Search in sources :

Example 1 with ApiQuery

use of io.gravitee.rest.api.model.api.ApiQuery in project gravitee-management-rest-api by gravitee-io.

the class AbstractResource method canReadApi.

protected void canReadApi(final String api) {
    if (!isAdmin()) {
        // get memberships of the current user
        List<MembershipEntity> memberships = retrieveApiMembership().collect(Collectors.toList());
        Set<String> groups = memberships.stream().filter(m -> GROUP.equals(m.getReferenceType())).map(m -> m.getReferenceId()).collect(Collectors.toSet());
        Set<String> directMembers = memberships.stream().filter(m -> API.equals(m.getReferenceType())).map(m -> m.getReferenceId()).collect(Collectors.toSet());
        // if the current user is member of the API, continue
        if (directMembers.contains(api)) {
            return;
        }
        // fetch group memberships
        final ApiQuery apiQuery = new ApiQuery();
        apiQuery.setGroups(new ArrayList<>(groups));
        apiQuery.setIds(Collections.singletonList(api));
        final Collection<String> strings = apiService.searchIds(apiQuery);
        final boolean canReadAPI = strings.contains(api);
        if (!canReadAPI) {
            throw new ForbiddenAccessException();
        }
    }
}
Also used : ApiQuery(io.gravitee.rest.api.model.api.ApiQuery) RolePermissionAction(io.gravitee.rest.api.model.permissions.RolePermissionAction) io.gravitee.rest.api.service(io.gravitee.rest.api.service) java.util(java.util) MembershipEntity(io.gravitee.rest.api.model.MembershipEntity) Context(javax.ws.rs.core.Context) USER(io.gravitee.rest.api.model.MembershipMemberType.USER) ForbiddenAccessException(io.gravitee.rest.api.service.exceptions.ForbiddenAccessException) SecurityContext(javax.ws.rs.core.SecurityContext) API(io.gravitee.rest.api.model.MembershipReferenceType.API) RoleScope(io.gravitee.rest.api.model.permissions.RoleScope) UserDetails(io.gravitee.rest.api.idp.api.authentication.UserDetails) Collectors(java.util.stream.Collectors) Inject(javax.inject.Inject) Stream(java.util.stream.Stream) UriBuilder(javax.ws.rs.core.UriBuilder) URI(java.net.URI) UriInfo(javax.ws.rs.core.UriInfo) SecurityContextHolder(org.springframework.security.core.context.SecurityContextHolder) SystemRole(io.gravitee.rest.api.model.permissions.SystemRole) GROUP(io.gravitee.rest.api.model.MembershipReferenceType.GROUP) RolePermission(io.gravitee.rest.api.model.permissions.RolePermission) MembershipEntity(io.gravitee.rest.api.model.MembershipEntity) ApiQuery(io.gravitee.rest.api.model.api.ApiQuery) ForbiddenAccessException(io.gravitee.rest.api.service.exceptions.ForbiddenAccessException)

Example 2 with ApiQuery

use of io.gravitee.rest.api.model.api.ApiQuery in project gravitee-management-rest-api by gravitee-io.

the class PermissionsResource method getCurrentUserPermissions.

