Search in sources :

Example 1 with RequirePortalAuth

use of io.gravitee.rest.api.portal.rest.security.RequirePortalAuth in project gravitee-management-rest-api by gravitee-io.

the class ApiPlansResource method getApiPlansByApiId.

@GET
@Produces(MediaType.APPLICATION_JSON)
@RequirePortalAuth
public Response getApiPlansByApiId(@PathParam("apiId") String apiId, @BeanParam PaginationParam paginationParam) {
    String username = getAuthenticatedUserOrNull();
    final ApiQuery apiQuery = new ApiQuery();
    apiQuery.setIds(Collections.singletonList(apiId));
    Collection<ApiEntity> userApis = apiService.findPublishedByUser(username, apiQuery);
    if (userApis.stream().anyMatch(a -> a.getId().equals(apiId))) {
        ApiEntity apiEntity = apiService.findById(apiId);
        if (Visibility.PUBLIC.equals(apiEntity.getVisibility()) || hasPermission(API_PLAN, apiId, READ)) {
            List<Plan> plans = planService.findByApi(apiId).stream().filter(plan -> PlanStatus.PUBLISHED.equals(plan.getStatus())).filter(plan -> groupService.isUserAuthorizedToAccessApiData(apiEntity, plan.getExcludedGroups(), username)).sorted(Comparator.comparingInt(PlanEntity::getOrder)).map(p -> planMapper.convert(p)).collect(Collectors.toList());
            return createListResponse(plans, paginationParam);
        } else {
            return createListResponse(emptyList(), paginationParam);
        }
    }
    throw new ApiNotFoundException(apiId);
}
Also used : PlanMapper(io.gravitee.rest.api.portal.rest.mapper.PlanMapper) PathParam(javax.ws.rs.PathParam) Produces(javax.ws.rs.Produces) GET(javax.ws.rs.GET) Plan(io.gravitee.rest.api.portal.rest.model.Plan) RequirePortalAuth(io.gravitee.rest.api.portal.rest.security.RequirePortalAuth) PlanStatus(io.gravitee.rest.api.model.PlanStatus) Inject(javax.inject.Inject) PaginationParam(io.gravitee.rest.api.portal.rest.resource.param.PaginationParam) API_PLAN(io.gravitee.rest.api.model.permissions.RolePermission.API_PLAN) ApiQuery(io.gravitee.rest.api.model.api.ApiQuery) READ(io.gravitee.rest.api.model.permissions.RolePermissionAction.READ) ApiEntity(io.gravitee.rest.api.model.api.ApiEntity) GroupService(io.gravitee.rest.api.service.GroupService) Collections.emptyList(java.util.Collections.emptyList) Collection(java.util.Collection) PlanEntity(io.gravitee.rest.api.model.PlanEntity) ApiNotFoundException(io.gravitee.rest.api.service.exceptions.ApiNotFoundException) Collectors(java.util.stream.Collectors) BeanParam(javax.ws.rs.BeanParam) List(java.util.List) MediaType(io.gravitee.common.http.MediaType) Response(javax.ws.rs.core.Response) Visibility(io.gravitee.rest.api.model.Visibility) PlanService(io.gravitee.rest.api.service.PlanService) Comparator(java.util.Comparator) Collections(java.util.Collections) ApiQuery(io.gravitee.rest.api.model.api.ApiQuery) ApiNotFoundException(io.gravitee.rest.api.service.exceptions.ApiNotFoundException) ApiEntity(io.gravitee.rest.api.model.api.ApiEntity) Plan(io.gravitee.rest.api.portal.rest.model.Plan) Produces(javax.ws.rs.Produces) GET(javax.ws.rs.GET) RequirePortalAuth(io.gravitee.rest.api.portal.rest.security.RequirePortalAuth)

Example 2 with RequirePortalAuth

use of io.gravitee.rest.api.portal.rest.security.RequirePortalAuth in project gravitee-management-rest-api by gravitee-io.

the class ApiResource method getApiByApiId.

