io.gravitee.management.rest.resource.GroupMembersResource Maven / Gradle / Ivy
/**
* Copyright (C) 2015 The Gravitee team (http://gravitee.io)
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package io.gravitee.management.rest.resource;
import io.gravitee.common.http.MediaType;
import io.gravitee.management.model.*;
import io.gravitee.management.model.permissions.RolePermission;
import io.gravitee.management.model.permissions.RolePermissionAction;
import io.gravitee.management.rest.model.GroupMembership;
import io.gravitee.management.rest.security.Permission;
import io.gravitee.management.rest.security.Permissions;
import io.gravitee.management.service.GroupService;
import io.gravitee.management.service.MembershipService;
import io.gravitee.management.service.exceptions.GroupInvitationForbiddenException;
import io.gravitee.management.service.exceptions.GroupMembersLimitationExceededException;
import io.gravitee.repository.management.model.RoleScope;
import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiResponse;
import io.swagger.annotations.ApiResponses;
import javax.inject.Inject;
import javax.validation.Valid;
import javax.validation.constraints.NotNull;
import javax.ws.rs.*;
import javax.ws.rs.container.ResourceContext;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import java.util.*;
import java.util.stream.Collectors;
import static io.gravitee.management.model.permissions.RolePermission.MANAGEMENT_GROUP;
import static io.gravitee.management.model.permissions.RolePermissionAction.*;
import static io.gravitee.management.service.exceptions.GroupInvitationForbiddenException.Type.SYSTEM;
import static io.gravitee.repository.management.model.MembershipReferenceType.GROUP;
import static io.gravitee.repository.management.model.RoleScope.API;
import static io.gravitee.repository.management.model.RoleScope.APPLICATION;
import static java.util.stream.Collectors.toList;
/**
* @author Nicolas GERAUD (nicolas.geraud at graviteesource.com)
* @author GraviteeSource Team
*/
public class GroupMembersResource extends AbstractResource {
@Context
private ResourceContext resourceContext;
@Inject
private GroupService groupService;
@Inject
private MembershipService membershipService;
@GET
@Produces(io.gravitee.common.http.MediaType.APPLICATION_JSON)
@ApiOperation(value = "List Group members")
@ApiResponses({
@ApiResponse(code = 200, message = "List of Group's members", response = MemberEntity.class, responseContainer = "List"),
@ApiResponse(code = 500, message = "Internal server error")})
@Permissions({
@Permission(value = MANAGEMENT_GROUP, acls = RolePermissionAction.READ),
@Permission(value = RolePermission.GROUP_MEMBER, acls = RolePermissionAction.READ)
})
public List getMembers(@PathParam("group") String group) {
//check that group exists
groupService.findById(group);
Map> membersWithApplicationRole = membershipService.
getMembers(GROUP, group, RoleScope.APPLICATION).
stream().
filter(Objects::nonNull).
collect(Collectors.groupingBy(MemberEntity::getId));
Map> membersWithApiRole = membershipService.
getMembers(GROUP, group, API).
stream().
filter(Objects::nonNull).
collect(Collectors.groupingBy(MemberEntity::getId));
Map> membersWithGroupRole = membershipService.
getMembers(GROUP, group, RoleScope.GROUP).
stream().
filter(Objects::nonNull).
collect(Collectors.groupingBy(MemberEntity::getId));
Set ids = new HashSet<>();
ids.addAll(membersWithApiRole.keySet());
ids.addAll(membersWithApplicationRole.keySet());
return ids.stream().
map(id -> {
MemberEntity memberWithApiRole = Objects.isNull(membersWithApiRole.get(id)) ? null : membersWithApiRole.get(id).get(0);
MemberEntity memberWithApplicationRole = Objects.isNull(membersWithApplicationRole.get(id)) ? null : membersWithApplicationRole.get(id).get(0);
MemberEntity memberWithGroupRole = Objects.isNull(membersWithGroupRole.get(id)) ? null : membersWithGroupRole.get(id).get(0);
GroupMemberEntity groupMemberEntity = new GroupMemberEntity(Objects.nonNull(memberWithApiRole) ? memberWithApiRole : memberWithApplicationRole);
groupMemberEntity.setRoles(new HashMap<>());
if (Objects.nonNull(memberWithApiRole)) {
groupMemberEntity.getRoles().put(API.name(), memberWithApiRole.getRole());
}
if (Objects.nonNull(memberWithApplicationRole)) {
groupMemberEntity.getRoles().put(RoleScope.APPLICATION.name(), memberWithApplicationRole.getRole());
}
if (Objects.nonNull(memberWithGroupRole)) {
groupMemberEntity.getRoles().put(RoleScope.GROUP.name(), memberWithGroupRole.getRole());
}
return groupMemberEntity;
}).
sorted(Comparator.comparing(GroupMemberEntity::getId)).
