Search in sources :

Example 26 with Permissions

use of io.gravitee.rest.api.management.rest.security.Permissions in project gravitee-management-rest-api by gravitee-io.

the class ApiAnalyticsResource method getApiAnalyticsHits.

@GET
@Produces(MediaType.APPLICATION_JSON)
@ApiOperation(value = "Get API analytics", notes = "User must have the API_ANALYTICS[READ] permission to use this service")
@ApiResponses({ @ApiResponse(code = 200, message = "API analytics"), @ApiResponse(code = 500, message = "Internal server error") })
@Permissions({ @Permission(value = RolePermission.API_ANALYTICS, acls = RolePermissionAction.READ) })
public Response getApiAnalyticsHits(@BeanParam AnalyticsParam analyticsParam) {
    analyticsParam.validate();
    Analytics analytics = null;
    switch(analyticsParam.getType()) {
        case DATE_HISTO:
            analytics = executeDateHisto(api, analyticsParam);
            break;
        case GROUP_BY:
            analytics = executeGroupBy(api, analyticsParam);
            break;
        case COUNT:
            analytics = executeCount(api, analyticsParam);
            break;
        case STATS:
            analytics = executeStats(api, analyticsParam);
            break;
    }
    return Response.ok(analytics).build();
}
Also used : Analytics(io.gravitee.rest.api.model.analytics.Analytics) Produces(javax.ws.rs.Produces) GET(javax.ws.rs.GET) Permissions(io.gravitee.rest.api.management.rest.security.Permissions)

Example 27 with Permissions

use of io.gravitee.rest.api.management.rest.security.Permissions in project gravitee-management-rest-api by gravitee-io.

the class ApiEventsResource method getApiEventsEvents.

@GET
@Produces(MediaType.APPLICATION_JSON)
@ApiOperation(value = "Get API's events", notes = "User must have the MANAGE_LIFECYCLE permission to use this service")
@ApiResponses({ @ApiResponse(code = 200, message = "API's events"), @ApiResponse(code = 500, message = "Internal server error") })
@Permissions({ @Permission(value = RolePermission.API_EVENT, acls = RolePermissionAction.READ) })
public List<EventEntity> getApiEventsEvents(@ApiParam @DefaultValue("all") @QueryParam("type") EventTypeListParam eventTypeListParam) {
    final EventQuery query = new EventQuery();
    query.setApi(api);
    return eventService.search(query).stream().filter(event -> eventTypeListParam.getEventTypes().contains(event.getType())).sorted((e1, e2) -> e2.getCreatedAt().compareTo(e1.getCreatedAt())).collect(Collectors.toList());
}
Also used : RolePermissionAction(io.gravitee.rest.api.model.permissions.RolePermissionAction) ApiEntity(io.gravitee.rest.api.model.api.ApiEntity) Arrays(java.util.Arrays) Event(io.gravitee.repository.management.model.Event) Page(io.gravitee.common.data.domain.Page) ApiNotFoundException(io.gravitee.rest.api.service.exceptions.ApiNotFoundException) HashMap(java.util.HashMap) Collectors(java.util.stream.Collectors) Permission(io.gravitee.rest.api.management.rest.security.Permission) EventService(io.gravitee.rest.api.service.EventService) Inject(javax.inject.Inject) EventEntity(io.gravitee.rest.api.model.EventEntity) List(java.util.List) MediaType(io.gravitee.common.http.MediaType) javax.ws.rs(javax.ws.rs) EventQuery(io.gravitee.rest.api.model.EventQuery) Map(java.util.Map) io.swagger.annotations(io.swagger.annotations) EventTypeListParam(io.gravitee.rest.api.management.rest.resource.param.EventTypeListParam) Permissions(io.gravitee.rest.api.management.rest.security.Permissions) EventSearchParam(io.gravitee.rest.api.management.rest.resource.param.EventSearchParam) RolePermission(io.gravitee.rest.api.model.permissions.RolePermission) EventQuery(io.gravitee.rest.api.model.EventQuery) Permissions(io.gravitee.rest.api.management.rest.security.Permissions)

Example 28 with Permissions

use of io.gravitee.rest.api.management.rest.security.Permissions in project gravitee-management-rest-api by gravitee-io.

the class ApiKeysResource method updateApiKey.

@PUT
@Path("{key}")
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@ApiOperation(value = "Update an API Key", notes = "User must have the API_SUBSCRIPTION:UPDATE permission to use this service")
@ApiResponses({ @ApiResponse(code = 200, message = "API Key successfully updated", response = ApiKeyEntity.class), @ApiResponse(code = 400, message = "Bad plan format"), @ApiResponse(code = 500, message = "Internal server error") })
@Permissions({ @Permission(value = RolePermission.API_SUBSCRIPTION, acls = RolePermissionAction.UPDATE) })
public Response updateApiKey(@PathParam("key") @ApiParam("The API key") String apiKey, @Valid @NotNull ApiKeyEntity apiKeyEntity) {
    if (apiKeyEntity.getKey() != null && !apiKey.equals(apiKeyEntity.getKey())) {
        return Response.status(Response.Status.BAD_REQUEST).entity("'apiKey' parameter does not correspond to the api-key to update").build();
    }
    // Force API Key
    apiKeyEntity.setKey(apiKey);
    ApiKeyEntity keyEntity = apiKeyService.update(apiKeyEntity);
    return Response.ok(keyEntity).build();
}
Also used : ApiKeyEntity(io.gravitee.rest.api.model.ApiKeyEntity) Permissions(io.gravitee.rest.api.management.rest.security.Permissions)

Example 29 with Permissions

use of io.gravitee.rest.api.management.rest.security.Permissions in project gravitee-management-rest-api by gravitee-io.

the class ApiMediaResource method uploadApiMediaImage.

