Search in sources :

Example 1 with Permission

use of io.gravitee.am.model.permissions.Permission in project gravitee-access-management by gravitee-io.

the class ApplicationFormsResource method create.

@POST
@Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_JSON)
@ApiOperation(value = "Create a form for an application", notes = "User must have APPLICATION_FORM[CREATE] permission on the specified application " + "or APPLICATION_FORM[CREATE] permission on the specified domain " + "or APPLICATION_FORM[CREATE] permission on the specified environment " + "or APPLICATION_FORM[CREATE] permission on the specified organization")
@ApiResponses({ @ApiResponse(code = 201, message = "Form successfully created"), @ApiResponse(code = 500, message = "Internal server error") })
public void create(@PathParam("organizationId") String organizationId, @PathParam("environmentId") String environmentId, @PathParam("domain") String domain, @PathParam("application") String application, @ApiParam(name = "email", required = true) @Valid @NotNull final NewForm newForm, @Suspended final AsyncResponse response) {
    final User authenticatedUser = getAuthenticatedUser();
    checkAnyPermission(organizationId, environmentId, domain, application, Permission.APPLICATION_FORM, Acl.CREATE).andThen(domainService.findById(domain).switchIfEmpty(Maybe.error(new DomainNotFoundException(domain))).flatMap(irrelevant -> applicationService.findById(application)).switchIfEmpty(Maybe.error(new ApplicationNotFoundException(application))).flatMapSingle(irrelevant -> formService.create(domain, application, newForm, authenticatedUser)).map(form -> Response.created(URI.create("/organizations/" + organizationId + "/environments/" + environmentId + "/domains/" + domain + "/applications/" + application + "/forms/" + form.getId())).entity(form).build())).subscribe(response::resume, response::resume);
}
Also used : ApplicationService(io.gravitee.am.service.ApplicationService) Permission(io.gravitee.am.model.permissions.Permission) Maybe(io.reactivex.Maybe) DomainService(io.gravitee.am.service.DomainService) ApiParam(io.swagger.annotations.ApiParam) Autowired(org.springframework.beans.factory.annotation.Autowired) AbstractResource(io.gravitee.am.management.handlers.management.api.resources.AbstractResource) ApiResponses(io.swagger.annotations.ApiResponses) Valid(javax.validation.Valid) Acl(io.gravitee.am.model.Acl) ApiOperation(io.swagger.annotations.ApiOperation) User(io.gravitee.am.identityprovider.api.User) Form(io.gravitee.am.model.Form) ReferenceType(io.gravitee.am.model.ReferenceType) Api(io.swagger.annotations.Api) URI(java.net.URI) NewForm(io.gravitee.am.service.model.NewForm) Context(javax.ws.rs.core.Context) AsyncResponse(javax.ws.rs.container.AsyncResponse) DomainNotFoundException(io.gravitee.am.service.exception.DomainNotFoundException) NotNull(javax.validation.constraints.NotNull) Suspended(javax.ws.rs.container.Suspended) MediaType(io.gravitee.common.http.MediaType) javax.ws.rs(javax.ws.rs) Response(javax.ws.rs.core.Response) Template(io.gravitee.am.model.Template) ApiResponse(io.swagger.annotations.ApiResponse) ResourceContext(javax.ws.rs.container.ResourceContext) FormService(io.gravitee.am.service.FormService) ApplicationNotFoundException(io.gravitee.am.service.exception.ApplicationNotFoundException) User(io.gravitee.am.identityprovider.api.User) ApplicationNotFoundException(io.gravitee.am.service.exception.ApplicationNotFoundException) DomainNotFoundException(io.gravitee.am.service.exception.DomainNotFoundException) ApiOperation(io.swagger.annotations.ApiOperation) ApiResponses(io.swagger.annotations.ApiResponses)

Example 2 with Permission

use of io.gravitee.am.model.permissions.Permission in project gravitee-access-management by gravitee-io.

the class ApplicationMembersResource method permissions.

