Example 6 with Permissions
use of io.gravitee.rest.api.management.rest.security.Permissions in project gravitee-management-rest-api by gravitee-io.
the class ApiPageResource method updatePageContent.
@PUT
@Path("/content")
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@ApiOperation(value = "Put the page's content", notes = "User must have the MANAGE_PAGES permission to use this service")
@ApiResponses({ @ApiResponse(code = 201, message = "Page content successfully updated"), @ApiResponse(code = 500, message = "Internal server error") })
@Permissions({ @Permission(value = RolePermission.API_DOCUMENTATION, acls = RolePermissionAction.UPDATE) })
public String updatePageContent(@ApiParam(name = "content", required = true) @Valid @NotNull String content) {
pageService.findById(page);
UpdatePageEntity updatePageEntity = new UpdatePageEntity();
updatePageEntity.setContent(content);
PageEntity update = pageService.update(page, updatePageEntity, true);
return update.getContent();
}
Also used :
PageEntity(io.gravitee.rest.api.model.PageEntity)
UpdatePageEntity(io.gravitee.rest.api.model.UpdatePageEntity)
UpdatePageEntity(io.gravitee.rest.api.model.UpdatePageEntity)
Permissions(io.gravitee.rest.api.management.rest.security.Permissions)
Example 7 with Permissions
use of io.gravitee.rest.api.management.rest.security.Permissions in project gravitee-management-rest-api by gravitee-io.
the class ApiPageResource method deleteApiPage.
@DELETE
@ApiOperation(value = "Delete a page", notes = "User must have the MANAGE_PAGES permission to use this service")
@ApiResponses({ @ApiResponse(code = 204, message = "Page successfully deleted"), @ApiResponse(code = 500, message = "Internal server error") })
@Permissions({ @Permission(value = RolePermission.API_DOCUMENTATION, acls = RolePermissionAction.DELETE) })
public void deleteApiPage() {
PageEntity existingPage = pageService.findById(page);
if (existingPage.getType().equals(PageType.SYSTEM_FOLDER.name())) {
throw new PageSystemFolderActionException("Delete");
} else if (existingPage.getType().equals(PageType.MARKDOWN_TEMPLATE.name())) {
throw new PageMarkdownTemplateActionException("Delete");
}
pageService.delete(page);
}
Also used :
PageEntity(io.gravitee.rest.api.model.PageEntity)
UpdatePageEntity(io.gravitee.rest.api.model.UpdatePageEntity)
Permissions(io.gravitee.rest.api.management.rest.security.Permissions)
Example 8 with Permissions
use of io.gravitee.rest.api.management.rest.security.Permissions in project gravitee-management-rest-api by gravitee-io.
the class ApiSubscriptionsResource method createSubscriptionToApi.
@POST
@Produces(MediaType.APPLICATION_JSON)
@ApiOperation(value = "Subscribe to a plan", notes = "User must have the MANAGE_SUBSCRIPTIONS permission to use this service")
@ApiResponses({ @ApiResponse(code = 201, message = "Subscription successfully created", response = Subscription.class), @ApiResponse(code = 400, message = "Bad custom API Key format or custom API Key definition disabled"), @ApiResponse(code = 500, message = "Internal server error") })
@Permissions({ @Permission(value = RolePermission.API_SUBSCRIPTION, acls = RolePermissionAction.CREATE) })
public Response createSubscriptionToApi(@ApiParam(name = "application", required = true) @NotNull @QueryParam("application") String application, @ApiParam(name = "plan", required = true) @NotNull @QueryParam("plan") String plan, @ApiParam(name = "customApiKey") @CustomApiKey @QueryParam("customApiKey") String customApiKey) {
if (StringUtils.isNotEmpty(customApiKey) && !parameterService.findAsBoolean(Key.PLAN_SECURITY_APIKEY_CUSTOM_ALLOWED, ParameterReferenceType.ENVIRONMENT)) {
return Response.status(Response.Status.BAD_REQUEST).entity("You are not allowed to provide a custom API Key").build();
}
NewSubscriptionEntity newSubscriptionEntity = new NewSubscriptionEntity(plan, application);
// Create subscription
SubscriptionEntity subscription = subscriptionService.create(newSubscriptionEntity, customApiKey);
if (subscription.getStatus() == SubscriptionStatus.PENDING) {
ProcessSubscriptionEntity process = new ProcessSubscriptionEntity();
process.setId(subscription.getId());
process.setAccepted(true);
process.setStartingAt(new Date());
process.setCustomApiKey(customApiKey);
subscription = subscriptionService.process(process, getAuthenticatedUser());
}
return Response.created(this.getRequestUriBuilder().path(subscription.getId()).replaceQueryParam("application", null).replaceQueryParam("plan", null).build()).entity(convert(subscription)).build();
}
Also used :
Date(java.util.Date)
Permissions(io.gravitee.rest.api.management.rest.security.Permissions)
Example 9 with Permissions
use of io.gravitee.rest.api.management.rest.security.Permissions in project gravitee-management-rest-api by gravitee-io.
the class ApiSubscriptionsResource method getApiSubscriptions.
