Examples with Permission io.gravitee.am.model.permissions.Permission used on opensource projects

Example 26 with Permission

use of io.gravitee.am.model.permissions.Permission in project gravitee-access-management by gravitee-io.

the class GroupMemberResource method removeMember.

@DELETE
@Produces(MediaType.APPLICATION_JSON)
@ApiOperation(value = "Remove a group member", notes = "User must have the ORGANIZATION_GROUP[UPDATE] permission on the specified organization")
@ApiResponses({ @ApiResponse(code = 200, message = "Member has been removed successfully"), @ApiResponse(code = 400, message = "User does not exist"), @ApiResponse(code = 500, message = "Internal server error") })
public void removeMember(@PathParam("organizationId") String organizationId, @PathParam("group") String group, @PathParam("member") String userId, @Suspended final AsyncResponse response) {
    final io.gravitee.am.identityprovider.api.User authenticatedUser = getAuthenticatedUser();
    checkPermission(ReferenceType.ORGANIZATION, organizationId, Permission.ORGANIZATION_GROUP, Acl.UPDATE).andThen(groupService.findById(ReferenceType.ORGANIZATION, organizationId, group).flatMap(group1 -> userService.findById(ReferenceType.ORGANIZATION, organizationId, userId).flatMap(user -> {
        if (group1.getMembers() == null || !group1.getMembers().contains(userId)) {
            return Single.error(new MemberNotFoundException(userId));
        }
        List<String> groupMembers = group1.getMembers() != null ? new ArrayList(group1.getMembers()) : new ArrayList();
        groupMembers.remove(userId);
        UpdateGroup updateGroup = new UpdateGroup();
        updateGroup.setName(group1.getName());
        updateGroup.setDescription(group1.getDescription());
        updateGroup.setRoles(group1.getRoles());
        updateGroup.setMembers(groupMembers);
        return groupService.update(ReferenceType.ORGANIZATION, organizationId, group, updateGroup, authenticatedUser);
    }))).subscribe(response::resume, response::resume);
}

Example 27 with Permission

use of io.gravitee.am.model.permissions.Permission in project gravitee-access-management by gravitee-io.

the class DomainsResource method get.

@GET
@Path("_hrid/{hrid}")
@Produces(MediaType.APPLICATION_JSON)
@ApiOperation(value = "Get a security domain by hrid", notes = "User must have the DOMAIN[READ] permission on the specified domain, environment or organization. " + "Domain will be filtered according to permissions (READ on DOMAIN_USER_ACCOUNT, DOMAIN_IDENTITY_PROVIDER, DOMAIN_FORM, DOMAIN_LOGIN_SETTINGS, " + "DOMAIN_DCR, DOMAIN_SCIM, DOMAIN_SETTINGS)")
@ApiResponses({ @ApiResponse(code = 200, message = "Domain", response = Domain.class), @ApiResponse(code = 500, message = "Internal server error") })
public void get(@PathParam("organizationId") String organizationId, @PathParam("environmentId") String environmentId, @PathParam("hrid") String hrid, @Suspended final AsyncResponse response) {
    final User authenticatedUser = getAuthenticatedUser();
    domainService.findByHrid(environmentId, hrid).flatMap(domain -> checkAnyPermission(authenticatedUser, organizationId, environmentId, domain.getId(), Permission.DOMAIN, Acl.READ).andThen(Single.defer(() -> findAllPermissions(authenticatedUser, organizationId, environmentId, domain.getId()).map(userPermissions -> filterDomainInfos(domain, userPermissions))))).subscribe(response::resume, response::resume);
}

Example 28 with Permission

use of io.gravitee.am.model.permissions.Permission in project gravitee-access-management by gravitee-io.

the class EmailsResource method create.

