From 79304cb93536b12664b0e3405d5320ca81b72def Mon Sep 17 00:00:00 2001
From: brasseld <brasseld@gmail.com>
Date: Thu, 15 Dec 2016 23:39:17 +0100
Subject: [PATCH] feat(security): Add multiple security implementations and
 manage security by plan

Closes gravitee-io/issues#379
---
 src/app/api/admin/plans/apiPlans.controller.js  |  8 ++++++++
 src/app/api/admin/plans/apiPlans.html           | 17 ++++++++++++++---
 src/app/api/admin/plans/closePlan.dialog.html   |  7 +++++--
 .../admin/plans/closePlanDialog.controller.js   |  2 +-
 .../admin/plans/publishPlanDialog.controller.js |  1 -
 src/app/api/portal/plan/apiPlan.html            |  8 ++++++--
 src/app/services/api.service.js                 |  3 ++-
 7 files changed, 36 insertions(+), 10 deletions(-)

diff --git a/src/app/api/admin/plans/apiPlans.controller.js b/src/app/api/admin/plans/apiPlans.controller.js
index a533cf1c5e..53465412d2 100644
--- a/src/app/api/admin/plans/apiPlans.controller.js
+++ b/src/app/api/admin/plans/apiPlans.controller.js
@@ -27,6 +27,14 @@ class ApiPlansController {
     this.dndEnabled = true;
     this.statusFilters = ['staging', 'published', 'closed'];
     this.selectedStatus = ['published'];
+    this.securityTypes = [
+      {
+        'id': 'api_key',
+        'name': 'API Key'
+      }, {
+        'id': 'key_less',
+        'name': 'Keyless (public)'
+      }];
 
     $scope.planEdit = true;
 
diff --git a/src/app/api/admin/plans/apiPlans.html b/src/app/api/admin/plans/apiPlans.html
index 628b40e53d..ac40dcfa5c 100644
--- a/src/app/api/admin/plans/apiPlans.html
+++ b/src/app/api/admin/plans/apiPlans.html
@@ -87,7 +87,7 @@ <h4 ng-class="{italic: plan.status === 'staging', strike: plan.status === 'close
     </md-card-header>
     <md-divider></md-divider>
     <md-card-content layout="column">
-      <h4 class="gravitee-plan-content">{{plan.description}}</h4>
+      <h4 class="gravitee-plan-content">{{plan.description}} ({{plan.security}})</h4>
       <md-divider></md-divider>
       <div ng-repeat="characteristic in plan.characteristics">
         <h5 class="gravitee-plan-content">{{characteristic}}</h5>
@@ -97,10 +97,14 @@ <h5 class="gravitee-plan-content">{{characteristic}}</h5>
     <md-divider ng-if="graviteeUser || plan.isPublic"></md-divider>
     <md-card-footer ng-if="graviteeUser || plan.isPublic">
       <div layout="row" layout-align="end">
-        <md-button class="md-primary md-raised" aria-label="Execute"
+        <md-button ng-if="plan.security === 'api_key' || plan.security === undefined" class="md-primary md-raised" aria-label="Execute"
                    ng-click="subscribe(plan)" ng-disabled="plan.status || planEdit">
           {{plan.alreadySubscribed ? 'Subscribed' : (plan.validation === 'auto'?'Subscribe': 'Request for subscription')}}
         </md-button>
+        <md-button ng-if="plan.security === 'key_less'" class="md-primary md-raised" aria-label="Execute"
+                   ng-click="subscribe(plan)" ng-disabled="plan.status || planEdit">
+          No subscription required
+        </md-button>
       </div>
     </md-card-footer>
   </md-card>
@@ -150,6 +154,13 @@ <h2>
       <label>Description</label>
       <input type="text" ng-model="plan.description" required>
     </md-input-container>
+    <md-input-container class="md-block">
+      <label>Security Type</label>
+      <md-select ng-model="plan.security" placeholder="Security type" required ng-required="true"
+                 ng-disabled="plan.id">
+        <md-option ng-repeat="type in apiPlansCtrl.securityTypes" ng-value="type.id">{{type.name}}</md-option>
+      </md-select>
+    </md-input-container>
     <md-input-container class="md-block">
       <label>Characteristics</label>
       <md-chips ng-model="plan.characteristics" placeholder="Enter a characteristic"
@@ -160,7 +171,7 @@ <h2>
       <md-input-container class="md-block" flex="33">
         <label>Auto validation</label>
         <md-switch aria-label="Auto validation"
-          ng-model="plan.validation" ng-true-value="'auto'" ng-false-value="'manual'"></md-switch>
+          ng-model="plan.validation" ng-true-value="'auto'" ng-disabled="plan.security == 'key_less'" ng-false-value="'manual'"></md-switch>
       </md-input-container>
     </div>
 
diff --git a/src/app/api/admin/plans/closePlan.dialog.html b/src/app/api/admin/plans/closePlan.dialog.html
index 0bf3076083..08d2cdffe8 100644
--- a/src/app/api/admin/plans/closePlan.dialog.html
+++ b/src/app/api/admin/plans/closePlan.dialog.html
@@ -26,7 +26,7 @@ <h2>Close plan</h2>
       </div>
     </md-toolbar>
     <md-dialog-content>
-      <div class="md-dialog-content">
+      <div ng-if="plan.security == 'api_key'" class="md-dialog-content">
         <h5 ng-if="subscriptions == 0">No subscription is associated to this plan. You can delete it safely.</h5>
         <h5 ng-if="subscriptions > 0">There are <code>{{subscriptions}}</code> active subscriptions associated to this plan.</h5>
         <p ng-if="subscriptions > 0">
@@ -34,6 +34,9 @@ <h5 ng-if="subscriptions > 0">There are <code>{{subscriptions}}</code> active su
           available.
         </p>
       </div>
+      <div ng-if="plan.security == 'key_less'" class="md-dialog-content">
+        <h5>Are you sure to close the plan {{plan.name}}?</h5>
+      </div>
     </md-dialog-content>
 
