summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--portal-BE/src/main/java/org/onap/portal/controller/PortalAdminController.java236
-rw-r--r--portal-BE/src/main/java/org/onap/portal/domain/dto/transport/PortalAdmin.java68
-rw-r--r--portal-BE/src/main/java/org/onap/portal/restTemplates/AAFTemplate.java31
-rw-r--r--portal-BE/src/main/java/org/onap/portal/service/AdminRolesService.java4
-rw-r--r--portal-BE/src/main/java/org/onap/portal/service/PortalAdminService.java222
-rw-r--r--portal-BE/src/main/java/org/onap/portal/service/userRole/FnUserRoleService.java5
6 files changed, 554 insertions, 12 deletions
diff --git a/portal-BE/src/main/java/org/onap/portal/controller/PortalAdminController.java b/portal-BE/src/main/java/org/onap/portal/controller/PortalAdminController.java
new file mode 100644
index 00000000..b9477185
--- /dev/null
+++ b/portal-BE/src/main/java/org/onap/portal/controller/PortalAdminController.java
@@ -0,0 +1,236 @@
+/*-
+ * ============LICENSE_START==========================================
+ * ONAP Portal
+ * ===================================================================
+ * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+ * ===================================================================
+ *
+ * Unless otherwise specified, all software contained herein is licensed
+ * under the Apache License, Version 2.0 (the "License");
+ * you may not use this software except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * Unless otherwise specified, all documentation contained herein is licensed
+ * under the Creative Commons License, Attribution 4.0 Intl. (the "License");
+ * you may not use this documentation except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * https://creativecommons.org/licenses/by/4.0/
+ *
+ * Unless required by applicable law or agreed to in writing, documentation
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * ============LICENSE_END============================================
+ *
+ *
+ */
+package org.onap.portal.controller;
+
+import java.security.Principal;
+import java.util.List;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import org.onap.portal.domain.db.fn.FnRole;
+import org.onap.portal.domain.db.fn.FnUser;
+import org.onap.portal.domain.dto.ecomp.EcompAuditLog;
+import org.onap.portal.domain.dto.transport.FieldsValidator;
+import org.onap.portal.domain.dto.transport.PortalAdmin;
+import org.onap.portal.logging.aop.EPEELFLoggerAdvice;
+import org.onap.portal.logging.logic.EPLogUtil;
+import org.onap.portal.service.AdminRolesService;
+import org.onap.portal.service.PortalAdminService;
+import org.onap.portal.service.user.FnUserService;
+import org.onap.portal.utils.EPCommonSystemProperties;
+import org.onap.portal.utils.EcompPortalUtils;
+import org.onap.portal.validation.DataValidator;
+import org.onap.portal.validation.SecureString;
+import org.onap.portalsdk.core.domain.AuditLog;
+import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
+import org.onap.portalsdk.core.service.AuditService;
+import org.onap.portalsdk.core.service.AuditServiceImpl;
+import org.onap.portalsdk.core.util.SystemProperties;
+import org.slf4j.MDC;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.EnableAspectJAutoProxy;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+@Configuration
+@EnableAspectJAutoProxy
+public class PortalAdminController {
+
+ private static final EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(PortalAdminController.class);
+ private static final DataValidator DATA_VALIDATOR = new DataValidator();
+
+ private PortalAdminService portalAdminService;
+ private final FnUserService fnUserService;
+ private AdminRolesService adminRolesService;
