Examples with Permission org.wso2.carbon.user.api.Permission used on opensource projects

Example 76 with Permission

use of org.wso2.carbon.user.api.Permission in project carbon-apimgt by wso2.

the class ApiMgtDAO method getTierPermission.

public TierPermissionDTO getTierPermission(String tierName, int tenantId) throws APIManagementException {
    Connection conn = null;
    PreparedStatement ps = null;
    ResultSet resultSet = null;
    TierPermissionDTO tierPermission = null;
    try {
        String getTierPermissionQuery = SQLConstants.GET_PERMISSION_OF_TIER_SQL;
        conn = APIMgtDBUtil.getConnection();
        ps = conn.prepareStatement(getTierPermissionQuery);
        ps.setString(1, tierName);
        ps.setInt(2, tenantId);
        resultSet = ps.executeQuery();
        while (resultSet.next()) {
            tierPermission = new TierPermissionDTO();
            tierPermission.setTierName(tierName);
            tierPermission.setPermissionType(resultSet.getString("PERMISSIONS_TYPE"));
            String roles = resultSet.getString("ROLES");
            if (roles != null) {
                String[] roleList = roles.split(",");
                tierPermission.setRoles(roleList);
            }
        }
    } catch (SQLException e) {
        handleException("Failed to get Tier permission information for Tier " + tierName, e);
    } finally {
        APIMgtDBUtil.closeAllConnections(ps, conn, resultSet);
    }
    return tierPermission;
}

Example 77 with Permission

use of org.wso2.carbon.user.api.Permission in project carbon-apimgt by wso2.

the class RestApiUtilTest method testHandleAuthorizationFailureArg.

@Test
public void testHandleAuthorizationFailureArg() {
    String apiId = "testapiid_4567ui456789";
    String expectedErrormessage = "You don't have permission to access the " + RestApiConstants.RESOURCE_API + " " + "with Id " + apiId;
    APIManagementException apiManagementException = new APIManagementException("API management exception test");
    Log log = Mockito.mock(Log.class);
    PowerMockito.mockStatic(LogFactory.class);
    PowerMockito.when(LogFactory.getLog(Mockito.any(Class.class))).thenReturn(log);
    try {
        RestApiUtil.handleAuthorizationFailure(RestApiConstants.RESOURCE_API, apiId, apiManagementException, log);
    } catch (ForbiddenException exception) {
        Assert.assertEquals(expectedErrormessage, exception.getMessage());
        Mockito.verify(log).error(expectedErrormessage, apiManagementException);
    }
}

Example 78 with Permission

use of org.wso2.carbon.user.api.Permission in project carbon-apimgt by wso2.

the class RestApiUtilTest method testbuildForbiddenException.

@Test
public void testbuildForbiddenException() {
    String apiId = "TesT_API_ID_45678";
    String expectedErrormessage = "You don't have permission to access the " + RestApiConstants.RESOURCE_API + " " + "with Id " + apiId;
    ForbiddenException forbiddenException = RestApiUtil.buildForbiddenException(RestApiConstants.RESOURCE_API, apiId);
    Assert.assertEquals(expectedErrormessage, forbiddenException.getMessage());
}

Example 79 with Permission

use of org.wso2.carbon.user.api.Permission in project carbon-apimgt by wso2.

the class RestApiUtilTest method testbuildForbiddenExceptionWithEmptyID.

@Test
public void testbuildForbiddenExceptionWithEmptyID() {
    String expectedErrormessage = "You don't have permission to access the " + RestApiConstants.RESOURCE_API;
    ForbiddenException forbiddenException = RestApiUtil.buildForbiddenException(RestApiConstants.RESOURCE_API, "");
    Assert.assertEquals(expectedErrormessage, forbiddenException.getMessage());
}

Example 80 with Permission

use of org.wso2.carbon.user.api.Permission in project carbon-apimgt by wso2.

the class APIProviderImpl method isAPIUpdateValid.

public boolean isAPIUpdateValid(API api) throws APIManagementException {
    String apiSourcePath = APIUtil.getAPIPath(api.getId());
    boolean isValid = false;
    try {
        Resource apiSourceArtifact = registry.get(apiSourcePath);
        GenericArtifactManager artifactManager = APIUtil.getArtifactManager(registry, APIConstants.API_KEY);
        if (artifactManager == null) {
            String errorMessage = "Failed to retrieve artifact manager when checking validity of API update for " + api.getId().getApiName();
            log.error(errorMessage);
            throw new APIManagementException(errorMessage);
        }
        GenericArtifact artifact = artifactManager.getGenericArtifact(apiSourceArtifact.getUUID());
        String status = APIUtil.getLcStateFromArtifact(artifact);
        if (!APIConstants.CREATED.equals(status) && !APIConstants.PROTOTYPED.equals(status)) {
            // api at least is in published status
            if (APIUtil.hasPermission(getUserNameWithoutChange(), APIConstants.Permissions.API_PUBLISH)) {
                // user has publish permission
                isValid = true;
            }
        } else if (APIConstants.CREATED.equals(status) || APIConstants.PROTOTYPED.equals(status)) {
            // api in create status
            if (APIUtil.hasPermission(getUserNameWithoutChange(), APIConstants.Permissions.API_CREATE) || APIUtil.hasPermission(getUserNameWithoutChange(), APIConstants.Permissions.API_PUBLISH)) {
                // user has creat or publish permission
                isValid = true;
            }
        }
    } catch (RegistryException ex) {
        handleException("Error while validate user for API publishing", ex);
    }
    return isValid;
}