Example 26 with ApplicationEntity
use of io.gravitee.rest.api.model.ApplicationEntity in project gravitee-management-rest-api by gravitee-io.
the class PermissionFilterTest method initApplicationMocks.
/**
* APPLICATION Tests
*/
private ApplicationEntity initApplicationMocks() {
ApplicationEntity application = new ApplicationEntity();
application.setId(APPLICATION_ID);
Principal user = () -> USERNAME;
when(applicationService.findById(application.getId())).thenReturn(application);
when(securityContext.getUserPrincipal()).thenReturn(user);
Permission perm = mock(Permission.class);
when(perm.value()).thenReturn(RolePermission.APPLICATION_ANALYTICS);
when(perm.acls()).thenReturn(new RolePermissionAction[] { RolePermissionAction.UPDATE });
when(permissions.value()).thenReturn(new Permission[] { perm });
UriInfo uriInfo = mock(UriInfo.class);
MultivaluedHashMap<String, String> map = new MultivaluedHashMap<>();
map.put("applicationId", Collections.singletonList(application.getId()));
when(uriInfo.getPathParameters()).thenReturn(map);
when(containerRequestContext.getUriInfo()).thenReturn(uriInfo);
return application;
}
Also used :
MultivaluedHashMap(javax.ws.rs.core.MultivaluedHashMap)
ApplicationEntity(io.gravitee.rest.api.model.ApplicationEntity)
Permission(io.gravitee.rest.api.portal.rest.security.Permission)
RolePermission(io.gravitee.rest.api.model.permissions.RolePermission)
Principal(java.security.Principal)
UriInfo(javax.ws.rs.core.UriInfo)
Example 27 with ApplicationEntity
use of io.gravitee.rest.api.model.ApplicationEntity in project gravitee-management-rest-api by gravitee-io.
the class PermissionFilterTest method shouldThrowForbiddenExceptionWhenNoApplicationPermissions.
@Test(expected = ForbiddenAccessException.class)
public void shouldThrowForbiddenExceptionWhenNoApplicationPermissions() {
ApplicationEntity application = initApplicationMocks();
when(roleService.hasPermission(any(), any(), any())).thenReturn(false);
try {
permissionFilter.filter(permissions, containerRequestContext);
} catch (ForbiddenAccessException e) {
verify(applicationService, times(1)).findById(application.getId());
verify(apiService, never()).findById(any());
verify(roleService, times(1)).hasPermission(any(), any(), any());
verify(membershipService, times(1)).getUserMemberPermissions(application, USERNAME);
verify(membershipService, never()).getRoles(any(), any(), any(), any());
throw e;
}
Assert.fail("Should throw a ForbiddenAccessException");
}
Also used :
ApplicationEntity(io.gravitee.rest.api.model.ApplicationEntity)
ForbiddenAccessException(io.gravitee.rest.api.service.exceptions.ForbiddenAccessException)
Test(org.junit.Test)
Example 28 with ApplicationEntity
use of io.gravitee.rest.api.model.ApplicationEntity in project gravitee-management-rest-api by gravitee-io.
the class ApiSubscribersResource method getApiSubscribers.
@GET
@Produces(MediaType.APPLICATION_JSON)
@ApiOperation(value = "List subscribers for the API", notes = "User must have the MANAGE_SUBSCRIPTIONS permission to use this service")
@ApiResponses({ @ApiResponse(code = 200, message = "Paged result of API subscribers", response = ApplicationEntity.class, responseContainer = "List"), @ApiResponse(code = 500, message = "Internal server error") })
public Collection<ApplicationEntity> getApiSubscribers() {
if (!hasPermission(RolePermission.API_SUBSCRIPTION, api, RolePermissionAction.READ) && !hasPermission(RolePermission.API_LOG, api, RolePermissionAction.READ)) {
throw new ForbiddenAccessException();
}
SubscriptionQuery subscriptionQuery = new SubscriptionQuery();
subscriptionQuery.setApi(api);
Collection<SubscriptionEntity> subscriptions = subscriptionService.search(subscriptionQuery);
return subscriptions.stream().map(SubscriptionEntity::getApplication).distinct().map(application -> applicationService.findById(application)).sorted((o1, o2) -> String.CASE_INSENSITIVE_ORDER.compare(o1.getName(), o2.getName())).collect(Collectors.toList());
}
Also used :
RolePermissionAction(io.gravitee.rest.api.model.permissions.RolePermissionAction)
PathParam(javax.ws.rs.PathParam)
Context(javax.ws.rs.core.Context)
Produces(javax.ws.rs.Produces)
GET(javax.ws.rs.GET)
Collection(java.util.Collection)
ForbiddenAccessException(io.gravitee.rest.api.service.exceptions.ForbiddenAccessException)
SubscriptionEntity(io.gravitee.rest.api.model.SubscriptionEntity)
Collectors(java.util.stream.Collectors)
Inject(javax.inject.Inject)
SubscriptionService(io.gravitee.rest.api.service.SubscriptionService)
MediaType(io.gravitee.common.http.MediaType)
ResourceContext(javax.ws.rs.container.ResourceContext)
ApplicationService(io.gravitee.rest.api.service.ApplicationService)
io.swagger.annotations(io.swagger.annotations)
SubscriptionQuery(io.gravitee.rest.api.model.subscription.SubscriptionQuery)
ApplicationEntity(io.gravitee.rest.api.model.ApplicationEntity)
RolePermission(io.gravitee.rest.api.model.permissions.RolePermission)
SubscriptionEntity(io.gravitee.rest.api.model.SubscriptionEntity)
ForbiddenAccessException(io.gravitee.rest.api.service.exceptions.ForbiddenAccessException)
SubscriptionQuery(io.gravitee.rest.api.model.subscription.SubscriptionQuery)
Produces(javax.ws.rs.Produces)
GET(javax.ws.rs.GET)
Example 29 with ApplicationEntity
use of io.gravitee.rest.api.model.ApplicationEntity in project gravitee-management-rest-api by gravitee-io.
