use of io.gravitee.rest.api.portal.rest.security.RequirePortalAuth in project gravitee-management-rest-api by gravitee-io.
the class ApiPlansResource method getApiPlansByApiId.
@GET
@Produces(MediaType.APPLICATION_JSON)
@RequirePortalAuth
public Response getApiPlansByApiId(@PathParam("apiId") String apiId, @BeanParam PaginationParam paginationParam) {
String username = getAuthenticatedUserOrNull();
final ApiQuery apiQuery = new ApiQuery();
apiQuery.setIds(Collections.singletonList(apiId));
Collection<ApiEntity> userApis = apiService.findPublishedByUser(username, apiQuery);
if (userApis.stream().anyMatch(a -> a.getId().equals(apiId))) {
ApiEntity apiEntity = apiService.findById(apiId);
if (Visibility.PUBLIC.equals(apiEntity.getVisibility()) || hasPermission(API_PLAN, apiId, READ)) {
List<Plan> plans = planService.findByApi(apiId).stream().filter(plan -> PlanStatus.PUBLISHED.equals(plan.getStatus())).filter(plan -> groupService.isUserAuthorizedToAccessApiData(apiEntity, plan.getExcludedGroups(), username)).sorted(Comparator.comparingInt(PlanEntity::getOrder)).map(p -> planMapper.convert(p)).collect(Collectors.toList());
return createListResponse(plans, paginationParam);
} else {
return createListResponse(emptyList(), paginationParam);
}
}
throw new ApiNotFoundException(apiId);
}
use of io.gravitee.rest.api.portal.rest.security.RequirePortalAuth in project gravitee-management-rest-api by gravitee-io.
the class ApiResource method getApiByApiId.
@GET
@Produces({ MediaType.APPLICATION_JSON })
@RequirePortalAuth
public Response getApiByApiId(@PathParam("apiId") String apiId, @QueryParam("include") List<String> include) {
String username = getAuthenticatedUserOrNull();
if (accessControlService.canAccessApiFromPortal(apiId)) {
ApiEntity apiEntity = apiService.findById(apiId);
Api api = apiMapper.convert(apiEntity);
if (include.contains(INCLUDE_PAGES)) {
List<Page> pages = pageService.search(new PageQuery.Builder().api(apiId).published(true).build(), GraviteeContext.getCurrentEnvironment()).stream().filter(page -> accessControlService.canAccessPageFromPortal(page)).map(pageMapper::convert).collect(Collectors.toList());
api.setPages(pages);
}
if (include.contains(INCLUDE_PLANS)) {
List<Plan> plans = planService.findByApi(apiId).stream().filter(plan -> PlanStatus.PUBLISHED.equals(plan.getStatus())).filter(plan -> groupService.isUserAuthorizedToAccessApiData(apiEntity, plan.getExcludedGroups(), username)).sorted(Comparator.comparingInt(PlanEntity::getOrder)).map(p -> planMapper.convert(p)).collect(Collectors.toList());
api.setPlans(plans);
}
api.links(apiMapper.computeApiLinks(PortalApiLinkHelper.apisURL(uriInfo.getBaseUriBuilder(), api.getId()), apiEntity.getUpdatedAt()));
if (!parameterService.findAsBoolean(Key.PORTAL_APIS_SHOW_TAGS_IN_APIHEADER, ParameterReferenceType.ENVIRONMENT)) {
api.setLabels(new ArrayList<>());
}
if (!parameterService.findAsBoolean(Key.PORTAL_APIS_SHOW_CATEGORIES_IN_APIHEADER, ParameterReferenceType.ENVIRONMENT)) {
api.setCategories(new ArrayList<>());
}
return Response.ok(api).build();
}
throw new ApiNotFoundException(apiId);
}
use of io.gravitee.rest.api.portal.rest.security.RequirePortalAuth in project gravitee-management-rest-api by gravitee-io.
the class ApiResource method getPictureByApiId.
@GET
@Path("picture")
@Produces({ MediaType.WILDCARD, MediaType.APPLICATION_JSON })
@RequirePortalAuth
public Response getPictureByApiId(@Context Request request, @PathParam("apiId") String apiId) {
final ApiQuery apiQuery = new ApiQuery();
apiQuery.setIds(Collections.singletonList(apiId));
// Do not filter on visibility to display the picture on subscription screen even if the API is no more published
Collection<ApiEntity> userApis = apiService.findByUser(getAuthenticatedUserOrNull(), apiQuery, true);
if (userApis.stream().anyMatch(a -> a.getId().equals(apiId))) {
InlinePictureEntity image = apiService.getPicture(apiId);
return createPictureResponse(request, image);
}
throw new ApiNotFoundException(apiId);
}
use of io.gravitee.rest.api.portal.rest.security.RequirePortalAuth in project gravitee-management-rest-api by gravitee-io.
the class ApiPagesResource method getPagesByApiId.
@GET
@Produces(MediaType.APPLICATION_JSON)
@RequirePortalAuth
public Response getPagesByApiId(@HeaderParam("Accept-Language") String acceptLang, @PathParam("apiId") String apiId, @BeanParam PaginationParam paginationParam, @QueryParam("homepage") Boolean homepage, @QueryParam("parent") String parent) {
final ApiQuery apiQuery = new ApiQuery();
apiQuery.setIds(Collections.singletonList(apiId));
if (accessControlService.canAccessApiFromPortal(apiId)) {
final String acceptedLocale = HttpHeadersUtil.getFirstAcceptedLocaleName(acceptLang);
Stream<Page> pageStream = pageService.search(new PageQuery.Builder().api(apiId).homepage(homepage).published(true).build(), acceptedLocale, GraviteeContext.getCurrentEnvironment()).stream().filter(page -> accessControlService.canAccessPageFromPortal(apiId, page)).map(pageMapper::convert).map(page -> this.addPageLink(apiId, page));
List<Page> pages;
if (parent != null) {
pages = new ArrayList<>();
Map<String, Page> pagesMap = pageStream.collect(Collectors.toMap(Page::getId, page -> page));
pagesMap.values().forEach(page -> {
List<String> ancestors = this.getAncestors(pagesMap, page);
if (ancestors.contains(parent)) {
pages.add(page);
}
});
} else {
pages = pageStream.collect(Collectors.toList());
}
return createListResponse(pages, paginationParam);
}
throw new ApiNotFoundException(apiId);
}
use of io.gravitee.rest.api.portal.rest.security.RequirePortalAuth in project gravitee-management-rest-api by gravitee-io.
the class ApiPageResource method getPageContentByApiIdAndPageId.
@GET
@Path("content")
@Produces(MediaType.TEXT_PLAIN)
@RequirePortalAuth
public Response getPageContentByApiIdAndPageId(@PathParam("apiId") String apiId, @PathParam("pageId") String pageId) {
final ApiQuery apiQuery = new ApiQuery();
apiQuery.setIds(Collections.singletonList(apiId));
if (accessControlService.canAccessApiFromPortal(apiId)) {
PageEntity pageEntity = pageService.findById(pageId, null);
if (accessControlService.canAccessPageFromPortal(apiId, pageEntity)) {
pageService.transformSwagger(pageEntity, apiId);
return Response.ok(pageEntity.getContent()).build();
} else {
throw new UnauthorizedAccessException();
}
}
throw new ApiNotFoundException(apiId);
}
Aggregations