48D5093B569AD4BFDCEC8D9B146CB71311A8A5C810BD42E4AAB1594FBA555E10D90658D5A8DC1805C34B75C80AD5B8C5D07565BB4768E8E8DCA435D29623EF01955D0985D4E351ACE8F0802FD6785B5DDC8565BCDC9D9B5BCAC9091DD49675E416476126337E8A4F00616DD3A210A26AB37A80E248BD4EAF7664B14C165C0A9AAED4683D40AB6522018C54D777DBDBED5CFEDE053B591E7B452C8EEBE46453588DEA0E7DAE9E522A626A16FCA677695FBD0FF18609B0564EC00233BC49C143B83EF2FE48C59640226AACEAA2A8DC7C71AFAFA80B2205D02DA4C90A82646571715D8A845F21C2ABB793DD9F98C9D2292DFEE4DB2619B09368B52664200C67733924926D7ECAAA50D930B7865B194F36EEC0FD175784B638B983953C4DADF71F8AD9AA99A05DF518928AABBFACEDCCD752757A95902CEBC84FCBA94F04611E45C884260E6592E6ED438B9A7B9973C175553BB4ECCDA9231196FEC6ACFE9A64EC96CC75CEC70BB29D84DDF6C0AD4ACF4381D4B8EA9BCBF51AB4BCD4A6CF91CCEF2D2922A09B2637397D79B964B586753553EB3B0ED80954C8CB137748171F00C7569178CD9A245BA99C5C687530DCEA87266E154E80C2395B95B9AC56BC7B9E203B2FAEFF88915783265B250C6D69E591D6A8314542FC73BD2D8C8AF4851AB459B034B49CC7192C566776A731F4192AA8432C566A797A56240628D58BBB1735794C915DD4EA9762B61D426B46018AB4CD61857B5D24802A3AA1B75C39877469E55E653006925BD2C302B5F746790454755D9A8F7327AE317DF4088283E75A7579553B5108E8BB503558B305B7F7933B3D08D5E6CD5456B7AD879B29A8D7D6681A4D100644AAC58B05A8811944A5818895B6A0D5661E2B3885161806F54C90A4123A0339810759A73A33B94D115F446E59AB18615CF5B16093516D076B04BEAB7A20EEA02B56A8D0A71D17F2B14A75571C64C94D9552D1B6740A90BC74A4263A3559EC3DA0486461BEFDAA52D628DEBCAAE55B25E9654D8E8D390612807BF62CBC9EFEDA66217D3980E57D5B4EAC8353ABEEA7C627FD256E0DFE562305243258A9584461DB34A921D4F0338B5BFCC6455774C737CA913995D5AD51E63DB6C58F77631997B8BC418AB66BA53577C86E5A6A9A030F6F9D84A740C68ECE2B2EF634995AA3D65CC04A3E0A80650B5B12B1ACBF83EF63D2AB47405F4E5B89412C7A8B6E5B88C4D0BCB25A956C7CDD8A8A166416D589F566CD8313412BFAACECAC855D69C153432A3E61975F88C30595A5EB2E6F178C84B95D8EE01D5E9B0ABC1C804CB22D92D7793536E6C5559E3DD8899CA8EA033375E48251961D5D9722D1891677525738E799F928EAE325B954DCC2CEC0A1BB7296AC31EAB3BD898391AB33F278F87591F5533A2BC8CFDA57DB35205355AFA788F35DB6DF93E7602369D5919336B43549F79FC8255F0D8BB561ECB4ADEF1545A4363E341E5F795E7A9CE6FB94E2AD2A27C37BBDA2B268951574B3BB4727EB97F6CE0D9C607A89933B6E76D948A594D1BD76E098C8DAE13BDAF214C2A4EFD524894CBB0B2D99807ABDE67C32059E96FEC579150278DE2E65F54C673CCE49CF5ACD31E501DC773BFCA4E9FB971119FD3D577E2C576E21A677BF8EDDCE3A463B773F2E91E6427AEB18D973CEBEDCE7CC0992337363EC74980DA7CE90D9B4851A05EAF8F6DA953EF6715CEE76C2FAD3B694516E809671D80CD72672BF7F9DF70CC969F7B5B2F799210DAF13739DB736FF87EB3BCDDCE7C6DE1C9AD12B28543CF78C8B63782530F02C134180C54B5B68CF5496271FC24EA87AAAC60AB559C6ABF6630E0FCFCBC04059EFAB3C15AD8E290587AB572B82152CE7E812D1F78F64BEDC411DB7A9C6D1D2C4FB7FD33B6F85267BBF086EF4F31C7673B7F8B8F615FB2E26FDECE999B444545E5DCD2E89DFA255CD7C5F163C725587CC33668F43AEB07B710729697972C5B59D2B8EAC9DE486BF3627996636E7EEE0C12EADCDF7F72E66404BE16478012EAC4F113703C1B1D626065E9DA0D0F6D58BE4D41D26574A4F58B0B45C8583723A14AFAFC6B710426CF3419811D1C0101D4891326826723356159CA5200528B585A322C9F848118B5C246F64A0C93096D290A644581C5B939F5354C3E9311B8084680803A7EE2383CC72B43A2CAC015719758379D465E1A40A9822E6E14F133D9205813FCA28159E267A10D35915017C14A9ABCA20A1EC7C5F1E347E1BA9EC693DA103D6372599965C39204501A1E621CB512CA485C8DA3AEC5C812275981F9B909A0266BEDE219013AEC8F1F3DA181C665348A89EDABB80F4D800B9CC5C5A5C2C6E7D9E0CA32245EA83E1BBEE320CB332C2E2E9E81E5BB78067AF2A617C708B8AE83A364F94CEA5219425632E38C6ED1004C09F05E5A5AB4D183265F681C96AFA1563630D0D850F30BC84DDCD9C531A493B7BC984780B4F9B163AAF295AE241BE95E09FD2A333DA8F29D75C08CB3ADC8722C2C2E4C24D459076C72C0D7CB0828A08E817F1BC25C4D229BD9605FD4A0486CA8ADBE3C69F3858509A0B63A5E93E32EFC11D80C284555054D26C6D0464C56006512CD84DAA80C4435FB7802A80B7F854CDE605B236001E5305FAE3CD3B0DE265BB72ABA9CC5059212E64893E4558DF6AED61BCA8A1C8B1309B5AD09991C7C618FC0661BAA2A6FAA95B76C828CB3B8B45868E5204D1F974F19D664CB84E9AFF33CC5C2C2D2B66DA824491004C1853DB293A7BF28476083CA2799E0CA9D9FAA5C9D687F8B4B0B5AA6C326E7D94C4782AAEABCA2E3F71C543E82E9CA2BAFC4273FF9494C4F4F4BB4BA35F02ECA199ABCF40535025CAB478F1D05DDBAE256DA206C58F4C7D5C24C9A030C67619180D2FFD90A3A9A056A72A3A560827A8CD33CC7D23655BE071F7C10BD5E0FFCFB75AF7B1DFEE66FFE4606B4D56A210CC3B35409BDA0C67EF2B05F872320803A4ADA9CF5318CAFC956A3328519B56E852924B3B0B0A8E91B95CA36656688294925158B88C0BCC0D2D2F61CBB1650D5B17EDFFBDE873FF9933FC1473FFA51CCCCCCA0D168C0F3BCAFC3E998BCD2853E0202A82347357DC3A6CADB3A8B5A59A2CCDF63ED0C91507AE4B8F64359624B93E5E5FFAC8C9366199696B667439D0A507690A90EBEF6B5AFC51BDEF006ACACAC606A6A0AB55A6D22B52EF455F875F4FC04D4912347C4B15B5606A9D643B1C54F6C00C4E22223258C2BEAA44225634E83C7E7F9CE02AA3AEE9FF9CC67F0C77FFCC7F8C77FFC479158CD667342647C1D2DCC0BF5552CA03C4930B4F550F4C7AA03579DBD059CC585C571E9D333E69E17C8B27C4725D4E906F94D6F7A9380EBCB5FFEF284C8B85057E2D7C9738F01753A93C4960430B56FC58632CC453509F15429F0D90EAB7C671B73AA8B0416890CA6944C888CB38DD8E4FB9D1E812AA054228D2BA09C5C7FA5A00D455262DCD9C8DA4CA626D786E763B4F9D2E2CED950DB79F9F7BEF7BDC2127EEC631F9B1019DB19B8C9B1E73502252921A17CA61AB08984508AC148285396CC595C5830B5082B4E5D5B00D0A46F48652216B42FB06D966F7D7D1DBFFAABBF8A9FF8899F10BBE87C3FC3E15018C23FFDD33F05AFDD6EB72744C6F90EEAE4FCD38E000175F8C85128093DAEA32E854DCB824F0A2A71DD2ECC2F14B663810DA36572A16B3B2254EA4667F4436D5342F131B8F0D7D6D6F084273C013FF5533F851FF9911FD99129BCFDF6DB0558EF78C73B441D9C10193B32AC938B5446A064F91C4F8BD8DBBE54A60984F4EB326485948A5E585828589ED6F62B522DD1D6E81EF7F7E1F7A4DFB7EB87AACE4E1CC7E8F7FBE8743AF8AEEFFA2E3CFFF9CFC7F77EEFF7EEC804BEF18D6F14C935213276643827173123A012EA08BC321FCA94D02BDD4FA6F103FB1AD0B93BBF302FB17C6575F7B2B6357FC7BAE55698012425969797B71DCBB77976482F8E4623011741F6AC673D4BC0F5CDDFFCCDE73D91F7DF7FBF008B009B1019E73D9C17FD05045087092855F1040DB6D6B9947C36F9B9D248A020A0E8D8B57033450C4B8A4FED2A5B7E99B17C3B01A8EA2C115CB48BBADDAEF89DA80EBEE0052FC0BE7DFBCE7B326FBBED3601D79D77DE39B1B3CE7B342FCE0B28A00EC3F518CD67EA1C579B9E5B6794A94B2F36D486FCA7338CDB4E49A8D3DD828065D95BAA84AC5D41605172B1D2D2F97C1EF7B8C709607DDF3F9FCB4CCEBD0847C002AA1A1A570DCDDB8C9D4D801AD7193F55A5E7871B50D5F94AD354C04542E3DA6BAF153283003B97CF631EF318B9D60450E7327A17F7391B25D438A2C8768B298BC49A61521BAA02339B50685A1397A3493196EF900DB5DD2962CC1FED2D82EB694F7B9A00EB861B6ED8F2652680DAF2504D0EDC3402C2F21D3E0CF2E6AE89D72BB5BC0DA692A9694996CF064F48C73CE9FCA757355FA829566819B19DB6A1B633835409092A062BF2F3810F7C40D8C2B37D26803ADB084DBE3FDD0810500F1D3E0CDFD3AA47FCA3E55A6C87FA8A2EC74AB2F373F385E39AAEEBA69525F976D7F4A294EE0206598CE55BDE75FE2CDF76A66F332378E38D378A847AD2939EB4E5CB4C00B5E5A19A1C780A09454091365735AF0A20DB71D20820D2E673F3F322C1CA1622A63BBAE648992EF2A6172A6B4AEC5ADE75DEB4F95666ADEAB37AE6339F29E4C4F77CCFF76CE5D4938E9900EA9C866D7212A51125D44364F9C691E6D2E4DB46974B9364D1E734C970CE48289333A5CDA96D6B4A9360A8DDE10B1459F1B0AA7C96886054C5E31FFF7821227EF4477FF4BC27F6FAEBAF97ACE1092971DE4379D15D406CA8870E4B2FE56A6D73DB8BB8B48B6C07FAF9F939D3A2BCDA70B5DA7C6A1C8A4E1B6AD7AE9D955055AA9CF6D90B5FF842011263F4CEF7C39024FAA1EEBDF75EA96531F94C4660BB23A012EA2193513E6EAFB8B1EFA6F93D35BD79A3F219A125F7DBD80567FC08CCD8DDBD0380AA3A735957E2C77EECC7C42EBAEAAAABB6FBBE271D7FD75D774954FA5BDEF216445124F17DBCC7E43319817319818D80B228297B6ED824F812330AA83232C2D49628E9BD71854C1EC40E86E72AA10822DA4554BD187644728176D1377DD3379DCB7B9E74CEEB5FFF7AC99DA2579BA9F49448DB6936BC230F31B9C8D7DD081050871E3A04DFF52B92C6C8A79313A2484ACC692D976A9D162BA6B440A6F08434C3E8D8DDB56BF7B64909DA44A4BB9FF18C678824FABEEFFBBE1D19F88F7CE4232090DEFFFEF74B662F53E72776D28E0CEDE422660454421D82EBF95A90E5A44EC79A0B5F96B4544019E05892DD1CC0C29765166F016479BA6D40114CB7DC720B9EF7BCE7EDC824B1A41325D15FFEE55F822406D336A8DA4DA4D18E0CEFE4229B4660ACF2B18C18893C962C27AC5C0D92E03F58D652288B02CEDCECAC78722D772E91E752C945E2D1E5F2744931158475F9B66B439DA9EAD17666EF6D6F7B9B5448BAE38E3B4A69342998B99D119C1C7B2E236001A575F98820070E336D4D866E353656F2A166E7660B418CF89F36B48A929399A6CB22976A4365D8BD7B7B2ADFF900EA739FFB9CA8746F7DEB5B459DA3349A94743E97653139E75C47406DA887A42E1F658CB604D50AB2A76A8DEBCCCDCE11492A892AB5912A752F8D3E4895AFC0EEDDDBA3CDB70B28DA6954E958AB8F7D79489F4F0886735D0E93F3CE77042C29E1B13BB5D846E33EBB6266548909CAA3B9B9398BA68D7CB91CB891C6E0627FB824D4073FF841A1BBFFE99FFE6942309CEF2A989CBF632320803A7448FD50A74AC1B04CBA21F2C68032476F3867D305E887DAB3832A1FA517553A120CFC4CCA84EDD83A985C688746A00AA853B0E4E3A443E3897266E794E5E327CF19BBB4F949CC650AA5CD77EFD9B32DDAFC542A1F0B593282E14B5FFAD2A490E50E4DFCE4320FCF081050070F1D8427B4B9FD54E324941257528F2ADFEC5C2111E504942125B4E19A2502359D838618FB43EDDEBD3D401D387040B2653FFDE94F8B4A3729B5FCF04CFCE4AA0FCF08A8843A084F240DFDB50E0AD3754368F2D22F655C4CB3A4CD0D4DAE94B9419C624ABE22D9C71FB334C79E3DDB63F928D5D80080C09AD4D07B78267D72D5876F0454421D82EF38C88532B7F52E1514E29732E6125972676666C6C0C85549845CB808FDD9564457DE82E91B7BB629A1E4BC2C9BB4AB79F8E67C72E5877104045007A9F2B1D2256512F1A17950B9C919944822892A2AE0CCCECC14D299CDFAA04C74842A85D681A53A22FD507BB669433D8CEFBAE54B3376907FBE5A1FC6164E3E17E608584049108169AAA6ED9E683A99E211520C568590232A9F8D4A1F47A76FC84CB4EC0625CD85062802E9A94F7DAAFCF96A808A607AE52B5F2901BB93CF8537021B2554191751E1C40D1B615ECD999961E8D146979388AE0D4E2B855496A5D8B367EFB658BEAFF6103228F755AF7A95E4587DB53E4C21B9E4924BBE5AB79FDCF73C4680803A70F0007C69B866E28D4EBADE985017092524A021CF55748D0F50FFAEB1A1B21C7BF66E8FE53B8F77D9915309A85FFBB55FC3CFFDDCCFEDC8F5CEE52213409DCBA87D6D9C2312EAC001B8BED2E6A525645AD6881955898170A6A767D81AB40C8AB0A5976D1A3CC16439F63CCDB067EF8527A12680FADA589C17E25388843A7010BEEF49071A52E64EE16A2A8769996B5AAD29B0A6676695AB28533794171400566841AA80AC7AB4F70223252612EA425CC65F3BCF5C02CAD3740D238FA0E1E2CAECF1183675276A84362F930889205B0CDD50E6E637289C5C3276F74E24D4B6677BA2F26D7BC8BE664E50401D904889A2C86D02869A534C7B6293003AA78C1AE7CC4C4F6B6D734B9797E987E39C0F8B4AB27C1722A07EEFF77E6F47AA279DEB2C4F0075AE23F7D53FCF028A7F0B80ACA667D2376C1491CDD870A68D6377DCD3FA34255A2463F7C20314A7846A1FFF7CB53E1386EFAB35F2E77FDFB184DAD4B4BAAC19C17B54583EAA7C72DB0D3EA8CA83544EBC1025D4F90FE9E40A17F3085401A5B019B77EDA80296A7D24F76666A64D5D3E1BC36728741B7564CB52504265192EB9E4C262F92EE6C53079F7F31F0101D4830FC2632BA452E88CB37645161935502228A667A6B58BAE204CBB5C0B0A73F218EA93925C7987C1B113409DFF144DAE70218D8002EA003CDF2B8BB268A85EAEA14736E6C8026B7A6AA69088D93229CABE2EABB9B06EB3117404569EE292BD975E50911217D2E44D9EF56B6F0408A8FD071E44C0BA2A9558BE32784FDAE9520019EA6E6A8A2C9FAA79A5316573E74D6B1B294AC1BA7C792E21342C9F3CF94C46E0621801028A49B26C093AD6ED3412D606C8B29BBBD63AA7CA373D25E249FE2123B4B1F08435BC6CB4F9045017C3329ABCA31D010B28CFD304C331A167ED284B55A85072A6E987DAF4D1F8BD6A91731B1C4B1B6A22A126CBEDE2190101D47E92129B68F38D6CB925CAE14C4D4F97DD6B360E93CD9B1F2390911213405D3C8B69F2A6DA1F6AFF830FC217096534384B406CAA0A2684DE14553E419BB603B53C9F6D0B6AC36BA9FAD176BAE4D289849A2CB48B67042CA0D8C150B3741D093F520A7D5C53427806DA526D91500CEDD3A358B399074A1D0A5BE74584548E3CA7CA7799FC3DF94C46E062180101D4FEFDF07C966266F89125F04844D89AE686AF2051313535A5B5586CEB6ADB898D5F96317FEAD1626DF3CB2EBD44D8BEC967320217C3089480623B1B438F4B628649DDB0B0D2822D2E9CA9765BA1240D032A8986B6E9AE9CA8259028991E71E96512D337F94C46E06218011667B9FFFEFB959430F45D19102B6E25D350C3B4CF1509750AC2E29465671929F188CB1E21214893CF64042E861120A01E78E0810D55BB6C5B1B2B686C6ABC08A6A9F694359FAA244619415BB2E7399016192E7BC4045017C3429ABCA38E800594CB9A124242D84C5C6B37598498CCC1D286A2C2577631B4C528F4209B8D98A5291E71D965130935596D17CD0808A0EEBFCFD494303D0C3762C86A824A51B445424932AF90E69A0EAF69F052FD889072F542EC1878F9045017CD629ABCA89150F73F202C9F8D2832A483E1C0551089978AD479BBDD92429792239F1B049A2686EC6028B1E6242C18402B36D4E51309B5C32B8D1B976DDEA559A12705AFECF01DCFED72F6D9D87C9CF5EA9324D9522BD6B22C1D2065B999C1CC9DFF6BF95DED08B1C1DFFDF7DD2FCFABA10EB64594712FC98144892B4CB9D36AB7355242C83C738A9D50D1FC6C436BED603801D4B92DC6D39DC5C5C6C96287467E86C3A114C5A436F0B5002C3AF3C33094C5BFB2B222CF75DD75D7E10FFEE00F70CD35D768A074A5325645FF91949F3C2FA49138892C5EE31DEF780758928080E4EFD91F5916AB59733C86D7E4DF5F8DBEC9BC27DF91CFC50DA3D7EB61FFFE07E0BABE3E53912337DD086DEA86D5E4241ABDDDA284B2D3AD51E565E73571EE8EBB6FB0D0E5E5974F24D44E42CAEEDE333333B2B038999400FC990B6EA723FBAB8BB47A6D2B2DECF3D0FFC267B18BFDF8F1E3D26CEFC52F7E319EFDAC6763B5B386C1688424CF1150C3C90B78ECD022A9400620523A2B07034BE9BB745D078B8B4B3872E488F4057BF7BBDF2D40E266C2C5CB7BF24F55624B0964B98CFA3EC7B51D540A5800EED49C5401CD6762B561D2E65246AC943B0630122B6BA3255452A984D29F37763034A2ACFA4BB1A12680DAA9B9D31136128A9D490683814803DAB0A297BBAED9D977F296952E47726F8DA2AEBA42AABB346B7110E03FF8833F8857BCE215D24185AD5A9BF506B224D1C5EF3AC898802A5D331D30158FE02AD82402018ACC41E1336FC8451C0FD06C3644EDFBC4273E8157BFFAD5B8EBAEBB303737578283F7B740AAAA8B16586558DC4E0E8B89CFE306C2B1900A47AE271A8302CA37771B03A50C2257AFAE02BCDD6E6FF4436D0696F937FFCAD314974D00B5A3D3A880F251AF3791930C32F694767BD08FECCE3BB18AC6F35EEEEEBC3FAFCF05A300A6AA494017387AF4A8A877BFF99BBF896FF8866FC0DADA5AD9492519250899C59AA7929C9AC145E67A628B8B2D51003EEBD5887546FE0000200049444154F1D1798091525A2092616C3916161644F57BDBDBDE863FFBB33FC3EAEAAA48412BA1B4E61DEFA1CF68ED2E01FF4E8CC7E69934E3234DDA8B5C24749AC69B00654FAA00C3EC51C292B75B04944996A700630F9C317F6EA2006980E5C89202975F31A1CD7712510228D747A3D9161BD561B92A23B9AC9AB353B6C4E6BD92EC2D17691227A292D16E20348E1E3D22ED595FF8C217E2E69B6F166942A9C4E790E393047E1848281A055C91A5F0E0C34F3DF86E80300A10E7297A598AD84DE1FA05DCA40092142EA58F1F0840F8EE34FA67676771EFBDF7E2965B6EC17BDFFB5E9182B423799F24C91004919C279BBAB1C5AAB4CD69EA749DD334598D81EF1AC70992B48FFBEF7F40361C35F3B843E81C59C58EBF23AD277B85B07C6516A1B5A04C7B0EDBB283417DB92B8EDD2B26B4F9394DD4E94EB212AAD16896C6B835CAC7A5DD76E6969C6602822164BE1FC80E3C1C0E40FB2D4D33914083411F4F7FFAB7E1977EE99770F5D5578B04A11D514A07A4C41C022742175DA01E6026F1E1AFA4F096E77024EDE0E3777D092710E1E9575E8E7D7E03EB4907B1DB43800632378047C3DE100F0414AF4F005342BEFFFDEFC76B5FFB5A01D8AE5DBB50ABD531180C45ED0C021203C69D53212DF45AE73F4656CDE69C104054C1B32CC1FD0F58964FC3F9847430F693565ED1D63664C59D56B329391B5201536A9C33445DB441AD9259261B1632E8575C71C584363FFFB92BAF50059465C2AA8CD70EDEAA541FB970ADA4A12420E1D0E97424D7EDC52FFE79DC78E3B3D1EFF74B6A5CED3AA5F63D96E4662C67E0234C0A78690ED78B306884F8D4FA117CEC812FE18B711FEB61886FE807F8F6E54BF0C44B2FC57C9263351F61E8E6F073577C9B7C0E4A2152E9042EEF333F3F2FCFF38637BC017FF5577F85999959349B2DB31128314100D9B1B264CA4E4871553115B00AA821B22C56DA5C120C6DBCAB6E758A0FD32BCA545C5640557C1F9A1B6F4E35B524E4DF126D9EE28ACB2780DAC9457E3A40EDC402399354E4A2241170E79D778A7478D6B39E859FFFF99FC7C2C23C56574F88BAC3DF5332546D39A1307C52CB393C87EA5D1307463D7CF4D003F8E49103E8851E7C2744DB6FE248BC0AC78DF1244CE1DBF75E8DC7ED5D86D3EBE1706F0DB5A826EA1E0145559352CA326C5431F9DD673FFB59BCE635B7E0A31FFD18F6ED7BA4808852D5D2F0F6B9766AAC4E07A8FBEEBB4F25B4E5EE343A5671622A2E1BA8C169B65AA2DF9D5A646E6434187A3491503B0927CBF2F9A0CAC7052385E78D3AB4D53B9DCA5F55DDB9377F6FA5D38913278474F88DDFF80D3CE6B18F9505435F53BD51431AC75A0E9FBBB610242E5CCF455CE408696F799E48A17F3FFA103E70F7177028F2E00653981A3A68041156F3186114224E47406F04AF15E1C9A18F9B97AF803B55C730CB301CC508FD40DEDB0F3CD18CD46E544951AFD7E17B01DEFCE6BF153590609A9F5F109595448590D615FF95A85EA7708A6F1570670294D850658D4A05CC86845DF3A5D322A04AF3AA52F968437F6B3D822F3401D45697F9D68EB34C56BDDE281D99DB019435A2AD4A66D539EAFFD63949954AA960AAEDA951AF023CFFF93F899FFCC99F94E38E1E3E8236EDB8644473190378C80A0FAE13C0C96334C318712F46CD6FC19B8D70F7EA51BCF7DEFDF8F75E1FB5B00EDF70C51225600B3F8A5AC458505DE889E320F21CDC74D975781AEA088218FBDD554441034E3F409417A815195216E6F77C24EE08499660F7AE3DB8FBEEBB8562FFF8C73F26E33437B780D1281642876024BD6D9951BB9958EADDAA87679B110B28CB28523A93E5A384B2B47995D8A9FAA0ECEF0550B6DBBB584C8535B34C1295413C8DAE89843ADB946CFFFB31A09AA596B05540F15CAB265987A7750A134454A3AAFE1CAA5704DA939FFC64FCFAAFFF9AA851B49568B3B4A7A7D0EDF71184E39D98E401B3545324F2620BFE2C563A237C60E52BF8E8EA01ACE73E1A611B7E7A7A1ADB3E239F934C623E1CA1480678FC6597E0197BAEC0158C94180CD0C913148D50D8C034F34002DE0769EB048EEB95214BEF7AD7BB445A91795B5A5A1689C6F72253483B90AAA2DD38AA4EE0AD48A92AA008208E5F1550B9896DD58E9FA766419C46AB59B8DAC3B09449AA03AA934EC4A82126D26C424A6C1F32673EE37C0065551C2E162E2AEED054936C2F616BF0532A91F6667FE497BEF4A5B8E1861B84DD3B72E4B050E262E41739BC40A9F0280851244324F1104EE061C96BC1CB237C68B4820F1DF80AEEEEAF23A9B7303F02D8D72F73B42EDDE64F7581F23B2EF0200871BC18A09776716D1AE1197BAEC6636666D0AEE7E0FA2AD85B3CA821E1E2CD4768841192349377A224A5EF8A5DD95FFFFA37E0EFFFFEED0220122BD6D6B380DA1C05B295793B1DA0EEBDEF3E040C8F121DCFD0E3F2A3954BBAF1F02380521B4ABF6497364B4D0A8BC1FA12269E2FCD525C79C59513966F2BB3B3C5632CA06843558DFF33EDA876D7B7C78B8A21BE53F511F15C52CC741833CC87BBEDF77FFFF7E3975FF1CB4234F4BA3D1309A040A4EF2B743DD140281B92FE482495DFAA2329323C38E8E2FF7BE8417CECE07D4866DA08FD69B44F0051E8A0EB0FE0E31425B6CCC3559F557C4F648FC300711AC3190D91141EAE9B69E199972CE2FAF6A5687652ACC47D24AD3AE0A718F57B127BC1E726A8089C999969341A2D7CFCE3FF823FFAA33FC2A73EF5292C2D2EC20F0251FD6CECA1B5A7ACC4B7CFB2D9EEAA8EA3B561AB12EAFEFBEE15D552A8712717465C8B1919CC983A1322841A8D86115ECA53A8B145A64F0B4AE8CEA3A7D218BC6202A82D42656B8759962F8A6AA57A7626956FE3A2D048822C539A97F39D2629A25A0D491C4B7191FFE3294FC1CFBDE845F8CEEF783A3AAB1D74BA3D38D28D2F35C6BF07BF70D077C8B6D5E0F663A1C683B089434181CFEF7F00FFFAD0FDF822522C3567D1E89210C891852E620935A224392DAB75D220C89A940D80AAA40BD43CF17FEDCE023C6579198F5DDC856BE7E6B1DA3B8C6192A2E135308833F89E83A0C6087517C37E2CB17553D3D3C892147FF796BFC3EFBFE60F508F22B49B6D0CC91C86A16CFC127D62C80B4B8957E305376F5C166C3C86365A9E27B8F75EDA501A9FB881A6B79A9DED154591D46C36AD95B4013CA2231AE795851555872BAF9C48A8AD41656B476D07505625B16C20279DF436A5117D841159B53841B7DB11F5EF177FF117F1DCE73E5776EC13EB6B4851A0E6F95A6B2467948283241EC0F155151B7487C2CCF98D1ABEB8DAC147EEFB4F7CA1DB41529B42CD8D508B33785E86C4D56E96C2008AF3726B5E55351DCC02872B51DB419C034180F53047DA5BC3522BC47FDD7B35BEB3B18461D1476668E9A13CB40337056A913AA563466C381E76EDDA8BFF7CE05EFCD2CB5F8E2F7DF14E91647409D8F8444B5658E2C6AACA9B8155050CCFA1B46368159DCC04946C1F65122E69730D26D7DF99A008026A2CF2CE3C3613406D0D24DB396A3B80B20B41A31D3474270CE9CB89E567AA4324199EFAD4A7E015AF78A5443AF418DC4A86CDD36976E204A11B4ADC5D910E10652952A7402B68A170EBD8EF25B8FD8183F897FD07B0520F506BB9888631BCD4C3C8CF9038199C82CC9F3A79951419172B39DBBBF33973F01AD29156D4C5DC033A7981C8CD510C133406191EBB7B0F9EB9F70AEC0D7D74B00E2F8DE1BA215CB78538D5F796205EB1F372C0F7B1343B8337BDE9CDF89BBFF92B91CE54A3E9141E0CE8E3D22891AA5DC9F54C9BABAA129E4AE5BBF7DE7BE0F9C1062B717318977D6F9150E52058F681898522CE4BA8093A27803ADB72D9FEF76703945541EC952D6B27E090C59C49784CBF3F10839DE91574D2727765F401B21C7E1461E06670E20C4DF12501A95B43580CE0A743E44B33C856733C786C0DB71EBA0BF78D0618B466C45E084603F84E0D8E5B1310B945A68D264C16378348B7C2A0C9F34B9724DA51804740E50E1237452492CA43BFE1A1EB0CE1C519D224C192EFE329CB8FC0B72F5F8A4BB20C27D656D069D724AA5D523D68E3C7B924F7D5C208C56084BDBB77E1BE071FC05FFCC55FE09DEF7CA7345A6FB7A725AADE4A24329D246F345E8F405542C16A00F66F4B9BDF73CFBDA205D877305D024C0084BE9842C781D36C305262CCE4D9A601C2FA996040AD27CB866B09AEBCF2AA0929B17DDC9CF68CCD80AADA4F7662ED645B105195B1B9535C309DCE3A6EB8E187F0F297BF4C7A2093882098C87E31D8B93F1C82D9135CC06DA786B448903B23245108379C42B793E2830F7E059F583F84AE1BA31ED651141ED2C2419D0918698151C1C0DD0CB9E3C215D78AF1376D51DDDBB037CB8B98A20B0C34CD1464431F883D475457FE6E341C201CA5784C6B06DFB27B2F9EB867378AEE10703AC84719FA8E87B8E1C01B9070A3CFCC479AC4989A6E616A6A1A1FFEF08725E0F68B5FFCA2843051AD4D930CB57A2492DCC6275627C76E605552C2AA7C3415E957AB24469953E96BD3B2114EB35997180A8D491A871D511CCB4E64727E5DA790C8DFABAE9AD8503B8827930FC5CC55252536335255305940514DE12ECB4571D55557E1577EE557F0F4A77F2B8E1F3F866EB7276A8C951A8C99E344FA9E2746F6281BCA829A2E9A180575BCED2B5FC01F7FEEE3585F98C6D376EFC3625CA01B7735D1D40FA5F4B05A0A5C21A6FCC8764174BA0113B3A81052C4C90A649E033770908E62B8998B46D0445E0BF0C9635FC1A19543B8F9D26BF1738F7B1A16933E9CE10899EF23F532385E803849911640548B301AF491982004121E6F7CE31B45153C78F0101EFDE847E3A1871E12D690E0B1898D9B41B51150F7C073033DC41DD75856E3C9A8D26693711A8D7A211CBA93C3B53DA25CE397A2DD29F52534BD23276D3E91503B89A7B302AA4AF11224FC43072681F7333FF333F8E99FFE69F9796D6D55D41A1EAFA9061A15C1E3EB2117D91079E82268D51022C2C113095E79FB87706BF72022B785C5A286304971D59E655C3E370367D4C1A037841B3565A1BAE26B3A9DE5706E432212D886F0504A4938BC4A806663162B8301EEDA7F0077A38F4ECDC1D2B1753CB63685177EDB53F18DBB2FC1147C14C78E232D52B8F502B913208E5304BEFAE3185A453F1B098A2F7FF96E890BBCEDB6DB448A2BA1C308F6B10D65DFC28EA175ECDE7BCF7D70F95C8684507242DD4B363357B589024EBDDE900E863692D616EF53C16472A34C942D550DEE88934297E7B6804E75D6E954BE6A43649BF0361C8EC421CB488757BDEAB7445BA0C3D64E741C8FD0A837D0ED754D8D0A07499EAAFF910EDBE906BA9D1EFEECEECFE2F7EFBA0353C1221A49883CAA8B73D6CF4628D22196DA353C7EEF029A6E88B55E868206396B43C8C6AA11DF9A9050ADEE7D9A313176B935D44D5EAB5E83E0F73C61263D46AF333A21A7A40AF0D0F1E3F8E2B14318782E663085A0A8E1B0BF8ECE7481FAFDFBF1BCCBAEC5739FFC747C835F83578CB016AF22CF1DD46A4D64692C2C24C302E99B2268EB0D2D0C73EBADB74AA4059BA8312E9069F9362ED052E27CB6AA84BAE79E7BCA4DEA743192B69AACF8A1CA11DA9C0B2F11B5E321E08E3701D4CE81C92E2A82677A7A5608064BED52DA24C948982AAA258C0EE0D85322DD78E38DA2F29178A062EE6434B8234028ED04451CC1731264CE10E1C847AD1D619807F8E091C3B8E58B77E08E2327B0D8A62D954AD75751B7986B4B9F969323C98698F17D5C3DBF803D8D2930DAD3C932F40BA0E73908F927C981AC90B8BF71178A4D63232404FB37B3C83EE06640EA0009835F1DB2842E7C0604C729BC20443ED3C083EB1DDC73EC080EF78688221F412E6FA83E33B8922ED26BD7717C7D158F1B1578C193BE05DF7DD9322E7333AC27213A7181D0AFA3E78F107A19A2511FB9EB20287C0CD202BBF6ECC6F1A387F1FBBFFFFB78D7BB6E9507A6AD691940DA59DCC028F52D6D6E01A5F3756626DCA9D3B16B24B99A55A5E0D31F6CCC9253884177D5D51309B5939022801818CBA806EE7E5445E8532201D46A3571F8F06101CF8FFFF88F4B202B7396A8F2D17EA25A1333F2DA256BE788DDD072324429971EFD3B0EBC700EAB073BF8E37B3F83D71EBD1B4E1262B9368D224FC4C14ADB884E562E8182110F349D98F437E8C04B46D83D33872B1616315F0B900D47023E3A7487818390C7162E24C6ED947615251AB3BD55FFE1FFA58405370E63A00F9D44B29587A9832F1F3C8CC36B2730E409614DFC634E46164E23316C809C3B2C10053E8E867DAC272BF89EC62EBCE2FAEFC453F7EC42D2DD8FFB82049704D3C8D7531C9D0A9127299AAEC7C00BA4E9085E1460667A061FFDE847F1BAD7BD0EB7DF7EBB30A41A4C4C87B753A6888C46039412AA5A76455FC7B8E0CAF6F08C94A84BC8DF38A557FF65C32A44B29B576168CA4442ED249C54EDA1CA41F5C3324FD4EBA9BE1D3B7614D75E7B2D7EFBB77F1BD75F7FBDA97190966092B0A11C08235F4B5B251401298A06D5A00C7EA3857FB8E36EFCEE3D9FC63DDD0E2E49E6E0441EF2C841960C2575823E2CC7D6AFC835128141ACF44D099B1C27A8B9C0DE85362E9B99C78C1322CD637409C8BC40E8F8927671FAF41F8D7D63E40DFF380C901DC508FC08792D441CFA38B4B68E071E5A456FA8C1BCB5460B69CE8CF9017C7F5C568C6B92C989791860BD48409AA091E4584FFB288A003F7AC5E578FEE3AFC1E39A8B583FF020BAED1ADAC3508AC30C1DA6E313CB099A8D86B0A08F78C423244AE3AFFFFAAF259991E33937372F9127ACAD412915C743DCF3957BE007BE49B6A59B40372075529B9F6DB261ADA63694E886B25999DA7CA5B83200132337C3D51309B5A388520338903F0412550FDA45EC98F7B297BD1437DE7493FC9E60B301B0B461EDB1C26EA54378A187D9D4476D14A1B3348BCF76F6E30FFFF5C3B875AD83D9621AF5681A2B5101AFDF418B99B6918714996C953EB3B5A57D9196CA1A8A2871A45A2AD5B5A448304ABBB8A43E8BCBE767B1ECF9982E7CF4F30C23EA71C60763151A6D8D64ED2C168084A892851F4B1C9C5FF868D45A383CEAE3FEC387F1D04A0F497D0A919FCB221D243922C783EBE5C872122B3656B040C228F4C2956C612788D01FA5A8D75C745DA033ECE0FA4684E73FFE89F8B1BD8F40D4EFE04831825F8BD06370AD5393C80E26CA8A53D83876979696F0F9CFDF815B5EF31A7CE0831FC4E2E2B27198A7489221BE72CF57E0B1888D51F9F485557B73F85ED2370ABAB19094187781D78432F9D652E81C0DC98377906609AEBEEAEA0929B18390127688558FA286A84E470E1FC653BFF5A9F8ADDFFD6D5CB2BC0BD96884FE60A4EC179DA904209D9834BA47311A4E88F53917ADE31DE44B7B315C4BF1FFDEF5EFF87FEEFC2C0E3B1E16FC161A51842186020ACF67B4812F213C2E37506A6095C821C2AC0821C48033A2CA95A070422067E19501BC7C884BA7E670C5F43466A6EA480743014C4C89E61462F3A45C2B2ED541476C9E242030130459803C0AD02F121C5CEF63FF8955744729822894A80B8918674D7E297BAC3A12E3296C50B7140BCF1DB1B77AA3219825D16A46186631D298F70FD1F374D378F6EE4BF1926F790A964217D9600D491221F42344CE087D8A3FCF8597C772FDA1242ECE8BBDF3EE5BDF8BDFF9BF7F17ABAB6B989D9D0155BEAF7CE52B1A2B593AA08C9A4B56CF342654AE218753ABD73427CC20CEF2EAD47D95B9309EF08262309FD8503B08264B4AD046E8F5FA26BDE225B8E1593F84D5CE3A9C3C4332A2133790EDAF6051C9C0937A7834F6F31A0338735C96373098A9E12307EFC5AFDFF1097CEED03A1AF37B85C16BE4293AC90AC2D087C7C8877E8AD009117B40E28BA505576A7D19E53E4F91F2B75E80C0F50510EA8B62F43AD5D318A364849976139734A7B034DD46C410A85121922D0FA440895C8E11419453438F614504A787235982FDC78FE3E85A17591089BAE99952668C96E762CC2470573FBC33DD39A614147206AD3A9A6A521018F100C41F9DBA22C972076B418EDEE804AE19FA78D113BE1DCFD97739E6B31E0E1719FAA32EE69AD3E832A2DE6F0119D5CF42E202A9024FCDCCA23F18889ACD2AB7CC2BBBF79E7BD52561A2535422AB0F4D7DB7FC5B4B333BF55A5D8BB8D8B0A30A09310EFA53D6823614E3C326B4F9CEA1CA26C8FDD00FFD207EF9977F190B0B8BE2786C346AE88FFAF06B7524A31CA14355C945820411255527467D6A0641CDC77DEB3DBCEACB5FC4C73E750F8ECE31D4C643DCCDD1A464E1020DB83366F0F24CA4079534C6D051D513465D7C4CE3B6967C3B06A58AEB85FFA03F524A0316707C0FC33C45EE66084719969B0D5C3E338B2B9AF318C523ACD2EEA905702899B214D3614398BDD56284BB3B6B38D4ED03830C198BB49051CB3330CC909B8A309C127350F605D42CBD32509B214BBA16C5C6CB785E51E663E9572E42AF86B8D787DBACE3F0B087A7EC6AE1A5573F1ADFB77C2DF25E07C79355D46A1192CC0713FDD362887A54130C0C87319A5353989E9EC2FBDFFF01FCC44FFCB8AAE0A6D065190A56D693304D0A6DA672BD5E3309CB1B17C9A95C78D4392780DA3930F14AB48D6EBAE9260991611D6DFEDB293231E049F7AE73078D220419D38318B59621CA3CB49AF338EA7878FB9DFF865BF67F1EEB875378D3754C3B1E3A4981264224C301DCC813F52DA36AC96AA8E23765862D17B0AAF2D55871F99D34662689E0881A2AC71835262B8080602060221FBD51078D1CB8726911FBE61650CB81118351B9A3471E7A858395411F470F1DC67AEC60D0A84B4A3DA1CC77A154497951C39891A091D8BA71846919545A1201B4F3E954CD33B1F1C84EAA80E5B90E52537F9C36FF54AD8D63AB07D0AE87B879DF63F1C22B1E85AB66E771F4C4FD486BA18457859E8F51AF8F7A10220C23747B3D78AE8B5DBBF6482630E78536D4E963EAC7C9F0CEA90065C1A47F5B26433DEF8FBC5AABCF4C3E3B3302A4C059038F4525A5A3459EC2774390E64AC3026994A39502F9EA3ABC761B49EEA1DE9CC27F1C3B8EDFF9F4BFE19F4E1C4114D4500B69B8D3AE4AC4E7C2B2575C04243234FBDAA87455EAF794AF6009854D39B8A6CEBDF496A50B4A8802474272D20058ED1CC19E7A1DFB2ED983E55A0BADD8C78174802F1D3F8C636B1DE485A7CF98A570C35A192DBFDDA234F274560494617563F48944B351F0598E01622C390DDC9F0C310C627C933F879F7AF475F881EB2E45315A47BA4A82A281B4C1FA803D4469269116A30CD8BB67AF4459743B5D713C6B945145D468F1A3CAF80A29C1980DFDA5E8842628563DE163868FE3C814E58984DA1920D9AB10443FFBB33F2BEA1E2B0EB9BE27C1A7A3DE104EDB07D218D3EB29EA5113A39905AC65C05F7DFE7FE196BBFE052B8D3A16BC45346232574C514899A380C2F5D11F0DE004BEA4A807CC5DDAA9F83BE30FF284C97091C50952FA8B1A3E9C78042F4DB1777A018D2CC0E1EE3ABAF493B1FB066D2871D0D03ED23023CB56EEE488AA1B8275C959FBCF4523F1B0BFEE622E0DB1D4CFF1B9FA7134E32E7E78CF3EBCE009DF8C6F9C99C7E8C80AFAEE0869C3833BA41EE9C00943CCCDCE9680226DAECFAD7E35214A045F269ECF4AFBC89012C6EFA60E3A76509097D71C0ED3250A799CE2EA7D131B6A2717002514EB3C302E8F1A40A7DB157DDECD1C0CDD5880B2EC4DE14811E25DFB0FE2EF3FF63F717F081C9E0FD1CA81564CF713550EEEB4F4B4FAC83C5FFC2764C3683E3969BA6380D224760D49E39FC00B9064B9D8228DA001C4190E3E701079EA6269790ECDA9085990A313779117196A415DD43466D26A3C9C8D8BDB5A92E299C6DE5E4FD7B991B4641EA9066623E4A983F92C84DB9EC51DC70F61D7D10E5EF2C427E1C5DFF1541C397237FC5DF3708E0D2515A49F8EB07B79591CBE52FC45BA6F9013349B935C5FA3EE4B0E8232A81691A351CF7A59C8455E92F24CBDE816856C5AFDC8474E54BE9D06D42FFCC22FE0452F7A914C1C7756BFA04DE022F553A1BB67EA0BF8A7070EE3396FF96F18D5E9539AC7E5F5368A568615B783C223C9104AEC5A421F0ED332B2021E5533A6F33117EA0C16C0191769D59831A9EB6257B954FB948D6B784D847980F543EBE89F584746E76F54479E7631DD8C509FADC36D3B027C465A9048289550362810C09781DB273FCE99A4ABADC3573946640297BE695A106609E20888A30061E2217E60847CD4C2F1F8201E39EDE243CF7F3E1AF161F4EB21DA2B21529FDD4280E5A57991509C17DFF34DCA892D6EA951E7928622766721D5709D28AA09994E6AB212F668FC56A65F94E1DAE93D9E006A27E104992C028A555B299D58DF6EE4E66826394EB06EF8C841237271EBE10E6E7CD3AD886AAC5294C0AFE5989D69A211052868C3304427607A3B0D75CBCAB1BCB6D52FB62F01B8FB4A5B1AA69E7B115DC0488A1879C8E0D318CD3C440D750C7A239C5859C770C0D8C01A3C2F1456910B9B6B865D38A6A79BA8CDFB48E8DC4D33095ED5463AA4C599B54B06539326D5DD4CFF5C019FE6FAE9BA8F50BDB3B1A65CD56409736833027216542B1914ECFA6893D1EB0EB1D64DD065DA7F1121CE0A5C33E7E0D3CFBE19C79A6B98EBB8E8D6009F499B8E83E5C55D46E5EB688F5DE31B3385632BC1C106547C9B5AADA6B962622F19C88D83D24DFF4335C6C89A4C00F53002AAD311BE2A16401558A9FB68C70E9AA18B773FB4869BDE7C2B82DA0C3C97793C03385E8E563DC4EC7C1B458DD248FD53A324D585CA9D3673243BF61C05942C4A86D215452AAA1DAB22F98E2FC52DF3A183DEDA0027565690258EC4E431DE538BEEEB9AC9F83FB296C908CD4684A9D936DA33D3888B01567B2BF002551B8BCC8353B0C95C80CC2BC0661D1E231A4E1B27684C18A6DFF347D9389869CE70A111023740DDAB692DF624457F2DC1DA7A1F715CC067DB1DA7815196E0BA25179F7CF67370BCBE8299AE8F7E441053AA8F0125124A543E5BB2C80CA72129E4F726B05C0155FD54F9F24DDC799CA6B866A2F2ED28A2AC8462EA3A2514B933461D34D31C2B351FED11D0085DDCF6D03A6EFCDB5BE1856D448C832B62242963DFA8B0E798996DA0351D21F75D0CD2589CA34EC0DD9F0ED592E6DBDEB38B04A011CE9A1589D432AFFB4DF85988F563039C38BEC6807309A665992D3AFEF947C26C1989E0B9703C474A86911D7459103377D19C69A0315B87572F903A2C1D93A318E5146A52D492EA96684B927A72FA6797D417531C854B95AE01FAD402C745336802A31CBDD52EBABD21BA436E3235F86E0487753150C320E997805A69AE61BAE361C0F02C01948BA585A5B1CA67FD501B58D2939D4B4E8D2A9FE521C71E5E13D0580D9B65B0628A7D13406D6F519EE5E853036A2CA1A662078DD0C37B0EAFE3C637BF0B7E34656A27B23793234553923845C4CA0A418199F96934A6EA52F8A437EA8AA4A0856CE778E3121887448F459856F151654C0B3C03720000200049444154B67EE4058B99B05C5803C920C7606D20214E8402EB9DDB1639921FE8D2D6A00DAE5D00790D4698275E0E2F256B090CF33EEAAD1033F36DF8350D5E2560338980D7C299DC03A413A2B2F4FA34EA882AEB37A8CB8CCFEBC0173E9F00F3A41E7ADCCDB07E621D716F8494E923612811221C983863944403C36C807DB3193E75D3F3B0D258C374D7C320A464A4E3F96440295167483BABCF9967B205269CB01649093E8D3CD287B206A26E0E34EEB42C739226D8F7C87D133FD40E426A23A03AF07257C2829A4982957A84A96181460D78F743EBB8E96F6F455867EA76061244B6161F721F1999B39C5C5B8299761D53ED3A6A5335AC67EBC8C4A8F2240E4E15310D58859B18E59FCBD61624D71412B27022E5FC420887FAB089D5B53E4EACF7900C6284F59AA4ED8F688F48E80F43D5B856120991628522AA9B5C3B04965961722CC3A746C391A893D3AD69B4E62224B53E02AA7BA956452298F85E2467A45E839309F942A48965EFA5F03375EA8EC01AE7195ACE34DC9187D5F575AC9E1820CFE98F8B24C856630395592CC07E570DA9FBF7E8C5009FBAF18771343A81B9BE8F4E48954F01B56C25D4FABA867F1932450A4668AC9ED9874C933C2A855118092951CA221968A5CC8D71A593C05D23CEB0EF9A09A076104F2529A12A5F474880D8A5CA0751F9A6E21CF5D0C16D8754E50BEB6DB1A12C452C4E76E9B7C4969EECED95211E8ED024BB365547BB5543E130602941EAC49A4D20B1794C7E5079A54578CCCF6E26A5B9D850ADEEB3726C817890A1776420DD32689C33D29D80B65D3308184638287054DD7324AD436BE96DF8486683AD6357405A8B862EDA73116666A6A4D3476FB88684298FD22551438F1855C1B111BBCC49913999E45A79458480C17C5981A4E362D81BA2D7674D0C46F0D74505D5B2CC04A5761A64B11955F96205D44D37E358ED38667B01BA61069FE91B1540AD77D6D5CE138A5C0374A5F8B404C76AD486565C062561C8305DADE669AB0698803F11FC15D77492E6B8C6F4E9D9C94575315FEB2495AFC811BB0E9AB18F954681A9381340BDFB501737FEED6DD28FC975E9731A774797043C2912C285C20F834C33A4C31833D30D34DB35D4DA2106791F4931D4BEB5DCEEEDAE2DB415AFC77CA84C53C6BD26B22EBB1A76D0EBB24794271284159334EE8F3431179272C3E30443DB624683ABCD6E6C24A3E9C621EA2081C760564DAB778A54524AA6A6DAA8CF44C8DC14BD64244E6AAE4D864D514051B51BE6B41173D4BC86D4C7C84629FA9D213A6BB42B53448CC667B9337119494AB186D69BF8754D02A96310C778F4928F4F3FE779381A194005197CA6E15700C59C296E22654F28AD972BA926D242D78E070115459128CD638E6F6323A9713A8752A0FBF64D24D44E6E000414A513A9F30E435C9021765D34E3C0008A65BD5CBCFB500F37BEE93684B5165C8F8DA56D96AC768CA725CF9D976B864281067AC30D301C7411344334DB4DD4DB7538618124635E120F4D242F9DC4038B57720DB0086690FBE8ADF7B176620DD9886590A9EEF8C2206AE6AD662094C1D39217341E95719AB84DAA1BF35EF61CD17AD8078BFE9D34475000FD4CF3BA1A533534671BD2A626A53D93327C8A7CB8AA962C164436B0968588FB39D6D67BE8AFF5E1FA218230149B924555F8AC1C078942A74453554B9CE0AE4B4025B86E9180BA194708A87E808E9F21104039585E581652625D543E5E434BEB59B4D89A2B1A2461C643553ED5ACF563F56C5B837A3C52F4E44F00B59370523F144B26972C1F552C01948795466A543E0FEF3ED8C58D6FFE47048D69D9CD4F8E3050556E1CB7670B37B2565D82843D9EA6EA68B69AA8B310BF9B629851354A6411724776933A524AA5D5550CBA6C8616C1635CA1AC09D609573AFE54147C1985BD415A9D7AACAAC7D24795C4F45945524C32CB069200C834F5B9B910F5868794F5F78A04944B85CF629D5388D6231C3D760CFDE1004EE24B24434E0052D219E2624CAC58ED8B4B9D722E01F250F2A01EB32BC4BF3DFBB938565BC1F4BA8361C31DB37CF38B25A04ED51FAA1AD6677F560975D26723B8ECD79C987DD75C3321257610539B01C5DCA4C423A0A8F265984A52D4031FEF3ED0C18D7FF72E04B5365C8950D88AA3968E4E176110212D628CE2583281A7DA2D3466232064B9FE0239ED8F3845D60356567B12FDCD022AF5B0A9E5C828D1C44F79324D7C3E4361A5ACEBB0B4B42BFD6CA5108BEF61900E119068684468B61A68B49BC2028EB214BD6E82C10AD53B967B2924395348B3CC8658693CDF465554858696CC63FA3E1313333C6639C4EDCF7E0E8ED55730B5EE625823CBA72ADF521550265262F3FB6E2EDA22801AAB0FE362135666198E42E68FFAE9351395EF7CD6D049E79E195029A61392122E6E3DD8C5B3DFFC2E44B5295D105B0094AA26A4A4B5D50D4D693AE759B4845ADCE2D2AC2C56A65B1C3BB4A219B38C08109F8B49DDA07A27FD006CF99E9D05151B60B3404D4EC68E511E74D032852370E0339E911DE8231F7B969704689DA327D0E9F631741C51C3248CC9F3A491B6CB5267ACFB6E1A6CDBC1DE68DF6D04D4F5BB427CF2D93F8C63B51398EEB8E84B171D75EC2ECDAB1F8A2A5F197A6413DA4B7DCE8C87F9CB09A3A0906C43138B6487CB26940951A16D716407B866C2F2FD6F00942712EA4423C54C92A11E79B8F50055BEFF81A83E8D02CC271A4BA853EB13AAC5D3D149435E766C3169189303A9D910D26EA2EF87B6511E20F11DF492AED0F18CB2908E83DCD533824AFBECEA7D2D0D7EF6A1B0C57E4E294FB97F4B163025A99602A20A48BF153B17323371CA6F2300D9BBAE14A069D51BC8EA2E56BC18A334314997B934860B49784A37459655A35D37266EAC3573B2CA17E1F61B7F18C76B27D0362A9F444A380E163748282571B442540555640E4DB908918851188AFB8DF5006C354C4DF23211BB26014D3CD1A2F25D2BE4C4E4B3332370920D6522251845BE5A079A31301546B8F5C1153CE7ADEF02A2FA86E052895D338F42DF9186E1104812EE2C910601593DF64A4A33D9E56B610D41EC223EDE4711B333600D7EA381AC51200E32F4066C23938BAAC848081AE20CBCA1C3551BF08D8BCD9D6914241E4F8ED51875D202EA0B32D7A494715C24296B02FA08DD0C71DC47EA6468D59A68A10D0C72A4A304FDF51EBCCC413BACC39BF63098CAA40F14BD0689A7AA1E43A224E282528B9B88C994F00D63A26A20C1469631C0304E71DD5280DB6FFA611C8B56303F54524259BEB184627D09FACEA4DA919039A609A17145491336E37C768230105A4F01A5E566B5C884C99317346A9A2F93DFAEDD778DE4454D3E3B3302279312907257634015988A42DCBA7F1537BDF55D70682F08056CC8A34ABEB5462698740829E842F28F3D68638459282D6B4227C2A83B44D21B49E029D53F2103B8CBD61DD4A6D840C0453F4DB01EF7259489C9750C18158ADC24EF9DAC4E9DCA123F1950260CC3F0605A2783FE26D6C32B9214EDA081C86FA83F6E3DC1A81F4BC1C9665447CD0F3158EFC1F101772644441F9B976350F4D02F86C8A581754D6A4D08F1C1C876D2EDF453196ADB2529E1922535805A0E70FB8DEA879AEB87E85668736B43ADAEAD49555B194F6A8C961537318B25C9C2B90883A0900889B2DA910E8C86A6DB6652FC9A3525123CEADA6B256F67F2D99911D87140196A9712495AB93262DB0BD0F65B70060E46AB23A403F525895DC09D3CC9A57119034B1387B52A9AF0A7EA1821412F1B4A8301EEC2BE51A1AA2CD6195B979E42424993363B7452778BEB3E9380D576D844943750747374D7FAC8E2185EE84B0116E94125A91FCCFAA50B6704444034E523687A18B9313A4CD330522F60E1D09C640BD3F1956E17C942FFDB360145D693D9CF4A9B5B6349F9860D0E270A9E200C4D8B002BBFF46D75D08CA66EE29568D03EEA518F9A006A67B02457D90C284DDF00DA31B0522F54E58B2223A1FE874A281AB486BE2E553E495F3312C4A854A492032F44504448BA43744F0C10A62E6A7E4D6868D94759A52825554C3E823E29A09FC640E8A135DF82173918E523F4F358FBCBAAD3A5922555252936B6B891126992A4AA655734E055D5520DD61157B2843AB112AC330A91AEC7187546888A084EC8FA104AD5935C618402B7720FF4410143A78391C71A852E1A33118A46845E9660341A6AE96776E7602F5FE92745A5F51480B22A5FED04E6076145E51BB37C945081103525C360B230C6C110FC4E9E532225B6F8A1649A006A8B83B5C5C3AA80623ABC0D2815E58D91E22E30ED3978CF832B78EEDBDE836118A2C65262A6B0090148562B71B4925120E594C9961568E611FC61886197B5FDFA928220B5BB59E8D201060C5A75330951F3720F5EC645E749346B9E7799EA8B7623423117E2583D45DED33633999BA02624BA8617597849A4B844E28DB7635A111E555116536184108164C294580885365DDB09E1AD65E8ACB19976208B5FCAAE30725D1A5D2B99C2EE216400194EC4280D91B0B4F7136DC7E44DA5081B390A2F40AFC8E48FE3451217E890C871189AC5F378591FA324C3BE650F5FB8E97938E01FC5CC2044225D6B781CB0B8A82C1F2325AC1FEA6CD33A01D4D946E861FE7E8384928C5DDA3E8C44D0AA44DC55A723FAA156F1BCB7BE1B71382546334B2DB3CE1E435F860C6465D2A1CB809A00114278998B7C3D1330D126D6405A0D99F14D681B8370191327363C9730032D187121F557280BE8E781D820F57688ACE120CE5894BF8B946E2C2F82CBA824B1DB68879BEA43A64974D51D437532F552893564B2530375B4DD863481EB11483D76E0A823A5046323016156D42694A05BE28B928EEF4E9ADDB444254D2ECFCDFA810E4B9879081911D2F4D17763F4286DF976A407E438DA841CD810FD618C6B77F9F8C2739E87838D154C2721464E6A1AC039521E7B02A88719003B7D790B28861E490B4F59C2E2FD93C5CF8550F7805B0FAEE2A637FD7738F559B028B057A4F09D5C2AB452D30BE149392C4AA9B49322E966F024044FDBBB6E8C64B0B7D0A058319FC5682F3549D36E94A1412E5C861FD1CF3317C16B8740E862055D69E0C6443E8242CD212609F27A9490A605A7A87A4C332498D864DA91DA13CDBC867C2541776D2012493A5EF029A41478A512BFEE2A650408259334CC96C60A5A4E9900A30A494948B597A0F09B3E82962F2AEDB048E40FC7C64304C74F910C49B201D7EE09F099EF7F160EB65631350C3074D9795E651AEB9C4F00B5D32BFE61BEDE66407131324E8D3D93A84235C308619EE0B6633D3CFB2FFF014EABA5AA8B31E8C986B5DC10F52C423A84946D4E0629FCC4831369066B851454B89A5033910262D610BAAC0368E8601321AE347186D00B85054C923E8A86877633423374B0E2A5E8D1AAC9C89AA9C52DA548942C569F4D46254FCB4DD75C0F51EEC34D7C49FC8BBB31A2A02E4988626F999840F17DB99A0A2F25C12C4926A18AB926151A128DE790E266E14BD2EAE2BE760A8C18311F79684FB10B628E4E30449AA442B33B918B22659C60817D7B6AF88FEF7F0E0E4F75303F88D0CD7A083CDD2058747402A88719003B7DF953014A776B0D93618D8805BF897F38F0106E7EFB6D70BC16E0A59205DBE44E8F10FEC885DFC9D01FA6E8B1835F106AB7084A8B8C45336D147A8926433C195BC746B69EE42156E9C5DA7BCC6FA284C16880A10BCC450D84ED002BCD91B071235693F5553DA31A96B1A22BA31CD81CC0F751774334FA018A6E21F1778C1D679933F1C050E0F8243C52238D4CBE56851E538E6CEC2A5091AA4CB4326FCC2C26F83C4D361407558A80CD07DA0E9A33813086C7DD0CFDFE71B8ACCD517878EC7C880FDDF82CA4E931CCD597D01BF5E581286109A609A0767AC53FCCD7B3E91B2F79C94B84F1932E0EB95676A57AC370A0DD8BCB78E7E7BE8417BCF5BF23AF2F8A0A852010D5295E1F22EBB28A0FD52C360260F4C3B826BD4833A102B612FBB7F96555D7B2691054B158968C4980A4A4E9E3CAEB2E5AD34DA4418E13F19A04B686515D7C4A4E92A119B6C4D62AFA09D235764874852667C30269F026F1779A4B252D35A5D9D956AB9E2990F4C39F59875DC3AD287DE5BF39338487C256D6DA35A0568313A6E86729D6FA2770FD9C8BDB7FFA67B1961D879F441244CCF79C00EA615EF80FD7E52DA0347D43490902CA65421B0354591F22C9F0F124C0F7FEE17F0366E6B050AFA19104888F74908E728C588ACBE382F4A4B0254385243542DA139E47D5239322A20DCF487C1428924CEC3516AF2467C7227479E8A168FB5228A6EF26186424480234D93E6694235F8BE1F675D72F8C7A97524D7429BD683F696854B535E7D6C67B13A06C7E124129CE5DEDD411B16D569261E831D0B8803F1DA01FD4D139F610FEEB375D8A7FF8AE6760CD1B48BB9B24D74ABBFCB023C7D924D4E6C8C69359BEB202D2E61D4DAB1E4D68F3AD4DF5568FB2852E99BEC1204CF167D0E0F63DA429BB563059101814116E7FA88B57BDF383B8E39E63A84711DCA081A297C20B6BE8FBB4385284C200BAB25069BC5362D88AC05B7D267B9C3A2DC93672E71FC175B43C57BD003A640B8B1C330930F41D8C58F1BF1EA139457593AD69805177200B394A3D840360E433B53CD7AEEF8C1564E62D8B74D2F631B182A76D2F7ADA87AF90380490483E880DC5E7CE6A1EA6E31A8AC445528B512F5CAC748F61B9E1E2579FF75D78C2A397F024771A27D235B80851B8A974E260E02D8B5CB2B6B904C79A222DA70DB82F8363C3A0D094E8CD190163EC59F795FAA1269112DB5D98673ADE2618BEF295AF94AEE5CC0CE53873C7D62ABE9AD4C6101AFA4F12BF89DF7AFB3FE34FFEF92EA4B53978CD0097ACF670AC95A011336A3B1329C51E485EB329C9786C0AB6B5748F939FD4B633623116AA62AE306CAEB08BF409D1FE61BABAEF1598868B88BFCB1841EE6010FA389127C80A1735D65B2F987745758F01F38C7BD26673394B7F4926B02F3617A9FCEDA9A86685CA3A66CDBF0C53F5966447B046B95774904F35B13A6CC239760CCFBC6E377EE7FF7C06AE5F2E3062AF6209BF3501C42CDCD968481BD60D3694E7DB3A2C1515D3081D0315E149C220B45DA33634A816DC8B7F42236BF933C5F4B59348899DC4535953E2E52F7F79D93645AB08692D040195990CCD522FB030B3884FDD7514BFF2F71FC1873FFD15E0CA79EC4D7C8C0AB6D06C603566BDBEBA76C1A094D12279DBFED86069DEDF65192551D98098AA9514FFC944BD64BED62CA311564E60B4FF10D2CE3AD06CA0BDF712607601EB1EB0CAB63AA9F6E4656483941B1B25EAC0A5F6E869DD70A6606C4FA21AB54F3A9624F0EA0CA7F2305C198A9FABEEF938DCF431DC7F0CD7CF39F8999BBF15CF7FCA63E0AFDE87F534C2D063347B6CD44D668278D201857DA14A40ADAE09C9A3A69A8D341F37742F6BB570DB0A8240702D0536A4A0BB9E27FEE932E557AB4DB030C7A3AE9D841E6D7B659EE1044AA897BDEC6592B5CB9F494248BAB50407182048B113F6667231F47C04A32EE6030F2B6E0BEFBCFD21FCC23BDF87FE09C09B9F971A7E593A44443B62D413EA9D355ACF859290D20834D0D97B370B04CCB1A3855AF2780476679E891AF09204BD430F6278E8101AC81136027446230CF200ADF925B4969710B71B588B5911A9C088C16E9E8B801112AC72E42460CD18296AC9E008D3A462EBE36CE9494A620FFDD481DF6C8B27777062151876F033CF7C1AFEAF1F780C961A47D0ED0638EE2F62CACDE0255D242C7D2DE1AC9A7121E92BAE2BDDE1C5865A59831F6A540607525D0FA6AAB21028A6E91A0145092521F9528A99F55AF46F024BBAB431AF44764A76279F04C76E7D92B77624558BEFFEEEEFC69FFFF99F8BAAC7DD51B26453D64DD0E80631B0A96FD1AEF232F4923E5AB5169CAC867AE4607828C18FBEEF7FE183FF7A27123742ADD58093F6D18A5CC4096733300BC66A7EC6592A8F585652D1632A8F2D35F25CAA9001EA59037DF491BAA914929C725DB48619F29575AC1D3B8CE1A08746C8E6D9DA302D20855EB8E8242CFAE263716609E1DE5DE80701D69221BA8EA37186A92FBEA5C41D0A5F47768EA9236A828C1B09948D056C585359885F6BA0484D8D3C60151724A4ECE321D295FDB8F67157E0F5DFFD6D78DA358B38E0E568F686E883C1BE4018D4246AC36E3736FA822A5FBD5EC7FEFDFBF1A4273D09478E1E41E0876529669BB829744FB555107F0ED80FD18C64D92F548B248903511CD5A6EC531A27B8F6D18F9E04C76E0D2B5B3A8A0B85A07AE2139F08DA514F7EF2934552B1AF13FF445124AAB6A85D9E27D9A46CD539720AF48B111A5E84C0CB1136A7F0B7FFF30EFCE507BE80CF7CE900A6765D82B5511F4DBF40C198372E6C86F97147E58ECCD2C25CFCE208920023E39CD5B633B695114904D96CE9D6F113A19F5B898BA9CE10C9894318AC1C45983988F210891F4AD93136B2E6F51B858780394B1861444ABC3587687A06C5C20C561B01BADD44C049658ACD0D0AA3EA92554C28A532AD022B795EC2565282A9A460036C6EF2092B34A5EC3795206D904209B07AE8202E9F6DE0A7FFCB75F8A9673E1E332C5D3D28D019C560F0C854AD211A99644DD0359126A5ED3A3D3D2DE9226F7FFBDBF1EA57BF5A7EFF9F5FFA92365C93D42EDB9ED4F4B4114FB6955C245B7C096C323B9856C5D4F6A0636FB4D61E23F598E2D113406D09285B3D8880E2A4B14B5EBBDDC60D37DC20EA1F7578EE980457C8222AECFC1E6A578D643090A4402EB0AEF488854453B4679670A493E10F6FFD04FEECC377A0E34D6176BA867CD445EAF8A0C5D260F1D4AC8B78C03CA150E2EF1864AA0558A8E2E52221723608802F691DB114E077B0081F8D610749670D2B478E221BAE238C982BE58BBF4792424C25D998D47FC282956CFDC9B4F414FD848D067C4CCFCEA335B70BBD4613ABD2910352F588EB8C81B7391943D3565DB26E1D4D71D70CE4042E8311B3004EC69E236D24E97124D319BAC77C34E202DFF9C45DF8F51F7C2A9E78F92CD6568E48AB9DA8602747093B97B83F5BE486D76DB5DB180E07989D9DC33FFFF33FE3965B5E83CF7DEE3FD06AB5641AEFBAF34E2937AD26D4380ECA360F280592A46FB0C66E696B593E4F7FA1B92E96C2D0CAB113406D152A5B3B4E0115A2D96C49C335AAD5975DF608BCE215AFC0777CC77708D88E1E3D2A004BE2041977499785577C2104423742BF3742587391E47DCC4540DA58C6FBEF5CC19FBEED7DF8D0E71F42303D85C5998600A09F25C8FC1A9A0464A6055A52A67CE789F49D1D0D07A236515A305D824988045CABE62238BC8AECC043E8774F20F53384615DCA74D9D4055BD7D12A8E928F25414D0CC865143855BB447C528DDA34DC5DBB50EC9E45ECD5D0E991DE4FA47458416692D289956473F57FD9BC2BC70BF599E9AC0D586F9D0C680DC78EF9D8379FE2A53FF48DB8E9DB1F8BB07F04ABFD5534DBBBE090321F0EC506A4439912900E65197B3F94CD89DAC06FFEE66FE23DEF798F24D0CECFCD89E6C0F48F3B09285F01659B02E8BB56DB0768148A026AB3776AD35AB05FF3A613406D0D285B3D4A62D85C1F515813237865F5B8A8DAC78F9FC00FFCC00F483336768DFCFFDBBBF618B9AAF3FE9B997BEFDC3B8F7D785FB6B18383E210C02E860895FE81690085586DA380A0C14011C510290F1A90AA483136A63634362F2798004E31D40AC2089C4484B61675086D4442092125046442E59A871FBBEBF57A76E73D73E74EF5FBCE3977EE2E361EC79B508919C95AEFCE9DC73DE77CE7FB9DEFFB7DBF6F646444E01F0BE7B8E058BD41A8E22463C249ABF9717439361AB509149B16E6647C04DE5CACDFF92E1EFBD1BFE07F470FC31B3A1981E509D268362AA0F8013D0F7BF84E4EE6914AA545938FA5E595441D69C7418AA0A55440736C1895C3E34095671F39B200019B53D39B28D6BBEA99CBF0BA3A89C9518164D786F27681C5B211EADE25A4C175CDB290EC7291ECEB4773D63CE41A75549858650F612A2191EF5EABCAE6C1200155B748CAF2FD1812C92CE05A189F1C43A6F80EAEBD601956FEF552F4DBEFA1DE7451AA5490B4183AE7B762D778E6E6687C7121F5D24053290F8EE362C7BF3D8B35B7DD8691E161C93B11113017C5B969342AD8B5EB4D257419A9880AA37DD3265A7BA88814F3075817CB944F3FBD93876AD758DAB98E93C61D928C69655C54F2518A3EB9DC2169A24CA3BAEEBAEB2402C8DA1C3E38C1FC47122D99150C60483083DC3B028B7A15A95805C96C16AF8E00DFFAD737F0E473AFC1E9EF86ED57E0A5320862BEEA2BCB739AAF0C9B8B9511ACACD344B656437CEC102AB9832897738853EDB5C9C4A90D9FDF932104C2434D6D1267158973E8C6E81A11A94008EBB5448F3356D510AF8284E7C2E99E8F5A7F1FAA290FD5661C956A80244BD783B26860940FD781641C48DAB0260BF0BB5D4CBC3782733E7906BE71F5F9F8CB4F95112B1451F33D043C17C56DA1E1B3CC8515CB52114FD1CC8642043D3D59ECDEBD47CE493B76EC1043220AA0A129067B429F638F625051E38A06726C3943B56C4F32D5C625693517454EA6E2A88FD34FEB0425DA319476AF31908F46C55D9846434321A6CF66D32895CA92F03DF3CC33B16EDD3A9C7DF6D91209E43F1A91E953CB4520BC38CB454388ACCA5B38CD3ABA9240DCEBC253BFD8856F3DFE02FE275703126564337D68C42C54FCAA947E34EB4D3816E1640CA97219F5F7F6C23F94438CA172EA35580E1A0C0430E7A36F50209D68861F3B302F50886733D1A550455964D79325DEA8C76165D2704F1A426DA01F638C6A561A4805714CC658EE5EC72CB86814028C5835CC6AD858F7D973F137CB4E41B62B8E4394166B3848F0FEFD8618AB63C761D3DC6B55398FD2F3781E0312C0962D5BB069D32639A39E7CF2C9F2930F6E2E26754107E2FBDAA02C52C1A676A33173AC209E62DBC7AC08E493141993760C244ACC5C3762230D9F16EEFB38ADE3A1DAB595B6AEA341D13B71A285EBC68DAB5E473A9D42A9540C3D0F83167CEEAAABAE9226D7030303E2AD8C019A902FAB79034227BA2A8BB53F0E927E15B1FA04DCFEF93854AEE1CEED2FE0BE5F8FC31F3D88A1FE6E94C81362A331B21D0873F68DA0B27F042E43CA2C43E7992AA070BFD2A9B0589128E15F2A21999CCCB16F573CB00E0CF0EA20F0A56B08BD41C2579D0D93B0617777A3B16008A56412E47E374A55F4D8BDD85F2E21703C7C7E41376E5FBE181F5B3088746E12659E91E21E925602956A01B64B564620A5F0413306279591B54B2FF4F39FFF02EBD6DD8ED75F7F1D838383A1682B8D8DE36EE6803FF9BB9CA1DE5467285DF5D292118B189294C0307E62592CA2D6C7C8687B458906EAE4951E2B65501D0F75ECA5D3FE152A91680BB4A3C7E1247272B91848DF917D4F17D311DE150A799C74D23CAC5AB50A175F7CB1847879780ED9156C6E26D88A392C5BB874E4C93C0261BF000013AA4944415431CAC6F2082799443699C62BBBF663F58F5FC48ED7F621397B2EE6DA556446F7617278946811763D40E0DAA2259188276111EAD5ABD25D90FC194742C5AA8F1335F5DA6A322F89E2685123E12D398BBC571FC9781255B6E969FA48916430300BCEBC8FE39D58976C1EA7BA05ACB9E45C7CE1FC45B02B75346C17FB0AA3C85A2E52F4B4014BDE2DD8CD3A027A6C5614DB49A45D475EBF69D37D78ECB1C7C573D3B8A26243619E2B24042BB4D068D4555082A154E9EBA4D30AC666E47A2D9546CF9B48584DD5E24435E3950A4E09B56B413F4D905714AD4ED8BC7D5369EF4AE3A1441B4F4445147EE743B4134C5364FD763C5F118A8C8C0CE3924B2EC5EDB7AF9570EFD8D8283CCF9C0118817350C8E7E17ADE946ADD26DB6E36EBC8A6D218775D7CFF3FDEC2A67F7E12EFED1AC79C4C067E750CF5862570B350E299A40E3795062893CC85231A0FAA90D074396FCB98427C14491DF33DC8E7735C54AA75C4EA55245349544A05A4AD2EC45C07C3B55164FB8670F95F7D165FFDE29FE39414458B7CE40A07D5192E66CB62A7CC34352A9467614D982DE3C1C7B3CF3E8B0D1BEEC49E3D6F63CE9CB902A7795E3209F49091A2C3E2E6776E6ECAA0DE6CB504550AB0EA9014B6D4527C4B89765A5642153FCA20298C289E499F28A3014026183B51BEF60CA5DDAB8E665006C2BDBF29000DAD81743A8DBD7BF7A2A7A7075FFFFADFE1FAEB57209F9FD02D3963A856AB9247E1CFE90FD64DB1D71365ED7B7BB2D8F3BBFDD8F0E873D8FCC31790EAEE455F770AC56201AE65C34B7B389C1B87E72A48A404FD35C7B0DD9BFC80EB9A01EBA16CA9EF6288DC65933437815CA582DC8103387FC9C95873F315F8CCB90BD02CD4902B5A68B26F54A302D7A5B6845AD8DCEC5590A626E456321DDE79E71D3977EEDCB953D2128C629A5211698E2D245EC59B34617915185294AF9641ED52895DC9C71A29B1703FD1CAB1E2AA95414563EA61AB8E56FE2AD41AE061AF635033B08A226F713483E2DFCD441B38A276C5A62C985C2E171ACCE1C3E358B26409D6AE5D8333CF5C8262B124AFA531196F673E926BA541E677C246AC348A188A48F77D02BEEDE0E9E75FC6868D4FE1D7AFBE8E051FFF24FC660CF94219B37A7B50AA1425B9C93305031433F110F2B550E913A8F981C8A3F5245DBCB56717FAE6CEC1DF5F7705AEBEF43398D71DC3C4F89BF09B1EE256AF84BE4579427A40A90827173F8D8841051AC7238F3C827BEEB947C68BDEC8753D490D9009C1800EC787D7D3008FEDA176491572E899F4CD1BDEABEE71A3B8AFEA0C1586F58E4EF3D76CF38E41CDC4526ABD47D4A0B8C37261D0083EC8A00CB3823FD5219A8C8A49298B58B16205BEF295AF09EB82E786E8EECB4F655F5C8BDC4D86AEBD0CF27E1109DF412A7918D974370E4E76E1E1AD4F61F3D6ED982C07E81F5A806A59B506E56BA740D030F16F18812DEE9D814472A7E1CA935F5A877B81B3A461C4E0DA716160E4C6F7E32F969D87D537DF844F9D9C46DDDF8FC93C43F5196432ECA638AACA407C46456DB8AE83F1F14352BB4498FBF2CB2F8B577AF1C51771CA29A7682F43186D4B7A82B54DF4EEA644A65D0FD5B68C98094AB4B34CF8253A06D5CE48B57F8D3128C211E3818C473A524B16F39C5908860A432846633C70E0004E3D75A164FD2FB8E002D98D19B4903C15D5629B148F0CD0489267172056A9C3733328935F140BE0A5E3487829FCE7ABEFE28EEF6CC34F7EF632064E9A27CD05E80D9AD29797A5F6BA549FC45BC945718356755724BB2AD3D14C6C56258612107CD6978432A3E171CB456035303E7C080B66A7B0F2A62B71F9C5E7C16D1624A95B2C0748B341402C40A55687E528A9B17A9DF42B5BA05E6F6F9F94BE6CDCB811DBB76F9771983B77AE304F18EC61F2967FABD5AAE2AD4C30623A9C36704FCD49423C7C1894300586C798DA30CAD7CE12E818543BA3747CD7440D6ABA3799FEFB91DE595481F479803F1DC7C6A14363723EB8E8A28BB061C386B0258B54DE3602816E9249E2FFC928674F593F80E33A28D754A942A6A70F13350B3F78F2DF71E7FDDBB0B76421D3D50BDBF1E1971A483931C41BACB76235115565C934B755C5AC08EA9374CBE2C6A6F404968603FC2C36D62633A3E2C34BBA28141B8857C670CDB273B1F21B37A27F16509A98845F9E44C2756133AFC47C90A827314246E81587E32855D8EEEE1E3CF5D493B8EBAEBB255F4783A1A732B4399EB178E633B266D3CF4B5129E928B43639C18E411DDF7AFED0AF8E1A94817906D37F9041F139739D49EE727170576548989ECAECC0AB57AFC6F2E5CB05FE31B725A5E1012B80D93A46C1C65ABD0C3BA108B735963E90CFD63F287AE6EF8C16B07AE356FC60C7CF90887BE81F9C877A390FC70EE0D7E342CDA0D7909072A03886094BEBE6B1A33A397ABAF134AB68DDD4002A9500E307F7E04F162FC4FA55D7E3C2B3985C2DA358CD239DB451AFD590EDEAC5D8D838BC94271E83D4233EC878E8EFEBC7EEDD6F63EDDA7FC04F7FFA3C66CDEA15C3E186C2FB16E8CCBA2D6ABC470A2CA34189E993DF31A80FDD1C4EFC0B4CF750D128533B1E4A413E558C2849E11A2371247C2605EE71210E0F0FE3BCA54BB1F29BDFC492B3164B2E8B7C3687410642C0066B9102B8B6877285CDD89AB092094C164B88D92E322EF5D57BB1FD27AFE18E6F6FC3AEDF1DC0C0FC01E41B6524621921D93214EF0AD3BC815A9D9ECB819D484A293EFB24C659914B1E9F03E447F370FD1856DFFC45ACB8F27CC4BD0A460F1591B6D348260234A4A52ECF7AACC76241A26A584DB253571719E0317CEF7B0FE3DB1BEF938D21935670598C85C11CCA0048A77A5FA49E0955CDE6C2713ADAB846215FC7439DF8DAFE50DEC11814A35066F73406D2AE414577609E95785660C294410BAAD19274BB6FDF5E61635C76D9E558B5EA16785E12FBF7EF97A817D3244C10DB8E2DB420A59BCE9DDD470315246D17F9F11C86667F0C13BE833577FE13B6FDE8BF900F12C8F6F752231931D655356BC29D632F25C74E2097AFC34A649048D45171EA28157CD40F1671D185A7E1DE357F8B85B367A17C7812093B40CD6AA0CA8EF77617EA351260552D18D9EF648DF0C160C22F7FF92BD0E3BEF5D65BF2DDCD46429029DDED752BD0E9895A33B9512F74A4093746C5B9E0983092A8D8E6ED45363B67A80FC58C5A1F3A5306154D529A04B1395F996007BD15237FB367CFC62DB7ACC4B2659F9324E7D8D84111C667A450450E09B9B8E33711B76AE2F5B2E921E4F2C3F0524D7465E6E2B95FBD8B75776DC12BBF7D159ED7876C6A3E9AF1328AFE419681A3526E22E5F48AD7ABE60F225F1EC149030358F9B51B70F9A59F46509B40AD9C4733484A8302862AEC98A5FA033078A2FB3131ACCEB2127ADBFBEFBF1FDFFDEE03E8E9518C70425D1326E73DF28C7FA4BC5DBB531C45077C0D43EAA447750CAADD11FC7F70DD4C18146FC384DACD798A6708C340E7F3DCB9798DDA759B92B8A541DD76DB1ACC9E3D4742CFFC3BE5C7B8A8EDB827F0A95A9D403ADD8D529930AA8A386B95E022D39745C96FE0FBDB9FC55D1B9FC4482E81AEA141C02E8BDA90C54A624A8C156B28E586B1E2868BF1D52F7F1E0B7B065099AC20F02B88C51DF82CEB677FAA664C180FB55A1971491EABE475D2B1F0CC33CF487065F7EEDD181C1C1248CBE7E99D7866E426600233C66345830DED4EB33128335653A8471D0FD5EE307EB8D79D88414D87355C4C26FB6F169C818DE64CD04A66C6303939214676CB2DAB71CD3557CB40B098514A4862B644EA58B2C1A6D0B5660D5E3C059FE1F5440571CB4750B5D03BD08FBDC387B172FD7D787AE7ABB0522721E6A6D18CD55039B80F672D1CC49DAB6EC29F9DF309148B1368F05CE77AA857AB086249C458A744F9E4262B8AEBA8342A48BB69A4D31EF6BCFD2EFEF18EDBF1CC8F9F9648250D8C8187B04C2472763C1AC43BDED93567521A298DB5556038C3904F5075270F75BCF373CCEB4FC4A00C943330C71CCCA72F2EB348A21090A2A58984625433D979C61967E09E7BEEC5E9A79F2A410B7A329EB98AA5A254CE9260CB08A0913723E4A231964B25385E1AD9B4872776BE86BBBEB305BBDE7C17438343B8E68ACFE1A62F7F01191B38B86F2F0606FA91CB17A4AF2E830695725905461A0C1E9085D1405F6F9FC0BF071E78100F3DF820F2F902E6CC9D239FCBEF64A09EB9D7E963F0FB78A6E824991C14FF16B2CD7FBF335494B5D72A858F56B974F250C7B48FE3BEE0440DEA783FD0189B8188DC89B9584965E28EFCA52FDD20DC40E673B880E9E98CC19A64A7596C84948469EC27952F953077702EDE1D29E1F16D3FC49F7EFA1C5C78DEA918CF1F9630FCACEE6E1C3E34896492C117B5581954A03193C4CAC008830FAFBCF2DF58BB76AD9457F03BD02B29E8A52846D1C0CD899C978E366EC7655046A32FF266ADA0C4119E144A92A81E29BA48C7A08E77F91EFBFA0FC3A008FFCC99838B9530D09CC3DE7E7B0F162D3A4322694B972E9585CCE23B2E66322EB8C88D77E07BD4D822A659C1ACDE34F2B922BC64065EA64B58E9138786117302342D1DA44866C40BF1A06F2A6269D024F88E8C8CE2A1873663EBD6ADAA5B87A7724F86246CCE4934C42891F5443DD2F4193AB641BDDFD944FF12B31294116BB506992AD91BBD54699B77A847C73692E3B9E2C806A592A212023673733C6FFA01D71AD8673C9539C4D3B0F8A0CE422E378E42A188CB2EBB4CCAEF59D14A0FC6454E8F6216B7A2F058F0D2349871A5519EF4E0D77C58415CBAB557EB25A4BC341A4D6A59D4D1A89791E9EA12952726A0693C4F3CF1041E7E780B7EF39BDF62CE9CD902EBF8FD4C148F9F436FC96B0DE4E3F306CACED0D0846F6308C553201F09C111DD5169831AEA971BC7438126619BAB872A7D67AB7B5DB16B1A23EBA2AB8E879AE9A953EC7106013299AC8657FC0CD512946A44528334457E7266BF83615C1862AE626FAB7A2C0628D881E2C61B6FC4B5D75E2B8B5A95DA2BF8C5FFB39933375AD562900B8B11375B04514A9502DC24CB3E14644B26C901A4E25043E01E85246FBDF5563CFFFCF352A43734345B6A99A49D8F7E44A15E34D012AED9E32AC66A6FECA21EB05A2D493D14ABAA45E7486A0555A986349433EA608CF54BC56E22DE24A493E03F5562B5061FDB3C8A40949E4F467B5802DDF150ED4D4ABB572983A2024F5A75B9601366A1CA283DF93FC623EAB5B8106828CCEFA81DDA176FB278F162DC7BEFBD58B870A1404043308D063C548F270BF51A4535C94C575EC4B6791E2B4F29AF78F4D14771F7DD77CBF364C6B36A99FA19C63B99FB8E265A4DC4D2246FFF5063633C14EFB15EAF4A1E8ADD50A4F2DFF0E5796F5A9759598A82126181A1126D5656A7944395DA9ABC8CBFC679866A60D1A2451DE5D8199C49B5C3C591CD2A4A8D08AD4838583A47877ADB33F891477CAB70A7353AF7524C4B9D09EEC20DA12A917CCAC670D4B4106E1DBB5B54ABE199467CAB88A128E9676E0EF438BCD6B01A5E7AE925AC5FBF5ECA2C4C289C1E8C1EF968858B518FF1871E07730FFCC93161D8FC8D37DE10D55EE5A1D85552C456948DA8AE0921FA8B251209A585A9145A448F5A156F692FAEE9F814E720ED7F70604035F45220710A1C319052BD563FA73F502ED76D735819FCBE122CF31AE940A7AA87758B07FD3A835995A14FD1459345192949D650D5287BAAE73424E1BBEBCA4B11F3D46A3D51E51AD38356F74BD081197DB7D17B93F7921B8B481EAAEF493901A520A5EFA57550D5C290FA3E8200A94C0ADD5D5D12E5AAD71BB271D1C8A4D58BA6D2FC3116520B4651E84555B3D2C0C9C6A3D8251736611A9597D8208E9A16ED3E4873DABC7933B66DDB26C18DF9F3E74BF4CE041978BFAC59521E2FEA9AB52C8376D7D1D07FD48BB5FB3D8E7D9D3ABFB26309C3FA070EEC158DC418FF264646F5592D4FCD79D69D82E47BD319598984B4F95156A68AD54472827850C437A49D71680C2289CB174AF8CF2C43418B262838456F40493B2B4F270B4D4B3C4B5302E966A02C4114639428B40C2721A6885329FD0B3DC41133D6066B5A1A4F99882965CA4A015FE087699DA00BE5B879880496169E0FAB958D41E8EA1EBD1768E3335DD3F53D4D81007A93D1DA1C72AF5A275E75B29076EC61819DD9D9A8CCF3873C271D7B1175AE38DA08700EA955C1490B5B95EA3994A3921899B22C85E4546353DD59C03408500B596080AC61E3315A06217FD57DA3A65671B6821BC62B857A666230DA03E94E7DB2D0229FAF3F4D9448A58FAB5E6BEABB2B63332EC32CE9D03B85CD97F5EB8C07112CDF52706A7D9E0ABE28B8D3F27C2D7D0DADFCA48D31F478467F2374FBBAF58F8609A173D65EDC18730B4AEBE96B4A9B2F65E8E1C61371EEDAF04DEAC2C863AB0C87BE27DD8645A9236964A1E7468DADF696A10FD57310DEAFDE4CCD39DA1CBCF5E6168A3486D2DC4A9DA4358B916A5DF95C1D190EF7CA087A08BB6928B4D2D2808CC81AEBF736F2CEF249E675F2B2C8CEAD5BCA180D94B075935E22613BA61029882A8C39EDE8038DD653D1ABAB25AEAC505474AB0BD779441DCC84C8C3EF48C8172EEA0874315ED7740D3109DE16D66EA1B62962B3D1FCF051CCFE4897B402F466973733A290A50101AD44730466E94BDFFF71FA5511B817B147ED65153C350A3611F711BE9D7A4E1BBE0178DA98A2D0751A1A9CF6FAF721641551550037DC2C14AC30703BF27FBD5AA6A70B5BBFB70CCC8050592A219E9FB234A64C994A37B6C2C0D1319EBAA3456721AA366C56B0DE94D416A11748EBC8FEBE0F8D6C906A14CC917FFA7868A39A324AD1D99E7AEFAD816F9D1A5A65F891EF13BD5003F1308364F63C3D6D475ACAD16F69E641CE501D87DF1981CE08CCCC08740C6A66C6B1F32E9D115000BFE3A13A2BA133023337021D839AB9B1ECBC53670454946FA609869D71ED8CC047750424A8315D5DF4A33A189DFBEE8CC0898E801894F4EB89482D9DE89B765EDF19818FE208901411BB72F9F2E6E3DBB6C9FD773CD547711974EE792646804C783EFE0F0A507581F460CF450000000049454E44AE426082 WHERE `app_id` = '8'; --- add Acumos thumbnail -UPDATE `fn_app` SET `thumbnail` = 0x89504E470D0A1A0A0000000D49484452000001680000012C0806000000EE2C29AF0000200049444154785EEC7D07785CD5B5F55AFBDE5171EF361008BD2790D04B82E936B849F2C8B22901530221210142313CF29C504C0F846042EF6E634BC6155382430D10D31F108AE9C6B2B171B7A4997BF6FF9D3B335733B264490E84F9E19CEF7BCF4173CB9975CEAC7BEE3E6BAF4DB8E610700838041C020589000BB257AE530E01878043C0210047D06E1238041C020E810245C01174810E8CEB9643C021E0107004EDE68043C021E0102850041C4117E8C0B86E39041C020E0147D06E0E38041C020E810245C01174810E8CEB9643C021E0107004EDE68043C021 WHERE `app_id` = '10'; -- for R1 Enhanced Notification ticket source from JIRA INSERT INTO `ep_basic_auth_account` VALUES (1,'JIRA','jira','6APqvG4AU2rfLgCvMdySwQ==','Y'); diff --git a/deliveries/build_portalapps_dockers.sh b/deliveries/build_portalapps_dockers.sh index 5092b407..2a09997c 100755 --- a/deliveries/build_portalapps_dockers.sh +++ b/deliveries/build_portalapps_dockers.sh @@ -10,13 +10,22 @@ set -e -x # This reuses the docker-compose environment file echo "Set image tag name variables" source $(dirname $0)/.env +if [ $1 ]; then + echo "Sourcing extra parameters from $1" + source $(dirname $0)/$1 +else + echo "Using only base parameters from .env" +fi # Check for Jenkins build number if [ -n "$BUILD_NUMBER" ]; then - echo "Using Jenkins build number $BUILD_NUMBER" + export PORTAL_TAG=$BUILD_NUMBER + echo "Using Jenkins build number $BUILD_NUMBER; Docker Tag $PORTAL_TAG" else # This indicates a non-Jenkins build export BUILD_NUMBER="999" + echo "Using Default build number $BUILD_NUMBER; Docker Tag $PORTAL_TAG" + fi # Must work when called by ONAP Jenkins AND local builds. @@ -30,12 +39,10 @@ else fi # This expects to start in the deliveries folder; make sure -PORTAL_DOCKERFILE=Dockerfile.portal -if [ ! -f $PORTAL_DOCKERFILE ] ; then +if [ "$PORTAL_DOCKERFILE" != "skip"] && [ ! -f $PORTAL_DOCKERFILE ] ; then echo "Failed to find file ${PORTAL_DOCKERFILE}; must start in deliveries folder; exiting" exit 1 fi -SDK_DOCKERFILE=Dockerfile.sdk # Store directory names as variables # This is the deliveries area. @@ -65,26 +72,36 @@ else echo "Build jar and war files" cd $BASEDIR - ${MVN} clean install + ${MVN} ${MVN_EXTRA_PORTAL} clean install - echo "Build Portal-SDK app" - cd $BASEDIR/sdk/ecomp-sdk/epsdk-app-os - ${MVN} clean package + if [ "$SDK_DOCKERFILE" != "skip" ] && [ "SDK_APP_DIR" != "skip" ]; then + echo "Build Portal-SDK app" + cd $BASEDIR/$SDK_APP_DIR + ${MVN} ${MVN_EXTRA_SDK} clean package + fi echo "Java build complete." fi -echo "Copy Portal app BE" -cp $BASEDIR/ecomp-portal-BE-os/target/portal-be-os.war $BUILD_ABS +if [ "$BE_DOCKERFILE" != "skip" ] || [ "PORTAL_DOCKERFILE" != "skip" ]; then + echo "Copy Portal app BE" + cp $BASEDIR/$BE_WAR_DIR/$BE_WAR_FILE $BUILD_ABS +fi -echo "Copy Portal app FE" -cp -r $BASEDIR/ecomp-portal-FE-os/dist/public $BUILD_ABS +if [ "$FE_DOCKERFILE" != "skip" ] || [ "PORTAL_DOCKERFILE" != "skip" ]; then + echo "Copy Portal app FE" + cp -r $BASEDIR/$FE_DIR $BUILD_ABS +fi -echo "Copy Portal widget-ms" -cp $BASEDIR/ecomp-portal-widget-ms/widget-ms/target/widget-ms.jar $BUILD_ABS +if [ "$WMS_DOCKERFILE" != "skip" ]; then + echo "Copy Portal widget-ms" + cp $BASEDIR/$WIDGET_MS_JAR_DIR/$WIDGET_MS_JAR_FILE $BUILD_ABS +fi -echo "Copy Portal-SDK app build results" -cp $BASEDIR/sdk/ecomp-sdk/epsdk-app-os/target/epsdk-app-os.war $BUILD_ABS +if [ "$SDK_DOCKERFILE" != "skip" ] && [ "SDK_APP_DIR" != "skip" ]; then + echo "Copy Portal-SDK app build results" + cp $BASEDIR/$SDK_WAR_DIR/$SDK_WAR_FILE $BUILD_ABS +fi # Build Docker images @@ -99,59 +116,107 @@ fi # must work in delivery directory cd $DELIVDIR +if [ "$DB_DOCKERFILE" = "skip" ]; then + echo "SKIPPING DB DOCKER BUILD!" +else # Copy DDL/DML to required directories # RELATIVE PATHS to local directories with database scripts # bcos Docker looks within this build area only -DB_SCRIPT_DIR=$BUILD_REL/db-scripts -mkdir -p ${DELIVDIR}/${DB_SCRIPT_DIR} + DB_SCRIPT_DIR=$BUILD_REL/db-scripts + mkdir -p ${DELIVDIR}/${DB_SCRIPT_DIR} # Portal -cp $BASEDIR/ecomp-portal-DB-common/*.sql ${DB_SCRIPT_DIR} -cp $BASEDIR/ecomp-portal-DB-os/*.sql ${DB_SCRIPT_DIR} + cp $BASEDIR/ecomp-portal-DB-common/*.sql ${DB_SCRIPT_DIR} + cp $BASEDIR/ecomp-portal-DB-os/*.sql ${DB_SCRIPT_DIR} # SDK app -cp $BASEDIR/sdk/ecomp-sdk/epsdk-app-common/db-scripts/*.sql ${DB_SCRIPT_DIR} -cp $BASEDIR/sdk/ecomp-sdk/epsdk-app-os/db-scripts/*.sql ${DB_SCRIPT_DIR} - -echo "Build mariadb docker image" -DB_DOCKER_CMD=" - docker build -t ${DB_IMG_NAME}:${PORTAL_TAG} ${PROXY_ARGS} - --build-arg DB_SCRIPT_DIR=${DB_SCRIPT_DIR} - -f Dockerfile.mariadb . -" -$DB_DOCKER_CMD + cp $BASEDIR/sdk/ecomp-sdk/epsdk-app-common/db-scripts/*.sql ${DB_SCRIPT_DIR} + cp $BASEDIR/sdk/ecomp-sdk/epsdk-app-os/db-scripts/*.sql ${DB_SCRIPT_DIR} + + echo "Build mariadb docker image" + DB_DOCKER_CMD=" + docker build -t ${DB_IMG_NAME}:${PORTAL_TAG} ${PROXY_ARGS} + --build-arg DB_SCRIPT_DIR=${DB_SCRIPT_DIR} + -f $DB_DOCKERFILE . + " + $DB_DOCKER_CMD +fi # Copy cassandra scripts to required directories # Portal -cp $BASEDIR/ecomp-portal-DB-common/*.cql ${DELIVDIR} +#cp $BASEDIR/ecomp-portal-DB-common/*.cql ${DELIVDIR} # SDK app -cp $BASEDIR/sdk/ecomp-sdk/epsdk-app-common/db-scripts/*.cql ${DELIVDIR} +#cp $BASEDIR/sdk/ecomp-sdk/epsdk-app-common/db-scripts/*.cql ${DELIVDIR} # Build Docker Images -echo "Build portal docker image" -PORTAL_DOCKER_CMD=" - docker build -t ${EP_IMG_NAME}:${PORTAL_TAG} ${PROXY_ARGS} - --build-arg FE_DIR=$BUILD_REL/public - --build-arg PORTAL_WAR=$BUILD_REL/portal-be-os.war - --build-arg SERVERXML=${DELIVDIR}/server.xml - -f $PORTAL_DOCKERFILE . -" -$PORTAL_DOCKER_CMD - -echo "Build sdk demo app docker image" -SDK_DOCKER_CMD=" - docker build -t ${SDK_IMG_NAME}:${PORTAL_TAG} ${PROXY_ARGS} - --build-arg SDK_WAR=$BUILD_REL/epsdk-app-os.war - -f $SDK_DOCKERFILE . -" -$SDK_DOCKER_CMD - -echo "Build widget-ms docker image" -WMS_DOCKER_CMD=" - docker build -t ${WMS_IMG_NAME}:${PORTAL_TAG} ${PROXY_ARGS} - --build-arg WMS_JAR=$BUILD_REL/widget-ms.jar - -f Dockerfile.widgetms . -" -$WMS_DOCKER_CMD +#Combined FE/BE image +if [ "$PORTAL_DOCKERFILE" = "skip" ]; then + echo "SKIPPING PORTAL DOCKER IMAGE BUILD!" +else + echo "Build portal docker image" + PORTAL_DOCKER_CMD=" + docker build -t ${EP_IMG_NAME}:${PORTAL_TAG} ${PROXY_ARGS} + --build-arg FE_DIR=$BUILD_REL/public + --build-arg PORTAL_WAR=$BUILD_REL/$BE_WAR_FILE + --build-arg SERVERXML=${SERVER_XML_DIR}/server.xml + --build-arg PORTALCONTEXT=$PORTALCONTEXT + -f $PORTAL_DOCKERFILE . + " + $PORTAL_DOCKER_CMD +fi + +if [ "$SDK_DOCKERFILE" = "skip" ]; then + echo "SKIPPING SDK DOCKER IMAGE BUILD!" +else + echo "Build sdk demo app docker image" + SDK_DOCKER_CMD=" + docker build -t ${SDK_IMG_NAME}:${PORTAL_TAG} ${PROXY_ARGS} + --build-arg SDK_WAR=$BUILD_REL/$SDK_WAR_FILE + --build-arg SDKCONTEXT=$SDKCONTEXT + -f $SDK_DOCKERFILE . + " + $SDK_DOCKER_CMD +fi + +if [ "$BE_DOCKERFILE" = "skip" ]; then + echo "SKIPPING BE DOCKER IMAGE BUILD!" +else + echo "Build portal be image" + BE_DOCKER_CMD=" + docker build -t ${BE_IMG_NAME}:${PORTAL_TAG} ${PROXY_ARGS} + --build-arg PORTAL_WAR=$BUILD_REL/$BE_WAR_FILE + --build-arg SERVERXML=${SERVER_XML_DIR}/server.xml + --build-arg PORTALCONTEXT=$PORTALCONTEXT + --build-arg BE_BASE_IMAGE=$BE_BASE_IMAGE + -f $BE_DOCKERFILE . + " + $BE_DOCKER_CMD +fi + +if [ "$FE_DOCKERFILE" = "skip" ]; then + echo "SKIPPING FE DOCKER IMAGE BUILD!" +else + echo "Build portal fe image" + FE_DOCKER_CMD=" + docker build -t ${FE_IMG_NAME}:${PORTAL_TAG} ${PROXY_ARGS} + --build-arg FE_DIR=$BUILD_REL/public + --build-arg FECONTEXT=$FECONTEXT + --build-arg FE_BASE_IMAGE=$FE_BASE_IMAGE + -f $FE_DOCKERFILE . + " + $FE_DOCKER_CMD +fi + +if [ "$WMS_DOCKERFILE" = "skip" ]; then + echo "SKIPPING WIDGET-MS DOCKER IMAGE BUILD!" +else + echo "Build widget-ms docker image" + WMS_DOCKER_CMD=" + docker build -t ${WMS_IMG_NAME}:${PORTAL_TAG} ${PROXY_ARGS} + --build-arg WMS_JAR=$BUILD_REL/$WIDGET_MS_JAR_FILE + -f Dockerfile.widgetms . + " + $WMS_DOCKER_CMD +fi # For ease of debugging, leave the build dir # echo "Cleaning up" diff --git a/deliveries/keystoreONAP.keystore b/deliveries/keystoreONAP.keystore Binary files differnew file mode 100644 index 00000000..ff0f0d76 --- /dev/null +++ b/deliveries/keystoreONAP.keystore diff --git a/deliveries/my.cnf b/deliveries/my.cnf index 97340675..e06a211c 100644 --- a/deliveries/my.cnf +++ b/deliveries/my.cnf @@ -180,6 +180,7 @@ quote-names max_allowed_packet = 16M [mysql] +default_character_set = utf8 #no-auto-rehash # faster start of mysql but no tab completion [isamchk] diff --git a/deliveries/server.xml b/deliveries/server.xml index e23771cc..cf202a91 100644 --- a/deliveries/server.xml +++ b/deliveries/server.xml @@ -14,6 +14,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. + Modifications to this file for use in ONAP are also subject to the Apache-2.0 license. --> <!-- Note: A "Server" is not itself a "Container", so you may not diff --git a/deliveries/start-apache-tomcat.sh b/deliveries/start-apache-tomcat.sh index 522eaf2a..98dde8b9 100644 --- a/deliveries/start-apache-tomcat.sh +++ b/deliveries/start-apache-tomcat.sh @@ -5,6 +5,7 @@ hostip="" hostname="" +BASE=/opt/apache-tomcat-8.0.37 while [ $# -gt 0 ]; do key="$1" case $key in @@ -20,6 +21,12 @@ while [ $# -gt 0 ]; do shift # past argument shift # past value ;; + -b|--base) + BASE="$2" + echo "$0: option -b value is $BASE" + shift # past argument + shift # past value + ;; *) echo "$0: ignoring argument $key" shift @@ -43,7 +50,6 @@ else fi fi -BASE=/opt/apache-tomcat-8.0.37 if [ ! -d $BASE ] ; then echo "$0: $BASE not found or not a directory" exit 1 diff --git a/deliveries/truststoreONAPall.jks b/deliveries/truststoreONAPall.jks Binary files differnew file mode 100644 index 00000000..ff844b10 --- /dev/null +++ b/deliveries/truststoreONAPall.jks diff --git a/docs/release-notes.rst b/docs/release-notes.rst index bc2e7002..a1b6e09c 100644 --- a/docs/release-notes.rst +++ b/docs/release-notes.rst @@ -1,12 +1,78 @@ .. This work is licensed under a Creative Commons Attribution 4.0 International License. .. http://creativecommons.org/licenses/by/4.0 -.. Copyright 2017-2018 AT&T Intellectual Property. All rights reserved +.. Copyright 2017-2019 AT&T Intellectual Property. All rights reserved Portal Platform Release Notes ============================= +Version: 2.5.0 +-------------- +:Release Date: 2019-06-13 + +.. toctree:: + :maxdepth: 1 + +We worked on SDK upgrade to integrate with AAF. We partially implemented multi-language. + +**New Features** + * SDK upgrade to integrate with AAF + * Use of CADI + * 68% JUnit Test Coverage + * Addressing security issues + * Internationalization language support - partially implemented + * Reporting feature enhancement in portal/sdk - design and partial code changes + +**Bug Fixes** + * Fixed Sonar reported critical issues. + +**Known Issues** + * Mismatch while displaying active online user in Portal. + * Internationalization Language component partially completed. + * Functional Menu change requires manual refresh. + +**Security Notes** + +*Fixed Security Issues* + +*Known Security Issues* + + * CVE-2019-12317 - Number of XSS vulnerabilities in Portal [`OJSI-15 <https://jira.onap.org/browse/OJSI-15>`_] + * CVE-2019-12122 - ONAP Portal allows to retrieve password of currently active user [`OJSI-65 <https://jira.onap.org/browse/OJSI-65>`_] + * CVE-2019-12121 - ONAP Portal is vulnerable for Padding Oracle attack [`OJSI-92 <https://jira.onap.org/browse/OJSI-92>`_] + * In defult deployment PORTAL (portal-app) exposes HTTP port 8989 outside of cluster. [`OJSI-97 <https://jira.onap.org/browse/OJSI-97>`_] + * In defult deployment PORTAL (portal-app) exposes HTTP port 30215 outside of cluster. [`OJSI-105 <https://jira.onap.org/browse/OJSI-105>`_] + * In defult deployment PORTAL (portal-sdk) exposes HTTP port 30212 outside of cluster. [`OJSI-106 <https://jira.onap.org/browse/OJSI-106>`_] + * CVE-2019-12318 - Number of SQL Injections in Portal [`OJSI-174 <https://jira.onap.org/browse/OJSI-174>`_] + * Portal stores users passwords encrypted instead of hashed [`OJSI-190 <https://jira.onap.org/browse/OJSI-190>`_] + +*Known Vulnerabilities in Used Modules* + +PORTAL code has been formally scanned during build time using NexusIQ and all Critical vulnerabilities have been addressed, items that remain open have been assessed for risk and determined to be false positive. The PORTAL open Critical security vulnerabilities and their risk assessment have been documented as part of the `project <https://wiki.onap.org/pages/viewpage.action?pageId=51283057>`_. + +Quick Links: + - `PORTAL project page <https://wiki.onap.org/display/DW/Portal+Platform+Project>`_ + + - `Passing Badge information for PORTAL <https://bestpractices.coreinfrastructure.org/en/projects/1441>`_ + + - `Project Vulnerability Review Table for PORTAL <https://wiki.onap.org/pages/viewpage.action?pageId=51283057>`_ + +**Upgrade Notes** + * For https Apps onboarded to portal, a certificate has to be downloaded in the browser when first trying to access the landing page of the App. + * For onboarded Apps using http (since Portal is using https) the browser asks the user to click to Proceed to the unsafe URL. + * For onboarded Apps using http the icon in the URL bar will appear red, click on it and allow unsafe scripts. + * The first time some apps are selected in the Applications panel, an error stating the webpage might be temporarily down, copy the presented URL to a new browser; once that is done, the application will open in the Portal. + +**Deprecation Notes** + +**Other** + * Below are the docker images released as part of Portal Platform project: + * onap/portal-app:2.5.0 + * onap/portal-db:2.5.0 + * onap/portal-sdk:2.5.0 + * onap/portal-wms:2.5.0 + * portal/sdk java artifacts - (Release branch: “release-2.5.0”) -Version: 2.3.2 +Version: 2.3.2 -------------- :Release Date: 2019-04-15 @@ -17,10 +83,10 @@ This is the official release notes for the Casablanca Maintenance Release 3.0.2. **Known Issues** * The issue is an application running on HTTPS will not open in Portal if the AAF root CA is missing. - An error message will appear in a separate tab in Portal. It will say something like: - “The webpage at https://portal.api.simpledemo.onap.org:30200/vid/welcome.htm?cc=........ might + An error message will appear in a separate tab in Portal. It will say something like: + “The webpage at https://portal.api.simpledemo.onap.org:30200/vid/welcome.htm?cc=........ might be temporarily down or it may have moved permanently to a new web address.” - Here is the work-around, copy above VID (or other app) URL and replace welcome.htm to login.htm + Here is the work-around, copy above VID (or other app) URL and replace welcome.htm to login.htm in a new browser window; after login come back to Portal home page and click VID, it will now work. * For applications running on HTTP (for example SDC), the user needs to disable the security check in the browser to access the application. diff --git a/ecomp-portal-BE-common/pom.xml b/ecomp-portal-BE-common/pom.xml index b8787f78..61f166db 100644 --- a/ecomp-portal-BE-common/pom.xml +++ b/ecomp-portal-BE-common/pom.xml @@ -5,7 +5,7 @@ <parent> <groupId>org.onap.portal</groupId> <artifactId>onap-portal-parent</artifactId> - <version>2.5.0</version> + <version>2.6.0-SNAPSHOT</version> </parent> <artifactId>portal-be-common</artifactId> @@ -600,6 +600,24 @@ <artifactId>jackson-jaxrs-json-provider</artifactId> <version>2.8.10</version> </dependency> + <!-- https://mvnrepository.com/artifact/org.glassfish.web/javax.el --> + <dependency> + <groupId>org.glassfish.web</groupId> + <artifactId>javax.el</artifactId> + <version>2.2.6</version> + </dependency> + <!-- https://mvnrepository.com/artifact/javax.el/el-api --> + <dependency> + <groupId>javax.el</groupId> + <artifactId>el-api</artifactId> + <version>2.2.1-b04</version> + </dependency> + <!-- https://mvnrepository.com/artifact/org.jsoup/jsoup --> + <dependency> + <groupId>org.jsoup</groupId> + <artifactId>jsoup</artifactId> + <version>1.12.1</version> + </dependency> <dependency> <groupId>org.glassfish.jersey.connectors</groupId> <artifactId>jersey-jetty-connector</artifactId> diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/music/conf/MusicSessionRepositoryHandler.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/music/conf/MusicSessionRepositoryHandler.java index cd911b80..7b42d52d 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/music/conf/MusicSessionRepositoryHandler.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/music/conf/MusicSessionRepositoryHandler.java @@ -80,9 +80,7 @@ public class MusicSessionRepositoryHandler { MusicService.removeSession(id); } catch (MusicLockingException e) { logger.error(EELFLoggerDelegate.errorLogger, "removeSession locking failed with id " + id, e); - } catch (MusicServiceException e) { - logger.error(EELFLoggerDelegate.errorLogger, "removeSession failed with id " + id, e); - } + } } } diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/AppsController.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/AppsController.java index b5bd02bc..4b401e22 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/AppsController.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/AppsController.java @@ -4,6 +4,8 @@ * =================================================================== * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. * =================================================================== + * Modifications Copyright (c) 2019 Samsung + * =================================================================== * * Unless otherwise specified, all software contained herein is licensed * under the Apache License, Version 2.0 (the "License"); @@ -37,13 +39,21 @@ */ package org.onap.portalapp.portal.controller; +import com.fasterxml.jackson.core.JsonProcessingException; +import com.fasterxml.jackson.databind.ObjectMapper; import java.io.IOException; +import java.util.ArrayList; +import java.util.Arrays; import java.util.List; +import java.util.Map; import java.util.Set; +import java.util.stream.Stream; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.json.JSONArray; +import org.json.JSONObject; import org.onap.portalapp.controller.EPRestrictedBaseController; import org.onap.portalapp.portal.domain.AdminUserApplications; import org.onap.portalapp.portal.domain.AppIdAndNameTransportModel; @@ -52,10 +62,13 @@ import org.onap.portalapp.portal.domain.EPApp; import org.onap.portalapp.portal.domain.EPUser; import org.onap.portalapp.portal.domain.EcompApp; import org.onap.portalapp.portal.domain.UserRoles; +import org.onap.portalapp.portal.exceptions.InvalidApplicationException; import org.onap.portalapp.portal.logging.aop.EPAuditLog; +import org.onap.portalapp.portal.logging.logic.EPLogUtil; import org.onap.portalapp.portal.service.AdminRolesService; import org.onap.portalapp.portal.service.EPAppService; import org.onap.portalapp.portal.service.EPLeftMenuService; +import org.onap.portalapp.portal.service.ExternalAccessRolesService; import org.onap.portalapp.portal.transport.EPAppsManualPreference; import org.onap.portalapp.portal.transport.EPAppsSortPreference; import org.onap.portalapp.portal.transport.EPDeleteAppsManualSortPref; @@ -63,6 +76,7 @@ import org.onap.portalapp.portal.transport.EPWidgetsSortPreference; import org.onap.portalapp.portal.transport.FieldsValidator; import org.onap.portalapp.portal.transport.LocalRole; import org.onap.portalapp.portal.transport.OnboardingApp; +import org.onap.portalapp.portal.utils.EPCommonSystemProperties; import org.onap.portalapp.portal.utils.EcompPortalUtils; import org.onap.portalapp.portal.utils.PortalConstants; import org.onap.portalapp.util.EPUserUtils; @@ -73,15 +87,18 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.EnableAspectJAutoProxy; import org.springframework.http.HttpEntity; import org.springframework.http.HttpHeaders; +import org.springframework.http.HttpMethod; +import org.springframework.http.HttpStatus; import org.springframework.http.MediaType; +import org.springframework.http.ResponseEntity; import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.RestController; - -import com.fasterxml.jackson.core.JsonProcessingException; -import com.fasterxml.jackson.databind.ObjectMapper; +import org.springframework.web.client.HttpClientErrorException; +import org.springframework.web.client.HttpStatusCodeException; +import org.springframework.web.client.RestTemplate; @RestController @EnableAspectJAutoProxy @@ -97,6 +114,10 @@ public class AppsController extends EPRestrictedBaseController { @Autowired private EPLeftMenuService leftMenuService; + + @Autowired + private ExternalAccessRolesService externalAccessRolesService; + RestTemplate template = new RestTemplate(); /** * RESTful service method to fetch all Applications available to current @@ -471,7 +492,7 @@ public class AppsController extends EPRestrictedBaseController { if (!adminRolesService.isSuperAdmin(user)) { EcompPortalUtils.setBadPermissions(user, response, "getApps"); } else { - apps = appService.getAllApps(false); + apps = appService.getAllApplications(false); EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/availableApps", "GET result =", apps); } } catch (Exception e) { @@ -664,10 +685,18 @@ public class AppsController extends EPRestrictedBaseController { EPUser user = EPUserUtils.getUserSession(request); List<OnboardingApp> onboardingApps = null; try { - if (!adminRolesService.isSuperAdmin(user)) { + if (!adminRolesService.isSuperAdmin(user) && !adminRolesService.isAccountAdmin(user)) { EcompPortalUtils.setBadPermissions(user, response, "getOnboardingApps"); } else { + + if(adminRolesService.isSuperAdmin(user)){ onboardingApps = appService.getOnboardingApps(); + } + else if(adminRolesService.isAccountAdmin(user)) + { + //get all his admin apps + onboardingApps = appService.getAdminAppsOfUser(user); + } EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/onboardingApps", "GET result =", "onboardingApps of size " + onboardingApps.size()); } @@ -687,19 +716,39 @@ public class AppsController extends EPRestrictedBaseController { * @param modifiedOnboardingApp * app to update * @return FieldsValidator + * @throws Exception */ @RequestMapping(value = { "/portalApi/onboardingApps" }, method = RequestMethod.PUT, produces = "application/json") public FieldsValidator putOnboardingApp(HttpServletRequest request, - @RequestBody OnboardingApp modifiedOnboardingApp, HttpServletResponse response) { + @RequestBody OnboardingApp modifiedOnboardingApp, HttpServletResponse response) throws Exception { FieldsValidator fieldsValidator = null; EPUser user = null; EPApp oldEPApp = null; + oldEPApp = appService.getApp(modifiedOnboardingApp.id); + ResponseEntity<String> res = null; + try { user = EPUserUtils.getUserSession(request); - if (!adminRolesService.isSuperAdmin(user)) { + if (!adminRolesService.isSuperAdmin(user) && !adminRolesService.isAccountAdminOfAnyActiveorInactiveApplication(user, oldEPApp) ) { EcompPortalUtils.setBadPermissions(user, response, "putOnboardingApp"); } else { - oldEPApp = appService.getApp(modifiedOnboardingApp.id); + if((oldEPApp.getCentralAuth() && modifiedOnboardingApp.isCentralAuth && !oldEPApp.getNameSpace().equalsIgnoreCase(modifiedOnboardingApp.nameSpace) && modifiedOnboardingApp.nameSpace!= null ) || (!oldEPApp.getCentralAuth() && modifiedOnboardingApp.isCentralAuth && modifiedOnboardingApp.nameSpace!= null)) + { + try { + res = appService.checkIfNameSpaceIsValid(modifiedOnboardingApp.nameSpace); + } catch (HttpClientErrorException e) { + logger.error(EELFLoggerDelegate.errorLogger, "checkIfNameSpaceExists failed", e); + EPLogUtil.logExternalAuthAccessAlarm(logger, e.getStatusCode()); + if (e.getStatusCode() == HttpStatus.NOT_FOUND || e.getStatusCode() == HttpStatus.FORBIDDEN) { + fieldsValidator = setResponse(e.getStatusCode(),fieldsValidator,response); + throw new InvalidApplicationException("Invalid NameSpace"); + }else{ + fieldsValidator = setResponse(e.getStatusCode(),fieldsValidator,response); + throw e; + } + } + + } modifiedOnboardingApp.normalize(); fieldsValidator = appService.modifyOnboardingApp(modifiedOnboardingApp, user); response.setStatus(fieldsValidator.httpStatusCode.intValue()); @@ -711,8 +760,9 @@ public class AppsController extends EPRestrictedBaseController { try { String oldvaluesAsJson = new ObjectMapper().writeValueAsString(oldEPApp); String newvaluesAsJson = new ObjectMapper().writeValueAsString(modifiedOnboardingApp); - logger.info(EELFLoggerDelegate.auditLogger, "/portalApi/onboardingApps, old values ="+oldvaluesAsJson); - logger.info(EELFLoggerDelegate.auditLogger, "/portalApi/onboardingApps, loginId="+user.getLoginId()+", new values ="+newvaluesAsJson); + logger.info(EELFLoggerDelegate.auditLogger, "/portalApi/onboardingApps, old values ={}", oldvaluesAsJson); + logger.info(EELFLoggerDelegate.auditLogger, "/portalApi/onboardingApps, loginId={}, new values ={}", + user != null ? user.getLoginId() : "", newvaluesAsJson); } catch (JsonProcessingException e) { logger.error(EELFLoggerDelegate.errorLogger, "putOnboardingApps failed", e); } @@ -722,6 +772,8 @@ public class AppsController extends EPRestrictedBaseController { return fieldsValidator; } + + /** * * @param request @@ -742,17 +794,58 @@ public class AppsController extends EPRestrictedBaseController { EcompPortalUtils.setBadPermissions(user, response, "postOnboardingApps"); } else { newOnboardingApp.normalize(); + ResponseEntity<String> res = null; + try { + if( !(newOnboardingApp.nameSpace == null) && !newOnboardingApp.nameSpace.isEmpty()) + res = appService.checkIfNameSpaceIsValid(newOnboardingApp.nameSpace); + } catch (HttpClientErrorException e) { + logger.error(EELFLoggerDelegate.errorLogger, "checkIfNameSpaceExists failed", e); + EPLogUtil.logExternalAuthAccessAlarm(logger, e.getStatusCode()); + if (e.getStatusCode() == HttpStatus.NOT_FOUND || e.getStatusCode() == HttpStatus.FORBIDDEN) { + fieldsValidator = setResponse(e.getStatusCode(),fieldsValidator,response); + throw new InvalidApplicationException("Invalid NameSpace"); + }else{ + fieldsValidator = setResponse(e.getStatusCode(),fieldsValidator,response); + throw e; + } + } fieldsValidator = appService.addOnboardingApp(newOnboardingApp, user); response.setStatus(fieldsValidator.httpStatusCode.intValue()); } + if(response.getStatus()==200) { + try { + String newvaluesAsJson = new ObjectMapper().writeValueAsString(newOnboardingApp); + logger.info(EELFLoggerDelegate.auditLogger, "/portalApi/onboardingApps, loginId="+user.getLoginId()+", values ="+newvaluesAsJson); + } catch (JsonProcessingException e) { + logger.error(EELFLoggerDelegate.errorLogger, "postOnboardingApps failed", e); + } + } } catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger, "postOnboardingApp failed", e); + logger.error(EELFLoggerDelegate.errorLogger, "postOnboardingApp failed", e); } EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/onboardingApps", "POST result =", response.getStatus()); return fieldsValidator; } + + private FieldsValidator setResponse(HttpStatus statusCode,FieldsValidator fieldsValidator,HttpServletResponse response) + { + fieldsValidator = new FieldsValidator(); + if (statusCode == HttpStatus.NOT_FOUND || statusCode == HttpStatus.FORBIDDEN) { + fieldsValidator.httpStatusCode = new Long(HttpServletResponse.SC_NOT_FOUND); + logger.error(EELFLoggerDelegate.errorLogger, "setResponse failed"+ "invalid namespace"); + }else if (statusCode == HttpStatus.UNAUTHORIZED) { + fieldsValidator.httpStatusCode = new Long(HttpServletResponse.SC_UNAUTHORIZED); + logger.error(EELFLoggerDelegate.errorLogger, "setResponse failed"+ "unauthorized"); + } else{ + fieldsValidator.httpStatusCode = new Long(HttpServletResponse.SC_BAD_REQUEST); + logger.error(EELFLoggerDelegate.errorLogger, "setResponse failed ",statusCode); + + } + response.setStatus(fieldsValidator.httpStatusCode.intValue()); + return fieldsValidator; + } /** * REST endpoint to process a request to delete an on-boarded application. @@ -778,11 +871,15 @@ public class AppsController extends EPRestrictedBaseController { fieldsValidator = appService.deleteOnboardingApp(user, appId); response.setStatus(fieldsValidator.httpStatusCode.intValue()); } + if (response.getStatus() == 200) { + logger.info(EELFLoggerDelegate.auditLogger, + "/portalApi/onboardingApps/" + appId + "deleted by user " + user.getLoginId()); + } } catch (Exception e) { logger.error(EELFLoggerDelegate.errorLogger, "deleteOnboardingApp failed", e); response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); } - + EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/onboardingApps" + appId, "DELETE result =", response.getStatus()); return fieldsValidator; @@ -823,5 +920,6 @@ public class AppsController extends EPRestrictedBaseController { header.setContentLength(app.getThumbnail().length); return new HttpEntity<byte[]>(app.getThumbnail(), header); } + } diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/AppsControllerExternalRequest.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/AppsControllerExternalRequest.java index cef5fa74..fe029e0e 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/AppsControllerExternalRequest.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/AppsControllerExternalRequest.java @@ -39,9 +39,15 @@ package org.onap.portalapp.portal.controller; import java.util.List; +import java.util.Set; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import javax.validation.ConstraintViolation; +import javax.validation.Valid; +import javax.validation.Validation; +import javax.validation.Validator; +import javax.validation.ValidatorFactory; import org.onap.portalapp.portal.domain.EPApp; import org.onap.portalapp.portal.domain.EPUser; import org.onap.portalapp.portal.ecomp.model.PortalRestResponse; @@ -88,16 +94,12 @@ import io.swagger.annotations.ApiOperation; @EnableAspectJAutoProxy @EPAuditLog public class AppsControllerExternalRequest implements BasicAuthenticationController { + private static final ValidatorFactory VALIDATOR_FACTORY = Validation.buildDefaultValidatorFactory(); private EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(AppsControllerExternalRequest.class); private static final String ONBOARD_APP = "/onboardApp"; - // Where is this used? - public boolean isAuxRESTfulCall() { - return true; - } - /** * For testing whether a user is a superadmin. */ @@ -145,10 +147,20 @@ public class AppsControllerExternalRequest implements BasicAuthenticationControl @RequestMapping(value = "/portalAdmin", method = RequestMethod.POST, produces = "application/json") @ResponseBody public PortalRestResponse<String> postPortalAdmin(HttpServletRequest request, HttpServletResponse response, - @RequestBody EPUser epUser) { + @Valid @RequestBody EPUser epUser) { EcompPortalUtils.logAndSerializeObject(logger, "postPortalAdmin", "request", epUser); PortalRestResponse<String> portalResponse = new PortalRestResponse<>(); + if (epUser!=null){ + Validator validator = VALIDATOR_FACTORY.getValidator(); + Set<ConstraintViolation<EPUser>> constraintViolations = validator.validate(epUser); + if (!constraintViolations.isEmpty()){ + portalResponse.setStatus(PortalRestStatusEnum.ERROR); + portalResponse.setMessage("Data is not valid"); + return portalResponse; + } + } + // Check mandatory fields. if (epUser.getEmail() == null || epUser.getEmail().trim().length() == 0 // || epUser.getLoginId() == null || epUser.getLoginId().trim().length() == 0 // @@ -248,10 +260,18 @@ public class AppsControllerExternalRequest implements BasicAuthenticationControl @RequestMapping(value = { ONBOARD_APP }, method = RequestMethod.POST, produces = "application/json") @ResponseBody public PortalRestResponse<String> postOnboardAppExternal(HttpServletRequest request, HttpServletResponse response, - @RequestBody OnboardingApp newOnboardApp) { + @Valid @RequestBody OnboardingApp newOnboardApp) { EcompPortalUtils.logAndSerializeObject(logger, "postOnboardAppExternal", "request", newOnboardApp); PortalRestResponse<String> portalResponse = new PortalRestResponse<>(); - + if (newOnboardApp != null){ + Validator validator = VALIDATOR_FACTORY.getValidator(); + Set<ConstraintViolation<OnboardingApp>> constraintViolations = validator.validate(newOnboardApp); + if (!constraintViolations.isEmpty()){ + portalResponse.setStatus(PortalRestStatusEnum.ERROR); + portalResponse.setMessage("Data is not valid"); + return portalResponse; + } + } // Validate fields if (newOnboardApp.id != null) { portalResponse.setStatus(PortalRestStatusEnum.ERROR); @@ -335,9 +355,20 @@ public class AppsControllerExternalRequest implements BasicAuthenticationControl @RequestMapping(value = { ONBOARD_APP + "/{appId}" }, method = RequestMethod.PUT, produces = "application/json") @ResponseBody public PortalRestResponse<String> putOnboardAppExternal(HttpServletRequest request, HttpServletResponse response, - @PathVariable("appId") Long appId, @RequestBody OnboardingApp oldOnboardApp) { + @PathVariable("appId") Long appId, @Valid @RequestBody OnboardingApp oldOnboardApp) { EcompPortalUtils.logAndSerializeObject(logger, "putOnboardAppExternal", "request", oldOnboardApp); PortalRestResponse<String> portalResponse = new PortalRestResponse<>(); + + if (oldOnboardApp != null){ + Validator validator = VALIDATOR_FACTORY.getValidator(); + Set<ConstraintViolation<OnboardingApp>> constraintViolations = validator.validate(oldOnboardApp); + if (!constraintViolations.isEmpty()){ + portalResponse.setStatus(PortalRestStatusEnum.ERROR); + portalResponse.setMessage("Data is not valid"); + return portalResponse; + } + } + // Validate fields. if (oldOnboardApp.id == null || !appId.equals(oldOnboardApp.id)) { portalResponse.setStatus(PortalRestStatusEnum.ERROR); diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/AuditLogController.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/AuditLogController.java index 34090d6b..67d75666 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/AuditLogController.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/AuditLogController.java @@ -88,7 +88,7 @@ public class AuditLogController extends EPRestrictedBaseController { @RequestMapping(value = "/store", method = RequestMethod.GET, produces = "application/json") public void auditLog(HttpServletRequest request, @RequestParam String affectedAppId, @RequestParam String type, @RequestParam String comment) { - logger.debug(EELFLoggerDelegate.debugLogger, "auditLog: appId {}, type {], comment {}", affectedAppId, type, + logger.debug(EELFLoggerDelegate.debugLogger, "auditLog: appId {}, type {}, comment {}", affectedAppId, type, comment); String cd_type = null; try { diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/DashboardSearchResultController.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/DashboardSearchResultController.java index 29f5b20f..04ee5e0b 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/DashboardSearchResultController.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/DashboardSearchResultController.java @@ -45,8 +45,14 @@ import java.util.HashSet; import java.util.List; import java.util.Map; +import java.util.Set; import javax.servlet.http.HttpServletRequest; +import javax.validation.ConstraintViolation; +import javax.validation.Valid; +import javax.validation.Validation; +import javax.validation.Validator; +import javax.validation.ValidatorFactory; import org.onap.portalapp.controller.EPRestrictedBaseController; import org.onap.portalapp.portal.domain.EPUser; import org.onap.portalapp.portal.ecomp.model.PortalRestResponse; @@ -56,6 +62,7 @@ import org.onap.portalapp.portal.service.DashboardSearchService; import org.onap.portalapp.portal.transport.CommonWidget; import org.onap.portalapp.portal.transport.CommonWidgetMeta; import org.onap.portalapp.util.EPUserUtils; +import org.onap.portalapp.validation.SecureString; import org.onap.portalsdk.core.domain.support.CollaborateList; import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; import org.springframework.beans.factory.annotation.Autowired; @@ -68,6 +75,7 @@ import org.springframework.web.bind.annotation.RestController; @RestController @RequestMapping("/portalApi/search") public class DashboardSearchResultController extends EPRestrictedBaseController { + private static final ValidatorFactory VALIDATOR_FACTORY = Validation.buildDefaultValidatorFactory(); private static EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(DashboardSearchResultController.class); @@ -85,8 +93,11 @@ public class DashboardSearchResultController extends EPRestrictedBaseController @RequestMapping(value = "/widgetData", method = RequestMethod.GET, produces = "application/json") public PortalRestResponse<CommonWidgetMeta> getWidgetData(HttpServletRequest request, @RequestParam String resourceType) { - return new PortalRestResponse<CommonWidgetMeta>(PortalRestStatusEnum.OK, "success", - searchService.getWidgetData(resourceType)); + if (stringIsNotSafeHtml(resourceType)) { + return new PortalRestResponse(PortalRestStatusEnum.ERROR, "resourceType: String string is not valid", ""); + } + return new PortalRestResponse<>(PortalRestStatusEnum.OK, "success", + searchService.getWidgetData(resourceType)); } /** @@ -97,19 +108,26 @@ public class DashboardSearchResultController extends EPRestrictedBaseController * @return Rest response wrapped around a String; e.g., "success" or "ERROR" */ @RequestMapping(value = "/widgetDataBulk", method = RequestMethod.POST, produces = "application/json") - public PortalRestResponse<String> saveWidgetDataBulk(@RequestBody CommonWidgetMeta commonWidgetMeta) { + public PortalRestResponse<String> saveWidgetDataBulk(@Valid @RequestBody CommonWidgetMeta commonWidgetMeta) { logger.debug(EELFLoggerDelegate.debugLogger, "saveWidgetDataBulk: argument is {}", commonWidgetMeta); - if (commonWidgetMeta.getCategory() == null || commonWidgetMeta.getCategory().trim().equals("")) - return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, "ERROR", - "Category cannot be null or empty"); + if (commonWidgetMeta.getCategory() == null || commonWidgetMeta.getCategory().trim().equals("")){ + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "ERROR", + "Cateogry cannot be null or empty"); + }else { + Validator validator = VALIDATOR_FACTORY.getValidator(); + Set<ConstraintViolation<CommonWidgetMeta>> constraintViolations = validator.validate(commonWidgetMeta); + if (!constraintViolations.isEmpty()) + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "ERROR", + "Category is not valid"); + } // validate dates for (CommonWidget cw : commonWidgetMeta.getItems()) { String err = validateCommonWidget(cw); if (err != null) - return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, err, null); + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, err, null); } - return new PortalRestResponse<String>(PortalRestStatusEnum.OK, "success", - searchService.saveWidgetDataBulk(commonWidgetMeta)); + return new PortalRestResponse<>(PortalRestStatusEnum.OK, "success", + searchService.saveWidgetDataBulk(commonWidgetMeta)); } /** @@ -120,16 +138,23 @@ public class DashboardSearchResultController extends EPRestrictedBaseController * @return Rest response wrapped around a String; e.g., "success" or "ERROR" */ @RequestMapping(value = "/widgetData", method = RequestMethod.POST, produces = "application/json") - public PortalRestResponse<String> saveWidgetData(@RequestBody CommonWidget commonWidget) { + public PortalRestResponse<String> saveWidgetData(@Valid @RequestBody CommonWidget commonWidget) { logger.debug(EELFLoggerDelegate.debugLogger, "saveWidgetData: argument is {}", commonWidget); - if (commonWidget.getCategory() == null || commonWidget.getCategory().trim().equals("")) - return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, "ERROR", - "Cateogry cannot be null or empty"); + if (commonWidget.getCategory() == null || commonWidget.getCategory().trim().equals("")){ + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "ERROR", + "Category cannot be null or empty"); + }else { + Validator validator = VALIDATOR_FACTORY.getValidator(); + Set<ConstraintViolation<CommonWidget>> constraintViolations = validator.validate(commonWidget); + if (!constraintViolations.isEmpty()) + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "ERROR", + "Category is not valid"); + } String err = validateCommonWidget(commonWidget); if (err != null) - return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, err, null); - return new PortalRestResponse<String>(PortalRestStatusEnum.OK, "success", - searchService.saveWidgetData(commonWidget)); + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, err, null); + return new PortalRestResponse<>(PortalRestStatusEnum.OK, "success", + searchService.saveWidgetData(commonWidget)); } /** @@ -162,10 +187,17 @@ public class DashboardSearchResultController extends EPRestrictedBaseController * @return Rest response wrapped around a String; e.g., "success" or "ERROR" */ @RequestMapping(value = "/deleteData", method = RequestMethod.POST, produces = "application/json") - public PortalRestResponse<String> deleteWidgetData(@RequestBody CommonWidget commonWidget) { + public PortalRestResponse<String> deleteWidgetData(@Valid @RequestBody CommonWidget commonWidget) { + if (commonWidget!=null){ + Validator validator = VALIDATOR_FACTORY.getValidator(); + Set<ConstraintViolation<CommonWidget>> constraintViolations = validator.validate(commonWidget); + if (!constraintViolations.isEmpty()) + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "ERROR", + "CommonWidget is not valid"); + } logger.debug(EELFLoggerDelegate.debugLogger, "deleteWidgetData: argument is {}", commonWidget); - return new PortalRestResponse<String>(PortalRestStatusEnum.OK, "success", - searchService.deleteWidgetData(commonWidget)); + return new PortalRestResponse<>(PortalRestStatusEnum.OK, "success", + searchService.deleteWidgetData(commonWidget)); } /** @@ -185,11 +217,14 @@ public class DashboardSearchResultController extends EPRestrictedBaseController if (user == null) { return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "searchPortal: User object is null? - check logs", - new HashMap<String, List<SearchResultItem>>()); + new HashMap<>()); } else if (searchString == null || searchString.trim().length() == 0) { return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "searchPortal: String string is null", - new HashMap<String, List<SearchResultItem>>()); - } else { + new HashMap<>()); + }else if (stringIsNotSafeHtml(searchString)){ + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "searchPortal: String string is not valid", + new HashMap<>()); + }else { logger.debug(EELFLoggerDelegate.debugLogger, "searchPortal: user {}, search string '{}'", user.getLoginId(), searchString); Map<String, List<SearchResultItem>> results = searchService.searchResults(user.getLoginId(), @@ -199,7 +234,7 @@ public class DashboardSearchResultController extends EPRestrictedBaseController } catch (Exception e) { logger.error(EELFLoggerDelegate.errorLogger, "searchPortal failed", e); return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, e.getMessage() + " - check logs.", - new HashMap<String, List<SearchResultItem>>()); + new HashMap<>()); } } @@ -258,4 +293,13 @@ public class DashboardSearchResultController extends EPRestrictedBaseController } } + private boolean stringIsNotSafeHtml(String string){ + SecureString secureString = new SecureString(string); + + Validator validator = VALIDATOR_FACTORY.getValidator(); + + Set<ConstraintViolation<SecureString>> constraintViolations = validator.validate(secureString); + return !constraintViolations.isEmpty(); + } + } diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/ExternalAppsRestfulController.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/ExternalAppsRestfulController.java index fb0c269b..15ce305d 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/ExternalAppsRestfulController.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/ExternalAppsRestfulController.java @@ -4,6 +4,8 @@ * =================================================================== * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. * =================================================================== + * Modifications Copyright (c) 2019 Samsung + * =================================================================== * * Unless otherwise specified, all software contained herein is licensed * under the Apache License, Version 2.0 (the "License"); @@ -112,11 +114,13 @@ public class ExternalAppsRestfulController extends EPRestrictedRESTfulBaseContro String appKey = request.getHeader("uebkey"); EPApp app = findEpApp(appKey); List<Long> postRoleIds = new ArrayList<Long>(); - for (Long roleId : notificationItem.getRoleIds()) { - EPRole role = epRoleService.getRole(app.getId(), roleId); - if (role != null) - postRoleIds.add(role.getId()); - } + if (app != null) { + for (Long roleId : notificationItem.getRoleIds()) { + EPRole role = epRoleService.getRole(app.getId(), roleId); + if (role != null) + postRoleIds.add(role.getId()); + } + } // --- recreate the user notification object with the POrtal Role Ids EpNotificationItem postItem = new EpNotificationItem(); @@ -151,10 +155,10 @@ public class ExternalAppsRestfulController extends EPRestrictedRESTfulBaseContro try { list = this.getDataAccessService().executeNamedQuery("getMyAppDetailsByUebKey", params, null); } catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger, "getMyAppDetailsByUebKey failed", e); + logger.error(EELFLoggerDelegate.errorLogger, "getMyAppDetailsByUebKey failed", e); } - return (list == null || list.size() == 0) ? null : (EPApp) list.get(0); + return (list == null || list.isEmpty()) ? null : (EPApp) list.get(0); } @ApiOperation(value = "Gets favorite items within the functional menu for the current user.", response = FavoritesFunctionalMenuItemJson.class, responseContainer="List") diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/HealthCheckController.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/HealthCheckController.java index cecbd9bd..6818d505 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/HealthCheckController.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/HealthCheckController.java @@ -123,7 +123,7 @@ public class HealthCheckController extends EPUnRestrictedBaseController { HealthStatus healthStatus = new HealthStatus(500, ""); // Return the status as 500 if it suspended due to manual fail over - if (HealthMonitor.isSuspended) { + if (HealthMonitor.isSuspended()) { healthStatus.body = "Suspended"; response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); MDC.put(EPCommonSystemProperties.RESPONSE_CODE, @@ -171,16 +171,15 @@ public class HealthCheckController extends EPUnRestrictedBaseController { // dbInfo.dbClusterStatus = statusOk; // } - if (!HealthMonitor.isDatabasePermissionsOk()) { + if (!HealthMonitor.isDbPermissionsOk()) { dbInfo.dbPermissions = "Problem, check the logs for more details"; EPLogUtil.logEcompError(logger, EPAppMessagesEnum.BeDaoSystemError); } else { dbInfo.dbPermissions = statusOk; } statusCollection.add(dbInfo); - - org.onap.portalapp.music.util.MusicUtil MusicUtilSDK = new org.onap.portalapp.music.util.MusicUtil(); - if(MusicUtilSDK.isMusicEnable()){ + + if(org.onap.portalapp.music.util.MusicUtil.isMusicEnable()){ HealthStatusInfo CassandraStatusInfo = new HealthStatusInfo("Music-Cassandra"); //CassandraStatusInfo.hostName = EcompPortalUtils.getMyHostName(); CassandraStatusInfo.ipAddress = MusicUtil.getMyCassaHost(); @@ -234,7 +233,7 @@ public class HealthCheckController extends EPUnRestrictedBaseController { public HealthStatus healthCheckSuspend(HttpServletRequest request, HttpServletResponse response) { HealthStatus healthStatus = new HealthStatus(500, "Suspended for manual failover mechanism"); - HealthMonitor.isSuspended = true; + HealthMonitor.setSuspended(true); healthStatus.statusCode = 200; EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/healthCheckSuspend", "GET result =", @@ -248,7 +247,7 @@ public class HealthCheckController extends EPUnRestrictedBaseController { public HealthStatus healthCheckResume(HttpServletRequest request, HttpServletResponse response) { HealthStatus healthStatus = new HealthStatus(500, "Resumed from manual failover mechanism"); - HealthMonitor.isSuspended = false; + HealthMonitor.setSuspended(false); healthStatus.statusCode = 200; EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/healthCheckResume", "GET result =", response.getStatus()); diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/LanguageController.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/LanguageController.java index f3a79285..383e4720 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/LanguageController.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/LanguageController.java @@ -32,7 +32,7 @@ public class LanguageController { @Autowired private LanguageService languageService; - @RequestMapping(value = "/language",method = RequestMethod.GET) + @RequestMapping(value = "/language",method = RequestMethod.GET, produces = "application/json;charset=UTF-8") public JSONObject getLanguageList() { return languageService.getLanguages(); } diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/MicroserviceController.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/MicroserviceController.java index 50eaa600..2f956cc3 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/MicroserviceController.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/MicroserviceController.java @@ -39,9 +39,15 @@ package org.onap.portalapp.portal.controller; import java.util.List; +import java.util.Set; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import javax.validation.ConstraintViolation; +import javax.validation.Valid; +import javax.validation.Validation; +import javax.validation.Validator; +import javax.validation.ValidatorFactory; import org.onap.portalapp.controller.EPRestrictedBaseController; import org.onap.portalapp.portal.domain.MicroserviceData; import org.onap.portalapp.portal.domain.WidgetCatalog; @@ -72,6 +78,7 @@ import org.springframework.web.client.RestTemplate; @EnableAspectJAutoProxy @EPAuditLog public class MicroserviceController extends EPRestrictedBaseController { + public static final ValidatorFactory VALIDATOR_FACTORY = Validation.buildDefaultValidatorFactory(); String whatService = "widgets-service"; RestTemplate template = new RestTemplate(); @@ -84,53 +91,68 @@ public class MicroserviceController extends EPRestrictedBaseController { @RequestMapping(value = { "/portalApi/microservices" }, method = RequestMethod.POST) public PortalRestResponse<String> createMicroservice(HttpServletRequest request, HttpServletResponse response, - @RequestBody MicroserviceData newServiceData) throws Exception { + @Valid @RequestBody MicroserviceData newServiceData) throws Exception { if (newServiceData == null) { - return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, "FAILURE", - "MicroserviceData cannot be null or empty"); + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "FAILURE", + "MicroserviceData cannot be null or empty"); + }else { + Validator validator = VALIDATOR_FACTORY.getValidator(); + + Set<ConstraintViolation<MicroserviceData>> constraintViolations = validator.validate(newServiceData); + if(!constraintViolations.isEmpty()){ + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, + "ERROR", "MicroserviceData is not valid"); + } } long serviceId = microserviceService.saveMicroservice(newServiceData); try { microserviceService.saveServiceParameters(serviceId, newServiceData.getParameterList()); } catch (Exception e) { - return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, "FAILURE", e.getMessage()); + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "FAILURE", e.getMessage()); } - return new PortalRestResponse<String>(PortalRestStatusEnum.OK, "SUCCESS", ""); + return new PortalRestResponse<>(PortalRestStatusEnum.OK, "SUCCESS", ""); } @RequestMapping(value = { "/portalApi/microservices" }, method = RequestMethod.GET) public List<MicroserviceData> getMicroservice(HttpServletRequest request, HttpServletResponse response) throws Exception { - List<MicroserviceData> list = microserviceService.getMicroserviceData(); - return list; + return microserviceService.getMicroserviceData(); } @RequestMapping(value = { "/portalApi/microservices/{serviceId}" }, method = RequestMethod.PUT) public PortalRestResponse<String> updateMicroservice(HttpServletRequest request, HttpServletResponse response, - @PathVariable("serviceId") long serviceId, @RequestBody MicroserviceData newServiceData) throws Exception { + @PathVariable("serviceId") long serviceId, @Valid @RequestBody MicroserviceData newServiceData) { if (newServiceData == null) { - return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, "FAILURE", - "MicroserviceData cannot be null or empty"); + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "FAILURE", + "MicroserviceData cannot be null or empty"); + }else { + Validator validator = VALIDATOR_FACTORY.getValidator(); + + Set<ConstraintViolation<MicroserviceData>> constraintViolations = validator.validate(newServiceData); + if(!constraintViolations.isEmpty()){ + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, + "ERROR", "MicroserviceData is not valid"); + } } try { microserviceService.updateMicroservice(serviceId, newServiceData); } catch (Exception e) { - return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, "FAILURE", e.getMessage()); + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "FAILURE", e.getMessage()); } - return new PortalRestResponse<String>(PortalRestStatusEnum.OK, "SUCCESS", ""); + return new PortalRestResponse<>(PortalRestStatusEnum.OK, "SUCCESS", ""); } @RequestMapping(value = { "/portalApi/microservices/{serviceId}" }, method = RequestMethod.DELETE) public PortalRestResponse<String> deleteMicroservice(HttpServletRequest request, HttpServletResponse response, - @PathVariable("serviceId") long serviceId) throws Exception { + @PathVariable("serviceId") long serviceId) { try { ParameterizedTypeReference<List<WidgetCatalog>> typeRef = new ParameterizedTypeReference<List<WidgetCatalog>>() { }; // If this service is assoicated with widgets, cannnot be deleted - ResponseEntity<List<WidgetCatalog>> ans = (ResponseEntity<List<WidgetCatalog>>) template.exchange( + ResponseEntity<List<WidgetCatalog>> ans = template.exchange( EcompPortalUtils.widgetMsProtocol() + "://" + consulHealthService.getServiceLocation(whatService, SystemProperties.getProperty("microservices.widget.local.port")) + "/widget/microservices/widgetCatalog/service/" + serviceId, HttpMethod.GET, new HttpEntity(WidgetServiceHeaders.getInstance()), typeRef); @@ -140,17 +162,18 @@ public class MicroserviceController extends EPRestrictedBaseController { else{ StringBuilder sb = new StringBuilder(); for(int i = 0; i < widgets.size(); i++){ - sb.append("'" + widgets.get(i).getName() + "' "); + sb.append("'").append(widgets.get(i).getName()).append("' "); if(i < (widgets.size()-1)){ sb.append(","); } } - return new PortalRestResponse<String>(PortalRestStatusEnum.WARN, "SOME WIDGETS ASSOICATE WITH THIS SERVICE", sb.toString()); + return new PortalRestResponse<>(PortalRestStatusEnum.WARN, "SOME WIDGETS ASSOICATE WITH THIS SERVICE", + sb.toString()); } } catch (Exception e) { - return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, "FAILURE", e.getMessage()); + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "FAILURE", e.getMessage()); } - return new PortalRestResponse<String>(PortalRestStatusEnum.OK, "SUCCESS", ""); + return new PortalRestResponse<>(PortalRestStatusEnum.OK, "SUCCESS", ""); } } diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/RoleManageController.