diff --git a/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/APIAdmin.java b/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/APIAdmin.java index 8d06ba4e1ed2..ec8884b3bdb0 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/APIAdmin.java +++ b/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/APIAdmin.java @@ -17,6 +17,7 @@ */ package org.wso2.carbon.apimgt.api; +import org.wso2.carbon.apimgt.api.dto.GatewayVisibilityPermissionConfigurationDTO; import org.wso2.carbon.apimgt.api.dto.KeyManagerConfigurationDTO; import org.wso2.carbon.apimgt.api.dto.KeyManagerPermissionConfigurationDTO; import org.wso2.carbon.apimgt.api.model.APICategory; @@ -354,6 +355,14 @@ KeyManagerConfigurationDTO updateKeyManagerConfiguration(KeyManagerConfiguration */ KeyManagerPermissionConfigurationDTO getKeyManagerPermissions(String id) throws APIManagementException; + /** + * This method used to get gateway visibility permissions with gateway environment id and role + * @param id uuid of gateway environment + * @return gateway visibility permissions + * @throws APIManagementException + */ + GatewayVisibilityPermissionConfigurationDTO getGatewayVisibilityPermissions(String id) throws APIManagementException; + /** * hTis method used to delete IDP mapped with key manager * @param organization organization requested diff --git a/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/APIConsumer.java b/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/APIConsumer.java index bd20ce915dab..493379475763 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/APIConsumer.java +++ b/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/APIConsumer.java @@ -32,8 +32,8 @@ import org.wso2.carbon.apimgt.api.model.CommentList; import org.wso2.carbon.apimgt.api.model.Application; import org.wso2.carbon.apimgt.api.model.Comment; +import org.wso2.carbon.apimgt.api.model.Environment; import org.wso2.carbon.apimgt.api.model.Identifier; -import org.wso2.carbon.apimgt.api.model.KeyManagerApplicationInfo; import org.wso2.carbon.apimgt.api.model.Monetization; import org.wso2.carbon.apimgt.api.model.OAuthApplicationInfo; import org.wso2.carbon.apimgt.api.model.ResourceFile; @@ -883,6 +883,16 @@ List getKeyManagerConfigurationsByOrganization(Strin boolean isKeyManagerByNameAllowedForUser(String keyManagerName, String organization, String username) throws APIManagementException; + /** + * This method used to retrieve gateway environment for tenant + * @param organization organization of the gateway environment + * @param username username of the logged-in user + * @return Environment list + * @throws APIManagementException if error occurred + */ + Map getGatewayEnvironmentsByOrganization(String organization, String username) + throws APIManagementException; + /** * Remove application keys. * @param application application diff --git a/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/dto/GatewayVisibilityPermissionConfigurationDTO.java b/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/dto/GatewayVisibilityPermissionConfigurationDTO.java new file mode 100644 index 000000000000..09f098f6f1b6 --- /dev/null +++ b/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/dto/GatewayVisibilityPermissionConfigurationDTO.java @@ -0,0 +1,60 @@ +/* + * Copyright (c) 2025, WSO2 LLC. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 LLC. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.wso2.carbon.apimgt.api.dto; + +import java.io.Serializable; +import java.util.ArrayList; +import java.util.List; + +/** + *GatewayVisibilityPermissionConfiguration model + */ +public class GatewayVisibilityPermissionConfigurationDTO implements Serializable { + + private String permissionType = null; + private List roles = new ArrayList(); + + public GatewayVisibilityPermissionConfigurationDTO () { + this.setPermissionType("PUBLIC"); + } + + public GatewayVisibilityPermissionConfigurationDTO(String permissionType, List roles) { + this.permissionType = permissionType; + this.roles = roles; + } + + public String getPermissionType () { + return permissionType; + } + + public void setPermissionType (String permissionType) { + this.permissionType = permissionType; + } + + public List getRoles() { + return roles; + } + + public void setRoles(List roles) { + if (roles == null) { + return; + } + this.roles = roles; + } +} diff --git a/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/model/Environment.java b/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/model/Environment.java index 9429d8fdff4d..117b31824c3e 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/model/Environment.java +++ b/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/model/Environment.java @@ -21,6 +21,7 @@ import org.apache.commons.lang3.StringUtils; import org.wso2.carbon.apimgt.api.APIManagementException; import org.wso2.carbon.apimgt.api.APIConstants; +import org.wso2.carbon.apimgt.api.dto.GatewayVisibilityPermissionConfigurationDTO; import java.io.Serializable; import java.util.ArrayList; @@ -55,6 +56,11 @@ public class Environment implements Serializable { private String gatewayType; private Map additionalProperties = new HashMap<>(); + private String[] visibilityRoles; + private String visibility; + + private GatewayVisibilityPermissionConfigurationDTO permissions = new GatewayVisibilityPermissionConfigurationDTO(); + public boolean isDefault() { return isDefault; } @@ -159,6 +165,49 @@ public void setName(String name) { } } + public String getVisibility() { + return visibility; + } + + public void setVisibility(String visibility) { + this.visibility = visibility; + } + + public String[] getVisibilityRoles() { + if (visibilityRoles != null) { + return visibilityRoles; + } else if (visibility != null) { + return visibility.split(","); + } + return null; + } + + public void setVisibility(String[] visibilityRoles) { + if (visibilityRoles != null && !"".equals(visibilityRoles[0].trim())) { + StringBuilder builder = new StringBuilder(); + for (String role : visibilityRoles) { + builder.append(role).append(','); + } + builder.deleteCharAt(builder.length() - 1); + this.visibility = builder.toString(); + } else { + this.visibility = "PUBLIC"; + this.visibilityRoles[0] = "internal/everyone"; + } + this.visibilityRoles = visibilityRoles; + } + + public GatewayVisibilityPermissionConfigurationDTO getPermissions() { + return permissions; + } + + public void setPermissions(GatewayVisibilityPermissionConfigurationDTO permissions) { + if (permissions == null) { + permissions = new GatewayVisibilityPermissionConfigurationDTO(); + } + this.permissions = permissions; + } + public String getDisplayName() { return displayName; } diff --git a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIAdminImpl.java b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIAdminImpl.java index 1027c4e2f59e..3eb8f5aa00e3 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIAdminImpl.java +++ b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIAdminImpl.java @@ -39,6 +39,7 @@ import org.wso2.carbon.apimgt.api.APIManagementException; import org.wso2.carbon.apimgt.api.APIMgtResourceNotFoundException; import org.wso2.carbon.apimgt.api.ExceptionCodes; +import org.wso2.carbon.apimgt.api.dto.GatewayVisibilityPermissionConfigurationDTO; import org.wso2.carbon.apimgt.api.dto.KeyManagerConfigurationDTO; import org.wso2.carbon.apimgt.api.model.API; import org.wso2.carbon.apimgt.api.dto.KeyManagerPermissionConfigurationDTO; @@ -925,6 +926,18 @@ public KeyManagerPermissionConfigurationDTO getKeyManagerPermissions(String id) return keyManagerPermissionConfigurationDTO; } + @Override + public GatewayVisibilityPermissionConfigurationDTO getGatewayVisibilityPermissions(String id) throws APIManagementException { + + GatewayVisibilityPermissionConfigurationDTO gatewayVisibilityPermissionConfigurationDTO; + try { + gatewayVisibilityPermissionConfigurationDTO = apiMgtDAO.getGatewayVisibilityPermissions(id); + } catch (APIManagementException e) { + throw new APIManagementException("Gateway Visibility Permissions retrieval failed for gateway environment id " + id, e); + } + return gatewayVisibilityPermissionConfigurationDTO; + } + private IdentityProvider updatedIDP(IdentityProvider retrievedIDP, KeyManagerConfigurationDTO keyManagerConfigurationDTO) { diff --git a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConstants.java b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConstants.java index 856731b01b82..902c69825176 