use of org.wso2.carbon.user.api.Permission in project carbon-apimgt by wso2.
the class APIProviderImplTest method testUpdateAPI_WithStatusChange.
@Test(expected = APIManagementException.class)
public void testUpdateAPI_WithStatusChange() throws RegistryException, UserStoreException, APIManagementException, FaultGatewaysException, APIPersistenceException, XMLStreamException {
APIIdentifier identifier = new APIIdentifier("admin", "API1", "1.0.0");
API api = new API(identifier);
api.setStatus(APIConstants.PUBLISHED);
api.setVisibility("public");
// API status change is not allowed in UpdateAPI(). Should throw an exception.
API oldApi = new API(identifier);
oldApi.setStatus(APIConstants.CREATED);
oldApi.setVisibility("public");
oldApi.setContext("/api1");
APIProviderImplWrapper apiProvider = new APIProviderImplWrapper(apiPersistenceInstance, apimgtDAO, scopesDAO, null, null);
RegistryService registryService = Mockito.mock(RegistryService.class);
UserRegistry userRegistry = Mockito.mock(UserRegistry.class);
ServiceReferenceHolder serviceReferenceHolder = TestUtils.getServiceReferenceHolder();
RealmService realmService = Mockito.mock(RealmService.class);
TenantManager tenantManager = Mockito.mock(TenantManager.class);
Mockito.when(artifactManager.newGovernanceArtifact(any(QName.class))).thenReturn(artifact);
Mockito.when(APIUtil.createAPIArtifactContent(artifact, oldApi)).thenReturn(artifact);
PowerMockito.when(ServiceReferenceHolder.getInstance()).thenReturn(serviceReferenceHolder);
Mockito.when(serviceReferenceHolder.getRegistryService()).thenReturn(registryService);
Mockito.when(registryService.getConfigSystemRegistry(Mockito.anyInt())).thenReturn(userRegistry);
Mockito.when(serviceReferenceHolder.getRealmService()).thenReturn(realmService);
Mockito.when(realmService.getTenantManager()).thenReturn(tenantManager);
PublisherAPI publisherAPI = Mockito.mock(PublisherAPI.class);
PowerMockito.when(apiPersistenceInstance.addAPI(any(Organization.class), any(PublisherAPI.class))).thenReturn(publisherAPI);
apiProvider.addAPI(oldApi);
// mock has permission
Resource apiSourceArtifact = Mockito.mock(Resource.class);
Mockito.when(apiSourceArtifact.getUUID()).thenReturn("12640983654");
String apiSourcePath = "path";
PowerMockito.when(APIUtil.getAPIPath(api.getId())).thenReturn(apiSourcePath);
PowerMockito.when(apiProvider.registry.get(apiSourcePath)).thenReturn(apiSourceArtifact);
// API Status is CREATED and user has permission
Mockito.when(artifact.getAttribute(APIConstants.API_OVERVIEW_STATUS)).thenReturn("CREATED");
Mockito.when(artifactManager.getGenericArtifact(apiSourceArtifact.getUUID())).thenReturn(artifact);
PowerMockito.when(APIUtil.hasPermission(null, APIConstants.Permissions.API_PUBLISH)).thenReturn(true);
PowerMockito.when(APIUtil.hasPermission(null, APIConstants.Permissions.API_CREATE)).thenReturn(true);
apiProvider.updateAPI(api, oldApi);
}
use of org.wso2.carbon.user.api.Permission in project carbon-apimgt by wso2.
the class APIProviderImplTest method testUpdateAPI_InPublishedState.
@Test
public void testUpdateAPI_InPublishedState() throws Exception {
APIIdentifier identifier = new APIIdentifier("admin-AT-carbon.super", "API1", "1.0.0");
Set<String> environments = new HashSet<String>();
environments.add("PRODUCTION");
Set<String> newEnvironments = new HashSet<String>();
newEnvironments.add("SANDBOX");
Set<URITemplate> uriTemplates = new HashSet<URITemplate>();
Set<URITemplate> newUriTemplates = new HashSet<URITemplate>();
URITemplate uriTemplate1 = new URITemplate();
uriTemplate1.setHTTPVerb("POST");
uriTemplate1.setAuthType("Application");
uriTemplate1.setUriTemplate("/add");
uriTemplate1.setThrottlingTier("Gold");
uriTemplates.add(uriTemplate1);
URITemplate uriTemplate2 = new URITemplate();
uriTemplate2.setHTTPVerb("PUT");
uriTemplate2.setAuthType("Application");
uriTemplate2.setUriTemplate("/update");
uriTemplate2.setThrottlingTier("Gold");
newUriTemplates.add(uriTemplate1);
newUriTemplates.add(uriTemplate2);
final API api = new API(identifier);
api.setStatus(APIConstants.PUBLISHED);
api.setVisibility("private");
api.setVisibleRoles("admin");
api.setAccessControl("all");
api.setTransports("http,https");
api.setContext("/test");
api.setEnvironments(newEnvironments);
api.setUriTemplates(newUriTemplates);
api.setOrganization("carbon.super");
API oldApi = new API(identifier);
oldApi.setStatus(APIConstants.PUBLISHED);
oldApi.setVisibility("public");
oldApi.setAccessControl("all");
oldApi.setContext("/test");
oldApi.setEnvironments(environments);
oldApi.setOrganization("carbon.super");
api.setUriTemplates(uriTemplates);
JSONObject jsonObject = new JSONObject();
jsonObject.put("test", "new_test");
api.setAdditionalProperties(jsonObject);
api.addProperty("secured", "false");
Tier tier = new Tier("Gold");
Map<String, Tier> tiers = new TreeMap<>();
tiers.put("Gold", tier);
Mockito.when(APIUtil.getTiers(APIConstants.TIER_RESOURCE_TYPE, "carbon.super")).thenReturn(tiers);
List<Documentation> documentationList = getDocumentationList();
Documentation documentation = documentationList.get(1);
Mockito.when(APIUtil.getAPIDocPath(api.getId())).thenReturn(documentation.getFilePath());
APIProviderImplWrapper apiProviderImplWrapper = new APIProviderImplWrapper(apimgtDAO, scopesDAO);
Resource docResource = Mockito.mock(Resource.class);
Mockito.when(docResource.getUUID()).thenReturn(documentation.getId());
Mockito.when(apiProviderImplWrapper.registry.get(documentation.getFilePath())).thenReturn(docResource);
GenericArtifact docArtifact = Mockito.mock(GenericArtifact.class);
Mockito.when(artifactManager.getGenericArtifact(documentation.getId())).thenReturn(docArtifact);
Mockito.when(APIUtil.getDocumentation(docArtifact)).thenReturn(documentation);
Mockito.when(docArtifact.getPath()).thenReturn(artifactPath);
PowerMockito.doNothing().when(APIUtil.class, "clearResourcePermissions", Mockito.any(), Mockito.any(), Mockito.anyInt());
String[] roles = { "admin", "subscriber" };
APIUtil.setResourcePermissions("admin", "Public", roles, artifactPath);
Mockito.when(docArtifact.getAttribute(APIConstants.DOC_FILE_PATH)).thenReturn("docFilePath");
final APIProviderImplWrapper apiProvider = new APIProviderImplWrapper(apiPersistenceInstance, apimgtDAO, scopesDAO, documentationList, null);
Mockito.when(artifactManager.newGovernanceArtifact(any(QName.class))).thenReturn(artifact);
Mockito.when(APIUtil.createAPIArtifactContent(artifact, oldApi)).thenReturn(artifact);
RegistryService registryService = Mockito.mock(RegistryService.class);
UserRegistry userRegistry = Mockito.mock(UserRegistry.class);
ServiceReferenceHolder serviceReferenceHolder = TestUtils.getServiceReferenceHolder();
RealmService realmService = Mockito.mock(RealmService.class);
TenantManager tenantManager = Mockito.mock(TenantManager.class);
PowerMockito.when(ServiceReferenceHolder.getInstance()).thenReturn(serviceReferenceHolder);
Mockito.when(serviceReferenceHolder.getRegistryService()).thenReturn(registryService);
Mockito.when(registryService.getConfigSystemRegistry(Mockito.anyInt())).thenReturn(userRegistry);
Mockito.when(serviceReferenceHolder.getRealmService()).thenReturn(realmService);
Mockito.when(realmService.getTenantManager()).thenReturn(tenantManager);
PublisherAPI publisherAPI = Mockito.mock(PublisherAPI.class);
PowerMockito.when(apiPersistenceInstance.addAPI(any(Organization.class), any(PublisherAPI.class))).thenReturn(publisherAPI);
apiProvider.addAPI(oldApi);
RegistryAuthorizationManager registryAuthorizationManager = Mockito.mock(RegistryAuthorizationManager.class);
PowerMockito.whenNew(RegistryAuthorizationManager.class).withAnyArguments().thenReturn(registryAuthorizationManager);