@POST
@Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_JSON)
@ApiOperation(value = "Create a email", notes = "User must have the DOMAIN_EMAIL_TEMPLATE[CREATE] permission on the specified domain " + "or DOMAIN_EMAIL_TEMPLATE[CREATE] permission on the specified environment " + "or DOMAIN_EMAIL_TEMPLATE[CREATE] permission on the specified organization")
@ApiResponses({ @ApiResponse(code = 201, message = "Email successfully created"), @ApiResponse(code = 500, message = "Internal server error") })
public void create(@PathParam("organizationId") String organizationId, @PathParam("environmentId") String environmentId, @PathParam("domain") String domain, @ApiParam(name = "email", required = true) @Valid @NotNull final NewEmail newEmail, @Suspended final AsyncResponse response) {
    final User authenticatedUser = getAuthenticatedUser();
    checkAnyPermission(organizationId, environmentId, domain, Permission.DOMAIN_EMAIL_TEMPLATE, Acl.CREATE).andThen(domainService.findById(domain).switchIfEmpty(Maybe.error(new DomainNotFoundException(domain))).flatMapSingle(__ -> emailTemplateService.create(domain, newEmail, authenticatedUser)).map(email -> Response.created(URI.create("/organizations/" + organizationId + "/environments/" + environmentId + "/domains/" + domain + "/emails/" + email.getId())).entity(email).build())).subscribe(response::resume, response::resume);
}

Example 29 with Permission

use of io.gravitee.am.model.permissions.Permission in project gravitee-access-management by gravitee-io.

the class ExtensionGrantsResource method create.

@POST
@Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_JSON)
@ApiOperation(value = "Create a extension grant", notes = "User must have the DOMAIN_EXTENSION_GRANT[CREATE] permission on the specified domain " + "or DOMAIN_EXTENSION_GRANT[CREATE] permission on the specified environment " + "or DOMAIN_EXTENSION_GRANT[CREATE] permission on the specified organization")
@ApiResponses({ @ApiResponse(code = 201, message = "Extension grant successfully created"), @ApiResponse(code = 500, message = "Internal server error") })
public void create(@PathParam("organizationId") String organizationId, @PathParam("environmentId") String environmentId, @PathParam("domain") String domain, @ApiParam(name = "extension grant", required = true) @Valid @NotNull final NewExtensionGrant newExtensionGrant, @Suspended final AsyncResponse response) {
    final User authenticatedUser = getAuthenticatedUser();
    checkAnyPermission(organizationId, environmentId, domain, Permission.DOMAIN_EXTENSION_GRANT, Acl.CREATE).andThen(domainService.findById(domain).switchIfEmpty(Maybe.error(new DomainNotFoundException(domain))).flatMapSingle(irrelevant -> extensionGrantService.create(domain, newExtensionGrant, authenticatedUser).map(extensionGrant -> Response.created(URI.create("/organizations/" + organizationId + "/environments/" + environmentId + "/domains/" + domain + "/extensionGrants/" + extensionGrant.getId())).entity(extensionGrant).build()))).subscribe(response::resume, response::resume);
}

Example 30 with Permission

use of io.gravitee.am.model.permissions.Permission in project gravitee-access-management by gravitee-io.

the class ScopesResource method create.

@POST
@Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_JSON)
@ApiOperation(value = "Create a scope", notes = "User must have the DOMAIN_SCOPE[CREATE] permission on the specified domain " + "or DOMAIN_SCOPE[CREATE] permission on the specified environment " + "or DOMAIN_SCOPE[CREATE] permission on the specified organization")
@ApiResponses({ @ApiResponse(code = 201, message = "Scope successfully created"), @ApiResponse(code = 500, message = "Internal server error") })
public void create(@PathParam("organizationId") String organizationId, @PathParam("environmentId") String environmentId, @PathParam("domain") String domain, @ApiParam(name = "scope", required = true) @Valid @NotNull final NewScope newScope, @Suspended final AsyncResponse response) {
    final User authenticatedUser = getAuthenticatedUser();
    checkAnyPermission(organizationId, environmentId, domain, Permission.DOMAIN_SCOPE, Acl.CREATE).andThen(domainService.findById(domain).switchIfEmpty(Maybe.error(new DomainNotFoundException(domain))).flatMapSingle(irrelevant -> scopeService.create(domain, newScope, authenticatedUser).map(scope -> Response.created(URI.create("/organizations/" + organizationId + "/environments/" + environmentId + "/domains/" + domain + "/scopes/" + scope.getId())).entity(scope).build()))).subscribe(response::resume, response::resume);
}