@GET
@Path("permissions")
@Produces(MediaType.APPLICATION_JSON)
@ApiOperation(value = "List application member's permissions", notes = "User must have APPLICATION[READ] permission on the specified application " + "or APPLICATION[READ] permission on the specified domain " + "or APPLICATION[READ] permission on the specified environment " + "or APPLICATION[READ] permission on the specified organization")
@ApiResponses({ @ApiResponse(code = 200, message = "Application member's permissions", response = List.class), @ApiResponse(code = 500, message = "Internal server error") })
public void permissions(@PathParam("organizationId") String organizationId, @PathParam("environmentId") String environmentId, @PathParam("domain") String domain, @PathParam("application") String application, @Suspended final AsyncResponse response) {
    final User authenticatedUser = getAuthenticatedUser();
    checkAnyPermission(organizationId, environmentId, domain, application, Permission.APPLICATION, Acl.READ).andThen(permissionService.findAllPermissions(authenticatedUser, ReferenceType.APPLICATION, application).map(Permission::flatten)).subscribe(response::resume, response::resume);
}
Also used : User(io.gravitee.am.identityprovider.api.User) Permission(io.gravitee.am.model.permissions.Permission) ApiOperation(io.swagger.annotations.ApiOperation) ApiResponses(io.swagger.annotations.ApiResponses)

Example 3 with Permission

use of io.gravitee.am.model.permissions.Permission in project gravitee-access-management by gravitee-io.

the class ApplicationMembersResource method addOrUpdateMember.

@POST
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@ApiOperation(value = "Add or update an application member", notes = "User must have APPLICATION_MEMBER[CREATE] permission on the specified application " + "or APPLICATION_MEMBER[CREATE] permission on the specified domain " + "or APPLICATION_MEMBER[CREATE] permission on the specified environment " + "or APPLICATION_MEMBER[CREATE] permission on the specified organization")
@ApiResponses({ @ApiResponse(code = 201, message = "Member has been added or updated successfully"), @ApiResponse(code = 400, message = "Membership parameter is not valid"), @ApiResponse(code = 500, message = "Internal server error") })
public void addOrUpdateMember(@PathParam("organizationId") String organizationId, @PathParam("environmentId") String environmentId, @PathParam("domain") String domain, @PathParam("application") String application, @Valid @NotNull NewMembership newMembership, @Suspended final AsyncResponse response) {
    final User authenticatedUser = getAuthenticatedUser();
    final Membership membership = convert(newMembership);
    membership.setDomain(domain);
    membership.setReferenceId(application);
    membership.setReferenceType(ReferenceType.APPLICATION);
