Skip to content

Commit

Permalink
Add new table to handle gw visibility permissions
Browse files Browse the repository at this point in the history
  • Loading branch information
Naduni Pamudika committed Jan 9, 2025
1 parent 1f3e7ba commit 575e365
Show file tree
Hide file tree
Showing 43 changed files with 977 additions and 223 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@
*/
package org.wso2.carbon.apimgt.api;

import org.wso2.carbon.apimgt.api.dto.GatewayVisibilityPermissionConfigurationDTO;
import org.wso2.carbon.apimgt.api.dto.KeyManagerConfigurationDTO;
import org.wso2.carbon.apimgt.api.dto.KeyManagerPermissionConfigurationDTO;
import org.wso2.carbon.apimgt.api.model.APICategory;
Expand Down Expand Up @@ -354,6 +355,14 @@ KeyManagerConfigurationDTO updateKeyManagerConfiguration(KeyManagerConfiguration
*/
KeyManagerPermissionConfigurationDTO getKeyManagerPermissions(String id) throws APIManagementException;

/**
* This method used to get gateway visibility permissions with gateway environment id and role
* @param id uuid of gateway environment
* @return gateway visibility permissions
* @throws APIManagementException
*/
GatewayVisibilityPermissionConfigurationDTO getGatewayVisibilityPermissions(String id) throws APIManagementException;

/**
* hTis method used to delete IDP mapped with key manager
* @param organization organization requested
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -32,8 +32,8 @@
import org.wso2.carbon.apimgt.api.model.CommentList;
import org.wso2.carbon.apimgt.api.model.Application;
import org.wso2.carbon.apimgt.api.model.Comment;
import org.wso2.carbon.apimgt.api.model.Environment;
import org.wso2.carbon.apimgt.api.model.Identifier;
import org.wso2.carbon.apimgt.api.model.KeyManagerApplicationInfo;
import org.wso2.carbon.apimgt.api.model.Monetization;
import org.wso2.carbon.apimgt.api.model.OAuthApplicationInfo;
import org.wso2.carbon.apimgt.api.model.ResourceFile;
Expand Down Expand Up @@ -883,6 +883,16 @@ List<KeyManagerConfigurationDTO> getKeyManagerConfigurationsByOrganization(Strin
boolean isKeyManagerByNameAllowedForUser(String keyManagerName, String organization, String username)
throws APIManagementException;

/**
* This method used to retrieve gateway environment for tenant
* @param organization organization of the gateway environment
* @param username username of the logged-in user
* @return Environment list
* @throws APIManagementException if error occurred
*/
Map<String, Environment> getGatewayEnvironmentsByOrganization(String organization, String username)
throws APIManagementException;

/**
* Remove application keys.
* @param application application
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,60 @@
/*
* Copyright (c) 2025, WSO2 LLC. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 LLC. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/

package org.wso2.carbon.apimgt.api.dto;

import java.io.Serializable;
import java.util.ArrayList;
import java.util.List;

/**
*GatewayVisibilityPermissionConfiguration model
*/
public class GatewayVisibilityPermissionConfigurationDTO implements Serializable {

private String permissionType = null;
private List<String> roles = new ArrayList<String>();

public GatewayVisibilityPermissionConfigurationDTO () {
this.setPermissionType("PUBLIC");
}

public GatewayVisibilityPermissionConfigurationDTO(String permissionType, List<String> roles) {
this.permissionType = permissionType;
this.roles = roles;
}

public String getPermissionType () {
return permissionType;
}

public void setPermissionType (String permissionType) {
this.permissionType = permissionType;
}

public List<String> getRoles() {
return roles;
}

public void setRoles(List<String> roles) {
if (roles == null) {
return;
}
this.roles = roles;
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -32,8 +32,8 @@ public class APIRevisionDeployment implements Serializable {
private boolean isDisplayOnDevportal;
private String deployedTime;
private String successDeployedTime;

private String visibility;
private String permissionType;

public int getId() {
return id;
Expand Down Expand Up @@ -106,4 +106,12 @@ public String getVisibility() {
public void setVisibility(String visibility) {
this.visibility = visibility;
}

