Examples with Permission org.wso2.carbon.user.api.Permission used on opensource projects

Example 61 with Permission

use of org.wso2.carbon.user.api.Permission in project carbon-apimgt by wso2.

the class APIPublisherImplTestCase method testReplaceGroupNamesWithIdWithInvalidRoles.

@Test(description = "Update API when there is a list of invalid roles specified for permission")
public void testReplaceGroupNamesWithIdWithInvalidRoles() throws APIManagementException {
    ApiDAO apiDAO = Mockito.mock(ApiDAO.class);
    APILifecycleManager apiLifecycleManager = Mockito.mock(APILifecycleManager.class);
    IdentityProvider identityProvider = Mockito.mock(IdentityProvider.class);
    String permissionString = "[{\"groupId\" : \"developer\", \"permission\" : [\"READ\",\"UPDATE\"]}," + "{\"groupId\" : \"invalid_role\", \"permission\" : [\"READ\",\"UPDATE\",\"DELETE\"]}]";
    String errorMessage = "There are invalid roles in the permission string";
    API.APIBuilder api = SampleTestObjectCreator.createDefaultAPI().apiPermission(permissionString);
    String uuid = api.getId();
    GatewaySourceGenerator gatewaySourceGenerator = Mockito.mock(GatewaySourceGenerator.class);
    APIGateway gateway = Mockito.mock(APIGateway.class);
    APIPublisherImpl apiPublisher = getApiPublisherImpl(identityProvider, apiDAO, apiLifecycleManager, gatewaySourceGenerator, gateway);
    Mockito.when(apiDAO.getAPI(uuid)).thenReturn(api.lifeCycleStatus(APIStatus.CREATED.getStatus()).build());
    Mockito.when(identityProvider.getRoleId("invalid_role")).thenThrow(new IdentityProviderException(errorMessage, ExceptionCodes.ROLE_DOES_NOT_EXIST));
    Mockito.when(identityProvider.getRoleId(DEVELOPER_ROLE)).thenReturn(DEVELOPER_ROLE_ID);
    Mockito.when(apiDAO.isAPIContextExists(api.getContext())).thenReturn(true);
    String configString = SampleTestObjectCreator.createSampleGatewayConfig();
    Mockito.when(apiDAO.getGatewayConfigOfAPI(uuid)).thenReturn(configString);
    Mockito.when(apiDAO.getApiSwaggerDefinition(api.getId())).thenReturn(SampleTestObjectCreator.apiDefinition);
    try {
        apiPublisher.updateAPI(api.lifeCycleStatus(APIStatus.CREATED.getStatus()).id(uuid));
    } catch (APIManagementException e) {
        Assert.assertEquals(e.getMessage(), "There are invalid roles in the permission string");
    }
}

Example 62 with Permission

use of org.wso2.carbon.user.api.Permission in project carbon-business-process by wso2.

the class ProcessInstanceService method startInstance.

