use of io.gravitee.am.model.permissions.Permission in project gravitee-access-management by gravitee-io.
the class ApplicationFormsResource method create.
@POST
@Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_JSON)
@ApiOperation(value = "Create a form for an application", notes = "User must have APPLICATION_FORM[CREATE] permission on the specified application " + "or APPLICATION_FORM[CREATE] permission on the specified domain " + "or APPLICATION_FORM[CREATE] permission on the specified environment " + "or APPLICATION_FORM[CREATE] permission on the specified organization")
@ApiResponses({ @ApiResponse(code = 201, message = "Form successfully created"), @ApiResponse(code = 500, message = "Internal server error") })
public void create(@PathParam("organizationId") String organizationId, @PathParam("environmentId") String environmentId, @PathParam("domain") String domain, @PathParam("application") String application, @ApiParam(name = "email", required = true) @Valid @NotNull final NewForm newForm, @Suspended final AsyncResponse response) {
final User authenticatedUser = getAuthenticatedUser();
checkAnyPermission(organizationId, environmentId, domain, application, Permission.APPLICATION_FORM, Acl.CREATE).andThen(domainService.findById(domain).switchIfEmpty(Maybe.error(new DomainNotFoundException(domain))).flatMap(irrelevant -> applicationService.findById(application)).switchIfEmpty(Maybe.error(new ApplicationNotFoundException(application))).flatMapSingle(irrelevant -> formService.create(domain, application, newForm, authenticatedUser)).map(form -> Response.created(URI.create("/organizations/" + organizationId + "/environments/" + environmentId + "/domains/" + domain + "/applications/" + application + "/forms/" + form.getId())).entity(form).build())).subscribe(response::resume, response::resume);
}
use of io.gravitee.am.model.permissions.Permission in project gravitee-access-management by gravitee-io.
the class ApplicationMembersResource method permissions.
@GET
@Path("permissions")
@Produces(MediaType.APPLICATION_JSON)
@ApiOperation(value = "List application member's permissions", notes = "User must have APPLICATION[READ] permission on the specified application " + "or APPLICATION[READ] permission on the specified domain " + "or APPLICATION[READ] permission on the specified environment " + "or APPLICATION[READ] permission on the specified organization")
@ApiResponses({ @ApiResponse(code = 200, message = "Application member's permissions", response = List.class), @ApiResponse(code = 500, message = "Internal server error") })
public void permissions(@PathParam("organizationId") String organizationId, @PathParam("environmentId") String environmentId, @PathParam("domain") String domain, @PathParam("application") String application, @Suspended final AsyncResponse response) {
final User authenticatedUser = getAuthenticatedUser();
checkAnyPermission(organizationId, environmentId, domain, application, Permission.APPLICATION, Acl.READ).andThen(permissionService.findAllPermissions(authenticatedUser, ReferenceType.APPLICATION, application).map(Permission::flatten)).subscribe(response::resume, response::resume);
}
use of io.gravitee.am.model.permissions.Permission in project gravitee-access-management by gravitee-io.
the class ApplicationMembersResource method addOrUpdateMember.
@POST
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@ApiOperation(value = "Add or update an application member", notes = "User must have APPLICATION_MEMBER[CREATE] permission on the specified application " + "or APPLICATION_MEMBER[CREATE] permission on the specified domain " + "or APPLICATION_MEMBER[CREATE] permission on the specified environment " + "or APPLICATION_MEMBER[CREATE] permission on the specified organization")
@ApiResponses({ @ApiResponse(code = 201, message = "Member has been added or updated successfully"), @ApiResponse(code = 400, message = "Membership parameter is not valid"), @ApiResponse(code = 500, message = "Internal server error") })
public void addOrUpdateMember(@PathParam("organizationId") String organizationId, @PathParam("environmentId") String environmentId, @PathParam("domain") String domain, @PathParam("application") String application, @Valid @NotNull NewMembership newMembership, @Suspended final AsyncResponse response) {
final User authenticatedUser = getAuthenticatedUser();
final Membership membership = convert(newMembership);
membership.setDomain(domain);
membership.setReferenceId(application);
membership.setReferenceType(ReferenceType.APPLICATION);
checkAnyPermission(organizationId, environmentId, domain, application, Permission.APPLICATION_MEMBER, Acl.CREATE).andThen(domainService.findById(domain).switchIfEmpty(Maybe.error(new DomainNotFoundException(domain))).flatMap(__ -> applicationService.findById(application)).switchIfEmpty(Maybe.error(new ApplicationNotFoundException(application))).flatMapSingle(__ -> membershipService.addOrUpdate(organizationId, membership, authenticatedUser)).flatMap(membership1 -> membershipService.addDomainUserRoleIfNecessary(organizationId, environmentId, domain, newMembership, authenticatedUser).andThen(Single.just(Response.created(URI.create("/organizations/" + organizationId + "/environments/" + environmentId + "/domains/" + domain + "/applications/" + application + "/members/" + membership1.getId())).entity(membership1).build())))).subscribe(response::resume, response::resume);
}
use of io.gravitee.am.model.permissions.Permission in project gravitee-access-management by gravitee-io.
