Search in sources :

Example 6 with RoleEntity

use of io.gravitee.management.model.RoleEntity in project gravitee-management-rest-api by gravitee-io.

the class GroupMembersResource method addOrUpdateMember.

@POST
@Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_JSON)
@ApiOperation(value = "Add or update a group member")
@ApiResponses({ @ApiResponse(code = 201, message = "Member has been added"), @ApiResponse(code = 200, message = "Member has been updated"), @ApiResponse(code = 400, message = "Membership is not valid"), @ApiResponse(code = 500, message = "Internal server error") })
@Permissions({ @Permission(value = RolePermission.MANAGEMENT_GROUP, acls = RolePermissionAction.CREATE), @Permission(value = RolePermission.MANAGEMENT_GROUP, acls = RolePermissionAction.UPDATE) })
public Response addOrUpdateMember(@PathParam("group") String group, @Valid @NotNull final GroupMembership membership) {
    // Check that group exists
    groupService.findById(group);
    RoleEntity previousApiRole = null, previousApplicationRole = null;
    if (membership.getId() != null) {
        previousApiRole = membershipService.getRole(MembershipReferenceType.GROUP, group, membership.getId(), RoleScope.API);
        previousApplicationRole = membershipService.getRole(MembershipReferenceType.GROUP, group, membership.getId(), RoleScope.APPLICATION);
    }
    // Process add / update before delete to avoid having a user without role
    if (membership.getRoles() != null && !membership.getRoles().isEmpty()) {
        MemberRoleEntity apiRole = membership.getRoles().stream().filter(r -> r.getRoleScope().equals(io.gravitee.management.model.permissions.RoleScope.API) && !r.getRoleName().isEmpty()).findFirst().orElse(null);
        MemberRoleEntity applicationRole = membership.getRoles().stream().filter(r -> r.getRoleScope().equals(io.gravitee.management.model.permissions.RoleScope.APPLICATION) && !r.getRoleName().isEmpty()).findFirst().orElse(null);
        MemberEntity updatedMembership = null;
        // Add / Update
        if (apiRole != null) {
            updatedMembership = membershipService.addOrUpdateMember(new MembershipService.MembershipReference(MembershipReferenceType.GROUP, group), new MembershipService.MembershipUser(membership.getId(), membership.getReference()), new MembershipService.MembershipRole(RoleScope.API, apiRole.getRoleName()));
        }
        if (applicationRole != null) {
            updatedMembership = membershipService.addOrUpdateMember(new MembershipService.MembershipReference(MembershipReferenceType.GROUP, group), new MembershipService.MembershipUser(membership.getId(), membership.getReference()), new MembershipService.MembershipRole(RoleScope.APPLICATION, applicationRole.getRoleName()));
        }
        // Delete
        if (apiRole == null && previousApiRole != null) {
            membershipService.removeRole(MembershipReferenceType.GROUP, group, updatedMembership.getId(), RoleScope.API);
        }
        if (applicationRole == null && previousApplicationRole != null) {
            membershipService.removeRole(MembershipReferenceType.GROUP, group, updatedMembership.getId(), RoleScope.APPLICATION);
        }
    }
    return Response.ok().build();
}
Also used : RoleEntity(io.gravitee.management.model.RoleEntity) MemberRoleEntity(io.gravitee.management.model.MemberRoleEntity) MemberRoleEntity(io.gravitee.management.model.MemberRoleEntity) GroupMemberEntity(io.gravitee.management.model.GroupMemberEntity) MemberEntity(io.gravitee.management.model.MemberEntity) ApiOperation(io.swagger.annotations.ApiOperation) Permissions(io.gravitee.management.rest.security.Permissions) ApiResponses(io.swagger.annotations.ApiResponses)

Example 7 with RoleEntity

use of io.gravitee.management.model.RoleEntity in project gravitee-management-rest-api by gravitee-io.

the class PermissionsFilter method filter.

