diff options
Diffstat (limited to 'ecomp-portal-BE-common/src/main')
6 files changed, 1329 insertions, 858 deletions
diff --git a/ecomp-portal-BE-common/src/main/java/org/openecomp/portalapp/portal/controller/ExternalAccessRolesController.java b/ecomp-portal-BE-common/src/main/java/org/openecomp/portalapp/portal/controller/ExternalAccessRolesController.java index 43e07af3..fabf5e10 100644 --- a/ecomp-portal-BE-common/src/main/java/org/openecomp/portalapp/portal/controller/ExternalAccessRolesController.java +++ b/ecomp-portal-BE-common/src/main/java/org/openecomp/portalapp/portal/controller/ExternalAccessRolesController.java @@ -9,14 +9,25 @@ import javax.servlet.http.HttpServletResponse; import org.openecomp.portalapp.portal.domain.CentralRoleFunction; import org.openecomp.portalapp.portal.domain.EPApp; +import org.openecomp.portalapp.portal.domain.EPUser; +import org.openecomp.portalapp.portal.domain.EcompAuditLog; import org.openecomp.portalapp.portal.ecomp.model.PortalRestResponse; import org.openecomp.portalapp.portal.ecomp.model.PortalRestStatusEnum; import org.openecomp.portalapp.portal.logging.aop.EPAuditLog; +import org.openecomp.portalapp.portal.logging.aop.EPEELFLoggerAdvice; +import org.openecomp.portalapp.portal.logging.logic.EPLogUtil; import org.openecomp.portalapp.portal.service.ExternalAccessRolesService; import org.openecomp.portalapp.portal.transport.CentralRole; +import org.openecomp.portalapp.portal.utils.EPCommonSystemProperties; +import org.openecomp.portalapp.portal.utils.EcompPortalUtils; +import org.openecomp.portalapp.portal.utils.PortalConstants; +import org.openecomp.portalsdk.core.domain.AuditLog; import org.openecomp.portalsdk.core.domain.Role; import org.openecomp.portalsdk.core.domain.RoleFunction; import org.openecomp.portalsdk.core.logging.logic.EELFLoggerDelegate; +import org.openecomp.portalsdk.core.service.AuditService; +import org.openecomp.portalsdk.core.util.SystemProperties; +import org.slf4j.MDC; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.EnableAspectJAutoProxy; import org.springframework.web.bind.annotation.PathVariable; @@ -37,6 +48,11 @@ import io.swagger.annotations.ApiOperation; @EPAuditLog public class ExternalAccessRolesController implements BasicAuthenticationController { + private static final String LOGIN_ID = "LoginId"; + + @Autowired + private AuditService auditService; + private static final String UEBKEY = "uebkey"; private static EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(ExternalAccessRolesController.class); @@ -51,7 +67,7 @@ public class ExternalAccessRolesController implements BasicAuthenticationControl String answer = null; try { - answer = externalAccessRolesService.getUser(loginId, request.getHeader(UEBKEY)); + answer = externalAccessRolesService.getUserWithRoles(loginId, request.getHeader(UEBKEY)); } catch (Exception e) { logger.error(EELFLoggerDelegate.errorLogger, "getUser failed", e); } @@ -66,7 +82,7 @@ public class ExternalAccessRolesController implements BasicAuthenticationControl List<EPApp> applicationList=new ArrayList<>(); applicationList = externalAccessRolesService.getApp(request.getHeader(UEBKEY)); EPApp app = applicationList.get(0); - externalAccessRolesService.SyncApplicationRolesWithEcompDB(app); + externalAccessRolesService.syncApplicationRolesWithEcompDB(app); List<CentralRole> answer = null; try { answer = externalAccessRolesService.getRolesForApp(request.getHeader(UEBKEY)); @@ -141,7 +157,38 @@ public class ExternalAccessRolesController implements BasicAuthenticationControl String data = roleFunc; CentralRoleFunction availableRoleFunction = mapper.readValue(data, CentralRoleFunction.class); availableRoleFunction.setAppId(appId); - externalAccessRolesService.saveCentralRoleFunction(availableRoleFunction, requestedApp); + boolean saveOrUpdateResponse = externalAccessRolesService.saveCentralRoleFunction(availableRoleFunction, requestedApp); + if(saveOrUpdateResponse){ + EPUser user = externalAccessRolesService.getUser(request.getHeader(LOGIN_ID)).get(0); + EPApp app = externalAccessRolesService.getApp(request.getHeader(UEBKEY)).get(0); + CentralRoleFunction function = externalAccessRolesService.getRoleFunction(availableRoleFunction.getCode(), request.getHeader(UEBKEY)); + String activityCode = (function.getCode() == null) ? EcompAuditLog.CD_ACTIVITY_EXTERNAL_AUTH_ADD_FUNCTION: EcompAuditLog.CD_ACTIVITY_EXTERNAL_AUTH_UPDATE_FUNCTION; + logger.info(EELFLoggerDelegate.applicationLogger, "saveRoleFunction: succeeded for app {}, function {}", + app.getId(), availableRoleFunction.getCode()); + AuditLog auditLog = new AuditLog(); + auditLog.setUserId(user.getId()); + auditLog.setActivityCode(activityCode); + auditLog.setComments(EcompPortalUtils.truncateString("saveRoleFunction role for app:"+app.getId()+" and function:'"+availableRoleFunction.getCode()+"'", PortalConstants.AUDIT_LOG_COMMENT_SIZE)); + auditLog.setAffectedRecordId(user.getOrgUserId()); + auditService.logActivity(auditLog, null); + MDC.put(EPCommonSystemProperties.AUDITLOG_BEGIN_TIMESTAMP, + EPEELFLoggerAdvice.getCurrentDateTimeUTC()); + MDC.put(EPCommonSystemProperties.AUDITLOG_END_TIMESTAMP, + EPEELFLoggerAdvice.getCurrentDateTimeUTC()); + EcompPortalUtils.calculateDateTimeDifferenceForLog( + MDC.get(EPCommonSystemProperties.AUDITLOG_BEGIN_TIMESTAMP), + MDC.get(EPCommonSystemProperties.AUDITLOG_END_TIMESTAMP)); + logger.info(EELFLoggerDelegate.auditLogger, + EPLogUtil.formatAuditLogMessage("ExternalAccessRolesController.saveRoleFunction", + activityCode, String.valueOf(user.getId()), + user.getOrgUserId(), availableRoleFunction.getCode())); + MDC.remove(EPCommonSystemProperties.AUDITLOG_BEGIN_TIMESTAMP); + MDC.remove(EPCommonSystemProperties.AUDITLOG_END_TIMESTAMP); + MDC.remove(SystemProperties.MDC_TIMER); + } else{ + logger.error(EELFLoggerDelegate.errorLogger, "saveRoleFunction failed"); + return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, "Failed to saveRoleFunction for '"+availableRoleFunction.getCode()+"'", "Failed"); + } } catch (Exception e) { logger.error(EELFLoggerDelegate.errorLogger, "saveRoleFunction failed", e); return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, e.getMessage(), "Failed"); @@ -153,13 +200,42 @@ public class ExternalAccessRolesController implements BasicAuthenticationControl @RequestMapping(value = { "/roleFunction/{code}" }, method = RequestMethod.DELETE, produces = "application/json") public PortalRestResponse<String> deleteRoleFunction(HttpServletRequest request, HttpServletResponse response, @PathVariable("code") String code) throws Exception { try { - externalAccessRolesService.deleteCentralRoleFunction(code, request.getHeader(UEBKEY)); + EPUser user = externalAccessRolesService.getUser(request.getHeader(LOGIN_ID)).get(0); + EPApp app = externalAccessRolesService.getApp(request.getHeader(UEBKEY)).get(0); + boolean getDelFuncResponse = externalAccessRolesService.deleteCentralRoleFunction(code, app); + if(getDelFuncResponse){ + logger.info(EELFLoggerDelegate.applicationLogger, "deleteRoleFunction: succeeded for app {}, role {}", + app.getId(), code); + AuditLog auditLog = new AuditLog(); + auditLog.setUserId(user.getId()); + auditLog.setActivityCode(EcompAuditLog.CD_ACTIVITY_EXTERNAL_AUTH_DELETE_FUNCTION); + auditLog.setComments(EcompPortalUtils.truncateString("Deleted function for app:"+app.getId()+" and function code:'"+code+"'", PortalConstants.AUDIT_LOG_COMMENT_SIZE)); + auditLog.setAffectedRecordId(user.getOrgUserId()); + auditService.logActivity(auditLog, null); + MDC.put(EPCommonSystemProperties.AUDITLOG_BEGIN_TIMESTAMP, + EPEELFLoggerAdvice.getCurrentDateTimeUTC()); + MDC.put(EPCommonSystemProperties.AUDITLOG_END_TIMESTAMP, + EPEELFLoggerAdvice.getCurrentDateTimeUTC()); + EcompPortalUtils.calculateDateTimeDifferenceForLog( + MDC.get(EPCommonSystemProperties.AUDITLOG_BEGIN_TIMESTAMP), + MDC.get(EPCommonSystemProperties.AUDITLOG_END_TIMESTAMP)); + logger.info(EELFLoggerDelegate.auditLogger, + EPLogUtil.formatAuditLogMessage("ExternalAccessRolesController.deleteRoleFunction", + EcompAuditLog.CD_ACTIVITY_EXTERNAL_AUTH_DELETE_FUNCTION, String.valueOf(user.getId()), + user.getOrgUserId(), code)); + MDC.remove(EPCommonSystemProperties.AUDITLOG_BEGIN_TIMESTAMP); + MDC.remove(EPCommonSystemProperties.AUDITLOG_END_TIMESTAMP); + MDC.remove(SystemProperties.MDC_TIMER); + } else{ + logger.error(EELFLoggerDelegate.errorLogger, "deleteRoleFunction failed"); + return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, "Failed to deleteRoleFunction for '"+code+"'", "Failed"); + } } catch (HttpClientErrorException e) { response.setStatus(HttpServletResponse.SC_BAD_REQUEST); logger.error(EELFLoggerDelegate.errorLogger, "deleteRoleFunction failed", e); - return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, "Failed to deleteRoleFunction", "Failed"); + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "Failed to deleteRoleFunction for '"+code+"'", "Failed"); } - return new PortalRestResponse<String>(PortalRestStatusEnum.OK, "Successfully Deleted", "Success"); + return new PortalRestResponse<>(PortalRestStatusEnum.OK, "Successfully Deleted", "Success"); } @@ -168,7 +244,36 @@ public class ExternalAccessRolesController implements BasicAuthenticationControl public PortalRestResponse<String> saveRole(HttpServletRequest request, HttpServletResponse response, @RequestBody Role role) throws Exception { try { - externalAccessRolesService.saveRoleForApplication(role,request.getHeader(UEBKEY)); + EPUser user = externalAccessRolesService.getUser(request.getHeader(LOGIN_ID)).get(0); + EPApp app = externalAccessRolesService.getApp(request.getHeader(UEBKEY)).get(0); + boolean getAddResponse = externalAccessRolesService.saveRoleForApplication(role, request.getHeader(UEBKEY)); + if (getAddResponse) { + String activityCode = (role.getId() == null) ? EcompAuditLog.CD_ACTIVITY_EXTERNAL_AUTH_ADD_ROLE + : EcompAuditLog.CD_ACTIVITY_EXTERNAL_AUTH_UPDATE_ROLE_AND_FUNCTION; + logger.info(EELFLoggerDelegate.applicationLogger, "saveRole: succeeded for app {}, role {}", + app.getId(), role.getName()); + AuditLog auditLog = new AuditLog(); + auditLog.setUserId(user.getId()); + auditLog.setActivityCode(activityCode); + auditLog.setComments(EcompPortalUtils.truncateString("saveRole role for app:" + app.getId() + " and role:'" + role.getName()+"'", PortalConstants.AUDIT_LOG_COMMENT_SIZE)); + auditLog.setAffectedRecordId(user.getOrgUserId()); + auditService.logActivity(auditLog, null); + MDC.put(EPCommonSystemProperties.AUDITLOG_BEGIN_TIMESTAMP, EPEELFLoggerAdvice.getCurrentDateTimeUTC()); + MDC.put(EPCommonSystemProperties.AUDITLOG_END_TIMESTAMP, EPEELFLoggerAdvice.getCurrentDateTimeUTC()); + EcompPortalUtils.calculateDateTimeDifferenceForLog( + MDC.get(EPCommonSystemProperties.AUDITLOG_BEGIN_TIMESTAMP), + MDC.get(EPCommonSystemProperties.AUDITLOG_END_TIMESTAMP)); + logger.info(EELFLoggerDelegate.auditLogger, + EPLogUtil.formatAuditLogMessage("ExternalAccessRolesController.saveRole", activityCode, + String.valueOf(user.getId()), user.getOrgUserId(), role.getName())); + MDC.remove(EPCommonSystemProperties.AUDITLOG_BEGIN_TIMESTAMP); + MDC.remove(EPCommonSystemProperties.AUDITLOG_END_TIMESTAMP); + MDC.remove(SystemProperties.MDC_TIMER); + } else { + response.setStatus(HttpServletResponse.SC_BAD_REQUEST); + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "Failed to saveRole for '"+role.getName()+"'", "Failed"); + + } } catch (Exception e) { response.setStatus(HttpServletResponse.SC_BAD_REQUEST); logger.error(EELFLoggerDelegate.errorLogger, "saveRole failed", e); @@ -182,7 +287,36 @@ public class ExternalAccessRolesController implements BasicAuthenticationControl public PortalRestResponse<String> deleteRole(HttpServletRequest request, HttpServletResponse response, @PathVariable String code) throws Exception { try { - externalAccessRolesService.deleteRoleForApplication(code, request.getHeader(UEBKEY)); + boolean deleteResponse = externalAccessRolesService.deleteRoleForApplication(code, request.getHeader(UEBKEY)); + if(deleteResponse){ + EPUser user = externalAccessRolesService.getUser(request.getHeader(LOGIN_ID)).get(0); + EPApp app = externalAccessRolesService.getApp(request.getHeader(UEBKEY)).get(0); + logger.info(EELFLoggerDelegate.applicationLogger, "deleteRole: succeeded for app {}, role {}", + app.getId(), code); + AuditLog auditLog = new AuditLog(); + auditLog.setUserId(user.getId()); + auditLog.setActivityCode(EcompAuditLog.CD_ACTIVITY_EXTERNAL_AUTH_DELETE_ROLE); + auditLog.setComments(EcompPortalUtils.truncateString("Deleted role for app:"+app.getId()+" and role:'"+code+"'", PortalConstants.AUDIT_LOG_COMMENT_SIZE)); + auditLog.setAffectedRecordId(user.getOrgUserId()); + auditService.logActivity(auditLog, null); + MDC.put(EPCommonSystemProperties.AUDITLOG_BEGIN_TIMESTAMP, + EPEELFLoggerAdvice.getCurrentDateTimeUTC()); + MDC.put(EPCommonSystemProperties.AUDITLOG_END_TIMESTAMP, + EPEELFLoggerAdvice.getCurrentDateTimeUTC()); + EcompPortalUtils.calculateDateTimeDifferenceForLog( + MDC.get(EPCommonSystemProperties.AUDITLOG_BEGIN_TIMESTAMP), + MDC.get(EPCommonSystemProperties.AUDITLOG_END_TIMESTAMP)); + logger.info(EELFLoggerDelegate.auditLogger, + EPLogUtil.formatAuditLogMessage("ExternalAccessRolesController.deleteRole", + EcompAuditLog.CD_ACTIVITY_EXTERNAL_AUTH_DELETE_ROLE, String.valueOf(user.getId()), + user.getOrgUserId(), code)); + MDC.remove(EPCommonSystemProperties.AUDITLOG_BEGIN_TIMESTAMP); + MDC.remove(EPCommonSystemProperties.AUDITLOG_END_TIMESTAMP); + MDC.remove(SystemProperties.MDC_TIMER); + } else{ + logger.error(EELFLoggerDelegate.errorLogger, "deleteRole failed"); + return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, "Failed to deleteRole for '"+code+"'", "Failed"); + } } catch (Exception e) { response.setStatus(HttpServletResponse.SC_BAD_REQUEST); logger.error(EELFLoggerDelegate.errorLogger, "deleteRole failed", e); @@ -208,15 +342,23 @@ public class ExternalAccessRolesController implements BasicAuthenticationControl @ApiOperation(value = "deletes user roles for an application.", response = PortalRestResponse.class, responseContainer = "Json") @RequestMapping(value = { "/deleteDependcyRoleRecord/{roleId}" }, method = RequestMethod.DELETE, produces = "application/json") - public PortalRestResponse<String> deleteDependcyRoleRecord(HttpServletRequest request, HttpServletResponse response, @PathVariable("roleId") Long roleId) throws Exception { + public PortalRestResponse<String> deleteDependencyRoleRecord(HttpServletRequest request, HttpServletResponse response, + @PathVariable("roleId") Long roleId) throws Exception { try { - externalAccessRolesService.deleteDependcyRoleRecord(roleId,request.getHeader(UEBKEY), request.getHeader("LoginId")); + boolean deleteResponse = externalAccessRolesService.deleteDependencyRoleRecord(roleId, + request.getHeader(UEBKEY), request.getHeader(LOGIN_ID)); + if (!deleteResponse) { + response.setStatus(HttpServletResponse.SC_BAD_REQUEST); + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "Failed to deleteDependencyRoleRecord", + "Failed"); + } } catch (HttpClientErrorException e) { response.setStatus(HttpServletResponse.SC_BAD_REQUEST); - logger.error(EELFLoggerDelegate.errorLogger, "deleteDependcyRoleRecord failed", e); - return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, "Failed to deleteDependcyRoleRecord", "Failed"); + logger.error(EELFLoggerDelegate.errorLogger, "deleteDependencyRoleRecord failed", e); + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "Failed to deleteDependencyRoleRecord", + "Failed"); } - return new PortalRestResponse<String>(PortalRestStatusEnum.OK, "Successfully Deleted", "Success"); + return new PortalRestResponse<>(PortalRestStatusEnum.OK, "Successfully Deleted", "Success"); } @ApiOperation(value = "Bulk upload functions for an application.", response = PortalRestResponse.class, responseContainer = "Json") diff --git a/ecomp-portal-BE-common/src/main/java/org/openecomp/portalapp/portal/controller/RoleManageController.java b/ecomp-portal-BE-common/src/main/java/org/openecomp/portalapp/portal/controller/RoleManageController.java index eefd5004..02f237d7 100644 --- a/ecomp-portal-BE-common/src/main/java/org/openecomp/portalapp/portal/controller/RoleManageController.java +++ b/ecomp-portal-BE-common/src/main/java/org/openecomp/portalapp/portal/controller/RoleManageController.java @@ -175,7 +175,7 @@ public class RoleManageController extends EPRestrictedBaseController { public void syncRoles(EPApp app) { try { - externalAccessRolesService.SyncApplicationRolesWithEcompDB(app); + externalAccessRolesService.syncApplicationRolesWithEcompDB(app); } catch (Exception e) { logger.error(EELFLoggerDelegate.debugLogger, "failed syncRoles"); } diff --git a/ecomp-portal-BE-common/src/main/java/org/openecomp/portalapp/portal/domain/EcompAuditLog.java b/ecomp-portal-BE-common/src/main/java/org/openecomp/portalapp/portal/domain/EcompAuditLog.java index 3d53c8d3..63ac2c7e 100644 --- a/ecomp-portal-BE-common/src/main/java/org/openecomp/portalapp/portal/domain/EcompAuditLog.java +++ b/ecomp-portal-BE-common/src/main/java/org/openecomp/portalapp/portal/domain/EcompAuditLog.java @@ -51,7 +51,12 @@ public class EcompAuditLog extends AuditLog { public static final String CD_ACTIVITY_UPDATE_USER = "uu "; public static final String CD_ACTIVITY_UPDATE_ACCOUNT_ADMIN = "uaa "; public static final String CD_ACTIVITY_STORE_ANALYTICS = "store_analytics"; - + public static final String CD_ACTIVITY_EXTERNAL_AUTH_ADD_ROLE = "eaar"; + public static final String CD_ACTIVITY_EXTERNAL_AUTH_ADD_FUNCTION = "eaaf"; + public static final String CD_ACTIVITY_EXTERNAL_AUTH_UPDATE_FUNCTION = "eauf"; + public static final String CD_ACTIVITY_EXTERNAL_AUTH_UPDATE_ROLE_AND_FUNCTION = "eaurf"; + public static final String CD_ACTIVITY_EXTERNAL_AUTH_DELETE_ROLE = "eadr"; + public static final String CD_ACTIVITY_EXTERNAL_AUTH_DELETE_FUNCTION = "eadf"; /** * Creates a new object with the created field set to the current date-time. */ diff --git a/ecomp-portal-BE-common/src/main/java/org/openecomp/portalapp/portal/service/ExternalAccessRolesService.java b/ecomp-portal-BE-common/src/main/java/org/openecomp/portalapp/portal/service/ExternalAccessRolesService.java index e57d4fa5..34088a22 100644 --- a/ecomp-portal-BE-common/src/main/java/org/openecomp/portalapp/portal/service/ExternalAccessRolesService.java +++ b/ecomp-portal-BE-common/src/main/java/org/openecomp/portalapp/portal/service/ExternalAccessRolesService.java @@ -6,6 +6,7 @@ import org.hibernate.Session; import org.openecomp.portalapp.portal.domain.CentralRoleFunction; import org.openecomp.portalapp.portal.domain.EPApp; import org.openecomp.portalapp.portal.domain.EPRole; +import org.openecomp.portalapp.portal.domain.EPUser; import org.openecomp.portalapp.portal.transport.CentralRole; import org.openecomp.portalsdk.core.domain.Role; import org.openecomp.portalsdk.core.domain.RoleFunction; @@ -13,17 +14,16 @@ import org.openecomp.portalsdk.core.domain.RoleFunction; public interface ExternalAccessRolesService { /** - * It gets all application roles + * It gets list of application roles * * @param appId - * @param extRequestValue * @return List * @throws Exception */ - public List<EPRole> getAppRoles(Long appId, Boolean extRequestValue) throws Exception; + public List<EPRole> getAppRoles(Long appId) throws Exception; /** - * It returns application details + * It returns single app record * * @param uebkey * @return List @@ -40,17 +40,16 @@ public interface ExternalAccessRolesService { * @throws Exception */ public boolean addRole(Role addRoles, String uebkey) throws Exception; - + /** - * Updates role in the external access system otherwise throws exception + * It returns complete user information * - * @param updateRole - * @param uebkey - * @return boolean + * @param loginId + * @return EPUser object * @throws Exception */ - void updateRole(Role updateRole, EPApp app) throws Exception; - + List<EPUser> getUser(String loginId) throws Exception; + /** * It returns complete user information including application roles