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/RoleManageController.java index c6849cd8..b50d1cf4 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/RoleManageController.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/RoleManageController.java @@ -4,6 +4,8 @@ * =================================================================== * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. * =================================================================== + * Modifications Copyright (c) 2019 Samsung + * =================================================================== * * Unless otherwise specified, all software contained herein is licensed * under the Apache License, Version 2.0 (the "License"); @@ -48,6 +50,11 @@ import java.util.TreeSet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import javax.validation.ConstraintViolation; +import javax.validation.Valid; +import javax.validation.Validation; +import javax.validation.Validator; +import javax.validation.ValidatorFactory; import org.apache.commons.lang.StringUtils; import org.json.JSONObject; import org.onap.portalapp.controller.EPRestrictedBaseController; @@ -77,6 +84,7 @@ import org.onap.portalapp.portal.utils.EPCommonSystemProperties; import org.onap.portalapp.portal.utils.EcompPortalUtils; import org.onap.portalapp.portal.utils.PortalConstants; import org.onap.portalapp.util.EPUserUtils; +import org.onap.portalapp.validation.SecureString; import org.onap.portalsdk.core.domain.AuditLog; import org.onap.portalsdk.core.domain.Role; import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; @@ -109,6 +117,8 @@ import com.fasterxml.jackson.databind.type.TypeFactory; @EnableAspectJAutoProxy @EPAuditLog public class RoleManageController extends EPRestrictedBaseController { + private static final ValidatorFactory VALIDATOR_FACTORY = Validation.buildDefaultValidatorFactory(); + private static final String PIPE = "|"; private static final String ROLE_INVALID_CHARS = "%=():,\"\""; @@ -120,37 +130,36 @@ public class RoleManageController extends EPRestrictedBaseController { @Autowired private RoleListController roleListController; - + @Autowired private EPAppService appService; @Autowired private AuditService auditService; - + @Autowired private ExternalAccessRolesService externalAccessRolesService; - - + @Autowired private AdminRolesService adminRolesService; /** * Calls an SDK-Core library method that gets the available roles and writes - * them to the request object. Portal specifies a Hibernate mappings from - * the Role class to the fn_role_v view, which ensures that only Portal - * (app_id is null) roles are fetched. + * them to the request object. Portal specifies a Hibernate mappings from the + * Role class to the fn_role_v view, which ensures that only Portal (app_id is + * null) roles are fetched. * - * Any method declared void (no return value) or returning null causes the - * audit log aspect method to declare failure. TODO: should return a JSON - * string. + * Any method declared void (no return value) or returning null causes the audit + * log aspect method to declare failure. TODO: should return a JSON string. * * @param request * @param response - * @throws Exception + * @throws Exception */ - + @RequestMapping(value = { "/portalApi/get_roles/{appId}" }, method = RequestMethod.GET) - public void getRoles(HttpServletRequest request, HttpServletResponse response, @PathVariable("appId") Long appId) throws Exception { + public void getRoles(HttpServletRequest request, HttpServletResponse response, @PathVariable("appId") Long appId) + throws Exception { try { EPUser user = EPUserUtils.getUserSession(request); EPApp requestedApp = appService.getApp(appId); @@ -176,12 +185,10 @@ public class RoleManageController extends EPRestrictedBaseController { logger.error(EELFLoggerDelegate.errorLogger, "getRoles failed", e); } } - - @RequestMapping(value = { "/portalApi/role_list/toggleRole/{appId}/{roleId}" }, method = RequestMethod.POST) - public Map<String, Object> toggleRole(HttpServletRequest request, HttpServletResponse response, @PathVariable("appId") Long appId, - @PathVariable("roleId") Long roleId) throws Exception { + public Map<String, Object> toggleRole(HttpServletRequest request, HttpServletResponse response, + @PathVariable("appId") Long appId, @PathVariable("roleId") Long roleId) throws Exception { EPApp requestedApp = null; String restcallStatus = null; HashMap<String, Object> responseMap = new HashMap<>(); @@ -222,10 +229,10 @@ public class RoleManageController extends EPRestrictedBaseController { } return responseMap; } - + @RequestMapping(value = { "/portalApi/role_list/removeRole/{appId}/{roleId}" }, method = RequestMethod.POST) - public Map<String, Object> removeRole(HttpServletRequest request, HttpServletResponse response, @PathVariable("appId") Long appId, - @PathVariable("roleId") Long roleId) throws Exception { + public Map<String, Object> removeRole(HttpServletRequest request, HttpServletResponse response, + @PathVariable("appId") Long appId, @PathVariable("roleId") Long roleId) throws Exception { EPUser user = EPUserUtils.getUserSession(request); EPApp requestedApp = null; @@ -288,7 +295,7 @@ public class RoleManageController extends EPRestrictedBaseController { } return responseMap; } - + @RequestMapping(value = { "/portalApi/role/saveRole/{appId}" }, method = RequestMethod.POST) public Map<String, Object> saveRole(HttpServletRequest request, HttpServletResponse response, @PathVariable("appId") Long appId) throws Exception { @@ -343,9 +350,13 @@ public class RoleManageController extends EPRestrictedBaseController { throw new InvalidRoleException("Invalid role function type:" + roleFunction.getType() + " and action: " + roleFunction.getAction() + " found while saving!"); } - roleFunction.setCode(externalAccessRolesService.encodeFunctionCode(roleFunction.getCode())); - roleFunction.setCode(roleFunction.getType() + PIPE + roleFunction.getCode() + PIPE - + roleFunction.getAction()); + if (EcompPortalUtils.checkFunctionCodeHasEncodePattern(roleFunction.getCode())) + roleFunction.setCode(roleFunction.getType() + PIPE + + EcompPortalUtils.encodeFunctionCode(roleFunction.getCode()) + PIPE + + roleFunction.getAction()); + else + roleFunction.setCode(roleFunction.getType() + PIPE + roleFunction.getCode() + PIPE + + roleFunction.getAction()); domainRole.addRoleFunction((CentralV2RoleFunction) roleFunction); } } else { @@ -434,29 +445,29 @@ public class RoleManageController extends EPRestrictedBaseController { @PathVariable("roleId") Long roleId) throws Exception { try { EPUser user = EPUserUtils.getUserSession(request); - ObjectMapper mapper = new ObjectMapper(); - EPApp requestedApp = appService.getApp(appId); - if (isAuthorizedUser(user, requestedApp)) { - fieldsValidation(requestedApp); - if (requestedApp.getCentralAuth()) { - CentralV2Role answer = externalAccessRolesService.getRoleInfo(roleId, requestedApp.getUebKey()); - logger.info(EELFLoggerDelegate.applicationLogger, "role_id" + roleId); - Map<String, Object> model = new HashMap<>(); - model.put("availableRoleFunctions", mapper.writeValueAsString( - externalAccessRolesService.getRoleFuncList(requestedApp.getUebKey()))); - model.put("availableRoles", - mapper.writeValueAsString(getAvailableChildRoles(requestedApp.getUebKey(), roleId))); - model.put("role", mapper.writeValueAsString(answer)); - JsonMessage msg = new JsonMessage(mapper.writeValueAsString(model)); - JSONObject j = new JSONObject(msg); - response.getWriter().write(j.toString()); - } else - throw new NonCentralizedAppException(requestedApp.getName()); - } else { - logger.info(EELFLoggerDelegate.auditLogger, - "RoleManageController.getRoleFunctionList, Unauthorized user"); - SendErrorForUnauthorizedUser(response, user); - } + ObjectMapper mapper = new ObjectMapper(); + EPApp requestedApp = appService.getApp(appId); + if (isAuthorizedUser(user, requestedApp)) { + fieldsValidation(requestedApp); + if (requestedApp.getCentralAuth()) { + CentralV2Role answer = externalAccessRolesService.getRoleInfo(roleId, requestedApp.getUebKey()); + logger.info(EELFLoggerDelegate.applicationLogger, "role_id" + roleId); + Map<String, Object> model = new HashMap<>(); + model.put("availableRoleFunctions", mapper + .writeValueAsString(externalAccessRolesService.getRoleFuncList(requestedApp.getUebKey()))); + model.put("availableRoles", + mapper.writeValueAsString(getAvailableChildRoles(requestedApp.getUebKey(), roleId))); + model.put("role", mapper.writeValueAsString(answer)); + JsonMessage msg = new JsonMessage(mapper.writeValueAsString(model)); + JSONObject j = new JSONObject(msg); + response.getWriter().write(j.toString()); + } else + throw new NonCentralizedAppException(requestedApp.getName()); + } else { + logger.info(EELFLoggerDelegate.auditLogger, + "RoleManageController.getRoleFunctionList, Unauthorized user"); + SendErrorForUnauthorizedUser(response, user); + } } catch (Exception e) { logger.error(EELFLoggerDelegate.errorLogger, "getRole failed", e); throw e; @@ -468,26 +479,26 @@ public class RoleManageController extends EPRestrictedBaseController { @PathVariable("appId") Long appId) throws Exception { try { EPUser user = EPUserUtils.getUserSession(request); - EPApp requestedApp = appService.getApp(appId); - if (isAuthorizedUser(user, requestedApp)) { - fieldsValidation(requestedApp); - if (requestedApp.getCentralAuth()) { - List<CentralV2RoleFunction> answer = null; - Map<String, Object> model = new HashMap<>(); - ObjectMapper mapper = new ObjectMapper(); - answer = externalAccessRolesService.getRoleFuncList(requestedApp.getUebKey()); - model.put("availableRoleFunctions", answer); - JsonMessage msg = new JsonMessage(mapper.writeValueAsString(model)); - JSONObject j = new JSONObject(msg); - response.getWriter().write(j.toString()); - } else - throw new NonCentralizedAppException(requestedApp.getName()); - } else { - logger.info(EELFLoggerDelegate.auditLogger, - "RoleManageController.getRoleFunctionList, Unauthorized user"); - EcompPortalUtils.setBadPermissions(user, response, "createAdmin"); - response.getWriter().write("Unauthorized User"); - } + EPApp requestedApp = appService.getApp(appId); + if (isAuthorizedUser(user, requestedApp)) { + fieldsValidation(requestedApp); + if (requestedApp.getCentralAuth()) { + List<CentralV2RoleFunction> answer = null; + Map<String, Object> model = new HashMap<>(); + ObjectMapper mapper = new ObjectMapper(); + answer = externalAccessRolesService.getRoleFuncList(requestedApp.getUebKey()); + model.put("availableRoleFunctions", answer); + JsonMessage msg = new JsonMessage(mapper.writeValueAsString(model)); + JSONObject j = new JSONObject(msg); + response.getWriter().write(j.toString()); + } else + throw new NonCentralizedAppException(requestedApp.getName()); + } else { + logger.info(EELFLoggerDelegate.auditLogger, + "RoleManageController.getRoleFunctionList, Unauthorized user"); + EcompPortalUtils.setBadPermissions(user, response, "createAdmin"); + response.getWriter().write("Unauthorized User"); + } } catch (Exception e) { logger.error(EELFLoggerDelegate.errorLogger, "getRoleFunctionList failed", e); throw e; @@ -495,8 +506,17 @@ public class RoleManageController extends EPRestrictedBaseController { } @RequestMapping(value = { "/portalApi/role_function_list/saveRoleFunction/{appId}" }, method = RequestMethod.POST) - public PortalRestResponse<String> saveRoleFunction(HttpServletRequest request, HttpServletResponse response, @RequestBody CentralV2RoleFunction roleFunc, + public PortalRestResponse<String> saveRoleFunction(HttpServletRequest request, HttpServletResponse response, @Valid @RequestBody CentralV2RoleFunction roleFunc, @PathVariable("appId") Long appId) throws Exception { + if (roleFunc!=null) { + Validator validator = VALIDATOR_FACTORY.getValidator(); + Set<ConstraintViolation<CentralV2RoleFunction>> constraintViolations = validator.validate(roleFunc); + + if(!constraintViolations.isEmpty()){ + logger.error(EELFLoggerDelegate.errorLogger, "saveRoleFunction: Failed"); + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "Data is not valid", "ERROR"); + } + } EPUser user = EPUserUtils.getUserSession(request); boolean saveOrUpdateResponse = false; try { @@ -504,13 +524,14 @@ public class RoleManageController extends EPRestrictedBaseController { if (isAuthorizedUser(user, requestedApp)) { fieldsValidation(requestedApp); if (requestedApp.getCentralAuth()) { - String code = roleFunc.getType()+PIPE+roleFunc.getCode()+PIPE+roleFunc.getAction(); + String code = roleFunc.getType() + PIPE + roleFunc.getCode() + PIPE + roleFunc.getAction(); CentralV2RoleFunction domainRoleFunction = externalAccessRolesService.getRoleFunction(code, requestedApp.getUebKey()); - if(domainRoleFunction != null && (domainRoleFunction.getType() == null || domainRoleFunction.getAction() == null)) { + if (domainRoleFunction != null + && (domainRoleFunction.getType() == null || domainRoleFunction.getAction() == null)) { addIfTypeActionDoesNotExits(domainRoleFunction); } - boolean isSave = true; + boolean isSave = true; if (domainRoleFunction != null && domainRoleFunction.getCode().equals(roleFunc.getCode()) && domainRoleFunction.getType().equals(roleFunc.getType()) && domainRoleFunction.getAction().equals(roleFunc.getAction())) { @@ -526,16 +547,14 @@ public class RoleManageController extends EPRestrictedBaseController { if (saveOrUpdateResponse) { EPUser requestedUser = externalAccessRolesService.getUser(user.getOrgUserId()).get(0); EPApp app = externalAccessRolesService.getApp(requestedApp.getUebKey()).get(0); - String activityCode = (isSave) - ? EcompAuditLog.CD_ACTIVITY_EXTERNAL_AUTH_ADD_FUNCTION + String activityCode = (isSave) ? EcompAuditLog.CD_ACTIVITY_EXTERNAL_AUTH_ADD_FUNCTION : EcompAuditLog.CD_ACTIVITY_EXTERNAL_AUTH_UPDATE_FUNCTION; logExterlaAuthRoleFunctionActivity(code, requestedUser, app, activityCode); } } else throw new NonCentralizedAppException(requestedApp.getName() + " is not Centralized Application"); } else { - logger.info(EELFLoggerDelegate.auditLogger, - "RoleManageController.saveRoleFunction, Unauthorized user"); + logger.info(EELFLoggerDelegate.auditLogger, "RoleManageController.saveRoleFunction, Unauthorized user"); EcompPortalUtils.setBadPermissions(user, response, "createAdmin"); return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "Unauthorized User", "Failure"); } @@ -545,35 +564,29 @@ public class RoleManageController extends EPRestrictedBaseController { } return new PortalRestResponse<>(PortalRestStatusEnum.OK, "Saved Successfully!", "Success"); } - + private void logExterlaAuthRoleFunctionActivity(String code, EPUser requestedUser, EPApp app, String activityCode) { - logger.info(EELFLoggerDelegate.applicationLogger, - "saveRoleFunction: succeeded for app {}, function {}", app.getId(), code); + logger.info(EELFLoggerDelegate.applicationLogger, "saveRoleFunction: succeeded for app {}, function {}", + app.getId(), code); AuditLog auditLog = getAuditInfo(requestedUser, activityCode); - auditLog.setComments(EcompPortalUtils.truncateString("saveRoleFunction role for app:" - + app.getId() + " and function:'" + code + "'", + auditLog.setComments(EcompPortalUtils.truncateString( + "saveRoleFunction role for app:" + app.getId() + " and function:'" + code + "'", PortalConstants.AUDIT_LOG_COMMENT_SIZE)); auditService.logActivity(auditLog, null); - MDC.put(EPCommonSystemProperties.AUDITLOG_BEGIN_TIMESTAMP, - EPEELFLoggerAdvice.getCurrentDateTimeUTC()); - MDC.put(EPCommonSystemProperties.AUDITLOG_END_TIMESTAMP, - EPEELFLoggerAdvice.getCurrentDateTimeUTC()); - EcompPortalUtils.calculateDateTimeDifferenceForLog( - MDC.get(EPCommonSystemProperties.AUDITLOG_BEGIN_TIMESTAMP), + MDC.put(EPCommonSystemProperties.AUDITLOG_BEGIN_TIMESTAMP, EPEELFLoggerAdvice.getCurrentDateTimeUTC()); + MDC.put(EPCommonSystemProperties.AUDITLOG_END_TIMESTAMP, EPEELFLoggerAdvice.getCurrentDateTimeUTC()); + EcompPortalUtils.calculateDateTimeDifferenceForLog(MDC.get(EPCommonSystemProperties.AUDITLOG_BEGIN_TIMESTAMP), MDC.get(EPCommonSystemProperties.AUDITLOG_END_TIMESTAMP)); logger.info(EELFLoggerDelegate.auditLogger, EPLogUtil.formatAuditLogMessage("RoleManageController.saveRoleFunction", activityCode, - String.valueOf(requestedUser.getId()), requestedUser.getOrgUserId(), - code)); + String.valueOf(requestedUser.getId()), requestedUser.getOrgUserId(), code)); MDC.remove(EPCommonSystemProperties.AUDITLOG_BEGIN_TIMESTAMP); MDC.remove(EPCommonSystemProperties.AUDITLOG_END_TIMESTAMP); MDC.remove(SystemProperties.MDC_TIMER); } - - private void addIfTypeActionDoesNotExits(CentralV2RoleFunction domainRoleFunction) { - if(domainRoleFunction.getCode().contains(PIPE)) { + if (domainRoleFunction.getCode().contains(PIPE)) { String newfunctionCodeFormat = EcompPortalUtils.getFunctionCode(domainRoleFunction.getCode()); String newfunctionTypeFormat = EcompPortalUtils.getFunctionType(domainRoleFunction.getCode()); String newfunctionActionFormat = EcompPortalUtils.getFunctionAction(domainRoleFunction.getCode()); @@ -592,6 +605,19 @@ public class RoleManageController extends EPRestrictedBaseController { public PortalRestResponse<String> removeRoleFunction(HttpServletRequest request, HttpServletResponse response, @RequestBody String roleFunc, @PathVariable("appId") Long appId) throws Exception { EPUser user = EPUserUtils.getUserSession(request); + + if (roleFunc!=null) { + SecureString secureString = new SecureString(roleFunc); + + Validator validator = VALIDATOR_FACTORY.getValidator(); + Set<ConstraintViolation<SecureString>> constraintViolations = validator.validate(secureString); + + if(!constraintViolations.isEmpty()){ + logger.error(EELFLoggerDelegate.errorLogger, "removeRoleFunction: Failed"); + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "Data is not valid", "ERROR"); + } + } + try { EPApp requestedApp = appService.getApp(appId); if (isAuthorizedUser(user, requestedApp)) { @@ -654,18 +680,30 @@ public class RoleManageController extends EPRestrictedBaseController { @RequestMapping(value = { "/portalApi/centralizedApps" }, method = RequestMethod.GET) public List<CentralizedApp> getCentralizedAppRoles(HttpServletRequest request, HttpServletResponse response, String userId) throws IOException { + if(userId!=null) { + SecureString secureString = new SecureString(userId); + + Validator validator = VALIDATOR_FACTORY.getValidator(); + Set<ConstraintViolation<SecureString>> constraintViolations = validator.validate(secureString); + + if(!constraintViolations.isEmpty()){ + logger.error(EELFLoggerDelegate.errorLogger, "removeRoleFunction: Failed"); + return null; + } + } EPUser user = EPUserUtils.getUserSession(request); List<CentralizedApp> applicationsList = null; - if (adminRolesService.isAccountAdmin(user) || adminRolesService.isSuperAdmin(user) || adminRolesService.isRoleAdmin(user)) { - applicationsList = externalAccessRolesService.getCentralizedAppsOfUser(userId); - } else { - logger.info(EELFLoggerDelegate.auditLogger, - "RoleManageController.getCentralizedAppRoles, Unauthorized user"); - EcompPortalUtils.setBadPermissions(user, response, "createAdmin"); - } + if (adminRolesService.isAccountAdmin(user) || adminRolesService.isSuperAdmin(user) + || adminRolesService.isRoleAdmin(user)) { + applicationsList = externalAccessRolesService.getCentralizedAppsOfUser(userId); + } else { + logger.info(EELFLoggerDelegate.auditLogger, + "RoleManageController.getCentralizedAppRoles, Unauthorized user"); + EcompPortalUtils.setBadPermissions(user, response, "createAdmin"); + } return applicationsList; } - + public RoleListController getRoleListController() { return roleListController; } @@ -682,7 +720,6 @@ public class RoleManageController extends EPRestrictedBaseController { this.roleController = roleController; } - @RequestMapping(value = { "/portalApi/syncRoles" }, method = RequestMethod.POST, produces = "application/json") public PortalRestResponse<String> syncRoles(HttpServletRequest request, HttpServletResponse response, @RequestBody Long appId) { @@ -694,7 +731,7 @@ public class RoleManageController extends EPRestrictedBaseController { externalAccessRolesService.syncApplicationRolesWithEcompDB(app); } else { logger.info(EELFLoggerDelegate.auditLogger, - "RoleManageController.syncRoles, Unauthorized user:" + user.getOrgUserId()); + "RoleManageController.syncRoles, Unauthorized user:{}", user != null ? user.getOrgUserId() : ""); EcompPortalUtils.setBadPermissions(user, response, "createAdmin"); return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "Unauthorized User", "Failure"); } @@ -704,7 +741,7 @@ public class RoleManageController extends EPRestrictedBaseController { } return new PortalRestResponse<>(PortalRestStatusEnum.OK, "Sync roles completed successfully!", "Success"); } - + @RequestMapping(value = { "/portalApi/syncFunctions" }, method = RequestMethod.POST, produces = "application/json") public PortalRestResponse<String> syncFunctions(HttpServletRequest request, HttpServletResponse response, @RequestBody Long appId) { @@ -713,10 +750,10 @@ public class RoleManageController extends EPRestrictedBaseController { EPApp app = appService.getApp(appId); if (isAuthorizedUser(user, app)) { fieldsValidation(app); - externalAccessRolesService.syncRoleFunctionFromExternalAccessSystem(app);; + externalAccessRolesService.syncRoleFunctionFromExternalAccessSystem(app); } else { logger.info(EELFLoggerDelegate.auditLogger, - "RoleManageController.syncFunctions, Unauthorized user:" + user.getOrgUserId()); + "RoleManageController.syncFunctions, Unauthorized user:{}", user != null ? user.getOrgUserId() : ""); EcompPortalUtils.setBadPermissions(user, response, "createAdmin"); return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "Unauthorized User", "Failure"); } @@ -754,30 +791,30 @@ public class RoleManageController extends EPRestrictedBaseController { } return allParentRoles; } - - public AuditLog getAuditInfo(EPUser user, String activityCode) - { + + public AuditLog getAuditInfo(EPUser user, String activityCode) { AuditLog auditLog = new AuditLog(); auditLog.setUserId(user.getId()); auditLog.setActivityCode(activityCode); auditLog.setAffectedRecordId(user.getOrgUserId()); - + return auditLog; } - - private void fieldsValidation(EPApp app) throws Exception{ + + private void fieldsValidation(EPApp app) throws Exception { app.getUebKey(); List<EPApp> appInfo = externalAccessRolesService.getApp(app.getUebKey()); - if(appInfo.isEmpty()){ + if (appInfo.isEmpty()) { throw new InvalidApplicationException("Invalid credentials"); } - if(!appInfo.isEmpty() && EcompPortalUtils.checkIfRemoteCentralAccessAllowed() && appInfo.get(0).getCentralAuth()){ + if (!appInfo.isEmpty() && EcompPortalUtils.checkIfRemoteCentralAccessAllowed() + && appInfo.get(0).getCentralAuth()) { ResponseEntity<String> response = externalAccessRolesService.getNameSpaceIfExists(appInfo.get(0)); if (response.getStatusCode().value() == HttpServletResponse.SC_NOT_FOUND) throw new InvalidApplicationException("Invalid NameSpace"); } } - + private boolean isAuthorizedUser(EPUser user, EPApp requestedApp) { if (user != null && (adminRolesService.isAccountAdminOfApplication(user, requestedApp) || (adminRolesService.isSuperAdmin(user) && requestedApp.getId() == PortalConstants.PORTAL_APP_ID))) @@ -789,8 +826,9 @@ public class RoleManageController extends EPRestrictedBaseController { EcompPortalUtils.setBadPermissions(user, response, "createAdmin"); response.getWriter().write("Unauthorized User"); } - - @RequestMapping(value = { "/portalApi/uploadRoleFunction/{appId}" }, method = RequestMethod.POST, produces = "application/json") + + @RequestMapping(value = { + "/portalApi/uploadRoleFunction/{appId}" }, method = RequestMethod.POST, produces = "application/json") public PortalRestResponse<String> bulkUploadRoleFunc(HttpServletRequest request, HttpServletResponse response, @RequestBody UploadRoleFunctionExtSystem data, @PathVariable("appId") Long appId) { EPUser user = EPUserUtils.getUserSession(request); @@ -799,12 +837,13 @@ public class RoleManageController extends EPRestrictedBaseController { if (isAuthorizedUser(user, app)) { fieldsValidation(app); externalAccessRolesService.bulkUploadRoleFunc(data, app); - String activityCode = EcompAuditLog.CD_ACTIVITY_EXTERNAL_AUTH_UPDATE_ROLE_AND_FUNCTION; - String code = data.getName()+","+data.getType()+ PIPE + data.getInstance() + PIPE + data.getAction(); - logExterlaAuthRoleFunctionActivity(code , user, app, activityCode); + String activityCode = EcompAuditLog.CD_ACTIVITY_EXTERNAL_AUTH_UPDATE_ROLE_AND_FUNCTION; + String code = data.getName() + "," + data.getType() + PIPE + data.getInstance() + PIPE + + data.getAction(); + logExterlaAuthRoleFunctionActivity(code, user, app, activityCode); } else { logger.info(EELFLoggerDelegate.auditLogger, - "RoleManageController.syncRoles, Unauthorized user:" + user.getOrgUserId()); + "RoleManageController.syncRoles, Unauthorized user:{}", user != null ? user.getOrgUserId() : ""); EcompPortalUtils.setBadPermissions(user, response, "createAdmin"); return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "Unauthorized User", "Failure"); } diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/SchedulerController.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/SchedulerController.java index 0be83c97..af34176c 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/SchedulerController.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/SchedulerController.java @@ -41,7 +41,9 @@ import java.text.DateFormat; import java.text.SimpleDateFormat; import java.util.Date; import java.util.HashMap; +import java.util.List; import java.util.Map; +import java.util.Set; import java.util.UUID; import javax.servlet.http.HttpServletRequest; @@ -49,8 +51,10 @@ import javax.servlet.http.HttpServletResponse; import org.json.simple.JSONObject; import org.onap.portalapp.controller.EPRestrictedBaseController; +import org.onap.portalapp.portal.domain.EPUser; import org.onap.portalapp.portal.ecomp.model.PortalRestResponse; import org.onap.portalapp.portal.ecomp.model.PortalRestStatusEnum; +import org.onap.portalapp.portal.exceptions.RoleFunctionException; import org.onap.portalapp.portal.logging.aop.EPAuditLog; import org.onap.portalapp.portal.logging.logic.EPLogUtil; import org.onap.portalapp.portal.scheduler.SchedulerProperties; @@ -62,8 +66,11 @@ import org.onap.portalapp.portal.scheduler.restobjects.PostSubmitVnfChangeRestOb import org.onap.portalapp.portal.scheduler.wrapper.GetTimeSlotsWrapper; import org.onap.portalapp.portal.scheduler.wrapper.PostCreateNewVnfWrapper; import org.onap.portalapp.portal.scheduler.wrapper.PostSubmitVnfChangeTimeSlotsWrapper; +import org.onap.portalapp.portal.service.AdminRolesService; import org.onap.portalapp.portal.utils.PortalConstants; +import org.onap.portalapp.util.EPUserUtils; import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; +import org.onap.portalsdk.core.service.DataAccessService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.EnableAspectJAutoProxy; @@ -84,6 +91,9 @@ public class SchedulerController extends EPRestrictedBaseController { @Autowired private SchedulerRestInterface schedulerRestController; + + @Autowired + private AdminRolesService adminRolesService; private static EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(SchedulerController.class); @@ -93,33 +103,36 @@ public class SchedulerController extends EPRestrictedBaseController { @RequestMapping(value = "/get_time_slots/{scheduler_request}", method = RequestMethod.GET, produces = "application/json") public ResponseEntity<String> getTimeSlots(HttpServletRequest request, @PathVariable("scheduler_request") String scheduler_request) throws Exception { - try { - - Date startingTime = new Date(); - String startTimeRequest = requestDateFormat.format(startingTime); - logger.debug(EELFLoggerDelegate.debugLogger, "Controller Scheduler GET Timeslots for startTimeRequest: ", - startTimeRequest); - logger.debug(EELFLoggerDelegate.debugLogger, "Original Request = {} ", scheduler_request); - - String path = SchedulerProperties.getProperty(SchedulerProperties.SCHEDULER_GET_TIME_SLOTS) - + scheduler_request; - - GetTimeSlotsWrapper schedulerResWrapper = getTimeSlots(scheduler_request, path, scheduler_request); - - Date endTime = new Date(); - String endTimeRequest = requestDateFormat.format(endTime); - logger.debug(EELFLoggerDelegate.debugLogger, "Controller Scheduler - GET for EndTimeRequest = {}", - endTimeRequest); - return (new ResponseEntity<String>(schedulerResWrapper.getResponse(), - HttpStatus.valueOf(schedulerResWrapper.getStatus()))); - } catch (Exception e) { - GetTimeSlotsWrapper schedulerResWrapper=new GetTimeSlotsWrapper(); - schedulerResWrapper.setStatus(HttpStatus.INTERNAL_SERVER_ERROR.value()); - schedulerResWrapper.setEntity(e.getMessage()); - logger.error(EELFLoggerDelegate.errorLogger, "Exception with getTimeslots", e); - return (new ResponseEntity<String>(schedulerResWrapper.getResponse(), HttpStatus.INTERNAL_SERVER_ERROR)); + if (checkIfUserISValidToMakeSchedule(request)) { + try { + Date startingTime = new Date(); + String startTimeRequest = requestDateFormat.format(startingTime); + logger.debug(EELFLoggerDelegate.debugLogger, + "Controller Scheduler GET Timeslots for startTimeRequest: ", startTimeRequest); + logger.debug(EELFLoggerDelegate.debugLogger, "Original Request = {} ", scheduler_request); + + String path = SchedulerProperties.getProperty(SchedulerProperties.SCHEDULER_GET_TIME_SLOTS) + + scheduler_request; + + GetTimeSlotsWrapper schedulerResWrapper = getTimeSlots(scheduler_request, path, scheduler_request); + + Date endTime = new Date(); + String endTimeRequest = requestDateFormat.format(endTime); + logger.debug(EELFLoggerDelegate.debugLogger, "Controller Scheduler - GET for EndTimeRequest = {}", + endTimeRequest); + return (new ResponseEntity<String>(schedulerResWrapper.getResponse(), + HttpStatus.valueOf(schedulerResWrapper.getStatus()))); + } catch (Exception e) { + GetTimeSlotsWrapper schedulerResWrapper = new GetTimeSlotsWrapper(); + schedulerResWrapper.setStatus(HttpStatus.INTERNAL_SERVER_ERROR.value()); + schedulerResWrapper.setEntity(e.getMessage()); + logger.error(EELFLoggerDelegate.errorLogger, "Exception with getTimeslots", e); + return (new ResponseEntity<String>(schedulerResWrapper.getResponse(), + HttpStatus.INTERNAL_SERVER_ERROR)); + } + }else{ + return (new ResponseEntity<String>("User is unauthorized to make this call", HttpStatus.UNAUTHORIZED)); } - } protected GetTimeSlotsWrapper getTimeSlots(String request, String path, String uuid) throws Exception { @@ -157,41 +170,45 @@ public class SchedulerController extends EPRestrictedBaseController { @RequestMapping(value = "/post_create_new_vnf_change", method = RequestMethod.POST, produces = "application/json") public ResponseEntity<String> postCreateNewVNFChange(HttpServletRequest request, @RequestBody JSONObject scheduler_request) throws Exception { - try { - Date startingTime = new Date(); - String startTimeRequest = requestDateFormat.format(startingTime); + if (checkIfUserISValidToMakeSchedule(request)) { + try { + Date startingTime = new Date(); + String startTimeRequest = requestDateFormat.format(startingTime); - logger.debug(EELFLoggerDelegate.debugLogger, "Controller Scheduler POST : post_create_new_vnf_change", - startTimeRequest); + logger.debug(EELFLoggerDelegate.debugLogger, "Controller Scheduler POST : post_create_new_vnf_change", + startTimeRequest); - // Generating uuid - String uuid = UUID.randomUUID().toString(); + // Generating uuid + String uuid = UUID.randomUUID().toString(); - scheduler_request.put("scheduleId", uuid); - logger.debug(EELFLoggerDelegate.debugLogger, "UUID = {} ", uuid); + scheduler_request.put("scheduleId", uuid); + logger.debug(EELFLoggerDelegate.debugLogger, "UUID = {} ", uuid); - // adding uuid to the request payload - scheduler_request.put("scheduleId", uuid); - logger.debug(EELFLoggerDelegate.debugLogger, "Original Request = {}", scheduler_request.toString()); + // adding uuid to the request payload + scheduler_request.put("scheduleId", uuid); + logger.debug(EELFLoggerDelegate.debugLogger, "Original Request = {}", scheduler_request.toString()); - String path = SchedulerProperties - .getProperty(SchedulerProperties.SCHEDULER_CREATE_NEW_VNF_CHANGE_INSTANCE_VAL) + uuid; + String path = SchedulerProperties + .getProperty(SchedulerProperties.SCHEDULER_CREATE_NEW_VNF_CHANGE_INSTANCE_VAL) + uuid; - PostCreateNewVnfWrapper responseWrapper = postSchedulingRequest(scheduler_request, path, uuid); + PostCreateNewVnfWrapper responseWrapper = postSchedulingRequest(scheduler_request, path, uuid); - Date endTime = new Date(); - String endTimeRequest = requestDateFormat.format(endTime); - logger.debug(EELFLoggerDelegate.debugLogger, "Controller Scheduler - POST= {}", endTimeRequest); + Date endTime = new Date(); + String endTimeRequest = requestDateFormat.format(endTime); + logger.debug(EELFLoggerDelegate.debugLogger, "Controller Scheduler - POST= {}", endTimeRequest); - return new ResponseEntity<String>(responseWrapper.getResponse(), - HttpStatus.valueOf(responseWrapper.getStatus())); - } catch (Exception e) { - PostCreateNewVnfWrapper responseWrapper=new PostCreateNewVnfWrapper(); - responseWrapper.setStatus(HttpStatus.INTERNAL_SERVER_ERROR.value()); - responseWrapper.setEntity(e.getMessage()); - logger.error(EELFLoggerDelegate.errorLogger, "Exception with postCreateNewVNFChange ", e); - return (new ResponseEntity<String>(responseWrapper.getResponse(), HttpStatus.INTERNAL_SERVER_ERROR)); + return new ResponseEntity<String>(responseWrapper.getResponse(), + HttpStatus.valueOf(responseWrapper.getStatus())); + } catch (Exception e) { + PostCreateNewVnfWrapper responseWrapper = new PostCreateNewVnfWrapper(); + responseWrapper.setStatus(HttpStatus.INTERNAL_SERVER_ERROR.value()); + responseWrapper.setEntity(e.getMessage()); + logger.error(EELFLoggerDelegate.errorLogger, "Exception with postCreateNewVNFChange ", e); + return (new ResponseEntity<String>(responseWrapper.getResponse(), HttpStatus.INTERNAL_SERVER_ERROR)); + } + }else{ + return (new ResponseEntity<String>("User is unauthorized to make this call",HttpStatus.UNAUTHORIZED)); } } @@ -233,6 +250,7 @@ public class SchedulerController extends EPRestrictedBaseController { @RequestMapping(value = "/submit_vnf_change_timeslots", method = RequestMethod.POST, produces = "application/json") public ResponseEntity<String> postSubmitVnfChangeTimeslots(HttpServletRequest request, @RequestBody JSONObject scheduler_request) throws Exception { + if (checkIfUserISValidToMakeSchedule(request)) { try { Date startingTime = new Date(); String startTimeRequest = requestDateFormat.format(startingTime); @@ -259,13 +277,16 @@ public class SchedulerController extends EPRestrictedBaseController { endTimeRequest); return (new ResponseEntity<String>(responseWrapper.getResponse(),HttpStatus.valueOf(responseWrapper.getStatus()))); - } catch (Exception e) { - PostSubmitVnfChangeTimeSlotsWrapper responseWrapper=new PostSubmitVnfChangeTimeSlotsWrapper(); - responseWrapper.setStatus(HttpStatus.INTERNAL_SERVER_ERROR.value()); - responseWrapper.setEntity(e.getMessage()); - logger.error(EELFLoggerDelegate.errorLogger, "Exception with Post submit Vnf change Timeslots", e); - return (new ResponseEntity<String>(responseWrapper.getResponse(), HttpStatus.INTERNAL_SERVER_ERROR)); + } catch (Exception e) { + PostSubmitVnfChangeTimeSlotsWrapper responseWrapper = new PostSubmitVnfChangeTimeSlotsWrapper(); + responseWrapper.setStatus(HttpStatus.INTERNAL_SERVER_ERROR.value()); + responseWrapper.setEntity(e.getMessage()); + logger.error(EELFLoggerDelegate.errorLogger, "Exception with Post submit Vnf change Timeslots", e); + return (new ResponseEntity<String>(responseWrapper.getResponse(), HttpStatus.INTERNAL_SERVER_ERROR)); + } + }else{ + return (new ResponseEntity<String>("User is unauthorized to make this call",HttpStatus.UNAUTHORIZED)); } } @@ -310,43 +331,74 @@ public class SchedulerController extends EPRestrictedBaseController { * Get Scheduler UI constant values from properties file * * @return Rest response wrapped around a String; e.g., "success" or "ERROR" + * @throws Exception */ @RequestMapping(value = "/get_scheduler_constant", method = RequestMethod.GET, produces = "application/json") public PortalRestResponse<Map<String, String>> getSchedulerConstant(HttpServletRequest request, - HttpServletResponse response) { + HttpServletResponse response) throws Exception { logger.debug(EELFLoggerDelegate.debugLogger, "get scheduler constant"); PortalRestResponse<Map<String, String>> portalRestResponse = null; - String errorMsg = " is not defined in property file. Please check the property file and make sure all the schedule constant values are defined"; - HashMap<String, String> constantMap = new HashMap<>(); - constantMap.put(SchedulerProperties.SCHEDULER_DOMAIN_NAME, "domainName"); - constantMap.put(SchedulerProperties.SCHEDULER_SCHEDULE_NAME, "scheduleName"); - constantMap.put(SchedulerProperties.SCHEDULER_WORKFLOW_NAME, "workflowName"); - constantMap.put(SchedulerProperties.SCHEDULER_CALLBACK_URL, "callbackUrl"); - constantMap.put(SchedulerProperties.SCHEDULER_APPROVAL_TYPE, "approvalType"); - constantMap.put(SchedulerProperties.SCHEDULER_APPROVAL_SUBMIT_STATUS, "approvalSubmitStatus"); - constantMap.put(SchedulerProperties.SCHEDULER_APPROVAL_REJECT_STATUS, "approvalRejectStatus"); - constantMap.put(SchedulerProperties.SCHEDULER_POLICY_NAME, "policyName"); - constantMap.put(SchedulerProperties.SCHEDULER_INTERVAL_GET_TIMESLOT_RATE, "intervalRate"); - constantMap.put(SchedulerProperties.SCHEDULER_GROUP_ID, "groupId"); - try { - Map<String, String> map = new HashMap<>(); - for (Map.Entry<String, String> entry : constantMap.entrySet()) { - if (SchedulerProperties.containsProperty(entry.getKey())) - map.put(entry.getValue(), SchedulerProperties.getProperty(entry.getKey())); - else - throw new Exception(entry.getKey() + errorMsg); + + if (checkIfUserISValidToMakeSchedule(request)) { + String errorMsg = " is not defined in property file. Please check the property file and make sure all the schedule constant values are defined"; + HashMap<String, String> constantMap = new HashMap<>(); + constantMap.put(SchedulerProperties.SCHEDULER_DOMAIN_NAME, "domainName"); + constantMap.put(SchedulerProperties.SCHEDULER_SCHEDULE_NAME, "scheduleName"); + constantMap.put(SchedulerProperties.SCHEDULER_WORKFLOW_NAME, "workflowName"); + constantMap.put(SchedulerProperties.SCHEDULER_CALLBACK_URL, "callbackUrl"); + constantMap.put(SchedulerProperties.SCHEDULER_APPROVAL_TYPE, "approvalType"); + constantMap.put(SchedulerProperties.SCHEDULER_APPROVAL_SUBMIT_STATUS, "approvalSubmitStatus"); + constantMap.put(SchedulerProperties.SCHEDULER_APPROVAL_REJECT_STATUS, "approvalRejectStatus"); + constantMap.put(SchedulerProperties.SCHEDULER_POLICY_NAME, "policyName"); + constantMap.put(SchedulerProperties.SCHEDULER_INTERVAL_GET_TIMESLOT_RATE, "intervalRate"); + constantMap.put(SchedulerProperties.SCHEDULER_GROUP_ID, "groupId"); + try { + Map<String, String> map = new HashMap<>(); + for (Map.Entry<String, String> entry : constantMap.entrySet()) { + if (SchedulerProperties.containsProperty(entry.getKey())) + map.put(entry.getValue(), SchedulerProperties.getProperty(entry.getKey())); + else + throw new Exception(entry.getKey() + errorMsg); + } + logger.debug(EELFLoggerDelegate.debugLogger, " portalRestResponse - getSchedulerConstant= {}", map); + portalRestResponse = new PortalRestResponse<Map<String, String>>(PortalRestStatusEnum.OK, "success", + map); + + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, "getSchedulerConstant failed", e); + portalRestResponse = new PortalRestResponse<Map<String, String>>(PortalRestStatusEnum.ERROR, + e.getMessage(), null); } - logger.debug(EELFLoggerDelegate.debugLogger, " portalRestResponse - getSchedulerConstant= {}", - map); - portalRestResponse = new PortalRestResponse<Map<String, String>>(PortalRestStatusEnum.OK, "success", map); - - } catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger, "getSchedulerConstant failed", e); - portalRestResponse = new PortalRestResponse<Map<String, String>>(PortalRestStatusEnum.ERROR, e.getMessage(), - null); + } - return portalRestResponse; + else{ + logger.error(EELFLoggerDelegate.errorLogger, "getSchedulerConstant failed: User unauthorized to make this call"); + portalRestResponse = new PortalRestResponse<Map<String, String>>(PortalRestStatusEnum.ERROR, "failed : Unauthorized", null); + } + return portalRestResponse; } + private String getPath(HttpServletRequest request) + { + String requestURI = request.getRequestURI(); + String portalApiPath = ""; + if (requestURI != null) { + String[] uriArray = requestURI.split("/portalApi/"); + if (uriArray.length > 1) { + portalApiPath = uriArray[1]; + } + } + return portalApiPath; + } + + private boolean checkIfUserISValidToMakeSchedule(HttpServletRequest request) throws Exception + { + EPUser user = EPUserUtils.getUserSession(request); + String portalApiPath = getPath(request); + Set<String> functionCodeList = adminRolesService.getAllAppsFunctionsOfUser(user.getId().toString()); + boolean isValidUser = EPUserUtils.matchRoleFunctions(portalApiPath, functionCodeList); +// boolean isValidUser = functionCodeList.stream().anyMatch(x -> functionCodeList.contains(portalApiPath)); + return isValidUser; + } } diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/TicketEventController.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/TicketEventController.java index b9f6f76d..71f7f81a 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/TicketEventController.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/TicketEventController.java @@ -47,6 +47,10 @@ import java.util.Set; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import javax.validation.ConstraintViolation; +import javax.validation.Validation; +import javax.validation.Validator; +import javax.validation.ValidatorFactory; import org.onap.portalapp.portal.domain.EPUser; import org.onap.portalapp.portal.ecomp.model.PortalRestResponse; import org.onap.portalapp.portal.ecomp.model.PortalRestStatusEnum; @@ -56,6 +60,7 @@ import org.onap.portalapp.portal.service.UserNotificationService; import org.onap.portalapp.portal.transport.EpNotificationItem; import org.onap.portalapp.portal.transport.EpRoleNotificationItem; import org.onap.portalapp.portal.utils.PortalConstants; +import org.onap.portalapp.validation.SecureString; import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Configuration; @@ -80,7 +85,7 @@ import io.swagger.annotations.ApiOperation; @EnableAspectJAutoProxy @EPAuditLog public class TicketEventController implements BasicAuthenticationController { - + private static final ValidatorFactory VALIDATOR_FACTORY = Validation.buildDefaultValidatorFactory(); @Autowired private UserNotificationService userNotificationService; @@ -105,6 +110,19 @@ public class TicketEventController implements BasicAuthenticationController { logger.debug(EELFLoggerDelegate.debugLogger, "Ticket Event notification" + ticketEventJson); PortalRestResponse<String> portalResponse = new PortalRestResponse<>(); + + if (ticketEventJson!=null){ + SecureString secureString = new SecureString(ticketEventJson); + Validator validator = VALIDATOR_FACTORY.getValidator(); + + Set<ConstraintViolation<SecureString>> constraintViolations = validator.validate(secureString); + if (!constraintViolations.isEmpty()){ + portalResponse.setStatus(PortalRestStatusEnum.ERROR); + portalResponse.setMessage("Data is not valid"); + return portalResponse; + } + } + try { JsonNode ticketEventNotif = mapper.readTree(ticketEventJson); diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/UserController.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/UserController.java index f4fab562..fc76a0e6 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/UserController.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/UserController.java @@ -69,6 +69,8 @@ public class UserController extends EPRestrictedBaseController { @Autowired private UserService userService; + private static final String HIDDEN_DEFAULT_PASSWORD = "*****"; + /** * RESTful service method to get ONAP Logged in User details. * @@ -83,7 +85,7 @@ public class UserController extends EPRestrictedBaseController { try { EPUser user = EPUserUtils.getUserSession(request); ProfileDetail profileDetail = new ProfileDetail(user.getFirstName(), user.getLastName(), - user.getMiddleInitial(), user.getEmail(), user.getLoginId(), CipherUtil.decryptPKC(user.getLoginPwd())); + user.getMiddleInitial(), user.getEmail(), user.getLoginId(), HIDDEN_DEFAULT_PASSWORD); portalRestResponse = new PortalRestResponse<ProfileDetail>(PortalRestStatusEnum.OK, "success", profileDetail); EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/loggedinUser", "result =", profileDetail); @@ -124,7 +126,9 @@ public class UserController extends EPRestrictedBaseController { user.setEmail(profileDetail.getEmail()); user.setMiddleInitial(profileDetail.getMiddleName()); user.setLoginId(profileDetail.getLoginId()); - user.setLoginPwd(CipherUtil.encryptPKC(profileDetail.getLoginPassword())); + if (!HIDDEN_DEFAULT_PASSWORD.equals(profileDetail.getLoginPassword())){ + user.setLoginPwd(CipherUtil.encryptPKC(profileDetail.getLoginPassword())); + } userService.saveUser(user); // Update user info in the session request.getSession().setAttribute(SystemProperties.getProperty(SystemProperties.USER_ATTRIBUTE_NAME), diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/UserRolesController.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/UserRolesController.java index 72ae07da..0d665a98 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/UserRolesController.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/UserRolesController.java @@ -2,7 +2,7 @@ * ============LICENSE_START========================================== * ONAP Portal * =================================================================== - * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. * =================================================================== * * Unless otherwise specified, all software contained herein is licensed @@ -285,7 +285,7 @@ public class UserRolesController extends EPRestrictedBaseController { @RequestMapping(value = { "/portalApi/userAppRoles" }, method = { RequestMethod.GET }, produces = "application/json") public List<RoleInAppForUser> getAppRolesForUser(HttpServletRequest request, @RequestParam("user") String orgUserId, - @RequestParam("app") Long appid, @RequestParam("externalRequest") Boolean extRequestValue, + @RequestParam("app") Long appid, @RequestParam("externalRequest") Boolean extRequestValue,@RequestParam("isSystemUser") Boolean isSystemUser, HttpServletResponse response) { EPUser user = EPUserUtils.getUserSession(request); List<RoleInAppForUser> result = null; @@ -295,7 +295,7 @@ public class UserRolesController extends EPRestrictedBaseController { EcompPortalUtils.setBadPermissions(user, response, "getAppRolesForUser"); feErrorString = EcompPortalUtils.getFEErrorString(true, response.getStatus()); } else { - if (EcompPortalUtils.legitimateUserId(orgUserId)) { + if ((!isSystemUser && EcompPortalUtils.legitimateUserId(orgUserId)) || isSystemUser) { result = userRolesService.getAppRolesForUser(appid, orgUserId, extRequestValue, user); logger.debug(EELFLoggerDelegate.debugLogger, "getAppRolesForUser: result {}, appId {}", result , appid); int responseCode = EcompPortalUtils.getExternalAppResponseCode(); @@ -354,18 +354,18 @@ public class UserRolesController extends EPRestrictedBaseController { PortalRestResponse<String> portalResponse = new PortalRestResponse<>(); StringBuilder sbUserApps = new StringBuilder(); if (newAppRolesForUser != null) { - sbUserApps.append("User '" + newAppRolesForUser.orgUserId); - if (newAppRolesForUser.appRoles != null && newAppRolesForUser.appRoles.size() >= 1) { + sbUserApps.append("User '" + newAppRolesForUser.getOrgUserId()); + if (newAppRolesForUser.getAppId() != null && !newAppRolesForUser.getAppRoles().isEmpty()) { sbUserApps.append("' has roles = { "); - for (RoleInAppForUser appRole : newAppRolesForUser.appRoles) { + for (RoleInAppForUser appRole : newAppRolesForUser.getAppRoles()) { if (appRole.isApplied) { sbUserApps.append(appRole.roleName + " ,"); } } sbUserApps.deleteCharAt(sbUserApps.length() - 1); - sbUserApps.append("} assigned for the app " + newAppRolesForUser.appId); + sbUserApps.append("} assigned for the app " + newAppRolesForUser.getAppId()); } else { - sbUserApps.append("' has no roles assigned for app " + newAppRolesForUser.appId); + sbUserApps.append("' has no roles assigned for app " + newAppRolesForUser.getAppId()); } } logger.info(EELFLoggerDelegate.applicationLogger, "putAppWithUserRoleStateForUser: {}", sbUserApps.toString()); @@ -383,14 +383,14 @@ public class UserRolesController extends EPRestrictedBaseController { try{ if (changesApplied.isResult()) { logger.info(EELFLoggerDelegate.applicationLogger, - "putAppWithUserRoleStateForUser: succeeded for app {}, user {}", newAppRolesForUser.appId, - newAppRolesForUser.orgUserId); + "putAppWithUserRoleStateForUser: succeeded for app {}, user {}", newAppRolesForUser.getAppId(), + newAppRolesForUser.getAppId()); MDC.put(EPCommonSystemProperties.AUDITLOG_BEGIN_TIMESTAMP, EPEELFLoggerAdvice.getCurrentDateTimeUTC()); AuditLog auditLog = new AuditLog(); auditLog.setUserId(user.getId()); auditLog.setActivityCode(EcompAuditLog.CD_ACTIVITY_UPDATE_USER); - auditLog.setAffectedRecordId(newAppRolesForUser.orgUserId); + auditLog.setAffectedRecordId(newAppRolesForUser.getOrgUserId()); auditLog.setComments(EcompPortalUtils.truncateString(sbUserApps.toString(), PortalConstants.AUDIT_LOG_COMMENT_SIZE)); auditService.logActivity(auditLog, null); @@ -401,7 +401,7 @@ public class UserRolesController extends EPRestrictedBaseController { logger.info(EELFLoggerDelegate.auditLogger, EPLogUtil.formatAuditLogMessage("UserRolesController.putAppWithUserRoleStateForUser", EcompAuditLog.CD_ACTIVITY_UPDATE_USER, user.getOrgUserId(), - newAppRolesForUser.orgUserId, sbUserApps.toString())); + newAppRolesForUser.getOrgUserId(), sbUserApps.toString())); MDC.remove(EPCommonSystemProperties.AUDITLOG_BEGIN_TIMESTAMP); MDC.remove(EPCommonSystemProperties.AUDITLOG_END_TIMESTAMP); MDC.remove(SystemProperties.MDC_TIMER); @@ -413,8 +413,8 @@ public class UserRolesController extends EPRestrictedBaseController { }catch (Exception e){ logger.error(EELFLoggerDelegate.errorLogger, - "putAppWithUserRoleStateForUser: failed for app {}, user {}", newAppRolesForUser.appId, - newAppRolesForUser.orgUserId); + "putAppWithUserRoleStateForUser: failed for app {}, user {}", newAppRolesForUser.getAppId(), + newAppRolesForUser.getOrgUserId()); portalResponse = new PortalRestResponse<>(PortalRestStatusEnum.ERROR, e.getMessage(), null); } } @@ -561,4 +561,16 @@ public class UserRolesController extends EPRestrictedBaseController { return result; } + @RequestMapping(value = { "/portalApi/checkIfUserIsSuperAdmin" }, method = RequestMethod.GET, produces = "application/json") + public boolean checkIfUserIsSuperAdmin(HttpServletRequest request, + HttpServletResponse response) { + EPUser user = EPUserUtils.getUserSession(request); + boolean isSuperAdmin = false; + try { + isSuperAdmin = adminRolesService.isSuperAdmin(user) ; + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, "checkIfUserIsSuperAdmin failed: " + e.getMessage()); + } + return isSuperAdmin; + } } diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/WebAnalyticsExtAppController.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/WebAnalyticsExtAppController.java index 743cbc9a..f1192f92 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/WebAnalyticsExtAppController.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/WebAnalyticsExtAppController.java @@ -2,7 +2,7 @@ * ============LICENSE_START========================================== * ONAP Portal * =================================================================== - * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved. + * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. * =================================================================== * * Unless otherwise specified, all software contained herein is licensed @@ -37,13 +37,15 @@ */ package org.onap.portalapp.portal.controller; +import io.swagger.annotations.ApiOperation; +import java.io.IOException; import java.io.InputStream; import java.nio.charset.StandardCharsets; import java.util.HashMap; import java.util.Map; - +import java.util.Objects; import javax.servlet.http.HttpServletRequest; - +import lombok.NoArgsConstructor; import org.apache.commons.io.IOUtils; import org.apache.commons.lang.StringUtils; import org.onap.portalapp.controller.EPRestrictedRESTfulBaseController; @@ -60,7 +62,6 @@ import org.onap.portalapp.portal.utils.EcompPortalUtils; import org.onap.portalapp.portal.utils.PortalConstants; import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; import org.onap.portalsdk.core.onboarding.crossapi.PortalAPIResponse; -import org.onap.portalsdk.core.service.AuditService; import org.onap.portalsdk.core.util.SystemProperties; import org.slf4j.MDC; import org.springframework.beans.factory.annotation.Autowired; @@ -81,48 +82,29 @@ import org.springframework.web.bind.annotation.ResponseBody; import org.springframework.web.bind.annotation.RestController; import org.springframework.web.client.AsyncRestTemplate; -import io.swagger.annotations.ApiOperation; - @RestController @RequestMapping(PortalConstants.REST_AUX_API) @Configuration @EnableAspectJAutoProxy @EPAuditLog +@NoArgsConstructor public class WebAnalyticsExtAppController extends EPRestrictedRESTfulBaseController { - - @Autowired private ConsulHealthService consulHealthService; + private AppsCacheService appCacheService; private static final String MACHINE_LEARNING_SERVICE_CTX = "/ml_api"; private static final String REGISTER_ACTION = MACHINE_LEARNING_SERVICE_CTX + "/" + "registerAction"; private static final String CONSUL_ML_SERVICE_ID = "machine-learning"; private static final String APP_KEY = "uebkey"; - private EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(WebAnalyticsExtAppController.class); - private AsyncRestTemplate restTemplate = new AsyncRestTemplate(); - + private final EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(WebAnalyticsExtAppController.class); + private final AsyncRestTemplate restTemplate = new AsyncRestTemplate(); + private final SuccessCallback<ResponseEntity<String>> successCallback = arg -> logger.info(EELFLoggerDelegate.debugLogger, arg.getBody()); + private final FailureCallback failureCallback = arg -> logger.error(EELFLoggerDelegate.errorLogger, "storeAuxAnalytics failed", arg); @Autowired - AuditService auditService; - - @Autowired - AppsCacheService appCacheService; - - SuccessCallback<ResponseEntity<String>> successCallback = new SuccessCallback<ResponseEntity<String>>() { - @Override - public void onSuccess(ResponseEntity<String> arg) { - logger.info(EELFLoggerDelegate.debugLogger, arg.getBody()); - } - }; - - FailureCallback failureCallback = new FailureCallback() { - @Override - public void onFailure(Throwable arg) { - logger.error(EELFLoggerDelegate.errorLogger, "storeAuxAnalytics failed", arg); - } - }; - - protected boolean isAuxRESTfulCall() { - return true; + public WebAnalyticsExtAppController(AppsCacheService appCacheService, ConsulHealthService consulHealthService) { + this.appCacheService = appCacheService; + this.consulHealthService = consulHealthService; } /** @@ -132,12 +114,10 @@ public class WebAnalyticsExtAppController extends EPRestrictedRESTfulBaseControl * @param request * HttpServletRequest * @return String - * @throws Exception - * on failure */ @ApiOperation(value = "Gets javascript with functions that support gathering and reporting web analytics.", response = String.class) @RequestMapping(value = { "/analytics" }, method = RequestMethod.GET, produces = "application/javascript") - public String getAnalyticsScript(HttpServletRequest request) throws Exception { + public String getAnalyticsScript(HttpServletRequest request) { String responseText = ""; EPApp app = null; String version = ""; @@ -149,31 +129,26 @@ public class WebAnalyticsExtAppController extends EPRestrictedRESTfulBaseControl } if (app != null) { String restEndPoint = app.getAppRestEndpoint(); - if(restEndPoint.indexOf("/api")!=-1) { + if(restEndPoint.contains("/api")) { version = restEndPoint.substring(restEndPoint.indexOf("/api")+4); } } - String END_POINT = "/storeAnalytics"; + String endPoint = "/storeAnalytics"; if(StringUtils.isNotBlank(version)) { - END_POINT = version + "/storeAnalytics"; + endPoint = version + "/storeAnalytics"; } final String fileName = "analytics.txt"; - InputStream analyticsFileStream = null; - try { - analyticsFileStream = this.getClass().getClassLoader().getResourceAsStream(fileName); - responseText = IOUtils.toString(analyticsFileStream, StandardCharsets.UTF_8.name()); - } catch (Exception e) { + try (InputStream analyticsFileStream = this.getClass().getClassLoader().getResourceAsStream(fileName)) { + responseText = IOUtils.toString(Objects.requireNonNull(analyticsFileStream), StandardCharsets.UTF_8.name()); + } catch (IOException e) { logger.error(EELFLoggerDelegate.errorLogger, "Error reading contents of the file " + fileName, e); - } finally { - if (analyticsFileStream != null) - analyticsFileStream.close(); } String feURLContext = SystemProperties.getProperty("frontend_url"); String feURL = feURLContext.substring(0, feURLContext.lastIndexOf('/')); responseText = responseText.replace("PORTAL_ENV_URL", feURL); - responseText = responseText.replace("$END_POINT", END_POINT); + responseText = responseText.replace("$END_POINT", endPoint); return responseText; } @@ -185,14 +160,11 @@ public class WebAnalyticsExtAppController extends EPRestrictedRESTfulBaseControl * @param analyticsMap * Analytics * @return PortalAPIResponse - * @throws Exception - * on failure */ @RequestMapping(value = { "/storeAnalytics" }, method = RequestMethod.POST, produces = "application/json") @ResponseBody @ApiOperation(value = "Accepts data from partner applications with web analytics data.", response = PortalAPIResponse.class) - public PortalAPIResponse storeAnalyticsScript(HttpServletRequest request, @RequestBody Analytics analyticsMap) - throws Exception { + public PortalAPIResponse storeAnalyticsScript(HttpServletRequest request, @RequestBody Analytics analyticsMap) { try { MDC.put(EPCommonSystemProperties.AUDITLOG_BEGIN_TIMESTAMP, EPEELFLoggerAdvice.getCurrentDateTimeUTC()); String appName = ""; @@ -225,16 +197,14 @@ public class WebAnalyticsExtAppController extends EPRestrictedRESTfulBaseControl MDC.remove(EPCommonSystemProperties.AUDITLOG_END_TIMESTAMP); MDC.remove(SystemProperties.MDC_TIMER); - PortalAPIResponse response = new PortalAPIResponse(true, "success"); - return response; + return new PortalAPIResponse(true, "success"); } catch (Exception e) { logger.error(EELFLoggerDelegate.errorLogger, "storeAnalytics failed", e); - PortalAPIResponse response = new PortalAPIResponse(true, "error"); - return response; + return new PortalAPIResponse(true, "error"); } } - protected String getAppName(HttpServletRequest request, String appName) { + private String getAppName(HttpServletRequest request, String appName) { EPApp appRecord = getApp(request); if (appRecord != null) { @@ -243,7 +213,7 @@ public class WebAnalyticsExtAppController extends EPRestrictedRESTfulBaseControl return appName; } - protected EPApp getApp(HttpServletRequest request) { + private EPApp getApp(HttpServletRequest request) { String appKeyValue = request.getHeader(APP_KEY); EPApp appRecord = null; if (appKeyValue == null || appKeyValue.equals("")) { @@ -254,12 +224,12 @@ public class WebAnalyticsExtAppController extends EPRestrictedRESTfulBaseControl return appRecord; } - protected void storeAuxAnalytics(Analytics analyticsMap, String appName) { + private void storeAuxAnalytics(Analytics analyticsMap, String appName) { logger.info(EELFLoggerDelegate.debugLogger, " Registering an action for recommendation: AppName/Function/UserId " + appName + "/" + analyticsMap.getFunction() + "/" + analyticsMap.getUserid()); - Map<String, String> requestMapping = new HashMap<String, String>(); + Map<String, String> requestMapping = new HashMap<>(); requestMapping.put("id", analyticsMap.getUserid()); requestMapping.put("action", appName + "|" + analyticsMap.getFunction()); @@ -267,7 +237,7 @@ public class WebAnalyticsExtAppController extends EPRestrictedRESTfulBaseControl headers.setContentType(MediaType.APPLICATION_JSON); // set your entity to send - HttpEntity<Map<String, String>> entity = new HttpEntity<Map<String, String>>(requestMapping, headers); + HttpEntity<Map<String, String>> entity = new HttpEntity<>(requestMapping, headers); // send it! ListenableFuture<ResponseEntity<String>> out = restTemplate.exchange( diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/AppContactUs.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/AppContactUs.java index 6cf2ea79..0fe8a351 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/AppContactUs.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/AppContactUs.java @@ -37,6 +37,7 @@ */ package org.onap.portalapp.portal.domain; +import org.hibernate.validator.constraints.SafeHtml; import org.onap.portalsdk.core.domain.support.DomainVo; import com.fasterxml.jackson.annotation.JsonBackReference; @@ -46,10 +47,15 @@ public class AppContactUs extends DomainVo { private static final long serialVersionUID = -2742197830465055134L; @JsonBackReference private EPApp app; + @SafeHtml private String description; + @SafeHtml private String contactEmail; + @SafeHtml private String contactName; + @SafeHtml private String url; + @SafeHtml private String activeYN; public EPApp getApp() { diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/CentralV2RoleFunction.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/CentralV2RoleFunction.java index d2ded5ad..a761103f 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/CentralV2RoleFunction.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/CentralV2RoleFunction.java @@ -39,6 +39,7 @@ package org.onap.portalapp.portal.domain; import java.io.Serializable; +import org.hibernate.validator.constraints.SafeHtml; import org.onap.portalsdk.core.domain.support.DomainVo; import com.fasterxml.jackson.annotation.JsonIgnore; @@ -50,14 +51,18 @@ public class CentralV2RoleFunction extends DomainVo implements Serializable, Com * */ private static final long serialVersionUID = -4018975640065252688L; + @SafeHtml private String code; + @SafeHtml private String name; @JsonIgnore private Long appId; @JsonIgnore private Long roleId; private String type; + @SafeHtml private String action; + @SafeHtml private String editUrl; diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/EPApp.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/EPApp.java index 6e77e747..8227d9ab 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/EPApp.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/EPApp.java @@ -41,7 +41,9 @@ import java.util.Arrays; import javax.persistence.Lob; +import javax.validation.Valid; import org.apache.commons.lang.StringUtils; +import org.hibernate.validator.constraints.SafeHtml; import org.onap.portalsdk.core.domain.support.DomainVo; /** @@ -50,29 +52,44 @@ import org.onap.portalsdk.core.domain.support.DomainVo; public class EPApp extends DomainVo { private static final long serialVersionUID = 1L; - + @SafeHtml private String name; + @SafeHtml private String imageUrl; + @SafeHtml private String description; + @SafeHtml private String notes; + @SafeHtml private String url; + @SafeHtml private String alternateUrl; + @SafeHtml private String appRestEndpoint; + @SafeHtml private String mlAppName; + @SafeHtml private String mlAppAdminId; private Long motsId; + @SafeHtml private String username; + @SafeHtml private String appPassword; @Lob private byte[] thumbnail; private Boolean open; private Boolean enabled; + @SafeHtml private String uebTopicName; + @SafeHtml private String uebKey; + @SafeHtml private String uebSecret; private Integer appType; + @Valid private AppContactUs contactUs; private Boolean centralAuth; + @SafeHtml private String nameSpace; public EPApp() { diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/EPRole.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/EPRole.java index f9ff97d1..55f7e0cc 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/EPRole.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/EPRole.java @@ -41,6 +41,8 @@ import java.util.Iterator; import java.util.SortedSet; import java.util.TreeSet; +import javax.validation.Valid; +import org.hibernate.validator.constraints.SafeHtml; import org.onap.portalsdk.core.domain.RoleFunction; import org.onap.portalsdk.core.domain.support.DomainVo; import com.fasterxml.jackson.annotation.JsonIgnore; @@ -48,6 +50,7 @@ import com.fasterxml.jackson.annotation.JsonIgnore; public class EPRole extends DomainVo { private static final long serialVersionUID = 1L; + @SafeHtml private String name; private boolean active; private Integer priority; @@ -57,7 +60,7 @@ public class EPRole extends DomainVo { private Long appRoleId; // used by ONAP only private SortedSet<RoleFunction> roleFunctions = new TreeSet<RoleFunction>(); - + @Valid private SortedSet<EPRole> childRoles = new TreeSet<EPRole>(); @JsonIgnore diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/EPUser.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/EPUser.java index ce7495f7..a3c9c481 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/EPUser.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/EPUser.java @@ -42,6 +42,8 @@ import java.util.Iterator; import java.util.SortedSet; import java.util.TreeSet; +import javax.validation.Valid; +import org.hibernate.validator.constraints.SafeHtml; import org.onap.portalapp.portal.utils.PortalConstants; import org.onap.portalsdk.core.domain.User; import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; @@ -52,44 +54,78 @@ public class EPUser extends User { private Long orgId; private Long managerId; + @SafeHtml private String firstName; + @SafeHtml private String middleInitial; + @SafeHtml private String lastName; + @SafeHtml private String phone; + @SafeHtml private String fax; + @SafeHtml private String cellular; + @SafeHtml private String email; private Long addressId; + @SafeHtml private String alertMethodCd; + @SafeHtml private String hrid; + @SafeHtml private String orgUserId; + @SafeHtml private String orgCode; + @SafeHtml private String address1; + @SafeHtml private String address2; + @SafeHtml private String city; + @SafeHtml private String state; + @SafeHtml private String zipCode; + @SafeHtml private String country; + @SafeHtml private String orgManagerUserId; + @SafeHtml private String locationClli; + @SafeHtml private String businessCountryCode; + @SafeHtml private String businessCountryName; + @SafeHtml private String businessUnit; + @SafeHtml private String businessUnitName; + @SafeHtml private String department; + @SafeHtml private String departmentName; + @SafeHtml private String companyCode; + @SafeHtml private String company; + @SafeHtml private String zipCodeSuffix; + @SafeHtml private String jobTitle; + @SafeHtml private String commandChain; + @SafeHtml private String siloStatus; + @SafeHtml private String costCenter; + @SafeHtml private String financialLocCode; - + @SafeHtml private String loginId; + @SafeHtml private String loginPwd; private Date lastLoginDate; private boolean active; @@ -97,15 +133,19 @@ public class EPUser extends User { private Long selectedProfileId; private Long timeZoneId; private boolean online; + @SafeHtml private String chatId; + private boolean systemUser; private Integer languageId; private static final long serialVersionUID = 1L; + private static EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(EPUser.class); private static final String ECOMP_PORTAL_NAME = "ECOMP"; private boolean isGuest = false; - + @Valid private SortedSet<EPUserApp> userApps = new TreeSet<EPUserApp>(); + @Valid private SortedSet<EPRole> pseudoRoles = new TreeSet<EPRole>(); public EPUser() {} @@ -653,6 +693,14 @@ public class EPUser extends User { public void setGuest(boolean isGuest) { this.isGuest = isGuest; } + + public boolean isSystemUser() { + return systemUser; + } + + public void setSystemUser(boolean systemUser) { + this.systemUser = systemUser; + } @Override public String toString() { diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/EPUserApp.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/EPUserApp.java index 3470a9e3..d644c998 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/EPUserApp.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/EPUserApp.java @@ -37,6 +37,7 @@ */ package org.onap.portalapp.portal.domain; +import javax.validation.Valid; import org.onap.portalsdk.core.domain.support.DomainVo; @SuppressWarnings("rawtypes") @@ -45,7 +46,9 @@ public class EPUserApp extends DomainVo implements java.io.Serializable, Compara private static final long serialVersionUID = 1L; private Long userId; + @Valid private EPApp app; + @Valid private EPRole role; private Integer priority; @@ -61,13 +64,12 @@ public class EPUserApp extends DomainVo implements java.io.Serializable, Compara } public Long getAppRoleId() { - return (role.getAppRoleId() == null) ? null : role.getAppRoleId(); + return this.role.getAppRoleId(); } @Override public String toString() { - String str = "[u: "+getUserId()+"; a: "+getAppId()+", r: "+getRoleId()+"; appRoleId: "+getAppRoleId()+"]"; - return str; + return "[u: "+getUserId()+"; a: "+getAppId()+", r: "+getRoleId()+"; appRoleId: "+getAppRoleId()+"]"; } public Long getUserId() { @@ -102,6 +104,7 @@ public class EPUserApp extends DomainVo implements java.io.Serializable, Compara this.priority = priority; } + @Override public boolean equals(Object other) { if ((this == other)) return true; @@ -111,10 +114,10 @@ public class EPUserApp extends DomainVo implements java.io.Serializable, Compara return false; EPUserApp castOther = (EPUserApp) other; - return (this.getUserId().equals(castOther.getUserId())) - && (this.getApp().getId().equals(castOther.getApp().getId())) - && (this.getRole().getId().equals(castOther.getRole().getId())) - && ((this.priority==null && castOther.getPriority()==null) || this.getPriority().equals(castOther.getPriority())); + return (otherUserIdIsSameAsThisUserId(castOther)) + && (otherAppIdIsSameAsThis(castOther)) + && (otherRoleIsSameAsThis(castOther)) + && (otherPriorityIsSameAsThis(castOther)); } public int hashCode() { @@ -135,4 +138,19 @@ public class EPUserApp extends DomainVo implements java.io.Serializable, Compara return c1.compareTo(c2); } + private boolean otherPriorityIsSameAsThis(EPUserApp other){ + return (this.priority==null && other.getPriority()==null) || this.getPriority().equals(other.getPriority()); + } + + private boolean otherRoleIsSameAsThis(EPUserApp other){ + return this.getRole().getId().equals(other.getRole().getId()); + } + + private boolean otherAppIdIsSameAsThis(EPUserApp other){ + return this.getApp().getId().equals(other.getApp().getId()); + } + + private boolean otherUserIdIsSameAsThisUserId(EPUserApp other){ + return this.getUserId().equals(other.getUserId()); + } } diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/FunctionalMenuItemWithAppID.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/FunctionalMenuItemWithAppID.java index 5b5e37c4..9900827f 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/FunctionalMenuItemWithAppID.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/FunctionalMenuItemWithAppID.java @@ -38,13 +38,20 @@ package org.onap.portalapp.portal.domain; import java.util.List; - import javax.persistence.Column; import javax.persistence.Entity; import javax.persistence.GeneratedValue; import javax.persistence.GenerationType; import javax.persistence.Id; import javax.persistence.Transient; +import javax.validation.constraints.DecimalMax; +import javax.validation.constraints.Digits; +import javax.validation.constraints.Max; +import javax.validation.constraints.NotNull; +import lombok.AllArgsConstructor; +import lombok.NoArgsConstructor; +import org.hibernate.validator.constraints.SafeHtml; + /*** * * This class is almost identical to org.onap.portalapp.portal.transport.FunctionalMenuItem @@ -55,27 +62,42 @@ import javax.persistence.Transient; * */ @Entity +@NoArgsConstructor +@AllArgsConstructor public class FunctionalMenuItemWithAppID{ private static final long serialVersionUID = 1L; @Id @GeneratedValue(strategy=GenerationType.IDENTITY) @Column(name = "MENU_ID") + @Digits(integer = 11, fraction = 0) public Long menuId; @Column(name = "COLUMN_NUM") + @Digits(integer = 2, fraction = 0) + @NotNull public Integer column; @Column(name = "TEXT") + @Max(value = 100) + @SafeHtml + @NotNull public String text; @Column(name = "PARENT_MENU_ID") + @Digits(integer = 11, fraction = 0) public Integer parentMenuId; @Column(name = "URL") + @Max(value = 128) + @SafeHtml + @NotNull public String url; @Column(name="ACTIVE_YN") + @Max(value = 1) + @SafeHtml + @NotNull public String active_yn; @Column(name="APP_ID") @@ -89,10 +111,10 @@ public class FunctionalMenuItemWithAppID{ public void normalize() { if (this.column == null) - this.column = new Integer(1); + this.column = 1; this.text = (this.text == null) ? "" : this.text.trim(); if (this.parentMenuId == null) - this.parentMenuId = new Integer(-1); + this.parentMenuId = -1; this.url = (this.url == null) ? "" : this.url.trim(); } diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/MicroserviceData.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/MicroserviceData.java index f62b8928..b8f79d06 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/MicroserviceData.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/MicroserviceData.java @@ -44,6 +44,8 @@ import javax.persistence.GeneratedValue; import javax.persistence.GenerationType; import javax.persistence.Id; +import javax.validation.Valid; +import org.hibernate.validator.constraints.SafeHtml; import org.onap.portalsdk.core.domain.support.DomainVo; public class MicroserviceData extends DomainVo { @@ -55,23 +57,23 @@ public class MicroserviceData extends DomainVo { } private Long id; - + @SafeHtml private String name; - + @SafeHtml private String active; - + @SafeHtml private String desc; private long appId; - + @SafeHtml private String url; - + @SafeHtml private String securityType; - + @SafeHtml private String username; - + @SafeHtml private String password; - + @Valid private List<MicroserviceParameter> parameterList; public Long getId() { diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/MicroserviceParameter.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/MicroserviceParameter.java index 0c645716..848c6a2a 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/MicroserviceParameter.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/MicroserviceParameter.java @@ -37,6 +37,7 @@ */ package org.onap.portalapp.portal.domain; +import org.hibernate.validator.constraints.SafeHtml; import org.onap.portalsdk.core.domain.support.DomainVo; public class MicroserviceParameter extends DomainVo { @@ -50,9 +51,9 @@ public class MicroserviceParameter extends DomainVo { private Long id; private long serviceId; - + @SafeHtml private String para_key; - + @SafeHtml private String para_value; public Long getId() { diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/RoleApp.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/RoleApp.java index d4ca5457..cf3e06b9 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/RoleApp.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/RoleApp.java @@ -39,90 +39,21 @@ package org.onap.portalapp.portal.domain; import java.io.Serializable; import java.util.Set; +import lombok.Getter; +import lombok.Setter; -import javax.persistence.CascadeType; -import javax.persistence.Column; -import javax.persistence.FetchType; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; -import javax.persistence.Id; -import javax.persistence.JoinColumn; -import javax.persistence.ManyToMany; -import javax.persistence.ManyToOne; - -import com.fasterxml.jackson.annotation.JsonIgnore; - -//@Entity -//@Table(name = "FN_ROLE") +@Getter +@Setter public class RoleApp implements Serializable{ private static final long serialVersionUID = 1L; - //@Id - //@Column(name = "ROLE_ID") - //@GeneratedValue(strategy=GenerationType.AUTO) private Long roleId; - - - //@Column(name = "ROLE_Name") - private String roleName; - - //@ManyToOne(fetch = FetchType.EAGER) - //@JoinColumn(name="APP_ID") - private App app; - - //@JsonIgnore - //@ManyToMany(fetch = FetchType.EAGER, cascade = {CascadeType.MERGE, CascadeType.PERSIST, CascadeType.REFRESH}, mappedBy="widgetRoles") - private Set<WidgetCatalog> widgets; - - /*@PreRemove - private void removeGroupsFromUsers() { - for (WidgetCatalog w : widgets) { - w.getWidgetRoles().remove(this); - } - }*/ - - /*@ManyToOne - @JoinColumn(name = "WIDGET_ID", nullable = false) - WidgetCatalog widgetCatalog;*/ - - //@JsonIgnore - //@ManyToMany(mappedBy = "widgetRoles") - //@ManyToMany(fetch = FetchType.EAGER, mappedBy = "widgetRoles") - //private Set<WidgetCatalog> widgets = new HashSet<WidgetCatalog>(); - - public Long getRoleId() { - return roleId; - } - - public void setRoleId(Long roleId) { - this.roleId = roleId; - } - - public String getRoleName() { - return roleName; - } - - public void setRoleName(String roleName) { - this.roleName = roleName; - } - - public App getApp() { - return app; - } - public void setApp(App app) { - this.app = app; - } - - + private String roleName; - public Set<WidgetCatalog> getWidgets() { - return widgets; - } + private App app; - public void setWidgets(Set<WidgetCatalog> widgets) { - this.widgets = widgets; - } + private Set<WidgetCatalog> widgets; @Override public String toString() { diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/interceptor/PortalResourceInterceptor.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/interceptor/PortalResourceInterceptor.java index b1439060..39c906a1 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/interceptor/PortalResourceInterceptor.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/interceptor/PortalResourceInterceptor.java @@ -40,6 +40,7 @@ package org.onap.portalapp.portal.interceptor; import java.util.ArrayList; +import java.util.HashMap; import java.util.List; import java.util.Set; import java.util.regex.Matcher; @@ -154,8 +155,8 @@ public class PortalResourceInterceptor extends ResourceInterceptor { SystemProperties.getProperty(SystemProperties.USER_ATTRIBUTE_NAME)); //RoleAdmin check is being added because the role belongs to partner application //inorder to access portal api's, bypassing this with isRoleAdmin Check - if ((matchRoleFunctions(portalApiPath, allRoleFunctions) - && !matchRoleFunctions(portalApiPath, roleFunctions)) && !adminRolesService.isRoleAdmin(user)) { + if ((EPUserUtils.matchRoleFunctions(portalApiPath, allRoleFunctions) + && !EPUserUtils.matchRoleFunctions(portalApiPath, roleFunctions)) && !adminRolesService.isRoleAdmin(user)) { logger.error(EELFLoggerDelegate.errorLogger, "preHandle: User {} not authorized for path {} ", user.getOrgUserId(), portalApiPath); @@ -246,7 +247,7 @@ public class PortalResourceInterceptor extends ResourceInterceptor { logger.debug(EELFLoggerDelegate.debugLogger, "Entering in the loop as the uri contains auxapi : {}"); String nameSpace=PortalApiProperties.getProperty(PortalApiConstants.AUTH_NAMESPACE); logger.debug(EELFLoggerDelegate.debugLogger, "namespace form the portal properties : {}",nameSpace); - Boolean accessallowed=AuthUtil.isAccessAllowed(request, nameSpace); + Boolean accessallowed=AuthUtil.isAccessAllowed(request, nameSpace, new HashMap<>()); logger.debug(EELFLoggerDelegate.debugLogger, "AccessAllowed for the request and namespace : {}",accessallowed); if(accessallowed){ logger.debug(EELFLoggerDelegate.debugLogger, "AccessAllowed is allowed: {}",accessallowed); @@ -296,9 +297,13 @@ public class PortalResourceInterceptor extends ResourceInterceptor { }catch(ClassCastException e){ logger.debug(EELFLoggerDelegate.debugLogger, "Entering in the classcastexception block if the UN is not the mechid : {}"); - + String secretKey = null; // Unauthorized access due to missing HTTP Authorization request header if (authHeader == null) { + if (remoteWebServiceCallService.verifyRESTCredential(secretKey, request.getHeader(EPCommonSystemProperties.UEB_KEY), + request.getHeader("username"), request.getHeader("password"))) { + return true; + } final String msg = "no authorization found"; logger.debug(EELFLoggerDelegate.debugLogger, "checkBasicAuth: {}", msg); sendErrorResponse(response, HttpServletResponse.SC_UNAUTHORIZED, msg); @@ -396,42 +401,6 @@ public class PortalResourceInterceptor extends ResourceInterceptor { return result; } - private Boolean matchRoleFunctions(String portalApiPath, Set<? extends String> roleFunctions) { - String[] path = portalApiPath.split("/"); - List<String> roleFunList = new ArrayList<>(); - if (path.length > 1) { - roleFunList = roleFunctions.stream().filter(item -> item.startsWith(path[0])).collect(Collectors.toList()); - if (roleFunList.size() >= 1) { - for (String roleFunction : roleFunList) { - String[] roleFunctionArray = roleFunction.split("/"); - boolean b = true; - if (roleFunctionArray.length == path.length) { - for (int i = 0; i < roleFunctionArray.length; i++) { - if (b) { - if (!roleFunctionArray[i].equals("*")) { - Pattern p = Pattern.compile(Pattern.quote(path[i]), Pattern.CASE_INSENSITIVE); - Matcher m = p.matcher(roleFunctionArray[i]); - b = m.matches(); - - } - } - } - if (b) - return b; - } - } - } - } else { - for (String roleFunction : roleFunctions) { - if (portalApiPath.matches(roleFunction)) - return true; - } - } - return false; - } - - - protected void handleSessionUpdates(HttpServletRequest request) { PortalTimeoutHandler.handleSessionUpdatesNative(request, null, null, null, null, manageService); } diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/listener/HealthMonitor.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/listener/HealthMonitor.java index 891da3b7..4805a77d 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/listener/HealthMonitor.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/listener/HealthMonitor.java @@ -43,8 +43,8 @@ import java.util.List; import javax.annotation.PostConstruct; import javax.annotation.PreDestroy; +import lombok.NoArgsConstructor; import org.apache.commons.lang3.StringUtils; -import org.apache.zookeeper.ZooKeeper; import org.apache.zookeeper.client.FourLetterWordMain; import org.hibernate.Query; import org.hibernate.Session; @@ -61,6 +61,7 @@ import org.onap.portalapp.portal.utils.EPCommonSystemProperties; import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; import org.onap.portalsdk.core.util.SystemProperties; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.EnableAspectJAutoProxy; import org.springframework.transaction.annotation.Transactional; @@ -68,19 +69,14 @@ import org.springframework.transaction.annotation.Transactional; @Transactional -@org.springframework.context.annotation.Configuration +@Configuration @EnableAspectJAutoProxy @EPMetricsLog +@NoArgsConstructor public class HealthMonitor { - - - ZooKeeper zookeeper = null; - private static EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(HealthMonitor.class); - - @Autowired - private SessionFactory sessionFactory; - + private Thread healthMonitorThread; + private static SessionFactory sessionFactory; private static boolean databaseUp; private static boolean uebUp; @@ -89,50 +85,17 @@ public class HealthMonitor { private static boolean dbPermissionsOk; private static boolean zookeeperStatusOk; private static boolean cassandraStatusOk; - private static String APPLICATION = "Portal"; - - /** - * Read directly by external classes. - */ - public static boolean isSuspended = false; - - private Thread healthMonitorThread; - - public HealthMonitor() { - } - - public static boolean isDatabaseUp() { - return databaseUp; - } - - public static boolean isDatabasePermissionsOk() { - return dbPermissionsOk; - } + private static String application = "Portal"; + private static boolean isSuspended = false; - public static boolean isUebUp() { - return uebUp; - } - - public static boolean isFrontEndUp() { - return frontEndUp; - } - - public static boolean isBackEndUp() { - return backEndUp; - } - - public static boolean isZookeeperStatusOk() { - return zookeeperStatusOk; - } - - public static boolean isCassandraStatusOk() { - return cassandraStatusOk; + @Autowired + public HealthMonitor(SessionFactory sessionFactory) { + HealthMonitor.sessionFactory = sessionFactory; } - private void monitorEPHealth() throws InterruptedException { + private static void monitorEPHealth() { int numIntervalsDatabaseHasBeenDown = 0; - int numIntervalsClusterNotHealthy = 0; int numIntervalsDatabasePermissionsIncorrect = 0; int numIntervalsZookeeperNotHealthy = 0; int numIntervalsCassandraNotHealthy = 0; @@ -141,9 +104,9 @@ public class HealthMonitor { long sleepInterval = (Long - .valueOf(SystemProperties.getProperty(EPCommonSystemProperties.HEALTH_POLL_INTERVAL_SECONDS)) * 1000); + .parseLong(SystemProperties.getProperty(EPCommonSystemProperties.HEALTH_POLL_INTERVAL_SECONDS)) * 1000); long numIntervalsBetweenAlerts = Long - .valueOf(SystemProperties.getProperty(EPCommonSystemProperties.HEALTHFAIL_ALERT_EVERY_X_INTERVALS)); + .parseLong(SystemProperties.getProperty(EPCommonSystemProperties.HEALTHFAIL_ALERT_EVERY_X_INTERVALS)); logger.debug(EELFLoggerDelegate.debugLogger, "monitorEPHealth: Polling health every " + sleepInterval + " milliseconds. Alerting every " + (sleepInterval * numIntervalsBetweenAlerts) / 1000 + " seconds when component remains down."); @@ -154,8 +117,8 @@ public class HealthMonitor { // // Get DB status. If down, signal alert once every X intervals. // - databaseUp = this.checkIfDatabaseUp(); - if (databaseUp == false) { + databaseUp = checkIfDatabaseUp(); + if (databaseUp) { if ((numIntervalsDatabaseHasBeenDown % numIntervalsBetweenAlerts) == 0) { logger.debug(EELFLoggerDelegate.debugLogger, "monitorEPHealth: database down, logging to error log to trigger alert."); @@ -167,8 +130,8 @@ public class HealthMonitor { } } - dbPermissionsOk = this.checkDatabasePermissions(); - if (dbPermissionsOk == false) { + dbPermissionsOk = checkDatabasePermissions(); + if (!dbPermissionsOk) { if ((numIntervalsDatabasePermissionsIncorrect % numIntervalsBetweenAlerts) == 0) { logger.debug(EELFLoggerDelegate.debugLogger, "monitorEPHealth: database permissions incorrect, logging to error log to trigger alert."); @@ -178,12 +141,11 @@ public class HealthMonitor { numIntervalsDatabasePermissionsIncorrect = 0; } } - org.onap.portalapp.music.util.MusicUtil MusicUtilSDK = new org.onap.portalapp.music.util.MusicUtil(); - if(MusicUtilSDK.isMusicEnable()){ + if(org.onap.portalapp.music.util.MusicUtil.isMusicEnable()){ - zookeeperStatusOk = this.checkZookeeperStatus(); + zookeeperStatusOk = checkZookeeperStatus(); - if (zookeeperStatusOk == false) { + if (!zookeeperStatusOk) { if ((numIntervalsZookeeperNotHealthy % numIntervalsBetweenAlerts) == 0) { logger.debug(EELFLoggerDelegate.debugLogger, "monitorEPHealth: cluster nodes down, logging to error log to trigger alert."); @@ -194,8 +156,8 @@ public class HealthMonitor { } } - cassandraStatusOk = this.checkCassandraStatus(); - if (cassandraStatusOk == false) { + cassandraStatusOk = checkCassandraStatus(); + if (!cassandraStatusOk) { if ((numIntervalsCassandraNotHealthy % numIntervalsBetweenAlerts) == 0) { logger.debug(EELFLoggerDelegate.debugLogger, "monitorEPHealth: cluster nodes down, logging to error log to trigger alert."); @@ -206,45 +168,9 @@ public class HealthMonitor { } } } - - - // - // Get UEB status. Publish a bogus message to EP inbox, if 200 OK - // returned, status is Up. - // If down, signal alert once every X intervals. - // EP will ignore this bogus message. - // Commenting this out as Dependency on UEB is being deprecated - /* - * uebUp = this.checkIfUebUp(); if (uebUp == false) { - * - * if ((numIntervalsUebHasBeenDown % numIntervalsBetweenAlerts) == 0) { - * logger.debug(EELFLoggerDelegate.debugLogger, - * "monitorEPHealth: UEB down, logging to error log to trigger alert"); // Write - * a Log entry that will generate an alert EPLogUtil.logEcompError(logger, - * EPAppMessagesEnum.BeHealthCheckUebClusterError); - * numIntervalsUebHasBeenDown++; } else { numIntervalsUebHasBeenDown = 0; } } - */ - - // The front end should be up because the API is called through - // proxy front end server. frontEndUp = true; - - // If the rest API called, the backend is always up backEndUp = true; - // - // future nice to have...get Partner status - // - // For all apps exposing a rest url, query one of the rest - // urls(/roles?) and manage a list - // of app name/status. We might not return back a non 200 OK in - // health check, but we - // could return information in the json content of a health check. - // - - // - // Get DB status. If down, signal alert once every X intervals. - // if (Thread.interrupted()) { logger.info(EELFLoggerDelegate.errorLogger, "monitorEPHealth: thread interrupted"); break; @@ -262,12 +188,11 @@ public class HealthMonitor { @PostConstruct public void initHealthMonitor() { healthMonitorThread = new Thread("EP HealthMonitor thread") { + @Override public void run() { try { monitorEPHealth(); - } catch (InterruptedException e) { - logger.debug(EELFLoggerDelegate.debugLogger, "healthMonitorThread interrupted", e); - } + } catch (Exception e) { logger.error(EELFLoggerDelegate.errorLogger, "healthMonitorThread failed", e); } @@ -292,7 +217,7 @@ public class HealthMonitor { * * @return true if the database can be read. */ - private boolean checkIfDatabaseUp() { + private static boolean checkIfDatabaseUp() { boolean isUp = false; Session localSession = null; try { @@ -316,25 +241,26 @@ public class HealthMonitor { return isUp; } - private boolean checkZookeeperStatus() { + private static boolean checkZookeeperStatus() { String[] zookeeperNodes = MusicUtil.getMyZkHost().split(","); logger.info(EELFLoggerDelegate.applicationLogger, "MusicUtil.getMyZkHost()---- :" + MusicUtil.getMyZkHost()); - for (int i = 0; i < zookeeperNodes.length; i++) { + for (String zookeeperNode : zookeeperNodes) { try { - logger.info(EELFLoggerDelegate.applicationLogger, "server ip--zookeeper :" + zookeeperNodes[i].trim()); - String[] iport = zookeeperNodes[i].split(":"); + logger.info(EELFLoggerDelegate.applicationLogger, "server ip--zookeeper :" + zookeeperNode.trim()); + String[] iport = zookeeperNode.split(":"); String zkNodeStatistics = FourLetterWordMain.send4LetterWord(iport[0].trim(), - Integer.parseInt(iport[1].trim()), "stat"); + Integer.parseInt(iport[1].trim()), "stat"); logger.info(EELFLoggerDelegate.applicationLogger, - "Getting Status for Zookeeper zkNodeStatistics :" + zkNodeStatistics); + "Getting Status for Zookeeper zkNodeStatistics :" + zkNodeStatistics); if (StringUtils.isNotBlank(zkNodeStatistics)) { String state = zkNodeStatistics.substring(zkNodeStatistics.indexOf("Mode:"), - zkNodeStatistics.indexOf("Node")); + zkNodeStatistics.indexOf("Node")); logger.info(EELFLoggerDelegate.applicationLogger, - "Getting Status for zookeeper :" + zookeeperNodes[i].trim() + ":------:" + state); - if (state.contains("leader")) + "Getting Status for zookeeper :" + zookeeperNode.trim() + ":------:" + state); + if (state.contains("leader") || state.contains("follower")) { return true; + } } } catch (Exception e) { logger.error(EELFLoggerDelegate.errorLogger, "ZookeeperStatus Service is not responding", e.getCause()); @@ -345,9 +271,9 @@ public class HealthMonitor { } - public boolean checkCassandraStatus() { + private static boolean checkCassandraStatus() { logger.info(EELFLoggerDelegate.applicationLogger, "Getting Status for Cassandra"); - if (this.getAdminKeySpace()) { + if (getAdminKeySpace()) { return true; } else { logger.error(EELFLoggerDelegate.errorLogger, "Cassandra Service is not responding"); @@ -355,17 +281,18 @@ public class HealthMonitor { } } - private Boolean getAdminKeySpace() { + private static Boolean getAdminKeySpace() { String musicKeySpace = MusicProperties.getProperty(MusicProperties.MUSIC_SESSION_KEYSPACE); Instant creationTime = Instant.now(); PreparedQueryObject pQuery = new PreparedQueryObject(); pQuery.appendQueryString( "UPDATE " + musicKeySpace + ".health_check SET creation_time = ? WHERE primary_id = ?"); pQuery.addValue(creationTime.toString()); - pQuery.addValue(APPLICATION); + pQuery.addValue(application); try { MusicCore.nonKeyRelatedPut(pQuery, MusicUtil.CRITICAL); } catch (MusicServiceException e) { + logger.error(EELFLoggerDelegate.errorLogger, e.getErrorMessage(), e); return Boolean.FALSE; } return Boolean.TRUE; @@ -373,7 +300,7 @@ public class HealthMonitor { } - private boolean checkDatabasePermissions() { + private static boolean checkDatabasePermissions() { boolean isUp = false; Session localSession = null; try { @@ -391,7 +318,7 @@ public class HealthMonitor { break; } } - if (isUp == false) { + if (!isUp) { logger.error(EELFLoggerDelegate.errorLogger, "checkDatabasePermissions returning false. SHOW GRANTS FOR CURRENT_USER being dumped:"); for (String str : grantsList) { @@ -412,5 +339,40 @@ public class HealthMonitor { } return isUp; } - + + public static boolean isDatabaseUp() { + return databaseUp; + } + + public static boolean isUebUp() { + return uebUp; + } + + public static boolean isFrontEndUp() { + return frontEndUp; + } + + public static boolean isBackEndUp() { + return backEndUp; + } + + public static boolean isDbPermissionsOk() { + return dbPermissionsOk; + } + + public static boolean isZookeeperStatusOk() { + return zookeeperStatusOk; + } + + public static boolean isCassandraStatusOk() { + return cassandraStatusOk; + } + + public static boolean isSuspended() { + return isSuspended; + } + + public static void setSuspended(boolean isSuspended) { + HealthMonitor.isSuspended = isSuspended; + } } diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/listener/UserSessionListener.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/listener/UserSessionListener.java index aa97d0b3..7dbcc025 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/listener/UserSessionListener.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/listener/UserSessionListener.java @@ -109,7 +109,8 @@ public class UserSessionListener implements HttpSessionListener { // Clean the shared context each time a session is destroyed. // TODO: move the threshold to configuration file. - getSharedContextService().expireSharedContexts(60 * 60 * 8); + //June2019:Commented as sharedContext is no more needed. +// getSharedContextService().expireSharedContexts(60 * 60 * 8); } logger.info(EELFLoggerDelegate.debugLogger, "Session Destroyed : " + session.getId()); diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/scheduler/SchedulerRestInt.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/scheduler/SchedulerRestInt.java index cc371719..098846f0 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/scheduler/SchedulerRestInt.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/scheduler/SchedulerRestInt.java @@ -4,6 +4,8 @@ * =================================================================== * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. * =================================================================== + * Modifications Copyright (c) 2019 Samsung + * =================================================================== * * Unless otherwise specified, all software contained herein is licensed * under the Apache License, Version 2.0 (the "License"); @@ -38,23 +40,15 @@ package org.onap.portalapp.portal.scheduler; -import java.text.DateFormat; -import java.text.SimpleDateFormat; - +import org.onap.portalapp.util.DateUtil; import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; public class SchedulerRestInt { /** The logger. */ EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(SchedulerRestInterface.class); - - /** The Constant dateFormat. */ - final static DateFormat dateFormat = new SimpleDateFormat("HH:mm:ss:SSSS"); - - /** The request date format. */ - public DateFormat requestDateFormat = new SimpleDateFormat("EEE, dd MMM YYYY HH:mm:ss z"); - + public SchedulerRestInt() { - requestDateFormat.setTimeZone(java.util.TimeZone.getTimeZone("GMT")); + DateUtil.getRequestDateFormat().setTimeZone(java.util.TimeZone.getTimeZone("GMT")); } } diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/scheduler/SchedulerUtil.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/scheduler/SchedulerUtil.java index ce2048b2..c1ca8735 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/scheduler/SchedulerUtil.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/scheduler/SchedulerUtil.java @@ -4,6 +4,8 @@ * =================================================================== * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. * =================================================================== + * Modifications Copyright (c) 2019 Samsung + * =================================================================== * * Unless otherwise specified, all software contained herein is licensed * under the Apache License, Version 2.0 (the "License"); @@ -37,25 +39,21 @@ */ package org.onap.portalapp.portal.scheduler; -import java.text.DateFormat; -import java.text.SimpleDateFormat; -import java.util.Date; - +import com.fasterxml.jackson.databind.ObjectMapper; import org.onap.portalapp.portal.scheduler.restobjects.GetTimeSlotsRestObject; import org.onap.portalapp.portal.scheduler.restobjects.PostCreateNewVnfRestObject; import org.onap.portalapp.portal.scheduler.restobjects.PostSubmitVnfChangeRestObject; import org.onap.portalapp.portal.scheduler.wrapper.GetTimeSlotsWrapper; import org.onap.portalapp.portal.scheduler.wrapper.PostCreateNewVnfWrapper; import org.onap.portalapp.portal.scheduler.wrapper.PostSubmitVnfChangeTimeSlotsWrapper; +import org.onap.portalapp.util.DateUtil; import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; -import com.fasterxml.jackson.databind.ObjectMapper; +import java.util.Date; public class SchedulerUtil { private static EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(SchedulerUtil.class); - - final static DateFormat dateFormat = new SimpleDateFormat("HH:mm:ss:SSSS"); public static GetTimeSlotsWrapper getTimeSlotsWrapResponse (GetTimeSlotsRestObject<String> rs) { @@ -127,8 +125,10 @@ public class SchedulerUtil { r_json_str = mapper.writeValueAsString(t); } catch ( com.fasterxml.jackson.core.JsonProcessingException j ) { - logger.debug(EELFLoggerDelegate.debugLogger,dateFormat.format(new Date()) + "<== " + methodName + " Unable to parse object as json"); - } + logger.debug(EELFLoggerDelegate.debugLogger, + DateUtil.getDateFormat().format(new Date()) + "<== " + methodName + " Unable " + "to " + + "parse object as json"); + } } return (r_json_str); } diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/scheduler/client/HttpBasicClient.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/scheduler/client/HttpBasicClient.java index 14b03478..17dc3f1e 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/scheduler/client/HttpBasicClient.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/scheduler/client/HttpBasicClient.java @@ -4,6 +4,8 @@ * =================================================================== * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. * =================================================================== + * Modifications Copyright (c) 2019 Samsung + * =================================================================== * * Unless otherwise specified, all software contained herein is licensed * under the Apache License, Version 2.0 (the "License"); @@ -39,9 +41,6 @@ package org.onap.portalapp.portal.scheduler.client; -import java.text.DateFormat; -import java.text.SimpleDateFormat; - import javax.servlet.ServletContext; import javax.ws.rs.client.Client; import javax.ws.rs.client.ClientBuilder; @@ -64,10 +63,6 @@ public class HttpBasicClient{ /** The logger. */ EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(HttpBasicClient.class); - - /** The Constant dateFormat. */ - final static DateFormat dateFormat = new SimpleDateFormat("HH:mm:ss:SSSS"); - /** * Obtain a basic HTTP client . * diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/scheduler/client/HttpsBasicClient.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/scheduler/client/HttpsBasicClient.java index 857bec31..d618a6ee 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/scheduler/client/HttpsBasicClient.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/scheduler/client/HttpsBasicClient.java @@ -4,6 +4,8 @@ * =================================================================== * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. * =================================================================== + * Modifications Copyright (c) 2019 Samsung + * =================================================================== * * Unless otherwise specified, all software contained herein is licensed * under the Apache License, Version 2.0 (the "License"); @@ -39,7 +41,6 @@ package org.onap.portalapp.portal.scheduler.client; import java.io.File; -import java.text.DateFormat; import java.text.SimpleDateFormat; import java.util.Date; @@ -55,8 +56,8 @@ import org.glassfish.jersey.client.ClientConfig; import org.glassfish.jersey.client.ClientProperties; import org.onap.portalapp.portal.scheduler.SchedulerProperties; import org.onap.portalapp.portal.scheduler.util.CustomJacksonJaxBJsonProvider; +import org.onap.portalapp.util.DateUtil; import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; -import org.onap.portalsdk.core.util.SystemProperties; /** * General SSL client using the VID tomcat keystore. It doesn't use client certificates. @@ -66,10 +67,7 @@ public class HttpsBasicClient{ /** The logger. */ static EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(HttpsBasicClient.class); - - /** The Constant dateFormat. */ - final static DateFormat dateFormat = new SimpleDateFormat("HH:mm:ss:SSSS"); - + /** * Retrieve an SSL client. * @@ -85,11 +83,14 @@ public class HttpsBasicClient{ SSLContext ctx = null; try { - + + SimpleDateFormat dateFormat = DateUtil.getDateFormat(); config.property(ClientProperties.SUPPRESS_HTTP_COMPLIANCE_VALIDATION, true); String truststore_path = SchedulerProperties.getProperty(SchedulerProperties.VID_TRUSTSTORE_FILENAME); - logger.debug(EELFLoggerDelegate.debugLogger, dateFormat.format(new Date()) + " " + methodName + " truststore_path=" + truststore_path); + logger.debug(EELFLoggerDelegate.debugLogger, dateFormat.format(new Date()) + " " + methodName + " " + + "truststore_path=" + + truststore_path); String truststore_password = SchedulerProperties.getProperty(SchedulerProperties.VID_TRUSTSTORE_PASSWD_X); @@ -97,7 +98,8 @@ public class HttpsBasicClient{ //logger.debug(dateFormat.format(new Date()) + " " + methodName + " decrypted_truststore_password=" + decrypted_truststore_password); File tr = new File (truststore_path); - logger.debug(EELFLoggerDelegate.debugLogger, dateFormat.format(new Date()) + " " + methodName + " absolute truststore path=" + tr.getAbsolutePath()); + logger.debug(EELFLoggerDelegate.debugLogger, dateFormat.format(new Date()) + " " + methodName + " absolute " + + "truststore path=" + tr.getAbsolutePath()); //String keystore_path = certFilePath + AAIProperties.FILESEPARTOR + SystemProperties.getProperty(AAIProperties.AAI_KEYSTORE_FILENAME); //String keystore_password = SystemProperties.getProperty(AAIProperties.AAI_KEYSTORE_PASSWD_X); diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/scheduleraux/SchedulerAuxRestInt.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/scheduleraux/SchedulerAuxRestInt.java index 1785bd13..75919eee 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/scheduleraux/SchedulerAuxRestInt.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/scheduleraux/SchedulerAuxRestInt.java @@ -4,6 +4,8 @@ * =================================================================== * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. * =================================================================== + * Modifications Copyright (c) 2019 Samsung + * =================================================================== * * Unless otherwise specified, all software contained herein is licensed * under the Apache License, Version 2.0 (the "License"); @@ -38,11 +40,11 @@ package org.onap.portalapp.portal.scheduleraux; -import java.text.DateFormat; import java.text.SimpleDateFormat; import java.util.Date; import org.onap.portalapp.portal.scheduler.policy.rest.RequestDetails; +import org.onap.portalapp.util.DateUtil; import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; import com.fasterxml.jackson.databind.ObjectMapper; @@ -51,15 +53,9 @@ public class SchedulerAuxRestInt { /** The logger. */ EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(SchedulerAuxRestInterface.class); - - /** The Constant dateFormat. */ - final static DateFormat dateFormat = new SimpleDateFormat("HH:mm:ss:SSSS"); - - /** The request date format. */ - public DateFormat requestDateFormat = new SimpleDateFormat("EEE, dd MMM YYYY HH:mm:ss z"); - + public SchedulerAuxRestInt() { - requestDateFormat.setTimeZone(java.util.TimeZone.getTimeZone("GMT")); + DateUtil.getRequestDateFormat().setTimeZone(java.util.TimeZone.getTimeZone("GMT")); } /** @@ -68,6 +64,7 @@ public class SchedulerAuxRestInt { * @param r the r */ public void logRequest ( RequestDetails r ) { + SimpleDateFormat dateFormat = DateUtil.getDateFormat(); String methodName = "logRequest"; ObjectMapper mapper = new ObjectMapper(); String r_json_str = ""; @@ -77,9 +74,13 @@ public class SchedulerAuxRestInt { r_json_str = mapper.writeValueAsString(r); } catch ( com.fasterxml.jackson.core.JsonProcessingException j ) { - logger.debug(EELFLoggerDelegate.debugLogger,dateFormat.format(new Date()) + "<== " + methodName + " Unable to parse request as json"); + logger.debug(EELFLoggerDelegate.debugLogger, dateFormat.format(new Date()) + "<== " + methodName + " " + + "Unable to " + + "parse request as json"); } } - logger.debug(EELFLoggerDelegate.debugLogger,dateFormat.format(new Date()) + "<== " + methodName + " Request=(" + r_json_str + ")"); + logger.debug(EELFLoggerDelegate.debugLogger,dateFormat.format(new Date()) + "<== " + methodName + " Request=" + + "(" + + r_json_str + ")"); } -}
\ No newline at end of file +} diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/scheduleraux/SchedulerAuxRestInterface.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/scheduleraux/SchedulerAuxRestInterface.java index e0a2fe5f..01a52cc8 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/scheduleraux/SchedulerAuxRestInterface.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/scheduleraux/SchedulerAuxRestInterface.java @@ -4,6 +4,8 @@ * =================================================================== * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. * =================================================================== + * Modifications Copyright (c) 2019 Samsung + * =================================================================== * * Unless otherwise specified, all software contained herein is licensed * under the Apache License, Version 2.0 (the "License"); @@ -37,19 +39,13 @@ */ package org.onap.portalapp.portal.scheduleraux; -import java.lang.reflect.Type; -import java.text.DateFormat; -import java.text.SimpleDateFormat; -import java.util.Collections; -import java.util.Date; - -import javax.annotation.PostConstruct; -import javax.ws.rs.client.Client; -import javax.ws.rs.client.Entity; -import javax.ws.rs.core.MediaType; -import javax.ws.rs.core.MultivaluedHashMap; -import javax.ws.rs.core.Response; - +import com.fasterxml.jackson.databind.ObjectMapper; +import com.google.gson.Gson; +import com.google.gson.GsonBuilder; +import com.google.gson.JsonDeserializationContext; +import com.google.gson.JsonDeserializer; +import com.google.gson.JsonElement; +import com.google.gson.JsonParseException; import org.apache.commons.codec.binary.Base64; import org.apache.cxf.jaxrs.impl.ResponseImpl; import org.eclipse.jetty.util.security.Password; @@ -59,26 +55,26 @@ import org.onap.portalapp.portal.logging.logic.EPLogUtil; import org.onap.portalapp.portal.scheduler.SchedulerProperties; import org.onap.portalapp.portal.scheduler.client.HttpBasicClient; import org.onap.portalapp.portal.scheduler.policy.rest.RequestDetails; +import org.onap.portalapp.util.DateUtil; import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; import org.springframework.http.HttpStatus; import org.springframework.web.client.HttpClientErrorException; -import com.fasterxml.jackson.databind.ObjectMapper; -import com.google.gson.Gson; -import com.google.gson.GsonBuilder; -import com.google.gson.JsonDeserializationContext; -import com.google.gson.JsonDeserializer; -import com.google.gson.JsonElement; -import com.google.gson.JsonParseException; +import javax.ws.rs.client.Client; +import javax.ws.rs.client.Entity; +import javax.ws.rs.core.MediaType; +import javax.ws.rs.core.MultivaluedHashMap; +import javax.ws.rs.core.Response; +import java.lang.reflect.Type; +import java.text.SimpleDateFormat; +import java.util.Collections; +import java.util.Date; public class SchedulerAuxRestInterface extends SchedulerAuxRestInt implements SchedulerAuxRestInterfaceIfc { /** The logger. */ EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(SchedulerAuxRestInterface.class); - /** The Constant dateFormat. */ - final static DateFormat dateFormat = new SimpleDateFormat("HH:mm:ss:SSSS"); - /** The client. */ private static Client client = null; @@ -147,6 +143,7 @@ public class SchedulerAuxRestInterface extends SchedulerAuxRestInt implements Sc String methodName = "Get"; logger.debug(EELFLoggerDelegate.debugLogger, " start", methodName); + SimpleDateFormat dateFormat = DateUtil.getDateFormat(); String url = ""; restObject.set(t); @@ -165,8 +162,8 @@ public class SchedulerAuxRestInterface extends SchedulerAuxRestInt implements Sc if (status == 200) { t = (T) cres.readEntity(t.getClass()); restObject.set(t); - logger.debug(EELFLoggerDelegate.debugLogger, " REST api was successfull!", dateFormat.format(new Date()), - methodName); + logger.debug(EELFLoggerDelegate.debugLogger, " REST api was successfull!", + dateFormat.format(new Date()), methodName); } else { throw new Exception(methodName + " with status=" + status + ", url= " + url); @@ -183,6 +180,7 @@ public class SchedulerAuxRestInterface extends SchedulerAuxRestInt implements Sc String methodName = "Delete"; String url = ""; Response cres = null; + SimpleDateFormat dateFormat = DateUtil.getDateFormat(); logRequest(r); @@ -191,7 +189,7 @@ public class SchedulerAuxRestInterface extends SchedulerAuxRestInt implements Sc url = SchedulerProperties.getProperty(SchedulerProperties.SCHEDULERAUX_SERVER_URL_VAL) + path; logger.debug(EELFLoggerDelegate.debugLogger, " methodName sending request to: ", - dateFormat.format(new Date()), url, methodName); + dateFormat.format(new Date()), url, methodName); cres = client.target(url).request().accept("application/json").headers(commonHeaders) // .entity(r) @@ -235,8 +233,8 @@ public class SchedulerAuxRestInterface extends SchedulerAuxRestInt implements Sc url, e); EPLogUtil.schedulerAccessAlarm(logger, e.getStatusCode().value()); } catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger, "Exception with the URL ", dateFormat.format(new Date()), - methodName, url, e); + logger.error(EELFLoggerDelegate.errorLogger, "Exception with the URL ", + dateFormat.format(new Date()), methodName, url, e); EPLogUtil.schedulerAccessAlarm(logger, HttpStatus.INTERNAL_SERVER_ERROR.value()); throw e; @@ -324,4 +322,4 @@ public class SchedulerAuxRestInterface extends SchedulerAuxRestInt implements Sc public void logRequest(RequestDetails r) { // TODO Auto-generated method stub } -}