protected void filter(Permissions permissions, ContainerRequestContext requestContext) {
    if (permissions != null && permissions.value().length > 0) {
        Principal principal = securityContext.getUserPrincipal();
        if (principal != null) {
            String username = principal.getName();
            for (Permission permission : permissions.value()) {
                RoleEntity role;
                Map<String, char[]> memberPermissions;
                switch(permission.value().getScope()) {
                    case MANAGEMENT:
                        role = membershipService.getRole(MembershipReferenceType.MANAGEMENT, MembershipDefaultReferenceId.DEFAULT.name(), username, RoleScope.MANAGEMENT);
                        if (roleService.hasPermission(role.getPermissions(), permission.value().getPermission(), permission.acls())) {
                            return;
                        }
                        break;
                    case PORTAL:
                        role = membershipService.getRole(MembershipReferenceType.PORTAL, MembershipDefaultReferenceId.DEFAULT.name(), username, RoleScope.PORTAL);
                        if (roleService.hasPermission(role.getPermissions(), permission.value().getPermission(), permission.acls())) {
                            return;
                        }
                        break;
                    case APPLICATION:
                        ApplicationEntity application = getApplication(requestContext);
                        memberPermissions = membershipService.getMemberPermissions(application, username);
                        if (roleService.hasPermission(memberPermissions, permission.value().getPermission(), permission.acls())) {
                            return;
                        }
                        break;
                    case API:
                        ApiEntity api = getApi(requestContext);
                        memberPermissions = membershipService.getMemberPermissions(api, username);
                        if (roleService.hasPermission(memberPermissions, permission.value().getPermission(), permission.acls())) {
                            return;
                        }
                        break;
                    default:
                        sendSecurityError();
                }
            }
        }
        sendSecurityError();
    }
}
Also used : RoleEntity(io.gravitee.management.model.RoleEntity) ApplicationEntity(io.gravitee.management.model.ApplicationEntity) Permission(io.gravitee.management.rest.security.Permission) ApiEntity(io.gravitee.management.model.ApiEntity) Principal(java.security.Principal)

Example 8 with RoleEntity

use of io.gravitee.management.model.RoleEntity in project gravitee-management-rest-api by gravitee-io.

the class PermissionServiceImpl method hasPermission.

@Override
public boolean hasPermission(RolePermission permission, String referenceId, RolePermissionAction... acls) {
    Optional<String> optionalReferenceId = Optional.ofNullable(referenceId);
    MembershipReferenceType membershipReferenceType;
    MembershipReferenceType groupMembershipReferenceType = null;
    io.gravitee.repository.management.model.RoleScope repoRoleScope;
    switch(permission.getScope()) {
        case MANAGEMENT:
            membershipReferenceType = MembershipReferenceType.MANAGEMENT;
            repoRoleScope = io.gravitee.repository.management.model.RoleScope.MANAGEMENT;
            break;
        case PORTAL:
            membershipReferenceType = MembershipReferenceType.PORTAL;
            repoRoleScope = io.gravitee.repository.management.model.RoleScope.PORTAL;
            break;
        case API:
            membershipReferenceType = MembershipReferenceType.API;
            groupMembershipReferenceType = MembershipReferenceType.GROUP;
            repoRoleScope = io.gravitee.repository.management.model.RoleScope.API;
            break;
        case APPLICATION:
            membershipReferenceType = MembershipReferenceType.APPLICATION;
            groupMembershipReferenceType = MembershipReferenceType.GROUP;
            repoRoleScope = io.gravitee.repository.management.model.RoleScope.APPLICATION;
            break;
        default:
            membershipReferenceType = null;
            repoRoleScope = null;
    }
    Set<RoleEntity> roles = Collections.emptySet();
    RoleEntity firstDegreeRole = membershipService.getRole(membershipReferenceType, optionalReferenceId.orElse(MembershipDefaultReferenceId.DEFAULT.name()), getAuthenticatedUsername(), repoRoleScope);
    if (firstDegreeRole != null) {
        roles = Collections.singleton(firstDegreeRole);
    } else if (groupMembershipReferenceType != null) {
        Set<String> groups = null;
        if (MembershipReferenceType.GROUP.equals(groupMembershipReferenceType)) {
            try {
                groups = apiService.findById(referenceId).getGroups();
            } catch (ApiNotFoundException ane) {
                groups = applicationService.findById(referenceId).getGroups();
            }
        }
        if (groups != null && !groups.isEmpty()) {
            roles = membershipService.getRoles(groupMembershipReferenceType, groups, getAuthenticatedUsername(), repoRoleScope);
        }
    }
    for (RoleEntity roleEntity : roles) {
        if (roleService.hasPermission(roleEntity.getPermissions(), permission.getPermission(), acls)) {
            return true;
        }
    }
    return false;
}
Also used : RoleEntity(io.gravitee.management.model.RoleEntity) Set(java.util.Set) ApiNotFoundException(io.gravitee.management.service.exceptions.ApiNotFoundException) MembershipReferenceType(io.gravitee.repository.management.model.MembershipReferenceType)