// mock has permission
Resource apiSourceArtifact = Mockito.mock(Resource.class);
Mockito.when(apiSourceArtifact.getUUID()).thenReturn("12640983654");
String apiSourcePath = "path";
PowerMockito.when(APIUtil.getAPIPath(api.getId())).thenReturn(apiSourcePath);
PowerMockito.when(APIUtil.getAPIPath(oldApi.getId())).thenReturn(apiSourcePath);
PowerMockito.when(apiProvider.registry.get(apiSourcePath)).thenReturn(apiSourceArtifact);
// API Status is CREATED and user has permission
Mockito.when(artifact.getAttribute(APIConstants.API_OVERVIEW_STATUS)).thenReturn("PUBLISHED");
Mockito.when(artifact.getAttribute(APIConstants.API_OVERVIEW_ENDPOINT_USERNAME)).thenReturn("user1");
Mockito.when(artifact.getAttribute(APIConstants.API_OVERVIEW_ENDPOINT_PASSWORD)).thenReturn("password");
Mockito.when(artifactManager.getGenericArtifact(apiSourceArtifact.getUUID())).thenReturn(artifact);
PowerMockito.when(APIUtil.hasPermission(null, APIConstants.Permissions.API_PUBLISH)).thenReturn(true);
PowerMockito.when(APIUtil.hasPermission(null, APIConstants.Permissions.API_CREATE)).thenReturn(true);
Mockito.when(apimgtDAO.getDefaultVersion(identifier)).thenReturn("1.0.0");
Mockito.when(apimgtDAO.getPublishedDefaultVersion(identifier)).thenReturn("1.0.0");
// updateDefaultAPIInRegistry
String defaultAPIPath = APIConstants.API_LOCATION + RegistryConstants.PATH_SEPARATOR + identifier.getProviderName() + RegistryConstants.PATH_SEPARATOR + identifier.getApiName() + RegistryConstants.PATH_SEPARATOR + identifier.getVersion() + APIConstants.API_RESOURCE_NAME;
Resource defaultAPISourceArtifact = Mockito.mock(Resource.class);
String defaultAPIUUID = "12640983600";
Mockito.when(defaultAPISourceArtifact.getUUID()).thenReturn(defaultAPIUUID);
Mockito.when(apiProvider.registry.get(defaultAPIPath)).thenReturn(defaultAPISourceArtifact);
GenericArtifact defaultAPIArtifact = Mockito.mock(GenericArtifact.class);
Mockito.when(artifactManager.getGenericArtifact(defaultAPIUUID)).thenReturn(defaultAPIArtifact);
Mockito.doNothing().when(artifactManager).updateGenericArtifact(defaultAPIArtifact);
TestUtils.mockAPIMConfiguration(APIConstants.API_GATEWAY_TYPE, APIConstants.API_GATEWAY_TYPE_SYNAPSE, -1234);
// updateApiArtifact
PowerMockito.when(APIUtil.createAPIArtifactContent(artifact, api)).thenReturn(artifact);
Mockito.when(artifact.getId()).thenReturn("12640983654");
PowerMockito.when(GovernanceUtils.getArtifactPath(apiProvider.registry, "12640983654")).thenReturn(apiSourcePath);
// Mock Updating API
Mockito.doAnswer(new Answer<Void>() {
@Override
public Void answer(InvocationOnMock invocation) throws Throwable {
apiProvider.createAPI(api);
return null;
}
}).when(artifactManager).updateGenericArtifact(artifact);
// Mocking API already not published and published
PowerMockito.mockStatic(OASParserUtil.class);
Mockito.when(OASParserUtil.getAPIDefinition(api.getId(), apiProvider.registry)).thenReturn("{\"info\": {\"swagger\":\"data\"}}");
APIManagerConfiguration config = ServiceReferenceHolder.getInstance().getAPIManagerConfigurationService().getAPIManagerConfiguration();
GatewayArtifactSynchronizerProperties synchronizerProperties = new GatewayArtifactSynchronizerProperties();
Mockito.when(config.getGatewayArtifactSynchronizerProperties()).thenReturn(synchronizerProperties);
PowerMockito.when(apiPersistenceInstance.getPublisherAPI(any(Organization.class), any(String.class))).thenReturn(publisherAPI);
apiProvider.updateAPI(api, oldApi);
Assert.assertEquals(1, api.getEnvironments().size());
Assert.assertEquals(true, api.getEnvironments().contains("SANDBOX"));
// Previous updateAPI() call enabled API security. Therefore need to set it as false for the second test
api.setEndpointSecured(false);
apiProvider.updateAPI(api, oldApi);
Assert.assertEquals(1, api.getEnvironments().size());
Assert.assertEquals(true, api.getEnvironments().contains("SANDBOX"));
// Test WSDL endpoint API
api.setEndpointConfig(EP_CONFIG_WSDL);
PowerMockito.when(APIUtil.isValidWSDLURL(WSDL_URL, true)).thenReturn(true);
PowerMockito.when(APIUtil.createWSDL(apiProvider.registry, api)).thenReturn("wsdl_path");
apiProvider.updateAPI(api, oldApi);
Assert.assertEquals(1, api.getEnvironments().size());
Assert.assertEquals(true, api.getEnvironments().contains("SANDBOX"));
Assert.assertEquals("Additional properties that are set are not retrieved new_test", "new_test", api.getAdditionalProperties().get("test"));
Assert.assertEquals("Additional properties that are set are not retrieved new_test", "false", api.getAdditionalProperties().get("secured"));
}
use of org.wso2.carbon.user.api.Permission in project carbon-apimgt by wso2.
