8195 Add SPG to Audit Report

backend/src/main/java/ca/bc/gov/hlth/hnweb/controller/AuditController.java

@@ -42,9 +42,9 @@
 @RequestMapping("/audit")
 @RestController
 public class AuditController extends BaseController {
-	
+
 	private static final String AUDIT_REPORT_PREFIX = "auditreport_";
-			
+
 	private static final String AUDIT_REPORT_EXTENSION = ".csv";
 
 	private static final Logger logger = LoggerFactory.getLogger(AuditController.class);
@@ -63,14 +63,15 @@ public class AuditController extends BaseController {
 	public ResponseEntity<AuditReportResponse> getAuditReport(@Valid @RequestBody AuditReportRequest auditReportRequest,
 			HttpServletRequest request) {
 
-		Page<AffectedParty> pageable = auditService.getAffectedParties(
-				auditReportRequest.getTransactionTypes(), auditReportRequest.getOrganizations(),
-				auditReportRequest.getUserId(), auditReportRequest.getStartDate(), auditReportRequest.getEndDate(),
-				auditReportRequest.getPage(), auditReportRequest.getRows(), auditReportRequest.getSortField(), auditReportRequest.getSortDirection());
+		Page<AffectedParty> pageable = auditService.getAffectedParties(auditReportRequest.getTransactionTypes(),
+				auditReportRequest.getOrganizations(), auditReportRequest.getSpgRoles(), auditReportRequest.getUserId(),
+				auditReportRequest.getStartDate(), auditReportRequest.getEndDate(), auditReportRequest.getPage(),
+				auditReportRequest.getRows(), auditReportRequest.getSortField(), auditReportRequest.getSortDirection());
 		List<AuditRecord> auditReport = convertReport(pageable.getContent());
 
 		int first = auditReportRequest.getPage() * auditReportRequest.getRows();
-		logger.info("Returning {}-{} of {} audit records", first, first + pageable.getNumberOfElements(), pageable.getTotalElements());
+		logger.info("Returning {}-{} of {} audit records", first, first + pageable.getNumberOfElements(),
+				pageable.getTotalElements());
 
 		AuditReportResponse auditReportingResponse = new AuditReportResponse();
 		auditReportingResponse.setRecords(auditReport);
@@ -93,9 +94,10 @@ public ResponseEntity<List<String>> getOrganizations() {
 		ResponseEntity<List<String>> responseEntity = ResponseEntity.ok(organizations);
 		return responseEntity;
 	}
-	
+
 	/**
 	 * Retrieves audit records for download
+	 * 
 	 * @param auditReportRequest
 	 * @param request
 	 * @return
@@ -106,7 +108,9 @@ public ResponseEntity<Resource> downloadAuditReport(@Valid @RequestBody AuditRep
 
 		List<AffectedParty> affectedPartiesForDownload = auditService.getAffectedPartiesForDownload(
 				auditReportRequest.getTransactionTypes(), auditReportRequest.getOrganizations(),
-				auditReportRequest.getUserId(), auditReportRequest.getStartDate(), auditReportRequest.getEndDate(), auditReportRequest.getSortField(), auditReportRequest.getSortDirection());
+				auditReportRequest.getSpgRoles(), auditReportRequest.getUserId(), auditReportRequest.getStartDate(),
+				auditReportRequest.getEndDate(), auditReportRequest.getSortField(),
+				auditReportRequest.getSortDirection());
 		List<AuditRecord> auditReport = convertReport(affectedPartiesForDownload);
 		logger.info("Number of records returned for download : {}", auditReport.size());
 
@@ -126,6 +130,7 @@ private List<AuditRecord> convertReport(List<AffectedParty> affectedParties) {
 		affectedParties.forEach(affectedParty -> {
 			AuditRecord model = new AuditRecord();
 			model.setOrganization(affectedParty.getTransaction().getOrganization());
+			model.setSpgRole(affectedParty.getTransaction().getSpgRole());
 			model.setTransactionId(affectedParty.getTransaction().getTransactionId().toString());
 			model.setType(affectedParty.getTransaction().getType());
 			model.setUserId(affectedParty.getTransaction().getUserId());
@@ -140,7 +145,8 @@ private List<AuditRecord> convertReport(List<AffectedParty> affectedParties) {
 	}
 
 	private List<String> convertOrganization(List<Organization> organizations) {
-		return organizations.stream().filter(org -> StringUtils.isNotBlank(org.getOrganization())).map(org -> org.getOrganization()).collect(Collectors.toList());
+		return organizations.stream().filter(org -> StringUtils.isNotBlank(org.getOrganization()))
+				.map(org -> org.getOrganization()).collect(Collectors.toList());
 	}
 
 	private LocalDateTime convertDate(Date date) {

backend/src/main/java/ca/bc/gov/hlth/hnweb/model/rest/auditreport/AuditRecord.java

