Example 11 with Permission
use of org.wso2.carbon.user.api.Permission in project carbon-apimgt by wso2.
the class ApplicationsApiServiceImplTestCase method testApplicationsApplicationIdPutErrorCase.
@Test
public void testApplicationsApplicationIdPutErrorCase() throws APIManagementException, NotFoundException {
TestUtil.printTestMethodName();
String applicationId = UUID.randomUUID().toString();
String accessToken = UUID.randomUUID().toString();
String clientID = UUID.randomUUID().toString();
String clientSecret = UUID.randomUUID().toString();
ApplicationsApiServiceImpl applicationsApiService = new ApplicationsApiServiceImpl();
APIStore apiStore = Mockito.mock(APIStoreImpl.class);
PowerMockito.mockStatic(RestApiUtil.class);
PowerMockito.when(RestApiUtil.getConsumer(USER)).thenReturn(apiStore);
Request request = getRequest();
PowerMockito.when(RestApiUtil.getLoggedInUsername(request)).thenReturn(USER);
ApplicationTokenDTO applicationTokenDTO = new ApplicationTokenDTO();
applicationTokenDTO.setAccessToken(accessToken);
applicationTokenDTO.setTokenScopes("SCOPE1");
applicationTokenDTO.setValidityTime((long) 100000);
List<String> grantTypes = new ArrayList<>();
grantTypes.add("password");
grantTypes.add("jwt");
ApplicationKeysDTO applicationKeysDTO = new ApplicationKeysDTO();
applicationKeysDTO.setConsumerKey(clientID);
applicationKeysDTO.setConsumerSecret(clientSecret);
applicationKeysDTO.setKeyType(ApplicationKeysDTO.KeyTypeEnum.PRODUCTION);
applicationKeysDTO.setCallbackUrl(null);
applicationKeysDTO.setSupportedGrantTypes(grantTypes);
List<ApplicationKeysDTO> applicationKeysDTOList = new ArrayList<>();
applicationKeysDTOList.add(applicationKeysDTO);
ApplicationDTO applicationDTO = new ApplicationDTO();
applicationDTO.setApplicationId(applicationId);
applicationDTO.setDescription("sample application");
applicationDTO.setName("app1");
applicationDTO.setSubscriber("subscriber");
applicationDTO.setPermission("permission");
applicationDTO.setLifeCycleStatus("APPROVED");
applicationDTO.setThrottlingTier("UNLIMITED");
applicationDTO.setToken(applicationTokenDTO);
applicationDTO.setKeys(applicationKeysDTOList);
WorkflowResponse workflowResponse = new GeneralWorkflowResponse();
workflowResponse.setWorkflowStatus(WorkflowStatus.APPROVED);
Mockito.when(apiStore.getApplication(applicationId, USER)).thenReturn(getSampleApplication(applicationId));
Mockito.doThrow(new APIManagementException("Error Occurred", ExceptionCodes.INTERNAL_ERROR)).when(apiStore).updateApplication(applicationId, getSampleApplication(applicationId));
Response response = applicationsApiService.applicationsApplicationIdPut(applicationId, applicationDTO, null, null, request);
Assert.assertEquals(500, response.getStatus());
}
Also used :
ApplicationDTO(org.wso2.carbon.apimgt.rest.api.store.dto.ApplicationDTO)
ApplicationTokenDTO(org.wso2.carbon.apimgt.rest.api.store.dto.ApplicationTokenDTO)
Request(org.wso2.msf4j.Request)
ArrayList(java.util.ArrayList)
GeneralWorkflowResponse(org.wso2.carbon.apimgt.core.workflow.GeneralWorkflowResponse)
WorkflowResponse(org.wso2.carbon.apimgt.core.api.WorkflowResponse)
GeneralWorkflowResponse(org.wso2.carbon.apimgt.core.workflow.GeneralWorkflowResponse)
ApplicationCreationResponse(org.wso2.carbon.apimgt.core.workflow.ApplicationCreationResponse)
Response(javax.ws.rs.core.Response)
ApplicationKeysDTO(org.wso2.carbon.apimgt.rest.api.store.dto.ApplicationKeysDTO)
APIManagementException(org.wso2.carbon.apimgt.core.exception.APIManagementException)
WorkflowResponse(org.wso2.carbon.apimgt.core.api.WorkflowResponse)
GeneralWorkflowResponse(org.wso2.carbon.apimgt.core.workflow.GeneralWorkflowResponse)
APIStore(org.wso2.carbon.apimgt.core.api.APIStore)
PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest)
Test(org.junit.Test)
Example 12 with Permission
use of org.wso2.carbon.user.api.Permission in project carbon-apimgt by wso2.
