From 7bc81973c823789debc000858f7777d120709ac4 Mon Sep 17 00:00:00 2001
From: Ittay Stern <ittay.stern@att.com>
Date: Tue, 11 Feb 2020 13:56:54 +0200
Subject: Filter owning-entities from /category_parameter by permissions

Implemented in CategoryParameterServiceWithRoles and injected
to MaintenanceController, but still reachable because
shouldTreatPermissions() is "false".

Issue-ID: VID-758

Change-Id: I716202ca944af9b0de9c151d75d50b5df41a8171
Signed-off-by: Ittay Stern <ittay.stern@att.com>
---
 .../onap/vid/controller/PropertyController.java    | 20 +++++---
 .../vid/services/CategoryParameterServiceImpl.java |  2 +
 .../services/CategoryParameterServiceWithRoles.kt  | 60 ++++++++++++++++++++++
 3 files changed, 74 insertions(+), 8 deletions(-)
 create mode 100644 vid-app-common/src/main/java/org/onap/vid/services/CategoryParameterServiceWithRoles.kt

(limited to 'vid-app-common/src/main')

diff --git a/vid-app-common/src/main/java/org/onap/vid/controller/PropertyController.java b/vid-app-common/src/main/java/org/onap/vid/controller/PropertyController.java
index 7f127886b..0b42bcb4e 100644
--- a/vid-app-common/src/main/java/org/onap/vid/controller/PropertyController.java
+++ b/vid-app-common/src/main/java/org/onap/vid/controller/PropertyController.java
@@ -21,23 +21,27 @@
 
 package org.onap.vid.controller;
 
+import static org.onap.vid.utils.Logging.getMethodName;
+import static org.springframework.http.HttpStatus.INTERNAL_SERVER_ERROR;
+import static org.springframework.http.HttpStatus.OK;
+
+import javax.servlet.http.HttpServletRequest;
 import org.onap.portalsdk.core.controller.RestrictedBaseController;
 import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
 import org.onap.vid.category.CategoryParametersResponse;
 import org.onap.vid.model.CategoryParameter.Family;
 import org.onap.vid.services.CategoryParameterService;
+import org.onap.vid.services.CategoryParameterServiceWithRoles;
 import org.onap.vid.utils.SystemPropertiesWrapper;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.ResponseEntity;
-import org.springframework.web.bind.annotation.*;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.RestController;
 import org.springframework.web.servlet.ModelAndView;
 
-import javax.servlet.http.HttpServletRequest;
-
-import static org.onap.vid.utils.Logging.getMethodName;
-import static org.springframework.http.HttpStatus.INTERNAL_SERVER_ERROR;
-import static org.springframework.http.HttpStatus.OK;
-
 @RestController
 public class PropertyController extends RestrictedBaseController {
 
@@ -47,7 +51,7 @@ public class PropertyController extends RestrictedBaseController {
     private final SystemPropertiesWrapper systemPropertiesWrapper;
 
     @Autowired
-    public PropertyController(CategoryParameterService service, SystemPropertiesWrapper systemPropertiesWrapper) {
+    public PropertyController(CategoryParameterServiceWithRoles service, SystemPropertiesWrapper systemPropertiesWrapper) {
         categoryParameterService = service;
         this.systemPropertiesWrapper = systemPropertiesWrapper;
     }
diff --git a/vid-app-common/src/main/java/org/onap/vid/services/CategoryParameterServiceImpl.java b/vid-app-common/src/main/java/org/onap/vid/services/CategoryParameterServiceImpl.java
index 98a84c26c..f4d21e842 100644
--- a/vid-app-common/src/main/java/org/onap/vid/services/CategoryParameterServiceImpl.java
+++ b/vid-app-common/src/main/java/org/onap/vid/services/CategoryParameterServiceImpl.java
@@ -30,6 +30,7 @@ import org.onap.vid.model.CategoryParameterOption;
 import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
 import org.onap.portalsdk.core.service.DataAccessService;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Primary;
 import org.springframework.stereotype.Service;
 
 import javax.ws.rs.ForbiddenException;
@@ -38,6 +39,7 @@ import java.util.stream.Collectors;
 
 
 @Service
+@Primary
 public class CategoryParameterServiceImpl implements CategoryParameterService {
 
     public static final String OPTION_ALREADY_EXIST_FOR_CATEGORY = "Option %s already exist for category %s";
diff --git a/vid-app-common/src/main/java/org/onap/vid/services/CategoryParameterServiceWithRoles.kt b/vid-app-common/src/main/java/org/onap/vid/services/CategoryParameterServiceWithRoles.kt
new file mode 100644
index 000000000..f059e590c
--- /dev/null
+++ b/vid-app-common/src/main/java/org/onap/vid/services/CategoryParameterServiceWithRoles.kt
@@ -0,0 +1,60 @@
+package org.onap.vid.services
+
+import com.fasterxml.jackson.annotation.JsonIgnore
+import org.onap.vid.category.CategoryParameterOptionRep
+import org.onap.vid.category.CategoryParametersResponse
+import org.onap.vid.model.CategoryParameter
+import org.onap.vid.roles.RoleProvider
+import org.onap.vid.roles.WithPermissionPropertiesOwningEntity
+import org.springframework.beans.factory.annotation.Qualifier
+import org.springframework.stereotype.Service
+import org.togglz.core.manager.FeatureManager
+import javax.servlet.http.HttpServletRequest
+
+@Service
+@Qualifier("WithRoles")
+class CategoryParameterServiceWithRoles(
+        private val categoryParameterService: CategoryParameterService,
+        private val featureManager: FeatureManager,
+        private val roleProvider: RoleProvider,
+        private val request: HttpServletRequest
+) : CategoryParameterService by categoryParameterService {
+
+    private val owningEntityKey = "owningEntity"
+
+    private fun shouldTreatPermissions() = false
+
+    override fun getCategoryParameters(familyName: CategoryParameter.Family?): CategoryParametersResponse {
+        val categoryParameters =
+                categoryParameterService.getCategoryParameters(familyName)
+
+        return if (shouldTreatPermissions()) {
+            treatPermissions(categoryParameters)
+        } else {
+            categoryParameters
+        }
+    }
+
+    internal fun treatPermissions(categoryParametersResponse: CategoryParametersResponse): CategoryParametersResponse {
+        val extractedCategoryParameters = categoryParametersResponse.categoryParameters
+        val owningEntities = extractedCategoryParameters[owningEntityKey]
+
+        return CategoryParametersResponse(
+                extractedCategoryParameters + (owningEntityKey to removeNonPermitted(owningEntities)))
+    }
+
+    private fun removeNonPermitted(owningEntities: MutableList<CategoryParameterOptionRep>?): List<CategoryParameterOptionRep>? {
+        val userRolesValidator = roleProvider.getUserRolesValidator(request)
+        return owningEntities
+                ?.map { OwningEntityOptionRep(it) }
+                ?.filter { userRolesValidator.isServicePermitted(it) }
+    }
+
+
+    class OwningEntityOptionRep(categoryParameterOptionRep: CategoryParameterOptionRep) :
+            CategoryParameterOptionRep(categoryParameterOptionRep.id, categoryParameterOptionRep.name),
+            WithPermissionPropertiesOwningEntity {
+        override val owningEntityId: String?
+            @JsonIgnore get() = id
+    }
+}
-- 
cgit 1.2.3-korg