Examples with Permission org.wso2.carbon.user.api.Permission used on opensource projects

Example 16 with Permission

use of org.wso2.carbon.user.api.Permission in project carbon-apimgt by wso2.

the class APIPublisherImpl method replaceGroupIdWithName.

/**
 * This method replaces the groupId field's value of the api permissions string to the role name before sending to
 * frontend
 *
 * @param permissionString - permissions string containing role ids in the groupId field
 * @return the permission string replacing the groupId field's value to role name
 * @throws ParseException         - if there is an error parsing the permission json
 * @throws APIManagementException - if there is an error getting the IdentityProvider instance
 */
private String replaceGroupIdWithName(String permissionString) throws ParseException, APIManagementException {
    JSONArray updatedPermissionArray = new JSONArray();
    JSONParser jsonParser = new JSONParser();
    JSONArray originalPermissionArray = (JSONArray) jsonParser.parse(permissionString);
    for (Object permissionObj : originalPermissionArray) {
        JSONObject jsonObject = (JSONObject) permissionObj;
        String groupId = (String) jsonObject.get(APIMgtConstants.Permission.GROUP_ID);
        try {
            String groupName = getIdentityProvider().getRoleName(groupId);
            JSONObject updatedPermissionJsonObj = new JSONObject();
            updatedPermissionJsonObj.put(APIMgtConstants.Permission.GROUP_ID, groupName);
            updatedPermissionJsonObj.put(APIMgtConstants.Permission.PERMISSION, jsonObject.get(APIMgtConstants.Permission.PERMISSION));
            updatedPermissionArray.add(updatedPermissionJsonObj);
        } catch (IdentityProviderException e) {
            // lets the execution continue after logging the exception
            String errorMessage = "Error occurred while calling SCIM endpoint to retrieve role name of role " + "with Id " + groupId;
            log.warn(errorMessage, e);
        }
    }
    return updatedPermissionArray.toJSONString();
}

Example 17 with Permission

use of org.wso2.carbon.user.api.Permission in project carbon-apimgt by wso2.

the class APIStoreImpl method addApplication.

@Override
public ApplicationCreationResponse addApplication(Application application) throws APIManagementException {
    ApplicationCreationResponse applicationResponse = null;
    try {
        if (getApplicationDAO().isApplicationNameExists(application.getName())) {
            String message = "An application already exists with a duplicate name - " + application.getName();
            log.error(message);
            throw new APIMgtResourceAlreadyExistsException(message, ExceptionCodes.APPLICATION_ALREADY_EXISTS);
        }
        // Tier validation
        Policy tier = application.getPolicy();
        if (tier == null) {
            String message = "Tier name cannot be null - " + application.getName();
            log.error(message);
            throw new APIManagementException(message, ExceptionCodes.TIER_CANNOT_BE_NULL);
        } else {
            Policy policy = getPolicyDAO().getSimplifiedPolicyByLevelAndName(APIMgtAdminService.PolicyLevel.application, tier.getPolicyName());
            if (policy == null) {
                String message = "Specified tier " + tier.getPolicyName() + " is invalid";
                log.error(message);
                throw new APIManagementException(message, ExceptionCodes.TIER_CANNOT_BE_NULL);
            }
            application.setPolicy(policy);
        }
        // Generate UUID for application
        String generatedUuid = UUID.randomUUID().toString();
        application.setId(generatedUuid);
        String permissionString = application.getPermissionString();
        if (permissionString != null && !("").equals(permissionString)) {
            HashMap roleNamePermissionList;
            roleNamePermissionList = getAPIPermissionArray(permissionString);
            application.setPermissionMap(roleNamePermissionList);
        }
        application.setCreatedTime(LocalDateTime.now());
        getApplicationDAO().addApplication(application);
        WorkflowExecutor appCreationWFExecutor = WorkflowExecutorFactory.getInstance().getWorkflowExecutor(WorkflowConstants.WF_TYPE_AM_APPLICATION_CREATION);
        ApplicationCreationWorkflow workflow = new ApplicationCreationWorkflow(getApplicationDAO(), getWorkflowDAO(), getApiGateway());
        workflow.setApplication(application);
        workflow.setCreatedBy(getUsername());
        workflow.setWorkflowReference(application.getId());
        workflow.setExternalWorkflowReference(UUID.randomUUID().toString());
        workflow.setCreatedTime(LocalDateTime.now());
        String workflowDescription = "Application [ " + application.getName() + " ] creation request from application creator - " + getUsername() + " with throttling tier - " + tier.getPolicyName() + "";
        workflow.setWorkflowDescription(workflowDescription);
        WorkflowResponse response = appCreationWFExecutor.execute(workflow);
        workflow.setStatus(response.getWorkflowStatus());
        if (WorkflowStatus.CREATED != response.getWorkflowStatus()) {
            completeWorkflow(appCreationWFExecutor, workflow);
        } else {
            getApplicationDAO().updateApplicationState(generatedUuid, APIMgtConstants.ApplicationStatus.APPLICATION_ONHOLD);
            addWorkflowEntries(workflow);
        }
        APIUtils.logDebug("successfully added application with appId " + application.getId(), log);
        applicationResponse = new ApplicationCreationResponse(application.getId(), response);
    } catch (APIMgtDAOException e) {
        String errorMsg = "Error occurred while creating the application - " + application.getName();
        log.error(errorMsg, e);
        throw new APIManagementException(errorMsg, e, e.getErrorHandler());
    } catch (ParseException e) {
        String errorMsg = "Error occurred while parsing the permission json from swagger in application - " + application.getName();
        log.error(errorMsg, e);
        throw new APIManagementException(errorMsg, e, ExceptionCodes.SWAGGER_PARSE_EXCEPTION);
    } catch (WorkflowException e) {
        String errorMsg = "Error occurred in workflow";
        log.error(errorMsg, e);
        throw new APIManagementException(errorMsg, e, ExceptionCodes.WORKFLOW_EXCEPTION);
    }
    return applicationResponse;
}