100755 --- a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConstants.java +++ b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConstants.java @@ -758,6 +758,7 @@ private Permissions() { public static final String API_GATEWAY = "APIGateway."; public static final String API_GATEWAY_NAME = "Name"; public static final String API_GATEWAY_DISPLAY_NAME = "DisplayName"; + public static final String API_GATEWAY_VISIBILITY = "Visibility"; public static final String API_GATEWAY_SERVER_URL = "ServerURL"; public static final String API_GATEWAY_USERNAME = "Username"; public static final String API_GATEWAY_PASSWORD = "Password"; @@ -3194,6 +3195,10 @@ public enum ConfigType { public static final String WSO2_APK_GATEWAY = "wso2/apk"; public static final String WSO2_SYNAPSE_GATEWAY = "wso2/synapse"; + public static final String PERMISSION_ALLOW = "ALLOW"; + public static final String PERMISSION_DENY = "DENY"; + public static final String PERMISSION_NOT_RESTRICTED = "PUBLIC"; + // Protocol variables public static final String HTTP_TRANSPORT_PROTOCOL_NAME = "http"; public static final String HTTPS_TRANSPORT_PROTOCOL_NAME = "https"; diff --git a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConsumerImpl.java b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConsumerImpl.java index cae01e9c1ad9..7bf468db9118 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConsumerImpl.java +++ b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConsumerImpl.java @@ -194,9 +194,6 @@ public class APIConsumerImpl extends AbstractAPIManager implements APIConsumer { public static final String API_NAME = "apiName"; public static final String API_VERSION = "apiVersion"; public static final String API_PROVIDER = "apiProvider"; - private static final String PERMISSION_ALLOW = "ALLOW"; - private static final String PERMISSION_DENY = "DENY"; - private static final String PERMISSION_NOT_RESTRICTED = "PUBLIC"; private static final String PRESERVED_CASE_SENSITIVE_VARIABLE = "preservedCaseSensitive"; private static final String GET_SUB_WORKFLOW_REF_FAILED = "Failed to get external workflow reference for " + @@ -4035,13 +4032,9 @@ public API getLightweightAPIByUUID(String uuid, String organization) throws APIM devPortalApi.getVisibleRoles()); API api = APIMapper.INSTANCE.toApi(devPortalApi); - /// populate relavant external info - // environment - String environmentString = null; - if (api.getEnvironments() != null) { - environmentString = String.join(",", api.getEnvironments()); - } - api.setEnvironments(APIUtil.extractEnvironmentsForAPI(environmentString, organization)); + // populate relevant external info environment + Map environments = getGatewayEnvironmentsByOrganization(organization, username); + api.setEnvironments(APIUtil.extractEnvironmentsForAPI(environments.toString(), organization)); //CORS . if null is returned, set default config from the configuration if (api.getCorsConfiguration() == null) { api.setCorsConfiguration(APIUtil.getDefaultCorsConfiguration()); @@ -4629,14 +4622,14 @@ public boolean isKeyManagerAllowedForUser(String keyManagerId, String username) APIAdmin apiAdmin = new APIAdminImpl(); KeyManagerPermissionConfigurationDTO permissions = apiAdmin.getKeyManagerPermissions(keyManagerId); String permissionType = permissions.getPermissionType(); - if (permissions != null && !permissionType.equals(PERMISSION_NOT_RESTRICTED)) { + if (permissions != null && !permissionType.equals(APIConstants.PERMISSION_NOT_RESTRICTED)) { String[] permissionRoles = permissions.getRoles() .stream() .toArray(String[]::new); String[] userRoles = APIUtil.getListOfRoles(username); boolean roleIsRestricted = hasIntersection(userRoles, permissionRoles); - if ((PERMISSION_ALLOW.equals(permissionType) && !roleIsRestricted) - || (PERMISSION_DENY.equals(permissionType) && roleIsRestricted)) { + if ((APIConstants.PERMISSION_ALLOW.equals(permissionType) && !roleIsRestricted) + || (APIConstants.PERMISSION_DENY.equals(permissionType) && roleIsRestricted)) { return false; } } @@ -4662,7 +4655,7 @@ public boolean isKeyManagerByNameAllowedForUser(String keyManagerName, String or KeyManagerPermissionConfigurationDTO permissions = keyManagerConfiguration.getPermissions(); String permissionType = permissions.getPermissionType(); //Checks if the keymanager is permission restricted and if the user is in the restricted list - if (permissions != null && !permissionType.equals(PERMISSION_NOT_RESTRICTED)) { + if (permissions != null && !permissionType.equals(APIConstants.PERMISSION_NOT_RESTRICTED)) { String[] permissionRoles = permissions.getRoles() .stream() .toArray(String[]::new); @@ -4670,14 +4663,32 @@ public boolean isKeyManagerByNameAllowedForUser(String keyManagerName, String or //list of common roles the user has and the restricted list boolean roleIsRestricted = hasIntersection(userRoles, permissionRoles); //Checks if the user is allowed to access the key manager - if ((PERMISSION_ALLOW.equals(permissionType) && !roleIsRestricted) - || (PERMISSION_DENY.equals(permissionType) && roleIsRestricted)) { + if ((APIConstants.PERMISSION_ALLOW.equals(permissionType) && !roleIsRestricted) + || (APIConstants.PERMISSION_DENY.equals(permissionType) && roleIsRestricted)) { return false; } } return true; } + /** + * This method is used to retrieve gateway environments for tenant + * + * @param organization organization of the gateway environment + * @param username username of the logged-in user + * @return Environment list + * @throws APIManagementException if error occurred + */ + @Override + public Map getGatewayEnvironmentsByOrganization(String organization, String username) throws APIManagementException { + + Map environmentsMap = APIUtil.getEnvironments(organization); + Map permittedGatewayEnvironments; + List environmentList = new ArrayList(environmentsMap.values()); + permittedGatewayEnvironments = APIUtil.extractVisibleEnvironmentsForUser(environmentList, username); + return permittedGatewayEnvironments; + } + public static boolean hasIntersection(String[] arr1, String[] arr2) { Set set = new HashSet<>(); diff --git a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIManagerConfiguration.java b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIManagerConfiguration.java index f6282dc4edac..33bd3f7cdfdb 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIManagerConfiguration.java +++ b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIManagerConfiguration.java @@ -29,6 +29,7 @@ import org.json.simple.JSONArray; import org.json.simple.JSONObject; import org.wso2.carbon.apimgt.api.APIManagementException; +import org.wso2.carbon.apimgt.api.dto.GatewayVisibilityPermissionConfigurationDTO; import org.wso2.carbon.apimgt.api.model.APIPublisher; import org.wso2.carbon.apimgt.api.model.APIStore; import org.wso2.carbon.apimgt.api.model.Environment; @@ -62,6 +63,7 @@ import java.net.URL; import java.nio.charset.StandardCharsets; import java.util.ArrayList; +import java.util.Collections; import java.util.HashMap; import java.util.HashSet; import java.util.Iterator; @@ -759,6 +761,24 @@ void setEnvironmentConfig(OMElement environmentElem) throws APIManagementExcepti gatewayType = APIConstants.API_GATEWAY_TYPE_REGULAR; } environment.setGatewayType(gatewayType); + GatewayVisibilityPermissionConfigurationDTO permissionsDTO = new GatewayVisibilityPermissionConfigurationDTO(); + OMElement visibility = environmentElem.getFirstChildWithName(new QName(APIConstants.API_GATEWAY_VISIBILITY)); + List visibilityRoles = new LinkedList<>(); + String[] visibilityRolesArray; + if (visibility == null || StringUtils.isEmpty(visibility.getText())) { + permissionsDTO.setPermissionType(APIConstants.PERMISSION_NOT_RESTRICTED); + environment.setVisibility(APIConstants.PERMISSION_NOT_RESTRICTED); + visibilityRolesArray = new String[]{APIConstants.EVERYONE_ROLE}; + } else { + String visibilityString = visibility.getText(); + visibilityRolesArray = visibilityString.split(","); + Collections.addAll(visibilityRoles, visibilityRolesArray); + permissionsDTO.setPermissionType(APIConstants.PERMISSION_ALLOW); + permissionsDTO.setRoles(visibilityRoles); + environment.setVisibility(visibilityString); + } + environment.setVisibility(visibilityRolesArray); + environment.setPermissions(permissionsDTO); if (StringUtils.isEmpty(environment.getDisplayName())) {environment.setDisplayName(environment.getName());} environment.setServerURL(APIUtil.replaceSystemProperty(environmentElem.getFirstChildWithName(new