Search in sources :

Example 6 with Permission

use of io.gravitee.am.model.permissions.Permission in project gravitee-access-management by gravitee-io.

the class ApplicationFlowsResource method list.

@GET
@Produces(MediaType.APPLICATION_JSON)
@ApiOperation(value = "List registered flows for an application", notes = "User must have the APPLICATION_FLOW[LIST] permission on the specified domain " + "or APPLICATION_FLOW[LIST] permission on the specified environment " + "or APPLICATION_FLOW[LIST] permission on the specified organization. " + "Except if user has APPLICATION_FLOW[READ] permission on the domain, environment or organization, each returned flow is filtered and contains only basic information such as id and name and isEnabled.")
@ApiResponses({ @ApiResponse(code = 200, message = "List registered flows for an application", response = FlowEntity.class, responseContainer = "List"), @ApiResponse(code = 500, message = "Internal server error") })
public void list(@PathParam("organizationId") String organizationId, @PathParam("environmentId") String environmentId, @PathParam("domain") String domain, @PathParam("application") String application, @Suspended final AsyncResponse response) {
    User authenticatedUser = getAuthenticatedUser();
    checkAnyPermission(organizationId, environmentId, domain, Permission.APPLICATION_FLOW, Acl.LIST).andThen(hasAnyPermission(authenticatedUser, organizationId, environmentId, domain, Permission.APPLICATION_FLOW, Acl.READ).flatMapPublisher(hasPermission -> flowService.findByApplication(ReferenceType.DOMAIN, domain, application).map(flow -> filterFlowInfos(hasPermission, flow))).toList()).subscribe(response::resume, response::resume);
}
Also used : Permission(io.gravitee.am.model.permissions.Permission) Maybe(io.reactivex.Maybe) DomainService(io.gravitee.am.service.DomainService) ApiParam(io.swagger.annotations.ApiParam) Autowired(org.springframework.beans.factory.annotation.Autowired) AbstractResource(io.gravitee.am.management.handlers.management.api.resources.AbstractResource) ApiResponses(io.swagger.annotations.ApiResponses) Valid(javax.validation.Valid) Acl(io.gravitee.am.model.Acl) ApiOperation(io.swagger.annotations.ApiOperation) User(io.gravitee.am.identityprovider.api.User) ReferenceType(io.gravitee.am.model.ReferenceType) Context(javax.ws.rs.core.Context) AsyncResponse(javax.ws.rs.container.AsyncResponse) FlowService(io.gravitee.am.service.FlowService) DomainNotFoundException(io.gravitee.am.service.exception.DomainNotFoundException) NotNull(javax.validation.constraints.NotNull) Suspended(javax.ws.rs.container.Suspended) Collectors(java.util.stream.Collectors) List(java.util.List) MediaType(io.gravitee.common.http.MediaType) javax.ws.rs(javax.ws.rs) ApiResponse(io.swagger.annotations.ApiResponse) ResourceContext(javax.ws.rs.container.ResourceContext) Flow(io.gravitee.am.model.flow.Flow) FlowEntity(io.gravitee.am.management.handlers.management.api.model.FlowEntity) User(io.gravitee.am.identityprovider.api.User) ApiOperation(io.swagger.annotations.ApiOperation) ApiResponses(io.swagger.annotations.ApiResponses)

Example 7 with Permission

use of io.gravitee.am.model.permissions.Permission in project gravitee-access-management by gravitee-io.

the class ApplicationsResource method createApplication.

