use of io.gravitee.am.identityprovider.api.User in project gravitee-access-management by gravitee-io.
the class DomainsResource method list.
@GET
@Produces(MediaType.APPLICATION_JSON)
@ApiOperation(value = "List security domains for an environment", notes = "List all the security domains accessible to the current user. " + "User must have DOMAIN[LIST] permission on the specified environment or organization " + "AND either DOMAIN[READ] permission on each security domain " + "or DOMAIN[READ] permission on the specified environment " + "or DOMAIN[READ] permission on the specified organization." + "Each returned domain is filtered and contains only basic information such as id, name and description and isEnabled.")
@ApiResponses({ @ApiResponse(code = 200, message = "List accessible security domains for current user", response = Domain.class, responseContainer = "List"), @ApiResponse(code = 500, message = "Internal server error") })
public void list(@PathParam("organizationId") String organizationId, @PathParam("environmentId") String environmentId, @QueryParam("page") @DefaultValue("0") int page, @QueryParam("size") @DefaultValue(MAX_DOMAINS_SIZE_PER_PAGE_STRING) int size, @QueryParam("q") String query, @Suspended final AsyncResponse response) {
User authenticatedUser = getAuthenticatedUser();
checkAnyPermission(organizationId, environmentId, Permission.DOMAIN, Acl.LIST).andThen(query != null ? domainService.search(organizationId, environmentId, query) : domainService.findAllByEnvironment(organizationId, environmentId)).flatMapMaybe(domain -> hasPermission(authenticatedUser, or(of(ReferenceType.DOMAIN, domain.getId(), Permission.DOMAIN, Acl.READ), of(ReferenceType.ENVIRONMENT, environmentId, Permission.DOMAIN, Acl.READ), of(ReferenceType.ORGANIZATION, organizationId, Permission.DOMAIN, Acl.READ))).filter(Boolean::booleanValue).map(permit -> domain)).map(this::filterDomainInfos).sorted((o1, o2) -> String.CASE_INSENSITIVE_ORDER.compare(o1.getName(), o2.getName())).toList().map(domains -> new Page<Domain>(domains.stream().skip((long) page * size).limit(size).collect(Collectors.toList()), page, domains.size())).subscribe(response::resume, response::resume);
}
use of io.gravitee.am.identityprovider.api.User in project gravitee-access-management by gravitee-io.
the class DomainsResource method create.
@POST
@Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_JSON)
@ApiOperation(value = "Create a security domain.", notes = "Create a security domain. " + "User must have DOMAIN[CREATE] permission on the specified environment " + "or DOMAIN[CREATE] permission on the specified organization")
@ApiResponses({ @ApiResponse(code = 201, message = "Domain successfully created"), @ApiResponse(code = 500, message = "Internal server error") })
public void create(@PathParam("organizationId") String organizationId, @PathParam("environmentId") String environmentId, @ApiParam(name = "domain", required = true) @Valid @NotNull final NewDomain newDomain, @Suspended final AsyncResponse response) {
final User authenticatedUser = getAuthenticatedUser();
checkAnyPermission(organizationId, environmentId, Permission.DOMAIN, Acl.CREATE).andThen(domainService.create(organizationId, environmentId, newDomain, authenticatedUser).flatMap(domain -> identityProviderManager.create(domain.getId()).map(__ -> domain)).flatMap(domain -> reporterService.createDefault(domain.getId()).map(__ -> domain))).subscribe(domain -> response.resume(Response.created(URI.create("/organizations/" + organizationId + "/environments/" + environmentId + "/domains/" + domain.getId())).entity(domain).build()), response::resume);
}
use of io.gravitee.am.identityprovider.api.User in project gravitee-access-management by gravitee-io.
the class EmailResource method update.