the class APIProviderImplTest method testIsAPIUpdateValid.
@Test
public void testIsAPIUpdateValid() throws RegistryException, UserStoreException, APIManagementException {
API api = new API(new APIIdentifier("admin", "API1", "1.0.0"));
api.setContext("/test");
api.setStatus(APIConstants.CREATED);
APIProviderImplWrapper apiProvider = new APIProviderImplWrapper(apimgtDAO, scopesDAO);
Resource apiSourceArtifact = Mockito.mock(Resource.class);
Mockito.when(apiSourceArtifact.getUUID()).thenReturn("12640983654");
String apiSourcePath = "path";
PowerMockito.when(APIUtil.getAPIPath(api.getId())).thenReturn(apiSourcePath);
PowerMockito.when(apiProvider.registry.get(apiSourcePath)).thenReturn(apiSourceArtifact);
// API Status is CREATED and user has permission
Mockito.when(artifact.getAttribute(APIConstants.API_OVERVIEW_STATUS)).thenReturn("CREATED");
Mockito.when(artifactManager.getGenericArtifact(apiSourceArtifact.getUUID())).thenReturn(artifact);
PowerMockito.when(APIUtil.hasPermission(null, APIConstants.Permissions.API_PUBLISH)).thenReturn(true);
PowerMockito.when(APIUtil.hasPermission(null, APIConstants.Permissions.API_CREATE)).thenReturn(true);
boolean status = apiProvider.isAPIUpdateValid(api);
Assert.assertTrue(status);
// API Status is CREATED and user doesn't have permission
PowerMockito.when(APIUtil.hasPermission(null, APIConstants.Permissions.API_PUBLISH)).thenReturn(false);
PowerMockito.when(APIUtil.hasPermission(null, APIConstants.Permissions.API_CREATE)).thenReturn(false);
status = apiProvider.isAPIUpdateValid(api);
Assert.assertFalse(status);
// API Status is PROTOTYPED and user has permission
api.setStatus(APIConstants.PROTOTYPED);
Mockito.when(artifact.getAttribute(APIConstants.API_OVERVIEW_STATUS)).thenReturn("PROTOTYPED");
// Mockito.when(artifactManager.getGenericArtifact(apiSourceArtifact.getUUID())).thenReturn(artifact);
PowerMockito.when(APIUtil.hasPermission(null, APIConstants.Permissions.API_PUBLISH)).thenReturn(true);
PowerMockito.when(APIUtil.hasPermission(null, APIConstants.Permissions.API_CREATE)).thenReturn(true);
status = apiProvider.isAPIUpdateValid(api);
Assert.assertTrue(status);
// API Status is PROTOTYPED and user doesn't have permission
api.setStatus(APIConstants.PROTOTYPED);
Mockito.when(artifact.getAttribute(APIConstants.API_OVERVIEW_STATUS)).thenReturn("PROTOTYPED");
// Mockito.when(artifactManager.getGenericArtifact(apiSourceArtifact.getUUID())).thenReturn(artifact);
PowerMockito.when(APIUtil.hasPermission(null, APIConstants.Permissions.API_PUBLISH)).thenReturn(false);
PowerMockito.when(APIUtil.hasPermission(null, APIConstants.Permissions.API_CREATE)).thenReturn(false);
status = apiProvider.isAPIUpdateValid(api);
Assert.assertFalse(status);
// API Status is DEPRECATED and has publish permission
api.setStatus(APIConstants.DEPRECATED);
Mockito.when(artifact.getAttribute(APIConstants.API_OVERVIEW_STATUS)).thenReturn("DEPRECATED");
// Mockito.when(artifactManager.getGenericArtifact(apiSourceArtifact.getUUID())).thenReturn(artifact);
PowerMockito.when(APIUtil.hasPermission(null, APIConstants.Permissions.API_PUBLISH)).thenReturn(true);
status = apiProvider.isAPIUpdateValid(api);
Assert.assertTrue(status);
// API Status is DEPRECATED and doesn't have publish permission
api.setStatus(APIConstants.DEPRECATED);
Mockito.when(artifact.getAttribute(APIConstants.API_OVERVIEW_STATUS)).thenReturn("DEPRECATED");
// Mockito.when(artifactManager.getGenericArtifact(apiSourceArtifact.getUUID())).thenReturn(artifact);