@POST
@ApiOperation(value = "Create a media for an API", notes = "User must have the API_DOCUMENTATION[CREATE] permission to use this service")
@ApiResponses({ @ApiResponse(code = 201, message = "Media successfully created", response = PageEntity.class), @ApiResponse(code = 500, message = "Internal server error") })
@Permissions({ @Permission(value = RolePermission.API_DOCUMENTATION, acls = RolePermissionAction.CREATE) })
@Path("/upload")
@Consumes(MediaType.MULTIPART_FORM_DATA)
@Produces("text/plain")
public Response uploadApiMediaImage(@FormDataParam("file") InputStream uploadedInputStream, @FormDataParam("file") FormDataContentDisposition fileDetail, @FormDataParam("file") final FormDataBodyPart body) throws IOException {
    final String mediaId;
    if (fileDetail.getSize() > this.mediaService.getMediaMaxSize()) {
        throw new UploadUnauthorized("Max size achieved " + fileDetail.getSize());
    } else {
        MediaEntity mediaEntity = new MediaEntity();
        mediaEntity.setSize(fileDetail.getSize());
        mediaEntity.setType(body.getMediaType().getType());
        mediaEntity.setSubType(body.getMediaType().getSubtype());
        mediaEntity.setData(IOUtils.toByteArray(uploadedInputStream));
        mediaEntity.setFileName(fileDetail.getFileName());
        try {
            ImageUtils.verify(body.getMediaType().getType(), body.getMediaType().getSubtype(), mediaEntity.getData());
        } catch (InvalidImageException e) {
            return Response.status(Response.Status.BAD_REQUEST).entity("Invalid image format").build();
        }
        mediaId = mediaService.saveApiMedia(api, mediaEntity);
    }
    return Response.status(200).entity(mediaId).build();
}
Also used : UploadUnauthorized(io.gravitee.rest.api.service.exceptions.UploadUnauthorized) InvalidImageException(io.gravitee.rest.api.exception.InvalidImageException) MediaEntity(io.gravitee.rest.api.model.MediaEntity) Permissions(io.gravitee.rest.api.management.rest.security.Permissions)

Example 30 with Permissions

use of io.gravitee.rest.api.management.rest.security.Permissions in project gravitee-management-rest-api by gravitee-io.

the class ApiMetadataResource method deleteApiMetadata.

@DELETE
@Path("{metadata}")
@ApiOperation(value = "Delete a metadata", notes = "User must have the API_METADATA[DELETE] permission to use this service")
@ApiResponses({ @ApiResponse(code = 204, message = "Metadata successfully deleted"), @ApiResponse(code = 500, message = "Internal server error") })
@Permissions({ @Permission(value = RolePermission.API_METADATA, acls = RolePermissionAction.DELETE) })
public Response deleteApiMetadata(@PathParam("metadata") String metadata) {
    metadataService.delete(metadata, api);
    ApiEntity apiEntity = apiService.fetchMetadataForApi(apiService.findById(api));
    searchEngineService.index(apiEntity, false);
    return Response.noContent().build();
}
Also used : ApiEntity(io.gravitee.rest.api.model.api.ApiEntity) Permissions(io.gravitee.rest.api.management.rest.security.Permissions)

Aggregations

Permissions (io.gravitee.rest.api.management.rest.security.Permissions)48 ApiOperation (io.swagger.annotations.ApiOperation)11 GET (javax.ws.rs.GET)7 Produces (javax.ws.rs.Produces)7 MediaEntity (io.gravitee.rest.api.model.MediaEntity)6 ApiEntity (io.gravitee.rest.api.model.api.ApiEntity)6 ApiResponses (io.swagger.annotations.ApiResponses)6 MediaType (io.gravitee.common.http.MediaType)5 Permission (io.gravitee.rest.api.management.rest.security.Permission)5 PageEntity (io.gravitee.rest.api.model.PageEntity)5 RolePermission (io.gravitee.rest.api.model.permissions.RolePermission)5 UpdatePageEntity (io.gravitee.rest.api.model.UpdatePageEntity)4 LogQuery (io.gravitee.rest.api.model.analytics.query.LogQuery)4 RolePermissionAction (io.gravitee.rest.api.model.permissions.RolePermissionAction)4 UploadUnauthorized (io.gravitee.rest.api.service.exceptions.UploadUnauthorized)4 Collectors (java.util.stream.Collectors)4 Inject (javax.inject.Inject)4 InvalidImageException (io.gravitee.rest.api.exception.InvalidImageException)3 PagedResult (io.gravitee.rest.api.management.rest.model.PagedResult)3 GroupEntity (io.gravitee.rest.api.model.GroupEntity)3