@PUT
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@ApiOperation(value = "Update an email", notes = "User must have the DOMAIN_EMAIL_TEMPLATE[UPDATE] permission on the specified domain " + "or DOMAIN_EMAIL_TEMPLATE[UPDATE] permission on the specified environment " + "or DOMAIN_EMAIL_TEMPLATE[UPDATE] permission on the specified organization")
@ApiResponses({ @ApiResponse(code = 201, message = "Email successfully updated", response = Email.class), @ApiResponse(code = 500, message = "Internal server error") })
public void update(@PathParam("organizationId") String organizationId, @PathParam("environmentId") String environmentId, @PathParam("domain") String domain, @PathParam("email") String email, @ApiParam(name = "email", required = true) @Valid @NotNull UpdateEmail updateEmail, @Suspended final AsyncResponse response) {
final User authenticatedUser = getAuthenticatedUser();
checkAnyPermission(organizationId, environmentId, domain, Permission.DOMAIN_EMAIL_TEMPLATE, Acl.UPDATE).andThen(domainService.findById(domain).switchIfEmpty(Maybe.error(new DomainNotFoundException(domain))).flatMapSingle(__ -> emailTemplateService.update(domain, email, updateEmail, authenticatedUser))).subscribe(response::resume, response::resume);
}
use of io.gravitee.am.identityprovider.api.User in project gravitee-access-management by gravitee-io.
the class ExtensionGrantResource method update.
@PUT
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@ApiOperation(value = "Update a extension grant", notes = "User must have the DOMAIN_EXTENSION_GRANT[UPDATE] permission on the specified domain " + "or DOMAIN_EXTENSION_GRANT[UPDATE] permission on the specified environment " + "or DOMAIN_EXTENSION_GRANT[UPDATE] permission on the specified organization")
@ApiResponses({ @ApiResponse(code = 201, message = "Extension grant successfully updated", response = ExtensionGrant.class), @ApiResponse(code = 500, message = "Internal server error") })
public void update(@PathParam("organizationId") String organizationId, @PathParam("environmentId") String environmentId, @PathParam("domain") String domain, @PathParam("extensionGrant") String extensionGrant, @ApiParam(name = "tokenGranter", required = true) @Valid @NotNull UpdateExtensionGrant updateExtensionGrant, @Suspended final AsyncResponse response) {
final User authenticatedUser = getAuthenticatedUser();
checkAnyPermission(organizationId, environmentId, domain, Permission.DOMAIN_EXTENSION_GRANT, Acl.UPDATE).andThen(domainService.findById(domain).switchIfEmpty(Maybe.error(new DomainNotFoundException(domain))).flatMapSingle(irrelevant -> extensionGrantService.update(domain, extensionGrant, updateExtensionGrant, authenticatedUser))).subscribe(response::resume, response::resume);
}
use of io.gravitee.am.identityprovider.api.User in project gravitee-access-management by gravitee-io.
the class CurrentUserResource method get.
@GET
@Produces(MediaType.APPLICATION_JSON)
@ApiOperation(value = "Get the current user")
@ApiResponses({ @ApiResponse(code = 200, message = "Current user successfully fetched", response = User.class), @ApiResponse(code = 500, message = "Internal server error") })
public void get(@Suspended final AsyncResponse response) {
final User authenticatedUser = getAuthenticatedUser();
// Get the organization the current user is logged on.
String organizationId = (String) authenticatedUser.getAdditionalInformation().getOrDefault(Claims.organization, Organization.DEFAULT);
final Single<List<String>> organizationPermissions = permissionService.findAllPermissions(authenticatedUser, ReferenceType.ORGANIZATION, organizationId).map(Permission::flatten);
final Single<List<String>> platformPermissions = permissionService.findAllPermissions(authenticatedUser, ReferenceType.PLATFORM, Platform.DEFAULT).map(Permission::flatten);
Single.zip(platformPermissions, organizationPermissions, (p, o) -> {
Set<String> allPermissions = new HashSet<>();
allPermissions.addAll(p);
allPermissions.addAll(o);
return allPermissions;
}).map(permissions -> {
// prepare profile information with role permissions
Map<String, Object> profile = new HashMap<>(authenticatedUser.getAdditionalInformation());
profile.put("permissions", permissions);
profile.put("newsletter_enabled", newsletterEnabled);
profile.remove(CustomClaims.ROLES);
return profile;
}).subscribe(response::resume, response::resume);
}
Aggregations