the class ApplicationsApiServiceImplTestCase method getSampleApplication.
private Application getSampleApplication(String applicationId) {
String accessToken = UUID.randomUUID().toString();
String clientID = UUID.randomUUID().toString();
String clientSecret = UUID.randomUUID().toString();
ApplicationTokenDTO applicationTokenDTO = new ApplicationTokenDTO();
applicationTokenDTO.setAccessToken(accessToken);
applicationTokenDTO.setTokenScopes("SCOPE1");
applicationTokenDTO.setValidityTime((long) 100000);
List<String> grantTypes = new ArrayList<>();
grantTypes.add("password");
grantTypes.add("jwt");
ApplicationKeysDTO applicationKeysDTO = new ApplicationKeysDTO();
applicationKeysDTO.setConsumerKey(clientID);
applicationKeysDTO.setConsumerSecret(clientSecret);
applicationKeysDTO.setKeyType(ApplicationKeysDTO.KeyTypeEnum.PRODUCTION);
applicationKeysDTO.setCallbackUrl(null);
applicationKeysDTO.setSupportedGrantTypes(grantTypes);
List<ApplicationKeysDTO> applicationKeysDTOList = new ArrayList<>();
applicationKeysDTOList.add(applicationKeysDTO);
ApplicationDTO applicationDTO = new ApplicationDTO();
applicationDTO.setApplicationId(applicationId);
applicationDTO.setDescription("sample application");
applicationDTO.setName("app1");
applicationDTO.setSubscriber("subscriber");
applicationDTO.setPermission("permission");
applicationDTO.setLifeCycleStatus("APPROVED");
applicationDTO.setThrottlingTier("UNLIMITED");
applicationDTO.setToken(applicationTokenDTO);
applicationDTO.setKeys(applicationKeysDTOList);
return ApplicationMappingUtil.fromDTOtoApplication(applicationDTO, USER);
}
Also used :
ApplicationDTO(org.wso2.carbon.apimgt.rest.api.store.dto.ApplicationDTO)
ApplicationTokenDTO(org.wso2.carbon.apimgt.rest.api.store.dto.ApplicationTokenDTO)
ApplicationKeysDTO(org.wso2.carbon.apimgt.rest.api.store.dto.ApplicationKeysDTO)
ArrayList(java.util.ArrayList)
Example 13 with Permission
use of org.wso2.carbon.user.api.Permission in project carbon-apimgt by wso2.
the class APIPublisherImpl method replaceGroupNamesWithId.
/**
* This method replaces the groupId field's value to the role id instead of the name passed by the user
*
* @param permissionString - the permission json string which contains role names in groupId field
* @return permission string with replaced groupId
* @throws ParseException - if there is an error parsing the json string
* @throws APIManagementException - if there is an error getting the IdentityProvider instance
*/
private String replaceGroupNamesWithId(String permissionString) throws ParseException, APIManagementException {
JSONArray updatedPermissionArray = new JSONArray();
JSONParser jsonParser = new JSONParser();
JSONArray originalPermissionArray = (JSONArray) jsonParser.parse(permissionString);
try {
for (Object permissionObj : originalPermissionArray) {
JSONObject jsonObject = (JSONObject) permissionObj;
String groupName = (String) jsonObject.get(APIMgtConstants.Permission.GROUP_ID);
String groupId = getIdentityProvider().getRoleId(groupName);
JSONObject updatedPermissionJsonObj = new JSONObject();
updatedPermissionJsonObj.put(APIMgtConstants.Permission.GROUP_ID, groupId);
updatedPermissionJsonObj.put(APIMgtConstants.Permission.PERMISSION, jsonObject.get(APIMgtConstants.Permission.PERMISSION));
updatedPermissionArray.add(updatedPermissionJsonObj);
}
} catch (IdentityProviderException e) {
String errorMessage = "There are invalid roles in the permission string";
log.error(errorMessage, e);
throw new APIManagementException(errorMessage, e, ExceptionCodes.UNSUPPORTED_ROLE);
}
return updatedPermissionArray.toJSONString();
}
Also used :
JSONObject(org.json.simple.JSONObject)
APIManagementException(org.wso2.carbon.apimgt.core.exception.APIManagementException)
JSONArray(org.json.simple.JSONArray)
JSONParser(org.json.simple.parser.JSONParser)
JSONObject(org.json.simple.JSONObject)
IdentityProviderException(org.wso2.carbon.apimgt.core.exception.IdentityProviderException)
Example 14 with Permission
use of org.wso2.carbon.user.api.Permission in project carbon-apimgt by wso2.
