Search in sources :

Example 6 with UnauthorizedAccessException

use of io.gravitee.rest.api.service.exceptions.UnauthorizedAccessException in project gravitee-management-rest-api by gravitee-io.

the class ApiPageResource method getPageByApiIdAndPageId.

@GET
@Produces(MediaType.APPLICATION_JSON)
@RequirePortalAuth
public Response getPageByApiIdAndPageId(@HeaderParam("Accept-Language") String acceptLang, @PathParam("apiId") String apiId, @PathParam("pageId") String pageId, @QueryParam("include") List<String> include) {
    final ApiQuery apiQuery = new ApiQuery();
    apiQuery.setIds(Collections.singletonList(apiId));
    if (accessControlService.canAccessApiFromPortal(apiId)) {
        final String acceptedLocale = HttpHeadersUtil.getFirstAcceptedLocaleName(acceptLang);
        PageEntity pageEntity = pageService.findById(pageId, acceptedLocale);
        if (accessControlService.canAccessPageFromPortal(apiId, pageEntity)) {
            pageService.transformSwagger(pageEntity, apiId);
            if (!isAuthenticated() && pageEntity.getMetadata() != null) {
                pageEntity.getMetadata().clear();
            }
            Page page = pageMapper.convert(uriInfo.getBaseUriBuilder(), apiId, pageEntity);
            if (include.contains(INCLUDE_CONTENT)) {
                page.setContent(pageEntity.getContent());
            }
            page.setLinks(pageMapper.computePageLinks(PortalApiLinkHelper.apiPagesURL(uriInfo.getBaseUriBuilder(), apiId, pageId), PortalApiLinkHelper.apiPagesURL(uriInfo.getBaseUriBuilder(), apiId, page.getParent())));
            return Response.ok(page).build();
        } else {
            throw new UnauthorizedAccessException();
        }
    }
    throw new ApiNotFoundException(apiId);
}
Also used : PageEntity(io.gravitee.rest.api.model.PageEntity) ApiQuery(io.gravitee.rest.api.model.api.ApiQuery) UnauthorizedAccessException(io.gravitee.rest.api.service.exceptions.UnauthorizedAccessException) ApiNotFoundException(io.gravitee.rest.api.service.exceptions.ApiNotFoundException) Page(io.gravitee.rest.api.portal.rest.model.Page) RequirePortalAuth(io.gravitee.rest.api.portal.rest.security.RequirePortalAuth)

Example 7 with UnauthorizedAccessException

use of io.gravitee.rest.api.service.exceptions.UnauthorizedAccessException in project gravitee-management-rest-api by gravitee-io.

the class PageResource method getPageByPageId.

@GET
@Produces(MediaType.APPLICATION_JSON)
@RequirePortalAuth
public Response getPageByPageId(@HeaderParam("Accept-Language") String acceptLang, @PathParam("pageId") String pageId, @QueryParam("include") List<String> include) {
    final String acceptedLocale = HttpHeadersUtil.getFirstAcceptedLocaleName(acceptLang);
    PageEntity pageEntity = pageService.findById(pageId, acceptedLocale);
    if (accessControlService.canAccessPageFromPortal(pageEntity)) {
        if (!isAuthenticated() && pageEntity.getMetadata() != null) {
            pageEntity.getMetadata().clear();
        }
        pageService.transformWithTemplate(pageEntity, null);
        Page page = pageMapper.convert(uriInfo.getBaseUriBuilder(), null, pageEntity);
        if (include.contains(INCLUDE_CONTENT)) {
            page.setContent(pageEntity.getContent());
        }
        page.setLinks(pageMapper.computePageLinks(PortalApiLinkHelper.pagesURL(uriInfo.getBaseUriBuilder(), pageId), PortalApiLinkHelper.pagesURL(uriInfo.getBaseUriBuilder(), page.getParent())));
        return Response.ok(page).build();
    } else {
        throw new UnauthorizedAccessException();
    }
}
Also used : PageEntity(io.gravitee.rest.api.model.PageEntity) UnauthorizedAccessException(io.gravitee.rest.api.service.exceptions.UnauthorizedAccessException) Page(io.gravitee.rest.api.portal.rest.model.Page) RequirePortalAuth(io.gravitee.rest.api.portal.rest.security.RequirePortalAuth)

Example 8 with UnauthorizedAccessException

use of io.gravitee.rest.api.service.exceptions.UnauthorizedAccessException in project gravitee-management-rest-api by gravitee-io.

the class ApiRatingResource method getApiRating.