QName( APIConstants.API_GATEWAY_SERVER_URL)).getText())); diff --git a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIProviderImpl.java b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIProviderImpl.java index 66ceeb1f9b8d..b74103769a85 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIProviderImpl.java +++ b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIProviderImpl.java @@ -5600,13 +5600,12 @@ public API getLightweightAPIByUUID(String uuid, String organization) throws APIM if (publisherAPI != null) { API api = APIMapper.INSTANCE.toApi(publisherAPI); checkAccessControlPermission(userNameWithoutChange, api.getAccessControl(), api.getAccessControlRoles()); - /// populate relavant external info - // environment - String environmentString = null; - if (api.getEnvironments() != null) { - environmentString = String.join(",", api.getEnvironments()); - } - api.setEnvironments(APIUtil.extractEnvironmentsForAPI(environmentString, organization)); + // populate relevant external info environment + Map environmentsMap = APIUtil.getEnvironments(organization); + Map permittedGatewayEnvironments; + List environmentList = new ArrayList(environmentsMap.values()); + permittedGatewayEnvironments = APIUtil.extractVisibleEnvironmentsForUser(environmentList, username); + api.setEnvironments(APIUtil.extractEnvironmentsForAPI(permittedGatewayEnvironments.toString(), organization)); //CORS . if null is returned, set default config from the configuration if (api.getCorsConfiguration() == null) { api.setCorsConfiguration(APIUtil.getDefaultCorsConfiguration()); diff --git a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/AbstractAPIManager.java b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/AbstractAPIManager.java index 29d8c2decc12..1cec63d234f3 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/AbstractAPIManager.java +++ b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/AbstractAPIManager.java @@ -1195,6 +1195,7 @@ public List getResourcesOfAPIProduct(APIProductIdentifier pr protected void populateAPIInformation(String uuid, String organization, API api) throws APIManagementException, OASPersistenceException, ParseException, AsyncSpecPersistenceException { + String username = CarbonContext.getThreadLocalCarbonContext().getUsername(); //UUID if (api.getUuid() == null) { api.setUuid(uuid); @@ -1207,11 +1208,11 @@ protected void populateAPIInformation(String uuid, String organization, API api) Organization org = new Organization(organization); api.setOrganization(organization); // environment - String environmentString = null; + List environments = null; if (api.getEnvironments() != null) { - environmentString = String.join(",", api.getEnvironments()); + environments = APIUtil.getEnvironmentsOfAPI(api); } - api.setEnvironments(APIUtil.extractEnvironmentsForAPI(environmentString, organization)); + api.setEnvironments(APIUtil.extractEnvironmentsForAPI(environments, organization, username)); // workflow status APIIdentifier apiId = api.getId(); WorkflowDTO workflow; @@ -1376,17 +1377,18 @@ protected void populateAPIInformation(String uuid, String organization, API api) protected void populateDevPortalAPIInformation(String uuid, String organization, API api) throws APIManagementException, OASPersistenceException, ParseException { Organization org = new Organization(organization); + String username = CarbonContext.getThreadLocalCarbonContext().getUsername(); //UUID if (api.getUuid() == null) { api.setUuid(uuid); } api.setOrganization(organization); // environment - String environmentString = null; + List environments = null; if (api.getEnvironments() != null) { - environmentString = String.join(",", api.getEnvironments()); + environments = APIUtil.getEnvironmentsOfAPI(api); } - api.setEnvironments(APIUtil.extractEnvironmentsForAPI(environmentString, organization)); + api.setEnvironments(APIUtil.extractEnvironmentsForAPI(environments, organization, username)); // workflow status APIIdentifier apiId = api.getId(); String currentApiUuid = uuid; @@ -1520,6 +1522,7 @@ protected void populateDevPortalAPIInformation(String uuid, String organization, protected void populateAPIProductInformation(String uuid, String organization, APIProduct apiProduct) throws APIManagementException, OASPersistenceException, ParseException { Organization org = new Organization(organization); + String username = CarbonContext.getThreadLocalCarbonContext().getUsername(); apiProduct.setOrganization(organization); ApiMgtDAO.getInstance().setAPIProductFromDB(apiProduct); apiProduct.setRating(Float.toString(APIUtil.getAverageRating(apiProduct.getProductId()))); @@ -1568,11 +1571,11 @@ protected void populateAPIProductInformation(String uuid, String organization, A apiProduct.setUuid(uuid); } // environment - String environmentString = null; + List environments = null; if (apiProduct.getEnvironments() != null) { - environmentString = String.join(",", apiProduct.getEnvironments()); + environments = APIUtil.getEnvironmentsOfAPIProduct(apiProduct); } - apiProduct.setEnvironments(APIUtil.extractEnvironmentsForAPI(environmentString, organization)); + apiProduct.setEnvironments(APIUtil.extractEnvironmentsForAPI(environments, organization, username)); // workflow status APIProductIdentifier productIdentifier = apiProduct.getId(); diff --git a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/ApiMgtDAO.java b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/ApiMgtDAO.java index 8964e338e4b6..47684cdfeaa1 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/ApiMgtDAO.java +++ b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/ApiMgtDAO.java @@ -37,6 +37,7 @@ import org.wso2.carbon.apimgt.api.dto.ClonePolicyMetadataDTO; import org.wso2.carbon.apimgt.api.dto.ConditionDTO; import org.wso2.carbon.apimgt.api.dto.ConditionGroupDTO; +import org.wso2.carbon.apimgt.api.dto.GatewayVisibilityPermissionConfigurationDTO; import org.wso2.carbon.apimgt.api.dto.KeyManagerConfigurationDTO; import org.wso2.carbon.apimgt.api.dto.KeyManagerPermissionConfigurationDTO; import org.wso2.carbon.apimgt.api.dto.UserApplicationAPIUsage; @@ -181,7 +182,7 @@ public class ApiMgtDAO { private final Object scopeMutex = new Object(); private boolean forceCaseInsensitiveComparisons = false; private boolean multiGroupAppSharingEnabled = false; - private String KeyManagerAccessPublic = "PUBLIC"; + private String PublicAccessPermission = "PUBLIC"; private static final String[] keyTypes = new String[]{APIConstants.API_KEY_TYPE_PRODUCTION, APIConstants.API_KEY_TYPE_SANDBOX}; String migrationEnabled = System.getProperty(APIConstants.MIGRATE); @@ -9653,7 +9654,7 @@ public void addKeyManagerConfiguration(KeyManagerConfigurationDTO keyManagerConf preparedStatement.setString(10, keyManagerConfigurationDTO.getExternalReferenceId()); preparedStatement.executeUpdate(); KeyManagerPermissionConfigurationDTO permissionDTO = keyManagerConfigurationDTO.getPermissions(); - if (permissionDTO != null && !KeyManagerAccessPublic.equals(permissionDTO.getPermissionType())) { + if (permissionDTO != null && !PublicAccessPermission.equals(permissionDTO.getPermissionType())) { try (PreparedStatement addPermissionStatement = conn .prepareStatement(SQLConstants.KeyManagerPermissionsSqlConstants .ADD_KEY_MANAGER_PERMISSION_SQL)) { @@ -9734,7 +9735,7 @@ public void updateKeyManagerConfiguration(KeyManagerConfigurationDTO keyManagerC deletePermissionsStatement.executeUpdate(); } KeyManagerPermissionConfigurationDTO permissionDTO = keyManagerConfigurationDTO.getPermissions(); - if (permissionDTO != null && !KeyManagerAccessPublic.equals(permissionDTO.getPermissionType())) { + if (permissionDTO != null && !PublicAccessPermission.equals(permissionDTO.getPermissionType())) { try (PreparedStatement addPermissionStatement = conn.prepareStatement(SQLConstants .KeyManagerPermissionsSqlConstants.ADD_KEY_MANAGER_PERMISSION_SQL)) { for (String role : permissionDTO.getRoles()) { @@ -9801,7 +9802,7 @@ public KeyManagerPermissionConfigurationDTO getKeyManagerPermissions(String keyM ps.setString(1, keyManagerUUID); ResultSet resultSet = ps.executeQuery(); ArrayList roles = new ArrayList<>(); - keyManagerPermissions.setPermissionType(KeyManagerAccessPublic); + keyManagerPermissions.setPermissionType(PublicAccessPermission); while (resultSet.next()) { roles.add(resultSet.getString("ROLE")); keyManagerPermissions.setPermissionType(resultSet.getString("PERMISSIONS_TYPE")); @@ -9818,6 +9819,40 @@ public KeyManagerPermissionConfigurationDTO getKeyManagerPermissions(String keyM } return keyManagerPermissions; } + + public GatewayVisibilityPermissionConfigurationDTO getGatewayVisibilityPermissions(String gatewayUUID) + throws APIManagementException { + + GatewayVisibilityPermissionConfigurationDTO gatewayVisibilityPermissions = + new GatewayVisibilityPermissionConfigurationDTO(); + try (Connection conn = APIMgtDBUtil.getConnection()) { + gatewayVisibilityPermissions = new GatewayVisibilityPermissionConfigurationDTO(); + try { + String getGatewayVisibilityPermissionQuery = SQLConstants.GET_GATEWAY_VISIBILITY_PERMISSIONS_SQL; + conn.setAutoCommit(false); + PreparedStatement ps = conn.prepareStatement(getGatewayVisibilityPermissionQuery); + ps.setString(1, gatewayUUID); + ResultSet resultSet = ps.executeQuery(); + ArrayList roles = new ArrayList<>(); + // Setting the PERMISSION_TYPE to PUBLIC in case the resultSet is empty + gatewayVisibilityPermissions.setPermissionType(PublicAccessPermission); + while (resultSet.next()) { + roles.add(resultSet.getString("ROLE")); + gatewayVisibilityPermissions.setPermissionType(resultSet.getString("PERMISSIONS_TYPE")); + } + gatewayVisibilityPermissions.setRoles(roles); + conn.commit(); + } catch (SQLException e) { + conn.rollback(); + handleException("Failed to get gateway visibility permission information for gateway environment " + gatewayUUID, e); + } + } catch (SQLException e) { + throw new APIManagementException( + "Error while retrieving gateway visibility permissions with id " + gatewayUUID, e); + } + return gatewayVisibilityPermissions; + } + public List getKeyManagerConfigurations() throws APIManagementException { List keyManagerConfigurationDTOS = new ArrayList<>(); @@ -15042,6 +15077,7 @@ public List getAllEnvironments(String tenantDomain) throws APIManag env.setProvider(provider); env.setGatewayType(gatewayType); env.setVhosts(getVhostGatewayEnvironments(connection, id)); + env.setPermissions(getGatewayVisibilityPermissions(uuid)); envList.add(env); } } @@ -15082,6 +15118,7 @@ public Environment getEnvironment(String tenantDomain, String uuid) throws APIMa env.setDescription(description); env.setProvider(provider); env.setVhosts(getVhostGatewayEnvironments(connection, id)); + env.setPermissions(getGatewayVisibilityPermissions(uuid)); } } } catch (SQLException e) { @@ -15118,6 +15155,21 @@ public Environment addEnvironment(String tenantDomain, Environment environment) prepStmt.setString(8, tenantDomain); prepStmt.executeUpdate(); + GatewayVisibilityPermissionConfigurationDTO permissionDTO = environment.getPermissions(); + if (permissionDTO != null && !PublicAccessPermission.equals(permissionDTO.getPermissionType()) && + environment.getPermissions().getRoles() != null) { + try (PreparedStatement addPermissionStatement = conn + .prepareStatement(SQLConstants.ADD_GATEWAY_VISIBILITY_PERMISSION_SQL)) { + for (String role : environment.getPermissions().getRoles()) { + addPermissionStatement.setString(1, environment.getUuid()); + addPermissionStatement.setString(2, permissionDTO.getPermissionType()); + addPermissionStatement.setString(3, role); + addPermissionStatement.addBatch(); + } + addPermissionStatement.executeBatch(); + } + } + conn.commit(); ResultSet rs = prepStmt.getGeneratedKeys(); int id = -1; if (rs.next()) { @@ -15246,9 +15298,14 @@ public void deleteEnvironment(String uuid) throws APIManagementException { try (Connection connection = APIMgtDBUtil.getConnection()) { connection.setAutoCommit(false); - try (PreparedStatement prepStmt = connection.prepareStatement(SQLConstants.DELETE_ENVIRONMENT_SQL)) { - prepStmt.setString(1, uuid); - prepStmt.executeUpdate(); + try (PreparedStatement deletePermissionsStatement = connection + .prepareStatement(SQLConstants.DELETE_ALL_GATEWAY_VISIBILITY_PERMISSION_SQL)) { + deletePermissionsStatement.setString(1, uuid); + deletePermissionsStatement.executeUpdate(); + try (PreparedStatement prepStmt = connection.prepareStatement(SQLConstants.DELETE_ENVIRONMENT_SQL)) { + prepStmt.setString(1, uuid); + prepStmt.executeUpdate(); + } connection.commit(); } catch (SQLException e) { connection.rollback(); @@ -15278,6 +15335,25 @@ public Environment updateEnvironment(Environment environment) throws APIManageme deleteGatewayVhosts(connection, environment.getId()); addGatewayVhosts(connection, environment.getId(), environment.getVhosts()); connection.commit(); + try (PreparedStatement deletePermissionsStatement = connection.prepareStatement( + SQLConstants.DELETE_ALL_GATEWAY_VISIBILITY_PERMISSION_SQL)) { + deletePermissionsStatement.setString(1, environment.getUuid()); + deletePermissionsStatement.executeUpdate(); + } + GatewayVisibilityPermissionConfigurationDTO permissionDTO = environment.getPermissions(); + if (permissionDTO != null && permissionDTO.getPermissionType() != PublicAccessPermission && + environment.getPermissions().getRoles() != null) { + try (PreparedStatement addPermissionStatement = connection.prepareStatement( + SQLConstants.ADD_GATEWAY_VISIBILITY_PERMISSION_SQL)) { + for (String role : permissionDTO.getRoles()) { + addPermissionStatement.setString(1, environment.getUuid()); + addPermissionStatement.setString(2, permissionDTO.getPermissionType()); + addPermissionStatement.setString(3, role); + addPermissionStatement.addBatch(); + } + addPermissionStatement.executeBatch(); + } + } } catch (SQLException e) { connection.rollback(); handleException("Failed to update Environment", e); diff --git a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/constants/SQLConstants.java b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/constants/SQLConstants.java index bdad6d440205..abf53c0ec5d8 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/constants/SQLConstants.java +++ b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/constants/SQLConstants.java @@ -2758,9 +2758,19 @@ public class SQLConstants { public static final String DELETE_ENVIRONMENT_SQL = "DELETE FROM AM_GATEWAY_ENVIRONMENT WHERE UUID = ?"; public static final String UPDATE_ENVIRONMENT_SQL = "UPDATE AM_GATEWAY_ENVIRONMENT " + - "SET DISPLAY_NAME = ?, DESCRIPTION = ? " + + "SET DISPLAY_NAME = ?, DESCRIPTION = ?" + "WHERE UUID = ?"; + public static final String ADD_GATEWAY_VISIBILITY_PERMISSION_SQL = + " INSERT INTO" + + " AM_GATEWAY_PERMISSIONS (GATEWAY_UUID, PERMISSIONS_TYPE, ROLE)" + + " VALUES(?, ?, ?)"; + + public static final String DELETE_ALL_GATEWAY_VISIBILITY_PERMISSION_SQL = "DELETE FROM AM_GATEWAY_PERMISSIONS" + + " WHERE GATEWAY_UUID = ?"; + + public static final String GET_GATEWAY_VISIBILITY_PERMISSIONS_SQL = "SELECT PERMISSIONS_TYPE, ROLE FROM AM_GATEWAY_PERMISSIONS WHERE GATEWAY_UUID = ?"; + public static final String INSERT_LLM_PROVIDER_SQL = "INSERT INTO AM_LLM_PROVIDER (UUID, NAME, API_VERSION, BUILT_IN_SUPPORT, ORGANIZATION, DESCRIPTION, " + "API_DEFINITION, CONFIGURATIONS) VALUES (?, ?, ?, ?, ?, ?, ?, ?)"; diff --git a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java index fde4b5f08aea..dd4dced9e4b4 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java +++ b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java @@ -74,6 +74,7 @@ import org.json.simple.parser.JSONParser; import org.json.simple.parser.ParseException; import org.wso2.carbon.CarbonConstants; +import org.wso2.carbon.apimgt.api.APIAdmin; import org.wso2.carbon.apimgt.api.APIManagementException; import org.wso2.carbon.apimgt.api.APIMgtAuthorizationFailedException; import org.wso2.carbon.apimgt.api.APIMgtInternalException; @@ -88,6 +89,7 @@ import org.wso2.carbon.apimgt.api.doc.model.APIResource; import org.wso2.carbon.apimgt.api.doc.model.Operation; import org.wso2.carbon.apimgt.api.doc.model.Parameter; +import org.wso2.carbon.apimgt.api.dto.GatewayVisibilityPermissionConfigurationDTO; import org.wso2.carbon.apimgt.api.dto.KeyManagerConfigurationDTO; import org.wso2.carbon.apimgt.api.model.API; import org.wso2.carbon.apimgt.api.model.APICategory; @@ -198,6 +200,7 @@ import org.wso2.carbon.governance.api.generic.dataobjects.GenericArtifact; import org.wso2.carbon.governance.api.util.GovernanceUtils; import org.wso2.carbon.identity.core.util.IdentityCoreConstants; +import org.wso2.carbon.identity.core.util.IdentityTenantUtil; import org.wso2.carbon.identity.oauth.OAuthAdminService; import org.wso2.carbon.identity.oauth.config.OAuthServerConfiguration; import org.wso2.carbon.registry.core.ActionConstants; @@ -2475,7 +2478,6 @@ public static LoggedUserInfo