Example 86 with Permission
use of org.wso2.carbon.user.api.Permission in project carbon-apimgt by wso2.
the class APIUtil method setupSelfRegistration.
public void setupSelfRegistration(APIManagerConfiguration config, int tenantId) throws APIManagementException {
boolean enabled = Boolean.parseBoolean(config.getFirstProperty(APIConstants.SELF_SIGN_UP_ENABLED));
if (!enabled) {
return;
}
// Create the subscriber role as an internal role
String role = UserCoreConstants.INTERNAL_DOMAIN + CarbonConstants.DOMAIN_SEPARATOR + config.getFirstProperty(APIConstants.SELF_SIGN_UP_ROLE);
if ((UserCoreConstants.INTERNAL_DOMAIN + CarbonConstants.DOMAIN_SEPARATOR).equals(role)) {
// Required parameter missing - Throw an exception and interrupt startup
throw new APIManagementException("Required subscriber role parameter missing " + "in the self sign up configuration");
}
try {
RealmService realmService = ServiceReferenceHolder.getInstance().getRealmService();
UserRealm realm;
org.wso2.carbon.user.api.UserRealm tenantRealm;
UserStoreManager manager;
if (tenantId < 0) {
realm = realmService.getBootstrapRealm();
manager = realm.getUserStoreManager();
} else {
tenantRealm = realmService.getTenantUserRealm(tenantId);
manager = tenantRealm.getUserStoreManager();
}
if (!manager.isExistingRole(role)) {
if (log.isDebugEnabled()) {
log.debug("Creating subscriber role: " + role);
}
Permission[] subscriberPermissions = new Permission[] { new Permission("/permission/admin/login", UserMgtConstants.EXECUTE_ACTION), new Permission(APIConstants.Permissions.API_SUBSCRIBE, UserMgtConstants.EXECUTE_ACTION) };
String tenantAdminName = ServiceReferenceHolder.getInstance().getRealmService().getTenantUserRealm(tenantId).getRealmConfiguration().getAdminUserName();
String[] userList = new String[] { tenantAdminName };
manager.addRole(role, userList, subscriberPermissions);
}
} catch (UserStoreException e) {
throw new APIManagementException("Error while creating subscriber role: " + role + " - " + "Self registration might not function properly.", e);
}
}
Also used :
UserStoreManager(org.wso2.carbon.user.api.UserStoreManager)
AbstractUserStoreManager(org.wso2.carbon.user.core.common.AbstractUserStoreManager)
APIManagementException(org.wso2.carbon.apimgt.api.APIManagementException)
UserRealm(org.wso2.carbon.user.core.UserRealm)
RealmService(org.wso2.carbon.user.core.service.RealmService)
Permission(org.wso2.carbon.user.api.Permission)
UserStoreException(org.wso2.carbon.user.api.UserStoreException)
Example 87 with Permission
use of org.wso2.carbon.user.api.Permission in project carbon-apimgt by wso2.
the class APIUtil method hasPermission.
/**
* Checks whether the specified user has the specified permission.
*
* @param userNameWithoutChange A username
* @param permission A valid Carbon permission
* @throws APIManagementException If the user does not have the specified permission or if an error occurs
*/
public static boolean hasPermission(String userNameWithoutChange, String permission) throws APIManagementException {
boolean authorized = false;
if (userNameWithoutChange == null) {
throw new APIManagementException("Attempt to execute privileged operation as" + " the anonymous user");
}
if (isPermissionCheckDisabled()) {
log.debug("Permission verification is disabled by APIStore configuration");
authorized = true;
return authorized;
}
if (APIConstants.Permissions.APIM_ADMIN.equals(permission)) {
Integer value = getValueFromCache(APIConstants.API_PUBLISHER_ADMIN_PERMISSION_CACHE, userNameWithoutChange);
if (value != null) {
return value == 1;
}
}
String tenantDomain = MultitenantUtils.getTenantDomain(userNameWithoutChange);
PrivilegedCarbonContext.startTenantFlow();
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(tenantDomain, true);
try {
int tenantId = ServiceReferenceHolder.getInstance().getRealmService().getTenantManager().getTenantId(tenantDomain);
if (!org.wso2.carbon.utils.multitenancy.MultitenantConstants.SUPER_TENANT_DOMAIN_NAME.equals(tenantDomain)) {
org.wso2.carbon.user.api.AuthorizationManager manager = ServiceReferenceHolder.getInstance().getRealmService().getTenantUserRealm(tenantId).getAuthorizationManager();
authorized = manager.isUserAuthorized(MultitenantUtils.getTenantAwareUsername(userNameWithoutChange), permission, CarbonConstants.UI_PERMISSION_ACTION);
} else {
// store), the user realm will be null.
if (ServiceReferenceHolder.getUserRealm() == null) {
ServiceReferenceHolder.setUserRealm((UserRealm) ServiceReferenceHolder.getInstance().getRealmService().getTenantUserRealm(tenantId));
}
authorized = AuthorizationManager.getInstance().isUserAuthorized(MultitenantUtils.getTenantAwareUsername(userNameWithoutChange), permission);
}
if (APIConstants.Permissions.APIM_ADMIN.equals(permission)) {
addToRolesCache(APIConstants.API_PUBLISHER_ADMIN_PERMISSION_CACHE, userNameWithoutChange, authorized ? 1 : 2);
}
} catch (UserStoreException e) {
throw new APIManagementException("Error while checking the user:" + userNameWithoutChange + " authorized or not", e);
} finally {
PrivilegedCarbonContext.endTenantFlow();
}
return authorized;
}
Also used :
BigInteger(java.math.BigInteger)
APIManagementException(org.wso2.carbon.apimgt.api.APIManagementException)
UserStoreException(org.wso2.carbon.user.api.UserStoreException)
Endpoint(org.wso2.carbon.governance.api.endpoints.dataobjects.Endpoint)
Example 88 with Permission
use of org.wso2.carbon.user.api.Permission in project carbon-apimgt by wso2.
the class APIUtil method setFilePermission.