permissions * @@ -59,7 +58,7 @@ public interface ExternalAccessRolesService { * @return String * @throws Exception */ - String getUser(String loginId, String uebkey) throws Exception; + String getUserWithRoles(String loginId, String uebkey) throws Exception; /** * It returns list of all role functions @@ -94,17 +93,18 @@ public interface ExternalAccessRolesService { * * @param domainCentralRoleFunction * @param requestedApp + * @return true else false * @throws Exception */ - public void saveCentralRoleFunction(CentralRoleFunction domainCentralRoleFunction, EPApp requestedApp) throws Exception; + public boolean saveCentralRoleFunction(CentralRoleFunction domainCentralRoleFunction, EPApp requestedApp) throws Exception; /** * It deletes role function in the DB * * @param code - * @param string + * @param app */ - public void deleteCentralRoleFunction(String code, String string); + public boolean deleteCentralRoleFunction(String code, EPApp app); /** * It gets all roles the applications @@ -122,16 +122,17 @@ public interface ExternalAccessRolesService { * @param uebkey * @throws Exception */ - void saveRoleForApplication(Role saveRole, String uebkey) throws Exception; + boolean saveRoleForApplication(Role saveRole, String uebkey) throws Exception; /** * It deletes role in the DB * * @param code * @param uebkey + * @return true else false * @throws Exception */ - void deleteRoleForApplication(String code, String uebkey) throws Exception; + boolean deleteRoleForApplication(String code, String uebkey) throws Exception; /** * It gets all active roles for single application @@ -147,10 +148,10 @@ public interface ExternalAccessRolesService { * @param roleId * @param uebkey * @param LoginId - * @return + * @return true else false * @throws Exception */ - public void deleteDependcyRoleRecord(Long roleId, String uebkey, String LoginId) throws Exception; + public boolean deleteDependencyRoleRecord(Long roleId, String uebkey, String LoginId) throws Exception; /** * It sync new functions codes and names from and updates role functions from external access system @@ -160,30 +161,90 @@ public interface ExternalAccessRolesService { */ public void syncRoleFunctionFromExternalAccessSystem(EPApp app) throws Exception; + /** + * It uploads portal functions into external auth system + * @param uebkey + * @return + * @throws Exception + */ public Integer bulkUploadFunctions(String uebkey) throws Exception; + /** + * It uploads portal roles into external auth system + * @param uebkey + * @return + * @throws Exception + */ public Integer bulkUploadRoles(String uebkey) throws Exception; - public void bulkUploadPartnerFunctions(String header, List<RoleFunction> upload) throws Exception; + /** + * It uploads partner application role functions into external auth system + * + * @param uebkey + * @param upload + * @throws Exception + */ + public void bulkUploadPartnerFunctions(String uebkey, List<RoleFunction> upload) throws Exception; - public void bulkUploadPartnerRoles(String header, List<Role> upload) throws Exception; + /** + * It uploads partner application role functions into external auth system + * + * @param uebkey + * @param upload + * @throws Exception + */ + public void bulkUploadPartnerRoles(String uebkey, List<Role> upload) throws Exception; + /** + * It returns total no. of portal application role functions records added in external auth system + * @param uebkey + * @return + * @throws Exception + */ Integer bulkUploadRolesFunctions(String uebkey) throws Exception; /** - * SyncApplicationRolesWithEcompDB sync the roles and rolefunctions to the ecomp DB from AAF + * It syncs the roles and rolefunctions to the ecomp DB from AAF * @param app * @throws Exception */ + void syncApplicationRolesWithEcompDB(EPApp app) throws Exception; - void SyncApplicationRolesWithEcompDB(EPApp app) throws Exception; - + /** + * It uploads list of user roles of the application into external auth system + * + * @param uebkey + * @return + * @throws Exception + */ public Integer bulkUploadUserRoles(String uebkey) throws Exception; + /** + * It Uploads partner application role functions into external auth system + * + * @param uebkey + * @param roleList + * @throws Exception + */ void bulkUploadPartnerRoleFunctions(String uebkey, List<Role> roleList) throws Exception; - public void deleteRoleDependeciesRecord(Session localSession, Long roleId) throws Exception; + /** + * it deletes all dependency role records + * + * @param localSession + * @param roleId + * @param appId + * @throws Exception + */ + public void deleteRoleDependencyRecords(Session localSession, Long roleId, Long appId) throws Exception; + /** + * It returns list of applications functions along with functions associated with global role + * + * @param uebkey + * @return + * @throws Exception + */ List<String> getMenuFunctionsList(String uebkey) throws Exception; diff --git a/ecomp-portal-BE-common/src/main/java/org/openecomp/portalapp/portal/service/ExternalAccessRolesServiceImpl.java b/ecomp-portal-BE-common/src/main/java/org/openecomp/portalapp/portal/service/ExternalAccessRolesServiceImpl.java index cddd1c29..95e5ddce 100644 --- a/ecomp-portal-BE-common/src/main/java/org/openecomp/portalapp/portal/service/ExternalAccessRolesServiceImpl.java +++ b/ecomp-portal-BE-common/src/main/java/org/openecomp/portalapp/portal/service/ExternalAccessRolesServiceImpl.java @@ -3,6 +3,7 @@ package org.openecomp.portalapp.portal.service; import java.util.ArrayList; import java.util.HashMap; import java.util.Iterator; +import java.util.LinkedHashMap; import java.util.List; import java.util.Map; import java.util.Set; @@ -23,6 +24,7 @@ import org.openecomp.portalapp.portal.domain.EPRole; import org.openecomp.portalapp.portal.domain.EPUser; import org.openecomp.portalapp.portal.domain.EPUserApp; import org.openecomp.portalapp.portal.domain.ExternalRoleDetails; +import org.openecomp.portalapp.portal.logging.aop.EPAuditLog; import org.openecomp.portalapp.portal.logging.aop.EPMetricsLog; import org.openecomp.portalapp.portal.logging.logic.EPLogUtil; import org.openecomp.portalapp.portal.transport.BulkUploadRoleFunction; @@ -64,32 +66,62 @@ import com.fasterxml.jackson.databind.type.TypeFactory; @Service("externalAccessRolesService") @EnableAspectJAutoProxy @EPMetricsLog +@EPAuditLog public class ExternalAccessRolesServiceImpl implements ExternalAccessRolesService { + private static final String IS_NULL_STRING = "null"; + + private static final String EXTERNAL_AUTH_PERMS = "perms"; + + private static final String EXTERNAL_AUTH_ROLE_DESCRIPTION = "description"; + + private static final String WHERE_APP_ID_EQUALS = " where app_id = "; + + private static final String IS_EMPTY_JSON_STRING = "{}"; + + private static final String CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE = "Connecting to External Auth system"; + + private static final String WHERE_ROLE_ID_EQUALS = " where role_id = "; + + private static final String APP_ROLE_ID = "appRoleId"; + + private static final String APP_ID = "appId"; + + private static final String PRIORITY = "priority"; + + private static final String ACTIVE = "active"; + + private static final String ROLE_NAME = "name"; + + private static final String ID = "id"; + + private static final String WHERE_ROLE_NAME_EQUALS = " where role_name = '"; + + private static final String APP_ID_EQUALS = " app_id = "; + private static EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(ExternalAccessRolesServiceImpl.class); @Autowired private DataAccessService dataAccessService; - + @Autowired private SessionFactory sessionFactory; - RestTemplate template = new RestTemplate(); @SuppressWarnings("unchecked") - public List<EPRole> getAppRoles(Long appId, Boolean extRequestValue) throws Exception { + public List<EPRole> getAppRoles(Long appId) throws Exception { List<EPRole> applicationRoles = null; String filter = null; try { if (appId == 1) { filter = " where app_id is null"; } else { - filter = " where app_id = " + appId; + filter = WHERE_APP_ID_EQUALS + appId; } applicationRoles = dataAccessService.getList(EPRole.class, filter, null, null); } catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger, "getAppRoles is failed", e); + logger.error(EELFLoggerDelegate.errorLogger, "getAppRoles: failed", e); throw new Exception(e.getMessage()); } return applicationRoles; @@ -101,27 +133,35 @@ public class ExternalAccessRolesServiceImpl implements ExternalAccessRolesServic List<EPApp> app = null; try { app = (List<EPApp>) dataAccessService.getList(EPApp.class, " where ueb_key = '" + uebkey + "'", null, null); + if(!app.get(0).getEnabled()){ + throw new Exception("Application:"+app.get(0).getName()+" is Unavailable"); + } } catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger, "getApp is failed", e); + logger.error(EELFLoggerDelegate.errorLogger, "getApp: failed", e); throw new Exception(e.getMessage()); } return app; } - public String getSingleAppRole(String addRole, EPApp app) throws Exception { - String response = ""; + /** + * It returns single application role from external auth system + * @param addRole + * @param app + * @return JSON string which contains application role details + * @throws Exception + */ + private String getSingleAppRole(String addRole, EPApp app) throws Exception { HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth(); HttpEntity<String> entity = new HttpEntity<>(headers); - logger.debug(EELFLoggerDelegate.debugLogger, "Connecting to External Access system"); - response = template + logger.debug(EELFLoggerDelegate.debugLogger, "getSingleAppRole: Connecting to External Auth system"); + ResponseEntity<String> response = template .exchange( SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "roles/" + app.getNameSpace() + "." + addRole.replaceAll(" ", "_"), - HttpMethod.GET, entity, String.class) - .getBody(); - logger.debug(EELFLoggerDelegate.debugLogger, "Connected to External Access system"); - - return response; + HttpMethod.GET, entity, String.class); + logger.debug(EELFLoggerDelegate.debugLogger, + "getSingleAppRole: Finished GET app role from External Auth system and status code: {} ", response.getStatusCode().value()); + return response.getBody(); } @Override @@ -130,43 +170,52 @@ public class ExternalAccessRolesServiceImpl implements ExternalAccessRolesServic ResponseEntity<String> addResponse = null; HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth(); EPApp app = getApp(uebkey).get(0); - String newRole = createNewRoleInExternalSystem(addRole, app); + String newRole = updateExistingRoleInExternalSystem(addRole, app); HttpEntity<String> entity = new HttpEntity<>(newRole, headers); - logger.debug(EELFLoggerDelegate.debugLogger, "Connecting to External Access system"); + logger.debug(EELFLoggerDelegate.debugLogger, "addRole: Connecting to External Auth system"); addResponse = template.exchange( SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "role", HttpMethod.POST, entity, String.class); if (addResponse.getStatusCode().value() == 201) { response = true; - logger.debug(EELFLoggerDelegate.debugLogger, "Connected to External Access system"); + logger.debug(EELFLoggerDelegate.debugLogger, "addRole: Finished adding role in the External Auth system and response code: {} ", addResponse.getStatusCode().value()); } if (addResponse.getStatusCode().value() == 406) { - logger.debug(EELFLoggerDelegate.debugLogger, "Connected to External Access system but something went wrong!"); - throw new Exception("Failed to create role"); + logger.error(EELFLoggerDelegate.errorLogger, + "addRole: Failed to add in the External Auth system due to {} and status code: {}", addResponse.getBody(), addResponse.getStatusCode().value()); } return response; } - @Override - public void updateRole(Role addRole, EPApp app) throws Exception { - boolean addResponse = updateRoleInExternalSystem(addRole, app); - if (!addResponse) { - throw new Exception("Failed to update a role"); - } - } - + /** + * + * It deletes record in external auth system + * + * @param delRole + * @return JSON String which has status code and response body + * @throws Exception + */ private ResponseEntity<String> deleteRoleInExternalSystem(String delRole) throws Exception { ResponseEntity<String> delResponse = null; HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth(); HttpEntity<String> entity = new HttpEntity<>(delRole, headers); - logger.debug(EELFLoggerDelegate.debugLogger, "Connecting to External Access system"); + logger.debug(EELFLoggerDelegate.debugLogger, "deleteRoleInExternalSystem: {} " , CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE); delResponse = template.exchange( SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "role?force=true", HttpMethod.DELETE, entity, String.class); - logger.debug(EELFLoggerDelegate.debugLogger, "Connected to External Access system"); + logger.debug(EELFLoggerDelegate.debugLogger, "deleteRoleInExternalSystem: Finished DELETE operation in the External Auth system and status code: {} ", delResponse.getStatusCode().value()); return delResponse; } + /** + * It updates role in external auth system + * + * @param updateExtRole + * @param app + * @return true if success else false + * @throws Exception + * If updateRoleInExternalSystem fails we catch it in logger for detail message + */ @SuppressWarnings("unchecked") private boolean updateRoleInExternalSystem(Role updateExtRole, EPApp app) throws Exception { boolean response = false; @@ -176,75 +225,85 @@ public class ExternalAccessRolesServiceImpl implements ExternalAccessRolesServic ExternalAccessRolePerms extRolePerms = null; ExternalAccessPerms extPerms = null; List<EPRole> epRoleList = null; - epRoleList = dataAccessService.getList(EPRole.class, - " where role_id = " + updateExtRole.getId(), null, null); + epRoleList = dataAccessService.getList(EPRole.class, WHERE_ROLE_ID_EQUALS + updateExtRole.getId(), null, null); String appRole = getSingleAppRole(epRoleList.get(0).getName(), app); - if (!appRole.equals("{}")) { + if (!appRole.equals(IS_EMPTY_JSON_STRING)) { JSONObject jsonObj = new JSONObject(appRole); JSONArray extRole = jsonObj.getJSONArray("role"); - if (!extRole.getJSONObject(0).has("description")) { - String roleName = extRole.getJSONObject(0).getString("name"); - String delRoleKey = "{\"name\":\"" + roleName + "\"}"; - deleteResponse = deleteRoleInExternalSystem(delRoleKey); + if (!extRole.getJSONObject(0).has(EXTERNAL_AUTH_ROLE_DESCRIPTION)) { + String roleName = extRole.getJSONObject(0).getString(ROLE_NAME); + Map<String, String> delRoleKeyMapper = new HashMap<>(); + delRoleKeyMapper.put(ROLE_NAME, roleName); + String delRoleKeyValue = mapper.writeValueAsString(delRoleKeyMapper); + deleteResponse = deleteRoleInExternalSystem(delRoleKeyValue); if (deleteResponse.getStatusCode().value() != 200) { - throw new Exception("Failed to delete role in external access system!"); + throw new Exception(deleteResponse.getBody()); } addRole(updateExtRole, app.getUebKey()); } else { - String desc = extRole.getJSONObject(0).getString("description"); - String name = extRole.getJSONObject(0).getString("name"); + String desc = extRole.getJSONObject(0).getString(EXTERNAL_AUTH_ROLE_DESCRIPTION); + String name = extRole.getJSONObject(0).getString(ROLE_NAME); List<ExternalAccessPerms> list = null; - if (extRole.getJSONObject(0).has("perms")) { - JSONArray perms = extRole.getJSONObject(0).getJSONArray("perms"); - ObjectMapper permsMapper = new ObjectMapper(); - list = permsMapper.readValue(perms.toString(), TypeFactory.defaultInstance() + if (extRole.getJSONObject(0).has(EXTERNAL_AUTH_PERMS)) { + JSONArray perms = extRole.getJSONObject(0).getJSONArray(EXTERNAL_AUTH_PERMS); + list = mapper.readValue(perms.toString(), TypeFactory.defaultInstance() .constructCollectionType(List.class, ExternalAccessPerms.class)); } - ObjectMapper roleMapper = new ObjectMapper(); - ExternalRoleDescription sysRoleList = roleMapper.readValue(desc, ExternalRoleDescription.class); + ExternalRoleDescription sysRoleList = mapper.readValue(desc, ExternalRoleDescription.class); // If role name or role functions are updated then delete record in External System and add new record to avoid conflicts Boolean existingRoleActive; - boolean res; + boolean isActiveValueChanged; // check role active status existingRoleActive = new Boolean(sysRoleList.getActive()); - res = existingRoleActive.equals(updateExtRole.getActive()); + isActiveValueChanged = existingRoleActive.equals(updateExtRole.getActive()); if (!sysRoleList.getName().equals(updateExtRole.getName())) { - String deleteRoleKey = "{\"name\":\"" + name + "\"}"; - deleteResponse = deleteRoleInExternalSystem(deleteRoleKey); + Map<String, String> delRoleKeyMapper = new HashMap<>(); + delRoleKeyMapper.put(ROLE_NAME, name); + String delRoleKeyValue = mapper.writeValueAsString(delRoleKeyMapper); + deleteResponse = deleteRoleInExternalSystem(delRoleKeyValue); if (deleteResponse.getStatusCode().value() != 200) { - throw new Exception("Failed to delete role in external access system!"); + logger.error(EELFLoggerDelegate.errorLogger, "updateRoleInExternalSystem: Failed to delete role in external system due to {} ", deleteResponse.getBody()); + throw new Exception(deleteResponse.getBody()); } - response = addRole(updateExtRole, app.getUebKey()); - ObjectMapper addPermsMapper = new ObjectMapper(); - response = addRoleFunctionsInExternalSystem(updateExtRole, addPermsMapper, app); + addRole(updateExtRole, app.getUebKey()); + addRoleFunctionsInExternalSystem(updateExtRole, mapper, app); } ExternalAccessRole updateRole = new ExternalAccessRole(); - if (!res || !sysRoleList.getPriority().equals(String.valueOf(updateExtRole.getPriority())) || - sysRoleList.getId().equals("null")) { + if (!isActiveValueChanged + || !sysRoleList.getPriority().equals(String.valueOf(updateExtRole.getPriority())) + || sysRoleList.getId().equals(IS_NULL_STRING) + || !sysRoleList.getId().equals(String.valueOf(epRoleList.get(0).getId()))) { String updateDesc = ""; + String appId = (app.getId().equals(PortalConstants.PORTAL_APP_ID)) ? " app_id is null" + : APP_ID_EQUALS + app.getId(); List<EPRole> getRole = dataAccessService.getList(EPRole.class, - " where role_name = '" + updateExtRole.getName() + "'", null, null); + WHERE_ROLE_NAME_EQUALS + updateExtRole.getName() + "' and " + appId, null, null); + Map<String, Object> extSystemUpdateRoleJsonMapper = new LinkedHashMap<>(); + extSystemUpdateRoleJsonMapper.put(ID, getRole.get(0).getId()); + extSystemUpdateRoleJsonMapper.put(ROLE_NAME, updateExtRole.getName()); + extSystemUpdateRoleJsonMapper.put(ACTIVE, updateExtRole.getActive()); + extSystemUpdateRoleJsonMapper.put(PRIORITY, updateExtRole.getPriority()); if (app.getId().equals(PortalConstants.PORTAL_APP_ID)) { - updateDesc = "{\"id\":\"" + getRole.get(0).getId() + "\",\"name\":\"" + updateExtRole.getName() - + "\",\"active\":\"" + updateExtRole.getActive() + "\",\"priority\":\"" - + updateExtRole.getPriority() + "\",\"appId\":\"null\",\"appRoleId\":\"null\"}"; - + extSystemUpdateRoleJsonMapper.put(APP_ID, null); + extSystemUpdateRoleJsonMapper.put(APP_ROLE_ID, null); } else { - updateDesc = "{\"id\":\"" + getRole.get(0).getId() + "\",\"name\":\"" + updateExtRole.getName() - + "\",\"active\":\"" + updateExtRole.getActive() + "\",\"priority\":\"" - + updateExtRole.getPriority() + "\",\"appId\":\"" + app.getId() + "\",\"appRoleId\":\"" - + getRole.get(0).getAppRoleId() + "\"}"; + extSystemUpdateRoleJsonMapper.put(APP_ID, app.getId()); + extSystemUpdateRoleJsonMapper.put(APP_ROLE_ID, getRole.get(0).getAppRoleId()); } + updateDesc = mapper.writeValueAsString(extSystemUpdateRoleJsonMapper); updateRole.setName(app.getNameSpace() + "." + updateExtRole.getName().replaceAll(" ", "_")); updateRole.setDescription(updateDesc); String updateRoleDesc = mapper.writeValueAsString(updateRole); HttpEntity<String> entity = new HttpEntity<>(updateRoleDesc, headers); - logger.debug(EELFLoggerDelegate.debugLogger, "Connecting to External Access system"); - template.exchange( + logger.debug(EELFLoggerDelegate.debugLogger, + "updateRoleInExternalSystem: {} " , CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE); + ResponseEntity<String> updatePermsResponse = template.exchange( SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "role", HttpMethod.PUT, entity, String.class); - logger.debug(EELFLoggerDelegate.debugLogger, "Connected to External Access system"); + logger.debug(EELFLoggerDelegate.debugLogger, + "updateRoleInExternalSystem: Finished updating in External Auth system and status code: {} ", + updatePermsResponse.getStatusCode().value()); } List<RoleFunction> roleFunctionListNew = convertSetToListOfRoleFunctions(updateExtRole); Map<String, RoleFunction> updateRoleFunc = new HashMap<>(); @@ -253,17 +312,16 @@ public class ExternalAccessRolesServiceImpl implements ExternalAccessRolesServic } final Map<String, ExternalAccessPerms> extRolePermMap = new HashMap<>(); // Update permissions in the ExternalAccess System - ObjectMapper permMapper = new ObjectMapper(); if (list != null) { for (ExternalAccessPerms perm : list) { if (!updateRoleFunc.containsKey(perm.getInstance())) { - removePermForRole(perm, permMapper, name, headers); + removePermForRole(perm, mapper, name, headers); } extRolePermMap.put(perm.getInstance(), perm); } } response = true; - if (!roleFunctionListNew.isEmpty() || roleFunctionListNew.size() > 0) { + if (!roleFunctionListNew.isEmpty()) { for (RoleFunction roleFunc : roleFunctionListNew) { if (!extRolePermMap.containsKey(roleFunc.getCode())) { String checkType = roleFunc.getCode().contains("menu") ? "menu" : "url"; @@ -273,7 +331,7 @@ public class ExternalAccessRolesServiceImpl implements ExternalAccessRolesServic app.getNameSpace() + "." + updateExtRole.getName().replaceAll(" ", "_")); String updateRolePerms = mapper.writeValueAsString(extRolePerms); HttpEntity<String> entity = new HttpEntity<>(updateRolePerms, headers); - logger.debug(EELFLoggerDelegate.debugLogger, "Connecting to External Access system"); + logger.debug(EELFLoggerDelegate.debugLogger, "updateRoleInExternalSystem: {} " , CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE); ResponseEntity<String> addResponse = template.exchange( SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "role/perm", @@ -281,29 +339,41 @@ public class ExternalAccessRolesServiceImpl implements ExternalAccessRolesServic if (addResponse.getStatusCode().value() != 201) { response = false; logger.debug(EELFLoggerDelegate.debugLogger, - "Connected to External Access system but something went wrong! due to {} and statuscode: {}", addResponse.getStatusCode().getReasonPhrase(), addResponse.getStatusCode().value()); + "updateRoleInExternalSystem: Connected to External Auth system but something went wrong! due to {} and statuscode: {}", + addResponse.getStatusCode().getReasonPhrase(), + addResponse.getStatusCode().value()); } else { response = true; - logger.debug(EELFLoggerDelegate.debugLogger, "Connected to External Access system"); + logger.debug(EELFLoggerDelegate.debugLogger, "updateRoleInExternalSystem: Finished adding permissions to roles in External Auth system and status code: {} ", addResponse.getStatusCode().value()); } } } } } } else { - // It seems like role exists in local DB but not in External Access system + // It seems like role exists in local DB but not in External Access system addRole(updateExtRole, app.getUebKey()); List<RoleFunction> roleFunctionListUpdate = convertSetToListOfRoleFunctions(updateExtRole); response = true; - if (!roleFunctionListUpdate.isEmpty() || roleFunctionListUpdate.size() > 0) { - ObjectMapper addPermsMapper = new ObjectMapper(); - addRoleFunctionsInExternalSystem(updateExtRole, addPermsMapper, app); + if (!roleFunctionListUpdate.isEmpty()) { + addRoleFunctionsInExternalSystem(updateExtRole, mapper, app); } } return response; } - private boolean addRoleFunctionsInExternalSystem(Role updateExtRole, ObjectMapper addPermsMapper, EPApp app) throws Exception { + /** + * + * It adds functions to the role in external auth system + * + * @param updateExtRole + * @param addPermsMapper + * @param app + * @return true if success else false + * @throws Exception + */ + private boolean addRoleFunctionsInExternalSystem(Role updateExtRole, ObjectMapper addPermsMapper, EPApp app) + throws Exception { boolean response = false; ExternalAccessRolePerms extAddRolePerms = null; ExternalAccessPerms extAddPerms = null; @@ -311,31 +381,37 @@ public class ExternalAccessRolesServiceImpl implements ExternalAccessRolesServic HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth(); for (RoleFunction roleFunc : roleFunctionListAdd) { String checkType = roleFunc.getCode().contains("menu") ? "menu" : "url"; - extAddPerms = new ExternalAccessPerms(app.getNameSpace() + "." + checkType, roleFunc.getCode(), - "*"); + extAddPerms = new ExternalAccessPerms(app.getNameSpace() + "." + checkType, roleFunc.getCode(), "*"); extAddRolePerms = new ExternalAccessRolePerms(extAddPerms, app.getNameSpace() + "." + updateExtRole.getName().replaceAll(" ", "_")); String updateRolePerms = addPermsMapper.writeValueAsString(extAddRolePerms); HttpEntity<String> entity = new HttpEntity<>(updateRolePerms, headers); - logger.debug(EELFLoggerDelegate.debugLogger, "Connecting to External Access system"); + logger.debug(EELFLoggerDelegate.debugLogger, "addRoleFunctionsInExternalSystem: {} " , CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE); ResponseEntity<String> addResponse = template.exchange( - SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) - + "role/perm", + SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "role/perm", HttpMethod.POST, entity, String.class); if (addResponse.getStatusCode().value() != 201) { response = false; logger.debug(EELFLoggerDelegate.debugLogger, - "Connected to External Access system but something went wrong! due to {} and statuscode: {}", addResponse.getStatusCode().getReasonPhrase(), addResponse.getStatusCode().value()); + "addRoleFunctionsInExternalSystem: While adding permission to the role in External Auth system something went wrong! due to {} and statuscode: {}", + addResponse.getStatusCode().getReasonPhrase(), addResponse.getStatusCode().value()); } else { response = true; - logger.debug(EELFLoggerDelegate.debugLogger, "Connected to External Access system"); + logger.debug(EELFLoggerDelegate.debugLogger, "addRoleFunctionsInExternalSystem: Finished adding permissions to roles in External Auth system and status code: {} ", addResponse.getStatusCode().value()); } } return response; } + /** + * + * It converts list of functions in updateExtRole parameter to the RoleFunction object + * + * @param updateExtRole + * @return list of functions + */ @SuppressWarnings("unchecked") - private List<RoleFunction> convertSetToListOfRoleFunctions(Role updateExtRole){ + private List<RoleFunction> convertSetToListOfRoleFunctions(Role updateExtRole) { Set<RoleFunction> roleFunctionSetList = updateExtRole.getRoleFunctions(); List<RoleFunction> roleFunctionList = new ArrayList<>(); ObjectMapper roleFuncMapper = new ObjectMapper(); @@ -347,20 +423,41 @@ public class ExternalAccessRolesServiceImpl implements ExternalAccessRolesServic } return roleFunctionList.stream().distinct().collect(Collectors.toList()); } - - private void removePermForRole(ExternalAccessPerms perm, ObjectMapper permMapper,String name, HttpHeaders headers) throws Exception { + + /** + * It delete permissions/functions in the external auth system + * + * @param perm + * @param permMapper + * @param name + * @param headers + * @throws Exception + */ + private void removePermForRole(ExternalAccessPerms perm, ObjectMapper permMapper, String name, HttpHeaders headers) + throws Exception { ExternalAccessRolePerms extAccessRolePerms = new ExternalAccessRolePerms(perm, name); String permDetails = permMapper.writeValueAsString(extAccessRolePerms); HttpEntity<String> deleteEntity = new HttpEntity<>(permDetails, headers); - logger.debug(EELFLoggerDelegate.debugLogger, "Connecting to External Access system"); - ResponseEntity<String> deletePermResponse = template.exchange(SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) - + "role/"+name+"/perm", HttpMethod.DELETE, deleteEntity, String.class); + logger.debug(EELFLoggerDelegate.debugLogger, "removePermForRole: {} " , CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE); + ResponseEntity<String> deletePermResponse = template + .exchange(SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "role/" + + name + "/perm", HttpMethod.DELETE, deleteEntity, String.class); if (deletePermResponse.getStatusCode().value() != 200) { - throw new Exception("Failed to delete role function"); + throw new Exception(deletePermResponse.getBody()); } - logger.debug(EELFLoggerDelegate.debugLogger, "Connected to External Access system"); + logger.debug(EELFLoggerDelegate.debugLogger, "removePermForRole: Finished deleting permission to role in External Auth system and status code: {}", + deletePermResponse.getStatusCode().value()); } + /** + * It will create new role in the External Auth System + * + * @param newRole + * @param app + * @return true if successfully added in the system else false + * @throws Exception + * If fails to add role in the system + */ private boolean addNewRoleInExternalSystem(List<EPRole> newRole, EPApp app) throws Exception { boolean response = false; HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth(); @@ -368,52 +465,76 @@ public class ExternalAccessRolesServiceImpl implements ExternalAccessRolesServic String addNewRole = ""; ExternalAccessRole extRole = new ExternalAccessRole(); String addDesc = null; - addDesc = "{\"id\":\"" + newRole.get(0).getId() + "\",\"name\":\"" + newRole.get(0).getName() + "\",\"active\":\"" - + newRole.get(0).getActive() + "\",\"priority\":\"" +newRole.get(0).getPriority() + "\",\"appId\":\"" - + newRole.get(0).getAppId() + "\",\"appRoleId\":\"" + newRole.get(0).getAppRoleId() + "\"}"; - + Map<String, Object> extSystemJsonMapper = new LinkedHashMap<>(); + extSystemJsonMapper.put(ID, newRole.get(0).getId()); + extSystemJsonMapper.put(ROLE_NAME, newRole.get(0).getName()); + extSystemJsonMapper.put(ACTIVE, newRole.get(0).getActive()); + extSystemJsonMapper.put(PRIORITY, newRole.get(0).getPriority()); + extSystemJsonMapper.put(APP_ID, newRole.get(0).getAppId()); + extSystemJsonMapper.put(APP_ROLE_ID, newRole.get(0).getAppRoleId()); + addDesc = mapper.writeValueAsString(extSystemJsonMapper); extRole.setName(app.getNameSpace() + "." + newRole.get(0).getName().replaceAll(" ", "_")); extRole.setDescription(addDesc); addNewRole = mapper.writeValueAsString(extRole); HttpEntity<String> deleteEntity = new HttpEntity<>(addNewRole, headers); - logger.debug(EELFLoggerDelegate.debugLogger, "Connecting to External Access system"); - ResponseEntity<String> addNewRoleInExternalSystem = template.exchange(SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) - + "role", HttpMethod.POST, deleteEntity, String.class); + logger.debug(EELFLoggerDelegate.debugLogger, "addNewRoleInExternalSystem: {} " , CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE); + ResponseEntity<String> addNewRoleInExternalSystem = template.exchange( + SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "role", + HttpMethod.POST, deleteEntity, String.class); if (addNewRoleInExternalSystem.getStatusCode().value() != 201) { - throw new Exception("Failed to add Role in External System"); - } else{ - logger.debug(EELFLoggerDelegate.debugLogger, "Connected to External Access system"); + throw new Exception(addNewRoleInExternalSystem.getBody()); + } else { + logger.debug(EELFLoggerDelegate.debugLogger, "addNewRoleInExternalSystem: Finished adding into External Auth system and status code: {}", + addNewRoleInExternalSystem.getStatusCode().value()); response = true; } return response; } - + + /** + * + * It updates existing role in the External Auth System + * + * @param addRole + * It Contains role information + * @param app + * @return string which is formatted to match with the external auth system + * @throws JsonProcessingException + */ @SuppressWarnings("unchecked") - private String createNewRoleInExternalSystem(Role addRole, EPApp app) throws JsonProcessingException { + private String updateExistingRoleInExternalSystem(Role addRole, EPApp app) throws JsonProcessingException { ObjectMapper mapper = new ObjectMapper(); String addNewRole = ""; ExternalAccessRole extRole = new ExternalAccessRole(); List<EPRole> role = null; String addDesc = null; - if(app.getId().equals(PortalConstants.PORTAL_APP_ID)){ - role = dataAccessService.getList(EPRole.class, - " where role_id = " + addRole.getId(), null, null); - addDesc = "{\"id\":\"" + role.get(0).getId() + "\",\"name\":\"" + addRole.getName() + "\",\"active\":\"" - + role.get(0).getActive() + "\",\"priority\":\"" + role.get(0).getPriority() - + "\",\"appId\":\"null\",\"appRoleId\":\"null\"}"; - } else{ - role = dataAccessService.getList(EPRole.class, - " where app_role_id = " + addRole.getId(), null, null); - addDesc = "{\"id\":\"" + role.get(0).getId() + "\",\"name\":\"" + addRole.getName() + "\",\"active\":\"" - + role.get(0).getActive() + "\",\"priority\":\"" + addRole.getPriority() + "\",\"appId\":\"" - + app.getId() + "\",\"appRoleId\":\"" + role.get(0).getAppRoleId() + "\"}"; + Map<String, Object> extSystemUpdateRole = new LinkedHashMap<>(); + if (app.getId().equals(PortalConstants.PORTAL_APP_ID)) { + role = dataAccessService.getList(EPRole.class, WHERE_ROLE_ID_EQUALS + addRole.getId(), null, null); + } else { + role = dataAccessService.getList(EPRole.class, " where app_role_id = " + addRole.getId(), null, null); } + extSystemUpdateRole.put(ID, role.get(0).getId()); + extSystemUpdateRole.put(ROLE_NAME, addRole.getName()); + extSystemUpdateRole.put(ACTIVE, role.get(0).getActive()); + extSystemUpdateRole.put(PRIORITY, role.get(0).getPriority()); + extSystemUpdateRole.put(APP_ID, role.get(0).getAppId()); + extSystemUpdateRole.put(APP_ROLE_ID, role.get(0).getAppRoleId()); + addDesc = mapper.writeValueAsString(extSystemUpdateRole); extRole.setName(app.getNameSpace() + "." + addRole.getName().replaceAll(" ", "_")); extRole.setDescription(addDesc); addNewRole = mapper.writeValueAsString(extRole); return addNewRole; } + /** + * It create a role in the external auth system and then in our local + * + * @param addRoleInDB + * @param app + * @return true else false + * @throws Exception + */ @SuppressWarnings("unchecked") @Transactional private boolean addRoleInEcompDB(Role addRoleInDB, EPApp app) throws Exception { @@ -443,40 +564,39 @@ public class ExternalAccessRolesServiceImpl implements ExternalAccessRolesServic epRoleNew.setAppId(app.getId()); } dataAccessService.saveDomainObject(epRoleNew, null); - List <EPRole> getRoleCreated = null; - if (!app.getId().equals(PortalConstants.PORTAL_APP_ID)) { - List<EPRole> roleCreated = dataAccessService.getList(EPRole.class, - " where role_name = '" + addRoleInDB.getName() +"' and app_id = "+ app.getId(), null, null); - EPRole epUpdateRole = roleCreated.get(0); - epUpdateRole.setAppRoleId(epUpdateRole.getId()); - dataAccessService.saveDomainObject(epUpdateRole, null); - getRoleCreated = dataAccessService.getList(EPRole.class, - " where role_name = '" + addRoleInDB.getName() +"' and app_id = "+ app.getId() , null, null); - } else{ - getRoleCreated = dataAccessService.getList(EPRole.class, - " where role_name = '" + addRoleInDB.getName() +"' and app_id is null", null, null); - } - // Add role in External Access system - boolean response = addNewRoleInExternalSystem(getRoleCreated, app); - - if (!response) { - throw new Exception("Failed to add role!"); + List<EPRole> getRoleCreated = null; + if (!app.getId().equals(PortalConstants.PORTAL_APP_ID)) { + List<EPRole> roleCreated = dataAccessService.getList(EPRole.class, + WHERE_ROLE_NAME_EQUALS + addRoleInDB.getName() + "' and app_id = " + app.getId(), null, + null); + EPRole epUpdateRole = roleCreated.get(0); + epUpdateRole.setAppRoleId(epUpdateRole.getId()); + dataAccessService.saveDomainObject(epUpdateRole, null); + getRoleCreated = dataAccessService.getList(EPRole.class, + WHERE_ROLE_NAME_EQUALS + addRoleInDB.getName() + "' and app_id = " + app.getId(), null, + null); + } else { + getRoleCreated = dataAccessService.getList(EPRole.class, + WHERE_ROLE_NAME_EQUALS + addRoleInDB.getName() + "' and app_id is null", null, null); } + // Add role in External Auth system + result = addNewRoleInExternalSystem(getRoleCreated, app); } else { // if role already exists then update it if (app.getId().equals(PortalConstants.PORTAL_APP_ID)) { applicationRoles = dataAccessService.getList(EPRole.class, " where app_id is null " + " and role_id = " + addRoleInDB.getId(), null, null); } else { applicationRoles = dataAccessService.getList(EPRole.class, - " where app_id = " + app.getId() + " and app_role_id = " + addRoleInDB.getId(), null, null); + WHERE_APP_ID_EQUALS + app.getId() + " and app_role_id = " + addRoleInDB.getId(), null, null); } - if(applicationRoles.isEmpty() && !app.getId().equals(PortalConstants.PORTAL_APP_ID)){ + if (applicationRoles.isEmpty()) { applicationRoles = dataAccessService.getList(EPRole.class, - " where app_id = " + app.getId() + " and role_id = " + addRoleInDB.getId(), null, null); + WHERE_APP_ID_EQUALS + app.getId() + " and role_name = '" + addRoleInDB.getName() + "'", null, + null); } updateRoleInExternalSystem(addRoleInDB, app); deleteRoleFunction(app, applicationRoles); - if (applicationRoles.size() > 0 || !applicationRoles.isEmpty()) { + if (!applicationRoles.isEmpty()) { epRole = applicationRoles.get(0); epRole.setName(addRoleInDB.getName()); epRole.setPriority(addRoleInDB.getPriority()); @@ -484,15 +604,16 @@ public class ExternalAccessRolesServiceImpl implements ExternalAccessRolesServic if (app.getId().equals(PortalConstants.PORTAL_APP_ID)) { epRole.setAppId(null); epRole.setAppRoleId(null); - } else if(!app.getId().equals(PortalConstants.PORTAL_APP_ID) && applicationRoles.get(0).getAppRoleId() == null){ + } else if (!app.getId().equals(PortalConstants.PORTAL_APP_ID) + && applicationRoles.get(0).getAppRoleId() == null) { epRole.setAppRoleId(epRole.getId()); } dataAccessService.saveDomainObject(epRole, null); } - + saveRoleFunction(listWithoutDuplicates, app, applicationRoles); + result = true; } - result = true; } catch (Exception e) { logger.error(EELFLoggerDelegate.errorLogger, "addRoleInEcompDB is failed", e); throw new Exception(e.getMessage()); @@ -500,20 +621,39 @@ public class ExternalAccessRolesServiceImpl implements ExternalAccessRolesServic return result; } + /** + * + * It validates whether role exists in external auth system + * + * @param checkRole + * @param app + * @throws Exception + * If role exits + */ private void checkIfRoleExitsInExternalSystem(Role checkRole, EPApp app) throws Exception { HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth(); - String roleName = app.getNameSpace()+"."