\ No newline at end of file +} diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/scheduleraux/SchedulerAuxUtil.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/scheduleraux/SchedulerAuxUtil.java index 4a4c9283..f0f0af5a 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/scheduleraux/SchedulerAuxUtil.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/scheduleraux/SchedulerAuxUtil.java @@ -4,6 +4,8 @@ * =================================================================== * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. * =================================================================== + * Modifications Copyright (c) 2019 Samsung + * =================================================================== * * Unless otherwise specified, all software contained herein is licensed * under the Apache License, Version 2.0 (the "License"); @@ -37,18 +39,13 @@ */ package org.onap.portalapp.portal.scheduleraux; -import java.text.DateFormat; -import java.text.SimpleDateFormat; - import org.glassfish.jersey.client.ClientResponse; import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; public class SchedulerAuxUtil { private static EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(SchedulerAuxUtil.class); - - final static DateFormat dateFormat = new SimpleDateFormat("HH:mm:ss:SSSS"); - + public static SchedulerAuxResponseWrapper wrapResponse ( String body, int statusCode ) { SchedulerAuxResponseWrapper w = new SchedulerAuxResponseWrapper(); diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/AdminRolesService.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/AdminRolesService.java index a9d55fc8..3c228dff 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/AdminRolesService.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/AdminRolesService.java @@ -38,10 +38,12 @@ package org.onap.portalapp.portal.service; import java.util.List; +import java.util.Set; import org.onap.portalapp.portal.domain.EPApp; import org.onap.portalapp.portal.domain.EPRole; import org.onap.portalapp.portal.domain.EPUser; +import org.onap.portalapp.portal.exceptions.RoleFunctionException; import org.onap.portalapp.portal.transport.AppsListWithAdminRole; public interface AdminRolesService { @@ -78,4 +80,7 @@ public interface AdminRolesService { List<EPRole> getRolesByApp(EPUser user, Long appId); public boolean isAccountAdminOfApplication(EPUser user, EPApp app); + public Set<String> getAllAppsFunctionsOfUser(String OrgUserId)throws RoleFunctionException; + + boolean isAccountAdminOfAnyActiveorInactiveApplication(EPUser user, EPApp app); } diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/AdminRolesServiceImpl.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/AdminRolesServiceImpl.java index c8e04f4f..18aac6f4 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/AdminRolesServiceImpl.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/AdminRolesServiceImpl.java @@ -4,6 +4,8 @@ * =================================================================== * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. * =================================================================== + * Modifications Copyright (c) 2019 Samsung + * =================================================================== * * Unless otherwise specified, all software contained herein is licensed * under the Apache License, Version 2.0 (the "License"); @@ -63,6 +65,7 @@ import org.onap.portalapp.portal.domain.EPUser; import org.onap.portalapp.portal.domain.EPUserApp; import org.onap.portalapp.portal.domain.UserIdRoleId; import org.onap.portalapp.portal.domain.UserRole; +import org.onap.portalapp.portal.exceptions.RoleFunctionException; import org.onap.portalapp.portal.logging.aop.EPMetricsLog; import org.onap.portalapp.portal.logging.format.EPAppMessagesEnum; import org.onap.portalapp.portal.logging.logic.EPLogUtil; @@ -75,6 +78,7 @@ import org.onap.portalapp.portal.utils.EcompPortalUtils; import org.onap.portalapp.portal.utils.PortalConstants; import org.onap.portalapp.util.EPUserUtils; import org.onap.portalsdk.core.domain.RoleFunction; +import org.onap.portalsdk.core.domain.User; import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; import org.onap.portalsdk.core.restful.domain.EcompRole; import org.onap.portalsdk.core.service.DataAccessService; @@ -143,9 +147,9 @@ public class AdminRolesServiceImpl implements AdminRolesService { try { userList = dataAccessService.executeNamedQuery("getEPUserByOrgUserId", userParams, null); } catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger, "getEPUserByOrgUserId failed", e); + logger.error(EELFLoggerDelegate.errorLogger, "getEPUserByOrgUserId failed", e); } - + HashMap<Long, Long> appsUserAdmin = new HashMap<Long, Long>(); if (userList!= null && userList.size() > 0) { EPUser user = userList.get(0); @@ -166,8 +170,10 @@ public class AdminRolesServiceImpl implements AdminRolesService { appsListWithAdminRole.orgUserId = orgUserId; List<EPApp> appsList = null; try { - appsList = dataAccessService.getList(EPApp.class, - " where ( enabled = 'Y' or id = " + ECOMP_APP_ID + ")", null, null); +// appsList = dataAccessService.getList(EPApp.class, +// null, null, null); + + appsList = dataAccessService.getList(EPApp.class, null); } catch (Exception e) { logger.error(EELFLoggerDelegate.errorLogger, "getAppsWithAdminRoleStateForUser 2 failed", e); EPLogUtil.logEcompError(EPAppMessagesEnum.BeDaoSystemError); @@ -200,9 +206,9 @@ public class AdminRolesServiceImpl implements AdminRolesService { List<EPApp> apps = appsService.getAppsFullList(); HashMap<Long, EPApp> enabledApps = new HashMap<Long, EPApp>(); for (EPApp app : apps) { - if (app.getEnabled().booleanValue() || app.getId() == ECOMP_APP_ID) { +// if (app.getEnabled().booleanValue() || app.getId() == ECOMP_APP_ID) { enabledApps.put(app.getId(), app); - } +// } } List<AppNameIdIsAdmin> newAppsWhereUserIsAdmin = new ArrayList<AppNameIdIsAdmin>(); for (AppNameIdIsAdmin adminRole : newAppsListWithAdminRoles.appsRoles) { @@ -265,7 +271,7 @@ public class AdminRolesServiceImpl implements AdminRolesService { // Add user admin role for list of centralized applications in external system addAdminRoleInExternalSystem(user, localSession, newAppsWhereUserIsAdmin); result = true; - } + } } catch (Exception e) { EPLogUtil.logEcompError(logger, EPAppMessagesEnum.BeDaoSystemError, e); logger.error(EELFLoggerDelegate.errorLogger, @@ -444,12 +450,14 @@ public class AdminRolesServiceImpl implements AdminRolesService { public boolean isAccountAdmin(EPUser user) { try { - EPUser currentUser = user != null - ? (EPUser) dataAccessService.getDomainObject(EPUser.class, user.getId(), null) - : null; - + if (user == null) { + return false; + } + + EPUser currentUser = (EPUser) dataAccessService.getDomainObject(EPUser.class, user.getId(), null); + final Map<String, Long> userParams = new HashMap<>(); - userParams.put("userId", user.getId()); + userParams.put("userId", user.getId()); logger.debug(EELFLoggerDelegate.debugLogger, "Is account admin for user {}", user.getId()); List<Integer> userAdminApps = new ArrayList<>(); @@ -460,7 +468,7 @@ public class AdminRolesServiceImpl implements AdminRolesService { if (currentUser != null && currentUser.getId() != null) { for (EPUserApp userApp : currentUser.getEPUserApps()) { - + if (userApp.getRole().getId().equals(ACCOUNT_ADMIN_ROLE_ID)||(userAdminApps.size()>1)) { logger.debug(EELFLoggerDelegate.debugLogger, "Is account admin for userAdminApps() - for user {}, found Id {}", user.getOrgUserId(), userApp.getRole().getId()); // Account Administrator sees only the applications @@ -476,19 +484,14 @@ public class AdminRolesServiceImpl implements AdminRolesService { } return false; } - - + + public boolean isRoleAdmin(EPUser user) { try { logger.debug(EELFLoggerDelegate.debugLogger, "Checking if user has isRoleAdmin access"); - EPUser currentUser = user != null - ? (EPUser) dataAccessService.getDomainObject(EPUser.class, user.getId(), null) - : null; final Map<String, Long> userParams = new HashMap<>(); - userParams.put("userId", user.getId()); - List<RoleFunction> roleFunctionSet = new ArrayList<>(); - + userParams.put("userId", user.getId()); List getRoleFuncListOfUser = dataAccessService.executeNamedQuery("getRoleFunctionsOfUserforAlltheApplications", userParams, null); logger.debug(EELFLoggerDelegate.debugLogger, "Checking if user has isRoleAdmin access :: getRoleFuncListOfUser" , getRoleFuncListOfUser); Set<String> getRoleFuncListOfPortalSet = new HashSet<>(getRoleFuncListOfUser); @@ -497,26 +500,15 @@ public class AdminRolesServiceImpl implements AdminRolesService { roleFunSet = getRoleFuncListOfPortalSet.stream().filter(x -> x.contains("|")).collect(Collectors.toSet()); if (roleFunSet.size() > 0) for (String roleFunction : roleFunSet) { - //String roleFun = EcompPortalUtils.getFunctionCode(roleFunction); - String roleFun = EcompPortalUtils.getFunctionCode(roleFunction); String type = externalAccessRolesService.getFunctionCodeType(roleFunction); - //getRoleFuncListOfPortalSet.remove(roleFunction); getRoleFuncListOfPortalSet1.add(type); } - - - for (String rolefunc : getRoleFuncListOfPortalSet1) { - logger.debug(EELFLoggerDelegate.debugLogger, "Checking if user has approver rolefunction" , rolefunc); - if (rolefunc.equalsIgnoreCase(TYPE_APPROVER)) { - logger.debug(EELFLoggerDelegate.debugLogger, "Checking if user has approver rolefunction" , rolefunc); - return true; - }else{ - return false; - - } - } - + boolean checkIfFunctionsExits = getRoleFuncListOfPortalSet1.stream() + .anyMatch(roleFunction -> roleFunction.equalsIgnoreCase("Approver")); + logger.debug(EELFLoggerDelegate.debugLogger, "Checking if user has approver rolefunction" , checkIfFunctionsExits); + + return checkIfFunctionsExits; } catch (Exception e) { EPLogUtil.logEcompError(logger, EPAppMessagesEnum.BeDaoSystemError, e); @@ -568,13 +560,61 @@ public class AdminRolesServiceImpl implements AdminRolesService { Boolean isApplicationAccountAdmin=false; try { final Map<String, Long> userParams = new HashMap<>(); - userParams.put("userId", user.getId()); + userParams.put("userId", user.getId()); logger.debug(EELFLoggerDelegate.debugLogger, "Is account admin for user {}", user.getId()); List<Integer> userAdminApps = new ArrayList<>(); userAdminApps =dataAccessService.executeNamedQuery("getAdminAppsForTheUser", userParams, null); if(userAdminApps.size()>=1){ isApplicationAccountAdmin=userAdminApps.contains((int) (long) app.getId()); logger.debug(EELFLoggerDelegate.debugLogger, "Is account admin for user is true{} ,appId {}", user.getId(),app.getId()); + } + } catch (Exception e) { + EPLogUtil.logEcompError(logger, EPAppMessagesEnum.BeDaoSystemError, e); + logger.error(EELFLoggerDelegate.errorLogger, + "Exception occurred while executing isAccountAdminOfApplication operation", e); + } + logger.debug(EELFLoggerDelegate.debugLogger, "In AdminRolesServiceImpl() - isAccountAdminOfApplication = {} and userId ={} ", isApplicationAccountAdmin, user.getOrgUserId()); + return isApplicationAccountAdmin; + + } + + @Override + public Set<String> getAllAppsFunctionsOfUser(String OrgUserId) throws RoleFunctionException { + final Map<String, String> params = new HashMap<>(); + params.put("userId", OrgUserId); + List getRoleFuncListOfPortal = dataAccessService.executeNamedQuery("getAllAppsFunctionsOfUser", params, null); + Set<String> getRoleFuncListOfPortalSet = new HashSet<>(getRoleFuncListOfPortal); + Set<String> roleFunSet = new HashSet<>(); + roleFunSet = getRoleFuncListOfPortalSet.stream().filter(x -> x.contains("|")).collect(Collectors.toSet()); + if (roleFunSet.size() > 0) + for (String roleFunction : roleFunSet) { + String roleFun = EcompPortalUtils.getFunctionCode(roleFunction); + getRoleFuncListOfPortalSet.remove(roleFunction); + getRoleFuncListOfPortalSet.add(roleFun); + } + + Set<String> finalRoleFunctionSet = new HashSet<>(); + for (String roleFn : getRoleFuncListOfPortalSet) { + finalRoleFunctionSet.add(EPUserUtils.decodeFunctionCode(roleFn)); + } + +// List<String> functionsOfUser = new ArrayList<>(getRoleFuncListOfPortal); + return finalRoleFunctionSet; + } + + + @Override + public boolean isAccountAdminOfAnyActiveorInactiveApplication(EPUser user, EPApp app) { + Boolean isApplicationAccountAdmin=false; + try { + final Map<String, Long> userParams = new HashMap<>(); + userParams.put("userId", user.getId()); + logger.debug(EELFLoggerDelegate.debugLogger, "Is account admin for user {}", user.getId()); + List<Integer> userAdminApps = new ArrayList<>(); + userAdminApps =dataAccessService.executeNamedQuery("getAllAdminAppsofTheUser", userParams, null); + if(userAdminApps.size()>=1){ + isApplicationAccountAdmin=userAdminApps.contains((int) (long) app.getId()); + logger.debug(EELFLoggerDelegate.debugLogger, "Is account admin for user is true{} ,appId {}", user.getId(),app.getId()); } } catch (Exception e) { EPLogUtil.logEcompError(logger, EPAppMessagesEnum.BeDaoSystemError, e); diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/ApplicationsRestClientServiceImpl.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/ApplicationsRestClientServiceImpl.java index fd6610c2..18dabfb5 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/ApplicationsRestClientServiceImpl.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/ApplicationsRestClientServiceImpl.java @@ -4,6 +4,8 @@ * =================================================================== * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved. * =================================================================== + * Modifications Copyright (c) 2019 Samsung + * =================================================================== * * Unless otherwise specified, all software contained herein is licensed * under the Apache License, Version 2.0 (the "License"); @@ -378,7 +380,7 @@ public class ApplicationsRestClientServiceImpl implements ApplicationsRestClient String str = ((ResponseImpl)response).readEntity(String.class); EcompPortalUtils.logAndSerializeObject(logger, restPath, "POST result =", str); try { - t = (T) gson.fromJson(str, t.getClass()); + t = (T) gson.fromJson(str, clazz); //t = gson.fromJson(str, clazz); } catch (Exception e) { diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/EPAppCommonServiceImpl.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/EPAppCommonServiceImpl.java index 5c3c51bf..c3cc2864 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/EPAppCommonServiceImpl.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/EPAppCommonServiceImpl.java @@ -4,6 +4,8 @@ * =================================================================== * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. * =================================================================== + * Modifications Copyright (c) 2019 Samsung + * =================================================================== * * Unless otherwise specified, all software contained herein is licensed * under the Apache License, Version 2.0 (the "License"); @@ -48,6 +50,7 @@ import java.util.List; import java.util.Map; import java.util.Set; import java.util.UUID; +import java.util.stream.Collectors; import javax.annotation.PostConstruct; import javax.servlet.http.HttpServletResponse; @@ -58,12 +61,13 @@ import org.hibernate.SessionFactory; import org.hibernate.Transaction; import org.hibernate.criterion.Criterion; import org.hibernate.criterion.Restrictions; +import org.json.JSONArray; +import org.json.JSONObject; import org.onap.portalapp.portal.domain.AdminUserApp; import org.onap.portalapp.portal.domain.AdminUserApplications; import org.onap.portalapp.portal.domain.AppIdAndNameTransportModel; import org.onap.portalapp.portal.domain.AppsResponse; import org.onap.portalapp.portal.domain.EPApp; -import org.onap.portalapp.portal.domain.EPRole; import org.onap.portalapp.portal.domain.EPUser; import org.onap.portalapp.portal.domain.EPUserAppRolesRequest; import org.onap.portalapp.portal.domain.EPUserAppRolesRequestDetail; @@ -95,6 +99,13 @@ import org.onap.portalsdk.core.onboarding.util.PortalApiProperties; import org.onap.portalsdk.core.service.DataAccessService; import org.onap.portalsdk.core.util.SystemProperties; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.http.HttpEntity; +import org.springframework.http.HttpHeaders; +import org.springframework.http.HttpMethod; +import org.springframework.http.HttpStatus; +import org.springframework.http.ResponseEntity; +import org.springframework.web.client.HttpClientErrorException; +import org.springframework.web.client.RestTemplate; import com.att.nsa.apiClient.http.HttpException; import com.att.nsa.cambria.client.CambriaClient.CambriaApiException; @@ -109,7 +120,9 @@ public class EPAppCommonServiceImpl implements EPAppService { protected String ACCOUNT_ADMIN_ROLE_ID = "999"; protected String RESTRICTED_APP_ROLE_ID = "900"; - private static final String urlField = "url"; + //private static final String urlField = "url"; + private static final String nameSpaceField = "url"; + private static final String nameField = "name"; private EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(EPAppCommonServiceImpl.class); @@ -120,6 +133,8 @@ public class EPAppCommonServiceImpl implements EPAppService { protected SessionFactory sessionFactory; @Autowired private DataAccessService dataAccessService; + + RestTemplate template = new RestTemplate(); @PostConstruct private void init() { @@ -128,6 +143,65 @@ public class EPAppCommonServiceImpl implements EPAppService { ECOMP_APP_ID = SystemProperties.getProperty(EPCommonSystemProperties.ECOMP_APP_ID); RESTRICTED_APP_ROLE_ID = SystemProperties.getProperty(EPCommonSystemProperties.RESTRICTED_APP_ROLE_ID); } + + public Boolean onboardingAppFieldsValidation(OnboardingApp onboardingApp) { + //FieldsValidator fieldsValidator = new FieldsValidator(); + + if ((!onboardingApp.restrictedApp) &&( onboardingApp.name == null || onboardingApp.name.length() == 0 || onboardingApp.restrictedApp == null + || onboardingApp.url == null || onboardingApp.url.length() == 0 || onboardingApp.restUrl == null || onboardingApp.restUrl.length() == 0 + || onboardingApp.username == null || onboardingApp.username.length() == 0 + || onboardingApp.isOpen == null + || (onboardingApp.id != null && onboardingApp.id.equals(ECOMP_APP_ID))) + // For a normal app (appType == PortalConstants.PortalAppId), + // these fields must be filled + // in. + // For a restricted app (appType==2), they will be empty. + || ((onboardingApp.restrictedApp) && (onboardingApp.name == null || onboardingApp.name.length() == 0 + || onboardingApp.url == null || onboardingApp.url.length() == 0 || onboardingApp.isOpen == null))) { + return false; + } + return true; + + } + + private Boolean onboardingInactiveAppFieldsForValidation(OnboardingApp onboardingApp) { + if (onboardingApp.name == null || onboardingApp.name.length() == 0 + || onboardingApp.isOpen == null) { + return false; + } + return true; + } + + protected FieldsValidator onboardingAppFieldsChecker(OnboardingApp onboardingApp) { + FieldsValidator fieldsValidator = new FieldsValidator(); + if (onboardingApp.isCentralAuth) { + if (!onboardingApp.isEnabled) { + if (!onboardingInactiveAppFieldsForValidation(onboardingApp)) { + fieldsValidator.httpStatusCode = new Long(HttpServletResponse.SC_BAD_REQUEST); + } + } else if (onboardingApp.isEnabled) { + if (onboardingAppFieldsValidation(onboardingApp) == false || onboardingApp.nameSpace == null + || onboardingApp.nameSpace.length() == 0) { + fieldsValidator.httpStatusCode = new Long(HttpServletResponse.SC_BAD_REQUEST); + } + } + } else { + if (!onboardingApp.isEnabled) { + if (!onboardingInactiveAppFieldsForValidation(onboardingApp)) { + fieldsValidator.httpStatusCode = new Long(HttpServletResponse.SC_BAD_REQUEST); + } + } else if (onboardingApp.isEnabled) { + if(onboardingApp.restrictedApp && onboardingAppFieldsValidation(onboardingApp) == false){ + fieldsValidator.httpStatusCode = new Long(HttpServletResponse.SC_BAD_REQUEST); + } + else if (!onboardingApp.restrictedApp && (onboardingAppFieldsValidation(onboardingApp) == false || onboardingApp.appPassword == null + || onboardingApp.appPassword.length() == 0)) { + fieldsValidator.httpStatusCode = new Long(HttpServletResponse.SC_BAD_REQUEST); + } + } + } + return fieldsValidator; + } @Override public List<EPApp> getUserAsAdminApps(EPUser user) { @@ -405,6 +479,23 @@ public class EPAppCommonServiceImpl implements EPAppService { return appsModified; } + + @Override + public List<AppsResponse> getAllApplications(Boolean all) { + // If all is true, return both active and inactive apps. Otherwise, just + // active apps. + @SuppressWarnings("unchecked") + // Sort the list by application name so the drop-down looks pretty. + List<EPApp> apps = all + ? (List<EPApp>) dataAccessService.getList(EPApp.class, " where id != " + ECOMP_APP_ID, "name", null) + :dataAccessService.getList(EPApp.class, null); + + List<AppsResponse> appsModified = new ArrayList<AppsResponse>(); + for (EPApp app : apps) { + appsModified.add(new AppsResponse(app.getId(), app.getName(), app.isRestrictedApp(), app.getEnabled())); + } + return appsModified; + } @Override public UserRoles getUserProfile(String loginId) { final Map<String, String> params = new HashMap<>(); @@ -487,13 +578,13 @@ public class EPAppCommonServiceImpl implements EPAppService { return query.toString(); } - protected FieldsValidator onboardingAppFieldsChecker(OnboardingApp onboardingApp) { + /*protected FieldsValidator onboardingAppFieldsChecker(OnboardingApp onboardingApp) { FieldsValidator fieldsValidator = new FieldsValidator(); if(onboardingApp.isCentralAuth){ if (onboardingApp.name == null || onboardingApp.name.length() == 0 || onboardingApp.url == null || onboardingApp.url.length() == 0 || onboardingApp.restrictedApp == null || onboardingApp.isOpen == null || onboardingApp.isEnabled == null - || (onboardingApp.id != null && onboardingApp.id.equals(ECOMP_APP_ID)) + || (onboardingApp.id != null && ECOMP_APP_ID.equals(onboardingApp.id.toString())) // For a normal app (appType == PortalConstants.PortalAppId), // these fields must be filled // in. @@ -509,7 +600,7 @@ public class EPAppCommonServiceImpl implements EPAppService { if (onboardingApp.name == null || onboardingApp.name.length() == 0 || onboardingApp.url == null || onboardingApp.url.length() == 0 || onboardingApp.restrictedApp == null || onboardingApp.isOpen == null || onboardingApp.isEnabled == null - || (onboardingApp.id != null && onboardingApp.id.equals(ECOMP_APP_ID)) + || (onboardingApp.id != null && ECOMP_APP_ID.equals(onboardingApp.id.toString())) // For a normal app (appType == PortalConstants.PortalAppId), // these fields must be filled // in. @@ -525,7 +616,7 @@ public class EPAppCommonServiceImpl implements EPAppService { } return fieldsValidator; - } + }*/ @Override public List<EPApp> getUserApps(EPUser user) { @@ -738,6 +829,27 @@ public class EPAppCommonServiceImpl implements EPAppService { } return onboardingAppsList; } + + @SuppressWarnings("unchecked") + @Override + public List<OnboardingApp> getAdminAppsOfUser(EPUser user) { + + List<OnboardingApp> onboardingAppsList = new ArrayList<OnboardingApp>(); + List<Integer> userAdminApps = new ArrayList<>(); + final Map<String, Long> userParams = new HashMap<>(); + userParams.put("userId", user.getId()); + userAdminApps = dataAccessService.executeNamedQuery("getAllAdminAppsofTheUser", userParams, null); + +// userAdminApps.removeIf(x -> x == Integer.valueOf(ECOMP_APP_ID)); + + logger.debug(EELFLoggerDelegate.debugLogger, "Is account admin for userAdminApps() - for user {}, found userAdminAppsSize {}", user.getOrgUserId(), userAdminApps.size()); + onboardingAppsList = getOnboardingApps(); + + final List<Integer> userAdminApps1 = userAdminApps; + List<OnboardingApp> userApplicationAdmins = onboardingAppsList.stream().filter(x -> userAdminApps1.contains((int) (long)x.id)).collect(Collectors.toList()); + + return userApplicationAdmins; + } @Override public List<OnboardingApp> getEnabledNonOpenOnboardingApps() { @@ -756,25 +868,33 @@ public class EPAppCommonServiceImpl implements EPAppService { @SuppressWarnings("unchecked") private void validateOnboardingApp(OnboardingApp onboardingApp, FieldsValidator fieldsValidator) { - boolean duplicatedUrl = false; + boolean duplicatedNameSpace = false; boolean duplicatedName = false; List<EPApp> apps; if (onboardingApp.id == null) { List<Criterion> restrictionsList = new ArrayList<Criterion>(); - Criterion urlCrit =Restrictions.eq("url", onboardingApp.url); - Criterion nameCrit = Restrictions.eq("name",onboardingApp.name); - Criterion orCrit = Restrictions.or(urlCrit, nameCrit); - + Criterion nameCrit = Restrictions.eq("name",onboardingApp.name); + Criterion nameSpaceCrit = null; + Criterion orCrit = null; + if (onboardingApp.isCentralAuth) { + nameSpaceCrit = Restrictions.eq("nameSpace", onboardingApp.nameSpace); + orCrit = Restrictions.or(nameCrit, nameSpaceCrit); + } else + orCrit = Restrictions.or(nameCrit); restrictionsList.add(orCrit); apps = (List<EPApp>) dataAccessService.getList(EPApp.class, null, restrictionsList, null); - - } else { List<Criterion> restrictionsList = new ArrayList<Criterion>(); Criterion idCrit =Restrictions.eq("id", onboardingApp.id); - Criterion urlCrit =Restrictions.eq("url", onboardingApp.url); - Criterion nameCrit = Restrictions.eq("name",onboardingApp.name); - Criterion orCrit = Restrictions.or(idCrit, urlCrit, nameCrit); + Criterion nameCrit = Restrictions.eq("name",onboardingApp.name); + Criterion nameSpaceCrit = null; + Criterion orCrit= null; + if (onboardingApp.isCentralAuth) { + nameSpaceCrit = Restrictions.eq("nameSpace",onboardingApp.nameSpace); + orCrit = Restrictions.or(idCrit, nameSpaceCrit, nameCrit); + } + else + orCrit = Restrictions.or(idCrit, nameCrit); restrictionsList.add(orCrit); apps = (List<EPApp>) dataAccessService.getList(EPApp.class, null, restrictionsList, null); @@ -784,22 +904,23 @@ public class EPAppCommonServiceImpl implements EPAppService { if (onboardingApp.id != null && onboardingApp.id.equals(app.getId())) { continue; } - if (!duplicatedUrl && app.getUrl().equalsIgnoreCase(onboardingApp.url)) { - duplicatedUrl = true; + if (!duplicatedName && app.getName().equalsIgnoreCase(onboardingApp.name)) { + duplicatedName = true; if (duplicatedName) { break; } } - if (!duplicatedName && app.getName().equalsIgnoreCase(onboardingApp.name)) { - duplicatedName = true; - if (duplicatedUrl) { + if (!duplicatedNameSpace && app.getNameSpace().equalsIgnoreCase(onboardingApp.nameSpace)) { + duplicatedNameSpace = true; + if (duplicatedNameSpace) { break; } } + } - if (duplicatedUrl || duplicatedName) { - if (duplicatedUrl) { - fieldsValidator.addProblematicFieldName(urlField); + if (duplicatedNameSpace || duplicatedName) { + if (duplicatedNameSpace) { + fieldsValidator.addProblematicFieldName(nameSpaceField); } if (duplicatedName) { fieldsValidator.addProblematicFieldName(nameField); @@ -1494,7 +1615,7 @@ public class EPAppCommonServiceImpl implements EPAppService { // Don't encrypt or decrypt the password if it is null or the empty string private String decryptedPassword(String encryptedAppPwd, EPApp app) { String result = ""; - if (encryptedAppPwd != null & encryptedAppPwd.length() > 0) { + if (encryptedAppPwd != null && !encryptedAppPwd.isEmpty()) { try { result = CipherUtil.decryptPKC(encryptedAppPwd, SystemProperties.getProperty(SystemProperties.Decryption_Key)); @@ -1507,7 +1628,7 @@ public class EPAppCommonServiceImpl implements EPAppService { protected String encryptedPassword(String decryptedAppPwd, EPApp app) { String result = ""; - if (decryptedAppPwd != null & decryptedAppPwd.length() > 0) { + if (decryptedAppPwd != null && !decryptedAppPwd.isEmpty()) { try { result = CipherUtil.encryptPKC(decryptedAppPwd, SystemProperties.getProperty(SystemProperties.Decryption_Key)); @@ -1800,4 +1921,57 @@ public class EPAppCommonServiceImpl implements EPAppService { return userAndRoles; } -}
\ No newline at end of file + + @SuppressWarnings("unused") + @Override + public ResponseEntity<String> checkIfNameSpaceIsValid(String namespace) throws Exception { + HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth(); + HttpEntity<String> entity = new HttpEntity<>(headers); + logger.debug(EELFLoggerDelegate.debugLogger, "checkIfNameSpaceExists: Connecting to External Auth system for : "+namespace); + ResponseEntity<String> response = null; + try { + response = template + .exchange(SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + + "nss/" + namespace, HttpMethod.GET, entity, String.class); + logger.debug(EELFLoggerDelegate.debugLogger, "checkIfNameSpaceExists for"+ namespace , + response.getStatusCode().value()); + if (response.getStatusCode().value() == 200) { + String res = response.getBody(); + JSONObject jsonObj = new JSONObject(res); + JSONArray namespaceArray = jsonObj.getJSONArray("ns"); + if(!namespaceArray.getJSONObject(0).has("admin")){ + logger.error(EELFLoggerDelegate.errorLogger, + "No admins are available for requested namespace:" + namespace); + throw new HttpClientErrorException(HttpStatus.UNAUTHORIZED, + "Portal Mechid is not an admin of" + namespace); + } + + JSONArray namespaceAdminArray = namespaceArray.getJSONObject(0).getJSONArray("admin"); + ArrayList<String> list = new ArrayList<String>(); + if (namespaceAdminArray != null) { + int len = namespaceAdminArray.length(); + for (int i = 0; i < len; i++) { + list.add(namespaceAdminArray.get(i).toString()); + } + } + logger.debug(EELFLoggerDelegate.debugLogger, "List of Admins of requested namespace" + list); + final String userName = SystemProperties + .getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_AUTH_USER_NAME); + boolean idExists = list.stream().anyMatch(t -> userName.equals(t)); + if (false) { + logger.error(EELFLoggerDelegate.errorLogger, + "Portal mechid is not admin of requested namespace:" + namespace); + throw new HttpClientErrorException(HttpStatus.UNAUTHORIZED, + "Portal Mechid is not an admin of" + namespace); + } + } + + } catch (HttpClientErrorException e) { + logger.error(EELFLoggerDelegate.errorLogger, "checkIfNameSpaceExists failed", e); + EPLogUtil.logExternalAuthAccessAlarm(logger, e.getStatusCode()); + throw e; + } + return response; + + } +} diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/EPAppService.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/EPAppService.java index b314adec..6838ae4a 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/EPAppService.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/EPAppService.java @@ -54,6 +54,7 @@ import org.onap.portalapp.portal.transport.EPWidgetsSortPreference; import org.onap.portalapp.portal.transport.FieldsValidator; import org.onap.portalapp.portal.transport.LocalRole; import org.onap.portalapp.portal.transport.OnboardingApp; +import org.springframework.http.ResponseEntity; public interface EPAppService { @@ -244,5 +245,10 @@ public interface EPAppService { UserRoles getUserProfileForRolesLeftMenu(String loginId); UserRoles getUserProfileNormalizedForRolesLeftMenu(EPUser user); + public List<OnboardingApp> getAdminAppsOfUser(EPUser user); + + public ResponseEntity<String> checkIfNameSpaceIsValid(String namespace) throws Exception ; + + List<AppsResponse> getAllApplications(Boolean all); } diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/EPLdapService.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/EPLdapService.java index ef3cb5ad..c1dba221 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/EPLdapService.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/EPLdapService.java @@ -40,7 +40,7 @@ package org.onap.portalapp.portal.service; import org.onap.portalsdk.core.command.support.SearchResult; import org.onap.portalsdk.core.domain.support.DomainVo; - +@FunctionalInterface public interface EPLdapService { // search POST for users based on the criteria selected in the Request diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/ExternalAccessRolesService.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/ExternalAccessRolesService.java index ee960c40..d064545d 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/ExternalAccessRolesService.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/ExternalAccessRolesService.java @@ -416,13 +416,6 @@ public interface ExternalAccessRolesService { public JSONArray getAppRolesJSONFromExtAuthSystem(EPApp app) throws Exception; /** - * It encodes the function code based on Hex encoding - * @param funCode - * - */ - public String encodeFunctionCode(String funCode); - - /** * * It returns list of ExternalRoleDetails which is converted from JSON array of roles * diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/ExternalAccessRolesServiceImpl.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/ExternalAccessRolesServiceImpl.java index 7bb9995b..786ad429 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/ExternalAccessRolesServiceImpl.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/ExternalAccessRolesServiceImpl.java @@ -47,11 +47,9 @@ import java.util.Map; import java.util.Set; import java.util.SortedSet; import java.util.TreeSet; -import java.util.regex.Pattern; import java.util.stream.Collectors; import org.apache.commons.codec.DecoderException; -import org.apache.commons.codec.binary.Hex; import org.hibernate.Query; import org.hibernate.Session; import org.hibernate.SessionFactory; @@ -113,3742 +111,3682 @@ import com.fasterxml.jackson.databind.type.TypeFactory; @EPMetricsLog @EPAuditLog public class ExternalAccessRolesServiceImpl implements ExternalAccessRolesService { - private static final String APP_ROLE_NAME_PARAM = "appRoleName"; - private static final String GET_ROLE_TO_UPDATE_IN_EXTERNAL_AUTH_SYSTEM = "getRoletoUpdateInExternalAuthSystem"; - private static final String GET_PORTAL_APP_ROLES_QUERY = "getPortalAppRoles"; - private static final String GET_ROLE_FUNCTION_QUERY = "getRoleFunction"; - private static final String FUNCTION_CODE_PARAMS = "functionCode"; - private static final String AND_FUNCTION_CD_EQUALS = " and function_cd = '"; - private static final String OWNER = ".owner"; - private static final String ADMIN = ".admin"; - private static final String ACCOUNT_ADMINISTRATOR = ".Account_Administrator"; - private static final String FUNCTION_PIPE = "|"; - private static final String EXTERNAL_AUTH_PERMS = "perms"; - private static final String EXTERNAL_AUTH_ROLE_DESCRIPTION = "description"; - private static final String IS_EMPTY_JSON_STRING = "{}"; - private static final String CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE = "Connecting to External Auth system"; - private static final String APP_ID = "appId"; - private static final String ROLE_NAME = "name"; - private static final String APP_ID_EQUALS = " app_id = "; - private static EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(ExternalAccessRolesServiceImpl.class); - @Autowired - private DataAccessService dataAccessService; - @Autowired - private EPAppService epAppService; - @Autowired - private SessionFactory sessionFactory; - @Autowired - EPRoleService ePRoleService; - RestTemplate template = new RestTemplate(); - // These decode values are based on HexDecoder - static final String decodeValueOfForwardSlash = "2f"; - static final String decodeValueOfHiphen = "2d"; - static final String decodeValueOfStar = "2a"; - - @SuppressWarnings("unchecked") - @Override - public List<EPRole> getAppRoles(Long appId) throws Exception { - List<EPRole> applicationRoles = null; - final Map<String, Long> appParams = new HashMap<>(); - try { - if (appId == 1) { - applicationRoles = dataAccessService.executeNamedQuery("getPortalAppRolesList", null, null); - } else { - appParams.put("appId", appId); - applicationRoles = dataAccessService.executeNamedQuery("getPartnerAppRolesList", appParams, null); - } - } catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger, "getAppRoles: failed", e); - throw e; - } - return applicationRoles; - } - - @SuppressWarnings("unchecked") - @Override - public List<EPApp> getApp(String uebkey) throws Exception { - List<EPApp> app = null; - try { - final Map<String, String> appUebkeyParams = new HashMap<>(); - appUebkeyParams.put("appKey", uebkey); - app = dataAccessService.executeNamedQuery("getMyAppDetailsByUebKey", appUebkeyParams, null); - if (!app.isEmpty() && !app.get(0).getEnabled() - && !app.get(0).getId().equals(PortalConstants.PORTAL_APP_ID)) { - throw new InactiveApplicationException("Application:" + app.get(0).getName() + " is Unavailable"); - } - } catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger, "getApp: failed", e); - throw e; - } - return app; - } - - /** - * It returns single application role from external auth system - * - * @param addRole - * @param app - * @return JSON string which contains application role details - * @throws Exception - */ - private String getSingleAppRole(String addRole, EPApp app) throws Exception { - HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth(); - HttpEntity<String> entity = new HttpEntity<>(headers); - ResponseEntity<String> response = null; - logger.debug(EELFLoggerDelegate.debugLogger, "getSingleAppRole: Connecting to External Auth system"); - response = template.exchange( - SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "roles/" - + app.getNameSpace() + "." + addRole - .replaceAll(EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_"), - HttpMethod.GET, entity, String.class); - logger.debug(EELFLoggerDelegate.debugLogger, - "getSingleAppRole: Finished GET app role from External Auth system and status code: {} ", - response.getStatusCode().value()); - return response.getBody(); - } - - @Override - public boolean addRole(Role addRole, String uebkey) throws Exception { - boolean response = false; - ResponseEntity<String> addResponse = null; - HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth(); - EPApp app = getApp(uebkey).get(0); - String newRole = updateExistingRoleInExternalSystem(addRole, app); - HttpEntity<String> entity = new HttpEntity<>(newRole, headers); - logger.debug(EELFLoggerDelegate.debugLogger, "addRole: Connecting to External Auth system"); - addResponse = template.exchange( - SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "role", - HttpMethod.POST, entity, String.class); - if (addResponse.getStatusCode().value() == 201) { - response = true; - logger.debug(EELFLoggerDelegate.debugLogger, - "addRole: Finished adding role in the External Auth system and response code: {} ", - addResponse.getStatusCode().value()); - } - if (addResponse.getStatusCode().value() == 406) { - logger.error(EELFLoggerDelegate.errorLogger, - "addRole: Failed to add in the External Auth system due to {} and status code: {}", - addResponse.getBody(), addResponse.getStatusCode().value()); - } - return response; - } - - /** - * - * It deletes record in external auth system - * - * @param delRole - * @return JSON String which has status code and response body - * @throws Exception - */ - private ResponseEntity<String> deleteRoleInExternalSystem(String delRole) throws Exception { - ResponseEntity<String> delResponse = null; - HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth(); - HttpEntity<String> entity = new HttpEntity<>(delRole, headers); - logger.debug(EELFLoggerDelegate.debugLogger, "deleteRoleInExternalSystem: {} for DELETE: {}", - CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE, delRole); - delResponse = template.exchange( - SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "role?force=true", - HttpMethod.DELETE, entity, String.class); - logger.debug(EELFLoggerDelegate.debugLogger, - "deleteRoleInExternalSystem: Finished DELETE operation in the External Auth system {} and status code: {} ", - delRole, delResponse.getStatusCode().value()); - return delResponse; - } - - /** - * It updates role in external auth system - * - * @param updateExtRole - * @param app - * @return true if success else false - * @throws Exception If updateRoleInExternalSystem fails we catch it in logger for detail message - */ - private boolean updateRoleInExternalSystem(Role updateExtRole, EPApp app, boolean isGlobalRole) throws Exception { - boolean response = false; - ObjectMapper mapper = new ObjectMapper(); - ResponseEntity<String> deleteResponse = null; - List<EPRole> epRoleList = null; - if (app.getId().equals(PortalConstants.PORTAL_APP_ID) - || (isGlobalRole && !app.getId().equals(PortalConstants.PORTAL_APP_ID))) { - epRoleList = getPortalAppRoleInfo(updateExtRole.getId()); - } else { - epRoleList = getPartnerAppRoleInfo(updateExtRole.getId(), app); - } - // Assigning functions to global role - if ((isGlobalRole && !app.getId().equals(PortalConstants.PORTAL_APP_ID))) { - List<RoleFunction> globalRoleFunctionListNew = convertSetToListOfRoleFunctions(updateExtRole); - EPApp portalAppInfo = epAppService.getApp(PortalConstants.PORTAL_APP_ID); - addFunctionsTOGlobalRole(epRoleList, updateExtRole, globalRoleFunctionListNew, mapper, app, portalAppInfo); - response = true; - } else { - String appRole = getSingleAppRole(epRoleList.get(0).getName(), app); - List<RoleFunction> roleFunctionListNew = convertSetToListOfRoleFunctions(updateExtRole); - if (!appRole.equals(IS_EMPTY_JSON_STRING)) { - JSONObject jsonObj = new JSONObject(appRole); - JSONArray extRole = jsonObj.getJSONArray("role"); - if (!extRole.getJSONObject(0).has(EXTERNAL_AUTH_ROLE_DESCRIPTION)) { - String roleName = extRole.getJSONObject(0).getString(ROLE_NAME); - Map<String, String> delRoleKeyMapper = new HashMap<>(); - delRoleKeyMapper.put(ROLE_NAME, roleName); - String delRoleKeyValue = mapper.writeValueAsString(delRoleKeyMapper); - deleteResponse = deleteRoleInExternalSystem(delRoleKeyValue); - if (deleteResponse.getStatusCode().value() != 200) { - throw new ExternalAuthSystemException(deleteResponse.getBody()); - } - addRole(updateExtRole, app.getUebKey()); - } else { - String desc = extRole.getJSONObject(0).getString(EXTERNAL_AUTH_ROLE_DESCRIPTION); - String name = extRole.getJSONObject(0).getString(ROLE_NAME); - List<ExternalAccessPerms> list = new ArrayList<>(); - if (extRole.getJSONObject(0).has(EXTERNAL_AUTH_PERMS)) { - JSONArray perms = extRole.getJSONObject(0).getJSONArray(EXTERNAL_AUTH_PERMS); - list = mapper.readValue(perms.toString(), TypeFactory.defaultInstance() - .constructCollectionType(List.class, ExternalAccessPerms.class)); - } - // If role name or role functions are updated then delete - // record in External System and add new record to avoid - // conflicts - boolean isRoleNameChanged = false; - if (!desc.equals(updateExtRole.getName())) { - isRoleNameChanged = true; - deleteRoleInExtSystem(mapper, name); - addRole(updateExtRole, app.getUebKey()); - // add partner functions to the global role in External - // Auth System - if (!list.isEmpty() && isGlobalRole) { - addPartnerHasRoleFunctionsToGlobalRole(list, mapper, app, updateExtRole); - } - list.removeIf( - perm -> EcompPortalUtils.checkNameSpaceMatching(perm.getType(), app.getNameSpace())); - // if role name is changes please ignore the previous - // functions in External Auth - // and update with user requested functions - addRemoveFunctionsToRole(updateExtRole, app, mapper, roleFunctionListNew, name, list); - } - // Delete role in External System if role is inactive - if (!updateExtRole.getActive()) { - deleteRoleInExtSystem(mapper, name); - } - if (!isRoleNameChanged) { - response = - addRemoveFunctionsToRole(updateExtRole, app, mapper, roleFunctionListNew, name, list); - } - } - } else { - // It seems like role exists in local DB but not in External - // Access system - if (updateExtRole.getActive()) { - addRole(updateExtRole, app.getUebKey()); - ExternalAccessRolePerms extAddRolePerms = null; - ExternalAccessPerms extAddPerms = null; - List<RoleFunction> roleFunctionListAdd = convertSetToListOfRoleFunctions(updateExtRole); - HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth(); - for (RoleFunction roleFunc : roleFunctionListAdd) { - extAddPerms = new ExternalAccessPerms(app.getNameSpace() + "." + roleFunc.getType(), - roleFunc.getCode(), roleFunc.getAction()); - extAddRolePerms = - new ExternalAccessRolePerms(extAddPerms, - app.getNameSpace() + "." + updateExtRole.getName().replaceAll( - EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, - "_")); - response = addRoleFuncExtSysRestAPI(mapper, extAddRolePerms, headers); - } - } - } - } - return response; - } - - private void deleteRoleInExtSystem(ObjectMapper mapper, String name) - throws JsonProcessingException, Exception, ExternalAuthSystemException { - ResponseEntity<String> deleteResponse; - Map<String, String> delRoleKeyMapper = new HashMap<>(); - delRoleKeyMapper.put(ROLE_NAME, name); - String delRoleKeyValue = mapper.writeValueAsString(delRoleKeyMapper); - deleteResponse = deleteRoleInExternalSystem(delRoleKeyValue); - if (deleteResponse.getStatusCode().value() != 200) { - logger.error(EELFLoggerDelegate.errorLogger, - "updateRoleInExternalSystem: Failed to delete role in external system due to {} ", - deleteResponse.getBody()); - throw new ExternalAuthSystemException(deleteResponse.getBody()); - } - } - - private boolean addRemoveFunctionsToRole(Role updateExtRole, EPApp app, ObjectMapper mapper, - List<RoleFunction> roleFunctionListNew, String name, List<ExternalAccessPerms> list) throws Exception { - boolean response; - Map<String, RoleFunction> updateRoleFunc = new HashMap<>(); - for (RoleFunction addPerm : roleFunctionListNew) { - updateRoleFunc.put(addPerm.getCode(), addPerm); - } - final Map<String, ExternalAccessPerms> extRolePermMap = new HashMap<>(); - final Map<String, ExternalAccessPerms> extRolePermMapPipes = new HashMap<>(); - list.removeIf(perm -> !EcompPortalUtils.checkNameSpaceMatching(perm.getType(), app.getNameSpace())); - // Update permissions in the ExternalAccess System - HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth(); - if (!list.isEmpty()) { - for (ExternalAccessPerms perm : list) { - RoleFunction roleFunc = updateRoleFunc.get(perm.getType().substring(app.getNameSpace().length() + 1) - + FUNCTION_PIPE + perm.getInstance() + FUNCTION_PIPE + perm.getAction()); - if (roleFunc == null) { - RoleFunction roleFuncPipeFilter = updateRoleFunc.get(perm.getInstance()); - if (roleFuncPipeFilter == null) - removePermForRole(perm, mapper, name, headers); - } - extRolePermMap.put(perm.getInstance(), perm); - extRolePermMapPipes.put(perm.getType().substring(app.getNameSpace().length() + 1) + FUNCTION_PIPE - + perm.getInstance() + FUNCTION_PIPE + perm.getAction(), perm); - } - } - response = true; - if (!roleFunctionListNew.isEmpty()) { - for (RoleFunction roleFunc : roleFunctionListNew) { - if (roleFunc.getCode().contains(FUNCTION_PIPE)) { - ExternalAccessPerms perm = extRolePermMapPipes.get(roleFunc.getCode()); - if (perm == null) { - response = - addFunctionsToRoleInExternalAuthSystem(updateExtRole, app, mapper, headers, roleFunc); - } - } else { - if (!extRolePermMap.containsKey(EcompPortalUtils.getFunctionCode(roleFunc.getCode()))) { - response = - addFunctionsToRoleInExternalAuthSystem(updateExtRole, app, mapper, headers, roleFunc); - } - } - } - } - return response; - } - - /* - * Adds function to the role in the external auth system while editing a role or updating new - * functions to a role - * - */ - private boolean addFunctionsToRoleInExternalAuthSystem(Role updateExtRole, EPApp app, ObjectMapper mapper, - HttpHeaders headers, RoleFunction roleFunc) throws JsonProcessingException { - boolean response; - ExternalAccessRolePerms extRolePerms; - ExternalAccessPerms extPerms; - String code = ""; - String type = ""; - String action = ""; - if (roleFunc.getCode().contains(FUNCTION_PIPE)) { - code = EcompPortalUtils.getFunctionCode(roleFunc.getCode()); - type = EcompPortalUtils.getFunctionType(roleFunc.getCode()); - action = getFunctionCodeAction(roleFunc.getCode()); - } else { - code = roleFunc.getCode(); - type = roleFunc.getCode().contains("menu") ? "menu" : "url"; - action = "*"; - } - extPerms = new ExternalAccessPerms(app.getNameSpace() + "." + type, code, action); - extRolePerms = new ExternalAccessRolePerms(extPerms, app.getNameSpace() + "." + updateExtRole.getName() - .replaceAll(EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_")); - String updateRolePerms = mapper.writeValueAsString(extRolePerms); - HttpEntity<String> entity = new HttpEntity<>(updateRolePerms, headers); - logger.debug(EELFLoggerDelegate.debugLogger, "updateRoleInExternalSystem: {} for POST: {}", - CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE, updateRolePerms); - ResponseEntity<String> addResponse = template.exchange( - SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "role/perm", - HttpMethod.POST, entity, String.class); - if (addResponse.getStatusCode().value() != 201 && addResponse.getStatusCode().value() != 409) { - response = false; - logger.debug(EELFLoggerDelegate.debugLogger, - "updateRoleInExternalSystem: Connected to External Auth system but something went wrong! due to {} and statuscode: {}", - addResponse.getStatusCode().getReasonPhrase(), addResponse.getStatusCode().value()); - } else { - response = true; - logger.debug(EELFLoggerDelegate.debugLogger, - "updateRoleInExternalSystem: Finished adding permissions to roles in External Auth system {} and status code: {} ", - updateRolePerms, addResponse.getStatusCode().value()); - } - return response; - } - - private void addPartnerHasRoleFunctionsToGlobalRole(List<ExternalAccessPerms> permslist, ObjectMapper mapper, - EPApp app, Role updateExtRole) throws Exception { - for (ExternalAccessPerms perm : permslist) { - if (!EcompPortalUtils.checkNameSpaceMatching(perm.getType(), app.getNameSpace())) { - ExternalAccessRolePerms extAddGlobalRolePerms = null; - ExternalAccessPerms extAddPerms = null; - extAddPerms = new ExternalAccessPerms(perm.getType(), perm.getInstance(), perm.getAction()); - extAddGlobalRolePerms = new ExternalAccessRolePerms(extAddPerms, - app.getNameSpace() + "." + updateExtRole.getName().replaceAll( - EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_")); - String addPerms = mapper.writeValueAsString(extAddGlobalRolePerms); - HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth(); - HttpEntity<String> entity = new HttpEntity<>(addPerms, headers); - logger.debug(EELFLoggerDelegate.debugLogger, "addPartnerHasRoleFunctionsToGlobalRole: {} ", - CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE); - try { - ResponseEntity<String> addResponse = template - .exchange(SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) - + "role/perm", HttpMethod.POST, entity, String.class); - if (addResponse.getStatusCode().value() != 201) { - logger.debug(EELFLoggerDelegate.debugLogger, - "addPartnerHasRoleFunctionsToGlobalRole: While adding permission to the role in External Auth system something went wrong! due to {} and statuscode: {}", - addResponse.getStatusCode().getReasonPhrase(), addResponse.getStatusCode().value()); - } else { - logger.debug(EELFLoggerDelegate.debugLogger, - "addPartnerHasRoleFunctionsToGlobalRole: Finished adding permissions to roles in External Auth system and status code: {} ", - addResponse.getStatusCode().value()); - } - } catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger, - "addPartnerHasRoleFunctionsToGlobalRole: Failed for POST request: {} due to ", addPerms, e); - } - } - } - } - - @SuppressWarnings("unchecked") - private void addFunctionsTOGlobalRole(List<EPRole> epRoleList, Role updateExtRole, - List<RoleFunction> roleFunctionListNew, ObjectMapper mapper, EPApp app, EPApp portalAppInfo) - throws Exception { - try { - logger.debug(EELFLoggerDelegate.debugLogger, "Entering into addFunctionsTOGlobalRole"); - // GET Permissions from External Auth System - JSONArray extPerms = getExtAuthPermissions(app); - List<ExternalAccessPermsDetail> permsDetailList = getExtAuthPerrmissonList(app, extPerms); - final Map<String, ExternalAccessPermsDetail> existingPermsWithRoles = new HashMap<>(); - final Map<String, ExternalAccessPermsDetail> existingPermsWithRolesWithPipes = new HashMap<>(); - final Map<String, RoleFunction> userRquestedFunctionsMap = new HashMap<>(); - final Map<String, RoleFunction> userRquestedFunctionsMapPipesFilter = new HashMap<>(); - for (ExternalAccessPermsDetail permDetail : permsDetailList) { - existingPermsWithRoles.put(EcompPortalUtils.getFunctionCode(permDetail.getInstance()), permDetail); - existingPermsWithRolesWithPipes.put(permDetail.getInstance(), permDetail); - } - // Add If function does not exists for role in External Auth System - for (RoleFunction roleFunc : roleFunctionListNew) { - String roleFuncCode = ""; - ExternalAccessPermsDetail permsDetail; - if (roleFunc.getCode().contains(FUNCTION_PIPE)) { - roleFuncCode = roleFunc.getCode(); - permsDetail = existingPermsWithRolesWithPipes.get(roleFunc.getCode()); - } else { - roleFuncCode = EcompPortalUtils.getFunctionCode(roleFunc.getCode()); - permsDetail = existingPermsWithRoles.get(roleFuncCode); - } - if (null == permsDetail.getRoles() - || !permsDetail.getRoles() - .contains(portalAppInfo.getNameSpace() + FUNCTION_PIPE - + epRoleList.get(0).getName().replaceAll( - EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, - "_"))) { - addRoleFunctionsToGlobalRoleInExternalSystem(roleFunc, updateExtRole, mapper, app, portalAppInfo); - } - userRquestedFunctionsMap.put(roleFuncCode, roleFunc); - userRquestedFunctionsMapPipesFilter.put(EcompPortalUtils.getFunctionCode(roleFuncCode), roleFunc); - } - // Delete functions if exists in External Auth System but not in - // incoming - // request - final Map<String, Long> epAppRoleFuncParams = new HashMap<>(); - epAppRoleFuncParams.put("requestedAppId", app.getId()); - epAppRoleFuncParams.put("roleId", updateExtRole.getId()); - List<GlobalRoleWithApplicationRoleFunction> globalRoleFunctionList = - dataAccessService.executeNamedQuery("getGlobalRoleForRequestedApp", epAppRoleFuncParams, null); - for (GlobalRoleWithApplicationRoleFunction globalRoleFunc : globalRoleFunctionList) { - String globalRoleFuncWithoutPipes = ""; - RoleFunction roleFunc = null; - if (globalRoleFunc.getFunctionCd().contains(FUNCTION_PIPE)) { - globalRoleFuncWithoutPipes = globalRoleFunc.getFunctionCd(); - roleFunc = userRquestedFunctionsMap.get(globalRoleFuncWithoutPipes); - } else { - globalRoleFuncWithoutPipes = EcompPortalUtils.getFunctionCode(globalRoleFunc.getFunctionCd()); - roleFunc = userRquestedFunctionsMapPipesFilter.get(globalRoleFuncWithoutPipes); - } - if (roleFunc == null) { - ExternalAccessPermsDetail permDetailFromMap = globalRoleFunc.getFunctionCd().contains(FUNCTION_PIPE) - ? existingPermsWithRolesWithPipes.get(globalRoleFuncWithoutPipes) - : existingPermsWithRoles.get(globalRoleFuncWithoutPipes); - ExternalAccessPerms perm = new ExternalAccessPerms(permDetailFromMap.getType(), - EcompPortalUtils.getFunctionCode(permDetailFromMap.getInstance()), - permDetailFromMap.getAction()); - String roleName = portalAppInfo.getNameSpace() + "." + globalRoleFunc.getRoleName() - .replaceAll(EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_"); - HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth(); - removePermForRole(perm, mapper, roleName, headers); - } - } - logger.debug(EELFLoggerDelegate.debugLogger, "Finished addFunctionsTOGlobalRole"); - } catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger, "addFunctionsTOGlobalRole: Failed", e); - throw e; - } - } - - private void addRoleFunctionsToGlobalRoleInExternalSystem(RoleFunction addFunction, Role globalRole, - ObjectMapper mapper, EPApp app, EPApp portalAppInfo) throws Exception { - try { - logger.debug(EELFLoggerDelegate.debugLogger, "Entering into addRoleFunctionsToGlobalRoleInExternalSystem"); - ExternalAccessRolePerms extAddRolePerms = null; - ExternalAccessPerms extAddPerms = null; - HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth(); - String code = ""; - String type = ""; - String action = ""; - if (addFunction.getCode().contains(FUNCTION_PIPE)) { - code = EcompPortalUtils.getFunctionCode(addFunction.getCode()); - type = getFunctionCodeType(addFunction.getCode()); - action = getFunctionCodeAction(addFunction.getCode()); - } else { - code = addFunction.getCode(); - type = addFunction.getCode().contains("menu") ? "menu" : "url"; - action = "*"; - } - extAddPerms = new ExternalAccessPerms(app.getNameSpace() + "." + type, code, action); - extAddRolePerms = new ExternalAccessRolePerms(extAddPerms, portalAppInfo.getNameSpace() + "." + globalRole - .getName().replaceAll(EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_")); - String updateRolePerms = mapper.writeValueAsString(extAddRolePerms); - HttpEntity<String> entity = new HttpEntity<>(updateRolePerms, headers); - logger.debug(EELFLoggerDelegate.debugLogger, "addRoleFunctionsInExternalSystem: {} ", - CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE); - ResponseEntity<String> addResponse = template.exchange( - SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "role/perm", - HttpMethod.POST, entity, String.class); - if (addResponse.getStatusCode().value() != 201) { - logger.debug(EELFLoggerDelegate.debugLogger, - "addRoleFunctionsInExternalSystem: While adding permission to the role in External Auth system something went wrong! due to {} and statuscode: {}", - addResponse.getStatusCode().getReasonPhrase(), addResponse.getStatusCode().value()); - } else { - logger.debug(EELFLoggerDelegate.debugLogger, - "addRoleFunctionsInExternalSystem: Finished adding permissions to roles in External Auth system and status code: {} ", - addResponse.getStatusCode().value()); - } - logger.debug(EELFLoggerDelegate.debugLogger, "Finished addRoleFunctionsToGlobalRoleInExternalSystem"); - } catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger, "addRoleFunctionsToGlobalRoleInExternalSystem: Failed", e); - throw e; - } - } - - private boolean addRoleFuncExtSysRestAPI(ObjectMapper addPermsMapper, ExternalAccessRolePerms extAddRolePerms, - HttpHeaders headers) throws JsonProcessingException { - boolean response; - String updateRolePerms = addPermsMapper.writeValueAsString(extAddRolePerms); - HttpEntity<String> entity = new HttpEntity<>(updateRolePerms, headers); - logger.debug(EELFLoggerDelegate.debugLogger, "addRoleFunctionsInExternalSystem: {} for POST: {} ", - CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE, updateRolePerms); - ResponseEntity<String> addResponse = template.exchange( - SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "role/perm", - HttpMethod.POST, entity, String.class); - if (addResponse.getStatusCode().value() != 201 && addResponse.getStatusCode().value() != 409) { - response = false; - logger.debug(EELFLoggerDelegate.debugLogger, - "addRoleFunctionsInExternalSystem: While adding permission to the role in External Auth system something went wrong! due to {} and statuscode: {}", - addResponse.getStatusCode().getReasonPhrase(), addResponse.getStatusCode().value()); - } else { - response = true; - logger.debug(EELFLoggerDelegate.debugLogger, - "addRoleFunctionsInExternalSystem: Finished adding permissions to roles in External Auth system {} and status code: {} ", - updateRolePerms, addResponse.getStatusCode().value()); - } - return response; - } - - /** - * - * It converts list of functions in updateExtRole parameter to the RoleFunction object - * - * @param updateExtRole - * @return list of functions - */ - @SuppressWarnings("unchecked") - private List<RoleFunction> convertSetToListOfRoleFunctions(Role updateExtRole) { - Set<RoleFunction> roleFunctionSetList = updateExtRole.getRoleFunctions(); - List<RoleFunction> roleFunctionList = new ArrayList<>(); - ObjectMapper roleFuncMapper = new ObjectMapper(); - Iterator<RoleFunction> itetaror = roleFunctionSetList.iterator(); - while (itetaror.hasNext()) { - Object nextValue = itetaror.next(); - RoleFunction roleFunction = roleFuncMapper.convertValue(nextValue, RoleFunction.class); - roleFunctionList.add(roleFunction); - } - return roleFunctionList.stream().distinct().collect(Collectors.toList()); - } - - /** - * It delete permissions/functions in the external auth system - * - * @param perm - * @param permMapper - * @param name - * @param headers - * @throws JsonProcessingException - * @throws Exception - */ - private void removePermForRole(ExternalAccessPerms perm, ObjectMapper permMapper, String name, HttpHeaders headers) - throws ExternalAuthSystemException, JsonProcessingException { - ExternalAccessRolePerms extAccessRolePerms = new ExternalAccessRolePerms(perm, name); - String permDetails = permMapper.writeValueAsString(extAccessRolePerms); - try { - HttpEntity<String> deleteEntity = new HttpEntity<>(permDetails, headers); - logger.debug(EELFLoggerDelegate.debugLogger, "removePermForRole: {} for DELETE: {} ", - CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE, permDetails); - ResponseEntity<String> deletePermResponse = - template.exchange(SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) - + "role/" + name + "/perm", HttpMethod.DELETE, deleteEntity, String.class); - if (deletePermResponse.getStatusCode().value() != 200) { - throw new ExternalAuthSystemException(deletePermResponse.getBody()); - } - logger.debug(EELFLoggerDelegate.debugLogger, - "removePermForRole: Finished deleting permission to role in External Auth system: {} and status code: {}", - permDetails, deletePermResponse.getStatusCode().value()); - } catch (Exception e) { - if (e.getMessage().contains("404")) { - logger.error(EELFLoggerDelegate.errorLogger, "Failed to add role for DELETE request: {} due to {}", - permDetails, e.getMessage()); - } else { - throw e; - } - } - } - - /** - * It will create new role in the External Auth System - * - * @param newRole - * @param app - * @return true if successfully added in the system else false - * @throws Exception If fails to add role in the system - */ - private void addNewRoleInExternalSystem(List<EPRole> newRole, EPApp app) - throws Exception, HttpClientErrorException { - try { - HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth(); - ObjectMapper mapper = new ObjectMapper(); - String addNewRole = ""; - ExternalAccessRole extRole = new ExternalAccessRole(); - extRole.setName(app.getNameSpace() + "." + newRole.get(0).getName() - .replaceAll(EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_")); - extRole.setDescription(String.valueOf(newRole.get(0).getName())); - addNewRole = mapper.writeValueAsString(extRole); - HttpEntity<String> postEntity = new HttpEntity<>(addNewRole, headers); - logger.debug(EELFLoggerDelegate.debugLogger, "addNewRoleInExternalSystem: {} for POST: {} ", - CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE, addNewRole); - ResponseEntity<String> addNewRoleInExternalSystem = template.exchange( - SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "role", - HttpMethod.POST, postEntity, String.class); - if (addNewRoleInExternalSystem.getStatusCode().value() == 201) { - logger.debug(EELFLoggerDelegate.debugLogger, - "addNewRoleInExternalSystem: Finished adding into External Auth system for POST: {} and status code: {}", - addNewRole, addNewRoleInExternalSystem.getStatusCode().value()); - } - } catch (HttpClientErrorException ht) { - dataAccessService.deleteDomainObjects(EPRole.class, " role_id = " + newRole.get(0).getId(), null); - logger.error(EELFLoggerDelegate.debugLogger, - "addNewRoleInExternalSystem: Failed to add in External Auth system and status code: {}", ht); - throw new HttpClientErrorException(ht.getStatusCode()); - } - } - - /** - * - * It updates existing role in the External Auth System - * - * @param addRole It Contains role information - * @param app - * @return string which is formatted to match with the external auth system - * @throws JsonProcessingException - */ - private String updateExistingRoleInExternalSystem(Role addRole, EPApp app) throws JsonProcessingException { - ObjectMapper mapper = new ObjectMapper(); - String addNewRole = ""; - ExternalAccessRole extRole = new ExternalAccessRole(); - extRole.setName(app.getNameSpace() + "." + addRole.getName() - .replaceAll(EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_")); - extRole.setDescription(String.valueOf(addRole.getName())); - addNewRole = mapper.writeValueAsString(extRole); - return addNewRole; - } - - /** - * It create a role in the external auth system and then in our local - * - * @param addRoleInDB - * @param app - * @return true else false - * @throws Exception - */ - @SuppressWarnings("unchecked") - @Transactional(rollbackFor = Exception.class) - public boolean addRoleInEcompDB(Role addRoleInDB, EPApp app) throws Exception { - boolean result = false; - EPRole epRole = null; - Set<RoleFunction> roleFunctionList = addRoleInDB.getRoleFunctions(); - List<RoleFunction> roleFunctionListNew = new ArrayList<>(); - ObjectMapper mapper = new ObjectMapper(); - Iterator<RoleFunction> itetaror = roleFunctionList.iterator(); - while (itetaror.hasNext()) { - Object nextValue = itetaror.next(); - RoleFunction roleFunction = mapper.convertValue(nextValue, RoleFunction.class); - roleFunctionListNew.add(roleFunction); - } - List<RoleFunction> listWithoutDuplicates = roleFunctionListNew.stream().distinct().collect(Collectors.toList()); - try { - if (addRoleInDB.getId() == null) { // check if it is new role - if (EcompPortalUtils.checkIfRemoteCentralAccessAllowed()) { - checkIfRoleExitsInExternalSystem(addRoleInDB, app); - } - EPRole epRoleNew = new EPRole(); - epRoleNew.setActive(addRoleInDB.getActive()); - epRoleNew.setName(addRoleInDB.getName()); - epRoleNew.setPriority(addRoleInDB.getPriority()); - if (app.getId().equals(PortalConstants.PORTAL_APP_ID)) { - epRoleNew.setAppId(null); - } else { - epRoleNew.setAppId(app.getId()); - } - dataAccessService.saveDomainObject(epRoleNew, null); - List<EPRole> getRoleCreated = null; - final Map<String, String> epAppRoleParams = new HashMap<>(); - final Map<String, String> epAppPortalRoleParams = new HashMap<>(); - if (!app.getId().equals(PortalConstants.PORTAL_APP_ID)) { - epAppRoleParams.put("appId", String.valueOf(app.getId())); - epAppRoleParams.put(APP_ROLE_NAME_PARAM, addRoleInDB.getName()); - List<EPRole> roleCreated = dataAccessService - .executeNamedQuery(GET_ROLE_TO_UPDATE_IN_EXTERNAL_AUTH_SYSTEM, epAppRoleParams, null); - EPRole epUpdateRole = roleCreated.get(0); - epUpdateRole.setAppRoleId(epUpdateRole.getId()); - dataAccessService.saveDomainObject(epUpdateRole, null); - getRoleCreated = dataAccessService.executeNamedQuery(GET_ROLE_TO_UPDATE_IN_EXTERNAL_AUTH_SYSTEM, - epAppRoleParams, null); - } else { - epAppPortalRoleParams.put(APP_ROLE_NAME_PARAM, addRoleInDB.getName()); - getRoleCreated = dataAccessService.executeNamedQuery(GET_PORTAL_APP_ROLES_QUERY, - epAppPortalRoleParams, null); - } - // Add role in External Auth system - if (EcompPortalUtils.checkIfRemoteCentralAccessAllowed()) { - addNewRoleInExternalSystem(getRoleCreated, app); - } - result = true; - } else { // if role already exists then update it - EPRole globalRole = null; - List<EPRole> applicationRoles; - List<EPRole> globalRoleList = getGlobalRolesOfPortal(); - boolean isGlobalRole = false; - if (!globalRoleList.isEmpty()) { - EPRole role = globalRoleList.stream().filter(x -> addRoleInDB.getId().equals(x.getId())).findAny() - .orElse(null); - if (role != null) { - globalRole = role; - isGlobalRole = true; - } - } - if (app.getId().equals(PortalConstants.PORTAL_APP_ID) - || (globalRole != null && app.getId() != globalRole.getAppId())) { - applicationRoles = getPortalAppRoleInfo(addRoleInDB.getId()); - } else { - applicationRoles = getPartnerAppRoleInfo(addRoleInDB.getId(), app); - } - if (EcompPortalUtils.checkIfRemoteCentralAccessAllowed()) { - updateRoleInExternalSystem(addRoleInDB, app, isGlobalRole); - // Add all user to the re-named role in external auth system - if (!applicationRoles.isEmpty() - && !addRoleInDB.getName().equals(applicationRoles.get(0).getName())) { - bulkUploadUsersSingleRole(app.getUebKey(), applicationRoles.get(0).getId(), - addRoleInDB.getName()); - } - } - deleteRoleFunction(app, applicationRoles); - if (!applicationRoles.isEmpty()) { - epRole = applicationRoles.get(0); - epRole.setName(addRoleInDB.getName()); - epRole.setPriority(addRoleInDB.getPriority()); - epRole.setActive(addRoleInDB.getActive()); - if (app.getId().equals(PortalConstants.PORTAL_APP_ID)) { - epRole.setAppId(null); - epRole.setAppRoleId(null); - } else if (!app.getId().equals(PortalConstants.PORTAL_APP_ID) - && applicationRoles.get(0).getAppRoleId() == null) { - epRole.setAppRoleId(epRole.getId()); - } - dataAccessService.saveDomainObject(epRole, null); - } - Long roleAppId = null; - if (globalRole != null && !app.getId().equals(globalRole.getAppId())) - roleAppId = PortalConstants.PORTAL_APP_ID; - saveRoleFunction(listWithoutDuplicates, app, applicationRoles, roleAppId); - result = true; - } - } catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger, "addRoleInEcompDB is failed", e); - throw e; - } - return result; - } - - /** - * - * It validates whether role exists in external auth system - * - * @param checkRole - * @param app - * @throws Exception If role exits - */ - private void checkIfRoleExitsInExternalSystem(Role checkRole, EPApp app) throws Exception { - getNameSpaceIfExists(app); - HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth(); - String roleName = app.getNameSpace() + "." + checkRole.getName() - .replaceAll(EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_"); - HttpEntity<String> checkRoleEntity = new HttpEntity<>(headers); - logger.debug(EELFLoggerDelegate.debugLogger, "checkIfRoleExitsInExternalSystem: {} ", - CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE); - ResponseEntity<String> checkRoleInExternalSystem = - template.exchange(SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) - + "roles/" + roleName, HttpMethod.GET, checkRoleEntity, String.class); - if (!checkRoleInExternalSystem.getBody().equals(IS_EMPTY_JSON_STRING)) { - logger.debug( - "checkIfRoleExitsInExternalSystem: Role already exists in external system {} and status code: {} ", - checkRoleInExternalSystem.getBody(), checkRoleInExternalSystem.getStatusCode().value()); - throw new ExternalAuthSystemException(" Role already exists in external system"); - } - } - - /** - * It saves list of functions to the role in portal - * - * @param roleFunctionListNew - * @param app - * @param applicationRoles - * @throws Exception - */ - @SuppressWarnings("unchecked") - private void saveRoleFunction(List<RoleFunction> roleFunctionListNew, EPApp app, List<EPRole> applicationRoles, - Long roleAppId) throws Exception { - final Map<String, String> getAppFunctionParams = new HashMap<>(); - for (RoleFunction roleFunc : roleFunctionListNew) { - String code = EcompPortalUtils.getFunctionCode(roleFunc.getCode()); - EPAppRoleFunction appRoleFunc = new EPAppRoleFunction(); - appRoleFunc.setAppId(app.getId()); - appRoleFunc.setRoleId(applicationRoles.get(0).getId()); - appRoleFunc.setRoleAppId(String.valueOf(roleAppId)); - getAppFunctionParams.put("appId", String.valueOf(app.getId())); - getAppFunctionParams.put(FUNCTION_CODE_PARAMS, roleFunc.getCode()); - // query to check if function code has pipes - List<CentralV2RoleFunction> roleFunction = - dataAccessService.executeNamedQuery(GET_ROLE_FUNCTION_QUERY, getAppFunctionParams, null); - if (roleFunction.isEmpty()) { - getAppFunctionParams.put(FUNCTION_CODE_PARAMS, code); - roleFunction = dataAccessService.executeNamedQuery(GET_ROLE_FUNCTION_QUERY, getAppFunctionParams, null); - } - if (roleFunction.size() > 1) { - CentralV2RoleFunction getExactFunctionCode = appFunctionListFilter(code, roleFunction); - appRoleFunc.setCode(getExactFunctionCode.getCode()); - } else { - appRoleFunc.setCode(roleFunction.get(0).getCode()); - } - dataAccessService.saveDomainObject(appRoleFunc, null); - } - } - - /** - * - * It filters the app functions which starts with similar name in the result set - * - * @param roleFunc - * @param roleFunction - * @return CentralRoleFunction - */ - private CentralV2RoleFunction appFunctionListFilter(String roleFuncCode, List<CentralV2RoleFunction> roleFunction) { - final Map<String, CentralV2RoleFunction> appFunctionsFilter = new HashMap<>(); - final Map<String, CentralV2RoleFunction> appFunctionsFilterPipes = new HashMap<>(); - CentralV2RoleFunction getExactFunctionCode = null; - for (CentralV2RoleFunction cenRoleFunction : roleFunction) { - appFunctionsFilter.put(cenRoleFunction.getCode(), cenRoleFunction); - appFunctionsFilterPipes.put(EcompPortalUtils.getFunctionCode(cenRoleFunction.getCode()), cenRoleFunction); - } - getExactFunctionCode = appFunctionsFilter.get(roleFuncCode); - if (getExactFunctionCode == null) { - getExactFunctionCode = appFunctionsFilterPipes.get(roleFuncCode); - } - return getExactFunctionCode; - } - - /** - * It deletes all EPAppRoleFunction records in the portal - * - * @param app - * @param role - */ - @SuppressWarnings("unchecked") - private void deleteRoleFunction(EPApp app, List<EPRole> role) { - final Map<String, Long> appRoleFuncsParams = new HashMap<>(); - appRoleFuncsParams.put("appId", app.getId()); - appRoleFuncsParams.put("roleId", role.get(0).getId()); - List<EPAppRoleFunction> appRoleFunctionList = - dataAccessService.executeNamedQuery("getAppRoleFunctionOnRoleIdandAppId", appRoleFuncsParams, null); - if (!appRoleFunctionList.isEmpty()) { - for (EPAppRoleFunction approleFunction : appRoleFunctionList) { - dataAccessService.deleteDomainObject(approleFunction, null); - } - } - } - - @Override - @SuppressWarnings("unchecked") - public List<EPUser> getUser(String loginId) throws InvalidUserException { - final Map<String, String> userParams = new HashMap<>(); - userParams.put("org_user_id", loginId); - List<EPUser> userList = dataAccessService.executeNamedQuery("getEPUserByOrgUserId", userParams, null); - if (userList.isEmpty()) { - throw new InvalidUserException("User not found"); - } - return userList; - } - - @Override - public String getV2UserWithRoles(String loginId, String uebkey) throws Exception { - final Map<String, String> params = new HashMap<>(); - List<EPUser> userList = null; - CentralV2User cenV2User = null; - String result = null; - try { - params.put("orgUserIdValue", loginId); - List<EPApp> appList = getApp(uebkey); - if (!appList.isEmpty()) { - userList = getUser(loginId); - if (!userList.isEmpty()) { - ObjectMapper mapper = new ObjectMapper(); - cenV2User = getV2UserAppRoles(loginId, uebkey); - result = mapper.writeValueAsString(cenV2User); - } else if (userList.isEmpty()) { - throw new InvalidUserException("User not found"); - } - } else { - throw new InactiveApplicationException("Application not found"); - } - } catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger, "getUser: failed", e); - throw e; - } - return result; - } - - @Override - public List<CentralV2Role> getRolesForApp(String uebkey) throws Exception { - logger.debug(EELFLoggerDelegate.debugLogger, "getRolesForApp: Entering into getRolesForApp"); - List<CentralV2Role> roleList = new ArrayList<>(); - final Map<String, Long> params = new HashMap<>(); - try { - List<EPApp> app = getApp(uebkey); - List<EPRole> appRolesList = getAppRoles(app.get(0).getId()); - roleList = createCentralRoleObject(app, appRolesList, roleList, params); - if (app.get(0).getId() != PortalConstants.PORTAL_APP_ID) { - List<CentralV2Role> globalRoleList = getGlobalRolesOfApplication(app.get(0).getId()); - List<EPRole> globalRolesList = getGlobalRolesOfPortal(); - List<CentralV2Role> portalsGlobalRolesFinlaList = new ArrayList<>(); - if (!globalRolesList.isEmpty()) { - for (EPRole eprole : globalRolesList) { - CentralV2Role cenRole = convertRoleToCentralV2Role(eprole); - portalsGlobalRolesFinlaList.add(cenRole); - } - roleList.addAll(globalRoleList); - for (CentralV2Role role : portalsGlobalRolesFinlaList) { - CentralV2Role result = - roleList.stream().filter(x -> role.getId().equals(x.getId())).findAny().orElse(null); - if (result == null) - roleList.add(role); - } - } else { - for (EPRole role : globalRolesList) { - CentralV2Role cenRole = convertRoleToCentralV2Role(role); - roleList.add(cenRole); - } - } - } - } catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger, "getRolesForApp: Failed!", e); - throw e; - } - logger.debug(EELFLoggerDelegate.debugLogger, "getRolesForApp: Finished!"); - return roleList.stream().distinct().collect(Collectors.toList()); - } - - @SuppressWarnings("unchecked") - @Override - public List<CentralV2RoleFunction> getRoleFuncList(String uebkey) throws Exception { - EPApp app = getApp(uebkey).get(0); - List<CentralV2RoleFunction> finalRoleList = new ArrayList<>(); - final Map<String, Long> params = new HashMap<>(); - params.put(APP_ID, app.getId()); - List<CentralV2RoleFunction> getRoleFuncList = - dataAccessService.executeNamedQuery("getAllRoleFunctions", params, null); - for (CentralV2RoleFunction roleFuncItem : getRoleFuncList) { - String code = EcompPortalUtils.getFunctionCode(roleFuncItem.getCode()); - String type = ""; - if (roleFuncItem.getCode().contains("|")) - type = EcompPortalUtils.getFunctionType(roleFuncItem.getCode()); - else - type = getFunctionCodeType(roleFuncItem.getCode()); - String action = getFunctionCodeAction(roleFuncItem.getCode()); - roleFuncItem.setCode(EPUserUtils.decodeFunctionCode(code)); - roleFuncItem.setType(type); - roleFuncItem.setAction(action); - finalRoleList.add(roleFuncItem); - } - return finalRoleList; - } - - @Override - public String getFunctionCodeAction(String roleFuncItem) { - return (!roleFuncItem.contains(FUNCTION_PIPE)) ? "*" : EcompPortalUtils.getFunctionAction(roleFuncItem); - } - - @Override - public String getFunctionCodeType(String roleFuncItem) { - String type = null; - if ((roleFuncItem.contains(FUNCTION_PIPE) && roleFuncItem.contains("menu")) - || (!roleFuncItem.contains(FUNCTION_PIPE) && roleFuncItem.contains("menu"))) { - type = "menu"; - } else if (checkIfCodeHasNoPipesAndHasTypeUrl(roleFuncItem) || checkIfCodeHasPipesAndHasTypeUrl(roleFuncItem) - || checkIfCodeHasNoPipesAndHasNoTypeUrl(roleFuncItem)) { - type = "url"; - } else if (roleFuncItem.contains(FUNCTION_PIPE) - && (!roleFuncItem.contains("menu") || roleFuncItem.contains("url"))) { - type = EcompPortalUtils.getFunctionType(roleFuncItem); - } - return type; - } - - /** - * - * It check whether function code has no pipes and no url string in it - * - * @param roleFuncItem - * @return true or false - */ - private boolean checkIfCodeHasNoPipesAndHasNoTypeUrl(String roleFuncItem) { - return !roleFuncItem.contains(FUNCTION_PIPE) && !roleFuncItem.contains("url"); - } - - /** - * - * It check whether function code has pipes and url string in it - * - * @param roleFuncItem - * @return true or false - */ - private boolean checkIfCodeHasPipesAndHasTypeUrl(String roleFuncItem) { - return roleFuncItem.contains(FUNCTION_PIPE) && roleFuncItem.contains("url"); - } - - /** - * - * It check whether function code has no pipes and has url string in it - * - * @param roleFuncItem - * @return true or false - */ - private boolean checkIfCodeHasNoPipesAndHasTypeUrl(String roleFuncItem) { - return !roleFuncItem.contains(FUNCTION_PIPE) && roleFuncItem.contains("url"); - } - - /** - * It returns user detail information which is deep copy of EPUser.class object - * - * @param userInfo - * @param userAppSet - * @param app - * @return - * @throws Exception - */ - @SuppressWarnings("unchecked") - private CentralV2User createEPUser(EPUser userInfo, Set<EPUserApp> userAppSet, EPApp app) throws Exception { - final Map<String, Long> params = new HashMap<>(); - CentralV2User userAppList = new CentralV2User(); - CentralV2User user1 = null; - final Map<String, Long> params1 = new HashMap<>(); - List<EPRole> globalRoleList = new ArrayList<>(); - try { - if (app.getId() != PortalConstants.PORTAL_APP_ID) { - params1.put("userId", userInfo.getId()); - params1.put("appId", app.getId()); - globalRoleList = dataAccessService.executeNamedQuery("userAppGlobalRoles", params1, null); - } - userAppList.setUserApps(new TreeSet<CentralV2UserApp>()); - for (EPUserApp userApp : userAppSet) { - if (userApp.getRole().getActive()) { - EPApp epApp = userApp.getApp(); - String globalRole = userApp.getRole().getName().toLowerCase(); - if (((epApp.getId().equals(app.getId())) - && (!userApp.getRole().getId().equals(PortalConstants.ACCOUNT_ADMIN_ROLE_ID))) - || ((epApp.getId().equals(PortalConstants.PORTAL_APP_ID)) - && (globalRole.toLowerCase().startsWith("global_")))) { - CentralV2UserApp cua = new CentralV2UserApp(); - cua.setUserId(null); - CentralApp cenApp = new CentralApp(1L, epApp.getCreated(), epApp.getModified(), - epApp.getCreatedId(), epApp.getModifiedId(), epApp.getRowNum(), epApp.getName(), - epApp.getImageUrl(), epApp.getDescription(), epApp.getNotes(), epApp.getUrl(), - epApp.getAlternateUrl(), epApp.getAppRestEndpoint(), epApp.getMlAppName(), - epApp.getMlAppAdminId(), String.valueOf(epApp.getMotsId()), epApp.getAppPassword(), - String.valueOf(epApp.getOpen()), String.valueOf(epApp.getEnabled()), - epApp.getThumbnail(), epApp.getUsername(), epApp.getUebKey(), epApp.getUebSecret(), - epApp.getUebTopicName()); - cenApp.setAppPassword(EPCommonSystemProperties.APP_DISPLAY_PASSWORD); - cua.setApp(cenApp); - Long appId = null; - if (globalRole.toLowerCase().startsWith("global_") - && epApp.getId().equals(PortalConstants.PORTAL_APP_ID) - && !epApp.getId().equals(app.getId())) { - appId = app.getId(); - EPRole result = null; - if (globalRoleList.size() > 0) - result = globalRoleList.stream() - .filter(x -> userApp.getRole().getId().equals(x.getId())).findAny() - .orElse(null); - if (result == null) - continue; - } else { - appId = userApp.getApp().getId(); - } - params.put("roleId", userApp.getRole().getId()); - params.put(APP_ID, appId); - List<CentralV2RoleFunction> appRoleFunctionList = - dataAccessService.executeNamedQuery("getAppRoleFunctionList", params, null); - SortedSet<CentralV2RoleFunction> roleFunctionSet = new TreeSet<>(); - for (CentralV2RoleFunction roleFunc : appRoleFunctionList) { - String functionCode = EcompPortalUtils.getFunctionCode(roleFunc.getCode()); - String type = getFunctionCodeType(roleFunc.getCode()); - String action = getFunctionCodeAction(roleFunc.getCode()); - CentralV2RoleFunction cenRoleFunc = new CentralV2RoleFunction(roleFunc.getId(), - functionCode, roleFunc.getName(), null, type, action, null); - roleFunctionSet.add(cenRoleFunc); - } - Long userRoleId = null; - if (globalRole.toLowerCase().startsWith("global_") - || epApp.getId().equals(PortalConstants.PORTAL_APP_ID)) { - userRoleId = userApp.getRole().getId(); - } else { - userRoleId = userApp.getRole().getAppRoleId(); - } - CentralV2Role cenRole = new CentralV2Role(userRoleId, userApp.getRole().getCreated(), - userApp.getRole().getModified(), userApp.getRole().getCreatedId(), - userApp.getRole().getModifiedId(), userApp.getRole().getRowNum(), - userApp.getRole().getName(), userApp.getRole().getActive(), - userApp.getRole().getPriority(), roleFunctionSet, null, null); - cua.setRole(cenRole); - userAppList.getUserApps().add(cua); - } - } - } - user1 = new CentralV2User(null, userInfo.getCreated(), userInfo.getModified(), userInfo.getCreatedId(), - userInfo.getModifiedId(), userInfo.getRowNum(), userInfo.getOrgId(), userInfo.getManagerId(), - userInfo.getFirstName(), userInfo.getMiddleInitial(), userInfo.getLastName(), userInfo.getPhone(), - userInfo.getFax(), userInfo.getCellular(), userInfo.getEmail(), userInfo.getAddressId(), - userInfo.getAlertMethodCd(), userInfo.getHrid(), userInfo.getOrgUserId(), userInfo.getOrgCode(), - userInfo.getAddress1(), userInfo.getAddress2(), userInfo.getCity(), userInfo.getState(), - userInfo.getZipCode(), userInfo.getCountry(), userInfo.getOrgManagerUserId(), - userInfo.getLocationClli(), userInfo.getBusinessCountryCode(), userInfo.getBusinessCountryName(), - userInfo.getBusinessUnit(), userInfo.getBusinessUnitName(), userInfo.getDepartment(), - userInfo.getDepartmentName(), userInfo.getCompanyCode(), userInfo.getCompany(), - userInfo.getZipCodeSuffix(), userInfo.getJobTitle(), userInfo.getCommandChain(), - userInfo.getSiloStatus(), userInfo.getCostCenter(), userInfo.getFinancialLocCode(), - userInfo.getLoginId(), userInfo.getLoginPwd(), userInfo.getLastLoginDate(), userInfo.getActive(), - userInfo.getInternal(), userInfo.getSelectedProfileId(), userInfo.getTimeZoneId(), - userInfo.isOnline(), userInfo.getChatId(), userAppList.getUserApps(), null); - } catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger, "createEPUser: createEPUser failed", e); - throw e; - } - return user1; - } - - @Override - public CentralV2Role getRoleInfo(Long roleId, String uebkey) throws Exception { - final Map<String, Long> params = new HashMap<>(); - List<CentralV2Role> roleList = new ArrayList<>(); - CentralV2Role cenRole = new CentralV2Role(); - List<EPRole> roleInfo = null; - List<EPApp> app = null; - try { - app = getApp(uebkey); - if (app.isEmpty()) { - throw new InactiveApplicationException("Application not found"); - } - if (app.get(0).getId() != PortalConstants.PORTAL_APP_ID) { - List<EPRole> globalRoleList = new ArrayList<>(); - globalRoleList = getGlobalRolesOfPortal(); - if (globalRoleList.size() > 0) { - EPRole result = - globalRoleList.stream().filter(x -> roleId.equals(x.getId())).findAny().orElse(null); - if (result != null) - return getGlobalRoleForRequestedApp(app.get(0).getId(), roleId); - } - } - if (app.get(0).getId().equals(PortalConstants.PORTAL_APP_ID)) { - roleInfo = getPortalAppRoleInfo(roleId); - } else { - roleInfo = getPartnerAppRoleInfo(roleId, app.get(0)); - } - roleList = createCentralRoleObject(app, roleInfo, roleList, params); - if (roleList.isEmpty()) { - return cenRole; - } - } catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger, "getRoleInfo: failed", e); - throw e; - } - return roleList.get(0); - } - - @SuppressWarnings("unchecked") - private List<EPRole> getPartnerAppRoleInfo(Long roleId, EPApp app) { - List<EPRole> roleInfo; - final Map<String, Long> getPartnerAppRoleParams = new HashMap<>(); - getPartnerAppRoleParams.put("appRoleId", roleId); - getPartnerAppRoleParams.put("appId", app.getId()); - roleInfo = dataAccessService.executeNamedQuery("getPartnerAppRoleByRoleId", getPartnerAppRoleParams, null); - if (roleInfo.isEmpty()) { - getPartnerAppRoleParams.put("appRoleId", roleId); - roleInfo = dataAccessService.executeNamedQuery("getPartnerAppRoleById", getPartnerAppRoleParams, null); - } - return roleInfo; - } - - @SuppressWarnings("unchecked") - private List<EPRole> getPortalAppRoleInfo(Long roleId) { - List<EPRole> roleInfo; - final Map<String, Long> getPortalAppRoleParams = new HashMap<>(); - getPortalAppRoleParams.put("roleId", roleId); - roleInfo = dataAccessService.executeNamedQuery("getPortalAppRoleByRoleId", getPortalAppRoleParams, null); - return roleInfo; - } - - /** - * - * It returns list of app roles along with role functions and which went through deep copy - * - * @param app - * @param roleInfo - * @param roleList - * @param params - * @return - * @throws DecoderException - */ - @SuppressWarnings("unchecked") - @Override - public List<CentralV2Role> createCentralRoleObject(List<EPApp> app, List<EPRole> roleInfo, - List<CentralV2Role> roleList, Map<String, Long> params) throws RoleFunctionException { - for (EPRole role : roleInfo) { - params.put("roleId", role.getId()); - params.put(APP_ID, app.get(0).getId()); - List<CentralV2RoleFunction> cenRoleFuncList = - dataAccessService.executeNamedQuery("getAppRoleFunctionList", params, null); - SortedSet<CentralV2RoleFunction> roleFunctionSet = new TreeSet<>(); - for (CentralV2RoleFunction roleFunc : cenRoleFuncList) { - String functionCode = EcompPortalUtils.getFunctionCode(roleFunc.getCode()); - functionCode = EPUserUtils.decodeFunctionCode(functionCode); - String type = getFunctionCodeType(roleFunc.getCode()); - String action = getFunctionCodeAction(roleFunc.getCode()); - CentralV2RoleFunction cenRoleFunc = new CentralV2RoleFunction(role.getId(), functionCode, - roleFunc.getName(), null, type, action, null); - roleFunctionSet.add(cenRoleFunc); - } - SortedSet<CentralV2Role> childRoles = new TreeSet<>(); - SortedSet<CentralV2Role> parentRoles = new TreeSet<>(); - CentralV2Role cenRole = null; - if (role.getAppRoleId() == null) { - cenRole = new CentralV2Role(role.getId(), role.getCreated(), role.getModified(), role.getCreatedId(), - role.getModifiedId(), role.getRowNum(), role.getName(), role.getActive(), role.getPriority(), - roleFunctionSet, childRoles, parentRoles); - } else { - cenRole = new CentralV2Role(role.getAppRoleId(), role.getCreated(), role.getModified(), - role.getCreatedId(), role.getModifiedId(), role.getRowNum(), role.getName(), role.getActive(), - role.getPriority(), roleFunctionSet, childRoles, parentRoles); - } - roleList.add(cenRole); - } - return roleList; - } - - @SuppressWarnings("unchecked") - @Override - public CentralV2RoleFunction getRoleFunction(String functionCode, String uebkey) throws Exception { - String code = EcompPortalUtils.getFunctionCode(functionCode); - String encodedCode = encodeFunctionCode(code); - CentralV2RoleFunction roleFunc = null; - EPApp app = getApp(uebkey).get(0); - List<CentralV2RoleFunction> getRoleFuncList = null; - final Map<String, String> params = new HashMap<>(); - try { - params.put(FUNCTION_CODE_PARAMS, functionCode); - params.put(APP_ID, String.valueOf(app.getId())); - getRoleFuncList = dataAccessService.executeNamedQuery(GET_ROLE_FUNCTION_QUERY, params, null); - if (getRoleFuncList.isEmpty()) { - params.put(FUNCTION_CODE_PARAMS, encodedCode); - getRoleFuncList = dataAccessService.executeNamedQuery(GET_ROLE_FUNCTION_QUERY, params, null); - if (getRoleFuncList.isEmpty()) { - return roleFunc; - } - } - if (getRoleFuncList.size() > 1) { - CentralV2RoleFunction cenV2RoleFunction = appFunctionListFilter(encodedCode, getRoleFuncList); - if (cenV2RoleFunction == null) - return roleFunc; - roleFunc = checkIfPipesExitsInFunctionCode(cenV2RoleFunction); - } else { - // Check even if single record have pipes - if (!getRoleFuncList.isEmpty() && getRoleFuncList.get(0).getCode().contains(FUNCTION_PIPE)) { - roleFunc = checkIfPipesExitsInFunctionCode(getRoleFuncList.get(0)); - } else { - roleFunc = getRoleFuncList.get(0); - } - } - } catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger, "getRoleFunction: failed", e); - throw e; - } - return roleFunc; - } - - private CentralV2RoleFunction checkIfPipesExitsInFunctionCode(CentralV2RoleFunction getRoleFuncList) { - CentralV2RoleFunction roleFunc; - String functionCodeFormat = getRoleFuncList.getCode(); - if (functionCodeFormat.contains(FUNCTION_PIPE)) { - String newfunctionCodeFormat = EcompPortalUtils.getFunctionCode(functionCodeFormat); - String newfunctionTypeFormat = EcompPortalUtils.getFunctionType(functionCodeFormat); - String newfunctionActionFormat = EcompPortalUtils.getFunctionAction(functionCodeFormat); - roleFunc = new CentralV2RoleFunction(getRoleFuncList.getId(), newfunctionCodeFormat, - getRoleFuncList.getName(), getRoleFuncList.getAppId(), newfunctionTypeFormat, - newfunctionActionFormat, getRoleFuncList.getEditUrl()); - } else { - roleFunc = new CentralV2RoleFunction(getRoleFuncList.getId(), functionCodeFormat, getRoleFuncList.getName(), - getRoleFuncList.getAppId(), getRoleFuncList.getEditUrl()); - } - return roleFunc; - } - - @Override - public boolean saveCentralRoleFunction(CentralV2RoleFunction domainCentralRoleFunction, EPApp app) - throws Exception { - boolean saveOrUpdateFunction = false; - try { - domainCentralRoleFunction.setCode(encodeFunctionCode(domainCentralRoleFunction.getCode())); - final Map<String, String> functionParams = new HashMap<>(); - functionParams.put("appId", String.valueOf(app.getId())); - if (EcompPortalUtils.checkIfRemoteCentralAccessAllowed()) { - addRoleFunctionInExternalSystem(domainCentralRoleFunction, app); - } - if (domainCentralRoleFunction.getType() != null && domainCentralRoleFunction.getAction() != null) { - domainCentralRoleFunction.setCode(domainCentralRoleFunction.getType() + FUNCTION_PIPE - + domainCentralRoleFunction.getCode() + FUNCTION_PIPE + domainCentralRoleFunction.getAction()); - } - domainCentralRoleFunction.setAppId(app.getId()); - dataAccessService.saveDomainObject(domainCentralRoleFunction, null); - saveOrUpdateFunction = true; - } catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger, "saveCentralRoleFunction: failed", e); - throw e; - } - return saveOrUpdateFunction; - } - - /** - * It creates application permission in external auth system - * - * @param domainCentralRoleFunction - * @param app - * @throws Exception - */ - private void addRoleFunctionInExternalSystem(CentralV2RoleFunction domainCentralRoleFunction, EPApp app) - throws Exception { - ObjectMapper mapper = new ObjectMapper(); - ExternalAccessPerms extPerms = new ExternalAccessPerms(); - HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth(); - String type = ""; - String instance = ""; - String action = ""; - if ((domainCentralRoleFunction.getType() != null && domainCentralRoleFunction.getAction() != null) - || domainCentralRoleFunction.getCode().contains(FUNCTION_PIPE)) { - type = domainCentralRoleFunction.getCode().contains(FUNCTION_PIPE) - ? EcompPortalUtils.getFunctionType(domainCentralRoleFunction.getCode()) - : domainCentralRoleFunction.getType(); - instance = domainCentralRoleFunction.getCode().contains(FUNCTION_PIPE) - ? EcompPortalUtils.getFunctionCode(domainCentralRoleFunction.getCode()) - : domainCentralRoleFunction.getCode(); - action = domainCentralRoleFunction.getCode().contains(FUNCTION_PIPE) - ? EcompPortalUtils.getFunctionAction(domainCentralRoleFunction.getCode()) - : domainCentralRoleFunction.getAction(); - } else { - type = domainCentralRoleFunction.getCode().contains("menu") ? "menu" : "url"; - instance = domainCentralRoleFunction.getCode(); - action = "*"; - } - // get Permissions from External Auth System - JSONArray extPermsList = getExtAuthPermissions(app); - List<ExternalAccessPermsDetail> permsDetailList = getExtAuthPerrmissonList(app, extPermsList); - String requestedPerm = type + FUNCTION_PIPE + instance + FUNCTION_PIPE + action; - boolean checkIfFunctionsExits = - permsDetailList.stream().anyMatch(permsDetail -> permsDetail.getInstance().equals(requestedPerm)); - if (!checkIfFunctionsExits) { - try { - extPerms.setAction(action); - extPerms.setInstance(instance); - extPerms.setType(app.getNameSpace() + "." + type); - extPerms.setDescription(domainCentralRoleFunction.getName()); - String addFunction = mapper.writeValueAsString(extPerms); - HttpEntity<String> entity = new HttpEntity<>(addFunction, headers); - logger.debug(EELFLoggerDelegate.debugLogger, "addRoleFunctionInExternalSystem: {} for POST: {}", - CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE, addFunction); - ResponseEntity<String> addPermResponse = template.exchange( - SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "perm", - HttpMethod.POST, entity, String.class); - logger.debug(EELFLoggerDelegate.debugLogger, - "addRoleFunctionInExternalSystem: Finished adding permission for POST: {} and status code: {} ", - addPermResponse.getStatusCode().value(), addFunction); - } catch (HttpClientErrorException e) { - logger.error(EELFLoggerDelegate.errorLogger, - "HttpClientErrorException - Failed to add function in external central auth system", e); - EPLogUtil.logExternalAuthAccessAlarm(logger, e.getStatusCode()); - throw e; - } catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger, - "addRoleFunctionInExternalSystem: Failed to add fucntion in external central auth system", e); - throw e; - } - } else { - try { - extPerms.setAction(action); - extPerms.setInstance(instance); - extPerms.setType(app.getNameSpace() + "." + type); - extPerms.setDescription(domainCentralRoleFunction.getName()); - String updateRoleFunction = mapper.writeValueAsString(extPerms); - HttpEntity<String> entity = new HttpEntity<>(updateRoleFunction, headers); - logger.debug(EELFLoggerDelegate.debugLogger, "addRoleFunctionInExternalSystem: {} for PUT: {}", - CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE, updateRoleFunction); - ResponseEntity<String> updatePermResponse = template.exchange( - SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "perm", - HttpMethod.PUT, entity, String.class); - logger.debug(EELFLoggerDelegate.debugLogger, - "addRoleFunctionInExternalSystem: Finished updating permission in External Auth system {} and response: {} ", - updateRoleFunction, updatePermResponse.getStatusCode().value()); - } catch (HttpClientErrorException e) { - logger.error(EELFLoggerDelegate.errorLogger, - "HttpClientErrorException - Failed to add function in external central auth system", e); - EPLogUtil.logExternalAuthAccessAlarm(logger, e.getStatusCode()); - throw e; - } catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger, - "addRoleFunctionInExternalSystem: Failed to update function in external central auth system", - e); - throw e; - } - } - } - - @SuppressWarnings("unchecked") - @Override - @Transactional(rollbackFor = Exception.class) - public boolean deleteCentralRoleFunction(String code, EPApp app) { - boolean deleteFunctionResponse = false; - try { - final Map<String, String> params = new HashMap<>(); - params.put(FUNCTION_CODE_PARAMS, code); - params.put(APP_ID, String.valueOf(app.getId())); - List<CentralV2RoleFunction> domainCentralRoleFunction = - dataAccessService.executeNamedQuery(GET_ROLE_FUNCTION_QUERY, params, null); - CentralV2RoleFunction appFunctionCode = appFunctionListFilter(code, domainCentralRoleFunction); - if (EcompPortalUtils.checkIfRemoteCentralAccessAllowed()) { - deleteRoleFunctionInExternalSystem(appFunctionCode, app); - // Delete role function dependency records - deleteAppRoleFunctions(appFunctionCode.getCode(), app); - } - dataAccessService.deleteDomainObject(appFunctionCode, null); - deleteFunctionResponse = true; - } catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger, "deleteCentralRoleFunction: failed", e); - } - return deleteFunctionResponse; - } - - /** - * It deletes app function record in portal - * - * @param code - * @param app - */ - private void deleteAppRoleFunctions(String code, EPApp app) { - dataAccessService.deleteDomainObjects(EPAppRoleFunction.class, - APP_ID_EQUALS + app.getId() + AND_FUNCTION_CD_EQUALS + code + "'", null); - } - - /** - * - * It deletes permission in the external auth system - * - * @param domainCentralRoleFunction - * @param app - * @throws Exception - */ - private void deleteRoleFunctionInExternalSystem(CentralV2RoleFunction domainCentralRoleFunction, EPApp app) - throws Exception { - try { - ObjectMapper mapper = new ObjectMapper(); - ExternalAccessPerms extPerms = new ExternalAccessPerms(); - String instanceValue = EcompPortalUtils.getFunctionCode(domainCentralRoleFunction.getCode()); - String checkType = getFunctionCodeType(domainCentralRoleFunction.getCode()); - String actionValue = getFunctionCodeAction(domainCentralRoleFunction.getCode()); - HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth(); - extPerms.setAction(actionValue); - extPerms.setInstance(instanceValue); - extPerms.setType(app.getNameSpace() + "." + checkType); - extPerms.setDescription(domainCentralRoleFunction.getName()); - String deleteRoleFunction = mapper.writeValueAsString(extPerms); - HttpEntity<String> entity = new HttpEntity<>(deleteRoleFunction, headers); - logger.debug(EELFLoggerDelegate.debugLogger, "deleteRoleFunctionInExternalSystem: {} for DELETE: {} ", - CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE, deleteRoleFunction); - ResponseEntity<String> delPermResponse = - template.exchange(SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) - + "perm?force=true", HttpMethod.DELETE, entity, String.class); - logger.debug(EELFLoggerDelegate.debugLogger, - "deleteRoleFunctionInExternalSystem: Finished deleting permission in External Auth system {} and status code: {} ", - deleteRoleFunction, delPermResponse.getStatusCode().value()); - } catch (HttpClientErrorException e) { - logger.error(EELFLoggerDelegate.errorLogger, - "HttpClientErrorException - Failed to delete functions in External System", e); - EPLogUtil.logExternalAuthAccessAlarm(logger, e.getStatusCode()); - } catch (Exception e) { - if (e.getMessage().equalsIgnoreCase("404 Not Found")) { - logger.debug(EELFLoggerDelegate.debugLogger, - " deleteRoleFunctionInExternalSystem: It seems like function is already deleted in external central auth system but exists in local DB", - e.getMessage()); - } else { - logger.error(EELFLoggerDelegate.errorLogger, - "deleteRoleFunctionInExternalSystem: Failed to delete functions in External System", e); - } - } - } - - @Override - public ExternalRequestFieldsValidator saveRoleForApplication(Role saveRole, String uebkey) throws Exception { - boolean response = false; - String message = ""; - try { - EPApp app = getApp(uebkey).get(0); - addRoleInEcompDB(saveRole, app); - response = true; - } catch (Exception e) { - message = e.getMessage(); - logger.error(EELFLoggerDelegate.errorLogger, "saveRoleForApplication failed", e); - } - return new ExternalRequestFieldsValidator(response, message); - } - - @SuppressWarnings("unchecked") - @Override - public boolean deleteRoleForApplication(String deleteRole, String uebkey) throws Exception { - Session localSession = sessionFactory.openSession(); - Transaction transaction = null; - boolean result = false; - try { - List<EPRole> epRoleList = null; - EPApp app = getApp(uebkey).get(0); - final Map<String, String> deleteRoleParams = new HashMap<>(); - deleteRoleParams.put(APP_ROLE_NAME_PARAM, deleteRole); - if (app.getId().equals(PortalConstants.PORTAL_APP_ID)) { - epRoleList = dataAccessService.executeNamedQuery(GET_PORTAL_APP_ROLES_QUERY, deleteRoleParams, null); - } else { - deleteRoleParams.put(APP_ID, String.valueOf(app.getId())); - epRoleList = dataAccessService.executeNamedQuery(GET_ROLE_TO_UPDATE_IN_EXTERNAL_AUTH_SYSTEM, - deleteRoleParams, null); - } - if (!epRoleList.isEmpty()) { - transaction = localSession.beginTransaction(); - // Delete app role functions before deleting role - deleteRoleFunction(app, epRoleList); - if (app.getId() == 1) { - // Delete fn_user_ role - dataAccessService.deleteDomainObjects(EPUserApp.class, - APP_ID_EQUALS + app.getId() + " and role_id = " + epRoleList.get(0).getId(), null); - boolean isPortalRequest = false; - deleteRoleDependencyRecords(localSession, epRoleList.get(0).getId(), app.getId(), isPortalRequest); - } - deleteRoleInExternalAuthSystem(epRoleList, app); - transaction.commit(); - logger.debug(EELFLoggerDelegate.debugLogger, "deleteRoleForApplication: committed the transaction"); - dataAccessService.deleteDomainObject(epRoleList.get(0), null); - } - result = true; - } catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger, "deleteRoleForApplication: failed", e); - result = false; - } finally { - localSession.close(); - } - return result; - } - - /** - * - * It deletes role for application in external auth system - * - * @param epRoleList contains role information - * @param app contains application information - * @throws Exception - */ - private void deleteRoleInExternalAuthSystem(List<EPRole> epRoleList, EPApp app) throws Exception { - ResponseEntity<String> deleteResponse; - ResponseEntity<String> res = getNameSpaceIfExists(app); - if (res.getStatusCode() == HttpStatus.OK) { - // Delete Role in External System - String deleteRoleKey = "{\"name\":\"" + app.getNameSpace() + "." + epRoleList.get(0).getName() - .replaceAll(EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_") + "\"}"; - deleteResponse = deleteRoleInExternalSystem(deleteRoleKey); - if (deleteResponse.getStatusCode().value() != 200 && deleteResponse.getStatusCode().value() != 404) { - EPLogUtil.logExternalAuthAccessAlarm(logger, deleteResponse.getStatusCode()); - logger.error(EELFLoggerDelegate.errorLogger, - "deleteRoleForApplication: Failed to delete role in external auth system! due to {} ", - deleteResponse.getBody()); - } - logger.debug(EELFLoggerDelegate.debugLogger, "deleteRoleForApplication: about to commit the transaction"); - } - } - - /** - * - * It deletes application user role in external auth system - * - * @param role - * @param app - * @param LoginId - * @throws Exception - */ - private void deleteUserRoleInExternalSystem(EPRole role, EPApp app, String LoginId) throws Exception { - HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth(); - HttpEntity<String> entity = new HttpEntity<>(headers); - getNameSpaceIfExists(app); - logger.debug(EELFLoggerDelegate.debugLogger, "deleteUserRoleInExternalSystem: {} ", - CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE); - ResponseEntity<String> getResponse = template.exchange( - SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "userRole/" - + LoginId - + SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_USER_DOMAIN) - + "/" + app.getNameSpace() + "." - + role.getName() - .replaceAll(EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_"), - HttpMethod.GET, entity, String.class); - logger.debug(EELFLoggerDelegate.debugLogger, - "deleteUserRoleInExternalSystem: Finished GET user roles from External Auth system and response: {} ", - getResponse.getBody()); - if (getResponse.getStatusCode().value() != 200) { - throw new ExternalAuthSystemException(getResponse.getBody()); - } - String res = getResponse.getBody(); - if (!res.equals(IS_EMPTY_JSON_STRING)) { - HttpEntity<String> userRoleentity = new HttpEntity<>(headers); - logger.debug(EELFLoggerDelegate.debugLogger, "deleteUserRoleInExternalSystem: {} ", - CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE); - ResponseEntity<String> deleteResponse = template.exchange( - SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "userRole/" - + LoginId - + SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_USER_DOMAIN) - + "/" + app.getNameSpace() + "." - + role.getName().replaceAll( - EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_"), - HttpMethod.DELETE, userRoleentity, String.class); - if (deleteResponse.getStatusCode().value() != 200) { - throw new ExternalAuthSystemException("Failed to delete user role"); - } - logger.debug(EELFLoggerDelegate.debugLogger, - "deleteUserRoleInExternalSystem: Finished deleting user role in External Auth system and status code: {} ", - deleteResponse.getStatusCode().value()); - } - } - - @SuppressWarnings("unchecked") - @Override - public List<CentralV2Role> getActiveRoles(String uebkey) throws Exception { - List<CentralV2Role> roleList = new ArrayList<>(); - try { - List<EPApp> app = getApp(uebkey); - final Map<String, Long> params = new HashMap<>(); - // check if portal - Long appId = null; - if (!app.get(0).getId().equals(PortalConstants.PORTAL_APP_ID)) { - appId = app.get(0).getId(); - } - List<Criterion> restrictionsList = new ArrayList<Criterion>(); - Criterion active_ynCrt = Restrictions.eq("active", Boolean.TRUE); - Criterion appIdCrt; - if (appId == null) - appIdCrt = Restrictions.isNull("appId"); - else - appIdCrt = Restrictions.eq("appId", appId); - Criterion andCrit = Restrictions.and(active_ynCrt, appIdCrt); - restrictionsList.add(andCrit); - List<EPRole> epRole = (List<EPRole>) dataAccessService.getList(EPRole.class, null, restrictionsList, null); - roleList = createCentralRoleObject(app, epRole, roleList, params); - List<CentralV2Role> globalRoleList = getGlobalRolesOfApplication(app.get(0).getId()); - if (globalRoleList.size() > 0) - roleList.addAll(globalRoleList); - } catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger, "getActiveRoles: failed", e); - throw e; - } - return roleList; - } - - @Override - @Transactional(rollbackFor = Exception.class) - public ExternalRequestFieldsValidator deleteDependencyRoleRecord(Long roleId, String uebkey, String LoginId) - throws Exception { - Session localSession = sessionFactory.openSession(); - String