public String getPermissionType() {
return permissionType;
}

public void setPermissionType(String permissionType) {
this.permissionType = permissionType;
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@
import org.apache.commons.lang3.StringUtils;
import org.wso2.carbon.apimgt.api.APIManagementException;
import org.wso2.carbon.apimgt.api.APIConstants;
import org.wso2.carbon.apimgt.api.dto.GatewayVisibilityPermissionConfigurationDTO;

import java.io.Serializable;
import java.util.ArrayList;
Expand Down Expand Up @@ -58,6 +59,8 @@ public class Environment implements Serializable {
private String[] visibilityRoles;
private String visibility;

private GatewayVisibilityPermissionConfigurationDTO permissions = new GatewayVisibilityPermissionConfigurationDTO();

public boolean isDefault() {
return isDefault;
}
Expand Down Expand Up @@ -188,12 +191,23 @@ public void setVisibility(String[] visibilityRoles) {
builder.deleteCharAt(builder.length() - 1);
this.visibility = builder.toString();
} else {
this.visibility = "all";
this.visibilityRoles[0] = "all";
this.visibility = "PUBLIC";
this.visibilityRoles[0] = "internal/everyone";
}
this.visibilityRoles = visibilityRoles;
}

public GatewayVisibilityPermissionConfigurationDTO getPermissions() {
return permissions;
}

public void setPermissions(GatewayVisibilityPermissionConfigurationDTO permissions) {
if (permissions == null) {
permissions = new GatewayVisibilityPermissionConfigurationDTO();
}
this.permissions = permissions;
}

public String getDisplayName() {
return displayName;
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,7 @@
import org.wso2.carbon.apimgt.api.APIManagementException;
import org.wso2.carbon.apimgt.api.APIMgtResourceNotFoundException;
import org.wso2.carbon.apimgt.api.ExceptionCodes;
import org.wso2.carbon.apimgt.api.dto.GatewayVisibilityPermissionConfigurationDTO;
import org.wso2.carbon.apimgt.api.dto.KeyManagerConfigurationDTO;
import org.wso2.carbon.apimgt.api.model.API;
import org.wso2.carbon.apimgt.api.dto.KeyManagerPermissionConfigurationDTO;
Expand Down Expand Up @@ -925,6 +926,18 @@ public KeyManagerPermissionConfigurationDTO getKeyManagerPermissions(String id)
return keyManagerPermissionConfigurationDTO;
}

@Override
public GatewayVisibilityPermissionConfigurationDTO getGatewayVisibilityPermissions(String id) throws APIManagementException {

GatewayVisibilityPermissionConfigurationDTO gatewayVisibilityPermissionConfigurationDTO;
try {
gatewayVisibilityPermissionConfigurationDTO = apiMgtDAO.getGatewayVisibilityPermissions(id);
} catch (APIManagementException e) {
throw new APIManagementException("Gateway Visibility Permissions retrieval failed for gateway environment id " + id, e);
}
return gatewayVisibilityPermissionConfigurationDTO;
}

private IdentityProvider updatedIDP(IdentityProvider retrievedIDP,
KeyManagerConfigurationDTO keyManagerConfigurationDTO) {

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3195,6 +3195,10 @@ public enum ConfigType {
public static final String WSO2_APK_GATEWAY = "wso2/apk";
public static final String WSO2_SYNAPSE_GATEWAY = "wso2/synapse";

public static final String PERMISSION_ALLOW = "ALLOW";
public static final String PERMISSION_DENY = "DENY";
public static final String PERMISSION_NOT_RESTRICTED = "PUBLIC";

// Protocol variables
public static final String HTTP_TRANSPORT_PROTOCOL_NAME = "http";
public static final String HTTPS_TRANSPORT_PROTOCOL_NAME = "https";
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -148,21 +148,7 @@
import java.io.InputStream;
import java.lang.reflect.Constructor;
import java.lang.reflect.InvocationTargetException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Comparator;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import java.util.SortedSet;
import java.util.TreeSet;
import java.util.UUID;
import java.util.*;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import java.util.regex.Matcher;
Expand Down Expand Up @@ -194,9 +180,6 @@ public class APIConsumerImpl extends AbstractAPIManager implements APIConsumer {
public static final String API_NAME = "apiName";
public static final String API_VERSION = "apiVersion";
public static final String API_PROVIDER = "apiProvider";
private static final String PERMISSION_ALLOW = "ALLOW";
private static final String PERMISSION_DENY = "DENY";
private static final String PERMISSION_NOT_RESTRICTED = "PUBLIC";
private static final String PRESERVED_CASE_SENSITIVE_VARIABLE = "preservedCaseSensitive";

