Examples with Permissions io.gravitee.rest.api.management.rest.security.Permissions used on opensource projects

Example 16 with Permissions

use of io.gravitee.rest.api.management.rest.security.Permissions in project gravitee-management-rest-api by gravitee-io.

the class GroupResource method updateGroup.

@PUT
@Consumes(APPLICATION_JSON)
@Produces(APPLICATION_JSON)
@ApiOperation(value = "Update an existing group")
@ApiResponses({ @ApiResponse(code = 200, message = "Group successfully updated", response = GroupEntity.class), @ApiResponse(code = 500, message = "Internal server error") })
@Permissions({ @Permission(value = RolePermission.ENVIRONMENT_GROUP, acls = RolePermissionAction.UPDATE), @Permission(value = RolePermission.GROUP_MEMBER, acls = RolePermissionAction.UPDATE) })
public GroupEntity updateGroup(@ApiParam(name = "group", required = true) @Valid @NotNull final UpdateGroupEntity updateGroupEntity) {
    final GroupEntity groupEntity = checkRights();
    // check if user is a 'simple group admin' or a platform admin
    if (!permissionService.hasPermission(RolePermission.ENVIRONMENT_GROUP, GraviteeContext.getCurrentEnvironment(), CREATE, UPDATE, DELETE)) {
        updateGroupEntity.setMaxInvitation(groupEntity.getMaxInvitation());
        updateGroupEntity.setLockApiRole(groupEntity.isLockApiRole());
        updateGroupEntity.setLockApplicationRole(groupEntity.isLockApplicationRole());
        updateGroupEntity.setSystemInvitation(groupEntity.isSystemInvitation());
        updateGroupEntity.setEmailInvitation(groupEntity.isEmailInvitation());
        if (groupEntity.isLockApiRole()) {
            updateGroupEntity.getRoles().put(RoleScope.API, groupEntity.getRoles().get(RoleScope.API));
        }
        if (groupEntity.isLockApplicationRole()) {
            updateGroupEntity.getRoles().put(RoleScope.APPLICATION, groupEntity.getRoles().get(RoleScope.APPLICATION));
        }
    }
    return groupService.update(group, updateGroupEntity);
}

Example 17 with Permissions

use of io.gravitee.rest.api.management.rest.security.Permissions in project gravitee-management-rest-api by gravitee-io.

the class GroupResource method addGroupMember.

@POST
@Path("/memberships")
@Produces(APPLICATION_JSON)
@ApiOperation(value = "Associate a group to existing APIs or Applications")
@ApiResponses({ @ApiResponse(code = 200, message = "Group successfully updated", response = GroupEntity.class), @ApiResponse(code = 500, message = "Internal server error") })
@Permissions({ @Permission(value = RolePermission.ENVIRONMENT_GROUP, acls = RolePermissionAction.UPDATE) })
public GroupEntity addGroupMember(@QueryParam("type") String type) {
    final GroupEntity groupEntity = checkRights();
    groupService.associate(group, type);
    return groupEntity;
}

Example 18 with Permissions

use of io.gravitee.rest.api.management.rest.security.Permissions in project gravitee-management-rest-api by gravitee-io.

the class GroupInvitationsResource method createGroupInvitation.

@POST
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@ApiOperation(value = "Create an invitation to join a group", notes = "User must have the GROUP_INVITATION[CREATE] permission to use this service")
@Permissions({ @Permission(value = RolePermission.ENVIRONMENT_GROUP, acls = { UPDATE, CREATE }), @Permission(value = RolePermission.GROUP_INVITATION, acls = RolePermissionAction.CREATE) })
public InvitationEntity createGroupInvitation(@Valid @NotNull final NewInvitationEntity invitationEntity) {
    // Check that group exists
    final GroupEntity groupEntity = groupService.findById(group);
    // check if user is a 'simple group admin' or a platform admin
    final boolean hasPermission = permissionService.hasPermission(RolePermission.ENVIRONMENT_GROUP, GraviteeContext.getCurrentEnvironment(), CREATE, UPDATE, DELETE);
    if (!hasPermission) {
        if (groupEntity.getMaxInvitation() != null && groupService.getNumberOfMembers(group) >= groupEntity.getMaxInvitation()) {
            throw new GroupMembersLimitationExceededException(groupEntity.getMaxInvitation());
        }
        if (!groupEntity.isEmailInvitation()) {
            throw new GroupInvitationForbiddenException(EMAIL, group);
        }
    }
    invitationEntity.setReferenceType(GROUP);
    invitationEntity.setReferenceId(group);
    return invitationService.create(invitationEntity);
}

