Search in sources :

Example 31 with Permissions

use of io.gravitee.rest.api.management.rest.security.Permissions in project gravitee-management-rest-api by gravitee-io.

the class ApiMetadataResource method createApiMetadata.

@POST
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@ApiOperation(value = "Create an API metadata", notes = "User must have the API_METADATA[CREATE] permission to use this service")
@ApiResponses({ @ApiResponse(code = 201, message = "A new API metadata", response = ApiMetadataEntity.class), @ApiResponse(code = 500, message = "Internal server error") })
@Permissions({ @Permission(value = RolePermission.API_METADATA, acls = RolePermissionAction.CREATE) })
public Response createApiMetadata(@Valid @NotNull final NewApiMetadataEntity metadata) {
    // prevent creation of a metadata on an another API
    metadata.setApiId(api);
    final ApiMetadataEntity apiMetadataEntity = metadataService.create(metadata);
    ApiEntity apiEntity = apiService.fetchMetadataForApi(apiService.findById(api));
    searchEngineService.index(apiEntity, false);
    return Response.created(this.getLocationHeader(apiMetadataEntity.getKey())).entity(apiMetadataEntity).build();
}
Also used : NewApiMetadataEntity(io.gravitee.rest.api.model.NewApiMetadataEntity) UpdateApiMetadataEntity(io.gravitee.rest.api.model.UpdateApiMetadataEntity) ApiMetadataEntity(io.gravitee.rest.api.model.ApiMetadataEntity) ApiEntity(io.gravitee.rest.api.model.api.ApiEntity) Permissions(io.gravitee.rest.api.management.rest.security.Permissions)

Example 32 with Permissions

use of io.gravitee.rest.api.management.rest.security.Permissions in project gravitee-management-rest-api by gravitee-io.

the class ApiPageMediaResource method getApiPageMedia.

@GET
@Produces(MediaType.APPLICATION_JSON)
@ApiOperation(value = "Retrieve all media for an API page", notes = "User must have the API_DOCUMENTATION[READ] permission to use this service")
@Permissions({ @Permission(value = RolePermission.API_DOCUMENTATION, acls = RolePermissionAction.READ) })
public Response getApiPageMedia() {
    final PageEntity currentPage = pageService.findById(page);
    List<MediaEntity> pageMedia = mediaService.findAllWithoutContent(currentPage.getAttachedMedia(), api);
    if (pageMedia != null && !pageMedia.isEmpty()) {
        return Response.ok(pageMedia).build();
    }
    return Response.noContent().build();
}
Also used : PageEntity(io.gravitee.rest.api.model.PageEntity) MediaEntity(io.gravitee.rest.api.model.MediaEntity) Permissions(io.gravitee.rest.api.management.rest.security.Permissions)

Example 33 with Permissions

use of io.gravitee.rest.api.management.rest.security.Permissions in project gravitee-management-rest-api by gravitee-io.

the class ApiLogsResource method getApiLogs.

@GET
@Produces(MediaType.APPLICATION_JSON)
@ApiOperation(value = "Get API logs")
@ApiResponses({ @ApiResponse(code = 200, message = "API logs"), @ApiResponse(code = 500, message = "Internal server error") })
@Permissions({ @Permission(value = RolePermission.API_LOG, acls = RolePermissionAction.READ) })
public SearchLogResponse getApiLogs(@BeanParam LogsParam param) {
    param.validate();
    LogQuery logQuery = new LogQuery();
    logQuery.setQuery(param.getQuery());
    logQuery.setPage(param.getPage());
    logQuery.setSize(param.getSize());
    logQuery.setFrom(param.getFrom());
    logQuery.setTo(param.getTo());
    logQuery.setField(param.getField());
    logQuery.setOrder(param.isOrder());
    return logsService.findByApi(api, logQuery);
}
Also used : LogQuery(io.gravitee.rest.api.model.analytics.query.LogQuery) Permissions(io.gravitee.rest.api.management.rest.security.Permissions)

Example 34 with Permissions

use of io.gravitee.rest.api.management.rest.security.Permissions in project gravitee-management-rest-api by gravitee-io.

the class ApiAuditResource method getApiAuditEvents.

