use of io.gravitee.rest.api.service.exceptions.UnauthorizedAccessException in project gravitee-management-rest-api by gravitee-io.
the class ApiPageResource method getPageContentByApiIdAndPageId.
@GET
@Path("content")
@Produces(MediaType.TEXT_PLAIN)
@RequirePortalAuth
public Response getPageContentByApiIdAndPageId(@PathParam("apiId") String apiId, @PathParam("pageId") String pageId) {
final ApiQuery apiQuery = new ApiQuery();
apiQuery.setIds(Collections.singletonList(apiId));
if (accessControlService.canAccessApiFromPortal(apiId)) {
PageEntity pageEntity = pageService.findById(pageId, null);
if (accessControlService.canAccessPageFromPortal(apiId, pageEntity)) {
pageService.transformSwagger(pageEntity, apiId);
return Response.ok(pageEntity.getContent()).build();
} else {
throw new UnauthorizedAccessException();
}
}
throw new ApiNotFoundException(apiId);
}
use of io.gravitee.rest.api.service.exceptions.UnauthorizedAccessException in project gravitee-management-rest-api by gravitee-io.
the class CategoryResource method getCategory.
@GET
@Produces(APPLICATION_JSON)
@ApiOperation(value = "Get the category", notes = "User must have the PORTAL_CATEGORY[READ] permission to use this service")
@ApiResponses({ @ApiResponse(code = 200, message = "Category's definition", response = CategoryEntity.class), @ApiResponse(code = 500, message = "Internal server error") })
public CategoryEntity getCategory() {
boolean canShowCategory = hasPermission(RolePermission.ENVIRONMENT_CATEGORY, RolePermissionAction.READ);
CategoryEntity category = categoryService.findById(categoryId);
if (!canShowCategory && category.isHidden()) {
throw new UnauthorizedAccessException();
}
// set picture
setPictures(category, false);
return category;
}
use of io.gravitee.rest.api.service.exceptions.UnauthorizedAccessException in project gravitee-management-rest-api by gravitee-io.
the class CategoryResource method getImageResponse.
private Response getImageResponse(Request request, InlinePictureEntity image) {
boolean canShowCategory = hasPermission(RolePermission.ENVIRONMENT_CATEGORY, RolePermissionAction.READ);
CategoryEntity category = categoryService.findById(categoryId);
if (!canShowCategory && category.isHidden()) {
throw new UnauthorizedAccessException();
}
CacheControl cc = new CacheControl();
cc.setNoTransform(true);
cc.setMustRevalidate(false);
cc.setNoCache(false);
cc.setMaxAge(86400);
if (image == null || image.getContent() == null) {
return Response.ok().build();
}
EntityTag etag = new EntityTag(Integer.toString(new String(image.getContent()).hashCode()));
Response.ResponseBuilder builder = request.evaluatePreconditions(etag);
if (builder != null) {
// Preconditions are not met, returning HTTP 304 'not-modified'
return builder.cacheControl(cc).build();
}
ByteArrayOutputStream baos = new ByteArrayOutputStream();
baos.write(image.getContent(), 0, image.getContent().length);
return Response.ok(baos).cacheControl(cc).tag(etag).type(image.getType()).build();
}
use of io.gravitee.rest.api.service.exceptions.UnauthorizedAccessException in project gravitee-management-rest-api by gravitee-io.
the class TaskServiceImpl method findAll.
@Override
public List<TaskEntity> findAll(String userId) {
if (userId == null) {
throw new UnauthorizedAccessException();
}
try {
// because Tasks only consists on subscriptions, we can optimize the search by only look for apis where
// the user has a SUBSCRIPTION_UPDATE permission
// search for PENDING subscriptions
Set<String> apiIds = getApisForAPermission(userId, SUBSCRIPTION.getName());
final List<TaskEntity> tasks;
if (apiIds.isEmpty()) {
tasks = new ArrayList<>();
} else {
SubscriptionQuery query = new SubscriptionQuery();
query.setStatuses(singleton(PENDING));
query.setApis(apiIds);
tasks = subscriptionService.search(query).stream().map(this::convert).collect(toList());
}
// search for PENDING user registration
final Page<UserEntity> pendingUsers = userService.search(new UserCriteria.Builder().statuses(UserStatus.PENDING).build(), new PageableImpl(1, NUMBER_OF_PENDING_USERS_TO_SEARCH));
if (pendingUsers.getContent() != null && !pendingUsers.getContent().isEmpty()) {
tasks.addAll(pendingUsers.getContent().stream().map(this::convert).collect(toList()));
}
// search for IN_REVIEW apis
apiIds = getApisForAPermission(userId, REVIEWS.getName());
if (!apiIds.isEmpty()) {
apiIds.forEach(apiId -> {
final List<Workflow> workflows = workflowService.findByReferenceAndType(API, apiId, WorkflowType.REVIEW);
if (workflows != null && !workflows.isEmpty()) {
final Workflow currentWorkflow = workflows.get(0);
if (WorkflowState.IN_REVIEW.name().equals(currentWorkflow.getState())) {
tasks.add(convert(currentWorkflow));
}
}
});
}
// search for REQUEST_FOR_CHANGES apis
apiIds = getApisForAPermission(userId, DEFINITION.getName());
if (!apiIds.isEmpty()) {
apiIds.forEach(apiId -> {
final List<Workflow> workflows = workflowService.findByReferenceAndType(API, apiId, WorkflowType.REVIEW);
if (workflows != null && !workflows.isEmpty()) {
final Workflow currentWorkflow = workflows.get(0);
if (WorkflowState.REQUEST_FOR_CHANGES.name().equals(currentWorkflow.getState())) {
tasks.add(convert(currentWorkflow));
}
}
});
}
// search for TO_BE_VALIDATED promotions
tasks.addAll(promotionTasksService.getPromotionTasks(GraviteeContext.getCurrentOrganization()));
return tasks;
} catch (TechnicalException e) {
LOGGER.error("Error retrieving user tasks {}", e.getMessage());
throw new TechnicalManagementException("Error retreiving user tasks", e);
}
}
use of io.gravitee.rest.api.service.exceptions.UnauthorizedAccessException in project gravitee-management-rest-api by gravitee-io.
the class UserResource method updateCurrentUser.
@PUT
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
public Response updateCurrentUser(@Valid @NotNull(message = "Input must not be null.") UserInput user) {
if (!getAuthenticatedUser().equals(user.getId())) {
throw new UnauthorizedAccessException();
}
UserEntity existingUser = userService.findById(getAuthenticatedUser());
UpdateUserEntity updateUserEntity = new UpdateUserEntity();
// the avatar picture
if (user.getAvatar() != null && !user.getAvatar().startsWith("http")) {
updateUserEntity.setPicture(checkAndScaleImage(user.getAvatar()));
} else {
updateUserEntity.setPicture(existingUser.getPicture());
}
if (user.getEmail() != null) {
updateUserEntity.setEmail(user.getEmail());
}
if (user.getFirstName() != null) {
updateUserEntity.setFirstname(user.getFirstName());
}
if (user.getLastName() != null) {
updateUserEntity.setLastname(user.getLastName());
}
updateUserEntity.setCustomFields(user.getCustomFields());
UserEntity updatedUser = userService.update(user.getId(), updateUserEntity);
final User currentUser = userMapper.convert(updatedUser);
currentUser.setLinks(userMapper.computeUserLinks(userURL(uriInfo.getBaseUriBuilder()), updatedUser.getUpdatedAt()));
return Response.ok(currentUser).build();
}
Aggregations