Examples with Permissions io.gravitee.rest.api.management.rest.security.Permissions used on opensource projects

Example 41 with Permissions

use of io.gravitee.rest.api.management.rest.security.Permissions in project gravitee-management-rest-api by gravitee-io.

the class ApplicationResource method updateApplication.

@PUT
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@ApiOperation(value = "Update an application", notes = "User must have APPLICATION_DEFINITION[UPDATE] permission to update an application.")
@ApiResponses({ @ApiResponse(code = 200, message = "Updated application", response = ApplicationEntity.class), @ApiResponse(code = 500, message = "Internal server error") })
@Permissions({ @Permission(value = RolePermission.APPLICATION_DEFINITION, acls = RolePermissionAction.UPDATE) })
public ApplicationEntity updateApplication(@Valid @NotNull(message = "An application must be provided") final UpdateApplicationEntity updatedApplication) {
    // To preserve backward compatibility, ensure that we have at least default settings for simple application type
    if (updatedApplication.getSettings() == null || (updatedApplication.getSettings().getoAuthClient() == null && updatedApplication.getSettings().getApp() == null)) {
        ApplicationSettings settings = new ApplicationSettings();
        SimpleApplicationSettings simpleAppSettings = new SimpleApplicationSettings();
        simpleAppSettings.setType(updatedApplication.getType());
        simpleAppSettings.setClientId(updatedApplication.getClientId());
        updatedApplication.setSettings(settings);
    }
    return applicationService.update(application, updatedApplication);
}

Example 42 with Permissions

use of io.gravitee.rest.api.management.rest.security.Permissions in project gravitee-management-rest-api by gravitee-io.

the class ApplicationResource method getApplicationType.

@GET
@Path("configuration")
@Produces(MediaType.APPLICATION_JSON)
@ApiOperation(value = "Get application type definition of an application", notes = "User must have the READ permission to use this service")
@ApiResponses({ @ApiResponse(code = 200, message = "ApplicationType", response = ApplicationType.class), @ApiResponse(code = 500, message = "Internal server error") })
@Permissions({ @Permission(value = RolePermission.APPLICATION_DEFINITION, acls = RolePermissionAction.READ) })
public Response getApplicationType() {
    ApplicationEntity applicationEntity = applicationService.findById(application);
    ApplicationTypeEntity applicationType = applicationTypeService.getApplicationType(applicationEntity.getType());
    return Response.ok(applicationType).build();
}

Example 43 with Permissions

use of io.gravitee.rest.api.management.rest.security.Permissions in project gravitee-management-rest-api by gravitee-io.

the class ApplicationSubscriptionsResource method getApplicationSubscriptions.

@GET
@Produces(MediaType.APPLICATION_JSON)
@ApiOperation(value = "List subscriptions for the application", notes = "User must have the READ_SUBSCRIPTION permission to use this service")
@ApiResponses({ @ApiResponse(code = 200, message = "Paged result of application's subscriptions", response = PagedResult.class), @ApiResponse(code = 500, message = "Internal server error") })
@Permissions({ @Permission(value = RolePermission.APPLICATION_SUBSCRIPTION, acls = RolePermissionAction.READ) })
public PagedResult<SubscriptionEntity> getApplicationSubscriptions(@BeanParam SubscriptionParam subscriptionParam, @Valid @BeanParam Pageable pageable, @ApiParam(allowableValues = "keys", value = "Expansion of data to return in subscriptions") @QueryParam("expand") List<String> expand) {
    // Transform query parameters to a subscription query
    SubscriptionQuery subscriptionQuery = subscriptionParam.toQuery();
    subscriptionQuery.setApplication(application);
    Page<SubscriptionEntity> subscriptions = subscriptionService.search(subscriptionQuery, pageable.toPageable());
    if (expand != null && !expand.isEmpty()) {
        for (String e : expand) {
            switch(e) {
                case "keys":
                    subscriptions.getContent().forEach(subscriptionEntity -> {
                        final List<String> keys = apiKeyService.findBySubscription(subscriptionEntity.getId()).stream().filter(apiKeyEntity -> !apiKeyEntity.isExpired() && !apiKeyEntity.isRevoked()).map(ApiKeyEntity::getKey).collect(Collectors.toList());
                        subscriptionEntity.setKeys(keys);
                    });
                    break;
                default:
                    break;
            }
        }
    }
    PagedResult<SubscriptionEntity> result = new PagedResult<>(subscriptions, pageable.getSize());
    result.setMetadata(subscriptionService.getMetadata(subscriptions.getContent()).getMetadata());
    return result;
}