Example 19 with Permissions

use of io.gravitee.rest.api.management.rest.security.Permissions in project gravitee-management-rest-api by gravitee-io.

the class InstancesResource method getInstances.

@GET
@Produces(MediaType.APPLICATION_JSON)
@ApiOperation(value = "List gateway instances")
@Permissions({ @Permission(value = RolePermission.ENVIRONMENT_INSTANCE, acls = RolePermissionAction.READ) })
public Page<InstanceListItem> getInstances(@BeanParam InstanceSearchParam param) {
    InstanceQuery query = new InstanceQuery();
    query.setIncludeStopped(param.isIncludeStopped());
    query.setFrom(param.getFrom());
    query.setTo(param.getTo());
    query.setPage(param.getPage());
    query.setSize(param.getSize());
    return instanceService.search(query);
}

Example 20 with Permissions

use of io.gravitee.rest.api.management.rest.security.Permissions in project gravitee-management-rest-api by gravitee-io.

the class PlatformEventsResource method getPlatformEvents.

@GET
@Produces(MediaType.APPLICATION_JSON)
@ApiOperation(value = "List platform events", notes = "User must have the MANAGEMENT_PLATFORM[READ] permission to use this service")
@ApiResponses({ @ApiResponse(code = 200, message = "Platform events", response = EventEntity.class), @ApiResponse(code = 500, message = "Internal server error") })
@Permissions({ @Permission(value = RolePermission.ENVIRONMENT_PLATFORM, acls = RolePermissionAction.READ) })
public Page<EventEntity> getPlatformEvents(@BeanParam EventSearchParam eventSearchParam) {
    eventSearchParam.validate();
    Map<String, Object> properties = new HashMap<>();
    if (eventSearchParam.getApiIdsParam() != null && eventSearchParam.getApiIdsParam().getIds() != null && !eventSearchParam.getApiIdsParam().getIds().isEmpty()) {
        properties.put(Event.EventProperties.API_ID.getValue(), eventSearchParam.getApiIdsParam().getIds());
    } else if (!isAdmin()) {
        properties.put(Event.EventProperties.API_ID.getValue(), apiService.findByUser(getAuthenticatedUser(), null, false).stream().filter(api -> permissionService.hasPermission(API_ANALYTICS, api.getId(), READ)).map(ApiEntity::getId).collect(Collectors.joining(",")));
    }
    Page<EventEntity> events = eventService.search(eventSearchParam.getEventTypeListParam().getEventTypes(), properties, eventSearchParam.getFrom(), eventSearchParam.getTo(), eventSearchParam.getPage(), eventSearchParam.getSize());
    events.getContent().forEach(event -> {
        Map<String, String> properties1 = event.getProperties();
        // Event relative to API
        if (properties1 != null && properties1.containsKey(Event.EventProperties.API_ID.getValue())) {
            // Remove payload content from response since it's not required anymore
            event.setPayload(null);
            // Retrieve additional data
            String apiId = properties1.get(Event.EventProperties.API_ID.getValue());
            try {
                ApiEntity api = apiService.findById(apiId);
                properties1.put("api_name", api.getName());
                properties1.put("api_version", api.getVersion());
            } catch (ApiNotFoundException anfe) {
                properties1.put("deleted", Boolean.TRUE.toString());
                properties1.put("api_name", "Deleted API");
            }
        }
    });
    return events;
}