use of io.gravitee.rest.api.model.GroupEntity in project gravitee-management-rest-api by gravitee-io.
the class GroupResource method updateGroup.
@PUT
@Consumes(APPLICATION_JSON)
@Produces(APPLICATION_JSON)
@ApiOperation(value = "Update an existing group")
@ApiResponses({ @ApiResponse(code = 200, message = "Group successfully updated", response = GroupEntity.class), @ApiResponse(code = 500, message = "Internal server error") })
@Permissions({ @Permission(value = RolePermission.ENVIRONMENT_GROUP, acls = RolePermissionAction.UPDATE), @Permission(value = RolePermission.GROUP_MEMBER, acls = RolePermissionAction.UPDATE) })
public GroupEntity updateGroup(@ApiParam(name = "group", required = true) @Valid @NotNull final UpdateGroupEntity updateGroupEntity) {
final GroupEntity groupEntity = checkRights();
// check if user is a 'simple group admin' or a platform admin
if (!permissionService.hasPermission(RolePermission.ENVIRONMENT_GROUP, GraviteeContext.getCurrentEnvironment(), CREATE, UPDATE, DELETE)) {
updateGroupEntity.setMaxInvitation(groupEntity.getMaxInvitation());
updateGroupEntity.setLockApiRole(groupEntity.isLockApiRole());
updateGroupEntity.setLockApplicationRole(groupEntity.isLockApplicationRole());
updateGroupEntity.setSystemInvitation(groupEntity.isSystemInvitation());
updateGroupEntity.setEmailInvitation(groupEntity.isEmailInvitation());
if (groupEntity.isLockApiRole()) {
updateGroupEntity.getRoles().put(RoleScope.API, groupEntity.getRoles().get(RoleScope.API));
}
if (groupEntity.isLockApplicationRole()) {
updateGroupEntity.getRoles().put(RoleScope.APPLICATION, groupEntity.getRoles().get(RoleScope.APPLICATION));
}
}
return groupService.update(group, updateGroupEntity);
}
use of io.gravitee.rest.api.model.GroupEntity in project gravitee-management-rest-api by gravitee-io.
the class GroupResource method addGroupMember.
@POST
@Path("/memberships")
@Produces(APPLICATION_JSON)
@ApiOperation(value = "Associate a group to existing APIs or Applications")
@ApiResponses({ @ApiResponse(code = 200, message = "Group successfully updated", response = GroupEntity.class), @ApiResponse(code = 500, message = "Internal server error") })
@Permissions({ @Permission(value = RolePermission.ENVIRONMENT_GROUP, acls = RolePermissionAction.UPDATE) })
public GroupEntity addGroupMember(@QueryParam("type") String type) {
final GroupEntity groupEntity = checkRights();
groupService.associate(group, type);
return groupEntity;
}
use of io.gravitee.rest.api.model.GroupEntity in project gravitee-management-rest-api by gravitee-io.
the class GroupInvitationsResource method createGroupInvitation.
@POST
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@ApiOperation(value = "Create an invitation to join a group", notes = "User must have the GROUP_INVITATION[CREATE] permission to use this service")
@Permissions({ @Permission(value = RolePermission.ENVIRONMENT_GROUP, acls = { UPDATE, CREATE }), @Permission(value = RolePermission.GROUP_INVITATION, acls = RolePermissionAction.CREATE) })
public InvitationEntity createGroupInvitation(@Valid @NotNull final NewInvitationEntity invitationEntity) {
// Check that group exists
final GroupEntity groupEntity = groupService.findById(group);
// check if user is a 'simple group admin' or a platform admin
final boolean hasPermission = permissionService.hasPermission(RolePermission.ENVIRONMENT_GROUP, GraviteeContext.getCurrentEnvironment(), CREATE, UPDATE, DELETE);
if (!hasPermission) {
if (groupEntity.getMaxInvitation() != null && groupService.getNumberOfMembers(group) >= groupEntity.getMaxInvitation()) {
throw new GroupMembersLimitationExceededException(groupEntity.getMaxInvitation());
}
if (!groupEntity.isEmailInvitation()) {
throw new GroupInvitationForbiddenException(EMAIL, group);
}
}
invitationEntity.setReferenceType(GROUP);
invitationEntity.setReferenceId(group);
return invitationService.create(invitationEntity);
}
use of io.gravitee.rest.api.model.GroupEntity in project gravitee-management-rest-api by gravitee-io.
the class ApplicationMapperTest method init.
