use of io.gravitee.rest.api.management.rest.security.Permissions in project gravitee-management-rest-api by gravitee-io.
the class ApiEventsResource method searchApiEvents.
@GET
@Path("search")
@Produces(MediaType.APPLICATION_JSON)
@ApiOperation(value = "Get API's events", notes = "User must have the API_EVENT[READ] permission to use this service")
@ApiResponses({ @ApiResponse(code = 200, message = "Page of API events", response = Page.class), @ApiResponse(code = 500, message = "Internal server error") })
@Permissions({ @Permission(value = RolePermission.API_EVENT, acls = RolePermissionAction.READ) })
public Page<EventEntity> searchApiEvents(@ApiParam @BeanParam EventSearchParam eventSearchParam) {
ApiEntity apiEntity = apiService.findById(api);
Map<String, Object> properties = new HashMap<>();
properties.put(Event.EventProperties.API_ID.getValue(), Arrays.asList(api));
final Page<EventEntity> apiEvents = eventService.search(eventSearchParam.getEventTypeListParam().getEventTypes(), properties, eventSearchParam.getFrom(), eventSearchParam.getTo(), eventSearchParam.getPage(), eventSearchParam.getSize());
apiEvents.getContent().forEach(event -> {
Map<String, String> properties1 = event.getProperties();
// Remove payload content from response since it's not required anymore
event.setPayload(null);
// complete event with API info
properties1.put("api_name", apiEntity.getName());
properties1.put("api_version", apiEntity.getVersion());
});
return apiEvents;
}
use of io.gravitee.rest.api.management.rest.security.Permissions in project gravitee-management-rest-api by gravitee-io.
the class ApiPageMediaResource method attachApiPageMedia.
@POST
@ApiOperation(value = "Attach a media to an API page ", notes = "User must have the API_DOCUMENTATION[UPDATE] permission to use this service")
@ApiResponses({ @ApiResponse(code = 201, message = "Media successfully added", response = PageEntity.class), @ApiResponse(code = 500, message = "Internal server error") })
@Permissions({ @Permission(value = RolePermission.API_DOCUMENTATION, acls = RolePermissionAction.UPDATE) })
@Consumes(MediaType.MULTIPART_FORM_DATA)
@Produces(MediaType.APPLICATION_JSON)
public Response attachApiPageMedia(@Context final HttpServletRequest request, @FormDataParam("file") InputStream uploadedInputStream, @FormDataParam("file") FormDataContentDisposition fileDetail, @FormDataParam("file") final FormDataBodyPart body, @FormDataParam("fileName") final String fileName) throws IOException {
final String mediaId;
if (request.getContentLength() > this.mediaService.getMediaMaxSize()) {
throw new UploadUnauthorized("Max size is " + this.mediaService.getMediaMaxSize() + "bytes. Actual size is " + request.getContentLength() + "bytes.");
}
final String originalFileName = fileDetail.getFileName();
MediaEntity mediaEntity = new MediaEntity();
mediaEntity.setSize(fileDetail.getSize());
mediaEntity.setType(body.getMediaType().getType());
mediaEntity.setSubType(body.getMediaType().getSubtype());
mediaEntity.setData(IOUtils.toByteArray(uploadedInputStream));
mediaEntity.setFileName(originalFileName);
mediaId = mediaService.saveApiMedia(api, mediaEntity);
pageService.attachMedia(page, mediaId, fileName == null ? originalFileName : fileName);
// remove data before sending entity
mediaEntity.setData(null);
return Response.ok(mediaEntity).build();
}
use of io.gravitee.rest.api.management.rest.security.Permissions in project gravitee-management-rest-api by gravitee-io.
the class ApiAuditResource method getApiAudits.
@GET
@ApiOperation(value = "Retrieve audit logs for the API", notes = "User must have the API_AUDIT[READ] permission to use this service")
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@Permissions({ @Permission(value = RolePermission.API_AUDIT, acls = RolePermissionAction.READ) })
public MetadataPage<AuditEntity> getApiAudits(@BeanParam AuditParam param) {
AuditQuery query = new AuditQuery();
query.setFrom(param.getFrom());
query.setTo(param.getTo());
query.setPage(param.getPage());
query.setSize(param.getSize());
query.setApiIds(Collections.singletonList(api));
query.setApplicationIds(Collections.emptyList());
query.setCurrentEnvironmentLogsOnly(false);
query.setCurrentOrganizationLogsOnly(false);
if (param.getEvent() != null) {
query.setEvents(Collections.singletonList(param.getEvent()));
}
return auditService.search(query);
}
use of io.gravitee.rest.api.management.rest.security.Permissions in project gravitee-management-rest-api by gravitee-io.
the class ApiHealthResource method getApiHealthCheckLogs.
@GET
@Path("logs")
@Produces(MediaType.APPLICATION_JSON)
@ApiOperation(value = "Health-check logs")
@ApiResponses({ @ApiResponse(code = 200, message = "API logs"), @ApiResponse(code = 500, message = "Internal server error") })
@Permissions({ @Permission(value = RolePermission.API_HEALTH, acls = RolePermissionAction.READ) })
public SearchLogResponse getApiHealthCheckLogs(@BeanParam LogsParam param) {
param.validate();
LogQuery logQuery = new LogQuery();
logQuery.setQuery(param.getQuery());
logQuery.setPage(param.getPage());
logQuery.setSize(param.getSize());
logQuery.setFrom(param.getFrom());
logQuery.setTo(param.getTo());
return healthCheckService.findByApi(api, logQuery, param.isTransition());
}
use of io.gravitee.rest.api.management.rest.security.Permissions in project gravitee-management-rest-api by gravitee-io.
the class DictionaryResource method getDictionary.
@GET
@Produces(MediaType.APPLICATION_JSON)
@ApiOperation(value = "Get a dictionary", notes = "User must have the DICTIONARY[READ] permission to use this service")
@ApiResponses({ @ApiResponse(code = 200, message = "A dictionary"), @ApiResponse(code = 500, message = "Internal server error") })
@Permissions(@Permission(value = RolePermission.ENVIRONMENT_DICTIONARY, acls = RolePermissionAction.READ))
public DictionaryEntity getDictionary(@PathParam("dictionary") String dictionary) {
DictionaryEntity dictionaryEntity = dictionaryService.findById(dictionary);
// remove provider informations for readonlyUsers
boolean notReadOnly = hasPermission(RolePermission.ENVIRONMENT_DICTIONARY, RolePermissionAction.CREATE, RolePermissionAction.UPDATE, RolePermissionAction.DELETE);
if (!notReadOnly) {
dictionaryEntity.setProvider(null);
dictionaryEntity.setTrigger(null);
}
return dictionaryEntity;
}
Aggregations