use of io.gravitee.rest.api.model.permissions.RolePermission.API_PLAN in project gravitee-management-rest-api by gravitee-io.
the class ApiPlansResource method getApiPlansByApiId.
@GET
@Produces(MediaType.APPLICATION_JSON)
@RequirePortalAuth
public Response getApiPlansByApiId(@PathParam("apiId") String apiId, @BeanParam PaginationParam paginationParam) {
String username = getAuthenticatedUserOrNull();
final ApiQuery apiQuery = new ApiQuery();
apiQuery.setIds(Collections.singletonList(apiId));
Collection<ApiEntity> userApis = apiService.findPublishedByUser(username, apiQuery);
if (userApis.stream().anyMatch(a -> a.getId().equals(apiId))) {
ApiEntity apiEntity = apiService.findById(apiId);
if (Visibility.PUBLIC.equals(apiEntity.getVisibility()) || hasPermission(API_PLAN, apiId, READ)) {
List<Plan> plans = planService.findByApi(apiId).stream().filter(plan -> PlanStatus.PUBLISHED.equals(plan.getStatus())).filter(plan -> groupService.isUserAuthorizedToAccessApiData(apiEntity, plan.getExcludedGroups(), username)).sorted(Comparator.comparingInt(PlanEntity::getOrder)).map(p -> planMapper.convert(p)).collect(Collectors.toList());
return createListResponse(plans, paginationParam);
} else {
return createListResponse(emptyList(), paginationParam);
}
}
throw new ApiNotFoundException(apiId);
}
Aggregations