    checkAnyPermission(organizationId, environmentId, domain, application, Permission.APPLICATION_MEMBER, Acl.CREATE).andThen(domainService.findById(domain).switchIfEmpty(Maybe.error(new DomainNotFoundException(domain))).flatMap(__ -> applicationService.findById(application)).switchIfEmpty(Maybe.error(new ApplicationNotFoundException(application))).flatMapSingle(__ -> membershipService.addOrUpdate(organizationId, membership, authenticatedUser)).flatMap(membership1 -> membershipService.addDomainUserRoleIfNecessary(organizationId, environmentId, domain, newMembership, authenticatedUser).andThen(Single.just(Response.created(URI.create("/organizations/" + organizationId + "/environments/" + environmentId + "/domains/" + domain + "/applications/" + application + "/members/" + membership1.getId())).entity(membership1).build())))).subscribe(response::resume, response::resume);
}
Also used : ApplicationService(io.gravitee.am.service.ApplicationService) Arrays(java.util.Arrays) Completable(io.reactivex.Completable) Permission(io.gravitee.am.model.permissions.Permission) Maybe(io.reactivex.Maybe) DomainService(io.gravitee.am.service.DomainService) Autowired(org.springframework.beans.factory.annotation.Autowired) MembershipListItem(io.gravitee.am.management.handlers.management.api.model.MembershipListItem) AbstractResource(io.gravitee.am.management.handlers.management.api.resources.AbstractResource) ApiResponses(io.swagger.annotations.ApiResponses) Single(io.reactivex.Single) Valid(javax.validation.Valid) Acl(io.gravitee.am.model.Acl) ApiOperation(io.swagger.annotations.ApiOperation) User(io.gravitee.am.identityprovider.api.User) NewMembership(io.gravitee.am.service.model.NewMembership) ReferenceType(io.gravitee.am.model.ReferenceType) MembershipCriteria(io.gravitee.am.repository.management.api.search.MembershipCriteria) URI(java.net.URI) MembershipService(io.gravitee.am.service.MembershipService) RoleService(io.gravitee.am.service.RoleService) Context(javax.ws.rs.core.Context) MemberType(io.gravitee.am.model.membership.MemberType) AsyncResponse(javax.ws.rs.container.AsyncResponse) DefaultRole(io.gravitee.am.model.permissions.DefaultRole) Membership(io.gravitee.am.model.Membership) DomainNotFoundException(io.gravitee.am.service.exception.DomainNotFoundException) NotNull(javax.validation.constraints.NotNull) Suspended(javax.ws.rs.container.Suspended) List(java.util.List) MediaType(io.gravitee.common.http.MediaType) javax.ws.rs(javax.ws.rs) Response(javax.ws.rs.core.Response) ApiResponse(io.swagger.annotations.ApiResponse) ResourceContext(javax.ws.rs.container.ResourceContext) ApplicationNotFoundException(io.gravitee.am.service.exception.ApplicationNotFoundException) User(io.gravitee.am.identityprovider.api.User) ApplicationNotFoundException(io.gravitee.am.service.exception.ApplicationNotFoundException) NewMembership(io.gravitee.am.service.model.NewMembership) Membership(io.gravitee.am.model.Membership) DomainNotFoundException(io.gravitee.am.service.exception.DomainNotFoundException) ApiOperation(io.swagger.annotations.ApiOperation) ApiResponses(io.swagger.annotations.ApiResponses)

