Search in sources :

Example 1 with Permission

use of org.wso2.carbon.user.core.Permission in project carbon-apimgt by wso2.

the class ApplicationUpdateWorkflow method completeWorkflow.

public WorkflowResponse completeWorkflow(WorkflowExecutor workflowExecutor) throws APIManagementException {
    String appId = getWorkflowReference();
    String name = getAttribute(WorkflowConstants.ATTRIBUTE_APPLICATION_NAME);
    String updatedUser = getAttribute(WorkflowConstants.ATTRIBUTE_APPLICATION_UPDATEDBY);
    String applicationId = getWorkflowReference();
    String tier = getAttribute(WorkflowConstants.ATTRIBUTE_APPLICATION_TIER);
    String policyId = getAttribute(WorkflowConstants.ATTRIBUTE_APPLICATION_POLICY_ID);
    String description = getAttribute(WorkflowConstants.ATTRIBUTE_APPLICATION_DESCRIPTION);
    String permission = getAttribute(WorkflowConstants.ATTRIBUTE_APPLICATION_PERMISSION);
    Application application = new Application(name, updatedUser);
    application.setPolicy(new ApplicationPolicy(policyId, tier));
    application.setDescription(description);
    application.setId(applicationId);
    application.setUpdatedUser(updatedUser);
    application.setPermissionString(permission);
    application.setUpdatedTime(LocalDateTime.now());
    if (existingApplication == null && updatedApplication == null) {
        // this is when complete method is executed through workflow rest api
        existingApplication = applicationDAO.getApplication(appId);
        updatedApplication = application;
    }
    WorkflowResponse response = workflowExecutor.complete(this);
    setStatus(response.getWorkflowStatus());
    if (WorkflowStatus.APPROVED == response.getWorkflowStatus()) {
        if (log.isDebugEnabled()) {
            log.debug("Application update workflow complete: Approved");
        }
        application.setStatus(APIMgtConstants.ApplicationStatus.APPLICATION_APPROVED);
        applicationDAO.updateApplication(appId, application);
        try {
            getApiGateway().updateApplication(application);
        } catch (GatewayException ex) {
            // This log is not harm to therefore not rethrow
            log.warn("Failed to send the Application Update Event ", ex);
        }
    } else if (WorkflowStatus.REJECTED == response.getWorkflowStatus()) {
        if (log.isDebugEnabled()) {
            log.debug("Application update workflow complete: Rejected");
        }
        String existingAppStatus = getAttribute(WorkflowConstants.ATTRIBUTE_APPLICATION_EXISTIN_APP_STATUS);
        applicationDAO.updateApplicationState(appId, existingAppStatus);
    }
    updateWorkflowEntries(this);
    return response;
}
Also used : ApplicationPolicy(org.wso2.carbon.apimgt.core.models.policy.ApplicationPolicy) GatewayException(org.wso2.carbon.apimgt.core.exception.GatewayException) WorkflowResponse(org.wso2.carbon.apimgt.core.api.WorkflowResponse) Application(org.wso2.carbon.apimgt.core.models.Application)

Example 2 with Permission

use of org.wso2.carbon.user.core.Permission in project carbon-apimgt by wso2.

the class SampleTestObjectCreator method createUniqueAPI.

