Example 1 with GROUP
use of io.gravitee.rest.api.model.MembershipReferenceType.GROUP in project gravitee-management-rest-api by gravitee-io.
the class AbstractResource method canReadApi.
protected void canReadApi(final String api) {
if (!isAdmin()) {
// get memberships of the current user
List<MembershipEntity> memberships = retrieveApiMembership().collect(Collectors.toList());
Set<String> groups = memberships.stream().filter(m -> GROUP.equals(m.getReferenceType())).map(m -> m.getReferenceId()).collect(Collectors.toSet());
Set<String> directMembers = memberships.stream().filter(m -> API.equals(m.getReferenceType())).map(m -> m.getReferenceId()).collect(Collectors.toSet());
// if the current user is member of the API, continue
if (directMembers.contains(api)) {
return;
}
// fetch group memberships
final ApiQuery apiQuery = new ApiQuery();
apiQuery.setGroups(new ArrayList<>(groups));
apiQuery.setIds(Collections.singletonList(api));
final Collection<String> strings = apiService.searchIds(apiQuery);
final boolean canReadAPI = strings.contains(api);
if (!canReadAPI) {
throw new ForbiddenAccessException();
}
}
}
Also used :
ApiQuery(io.gravitee.rest.api.model.api.ApiQuery)
RolePermissionAction(io.gravitee.rest.api.model.permissions.RolePermissionAction)
io.gravitee.rest.api.service(io.gravitee.rest.api.service)
java.util(java.util)
MembershipEntity(io.gravitee.rest.api.model.MembershipEntity)
Context(javax.ws.rs.core.Context)
USER(io.gravitee.rest.api.model.MembershipMemberType.USER)
ForbiddenAccessException(io.gravitee.rest.api.service.exceptions.ForbiddenAccessException)
SecurityContext(javax.ws.rs.core.SecurityContext)
API(io.gravitee.rest.api.model.MembershipReferenceType.API)
RoleScope(io.gravitee.rest.api.model.permissions.RoleScope)
UserDetails(io.gravitee.rest.api.idp.api.authentication.UserDetails)
Collectors(java.util.stream.Collectors)
Inject(javax.inject.Inject)
Stream(java.util.stream.Stream)
UriBuilder(javax.ws.rs.core.UriBuilder)
URI(java.net.URI)
UriInfo(javax.ws.rs.core.UriInfo)
SecurityContextHolder(org.springframework.security.core.context.SecurityContextHolder)
SystemRole(io.gravitee.rest.api.model.permissions.SystemRole)
GROUP(io.gravitee.rest.api.model.MembershipReferenceType.GROUP)
RolePermission(io.gravitee.rest.api.model.permissions.RolePermission)
MembershipEntity(io.gravitee.rest.api.model.MembershipEntity)
ApiQuery(io.gravitee.rest.api.model.api.ApiQuery)
ForbiddenAccessException(io.gravitee.rest.api.service.exceptions.ForbiddenAccessException)
Aggregations
UserDetails (io.gravitee.rest.api.idp.api.authentication.UserDetails)1
MembershipEntity (io.gravitee.rest.api.model.MembershipEntity)1
USER (io.gravitee.rest.api.model.MembershipMemberType.USER)1
API (io.gravitee.rest.api.model.MembershipReferenceType.API)1
GROUP (io.gravitee.rest.api.model.MembershipReferenceType.GROUP)1
ApiQuery (io.gravitee.rest.api.model.api.ApiQuery)1
RolePermission (io.gravitee.rest.api.model.permissions.RolePermission)1
RolePermissionAction (io.gravitee.rest.api.model.permissions.RolePermissionAction)1
RoleScope (io.gravitee.rest.api.model.permissions.RoleScope)1
SystemRole (io.gravitee.rest.api.model.permissions.SystemRole)1
io.gravitee.rest.api.service (io.gravitee.rest.api.service)1
ForbiddenAccessException (io.gravitee.rest.api.service.exceptions.ForbiddenAccessException)1
URI (java.net.URI)1
java.util (java.util)1
Collectors (java.util.stream.Collectors)1
Stream (java.util.stream.Stream)1
Inject (javax.inject.Inject)1
Context (javax.ws.rs.core.Context)1
SecurityContext (javax.ws.rs.core.SecurityContext)1
UriBuilder (javax.ws.rs.core.UriBuilder)1