the class SubscriptionsResource method convert.
private Subscription convert(SubscriptionEntity subscriptionEntity) {
Subscription subscription = new Subscription();
subscription.setId(subscriptionEntity.getId());
subscription.setCreatedAt(subscriptionEntity.getCreatedAt());
subscription.setUpdatedAt(subscriptionEntity.getUpdatedAt());
subscription.setStartingAt(subscriptionEntity.getStartingAt());
subscription.setEndingAt(subscriptionEntity.getEndingAt());
subscription.setProcessedAt(subscriptionEntity.getProcessedAt());
subscription.setProcessedBy(subscriptionEntity.getProcessedBy());
subscription.setReason(subscriptionEntity.getReason());
subscription.setStatus(subscriptionEntity.getStatus());
ApplicationEntity application = applicationService.findById(subscriptionEntity.getApplication());
subscription.setApplication(new Subscription.Application(application.getId(), application.getName(), application.getType(), application.getDescription(), new Subscription.User(application.getPrimaryOwner().getId(), application.getPrimaryOwner().getDisplayName())));
PlanEntity plan = planService.findById(subscriptionEntity.getPlan());
subscription.setPlan(new Subscription.Plan(plan.getId(), plan.getName()));
subscription.setClosedAt(subscriptionEntity.getClosedAt());
return subscription;
}
Also used :
ApplicationEntity(io.gravitee.rest.api.model.ApplicationEntity)
PlanEntity(io.gravitee.rest.api.model.PlanEntity)
Subscription(io.gravitee.rest.api.management.rest.model.Subscription)
Example 30 with ApplicationEntity
use of io.gravitee.rest.api.model.ApplicationEntity in project gravitee-management-rest-api by gravitee-io.
the class PermissionFilterTest method shouldThrowForbiddenExceptionWhenNoApplicationPermissions.
@Test(expected = ForbiddenAccessException.class)
public void shouldThrowForbiddenExceptionWhenNoApplicationPermissions() {
ApplicationEntity application = initApplicationMocks();
when(roleService.hasPermission(any(), any(), any())).thenReturn(false);
try {
permissionFilter.filter(permissions, containerRequestContext);
} catch (ForbiddenAccessException e) {
verify(applicationService, times(1)).findById(application.getId());
verify(apiService, never()).findById(any());
verify(roleService, times(1)).hasPermission(any(), any(), any());
verify(membershipService, times(1)).getUserMemberPermissions(application, USERNAME);
verify(membershipService, never()).getRoles(any(), any(), any(), any());
throw e;
}
Assert.fail("Should throw a ForbiddenAccessException");
}
Also used :
ApplicationEntity(io.gravitee.rest.api.model.ApplicationEntity)
ForbiddenAccessException(io.gravitee.rest.api.service.exceptions.ForbiddenAccessException)
Test(org.junit.Test)
Aggregations
ApplicationEntity (io.gravitee.rest.api.model.ApplicationEntity)38
Test (org.junit.Test)19
Response (javax.ws.rs.core.Response)8
ApplicationSettings (io.gravitee.rest.api.model.application.ApplicationSettings)7
SimpleApplicationSettings (io.gravitee.rest.api.model.application.SimpleApplicationSettings)7
NewApplicationEntity (io.gravitee.rest.api.model.NewApplicationEntity)6
ApplicationListItem (io.gravitee.rest.api.model.application.ApplicationListItem)6
UserEntity (io.gravitee.rest.api.model.UserEntity)5
ApiEntity (io.gravitee.rest.api.model.api.ApiEntity)5
Application (io.gravitee.rest.api.portal.rest.model.Application)5
UpdateApplicationEntity (io.gravitee.rest.api.model.UpdateApplicationEntity)4
Before (org.junit.Before)4
SubscriptionEntity (io.gravitee.rest.api.model.SubscriptionEntity)3
NewAlertTriggerEntity (io.gravitee.rest.api.model.alert.NewAlertTriggerEntity)3
OAuthClientSettings (io.gravitee.rest.api.model.application.OAuthClientSettings)3
Permissions (io.gravitee.rest.api.portal.rest.security.Permissions)3
UserService (io.gravitee.rest.api.service.UserService)3
ApplicationNotFoundException (io.gravitee.rest.api.service.exceptions.ApplicationNotFoundException)3
ForbiddenAccessException (io.gravitee.rest.api.service.exceptions.ForbiddenAccessException)3
MediaType (io.gravitee.common.http.MediaType)2