getLoggedInUserInfo(String cookie, String serviceUr * Retrieves the role list of a user * * @param username A username - * @param username A username * @throws APIManagementException If an error occurs */ public static String[] getListOfRoles(String username) throws APIManagementException { @@ -2494,6 +2496,10 @@ public static String[] getListOfRoles(String username) throws APIManagementExcep try { int tenantId = ServiceReferenceHolder.getInstance().getRealmService().getTenantManager() .getTenantId(tenantDomain); + // If tenant Id is not set in the tokenReqContext, deriving it from username. + if (tenantId == 0 || tenantId == -1) { + tenantId = IdentityTenantUtil.getTenantIdOfUser(username); + } UserStoreManager manager = ServiceReferenceHolder.getInstance().getRealmService() .getTenantUserRealm(tenantId).getUserStoreManager(); roles = manager.getRoleListOfUser(MultitenantUtils.getTenantAwareUsername(username)); @@ -5031,23 +5037,98 @@ public static Set extractEnvironmentsForAPI(String environments) throws return environmentStringSet; } + public static Set extractVisibleEnvironmentsForUser(List environments, String organization, String username) throws APIManagementException { + + Map permittedEnvironments; + if (environments != null) { + permittedEnvironments = extractVisibleEnvironmentsForUser(environments, username); + } else { + Map environmentsMap = getEnvironments(organization); + List environmentsList = new ArrayList(environmentsMap.values()); + permittedEnvironments = extractVisibleEnvironmentsForUser(environmentsList, username); + } + return permittedEnvironments.keySet(); + } + + public static Map extractVisibleEnvironmentsForUser(List environments, String username) throws APIManagementException { + + Map permittedGatewayEnvironments = new LinkedHashMap<>(); + if (environments.size() > 0) { + for (Environment environment : environments) { + if (isGatewayAllowedForUser(environment, username)) { + permittedGatewayEnvironments.put(environment.getName(), environment); + } + } + } + return permittedGatewayEnvironments; + } + + /** + * This method is used to check if gateway environment is allowed for user + * + * @param environment gateway environment + * @param username username of the logged-in user + * @return boolean returns if the gateway environment is allowed for the logged-in user + * @throws APIManagementException if error occurred + */ + public static boolean isGatewayAllowedForUser(Environment environment, String username) throws APIManagementException { + + GatewayVisibilityPermissionConfigurationDTO permissions; + if (environment.getPermissions() == null) { + APIAdmin apiAdmin = new APIAdminImpl(); + permissions = apiAdmin.getGatewayVisibilityPermissions(environment.getUuid()); + } else { + permissions = environment.getPermissions(); + } + String permissionType = permissions.getPermissionType(); + if (permissions != null && !permissionType.equals(APIConstants.PERMISSION_NOT_RESTRICTED)) { + String[] permissionRoles = permissions.getRoles() + .stream() + .toArray(String[]::new); + String[] userRoles = APIUtil.getListOfRoles(username); + boolean roleIsRestricted = hasIntersection(userRoles, permissionRoles); + if ((APIConstants.PERMISSION_ALLOW.equals(permissionType) && !roleIsRestricted) + || (APIConstants.PERMISSION_DENY.equals(permissionType) && roleIsRestricted)) { + return false; + } + } + return true; + } + + public static boolean hasIntersection(String[] arr1, String[] arr2) { + + Set set = new HashSet<>(); + + for (String element : arr1) { + set.add(element); + } + + for (String element : arr2) { + if (set.contains(element)) { + return true; + } + } + + return false; + } + public static Set extractEnvironmentsForAPI(String environments, String organization) throws APIManagementException { Set environmentStringSet = null; if (environments == null) { environmentStringSet = new HashSet<>(getEnvironments(organization).keySet()); } else { - //handle not to publish to any of the gateways + // Handle not to publish to any of the gateways if (APIConstants.API_GATEWAY_NONE.equals(environments)) { environmentStringSet = new HashSet(); } - //handle to set published gateways nto api object + // Handle to set published gateways into api object else if (!"".equals(environments)) { String[] publishEnvironmentArray = environments.split(","); environmentStringSet = new HashSet(Arrays.asList(publishEnvironmentArray)); environmentStringSet.remove(APIConstants.API_GATEWAY_NONE); } - //handle to publish to any of the gateways when api creating stage + // Handle to publish to any of the gateways when api creating stage else if ("".equals(environments)) { environmentStringSet = new HashSet<>(getEnvironments(organization).keySet()); } @@ -5056,6 +5137,30 @@ else if ("".equals(environments)) { return environmentStringSet; } + public static Set extractEnvironmentsForAPI(List environments, String organization, String userName) throws APIManagementException { + + Set environmentStringSet = null; + if (environments == null) { + environmentStringSet = extractVisibleEnvironmentsForUser(null, organization, userName); + } else { + // Handle not to publish to any of the gateways + if (environments.contains(APIConstants.API_GATEWAY_NONE)) { + environmentStringSet = new HashSet(); + } + // Handle to set published gateways into api object + else if (!environments.isEmpty()) { + environmentStringSet = extractVisibleEnvironmentsForUser(environments, organization, userName); + environmentStringSet.remove(APIConstants.API_GATEWAY_NONE); + } + // Handle to publish to any of the gateways when api creating stage + else if ("".equals(environments)) { + environmentStringSet = extractVisibleEnvironmentsForUser(environments, organization, userName); + } + } + + return environmentStringSet; + } + /** * This method used to set environment values to governance artifact of API . * @@ -5129,6 +5234,24 @@ public static List getEnvironmentsOfAPI(API api) throws APIManageme return returnEnvironments; } + public static List getEnvironmentsOfAPIProduct(APIProduct apiProduct) throws APIManagementException { + + String organization = apiProduct.getOrganization(); + Map gatewayEnvironments = getEnvironments(organization); + Set apiProductEnvironments = apiProduct.getEnvironments(); + List returnEnvironments = new ArrayList(); + + for (Environment environment : gatewayEnvironments.values()) { + for (String apiEnvironment : apiProductEnvironments) { + if (environment.getName().equals(apiEnvironment)) { + returnEnvironments.add(environment); + break; + } + } + } + return returnEnvironments; + } + /** * Given the apps and the application name to check for, it will check if the application already exists. * diff --git a/components/apimgt/org.wso2.carbon.apimgt.internal.service/swagger.json b/components/apimgt/org.wso2.carbon.apimgt.internal.service/swagger.json index d81009e30f7b..6b4a85360d29 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.internal.service/swagger.json +++ b/components/apimgt/org.wso2.carbon.apimgt.internal.service/swagger.json @@ -1337,6 +1337,10 @@ "type" : "string", "description" : "Context of the API." }, + "contextTemplate" : { + "type" : "string", + "description" : "Context template of the API." + }, "policy" : { "type" : "string", "description" : "API level throttling policy." @@ -1525,8 +1529,8 @@ "type" : "string", "example" : "EXCHANGED", "description" : "The type of the tokens to be used (exchanged or without exchanged). Accepted values are EXCHANGED, DIRECT or BOTH.", - "default" : "DIRECT", - "enum" : [ "EXCHANGED", "DIRECT", "BOTH" ] + "enum" : [ "EXCHANGED", "DIRECT", "BOTH" ], + "default" : "DIRECT" } } }, diff --git a/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/gen/java/org/wso2/carbon/apimgt/rest/api/admin/v1/dto/EnvironmentDTO.java b/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/gen/java/org/wso2/carbon/apimgt/rest/api/admin/v1/dto/EnvironmentDTO.java index ca3f79bf419a..11cef82462f0 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/gen/java/org/wso2/carbon/apimgt/rest/api/admin/v1/dto/EnvironmentDTO.java +++ b/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/gen/java/org/wso2/carbon/apimgt/rest/api/admin/v1/dto/EnvironmentDTO.java @@ -7,6 +7,7 @@ import java.util.ArrayList; import java.util.List; import org.wso2.carbon.apimgt.rest.api.admin.v1.dto.AdditionalPropertyDTO; +import org.wso2.carbon.apimgt.rest.api.admin.v1.dto.EnvironmentPermissionsDTO; import org.wso2.carbon.apimgt.rest.api.admin.v1.dto.GatewayEnvironmentProtocolURIDTO; import org.wso2.carbon.apimgt.rest.api.admin.v1.dto.VHostDTO; import javax.validation.constraints.