private void addRolesToUser(String userId, Collection<RoleEntity> rolesToAdd) { // add roles to user for (RoleEntity roleEntity : rolesToAdd) { membershipService.addOrUpdateMember( new MembershipService.MembershipReference( io.gravitee.management.model.permissions.RoleScope.MANAGEMENT == roleEntity.getScope() ? MembershipReferenceType.MANAGEMENT : MembershipReferenceType.PORTAL, MembershipDefaultReferenceId.DEFAULT.name()), new MembershipService.MembershipUser(userId, null), new MembershipService.MembershipRole( RoleScope.valueOf(roleEntity.getScope().name()), roleEntity.getName())); } }
private UserRoleEntity convert(RoleEntity roleEntity) { if (roleEntity == null) { return null; } UserRoleEntity userRoleEntity = new UserRoleEntity(); userRoleEntity.setScope(roleEntity.getScope()); userRoleEntity.setName(roleEntity.getName()); userRoleEntity.setPermissions(roleEntity.getPermissions()); return userRoleEntity; } }
private RoleEntity convert(final Role role) { if (role == null) { return null; } final RoleEntity roleEntity = new RoleEntity(); roleEntity.setName(role.getName()); roleEntity.setDescription(role.getDescription()); roleEntity.setScope(convert(role.getScope())); roleEntity.setDefaultRole(role.isDefaultRole()); roleEntity.setSystem(role.isSystem()); roleEntity.setPermissions(convertPermissions(roleEntity.getScope(), role.getPermissions())); return roleEntity; }
if (managementRole != null && !SystemRole.ADMIN.name().equals(managementRole)) { try { roleName = roleService.findById(convertToRepositoryRoleScope(roleScope), managementRole).getName(); roleName = first.get().getName(); } else { throw new IllegalArgumentException("No default role exist for scope MANAGEMENT"); Optional<RoleEntity> first = roleService.findDefaultRoleByScopes(convertToRepositoryRoleScope(roleScope)).stream().findFirst(); if (first.isPresent()) { roleName = first.get().getName(); } else { throw new IllegalArgumentException("No default role exist for scope MANAGEMENT");
@Override public RoleEntity create(final NewRoleEntity roleEntity) { try { Role role = convert(roleEntity); if (roleRepository.findById(role.getScope(), role.getName()).isPresent()) { throw new RoleAlreadyExistsException(role.getScope(), role.getName()); } role.setCreatedAt(new Date()); role.setUpdatedAt(role.getCreatedAt()); RoleEntity entity = convert(roleRepository.create(role)); auditService.createPortalAuditLog( Collections.singletonMap(ROLE, role.getScope() + ":" + role.getName()), ROLE_CREATED, role.getCreatedAt(), null, role); if (entity.isDefaultRole()) { toggleDefaultRole(convert(roleEntity.getScope()), entity.getName()); } return entity; } catch (TechnicalException ex) { LOGGER.error("An error occurs while trying to create role {}", roleEntity.getName(), ex); throw new TechnicalManagementException("An error occurs while trying to create role " + roleEntity.getName(), ex); } }
private MemberEntity convert(Membership membership, RoleScope roleScope) { final MemberEntity member = new MemberEntity(); final UserEntity userEntity = userService.findById(membership.getUserId()); final RoleEntity role = getRole( membership.getReferenceType(), membership.getReferenceId(), membership.getUserId(), roleScope); // because API and APPLICATION RoleScope is not mandatory for a group, // role could be null if (role == null) { return null; } member.setPermissions(role.getPermissions()); member.setId(membership.getUserId()); member.setCreatedAt(membership.getCreatedAt()); member.setUpdatedAt(membership.getUpdatedAt()); member.setRole(role.getName()); member.setDisplayName(userEntity.getDisplayName()); member.setEmail(userEntity.getEmail()); return member; }
for (char c : roleEntity.getPermissions().get(SUBSCRIPTION.getName())) { if (c == 'U') { switch(membership.getReferenceType()) {