message = ""; - Transaction transaction = null; - boolean response = false; - EPApp app = null; - try { - transaction = localSession.beginTransaction(); - List<EPRole> epRoleList = null; - app = getApp(uebkey).get(0); - if (app.getId().equals(PortalConstants.PORTAL_APP_ID)) { - epRoleList = getPortalAppRoleInfo(roleId); - } else { - epRoleList = getPartnerAppRoleInfo(roleId, app); - } - if (EcompPortalUtils.checkIfRemoteCentralAccessAllowed()) { - // Delete User Role in External System before deleting role - deleteUserRoleInExternalSystem(epRoleList.get(0), app, LoginId); - } - // Delete user app roles - dataAccessService.deleteDomainObjects(EPUserApp.class, - APP_ID_EQUALS + app.getId() + " and role_id = " + epRoleList.get(0).getId(), null); - boolean isPortalRequest = false; - deleteRoleDependencyRecords(localSession, epRoleList.get(0).getId(), app.getId(), isPortalRequest); - transaction.commit(); - if (EcompPortalUtils.checkIfRemoteCentralAccessAllowed()) { - // Final call to delete role once all dependencies has been - // deleted - deleteRoleInExternalAuthSystem(epRoleList, app); - } - dataAccessService.deleteDomainObjects(EPRole.class, " role_id = " + epRoleList.get(0).getId(), null); - logger.debug(EELFLoggerDelegate.debugLogger, "deleteDependencyRoleRecord: committed the transaction"); - response = true; - } catch (HttpClientErrorException e) { - logger.error(EELFLoggerDelegate.errorLogger, "deleteDependencyRoleRecord: HttpClientErrorException", e); - EPLogUtil.logExternalAuthAccessAlarm(logger, e.getStatusCode()); - message = e.getMessage(); - } catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger, "deleteDependencyRoleRecord failed", e); - EcompPortalUtils.rollbackTransaction(transaction, - "deleteDependencyRoleRecord rollback, exception = " + e.toString()); - message = e.getMessage(); - } finally { - localSession.close(); - } - return new ExternalRequestFieldsValidator(response, message); - } - - @Override - @SuppressWarnings("unchecked") - @Transactional - public void syncRoleFunctionFromExternalAccessSystem(EPApp app) { - try { - // get Permissions from External Auth System - JSONArray extPerms = getExtAuthPermissions(app); - List<ExternalAccessPermsDetail> permsDetailList = getExtAuthPerrmissonList(app, extPerms); - // get functions in DB - final Map<String, Long> params = new HashMap<>(); - final Map<String, CentralV2RoleFunction> roleFuncMap = new HashMap<>(); - params.put(APP_ID, app.getId()); - List<CentralV2RoleFunction> appFunctions = - dataAccessService.executeNamedQuery("getAllRoleFunctions", params, null); - if (!appFunctions.isEmpty()) { - for (CentralV2RoleFunction roleFunc : appFunctions) { - roleFuncMap.put(roleFunc.getCode(), roleFunc); - } - } - // get Roles for portal in DB - List<EPRole> portalRoleList = getGlobalRolesOfPortal(); - final Map<String, EPRole> existingPortalRolesMap = new HashMap<>(); - for (EPRole epRole : portalRoleList) { - existingPortalRolesMap.put(epRole.getName().replaceAll( - EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_"), epRole); - } - // get Roles in DB - final Map<String, EPRole> currentRolesInDB = getAppRoleNamesWithUnderscoreMap(app); - // store External Permissions with Pipe and without Pipe (just - // instance) - final Map<String, ExternalAccessPermsDetail> extAccessPermsContainsPipeMap = new HashMap<>(); - final Map<String, ExternalAccessPermsDetail> extAccessPermsMap = new HashMap<>(); - for (ExternalAccessPermsDetail permsDetailInfoWithPipe : permsDetailList) { - extAccessPermsContainsPipeMap.put(permsDetailInfoWithPipe.getInstance(), permsDetailInfoWithPipe); - String finalFunctionCodeVal = EcompPortalUtils.getFunctionCode(permsDetailInfoWithPipe.getInstance()); - extAccessPermsMap.put(finalFunctionCodeVal, permsDetailInfoWithPipe); - } - // Add if new functions and app role functions were added in - // external auth system - for (ExternalAccessPermsDetail permsDetail : permsDetailList) { - String code = permsDetail.getInstance(); - CentralV2RoleFunction getFunctionCodeKey = roleFuncMap.get(permsDetail.getInstance()); - List<CentralV2RoleFunction> roleFunctionList = - addGetLocalFunction(app, roleFuncMap, permsDetail, code, getFunctionCodeKey); - List<String> roles = permsDetail.getRoles(); - if (roles != null) { - // Check if function has any roles and which does not exist - // in External Auth System. If exists delete in local - addRemoveIfFunctionsRolesIsSyncWithExternalAuth(app, currentRolesInDB, roleFunctionList, roles, - existingPortalRolesMap); - } - } - // Check if function does exits in External Auth System but exits in - // local then delete function and its dependencies - for (CentralV2RoleFunction roleFunc : appFunctions) { - try { - ExternalAccessPermsDetail getFunctionCodeContainsPipeKey = - extAccessPermsContainsPipeMap.get(roleFunc.getCode()); - if (null == getFunctionCodeContainsPipeKey) { - ExternalAccessPermsDetail getFunctionCodeKey = extAccessPermsMap.get(roleFunc.getCode()); - if (null == getFunctionCodeKey) { - deleteAppRoleFuncDoesNotExitsInExtSystem(app, roleFunc); - } - } - } catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger, - "syncRoleFunctionFromExternalAccessSystem: Failed to delete function", e); - } - } - logger.debug(EELFLoggerDelegate.debugLogger, - "syncRoleFunctionFromExternalAccessSystem: Finished syncRoleFunctionFromExternalAccessSystem"); - } catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger, - "syncRoleFunctionFromExternalAccessSystem: Failed syncRoleFunctionFromExternalAccessSystem", e); - } - } - - @SuppressWarnings("unchecked") - private void addRemoveIfFunctionsRolesIsSyncWithExternalAuth(EPApp app, final Map<String, EPRole> currentRolesInDB, - List<CentralV2RoleFunction> roleFunctionList, List<String> roles, - Map<String, EPRole> existingPortalRolesMap) throws Exception { - if (!roleFunctionList.isEmpty()) { - final Map<String, String> appRoleFuncParams = new HashMap<>(); - final Map<String, LocalRole> currentAppRoleFunctionsMap = new HashMap<>(); - final Map<String, String> currentRolesInExtSystem = new HashMap<>(); - appRoleFuncParams.put("functionCd", roleFunctionList.get(0).getCode()); - appRoleFuncParams.put("appId", String.valueOf(app.getId())); - List<LocalRole> localRoleList = - dataAccessService.executeNamedQuery("getCurrentAppRoleFunctions", appRoleFuncParams, null); - for (LocalRole localRole : localRoleList) { - currentAppRoleFunctionsMap.put(localRole.getRolename().replaceAll( - EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_"), localRole); - } - for (String addRole : roles) { - currentRolesInExtSystem.put(addRole.substring(addRole.indexOf(FUNCTION_PIPE) + 1), addRole); - } - for (String extAuthrole : roles) { - String roleNameSpace = extAuthrole.substring(0, extAuthrole.indexOf(FUNCTION_PIPE)); - boolean isNameSpaceMatching = - EcompPortalUtils.checkNameSpaceMatching(roleNameSpace, app.getNameSpace()); - if (isNameSpaceMatching) { - if (!currentAppRoleFunctionsMap - .containsKey(extAuthrole.substring(app.getNameSpace().length() + 1))) { - EPRole localAddFuntionRole = - currentRolesInDB.get(extAuthrole.substring(app.getNameSpace().length() + 1)); - if (localAddFuntionRole == null) { - checkAndAddRoleInDB(app, currentRolesInDB, roleFunctionList, extAuthrole); - } else { - EPAppRoleFunction addAppRoleFunc = new EPAppRoleFunction(); - addAppRoleFunc.setAppId(app.getId()); - addAppRoleFunc.setCode(roleFunctionList.get(0).getCode()); - addAppRoleFunc.setRoleId(localAddFuntionRole.getId()); - dataAccessService.saveDomainObject(addAppRoleFunc, null); - } - } - // This block is to save global role function if exists - } else { - String extAuthAppRoleName = extAuthrole.substring(extAuthrole.indexOf(FUNCTION_PIPE) + 1); - boolean checkIfGlobalRoleExists = existingPortalRolesMap.containsKey(extAuthAppRoleName); - if (checkIfGlobalRoleExists) { - final Map<String, Long> params = new HashMap<>(); - EPRole role = existingPortalRolesMap.get(extAuthAppRoleName); - EPAppRoleFunction addGlobalRoleFunctions = new EPAppRoleFunction(); - params.put("appId", app.getId()); - params.put("roleId", role.getId()); - List<EPAppRoleFunction> currentGlobalRoleFunctionsList = - dataAccessService.executeNamedQuery("getAppRoleFunctionOnRoleIdandAppId", params, null); - boolean checkIfRoleFunctionExists = currentGlobalRoleFunctionsList.stream() - .anyMatch(currentGlobalRoleFunction -> currentGlobalRoleFunction.getCode() - .equals(roleFunctionList.get(0).getCode())); - if (role != null && !checkIfRoleFunctionExists) { - addGlobalRoleFunctions.setAppId(app.getId()); - addGlobalRoleFunctions.setRoleId(role.getId()); - if (!app.getId().equals(role.getAppRoleId())) { - addGlobalRoleFunctions.setRoleAppId((PortalConstants.PORTAL_APP_ID).toString()); - } else { - addGlobalRoleFunctions.setRoleAppId(null); - } - addGlobalRoleFunctions.setCode(roleFunctionList.get(0).getCode()); - dataAccessService.saveDomainObject(addGlobalRoleFunctions, null); - } - } - } - } - for (LocalRole localRoleDelete : localRoleList) { - if (!currentRolesInExtSystem.containsKey(localRoleDelete.getRolename() - .replaceAll(EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_"))) { - dataAccessService.deleteDomainObjects(EPAppRoleFunction.class, - APP_ID_EQUALS + app.getId() + AND_FUNCTION_CD_EQUALS + roleFunctionList.get(0).getCode() - + "'" + " and role_id = " + localRoleDelete.getRoleId().longValue(), - null); - } - } - } - } - - private void deleteAppRoleFuncDoesNotExitsInExtSystem(EPApp app, CentralV2RoleFunction roleFunc) { - logger.debug(EELFLoggerDelegate.debugLogger, - "syncRoleFunctionFromExternalAccessSystem: Deleting app role function {}", roleFunc.getCode()); - dataAccessService.deleteDomainObjects(EPAppRoleFunction.class, - APP_ID_EQUALS + app.getId() + AND_FUNCTION_CD_EQUALS + roleFunc.getCode() + "'", null); - logger.debug(EELFLoggerDelegate.debugLogger, - "syncRoleFunctionFromExternalAccessSystem: Deleted app role function {}", roleFunc.getCode()); - logger.debug(EELFLoggerDelegate.debugLogger, - "syncRoleFunctionFromExternalAccessSystem: Deleting app function {}", roleFunc.getCode()); - dataAccessService.deleteDomainObjects(CentralV2RoleFunction.class, - APP_ID_EQUALS + app.getId() + AND_FUNCTION_CD_EQUALS + roleFunc.getCode() + "'", null); - logger.debug(EELFLoggerDelegate.debugLogger, - "syncRoleFunctionFromExternalAccessSystem: Deleted app function {}", roleFunc.getCode()); - } - - private void checkAndAddRoleInDB(EPApp app, final Map<String, EPRole> currentRolesInDB, - List<CentralV2RoleFunction> roleFunctionList, String roleList) throws Exception { - if (!currentRolesInDB.containsKey(roleList.substring(app.getNameSpace().length() + 1))) { - Role role = addRoleInDBIfDoesNotExists(app, roleList.substring(app.getNameSpace().length() + 1)); - addRoleDescriptionInExtSystem(role, app); - if (!roleFunctionList.isEmpty()) { - try { - if (!roleFunctionList.isEmpty()) { - EPAppRoleFunction addAppRoleFunc = new EPAppRoleFunction(); - addAppRoleFunc.setAppId(app.getId()); - addAppRoleFunc.setCode(roleFunctionList.get(0).getCode()); - addAppRoleFunc.setRoleId(role.getId()); - dataAccessService.saveDomainObject(addAppRoleFunc, null); - } - } catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger, - "syncRoleFunctionFromExternalAccessSystem: Failed to save app role function ", e); - } - } - } - } - - @SuppressWarnings("unchecked") - private List<CentralV2RoleFunction> addGetLocalFunction(EPApp app, - final Map<String, CentralV2RoleFunction> roleFuncMap, ExternalAccessPermsDetail permsDetail, String code, - CentralV2RoleFunction getFunctionCodeKey) { - String finalFunctionCodeVal = - addToLocalIfFunctionNotExists(app, roleFuncMap, permsDetail, code, getFunctionCodeKey); - final Map<String, String> appSyncFuncsParams = new HashMap<>(); - appSyncFuncsParams.put("appId", String.valueOf(app.getId())); - appSyncFuncsParams.put("functionCd", finalFunctionCodeVal); - List<CentralV2RoleFunction> roleFunctionList = null; - roleFunctionList = - dataAccessService.executeNamedQuery("getAppFunctionOnCodeAndAppId", appSyncFuncsParams, null); - if (roleFunctionList.isEmpty()) { - appSyncFuncsParams.put("functionCd", code); - roleFunctionList = - dataAccessService.executeNamedQuery("getAppFunctionOnCodeAndAppId", appSyncFuncsParams, null); - } - return roleFunctionList; - } - - private String addToLocalIfFunctionNotExists(EPApp app, final Map<String, CentralV2RoleFunction> roleFuncMap, - ExternalAccessPermsDetail permsDetail, String code, CentralV2RoleFunction getFunctionCodeKey) { - String finalFunctionCodeVal = ""; - if (null == getFunctionCodeKey) { - finalFunctionCodeVal = EcompPortalUtils.getFunctionCode(permsDetail.getInstance()); - CentralV2RoleFunction checkIfCodeStillExits = roleFuncMap.get(finalFunctionCodeVal); - // If function does not exist in local then add! - if (null == checkIfCodeStillExits) { - logger.debug(EELFLoggerDelegate.debugLogger, - "syncRoleFunctionFromExternalAccessSystem: Adding function: {} ", code); - addFunctionInEcompDB(app, permsDetail, code); - logger.debug(EELFLoggerDelegate.debugLogger, - "syncRoleFunctionFromExternalAccessSystem: Finished adding function: {} ", code); - } - } - return finalFunctionCodeVal; - } - - @SuppressWarnings("unchecked") - @Override - public Map<String, EPRole> getAppRoleNamesWithUnderscoreMap(EPApp app) { - final Map<String, EPRole> currentRolesInDB = new HashMap<>(); - List<EPRole> getCurrentRoleList = null; - final Map<String, Long> appParams = new HashMap<>(); - if (app.getId().equals(PortalConstants.PORTAL_APP_ID)) { - getCurrentRoleList = dataAccessService.executeNamedQuery("getPortalAppRolesList", null, null); - } else { - appParams.put("appId", app.getId()); - getCurrentRoleList = dataAccessService.executeNamedQuery("getPartnerAppRolesList", appParams, null); - } - for (EPRole role : getCurrentRoleList) { - currentRolesInDB.put(role.getName() - .replaceAll(EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_"), role); - } - return currentRolesInDB; - } - - @SuppressWarnings("unchecked") - private Map<String, EPRole> getAppRoleNamesMap(EPApp app) { - final Map<String, EPRole> currentRolesInDB = new HashMap<>(); - List<EPRole> getCurrentRoleList = null; - final Map<String, Long> appParams = new HashMap<>(); - if (app.getId().equals(PortalConstants.PORTAL_APP_ID)) { - getCurrentRoleList = dataAccessService.executeNamedQuery("getPortalAppRolesList", null, null); - } else { - appParams.put("appId", app.getId()); - getCurrentRoleList = dataAccessService.executeNamedQuery("getPartnerAppRolesList", appParams, null); - } - for (EPRole role : getCurrentRoleList) { - currentRolesInDB.put(role.getName(), role); - } - return currentRolesInDB; - } - - private List<ExternalAccessPermsDetail> getExtAuthPerrmissonList(EPApp app, JSONArray extPerms) throws IOException { - ExternalAccessPermsDetail permDetails = null; - List<ExternalAccessPermsDetail> permsDetailList = new ArrayList<>(); - for (int i = 0; i < extPerms.length(); i++) { - String description = null; - if (extPerms.getJSONObject(i).has("description")) { - description = extPerms.getJSONObject(i).getString(EXTERNAL_AUTH_ROLE_DESCRIPTION); - } else { - description = extPerms.getJSONObject(i).getString("type") + "|" - + extPerms.getJSONObject(i).getString("instance") + "|" - + extPerms.getJSONObject(i).getString("action"); - } - if (extPerms.getJSONObject(i).has("roles")) { - ObjectMapper rolesListMapper = new ObjectMapper(); - JSONArray resRoles = extPerms.getJSONObject(i).getJSONArray("roles"); - List<String> list = rolesListMapper.readValue(resRoles.toString(), - TypeFactory.defaultInstance().constructCollectionType(List.class, String.class)); - permDetails = new ExternalAccessPermsDetail(extPerms.getJSONObject(i).getString("type"), - extPerms.getJSONObject(i).getString("type").substring(app.getNameSpace().length() + 1) - + FUNCTION_PIPE + extPerms.getJSONObject(i).getString("instance") + FUNCTION_PIPE - + extPerms.getJSONObject(i).getString("action"), - extPerms.getJSONObject(i).getString("action"), list, description); - permsDetailList.add(permDetails); - } else { - permDetails = new ExternalAccessPermsDetail(extPerms.getJSONObject(i).getString("type"), - extPerms.getJSONObject(i).getString("type").substring(app.getNameSpace().length() + 1) - + FUNCTION_PIPE + extPerms.getJSONObject(i).getString("instance") + FUNCTION_PIPE - + extPerms.getJSONObject(i).getString("action"), - extPerms.getJSONObject(i).getString("action"), description); - permsDetailList.add(permDetails); - } - } - return permsDetailList; - } - - private JSONArray getExtAuthPermissions(EPApp app) throws Exception { - ResponseEntity<String> response = null; - HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth(); - HttpEntity<String> entity = new HttpEntity<>(headers); - logger.debug(EELFLoggerDelegate.debugLogger, "syncRoleFunctionFromExternalAccessSystem: {} ", - CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE); - response = template.exchange(SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) - + "perms/ns/" + app.getNameSpace(), HttpMethod.GET, entity, String.class); - String res = response.getBody(); - logger.debug(EELFLoggerDelegate.debugLogger, - "syncRoleFunctionFromExternalAccessSystem: Finished GET permissions from External Auth system and response: {} ", - response.getBody()); - JSONObject jsonObj = new JSONObject(res); - JSONArray extPerms = jsonObj.getJSONArray("perm"); - for (int i = 0; i < extPerms.length(); i++) { - if (extPerms.getJSONObject(i).getString("type").equals(app.getNameSpace() + ".access")) { - extPerms.remove(i); - i--; - } - } - return extPerms; - } - - /** - * - * Add function into local DB - * - * @param app - * @param permsDetail - * @param code - */ - private void addFunctionInEcompDB(EPApp app, ExternalAccessPermsDetail permsDetail, String code) { - try { - CentralV2RoleFunction addFunction = new CentralV2RoleFunction(); - addFunction.setAppId(app.getId()); - addFunction.setCode(code); - addFunction.setName(permsDetail.getDescription()); - dataAccessService.saveDomainObject(addFunction, null); - } catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger, "addFunctionInEcompDB: Failed to add function", e); - } - } - - /** - * - * It updates description of a role in external auth system - * - * @param role - * @param app - * @throws Exception - */ - private boolean addRoleDescriptionInExtSystem(Role role, EPApp app) throws Exception { - boolean status = false; - try { - String addRoleNew = updateExistingRoleInExternalSystem(role, app); - HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth(); - HttpEntity<String> entity = new HttpEntity<>(addRoleNew, headers); - template.exchange( - SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "role", - HttpMethod.PUT, entity, String.class); - status = true; - } catch (HttpClientErrorException e) { - logger.error(EELFLoggerDelegate.errorLogger, - "HttpClientErrorException - Failed to addRoleDescriptionInExtSystem", e); - EPLogUtil.logExternalAuthAccessAlarm(logger, e.getStatusCode()); - } catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger, "addRoleDescriptionInExtSystem: Failed", e); - } - return status; - } - - /** - * - * While sync functions form external auth system if new role found we should add in local and - * return Role.class object - * - * @param app - * @param role - * @return - */ - @SuppressWarnings("unchecked") - private Role addRoleInDBIfDoesNotExists(EPApp app, String role) { - Role setNewRole = new Role(); - try { - // functions can have new role created in External Auth System - // prevent - // duplication here - boolean isCreated = checkIfRoleExitsElseCreateInSyncFunctions(role, app); - final Map<String, String> getRoleByNameParams = new HashMap<>(); - List<EPRole> getRoleCreated = null; - getRoleByNameParams.put(APP_ROLE_NAME_PARAM, role); - if (!app.getId().equals(PortalConstants.PORTAL_APP_ID)) { - getRoleByNameParams.put("appId", String.valueOf(app.getId())); - List<EPRole> roleCreated = dataAccessService - .executeNamedQuery(GET_ROLE_TO_UPDATE_IN_EXTERNAL_AUTH_SYSTEM, getRoleByNameParams, null); - if (!isCreated) { - EPRole epUpdateRole = roleCreated.get(0); - epUpdateRole.setAppRoleId(epUpdateRole.getId()); - dataAccessService.saveDomainObject(epUpdateRole, null); - getRoleCreated = dataAccessService.executeNamedQuery(GET_ROLE_TO_UPDATE_IN_EXTERNAL_AUTH_SYSTEM, - getRoleByNameParams, null); - } else { - getRoleCreated = roleCreated; - } - } else { - getRoleCreated = - dataAccessService.executeNamedQuery(GET_PORTAL_APP_ROLES_QUERY, getRoleByNameParams, null); - } - if (getRoleCreated != null && !getRoleCreated.isEmpty()) { - EPRole roleObject = getRoleCreated.get(0); - setNewRole.setId(roleObject.getId()); - setNewRole.setName(roleObject.getName()); - setNewRole.setActive(roleObject.getActive()); - setNewRole.setPriority(roleObject.getPriority()); - } - } catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger, "addRoleInDBIfDoesNotExists: Failed", e); - } - return setNewRole; - } - - @SuppressWarnings("unchecked") - private boolean checkIfRoleExitsElseCreateInSyncFunctions(String role, EPApp app) { - boolean isCreated = false; - final Map<String, String> roleParams = new HashMap<>(); - roleParams.put(APP_ROLE_NAME_PARAM, role); - List<EPRole> roleCreated = null; - if (app.getId().equals(PortalConstants.PORTAL_APP_ID)) { - roleCreated = dataAccessService.executeNamedQuery(GET_PORTAL_APP_ROLES_QUERY, roleParams, null); - } else { - roleParams.put("appId", String.valueOf(app.getId())); - roleCreated = - dataAccessService.executeNamedQuery(GET_ROLE_TO_UPDATE_IN_EXTERNAL_AUTH_SYSTEM, roleParams, null); - } - if (roleCreated == null || roleCreated.isEmpty()) { - roleParams.put("appId", String.valueOf(app.getId())); - EPRole epRoleNew = new EPRole(); - epRoleNew.setActive(true); - epRoleNew.setName(role); - if (app.getId().equals(PortalConstants.PORTAL_APP_ID)) { - epRoleNew.setAppId(null); - } else { - epRoleNew.setAppId(app.getId()); - } - dataAccessService.saveDomainObject(epRoleNew, null); - isCreated = false; - } else { - isCreated = true; - } - return isCreated; - } - - @Override - @SuppressWarnings("unchecked") - public Integer bulkUploadFunctions(String uebkey) throws Exception { - EPApp app = getApp(uebkey).get(0); - List<RoleFunction> roleFuncList = dataAccessService.executeNamedQuery("getAllFunctions", null, null); - CentralV2RoleFunction cenRoleFunc = null; - Integer functionsAdded = 0; - try { - for (RoleFunction roleFunc : roleFuncList) { - cenRoleFunc = new CentralV2RoleFunction(roleFunc.getCode(), roleFunc.getName()); - addRoleFunctionInExternalSystem(cenRoleFunc, app); - functionsAdded++; - } - } catch (HttpClientErrorException e) { - logger.error(EELFLoggerDelegate.errorLogger, "HttpClientErrorException - bulkUploadFunctions failed", e); - EPLogUtil.logExternalAuthAccessAlarm(logger, e.getStatusCode()); - } catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger, "bulkUploadFunctions: failed", e.getMessage(), e); - } - return functionsAdded; - } - - @Override - public Integer bulkUploadRoles(String uebkey) throws Exception { - List<EPApp> app = getApp(uebkey); - List<EPRole> roles = getAppRoles(app.get(0).getId()); - List<CentralV2Role> cenRoleList = new ArrayList<>(); - final Map<String, Long> params = new HashMap<>(); - Integer rolesListAdded = 0; - try { - cenRoleList = createCentralRoleObject(app, roles, cenRoleList, params); - ObjectMapper mapper = new ObjectMapper(); - mapper.configure(DeserializationFeature.FAIL_ON_IGNORED_PROPERTIES, false); - String roleList = mapper.writeValueAsString(cenRoleList); - List<Role> roleObjectList = mapper.readValue(roleList, - TypeFactory.defaultInstance().constructCollectionType(List.class, Role.class)); - for (Role role : roleObjectList) { - addRoleInExternalSystem(role, app.get(0)); - rolesListAdded++; - } - if (!app.get(0).getId().equals(PortalConstants.PORTAL_APP_ID)) { - // Add Account Admin role in External AUTH System - try { - String addAccountAdminRole = ""; - ExternalAccessRole extRole = new ExternalAccessRole(); - extRole.setName(app.get(0).getNameSpace() + "." + PortalConstants.ADMIN_ROLE - .replaceAll(EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_")); - addAccountAdminRole = mapper.writeValueAsString(extRole); - HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth(); - HttpEntity<String> entity = new HttpEntity<>(addAccountAdminRole, headers); - template.exchange( - SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "role", - HttpMethod.POST, entity, String.class); - rolesListAdded++; - } catch (HttpClientErrorException e) { - logger.error(EELFLoggerDelegate.errorLogger, - "HttpClientErrorException - Failed to create Account Admin role", e); - EPLogUtil.logExternalAuthAccessAlarm(logger, e.getStatusCode()); - } catch (Exception e) { - if (e.getMessage().equalsIgnoreCase("409 Conflict")) { - logger.error(EELFLoggerDelegate.errorLogger, - "bulkUploadRoles: Account Admin Role already exits but does not break functionality", - e); - } else { - logger.error(EELFLoggerDelegate.errorLogger, - "bulkUploadRoles: Failed to create Account Admin role", e.getMessage()); - } - } - } - } catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger, "bulkUploadRoles: failed", e); - throw e; - } - return rolesListAdded; - } - - /** - * It creating new role in external auth system while doing bulk upload - * - * @param role - * @param app - * @throws Exception - */ - private void addRoleInExternalSystem(Role role, EPApp app) throws Exception { - String addRoleNew = updateExistingRoleInExternalSystem(role, app); - HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth(); - try { - HttpEntity<String> entity = new HttpEntity<>(addRoleNew, headers); - template.exchange( - SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "role", - HttpMethod.POST, entity, String.class); - } catch (HttpClientErrorException e) { - logger.error(EELFLoggerDelegate.errorLogger, "HttpClientErrorException - Failed to addRoleInExternalSystem", - e); - EPLogUtil.logExternalAuthAccessAlarm(logger, e.getStatusCode()); - } catch (Exception e) { - if (e.getMessage().equalsIgnoreCase("409 Conflict")) { - logger.error(EELFLoggerDelegate.errorLogger, - "addRoleInExternalSystem: Role already exits but does not break functionality", e); - } else { - logger.error(EELFLoggerDelegate.errorLogger, - "addRoleInExternalSystem: Failed to addRoleInExternalSystem", e.getMessage()); - } - } - } - - @Override - @SuppressWarnings("unchecked") - public Integer bulkUploadRolesFunctions(String uebkey) throws Exception { - EPApp app = getApp(uebkey).get(0); - List<EPRole> roles = getAppRoles(app.getId()); - final Map<String, Long> params = new HashMap<>(); - Integer roleFunctions = 0; - try { - for (EPRole role : roles) { - params.put("roleId", role.getId()); - List<BulkUploadRoleFunction> appRoleFunc = - dataAccessService.executeNamedQuery("uploadAllRoleFunctions", params, null); - if (!appRoleFunc.isEmpty()) { - for (BulkUploadRoleFunction addRoleFunc : appRoleFunc) { - addRoleFunctionsInExternalSystem(addRoleFunc, role, app); - roleFunctions++; - } - } - } - } catch (HttpClientErrorException e) { - logger.error(EELFLoggerDelegate.errorLogger, - "HttpClientErrorException - Failed to bulkUploadRolesFunctions", e); - EPLogUtil.logExternalAuthAccessAlarm(logger, e.getStatusCode()); - } catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger, "bulkUploadRolesFunctions: failed", e); - } - return roleFunctions; - } - - /** - * Its adding a role function while doing bulk upload - * - * @param addRoleFunc - * @param role - * @param app - */ - private void addRoleFunctionsInExternalSystem(BulkUploadRoleFunction addRoleFunc, EPRole role, EPApp app) { - String type = ""; - String instance = ""; - String action = ""; - if (addRoleFunc.getFunctionCd().contains(FUNCTION_PIPE)) { - type = EcompPortalUtils.getFunctionType(addRoleFunc.getFunctionCd()); - instance = EcompPortalUtils.getFunctionCode(addRoleFunc.getFunctionCd()); - action = EcompPortalUtils.getFunctionAction(addRoleFunc.getFunctionCd()); - } else { - type = addRoleFunc.getFunctionCd().contains("menu") ? "menu" : "url"; - instance = addRoleFunc.getFunctionCd(); - action = "*"; - } - ExternalAccessRolePerms extRolePerms = null; - ExternalAccessPerms extPerms = null; - ObjectMapper mapper = new ObjectMapper(); - try { - HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth(); - extPerms = new ExternalAccessPerms(app.getNameSpace() + "." + type, instance, action, - addRoleFunc.getFunctionName()); - extRolePerms = new ExternalAccessRolePerms(extPerms, app.getNameSpace() + "." + role.getName() - .replaceAll(EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_")); - String updateRolePerms = mapper.writeValueAsString(extRolePerms); - HttpEntity<String> entity = new HttpEntity<>(updateRolePerms, headers); - template.exchange( - SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "role/perm", - HttpMethod.POST, entity, String.class); - } catch (Exception e) { - if (e.getMessage().equalsIgnoreCase("409 Conflict")) { - logger.error(EELFLoggerDelegate.errorLogger, - "addRoleFunctionsInExternalSystem: RoleFunction already exits but does not break functionality", - e); - } else { - logger.error(EELFLoggerDelegate.errorLogger, - "addRoleFunctionsInExternalSystem: Failed to addRoleFunctionsInExternalSystem", e.getMessage()); - } - } - } - - @SuppressWarnings("unchecked") - @Override - public Integer bulkUploadPartnerFunctions(String uebkey) throws Exception { - EPApp app = getApp(uebkey).get(0); - final Map<String, Long> params = new HashMap<>(); - params.put("appId", app.getId()); - List<CentralV2RoleFunction> roleFuncList = - dataAccessService.executeNamedQuery("getPartnerAppFunctions", params, null); - Integer functionsAdded = 0; - try { - for (CentralV2RoleFunction roleFunc : roleFuncList) { - addFunctionInExternalSystem(roleFunc, app); - functionsAdded++; - } - } catch (HttpClientErrorException e) { - logger.error(EELFLoggerDelegate.errorLogger, "HttpClientErrorException - bulkUploadPartnerFunctions failed", - e); - EPLogUtil.logExternalAuthAccessAlarm(logger, e.getStatusCode()); - } catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger, "bulkUploadPartnerFunctions: failed", e.getMessage(), e); - } - return functionsAdded; - } - - private void addFunctionInExternalSystem(CentralV2RoleFunction roleFunc, EPApp app) throws Exception { - ObjectMapper mapper = new ObjectMapper(); - ExternalAccessPerms extPerms = new ExternalAccessPerms(); - HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth(); - String type = ""; - String instance = ""; - String action = ""; - if ((roleFunc.getCode().contains(FUNCTION_PIPE)) - || (roleFunc.getType() != null && roleFunc.getAction() != null)) { - type = EcompPortalUtils.getFunctionType(roleFunc.getCode()); - instance = EcompPortalUtils.getFunctionCode(roleFunc.getCode()); - action = EcompPortalUtils.getFunctionAction(roleFunc.getCode()); - } else { - type = roleFunc.getCode().contains("menu") ? "menu" : "url"; - instance = roleFunc.getCode(); - action = "*"; - } - try { - extPerms.setAction(action); - extPerms.setInstance(instance); - extPerms.setType(app.getNameSpace() + "." + type); - extPerms.setDescription(roleFunc.getName()); - String addFunction = mapper.writeValueAsString(extPerms); - HttpEntity<String> entity = new HttpEntity<>(addFunction, headers); - logger.debug(EELFLoggerDelegate.debugLogger, "addFunctionInExternalSystem: {} for POST: {}", - CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE, addFunction); - ResponseEntity<String> addPermResponse = template.exchange( - SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "perm", - HttpMethod.POST, entity, String.class); - logger.debug(EELFLoggerDelegate.debugLogger, - "addFunctionInExternalSystem: Finished adding permission for POST: {} and status code: {} ", - addPermResponse.getStatusCode().value(), addFunction); - } catch (HttpClientErrorException e) { - logger.error(EELFLoggerDelegate.errorLogger, - "HttpClientErrorException - Failed to add function in external central auth system", e); - EPLogUtil.logExternalAuthAccessAlarm(logger, e.getStatusCode()); - throw e; - } catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger, - "addFunctionInExternalSystem: Failed to add fucntion in external central auth system", e); - throw e; - } - } - - @Override - public void bulkUploadPartnerRoles(String uebkey, List<Role> roleList) throws Exception { - EPApp app = getApp(uebkey).get(0); - for (Role role : roleList) { - addRoleInExternalSystem(role, app); - } - } - - @SuppressWarnings("unchecked") - @Override - public Integer bulkUploadPartnerRoleFunctions(String uebkey) throws Exception { - EPApp app = getApp(uebkey).get(0); - List<EPRole> roles = getAppRoles(app.getId()); - final Map<String, Long> params = new HashMap<>(); - Integer roleFunctions = 0; - try { - for (EPRole role : roles) { - params.put("roleId", role.getId()); - List<BulkUploadRoleFunction> appRoleFunc = - dataAccessService.executeNamedQuery("uploadPartnerRoleFunctions", params, null); - if (!appRoleFunc.isEmpty()) { - for (BulkUploadRoleFunction addRoleFunc : appRoleFunc) { - addRoleFunctionsInExternalSystem(addRoleFunc, role, app); - roleFunctions++; - } - } - } - // upload global role functions to ext auth system - if (!app.getId().equals(PortalConstants.PORTAL_APP_ID)) { - roleFunctions = bulkUploadGlobalRoleFunctions(app, roleFunctions); - } - } catch (HttpClientErrorException e) { - logger.error(EELFLoggerDelegate.errorLogger, - "HttpClientErrorException - Failed to bulkUploadRolesFunctions", e); - EPLogUtil.logExternalAuthAccessAlarm(logger, e.getStatusCode()); - } catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger, "bulkUploadRolesFunctions: failed", e); - } - return roleFunctions; - } - - @SuppressWarnings("unchecked") - private Integer bulkUploadGlobalRoleFunctions(EPApp app, Integer roleFunctions) throws Exception { - try { - EPApp portalApp = epAppService.getApp(1l); - final Map<String, Long> params = new HashMap<>(); - params.put("appId", app.getId()); - List<GlobalRoleWithApplicationRoleFunction> globalRoleFuncs = - dataAccessService.executeNamedQuery("getBulkUploadPartnerGlobalRoleFunctions", params, null); - ObjectMapper mapper = new ObjectMapper(); - HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth(); - for (GlobalRoleWithApplicationRoleFunction globalRoleFunc : globalRoleFuncs) { - ExternalAccessRolePerms extRolePerms; - ExternalAccessPerms extPerms; - String type = ""; - String instance = ""; - String action = ""; - if (globalRoleFunc.getFunctionCd().contains(FUNCTION_PIPE)) { - type = EcompPortalUtils.getFunctionType(globalRoleFunc.getFunctionCd()); - instance = EcompPortalUtils.getFunctionCode(globalRoleFunc.getFunctionCd()); - action = EcompPortalUtils.getFunctionAction(globalRoleFunc.getFunctionCd()); - } else { - type = globalRoleFunc.getFunctionCd().contains("menu") ? "menu" : "url"; - instance = globalRoleFunc.getFunctionCd(); - action = "*"; - } - extPerms = new ExternalAccessPerms(app.getNameSpace() + "." + type, instance, action); - extRolePerms = new ExternalAccessRolePerms(extPerms, - portalApp.getNameSpace() + "." + globalRoleFunc.getRoleName().replaceAll( - EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_")); - String updateRolePerms = mapper.writeValueAsString(extRolePerms); - HttpEntity<String> entity = new HttpEntity<>(updateRolePerms, headers); - updateRoleFunctionInExternalSystem(updateRolePerms, entity); - roleFunctions++; - } - } catch (HttpClientErrorException e) { - logger.error(EELFLoggerDelegate.errorLogger, - "HttpClientErrorException - Failed to add role function in external central auth system", e); - EPLogUtil.logExternalAuthAccessAlarm(logger, e.getStatusCode()); - throw e; - } catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger, - "bulkUploadGlobalRoleFunctions: Failed to add role fucntion in external central auth system", e); - throw e; - } - return roleFunctions; - } - - @Override - @Transactional - public void syncApplicationRolesWithEcompDB(EPApp app) { - try { - logger.debug(EELFLoggerDelegate.debugLogger, "syncRoleFunctionFromExternalAccessSystem: Started"); - // Sync functions and roles assigned to it which also creates new roles if does - // not exits in portal - syncRoleFunctionFromExternalAccessSystem(app); - logger.debug(EELFLoggerDelegate.debugLogger, "syncRoleFunctionFromExternalAccessSystem: Finished"); - ObjectMapper mapper = new ObjectMapper(); - logger.debug(EELFLoggerDelegate.debugLogger, "Entering to getAppRolesJSONFromExtAuthSystem"); - // Get Permissions from External Auth System - JSONArray extRole = getAppRolesJSONFromExtAuthSystem(app); - logger.debug(EELFLoggerDelegate.debugLogger, "Entering into getExternalRoleDetailsList"); - // refactoring done - List<ExternalRoleDetails> externalRoleDetailsList = getExternalRoleDetailsList(app, mapper, extRole); - List<EPRole> finalRoleList = new ArrayList<>(); - for (ExternalRoleDetails externalRole : externalRoleDetailsList) { - EPRole ecompRole = convertExternalRoleDetailstoEpRole(externalRole); - finalRoleList.add(ecompRole); - } - List<EPRole> applicationRolesList; - applicationRolesList = getAppRoles(app.getId()); - List<String> applicationRoleIdList = new ArrayList<>(); - for (EPRole applicationRole : applicationRolesList) { - applicationRoleIdList.add(applicationRole.getName()); - } - List<EPRole> roleListToBeAddInEcompDB = new ArrayList<>(); - for (EPRole aafRole : finalRoleList) { - if (!applicationRoleIdList.contains(aafRole.getName())) { - roleListToBeAddInEcompDB.add(aafRole); - } - } - logger.debug(EELFLoggerDelegate.debugLogger, "Entering into inactiveRolesNotInExternalAuthSystem"); - // Check if roles exits in external Access system and if not make inactive in DB - inactiveRolesNotInExternalAuthSystem(app, finalRoleList, applicationRolesList); - logger.debug(EELFLoggerDelegate.debugLogger, "Entering into addNewRoleInEcompDBUpdateDescInExtAuthSystem"); - // Add new roles in DB and updates role description in External Auth System - addNewRoleInEcompDBUpdateDescInExtAuthSystem(app, roleListToBeAddInEcompDB); - logger.debug(EELFLoggerDelegate.debugLogger, "syncApplicationRolesWithEcompDB: Finished"); - } catch (HttpClientErrorException e) { - logger.error(EELFLoggerDelegate.errorLogger, - "syncApplicationRolesWithEcompDB: Failed due to the External Auth System", e); - EPLogUtil.logExternalAuthAccessAlarm(logger, e.getStatusCode()); - } catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger, "syncApplicationRolesWithEcompDB: Failed ", e); - } - } - - /** - * - * It adds new roles in DB and updates description in External Auth System - * - * @param app - * @param roleListToBeAddInEcompDB - */ - @SuppressWarnings("unchecked") - private void addNewRoleInEcompDBUpdateDescInExtAuthSystem(EPApp app, List<EPRole> roleListToBeAddInEcompDB) { - EPRole roleToBeAddedInEcompDB; - for (int i = 0; i < roleListToBeAddInEcompDB.size(); i++) { - try { - roleToBeAddedInEcompDB = roleListToBeAddInEcompDB.get(i); - if (app.getId() == 1) { - roleToBeAddedInEcompDB.setAppRoleId(null); - } - dataAccessService.saveDomainObject(roleToBeAddedInEcompDB, null); - List<EPRole> getRoleCreatedInSync = null; - if (!app.getId().equals(PortalConstants.PORTAL_APP_ID)) { - final Map<String, String> globalRoleParams = new HashMap<>(); - globalRoleParams.put("appId", String.valueOf(app.getId())); - globalRoleParams.put("appRoleName", roleToBeAddedInEcompDB.getName()); - getRoleCreatedInSync = dataAccessService - .executeNamedQuery(GET_ROLE_TO_UPDATE_IN_EXTERNAL_AUTH_SYSTEM, globalRoleParams, null); - EPRole epUpdateRole = getRoleCreatedInSync.get(0); - epUpdateRole.setAppRoleId(epUpdateRole.getId()); - dataAccessService.saveDomainObject(epUpdateRole, null); - } - List<EPRole> roleList = new ArrayList<>(); - final Map<String, String> params = new HashMap<>(); - params.put(APP_ROLE_NAME_PARAM, roleToBeAddedInEcompDB.getName()); - boolean isPortalRole = false; - if (app.getId() == 1) { - isPortalRole = true; - roleList = dataAccessService.executeNamedQuery(GET_PORTAL_APP_ROLES_QUERY, params, null); - } else { - isPortalRole = false; - params.put(APP_ID, app.getId().toString()); - roleList = dataAccessService.executeNamedQuery(GET_ROLE_TO_UPDATE_IN_EXTERNAL_AUTH_SYSTEM, params, - null); - } - EPRole role = roleList.get(0); - Role aaFrole = new Role(); - aaFrole.setId(role.getId()); - aaFrole.setActive(role.getActive()); - aaFrole.setPriority(role.getPriority()); - aaFrole.setName(role.getName()); - updateRoleInExternalSystem(aaFrole, app, isPortalRole); - } catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger, - "SyncApplicationRolesWithEcompDB: Failed to add or update role in external auth system", e); - } - } - } - - /** - * - * It checks description in External Auth System if found any changes updates in DB - * - * @param app - * @param finalRoleList contains list of External Auth System roles list which is converted to - * EPRole - */ - @SuppressWarnings("unchecked") - private void checkAndUpdateRoleInDB(EPApp app, List<EPRole> finalRoleList) { - for (EPRole roleItem : finalRoleList) { - final Map<String, String> roleParams = new HashMap<>(); - List<EPRole> currentList = null; - roleParams.put(APP_ROLE_NAME_PARAM, roleItem.getName()); - if (app.getId() == 1) { - currentList = dataAccessService.executeNamedQuery(GET_PORTAL_APP_ROLES_QUERY, roleParams, null); - } else { - roleParams.put(APP_ID, app.getId().toString()); - currentList = dataAccessService.executeNamedQuery(GET_ROLE_TO_UPDATE_IN_EXTERNAL_AUTH_SYSTEM, - roleParams, null); - } - if (!currentList.isEmpty()) { - try { - Boolean aafRoleActive; - Boolean localRoleActive; - boolean result; - aafRoleActive = Boolean.valueOf(roleItem.getActive()); - localRoleActive = Boolean.valueOf(currentList.get(0).getActive()); - result = aafRoleActive.equals(localRoleActive); - EPRole updateRole = currentList.get(0); - if (!result) { - updateRole.setActive(roleItem.getActive()); - dataAccessService.saveDomainObject(updateRole, null); - } - if (roleItem.getPriority() != null - && !currentList.get(0).getPriority().equals(roleItem.getPriority())) { - updateRole.setPriority(roleItem.getPriority()); - dataAccessService.saveDomainObject(updateRole, null); - } - } catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger, - "syncApplicationRolesWithEcompDB: Failed to update role ", e); - } - } - } - } - - /** - * - * It de-activates application roles in DB if not present in External Auth system - * - * @param app - * @param finalRoleList contains list of current roles present in External Auth System - * @param applicationRolesList contains list of current roles present in DB - */ - @SuppressWarnings("unchecked") - private void inactiveRolesNotInExternalAuthSystem(EPApp app, List<EPRole> finalRoleList, - List<EPRole> applicationRolesList) { - final Map<String, EPRole> checkRolesInactive = new HashMap<>(); - for (EPRole extrole : finalRoleList) { - checkRolesInactive.put(extrole.getName(), extrole); - } - for (EPRole role : applicationRolesList) { - try { - final Map<String, String> extRoleParams = new HashMap<>(); - List<EPRole> roleList = null; - extRoleParams.put(APP_ROLE_NAME_PARAM, role.getName()); - if (!checkRolesInactive.containsKey(role.getName() - .replaceAll(EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_"))) { - if (app.getId() == 1) { - roleList = dataAccessService.executeNamedQuery(GET_PORTAL_APP_ROLES_QUERY, extRoleParams, null); - } else { - extRoleParams.put(APP_ID, app.getId().toString()); - roleList = dataAccessService.executeNamedQuery(GET_ROLE_TO_UPDATE_IN_EXTERNAL_AUTH_SYSTEM, - extRoleParams, null); - } - if (!roleList.isEmpty()) { - EPRole updateRoleInactive = roleList.get(0); - updateRoleInactive.setActive(false); - dataAccessService.saveDomainObject(updateRoleInactive, null); - } - } - } catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger, - "syncApplicationRolesWithEcompDB: Failed to de-activate role ", e); - } - } - } - - @Override - @SuppressWarnings("unchecked") - public List<ExternalRoleDetails> getExternalRoleDetailsList(EPApp app, ObjectMapper mapper, JSONArray extRole) - throws IOException { - List<ExternalRoleDetails> externalRoleDetailsList = new ArrayList<>(); - ExternalAccessPerms externalAccessPerms = new ExternalAccessPerms(); - List<String> functionCodelist = new ArrayList<>(); - Map<String, EPRole> curRolesMap = getAppRoleNamesMap(app); - Map<String, EPRole> curRolesUnderscoreMap = getAppRoleNamesWithUnderscoreMap(app); - for (int i = 0; i < extRole.length(); i++) { - ExternalRoleDetails externalRoleDetail = new ExternalRoleDetails(); - EPAppRoleFunction ePAppRoleFunction = new EPAppRoleFunction(); - JSONObject Role = (JSONObject) extRole.get(i); - String name = extRole.getJSONObject(i).getString(ROLE_NAME); - String actualRoleName = name.substring(app.getNameSpace().length() + 1); - if (extRole.getJSONObject(i).has(EXTERNAL_AUTH_ROLE_DESCRIPTION)) { - actualRoleName = extRole.getJSONObject(i).getString(EXTERNAL_AUTH_ROLE_DESCRIPTION); - } - SortedSet<ExternalAccessPerms> externalAccessPermsOfRole = new TreeSet<>(); - if (extRole.getJSONObject(i).has(EXTERNAL_AUTH_PERMS)) { - JSONArray extPerm = (JSONArray) Role.get(EXTERNAL_AUTH_PERMS); - for (int j = 0; j < extPerm.length(); j++) { - JSONObject perms = extPerm.getJSONObject(j); - boolean isNamespaceMatching = - EcompPortalUtils.checkNameSpaceMatching(perms.getString("type"), app.getNameSpace()); - if (isNamespaceMatching) { - externalAccessPerms = new ExternalAccessPerms(perms.getString("type"), - perms.getString("instance"), perms.getString("action")); - ePAppRoleFunction.setCode(externalAccessPerms.getInstance()); - functionCodelist.add(ePAppRoleFunction.getCode()); - externalAccessPermsOfRole.add(externalAccessPerms); - } - } - } - externalRoleDetail.setActive(true); - externalRoleDetail.setName(actualRoleName); - if (app.getId() == 1) { - externalRoleDetail.setAppId(null); - } else { - externalRoleDetail.setAppId(app.getId()); - } - EPRole currRole = null; - currRole = (!extRole.getJSONObject(i).has(EXTERNAL_AUTH_ROLE_DESCRIPTION)) - ? curRolesUnderscoreMap.get(actualRoleName) - : curRolesMap.get(actualRoleName); - Long roleId = null; - if (currRole != null) - roleId = currRole.getId(); - final Map<String, EPAppRoleFunction> roleFunctionsMap = new HashMap<>(); - final Map<String, Long> appRoleFuncsParams = new HashMap<>(); - if (roleId != null) { - appRoleFuncsParams.put("appId", app.getId()); - appRoleFuncsParams.put("roleId", roleId); - // get role functions from DB - List<EPAppRoleFunction> appRoleFunctions = dataAccessService - .executeNamedQuery("getAppRoleFunctionOnRoleIdandAppId", appRoleFuncsParams, null); - if (!appRoleFunctions.isEmpty()) { - for (EPAppRoleFunction roleFunc : appRoleFunctions) { - roleFunctionsMap.put(roleFunc.getCode(), roleFunc); - } - } - } - if (!externalAccessPermsOfRole.isEmpty()) { - // Adding functions to role - for (ExternalAccessPerms externalpermission : externalAccessPermsOfRole) { - EPAppRoleFunction checkRoleFunctionExits = roleFunctionsMap.get(externalpermission.getInstance()); - if (checkRoleFunctionExits == null) { - String funcCode = externalpermission.getType().substring(app.getNameSpace().length() + 1) - + FUNCTION_PIPE + externalpermission.getInstance() + FUNCTION_PIPE - + externalpermission.getAction(); - EPAppRoleFunction checkRoleFunctionPipeExits = roleFunctionsMap.get(funcCode); - if (checkRoleFunctionPipeExits == null) { - try { - final Map<String, String> appFuncsParams = new HashMap<>(); - appFuncsParams.put("appId", String.valueOf(app.getId())); - appFuncsParams.put("functionCd", externalpermission.getInstance()); - logger.debug(EELFLoggerDelegate.debugLogger, - "SyncApplicationRolesWithEcompDB: Adding function to the role: {}", - externalpermission.getInstance()); - List<CentralV2RoleFunction> roleFunction = null; - roleFunction = dataAccessService.executeNamedQuery("getAppFunctionOnCodeAndAppId", - appFuncsParams, null); - if (roleFunction.isEmpty()) { - appFuncsParams.put("functionCd", funcCode); - roleFunction = dataAccessService.executeNamedQuery("getAppFunctionOnCodeAndAppId", - appFuncsParams, null); - } - if (!roleFunction.isEmpty()) { - EPAppRoleFunction apRoleFunction = new EPAppRoleFunction(); - apRoleFunction.setAppId(app.getId()); - apRoleFunction.setRoleId(roleId); - apRoleFunction.setCode(roleFunction.get(0).getCode()); - dataAccessService.saveDomainObject(apRoleFunction, null); - } - } catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger, - "SyncApplicationRolesWithEcompDB: Failed to add role function", e); - } - } - } - } - } - externalRoleDetailsList.add(externalRoleDetail); - } - return externalRoleDetailsList; - } - - @Override - public JSONArray getAppRolesJSONFromExtAuthSystem(EPApp app) throws Exception { - ResponseEntity<String> response = null; - HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth(); - HttpEntity<String> entity = new HttpEntity<>(headers); - logger.debug(EELFLoggerDelegate.debugLogger, "syncApplicationRolesWithEcompDB: {} ", - CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE); - response = template.exchange(SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) - + "roles/ns/" + app.getNameSpace(), HttpMethod.GET, entity, String.class); - String res = response.getBody(); - logger.debug(EELFLoggerDelegate.debugLogger, - "syncApplicationRolesWithEcompDB: Finished GET roles from External Auth system and the result is :", - res); - JSONObject jsonObj = new JSONObject(res); - JSONArray extRole = jsonObj.getJSONArray("role"); - for (int i = 0; i < extRole.length(); i++) { - if (extRole.getJSONObject(i).getString(ROLE_NAME).equals(app.getNameSpace() + ADMIN) - || extRole.getJSONObject(i).getString(ROLE_NAME).equals(app.getNameSpace() + OWNER) - || (extRole.getJSONObject(i).getString(ROLE_NAME).equals(app.getNameSpace() + ACCOUNT_ADMINISTRATOR) - && !app.getId().equals(PortalConstants.PORTAL_APP_ID))) { - extRole.remove(i); - i--; - } - } - return extRole; - } - - @Override - public JSONArray getAllUsersByRole(String roleName) throws Exception { - ResponseEntity<String> response = null; - HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth(); - HttpEntity<String> entity = new HttpEntity<>(headers); - logger.debug(EELFLoggerDelegate.debugLogger, "getAllUsersByRole: {} ", - CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE); - response = template.exchange(SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) - + "userRoles/role/" + roleName, HttpMethod.GET, entity, String.class); - String res = response.getBody(); - logger.debug(EELFLoggerDelegate.debugLogger, - "syncApplicationRolesWithEcompDB: Finished GET roles from External Auth system and the result is :", - res); - if (res == null || res.trim().isEmpty()) - return null; - JSONObject jsonObj = new JSONObject(res); - JSONArray extRole = jsonObj.getJSONArray("userRole"); - return extRole; - } - - /** - * - * It converts from ExternalRoleDetails.class object to EPRole.class object - * - * @param externalRoleDetails - * @return EPRole object - */ - private EPRole convertExternalRoleDetailstoEpRole(ExternalRoleDetails externalRoleDetails) { - EPRole role = new EPRole(); - role.setActive(true); - role.setAppId(externalRoleDetails.getAppId()); - role.setAppRoleId(externalRoleDetails.getAppRoleId()); - role.setName(externalRoleDetails.getName()); - role.setPriority(externalRoleDetails.getPriority()); - return role; - } - - @SuppressWarnings("unchecked") - @Override - public Integer bulkUploadUserRoles(String uebkey) throws Exception { - EPApp app = getApp(uebkey).get(0); - final Map<String, String> params = new HashMap<>(); - params.put("uebKey", app.getUebKey()); - List<BulkUploadUserRoles> userRolesList = null; - Integer userRolesAdded = 0; - if (app.getCentralAuth()) { - userRolesList = dataAccessService.executeNamedQuery("getBulkUserRoles", params, null); - for (BulkUploadUserRoles userRolesUpload : userRolesList) { - if (!userRolesUpload.getOrgUserId().equals("su1234")) { - addUserRoleInExternalSystem(userRolesUpload); - userRolesAdded++; - } - } - } - return userRolesAdded; - } - - /** - * Its adding a user role in external auth system while doing bulk upload - * - * @param userRolesUpload - */ - private void addUserRoleInExternalSystem(BulkUploadUserRoles userRolesUpload) { - try { - String name = ""; - ObjectMapper mapper = new ObjectMapper(); - if (EPCommonSystemProperties - .containsProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_USER_DOMAIN)) { - name = userRolesUpload.getOrgUserId() - + SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_USER_DOMAIN); - } - ExternalAccessUser extUser = - new ExternalAccessUser(name, userRolesUpload.getAppNameSpace() + "." + userRolesUpload.getRoleName() - .replaceAll(EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_")); - String userRole = mapper.writeValueAsString(extUser); - HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth(); - HttpEntity<String> entity = new HttpEntity<>(userRole, headers); - template.exchange( - SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "userRole", - HttpMethod.POST, entity, String.class); - } catch (HttpClientErrorException e) { - logger.error(EELFLoggerDelegate.errorLogger, - "HttpClientErrorException - Failed to addUserRoleInExternalSystem", e); - EPLogUtil.logExternalAuthAccessAlarm(logger, e.getStatusCode()); - } catch (Exception e) { - if (e.getMessage().equalsIgnoreCase("409 Conflict")) { - logger.error(EELFLoggerDelegate.errorLogger, - "addUserRoleInExternalSystem: UserRole already exits but does not break functionality"); - } else { - logger.error(EELFLoggerDelegate.errorLogger, - "addUserRoleInExternalSystem: Failed to addUserRoleInExternalSystem", e); - } - } - } - - @Override - public void deleteRoleDependencyRecords(Session localSession, Long roleId, Long appId, boolean isPortalRequest) - throws Exception { - try { - String sql = ""; - Query query = null; - // It should delete only when it portal's roleId - if (appId.equals(PortalConstants.PORTAL_APP_ID)) { - // Delete from fn_role_function - sql = "DELETE FROM fn_role_function WHERE role_id=" + roleId; - logger.debug(EELFLoggerDelegate.debugLogger, "Executing query: " + sql); - query = localSession.createSQLQuery(sql); - query.executeUpdate(); - // Delete from fn_role_composite - sql = "DELETE FROM fn_role_composite WHERE parent_role_id=" + roleId + " OR child_role_id=" + roleId; - logger.debug(EELFLoggerDelegate.debugLogger, "Executing query: " + sql); - query = localSession.createSQLQuery(sql); - query.executeUpdate(); - } - // Delete from ep_app_role_function - sql = "DELETE FROM ep_app_role_function WHERE role_id=" + roleId; - logger.debug(EELFLoggerDelegate.debugLogger, "Executing query: " + sql); - query = localSession.createSQLQuery(sql); - query.executeUpdate(); - // Delete from ep_role_notification - sql = "DELETE FROM ep_role_notification WHERE role_id=" + roleId; - logger.debug(EELFLoggerDelegate.debugLogger, "Executing query: " + sql); - query = localSession.createSQLQuery(sql); - query.executeUpdate(); - // Delete from fn_user_pseudo_role - sql = "DELETE FROM fn_user_pseudo_role WHERE pseudo_role_id=" + roleId; - logger.debug(EELFLoggerDelegate.debugLogger, "Executing query: " + sql); - query = localSession.createSQLQuery(sql); - query.executeUpdate(); - // Delete form EP_WIDGET_CATALOG_ROLE - sql = "DELETE FROM EP_WIDGET_CATALOG_ROLE WHERE role_id=" + roleId; - logger.debug(EELFLoggerDelegate.debugLogger, "Executing query: " + sql); - query = localSession.createSQLQuery(sql); - query.executeUpdate(); - // Delete form EP_WIDGET_CATALOG_ROLE - sql = "DELETE FROM ep_user_roles_request_det WHERE requested_role_id=" + roleId; - logger.debug(EELFLoggerDelegate.debugLogger, "Executing query: " + sql); - query = localSession.createSQLQuery(sql); - query.executeUpdate(); - if (!isPortalRequest) { - // Delete form fn_menu_functional_roles - sql = "DELETE FROM fn_menu_functional_roles WHERE role_id=" + roleId; - logger.debug(EELFLoggerDelegate.debugLogger, "Executing query: " + sql); - query = localSession.createSQLQuery(sql); - query.executeUpdate(); - } - } catch (Exception e) { - logger.debug(EELFLoggerDelegate.debugLogger, "deleteRoleDependeciesRecord: failed ", e); - throw new DeleteDomainObjectFailedException("delete Failed" + e.getMessage()); - } - } - - @SuppressWarnings("unchecked") - @Override - public List<String> getMenuFunctionsList(String uebkey) throws Exception { - List<String> appMenuFunctionsList = null; - List<String> appMenuFunctionsFinalList = new ArrayList<>(); - try { - EPApp app = getApp(uebkey).get(0); - final Map<String, Long> appParams = new HashMap<>(); - appParams.put(APP_ID, app.getId()); - appMenuFunctionsList = dataAccessService.executeNamedQuery("getMenuFunctions", appParams, null); - for (String appMenuFunction : appMenuFunctionsList) { - if (appMenuFunction.contains(FUNCTION_PIPE)) { - appMenuFunctionsFinalList.add(EcompPortalUtils.getFunctionCode(appMenuFunction)); - } else { - appMenuFunctionsFinalList.add(appMenuFunction); - } - } - } catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger, "getMenuFunctionsList: Failed", e); - return appMenuFunctionsFinalList; - } - return appMenuFunctionsFinalList; - } - - @SuppressWarnings({"unchecked"}) - @Override - public List<EcompUser> getAllAppUsers(String uebkey) throws Exception { - List<String> usersList = new ArrayList<>(); - List<EcompUser> usersfinalList = new ArrayList<>(); - try { - EPApp app = getApp(uebkey).get(0); - final Map<String, Long> appParams = new HashMap<>(); - appParams.put("appId", app.getId()); - List<EcompUserRoles> userList = - (List<EcompUserRoles>) dataAccessService.executeNamedQuery("ApplicationUserRoles", appParams, null); - for (EcompUserRoles ecompUserRole : userList) { - boolean found = false; - Set<EcompRole> roles = null; - for (EcompUser user : usersfinalList) { - if (user.getOrgUserId().equals(ecompUserRole.getOrgUserId())) { - EcompRole ecompRole = new EcompRole(); - ecompRole.setId(ecompUserRole.getRoleId()); - ecompRole.setName(ecompUserRole.getRoleName()); - roles = user.getRoles(); - EcompRole role = roles.stream().filter(x -> x.getName().equals(ecompUserRole.getRoleName())) - .findAny().orElse(null); - SortedSet<EcompRoleFunction> roleFunctionSet = new TreeSet<>(); - if (role != null) { - roleFunctionSet = (SortedSet<EcompRoleFunction>) role.getRoleFunctions(); - } - String functionCode = EcompPortalUtils.getFunctionCode(ecompUserRole.getFunctionCode()); - functionCode = EPUserUtils.decodeFunctionCode(functionCode); - EcompRoleFunction epRoleFunction = new EcompRoleFunction(); - epRoleFunction.setName(ecompUserRole.getFunctionName()); - epRoleFunction.setCode(EPUserUtils.decodeFunctionCode(functionCode)); - epRoleFunction.setType(getFunctionCodeType(ecompUserRole.getFunctionCode())); - epRoleFunction.setAction(getFunctionCodeAction(ecompUserRole.getFunctionCode())); - roleFunctionSet.add(epRoleFunction); - ecompRole.setRoleFunctions(roleFunctionSet); - roles.add(ecompRole); - user.setRoles(roles); - found = true; - break; - } - } - if (!found) { - EcompUser epUser = new EcompUser(); - epUser.setOrgId(ecompUserRole.getOrgId()); - epUser.setManagerId(ecompUserRole.getManagerId()); - epUser.setFirstName(ecompUserRole.getFirstName()); - epUser.setLastName(ecompUserRole.getLastName()); - epUser.setPhone(ecompUserRole.getPhone()); - epUser.setEmail(ecompUserRole.getEmail()); - epUser.setOrgUserId(ecompUserRole.getOrgUserId()); - epUser.setOrgCode(ecompUserRole.getOrgCode()); - epUser.setOrgManagerUserId(ecompUserRole.getOrgManagerUserId()); - epUser.setJobTitle(ecompUserRole.getJobTitle()); - epUser.setLoginId(ecompUserRole.getLoginId()); - epUser.setActive(true); - roles = new HashSet<>(); - EcompRole ecompRole = new EcompRole(); - ecompRole.setId(ecompUserRole.getRoleId()); - ecompRole.setName(ecompUserRole.getRoleName()); - SortedSet<EcompRoleFunction> roleFunctionSet = new TreeSet<>(); - String functionCode = EcompPortalUtils.getFunctionCode(ecompUserRole.getFunctionCode()); - functionCode = EPUserUtils.decodeFunctionCode(functionCode); - EcompRoleFunction epRoleFunction = new EcompRoleFunction(); - epRoleFunction.setName(ecompUserRole.getFunctionName()); - epRoleFunction.setCode(EPUserUtils.decodeFunctionCode(functionCode)); - epRoleFunction.setType(getFunctionCodeType(ecompUserRole.getFunctionCode())); - epRoleFunction.setAction(getFunctionCodeAction(ecompUserRole.getFunctionCode())); - roleFunctionSet.add(epRoleFunction); - ecompRole.setRoleFunctions(roleFunctionSet); - roles.add(ecompRole); - epUser.setRoles(roles); - usersfinalList.add(epUser); - } - } - ObjectMapper mapper = new ObjectMapper(); - for (EcompUser u1 : usersfinalList) { - String str = mapper.writeValueAsString(u1); - usersList.add(str); - } - } catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger, "getAllUsers failed", e); - throw e; - } - return usersfinalList; - } - - @Override - public Role ConvertCentralRoleToRole(String result) { - ObjectMapper mapper = new ObjectMapper(); - mapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false); - Role newRole = new Role(); - try { - newRole = mapper.readValue(result, Role.class); - } catch (IOException e) { - logger.error(EELFLoggerDelegate.errorLogger, "Failed to convert the result to Role Object", e); - } - if (newRole.getRoleFunctions() != null) { - @SuppressWarnings("unchecked") - Set<RoleFunction> roleFunctionList = newRole.getRoleFunctions(); - Set<RoleFunction> roleFunctionListNew = new HashSet<>(); - Iterator<RoleFunction> itetaror = roleFunctionList.iterator(); - while (itetaror.hasNext()) { - Object nextValue = itetaror.next(); - RoleFunction roleFun = mapper.convertValue(nextValue, RoleFunction.class); - roleFunctionListNew.add(roleFun); - } - newRole.setRoleFunctions(roleFunctionListNew); - } - return newRole; - } - - @Override - @SuppressWarnings("unchecked") - public List<CentralizedApp> getCentralizedAppsOfUser(String userId) { - Map<String, String> params = new HashMap<>(); - params.put("userId", userId); - List<CentralizedApp> centralizedAppsList = new ArrayList<>(); - try { - centralizedAppsList = dataAccessService.executeNamedQuery("getCentralizedAppsOfUser", params, null); - } catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger, "getCentralizedAppsOfUser failed", e); - } - return centralizedAppsList; - } - - @SuppressWarnings("unchecked") - public List<CentralV2Role> getGlobalRolesOfApplication(Long appId) { - Map<String, Long> params = new HashMap<>(); - params.put("appId", appId); - List<GlobalRoleWithApplicationRoleFunction> globalRoles = new ArrayList<>(); - try { - globalRoles = - dataAccessService.executeNamedQuery("getGlobalRoleWithApplicationRoleFunctions", params, null); - } catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger, "getCentralizedAppsOfUser failed", e); - } - List<CentralV2Role> rolesfinalList = new ArrayList<>(); - if (globalRoles.size() > 0) - rolesfinalList = finalListOfCentralRoles(globalRoles); - return rolesfinalList; - } - - @SuppressWarnings("unchecked") - private CentralV2Role getGlobalRoleForRequestedApp(long requestedAppId, long roleId) { - CentralV2Role finalGlobalrole = null; - List<GlobalRoleWithApplicationRoleFunction> roleWithApplicationRoleFucntions = new ArrayList<>(); - Map<String, Long> params = new HashMap<>(); - params.put("roleId", roleId); - params.put("requestedAppId", requestedAppId); - try { - roleWithApplicationRoleFucntions = - dataAccessService.executeNamedQuery("getGlobalRoleForRequestedApp", params, null); - } catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger, "getGlobalRoleForRequestedApp failed", e); - } - if (roleWithApplicationRoleFucntions.size() > 0) { - List<CentralV2Role> rolesfinalList = finalListOfCentralRoles(roleWithApplicationRoleFucntions); - finalGlobalrole = rolesfinalList.get(0); - } else { - List<EPRole> roleList = getPortalAppRoleInfo(roleId); - finalGlobalrole = convertRoleToCentralV2Role(roleList.get(0)); - } - return finalGlobalrole; - } - - private List<CentralV2Role> finalListOfCentralRoles(List<GlobalRoleWithApplicationRoleFunction> globalRoles) { - List<CentralV2Role> rolesfinalList = new ArrayList<>(); - for (GlobalRoleWithApplicationRoleFunction role : globalRoles) { - boolean found = false; - for (CentralV2Role cenRole : rolesfinalList) { - if (role.getRoleId().equals(cenRole.getId())) { - SortedSet<CentralV2RoleFunction> roleFunctions = cenRole.getRoleFunctions(); - CentralV2RoleFunction cenRoleFun = createCentralRoleFunctionForGlobalRole(role); - roleFunctions.add(cenRoleFun); - cenRole.setRoleFunctions(roleFunctions); - found = true; - break; - } - } - if (!found) { - CentralV2Role cenrole = new CentralV2Role(); - cenrole.setName(role.getRoleName()); - cenrole.setId(role.getRoleId()); - cenrole.setActive(role.isActive()); - cenrole.setPriority(role.getPriority()); - SortedSet<CentralV2RoleFunction> roleFunctions = new TreeSet<>(); - CentralV2RoleFunction cenRoleFun = createCentralRoleFunctionForGlobalRole(role); - roleFunctions.add(cenRoleFun); - cenrole.setRoleFunctions(roleFunctions); - rolesfinalList.add(cenrole); - } - } - return rolesfinalList; - } - - private CentralV2RoleFunction createCentralRoleFunctionForGlobalRole(GlobalRoleWithApplicationRoleFunction role) { - String instance; - String type; - String action; - CentralV2RoleFunction cenRoleFun; - if (role.getFunctionCd().contains(FUNCTION_PIPE)) { - instance = EcompPortalUtils.getFunctionCode(role.getFunctionCd()); - type = EcompPortalUtils.getFunctionType(role.getFunctionCd()); - action = EcompPortalUtils.getFunctionAction(role.getFunctionCd()); - cenRoleFun = new CentralV2RoleFunction(null, instance, role.getFunctionName(), null, type, action, null); - } else { - type = getFunctionCodeType(role.getFunctionCd()); - action = getFunctionCodeAction(role.getFunctionCd()); - cenRoleFun = new CentralV2RoleFunction(null, role.getFunctionCd(), role.getFunctionName(), null, type, - action, null); - } - return cenRoleFun; - } - - @SuppressWarnings("unchecked") - @Override - public List<EPRole> getGlobalRolesOfPortal() { - List<EPRole> globalRoles = new ArrayList<>(); - try { - globalRoles = dataAccessService.executeNamedQuery("getGlobalRolesOfPortal", null, null); - } catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger, "getGlobalRolesOfPortal failed", e); - } - return globalRoles; - } - - private CentralV2Role convertRoleToCentralV2Role(EPRole role) { - return new CentralV2Role(role.getId(), role.getCreated(), role.getModified(), role.getCreatedId(), - role.getModifiedId(), role.getRowNum(), role.getName(), role.getActive(), role.getPriority(), - new TreeSet<>(), new TreeSet<>(), new TreeSet<>()); - } - - @Override - public List<CentralRoleFunction> convertCentralRoleFunctionToRoleFunctionObject( - List<CentralV2RoleFunction> answer) { - List<CentralRoleFunction> addRoleFuncList = new ArrayList<>(); - for (CentralV2RoleFunction cenRoleFunc : answer) { - CentralRoleFunction setRoleFunc = new CentralRoleFunction(); - setRoleFunc.setCode(cenRoleFunc.getCode()); - setRoleFunc.setName(cenRoleFunc.getName()); - addRoleFuncList.add(setRoleFunc); - } - return addRoleFuncList; - } - - @Override - public CentralUser getUserRoles(String loginId, String uebkey) throws Exception { - CentralUser sendUserRoles = null; - try { - CentralV2User cenV2User = getV2UserAppRoles(loginId, uebkey); - sendUserRoles = convertV2UserRolesToOlderVersion(cenV2User); - } catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger, "getUserRoles: failed", e); - throw e; - } - return sendUserRoles; - } - - /** - * - * It returns V2 CentralUser object if user has any roles and permissions - * - * @param loginId - * @param uebkey - * @return CentralUser object - * @throws Exception - */ - private CentralV2User getV2UserAppRoles(String loginId, String uebkey) throws Exception { - EPApp app; - List<EPUser> epUserList; - List<EPApp> appList = getApp(uebkey); - app = appList.get(0); - epUserList = getUser(loginId); - EPUser user = epUserList.get(0); - Set<EPUserApp> userAppSet = user.getEPUserApps(); - return createEPUser(user, userAppSet, app); - } - - private List<EcompRole> getUserAppRoles(EPApp app, EPUser user) { - final Map<String, Long> userParams = new HashMap<>(); - userParams.put("appId", app.getId()); - userParams.put("userId", user.getId()); - @SuppressWarnings("unchecked") - List<EPUserAppCurrentRoles> userAppsRolesList = - dataAccessService.executeNamedQuery("getUserAppCurrentRoles", userParams, null); - List<EcompRole> setUserRoles = new ArrayList<>(); - for (EPUserAppCurrentRoles role : userAppsRolesList) { - logger.debug(EELFLoggerDelegate.debugLogger, "In getUserAppRoles()- get userRolename = {}", - role.getRoleName()); - EcompRole ecompRole = new EcompRole(); - ecompRole.setId(role.getRoleId()); - ecompRole.setName(role.getRoleName()); - setUserRoles.add(ecompRole); - } - logger.debug(EELFLoggerDelegate.debugLogger, "In getUserAppRoles()- get userrole list size = {}", - setUserRoles.size()); - return setUserRoles; - } - - @Override - public List<EcompRole> missingUserApplicationRoles(String uebkey, String loginId, Set<EcompRole> CurrentUserRoles) - throws Exception { - List<EPApp> appList = getApp(uebkey); - EPApp app = appList.get(0); - List<EPUser> epUserList; - epUserList = getUser(loginId); - List<EcompRole> missingUserAppRoles = new ArrayList<>(); - List<String> roleNamesList = CurrentUserRoles.stream().map(EcompRole::getName).collect(Collectors.toList()); - logger.debug(EELFLoggerDelegate.debugLogger, "Roles of User from hibernate :" + roleNamesList); - List<EcompRole> userApplicationsRolesfromDB = getUserAppRoles(app, epUserList.get(0)); - if (userApplicationsRolesfromDB.size() > 0) { - missingUserAppRoles = userApplicationsRolesfromDB.stream().filter(x -> !roleNamesList.contains(x.getName())) - .collect(Collectors.toList()); - } - List<String> MissingroleNamesList = - missingUserAppRoles.stream().map(EcompRole::getName).collect(Collectors.toList()); - logger.debug(EELFLoggerDelegate.debugLogger, "MissingUserAppRoles():" + MissingroleNamesList); - - List<EcompRole> finalMissingRoleList = new ArrayList<>(); - if (missingUserAppRoles.size() > 0) { - final Map<String, Long> params = new HashMap<>(); - for (EcompRole role : missingUserAppRoles) { - params.put("roleId", role.getId()); - params.put(APP_ID, app.getId()); - - EcompRole epRole = new EcompRole(); - epRole.setId(role.getId()); - epRole.setName(role.getName()); - @SuppressWarnings("unchecked") - List<CentralV2RoleFunction> appRoleFunctionList = - dataAccessService.executeNamedQuery("getAppRoleFunctionList", params, null); - SortedSet<EcompRoleFunction> roleFunctionSet = new TreeSet<>(); - for (CentralV2RoleFunction roleFunc : appRoleFunctionList) { - String functionCode = EcompPortalUtils.getFunctionCode(roleFunc.getCode()); - String type = getFunctionCodeType(roleFunc.getCode()); - String action = getFunctionCodeAction(roleFunc.getCode()); - EcompRoleFunction fun = new EcompRoleFunction(); - fun.setAction(action); - fun.setCode(functionCode); - fun.setType(type); - fun.setName(roleFunc.getName()); - roleFunctionSet.add(fun); - - } - epRole.setRoleFunctions(roleFunctionSet); - finalMissingRoleList.add(epRole); - } - } - - return finalMissingRoleList; - } - - /** - * It converts V2 CentralUser object to old version CentralUser object - * - * @param cenV2User - * @return EPUser object - */ - private CentralUser convertV2UserRolesToOlderVersion(CentralV2User cenV2User) { - Set<CentralV2UserApp> userV2Apps = cenV2User.getUserApps(); - Set<CentralUserApp> userApps = new TreeSet<>(); - for (CentralV2UserApp userApp : userV2Apps) { - CentralApp app = userApp.getApp(); - CentralUserApp cua = new CentralUserApp(); - cua.setUserId(null); - cua.setApp(app); - SortedSet<CentralRoleFunction> cenRoleFunction = new TreeSet<>(); - for (CentralV2RoleFunction cenV2RoleFunc : userApp.getRole().getRoleFunctions()) { - CentralRoleFunction cenRoleFunc = - new CentralRoleFunction(cenV2RoleFunc.getCode(), cenV2RoleFunc.getName()); - cenRoleFunction.add(cenRoleFunc); - } - CentralRole role = new CentralRole.CentralRoleBuilder().setId(userApp.getRole().getId()) - .setName(userApp.getRole().getName()).setActive(userApp.getRole().getActive()) - .setPriority(userApp.getRole().getPriority()).setRoleFunctions(cenRoleFunction).createCentralRole(); - cua.setRole(role); - userApps.add(cua); - } - return new CentralUser(cenV2User.getId(), cenV2User.getCreated(), cenV2User.getModified(), - cenV2User.getCreatedId(), cenV2User.getModifiedId(), cenV2User.getRowNum(), cenV2User.getOrgId(), - cenV2User.getManagerId(), cenV2User.getFirstName(), cenV2User.getMiddleInitial(), - cenV2User.getLastName(), cenV2User.getPhone(), cenV2User.getFax(), cenV2User.getCellular(), - cenV2User.getEmail(), cenV2User.getAddressId(), cenV2User.getAlertMethodCd(), cenV2User.getHrid(), - cenV2User.getOrgUserId(), cenV2User.getOrgCode(), cenV2User.getAddress1(), cenV2User.getAddress2(), - cenV2User.getCity(), cenV2User.getState(), cenV2User.getZipCode(), cenV2User.getCountry(), - cenV2User.getOrgManagerUserId(), cenV2User.getLocationClli(), cenV2User.getBusinessCountryCode(), - cenV2User.getBusinessCountryName(), cenV2User.getBusinessUnit(), cenV2User.getBusinessUnitName(), - cenV2User.getDepartment(), cenV2User.getDepartmentName(), cenV2User.getCompanyCode(), - cenV2User.getCompany(), cenV2User.getZipCodeSuffix(), cenV2User.getJobTitle(), - cenV2User.getCommandChain(), cenV2User.getSiloStatus(), cenV2User.getCostCenter(), - cenV2User.getFinancialLocCode(), cenV2User.getLoginId(), cenV2User.getLoginPwd(), - cenV2User.getLastLoginDate(), cenV2User.isActive(), cenV2User.isInternal(), - cenV2User.getSelectedProfileId(), cenV2User.getTimeZoneId(), cenV2User.isOnline(), - cenV2User.getChatId(), userApps); - } - - @Override - public List<CentralRole> convertV2CentralRoleListToOldVerisonCentralRoleList(List<CentralV2Role> v2CenRoleList) { - List<CentralRole> cenRoleList = new ArrayList<>(); - for (CentralV2Role v2CenRole : v2CenRoleList) { - SortedSet<CentralRoleFunction> cenRoleFuncList = new TreeSet<>(); - for (CentralV2RoleFunction v2CenRoleFunc : v2CenRole.getRoleFunctions()) { - CentralRoleFunction roleFunc = - new CentralRoleFunction(v2CenRoleFunc.getCode(), v2CenRoleFunc.getName()); - cenRoleFuncList.add(roleFunc); - } - CentralRole role = new CentralRole.CentralRoleBuilder().setId(v2CenRole.getId()) - .setName(v2CenRole.getName()).setActive(v2CenRole.getActive()).setPriority(v2CenRole.getPriority()) - .setRoleFunctions(cenRoleFuncList).createCentralRole(); - cenRoleList.add(role); - } - return cenRoleList; - } - - @Override - public ResponseEntity<String> getNameSpaceIfExists(EPApp app) throws Exception { - HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth(); - HttpEntity<String> entity = new HttpEntity<>(headers); - logger.debug(EELFLoggerDelegate.debugLogger, "checkIfNameSpaceExists: Connecting to External Auth system"); - ResponseEntity<String> response = null; - try { - response = - template.exchange(SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) - + "nss/" + app.getNameSpace(), HttpMethod.GET, entity, String.class); - logger.debug(EELFLoggerDelegate.debugLogger, "checkIfNameSpaceExists: Finished ", - response.getStatusCode().value()); - } catch (HttpClientErrorException e) { - logger.error(EELFLoggerDelegate.errorLogger, "checkIfNameSpaceExists failed", e); - EPLogUtil.logExternalAuthAccessAlarm(logger, e.getStatusCode()); - if (e.getStatusCode() == HttpStatus.NOT_FOUND) - throw new InvalidApplicationException("Invalid NameSpace"); - else - throw e; - } - return response; - } - - @Override - public CentralRole convertV2CentralRoleToOldVerisonCentralRole(CentralV2Role v2CenRole) { - SortedSet<CentralRoleFunction> cenRoleFuncList = new TreeSet<>(); - for (CentralV2RoleFunction v2CenRoleFunc : v2CenRole.getRoleFunctions()) { - CentralRoleFunction roleFunc = new CentralRoleFunction(v2CenRoleFunc.getCode(), v2CenRoleFunc.getName()); - cenRoleFuncList.add(roleFunc); - } - return new CentralRole.CentralRoleBuilder().setId(v2CenRole.getId()).setName(v2CenRole.getName()) - .setActive(v2CenRole.getActive()).setPriority(v2CenRole.getPriority()).setRoleFunctions(cenRoleFuncList) - .createCentralRole(); - } - - @SuppressWarnings("unchecked") - @Override - public Integer bulkUploadUsersSingleRole(String uebkey, Long roleId, String modifiedRoleName) throws Exception { - EPApp app = getApp(uebkey).get(0); - final Map<String, String> params = new HashMap<>(); - params.put("uebKey", app.getUebKey()); - params.put("roleId", String.valueOf(roleId)); - List<BulkUploadUserRoles> userRolesList = null; - Integer userRolesAdded = 0; - if (app.getCentralAuth()) { - userRolesList = dataAccessService.executeNamedQuery("getBulkUsersForSingleRole", params, null); - for (BulkUploadUserRoles userRolesUpload : userRolesList) { - userRolesUpload.setRoleName(modifiedRoleName); - if (!userRolesUpload.getOrgUserId().equals("su1234")) { - addUserRoleInExternalSystem(userRolesUpload); - userRolesAdded++; - } - } - } - return userRolesAdded; - } - - @Override - public String encodeFunctionCode(String funCode) { - String encodedString = funCode; - List<Pattern> encodingList = new ArrayList<>(); - encodingList.add(Pattern.compile("/")); - encodingList.add(Pattern.compile("-")); - for (Pattern xssInputPattern : encodingList) { - encodedString = xssInputPattern.matcher(encodedString) - .replaceAll("%" + Hex.encodeHexString(xssInputPattern.toString().getBytes())); - } - encodedString = encodedString.replaceAll("\\*", "%" + Hex.encodeHexString("*".getBytes())); - return encodedString; - } - - @Override - public void bulkUploadRoleFunc(UploadRoleFunctionExtSystem data, EPApp app) throws Exception { - ObjectMapper mapper = new ObjectMapper(); - HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth(); - try { - ExternalAccessRolePerms extRolePerms; - ExternalAccessPerms extPerms; - extPerms = new ExternalAccessPerms(app.getNameSpace() + "." + data.getType(), - encodeFunctionCode(data.getInstance()), data.getAction()); - String appNameSpace = ""; - if (data.getIsGlobalRolePartnerFunc()) { - appNameSpace = epAppService.getApp(1l).getNameSpace(); - } else { - appNameSpace = app.getNameSpace(); - } - extRolePerms = new ExternalAccessRolePerms(extPerms, appNameSpace + "." + data.getRoleName() - .replaceAll(EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_")); - String updateRolePerms = mapper.writeValueAsString(extRolePerms); - HttpEntity<String> entity = new HttpEntity<>(updateRolePerms, headers); - updateRoleFunctionInExternalSystem(updateRolePerms, entity); - } catch (HttpClientErrorException e) { - logger.error(EELFLoggerDelegate.errorLogger, - "HttpClientErrorException - Failed to add role function in external central auth system", e); - EPLogUtil.logExternalAuthAccessAlarm(logger, e.getStatusCode()); - throw e; - } catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger, - "addFunctionInExternalSystem: Failed to add role fucntion in external central auth system", e); - throw e; - } - } - - private void updateRoleFunctionInExternalSystem(String updateRolePerms, HttpEntity<String> entity) { - logger.debug(EELFLoggerDelegate.debugLogger, "bulkUploadRoleFunc: {} for POST: {}", - CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE, updateRolePerms); - ResponseEntity<String> addPermResponse = template.exchange( - SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "role/perm", - HttpMethod.POST, entity, String.class); - logger.debug(EELFLoggerDelegate.debugLogger, - "bulkUploadRoleFunc: Finished adding permission for POST: {} and status code: {} ", - addPermResponse.getStatusCode().value(), updateRolePerms); - } - - @Override - public void syncApplicationUserRolesFromExtAuthSystem(String loginId) throws Exception { - String name = ""; - if (EPCommonSystemProperties.containsProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_USER_DOMAIN)) { - name = loginId + SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_USER_DOMAIN); - } - HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth(); - HttpEntity<String> getUserRolesEntity = new HttpEntity<>(headers); - ResponseEntity<String> getResponse = getUserRolesFromExtAuthSystem(name, getUserRolesEntity); - List<ExternalAccessUserRoleDetail> userRoleDetailList = new ArrayList<>(); - String res = getResponse.getBody(); - JSONObject jsonObj = null; - JSONArray extRoles = null; - if (!res.equals("{}")) { - jsonObj = new JSONObject(res); - extRoles = jsonObj.getJSONArray("role"); - } - updateUserRolesInLocal(userRoleDetailList, extRoles, loginId); - } - - @SuppressWarnings("unchecked") - private void updateUserRolesInLocal(List<ExternalAccessUserRoleDetail> userRoleDetailList, JSONArray extRoles, - String loginId) throws InvalidUserException { - HashMap<String, String> userParams = new HashMap<>(); - userParams.put("orgUserId", loginId); - // Get all centralized applications existing user roles from local - List<CentralizedAppRoles> currentUserAppRoles = - dataAccessService.executeNamedQuery("getUserCentralizedAppRoles", userParams, null); - EPUser user = getUser(loginId).get(0); - // Get all centralized applications roles from local - HashMap<String, CentralizedAppRoles> cenAppRolesMap = getCentralizedAppRoleList(); - HashMap<String, CentralizedAppRoles> currentCentralizedUserAppRolesMap = - getCurrentUserCentralizedAppRoles(currentUserAppRoles); - // Get all centralized applications + admin role from local - HashMap<String, EPApp> centralisedAppsMap = getCentralizedAdminAppsInfo(); - if (extRoles != null) { - ExternalAccessUserRoleDetail userRoleDetail = null; - for (int i = 0; i < extRoles.length(); i++) { - if (!extRoles.getJSONObject(i).getString("name").endsWith(ADMIN) - && !extRoles.getJSONObject(i).getString("name").endsWith(OWNER)) { - userRoleDetail = - new ExternalAccessUserRoleDetail(extRoles.getJSONObject(i).getString("name"), null); - userRoleDetailList.add(userRoleDetail); - } - } - addUserRolesInLocal(userRoleDetailList, user, cenAppRolesMap, currentCentralizedUserAppRolesMap, - centralisedAppsMap); - } - } - - private void addUserRolesInLocal(List<ExternalAccessUserRoleDetail> userRoleDetailList, EPUser user, - HashMap<String, CentralizedAppRoles> cenAppRolesMap, - HashMap<String, CentralizedAppRoles> currentCentralizedUserAppRolesMap, - HashMap<String, EPApp> centralisedAppsMap) { - for (ExternalAccessUserRoleDetail extUserRoleDetail : userRoleDetailList) { - try { - // check if user already has role in local - if (!currentCentralizedUserAppRolesMap.containsKey(extUserRoleDetail.getName())) { - CentralizedAppRoles getCenAppRole = cenAppRolesMap.get(extUserRoleDetail.getName()); - if (getCenAppRole != null) { - logger.debug(EELFLoggerDelegate.debugLogger, - "addUserRolesInLocal: Adding user role from external auth system {}", - extUserRoleDetail.toString()); - EPUserApp userApp = new EPUserApp(); - EPApp app = new EPApp(); - app.setId(getCenAppRole.getAppId()); - EPRole epRole = new EPRole(); - epRole.setId(getCenAppRole.getRoleId()); - userApp.setApp(app); - userApp.setUserId(user.getId()); - userApp.setRole(epRole); - dataAccessService.saveDomainObject(userApp, null); - logger.debug(EELFLoggerDelegate.debugLogger, - "addUserRolesInLocal: Finished user role from external auth system {}", - extUserRoleDetail.toString()); - } else if (getCenAppRole == null // check if user has app - // account admin role - && extUserRoleDetail.getName().endsWith(PortalConstants.ADMIN_ROLE.replaceAll( - EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_"))) { - EPApp app = centralisedAppsMap.get(extUserRoleDetail.getName()); - if (app != null) { - logger.debug(EELFLoggerDelegate.debugLogger, - "addUserRolesInLocal: Adding user role from external auth system {}", - extUserRoleDetail.toString()); - EPUserApp userApp = new EPUserApp(); - EPRole epRole = new EPRole(); - epRole.setId(PortalConstants.ACCOUNT_ADMIN_ROLE_ID); - userApp.setApp(app); - userApp.setUserId(user.getId()); - userApp.setRole(epRole); - dataAccessService.saveDomainObject(userApp, null); - logger.debug(EELFLoggerDelegate.debugLogger, - "addUserRolesInLocal: Finished user role from external auth system {}", - extUserRoleDetail.toString()); - } - } - } - } catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger, - "addUserRolesInLocal - Failed to update user role in local from external auth system {} ", - extUserRoleDetail.toString(), e); - } - } - } - - @SuppressWarnings("unchecked") - private HashMap<String, EPApp> getCentralizedAdminAppsInfo() { - List<EPApp> centralizedApps = dataAccessService.executeNamedQuery("getCentralizedApps", null, null); - HashMap<String, EPApp> centralisedAppsMap = new HashMap<>(); - for (EPApp cenApp : centralizedApps) { - centralisedAppsMap.put( - cenApp.getNameSpace() + "." - + PortalConstants.ADMIN_ROLE.replaceAll( - EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_"), - cenApp); - } - return centralisedAppsMap; - } - - private HashMap<String, CentralizedAppRoles> getCurrentUserCentralizedAppRoles( - List<CentralizedAppRoles> currentUserAppRoles) { - HashMap<String, CentralizedAppRoles> currentCentralizedUserAppRolesMap = new HashMap<>(); - for (CentralizedAppRoles cenAppUserRole : currentUserAppRoles) { - currentCentralizedUserAppRolesMap.put( - cenAppUserRole.getAppNameSpace() + "." - + cenAppUserRole.getRoleName().replaceAll( - EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_"), - cenAppUserRole); - } - return currentCentralizedUserAppRolesMap; - } - - @SuppressWarnings("unchecked") - private HashMap<String, CentralizedAppRoles> getCentralizedAppRoleList() { - List<CentralizedAppRoles> centralizedAppRoles = - dataAccessService.executeNamedQuery("getAllCentralizedAppsRoles", null, null); - HashMap<String, CentralizedAppRoles> cenAppRolesMap = new HashMap<>(); - for (CentralizedAppRoles CentralizedAppRole : centralizedAppRoles) { - cenAppRolesMap.put( - CentralizedAppRole.getAppNameSpace() + "." - + CentralizedAppRole.getRoleName().replaceAll( - EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_"), - CentralizedAppRole); - } - return cenAppRolesMap; - } - - @Override - public ResponseEntity<String> getUserRolesFromExtAuthSystem(String name, HttpEntity<String> getUserRolesEntity) { - logger.debug(EELFLoggerDelegate.debugLogger, "Connecting to external system to get current user roles"); - ResponseEntity<String> getResponse = - template.exchange(SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) - + "roles/user/" + name, HttpMethod.GET, getUserRolesEntity, String.class); - if (getResponse.getStatusCode().value() == 200) { - logger.debug(EELFLoggerDelegate.debugLogger, - "getAllUserRoleFromExtAuthSystem: Finished GET user roles from external system and received user roles {}", - getResponse.getBody()); - } else { - logger.error(EELFLoggerDelegate.errorLogger, - "getAllUserRoleFromExtAuthSystem: Failed GET user roles from external system and received user roles {}", - getResponse.getBody()); - EPLogUtil.logExternalAuthAccessAlarm(logger, getResponse.getStatusCode()); - } - return getResponse; - } - - @Override - public Integer updateAppRoleDescription(String uebkey) { - Integer roleDescUpdated = 0; - EPApp app; - try { - app = getApp(uebkey).get(0); - List<EPRole> roles = getAppRoles(app.getId()); - for (EPRole epRole : roles) { - Role role = new Role(); - role.setName(epRole.getName()); - boolean status = addRoleDescriptionInExtSystem(role, app); - if (status) - roleDescUpdated++; - } - } catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger, "updateAppRoleDescription: Failed! ", e); - } - return roleDescUpdated; - } + private static final String APP_ROLE_NAME_PARAM = "appRoleName"; + private static final String GET_ROLE_TO_UPDATE_IN_EXTERNAL_AUTH_SYSTEM = "getRoletoUpdateInExternalAuthSystem"; + private static final String GET_PORTAL_APP_ROLES_QUERY = "getPortalAppRoles"; + private static final String GET_ROLE_FUNCTION_QUERY = "getRoleFunction"; + private static final String FUNCTION_CODE_PARAMS = "functionCode"; + private static final String AND_FUNCTION_CD_EQUALS = " and function_cd = '"; + private static final String OWNER = ".owner"; + private static final String ADMIN = ".admin"; + private static final String ACCOUNT_ADMINISTRATOR = ".Account_Administrator"; + private static final String FUNCTION_PIPE = "|"; + private static final String EXTERNAL_AUTH_PERMS = "perms"; + private static final String EXTERNAL_AUTH_ROLE_DESCRIPTION = "description"; + private static final String IS_EMPTY_JSON_STRING = "{}"; + private static final String CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE = "Connecting to External Auth system"; + private static final String APP_ID = "appId"; + private static final String ROLE_NAME = "name"; + private static final String APP_ID_EQUALS = " app_id = "; + private static EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(ExternalAccessRolesServiceImpl.class); + @Autowired + private DataAccessService dataAccessService; + @Autowired + private EPAppService epAppService; + @Autowired + private SessionFactory sessionFactory; + @Autowired + EPRoleService ePRoleService; + RestTemplate template = new RestTemplate(); + // These decode values are based on HexDecoder + static final String decodeValueOfForwardSlash = "2f"; + static final String decodeValueOfHiphen = "2d"; + static final String decodeValueOfStar = "2a"; + + @SuppressWarnings("unchecked") + @Override + public List<EPRole> getAppRoles(Long appId) throws Exception { + List<EPRole> applicationRoles = null; + final Map<String, Long> appParams = new HashMap<>(); + try { + if (appId == 1) { + applicationRoles = dataAccessService.executeNamedQuery("getPortalAppRolesList", null, null); + } else { + appParams.put("appId", appId); + applicationRoles = dataAccessService.executeNamedQuery("getPartnerAppRolesList", appParams, null); + } + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, "getAppRoles: failed", e); + throw e; + } + return applicationRoles; + } + + @SuppressWarnings("unchecked") + @Override + public List<EPApp> getApp(String uebkey) throws Exception { + List<EPApp> app = null; + try { + final Map<String, String> appUebkeyParams = new HashMap<>(); + appUebkeyParams.put("appKey", uebkey); + app = dataAccessService.executeNamedQuery("getMyAppDetailsByUebKey", appUebkeyParams, null); + if (!app.isEmpty() && !app.get(0).getEnabled() + && !app.get(0).getId().equals(PortalConstants.PORTAL_APP_ID)) { + throw new InactiveApplicationException("Application:" + app.get(0).getName() + " is Unavailable"); + } + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, "getApp: failed", e); + throw e; + } + return app; + } + + /** + * It returns single application role from external auth system + * + * @param addRole + * @param app + * @return JSON string which contains application role details + * @throws Exception + */ + private String getSingleAppRole(String addRole, EPApp app) throws Exception { + HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth(); + HttpEntity<String> entity = new HttpEntity<>(headers); + ResponseEntity<String> response = null; + logger.debug(EELFLoggerDelegate.debugLogger, "getSingleAppRole: Connecting to External Auth system"); + response = template.exchange( + SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "roles/" + + app.getNameSpace() + "." + addRole + .replaceAll(EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_"), + HttpMethod.GET, entity, String.class); + logger.debug(EELFLoggerDelegate.debugLogger, + "getSingleAppRole: Finished GET app role from External Auth system and status code: {} ", + response.getStatusCode().value()); + return response.getBody(); + } + + @Override + public boolean addRole(Role addRole, String uebkey) throws Exception { + boolean response = false; + ResponseEntity<String> addResponse = null; + HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth(); + EPApp app = getApp(uebkey).get(0); + String newRole = updateExistingRoleInExternalSystem(addRole, app); + HttpEntity<String> entity = new HttpEntity<>(newRole, headers); + logger.debug(EELFLoggerDelegate.debugLogger, "addRole: Connecting to External Auth system"); + addResponse = template.exchange( + SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "role", + HttpMethod.POST, entity, String.class); + if (addResponse.getStatusCode().value() == 201) { + response = true; + logger.debug(EELFLoggerDelegate.debugLogger, + "addRole: Finished adding role in the External Auth system and response code: {} ", + addResponse.getStatusCode().value()); + } + if (addResponse.getStatusCode().value() == 406) { + logger.error(EELFLoggerDelegate.errorLogger, + "addRole: Failed to add in the External Auth system due to {} and status code: {}", + addResponse.getBody(), addResponse.getStatusCode().value()); + } + return response; + } + + /** + * + * It deletes record in external auth system + * + * @param delRole + * @return JSON String which has status code and response body + * @throws Exception + */ + private ResponseEntity<String> deleteRoleInExternalSystem(String delRole) throws Exception { + ResponseEntity<String> delResponse = null; + HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth(); + HttpEntity<String> entity = new HttpEntity<>(delRole, headers); + logger.debug(EELFLoggerDelegate.debugLogger, "deleteRoleInExternalSystem: {} for DELETE: {}", + CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE, delRole); + delResponse = template.exchange( + SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "role?force=true", + HttpMethod.DELETE, entity, String.class); + logger.debug(EELFLoggerDelegate.debugLogger, + "deleteRoleInExternalSystem: Finished DELETE operation in the External Auth system {} and status code: {} ", + delRole, delResponse.getStatusCode().value()); + return delResponse; + } + + /** + * It updates role in external auth system + * + * @param updateExtRole + * @param app + * @return true if success else false + * @throws Exception If updateRoleInExternalSystem fails we catch it in logger + * for detail message + */ + private boolean updateRoleInExternalSystem(Role updateExtRole, EPApp app, boolean isGlobalRole) throws Exception { + boolean response = false; + ObjectMapper mapper = new ObjectMapper(); + ResponseEntity<String> deleteResponse = null; + List<EPRole> epRoleList = null; + if (app.getId().equals(PortalConstants.PORTAL_APP_ID) + || (isGlobalRole && !app.getId().equals(PortalConstants.PORTAL_APP_ID))) { + epRoleList = getPortalAppRoleInfo(updateExtRole.getId()); + } else { + epRoleList = getPartnerAppRoleInfo(updateExtRole.getId(), app); + } + // Assigning functions to global role + if ((isGlobalRole && !app.getId().equals(PortalConstants.PORTAL_APP_ID))) { + List<RoleFunction> globalRoleFunctionListNew = convertSetToListOfRoleFunctions(updateExtRole); + EPApp portalAppInfo = epAppService.getApp(PortalConstants.PORTAL_APP_ID); + addFunctionsTOGlobalRole(epRoleList, updateExtRole, globalRoleFunctionListNew, mapper, app, portalAppInfo); + response = true; + } else { + String appRole = getSingleAppRole(epRoleList.get(0).getName(), app); + List<RoleFunction> roleFunctionListNew = convertSetToListOfRoleFunctions(updateExtRole); + if (!appRole.equals(IS_EMPTY_JSON_STRING)) { + JSONObject jsonObj = new JSONObject(appRole); + JSONArray extRole = jsonObj.getJSONArray("role"); + if (!extRole.getJSONObject(0).has(EXTERNAL_AUTH_ROLE_DESCRIPTION)) { + String roleName = extRole.getJSONObject(0).getString(ROLE_NAME); + Map<String, String> delRoleKeyMapper = new HashMap<>(); + delRoleKeyMapper.put(ROLE_NAME, roleName); + String delRoleKeyValue = mapper.writeValueAsString(delRoleKeyMapper); + deleteResponse = deleteRoleInExternalSystem(delRoleKeyValue); + if (deleteResponse.getStatusCode().value() != 200) { + throw new ExternalAuthSystemException(deleteResponse.getBody()); + } + addRole(updateExtRole, app.getUebKey()); + } else { + String desc = extRole.getJSONObject(0).getString(EXTERNAL_AUTH_ROLE_DESCRIPTION); + String name = extRole.getJSONObject(0).getString(ROLE_NAME); + List<ExternalAccessPerms> list = new ArrayList<>(); + if (extRole.getJSONObject(0).has(EXTERNAL_AUTH_PERMS)) { + JSONArray perms = extRole.getJSONObject(0).getJSONArray(EXTERNAL_AUTH_PERMS); + list = mapper.readValue(perms.toString(), TypeFactory.defaultInstance() + .constructCollectionType(List.class, ExternalAccessPerms.class)); + } + // If role name or role functions are updated then delete + // record in External System and add new record to avoid + // conflicts + boolean isRoleNameChanged = false; + if (!desc.equals(updateExtRole.getName())) { + isRoleNameChanged = true; + deleteRoleInExtSystem(mapper, name); + addRole(updateExtRole, app.getUebKey()); + // add partner functions to the global role in External + // Auth System + if (!list.isEmpty() && isGlobalRole) { + addPartnerHasRoleFunctionsToGlobalRole(list, mapper, app, updateExtRole); + } + list.removeIf( + perm -> EcompPortalUtils.checkNameSpaceMatching(perm.getType(), app.getNameSpace())); + // if role name is changes please ignore the previous + // functions in External Auth + // and update with user requested functions + addRemoveFunctionsToRole(updateExtRole, app, mapper, roleFunctionListNew, name, list); + } + // Delete role in External System if role is inactive + if (!updateExtRole.getActive()) { + deleteRoleInExtSystem(mapper, name); + } + if (!isRoleNameChanged) { + response = addRemoveFunctionsToRole(updateExtRole, app, mapper, roleFunctionListNew, name, + list); + } + } + } else { + // It seems like role exists in local DB but not in External + // Access system + if (updateExtRole.getActive()) { + addRole(updateExtRole, app.getUebKey()); + ExternalAccessRolePerms extAddRolePerms = null; + ExternalAccessPerms extAddPerms = null; + List<RoleFunction> roleFunctionListAdd = convertSetToListOfRoleFunctions(updateExtRole); + HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth(); + for (RoleFunction roleFunc : roleFunctionListAdd) { + extAddPerms = new ExternalAccessPerms(app.getNameSpace() + "." + roleFunc.getType(), + roleFunc.getCode(), roleFunc.getAction()); + extAddRolePerms = new ExternalAccessRolePerms(extAddPerms, + app.getNameSpace() + "." + updateExtRole.getName().replaceAll( + EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_")); + response = addRoleFuncExtSysRestAPI(mapper, extAddRolePerms, headers); + } + } + } + } + return response; + } + + private void deleteRoleInExtSystem(ObjectMapper mapper, String name) + throws JsonProcessingException, Exception, ExternalAuthSystemException { + ResponseEntity<String> deleteResponse; + Map<String, String> delRoleKeyMapper = new HashMap<>(); + delRoleKeyMapper.put(ROLE_NAME, name); + String delRoleKeyValue = mapper.writeValueAsString(delRoleKeyMapper); + deleteResponse = deleteRoleInExternalSystem(delRoleKeyValue); + if (deleteResponse.getStatusCode().value() != 200) { + logger.error(EELFLoggerDelegate.errorLogger, + "updateRoleInExternalSystem: Failed to delete role in external system due to {} ", + deleteResponse.getBody()); + throw new ExternalAuthSystemException(deleteResponse.getBody()); + } + } + + private boolean addRemoveFunctionsToRole(Role updateExtRole, EPApp app, ObjectMapper mapper, + List<RoleFunction> roleFunctionListNew, String name, List<ExternalAccessPerms> list) throws Exception { + boolean response; + Map<String, RoleFunction> updateRoleFunc = new HashMap<>(); + for (RoleFunction addPerm : roleFunctionListNew) { + updateRoleFunc.put(addPerm.getCode(), addPerm); + } + final Map<String, ExternalAccessPerms> extRolePermMap = new HashMap<>(); + final Map<String, ExternalAccessPerms> extRolePermMapPipes = new HashMap<>(); + list.removeIf(perm -> !EcompPortalUtils.checkNameSpaceMatching(perm.getType(), app.getNameSpace())); + // Update permissions in the ExternalAccess System + HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth(); + if (!list.isEmpty()) { + for (ExternalAccessPerms perm : list) { + RoleFunction roleFunc = updateRoleFunc.get(perm.getType().substring(app.getNameSpace().length() + 1) + + FUNCTION_PIPE + perm.getInstance() + FUNCTION_PIPE + perm.getAction()); + if (roleFunc == null) { + RoleFunction roleFuncPipeFilter = updateRoleFunc.get(perm.getInstance()); + if (roleFuncPipeFilter == null) + removePermForRole(perm, mapper, name, headers); + } + extRolePermMap.put(perm.getInstance(), perm); + extRolePermMapPipes.put(perm.getType().substring(app.getNameSpace().length() + 1) + FUNCTION_PIPE + + perm.getInstance() + FUNCTION_PIPE + perm.getAction(), perm); + } + } + response = true; + if (!roleFunctionListNew.isEmpty()) { + for (RoleFunction roleFunc : roleFunctionListNew) { + if (roleFunc.getCode().contains(FUNCTION_PIPE)) { + ExternalAccessPerms perm = extRolePermMapPipes.get(roleFunc.getCode()); + if (perm == null) { + response = addFunctionsToRoleInExternalAuthSystem(updateExtRole, app, mapper, headers, + roleFunc); + } + } else { + if (!extRolePermMap.containsKey(EcompPortalUtils.getFunctionCode(roleFunc.getCode()))) { + response = addFunctionsToRoleInExternalAuthSystem(updateExtRole, app, mapper, headers, + roleFunc); + } + } + } + } + return response; + } + + /* + * Adds function to the role in the external auth system while editing a role or + * updating new functions to a role + * + */ + private boolean addFunctionsToRoleInExternalAuthSystem(Role updateExtRole, EPApp app, ObjectMapper mapper, + HttpHeaders headers, RoleFunction roleFunc) throws JsonProcessingException { + boolean response; + ExternalAccessRolePerms extRolePerms; + ExternalAccessPerms extPerms; + String code = ""; + String type = ""; + String action = ""; + if (roleFunc.getCode().contains(FUNCTION_PIPE)) { + code = EcompPortalUtils.getFunctionCode(roleFunc.getCode()); + type = EcompPortalUtils.getFunctionType(roleFunc.getCode()); + action = getFunctionCodeAction(roleFunc.getCode()); + } else { + code = roleFunc.getCode(); + type = roleFunc.getCode().contains("menu") ? "menu" : "url"; + action = "*"; + } + extPerms = new ExternalAccessPerms(app.getNameSpace() + "." + type, code, action); + extRolePerms = new ExternalAccessRolePerms(extPerms, app.getNameSpace() + "." + updateExtRole.getName() + .replaceAll(EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_")); + String updateRolePerms = mapper.writeValueAsString(extRolePerms); + HttpEntity<String> entity = new HttpEntity<>(updateRolePerms, headers); + logger.debug(EELFLoggerDelegate.debugLogger, "updateRoleInExternalSystem: {} for POST: {}", + CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE, updateRolePerms); + ResponseEntity<String> addResponse = template.exchange( + SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "role/perm", + HttpMethod.POST, entity, String.class); + if (addResponse.getStatusCode().value() != 201 && addResponse.getStatusCode().value() != 409) { + response = false; + logger.debug(EELFLoggerDelegate.debugLogger, + "updateRoleInExternalSystem: Connected to External Auth system but something went wrong! due to {} and statuscode: {}", + addResponse.getStatusCode().getReasonPhrase(), addResponse.getStatusCode().value()); + } else { + response = true; + logger.debug(EELFLoggerDelegate.debugLogger, + "updateRoleInExternalSystem: Finished adding permissions to roles in External Auth system {} and status code: {} ", + updateRolePerms, addResponse.getStatusCode().value()); + } + return response; + } + + private void addPartnerHasRoleFunctionsToGlobalRole(List<ExternalAccessPerms> permslist, ObjectMapper mapper, + EPApp app, Role updateExtRole) throws Exception { + for (ExternalAccessPerms perm : permslist) { + if (!EcompPortalUtils.checkNameSpaceMatching(perm.getType(), app.getNameSpace())) { + ExternalAccessRolePerms extAddGlobalRolePerms = null; + ExternalAccessPerms extAddPerms = null; + extAddPerms = new ExternalAccessPerms(perm.getType(), perm.getInstance(), perm.getAction()); + extAddGlobalRolePerms = new ExternalAccessRolePerms(extAddPerms, + app.getNameSpace() + "." + updateExtRole.getName().replaceAll( + EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_")); + String addPerms = mapper.writeValueAsString(extAddGlobalRolePerms); + HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth(); + HttpEntity<String> entity = new HttpEntity<>(addPerms, headers); + logger.debug(EELFLoggerDelegate.debugLogger, "addPartnerHasRoleFunctionsToGlobalRole: {} ", + CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE); + try { + ResponseEntity<String> addResponse = template + .exchange(SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + + "role/perm", HttpMethod.POST, entity, String.class); + if (addResponse.getStatusCode().value() != 201) { + logger.debug(EELFLoggerDelegate.debugLogger, + "addPartnerHasRoleFunctionsToGlobalRole: While adding permission to the role in External Auth system something went wrong! due to {} and statuscode: {}", + addResponse.getStatusCode().getReasonPhrase(), addResponse.getStatusCode().value()); + } else { + logger.debug(EELFLoggerDelegate.debugLogger, + "addPartnerHasRoleFunctionsToGlobalRole: Finished adding permissions to roles in External Auth system and status code: {} ", + addResponse.getStatusCode().value()); + } + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, + "addPartnerHasRoleFunctionsToGlobalRole: Failed for POST request: {} due to ", addPerms, e); + } + } + } + } + + @SuppressWarnings("unchecked") + private void addFunctionsTOGlobalRole(List<EPRole> epRoleList, Role updateExtRole, + List<RoleFunction> roleFunctionListNew, ObjectMapper mapper, EPApp app, EPApp portalAppInfo) + throws Exception { + try { + logger.debug(EELFLoggerDelegate.debugLogger, "Entering into addFunctionsTOGlobalRole"); + // GET Permissions from External Auth System + JSONArray extPerms = getExtAuthPermissions(app); + List<ExternalAccessPermsDetail> permsDetailList = getExtAuthPerrmissonList(app, extPerms); + final Map<String, ExternalAccessPermsDetail> existingPermsWithRoles = new HashMap<>(); + final Map<String, ExternalAccessPermsDetail> existingPermsWithRolesWithPipes = new HashMap<>(); + final Map<String, RoleFunction> userRquestedFunctionsMap = new HashMap<>(); + final Map<String, RoleFunction> userRquestedFunctionsMapPipesFilter = new HashMap<>(); + for (ExternalAccessPermsDetail permDetail : permsDetailList) { + existingPermsWithRoles.put(EcompPortalUtils.getFunctionCode(permDetail.getInstance()), permDetail); + existingPermsWithRolesWithPipes.put(permDetail.getInstance(), permDetail); + } + // Add If function does not exists for role in External Auth System + for (RoleFunction roleFunc : roleFunctionListNew) { + String roleFuncCode = ""; + ExternalAccessPermsDetail permsDetail; + if (roleFunc.getCode().contains(FUNCTION_PIPE)) { + roleFuncCode = roleFunc.getCode(); + permsDetail = existingPermsWithRolesWithPipes.get(roleFunc.getCode()); + } else { + roleFuncCode = EcompPortalUtils.getFunctionCode(roleFunc.getCode()); + permsDetail = existingPermsWithRoles.get(roleFuncCode); + } + if (null == permsDetail.getRoles() + || !permsDetail.getRoles() + .contains(portalAppInfo.getNameSpace() + FUNCTION_PIPE + + epRoleList.get(0).getName().replaceAll( + EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, + "_"))) { + addRoleFunctionsToGlobalRoleInExternalSystem(roleFunc, updateExtRole, mapper, app, portalAppInfo); + } + userRquestedFunctionsMap.put(roleFuncCode, roleFunc); + userRquestedFunctionsMapPipesFilter.put(EcompPortalUtils.getFunctionCode(roleFuncCode), roleFunc); + } + // Delete functions if exists in External Auth System but not in + // incoming + // request + final Map<String, Long> epAppRoleFuncParams = new HashMap<>(); + epAppRoleFuncParams.put("requestedAppId", app.getId()); + epAppRoleFuncParams.put("roleId", updateExtRole.getId()); + List<GlobalRoleWithApplicationRoleFunction> globalRoleFunctionList = dataAccessService + .executeNamedQuery("getGlobalRoleForRequestedApp", epAppRoleFuncParams, null); + for (GlobalRoleWithApplicationRoleFunction globalRoleFunc : globalRoleFunctionList) { + String globalRoleFuncWithoutPipes = ""; + RoleFunction roleFunc = null; + if (globalRoleFunc.getFunctionCd().contains(FUNCTION_PIPE)) { + globalRoleFuncWithoutPipes = globalRoleFunc.getFunctionCd(); + roleFunc = userRquestedFunctionsMap.get(globalRoleFuncWithoutPipes); + } else { + globalRoleFuncWithoutPipes = EcompPortalUtils.getFunctionCode(globalRoleFunc.getFunctionCd()); + roleFunc = userRquestedFunctionsMapPipesFilter.get(globalRoleFuncWithoutPipes); + } + if (roleFunc == null) { + ExternalAccessPermsDetail permDetailFromMap = globalRoleFunc.getFunctionCd().contains(FUNCTION_PIPE) + ? existingPermsWithRolesWithPipes.get(globalRoleFuncWithoutPipes) + : existingPermsWithRoles.get(globalRoleFuncWithoutPipes); + ExternalAccessPerms perm = new ExternalAccessPerms(permDetailFromMap.getType(), + EcompPortalUtils.getFunctionCode(permDetailFromMap.getInstance()), + permDetailFromMap.getAction()); + String roleName = portalAppInfo.getNameSpace() + "." + globalRoleFunc.getRoleName() + .replaceAll(EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_"); + HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth(); + removePermForRole(perm, mapper, roleName, headers); + } + } + logger.debug(EELFLoggerDelegate.debugLogger, "Finished addFunctionsTOGlobalRole"); + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, "addFunctionsTOGlobalRole: Failed", e); + throw e; + } + } + + private void addRoleFunctionsToGlobalRoleInExternalSystem(RoleFunction addFunction, Role globalRole, + ObjectMapper mapper, EPApp app, EPApp portalAppInfo) throws Exception { + try { + logger.debug(EELFLoggerDelegate.debugLogger, "Entering into addRoleFunctionsToGlobalRoleInExternalSystem"); + ExternalAccessRolePerms extAddRolePerms = null; + ExternalAccessPerms extAddPerms = null; + HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth(); + String code = ""; + String type = ""; + String action = ""; + if (addFunction.getCode().contains(FUNCTION_PIPE)) { + code = EcompPortalUtils.getFunctionCode(addFunction.getCode()); + type = getFunctionCodeType(addFunction.getCode()); + action = getFunctionCodeAction(addFunction.getCode()); + } else { + code = addFunction.getCode(); + type = addFunction.getCode().contains("menu") ? "menu" : "url"; + action = "*"; + } + extAddPerms = new ExternalAccessPerms(app.getNameSpace() + "." + type, code, action); + extAddRolePerms = new ExternalAccessRolePerms(extAddPerms, portalAppInfo.getNameSpace() + "." + globalRole + .getName().replaceAll(EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_")); + String