@Path("summary") @GET @Produces(MediaType.APPLICATION_JSON) public RatingSummaryEntity getSummaryByApi(@PathParam("api") String api) { final ApiEntity apiEntity = apiService.findById(api); if (PUBLIC.equals(apiEntity.getVisibility()) || hasPermission(RolePermission.API_RATING, api, RolePermissionAction.READ)) { return ratingService.findSummaryByApi(api); } else { throw new UnauthorizedAccessException(); } }
@Path("summary") @GET @Produces(MediaType.APPLICATION_JSON) public RatingSummaryEntity getSummaryByApi(@PathParam("api") String api) { final ApiEntity apiEntity = apiService.findById(api); if (PUBLIC.equals(apiEntity.getVisibility()) || hasPermission(RolePermission.API_RATING, api, RolePermissionAction.READ)) { return ratingService.findSummaryByApi(api); } else { throw new UnauthorizedAccessException(); } }
@GET @Path("/{plan}") @Produces(MediaType.APPLICATION_JSON) @ApiOperation(value = "Get a plan", notes = "User must have the READ permission to use this service") @ApiResponses({ @ApiResponse(code = 200, message = "Plan information", response = PlanEntity.class), @ApiResponse(code = 500, message = "Internal server error")}) public Response getPlan( @PathParam("api") String api, @PathParam("plan") String plan) { if (Visibility.PUBLIC.equals(apiService.findById(api).getVisibility()) || hasPermission(API_PLAN, api, READ)) { PlanEntity planEntity = planService.findById(plan); if (!planEntity.getApis().contains(api)) { return Response .status(Response.Status.BAD_REQUEST) .entity("'plan' parameter does not correspond to the current API") .build(); } return Response.ok(planEntity).build(); } throw new ForbiddenAccessException(); }
@GET @Path("/{plan}") @Produces(MediaType.APPLICATION_JSON) @ApiOperation(value = "Get a plan", notes = "User must have the READ permission to use this service") @ApiResponses({ @ApiResponse(code = 200, message = "Plan information", response = PlanEntity.class), @ApiResponse(code = 500, message = "Internal server error")}) public Response getPlan( @PathParam("api") String api, @PathParam("plan") String plan) { if (Visibility.PUBLIC.equals(apiService.findById(api).getVisibility()) || hasPermission(API_PLAN, api, READ)) { PlanEntity planEntity = planService.findById(plan); if (!planEntity.getApis().contains(api)) { return Response .status(Response.Status.BAD_REQUEST) .entity("'plan' parameter does not correspond to the current API") .build(); } return Response.ok(planEntity).build(); } throw new ForbiddenAccessException(); }
@Path("current") @GET @Produces(MediaType.APPLICATION_JSON) public RatingEntity getByApiAndUser(@PathParam("api") String api) { if (!isAuthenticated()) { return null; } final ApiEntity apiEntity = apiService.findById(api); if (PUBLIC.equals(apiEntity.getVisibility()) || hasPermission(RolePermission.API_RATING, api, RolePermissionAction.READ)) { return filterPermission(api, ratingService.findByApiForConnectedUser(api)); } else { throw new UnauthorizedAccessException(); } }
@Path("current") @GET @Produces(MediaType.APPLICATION_JSON) public RatingEntity getByApiAndUser(@PathParam("api") String api) { if (!isAuthenticated()) { return null; } final ApiEntity apiEntity = apiService.findById(api); if (PUBLIC.equals(apiEntity.getVisibility()) || hasPermission(RolePermission.API_RATING, api, RolePermissionAction.READ)) { return filterPermission(api, ratingService.findByApiForConnectedUser(api)); } else { throw new UnauthorizedAccessException(); } }
&& (Visibility.PUBLIC.equals(api.getVisibility())); if (Visibility.PRIVATE.equals(api.getVisibility()) && api.getGroups() != null && !api.getGroups().isEmpty()) { authorizedGroups = new HashSet<>(api.getGroups()); if (Visibility.PUBLIC.equals(api.getVisibility())) { try { authorizedGroups = groupRepository.findAll().stream().map(Group::getId).collect(Collectors.toSet());
