Search in sources :

Example 21 with Permissions

use of io.gravitee.rest.api.management.rest.security.Permissions in project gravitee-management-rest-api by gravitee-io.

the class ApiEventsResource method searchApiEvents.

@GET
@Path("search")
@Produces(MediaType.APPLICATION_JSON)
@ApiOperation(value = "Get API's events", notes = "User must have the API_EVENT[READ] permission to use this service")
@ApiResponses({ @ApiResponse(code = 200, message = "Page of API events", response = Page.class), @ApiResponse(code = 500, message = "Internal server error") })
@Permissions({ @Permission(value = RolePermission.API_EVENT, acls = RolePermissionAction.READ) })
public Page<EventEntity> searchApiEvents(@ApiParam @BeanParam EventSearchParam eventSearchParam) {
    ApiEntity apiEntity = apiService.findById(api);
    Map<String, Object> properties = new HashMap<>();
    properties.put(Event.EventProperties.API_ID.getValue(), Arrays.asList(api));
    final Page<EventEntity> apiEvents = eventService.search(eventSearchParam.getEventTypeListParam().getEventTypes(), properties, eventSearchParam.getFrom(), eventSearchParam.getTo(), eventSearchParam.getPage(), eventSearchParam.getSize());
    apiEvents.getContent().forEach(event -> {
        Map<String, String> properties1 = event.getProperties();
        // Remove payload content from response since it's not required anymore
        event.setPayload(null);
        // complete event with API info
        properties1.put("api_name", apiEntity.getName());
        properties1.put("api_version", apiEntity.getVersion());
    });
    return apiEvents;
}
Also used : HashMap(java.util.HashMap) EventEntity(io.gravitee.rest.api.model.EventEntity) ApiEntity(io.gravitee.rest.api.model.api.ApiEntity) Permissions(io.gravitee.rest.api.management.rest.security.Permissions)

Example 22 with Permissions

use of io.gravitee.rest.api.management.rest.security.Permissions in project gravitee-management-rest-api by gravitee-io.

the class ApiPageMediaResource method attachApiPageMedia.

@POST
@ApiOperation(value = "Attach a media to an API page ", notes = "User must have the API_DOCUMENTATION[UPDATE] permission to use this service")
@ApiResponses({ @ApiResponse(code = 201, message = "Media successfully added", response = PageEntity.class), @ApiResponse(code = 500, message = "Internal server error") })
@Permissions({ @Permission(value = RolePermission.API_DOCUMENTATION, acls = RolePermissionAction.UPDATE) })
@Consumes(MediaType.MULTIPART_FORM_DATA)
@Produces(MediaType.APPLICATION_JSON)
public Response attachApiPageMedia(@Context final HttpServletRequest request, @FormDataParam("file") InputStream uploadedInputStream, @FormDataParam("file") FormDataContentDisposition fileDetail, @FormDataParam("file") final FormDataBodyPart body, @FormDataParam("fileName") final String fileName) throws IOException {
    final String mediaId;
    if (request.getContentLength() > this.mediaService.getMediaMaxSize()) {
        throw new UploadUnauthorized("Max size is " + this.mediaService.getMediaMaxSize() + "bytes. Actual size is " + request.getContentLength() + "bytes.");
    }
    final String originalFileName = fileDetail.getFileName();
    MediaEntity mediaEntity = new MediaEntity();
    mediaEntity.setSize(fileDetail.getSize());
    mediaEntity.setType(body.getMediaType().getType());
    mediaEntity.setSubType(body.getMediaType().getSubtype());
    mediaEntity.setData(IOUtils.toByteArray(uploadedInputStream));
    mediaEntity.setFileName(originalFileName);
    mediaId = mediaService.saveApiMedia(api, mediaEntity);
    pageService.attachMedia(page, mediaId, fileName == null ? originalFileName : fileName);
    // remove data before sending entity
    mediaEntity.setData(null);
    return Response.ok(mediaEntity).build();
}
Also used : UploadUnauthorized(io.gravitee.rest.api.service.exceptions.UploadUnauthorized) MediaEntity(io.gravitee.rest.api.model.MediaEntity) Permissions(io.gravitee.rest.api.management.rest.security.Permissions)

Example 23 with Permissions

use of io.gravitee.rest.api.management.rest.security.Permissions in project gravitee-management-rest-api by gravitee-io.

the class ApiAuditResource method getApiAudits.