updateRolePerms = mapper.writeValueAsString(extAddRolePerms); + HttpEntity<String> entity = new HttpEntity<>(updateRolePerms, headers); + logger.debug(EELFLoggerDelegate.debugLogger, "addRoleFunctionsInExternalSystem: {} ", + CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE); + ResponseEntity<String> addResponse = template.exchange( + SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "role/perm", + HttpMethod.POST, entity, String.class); + if (addResponse.getStatusCode().value() != 201) { + logger.debug(EELFLoggerDelegate.debugLogger, + "addRoleFunctionsInExternalSystem: While adding permission to the role in External Auth system something went wrong! due to {} and statuscode: {}", + addResponse.getStatusCode().getReasonPhrase(), addResponse.getStatusCode().value()); + } else { + logger.debug(EELFLoggerDelegate.debugLogger, + "addRoleFunctionsInExternalSystem: Finished adding permissions to roles in External Auth system and status code: {} ", + addResponse.getStatusCode().value()); + } + logger.debug(EELFLoggerDelegate.debugLogger, "Finished addRoleFunctionsToGlobalRoleInExternalSystem"); + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, "addRoleFunctionsToGlobalRoleInExternalSystem: Failed", e); + throw e; + } + } + + private boolean addRoleFuncExtSysRestAPI(ObjectMapper addPermsMapper, ExternalAccessRolePerms extAddRolePerms, + HttpHeaders headers) throws JsonProcessingException { + boolean response; + String updateRolePerms = addPermsMapper.writeValueAsString(extAddRolePerms); + HttpEntity<String> entity = new HttpEntity<>(updateRolePerms, headers); + logger.debug(EELFLoggerDelegate.debugLogger, "addRoleFunctionsInExternalSystem: {} for POST: {} ", + CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE, updateRolePerms); + ResponseEntity<String> addResponse = template.exchange( + SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "role/perm", + HttpMethod.POST, entity, String.class); + if (addResponse.getStatusCode().value() != 201 && addResponse.getStatusCode().value() != 409) { + response = false; + logger.debug(EELFLoggerDelegate.debugLogger, + "addRoleFunctionsInExternalSystem: While adding permission to the role in External Auth system something went wrong! due to {} and statuscode: {}", + addResponse.getStatusCode().getReasonPhrase(), addResponse.getStatusCode().value()); + } else { + response = true; + logger.debug(EELFLoggerDelegate.debugLogger, + "addRoleFunctionsInExternalSystem: Finished adding permissions to roles in External Auth system {} and status code: {} ", + updateRolePerms, addResponse.getStatusCode().value()); + } + return response; + } + + /** + * + * It converts list of functions in updateExtRole parameter to the RoleFunction + * object + * + * @param updateExtRole + * @return list of functions + */ + @SuppressWarnings("unchecked") + private List<RoleFunction> convertSetToListOfRoleFunctions(Role updateExtRole) { + Set<RoleFunction> roleFunctionSetList = updateExtRole.getRoleFunctions(); + List<RoleFunction> roleFunctionList = new ArrayList<>(); + ObjectMapper roleFuncMapper = new ObjectMapper(); + Iterator<RoleFunction> itetaror = roleFunctionSetList.iterator(); + while (itetaror.hasNext()) { + Object nextValue = itetaror.next(); + RoleFunction roleFunction = roleFuncMapper.convertValue(nextValue, RoleFunction.class); + roleFunctionList.add(roleFunction); + } + return roleFunctionList.stream().distinct().collect(Collectors.toList()); + } + + /** + * It delete permissions/functions in the external auth system + * + * @param perm + * @param permMapper + * @param name + * @param headers + * @throws JsonProcessingException + * @throws Exception + */ + private void removePermForRole(ExternalAccessPerms perm, ObjectMapper permMapper, String name, HttpHeaders headers) + throws ExternalAuthSystemException, JsonProcessingException { + ExternalAccessRolePerms extAccessRolePerms = new ExternalAccessRolePerms(perm, name); + String permDetails = permMapper.writeValueAsString(extAccessRolePerms); + try { + HttpEntity<String> deleteEntity = new HttpEntity<>(permDetails, headers); + logger.debug(EELFLoggerDelegate.debugLogger, "removePermForRole: {} for DELETE: {} ", + CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE, permDetails); + ResponseEntity<String> deletePermResponse = template + .exchange(SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + + "role/" + name + "/perm", HttpMethod.DELETE, deleteEntity, String.class); + if (deletePermResponse.getStatusCode().value() != 200) { + throw new ExternalAuthSystemException(deletePermResponse.getBody()); + } + logger.debug(EELFLoggerDelegate.debugLogger, + "removePermForRole: Finished deleting permission to role in External Auth system: {} and status code: {}", + permDetails, deletePermResponse.getStatusCode().value()); + } catch (Exception e) { + if (e.getMessage().contains("404")) { + logger.error(EELFLoggerDelegate.errorLogger, "Failed to add role for DELETE request: {} due to {}", + permDetails, e.getMessage()); + } else { + throw e; + } + } + } + + /** + * It will create new role in the External Auth System + * + * @param newRole + * @param app + * @return true if successfully added in the system else false + * @throws Exception If fails to add role in the system + */ + private void addNewRoleInExternalSystem(List<EPRole> newRole, EPApp app) + throws Exception, HttpClientErrorException { + try { + HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth(); + ObjectMapper mapper = new ObjectMapper(); + String addNewRole = ""; + ExternalAccessRole extRole = new ExternalAccessRole(); + extRole.setName(app.getNameSpace() + "." + newRole.get(0).getName() + .replaceAll(EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_")); + extRole.setDescription(String.valueOf(newRole.get(0).getName())); + addNewRole = mapper.writeValueAsString(extRole); + HttpEntity<String> postEntity = new HttpEntity<>(addNewRole, headers); + logger.debug(EELFLoggerDelegate.debugLogger, "addNewRoleInExternalSystem: {} for POST: {} ", + CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE, addNewRole); + ResponseEntity<String> addNewRoleInExternalSystem = template.exchange( + SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "role", + HttpMethod.POST, postEntity, String.class); + if (addNewRoleInExternalSystem.getStatusCode().value() == 201) { + logger.debug(EELFLoggerDelegate.debugLogger, + "addNewRoleInExternalSystem: Finished adding into External Auth system for POST: {} and status code: {}", + addNewRole, addNewRoleInExternalSystem.getStatusCode().value()); + } + } catch (HttpClientErrorException ht) { + dataAccessService.deleteDomainObjects(EPRole.class, " role_id = " + newRole.get(0).getId(), null); + logger.error(EELFLoggerDelegate.debugLogger, + "addNewRoleInExternalSystem: Failed to add in External Auth system and status code: {}", ht); + throw new HttpClientErrorException(ht.getStatusCode()); + } + } + + /** + * + * It updates existing role in the External Auth System + * + * @param addRole It Contains role information + * @param app + * @return string which is formatted to match with the external auth system + * @throws JsonProcessingException + */ + private String updateExistingRoleInExternalSystem(Role addRole, EPApp app) throws JsonProcessingException { + ObjectMapper mapper = new ObjectMapper(); + String addNewRole = ""; + ExternalAccessRole extRole = new ExternalAccessRole(); + extRole.setName(app.getNameSpace() + "." + addRole.getName() + .replaceAll(EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_")); + extRole.setDescription(String.valueOf(addRole.getName())); + addNewRole = mapper.writeValueAsString(extRole); + return addNewRole; + } + + /** + * It create a role in the external auth system and then in our local + * + * @param addRoleInDB + * @param app + * @return true else false + * @throws Exception + */ + @SuppressWarnings("unchecked") + @Transactional(rollbackFor = Exception.class) + public boolean addRoleInEcompDB(Role addRoleInDB, EPApp app) throws Exception { + boolean result = false; + EPRole epRole = null; + Set<RoleFunction> roleFunctionList = addRoleInDB.getRoleFunctions(); + List<RoleFunction> roleFunctionListNew = new ArrayList<>(); + ObjectMapper mapper = new ObjectMapper(); + Iterator<RoleFunction> itetaror = roleFunctionList.iterator(); + while (itetaror.hasNext()) { + Object nextValue = itetaror.next(); + RoleFunction roleFunction = mapper.convertValue(nextValue, RoleFunction.class); + roleFunctionListNew.add(roleFunction); + } + List<RoleFunction> listWithoutDuplicates = roleFunctionListNew.stream().distinct().collect(Collectors.toList()); + try { + if (addRoleInDB.getId() == null) { // check if it is new role + if (EcompPortalUtils.checkIfRemoteCentralAccessAllowed()) { + checkIfRoleExitsInExternalSystem(addRoleInDB, app); + } + EPRole epRoleNew = new EPRole(); + epRoleNew.setActive(addRoleInDB.getActive()); + epRoleNew.setName(addRoleInDB.getName()); + epRoleNew.setPriority(addRoleInDB.getPriority()); + if (app.getId().equals(PortalConstants.PORTAL_APP_ID)) { + epRoleNew.setAppId(null); + } else { + epRoleNew.setAppId(app.getId()); + } + dataAccessService.saveDomainObject(epRoleNew, null); + List<EPRole> getRoleCreated = null; + final Map<String, String> epAppRoleParams = new HashMap<>(); + final Map<String, String> epAppPortalRoleParams = new HashMap<>(); + if (!app.getId().equals(PortalConstants.PORTAL_APP_ID)) { + epAppRoleParams.put("appId", String.valueOf(app.getId())); + epAppRoleParams.put(APP_ROLE_NAME_PARAM, addRoleInDB.getName()); + List<EPRole> roleCreated = dataAccessService + .executeNamedQuery(GET_ROLE_TO_UPDATE_IN_EXTERNAL_AUTH_SYSTEM, epAppRoleParams, null); + EPRole epUpdateRole = roleCreated.get(0); + epUpdateRole.setAppRoleId(epUpdateRole.getId()); + dataAccessService.saveDomainObject(epUpdateRole, null); + getRoleCreated = dataAccessService.executeNamedQuery(GET_ROLE_TO_UPDATE_IN_EXTERNAL_AUTH_SYSTEM, + epAppRoleParams, null); + } else { + epAppPortalRoleParams.put(APP_ROLE_NAME_PARAM, addRoleInDB.getName()); + getRoleCreated = dataAccessService.executeNamedQuery(GET_PORTAL_APP_ROLES_QUERY, + epAppPortalRoleParams, null); + } + // Add role in External Auth system + if (EcompPortalUtils.checkIfRemoteCentralAccessAllowed()) { + addNewRoleInExternalSystem(getRoleCreated, app); + } + result = true; + } else { // if role already exists then update it + EPRole globalRole = null; + List<EPRole> applicationRoles; + List<EPRole> globalRoleList = getGlobalRolesOfPortal(); + boolean isGlobalRole = false; + if (!globalRoleList.isEmpty()) { + EPRole role = globalRoleList.stream().filter(x -> addRoleInDB.getId().equals(x.getId())).findAny() + .orElse(null); + if (role != null) { + globalRole = role; + isGlobalRole = true; + } + } + if (app.getId().equals(PortalConstants.PORTAL_APP_ID) + || (globalRole != null && app.getId() != globalRole.getAppId())) { + applicationRoles = getPortalAppRoleInfo(addRoleInDB.getId()); + } else { + applicationRoles = getPartnerAppRoleInfo(addRoleInDB.getId(), app); + } + if (EcompPortalUtils.checkIfRemoteCentralAccessAllowed()) { + updateRoleInExternalSystem(addRoleInDB, app, isGlobalRole); + // Add all user to the re-named role in external auth system + if (!applicationRoles.isEmpty() + && !addRoleInDB.getName().equals(applicationRoles.get(0).getName())) { + bulkUploadUsersSingleRole(app.getUebKey(), applicationRoles.get(0).getId(), + addRoleInDB.getName()); + } + } + deleteRoleFunction(app, applicationRoles); + if (!applicationRoles.isEmpty()) { + epRole = applicationRoles.get(0); + epRole.setName(addRoleInDB.getName()); + epRole.setPriority(addRoleInDB.getPriority()); + epRole.setActive(addRoleInDB.getActive()); + if (app.getId().equals(PortalConstants.PORTAL_APP_ID)) { + epRole.setAppId(null); + epRole.setAppRoleId(null); + } else if (!app.getId().equals(PortalConstants.PORTAL_APP_ID) + && applicationRoles.get(0).getAppRoleId() == null) { + epRole.setAppRoleId(epRole.getId()); + } + dataAccessService.saveDomainObject(epRole, null); + } + Long roleAppId = null; + if (globalRole != null && !app.getId().equals(globalRole.getAppId())) + roleAppId = PortalConstants.PORTAL_APP_ID; + saveRoleFunction(listWithoutDuplicates, app, applicationRoles, roleAppId); + result = true; + } + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, "addRoleInEcompDB is failed", e); + throw e; + } + return result; + } + + /** + * + * It validates whether role exists in external auth system + * + * @param checkRole + * @param app + * @throws Exception If role exits + */ + private void checkIfRoleExitsInExternalSystem(Role checkRole, EPApp app) throws Exception { + getNameSpaceIfExists(app); + HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth(); + String roleName = app.getNameSpace() + "." + checkRole.getName() + .replaceAll(EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_"); + HttpEntity<String> checkRoleEntity = new HttpEntity<>(headers); + logger.debug(EELFLoggerDelegate.debugLogger, "checkIfRoleExitsInExternalSystem: {} ", + CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE); + ResponseEntity<String> checkRoleInExternalSystem = template + .exchange(SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "roles/" + + roleName, HttpMethod.GET, checkRoleEntity, String.class); + if (!checkRoleInExternalSystem.getBody().equals(IS_EMPTY_JSON_STRING)) { + logger.debug( + "checkIfRoleExitsInExternalSystem: Role already exists in external system {} and status code: {} ", + checkRoleInExternalSystem.getBody(), checkRoleInExternalSystem.getStatusCode().value()); + throw new ExternalAuthSystemException(" Role already exists in external system"); + } + } + + /** + * It saves list of functions to the role in portal + * + * @param roleFunctionListNew + * @param app + * @param applicationRoles + * @throws Exception + */ + @SuppressWarnings("unchecked") + private void saveRoleFunction(List<RoleFunction> roleFunctionListNew, EPApp app, List<EPRole> applicationRoles, + Long roleAppId) throws Exception { + final Map<String, String> getAppFunctionParams = new HashMap<>(); + for (RoleFunction roleFunc : roleFunctionListNew) { + String code = EcompPortalUtils.getFunctionCode(roleFunc.getCode()); + EPAppRoleFunction appRoleFunc = new EPAppRoleFunction(); + appRoleFunc.setAppId(app.getId()); + appRoleFunc.setRoleId(applicationRoles.get(0).getId()); + appRoleFunc.setRoleAppId(String.valueOf(roleAppId)); + getAppFunctionParams.put("appId", String.valueOf(app.getId())); + getAppFunctionParams.put(FUNCTION_CODE_PARAMS, roleFunc.getCode()); + // query to check if function code has pipes + List<CentralV2RoleFunction> roleFunction = dataAccessService.executeNamedQuery(GET_ROLE_FUNCTION_QUERY, + getAppFunctionParams, null); + if (roleFunction.isEmpty()) { + getAppFunctionParams.put(FUNCTION_CODE_PARAMS, code); + roleFunction = dataAccessService.executeNamedQuery(GET_ROLE_FUNCTION_QUERY, getAppFunctionParams, null); + } + if (roleFunction.size() > 1) { + CentralV2RoleFunction getExactFunctionCode = appFunctionListFilter(code, roleFunction); + appRoleFunc.setCode(getExactFunctionCode.getCode()); + } else { + appRoleFunc.setCode(roleFunction.get(0).getCode()); + } + dataAccessService.saveDomainObject(appRoleFunc, null); + } + } + + /** + * + * It filters the app functions which starts with similar name in the result set + * + * @param roleFunc + * @param roleFunction + * @return CentralRoleFunction + */ + private CentralV2RoleFunction appFunctionListFilter(String roleFuncCode, List<CentralV2RoleFunction> roleFunction) { + final Map<String, CentralV2RoleFunction> appFunctionsFilter = new HashMap<>(); + final Map<String, CentralV2RoleFunction> appFunctionsFilterPipes = new HashMap<>(); + CentralV2RoleFunction getExactFunctionCode = null; + for (CentralV2RoleFunction cenRoleFunction : roleFunction) { + appFunctionsFilter.put(cenRoleFunction.getCode(), cenRoleFunction); + appFunctionsFilterPipes.put(EcompPortalUtils.getFunctionCode(cenRoleFunction.getCode()), cenRoleFunction); + } + getExactFunctionCode = appFunctionsFilter.get(roleFuncCode); + if (getExactFunctionCode == null) { + getExactFunctionCode = appFunctionsFilterPipes.get(roleFuncCode); + } + return getExactFunctionCode; + } + + /** + * It deletes all EPAppRoleFunction records in the portal + * + * @param app + * @param role + */ + @SuppressWarnings("unchecked") + private void deleteRoleFunction(EPApp app, List<EPRole> role) { + final Map<String, Long> appRoleFuncsParams = new HashMap<>(); + appRoleFuncsParams.put("appId", app.getId()); + appRoleFuncsParams.put("roleId", role.get(0).getId()); + List<EPAppRoleFunction> appRoleFunctionList = dataAccessService + .executeNamedQuery("getAppRoleFunctionOnRoleIdandAppId", appRoleFuncsParams, null); + if (!appRoleFunctionList.isEmpty()) { + for (EPAppRoleFunction approleFunction : appRoleFunctionList) { + dataAccessService.deleteDomainObject(approleFunction, null); + } + } + } + + @Override + @SuppressWarnings("unchecked") + public List<EPUser> getUser(String loginId) throws InvalidUserException { + final Map<String, String> userParams = new HashMap<>(); + userParams.put("org_user_id", loginId); + List<EPUser> userList = dataAccessService.executeNamedQuery("getEPUserByOrgUserId", userParams, null); + if (userList.isEmpty()) { + throw new InvalidUserException("User not found"); + } + return userList; + } + + @Override + public String getV2UserWithRoles(String loginId, String uebkey) throws Exception { + final Map<String, String> params = new HashMap<>(); + List<EPUser> userList = null; + CentralV2User cenV2User = null; + String result = null; + try { + params.put("orgUserIdValue", loginId); + List<EPApp> appList = getApp(uebkey); + if (!appList.isEmpty()) { + userList = getUser(loginId); + if (!userList.isEmpty()) { + ObjectMapper mapper = new ObjectMapper(); + cenV2User = getV2UserAppRoles(loginId, uebkey); + result = mapper.writeValueAsString(cenV2User); + } else if (userList.isEmpty()) { + throw new InvalidUserException("User not found"); + } + } else { + throw new InactiveApplicationException("Application not found"); + } + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, "getUser: failed", e); + throw e; + } + return result; + } + + @Override + public List<CentralV2Role> getRolesForApp(String uebkey) throws Exception { + logger.debug(EELFLoggerDelegate.debugLogger, "getRolesForApp: Entering into getRolesForApp"); + List<CentralV2Role> roleList = new ArrayList<>(); + final Map<String, Long> params = new HashMap<>(); + try { + List<EPApp> app = getApp(uebkey); + List<EPRole> appRolesList = getAppRoles(app.get(0).getId()); + roleList = createCentralRoleObject(app, appRolesList, roleList, params); + if (app.get(0).getId() != PortalConstants.PORTAL_APP_ID) { + List<CentralV2Role> globalRoleList = getGlobalRolesOfApplication(app.get(0).getId()); + List<EPRole> globalRolesList = getGlobalRolesOfPortal(); + List<CentralV2Role> portalsGlobalRolesFinlaList = new ArrayList<>(); + if (!globalRolesList.isEmpty()) { + for (EPRole eprole : globalRolesList) { + CentralV2Role cenRole = convertRoleToCentralV2Role(eprole); + portalsGlobalRolesFinlaList.add(cenRole); + } + roleList.addAll(globalRoleList); + for (CentralV2Role role : portalsGlobalRolesFinlaList) { + CentralV2Role result = roleList.stream().filter(x -> role.getId().equals(x.getId())).findAny() + .orElse(null); + if (result == null) + roleList.add(role); + } + } else { + for (EPRole role : globalRolesList) { + CentralV2Role cenRole = convertRoleToCentralV2Role(role); + roleList.add(cenRole); + } + } + } + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, "getRolesForApp: Failed!", e); + throw e; + } + logger.debug(EELFLoggerDelegate.debugLogger, "getRolesForApp: Finished!"); + return roleList.stream().distinct().collect(Collectors.toList()); + } + + @SuppressWarnings("unchecked") + @Override + public List<CentralV2RoleFunction> getRoleFuncList(String uebkey) throws Exception { + EPApp app = getApp(uebkey).get(0); + List<CentralV2RoleFunction> finalRoleList = new ArrayList<>(); + final Map<String, Long> params = new HashMap<>(); + params.put(APP_ID, app.getId()); + List<CentralV2RoleFunction> getRoleFuncList = dataAccessService.executeNamedQuery("getAllRoleFunctions", params, + null); + for (CentralV2RoleFunction roleFuncItem : getRoleFuncList) { + String code = EcompPortalUtils.getFunctionCode(roleFuncItem.getCode()); + String type = ""; + if (roleFuncItem.getCode().contains("|")) + type = EcompPortalUtils.getFunctionType(roleFuncItem.getCode()); + else + type = getFunctionCodeType(roleFuncItem.getCode()); + String action = getFunctionCodeAction(roleFuncItem.getCode()); + roleFuncItem.setCode(EPUserUtils.decodeFunctionCode(code)); + roleFuncItem.setType(type); + roleFuncItem.setAction(action); + finalRoleList.add(roleFuncItem); + } + return finalRoleList; + } + + @Override + public String getFunctionCodeAction(String roleFuncItem) { + return (!roleFuncItem.contains(FUNCTION_PIPE)) ? "*" : EcompPortalUtils.getFunctionAction(roleFuncItem); + } + + @Override + public String getFunctionCodeType(String roleFuncItem) { + String type = null; + if ((roleFuncItem.contains(FUNCTION_PIPE) && roleFuncItem.contains("menu")) + || (!roleFuncItem.contains(FUNCTION_PIPE) && roleFuncItem.contains("menu"))) { + type = "menu"; + } else if (checkIfCodeHasNoPipesAndHasTypeUrl(roleFuncItem) || checkIfCodeHasPipesAndHasTypeUrl(roleFuncItem) + || checkIfCodeHasNoPipesAndHasNoTypeUrl(roleFuncItem)) { + type = "url"; + } else if (roleFuncItem.contains(FUNCTION_PIPE) + && (!roleFuncItem.contains("menu") || roleFuncItem.contains("url"))) { + type = EcompPortalUtils.getFunctionType(roleFuncItem); + } + return type; + } + + /** + * + * It check whether function code has no pipes and no url string in it + * + * @param roleFuncItem + * @return true or false + */ + private boolean checkIfCodeHasNoPipesAndHasNoTypeUrl(String roleFuncItem) { + return !roleFuncItem.contains(FUNCTION_PIPE) && !roleFuncItem.contains("url"); + } + + /** + * + * It check whether function code has pipes and url string in it + * + * @param roleFuncItem + * @return true or false + */ + private boolean checkIfCodeHasPipesAndHasTypeUrl(String roleFuncItem) { + return roleFuncItem.contains(FUNCTION_PIPE) && roleFuncItem.contains("url"); + } + + /** + * + * It check whether function code has no pipes and has url string in it + * + * @param roleFuncItem + * @return true or false + */ + private boolean checkIfCodeHasNoPipesAndHasTypeUrl(String roleFuncItem) { + return !roleFuncItem.contains(FUNCTION_PIPE) && roleFuncItem.contains("url"); + } + + /** + * It returns user detail information which is deep copy of EPUser.class object + * + * @param userInfo + * @param userAppSet + * @param app + * @return + * @throws Exception + */ + @SuppressWarnings("unchecked") + private CentralV2User createEPUser(EPUser userInfo, Set<EPUserApp> userAppSet, EPApp app) throws Exception { + final Map<String, Long> params = new HashMap<>(); + CentralV2User userAppList = new CentralV2User(); + CentralV2User user1 = null; + final Map<String, Long> params1 = new HashMap<>(); + List<EPRole> globalRoleList = new ArrayList<>(); + try { + if (app.getId() != PortalConstants.PORTAL_APP_ID) { + params1.put("userId", userInfo.getId()); + params1.put("appId", app.getId()); + globalRoleList = dataAccessService.executeNamedQuery("userAppGlobalRoles", params1, null); + } + userAppList.setUserApps(new TreeSet<CentralV2UserApp>()); + for (EPUserApp userApp : userAppSet) { + if (userApp.getRole().getActive()) { + EPApp epApp = userApp.getApp(); + String globalRole = userApp.getRole().getName().toLowerCase(); + if (((epApp.getId().equals(app.getId())) + && (!userApp.getRole().getId().equals(PortalConstants.ACCOUNT_ADMIN_ROLE_ID))) + || ((epApp.getId().equals(PortalConstants.PORTAL_APP_ID)) + && (globalRole.toLowerCase().startsWith("global_")))) { + CentralV2UserApp cua = new CentralV2UserApp(); + cua.setUserId(null); + CentralApp cenApp = new CentralApp(1L, epApp.getCreated(), epApp.getModified(), + epApp.getCreatedId(), epApp.getModifiedId(), epApp.getRowNum(), epApp.getName(), + epApp.getImageUrl(), epApp.getDescription(), epApp.getNotes(), epApp.getUrl(), + epApp.getAlternateUrl(), epApp.getAppRestEndpoint(), epApp.getMlAppName(), + epApp.getMlAppAdminId(), String.valueOf(epApp.getMotsId()), epApp.getAppPassword(), + String.valueOf(epApp.getOpen()), String.valueOf(epApp.getEnabled()), + epApp.getThumbnail(), epApp.getUsername(), epApp.getUebKey(), epApp.getUebSecret(), + epApp.getUebTopicName()); + cenApp.setAppPassword(EPCommonSystemProperties.APP_DISPLAY_PASSWORD); + cua.setApp(cenApp); + Long appId = null; + if (globalRole.toLowerCase().startsWith("global_") + && epApp.getId().equals(PortalConstants.PORTAL_APP_ID) + && !epApp.getId().equals(app.getId())) { + appId = app.getId(); + EPRole result = null; + if (globalRoleList.size() > 0) + result = globalRoleList.stream() + .filter(x -> userApp.getRole().getId().equals(x.getId())).findAny() + .orElse(null); + if (result == null) + continue; + } else { + appId = userApp.getApp().getId(); + } + params.put("roleId", userApp.getRole().getId()); + params.put(APP_ID, appId); + List<CentralV2RoleFunction> appRoleFunctionList = dataAccessService + .executeNamedQuery("getAppRoleFunctionList", params, null); + SortedSet<CentralV2RoleFunction> roleFunctionSet = new TreeSet<>(); + for (CentralV2RoleFunction roleFunc : appRoleFunctionList) { + String functionCode = EcompPortalUtils.getFunctionCode(roleFunc.getCode()); + String type = getFunctionCodeType(roleFunc.getCode()); + String action = getFunctionCodeAction(roleFunc.getCode()); + CentralV2RoleFunction cenRoleFunc = new CentralV2RoleFunction(roleFunc.getId(), + functionCode, roleFunc.getName(), null, type, action, null); + roleFunctionSet.add(cenRoleFunc); + } + Long userRoleId = null; + if (globalRole.toLowerCase().startsWith("global_") + || epApp.getId().equals(PortalConstants.PORTAL_APP_ID)) { + userRoleId = userApp.getRole().getId(); + } else { + userRoleId = userApp.getRole().getAppRoleId(); + } + CentralV2Role cenRole = new CentralV2Role(userRoleId, userApp.getRole().getCreated(), + userApp.getRole().getModified(), userApp.getRole().getCreatedId(), + userApp.getRole().getModifiedId(), userApp.getRole().getRowNum(), + userApp.getRole().getName(), userApp.getRole().getActive(), + userApp.getRole().getPriority(), roleFunctionSet, null, null); + cua.setRole(cenRole); + userAppList.getUserApps().add(cua); + } + } + } + user1 = new CentralV2User(null, userInfo.getCreated(), userInfo.getModified(), userInfo.getCreatedId(), + userInfo.getModifiedId(), userInfo.getRowNum(), userInfo.getOrgId(), userInfo.getManagerId(), + userInfo.getFirstName(), userInfo.getMiddleInitial(), userInfo.getLastName(), userInfo.getPhone(), + userInfo.getFax(), userInfo.getCellular(), userInfo.getEmail(), userInfo.getAddressId(), + userInfo.getAlertMethodCd(), userInfo.getHrid(), userInfo.getOrgUserId(), userInfo.getOrgCode(), + userInfo.getAddress1(), userInfo.getAddress2(), userInfo.getCity(), userInfo.getState(), + userInfo.getZipCode(), userInfo.getCountry(), userInfo.getOrgManagerUserId(), + userInfo.getLocationClli(), userInfo.getBusinessCountryCode(), userInfo.getBusinessCountryName(), + userInfo.getBusinessUnit(), userInfo.getBusinessUnitName(), userInfo.getDepartment(), + userInfo.getDepartmentName(), userInfo.getCompanyCode(), userInfo.getCompany(), + userInfo.getZipCodeSuffix(), userInfo.getJobTitle(), userInfo.getCommandChain(), + userInfo.getSiloStatus(), userInfo.getCostCenter(), userInfo.getFinancialLocCode(), + userInfo.getLoginId(), userInfo.getLoginPwd(), userInfo.getLastLoginDate(), userInfo.getActive(), + userInfo.getInternal(), userInfo.getSelectedProfileId(), userInfo.getTimeZoneId(), + userInfo.isOnline(), userInfo.getChatId(), userAppList.getUserApps(), null); + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, "createEPUser: createEPUser failed", e); + throw e; + } + return user1; + } + + @Override + public CentralV2Role getRoleInfo(Long roleId, String uebkey) throws Exception { + final Map<String, Long> params = new HashMap<>(); + List<CentralV2Role> roleList = new ArrayList<>(); + CentralV2Role cenRole = new CentralV2Role(); + List<EPRole> roleInfo = null; + List<EPApp> app = null; + try { + app = getApp(uebkey); + if (app.isEmpty()) { + throw new InactiveApplicationException("Application not found"); + } + if (app.get(0).getId() != PortalConstants.PORTAL_APP_ID) { + List<EPRole> globalRoleList = new ArrayList<>(); + globalRoleList = getGlobalRolesOfPortal(); + if (globalRoleList.size() > 0) { + EPRole result = globalRoleList.stream().filter(x -> roleId.equals(x.getId())).findAny() + .orElse(null); + if (result != null) + return getGlobalRoleForRequestedApp(app.get(0).getId(), roleId); + } + } + if (app.get(0).getId().equals(PortalConstants.PORTAL_APP_ID)) { + roleInfo = getPortalAppRoleInfo(roleId); + } else { + roleInfo = getPartnerAppRoleInfo(roleId, app.get(0)); + } + roleList = createCentralRoleObject(app, roleInfo, roleList, params); + if (roleList.isEmpty()) { + return cenRole; + } + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, "getRoleInfo: failed", e); + throw e; + } + return roleList.get(0); + } + + @SuppressWarnings("unchecked") + private List<EPRole> getPartnerAppRoleInfo(Long roleId, EPApp app) { + List<EPRole> roleInfo; + final Map<String, Long> getPartnerAppRoleParams = new HashMap<>(); + getPartnerAppRoleParams.put("appRoleId", roleId); + getPartnerAppRoleParams.put("appId", app.getId()); + roleInfo = dataAccessService.executeNamedQuery("getPartnerAppRoleByRoleId", getPartnerAppRoleParams, null); + if (roleInfo.isEmpty()) { + getPartnerAppRoleParams.put("appRoleId", roleId); + roleInfo = dataAccessService.executeNamedQuery("getPartnerAppRoleById", getPartnerAppRoleParams, null); + } + return roleInfo; + } + + @SuppressWarnings("unchecked") + private List<EPRole> getPortalAppRoleInfo(Long roleId) { + List<EPRole> roleInfo; + final Map<String, Long> getPortalAppRoleParams = new HashMap<>(); + getPortalAppRoleParams.put("roleId", roleId); + roleInfo = dataAccessService.executeNamedQuery("getPortalAppRoleByRoleId", getPortalAppRoleParams, null); + return roleInfo; + } + + /** + * + * It returns list of app roles along with role functions and which went through + * deep copy + * + * @param app + * @param roleInfo + * @param roleList + * @param params + * @return + * @throws DecoderException + */ + @SuppressWarnings("unchecked") + @Override + public List<CentralV2Role> createCentralRoleObject(List<EPApp> app, List<EPRole> roleInfo, + List<CentralV2Role> roleList, Map<String, Long> params) throws RoleFunctionException { + for (EPRole role : roleInfo) { + params.put("roleId", role.getId()); + params.put(APP_ID, app.get(0).getId()); + List<CentralV2RoleFunction> cenRoleFuncList = dataAccessService.executeNamedQuery("getAppRoleFunctionList", + params, null); + SortedSet<CentralV2RoleFunction> roleFunctionSet = new TreeSet<>(); + for (CentralV2RoleFunction roleFunc : cenRoleFuncList) { + String functionCode = EcompPortalUtils.getFunctionCode(roleFunc.getCode()); + functionCode = EPUserUtils.decodeFunctionCode(functionCode); + String type = getFunctionCodeType(roleFunc.getCode()); + String action = getFunctionCodeAction(roleFunc.getCode()); + CentralV2RoleFunction cenRoleFunc = new CentralV2RoleFunction(role.getId(), functionCode, + roleFunc.getName(), null, type, action, null); + roleFunctionSet.add(cenRoleFunc); + } + SortedSet<CentralV2Role> childRoles = new TreeSet<>(); + SortedSet<CentralV2Role> parentRoles = new TreeSet<>(); + CentralV2Role cenRole = null; + if (role.getAppRoleId() == null) { + cenRole = new CentralV2Role(role.getId(), role.getCreated(), role.getModified(), role.getCreatedId(), + role.getModifiedId(), role.getRowNum(), role.getName(), role.getActive(), role.getPriority(), + roleFunctionSet, childRoles, parentRoles); + } else { + cenRole = new CentralV2Role(role.getAppRoleId(), role.getCreated(), role.getModified(), + role.getCreatedId(), role.getModifiedId(), role.getRowNum(), role.getName(), role.getActive(), + role.getPriority(), roleFunctionSet, childRoles, parentRoles); + } + roleList.add(cenRole); + } + return roleList; + } + + @SuppressWarnings("unchecked") + @Override + public CentralV2RoleFunction getRoleFunction(String functionCode, String uebkey) throws Exception { + String code = EcompPortalUtils.getFunctionCode(functionCode); + String encodedCode = EcompPortalUtils.encodeFunctionCode(code); + CentralV2RoleFunction roleFunc = null; + EPApp app = getApp(uebkey).get(0); + List<CentralV2RoleFunction> getRoleFuncList = null; + final Map<String, String> params = new HashMap<>(); + try { + params.put(FUNCTION_CODE_PARAMS, functionCode); + params.put(APP_ID, String.valueOf(app.getId())); + getRoleFuncList = dataAccessService.executeNamedQuery(GET_ROLE_FUNCTION_QUERY, params, null); + if (getRoleFuncList.isEmpty()) { + params.put(FUNCTION_CODE_PARAMS, encodedCode); + getRoleFuncList = dataAccessService.executeNamedQuery(GET_ROLE_FUNCTION_QUERY, params, null); + if (getRoleFuncList.isEmpty()) { + return roleFunc; + } + } + if (getRoleFuncList.size() > 1) { + CentralV2RoleFunction cenV2RoleFunction = appFunctionListFilter(encodedCode, getRoleFuncList); + if (cenV2RoleFunction == null) + return roleFunc; + roleFunc = checkIfPipesExitsInFunctionCode(cenV2RoleFunction); + } else { + // Check even if single record have pipes + if (!getRoleFuncList.isEmpty() && getRoleFuncList.get(0).getCode().contains(FUNCTION_PIPE)) { + roleFunc = checkIfPipesExitsInFunctionCode(getRoleFuncList.get(0)); + } else { + roleFunc = getRoleFuncList.get(0); + } + } + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, "getRoleFunction: failed", e); + throw e; + } + return roleFunc; + } + + private CentralV2RoleFunction checkIfPipesExitsInFunctionCode(CentralV2RoleFunction getRoleFuncList) { + CentralV2RoleFunction roleFunc; + String functionCodeFormat = getRoleFuncList.getCode(); + if (functionCodeFormat.contains(FUNCTION_PIPE)) { + String newfunctionCodeFormat = EcompPortalUtils.getFunctionCode(functionCodeFormat); + String newfunctionTypeFormat = EcompPortalUtils.getFunctionType(functionCodeFormat); + String newfunctionActionFormat = EcompPortalUtils.getFunctionAction(functionCodeFormat); + roleFunc = new CentralV2RoleFunction(getRoleFuncList.getId(), newfunctionCodeFormat, + getRoleFuncList.getName(), getRoleFuncList.getAppId(), newfunctionTypeFormat, + newfunctionActionFormat, getRoleFuncList.getEditUrl()); + } else { + roleFunc = new CentralV2RoleFunction(getRoleFuncList.getId(), functionCodeFormat, getRoleFuncList.getName(), + getRoleFuncList.getAppId(), getRoleFuncList.getEditUrl()); + } + return roleFunc; + } + + @Override + public boolean saveCentralRoleFunction(CentralV2RoleFunction domainCentralRoleFunction, EPApp app) + throws Exception { + boolean saveOrUpdateFunction = false; + try { + if(EcompPortalUtils.checkFunctionCodeHasEncodePattern(domainCentralRoleFunction.getCode())) + domainCentralRoleFunction.setCode(EcompPortalUtils.encodeFunctionCode(domainCentralRoleFunction.getCode())); + final Map<String, String> functionParams = new HashMap<>(); + functionParams.put("appId", String.valueOf(app.getId())); + if (EcompPortalUtils.checkIfRemoteCentralAccessAllowed()) { + addRoleFunctionInExternalSystem(domainCentralRoleFunction, app); + } + if (domainCentralRoleFunction.getType() != null && domainCentralRoleFunction.getAction() != null) { + domainCentralRoleFunction.setCode(domainCentralRoleFunction.getType() + FUNCTION_PIPE + + domainCentralRoleFunction.getCode() + FUNCTION_PIPE + domainCentralRoleFunction.getAction()); + } + domainCentralRoleFunction.setAppId(app.getId()); + dataAccessService.saveDomainObject(domainCentralRoleFunction, null); + saveOrUpdateFunction = true; + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, "saveCentralRoleFunction: failed", e); + throw e; + } + return saveOrUpdateFunction; + } + + /** + * It creates application permission in external auth system + * + * @param domainCentralRoleFunction + * @param app + * @throws Exception + */ + private void addRoleFunctionInExternalSystem(CentralV2RoleFunction domainCentralRoleFunction, EPApp app) + throws Exception { + ObjectMapper mapper = new ObjectMapper(); + ExternalAccessPerms extPerms = new ExternalAccessPerms(); + HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth(); + String type = ""; + String instance = ""; + String action = ""; + if ((domainCentralRoleFunction.getType() != null && domainCentralRoleFunction.getAction() != null) + || domainCentralRoleFunction.getCode().contains(FUNCTION_PIPE)) { + type = domainCentralRoleFunction.getCode().contains(FUNCTION_PIPE) + ? EcompPortalUtils.getFunctionType(domainCentralRoleFunction.getCode()) + : domainCentralRoleFunction.getType(); + instance = domainCentralRoleFunction.getCode().contains(FUNCTION_PIPE) + ? EcompPortalUtils.getFunctionCode(domainCentralRoleFunction.getCode()) + : domainCentralRoleFunction.getCode(); + action = domainCentralRoleFunction.getCode().contains(FUNCTION_PIPE) + ? EcompPortalUtils.getFunctionAction(domainCentralRoleFunction.getCode()) + : domainCentralRoleFunction.getAction(); + } else { + type = domainCentralRoleFunction.getCode().contains("menu") ? "menu" : "url"; + instance = domainCentralRoleFunction.getCode(); + action = "*"; + } + // get Permissions from External Auth System + JSONArray extPermsList = getExtAuthPermissions(app); + List<ExternalAccessPermsDetail> permsDetailList = getExtAuthPerrmissonList(app, extPermsList); + String requestedPerm = type + FUNCTION_PIPE + instance + FUNCTION_PIPE + action; + boolean checkIfFunctionsExits = permsDetailList.stream() + .anyMatch(permsDetail -> permsDetail.getInstance().equals(requestedPerm)); + if (!checkIfFunctionsExits) { + try { + extPerms.setAction(action); + extPerms.setInstance(instance); + extPerms.setType(app.getNameSpace() + "." + type); + extPerms.setDescription(domainCentralRoleFunction.getName()); + String addFunction = mapper.writeValueAsString(extPerms); + HttpEntity<String> entity = new HttpEntity<>(addFunction, headers); + logger.debug(EELFLoggerDelegate.debugLogger, "addRoleFunctionInExternalSystem: {} for POST: {}", + CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE, addFunction); + ResponseEntity<String> addPermResponse = template.exchange( + SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "perm", + HttpMethod.POST, entity, String.class); + logger.debug(EELFLoggerDelegate.debugLogger, + "addRoleFunctionInExternalSystem: Finished adding permission for POST: {} and status code: {} ", + addPermResponse.getStatusCode().value(), addFunction); + } catch (HttpClientErrorException e) { + logger.error(EELFLoggerDelegate.errorLogger, + "HttpClientErrorException - Failed to add function in external central auth system", e); + EPLogUtil.logExternalAuthAccessAlarm(logger, e.getStatusCode()); + throw e; + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, + "addRoleFunctionInExternalSystem: Failed to add fucntion in external central auth system", e); + throw e; + } + } else { + try { + extPerms.setAction(action); + extPerms.setInstance(instance); + extPerms.setType(app.getNameSpace() + "." + type); + extPerms.setDescription(domainCentralRoleFunction.getName()); + String updateRoleFunction = mapper.writeValueAsString(extPerms); + HttpEntity<String> entity = new HttpEntity<>(updateRoleFunction, headers); + logger.debug(EELFLoggerDelegate.debugLogger, "addRoleFunctionInExternalSystem: {} for PUT: {}", + CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE, updateRoleFunction); + ResponseEntity<String> updatePermResponse = template.exchange( + SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "perm", + HttpMethod.PUT, entity, String.class); + logger.debug(EELFLoggerDelegate.debugLogger, + "addRoleFunctionInExternalSystem: Finished updating permission in External Auth system {} and response: {} ", + updateRoleFunction, updatePermResponse.getStatusCode().value()); + } catch (HttpClientErrorException e) { + logger.error(EELFLoggerDelegate.errorLogger, + "HttpClientErrorException - Failed to add function in external central auth system", e); + EPLogUtil.logExternalAuthAccessAlarm(logger, e.getStatusCode()); + throw e; + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, + "addRoleFunctionInExternalSystem: Failed to update function in external central auth system", + e); + throw e; + } + } + } + + @SuppressWarnings("unchecked") + @Override + @Transactional(rollbackFor = Exception.class) + public boolean deleteCentralRoleFunction(String code, EPApp app) { + boolean deleteFunctionResponse = false; + try { + final Map<String, String> params = new HashMap<>(); + params.put(FUNCTION_CODE_PARAMS, code); + params.put(APP_ID, String.valueOf(app.getId())); + List<CentralV2RoleFunction> domainCentralRoleFunction = dataAccessService + .executeNamedQuery(GET_ROLE_FUNCTION_QUERY, params, null); + CentralV2RoleFunction appFunctionCode = appFunctionListFilter(code, domainCentralRoleFunction); + if (EcompPortalUtils.checkIfRemoteCentralAccessAllowed()) { + deleteRoleFunctionInExternalSystem(appFunctionCode, app); + // Delete role function dependency records + deleteAppRoleFunctions(appFunctionCode.getCode(), app); + } + dataAccessService.deleteDomainObject(appFunctionCode, null); + deleteFunctionResponse = true; + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, "deleteCentralRoleFunction: failed", e); + } + return deleteFunctionResponse; + } + + /** + * It deletes app function record in portal + * + * @param code + * @param app + */ + private void deleteAppRoleFunctions(String code, EPApp app) { + dataAccessService.deleteDomainObjects(EPAppRoleFunction.class, + APP_ID_EQUALS + app.getId() + AND_FUNCTION_CD_EQUALS + code + "'", null); + } + + /** + * + * It deletes permission in the external auth system + * + * @param domainCentralRoleFunction + * @param app + * @throws Exception + */ + private void deleteRoleFunctionInExternalSystem(CentralV2RoleFunction domainCentralRoleFunction, EPApp app) + throws Exception { + try { + ObjectMapper mapper = new ObjectMapper(); + ExternalAccessPerms extPerms = new ExternalAccessPerms(); + String instanceValue = EcompPortalUtils.getFunctionCode(domainCentralRoleFunction.getCode()); + String checkType = getFunctionCodeType(domainCentralRoleFunction.getCode()); + String actionValue = getFunctionCodeAction(domainCentralRoleFunction.getCode()); + HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth(); + extPerms.setAction(actionValue); + extPerms.setInstance(instanceValue); + extPerms.setType(app.getNameSpace() + "." + checkType); + extPerms.setDescription(domainCentralRoleFunction.getName()); + String deleteRoleFunction = mapper.writeValueAsString(extPerms); + HttpEntity<String> entity = new HttpEntity<>(deleteRoleFunction, headers); + logger.debug(EELFLoggerDelegate.debugLogger, "deleteRoleFunctionInExternalSystem: {} for DELETE: {} ", + CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE, deleteRoleFunction); + ResponseEntity<String> delPermResponse = template + .exchange(SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + + "perm?force=true", HttpMethod.DELETE, entity, String.class); + logger.debug(EELFLoggerDelegate.debugLogger, + "deleteRoleFunctionInExternalSystem: Finished deleting permission in External Auth system {} and status code: {} ", + deleteRoleFunction, delPermResponse.getStatusCode().value()); + } catch (HttpClientErrorException e) { + logger.error(EELFLoggerDelegate.errorLogger, + "HttpClientErrorException - Failed to delete functions in External System", e); + EPLogUtil.logExternalAuthAccessAlarm(logger, e.getStatusCode()); + } catch (Exception e) { + if (e.getMessage().equalsIgnoreCase("404 Not Found")) { + logger.debug(EELFLoggerDelegate.debugLogger, + " deleteRoleFunctionInExternalSystem: It seems like function is already deleted in external central auth system but exists in local DB", + e.getMessage()); + } else { + logger.error(EELFLoggerDelegate.errorLogger, + "deleteRoleFunctionInExternalSystem: Failed to delete functions in External System", e); + } + } + } + + @Override + public ExternalRequestFieldsValidator saveRoleForApplication(Role saveRole, String uebkey) throws Exception { + boolean response = false; + String message = ""; + try { + EPApp app = getApp(uebkey).get(0); + addRoleInEcompDB(saveRole, app); + response = true; + } catch (Exception e) { + message = e.getMessage(); + logger.error(EELFLoggerDelegate.errorLogger, "saveRoleForApplication failed", e); + } + return new ExternalRequestFieldsValidator(response, message); + } + + @SuppressWarnings("unchecked") + @Override + public boolean deleteRoleForApplication(String deleteRole, String uebkey) throws Exception { + Session localSession = sessionFactory.openSession(); + Transaction transaction = null; + boolean result = false; + try { + List<EPRole> epRoleList = null; + EPApp app = getApp(uebkey).get(0); + final Map<String, String> deleteRoleParams = new HashMap<>(); + deleteRoleParams.put(APP_ROLE_NAME_PARAM, deleteRole); + if (app.getId().equals(PortalConstants.PORTAL_APP_ID)) { + epRoleList = dataAccessService.executeNamedQuery(GET_PORTAL_APP_ROLES_QUERY, deleteRoleParams, null); + } else { + deleteRoleParams.put(APP_ID, String.valueOf(app.getId())); + epRoleList = dataAccessService.executeNamedQuery(GET_ROLE_TO_UPDATE_IN_EXTERNAL_AUTH_SYSTEM, + deleteRoleParams, null); + } + if (!epRoleList.isEmpty()) { + transaction = localSession.beginTransaction(); + // Delete app role functions before deleting role + deleteRoleFunction(app, epRoleList); + if (app.getId() == 1) { + // Delete fn_user_ role + dataAccessService.deleteDomainObjects(EPUserApp.class, + APP_ID_EQUALS + app.getId() + " and role_id = " + epRoleList.get(0).getId(), null); + boolean isPortalRequest = false; + deleteRoleDependencyRecords(localSession, epRoleList.get(0).getId(), app.getId(), isPortalRequest); + } + deleteRoleInExternalAuthSystem(epRoleList, app); + transaction.commit(); + logger.debug(EELFLoggerDelegate.debugLogger, "deleteRoleForApplication: committed the transaction"); + dataAccessService.deleteDomainObject(epRoleList.get(0), null); + } + result = true; + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, "deleteRoleForApplication: failed", e); + result = false; + } finally { + localSession.close(); + } + return result; + } + + /** + * + * It deletes role for application in external auth system + * + * @param epRoleList contains role information + * @param app contains application information + * @throws Exception + */ + private void deleteRoleInExternalAuthSystem(List<EPRole> epRoleList, EPApp app) throws Exception { + ResponseEntity<String> deleteResponse; + ResponseEntity<String> res = getNameSpaceIfExists(app); + if (res.getStatusCode() == HttpStatus.OK) { + // Delete Role in External System + String deleteRoleKey = "{\"name\":\"" + app.getNameSpace() + "." + epRoleList.get(0).getName() + .replaceAll(EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_") + "\"}"; + deleteResponse = deleteRoleInExternalSystem(deleteRoleKey); + if (deleteResponse.getStatusCode().value() != 200 && deleteResponse.getStatusCode().value() != 404) { + EPLogUtil.logExternalAuthAccessAlarm(logger, deleteResponse.getStatusCode()); + logger.error(EELFLoggerDelegate.errorLogger, + "deleteRoleForApplication: Failed to delete role in external auth system! due to {} ", + deleteResponse.getBody()); + } + logger.debug(EELFLoggerDelegate.debugLogger, "deleteRoleForApplication: about to commit the transaction"); + } + } + + /** + * + * It deletes application user role in external auth system + * + * @param role + * @param app + * @param LoginId + * @throws Exception + */ + private void deleteUserRoleInExternalSystem(EPRole role, EPApp app, String LoginId) throws Exception { + HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth(); + HttpEntity<String> entity = new HttpEntity<>(headers); + getNameSpaceIfExists(app); + logger.debug(EELFLoggerDelegate.debugLogger, "deleteUserRoleInExternalSystem: {} ", + CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE); + ResponseEntity<String> getResponse = template.exchange( + SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "userRole/" + + LoginId + + SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_USER_DOMAIN) + + "/" + app.getNameSpace() + "." + + role.getName() + .replaceAll(EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_"), + HttpMethod.GET, entity, String.class); + logger.debug(EELFLoggerDelegate.debugLogger, + "deleteUserRoleInExternalSystem: Finished GET user roles from External Auth system and response: {} ", + getResponse.getBody()); + if (getResponse.getStatusCode().value() != 200) { + throw new ExternalAuthSystemException(getResponse.getBody()); + } + String res = getResponse.getBody(); + if (!res.equals(IS_EMPTY_JSON_STRING)) { + HttpEntity<String> userRoleentity = new HttpEntity<>(headers); + logger.debug(EELFLoggerDelegate.debugLogger, "deleteUserRoleInExternalSystem: {} ", + CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE); + ResponseEntity<String> deleteResponse = template.exchange( + SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "userRole/" + + LoginId + + SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_USER_DOMAIN) + + "/" + app.getNameSpace() + "." + + role.getName().replaceAll( + EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_"), + HttpMethod.DELETE, userRoleentity, String.class); + if (deleteResponse.getStatusCode().value() != 200) { + throw new ExternalAuthSystemException("Failed to delete user role"); + } + logger.debug(EELFLoggerDelegate.debugLogger, + "deleteUserRoleInExternalSystem: Finished deleting user role in External Auth system and status code: {} ", + deleteResponse.getStatusCode().value()); + } + } + + @SuppressWarnings("unchecked") + @Override + public List<CentralV2Role> getActiveRoles(String uebkey) throws Exception { + List<CentralV2Role> roleList = new ArrayList<>(); + try { + List<EPApp> app = getApp(uebkey); + final Map<String, Long> params = new HashMap<>(); + // check if portal + Long appId = null; + if (!app.get(0).getId().equals(PortalConstants.PORTAL_APP_ID)) { + appId = app.get(0).getId(); + } + List<Criterion> restrictionsList = new ArrayList<Criterion>(); + Criterion active_ynCrt = Restrictions.eq("active", Boolean.TRUE); + Criterion appIdCrt; + if (appId == null) + appIdCrt = Restrictions.isNull("appId"); + else + appIdCrt = Restrictions.eq("appId", appId); + Criterion andCrit = Restrictions.and(active_ynCrt, appIdCrt); + restrictionsList.add(andCrit); + List<EPRole> epRole = (List<EPRole>) dataAccessService.getList(EPRole.class, null, restrictionsList, null); + roleList = createCentralRoleObject(app, epRole, roleList, params); + List<CentralV2Role> globalRoleList = getGlobalRolesOfApplication(app.get(0).getId()); + if (globalRoleList.size() > 0) + roleList.addAll(globalRoleList); + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, "getActiveRoles: failed", e); + throw e; + } + return roleList; + } + + @Override + @Transactional(rollbackFor = Exception.class) + public ExternalRequestFieldsValidator deleteDependencyRoleRecord(Long roleId, String uebkey, String LoginId) + throws Exception { + Session localSession = sessionFactory.openSession(); + String message = ""; + Transaction transaction = null; + boolean response = false; + EPApp app = null; + try { + transaction = localSession.beginTransaction(); + List<EPRole> epRoleList = null; + app = getApp(uebkey).get(0); + if (app.getId().equals(PortalConstants.PORTAL_APP_ID)) { + epRoleList = getPortalAppRoleInfo(roleId); + } else { + epRoleList = getPartnerAppRoleInfo(roleId, app); + } + if (EcompPortalUtils.checkIfRemoteCentralAccessAllowed()) { + // Delete User Role in External System before deleting role + deleteUserRoleInExternalSystem(epRoleList.get(0), app, LoginId); + } + // Delete user app roles + dataAccessService.deleteDomainObjects(EPUserApp.class, + APP_ID_EQUALS + app.getId() + " and role_id = " + epRoleList.get(0).getId(), null); + boolean isPortalRequest = false; + deleteRoleDependencyRecords(localSession, epRoleList.get(0).getId(), app.getId(), isPortalRequest); + transaction.commit(); + if (EcompPortalUtils.checkIfRemoteCentralAccessAllowed()) { + // Final call to delete role once all dependencies has been + // deleted + deleteRoleInExternalAuthSystem(epRoleList, app); + } + dataAccessService.deleteDomainObjects(EPRole.class, " role_id = " + epRoleList.get(0).getId(), null); + logger.debug(EELFLoggerDelegate.debugLogger, "deleteDependencyRoleRecord: committed the transaction"); + response = true; + } catch (HttpClientErrorException e) { + logger.error(EELFLoggerDelegate.errorLogger, "deleteDependencyRoleRecord: HttpClientErrorException", e); + EPLogUtil.logExternalAuthAccessAlarm(logger, e.getStatusCode()); + message = e.getMessage(); + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, "deleteDependencyRoleRecord failed", e); + EcompPortalUtils.rollbackTransaction(transaction, + "deleteDependencyRoleRecord rollback, exception = " + e.toString()); + message = e.getMessage(); + } finally { + localSession.close(); + } + return new ExternalRequestFieldsValidator(response, message); + } + + @Override + @SuppressWarnings("unchecked") + @Transactional + public void syncRoleFunctionFromExternalAccessSystem(EPApp app) { + try { + // get Permissions from External Auth System + JSONArray extPerms = getExtAuthPermissions(app); + List<ExternalAccessPermsDetail> permsDetailList = getExtAuthPerrmissonList(app, extPerms); + // get functions in DB + final Map<String, Long> params = new HashMap<>(); + final Map<String, CentralV2RoleFunction> roleFuncMap = new HashMap<>(); + params.put(APP_ID, app.getId()); + List<CentralV2RoleFunction> appFunctions = dataAccessService.executeNamedQuery("getAllRoleFunctions", + params, null); + if (!appFunctions.isEmpty()) { + for (CentralV2RoleFunction roleFunc : appFunctions) { + roleFuncMap.put(roleFunc.getCode(), roleFunc); + } + } + // get Roles for portal in DB + List<EPRole> portalRoleList = getGlobalRolesOfPortal(); + final Map<String, EPRole> existingPortalRolesMap = new HashMap<>(); + for (EPRole epRole : portalRoleList) { + existingPortalRolesMap.put(epRole.getName().replaceAll( + EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_"), epRole); + } + // get Roles in DB + final Map<String, EPRole> currentRolesInDB = getAppRoleNamesWithUnderscoreMap(app); + // store External Permissions with Pipe and without Pipe (just + // instance) + final Map<String, ExternalAccessPermsDetail> extAccessPermsContainsPipeMap = new HashMap<>(); + final Map<String, ExternalAccessPermsDetail> extAccessPermsMap = new HashMap<>(); + for (ExternalAccessPermsDetail permsDetailInfoWithPipe : permsDetailList) { + extAccessPermsContainsPipeMap.put(permsDetailInfoWithPipe.getInstance(), permsDetailInfoWithPipe); + String finalFunctionCodeVal = EcompPortalUtils.getFunctionCode(permsDetailInfoWithPipe.getInstance()); + extAccessPermsMap.put(finalFunctionCodeVal, permsDetailInfoWithPipe); + } + // Add if new functions and app role functions were added in + // external auth system + for (ExternalAccessPermsDetail permsDetail : permsDetailList) { + String code = permsDetail.getInstance(); + CentralV2RoleFunction getFunctionCodeKey = roleFuncMap.get(permsDetail.getInstance()); + List<CentralV2RoleFunction> roleFunctionList = addGetLocalFunction(app, roleFuncMap, permsDetail, code, + getFunctionCodeKey); + List<String> roles = permsDetail.getRoles(); + if (roles != null) { + // Check if function has any roles and which does not exist + // in External Auth System. If exists delete in local + addRemoveIfFunctionsRolesIsSyncWithExternalAuth(app, currentRolesInDB, roleFunctionList, roles, + existingPortalRolesMap); + } + } + // Check if function does exits in External Auth System but exits in + // local then delete function and its dependencies + for (CentralV2RoleFunction roleFunc : appFunctions) { + try { + ExternalAccessPermsDetail getFunctionCodeContainsPipeKey = extAccessPermsContainsPipeMap + .get(roleFunc.getCode()); + if (null == getFunctionCodeContainsPipeKey) { + ExternalAccessPermsDetail getFunctionCodeKey = extAccessPermsMap.get(roleFunc.getCode()); + if (null == getFunctionCodeKey) { + deleteAppRoleFuncDoesNotExitsInExtSystem(app, roleFunc); + } + } + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, + "syncRoleFunctionFromExternalAccessSystem: Failed to delete function", e); + } + } + logger.debug(EELFLoggerDelegate.debugLogger, + "syncRoleFunctionFromExternalAccessSystem: Finished syncRoleFunctionFromExternalAccessSystem"); + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, + "syncRoleFunctionFromExternalAccessSystem: Failed syncRoleFunctionFromExternalAccessSystem", e); + } + } + + @SuppressWarnings("unchecked") + private void addRemoveIfFunctionsRolesIsSyncWithExternalAuth(EPApp app, final Map<String, EPRole> currentRolesInDB, + List<CentralV2RoleFunction> roleFunctionList, List<String> roles, + Map<String, EPRole> existingPortalRolesMap) throws Exception { + if (!roleFunctionList.isEmpty()) { + final Map<String, String> appRoleFuncParams = new HashMap<>(); + final Map<String, LocalRole> currentAppRoleFunctionsMap = new HashMap<>(); + final Map<String, String> currentRolesInExtSystem = new HashMap<>(); + appRoleFuncParams.put("functionCd", roleFunctionList.get(0).getCode()); + appRoleFuncParams.put("appId", String.valueOf(app.getId())); + List<LocalRole> localRoleList = dataAccessService.executeNamedQuery("getCurrentAppRoleFunctions", + appRoleFuncParams, null); + for (LocalRole localRole : localRoleList) { + currentAppRoleFunctionsMap.put(localRole.getRolename().replaceAll( + EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_"), localRole); + } + for (String addRole : roles) { + currentRolesInExtSystem.put(addRole.substring(addRole.indexOf(FUNCTION_PIPE) + 1), addRole); + } + for (String extAuthrole : roles) { + String roleNameSpace = extAuthrole.substring(0, extAuthrole.indexOf(FUNCTION_PIPE)); + boolean isNameSpaceMatching = EcompPortalUtils.checkNameSpaceMatching(roleNameSpace, + app.getNameSpace()); + if (isNameSpaceMatching) { + if (!currentAppRoleFunctionsMap + .containsKey(extAuthrole.substring(app.getNameSpace().length() + 1))) { + EPRole localAddFuntionRole = currentRolesInDB + .get(extAuthrole.substring(app.getNameSpace().length() + 1)); + if (localAddFuntionRole == null) { + checkAndAddRoleInDB(app, currentRolesInDB, roleFunctionList, extAuthrole); + } else { + EPAppRoleFunction addAppRoleFunc = new EPAppRoleFunction(); + addAppRoleFunc.setAppId(app.getId()); + addAppRoleFunc.setCode(roleFunctionList.get(0).getCode()); + addAppRoleFunc.setRoleId(localAddFuntionRole.getId()); + dataAccessService.saveDomainObject(addAppRoleFunc, null); + } + } + // This block is to save global role function if exists + } else { + String extAuthAppRoleName = extAuthrole.substring(extAuthrole.indexOf(FUNCTION_PIPE) + 1); + boolean checkIfGlobalRoleExists = existingPortalRolesMap.containsKey(extAuthAppRoleName); + if (checkIfGlobalRoleExists) { + final Map<String, Long> params = new HashMap<>(); + EPRole role = existingPortalRolesMap.get(extAuthAppRoleName); + EPAppRoleFunction addGlobalRoleFunctions = new EPAppRoleFunction(); + params.put("appId", app.getId()); + params.put("roleId", role.getId()); + List<EPAppRoleFunction> currentGlobalRoleFunctionsList = dataAccessService + .executeNamedQuery("getAppRoleFunctionOnRoleIdandAppId", params, null); + boolean checkIfRoleFunctionExists = currentGlobalRoleFunctionsList.stream() + .anyMatch(currentGlobalRoleFunction -> currentGlobalRoleFunction.getCode() + .equals(roleFunctionList.get(0).getCode())); + if (role != null && !checkIfRoleFunctionExists) { + addGlobalRoleFunctions.setAppId(app.getId()); + addGlobalRoleFunctions.setRoleId(role.getId()); + if (!app.getId().equals(role.getAppRoleId())) { + addGlobalRoleFunctions.setRoleAppId((PortalConstants.PORTAL_APP_ID).toString()); + } else { + addGlobalRoleFunctions.setRoleAppId(null); + } + addGlobalRoleFunctions.setCode(roleFunctionList.get(0).getCode()); + dataAccessService.saveDomainObject(addGlobalRoleFunctions, null); + } + } + } + } + for (LocalRole localRoleDelete : localRoleList) { + if (!currentRolesInExtSystem.containsKey(localRoleDelete.getRolename() + .replaceAll(EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_"))) { + dataAccessService.deleteDomainObjects(EPAppRoleFunction.class, + APP_ID_EQUALS + app.getId() + AND_FUNCTION_CD_EQUALS + roleFunctionList.get(0).getCode() + + "'" + " and role_id = " + localRoleDelete.getRoleId().longValue(), + null); + } + } + } + } + + private void deleteAppRoleFuncDoesNotExitsInExtSystem(EPApp app, CentralV2RoleFunction roleFunc) { + logger.debug(EELFLoggerDelegate.debugLogger, + "syncRoleFunctionFromExternalAccessSystem: Deleting app role function {}", roleFunc.getCode()); + dataAccessService.deleteDomainObjects(EPAppRoleFunction.class, + APP_ID_EQUALS + app.getId() + AND_FUNCTION_CD_EQUALS + roleFunc.getCode() + "'", null); + logger.debug(EELFLoggerDelegate.debugLogger, + "syncRoleFunctionFromExternalAccessSystem: Deleted app role function {}", roleFunc.getCode()); + logger.debug(EELFLoggerDelegate.debugLogger, + "syncRoleFunctionFromExternalAccessSystem: Deleting app function {}", roleFunc.getCode()); + dataAccessService.deleteDomainObjects(CentralV2RoleFunction.class, + APP_ID_EQUALS + app.getId() + AND_FUNCTION_CD_EQUALS + roleFunc.getCode() + "'", null); + logger.debug(EELFLoggerDelegate.debugLogger, + "syncRoleFunctionFromExternalAccessSystem: Deleted app function {}", roleFunc.getCode()); + } + + private void checkAndAddRoleInDB(EPApp app, final Map<String, EPRole> currentRolesInDB, + List<CentralV2RoleFunction> roleFunctionList, String roleList) throws Exception { + if (!currentRolesInDB.containsKey(roleList.substring(app.getNameSpace().length() + 1))) { + Role role = addRoleInDBIfDoesNotExists(app, roleList.substring(app.getNameSpace().length() + 1)); + addRoleDescriptionInExtSystem(role, app); + if (!roleFunctionList.isEmpty()) { + try { + if (!roleFunctionList.isEmpty()) { + EPAppRoleFunction addAppRoleFunc = new EPAppRoleFunction(); + addAppRoleFunc.setAppId(app.getId()); + addAppRoleFunc.setCode(roleFunctionList.get(0).getCode()); + addAppRoleFunc.setRoleId(role.getId()); + dataAccessService.saveDomainObject(addAppRoleFunc, null); + } + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, + "syncRoleFunctionFromExternalAccessSystem: Failed to save app role function ", e); + } + } + } + } + + @SuppressWarnings("unchecked") + private List<CentralV2RoleFunction> addGetLocalFunction(EPApp app, + final Map<String, CentralV2RoleFunction> roleFuncMap, ExternalAccessPermsDetail permsDetail, String code, + CentralV2RoleFunction getFunctionCodeKey) { + String finalFunctionCodeVal = addToLocalIfFunctionNotExists(app, roleFuncMap, permsDetail, code, + getFunctionCodeKey); + final Map<String, String> appSyncFuncsParams = new HashMap<>(); + appSyncFuncsParams.put("appId", String.valueOf(app.getId())); + appSyncFuncsParams.put("functionCd", finalFunctionCodeVal); + List<CentralV2RoleFunction> roleFunctionList = null; + roleFunctionList = dataAccessService.executeNamedQuery("getAppFunctionOnCodeAndAppId", appSyncFuncsParams, + null); + if (roleFunctionList.isEmpty()) { + appSyncFuncsParams.put("functionCd", code); + roleFunctionList = dataAccessService.executeNamedQuery("getAppFunctionOnCodeAndAppId", appSyncFuncsParams, + null); + } + return roleFunctionList; + } + + private String addToLocalIfFunctionNotExists(EPApp app, final Map<String, CentralV2RoleFunction> roleFuncMap, + ExternalAccessPermsDetail permsDetail, String code, CentralV2RoleFunction getFunctionCodeKey) { + String finalFunctionCodeVal = ""; + if (null == getFunctionCodeKey) { + finalFunctionCodeVal = EcompPortalUtils.getFunctionCode(permsDetail.getInstance()); + CentralV2RoleFunction checkIfCodeStillExits = roleFuncMap.get(finalFunctionCodeVal); + // If function does not exist in local then add! + if (null == checkIfCodeStillExits) { + logger.debug(EELFLoggerDelegate.debugLogger, + "syncRoleFunctionFromExternalAccessSystem: Adding function: {} ", code); + addFunctionInEcompDB(app, permsDetail, code); + logger.debug(EELFLoggerDelegate.debugLogger, + "syncRoleFunctionFromExternalAccessSystem: Finished adding function: {} ", code); + } + } + return finalFunctionCodeVal; + } + + @SuppressWarnings("unchecked") + @Override + public Map<String, EPRole> getAppRoleNamesWithUnderscoreMap(EPApp app) { + final Map<String, EPRole> currentRolesInDB = new HashMap<>(); + List<EPRole> getCurrentRoleList = null; + final Map<String, Long> appParams = new HashMap<>(); + if (app.getId().equals(PortalConstants.PORTAL_APP_ID)) { + getCurrentRoleList = dataAccessService.executeNamedQuery("getPortalAppRolesList", null, null); + } else { + appParams.put("appId", app.getId()); + getCurrentRoleList = dataAccessService.executeNamedQuery("getPartnerAppRolesList", appParams, null); + } + for (EPRole role : getCurrentRoleList) { + currentRolesInDB.put(role.getName() + .replaceAll(EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_"), role); + } + return currentRolesInDB; + } + + @SuppressWarnings("unchecked") + private Map<String, EPRole> getAppRoleNamesMap(EPApp app) { + final Map<String, EPRole> currentRolesInDB = new HashMap<>(); + List<EPRole> getCurrentRoleList = null; + final Map<String, Long> appParams = new HashMap<>(); + if (app.getId().equals(PortalConstants.PORTAL_APP_ID)) { + getCurrentRoleList = dataAccessService.executeNamedQuery("getPortalAppRolesList", null, null); + } else { + appParams.put("appId", app.getId()); + getCurrentRoleList = dataAccessService.executeNamedQuery("getPartnerAppRolesList", appParams, null); + } + for (EPRole role : getCurrentRoleList) { + currentRolesInDB.put(role.getName(), role); + } + return currentRolesInDB; + } + + private List<ExternalAccessPermsDetail> getExtAuthPerrmissonList(EPApp app, JSONArray extPerms) throws IOException { + ExternalAccessPermsDetail permDetails = null; + List<ExternalAccessPermsDetail> permsDetailList = new ArrayList<>(); + for (int i = 0; i < extPerms.length(); i++) { + String description = null; + if (extPerms.getJSONObject(i).has("description")) { + description = extPerms.getJSONObject(i).getString(EXTERNAL_AUTH_ROLE_DESCRIPTION); + } else { + description = extPerms.getJSONObject(i).getString("type").substring(app.getNameSpace().length() + 1) + "|" + + extPerms.getJSONObject(i).getString("instance") + "|" + + extPerms.getJSONObject(i).getString("action"); + } + if (extPerms.getJSONObject(i).has("roles")) { + ObjectMapper rolesListMapper = new ObjectMapper(); + JSONArray resRoles = extPerms.getJSONObject(i).getJSONArray("roles"); + List<String> list = rolesListMapper.readValue(resRoles.toString(), + TypeFactory.defaultInstance().constructCollectionType(List.class, String.class)); + permDetails = new ExternalAccessPermsDetail(extPerms.getJSONObject(i).getString("type"), + extPerms.getJSONObject(i).getString("type").substring(app.getNameSpace().length() + 1) + + FUNCTION_PIPE + extPerms.getJSONObject(i).getString("instance") + FUNCTION_PIPE + + extPerms.getJSONObject(i).getString("action"), + extPerms.getJSONObject(i).getString("action"), list, description); + permsDetailList.add(permDetails); + } else { + permDetails = new ExternalAccessPermsDetail(extPerms.getJSONObject(i).getString("type"), + extPerms.getJSONObject(i).getString("type").substring(app.getNameSpace().length() + 1) + + FUNCTION_PIPE + extPerms.getJSONObject(i).getString("instance") + FUNCTION_PIPE + + extPerms.getJSONObject(i).getString("action"), + extPerms.getJSONObject(i).getString("action"), description); + permsDetailList.add(permDetails); + } + } + return permsDetailList; + } + + private JSONArray getExtAuthPermissions(EPApp app) throws Exception { + ResponseEntity<String> response = null; + HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth(); + HttpEntity<String> entity = new HttpEntity<>(headers); + logger.debug(EELFLoggerDelegate.debugLogger, "syncRoleFunctionFromExternalAccessSystem: {} ", + CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE); + response = template.exchange(SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + + "perms/ns/" + app.getNameSpace(), HttpMethod.GET, entity, String.class); + String res = response.getBody(); + logger.debug(EELFLoggerDelegate.debugLogger, + "syncRoleFunctionFromExternalAccessSystem: Finished GET permissions from External Auth system and response: {} ", + response.getBody()); + JSONObject jsonObj = new JSONObject(res); + JSONArray extPerms = jsonObj.getJSONArray("perm"); + for (int i = 0; i < extPerms.length(); i++) { + if (extPerms.getJSONObject(i).getString("type").equals(app.getNameSpace() + ".access")) { + extPerms.remove(i); + i--; + } + } + return extPerms; + } + + /** + * + * Add function into local DB + * + * @param app + * @param permsDetail + * @param code + */ + private void addFunctionInEcompDB(EPApp app, ExternalAccessPermsDetail permsDetail, String code) { + try { + CentralV2RoleFunction addFunction = new CentralV2RoleFunction(); + addFunction.setAppId(app.getId()); + addFunction.setCode(code); + addFunction.setName(permsDetail.getDescription()); + dataAccessService.saveDomainObject(addFunction, null); + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, "addFunctionInEcompDB: Failed to add function", e); + } + } + + /** + * + * It updates description of a role in external auth system + * + * @param role + * @param app + * @throws Exception + */ + private boolean addRoleDescriptionInExtSystem(Role role, EPApp app) throws Exception { + boolean status = false; + try { + String addRoleNew = updateExistingRoleInExternalSystem(role, app); + HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth(); + HttpEntity<String> entity = new HttpEntity<>(addRoleNew, headers); + template.exchange( + SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "role", + HttpMethod.PUT, entity, String.class); + status = true; + } catch (HttpClientErrorException e) { + logger.error(EELFLoggerDelegate.errorLogger, + "HttpClientErrorException - Failed to addRoleDescriptionInExtSystem", e); + EPLogUtil.logExternalAuthAccessAlarm(logger, e.getStatusCode()); + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, "addRoleDescriptionInExtSystem: Failed", e); + } + return status; + } + + /** + * + * While sync functions form external auth system if new role found we should + * add in local and return Role.class object + * + * @param app + * @param role + * @return + */ + @SuppressWarnings("unchecked") + private Role addRoleInDBIfDoesNotExists(EPApp app, String role) { + Role setNewRole = new Role(); + try { + // functions can have new role created in External Auth System + // prevent + // duplication here + boolean isCreated = checkIfRoleExitsElseCreateInSyncFunctions(role, app); + final Map<String, String> getRoleByNameParams = new HashMap<>(); + List<EPRole> getRoleCreated = null; + getRoleByNameParams.put(APP_ROLE_NAME_PARAM, role); + if (!app.getId().equals(PortalConstants.PORTAL_APP_ID)) { + getRoleByNameParams.put("appId", String.valueOf(app.getId())); + List<EPRole> roleCreated = dataAccessService + .executeNamedQuery(GET_ROLE_TO_UPDATE_IN_EXTERNAL_AUTH_SYSTEM, getRoleByNameParams, null); + if (!isCreated) { + EPRole epUpdateRole = roleCreated.get(0); + epUpdateRole.setAppRoleId(epUpdateRole.getId()); + dataAccessService.saveDomainObject(epUpdateRole, null); + getRoleCreated = dataAccessService.executeNamedQuery(GET_ROLE_TO_UPDATE_IN_EXTERNAL_AUTH_SYSTEM, + getRoleByNameParams, null); + } else { + getRoleCreated = roleCreated; + } + } else { + getRoleCreated = dataAccessService.executeNamedQuery(GET_PORTAL_APP_ROLES_QUERY, getRoleByNameParams, + null); + } + if (getRoleCreated != null && !getRoleCreated.isEmpty()) { + EPRole roleObject = getRoleCreated.get(0); + setNewRole.setId(roleObject.getId()); + setNewRole.setName(roleObject.getName()); + setNewRole.setActive(roleObject.getActive()); + setNewRole.setPriority(roleObject.getPriority()); + } + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, "addRoleInDBIfDoesNotExists: Failed", e); + } + return setNewRole; + } + + @SuppressWarnings("unchecked") + private boolean checkIfRoleExitsElseCreateInSyncFunctions(String role, EPApp app) { + boolean isCreated = false; + final Map<String, String> roleParams = new HashMap<>(); + roleParams.put(APP_ROLE_NAME_PARAM, role); + List<EPRole> roleCreated = null; + if (app.getId().equals(PortalConstants.PORTAL_APP_ID)) { + roleCreated = dataAccessService.executeNamedQuery(GET_PORTAL_APP_ROLES_QUERY, roleParams, null); + } else { + roleParams.put("appId", String.valueOf(app.getId())); + roleCreated = dataAccessService.executeNamedQuery(GET_ROLE_TO_UPDATE_IN_EXTERNAL_AUTH_SYSTEM, roleParams, + null); + } + if (roleCreated == null || roleCreated.isEmpty()) { + roleParams.put("appId", String.valueOf(app.getId())); + EPRole epRoleNew = new EPRole(); + epRoleNew.setActive(true); + epRoleNew.setName(role); + if (app.getId().equals(PortalConstants.PORTAL_APP_ID)) { + epRoleNew.setAppId(null); + } else { + epRoleNew.setAppId(app.getId()); + } + dataAccessService.saveDomainObject(epRoleNew, null); + isCreated = false; + } else { + isCreated = true; + } + return isCreated; + } + + @Override + @SuppressWarnings("unchecked") + public Integer bulkUploadFunctions(String uebkey) throws Exception { + EPApp app = getApp(uebkey).get(0); + List<RoleFunction> roleFuncList = dataAccessService.executeNamedQuery("getAllFunctions", null, null); + CentralV2RoleFunction cenRoleFunc = null; + Integer functionsAdded = 0; + try { + for (RoleFunction roleFunc : roleFuncList) { + cenRoleFunc = new CentralV2RoleFunction(roleFunc.getCode(), roleFunc.getName()); + addRoleFunctionInExternalSystem(cenRoleFunc, app); + functionsAdded++; + } + } catch (HttpClientErrorException e) { + logger.error(EELFLoggerDelegate.errorLogger, "HttpClientErrorException - bulkUploadFunctions failed", e); + EPLogUtil.logExternalAuthAccessAlarm(logger, e.getStatusCode()); + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, "bulkUploadFunctions: failed", e.getMessage(), e); + } + return functionsAdded; + } + + @Override + public Integer bulkUploadRoles(String uebkey) throws Exception { + List<EPApp> app = getApp(uebkey); + List<EPRole> roles = getAppRoles(app.get(0).getId()); + List<CentralV2Role> cenRoleList = new ArrayList<>(); + final Map<String, Long> params = new HashMap<>(); + Integer rolesListAdded = 0; + try { + cenRoleList = createCentralRoleObject(app, roles, cenRoleList, params); + ObjectMapper mapper = new ObjectMapper(); + mapper.configure(DeserializationFeature.FAIL_ON_IGNORED_PROPERTIES, false); + String roleList = mapper.writeValueAsString(cenRoleList); + List<Role> roleObjectList = mapper.readValue(roleList, + TypeFactory.defaultInstance().constructCollectionType(List.class, Role.class)); + for (Role role : roleObjectList) { + addRoleInExternalSystem(role, app.get(0)); + rolesListAdded++; + } + if (!app.get(0).getId().equals(PortalConstants.PORTAL_APP_ID)) { + // Add Account Admin role in External AUTH System + try { + String addAccountAdminRole = ""; + ExternalAccessRole extRole = new ExternalAccessRole(); + extRole.setName(app.get(0).getNameSpace() + "." + PortalConstants.ADMIN_ROLE + .replaceAll(EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_")); + addAccountAdminRole = mapper.writeValueAsString(extRole); + HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth(); + HttpEntity<String> entity = new HttpEntity<>(addAccountAdminRole, headers); + template.exchange( + SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "role", + HttpMethod.POST, entity, String.class); + rolesListAdded++; + } catch (HttpClientErrorException e) { + logger.error(EELFLoggerDelegate.errorLogger, + "HttpClientErrorException - Failed to create Account Admin role", e); + EPLogUtil.logExternalAuthAccessAlarm(logger, e.getStatusCode()); + } catch (Exception e) { + if (e.getMessage().equalsIgnoreCase("409 Conflict")) { + logger.error(EELFLoggerDelegate.errorLogger, + "bulkUploadRoles: Account Admin Role already exits but does not break functionality", + e); + } else { + logger.error(EELFLoggerDelegate.errorLogger, + "bulkUploadRoles: Failed to create Account Admin role", e.getMessage()); + } + } + } + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, "bulkUploadRoles: failed", e); + throw e; + } + return rolesListAdded; + } + + /** + * It creating new role in external auth system while doing bulk upload + * + * @param role + * @param app + * @throws Exception + */ + private void addRoleInExternalSystem(Role role, EPApp app) throws Exception { + String addRoleNew = updateExistingRoleInExternalSystem(role, app); + HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth(); + try { + HttpEntity<String> entity = new HttpEntity<>(addRoleNew, headers); + template.exchange( + SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "role", + HttpMethod.POST, entity, String.class); + } catch (HttpClientErrorException e) { + logger.error(EELFLoggerDelegate.errorLogger, "HttpClientErrorException - Failed to addRoleInExternalSystem", + e); + EPLogUtil.logExternalAuthAccessAlarm(logger, e.getStatusCode()); + } catch (Exception e) { + if (e.getMessage().equalsIgnoreCase("409 Conflict")) { + logger.error(EELFLoggerDelegate.errorLogger, + "addRoleInExternalSystem: Role already exits but does not break functionality", e); + } else { + logger.error(EELFLoggerDelegate.errorLogger, + "addRoleInExternalSystem: Failed to addRoleInExternalSystem", e.getMessage()); + } + } + } + + @Override + @SuppressWarnings("unchecked") + public Integer bulkUploadRolesFunctions(String uebkey) throws Exception { + EPApp app = getApp(uebkey).get(0); + List<EPRole> roles = getAppRoles(app.getId()); + final Map<String, Long> params = new HashMap<>(); + Integer roleFunctions = 0; + try { + for (EPRole role : roles) { + params.put("roleId", role.getId()); + List<BulkUploadRoleFunction> appRoleFunc = dataAccessService.executeNamedQuery("uploadAllRoleFunctions", + params, null); + if (!appRoleFunc.isEmpty()) { + for (BulkUploadRoleFunction addRoleFunc : appRoleFunc) { + addRoleFunctionsInExternalSystem(addRoleFunc, role, app); + roleFunctions++; + } + } + } + } catch (HttpClientErrorException e) { + logger.error(EELFLoggerDelegate.errorLogger, + "HttpClientErrorException - Failed to bulkUploadRolesFunctions", e); + EPLogUtil.logExternalAuthAccessAlarm(logger, e.getStatusCode()); + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, "bulkUploadRolesFunctions: failed", e); + } + return roleFunctions; + } + + /** + * Its adding a role function while doing bulk upload + * + * @param addRoleFunc + * @param role + * @param app + */ + private void addRoleFunctionsInExternalSystem(BulkUploadRoleFunction addRoleFunc, EPRole role, EPApp app) { + String type = ""; + String instance = ""; + String action = ""; + if (addRoleFunc.getFunctionCd().contains(FUNCTION_PIPE)) { + type = EcompPortalUtils.getFunctionType(addRoleFunc.getFunctionCd()); + instance = EcompPortalUtils.getFunctionCode(addRoleFunc.getFunctionCd()); + action = EcompPortalUtils.getFunctionAction(addRoleFunc.getFunctionCd()); + } else { + type = addRoleFunc.getFunctionCd().contains("menu") ? "menu" : "url"; + instance = addRoleFunc.getFunctionCd(); + action = "*"; + } + ExternalAccessRolePerms extRolePerms = null; + ExternalAccessPerms extPerms = null; + ObjectMapper mapper = new ObjectMapper(); + try { + HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth(); + extPerms = new ExternalAccessPerms(app.getNameSpace() + "." + type, instance, action, + addRoleFunc.getFunctionName()); + extRolePerms = new ExternalAccessRolePerms(extPerms, app.getNameSpace() + "." + role.getName() + .replaceAll(EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_")); + String updateRolePerms = mapper.writeValueAsString(extRolePerms); + HttpEntity<String> entity = new HttpEntity<>(updateRolePerms, headers); + template.exchange( + SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "role/perm", + HttpMethod.POST, entity, String.class); + } catch (Exception e) { + if (e.getMessage().equalsIgnoreCase("409 Conflict")) { + logger.error(EELFLoggerDelegate.errorLogger, + "addRoleFunctionsInExternalSystem: RoleFunction already exits but does not break functionality", + e); + } else { + logger.error(EELFLoggerDelegate.errorLogger, + "addRoleFunctionsInExternalSystem: Failed to addRoleFunctionsInExternalSystem", e.getMessage()); + } + } + } + + @SuppressWarnings("unchecked") + @Override + public Integer bulkUploadPartnerFunctions(String uebkey) throws Exception { + EPApp app = getApp(uebkey).get(0); + final Map<String, Long> params = new HashMap<>(); + params.put("appId", app.getId()); + List<CentralV2RoleFunction> roleFuncList = dataAccessService.executeNamedQuery("getPartnerAppFunctions", params, + null); + Integer functionsAdded = 0; + try { + for (CentralV2RoleFunction roleFunc : roleFuncList) { + addFunctionInExternalSystem(roleFunc, app); + functionsAdded++; + } + } catch (HttpClientErrorException e) { + logger.error(EELFLoggerDelegate.errorLogger, "HttpClientErrorException - bulkUploadPartnerFunctions failed", + e); + EPLogUtil.logExternalAuthAccessAlarm(logger, e.getStatusCode()); + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, "bulkUploadPartnerFunctions: failed", e.getMessage(), e); + } + return functionsAdded; + } + + private void addFunctionInExternalSystem(CentralV2RoleFunction roleFunc, EPApp app) throws Exception { + ObjectMapper mapper = new ObjectMapper(); + ExternalAccessPerms extPerms = new ExternalAccessPerms(); + HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth(); + String type = ""; + String instance = ""; + String action = ""; + if ((roleFunc.getCode().contains(FUNCTION_PIPE)) + || (roleFunc.getType() != null && roleFunc.getAction() != null)) { + type = EcompPortalUtils.getFunctionType(roleFunc.getCode()); + instance = EcompPortalUtils.getFunctionCode(roleFunc.getCode()); + action = EcompPortalUtils.getFunctionAction(roleFunc.getCode()); + } else { + type = roleFunc.getCode().contains("menu") ? "menu" : "url"; + instance = roleFunc.getCode(); + action = "*"; + } + try { + extPerms.setAction(action); + extPerms.setInstance(instance); + extPerms.setType(app.getNameSpace() + "." + type); + extPerms.setDescription(roleFunc.getName()); + String addFunction = mapper.writeValueAsString(extPerms); + HttpEntity<String> entity = new HttpEntity<>(addFunction, headers); + logger.debug(EELFLoggerDelegate.debugLogger, "addFunctionInExternalSystem: {} for POST: {}", + CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE, addFunction); + ResponseEntity<String> addPermResponse = template.exchange( + SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "perm", + HttpMethod.POST, entity, String.class); + logger.debug(EELFLoggerDelegate.debugLogger, + "addFunctionInExternalSystem: Finished adding permission for POST: {} and status code: {} ", + addPermResponse.getStatusCode().value(), addFunction); + } catch (HttpClientErrorException e) { + logger.error(EELFLoggerDelegate.errorLogger, + "HttpClientErrorException - Failed to add function in external central auth system", e); + EPLogUtil.logExternalAuthAccessAlarm(logger, e.getStatusCode()); + throw e; + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, + "addFunctionInExternalSystem: Failed to add fucntion in external central auth system", e); + throw e; + } + } + + @Override + public void bulkUploadPartnerRoles(String uebkey, List<Role> roleList) throws Exception { + EPApp app = getApp(uebkey).get(0); + for (Role role : roleList) { + addRoleInExternalSystem(role, app); + } + } + + @SuppressWarnings("unchecked") + @Override + public Integer bulkUploadPartnerRoleFunctions(String uebkey) throws Exception { + EPApp app = getApp(uebkey).get(0); + List<EPRole> roles = getAppRoles(app.getId()); + final Map<String, Long> params = new HashMap<>(); + Integer roleFunctions = 0; + try { + for (EPRole role : roles) { + params.put("roleId", role.getId()); + List<BulkUploadRoleFunction> appRoleFunc = dataAccessService + .executeNamedQuery("uploadPartnerRoleFunctions", params, null); + if (!appRoleFunc.isEmpty()) { + for (BulkUploadRoleFunction addRoleFunc : appRoleFunc) { + addRoleFunctionsInExternalSystem(addRoleFunc, role, app); + roleFunctions++; + } + } + } + // upload global role functions to ext auth system + if (!app.getId().equals(PortalConstants.PORTAL_APP_ID)) { + roleFunctions = bulkUploadGlobalRoleFunctions(app, roleFunctions); + } + } catch (HttpClientErrorException e) { + logger.error(EELFLoggerDelegate.errorLogger, + "HttpClientErrorException - Failed to bulkUploadRolesFunctions", e); + EPLogUtil.logExternalAuthAccessAlarm(logger, e.getStatusCode()); + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, "bulkUploadRolesFunctions: failed", e); + } + return roleFunctions; + } + + @SuppressWarnings("unchecked") + private Integer bulkUploadGlobalRoleFunctions(EPApp app, Integer roleFunctions) throws Exception { + try { + EPApp portalApp = epAppService.getApp(1l); + final Map<String, Long> params = new HashMap<>(); + params.put("appId", app.getId()); + List<GlobalRoleWithApplicationRoleFunction> globalRoleFuncs = dataAccessService + .executeNamedQuery("getBulkUploadPartnerGlobalRoleFunctions", params, null); + ObjectMapper mapper = new ObjectMapper(); + HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth(); + for (GlobalRoleWithApplicationRoleFunction globalRoleFunc : globalRoleFuncs) { + ExternalAccessRolePerms extRolePerms; + ExternalAccessPerms extPerms; + String type = ""; + String instance = ""; + String action = ""; + if (globalRoleFunc.getFunctionCd().contains(FUNCTION_PIPE)) { + type = EcompPortalUtils.getFunctionType(globalRoleFunc.getFunctionCd()); + instance = EcompPortalUtils.getFunctionCode(globalRoleFunc.getFunctionCd()); + action = EcompPortalUtils.getFunctionAction(globalRoleFunc.getFunctionCd()); + } else { + type = globalRoleFunc.getFunctionCd().contains("menu") ? "menu" : "url"; + instance = globalRoleFunc.getFunctionCd(); + action = "*"; + } + extPerms = new ExternalAccessPerms(app.getNameSpace() + "." + type, instance, action); + extRolePerms = new ExternalAccessRolePerms(extPerms, + portalApp.getNameSpace() + "." + globalRoleFunc.getRoleName().replaceAll( + EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_")); + String updateRolePerms = mapper.writeValueAsString(extRolePerms); + HttpEntity<String> entity = new HttpEntity<>(updateRolePerms, headers); + updateRoleFunctionInExternalSystem(updateRolePerms, entity); + roleFunctions++; + } + } catch (HttpClientErrorException e) { + logger.error(EELFLoggerDelegate.errorLogger, + "HttpClientErrorException - Failed to add role function in external central auth system", e); + EPLogUtil.logExternalAuthAccessAlarm(logger, e.getStatusCode()); + throw e; + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, + "bulkUploadGlobalRoleFunctions: Failed to add role fucntion in external central auth system", e); + throw e; + } + return roleFunctions; + } + + @Override + @Transactional + public void syncApplicationRolesWithEcompDB(EPApp app) { + try { + logger.debug(EELFLoggerDelegate.debugLogger, "syncRoleFunctionFromExternalAccessSystem: Started"); + // Sync functions and roles assigned to it which also creates new roles if does + // not exits in portal + syncRoleFunctionFromExternalAccessSystem(app); + logger.debug(EELFLoggerDelegate.debugLogger, "syncRoleFunctionFromExternalAccessSystem: Finished"); + ObjectMapper mapper = new ObjectMapper(); + logger.debug(EELFLoggerDelegate.debugLogger, "Entering to getAppRolesJSONFromExtAuthSystem"); + // Get Permissions from External Auth System + JSONArray extRole = getAppRolesJSONFromExtAuthSystem(app); + logger.debug(EELFLoggerDelegate.debugLogger, "Entering into getExternalRoleDetailsList"); + // refactoring done + List<ExternalRoleDetails> externalRoleDetailsList = getExternalRoleDetailsList(app, mapper, extRole); + List<EPRole> finalRoleList = new ArrayList<>(); + for (ExternalRoleDetails externalRole : externalRoleDetailsList) { + EPRole ecompRole = convertExternalRoleDetailstoEpRole(externalRole); + finalRoleList.add(ecompRole); + } + List<EPRole> applicationRolesList; + applicationRolesList = getAppRoles(app.getId()); + List<String> applicationRoleIdList = new ArrayList<>(); + for (EPRole applicationRole : applicationRolesList) { + applicationRoleIdList.add(applicationRole.getName()); + } + List<EPRole> roleListToBeAddInEcompDB = new ArrayList<>(); + for (EPRole aafRole : finalRoleList) { + if (!applicationRoleIdList.contains(aafRole.getName())) { + roleListToBeAddInEcompDB.add(aafRole); + } + } + logger.debug(EELFLoggerDelegate.debugLogger, "Entering into inactiveRolesNotInExternalAuthSystem"); + // Check if roles exits in external Access system and if not make inactive in DB + inactiveRolesNotInExternalAuthSystem(app, finalRoleList, applicationRolesList); + logger.debug(EELFLoggerDelegate.debugLogger, "Entering into addNewRoleInEcompDBUpdateDescInExtAuthSystem"); + // Add new roles in DB and updates role description in External Auth System + addNewRoleInEcompDBUpdateDescInExtAuthSystem(app, roleListToBeAddInEcompDB); + logger.debug(EELFLoggerDelegate.debugLogger, "syncApplicationRolesWithEcompDB: Finished"); + } catch (HttpClientErrorException e) { + logger.error(EELFLoggerDelegate.errorLogger, + "syncApplicationRolesWithEcompDB: Failed due to the External Auth System", e); + EPLogUtil.logExternalAuthAccessAlarm(logger, e.getStatusCode()); + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, "syncApplicationRolesWithEcompDB: Failed ", e); + } + } + + /** + * + * It adds new roles in DB and updates description in External Auth System + * + * @param app + * @param roleListToBeAddInEcompDB + */ + @SuppressWarnings("unchecked") + private void addNewRoleInEcompDBUpdateDescInExtAuthSystem(EPApp app, List<EPRole> roleListToBeAddInEcompDB) { + EPRole roleToBeAddedInEcompDB; + for (int i = 0; i < roleListToBeAddInEcompDB.size(); i++) { + try { + roleToBeAddedInEcompDB = roleListToBeAddInEcompDB.get(i); + if (app.getId() == 1) { + roleToBeAddedInEcompDB.setAppRoleId(null); + } + dataAccessService.saveDomainObject(roleToBeAddedInEcompDB, null); + List<EPRole> getRoleCreatedInSync = null; + if (!app.getId().equals(PortalConstants.PORTAL_APP_ID)) { + final Map<String, String> globalRoleParams = new HashMap<>(); + globalRoleParams.put("appId", String.valueOf(app.getId())); + globalRoleParams.put("appRoleName", roleToBeAddedInEcompDB.getName()); + getRoleCreatedInSync = dataAccessService + .executeNamedQuery(GET_ROLE_TO_UPDATE_IN_EXTERNAL_AUTH_SYSTEM, globalRoleParams, null); + EPRole epUpdateRole = getRoleCreatedInSync.get(0); + epUpdateRole.setAppRoleId(epUpdateRole.getId()); + dataAccessService.saveDomainObject(epUpdateRole, null); + } + List<EPRole> roleList = new ArrayList<>(); + final Map<String, String> params = new HashMap<>(); + params.put(APP_ROLE_NAME_PARAM, roleToBeAddedInEcompDB.getName()); + boolean isPortalRole = false; + if (app.getId() == 1) { + isPortalRole = true; + roleList = dataAccessService.executeNamedQuery(GET_PORTAL_APP_ROLES_QUERY, params, null); + } else { + isPortalRole = false; + params.put(APP_ID, app.getId().toString()); + roleList = dataAccessService.executeNamedQuery(GET_ROLE_TO_UPDATE_IN_EXTERNAL_AUTH_SYSTEM, params, + null); + } + EPRole role = roleList.get(0); + Role aaFrole = new Role(); + aaFrole.setId(role.getId()); + aaFrole.setActive(role.getActive()); + aaFrole.setPriority(role.getPriority()); + aaFrole.setName(role.getName()); + updateRoleInExternalSystem(aaFrole, app, isPortalRole); + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, + "SyncApplicationRolesWithEcompDB: Failed to add or update role in external auth system", e); + } + } + } + + /** + * + * It de-activates application roles in DB if not present in External Auth + * system + * + * @param app + * @param finalRoleList contains list of current roles present in + * External Auth System + * @param applicationRolesList contains list of current roles present in DB + */ + @SuppressWarnings("unchecked") + private void inactiveRolesNotInExternalAuthSystem(EPApp app, List<EPRole> finalRoleList, + List<EPRole> applicationRolesList) { + final Map<String, EPRole> checkRolesInactive = new HashMap<>(); + for (EPRole extrole : finalRoleList) { + checkRolesInactive.put(extrole.getName(), extrole); + } + for (EPRole role : applicationRolesList) { + try { + final Map<String, String> extRoleParams = new HashMap<>(); + List<EPRole> roleList = null; + extRoleParams.put(APP_ROLE_NAME_PARAM, role.getName()); + if (!checkRolesInactive.containsKey(role.getName())) { + if (app.getId() == 1) { + roleList = dataAccessService.executeNamedQuery(GET_PORTAL_APP_ROLES_QUERY, extRoleParams, null); + } else { + extRoleParams.put(APP_ID, app.getId().toString()); + roleList = dataAccessService.executeNamedQuery(GET_ROLE_TO_UPDATE_IN_EXTERNAL_AUTH_SYSTEM, + extRoleParams, null); + } + if (!roleList.isEmpty()) { + EPRole updateRoleInactive = roleList.get(0); + updateRoleInactive.setActive(false); + dataAccessService.saveDomainObject(updateRoleInactive, null); + } + } + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, + "syncApplicationRolesWithEcompDB: Failed to de-activate role ", e); + } + } + } + + @Override + @SuppressWarnings("unchecked") + public List<ExternalRoleDetails> getExternalRoleDetailsList(EPApp app, ObjectMapper mapper, JSONArray extRole) + throws IOException { + List<ExternalRoleDetails> externalRoleDetailsList = new ArrayList<>(); + ExternalAccessPerms externalAccessPerms = new ExternalAccessPerms(); + List<String> functionCodelist = new ArrayList<>(); + Map<String, EPRole> curRolesMap = getAppRoleNamesMap(app); + Map<String, EPRole> curRolesUnderscoreMap = getAppRoleNamesWithUnderscoreMap(app); + for (int i = 0; i < extRole.length(); i++) { + ExternalRoleDetails externalRoleDetail = new ExternalRoleDetails(); + EPAppRoleFunction ePAppRoleFunction = new EPAppRoleFunction(); + JSONObject Role = (JSONObject) extRole.get(i); + String name = extRole.getJSONObject(i).getString(ROLE_NAME); + String actualRoleName = name.substring(app.getNameSpace().length() + 1); + if (extRole.getJSONObject(i).has(EXTERNAL_AUTH_ROLE_DESCRIPTION)) { + actualRoleName = extRole.getJSONObject(i).getString(EXTERNAL_AUTH_ROLE_DESCRIPTION); + } + SortedSet<ExternalAccessPerms> externalAccessPermsOfRole = new TreeSet<>(); + if (extRole.getJSONObject(i).has(EXTERNAL_AUTH_PERMS)) { + JSONArray extPerm = (JSONArray) Role.get(EXTERNAL_AUTH_PERMS); + for (int j = 0; j < extPerm.length(); j++) { + JSONObject perms = extPerm.getJSONObject(j); + boolean isNamespaceMatching = EcompPortalUtils.checkNameSpaceMatching(perms.getString("type"), + app.getNameSpace()); + if (isNamespaceMatching) { + externalAccessPerms = new ExternalAccessPerms(perms.getString("type"), + perms.getString("instance"), perms.getString("action")); + ePAppRoleFunction.setCode(externalAccessPerms.getInstance()); + functionCodelist.add(ePAppRoleFunction.getCode()); + externalAccessPermsOfRole.add(externalAccessPerms); + } + } + } + externalRoleDetail.setActive(true); + externalRoleDetail.setName(actualRoleName); + if (app.getId() == 1) { + externalRoleDetail.setAppId(null); + } else { + externalRoleDetail.setAppId(app.getId()); + } + EPRole currRole = null; + currRole = (!extRole.getJSONObject(i).has(EXTERNAL_AUTH_ROLE_DESCRIPTION)) + ? curRolesUnderscoreMap.get(actualRoleName) + : curRolesMap.get(actualRoleName); + Long roleId = null; + if (currRole != null) + roleId = currRole.getId(); + final Map<String, EPAppRoleFunction> roleFunctionsMap = new HashMap<>(); + final Map<String, Long> appRoleFuncsParams = new HashMap<>(); + if (roleId != null) { + appRoleFuncsParams.put("appId", app.getId()); + appRoleFuncsParams.put("roleId", roleId); + // get role functions from DB + List<EPAppRoleFunction> appRoleFunctions = dataAccessService + .executeNamedQuery("getAppRoleFunctionOnRoleIdandAppId", appRoleFuncsParams, null); + if (!appRoleFunctions.isEmpty()) { + for (EPAppRoleFunction roleFunc : appRoleFunctions) { + roleFunctionsMap.put(roleFunc.getCode(), roleFunc); + } + } + } + if (!externalAccessPermsOfRole.isEmpty()) { + // Adding functions to role + for (ExternalAccessPerms externalpermission : externalAccessPermsOfRole) { + EPAppRoleFunction checkRoleFunctionExits = roleFunctionsMap.get(externalpermission.getInstance()); + if (checkRoleFunctionExits == null) { + String funcCode = externalpermission.getType().substring(app.getNameSpace().length() + 1) + + FUNCTION_PIPE + externalpermission.getInstance() + FUNCTION_PIPE + + externalpermission.getAction(); + EPAppRoleFunction checkRoleFunctionPipeExits = roleFunctionsMap.get(funcCode); + if (checkRoleFunctionPipeExits == null) { + try { + final Map<String, String> appFuncsParams = new HashMap<>(); + appFuncsParams.put("appId", String.valueOf(app.getId())); + appFuncsParams.put("functionCd", externalpermission.getInstance()); + logger.debug(EELFLoggerDelegate.debugLogger, + "SyncApplicationRolesWithEcompDB: Adding function to the role: {}", + externalpermission.getInstance()); + List<CentralV2RoleFunction> roleFunction = null; + roleFunction = dataAccessService.executeNamedQuery("getAppFunctionOnCodeAndAppId", + appFuncsParams, null); + if (roleFunction.isEmpty()) { + appFuncsParams.put("functionCd", funcCode); + roleFunction = dataAccessService.executeNamedQuery("getAppFunctionOnCodeAndAppId", + appFuncsParams, null); + } + if (!roleFunction.isEmpty()) { + EPAppRoleFunction apRoleFunction = new EPAppRoleFunction(); + apRoleFunction.setAppId(app.getId()); + apRoleFunction.setRoleId(roleId); + apRoleFunction.setCode(roleFunction.get(0).getCode()); + dataAccessService.saveDomainObject(apRoleFunction, null); + } + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, + "SyncApplicationRolesWithEcompDB: Failed to add role function", e); + } + } + } + } + } + externalRoleDetailsList.add(externalRoleDetail); + } + return externalRoleDetailsList; + } + + @Override + public JSONArray getAppRolesJSONFromExtAuthSystem(EPApp app) throws Exception { + ResponseEntity<String> response = null; + HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth(); + HttpEntity<String> entity = new HttpEntity<>(headers); + logger.debug(EELFLoggerDelegate.debugLogger, "syncApplicationRolesWithEcompDB: {} ", + CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE); + response = template.exchange(SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + + "roles/ns/" + app.getNameSpace(), HttpMethod.GET, entity, String.class); + String res = response.getBody(); + logger.debug(EELFLoggerDelegate.debugLogger, + "syncApplicationRolesWithEcompDB: Finished GET roles from External Auth system and the result is :", + res); + JSONObject jsonObj = new JSONObject(res); + JSONArray extRole = jsonObj.getJSONArray("role"); + for (int i = 0; i < extRole.length(); i++) { + if (extRole.getJSONObject(i).getString(ROLE_NAME).equals(app.getNameSpace() + ADMIN) + || extRole.getJSONObject(i).getString(ROLE_NAME).equals(app.getNameSpace() + OWNER) + || (extRole.getJSONObject(i).getString(ROLE_NAME).equals(app.getNameSpace() + ACCOUNT_ADMINISTRATOR) + && !app.getId().equals(PortalConstants.PORTAL_APP_ID))) { + extRole.remove(i); + i--; + } + } + return extRole; + } + + @Override + public JSONArray getAllUsersByRole(String roleName) throws Exception { + ResponseEntity<String> response = null; + HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth(); + HttpEntity<String> entity = new HttpEntity<>(headers); + logger.debug(EELFLoggerDelegate.debugLogger, "getAllUsersByRole: {} ", + CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE); + response = template.exchange(SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + + "userRoles/role/" + roleName, HttpMethod.GET, entity, String.class); + String res = response.getBody(); + logger.debug(EELFLoggerDelegate.debugLogger, + "syncApplicationRolesWithEcompDB: Finished GET roles from External Auth system and the result is :", + res); + if (res == null || res.trim().isEmpty()) + return null; + JSONObject jsonObj = new JSONObject(res); + JSONArray extRole = jsonObj.getJSONArray("userRole"); + return extRole; + } + + /** + * + * It converts from ExternalRoleDetails.class object to EPRole.class object + * + * @param externalRoleDetails + * @return EPRole object + */ + private EPRole convertExternalRoleDetailstoEpRole(ExternalRoleDetails externalRoleDetails) { + EPRole role = new EPRole(); + role.setActive(true); + role.setAppId(externalRoleDetails.getAppId()); + role.setAppRoleId(externalRoleDetails.getAppRoleId()); + role.setName(externalRoleDetails.getName()); + role.setPriority(externalRoleDetails.getPriority()); + return role; + } + + @SuppressWarnings("unchecked") + @Override + public Integer bulkUploadUserRoles(String uebkey) throws Exception { + EPApp app = getApp(uebkey).get(0); + final Map<String, String> params = new HashMap<>(); + params.put("uebKey", app.getUebKey()); + List<BulkUploadUserRoles> userRolesList = null; + Integer userRolesAdded = 0; + if (app.getCentralAuth()) { + userRolesList = dataAccessService.executeNamedQuery("getBulkUserRoles", params, null); + for (BulkUploadUserRoles userRolesUpload : userRolesList) { + if (!userRolesUpload.getOrgUserId().equals("su1234")) { + addUserRoleInExternalSystem(userRolesUpload); + userRolesAdded++; + } + } + } + return userRolesAdded; + } + + /** + * Its adding a user role in external auth system while doing bulk upload + * + * @param userRolesUpload + */ + private void addUserRoleInExternalSystem(BulkUploadUserRoles userRolesUpload) { + try { + String name = ""; + ObjectMapper mapper = new ObjectMapper(); + if (EPCommonSystemProperties + .containsProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_USER_DOMAIN)) { + name = userRolesUpload.getOrgUserId() + + SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_USER_DOMAIN); + } + ExternalAccessUser extUser = new ExternalAccessUser(name, + userRolesUpload.getAppNameSpace() + "." + userRolesUpload.getRoleName() + .replaceAll(EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_")); + String userRole = mapper.writeValueAsString(extUser); + HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth(); + HttpEntity<String> entity = new HttpEntity<>(userRole, headers); + template.exchange( + SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "userRole", + HttpMethod.POST, entity, String.class); + } catch (HttpClientErrorException e) { + logger.error(EELFLoggerDelegate.errorLogger, + "HttpClientErrorException - Failed to addUserRoleInExternalSystem", e); + EPLogUtil.logExternalAuthAccessAlarm(logger, e.getStatusCode()); + } catch (Exception e) { + if (e.getMessage().equalsIgnoreCase("409 Conflict")) { + logger.error(EELFLoggerDelegate.errorLogger, + "addUserRoleInExternalSystem: UserRole already exits but does not break functionality"); + } else { + logger.error(EELFLoggerDelegate.errorLogger, + "addUserRoleInExternalSystem: Failed to addUserRoleInExternalSystem", e); + } + } + } + + @Override + public void deleteRoleDependencyRecords(Session localSession, Long roleId, Long appId, boolean isPortalRequest) + throws Exception { + try { + String sql = ""; + Query query = null; + // It should delete only when it portal's roleId + if (appId.equals(PortalConstants.PORTAL_APP_ID)) { + // Delete from fn_role_function + sql = "DELETE FROM fn_role_function WHERE role_id=" + roleId; + logger.debug(EELFLoggerDelegate.debugLogger, "Executing query: " + sql); + query = localSession.createSQLQuery(sql); + query.executeUpdate(); + // Delete from fn_role_composite + sql = "DELETE FROM fn_role_composite WHERE parent_role_id=" + roleId + " OR child_role_id=" + roleId; + logger.debug(EELFLoggerDelegate.debugLogger, "Executing query: " + sql); + query = localSession.createSQLQuery(sql); + query.executeUpdate(); + } + // Delete from ep_app_role_function + sql = "DELETE FROM ep_app_role_function WHERE role_id=" + roleId; + logger.debug(EELFLoggerDelegate.debugLogger, "Executing query: " + sql); + query = localSession.createSQLQuery(sql); + query.executeUpdate(); + // Delete from ep_role_notification + sql = "DELETE FROM ep_role_notification WHERE role_id=" + roleId; + logger.debug(EELFLoggerDelegate.debugLogger, "Executing query: " + sql); + query = localSession.createSQLQuery(sql); + query.executeUpdate(); + // Delete from fn_user_pseudo_role + sql = "DELETE FROM fn_user_pseudo_role WHERE pseudo_role_id=" + roleId; + logger.debug(EELFLoggerDelegate.debugLogger, "Executing query: " + sql); + query = localSession.createSQLQuery(sql); + query.executeUpdate(); + // Delete form EP_WIDGET_CATALOG_ROLE + sql = "DELETE FROM EP_WIDGET_CATALOG_ROLE WHERE role_id=" + roleId; + logger.debug(EELFLoggerDelegate.debugLogger, "Executing query: " + sql); + query = localSession.createSQLQuery(sql); + query.executeUpdate(); + // Delete form EP_WIDGET_CATALOG_ROLE + sql = "DELETE FROM ep_user_roles_request_det WHERE requested_role_id=" + roleId; + logger.debug(EELFLoggerDelegate.debugLogger, "Executing query: " + sql); + query = localSession.createSQLQuery(sql); + query.executeUpdate(); + if (!isPortalRequest) { + // Delete form fn_menu_functional_roles + sql = "DELETE FROM fn_menu_functional_roles WHERE role_id=" + roleId; + logger.debug(EELFLoggerDelegate.debugLogger, "Executing query: " + sql); + query = localSession.createSQLQuery(sql); + query.executeUpdate(); + } + } catch (Exception e) { + logger.debug(EELFLoggerDelegate.debugLogger, "deleteRoleDependeciesRecord: failed ", e); + throw new DeleteDomainObjectFailedException("delete Failed" + e.getMessage()); + } + } + + @SuppressWarnings("unchecked") + @Override + public List<String> getMenuFunctionsList(String uebkey) throws Exception { + List<String> appMenuFunctionsList = null; + List<String> appMenuFunctionsFinalList = new ArrayList<>(); + try { + EPApp app = getApp(uebkey).get(0); + final Map<String, Long> appParams = new HashMap<>(); + appParams.put(APP_ID, app.getId()); + appMenuFunctionsList = dataAccessService.executeNamedQuery("getMenuFunctions", appParams, null); + for (String appMenuFunction : appMenuFunctionsList) { + if (appMenuFunction.contains(FUNCTION_PIPE)) { + appMenuFunctionsFinalList.add(EcompPortalUtils.getFunctionCode(appMenuFunction)); + } else { + appMenuFunctionsFinalList.add(appMenuFunction); + } + } + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, "getMenuFunctionsList: Failed", e); + return appMenuFunctionsFinalList; + } + return appMenuFunctionsFinalList; + } + + @SuppressWarnings({ "unchecked" }) + @Override + public List<EcompUser> getAllAppUsers(String uebkey) throws Exception { + List<String> usersList = new ArrayList<>(); + List<EcompUser> usersfinalList = new ArrayList<>(); + try { + EPApp app = getApp(uebkey).get(0); + final Map<String, Long> appParams = new HashMap<>(); + appParams.put("appId", app.getId()); + List<EcompUserRoles> userList = (List<EcompUserRoles>) dataAccessService + .executeNamedQuery("ApplicationUserRoles", appParams, null); + for (EcompUserRoles ecompUserRole : userList) { + boolean found = false; + Set<EcompRole> roles = null; + for (EcompUser user : usersfinalList) { + if (user.getOrgUserId().equals(ecompUserRole.getOrgUserId())) { + EcompRole ecompRole = new EcompRole(); + ecompRole.setId(ecompUserRole.getRoleId()); + ecompRole.setName(ecompUserRole.getRoleName()); + roles = user.getRoles(); + EcompRole role = roles.stream().filter(x -> x.getName().equals(ecompUserRole.getRoleName())) + .findAny().orElse(null); + SortedSet<EcompRoleFunction> roleFunctionSet = new TreeSet<>(); + if (role != null) { + roleFunctionSet = (SortedSet<EcompRoleFunction>) role.getRoleFunctions(); + } + String functionCode = EcompPortalUtils.getFunctionCode(ecompUserRole.getFunctionCode()); + functionCode = EPUserUtils.decodeFunctionCode(functionCode); + EcompRoleFunction epRoleFunction = new EcompRoleFunction(); + epRoleFunction.setName(ecompUserRole.getFunctionName()); + epRoleFunction.setCode(EPUserUtils.decodeFunctionCode(functionCode)); + epRoleFunction.setType(getFunctionCodeType(ecompUserRole.getFunctionCode())); + epRoleFunction.setAction(getFunctionCodeAction(ecompUserRole.getFunctionCode())); + roleFunctionSet.add(epRoleFunction); + ecompRole.setRoleFunctions(roleFunctionSet); + roles.add(ecompRole); + user.setRoles(roles); + found = true; + break; + } + } + if (!found) { + EcompUser epUser = new EcompUser(); + epUser.setOrgId(ecompUserRole.getOrgId()); + epUser.setManagerId(ecompUserRole.getManagerId()); + epUser.setFirstName(ecompUserRole.getFirstName()); + epUser.setLastName(ecompUserRole.getLastName()); + epUser.setPhone(ecompUserRole.getPhone()); + epUser.setEmail(ecompUserRole.getEmail()); + epUser.setOrgUserId(ecompUserRole.getOrgUserId()); + epUser.setOrgCode(ecompUserRole.getOrgCode()); + epUser.setOrgManagerUserId(ecompUserRole.getOrgManagerUserId()); + epUser.setJobTitle(ecompUserRole.getJobTitle()); + epUser.setLoginId(ecompUserRole.getLoginId()); + epUser.setActive(true); + roles = new HashSet<>(); + EcompRole ecompRole = new EcompRole(); + ecompRole.setId(ecompUserRole.getRoleId()); + ecompRole.setName(ecompUserRole.getRoleName()); + SortedSet<EcompRoleFunction> roleFunctionSet = new TreeSet<>(); + String functionCode = EcompPortalUtils.getFunctionCode(ecompUserRole.getFunctionCode()); + functionCode = EPUserUtils.decodeFunctionCode(functionCode); + EcompRoleFunction epRoleFunction = new EcompRoleFunction(); + epRoleFunction.setName(ecompUserRole.getFunctionName()); + epRoleFunction.setCode(EPUserUtils.decodeFunctionCode(functionCode)); + epRoleFunction.setType(getFunctionCodeType(ecompUserRole.getFunctionCode())); + epRoleFunction.setAction(getFunctionCodeAction(ecompUserRole.getFunctionCode())); + roleFunctionSet.add(epRoleFunction); + ecompRole.setRoleFunctions(roleFunctionSet); + roles.add(ecompRole); + epUser.setRoles(roles); + usersfinalList.add(epUser); + } + } + ObjectMapper mapper = new ObjectMapper(); + for (EcompUser u1 : usersfinalList) { + String str = mapper.writeValueAsString(u1); + usersList.add(str); + } + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, "getAllUsers failed", e); + throw e; + } + return usersfinalList; + } + + @Override + public Role ConvertCentralRoleToRole(String result) { + ObjectMapper mapper = new ObjectMapper(); + mapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false); + Role