+ private AuditServiceImpl auditService = new AuditServiceImpl();
+
+ @Autowired
+ public PortalAdminController(PortalAdminService portalAdminService,
+ FnUserService fnUserService, AdminRolesService adminRolesService) {
+ this.portalAdminService = portalAdminService;
+ this.fnUserService = fnUserService;
+ this.adminRolesService = adminRolesService;
+ }
+
+ @RequestMapping(value = {"/portalApi/portalAdmins"}, method = RequestMethod.GET, produces = "application/json")
+ public List<PortalAdmin> getPortalAdmins(Principal principal, HttpServletRequest request,
+ HttpServletResponse response) {
+ FnUser user = fnUserService.loadUserByUsername(principal.getName());
+ List<PortalAdmin> portalAdmins = null;
+ if (user == null) {
+ logger.debug(EELFLoggerDelegate.debugLogger, "PortalAdminController.getPortalAdmins, null user");
+ EcompPortalUtils.setBadPermissions(user, response, "getPortalAdmins");
+ } else if (!adminRolesService.isSuperAdmin(user.getLoginId())) {
+ logger.debug(EELFLoggerDelegate.debugLogger, "PortalAdminController.getPortalAdmins, bad permissions");
+ EcompPortalUtils.setBadPermissions(user, response, "createPortalAdmin");
+ } else {
+ // return the list of portal admins
+ portalAdmins = portalAdminService.getPortalAdmins();
+ logger.debug(EELFLoggerDelegate.debugLogger, "portalAdmins: called getPortalAdmins()");
+ EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/getPortalAdmins", "result =", portalAdmins);
+ }
+
+ return portalAdmins;
+ }
+
+ @RequestMapping(value = {"/portalApi/portalAdmin"}, method = RequestMethod.POST)
+ public FieldsValidator createPortalAdmin(Principal principal, HttpServletRequest request,
+ @RequestBody String userId,
+ HttpServletResponse response) {
+ FnUser user = fnUserService.loadUserByUsername(principal.getName());
+ FieldsValidator fieldsValidator = null;
+ if (!DATA_VALIDATOR.isValid(new SecureString(userId))) {
+ logger.debug(EELFLoggerDelegate.debugLogger, "PortalAdminController.createPortalAdmin not valid userId");
+ EcompPortalUtils.setBadPermissions(user, response, "createPortalAdmin");
+ } else if (user == null) {
+ logger.debug(EELFLoggerDelegate.debugLogger, "PortalAdminController.createPortalAdmin, null user");
+ EcompPortalUtils.setBadPermissions(user, response, "createPortalAdmin");
+ } else if (!adminRolesService.isSuperAdmin(user.getLoginId())) {
+ logger.debug(EELFLoggerDelegate.debugLogger, "PortalAdminController.createPortalAdmin bad permissions");
+ EcompPortalUtils.setBadPermissions(user, response, "createPortalAdmin");
+ } else {
+ fieldsValidator = portalAdminService.createPortalAdmin(userId);
+ int statusCode = fieldsValidator.getHttpStatusCode().intValue();
+ response.setStatus(statusCode);
+ if (statusCode == 200) {
+ AuditLog auditLog = new AuditLog();
+ auditLog.setUserId(user.getId());
+ auditLog.setActivityCode(EcompAuditLog.CD_ACTIVITY_ADD_PORTAL_ADMIN);
+ auditLog.setAffectedRecordId(userId);
+ try {
+ auditService.logActivity(auditLog, null);
+ } catch (Exception e) {
+ logger.error(EELFLoggerDelegate.errorLogger, "createPortalAdmin: failed for save audit log", e);
+ }
+ MDC.put(EPCommonSystemProperties.AUDITLOG_BEGIN_TIMESTAMP, EPEELFLoggerAdvice.getCurrentDateTimeUTC());
+ MDC.put(EPCommonSystemProperties.AUDITLOG_END_TIMESTAMP, EPEELFLoggerAdvice.getCurrentDateTimeUTC());
+ EcompPortalUtils.calculateDateTimeDifferenceForLog(
+ MDC.get(EPCommonSystemProperties.AUDITLOG_BEGIN_TIMESTAMP),
+ MDC.get(EPCommonSystemProperties.AUDITLOG_END_TIMESTAMP));
+ logger.info(EELFLoggerDelegate.auditLogger,
+ EPLogUtil.formatAuditLogMessage("PortalAdminController.createPortalAdmin",
+ EcompAuditLog.CD_ACTIVITY_ADD_PORTAL_ADMIN, user.getOrgUserId(), userId,
+ "A new Portal Admin has been added"));