@@ -18,6 +18,16 @@ public class AuditRecord {
 
 	private String transactionId;
 
+	private String spgRole;
+
+	public String getSpgRole() {
+		return spgRole;
+	}
+
+	public void setSpgRole(String spgRole) {
+		this.spgRole = spgRole;
+	}
+
 	public String getType() {
 		return type;
 	}

backend/src/main/java/ca/bc/gov/hlth/hnweb/model/rest/auditreport/AuditReportRequest.java

@@ -10,13 +10,23 @@ public class AuditReportRequest {
 	private List<String> organizations;
 
 	private List<String> transactionTypes;
+
+	private List<String> spgRoles;
 
 	private LocalDate startDate;
 
 	private LocalDate endDate;
 
 	private Integer page = 0;
 
+	public List<String> getSpgRoles() {
+		return spgRoles;
+	}
+
+	public void setSpgRoles(List<String> spgRoles) {
+		this.spgRoles = spgRoles;
+	}
+
 	private Integer rows = 10;
 
 	private String sortField;

backend/src/main/java/ca/bc/gov/hlth/hnweb/persistence/entity/Transaction.java

@@ -62,6 +62,21 @@ public class Transaction {
 	@Column(name = "organization")
 	private String organization;
 
+	/**
+	 * SPG of the user performing the transaction
+	 */
+	@Basic
+	@Column(name = "spg_role")
+	private String spgRole;
+
+	public String getSpgRole() {
+		return spgRole;
+	}
+
+	public void setSpgRole(String spgRole) {
+		this.spgRole = spgRole;
+	}
+
 	/**
 	 * ID of the user that initiated the transaction
 	 */
@@ -139,7 +154,7 @@ public Date getStartTime() {
 	public void setStartTime(Date startTime) {
 		this.startTime = startTime;
 	}
-	
+
 	@PrePersist
 	public void prePersist() {
 		if (startTime == null) {
@@ -216,8 +231,9 @@ public boolean equals(Object obj) {
 
 	@Override
 	public String toString() {
-		return "Transaction [transactionId=" + transactionId + ", type=" + type + ", sessionId=" + sessionId + ", server=" + server
-				+ ", sourceIp=" + sourceIp + ", organization=" + organization + ", userId=" + userId + ", startTime=" + startTime + "]";
+		return "Transaction [transactionId=" + transactionId + ", type=" + type + ", sessionId=" + sessionId
+				+ ", server=" + server + ", sourceIp=" + sourceIp + ", organization=" + organization + ", userId="
+				+ userId + ", startTime=" + startTime + "]";
 	}
 
 }

backend/src/main/java/ca/bc/gov/hlth/hnweb/persistence/repository/AffectedPartyPageableRepository.java

@@ -14,22 +14,28 @@
 
 public interface AffectedPartyPageableRepository extends PagingAndSortingRepository<AffectedParty, Long> {
 