+checkRole.getName().replaceAll(" ", "_"); + String roleName = app.getNameSpace() + "." + checkRole.getName().replaceAll(" ", "_"); HttpEntity<String> checkRoleEntity = new HttpEntity<>(headers); - logger.debug(EELFLoggerDelegate.debugLogger, "Connecting to External Access system"); - ResponseEntity<String> checkRoleInExternalSystem = template.exchange(SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) - + "roles/"+roleName, HttpMethod.GET, checkRoleEntity, String.class); - if(!checkRoleInExternalSystem.getBody().equals("{}")){ - logger.debug("Role already exists in external system ", checkRoleInExternalSystem.getBody()); + logger.debug(EELFLoggerDelegate.debugLogger, "checkIfRoleExitsInExternalSystem: {} " , CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE); + ResponseEntity<String> checkRoleInExternalSystem = template + .exchange(SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "roles/" + + roleName, HttpMethod.GET, checkRoleEntity, String.class); + if (!checkRoleInExternalSystem.getBody().equals(IS_EMPTY_JSON_STRING)) { + logger.debug("checkIfRoleExitsInExternalSystem: Role already exists in external system {} and status code: {} ", checkRoleInExternalSystem.getBody(), checkRoleInExternalSystem.getStatusCode().value()); throw new Exception("Role already exists in external system"); - } + } } - private void saveRoleFunction(List<RoleFunction> roleFunctionListNew, EPApp app, List<EPRole> applicationRoles) throws Exception { + /** + * It saves list of functions to the role in portal + * + * @param roleFunctionListNew + * @param app + * @param applicationRoles + * @throws Exception + */ + private void saveRoleFunction(List<RoleFunction> roleFunctionListNew, EPApp app, List<EPRole> applicationRoles) + throws Exception { for (RoleFunction roleFunc : roleFunctionListNew) { EPAppRoleFunction appRoleFunc = new EPAppRoleFunction(); appRoleFunc.setAppId(app.getId()); @@ -522,20 +662,33 @@ public class ExternalAccessRolesServiceImpl implements ExternalAccessRolesServic dataAccessService.saveDomainObject(appRoleFunc, null); } } - + + /** + * It deletes all EPAppRoleFunction records in the portal + * + * @param app + * @param role + */ @SuppressWarnings("unchecked") private void deleteRoleFunction(EPApp app, List<EPRole> role) { List<EPAppRoleFunction> appRoleFunctionList = dataAccessService.getList(EPAppRoleFunction.class, - " where app_id = " + app.getId() + " and role_id = " + role.get(0).getId(), null, null); - if (!appRoleFunctionList.isEmpty() || appRoleFunctionList.size() > 0) { + WHERE_APP_ID_EQUALS + app.getId() + " and role_id = " + role.get(0).getId(), null, null); + if (!appRoleFunctionList.isEmpty()) { for (EPAppRoleFunction approleFunction : appRoleFunctionList) { dataAccessService.deleteDomainObject(approleFunction, null); } } } - + + @Override @SuppressWarnings("unchecked") - public String getUser(String loginId, String uebkey) throws Exception { + public List<EPUser> getUser(String loginId){ + return (List<EPUser>) dataAccessService.getList(EPUser.class, + " where org_user_id = '" + loginId + "'", null, null); + } + + @Override + public String getUserWithRoles(String loginId, String uebkey) throws Exception { final Map<String, String> params = new HashMap<>(); List<EPUser> userList = null; CentralUser cenUser = null; @@ -543,43 +696,42 @@ public class ExternalAccessRolesServiceImpl implements ExternalAccessRolesServic String result = null; try { params.put("orgUserIdValue", loginId); - List<EPApp> appList = (List<EPApp>) getApp(uebkey); - if (appList.size() > 0) { + List<EPApp> appList = getApp(uebkey); + if (!appList.isEmpty()) { app = appList.get(0); - userList = (List<EPUser>) dataAccessService.getList(EPUser.class, - " where org_user_id = '" + loginId + "'", null, null); - if (userList.size() > 0) { + userList = getUser(loginId); + if (!userList.isEmpty()) { EPUser user = userList.get(0); ObjectMapper mapper = new ObjectMapper(); Set<EPUserApp> userAppSet = user.getEPUserApps(); cenUser = createEPUser(user, userAppSet, app); result = mapper.writeValueAsString(cenUser); - } else if (userList.size() == 0) { + } else if (userList.isEmpty()) { throw new Exception("User not found"); } } else { throw new Exception("Application not found"); } } catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger, "getUser is failed", e); + logger.error(EELFLoggerDelegate.errorLogger, "getUser: failed", e); throw new Exception(e.getMessage()); } return result; } - + @Override public List<CentralRole> getRolesForApp(String uebkey) throws Exception { - logger.debug(EELFLoggerDelegate.debugLogger, "Entering into getRolesForApp"); + logger.debug(EELFLoggerDelegate.debugLogger, "getRolesForApp: Entering into getRolesForApp"); List<CentralRole> roleList = new ArrayList<>(); final Map<String, Long> params = new HashMap<>(); try { List<EPApp> app = getApp(uebkey); - List<EPRole> appRolesList = getAppRoles(app.get(0).getId(), null); + List<EPRole> appRolesList = getAppRoles(app.get(0).getId()); createCentralRoleObject(app, appRolesList, roleList, params); } catch (Exception e) { throw new Exception("getRolesForApp Failed", e); } - logger.debug(EELFLoggerDelegate.debugLogger, "Finished getRolesForApp"); + logger.debug(EELFLoggerDelegate.debugLogger, "getRolesForApp: Finished getRolesForApp"); return roleList; } @@ -589,17 +741,26 @@ public class ExternalAccessRolesServiceImpl implements ExternalAccessRolesServic EPApp app = getApp(uebkey).get(0); List<CentralRoleFunction> getRoleFuncList = null; final Map<String, Long> params = new HashMap<>(); - params.put("appId", app.getId()); - //Sync all functions from external system into Ecomp portal DB - logger.debug(EELFLoggerDelegate.debugLogger, "Entering into syncRoleFunctionFromExternalAccessSystem"); + params.put(APP_ID, app.getId()); + // Sync all functions from external system into Ecomp portal DB + logger.debug(EELFLoggerDelegate.debugLogger, "getRoleFuncList: Entering into syncRoleFunctionFromExternalAccessSystem"); syncRoleFunctionFromExternalAccessSystem(app); - logger.debug(EELFLoggerDelegate.debugLogger, "Finished syncRoleFunctionFromExternalAccessSystem"); + logger.debug(EELFLoggerDelegate.debugLogger, "getRoleFuncList: Finished syncRoleFunctionFromExternalAccessSystem"); getRoleFuncList = dataAccessService.executeNamedQuery("getAllRoleFunctions", params, null); return getRoleFuncList; } + /** + * It returns user detail information which is deep copy of EPUser.class object + * + * @param userInfo + * @param userAppSet + * @param app + * @return + * @throws Exception + */ @SuppressWarnings("unchecked") - public CentralUser createEPUser(EPUser userInfo, Set<EPUserApp> userAppSet, EPApp app) throws Exception { + private CentralUser createEPUser(EPUser userInfo, Set<EPUserApp> userAppSet, EPApp app) throws Exception { final Map<String, Long> params = new HashMap<>(); CentralUser userAppList = new CentralUser(); @@ -626,27 +787,27 @@ public class ExternalAccessRolesServiceImpl implements ExternalAccessRolesServic epApp.getUebTopicName()); cua.setApp(cenApp); params.put("roleId", userApp.getRole().getId()); - params.put("appId", userApp.getApp().getId()); + params.put(APP_ID, userApp.getApp().getId()); List<CentralRoleFunction> appRoleFunctionList = dataAccessService .executeNamedQuery("getAppRoleFunctionList", params, null); - SortedSet<CentralRoleFunction> roleFunctionSet = new TreeSet<CentralRoleFunction>(); + SortedSet<CentralRoleFunction> roleFunctionSet = new TreeSet<>(); for (CentralRoleFunction roleFunc : appRoleFunctionList) { CentralRoleFunction cenRoleFunc = new CentralRoleFunction(roleFunc.getId(), roleFunc.getCode(), roleFunc.getName(), null, null); roleFunctionSet.add(cenRoleFunc); } Long userRoleId = null; - if(globalRole.toLowerCase().startsWith("global_") && epApp.getId().equals(PortalConstants.PORTAL_APP_ID)){ + if (globalRole.toLowerCase().startsWith("global_") + && epApp.getId().equals(PortalConstants.PORTAL_APP_ID)) { userRoleId = userApp.getRole().getId(); - } else{ + } else { userRoleId = userApp.getRole().getAppRoleId(); } - CentralRole cenRole = new CentralRole(userRoleId, - userApp.getRole().getCreated(), userApp.getRole().getModified(), - userApp.getRole().getCreatedId(), userApp.getRole().getModifiedId(), - userApp.getRole().getRowNum(), userApp.getRole().getName(), - userApp.getRole().getActive(), userApp.getRole().getPriority(), roleFunctionSet, null, - null); + CentralRole cenRole = new CentralRole(userRoleId, userApp.getRole().getCreated(), + userApp.getRole().getModified(), userApp.getRole().getCreatedId(), + userApp.getRole().getModifiedId(), userApp.getRole().getRowNum(), + userApp.getRole().getName(), userApp.getRole().getActive(), + userApp.getRole().getPriority(), roleFunctionSet, null, null); cua.setRole(cenRole); userAppList.userApps.add(cua); @@ -670,7 +831,7 @@ public class ExternalAccessRolesServiceImpl implements ExternalAccessRolesServic userInfo.getInternal(), userInfo.getSelectedProfileId(), userInfo.getTimeZoneId(), userInfo.isOnline(), userInfo.getChatId(), userAppList.userApps, null); } catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger, "createEPUser failed", e); + logger.error(EELFLoggerDelegate.errorLogger, "createEPUser: createEPUser failed", e); throw new Exception(e.getMessage()); } @@ -687,12 +848,12 @@ public class ExternalAccessRolesServiceImpl implements ExternalAccessRolesServic List<EPApp> app = null; try { app = getApp(uebkey); - if (app.isEmpty() || app.size() == 0) { + if (app.isEmpty()) { throw new Exception("Application not found"); } String filter = null; - if (app.get(0).getId() == PortalConstants.PORTAL_APP_ID) { - filter = " where role_id = " + roleId + " and app_id is null "; + if (app.get(0).getId().equals(PortalConstants.PORTAL_APP_ID)) { + filter = WHERE_ROLE_ID_EQUALS + roleId + " and app_id is null "; } else { filter = " where app_role_id = " + roleId + " and app_id = " + app.get(0).getId(); @@ -704,28 +865,38 @@ public class ExternalAccessRolesServiceImpl implements ExternalAccessRolesServic } } catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger, "getRoleInfo failed", e); + logger.error(EELFLoggerDelegate.errorLogger, "getRoleInfo: failed", e); throw new Exception(e.getMessage()); } return roleList.get(0); } - + + /** + * + * It returns list of app roles along with role functions and which went through deep copy + * + * @param app + * @param roleInfo + * @param roleList + * @param params + * @return + */ @SuppressWarnings("unchecked") private List<CentralRole> createCentralRoleObject(List<EPApp> app, List<EPRole> roleInfo, List<CentralRole> roleList, Map<String, Long> params) { for (EPRole role : roleInfo) { params.put("roleId", role.getId()); - params.put("appId", app.get(0).getId()); + params.put(APP_ID, app.get(0).getId()); List<CentralRoleFunction> cenRoleFuncList = dataAccessService.executeNamedQuery("getAppRoleFunctionList", params, null); - SortedSet<CentralRoleFunction> roleFunctionSet = new TreeSet<CentralRoleFunction>(); + SortedSet<CentralRoleFunction> roleFunctionSet = new TreeSet<>(); for (CentralRoleFunction roleFunc : cenRoleFuncList) { CentralRoleFunction cenRoleFunc = new CentralRoleFunction(role.getId(), roleFunc.getCode(), roleFunc.getName(), null, null); roleFunctionSet.add(cenRoleFunc); } - SortedSet<CentralRole> childRoles = new TreeSet<CentralRole>(); + SortedSet<CentralRole> childRoles = new TreeSet<>(); CentralRole cenRole = null; if (role.getAppRoleId() == null) { cenRole = new CentralRole(role.getId(), role.getCreated(), role.getModified(), role.getCreatedId(), @@ -750,37 +921,47 @@ public class ExternalAccessRolesServiceImpl implements ExternalAccessRolesServic final Map<String, String> params = new HashMap<>(); try { params.put("functionCode", functionCode); - params.put("appId", String.valueOf(app.getId())); + params.put(APP_ID, String.valueOf(app.getId())); getRoleFuncList = dataAccessService.executeNamedQuery("getRoleFunction", params, null); - if (getRoleFuncList.isEmpty() | getRoleFuncList.size() == 0) { + if (getRoleFuncList.isEmpty()) { return roleFunc; } } catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger, "getRoleFunction failed", e); + logger.error(EELFLoggerDelegate.errorLogger, "getRoleFunction: failed", e); throw new Exception("getRoleFunction failed", e); } return getRoleFuncList.get(0); } @Override - public void saveCentralRoleFunction(CentralRoleFunction domainCentralRoleFunction, EPApp app) throws Exception { + public boolean saveCentralRoleFunction(CentralRoleFunction domainCentralRoleFunction, EPApp app) throws Exception { + boolean saveOrUpdateFunction = false; try { addRoleFunctionInExternalSystem(domainCentralRoleFunction, app); dataAccessService.saveDomainObject(domainCentralRoleFunction, null); + saveOrUpdateFunction = true; } catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger, "saveCentralRoleFunction failed", e); - throw new Exception(e.getMessage()); + logger.error(EELFLoggerDelegate.errorLogger, "saveCentralRoleFunction: failed", e); + saveOrUpdateFunction = false; } + return saveOrUpdateFunction; } - + + /** + * It creates application permission in external auth system + * + * @param domainCentralRoleFunction + * @param app + * @throws Exception + */ @SuppressWarnings("unchecked") private void addRoleFunctionInExternalSystem(CentralRoleFunction domainCentralRoleFunction, EPApp app) throws Exception { ObjectMapper mapper = new ObjectMapper(); final Map<String, String> params = new HashMap<>(); params.put("functionCd", domainCentralRoleFunction.getCode()); - params.put("appId", String.valueOf(app.getId())); + params.put(APP_ID, String.valueOf(app.getId())); ExternalAccessPerms extPerms = new ExternalAccessPerms(); HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth(); List<CentralRoleFunction> appRoleFunc = dataAccessService.executeNamedQuery("getAppFunctionDetails", params, @@ -793,7 +974,7 @@ public class ExternalAccessRolesServiceImpl implements ExternalAccessRolesServic } String checkType = domainCentralRoleFunction.getCode().contains("menu") ? "menu" : "url"; HttpEntity<String> getSinglePermEntity = new HttpEntity<>(headers); - logger.debug(EELFLoggerDelegate.debugLogger, "Connecting to External Access system"); + logger.debug(EELFLoggerDelegate.debugLogger, "addRoleFunctionInExternalSystem: {} ", CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE); ResponseEntity<String> getResponse = template.exchange( SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "perms/" + app.getNameSpace() + "." + checkType + "/" + roleFuncName + "/*", @@ -802,172 +983,200 @@ public class ExternalAccessRolesServiceImpl implements ExternalAccessRolesServic EPLogUtil.logExternalAuthAccessAlarm(logger, getResponse.getStatusCode()); throw new Exception(getResponse.getBody()); } - logger.debug(EELFLoggerDelegate.debugLogger, "Connected to External Access system"); + logger.debug(EELFLoggerDelegate.debugLogger, "addRoleFunctionInExternalSystem: Finished GET permission from External Auth system and response: {} ", getResponse.getBody()); String res = getResponse.getBody(); - if (res.equals("{}")) { - try{ - extPerms.setAction("*"); - extPerms.setInstance(domainCentralRoleFunction.getCode()); - extPerms.setType(app.getNameSpace() + "." + checkType); - extPerms.setDescription(domainCentralRoleFunction.getName()); - String updateRole = mapper.writeValueAsString(extPerms); - HttpEntity<String> entity = new HttpEntity<>(updateRole, headers); - logger.debug(EELFLoggerDelegate.debugLogger, "Connecting to External Access system"); - template.exchange( - SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "perm", - HttpMethod.POST, entity, String.class); - logger.debug(EELFLoggerDelegate.debugLogger, "Connected to External Access system"); - }catch(HttpClientErrorException e){ + if (res.equals(IS_EMPTY_JSON_STRING)) { + try { + extPerms.setAction("*"); + extPerms.setInstance(domainCentralRoleFunction.getCode()); + extPerms.setType(app.getNameSpace() + "." + checkType); + extPerms.setDescription(domainCentralRoleFunction.getName()); + String updateRole = mapper.writeValueAsString(extPerms); + HttpEntity<String> entity = new HttpEntity<>(updateRole, headers); + logger.debug(EELFLoggerDelegate.debugLogger, "addRoleFunctionInExternalSystem: {} " , CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE); + ResponseEntity<String> addPermResponse= template.exchange( + SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "perm", + HttpMethod.POST, entity, String.class); + logger.debug(EELFLoggerDelegate.debugLogger, "addRoleFunctionInExternalSystem: Finished adding permission in and status code: {} ", addPermResponse.getStatusCode().value()); + } catch(HttpClientErrorException e){ logger.error(EELFLoggerDelegate.errorLogger, "HttpClientErrorException - Failed to add function in external central auth system", e); EPLogUtil.logExternalAuthAccessAlarm(logger, e.getStatusCode()); - }catch(Exception e){ - logger.error(EELFLoggerDelegate.errorLogger, "Failed to add function in external central auth system", e); + }catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, "addRoleFunctionInExternalSystem: Failed to add fucntion in external central auth system", + e); } } else { - try{ - extPerms.setAction("*"); - extPerms.setInstance(domainCentralRoleFunction.getCode()); - extPerms.setType(app.getNameSpace() + "." + checkType); - extPerms.setDescription(domainCentralRoleFunction.getName()); - String updateRole = mapper.writeValueAsString(extPerms); - HttpEntity<String> entity = new HttpEntity<>(updateRole, headers); - logger.debug(EELFLoggerDelegate.debugLogger, "Connecting to External Access system"); - template.exchange( - SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "perm", - HttpMethod.PUT, entity, String.class); - logger.debug(EELFLoggerDelegate.debugLogger, "Connected to External Access system"); - }catch(HttpClientErrorException e){ + try { + extPerms.setAction("*"); + extPerms.setInstance(domainCentralRoleFunction.getCode()); + extPerms.setType(app.getNameSpace() + "." + checkType); + extPerms.setDescription(domainCentralRoleFunction.getName()); + String updateRole = mapper.writeValueAsString(extPerms); + HttpEntity<String> entity = new HttpEntity<>(updateRole, headers); + logger.debug(EELFLoggerDelegate.debugLogger, "addRoleFunctionInExternalSystem: {} " , CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE); + ResponseEntity<String> updatePermResponse = template.exchange( + SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "perm", + HttpMethod.PUT, entity, String.class); + logger.debug(EELFLoggerDelegate.debugLogger, "addRoleFunctionInExternalSystem: Finished updating permission in External Auth system and response: {} ", updatePermResponse.getBody()); + } catch(HttpClientErrorException e){ logger.error(EELFLoggerDelegate.errorLogger, "HttpClientErrorException - Failed to add function in external central auth system", e); EPLogUtil.logExternalAuthAccessAlarm(logger, e.getStatusCode()); - }catch(Exception e){ - logger.error(EELFLoggerDelegate.errorLogger, "Failed to add function in external central auth system", e); - + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, "addRoleFunctionInExternalSystem: Failed to update function in external central auth system", + e); } } } @Override @Transactional - public void deleteCentralRoleFunction(String code, String uebkey) { + public boolean deleteCentralRoleFunction(String code, EPApp app) { + boolean deleteFunctionResponse = false; try { - EPApp app = getApp(uebkey).get(0); final Map<String, String> params = new HashMap<>(); params.put("functionCd", code); - params.put("appId", String.valueOf(app.getId())); - CentralRoleFunction domainCentralRoleFunction = (CentralRoleFunction) dataAccessService.executeNamedQuery("getAppFunctionDetails", params, null).get(0); - deleteRoleFunctionInExternalSystem(domainCentralRoleFunction, app); - //Delete role function dependecy records - deleteAppRoleFunctions(code, app); + params.put(APP_ID, String.valueOf(app.getId())); + CentralRoleFunction domainCentralRoleFunction = (CentralRoleFunction) dataAccessService + .executeNamedQuery("getAppFunctionDetails", params, null).get(0); + deleteRoleFunctionInExternalSystem(domainCentralRoleFunction, app); + // Delete role function dependency records + deleteAppRoleFunctions(code, app); dataAccessService.deleteDomainObject(domainCentralRoleFunction, null); + deleteFunctionResponse = true; } catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger, "deleteCentralRoleFunction failed", e); + logger.error(EELFLoggerDelegate.errorLogger, "deleteCentralRoleFunction: failed", e); } + return deleteFunctionResponse; } + /** + * It deletes app function record in portal + * + * @param code + * @param app + */ private void deleteAppRoleFunctions(String code, EPApp app) { - dataAccessService.deleteDomainObjects(EPAppRoleFunction.class, " app_id = "+app.getId()+" and function_cd = '"+ code +"'", null); + dataAccessService.deleteDomainObjects(EPAppRoleFunction.class, + APP_ID_EQUALS + app.getId() + " and function_cd = '" + code + "'", null); } - + + /** + * + * It deletes permission in the external auth system + * + * @param domainCentralRoleFunction + * @param app + * @throws Exception + */ private void deleteRoleFunctionInExternalSystem(CentralRoleFunction