Search in sources :

Example 1 with GroupEntity

use of io.gravitee.rest.api.model.GroupEntity in project gravitee-management-rest-api by gravitee-io.

the class GroupResource method updateGroup.

@PUT
@Consumes(APPLICATION_JSON)
@Produces(APPLICATION_JSON)
@ApiOperation(value = "Update an existing group")
@ApiResponses({ @ApiResponse(code = 200, message = "Group successfully updated", response = GroupEntity.class), @ApiResponse(code = 500, message = "Internal server error") })
@Permissions({ @Permission(value = RolePermission.ENVIRONMENT_GROUP, acls = RolePermissionAction.UPDATE), @Permission(value = RolePermission.GROUP_MEMBER, acls = RolePermissionAction.UPDATE) })
public GroupEntity updateGroup(@ApiParam(name = "group", required = true) @Valid @NotNull final UpdateGroupEntity updateGroupEntity) {
    final GroupEntity groupEntity = checkRights();
    // check if user is a 'simple group admin' or a platform admin
    if (!permissionService.hasPermission(RolePermission.ENVIRONMENT_GROUP, GraviteeContext.getCurrentEnvironment(), CREATE, UPDATE, DELETE)) {
        updateGroupEntity.setMaxInvitation(groupEntity.getMaxInvitation());
        updateGroupEntity.setLockApiRole(groupEntity.isLockApiRole());
        updateGroupEntity.setLockApplicationRole(groupEntity.isLockApplicationRole());
        updateGroupEntity.setSystemInvitation(groupEntity.isSystemInvitation());
        updateGroupEntity.setEmailInvitation(groupEntity.isEmailInvitation());
        if (groupEntity.isLockApiRole()) {
            updateGroupEntity.getRoles().put(RoleScope.API, groupEntity.getRoles().get(RoleScope.API));
        }
        if (groupEntity.isLockApplicationRole()) {
            updateGroupEntity.getRoles().put(RoleScope.APPLICATION, groupEntity.getRoles().get(RoleScope.APPLICATION));
        }
    }
    return groupService.update(group, updateGroupEntity);
}
Also used : GroupEntity(io.gravitee.rest.api.model.GroupEntity) UpdateGroupEntity(io.gravitee.rest.api.model.UpdateGroupEntity) Permissions(io.gravitee.rest.api.management.rest.security.Permissions)

Example 2 with GroupEntity

use of io.gravitee.rest.api.model.GroupEntity in project gravitee-management-rest-api by gravitee-io.

the class GroupResource method addGroupMember.

@POST
@Path("/memberships")
@Produces(APPLICATION_JSON)
@ApiOperation(value = "Associate a group to existing APIs or Applications")
@ApiResponses({ @ApiResponse(code = 200, message = "Group successfully updated", response = GroupEntity.class), @ApiResponse(code = 500, message = "Internal server error") })
@Permissions({ @Permission(value = RolePermission.ENVIRONMENT_GROUP, acls = RolePermissionAction.UPDATE) })
public GroupEntity addGroupMember(@QueryParam("type") String type) {
    final GroupEntity groupEntity = checkRights();
    groupService.associate(group, type);
    return groupEntity;
}
Also used : GroupEntity(io.gravitee.rest.api.model.GroupEntity) UpdateGroupEntity(io.gravitee.rest.api.model.UpdateGroupEntity) Permissions(io.gravitee.rest.api.management.rest.security.Permissions)

Example 3 with GroupEntity

use of io.gravitee.rest.api.model.GroupEntity in project gravitee-management-rest-api by gravitee-io.

the class GroupInvitationsResource method createGroupInvitation.

