Introduce WithPermissionProperties as validation-points for RoleValidator

Issue-ID: VID-758 Change-Id: Id8f1f6faeb10a92cf20ca9a17879bc7e745526b0 Signed-off-by: Einat Vinouze <einat.vinouze@intl.att.com> Signed-off-by: Ittay Stern <ittay.stern@att.com>
author: Einat Vinouze <einat.vinouze@intl.att.com> 2020-01-27 15:49:13 +0200
committer: Ittay Stern <ittay.stern@att.com> 2020-01-28 07:27:01 +0200
commit: e95a7b89aaac965e89d96eba59968a351cb77f40 (patch)
tree: 85206d342637697a3611195bf6135d123c0a3cee /vid-app-common/src/main/java
parent: 79a8f61035752620b50a0fb42d98361f21962cd9 (diff)
9 files changed, 79 insertions, 57 deletions
diff --git a/vid-app-common/src/main/java/org/onap/vid/controller/AaiController2.java b/vid-app-common/src/main/java/org/onap/vid/controller/AaiController2.java
index 6431282e7..dcbd9b9e4 100644
--- a/vid-app-common/src/main/java/org/onap/vid/controller/AaiController2.java
+++ b/vid-app-common/src/main/java/org/onap/vid/controller/AaiController2.java
@@ -33,6 +33,7 @@ import org.onap.vid.model.aaiTree.Network;
 import org.onap.vid.model.aaiTree.RelatedVnf;
 import org.onap.vid.model.aaiTree.VpnBinding;
 import org.onap.vid.properties.Features;
+import org.onap.vid.roles.PermissionProperties;
 import org.onap.vid.roles.RoleProvider;
 import org.onap.vid.services.AaiService;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -94,7 +95,7 @@ public class AaiController2 extends VidRestrictedBaseController {
 
         final boolean isEditPermitted = roleProvider
                 .getUserRolesValidator(request)
-                .isServicePermitted(subscriberId, serviceType);
+                .isServicePermitted(new PermissionProperties(subscriberId, serviceType));
 
         return new Permissions(isEditPermitted);
     }
diff --git a/vid-app-common/src/main/java/org/onap/vid/controller/AsyncInstantiationController.java b/vid-app-common/src/main/java/org/onap/vid/controller/AsyncInstantiationController.java
index 6c8a37262..4b03ea4d9 100644
--- a/vid-app-common/src/main/java/org/onap/vid/controller/AsyncInstantiationController.java
+++ b/vid-app-common/src/main/java/org/onap/vid/controller/AsyncInstantiationController.java
@@ -33,7 +33,9 @@ import org.onap.vid.model.ServiceInfo;
 import org.onap.vid.model.serviceInstantiation.ServiceInstantiation;
 import org.onap.vid.mso.MsoResponseWrapper2;
 import org.onap.vid.properties.Features;
+import org.onap.vid.roles.PermissionProperties;
 import org.onap.vid.roles.RoleProvider;
+import org.onap.vid.roles.RoleValidator;
 import org.onap.vid.services.AsyncInstantiationBusinessLogic;
 import org.onap.vid.services.AuditService;
 import org.onap.vid.utils.SystemPropertiesWrapper;
@@ -165,8 +167,11 @@ public class AsyncInstantiationController extends VidRestrictedBaseController {
     }
 
