1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
|
/*
* ============LICENSE_START==========================================
* ONAP Portal
* ===================================================================
* Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
* ===================================================================
* Modifications Copyright (c) 2019 Samsung
* ===================================================================
*
* Unless otherwise specified, all software contained herein is licensed
* under the Apache License, Version 2.0 (the "License");
* you may not use this software except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* Unless otherwise specified, all documentation contained herein is licensed
* under the Creative Commons License, Attribution 4.0 Intl. (the "License");
* you may not use this documentation except in compliance with the License.
* You may obtain a copy of the License at
*
* https://creativecommons.org/licenses/by/4.0/
*
* Unless required by applicable law or agreed to in writing, documentation
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* ============LICENSE_END============================================
*
*
*/
package org.onap.portal.service;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.persistence.EntityManager;
import org.onap.portal.domain.db.fn.FnRole;
import org.onap.portal.domain.db.fn.FnUser;
import org.onap.portal.domain.db.fn.FnUserRole;
import org.onap.portal.domain.dto.ecomp.UserRole;
import org.onap.portal.logging.format.EPAppMessagesEnum;
import org.onap.portal.logging.logic.EPLogUtil;
import org.onap.portal.service.fn.FnUserService;
import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
@Service
public class AdminRolesService {
private EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(AdminRolesService.class);
private final Long SYS_ADMIN_ROLE_ID = 1L;
private final Long ACCOUNT_ADMIN_ROLE_ID = 999L;
private final Long ECOMP_APP_ID = 1L;
private final String ADMIN_ACCOUNT= "Is account admin for user {}";
private final EntityManager entityManager;
private final FnUserService fnUserService;
@Autowired
public AdminRolesService(final EntityManager entityManager,
FnUserService fnUserService) {
this.entityManager = entityManager;
this.fnUserService = fnUserService;
}
public boolean isSuperAdmin(FnUser user) {
if ((user != null) && (user.getOrgUserId() != null)) {
String sql = "SELECT user.USER_ID, user.org_user_id, userrole.ROLE_ID, userrole.APP_ID FROM fn_user_role userrole "
+ "INNER JOIN fn_user user ON user.USER_ID = userrole.USER_ID " + "WHERE user.org_user_id = '"
+ user.getOrgUserId() + "' " + "AND userrole.ROLE_ID = '" + SYS_ADMIN_ROLE_ID + "' "
+ "AND userrole.APP_ID = '" + ECOMP_APP_ID + "';";
try {
List userRoleList = entityManager.createNativeQuery(sql, UserRole.class).getResultList();
if (userRoleList != null && userRoleList.size() > 0) {
return true;
}
} catch (Exception e) {
EPLogUtil.logEcompError(logger, EPAppMessagesEnum.BeDaoSystemError, e);
logger.error(EELFLoggerDelegate.errorLogger,
"Exception occurred while executing isSuperAdmin operation", e);
}
}
return false;
}
public boolean isAccountAdmin(FnUser user) {
try {
final Map<String, Long> userParams = new HashMap<>();
userParams.put("userId", user.getId());
logger.debug(EELFLoggerDelegate.debugLogger, ADMIN_ACCOUNT, user.getId());
List<Integer> userAdminApps;
String query = "select fa.app_id from fn_user_role ur,fn_app fa where ur.user_id =:userId and ur.app_id=fa.app_id and ur.role_id= 999 and (fa.enabled = 'Y' || fa.app_id=1)";
userAdminApps = entityManager.createQuery(query, Integer.class).setParameter("userId", user.getId()).getResultList();
logger.debug(EELFLoggerDelegate.debugLogger, "Is account admin for userAdminApps() - for user {}, found userAdminAppsSize {}", user.getOrgUserId(), userAdminApps.size());
if (user.getId() != null) {
for (FnUserRole userApp : user.getFnUserRoles()) {
if (userApp.getRoleId().getId().equals(ACCOUNT_ADMIN_ROLE_ID)||(userAdminApps.size()>1)) {
logger.debug(EELFLoggerDelegate.debugLogger, "Is account admin for userAdminApps() - for user {}, found Id {}", user.getOrgUserId(), userApp.getRoleId().getId());
return true;
}
}
}
} catch (Exception e) {
EPLogUtil.logEcompError(logger, EPAppMessagesEnum.BeDaoSystemError, e);
logger.error(EELFLoggerDelegate.errorLogger, "Exception occurred while executing isAccountAdmin operation",
e);
}
return false;
}
public boolean isUser(FnUser user) {
try {
FnUser currentUser = fnUserService.getUser(user.getId()).orElseThrow(Exception::new);
if (currentUser != null && currentUser.getId() != null) {
for (FnUserRole userApp : currentUser.getFnUserRoles()) {
if (!userApp.getAppId().getId().equals(ECOMP_APP_ID)) {
FnRole role = userApp.getRoleId();
if (!role.getId().equals(SYS_ADMIN_ROLE_ID) && !role.getId().equals(ACCOUNT_ADMIN_ROLE_ID)) {
if (role.getActiveYn()) {
return true;
}
}
}
}
}
} catch (Exception e) {
EPLogUtil.logEcompError(logger, EPAppMessagesEnum.BeDaoSystemError, e);
logger.error(EELFLoggerDelegate.errorLogger, "Exception occurred while executing isUser operation", e);
}
return false;
}
}
|