@POST
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@ApiOperation(value = "Create an invitation to join a group", notes = "User must have the GROUP_INVITATION[CREATE] permission to use this service")
@Permissions({ @Permission(value = RolePermission.ENVIRONMENT_GROUP, acls = { UPDATE, CREATE }), @Permission(value = RolePermission.GROUP_INVITATION, acls = RolePermissionAction.CREATE) })
public InvitationEntity createGroupInvitation(@Valid @NotNull final NewInvitationEntity invitationEntity) {
    // Check that group exists
    final GroupEntity groupEntity = groupService.findById(group);
    // check if user is a 'simple group admin' or a platform admin
    final boolean hasPermission = permissionService.hasPermission(RolePermission.ENVIRONMENT_GROUP, GraviteeContext.getCurrentEnvironment(), CREATE, UPDATE, DELETE);
    if (!hasPermission) {
        if (groupEntity.getMaxInvitation() != null && groupService.getNumberOfMembers(group) >= groupEntity.getMaxInvitation()) {
            throw new GroupMembersLimitationExceededException(groupEntity.getMaxInvitation());
        }
        if (!groupEntity.isEmailInvitation()) {
            throw new GroupInvitationForbiddenException(EMAIL, group);
        }
    }
    invitationEntity.setReferenceType(GROUP);
    invitationEntity.setReferenceId(group);
    return invitationService.create(invitationEntity);
}
Also used : GroupMembersLimitationExceededException(io.gravitee.rest.api.service.exceptions.GroupMembersLimitationExceededException) GroupEntity(io.gravitee.rest.api.model.GroupEntity) GroupInvitationForbiddenException(io.gravitee.rest.api.service.exceptions.GroupInvitationForbiddenException) ApiOperation(io.swagger.annotations.ApiOperation) Permissions(io.gravitee.rest.api.management.rest.security.Permissions)

Example 4 with GroupEntity

use of io.gravitee.rest.api.model.GroupEntity in project gravitee-management-rest-api by gravitee-io.

the class ApplicationMapperTest method init.

@Before
public void init() {
    now = Instant.now();
    Date nowDate = Date.from(now);
    applicationEntity = new ApplicationEntity();
    applicationListItem = new ApplicationListItem();
    // init
    reset(groupService);
    reset(userService);
    reset(userMapper);
    GroupEntity grpEntity = new GroupEntity();
    grpEntity.setId(APPLICATION_GROUP_ID);
    grpEntity.setName(APPLICATION_GROUP_NAME);
    when(groupService.findById(APPLICATION_GROUP_ID)).thenReturn(grpEntity);
    UserEntity userEntity = Mockito.mock(UserEntity.class);
    when(userEntity.getDisplayName()).thenReturn(APPLICATION_USER_DISPLAYNAME);
    when(userEntity.getEmail()).thenReturn(APPLICATION_USER_EMAIL);
    when(userEntity.getId()).thenReturn(APPLICATION_USER_ID);
    when(userService.findById(APPLICATION_USER_ID)).thenReturn(userEntity);
    when(userMapper.convert(userEntity)).thenCallRealMethod();
    when(userMapper.computeUserLinks(anyString(), any())).thenCallRealMethod();
    PrimaryOwnerEntity primaryOwner = new PrimaryOwnerEntity(userEntity);
    when(uriInfo.getBaseUriBuilder()).thenReturn(UriBuilder.fromPath(""));
    applicationEntity.setCreatedAt(nowDate);
    applicationEntity.setDescription(APPLICATION_DESCRIPTION);
    applicationEntity.setGroups(new HashSet<String>(Arrays.asList(APPLICATION_GROUP_ID)));
    applicationEntity.setId(APPLICATION_ID);
    applicationEntity.setName(APPLICATION_NAME);
    applicationEntity.setPrimaryOwner(primaryOwner);
    applicationEntity.setStatus(APPLICATION_STATUS);
    applicationEntity.setType(APPLICATION_TYPE);
    applicationEntity.setUpdatedAt(nowDate);
    applicationListItem.setCreatedAt(nowDate);
    applicationListItem.setDescription(APPLICATION_DESCRIPTION);
    applicationListItem.setGroups(new HashSet<String>(Arrays.asList(APPLICATION_GROUP_ID)));
    applicationListItem.setId(APPLICATION_ID);
    applicationListItem.setName(APPLICATION_NAME);
    applicationListItem.setPrimaryOwner(primaryOwner);
    applicationListItem.setStatus(APPLICATION_STATUS);
    applicationListItem.setType(APPLICATION_TYPE);
    applicationListItem.setUpdatedAt(nowDate);
}
Also used : ApplicationListItem(io.gravitee.rest.api.model.application.ApplicationListItem) ApplicationEntity(io.gravitee.rest.api.model.ApplicationEntity) GroupEntity(io.gravitee.rest.api.model.GroupEntity) PrimaryOwnerEntity(io.gravitee.rest.api.model.PrimaryOwnerEntity) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) Date(java.util.Date) UserEntity(io.gravitee.rest.api.model.UserEntity) Before(org.junit.Before)

