Search in sources :

Example 1 with API

use of io.gravitee.rest.api.model.MembershipReferenceType.API in project gravitee-management-rest-api by gravitee-io.

the class AbstractResource method canReadApi.

protected void canReadApi(final String api) {
    if (!isAdmin()) {
        // get memberships of the current user
        List<MembershipEntity> memberships = retrieveApiMembership().collect(Collectors.toList());
        Set<String> groups = memberships.stream().filter(m -> GROUP.equals(m.getReferenceType())).map(m -> m.getReferenceId()).collect(Collectors.toSet());
        Set<String> directMembers = memberships.stream().filter(m -> API.equals(m.getReferenceType())).map(m -> m.getReferenceId()).collect(Collectors.toSet());
        // if the current user is member of the API, continue
        if (directMembers.contains(api)) {
            return;
        }
        // fetch group memberships
        final ApiQuery apiQuery = new ApiQuery();
        apiQuery.setGroups(new ArrayList<>(groups));
        apiQuery.setIds(Collections.singletonList(api));
        final Collection<String> strings = apiService.searchIds(apiQuery);
        final boolean canReadAPI = strings.contains(api);
        if (!canReadAPI) {
            throw new ForbiddenAccessException();
        }
    }
}
Also used : ApiQuery(io.gravitee.rest.api.model.api.ApiQuery) RolePermissionAction(io.gravitee.rest.api.model.permissions.RolePermissionAction) io.gravitee.rest.api.service(io.gravitee.rest.api.service) java.util(java.util) MembershipEntity(io.gravitee.rest.api.model.MembershipEntity) Context(javax.ws.rs.core.Context) USER(io.gravitee.rest.api.model.MembershipMemberType.USER) ForbiddenAccessException(io.gravitee.rest.api.service.exceptions.ForbiddenAccessException) SecurityContext(javax.ws.rs.core.SecurityContext) API(io.gravitee.rest.api.model.MembershipReferenceType.API) RoleScope(io.gravitee.rest.api.model.permissions.RoleScope) UserDetails(io.gravitee.rest.api.idp.api.authentication.UserDetails) Collectors(java.util.stream.Collectors) Inject(javax.inject.Inject) Stream(java.util.stream.Stream) UriBuilder(javax.ws.rs.core.UriBuilder) URI(java.net.URI) UriInfo(javax.ws.rs.core.UriInfo) SecurityContextHolder(org.springframework.security.core.context.SecurityContextHolder) SystemRole(io.gravitee.rest.api.model.permissions.SystemRole) GROUP(io.gravitee.rest.api.model.MembershipReferenceType.GROUP) RolePermission(io.gravitee.rest.api.model.permissions.RolePermission) MembershipEntity(io.gravitee.rest.api.model.MembershipEntity) ApiQuery(io.gravitee.rest.api.model.api.ApiQuery) ForbiddenAccessException(io.gravitee.rest.api.service.exceptions.ForbiddenAccessException)

Aggregations

UserDetails (io.gravitee.rest.api.idp.api.authentication.UserDetails)1 MembershipEntity (io.gravitee.rest.api.model.MembershipEntity)1 USER (io.gravitee.rest.api.model.MembershipMemberType.USER)1 API (io.gravitee.rest.api.model.MembershipReferenceType.API)1 GROUP (io.gravitee.rest.api.model.MembershipReferenceType.GROUP)1 ApiQuery (io.gravitee.rest.api.model.api.ApiQuery)1 RolePermission (io.gravitee.rest.api.model.permissions.RolePermission)1 RolePermissionAction (io.gravitee.rest.api.model.permissions.RolePermissionAction)1 RoleScope (io.gravitee.rest.api.model.permissions.RoleScope)1 SystemRole (io.gravitee.rest.api.model.permissions.SystemRole)1 io.gravitee.rest.api.service (io.gravitee.rest.api.service)1 ForbiddenAccessException (io.gravitee.rest.api.service.exceptions.ForbiddenAccessException)1 URI (java.net.URI)1 java.util (java.util)1 Collectors (java.util.stream.Collectors)1 Stream (java.util.stream.Stream)1 Inject (javax.inject.Inject)1 Context (javax.ws.rs.core.Context)1 SecurityContext (javax.ws.rs.core.SecurityContext)1 UriBuilder (javax.ws.rs.core.UriBuilder)1