Search in sources :

Example 1 with UnauthorizedAccessException

use of io.gravitee.rest.api.service.exceptions.UnauthorizedAccessException in project gravitee-management-rest-api by gravitee-io.

the class ApiPageResource method getPageContentByApiIdAndPageId.

@GET
@Path("content")
@Produces(MediaType.TEXT_PLAIN)
@RequirePortalAuth
public Response getPageContentByApiIdAndPageId(@PathParam("apiId") String apiId, @PathParam("pageId") String pageId) {
    final ApiQuery apiQuery = new ApiQuery();
    apiQuery.setIds(Collections.singletonList(apiId));
    if (accessControlService.canAccessApiFromPortal(apiId)) {
        PageEntity pageEntity = pageService.findById(pageId, null);
        if (accessControlService.canAccessPageFromPortal(apiId, pageEntity)) {
            pageService.transformSwagger(pageEntity, apiId);
            return Response.ok(pageEntity.getContent()).build();
        } else {
            throw new UnauthorizedAccessException();
        }
    }
    throw new ApiNotFoundException(apiId);
}
Also used : PageEntity(io.gravitee.rest.api.model.PageEntity) ApiQuery(io.gravitee.rest.api.model.api.ApiQuery) UnauthorizedAccessException(io.gravitee.rest.api.service.exceptions.UnauthorizedAccessException) ApiNotFoundException(io.gravitee.rest.api.service.exceptions.ApiNotFoundException) RequirePortalAuth(io.gravitee.rest.api.portal.rest.security.RequirePortalAuth)

Example 2 with UnauthorizedAccessException

use of io.gravitee.rest.api.service.exceptions.UnauthorizedAccessException in project gravitee-management-rest-api by gravitee-io.

the class CategoryResource method getCategory.

@GET
@Produces(APPLICATION_JSON)
@ApiOperation(value = "Get the category", notes = "User must have the PORTAL_CATEGORY[READ] permission to use this service")
@ApiResponses({ @ApiResponse(code = 200, message = "Category's definition", response = CategoryEntity.class), @ApiResponse(code = 500, message = "Internal server error") })
public CategoryEntity getCategory() {
    boolean canShowCategory = hasPermission(RolePermission.ENVIRONMENT_CATEGORY, RolePermissionAction.READ);
    CategoryEntity category = categoryService.findById(categoryId);
    if (!canShowCategory && category.isHidden()) {
        throw new UnauthorizedAccessException();
    }
    // set picture
    setPictures(category, false);
    return category;
}
Also used : UnauthorizedAccessException(io.gravitee.rest.api.service.exceptions.UnauthorizedAccessException) CategoryEntity(io.gravitee.rest.api.model.CategoryEntity) UpdateCategoryEntity(io.gravitee.rest.api.model.UpdateCategoryEntity)

Example 3 with UnauthorizedAccessException

use of io.gravitee.rest.api.service.exceptions.UnauthorizedAccessException in project gravitee-management-rest-api by gravitee-io.

the class CategoryResource method getImageResponse.

private Response getImageResponse(Request request, InlinePictureEntity image) {
    boolean canShowCategory = hasPermission(RolePermission.ENVIRONMENT_CATEGORY, RolePermissionAction.READ);
    CategoryEntity category = categoryService.findById(categoryId);
    if (!canShowCategory && category.isHidden()) {
        throw new UnauthorizedAccessException();
    }
    CacheControl cc = new CacheControl();
    cc.setNoTransform(true);
    cc.setMustRevalidate(false);
    cc.setNoCache(false);
    cc.setMaxAge(86400);
    if (image == null || image.getContent() == null) {
        return Response.ok().build();
    }
    EntityTag etag = new EntityTag(Integer.toString(new String(image.getContent()).hashCode()));
    Response.ResponseBuilder builder = request.evaluatePreconditions(etag);
    if (builder != null) {
        // Preconditions are not met, returning HTTP 304 'not-modified'
        return builder.cacheControl(cc).build();
    }
    ByteArrayOutputStream baos = new ByteArrayOutputStream();
    baos.write(image.getContent(), 0, image.getContent().length);
    return Response.ok(baos).cacheControl(cc).tag(etag).type(image.getType()).build();
}
Also used : UnauthorizedAccessException(io.gravitee.rest.api.service.exceptions.UnauthorizedAccessException) ByteArrayOutputStream(java.io.ByteArrayOutputStream) CategoryEntity(io.gravitee.rest.api.model.CategoryEntity) UpdateCategoryEntity(io.gravitee.rest.api.model.UpdateCategoryEntity)