+ MDC.remove(EPCommonSystemProperties.AUDITLOG_BEGIN_TIMESTAMP);
+ MDC.remove(EPCommonSystemProperties.AUDITLOG_END_TIMESTAMP);
+ MDC.remove(SystemProperties.MDC_TIMER);
+ }
+ }
+ EcompPortalUtils.logAndSerializeObject(logger, "/portalAdmin", "POST result =", response.getStatus());
+
+ return fieldsValidator;
+ }
+
+ @RequestMapping(value = {"/portalApi/portalAdmin/{userInfo}"}, method = RequestMethod.DELETE)
+ public FieldsValidator deletePortalAdmin(Principal principal, HttpServletRequest request,
+ @PathVariable("userInfo") String userInfo,
+ HttpServletResponse response) {
+ if (!DATA_VALIDATOR.isValid(new SecureString(userInfo))) {
+ logger.debug(EELFLoggerDelegate.debugLogger, "PortalAdminController.deletePortalAdmin not valid userId");
+ return null;
+ }
+ int userIdIdx = userInfo.indexOf("-");
+ Long userId = null;
+ String sbcid = null;
+ FieldsValidator fieldsValidator = null;
+ try {
+ if (userIdIdx == -1) {
+ logger.error(EELFLoggerDelegate.errorLogger, "deletePortalAdmin missing userId");
+ return fieldsValidator;
+ } else {
+ String userIdStr = userInfo.substring(0, userIdIdx);
+ userId = Long.valueOf(userIdStr);
+ sbcid = userInfo.substring(userIdIdx + 1, userInfo.length());
+ }
+ } catch (Exception e) {
+ logger.error(EELFLoggerDelegate.errorLogger, "deletePortalAdmin error while parsing the userInfo", e);
+ }
+ FnUser user = fnUserService.loadUserByUsername(principal.getName());
+ if (!adminRolesService.isSuperAdmin(user.getLoginId())) {
+ EcompPortalUtils.setBadPermissions(user, response, "deletePortalAdmin");
+ } else {
+ fieldsValidator = portalAdminService.deletePortalAdmin(userId);
+ int statusCode = fieldsValidator.getHttpStatusCode().intValue();
+ response.setStatus(statusCode);
+ if (statusCode == 200) {
+ AuditLog auditLog = new AuditLog();
+ auditLog.setUserId(user.getId());
+ auditLog.setActivityCode(EcompAuditLog.CD_ACTIVITY_DELETE_PORTAL_ADMIN);
+ auditLog.setAffectedRecordId(sbcid);
+ auditService.logActivity(auditLog, null);
+ MDC.put(EPCommonSystemProperties.AUDITLOG_BEGIN_TIMESTAMP, EPEELFLoggerAdvice.getCurrentDateTimeUTC());
+ MDC.put(EPCommonSystemProperties.AUDITLOG_END_TIMESTAMP, EPEELFLoggerAdvice.getCurrentDateTimeUTC());
+ EcompPortalUtils.calculateDateTimeDifferenceForLog(
+ MDC.get(EPCommonSystemProperties.AUDITLOG_BEGIN_TIMESTAMP),
+ MDC.get(EPCommonSystemProperties.AUDITLOG_END_TIMESTAMP));
+ logger.info(EELFLoggerDelegate.auditLogger,
+ EPLogUtil.formatAuditLogMessage("PortalAdminController.deletePortalAdmin",
+ EcompAuditLog.CD_ACTIVITY_DELETE_PORTAL_ADMIN, user.getOrgUserId(), sbcid,
+ "A Portal Admin has been deleted"));
+ MDC.remove(EPCommonSystemProperties.AUDITLOG_BEGIN_TIMESTAMP);
+ MDC.remove(EPCommonSystemProperties.AUDITLOG_END_TIMESTAMP);
+ MDC.remove(SystemProperties.MDC_TIMER);
+ }
+ }
+ EcompPortalUtils.logAndSerializeObject(logger, "/portalAdmin", "DELETE result =", response.getStatus());
+
+ return fieldsValidator;
+ }
+
+ @RequestMapping(value = {
+ "/portalApi/adminAppsRoles/{appId}"}, method = RequestMethod.GET, produces = "application/json")
+ public List<FnRole> getRolesByApp(Principal principal, HttpServletRequest request,
+ @PathVariable("appId") Long appId, HttpServletResponse response) {
+ FnUser user = fnUserService.loadUserByUsername(principal.getName());
+ List<FnRole> rolesByApp = null;
+ try {
+ if (user == null) {
+ EcompPortalUtils.setBadPermissions(user, response, "getUserApps");
+ } else {
+ rolesByApp = adminRolesService.getRolesByApp(appId);
+ }
+ } catch (Exception e) {
+ logger.error(EELFLoggerDelegate.errorLogger, "getRolesByApp failed", e);
+ }
+ return rolesByApp;
+ }
+}
diff --git a/portal-BE/src/main/java/org/onap/portal/domain/dto/transport/PortalAdmin.java b/portal-BE/src/main/java/org/onap/portal/domain/dto/transport/PortalAdmin.java