private static final String GET_SUB_WORKFLOW_REF_FAILED = "Failed to get external workflow reference for " +
Expand Down Expand Up @@ -4036,11 +4019,8 @@ public API getLightweightAPIByUUID(String uuid, String organization) throws APIM
API api = APIMapper.INSTANCE.toApi(devPortalApi);

// populate relevant external info environment
List<Environment> environments = null;
if (api.getEnvironments() != null) {
environments = APIUtil.getEnvironmentsOfAPI(api);
}
api.setEnvironments(APIUtil.extractEnvironmentsForAPI(environments, organization, userNameWithoutChange));
Map<String, Environment> environments = getGatewayEnvironmentsByOrganization(organization, username);
api.setEnvironments(APIUtil.extractEnvironmentsForAPI(environments.toString(), organization));
//CORS . if null is returned, set default config from the configuration
if (api.getCorsConfiguration() == null) {
api.setCorsConfiguration(APIUtil.getDefaultCorsConfiguration());
Expand Down Expand Up @@ -4628,14 +4608,14 @@ public boolean isKeyManagerAllowedForUser(String keyManagerId, String username)
APIAdmin apiAdmin = new APIAdminImpl();
KeyManagerPermissionConfigurationDTO permissions = apiAdmin.getKeyManagerPermissions(keyManagerId);
String permissionType = permissions.getPermissionType();
if (permissions != null && !permissionType.equals(PERMISSION_NOT_RESTRICTED)) {
if (permissions != null && !permissionType.equals(APIConstants.PERMISSION_NOT_RESTRICTED)) {
String[] permissionRoles = permissions.getRoles()
.stream()
.toArray(String[]::new);
String[] userRoles = APIUtil.getListOfRoles(username);
boolean roleIsRestricted = hasIntersection(userRoles, permissionRoles);
if ((PERMISSION_ALLOW.equals(permissionType) && !roleIsRestricted)
|| (PERMISSION_DENY.equals(permissionType) && roleIsRestricted)) {
if ((APIConstants.PERMISSION_ALLOW.equals(permissionType) && !roleIsRestricted)
|| (APIConstants.PERMISSION_DENY.equals(permissionType) && roleIsRestricted)) {
return false;
}
}
Expand All @@ -4661,22 +4641,40 @@ public boolean isKeyManagerByNameAllowedForUser(String keyManagerName, String or
KeyManagerPermissionConfigurationDTO permissions = keyManagerConfiguration.getPermissions();
String permissionType = permissions.getPermissionType();
//Checks if the keymanager is permission restricted and if the user is in the restricted list
if (permissions != null && !permissionType.equals(PERMISSION_NOT_RESTRICTED)) {
if (permissions != null && !permissionType.equals(APIConstants.PERMISSION_NOT_RESTRICTED)) {
String[] permissionRoles = permissions.getRoles()
.stream()
.toArray(String[]::new);
String[] userRoles = APIUtil.getListOfRoles(username);
//list of common roles the user has and the restricted list
boolean roleIsRestricted = hasIntersection(userRoles, permissionRoles);
//Checks if the user is allowed to access the key manager
if ((PERMISSION_ALLOW.equals(permissionType) && !roleIsRestricted)
|| (PERMISSION_DENY.equals(permissionType) && roleIsRestricted)) {
if ((APIConstants.PERMISSION_ALLOW.equals(permissionType) && !roleIsRestricted)
|| (APIConstants.PERMISSION_DENY.equals(permissionType) && roleIsRestricted)) {
return false;
}
}
return true;
}

/**
* This method is used to retrieve gateway environments for tenant
*
* @param organization organization of the gateway environment
* @param username username of the logged-in user
* @return Environment list
* @throws APIManagementException if error occurred
*/
@Override
public Map<String, Environment> getGatewayEnvironmentsByOrganization(String organization, String username) throws APIManagementException {