@POST
@Path("/")
@Consumes({ MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML })
@Produces({ MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML })
public Response startInstance(ProcessInstanceCreateRequest processInstanceCreateRequest) {
    if (log.isDebugEnabled()) {
        log.debug("ProcessInstanceCreateRequest:" + processInstanceCreateRequest.getProcessDefinitionId());
        log.debug(" processInstanceCreateRequest.getVariables().size():" + processInstanceCreateRequest.getVariables().size());
    }
    if (processInstanceCreateRequest.getProcessDefinitionId() == null && processInstanceCreateRequest.getProcessDefinitionKey() == null && processInstanceCreateRequest.getMessage() == null) {
        throw new ActivitiIllegalArgumentException("Either processDefinitionId, processDefinitionKey or message is required.");
    }
    int paramsSet = ((processInstanceCreateRequest.getProcessDefinitionId() != null) ? 1 : 0) + ((processInstanceCreateRequest.getProcessDefinitionKey() != null) ? 1 : 0) + ((processInstanceCreateRequest.getMessage() != null) ? 1 : 0);
    if (paramsSet > 1) {
        throw new ActivitiIllegalArgumentException("Only one of processDefinitionId, processDefinitionKey or message should be set.");
    }
    if (processInstanceCreateRequest.isCustomTenantSet()) {
        // Tenant-id can only be used with either key or message
        if (processInstanceCreateRequest.getProcessDefinitionId() != null) {
            throw new ActivitiIllegalArgumentException("TenantId can only be used with either processDefinitionKey or message.");
        }
    } else {
        // if no tenantId, it must be from definitionId
        if (processInstanceCreateRequest.getProcessDefinitionId() == null) {
            throw new ActivitiIllegalArgumentException("TenantId should be specified to be used with either " + "processDefinitionKey or message.");
        }
    }
    // Have to add the validation part here
    if (!isValidUserToStartProcess(processInstanceCreateRequest)) {
        throw new RestApiBasicAuthenticationException("User doesn't have the necessary permission to start the process");
    }
    if (processInstanceCreateRequest.getSkipInstanceCreation() || processInstanceCreateRequest.getSkipInstanceCreationIfExist()) {
        ProcessInstanceQueryRequest processInstanceQueryRequest = processInstanceCreateRequest.cloneInstanceCreationRequest();
        Map<String, String> allRequestParams = allRequestParams(uriInfo);
        DataResponse dataResponse = getQueryResponse(processInstanceQueryRequest, allRequestParams, uriInfo);
        if (log.isDebugEnabled()) {
            log.debug("ProcessInstanceCreation check:" + dataResponse.getSize());
        }
        int dataResponseSize = dataResponse.getSize();
        if (dataResponseSize > 0) {
            if (processInstanceCreateRequest.getCorrelate()) {
                if (dataResponseSize != 1) {
                    String responseMessage = "Correlation matching failed as there are more than one matching instance with " + "given variables state";
                    throw new NotFoundException(Response.ok().entity(responseMessage).status(Response.Status.NOT_FOUND).build());
                }
                if (processInstanceCreateRequest.getMessageName() == null) {
                    String responseMessage = "Correlation matching failed as messageName property is not specified";
                    throw new ActivitiIllegalArgumentException(responseMessage);
                }
                return performCorrelation(processInstanceCreateRequest);
            } else {
                dataResponse.setMessage("Instance information corresponding to the request");
                return Response.ok().entity(dataResponse).build();
            }
        }
    }
    RestResponseFactory restResponseFactory = new RestResponseFactory();
    Map<String, Object> startVariables = null;
    if (processInstanceCreateRequest.getVariables() != null) {
        startVariables = new HashMap<>();
        for (RestVariable variable : processInstanceCreateRequest.getVariables()) {
            if (variable.getName() == null) {
                throw new ActivitiIllegalArgumentException("Variable name is required.");
            }
            startVariables.put(variable.getName(), restResponseFactory.getVariableValue(variable));
        }
    }
    // updated the additional variables
    if (processInstanceCreateRequest.getAdditionalVariables() != null) {
        if (startVariables == null) {
            startVariables = new HashMap<>();
        }
        for (RestVariable variable : processInstanceCreateRequest.getAdditionalVariables()) {
            if (variable.getName() == null) {
                throw new ActivitiIllegalArgumentException("Additional Variable name is required.");
            }
            startVariables.put(variable.getName(), restResponseFactory.getVariableValue(variable));
        }
    }
    RuntimeService runtimeService = BPMNOSGIService.getRuntimeService();
    IdentityService identityService = BPMNOSGIService.getIdentityService();
    PrivilegedCarbonContext carbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
    String userName = carbonContext.getUsername();
    ProcessInstanceResponse processInstanceResponse;
    // Actually start the instance based on key or id
    try {
        ProcessInstance instance;
        identityService.setAuthenticatedUserId(userName);
        if (processInstanceCreateRequest.getProcessDefinitionId() != null) {
            instance = runtimeService.startProcessInstanceById(processInstanceCreateRequest.getProcessDefinitionId(), processInstanceCreateRequest.getBusinessKey(), startVariables);
        } else if (processInstanceCreateRequest.getProcessDefinitionKey() != null) {
            if (processInstanceCreateRequest.isCustomTenantSet()) {
                instance = runtimeService.startProcessInstanceByKeyAndTenantId(processInstanceCreateRequest.getProcessDefinitionKey(), processInstanceCreateRequest.getBusinessKey(), startVariables, processInstanceCreateRequest.getTenantId());
            } else {
                instance = runtimeService.startProcessInstanceByKey(processInstanceCreateRequest.getProcessDefinitionKey(), processInstanceCreateRequest.getBusinessKey(), startVariables);
            }
        } else {
            if (processInstanceCreateRequest.isCustomTenantSet()) {
                instance = runtimeService.startProcessInstanceByMessageAndTenantId(processInstanceCreateRequest.getMessage(), processInstanceCreateRequest.getBusinessKey(), startVariables, processInstanceCreateRequest.getTenantId());
            } else {
                instance = runtimeService.startProcessInstanceByMessage(processInstanceCreateRequest.getMessage(), processInstanceCreateRequest.getBusinessKey(), startVariables);
            }
        }
        HistoryService historyService = BPMNOSGIService.getHistoryService();
        if (processInstanceCreateRequest.getReturnVariables()) {
            Map<String, Object> runtimeVariableMap = null;
            List<HistoricVariableInstance> historicVariableList = null;
            if (instance.isEnded()) {
                historicVariableList = historyService.createHistoricVariableInstanceQuery().processInstanceId(instance.getId()).list();
            } else {
                runtimeVariableMap = runtimeService.getVariables(instance.getId());
            }
            processInstanceResponse = restResponseFactory.createProcessInstanceResponse(instance, true, runtimeVariableMap, historicVariableList, uriInfo.getBaseUri().toString());
        } else {
            processInstanceResponse = restResponseFactory.createProcessInstanceResponse(instance, uriInfo.getBaseUri().toString());
        }
    } catch (ActivitiObjectNotFoundException aonfe) {
        throw new ActivitiIllegalArgumentException(aonfe.getMessage(), aonfe);
    } finally {
        identityService.setAuthenticatedUserId(null);
    }
    return Response.ok().status(Response.Status.CREATED).entity(processInstanceResponse).build();
}

Example 63 with Permission

use of org.wso2.carbon.user.api.Permission in project carbon-business-process by wso2.

the class UserSubstitutionService method getSubstitute.

