use of org.wso2.carbon.user.core.Permission in project carbon-apimgt by wso2.
the class ApplicationUpdateWorkflow method completeWorkflow.
public WorkflowResponse completeWorkflow(WorkflowExecutor workflowExecutor) throws APIManagementException {
String appId = getWorkflowReference();
String name = getAttribute(WorkflowConstants.ATTRIBUTE_APPLICATION_NAME);
String updatedUser = getAttribute(WorkflowConstants.ATTRIBUTE_APPLICATION_UPDATEDBY);
String applicationId = getWorkflowReference();
String tier = getAttribute(WorkflowConstants.ATTRIBUTE_APPLICATION_TIER);
String policyId = getAttribute(WorkflowConstants.ATTRIBUTE_APPLICATION_POLICY_ID);
String description = getAttribute(WorkflowConstants.ATTRIBUTE_APPLICATION_DESCRIPTION);
String permission = getAttribute(WorkflowConstants.ATTRIBUTE_APPLICATION_PERMISSION);
Application application = new Application(name, updatedUser);
application.setPolicy(new ApplicationPolicy(policyId, tier));
application.setDescription(description);
application.setId(applicationId);
application.setUpdatedUser(updatedUser);
application.setPermissionString(permission);
application.setUpdatedTime(LocalDateTime.now());
if (existingApplication == null && updatedApplication == null) {
// this is when complete method is executed through workflow rest api
existingApplication = applicationDAO.getApplication(appId);
updatedApplication = application;
}
WorkflowResponse response = workflowExecutor.complete(this);
setStatus(response.getWorkflowStatus());
if (WorkflowStatus.APPROVED == response.getWorkflowStatus()) {
if (log.isDebugEnabled()) {
log.debug("Application update workflow complete: Approved");
}
application.setStatus(APIMgtConstants.ApplicationStatus.APPLICATION_APPROVED);
applicationDAO.updateApplication(appId, application);
try {
getApiGateway().updateApplication(application);
} catch (GatewayException ex) {
// This log is not harm to therefore not rethrow
log.warn("Failed to send the Application Update Event ", ex);
}
} else if (WorkflowStatus.REJECTED == response.getWorkflowStatus()) {
if (log.isDebugEnabled()) {
log.debug("Application update workflow complete: Rejected");
}
String existingAppStatus = getAttribute(WorkflowConstants.ATTRIBUTE_APPLICATION_EXISTIN_APP_STATUS);
applicationDAO.updateApplicationState(appId, existingAppStatus);
}
updateWorkflowEntries(this);
return response;
}
use of org.wso2.carbon.user.core.Permission in project carbon-apimgt by wso2.
the class SampleTestObjectCreator method createUniqueAPI.
public static API.APIBuilder createUniqueAPI() {
Set<String> transport = new HashSet<>();
transport.add(HTTP);
Set<String> tags = new HashSet<>();
tags.add(TAG_FOOD);
tags.add(TAG_BEVERAGE);
Set<Policy> policies = new HashSet<>();
policies.add(silverSubscriptionPolicy);
policies.add(bronzeSubscriptionPolicy);
BusinessInformation businessInformation = new BusinessInformation();
businessInformation.setBusinessOwner(NAME_BUSINESS_OWNER_1);
businessInformation.setBusinessOwnerEmail(EMAIL_BUSINESS_OWNER_1);
businessInformation.setTechnicalOwner(NAME_BUSINESS_OWNER_2);
businessInformation.setBusinessOwnerEmail(EMAIL_BUSINESS_OWNER_2);
CorsConfiguration corsConfiguration = new CorsConfiguration();
corsConfiguration.setEnabled(true);
corsConfiguration.setAllowMethods(Arrays.asList(APIMgtConstants.FunctionsConstants.GET, APIMgtConstants.FunctionsConstants.POST, APIMgtConstants.FunctionsConstants.DELETE));
corsConfiguration.setAllowHeaders(Arrays.asList(ALLOWED_HEADER_AUTHORIZATION, ALLOWED_HEADER_CUSTOM));
corsConfiguration.setAllowCredentials(true);
corsConfiguration.setAllowOrigins(Arrays.asList("*"));
String permissionJson = "[{\"groupId\" : \"developer\", \"permission\" : " + "[\"READ\",\"UPDATE\"]},{\"groupId\" : \"admin\", \"permission\" : [\"READ\",\"UPDATE\"," + "\"DELETE\", \"MANAGE_SUBSCRIPTION\"]}]";
Map permissionMap = new HashMap();
permissionMap.put(DEVELOPER_ROLE_ID, 6);
permissionMap.put(ADMIN_ROLE_ID, 15);
List<String> defaultLabels = getDefaultLabels();
API.APIBuilder apiBuilder = new API.APIBuilder(UUID.randomUUID().toString(), UUID.randomUUID().toString(), API_VERSION).id(UUID.randomUUID().toString()).context(UUID.randomUUID().toString()).description("Get Food & Beverage Info").lifeCycleStatus(APIStatus.CREATED.getStatus()).endpoint(Collections.emptyMap()).isResponseCachingEnabled(true).cacheTimeout(120).isDefaultVersion(true).apiPolicy(goldApiPolicy).transport(transport).tags(tags).labels(defaultLabels).policies(policies).visibility(API.Visibility.RESTRICTED).visibleRoles(new HashSet<>(Arrays.asList(CUSTOMER_ROLE, MANAGER_ROLE, EMPLOYEE_ROLE))).businessInformation(businessInformation).corsConfiguration(corsConfiguration).apiPermission(permissionJson).permissionMap(permissionMap).createdTime(LocalDateTime.now()).createdBy(API_CREATOR).uriTemplates(Collections.emptyMap()).apiDefinition(apiDefinition).lastUpdatedTime(LocalDateTime.now()).securityScheme(3).threatProtectionPolicies(threatProtectionPolicies);
return apiBuilder;
}
use of org.wso2.carbon.user.core.Permission in project carbon-apimgt by wso2.