collect(toList());
}
@POST
@Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_JSON)
@ApiOperation(value = "Add or update a group member")
@ApiResponses({
@ApiResponse(code = 201, message = "Member has been added"),
@ApiResponse(code = 200, message = "Member has been updated"),
@ApiResponse(code = 400, message = "Membership is not valid"),
@ApiResponse(code = 500, message = "Internal server error")
})
@Permissions({
@Permission(value = MANAGEMENT_GROUP, acls = RolePermissionAction.CREATE),
@Permission(value = MANAGEMENT_GROUP, acls = RolePermissionAction.UPDATE),
@Permission(value = RolePermission.GROUP_MEMBER, acls = RolePermissionAction.CREATE),
@Permission(value = RolePermission.GROUP_MEMBER, acls = RolePermissionAction.UPDATE),
})
public Response addOrUpdateMember(
@PathParam("group") String group,
@Valid @NotNull final List memberships
) {
// Check that group exists
final GroupEntity groupEntity = groupService.findById(group);
// check if user is a 'simple group admin' or a platform admin
final boolean hasPermission = permissionService.hasPermission(MANAGEMENT_GROUP, null, CREATE, UPDATE, DELETE);
if (!hasPermission) {
if (groupEntity.getMaxInvitation() != null) {
final Set members = membershipService.getMembers(GROUP, group, RoleScope.API);
final long membershipsToAddSize = memberships.stream().map(GroupMembership::getId).filter(s -> {
final List membershipIdsToSave = members.stream().map(MemberEntity::getId).collect(toList());
return !membershipIdsToSave.contains(s);
}).count();
if ((membershipService.getNumberOfMembers(GROUP, group, API) + membershipsToAddSize) > groupEntity.getMaxInvitation()) {
throw new GroupMembersLimitationExceededException(groupEntity.getMaxInvitation());
}
}
if (!groupEntity.isSystemInvitation()) {
throw new GroupInvitationForbiddenException(SYSTEM, group);
}
}
for (GroupMembership membership : memberships) {
RoleEntity previousApiRole = null, previousApplicationRole = null, previousGroupRole = null;
if (membership.getId() != null) {
previousApiRole = membershipService.getRole(
GROUP,
group,
membership.getId(),
API);
previousApplicationRole = membershipService.getRole(
GROUP,
group,
membership.getId(),
RoleScope.APPLICATION);
previousGroupRole = membershipService.getRole(
GROUP,
group,
membership.getId(),
RoleScope.GROUP);
}
// Process add / update before delete to avoid having a user without role
if (membership.getRoles() != null && !membership.getRoles().isEmpty()) {
MemberRoleEntity apiRole = membership.getRoles().
stream().
filter(r -> r.getRoleScope().equals(io.gravitee.management.model.permissions.RoleScope.API)
&& !r.getRoleName().isEmpty()).
findFirst().
orElse(null);
MemberRoleEntity applicationRole = membership.getRoles().
stream().
filter(r -> r.getRoleScope().equals(io.gravitee.management.model.permissions.RoleScope.APPLICATION)
&& !r.getRoleName().isEmpty()).
findFirst().
orElse(null);
MemberRoleEntity groupRole = membership.getRoles().
stream().
filter(r -> r.getRoleScope().equals(io.gravitee.management.model.permissions.RoleScope.GROUP)
&& !r.getRoleName().isEmpty()).
findFirst().
orElse(null);
MemberEntity updatedMembership = null;
// Add / Update
if (apiRole != null) {
String roleName = apiRole.getRoleName();
if (!hasPermission && groupEntity.isLockApiRole()) {
final List defaultRoles = roleService.findDefaultRoleByScopes(API);
if (defaultRoles != null && !defaultRoles.isEmpty()) {
roleName = defaultRoles.get(0).getName();
}
}
updatedMembership = membershipService.addOrUpdateMember(
new MembershipService.MembershipReference(GROUP, group),
new MembershipService.MembershipUser(membership.getId(), membership.getReference()),
new MembershipService.MembershipRole(API, roleName));
}
if (applicationRole != null) {
String roleName = applicationRole.getRoleName();
if (!hasPermission && groupEntity.isLockApplicationRole()) {
final List defaultRoles = roleService.findDefaultRoleByScopes(APPLICATION);
if (defaultRoles != null && !defaultRoles.isEmpty()) {
roleName = defaultRoles.get(0).getName();
}
}
updatedMembership = membershipService.addOrUpdateMember(
new MembershipService.MembershipReference(GROUP, group),
new MembershipService.MembershipUser(membership.getId(), membership.getReference()),
new MembershipService.MembershipRole(RoleScope.APPLICATION, roleName));
}
if (groupRole != null) {
updatedMembership = membershipService.addOrUpdateMember(
new MembershipService.MembershipReference(GROUP, group),
new MembershipService.MembershipUser(membership.getId(), membership.getReference()),
new MembershipService.MembershipRole(RoleScope.GROUP, groupRole.getRoleName()));
}
// Delete
if (apiRole == null && previousApiRole != null) {
membershipService.removeRole(
GROUP,
group,
updatedMembership.getId(),
API);
}
if (applicationRole == null && previousApplicationRole != null) {
membershipService.removeRole(
GROUP,
group,
updatedMembership.getId(),
RoleScope.APPLICATION);
}
if (groupRole == null && previousGroupRole != null) {
membershipService.removeRole(
GROUP,
group,
updatedMembership.getId(),
RoleScope.GROUP);
}
}
}
return Response.ok().build();
}
@Path("{member}")
public GroupMemberResource groupMemberResource() {
return resourceContext.getResource(GroupMemberResource.class);
}
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy