private void addRolesToUser(String userId, Collection<RoleEntity> rolesToAdd) { // add roles to user for (RoleEntity roleEntity : rolesToAdd) { membershipService.addOrUpdateMember( new MembershipService.MembershipReference( io.gravitee.management.model.permissions.RoleScope.MANAGEMENT == roleEntity.getScope() ? MembershipReferenceType.MANAGEMENT : MembershipReferenceType.PORTAL, MembershipDefaultReferenceId.DEFAULT.name()), new MembershipService.MembershipUser(userId, null), new MembershipService.MembershipRole( RoleScope.valueOf(roleEntity.getScope().name()), roleEntity.getName())); } }
private void addRolesToUser(String userId, Collection<RoleEntity> rolesToAdd) { // add roles to user for (RoleEntity roleEntity : rolesToAdd) { membershipService.addOrUpdateMember( new MembershipService.MembershipReference( io.gravitee.management.model.permissions.RoleScope.MANAGEMENT == roleEntity.getScope() ? MembershipReferenceType.MANAGEMENT : MembershipReferenceType.PORTAL, MembershipDefaultReferenceId.DEFAULT.name()), new MembershipService.MembershipUser(userId, null), new MembershipService.MembershipRole( RoleScope.valueOf(roleEntity.getScope().name()), roleEntity.getName())); } }
@GET @Path("/groups") @Produces(APPLICATION_JSON) @Permissions( @Permission(value = RolePermission.MANAGEMENT_USERS, acls = RolePermissionAction.READ) ) public List<UserGroupEntity> getGroups(@PathParam("id") String userId) { List<UserGroupEntity> groups = new ArrayList<>(); RoleScope[] scopes = {RoleScope.API, RoleScope.APPLICATION, RoleScope.GROUP}; groupService.findByUser(userId).forEach(groupEntity -> { UserGroupEntity userGroupEntity = new UserGroupEntity(); userGroupEntity.setId(groupEntity.getId()); userGroupEntity.setName(groupEntity.getName()); userGroupEntity.setRoles(new HashMap<>()); for (RoleScope scope: scopes) { RoleEntity role = membershipService.getRole(MembershipReferenceType.GROUP, groupEntity.getId(), userId, scope); if (role != null) { userGroupEntity.getRoles().put(role.getScope().name(), role.getName()); } } groups.add(userGroupEntity); }); return groups; }
@GET @Path("/groups") @Produces(APPLICATION_JSON) @Permissions( @Permission(value = RolePermission.MANAGEMENT_USERS, acls = RolePermissionAction.READ) ) public List<UserGroupEntity> getGroups(@PathParam("id") String userId) { List<UserGroupEntity> groups = new ArrayList<>(); RoleScope[] scopes = {RoleScope.API, RoleScope.APPLICATION, RoleScope.GROUP}; groupService.findByUser(userId).forEach(groupEntity -> { UserGroupEntity userGroupEntity = new UserGroupEntity(); userGroupEntity.setId(groupEntity.getId()); userGroupEntity.setName(groupEntity.getName()); userGroupEntity.setRoles(new HashMap<>()); for (RoleScope scope: scopes) { RoleEntity role = membershipService.getRole(MembershipReferenceType.GROUP, groupEntity.getId(), userId, scope); if (role != null) { userGroupEntity.getRoles().put(role.getScope().name(), role.getName()); } } groups.add(userGroupEntity); }); return groups; }
private UserRoleEntity convert(RoleEntity roleEntity) { if (roleEntity == null) { return null; } UserRoleEntity userRoleEntity = new UserRoleEntity(); userRoleEntity.setScope(roleEntity.getScope()); userRoleEntity.setName(roleEntity.getName()); userRoleEntity.setPermissions(roleEntity.getPermissions()); return userRoleEntity; } }
private UserRoleEntity convert(RoleEntity roleEntity) { if (roleEntity == null) { return null; } UserRoleEntity userRoleEntity = new UserRoleEntity(); userRoleEntity.setScope(roleEntity.getScope()); userRoleEntity.setName(roleEntity.getName()); userRoleEntity.setPermissions(roleEntity.getPermissions()); return userRoleEntity; } }