@GET
@Produces(MediaType.APPLICATION_JSON)
public Response getCurrentUserPermissions(@QueryParam("apiId") String apiId, @QueryParam("applicationId") String applicationId) {
    final String userId = getAuthenticatedUser();
    if (apiId != null) {
        ApiQuery apiQuery = new ApiQuery();
        apiQuery.setIds(Collections.singletonList(apiId));
        Set<ApiEntity> publishedByUser = apiService.findPublishedByUser(getAuthenticatedUserOrNull(), apiQuery);
        ApiEntity apiEntity = publishedByUser.stream().filter(a -> a.getId().equals(apiId)).findFirst().orElseThrow(() -> new ApiNotFoundException(apiId));
        Map<String, char[]> permissions;
        permissions = membershipService.getUserMemberPermissions(apiEntity, userId);
        return Response.ok(permissions).build();
    } else if (applicationId != null) {
        ApplicationListItem applicationListItem = applicationService.findByUser(getAuthenticatedUser()).stream().filter(a -> a.getId().equals(applicationId)).findFirst().orElseThrow(() -> new ApplicationNotFoundException(applicationId));
        ApplicationEntity application = applicationService.findById(applicationListItem.getId());
        Map<String, char[]> permissions;
        permissions = membershipService.getUserMemberPermissions(application, userId);
        return Response.ok(permissions).build();
    }
    throw new BadRequestException("One of the two parameters appId or applicationId must not be null.");
}
Also used : ApiQuery(io.gravitee.rest.api.model.api.ApiQuery) ApplicationListItem(io.gravitee.rest.api.model.application.ApplicationListItem) ApiEntity(io.gravitee.rest.api.model.api.ApiEntity) Produces(javax.ws.rs.Produces) GET(javax.ws.rs.GET) MembershipService(io.gravitee.rest.api.service.MembershipService) ApiNotFoundException(io.gravitee.rest.api.service.exceptions.ApiNotFoundException) Set(java.util.Set) ApiService(io.gravitee.rest.api.service.ApiService) Inject(javax.inject.Inject) MediaType(io.gravitee.common.http.MediaType) QueryParam(javax.ws.rs.QueryParam) Response(javax.ws.rs.core.Response) Map(java.util.Map) ApplicationService(io.gravitee.rest.api.service.ApplicationService) BadRequestException(javax.ws.rs.BadRequestException) ApplicationNotFoundException(io.gravitee.rest.api.service.exceptions.ApplicationNotFoundException) Collections(java.util.Collections) ApplicationEntity(io.gravitee.rest.api.model.ApplicationEntity) ApiQuery(io.gravitee.rest.api.model.api.ApiQuery) ApplicationListItem(io.gravitee.rest.api.model.application.ApplicationListItem) ApplicationNotFoundException(io.gravitee.rest.api.service.exceptions.ApplicationNotFoundException) ApplicationEntity(io.gravitee.rest.api.model.ApplicationEntity) ApiNotFoundException(io.gravitee.rest.api.service.exceptions.ApiNotFoundException) ApiEntity(io.gravitee.rest.api.model.api.ApiEntity) BadRequestException(javax.ws.rs.BadRequestException) Map(java.util.Map) Produces(javax.ws.rs.Produces) GET(javax.ws.rs.GET)

Example 3 with ApiQuery

use of io.gravitee.rest.api.model.api.ApiQuery in project gravitee-management-rest-api by gravitee-io.

the class ApiPlansResource method getApiPlansByApiId.

@GET
@Produces(MediaType.APPLICATION_JSON)
@RequirePortalAuth
public Response getApiPlansByApiId(@PathParam("apiId") String apiId, @BeanParam PaginationParam paginationParam) {
    String username = getAuthenticatedUserOrNull();
    final ApiQuery apiQuery = new ApiQuery();
    apiQuery.setIds(Collections.singletonList(apiId));
    Collection<ApiEntity> userApis = apiService.findPublishedByUser(username, apiQuery);
    if (userApis.stream().anyMatch(a -> a.getId().equals(apiId))) {
        ApiEntity apiEntity = apiService.findById(apiId);
        if (Visibility.PUBLIC.equals(apiEntity.getVisibility()) || hasPermission(API_PLAN, apiId, READ)) {
            List<Plan> plans = planService.findByApi(apiId).stream().filter(plan -> PlanStatus.PUBLISHED.equals(plan.getStatus())).filter(plan -> groupService.isUserAuthorizedToAccessApiData(apiEntity, plan.getExcludedGroups(), username)).sorted(Comparator.comparingInt(PlanEntity::getOrder)).map(p -> planMapper.convert(p)).collect(Collectors.toList());
            return createListResponse(plans, paginationParam);
        } else {
            return createListResponse(emptyList(), paginationParam);
        }
    }
    throw new ApiNotFoundException(apiId);
}
Also used : PlanMapper(io.gravitee.rest.api.portal.rest.mapper.PlanMapper) PathParam(javax.ws.rs.PathParam) Produces(javax.ws.rs.Produces) GET(javax.ws.rs.GET) Plan(io.gravitee.rest.api.portal.rest.model.Plan) RequirePortalAuth(io.gravitee.rest.api.portal.rest.security.RequirePortalAuth) PlanStatus(io.gravitee.rest.api.model.PlanStatus) Inject(javax.inject.Inject) PaginationParam(io.gravitee.rest.api.portal.rest.resource.param.PaginationParam) API_PLAN(io.gravitee.rest.api.model.permissions.RolePermission.API_PLAN) ApiQuery(io.gravitee.rest.api.model.api.ApiQuery) READ(io.gravitee.rest.api.model.permissions.RolePermissionAction.READ) ApiEntity(io.gravitee.rest.api.model.api.ApiEntity) GroupService(io.gravitee.rest.api.service.GroupService) Collections.emptyList(java.util.Collections.emptyList) Collection(java.util.Collection) PlanEntity(io.gravitee.rest.api.model.PlanEntity) ApiNotFoundException(io.gravitee.rest.api.service.exceptions.ApiNotFoundException) Collectors(java.util.stream.Collectors) BeanParam(javax.ws.rs.BeanParam) List(java.util.List) MediaType(io.gravitee.common.http.MediaType) Response(javax.ws.rs.core.Response) Visibility(io.gravitee.rest.api.model.Visibility) PlanService(io.gravitee.rest.api.service.PlanService) Comparator(java.util.Comparator) Collections(java.util.Collections) ApiQuery(io.gravitee.rest.api.model.api.ApiQuery) ApiNotFoundException(io.gravitee.rest.api.service.exceptions.ApiNotFoundException) ApiEntity(io.gravitee.rest.api.model.api.ApiEntity) Plan(io.gravitee.rest.api.portal.rest.model.Plan) Produces(javax.ws.rs.Produces) GET(javax.ws.rs.GET) RequirePortalAuth(io.gravitee.rest.api.portal.rest.security.RequirePortalAuth)

