use of io.gravitee.rest.api.service.exceptions.GroupInvitationForbiddenException.Type.SYSTEM in project gravitee-management-rest-api by gravitee-io.
the class GroupMembersResource method addOrUpdateGroupMember.
@POST
@Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_JSON)
@ApiOperation(value = "Add or update a group member")
@ApiResponses({ @ApiResponse(code = 201, message = "Member has been added"), @ApiResponse(code = 200, message = "Member has been updated"), @ApiResponse(code = 400, message = "Membership is not valid"), @ApiResponse(code = 500, message = "Internal server error") })
@Permissions({ @Permission(value = ENVIRONMENT_GROUP, acls = RolePermissionAction.CREATE), @Permission(value = ENVIRONMENT_GROUP, acls = RolePermissionAction.UPDATE), @Permission(value = RolePermission.GROUP_MEMBER, acls = RolePermissionAction.CREATE), @Permission(value = RolePermission.GROUP_MEMBER, acls = RolePermissionAction.UPDATE) })
public Response addOrUpdateGroupMember(@Valid @NotNull final List<GroupMembership> memberships) {
// Check that group exists
final GroupEntity groupEntity = groupService.findById(group);
// check if user is a 'simple group admin' or a platform admin
final boolean hasPermission = permissionService.hasPermission(ENVIRONMENT_GROUP, GraviteeContext.getCurrentEnvironment(), CREATE, UPDATE, DELETE);
if (!hasPermission) {
if (groupEntity.getMaxInvitation() != null) {
final Set<MemberEntity> members = membershipService.getMembersByReference(MembershipReferenceType.GROUP, group);
final long membershipsToAddSize = memberships.stream().map(GroupMembership::getId).filter(s -> {
final List<String> membershipIdsToSave = members.stream().map(MemberEntity::getId).collect(toList());
return !membershipIdsToSave.contains(s);
}).count();
if ((groupService.getNumberOfMembers(group) + membershipsToAddSize) > groupEntity.getMaxInvitation()) {
throw new GroupMembersLimitationExceededException(groupEntity.getMaxInvitation());
}
}
if (!groupEntity.isSystemInvitation()) {
throw new GroupInvitationForbiddenException(SYSTEM, group);
}
}
for (GroupMembership membership : memberships) {
RoleEntity previousApiRole = null;
RoleEntity previousApplicationRole = null;
RoleEntity previousGroupRole = null;
if (membership.getId() != null) {
Set<RoleEntity> userRoles = membershipService.getRoles(MembershipReferenceType.GROUP, group, MembershipMemberType.USER, membership.getId());
for (RoleEntity role : userRoles) {
switch(role.getScope()) {
case API:
previousApiRole = role;
break;
case APPLICATION:
previousApplicationRole = role;
break;
case GROUP:
previousGroupRole = role;
break;
default:
break;
}
}
}
// Process add / update before delete to avoid having a user without role
if (membership.getRoles() != null && !membership.getRoles().isEmpty()) {
Map<RoleScope, RoleEntity> roleEntities = new HashMap<>();
for (MemberRoleEntity item : membership.getRoles()) {
roleService.findByScopeAndName(item.getRoleScope(), item.getRoleName()).ifPresent(roleEntity -> roleEntities.put(item.getRoleScope(), roleEntity));
}
MemberEntity updatedMembership = null;
// Replace if new role to add
RoleEntity apiRoleEntity = roleEntities.get(RoleScope.API);
if (apiRoleEntity != null && !apiRoleEntity.equals(previousApiRole)) {
String roleName = apiRoleEntity.getName();
if (!hasPermission && groupEntity.isLockApiRole()) {
final List<RoleEntity> defaultRoles = roleService.findDefaultRoleByScopes(RoleScope.API);
if (defaultRoles != null && !defaultRoles.isEmpty()) {
roleName = defaultRoles.get(0).getName();
}
}