domainCentralRoleFunction, EPApp app) throws Exception { - try{ - ObjectMapper mapper = new ObjectMapper(); - ExternalAccessPerms extPerms = new ExternalAccessPerms(); - String checkType = domainCentralRoleFunction.getCode().contains("menu") ? "menu" : "url"; - HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth(); - extPerms.setAction("*"); - extPerms.setInstance(domainCentralRoleFunction.getCode()); - extPerms.setType(app.getNameSpace() + "." + checkType); - extPerms.setDescription(domainCentralRoleFunction.getName()); - String updateRole = mapper.writeValueAsString(extPerms); - HttpEntity<String> entity = new HttpEntity<>(updateRole, headers); - template.exchange( - SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "perm?force=true", - HttpMethod.DELETE, entity, String.class); + try { + ObjectMapper mapper = new ObjectMapper(); + ExternalAccessPerms extPerms = new ExternalAccessPerms(); + String checkType = domainCentralRoleFunction.getCode().contains("menu") ? "menu" : "url"; + HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth(); + extPerms.setAction("*"); + extPerms.setInstance(domainCentralRoleFunction.getCode()); + extPerms.setType(app.getNameSpace() + "." + checkType); + extPerms.setDescription(domainCentralRoleFunction.getName()); + String updateRole = mapper.writeValueAsString(extPerms); + HttpEntity<String> entity = new HttpEntity<>(updateRole, headers); + logger.debug(EELFLoggerDelegate.debugLogger,"deleteRoleFunctionInExternalSystem: {} " , CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE); + ResponseEntity<String> delPermResponse = template.exchange(SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + + "perm?force=true", HttpMethod.DELETE, entity, String.class); + logger.debug(EELFLoggerDelegate.debugLogger, "deleteRoleFunctionInExternalSystem: Finished deleting permission in External Auth system and status code: {} ", delPermResponse.getStatusCode().value()); } catch(HttpClientErrorException e){ logger.error(EELFLoggerDelegate.errorLogger, "HttpClientErrorException - Failed to delete functions in External System", e); EPLogUtil.logExternalAuthAccessAlarm(logger, e.getStatusCode()); - } catch(Exception e){ - if(e.getMessage().equalsIgnoreCase("404 Not Found")){ - logger.debug(EELFLoggerDelegate.debugLogger, " It seems like function is already deleted in external central auth system but exists in local DB", e.getMessage()); - } else{ - logger.error(EELFLoggerDelegate.errorLogger, "Failed to delete functions in External System", e); + } catch (Exception e) { + if (e.getMessage().equalsIgnoreCase("404 Not Found")) { + logger.debug(EELFLoggerDelegate.debugLogger, + " deleteRoleFunctionInExternalSystem: It seems like function is already deleted in external central auth system but exists in local DB", + e.getMessage()); + } else { + logger.error(EELFLoggerDelegate.errorLogger, "deleteRoleFunctionInExternalSystem: Failed to delete functions in External System", e); } } } @Override - public void saveRoleForApplication(Role saveRole, String uebkey) throws Exception { + public boolean saveRoleForApplication(Role saveRole, String uebkey) throws Exception { + boolean addRoleResponse = false; try { EPApp app = getApp(uebkey).get(0); addRoleInEcompDB(saveRole, app); + addRoleResponse = true; } catch (Exception e) { logger.error(EELFLoggerDelegate.errorLogger, "saveRoleForApplication failed", e); - throw new Exception(e.getMessage()); } + return addRoleResponse; } @SuppressWarnings("unchecked") @Override - public void deleteRoleForApplication(String deleteRole, String uebkey) throws Exception { - Session localSession = null; + public boolean deleteRoleForApplication(String deleteRole, String uebkey) throws Exception { + Session localSession = sessionFactory.openSession(); Transaction transaction = null; boolean result = false; try { - localSession = sessionFactory.openSession(); transaction = localSession.beginTransaction(); List<EPRole> epRoleList = null; ResponseEntity<String> deleteResponse = null; EPApp app = getApp(uebkey).get(0); - if(app.getId() == 1) - { + if (app.getId() == 1) { epRoleList = dataAccessService.getList(EPRole.class, - " where app_id is null " + "and role_name = '" + deleteRole +"'", null, null); - } - else{ - epRoleList = dataAccessService.getList(EPRole.class, - " where app_id = " + app.getId() + " and role_name = '" + deleteRole +"'", null, null); + " where app_id is null " + "and role_name = '" + deleteRole + "'", null, null); + } else { + epRoleList = dataAccessService.getList(EPRole.class, + WHERE_APP_ID_EQUALS + app.getId() + " and role_name = '" + deleteRole + "'", null, null); } // Delete app role functions before deleting role deleteRoleFunction(app, epRoleList); - if(app.getId() == 1) - { + if (app.getId() == 1) { // Delete fn_user_ role dataAccessService.deleteDomainObjects(EPUserApp.class, - " app_id = " + app.getId() + " and role_id = " + epRoleList.get(0).getId(), null); - - deleteRoleDependeciesRecord(localSession, epRoleList.get(0).getId()); + APP_ID_EQUALS + app.getId() + " and role_id = " + epRoleList.get(0).getId(), null); + + deleteRoleDependencyRecords(localSession, epRoleList.get(0).getId(), app.getId()); } // Delete Role in External System String deleteRoleKey = "{\"name\":\"" + app.getNameSpace() + "." + epRoleList.get(0).getName().replaceAll(" ", "_") + "\"}"; deleteResponse = deleteRoleInExternalSystem(deleteRoleKey); - if (deleteResponse.getStatusCode().value() != 200) { + if (deleteResponse.getStatusCode().value() != 200 || deleteResponse.getStatusCode().value() != 404) { EPLogUtil.logExternalAuthAccessAlarm(logger, deleteResponse.getStatusCode()); - throw new Exception("Failed to delete role in external access system!"); + logger.error(EELFLoggerDelegate.errorLogger, + "deleteRoleForApplication: Failed to delete role in external auth system! due to {} ", + deleteResponse.getBody()); } - logger.debug(EELFLoggerDelegate.debugLogger, "about to commit the transaction"); + logger.debug(EELFLoggerDelegate.debugLogger, "deleteRoleForApplication: about to commit the transaction"); transaction.commit(); - logger.debug(EELFLoggerDelegate.debugLogger, "committed the transaction"); + logger.debug(EELFLoggerDelegate.debugLogger, "deleteRoleForApplication: committed the transaction"); dataAccessService.deleteDomainObject(epRoleList.get(0), null); result = true; } catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger, "deleteRoleForApplication failed", e); - throw new Exception(e.getMessage()); - }finally { + logger.error(EELFLoggerDelegate.errorLogger, "deleteRoleForApplication: failed", e); + result = false; + } finally { localSession.close(); - if (!result) { - throw new Exception( - "Exception occurred in deleteRoleForApplication while closing database session for role: '" + deleteRole + "'."); - } } + return result; } + /** + * + * It deletes application user role in external auth system + * + * @param role + * @param app + * @param LoginId + * @throws Exception + */ private void deleteUserRoleInExternalSystem(EPRole role, EPApp app, String LoginId) throws Exception { HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth(); HttpEntity<String> entity = new HttpEntity<>(headers); - logger.debug(EELFLoggerDelegate.debugLogger, "Connecting to External Access system"); + logger.debug(EELFLoggerDelegate.debugLogger,"deleteUserRoleInExternalSystem: {} " , CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE); ResponseEntity<String> getResponse = template .exchange( SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "userRole/" @@ -976,14 +1185,14 @@ public class ExternalAccessRolesServiceImpl implements ExternalAccessRolesServic .getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_USER_DOMAIN) + "/" + app.getNameSpace() + "." + role.getName().replaceAll(" ", "_"), HttpMethod.GET, entity, String.class); + logger.debug(EELFLoggerDelegate.debugLogger, "deleteUserRoleInExternalSystem: Finished GET user roles from External Auth system and response: {} ", getResponse.getBody()); if (getResponse.getStatusCode().value() != 200) { throw new Exception(getResponse.getBody()); } - logger.debug(EELFLoggerDelegate.debugLogger, "Connected to External Access system"); String res = getResponse.getBody(); - if (!res.equals("{}")) { + if (!res.equals(IS_EMPTY_JSON_STRING)) { HttpEntity<String> userRoleentity = new HttpEntity<>(headers); - logger.debug(EELFLoggerDelegate.debugLogger, "Connecting to External Access system"); + logger.debug(EELFLoggerDelegate.debugLogger, "deleteUserRoleInExternalSystem: {} " , CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE); ResponseEntity<String> deleteResponse = template .exchange( SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) @@ -995,7 +1204,7 @@ public class ExternalAccessRolesServiceImpl implements ExternalAccessRolesServic if (deleteResponse.getStatusCode().value() != 200) { throw new Exception("Failed to delete user role"); } - logger.debug(EELFLoggerDelegate.debugLogger, "Connected to External Access system"); + logger.debug(EELFLoggerDelegate.debugLogger, "deleteUserRoleInExternalSystem: Finished deleting user role in External Auth system and status code: {} ", deleteResponse.getStatusCode().value()); } } @@ -1012,10 +1221,10 @@ public class ExternalAccessRolesServiceImpl implements ExternalAccessRolesServic appId = app.get(0).getId(); } List<EPRole> epRole = dataAccessService.getList(EPRole.class, - " where app_id = " + appId + " and active_yn = 'Y'", null, null); + WHERE_APP_ID_EQUALS + appId + " and active_yn = 'Y'", null, null); roleList = createCentralRoleObject(app, epRole, roleList, params); } catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger, "getActiveRoles failed", e); + logger.error(EELFLoggerDelegate.errorLogger, "getActiveRoles: failed", e); throw new Exception(e.getMessage()); } return roleList; @@ -1024,159 +1233,169 @@ public class ExternalAccessRolesServiceImpl implements ExternalAccessRolesServic @SuppressWarnings("unchecked") @Override - public void deleteDependcyRoleRecord(Long roleId, String uebkey, String LoginId) throws Exception { + public boolean deleteDependencyRoleRecord(Long roleId, String uebkey, String LoginId) throws Exception { boolean result = false; - Session localSession = null; + Session localSession = sessionFactory.openSession(); Transaction transaction = null; EPApp app = null; try { - localSession = sessionFactory.openSession(); transaction = localSession.beginTransaction(); List<EPRole> epRoleList = null; app = getApp(uebkey).get(0); epRoleList = dataAccessService.getList(EPRole.class, - " where app_id = " + app.getId() + " and app_role_id = " + roleId, null, null); - if(epRoleList.isEmpty()){ + WHERE_APP_ID_EQUALS + app.getId() + " and app_role_id = " + roleId, null, null); + if (epRoleList.isEmpty()) { epRoleList = dataAccessService.getList(EPRole.class, - " where app_id = " + app.getId() + " and role_id = " + roleId, null, null); + WHERE_APP_ID_EQUALS + app.getId() + " and role_id = " + roleId, null, null); } // Delete User Role in External System before deleting role deleteUserRoleInExternalSystem(epRoleList.get(0), app, LoginId); // Delete user app roles dataAccessService.deleteDomainObjects(EPUserApp.class, - " app_id = " + app.getId() + " and role_id = " + epRoleList.get(0).getId(), null); - - deleteRoleDependeciesRecord(localSession, epRoleList.get(0).getId()); - logger.debug(EELFLoggerDelegate.debugLogger, "about to commit the transaction"); + APP_ID_EQUALS + app.getId() + " and role_id = " + epRoleList.get(0).getId(), null); + + deleteRoleDependencyRecords(localSession, epRoleList.get(0).getId(), app.getId()); + logger.debug(EELFLoggerDelegate.debugLogger, "deleteDependencyRoleRecord: about to commit the transaction"); transaction.commit(); - logger.debug(EELFLoggerDelegate.debugLogger, "committed the transaction"); + logger.debug(EELFLoggerDelegate.debugLogger, "deleteDependencyRoleRecord: committed the transaction"); result = true; - }catch(HttpClientErrorException e){ + } catch(HttpClientErrorException e){ logger.error(EELFLoggerDelegate.errorLogger, "HttpClientErrorException - Failed to deleteRoleDependeciesRecord", e); EPLogUtil.logExternalAuthAccessAlarm(logger, e.getStatusCode()); - }catch (Exception e) { - EcompPortalUtils.rollbackTransaction(transaction, - "deleteDependcyRoleRecord rollback, exception = " + e); + } catch (Exception e) { + EcompPortalUtils.rollbackTransaction(transaction, "deleteDependencyRoleRecord: rollback, exception = " + e); logger.error(EELFLoggerDelegate.errorLogger, EcompPortalUtils.getStackTrace(e)); - }finally { + result = false; + } finally { localSession.close(); - if (!result) { - throw new Exception( - "Exception occurred in syncAppRoles while closing database session for role: '" + app.getId() + "'."); - } } + return result; } + @Override @SuppressWarnings("unchecked") @Transactional - public void syncRoleFunctionFromExternalAccessSystem(EPApp app){ - try{ - ResponseEntity<String> response = null; - HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth(); - HttpEntity<String> entity = new HttpEntity<>(headers); - logger.debug(EELFLoggerDelegate.debugLogger, "Connecting to External Access system"); - response = template.exchange(SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) - + "perms/ns/" + app.getNameSpace(), HttpMethod.GET, entity, String.class); - - String res = response.getBody(); - logger.debug(EELFLoggerDelegate.debugLogger, "Connected to External Access system and the result is :", res); - JSONObject jsonObj = new JSONObject(res); - JSONArray extPerms = jsonObj.getJSONArray("perm"); - for (int i = 0; i < extPerms.length(); i++) { - if (extPerms.getJSONObject(i).getString("type").equals(app.getNameSpace() + ".access")) { - extPerms.remove(i); - i--; + public void syncRoleFunctionFromExternalAccessSystem(EPApp app) { + try { + ResponseEntity<String> response = null; + HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth(); + HttpEntity<String> entity = new HttpEntity<>(headers); + logger.debug(EELFLoggerDelegate.debugLogger, "syncRoleFunctionFromExternalAccessSystem: {} " , CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE); + response = template + .exchange(SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + + "perms/ns/" + app.getNameSpace(), HttpMethod.GET, entity, String.class); + + String res = response.getBody(); + logger.debug(EELFLoggerDelegate.debugLogger, "syncRoleFunctionFromExternalAccessSystem: Finished GET permissions from External Auth system and response: {} ", response.getBody()); + JSONObject jsonObj = new JSONObject(res); + JSONArray extPerms = jsonObj.getJSONArray("perm"); + for (int i = 0; i < extPerms.length(); i++) { + if (extPerms.getJSONObject(i).getString("type").equals(app.getNameSpace() + ".access")) { + extPerms.remove(i); + i--; + } } - } - ExternalAccessPermsDetail permDetails = null; - List<ExternalAccessPermsDetail> permsDetailList = new ArrayList<>(); - for (int i = 0; i < extPerms.length(); i++) { - if (extPerms.getJSONObject(i).has("roles")) { - ObjectMapper rolesListMapper = new ObjectMapper(); - JSONArray resRoles = extPerms.getJSONObject(i).getJSONArray("roles"); - List<String> list = rolesListMapper.readValue(resRoles.toString(), - TypeFactory.defaultInstance().constructCollectionType(List.class, String.class)); - permDetails = new ExternalAccessPermsDetail(extPerms.getJSONObject(i).getString("type"), - extPerms.getJSONObject(i).getString("instance"), extPerms.getJSONObject(i).getString("action"), - list, extPerms.getJSONObject(i).getString("description")); - permsDetailList.add(permDetails); - } else { - permDetails = new ExternalAccessPermsDetail(extPerms.getJSONObject(i).getString("type"), - extPerms.getJSONObject(i).getString("instance"), extPerms.getJSONObject(i).getString("action"), - extPerms.getJSONObject(i).getString("description")); - permsDetailList.add(permDetails); + ExternalAccessPermsDetail permDetails = null; + List<ExternalAccessPermsDetail> permsDetailList = new ArrayList<>(); + for (int i = 0; i < extPerms.length(); i++) { + if (extPerms.getJSONObject(i).has("roles")) { + ObjectMapper rolesListMapper = new ObjectMapper(); + JSONArray resRoles = extPerms.getJSONObject(i).getJSONArray("roles"); + List<String> list = rolesListMapper.readValue(resRoles.toString(), + TypeFactory.defaultInstance().constructCollectionType(List.class, String.class)); + permDetails = new ExternalAccessPermsDetail(extPerms.getJSONObject(i).getString("type"), + extPerms.getJSONObject(i).getString("instance"), + extPerms.getJSONObject(i).getString("action"), list, + extPerms.getJSONObject(i).getString(EXTERNAL_AUTH_ROLE_DESCRIPTION)); + permsDetailList.add(permDetails); + } else { + permDetails = new ExternalAccessPermsDetail(extPerms.getJSONObject(i).getString("type"), + extPerms.getJSONObject(i).getString("instance"), + extPerms.getJSONObject(i).getString("action"), + extPerms.getJSONObject(i).getString(EXTERNAL_AUTH_ROLE_DESCRIPTION)); + permsDetailList.add(permDetails); + } } - } - final Map<String, Long> params = new HashMap<>(); - final Map<String, CentralRoleFunction> roleFuncMap = new HashMap<>(); - params.put("appId", app.getId()); - List<CentralRoleFunction> appFunctions = dataAccessService.executeNamedQuery("getAllRoleFunctions", params, - null); - if (appFunctions.size() > 0) { - for (CentralRoleFunction roleFunc : appFunctions) { - roleFuncMap.put(roleFunc.getCode(), roleFunc); - } - } - // delete all application role functions - dataAccessService.deleteDomainObjects(EPAppRoleFunction.class, " app_id = " + app.getId(), null); - - // Add if new functions and app role functions were added in Externalsystem - for (ExternalAccessPermsDetail permsDetail : permsDetailList) { - if (!roleFuncMap.containsKey(permsDetail.getInstance())) { - CentralRoleFunction addFunction = new CentralRoleFunction(); - addFunction.setAppId(app.getId()); - addFunction.setCode(permsDetail.getInstance()); - addFunction.setName(permsDetail.getDescription()); - dataAccessService.saveDomainObject(addFunction, null); + final Map<String, Long> params = new HashMap<>(); + final Map<String, CentralRoleFunction> roleFuncMap = new HashMap<>(); + params.put(APP_ID, app.getId()); + List<CentralRoleFunction> appFunctions = dataAccessService.executeNamedQuery("getAllRoleFunctions", params, + null); + if (!appFunctions.isEmpty()) { + for (CentralRoleFunction roleFunc : appFunctions) { + roleFuncMap.put(roleFunc.getCode(), roleFunc); + } } + // delete all application role functions + dataAccessService.deleteDomainObjects(EPAppRoleFunction.class, APP_ID_EQUALS + app.getId(), null); + + // Add if new functions and app role functions were added in external auth system + for (ExternalAccessPermsDetail permsDetail : permsDetailList) { + if (!roleFuncMap.containsKey(permsDetail.getInstance())) { + try{ + CentralRoleFunction addFunction = new CentralRoleFunction(); + addFunction.setAppId(app.getId()); + addFunction.setCode(permsDetail.getInstance()); + addFunction.setName(permsDetail.getDescription()); + dataAccessService.saveDomainObject(addFunction, null); + } catch(Exception e){ + logger.error(EELFLoggerDelegate.errorLogger, "syncRoleFunctionFromExternalAccessSystem: Failed to add function", e); + } + } List<EPRole> epRolesList = null; List<String> roles = permsDetail.getRoles(); if (roles != null) { - for (String roleList : roles) { - if (app.getId().equals(PortalConstants.PORTAL_APP_ID)) { - epRolesList = dataAccessService.getList(EPRole.class, - " where app_id is null " + " and role_name = '" - + roleList.substring(app.getNameSpace().length() + 1).replaceAll("_", " ") +"'", - null, null); - } else { - epRolesList = dataAccessService.getList(EPRole.class, - " where app_id = " + app.getId() + " and role_name = '" - + roleList.substring(app.getNameSpace().length() + 1).replaceAll("_", " ") +"'", - null, null); - } - if(epRolesList.isEmpty()){ + for (String roleList : roles) { if (app.getId().equals(PortalConstants.PORTAL_APP_ID)) { epRolesList = dataAccessService.getList(EPRole.class, " where app_id is null " + " and role_name = '" - + roleList.substring(app.getNameSpace().length() + 1) + + roleList.substring(app.getNameSpace().length() + 1).replaceAll("_", " ") + "'", null, null); } else { epRolesList = dataAccessService.getList(EPRole.class, - " where app_id = " + app.getId() + " and role_name = '" - + roleList.substring(app.getNameSpace().length() + 1)+"'", + WHERE_APP_ID_EQUALS + app.getId() + " and role_name = '" + + roleList.substring(app.getNameSpace().length() + 1).replaceAll("_", " ") + + "'", null, null); } - } - // save all application role functions - if (epRolesList.size() > 0 || !epRolesList.isEmpty()) { - EPAppRoleFunction addAppRoleFunc = new EPAppRoleFunction(); - addAppRoleFunc.setAppId(app.getId()); - addAppRoleFunc.setCode(permsDetail.getInstance()); - addAppRoleFunc.setRoleId(epRolesList.get(0).getId()); - dataAccessService.saveDomainObject(addAppRoleFunc, null); + if (epRolesList.isEmpty()) { + if (app.getId().equals(PortalConstants.PORTAL_APP_ID)) { + epRolesList = dataAccessService.getList(EPRole.class, + " where app_id is null " + " and role_name = '" + + roleList.substring(app.getNameSpace().length() + 1) + "'", + null, null); + } else { + epRolesList = dataAccessService.getList(EPRole.class, + WHERE_APP_ID_EQUALS + app.getId() + " and role_name = '" + + roleList.substring(app.getNameSpace().length() + 1) + "'", + null, null); + } + } + // save all application role functions + if (!epRolesList.isEmpty()) { + try{ + EPAppRoleFunction addAppRoleFunc = new EPAppRoleFunction(); + addAppRoleFunc.setAppId(app.getId()); + addAppRoleFunc.setCode(permsDetail.getInstance()); + addAppRoleFunc.setRoleId(epRolesList.get(0).getId()); + dataAccessService.saveDomainObject(addAppRoleFunc, null); + } catch(Exception e){ + logger.error(EELFLoggerDelegate.errorLogger, "syncRoleFunctionFromExternalAccessSystem: Failed to save app role function ", e); + } + } } } } - } - logger.debug(EELFLoggerDelegate.debugLogger, "Finished syncRoleFunctionFromExternalAccessSystem"); - } catch(Exception e){ - logger.error(EELFLoggerDelegate.errorLogger, "Failed syncRoleFunctionFromExternalAccessSystem", e); + logger.debug(EELFLoggerDelegate.debugLogger, "syncRoleFunctionFromExternalAccessSystem: Finished syncRoleFunctionFromExternalAccessSystem"); + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, "syncRoleFunctionFromExternalAccessSystem: Failed syncRoleFunctionFromExternalAccessSystem", e); } } - + + @Override @SuppressWarnings("unchecked") public Integer bulkUploadFunctions(String uebkey) throws Exception { EPApp app = getApp(uebkey).get(0); @@ -1190,18 +1409,19 @@ public class ExternalAccessRolesServiceImpl implements ExternalAccessRolesServic addRoleFunctionInExternalSystem(cenRoleFunc, app); functionsAdded++; } - }catch(HttpClientErrorException e){ + } catch(HttpClientErrorException e){ logger.error(EELFLoggerDelegate.errorLogger, "HttpClientErrorException - bulkUploadFunctions failed", e); EPLogUtil.logExternalAuthAccessAlarm(logger, e.getStatusCode()); - }catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger, "bulkUploadFunctions failed", e.getMessage(), e); + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, "bulkUploadFunctions: failed", e.getMessage(), e); } return functionsAdded; } + @Override public Integer bulkUploadRoles(String uebkey) throws Exception { List<EPApp> app = getApp(uebkey); - List<EPRole> roles = getAppRoles(app.get(0).getId(), null); + List<EPRole> roles = getAppRoles(app.get(0).getId()); List<CentralRole> cenRoleList = new ArrayList<>(); final Map<String, Long> params = new HashMap<>(); Integer rolesListAdded = 0; @@ -1217,44 +1437,53 @@ public class ExternalAccessRolesServiceImpl implements ExternalAccessRolesServic rolesListAdded++; } } catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger, "bulkUploadRoles failed", e); + logger.error(EELFLoggerDelegate.errorLogger, "bulkUploadRoles: failed", e); throw new Exception(e.getMessage()); } return rolesListAdded; } - + + /** + * It creating new role in external auth system while doing bulk upload + * + * @param role + * @param app + * @throws Exception + */ private void addRoleInExternalSystem(Role role, EPApp app) throws Exception { - String addRoleNew = createNewRoleInExternalSystem(role, app); + String addRoleNew = updateExistingRoleInExternalSystem(role, app); HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth(); - try{ - HttpEntity<String> entity = new HttpEntity<>(addRoleNew, headers); - template.exchange( - SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "role", - HttpMethod.POST, entity, String.class); - }catch(HttpClientErrorException e){ + try { + HttpEntity<String> entity = new HttpEntity<>(addRoleNew, headers); + template.exchange( + SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "role", + HttpMethod.POST, entity, String.class); + } catch(HttpClientErrorException e){ logger.error(EELFLoggerDelegate.errorLogger, "HttpClientErrorException - Failed to addRoleInExternalSystem", e); EPLogUtil.logExternalAuthAccessAlarm(logger, e.getStatusCode()); - }catch(Exception e){ + } catch (Exception e) { if (e.getMessage().equalsIgnoreCase("409 Conflict")) { - logger.error(EELFLoggerDelegate.errorLogger, "Role already exits but does not break functionality"); + logger.error(EELFLoggerDelegate.errorLogger, "addRoleInExternalSystem: Role already exits but does not break functionality", e); } else { - logger.error(EELFLoggerDelegate.errorLogger, "Failed to addRoleInExternalSystem", e.getMessage()); + logger.error(EELFLoggerDelegate.errorLogger, "addRoleInExternalSystem: Failed to addRoleInExternalSystem", e.getMessage()); } } } - + + @Override @SuppressWarnings("unchecked") public Integer bulkUploadRolesFunctions(String uebkey) throws Exception { EPApp app = getApp(uebkey).get(0); - List<EPRole> roles = getAppRoles(app.getId(), null); + List<EPRole> roles = getAppRoles(app.getId()); final Map<String, Long> params = new HashMap<>(); Integer roleFunctions = 0; try { for (EPRole role : roles) { params.put("roleId", role.getId()); - List<BulkUploadRoleFunction> appRoleFunc = dataAccessService.executeNamedQuery("uploadAllRoleFunctions", params, null); - if(!appRoleFunc.isEmpty()){ - for(BulkUploadRoleFunction addRoleFunc : appRoleFunc){ + List<BulkUploadRoleFunction> appRoleFunc = dataAccessService.executeNamedQuery("uploadAllRoleFunctions", + params, null); + if (!appRoleFunc.isEmpty()) { + for (BulkUploadRoleFunction addRoleFunc : appRoleFunc) { addRoleFunctionsInExternalSystem(addRoleFunc, role, app); roleFunctions++; } @@ -1264,34 +1493,44 @@ public class ExternalAccessRolesServiceImpl implements ExternalAccessRolesServic logger.error(EELFLoggerDelegate.errorLogger, "HttpClientErrorException - Failed to bulkUploadRolesFunctions", e); EPLogUtil.logExternalAuthAccessAlarm(logger, e.getStatusCode()); } catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger, "bulkUploadRolesFunctions failed", e); + logger.error(EELFLoggerDelegate.errorLogger, "bulkUploadRolesFunctions: failed", e); } return roleFunctions; } - - private void addRoleFunctionsInExternalSystem(BulkUploadRoleFunction addRoleFunc, EPRole role, EPApp app){ - String checkType = addRoleFunc.getFunctionCd().contains("menu") ? "menu" : "url"; - ExternalAccessRolePerms extRolePerms = null; - ExternalAccessPerms extPerms = null; - ObjectMapper mapper = new ObjectMapper(); - try{ + + /** + * Its adding a role function while doing bulk upload + * + * @param addRoleFunc + * @param role + * @param app + */ + private void addRoleFunctionsInExternalSystem(BulkUploadRoleFunction addRoleFunc, EPRole role, EPApp app) { + String checkType = addRoleFunc.getFunctionCd().contains("menu") ? "menu" : "url"; + ExternalAccessRolePerms extRolePerms = null; + ExternalAccessPerms extPerms = null; + ObjectMapper mapper = new ObjectMapper(); + try { HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth(); - extPerms = new ExternalAccessPerms(app.getNameSpace() + "." + checkType, addRoleFunc.getFunctionCd(), "*", addRoleFunc.getFunctionName()); + extPerms = new ExternalAccessPerms(app.getNameSpace() + "." + checkType, addRoleFunc.getFunctionCd(), "*", + addRoleFunc.getFunctionName()); extRolePerms = new ExternalAccessRolePerms(extPerms, app.getNameSpace() + "." + role.getName().replaceAll(" ", "_")); String updateRolePerms = mapper.writeValueAsString(extRolePerms); HttpEntity<String> entity = new HttpEntity<>(updateRolePerms, headers); - template - .exchange(SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) - + "role/perm", HttpMethod.POST, entity, String.class); - } catch(Exception e){ - if (e.getMessage().equalsIgnoreCase("409 Conflict")) { - logger.error(EELFLoggerDelegate.errorLogger, "RoleFunction already exits but does not break functionality",e); - } else { - logger.error(EELFLoggerDelegate.errorLogger, "Failed to addRoleFunctionsInExternalSystem", e.getMessage()); - } + template.exchange( + SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "role/perm", + HttpMethod.POST, entity, String.class); + } catch (Exception e) { + if (e.getMessage().equalsIgnoreCase("409 Conflict")) { + logger.error(EELFLoggerDelegate.errorLogger, + "addRoleFunctionsInExternalSystem: RoleFunction already exits but does not break functionality", e); + } else { + logger.error(EELFLoggerDelegate.errorLogger, "addRoleFunctionsInExternalSystem: Failed to addRoleFunctionsInExternalSystem", + e.getMessage()); } + } } @Override @@ -1347,143 +1586,143 @@ public class ExternalAccessRolesServiceImpl implements ExternalAccessRolesServic } catch (Exception e) { if (e.getMessage().equalsIgnoreCase("409 Conflict")) { logger.error(EELFLoggerDelegate.errorLogger, - "RoleFunction already exits but does not break functionality"); + "bulkUploadPartnerRoleFunctions: RoleFunction already exits but does not break functionality"); } else { - logger.error(EELFLoggerDelegate.errorLogger, "Failed to addRoleFunctionsInExternalSystem", + logger.error(EELFLoggerDelegate.errorLogger, "bulkUploadPartnerRoleFunctions: Failed to addRoleFunctionsInExternalSystem", e.getMessage()); } } } } - + + @Override @SuppressWarnings("unchecked") @Transactional - public void SyncApplicationRolesWithEcompDB(EPApp app){ - try{ - ResponseEntity<String> response = null; - List<EPRole> finalRoleList = new ArrayList<>(); - ExternalRoleDescription ApplicationRole = new ExternalRoleDescription(); - ExternalAccessPerms externalAccessPerms = null; - List<String> functionCodelist = new ArrayList<>(); - List<ExternalRoleDetails> externalRoleDetailsList = new ArrayList<>(); - ObjectMapper mapper = new ObjectMapper(); - HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth(); - HttpEntity<String> entity = new HttpEntity<>(headers); - logger.debug(EELFLoggerDelegate.debugLogger, "Connecting to External Access system"); - response = template.exchange(SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) - + "roles/ns/" + app.getNameSpace(), HttpMethod.GET, entity, String.class); - String res = response.getBody(); - logger.debug(EELFLoggerDelegate.debugLogger, "Connected to External Access system and the result is :", res); - JSONObject jsonObj = new JSONObject(res); - JSONArray extRole = jsonObj.getJSONArray("role"); - for (int i = 0; i < extRole.length(); i++) { - if (extRole.getJSONObject(i).getString("name").equals(app.getNameSpace() + ".admin") - || extRole.getJSONObject(i).getString("name").equals(app.getNameSpace() + ".owner") - ) { - extRole.remove(i); - i--; - } - if(!app.getId().equals(PortalConstants.PORTAL_APP_ID) && extRole.getJSONObject(i).get("name").equals(app.getNameSpace()+"."+PortalConstants.ADMIN_ROLE.replaceAll(" ", "_"))){ - extRole.remove(i); - i--; - } - } - List<EPAppRoleFunction> applicationRoleFunctionList = new ArrayList<>(); - for (int i = 0; i < extRole.length(); i++) { - ExternalRoleDetails externalRoleDetail = new ExternalRoleDetails(); - EPAppRoleFunction ePAppRoleFunction = new EPAppRoleFunction(); - JSONObject Role = (JSONObject) extRole.get(i); - if(!extRole.getJSONObject(i).has("description")) - { - ApplicationRole.setActive("true"); - ApplicationRole.setAppId("null"); - ApplicationRole.setPriority("null"); - ApplicationRole.setAppRoleId("null"); - String roleName =extRole.getJSONObject(i).getString("name"); - ApplicationRole.setName(roleName.substring(app.getNameSpace().length()+1)); - } - else { - String desc = extRole.getJSONObject(i).getString("description"); - ApplicationRole = mapper.readValue(desc, ExternalRoleDescription.class); + public void syncApplicationRolesWithEcompDB(EPApp app) { + try { + ResponseEntity<String> response = null; + List<EPRole> finalRoleList = new ArrayList<>(); + ExternalRoleDescription ApplicationRole = new ExternalRoleDescription(); + ExternalAccessPerms externalAccessPerms = null; + List<String> functionCodelist = new ArrayList<>(); + List<ExternalRoleDetails> externalRoleDetailsList = new ArrayList<>(); + ObjectMapper mapper = new ObjectMapper(); + HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth(); + HttpEntity<String> entity = new HttpEntity<>(headers); + logger.debug(EELFLoggerDelegate.debugLogger, "syncApplicationRolesWithEcompDB: {} " , CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE); + response = template + .exchange(SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + + "roles/ns/" + app.getNameSpace(), HttpMethod.GET, entity, String.class); + String res = response.getBody(); + logger.debug(EELFLoggerDelegate.debugLogger, "syncApplicationRolesWithEcompDB: Finished GET roles from External Auth system and the result is :", + res); + JSONObject jsonObj = new JSONObject(res); + JSONArray extRole = jsonObj.getJSONArray("role"); + for (int i = 0; i < extRole.length(); i++) { + if (extRole.getJSONObject(i).getString(ROLE_NAME).equals(app.getNameSpace() + ".admin") + || extRole.getJSONObject(i).getString(ROLE_NAME).equals(app.getNameSpace() + ".owner")) { + extRole.remove(i); + i--; + } + if (!app.getId().equals(PortalConstants.PORTAL_APP_ID) && extRole.getJSONObject(i).get(ROLE_NAME) + .equals(app.getNameSpace() + "." + PortalConstants.ADMIN_ROLE.replaceAll(" ", "_"))) { + extRole.remove(i); + i--; + } } - + List<EPAppRoleFunction> applicationRoleFunctionList = new ArrayList<>(); + for (int i = 0; i < extRole.length(); i++) { + ExternalRoleDetails externalRoleDetail = new ExternalRoleDetails(); + EPAppRoleFunction ePAppRoleFunction = new EPAppRoleFunction(); + JSONObject Role = (JSONObject) extRole.get(i); + if (!extRole.getJSONObject(i).has(EXTERNAL_AUTH_ROLE_DESCRIPTION)) { + ApplicationRole.setActive("true"); + ApplicationRole.setAppId(IS_NULL_STRING); + ApplicationRole.setPriority(IS_NULL_STRING); + ApplicationRole.setAppRoleId(IS_NULL_STRING); + String roleName = extRole.getJSONObject(i).getString(ROLE_NAME); + ApplicationRole.setName(roleName.substring(app.getNameSpace().length() + 1)); + } else { + String desc = extRole.getJSONObject(i).getString(EXTERNAL_AUTH_ROLE_DESCRIPTION); + ApplicationRole = mapper.readValue(desc, ExternalRoleDescription.class); + } - SortedSet<ExternalAccessPerms> externalAccessPermsOfRole = new TreeSet<>(); - if (extRole.getJSONObject(i).has("perms")) { - JSONArray extPerm = (JSONArray) Role.get("perms"); - for (int j = 0; j < extPerm.length(); j++) { - JSONObject perms = extPerm.getJSONObject(j); - externalAccessPerms = new ExternalAccessPerms(perms.getString("type"), perms.getString("instance"), - perms.getString("action")); - ePAppRoleFunction.setCode(externalAccessPerms.getInstance()); - functionCodelist.add(ePAppRoleFunction.getCode()); - externalAccessPermsOfRole.add(externalAccessPerms); + SortedSet<ExternalAccessPerms> externalAccessPermsOfRole = new TreeSet<>(); + if (extRole.getJSONObject(i).has(EXTERNAL_AUTH_PERMS)) { + JSONArray extPerm = (JSONArray) Role.get(EXTERNAL_AUTH_PERMS); + for (int j = 0; j < extPerm.length(); j++) { + JSONObject perms = extPerm.getJSONObject(j); + externalAccessPerms = new ExternalAccessPerms(perms.getString("type"), + perms.getString("instance"), perms.getString("action")); + ePAppRoleFunction.setCode(externalAccessPerms.getInstance()); + functionCodelist.add(ePAppRoleFunction.getCode()); + externalAccessPermsOfRole.add(externalAccessPerms); + } } - } - if (ApplicationRole.getActive().equals("null")) { - externalRoleDetail.setActive(false); - } else { - externalRoleDetail.setActive(Boolean.parseBoolean(ApplicationRole.getActive().toString())); - } - externalRoleDetail.setName(ApplicationRole.getName()); - - if (ApplicationRole.getAppId().equals("null") && app.getId() == 1) { - externalRoleDetail.setAppId(null); - } else if(ApplicationRole.getAppId().equals("null")){ - externalRoleDetail.setAppId(app.getId()); - }else { - externalRoleDetail.setAppId(Long.parseLong(ApplicationRole.getAppId().toString())); + if (ApplicationRole.getActive().equals(IS_NULL_STRING)) { + externalRoleDetail.setActive(false); + } else { + externalRoleDetail.setActive(Boolean.parseBoolean(ApplicationRole.getActive().toString())); + } + externalRoleDetail.setName(ApplicationRole.getName()); + + if (ApplicationRole.getAppId().equals(IS_NULL_STRING) && app.getId() == 1) { + externalRoleDetail.setAppId(null); + } else if (ApplicationRole.getAppId().equals(IS_NULL_STRING)) { + externalRoleDetail.setAppId(app.getId()); + } else { + externalRoleDetail.setAppId(Long.parseLong(ApplicationRole.getAppId().toString())); + } + + if (ApplicationRole.getPriority().equals(IS_NULL_STRING)) { + externalRoleDetail.setPriority(null); + } else { + externalRoleDetail.setPriority(Integer.parseInt(ApplicationRole.getPriority().toString())); + } + + if (ApplicationRole.getAppRoleId().equals(IS_NULL_STRING) && app.getId() == 1) { + externalRoleDetail.setAppRoleId(null); + } + + if (!externalAccessPermsOfRole.isEmpty()) { + for (ExternalAccessPerms externalpermission : externalAccessPermsOfRole) { + EPAppRoleFunction apRoleFunction = new EPAppRoleFunction(); + apRoleFunction.setAppId(app.getId()); + apRoleFunction.setRoleId(Long.parseLong(ApplicationRole.getId())); + apRoleFunction.setCode(externalpermission.getInstance()); + applicationRoleFunctionList.add(apRoleFunction); + } + } + externalRoleDetailsList.add(externalRoleDetail); } - if (ApplicationRole.getPriority().equals("null")) { - externalRoleDetail.setPriority(null); - } else { - externalRoleDetail.setPriority(Integer.parseInt(ApplicationRole.getPriority().toString())); + for (ExternalRoleDetails externalRole : externalRoleDetailsList) { + EPRole ecompRole = convertExternalRoleDetailstoEpRole(externalRole); + finalRoleList.add(ecompRole); } - if (ApplicationRole.getAppRoleId().equals("null") && app.getId() == 1) { - externalRoleDetail.setAppRoleId(null); + List<EPRole> applicationRolesList = new ArrayList<>(); + applicationRolesList = getAppRoles(app.getId()); + List<String> applicationRoleIdList = new ArrayList<>(); + for (EPRole applicationRole : applicationRolesList) { + applicationRoleIdList.add(applicationRole.getName()); } - if (!externalAccessPermsOfRole.isEmpty() || externalAccessPermsOfRole.size() > 0) { - for (ExternalAccessPerms externalpermission : externalAccessPermsOfRole) { - EPAppRoleFunction apRoleFunction = new EPAppRoleFunction(); - apRoleFunction.setAppId(app.getId()); - apRoleFunction.setRoleId(Long.parseLong(ApplicationRole.getId())); - apRoleFunction.setCode(externalpermission.getInstance()); - applicationRoleFunctionList.add(apRoleFunction); + List<EPRole> roleListToBeAddInEcompDB = new ArrayList<>(); + for (EPRole aafRole : finalRoleList) { + if (!applicationRoleIdList.contains(aafRole.getName())) { + roleListToBeAddInEcompDB.add(aafRole); } } - externalRoleDetailsList.add(externalRoleDetail); - } - - for (ExternalRoleDetails externalRole : externalRoleDetailsList) { - EPRole ecompRole = new EPRole(); - ecompRole = convertExternalRoleDetailstoEpRole(externalRole); - finalRoleList.add(ecompRole); - } - List<EPRole> applicationRolesList = new ArrayList<>(); - applicationRolesList = getAppRoles(app.getId(), null); - List<String> applicationRoleIdList = new ArrayList<>(); - for (EPRole applicationRole : applicationRolesList) { - applicationRoleIdList.add(applicationRole.getName()); - } - - List<EPRole> roleListToBeAddInEcompDB = new ArrayList<>(); - for (EPRole aafRole : finalRoleList) { - if (!applicationRoleIdList.contains(aafRole.getName())) { - roleListToBeAddInEcompDB.add(aafRole); + // Check if roles exits in external Access system and make it + // inactive + final Map<String, EPRole> checkRolesInactive = new HashMap<>(); + for (EPRole extrole : finalRoleList) { + checkRolesInactive.put(extrole.getName(), extrole); } - } - - // Check if roles exits in external Access system and make it inactive - final Map<String, EPRole> checkRolesInactive = new HashMap<>(); - for(EPRole extrole : finalRoleList){ - checkRolesInactive.put(extrole.getName(), extrole); - } for (EPRole role : applicationRolesList) { final Map<String, String> extRoleParams = new HashMap<>(); List<EPRole> roleList = new ArrayList<>(); @@ -1492,15 +1731,15 @@ public class ExternalAccessRolesServiceImpl implements ExternalAccessRolesServic if (app.getId() == 1) { roleList = dataAccessService.executeNamedQuery("getPortalAppRoles", extRoleParams, null); } else { - extRoleParams.put("appId", app.getId().toString()); + extRoleParams.put(APP_ID, app.getId().toString()); roleList = dataAccessService.executeNamedQuery("getRoletoUpdateAAF", extRoleParams, null); } EPRole updateRoleInactive = roleList.get(0); updateRoleInactive.setActive(false); - dataAccessService.saveDomainObject(updateRoleInactive, null); + dataAccessService.saveDomainObject(updateRoleInactive, null); } } - + for (EPRole roleItem : finalRoleList) { final Map<String, String> roleParams = new HashMap<>(); List<EPRole> currentList = new ArrayList<>(); @@ -1508,7 +1747,7 @@ public class ExternalAccessRolesServiceImpl implements ExternalAccessRolesServic if (app.getId() == 1) { currentList = dataAccessService.executeNamedQuery("getPortalAppRoles", roleParams, null); } else { - roleParams.put("appId", app.getId().toString()); + roleParams.put(APP_ID, app.getId().toString()); currentList = dataAccessService.executeNamedQuery("getRoletoUpdateAAF", roleParams, null); } @@ -1533,55 +1772,60 @@ public class ExternalAccessRolesServiceImpl implements ExternalAccessRolesServic } } - EPRole roleToBeAddedInEcompDB = new EPRole(); - for (int i = 0; i < roleListToBeAddInEcompDB.size(); i++) { - roleToBeAddedInEcompDB = roleListToBeAddInEcompDB.get(i); - if(app.getId() == 1) - { - roleToBeAddedInEcompDB.setAppRoleId(null); - } - dataAccessService.saveDomainObject(roleToBeAddedInEcompDB, null); - List <EPRole> getRoleCreatedInSync = null; - if (!app.getId().equals(PortalConstants.PORTAL_APP_ID)) { - getRoleCreatedInSync = dataAccessService.getList(EPRole.class, - " where role_name = '" + roleToBeAddedInEcompDB.getName() +"'", null, null); - EPRole epUpdateRole = getRoleCreatedInSync.get(0); - epUpdateRole.setAppRoleId(epUpdateRole.getId()); - dataAccessService.saveDomainObject(epUpdateRole, null); - } - List<EPRole> roleList = new ArrayList<>(); - final Map<String, String> params = new HashMap<>(); + EPRole roleToBeAddedInEcompDB = new EPRole(); + for (int i = 0; i < roleListToBeAddInEcompDB.size(); i++) { + roleToBeAddedInEcompDB = roleListToBeAddInEcompDB.get(i); + if (app.getId() == 1) { + roleToBeAddedInEcompDB.setAppRoleId(null); + } + dataAccessService.saveDomainObject(roleToBeAddedInEcompDB, null); + List<EPRole> getRoleCreatedInSync = null; + if (!app.getId().equals(PortalConstants.PORTAL_APP_ID)) { + getRoleCreatedInSync = dataAccessService.getList(EPRole.class, + WHERE_ROLE_NAME_EQUALS + roleToBeAddedInEcompDB.getName() + "'", null, null); + EPRole epUpdateRole = getRoleCreatedInSync.get(0); + epUpdateRole.setAppRoleId(epUpdateRole.getId()); + dataAccessService.saveDomainObject(epUpdateRole, null); + } + List<EPRole> roleList = new ArrayList<>(); + final Map<String, String> params = new HashMap<>(); - params.put("appRoleName", roleToBeAddedInEcompDB.getName()); - if (app.getId() == 1) { - roleList = dataAccessService.executeNamedQuery("getPortalAppRoles", params, null); - } else { - params.put("appId", app.getId().toString()); - roleList = dataAccessService.executeNamedQuery("getRoletoUpdateAAF", params, null); + params.put("appRoleName", roleToBeAddedInEcompDB.getName()); + if (app.getId() == 1) { + roleList = dataAccessService.executeNamedQuery("getPortalAppRoles", params, null); + } else { + params.put(APP_ID, app.getId().toString()); + roleList = dataAccessService.executeNamedQuery("getRoletoUpdateAAF", params, null); + } + EPRole role = roleList.get(0); + Role aaFrole = new Role(); + aaFrole.setId(role.getId()); + aaFrole.setActive(role.getActive()); + aaFrole.setPriority(role.getPriority()); + aaFrole.setName(role.getName()); + updateRoleInExternalSystem(aaFrole, app); } - EPRole role = roleList.get(0); - Role aaFrole = new Role(); - aaFrole.setId(role.getId()); - aaFrole.setActive(role.getActive()); - aaFrole.setPriority(role.getPriority()); - aaFrole.setName(role.getName()); - updateRoleInExternalSystem(aaFrole, app); - } - dataAccessService.deleteDomainObjects(EPAppRoleFunction.class, " app_id = " + app.getId(), null); + dataAccessService.deleteDomainObjects(EPAppRoleFunction.class, APP_ID_EQUALS + app.getId(), null); for (EPAppRoleFunction rolefun : applicationRoleFunctionList) { dataAccessService.saveDomainObject(rolefun, null); } - - logger.debug(EELFLoggerDelegate.debugLogger, "Finished SyncApplicationRolesWithEcompDB"); - }catch(HttpClientErrorException e){ + logger.debug(EELFLoggerDelegate.debugLogger, "syncApplicationRolesWithEcompDB: Finished"); + } catch(HttpClientErrorException e){ logger.error(EELFLoggerDelegate.errorLogger, "Failed to SyncApplicationRolesWithEcompDB", e); EPLogUtil.logExternalAuthAccessAlarm(logger, e.getStatusCode()); - }catch(Exception e){ - logger.error(EELFLoggerDelegate.errorLogger, "Failed to SyncApplicationRolesWithEcompDB", e); + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, "syncApplicationRolesWithEcompDB: Failed ", e); } } - public EPRole convertExternalRoleDetailstoEpRole(ExternalRoleDetails externalRoleDetails) { + /** + * + * It converts from ExternalRoleDetails.class object to EPRole.class object + * + * @param externalRoleDetails + * @return EPRole object + */ + private EPRole convertExternalRoleDetailstoEpRole(ExternalRoleDetails externalRoleDetails) { EPRole role = new EPRole(); role.setActive(externalRoleDetails.isActive()); role.setAppId(externalRoleDetails.getAppId()); @@ -1609,105 +1853,115 @@ public class ExternalAccessRolesServiceImpl implements ExternalAccessRolesServic return userRolesAdded; } - private void addUserRoleInExternalSystem(BulkUploadUserRoles userRolesUpload){ - try{ - String name = ""; - ObjectMapper mapper = new ObjectMapper(); - if (EPCommonSystemProperties.containsProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_USER_DOMAIN)) { - name = userRolesUpload.getOrgUserId() - + SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_USER_DOMAIN); - } - ExternalAccessUser extUser = new ExternalAccessUser(name, - userRolesUpload.getAppNameSpace() + "." + userRolesUpload.getRoleName().replaceAll(" ", "_")); - String userRole = mapper.writeValueAsString(extUser); - HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth(); - HttpEntity<String> entity = new HttpEntity<>(userRole, headers); - template.exchange( - SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "userRole", - HttpMethod.POST, entity, String.class); - }catch(HttpClientErrorException e){ + /** + * Its adding a user role in external auth system while doing bulk upload + * + * @param userRolesUpload + */ + private void addUserRoleInExternalSystem(BulkUploadUserRoles userRolesUpload) { + try { + String name = ""; + ObjectMapper mapper = new ObjectMapper(); + if (EPCommonSystemProperties + .containsProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_USER_DOMAIN)) { + name = userRolesUpload.getOrgUserId() + + SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_USER_DOMAIN); + } + ExternalAccessUser extUser = new ExternalAccessUser(name, + userRolesUpload.getAppNameSpace() + "." + userRolesUpload.getRoleName().replaceAll(" ", "_")); + String userRole = mapper.writeValueAsString(extUser); + HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth(); + HttpEntity<String> entity = new HttpEntity<>(userRole, headers); + template.exchange( + SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "userRole", + HttpMethod.POST, entity, String.class); + } catch(HttpClientErrorException e){ logger.error(EELFLoggerDelegate.errorLogger, "HttpClientErrorException - Failed to addUserRoleInExternalSystem", e); EPLogUtil.logExternalAuthAccessAlarm(logger, e.getStatusCode()); - }catch (Exception e) { + } catch (Exception e) { if (e.getMessage().equalsIgnoreCase("409 Conflict")) { - logger.error(EELFLoggerDelegate.errorLogger, "UserRole already exits but does not break functionality"); + logger.error(EELFLoggerDelegate.errorLogger, "addUserRoleInExternalSystem: UserRole already exits but does not break functionality"); } else { - logger.error(EELFLoggerDelegate.errorLogger, "Failed to addUserRoleInExternalSystem", e.getMessage()); + logger.error(EELFLoggerDelegate.errorLogger, "addUserRoleInExternalSystem: Failed to addUserRoleInExternalSystem", e.getMessage()); } } } @Override - public void deleteRoleDependeciesRecord(Session localSession, Long roleId) throws Exception { + public void deleteRoleDependencyRecords(Session localSession, Long roleId, Long appId) throws Exception { try { + String sql = ""; + Query query = null; + + //It should delete only when it portal's roleId + if(appId.equals(PortalConstants.PORTAL_APP_ID)){ // Delete from fn_role_function - String sql = "DELETE FROM fn_role_function WHERE role_id=" + roleId; + sql = "DELETE FROM fn_role_function WHERE role_id=" + roleId; logger.debug(EELFLoggerDelegate.debugLogger, "Executing query: " + sql); - Query query = localSession.createSQLQuery(sql); + query = localSession.createSQLQuery(sql); query.executeUpdate(); - // Delete from ep_app_role_function - sql = "DELETE FROM ep_app_role_function WHERE role_id=" + roleId; + // Delete from fn_role_composite + sql = "DELETE FROM fn_role_composite WHERE parent_role_id=" + roleId + " OR child_role_id=" + roleId; logger.debug(EELFLoggerDelegate.debugLogger, "Executing query: " + sql); - query = localSession.createSQLQuery(sql); + query = localSession.createSQLQuery(sql); query.executeUpdate(); + } - // Delete from ep_role_notification - sql = "DELETE FROM ep_role_notification WHERE role_id=" + roleId; + // Delete from ep_app_role_function + sql = "DELETE FROM ep_app_role_function WHERE role_id=" + roleId; logger.debug(EELFLoggerDelegate.debugLogger, "Executing query: " + sql); query = localSession.createSQLQuery(sql); query.executeUpdate(); - - // Delete from fn_role_composite - sql = "DELETE FROM fn_role_composite WHERE parent_role_id=" + roleId + " OR child_role_id=" - + roleId; + + // Delete from ep_role_notification + sql = "DELETE FROM ep_role_notification WHERE role_id=" + roleId; logger.debug(EELFLoggerDelegate.debugLogger, "Executing query: " + sql); query = localSession.createSQLQuery(sql); query.executeUpdate(); - + // Delete from fn_user_pseudo_role sql = "DELETE FROM fn_user_pseudo_role WHERE pseudo_role_id=" + roleId; logger.debug(EELFLoggerDelegate.debugLogger, "Executing query: " + sql); query = localSession.createSQLQuery(sql); query.executeUpdate(); - - //Delete form EP_WIDGET_CATALOG_ROLE + + // Delete form EP_WIDGET_CATALOG_ROLE sql = "DELETE FROM EP_WIDGET_CATALOG_ROLE WHERE role_id=" + roleId; logger.debug(EELFLoggerDelegate.debugLogger, "Executing query: " + sql); query = localSession.createSQLQuery(sql); query.executeUpdate(); - - //Delete form EP_WIDGET_CATALOG_ROLE + + // Delete form EP_WIDGET_CATALOG_ROLE sql = "DELETE FROM ep_user_roles_request_det WHERE requested_role_id=" + roleId; logger.debug(EELFLoggerDelegate.debugLogger, "Executing query: " + sql); query = localSession.createSQLQuery(sql); query.executeUpdate(); - - //Delete form fn_menu_functional_roles + + // Delete form fn_menu_functional_roles sql = "DELETE FROM fn_menu_functional_roles WHERE role_id=" + roleId; logger.debug(EELFLoggerDelegate.debugLogger, "Executing query: " + sql); query = localSession.createSQLQuery(sql); query.executeUpdate(); - + } catch (Exception e) { - logger.debug(EELFLoggerDelegate.debugLogger, "deleteRoleDependeciesRecord failed " , e); - throw new Exception("delete Failed"+ e.getMessage()); + logger.debug(EELFLoggerDelegate.debugLogger, "deleteRoleDependeciesRecord: failed ", e); + throw new Exception("delete Failed" + e.getMessage()); } - + } - @SuppressWarnings("unchecked") @Override public List<String> getMenuFunctionsList(String uebkey) throws Exception { List<String> appMenuFunctionsList = null; - try{ - EPApp app = getApp(uebkey).get(0); - final Map<String, Long> appParams = new HashMap<>(); - appParams.put("appId", app.getId()); - appMenuFunctionsList = dataAccessService.executeNamedQuery("getMenuFunctions", appParams, null); - } catch(Exception e){ - logger.error(EELFLoggerDelegate.errorLogger, "Failed getMenuFunctionsList", e); + try { + EPApp app = getApp(uebkey).get(0); + final Map<String, Long> appParams = new HashMap<>(); + appParams.put(APP_ID, app.getId()); + appMenuFunctionsList = dataAccessService.executeNamedQuery("getMenuFunctions", appParams, null); + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, "getMenuFunctionsList: Failed", e); return appMenuFunctionsList; } return appMenuFunctionsList; diff --git a/ecomp-portal-BE-common/src/main/java/org/openecomp/portalapp/portal/service/UserRolesCommonServiceImpl.java b/ecomp-portal-BE-common/src/main/java/org/openecomp/portalapp/portal/service/UserRolesCommonServiceImpl.java index 7e7a55a1..d7aac633 100644 --- a/ecomp-portal-BE-common/src/main/java/org/openecomp/portalapp/portal/service/UserRolesCommonServiceImpl.java +++ b/ecomp-portal-BE-common/src/main/java/org/openecomp/portalapp/portal/service/UserRolesCommonServiceImpl.java @@ -435,7 +435,6 @@ public class UserRolesCommonServiceImpl { protected void syncAppRoles(SessionFactory sessionFactory, Long appId, EcompRole[] appRoles) throws Exception { logger.debug(EELFLoggerDelegate.debugLogger, "entering syncAppRoles for appId: " + appId); HashMap<Long, EcompRole> newRolesMap = hashMapFromEcompRoles(appRoles); - boolean result = false; Session localSession = null; Transaction transaction = null; @@ -467,21 +466,10 @@ public class UserRolesCommonServiceImpl { } } Collection<EcompRole> newRolesToAdd = newRolesMap.values(); - for (EcompRole role : newRolesToAdd) { - logger.debug(EELFLoggerDelegate.debugLogger, "about to add missing role: " + role.toString()); - EPRole newRole = new EPRole(); - // Attention! All roles from remote application supposed to be - // active! - newRole.setActive(true); - newRole.setName(role.getName()); - newRole.setAppId(appId); - newRole.setAppRoleId(role.getId()); - localSession.save(newRole); - } if (obsoleteRoles.size() > 0) { - logger.debug(EELFLoggerDelegate.debugLogger, "we have obsolete roles to delete"); + logger.debug(EELFLoggerDelegate.debugLogger, "syncAppRoles: we have obsolete roles to delete"); for (EPRole role : obsoleteRoles) { - logger.debug(EELFLoggerDelegate.debugLogger, "obsolete role: " + role.toString()); + logger.debug(EELFLoggerDelegate.debugLogger, "syncAppRoles: obsolete role: " + role.toString()); Long roleId = role.getId(); // delete obsolete roles here // Must delete all records with foreign key constraints on @@ -497,13 +485,13 @@ public class UserRolesCommonServiceImpl { "from " + EPUserApp.class.getName() + " where app.id=" + appId + " and role_id=" + roleId) .list(); - logger.debug(EELFLoggerDelegate.debugLogger, "number of userRoles to delete: " + userRoles.size()); + logger.debug(EELFLoggerDelegate.debugLogger, "syncAppRoles: number of userRoles to delete: " + userRoles.size()); for (EPUserApp userRole : userRoles) { logger.debug(EELFLoggerDelegate.debugLogger, - "about to delete userRole: " + userRole.toString()); + "syncAppRoles: about to delete userRole: " + userRole.toString()); localSession.delete(userRole); logger.debug(EELFLoggerDelegate.debugLogger, - "finished deleting userRole: " + userRole.toString()); + "syncAppRoles: finished deleting userRole: " + userRole.toString()); } // Delete from fn_menu_functional_roles @@ -513,7 +501,7 @@ public class UserRolesCommonServiceImpl { .list(); int numMenuRoles = funcMenuRoles.size(); logger.debug(EELFLoggerDelegate.debugLogger, - "number of funcMenuRoles for roleId: " + roleId + ": " + numMenuRoles); + "syncAppRoles: number of funcMenuRoles for roleId: " + roleId + ": " + numMenuRoles); for (FunctionalMenuRole funcMenuRole : funcMenuRoles) { Long menuId = funcMenuRole.menuId; // If this is the only role for this menu item, then the @@ -525,14 +513,14 @@ public class UserRolesCommonServiceImpl { .list(); int numMenuRoles2 = funcMenuRoles2.size(); logger.debug(EELFLoggerDelegate.debugLogger, - "number of funcMenuRoles for menuId: " + menuId + ": " + numMenuRoles2); + "syncAppRoles: number of funcMenuRoles for menuId: " + menuId + ": " + numMenuRoles2); localSession.delete(funcMenuRole); if (numMenuRoles2 == 1) { // If this is the only role for this menu item, then // the app and roles will be gone, // so must null out the url too, to be consistent logger.debug(EELFLoggerDelegate.debugLogger, - "There is exactly 1 menu item for this role, so emptying the url"); + "syncAppRoles: There is exactly 1 menu item for this role, so emptying the url"); @SuppressWarnings("unchecked") List<FunctionalMenuItem> funcMenuItems = localSession .createQuery( @@ -546,26 +534,33 @@ public class UserRolesCommonServiceImpl { } } } - externalAccessRolesService.deleteRoleDependeciesRecord(localSession, roleId); - logger.debug(EELFLoggerDelegate.debugLogger, "about to delete the role: " + role.toString()); + externalAccessRolesService.deleteRoleDependencyRecords(localSession, roleId, appId); + logger.debug(EELFLoggerDelegate.debugLogger, "syncAppRoles: about to delete the role: " + role.toString()); localSession.delete(role); - logger.debug(EELFLoggerDelegate.debugLogger, "deleted the role"); + logger.debug(EELFLoggerDelegate.debugLogger, "syncAppRoles: deleted the role"); } } - logger.debug(EELFLoggerDelegate.debugLogger, "about to commit the transaction"); + for (EcompRole role : newRolesToAdd) { + logger.debug(EELFLoggerDelegate.debugLogger, "syncAppRoles: about to add missing role: " + role.toString()); + EPRole newRole = new EPRole(); + // Attention! All roles from remote application supposed to be + // active! + newRole.setActive(true); + newRole.setName(role.getName()); + newRole.setAppId(appId); + newRole.setAppRoleId(role.getId()); + localSession.save(newRole); + } + logger.debug(EELFLoggerDelegate.debugLogger, "syncAppRoles: about to commit the transaction"); transaction.commit(); - logger.debug(EELFLoggerDelegate.debugLogger, "committed the transaction"); - result = true; + logger.debug(EELFLoggerDelegate.debugLogger, "syncAppRoles: committed the transaction"); } catch (Exception e) { EPLogUtil.logEcompError(logger, EPAppMessagesEnum.BeDaoSystemError, e); EcompPortalUtils.rollbackTransaction(transaction, - "Exception occurred in syncAppRoles, Details: " + EcompPortalUtils.getStackTrace(e)); + "syncAppRoles: Exception occurred in syncAppRoles, Details: " + EcompPortalUtils.getStackTrace(e)); + throw new Exception(e); } finally { localSession.close(); - if (!result) { - throw new Exception( - "Exception occurred in syncAppRoles while closing database session for app: '" + appId + "'."); - } } } @@ -867,7 +862,7 @@ public class UserRolesCommonServiceImpl { userRolesInLocalApp); List<RoleInAppForUser> roleAppUserList = rolesInAppForUser.roles; // Apply changes in external Access system - updateUserRolesInExternalSystem(app, rolesInAppForUser.orgUserId, roleAppUserList); + updateUserRolesInExternalSystem(app, rolesInAppForUser.orgUserId, roleAppUserList, epRequestValue); result = applyChangesInUserRolesForAppToEcompDB(rolesInAppForUser, epRequestValue, "Portal"); } // In