index c68f5a26..b967b2d0 100644
--- a/portal-BE/src/main/java/org/onap/portal/domain/dto/transport/PortalAdmin.java
+++ b/portal-BE/src/main/java/org/onap/portal/domain/dto/transport/PortalAdmin.java
@@ -41,6 +41,11 @@
package org.onap.portal.domain.dto.transport;
import java.io.Serializable;
+import javax.persistence.ColumnResult;
+import javax.persistence.ConstructorResult;
+import javax.persistence.NamedNativeQueries;
+import javax.persistence.NamedNativeQuery;
+import javax.persistence.SqlResultSetMapping;
import javax.validation.constraints.Digits;
import javax.validation.constraints.Size;
import lombok.AllArgsConstructor;
@@ -49,24 +54,63 @@ import lombok.NoArgsConstructor;
import lombok.Setter;
import org.hibernate.validator.constraints.SafeHtml;
+
+@NamedNativeQuery(
+ name = "PortalAdmin.PortalAdminDTO",
+ query = "SELECT " +
+ "u.id AS userId, " +
+ "u.loginId AS loginId " +
+ "u.firstName AS firstName " +
+ "u.lastName AS lastName " +
+ "FROM " +
+ "FnUser u, " +
+ "FnUserRole ur " +
+ "WHERE u.activeYn = 'true' AND u.user_id = ur.user_id AND ur.role_id= :adminRoleId",
+ resultSetMapping = "PortalAdminDTO")
+@NamedNativeQuery(
+ name = "PortalAdmin.ActivePortalAdminDTO",
+ query = "SELECT " +
+ "u.id AS userId, " +
+ "u.loginId AS loginId " +
+ "u.firstName AS firstName " +
+ "u.lastName AS lastName " +
+ "FROM fn_user u, fn_user_role ur " +
+ "WHERE u.user_id = ur.user_id " +
+ "AND ur.user_id= :userId " +
+ "AND ur.role_id=:SYS_ADMIN_ROLE_ID",
+ resultSetMapping = "PortalAdminDTO")
+
+@SqlResultSetMapping(
+ name = "PortalAdminDTO",
+ classes = @ConstructorResult(
+ targetClass = PortalAdmin.class,
+ columns = {
+ @ColumnResult(name = "userId"),
+ @ColumnResult(name = "loginId"),
+ @ColumnResult(name = "firstName"),
+ @ColumnResult(name = "lastName")
+ }
+ )
+)
+
@Getter
@Setter
@NoArgsConstructor
@AllArgsConstructor
public class PortalAdmin implements Serializable {
- private static final long serialVersionUID = 1L;
+ private static final long serialVersionUID = 1L;
- @Digits(integer = 11, fraction = 0)
- private Long userId;
- @Size(max = 25)
- @SafeHtml
- private String loginId;
- @Size(max = 50)
- @SafeHtml
- private String firstName;
- @Size(max = 50)
- @SafeHtml
- private String lastName;
+ @Digits(integer = 11, fraction = 0)
+ private Long userId;
+ @Size(max = 25)
+ @SafeHtml
+ private String loginId;
+ @Size(max = 50)
+ @SafeHtml
+ private String firstName;
+ @Size(max = 50)
+ @SafeHtml
+ private String lastName;
}
diff --git a/portal-BE/src/main/java/org/onap/portal/restTemplates/AAFTemplate.java b/portal-BE/src/main/java/org/onap/portal/restTemplates/AAFTemplate.java
new file mode 100644
index 00000000..420307da
--- /dev/null
+++ b/portal-BE/src/main/java/org/onap/portal/restTemplates/AAFTemplate.java
@@ -0,0 +1,31 @@
+package org.onap.portal.restTemplates;
+
+import org.onap.portal.utils.EPCommonSystemProperties;
+import org.onap.portalsdk.core.util.SystemProperties;
+import org.springframework.http.HttpEntity;
+import org.springframework.http.HttpMethod;
+import org.springframework.http.ResponseEntity;
+import org.springframework.stereotype.Component;
+import org.springframework.web.client.RestTemplate;
+
+@Component
+public class AAFTemplate {
+
+ private final RestTemplate template = new RestTemplate();
+
+ public ResponseEntity<String> addPortalAdminInAAF(HttpEntity<String> addUserRole){
+ return template.exchange(
+ SystemProperties.getProperty(
+ EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL)
+ + "userRole",
+ HttpMethod.POST, addUserRole, String.class);
+ }
+
+ public void deletePortalAdminFromAAF(final String name, final String extRole, final HttpEntity<String> addUserRole){