@GET
@Produces({ MediaType.APPLICATION_JSON })
@RequirePortalAuth
public Response getApiByApiId(@PathParam("apiId") String apiId, @QueryParam("include") List<String> include) {
    String username = getAuthenticatedUserOrNull();
    if (accessControlService.canAccessApiFromPortal(apiId)) {
        ApiEntity apiEntity = apiService.findById(apiId);
        Api api = apiMapper.convert(apiEntity);
        if (include.contains(INCLUDE_PAGES)) {
            List<Page> pages = pageService.search(new PageQuery.Builder().api(apiId).published(true).build(), GraviteeContext.getCurrentEnvironment()).stream().filter(page -> accessControlService.canAccessPageFromPortal(page)).map(pageMapper::convert).collect(Collectors.toList());
            api.setPages(pages);
        }
        if (include.contains(INCLUDE_PLANS)) {
            List<Plan> plans = planService.findByApi(apiId).stream().filter(plan -> PlanStatus.PUBLISHED.equals(plan.getStatus())).filter(plan -> groupService.isUserAuthorizedToAccessApiData(apiEntity, plan.getExcludedGroups(), username)).sorted(Comparator.comparingInt(PlanEntity::getOrder)).map(p -> planMapper.convert(p)).collect(Collectors.toList());
            api.setPlans(plans);
        }
        api.links(apiMapper.computeApiLinks(PortalApiLinkHelper.apisURL(uriInfo.getBaseUriBuilder(), api.getId()), apiEntity.getUpdatedAt()));
        if (!parameterService.findAsBoolean(Key.PORTAL_APIS_SHOW_TAGS_IN_APIHEADER, ParameterReferenceType.ENVIRONMENT)) {
            api.setLabels(new ArrayList<>());
        }
        if (!parameterService.findAsBoolean(Key.PORTAL_APIS_SHOW_CATEGORIES_IN_APIHEADER, ParameterReferenceType.ENVIRONMENT)) {
            api.setCategories(new ArrayList<>());
        }
        return Response.ok(api).build();
    }
    throw new ApiNotFoundException(apiId);
}
Also used : PlanMapper(io.gravitee.rest.api.portal.rest.mapper.PlanMapper) io.gravitee.rest.api.service(io.gravitee.rest.api.service) java.util(java.util) ApiMapper(io.gravitee.rest.api.portal.rest.mapper.ApiMapper) GraviteeContext(io.gravitee.rest.api.service.common.GraviteeContext) RequirePortalAuth(io.gravitee.rest.api.portal.rest.security.RequirePortalAuth) Inject(javax.inject.Inject) PageQuery(io.gravitee.rest.api.model.documentation.PageQuery) io.gravitee.rest.api.model(io.gravitee.rest.api.model) ApiQuery(io.gravitee.rest.api.model.api.ApiQuery) ApiEntity(io.gravitee.rest.api.model.api.ApiEntity) Context(javax.ws.rs.core.Context) ParameterReferenceType(io.gravitee.rest.api.model.parameters.ParameterReferenceType) ResourceTypeEnum(io.gravitee.rest.api.portal.rest.model.Link.ResourceTypeEnum) io.gravitee.rest.api.portal.rest.model(io.gravitee.rest.api.portal.rest.model) ApiNotFoundException(io.gravitee.rest.api.service.exceptions.ApiNotFoundException) HttpHeadersUtil(io.gravitee.rest.api.portal.rest.utils.HttpHeadersUtil) Collectors(java.util.stream.Collectors) Key(io.gravitee.rest.api.model.parameters.Key) MediaType(io.gravitee.common.http.MediaType) PortalApiLinkHelper(io.gravitee.rest.api.portal.rest.utils.PortalApiLinkHelper) javax.ws.rs(javax.ws.rs) Response(javax.ws.rs.core.Response) ResourceContext(javax.ws.rs.container.ResourceContext) Request(javax.ws.rs.core.Request) PageMapper(io.gravitee.rest.api.portal.rest.mapper.PageMapper) ApiNotFoundException(io.gravitee.rest.api.service.exceptions.ApiNotFoundException) ApiEntity(io.gravitee.rest.api.model.api.ApiEntity) RequirePortalAuth(io.gravitee.rest.api.portal.rest.security.RequirePortalAuth)

Example 3 with RequirePortalAuth

use of io.gravitee.rest.api.portal.rest.security.RequirePortalAuth in project gravitee-management-rest-api by gravitee-io.

the class ApiResource method getPictureByApiId.