/** * assert that the role's scope is allowed for the given reference */ private void assertRoleScopeAllowedForReference(MembershipReference reference, MembershipRole role) { RoleEntity roleEntity = roleService.findById(role.getScope(), role.getName()); if (API.equals(reference.getType()) && !io.gravitee.management.model.permissions.RoleScope.API.equals(roleEntity.getScope())) { throw new NotAuthorizedMembershipException(role.getName()); } else if (APPLICATION.equals(reference.getType()) && !io.gravitee.management.model.permissions.RoleScope.APPLICATION.equals(roleEntity.getScope())) { throw new NotAuthorizedMembershipException(role.getName()); } else if (GROUP.equals(reference.getType()) && !io.gravitee.management.model.permissions.RoleScope.APPLICATION.equals(roleEntity.getScope()) && !io.gravitee.management.model.permissions.RoleScope.API.equals(roleEntity.getScope()) && !io.gravitee.management.model.permissions.RoleScope.GROUP.equals(roleEntity.getScope())) { throw new NotAuthorizedMembershipException(role.getName()); } else if (GROUP.equals(reference.getType()) && SystemRole.PRIMARY_OWNER.name().equals(role.getName())) { throw new NotAuthorizedMembershipException(role.getName()); } }
if (managementRole != null && !SystemRole.ADMIN.name().equals(managementRole)) { try { roleName = roleService.findById(convertToRepositoryRoleScope(roleScope), managementRole).getName(); roleName = first.get().getName(); } else { throw new IllegalArgumentException("No default role exist for scope MANAGEMENT"); Optional<RoleEntity> first = roleService.findDefaultRoleByScopes(convertToRepositoryRoleScope(roleScope)).stream().findFirst(); if (first.isPresent()) { roleName = first.get().getName(); } else { throw new IllegalArgumentException("No default role exist for scope MANAGEMENT");
@Override public RoleEntity create(final NewRoleEntity roleEntity) { try { Role role = convert(roleEntity); if (roleRepository.findById(role.getScope(), role.getName()).isPresent()) { throw new RoleAlreadyExistsException(role.getScope(), role.getName()); } role.setCreatedAt(new Date()); role.setUpdatedAt(role.getCreatedAt()); RoleEntity entity = convert(roleRepository.create(role)); auditService.createPortalAuditLog( Collections.singletonMap(ROLE, role.getScope() + ":" + role.getName()), ROLE_CREATED, role.getCreatedAt(), null, role); if (entity.isDefaultRole()) { toggleDefaultRole(convert(roleEntity.getScope()), entity.getName()); } return entity; } catch (TechnicalException ex) { LOGGER.error("An error occurs while trying to create role {}", roleEntity.getName(), ex); throw new TechnicalManagementException("An error occurs while trying to create role " + roleEntity.getName(), ex); } }
private MemberEntity convert(Membership membership, RoleScope roleScope) { final MemberEntity member = new MemberEntity(); final UserEntity userEntity = userService.findById(membership.getUserId()); final RoleEntity role = getRole( membership.getReferenceType(), membership.getReferenceId(), membership.getUserId(), roleScope); // because API and APPLICATION RoleScope is not mandatory for a group, // role could be null if (role == null) { return null; } member.setPermissions(role.getPermissions()); member.setId(membership.getUserId()); member.setCreatedAt(membership.getCreatedAt()); member.setUpdatedAt(membership.getUpdatedAt()); member.setRole(role.getName()); member.setDisplayName(userEntity.getDisplayName()); member.setEmail(userEntity.getEmail()); return member; }
for (char c : roleEntity.getPermissions().get(SUBSCRIPTION.getName())) { if (c == 'U') { switch(membership.getReferenceType()) {
/** * assert that the role's scope is allowed for the given reference */ private void assertRoleScopeAllowedForReference(MembershipReference reference, MembershipRole role) { RoleEntity roleEntity = roleService.findById(role.getScope(), role.getName()); if (API.equals(reference.getType()) && !io.gravitee.management.model.permissions.RoleScope.API.equals(roleEntity.getScope())) { throw new NotAuthorizedMembershipException(role.getName()); } else if (APPLICATION.equals(reference.getType()) && !io.gravitee.management.model.permissions.RoleScope.APPLICATION.equals(roleEntity.getScope())) { throw new NotAuthorizedMembershipException(role.getName()); } else if (GROUP.equals(reference.getType()) && !io.gravitee.management.model.permissions.RoleScope.APPLICATION.equals(roleEntity.getScope()) && !io.gravitee.management.model.permissions.RoleScope.API.equals(roleEntity.getScope()) && !io.gravitee.management.model.permissions.RoleScope.GROUP.equals(roleEntity.getScope())) { throw new NotAuthorizedMembershipException(role.getName()); } else if (GROUP.equals(reference.getType()) && SystemRole.PRIMARY_OWNER.name().equals(role.getName())) { throw new NotAuthorizedMembershipException(role.getName()); } }