*; @@ -36,6 +37,7 @@ public class EnvironmentDTO { private List vhosts = new ArrayList(); private List endpointURIs = new ArrayList(); private List additionalProperties = new ArrayList(); + private EnvironmentPermissionsDTO permissions = null; /** **/ @@ -229,6 +231,24 @@ public void setAdditionalProperties(List additionalProper this.additionalProperties = additionalProperties; } + /** + **/ + public EnvironmentDTO permissions(EnvironmentPermissionsDTO permissions) { + this.permissions = permissions; + return this; + } + + + @ApiModelProperty(value = "") + @Valid + @JsonProperty("permissions") + public EnvironmentPermissionsDTO getPermissions() { + return permissions; + } + public void setPermissions(EnvironmentPermissionsDTO permissions) { + this.permissions = permissions; + } + @Override public boolean equals(java.lang.Object o) { @@ -249,12 +269,13 @@ public boolean equals(java.lang.Object o) { Objects.equals(isReadOnly, environment.isReadOnly) && Objects.equals(vhosts, environment.vhosts) && Objects.equals(endpointURIs, environment.endpointURIs) && - Objects.equals(additionalProperties, environment.additionalProperties); + Objects.equals(additionalProperties, environment.additionalProperties) && + Objects.equals(permissions, environment.permissions); } @Override public int hashCode() { - return Objects.hash(id, name, displayName, provider, type, gatewayType, description, isReadOnly, vhosts, endpointURIs, additionalProperties); + return Objects.hash(id, name, displayName, provider, type, gatewayType, description, isReadOnly, vhosts, endpointURIs, additionalProperties, permissions); } @Override @@ -273,6 +294,7 @@ public String toString() { sb.append(" vhosts: ").append(toIndentedString(vhosts)).append("\n"); sb.append(" endpointURIs: ").append(toIndentedString(endpointURIs)).append("\n"); sb.append(" additionalProperties: ").append(toIndentedString(additionalProperties)).append("\n"); + sb.append(" permissions: ").append(toIndentedString(permissions)).append("\n"); sb.append("}"); return sb.toString(); } diff --git a/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/gen/java/org/wso2/carbon/apimgt/rest/api/admin/v1/dto/EnvironmentPermissionsDTO.java b/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/gen/java/org/wso2/carbon/apimgt/rest/api/admin/v1/dto/EnvironmentPermissionsDTO.java new file mode 100644 index 000000000000..bb18457a412e --- /dev/null +++ b/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/gen/java/org/wso2/carbon/apimgt/rest/api/admin/v1/dto/EnvironmentPermissionsDTO.java @@ -0,0 +1,135 @@ +package org.wso2.carbon.apimgt.rest.api.admin.v1.dto; + +import com.fasterxml.jackson.annotation.JsonProperty; +import com.fasterxml.jackson.annotation.JsonCreator; +import io.swagger.annotations.ApiModel; +import io.swagger.annotations.ApiModelProperty; +import java.util.ArrayList; +import java.util.List; +import javax.validation.constraints.*; + + +import io.swagger.annotations.*; +import java.util.Objects; + +import javax.xml.bind.annotation.*; +import org.wso2.carbon.apimgt.rest.api.common.annotations.Scope; +import com.fasterxml.jackson.annotation.JsonCreator; + +import javax.validation.Valid; + + + +public class EnvironmentPermissionsDTO { + + + @XmlType(name="PermissionTypeEnum") + @XmlEnum(String.class) + public enum PermissionTypeEnum { + PUBLIC("PUBLIC"), + ALLOW("ALLOW"), + DENY("DENY"); + private String value; + + PermissionTypeEnum (String v) { + value = v; + } + + public String value() { + return value; + } + + @Override + public String toString() { + return String.valueOf(value); + } + + @JsonCreator + public static PermissionTypeEnum fromValue(String v) { + for (PermissionTypeEnum b : PermissionTypeEnum.values()) { + if (String.valueOf(b.value).equals(v)) { + return b; + } + } +return null; + } + } + private PermissionTypeEnum permissionType = PermissionTypeEnum.PUBLIC; + private List roles = new ArrayList(); + + /** + **/ + public EnvironmentPermissionsDTO permissionType(PermissionTypeEnum permissionType) { + this.permissionType = permissionType; + return this; + } + + + @ApiModelProperty(example = "ALLOW", value = "") + @JsonProperty("permissionType") + public PermissionTypeEnum getPermissionType() { + return permissionType; + } + public void setPermissionType(PermissionTypeEnum permissionType) { + this.permissionType = permissionType; + } + + /** + **/ + public EnvironmentPermissionsDTO roles(List roles) { + this.roles = roles; + return this; + } + + + @ApiModelProperty(value = "") + @JsonProperty("roles") + public List getRoles() { + return roles; + } + public void setRoles(List roles) { + this.roles = roles; + } + + + @Override + public boolean equals(java.lang.Object o) { + if (this == o) { + return true; + } + if (o == null || getClass() != o.getClass()) { + return false; + } + EnvironmentPermissionsDTO environmentPermissions = (EnvironmentPermissionsDTO) o; + return Objects.equals(permissionType, environmentPermissions.permissionType) && + Objects.equals(roles, environmentPermissions.roles); + } + + @Override + public int hashCode() { + return Objects.hash(permissionType, roles); + } + + @Override + public String toString() { + StringBuilder sb = new StringBuilder(); + sb.append("class EnvironmentPermissionsDTO {\n"); + + sb.append(" permissionType: ").append(toIndentedString(permissionType)).append("\n"); + sb.append(" roles: ").append(toIndentedString(roles)).append("\n"); + sb.append("}"); + return sb.toString(); + } + + /** + * Convert the given object to string with each line indented by 4 spaces + * (except the first line). + */ + private String toIndentedString(java.lang.Object o) { + if (o == null) { + return "null"; + } + return o.toString().replace("\n", "\n "); + } +} + diff --git a/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/admin/v1/impl/EnvironmentsApiServiceImpl.java b/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/admin/v1/impl/EnvironmentsApiServiceImpl.java index c80a0aa46785..2d63f5e17c6c 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/admin/v1/impl/EnvironmentsApiServiceImpl.java +++ b/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/admin/v1/impl/EnvironmentsApiServiceImpl.java @@ -5,6 +5,8 @@ import org.apache.commons.logging.LogFactory; import org.wso2.carbon.apimgt.api.APIAdmin; import org.wso2.carbon.apimgt.api.APIManagementException; +import org.wso2.carbon.apimgt.api.ExceptionCodes; +import org.wso2.carbon.apimgt.api.dto.GatewayVisibilityPermissionConfigurationDTO; import org.wso2.carbon.apimgt.api.model.Environment; import org.wso2.carbon.apimgt.impl.APIAdminImpl; import org.wso2.carbon.apimgt.impl.utils.APIUtil; @@ -23,6 +25,8 @@ import java.net.URI; import java.net.URISyntaxException; +import java.util.ArrayList; +import java.util.Arrays; import java.util.List; import javax.ws.rs.core.Response; @@ -33,7 +37,7 @@ public class EnvironmentsApiServiceImpl implements EnvironmentsApiService { private static final Log log = LogFactory.getLog(EnvironmentsApiServiceImpl.class); /** - * Delete gateway envirionment + * Delete gateway environment * * @param environmentId environment ID * @param messageContext message context @@ -69,13 +73,20 @@ public Response environmentsEnvironmentIdPut(String environmentId, EnvironmentDT body.setId(environmentId); String organization = RestApiUtil.getValidatedOrganization(messageContext); Environment env = EnvironmentMappingUtil.fromEnvDtoToEnv(body); - apiAdmin.updateEnvironment(organization, env); + GatewayVisibilityPermissionConfigurationDTO gatewayVisibilityPermissionConfigurationDTO = + env.getPermissions(); URI location = null; try { - location = new URI(RestApiConstants.RESOURCE_PATH_ENVIRONMENT + "/" + environmentId); + this.validatePermissions(gatewayVisibilityPermissionConfigurationDTO); + apiAdmin.updateEnvironment(organization, env); + location = new URI(RestApiConstants.RESOURCE_PATH_ENVIRONMENT + "/" + environmentId); } catch (URISyntaxException e) { String errorMessage = "Error while updating Environment : " + environmentId; RestApiUtil.handleInternalServerError(errorMessage, e, log); + } catch (IllegalArgumentException e) { + String error = "Error while storing gateway visibility permissions with name " + + body.getName() + " in tenant " + organization; + throw new APIManagementException(error, e, ExceptionCodes.ROLE_DOES_NOT_EXIST); } String info = "{'id':'" + environmentId + "'}"; APIUtil.logAuditMessage(APIConstants.AuditLogConstants.GATEWAY_ENVIRONMENTS, info, @@ -106,10 +117,9 @@ public Response environmentsGet(MessageContext messageContext) throws APIManagem * @throws APIManagementException if failed to create */ public Response environmentsPost(EnvironmentDTO body, MessageContext messageContext) throws APIManagementException { + String organization = RestApiUtil.getValidatedOrganization(messageContext); try { APIAdmin apiAdmin = new APIAdminImpl(); - //String tenantDomain = RestApiCommonUtil.getLoggedInUserTenantDomain(); - String organization = RestApiUtil.getValidatedOrganization(messageContext); String gatewayType = body.getGatewayType(); if (!