-	@Query("SELECT af from AffectedParty af where "	
-		      +"(COALESCE(:organizations, null) is null or af.transaction.organization IN (:organizations)) and "
-		      +"(COALESCE(:type, null) is null or af.transaction.type IN (:type)) and "
-		      +"(COALESCE(:userId, null) is null or :userId = '' or upper(af.transaction.userId)= upper(:userId)) and "
-		      +"(af.direction=:direction) and "
-		      +"(date_trunc('day', af.transaction.startTime) between :startDate and :endDate) ")
+	@Query("SELECT af from AffectedParty af where "
+			+ "(COALESCE(:organizations, null) is null or af.transaction.organization IN (:organizations)) and "
+			+ "(COALESCE(:type, null) is null or af.transaction.type IN (:type)) and "
+			+ "(COALESCE(:spgRoles, null) is null or af.transaction.spgRole IN (:spgRoles)) and "
+			+ "(COALESCE(:userId, null) is null or :userId = '' or upper(af.transaction.userId)= upper(:userId)) and "
+			+ "(af.direction=:direction) and "
+			+ "(date_trunc('day', af.transaction.startTime) between :startDate and :endDate) ")
 	Page<AffectedParty> findByTransactionAndDirection(@Param("type") List<String> type,
-			@Param("organizations") List<String> organizations, @Param("userId") String userId, @Param("direction") String direction, @Param("startDate") Date startDate, @Param("endDate") Date endDate, Pageable pageable);
-
-	@Query("SELECT af from AffectedParty af where "	
-		      +"(COALESCE(:organizations, null) is null or af.transaction.organization IN (:organizations)) and "
-		      +"(COALESCE(:type, null) is null or af.transaction.type IN (:type)) and "
-		      +"(COALESCE(:userId, null) is null or :userId = '' or upper(af.transaction.userId)= upper(:userId)) and "
-		      +"(af.direction=:direction) and "
-		      +"(date_trunc('day', af.transaction.startTime) between :startDate and :endDate) ")
+			@Param("organizations") List<String> organizations, @Param("spgRoles") List<String> spgRoles,
+			@Param("userId") String userId, @Param("direction") String direction, @Param("startDate") Date startDate,
+			@Param("endDate") Date endDate, Pageable pageable);
+
+	@Query("SELECT af from AffectedParty af where "
+			+ "(COALESCE(:organizations, null) is null or af.transaction.organization IN (:organizations)) and "
+			+ "(COALESCE(:type, null) is null or af.transaction.type IN (:type)) and "
+			+ "(COALESCE(:spgRoles, null) is null or af.transaction.spgRole IN (:spgRoles)) and "
+			+ "(COALESCE(:userId, null) is null or :userId = '' or upper(af.transaction.userId)= upper(:userId)) and "
+			+ "(af.direction=:direction) and "
+			+ "(date_trunc('day', af.transaction.startTime) between :startDate and :endDate) ")
 	List<AffectedParty> findByTransactionAndDirection(@Param("type") List<String> type,
-			@Param("organizations") List<String> organizations, @Param("userId") String userId, @Param("direction") String direction, @Param("startDate") Date startDate, @Param("endDate") Date endDate, Sort sort);
+			@Param("organizations") List<String> organizations, @Param("spgRoles") List<String> spgRoles,
+			@Param("userId") String userId, @Param("direction") String direction, @Param("startDate") Date startDate,
+			@Param("endDate") Date endDate, Sort sort);
 
 }

backend/src/main/java/ca/bc/gov/hlth/hnweb/security/SecurityUtil.java

@@ -4,9 +4,9 @@
 import java.util.List;
 import java.util.Map;
 
-import org.apache.commons.lang3.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
@@ -26,80 +26,135 @@ public class SecurityUtil {
 	private static final String CLAIM_RESOURCE_ACCESS = "resource_access";
 	private static final String CLAIM_SESSION_STATE = "session_state";
 	public static final String CLAIM_USERNAME = "preferred_username";
-	private static final String CLAIM_SUB = "sub";	//the Subject claim identifies the principal that is the subject of the JWT
+	private static final String CLAIM_SUB = "sub"; // the Subject claim identifies the principal that is the subject of the JWT
 	public static final String CLAIM_ORGANIZATION = "org_details";
-	
+
 	private static final String ORGANIZATION_ID = "id";
-	
+
 	private static final String USER_ROLES = "roles";
+
+	private static final String UNKNOWN_ROLE = "UNKNOWN";
+
+	private static String KEYCLOAK_CLIENT;
 
-    private static String KEYCLOAK_CLIENT;
-    
-    @Value("${spring.security.oauth2.resourceserver.jwt.audience}")
-    private void setKeycloakClientStatic(String keycloakClient){
-        SecurityUtil.KEYCLOAK_CLIENT = keycloakClient;
-    }
+	private static SecurityProperties securityProperties;
+
+	@Autowired
+	public void setSecurityProperties(SecurityProperties properties) {
+		SecurityUtil.securityProperties = properties;
+	}
 
-    public static UserInfo loadUserInfo() {
+	@Value("${spring.security.oauth2.resourceserver.jwt.audience}")
+	private void setKeycloakClientStatic(String keycloakClient) {
+		SecurityUtil.KEYCLOAK_CLIENT = keycloakClient;
+	}
+
+	public static UserInfo loadUserInfo() {
 		Authentication auth = SecurityContextHolder.getContext().getAuthentication();
-		Jwt jwt = (Jwt)auth.getPrincipal();
-		
+		Jwt jwt = (Jwt) auth.getPrincipal();
+
 		UserInfo userInfo = new UserInfo();
 		userInfo.setOrganization(extractOrganization(jwt));
-		
+
 		List<String> roles = loadRoles(jwt);
-		userInfo.setRole(StringUtils.join(roles, " "));
+		userInfo.setRoles(roles);
 