@GET
@ApiOperation(value = "List ratings for an API")
@Produces(MediaType.APPLICATION_JSON)
public Page<RatingEntity> getApiRating(@Min(1) @QueryParam("pageNumber") int pageNumber, @QueryParam("pageSize") int pageSize) {
    final ApiEntity apiEntity = apiService.findById(api);
    if (PUBLIC.equals(apiEntity.getVisibility()) || hasPermission(RolePermission.API_RATING, api, RolePermissionAction.READ)) {
        final Page<RatingEntity> ratingEntityPage = ratingService.findByApi(api, new PageableBuilder().pageNumber(pageNumber).pageSize(pageSize).build());
        final List<RatingEntity> filteredRatings = ratingEntityPage.getContent().stream().map(ratingEntity -> filterPermission(api, ratingEntity)).collect(toList());
        return new Page<>(filteredRatings, ratingEntityPage.getPageNumber(), (int) ratingEntityPage.getPageElements(), ratingEntityPage.getTotalElements());
    } else {
        throw new UnauthorizedAccessException();
    }
}
Also used : PUBLIC(io.gravitee.rest.api.model.Visibility.PUBLIC) RolePermissionAction(io.gravitee.rest.api.model.permissions.RolePermissionAction) ApiEntity(io.gravitee.rest.api.model.api.ApiEntity) Page(io.gravitee.common.data.domain.Page) RatingService(io.gravitee.rest.api.service.RatingService) ApiParam(io.swagger.annotations.ApiParam) Min(javax.validation.constraints.Min) NotNull(javax.validation.constraints.NotNull) Permission(io.gravitee.rest.api.management.rest.security.Permission) UnauthorizedAccessException(io.gravitee.rest.api.service.exceptions.UnauthorizedAccessException) Inject(javax.inject.Inject) Valid(javax.validation.Valid) ApiOperation(io.swagger.annotations.ApiOperation) Collectors.toList(java.util.stream.Collectors.toList) List(java.util.List) MediaType(io.gravitee.common.http.MediaType) javax.ws.rs(javax.ws.rs) PageableBuilder(io.gravitee.repository.management.api.search.builder.PageableBuilder) io.gravitee.rest.api.model(io.gravitee.rest.api.model) Api(io.swagger.annotations.Api) Permissions(io.gravitee.rest.api.management.rest.security.Permissions) RolePermission(io.gravitee.rest.api.model.permissions.RolePermission) UnauthorizedAccessException(io.gravitee.rest.api.service.exceptions.UnauthorizedAccessException) ApiEntity(io.gravitee.rest.api.model.api.ApiEntity) Page(io.gravitee.common.data.domain.Page) PageableBuilder(io.gravitee.repository.management.api.search.builder.PageableBuilder) ApiOperation(io.swagger.annotations.ApiOperation)

Aggregations

UnauthorizedAccessException (io.gravitee.rest.api.service.exceptions.UnauthorizedAccessException)8 PageEntity (io.gravitee.rest.api.model.PageEntity)3 RequirePortalAuth (io.gravitee.rest.api.portal.rest.security.RequirePortalAuth)3 CategoryEntity (io.gravitee.rest.api.model.CategoryEntity)2 UpdateCategoryEntity (io.gravitee.rest.api.model.UpdateCategoryEntity)2 ApiQuery (io.gravitee.rest.api.model.api.ApiQuery)2 Page (io.gravitee.rest.api.portal.rest.model.Page)2 ApiNotFoundException (io.gravitee.rest.api.service.exceptions.ApiNotFoundException)2 Page (io.gravitee.common.data.domain.Page)1 MediaType (io.gravitee.common.http.MediaType)1 TechnicalException (io.gravitee.repository.exceptions.TechnicalException)1 UserCriteria (io.gravitee.repository.management.api.search.UserCriteria)1 PageableBuilder (io.gravitee.repository.management.api.search.builder.PageableBuilder)1 Workflow (io.gravitee.repository.management.model.Workflow)1 Permission (io.gravitee.rest.api.management.rest.security.Permission)1 Permissions (io.gravitee.rest.api.management.rest.security.Permissions)1 io.gravitee.rest.api.model (io.gravitee.rest.api.model)1 PUBLIC (io.gravitee.rest.api.model.Visibility.PUBLIC)1 ApiEntity (io.gravitee.rest.api.model.api.ApiEntity)1 PageableImpl (io.gravitee.rest.api.model.common.PageableImpl)1