public static API.APIBuilder createUniqueAPI() {
    Set<String> transport = new HashSet<>();
    transport.add(HTTP);
    Set<String> tags = new HashSet<>();
    tags.add(TAG_FOOD);
    tags.add(TAG_BEVERAGE);
    Set<Policy> policies = new HashSet<>();
    policies.add(silverSubscriptionPolicy);
    policies.add(bronzeSubscriptionPolicy);
    BusinessInformation businessInformation = new BusinessInformation();
    businessInformation.setBusinessOwner(NAME_BUSINESS_OWNER_1);
    businessInformation.setBusinessOwnerEmail(EMAIL_BUSINESS_OWNER_1);
    businessInformation.setTechnicalOwner(NAME_BUSINESS_OWNER_2);
    businessInformation.setBusinessOwnerEmail(EMAIL_BUSINESS_OWNER_2);
    CorsConfiguration corsConfiguration = new CorsConfiguration();
    corsConfiguration.setEnabled(true);
    corsConfiguration.setAllowMethods(Arrays.asList(APIMgtConstants.FunctionsConstants.GET, APIMgtConstants.FunctionsConstants.POST, APIMgtConstants.FunctionsConstants.DELETE));
    corsConfiguration.setAllowHeaders(Arrays.asList(ALLOWED_HEADER_AUTHORIZATION, ALLOWED_HEADER_CUSTOM));
    corsConfiguration.setAllowCredentials(true);
    corsConfiguration.setAllowOrigins(Arrays.asList("*"));
    String permissionJson = "[{\"groupId\" : \"developer\", \"permission\" : " + "[\"READ\",\"UPDATE\"]},{\"groupId\" : \"admin\", \"permission\" : [\"READ\",\"UPDATE\"," + "\"DELETE\", \"MANAGE_SUBSCRIPTION\"]}]";
    Map permissionMap = new HashMap();
    permissionMap.put(DEVELOPER_ROLE_ID, 6);
    permissionMap.put(ADMIN_ROLE_ID, 15);
    List<String> defaultLabels = getDefaultLabels();
    API.APIBuilder apiBuilder = new API.APIBuilder(UUID.randomUUID().toString(), UUID.randomUUID().toString(), API_VERSION).id(UUID.randomUUID().toString()).context(UUID.randomUUID().toString()).description("Get Food & Beverage Info").lifeCycleStatus(APIStatus.CREATED.getStatus()).endpoint(Collections.emptyMap()).isResponseCachingEnabled(true).cacheTimeout(120).isDefaultVersion(true).apiPolicy(goldApiPolicy).transport(transport).tags(tags).labels(defaultLabels).policies(policies).visibility(API.Visibility.RESTRICTED).visibleRoles(new HashSet<>(Arrays.asList(CUSTOMER_ROLE, MANAGER_ROLE, EMPLOYEE_ROLE))).businessInformation(businessInformation).corsConfiguration(corsConfiguration).apiPermission(permissionJson).permissionMap(permissionMap).createdTime(LocalDateTime.now()).createdBy(API_CREATOR).uriTemplates(Collections.emptyMap()).apiDefinition(apiDefinition).lastUpdatedTime(LocalDateTime.now()).securityScheme(3).threatProtectionPolicies(threatProtectionPolicies);
    return apiBuilder;
}
Also used : ApplicationPolicy(org.wso2.carbon.apimgt.core.models.policy.ApplicationPolicy) SubscriptionPolicy(org.wso2.carbon.apimgt.core.models.policy.SubscriptionPolicy) CustomPolicy(org.wso2.carbon.apimgt.core.models.policy.CustomPolicy) QuotaPolicy(org.wso2.carbon.apimgt.core.models.policy.QuotaPolicy) ThreatProtectionPolicy(org.wso2.carbon.apimgt.core.models.policy.ThreatProtectionPolicy) Policy(org.wso2.carbon.apimgt.core.models.policy.Policy) APIPolicy(org.wso2.carbon.apimgt.core.models.policy.APIPolicy) BusinessInformation(org.wso2.carbon.apimgt.core.models.BusinessInformation) HashMap(java.util.HashMap) CorsConfiguration(org.wso2.carbon.apimgt.core.models.CorsConfiguration) CompositeAPI(org.wso2.carbon.apimgt.core.models.CompositeAPI) API(org.wso2.carbon.apimgt.core.models.API) Map(java.util.Map) HashedMap(org.apache.commons.collections.map.HashedMap) HashMap(java.util.HashMap) HashSet(java.util.HashSet)

Example 3 with Permission

use of org.wso2.carbon.user.core.Permission in project carbon-apimgt by wso2.

the class ApiDAOImplIT method testGetAPIsWhenUserRolesInAPIPermissionsWithoutREAD.

@Test(description = "Tests getting the APIs when the user roles are contained in the API permission list " + "but without READ permissions")
public void testGetAPIsWhenUserRolesInAPIPermissionsWithoutREAD() throws Exception {
    ApiDAO apiDAO = DAOFactory.getApiDAO();
    Set<String> rolesOfUser = new HashSet<>();
    rolesOfUser.add(SampleTestObjectCreator.DEVELOPER_ROLE_ID);
    // This user is not the provider of the API
    List<API> apiList = apiDAO.getAPIs(rolesOfUser, ALTERNATIVE_USER);
    Assert.assertTrue(apiList.isEmpty());
    Map map = new HashMap();
    map.put(SampleTestObjectCreator.DEVELOPER_ROLE_ID, 0);
    API.APIBuilder builder = SampleTestObjectCreator.createDefaultAPI().permissionMap(map);
    API api1 = builder.build();
    testAddGetEndpoint();
    apiDAO.addAPI(api1);
    apiList = apiDAO.getAPIs(rolesOfUser, ALTERNATIVE_USER);
    // Since the API has the role ID of the user but without READ permissions, it is not visible to this user
    Assert.assertTrue(apiList.size() == 0);
}
Also used : HashMap(java.util.HashMap) CompositeAPI(org.wso2.carbon.apimgt.core.models.CompositeAPI) API(org.wso2.carbon.apimgt.core.models.API) HashMap(java.util.HashMap) Map(java.util.Map) ApiDAO(org.wso2.carbon.apimgt.core.dao.ApiDAO) HashSet(java.util.HashSet) Test(org.testng.annotations.Test)

Example 4 with Permission

use of org.wso2.carbon.user.core.Permission in project carbon-apimgt by wso2.

the class APIPublisherImplTestCase method testDeleteApiWhenUserHasNoDeletePermission.