Example 4 with Permission

use of io.gravitee.am.model.permissions.Permission in project gravitee-access-management by gravitee-io.

the class ApplicationResource method get.

@GET
@Produces(MediaType.APPLICATION_JSON)
@ApiOperation(value = "Get an application", notes = "User must have the APPLICATION[READ] permission on the specified application " + "or APPLICATION[READ] permission on the specified domain " + "or APPLICATION[READ] permission on the specified environment " + "or APPLICATION[READ] permission on the specified organization. " + "Application will be filtered according to permissions (READ on APPLICATION_IDENTITY_PROVIDER, " + "APPLICATION_CERTIFICATE, APPLICATION_METADATA, APPLICATION_USER_ACCOUNT, APPLICATION_SETTINGS)")
@ApiResponses({ @ApiResponse(code = 200, message = "Application", response = Application.class), @ApiResponse(code = 500, message = "Internal server error") })
public void get(@PathParam("organizationId") String organizationId, @PathParam("environmentId") String environmentId, @PathParam("domain") String domain, @PathParam("application") String application, @Suspended final AsyncResponse response) {
    final User authenticatedUser = getAuthenticatedUser();
    checkAnyPermission(organizationId, environmentId, domain, application, Permission.APPLICATION, Acl.READ).andThen(domainService.findById(domain).switchIfEmpty(Maybe.error(new DomainNotFoundException(domain))).flatMap(irrelevant -> applicationService.findById(application)).switchIfEmpty(Maybe.error(new ApplicationNotFoundException(application))).flatMapSingle(app -> findAllPermissions(authenticatedUser, organizationId, environmentId, domain, application).map(userPermissions -> filterApplicationInfos(app, userPermissions)))).map(application1 -> {
        if (!application1.getDomain().equalsIgnoreCase(domain)) {
            throw new BadRequestException("Application does not belong to domain");
        }
        return Response.ok(application1).build();
    }).subscribe(response::resume, t -> response.resume(t));
}
Also used : ApplicationService(io.gravitee.am.service.ApplicationService) PatchApplicationType(io.gravitee.am.service.model.PatchApplicationType) PathParam(javax.ws.rs.PathParam) Produces(javax.ws.rs.Produces) GET(javax.ws.rs.GET) Completable(io.reactivex.Completable) Permission(io.gravitee.am.model.permissions.Permission) Maybe(io.reactivex.Maybe) Path(javax.ws.rs.Path) DomainService(io.gravitee.am.service.DomainService) ApiParam(io.swagger.annotations.ApiParam) Autowired(org.springframework.beans.factory.annotation.Autowired) Application(io.gravitee.am.model.Application) AbstractResource(io.gravitee.am.management.handlers.management.api.resources.AbstractResource) ApplicationSettings(io.gravitee.am.model.application.ApplicationSettings) ApiResponses(io.swagger.annotations.ApiResponses) PatchApplication(io.gravitee.am.service.model.PatchApplication) Valid(javax.validation.Valid) Acl(io.gravitee.am.model.Acl) ApiOperation(io.swagger.annotations.ApiOperation) Consumes(javax.ws.rs.Consumes) User(io.gravitee.am.identityprovider.api.User) Map(java.util.Map) ReferenceType(io.gravitee.am.model.ReferenceType) BadRequestException(javax.ws.rs.BadRequestException) PATCH(javax.ws.rs.PATCH) DELETE(javax.ws.rs.DELETE) POST(javax.ws.rs.POST) Context(javax.ws.rs.core.Context) AsyncResponse(javax.ws.rs.container.AsyncResponse) Set(java.util.Set) DomainNotFoundException(io.gravitee.am.service.exception.DomainNotFoundException) NotNull(javax.validation.constraints.NotNull) Suspended(javax.ws.rs.container.Suspended) Collectors(java.util.stream.Collectors) MediaType(io.gravitee.common.http.MediaType) Response(javax.ws.rs.core.Response) ApiResponse(io.swagger.annotations.ApiResponse) ResourceContext(javax.ws.rs.container.ResourceContext) PUT(javax.ws.rs.PUT) ApplicationNotFoundException(io.gravitee.am.service.exception.ApplicationNotFoundException) User(io.gravitee.am.identityprovider.api.User) ApplicationNotFoundException(io.gravitee.am.service.exception.ApplicationNotFoundException) BadRequestException(javax.ws.rs.BadRequestException) DomainNotFoundException(io.gravitee.am.service.exception.DomainNotFoundException) Produces(javax.ws.rs.Produces) GET(javax.ws.rs.GET) ApiOperation(io.swagger.annotations.ApiOperation) ApiResponses(io.swagger.annotations.ApiResponses)

Example 5 with Permission

use of io.gravitee.am.model.permissions.Permission in project gravitee-access-management by gravitee-io.

the class ApplicationEmailsResource method create.