(APIConstants.API_GATEWAY_TYPE_REGULAR.equals(gatewayType) || APIConstants.API_GATEWAY_TYPE_APK.equals(gatewayType))) { throw new APIManagementException("Invalid gateway type: " + gatewayType); @@ -118,6 +128,9 @@ public Response environmentsPost(EnvironmentDTO body, MessageContext messageCont throw new APIManagementException("Unsupported Vhost Configuration for gateway type: " + gatewayType); } Environment env = EnvironmentMappingUtil.fromEnvDtoToEnv(body); + GatewayVisibilityPermissionConfigurationDTO gatewayVisibilityPermissionConfigurationDTO = + env.getPermissions(); + validatePermissions(gatewayVisibilityPermissionConfigurationDTO); EnvironmentDTO envDTO = EnvironmentMappingUtil.fromEnvToEnvDTO(apiAdmin.addEnvironment(organization, env)); URI location = new URI(RestApiConstants.RESOURCE_PATH_ENVIRONMENT + "/" + envDTO.getId()); APIUtil.logAuditMessage(APIConstants.AuditLogConstants.GATEWAY_ENVIRONMENTS, new Gson().toJson(envDTO), @@ -126,10 +139,36 @@ public Response environmentsPost(EnvironmentDTO body, MessageContext messageCont } catch (URISyntaxException e) { String errorMessage = "Error while adding gateway environment : " + body.getName() + "-" + e.getMessage(); RestApiUtil.handleInternalServerError(errorMessage, e, log); + } catch (IllegalArgumentException e) { + String error = "Error while storing gateway visibility permission roles with name " + + body.getName() + " in tenant " + organization; + throw new APIManagementException(error, e, ExceptionCodes.ROLE_DOES_NOT_EXIST); } return null; } + private void validatePermissions(GatewayVisibilityPermissionConfigurationDTO permissionDTO) + throws IllegalArgumentException, APIManagementException { + + if (permissionDTO != null && permissionDTO.getRoles() != null) { + String username = RestApiCommonUtil.getLoggedInUsername(); + String[] allowedPermissionTypes = {"PUBLIC", "ALLOW", "DENY"}; + String permissionType = permissionDTO.getPermissionType(); + if (!Arrays.stream(allowedPermissionTypes).anyMatch(permissionType::equals)) { + throw new APIManagementException("Invalid permission type"); + } + List invalidRoles = new ArrayList<>(); + for (String role : permissionDTO.getRoles()) { + if (!APIUtil.isRoleNameExist(username, role)) { + invalidRoles.add(role); + } + } + if (!invalidRoles.isEmpty()) { + throw new APIManagementException("Invalid user roles found in visibleRoles list"); + } + } + } + /** * Check whether the vhost configuration is supported for APK gateway type * @param vhosts diff --git a/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/admin/v1/utils/mappings/EnvironmentMappingUtil.java b/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/admin/v1/utils/mappings/EnvironmentMappingUtil.java index a4a6ef1f9e77..1951448641f9 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/admin/v1/utils/mappings/EnvironmentMappingUtil.java +++ b/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/admin/v1/utils/mappings/EnvironmentMappingUtil.java @@ -17,11 +17,13 @@ package org.wso2.carbon.apimgt.rest.api.admin.v1.utils.mappings; +import org.wso2.carbon.apimgt.api.dto.GatewayVisibilityPermissionConfigurationDTO; import org.wso2.carbon.apimgt.api.model.Environment; import org.wso2.carbon.apimgt.api.model.VHost; import org.wso2.carbon.apimgt.rest.api.admin.v1.dto.AdditionalPropertyDTO; import org.wso2.carbon.apimgt.rest.api.admin.v1.dto.EnvironmentDTO; import org.wso2.carbon.apimgt.rest.api.admin.v1.dto.EnvironmentListDTO; +import org.wso2.carbon.apimgt.rest.api.admin.v1.dto.EnvironmentPermissionsDTO; import org.wso2.carbon.apimgt.rest.api.admin.v1.dto.VHostDTO; import java.util.ArrayList; @@ -68,6 +70,14 @@ public static EnvironmentDTO fromEnvToEnvDTO(Environment env) { .collect(Collectors.toList())); envDTO.setAdditionalProperties(fromAdditionalPropertiesToAdditionalPropertiesDTO (env.getAdditionalProperties())); + GatewayVisibilityPermissionConfigurationDTO permissions = env.getPermissions(); + if (permissions != null) { + EnvironmentPermissionsDTO environmentPermissionsDTO = new EnvironmentPermissionsDTO(); + environmentPermissionsDTO.setPermissionType(EnvironmentPermissionsDTO.PermissionTypeEnum + .fromValue(permissions.getPermissionType())); + environmentPermissionsDTO.setRoles(permissions.getRoles()); + envDTO.setPermissions(environmentPermissionsDTO); + } return envDTO; } @@ -139,6 +149,15 @@ public static Environment fromEnvDtoToEnv(EnvironmentDTO envDTO) { .collect(Collectors.toList())); env.setAdditionalProperties(fromAdditionalPropertiesDTOToAdditionalProperties (envDTO.getAdditionalProperties())); + EnvironmentPermissionsDTO permissions = envDTO.getPermissions(); + if (permissions != null && permissions.getPermissionType() != null) { + GatewayVisibilityPermissionConfigurationDTO permissionsConfiguration = new GatewayVisibilityPermissionConfigurationDTO(); + permissionsConfiguration.setPermissionType(permissions.getPermissionType().toString()); + permissionsConfiguration.setRoles(permissions.getRoles()); + env.setPermissions(permissionsConfiguration); + } else { + env.setPermissions(new GatewayVisibilityPermissionConfigurationDTO()); + } return env; } diff --git a/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/resources/admin-api.yaml b/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/resources/admin-api.yaml index 4905e5824783..64dabe3665eb 100755 --- a/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/resources/admin-api.yaml +++ b/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/resources/admin-api.yaml @@ -4699,6 +4699,22 @@ components: type: array items: $ref: '#/components/schemas/AdditionalProperty' + permissions: + type: object + properties: + permissionType: + type: string + example: ALLOW + default: PUBLIC + enum: + - PUBLIC + - ALLOW + - DENY + roles: + type: array + items: + type: string + example: Internal/everyone EnvironmentList: title: Environment List type: object diff --git a/components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/admin-api.yaml b/components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/admin-api.yaml index 4905e5824783..64dabe3665eb 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/admin-api.yaml +++ b/components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/admin-api.yaml @@ -4699,6 +4699,22 @@ components: type: array items: $ref: '#/components/schemas/AdditionalProperty' + permissions: + type: object + properties: + permissionType: + type: string + example: ALLOW + default: PUBLIC + enum: + - PUBLIC + - ALLOW + - DENY + roles: + type: array + items: + type: string + example: Internal/everyone EnvironmentList: title: Environment List type: object diff --git a/components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml b/components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml index abd313167b27..0b0d3e13b16a 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml +++ b/components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml @@ -11850,6 +11850,22 @@ components: type: array items: $ref: '#/components/schemas/AdditionalProperty' + permissions: + type: object + properties: + permissionType: + type: string + example: ALLOW + default: PUBLIC + enum: + - PUBLIC + - ALLOW + - DENY + roles: + type: array + items: + type: string + example: Internal/everyone EnvironmentList: title: Environment List type: object diff --git a/components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/gen/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/dto/EnvironmentDTO.java b/components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/gen/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/dto/EnvironmentDTO.java index 2590f2567e57..24aa315f85f6 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/gen/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/dto/EnvironmentDTO.java +++ b/components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/gen/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/dto/EnvironmentDTO.java @@ -7,6 +7,7 @@ import java.util.ArrayList; import java.util.List; import org.wso2.carbon.apimgt.rest.api.publisher.v1.dto.AdditionalPropertyDTO; +import org.wso2.carbon.apimgt.rest.api.publisher.v1.dto.EnvironmentPermissionsDTO; import org.wso2.carbon.apimgt.rest.api.publisher.v1.dto.GatewayEnvironmentProtocolURIDTO; import org.wso2.carbon.apimgt.rest.api.publisher.v1.dto.VHostDTO; import javax.validation.constraints.