Examples with RoleEntity io.gravitee.rest.api.model.RoleEntity used on opensource projects

Example 16 with RoleEntity

use of io.gravitee.rest.api.model.RoleEntity in project gravitee-management-rest-api by gravitee-io.

the class MembershipService_GetMembersTest method shouldGetMembersWithoutMembership.

@Test
public void shouldGetMembersWithoutMembership() throws Exception {
    Membership membership = new Membership();
    membership.setReferenceId(API_ID);
    membership.setCreatedAt(new Date());
    membership.setUpdatedAt(membership.getCreatedAt());
    membership.setReferenceType(MembershipReferenceType.API);
    membership.setRoleId("API_PRIMARY_OWNER");
    membership.setMemberId("user-id");
    membership.setMemberType(MembershipMemberType.USER);
    UserEntity userEntity = new UserEntity();
    userEntity.setId(membership.getMemberId());
    userEntity.setFirstname("John");
    userEntity.setLastname("Doe");
    RoleEntity po = mock(RoleEntity.class);
    po.setName(SystemRole.PRIMARY_OWNER.name());
    List<String> memberIds = Collections.singletonList(membership.getMemberId());
    Set<UserEntity> userEntities = Collections.singleton(userEntity);
    when(roleService.findById("API_PRIMARY_OWNER")).thenReturn(po);
    when(membershipRepository.findByReferencesAndRoleId(MembershipReferenceType.API, Collections.singletonList(API_ID), null)).thenReturn(Collections.singleton(membership));
    when(userService.findByIds(memberIds, false)).thenReturn(userEntities);
    Set<MemberEntity> members = membershipService.getMembersByReferenceAndRole(io.gravitee.rest.api.model.MembershipReferenceType.API, API_ID, null);
    Assert.assertNotNull(members);
    Assert.assertFalse("members must not be empty", members.isEmpty());
    verify(membershipRepository, times(1)).findByReferencesAndRoleId(MembershipReferenceType.API, Collections.singletonList(API_ID), null);
    verify(userService, times(1)).findByIds(memberIds, false);
}

Example 17 with RoleEntity

use of io.gravitee.rest.api.model.RoleEntity in project gravitee-management-rest-api by gravitee-io.

the class AbstractAuthenticationResource method connectUser.

protected Response connectUser(String userId, final String state, final HttpServletResponse servletResponse, final String accessToken, final String idToken) {
    UserEntity user = userService.connect(userId);
    final Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
    final UserDetails userDetails = (UserDetails) authentication.getPrincipal();
    // Manage authorities, initialize it with dynamic permissions from the IDP
    List<Map<String, String>> authorities = userDetails.getAuthorities().stream().map(authority -> Maps.<String, String>builder().put("authority", authority.getAuthority()).build()).collect(Collectors.toList());
    // We must also load permissions from repository for configured environment role
    Set<RoleEntity> userRoles = membershipService.getRoles(MembershipReferenceType.ENVIRONMENT, GraviteeContext.getCurrentEnvironment(), MembershipMemberType.USER, userDetails.getId());
    if (!userRoles.isEmpty()) {
        userRoles.forEach(role -> authorities.add(Maps.<String, String>builder().put("authority", role.getScope().toString() + ':' + role.getName()).build()));
    }
    // JWT signer
    Algorithm algorithm = Algorithm.HMAC256(environment.getProperty("jwt.secret"));
    Date issueAt = new Date();
    Instant expireAt = issueAt.toInstant().plus(Duration.ofSeconds(environment.getProperty("jwt.expire-after", Integer.class, DEFAULT_JWT_EXPIRE_AFTER)));
    final String sign = JWT.create().withIssuer(environment.getProperty("jwt.issuer", DEFAULT_JWT_ISSUER)).withIssuedAt(issueAt).withExpiresAt(Date.from(expireAt)).withSubject(user.getId()).withClaim(JWTHelper.Claims.PERMISSIONS, authorities).withClaim(JWTHelper.Claims.EMAIL, user.getEmail()).withClaim(JWTHelper.Claims.FIRSTNAME, user.getFirstname()).withClaim(JWTHelper.Claims.LASTNAME, user.getLastname()).withJWTId(UUID.randomUUID().toString()).sign(algorithm);
    final Token tokenEntity = new Token();
    tokenEntity.setTokenType(TokenTypeEnum.BEARER);
    tokenEntity.setToken(sign);
    if (idToken != null) {
        tokenEntity.setAccessToken(accessToken);
        tokenEntity.setIdToken(idToken);
    }
    if (state != null && !state.isEmpty()) {
        tokenEntity.setState(state);
    }
    final Cookie bearerCookie = cookieGenerator.generate("Bearer%20" + sign);
    servletResponse.addCookie(bearerCookie);
    return Response.ok(tokenEntity).build();
}

Example 18 with RoleEntity

use of io.gravitee.rest.api.model.RoleEntity in project gravitee-management-rest-api by gravitee-io.

the class ApplicationMembersResourceTest method shouldTransferOwnerShip.