 		userInfo.setSessionState(jwt.getClaim(CLAIM_SESSION_STATE));
 		userInfo.setUsername(jwt.getClaim(CLAIM_USERNAME));
 		userInfo.setUserId(jwt.getClaim(CLAIM_SUB));
-		
+
 		return userInfo;
 	}
-
+
+	public static String loadSPGBasedOnTransactionType(UserInfo userInfo, TransactionType transactionType) {
+		Map<String, List<String>> rolePermissions = securityProperties.getRolePermissions();
+		List<String> roles = userInfo.getRoles();
+		if (roles.size() == 1) {
+			return roles.get(0);
+		}
+		for (String role : roles) {
+			List<String> permissions = rolePermissions.get(role.toLowerCase());
+			if(permissions == null) {
+				continue;
+			}
+			switch (transactionType) {
+			case ENROLL_SUBSCRIBER:
+				if (permissions.contains("AddPermitHolderWOPHN") || permissions.contains("AddPermitHolderWithPHN")) {
+					return role;
+				}
+				break;
+			case GET_PERSON_DETAILS:
+				if (permissions.contains("AddPermitHolderWithPHN")) {
+					return role;
+				}
+				break;
+			case NAME_SEARCH:
+				if (permissions.contains("AddPermitHolderWOPHN")) {
+					return role;
+				}
+				break;
+			case CONTRACT_INQUIRY:
+				if (permissions.contains("ContractInquiry") || permissions.contains("GetContractAddress")) {
+					return role;
+				}
+				break;
+			case GET_PATIENT_REGISTRATION:
+				if (permissions.contains("PatientRegistration")) {
+					return role;
+				}
+				break;
+			default:
+				if (permissions.contains(transactionType.getValue())) {
+					return role;
+				}
+			}
+		}
+		return UNKNOWN_ROLE;
+	}
+
 	private static String extractOrganization(Jwt jwt) {
 		try {
 			ObjectMapper mapper = new ObjectMapper();
-			JsonNode node = mapper.readTree((String)jwt.getClaim(CLAIM_ORGANIZATION));
+			JsonNode node = mapper.readTree((String) jwt.getClaim(CLAIM_ORGANIZATION));
 			return node.get(ORGANIZATION_ID).asText();
 		} catch (Exception e) {
 			logger.warn("User {} does not have claim {} set", jwt.getClaim(CLAIM_USERNAME), CLAIM_ORGANIZATION);
 			return null;
 		}
 	}
-	
+
 	@SuppressWarnings("unchecked")
 	private static List<String> loadRoles(Jwt jwt) {
 		List<String> permissions = new ArrayList<>();
 
-        Map<String, Object> resourceAccesses = (Map<String, Object>) jwt.getClaims().get(CLAIM_RESOURCE_ACCESS);
+		Map<String, Object> resourceAccesses = (Map<String, Object>) jwt.getClaims().get(CLAIM_RESOURCE_ACCESS);
 
-        if (resourceAccesses == null) {
-        	return permissions;
-        }
+		if (resourceAccesses == null) {
+			return permissions;
+		}
 
-        Map<String, Object> resource = (Map<String, Object>) resourceAccesses.get(KEYCLOAK_CLIENT);
-        if (resource == null) {
-        	return permissions;
-        }
+		Map<String, Object> resource = (Map<String, Object>) resourceAccesses.get(KEYCLOAK_CLIENT);
+		if (resource == null) {
+			return permissions;
+		}
 
-        return (List<String>)resource.get(USER_ROLES);        
+		return (List<String>) resource.get(USER_ROLES);
 	}
-	
+
 	public static List<String> loadPermissions(Jwt jwt, Map<String, List<String>> rolePermissions) {
-        List<String> roles = loadRoles(jwt);
-        List<String> permissions = new ArrayList<>();
-        roles.forEach(role -> {
-        	List<String> currentPermissions = rolePermissions.get(role.toLowerCase());
-        	if (currentPermissions != null) {
-        		permissions.addAll(currentPermissions);	
-        	} else {
-        		logger.warn("Role {} has no permissions defined.", role);
-        	}
-        	
-        });
-        
-        return permissions;
+		List<String> roles = loadRoles(jwt);
+		List<String> permissions = new ArrayList<>();
+		roles.forEach(role -> {
+			List<String> currentPermissions = rolePermissions.get(role.toLowerCase());
+			if (currentPermissions != null) {
+				permissions.addAll(currentPermissions);
+			} else {
+				logger.warn("Role {} has no permissions defined.", role);
+			}
+
+		});
+
+		return permissions;
 	}
 
 }