/**
 * Return the substitute info for the given user in path parameter
 * @param user
 * @return SubstituteInfoResponse
 * @throws URISyntaxException
 */
@GET
@Path("/{user}")
@Produces({ MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML })
public Response getSubstitute(@PathParam("user") String user) throws UserStoreException {
    if (!subsFeatureEnabled) {
        return Response.status(405).build();
    }
    user = getTenantAwareUser(user);
    int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId();
    String loggedInUser = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername();
    if (!loggedInUser.equals(user) && !isUserAuthorizedForSubstitute(loggedInUser)) {
        throw new BPMNForbiddenException("Not allowed to view others substitution details. No sufficient permission");
    }
    SubstitutesDataModel model = UserSubstitutionUtils.getSubstituteOfUser(user, tenantId);
    if (model != null) {
        SubstituteInfoResponse response = new SubstituteInfoResponse();
        response.setSubstitute(model.getSubstitute());
        response.setAssignee(model.getUser());
        response.setEnabled(model.isEnabled());
        response.setStartTime(model.getSubstitutionStart());
        response.setEndTime(model.getSubstitutionEnd());
        return Response.ok(response).build();
    } else {
        return Response.status(404).build();
    }
}

Example 64 with Permission

use of org.wso2.carbon.user.api.Permission in project carbon-business-process by wso2.

the class UserSubstitutionService method isUserAuthorizedForSubstitute.

/**
 * Check the logged in user has permission for viewing other substitutions.
 * @return true if the permission sufficient
 * @throws UserStoreException
 */
private boolean isUserAuthorizedForSubstitute(String username) throws UserStoreException {
    UserRealm userRealm = BPMNOSGIService.getUserRealm();
    // check with bpmn permission path
    String[] permissionArray = userRealm.getAuthorizationManager().getAllowedUIResourcesForUser(username, BPMNConstants.BPMN_PERMISSION_PATH);
    if (permissionArray != null && permissionArray.length > 0) {
        if (permissionArray[0].equals(BPMNConstants.BPMN_PERMISSION_PATH) || isPermissionExist(permissionArray, BPMNConstants.SUBSTITUTION_PERMISSION_PATH)) {
            return true;
        }
    }
    // check for admin permission
    String[] adminPermissionArray = userRealm.getAuthorizationManager().getAllowedUIResourcesForUser(username, BPMNConstants.ROOT_PERMISSION_PATH);
    if (adminPermissionArray != null && adminPermissionArray.length > 0) {
        if (adminPermissionArray[0].equals(BPMNConstants.ROOT_PERMISSION_PATH) || adminPermissionArray[0].equals(BPMNConstants.ADMIN_PERMISSION_PATH)) {
            return true;
        }
    }
    return false;
}

Example 65 with Permission

use of org.wso2.carbon.user.api.Permission in project carbon-apimgt by wso2.

the class APIMConfigServiceImpl method addGAConfig.

@Override
public void addGAConfig(String organization, String gaConfig) throws APIManagementException {
    if (organization == null) {
        organization = MultitenantConstants.SUPER_TENANT_DOMAIN_NAME;
    }
    try {
        PrivilegedCarbonContext.startTenantFlow();
        PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(organization, true);
        int tenantId = APIUtil.getTenantIdFromTenantDomain(organization);
        if (!MultitenantConstants.SUPER_TENANT_DOMAIN_NAME.equals(organization)) {
            APIUtil.loadTenantRegistry(tenantId);
        }
        UserRegistry registry = ServiceReferenceHolder.getInstance().getRegistryService().getGovernanceSystemRegistry(tenantId);
        if (!registry.resourceExists(APIConstants.GA_CONFIGURATION_LOCATION)) {
            byte[] data = IOUtils.toByteArray(new StringReader(gaConfig));
            Resource resource = registry.newResource();
            resource.setContent(data);
            resource.setMediaType(APIConstants.GA_CONF_MEDIA_TYPE);
            registry.put(APIConstants.GA_CONFIGURATION_LOCATION, resource);
            /*set resource permission*/
            org.wso2.carbon.user.api.AuthorizationManager authManager = ServiceReferenceHolder.getInstance().getRealmService().getTenantUserRealm(tenantId).getAuthorizationManager();
            String resourcePath = RegistryUtils.getAbsolutePath(RegistryContext.getBaseInstance(), APIUtil.getMountedPath(RegistryContext.getBaseInstance(), RegistryConstants.GOVERNANCE_REGISTRY_BASE_PATH) + APIConstants.GA_CONFIGURATION_LOCATION);
            authManager.denyRole(APIConstants.EVERYONE_ROLE, resourcePath, ActionConstants.GET);
        }
    } catch (RegistryException | IOException | UserStoreException e) {
        String msg = "Error while add Google Analytics Configuration from registry";
        log.error(msg, e);
        throw new APIManagementException(msg, e);
    } finally {
        PrivilegedCarbonContext.endTenantFlow();
    }
}