private void addRolesToUser(String userId, Collection<RoleEntity> rolesToAdd) { // add roles to user for (RoleEntity roleEntity : rolesToAdd) { membershipService.addOrUpdateMember( new MembershipService.MembershipReference( io.gravitee.management.model.permissions.RoleScope.MANAGEMENT == roleEntity.getScope() ? MembershipReferenceType.MANAGEMENT : MembershipReferenceType.PORTAL, MembershipDefaultReferenceId.DEFAULT.name()), new MembershipService.MembershipUser(userId, null), new MembershipService.MembershipRole( RoleScope.valueOf(roleEntity.getScope().name()), roleEntity.getName())); } }
private RoleEntity convert(final Role role) { if (role == null) { return null; } final RoleEntity roleEntity = new RoleEntity(); roleEntity.setName(role.getName()); roleEntity.setDescription(role.getDescription()); roleEntity.setScope(convert(role.getScope())); roleEntity.setDefaultRole(role.isDefaultRole()); roleEntity.setSystem(role.isSystem()); roleEntity.setPermissions(convertPermissions(roleEntity.getScope(), role.getPermissions())); return roleEntity; }
private UserRoleEntity convert(RoleEntity roleEntity) { if (roleEntity == null) { return null; } UserRoleEntity userRoleEntity = new UserRoleEntity(); userRoleEntity.setScope(roleEntity.getScope()); userRoleEntity.setName(roleEntity.getName()); userRoleEntity.setPermissions(roleEntity.getPermissions()); return userRoleEntity; } }
@Override public void deleteMember(MembershipReferenceType referenceType, String referenceId, String userId) { try { LOGGER.debug("Delete member {} for {} {}", userId, referenceType, referenceId); if (!GROUP.equals(referenceType)) { RoleScope roleScope = getScopeByMembershipReferenceType(referenceType); RoleEntity roleEntity = this.getRole(referenceType, referenceId, userId, roleScope); if (roleEntity != null && PRIMARY_OWNER.name().equals(roleEntity.getName())) { throw new SinglePrimaryOwnerException( referenceType.equals(API) ? RoleScope.API : RoleScope.APPLICATION ); } } Membership membership = new Membership(userId, referenceId, referenceType); membershipRepository.delete(membership); createAuditLog(MEMBERSHIP_DELETED, new Date(), membership, null); } catch (TechnicalException ex) { LOGGER.error("An error occurs while trying to delete member {} for {} {}", userId, referenceType, referenceId, ex); throw new TechnicalManagementException("An error occurs while trying to delete member " + userId + " for " + referenceType + " " + referenceId, ex); } }
@Override public RoleEntity update(final UpdateRoleEntity roleEntity) { if (isReserved(roleEntity.getName())) { throw new RoleReservedNameException(roleEntity.getName()); } RoleScope scope = convert(roleEntity.getScope()); try { Optional<Role> optRole = roleRepository.findById(scope, roleEntity.getName()); if (!optRole.isPresent()) { throw new RoleNotFoundException(scope, roleEntity.getName()); } Role role = optRole.get(); Role updatedRole = convert(roleEntity); updatedRole.setCreatedAt(role.getCreatedAt()); RoleEntity entity = convert(roleRepository.update(updatedRole)); auditService.createPortalAuditLog( Collections.singletonMap(ROLE, role.getScope()+":"+role.getName()), ROLE_UPDATED, updatedRole.getUpdatedAt(), role, updatedRole); if (entity.isDefaultRole()) { toggleDefaultRole(scope, entity.getName()); } return entity; } catch (TechnicalException ex) { LOGGER.error("An error occurs while trying to update role {}", roleEntity.getName(), ex); throw new TechnicalManagementException("An error occurs while trying to update role " + roleEntity.getName(), ex); } }
if (roleService.hasPermission(roleEntity.getPermissions(), permission.getPermission(), acls)) { return true;
@GET @Path("/groups") @Produces(APPLICATION_JSON) @Permissions( @Permission(value = RolePermission.MANAGEMENT_USERS, acls = RolePermissionAction.READ) ) public List<UserGroupEntity> getGroups(@PathParam("id") String userId) { List<UserGroupEntity> groups = new ArrayList<>(); RoleScope[] scopes = {RoleScope.API, RoleScope.APPLICATION, RoleScope.GROUP}; groupService.findByUser(userId).forEach(groupEntity -> { UserGroupEntity userGroupEntity = new UserGroupEntity(); userGroupEntity.setId(groupEntity.getId()); userGroupEntity.setName(groupEntity.getName()); userGroupEntity.setRoles(new HashMap<>()); for (RoleScope scope: scopes) { RoleEntity role = membershipService.getRole(MembershipReferenceType.GROUP, groupEntity.getId(), userId, scope); if (role != null) { userGroupEntity.getRoles().put(role.getScope().name(), role.getName()); } } groups.add(userGroupEntity); }); return groups; }