@GET
@Produces(MediaType.APPLICATION_JSON)
@ApiOperation(value = "List subscriptions for the API", notes = "User must have the READ_SUBSCRIPTION permission to use this service")
@ApiResponses({ @ApiResponse(code = 200, message = "Paged result of API's subscriptions", response = PagedResult.class), @ApiResponse(code = 500, message = "Internal server error") })
@Permissions({ @Permission(value = RolePermission.API_SUBSCRIPTION, acls = RolePermissionAction.READ) })
public PagedResult<SubscriptionEntity> getApiSubscriptions(@BeanParam SubscriptionParam subscriptionParam, @Valid @BeanParam Pageable pageable, @ApiParam(allowableValues = "keys", value = "Expansion of data to return in subscriptions") @QueryParam("expand") List<String> expand) {
// Transform query parameters to a subscription query
SubscriptionQuery subscriptionQuery = subscriptionParam.toQuery();
subscriptionQuery.setApi(api);
Page<SubscriptionEntity> subscriptions = subscriptionService.search(subscriptionQuery, pageable.toPageable());
if (expand != null && !expand.isEmpty()) {
for (String e : expand) {
switch(e) {
case "keys":
subscriptions.getContent().forEach(subscriptionEntity -> {
final List<String> keys = apiKeyService.findBySubscription(subscriptionEntity.getId()).stream().filter(apiKeyEntity -> !apiKeyEntity.isExpired() && !apiKeyEntity.isRevoked()).map(ApiKeyEntity::getKey).collect(Collectors.toList());
subscriptionEntity.setKeys(keys);
});
break;
default:
break;
}
}
}
PagedResult<SubscriptionEntity> result = new PagedResult<>(subscriptions, pageable.getSize());
result.setMetadata(subscriptionService.getMetadata(subscriptions.getContent()).getMetadata());
return result;
}
Also used :
SubscriptionQuery(io.gravitee.rest.api.model.subscription.SubscriptionQuery)
PagedResult(io.gravitee.rest.api.management.rest.model.PagedResult)
Permissions(io.gravitee.rest.api.management.rest.security.Permissions)
Example 10 with Permissions
use of io.gravitee.rest.api.management.rest.security.Permissions in project gravitee-management-rest-api by gravitee-io.
the class ApplicationSubscriptionsResource method revokeApiKeyForApplicationSubscription.
@DELETE
@Path("{subscription}/keys/{key}")
@Produces(MediaType.APPLICATION_JSON)
@ApiOperation(value = "Revoke an API key", notes = "User must have the MANAGE_API_KEYS permission to use this service")
@ApiResponses({ @ApiResponse(code = 204, message = "API key successfully revoked"), @ApiResponse(code = 400, message = "API Key does not correspond to the subscription"), @ApiResponse(code = 500, message = "Internal server error") })
@Permissions({ @Permission(value = RolePermission.APPLICATION_SUBSCRIPTION, acls = RolePermissionAction.DELETE) })
public Response revokeApiKeyForApplicationSubscription(@PathParam("subscription") String subscription, @PathParam("key") String apiKey) {
ApiKeyEntity apiKeyEntity = apiKeyService.findByKey(apiKey);
if (apiKeyEntity.getSubscription() != null && !subscription.equals(apiKeyEntity.getSubscription())) {
return Response.status(Response.Status.BAD_REQUEST).entity("'key' parameter does not correspond to the subscription").build();
}
apiKeyService.revoke(apiKey, true);
return Response.status(Response.Status.NO_CONTENT).build();
}
Also used :
ApiKeyEntity(io.gravitee.rest.api.model.ApiKeyEntity)
Permissions(io.gravitee.rest.api.management.rest.security.Permissions)
Aggregations
Permissions (io.gravitee.rest.api.management.rest.security.Permissions)48
ApiOperation (io.swagger.annotations.ApiOperation)11
GET (javax.ws.rs.GET)7
Produces (javax.ws.rs.Produces)7
MediaEntity (io.gravitee.rest.api.model.MediaEntity)6
ApiEntity (io.gravitee.rest.api.model.api.ApiEntity)6
ApiResponses (io.swagger.annotations.ApiResponses)6
MediaType (io.gravitee.common.http.MediaType)5
Permission (io.gravitee.rest.api.management.rest.security.Permission)5
PageEntity (io.gravitee.rest.api.model.PageEntity)5
RolePermission (io.gravitee.rest.api.model.permissions.RolePermission)5
UpdatePageEntity (io.gravitee.rest.api.model.UpdatePageEntity)4
LogQuery (io.gravitee.rest.api.model.analytics.query.LogQuery)4
RolePermissionAction (io.gravitee.rest.api.model.permissions.RolePermissionAction)4
UploadUnauthorized (io.gravitee.rest.api.service.exceptions.UploadUnauthorized)4
Collectors (java.util.stream.Collectors)4
Inject (javax.inject.Inject)4
InvalidImageException (io.gravitee.rest.api.exception.InvalidImageException)3
PagedResult (io.gravitee.rest.api.management.rest.model.PagedResult)3
GroupEntity (io.gravitee.rest.api.model.GroupEntity)3