@Before
public void init() {
now = Instant.now();
Date nowDate = Date.from(now);
applicationEntity = new ApplicationEntity();
applicationListItem = new ApplicationListItem();
// init
reset(groupService);
reset(userService);
reset(userMapper);
GroupEntity grpEntity = new GroupEntity();
grpEntity.setId(APPLICATION_GROUP_ID);
grpEntity.setName(APPLICATION_GROUP_NAME);
when(groupService.findById(APPLICATION_GROUP_ID)).thenReturn(grpEntity);
UserEntity userEntity = Mockito.mock(UserEntity.class);
when(userEntity.getDisplayName()).thenReturn(APPLICATION_USER_DISPLAYNAME);
when(userEntity.getEmail()).thenReturn(APPLICATION_USER_EMAIL);
when(userEntity.getId()).thenReturn(APPLICATION_USER_ID);
when(userService.findById(APPLICATION_USER_ID)).thenReturn(userEntity);
when(userMapper.convert(userEntity)).thenCallRealMethod();
when(userMapper.computeUserLinks(anyString(), any())).thenCallRealMethod();
PrimaryOwnerEntity primaryOwner = new PrimaryOwnerEntity(userEntity);
when(uriInfo.getBaseUriBuilder()).thenReturn(UriBuilder.fromPath(""));
applicationEntity.setCreatedAt(nowDate);
applicationEntity.setDescription(APPLICATION_DESCRIPTION);
applicationEntity.setGroups(new HashSet<String>(Arrays.asList(APPLICATION_GROUP_ID)));
applicationEntity.setId(APPLICATION_ID);
applicationEntity.setName(APPLICATION_NAME);
applicationEntity.setPrimaryOwner(primaryOwner);
applicationEntity.setStatus(APPLICATION_STATUS);
applicationEntity.setType(APPLICATION_TYPE);
applicationEntity.setUpdatedAt(nowDate);
applicationListItem.setCreatedAt(nowDate);
applicationListItem.setDescription(APPLICATION_DESCRIPTION);
applicationListItem.setGroups(new HashSet<String>(Arrays.asList(APPLICATION_GROUP_ID)));
applicationListItem.setId(APPLICATION_ID);
applicationListItem.setName(APPLICATION_NAME);
applicationListItem.setPrimaryOwner(primaryOwner);
applicationListItem.setStatus(APPLICATION_STATUS);
applicationListItem.setType(APPLICATION_TYPE);
applicationListItem.setUpdatedAt(nowDate);
}
use of io.gravitee.rest.api.model.GroupEntity in project gravitee-management-rest-api by gravitee-io.
the class PermissionsFilter method filter.
protected void filter(Permissions permissions, ContainerRequestContext requestContext) {
if (permissions != null && permissions.value().length > 0) {
Principal principal = securityContext.getUserPrincipal();
if (principal != null) {
String username = principal.getName();
for (Permission permission : permissions.value()) {
Map<String, char[]> memberPermissions;
switch(permission.value().getScope()) {
case ORGANIZATION:
memberPermissions = membershipService.getUserMemberPermissions(MembershipReferenceType.ORGANIZATION, GraviteeContext.getCurrentOrganization(), username);
if (roleService.hasPermission(memberPermissions, permission.value().getPermission(), permission.acls())) {
return;
}
break;
case ENVIRONMENT:
memberPermissions = membershipService.getUserMemberPermissions(MembershipReferenceType.ENVIRONMENT, GraviteeContext.getCurrentEnvironment(), username);
if (roleService.hasPermission(memberPermissions, permission.value().getPermission(), permission.acls())) {
return;
}
break;
case APPLICATION:
ApplicationEntity application = getApplication(requestContext);
memberPermissions = membershipService.getUserMemberPermissions(application, username);
if (roleService.hasPermission(memberPermissions, permission.value().getPermission(), permission.acls())) {
return;
}
break;
case API:
ApiEntity api = getApi(requestContext);
memberPermissions = membershipService.getUserMemberPermissions(api, username);
if (roleService.hasPermission(memberPermissions, permission.value().getPermission(), permission.acls())) {
return;
}
break;
case GROUP:
GroupEntity group = getGroup(requestContext);
memberPermissions = membershipService.getUserMemberPermissions(group, username);
if (roleService.hasPermission(memberPermissions, permission.value().getPermission(), permission.acls())) {
return;
}
break;
default:
sendSecurityError();
}
}
}
sendSecurityError();
}
}
Aggregations