use of io.gravitee.am.identityprovider.api.User in project gravitee-access-management by gravitee-io.
the class ApplicationEmailsResource method create.
@POST
@Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_JSON)
@ApiOperation(value = "Create a email for an application", notes = "User must have APPLICATION_EMAIL_TEMPLATE[CREATE] permission on the specified application " + "or APPLICATION_EMAIL_TEMPLATE[CREATE] permission on the specified domain " + "or APPLICATION_EMAIL_TEMPLATE[CREATE] permission on the specified environment " + "or APPLICATION_EMAIL_TEMPLATE[CREATE] permission on the specified organization")
@ApiResponses({ @ApiResponse(code = 201, message = "Email successfully created"), @ApiResponse(code = 500, message = "Internal server error") })
public void create(@PathParam("organizationId") String organizationId, @PathParam("environmentId") String environmentId, @PathParam("domain") String domain, @PathParam("application") String application, @ApiParam(name = "email", required = true) @Valid @NotNull final NewEmail newEmail, @Suspended final AsyncResponse response) {
final User authenticatedUser = getAuthenticatedUser();
checkAnyPermission(organizationId, environmentId, domain, Permission.APPLICATION_EMAIL_TEMPLATE, Acl.CREATE).andThen(domainService.findById(domain).switchIfEmpty(Maybe.error(new DomainNotFoundException(domain))).flatMap(irrelevant -> applicationService.findById(application)).switchIfEmpty(Maybe.error(new ApplicationNotFoundException(application))).flatMapSingle(__ -> emailTemplateService.create(domain, application, newEmail, authenticatedUser)).map(email -> Response.created(URI.create("/organizations/" + organizationId + "/environments/" + environmentId + "/domains/" + domain + "/applications/" + application + "/emails/" + email.getId())).entity(email).build())).subscribe(response::resume, response::resume);
}
use of io.gravitee.am.identityprovider.api.User in project gravitee-access-management by gravitee-io.
the class ApplicationFlowsResource method list.
@GET
@Produces(MediaType.APPLICATION_JSON)
@ApiOperation(value = "List registered flows for an application", notes = "User must have the APPLICATION_FLOW[LIST] permission on the specified domain " + "or APPLICATION_FLOW[LIST] permission on the specified environment " + "or APPLICATION_FLOW[LIST] permission on the specified organization. " + "Except if user has APPLICATION_FLOW[READ] permission on the domain, environment or organization, each returned flow is filtered and contains only basic information such as id and name and isEnabled.")
@ApiResponses({ @ApiResponse(code = 200, message = "List registered flows for an application", response = FlowEntity.class, responseContainer = "List"), @ApiResponse(code = 500, message = "Internal server error") })
public void list(@PathParam("organizationId") String organizationId, @PathParam("environmentId") String environmentId, @PathParam("domain") String domain, @PathParam("application") String application, @Suspended final AsyncResponse response) {
User authenticatedUser = getAuthenticatedUser();
checkAnyPermission(organizationId, environmentId, domain, Permission.APPLICATION_FLOW, Acl.LIST).andThen(hasAnyPermission(authenticatedUser, organizationId, environmentId, domain, Permission.APPLICATION_FLOW, Acl.READ).flatMapPublisher(hasPermission -> flowService.findByApplication(ReferenceType.DOMAIN, domain, application).map(flow -> filterFlowInfos(hasPermission, flow))).toList()).subscribe(response::resume, response::resume);
}
use of io.gravitee.am.identityprovider.api.User in project gravitee-access-management by gravitee-io.
the class ApplicationFormResource method update.
@PUT
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@ApiOperation(value = "Update a form for an application", notes = "User must have APPLICATION_FORM[UPDATE] permission on the specified application " + "or APPLICATION_FORM[UPDATE] permission on the specified domain " + "or APPLICATION_FORM[UPDATE] permission on the specified environment " + "or APPLICATION_FORM[UPDATE] permission on the specified organization")
@ApiResponses({ @ApiResponse(code = 201, message = "Form successfully updated", response = Form.class), @ApiResponse(code = 500, message = "Internal server error") })
public void update(@PathParam("organizationId") String organizationId, @PathParam("environmentId") String environmentId, @PathParam("domain") String domain, @PathParam("application") String application, @PathParam("form") String form, @ApiParam(name = "form", required = true) @Valid @NotNull UpdateForm updateForm, @Suspended final AsyncResponse response) {
final User authenticatedUser = getAuthenticatedUser();
checkAnyPermission(organizationId, environmentId, domain, application, Permission.APPLICATION_FORM, Acl.UPDATE).andThen(domainService.findById(domain).switchIfEmpty(Maybe.error(new DomainNotFoundException(domain))).flatMap(irrelevant -> applicationService.findById(application)).switchIfEmpty(Maybe.error(new ApplicationNotFoundException(application))).flatMapSingle(irrelevant -> formService.update(domain, application, form, updateForm, authenticatedUser))).subscribe(response::resume, response::resume);
}
use of io.gravitee.am.identityprovider.api.User in project gravitee-access-management by gravitee-io.
the class ApplicationFormResource method delete.