Example 9 with RoleEntity

use of io.gravitee.management.model.RoleEntity in project gravitee-management-rest-api by gravitee-io.

the class RoleServiceImpl method convert.

private RoleEntity convert(final Role role) {
    if (role == null) {
        return null;
    }
    final RoleEntity roleEntity = new RoleEntity();
    roleEntity.setName(role.getName());
    roleEntity.setDescription(role.getDescription());
    roleEntity.setScope(convert(role.getScope()));
    roleEntity.setDefaultRole(role.isDefaultRole());
    roleEntity.setSystem(role.isSystem());
    roleEntity.setPermissions(convertPermissions(roleEntity.getScope(), role.getPermissions()));
    return roleEntity;
}
Also used : UpdateRoleEntity(io.gravitee.management.model.UpdateRoleEntity) NewRoleEntity(io.gravitee.management.model.NewRoleEntity) RoleEntity(io.gravitee.management.model.RoleEntity)

Example 10 with RoleEntity

use of io.gravitee.management.model.RoleEntity in project gravitee-management-rest-api by gravitee-io.

the class RoleServiceImpl method create.

@Override
public RoleEntity create(final NewRoleEntity roleEntity) {
    try {
        Role role = convert(roleEntity);
        if (roleRepository.findById(role.getScope(), role.getName()).isPresent()) {
            throw new RoleAlreadyExistsException(role.getScope(), role.getName());
        }
        role.setCreatedAt(new Date());
        role.setUpdatedAt(role.getCreatedAt());
        RoleEntity entity = convert(roleRepository.create(role));
        auditService.createPortalAuditLog(Collections.singletonMap(ROLE, role.getScope() + ":" + role.getName()), ROLE_CREATED, role.getCreatedAt(), null, role);
        if (entity.isDefaultRole()) {
            toggleDefaultRole(convert(roleEntity.getScope()), entity.getName());
        }
        return entity;
    } catch (TechnicalException ex) {
        LOGGER.error("An error occurs while trying to create role {}", roleEntity.getName(), ex);
        throw new TechnicalManagementException("An error occurs while trying to create role " + roleEntity.getName(), ex);
    }
}
Also used : Role(io.gravitee.repository.management.model.Role) UpdateRoleEntity(io.gravitee.management.model.UpdateRoleEntity) NewRoleEntity(io.gravitee.management.model.NewRoleEntity) RoleEntity(io.gravitee.management.model.RoleEntity) TechnicalException(io.gravitee.repository.exceptions.TechnicalException) RoleAlreadyExistsException(io.gravitee.management.service.exceptions.RoleAlreadyExistsException) TechnicalManagementException(io.gravitee.management.service.exceptions.TechnicalManagementException)

Aggregations

RoleEntity (io.gravitee.management.model.RoleEntity)20 Test (org.junit.Test)10 UserEntity (io.gravitee.management.model.UserEntity)6 MemberEntity (io.gravitee.management.model.MemberEntity)4 NewExternalUserEntity (io.gravitee.management.model.NewExternalUserEntity)4 NewRoleEntity (io.gravitee.management.model.NewRoleEntity)4 UpdateRoleEntity (io.gravitee.management.model.UpdateRoleEntity)4 MembershipService (io.gravitee.management.service.MembershipService)4 Membership (io.gravitee.repository.management.model.Membership)4 SimpleGrantedAuthority (org.springframework.security.core.authority.SimpleGrantedAuthority)4 TechnicalManagementException (io.gravitee.management.service.exceptions.TechnicalManagementException)3 TechnicalException (io.gravitee.repository.exceptions.TechnicalException)3 Role (io.gravitee.repository.management.model.Role)3 RoleScope (io.gravitee.repository.management.model.RoleScope)3 Collection (java.util.Collection)3 JWTSigner (com.auth0.jwt.JWTSigner)2 UserDetails (io.gravitee.management.idp.api.authentication.UserDetails)2 GroupEntity (io.gravitee.management.model.GroupEntity)2 MembershipReferenceType (io.gravitee.repository.management.model.MembershipReferenceType)2 Date (java.util.Date)2