Example 5 with GroupEntity

use of io.gravitee.rest.api.model.GroupEntity in project gravitee-management-rest-api by gravitee-io.

the class PermissionsFilter method filter.

protected void filter(Permissions permissions, ContainerRequestContext requestContext) {
    if (permissions != null && permissions.value().length > 0) {
        Principal principal = securityContext.getUserPrincipal();
        if (principal != null) {
            String username = principal.getName();
            for (Permission permission : permissions.value()) {
                Map<String, char[]> memberPermissions;
                switch(permission.value().getScope()) {
                    case ORGANIZATION:
                        memberPermissions = membershipService.getUserMemberPermissions(MembershipReferenceType.ORGANIZATION, GraviteeContext.getCurrentOrganization(), username);
                        if (roleService.hasPermission(memberPermissions, permission.value().getPermission(), permission.acls())) {
                            return;
                        }
                        break;
                    case ENVIRONMENT:
                        memberPermissions = membershipService.getUserMemberPermissions(MembershipReferenceType.ENVIRONMENT, GraviteeContext.getCurrentEnvironment(), username);
                        if (roleService.hasPermission(memberPermissions, permission.value().getPermission(), permission.acls())) {
                            return;
                        }
                        break;
                    case APPLICATION:
                        ApplicationEntity application = getApplication(requestContext);
                        memberPermissions = membershipService.getUserMemberPermissions(application, username);
                        if (roleService.hasPermission(memberPermissions, permission.value().getPermission(), permission.acls())) {
                            return;
                        }
                        break;
                    case API:
                        ApiEntity api = getApi(requestContext);
                        memberPermissions = membershipService.getUserMemberPermissions(api, username);
                        if (roleService.hasPermission(memberPermissions, permission.value().getPermission(), permission.acls())) {
                            return;
                        }
                        break;
                    case GROUP:
                        GroupEntity group = getGroup(requestContext);
                        memberPermissions = membershipService.getUserMemberPermissions(group, username);
                        if (roleService.hasPermission(memberPermissions, permission.value().getPermission(), permission.acls())) {
                            return;
                        }
                        break;
                    default:
                        sendSecurityError();
                }
            }
        }
        sendSecurityError();
    }
}
Also used : ApplicationEntity(io.gravitee.rest.api.model.ApplicationEntity) GroupEntity(io.gravitee.rest.api.model.GroupEntity) Permission(io.gravitee.rest.api.management.rest.security.Permission) ApiEntity(io.gravitee.rest.api.model.api.ApiEntity) Principal(java.security.Principal)

Aggregations

GroupEntity (io.gravitee.rest.api.model.GroupEntity)14 Test (org.junit.Test)5 Permissions (io.gravitee.rest.api.management.rest.security.Permissions)3 Group (io.gravitee.repository.management.model.Group)2 GroupEventRule (io.gravitee.repository.management.model.GroupEventRule)2 Membership (io.gravitee.repository.management.model.Membership)2 ApplicationEntity (io.gravitee.rest.api.model.ApplicationEntity)2 UpdateGroupEntity (io.gravitee.rest.api.model.UpdateGroupEntity)2 UserMembership (io.gravitee.rest.api.model.UserMembership)2 Permission (io.gravitee.rest.api.management.rest.security.Permission)1 NewGroupEntity (io.gravitee.rest.api.model.NewGroupEntity)1 PrimaryOwnerEntity (io.gravitee.rest.api.model.PrimaryOwnerEntity)1 RoleEntity (io.gravitee.rest.api.model.RoleEntity)1 UserEntity (io.gravitee.rest.api.model.UserEntity)1 ApiEntity (io.gravitee.rest.api.model.api.ApiEntity)1 ApplicationListItem (io.gravitee.rest.api.model.application.ApplicationListItem)1 GroupInvitationForbiddenException (io.gravitee.rest.api.service.exceptions.GroupInvitationForbiddenException)1 GroupMembersLimitationExceededException (io.gravitee.rest.api.service.exceptions.GroupMembersLimitationExceededException)1 ApiOperation (io.swagger.annotations.ApiOperation)1 Principal (java.security.Principal)1