the class APIPublisherImpl method updateAPI.
/**
* Updates design and implementation of an existing API. This method must not be used to change API status.
* Implementations should throw an exceptions when such attempts are made. All life cycle state changes
* should be carried out using the changeAPIStatus method of this interface.
*
* @param apiBuilder {@code org.wso2.carbon.apimgt.core.models.API.APIBuilder} model object
* @throws APIManagementException if failed to update API
*/
@Override
public void updateAPI(API.APIBuilder apiBuilder) throws APIManagementException {
APIGateway gateway = getApiGateway();
apiBuilder.provider(getUsername());
apiBuilder.updatedBy(getUsername());
try {
API originalAPI = getAPIbyUUID(apiBuilder.getId());
if (originalAPI != null) {
// Checks whether the logged in user has the "UPDATE" permission for the API
verifyUserPermissionsToUpdateAPI(getUsername(), originalAPI);
apiBuilder.createdTime(originalAPI.getCreatedTime());
// workflow status is an internal property and shouldn't be allowed to update externally
apiBuilder.workflowStatus(originalAPI.getWorkflowStatus());
if ((originalAPI.getName().equals(apiBuilder.getName())) && (originalAPI.getVersion().equals(apiBuilder.getVersion())) && (originalAPI.getProvider().equals(apiBuilder.getProvider())) && originalAPI.getLifeCycleStatus().equalsIgnoreCase(apiBuilder.getLifeCycleStatus())) {
if (!StringUtils.isEmpty(apiBuilder.getApiPermission())) {
apiBuilder.apiPermission(replaceGroupNamesWithId(apiBuilder.getApiPermission()));
Map<String, Integer> roleNamePermissionList;
roleNamePermissionList = getAPIPermissionArray(apiBuilder.getApiPermission());
apiBuilder.permissionMap(roleNamePermissionList);
}
Map<String, Endpoint> apiEndpointMap = apiBuilder.getEndpoint();
validateEndpoints(apiEndpointMap, true);
validateLabels(apiBuilder.getLabels(), originalAPI.hasOwnGateway());
createUriTemplateList(apiBuilder, true);
validateApiPolicy(apiBuilder.getApiPolicy());
validateSubscriptionPolicies(apiBuilder);
String updatedSwagger = apiDefinitionFromSwagger20.generateMergedResourceDefinition(getApiDAO().getApiSwaggerDefinition(apiBuilder.getId()), apiBuilder.build());
String gatewayConfig = getApiGatewayConfig(apiBuilder.getId());
GatewaySourceGenerator gatewaySourceGenerator = getGatewaySourceGenerator();
APIConfigContext apiConfigContext = new APIConfigContext(apiBuilder.build(), config.getGatewayPackageName());
gatewaySourceGenerator.setApiConfigContext(apiConfigContext);
String updatedGatewayConfig = gatewaySourceGenerator.getGatewayConfigFromSwagger(gatewayConfig, updatedSwagger);
API api = apiBuilder.build();
// Add API to gateway
gateway.updateAPI(api);
if (log.isDebugEnabled()) {
log.debug("API : " + apiBuilder.getName() + " has been successfully updated in gateway");
}
if (originalAPI.getContext() != null && !originalAPI.getContext().equals(apiBuilder.getContext())) {
if (!checkIfAPIContextExists(api.getContext())) {
// if the API has public visibility, update the API without any role checking
if (API.Visibility.PUBLIC == api.getVisibility()) {
getApiDAO().updateAPI(api.getId(), api);
} else if (API.Visibility.RESTRICTED == api.getVisibility()) {
// get all the roles in the system
Set<String> availableRoles = APIUtils.getAllAvailableRoles();
// get the roles needed to be associated with the API
Set<String> apiRoleList = api.getVisibleRoles();
// if the API has role based visibility, update the API with role checking
if (APIUtils.checkAllowedRoles(availableRoles, apiRoleList)) {
getApiDAO().updateAPI(api.getId(), api);
}
}
getApiDAO().updateApiDefinition(api.getId(), updatedSwagger, api.getUpdatedBy());
getApiDAO().updateGatewayConfig(api.getId(), updatedGatewayConfig, api.getUpdatedBy());
