Global Read only role, Support VID specific Roles

Issue-ID: VID-46 , VID-47 Change-Id: Ib100d20ac40a65d39e27a6e2741b19a173a2b8ea Signed-off-by: Ofir Sonsino <os0695@att.com>
author: Ofir Sonsino <os0695@att.com> 2017-09-20 13:20:42 +0300
committer: Ofir Sonsino <os0695@att.com> 2017-09-20 13:37:03 +0300
commit: 9dfd7e28c1eb348fcb4a2de8c6faae2a01b34942 (patch)
tree: c273862f59b0b64c19ccfea5f59ab574071cb323 /vid-app-common/src/main/java/org/openecomp/vid/roles
parent: c3722d135481cfab5978c84853d8229d1e7d9cb3 (diff)
4 files changed, 172 insertions, 0 deletions
diff --git a/vid-app-common/src/main/java/org/openecomp/vid/roles/EcompRole.java b/vid-app-common/src/main/java/org/openecomp/vid/roles/EcompRole.java
new file mode 100644
index 00000000..5242f5aa
--- /dev/null
+++ b/vid-app-common/src/main/java/org/openecomp/vid/roles/EcompRole.java
@@ -0,0 +1,5 @@
+package org.openecomp.vid.roles;
+
+public enum EcompRole {
+	READ;
+}
diff --git a/vid-app-common/src/main/java/org/openecomp/vid/roles/Role.java b/vid-app-common/src/main/java/org/openecomp/vid/roles/Role.java
new file mode 100644
index 00000000..d4ded530
--- /dev/null
+++ b/vid-app-common/src/main/java/org/openecomp/vid/roles/Role.java
@@ -0,0 +1,48 @@
+package org.openecomp.vid.roles;
+
+
+/**
+ * Created by Oren on 7/1/17.
+ */
+public class Role {
+
+    private EcompRole ecompRole;
+
+    private String subscribeName;
+
+    private String serviceType;
+
+    private String tenant;
+
+    public Role(EcompRole ecompRole, String serviceName, String serviceType, String tenant) {
+        this.ecompRole = ecompRole;
+        this.subscribeName = serviceName;
+        this.serviceType = serviceType;
+        this.tenant = tenant;
+    }
+
+    public EcompRole getEcompRole() {
+        return ecompRole;
+    }
+
+
+    public String getSubscribeName() {
+        return subscribeName;
+    }
+
+    public void setSubscribeName(String subscribeName) {
+        this.subscribeName = subscribeName;
+    }
+
+    public String getServiceType() {
+        return serviceType;
+    }
+
+
+    public String getTenant() {
+        return tenant;
+    }
+
+
+
+}
diff --git a/vid-app-common/src/main/java/org/openecomp/vid/roles/RoleProvider.java b/vid-app-common/src/main/java/org/openecomp/vid/roles/RoleProvider.java
new file mode 100644
index 00000000..99645a10
--- /dev/null
+++ b/vid-app-common/src/main/java/org/openecomp/vid/roles/RoleProvider.java
@@ -0,0 +1,62 @@
+package org.openecomp.vid.roles;
+
+import org.openecomp.portalsdk.core.logging.logic.EELFLoggerDelegate;
+import org.openecomp.portalsdk.core.web.support.UserUtils;
+
+import javax.servlet.http.HttpServletRequest;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+
+/**
+ * Created by Oren on 7/1/17.
+ */
+public class RoleProvider {
+
+    private static final EELFLoggerDelegate LOG = EELFLoggerDelegate.getLogger(RoleProvider.class);
+    final String readPermissionString = "read";
+
+    public static List<String> extractRoleFromSession(HttpServletRequest request) {
+
+        return new ArrayList<String>();
+
+    }
+
+    public List<Role> getUserRoles(HttpServletRequest request) {
+        List<Role> roleList = new ArrayList<>();
+        HashMap roles = UserUtils.getRoles(request);
+        for (Object role : roles.keySet()) {
+            org.openecomp.portalsdk.core.domain.Role sdkRol = (org.openecomp.portalsdk.core.domain.Role) roles.get(role);
+            try {
+                if (sdkRol.getName().contains(readPermissionString))
+                    continue;
+                String[] roleParts = splitRole((sdkRol.getName()));
+                roleList.add(createRoleFromStringArr(roleParts));
+            } catch (Exception e) {
+                LOG.error("Failed to parse permission", e);
+
+            }
+        }
+
+        return roleList;
+    }
+
+    public String[] splitRole(String roleAsString) {
+        return roleAsString.split("_");
+    }
+
+    public boolean userPermissionIsReadOnly(List<Role> roles) {
+
+        return (!(roles.size() > 0));
+    }
+
+    public Role createRoleFromStringArr(String[] roleParts) {
+        if (roleParts.length > 2) {
+            return new Role(EcompRole.READ, roleParts[0], roleParts[1], roleParts[2]);
+        } else {
+            return new Role(EcompRole.READ, roleParts[0], roleParts[1], null);
+        }
+    }
+
+}
+
diff --git a/vid-app-common/src/main/java/org/openecomp/vid/roles/RoleValidator.java b/vid-app-common/src/main/java/org/openecomp/vid/roles/RoleValidator.java
new file mode 100644
index 00000000..e26c5231
--- /dev/null
+++ b/vid-app-common/src/main/java/org/openecomp/vid/roles/RoleValidator.java
@@ -0,0 +1,57 @@
+package org.openecomp.vid.roles;
+
+import org.openecomp.vid.mso.rest.RequestDetails;
+
+import java.util.List;
+import java.util.Map;
+
+/**
+ * Created by Oren on 7/12/17.
+ */
+public class RoleValidator {
+
+    private List<Role> userRoles;
+
+    public RoleValidator(List<Role> roles) {
+        this.userRoles = roles;
+    }
+
+    public boolean isSubscriberPermitted(String subscriberName) {
+        for (Role role : userRoles) {
+            if (role.getSubscribeName().equals(subscriberName))
+                return true;
+        }
+        return false;
+    }
+
+    public boolean isServicePermitted(String subscriberName, String serviceType) {
+        for (Role role : userRoles) {
+            if (role.getSubscribeName().equals(subscriberName) && role.getServiceType().equals(serviceType))
+                return true;
+        }
+        return false;
+    }
+
+    public boolean isMsoRequestValid(RequestDetails mso_request) {
+        try {
+            String globalSubscriberIdRequested = (String) ((Map) ((Map) mso_request.getAdditionalProperties().get("requestDetails")).get("subscriberInfo")).get("globalSubscriberId");
+            String serviceType = (String) ((Map) ((Map) mso_request.getAdditionalProperties().get("requestDetails")).get("requestParameters")).get("subscriptionServiceType");
+            return isServicePermitted(globalSubscriberIdRequested, serviceType);
+        } catch (Exception e) {
+            //Until we'll get the exact information regarding the tenants and the global customer id, we'll return true on unknown requests to mso
+            return true;
+        }
+//        return false;
+    }
+
+    public boolean isTenantPermitted(String globalCustomerId, String serviceType, String tenant) {
+        for (Role role : userRoles) {
+            if (role.getSubscribeName().equals(globalCustomerId)
+                    && role.getServiceType().equals(serviceType)
+                    && (role.getTenant() == null || role.getTenant().equals(tenant))) {
+                return true;
+            }
+        }
+        return false;
+    }
+}
author	Ofir Sonsino <os0695@att.com>	2017-09-20 13:20:42 +0300
committer	Ofir Sonsino <os0695@att.com>	2017-09-20 13:37:03 +0300
commit	9dfd7e28c1eb348fcb4a2de8c6faae2a01b34942 (patch)
tree	c273862f59b0b64c19ccfea5f59ab574071cb323 /vid-app-common/src/main/java/org/openecomp/vid/roles
parent	c3722d135481cfab5978c84853d8229d1e7d9cb3 (diff)