Example 4 with ApiQuery

use of io.gravitee.rest.api.model.api.ApiQuery in project gravitee-management-rest-api by gravitee-io.

the class ApiRatingsResource method createApiRating.

@POST
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@Permissions({ @Permission(value = RolePermission.API_RATING, acls = RolePermissionAction.CREATE) })
public Response createApiRating(@PathParam("apiId") String apiId, @Valid RatingInput ratingInput) {
    if (ratingInput == null) {
        throw new BadRequestException("Input must not be null.");
    }
    final ApiQuery apiQuery = new ApiQuery();
    apiQuery.setIds(Collections.singletonList(apiId));
    Collection<ApiEntity> userApis = apiService.findPublishedByUser(getAuthenticatedUserOrNull(), apiQuery);
    if (userApis.stream().anyMatch(a -> a.getId().equals(apiId))) {
        NewRatingEntity rating = new NewRatingEntity();
        rating.setApi(apiId);
        rating.setComment(ratingInput.getComment());
        rating.setTitle(ratingInput.getTitle());
        rating.setRate(ratingInput.getValue().byteValue());
        RatingEntity createdRating = ratingService.create(rating);
        return Response.status(Status.CREATED).entity(ratingMapper.convert(createdRating, uriInfo)).build();
    }
    throw new ApiNotFoundException(apiId);
}
Also used : NewRatingEntity(io.gravitee.rest.api.model.NewRatingEntity) ApiQuery(io.gravitee.rest.api.model.api.ApiQuery) ApiNotFoundException(io.gravitee.rest.api.service.exceptions.ApiNotFoundException) ApiEntity(io.gravitee.rest.api.model.api.ApiEntity) RatingEntity(io.gravitee.rest.api.model.RatingEntity) NewRatingEntity(io.gravitee.rest.api.model.NewRatingEntity) Permissions(io.gravitee.rest.api.portal.rest.security.Permissions)

Example 5 with ApiQuery

use of io.gravitee.rest.api.model.api.ApiQuery in project gravitee-management-rest-api by gravitee-io.

the class ApiSubscribersResource method getSubscriberApplicationsByApiId.