} else {
throw new APIManagementException("Context already Exist", ExceptionCodes.API_ALREADY_EXISTS);
}
} else {
// if the API has public visibility, update the API without any role checking
if (API.Visibility.PUBLIC == api.getVisibility()) {
getApiDAO().updateAPI(api.getId(), api);
} else if (API.Visibility.RESTRICTED == api.getVisibility()) {
// get all the roles in the system
Set<String> allAvailableRoles = APIUtils.getAllAvailableRoles();
// get the roles needed to be associated with the API
Set<String> apiRoleList = api.getVisibleRoles();
// if the API has role based visibility, update the API with role checking
if (APIUtils.checkAllowedRoles(allAvailableRoles, apiRoleList)) {
getApiDAO().updateAPI(api.getId(), api);
}
}
getApiDAO().updateApiDefinition(api.getId(), updatedSwagger, api.getUpdatedBy());
getApiDAO().updateGatewayConfig(api.getId(), updatedGatewayConfig, api.getUpdatedBy());
}
if (log.isDebugEnabled()) {
log.debug("API " + api.getName() + "-" + api.getVersion() + " was updated successfully.");
// 'API_M Functions' related code
// Create a payload with event specific details
Map<String, String> eventPayload = new HashMap<>();
eventPayload.put(APIMgtConstants.FunctionsConstants.API_ID, api.getId());
eventPayload.put(APIMgtConstants.FunctionsConstants.API_NAME, api.getName());
eventPayload.put(APIMgtConstants.FunctionsConstants.API_VERSION, api.getVersion());
eventPayload.put(APIMgtConstants.FunctionsConstants.API_DESCRIPTION, api.getDescription());
eventPayload.put(APIMgtConstants.FunctionsConstants.API_CONTEXT, api.getContext());
eventPayload.put(APIMgtConstants.FunctionsConstants.API_LC_STATUS, api.getLifeCycleStatus());
// This will notify all the EventObservers(Asynchronous)
ObserverNotifier observerNotifier = new ObserverNotifier(Event.API_UPDATE, getUsername(), ZonedDateTime.now(ZoneOffset.UTC), eventPayload, this);
ObserverNotifierThreadPool.getInstance().executeTask(observerNotifier);
}
} else {
APIUtils.verifyValidityOfApiUpdate(apiBuilder, originalAPI);
}
} else {
log.error("Couldn't found API with ID " + apiBuilder.getId());
throw new APIManagementException("Couldn't found API with ID " + apiBuilder.getId(), ExceptionCodes.API_NOT_FOUND);
}
} catch (APIMgtDAOException e) {
String errorMsg = "Error occurred while updating the API - " + apiBuilder.getName();
log.error(errorMsg, e);
throw new APIManagementException(errorMsg, e, e.getErrorHandler());
} catch (ParseException e) {
String errorMsg = "Error occurred while parsing the permission json from swagger - " + apiBuilder.getName();
log.error(errorMsg, e);
throw new APIManagementException(errorMsg, e, ExceptionCodes.SWAGGER_PARSE_EXCEPTION);
} catch (GatewayException e) {
String message = "Error occurred while updating API - " + apiBuilder.getName() + " in gateway";
log.error(message, e);
throw new APIManagementException(message, ExceptionCodes.GATEWAY_EXCEPTION);
}
}
Also used :
APIMgtDAOException(org.wso2.carbon.apimgt.core.exception.APIMgtDAOException)
Set(java.util.Set)
HashSet(java.util.HashSet)
HashMap(java.util.HashMap)
GatewaySourceGenerator(org.wso2.carbon.apimgt.core.api.GatewaySourceGenerator)
Endpoint(org.wso2.carbon.apimgt.core.models.Endpoint)
APIManagementException(org.wso2.carbon.apimgt.core.exception.APIManagementException)
GatewayException(org.wso2.carbon.apimgt.core.exception.GatewayException)
API(org.wso2.carbon.apimgt.core.models.API)
APIGateway(org.wso2.carbon.apimgt.core.api.APIGateway)
ParseException(org.json.simple.parser.ParseException)
APIConfigContext(org.wso2.carbon.apimgt.core.template.APIConfigContext)
Example 15 with Permission
use of org.wso2.carbon.user.api.Permission in project carbon-apimgt by wso2.
