use of io.gravitee.management.model.RoleEntity in project gravitee-management-rest-api by gravitee-io.
the class GroupMembersResource method addOrUpdateMember.
@POST
@Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_JSON)
@ApiOperation(value = "Add or update a group member")
@ApiResponses({ @ApiResponse(code = 201, message = "Member has been added"), @ApiResponse(code = 200, message = "Member has been updated"), @ApiResponse(code = 400, message = "Membership is not valid"), @ApiResponse(code = 500, message = "Internal server error") })
@Permissions({ @Permission(value = RolePermission.MANAGEMENT_GROUP, acls = RolePermissionAction.CREATE), @Permission(value = RolePermission.MANAGEMENT_GROUP, acls = RolePermissionAction.UPDATE) })
public Response addOrUpdateMember(@PathParam("group") String group, @Valid @NotNull final GroupMembership membership) {
// Check that group exists
groupService.findById(group);
RoleEntity previousApiRole = null, previousApplicationRole = null;
if (membership.getId() != null) {
previousApiRole = membershipService.getRole(MembershipReferenceType.GROUP, group, membership.getId(), RoleScope.API);
previousApplicationRole = membershipService.getRole(MembershipReferenceType.GROUP, group, membership.getId(), RoleScope.APPLICATION);
}
// Process add / update before delete to avoid having a user without role
if (membership.getRoles() != null && !membership.getRoles().isEmpty()) {
MemberRoleEntity apiRole = membership.getRoles().stream().filter(r -> r.getRoleScope().equals(io.gravitee.management.model.permissions.RoleScope.API) && !r.getRoleName().isEmpty()).findFirst().orElse(null);
MemberRoleEntity applicationRole = membership.getRoles().stream().filter(r -> r.getRoleScope().equals(io.gravitee.management.model.permissions.RoleScope.APPLICATION) && !r.getRoleName().isEmpty()).findFirst().orElse(null);
MemberEntity updatedMembership = null;
// Add / Update
if (apiRole != null) {
updatedMembership = membershipService.addOrUpdateMember(new MembershipService.MembershipReference(MembershipReferenceType.GROUP, group), new MembershipService.MembershipUser(membership.getId(), membership.getReference()), new MembershipService.MembershipRole(RoleScope.API, apiRole.getRoleName()));
}
if (applicationRole != null) {
updatedMembership = membershipService.addOrUpdateMember(new MembershipService.MembershipReference(MembershipReferenceType.GROUP, group), new MembershipService.MembershipUser(membership.getId(), membership.getReference()), new MembershipService.MembershipRole(RoleScope.APPLICATION, applicationRole.getRoleName()));
}
// Delete
if (apiRole == null && previousApiRole != null) {
membershipService.removeRole(MembershipReferenceType.GROUP, group, updatedMembership.getId(), RoleScope.API);
}
if (applicationRole == null && previousApplicationRole != null) {
membershipService.removeRole(MembershipReferenceType.GROUP, group, updatedMembership.getId(), RoleScope.APPLICATION);
}
}
return Response.ok().build();
}
use of io.gravitee.management.model.RoleEntity in project gravitee-management-rest-api by gravitee-io.
the class PermissionsFilter method filter.
protected void filter(Permissions permissions, ContainerRequestContext requestContext) {
if (permissions != null && permissions.value().length > 0) {
Principal principal = securityContext.getUserPrincipal();
if (principal != null) {
String username = principal.getName();
for (Permission permission : permissions.value()) {
RoleEntity role;
Map<String, char[]> memberPermissions;
switch(permission.value().getScope()) {
case MANAGEMENT:
role = membershipService.getRole(MembershipReferenceType.MANAGEMENT, MembershipDefaultReferenceId.DEFAULT.name(), username, RoleScope.MANAGEMENT);
if (roleService.hasPermission(role.getPermissions(), permission.value().getPermission(), permission.acls())) {
return;
}
break;
case PORTAL:
role = membershipService.getRole(MembershipReferenceType.PORTAL, MembershipDefaultReferenceId.DEFAULT.name(), username, RoleScope.PORTAL);
if (roleService.hasPermission(role.getPermissions(), permission.value().getPermission(), permission.acls())) {
return;
}
break;
case APPLICATION:
ApplicationEntity application = getApplication(requestContext);
memberPermissions = membershipService.getMemberPermissions(application, username);
if (roleService.hasPermission(memberPermissions, permission.value().getPermission(), permission.acls())) {
return;
}
break;
case API:
ApiEntity api = getApi(requestContext);
memberPermissions = membershipService.getMemberPermissions(api, username);
if (roleService.hasPermission(memberPermissions, permission.value().getPermission(), permission.acls())) {
return;
}
break;
default:
sendSecurityError();
}
}
}
sendSecurityError();
}
}
use of io.gravitee.management.model.RoleEntity in project gravitee-management-rest-api by gravitee-io.
the class PermissionServiceImpl method hasPermission.