@Path("/events")
@GET
@ApiOperation(value = "List available audit event type for API", notes = "User must have the API_AUDIT[READ] permission to use this service")
@Produces(MediaType.APPLICATION_JSON)
@Permissions({ @Permission(value = RolePermission.API_AUDIT, acls = RolePermissionAction.READ) })
public Response getApiAuditEvents() {
    if (events.isEmpty()) {
        Set<Class<? extends Audit.ApiAuditEvent>> subTypesOf = new Reflections("io.gravitee.repository.management.model").getSubTypesOf(Audit.ApiAuditEvent.class);
        for (Class<? extends Audit.ApiAuditEvent> clazz : subTypesOf) {
            if (clazz.isEnum()) {
                events.addAll(Arrays.asList(clazz.getEnumConstants()));
            }
        }
        events.sort(Comparator.comparing(Audit.AuditEvent::name));
    }
    return Response.ok(events).build();
}
Also used : Audit(io.gravitee.repository.management.model.Audit) Reflections(org.reflections.Reflections) ApiOperation(io.swagger.annotations.ApiOperation) Permissions(io.gravitee.rest.api.management.rest.security.Permissions)

Example 35 with Permissions

use of io.gravitee.rest.api.management.rest.security.Permissions in project gravitee-management-rest-api by gravitee-io.

the class ApiPagesResource method createApiPage.

@POST
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@ApiOperation(value = "Create a page", notes = "User must have the MANAGE_PAGES permission to use this service")
@ApiResponses({ @ApiResponse(code = 201, message = "Page successfully created", response = PageEntity.class), @ApiResponse(code = 500, message = "Internal server error") })
@Permissions({ @Permission(value = RolePermission.API_DOCUMENTATION, acls = RolePermissionAction.CREATE) })
public Response createApiPage(@ApiParam(name = "page", required = true) @Valid @NotNull NewPageEntity newPageEntity) {
    if (newPageEntity.getType().equals(PageType.SYSTEM_FOLDER)) {
        throw new PageSystemFolderActionException("Create");
    } else if (newPageEntity.getType().equals(PageType.MARKDOWN_TEMPLATE)) {
        throw new PageMarkdownTemplateActionException("Create");
    }
    int order = pageService.findMaxApiPageOrderByApi(api) + 1;
    newPageEntity.setOrder(order);
    newPageEntity.setLastContributor(getAuthenticatedUser());
    PageEntity newPage = pageService.createPage(api, newPageEntity, GraviteeContext.getCurrentEnvironment());
    if (newPage != null) {
        return Response.created(this.getLocationHeader(newPage.getId())).entity(newPage).build();
    }
    return Response.serverError().build();
}
Also used : PageSystemFolderActionException(io.gravitee.rest.api.service.exceptions.PageSystemFolderActionException) PageMarkdownTemplateActionException(io.gravitee.rest.api.service.exceptions.PageMarkdownTemplateActionException) Permissions(io.gravitee.rest.api.management.rest.security.Permissions)

Aggregations

Permissions (io.gravitee.rest.api.management.rest.security.Permissions)48 ApiOperation (io.swagger.annotations.ApiOperation)11 GET (javax.ws.rs.GET)7 Produces (javax.ws.rs.Produces)7 MediaEntity (io.gravitee.rest.api.model.MediaEntity)6 ApiEntity (io.gravitee.rest.api.model.api.ApiEntity)6 ApiResponses (io.swagger.annotations.ApiResponses)6 MediaType (io.gravitee.common.http.MediaType)5 Permission (io.gravitee.rest.api.management.rest.security.Permission)5 PageEntity (io.gravitee.rest.api.model.PageEntity)5 RolePermission (io.gravitee.rest.api.model.permissions.RolePermission)5 UpdatePageEntity (io.gravitee.rest.api.model.UpdatePageEntity)4 LogQuery (io.gravitee.rest.api.model.analytics.query.LogQuery)4 RolePermissionAction (io.gravitee.rest.api.model.permissions.RolePermissionAction)4 UploadUnauthorized (io.gravitee.rest.api.service.exceptions.UploadUnauthorized)4 Collectors (java.util.stream.Collectors)4 Inject (javax.inject.Inject)4 InvalidImageException (io.gravitee.rest.api.exception.InvalidImageException)3 PagedResult (io.gravitee.rest.api.management.rest.model.PagedResult)3 GroupEntity (io.gravitee.rest.api.model.GroupEntity)3