use of io.gravitee.rest.api.model.MembershipReferenceType.API in project gravitee-management-rest-api by gravitee-io.
the class AbstractResource method canReadApi.
protected void canReadApi(final String api) {
if (!isAdmin()) {
// get memberships of the current user
List<MembershipEntity> memberships = retrieveApiMembership().collect(Collectors.toList());
Set<String> groups = memberships.stream().filter(m -> GROUP.equals(m.getReferenceType())).map(m -> m.getReferenceId()).collect(Collectors.toSet());
Set<String> directMembers = memberships.stream().filter(m -> API.equals(m.getReferenceType())).map(m -> m.getReferenceId()).collect(Collectors.toSet());
// if the current user is member of the API, continue
if (directMembers.contains(api)) {
return;
}
// fetch group memberships
final ApiQuery apiQuery = new ApiQuery();
apiQuery.setGroups(new ArrayList<>(groups));
apiQuery.setIds(Collections.singletonList(api));
final Collection<String> strings = apiService.searchIds(apiQuery);
final boolean canReadAPI = strings.contains(api);
if (!canReadAPI) {
throw new ForbiddenAccessException();
}
}
}
Aggregations