@POST
@Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_JSON)
@ApiOperation(value = "Create a email for an application", notes = "User must have APPLICATION_EMAIL_TEMPLATE[CREATE] permission on the specified application " + "or APPLICATION_EMAIL_TEMPLATE[CREATE] permission on the specified domain " + "or APPLICATION_EMAIL_TEMPLATE[CREATE] permission on the specified environment " + "or APPLICATION_EMAIL_TEMPLATE[CREATE] permission on the specified organization")
@ApiResponses({ @ApiResponse(code = 201, message = "Email successfully created"), @ApiResponse(code = 500, message = "Internal server error") })
public void create(@PathParam("organizationId") String organizationId, @PathParam("environmentId") String environmentId, @PathParam("domain") String domain, @PathParam("application") String application, @ApiParam(name = "email", required = true) @Valid @NotNull final NewEmail newEmail, @Suspended final AsyncResponse response) {
    final User authenticatedUser = getAuthenticatedUser();
    checkAnyPermission(organizationId, environmentId, domain, Permission.APPLICATION_EMAIL_TEMPLATE, Acl.CREATE).andThen(domainService.findById(domain).switchIfEmpty(Maybe.error(new DomainNotFoundException(domain))).flatMap(irrelevant -> applicationService.findById(application)).switchIfEmpty(Maybe.error(new ApplicationNotFoundException(application))).flatMapSingle(__ -> emailTemplateService.create(domain, application, newEmail, authenticatedUser)).map(email -> Response.created(URI.create("/organizations/" + organizationId + "/environments/" + environmentId + "/domains/" + domain + "/applications/" + application + "/emails/" + email.getId())).entity(email).build())).subscribe(response::resume, response::resume);
}
Also used : ApplicationService(io.gravitee.am.service.ApplicationService) Permission(io.gravitee.am.model.permissions.Permission) Maybe(io.reactivex.Maybe) DomainService(io.gravitee.am.service.DomainService) Autowired(org.springframework.beans.factory.annotation.Autowired) AbstractResource(io.gravitee.am.management.handlers.management.api.resources.AbstractResource) Valid(javax.validation.Valid) Acl(io.gravitee.am.model.Acl) User(io.gravitee.am.identityprovider.api.User) io.swagger.annotations(io.swagger.annotations) URI(java.net.URI) Email(io.gravitee.am.model.Email) Context(javax.ws.rs.core.Context) AsyncResponse(javax.ws.rs.container.AsyncResponse) EmailTemplateService(io.gravitee.am.service.EmailTemplateService) DomainNotFoundException(io.gravitee.am.service.exception.DomainNotFoundException) NotNull(javax.validation.constraints.NotNull) Suspended(javax.ws.rs.container.Suspended) NewEmail(io.gravitee.am.service.model.NewEmail) MediaType(io.gravitee.common.http.MediaType) javax.ws.rs(javax.ws.rs) Response(javax.ws.rs.core.Response) Template(io.gravitee.am.model.Template) ResourceContext(javax.ws.rs.container.ResourceContext) ApplicationNotFoundException(io.gravitee.am.service.exception.ApplicationNotFoundException) User(io.gravitee.am.identityprovider.api.User) ApplicationNotFoundException(io.gravitee.am.service.exception.ApplicationNotFoundException) DomainNotFoundException(io.gravitee.am.service.exception.DomainNotFoundException)

Aggregations

Permission (io.gravitee.am.model.permissions.Permission)56 Acl (io.gravitee.am.model.Acl)49 AsyncResponse (javax.ws.rs.container.AsyncResponse)49 Suspended (javax.ws.rs.container.Suspended)49 Autowired (org.springframework.beans.factory.annotation.Autowired)49 User (io.gravitee.am.identityprovider.api.User)47 MediaType (io.gravitee.common.http.MediaType)47 AbstractResource (io.gravitee.am.management.handlers.management.api.resources.AbstractResource)44 Response (javax.ws.rs.core.Response)41 javax.ws.rs (javax.ws.rs)40 Maybe (io.reactivex.Maybe)39 ResourceContext (javax.ws.rs.container.ResourceContext)39 Context (javax.ws.rs.core.Context)39 DomainService (io.gravitee.am.service.DomainService)38 DomainNotFoundException (io.gravitee.am.service.exception.DomainNotFoundException)37 Valid (javax.validation.Valid)36 NotNull (javax.validation.constraints.NotNull)36 ReferenceType (io.gravitee.am.model.ReferenceType)30 ApiOperation (io.swagger.annotations.ApiOperation)30 ApiResponses (io.swagger.annotations.ApiResponses)30