Examples with ApiQuery io.gravitee.rest.api.model.api.ApiQuery used on opensource projects

Example 1 with ApiQuery

use of io.gravitee.rest.api.model.api.ApiQuery in project gravitee-management-rest-api by gravitee-io.

the class AbstractResource method canReadApi.

protected void canReadApi(final String api) {
    if (!isAdmin()) {
        // get memberships of the current user
        List<MembershipEntity> memberships = retrieveApiMembership().collect(Collectors.toList());
        Set<String> groups = memberships.stream().filter(m -> GROUP.equals(m.getReferenceType())).map(m -> m.getReferenceId()).collect(Collectors.toSet());
        Set<String> directMembers = memberships.stream().filter(m -> API.equals(m.getReferenceType())).map(m -> m.getReferenceId()).collect(Collectors.toSet());
        // if the current user is member of the API, continue
        if (directMembers.contains(api)) {
            return;
        }
        // fetch group memberships
        final ApiQuery apiQuery = new ApiQuery();
        apiQuery.setGroups(new ArrayList<>(groups));
        apiQuery.setIds(Collections.singletonList(api));
        final Collection<String> strings = apiService.searchIds(apiQuery);
        final boolean canReadAPI = strings.contains(api);
        if (!canReadAPI) {
            throw new ForbiddenAccessException();
        }
    }
}

Example 2 with ApiQuery

use of io.gravitee.rest.api.model.api.ApiQuery in project gravitee-management-rest-api by gravitee-io.

the class PermissionsResource method getCurrentUserPermissions.

@GET
@Produces(MediaType.APPLICATION_JSON)
public Response getCurrentUserPermissions(@QueryParam("apiId") String apiId, @QueryParam("applicationId") String applicationId) {
    final String userId = getAuthenticatedUser();
    if (apiId != null) {
        ApiQuery apiQuery = new ApiQuery();
        apiQuery.setIds(Collections.singletonList(apiId));
        Set<ApiEntity> publishedByUser = apiService.findPublishedByUser(getAuthenticatedUserOrNull(), apiQuery);
        ApiEntity apiEntity = publishedByUser.stream().filter(a -> a.getId().equals(apiId)).findFirst().orElseThrow(() -> new ApiNotFoundException(apiId));
        Map<String, char[]> permissions;
        permissions = membershipService.getUserMemberPermissions(apiEntity, userId);
        return Response.ok(permissions).build();
    } else if (applicationId != null) {
        ApplicationListItem applicationListItem = applicationService.findByUser(getAuthenticatedUser()).stream().filter(a -> a.getId().equals(applicationId)).findFirst().orElseThrow(() -> new ApplicationNotFoundException(applicationId));
        ApplicationEntity application = applicationService.findById(applicationListItem.getId());
        Map<String, char[]> permissions;
        permissions = membershipService.getUserMemberPermissions(application, userId);
        return Response.ok(permissions).build();
    }
    throw new BadRequestException("One of the two parameters appId or applicationId must not be null.");
}

Example 3 with ApiQuery

use of io.gravitee.rest.api.model.api.ApiQuery in project gravitee-management-rest-api by gravitee-io.

the class ApiPlansResource method getApiPlansByApiId.

@GET
@Produces(MediaType.APPLICATION_JSON)
@RequirePortalAuth
public Response getApiPlansByApiId(@PathParam("apiId") String apiId, @BeanParam PaginationParam paginationParam) {
    String username = getAuthenticatedUserOrNull();
    final ApiQuery apiQuery = new ApiQuery();
    apiQuery.setIds(Collections.singletonList(apiId));
    Collection<ApiEntity> userApis = apiService.findPublishedByUser(username, apiQuery);
    if (userApis.stream().anyMatch(a -> a.getId().equals(apiId))) {
        ApiEntity apiEntity = apiService.findById(apiId);
        if (Visibility.PUBLIC.equals(apiEntity.getVisibility()) || hasPermission(API_PLAN, apiId, READ)) {
            List<Plan> plans = planService.findByApi(apiId).stream().filter(plan -> PlanStatus.PUBLISHED.equals(plan.getStatus())).filter(plan -> groupService.isUserAuthorizedToAccessApiData(apiEntity, plan.getExcludedGroups(), username)).sorted(Comparator.comparingInt(PlanEntity::getOrder)).map(p -> planMapper.convert(p)).collect(Collectors.toList());
            return createListResponse(plans, paginationParam);
        } else {
            return createListResponse(emptyList(), paginationParam);
        }
    }
    throw new ApiNotFoundException(apiId);
}