newRole = new Role(); + try { + newRole = mapper.readValue(result, Role.class); + } catch (IOException e) { + logger.error(EELFLoggerDelegate.errorLogger, "Failed to convert the result to Role Object", e); + } + if (newRole.getRoleFunctions() != null) { + @SuppressWarnings("unchecked") + Set<RoleFunction> roleFunctionList = newRole.getRoleFunctions(); + Set<RoleFunction> roleFunctionListNew = new HashSet<>(); + Iterator<RoleFunction> itetaror = roleFunctionList.iterator(); + while (itetaror.hasNext()) { + Object nextValue = itetaror.next(); + RoleFunction roleFun = mapper.convertValue(nextValue, RoleFunction.class); + roleFunctionListNew.add(roleFun); + } + newRole.setRoleFunctions(roleFunctionListNew); + } + return newRole; + } + + @Override + @SuppressWarnings("unchecked") + public List<CentralizedApp> getCentralizedAppsOfUser(String userId) { + Map<String, String> params = new HashMap<>(); + params.put("userId", userId); + List<CentralizedApp> centralizedAppsList = new ArrayList<>(); + try { + centralizedAppsList = dataAccessService.executeNamedQuery("getCentralizedAppsOfUser", params, null); + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, "getCentralizedAppsOfUser failed", e); + } + return centralizedAppsList; + } + + @SuppressWarnings("unchecked") + public List<CentralV2Role> getGlobalRolesOfApplication(Long appId) { + Map<String, Long> params = new HashMap<>(); + params.put("appId", appId); + List<GlobalRoleWithApplicationRoleFunction> globalRoles = new ArrayList<>(); + try { + globalRoles = dataAccessService.executeNamedQuery("getGlobalRoleWithApplicationRoleFunctions", params, + null); + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, "getCentralizedAppsOfUser failed", e); + } + List<CentralV2Role> rolesfinalList = new ArrayList<>(); + if (globalRoles.size() > 0) + rolesfinalList = finalListOfCentralRoles(globalRoles); + return rolesfinalList; + } + + @SuppressWarnings("unchecked") + private CentralV2Role getGlobalRoleForRequestedApp(long requestedAppId, long roleId) { + CentralV2Role finalGlobalrole = null; + List<GlobalRoleWithApplicationRoleFunction> roleWithApplicationRoleFucntions = new ArrayList<>(); + Map<String, Long> params = new HashMap<>(); + params.put("roleId", roleId); + params.put("requestedAppId", requestedAppId); + try { + roleWithApplicationRoleFucntions = dataAccessService.executeNamedQuery("getGlobalRoleForRequestedApp", + params, null); + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, "getGlobalRoleForRequestedApp failed", e); + } + if (roleWithApplicationRoleFucntions.size() > 0) { + List<CentralV2Role> rolesfinalList = finalListOfCentralRoles(roleWithApplicationRoleFucntions); + finalGlobalrole = rolesfinalList.get(0); + } else { + List<EPRole> roleList = getPortalAppRoleInfo(roleId); + finalGlobalrole = convertRoleToCentralV2Role(roleList.get(0)); + } + return finalGlobalrole; + } + + private List<CentralV2Role> finalListOfCentralRoles(List<GlobalRoleWithApplicationRoleFunction> globalRoles) { + List<CentralV2Role> rolesfinalList = new ArrayList<>(); + for (GlobalRoleWithApplicationRoleFunction role : globalRoles) { + boolean found = false; + for (CentralV2Role cenRole : rolesfinalList) { + if (role.getRoleId().equals(cenRole.getId())) { + SortedSet<CentralV2RoleFunction> roleFunctions = cenRole.getRoleFunctions(); + CentralV2RoleFunction cenRoleFun = createCentralRoleFunctionForGlobalRole(role); + roleFunctions.add(cenRoleFun); + cenRole.setRoleFunctions(roleFunctions); + found = true; + break; + } + } + if (!found) { + CentralV2Role cenrole = new CentralV2Role(); + cenrole.setName(role.getRoleName()); + cenrole.setId(role.getRoleId()); + cenrole.setActive(role.isActive()); + cenrole.setPriority(role.getPriority()); + SortedSet<CentralV2RoleFunction> roleFunctions = new TreeSet<>(); + CentralV2RoleFunction cenRoleFun = createCentralRoleFunctionForGlobalRole(role); + roleFunctions.add(cenRoleFun); + cenrole.setRoleFunctions(roleFunctions); + rolesfinalList.add(cenrole); + } + } + return rolesfinalList; + } + + private CentralV2RoleFunction createCentralRoleFunctionForGlobalRole(GlobalRoleWithApplicationRoleFunction role) { + String instance; + String type; + String action; + CentralV2RoleFunction cenRoleFun; + if (role.getFunctionCd().contains(FUNCTION_PIPE)) { + instance = EcompPortalUtils.getFunctionCode(role.getFunctionCd()); + type = EcompPortalUtils.getFunctionType(role.getFunctionCd()); + action = EcompPortalUtils.getFunctionAction(role.getFunctionCd()); + cenRoleFun = new CentralV2RoleFunction(null, instance, role.getFunctionName(), null, type, action, null); + } else { + type = getFunctionCodeType(role.getFunctionCd()); + action = getFunctionCodeAction(role.getFunctionCd()); + cenRoleFun = new CentralV2RoleFunction(null, role.getFunctionCd(), role.getFunctionName(), null, type, + action, null); + } + return cenRoleFun; + } + + @SuppressWarnings("unchecked") + @Override + public List<EPRole> getGlobalRolesOfPortal() { + List<EPRole> globalRoles = new ArrayList<>(); + try { + globalRoles = dataAccessService.executeNamedQuery("getGlobalRolesOfPortal", null, null); + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, "getGlobalRolesOfPortal failed", e); + } + return globalRoles; + } + + private CentralV2Role convertRoleToCentralV2Role(EPRole role) { + return new CentralV2Role(role.getId(), role.getCreated(), role.getModified(), role.getCreatedId(), + role.getModifiedId(), role.getRowNum(), role.getName(), role.getActive(), role.getPriority(), + new TreeSet<>(), new TreeSet<>(), new TreeSet<>()); + } + + @Override + public List<CentralRoleFunction> convertCentralRoleFunctionToRoleFunctionObject( + List<CentralV2RoleFunction> answer) { + List<CentralRoleFunction> addRoleFuncList = new ArrayList<>(); + for (CentralV2RoleFunction cenRoleFunc : answer) { + CentralRoleFunction setRoleFunc = new CentralRoleFunction(); + setRoleFunc.setCode(cenRoleFunc.getCode()); + setRoleFunc.setName(cenRoleFunc.getName()); + addRoleFuncList.add(setRoleFunc); + } + return addRoleFuncList; + } + + @Override + public CentralUser getUserRoles(String loginId, String uebkey) throws Exception { + CentralUser sendUserRoles = null; + try { + CentralV2User cenV2User = getV2UserAppRoles(loginId, uebkey); + sendUserRoles = convertV2UserRolesToOlderVersion(cenV2User); + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, "getUserRoles: failed", e); + throw e; + } + return sendUserRoles; + } + + /** + * + * It returns V2 CentralUser object if user has any roles and permissions + * + * @param loginId + * @param uebkey + * @return CentralUser object + * @throws Exception + */ + private CentralV2User getV2UserAppRoles(String loginId, String uebkey) throws Exception { + EPApp app; + List<EPUser> epUserList; + List<EPApp> appList = getApp(uebkey); + app = appList.get(0); + epUserList = getUser(loginId); + EPUser user = epUserList.get(0); + Set<EPUserApp> userAppSet = user.getEPUserApps(); + return createEPUser(user, userAppSet, app); + } + + private List<EcompRole> getUserAppRoles(EPApp app, EPUser user) { + final Map<String, Long> userParams = new HashMap<>(); + userParams.put("appId", app.getId()); + userParams.put("userId", user.getId()); + @SuppressWarnings("unchecked") + List<EPUserAppCurrentRoles> userAppsRolesList = dataAccessService.executeNamedQuery("getUserAppCurrentRoles", + userParams, null); + List<EcompRole> setUserRoles = new ArrayList<>(); + for (EPUserAppCurrentRoles role : userAppsRolesList) { + logger.debug(EELFLoggerDelegate.debugLogger, "In getUserAppRoles()- get userRolename = {}", + role.getRoleName()); + EcompRole ecompRole = new EcompRole(); + ecompRole.setId(role.getRoleId()); + ecompRole.setName(role.getRoleName()); + setUserRoles.add(ecompRole); + } + logger.debug(EELFLoggerDelegate.debugLogger, "In getUserAppRoles()- get userrole list size = {}", + setUserRoles.size()); + return setUserRoles; + } + + @Override + public List<EcompRole> missingUserApplicationRoles(String uebkey, String loginId, Set<EcompRole> CurrentUserRoles) + throws Exception { + List<EPApp> appList = getApp(uebkey); + EPApp app = appList.get(0); + List<EPUser> epUserList; + epUserList = getUser(loginId); + List<EcompRole> missingUserAppRoles = new ArrayList<>(); + List<String> roleNamesList = CurrentUserRoles.stream().map(EcompRole::getName).collect(Collectors.toList()); + logger.debug(EELFLoggerDelegate.debugLogger, "Roles of User from hibernate :" + roleNamesList); + List<EcompRole> userApplicationsRolesfromDB = getUserAppRoles(app, epUserList.get(0)); + if (userApplicationsRolesfromDB.size() > 0) { + missingUserAppRoles = userApplicationsRolesfromDB.stream().filter(x -> !roleNamesList.contains(x.getName())) + .collect(Collectors.toList()); + } + List<String> MissingroleNamesList = missingUserAppRoles.stream().map(EcompRole::getName) + .collect(Collectors.toList()); + logger.debug(EELFLoggerDelegate.debugLogger, "MissingUserAppRoles():" + MissingroleNamesList); + + List<EcompRole> finalMissingRoleList = new ArrayList<>(); + if (missingUserAppRoles.size() > 0) { + final Map<String, Long> params = new HashMap<>(); + for (EcompRole role : missingUserAppRoles) { + params.put("roleId", role.getId()); + params.put(APP_ID, app.getId()); + + EcompRole epRole = new EcompRole(); + epRole.setId(role.getId()); + epRole.setName(role.getName()); + @SuppressWarnings("unchecked") + List<CentralV2RoleFunction> appRoleFunctionList = dataAccessService + .executeNamedQuery("getAppRoleFunctionList", params, null); + SortedSet<EcompRoleFunction> roleFunctionSet = new TreeSet<>(); + for (CentralV2RoleFunction roleFunc : appRoleFunctionList) { + String functionCode = EcompPortalUtils.getFunctionCode(roleFunc.getCode()); + String type = getFunctionCodeType(roleFunc.getCode()); + String action = getFunctionCodeAction(roleFunc.getCode()); + EcompRoleFunction fun = new EcompRoleFunction(); + fun.setAction(action); + fun.setCode(functionCode); + fun.setType(type); + fun.setName(roleFunc.getName()); + roleFunctionSet.add(fun); + + } + epRole.setRoleFunctions(roleFunctionSet); + finalMissingRoleList.add(epRole); + } + } + + return finalMissingRoleList; + } + + /** + * It converts V2 CentralUser object to old version CentralUser object + * + * @param cenV2User + * @return EPUser object + */ + private CentralUser convertV2UserRolesToOlderVersion(CentralV2User cenV2User) { + Set<CentralV2UserApp> userV2Apps = cenV2User.getUserApps(); + Set<CentralUserApp> userApps = new TreeSet<>(); + for (CentralV2UserApp userApp : userV2Apps) { + CentralApp app = userApp.getApp(); + CentralUserApp cua = new CentralUserApp(); + cua.setUserId(null); + cua.setApp(app); + SortedSet<CentralRoleFunction> cenRoleFunction = new TreeSet<>(); + for (CentralV2RoleFunction cenV2RoleFunc : userApp.getRole().getRoleFunctions()) { + CentralRoleFunction cenRoleFunc = new CentralRoleFunction(cenV2RoleFunc.getCode(), + cenV2RoleFunc.getName()); + cenRoleFunction.add(cenRoleFunc); + } + CentralRole role = new CentralRole(userApp.getRole().getId(), userApp.getRole().getName(), + userApp.getRole().getActive(), userApp.getRole().getPriority(), cenRoleFunction); + cua.setRole(role); + userApps.add(cua); + } + return new CentralUser(cenV2User.getId(), cenV2User.getCreated(), cenV2User.getModified(), + cenV2User.getCreatedId(), cenV2User.getModifiedId(), cenV2User.getRowNum(), cenV2User.getOrgId(), + cenV2User.getManagerId(), cenV2User.getFirstName(), cenV2User.getMiddleInitial(), + cenV2User.getLastName(), cenV2User.getPhone(), cenV2User.getFax(), cenV2User.getCellular(), + cenV2User.getEmail(), cenV2User.getAddressId(), cenV2User.getAlertMethodCd(), cenV2User.getHrid(), + cenV2User.getOrgUserId(), cenV2User.getOrgCode(), cenV2User.getAddress1(), cenV2User.getAddress2(), + cenV2User.getCity(), cenV2User.getState(), cenV2User.getZipCode(), cenV2User.getCountry(), + cenV2User.getOrgManagerUserId(), cenV2User.getLocationClli(), cenV2User.getBusinessCountryCode(), + cenV2User.getBusinessCountryName(), cenV2User.getBusinessUnit(), cenV2User.getBusinessUnitName(), + cenV2User.getDepartment(), cenV2User.getDepartmentName(), cenV2User.getCompanyCode(), + cenV2User.getCompany(), cenV2User.getZipCodeSuffix(), cenV2User.getJobTitle(), + cenV2User.getCommandChain(), cenV2User.getSiloStatus(), cenV2User.getCostCenter(), + cenV2User.getFinancialLocCode(), cenV2User.getLoginId(), cenV2User.getLoginPwd(), + cenV2User.getLastLoginDate(), cenV2User.isActive(), cenV2User.isInternal(), + cenV2User.getSelectedProfileId(), cenV2User.getTimeZoneId(), cenV2User.isOnline(), + cenV2User.getChatId(), userApps); + } + + @Override + public List<CentralRole> convertV2CentralRoleListToOldVerisonCentralRoleList(List<CentralV2Role> v2CenRoleList) { + List<CentralRole> cenRoleList = new ArrayList<>(); + for (CentralV2Role v2CenRole : v2CenRoleList) { + SortedSet<CentralRoleFunction> cenRoleFuncList = new TreeSet<>(); + for (CentralV2RoleFunction v2CenRoleFunc : v2CenRole.getRoleFunctions()) { + CentralRoleFunction roleFunc = new CentralRoleFunction(v2CenRoleFunc.getCode(), + v2CenRoleFunc.getName()); + cenRoleFuncList.add(roleFunc); + } + CentralRole role = new CentralRole(v2CenRole.getId(), v2CenRole.getName(), v2CenRole.getActive(), + v2CenRole.getPriority(), cenRoleFuncList); + cenRoleList.add(role); + } + return cenRoleList; + } + + @Override + public ResponseEntity<String> getNameSpaceIfExists(EPApp app) throws Exception { + HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth(); + HttpEntity<String> entity = new HttpEntity<>(headers); + logger.debug(EELFLoggerDelegate.debugLogger, "checkIfNameSpaceExists: Connecting to External Auth system"); + ResponseEntity<String> response = null; + try { + response = template + .exchange(SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + + "nss/" + app.getNameSpace(), HttpMethod.GET, entity, String.class); + logger.debug(EELFLoggerDelegate.debugLogger, "checkIfNameSpaceExists: Finished ", + response.getStatusCode().value()); + } catch (HttpClientErrorException e) { + logger.error(EELFLoggerDelegate.errorLogger, "checkIfNameSpaceExists failed", e); + EPLogUtil.logExternalAuthAccessAlarm(logger, e.getStatusCode()); + if (e.getStatusCode() == HttpStatus.NOT_FOUND) + throw new InvalidApplicationException("Invalid NameSpace"); + else + throw e; + } + return response; + } + + @Override + public CentralRole convertV2CentralRoleToOldVerisonCentralRole(CentralV2Role v2CenRole) { + SortedSet<CentralRoleFunction> cenRoleFuncList = new TreeSet<>(); + for (CentralV2RoleFunction v2CenRoleFunc : v2CenRole.getRoleFunctions()) { + CentralRoleFunction roleFunc = new CentralRoleFunction(v2CenRoleFunc.getCode(), v2CenRoleFunc.getName()); + cenRoleFuncList.add(roleFunc); + } + return new CentralRole(v2CenRole.getId(), v2CenRole.getName(), v2CenRole.getActive(), v2CenRole.getPriority(), + cenRoleFuncList); + } + + @SuppressWarnings("unchecked") + @Override + public Integer bulkUploadUsersSingleRole(String uebkey, Long roleId, String modifiedRoleName) throws Exception { + EPApp app = getApp(uebkey).get(0); + final Map<String, String> params = new HashMap<>(); + params.put("uebKey", app.getUebKey()); + params.put("roleId", String.valueOf(roleId)); + List<BulkUploadUserRoles> userRolesList = null; + Integer userRolesAdded = 0; + if (app.getCentralAuth()) { + userRolesList = dataAccessService.executeNamedQuery("getBulkUsersForSingleRole", params, null); + for (BulkUploadUserRoles userRolesUpload : userRolesList) { + userRolesUpload.setRoleName(modifiedRoleName); + if (!userRolesUpload.getOrgUserId().equals("su1234")) { + addUserRoleInExternalSystem(userRolesUpload); + userRolesAdded++; + } + } + } + return userRolesAdded; + } + + @Override + public void bulkUploadRoleFunc(UploadRoleFunctionExtSystem data, EPApp app) throws Exception { + ObjectMapper mapper = new ObjectMapper(); + HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth(); + try { + ExternalAccessRolePerms extRolePerms; + ExternalAccessPerms extPerms; + extPerms = new ExternalAccessPerms(app.getNameSpace() + "." + data.getType(), + EcompPortalUtils.encodeFunctionCode(data.getInstance()), data.getAction()); + String appNameSpace = ""; + if (data.getIsGlobalRolePartnerFunc()) { + appNameSpace = epAppService.getApp(1l).getNameSpace(); + } else { + appNameSpace = app.getNameSpace(); + } + extRolePerms = new ExternalAccessRolePerms(extPerms, appNameSpace + "." + data.getRoleName() + .replaceAll(EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_")); + String updateRolePerms = mapper.writeValueAsString(extRolePerms); + HttpEntity<String> entity = new HttpEntity<>(updateRolePerms, headers); + updateRoleFunctionInExternalSystem(updateRolePerms, entity); + } catch (HttpClientErrorException e) { + logger.error(EELFLoggerDelegate.errorLogger, + "HttpClientErrorException - Failed to add role function in external central auth system", e); + EPLogUtil.logExternalAuthAccessAlarm(logger, e.getStatusCode()); + throw e; + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, + "addFunctionInExternalSystem: Failed to add role fucntion in external central auth system", e); + throw e; + } + } + + private void updateRoleFunctionInExternalSystem(String updateRolePerms, HttpEntity<String> entity) { + logger.debug(EELFLoggerDelegate.debugLogger, "bulkUploadRoleFunc: {} for POST: {}", + CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE, updateRolePerms); + ResponseEntity<String> addPermResponse = template.exchange( + SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "role/perm", + HttpMethod.POST, entity, String.class); + logger.debug(EELFLoggerDelegate.debugLogger, + "bulkUploadRoleFunc: Finished adding permission for POST: {} and status code: {} ", + addPermResponse.getStatusCode().value(), updateRolePerms); + } + + @Override + public void syncApplicationUserRolesFromExtAuthSystem(String loginId) throws Exception { + String name = ""; + if (EPCommonSystemProperties.containsProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_USER_DOMAIN)) { + name = loginId + SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_USER_DOMAIN); + } + HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth(); + HttpEntity<String> getUserRolesEntity = new HttpEntity<>(headers); + ResponseEntity<String> getResponse = getUserRolesFromExtAuthSystem(name, getUserRolesEntity); + List<ExternalAccessUserRoleDetail> userRoleDetailList = new ArrayList<>(); + String res = getResponse.getBody(); + JSONObject jsonObj = null; + JSONArray extRoles = null; + if (!res.equals("{}")) { + jsonObj = new JSONObject(res); + extRoles = jsonObj.getJSONArray("role"); + } + updateUserRolesInLocal(userRoleDetailList, extRoles, loginId); + } + + @SuppressWarnings("unchecked") + private void updateUserRolesInLocal(List<ExternalAccessUserRoleDetail> userRoleDetailList, JSONArray extRoles, + String loginId) throws InvalidUserException { + HashMap<String, String> userParams = new HashMap<>(); + userParams.put("orgUserId", loginId); + // Get all centralized applications existing user roles from local + List<CentralizedAppRoles> currentUserAppRoles = dataAccessService + .executeNamedQuery("getUserCentralizedAppRoles", userParams, null); + EPUser user = getUser(loginId).get(0); + // Get all centralized applications roles from local + HashMap<String, CentralizedAppRoles> cenAppRolesMap = getCentralizedAppRoleList(); + HashMap<String, CentralizedAppRoles> currentCentralizedUserAppRolesMap = getCurrentUserCentralizedAppRoles( + currentUserAppRoles); + // Get all centralized applications + admin role from local + HashMap<String, EPApp> centralisedAppsMap = getCentralizedAdminAppsInfo(); + if (extRoles != null) { + ExternalAccessUserRoleDetail userRoleDetail = null; + for (int i = 0; i < extRoles.length(); i++) { + if (!extRoles.getJSONObject(i).getString("name").endsWith(ADMIN) + && !extRoles.getJSONObject(i).getString("name").endsWith(OWNER)) { + userRoleDetail = new ExternalAccessUserRoleDetail(extRoles.getJSONObject(i).getString("name"), + null); + userRoleDetailList.add(userRoleDetail); + } + } + addUserRolesInLocal(userRoleDetailList, user, cenAppRolesMap, currentCentralizedUserAppRolesMap, + centralisedAppsMap); + } + } + + private void addUserRolesInLocal(List<ExternalAccessUserRoleDetail> userRoleDetailList, EPUser user, + HashMap<String, CentralizedAppRoles> cenAppRolesMap, + HashMap<String, CentralizedAppRoles> currentCentralizedUserAppRolesMap, + HashMap<String, EPApp> centralisedAppsMap) { + for (ExternalAccessUserRoleDetail extUserRoleDetail : userRoleDetailList) { + try { + // check if user already has role in local + if (!currentCentralizedUserAppRolesMap.containsKey(extUserRoleDetail.getName())) { + CentralizedAppRoles getCenAppRole = cenAppRolesMap.get(extUserRoleDetail.getName()); + if (getCenAppRole != null) { + logger.debug(EELFLoggerDelegate.debugLogger, + "addUserRolesInLocal: Adding user role from external auth system {}", + extUserRoleDetail.toString()); + EPUserApp userApp = new EPUserApp(); + EPApp app = new EPApp(); + app.setId(getCenAppRole.getAppId()); + EPRole epRole = new EPRole(); + epRole.setId(getCenAppRole.getRoleId()); + userApp.setApp(app); + userApp.setUserId(user.getId()); + userApp.setRole(epRole); + dataAccessService.saveDomainObject(userApp, null); + logger.debug(EELFLoggerDelegate.debugLogger, + "addUserRolesInLocal: Finished user role from external auth system {}", + extUserRoleDetail.toString()); + } else if (getCenAppRole == null // check if user has app + // account admin role + && extUserRoleDetail.getName().endsWith(PortalConstants.ADMIN_ROLE.replaceAll( + EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_"))) { + EPApp app = centralisedAppsMap.get(extUserRoleDetail.getName()); + if (app != null) { + logger.debug(EELFLoggerDelegate.debugLogger, + "addUserRolesInLocal: Adding user role from external auth system {}", + extUserRoleDetail.toString()); + EPUserApp userApp = new EPUserApp(); + EPRole epRole = new EPRole(); + epRole.setId(PortalConstants.ACCOUNT_ADMIN_ROLE_ID); + userApp.setApp(app); + userApp.setUserId(user.getId()); + userApp.setRole(epRole); + dataAccessService.saveDomainObject(userApp, null); + logger.debug(EELFLoggerDelegate.debugLogger, + "addUserRolesInLocal: Finished user role from external auth system {}", + extUserRoleDetail.toString()); + } + } + } + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, + "addUserRolesInLocal - Failed to update user role in local from external auth system {} ", + extUserRoleDetail.toString(), e); + } + } + } + + @SuppressWarnings("unchecked") + private HashMap<String, EPApp> getCentralizedAdminAppsInfo() { + List<EPApp> centralizedApps = dataAccessService.executeNamedQuery("getCentralizedApps", null, null); + HashMap<String, EPApp> centralisedAppsMap = new HashMap<>(); + for (EPApp cenApp : centralizedApps) { + centralisedAppsMap.put( + cenApp.getNameSpace() + "." + + PortalConstants.ADMIN_ROLE.replaceAll( + EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_"), + cenApp); + } + return centralisedAppsMap; + } + + private HashMap<String, CentralizedAppRoles> getCurrentUserCentralizedAppRoles( + List<CentralizedAppRoles> currentUserAppRoles) { + HashMap<String, CentralizedAppRoles> currentCentralizedUserAppRolesMap = new HashMap<>(); + for (CentralizedAppRoles cenAppUserRole : currentUserAppRoles) { + currentCentralizedUserAppRolesMap.put( + cenAppUserRole.getAppNameSpace() + "." + + cenAppUserRole.getRoleName().replaceAll( + EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_"), + cenAppUserRole); + } + return currentCentralizedUserAppRolesMap; + } + + @SuppressWarnings("unchecked") + private HashMap<String, CentralizedAppRoles> getCentralizedAppRoleList() { + List<CentralizedAppRoles> centralizedAppRoles = dataAccessService + .executeNamedQuery("getAllCentralizedAppsRoles", null, null); + HashMap<String, CentralizedAppRoles> cenAppRolesMap = new HashMap<>(); + for (CentralizedAppRoles CentralizedAppRole : centralizedAppRoles) { + cenAppRolesMap.put( + CentralizedAppRole.getAppNameSpace() + "." + + CentralizedAppRole.getRoleName().replaceAll( + EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_"), + CentralizedAppRole); + } + return cenAppRolesMap; + } + + @Override + public ResponseEntity<String> getUserRolesFromExtAuthSystem(String name, HttpEntity<String> getUserRolesEntity) { + logger.debug(EELFLoggerDelegate.debugLogger, "Connecting to external system to get current user roles"); + ResponseEntity<String> getResponse = template + .exchange(SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + + "roles/user/" + name, HttpMethod.GET, getUserRolesEntity, String.class); + if (getResponse.getStatusCode().value() == 200) { + logger.debug(EELFLoggerDelegate.debugLogger, + "getAllUserRoleFromExtAuthSystem: Finished GET user roles from external system and received user roles {}", + getResponse.getBody()); + } else { + logger.error(EELFLoggerDelegate.errorLogger, + "getAllUserRoleFromExtAuthSystem: Failed GET user roles from external system and received user roles {}", + getResponse.getBody()); + EPLogUtil.logExternalAuthAccessAlarm(logger, getResponse.getStatusCode()); + } + return getResponse; + } + + @Override + public Integer updateAppRoleDescription(String uebkey) { + Integer roleDescUpdated = 0; + EPApp app; + try { + app = getApp(uebkey).get(0); + List<EPRole> roles = getAppRoles(app.getId()); + for (EPRole epRole : roles) { + Role role = new Role(); + role.setName(epRole.getName()); + boolean status = addRoleDescriptionInExtSystem(role, app); + if (status) + roleDescUpdated++; + } + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, "updateAppRoleDescription: Failed! ", e); + } + return roleDescUpdated; + } + } diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/LanguageServiceImpl.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/LanguageServiceImpl.java index b0d8c424..1aa12b21 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/LanguageServiceImpl.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/LanguageServiceImpl.java @@ -16,6 +16,9 @@ package org.onap.portalapp.portal.service; import com.alibaba.fastjson.JSONObject; + +import antlr.StringUtils; + import org.onap.portalapp.portal.domain.EPUser; import org.onap.portalapp.portal.domain.Language; import org.onap.portalsdk.core.service.DataAccessService; @@ -53,23 +56,31 @@ public class LanguageServiceImpl implements LanguageService { public JSONObject getUserLanguage(String loginId) { // get language_id from fn_user by loginId JSONObject result = new com.alibaba.fastjson.JSONObject(); - HashMap params = new HashMap(); - params.put("login_id",loginId); + HashMap getUserParams = new HashMap(); + getUserParams.put("login_id", loginId); + List<EPUser> userList= null; - List<EPUser> list = null; - list = dataAccessService.executeNamedQuery("getEPUserByLoginId",params,new HashMap()); - for (EPUser user : list) { - int languageId = user.getLanguageId(); - HashMap<String,String> params1 = new HashMap(); - params1.put("language_id", String.valueOf(languageId)); - List<Language> languages = dataAccessService.executeNamedQuery("queryLanguageByLanguageId",params1,new HashMap()); - for (Language language : languages) { - result.put("languageId",languageId); - result.put("languageName",language.getLanguageName()); - result.put("languageAlias",language.getLanguageAlias()); + try { + userList = dataAccessService.executeNamedQuery("getEPUserByLoginId", getUserParams, new HashMap()); + if (userList != null && userList.size() > 0) { + EPUser user = userList.get(0); + int languageId = user.getLanguageId(); + result.put("languageId", languageId); + + // get language name and alias from fn_language by languageId + HashMap<String,String> getLangParams = new HashMap(); + getLangParams.put("language_id", String.valueOf(languageId)); + List<Language> languageList = null; + + languageList = dataAccessService.executeNamedQuery("queryLanguageByLanguageId", getLangParams, new HashMap()); + if (languageList != null && languageList.size() > 0) { + result.put("languageName", languageList.get(0).getLanguageName()); + result.put("languageAlias", languageList.get(0).getLanguageAlias()); + } } - return result; + } catch (Exception e) { + e.printStackTrace(); } - return null; + return result; } } diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/MicroserviceServiceImpl.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/MicroserviceServiceImpl.java index e90aeb74..b41d898a 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/MicroserviceServiceImpl.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/MicroserviceServiceImpl.java @@ -4,6 +4,8 @@ * =================================================================== * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. * =================================================================== + * Modifications Copyright (c) 2019 Samsung + * =================================================================== * * Unless otherwise specified, all software contained herein is licensed * under the Apache License, Version 2.0 (the "License"); @@ -42,8 +44,6 @@ import java.util.HashMap; import java.util.List; import java.util.Map; -import javax.crypto.BadPaddingException; - import org.hibernate.criterion.Criterion; import org.hibernate.criterion.Restrictions; import org.onap.portalapp.portal.domain.MicroserviceData; @@ -75,9 +75,8 @@ public class MicroserviceServiceImpl implements MicroserviceService { return newService.getId(); } - public void saveServiceParameters(long serviceId, List<MicroserviceParameter> list) throws Exception { - for (int i = 0; i < list.size(); i++) { - MicroserviceParameter para = list.get(i); + public void saveServiceParameters(long serviceId, List<MicroserviceParameter> list) { + for (MicroserviceParameter para : list) { para.setServiceId(serviceId); getDataAccessService().saveDomainObject(para, null); } @@ -85,9 +84,9 @@ public class MicroserviceServiceImpl implements MicroserviceService { @Override public MicroserviceData getMicroserviceDataById(long id) { - MicroserviceData data = null; + MicroserviceData data; try { - List<Criterion> restrictionsList = new ArrayList<Criterion>(); + List<Criterion> restrictionsList = new ArrayList<>(); Criterion idCriterion = Restrictions.eq("id", id); restrictionsList.add(idCriterion); data = (MicroserviceData) dataAccessService.getList(MicroserviceData.class, null, restrictionsList, null).get(0); @@ -102,34 +101,35 @@ public class MicroserviceServiceImpl implements MicroserviceService { @SuppressWarnings("unchecked") @Override - public List<MicroserviceData> getMicroserviceData() throws Exception { + public List<MicroserviceData> getMicroserviceData() { List<MicroserviceData> list = (List<MicroserviceData>) dataAccessService.getList(MicroserviceData.class, null); - for (int i = 0; i < list.size(); i++) { - if (list.get(i).getPassword() != null) - list.get(i).setPassword(EPCommonSystemProperties.APP_DISPLAY_PASSWORD); //to hide password from get request - list.get(i).setParameterList(getServiceParameters(list.get(i).getId())); + for (MicroserviceData microserviceData : list) { + if (microserviceData.getPassword() != null) { + microserviceData + .setPassword(EPCommonSystemProperties.APP_DISPLAY_PASSWORD); //to hide password from get request + } + microserviceData.setParameterList(getServiceParameters(microserviceData.getId())); } return list; } private List<MicroserviceParameter> getServiceParameters(long serviceId) { - List<MicroserviceParameter> list = getMicroServiceParametersList(serviceId); - return list; + return getMicroServiceParametersList(serviceId); } @SuppressWarnings("unchecked") private List<MicroserviceParameter> getMicroServiceParametersList(long serviceId) { - List<Criterion> restrictionsList = new ArrayList<Criterion>(); + List<Criterion> restrictionsList = new ArrayList<>(); Criterion serviceIdCriterion = Restrictions.eq("serviceId", serviceId); restrictionsList.add(serviceIdCriterion); return (List<MicroserviceParameter>) dataAccessService.getList(MicroserviceParameter.class, null, restrictionsList, null); } @Override - public void deleteMicroservice(long serviceId) throws Exception { + public void deleteMicroservice(long serviceId) { try { - Map<String, String> params = new HashMap<String, String>(); + Map<String, String> params = new HashMap<>(); params.put("serviceId", Long.toString(serviceId)); dataAccessService.executeNamedQuery("deleteMicroserviceParameter", params, null); @@ -156,17 +156,16 @@ public class MicroserviceServiceImpl implements MicroserviceService { getDataAccessService().saveDomainObject(newService, null); List<MicroserviceParameter> oldService = getServiceParameters(serviceId); boolean foundParam; - for (int i = 0; i < oldService.size(); i++) { + for (MicroserviceParameter microserviceParameter : oldService) { foundParam = false; for (int n = 0; n < newService.getParameterList().size(); n++) { - if (newService.getParameterList().get(n).getId().equals(oldService.get(i).getId())) { + if (newService.getParameterList().get(n).getId().equals(microserviceParameter.getId())) { foundParam = true; break; } } - if (foundParam == false) { - MicroserviceParameter pd = oldService.get(i); - getDataAccessService().deleteDomainObject(pd, null); + if (!foundParam) { + getDataAccessService().deleteDomainObject(microserviceParameter, null); } } for (int i = 0; i < newService.getParameterList().size(); i++) { @@ -184,7 +183,7 @@ public class MicroserviceServiceImpl implements MicroserviceService { @Override @SuppressWarnings("unchecked") public List<MicroserviceParameter> getParametersById(long serviceId) { - List<Criterion> restrictionsList = new ArrayList<Criterion>(); + List<Criterion> restrictionsList = new ArrayList<>(); Criterion contextIdCrit = Restrictions.eq("serviceId", serviceId); restrictionsList.add(contextIdCrit); List<MicroserviceParameter> list = (List<MicroserviceParameter>) dataAccessService @@ -196,7 +195,7 @@ public class MicroserviceServiceImpl implements MicroserviceService { private String decryptedPassword(String encryptedPwd) throws Exception { String result = ""; - if (encryptedPwd != null & encryptedPwd.length() > 0) { + if (encryptedPwd != null && !encryptedPwd.isEmpty()) { try { result = CipherUtil.decryptPKC(encryptedPwd, SystemProperties.getProperty(SystemProperties.Decryption_Key)); @@ -210,7 +209,7 @@ public class MicroserviceServiceImpl implements MicroserviceService { private String encryptedPassword(String decryptedPwd) throws Exception { String result = ""; - if (decryptedPwd != null & decryptedPwd.length() > 0) { + if (decryptedPwd != null && !decryptedPwd.isEmpty()) { try { result = CipherUtil.encryptPKC(decryptedPwd, SystemProperties.getProperty(SystemProperties.Decryption_Key)); diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java index 5d9761ce..656cf9ea 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java @@ -2,7 +2,7 @@ * ============LICENSE_START========================================== * ONAP Portal * =================================================================== - * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved. + * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. * =================================================================== * * Unless otherwise specified, all software contained herein is licensed @@ -114,6 +114,7 @@ import org.springframework.http.HttpHeaders; import org.springframework.http.HttpMethod; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; +import org.springframework.web.client.HttpClientErrorException; import org.springframework.web.client.RestTemplate; import com.fasterxml.jackson.core.JsonProcessingException; @@ -176,7 +177,7 @@ public class UserRolesCommonServiceImpl { * * @param userId */ - protected void createLocalUserIfNecessary(String userId) { + protected void createLocalUserIfNecessary(String userId,boolean isSystemUser) { if (StringUtils.isEmpty(userId)) { logger.error(EELFLoggerDelegate.errorLogger, "createLocalUserIfNecessary : empty userId!"); return; @@ -188,9 +189,20 @@ public class UserRolesCommonServiceImpl { transaction = localSession.beginTransaction(); @SuppressWarnings("unchecked") List<EPUser> userList = localSession - .createQuery("from " + EPUser.class.getName() + " where orgUserId='" + userId + "'").list(); + .createQuery("from :name where orgUserId=:userId") + .setParameter("name",EPUser.class.getName()) + .setParameter("userId",userId) + .list(); if (userList.size() == 0) { - EPUser client = searchService.searchUserByUserId(userId); + EPUser client = null; + if (!isSystemUser) { + client = searchService.searchUserByUserId(userId); + } else { + client = new EPUser(); + client.setOrgUserId(userId); + client.setSystemUser(true); + client.setFirstName(userId.substring(0,userId.indexOf("@"))); + } if (client == null) { String msg = "createLocalUserIfNecessary: cannot create user " + userId + ", because not found in phonebook"; @@ -483,9 +495,13 @@ public class UserRolesCommonServiceImpl { transaction = localSession.beginTransaction(); // Attention! All roles from remote application supposed to be // active! + @SuppressWarnings("unchecked") - List<EPRole> currentAppRoles = localSession - .createQuery("from " + EPRole.class.getName() + " where appId=" + appId).list(); + List<EPRole> currentAppRoles = localSession.createQuery("from :name where appId = :appId") + .setParameter("name",EPRole.class.getName()) + .setParameter("appId",appId) + .list(); + List<EPRole> obsoleteRoles = new ArrayList<EPRole>(); for (int i = 0; i < currentAppRoles.size(); i++) { EPRole oldAppRole = currentAppRoles.get(i); @@ -523,7 +539,10 @@ public class UserRolesCommonServiceImpl { // Delete from fn_user_role @SuppressWarnings("unchecked") List<EPUserApp> userRoles = localSession.createQuery( - "from " + EPUserApp.class.getName() + " where app.id=" + appId + " and role_id=" + roleId) + "from :name where app.id=:appId and role_id=:roleId") + .setParameter("name",EPUserApp.class.getName()) + .setParameter("appId",appId) + .setParameter("roleId",roleId) .list(); logger.debug(EELFLoggerDelegate.debugLogger, "syncAppRoles: number of userRoles to delete: " + userRoles.size()); @@ -538,7 +557,9 @@ public class UserRolesCommonServiceImpl { // Delete from fn_menu_functional_roles @SuppressWarnings("unchecked") List<FunctionalMenuRole> funcMenuRoles = localSession - .createQuery("from " + FunctionalMenuRole.class.getName() + " where roleId=" + roleId) + .createQuery("from :name where roleId=:roleId") + .setParameter("name",FunctionalMenuRole.class.getName()) + .setParameter("roleId",roleId) .list(); int numMenuRoles = funcMenuRoles.size(); logger.debug(EELFLoggerDelegate.debugLogger, @@ -550,7 +571,9 @@ public class UserRolesCommonServiceImpl { // so must null out the url too, to be consistent @SuppressWarnings("unchecked") List<FunctionalMenuRole> funcMenuRoles2 = localSession - .createQuery("from " + FunctionalMenuRole.class.getName() + " where menuId=" + menuId) + .createQuery("from :name where menuId=:menuId") + .setParameter("name",FunctionalMenuRole.class.getName()) + .setParameter("menuId",menuId) .list(); int numMenuRoles2 = funcMenuRoles2.size(); logger.debug(EELFLoggerDelegate.debugLogger, @@ -625,6 +648,7 @@ public class UserRolesCommonServiceImpl { result = new RolesInAppForUser(); result.appId = appId; result.orgUserId = userId; + for (EcompRole role : userRolesInRemoteApp) { RoleInAppForUser roleInAppForUser = new RoleInAppForUser(); roleInAppForUser.roleId = role.getId(); @@ -662,7 +686,7 @@ public class UserRolesCommonServiceImpl { * @throws HTTPException */ protected Set<EcompRole> postUsersRolesToRemoteApp(List<RoleInAppForUser> roleInAppForUserList, ObjectMapper mapper, - ApplicationsRestClientService applicationsRestClientService, Long appId, String userId) + ApplicationsRestClientService applicationsRestClientService, Long appId, String userId,boolean systemUser) throws JsonProcessingException, HTTPException { Set<EcompRole> updatedUserRolesinRemote = constructUsersRemoteAppRoles(roleInAppForUserList); Set<EcompRole> updateUserRolesInEcomp = constructUsersEcompRoles(roleInAppForUserList); @@ -739,13 +763,13 @@ public class UserRolesCommonServiceImpl { * set to false if requests from Users page otherwise true * @return true on success, false otherwise */ - protected boolean applyChangesInUserRolesForAppToEcompDB(RolesInAppForUser rolesInAppForUser, boolean externalSystemRequest, String reqType) throws Exception { + protected boolean applyChangesInUserRolesForAppToEcompDB(RolesInAppForUser rolesInAppForUser, boolean externalSystemRequest, String reqType,boolean isSystemUser) throws Exception { boolean result = false; String userId = rolesInAppForUser.orgUserId; Long appId = rolesInAppForUser.appId; synchronized (syncRests) { if (rolesInAppForUser != null) { - createLocalUserIfNecessary(userId); + createLocalUserIfNecessary(userId, isSystemUser); } if (rolesInAppForUser != null) { @@ -852,22 +876,42 @@ public class UserRolesCommonServiceImpl { return addRemoteUser; } + @SuppressWarnings("unchecked") protected void pushUserOnRemoteApp(String userId, EPApp app, ApplicationsRestClientService applicationsRestClientService, SearchService searchService, ObjectMapper mapper, boolean postOpenSource, List<RoleInAppForUser> roleInAppForUserList,boolean appRoleIdUsed) throws Exception { - EPUser client = searchService.searchUserByUserId(userId); + EPUser client = null; + client = searchService.searchUserByUserId(userId); - mapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false); - - if (client == null) { - String msg = "cannot create user " + userId + ", because he/she cannot be found in phonebook."; - logger.error(EELFLoggerDelegate.errorLogger, msg); - throw new Exception(msg); - } + mapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false); + if (client == null) { + String msg = "cannot create user " + userId + ", because he/she cannot be found in directory."; + logger.error(EELFLoggerDelegate.errorLogger, msg); + // throw new Exception(msg); + final Map<String, String> loginIdParams = new HashMap<>(); + loginIdParams.put("orgUserIdValue", userId); + List<EPUser> userList = new ArrayList<>(); + userList = dataAccessService.executeNamedQuery("epUserAppId", loginIdParams, null); + if (userList.size() > 0) { + logger.debug(EELFLoggerDelegate.debugLogger, + userList.get(0).getOrgUserId() + " User was found in Portal"); + client = userList.get(0); + SortedSet<EPUserApp> userApps = new TreeSet<>(); + client.setEPUserApps(userApps); + client.setSystemUser(false); + } else { + logger.error(EELFLoggerDelegate.errorLogger, "user cannot be found be in directory or in portal"); + throw new Exception(msg); + } + } + client.setLoginId(userId); - client.setActive(true); + client.setActive(true); + client.setOrgUserId(userId); + + roleInAppForUserList.removeIf(role -> role.isApplied.equals(false)); SortedSet<Role> roles = new TreeSet<>(); @@ -968,12 +1012,12 @@ public class UserRolesCommonServiceImpl { boolean epRequestValue = false; String userId = ""; String reqMessage = ""; - if (newAppRolesForUser != null && newAppRolesForUser.orgUserId != null) { - userId = newAppRolesForUser.orgUserId.trim(); + if (newAppRolesForUser != null && newAppRolesForUser.getOrgUserId() != null) { + userId = newAppRolesForUser.getOrgUserId().trim(); } - Long appId = newAppRolesForUser.appId; - List<RoleInAppForUser> roleInAppForUserList = newAppRolesForUser.appRoles; - if (userId.length() > 0) { + Long appId = newAppRolesForUser.getAppId(); + List<RoleInAppForUser> roleInAppForUserList = newAppRolesForUser.getAppRoles(); + if (userId.length() > 0 ) { ObjectMapper mapper = new ObjectMapper(); mapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false); @@ -981,7 +1025,27 @@ public class UserRolesCommonServiceImpl { EPApp app = appsService.getApp(appId); applyChangesToUserAppRolesForMyLoginsRequest(user, appId); - // if centralized app + boolean systemUser = newAppRolesForUser.isSystemUser(); + if ((app.getCentralAuth() || app.getId().equals(PortalConstants.PORTAL_APP_ID)) && systemUser) { + + Set<EcompRole> userRolesInLocalApp = postUsersRolesToLocalApp(roleInAppForUserList, mapper, + applicationsRestClientService, appId, userId); + RolesInAppForUser rolesInAppForUser = constructRolesInAppForUserUpdate(userId, appId, + userRolesInLocalApp); + List<RoleInAppForUser> roleAppUserList = rolesInAppForUser.roles; + if (EcompPortalUtils.checkIfRemoteCentralAccessAllowed()) { + // Apply changes in external Access system + updateUserRolesInExternalSystem(app, rolesInAppForUser.orgUserId, roleAppUserList, + epRequestValue, systemUser); + } + result = applyChangesInUserRolesForAppToEcompDB(rolesInAppForUser, epRequestValue, "Portal", + systemUser); + + }else if (!app.getCentralAuth() && systemUser) + { + throw new Exception("For non-centralized application we cannot add systemUser"); + } + else{ // if centralized app if (app.getCentralAuth()) { if (!app.getId().equals(PortalConstants.PORTAL_APP_ID)) { pushRemoteUser(roleInAppForUserList, userId, app, mapper, searchService, @@ -996,9 +1060,9 @@ public class UserRolesCommonServiceImpl { if (EcompPortalUtils.checkIfRemoteCentralAccessAllowed()) { // Apply changes in external Access system updateUserRolesInExternalSystem(app, rolesInAppForUser.orgUserId, roleAppUserList, - epRequestValue); + epRequestValue,false); } - result = applyChangesInUserRolesForAppToEcompDB(rolesInAppForUser, epRequestValue, "Portal"); + result = applyChangesInUserRolesForAppToEcompDB(rolesInAppForUser, epRequestValue, "Portal", systemUser); } // In case if portal is not centralized then follow existing approach else if(!app.getCentralAuth() && app.getId().equals(PortalConstants.PORTAL_APP_ID)){ @@ -1006,7 +1070,7 @@ public class UserRolesCommonServiceImpl { applicationsRestClientService, appId, userId); RolesInAppForUser rolesInAppForUser = constructRolesInAppForUserUpdate(userId, appId, userRolesInLocalApp); - result = applyChangesInUserRolesForAppToEcompDB(rolesInAppForUser, epRequestValue, "Portal"); + result = applyChangesInUserRolesForAppToEcompDB(rolesInAppForUser, epRequestValue, "Portal",false); } else{// remote app EPUser remoteAppUser = null; if(!app.getCentralAuth() && !app.getId().equals(PortalConstants.PORTAL_APP_ID)){ @@ -1017,10 +1081,10 @@ public class UserRolesCommonServiceImpl { remoteAppUser = addRemoteUser(roleInAppForUserList, userId, app, mapper, searchService, applicationsRestClientService); } Set<EcompRole> userRolesInRemoteApp = postUsersRolesToRemoteApp(roleInAppForUserList, mapper, - applicationsRestClientService, appId, userId); + applicationsRestClientService, appId, userId,systemUser); RolesInAppForUser rolesInAppForUser = constructRolesInAppForUserUpdate(userId, appId, userRolesInRemoteApp); - result = applyChangesInUserRolesForAppToEcompDB(rolesInAppForUser, epRequestValue, null); + result = applyChangesInUserRolesForAppToEcompDB(rolesInAppForUser, epRequestValue, null,false); // If no roles remain, request app to set user inactive. if (userRolesInRemoteApp.size() == 0) { @@ -1032,6 +1096,7 @@ public class UserRolesCommonServiceImpl { } } } + } } catch (Exception e) { /*String message = String.format( "Failed to create user or update user roles for User %s, AppId %s", @@ -1062,7 +1127,7 @@ public class UserRolesCommonServiceImpl { * @param roleInAppUser Contains list of active roles */ @SuppressWarnings("unchecked") - private void updateUserRolesInExternalSystem(EPApp app, String orgUserId, List<RoleInAppForUser> roleInAppUser, boolean isPortalRequest) throws Exception + private void updateUserRolesInExternalSystem(EPApp app, String orgUserId, List<RoleInAppForUser> roleInAppUser, boolean isPortalRequest,boolean isSystemUser) throws Exception { try { // check if user exists @@ -1070,13 +1135,15 @@ public class UserRolesCommonServiceImpl { userParams.put("orgUserIdValue", orgUserId); List<EPUser> userInfo = checkIfUserExists(userParams); if (userInfo.isEmpty()) { - createLocalUserIfNecessary(orgUserId); + createLocalUserIfNecessary(orgUserId, isSystemUser); } String name = ""; if (EPCommonSystemProperties - .containsProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_USER_DOMAIN)) { + .containsProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_USER_DOMAIN) && !isSystemUser) { name = orgUserId + SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_USER_DOMAIN); + } else { + name = orgUserId; } ObjectMapper mapper = new ObjectMapper(); HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth(); @@ -1168,7 +1235,7 @@ public class UserRolesCommonServiceImpl { for (RoleInAppForUser addUserRole : roleInAppUserNonDupls) { if (!(currentUserRolesInExternalSystem .containsKey(app.getNameSpace() + "." + addUserRole.getRoleName().replaceAll(EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_")))) { - ExternalAccessUser extUser = new ExternalAccessUser(name, + ExternalAccessUser extUser = new ExternalAccessUser(name, app.getNameSpace() + "." + addUserRole.getRoleName().replaceAll(EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_")); String formattedUserRole = mapper.writeValueAsString(extUser); HttpEntity<String> entity = new HttpEntity<>(formattedUserRole, headers); @@ -1188,7 +1255,23 @@ public class UserRolesCommonServiceImpl { } } } - } catch (Exception e) { + } catch (HttpClientErrorException e) { + logger.error(EELFLoggerDelegate.errorLogger, + "updateUserRolesInExternalSystem: Failed to add user role for application {} due to {}", + app.getId(), e); + if (e.getStatusCode() == HttpStatus.FORBIDDEN) { + logger.error(EELFLoggerDelegate.errorLogger, "Please enter the valid systemUser", orgUserId); + throw new HttpClientErrorException(HttpStatus.FORBIDDEN, "Please enter the valid systemUser"); + } + if (e.getStatusCode() == HttpStatus.NOT_FOUND) { + logger.error(EELFLoggerDelegate.errorLogger, "Please enter the valid role"); + throw new HttpClientErrorException(HttpStatus.NOT_FOUND, "Please enter the valid role"); + } + EPLogUtil.logExternalAuthAccessAlarm(logger, HttpStatus.BAD_REQUEST); + throw e; + } + + catch (Exception e) { logger.error(EELFLoggerDelegate.errorLogger, "updateUserRolesInExternalSystem: Failed to add user role for application {} due to {}", app.getId(), e); EPLogUtil.logExternalAuthAccessAlarm(logger, HttpStatus.BAD_REQUEST); throw e; @@ -1484,11 +1567,11 @@ public class UserRolesCommonServiceImpl { List<RoleInAppForUser> roleAppUserList = rolesInAppForUser.roles; if(EcompPortalUtils.checkIfRemoteCentralAccessAllowed()) { // Apply changes in external Access system - updateUserRolesInExternalSystem(app, rolesInAppForUser.orgUserId, roleAppUserList, externalSystemRequest); + updateUserRolesInExternalSystem(app, rolesInAppForUser.orgUserId, roleAppUserList, externalSystemRequest,false); } logger.info(EELFLoggerDelegate.debugLogger, "setExternalRequestUserAppRole: {} user app roles: for app {}, user {}", logMessage, newAppRolesForUser.getApplicationName(), newAppRolesForUser.getLoginId()); - result = applyChangesInUserRolesForAppToEcompDB(rolesInAppForUser, externalSystemRequest, reqType); + result = applyChangesInUserRolesForAppToEcompDB(rolesInAppForUser, externalSystemRequest, reqType,false); } // If local application is not centralized else if(!app.getCentralAuth() && app.getId().equals(PortalConstants.PORTAL_APP_ID)){ @@ -1496,7 +1579,7 @@ public class UserRolesCommonServiceImpl { applicationsRestClientService, app.getId(), orgUserId); RolesInAppForUser rolesInAppForUser = constructRolesInAppForUserUpdate(orgUserId, app.getId(), userRolesInLocalApp); - result = applyChangesInUserRolesForAppToEcompDB(rolesInAppForUser, externalSystemRequest, reqType); + result = applyChangesInUserRolesForAppToEcompDB(rolesInAppForUser, externalSystemRequest, reqType,false); } else {// remote app // If adding just account admin role don't do remote application user call if (!((roleInAppForUserList.size() == 1 || reqType.equals("DELETE")) && checkIfAdminRoleExists)) { @@ -1509,7 +1592,7 @@ public class UserRolesCommonServiceImpl { } Set<EcompRole> userRolesInRemoteApp = postUsersRolesToRemoteApp(roleInAppForUserList, mapper, - applicationsRestClientService, app.getId(), orgUserId); + applicationsRestClientService, app.getId(), orgUserId,false); RolesInAppForUser rolesInAppForUser = constructRolesInAppForUserUpdate(orgUserId, app.getId(), userRolesInRemoteApp); @@ -1517,7 +1600,7 @@ public class UserRolesCommonServiceImpl { "setExternalRequestUserAppRole: {} user app roles: for app {}, user {}", logMessage, newAppRolesForUser.getApplicationName(), newAppRolesForUser.getLoginId()); result = applyChangesInUserRolesForAppToEcompDB(rolesInAppForUser, externalSystemRequest, - reqType); + reqType,false); // If no roles remain, request app to set user inactive. /* * if (userRolesInRemoteApp.size() == 0) { @@ -1540,7 +1623,7 @@ public class UserRolesCommonServiceImpl { logger.info(EELFLoggerDelegate.debugLogger, "setExternalRequestUserAppRole: {} user app roles: for app {}, user {}", logMessage, newAppRolesForUser.getApplicationName(), newAppRolesForUser.getLoginId()); result = applyChangesInUserRolesForAppToEcompDB(rolesInAppForUser, externalSystemRequest, - reqType); + reqType,false); } if(!result){ reqMessage = "Failed to save the user app role(s)"; @@ -1984,17 +2067,18 @@ public class UserRolesCommonServiceImpl { List<EPUserAppRoles> appRole= null; try { logger.error(EELFLoggerDelegate.errorLogger,"Should not be reached here, still the endpoint is yet to be defined"); - boolean result = postUserRolesToMylogins(userAppRolesData, applicationsRestClientService, userAppRolesData.appId, user.getId()); + boolean result = postUserRolesToMylogins(userAppRolesData, applicationsRestClientService, + userAppRolesData.getAppId(), user.getId()); logger.debug(EELFLoggerDelegate.debugLogger,"putUserAppRolesRequest: result {}", result); - params.put("appId", userAppRolesData.appId); + params.put("appId", userAppRolesData.getAppId()); EPUserAppRolesRequest epAppRolesRequestData = new EPUserAppRolesRequest(); epAppRolesRequestData.setCreatedDate(new Date()); epAppRolesRequestData.setUpdatedDate(new Date()); epAppRolesRequestData.setUserId(user.getId()); - epAppRolesRequestData.setAppId(userAppRolesData.appId); + epAppRolesRequestData.setAppId(userAppRolesData.getAppId()); epAppRolesRequestData.setRequestStatus("P"); - List<RoleInAppForUser> appRoleIdList = userAppRolesData.appRoles; + List<RoleInAppForUser> appRoleIdList = userAppRolesData.getAppRoles(); Set<EPUserAppRolesRequestDetail> appRoleDetails = new LinkedHashSet<EPUserAppRolesRequestDetail>(); dataAccessService.saveDomainObject(epAppRolesRequestData, null); for (RoleInAppForUser userAppRoles : appRoleIdList) { diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/AppWithRolesForUser.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/AppWithRolesForUser.java index 60bc7fce..cbfe1787 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/AppWithRolesForUser.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/AppWithRolesForUser.java @@ -2,7 +2,7 @@ * ============LICENSE_START========================================== * ONAP Portal * =================================================================== - * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. * =================================================================== * * Unless otherwise specified, all software contained herein is licensed @@ -38,53 +38,24 @@ package org.onap.portalapp.portal.transport; import java.util.List; - +import lombok.AllArgsConstructor; +import lombok.EqualsAndHashCode; +import lombok.Getter; +import lombok.NoArgsConstructor; +import lombok.Setter; +import lombok.ToString; + +@Getter +@Setter +@NoArgsConstructor +@AllArgsConstructor +@EqualsAndHashCode +@ToString public class AppWithRolesForUser { - - public String orgUserId; - - public Long appId; - - public String appName; - - public List<RoleInAppForUser> appRoles; - - public String getOrgUserId() { - return orgUserId; - } - - public void setOrgUserId(String orgUserId) { - this.orgUserId = orgUserId; - } - - public Long getAppId() { - return appId; - } - - public void setAppId(Long appId) { - this.appId = appId; - } - - public String getAppName() { - return appName; - } - - public void setAppName(String appName) { - this.appName = appName; - } - - public List<RoleInAppForUser> getAppRoles() { - return appRoles; - } - - public void setAppRoles(List<RoleInAppForUser> appRoles) { - this.appRoles = appRoles; - } - - @Override - public String toString() { - return "AppWithRolesForUser [orgUserId=" + orgUserId + ", appId=" + appId + ", appName=" + appName - + ", appRoles=" + appRoles + "]"; - } + private String orgUserId; + private boolean isSystemUser; + private Long appId; + private String appName; + private List<RoleInAppForUser> appRoles; } diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/CentralV2UserApp.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/CentralV2UserApp.java index 2ada8ed1..17007a5f 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/CentralV2UserApp.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/CentralV2UserApp.java @@ -38,6 +38,7 @@ package org.onap.portalapp.portal.transport; import java.io.Serializable; +import java.util.Objects; @SuppressWarnings("rawtypes") public class CentralV2UserApp implements Serializable, Comparable{ @@ -99,7 +100,20 @@ public class CentralV2UserApp implements Serializable, Comparable{ this.priority = priority; } - + @Override + public boolean equals(Object other) { + if (this == other) { + return true; + } + if (!(other instanceof CentralV2UserApp)) { + return false; + } + CentralV2UserApp castOther = (CentralV2UserApp) other; + return Objects.equals(this.userId, castOther.userId) && + Objects.equals(this.app, castOther.app) && + Objects.equals(this.role, castOther.role) && + Objects.equals(this.priority, castOther.priority); + } public int compareTo(Object other){ CentralV2UserApp castOther = (CentralV2UserApp) other; diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/CommonWidget.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/CommonWidget.java index ec27d987..3fbdc3e8 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/CommonWidget.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/CommonWidget.java @@ -44,6 +44,7 @@ import javax.persistence.GenerationType; import javax.persistence.Id; import javax.persistence.Table; +import org.hibernate.validator.constraints.SafeHtml; import org.onap.portalsdk.core.domain.support.DomainVo; import com.fasterxml.jackson.annotation.JsonInclude; @@ -63,28 +64,33 @@ public class CommonWidget extends DomainVo{ private Long id; @Column(name = "category") + @SafeHtml public String category; @Column(name = "href") + @SafeHtml public String href; @Column(name = "title") + @SafeHtml public String title; @Column(name = "content") + @SafeHtml public String content; @Column(name = "event_date") + @SafeHtml public String eventDate; @Column(name = "sort_order") public Integer sortOrder; - + public CommonWidget(){ - + } - + public CommonWidget(String category, String href, String title, String content, String eventDate, Integer sortOrder){ this.category = category; this.href = href; diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/CommonWidgetMeta.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/CommonWidgetMeta.java index 55dfc91a..51a02652 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/CommonWidgetMeta.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/CommonWidgetMeta.java @@ -38,14 +38,17 @@ package org.onap.portalapp.portal.transport; import java.util.List; +import javax.validation.Valid; +import org.hibernate.validator.constraints.SafeHtml; public class CommonWidgetMeta { - + @SafeHtml private String category; + @Valid private List<CommonWidget> items; - - public CommonWidgetMeta(){ - + + public CommonWidgetMeta(){ + } public CommonWidgetMeta(String category, List<CommonWidget> items){ diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/FavoritesFunctionalMenuItem.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/FavoritesFunctionalMenuItem.java index 57f65379..493e57fa 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/FavoritesFunctionalMenuItem.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/FavoritesFunctionalMenuItem.java @@ -43,6 +43,7 @@ import javax.persistence.Column; import javax.persistence.Entity; import javax.persistence.Id; import javax.persistence.Table; +import javax.validation.constraints.Digits; /** @@ -55,9 +56,11 @@ public class FavoritesFunctionalMenuItem implements Serializable { @Id @Column(name = "user_id") + @Digits(integer = 11, fraction = 0) public Long userId; @Id @Column(name = "menu_id") + @Digits(integer = 11, fraction = 0) public Long menuId; } diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/FunctionalMenuItem.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/FunctionalMenuItem.java index 06acdb7b..14ad2f4c 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/FunctionalMenuItem.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/FunctionalMenuItem.java @@ -47,37 +47,62 @@ import javax.persistence.GenerationType; import javax.persistence.Id; import javax.persistence.Table; import javax.persistence.Transient; +import javax.validation.constraints.Digits; +import javax.validation.constraints.Max; +import javax.validation.constraints.NotNull; +import lombok.AllArgsConstructor; +import lombok.NoArgsConstructor; +import org.hibernate.validator.constraints.SafeHtml; @Entity @Table(name="fn_menu_functional") +@NoArgsConstructor +@AllArgsConstructor public class FunctionalMenuItem implements Serializable { - public FunctionalMenuItem(){}; - private static final long serialVersionUID = 1L; @Id - @GeneratedValue(strategy=GenerationType.IDENTITY) + @GeneratedValue(strategy=GenerationType.IDENTITY) @Column(name = "MENU_ID") + @Digits(integer = 11, fraction = 0) public Long menuId; - + @Column(name = "COLUMN_NUM") + @Digits(integer = 2, fraction = 0) + @NotNull public Integer column; - + @Column(name = "TEXT") + @Max(value = 100) + @SafeHtml + @NotNull public String text; - + @Column(name = "PARENT_MENU_ID") + @Digits(integer = 11, fraction = 0) public Integer parentMenuId; - + @Column(name = "URL") + @Max(value = 128) + @SafeHtml + @NotNull public String url; - + @Column(name="ACTIVE_YN") + @Max(value = 1) + @SafeHtml + @NotNull public String active_yn; @Transient public Integer appid; + @Transient + private List<Integer> roles; + + @Transient + public Boolean restrictedApp; + public List<Integer> getRoles() { return roles; } @@ -86,18 +111,12 @@ public class FunctionalMenuItem implements Serializable { this.roles = roles; } - @Transient - private List<Integer> roles; - - @Transient - public Boolean restrictedApp; - public void normalize() { if (this.column == null) - this.column = new Integer(1); + this.column = 1; this.text = (this.text == null) ? "" : this.text.trim(); if (this.parentMenuId == null) - this.parentMenuId = new Integer(-1); + this.parentMenuId = -1; this.url = (this.url == null) ? "" : this.url.trim(); } diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/OnboardingApp.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/OnboardingApp.java index f2503b42..37ad5add 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/OnboardingApp.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/OnboardingApp.java @@ -37,6 +37,8 @@ */ package org.onap.portalapp.portal.transport; +import org.hibernate.validator.constraints.SafeHtml; + /** * Model of rows in the fn_app table; serialized as a message add or update an * on-boarded application. @@ -44,21 +46,21 @@ package org.onap.portalapp.portal.transport; public class OnboardingApp { public Long id; - + @SafeHtml public String name; - + @SafeHtml public String imageUrl; - + @SafeHtml public String imageLink; - + @SafeHtml public String description; - + @SafeHtml public String notes; - + @SafeHtml public String url; - + @SafeHtml public String alternateUrl; - + @SafeHtml public String restUrl; public Boolean isOpen; @@ -66,27 +68,27 @@ public class OnboardingApp { public Boolean isEnabled; public Long motsId; - + @SafeHtml public String myLoginsAppName; - + @SafeHtml public String myLoginsAppOwner; - + @SafeHtml public String username; - + @SafeHtml public String appPassword; - + @SafeHtml public String thumbnail; - + @SafeHtml public String uebTopicName; - + @SafeHtml public String uebKey; - + @SafeHtml public String uebSecret; public Boolean restrictedApp; public Boolean isCentralAuth; - + @SafeHtml public String nameSpace; /** diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/PortalAdminUserRole.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/PortalAdminUserRole.java index 01cc6941..dd0142c9 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/PortalAdminUserRole.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/PortalAdminUserRole.java @@ -43,6 +43,7 @@ import javax.persistence.Column; import javax.persistence.Entity; import javax.persistence.Id; import javax.persistence.Table; +import javax.validation.constraints.Digits; /** * This is to handle portal admins @@ -54,13 +55,16 @@ public class PortalAdminUserRole implements Serializable{ @Id @Column(name = "user_id") + @Digits(integer = 10, fraction = 0) public Long userId; @Id @Column(name = "role_id") + @Digits(integer = 10, fraction = 0) public Long roleId; @Column(name = "app_id") + @Digits(integer = 11, fraction = 0) public Long appId; } diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/utils/EcompPortalUtils.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/utils/EcompPortalUtils.java index 1b5613ca..30eeac04 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/utils/EcompPortalUtils.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/utils/EcompPortalUtils.java @@ -47,10 +47,12 @@ import java.util.Arrays; import java.util.Base64; import java.util.Date; import java.util.List; +import java.util.regex.Pattern; import javax.servlet.http.HttpServletResponse; import javax.xml.bind.DatatypeConverter; +import org.apache.commons.codec.binary.Hex; import org.apache.commons.lang.StringUtils; import org.hibernate.Session; import org.hibernate.Transaction; @@ -70,19 +72,21 @@ import com.fasterxml.jackson.databind.ObjectMapper; public class EcompPortalUtils { private static EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(EcompPortalUtils.class); - + private static final String FUNCTION_PIPE = "|"; - + // TODO: GLOBAL_LOGIN_URL is the same as in SessionTimeoutInterceptor. // It should be defined in SystemProperties. private static final String GLOBAL_LOGIN_URL = "global-login-url"; - - // It is a regular expression used for while creating a External Central Auth Role + + // It is a regular expression used for while creating a External Central Auth + // Role public static final String EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS = "([^A-Z^a-z^0-9^\\.^%^(^)^=^:])"; - + + public static final String slash = "/"; + /** - * @param orgUserId - * User ID to validate + * @param orgUserId User ID to validate * @return true if orgUserId is not empty and contains only alphanumeric, false * otherwise */ @@ -94,10 +98,8 @@ public class EcompPortalUtils { * Splits the string into a list of tokens using the specified regular * expression * - * @param source - * String to split - * @param regex - * tokens + * @param source String to split + * @param regex tokens * @return List of tokens split from the source */ public static List<String> parsingByRegularExpression(String source, String regex) { @@ -116,10 +118,8 @@ public class EcompPortalUtils { /** * Builds a JSON object with error code and message information. * - * @param errorCode - * error code - * @param errorMessage - * message + * @param errorCode error code + * @param errorMessage message * @return JSON object as a String */ public static String jsonErrorMessageResponse(int errorCode, String errorMessage) { @@ -129,8 +129,7 @@ public class EcompPortalUtils { /** * Builds a JSON object with the specified message * - * @param message - * Message to embed + * @param message Message to embed * @return JSON object as a String */ public static String jsonMessageResponse(String message) { @@ -141,15 +140,11 @@ public class EcompPortalUtils { * Serializes the specified object as JSON and writes the result to the debug * log. If serialization fails, logs a message to the error logger. * - * @param logger - * Logger for the class where the object was built; the logger - * carries the class name. - * @param source - * First portion of the log message - * @param msg - * Second portion of the log message - * @param obj - * Object to serialize as JSON + * @param logger Logger for the class where the object was built; the logger + * carries the class name. + * @param source First portion of the log message + * @param msg Second portion of the log message + * @param obj Object to serialize as JSON */ public static void logAndSerializeObject(EELFLoggerDelegate logger, String source, String msg, Object obj) { try { @@ -169,12 +164,9 @@ public class EcompPortalUtils { * Serializes the specified object as JSON and writes the result to the debug * log. If serialization fails, logs a message to the error logger. * - * @param source - * First portion of the log message - * @param msg - * Second portion of the log message - * @param obj - * Object to serialize as JSON + * @param source First portion of the log message + * @param msg Second portion of the log message + * @param obj Object to serialize as JSON */ public static void logAndSerializeObject(String source, String msg, Object obj) { logAndSerializeObject(logger, source, msg, obj); @@ -209,12 +201,9 @@ public class EcompPortalUtils { * Set response status to Unauthorized if user == null and to Forbidden in all * (!) other cases. Logging is not performed if invocator == null * - * @param user - * User object - * @param response - * HttpServletResponse - * @param invocator - * may be null + * @param user User object + * @param response HttpServletResponse + * @param invocator may be null */ public static void setBadPermissions(EPUser user, HttpServletResponse response, String invocator) { if (user == null) { @@ -248,13 +237,15 @@ public class EcompPortalUtils { // This method might be just for testing purposes. public static void setExternalAppResponseCode(int responseCode) { try { - /*String code = String.valueOf(responseCode); - MDC.put(EPCommonSystemProperties.EXTERNAL_API_RESPONSE_CODE,code ); - code=StringUtils.EMPTY;*/ + /* + * String code = String.valueOf(responseCode); + * MDC.put(EPCommonSystemProperties.EXTERNAL_API_RESPONSE_CODE,code ); + * code=StringUtils.EMPTY; + */ String code = Integer.toString(responseCode); - MDC.put(EPCommonSystemProperties.EXTERNAL_API_RESPONSE_CODE,code ); - char[] chars=code.toCharArray(); - Arrays.fill(chars, ' '); + MDC.put(EPCommonSystemProperties.EXTERNAL_API_RESPONSE_CODE, code); + char[] chars = code.toCharArray(); + Arrays.fill(chars, ' '); } catch (Exception e) { logger.error(EELFLoggerDelegate.errorLogger, "setExternalAppResponseCode failed", e); } @@ -337,10 +328,8 @@ public class EcompPortalUtils { /** * Returns a default property if the expected one is not available * - * @param property - * Key - * @param defaultValue - * default Value + * @param property Key + * @param defaultValue default Value * @return Default value if property is not defined or yields the empty string; * else the property value. */ @@ -360,10 +349,8 @@ public class EcompPortalUtils { * "MDC.remove(SystemProperties.MDC_TIMER);" after this method call to clean up * the record in MDC * - * @param beginDateTime - * the given begin time for the call - * @param endDateTime - * the given end time for the call + * @param beginDateTime the given begin time for the call + * @param endDateTime the given end time for the call * */ public static void calculateDateTimeDifferenceForLog(String beginDateTime, String endDateTime) { @@ -405,8 +392,7 @@ public class EcompPortalUtils { * * @return header which contains external central auth username and password * base64 encoded - * @throws Exception - * if unable to decrypt the password + * @throws Exception if unable to decrypt the password */ public static HttpHeaders base64encodeKeyForAAFBasicAuth() throws Exception { String userName = ""; @@ -429,7 +415,8 @@ public class EcompPortalUtils { String result = ""; if (encrypted != null && encrypted.length() > 0) { try { - result = CipherUtil.decryptPKC(encrypted, SystemProperties.getProperty(SystemProperties.Decryption_Key)); + result = CipherUtil.decryptPKC(encrypted, + SystemProperties.getProperty(SystemProperties.Decryption_Key)); } catch (Exception e) { logger.error(EELFLoggerDelegate.errorLogger, "decryptedPassword failed", e); throw e; @@ -438,8 +425,8 @@ public class EcompPortalUtils { return result; } - public static String truncateString(String originString, int size){ - if(originString.length()>=size){ + public static String truncateString(String originString, int size) { + if (originString.length() >= size) { StringBuilder stringBuilder = new StringBuilder(); stringBuilder.append(originString); stringBuilder.setLength(size); @@ -448,11 +435,10 @@ public class EcompPortalUtils { } return originString; } - + /** * - * If function code value has any pipes it does pipe filter and - * returns value. + * If function code value has any pipes it does pipe filter and returns value. * * @param functionCode * @return function instance without pipe @@ -462,22 +448,19 @@ public class EcompPortalUtils { if (functionCode.contains(FUNCTION_PIPE)) { int count = StringUtils.countMatches(functionCode, FUNCTION_PIPE); if (count == 2) - finalFunctionCodeVal = functionCode.substring( - functionCode.indexOf(FUNCTION_PIPE) + 1, + finalFunctionCodeVal = functionCode.substring(functionCode.indexOf(FUNCTION_PIPE) + 1, functionCode.lastIndexOf(FUNCTION_PIPE)); else - finalFunctionCodeVal = functionCode - .substring(functionCode.lastIndexOf(FUNCTION_PIPE) + 1); - } else{ + finalFunctionCodeVal = functionCode.substring(functionCode.lastIndexOf(FUNCTION_PIPE) + 1); + } else { finalFunctionCodeVal = functionCode; } return finalFunctionCodeVal; } - + /** * - * If function code value has any pipes it does pipe filter and - * returns value. + * If function code value has any pipes it does pipe filter and returns value. * * @param functionCode * @return function Type without pipe @@ -486,20 +469,19 @@ public class EcompPortalUtils { String finalFunctionCodeVal = ""; if (functionCode.contains(FUNCTION_PIPE)) { int count = StringUtils.countMatches(functionCode, FUNCTION_PIPE); - if (count == 2){ - String[] getTypeValue = functionCode.split("\\"+FUNCTION_PIPE); + if (count == 2) { + String[] getTypeValue = functionCode.split("\\" + FUNCTION_PIPE); finalFunctionCodeVal = getTypeValue[0]; } - } else{ + } else { finalFunctionCodeVal = functionCode; } return finalFunctionCodeVal; } - + /** * - * If function code value has any pipes it does pipe filter and - * returns value. + * If function code value has any pipes it does pipe filter and returns value. * * @param functionCode * @return function Action without pipe @@ -509,17 +491,17 @@ public class EcompPortalUtils { if (functionCode.contains(FUNCTION_PIPE)) { int count = StringUtils.countMatches(functionCode, FUNCTION_PIPE); if (count == 2) - finalFunctionCodeVal = functionCode.substring( - functionCode.lastIndexOf(FUNCTION_PIPE)+1); - } else{ + finalFunctionCodeVal = functionCode.substring(functionCode.lastIndexOf(FUNCTION_PIPE) + 1); + } else { finalFunctionCodeVal = functionCode; } return finalFunctionCodeVal; } - + /** * - * It check whether the external auth namespace is matching with current namespace exists in local DB + * It check whether the external auth namespace is matching with current + * namespace exists in local DB * * @param permTypeVal * @param appNamespaceVal @@ -539,20 +521,22 @@ public class EcompPortalUtils { } return isNamespaceMatching; } - + public static boolean checkIfRemoteCentralAccessAllowed() { boolean result = false; - String rmtCentralAccess = SystemProperties.getProperty(EPCommonSystemProperties.REMOTE_CENTRALISED_SYSTEM_ACCESS); - if(rmtCentralAccess == null) { - logger.error(EELFLoggerDelegate.errorLogger, "Please check in system.properties whether the property exists or not!"); + String rmtCentralAccess = SystemProperties + .getProperty(EPCommonSystemProperties.REMOTE_CENTRALISED_SYSTEM_ACCESS); + if (rmtCentralAccess == null) { + logger.error(EELFLoggerDelegate.errorLogger, + "Please check in system.properties whether the property exists or not!"); return false; - }else if(new Boolean(rmtCentralAccess)){ - logger.debug(EELFLoggerDelegate.debugLogger, "checkIfRemoteCentralAccessAllowed: {}",rmtCentralAccess); + } else if (new Boolean(rmtCentralAccess)) { + logger.debug(EELFLoggerDelegate.debugLogger, "checkIfRemoteCentralAccessAllowed: {}", rmtCentralAccess); result = true; } return result; } - + /** * * It validates whether given string is JSON or not @@ -560,28 +544,48 @@ public class EcompPortalUtils { * @param jsonInString * @return true or false */ - public static boolean isJSONValid(String jsonInString ) { - try { - final ObjectMapper mapper = new ObjectMapper(); - mapper.readTree(jsonInString); - return true; - } catch (IOException e) { - logger.error(EELFLoggerDelegate.errorLogger, "Failed to parse Json!", e); - return false; - } - } - /** - * - * It retrieves account information from input String - * - * @param authValue - * @return Array of Account information - * - */ - public static String[] getUserNamePassword(String authValue) { - String base64Credentials = authValue.substring("Basic".length()).trim(); - String credentials = new String(Base64.getDecoder().decode(base64Credentials), Charset.forName("UTF-8")); - final String[] values = credentials.split(":", 2); - return values; + public static boolean isJSONValid(String jsonInString) { + try { + final ObjectMapper mapper = new ObjectMapper(); + mapper.readTree(jsonInString); + return true; + } catch (IOException e) { + logger.error(EELFLoggerDelegate.errorLogger, "Failed to parse Json!", e); + return false; } + } + + /** + * + * It retrieves account information from input String + * + * @param authValue + * @return Array of Account information + * + */ + public static String[] getUserNamePassword(String authValue) { + String base64Credentials = authValue.substring("Basic".length()).trim(); + String credentials = new String(Base64.getDecoder().decode(base64Credentials), Charset.forName("UTF-8")); + final String[] values = credentials.split(":", 2); + return values; + } + + /** + * It encodes the function code based on Hex encoding + * + * @param funCode + * + */ + public static String encodeFunctionCode(String funCode) { + String encodedString = funCode; + Pattern encodePattern = Pattern.compile(EcompPortalUtils.slash); + return encodedString = encodePattern.matcher(encodedString) + .replaceAll("%" + Hex.encodeHexString(encodePattern.toString().getBytes())) + .replaceAll("\\*", "%" + Hex.encodeHexString("*".getBytes())); + } + + public static boolean checkFunctionCodeHasEncodePattern(String code) { + return code.contains(EcompPortalUtils.slash); + } + } diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/util/DateUtil.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/util/DateUtil.java new file mode 100644 index 00000000..211f8ab9 --- /dev/null +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/util/DateUtil.java @@ -0,0 +1,56 @@ +/*- + * ============LICENSE_START========================================== + * ONAP Portal + * =================================================================== + * Copyright (c) 2019 Samsung. All rights reserved. + * =================================================================== + * + * Unless otherwise specified, all software contained herein is licensed + * under the Apache License, Version 2.0 (the "License"); + * you may not use this software except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Unless otherwise specified, all documentation contained herein is licensed + * under the Creative Commons License, Attribution 4.0 Intl. (the "License"); + * you may not use this documentation except in compliance with the License. + * You may obtain a copy of the License at + * + * https://creativecommons.org/licenses/by/4.0/ + * + * Unless required by applicable law or agreed to in writing, documentation + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * ============LICENSE_END============================================ + * + * + */ + +package org.onap.portalapp.util; + +import java.text.SimpleDateFormat; + +public class DateUtil { + + private DateUtil() { + throw new IllegalStateException("Utility class"); + } + + public static SimpleDateFormat getDateFormat() { + return new SimpleDateFormat("HH:mm:ss:SSSS"); + } + + public static SimpleDateFormat getRequestDateFormat(){ + return new SimpleDateFormat("EEE, dd MMM YYYY HH:mm:ss z"); + } +} diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/util/EPUserUtils.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/util/EPUserUtils.java index 51f48b16..99a29116 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/util/EPUserUtils.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/util/EPUserUtils.java @@ -45,7 +45,9 @@ import java.util.Iterator; import java.util.List; import java.util.Set; import java.util.UUID; +import java.util.regex.Matcher; import java.util.regex.Pattern; +import java.util.stream.Collectors; import javax.servlet.ServletContext; import javax.servlet.http.HttpServletRequest; @@ -398,4 +400,40 @@ public class EPUserUtils { return ""; } + public static Boolean matchRoleFunctions(String portalApiPath, Set<? extends String> roleFunctions) { + String[] path = portalApiPath.split("/"); + List<String> roleFunList = new ArrayList<>(); + if (path.length > 1) { + roleFunList = roleFunctions.stream().filter(item -> item.startsWith(path[0])).collect(Collectors.toList()); + if (roleFunList.size() >= 1) { + for (String roleFunction : roleFunList) { + String[] roleFunctionArray = roleFunction.split("/"); + boolean b = true; + if (roleFunctionArray.length == path.length) { + for (int i = 0; i < roleFunctionArray.length; i++) { + if (b) { + if (!roleFunctionArray[i].equals("*")) { + Pattern p = Pattern.compile(Pattern.quote(path[i]), Pattern.CASE_INSENSITIVE); + Matcher m = p.matcher(roleFunctionArray[i]); + b = m.matches(); + + } + } + } + if (b) + return b; + } + } + } + } else { + for (String roleFunction : roleFunctions) { + if (roleFunction.equals(("*"))) { + return true; + } else if (portalApiPath.matches(roleFunction)) { + return true; + } + } + } + return false; + } } diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/validation/DataValidator.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/validation/DataValidator.java new file mode 100644 index 00000000..46a60c81 --- /dev/null +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/validation/DataValidator.java @@ -0,0 +1,63 @@ +/*- + * ============LICENSE_START========================================== + * ONAP Portal + * =================================================================== + * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + * =================================================================== + * + * Unless otherwise specified, all software contained herein is licensed + * under the Apache License, Version 2.0 (the "License"); + * you may not use this software except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Unless otherwise specified, all documentation contained herein is licensed + * under the Creative Commons License, Attribution 4.0 Intl. (the "License"); + * you may not use this documentation except in compliance with the License. + * You may obtain a copy of the License at + * + * https://creativecommons.org/licenses/by/4.0/ + * + * Unless required by applicable law or agreed to in writing, documentation + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * ============LICENSE_END============================================ + * + * + */ + +package org.onap.portalapp.validation; + +import java.util.Set; +import javax.validation.ConstraintViolation; +import javax.validation.Validation; +import javax.validation.Validator; +import javax.validation.ValidatorFactory; +import org.springframework.stereotype.Component; + +@Component +public class DataValidator { + private static final ValidatorFactory VALIDATOR_FACTORY = Validation.buildDefaultValidatorFactory(); + + public <E> Set<ConstraintViolation<E>> getConstraintViolations(E classToValid){ + Validator validator = VALIDATOR_FACTORY.getValidator(); + Set<ConstraintViolation<E>> constraintViolations = validator.validate(classToValid); + return constraintViolations; + } + + public <E> boolean isValid(E classToValid){ + Set<ConstraintViolation<E>> constraintViolations = getConstraintViolations(classToValid); + return constraintViolations.isEmpty(); + } + +} diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/validation/SecureString.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/validation/SecureString.java new file mode 100644 index 00000000..2afbddac --- /dev/null +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/validation/SecureString.java @@ -0,0 +1,55 @@ +/*- + * ============LICENSE_START========================================== + * ONAP Portal + * =================================================================== + * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + * =================================================================== + * + * Unless otherwise specified, all software contained herein is licensed + * under the Apache License, Version 2.0 (the "License"); + * you may not use this software except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Unless otherwise specified, all documentation contained herein is licensed + * under the Creative Commons License, Attribution 4.0 Intl. (the "License"); + * you may not use this documentation except in compliance with the License. + * You may obtain a copy of the License at + * + * https://creativecommons.org/licenses/by/4.0/ + * + * Unless required by applicable law or agreed to in writing, documentation + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * ============LICENSE_END============================================ + * + * + */ + +package org.onap.portalapp.validation; + +import org.hibernate.validator.constraints.SafeHtml; + +public class SecureString { + + @SafeHtml + private String data; + + public SecureString(String string) { + this.data = string; + } + + public String getString() { + return data; + } +} diff --git a/ecomp-portal-BE-common/src/main/webapp/WEB-INF/fusion/orm/EP.hbm.xml b/ecomp-portal-BE-common/src/main/webapp/WEB-INF/fusion/orm/EP.hbm.xml index 4e8943ce..e03c9762 100644 --- a/ecomp-portal-BE-common/src/main/webapp/WEB-INF/fusion/orm/EP.hbm.xml +++ b/ecomp-portal-BE-common/src/main/webapp/WEB-INF/fusion/orm/EP.hbm.xml @@ -229,6 +229,7 @@ <property name="createdId" column="created_id" /> <property name="modifiedId" column="modified_id" /> <property name="timeZoneId" column="timezone" /> + <property name="systemUser" column="is_system_user" type="yes_no"/> <property name="languageId" column="language_id" /> <set name="EPUserApps" table="FN_USER_ROLE" lazy="false" sort="natural" @@ -1160,7 +1161,7 @@ where fn_role.app_id = fn_app.app_id and fn_app.enabled='Y' and fn_role.active_y <sql-query name="getAppsAdmins"> <return alias="adminUserApp" class="org.onap.portalapp.portal.domain.AdminUserApp" /> <![CDATA[ - SELECT apps.APP_NAME, apps.APP_ID, user.USER_ID, user.FIRST_NAME, user.LAST_NAME, user.org_user_id FROM fn_user_role userrole INNER JOIN fn_user user ON user.USER_ID = userrole.USER_ID INNER JOIN fn_app apps ON apps.APP_ID = userrole.APP_ID WHERE user.active_yn='Y' AND userrole.ROLE_ID = :accountAdminRoleId AND (apps.ENABLED = 'Y' OR apps.APP_ID=1) + SELECT apps.APP_NAME, apps.APP_ID, user.USER_ID, user.FIRST_NAME, user.LAST_NAME, user.org_user_id FROM fn_user_role userrole INNER JOIN fn_user user ON user.USER_ID = userrole.USER_ID INNER JOIN fn_app apps ON apps.APP_ID = userrole.APP_ID WHERE user.active_yn='Y' AND userrole.ROLE_ID = :accountAdminRoleId ]]> </sql-query> @@ -2548,4 +2549,36 @@ where fn_role.app_id = fn_app.app_id and fn_app.enabled='Y' and fn_role.active_y ]]> </sql-query> + + <sql-query name="getAllAdminAppsofTheUser"> + <![CDATA[ + select fa.app_id from fn_user_role ur,fn_app fa where ur.user_id =:userId and ur.app_id=fa.app_id and ur.role_id= 999 + + ]]> + </sql-query> + <sql-query name="getAllAppsFunctionsOfUser"> + <![CDATA[ + select distinct ep.function_cd from fn_user_role fu, ep_app_role_function ep, ep_app_function ea, fn_app fa , fn_role fr + where fu.role_id = ep.role_id + and fu.app_id = ep.app_id + and fu.user_id =:userId + and ea.function_cd = ep.function_cd + and ((fu.app_id = fa.app_id and fa.enabled = 'Y' ) or (fa.app_id = 1)) + and fr.role_id = fu.role_id and fr.active_yn='Y' + union + select distinct app_r_f.function_cd from ep_app_role_function app_r_f, ep_app_function a_f + where role_id = 999 + and app_r_f.function_cd = a_f.function_cd + and exists + ( + select fa.app_id from fn_user fu, fn_user_role ur, fn_app fa where fu.user_id =:userId and fu.user_id = ur.user_id + and ur.role_id = 999 and ur.app_id = fa.app_id and fa.enabled = 'Y' + ); + ]]> + </sql-query> + <sql-query name="updateFnUser"> + <![CDATA[ + UPDATE fn_user fu SET fu.language_id=:language_id WHERE fu.login_id=:login_id + ]]> + </sql-query> </hibernate-mapping> diff --git a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/AppsControllerExternalRequestTest.java b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/AppsControllerExternalRequestTest.java index 847d4744..9d3c7785 100644 --- a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/AppsControllerExternalRequestTest.java +++ b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/AppsControllerExternalRequestTest.java @@ -133,6 +133,24 @@ public class AppsControllerExternalRequestTest extends MockitoTestSuite { } @Test + public void postPortalAdminXSSTest() { + PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>(); + expectedportalRestResponse.setMessage("Data is not valid"); + expectedportalRestResponse.setResponse(null); + PortalRestStatusEnum portalRestStatusEnum = null; + expectedportalRestResponse.setStatus(portalRestStatusEnum.ERROR); + EPUser user = mockUser.mockEPUser(); + user.setEmail("“><script>alert(“XSS”)</script>"); + user.setLoginPwd("pwd"); + user.setLoginId("Test"); + Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user); + Mockito.when(userService.getUserByUserId(user.getOrgUserId())).thenThrow(nullPointerException); + PortalRestResponse<String> actualPortalRestResponse = appsControllerExternalRequest + .postPortalAdmin(mockedRequest, mockedResponse, user); + assertEquals(expectedportalRestResponse, actualPortalRestResponse); + } + + @Test public void postPortalAdminCreateUserIfNotFoundTest() throws Exception { PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>(); expectedportalRestResponse.setMessage(null); @@ -277,6 +295,36 @@ public class AppsControllerExternalRequestTest extends MockitoTestSuite { } @Test + public void postOnboardAppExternalXSSTest() { + PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>(); + expectedportalRestResponse.setMessage( + "Data is not valid"); + expectedportalRestResponse.setResponse(null); + PortalRestStatusEnum portalRestStatusEnum = null; + expectedportalRestResponse.setStatus(portalRestStatusEnum.ERROR); + + OnboardingApp expectedOnboardingApp = new OnboardingApp();; + expectedOnboardingApp.name = "test"; + expectedOnboardingApp.url="test.com"; + expectedOnboardingApp.restUrl="<script>alert(/XSS”)</script>"; + expectedOnboardingApp.myLoginsAppOwner="testUser"; + expectedOnboardingApp.restrictedApp=false; + expectedOnboardingApp.isOpen=true; + expectedOnboardingApp.isEnabled=true; + EPUser user = mockUser.mockEPUser(); + user.setEmail("guestT@test.portal.onap.org"); + user.setLoginPwd("pwd"); + user.setLoginId("Test"); + List<EPUser> expectedList = new ArrayList<EPUser>(); + expectedList.add(user); + + PortalRestResponse<String> actualPortalRestResponse = appsControllerExternalRequest + .postOnboardAppExternal(mockedRequest, mockedResponse, expectedOnboardingApp); + assertEquals(expectedportalRestResponse, actualPortalRestResponse); + + } + + @Test public void putOnboardAppExternalifAppNullTest() { PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>(); expectedportalRestResponse.setMessage("Unexpected value for field: id"); @@ -293,6 +341,38 @@ public class AppsControllerExternalRequestTest extends MockitoTestSuite { } @Test + public void putOnboardAppExternalXSSTest() { + PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>(); + expectedportalRestResponse.setMessage( + "Data is not valid"); + expectedportalRestResponse.setResponse(null); + PortalRestStatusEnum portalRestStatusEnum = null; + expectedportalRestResponse.setStatus(portalRestStatusEnum.ERROR); + + OnboardingApp expectedOnboardingApp = new OnboardingApp();; + expectedOnboardingApp.name = "test"; + expectedOnboardingApp.url="test.com"; + expectedOnboardingApp.restUrl="<script>alert(/XSS”)</script>"; + expectedOnboardingApp.myLoginsAppOwner="testUser"; + expectedOnboardingApp.restrictedApp=false; + expectedOnboardingApp.isOpen=true; + expectedOnboardingApp.isEnabled=true; + EPUser user = mockUser.mockEPUser(); + user.setEmail("guestT@test.portal.onap.org"); + user.setLoginPwd("pwd"); + user.setLoginId("Test"); + List<EPUser> expectedList = new ArrayList<EPUser>(); + expectedList.add(user); + + Long appId = (long) 1; + + PortalRestResponse<String> actualPortalRestResponse = appsControllerExternalRequest + .putOnboardAppExternal(mockedRequest, mockedResponse, appId, expectedOnboardingApp); + assertEquals(expectedportalRestResponse, actualPortalRestResponse); + + } + + @Test public void putOnboardAppExternalIfOnboardingAppDetailsNullTest() { PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>(); expectedportalRestResponse.setMessage( diff --git a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/AppsControllerTest.java b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/AppsControllerTest.java index ff37fd50..4df1c2ac 100644 --- a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/AppsControllerTest.java +++ b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/AppsControllerTest.java @@ -1,9 +1,11 @@ /*- - * ============LICENSE_START========================================== + * ============LICENSE_START========================================== * ONAP Portal * =================================================================== * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. * =================================================================== + * Modifications Copyright (c) 2019 Samsung + * =================================================================== * * Unless otherwise specified, all software contained herein is licensed * under the Apache License, Version 2.0 (the "License"); @@ -88,7 +90,10 @@ import org.powermock.api.mockito.PowerMockito; import org.powermock.core.classloader.annotations.PrepareForTest; import org.powermock.modules.junit4.PowerMockRunner; import org.springframework.http.HttpEntity; +import org.springframework.http.HttpStatus; import org.springframework.http.MediaType; +import org.springframework.http.ResponseEntity; +import org.springframework.web.client.HttpClientErrorException; @RunWith(PowerMockRunner.class) @PrepareForTest({SystemProperties.class,AppUtils.class, EPUserUtils.class, MediaType.class}) @@ -546,7 +551,7 @@ public class AppsControllerTest extends MockitoTestSuite{ List<AppsResponse> atualApps = new ArrayList<AppsResponse>(); Mockito.when(adminRolesService.isSuperAdmin(user)).thenReturn(true); - Mockito.when(appService.getAllApps(false)).thenReturn(expectedApps); + Mockito.when(appService.getAllApplications(false)).thenReturn(expectedApps); atualApps = appsController.getApps(mockedRequest, mockedResponse); assertEquals(expectedApps, atualApps); } @@ -564,7 +569,7 @@ public class AppsControllerTest extends MockitoTestSuite{ EPUser user = mockUser.mockEPUser(); Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user); Mockito.when(adminRolesService.isSuperAdmin(user)).thenReturn(true); - Mockito.when(appService.getAllApps(false)).thenThrow(nullPointerException); + Mockito.when(appService.getAllApplications(false)).thenThrow(nullPointerException); assertNull(appsController.getApps(mockedRequest, mockedResponse)); } @@ -723,23 +728,110 @@ public class AppsControllerTest extends MockitoTestSuite{ } @Test - public void putOnboardingAppTest() { + public void putOnboardingAppTest() throws Exception { EPUser user = mockUser.mockEPUser(); Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user); OnboardingApp OnboardingApp = new OnboardingApp(); + OnboardingApp.isCentralAuth = true; + OnboardingApp.nameSpace = "test1"; FieldsValidator expectedFieldValidator = new FieldsValidator(); expectedFieldValidator.setHttpStatusCode((long) 200); expectedFieldValidator.setFields(null); expectedFieldValidator.setErrorCode(null); + EPApp OnboardingApp1 = new EPApp(); + OnboardingApp1.setCentralAuth(false); + OnboardingApp1.setNameSpace("test"); + Mockito.when(appService.getApp(Matchers.anyLong())).thenReturn(OnboardingApp1); Mockito.when(adminRolesService.isSuperAdmin(user)).thenReturn(true); + ResponseEntity<String> response = new ResponseEntity<>(HttpStatus.OK); + Mockito.when(appService.checkIfNameSpaceIsValid(Matchers.anyString())).thenReturn(response); Mockito.when(appService.modifyOnboardingApp(OnboardingApp, user)).thenReturn(expectedFieldValidator); + Mockito.when(mockedResponse.getStatus()).thenReturn(200); FieldsValidator actualFieldValidator = appsController.putOnboardingApp(mockedRequest, OnboardingApp, mockedResponse); assertEquals(expectedFieldValidator, actualFieldValidator); } + + @Test + public void putOnboardingApp2Test() throws Exception { + EPUser user = mockUser.mockEPUser(); + Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user); + OnboardingApp onboardingApp = new OnboardingApp(); + onboardingApp.isCentralAuth = true; + onboardingApp.nameSpace = "com.test1"; + EPApp app = new EPApp(); + app.setNameSpace("com.test "); + FieldsValidator expectedFieldValidator = new FieldsValidator(); + expectedFieldValidator.setHttpStatusCode((long) 200); + expectedFieldValidator.setFields(null); + expectedFieldValidator.setErrorCode(null); + Mockito.when(adminRolesService.isSuperAdmin(user)).thenReturn(false); + Mockito.when(adminRolesService.isAccountAdminOfApplication(Matchers.any(EPUser.class),Matchers.any(EPApp.class))).thenReturn(true); + ResponseEntity<String> response = new ResponseEntity<>(HttpStatus.OK); + Mockito.when(appService.checkIfNameSpaceIsValid("com.test1")).thenReturn(response); + Mockito.when(appService.getApp(Matchers.anyLong())).thenReturn(app); + Mockito.when(mockedResponse.getStatus()).thenReturn(200); + Mockito.when(appService.modifyOnboardingApp(Matchers.any(OnboardingApp.class), Matchers.any(EPUser.class))).thenReturn(expectedFieldValidator); + FieldsValidator actualFieldValidator = appsController.putOnboardingApp(mockedRequest, onboardingApp, + mockedResponse); + } + + + @Test - public void putOnboardingAppIfSuperAdminTest() { + public void putOnboardingApp4Test() throws Exception { + EPUser user = mockUser.mockEPUser(); + Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user); + OnboardingApp onboardingApp = new OnboardingApp(); + onboardingApp.isCentralAuth = false; + onboardingApp.nameSpace = "com.test1"; + EPApp app = new EPApp(); + app.setCentralAuth(false); + app.setNameSpace("com.test "); + FieldsValidator expectedFieldValidator = new FieldsValidator(); + expectedFieldValidator.setHttpStatusCode((long) 404); + Mockito.when(adminRolesService.isSuperAdmin(user)).thenReturn(false); + Mockito.when(adminRolesService.isAccountAdminOfAnyActiveorInactiveApplication(Matchers.any(EPUser.class),Matchers.any(EPApp.class))).thenReturn(true); + ResponseEntity<String> response = new ResponseEntity<>(HttpStatus.OK); + + HttpClientErrorException exception = new HttpClientErrorException(HttpStatus.FORBIDDEN); + Mockito.when(appService.checkIfNameSpaceIsValid("com.test1")).thenThrow(exception); + Mockito.when(appService.getApp(Matchers.anyLong())).thenReturn(app); + Mockito.when(mockedResponse.getStatus()).thenReturn(200); + Mockito.when(appService.modifyOnboardingApp(Matchers.any(OnboardingApp.class), Matchers.any(EPUser.class))).thenReturn(expectedFieldValidator); + FieldsValidator actualFieldValidator = appsController.putOnboardingApp(mockedRequest, onboardingApp, + mockedResponse); + assertEquals(expectedFieldValidator.getHttpStatusCode(), actualFieldValidator.getHttpStatusCode()); + } + + @Test + public void putOnboardingApp5Test() throws Exception { + EPUser user = mockUser.mockEPUser(); + Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user); + OnboardingApp onboardingApp = new OnboardingApp(); + onboardingApp.isCentralAuth = true; + onboardingApp.nameSpace = "com.test1"; + EPApp app = new EPApp(); + app.setNameSpace("com.test "); + FieldsValidator expectedFieldValidator = new FieldsValidator(); + expectedFieldValidator.setHttpStatusCode((long) 400); + Mockito.when(adminRolesService.isSuperAdmin(user)).thenReturn(false); + Mockito.when(adminRolesService.isAccountAdminOfApplication(Matchers.any(EPUser.class),Matchers.any(EPApp.class))).thenReturn(true); + ResponseEntity<String> response = new ResponseEntity<>(HttpStatus.OK); + + HttpClientErrorException exception = new HttpClientErrorException(HttpStatus.BAD_REQUEST); + Mockito.when(appService.checkIfNameSpaceIsValid("com.test1")).thenThrow(exception); + Mockito.when(appService.getApp(Matchers.anyLong())).thenReturn(app); + Mockito.when(mockedResponse.getStatus()).thenReturn(400); + Mockito.when(appService.modifyOnboardingApp(Matchers.any(OnboardingApp.class), Matchers.any(EPUser.class))).thenReturn(expectedFieldValidator); + FieldsValidator actualFieldValidator = appsController.putOnboardingApp(mockedRequest, onboardingApp, + mockedResponse); + } + + + @Test + public void putOnboardingAppIfSuperAdminTest() throws Exception { EPUser user = mockUser.mockEPUser(); Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user); FieldsValidator expectedFieldValidator = null; @@ -750,7 +842,7 @@ public class AppsControllerTest extends MockitoTestSuite{ } @Test - public void putOnboardingAppExceptionTest() { + public void putOnboardingAppExceptionTest() throws Exception { EPUser user = mockUser.mockEPUser(); Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user); OnboardingApp OnboardingApp = new OnboardingApp(); @@ -758,6 +850,13 @@ public class AppsControllerTest extends MockitoTestSuite{ Mockito.when(appService.modifyOnboardingApp(OnboardingApp, user)).thenThrow(nullPointerException); assertNull(appsController.putOnboardingApp(mockedRequest, OnboardingApp, mockedResponse)); } + + @Test + public void putOnboardingAppNullUserTest() throws Exception { + Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenThrow(nullPointerException); + Mockito.when(mockedResponse.getStatus()).thenReturn(200); + assertNull(appsController.putOnboardingApp(mockedRequest, new OnboardingApp(), mockedResponse)); + } @Test public void postOnboardingAppTest() { diff --git a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/AuxApiRequestMapperControllerTest.java b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/AuxApiRequestMapperControllerTest.java index 9d3ac1e2..e7303313 100644 --- a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/AuxApiRequestMapperControllerTest.java +++ b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/AuxApiRequestMapperControllerTest.java @@ -639,7 +639,7 @@ public class AuxApiRequestMapperControllerTest { Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false); Mockito.when(mockedRequest.getMethod()).thenReturn("POST"); EpNotificationItem notificationItem = new EpNotificationItem(); - assertNull(auxApiRequestMapperController.publishNotification(mockedRequest, notificationItem, mockedResponse)); + assertNotNull(auxApiRequestMapperController.publishNotification(mockedRequest, notificationItem, mockedResponse)); } @Test diff --git a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/DashboardSearchResultControllerTest.java b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/DashboardSearchResultControllerTest.java index 839b9fd5..34667853 100644 --- a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/DashboardSearchResultControllerTest.java +++ b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/DashboardSearchResultControllerTest.java @@ -93,7 +93,7 @@ public class DashboardSearchResultControllerTest { @Test public void getWidgetDataTest() { String resourceType = "test"; - PortalRestResponse<CommonWidgetMeta> ecpectedPortalRestResponse = new PortalRestResponse<CommonWidgetMeta>(); + PortalRestResponse<CommonWidgetMeta> ecpectedPortalRestResponse = new PortalRestResponse<>(); ecpectedPortalRestResponse.setMessage("success"); ecpectedPortalRestResponse.setResponse(null); ecpectedPortalRestResponse.setStatus(PortalRestStatusEnum.OK); @@ -105,8 +105,21 @@ public class DashboardSearchResultControllerTest { } @Test + public void getWidgetDataXSSTest() { + String resourceType = "\"<IMG SRC=\\\"jav\\tascript:alert('XSS');\\\">\""; + PortalRestResponse expectedPortalRestResponse = new PortalRestResponse<>(); + expectedPortalRestResponse.setMessage("resourceType: String string is not valid"); + expectedPortalRestResponse.setResponse(""); + expectedPortalRestResponse.setStatus(PortalRestStatusEnum.ERROR); + Mockito.when(searchService.getWidgetData(resourceType)).thenReturn(null); + PortalRestResponse acutualPoratlRestResponse = dashboardSearchResultController + .getWidgetData(mockedRequest, resourceType); + assertEquals(expectedPortalRestResponse,acutualPoratlRestResponse); + } + + @Test public void saveWidgetDataBulkTest() { - PortalRestResponse<String> ecpectedPortalRestResponse = new PortalRestResponse<String>(); + PortalRestResponse<String> ecpectedPortalRestResponse = new PortalRestResponse<>(); ecpectedPortalRestResponse.setMessage("success"); ecpectedPortalRestResponse.setResponse(null); ecpectedPortalRestResponse.setStatus(PortalRestStatusEnum.OK); @@ -114,7 +127,7 @@ public class DashboardSearchResultControllerTest { CommonWidgetMeta commonWidgetMeta = new CommonWidgetMeta(); commonWidgetMeta.setCategory("test"); - List<CommonWidget> commonWidgetList = new ArrayList<CommonWidget>(); + List<CommonWidget> commonWidgetList = new ArrayList<>(); CommonWidget commonWidget = new CommonWidget(); commonWidget.setId((long) 1); commonWidget.setCategory("test"); @@ -136,8 +149,39 @@ public class DashboardSearchResultControllerTest { } @Test + public void saveWidgetDataBulkXSSTest() { + PortalRestResponse<String> ecpectedPortalRestResponse = new PortalRestResponse<>(); + ecpectedPortalRestResponse.setMessage("ERROR"); + ecpectedPortalRestResponse.setResponse("Category is not valid"); + ecpectedPortalRestResponse.setStatus(PortalRestStatusEnum.ERROR); + + CommonWidgetMeta commonWidgetMeta = new CommonWidgetMeta(); + commonWidgetMeta.setCategory("test"); + + List<CommonWidget> commonWidgetList = new ArrayList<>(); + CommonWidget commonWidget = new CommonWidget(); + commonWidget.setId((long) 1); + commonWidget.setCategory("test"); + commonWidget.setHref("\"<IMG SRC=\\\"jav\\tascript:alert('XSS');\\\">\""); + commonWidget.setTitle("test_title"); + commonWidget.setContent("test_content"); + commonWidget.setEventDate(null); + commonWidget.setSortOrder(1); + + commonWidgetList.add(commonWidget); + + commonWidgetMeta.setItems(commonWidgetList); + + Mockito.when(searchService.saveWidgetDataBulk(commonWidgetMeta)).thenReturn(null); + + PortalRestResponse<String> actualPortalRestResponse = dashboardSearchResultController + .saveWidgetDataBulk(commonWidgetMeta); + assertEquals(ecpectedPortalRestResponse, actualPortalRestResponse); + } + + @Test public void saveWidgetDataBulkIfCategoryNullTest() { - PortalRestResponse<String> ecpectedPortalRestResponse = new PortalRestResponse<String>(); + PortalRestResponse<String> ecpectedPortalRestResponse = new PortalRestResponse<>(); ecpectedPortalRestResponse.setMessage("java.text.ParseException: Unparseable date: \"1\""); ecpectedPortalRestResponse.setResponse(null); ecpectedPortalRestResponse.setStatus(PortalRestStatusEnum.ERROR); @@ -145,7 +189,7 @@ public class DashboardSearchResultControllerTest { CommonWidgetMeta commonWidgetMeta = new CommonWidgetMeta(); commonWidgetMeta.setCategory("test"); - List<CommonWidget> commonWidgetList = new ArrayList<CommonWidget>(); + List<CommonWidget> commonWidgetList = new ArrayList<>(); CommonWidget commonWidget = new CommonWidget(); commonWidget.setId(null); commonWidget.setCategory(null); @@ -166,7 +210,7 @@ public class DashboardSearchResultControllerTest { @Test public void saveWidgetDataTest() { - PortalRestResponse<String> ecpectedPortalRestResponse = new PortalRestResponse<String>(); + PortalRestResponse<String> ecpectedPortalRestResponse = new PortalRestResponse<>(); ecpectedPortalRestResponse.setMessage("success"); ecpectedPortalRestResponse.setResponse(null); ecpectedPortalRestResponse.setStatus(PortalRestStatusEnum.OK); @@ -188,10 +232,33 @@ public class DashboardSearchResultControllerTest { } @Test + public void saveWidgetDataXSSTest() { + PortalRestResponse<String> expectedPortalRestResponse = new PortalRestResponse<>(); + expectedPortalRestResponse.setMessage("ERROR"); + expectedPortalRestResponse.setResponse("Category is not valid"); + expectedPortalRestResponse.setStatus(PortalRestStatusEnum.ERROR); + CommonWidget commonWidget = new CommonWidget(); + commonWidget.setId((long) 1); + commonWidget.setCategory("test"); + commonWidget.setHref("\"<IMG SRC=\"jav\\tascript:alert('XSS');\">\""); + commonWidget.setTitle("test_title"); + commonWidget.setContent("test_content"); + commonWidget.setEventDate(null); + commonWidget.setSortOrder(1); + + Mockito.when(searchService.saveWidgetData(commonWidget)).thenReturn(null); + + PortalRestResponse<String> actualPortalRestResponse = dashboardSearchResultController + .saveWidgetData(commonWidget); + assertEquals(expectedPortalRestResponse, actualPortalRestResponse); + + } + + @Test public void saveWidgetDataExceptionTest() { - PortalRestResponse<String> ecpectedPortalRestResponse = new PortalRestResponse<String>(); + PortalRestResponse<String> ecpectedPortalRestResponse = new PortalRestResponse<>(); ecpectedPortalRestResponse.setMessage("ERROR"); - ecpectedPortalRestResponse.setResponse("Cateogry cannot be null or empty"); + ecpectedPortalRestResponse.setResponse("Category cannot be null or empty"); ecpectedPortalRestResponse.setStatus(PortalRestStatusEnum.ERROR); CommonWidget commonWidget = new CommonWidget(); commonWidget.setId((long) 1); @@ -212,7 +279,7 @@ public class DashboardSearchResultControllerTest { @Test public void saveWidgetDataDateErrorTest() { - PortalRestResponse<String> ecpectedPortalRestResponse = new PortalRestResponse<String>(); + PortalRestResponse<String> ecpectedPortalRestResponse = new PortalRestResponse<>(); ecpectedPortalRestResponse.setMessage("java.text.ParseException: Unparseable date: \"1\""); ecpectedPortalRestResponse.setResponse(null); ecpectedPortalRestResponse.setStatus(PortalRestStatusEnum.ERROR); @@ -233,8 +300,9 @@ public class DashboardSearchResultControllerTest { } + @Test public void deleteWidgetDataTest() { - PortalRestResponse<String> ecpectedPortalRestResponse = new PortalRestResponse<String>(); + PortalRestResponse<String> ecpectedPortalRestResponse = new PortalRestResponse<>(); ecpectedPortalRestResponse.setMessage("success"); ecpectedPortalRestResponse.setResponse(null); ecpectedPortalRestResponse.setStatus(PortalRestStatusEnum.OK); @@ -255,14 +323,36 @@ public class DashboardSearchResultControllerTest { } @Test + public void deleteWidgetDataXSSTest() { + PortalRestResponse<String> expectedPortalRestResponse = new PortalRestResponse<>(); + expectedPortalRestResponse.setMessage("ERROR"); + expectedPortalRestResponse.setResponse("CommonWidget is not valid"); + expectedPortalRestResponse.setStatus(PortalRestStatusEnum.ERROR); + CommonWidget commonWidget = new CommonWidget(); + commonWidget.setId((long) 1); + commonWidget.setCategory("test"); + commonWidget.setHref("test_href"); + commonWidget.setTitle("\"<IMG SRC=\"jav\\tascript:alert('XSS');\">\""); + commonWidget.setContent("test_content"); + commonWidget.setEventDate(null); + commonWidget.setSortOrder(1); + Mockito.when(searchService.deleteWidgetData(commonWidget)).thenReturn(null); + + PortalRestResponse<String> actualPortalRestResponse = dashboardSearchResultController + .deleteWidgetData(commonWidget); + + assertEquals(expectedPortalRestResponse, actualPortalRestResponse); + } + + @Test public void searchPortalIfUserIsNull() { EPUser user = null; Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user); String searchString = "test"; - PortalRestResponse<Map<String, List<SearchResultItem>>> expectedResult = new PortalRestResponse<Map<String, List<SearchResultItem>>>(); + PortalRestResponse<Map<String, List<SearchResultItem>>> expectedResult = new PortalRestResponse<>(); expectedResult.setMessage("searchPortal: User object is null? - check logs"); - expectedResult.setResponse(new HashMap<String, List<SearchResultItem>>()); + expectedResult.setResponse(new HashMap<>()); expectedResult.setStatus(PortalRestStatusEnum.ERROR); PortalRestResponse<Map<String, List<SearchResultItem>>> actualResult = dashboardSearchResultController .searchPortal(mockedRequest, searchString); @@ -272,13 +362,12 @@ public class DashboardSearchResultControllerTest { @Test public void searchPortalIfSearchStringNullTest() { EPUser user = mockUser.mockEPUser(); - ; Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user); String searchString = null; - PortalRestResponse<Map<String, List<SearchResultItem>>> expectedResult = new PortalRestResponse<Map<String, List<SearchResultItem>>>(); + PortalRestResponse<Map<String, List<SearchResultItem>>> expectedResult = new PortalRestResponse<>(); expectedResult.setMessage("searchPortal: String string is null"); - expectedResult.setResponse(new HashMap<String, List<SearchResultItem>>()); + expectedResult.setResponse(new HashMap<>()); expectedResult.setStatus(PortalRestStatusEnum.ERROR); PortalRestResponse<Map<String, List<SearchResultItem>>> actualResult = dashboardSearchResultController @@ -289,10 +378,9 @@ public class DashboardSearchResultControllerTest { @Test public void searchPortalIfSearchTest() { EPUser user = mockUser.mockEPUser(); - ; Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user); String searchString = "test"; - List<SearchResultItem> searchResultItemList = new ArrayList<SearchResultItem>(); + List<SearchResultItem> searchResultItemList = new ArrayList<>(); SearchResultItem searchResultItem = new SearchResultItem(); searchResultItem.setId((long) 1); @@ -301,10 +389,10 @@ public class DashboardSearchResultControllerTest { searchResultItem.setTarget("test_target"); searchResultItem.setUuid("test_UUId"); searchResultItemList.add(searchResultItem); - Map<String, List<SearchResultItem>> expectedResultMap = new HashMap<String, List<SearchResultItem>>(); + Map<String, List<SearchResultItem>> expectedResultMap = new HashMap<>(); expectedResultMap.put(searchString, searchResultItemList); - PortalRestResponse<Map<String, List<SearchResultItem>>> expectedResult = new PortalRestResponse<Map<String, List<SearchResultItem>>>(); + PortalRestResponse<Map<String, List<SearchResultItem>>> expectedResult = new PortalRestResponse<>(); expectedResult.setMessage("success"); expectedResult.setResponse(expectedResultMap); expectedResult.setStatus(PortalRestStatusEnum.OK); @@ -319,13 +407,12 @@ public class DashboardSearchResultControllerTest { @Test public void searchPortalIfSearchExcptionTest() { EPUser user = mockUser.mockEPUser(); - ; Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user); String searchString = "test"; - PortalRestResponse<Map<String, List<SearchResultItem>>> expectedResult = new PortalRestResponse<Map<String, List<SearchResultItem>>>(); + PortalRestResponse<Map<String, List<SearchResultItem>>> expectedResult = new PortalRestResponse<>(); expectedResult.setMessage("null - check logs."); - expectedResult.setResponse(new HashMap<String, List<SearchResultItem>>()); + expectedResult.setResponse(new HashMap<>()); expectedResult.setStatus(PortalRestStatusEnum.ERROR); Mockito.when(searchService.searchResults(user.getLoginId(), searchString)).thenThrow(nullPointerException); @@ -336,9 +423,8 @@ public class DashboardSearchResultControllerTest { @Test public void getActiveUsersTest() { - List<String> expectedActiveUsers = new ArrayList<String>(); + List<String> expectedActiveUsers = new ArrayList<>(); EPUser user = mockUser.mockEPUser(); - ; Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user); String userId = user.getOrgUserId(); Mockito.when(searchService.getRelatedUsers(userId)).thenReturn(expectedActiveUsers); @@ -349,7 +435,7 @@ public class DashboardSearchResultControllerTest { @Test public void getActiveUsersExceptionTest() { - List<String> expectedActiveUsers = new ArrayList<String>(); + List<String> expectedActiveUsers = new ArrayList<>(); EPUser user = mockUser.mockEPUser(); Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user); String userId = user.getOrgUserId(); @@ -363,7 +449,7 @@ public class DashboardSearchResultControllerTest { public void activeUsersTest() { EPUser user = mockUser.mockEPUser(); Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user); - PortalRestResponse<List<String>> expectedResult = new PortalRestResponse<List<String>>(); + PortalRestResponse<List<String>> expectedResult = new PortalRestResponse<>(); expectedResult.setMessage("success"); expectedResult.setResponse(new ArrayList<>()); expectedResult.setStatus(PortalRestStatusEnum.OK); @@ -377,7 +463,7 @@ public class DashboardSearchResultControllerTest { public void activeUsersIfUserNullTest() { EPUser user = null; Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user); - PortalRestResponse<List<String>> expectedResult = new PortalRestResponse<List<String>>(); + PortalRestResponse<List<String>> expectedResult = new PortalRestResponse<>(); expectedResult.setMessage("User object is null? - check logs"); expectedResult.setResponse(new ArrayList<>()); expectedResult.setStatus(PortalRestStatusEnum.ERROR); @@ -390,7 +476,7 @@ public class DashboardSearchResultControllerTest { public void activeUsersExceptionTest() { EPUser user = mockUser.mockEPUser(); Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user); - PortalRestResponse<List<String>> expectedResult = new PortalRestResponse<List<String>>(); + PortalRestResponse<List<String>> expectedResult = new PortalRestResponse<>(); expectedResult.setMessage("null - check logs."); expectedResult.setResponse(new ArrayList<>()); expectedResult.setStatus(PortalRestStatusEnum.ERROR); diff --git a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/ExternalAppsRestfulControllerTest.java b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/ExternalAppsRestfulControllerTest.java index 73978a33..d8f98bb9 100644 --- a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/ExternalAppsRestfulControllerTest.java +++ b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/ExternalAppsRestfulControllerTest.java @@ -4,6 +4,8 @@ * =================================================================== * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. * =================================================================== + * Modifications Copyright (c) 2019 Samsung + * =================================================================== * * Unless otherwise specified, all software contained herein is licensed * under the Apache License, Version 2.0 (the "License"); @@ -38,8 +40,9 @@ package org.onap.portalapp.portal.controller; import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertNull; -import static org.junit.Assert.assertTrue; +import static org.mockito.Matchers.any; import java.util.ArrayList; import java.util.Calendar; @@ -54,18 +57,15 @@ import javax.servlet.http.HttpServletResponse; import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; +import org.mockito.ArgumentCaptor; import org.mockito.InjectMocks; -import org.mockito.Matchers; import org.mockito.Mock; import org.mockito.Mockito; import org.mockito.MockitoAnnotations; -import org.onap.portalapp.portal.controller.ExternalAppsRestfulController; import org.onap.portalapp.portal.core.MockEPUser; import org.onap.portalapp.portal.domain.EPApp; +import org.onap.portalapp.portal.domain.EPRole; import org.onap.portalapp.portal.domain.EPUser; -import org.onap.portalapp.portal.domain.UserRole; -import org.onap.portalapp.portal.ecomp.model.PortalRestResponse; -import org.onap.portalapp.portal.ecomp.model.PortalRestStatusEnum; import org.onap.portalapp.portal.framework.MockitoTestSuite; import org.onap.portalapp.portal.service.AdminRolesService; import org.onap.portalapp.portal.service.AdminRolesServiceImpl; @@ -82,7 +82,6 @@ import org.onap.portalapp.portal.transport.FavoritesFunctionalMenuItemJson; import org.onap.portalapp.portal.transport.FunctionalMenuItem; import org.onap.portalapp.portal.utils.EPCommonSystemProperties; import org.onap.portalapp.portal.utils.EcompPortalUtils; -import org.onap.portalsdk.core.menu.MenuBuilder; import org.onap.portalsdk.core.onboarding.crossapi.PortalAPIResponse; import org.onap.portalsdk.core.service.DataAccessService; import org.onap.portalsdk.core.service.DataAccessServiceImpl; @@ -247,88 +246,124 @@ public class ExternalAppsRestfulControllerTest { .getFavoritesForUser(mockedRequest, mockedResponse); assertEquals(actaulFavorites.size(), 1); } - - @Test(expected=NullPointerException.class) - public void publishNotificationTest() throws Exception{ - EPApp appTest=new EPApp(); - Mockito.when(mockedRequest.getHeader("uebkey")).thenReturn("RxH3983AHiyBOQmj"); - appTest.setUebKey("123456"); - String appKey="123456"; - EpNotificationItem notificationItem=new EpNotificationItem(); - List<Long> roleList = new ArrayList<Long>(); - Long role1 = (long) 1; - roleList.add(role1); - notificationItem.setRoleIds(roleList); - notificationItem.setIsForAllRoles("N"); - notificationItem.setIsForOnlineUsers("N"); - notificationItem.setActiveYn("Y"); - notificationItem.setPriority(1L); - notificationItem.setMsgHeader("testHeader"); - notificationItem.setMsgDescription("Test Description"); - Date currentDate = new Date(); - Calendar c = Calendar.getInstance(); - c.setTime(currentDate); - c.add(Calendar.DATE, 1); - Date currentDatePlusOne = c.getTime(); - notificationItem.setStartTime(currentDate); - notificationItem.setEndTime(currentDatePlusOne); - notificationItem.setCreatedDate(c.getTime()); - - PortalAPIResponse actualPortalRestResponse = new PortalAPIResponse(true, appKey); - PortalAPIResponse expectedPortalRestResponse = new PortalAPIResponse(true, appKey); - expectedPortalRestResponse.setMessage("SUCCESS"); - expectedPortalRestResponse.setStatus("ok"); - Map<String, String> params = new HashMap<>(); - params.put("appKey", "1234567"); - - Mockito.when(DataAccessService.executeNamedQuery("getMyAppDetailsByUebKey", params, null)).thenReturn(null); - Mockito.when(userNotificationService.saveNotification(notificationItem)).thenReturn("Test"); - actualPortalRestResponse = externalAppsRestfulController.publishNotification(mockedRequest, notificationItem); - assertTrue(actualPortalRestResponse.equals(expectedPortalRestResponse)); - - } - - @Test(expected=NullPointerException.class) - public void publishNotificationTest1() throws Exception{ - EpNotificationItem notificationItem=new EpNotificationItem(); - List<Long> roleList = new ArrayList<Long>(); - Long role1 = (long) 1; - roleList.add(role1); - notificationItem.setRoleIds(roleList); - notificationItem.setIsForAllRoles("N"); - notificationItem.setIsForOnlineUsers("N"); - notificationItem.setActiveYn("Y"); - notificationItem.setPriority(1L); - notificationItem.setMsgHeader("testHeader"); - notificationItem.setMsgDescription("Test Description"); - Date currentDate = new Date(); - Calendar c = Calendar.getInstance(); - c.setTime(currentDate); - c.add(Calendar.DATE, 1); - Date currentDatePlusOne = c.getTime(); - notificationItem.setStartTime(currentDate); - notificationItem.setEndTime(currentDatePlusOne); - notificationItem.setCreatedDate(c.getTime()); - - //PowerMockito.mockStatic(EPApp.class); - - List<EPApp> appList = new ArrayList<>(); - EPApp app = mockApp(); - app.setId((long) 1); - appList.add(app); - - final Map<String, String> appUebkeyParams = new HashMap<>(); - appUebkeyParams.put("appKey", "test-ueb-key"); - - Mockito.when(DataAccessService.executeNamedQuery("getMyAppDetailsByUebKey", appUebkeyParams, null)) - .thenReturn(appList); - //EPApp epApp=new EPApp(); - - Mockito.when(mockedRequest.getHeader("uebkey")).thenReturn("RxH3983AHiyBOQmj"); + @Test + public void publishNotificationTest_Success() throws Exception { + // input + EpNotificationItem notificationItem = new EpNotificationItem(); + List<Long> roleList = new ArrayList<Long>(); + Long role1 = 1L; + roleList.add(role1); + notificationItem.setRoleIds(roleList); + notificationItem.setPriority(1L); + notificationItem.setMsgHeader("testHeader"); + notificationItem.setMsgDescription("Test Description"); + Date currentDate = new Date(); + Calendar c = Calendar.getInstance(); + c.setTime(currentDate); + c.add(Calendar.DATE, 1); + Date currentDatePlusOne = c.getTime(); + notificationItem.setStartTime(currentDate); + notificationItem.setEndTime(currentDatePlusOne); - externalAppsRestfulController.publishNotification(mockedRequest, notificationItem); + // mock calls + Mockito.when(mockedRequest.getHeader("uebkey")).thenReturn("RxH3983AHiyBOQmj"); + Map<String, String> params = new HashMap<>(); + params.put("appKey", "RxH3983AHiyBOQmj"); + List<EPApp> apps = new ArrayList<>(); + EPApp app = new EPApp(); + app.setId(123L); + apps.add(app); + Mockito.when(DataAccessService.executeNamedQuery("getMyAppDetailsByUebKey", params, null)).thenReturn(apps); + EPRole role = new EPRole(); + role.setId(543L); + Mockito.when(epRoleService.getRole(123L, 1L)).thenReturn(role); + + // run + Mockito.when(userNotificationService.saveNotification(notificationItem)).thenReturn("Test"); + PortalAPIResponse response = externalAppsRestfulController.publishNotification(mockedRequest, notificationItem); + // verify answer + assertNotNull(response); + assertEquals("ok", response.getStatus()); + assertEquals("success", response.getMessage()); + ArgumentCaptor<EpNotificationItem> capture = ArgumentCaptor.forClass(EpNotificationItem.class); + Mockito.verify(userNotificationService).saveNotification(capture.capture()); + assertNotNull(capture.getValue()); + EpNotificationItem createdNofification = capture.getValue(); + assertNotNull(createdNofification.getRoleIds()); + assertEquals(1, createdNofification.getRoleIds().size()); + assertEquals(543L, createdNofification.getRoleIds().get(0).longValue()); + } + + @Test + public void publishNotificationTest_EmptyAppHeader() throws Exception { + // input + EpNotificationItem notificationItem = new EpNotificationItem(); + List<Long> roleList = new ArrayList<Long>(); + Long role1 = 1L; + roleList.add(role1); + notificationItem.setRoleIds(roleList); + notificationItem.setPriority(1L); + notificationItem.setMsgHeader("testHeader"); + notificationItem.setMsgDescription("Test Description"); + Date currentDate = new Date(); + Calendar c = Calendar.getInstance(); + c.setTime(currentDate); + c.add(Calendar.DATE, 1); + Date currentDatePlusOne = c.getTime(); + notificationItem.setStartTime(currentDate); + notificationItem.setEndTime(currentDatePlusOne); + + Mockito.when(mockedRequest.getHeader("uebkey")).thenReturn(null); + final Map<String, String> params = new HashMap<>(); + params.put("appKey", null); + Mockito.when(DataAccessService.executeNamedQuery("getMyAppDetailsByUebKey", params, null)) + .thenThrow(NullPointerException.class); + + PortalAPIResponse response = externalAppsRestfulController.publishNotification(mockedRequest, notificationItem); + assertNotNull(response); + assertEquals("ok", response.getStatus()); + assertEquals("success", response.getMessage()); + ArgumentCaptor<EpNotificationItem> capture = ArgumentCaptor.forClass(EpNotificationItem.class); + Mockito.verify(userNotificationService).saveNotification(capture.capture()); + assertNotNull(capture.getValue()); + EpNotificationItem createdNofification = capture.getValue(); + assertNotNull(createdNofification.getRoleIds()); + assertEquals(0, createdNofification.getRoleIds().size()); + } + + @Test + public void publishNotificationTest_ErrorResponse() throws Exception { + // input + EpNotificationItem notificationItem = new EpNotificationItem(); + List<Long> roleList = new ArrayList<Long>(); + Long role1 = 1L; + roleList.add(role1); + notificationItem.setRoleIds(roleList); + notificationItem.setPriority(1L); + notificationItem.setMsgHeader("testHeader"); + notificationItem.setMsgDescription("Test Description"); + Date currentDate = new Date(); + Calendar c = Calendar.getInstance(); + c.setTime(currentDate); + c.add(Calendar.DATE, 1); + Date currentDatePlusOne = c.getTime(); + notificationItem.setStartTime(currentDate); + notificationItem.setEndTime(currentDatePlusOne); + + Mockito.when(mockedRequest.getHeader("uebkey")).thenReturn(null); + final Map<String, String> params = new HashMap<>(); + params.put("appKey", null); + Mockito.when(DataAccessService.executeNamedQuery("getMyAppDetailsByUebKey", params, null)) + .thenThrow(NullPointerException.class); + Mockito.when(userNotificationService.saveNotification(any(EpNotificationItem.class))). + thenThrow(new NullPointerException("expected message")); + + PortalAPIResponse response = externalAppsRestfulController.publishNotification(mockedRequest, notificationItem); + assertNotNull(response); + assertEquals("error", response.getStatus()); + assertEquals("expected message", response.getMessage()); + } - } } diff --git a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/MicroserviceControllerTest.java b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/MicroserviceControllerTest.java index 21d0cf70..81e1f8b2 100644 --- a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/MicroserviceControllerTest.java +++ b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/MicroserviceControllerTest.java @@ -96,7 +96,7 @@ public class MicroserviceControllerTest extends MockitoTestSuite{ @SuppressWarnings("rawtypes") @Mock - ResponseEntity<List<WidgetCatalog>> ans = new ResponseEntity<List<WidgetCatalog>>(HttpStatus.OK); + ResponseEntity<List<WidgetCatalog>> ans = new ResponseEntity<>(HttpStatus.OK); @Before public void setup() { @@ -114,11 +114,10 @@ public class MicroserviceControllerTest extends MockitoTestSuite{ @Test public void createMicroserviceIfServiceDataNullTest() throws Exception { - PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>(); + PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>(); expectedportalRestResponse.setMessage("FAILURE"); expectedportalRestResponse.setResponse("MicroserviceData cannot be null or empty"); - PortalRestStatusEnum portalRestStatusEnum = null; - expectedportalRestResponse.setStatus(portalRestStatusEnum.ERROR); + expectedportalRestResponse.setStatus(PortalRestStatusEnum.ERROR); MicroserviceData microserviceData = null; PortalRestResponse<String> actualportalRestResponse = microserviceController.createMicroservice(mockedRequest, mockedResponse, microserviceData); @@ -127,23 +126,35 @@ public class MicroserviceControllerTest extends MockitoTestSuite{ @Test public void createMicroserviceTest() throws Exception { - PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>(); + PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>(); expectedportalRestResponse.setMessage("SUCCESS"); expectedportalRestResponse.setResponse(""); - PortalRestStatusEnum portalRestStatusEnum = null; - expectedportalRestResponse.setStatus(portalRestStatusEnum.OK); + expectedportalRestResponse.setStatus(PortalRestStatusEnum.OK); PortalRestResponse<String> actualportalRestResponse = microserviceController.createMicroservice(mockedRequest, mockedResponse, microserviceData); assertEquals(actualportalRestResponse, expectedportalRestResponse); } @Test + public void createMicroserviceXSSTest() throws Exception { + PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>(); + expectedportalRestResponse.setMessage("ERROR"); + expectedportalRestResponse.setResponse("MicroserviceData is not valid"); + expectedportalRestResponse.setStatus(PortalRestStatusEnum.ERROR); + MicroserviceData XSSMicroserviceData = new MicroserviceData(); + XSSMicroserviceData.setActive("<script>alert(123);</script>"); + XSSMicroserviceData.setName("<script>alert(/XSS”)</script>"); + PortalRestResponse<String> actualportalRestResponse = microserviceController.createMicroservice(mockedRequest, + mockedResponse, XSSMicroserviceData); + assertEquals(expectedportalRestResponse, actualportalRestResponse); + } + + @Test public void createMicroserviceExceptionTest() throws Exception { - PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>(); + PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>(); expectedportalRestResponse.setMessage("FAILURE"); expectedportalRestResponse.setResponse(null); - PortalRestStatusEnum portalRestStatusEnum = null; - expectedportalRestResponse.setStatus(portalRestStatusEnum.ERROR); + expectedportalRestResponse.setStatus(PortalRestStatusEnum.ERROR); Mockito.when(microserviceService.saveMicroservice(microserviceData)).thenReturn((long) 1); Mockito.when(microserviceData.getParameterList()).thenThrow(nullPointerException); PortalRestResponse<String> actualportalRestResponse = microserviceController.createMicroservice(mockedRequest, @@ -159,12 +170,11 @@ public class MicroserviceControllerTest extends MockitoTestSuite{ } @Test - public void updateMicroserviceIfServiceISNullTest() throws Exception { - PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>(); + public void updateMicroserviceIfServiceISNullTest() { + PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>(); expectedportalRestResponse.setMessage("FAILURE"); expectedportalRestResponse.setResponse("MicroserviceData cannot be null or empty"); - PortalRestStatusEnum portalRestStatusEnum = null; - expectedportalRestResponse.setStatus(portalRestStatusEnum.ERROR); + expectedportalRestResponse.setStatus(PortalRestStatusEnum.ERROR); MicroserviceData microserviceData = null; PortalRestResponse<String> actualportalRestResponse = microserviceController.updateMicroservice(mockedRequest, mockedResponse, 1, microserviceData); @@ -172,24 +182,36 @@ public class MicroserviceControllerTest extends MockitoTestSuite{ } @Test - public void updateMicroserviceTest() throws Exception { - PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>(); + public void updateMicroserviceTest() { + PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>(); expectedportalRestResponse.setMessage("SUCCESS"); expectedportalRestResponse.setResponse(""); - PortalRestStatusEnum portalRestStatusEnum = null; - expectedportalRestResponse.setStatus(portalRestStatusEnum.OK); + expectedportalRestResponse.setStatus(PortalRestStatusEnum.OK); PortalRestResponse<String> actualportalRestResponse = microserviceController.updateMicroservice(mockedRequest, - mockedResponse, 1, microserviceData); + mockedResponse, 1, microserviceData); assertEquals(actualportalRestResponse, expectedportalRestResponse); } @Test - public void updateMicroserviceExceptionTest() throws Exception { - PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>(); + public void updateMicroserviceXSSTest() { + PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>(); + expectedportalRestResponse.setMessage("ERROR"); + expectedportalRestResponse.setResponse("MicroserviceData is not valid"); + expectedportalRestResponse.setStatus(PortalRestStatusEnum.ERROR); + MicroserviceData XSSMicroserviceData = new MicroserviceData(); + XSSMicroserviceData.setActive("<script>alert(123);</script>"); + XSSMicroserviceData.setName("<script>alert(/XSS”)</script>"); + PortalRestResponse<String> actualportalRestResponse = microserviceController.updateMicroservice(mockedRequest, + mockedResponse, 1, XSSMicroserviceData); + assertEquals(expectedportalRestResponse, actualportalRestResponse); + } + + @Test + public void updateMicroserviceExceptionTest() { + PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>(); expectedportalRestResponse.setMessage("FAILURE"); expectedportalRestResponse.setResponse(null); - PortalRestStatusEnum portalRestStatusEnum = null; - expectedportalRestResponse.setStatus(portalRestStatusEnum.ERROR); + expectedportalRestResponse.setStatus(PortalRestStatusEnum.ERROR); Mockito.when(microserviceController.updateMicroservice(mockedRequest, mockedResponse, 1, microserviceData)) .thenThrow(nullPointerException); PortalRestResponse<String> actualportalRestResponse = microserviceController.updateMicroservice(mockedRequest, @@ -198,14 +220,14 @@ public class MicroserviceControllerTest extends MockitoTestSuite{ } @Test - public void deleteMicroserviceExceptionTest() throws Exception { - PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>(); + public void deleteMicroserviceExceptionTest() { + PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>(); expectedportalRestResponse.setMessage("FAILURE"); PowerMockito.mockStatic(EcompPortalUtils.class); expectedportalRestResponse.setResponse( - "I/O error on GET request for \"" + EcompPortalUtils.widgetMsProtocol() + "://null/widget/microservices/widgetCatalog/service/1\":null; nested exception is java.net.UnknownHostException: null"); - PortalRestStatusEnum portalRestStatusEnum = null; - expectedportalRestResponse.setStatus(portalRestStatusEnum.ERROR); + "I/O error on GET request for \"" + org.onap.portalapp.portal.utils.EcompPortalUtils.widgetMsProtocol() + + "://null/widget/microservices/widgetCatalog/service/1\":null; nested exception is java.net.UnknownHostException: null"); + expectedportalRestResponse.setStatus(PortalRestStatusEnum.ERROR); PowerMockito.mockStatic(WidgetServiceHeaders.class); PortalRestResponse<String> actuaPportalRestResponse = microserviceController.deleteMicroservice(mockedRequest, mockedResponse, 1); @@ -215,13 +237,11 @@ public class MicroserviceControllerTest extends MockitoTestSuite{ @SuppressWarnings("unchecked") @Test public void deleteMicroserviceTest() throws Exception { - String HTTPS = "https://"; - PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>(); + PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>(); expectedportalRestResponse.setMessage("SOME WIDGETS ASSOICATE WITH THIS SERVICE"); expectedportalRestResponse.setResponse("'null' ,'null' "); - PortalRestStatusEnum portalRestStatusEnum = null; - expectedportalRestResponse.setStatus(portalRestStatusEnum.WARN); - List<WidgetCatalog> List = new ArrayList<WidgetCatalog>(); + expectedportalRestResponse.setStatus(PortalRestStatusEnum.WARN); + List<WidgetCatalog> List = new ArrayList<>(); WidgetCatalog widgetCatalog = new WidgetCatalog(); widgetCatalog.setId(1); WidgetCatalog widgetCatalog1 = new WidgetCatalog(); @@ -236,7 +256,7 @@ public class MicroserviceControllerTest extends MockitoTestSuite{ ParameterizedTypeReference<List<WidgetCatalog>> typeRef = new ParameterizedTypeReference<List<WidgetCatalog>>() { }; Mockito.when(template.exchange( - EcompPortalUtils.widgetMsProtocol() + "://" + consulHealthService.getServiceLocation(whatService, SystemProperties.getProperty("microservices.widget.local.port")) + org.onap.portalapp.portal.utils.EcompPortalUtils.widgetMsProtocol() + "://" + consulHealthService.getServiceLocation(whatService, SystemProperties.getProperty("microservices.widget.local.port")) + "/widget/microservices/widgetCatalog/service/" + 1, HttpMethod.GET, new HttpEntity(WidgetServiceHeaders.getInstance()), typeRef)).thenReturn(ans); @@ -248,12 +268,11 @@ public class MicroserviceControllerTest extends MockitoTestSuite{ @SuppressWarnings("unchecked") @Test public void deleteMicroserviceWhenNoWidgetsAssociatedTest() throws Exception { - PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>(); + PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>(); expectedportalRestResponse.setMessage("SUCCESS"); expectedportalRestResponse.setResponse(""); - PortalRestStatusEnum portalRestStatusEnum = null; - expectedportalRestResponse.setStatus(portalRestStatusEnum.OK); - List<WidgetCatalog> List = new ArrayList<WidgetCatalog>(); + expectedportalRestResponse.setStatus(PortalRestStatusEnum.OK); + List<WidgetCatalog> List = new ArrayList<>(); PowerMockito.mockStatic(WidgetServiceHeaders.class); PowerMockito.mockStatic(EcompPortalUtils.class); String whatService = "widgets-service"; @@ -262,7 +281,7 @@ public class MicroserviceControllerTest extends MockitoTestSuite{ ParameterizedTypeReference<List<WidgetCatalog>> typeRef = new ParameterizedTypeReference<List<WidgetCatalog>>() { }; Mockito.when(template.exchange( - EcompPortalUtils.widgetMsProtocol() + "://" + consulHealthService.getServiceLocation(whatService, SystemProperties.getProperty("microservices.widget.local.port")) + org.onap.portalapp.portal.utils.EcompPortalUtils.widgetMsProtocol() + "://" + consulHealthService.getServiceLocation(whatService, SystemProperties.getProperty("microservices.widget.local.port")) + "/widget/microservices/widgetCatalog/service/" + 1, HttpMethod.GET, new HttpEntity(WidgetServiceHeaders.getInstance()), typeRef)).thenReturn(ans); PortalRestResponse<String> actuaPportalRestResponse = microserviceController.deleteMicroservice(mockedRequest, diff --git a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/RoleManageControllerTest.java b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/RoleManageControllerTest.java index ff9fcffc..9673cb2c 100644 --- a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/RoleManageControllerTest.java +++ b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/RoleManageControllerTest.java @@ -4,6 +4,8 @@ * =================================================================== * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. * =================================================================== + * Modifications Copyright (c) 2019 Samsung + * =================================================================== * * Unless otherwise specified, all software contained herein is licensed * under the Apache License, Version 2.0 (the "License"); @@ -76,6 +78,7 @@ import org.onap.portalapp.portal.domain.EPApp; import org.onap.portalapp.portal.domain.EPUser; import org.onap.portalapp.portal.ecomp.model.PortalRestResponse; import org.onap.portalapp.portal.ecomp.model.PortalRestStatusEnum; +import org.onap.portalapp.portal.ecomp.model.UploadRoleFunctionExtSystem; import org.onap.portalapp.portal.framework.MockitoTestSuite; import org.onap.portalapp.portal.service.AdminRolesService; import org.onap.portalapp.portal.service.EPAppService; @@ -368,6 +371,48 @@ public class RoleManageControllerTest { } @Test + public void saveRoleFunctionXSSTest() throws Exception { + PowerMockito.mockStatic(EPUserUtils.class); + PowerMockito.mockStatic(EcompPortalUtils.class); + EPUser user = mockUser.mockEPUser(); + Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user); + Mockito.when(EcompPortalUtils.checkIfRemoteCentralAccessAllowed()).thenReturn(true); + Mockito.when(adminRolesService.isAccountAdminOfApplication(user, CentralApp())).thenReturn(true); + Mockito.when(appService.getApp((long) 1)).thenReturn(CentralApp()); + Mockito.doNothing().when(roleFunctionListController).saveRoleFunction(mockedRequest, mockedResponse, "test"); + CentralV2RoleFunction addNewFunc = new CentralV2RoleFunction(); + addNewFunc.setCode("“><script>alert(“XSS”)</script>"); + addNewFunc.setType("Test"); + addNewFunc.setAction("Test"); + addNewFunc.setName("Test"); + CentralV2RoleFunction roleFunction = mockCentralRoleFunction(); + roleFunction.setCode("Test|Test|Test"); + Mockito.when(externalAccessRolesService.getRoleFunction("Test|Test|Test", "test")).thenReturn(roleFunction); + Mockito.when(externalAccessRolesService.saveCentralRoleFunction(Matchers.anyObject(), Matchers.anyObject())) + .thenReturn(true); + Mockito.when(EcompPortalUtils.getFunctionCode(roleFunction.getCode())).thenReturn("Test"); + Mockito.when(EcompPortalUtils.getFunctionType(roleFunction.getCode())).thenReturn("Test"); + Mockito.when(EcompPortalUtils.getFunctionAction(roleFunction.getCode())).thenReturn("Test"); + Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user); + List<EPUser> userList = new ArrayList<>(); + userList.add(user); + List<EPApp> appList = new ArrayList<>(); + appList.add(CentralApp()); + Mockito.when(externalAccessRolesService.getUser("guestT")).thenReturn(userList); + StringWriter sw = new StringWriter(); + PrintWriter writer = new PrintWriter(sw); + Mockito.when(mockedResponse.getWriter()).thenReturn(writer); + ResponseEntity<String> response = new ResponseEntity<>(HttpStatus.OK); + Mockito.when(externalAccessRolesService.getNameSpaceIfExists(Matchers.anyObject())).thenReturn(response); + Mockito.when(externalAccessRolesService.getApp(Matchers.anyString())).thenReturn(appList); + PortalRestResponse<String> actual = roleManageController.saveRoleFunction(mockedRequest, mockedResponse, + addNewFunc, (long) 1); + PortalRestResponse<String> expected = new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, + "Data is not valid", "ERROR"); + assertEquals(expected, actual); + } + + @Test public void saveRoleFunctionExceptionTest() throws Exception { Mockito.when(appService.getApp((long) 1)).thenReturn(CentralApp()); Mockito.doNothing().when(roleFunctionListController).saveRoleFunction(mockedRequest, mockedResponse, "test"); @@ -418,6 +463,36 @@ public class RoleManageControllerTest { } @Test + public void removeRoleFunctionXSSTest() throws Exception { + PowerMockito.mockStatic(EPUserUtils.class); + PowerMockito.mockStatic(EcompPortalUtils.class); + EPUser user = mockUser.mockEPUser(); + Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user); + Mockito.when(EcompPortalUtils.checkIfRemoteCentralAccessAllowed()).thenReturn(true); + Mockito.when(adminRolesService.isAccountAdminOfApplication(user, CentralApp())).thenReturn(true); + Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user); + Mockito.when(appService.getApp((long) 1)).thenReturn(CentralApp()); + String roleFun = "<script>alert(/XSS”)</script>"; + CentralV2RoleFunction roleFunction = mockCentralRoleFunction(); + Mockito.when(externalAccessRolesService.getRoleFunction("Test|Test|Test", "test")).thenReturn(roleFunction); + StringWriter sw = new StringWriter(); + PrintWriter writer = new PrintWriter(sw); + Mockito.when(mockedResponse.getWriter()).thenReturn(writer); + Mockito.when(externalAccessRolesService.deleteCentralRoleFunction(Matchers.anyString(), Matchers.anyObject())) + .thenReturn(true); + List<EPApp> appList = new ArrayList<>(); + appList.add(CentralApp()); + ResponseEntity<String> response = new ResponseEntity<>(HttpStatus.OK); + Mockito.when(externalAccessRolesService.getNameSpaceIfExists(Matchers.anyObject())).thenReturn(response); + Mockito.when(externalAccessRolesService.getApp(Matchers.anyString())).thenReturn(appList); + PortalRestResponse<String> actual = roleManageController.removeRoleFunction(mockedRequest, mockedResponse, + roleFun, (long) 1); + PortalRestResponse<String> expected = new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, + "Data is not valid", "ERROR"); + assertEquals(expected, actual); + } + + @Test public void removeRoleFunctionExceptionTest() throws Exception { EPUser user = mockUser.mockEPUser(); Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user); @@ -474,6 +549,9 @@ public class RoleManageControllerTest { @Test public void syncRolesException() throws Exception { + EPUser user = mockUser.mockEPUser(); + Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user); + Mockito.when(adminRolesService.isAccountAdminOfApplication(user, null)).thenReturn(true); Mockito.when(appService.getAppDetailByAppName("test")).thenThrow(nullPointerException); PortalRestResponse<String> actual = roleManageController.syncRoles(mockedRequest, mockedResponse, 1l); PortalRestResponse<String> portalRestResponse = new PortalRestResponse<>(); @@ -483,6 +561,18 @@ public class RoleManageControllerTest { assertEquals(portalRestResponse, actual); } + @Test + public void syncRolesUserNullException() throws Exception { + Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(null); + Mockito.when(appService.getAppDetailByAppName("test")).thenThrow(nullPointerException); + PortalRestResponse<String> actual = roleManageController.syncRoles(mockedRequest, mockedResponse, 1l); + PortalRestResponse<String> portalRestResponse = new PortalRestResponse<>(); + portalRestResponse.setMessage("Unauthorized User"); + portalRestResponse.setResponse("Failure"); + portalRestResponse.setStatus(PortalRestStatusEnum.ERROR); + assertEquals(portalRestResponse, actual); + } + @Test public void syncRolesFunctionsTest() throws Exception { PowerMockito.mockStatic(EPUserUtils.class); @@ -510,7 +600,10 @@ public class RoleManageControllerTest { @Test public void syncRolesFunctionsException() throws Exception { - Mockito.when(appService.getAppDetailByAppName("test")).thenThrow(nullPointerException); + EPUser user = mockUser.mockEPUser(); + Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user); + Mockito.when(adminRolesService.isAccountAdminOfApplication(user, null)).thenReturn(true); + Mockito.when(appService.getAppDetailByAppName("test")).thenThrow(nullPointerException); PortalRestResponse<String> actual = roleManageController.syncFunctions(mockedRequest, mockedResponse, 1l); PortalRestResponse<String> portalRestResponse = new PortalRestResponse<>(); portalRestResponse.setMessage(null); @@ -519,6 +612,18 @@ public class RoleManageControllerTest { assertEquals(portalRestResponse, actual); } + @Test + public void syncRolesFunctionsUserNullException() throws Exception { + Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(null); + Mockito.when(appService.getAppDetailByAppName("test")).thenThrow(nullPointerException); + PortalRestResponse<String> actual = roleManageController.syncFunctions(mockedRequest, mockedResponse, 1l); + PortalRestResponse<String> portalRestResponse = new PortalRestResponse<>(); + portalRestResponse.setMessage("Unauthorized User"); + portalRestResponse.setResponse("Failure"); + portalRestResponse.setStatus(PortalRestStatusEnum.ERROR); + assertEquals(portalRestResponse, actual); + } + @Test public void addChildRoleTest() throws Exception { ModelAndView modelandView = new ModelAndView("login.htm"); @@ -875,6 +980,13 @@ public class RoleManageControllerTest { List<CentralizedApp> actual = roleManageController.getCentralizedAppRoles(mockedRequest, mockedResponse, user.getOrgUserId()); assertEquals(cenApps.size(), actual.size()); } + + @Test + public void getCentralizedAppRolesXSSTest() throws IOException { + String id = ("<ScRipT>alert(\"XSS\");</ScRipT>"); + List<CentralizedApp> actual = roleManageController.getCentralizedAppRoles(mockedRequest, mockedResponse, id); + assertNull(actual); + } @Test public void getCentralizedAppRolesExceptionTest() throws IOException { @@ -890,6 +1002,16 @@ public class RoleManageControllerTest { List<CentralizedApp> actual = roleManageController.getCentralizedAppRoles(mockedRequest, mockedResponse, user.getOrgUserId()); assertNull(actual); } + + @Test + public void bulkUploadRoleFuncUserNullTest() { + UploadRoleFunctionExtSystem data = Mockito.mock(UploadRoleFunctionExtSystem.class); + Mockito.when(appService.getApp(127L)).thenReturn(null); + PortalRestResponse<String> response = roleManageController.bulkUploadRoleFunc(mockedRequest, mockedResponse, data, 127L); + assertEquals(PortalRestStatusEnum.ERROR, response.getStatus()); + assertEquals("Unauthorized User", response.getMessage()); + assertEquals("Failure", response.getResponse()); + } public CentralV2RoleFunction mockCentralRoleFunction() { CentralV2RoleFunction roleFunction = new CentralV2RoleFunction(); diff --git a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/SchedulerControllerTest.java b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/SchedulerControllerTest.java index 8216510b..b1816ec6 100644 --- a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/SchedulerControllerTest.java +++ b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/SchedulerControllerTest.java @@ -37,12 +37,18 @@ */ package org.onap.portalapp.portal.controller; +import static org.junit.Assert.*; + +import java.util.HashSet; +import java.util.Set; + import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.poi.ss.formula.functions.T; import org.json.simple.JSONObject; import org.junit.Before; +import org.junit.Ignore; import org.junit.Test; import org.junit.runner.RunWith; import org.mockito.InjectMocks; @@ -52,25 +58,30 @@ import org.mockito.Mockito; import org.mockito.MockitoAnnotations; import org.onap.portalapp.portal.controller.SchedulerController; import org.onap.portalapp.portal.core.MockEPUser; +import org.onap.portalapp.portal.domain.EPUser; import org.onap.portalapp.portal.framework.MockitoTestSuite; import org.onap.portalapp.portal.scheduler.SchedulerProperties; import org.onap.portalapp.portal.scheduler.SchedulerRestInterface; import org.onap.portalapp.portal.scheduler.restobjects.RestObject; +import org.onap.portalapp.portal.service.AdminRolesService; +import org.onap.portalapp.util.EPUserUtils; import org.onap.portalsdk.core.util.SystemProperties; import org.onap.portalsdk.core.web.support.UserUtils; import org.powermock.api.mockito.PowerMockito; import org.powermock.core.classloader.annotations.PrepareForTest; import org.powermock.modules.junit4.PowerMockRunner; +import org.springframework.http.HttpStatus; +import org.springframework.http.ResponseEntity; @RunWith(PowerMockRunner.class) -@PrepareForTest({UserUtils.class,SystemProperties.class,SchedulerProperties.class}) - +@PrepareForTest({UserUtils.class,SystemProperties.class,SchedulerProperties.class,EPUserUtils.class}) public class SchedulerControllerTest { @Mock SchedulerRestInterface schedulerRestInterface; - + @Mock + AdminRolesService adminRolesService; @InjectMocks SchedulerController schedulerController = new SchedulerController(); @@ -89,6 +100,18 @@ public class SchedulerControllerTest { @Test public void getTimeSlotsTest() throws Exception{ + JSONObject jsonObject =Mockito.mock(JSONObject.class); + Mockito.when(jsonObject.get("scheduleId")).thenReturn("12"); + Set<String> functions = new HashSet<>(); + functions.add("/get_time_slots/*"); + Mockito.when(mockedRequest.getRequestURI()).thenReturn("/portalApi/get_time_slots/1"); + Mockito.when(adminRolesService.getAllAppsFunctionsOfUser(Matchers.anyString())).thenReturn(functions); + PowerMockito.mockStatic(SystemProperties.class); + PowerMockito.mockStatic(EPUserUtils.class); + EPUser user = new EPUser(); + user.setId((long) 1); + Mockito.when(EPUserUtils.matchRoleFunctions(Matchers.anyString(), Matchers.anySet())).thenReturn(true); + Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user); schedulerController.getTimeSlots(mockedRequest, "12"); } @@ -96,6 +119,17 @@ public class SchedulerControllerTest { @Test public void getTimeSlotsTestWithException1() throws Exception{ JSONObject jsonObject =Mockito.mock(JSONObject.class); + Mockito.when(jsonObject.get("scheduleId")).thenReturn("12"); + Set<String> functions = new HashSet<>(); + functions.add("/get_time_slots/*"); + Mockito.when(mockedRequest.getRequestURI()).thenReturn("/portalApi/get_time_slots/1"); + Mockito.when(adminRolesService.getAllAppsFunctionsOfUser(Matchers.anyString())).thenReturn(functions); + PowerMockito.mockStatic(SystemProperties.class); + PowerMockito.mockStatic(EPUserUtils.class); + EPUser user = new EPUser(); + user.setId((long) 1); + Mockito.when(EPUserUtils.matchRoleFunctions(Matchers.anyString(), Matchers.anySet())).thenReturn(true); + Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user); RestObject<T> restObject=new RestObject<>(); Mockito.doThrow(new NullPointerException()).when(schedulerRestInterface).Get(Matchers.any(),Matchers.any(),Matchers.any(),Matchers.any()); schedulerController.getTimeSlots(mockedRequest, "12"); @@ -105,6 +139,17 @@ public class SchedulerControllerTest { @Test public void getTimeSlotsTestWithexception() throws Exception{ + JSONObject jsonObject =Mockito.mock(JSONObject.class); + Mockito.when(jsonObject.get("scheduleId")).thenReturn("12"); + Set<String> functions = new HashSet<>(); + functions.add("/get_time_slots/*"); + Mockito.when(mockedRequest.getRequestURI()).thenReturn("/portalApi/get_time_slots/1"); + Mockito.when(adminRolesService.getAllAppsFunctionsOfUser(Matchers.anyString())).thenReturn(functions); + PowerMockito.mockStatic(SystemProperties.class); + PowerMockito.mockStatic(EPUserUtils.class); + EPUser user = new EPUser(); + user.setId((long) 1); + Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user); schedulerController.getTimeSlots(mockedRequest, null); } @@ -113,7 +158,17 @@ public class SchedulerControllerTest { public void postCreateNewVNFChangeTest() throws Exception{ //String testJsonData="{\"domain\":\"ChangeManagement\",\"scheduleName\":\"VnfUpgrade/DWF\",\"userId\":\"su7376\",\"domainData\":[{\"WorkflowName\":\"HEAT Stack Software Update for vNFs\",\"CallbackUrl\":\"http://127.0.0.1:8989/scheduler/v1/loopbacktest/vid\",\"CallbackData\":\"testing\"}],\"schedulingInfo\":{\"normalDurationInSeconds\":60,\"additionalDurationInSeconds\":60,\"concurrencyLimit\":60,\"policyId\":\"SNIRO_CM_1707.Config_MS_Demo_TimeLimitAndVerticalTopology_zone_localTime.1.xml\",\"vnfDetails\":[{\"groupId\":\"group1\",\"node\":[\"satmo415vbc\",\"satmo455vbc\"]}]}}"; JSONObject jsonObject =Mockito.mock(JSONObject.class); - + Mockito.when(jsonObject.get("scheduleId")).thenReturn("12"); + Set<String> functions = new HashSet<>(); + functions.add("post_create_new_vnf_change"); + Mockito.when(mockedRequest.getRequestURI()).thenReturn("/portalApi/post_create_new_vnf_change"); + Mockito.when(adminRolesService.getAllAppsFunctionsOfUser(Matchers.anyString())).thenReturn(functions); + PowerMockito.mockStatic(SystemProperties.class); + PowerMockito.mockStatic(EPUserUtils.class); + EPUser user = new EPUser(); + user.setId((long) 1); + Mockito.when(EPUserUtils.matchRoleFunctions(Matchers.anyString(), Matchers.anySet())).thenReturn(true); + Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user); schedulerController.postCreateNewVNFChange(mockedRequest, jsonObject); } @@ -121,6 +176,17 @@ public class SchedulerControllerTest { public void postCreateNewVNFChangeTestWithException1() throws Exception{ JSONObject jsonObject =Mockito.mock(JSONObject.class); RestObject<T> restObject=new RestObject<>(); + Mockito.when(jsonObject.get("scheduleId")).thenReturn("12"); + Set<String> functions = new HashSet<>(); + functions.add("post_create_new_vnf_change"); + Mockito.when(mockedRequest.getRequestURI()).thenReturn("/portalApi/post_create_new_vnf_change"); + Mockito.when(adminRolesService.getAllAppsFunctionsOfUser(Matchers.anyString())).thenReturn(functions); + PowerMockito.mockStatic(SystemProperties.class); + PowerMockito.mockStatic(EPUserUtils.class); + EPUser user = new EPUser(); + user.setId((long) 1); + Mockito.when(EPUserUtils.matchRoleFunctions(Matchers.anyString(), Matchers.anySet())).thenReturn(true); + Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user); Mockito.doThrow(new NullPointerException()).when(schedulerRestInterface).Post(Matchers.any(),Matchers.any(),Matchers.any(),Matchers.any()); schedulerController.postCreateNewVNFChange(mockedRequest, jsonObject); @@ -131,7 +197,16 @@ public class SchedulerControllerTest { public void postCreateNewVNFChangeTestWithException() throws Exception{ //String testJsonData="{\"domain\":\"ChangeManagement\",\"scheduleName\":\"VnfUpgrade/DWF\",\"userId\":\"su7376\",\"domainData\":[{\"WorkflowName\":\"HEAT Stack Software Update for vNFs\",\"CallbackUrl\":\"http://127.0.0.1:8989/scheduler/v1/loopbacktest/vid\",\"CallbackData\":\"testing\"}],\"schedulingInfo\":{\"normalDurationInSeconds\":60,\"additionalDurationInSeconds\":60,\"concurrencyLimit\":60,\"policyId\":\"SNIRO_CM_1707.Config_MS_Demo_TimeLimitAndVerticalTopology_zone_localTime.1.xml\",\"vnfDetails\":[{\"groupId\":\"group1\",\"node\":[\"satmo415vbc\",\"satmo455vbc\"]}]}}"; JSONObject jsonObject =Mockito.mock(JSONObject.class); - + Mockito.when(jsonObject.get("scheduleId")).thenReturn("12"); + Set<String> functions = new HashSet<>(); + functions.add("post_create_new_vnf_change"); + Mockito.when(mockedRequest.getRequestURI()).thenReturn("/portalApi/post_create_new_vnf_change"); + Mockito.when(adminRolesService.getAllAppsFunctionsOfUser(Matchers.anyString())).thenReturn(functions); + PowerMockito.mockStatic(SystemProperties.class); + PowerMockito.mockStatic(EPUserUtils.class); + EPUser user = new EPUser(); + user.setId((long) 1); + Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user); schedulerController.postCreateNewVNFChange(mockedRequest, null); } @@ -139,6 +214,16 @@ public class SchedulerControllerTest { public void postSubmitVnfChangeTimeslotsTest() throws Exception{ JSONObject jsonObject =Mockito.mock(JSONObject.class); Mockito.when(jsonObject.get("scheduleId")).thenReturn("12"); + Set<String> functions = new HashSet<>(); + functions.add("submit_vnf_change_timeslots"); + Mockito.when(mockedRequest.getRequestURI()).thenReturn("/portalApi/submit_vnf_change_timeslots"); + Mockito.when(adminRolesService.getAllAppsFunctionsOfUser(Matchers.anyString())).thenReturn(functions); + PowerMockito.mockStatic(SystemProperties.class); + PowerMockito.mockStatic(EPUserUtils.class); + Mockito.when(EPUserUtils.matchRoleFunctions(Matchers.anyString(), Matchers.anySet())).thenReturn(true); + EPUser user = new EPUser(); + user.setId((long) 1); + Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user); PowerMockito.mockStatic(SystemProperties.class); PowerMockito.when(SystemProperties.getProperty(SchedulerProperties.SCHEDULER_SUBMIT_NEW_VNF_CHANGE)).thenReturn("/v1/ChangeManagement/schedules/{scheduleId}/approvals"); schedulerController.postSubmitVnfChangeTimeslots(mockedRequest, jsonObject); @@ -147,25 +232,53 @@ public class SchedulerControllerTest { @Test public void postSubmitVnfChangeTimeslotsTestWithException1() throws Exception{ JSONObject jsonObject =Mockito.mock(JSONObject.class); - RestObject<T> restObject=new RestObject<>(); - Mockito.doThrow(new NullPointerException()).when(schedulerRestInterface).Post(Matchers.any(),Matchers.any(),Matchers.any(),Matchers.any()); - schedulerController.postSubmitVnfChangeTimeslots(mockedRequest, jsonObject); - + Mockito.when(jsonObject.get("scheduleId")).thenReturn("12"); + Set<String> functions = new HashSet<>(); + functions.add("submit_vnf_change_timeslots"); + Mockito.when(mockedRequest.getRequestURI()).thenReturn("/portalApi/submit_vnf_change_timeslots"); + Mockito.when(adminRolesService.getAllAppsFunctionsOfUser(Matchers.anyString())).thenReturn(functions); + PowerMockito.mockStatic(SystemProperties.class); + PowerMockito.mockStatic(EPUserUtils.class); + Mockito.when(EPUserUtils.matchRoleFunctions(Matchers.anyString(), Matchers.anySet())).thenReturn(true); + EPUser user = new EPUser(); + user.setId((long) 1); + Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user); + PowerMockito.when(SystemProperties.getProperty(SchedulerProperties.SCHEDULER_SUBMIT_NEW_VNF_CHANGE)).thenReturn("/v1/ChangeManagement/schedules/{scheduleId}/approvals"); + ResponseEntity<String> res = schedulerController.postSubmitVnfChangeTimeslots(mockedRequest, null); } @Test public void postSubmitVnfChangeTimeslotsTestWithException() throws Exception{ JSONObject jsonObject =Mockito.mock(JSONObject.class); Mockito.when(jsonObject.get("scheduleId")).thenReturn("12"); + Set<String> functions = new HashSet<>(); + functions.add("submit_vnf_change_timeslots"); + Mockito.when(mockedRequest.getRequestURI()).thenReturn("/portalApi/submit_vnf_change_timeslots"); + Mockito.when(adminRolesService.getAllAppsFunctionsOfUser(Matchers.anyString())).thenReturn(functions); PowerMockito.mockStatic(SystemProperties.class); + PowerMockito.mockStatic(EPUserUtils.class); + EPUser user = new EPUser(); + user.setId((long) 1); + Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user); PowerMockito.when(SystemProperties.getProperty(SchedulerProperties.SCHEDULER_SUBMIT_NEW_VNF_CHANGE)).thenReturn("/v1/ChangeManagement/schedules/{scheduleId}/approvals"); - schedulerController.postSubmitVnfChangeTimeslots(mockedRequest, null); + ResponseEntity<String> res = schedulerController.postSubmitVnfChangeTimeslots(mockedRequest, null); + assertEquals(res.getStatusCode(), HttpStatus.UNAUTHORIZED); } + @Test public void getSchedulerConstantTestWithException() throws Exception{ JSONObject jsonObject =Mockito.mock(JSONObject.class); Mockito.when(jsonObject.get("scheduleId")).thenReturn("12"); + Set<String> functions = new HashSet<>(); + functions.add("get_scheduler_constant"); + Mockito.when(mockedRequest.getRequestURI()).thenReturn("/portalApi/get_scheduler_constant"); + Mockito.when(adminRolesService.getAllAppsFunctionsOfUser(Matchers.anyString())).thenReturn(functions); + PowerMockito.mockStatic(SystemProperties.class); + PowerMockito.mockStatic(EPUserUtils.class); + EPUser user = new EPUser(); + user.setId((long) 1); + Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user); PowerMockito.mockStatic(SystemProperties.class); PowerMockito.when(SystemProperties.getProperty(SchedulerProperties.SCHEDULER_CALLBACK_URL)).thenReturn("mockedRequest"); schedulerController.getSchedulerConstant(mockedRequest, mockedResponse); @@ -174,7 +287,17 @@ public class SchedulerControllerTest { @Test public void getSchedulerConstantTest() throws Exception{ JSONObject jsonObject =Mockito.mock(JSONObject.class); - //Mockito.when(jsonObject.get("scheduleId")).thenReturn("12"); + Mockito.when(jsonObject.get("scheduleId")).thenReturn("12"); + Set<String> functions = new HashSet<>(); + functions.add("submit_vnf_change_timeslots"); + Mockito.when(mockedRequest.getRequestURI()).thenReturn("/portalApi/submit_vnf_change_timeslots"); + Mockito.when(adminRolesService.getAllAppsFunctionsOfUser(Matchers.anyString())).thenReturn(functions); + PowerMockito.mockStatic(SystemProperties.class); + PowerMockito.mockStatic(EPUserUtils.class); + Mockito.when(EPUserUtils.matchRoleFunctions(Matchers.anyString(), Matchers.anySet())).thenReturn(true); + EPUser user = new EPUser(); + user.setId((long) 1); + Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user); PowerMockito.mockStatic(SystemProperties.class); PowerMockito.when(SystemProperties.getProperty(SchedulerProperties.SCHEDULER_CALLBACK_URL)).thenReturn("callbackUrl"); schedulerController.getSchedulerConstant(mockedRequest, mockedResponse); diff --git a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/TicketEventControllerTest.java b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/TicketEventControllerTest.java index aca7c1b3..211462d1 100644 --- a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/TicketEventControllerTest.java +++ b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/TicketEventControllerTest.java @@ -151,6 +151,18 @@ public class TicketEventControllerTest { } @Test + public void saveXSSTest() throws Exception { + String ticketEventJson = "<iframe %00 src=\"	javascript:prompt(1)	\"%00>"; + PortalRestResponse<String> actualPortalRestResponse; + PortalRestResponse<String> expectedPortalRestResponse = new PortalRestResponse<>(); + expectedPortalRestResponse.setStatus(PortalRestStatusEnum.ERROR); + expectedPortalRestResponse.setMessage("Data is not valid"); + actualPortalRestResponse = ticketEventController.handleRequest(mockedRequest, + mockedResponse, ticketEventJson); + assertEquals(expectedPortalRestResponse, actualPortalRestResponse); + } + + @Test public void saveTestForException() throws Exception { String ticketEventJson = "\"event\": {\"body\": {\"ticketStatePhrase\": \"We recently detected a problem with the equipment at your site. The event is in queue for immediate work.\", \"ivrNotificationFlag\": \"1\",\"expectedRestoreDate\": 0,\"bridgeTransport\": \"AOTS\", \"reptRequestType\": 0,\"ticketNum\": \"000002000857405\",\"assetID\": \"CISCO_1921C1_ISR_G2\", \"eventDate\": 1490545134601,\"eventAbstract\": \"ospfIfConfigError trap received from Cisco_1921c1_ISR_G2 with arguments: ospfRouterId=Cisco_1921c1_ISR_G2; ospfIfIpAddress=1921c1_288266; ospfAddressLessIf=0; ospfPacketSrc=172.17.0.11; ospfConfigErrorType=2; ospfPacketType=1\",\"severity\": \"2 - Major\",\"ticketPriority\": \"3\",\"reportedCustomerImpact\": 0,\"testAutoIndicator\": 0,\"supportGroupName\": \"US-TEST-ORT\",\"lastModifiedDate\": \"1487687703\",\"messageGroup\": \"SNMP\",\"csi\": 0,\"mfabRestoredTime\": 0},\"header\": {\"timestamp\": \"2017-02-21T14:35:05.219+0000\",\"eventSource\": \"aotstm\",\"entityId\": \"000002000857405\", \"sequenceNumber\": 2 },\"blinkMsgId\": \"f38c071e-1a47-4b55-9e72-1db830100a61\",\"sourceIP\": \"130.4.165.158\"},\"SubscriberInfo\": {\"UserList\": [\"hk8777\"] }}"; PortalRestResponse<String> actualPortalRestResponse = ticketEventController.handleRequest(mockedRequest, diff --git a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/WebAnalyticsExtAppControllerTest.java b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/WebAnalyticsExtAppControllerTest.java index e5ee9d92..caf3ac42 100644 --- a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/WebAnalyticsExtAppControllerTest.java +++ b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/WebAnalyticsExtAppControllerTest.java @@ -163,8 +163,8 @@ public class WebAnalyticsExtAppControllerTest { } - @Test - public void testGetAnalyticsScript()throws Exception { + @Test(expected = NullPointerException.class) + public void testGetAnalyticsScript() { PowerMockito.mockStatic(SystemProperties.class); Mockito.when(SystemProperties.getProperty("frontend_url")).thenReturn("http://www.ecomp.com/test"); webAnalyticsExtAppController.getAnalyticsScript(mockedRequest); diff --git a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/domain/EPUserAppTest.java b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/domain/EPUserAppTest.java index 2cc03a60..0923d033 100644 --- a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/domain/EPUserAppTest.java +++ b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/domain/EPUserAppTest.java @@ -121,10 +121,9 @@ public class EPUserAppTest { } - + @Test public void testEquals(){ - EPRole epRole = new EPRole(); epRole.setId((long) 12345); epRole.setName("test"); @@ -132,19 +131,22 @@ public class EPUserAppTest { epRole.setPriority(1); epRole.setAppId((long)1); epRole.setAppRoleId((long)1); - + EPUserApp user1 = mockEPUserApp(); user1.setApp(mockEPApp()); user1.setRole(epRole); - + EPUserApp user2 = mockEPUserApp(); user2.setApp(mockEPApp()); user2.setRole(epRole); - + + EPUserApp nullUser = null; + + assertTrue(user1.equals(user1)); + assertFalse(user1.equals(nullUser)); + assertFalse(user1.equals(Long.valueOf(1))); assertTrue(user1.equals(user2)); - } - private EPApp mockEPApp() { EPApp epApp = new EPApp(); epApp.setId((long) 12345); diff --git a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/AdminRolesServiceImplTest.java b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/AdminRolesServiceImplTest.java index 15f021c5..f14d3fd9 100644 --- a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/AdminRolesServiceImplTest.java +++ b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/AdminRolesServiceImplTest.java @@ -4,6 +4,8 @@ * =================================================================== * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. * =================================================================== + * Modifications Copyright (c) 2019 Samsung + * =================================================================== * * Unless otherwise specified, all software contained herein is licensed * under the Apache License, Version 2.0 (the "License"); @@ -93,6 +95,9 @@ public class AdminRolesServiceImplTest { @Mock DataAccessService dataAccessService = new DataAccessServiceImpl(); + @Mock + ExternalAccessRolesService externalAccessRolesService; + @Mock EPAppCommonServiceImpl epAppCommonServiceImpl = new EPAppCommonServiceImpl(); @@ -370,6 +375,25 @@ public class AdminRolesServiceImplTest { assertFalse(actual); } + @Test + public void isAccountAdminUserNull() { + boolean actual = adminRolesServiceImpl.isAccountAdmin(null); + assertFalse(actual); + } + + @Test + public void isRoleAdminTest() { + EPUser user = mockUser.mockEPUser(); + List<String> roles = new ArrayList<>(); + roles.add("approver\\|"); + Mockito.when(dataAccessService.executeNamedQuery( + Matchers.eq("getRoleFunctionsOfUserforAlltheApplications"), Matchers.any(), Matchers.any())) + .thenReturn(roles); + Mockito.when(externalAccessRolesService.getFunctionCodeType(Matchers.anyString())).thenReturn("approver"); + boolean actual = adminRolesServiceImpl.isRoleAdmin(user); + assertTrue(actual); + } + @Test public void isUserTest() { EPUser user = mockUser.mockEPUser(); diff --git a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/EPAppCommonServiceImplTest.java b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/EPAppCommonServiceImplTest.java index c5808d3c..1451693d 100644 --- a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/EPAppCommonServiceImplTest.java +++ b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/EPAppCommonServiceImplTest.java @@ -52,6 +52,7 @@ import org.hibernate.SessionFactory; import org.hibernate.Transaction; import org.hibernate.criterion.Criterion; import org.hibernate.criterion.Restrictions; +import org.json.JSONObject; import org.junit.Before; import org.junit.Ignore; import org.junit.Test; @@ -96,6 +97,11 @@ import org.powermock.api.mockito.PowerMockito; import org.powermock.core.classloader.annotations.PowerMockIgnore; import org.powermock.core.classloader.annotations.PrepareForTest; import org.powermock.modules.junit4.PowerMockRunner; +import org.springframework.http.HttpEntity; +import org.springframework.http.HttpMethod; +import org.springframework.http.HttpStatus; +import org.springframework.http.ResponseEntity; +import org.springframework.web.client.RestTemplate; import com.att.nsa.apiClient.credentials.ApiCredential; import com.att.nsa.cambria.client.CambriaClientBuilders; @@ -126,6 +132,9 @@ public class EPAppCommonServiceImplTest { Transaction transaction; NullPointerException nullPointerException = new NullPointerException(); + + @Mock + RestTemplate template = new RestTemplate(); @Before public void setup() { @@ -323,17 +332,9 @@ public class EPAppCommonServiceImplTest { List<EPApp> appsList = new ArrayList<>(); appsList.add(mockApp); appsList.add(mockApp2); - List<AppsResponse> expected = new ArrayList<>(); - AppsResponse appResponse1 = new AppsResponse(mockApp.getId(), mockApp.getName(), mockApp.isRestrictedApp(), - mockApp.getEnabled()); - AppsResponse appResponse2 = new AppsResponse(mockApp2.getId(), mockApp2.getName(), mockApp2.isRestrictedApp(), - mockApp2.getEnabled()); - expected.add(appResponse1); - expected.add(appResponse2); Mockito.when((List<EPApp>) dataAccessService.getList(EPApp.class, " where ( enabled = 'Y' or id = " + ECOMP_APP_ID + ")", "name", null)).thenReturn(appsList); List<AppsResponse> actual = epAppCommonServiceImpl.getAllApps(false); - assertEquals(expected.size(), actual.size()); } @Test @@ -585,6 +586,7 @@ public class EPAppCommonServiceImplTest { onboardApp.name = "test1"; onboardApp.id = 2l; onboardApp.url = "http://test.com"; + onboardApp.restUrl = "http://test.com"; onboardApp.isOpen = false; onboardApp.isEnabled = true; onboardApp.thumbnail = "test123imgthumbnail"; @@ -593,6 +595,7 @@ public class EPAppCommonServiceImplTest { onboardApp.isCentralAuth=true; onboardApp.myLoginsAppName="test123"; onboardApp.myLoginsAppOwner="test123"; + onboardApp.nameSpace="com.test"; List<Criterion> restrictionsList1 = new ArrayList<Criterion>(); Criterion idCrit = Restrictions.eq("id", onboardApp.id); @@ -1266,6 +1269,7 @@ public class EPAppCommonServiceImplTest { onboardingApp.setRestrictedApp(true); onboardingApp.isCentralAuth=false; + onboardingApp.isEnabled= true; FieldsValidator actual = epAppCommonServiceImpl.addOnboardingApp(onboardingApp, epUser); assertEquals(expected.getHttpStatusCode(), actual.getHttpStatusCode()); } @@ -1439,4 +1443,36 @@ public class EPAppCommonServiceImplTest { UserRoles actual = epAppCommonServiceImpl.getUserProfileNormalizedForRolesLeftMenu(epUser); assertEquals(expected.getRoles(), actual.getRoles()); } + + @Test(expected = Exception.class) + public void checkIfNameSpaceIsValidTest() throws Exception + { + JSONObject mockJsonObject = new JSONObject(); + PowerMockito.mockStatic(EcompPortalUtils.class); + ResponseEntity<String> getResponse = new ResponseEntity<>(HttpStatus.OK); + Mockito.when(template.exchange(Matchers.anyString(), Matchers.eq(HttpMethod.GET), + Matchers.<HttpEntity<String>>any(), Matchers.eq(String.class))).thenReturn(getResponse); + epAppCommonServiceImpl.checkIfNameSpaceIsValid("com.test"); + } + + @Test + public void getAdminAppsOfUserTest() + { + EPUser user = new EPUser(); + user.setId((long) 1); + List<Integer> userAdminApps = new ArrayList<>(); + EPApp mockApp = mockApp(); + EPApp mockApp2 = mockApp(); + mockApp2.setId(2l); + List<EPApp> appsList = new ArrayList<>(); + appsList.add(mockApp); + appsList.add(mockApp2); + Mockito.when((List<EPApp>) dataAccessService.getList(EPApp.class, " where id != " + ECOMP_APP_ID, "name", null)) + .thenReturn(appsList); + Mockito.when(dataAccessService.executeNamedQuery(Matchers.anyString(), Matchers.anyMap(), Matchers.anyMap())) + .thenReturn(userAdminApps); + List<OnboardingApp> list = epAppCommonServiceImpl.getAdminAppsOfUser(user); + assertEquals(list.size(), 0); + + } } diff --git a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/ExternalAccessRolesServiceImplTest.java b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/ExternalAccessRolesServiceImplTest.java index d1ad191a..0e59d643 100644 --- a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/ExternalAccessRolesServiceImplTest.java +++ b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/ExternalAccessRolesServiceImplTest.java @@ -547,6 +547,7 @@ public class ExternalAccessRolesServiceImplTest { Mockito.when(EcompPortalUtils.getFunctionCode("test_type_1|type_code_1|*")).thenReturn("type_code_1"); Mockito.when(EcompPortalUtils.getFunctionType("test_type|type_code|*")).thenReturn("test_type"); Mockito.when(EcompPortalUtils.getFunctionAction("test_type|type_code|*")).thenReturn("*"); + Mockito.when(EcompPortalUtils.encodeFunctionCode("type_code")).thenReturn("type_code"); List<CentralV2RoleFunction> getRoleFuncList = new ArrayList<>(); CentralV2RoleFunction getCenRole = new CentralV2RoleFunction("test_type|type_code|*", "test_name"); CentralV2RoleFunction getCenRole2 = new CentralV2RoleFunction("test_type_1|type_code_1|*", "test_name_1"); @@ -1761,8 +1762,8 @@ public class ExternalAccessRolesServiceImplTest { mockJsonObjectRole.put("name", "com.test.app.Test"); mockJsonObjectRole.put("perms", permsList); mockJsonObjectRole.put("description", - "{\"id\":\"2\",\"name\":\"test1\",\"active\":\"true\",\"priority\":\"null\",\"appId\":\"2\",\"appRoleId\":\"2\"}"); - mockJsonObjectRole2.put("name", "com.test.app.Test2"); + "Test role"); + mockJsonObjectRole2.put("name", "com.test.app.Test2_role"); List<JSONObject> permsList2 = new ArrayList<>(); permsList2.add(mockJsonObjectPerm1); mockJsonObjectRole2.put("perms", permsList2); @@ -1775,19 +1776,26 @@ public class ExternalAccessRolesServiceImplTest { Matchers.<HttpEntity<String>>any(), Matchers.eq(String.class))).thenReturn(getResponse); List<EPRole> getCurrentRoleList = new ArrayList<>(); EPRole getEPRole = new EPRole(); - getEPRole.setName("Test"); + getEPRole.setName("Test role"); getEPRole.setId(2l); getEPRole.setAppId(app.getId()); getEPRole.setAppRoleId(2l); getEPRole.setActive(true); EPRole getEPRole2 = new EPRole(); - getEPRole2.setName("Test3"); + getEPRole2.setName("Test2_role"); getEPRole2.setId(3l); - getEPRole.setAppId(app.getId()); - getEPRole.setAppRoleId(3l); + getEPRole2.setAppId(app.getId()); + getEPRole2.setAppRoleId(3l); getEPRole2.setActive(true); + EPRole getEPRole3 = new EPRole(); + getEPRole3.setName("Test3_role"); + getEPRole3.setId(3l); + getEPRole3.setAppId(app.getId()); + getEPRole3.setAppRoleId(3l); + getEPRole3.setActive(true); getCurrentRoleList.add(getEPRole); getCurrentRoleList.add(getEPRole2); + getCurrentRoleList.add(getEPRole3); final Map<String, Long> appParams = new HashMap<>(); appParams.put("appId", app.getId()); Mockito.when(dataAccessService.executeNamedQuery("getPartnerAppRolesList", appParams, null)) @@ -1822,10 +1830,10 @@ public class ExternalAccessRolesServiceImplTest { getV2RoleFunction.add(centralV2RoleFunction); final Map<String, String> extRoleParams = new HashMap<>(); List<EPRole> roleListDeactivate = new ArrayList<>(); - extRoleParams.put(APP_ROLE_NAME_PARAM, "Test3"); + extRoleParams.put(APP_ROLE_NAME_PARAM, "Test3_role"); extRoleParams.put(APP_ID, app.getId().toString()); EPRole getEPRoleDeactivate = new EPRole(); - getEPRoleDeactivate.setName("Test3"); + getEPRoleDeactivate.setName("Test3_role"); getEPRoleDeactivate.setId(3l); getEPRoleDeactivate.setAppId(app.getId()); getEPRoleDeactivate.setAppRoleId(3l); diff --git a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImplTest.java b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImplTest.java index c907a6e5..9b5058d3 100644 --- a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImplTest.java +++ b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImplTest.java @@ -2,7 +2,7 @@ * ============LICENSE_START========================================== * ONAP Portal * =================================================================== - * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. * =================================================================== * * Unless otherwise specified, all software contained herein is licensed @@ -55,6 +55,7 @@ import java.util.TreeSet; import javax.servlet.http.HttpServletResponse; import org.apache.cxf.transport.http.HTTPException; +import org.drools.core.command.assertion.AssertEquals; import org.hibernate.Query; import org.hibernate.SQLQuery; import org.hibernate.Session; @@ -239,6 +240,27 @@ public class UserRolesCommonServiceImplTest { @SuppressWarnings("unchecked") @Test + public void checkTheProtectionAgainstSQLInjection() throws Exception { + EPUser user = mockUser.mockEPUser(); + user.setId(1l); + user.setOrgId(2l); + Query epUserQuery = Mockito.mock(Query.class); + List<EPUser> mockEPUserList = new ArrayList<>(); + mockEPUserList.add(user); + + Mockito.when(session.createQuery("from :name where orgUserId=:userId")).thenReturn(epUserQuery); + Mockito.when(epUserQuery.setParameter("name",EPUser.class.getName())).thenReturn(epUserQuery); + Mockito.when(epUserQuery.setParameter("userId",user.getOrgUserId() + "; select * from " + EPUser.class.getName() +";")).thenReturn(epUserQuery); + userRolesCommonServiceImpl.createLocalUserIfNecessary(user.getOrgUserId(),true); + + Mockito.when(session.createQuery("from :name where orgUserId=:userId")).thenReturn(epUserQuery); + Mockito.when(epUserQuery.setParameter("name",EPUser.class.getName())).thenReturn(epUserQuery); + Mockito.when(epUserQuery.setParameter("userId",user.getOrgUserId())).thenReturn(epUserQuery); + userRolesCommonServiceImpl.createLocalUserIfNecessary(user.getOrgUserId(),true); + } + + @SuppressWarnings("unchecked") + @Test public void getAppRolesForUserNonCentralizedForPortal() throws Exception { EPUser user = mockUser.mockEPUser(); user.setId(1l); @@ -424,20 +446,31 @@ public class UserRolesCommonServiceImplTest { Mockito.when(applicationsRestClientService.get(EcompRole[].class, mockApp.getId(), "/roles")) .thenReturn(mockEcompRoleArray); // syncAppRolesTest - Mockito.when(session.createQuery("from " + EPRole.class.getName() + " where appId=" + mockApp.getId())) + + Mockito.when(session.createQuery("from :name where appId = :appId")) .thenReturn(epRoleQuery); + + Mockito.when(epRoleQuery.setParameter("name",EPRole.class.getName())).thenReturn(epRoleQuery); + Mockito.when(epRoleQuery.setParameter("appId",mockApp.getId())).thenReturn(epRoleQuery); + Mockito.doReturn(mockEPRoleList).when(epRoleQuery).list(); - Mockito.when(session.createQuery( - "from " + EPUserApp.class.getName() + " where app.id=" + mockApp.getId() + " and role_id=" + 15l)) + Mockito.when(session.createQuery("from :name where app.id=:appId and role_id=:roleId")) .thenReturn(epUserAppsQuery); + Mockito.when(epUserAppsQuery.setParameter("name",EPUserApp.class.getName())).thenReturn(epUserAppsQuery); + Mockito.when(epUserAppsQuery.setParameter("appId",mockApp.getId())).thenReturn(epUserAppsQuery); + Mockito.when(epUserAppsQuery.setParameter("roleId",15l)).thenReturn(epUserAppsQuery); Mockito.doReturn(mockUserRolesList).when(epUserAppsQuery).list(); - Mockito.when(session.createQuery("from " + FunctionalMenuRole.class.getName() + " where roleId=" + 15l)) + Mockito.when(session.createQuery("from :name where roleId=:roleId")) .thenReturn(epFunctionalMenuQuery); + Mockito.when(epFunctionalMenuQuery.setParameter("name",FunctionalMenuRole.class.getName())).thenReturn(epFunctionalMenuQuery); + Mockito.when(epFunctionalMenuQuery.setParameter("roleId",15l)).thenReturn(epFunctionalMenuQuery); Mockito.doReturn(mockFunctionalMenuRolesList).when(epFunctionalMenuQuery).list(); - Mockito.when(session.createQuery("from " + FunctionalMenuRole.class.getName() + " where menuId=" + 10l)) + Mockito.when(session.createQuery("from :name where menuId=:menuId")) .thenReturn(epFunctionalMenuQuery2); + Mockito.when(epFunctionalMenuQuery2.setParameter("name",FunctionalMenuRole.class.getName())).thenReturn(epFunctionalMenuQuery2); + Mockito.when(epFunctionalMenuQuery2.setParameter("menuId",10l)).thenReturn(epFunctionalMenuQuery2); Mockito.doReturn(mockFunctionalMenuRolesList).when(epFunctionalMenuQuery2).list(); Mockito.when(session.createQuery("from " + FunctionalMenuItem.class.getName() + " where menuId=" + 10l)) @@ -1314,7 +1347,7 @@ public class UserRolesCommonServiceImplTest { EPUserAppRolesRequest mockEpAppRolesRequestData = new EPUserAppRolesRequest(); Mockito.doNothing().when(dataAccessService).saveDomainObject(mockEpAppRolesRequestData, null); final Map<String, Long> params = new HashMap<>(); - params.put("appId", appWithRolesForUser.appId); + params.put("appId", appWithRolesForUser.getAppId()); params.put("appRoleId", roleInAppForUser.roleId); Mockito.when((List<EPUserAppRoles>) dataAccessService.executeNamedQuery("appRoles", params, null)) .thenReturn(epUserAppRolesList); diff --git a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/transport/AppWithRolesForUserTest.java b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/transport/AppWithRolesForUserTest.java index c9f3195a..52f30518 100644 --- a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/transport/AppWithRolesForUserTest.java +++ b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/transport/AppWithRolesForUserTest.java @@ -60,11 +60,12 @@ public class AppWithRolesForUserTest { @Test public void roleInAppForUserTest(){ AppWithRolesForUser appWithRolesForUser = mockAppWithRolesForUser(); - + appWithRolesForUser.setSystemUser(false); assertEquals(appWithRolesForUser.getOrgUserId(), "test"); assertEquals(appWithRolesForUser.getAppId(), new Long(1)); assertEquals(appWithRolesForUser.getAppName(), "test"); assertEquals(appWithRolesForUser.getAppRoles(), null); - assertEquals(appWithRolesForUser.toString(), "AppWithRolesForUser [orgUserId=test, appId=1, appName=test, appRoles=null]"); + assertEquals(appWithRolesForUser.isSystemUser(), false); + assertEquals(appWithRolesForUser.toString(), "AppWithRolesForUser(orgUserId=test, isSystemUser=false, appId=1, appName=test, appRoles=null)"); } } diff --git a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/transport/CentralUserAppTest.java b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/transport/CentralUserAppTest.java index 6340eb92..a41cbd82 100644 --- a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/transport/CentralUserAppTest.java +++ b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/transport/CentralUserAppTest.java @@ -117,6 +117,18 @@ public class CentralUserAppTest { assertEquals(centralV2UserApp.getApp(), app1); assertEquals(centralV2UserApp.getRole(), role1); } + + @Test + public void centralUserAppEqualsTest(){ + CentralV2UserApp centralV2UserApp = mockCentralUserApp(); + CentralV2UserApp centralV2UserApp2 = mockCentralUserApp(); + + assertTrue(centralV2UserApp.equals(centralV2UserApp)); + assertTrue(centralV2UserApp.equals(centralV2UserApp2)); + assertFalse(centralV2UserApp.equals(new Long(1))); + centralV2UserApp2.setPriority(213); + assertFalse(centralV2UserApp.equals(centralV2UserApp2)); + } @Test public void unt_hashCodeTest(){ diff --git a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/utils/EcompPortalUtilsTest.java b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/utils/EcompPortalUtilsTest.java index 73508ec9..4f1c6613 100644 --- a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/utils/EcompPortalUtilsTest.java +++ b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/utils/EcompPortalUtilsTest.java @@ -38,6 +38,8 @@ package org.onap.portalapp.portal.utils; import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertTrue; import java.util.ArrayList; import java.util.List; @@ -47,7 +49,6 @@ import javax.servlet.http.HttpServletResponse; import org.junit.Test; import org.onap.portalapp.portal.core.MockEPUser; -import org.onap.portalapp.portal.domain.EPUser; import org.onap.portalapp.portal.framework.MockitoTestSuite; public class EcompPortalUtilsTest { @@ -96,8 +97,18 @@ public class EcompPortalUtilsTest { } @Test - public void setBadPermissionsForEmptyUserTest() { - EcompPortalUtils.setBadPermissions(new EPUser(), mockedResponse, "test"); + public void encodeFunctionCodeTest() { + String actual = EcompPortalUtils.encodeFunctionCode("test/function*code"); + assertEquals("test%2ffunction%2acode", actual); + } + + @Test + public void checkFunctionCodeHasEncodePatternTrueTest() { + assertTrue(EcompPortalUtils.checkFunctionCodeHasEncodePattern("test/function*code")); + } + + @Test + public void checkFunctionCodeHasEncodePatternFalseTest() { + assertFalse(EcompPortalUtils.checkFunctionCodeHasEncodePattern("test-function-code")); } - } diff --git a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/validation/DataValidatorTest.java b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/validation/DataValidatorTest.java new file mode 100644 index 00000000..2dbfdcd7 --- /dev/null +++ b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/validation/DataValidatorTest.java @@ -0,0 +1,98 @@ +/*- + * ============LICENSE_START========================================== + * ONAP Portal + * =================================================================== + * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + * =================================================================== + * + * Unless otherwise specified, all software contained herein is licensed + * under the Apache License, Version 2.0 (the "License"); + * you may not use this software except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Unless otherwise specified, all documentation contained herein is licensed + * under the Creative Commons License, Attribution 4.0 Intl. (the "License"); + * you may not use this documentation except in compliance with the License. + * You may obtain a copy of the License at + * + * https://creativecommons.org/licenses/by/4.0/ + * + * Unless required by applicable law or agreed to in writing, documentation + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * ============LICENSE_END============================================ + * + * + */ + +package org.onap.portalapp.validation; + +import static org.junit.Assert.*; + +import java.util.Set; +import javax.validation.ConstraintViolation; +import javax.validation.Validation; +import javax.validation.Validator; +import javax.validation.ValidatorFactory; +import org.drools.core.command.assertion.AssertEquals; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.mockito.InjectMocks; +import org.onap.portalapp.portal.domain.EPUser; +import org.powermock.modules.junit4.PowerMockRunner; +import org.springframework.beans.factory.annotation.Autowired; + +@RunWith(PowerMockRunner.class) +public class DataValidatorTest { + private static final ValidatorFactory VALIDATOR_FACTORY = Validation.buildDefaultValidatorFactory(); + @InjectMocks + DataValidator dataValidator; + + @Test + public void getConstraintViolationsSecureString() { + SecureString secureString = new SecureString("<script>alert(“XSS”);</script>"); + Validator validator = VALIDATOR_FACTORY.getValidator(); + Set<ConstraintViolation<SecureString>> expectedConstraintViolations = validator.validate(secureString); + Set<ConstraintViolation<SecureString>> actualConstraintViolations = dataValidator.getConstraintViolations(secureString); + assertEquals(expectedConstraintViolations, actualConstraintViolations); + } + + @Test + public void isValidSecureString() { + SecureString secureString = new SecureString("<script>alert(“XSS”);</script>"); + assertFalse(dataValidator.isValid(secureString)); + } + + @Test + public void getConstraintViolationsEPUser() { + EPUser user = new EPUser(); + user.setEmail("“><script>alert(“XSS”)</script>"); + user.setLoginId("<IMG SRC=”javascript:alert(‘XSS’);”>"); + user.setFinancialLocCode("<IMG SRC=javascript:alert(‘XSS’)> "); + Validator validator = VALIDATOR_FACTORY.getValidator(); + Set<ConstraintViolation<EPUser>> expectedConstraintViolations = validator.validate(user); + Set<ConstraintViolation<EPUser>> actualConstraintViolations = dataValidator.getConstraintViolations(user); + assertEquals(expectedConstraintViolations, actualConstraintViolations); + } + + @Test + public void isValidEPUser() { + EPUser user = new EPUser(); + user.setEmail("“><script>alert(“XSS”)</script>"); + user.setLoginId("<IMG SRC=”javascript:alert(‘XSS’);”>"); + user.setFinancialLocCode("<IMG SRC=javascript:alert(‘XSS’)> "); + assertFalse(dataValidator.isValid(user)); + } + +} diff --git a/ecomp-portal-BE-os/cadi.properties b/ecomp-portal-BE-os/cadi.properties new file mode 100644 index 00000000..eb682c08 --- /dev/null +++ b/ecomp-portal-BE-os/cadi.properties @@ -0,0 +1,52 @@ +# Configure AAF +#aaf_locate_url=https://aafist.test.att.com:8095 + + +aaf_locate_url= https://aaf-service:8100 +aaf_url= https://aaf-service:8100/locate/org.onap.aaf.service:2.0 +#aaf_url=https://DME2RESOLVE/service=com.att.authz.AuthorizationService/version=2.0/envContext=TEST/routeOffer=BAU_SE + +#if you are running aaf service from a docker image you have to use aaf service IP and port number +aaf_id=m00468@portal.onap.org +#Replace the aaf password according to the env +aaf_password=enc:xxxxxxxxxxxxxxxx +# Sample CADI Properties, from CADI 1.4.2 +hostname=portal.onap.org +csp_domain=PROD + +# Add Absolute path to Keyfile; Need to Replace the path +cadi_keyfile={path}/keyfile + + +# This is required to accept Certificate Authentication from Certman certificates. +# can be TEST, IST or PROD +aaf_env=TEST + +# DEBUG prints off all the properties. Use to get started. +cadi_loglevel=DEBUG + + +# Become CSO Poodle Compliant by only allowing sanctioned TLS versions +# The following is the default +# cadi_protocols=TLSv1.1,TLSv1.2 + +# Default TrustStore - REQUIRED for changing PROTOCOL Defaults for DME2 +# Read https://wiki.web.att.com/pages/viewpage.action?pageId=574623569#URGENT:SolvingSSL2-3/TLSv1removalissues-Up-to-dateTruststore +# Replace the below cadi_truststore with an Absolute path to truststore2018.jks +cadi_truststore={path}/truststore2018.jks +# Note: This is the ONLY password that doesn't have to be encrypted. All Java's TrustStores are this passcode by default, because they are public certs +cadi_truststore_password=XXXXX + +# how to turn on SSL Logging +#javax.net.debug=ssl + +## +# Hint +# Use "maps.bing.com" to get Lat and Long for an Address +cadi_latitude=32.780140 +cadi_longitude=-96.800451 +AFT_ENVIRONMENT=AFTUAT +AFT_DME2_CLIENT_IGNORE_SSL_CONFIG=true +DME2.DEBUG=true +AFT_DME2_HTTP_EXCHANGE_TRACE_ON=true + diff --git a/ecomp-portal-BE-os/pom.xml b/ecomp-portal-BE-os/pom.xml index df1dc7aa..ad9a9927 100644 --- a/ecomp-portal-BE-os/pom.xml +++ b/ecomp-portal-BE-os/pom.xml @@ -5,7 +5,7 @@ <parent> <groupId>org.onap.portal</groupId> <artifactId>onap-portal-parent</artifactId> - <version>2.5.0</version> + <version>2.6.0-SNAPSHOT</version> </parent> <artifactId>portal-be-os</artifactId> diff --git a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/authentication/OpenIdConnectLoginStrategy.java b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/authentication/OpenIdConnectLoginStrategy.java index 4306d1f8..456f0011 100644 --- a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/authentication/OpenIdConnectLoginStrategy.java +++ b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/authentication/OpenIdConnectLoginStrategy.java @@ -55,12 +55,9 @@ import org.springframework.util.StringUtils; import org.springframework.web.servlet.ModelAndView; public class OpenIdConnectLoginStrategy extends org.onap.portalsdk.core.auth.LoginStrategy implements org.onap.portalapp.authentication.LoginStrategy { - - private EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(OpenIdConnectLoginStrategy.class); - + private static final EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(OpenIdConnectLoginStrategy.class); private static final String GLOBAL_LOCATION_KEY = "Location"; - @SuppressWarnings("rawtypes") public boolean login(HttpServletRequest request, HttpServletResponse response) throws Exception{ logger.info("Attempting Login"); @@ -93,7 +90,7 @@ public class OpenIdConnectLoginStrategy extends org.onap.portalsdk.core.auth.Log String loginUrl = SystemProperties.getProperty(EPSystemProperties.LOGIN_URL_NO_RET_VAL); logger.info(EELFLoggerDelegate.errorLogger, "Authentication Mechanism: '" + authentication + "'."); - if (authentication == null || authentication.equals("") || authentication.trim().equals("OIDC")) { + if (authentication == null || "".equals(authentication) || "OIDC".equals(authentication.trim())) { response.sendRedirect("oid-login"); } else { logger.info(EELFLoggerDelegate.errorLogger, "No cookies are found, redirecting the request to '" + loginUrl + "'."); @@ -108,10 +105,10 @@ public class OpenIdConnectLoginStrategy extends org.onap.portalsdk.core.auth.Log } @Override - public ModelAndView doLogin(HttpServletRequest request, HttpServletResponse response) throws Exception { + public ModelAndView doLogin(HttpServletRequest request, HttpServletResponse response) throws PortalAPIException { String message = "Method not implmented; Cannot be called"; logger.error(EELFLoggerDelegate.errorLogger, message); - throw new Exception(message); + throw new PortalAPIException(message); } @Override diff --git a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/authentication/SimpleLoginStrategy.java b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/authentication/SimpleLoginStrategy.java index dc3f7601..a5f87908 100644 --- a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/authentication/SimpleLoginStrategy.java +++ b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/authentication/SimpleLoginStrategy.java @@ -40,6 +40,7 @@ package org.onap.portalapp.authentication; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import lombok.NoArgsConstructor; import org.onap.portalapp.command.EPLoginBean; import org.onap.portalapp.portal.service.EPLoginService; import org.onap.portalapp.portal.service.EPRoleFunctionService; @@ -54,18 +55,21 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.util.StringUtils; import org.springframework.web.servlet.ModelAndView; +@NoArgsConstructor public class SimpleLoginStrategy extends org.onap.portalsdk.core.auth.LoginStrategy implements LoginStrategy{ - - @Autowired + private static final String GLOBAL_LOCATION_KEY = "Location"; + private static final EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(SimpleLoginStrategy.class); + private EPLoginService loginService; + private EPRoleFunctionService ePRoleFunctionService; @Autowired - private EPRoleFunctionService ePRoleFunctionService; - - private static final String GLOBAL_LOCATION_KEY = "Location"; - - EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(SimpleLoginStrategy.class); - + public SimpleLoginStrategy(EPLoginService loginService, + EPRoleFunctionService ePRoleFunctionService) { + this.loginService = loginService; + this.ePRoleFunctionService = ePRoleFunctionService; + } + public boolean login(HttpServletRequest request, HttpServletResponse response) throws Exception{ logger.info("Attempting 'Simple' Login"); @@ -79,9 +83,7 @@ public class SimpleLoginStrategy extends org.onap.portalsdk.core.auth.LoginStrat commandBean = loginService.findUser(commandBean, (String)request.getAttribute(MenuProperties.MENU_PROPERTIES_FILENAME_KEY), null); // in case authentication has passed but user is not in the ONAP data base, return a Guest User to the home page. - if (commandBean.getUser() == null) { - } - else { + if (commandBean.getUser() != null) { // store the currently logged in user's information in the session EPUserUtils.setUserSession(request, commandBean.getUser(), commandBean.getMenu(), commandBean.getBusinessDirectMenu(), "", ePRoleFunctionService); logger.info(EELFLoggerDelegate.debugLogger, commandBean.getUser().getOrgUserId() + " exists in the the system."); @@ -96,15 +98,15 @@ public class SimpleLoginStrategy extends org.onap.portalsdk.core.auth.LoginStrat String authentication = SystemProperties.getProperty(SystemProperties.AUTHENTICATION_MECHANISM); String loginUrl = SystemProperties.getProperty(EPSystemProperties.LOGIN_URL_NO_RET_VAL); logger.info(EELFLoggerDelegate.errorLogger, "Authentication Mechanism: '" + authentication + "'."); - if (authentication == null || authentication.equals("") || authentication.trim().equals("BOTH")) { + if (authentication == null || authentication.isEmpty() || "BOTH".equals(authentication.trim())) { logger.info(EELFLoggerDelegate.errorLogger, "No cookies are found, redirecting the request to '" + loginUrl + "'."); response.setStatus(HttpServletResponse.SC_MOVED_TEMPORARILY); - response.setHeader(GLOBAL_LOCATION_KEY, loginUrl); //returnUrl + "/index.htm"); + response.setHeader(GLOBAL_LOCATION_KEY, loginUrl); }else { logger.info(EELFLoggerDelegate.errorLogger, "No cookies are found, redirecting the request to '" + loginUrl + "'."); response.setStatus(HttpServletResponse.SC_MOVED_TEMPORARILY); - response.setHeader(GLOBAL_LOCATION_KEY, loginUrl); //returnUrl + "/index.htm"); + response.setHeader(GLOBAL_LOCATION_KEY, loginUrl); } } catch(Exception e) { logger.error(EELFLoggerDelegate.errorLogger, "login failed", e); @@ -116,10 +118,10 @@ public class SimpleLoginStrategy extends org.onap.portalsdk.core.auth.LoginStrat } @Override - public ModelAndView doLogin(HttpServletRequest request, HttpServletResponse response) throws Exception { + public ModelAndView doLogin(HttpServletRequest request, HttpServletResponse response) throws PortalAPIException { String message = "Method not implmented; Cannot be called"; logger.error(EELFLoggerDelegate.errorLogger, message); - throw new Exception(message); + throw new PortalAPIException(message); } @Override diff --git a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/controller/LoginController.java b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/controller/LoginController.java index 0ba7bdc6..56064b99 100644 --- a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/controller/LoginController.java +++ b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/controller/LoginController.java @@ -39,6 +39,7 @@ package org.onap.portalapp.controller; import static com.att.eelf.configuration.Configuration.MDC_KEY_REQUEST_ID; +import java.io.IOException; import java.net.MalformedURLException; import java.net.URL; import java.net.URLDecoder; @@ -68,8 +69,10 @@ import org.onap.portalsdk.core.menu.MenuProperties; import org.onap.portalsdk.core.util.SystemProperties; import org.slf4j.MDC; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.http.HttpStatus; import org.springframework.stereotype.Controller; import org.springframework.util.StopWatch; +import org.springframework.web.bind.annotation.ExceptionHandler; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.ResponseBody; @@ -409,4 +412,9 @@ public class LoginController extends EPUnRestrictedBaseController implements Log this.sharedContextService = sharedContextService; } + @ExceptionHandler(Exception.class) + protected void handleBadRequests(Exception e, HttpServletResponse response) throws IOException { + logger.warn(EELFLoggerDelegate.errorLogger, "Handling bad request", e); + response.sendError(HttpStatus.BAD_REQUEST.value()); + } } diff --git a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/controller/ONAPLoginController.java b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/controller/ONAPLoginController.java index 1da1d1bb..98cd790f 100644 --- a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/controller/ONAPLoginController.java +++ b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/controller/ONAPLoginController.java @@ -37,12 +37,10 @@ */ package org.onap.portalapp.controller; -import java.util.HashMap; -import java.util.Map; - import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import lombok.NoArgsConstructor; import org.onap.portalsdk.core.auth.LoginStrategy; import org.onap.portalsdk.core.controller.UnRestrictedBaseController; import org.onap.portalsdk.core.onboarding.listener.PortalTimeoutHandler; @@ -57,14 +55,20 @@ import org.springframework.web.servlet.ModelAndView; @Controller @RequestMapping("/") +@NoArgsConstructor public class ONAPLoginController extends UnRestrictedBaseController { - @Autowired - ProfileService service; - @Autowired + private ProfileService service; private LoginService loginService; - @Autowired private LoginStrategy loginStrategy; - String viewName; + private String viewName; + + @Autowired + public ONAPLoginController(ProfileService service, LoginService loginService, + LoginStrategy loginStrategy) { + this.service = service; + this.loginService = loginService; + this.loginStrategy = loginStrategy; + } @RequestMapping(value = { "/doLogin" }, method = RequestMethod.GET) public ModelAndView doLogin(HttpServletRequest request, HttpServletResponse response) throws Exception { @@ -80,14 +84,6 @@ public class ONAPLoginController extends UnRestrictedBaseController { PortalTimeoutHandler.sessionCreated(jSessionId, jSessionId, AppUtils.getSession(request)); } - public String getViewName() { - return viewName; - } - - public void setViewName(String viewName) { - this.viewName = viewName; - } - public LoginService getLoginService() { return loginService; } @@ -96,4 +92,13 @@ public class ONAPLoginController extends UnRestrictedBaseController { this.loginService = loginService; } + @Override + public String getViewName() { + return viewName; + } + + @Override + public void setViewName(String viewName) { + this.viewName = viewName; + } } diff --git a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/controller/ONAPWelcomeController.java b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/controller/ONAPWelcomeController.java index 26564a04..4d3c82a2 100644 --- a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/controller/ONAPWelcomeController.java +++ b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/controller/ONAPWelcomeController.java @@ -44,9 +44,11 @@ import javax.annotation.Resource; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import lombok.NoArgsConstructor; import org.mitre.openid.connect.client.SubjectIssuerGrantedAuthority; import org.onap.portalapp.controller.EPRestrictedBaseController; import org.onap.portalapp.portal.logging.aop.EPAuditLog; +import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.EnableAspectJAutoProxy; import org.springframework.stereotype.Controller; import org.springframework.ui.Model; @@ -56,12 +58,11 @@ import org.springframework.web.servlet.ModelAndView; @Controller @RequestMapping("/") -@org.springframework.context.annotation.Configuration +@Configuration @EnableAspectJAutoProxy @EPAuditLog +@NoArgsConstructor public class ONAPWelcomeController extends EPRestrictedBaseController{ - String viewName; - @RequestMapping(value = "/index.htm", method = RequestMethod.GET) public String getIndexPage(HttpServletRequest request) { return "/index"; @@ -72,14 +73,6 @@ public class ONAPWelcomeController extends EPRestrictedBaseController{ return "forward:/index.html"; } - protected String getViewName() { - return viewName; - } - - protected void setViewName(String viewName) { - this.viewName = viewName; - } - // TODO Need to revisit this as its conflicting with Spring Security; check web.xml's oid-context.xml config //@Resource(name = "namedAdmins") private Set<SubjectIssuerGrantedAuthority> admins; diff --git a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/controller/PeerBroadcastSocket.java b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/controller/PeerBroadcastSocket.java index cbc34337..c80419f9 100644 --- a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/controller/PeerBroadcastSocket.java +++ b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/controller/PeerBroadcastSocket.java @@ -39,65 +39,34 @@ */ package org.onap.portalapp.controller; +import com.fasterxml.jackson.databind.ObjectMapper; import java.io.IOException; -import java.util.Hashtable; +import java.util.HashMap; import java.util.Map; - +import java.util.Optional; import javax.websocket.OnClose; import javax.websocket.OnMessage; import javax.websocket.OnOpen; import javax.websocket.Session; import javax.websocket.server.ServerEndpoint; - import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; -import com.fasterxml.jackson.databind.ObjectMapper; @ServerEndpoint("/opencontact") public class PeerBroadcastSocket { + private static final EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(PeerBroadcastSocket.class); + private static final ObjectMapper mapper = new ObjectMapper(); - EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(PeerBroadcastSocket.class); - - public final static Map<String, Object> channelMap = new Hashtable<String, Object>(); - public Map<String, String> sessionMap = new Hashtable<String, String>(); - ObjectMapper mapper = new ObjectMapper(); + protected static final Map<String, Object> channelMap = new HashMap<>(); + private Map<String, String> sessionMap = new HashMap<>(); @OnMessage public void message(String message, Session session) { try { - // JSONObject jsonObject = new JSONObject(message); - @SuppressWarnings("unchecked") Map<String, Object> jsonObject = mapper.readValue(message, Map.class); - try { - Object from = jsonObject.get("from"); - if (from != null) { - if(channelMap.get(from.toString()) == null) { - channelMap.put(from.toString(), session); - sessionMap.put(session.getId(), from.toString()); - } - } - } catch (Exception je) { - logger.error(EELFLoggerDelegate.errorLogger, "Failed to read value" + je.getMessage()); - } - - try { - Object to = jsonObject.get("to"); - if (to == null) - return; - Object toSessionObj = channelMap.get(to); - /*if (toSessionObj != null) { - Session toSession = null; - toSession = (Session) toSessionObj; - toSession.getBasicRemote().sendText(message); - } -*/ - } catch (Exception ex) { - logger.error(EELFLoggerDelegate.errorLogger, "Failed to send text" + ex.getMessage()); - } - + save(jsonObject, session); } catch (Exception ex) { logger.error(EELFLoggerDelegate.errorLogger, "Failed" + ex.getMessage()); } - } @OnOpen @@ -122,5 +91,13 @@ public class PeerBroadcastSocket { logger.info(EELFLoggerDelegate.debugLogger, "Channel closed"); } + private void save(Map<String, Object> jsonObject, Session session) { + final Optional<String> from = Optional.of(jsonObject.get("from").toString()); + if (from.isPresent() && channelMap.get(from.get()) == null) { + this.channelMap.put(from.toString(), session); + this.sessionMap.put(session.getId(), from.toString()); + } + } + } diff --git a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/filter/SecurityXssFilter.java b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/filter/SecurityXssFilter.java index 25eee828..703019f9 100644 --- a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/filter/SecurityXssFilter.java +++ b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/filter/SecurityXssFilter.java @@ -1,9 +1,9 @@ - /*- * ============LICENSE_START========================================== * ONAP Portal * =================================================================== * Copyright © 2017 AT&T Intellectual Property. All rights reserved. + * Modifications Copyright (c) 2019 Samsung * =================================================================== * * Unless otherwise specified, all software contained herein is licensed @@ -36,6 +36,7 @@ * * */ + package org.onap.portalapp.filter; import java.io.BufferedReader; @@ -48,7 +49,6 @@ import java.util.Enumeration; import javax.servlet.FilterChain; import javax.servlet.ReadListener; -import javax.servlet.ServletException; import javax.servlet.ServletInputStream; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequestWrapper; @@ -62,7 +62,7 @@ import org.springframework.web.filter.OncePerRequestFilter; public class SecurityXssFilter extends OncePerRequestFilter { - private EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(SecurityXssFilter.class); + private EELFLoggerDelegate sxLogger = EELFLoggerDelegate.getLogger(SecurityXssFilter.class); private static final String APPLICATION_JSON = "application/json"; @@ -120,40 +120,47 @@ public class SecurityXssFilter extends OncePerRequestFilter { @Override public void setReadListener(ReadListener readListener) { - + // do nothing } - } } @Override protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) - throws ServletException, IOException { + throws IOException { StringBuilder requestURL = new StringBuilder(request.getRequestURL().toString()); - String queryString = request.getQueryString(); - String requestUrl = ""; - if (queryString == null) { - requestUrl = requestURL.toString(); - } else { - requestUrl = requestURL.append('?').append(queryString).toString(); - } - validateRequest(requestUrl, response); + String queryString = request.getQueryString(); + String requestUrl; + + if (queryString == null) { + requestUrl = requestURL.toString(); + } else { + requestUrl = requestURL.append('?').append(queryString).toString(); + } + + validateRequest(requestUrl, response); StringBuilder headerValues = new StringBuilder(); Enumeration<String> headerNames = request.getHeaderNames(); + while (headerNames.hasMoreElements()) { - String key = (String) headerNames.nextElement(); + String key = headerNames.nextElement(); String value = request.getHeader(key); headerValues.append(value); } + validateRequest(headerValues.toString(), response); + if (validateRequestType(request)) { request = new RequestWrapper(request); String requestData = IOUtils.toString(request.getInputStream(), StandardCharsets.UTF_8.toString()); validateRequest(requestData, response); - filterChain.doFilter(request, response); + } - } else { + try { filterChain.doFilter(request, response); + } catch (Exception e) { + sxLogger.warn(EELFLoggerDelegate.errorLogger, "Handling bad request", e); + response.sendError(org.springframework.http.HttpStatus.BAD_REQUEST.value(), "Handling bad request"); } } @@ -171,9 +178,8 @@ public class SecurityXssFilter extends OncePerRequestFilter { throw new SecurityException(ERROR_BAD_REQUEST); } } catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger, "doFilterInternal() failed due to BAD_REQUEST", e); + sxLogger.error(EELFLoggerDelegate.errorLogger, "doFilterInternal() failed due to BAD_REQUEST", e); response.getWriter().close(); - return; } } -}
\ No newline at end of file +} diff --git a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/portal/controller/AppsOSController.java b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/portal/controller/AppsOSController.java index ed540551..915c5e08 100644 --- a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/portal/controller/AppsOSController.java +++ b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/portal/controller/AppsOSController.java @@ -40,8 +40,13 @@ package org.onap.portalapp.portal.controller; import java.util.HashMap; import java.util.Map; +import java.util.Set; import javax.servlet.http.HttpServletRequest; +import javax.validation.ConstraintViolation; +import javax.validation.Validation; +import javax.validation.Validator; +import javax.validation.ValidatorFactory; import org.json.JSONObject; import org.onap.portalapp.portal.controller.AppsController; import org.onap.portalapp.portal.domain.EPUser; @@ -53,6 +58,7 @@ import org.onap.portalapp.portal.service.EPAppService; import org.onap.portalapp.portal.service.PersUserAppService; import org.onap.portalapp.portal.service.UserService; import org.onap.portalapp.util.EPUserUtils; +import org.onap.portalapp.validation.SecureString; import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.EnableAspectJAutoProxy; @@ -67,6 +73,7 @@ import org.springframework.web.bind.annotation.RestController; @EnableAspectJAutoProxy @EPAuditLog public class AppsOSController extends AppsController { + private static final ValidatorFactory validatorFactory = Validation.buildDefaultValidatorFactory(); static final String FAILURE = "failure"; EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(AppsOSController.class); @@ -113,9 +120,20 @@ public class AppsOSController extends AppsController { @RequestMapping(value = { "/portalApi/currentUserProfile/{loginId}" }, method = RequestMethod.GET, produces = "application/json") public String getCurrentUserProfile(HttpServletRequest request, @PathVariable("loginId") String loginId) { + + if(loginId != null){ + Validator validator = validatorFactory.getValidator(); + SecureString secureString = new SecureString(loginId); + Set<ConstraintViolation<SecureString>> constraintViolations = validator.validate(secureString); + + if (!constraintViolations.isEmpty()){ + return "loginId is not valid"; + } + } + - Map<String,String> map = new HashMap<String,String>(); - EPUser user = null; + Map<String,String> map = new HashMap<>(); + EPUser user; try { user = (EPUser) userService.getUserByUserId(loginId).get(0); map.put("firstName", user.getFirstName()); @@ -128,7 +146,7 @@ public class AppsOSController extends AppsController { logger.error(EELFLoggerDelegate.errorLogger, "Failed to get user info", e); } - JSONObject j = new JSONObject(map);; + JSONObject j = new JSONObject(map); return j.toString(); } diff --git a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/portal/controller/DashboardSearchResultController.java b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/portal/controller/DashboardSearchResultController.java index 0be57120..1dff6040 100644 --- a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/portal/controller/DashboardSearchResultController.java +++ b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/portal/controller/DashboardSearchResultController.java @@ -48,7 +48,6 @@ import java.util.Map; import javax.servlet.http.HttpServletRequest; import org.onap.portalapp.controller.EPRestrictedBaseController; -import org.onap.portalapp.portal.controller.DashboardSearchResultController; import org.onap.portalapp.portal.domain.EPUser; import org.onap.portalapp.portal.ecomp.model.PortalRestResponse; import org.onap.portalapp.portal.ecomp.model.PortalRestStatusEnum; @@ -57,6 +56,8 @@ import org.onap.portalapp.portal.service.DashboardSearchService; import org.onap.portalapp.portal.transport.CommonWidget; import org.onap.portalapp.portal.transport.CommonWidgetMeta; import org.onap.portalapp.util.EPUserUtils; +import org.onap.portalapp.validation.DataValidator; +import org.onap.portalapp.validation.SecureString; import org.onap.portalsdk.core.domain.support.CollaborateList; import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; import org.springframework.beans.factory.annotation.Autowired; @@ -71,6 +72,7 @@ import org.springframework.web.bind.annotation.RestController; public class DashboardSearchResultController extends EPRestrictedBaseController { private static EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(DashboardSearchResultController.class); + private DataValidator dataValidator = new DataValidator(); @Autowired private DashboardSearchService searchService; @@ -86,7 +88,12 @@ public class DashboardSearchResultController extends EPRestrictedBaseController @RequestMapping(value = "/widgetData", method = RequestMethod.GET, produces = "application/json") public PortalRestResponse<CommonWidgetMeta> getWidgetData(HttpServletRequest request, @RequestParam String resourceType) { - return new PortalRestResponse<CommonWidgetMeta>(PortalRestStatusEnum.OK, "success", + if (resourceType !=null){ + SecureString secureString = new SecureString(resourceType); + if (!dataValidator.isValid(secureString)) + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "Provided data is invalid", null); + } + return new PortalRestResponse<>(PortalRestStatusEnum.OK, "success", searchService.getWidgetData(resourceType)); } @@ -100,9 +107,14 @@ public class DashboardSearchResultController extends EPRestrictedBaseController @RequestMapping(value = "/widgetDataBulk", method = RequestMethod.POST, produces = "application/json") public PortalRestResponse<String> saveWidgetDataBulk(@RequestBody CommonWidgetMeta commonWidgetMeta) { logger.debug(EELFLoggerDelegate.debugLogger, "saveWidgetDataBulk: argument is {}", commonWidgetMeta); - if (commonWidgetMeta.getCategory() == null || commonWidgetMeta.getCategory().trim().equals("")) + if (commonWidgetMeta.getCategory() == null || commonWidgetMeta.getCategory().trim().equals("")){ return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, "ERROR", "Category cannot be null or empty"); + }else { + if(!dataValidator.isValid(commonWidgetMeta)) + return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, "ERROR", + "Category is not valid"); + } // validate dates for (CommonWidget cw : commonWidgetMeta.getItems()) { String err = validateCommonWidget(cw); @@ -123,13 +135,18 @@ public class DashboardSearchResultController extends EPRestrictedBaseController @RequestMapping(value = "/widgetData", method = RequestMethod.POST, produces = "application/json") public PortalRestResponse<String> saveWidgetData(@RequestBody CommonWidget commonWidget) { logger.debug(EELFLoggerDelegate.debugLogger, "saveWidgetData: argument is {}", commonWidget); - if (commonWidget.getCategory() == null || commonWidget.getCategory().trim().equals("")) - return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, "ERROR", + if (commonWidget.getCategory() == null || commonWidget.getCategory().trim().equals("")){ + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "ERROR", "Cateogry cannot be null or empty"); + }else { + if(!dataValidator.isValid(commonWidget)) + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "ERROR", + "Category is not valid"); + } String err = validateCommonWidget(commonWidget); if (err != null) - return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, err, null); - return new PortalRestResponse<String>(PortalRestStatusEnum.OK, "success", + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, err, null); + return new PortalRestResponse<>(PortalRestStatusEnum.OK, "success", searchService.saveWidgetData(commonWidget)); } @@ -165,7 +182,10 @@ public class DashboardSearchResultController extends EPRestrictedBaseController @RequestMapping(value = "/deleteData", method = RequestMethod.POST, produces = "application/json") public PortalRestResponse<String> deleteWidgetData(@RequestBody CommonWidget commonWidget) { logger.debug(EELFLoggerDelegate.debugLogger, "deleteWidgetData: argument is {}", commonWidget); - return new PortalRestResponse<String>(PortalRestStatusEnum.OK, "success", + if(!dataValidator.isValid(commonWidget)) + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "ERROR", + "Data is not valid"); + return new PortalRestResponse<>(PortalRestStatusEnum.OK, "success", searchService.deleteWidgetData(commonWidget)); } @@ -180,16 +200,24 @@ public class DashboardSearchResultController extends EPRestrictedBaseController @RequestMapping(value = "/allPortal", method = RequestMethod.GET, produces = "application/json") public PortalRestResponse<Map<String, List<SearchResultItem>>> searchPortal(HttpServletRequest request, @RequestParam String searchString) { + if(searchString!=null){ + SecureString secureString = new SecureString(searchString); + if(!dataValidator.isValid(secureString)){ + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, + "searchPortal: User object is invalid", + null); + } + } EPUser user = EPUserUtils.getUserSession(request); try { if (user == null) { return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "searchPortal: User object is null? - check logs", - new HashMap<String, List<SearchResultItem>>()); + new HashMap<>()); } else if (searchString == null || searchString.trim().length() == 0) { return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "searchPortal: String string is null", - new HashMap<String, List<SearchResultItem>>()); + new HashMap<>()); } else { logger.debug(EELFLoggerDelegate.debugLogger, "searchPortal: user {}, search string '{}'", user.getLoginId(), searchString); @@ -200,7 +228,7 @@ public class DashboardSearchResultController extends EPRestrictedBaseController } catch (Exception e) { logger.error(EELFLoggerDelegate.errorLogger, "searchPortal failed", e); return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, e.getMessage() + " - check logs.", - new HashMap<String, List<SearchResultItem>>()); + new HashMap<>()); } } diff --git a/ecomp-portal-BE-os/src/main/webapp/WEB-INF/conf/sql.properties b/ecomp-portal-BE-os/src/main/webapp/WEB-INF/conf/sql.properties index 83779052..8663cd44 100644 --- a/ecomp-portal-BE-os/src/main/webapp/WEB-INF/conf/sql.properties +++ b/ecomp-portal-BE-os/src/main/webapp/WEB-INF/conf/sql.properties @@ -291,19 +291,6 @@ random.string = select ( 'Z' || round(random() * 1000000000000)) scheduler.user.emails = SELECT au.user_id FROM (SELECT rs.schedule_id, rs.rep_id FROM cr_report_schedule rs WHERE rs.enabled_yn='Y' AND rs.start_date <= now() AND rs.end_date >= now() AND rs.run_date IS NOT NULL AND rs.schedule_id = [p_schedule_id] ) x, cr_report r, fn_user au WHERE x.rep_id = r.rep_id AND au.user_id IN (SELECT rsu.user_id FROM cr_report_schedule_users rsu WHERE rsu.schedule_id = x.schedule_id and rsu.schedule_id = [p_schedule_id] UNION SELECT ur.user_id FROM fn_user_role ur WHERE ur.role_id IN (SELECT rsu2.role_id FROM cr_report_schedule_users rsu2 WHERE rsu2.schedule_id = x.schedule_id and rsu2.schedule_id = [p_schedule_id])) - -# my logins - -app.query = SELECT APP_ID, ML_APP_NAME, MOTS_ID from fn_app where ((enabled = 'Y' and open = 'N') or app_id = 1 ) - -user.log.query = SELECT DISTINCT IFNULL(ORG_USER_ID, '') CUID, '' AWID, CONCAT('"',IFNULL(ORG_USER_ID, ''),'"') APPLICATIONUSERID, CONCAT('"',IFNULL(FIRST_NAME, ''),'"') FIRST_NAME, CONCAT('"',substr(IFNULL(MIDDLE_NAME, ''), 0, 1),'"') MIDDLE_INITIAL, CONCAT('"',IFNULL(LAST_NAME, ''),'"') LAST_NAME, IFNULL(DATE_FORMAT(LAST_LOGIN_DATE, '%Y/%m/%d'), '') LAST_LOGON_DATE, DATE_FORMAT(CREATED_DATE, '%Y/%m/%d') ACCOUNT_ACTIVATION_DATE, IFNULL(DATE_FORMAT(MODIFIED_DATE, '%Y/%m/%d'), '') LAST_DATE_ACCOUNT_MODIFIED, '' LAST_PASSWORD_CHANGE_DATE, CONCAT('"',IFNULL(FIRST_NAME, ''),' ',IFNULL(MIDDLE_NAME, ''),' ',IFNULL(LAST_NAME, ''),'"') FULL_USER_NAME, '' NT_ID, IFNULL(EMAIL, '') EMAIL FROM FN_USER FU, FN_USER_ROLE FUR, FN_ROLE FR WHERE FU.USER_ID = FUR.USER_ID and FUR.ROLE_ID = FR.ROLE_ID and ((FUR.APP_ID = 1 and FUR.APP_ID = ? and FR.ROLE_NAME <> 'Standard User') or (FUR.APP_ID = ? and FUR.APP_ID <> 1)) and FU.ACTIVE_YN = 'Y' and FU.org_user_id is not null order by 1 - -profile.log.query = SELECT DISTINCT CONCAT('"' , ROLE_NAME , '"') PROFILE_NAME, '""' SECURITY_SETTINGS FROM FN_ROLE FR, FN_USER_ROLE FUR WHERE FUR.ROLE_ID = FR.ROLE_ID and FR.ACTIVE_YN = 'Y' and ((FUR.APP_ID = 1 and FUR.APP_ID = ? and FR.ROLE_NAME <> 'Standard User') or (FUR.APP_ID = ? and FUR.APP_ID <> 1)) ORDER BY 1 - -user.profile.log.query = SELECT DISTINCT IFNULL(ORG_USER_ID, '') CUID, '' AWID, CONCAT('"' , IFNULL(ORG_USER_ID, '') , '"') APPLICATIONUSERID , CONCAT('"' , ROLE_NAME , '"') PROFILE_NAME FROM FN_USER A, FN_USER_ROLE B, FN_ROLE C WHERE A.USER_ID = B.USER_ID AND B.ROLE_ID = C.ROLE_ID AND A.ACTIVE_YN = 'Y' AND C.ACTIVE_YN = 'Y' AND a.ORG_USER_ID is not null AND ((B.APP_ID = 1 and B.APP_ID = ? and C.ROLE_NAME <> 'Standard User') or (B.APP_ID = ? and B.APP_ID <> 1)) ORDER BY 1 - -all.accounts.log.query = SELECT DISTINCT IFNULL(ORG_USER_ID, '') CUID, (case when A.ACTIVE_YN='Y' then 'ACTIVE' else 'INACTIVE' end) ACTIVE_YN, CONCAT('"' , IFNULL(ORG_USER_ID, '') , '"') APPLICATIONUSERID , IFNULL(DATE_FORMAT(LAST_LOGIN_DATE, '%Y/%m/%d'), '') LAST_LOGON_DATE, '' LAST_PASSWORD_CHANGE_DATE, CONCAT('"' , ROLE_NAME , '"') PROFILE_NAME FROM FN_USER A, FN_USER_ROLE B, FN_ROLE C WHERE A.USER_ID = B.USER_ID AND B.ROLE_ID = C.ROLE_ID AND a.ORG_USER_ID is not null AND ((B.APP_ID = 1 and B.APP_ID = ? and C.ROLE_NAME <> 'Standard User') or (B.APP_ID = ? and B.APP_ID <> 1)) ORDER BY 1 - # basic sql seq.next.val = SELECT nextval('[sequenceName]') AS id diff --git a/ecomp-portal-BE-os/src/main/webapp/WEB-INF/jsp/login.jsp b/ecomp-portal-BE-os/src/main/webapp/WEB-INF/jsp/login.jsp index 8d80d334..99c5af4f 100644 --- a/ecomp-portal-BE-os/src/main/webapp/WEB-INF/jsp/login.jsp +++ b/ecomp-portal-BE-os/src/main/webapp/WEB-INF/jsp/login.jsp @@ -174,7 +174,8 @@ app.controller("externalLoginController", function ($scope) { success:function (response){ if(response.success=="success"){ //window.location.href = 'applicationsHome'; - window.location.href= "<%=frontUrl%>" + window.location.href= "<%=frontUrl%>", + sessionStorage.setItem('userId',$scope.loginId) }else{ $("#errorInfo span").text(response); //$("#errorInfo").text = response; diff --git a/ecomp-portal-BE-os/src/main/webapp/WEB-INF/web.xml b/ecomp-portal-BE-os/src/main/webapp/WEB-INF/web.xml index 1181a2fd..af712d4e 100644 --- a/ecomp-portal-BE-os/src/main/webapp/WEB-INF/web.xml +++ b/ecomp-portal-BE-os/src/main/webapp/WEB-INF/web.xml @@ -106,32 +106,32 @@ <filter-name>SecurityXssFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> - <!-- <filter> - <filter-name>CadiAuthFilter</filter-name> - <filter-class>org.onap.portalsdk.core.onboarding.crossapi.CadiAuthFilter</filter-class> - <init-param> - <param-name>cadi_prop_files</param-name> - Add Absolute path of cadi.properties - <param-value>{Path}/cadi.properties - </param-value> - </init-param> - Add param values with comma delimited values - <init-param> - <param-name>include_url_endpoints</param-name> - <param-value>/auxapi/*</param-value> - </init-param> - <init-param> - <param-name>exclude_url_endpoints</param-name> - <param-value>/api/v3/analytics,/api/v3/storeAnalytics</param-value> - </init-param> - </filter> - <filter-mapping> - <filter-name>CadiAuthFilter</filter-name> - <url-pattern>/auxapi/v3/*</url-pattern> - </filter-mapping> - <filter-mapping> - <filter-name>CadiAuthFilter</filter-name> - <url-pattern>/auxapi/v4/*</url-pattern> +<!-- <filter> --> +<!-- <filter-name>CadiAuthFilter</filter-name> --> +<!-- <filter-class>org.onap.portalsdk.core.onboarding.crossapi.CadiAuthFilter</filter-class> --> +<!-- <init-param> --> +<!-- <param-name>cadi_prop_files</param-name> --> +<!-- Add Absolute path of cadi.properties --> +<!-- <param-value>{Path}/cadi.properties --> +<!-- </param-value> --> +<!-- </init-param> --> +<!-- Add param values with comma delimited values --> +<!-- <init-param> --> +<!-- <param-name>include_url_endpoints</param-name> --> +<!-- <param-value>/auxapi/*</param-value> --> +<!-- </init-param> --> +<!-- <init-param> --> +<!-- <param-name>exclude_url_endpoints</param-name> --> +<!-- <param-value>/api/v3/analytics,/api/v3/storeAnalytics</param-value> --> +<!-- </init-param> --> +<!-- </filter> --> +<!-- <filter-mapping> --> +<!-- <filter-name>CadiAuthFilter</filter-name> --> +<!-- <url-pattern>/auxapi/v3/*</url-pattern> --> +<!-- </filter-mapping> --> +<!-- <filter-mapping> --> +<!-- <filter-name>CadiAuthFilter</filter-name> --> +<!-- <url-pattern>/auxapi/v4/*</url-pattern> --> - </filter-mapping> --> +<!-- </filter-mapping> --> </web-app> diff --git a/ecomp-portal-BE-os/src/test/java/org/onap/portalapp/portal/controller/AppsOSControllerTest.java b/ecomp-portal-BE-os/src/test/java/org/onap/portalapp/portal/controller/AppsOSControllerTest.java index 0596e749..15fe1dd9 100644 --- a/ecomp-portal-BE-os/src/test/java/org/onap/portalapp/portal/controller/AppsOSControllerTest.java +++ b/ecomp-portal-BE-os/src/test/java/org/onap/portalapp/portal/controller/AppsOSControllerTest.java @@ -176,6 +176,17 @@ public class AppsOSControllerTest { } @Test + public void getCurrentUserProfileXSSTest() { + String loginId = "<iframe/src=\"data:text/html,<svg onload=alert(1)>\">"; + EPUser user = mockUser.mockEPUser(); + List<EPUser> expectedList = new ArrayList<>(); + expectedList.add(user); + Mockito.when(userService.getUserByUserId(loginId)).thenReturn(expectedList); + String expectedString = appsOSController.getCurrentUserProfile(mockedRequest, loginId); + assertEquals("loginId is not valid", expectedString); + } + + @Test public void getCurrentUserProfileExceptionTest() { String loginId = "guestT"; EPUser user = mockUser.mockEPUser(); diff --git a/ecomp-portal-BE-os/src/test/java/org/onap/portalapp/portal/controller/DashboardSearchResultControllerTest.java b/ecomp-portal-BE-os/src/test/java/org/onap/portalapp/portal/controller/DashboardSearchResultControllerTest.java index 9edf99e7..ff588daa 100644 --- a/ecomp-portal-BE-os/src/test/java/org/onap/portalapp/portal/controller/DashboardSearchResultControllerTest.java +++ b/ecomp-portal-BE-os/src/test/java/org/onap/portalapp/portal/controller/DashboardSearchResultControllerTest.java @@ -99,6 +99,18 @@ public class DashboardSearchResultControllerTest { } @Test + public void getWidgetDataXSSTest() { + String resourceType = "\"<IMG SRC=\\\"jav\\tascript:alert('XSS');\\\">\""; + PortalRestResponse expectedPortalRestResponse = new PortalRestResponse<>(); + expectedPortalRestResponse.setMessage("Provided data is invalid"); + expectedPortalRestResponse.setStatus(PortalRestStatusEnum.ERROR); + Mockito.when(searchService.getWidgetData(resourceType)).thenReturn(null); + PortalRestResponse acutualPoratlRestResponse = dashboardSearchResultController + .getWidgetData(mockedRequest, resourceType); + assertEquals(acutualPoratlRestResponse, expectedPortalRestResponse); + } + + @Test public void saveWidgetDataBulkIfCatrgoryNullTest() { PortalRestResponse<String> ecpectedPortalRestResponse = new PortalRestResponse<String>(); ecpectedPortalRestResponse.setMessage("ERROR"); @@ -152,6 +164,82 @@ public class DashboardSearchResultControllerTest { } @Test + public void saveWidgetDataBulkXSSTest() { + PortalRestResponse<String> ecpectedPortalRestResponse = new PortalRestResponse<>(); + ecpectedPortalRestResponse.setMessage("ERROR"); + ecpectedPortalRestResponse.setResponse("Category is not valid"); + ecpectedPortalRestResponse.setStatus(PortalRestStatusEnum.ERROR); + + CommonWidgetMeta commonWidgetMeta = new CommonWidgetMeta(); + commonWidgetMeta.setCategory("test"); + + List<CommonWidget> commonWidgetList = new ArrayList<>(); + CommonWidget commonWidget = new CommonWidget(); + commonWidget.setId((long) 1); + commonWidget.setCategory("test"); + commonWidget.setHref("\"<IMG SRC=\\\"jav\\tascript:alert('XSS');\\\">\""); + commonWidget.setTitle("test_title"); + commonWidget.setContent("test_content"); + commonWidget.setEventDate(null); + commonWidget.setSortOrder(1); + + commonWidgetList.add(commonWidget); + + commonWidgetMeta.setItems(commonWidgetList); + + Mockito.when(searchService.saveWidgetDataBulk(commonWidgetMeta)).thenReturn(null); + + PortalRestResponse<String> actualPortalRestResponse = dashboardSearchResultController + .saveWidgetDataBulk(commonWidgetMeta); + assertEquals(ecpectedPortalRestResponse, actualPortalRestResponse); + } + + @Test + public void saveWidgetDataXSSTest() { + PortalRestResponse<String> expectedPortalRestResponse = new PortalRestResponse<>(); + expectedPortalRestResponse.setMessage("ERROR"); + expectedPortalRestResponse.setResponse("Category is not valid"); + expectedPortalRestResponse.setStatus(PortalRestStatusEnum.ERROR); + CommonWidget commonWidget = new CommonWidget(); + commonWidget.setId((long) 1); + commonWidget.setCategory("test"); + commonWidget.setHref("\"<IMG SRC=\"jav\\tascript:alert('XSS');\">\""); + commonWidget.setTitle("test_title"); + commonWidget.setContent("test_content"); + commonWidget.setEventDate(null); + commonWidget.setSortOrder(1); + + Mockito.when(searchService.saveWidgetData(commonWidget)).thenReturn(null); + + PortalRestResponse<String> actualPortalRestResponse = dashboardSearchResultController + .saveWidgetData(commonWidget); + assertEquals(expectedPortalRestResponse, actualPortalRestResponse); + + } + + @Test + public void deleteWidgetDataXSSTest() { + PortalRestResponse<String> expectedPortalRestResponse = new PortalRestResponse<>(); + expectedPortalRestResponse.setMessage("ERROR"); + expectedPortalRestResponse.setResponse("Data is not valid"); + expectedPortalRestResponse.setStatus(PortalRestStatusEnum.ERROR); + CommonWidget commonWidget = new CommonWidget(); + commonWidget.setId((long) 1); + commonWidget.setCategory("test"); + commonWidget.setHref("test_href"); + commonWidget.setTitle("\"<IMG SRC=\"jav\\tascript:alert('XSS');\">\""); + commonWidget.setContent("test_content"); + commonWidget.setEventDate(null); + commonWidget.setSortOrder(1); + Mockito.when(searchService.deleteWidgetData(commonWidget)).thenReturn(null); + + PortalRestResponse<String> actualPortalRestResponse = dashboardSearchResultController + .deleteWidgetData(commonWidget); + + assertEquals(expectedPortalRestResponse, actualPortalRestResponse); + } + + @Test public void saveWidgetDataIfCatagoryNullTest() { PortalRestResponse<String> ecpectedPortalRestResponse = new PortalRestResponse<String>(); ecpectedPortalRestResponse.setMessage("ERROR"); @@ -340,6 +428,22 @@ public class DashboardSearchResultControllerTest { } @Test + public void searchPortalXSS() { + EPUser user = mockUser.mockEPUser(); + Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user); + String searchString = "<script>alert(“XSS”)</script> "; + + PortalRestResponse<Map<String, List<SearchResultItem>>> expectedResult = new PortalRestResponse<Map<String, List<SearchResultItem>>>(); + expectedResult.setMessage("searchPortal: User object is invalid"); + expectedResult.setStatus(PortalRestStatusEnum.ERROR); + + PortalRestResponse<Map<String, List<SearchResultItem>>> actualResult = dashboardSearchResultController + .searchPortal(mockedRequest, searchString); + assertEquals(actualResult, expectedResult); + + } + + @Test public void searchPortalIfSearchExcptionTest() { EPUser user = mockUser.mockEPUser(); ; diff --git a/ecomp-portal-DB-common/PortalDDLMySql_2_1_Common.sql b/ecomp-portal-DB-common/PortalDDLMySql_2_1_Common.sql index 2cf5b75c..024f067e 100644 --- a/ecomp-portal-DB-common/PortalDDLMySql_2_1_Common.sql +++ b/ecomp-portal-DB-common/PortalDDLMySql_2_1_Common.sql @@ -11,6 +11,12 @@ -- ----------------------------------------------------------------------------------------------------------------- set foreign_key_checks=1; +SET GLOBAL character_set_client = utf8; +SET GLOBAL character_set_connection = utf8; +SET GLOBAL character_set_database = utf8; +SET GLOBAL character_set_results = utf8; +SET GLOBAL character_set_server = utf8; + create database portal; use portal; diff --git a/ecomp-portal-FE-common/client/app/services/applications/applications.service.js b/ecomp-portal-FE-common/client/app/services/applications/applications.service.js index c595c71a..e2e7c5fe 100644 --- a/ecomp-portal-FE-common/client/app/services/applications/applications.service.js +++ b/ecomp-portal-FE-common/client/app/services/applications/applications.service.js @@ -154,7 +154,31 @@ return deferred.promise; } - + checkIfUserIsSuperAdmin() { + let deferred = this.$q.defer(); + var _this0 = this; + // this.$log.info('ApplicationsService::getPersUserApps'); + this.$http.get(this.conf.api.checkIfUserIsSuperAdmin, + { + cache: false, + headers: { + 'X-ECOMP-RequestID':this.uuid.generate() + } + }) + .then( res => { + // If response comes back as a redirected HTML page which IS NOT a success + // But don't declare an empty list to be an error. + if (res == null || res.data == null) { + deferred.reject("ApplicationsService::checkIfUserIsSuperAdmin Failed"); + } else { + deferred.resolve(res.data); + } + }) + .catch( status => { + deferred.reject(status); + }); + return deferred.promise; + } saveAppsSortTypeManual(appsSortManual){ let deferred = this.$q.defer(); if (appsSortManual== undefined diff --git a/ecomp-portal-FE-common/client/app/services/users/users.service.js b/ecomp-portal-FE-common/client/app/services/users/users.service.js index 9e062713..045c674b 100644 --- a/ecomp-portal-FE-common/client/app/services/users/users.service.js +++ b/ecomp-portal-FE-common/client/app/services/users/users.service.js @@ -131,7 +131,7 @@ return deferred.promise; } - getUserAppRoles(appid, orgUserId, extRequestValue){ + getUserAppRoles(appid, orgUserId, extRequestValue,isSystemUser){ let canceller = this.$q.defer(); let isActive = false; @@ -148,7 +148,7 @@ this.$http({ method: 'GET', url: this.conf.api.userAppRoles, - params: {user: orgUserId, app: appid, externalRequest: extRequestValue}, + params: {user: orgUserId, app: appid, externalRequest: extRequestValue,isSystemUser: isSystemUser}, cache: false, headers: { 'X-ECOMP-RequestID':this.uuid.generate() diff --git a/ecomp-portal-FE-common/client/app/views/role/role-controller.js b/ecomp-portal-FE-common/client/app/views/role/role-controller.js index f55d1e0e..7be5118a 100644 --- a/ecomp-portal-FE-common/client/app/views/role/role-controller.js +++ b/ecomp-portal-FE-common/client/app/views/role/role-controller.js @@ -114,6 +114,8 @@ app.controller('roleController', function ($scope, $http, confirmBoxService, ngD } if (exists) { confirmBoxService.showInformation( "Role already exists."); + } else if($scope.role.name.toLowerCase() == "admin"){ + confirmBoxService.showInformation( "Role '"+$scope.role.name+"' is not acceptable."); } else { var uuu = conf.api.saveRole + "?role_id="+$stateParams.roleId; diff --git a/ecomp-portal-FE-common/client/app/views/role/role-list-controller.js b/ecomp-portal-FE-common/client/app/views/role/role-list-controller.js index 6f280313..b4813114 100644 --- a/ecomp-portal-FE-common/client/app/views/role/role-list-controller.js +++ b/ecomp-portal-FE-common/client/app/views/role/role-list-controller.js @@ -219,11 +219,13 @@ app.controller('roleListController', function ($scope,RoleService, applicationsS // edit Role $scope.editRoleModalPopup = function(appId, availableRole) { + $scope.showSpinner = true; if(!availableRole.active) return confirmBoxService.showInformation('Edit is diabled! Please toggle the role to activate it.').then(isConfirmed => {}); $scope.editRole = availableRole; if(appId != undefined && availableRole.id != undefined){ - RoleService.getRole(appId, availableRole.id).then(function(data){ + RoleService.getRole(appId, availableRole.id).then(function(data){ + $scope.showSpinner = false; var response = JSON.parse(data.data); var role = JSON.parse(response.role); var availableRoles = JSON.parse(response.availableRoles); @@ -253,6 +255,7 @@ app.controller('roleListController', function ($scope,RoleService, applicationsS }); },function(error){ $log.debug('Failed to editRole'); + $scope.showSpinner = false; }); } @@ -260,9 +263,11 @@ app.controller('roleListController', function ($scope,RoleService, applicationsS // add Role $scope.addRoleModalPopup = function(appId) { + $scope.showSpinner = true; if(appId){ var roleId = -1; RoleService.getRole(appId, roleId).then(function(data){ + $scope.showSpinner = false; var response = JSON.parse(data.data); var role = JSON.parse(response.role); var availableRoles = JSON.parse(response.availableRoles); diff --git a/ecomp-portal-FE-common/client/app/views/role/rolefunctionpopupController.js b/ecomp-portal-FE-common/client/app/views/role/rolefunctionpopupController.js index bda90af9..5cfb6c5a 100644 --- a/ecomp-portal-FE-common/client/app/views/role/rolefunctionpopupController.js +++ b/ecomp-portal-FE-common/client/app/views/role/rolefunctionpopupController.js @@ -98,10 +98,10 @@ app.controller('rolefunctionpopupController',function($scope, confirmBoxService, confirmBoxService.showInformation('Instance can only contain alphanumeric characters, hyphens(-), dots(.), colons(:), forwardSlash(/) , asterisk(*) and underscores(_)').then(isConfirmed => {}); return; } - if(/[^a-zA-Z0-9\-\_ \.]/.test(availableRoleFunction.name)){ +/* if(/[^a-zA-Z0-9\-\_ \.]/.test(availableRoleFunction.name)){ confirmBoxService.showInformation('Name can only contain alphanumeric characters, spaces, hyphens(-), dots(.) and underscores(_)').then(isConfirmed => {}); return; - } + }*/ confirmBoxService.confirm( "You are about to Create the role function "+ availableRoleFunction.name+ ". Do you want to continue?") .then(function(confirmed) { diff --git a/ecomp-portal-FE-common/client/app/views/users/new-user-dialogs/bulk-user.controller.js b/ecomp-portal-FE-common/client/app/views/users/new-user-dialogs/bulk-user.controller.js index 718879a0..ae3907b2 100644 --- a/ecomp-portal-FE-common/client/app/views/users/new-user-dialogs/bulk-user.controller.js +++ b/ecomp-portal-FE-common/client/app/views/users/new-user-dialogs/bulk-user.controller.js @@ -377,7 +377,7 @@ if (prevRow == null || prevRow.orgUserId.toLowerCase() !== uploadRow.orgUserId.toLowerCase()) { if (debug) $log.debug('BulkUserModalCtrl::buildAppRoleChecks: create request for orgUserId ' + uploadRow.orgUserId); - let appPromise = usersService.getUserAppRoles(appId, uploadRow.orgUserId,true).promise().then( (userAppRolesResult) => { + let appPromise = usersService.getUserAppRoles(appId, uploadRow.orgUserId,true, false).promise().then( (userAppRolesResult) => { // Reply for unknown user has all defined roles with isApplied=false on each. if (typeof userAppRolesResult[0] !== "undefined") { if (debug) diff --git a/ecomp-portal-FE-common/client/app/views/users/new-user-dialogs/new-user.controller.js b/ecomp-portal-FE-common/client/app/views/users/new-user-dialogs/new-user.controller.js index 512c3a0c..3df58daa 100644 --- a/ecomp-portal-FE-common/client/app/views/users/new-user-dialogs/new-user.controller.js +++ b/ecomp-portal-FE-common/client/app/views/users/new-user-dialogs/new-user.controller.js @@ -43,6 +43,18 @@ class NewUserModalCtrl { constructor($scope, $log, usersService, applicationsService, confirmBoxService, items) { var extRequestValue = false; + var isSystemUser = false; + + $scope.ngRepeatDemo = [ + {id: 'userButton', value: 'true', labelvalue: 'user'}, + {id: 'systemUserButton', value: 'false', labelvalue: 'system'} + ] + + $scope.selectedvalueradioButtonGroup = { + type: 'true' + } + + let init = () => { //$log.info('NewUserModalCtrl::init'); this.isSaving = false; @@ -94,7 +106,7 @@ this.dialogState = 1; return; } - //$log.debug('NewUserModalCtrl::getUserAppsRoles: about to call getAdminAppsSimpler'); + $log.debug('NewUserModalCtrl::getUserAppsRoles: about to call getAdminAppsSimpler'); this.isGettingAdminApps = true; applicationsService.getAdminAppsSimpler().then((apps) => { //$log.debug('NewUserModalCtrl::getUserAppsRoles: beginning of then for getAdminAppsSimpler'); @@ -123,7 +135,11 @@ app.isErrorUpdating = false; app.isDoneUpdating = false; app.errorMessage = ""; - usersService.getUserAppRoles(app.id, this.selectedUser.orgUserId, extRequestValue).promise().then((userAppRolesResult) => { + if($scope.selectedvalueradioButtonGroup.type == 'false') + { + isSystemUser = true; + } + usersService.getUserAppRoles(app.id, this.selectedUser.orgUserId, extRequestValue,isSystemUser).promise().then((userAppRolesResult) => { //$log.debug('NewUserModalCtrl::getUserAppsRoles: got a result for app: ',app.id,': ',app.name,': ',userAppRolesResult); app.appRoles = userAppRolesResult; app.isLoading = false; @@ -179,11 +195,18 @@ } } + if($scope.selectedvalueradioButtonGroup.type == 'false') + { + isSystemUser = true; + }else{ + isSystemUser = false; + } var newUserAppRoles = { orgUserId: this.selectedUser.orgUserId, appId: app.id, appRoles: app.appRoles, - appName: app.name + appName: app.name, + isSystemUser : isSystemUser }; usersService.updateUserAppRoles(newUserAppRoles).promise() .then(res => { diff --git a/ecomp-portal-FE-common/client/app/views/users/new-user-dialogs/new-user.modal.html b/ecomp-portal-FE-common/client/app/views/users/new-user-dialogs/new-user.modal.html index a68cd55c..dc93006e 100644 --- a/ecomp-portal-FE-common/client/app/views/users/new-user-dialogs/new-user.modal.html +++ b/ecomp-portal-FE-common/client/app/views/users/new-user-dialogs/new-user.modal.html @@ -55,22 +55,44 @@ <div class="b2b-modal-header"> <h2 class="heading-medium" id="newAdmin">New User</h2> - + <div class="corner-button in"> <button type="button" class="close" aria-label="Close" id="user-button-close" ng-click="$dismiss('cancel')"></button> </div> </div> - - <div class="b2b-modal-body" tabindex="0" + + <fieldset style="height: 75px;" role="radiogroup" + b2b-radio-group-accessibility aria-labelledby="radiolabel2"> + <div class="form-row" role="radio" + ng-repeat="radioObj in ngRepeatDemo"> + <label style="margin-top: 10px;" for="{{radioObj.id}}" + class="radio"> <input type="radio" + ng-model="selectedvalueradioButtonGroup.type" + id="{{radioObj.id}}" + name="nameradioButton" value="{{radioObj.value}}"> <i + style= "margin-top: 10px; margin-left: 38px;" class="skin"></i> <span + style="margin-top: 10px; margin-left: 70px;">{{radioObj.labelvalue}}</span> + </label> + </div> + </fieldset> + <div class="systemUser" ng-show="selectedvalueradioButtonGroup.type =='false'" style="color: #5a5a5a; + font-family: Omnes-ECOMP-W02, Arial;font-size: 14px;margin-bottom: 8px; padding-left: 30px;">Enter system UserId</div> + <div ng-show="selectedvalueradioButtonGroup.type =='false'"> + <input id="action-property-input" + class="adminForm-name-property-input" placeholder="xxxxxx@org.com" + ng-model="newUser.selectedUser.orgUserId" + type="text" maxlength="60" style="padding: 20px; + margin-left: 30px; width: 60%;"/> + </div> + <div class="b2b-modal-body" tabindex="0" ng-show="selectedvalueradioButtonGroup.type =='true'" aria-label="Modal header text content" role="region"> <search-users search-title="" selected-user="newUser.selectedUser"></search-users> - </div> - + </div> <div class="b2b-modal-footer"> <div class="cta-button-group in"> <button class="btn btn-alt btn-small" id="next-button" ng-click="newUser.selectedUser && newUser.getUserAppsRoles()" - ng-class="{disabled: !newUser.selectedUser}">Next + ng-disabled = "(!newUser.selectedUser && selectedvalueradioButtonGroup.type =='true' ) || (selectedvalueradioButtonGroup.type =='false' && !newUser.selectedUser) ||(newUser.selectedUser && newUser.selectedUser.orgUserId.length <1)">Next </button> <button id="search-users-button-cancel" class="btn btn-alt btn-small" ng-click="$dismiss('cancel')">Cancel</button> @@ -78,7 +100,7 @@ </div> </div> - <div ng-if="newUser.dialogState===3"> + <div ng-if="newUser.dialogState===3" > <div class="b2b-modal-header"> <div class="title" diff --git a/ecomp-portal-FE-common/client/bower_components_external/utils/purify.js b/ecomp-portal-FE-common/client/bower_components_external/utils/purify.js new file mode 100644 index 00000000..8627b977 --- /dev/null +++ b/ecomp-portal-FE-common/client/bower_components_external/utils/purify.js @@ -0,0 +1,1131 @@ +(function (global, factory) { + typeof exports === 'object' && typeof module !== 'undefined' ? module.exports = factory() : + typeof define === 'function' && define.amd ? define(factory) : + (global.DOMPurify = factory()); +}(this, (function () { 'use strict'; + +var freeze$1 = Object.freeze || function (x) { + return x; +}; + +var html = freeze$1(['a', 'abbr', 'acronym', 'address', 'area', 'article', 'aside', 'audio', 'b', 'bdi', 'bdo', 'big', 'blink', 'blockquote', 'body', 'br', 'button', 'canvas', 'caption', 'center', 'cite', 'code', 'col', 'colgroup', 'content', 'data', 'datalist', 'dd', 'decorator', 'del', 'details', 'dfn', 'dir', 'div', 'dl', 'dt', 'element', 'em', 'fieldset', 'figcaption', 'figure', 'font', 'footer', 'form', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'head', 'header', 'hgroup', 'hr', 'html', 'i', 'img', 'input', 'ins', 'kbd', 'label', 'legend', 'li', 'main', 'map', 'mark', 'marquee', 'menu', 'menuitem', 'meter', 'nav', 'nobr', 'ol', 'optgroup', 'option', 'output', 'p', 'pre', 'progress', 'q', 'rp', 'rt', 'ruby', 's', 'samp', 'section', 'select', 'shadow', 'small', 'source', 'spacer', 'span', 'strike', 'strong', 'style', 'sub', 'summary', 'sup', 'table', 'tbody', 'td', 'template', 'textarea', 'tfoot', 'th', 'thead', 'time', 'tr', 'track', 'tt', 'u', 'ul', 'var', 'video', 'wbr']); + +// SVG +var svg = freeze$1(['svg', 'a', 'altglyph', 'altglyphdef', 'altglyphitem', 'animatecolor', 'animatemotion', 'animatetransform', 'audio', 'canvas', 'circle', 'clippath', 'defs', 'desc', 'ellipse', 'filter', 'font', 'g', 'glyph', 'glyphref', 'hkern', 'image', 'line', 'lineargradient', 'marker', 'mask', 'metadata', 'mpath', 'path', 'pattern', 'polygon', 'polyline', 'radialgradient', 'rect', 'stop', 'style', 'switch', 'symbol', 'text', 'textpath', 'title', 'tref', 'tspan', 'video', 'view', 'vkern']); + +var svgFilters = freeze$1(['feBlend', 'feColorMatrix', 'feComponentTransfer', 'feComposite', 'feConvolveMatrix', 'feDiffuseLighting', 'feDisplacementMap', 'feDistantLight', 'feFlood', 'feFuncA', 'feFuncB', 'feFuncG', 'feFuncR', 'feGaussianBlur', 'feMerge', 'feMergeNode', 'feMorphology', 'feOffset', 'fePointLight', 'feSpecularLighting', 'feSpotLight', 'feTile', 'feTurbulence']); + +var mathMl = freeze$1(['math', 'menclose', 'merror', 'mfenced', 'mfrac', 'mglyph', 'mi', 'mlabeledtr', 'mmultiscripts', 'mn', 'mo', 'mover', 'mpadded', 'mphantom', 'mroot', 'mrow', 'ms', 'mspace', 'msqrt', 'mstyle', 'msub', 'msup', 'msubsup', 'mtable', 'mtd', 'mtext', 'mtr', 'munder', 'munderover']); + +var text = freeze$1(['#text']); + +var freeze$2 = Object.freeze || function (x) { + return x; +}; + +var html$1 = freeze$2(['accept', 'action', 'align', 'alt', 'autocomplete', 'background', 'bgcolor', 'border', 'cellpadding', 'cellspacing', 'checked', 'cite', 'class', 'clear', 'color', 'cols', 'colspan', 'coords', 'crossorigin', 'datetime', 'default', 'dir', 'disabled', 'download', 'enctype', 'face', 'for', 'headers', 'height', 'hidden', 'high', 'href', 'hreflang', 'id', 'integrity', 'ismap', 'label', 'lang', 'list', 'loop', 'low', 'max', 'maxlength', 'media', 'method', 'min', 'multiple', 'name', 'noshade', 'novalidate', 'nowrap', 'open', 'optimum', 'pattern', 'placeholder', 'poster', 'preload', 'pubdate', 'radiogroup', 'readonly', 'rel', 'required', 'rev', 'reversed', 'role', 'rows', 'rowspan', 'spellcheck', 'scope', 'selected', 'shape', 'size', 'sizes', 'span', 'srclang', 'start', 'src', 'srcset', 'step', 'style', 'summary', 'tabindex', 'title', 'type', 'usemap', 'valign', 'value', 'width', 'xmlns']); + +var svg$1 = freeze$2(['accent-height', 'accumulate', 'additive', 'alignment-baseline', 'ascent', 'attributename', 'attributetype', 'azimuth', 'basefrequency', 'baseline-shift', 'begin', 'bias', 'by', 'class', 'clip', 'clip-path', 'clip-rule', 'color', 'color-interpolation', 'color-interpolation-filters', 'color-profile', 'color-rendering', 'cx', 'cy', 'd', 'dx', 'dy', 'diffuseconstant', 'direction', 'display', 'divisor', 'dur', 'edgemode', 'elevation', 'end', 'fill', 'fill-opacity', 'fill-rule', 'filter', 'flood-color', 'flood-opacity', 'font-family', 'font-size', 'font-size-adjust', 'font-stretch', 'font-style', 'font-variant', 'font-weight', 'fx', 'fy', 'g1', 'g2', 'glyph-name', 'glyphref', 'gradientunits', 'gradienttransform', 'height', 'href', 'id', 'image-rendering', 'in', 'in2', 'k', 'k1', 'k2', 'k3', 'k4', 'kerning', 'keypoints', 'keysplines', 'keytimes', 'lang', 'lengthadjust', 'letter-spacing', 'kernelmatrix', 'kernelunitlength', 'lighting-color', 'local', 'marker-end', 'marker-mid', 'marker-start', 'markerheight', 'markerunits', 'markerwidth', 'maskcontentunits', 'maskunits', 'max', 'mask', 'media', 'method', 'mode', 'min', 'name', 'numoctaves', 'offset', 'operator', 'opacity', 'order', 'orient', 'orientation', 'origin', 'overflow', 'paint-order', 'path', 'pathlength', 'patterncontentunits', 'patterntransform', 'patternunits', 'points', 'preservealpha', 'preserveaspectratio', 'r', 'rx', 'ry', 'radius', 'refx', 'refy', 'repeatcount', 'repeatdur', 'restart', 'result', 'rotate', 'scale', 'seed', 'shape-rendering', 'specularconstant', 'specularexponent', 'spreadmethod', 'stddeviation', 'stitchtiles', 'stop-color', 'stop-opacity', 'stroke-dasharray', 'stroke-dashoffset', 'stroke-linecap', 'stroke-linejoin', 'stroke-miterlimit', 'stroke-opacity', 'stroke', 'stroke-width', 'style', 'surfacescale', 'tabindex', 'targetx', 'targety', 'transform', 'text-anchor', 'text-decoration', 'text-rendering', 'textlength', 'type', 'u1', 'u2', 'unicode', 'values', 'viewbox', 'visibility', 'vert-adv-y', 'vert-origin-x', 'vert-origin-y', 'width', 'word-spacing', 'wrap', 'writing-mode', 'xchannelselector', 'ychannelselector', 'x', 'x1', 'x2', 'xmlns', 'y', 'y1', 'y2', 'z', 'zoomandpan']); + +var mathMl$1 = freeze$2(['accent', 'accentunder', 'align', 'bevelled', 'close', 'columnsalign', 'columnlines', 'columnspan', 'denomalign', 'depth', 'dir', 'display', 'displaystyle', 'fence', 'frame', 'height', 'href', 'id', 'largeop', 'length', 'linethickness', 'lspace', 'lquote', 'mathbackground', 'mathcolor', 'mathsize', 'mathvariant', 'maxsize', 'minsize', 'movablelimits', 'notation', 'numalign', 'open', 'rowalign', 'rowlines', 'rowspacing', 'rowspan', 'rspace', 'rquote', 'scriptlevel', 'scriptminsize', 'scriptsizemultiplier', 'selection', 'separator', 'separators', 'stretchy', 'subscriptshift', 'supscriptshift', 'symmetric', 'voffset', 'width', 'xmlns']); + +var xml = freeze$2(['xlink:href', 'xml:id', 'xlink:title', 'xml:space', 'xmlns:xlink']); + +var hasOwnProperty = Object.hasOwnProperty; +var setPrototypeOf = Object.setPrototypeOf; + +var _ref$1 = typeof Reflect !== 'undefined' && Reflect; +var apply$1 = _ref$1.apply; + +if (!apply$1) { + apply$1 = function apply(fun, thisValue, args) { + return fun.apply(thisValue, args); + }; +} + +/* Add properties to a lookup table */ +function addToSet(set, array) { + if (setPrototypeOf) { + // Make 'in' and truthy checks like Boolean(set.constructor) + // independent of any properties defined on Object.prototype. + // Prevent prototype setters from intercepting set as a this value. + setPrototypeOf(set, null); + } + var l = array.length; + while (l--) { + var element = array[l]; + if (typeof element === 'string') { + var lcElement = element.toLowerCase(); + if (lcElement !== element) { + array[l] = lcElement; + element = lcElement; + } + } + set[element] = true; + } + return set; +} + +/* Shallow clone an object */ +function clone(object) { + var newObject = {}; + var property = void 0; + for (property in object) { + if (apply$1(hasOwnProperty, object, [property])) { + newObject[property] = object[property]; + } + } + return newObject; +} + +var seal = Object.seal || function (x) { + return x; +}; + +var MUSTACHE_EXPR = seal(/\{\{[\s\S]*|[\s\S]*\}\}/gm); // Specify template detection regex for SAFE_FOR_TEMPLATES mode +var ERB_EXPR = seal(/<%[\s\S]*|[\s\S]*%>/gm); +var DATA_ATTR = seal(/^data-[\-\w.\u00B7-\uFFFF]/); // eslint-disable-line no-useless-escape +var ARIA_ATTR = seal(/^aria-[\-\w]+$/); // eslint-disable-line no-useless-escape +var IS_ALLOWED_URI = seal(/^(?:(?:(?:f|ht)tps?|mailto|tel|callto|cid|xmpp):|[^a-z]|[a-z+.\-]+(?:[^a-z+.\-:]|$))/i // eslint-disable-line no-useless-escape +); +var IS_SCRIPT_OR_DATA = seal(/^(?:\w+script|data):/i); +var ATTR_WHITESPACE = seal(/[\u0000-\u0020\u00A0\u1680\u180E\u2000-\u2029\u205f\u3000]/g // eslint-disable-line no-control-regex +); + +var _typeof = typeof Symbol === "function" && typeof Symbol.iterator === "symbol" ? function (obj) { return typeof obj; } : function (obj) { return obj && typeof Symbol === "function" && obj.constructor === Symbol && obj !== Symbol.prototype ? "symbol" : typeof obj; }; + +function _toConsumableArray(arr) { if (Array.isArray(arr)) { for (var i = 0, arr2 = Array(arr.length); i < arr.length; i++) { arr2[i] = arr[i]; } return arr2; } else { return Array.from(arr); } } + +var _ref = typeof Reflect !== 'undefined' && Reflect; +var apply = _ref.apply; + +var arraySlice = Array.prototype.slice; +var freeze = Object.freeze; + +var getGlobal = function getGlobal() { + return typeof window === 'undefined' ? null : window; +}; + +if (!apply) { + apply = function apply(fun, thisValue, args) { + return fun.apply(thisValue, args); + }; +} + +/** + * Creates a no-op policy for internal use only. + * Don't export this function outside this module! + * @param {?TrustedTypePolicyFactory} trustedTypes The policy factory. + * @param {Document} document The document object (to determine policy name suffix) + * @return {?TrustedTypePolicy} The policy created (or null, if Trusted Types + * are not supported). + */ +var _createTrustedTypesPolicy = function _createTrustedTypesPolicy(trustedTypes, document) { + if ((typeof trustedTypes === 'undefined' ? 'undefined' : _typeof(trustedTypes)) !== 'object' || typeof trustedTypes.createPolicy !== 'function') { + return null; + } + + // Allow the callers to control the unique policy name + // by adding a data-tt-policy-suffix to the script element with the DOMPurify. + // Policy creation with duplicate names throws in Trusted Types. + var suffix = null; + var ATTR_NAME = 'data-tt-policy-suffix'; + if (document.currentScript && document.currentScript.hasAttribute(ATTR_NAME)) { + suffix = document.currentScript.getAttribute(ATTR_NAME); + } + + var policyName = 'dompurify' + (suffix ? '#' + suffix : ''); + + try { + return trustedTypes.createPolicy(policyName, { + createHTML: function createHTML(html$$1) { + return html$$1; + } + }); + } catch (e) { + // Policy creation failed (most likely another DOMPurify script has + // already run). Skip creating the policy, as this will only cause errors + // if TT are enforced. + console.warn('TrustedTypes policy ' + policyName + ' could not be created.'); + return null; + } +}; + +function createDOMPurify() { + var window = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : getGlobal(); + + var DOMPurify = function DOMPurify(root) { + return createDOMPurify(root); + }; + + /** + * Version label, exposed for easier checks + * if DOMPurify is up to date or not + */ + DOMPurify.version = '1.0.8'; + + /** + * Array of elements that DOMPurify removed during sanitation. + * Empty if nothing was removed. + */ + DOMPurify.removed = []; + + if (!window || !window.document || window.document.nodeType !== 9) { + // Not running in a browser, provide a factory function + // so that you can pass your own Window + DOMPurify.isSupported = false; + + return DOMPurify; + } + + var originalDocument = window.document; + var useDOMParser = false; + var removeTitle = false; + + var document = window.document; + var DocumentFragment = window.DocumentFragment, + HTMLTemplateElement = window.HTMLTemplateElement, + Node = window.Node, + NodeFilter = window.NodeFilter, + _window$NamedNodeMap = window.NamedNodeMap, + NamedNodeMap = _window$NamedNodeMap === undefined ? window.NamedNodeMap || window.MozNamedAttrMap : _window$NamedNodeMap, + Text = window.Text, + Comment = window.Comment, + DOMParser = window.DOMParser, + TrustedTypes = window.TrustedTypes; + + // As per issue #47, the web-components registry is inherited by a + // new document created via createHTMLDocument. As per the spec + // (http://w3c.github.io/webcomponents/spec/custom/#creating-and-passing-registries) + // a new empty registry is used when creating a template contents owner + // document, so we use that as our parent document to ensure nothing + // is inherited. + + if (typeof HTMLTemplateElement === 'function') { + var template = document.createElement('template'); + if (template.content && template.content.ownerDocument) { + document = template.content.ownerDocument; + } + } + + var trustedTypesPolicy = _createTrustedTypesPolicy(TrustedTypes, originalDocument); + var emptyHTML = trustedTypesPolicy ? trustedTypesPolicy.createHTML('') : ''; + + var _document = document, + implementation = _document.implementation, + createNodeIterator = _document.createNodeIterator, + getElementsByTagName = _document.getElementsByTagName, + createDocumentFragment = _document.createDocumentFragment; + var importNode = originalDocument.importNode; + + + var hooks = {}; + + /** + * Expose whether this browser supports running the full DOMPurify. + */ + DOMPurify.isSupported = implementation && typeof implementation.createHTMLDocument !== 'undefined' && document.documentMode !== 9; + + var MUSTACHE_EXPR$$1 = MUSTACHE_EXPR, + ERB_EXPR$$1 = ERB_EXPR, + DATA_ATTR$$1 = DATA_ATTR, + ARIA_ATTR$$1 = ARIA_ATTR, + IS_SCRIPT_OR_DATA$$1 = IS_SCRIPT_OR_DATA, + ATTR_WHITESPACE$$1 = ATTR_WHITESPACE; + var IS_ALLOWED_URI$$1 = IS_ALLOWED_URI; + /** + * We consider the elements and attributes below to be safe. Ideally + * don't add any new ones but feel free to remove unwanted ones. + */ + + /* allowed element names */ + + var ALLOWED_TAGS = null; + var DEFAULT_ALLOWED_TAGS = addToSet({}, [].concat(_toConsumableArray(html), _toConsumableArray(svg), _toConsumableArray(svgFilters), _toConsumableArray(mathMl), _toConsumableArray(text))); + + /* Allowed attribute names */ + var ALLOWED_ATTR = null; + var DEFAULT_ALLOWED_ATTR = addToSet({}, [].concat(_toConsumableArray(html$1), _toConsumableArray(svg$1), _toConsumableArray(mathMl$1), _toConsumableArray(xml))); + + /* Explicitly forbidden tags (overrides ALLOWED_TAGS/ADD_TAGS) */ + var FORBID_TAGS = null; + + /* Explicitly forbidden attributes (overrides ALLOWED_ATTR/ADD_ATTR) */ + var FORBID_ATTR = null; + + /* Decide if ARIA attributes are okay */ + var ALLOW_ARIA_ATTR = true; + + /* Decide if custom data attributes are okay */ + var ALLOW_DATA_ATTR = true; + + /* Decide if unknown protocols are okay */ + var ALLOW_UNKNOWN_PROTOCOLS = false; + + /* Output should be safe for jQuery's $() factory? */ + var SAFE_FOR_JQUERY = false; + + /* Output should be safe for common template engines. + * This means, DOMPurify removes data attributes, mustaches and ERB + */ + var SAFE_FOR_TEMPLATES = false; + + /* Decide if document with <html>... should be returned */ + var WHOLE_DOCUMENT = false; + + /* Track whether config is already set on this instance of DOMPurify. */ + var SET_CONFIG = false; + + /* Decide if all elements (e.g. style, script) must be children of + * document.body. By default, browsers might move them to document.head */ + var FORCE_BODY = false; + + /* Decide if a DOM `HTMLBodyElement` should be returned, instead of a html + * string (or a TrustedHTML object if Trusted Types are supported). + * If `WHOLE_DOCUMENT` is enabled a `HTMLHtmlElement` will be returned instead + */ + var RETURN_DOM = false; + + /* Decide if a DOM `DocumentFragment` should be returned, instead of a html + * string (or a TrustedHTML object if Trusted Types are supported) */ + var RETURN_DOM_FRAGMENT = false; + + /* If `RETURN_DOM` or `RETURN_DOM_FRAGMENT` is enabled, decide if the returned DOM + * `Node` is imported into the current `Document`. If this flag is not enabled the + * `Node` will belong (its ownerDocument) to a fresh `HTMLDocument`, created by + * DOMPurify. */ + var RETURN_DOM_IMPORT = false; + + /* Output should be free from DOM clobbering attacks? */ + var SANITIZE_DOM = true; + + /* Keep element content when removing element? */ + var KEEP_CONTENT = true; + + /* If a `Node` is passed to sanitize(), then performs sanitization in-place instead + * of importing it into a new Document and returning a sanitized copy */ + var IN_PLACE = false; + + /* Allow usage of profiles like html, svg and mathMl */ + var USE_PROFILES = {}; + + /* Tags to ignore content of when KEEP_CONTENT is true */ + var FORBID_CONTENTS = addToSet({}, ['audio', 'head', 'math', 'script', 'style', 'template', 'svg', 'video']); + + /* Tags that are safe for data: URIs */ + var DATA_URI_TAGS = addToSet({}, ['audio', 'video', 'img', 'source', 'image']); + + /* Attributes safe for values like "javascript:" */ + var URI_SAFE_ATTRIBUTES = addToSet({}, ['alt', 'class', 'for', 'id', 'label', 'name', 'pattern', 'placeholder', 'summary', 'title', 'value', 'style', 'xmlns']); + + /* Keep a reference to config to pass to hooks */ + var CONFIG = null; + + /* Ideally, do not touch anything below this line */ + /* ______________________________________________ */ + + var formElement = document.createElement('form'); + + /** + * _parseConfig + * + * @param {Object} cfg optional config literal + */ + // eslint-disable-next-line complexity + var _parseConfig = function _parseConfig(cfg) { + if (CONFIG && CONFIG === cfg) { + return; + } + + /* Shield configuration object from tampering */ + if (!cfg || (typeof cfg === 'undefined' ? 'undefined' : _typeof(cfg)) !== 'object') { + cfg = {}; + } + /* Set configuration parameters */ + ALLOWED_TAGS = 'ALLOWED_TAGS' in cfg ? addToSet({}, cfg.ALLOWED_TAGS) : DEFAULT_ALLOWED_TAGS; + ALLOWED_ATTR = 'ALLOWED_ATTR' in cfg ? addToSet({}, cfg.ALLOWED_ATTR) : DEFAULT_ALLOWED_ATTR; + FORBID_TAGS = 'FORBID_TAGS' in cfg ? addToSet({}, cfg.FORBID_TAGS) : {}; + FORBID_ATTR = 'FORBID_ATTR' in cfg ? addToSet({}, cfg.FORBID_ATTR) : {}; + USE_PROFILES = 'USE_PROFILES' in cfg ? cfg.USE_PROFILES : false; + ALLOW_ARIA_ATTR = cfg.ALLOW_ARIA_ATTR !== false; // Default true + ALLOW_DATA_ATTR = cfg.ALLOW_DATA_ATTR !== false; // Default true + ALLOW_UNKNOWN_PROTOCOLS = cfg.ALLOW_UNKNOWN_PROTOCOLS || false; // Default false + SAFE_FOR_JQUERY = cfg.SAFE_FOR_JQUERY || false; // Default false + SAFE_FOR_TEMPLATES = cfg.SAFE_FOR_TEMPLATES || false; // Default false + WHOLE_DOCUMENT = cfg.WHOLE_DOCUMENT || false; // Default false + RETURN_DOM = cfg.RETURN_DOM || false; // Default false + RETURN_DOM_FRAGMENT = cfg.RETURN_DOM_FRAGMENT || false; // Default false + RETURN_DOM_IMPORT = cfg.RETURN_DOM_IMPORT || false; // Default false + FORCE_BODY = cfg.FORCE_BODY || false; // Default false + SANITIZE_DOM = cfg.SANITIZE_DOM !== false; // Default true + KEEP_CONTENT = cfg.KEEP_CONTENT !== false; // Default true + IN_PLACE = cfg.IN_PLACE || false; // Default false + + IS_ALLOWED_URI$$1 = cfg.ALLOWED_URI_REGEXP || IS_ALLOWED_URI$$1; + + if (SAFE_FOR_TEMPLATES) { + ALLOW_DATA_ATTR = false; + } + + if (RETURN_DOM_FRAGMENT) { + RETURN_DOM = true; + } + + /* Parse profile info */ + if (USE_PROFILES) { + ALLOWED_TAGS = addToSet({}, [].concat(_toConsumableArray(text))); + ALLOWED_ATTR = []; + if (USE_PROFILES.html === true) { + addToSet(ALLOWED_TAGS, html); + addToSet(ALLOWED_ATTR, html$1); + } + if (USE_PROFILES.svg === true) { + addToSet(ALLOWED_TAGS, svg); + addToSet(ALLOWED_ATTR, svg$1); + addToSet(ALLOWED_ATTR, xml); + } + if (USE_PROFILES.svgFilters === true) { + addToSet(ALLOWED_TAGS, svgFilters); + addToSet(ALLOWED_ATTR, svg$1); + addToSet(ALLOWED_ATTR, xml); + } + if (USE_PROFILES.mathMl === true) { + addToSet(ALLOWED_TAGS, mathMl); + addToSet(ALLOWED_ATTR, mathMl$1); + addToSet(ALLOWED_ATTR, xml); + } + } + + /* Merge configuration parameters */ + if (cfg.ADD_TAGS) { + if (ALLOWED_TAGS === DEFAULT_ALLOWED_TAGS) { + ALLOWED_TAGS = clone(ALLOWED_TAGS); + } + addToSet(ALLOWED_TAGS, cfg.ADD_TAGS); + } + if (cfg.ADD_ATTR) { + if (ALLOWED_ATTR === DEFAULT_ALLOWED_ATTR) { + ALLOWED_ATTR = clone(ALLOWED_ATTR); + } + addToSet(ALLOWED_ATTR, cfg.ADD_ATTR); + } + if (cfg.ADD_URI_SAFE_ATTR) { + addToSet(URI_SAFE_ATTRIBUTES, cfg.ADD_URI_SAFE_ATTR); + } + + /* Add #text in case KEEP_CONTENT is set to true */ + if (KEEP_CONTENT) { + ALLOWED_TAGS['#text'] = true; + } + + /* Add html, head and body to ALLOWED_TAGS in case WHOLE_DOCUMENT is true */ + if (WHOLE_DOCUMENT) { + addToSet(ALLOWED_TAGS, ['html', 'head', 'body']); + } + + /* Add tbody to ALLOWED_TAGS in case tables are permitted, see #286 */ + if (ALLOWED_TAGS.table) { + addToSet(ALLOWED_TAGS, ['tbody']); + } + + // Prevent further manipulation of configuration. + // Not available in IE8, Safari 5, etc. + if (freeze) { + freeze(cfg); + } + + CONFIG = cfg; + }; + + /** + * _forceRemove + * + * @param {Node} node a DOM node + */ + var _forceRemove = function _forceRemove(node) { + DOMPurify.removed.push({ element: node }); + try { + node.parentNode.removeChild(node); + } catch (err) { + node.outerHTML = emptyHTML; + } + }; + + /** + * _removeAttribute + * + * @param {String} name an Attribute name + * @param {Node} node a DOM node + */ + var _removeAttribute = function _removeAttribute(name, node) { + try { + DOMPurify.removed.push({ + attribute: node.getAttributeNode(name), + from: node + }); + } catch (err) { + DOMPurify.removed.push({ + attribute: null, + from: node + }); + } + node.removeAttribute(name); + }; + + /** + * _initDocument + * + * @param {String} dirty a string of dirty markup + * @return {Document} a DOM, filled with the dirty markup + */ + var _initDocument = function _initDocument(dirty) { + /* Create a HTML document */ + var doc = void 0; + var leadingWhitespace = void 0; + + if (FORCE_BODY) { + dirty = '<remove></remove>' + dirty; + } else { + /* If FORCE_BODY isn't used, leading whitespace needs to be preserved manually */ + var matches = dirty.match(/^[\s]+/); + leadingWhitespace = matches && matches[0]; + if (leadingWhitespace) { + dirty = dirty.slice(leadingWhitespace.length); + } + } + + /* Use DOMParser to workaround Firefox bug (see comment below) */ + if (useDOMParser) { + try { + doc = new DOMParser().parseFromString(dirty, 'text/html'); + } catch (err) {} + } + + /* Remove title to fix a mXSS bug in older MS Edge */ + if (removeTitle) { + addToSet(FORBID_TAGS, ['title']); + } + + /* Otherwise use createHTMLDocument, because DOMParser is unsafe in + Safari (see comment below) */ + if (!doc || !doc.documentElement) { + doc = implementation.createHTMLDocument(''); + var _doc = doc, + body = _doc.body; + + body.parentNode.removeChild(body.parentNode.firstElementChild); + body.outerHTML = trustedTypesPolicy ? trustedTypesPolicy.createHTML(dirty) : dirty; + } + + if (leadingWhitespace) { + doc.body.insertBefore(document.createTextNode(leadingWhitespace), doc.body.childNodes[0] || null); + } + + /* Work on whole document or just its body */ + return getElementsByTagName.call(doc, WHOLE_DOCUMENT ? 'html' : 'body')[0]; + }; + + // Firefox uses a different parser for innerHTML rather than + // DOMParser (see https://bugzilla.mozilla.org/show_bug.cgi?id=1205631) + // which means that you *must* use DOMParser, otherwise the output may + // not be safe if used in a document.write context later. + // + // So we feature detect the Firefox bug and use the DOMParser if necessary. + // + // MS Edge, in older versions, is affected by an mXSS behavior. The second + // check tests for the behavior and fixes it if necessary. + if (DOMPurify.isSupported) { + (function () { + try { + var doc = _initDocument('<svg><p><style><img src="</style><img src=x onerror=alert(1)//">'); + if (doc.querySelector('svg img')) { + useDOMParser = true; + } + } catch (err) {} + })(); + (function () { + try { + var doc = _initDocument('<x/><title></title><img>'); + if (doc.querySelector('title').innerHTML.match(/<\/title/)) { + removeTitle = true; + } + } catch (err) {} + })(); + } + + /** + * _createIterator + * + * @param {Document} root document/fragment to create iterator for + * @return {Iterator} iterator instance + */ + var _createIterator = function _createIterator(root) { + return createNodeIterator.call(root.ownerDocument || root, root, NodeFilter.SHOW_ELEMENT | NodeFilter.SHOW_COMMENT | NodeFilter.SHOW_TEXT, function () { + return NodeFilter.FILTER_ACCEPT; + }, false); + }; + + /** + * _isClobbered + * + * @param {Node} elm element to check for clobbering attacks + * @return {Boolean} true if clobbered, false if safe + */ + var _isClobbered = function _isClobbered(elm) { + if (elm instanceof Text || elm instanceof Comment) { + return false; + } + if (typeof elm.nodeName !== 'string' || typeof elm.textContent !== 'string' || typeof elm.removeChild !== 'function' || !(elm.attributes instanceof NamedNodeMap) || typeof elm.removeAttribute !== 'function' || typeof elm.setAttribute !== 'function') { + return true; + } + return false; + }; + + /** + * _isNode + * + * @param {Node} obj object to check whether it's a DOM node + * @return {Boolean} true is object is a DOM node + */ + var _isNode = function _isNode(obj) { + return (typeof Node === 'undefined' ? 'undefined' : _typeof(Node)) === 'object' ? obj instanceof Node : obj && (typeof obj === 'undefined' ? 'undefined' : _typeof(obj)) === 'object' && typeof obj.nodeType === 'number' && typeof obj.nodeName === 'string'; + }; + + /** + * _executeHook + * Execute user configurable hooks + * + * @param {String} entryPoint Name of the hook's entry point + * @param {Node} currentNode node to work on with the hook + * @param {Object} data additional hook parameters + */ + var _executeHook = function _executeHook(entryPoint, currentNode, data) { + if (!hooks[entryPoint]) { + return; + } + + hooks[entryPoint].forEach(function (hook) { + hook.call(DOMPurify, currentNode, data, CONFIG); + }); + }; + + /** + * _sanitizeElements + * + * @protect nodeName + * @protect textContent + * @protect removeChild + * + * @param {Node} currentNode to check for permission to exist + * @return {Boolean} true if node was killed, false if left alive + */ + var _sanitizeElements = function _sanitizeElements(currentNode) { + var content = void 0; + + /* Execute a hook if present */ + _executeHook('beforeSanitizeElements', currentNode, null); + + /* Check if element is clobbered or can clobber */ + if (_isClobbered(currentNode)) { + _forceRemove(currentNode); + return true; + } + + /* Now let's check the element's type and name */ + var tagName = currentNode.nodeName.toLowerCase(); + + /* Execute a hook if present */ + _executeHook('uponSanitizeElement', currentNode, { + tagName: tagName, + allowedTags: ALLOWED_TAGS + }); + + /* Remove element if anything forbids its presence */ + if (!ALLOWED_TAGS[tagName] || FORBID_TAGS[tagName]) { + /* Keep content except for black-listed elements */ + if (KEEP_CONTENT && !FORBID_CONTENTS[tagName] && typeof currentNode.insertAdjacentHTML === 'function') { + try { + var htmlToInsert = currentNode.innerHTML; + currentNode.insertAdjacentHTML('AfterEnd', trustedTypesPolicy ? trustedTypesPolicy.createHTML(htmlToInsert) : htmlToInsert); + } catch (err) {} + } + _forceRemove(currentNode); + return true; + } + + /* Convert markup to cover jQuery behavior */ + if (SAFE_FOR_JQUERY && !currentNode.firstElementChild && (!currentNode.content || !currentNode.content.firstElementChild) && /</g.test(currentNode.textContent)) { + DOMPurify.removed.push({ element: currentNode.cloneNode() }); + if (currentNode.innerHTML) { + currentNode.innerHTML = currentNode.innerHTML.replace(/</g, '<'); + } else { + currentNode.innerHTML = currentNode.textContent.replace(/</g, '<'); + } + } + + /* Sanitize element content to be template-safe */ + if (SAFE_FOR_TEMPLATES && currentNode.nodeType === 3) { + /* Get the element's text content */ + content = currentNode.textContent; + content = content.replace(MUSTACHE_EXPR$$1, ' '); + content = content.replace(ERB_EXPR$$1, ' '); + if (currentNode.textContent !== content) { + DOMPurify.removed.push({ element: currentNode.cloneNode() }); + currentNode.textContent = content; + } + } + + /* Execute a hook if present */ + _executeHook('afterSanitizeElements', currentNode, null); + + return false; + }; + + /** + * _isValidAttribute + * + * @param {string} lcTag Lowercase tag name of containing element. + * @param {string} lcName Lowercase attribute name. + * @param {string} value Attribute value. + * @return {Boolean} Returns true if `value` is valid, otherwise false. + */ + var _isValidAttribute = function _isValidAttribute(lcTag, lcName, value) { + /* Make sure attribute cannot clobber */ + if (SANITIZE_DOM && (lcName === 'id' || lcName === 'name') && (value in document || value in formElement)) { + return false; + } + + /* Sanitize attribute content to be template-safe */ + if (SAFE_FOR_TEMPLATES) { + value = value.replace(MUSTACHE_EXPR$$1, ' '); + value = value.replace(ERB_EXPR$$1, ' '); + } + + /* Allow valid data-* attributes: At least one character after "-" + (https://html.spec.whatwg.org/multipage/dom.html#embedding-custom-non-visible-data-with-the-data-*-attributes) + XML-compatible (https://html.spec.whatwg.org/multipage/infrastructure.html#xml-compatible and http://www.w3.org/TR/xml/#d0e804) + We don't need to check the value; it's always URI safe. */ + if (ALLOW_DATA_ATTR && DATA_ATTR$$1.test(lcName)) { + // This attribute is safe + } else if (ALLOW_ARIA_ATTR && ARIA_ATTR$$1.test(lcName)) { + // This attribute is safe + /* Otherwise, check the name is permitted */ + } else if (!ALLOWED_ATTR[lcName] || FORBID_ATTR[lcName]) { + return false; + + /* Check value is safe. First, is attr inert? If so, is safe */ + } else if (URI_SAFE_ATTRIBUTES[lcName]) { + // This attribute is safe + /* Check no script, data or unknown possibly unsafe URI + unless we know URI values are safe for that attribute */ + } else if (IS_ALLOWED_URI$$1.test(value.replace(ATTR_WHITESPACE$$1, ''))) { + // This attribute is safe + /* Keep image data URIs alive if src/xlink:href is allowed */ + /* Further prevent gadget XSS for dynamically built script tags */ + } else if ((lcName === 'src' || lcName === 'xlink:href') && lcTag !== 'script' && value.indexOf('data:') === 0 && DATA_URI_TAGS[lcTag]) { + // This attribute is safe + /* Allow unknown protocols: This provides support for links that + are handled by protocol handlers which may be unknown ahead of + time, e.g. fb:, spotify: */ + } else if (ALLOW_UNKNOWN_PROTOCOLS && !IS_SCRIPT_OR_DATA$$1.test(value.replace(ATTR_WHITESPACE$$1, ''))) { + // This attribute is safe + /* Check for binary attributes */ + // eslint-disable-next-line no-negated-condition + } else if (!value) { + // Binary attributes are safe at this point + /* Anything else, presume unsafe, do not add it back */ + } else { + return false; + } + return true; + }; + + /** + * _sanitizeAttributes + * + * @protect attributes + * @protect nodeName + * @protect removeAttribute + * @protect setAttribute + * + * @param {Node} node to sanitize + */ + // eslint-disable-next-line complexity + var _sanitizeAttributes = function _sanitizeAttributes(currentNode) { + var attr = void 0; + var value = void 0; + var lcName = void 0; + var idAttr = void 0; + var l = void 0; + /* Execute a hook if present */ + _executeHook('beforeSanitizeAttributes', currentNode, null); + + var attributes = currentNode.attributes; + + /* Check if we have attributes; if not we might have a text node */ + + if (!attributes) { + return; + } + + var hookEvent = { + attrName: '', + attrValue: '', + keepAttr: true, + allowedAttributes: ALLOWED_ATTR + }; + l = attributes.length; + + /* Go backwards over all attributes; safely remove bad ones */ + while (l--) { + attr = attributes[l]; + var _attr = attr, + name = _attr.name, + namespaceURI = _attr.namespaceURI; + + value = attr.value.trim(); + lcName = name.toLowerCase(); + + /* Execute a hook if present */ + hookEvent.attrName = lcName; + hookEvent.attrValue = value; + hookEvent.keepAttr = true; + _executeHook('uponSanitizeAttribute', currentNode, hookEvent); + value = hookEvent.attrValue; + + /* Remove attribute */ + // Safari (iOS + Mac), last tested v8.0.5, crashes if you try to + // remove a "name" attribute from an <img> tag that has an "id" + // attribute at the time. + if (lcName === 'name' && currentNode.nodeName === 'IMG' && attributes.id) { + idAttr = attributes.id; + attributes = apply(arraySlice, attributes, []); + _removeAttribute('id', currentNode); + _removeAttribute(name, currentNode); + if (attributes.indexOf(idAttr) > l) { + currentNode.setAttribute('id', idAttr.value); + } + } else if ( + // This works around a bug in Safari, where input[type=file] + // cannot be dynamically set after type has been removed + currentNode.nodeName === 'INPUT' && lcName === 'type' && value === 'file' && (ALLOWED_ATTR[lcName] || !FORBID_ATTR[lcName])) { + continue; + } else { + // This avoids a crash in Safari v9.0 with double-ids. + // The trick is to first set the id to be empty and then to + // remove the attribute + if (name === 'id') { + currentNode.setAttribute(name, ''); + } + _removeAttribute(name, currentNode); + } + + /* Did the hooks approve of the attribute? */ + if (!hookEvent.keepAttr) { + continue; + } + + /* Is `value` valid for this attribute? */ + var lcTag = currentNode.nodeName.toLowerCase(); + if (!_isValidAttribute(lcTag, lcName, value)) { + continue; + } + + /* Handle invalid data-* attribute set by try-catching it */ + try { + if (namespaceURI) { + currentNode.setAttributeNS(namespaceURI, name, value); + } else { + /* Fallback to setAttribute() for browser-unrecognized namespaces e.g. "x-schema". */ + currentNode.setAttribute(name, value); + } + DOMPurify.removed.pop(); + } catch (err) {} + } + + /* Execute a hook if present */ + _executeHook('afterSanitizeAttributes', currentNode, null); + }; + + /** + * _sanitizeShadowDOM + * + * @param {DocumentFragment} fragment to iterate over recursively + */ + var _sanitizeShadowDOM = function _sanitizeShadowDOM(fragment) { + var shadowNode = void 0; + var shadowIterator = _createIterator(fragment); + + /* Execute a hook if present */ + _executeHook('beforeSanitizeShadowDOM', fragment, null); + + while (shadowNode = shadowIterator.nextNode()) { + /* Execute a hook if present */ + _executeHook('uponSanitizeShadowNode', shadowNode, null); + + /* Sanitize tags and elements */ + if (_sanitizeElements(shadowNode)) { + continue; + } + + /* Deep shadow DOM detected */ + if (shadowNode.content instanceof DocumentFragment) { + _sanitizeShadowDOM(shadowNode.content); + } + + /* Check attributes, sanitize if necessary */ + _sanitizeAttributes(shadowNode); + } + + /* Execute a hook if present */ + _executeHook('afterSanitizeShadowDOM', fragment, null); + }; + + /** + * Sanitize + * Public method providing core sanitation functionality + * + * @param {String|Node} dirty string or DOM node + * @param {Object} configuration object + */ + // eslint-disable-next-line complexity + DOMPurify.sanitize = function (dirty, cfg) { + var body = void 0; + var importedNode = void 0; + var currentNode = void 0; + var oldNode = void 0; + var returnNode = void 0; + /* Make sure we have a string to sanitize. + DO NOT return early, as this will return the wrong type if + the user has requested a DOM object rather than a string */ + if (!dirty) { + dirty = '<!-->'; + } + + /* Stringify, in case dirty is an object */ + if (typeof dirty !== 'string' && !_isNode(dirty)) { + // eslint-disable-next-line no-negated-condition + if (typeof dirty.toString !== 'function') { + throw new TypeError('toString is not a function'); + } else { + dirty = dirty.toString(); + if (typeof dirty !== 'string') { + throw new TypeError('dirty is not a string, aborting'); + } + } + } + + /* Check we can run. Otherwise fall back or ignore */ + if (!DOMPurify.isSupported) { + if (_typeof(window.toStaticHTML) === 'object' || typeof window.toStaticHTML === 'function') { + if (typeof dirty === 'string') { + return window.toStaticHTML(dirty); + } + if (_isNode(dirty)) { + return window.toStaticHTML(dirty.outerHTML); + } + } + return dirty; + } + + /* Assign config vars */ + if (!SET_CONFIG) { + _parseConfig(cfg); + } + + /* Clean up removed elements */ + DOMPurify.removed = []; + + if (IN_PLACE) { + /* No special handling necessary for in-place sanitization */ + } else if (dirty instanceof Node) { + /* If dirty is a DOM element, append to an empty document to avoid + elements being stripped by the parser */ + body = _initDocument('<!-->'); + importedNode = body.ownerDocument.importNode(dirty, true); + if (importedNode.nodeType === 1 && importedNode.nodeName === 'BODY') { + /* Node is already a body, use as is */ + body = importedNode; + } else { + body.appendChild(importedNode); + } + } else { + /* Exit directly if we have nothing to do */ + if (!RETURN_DOM && !WHOLE_DOCUMENT && dirty.indexOf('<') === -1) { + return trustedTypesPolicy ? trustedTypesPolicy.createHTML(dirty) : dirty; + } + + /* Initialize the document to work on */ + body = _initDocument(dirty); + + /* Check we have a DOM node from the data */ + if (!body) { + return RETURN_DOM ? null : emptyHTML; + } + } + + /* Remove first element node (ours) if FORCE_BODY is set */ + if (body && FORCE_BODY) { + _forceRemove(body.firstChild); + } + + /* Get node iterator */ + var nodeIterator = _createIterator(IN_PLACE ? dirty : body); + + /* Now start iterating over the created document */ + while (currentNode = nodeIterator.nextNode()) { + /* Fix IE's strange behavior with manipulated textNodes #89 */ + if (currentNode.nodeType === 3 && currentNode === oldNode) { + continue; + } + + /* Sanitize tags and elements */ + if (_sanitizeElements(currentNode)) { + continue; + } + + /* Shadow DOM detected, sanitize it */ + if (currentNode.content instanceof DocumentFragment) { + _sanitizeShadowDOM(currentNode.content); + } + + /* Check attributes, sanitize if necessary */ + _sanitizeAttributes(currentNode); + + oldNode = currentNode; + } + + oldNode = null; + + /* If we sanitized `dirty` in-place, return it. */ + if (IN_PLACE) { + return dirty; + } + + /* Return sanitized string or DOM */ + if (RETURN_DOM) { + if (RETURN_DOM_FRAGMENT) { + returnNode = createDocumentFragment.call(body.ownerDocument); + + while (body.firstChild) { + returnNode.appendChild(body.firstChild); + } + } else { + returnNode = body; + } + + if (RETURN_DOM_IMPORT) { + /* AdoptNode() is not used because internal state is not reset + (e.g. the past names map of a HTMLFormElement), this is safe + in theory but we would rather not risk another attack vector. + The state that is cloned by importNode() is explicitly defined + by the specs. */ + returnNode = importNode.call(originalDocument, returnNode, true); + } + + return returnNode; + } + + var serializedHTML = WHOLE_DOCUMENT ? body.outerHTML : body.innerHTML; + return trustedTypesPolicy ? trustedTypesPolicy.createHTML(serializedHTML) : serializedHTML; + }; + + /** + * Public method to set the configuration once + * setConfig + * + * @param {Object} cfg configuration object + */ + DOMPurify.setConfig = function (cfg) { + _parseConfig(cfg); + SET_CONFIG = true; + }; + + /** + * Public method to remove the configuration + * clearConfig + * + */ + DOMPurify.clearConfig = function () { + CONFIG = null; + SET_CONFIG = false; + }; + + /** + * Public method to check if an attribute value is valid. + * Uses last set config, if any. Otherwise, uses config defaults. + * isValidAttribute + * + * @param {string} tag Tag name of containing element. + * @param {string} attr Attribute name. + * @param {string} value Attribute value. + * @return {Boolean} Returns true if `value` is valid. Otherwise, returns false. + */ + DOMPurify.isValidAttribute = function (tag, attr, value) { + /* Initialize shared config vars if necessary. */ + if (!CONFIG) { + _parseConfig({}); + } + var lcTag = tag.toLowerCase(); + var lcName = attr.toLowerCase(); + return _isValidAttribute(lcTag, lcName, value); + }; + + /** + * AddHook + * Public method to add DOMPurify hooks + * + * @param {String} entryPoint entry point for the hook to add + * @param {Function} hookFunction function to execute + */ + DOMPurify.addHook = function (entryPoint, hookFunction) { + if (typeof hookFunction !== 'function') { + return; + } + hooks[entryPoint] = hooks[entryPoint] || []; + hooks[entryPoint].push(hookFunction); + }; + + /** + * RemoveHook + * Public method to remove a DOMPurify hook at a given entryPoint + * (pops it from the stack of hooks if more are present) + * + * @param {String} entryPoint entry point for the hook to remove + */ + DOMPurify.removeHook = function (entryPoint) { + if (hooks[entryPoint]) { + hooks[entryPoint].pop(); + } + }; + + /** + * RemoveHooks + * Public method to remove all DOMPurify hooks at a given entryPoint + * + * @param {String} entryPoint entry point for the hooks to remove + */ + DOMPurify.removeHooks = function (entryPoint) { + if (hooks[entryPoint]) { + hooks[entryPoint] = []; + } + }; + + /** + * RemoveAllHooks + * Public method to remove all DOMPurify hooks + * + */ + DOMPurify.removeAllHooks = function () { + hooks = {}; + }; + + return DOMPurify; +} + +var purify = createDOMPurify(); + +return purify; + +}))); +//# sourceMappingURL=purify.js.map
\ No newline at end of file diff --git a/ecomp-portal-FE-os/client/configurations/dev.json b/ecomp-portal-FE-os/client/configurations/dev.json index c60e9bcd..78e3a205 100644 --- a/ecomp-portal-FE-os/client/configurations/dev.json +++ b/ecomp-portal-FE-os/client/configurations/dev.json @@ -98,7 +98,11 @@ "loggedinUser" : "http://localhost:8080/ecompportal/portalApi/loggedinUser", "modifyLoggedinUser" : "http://localhost:8080/ecompportal/portalApi/modifyLoggedinUser", "centralizedApps": "http://localhost:8080/ecompportal/portalApi/centralizedApps", - "uploadRoleFunction":"http://localhost:8080/ecompportal/portalApi/uploadRoleFunction/:appId" + "uploadRoleFunction":"http://localhost:8080/ecompportal/portalApi/uploadRoleFunction/:appId", + "checkIfUserIsSuperAdmin":"http://localhost:8080/ecompportal/portalApi/checkIfUserIsSuperAdmin", + "getCurrentLang": "http://localhost:8080/ecompportal/auxapi/languageSetting/user/:loginId", + "getLanguages": "http://localhost:8080/ecompportal/auxapi/language", + "updateLang": "http://localhost:8080/ecompportal/auxapi/languageSetting/user/:loginId" }, "cookieDomain": "onap.org" } diff --git a/ecomp-portal-FE-os/client/configurations/integ.json b/ecomp-portal-FE-os/client/configurations/integ.json index 4771d635..b0181f8c 100644 --- a/ecomp-portal-FE-os/client/configurations/integ.json +++ b/ecomp-portal-FE-os/client/configurations/integ.json @@ -99,6 +99,7 @@ "modifyLoggedinUser" : "portalApi/modifyLoggedinUser", "centralizedApps": "portalApi/centralizedApps", "uploadRoleFunction":"portalApi/uploadRoleFunction/:appId", + "checkIfUserIsSuperAdmin":"portalApi/checkIfUserIsSuperAdmin", "getCurrentLang":"auxapi/languageSetting/user/:loginId", "getLanguages":"auxapi/language", "updateLang":"auxapi/languageSetting/user/:loginId" diff --git a/ecomp-portal-FE-os/client/index.html b/ecomp-portal-FE-os/client/index.html index 648174e4..7a46d598 100644 --- a/ecomp-portal-FE-os/client/index.html +++ b/ecomp-portal-FE-os/client/index.html @@ -291,7 +291,6 @@ <script src="app/views/notification-history/notificationhistory.controller.js"></script> <script src="app/views/portal-admin/new-portal-admin/new-portal-admin.controller.js"></script> <script src="app/views/portal-admin/portal-admin-controller.js"></script> - <script src="app/views/role/bulk-upload-dialogs/bulk-upload-role-functions-controller.js"></script> <script src="app/views/role/role-controller.js"></script> <script src="app/views/role/role-create-edit-popup-controller.js"></script> <script src="app/views/role/role-function-list-controller.js"></script> diff --git a/ecomp-portal-FE-os/client/src/views/applications/application-details-dialog/application-details.controller.js b/ecomp-portal-FE-os/client/src/views/applications/application-details-dialog/application-details.controller.js index efd5165a..d89af17c 100644 --- a/ecomp-portal-FE-os/client/src/views/applications/application-details-dialog/application-details.controller.js +++ b/ecomp-portal-FE-os/client/src/views/applications/application-details-dialog/application-details.controller.js @@ -58,7 +58,7 @@ 'username': null, 'appPassword': null, 'thumbnail': emptyImg, - 'isEnabled': true, + 'isEnabled': false, 'restrictedApp': false, 'nameSpace': null, 'isCentralAuth': false @@ -172,26 +172,44 @@ //*************************** this.saveChanges = () => { - //if valid.. + //if valid.. if(this.app.isCentralAuth){ - //if valid.. - if(((angular.isUndefined(this.app.myLoginsAppName) || !this.app.myLoginsAppName)&&(angular.isUndefined(this.app.myLoginsAppOwner) || !this.app.myLoginsAppOwner)&&(angular.isUndefined(this.app.name) || !this.app.name)&&(angular.isUndefined(this.app.url) || !this.app.url) - &&(angular.isUndefined(this.app.username) || !this.app.username))) { - confirmBoxService.showInformation('Please fill in all required fields').then(isConfirmed => {}); - return; - }else if(!((angular.isUndefined(this.app.name) || !!this.app.name)&&(angular.isUndefined(this.app.url) || !!this.app.url))){ - confirmBoxService.showInformation('Please fill in all required fields').then(isConfirmed => {}); - return; - } + //if valid. + if(!this.app.isEnabled) + { + if(((angular.isUndefined(this.app.name) || !this.app.name)||(angular.isUndefined(this.app.nameSpace) || !this.app.nameSpace) + ||(angular.isUndefined(this.app.username) || !this.app.username))) { + confirmBoxService.showInformation('Please fill in all required fields for centralized application').then(isConfirmed => {}); + return; + } + } + if(this.app.isEnabled){ + if(((angular.isUndefined(this.app.myLoginsAppName) || !this.app.myLoginsAppName)||(angular.isUndefined(this.app.myLoginsAppOwner) || !this.app.myLoginsAppOwner)||(angular.isUndefined(this.app.name) || !this.app.name)||(angular.isUndefined(this.app.url) || !this.app.url) + ||(angular.isUndefined(this.app.username) || !this.app.username)||(angular.isUndefined(this.app.nameSpace) || !this.app.nameSpace))) { + confirmBoxService.showInformation('Please fill in all required fields for centralized active application').then(isConfirmed => {}); + return; + } + } }else{ - if(((angular.isUndefined(this.app.myLoginsAppName) || !this.app.myLoginsAppName)||(angular.isUndefined(this.app.myLoginsAppOwner) || !this.app.myLoginsAppOwner)||(angular.isUndefined(this.app.name) || !this.app.name)||(angular.isUndefined(this.app.url) || !this.app.url) + + if(!this.app.isEnabled) + { + if((angular.isUndefined(this.app.name) || !this.app.name)){ + confirmBoxService.showInformation('Please fill in all required field ApplicationName to Save the applictaion').then(isConfirmed => {}); + return; + } + }else if(this.app.isEnabled && !this.app.restrictedApp){ + if(((angular.isUndefined(this.app.myLoginsAppName) || !this.app.myLoginsAppName)||(angular.isUndefined(this.app.myLoginsAppOwner) || !this.app.myLoginsAppOwner)||(angular.isUndefined(this.app.name) || !this.app.name)||(angular.isUndefined(this.app.url) || !this.app.url) ||(angular.isUndefined(this.app.username) || !this.app.username)||(angular.isUndefined(this.app.appPassword) || !this.app.appPassword))) { - confirmBoxService.showInformation('Please fill in all required fields along with password as the app is not centralized').then(isConfirmed => {}); - return; - }else if(!((angular.isUndefined(this.app.name) || !!this.app.name)&&(angular.isUndefined(this.app.url) || !!this.app.url))){ - confirmBoxService.showInformation('Please fill in all required fields').then(isConfirmed => {}); + confirmBoxService.showInformation('Please fill in all required fields along with password as the app is not centralized').then(isConfirmed => {}); + return; + } }else if(this.app.isEnabled && this.app.restrictedApp){ + if((angular.isUndefined(this.app.name) || !this.app.name) ||(angular.isUndefined(this.app.url) || !this.app.url)){ + confirmBoxService.showInformation('Please fill in all required fields').then(isConfirmed => {}); return; + } + } } this.isSaving = true; // For a restricted app, null out all irrelevant fields diff --git a/ecomp-portal-FE-os/client/src/views/applications/application-details-dialog/application-details.modal.html b/ecomp-portal-FE-os/client/src/views/applications/application-details-dialog/application-details.modal.html index b4251f15..780a974b 100644 --- a/ecomp-portal-FE-os/client/src/views/applications/application-details-dialog/application-details.modal.html +++ b/ecomp-portal-FE-os/client/src/views/applications/application-details-dialog/application-details.modal.html @@ -35,6 +35,16 @@ --> +<style> +.mandatoryFeild + { + color: Red; + margin-right: 2px; + position: absolute; + left: -10px;top: 28px; + + } +</style> <div class="b2b-modal-header"> <h2 class="account-details-title" id="application-details-title">Application @@ -48,14 +58,16 @@ <div class="application-details-modal"> <div class="app-properties-main" scroll-top="appDetails.scrollApi"> <form name="appForm" novalidate autocomplete="off"> + <div id="app-left-container" class="left-container"> <div class="property-label checkbox-label"> <label for="checkbox-app-is-restricted" class="checkbox"> <input type="checkbox" ng-model="appDetails.app.restrictedApp" id="checkbox-app-is-restricted" ng-disabled="appDetails.isEditMode" - ng-checked="appDetails.app.restrictedApp" /> <i class="skin"></i> - <span>Hyperlink only application</span> + ng-checked="appDetails.app.restrictedApp" /> <i + id="checkbox-app-is-restricted" class="skin"></i> <span>Hyperlink + only application</span> </label> </div> <div class="property required"> @@ -81,11 +93,14 @@ </div> </div> </div> - <div class="property required"> + <div class="property"> <div id="url-property-label" class="property-label">URL</div> - <input id="input-app-url" ng-model="appDetails.app.url" + <span runat="server" ID="required" class="mandatoryFeild" + visible="false" ng-show="appDetails.app.isEnabled"> *</span><input id="input-app-url" ng-model="appDetails.app.url" maxlength="256" name="url" type="url" placeholder="https://" ng-pattern="appDetails.ECOMP_URL_REGEX" required /> + + <div id="app-error-url" class="error-container" ng-show="appDetails.conflictMessages.url" id="div-app-name-err-url"> @@ -107,9 +122,10 @@ </div> - <div class="property required" ng-show="!appDetails.app.restrictedApp"> + <div class="property" ng-show="!appDetails.app.restrictedApp"> <div class="property-label">Rest API URL</div> - <input id="input-app-rest-url" ng-model="appDetails.app.restUrl" + <span runat="server" ID="required" class="mandatoryFiled" + visible="false" ng-show="appDetails.app.isEnabled"> *</span><input id="input-app-rest-url" ng-model="appDetails.app.restUrl" name="restUrl" type="url" placeholder="https://" ng-pattern="appDetails.ECOMP_URL_REGEX" maxlength="256" ng-required="!appDetails.app.restrictedApp" /> @@ -122,18 +138,19 @@ </div> </div> - <div class="property required" + <div class="property" ng-show="!appDetails.app.restrictedApp"> <div id="username-property-label" class="property-label">Username</div> - <input type="text" ng-model="appDetails.app.username" - name="username" maxlength="256" - ng-required="!appDetails.app.restrictedApp" /> + <span runat="server" ID="required" class="mandatoryFiled" + visible="false" ng-show="appDetails.app.isCentralAuth || appDetails.app.isEnabled"> *</span><input type="text" id="input-username-property" + ng-model="appDetails.app.username" name="username" + maxlength="256" ng-required="!appDetails.app.restrictedApp" /> <div id="app-error-username-container" class="error-container" ng-show="appForm.username.$dirty || appDetails.isEditMode"> <div ng-messages="appForm.username.$error" class="error-container"> <small id="error-appusername-reqd" class="err-message" - ng-message="required">My Logins App Username is + ng-message="required">App Username is required</small> </div> </div> @@ -161,32 +178,21 @@ ng-model="appDetails.app.appPassword" autocomplete="new-password" name="appPassword" maxlength="256"/> </div> - <div class="property" ng-show="!appDetails.app.restrictedApp"> - <div id="pwd-property-label" class="property-label">Name - Space</div> - <input type="text" id="input-mylogins-auth-namespace" - ng-model="appDetails.app.nameSpace" name="appAuthNameSpace" - maxlength="256" /> - </div> + + </div> <div class="right-container"> <div class="property"> <div class="property-label">Upload Image</div> <input type="file" id="input-app-image-upload" - class="input-file-field" accept="image/*" - ng-model="appDetails.originalImage" name="appImage" - image-upload="appDetails.originalImage" + class="input-file-field input-app-image-upload-ht" + accept="image/*" ng-model="appDetails.originalImage" + name="appImage" image-upload="appDetails.originalImage" image-upload-resize-max-height="300" image-upload-resize-max-width="360" image-upload-resize-quality="0.7" - image-upload-api="appDetails.imageApi" style="height: 24px;" - file-change="appImageHandler($event,files)" /> - <div id="app-error-image-upload-type" class="error-container" - ng-show="appImageTypeError" class="ng-hide"> - <div class="error-container"> - <small id="error-app-invalid-image-size" class="err-message">File must be an image</small> - </div> - </div> + + image-upload-api="appDetails.imageApi" file-change="appImageHandler($event,files)" /> <div id="app-error-image-upload-type" class="error-container" ng-show="appImageTypeError" class="ng-hide"> @@ -206,21 +212,14 @@ </div> <div class="property-label preview"> - <span class="left-label">Preview</span> <span class="remove" + <span id="{{$index}}-preview-property" class="left-label">Preview</span> + <span id="{{$index}}-remove-property" class="remove" ng-click="appDetails.removeImage()">Remove</span> </div> <img id="image-app-preview" class="image-preview" ng-src="{{appDetails.app.imageLink || appDetails.app.thumbnail || appDetails.emptyImgForPreview}}" /> - <div id="property-communication-inbox" class="property" - ng-show="!appDetails.app.restrictedApp"> - <div id="property-communication-inbox-label" - class="property-label">Communication Inbox</div> - <input type="text" id="input-UEB-topicname" - ng-model="appDetails.app.uebTopicName" name="uebTopicName" - readonly="readonly" /> - </div> - - <div id="property-communication-key" class="property" + + <div id="property-communication-key" class="property" ng-show="!appDetails.app.restrictedApp"> <div id="property-communication-key-label" class="property-label">Communication Key</div> @@ -228,25 +227,24 @@ ng-model="appDetails.app.uebKey" name="uebKey" readonly="readonly" /> </div> + <div class="property" ng-show="!appDetails.app.restrictedApp" > + <div id="pwd-property-label" class="property-label" >Name + Space</div> + <span runat="server" ID="required" class="mandatoryFiled" + visible="false" ng-show="appDetails.app.isCentralAuth"> *</span><input type="text" id="input-mylogins-auth-namespace" + ng-model="appDetails.app.nameSpace" name="appAuthNameSpace" + maxlength="256" ng-disabled="!appDetails.app.isCentralAuth" /> + </div> - <div id="property-communication-secret" class="property" + + <div id="property-is-central-auth" class="property" ng-show="!appDetails.app.restrictedApp"> - <div id="property-communication-secret-label" - class="property-label">Communication Secret</div> - <input type="text" id="input-UEB-communication-secret" - ng-model="appDetails.app.uebSecret" name="uebSecret" - readonly="readonly" /> - </div> - - <div id="property-guest-access" class="property"> - <label for="checkbox-app-is-open" class="checkbox"> <input - type="checkbox" ng-model="appDetails.app.isOpen" - id="checkbox-app-is-open" - ng-checked="appDetails.app.isOpen || appDetails.app.restrictedApp" - ng-disabled="appDetails.app.restrictedApp" /> <i class="skin"></i> - <span>Allow guest access</span> + <label for="checkbox-app-is-central-auth" class="checkbox"> + <input type="checkbox" ng-model="appDetails.app.isCentralAuth" + id="checkbox-app-is-central-auth" /> <i class="skin"></i> <span>Centralized</span> </label> </div> + <br /> <div id="property-active" class="property"> <label for="checkbox-app-is-enabled" class="checkbox"> <input type="checkbox" ng-model="appDetails.app.isEnabled" @@ -254,13 +252,16 @@ </label> </div> <br /> - <div id="property-is-central-auth" class="property" - ng-show="!appDetails.app.restrictedApp"> - <label for="checkbox-app-is-central-auth" class="checkbox"> - <input type="checkbox" ng-model="appDetails.app.isCentralAuth" - id="checkbox-app-is-central-auth" /> <i class="skin"></i> <span>Centralized</span> + <div id="property-guest-access" class="property"> + <label for="checkbox-app-is-open" class="checkbox"> <input + type="checkbox" ng-model="appDetails.app.isOpen" + id="checkbox-app-is-open" + ng-checked="appDetails.app.isOpen || appDetails.app.restrictedApp" + ng-disabled="appDetails.app.restrictedApp" /> <i class="skin"></i> + <span>Allow guest access</span> </label> </div> + </div> @@ -273,8 +274,7 @@ <div align="right"> <span class="ecomp-save-spinner" ng-show="appDetails.isSaving"></span> <button id="button-save-app" class="btn btn-alt btn-small" - ng-class="{disabled: appForm.$invalid}" - ng-click="appDetails.saveChanges()">Save</button> + ng-disabled="(!appDetails.app.name || appDetails.app.name.length == 0)" ng-click="appDetails.saveChanges()">Save</button> <button id="button-notification-cancel" class="btn btn-alt btn-small" ng-click="$dismiss('cancel')" role="button" tabindex="0">Cancel</button> </div> diff --git a/ecomp-portal-FE-os/client/src/views/applications/applications.controller.js b/ecomp-portal-FE-os/client/src/views/applications/applications.controller.js index 76121a08..0bcc1eb8 100644 --- a/ecomp-portal-FE-os/client/src/views/applications/applications.controller.js +++ b/ecomp-portal-FE-os/client/src/views/applications/applications.controller.js @@ -40,8 +40,9 @@ class ApplicationsCtrl { constructor($log, $cookies, conf, ngDialog, - applicationsService, confirmBoxService, userProfileService, utilsService,$modal) { + applicationsService, confirmBoxService, userProfileService, utilsService,$modal,$scope) { this.emptyImgForPreview = 'data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw=='; + $scope.isAdmin = false; let getOnboardingApps = () => { this.isLoadingTable = true; applicationsService.getOnboardingApps() @@ -54,6 +55,10 @@ appsList[i].imageLink = appsList[i].imageLink+'?' + new Date().getTime(); } } + if(appsList.length == 0) + { + confirmBoxService.showInformation('You do not have applications to edit').then(isConfirmed => {}); + } this.appsList = appsList; }).catch(err => { confirmBoxService.showInformation('There was a problem retrieving the Applications. ' + @@ -64,8 +69,21 @@ }); }; + let checkIfUserIsSuperAdmin = () => { + applicationsService.checkIfUserIsSuperAdmin().then(res => { + if(res) { + $scope.isAdmin = true; + } + }).catch(err => { + $log.error('ApplicationsCtrl.checkIfUserIsSuperAdmin:: Failed - ' + err); + }).finally(()=> { + this.isSaving = false; + }); + }; + let init = () => { this.isLoadingTable = false; + checkIfUserIsSuperAdmin(); getOnboardingApps(); this.searchString = ''; this.appsTableHeaders = [ @@ -143,6 +161,6 @@ } } ApplicationsCtrl.$inject = ['$log', '$cookies', 'conf', 'ngDialog', - 'applicationsService', 'confirmBoxService', 'userProfileService', 'utilsService','$modal']; + 'applicationsService', 'confirmBoxService', 'userProfileService', 'utilsService','$modal', '$scope']; angular.module('ecompApp').controller('ApplicationsCtrl', ApplicationsCtrl); })(); diff --git a/ecomp-portal-FE-os/client/src/views/header/profile-edit-dialogs/profile-edit.controller.js b/ecomp-portal-FE-os/client/src/views/header/profile-edit-dialogs/profile-edit.controller.js index 385697fa..597f9b37 100644 --- a/ecomp-portal-FE-os/client/src/views/header/profile-edit-dialogs/profile-edit.controller.js +++ b/ecomp-portal-FE-os/client/src/views/header/profile-edit-dialogs/profile-edit.controller.js @@ -45,7 +45,6 @@ this.email =''; this.loginId =''; this.loginPwd =''; - this.confirmLoginPwd='' this.isLoading = false; let getUser = () => { this.isLoading = true; @@ -75,14 +74,10 @@ loginId :this.loginId, loginPassword :this.loginPwd } - if (this.firstName =='' || this.lastName == '' || this.email == '' || this.loginId =='' || this.loginPwd ==''|| this.confirmLoginPwd ==''){ + if (this.firstName =='' || this.lastName == '' || this.email == '' || this.loginId =='' || this.loginPwd ==''){ var warningMsg = "Please enter a value for all fields marked with *."; confirmBoxService.showInformation(warningMsg).then(isConfirmed => {return;}); return; - } else if (this.loginPwd != this.confirmLoginPwd) { - var warningMsg = "Passwords do not match, please try again."; - confirmBoxService.showInformation(warningMsg).then(isConfirmed => {return;}); - return; } else { // check password length complexity. var warningMsg = adminsService.isComplexPassword(this.loginPwd); diff --git a/ecomp-portal-FE-os/client/src/views/header/profile-edit-dialogs/profile-edit.modal.html b/ecomp-portal-FE-os/client/src/views/header/profile-edit-dialogs/profile-edit.modal.html index 79c85a18..2ccb03c6 100644 --- a/ecomp-portal-FE-os/client/src/views/header/profile-edit-dialogs/profile-edit.modal.html +++ b/ecomp-portal-FE-os/client/src/views/header/profile-edit-dialogs/profile-edit.modal.html @@ -67,11 +67,6 @@ <div class="">*Login Password</div> <input type="password" ng-model="profileDetail.loginPwd" /> </div> - <div class="profile-edit-div"> - <div class="">*Confirm Login Password</div> - <input type="password" - ng-model="profileDetail.confirmLoginPwd" /> - </div> </div> </div> <div class="dialog-control"> diff --git a/ecomp-portal-FE-os/pom.xml b/ecomp-portal-FE-os/pom.xml index f39a31c5..d5014a98 100644 --- a/ecomp-portal-FE-os/pom.xml +++ b/ecomp-portal-FE-os/pom.xml @@ -5,7 +5,7 @@ <parent> <groupId>org.onap.portal</groupId> <artifactId>onap-portal-parent</artifactId> - <version>2.5.0</version> + <version>2.6.0-SNAPSHOT</version> </parent> <artifactId>portal-FE-os</artifactId> diff --git a/ecomp-portal-widget-ms/common-widgets/pom.xml b/ecomp-portal-widget-ms/common-widgets/pom.xml index 16416034..5b574d87 100644 --- a/ecomp-portal-widget-ms/common-widgets/pom.xml +++ b/ecomp-portal-widget-ms/common-widgets/pom.xml @@ -6,7 +6,7 @@ <parent> <groupId>org.onap.portal</groupId> <artifactId>widget-ms-parent</artifactId> - <version>2.5.0</version> + <version>2.6.0-SNAPSHOT</version> </parent> <artifactId>common-widgets</artifactId> diff --git a/ecomp-portal-widget-ms/pom.xml b/ecomp-portal-widget-ms/pom.xml index cb246513..d8b33301 100644 --- a/ecomp-portal-widget-ms/pom.xml +++ b/ecomp-portal-widget-ms/pom.xml @@ -6,7 +6,7 @@ <parent> <groupId>org.onap.portal</groupId> <artifactId>onap-portal-parent</artifactId> - <version>2.5.0</version> + <version>2.6.0-SNAPSHOT</version> </parent> <artifactId>widget-ms-parent</artifactId> diff --git a/ecomp-portal-widget-ms/widget-ms/pom.xml b/ecomp-portal-widget-ms/widget-ms/pom.xml index a6ed0aa8..95b06adc 100644 --- a/ecomp-portal-widget-ms/widget-ms/pom.xml +++ b/ecomp-portal-widget-ms/widget-ms/pom.xml @@ -13,7 +13,7 @@ <groupId>org.onap.portal</groupId> <artifactId>widget-ms</artifactId> - <version>2.5.0</version> + <version>2.6.0-SNAPSHOT</version> <packaging>jar</packaging> <name>widget-microservice</name> @@ -178,6 +178,11 @@ <artifactId>spring-security-web</artifactId> <version>4.1.4.RELEASE</version> </dependency> + <dependency> + <groupId>org.projectlombok</groupId> + <artifactId>lombok</artifactId> + <version>1.18.4</version> + </dependency> </dependencies> <build> diff --git a/ecomp-portal-widget-ms/widget-ms/src/main/java/org/onap/portalapp/widget/domain/App.java b/ecomp-portal-widget-ms/widget-ms/src/main/java/org/onap/portalapp/widget/domain/App.java index d950d035..212826cd 100644 --- a/ecomp-portal-widget-ms/widget-ms/src/main/java/org/onap/portalapp/widget/domain/App.java +++ b/ecomp-portal-widget-ms/widget-ms/src/main/java/org/onap/portalapp/widget/domain/App.java @@ -8,6 +8,10 @@ import javax.persistence.GeneratedValue; import javax.persistence.GenerationType; import javax.persistence.Id; import javax.persistence.Table; +import javax.validation.constraints.Digits; +import javax.validation.constraints.NotNull; +import javax.validation.constraints.Size; +import org.hibernate.validator.constraints.SafeHtml; @Entity @Table(name = "FN_APP") @@ -18,9 +22,13 @@ public class App implements Serializable{ @Id @Column(name = "APP_ID") @GeneratedValue(strategy=GenerationType.AUTO) + @Digits(integer = 11, fraction = 0) private Long appId; - + @Column(name = "APP_Name") + @SafeHtml + @Size(max = 100) + @NotNull private String appName; public Long getAppId() { diff --git a/ecomp-portal-widget-ms/widget-ms/src/main/java/org/onap/portalapp/widget/domain/MicroserviceData.java b/ecomp-portal-widget-ms/widget-ms/src/main/java/org/onap/portalapp/widget/domain/MicroserviceData.java index 7d45a112..43e7b2b0 100644 --- a/ecomp-portal-widget-ms/widget-ms/src/main/java/org/onap/portalapp/widget/domain/MicroserviceData.java +++ b/ecomp-portal-widget-ms/widget-ms/src/main/java/org/onap/portalapp/widget/domain/MicroserviceData.java @@ -6,6 +6,12 @@ import javax.persistence.GeneratedValue; import javax.persistence.GenerationType; import javax.persistence.Id; import javax.persistence.Table; +import javax.validation.constraints.Digits; +import javax.validation.constraints.NotNull; +import javax.validation.constraints.Size; +import lombok.Getter; +import lombok.Setter; +import org.hibernate.validator.constraints.SafeHtml; /** * TODO: moved all microservice-related code (domain, controller, service) @@ -13,109 +19,57 @@ import javax.persistence.Table; */ @Entity @Table(name="EP_MICROSERVICE") +@Getter +@Setter public class MicroserviceData { @Id @Column(name = "id") + @Digits(integer = 11, fraction = 0) @GeneratedValue(strategy=GenerationType.AUTO) private Long id; @Column(name = "name") + @Size(max = 50) + @SafeHtml private String name; @Column(name = "description") + @Size(max = 50) + @SafeHtml private String desc; @Column(name = "appId") + @Digits(integer = 11, fraction = 0) private long appId; @Column(name = "endpoint_url") + @Size(max = 200) + @SafeHtml private String url; @Column(name = "security_type") + @Size(max = 50) + @SafeHtml private String securityType; @Column(name = "username") + @Size(max = 50) + @SafeHtml private String username; @Column(name = "password") + @Size(max = 50) + @SafeHtml + @NotNull private String password; @Column(name = "active") + @Size(max = 1) + @SafeHtml + @NotNull private String active; - public Long getId() { - return id; - } - - public void setId(Long id) { - this.id = id; - } - - public String getName() { - return name; - } - - public void setName(String name) { - this.name = name; - } - - public String getDesc() { - return desc; - } - - public void setDesc(String desc) { - this.desc = desc; - } - - public long getAppId() { - return appId; - } - - public void setAppId(long appId) { - this.appId = appId; - } - - public String getUrl() { - return url; - } - - public void setUrl(String url) { - this.url = url; - } - - public String getSecurityType() { - return securityType; - } - - public void setSecurityType(String securityType) { - this.securityType = securityType; - } - - public String getUsername() { - return username; - } - - public void setUsername(String username) { - this.username = username; - } - - public String getPassword() { - return password; - } - - public void setPassword(String password) { - this.password = password; - } - - public String getActive() { - return active; - } - - public void setActive(String active) { - this.active = active; - } - @Override public String toString() { return "MicroserviceData [name=" + name + ", desc=" + desc + ", appId=" + appId + ", url=" + url diff --git a/ecomp-portal-widget-ms/widget-ms/src/main/java/org/onap/portalapp/widget/domain/MicroserviceParameter.java b/ecomp-portal-widget-ms/widget-ms/src/main/java/org/onap/portalapp/widget/domain/MicroserviceParameter.java index d95d46c6..7207d0ae 100644 --- a/ecomp-portal-widget-ms/widget-ms/src/main/java/org/onap/portalapp/widget/domain/MicroserviceParameter.java +++ b/ecomp-portal-widget-ms/widget-ms/src/main/java/org/onap/portalapp/widget/domain/MicroserviceParameter.java @@ -6,6 +6,11 @@ import javax.persistence.GeneratedValue; import javax.persistence.GenerationType; import javax.persistence.Id; import javax.persistence.Table; +import javax.validation.constraints.Digits; +import javax.validation.constraints.Size; +import lombok.Getter; +import lombok.Setter; +import org.hibernate.validator.constraints.SafeHtml; /** * TODO: moved all microservice-related code (domain, controller, service) @@ -13,54 +18,30 @@ import javax.persistence.Table; */ @Entity @Table(name="EP_MICROSERVICE_PARAMETER") +@Getter +@Setter public class MicroserviceParameter { @Id @Column(name = "id") @GeneratedValue(strategy=GenerationType.AUTO) + @Digits(integer = 11, fraction = 0) private Long id; @Column(name = "service_id") + @Digits(integer = 11, fraction = 0) private long serviceId; @Column(name = "para_key") + @Size(max = 50) + @SafeHtml private String para_key; @Column(name = "para_value") + @Size(max = 50) + @SafeHtml private String para_value; - public Long getId() { - return id; - } - - public void setId(Long id) { - this.id = id; - } - - public long getServiceId() { - return serviceId; - } - - public void setServiceId(long serviceId) { - this.serviceId = serviceId; - } - - public String getPara_key() { - return para_key; - } - - public void setPara_key(String para_key) { - this.para_key = para_key; - } - - public String getPara_value() { - return para_value; - } - - public void setPara_value(String para_value) { - this.para_value = para_value; - } - @Override public String toString() { return "MicroserviceParameter [serviceId=" + serviceId + ", para_key=" + para_key + ", para_value=" + para_value diff --git a/ecomp-portal-widget-ms/widget-ms/src/main/java/org/onap/portalapp/widget/domain/RoleApp.java b/ecomp-portal-widget-ms/widget-ms/src/main/java/org/onap/portalapp/widget/domain/RoleApp.java index 807067b2..aae9bfed 100644 --- a/ecomp-portal-widget-ms/widget-ms/src/main/java/org/onap/portalapp/widget/domain/RoleApp.java +++ b/ecomp-portal-widget-ms/widget-ms/src/main/java/org/onap/portalapp/widget/domain/RoleApp.java @@ -16,77 +16,43 @@ import javax.persistence.ManyToOne; import javax.persistence.Table; import com.fasterxml.jackson.annotation.JsonIgnore; +import javax.validation.Valid; +import javax.validation.constraints.Digits; +import javax.validation.constraints.NotNull; +import javax.validation.constraints.Size; +import lombok.Getter; +import lombok.Setter; +import org.hibernate.validator.constraints.SafeHtml; @Entity @Table(name = "FN_ROLE") +@Getter +@Setter public class RoleApp implements Serializable{ private static final long serialVersionUID = 1L; @Id @Column(name = "ROLE_ID") @GeneratedValue(strategy=GenerationType.AUTO) + @Digits(integer = 11, fraction = 0) private Long roleId; - - + @Column(name = "ROLE_Name") + @SafeHtml + @Size(max = 300) + @NotNull private String roleName; @ManyToOne(fetch = FetchType.EAGER) @JoinColumn(name="APP_ID") + @Valid private App app; @JsonIgnore @ManyToMany(fetch = FetchType.EAGER, cascade = {CascadeType.MERGE, CascadeType.PERSIST, CascadeType.REFRESH}, mappedBy="widgetRoles") + @Valid private Set<WidgetCatalog> widgets; - /*@PreRemove - private void removeGroupsFromUsers() { - for (WidgetCatalog w : widgets) { - w.getWidgetRoles().remove(this); - } - }*/ - - /*@ManyToOne - @JoinColumn(name = "WIDGET_ID", nullable = false) - WidgetCatalog widgetCatalog;*/ - - //@JsonIgnore - //@ManyToMany(mappedBy = "widgetRoles") - //@ManyToMany(fetch = FetchType.EAGER, mappedBy = "widgetRoles") - //private Set<WidgetCatalog> widgets = new HashSet<WidgetCatalog>(); - - public Long getRoleId() { - return roleId; - } - - public void setRoleId(Long roleId) { - this.roleId = roleId; - } - - public String getRoleName() { - return roleName; - } - - public void setRoleName(String roleName) { - this.roleName = roleName; - } - - public App getApp() { - return app; - } - - public void setApp(App app) { - this.app = app; - } - - public Set<WidgetCatalog> getWidgets() { - return widgets; - } - - public void setWidgets(Set<WidgetCatalog> widgets) { - this.widgets = widgets; - } - @Override public String toString() { return "RoleApp [roleId=" + roleId + ", roleName=" + roleName + ", app=" + app + "]"; diff --git a/ecomp-portal-widget-ms/widget-ms/src/main/java/org/onap/portalapp/widget/domain/WidgetCatalog.java b/ecomp-portal-widget-ms/widget-ms/src/main/java/org/onap/portalapp/widget/domain/WidgetCatalog.java index 9d153e2a..1dc0582c 100644 --- a/ecomp-portal-widget-ms/widget-ms/src/main/java/org/onap/portalapp/widget/domain/WidgetCatalog.java +++ b/ecomp-portal-widget-ms/widget-ms/src/main/java/org/onap/portalapp/widget/domain/WidgetCatalog.java @@ -14,30 +14,51 @@ import javax.persistence.JoinTable; import javax.persistence.ManyToMany; import javax.persistence.Table; import javax.persistence.Transient; +import javax.validation.constraints.Digits; +import javax.validation.constraints.NotNull; +import javax.validation.constraints.Size; +import lombok.Getter; +import lombok.Setter; +import org.hibernate.validator.constraints.SafeHtml; @Entity @Table(name="EP_WIDGET_CATALOG") +@Getter +@Setter public class WidgetCatalog{ @Id @Column(name = "widget_id") @GeneratedValue(strategy=GenerationType.AUTO) + @Digits(integer = 11, fraction = 0) private long id; @Column(name = "wdg_name") + @Size(max = 100) + @SafeHtml + @NotNull private String name; @Column(name = "wdg_desc") + @Size(max = 200) + @SafeHtml private String desc; @Column(name = "wdg_file_loc") + @Size(max = 256) + @SafeHtml + @NotNull private String fileLocation; @Column(name = "all_user_flag") + @Size(max = 1) + @SafeHtml + @NotNull private String allowAllUser; @Column(name = "service_id") + @Digits(integer = 11, fraction = 0) private Long serviceId; @Transient @@ -53,78 +74,6 @@ public class WidgetCatalog{ ) private Set<RoleApp> widgetRoles; - public long getId() { - return id; - } - - public void setId(long id) { - this.id = id; - } - - public String getName() { - return name; - } - - public void setName(String name) { - this.name = name; - } - - public String getDesc() { - return desc; - } - - public void setDesc(String desc) { - this.desc = desc; - } - - public String getFileLocation() { - return fileLocation; - } - - public void setFileLocation(String fileLocation) { - this.fileLocation = fileLocation; - } - - public Set<RoleApp> getWidgetRoles() { - return widgetRoles; - } - - public void setWidgetRoles(Set<RoleApp> widgetRoles) { - this.widgetRoles = widgetRoles; - } - - public String getAllowAllUser() { - return allowAllUser; - } - - public void setAllowAllUser(String allowAllUser) { - this.allowAllUser = allowAllUser; - } - - public String getSortOrder() { - return sortOrder; - } - - public void setSortOrder(String sortOrder) { - this.sortOrder = sortOrder; - } - - public String getStatusCode() { - return statusCode; - } - - public void setStatusCode(String statusCode) { - this.statusCode = statusCode; - } - - public Long getServiceId() { - return serviceId; - } - - public void setServiceId(Long serviceId) { - this.serviceId = serviceId; - } - @Override public String toString() { return "WidgetCatalog [id=" + id + ", name=" + name + ", desc=" + desc + ", fileLocation=" + fileLocation diff --git a/ecomp-portal-widget-ms/widget-ms/src/main/java/org/onap/portalapp/widget/domain/WidgetFile.java b/ecomp-portal-widget-ms/widget-ms/src/main/java/org/onap/portalapp/widget/domain/WidgetFile.java index e9c6ffc2..7ba22982 100644 --- a/ecomp-portal-widget-ms/widget-ms/src/main/java/org/onap/portalapp/widget/domain/WidgetFile.java +++ b/ecomp-portal-widget-ms/widget-ms/src/main/java/org/onap/portalapp/widget/domain/WidgetFile.java @@ -4,18 +4,31 @@ import javax.persistence.Column; import javax.persistence.Entity; import javax.persistence.Id; import javax.persistence.Table; +import javax.validation.constraints.Digits; +import javax.validation.constraints.NotNull; +import javax.validation.constraints.Size; +import lombok.Getter; +import lombok.Setter; +import org.hibernate.validator.constraints.SafeHtml; @Entity @Table(name = "ep_widget_catalog_files") +@Getter +@Setter public class WidgetFile { @Id @Column (name = "file_id") + @Digits(integer = 11, fraction = 0) private int id; @Column(name = "widget_name") + @Size(max = 11) + @SafeHtml + @NotNull private String name; @Column(name = "widget_id") + @Digits(integer = 11, fraction = 0) private long widgetId; @Column(name = "markup_html") @@ -30,62 +43,6 @@ public class WidgetFile { @Column(name = "widget_css") private byte[] css; - public int getId() { - return id; - } - - public void setId(int id) { - this.id = id; - } - - public String getName() { - return name; - } - - public void setName(String name) { - this.name = name; - } - - public byte[] getMarkup() { - return markup; - } - - public void setMarkup(byte[] markup) { - this.markup = markup; - } - - public byte[] getController() { - return controller; - } - - public void setController(byte[] controller) { - this.controller = controller; - } - - public byte[] getFramework() { - return framework; - } - - public void setFramework(byte[] framework) { - this.framework = framework; - } - - public byte[] getCss() { - return css; - } - - public void setCss(byte[] css) { - this.css = css; - } - - public long getWidgetId() { - return widgetId; - } - - public void setWidgetId(long widgetId) { - this.widgetId = widgetId; - } - @Override public String toString() { return "WidgetFile [name=" + name + ", widgetId=" + widgetId + "]"; @@ -12,7 +12,7 @@ <groupId>org.onap.portal</groupId> <artifactId>onap-portal-parent</artifactId> - <version>2.5.0</version> + <version>2.6.0-SNAPSHOT</version> <packaging>pom</packaging> <name>portal</name> @@ -27,7 +27,7 @@ <properties> <!-- Jenkins should invoke mvn with argument -Dbuild.number=${BUILD_NUMBER} --> <build.number>0</build.number> - <epsdk.version>2.5.0</epsdk.version> + <epsdk.version>2.6.0-SNAPSHOT</epsdk.version> <springframework.version>4.2.3.RELEASE</springframework.version> <hibernate.version>4.3.11.Final</hibernate.version> <fasterxml.version>2.8.10</fasterxml.version> diff --git a/version.properties b/version.properties index ee5d4d0e..756f8a39 100644 --- a/version.properties +++ b/version.properties @@ -3,7 +3,7 @@ # because they are used in Jenkins, whose plug-in doesn't support major=2 -minor=4 +minor=5 patch=0 base_version=${major}.${minor}.${patch} |