Example 4 with UnauthorizedAccessException

use of io.gravitee.rest.api.service.exceptions.UnauthorizedAccessException in project gravitee-management-rest-api by gravitee-io.

the class TaskServiceImpl method findAll.

@Override
public List<TaskEntity> findAll(String userId) {
    if (userId == null) {
        throw new UnauthorizedAccessException();
    }
    try {
        // because Tasks only consists on subscriptions, we can optimize the search by only look for apis where
        // the user has a SUBSCRIPTION_UPDATE permission
        // search for PENDING subscriptions
        Set<String> apiIds = getApisForAPermission(userId, SUBSCRIPTION.getName());
        final List<TaskEntity> tasks;
        if (apiIds.isEmpty()) {
            tasks = new ArrayList<>();
        } else {
            SubscriptionQuery query = new SubscriptionQuery();
            query.setStatuses(singleton(PENDING));
            query.setApis(apiIds);
            tasks = subscriptionService.search(query).stream().map(this::convert).collect(toList());
        }
        // search for PENDING user registration
        final Page<UserEntity> pendingUsers = userService.search(new UserCriteria.Builder().statuses(UserStatus.PENDING).build(), new PageableImpl(1, NUMBER_OF_PENDING_USERS_TO_SEARCH));
        if (pendingUsers.getContent() != null && !pendingUsers.getContent().isEmpty()) {
            tasks.addAll(pendingUsers.getContent().stream().map(this::convert).collect(toList()));
        }
        // search for IN_REVIEW apis
        apiIds = getApisForAPermission(userId, REVIEWS.getName());
        if (!apiIds.isEmpty()) {
            apiIds.forEach(apiId -> {
                final List<Workflow> workflows = workflowService.findByReferenceAndType(API, apiId, WorkflowType.REVIEW);
                if (workflows != null && !workflows.isEmpty()) {
                    final Workflow currentWorkflow = workflows.get(0);
                    if (WorkflowState.IN_REVIEW.name().equals(currentWorkflow.getState())) {
                        tasks.add(convert(currentWorkflow));
                    }
                }
            });
        }
        // search for REQUEST_FOR_CHANGES apis
        apiIds = getApisForAPermission(userId, DEFINITION.getName());
        if (!apiIds.isEmpty()) {
            apiIds.forEach(apiId -> {
                final List<Workflow> workflows = workflowService.findByReferenceAndType(API, apiId, WorkflowType.REVIEW);
                if (workflows != null && !workflows.isEmpty()) {
                    final Workflow currentWorkflow = workflows.get(0);
                    if (WorkflowState.REQUEST_FOR_CHANGES.name().equals(currentWorkflow.getState())) {
                        tasks.add(convert(currentWorkflow));
                    }
                }
            });
        }
        // search for TO_BE_VALIDATED promotions
        tasks.addAll(promotionTasksService.getPromotionTasks(GraviteeContext.getCurrentOrganization()));
        return tasks;
    } catch (TechnicalException e) {
        LOGGER.error("Error retrieving user tasks {}", e.getMessage());
        throw new TechnicalManagementException("Error retreiving user tasks", e);
    }
}
Also used : PageableImpl(io.gravitee.rest.api.model.common.PageableImpl) TechnicalException(io.gravitee.repository.exceptions.TechnicalException) Workflow(io.gravitee.repository.management.model.Workflow) SubscriptionQuery(io.gravitee.rest.api.model.subscription.SubscriptionQuery) UserCriteria(io.gravitee.repository.management.api.search.UserCriteria) UnauthorizedAccessException(io.gravitee.rest.api.service.exceptions.UnauthorizedAccessException) TechnicalManagementException(io.gravitee.rest.api.service.exceptions.TechnicalManagementException)