     private void throwExceptionIfAccessDenied(ServiceInstantiation request, HttpServletRequest httpServletRequest, String userId) {
-        if (featureManager.isActive(Features.FLAG_1906_INSTANTIATION_API_USER_VALIDATION) && !roleProvider.getUserRolesValidator(httpServletRequest).isServicePermitted(request.getGlobalSubscriberId(), request.getSubscriptionServiceType())) {
-            throw new AccessDeniedException(String.format("User %s is not allowed to make this request", userId));
+        if (featureManager.isActive(Features.FLAG_1906_INSTANTIATION_API_USER_VALIDATION)) {
+            RoleValidator roleValidator = roleProvider.getUserRolesValidator(httpServletRequest);
+            if (!roleValidator.isServicePermitted(new PermissionProperties(request.getGlobalSubscriberId(), request.getSubscriptionServiceType()))) {
+                throw new AccessDeniedException(String.format("User %s is not allowed to make this request", userId));
+            }
         }
     }
 }
diff --git a/vid-app-common/src/main/java/org/onap/vid/model/ServiceInstanceSearchResult.java b/vid-app-common/src/main/java/org/onap/vid/model/ServiceInstanceSearchResult.java
index 259405c4e..01cc11d95 100644
--- a/vid-app-common/src/main/java/org/onap/vid/model/ServiceInstanceSearchResult.java
+++ b/vid-app-common/src/main/java/org/onap/vid/model/ServiceInstanceSearchResult.java
@@ -20,11 +20,17 @@
 
 package org.onap.vid.model;
 
-public class ServiceInstanceSearchResult {
+import com.fasterxml.jackson.annotation.JsonProperty;
+import org.apache.commons.lang3.StringUtils;
+import org.onap.vid.roles.WithPermissionProperties;
+
+public class ServiceInstanceSearchResult implements WithPermissionProperties {
+
+	private final String SUBSCRIBER_ID_FRONTEND_ALIAS = "globalCustomerId";
 
 	private String serviceInstanceId;
 
-	private String globalCustomerId;
+	private String subscriberId;
 
 	private String serviceType;
 
@@ -39,13 +45,13 @@ public class ServiceInstanceSearchResult {
 	private boolean isPermitted;
 
 	public ServiceInstanceSearchResult(){
-
 	}
-	public ServiceInstanceSearchResult(String serviceInstanceId, String globalCustomerId, String serviceType,
+	
+	public ServiceInstanceSearchResult(String serviceInstanceId, String subscriberId, String serviceType,
 									   String serviceInstanceName, String subscriberName, String aaiModelInvariantId,
 									   String aaiModelVersionId, boolean isPermitted) {
 		this.serviceInstanceId = serviceInstanceId;
-		this.globalCustomerId = globalCustomerId;
+		this.subscriberId = subscriberId;
 		this.serviceType = serviceType;
 		this.serviceInstanceName = serviceInstanceName;
 		this.subscriberName = subscriberName;
@@ -62,14 +68,17 @@ public class ServiceInstanceSearchResult {
 		this.serviceInstanceId = serviceInstanceId;
 	}
 
-	public String getGlobalCustomerId() {
-		return globalCustomerId;
+	@Override
+	@JsonProperty(SUBSCRIBER_ID_FRONTEND_ALIAS)
+	public String getSubscriberId() {
+		return subscriberId;
 	}
 
-	public void setGlobalCustomerId(String globalCustomerId) {
-		this.globalCustomerId = globalCustomerId;
+	public void setSubscriberId(String subscriberId) {
+		this.subscriberId = subscriberId;
 	}
 
+	@Override
 	public String getServiceType() {
 		return serviceType;
 	}
@@ -119,21 +128,21 @@ public class ServiceInstanceSearchResult {
 	}
 
 	@Override
-	public boolean equals(Object other){
-		if (other instanceof ServiceInstanceSearchResult) {
-			ServiceInstanceSearchResult serviceInstanceSearchResultOther = (ServiceInstanceSearchResult) other;
-			if (this.getServiceInstanceId().equals(serviceInstanceSearchResultOther.getServiceInstanceId())) {
-				return true;
-			}
+	public boolean equals(Object o) {
+		if (this == o) {
+			return true;
+		}
+		if (o == null || getClass() != o.getClass()) {
+			return false;
 		}
-		return false;
 
+		ServiceInstanceSearchResult that = (ServiceInstanceSearchResult) o;
+
+		return StringUtils.equals(serviceInstanceId, that.serviceInstanceId);
 	}
 
 	@Override
 	public int hashCode() {
-		int result = 17;
-		result = 31 * result + serviceInstanceId.hashCode();
-		return result;
+		return serviceInstanceId != null ? serviceInstanceId.hashCode() : 0;
 	}
 }
diff --git a/vid-app-common/src/main/java/org/onap/vid/roles/AlwaysValidRoleValidator.java b/vid-app-common/src/main/java/org/onap/vid/roles/AlwaysValidRoleValidator.java
index 4e5340fc2..e12f5403f 100644
--- a/vid-app-common/src/main/java/org/onap/vid/roles/AlwaysValidRoleValidator.java
+++ b/vid-app-common/src/main/java/org/onap/vid/roles/AlwaysValidRoleValidator.java
@@ -32,7 +32,7 @@ public class AlwaysValidRoleValidator implements RoleValidator {
     }
 
     @Override
-    public boolean isServicePermitted(String subscriberName, String serviceType) {
+    public boolean isServicePermitted(WithPermissionProperties permissionProperties) {
         return true;
     }
 
diff --git a/vid-app-common/src/main/java/org/onap/vid/roles/PermissionProperties.kt b/vid-app-common/src/main/java/org/onap/vid/roles/PermissionProperties.kt
new file mode 100644
index 000000000..f62b98aef
--- /dev/null
+++ b/vid-app-common/src/main/java/org/onap/vid/roles/PermissionProperties.kt
@@ -0,0 +1,17 @@
+package org.onap.vid.roles
+
+import org.onap.vid.aai.ServiceSubscription
+
+
+interface WithPermissionProperties {
+    val subscriberId: String?
+    val serviceType: String?
+}
+
+data class PermissionProperties(
+        override val subscriberId: String,
+        override val serviceType: String
+) : WithPermissionProperties {
+    constructor(serviceSubscription: ServiceSubscription, subscriberId: String) : this(subscriberId, serviceSubscription.serviceType)
+}
+
diff --git a/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidator.java b/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidator.java
index f0ee26b0b..4ad168c4f 100644
--- a/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidator.java
+++ b/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidator.java
@@ -40,7 +40,7 @@ public interface RoleValidator {
 
     boolean isSubscriberPermitted(String subscriberName);
 
-    boolean isServicePermitted(String subscriberName, String serviceType);
+    boolean isServicePermitted(WithPermissionProperties serviceInstanceSearchResult);
 
     boolean isTenantPermitted(String globalCustomerId, String serviceType, String tenantName);
 }
diff --git a/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidatorByOwningEntity.java b/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidatorByOwningEntity.java
index e615c1302..726567cc6 100644
--- a/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidatorByOwningEntity.java
+++ b/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidatorByOwningEntity.java
@@ -33,7 +33,7 @@ public class RoleValidatorByOwningEntity implements RoleValidator{
     }
 
     @Override
-    public boolean isServicePermitted(String subscriberName, String serviceType) {
+    public boolean isServicePermitted(WithPermissionProperties permissionProperties) {
         return false;
     }
 
diff --git a/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidatorBySubscriberAndServiceType.java b/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidatorBySubscriberAndServiceType.java
index 244610c89..95d8a1627 100644
--- a/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidatorBySubscriberAndServiceType.java
+++ b/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidatorBySubscriberAndServiceType.java
@@ -21,8 +21,6 @@
 package org.onap.vid.roles;
 
 import java.util.List;
-import java.util.Map;
-import org.onap.vid.mso.rest.RequestDetails;
 
 public class RoleValidatorBySubscriberAndServiceType implements RoleValidator {
 
@@ -43,9 +41,9 @@ public class RoleValidatorBySubscriberAndServiceType implements RoleValidator {
     }
 
     @Override
-    public boolean isServicePermitted(String subscriberName, String serviceType) {
+    public boolean isServicePermitted(WithPermissionProperties permissionProperties) {
         for (Role role : userRoles) {
-            if (role.getSubscribeName().equals(subscriberName) && role.getServiceType().equals(serviceType)) {
+            if (role.getSubscribeName().equals(permissionProperties.getSubscriberId()) && role.getServiceType().equals(permissionProperties.getServiceType())) {
                 return true;
             }
         }
@@ -64,17 +62,4 @@ public class RoleValidatorBySubscriberAndServiceType implements RoleValidator {
         return false;
     }
 
-    boolean isMsoRequestValid(RequestDetails msoRequest) {
-        try {
-            String globalSubscriberIdRequested = (String) ((Map) ((Map) msoRequest.getAdditionalProperties()
-                .get("requestDetails")).get("subscriberInfo")).get("globalSubscriberId");
-            String serviceType = (String) ((Map) ((Map) msoRequest.getAdditionalProperties().get("requestDetails"))
-                .get("requestParameters")).get("subscriptionServiceType");
-            return isServicePermitted(globalSubscriberIdRequested, serviceType);
-        } catch (Exception e) {
-            //Until we'll get the exact information regarding the tenants and the global customer id, we'll return true on unknown requests to mso
-            return true;
-        }
-    }
-
 }
diff --git a/vid-app-common/src/main/java/org/onap/vid/services/AaiServiceImpl.java b/vid-app-common/src/main/java/org/onap/vid/services/AaiServiceImpl.java
index b3ac16884..66c0e6c04 100644
--- a/vid-app-common/src/main/java/org/onap/vid/services/AaiServiceImpl.java
+++ b/vid-app-common/src/main/java/org/onap/vid/services/AaiServiceImpl.java
@@ -85,6 +85,7 @@ import org.onap.vid.model.aaiTree.NodeType;
 import org.onap.vid.model.aaiTree.RelatedVnf;
 import org.onap.vid.model.aaiTree.VpnBinding;
 import org.onap.vid.model.aaiTree.VpnBindingKt;
+import org.onap.vid.roles.PermissionProperties;
 import org.onap.vid.roles.RoleValidator;
 import org.onap.vid.utils.Intersection;
 import org.onap.vid.utils.Logging;
@@ -217,11 +218,11 @@ public class AaiServiceImpl implements AaiService {
                 } else if (key.equals(SERVICE_TYPE)) {
                     serviceInstanceSearchResult.setServiceType(relationshipData.getRelationshipValue());
                 } else if (key.equals(CUSTOMER_ID)) {
-                    serviceInstanceSearchResult.setGlobalCustomerId(relationshipData.getRelationshipValue());
+                    serviceInstanceSearchResult.setSubscriberId(relationshipData.getRelationshipValue());
                 }
             }
 
-            boolean isPermitted = roleValidator.isServicePermitted(serviceInstanceSearchResult.getSubscriberName(), serviceInstanceSearchResult.getServiceType());
+            boolean isPermitted = roleValidator.isServicePermitted(serviceInstanceSearchResult);
             serviceInstanceSearchResult.setIsPermitted(isPermitted);
         }
     }
@@ -265,10 +266,9 @@ public class AaiServiceImpl implements AaiService {
     @Override
     public AaiResponse getSubscriberData(String subscriberId, RoleValidator roleValidator, boolean omitServiceInstances) {
         AaiResponse<Services> subscriberResponse = aaiClient.getSubscriberData(subscriberId, omitServiceInstances);
-        String subscriberGlobalId = subscriberResponse.getT().globalCustomerId;
         for (ServiceSubscription serviceSubscription : subscriberResponse.getT().serviceSubscriptions.serviceSubscription) {
-            String serviceType = serviceSubscription.serviceType;
-            serviceSubscription.isPermitted = roleValidator.isServicePermitted(subscriberGlobalId, serviceType);
+            serviceSubscription.isPermitted = roleValidator.isServicePermitted(
+                new PermissionProperties(serviceSubscription, subscriberResponse.getT().globalCustomerId));
         }
         return subscriberResponse;
 
@@ -298,38 +298,43 @@ public class AaiServiceImpl implements AaiService {
 
     private List<ServiceInstanceSearchResult> getServicesBySubscriber(String subscriberId, String instanceIdentifier, RoleValidator roleValidator) {
         AaiResponse<Services> subscriberResponse = aaiClient.getSubscriberData(subscriberId, false);
-        String subscriberGlobalId = subscriberResponse.getT().globalCustomerId;
         String subscriberName = subscriberResponse.getT().subscriberName;
         ServiceSubscriptions serviceSubscriptions = subscriberResponse.getT().serviceSubscriptions;
 