Example 18 with Permission

use of org.wso2.carbon.user.api.Permission in project carbon-apimgt by wso2.

the class APIStoreImplTestCase method testAddApplicationUpdateWorkflowReject.

@Test(description = "Test Application update workflow reject")
public void testAddApplicationUpdateWorkflowReject() throws APIManagementException {
    /*
         * This test is to validate the rollback the application to its previous state for application
         * update request rejection
         */
    ApplicationDAO applicationDAO = Mockito.mock(ApplicationDAO.class);
    PolicyDAO policyDAO = Mockito.mock(PolicyDAO.class);
    WorkflowDAO workflowDAO = Mockito.mock(WorkflowDAO.class);
    Policy policy = Mockito.mock(Policy.class);
    APIStore apiStore = getApiStoreImpl(applicationDAO, policyDAO, workflowDAO);
    Application application = new Application(APP_NAME, USER_NAME);
    application.setStatus(ApplicationStatus.APPLICATION_APPROVED);
    application.setPolicy(new ApplicationPolicy(TIER));
    application.setId(UUID);
    application.setPermissionString("[{\"groupId\": \"testGroup\",\"permission\":[\"READ\",\"UPDATE\",\"DELETE\",\"SUBSCRIPTION\"]}]");
    Mockito.when(applicationDAO.isApplicationNameExists(APP_NAME)).thenReturn(false);
    Mockito.when(policyDAO.getPolicyByLevelAndName(APIMgtAdminService.PolicyLevel.application, TIER)).thenReturn(policy);
    // following section mock the workflow callback api
    DefaultWorkflowExecutor executor = Mockito.mock(DefaultWorkflowExecutor.class);
    APIGateway apiGateway = Mockito.mock(APIGateway.class);
    Workflow workflow = new ApplicationUpdateWorkflow(applicationDAO, workflowDAO, apiGateway);
    workflow.setWorkflowReference(application.getId());
    workflow.setExternalWorkflowReference(UUID);
    // validate the rejection flow
    // here we assume the application is an approve state before update
    // this attribute is set internally based on the workflow data
    workflow.setAttribute(WorkflowConstants.ATTRIBUTE_APPLICATION_EXISTIN_APP_STATUS, ApplicationStatus.APPLICATION_APPROVED);
    WorkflowResponse response = new GeneralWorkflowResponse();
    response.setWorkflowStatus(WorkflowStatus.REJECTED);
    Mockito.when(executor.complete(workflow)).thenReturn(response);
    apiStore.completeWorkflow(executor, workflow);
    Mockito.verify(applicationDAO, Mockito.times(1)).updateApplicationState(application.getId(), ApplicationStatus.APPLICATION_APPROVED);
    // here we assume the application is an rejected state before update.
    workflow.setAttribute(WorkflowConstants.ATTRIBUTE_APPLICATION_EXISTIN_APP_STATUS, ApplicationStatus.APPLICATION_REJECTED);
    apiStore.completeWorkflow(executor, workflow);
    Mockito.verify(applicationDAO, Mockito.times(1)).updateApplicationState(application.getId(), ApplicationStatus.APPLICATION_REJECTED);
}