/** * assert that the role's scope is allowed for the given reference */ private void assertRoleScopeAllowedForReference(MembershipReference reference, MembershipRole role) { RoleEntity roleEntity = roleService.findById(role.getScope(), role.getName()); if (API.equals(reference.getType()) && !io.gravitee.management.model.permissions.RoleScope.API.equals(roleEntity.getScope())) { throw new NotAuthorizedMembershipException(role.getName()); } else if (APPLICATION.equals(reference.getType()) && !io.gravitee.management.model.permissions.RoleScope.APPLICATION.equals(roleEntity.getScope())) { throw new NotAuthorizedMembershipException(role.getName()); } else if (GROUP.equals(reference.getType()) && !io.gravitee.management.model.permissions.RoleScope.APPLICATION.equals(roleEntity.getScope()) && !io.gravitee.management.model.permissions.RoleScope.API.equals(roleEntity.getScope()) && !io.gravitee.management.model.permissions.RoleScope.GROUP.equals(roleEntity.getScope())) { throw new NotAuthorizedMembershipException(role.getName()); } else if (GROUP.equals(reference.getType()) && SystemRole.PRIMARY_OWNER.name().equals(role.getName())) { throw new NotAuthorizedMembershipException(role.getName()); } }
/** * assert that the role's scope is allowed for the given reference */ private void assertRoleScopeAllowedForReference(MembershipReference reference, MembershipRole role) { RoleEntity roleEntity = roleService.findById(role.getScope(), role.getName()); if (API.equals(reference.getType()) && !io.gravitee.management.model.permissions.RoleScope.API.equals(roleEntity.getScope())) { throw new NotAuthorizedMembershipException(role.getName()); } else if (APPLICATION.equals(reference.getType()) && !io.gravitee.management.model.permissions.RoleScope.APPLICATION.equals(roleEntity.getScope())) { throw new NotAuthorizedMembershipException(role.getName()); } else if (GROUP.equals(reference.getType()) && !io.gravitee.management.model.permissions.RoleScope.APPLICATION.equals(roleEntity.getScope()) && !io.gravitee.management.model.permissions.RoleScope.API.equals(roleEntity.getScope()) && !io.gravitee.management.model.permissions.RoleScope.GROUP.equals(roleEntity.getScope())) { throw new NotAuthorizedMembershipException(role.getName()); } else if (GROUP.equals(reference.getType()) && SystemRole.PRIMARY_OWNER.name().equals(role.getName())) { throw new NotAuthorizedMembershipException(role.getName()); } }
private void addUserToApiAndAppGroupsWithDefaultRole(String userId, Collection<GroupEntity> groupsToAdd) { // Get the default role from system List<RoleEntity> roleEntities = roleService.findDefaultRoleByScopes(RoleScope.API, RoleScope.APPLICATION); // Add groups to user for (GroupEntity groupEntity : groupsToAdd) { for (RoleEntity roleEntity : roleEntities) { String defaultRole = roleEntity.getName(); // If defined, get the override default role at the group level if (groupEntity.getRoles() != null) { String groupDefaultRole = groupEntity.getRoles().get(io.gravitee.management.model.permissions.RoleScope.valueOf(roleEntity.getScope().name())); if (groupDefaultRole != null) { defaultRole = groupDefaultRole; } } membershipService.addOrUpdateMember( new MembershipService.MembershipReference(MembershipReferenceType.GROUP, groupEntity.getId()), new MembershipService.MembershipUser(userId, null), new MembershipService.MembershipRole(mapScope(roleEntity.getScope()), defaultRole)); } } }
