use of io.gravitee.rest.api.model.api.ApiQuery in project gravitee-management-rest-api by gravitee-io.
the class AbstractResource method canReadApi.
protected void canReadApi(final String api) {
if (!isAdmin()) {
// get memberships of the current user
List<MembershipEntity> memberships = retrieveApiMembership().collect(Collectors.toList());
Set<String> groups = memberships.stream().filter(m -> GROUP.equals(m.getReferenceType())).map(m -> m.getReferenceId()).collect(Collectors.toSet());
Set<String> directMembers = memberships.stream().filter(m -> API.equals(m.getReferenceType())).map(m -> m.getReferenceId()).collect(Collectors.toSet());
// if the current user is member of the API, continue
if (directMembers.contains(api)) {
return;
}
// fetch group memberships
final ApiQuery apiQuery = new ApiQuery();
apiQuery.setGroups(new ArrayList<>(groups));
apiQuery.setIds(Collections.singletonList(api));
final Collection<String> strings = apiService.searchIds(apiQuery);
final boolean canReadAPI = strings.contains(api);
if (!canReadAPI) {
throw new ForbiddenAccessException();
}
}
}
use of io.gravitee.rest.api.model.api.ApiQuery in project gravitee-management-rest-api by gravitee-io.
the class PermissionsResource method getCurrentUserPermissions.
@GET
@Produces(MediaType.APPLICATION_JSON)
public Response getCurrentUserPermissions(@QueryParam("apiId") String apiId, @QueryParam("applicationId") String applicationId) {
final String userId = getAuthenticatedUser();
if (apiId != null) {
ApiQuery apiQuery = new ApiQuery();
apiQuery.setIds(Collections.singletonList(apiId));
Set<ApiEntity> publishedByUser = apiService.findPublishedByUser(getAuthenticatedUserOrNull(), apiQuery);
ApiEntity apiEntity = publishedByUser.stream().filter(a -> a.getId().equals(apiId)).findFirst().orElseThrow(() -> new ApiNotFoundException(apiId));
Map<String, char[]> permissions;
permissions = membershipService.getUserMemberPermissions(apiEntity, userId);
return Response.ok(permissions).build();
} else if (applicationId != null) {
ApplicationListItem applicationListItem = applicationService.findByUser(getAuthenticatedUser()).stream().filter(a -> a.getId().equals(applicationId)).findFirst().orElseThrow(() -> new ApplicationNotFoundException(applicationId));
ApplicationEntity application = applicationService.findById(applicationListItem.getId());
Map<String, char[]> permissions;
permissions = membershipService.getUserMemberPermissions(application, userId);
return Response.ok(permissions).build();
}
throw new BadRequestException("One of the two parameters appId or applicationId must not be null.");
}
use of io.gravitee.rest.api.model.api.ApiQuery in project gravitee-management-rest-api by gravitee-io.
the class ApiPlansResource method getApiPlansByApiId.
@GET
@Produces(MediaType.APPLICATION_JSON)
@RequirePortalAuth
public Response getApiPlansByApiId(@PathParam("apiId") String apiId, @BeanParam PaginationParam paginationParam) {
String username = getAuthenticatedUserOrNull();
final ApiQuery apiQuery = new ApiQuery();
apiQuery.setIds(Collections.singletonList(apiId));
Collection<ApiEntity> userApis = apiService.findPublishedByUser(username, apiQuery);
if (userApis.stream().anyMatch(a -> a.getId().equals(apiId))) {
ApiEntity apiEntity = apiService.findById(apiId);
if (Visibility.PUBLIC.equals(apiEntity.getVisibility()) || hasPermission(API_PLAN, apiId, READ)) {
List<Plan> plans = planService.findByApi(apiId).stream().filter(plan -> PlanStatus.PUBLISHED.equals(plan.getStatus())).filter(plan -> groupService.isUserAuthorizedToAccessApiData(apiEntity, plan.getExcludedGroups(), username)).sorted(Comparator.comparingInt(PlanEntity::getOrder)).map(p -> planMapper.convert(p)).collect(Collectors.toList());
return createListResponse(plans, paginationParam);
} else {
return createListResponse(emptyList(), paginationParam);
}
}
throw new ApiNotFoundException(apiId);
}
use of io.gravitee.rest.api.model.api.ApiQuery in project gravitee-management-rest-api by gravitee-io.
the class ApiRatingsResource method createApiRating.
@POST
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@Permissions({ @Permission(value = RolePermission.API_RATING, acls = RolePermissionAction.CREATE) })
public Response createApiRating(@PathParam("apiId") String apiId, @Valid RatingInput ratingInput) {
if (ratingInput == null) {
throw new BadRequestException("Input must not be null.");
}
final ApiQuery apiQuery = new ApiQuery();
apiQuery.setIds(Collections.singletonList(apiId));
Collection<ApiEntity> userApis = apiService.findPublishedByUser(getAuthenticatedUserOrNull(), apiQuery);
if (userApis.stream().anyMatch(a -> a.getId().equals(apiId))) {
NewRatingEntity rating = new NewRatingEntity();
rating.setApi(apiId);
rating.setComment(ratingInput.getComment());
rating.setTitle(ratingInput.getTitle());
rating.setRate(ratingInput.getValue().byteValue());
RatingEntity createdRating = ratingService.create(rating);
return Response.status(Status.CREATED).entity(ratingMapper.convert(createdRating, uriInfo)).build();
}
throw new ApiNotFoundException(apiId);
}
use of io.gravitee.rest.api.model.api.ApiQuery in project gravitee-management-rest-api by gravitee-io.
the class ApiSubscribersResource method getSubscriberApplicationsByApiId.
@GET
@Produces({ MediaType.APPLICATION_JSON })
public Response getSubscriberApplicationsByApiId(@BeanParam PaginationParam paginationParam, @PathParam("apiId") String apiId, @QueryParam("statuses") List<SubscriptionStatus> statuses) {
String currentUser = getAuthenticatedUserOrNull();
final ApiQuery apiQuery = new ApiQuery();
apiQuery.setIds(Collections.singletonList(apiId));
Collection<ApiEntity> userApis = apiService.findPublishedByUser(currentUser, apiQuery);
Optional<ApiEntity> optionalApi = userApis.stream().filter(a -> a.getId().equals(apiId)).findFirst();
if (optionalApi.isPresent()) {
SubscriptionQuery subscriptionQuery = new SubscriptionQuery();
subscriptionQuery.setApi(apiId);
subscriptionQuery.setStatuses(statuses);
ApiEntity api = optionalApi.get();
if (!api.getPrimaryOwner().getId().equals(currentUser)) {
Set<ApplicationListItem> userApplications = this.applicationService.findByUser(currentUser);
if (userApplications == null || userApplications.isEmpty()) {
return createListResponse(Collections.emptyList(), paginationParam);
}
subscriptionQuery.setApplications(userApplications.stream().map(ApplicationListItem::getId).collect(Collectors.toList()));
}
Map<String, Long> nbHitsByApp = getNbHitsByApplication(apiId);
Collection<SubscriptionEntity> subscriptions = subscriptionService.search(subscriptionQuery);
List<Application> subscribersApplication = subscriptions.stream().map(SubscriptionEntity::getApplication).distinct().map(application -> applicationService.findById(application)).map(application -> applicationMapper.convert(application, uriInfo)).sorted((o1, o2) -> compareApp(nbHitsByApp, o1, o2)).collect(Collectors.toList());
return createListResponse(subscribersApplication, paginationParam);
}
throw new ApiNotFoundException(apiId);
}
Aggregations