/**
* Sets permission for uploaded file resource.
*
* @param filePath Registry path for the uploaded file
* @throws APIManagementException
*/
public static void setFilePermission(String filePath) throws APIManagementException {
try {
String filePathString = filePath.replaceFirst("/registry/resource/", "");
org.wso2.carbon.user.api.AuthorizationManager accessControlAdmin = ServiceReferenceHolder.getInstance().getRealmService().getTenantUserRealm(MultitenantConstants.SUPER_TENANT_ID).getAuthorizationManager();
if (!accessControlAdmin.isRoleAuthorized(CarbonConstants.REGISTRY_ANONNYMOUS_ROLE_NAME, filePathString, ActionConstants.GET)) {
accessControlAdmin.authorizeRole(CarbonConstants.REGISTRY_ANONNYMOUS_ROLE_NAME, filePathString, ActionConstants.GET);
}
} catch (UserStoreException e) {
throw new APIManagementException("Error while setting up permissions for file location", e);
}
}
Also used :
APIManagementException(org.wso2.carbon.apimgt.api.APIManagementException)
UserStoreException(org.wso2.carbon.user.api.UserStoreException)
Example 89 with Permission
use of org.wso2.carbon.user.api.Permission in project carbon-apimgt by wso2.
the class APIUtil method updatePermissionCache.
/**
* This method will update the permission cache of the tenant which is related to the given usename
*
* @param username User name to find the relevant tenant
* @throws UserStoreException if the permission update failed
*/
public static void updatePermissionCache(String username) throws UserStoreException {
String tenantDomain = MultitenantUtils.getTenantDomain(username);
int tenantId = ServiceReferenceHolder.getInstance().getRealmService().getTenantManager().getTenantId(tenantDomain);
PermissionUpdateUtil.updatePermissionTree(tenantId);
}
Also used :
Endpoint(org.wso2.carbon.governance.api.endpoints.dataobjects.Endpoint)
Example 90 with Permission
use of org.wso2.carbon.user.api.Permission in project carbon-apimgt by wso2.
the class ThrottlingApiServiceImpl method updatePolicyPermissions.
/**
* Update APIM with the subscription throttle policy permission
*
* @param body subscription throttle policy
* @throws APIManagementException when there are validation errors or error while updating the permissions
*/
private void updatePolicyPermissions(SubscriptionThrottlePolicyDTO body) throws APIManagementException {
APIProvider apiProvider = RestApiCommonUtil.getLoggedInUserProvider();
SubscriptionThrottlePolicyPermissionDTO policyPermissions = body.getPermissions();
if (policyPermissions != null) {
if (policyPermissions.getRoles().size() > 0) {
String roles = StringUtils.join(policyPermissions.getRoles(), ",");
String permissionType;
if (policyPermissions.getPermissionType() == SubscriptionThrottlePolicyPermissionDTO.PermissionTypeEnum.ALLOW) {
permissionType = APIConstants.TIER_PERMISSION_ALLOW;
} else {
permissionType = APIConstants.TIER_PERMISSION_DENY;
}
apiProvider.updateThrottleTierPermissions(body.getPolicyName(), permissionType, roles);
} else {
throw new APIManagementException(ExceptionCodes.ROLES_CANNOT_BE_EMPTY);
}
} else {
apiProvider.deleteTierPermissions(body.getPolicyName());
}
}
Also used :
APIManagementException(org.wso2.carbon.apimgt.api.APIManagementException)
APIProvider(org.wso2.carbon.apimgt.api.APIProvider)
Aggregations
APIManagementException (org.wso2.carbon.apimgt.api.APIManagementException)29
HashSet (java.util.HashSet)18
HashMap (java.util.HashMap)17
ArrayList (java.util.ArrayList)16
Test (org.testng.annotations.Test)16
Policy (org.wso2.carbon.apimgt.core.models.policy.Policy)16
Test (org.junit.Test)15
PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)15
API (org.wso2.carbon.apimgt.core.models.API)15
ApplicationPolicy (org.wso2.carbon.apimgt.core.models.policy.ApplicationPolicy)15
SubscriptionPolicy (org.wso2.carbon.apimgt.core.models.policy.SubscriptionPolicy)15
UserStoreException (org.wso2.carbon.user.api.UserStoreException)13
Map (java.util.Map)12
Resource (org.wso2.carbon.registry.core.Resource)12
UserRegistry (org.wso2.carbon.registry.core.session.UserRegistry)12
API (org.wso2.carbon.apimgt.api.model.API)11
APIManagementException (org.wso2.carbon.apimgt.core.exception.APIManagementException)10
APIPolicy (org.wso2.carbon.apimgt.core.models.policy.APIPolicy)9
RegistryException (org.wso2.carbon.registry.core.exceptions.RegistryException)9
BusinessInformation (org.wso2.carbon.apimgt.core.models.BusinessInformation)8