the class APIPublisherImpl method getAPIPermissionArray.
/**
* This method will return map with role names and its permission values.
*
* @param permissionJsonString Permission json object a string
* @return Map of permission values.
* @throws ParseException If failed to parse the json string.
*/
private HashMap<String, Integer> getAPIPermissionArray(String permissionJsonString) throws ParseException, APIManagementException {
HashMap<String, Integer> rolePermissionList = new HashMap<String, Integer>();
JSONParser jsonParser = new JSONParser();
JSONArray baseJsonArray = (JSONArray) jsonParser.parse(permissionJsonString);
for (Object aBaseJsonArray : baseJsonArray) {
JSONObject jsonObject = (JSONObject) aBaseJsonArray;
String groupId = jsonObject.get(APIMgtConstants.Permission.GROUP_ID).toString();
JSONArray subJsonArray = (JSONArray) jsonObject.get(APIMgtConstants.Permission.PERMISSION);
int totalPermissionValue = 0;
for (Object aSubJsonArray : subJsonArray) {
if (APIMgtConstants.Permission.READ.equals(aSubJsonArray.toString().trim())) {
totalPermissionValue += APIMgtConstants.Permission.READ_PERMISSION;
} else if (APIMgtConstants.Permission.UPDATE.equals(aSubJsonArray.toString().trim())) {
totalPermissionValue += APIMgtConstants.Permission.UPDATE_PERMISSION;
} else if (APIMgtConstants.Permission.DELETE.equals(aSubJsonArray.toString().trim())) {
totalPermissionValue += APIMgtConstants.Permission.DELETE_PERMISSION;
} else if (APIMgtConstants.Permission.MANAGE_SUBSCRIPTION.equals(aSubJsonArray.toString().trim())) {
totalPermissionValue += APIMgtConstants.Permission.MANAGE_SUBSCRIPTION_PERMISSION;
}
}
rolePermissionList.put(groupId, totalPermissionValue);
}
return rolePermissionList;
}
Also used :
JSONObject(org.json.simple.JSONObject)
HashMap(java.util.HashMap)
JSONArray(org.json.simple.JSONArray)
JSONParser(org.json.simple.parser.JSONParser)
JSONObject(org.json.simple.JSONObject)
Endpoint(org.wso2.carbon.apimgt.core.models.Endpoint)
Aggregations
APIManagementException (org.wso2.carbon.apimgt.api.APIManagementException)29
HashSet (java.util.HashSet)18
HashMap (java.util.HashMap)17
ArrayList (java.util.ArrayList)16
Test (org.testng.annotations.Test)16
Policy (org.wso2.carbon.apimgt.core.models.policy.Policy)16
Test (org.junit.Test)15
PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)15
API (org.wso2.carbon.apimgt.core.models.API)15
ApplicationPolicy (org.wso2.carbon.apimgt.core.models.policy.ApplicationPolicy)15
SubscriptionPolicy (org.wso2.carbon.apimgt.core.models.policy.SubscriptionPolicy)15
UserStoreException (org.wso2.carbon.user.api.UserStoreException)13
Map (java.util.Map)12
Resource (org.wso2.carbon.registry.core.Resource)12
UserRegistry (org.wso2.carbon.registry.core.session.UserRegistry)12
API (org.wso2.carbon.apimgt.api.model.API)11
APIManagementException (org.wso2.carbon.apimgt.core.exception.APIManagementException)10
APIPolicy (org.wso2.carbon.apimgt.core.models.policy.APIPolicy)9
RegistryException (org.wso2.carbon.registry.core.exceptions.RegistryException)9
BusinessInformation (org.wso2.carbon.apimgt.core.models.BusinessInformation)8