@GET @Produces(MediaType.APPLICATION_JSON) @Path("state") @ApiOperation( value = "Get the state of the API", notes = "User must have the MANAGE_LIFECYCLE permission to use this service") @ApiResponses({ @ApiResponse(code = 200, message = "API's state", response = io.gravitee.management.rest.model.ApiEntity.class), @ApiResponse(code = 500, message = "Internal server error")}) public io.gravitee.management.rest.model.ApiEntity isAPISynchronized(@PathParam("api") String api) { ApiEntity foundApi = apiService.findById(api); if (Visibility.PUBLIC.equals(foundApi.getVisibility()) || hasPermission(RolePermission.API_DEFINITION, api, RolePermissionAction.READ)) { io.gravitee.management.rest.model.ApiEntity apiEntity = new io.gravitee.management.rest.model.ApiEntity(); apiEntity.setApiId(api); setSynchronizationState(apiEntity); return apiEntity; } throw new ForbiddenAccessException(); }
@GET @Produces(MediaType.APPLICATION_JSON) @Path("state") @ApiOperation( value = "Get the state of the API", notes = "User must have the MANAGE_LIFECYCLE permission to use this service") @ApiResponses({ @ApiResponse(code = 200, message = "API's state", response = io.gravitee.management.rest.model.ApiEntity.class), @ApiResponse(code = 500, message = "Internal server error")}) public io.gravitee.management.rest.model.ApiEntity isAPISynchronized(@PathParam("api") String api) { ApiEntity foundApi = apiService.findById(api); if (Visibility.PUBLIC.equals(foundApi.getVisibility()) || hasPermission(RolePermission.API_DEFINITION, api, RolePermissionAction.READ)) { io.gravitee.management.rest.model.ApiEntity apiEntity = new io.gravitee.management.rest.model.ApiEntity(); apiEntity.setApiId(api); setSynchronizationState(apiEntity); return apiEntity; } throw new ForbiddenAccessException(); }
&& (Visibility.PUBLIC.equals(api.getVisibility())); if (Visibility.PRIVATE.equals(api.getVisibility()) && api.getGroups() != null && !api.getGroups().isEmpty()) { authorizedGroups = new HashSet<>(api.getGroups()); if (Visibility.PUBLIC.equals(api.getVisibility())) { try { authorizedGroups = groupRepository.findAll().stream().map(Group::getId).collect(Collectors.toSet());
@GET @Produces(MediaType.APPLICATION_JSON) public Page<RatingEntity> list(@PathParam("api") String api, @Min(1) @QueryParam("pageNumber") int pageNumber, @QueryParam("pageSize") int pageSize) { final ApiEntity apiEntity = apiService.findById(api); if (PUBLIC.equals(apiEntity.getVisibility()) || hasPermission(RolePermission.API_RATING, api, RolePermissionAction.READ)) { final Page<RatingEntity> ratingEntityPage = ratingService.findByApi(api, new PageableBuilder().pageNumber(pageNumber).pageSize(pageSize).build()); final List<RatingEntity> filteredRatings = ratingEntityPage.getContent().stream().map(ratingEntity -> filterPermission(api, ratingEntity)).collect(toList()); return new Page<>(filteredRatings, ratingEntityPage.getPageNumber(), (int) ratingEntityPage.getPageElements(), ratingEntityPage.getTotalElements()); } else { throw new UnauthorizedAccessException(); } }
@GET @Produces(MediaType.APPLICATION_JSON) public Page<RatingEntity> list(@PathParam("api") String api, @Min(1) @QueryParam("pageNumber") int pageNumber, @QueryParam("pageSize") int pageSize) { final ApiEntity apiEntity = apiService.findById(api); if (PUBLIC.equals(apiEntity.getVisibility()) || hasPermission(RolePermission.API_RATING, api, RolePermissionAction.READ)) { final Page<RatingEntity> ratingEntityPage = ratingService.findByApi(api, new PageableBuilder().pageNumber(pageNumber).pageSize(pageSize).build()); final List<RatingEntity> filteredRatings = ratingEntityPage.getContent().stream().map(ratingEntity -> filterPermission(api, ratingEntity)).collect(toList()); return new Page<>(filteredRatings, ratingEntityPage.getPageNumber(), (int) ratingEntityPage.getPageElements(), ratingEntityPage.getTotalElements()); } else { throw new UnauthorizedAccessException(); } }
@GET @Produces(MediaType.APPLICATION_JSON) @ApiOperation(value = "Get a page", notes = "User must have the READ permission to use this service") @ApiResponses({ @ApiResponse(code = 200, message = "Page"), @ApiResponse(code = 500, message = "Internal server error")}) public PageEntity getPage( @PathParam("api") String api, @PathParam("page") String page, @QueryParam("portal") boolean portal) { final ApiEntity apiEntity = apiService.findById(api); if (Visibility.PUBLIC.equals(apiEntity.getVisibility()) || hasPermission(RolePermission.API_DOCUMENTATION, api, RolePermissionAction.READ)) { PageEntity pageEntity = pageService.findById(page); if (portal) { pageService.transformSwagger(pageEntity); } if (isDisplayable(apiEntity, pageEntity.isPublished(), pageEntity.getExcludedGroups())) { return pageEntity; } else { throw new UnauthorizedAccessException(); } } throw new ForbiddenAccessException(); }
