feat(groups): restrict pages and documentation to a set of groups

fix gravitee-io/issues#764
gravitee-io · Oct 10, 2017 · c088a55 · c088a55
1 parent bac1a5c
commit c088a55
Show file tree

Hide file tree

Showing 22 changed files with 1,007 additions and 365 deletions.
diff --git a/gravitee-management-api-model/src/main/java/io/gravitee/management/model/NewPageEntity.java b/gravitee-management-api-model/src/main/java/io/gravitee/management/model/NewPageEntity.java
@@ -15,8 +15,11 @@
  */
 package io.gravitee.management.model;
 
+import com.fasterxml.jackson.annotation.JsonProperty;
+
 import javax.validation.constraints.NotNull;
 import javax.validation.constraints.Size;
+import java.util.List;
 
 /**
  * @author Titouan COMPIEGNE (titouan.compiegne at graviteesource.com)
@@ -45,6 +48,9 @@ public class NewPageEntity {
 
 	private boolean homepage;
 
+	@JsonProperty("excluded_groups")
+	private List<String> excludedGroups;
+
 	public String getName() {
 		return name;
 	}
@@ -117,6 +123,14 @@ public void setHomepage(boolean homepage) {
 		this.homepage = homepage;
 	}
 
+	public List<String> getExcludedGroups() {
+		return excludedGroups;
+	}
+
+	public void setExcludedGroups(List<String> excludedGroups) {
+		this.excludedGroups = excludedGroups;
+	}
+
 	@Override
     public String toString() {
         final StringBuilder sb = new StringBuilder("Page{");

diff --git a/gravitee-management-api-model/src/main/java/io/gravitee/management/model/NewPlanEntity.java b/gravitee-management-api-model/src/main/java/io/gravitee/management/model/NewPlanEntity.java
@@ -54,6 +54,9 @@ public class NewPlanEntity {
 
     private List<String> characteristics;
 
+    @JsonProperty("excluded_groups")
+    private List<String> excludedGroups;
+
     public String getName() {
         return name;
     }
@@ -126,6 +129,14 @@ public void setSecurity(PlanSecurityType security) {
         this.security = security;
     }
 
+    public List<String> getExcludedGroups() {
+        return excludedGroups;
+    }
+
+    public void setExcludedGroups(List<String> excludedGroups) {
+        this.excludedGroups = excludedGroups;
+    }
+
     @Override
     public boolean equals(Object o) {
         if (this == o) return true;

diff --git a/gravitee-management-api-model/src/main/java/io/gravitee/management/model/PageEntity.java b/gravitee-management-api-model/src/main/java/io/gravitee/management/model/PageEntity.java
@@ -15,7 +15,10 @@
  */
 package io.gravitee.management.model;
 
+import com.fasterxml.jackson.annotation.JsonProperty;
+
 import java.util.Date;
+import java.util.List;
 import java.util.Objects;
 
 /**
@@ -47,6 +50,9 @@ public class PageEntity {
 
 	private boolean homepage;
 
+	@JsonProperty("excluded_groups")
+	private List<String> excludedGroups;
+
 	public String getId() {
 		return id;
 	}
@@ -143,6 +149,14 @@ public void setHomepage(boolean homepage) {
 		this.homepage = homepage;
 	}
 
+	public List<String> getExcludedGroups() {
+		return excludedGroups;
+	}
+
+	public void setExcludedGroups(List<String> excludedGroups) {
+		this.excludedGroups = excludedGroups;
+	}
+
 	public boolean equals(Object o) {
 		if (this == o) {
 			return true;
@@ -169,6 +183,7 @@ public String toString() {
 		sb.append(", lastContributor='").append(lastContributor).append('\'');
 		sb.append(", published='").append(published).append('\'');
 		sb.append(", lastModificationDate='").append(lastModificationDate).append('\'');
+		sb.append(", excludedGroups='").append(excludedGroups).append('\'');
 		sb.append('}');
 		return sb.toString();
 	}

diff --git a/gravitee-management-api-model/src/main/java/io/gravitee/management/model/PageListItem.java b/gravitee-management-api-model/src/main/java/io/gravitee/management/model/PageListItem.java
@@ -15,6 +15,9 @@
  */
 package io.gravitee.management.model;
 
+import com.fasterxml.jackson.annotation.JsonProperty;
+
+import java.util.List;
 import java.util.Objects;
 
 /**
@@ -40,6 +43,9 @@ public class PageListItem {
 
     private boolean homepage;
 
+    @JsonProperty("excluded_groups")
+    private List<String> excludedGroups;
+
     public String getId() {
         return id;
     }
@@ -112,6 +118,14 @@ public void setHomepage(boolean homepage) {
         this.homepage = homepage;
     }
 