@GET
@Path("picture")
@Produces({ MediaType.WILDCARD, MediaType.APPLICATION_JSON })
@RequirePortalAuth
public Response getPictureByApiId(@Context Request request, @PathParam("apiId") String apiId) {
    final ApiQuery apiQuery = new ApiQuery();
    apiQuery.setIds(Collections.singletonList(apiId));
    // Do not filter on visibility to display the picture on subscription screen even if the API is no more published
    Collection<ApiEntity> userApis = apiService.findByUser(getAuthenticatedUserOrNull(), apiQuery, true);
    if (userApis.stream().anyMatch(a -> a.getId().equals(apiId))) {
        InlinePictureEntity image = apiService.getPicture(apiId);
        return createPictureResponse(request, image);
    }
    throw new ApiNotFoundException(apiId);
}
Also used : ApiQuery(io.gravitee.rest.api.model.api.ApiQuery) ApiNotFoundException(io.gravitee.rest.api.service.exceptions.ApiNotFoundException) ApiEntity(io.gravitee.rest.api.model.api.ApiEntity) RequirePortalAuth(io.gravitee.rest.api.portal.rest.security.RequirePortalAuth)

Example 4 with RequirePortalAuth

use of io.gravitee.rest.api.portal.rest.security.RequirePortalAuth in project gravitee-management-rest-api by gravitee-io.

the class ApiPagesResource method getPagesByApiId.

@GET
@Produces(MediaType.APPLICATION_JSON)
@RequirePortalAuth
public Response getPagesByApiId(@HeaderParam("Accept-Language") String acceptLang, @PathParam("apiId") String apiId, @BeanParam PaginationParam paginationParam, @QueryParam("homepage") Boolean homepage, @QueryParam("parent") String parent) {
    final ApiQuery apiQuery = new ApiQuery();
    apiQuery.setIds(Collections.singletonList(apiId));
    if (accessControlService.canAccessApiFromPortal(apiId)) {
        final String acceptedLocale = HttpHeadersUtil.getFirstAcceptedLocaleName(acceptLang);
        Stream<Page> pageStream = pageService.search(new PageQuery.Builder().api(apiId).homepage(homepage).published(true).build(), acceptedLocale, GraviteeContext.getCurrentEnvironment()).stream().filter(page -> accessControlService.canAccessPageFromPortal(apiId, page)).map(pageMapper::convert).map(page -> this.addPageLink(apiId, page));
        List<Page> pages;
        if (parent != null) {
            pages = new ArrayList<>();
            Map<String, Page> pagesMap = pageStream.collect(Collectors.toMap(Page::getId, page -> page));
            pagesMap.values().forEach(page -> {
                List<String> ancestors = this.getAncestors(pagesMap, page);
                if (ancestors.contains(parent)) {
                    pages.add(page);
                }
            });
        } else {
            pages = pageStream.collect(Collectors.toList());
        }
        return createListResponse(pages, paginationParam);
    }
    throw new ApiNotFoundException(apiId);
}
Also used : ApiQuery(io.gravitee.rest.api.model.api.ApiQuery) Context(javax.ws.rs.core.Context) ApiNotFoundException(io.gravitee.rest.api.service.exceptions.ApiNotFoundException) HttpHeadersUtil(io.gravitee.rest.api.portal.rest.utils.HttpHeadersUtil) GraviteeContext(io.gravitee.rest.api.service.common.GraviteeContext) Page(io.gravitee.rest.api.portal.rest.model.Page) RequirePortalAuth(io.gravitee.rest.api.portal.rest.security.RequirePortalAuth) Collectors(java.util.stream.Collectors) ArrayList(java.util.ArrayList) Inject(javax.inject.Inject) AccessControlService(io.gravitee.rest.api.service.AccessControlService) List(java.util.List) MediaType(io.gravitee.common.http.MediaType) Stream(java.util.stream.Stream) PortalApiLinkHelper(io.gravitee.rest.api.portal.rest.utils.PortalApiLinkHelper) javax.ws.rs(javax.ws.rs) Response(javax.ws.rs.core.Response) ResourceContext(javax.ws.rs.container.ResourceContext) PaginationParam(io.gravitee.rest.api.portal.rest.resource.param.PaginationParam) Map(java.util.Map) PageQuery(io.gravitee.rest.api.model.documentation.PageQuery) PageService(io.gravitee.rest.api.service.PageService) Collections(java.util.Collections) PageMapper(io.gravitee.rest.api.portal.rest.mapper.PageMapper) ApiQuery(io.gravitee.rest.api.model.api.ApiQuery) PageQuery(io.gravitee.rest.api.model.documentation.PageQuery) ApiNotFoundException(io.gravitee.rest.api.service.exceptions.ApiNotFoundException) Page(io.gravitee.rest.api.portal.rest.model.Page) RequirePortalAuth(io.gravitee.rest.api.portal.rest.security.RequirePortalAuth)