@GET
@Produces({ MediaType.APPLICATION_JSON })
public Response getSubscriberApplicationsByApiId(@BeanParam PaginationParam paginationParam, @PathParam("apiId") String apiId, @QueryParam("statuses") List<SubscriptionStatus> statuses) {
    String currentUser = getAuthenticatedUserOrNull();
    final ApiQuery apiQuery = new ApiQuery();
    apiQuery.setIds(Collections.singletonList(apiId));
    Collection<ApiEntity> userApis = apiService.findPublishedByUser(currentUser, apiQuery);
    Optional<ApiEntity> optionalApi = userApis.stream().filter(a -> a.getId().equals(apiId)).findFirst();
    if (optionalApi.isPresent()) {
        SubscriptionQuery subscriptionQuery = new SubscriptionQuery();
        subscriptionQuery.setApi(apiId);
        subscriptionQuery.setStatuses(statuses);
        ApiEntity api = optionalApi.get();
        if (!api.getPrimaryOwner().getId().equals(currentUser)) {
            Set<ApplicationListItem> userApplications = this.applicationService.findByUser(currentUser);
            if (userApplications == null || userApplications.isEmpty()) {
                return createListResponse(Collections.emptyList(), paginationParam);
            }
            subscriptionQuery.setApplications(userApplications.stream().map(ApplicationListItem::getId).collect(Collectors.toList()));
        }
        Map<String, Long> nbHitsByApp = getNbHitsByApplication(apiId);
        Collection<SubscriptionEntity> subscriptions = subscriptionService.search(subscriptionQuery);
        List<Application> subscribersApplication = subscriptions.stream().map(SubscriptionEntity::getApplication).distinct().map(application -> applicationService.findById(application)).map(application -> applicationMapper.convert(application, uriInfo)).sorted((o1, o2) -> compareApp(nbHitsByApp, o1, o2)).collect(Collectors.toList());
        return createListResponse(subscribersApplication, paginationParam);
    }
    throw new ApiNotFoundException(apiId);
}
Also used : ApiQuery(io.gravitee.rest.api.model.api.ApiQuery) ApplicationListItem(io.gravitee.rest.api.model.application.ApplicationListItem) ApiEntity(io.gravitee.rest.api.model.api.ApiEntity) java.util(java.util) SubscriptionStatus(io.gravitee.rest.api.model.SubscriptionStatus) ApiNotFoundException(io.gravitee.rest.api.service.exceptions.ApiNotFoundException) SubscriptionEntity(io.gravitee.rest.api.model.SubscriptionEntity) ApplicationMapper(io.gravitee.rest.api.portal.rest.mapper.ApplicationMapper) Instant(java.time.Instant) Collectors(java.util.stream.Collectors) Application(io.gravitee.rest.api.portal.rest.model.Application) GroupByQuery(io.gravitee.rest.api.model.analytics.query.GroupByQuery) Inject(javax.inject.Inject) SubscriptionService(io.gravitee.rest.api.service.SubscriptionService) MediaType(io.gravitee.common.http.MediaType) ChronoUnit(java.time.temporal.ChronoUnit) javax.ws.rs(javax.ws.rs) Response(javax.ws.rs.core.Response) PaginationParam(io.gravitee.rest.api.portal.rest.resource.param.PaginationParam) ApplicationService(io.gravitee.rest.api.service.ApplicationService) TopHitsAnalytics(io.gravitee.rest.api.model.analytics.TopHitsAnalytics) AnalyticsService(io.gravitee.rest.api.service.AnalyticsService) SubscriptionQuery(io.gravitee.rest.api.model.subscription.SubscriptionQuery) ApiNotFoundException(io.gravitee.rest.api.service.exceptions.ApiNotFoundException) ApiEntity(io.gravitee.rest.api.model.api.ApiEntity) SubscriptionEntity(io.gravitee.rest.api.model.SubscriptionEntity) SubscriptionQuery(io.gravitee.rest.api.model.subscription.SubscriptionQuery) ApiQuery(io.gravitee.rest.api.model.api.ApiQuery) ApplicationListItem(io.gravitee.rest.api.model.application.ApplicationListItem) Application(io.gravitee.rest.api.portal.rest.model.Application)

Aggregations

ApiQuery (io.gravitee.rest.api.model.api.ApiQuery)26 ApiEntity (io.gravitee.rest.api.model.api.ApiEntity)19 ApiNotFoundException (io.gravitee.rest.api.service.exceptions.ApiNotFoundException)17 RequirePortalAuth (io.gravitee.rest.api.portal.rest.security.RequirePortalAuth)8 Produces (javax.ws.rs.Produces)7 Response (javax.ws.rs.core.Response)7 RatingEntity (io.gravitee.rest.api.model.RatingEntity)6 Collectors (java.util.stream.Collectors)6 Inject (javax.inject.Inject)6 MediaType (io.gravitee.common.http.MediaType)5 Permissions (io.gravitee.rest.api.portal.rest.security.Permissions)5 GET (javax.ws.rs.GET)5 RatingNotFoundException (io.gravitee.rest.api.service.exceptions.RatingNotFoundException)4 Collections (java.util.Collections)4 PaginationParam (io.gravitee.rest.api.portal.rest.resource.param.PaginationParam)3 java.util (java.util)3 List (java.util.List)3 Context (javax.ws.rs.core.Context)3 TechnicalException (io.gravitee.repository.exceptions.TechnicalException)2 NewRatingEntity (io.gravitee.rest.api.model.NewRatingEntity)2