the class ApplicationResource method get.
@GET
@Produces(MediaType.APPLICATION_JSON)
@ApiOperation(value = "Get an application", notes = "User must have the APPLICATION[READ] permission on the specified application " + "or APPLICATION[READ] permission on the specified domain " + "or APPLICATION[READ] permission on the specified environment " + "or APPLICATION[READ] permission on the specified organization. " + "Application will be filtered according to permissions (READ on APPLICATION_IDENTITY_PROVIDER, " + "APPLICATION_CERTIFICATE, APPLICATION_METADATA, APPLICATION_USER_ACCOUNT, APPLICATION_SETTINGS)")
@ApiResponses({ @ApiResponse(code = 200, message = "Application", response = Application.class), @ApiResponse(code = 500, message = "Internal server error") })
public void get(@PathParam("organizationId") String organizationId, @PathParam("environmentId") String environmentId, @PathParam("domain") String domain, @PathParam("application") String application, @Suspended final AsyncResponse response) {
final User authenticatedUser = getAuthenticatedUser();
checkAnyPermission(organizationId, environmentId, domain, application, Permission.APPLICATION, Acl.READ).andThen(domainService.findById(domain).switchIfEmpty(Maybe.error(new DomainNotFoundException(domain))).flatMap(irrelevant -> applicationService.findById(application)).switchIfEmpty(Maybe.error(new ApplicationNotFoundException(application))).flatMapSingle(app -> findAllPermissions(authenticatedUser, organizationId, environmentId, domain, application).map(userPermissions -> filterApplicationInfos(app, userPermissions)))).map(application1 -> {
if (!application1.getDomain().equalsIgnoreCase(domain)) {
throw new BadRequestException("Application does not belong to domain");
}
return Response.ok(application1).build();
}).subscribe(response::resume, t -> response.resume(t));
}
use of io.gravitee.am.model.permissions.Permission in project gravitee-access-management by gravitee-io.
the class ApplicationEmailsResource method create.
@POST
@Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_JSON)
@ApiOperation(value = "Create a email for an application", notes = "User must have APPLICATION_EMAIL_TEMPLATE[CREATE] permission on the specified application " + "or APPLICATION_EMAIL_TEMPLATE[CREATE] permission on the specified domain " + "or APPLICATION_EMAIL_TEMPLATE[CREATE] permission on the specified environment " + "or APPLICATION_EMAIL_TEMPLATE[CREATE] permission on the specified organization")
@ApiResponses({ @ApiResponse(code = 201, message = "Email successfully created"), @ApiResponse(code = 500, message = "Internal server error") })
public void create(@PathParam("organizationId") String organizationId, @PathParam("environmentId") String environmentId, @PathParam("domain") String domain, @PathParam("application") String application, @ApiParam(name = "email", required = true) @Valid @NotNull final NewEmail newEmail, @Suspended final AsyncResponse response) {
final User authenticatedUser = getAuthenticatedUser();
checkAnyPermission(organizationId, environmentId, domain, Permission.APPLICATION_EMAIL_TEMPLATE, Acl.CREATE).andThen(domainService.findById(domain).switchIfEmpty(Maybe.error(new DomainNotFoundException(domain))).flatMap(irrelevant -> applicationService.findById(application)).switchIfEmpty(Maybe.error(new ApplicationNotFoundException(application))).flatMapSingle(__ -> emailTemplateService.create(domain, application, newEmail, authenticatedUser)).map(email -> Response.created(URI.create("/organizations/" + organizationId + "/environments/" + environmentId + "/domains/" + domain + "/applications/" + application + "/emails/" + email.getId())).entity(email).build())).subscribe(response::resume, response::resume);
}
Aggregations