PowerMockito.when(APIUtil.hasPermission(null, APIConstants.Permissions.API_PUBLISH)).thenReturn(false);
status = apiProvider.isAPIUpdateValid(api);
Assert.assertFalse(status);
// API Status is RETIRED and has publish permission
api.setStatus(APIConstants.RETIRED);
Mockito.when(artifact.getAttribute(APIConstants.API_OVERVIEW_STATUS)).thenReturn("RETIRED");
// Mockito.when(artifactManager.getGenericArtifact(apiSourceArtifact.getUUID())).thenReturn(artifact);
PowerMockito.when(APIUtil.hasPermission(null, APIConstants.Permissions.API_PUBLISH)).thenReturn(true);
status = apiProvider.isAPIUpdateValid(api);
Assert.assertTrue(status);
// API Status is RETIRED and doesn't have publish permission
api.setStatus(APIConstants.RETIRED);
Mockito.when(artifact.getAttribute(APIConstants.API_OVERVIEW_STATUS)).thenReturn("RETIRED");
// Mockito.when(artifactManager.getGenericArtifact(apiSourceArtifact.getUUID())).thenReturn(artifact);
PowerMockito.when(APIUtil.hasPermission(null, APIConstants.Permissions.API_PUBLISH)).thenReturn(false);
status = apiProvider.isAPIUpdateValid(api);
Assert.assertFalse(status);
}
use of org.wso2.carbon.user.api.Permission in project carbon-apimgt by wso2.
the class ApiMgtDAO method getTierPermissions.
public Set<TierPermissionDTO> getTierPermissions(int tenantId) throws APIManagementException {
Connection conn = null;
PreparedStatement ps = null;
ResultSet resultSet = null;
Set<TierPermissionDTO> tierPermissions = new HashSet<TierPermissionDTO>();
try {
String getTierPermissionQuery = SQLConstants.GET_TIER_PERMISSIONS_SQL;
conn = APIMgtDBUtil.getConnection();
ps = conn.prepareStatement(getTierPermissionQuery);
ps.setInt(1, tenantId);
resultSet = ps.executeQuery();
while (resultSet.next()) {
TierPermissionDTO tierPermission = new TierPermissionDTO();
tierPermission.setTierName(resultSet.getString("TIER"));
tierPermission.setPermissionType(resultSet.getString("PERMISSIONS_TYPE"));
String roles = resultSet.getString("ROLES");
if (roles != null && !roles.isEmpty()) {
String[] roleList = roles.split(",");
tierPermission.setRoles(roleList);
}
tierPermissions.add(tierPermission);
}
} catch (SQLException e) {
handleException("Failed to get Tier permission information ", e);
} finally {
APIMgtDBUtil.closeAllConnections(ps, conn, resultSet);
}
return tierPermissions;
}
use of org.wso2.carbon.user.api.Permission in project carbon-apimgt by wso2.
the class ApiMgtDAO method getThrottleTierPermissions.
public Set<TierPermissionDTO> getThrottleTierPermissions(int tenantId) throws APIManagementException {
Connection conn = null;
PreparedStatement ps = null;
ResultSet resultSet = null;
Set<TierPermissionDTO> tierPermissions = new HashSet<TierPermissionDTO>();
try {
String getTierPermissionQuery = SQLConstants.GET_THROTTLE_TIER_PERMISSIONS_SQL;
conn = APIMgtDBUtil.getConnection();
ps = conn.prepareStatement(getTierPermissionQuery);
ps.setInt(1, tenantId);
resultSet = ps.executeQuery();
while (resultSet.next()) {
TierPermissionDTO tierPermission = new TierPermissionDTO();
tierPermission.setTierName(resultSet.getString("TIER"));
tierPermission.setPermissionType(resultSet.getString("PERMISSIONS_TYPE"));
String roles = resultSet.getString("ROLES");
if (roles != null && !roles.isEmpty()) {
String[] roleList = roles.split(",");
tierPermission.setRoles(roleList);
}
tierPermissions.add(tierPermission);
}
} catch (SQLException e) {
handleException("Failed to get Tier permission information ", e);
} finally {
APIMgtDBUtil.closeAllConnections(ps, conn, resultSet);
}
return tierPermissions;
}
Aggregations