use of io.gravitee.management.service.exceptions.ForbiddenAccessException in project gravitee-management-rest-api by gravitee-io.
the class PermissionFilterTest method shouldThrowForbiddenExceptionWhenNoApiPermissions.
@Test(expected = ForbiddenAccessException.class)
public void shouldThrowForbiddenExceptionWhenNoApiPermissions() {
ApiEntity api = initApiMocks();
when(roleService.hasPermission(any(), any(), any())).thenReturn(false);
try {
permissionFilter.filter(permissions, containerRequestContext);
} catch (ForbiddenAccessException e) {
verify(apiService, times(1)).findById(api.getId());
verify(applicationService, never()).findById(any());
verify(roleService, times(1)).hasPermission(any(), any(), any());
verify(membershipService, times(1)).getMemberPermissions(api, USERNAME);
verify(membershipService, never()).getRole(any(), any(), any(), any());
throw e;
}
Assert.fail("Should throw a ForbiddenAccessException");
}
use of io.gravitee.management.service.exceptions.ForbiddenAccessException in project gravitee-management-rest-api by gravitee-io.
the class PermissionFilterTest method shouldThrowForbiddenExceptionWhenNoApplicationPermissions.
@Test(expected = ForbiddenAccessException.class)
public void shouldThrowForbiddenExceptionWhenNoApplicationPermissions() {
ApplicationEntity application = initApplicationMocks();
when(roleService.hasPermission(any(), any(), any())).thenReturn(false);
try {
permissionFilter.filter(permissions, containerRequestContext);
} catch (ForbiddenAccessException e) {
verify(applicationService, times(1)).findById(application.getId());
verify(apiService, never()).findById(any());
verify(roleService, times(1)).hasPermission(any(), any(), any());
verify(membershipService, times(1)).getMemberPermissions(application, USERNAME);
verify(membershipService, never()).getRole(any(), any(), any(), any());
throw e;
}
Assert.fail("Should throw a ForbiddenAccessException");
}
use of io.gravitee.management.service.exceptions.ForbiddenAccessException in project gravitee-management-rest-api by gravitee-io.
the class ApiResource method picture.
@GET
@Path("picture")
@ApiOperation(value = "Get the API's picture", notes = "User must have the READ permission to use this service")
@ApiResponses({ @ApiResponse(code = 200, message = "API's picture"), @ApiResponse(code = 500, message = "Internal server error") })
public Response picture(@Context Request request, @PathParam("api") String api) throws ApiNotFoundException {
ApiEntity apiEntity = apiService.findById(api);
if (Visibility.PUBLIC.equals(apiEntity.getVisibility()) || hasPermission(RolePermission.API_DEFINITION, api, RolePermissionAction.READ)) {
CacheControl cc = new CacheControl();
cc.setNoTransform(true);
cc.setMustRevalidate(false);
cc.setNoCache(false);
cc.setMaxAge(86400);
InlinePictureEntity image = apiService.getPicture(api);
EntityTag etag = new EntityTag(Integer.toString(new String(image.getContent()).hashCode()));
Response.ResponseBuilder builder = request.evaluatePreconditions(etag);
if (builder != null) {
// Preconditions are not met, returning HTTP 304 'not-modified'
return builder.cacheControl(cc).build();
}
ByteArrayOutputStream baos = new ByteArrayOutputStream();
baos.write(image.getContent(), 0, image.getContent().length);
return Response.ok(baos).cacheControl(cc).tag(etag).type(image.getType()).build();
}
throw new ForbiddenAccessException();
}
Aggregations