@POST
@Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_JSON)
@ApiOperation(value = "Create an application", notes = "User must have APPLICATION[CREATE] permission on the specified domain " + "or APPLICATION[CREATE] permission on the specified environment " + "or APPLICATION[CREATE] permission on the specified organization")
@ApiResponses({ @ApiResponse(code = 201, message = "Application successfully created"), @ApiResponse(code = 500, message = "Internal server error") })
public void createApplication(@PathParam("organizationId") String organizationId, @PathParam("environmentId") String environmentId, @PathParam("domain") String domain, @ApiParam(name = "application", required = true) @Valid @NotNull final NewApplication newApplication, @Suspended final AsyncResponse response) {
    final User authenticatedUser = getAuthenticatedUser();
    checkAnyPermission(organizationId, environmentId, domain, Permission.APPLICATION, Acl.CREATE).andThen(domainService.findById(domain).switchIfEmpty(Maybe.error(new DomainNotFoundException(domain))).flatMapSingle(__ -> applicationService.create(domain, newApplication, authenticatedUser).map(application -> Response.created(URI.create("/organizations/" + organizationId + "/environments/" + environmentId + "/domains/" + domain + "/applications/" + application.getId())).entity(application).build()))).subscribe(response::resume, response::resume);
}
Also used : ApplicationService(io.gravitee.am.service.ApplicationService) Permission(io.gravitee.am.model.permissions.Permission) Maybe(io.reactivex.Maybe) DomainService(io.gravitee.am.service.DomainService) Autowired(org.springframework.beans.factory.annotation.Autowired) Application(io.gravitee.am.model.Application) AbstractResource(io.gravitee.am.management.handlers.management.api.resources.AbstractResource) Valid(javax.validation.Valid) Acl(io.gravitee.am.model.Acl) Flowable(io.reactivex.Flowable) User(io.gravitee.am.identityprovider.api.User) ReferenceType(io.gravitee.am.model.ReferenceType) io.swagger.annotations(io.swagger.annotations) URI(java.net.URI) Page(io.gravitee.am.model.common.Page) Context(javax.ws.rs.core.Context) Permissions.of(io.gravitee.am.management.service.permissions.Permissions.of) NewApplication(io.gravitee.am.service.model.NewApplication) AsyncResponse(javax.ws.rs.container.AsyncResponse) DomainNotFoundException(io.gravitee.am.service.exception.DomainNotFoundException) NotNull(javax.validation.constraints.NotNull) Suspended(javax.ws.rs.container.Suspended) Collectors(java.util.stream.Collectors) List(java.util.List) MediaType(io.gravitee.common.http.MediaType) javax.ws.rs(javax.ws.rs) Response(javax.ws.rs.core.Response) ResourceContext(javax.ws.rs.container.ResourceContext) Permissions.or(io.gravitee.am.management.service.permissions.Permissions.or) User(io.gravitee.am.identityprovider.api.User) DomainNotFoundException(io.gravitee.am.service.exception.DomainNotFoundException)

Example 8 with Permission

use of io.gravitee.am.model.permissions.Permission in project gravitee-access-management by gravitee-io.

the class ApplicationsResource method list.