Example 44 with Permissions

use of io.gravitee.rest.api.management.rest.security.Permissions in project gravitee-management-rest-api by gravitee-io.

the class ApplicationSubscriptionsResource method createSubscriptionWithApplication.

@POST
@Produces(MediaType.APPLICATION_JSON)
@ApiOperation(value = "Subscribe to a plan", notes = "User must have the MANAGE_SUBSCRIPTIONS permission to use this service")
@ApiResponses({ @ApiResponse(code = 201, message = "Subscription successfully created", response = Subscription.class), @ApiResponse(code = 500, message = "Internal server error") })
@Permissions({ @Permission(value = RolePermission.APPLICATION_SUBSCRIPTION, acls = RolePermissionAction.CREATE) })
public Response createSubscriptionWithApplication(@ApiParam(name = "plan", required = true) @NotNull @QueryParam("plan") String plan, NewSubscriptionEntity newSubscriptionEntity) {
    // If no request message has been passed, the entity is not created
    if (newSubscriptionEntity == null) {
        newSubscriptionEntity = new NewSubscriptionEntity();
    }
    PlanEntity planEntity = planService.findById(plan);
    if (planEntity.isCommentRequired() && (newSubscriptionEntity.getRequest() == null || newSubscriptionEntity.getRequest().isEmpty())) {
        return Response.status(Response.Status.BAD_REQUEST).entity("Plan requires a consumer comment when subscribing").build();
    }
    newSubscriptionEntity.setApplication(application);
    newSubscriptionEntity.setPlan(plan);
    Subscription subscription = convert(subscriptionService.create(newSubscriptionEntity));
    return Response.created(this.getRequestUriBuilder().path(subscription.getId()).replaceQueryParam("plan", null).build()).entity(subscription).build();
}

Example 45 with Permissions

use of io.gravitee.rest.api.management.rest.security.Permissions in project gravitee-management-rest-api by gravitee-io.

the class AuditResource method getAudits.

@GET
@ApiOperation(value = "Retrieve audit logs for the platform", notes = "User must have the MANAGEMENT_AUDIT[READ] permission to use this service")
@ApiResponses({ @ApiResponse(code = 200, message = "List of audits"), @ApiResponse(code = 500, message = "Internal server error") })
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@Permissions({ @Permission(value = RolePermission.ENVIRONMENT_AUDIT, acls = RolePermissionAction.READ) })
public MetadataPage<AuditEntity> getAudits(@BeanParam AuditParam param) {
    AuditQuery query = new AuditQuery();
    query.setFrom(param.getFrom());
    query.setTo(param.getTo());
    query.setPage(param.getPage());
    query.setSize(param.getSize());
    if (param.isEnvironmentLogsOnly()) {
        query.setCurrentEnvironmentLogsOnly(true);
    } else if (param.isOrganizationLogsOnly()) {
        query.setCurrentOrganizationLogsOnly(true);
    } else {
        if (param.getApiId() != null) {
            query.setApiIds(Collections.singletonList(param.getApiId()));
        }
        if (param.getApplicationId() != null) {
            query.setApplicationIds(Collections.singletonList(param.getApplicationId()));
        }
    }
    if (param.getEvent() != null) {
        query.setEvents(Collections.singletonList(param.getEvent()));
    }
    return auditService.search(query);
}