-        return getSearchResultsForSubscriptions(serviceSubscriptions, subscriberId, instanceIdentifier, roleValidator, subscriberGlobalId, subscriberName);
-
+        return getSearchResultsForSubscriptions(serviceSubscriptions, subscriberId, instanceIdentifier, roleValidator, subscriberName);
     }
 
 
-    private ArrayList<ServiceInstanceSearchResult> getSearchResultsForSubscriptions(ServiceSubscriptions serviceSubscriptions, String subscriberId, String instanceIdentifier, RoleValidator roleValidator, String subscriberGlobalId, String subscriberName) {
+    private ArrayList<ServiceInstanceSearchResult> getSearchResultsForSubscriptions(
+        ServiceSubscriptions serviceSubscriptions, String subscriberId, String instanceIdentifier,
+        RoleValidator roleValidator, String subscriberName) {
         ArrayList<ServiceInstanceSearchResult> results = new ArrayList<>();
 
         if (serviceSubscriptions != null) {
             for (ServiceSubscription serviceSubscription : serviceSubscriptions.serviceSubscription) {
-                String serviceType = serviceSubscription.serviceType;
-                serviceSubscription.isPermitted = roleValidator.isServicePermitted(subscriberGlobalId, serviceType);
-                ArrayList<ServiceInstanceSearchResult> resultsForSubscription = getSearchResultsForSingleSubscription(serviceSubscription, subscriberId, instanceIdentifier, subscriberName, serviceType);
-                results.addAll(resultsForSubscription);
+                serviceSubscription.isPermitted = roleValidator.isServicePermitted(new PermissionProperties(serviceSubscription, subscriberId));
+                results.addAll(getSearchResultsForSingleSubscription(
+                    serviceSubscription, subscriberId, instanceIdentifier, subscriberName,
+                    serviceSubscription.serviceType, roleValidator)
+                );
             }
         }
 
         return results;
     }
 
-    private ArrayList<ServiceInstanceSearchResult> getSearchResultsForSingleSubscription(ServiceSubscription serviceSubscription, String subscriberId, String instanceIdentifier, String subscriberName, String serviceType) {
+    private ArrayList<ServiceInstanceSearchResult> getSearchResultsForSingleSubscription(
+        ServiceSubscription serviceSubscription, String subscriberId, String instanceIdentifier, String subscriberName,
+        String serviceType, RoleValidator roleValidator) {
         ArrayList<ServiceInstanceSearchResult> results = new ArrayList<>();
 
         if (serviceSubscription.serviceInstances != null) {
             for (ServiceInstance serviceInstance : serviceSubscription.serviceInstances.serviceInstance) {
                 ServiceInstanceSearchResult serviceInstanceSearchResult =
                         new ServiceInstanceSearchResult(serviceInstance.serviceInstanceId, subscriberId, serviceType, serviceInstance.serviceInstanceName,
-                                subscriberName, serviceInstance.modelInvariantId, serviceInstance.modelVersionId, serviceSubscription.isPermitted);
+                                subscriberName, serviceInstance.modelInvariantId, serviceInstance.modelVersionId, false);
+
+                serviceInstanceSearchResult.setIsPermitted(roleValidator.isServicePermitted(serviceInstanceSearchResult));
 
                 if ((instanceIdentifier == null) || (serviceInstanceMatchesIdentifier(instanceIdentifier, serviceInstance))){
                     results.add(serviceInstanceSearchResult);
author	Einat Vinouze <einat.vinouze@intl.att.com>	2020-01-27 15:49:13 +0200
committer	Ittay Stern <ittay.stern@att.com>	2020-01-28 07:27:01 +0200
commit	e95a7b89aaac965e89d96eba59968a351cb77f40 (patch)
tree	85206d342637697a3611195bf6135d123c0a3cee /vid-app-common/src/main/java
parent	79a8f61035752620b50a0fb42d98361f21962cd9 (diff)