private void addUserToApiAndAppGroupsWithDefaultRole(String userId, Collection<GroupEntity> groupsToAdd) { // Get the default role from system List<RoleEntity> roleEntities = roleService.findDefaultRoleByScopes(RoleScope.API, RoleScope.APPLICATION); // Add groups to user for (GroupEntity groupEntity : groupsToAdd) { for (RoleEntity roleEntity : roleEntities) { String defaultRole = roleEntity.getName(); // If defined, get the override default role at the group level if (groupEntity.getRoles() != null) { String groupDefaultRole = groupEntity.getRoles().get(io.gravitee.management.model.permissions.RoleScope.valueOf(roleEntity.getScope().name())); if (groupDefaultRole != null) { defaultRole = groupDefaultRole; } } membershipService.addOrUpdateMember( new MembershipService.MembershipReference(MembershipReferenceType.GROUP, groupEntity.getId()), new MembershipService.MembershipUser(userId, null), new MembershipService.MembershipRole(mapScope(roleEntity.getScope()), defaultRole)); } } }
private void addDefaultMembership(User user) { RoleScope[] scopes = {RoleScope.MANAGEMENT, RoleScope.PORTAL}; List<RoleEntity> defaultRoleByScopes = roleService.findDefaultRoleByScopes(scopes); if (defaultRoleByScopes == null || defaultRoleByScopes.isEmpty()) { throw new DefaultRoleNotFoundException(scopes); } for (RoleEntity defaultRoleByScope : defaultRoleByScopes) { switch (defaultRoleByScope.getScope()) { case MANAGEMENT: membershipService.addOrUpdateMember( new MembershipService.MembershipReference(MembershipReferenceType.MANAGEMENT, MembershipDefaultReferenceId.DEFAULT.name()), new MembershipService.MembershipUser(user.getId(), null), new MembershipService.MembershipRole(RoleScope.MANAGEMENT, defaultRoleByScope.getName())); break; case PORTAL: membershipService.addOrUpdateMember( new MembershipService.MembershipReference(MembershipReferenceType.PORTAL, MembershipDefaultReferenceId.DEFAULT.name()), new MembershipService.MembershipUser(user.getId(), null), new MembershipService.MembershipRole(RoleScope.PORTAL, defaultRoleByScope.getName())); break; default: break; } } }
private RoleEntity convert(final Role role) { if (role == null) { return null; } final RoleEntity roleEntity = new RoleEntity(); roleEntity.setName(role.getName()); roleEntity.setDescription(role.getDescription()); roleEntity.setScope(convert(role.getScope())); roleEntity.setDefaultRole(role.isDefaultRole()); roleEntity.setSystem(role.isSystem()); roleEntity.setPermissions(convertPermissions(roleEntity.getScope(), role.getPermissions())); return roleEntity; }
private RoleEntity convert(final Role role) { if (role == null) { return null; } final RoleEntity roleEntity = new RoleEntity(); roleEntity.setName(role.getName()); roleEntity.setDescription(role.getDescription()); roleEntity.setScope(convert(role.getScope())); roleEntity.setDefaultRole(role.isDefaultRole()); roleEntity.setSystem(role.isSystem()); roleEntity.setPermissions(convertPermissions(roleEntity.getScope(), role.getPermissions())); return roleEntity; }
private void addDefaultMembership(User user) { RoleScope[] scopes = {RoleScope.MANAGEMENT, RoleScope.PORTAL}; List<RoleEntity> defaultRoleByScopes = roleService.findDefaultRoleByScopes(scopes); if (defaultRoleByScopes == null || defaultRoleByScopes.isEmpty()) { throw new DefaultRoleNotFoundException(scopes); } for (RoleEntity defaultRoleByScope : defaultRoleByScopes) { switch (defaultRoleByScope.getScope()) { case MANAGEMENT: membershipService.addOrUpdateMember( new MembershipService.MembershipReference(MembershipReferenceType.MANAGEMENT, MembershipDefaultReferenceId.DEFAULT.name()), new MembershipService.MembershipUser(user.getId(), null), new MembershipService.MembershipRole(RoleScope.MANAGEMENT, defaultRoleByScope.getName())); break; case PORTAL: membershipService.addOrUpdateMember( new MembershipService.MembershipReference(MembershipReferenceType.PORTAL, MembershipDefaultReferenceId.DEFAULT.name()), new MembershipService.MembershipUser(user.getId(), null), new MembershipService.MembershipRole(RoleScope.PORTAL, defaultRoleByScope.getName())); break; default: break; } } }