updatedMembership = membershipService.addRoleToMemberOnReference(new MembershipService.MembershipReference(MembershipReferenceType.GROUP, group), new MembershipService.MembershipMember(membership.getId(), membership.getReference(), MembershipMemberType.USER), new MembershipService.MembershipRole(RoleScope.API, roleName));
if (previousApiRole != null) {
membershipService.removeRole(MembershipReferenceType.GROUP, group, MembershipMemberType.USER, updatedMembership.getId(), previousApiRole.getId());
}
if (previousApiRole != null && previousApiRole.getName().equals(SystemRole.PRIMARY_OWNER.name())) {
groupService.updateApiPrimaryOwner(group, null);
} else if (roleName.equals(SystemRole.PRIMARY_OWNER.name())) {
groupService.updateApiPrimaryOwner(group, updatedMembership.getId());
}
}
RoleEntity applicationRoleEntity = roleEntities.get(RoleScope.APPLICATION);
if (applicationRoleEntity != null && !applicationRoleEntity.equals(previousApplicationRole)) {
String roleName = applicationRoleEntity.getName();
if (!hasPermission && groupEntity.isLockApplicationRole()) {
final List<RoleEntity> defaultRoles = roleService.findDefaultRoleByScopes(RoleScope.APPLICATION);
if (defaultRoles != null && !defaultRoles.isEmpty()) {
roleName = defaultRoles.get(0).getName();
}
}
updatedMembership = membershipService.addRoleToMemberOnReference(new MembershipService.MembershipReference(MembershipReferenceType.GROUP, group), new MembershipService.MembershipMember(membership.getId(), membership.getReference(), MembershipMemberType.USER), new MembershipService.MembershipRole(RoleScope.APPLICATION, roleName));
if (previousApplicationRole != null) {
membershipService.removeRole(MembershipReferenceType.GROUP, group, MembershipMemberType.USER, updatedMembership.getId(), previousApplicationRole.getId());
}
}
RoleEntity groupRoleEntity = roleEntities.get(RoleScope.GROUP);
if (groupRoleEntity != null && !groupRoleEntity.equals(previousGroupRole)) {
updatedMembership = membershipService.addRoleToMemberOnReference(new MembershipService.MembershipReference(MembershipReferenceType.GROUP, group), new MembershipService.MembershipMember(membership.getId(), membership.getReference(), MembershipMemberType.USER), new MembershipService.MembershipRole(RoleScope.GROUP, groupRoleEntity.getName()));
if (previousGroupRole != null) {
membershipService.removeRole(MembershipReferenceType.GROUP, group, MembershipMemberType.USER, updatedMembership.getId(), previousGroupRole.getId());
}
}
// Delete if existing and new role is empty
if (apiRoleEntity == null && previousApiRole != null) {
membershipService.removeRole(MembershipReferenceType.GROUP, group, MembershipMemberType.USER, membership.getId(), previousApiRole.getId());
}
if (applicationRoleEntity == null && previousApplicationRole != null) {
membershipService.removeRole(MembershipReferenceType.GROUP, group, MembershipMemberType.USER, membership.getId(), previousApplicationRole.getId());
}
if (groupRoleEntity == null && previousGroupRole != null) {
membershipService.removeRole(MembershipReferenceType.GROUP, group, MembershipMemberType.USER, membership.getId(), previousGroupRole.getId());
}
// Send notification
if (previousApiRole == null && previousApplicationRole == null && previousGroupRole == null && updatedMembership != null) {
UserEntity userEntity = this.userService.findById(updatedMembership.getId());
Map<String, Object> params = new HashMap<>();
params.put("group", groupEntity);
params.put("user", userEntity);
this.notifierService.trigger(GROUP_INVITATION, params);
}
}
}
eventManager.publishEvent(ApplicationAlertEventType.APPLICATION_MEMBERSHIP_UPDATE, new ApplicationAlertMembershipEvent(Collections.emptySet(), Collections.singleton(group)));
return Response.ok().build();
}
Aggregations