+    public List<String> getExcludedGroups() {
+        return excludedGroups;
+    }
+
+    public void setExcludedGroups(List<String> excludedGroups) {
+        this.excludedGroups = excludedGroups;
+    }
+
     @Override
     public boolean equals(Object o) {
         if (this == o) return true;

diff --git a/gravitee-management-api-model/src/main/java/io/gravitee/management/model/PlanEntity.java b/gravitee-management-api-model/src/main/java/io/gravitee/management/model/PlanEntity.java
@@ -76,6 +76,9 @@ public class PlanEntity {
 
     private List<String> characteristics;
 
+    @JsonProperty("excluded_groups")
+    private List<String> excludedGroups;
+
     public String getId() {
         return id;
     }
@@ -196,6 +199,14 @@ public void setSecurity(PlanSecurityType security) {
         this.security = security;
     }
 
+    public List<String> getExcludedGroups() {
+        return excludedGroups;
+    }
+
+    public void setExcludedGroups(List<String> excludedGroups) {
+        this.excludedGroups = excludedGroups;
+    }
+
     @Override
     public boolean equals(Object o) {
         if (this == o) return true;

diff --git a/...tee-management-api-model/src/main/java/io/gravitee/management/model/UpdatePageEntity.java b/...tee-management-api-model/src/main/java/io/gravitee/management/model/UpdatePageEntity.java
@@ -15,8 +15,11 @@
  */
 package io.gravitee.management.model;
 
+import com.fasterxml.jackson.annotation.JsonProperty;
+
 import javax.validation.constraints.NotNull;
 import javax.validation.constraints.Size;
+import java.util.List;
 
 /**
  * @author Titouan COMPIEGNE
@@ -41,6 +44,9 @@ public class UpdatePageEntity {
 
 	private boolean homepage;
 
+	@JsonProperty("excluded_groups")
+	private List<String> excludedGroups;
+
 	public String getName() {
 		return name;
 	}
@@ -104,4 +110,12 @@ public boolean isHomepage() {
 	public void setHomepage(boolean homepage) {
 		this.homepage = homepage;
 	}
+
+	public List<String> getExcludedGroups() {
+		return excludedGroups;
+	}
+
+	public void setExcludedGroups(List<String> excludedGroups) {
+		this.excludedGroups = excludedGroups;
+	}
 }
diff --git a/...tee-management-api-model/src/main/java/io/gravitee/management/model/UpdatePlanEntity.java b/...tee-management-api-model/src/main/java/io/gravitee/management/model/UpdatePlanEntity.java
@@ -48,6 +48,9 @@ public class UpdatePlanEntity {
     @NotNull
     private int order;
 
+    @JsonProperty("excluded_groups")
+    private List<String> excludedGroups;
+
     public String getName() {
         return name;
     }
@@ -104,6 +107,14 @@ public void setOrder(int order) {
         this.order = order;
     }
 
+    public List<String> getExcludedGroups() {
+        return excludedGroups;
+    }
+
+    public void setExcludedGroups(List<String> excludedGroups) {
+        this.excludedGroups = excludedGroups;
+    }
+
     @Override
     public boolean equals(Object o) {
         if (this == o) return true;

diff --git a/...agement-api-rest/src/main/java/io/gravitee/management/rest/resource/ApiPagesResource.java b/...agement-api-rest/src/main/java/io/gravitee/management/rest/resource/ApiPagesResource.java
@@ -22,6 +22,7 @@
 import io.gravitee.management.rest.security.Permission;
 import io.gravitee.management.rest.security.Permissions;
 import io.gravitee.management.service.ApiService;
+import io.gravitee.management.service.GroupService;
 import io.gravitee.management.service.PageService;
 import io.gravitee.management.service.exceptions.ForbiddenAccessException;
 import io.gravitee.management.service.exceptions.UnauthorizedAccessException;
@@ -50,6 +51,9 @@ public class ApiPagesResource extends AbstractResource {
     @Inject
     private PageService pageService;
 
+    @Inject
+    private GroupService groupService;
+
     @GET
     @Path("/{page}")
     @Produces(MediaType.APPLICATION_JSON)
@@ -106,7 +110,9 @@ public List<PageListItem> listPages(
             final List<PageListItem> pages = pageService.findApiPagesByApiAndHomepage(api, homepage);
 
             return pages.stream()
-                    .filter(page -> isDisplayable(apiEntity, page.isPublished(), getAuthenticatedUsernameOrNull()))
+                    .filter(page ->
+                            isDisplayable(apiEntity, page.isPublished(), getAuthenticatedUsernameOrNull()) &&
+                            groupService.isUserAuthorizedToAccess(apiEntity, page.getExcludedGroups(), getAuthenticatedUsernameOrNull()))
                     .collect(Collectors.toList());
         }
         throw new ForbiddenAccessException();

diff --git a/...agement-api-rest/src/main/java/io/gravitee/management/rest/resource/ApiPlansResource.java b/...agement-api-rest/src/main/java/io/gravitee/management/rest/resource/ApiPlansResource.java
@@ -23,6 +23,7 @@
 import io.gravitee.management.rest.security.Permission;
 import io.gravitee.management.rest.security.Permissions;
 import io.gravitee.management.service.ApiService;
+import io.gravitee.management.service.GroupService;
 import io.gravitee.management.service.PlanService;
 import io.gravitee.management.service.exceptions.ForbiddenAccessException;
 import io.swagger.annotations.*;
@@ -53,6 +54,9 @@ public class ApiPlansResource extends AbstractResource {
     @Inject
     private ApiService apiService;
 