Example 5 with UnauthorizedAccessException

use of io.gravitee.rest.api.service.exceptions.UnauthorizedAccessException in project gravitee-management-rest-api by gravitee-io.

the class UserResource method updateCurrentUser.

@PUT
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
public Response updateCurrentUser(@Valid @NotNull(message = "Input must not be null.") UserInput user) {
    if (!getAuthenticatedUser().equals(user.getId())) {
        throw new UnauthorizedAccessException();
    }
    UserEntity existingUser = userService.findById(getAuthenticatedUser());
    UpdateUserEntity updateUserEntity = new UpdateUserEntity();
    // the avatar picture
    if (user.getAvatar() != null && !user.getAvatar().startsWith("http")) {
        updateUserEntity.setPicture(checkAndScaleImage(user.getAvatar()));
    } else {
        updateUserEntity.setPicture(existingUser.getPicture());
    }
    if (user.getEmail() != null) {
        updateUserEntity.setEmail(user.getEmail());
    }
    if (user.getFirstName() != null) {
        updateUserEntity.setFirstname(user.getFirstName());
    }
    if (user.getLastName() != null) {
        updateUserEntity.setLastname(user.getLastName());
    }
    updateUserEntity.setCustomFields(user.getCustomFields());
    UserEntity updatedUser = userService.update(user.getId(), updateUserEntity);
    final User currentUser = userMapper.convert(updatedUser);
    currentUser.setLinks(userMapper.computeUserLinks(userURL(uriInfo.getBaseUriBuilder()), updatedUser.getUpdatedAt()));
    return Response.ok(currentUser).build();
}
Also used : User(io.gravitee.rest.api.portal.rest.model.User) UnauthorizedAccessException(io.gravitee.rest.api.service.exceptions.UnauthorizedAccessException)

Aggregations

UnauthorizedAccessException (io.gravitee.rest.api.service.exceptions.UnauthorizedAccessException)8 PageEntity (io.gravitee.rest.api.model.PageEntity)3 RequirePortalAuth (io.gravitee.rest.api.portal.rest.security.RequirePortalAuth)3 CategoryEntity (io.gravitee.rest.api.model.CategoryEntity)2 UpdateCategoryEntity (io.gravitee.rest.api.model.UpdateCategoryEntity)2 ApiQuery (io.gravitee.rest.api.model.api.ApiQuery)2 Page (io.gravitee.rest.api.portal.rest.model.Page)2 ApiNotFoundException (io.gravitee.rest.api.service.exceptions.ApiNotFoundException)2 Page (io.gravitee.common.data.domain.Page)1 MediaType (io.gravitee.common.http.MediaType)1 TechnicalException (io.gravitee.repository.exceptions.TechnicalException)1 UserCriteria (io.gravitee.repository.management.api.search.UserCriteria)1 PageableBuilder (io.gravitee.repository.management.api.search.builder.PageableBuilder)1 Workflow (io.gravitee.repository.management.model.Workflow)1 Permission (io.gravitee.rest.api.management.rest.security.Permission)1 Permissions (io.gravitee.rest.api.management.rest.security.Permissions)1 io.gravitee.rest.api.model (io.gravitee.rest.api.model)1 PUBLIC (io.gravitee.rest.api.model.Visibility.PUBLIC)1 ApiEntity (io.gravitee.rest.api.model.api.ApiEntity)1 PageableImpl (io.gravitee.rest.api.model.common.PageableImpl)1