@GET
@Produces(MediaType.APPLICATION_JSON)
@ApiOperation(value = "List registered applications for a security domain", notes = "User must have the APPLICATION[LIST] permission on the specified domain, environment or organization " + "AND either APPLICATION[READ] permission on each domain's application " + "or APPLICATION[READ] permission on the specified domain " + "or APPLICATION[READ] permission on the specified environment " + "or APPLICATION[READ] permission on the specified organization. " + "Each returned application is filtered and contains only basic information such as id, name, description and isEnabled.")
@ApiResponses({ @ApiResponse(code = 200, message = "List registered applications for a security domain", response = Application.class, responseContainer = "List"), @ApiResponse(code = 500, message = "Internal server error") })
public void list(@PathParam("organizationId") String organizationId, @PathParam("environmentId") String environmentId, @PathParam("domain") String domain, @QueryParam("page") @DefaultValue("0") int page, @QueryParam("size") @DefaultValue(MAX_APPLICATIONS_SIZE_PER_PAGE_STRING) int size, @QueryParam("q") String query, @Suspended final AsyncResponse response) {
    final User authenticatedUser = getAuthenticatedUser();
    checkAnyPermission(organizationId, environmentId, domain, Permission.APPLICATION, Acl.LIST).andThen(domainService.findById(domain).switchIfEmpty(Maybe.error(new DomainNotFoundException(domain))).flatMapSingle(__ -> {
        if (query != null) {
            return applicationService.search(domain, query, 0, Integer.MAX_VALUE);
        } else {
            return applicationService.findByDomain(domain, 0, Integer.MAX_VALUE);
        }
    }).flatMap(pagedApplications -> Maybe.concat(pagedApplications.getData().stream().map(application -> hasAnyPermission(authenticatedUser, organizationId, environmentId, domain, application.getId(), Permission.APPLICATION, Acl.READ).filter(Boolean::booleanValue).map(__ -> filterApplicationInfos(application))).collect(Collectors.toList())).sorted((a1, a2) -> a2.getUpdatedAt().compareTo(a1.getUpdatedAt())).toList().map(applications -> new Page<>(applications.stream().skip(page * size).limit(size).collect(Collectors.toList()), page, applications.size())))).subscribe(response::resume, response::resume);
}
Also used : ApplicationService(io.gravitee.am.service.ApplicationService) Permission(io.gravitee.am.model.permissions.Permission) Maybe(io.reactivex.Maybe) DomainService(io.gravitee.am.service.DomainService) Autowired(org.springframework.beans.factory.annotation.Autowired) Application(io.gravitee.am.model.Application) AbstractResource(io.gravitee.am.management.handlers.management.api.resources.AbstractResource) Valid(javax.validation.Valid) Acl(io.gravitee.am.model.Acl) Flowable(io.reactivex.Flowable) User(io.gravitee.am.identityprovider.api.User) ReferenceType(io.gravitee.am.model.ReferenceType) io.swagger.annotations(io.swagger.annotations) URI(java.net.URI) Page(io.gravitee.am.model.common.Page) Context(javax.ws.rs.core.Context) Permissions.of(io.gravitee.am.management.service.permissions.Permissions.of) NewApplication(io.gravitee.am.service.model.NewApplication) AsyncResponse(javax.ws.rs.container.AsyncResponse) DomainNotFoundException(io.gravitee.am.service.exception.DomainNotFoundException) NotNull(javax.validation.constraints.NotNull) Suspended(javax.ws.rs.container.Suspended) Collectors(java.util.stream.Collectors) List(java.util.List) MediaType(io.gravitee.common.http.MediaType) javax.ws.rs(javax.ws.rs) Response(javax.ws.rs.core.Response) ResourceContext(javax.ws.rs.container.ResourceContext) Permissions.or(io.gravitee.am.management.service.permissions.Permissions.or) User(io.gravitee.am.identityprovider.api.User) DomainNotFoundException(io.gravitee.am.service.exception.DomainNotFoundException) Page(io.gravitee.am.model.common.Page)

Example 9 with Permission

use of io.gravitee.am.model.permissions.Permission in project gravitee-access-management by gravitee-io.

the class AuthenticationDeviceNotifiersResource method create.

@POST
@Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_JSON)
@ApiOperation(value = "Create an Authentication Device Notifier", notes = "User must have the DOMAIN_AUTHDEVICE_NOTIFIER[CREATE] permission on the specified domain " + "or DOMAIN_AUTHDEVICE_NOTIFIER[CREATE] permission on the specified environment " + "or DOMAIN_AUTHDEVICE_NOTIFIER[CREATE] permission on the specified organization")
@ApiResponses({ @ApiResponse(code = 201, message = "Authentication Device Notifier successfully created"), @ApiResponse(code = 500, message = "Internal server error") })
public void create(@PathParam("organizationId") String organizationId, @PathParam("environmentId") String environmentId, @PathParam("domain") String domain, @ApiParam(name = "notifier", required = true) @Valid @NotNull final NewAuthenticationDeviceNotifier newDeviceNotifier, @Suspended final AsyncResponse response) {
    final User authenticatedUser = getAuthenticatedUser();
    checkAnyPermission(organizationId, environmentId, domain, Permission.DOMAIN_AUTHDEVICE_NOTIFIER, Acl.CREATE).andThen(domainService.findById(domain).switchIfEmpty(Maybe.error(new DomainNotFoundException(domain))).flatMapSingle(__ -> authDeviceNotifierService.create(domain, newDeviceNotifier, authenticatedUser)).map(deviceNotifier -> Response.created(URI.create("/organizations/" + organizationId + "/environments/" + environmentId + "/domains/" + domain + "/auth-device-notifiers/" + deviceNotifier.getId())).entity(deviceNotifier).build())).subscribe(response::resume, response::resume);
}
Also used : Context(javax.ws.rs.core.Context) NewBotDetection(io.gravitee.am.service.model.NewBotDetection) AsyncResponse(javax.ws.rs.container.AsyncResponse) Permission(io.gravitee.am.model.permissions.Permission) Maybe(io.reactivex.Maybe) DomainService(io.gravitee.am.service.DomainService) Autowired(org.springframework.beans.factory.annotation.Autowired) AbstractResource(io.gravitee.am.management.handlers.management.api.resources.AbstractResource) DomainNotFoundException(io.gravitee.am.service.exception.DomainNotFoundException) NotNull(javax.validation.constraints.NotNull) AuthenticationDeviceNotifier(io.gravitee.am.model.AuthenticationDeviceNotifier) Suspended(javax.ws.rs.container.Suspended) Valid(javax.validation.Valid) Acl(io.gravitee.am.model.Acl) AuthenticationDeviceNotifierService(io.gravitee.am.service.AuthenticationDeviceNotifierService) MediaType(io.gravitee.common.http.MediaType) javax.ws.rs(javax.ws.rs) Response(javax.ws.rs.core.Response) User(io.gravitee.am.identityprovider.api.User) ResourceContext(javax.ws.rs.container.ResourceContext) io.swagger.annotations(io.swagger.annotations) NewAuthenticationDeviceNotifier(io.gravitee.am.service.model.NewAuthenticationDeviceNotifier) URI(java.net.URI) BotDetection(io.gravitee.am.model.BotDetection) User(io.gravitee.am.identityprovider.api.User) DomainNotFoundException(io.gravitee.am.service.exception.DomainNotFoundException)

Example 10 with Permission

use of io.gravitee.am.model.permissions.Permission in project gravitee-access-management by gravitee-io.

the class AuditsResource method list.

@GET
@Produces(MediaType.APPLICATION_JSON)
@ApiOperation(value = "List audit logs for the organization", notes = "User must have the ORGANIZATION_AUDIT[LIST] permission on the specified organization. " + "Except if user has ORGANIZATION_AUDIT[READ] permission on the organization, each returned audit is filtered and contains only basic information such as id, date, event, actor, target and status.")
@ApiResponses({ @ApiResponse(code = 200, message = "List audit logs for the platform", response = Audit.class, responseContainer = "List"), @ApiResponse(code = 500, message = "Internal server error") })
public void list(@PathParam("organizationId") String organizationId, @BeanParam AuditParam param, @Suspended final AsyncResponse response) {
    AuditReportableCriteria.Builder queryBuilder = new AuditReportableCriteria.Builder().from(param.getFrom()).to(param.getTo()).status(param.getStatus()).user(param.getUser());
    if (param.getType() != null) {
        queryBuilder.types(Collections.singletonList(param.getType()));
    }
    User authenticatedUser = getAuthenticatedUser();
    checkPermission(ReferenceType.ORGANIZATION, organizationId, Permission.ORGANIZATION_AUDIT, Acl.LIST).andThen(auditService.search(ReferenceType.ORGANIZATION, organizationId, queryBuilder.build(), param.getPage(), param.getSize()).flatMap(auditPage -> hasPermission(authenticatedUser, ReferenceType.ORGANIZATION, organizationId, Permission.ORGANIZATION_AUDIT, Acl.READ).map(hasPermission -> {
        if (hasPermission) {
            return auditPage;
        } else {
            return new Page<>(auditPage.getData().stream().map(FilterUtils::filterAuditInfos).collect(Collectors.toList()), auditPage.getCurrentPage(), auditPage.getTotalCount());
        }
    }))).subscribe(response::resume, response::resume);
}
Also used : Permission(io.gravitee.am.model.permissions.Permission) DomainService(io.gravitee.am.service.DomainService) Autowired(org.springframework.beans.factory.annotation.Autowired) AbstractResource(io.gravitee.am.management.handlers.management.api.resources.AbstractResource) ApiResponses(io.swagger.annotations.ApiResponses) Single(io.reactivex.Single) Acl(io.gravitee.am.model.Acl) ApiOperation(io.swagger.annotations.ApiOperation) User(io.gravitee.am.identityprovider.api.User) ReferenceType(io.gravitee.am.model.ReferenceType) Api(io.swagger.annotations.Api) AuditService(io.gravitee.am.management.service.AuditService) Page(io.gravitee.am.model.common.Page) Context(javax.ws.rs.core.Context) AsyncResponse(javax.ws.rs.container.AsyncResponse) EventType(io.gravitee.am.common.audit.EventType) AuditOutcome(io.gravitee.am.reporter.api.audit.model.AuditOutcome) Suspended(javax.ws.rs.container.Suspended) Collectors(java.util.stream.Collectors) AuditReportableCriteria(io.gravitee.am.reporter.api.audit.AuditReportableCriteria) MediaType(io.gravitee.common.http.MediaType) javax.ws.rs(javax.ws.rs) Response(javax.ws.rs.core.Response) AuditParam(io.gravitee.am.management.handlers.management.api.model.AuditParam) ApiResponse(io.swagger.annotations.ApiResponse) ResourceContext(javax.ws.rs.container.ResourceContext) FilterUtils(io.gravitee.am.management.handlers.management.api.resources.utils.FilterUtils) AuditEntity(io.gravitee.am.reporter.api.audit.model.AuditEntity) Collections(java.util.Collections) Audit(io.gravitee.am.reporter.api.audit.model.Audit) User(io.gravitee.am.identityprovider.api.User) AuditReportableCriteria(io.gravitee.am.reporter.api.audit.AuditReportableCriteria) ApiOperation(io.swagger.annotations.ApiOperation) ApiResponses(io.swagger.annotations.ApiResponses)

Aggregations

Permission (io.gravitee.am.model.permissions.Permission)56 Acl (io.gravitee.am.model.Acl)49 AsyncResponse (javax.ws.rs.container.AsyncResponse)49 Suspended (javax.ws.rs.container.Suspended)49 Autowired (org.springframework.beans.factory.annotation.Autowired)49 User (io.gravitee.am.identityprovider.api.User)47 MediaType (io.gravitee.common.http.MediaType)47 AbstractResource (io.gravitee.am.management.handlers.management.api.resources.AbstractResource)44 Response (javax.ws.rs.core.Response)41 javax.ws.rs (javax.ws.rs)40 Maybe (io.reactivex.Maybe)39 ResourceContext (javax.ws.rs.container.ResourceContext)39 Context (javax.ws.rs.core.Context)39 DomainService (io.gravitee.am.service.DomainService)38 DomainNotFoundException (io.gravitee.am.service.exception.DomainNotFoundException)37 Valid (javax.validation.Valid)36 NotNull (javax.validation.constraints.NotNull)36 ReferenceType (io.gravitee.am.model.ReferenceType)30 ApiOperation (io.swagger.annotations.ApiOperation)30 ApiResponses (io.swagger.annotations.ApiResponses)30