@DELETE
@ApiOperation(value = "Delete a form for an application", notes = "User must have APPLICATION_FORM[DELETE] permission on the specified application " + "or APPLICATION_FORM[DELETE] permission on the specified domain " + "or APPLICATION_FORM[DELETE] permission on the specified environment " + "or APPLICATION_FORM[DELETE] permission on the specified organization")
@ApiResponses({ @ApiResponse(code = 204, message = "Form successfully deleted"), @ApiResponse(code = 500, message = "Internal server error") })
public void delete(@PathParam("organizationId") String organizationId, @PathParam("environmentId") String environmentId, @PathParam("domain") String domain, @PathParam("application") String application, @PathParam("form") String form, @Suspended final AsyncResponse response) {
final User authenticatedUser = getAuthenticatedUser();
checkAnyPermission(organizationId, environmentId, domain, application, Permission.APPLICATION_FORM, Acl.DELETE).andThen(formService.delete(domain, form, authenticatedUser)).subscribe(() -> response.resume(Response.noContent().build()), response::resume);
}
use of io.gravitee.am.identityprovider.api.User in project gravitee-access-management by gravitee-io.
the class AuthenticationServiceImpl method onAuthenticationSuccess.
@Override
public User onAuthenticationSuccess(Authentication auth) {
final DefaultUser principal = (DefaultUser) auth.getPrincipal();
final EndUserAuthentication authentication = new EndUserAuthentication(principal.getUsername(), null, new SimpleAuthenticationContext());
Map<String, String> details = auth.getDetails() == null ? new HashMap<>() : new HashMap<>((Map<String, String>) auth.getDetails());
details.putIfAbsent(Claims.organization, Organization.DEFAULT);
String organizationId = details.get(Claims.organization);
final String source = details.get(SOURCE);
io.gravitee.am.model.User endUser = userService.findByExternalIdAndSource(ReferenceType.ORGANIZATION, organizationId, principal.getId(), source).switchIfEmpty(Maybe.defer(() -> userService.findByUsernameAndSource(ReferenceType.ORGANIZATION, organizationId, principal.getUsername(), source))).switchIfEmpty(Maybe.error(new UserNotFoundException(principal.getUsername()))).flatMapSingle(existingUser -> {
existingUser.setSource(details.get(SOURCE));
existingUser.setLoggedAt(new Date());
existingUser.setLoginsCount(existingUser.getLoginsCount() + 1);
if (existingUser.getAdditionalInformation() != null) {
existingUser.getAdditionalInformation().putAll(principal.getAdditionalInformation());
} else {
existingUser.setAdditionalInformation(new HashMap<>(principal.getAdditionalInformation()));
}
return userService.update(existingUser).flatMap(user -> updateRoles(principal, existingUser).andThen(Single.just(user)));
}).onErrorResumeNext(ex -> {
if (ex instanceof UserNotFoundException) {
final io.gravitee.am.model.User newUser = new io.gravitee.am.model.User();
newUser.setInternal(false);
newUser.setExternalId(principal.getId());
newUser.setUsername(principal.getUsername());
newUser.setSource(details.get(SOURCE));
newUser.setReferenceType(ReferenceType.ORGANIZATION);
newUser.setReferenceId(organizationId);
newUser.setLoggedAt(new Date());
newUser.setLoginsCount(1L);
newUser.setAdditionalInformation(principal.getAdditionalInformation());
return userService.create(newUser).flatMap(user -> userService.setRoles(principal, user).andThen(Single.just(user)));
}
return Single.error(ex);
}).flatMap(userService::enhance).doOnSuccess(user -> auditService.report(AuditBuilder.builder(AuthenticationAuditBuilder.class).principal(authentication).referenceType(ReferenceType.ORGANIZATION).referenceId(organizationId).user(user).ipAddress(details.get(IP_ADDRESS_KEY)).userAgent(details.get(USER_AGENT_KEY)))).blockingGet();
principal.setId(endUser.getId());
principal.setUsername(endUser.getUsername());
if (endUser.getAdditionalInformation() != null) {
principal.getAdditionalInformation().putAll(endUser.getAdditionalInformation());
}
principal.getAdditionalInformation().put(StandardClaims.SUB, endUser.getId());
principal.getAdditionalInformation().put(StandardClaims.PREFERRED_USERNAME, endUser.getUsername());
principal.getAdditionalInformation().put(Claims.organization, endUser.getReferenceId());
principal.getAdditionalInformation().put("login_count", endUser.getLoginsCount());
principal.getAdditionalInformation().computeIfAbsent(StandardClaims.EMAIL, val -> endUser.getEmail());
principal.getAdditionalInformation().computeIfAbsent(StandardClaims.NAME, val -> endUser.getDisplayName());
// set roles
Set<String> roles = endUser.getRoles() != null ? new HashSet<>(endUser.getRoles()) : new HashSet<>();
if (principal.getRoles() != null) {
roles.addAll(principal.getRoles());
}
principal.getAdditionalInformation().put(CustomClaims.ROLES, roles);
return principal;
}
Aggregations