Example 19 with Permission

use of org.wso2.carbon.user.api.Permission in project carbon-apimgt by wso2.

the class APIStoreImplTestCase method testAddApplication.

@Test(description = "Add an application")
public void testAddApplication() throws APIManagementException {
    ApplicationDAO applicationDAO = Mockito.mock(ApplicationDAO.class);
    PolicyDAO policyDAO = Mockito.mock(PolicyDAO.class);
    WorkflowDAO workflowDAO = Mockito.mock(WorkflowDAO.class);
    Policy policy = Mockito.mock(Policy.class);
    APIGateway apiGateway = Mockito.mock(APIGateway.class);
    APIStore apiStore = getApiStoreImpl(applicationDAO, policyDAO, workflowDAO, apiGateway);
    Application application = new Application(APP_NAME, USER_NAME);
    application.setPolicy(new ApplicationPolicy(TIER));
    application.setPermissionString("[{\"groupId\": \"testGroup\",\"permission\":[\"READ\",\"UPDATE\",\"DELETE\",\"SUBSCRIPTION\"]}]");
    Mockito.when(applicationDAO.isApplicationNameExists(APP_NAME)).thenReturn(false);
    Mockito.when(policyDAO.getSimplifiedPolicyByLevelAndName(APIMgtAdminService.PolicyLevel.application, TIER)).thenReturn(policy);
    ApplicationCreationResponse response = apiStore.addApplication(application);
    Assert.assertNotNull(response.getApplicationUUID());
    Mockito.verify(applicationDAO, Mockito.times(1)).addApplication(application);
}

Example 20 with Permission

use of org.wso2.carbon.user.api.Permission in project carbon-apimgt by wso2.

the class APIStoreImplTestCase method testAddApplicationPermissionStringEmpty.

@Test(description = "Add an application with empty permission String")
public void testAddApplicationPermissionStringEmpty() throws APIManagementException {
    ApplicationDAO applicationDAO = Mockito.mock(ApplicationDAO.class);
    PolicyDAO policyDAO = Mockito.mock(PolicyDAO.class);
    Policy policy = Mockito.mock(Policy.class);
    WorkflowDAO workflowDAO = Mockito.mock(WorkflowDAO.class);
    APIGateway apiGateway = Mockito.mock(APIGateway.class);
    APIStore apiStore = getApiStoreImpl(applicationDAO, policyDAO, workflowDAO, apiGateway);
    Application application = new Application(APP_NAME, USER_NAME);
    application.setPolicy(new ApplicationPolicy(TIER));
    application.setPermissionString("");
    Mockito.when(applicationDAO.isApplicationNameExists(APP_NAME)).thenReturn(false);
    Mockito.when(policyDAO.getSimplifiedPolicyByLevelAndName(APIMgtAdminService.PolicyLevel.application, TIER)).thenReturn(policy);
    ApplicationCreationResponse applicationResponse = apiStore.addApplication(application);
    String applicationUuid = applicationResponse.getApplicationUUID();
    Assert.assertNotNull(applicationUuid);
    Mockito.verify(applicationDAO, Mockito.times(1)).addApplication(application);
}