Example 5 with RequirePortalAuth

use of io.gravitee.rest.api.portal.rest.security.RequirePortalAuth in project gravitee-management-rest-api by gravitee-io.

the class ApiPageResource method getPageContentByApiIdAndPageId.

@GET
@Path("content")
@Produces(MediaType.TEXT_PLAIN)
@RequirePortalAuth
public Response getPageContentByApiIdAndPageId(@PathParam("apiId") String apiId, @PathParam("pageId") String pageId) {
    final ApiQuery apiQuery = new ApiQuery();
    apiQuery.setIds(Collections.singletonList(apiId));
    if (accessControlService.canAccessApiFromPortal(apiId)) {
        PageEntity pageEntity = pageService.findById(pageId, null);
        if (accessControlService.canAccessPageFromPortal(apiId, pageEntity)) {
            pageService.transformSwagger(pageEntity, apiId);
            return Response.ok(pageEntity.getContent()).build();
        } else {
            throw new UnauthorizedAccessException();
        }
    }
    throw new ApiNotFoundException(apiId);
}
Also used : PageEntity(io.gravitee.rest.api.model.PageEntity) ApiQuery(io.gravitee.rest.api.model.api.ApiQuery) UnauthorizedAccessException(io.gravitee.rest.api.service.exceptions.UnauthorizedAccessException) ApiNotFoundException(io.gravitee.rest.api.service.exceptions.ApiNotFoundException) RequirePortalAuth(io.gravitee.rest.api.portal.rest.security.RequirePortalAuth)

Aggregations

RequirePortalAuth (io.gravitee.rest.api.portal.rest.security.RequirePortalAuth)12 ApiQuery (io.gravitee.rest.api.model.api.ApiQuery)9 ApiNotFoundException (io.gravitee.rest.api.service.exceptions.ApiNotFoundException)9 ApiEntity (io.gravitee.rest.api.model.api.ApiEntity)7 MediaType (io.gravitee.common.http.MediaType)4 Collectors (java.util.stream.Collectors)4 Inject (javax.inject.Inject)4 GET (javax.ws.rs.GET)4 Response (javax.ws.rs.core.Response)4 PageEntity (io.gravitee.rest.api.model.PageEntity)3 Page (io.gravitee.rest.api.portal.rest.model.Page)3 UnauthorizedAccessException (io.gravitee.rest.api.service.exceptions.UnauthorizedAccessException)3 Collections (java.util.Collections)3 List (java.util.List)3 Produces (javax.ws.rs.Produces)3 Context (javax.ws.rs.core.Context)3 PageQuery (io.gravitee.rest.api.model.documentation.PageQuery)2 PageMapper (io.gravitee.rest.api.portal.rest.mapper.PageMapper)2 PlanMapper (io.gravitee.rest.api.portal.rest.mapper.PlanMapper)2 PaginationParam (io.gravitee.rest.api.portal.rest.resource.param.PaginationParam)2