Map<String, Environment> environmentsMap = APIUtil.getEnvironments(organization);
Map<String, Environment> permittedGatewayEnvironments;
List<Environment> environmentList = new ArrayList<Environment>(environmentsMap.values());
permittedGatewayEnvironments = APIUtil.extractVisibleEnvironmentsForUser(environmentList, username);
return permittedGatewayEnvironments;
}

public static boolean hasIntersection(String[] arr1, String[] arr2) {

Set<String> set = new HashSet<>();
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@
import org.json.simple.JSONArray;
import org.json.simple.JSONObject;
import org.wso2.carbon.apimgt.api.APIManagementException;
import org.wso2.carbon.apimgt.api.dto.GatewayVisibilityPermissionConfigurationDTO;
import org.wso2.carbon.apimgt.api.model.APIPublisher;
import org.wso2.carbon.apimgt.api.model.APIStore;
import org.wso2.carbon.apimgt.api.model.Environment;
Expand Down Expand Up @@ -759,15 +760,26 @@ void setEnvironmentConfig(OMElement environmentElem) throws APIManagementExcepti
gatewayType = APIConstants.API_GATEWAY_TYPE_REGULAR;
}
environment.setGatewayType(gatewayType);
GatewayVisibilityPermissionConfigurationDTO permissionsDTO = new GatewayVisibilityPermissionConfigurationDTO();
OMElement visibility = environmentElem.getFirstChildWithName(new QName(APIConstants.API_GATEWAY_VISIBILITY));
String[] visibilityRoles;
List<String> visibilityRoles = new LinkedList<>();
String[] visibilityRolesArray;
if (visibility == null) {
visibilityRoles = new String[]{"all"};
permissionsDTO.setPermissionType("PUBLIC");
environment.setVisibility("PUBLIC");
visibilityRolesArray = new String[]{APIConstants.EVERYONE_ROLE};
} else {
String visibilityString = visibility.getText();
visibilityRoles = visibilityString.split(",");
visibilityRolesArray = visibilityString.split(",");
for (int i = 0; i < visibilityRolesArray.length; i++) {
visibilityRoles.add(visibilityRolesArray[i]);
}
permissionsDTO.setPermissionType("ALLOW");
permissionsDTO.setRoles(visibilityRoles);
environment.setVisibility(visibilityString);
}
environment.setVisibility(visibilityRoles);
environment.setVisibility(visibilityRolesArray);
environment.setPermissions(permissionsDTO);
if (StringUtils.isEmpty(environment.getDisplayName())) {environment.setDisplayName(environment.getName());}
environment.setServerURL(APIUtil.replaceSystemProperty(environmentElem.getFirstChildWithName(new QName(
APIConstants.API_GATEWAY_SERVER_URL)).getText()));
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5601,11 +5601,11 @@ public API getLightweightAPIByUUID(String uuid, String organization) throws APIM
API api = APIMapper.INSTANCE.toApi(publisherAPI);
checkAccessControlPermission(userNameWithoutChange, api.getAccessControl(), api.getAccessControlRoles());
// populate relevant external info environment
List<Environment> environments = null;
if (api.getEnvironments() != null) {
environments = APIUtil.getEnvironmentsOfAPI(api);
}
api.setEnvironments(APIUtil.extractEnvironmentsForAPI(environments, organization, userNameWithoutChange));
Map<String, Environment> environmentsMap = APIUtil.getEnvironments(organization);
Map<String, Environment> permittedGatewayEnvironments;
List<Environment> environmentList = new ArrayList<Environment>(environmentsMap.values());
permittedGatewayEnvironments = APIUtil.extractVisibleEnvironmentsForUser(environmentList, username);
api.setEnvironments(APIUtil.extractEnvironmentsForAPI(permittedGatewayEnvironments.toString(), organization));
//CORS . if null is returned, set default config from the configuration
if (api.getCorsConfiguration() == null) {
api.setCorsConfiguration(APIUtil.getDefaultCorsConfiguration());
Expand Down
Loading

0 comments on commit 575e365

Please sign in to comment.