the class ApiDAOImplIT method testGetAPIsWhenUserRolesInAPIPermissionsWithoutREAD.
@Test(description = "Tests getting the APIs when the user roles are contained in the API permission list " + "but without READ permissions")
public void testGetAPIsWhenUserRolesInAPIPermissionsWithoutREAD() throws Exception {
ApiDAO apiDAO = DAOFactory.getApiDAO();
Set<String> rolesOfUser = new HashSet<>();
rolesOfUser.add(SampleTestObjectCreator.DEVELOPER_ROLE_ID);
// This user is not the provider of the API
List<API> apiList = apiDAO.getAPIs(rolesOfUser, ALTERNATIVE_USER);
Assert.assertTrue(apiList.isEmpty());
Map map = new HashMap();
map.put(SampleTestObjectCreator.DEVELOPER_ROLE_ID, 0);
API.APIBuilder builder = SampleTestObjectCreator.createDefaultAPI().permissionMap(map);
API api1 = builder.build();
testAddGetEndpoint();
apiDAO.addAPI(api1);
apiList = apiDAO.getAPIs(rolesOfUser, ALTERNATIVE_USER);
// Since the API has the role ID of the user but without READ permissions, it is not visible to this user
Assert.assertTrue(apiList.size() == 0);
}
use of org.wso2.carbon.user.core.Permission in project carbon-apimgt by wso2.
the class APIPublisherImplTestCase method testDeleteApiWhenUserHasNoDeletePermission.
@Test(description = "Delete API when the logged in user has no delete permission for the API")
public void testDeleteApiWhenUserHasNoDeletePermission() throws APIManagementException, LifecycleException, SQLException {
ApiDAO apiDAO = Mockito.mock(ApiDAO.class);
APISubscriptionDAO apiSubscriptionDAO = Mockito.mock(APISubscriptionDAO.class);
APIBuilder builder = SampleTestObjectCreator.createDefaultAPI();
API api = builder.build();
String uuid = api.getId();
Mockito.when(apiSubscriptionDAO.getSubscriptionCountByAPI(uuid)).thenReturn(0L);
APILifecycleManager apiLifecycleManager = Mockito.mock(APILifecycleManager.class);
APIGateway gateway = Mockito.mock(APIGateway.class);
IdentityProvider identityProvider = Mockito.mock(IdentityProvider.class);
LabelDAO labelDao = Mockito.mock(LabelDAO.class);
APIPublisherImpl apiPublisher = getApiPublisherImpl(ALTERNATIVE_USER, identityProvider, apiDAO, apiSubscriptionDAO, apiLifecycleManager, gateway, labelDao);
Mockito.when(apiDAO.getAPI(uuid)).thenReturn(api);
// Assuming the user role list retrieved from IS is null
Mockito.when(identityProvider.getIdOfUser(ALTERNATIVE_USER)).thenReturn(USER_ID);
Mockito.when(identityProvider.getRoleIdsOfUser(USER_ID)).thenReturn(null);
Mockito.when(apiDAO.getApiSwaggerDefinition(api.getId())).thenReturn(SampleTestObjectCreator.apiDefinition);
try {
apiPublisher.deleteAPI(uuid);
} catch (APIManagementException ex) {
Assert.assertEquals(ex.getMessage(), "The user " + ALTERNATIVE_USER + " does not have permission to delete the api " + api.getName());
}
}
use of org.wso2.carbon.user.core.Permission in project carbon-apimgt by wso2.
the class APIPublisherImplTestCase method testUpdateDocumentationInfoJsonParseException.
@Test(description = "Parse exception when updating documentation info", expectedExceptions = APIManagementException.class)
public void testUpdateDocumentationInfoJsonParseException() throws APIManagementException {
ApiDAO apiDAO = Mockito.mock(ApiDAO.class);
DocumentInfo documentInfo = new DocumentInfo.Builder().fileName("sample_doc.pdf").name("howto_guide").id("").permission("data").build();
APIPublisherImpl apiPublisher = getApiPublisherImpl(apiDAO);
apiPublisher.updateDocumentation(API_ID, documentInfo);
}
Aggregations