@Test(description = "Delete API when the logged in user has no delete permission for the API")
public void testDeleteApiWhenUserHasNoDeletePermission() throws APIManagementException, LifecycleException, SQLException {
    ApiDAO apiDAO = Mockito.mock(ApiDAO.class);
    APISubscriptionDAO apiSubscriptionDAO = Mockito.mock(APISubscriptionDAO.class);
    APIBuilder builder = SampleTestObjectCreator.createDefaultAPI();
    API api = builder.build();
    String uuid = api.getId();
    Mockito.when(apiSubscriptionDAO.getSubscriptionCountByAPI(uuid)).thenReturn(0L);
    APILifecycleManager apiLifecycleManager = Mockito.mock(APILifecycleManager.class);
    APIGateway gateway = Mockito.mock(APIGateway.class);
    IdentityProvider identityProvider = Mockito.mock(IdentityProvider.class);
    LabelDAO labelDao = Mockito.mock(LabelDAO.class);
    APIPublisherImpl apiPublisher = getApiPublisherImpl(ALTERNATIVE_USER, identityProvider, apiDAO, apiSubscriptionDAO, apiLifecycleManager, gateway, labelDao);
    Mockito.when(apiDAO.getAPI(uuid)).thenReturn(api);
    // Assuming the user role list retrieved from IS is null
    Mockito.when(identityProvider.getIdOfUser(ALTERNATIVE_USER)).thenReturn(USER_ID);
    Mockito.when(identityProvider.getRoleIdsOfUser(USER_ID)).thenReturn(null);
    Mockito.when(apiDAO.getApiSwaggerDefinition(api.getId())).thenReturn(SampleTestObjectCreator.apiDefinition);
    try {
        apiPublisher.deleteAPI(uuid);
    } catch (APIManagementException ex) {
        Assert.assertEquals(ex.getMessage(), "The user " + ALTERNATIVE_USER + " does not have permission to delete the api " + api.getName());
    }
}
Also used : APILifecycleManager(org.wso2.carbon.apimgt.core.api.APILifecycleManager) APISubscriptionDAO(org.wso2.carbon.apimgt.core.dao.APISubscriptionDAO) APIManagementException(org.wso2.carbon.apimgt.core.exception.APIManagementException) API(org.wso2.carbon.apimgt.core.models.API) IdentityProvider(org.wso2.carbon.apimgt.core.api.IdentityProvider) APIBuilder(org.wso2.carbon.apimgt.core.models.API.APIBuilder) APIGateway(org.wso2.carbon.apimgt.core.api.APIGateway) LabelDAO(org.wso2.carbon.apimgt.core.dao.LabelDAO) ApiDAO(org.wso2.carbon.apimgt.core.dao.ApiDAO) Test(org.testng.annotations.Test)

Example 5 with Permission

use of org.wso2.carbon.user.core.Permission in project carbon-apimgt by wso2.

the class APIPublisherImplTestCase method testUpdateDocumentationInfoJsonParseException.

@Test(description = "Parse exception when updating documentation info", expectedExceptions = APIManagementException.class)
public void testUpdateDocumentationInfoJsonParseException() throws APIManagementException {
    ApiDAO apiDAO = Mockito.mock(ApiDAO.class);
    DocumentInfo documentInfo = new DocumentInfo.Builder().fileName("sample_doc.pdf").name("howto_guide").id("").permission("data").build();
    APIPublisherImpl apiPublisher = getApiPublisherImpl(apiDAO);
    apiPublisher.updateDocumentation(API_ID, documentInfo);
}
Also used : ApiDAO(org.wso2.carbon.apimgt.core.dao.ApiDAO) DocumentInfo(org.wso2.carbon.apimgt.core.models.DocumentInfo) Test(org.testng.annotations.Test)

Aggregations

ArrayList (java.util.ArrayList)31 APIManagementException (org.wso2.carbon.apimgt.api.APIManagementException)29 Test (org.testng.annotations.Test)28 UserStoreException (org.wso2.carbon.user.api.UserStoreException)27 HashMap (java.util.HashMap)26 RegistryException (org.wso2.carbon.registry.api.RegistryException)21 PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)19 HashSet (java.util.HashSet)18 UserAdminException (org.wso2.carbon.user.mgt.common.UserAdminException)18 UserStoreException (org.wso2.carbon.user.core.UserStoreException)17 Policy (org.wso2.carbon.apimgt.core.models.policy.Policy)16 Map (java.util.Map)15 Test (org.junit.Test)15 API (org.wso2.carbon.apimgt.core.models.API)15 ApplicationPolicy (org.wso2.carbon.apimgt.core.models.policy.ApplicationPolicy)15 SubscriptionPolicy (org.wso2.carbon.apimgt.core.models.policy.SubscriptionPolicy)15 UserRegistry (org.wso2.carbon.registry.core.session.UserRegistry)13 PreparedStatement (java.sql.PreparedStatement)12 UserStoreManager (org.wso2.carbon.user.core.UserStoreManager)12 AuthorizationManager (org.wso2.carbon.user.api.AuthorizationManager)11