@GET @Produces(MediaType.APPLICATION_JSON) @ApiOperation(value = "Get the API definition", notes = "User must have the READ permission to use this service") @ApiResponses({ @ApiResponse(code = 200, message = "API definition", response = ApiEntity.class), @ApiResponse(code = 500, message = "Internal server error")}) public Response get( @PathParam("api") String api) { ApiEntity apiEntity = apiService.findById(api); if (Visibility.PUBLIC.equals(apiEntity.getVisibility()) || hasPermission(RolePermission.API_DEFINITION, api, RolePermissionAction.READ)) { setPicture(apiEntity); apiEntity.setContextPath(apiEntity.getProxy().getContextPath()); filterSensitiveData(apiEntity); return Response .ok(apiEntity) .tag(Long.toString(apiEntity.getUpdatedAt().getTime())) .lastModified(apiEntity.getUpdatedAt()) .build(); } throw new ForbiddenAccessException(); }
@GET @Produces(MediaType.APPLICATION_JSON) @ApiOperation(value = "Get a page", notes = "User must have the READ permission to use this service") @ApiResponses({ @ApiResponse(code = 200, message = "Page"), @ApiResponse(code = 500, message = "Internal server error")}) public PageEntity getPage( @PathParam("api") String api, @PathParam("page") String page, @QueryParam("portal") boolean portal) { final ApiEntity apiEntity = apiService.findById(api); if (Visibility.PUBLIC.equals(apiEntity.getVisibility()) || hasPermission(RolePermission.API_DOCUMENTATION, api, RolePermissionAction.READ)) { PageEntity pageEntity = pageService.findById(page); if (portal) { pageService.transformSwagger(pageEntity); } if (isDisplayable(apiEntity, pageEntity.isPublished(), pageEntity.getExcludedGroups())) { return pageEntity; } else { throw new UnauthorizedAccessException(); } } throw new ForbiddenAccessException(); }
@QueryParam("root") Boolean rootParent) { final ApiEntity apiEntity = apiService.findById(api); if (Visibility.PUBLIC.equals(apiEntity.getVisibility()) || hasPermission(RolePermission.API_DOCUMENTATION, api, RolePermissionAction.READ)) {
@GET @Produces(MediaType.APPLICATION_JSON) @ApiOperation(value = "Get the API definition", notes = "User must have the READ permission to use this service") @ApiResponses({ @ApiResponse(code = 200, message = "API definition", response = ApiEntity.class), @ApiResponse(code = 500, message = "Internal server error")}) public Response get( @PathParam("api") String api) { ApiEntity apiEntity = apiService.findById(api); if (Visibility.PUBLIC.equals(apiEntity.getVisibility()) || hasPermission(RolePermission.API_DEFINITION, api, RolePermissionAction.READ)) { setPicture(apiEntity); apiEntity.setContextPath(apiEntity.getProxy().getContextPath()); filterSensitiveData(apiEntity); return Response .ok(apiEntity) .tag(Long.toString(apiEntity.getUpdatedAt().getTime())) .lastModified(apiEntity.getUpdatedAt()) .build(); } throw new ForbiddenAccessException(); }
@QueryParam("root") Boolean rootParent) { final ApiEntity apiEntity = apiService.findById(api); if (Visibility.PUBLIC.equals(apiEntity.getVisibility()) || hasPermission(RolePermission.API_DOCUMENTATION, api, RolePermissionAction.READ)) {
private void filterSensitiveData(ApiEntity entity) { if (//try to display a public api as un unauthenticated user (!isAuthenticated() && Visibility.PUBLIC.equals(entity.getVisibility())) || (!isAdmin() && !hasPermission(RolePermission.API_GATEWAY_DEFINITION, entity.getId(), RolePermissionAction.READ))) { entity.setProxy(null); entity.setPaths(null); entity.setProperties(null); entity.setServices(null); entity.setResources(null); entity.setPathMappings(null); } } }
private void filterSensitiveData(ApiEntity entity) { if (//try to display a public api as un unauthenticated user (!isAuthenticated() && Visibility.PUBLIC.equals(entity.getVisibility())) || (!isAdmin() && !hasPermission(RolePermission.API_GATEWAY_DEFINITION, entity.getId(), RolePermissionAction.READ))) { entity.setProxy(null); entity.setPaths(null); entity.setProperties(null); entity.setServices(null); entity.setResources(null); entity.setPathMappings(null); } } }