+    @Inject
+    private GroupService groupService;
+
     @Context
     private ResourceContext resourceContext;
 
@@ -68,11 +72,14 @@ public List<PlanEntity> listPlans(
             @PathParam("api") String api,
             @QueryParam("status") @DefaultValue("published") PlanStatusParam status) {
 
-        if (Visibility.PUBLIC.equals(apiService.findById(api).getVisibility())
+        ApiEntity apiEntity = apiService.findById(api);
+
+        if (Visibility.PUBLIC.equals(apiEntity.getVisibility())
             || hasPermission(RolePermission.API_PLAN, api, RolePermissionAction.READ)) {
 
             return planService.findByApi(api).stream()
-                    .filter(plan -> status.getStatuses().contains(plan.getStatus()))
+                    .filter(plan -> status.getStatuses().contains(plan.getStatus())
+                            && groupService.isUserAuthorizedToAccess(apiEntity, plan.getExcludedGroups(), getAuthenticatedUsernameOrNull()))
                     .sorted(Comparator.comparingInt(PlanEntity::getOrder))
                     .collect(Collectors.toList());
         }

diff --git a/...tee-management-api-service/src/main/java/io/gravitee/management/service/GroupService.java b/...tee-management-api-service/src/main/java/io/gravitee/management/service/GroupService.java
@@ -43,4 +43,5 @@ public interface GroupService {
 
     void delete(String groupId);
 
+    boolean isUserAuthorizedToAccess(ApiEntity api, List<String> excludedGroups, String username);
 }
diff --git a/...itee-management-api-service/src/main/java/io/gravitee/management/service/PlanService.java b/...itee-management-api-service/src/main/java/io/gravitee/management/service/PlanService.java
@@ -15,9 +15,13 @@
  */
 package io.gravitee.management.service;
 
+import io.gravitee.management.model.ApiEntity;
 import io.gravitee.management.model.NewPlanEntity;
 import io.gravitee.management.model.PlanEntity;
 import io.gravitee.management.model.UpdatePlanEntity;
+import io.gravitee.repository.management.model.Api;
+import io.gravitee.repository.management.model.Plan;
+import io.gravitee.repository.management.model.User;
 
 import java.util.Set;
 

diff --git a/...agement-api-service/src/main/java/io/gravitee/management/service/impl/ApiServiceImpl.java b/...agement-api-service/src/main/java/io/gravitee/management/service/impl/ApiServiceImpl.java
@@ -350,20 +350,20 @@ public ApiEntity update(String apiId, UpdateApiEntity updateApiEntity) {
     }
 
     @Override
-    public void delete(String apiName) {
+    public void delete(String apiId) {
         try {
-            LOGGER.debug("Delete API {}", apiName);
+            LOGGER.debug("Delete API {}", apiId);
 
-            Optional<Api> optApi = apiRepository.findById(apiName);
+            Optional<Api> optApi = apiRepository.findById(apiId);
             if (! optApi.isPresent()) {
-                throw new ApiNotFoundException(apiName);
+                throw new ApiNotFoundException(apiId);
             }
 
             if (optApi.get().getLifecycleState() == LifecycleState.STARTED) {
-                throw new ApiRunningStateException(apiName);
+                throw new ApiRunningStateException(apiId);
             } else {
                 // Delete plans
-                Set<PlanEntity> plans = planService.findByApi(apiName);
+                Set<PlanEntity> plans = planService.findByApi(apiId);
                 Set<String> plansNotClosed = plans.stream()
                         .filter(plan -> plan.getStatus() == PlanStatus.PUBLISHED)
                         .map(PlanEntity::getName)
@@ -377,15 +377,15 @@ public void delete(String apiName) {
                 plans.stream().forEach(plan -> planService.delete(plan.getId()));
 
                 // Delete events
-                eventService.findByApi(apiName)
+                eventService.findByApi(apiId)
                         .forEach(event -> eventService.delete(event.getId()));
 
                 // Delete API
-                apiRepository.delete(apiName);
+                apiRepository.delete(apiId);
             }
         } catch (TechnicalException ex) {
-            LOGGER.error("An error occurs while trying to delete API {}", apiName, ex);
-            throw new TechnicalManagementException("An error occurs while trying to delete API " + apiName, ex);
+            LOGGER.error("An error occurs while trying to delete API {}", apiId, ex);
+            throw new TechnicalManagementException("An error occurs while trying to delete API " + apiId, ex);
         }
     }