+ template.exchange(
+ SystemProperties.getProperty(
+ EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL)
+ + "userRole/" + name + "/" + extRole,
+ HttpMethod.DELETE, addUserRole, String.class);
+ }
+}
diff --git a/portal-BE/src/main/java/org/onap/portal/service/AdminRolesService.java b/portal-BE/src/main/java/org/onap/portal/service/AdminRolesService.java
index 27a5eeaf..a9d5f6c4 100644
--- a/portal-BE/src/main/java/org/onap/portal/service/AdminRolesService.java
+++ b/portal-BE/src/main/java/org/onap/portal/service/AdminRolesService.java
@@ -2217,4 +2217,8 @@ public class AdminRolesService {
logger.error(EELFLoggerDelegate.errorLogger, "applyChangesToAppRolesRequest failed", e);
}
}
+
+ public List<FnRole> getRolesByApp(final Long appId) {
+ return fnRoleService.retrieveActiveRolesOfApplication(appId);
+ }
}
diff --git a/portal-BE/src/main/java/org/onap/portal/service/PortalAdminService.java b/portal-BE/src/main/java/org/onap/portal/service/PortalAdminService.java
new file mode 100644
index 00000000..13be1f34
--- /dev/null
+++ b/portal-BE/src/main/java/org/onap/portal/service/PortalAdminService.java
@@ -0,0 +1,222 @@
+package org.onap.portal.service;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import java.util.List;
+import javax.annotation.PostConstruct;
+import javax.persistence.EntityExistsException;
+import javax.persistence.EntityManager;
+import javax.servlet.http.HttpServletResponse;
+import org.onap.portal.domain.db.fn.FnApp;
+import org.onap.portal.domain.db.fn.FnRole;
+import org.onap.portal.domain.db.fn.FnUser;
+import org.onap.portal.domain.db.fn.FnUserRole;
+import org.onap.portal.domain.dto.transport.ExternalAccessUser;
+import org.onap.portal.domain.dto.transport.FieldsValidator;
+import org.onap.portal.domain.dto.transport.PortalAdmin;
+import org.onap.portal.restTemplates.AAFTemplate;
+import org.onap.portal.service.app.FnAppService;
+import org.onap.portal.service.role.FnRoleService;
+import org.onap.portal.service.user.FnUserService;
+import org.onap.portal.service.userRole.FnUserRoleService;
+import org.onap.portal.utils.EPCommonSystemProperties;
+import org.onap.portal.utils.EcompPortalUtils;
+import org.onap.portal.utils.PortalConstants;
+import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
+import org.onap.portalsdk.core.util.SystemProperties;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.HttpEntity;
+import org.springframework.http.HttpHeaders;
+import org.springframework.stereotype.Service;
+
+@Service
+public class PortalAdminService {
+
+ private final EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(PortalAdminService.class);
+
+ private String SYS_ADMIN_ROLE_ID = "1";
+ private String ECOMP_APP_ID = "1";
+
+ private final ExternalAccessRolesService externalAccessRolesService;
+ private final FnAppService fnAppService;
+ private final FnRoleService fnRoleService;
+ private final FnUserRoleService fnUserRoleService;
+ private final FnUserService fnUserService;
+ private final EntityManager entityManager;
+ private final AAFTemplate aafTemplate;
+
+ @Autowired
+ public PortalAdminService(ExternalAccessRolesService externalAccessRolesService,
+ FnAppService fnAppService, FnRoleService fnRoleService,
+ FnUserRoleService fnUserRoleService, FnUserService fnUserService,
+ EntityManager entityManager, AAFTemplate aafTemplate) {
+ this.externalAccessRolesService = externalAccessRolesService;
+ this.fnAppService = fnAppService;
+ this.fnRoleService = fnRoleService;
+ this.fnUserRoleService = fnUserRoleService;
+ this.fnUserService = fnUserService;
+ this.entityManager = entityManager;
+ this.aafTemplate = aafTemplate;
+ }
+
+ @PostConstruct
+ public void init() {
+ SYS_ADMIN_ROLE_ID = SystemProperties.getProperty(SystemProperties.SYS_ADMIN_ROLE_ID);
+ ECOMP_APP_ID = SystemProperties.getProperty(EPCommonSystemProperties.ECOMP_APP_ID);
+ }
+
+
+ @SuppressWarnings("unchecked")
+ public List<PortalAdmin> getPortalAdmins() {
+ try {
+ List<PortalAdmin> portalAdmins = entityManager.createNamedQuery("PortalAdminDTO")
+ .setParameter("adminRoleId", SYS_ADMIN_ROLE_ID).getResultList();
+ logger.debug(EELFLoggerDelegate.debugLogger, "getPortalAdmins was successful");
+ return portalAdmins;
+ } catch (Exception e) {
+ logger.error(EELFLoggerDelegate.errorLogger, "getPortalAdmins failed", e);
+ return null;
+ }
+ }
+
+ public FieldsValidator createPortalAdmin(String orgUserId) {
+ FieldsValidator fieldsValidator = new FieldsValidator();
+ logger.debug(EELFLoggerDelegate.debugLogger, "LR: createPortalAdmin: orgUserId is {}", orgUserId);
+ FnUser user = null;
+ boolean createNewUser = false;
+ List<FnUser> localUserList = fnUserService.getUserWithOrgUserId(orgUserId);
+ if (!localUserList.isEmpty()) {
+ user = localUserList.get(0);
+ } else {
+ createNewUser = true;
+ }
+
+ if (user != null && isLoggedInUserPortalAdmin(user.getId())) {
+ fieldsValidator.setHttpStatusCode((long) HttpServletResponse.SC_CONFLICT);
+ logger.error(EELFLoggerDelegate.errorLogger,
+ "User '" + user.getOrgUserId() + "' already has PortalAdmin role assigned.");
+ } else if (user != null || createNewUser) {
+ try {
+ if (createNewUser) {
+ user = fnUserService.getUserWithOrgUserId(orgUserId).get(0);
+ if (user != null) {
+ user.setActiveYn(true);
+ fnUserService.save(user);
+ }
+ }
+ if (user != null) {
+ FnUserRole userRole = new FnUserRole();
+ userRole.setUserId(user);
+ userRole.setRoleId(fnRoleService.getById(Long.valueOf(SYS_ADMIN_ROLE_ID)));
+ userRole.setFnAppId(fnAppService.getById(Long.valueOf(ECOMP_APP_ID)));
+ fnUserRoleService.saveOne(userRole);
+ }
+ if (user != null && EcompPortalUtils.checkIfRemoteCentralAccessAllowed()) {
+ List<FnRole> roleList = externalAccessRolesService
+ .getPortalAppRoleInfo(PortalConstants.SYS_ADMIN_ROLE_ID);
+ FnRole role = new FnRole();
+ if (roleList.size() > 0) {
+ role = roleList.get(0);
+ }
+ logger.debug(EELFLoggerDelegate.debugLogger, "Requested RoleName is " + role.getRoleName());
+ addPortalAdminInExternalCentralAuth(user.getOrgUserId(), role.getRoleName());
+ }
+ } catch (Exception e) {
+ logger.error(EELFLoggerDelegate.errorLogger, "createPortalAdmin failed", e);
+ fieldsValidator.setHttpStatusCode((long) HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+ }
+ }
+ return fieldsValidator;
+ }
+
+ private void addPortalAdminInExternalCentralAuth(String loginId, String portalAdminRole) throws Exception {
+ try {
+ String name = "";
+ if (EPCommonSystemProperties.containsProperty(
+ EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_USER_DOMAIN)) {
+ name = loginId + SystemProperties
+ .getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_USER_DOMAIN);
+ }
+ //TODO HARDCODED ID
+ FnApp app = fnAppService.getById(PortalConstants.PORTAL_APP_ID);
+ String extRole = app.getAuthNamespace() + "." + portalAdminRole.replaceAll(" ", "_");
+ ObjectMapper addUserRoleMapper = new ObjectMapper();
+ ExternalAccessUser extUser = new ExternalAccessUser(name, extRole);
+ String userRole = addUserRoleMapper.writeValueAsString(extUser);
+ HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth();
+ aafTemplate.addPortalAdminInAAF(new HttpEntity<>(userRole, headers));
+ } catch (Exception e) {
+ if (e.getMessage().equalsIgnoreCase("409 Conflict")) {
+ logger.debug(EELFLoggerDelegate.debugLogger, "Portal Admin role already exists", e.getMessage());
+ } else {