     <md-dialog-actions layout="row">
@@ -41,7 +44,7 @@ <h5 ng-if="subscriptions > 0">There are <code>{{subscriptions}}</code> active su
         Cancel
       </md-button>
       <md-button type="submit" class="md-primary" ng-click="close()">
-        {{subscriptions == 0 ? 'Delete' : 'Close'}}
+        {{subscriptions == 0  && plan.security == 'api_key' ? 'Delete' : 'Close'}}
       </md-button>
     </md-dialog-actions>
   </md-dialog>
diff --git a/src/app/api/admin/plans/closePlanDialog.controller.js b/src/app/api/admin/plans/closePlanDialog.controller.js
index ff4824904f..d1fe9d07c0 100644
--- a/src/app/api/admin/plans/closePlanDialog.controller.js
+++ b/src/app/api/admin/plans/closePlanDialog.controller.js
@@ -25,7 +25,7 @@ function DialogClosePlanController($scope, $mdDialog, ApiService, NotificationSe
   };
 
   $scope.close = function () {
-    if ($scope.subscriptions === 0) {
+    if ($scope.plan.security === 'api_key' && $scope.subscriptions === 0) {
       ApiService.deletePlan($scope.apiId, $scope.plan.id).then(function() {
         NotificationService.show('Plan ' + plan.name + ' has been deleted');
       }).catch(function (error) {
diff --git a/src/app/api/admin/plans/publishPlanDialog.controller.js b/src/app/api/admin/plans/publishPlanDialog.controller.js
index 279a05af07..1b65f2e4b3 100644
--- a/src/app/api/admin/plans/publishPlanDialog.controller.js
+++ b/src/app/api/admin/plans/publishPlanDialog.controller.js
@@ -27,7 +27,6 @@ function DialogPublishPlanController($scope, $mdDialog, ApiService, Notification
     ApiService.publishPlan($scope.apiId, $scope.plan.id).then(function() {
       NotificationService.show('Plan ' + plan.name + ' has been published');
     }).catch(function (error) {
-      NotificationService.show('Error while publishing plan ' + plan.name);
       $scope.error = error;
     });
 
diff --git a/src/app/api/portal/plan/apiPlan.html b/src/app/api/portal/plan/apiPlan.html
index ead7902fff..e2afe322ac 100644
--- a/src/app/api/portal/plan/apiPlan.html
+++ b/src/app/api/portal/plan/apiPlan.html
@@ -21,7 +21,7 @@ <h3 layout-padding>{{plan.name}}</h3>
   </md-card-header>
   <md-divider></md-divider>
   <md-card-content layout="column">
-    <h4 class="gravitee-plan-content">{{plan.description}}</h4>
+    <h4 class="gravitee-plan-content">{{plan.description}} ({{plan.security}})</h4>
     <md-divider></md-divider>
     <div ng-repeat="characteristic in plan.characteristics">
       <h5 class="gravitee-plan-content">{{characteristic}}</h5>
@@ -31,10 +31,14 @@ <h5 class="gravitee-plan-content">{{characteristic}}</h5>
   <md-divider ng-if="graviteeUser || plan.isPublic"></md-divider>
   <md-card-footer ng-if="graviteeUser || plan.isPublic">
     <div layout="row" layout-align="end">
-      <md-button class="md-primary md-raised" aria-label="Execute"
+      <md-button ng-if="plan.security === 'api_key' || plan.security === undefined" class="md-primary md-raised" aria-label="Execute"
                  ng-click="subscribe(plan)" ng-disabled="planEdit">
         {{plan.alreadySubscribed ? 'Subscribed' : (plan.validation === 'auto'?'Subscribe': 'Request for subscription')}}
       </md-button>
+      <md-button ng-if="plan.security === 'key_less'" class="md-primary md-raised" aria-label="Execute"
+                 ng-click="subscribe(plan)" ng-disabled="true">
+        No subscription required
+      </md-button>
     </div>
   </md-card-footer>
 </md-card>
diff --git a/src/app/services/api.service.js b/src/app/services/api.service.js
index 83c371ed7d..ffaebd8661 100644
--- a/src/app/services/api.service.js
+++ b/src/app/services/api.service.js
@@ -192,7 +192,8 @@ class ApiService {
         {
           name: plan.name, description: plan.description, api: plan.api,
           validation: plan.validation, policies: plan.policies,
-          characteristics: plan.characteristics, type: plan.type, paths: plan.paths
+          characteristics: plan.characteristics, type: plan.type, paths: plan.paths,
+          security: plan.security
         });
     }
   }