@Override
public boolean hasPermission(RolePermission permission, String referenceId, RolePermissionAction... acls) {
Optional<String> optionalReferenceId = Optional.ofNullable(referenceId);
MembershipReferenceType membershipReferenceType;
MembershipReferenceType groupMembershipReferenceType = null;
io.gravitee.repository.management.model.RoleScope repoRoleScope;
switch(permission.getScope()) {
case MANAGEMENT:
membershipReferenceType = MembershipReferenceType.MANAGEMENT;
repoRoleScope = io.gravitee.repository.management.model.RoleScope.MANAGEMENT;
break;
case PORTAL:
membershipReferenceType = MembershipReferenceType.PORTAL;
repoRoleScope = io.gravitee.repository.management.model.RoleScope.PORTAL;
break;
case API:
membershipReferenceType = MembershipReferenceType.API;
groupMembershipReferenceType = MembershipReferenceType.GROUP;
repoRoleScope = io.gravitee.repository.management.model.RoleScope.API;
break;
case APPLICATION:
membershipReferenceType = MembershipReferenceType.APPLICATION;
groupMembershipReferenceType = MembershipReferenceType.GROUP;
repoRoleScope = io.gravitee.repository.management.model.RoleScope.APPLICATION;
break;
default:
membershipReferenceType = null;
repoRoleScope = null;
}
Set<RoleEntity> roles = Collections.emptySet();
RoleEntity firstDegreeRole = membershipService.getRole(membershipReferenceType, optionalReferenceId.orElse(MembershipDefaultReferenceId.DEFAULT.name()), getAuthenticatedUsername(), repoRoleScope);
if (firstDegreeRole != null) {
roles = Collections.singleton(firstDegreeRole);
} else if (groupMembershipReferenceType != null) {
Set<String> groups = null;
if (MembershipReferenceType.GROUP.equals(groupMembershipReferenceType)) {
try {
groups = apiService.findById(referenceId).getGroups();
} catch (ApiNotFoundException ane) {
groups = applicationService.findById(referenceId).getGroups();
}
}
if (groups != null && !groups.isEmpty()) {
roles = membershipService.getRoles(groupMembershipReferenceType, groups, getAuthenticatedUsername(), repoRoleScope);
}
}
for (RoleEntity roleEntity : roles) {
if (roleService.hasPermission(roleEntity.getPermissions(), permission.getPermission(), acls)) {
return true;
}
}
return false;
}
use of io.gravitee.management.model.RoleEntity in project gravitee-management-rest-api by gravitee-io.
the class RoleServiceImpl method convert.
private RoleEntity convert(final Role role) {
if (role == null) {
return null;
}
final RoleEntity roleEntity = new RoleEntity();
roleEntity.setName(role.getName());
roleEntity.setDescription(role.getDescription());
roleEntity.setScope(convert(role.getScope()));
roleEntity.setDefaultRole(role.isDefaultRole());
roleEntity.setSystem(role.isSystem());
roleEntity.setPermissions(convertPermissions(roleEntity.getScope(), role.getPermissions()));
return roleEntity;
}
use of io.gravitee.management.model.RoleEntity in project gravitee-management-rest-api by gravitee-io.
the class RoleServiceImpl method create.
@Override
public RoleEntity create(final NewRoleEntity roleEntity) {
try {
Role role = convert(roleEntity);
if (roleRepository.findById(role.getScope(), role.getName()).isPresent()) {
throw new RoleAlreadyExistsException(role.getScope(), role.getName());
}
role.setCreatedAt(new Date());
role.setUpdatedAt(role.getCreatedAt());
RoleEntity entity = convert(roleRepository.create(role));
auditService.createPortalAuditLog(Collections.singletonMap(ROLE, role.getScope() + ":" + role.getName()), ROLE_CREATED, role.getCreatedAt(), null, role);
if (entity.isDefaultRole()) {
toggleDefaultRole(convert(roleEntity.getScope()), entity.getName());
}
return entity;
} catch (TechnicalException ex) {
LOGGER.error("An error occurs while trying to create role {}", roleEntity.getName(), ex);
throw new TechnicalManagementException("An error occurs while trying to create role " + roleEntity.getName(), ex);
}
}
Aggregations