+ logger.error(EELFLoggerDelegate.errorLogger, "Failed to add Portal Admin role ", e);
+ throw e;
+ }
+ }
+ }
+
+ public FieldsValidator deletePortalAdmin(Long userId) {
+ FieldsValidator fieldsValidator = new FieldsValidator();
+ logger.debug(EELFLoggerDelegate.debugLogger, "deletePortalAdmin: test 1");
+ try {
+ //TODO HARDCODED ID
+ fnUserRoleService.deleteByUserIdAndRoleId(userId, SYS_ADMIN_ROLE_ID);
+ if (EcompPortalUtils.checkIfRemoteCentralAccessAllowed()) {
+
+ List<FnRole> roleList = externalAccessRolesService
+ .getPortalAppRoleInfo(PortalConstants.SYS_ADMIN_ROLE_ID);
+ FnRole role = new FnRole();
+ if (roleList.size() > 0) {
+ role = roleList.get(0);
+ }
+ logger.debug(EELFLoggerDelegate.debugLogger, "Requested RoleName is " + role.getRoleName());
+ deletePortalAdminInExternalCentralAuth(userId, role.getRoleName());
+ }
+ } catch (Exception e) {
+ logger.error(EELFLoggerDelegate.errorLogger, "deletePortalAdmin failed", e);
+ fieldsValidator.setHttpStatusCode((long) HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+ }
+ return fieldsValidator;
+ }
+
+
+ private void deletePortalAdminInExternalCentralAuth(Long userId, String portalAdminRole) throws Exception {
+ try {
+ String name = "";
+ FnUser localUserList = fnUserService.getUser(userId)
+ .orElseThrow(() -> new EntityExistsException("User with id:" + userId + "do not exists."));
+ if (EPCommonSystemProperties.containsProperty(
+ EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_USER_DOMAIN)) {
+ name = localUserList.getOrgUserId() + SystemProperties
+ .getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_USER_DOMAIN);
+ }
+ //TODO HARDCODED ID
+ FnApp app = fnAppService.getById(PortalConstants.PORTAL_APP_ID);
+ String extRole = app.getAuthNamespace() + "." + portalAdminRole.replaceAll(" ", "_");
+ HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth();
+ aafTemplate.deletePortalAdminFromAAF(name, extRole, new HttpEntity<>(headers));
+ } catch (Exception e) {
+ if (e.getMessage().equalsIgnoreCase("404 Not Found")) {
+ logger.debug(EELFLoggerDelegate.debugLogger, "Portal Admin role already deleted or may not be found",
+ e.getMessage());
+ } else {
+ logger.error(EELFLoggerDelegate.errorLogger, "Failed to add Portal Admin role ", e);
+ throw e;
+ }
+ }
+ }
+
+ @SuppressWarnings("unchecked")
+ private boolean isLoggedInUserPortalAdmin(Long userId) {
+ try {
+ List<PortalAdmin> portalAdmins = entityManager.createNamedQuery("ActivePortalAdminDTO")
+ .setParameter("userId", userId)
+ .setParameter("adminRoleId", SYS_ADMIN_ROLE_ID)
+ .getResultList();
+ logger.debug(EELFLoggerDelegate.debugLogger, portalAdmins.toString());
+ return portalAdmins.size() > 0;
+ } catch (Exception e) {
+ logger.error(EELFLoggerDelegate.errorLogger, "isLoggedInUserPortalAdmin failed", e);
+ return false;
+ }
+ }
+}
diff --git a/portal-BE/src/main/java/org/onap/portal/service/userRole/FnUserRoleService.java b/portal-BE/src/main/java/org/onap/portal/service/userRole/FnUserRoleService.java
index eb7ece2b..86ee03fb 100644
--- a/portal-BE/src/main/java/org/onap/portal/service/userRole/FnUserRoleService.java
+++ b/portal-BE/src/main/java/org/onap/portal/service/userRole/FnUserRoleService.java
@@ -474,6 +474,11 @@ public class FnUserRoleService {
fnUserRoleDao.deleteById(id);
}
+ public void deleteByUserIdAndRoleId(final Long userId, final String roleId){
+ final String query = "DELETE FROM FnUserRole id = :userId AND roleId.id = :roleId";
+ entityManager.createQuery(query).setParameter("userId", userId).setParameter("roleId", roleId).executeUpdate();
+ }
+
public List<RoleInAppForUser> constructRolesInAppForUserGet(List<Role> appRoles, FnRole[] userAppRoles,
Boolean extRequestValue) {
List<RoleInAppForUser> rolesInAppForUser = new ArrayList<>();