case if portal is not centralized then follow existing approach @@ -915,143 +910,151 @@ public class UserRolesCommonServiceImpl { } return result; } - + /** + * It adds user roles in External system and also make data consistent in both local and in External System + * + * @param app details + * @param orgUserId + * @param roleInAppUser Contains list of active roles + */ @SuppressWarnings("unchecked") - private void updateUserRolesInExternalSystem(EPApp app, String orgUserId, List<RoleInAppForUser> roleInAppUser) - { - try{ - //check if user exists - final Map<String, String> userParams = new HashMap<>(); - userParams.put("orgUserIdValue", orgUserId); - List<EPUser> userInfo = checkIfUserExists(userParams); - if (userInfo.size() == 0 || userInfo.isEmpty()) { - createLocalUserIfNecessary(orgUserId); - } - final Map<String, String> loginIdParams = new HashMap<>(); - loginIdParams.put("orgUserIdValue", orgUserId); - EPUser user = (EPUser) dataAccessService.executeNamedQuery("epUserAppId", loginIdParams, null).get(0); - String name = ""; - if (EPCommonSystemProperties.containsProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_USER_DOMAIN)) { - name = orgUserId - + SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_USER_DOMAIN); - } - ObjectMapper mapper = new ObjectMapper(); - HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth() ; - HttpEntity<String> getUserRolesEntity = new HttpEntity<>(headers); - logger.debug(EELFLoggerDelegate.debugLogger, "Connecting to external system to get current user roles"); - ResponseEntity<String> getResponse = template - .exchange(SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) - + "roles/user/" + name, HttpMethod.GET, getUserRolesEntity, String.class); - if(getResponse.getStatusCode().value() == 200){ - logger.debug(EELFLoggerDelegate.debugLogger, "Connected to external system and received user roles: ", getResponse.getBody()); + private void updateUserRolesInExternalSystem(EPApp app, String orgUserId, List<RoleInAppForUser> roleInAppUser, boolean isPortalRequest) + { + try { + // check if user exists + final Map<String, String> userParams = new HashMap<>(); + userParams.put("orgUserIdValue", orgUserId); + List<EPUser> userInfo = checkIfUserExists(userParams); + if (userInfo.isEmpty()) { + createLocalUserIfNecessary(orgUserId); + } + String name = ""; + if (EPCommonSystemProperties + .containsProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_USER_DOMAIN)) { + name = orgUserId + + SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_USER_DOMAIN); + } + ObjectMapper mapper = new ObjectMapper(); + HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth(); + HttpEntity<String> getUserRolesEntity = new HttpEntity<>(headers); + logger.debug(EELFLoggerDelegate.debugLogger, "Connecting to external system to get current user roles"); + ResponseEntity<String> getResponse = template + .exchange(SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + + "roles/user/" + name, HttpMethod.GET, getUserRolesEntity, String.class); + if (getResponse.getStatusCode().value() == 200) { + logger.debug(EELFLoggerDelegate.debugLogger, "updateUserRolesInExternalSystem: Finished GET user roles from external system and received user roles {}", + getResponse.getBody()); - } - List<ExternalAccessUserRoleDetail> userRoleDetailList = new ArrayList<>(); - String res = getResponse.getBody(); - JSONObject jsonObj = null; - JSONArray extRoles = null; - if (!res.equals("{}")) { - jsonObj = new JSONObject(res); - extRoles = jsonObj.getJSONArray("role"); - } - ExternalAccessUserRoleDetail userRoleDetail = null; - if (extRoles != null) { - for (int i = 0; i < extRoles.length(); i++) { - if (extRoles.getJSONObject(i).getString("name").startsWith(app.getNameSpace() + ".") && !extRoles.getJSONObject(i).getString("name").equals(app.getNameSpace()+".admin") - && !extRoles.getJSONObject(i).getString("name").equals(app.getNameSpace()+".owner")) { - ObjectMapper descMapper = new ObjectMapper(); - if(extRoles.getJSONObject(i).has("description")){ - ExternalRoleDescription desc = descMapper.readValue( - extRoles.getJSONObject(i).getString("description"), ExternalRoleDescription.class); - userRoleDetail = new ExternalAccessUserRoleDetail(extRoles.getJSONObject(i).getString("name"), - desc); - userRoleDetailList.add(userRoleDetail); - }else{ - userRoleDetail = new ExternalAccessUserRoleDetail(extRoles.getJSONObject(i).getString("name"), - null); - userRoleDetailList.add(userRoleDetail); - } + } + List<ExternalAccessUserRoleDetail> userRoleDetailList = new ArrayList<>(); + String res = getResponse.getBody(); + JSONObject jsonObj = null; + JSONArray extRoles = null; + if (!res.equals("{}")) { + jsonObj = new JSONObject(res); + extRoles = jsonObj.getJSONArray("role"); + } + ExternalAccessUserRoleDetail userRoleDetail = null; + if (extRoles != null) { + for (int i = 0; i < extRoles.length(); i++) { + if (extRoles.getJSONObject(i).getString("name").startsWith(app.getNameSpace() + ".") + && !extRoles.getJSONObject(i).getString("name").equals(app.getNameSpace() + ".admin") + && !extRoles.getJSONObject(i).getString("name").equals(app.getNameSpace() + ".owner")) { + ObjectMapper descMapper = new ObjectMapper(); + if (extRoles.getJSONObject(i).has("description")) { + ExternalRoleDescription desc = descMapper.readValue( + extRoles.getJSONObject(i).getString("description"), ExternalRoleDescription.class); + userRoleDetail = new ExternalAccessUserRoleDetail( + extRoles.getJSONObject(i).getString("name"), desc); + userRoleDetailList.add(userRoleDetail); + } else { + userRoleDetail = new ExternalAccessUserRoleDetail( + extRoles.getJSONObject(i).getString("name"), null); + userRoleDetailList.add(userRoleDetail); + } + } } } - } - for (ExternalAccessUserRoleDetail userRole : userRoleDetailList) { - HttpEntity<String> entity = new HttpEntity<>(headers); - template.exchange(SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) - + "userRole/" + name + "/" + userRole.getName(), HttpMethod.DELETE, entity, String.class); - } - final Map<String, RoleInAppForUser> roleInAppUserMap = new HashMap<>(); - for(RoleInAppForUser roleInAppUserNew: roleInAppUser){ - roleInAppUserMap.put(roleInAppUserNew.getRoleName(), roleInAppUserNew); - } - final Map<String, Long> params = new HashMap<>(); - params.put("appId", app.getId()); - params.put("userId", user.getId()); - List<EcompUserAppRoles> userAppList = dataAccessService.executeNamedQuery("getUserAppExistingRoles", params, null); - // Check if incoming request has sys admin or account admin, if exists add in external system - if (!roleInAppUser.isEmpty()) { - for (EcompUserAppRoles userApp : userAppList) { - if ((userApp.getRoleId().equals(PortalConstants.SYS_ADMIN_ROLE_ID) - || userApp.getRoleId().equals(PortalConstants.ACCOUNT_ADMIN_ROLE_ID)) && !roleInAppUserMap.containsKey(userApp.getRoleName())) { - RoleInAppForUser addSpecialRole = new RoleInAppForUser(); - addSpecialRole.setIsApplied(true); - addSpecialRole.setRoleId(userApp.getRoleId()); - addSpecialRole.setRoleName(userApp.getRoleName()); - roleInAppUser.add(addSpecialRole); + // If request coming from portal not from external role approval system then we have to check if user already + // have account admin or system admin as GUI will not send these roles + if (!isPortalRequest) { + final Map<String, String> loginIdParams = new HashMap<>(); + loginIdParams.put("orgUserIdValue", orgUserId); + EPUser user = (EPUser) dataAccessService.executeNamedQuery("epUserAppId", loginIdParams, null).get(0); + final Map<String, Long> params = new HashMap<>(); + params.put("appId", app.getId()); + params.put("userId", user.getId()); + List<EcompUserAppRoles> userAppList = dataAccessService.executeNamedQuery("getUserAppExistingRoles", + params, null); + if (!roleInAppUser.isEmpty()) { + for (EcompUserAppRoles userApp : userAppList) { + if (userApp.getRoleId().equals(PortalConstants.SYS_ADMIN_ROLE_ID) + || userApp.getRoleId().equals(PortalConstants.ACCOUNT_ADMIN_ROLE_ID)) { + RoleInAppForUser addSpecialRole = new RoleInAppForUser(); + addSpecialRole.setIsApplied(true); + addSpecialRole.setRoleId(userApp.getRoleId()); + addSpecialRole.setRoleName(userApp.getRoleName()); + roleInAppUser.add(addSpecialRole); + } } } } - List<RoleInAppForUser> roleInAppUserNonDupls = roleInAppUser.stream().distinct().collect(Collectors.toList()); - for (RoleInAppForUser addRole : roleInAppUserNonDupls) { - ExternalAccessUser extUser = null; - if ((addRole.getRoleId().equals(PortalConstants.ACCOUNT_ADMIN_ROLE_ID)) - && !app.getId().equals(PortalConstants.PORTAL_APP_ID)) { - try{ - String extRole = app.getNameSpace()+"."+PortalConstants.ADMIN_ROLE.replaceAll(" ","_"); - HttpEntity<String> entity = new HttpEntity<>(headers); - logger.debug(EELFLoggerDelegate.debugLogger, "Connecting to External Access system"); - ResponseEntity<String> getRoleResponse = template.exchange( - SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "roles/"+extRole, - HttpMethod.GET, entity, String.class); - String extAdminRole = app.getNameSpace()+"."+PortalConstants.ADMIN_ROLE.replaceAll(" ", "_"); - if(getRoleResponse.getBody().equals("{}")){ - String addDesc = "{\"name\":\"" +extAdminRole+ "\"}"; - HttpEntity<String> roleEntity = new HttpEntity<>(addDesc,headers); - template.exchange( - SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "role", - HttpMethod.POST, roleEntity, String.class); - } - extUser = new ExternalAccessUser(name, - app.getNameSpace() + "." + PortalConstants.ADMIN_ROLE.replaceAll(" ", "_")); - } catch(Exception e){ - logger.error(EELFLoggerDelegate.errorLogger, "Failed to add admin role for application {} ",app.getId(),e); - continue; + List<RoleInAppForUser> roleInAppUserNonDupls = roleInAppUser.stream().distinct() + .collect(Collectors.toList()); + final Map<String, RoleInAppForUser> currentUserRolesToUpdate = new HashMap<>(); + for (RoleInAppForUser roleInAppUserNew : roleInAppUser) { + currentUserRolesToUpdate.put(roleInAppUserNew.getRoleName(), roleInAppUserNew); + } + final Map<String, ExternalAccessUserRoleDetail> currentUserRolesInExternalSystem = new HashMap<>(); + for (ExternalAccessUserRoleDetail extAccessUserRole : userRoleDetailList) { + currentUserRolesInExternalSystem.put(extAccessUserRole.getName(), extAccessUserRole); + } + // Check if roles does not exists in local but still there in External Central Auth System delete them all + for (ExternalAccessUserRoleDetail userRole : userRoleDetailList) { + if (!(currentUserRolesToUpdate + .containsKey(userRole.getName().substring(app.getNameSpace().length() + 1).replaceAll("_", " ")) + || currentUserRolesToUpdate + .containsKey(userRole.getName().substring(app.getNameSpace().length() + 1)))) { + HttpEntity<String> entity = new HttpEntity<>(headers); + logger.debug(EELFLoggerDelegate.debugLogger, + "updateUserRolesInExternalSystem: Connecting to external system to DELETE user role {}", + userRole); + ResponseEntity<String> deleteResponse = template.exchange( + SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + + "userRole/" + name + "/" + userRole.getName(), + HttpMethod.DELETE, entity, String.class); + logger.debug(EELFLoggerDelegate.debugLogger, + "updateUserRolesInExternalSystem: Finished DELETE operation in external system for user role {} and the response is {}", + userRole, deleteResponse.getBody()); } - } else { - extUser = new ExternalAccessUser(name, - app.getNameSpace() + "." + addRole.getRoleName().replaceAll(" ", "_")); } - // Assign user role for an application in external access system - String userRole = mapper.writeValueAsString(extUser); - HttpEntity<String> entity = new HttpEntity<>(userRole, headers); - if (addRole.getIsApplied()) { - logger.debug(EELFLoggerDelegate.debugLogger, "Connecting to external system and adding user role", - addRole.getRoleName()); - ResponseEntity<String> addResponse = template.exchange( - SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "userRole", - HttpMethod.POST, entity, String.class); - logger.debug(EELFLoggerDelegate.debugLogger, "Connected to external system and added user role", - getResponse.getBody(), addRole.getRoleName()); - if (addResponse.getStatusCode().value() != 201) { + // Check if user roles does not exists in External Central Auth System add them all + for (RoleInAppForUser addUserRole : roleInAppUserNonDupls) { + if (!(currentUserRolesInExternalSystem + .containsKey(app.getNameSpace() + "." + addUserRole.getRoleName().replaceAll(" ", "_")))) { + ExternalAccessUser extUser = new ExternalAccessUser(name, + app.getNameSpace() + "." + addUserRole.getRoleName().replaceAll(" ", "_")); + String formattedUserRole = mapper.writeValueAsString(extUser); + HttpEntity<String> entity = new HttpEntity<>(formattedUserRole, headers); + logger.debug(EELFLoggerDelegate.debugLogger, "updateUserRolesInExternalSystem: Connecting to external system and adding user role", + addUserRole.getRoleName()); + ResponseEntity<String> addResponse = template + .exchange(SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + + "userRole", HttpMethod.POST, entity, String.class); logger.debug(EELFLoggerDelegate.debugLogger, - "Connected to external system unable to save user role", getResponse.getBody(), - addRole.getRoleName()); - throw new Exception("Failed to add user role for application"); + "updateUserRolesInExternalSystem: Finished adding user role in external system {} and added user role {}", + getResponse.getBody(), addUserRole.getRoleName()); + if (addResponse.getStatusCode().value() != 201 && addResponse.getStatusCode().value() != 404) { + logger.debug(EELFLoggerDelegate.debugLogger, + "Finished POST operation in external system but unable to save user role", getResponse.getBody(), + addUserRole.getRoleName()); + throw new Exception(addResponse.getBody()); + } } } - } - }catch(Exception e){ - logger.error(EELFLoggerDelegate.errorLogger, "Failed to add user role for application {}", app.getId(),e); + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, "updateUserRolesInExternalSystem: Failed to add user role for application {} due to {}", app.getId(), e); } } @@ -1272,20 +1275,22 @@ public class UserRolesCommonServiceImpl { .executeNamedQuery("userAppRolesRequestList", params, null); epRequestIdSize = epRequestId.size(); } + + //If Non-Centralized app make sure you sync app roles before assigning to user if(!app.getId().equals(PortalConstants.PORTAL_APP_ID) && !app.getCentralAuth()){ EcompRole[] appRoles = applicationsRestClientService.get(EcompRole[].class, app.getId(), "/roles"); syncAppRoles(sessionFactory, app.getId(), appRoles); } - List<RoleInAppForUser> roleInAppForUserList = roleInAppForUserList(newAppRolesForUser.getRoles(), app.getId(), app.getMlAppName()); List<EcompUserAppRoles> userRoleList = null; - if(userId != null){ + if(!userInfo.isEmpty()){ final Map<String, Long> appParams = new HashMap<>(); appParams.put("userId", userId.getId()); appParams.put("appId", app.getId()); userRoleList = dataAccessService.executeNamedQuery("getUserAppExistingRoles", appParams, null); } + // Check if list contains just account admin role boolean checkIfAdminRoleExists = false; if (reqType.equals("DELETE")) { checkIfAdminRoleExists = userRoleList.stream() @@ -1298,8 +1303,9 @@ public class UserRolesCommonServiceImpl { if (app.getCentralAuth()) { // We should add If user does not exist in remote application try { - if (!(!app.getId().equals(PortalConstants.PORTAL_APP_ID) && checkIfAdminRoleExists - && (roleInAppForUserList.size() == 1 || reqType.equals("DELETE")))) { + // If adding just account admin role dont make remote application user call + if (!app.getId().equals(PortalConstants.PORTAL_APP_ID) && !(checkIfAdminRoleExists + && reqType.equals("DELETE")) && roleInAppForUserList.size() > 1) { EPUser remoteAppUser = null; remoteAppUser = checkIfRemoteUserExits(userId.getOrgUserId(), app, applicationsRestClientService); @@ -1311,7 +1317,7 @@ public class UserRolesCommonServiceImpl { } } catch (Exception e) { reqMessage = e.getMessage(); - logger.error(EELFLoggerDelegate.errorLogger, "Failed to added remote user", e); + logger.error(EELFLoggerDelegate.errorLogger, "setExternalRequestUserAppRole: Failed to added remote user", e); throw new Exception(reqMessage); } Set<EcompRole> userRolesInLocalApp = postUsersRolesToLocalApp(roleInAppForUserList, mapper, @@ -1320,8 +1326,8 @@ public class UserRolesCommonServiceImpl { userRolesInLocalApp); List<RoleInAppForUser> roleAppUserList = rolesInAppForUser.roles; // Apply changes in external Access system - updateUserRolesInExternalSystem(app, rolesInAppForUser.orgUserId, roleAppUserList); - logger.info(EELFLoggerDelegate.debugLogger, "{} user app roles: for app {}, user {}", logMessage, + updateUserRolesInExternalSystem(app, rolesInAppForUser.orgUserId, roleAppUserList, externalSystemRequest); + logger.info(EELFLoggerDelegate.debugLogger, "setExternalRequestUserAppRole: {} user app roles: for app {}, user {}", logMessage, newAppRolesForUser.getApplicationName(), newAppRolesForUser.getLoginId()); result = applyChangesInUserRolesForAppToEcompDB(rolesInAppForUser, externalSystemRequest, reqType); } @@ -1333,7 +1339,7 @@ public class UserRolesCommonServiceImpl { userRolesInLocalApp); result = applyChangesInUserRolesForAppToEcompDB(rolesInAppForUser, externalSystemRequest, reqType); } else {// remote app - + // If adding just account admin role don't do remote application user call if(!((roleInAppForUserList.size() == 1 || reqType.equals("DELETE")) && checkIfAdminRoleExists)){ EPUser remoteAppUser = null; remoteAppUser = checkIfRemoteUserExits(userId.getOrgUserId(), app, applicationsRestClientService); @@ -1347,7 +1353,7 @@ public class UserRolesCommonServiceImpl { RolesInAppForUser rolesInAppForUser = constructRolesInAppForUserUpdate(orgUserId, app.getId(), userRolesInRemoteApp); - logger.info(EELFLoggerDelegate.debugLogger, "{} user app roles: for app {}, user {}", + logger.info(EELFLoggerDelegate.debugLogger, "setExternalRequestUserAppRole: {} user app roles: for app {}, user {}", logMessage, newAppRolesForUser.getApplicationName(), newAppRolesForUser.getLoginId()); result = applyChangesInUserRolesForAppToEcompDB(rolesInAppForUser, externalSystemRequest, @@ -1363,14 +1369,15 @@ public class UserRolesCommonServiceImpl { }*/ } } else { - if(!(reqType.equals("DELETE") && userId == null)){ + // Here we are adding only we have single account admin in roleInAppForUserList and this should not add in remote + if(!(reqType.equals("DELETE")) && userInfo.isEmpty()){ reqMessage = "Saved Successfully"; } Set<EcompRole> userRolesInRemoteApp = constructUsersEcompRoles(roleInAppForUserList); RolesInAppForUser rolesInAppForUser = constructRolesInAppForUserUpdate(orgUserId, app.getId(), userRolesInRemoteApp); - logger.info(EELFLoggerDelegate.debugLogger, "{} user app roles: for app {}, user {}", + logger.info(EELFLoggerDelegate.debugLogger, "setExternalRequestUserAppRole: {} user app roles: for app {}, user {}", logMessage, newAppRolesForUser.getApplicationName(), newAppRolesForUser.getLoginId()); result = applyChangesInUserRolesForAppToEcompDB(rolesInAppForUser, externalSystemRequest, reqType); @@ -1384,7 +1391,7 @@ public class UserRolesCommonServiceImpl { } } } catch (Exception e) { - String message = String.format("Failed to create user or update user roles for User %s, AppId %s", + String message = String.format("setExternalRequestUserAppRole: Failed to create user or update user roles for User %s, AppId %s", orgUserId, appName); logger.error(EELFLoggerDelegate.errorLogger, message, e); result = false; @@ -1547,6 +1554,8 @@ public class UserRolesCommonServiceImpl { EcompRole[] appRoles = null; List<EcompRole> roles = new ArrayList<>(); if(app.getCentralAuth()){ + //Sync application roles from External Access System + externalAccessRolesService.syncApplicationRolesWithEcompDB(app); List<EPRole> applicationRoles = dataAccessService.getList(EPRole.class, " where app_id = "+app.getId()+ " and active_yn = 'Y'", null, null);; for(EPRole role : applicationRoles){ EcompRole ecompRole = new EcompRole(); |