@Test
public void shouldTransferOwnerShip() {
    RoleEntity mockRoleEntity = new RoleEntity();
    TransferOwnershipInput input = new TransferOwnershipInput().newPrimaryOwnerId(MEMBER_1).primaryOwnerNewrole("OWNER");
    doReturn(Optional.of(mockRoleEntity)).when(roleService).findByScopeAndName(any(), any());
    final Response response = target(APPLICATION).path("members").path("_transfer_ownership").request().post(Entity.json(input));
    assertEquals(HttpStatusCode.NO_CONTENT_204, response.getStatus());
    ArgumentCaptor<String> applicationCaptor = ArgumentCaptor.forClass(String.class);
    ArgumentCaptor<List<RoleEntity>> roleCaptor = ArgumentCaptor.forClass(List.class);
    ArgumentCaptor<MembershipService.MembershipMember> memberShipUserCaptor = ArgumentCaptor.forClass(MembershipService.MembershipMember.class);
    Mockito.verify(membershipService).transferApplicationOwnership(applicationCaptor.capture(), memberShipUserCaptor.capture(), roleCaptor.capture());
    assertEquals(APPLICATION, applicationCaptor.getValue());
    assertEquals(mockRoleEntity, roleCaptor.getValue().get(0));
    assertEquals(MEMBER_1, memberShipUserCaptor.getValue().getMemberId());
}

Example 19 with RoleEntity

use of io.gravitee.rest.api.model.RoleEntity in project gravitee-management-rest-api by gravitee-io.

the class MembershipCommandHandlerTest method handleWithAdminRole.

@Test
public void handleWithAdminRole() {
    MembershipPayload membershipPayload = new MembershipPayload();
    membershipPayload.setUserId("user#1");
    membershipPayload.setOrganizationId("orga#1");
    membershipPayload.setReferenceType(MembershipReferenceType.ENVIRONMENT.name());
    membershipPayload.setReferenceId("env#1");
    membershipPayload.setRole("ENVIRONMENT_PRIMARY_OWNER");
    MembershipCommand command = new MembershipCommand(membershipPayload);
    UserEntity user = new UserEntity();
    user.setId(UUID.random().toString());
    RoleEntity role = new RoleEntity();
    role.setId(UUID.random().toString());
    role.setScope(RoleScope.ENVIRONMENT);
    role.setName("ADMIN");
    when(userService.findBySource(COCKPIT_SOURCE, membershipPayload.getUserId(), false)).thenReturn(user);
    when(roleService.findByScopeAndName(RoleScope.ENVIRONMENT, "ADMIN")).thenReturn(Optional.of(role));
    TestObserver<MembershipReply> obs = cut.handle(command).test();
    obs.awaitTerminalEvent();
    obs.assertNoErrors();
    obs.assertValue(reply -> reply.getCommandId().equals(command.getId()) && reply.getCommandStatus().equals(CommandStatus.SUCCEEDED));
    ArgumentCaptor<MembershipService.MembershipReference> membershipReference = ArgumentCaptor.forClass(MembershipService.MembershipReference.class);
    ArgumentCaptor<MembershipService.MembershipMember> membershipMember = ArgumentCaptor.forClass(MembershipService.MembershipMember.class);
    ArgumentCaptor<List<MembershipService.MembershipRole>> membershipRoles = ArgumentCaptor.forClass(List.class);
    verify(membershipService).updateRolesToMemberOnReference(membershipReference.capture(), membershipMember.capture(), membershipRoles.capture(), eq(COCKPIT_SOURCE), eq(false));
    assertEquals(MembershipReferenceType.ENVIRONMENT, membershipReference.getValue().getType());
    assertEquals(membershipPayload.getReferenceId(), membershipReference.getValue().getId());
    assertEquals(MembershipMemberType.USER, membershipMember.getValue().getMemberType());
    assertEquals(user.getId(), membershipMember.getValue().getMemberId());
    assertTrue(membershipRoles.getValue().size() == 1 && membershipRoles.getValue().stream().allMatch(membershipRole -> membershipRole.getScope() == role.getScope() && membershipRole.getName().equals(role.getName())));
}

Example 20 with RoleEntity

use of io.gravitee.rest.api.model.RoleEntity in project gravitee-management-rest-api by gravitee-io.

the class MembershipCommandHandlerTest method handleWithUnknownRole.

@Test
public void handleWithUnknownRole() {
    MembershipPayload membershipPayload = new MembershipPayload();
    membershipPayload.setUserId("user#1");
    membershipPayload.setOrganizationId("orga#1");
    membershipPayload.setReferenceType(MembershipReferenceType.ENVIRONMENT.name());
    membershipPayload.setReferenceId("env#1");
    membershipPayload.setRole("UNKNOWN");
    MembershipCommand command = new MembershipCommand(membershipPayload);
    UserEntity user = new UserEntity();
    user.setId(UUID.random().toString());
    RoleEntity role = new RoleEntity();
    role.setId(UUID.random().toString());
    when(userService.findBySource(COCKPIT_SOURCE, membershipPayload.getUserId(), false)).thenReturn(user);
    when(roleService.findByScopeAndName(RoleScope.ENVIRONMENT, "UNKNOWN")).thenReturn(Optional.empty());
    TestObserver<MembershipReply> obs = cut.handle(command).test();
    obs.awaitTerminalEvent();
    obs.assertNoErrors();
    obs.assertValue(reply -> reply.getCommandId().equals(command.getId()) && reply.getCommandStatus().equals(CommandStatus.ERROR));
    verifyZeroInteractions(membershipService);
}