@GET
@ApiOperation(value = "Retrieve audit logs for the API", notes = "User must have the API_AUDIT[READ] permission to use this service")
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@Permissions({ @Permission(value = RolePermission.API_AUDIT, acls = RolePermissionAction.READ) })
public MetadataPage<AuditEntity> getApiAudits(@BeanParam AuditParam param) {
    AuditQuery query = new AuditQuery();
    query.setFrom(param.getFrom());
    query.setTo(param.getTo());
    query.setPage(param.getPage());
    query.setSize(param.getSize());
    query.setApiIds(Collections.singletonList(api));
    query.setApplicationIds(Collections.emptyList());
    query.setCurrentEnvironmentLogsOnly(false);
    query.setCurrentOrganizationLogsOnly(false);
    if (param.getEvent() != null) {
        query.setEvents(Collections.singletonList(param.getEvent()));
    }
    return auditService.search(query);
}
Also used : AuditQuery(io.gravitee.rest.api.model.audit.AuditQuery) ApiOperation(io.swagger.annotations.ApiOperation) Permissions(io.gravitee.rest.api.management.rest.security.Permissions)

Example 24 with Permissions

use of io.gravitee.rest.api.management.rest.security.Permissions in project gravitee-management-rest-api by gravitee-io.

the class ApiHealthResource method getApiHealthCheckLogs.

@GET
@Path("logs")
@Produces(MediaType.APPLICATION_JSON)
@ApiOperation(value = "Health-check logs")
@ApiResponses({ @ApiResponse(code = 200, message = "API logs"), @ApiResponse(code = 500, message = "Internal server error") })
@Permissions({ @Permission(value = RolePermission.API_HEALTH, acls = RolePermissionAction.READ) })
public SearchLogResponse getApiHealthCheckLogs(@BeanParam LogsParam param) {
    param.validate();
    LogQuery logQuery = new LogQuery();
    logQuery.setQuery(param.getQuery());
    logQuery.setPage(param.getPage());
    logQuery.setSize(param.getSize());
    logQuery.setFrom(param.getFrom());
    logQuery.setTo(param.getTo());
    return healthCheckService.findByApi(api, logQuery, param.isTransition());
}
Also used : LogQuery(io.gravitee.rest.api.model.analytics.query.LogQuery) Permissions(io.gravitee.rest.api.management.rest.security.Permissions)

Example 25 with Permissions

use of io.gravitee.rest.api.management.rest.security.Permissions in project gravitee-management-rest-api by gravitee-io.

the class DictionaryResource method getDictionary.

@GET
@Produces(MediaType.APPLICATION_JSON)
@ApiOperation(value = "Get a dictionary", notes = "User must have the DICTIONARY[READ] permission to use this service")
@ApiResponses({ @ApiResponse(code = 200, message = "A dictionary"), @ApiResponse(code = 500, message = "Internal server error") })
@Permissions(@Permission(value = RolePermission.ENVIRONMENT_DICTIONARY, acls = RolePermissionAction.READ))
public DictionaryEntity getDictionary(@PathParam("dictionary") String dictionary) {
    DictionaryEntity dictionaryEntity = dictionaryService.findById(dictionary);
    // remove provider informations for readonlyUsers
    boolean notReadOnly = hasPermission(RolePermission.ENVIRONMENT_DICTIONARY, RolePermissionAction.CREATE, RolePermissionAction.UPDATE, RolePermissionAction.DELETE);
    if (!notReadOnly) {
        dictionaryEntity.setProvider(null);
        dictionaryEntity.setTrigger(null);
    }
    return dictionaryEntity;
}
Also used : UpdateDictionaryEntity(io.gravitee.rest.api.model.configuration.dictionary.UpdateDictionaryEntity) DictionaryEntity(io.gravitee.rest.api.model.configuration.dictionary.DictionaryEntity) Permissions(io.gravitee.rest.api.management.rest.security.Permissions)

Aggregations

Permissions (io.gravitee.rest.api.management.rest.security.Permissions)48 ApiOperation (io.swagger.annotations.ApiOperation)11 GET (javax.ws.rs.GET)7 Produces (javax.ws.rs.Produces)7 MediaEntity (io.gravitee.rest.api.model.MediaEntity)6 ApiEntity (io.gravitee.rest.api.model.api.ApiEntity)6 ApiResponses (io.swagger.annotations.ApiResponses)6 MediaType (io.gravitee.common.http.MediaType)5 Permission (io.gravitee.rest.api.management.rest.security.Permission)5 PageEntity (io.gravitee.rest.api.model.PageEntity)5 RolePermission (io.gravitee.rest.api.model.permissions.RolePermission)5 UpdatePageEntity (io.gravitee.rest.api.model.UpdatePageEntity)4 LogQuery (io.gravitee.rest.api.model.analytics.query.LogQuery)4 RolePermissionAction (io.gravitee.rest.api.model.permissions.RolePermissionAction)4 UploadUnauthorized (io.gravitee.rest.api.service.exceptions.UploadUnauthorized)4 Collectors (java.util.stream.Collectors)4 Inject (javax.inject.Inject)4 InvalidImageException (io.gravitee.rest.api.exception.InvalidImageException)3 PagedResult (io.gravitee.rest.api.management.rest.model.PagedResult)3 GroupEntity (io.gravitee.rest.api.model.GroupEntity)3