Example 4 with ApiQuery

use of io.gravitee.rest.api.model.api.ApiQuery in project gravitee-management-rest-api by gravitee-io.

the class ApiRatingsResource method createApiRating.

@POST
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@Permissions({ @Permission(value = RolePermission.API_RATING, acls = RolePermissionAction.CREATE) })
public Response createApiRating(@PathParam("apiId") String apiId, @Valid RatingInput ratingInput) {
    if (ratingInput == null) {
        throw new BadRequestException("Input must not be null.");
    }
    final ApiQuery apiQuery = new ApiQuery();
    apiQuery.setIds(Collections.singletonList(apiId));
    Collection<ApiEntity> userApis = apiService.findPublishedByUser(getAuthenticatedUserOrNull(), apiQuery);
    if (userApis.stream().anyMatch(a -> a.getId().equals(apiId))) {
        NewRatingEntity rating = new NewRatingEntity();
        rating.setApi(apiId);
        rating.setComment(ratingInput.getComment());
        rating.setTitle(ratingInput.getTitle());
        rating.setRate(ratingInput.getValue().byteValue());
        RatingEntity createdRating = ratingService.create(rating);
        return Response.status(Status.CREATED).entity(ratingMapper.convert(createdRating, uriInfo)).build();
    }
    throw new ApiNotFoundException(apiId);
}

Example 5 with ApiQuery

use of io.gravitee.rest.api.model.api.ApiQuery in project gravitee-management-rest-api by gravitee-io.

the class ApiSubscribersResource method getSubscriberApplicationsByApiId.

@GET
@Produces({ MediaType.APPLICATION_JSON })
public Response getSubscriberApplicationsByApiId(@BeanParam PaginationParam paginationParam, @PathParam("apiId") String apiId, @QueryParam("statuses") List<SubscriptionStatus> statuses) {
    String currentUser = getAuthenticatedUserOrNull();
    final ApiQuery apiQuery = new ApiQuery();
    apiQuery.setIds(Collections.singletonList(apiId));
    Collection<ApiEntity> userApis = apiService.findPublishedByUser(currentUser, apiQuery);
    Optional<ApiEntity> optionalApi = userApis.stream().filter(a -> a.getId().equals(apiId)).findFirst();
    if (optionalApi.isPresent()) {
        SubscriptionQuery subscriptionQuery = new SubscriptionQuery();
        subscriptionQuery.setApi(apiId);
        subscriptionQuery.setStatuses(statuses);
        ApiEntity api = optionalApi.get();
        if (!api.getPrimaryOwner().getId().equals(currentUser)) {
            Set<ApplicationListItem> userApplications = this.applicationService.findByUser(currentUser);
            if (userApplications == null || userApplications.isEmpty()) {
                return createListResponse(Collections.emptyList(), paginationParam);
            }
            subscriptionQuery.setApplications(userApplications.stream().map(ApplicationListItem::getId).collect(Collectors.toList()));
        }
        Map<String, Long> nbHitsByApp = getNbHitsByApplication(apiId);
        Collection<SubscriptionEntity> subscriptions = subscriptionService.search(subscriptionQuery);
        List<Application> subscribersApplication = subscriptions.stream().map(SubscriptionEntity::getApplication).distinct().map(application -> applicationService.findById(application)).map(application -> applicationMapper.convert(application, uriInfo)).sorted((o1, o2) -> compareApp(nbHitsByApp, o1, o2)).collect(Collectors.toList());
        return createListResponse(subscribersApplication, paginationParam);
    }
    throw new ApiNotFoundException(apiId);
}