Search in sources :

Example 1 with ForbiddenAccessException

use of io.gravitee.management.service.exceptions.ForbiddenAccessException in project gravitee-management-rest-api by gravitee-io.

the class PermissionFilterTest method shouldThrowForbiddenExceptionWhenNoApiPermissions.

@Test(expected = ForbiddenAccessException.class)
public void shouldThrowForbiddenExceptionWhenNoApiPermissions() {
    ApiEntity api = initApiMocks();
    when(roleService.hasPermission(any(), any(), any())).thenReturn(false);
    try {
        permissionFilter.filter(permissions, containerRequestContext);
    } catch (ForbiddenAccessException e) {
        verify(apiService, times(1)).findById(api.getId());
        verify(applicationService, never()).findById(any());
        verify(roleService, times(1)).hasPermission(any(), any(), any());
        verify(membershipService, times(1)).getMemberPermissions(api, USERNAME);
        verify(membershipService, never()).getRole(any(), any(), any(), any());
        throw e;
    }
    Assert.fail("Should throw a ForbiddenAccessException");
}
Also used : ApiEntity(io.gravitee.management.model.ApiEntity) ForbiddenAccessException(io.gravitee.management.service.exceptions.ForbiddenAccessException) Test(org.junit.Test)

Example 2 with ForbiddenAccessException

use of io.gravitee.management.service.exceptions.ForbiddenAccessException in project gravitee-management-rest-api by gravitee-io.

the class PermissionFilterTest method shouldThrowForbiddenExceptionWhenNoApplicationPermissions.

@Test(expected = ForbiddenAccessException.class)
public void shouldThrowForbiddenExceptionWhenNoApplicationPermissions() {
    ApplicationEntity application = initApplicationMocks();
    when(roleService.hasPermission(any(), any(), any())).thenReturn(false);
    try {
        permissionFilter.filter(permissions, containerRequestContext);
    } catch (ForbiddenAccessException e) {
        verify(applicationService, times(1)).findById(application.getId());
        verify(apiService, never()).findById(any());
        verify(roleService, times(1)).hasPermission(any(), any(), any());
        verify(membershipService, times(1)).getMemberPermissions(application, USERNAME);
        verify(membershipService, never()).getRole(any(), any(), any(), any());
        throw e;
    }
    Assert.fail("Should throw a ForbiddenAccessException");
}
Also used : ApplicationEntity(io.gravitee.management.model.ApplicationEntity) ForbiddenAccessException(io.gravitee.management.service.exceptions.ForbiddenAccessException) Test(org.junit.Test)

Example 3 with ForbiddenAccessException

use of io.gravitee.management.service.exceptions.ForbiddenAccessException in project gravitee-management-rest-api by gravitee-io.

the class ApiResource method picture.

@GET
@Path("picture")
@ApiOperation(value = "Get the API's picture", notes = "User must have the READ permission to use this service")
@ApiResponses({ @ApiResponse(code = 200, message = "API's picture"), @ApiResponse(code = 500, message = "Internal server error") })
public Response picture(@Context Request request, @PathParam("api") String api) throws ApiNotFoundException {
    ApiEntity apiEntity = apiService.findById(api);
    if (Visibility.PUBLIC.equals(apiEntity.getVisibility()) || hasPermission(RolePermission.API_DEFINITION, api, RolePermissionAction.READ)) {
        CacheControl cc = new CacheControl();
        cc.setNoTransform(true);
        cc.setMustRevalidate(false);
        cc.setNoCache(false);
        cc.setMaxAge(86400);
        InlinePictureEntity image = apiService.getPicture(api);
        EntityTag etag = new EntityTag(Integer.toString(new String(image.getContent()).hashCode()));
        Response.ResponseBuilder builder = request.evaluatePreconditions(etag);
        if (builder != null) {
            // Preconditions are not met, returning HTTP 304 'not-modified'
            return builder.cacheControl(cc).build();
        }
        ByteArrayOutputStream baos = new ByteArrayOutputStream();
        baos.write(image.getContent(), 0, image.getContent().length);
        return Response.ok(baos).cacheControl(cc).tag(etag).type(image.getType()).build();
    }
    throw new ForbiddenAccessException();
}
Also used : MatchingEntityTag(org.glassfish.jersey.message.internal.MatchingEntityTag) ByteArrayOutputStream(java.io.ByteArrayOutputStream) ForbiddenAccessException(io.gravitee.management.service.exceptions.ForbiddenAccessException)

Aggregations

ForbiddenAccessException (io.gravitee.management.service.exceptions.ForbiddenAccessException)3 Test (org.junit.Test)2 ApiEntity (io.gravitee.management.model.ApiEntity)1 ApplicationEntity (io.gravitee.management.model.ApplicationEntity)1 ByteArrayOutputStream (java.io.ByteArrayOutputStream)1 MatchingEntityTag (org.glassfish.jersey.message.internal.MatchingEntityTag)1