*; @@ -36,6 +37,7 @@ public class EnvironmentDTO { private List vhosts = new ArrayList(); private List endpointURIs = new ArrayList(); private List additionalProperties = new ArrayList(); + private EnvironmentPermissionsDTO permissions = null; /** **/ @@ -232,6 +234,24 @@ public void setAdditionalProperties(List additionalProper this.additionalProperties = additionalProperties; } + /** + **/ + public EnvironmentDTO permissions(EnvironmentPermissionsDTO permissions) { + this.permissions = permissions; + return this; + } + + + @ApiModelProperty(value = "") + @Valid + @JsonProperty("permissions") + public EnvironmentPermissionsDTO getPermissions() { + return permissions; + } + public void setPermissions(EnvironmentPermissionsDTO permissions) { + this.permissions = permissions; + } + @Override public boolean equals(java.lang.Object o) { @@ -252,12 +272,13 @@ public boolean equals(java.lang.Object o) { Objects.equals(showInApiConsole, environment.showInApiConsole) && Objects.equals(vhosts, environment.vhosts) && Objects.equals(endpointURIs, environment.endpointURIs) && - Objects.equals(additionalProperties, environment.additionalProperties); + Objects.equals(additionalProperties, environment.additionalProperties) && + Objects.equals(permissions, environment.permissions); } @Override public int hashCode() { - return Objects.hash(id, name, displayName, type, gatewayType, serverUrl, provider, showInApiConsole, vhosts, endpointURIs, additionalProperties); + return Objects.hash(id, name, displayName, type, gatewayType, serverUrl, provider, showInApiConsole, vhosts, endpointURIs, additionalProperties, permissions); } @Override @@ -276,6 +297,7 @@ public String toString() { sb.append(" vhosts: ").append(toIndentedString(vhosts)).append("\n"); sb.append(" endpointURIs: ").append(toIndentedString(endpointURIs)).append("\n"); sb.append(" additionalProperties: ").append(toIndentedString(additionalProperties)).append("\n"); + sb.append(" permissions: ").append(toIndentedString(permissions)).append("\n"); sb.append("}"); return sb.toString(); } diff --git a/components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/gen/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/dto/EnvironmentPermissionsDTO.java b/components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/gen/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/dto/EnvironmentPermissionsDTO.java new file mode 100644 index 000000000000..136a46905d86 --- /dev/null +++ b/components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/gen/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/dto/EnvironmentPermissionsDTO.java @@ -0,0 +1,135 @@ +package org.wso2.carbon.apimgt.rest.api.publisher.v1.dto; + +import com.fasterxml.jackson.annotation.JsonProperty; +import com.fasterxml.jackson.annotation.JsonCreator; +import io.swagger.annotations.ApiModel; +import io.swagger.annotations.ApiModelProperty; +import java.util.ArrayList; +import java.util.List; +import javax.validation.constraints.*; + + +import io.swagger.annotations.*; +import java.util.Objects; + +import javax.xml.bind.annotation.*; +import org.wso2.carbon.apimgt.rest.api.common.annotations.Scope; +import com.fasterxml.jackson.annotation.JsonCreator; + +import javax.validation.Valid; + + + +public class EnvironmentPermissionsDTO { + + + @XmlType(name="PermissionTypeEnum") + @XmlEnum(String.class) + public enum PermissionTypeEnum { + PUBLIC("PUBLIC"), + ALLOW("ALLOW"), + DENY("DENY"); + private String value; + + PermissionTypeEnum (String v) { + value = v; + } + + public String value() { + return value; + } + + @Override + public String toString() { + return String.valueOf(value); + } + + @JsonCreator + public static PermissionTypeEnum fromValue(String v) { + for (PermissionTypeEnum b : PermissionTypeEnum.values()) { + if (String.valueOf(b.value).equals(v)) { + return b; + } + } +return null; + } + } + private PermissionTypeEnum permissionType = PermissionTypeEnum.PUBLIC; + private List roles = new ArrayList(); + + /** + **/ + public EnvironmentPermissionsDTO permissionType(PermissionTypeEnum permissionType) { + this.permissionType = permissionType; + return this; + } + + + @ApiModelProperty(example = "ALLOW", value = "") + @JsonProperty("permissionType") + public PermissionTypeEnum getPermissionType() { + return permissionType; + } + public void setPermissionType(PermissionTypeEnum permissionType) { + this.permissionType = permissionType; + } + + /** + **/ + public EnvironmentPermissionsDTO roles(List roles) { + this.roles = roles; + return this; + } + + + @ApiModelProperty(value = "") + @JsonProperty("roles") + public List getRoles() { + return roles; + } + public void setRoles(List roles) { + this.roles = roles; + } + + + @Override + public boolean equals(java.lang.Object o) { + if (this == o) { + return true; + } + if (o == null || getClass() != o.getClass()) { + return false; + } + EnvironmentPermissionsDTO environmentPermissions = (EnvironmentPermissionsDTO) o; + return Objects.equals(permissionType, environmentPermissions.permissionType) && + Objects.equals(roles, environmentPermissions.roles); + } + + @Override + public int hashCode() { + return Objects.hash(permissionType, roles); + } + + @Override + public String toString() { + StringBuilder sb = new StringBuilder(); + sb.append("class EnvironmentPermissionsDTO {\n"); + + sb.append(" permissionType: ").append(toIndentedString(permissionType)).append("\n"); + sb.append(" roles: ").append(toIndentedString(roles)).append("\n"); + sb.append("}"); + return sb.toString(); + } + + /** + * Convert the given object to string with each line indented by 4 spaces + * (except the first line). + */ + private String toIndentedString(java.lang.Object o) { + if (o == null) { + return "null"; + } + return o.toString().replace("\n", "\n "); + } +} + diff --git a/components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/common/mappings/APIMappingUtil.java b/components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/common/mappings/APIMappingUtil.java index 7138879d5a67..6d9dc005a3c4 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/common/mappings/APIMappingUtil.java +++ b/components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/common/mappings/APIMappingUtil.java @@ -1084,7 +1084,8 @@ public static APIDTO fromAPItoDTO(API model, APIProvider apiProvider) } public static APIDTO fromAPItoDTO(API model, boolean preserveCredentials, - APIProvider apiProviderParam) throws APIManagementException { + APIProvider apiProviderParam) + throws APIManagementException { APIProvider apiProvider; if (apiProviderParam != null) { diff --git a/components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/common/mappings/EnvironmentMappingUtil.java b/components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/common/mappings/EnvironmentMappingUtil.java index 67f419e1052a..c55436042143 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/common/mappings/EnvironmentMappingUtil.java +++ b/components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/common/mappings/EnvironmentMappingUtil.java @@ -20,6 +20,7 @@ package org.wso2.carbon.apimgt.rest.api.publisher.v1.common.mappings; +import org.wso2.carbon.apimgt.api.dto.GatewayVisibilityPermissionConfigurationDTO; import org.wso2.carbon.apimgt.api.model.AsyncProtocolEndpoint; import org.wso2.carbon.apimgt.api.model.Environment; import org.wso2.carbon.apimgt.api.model.VHost; @@ -28,6 +29,7 @@ import org.wso2.carbon.apimgt.rest.api.publisher.v1.dto.AdditionalPropertyDTO; import org.wso2.carbon.apimgt.rest.api.publisher.v1.dto.EnvironmentDTO; import org.wso2.carbon.apimgt.rest.api.publisher.v1.dto.EnvironmentListDTO; +import org.wso2.carbon.apimgt.rest.api.publisher.v1.dto.EnvironmentPermissionsDTO; import org.wso2.carbon.apimgt.rest.api.publisher.v1.dto.GatewayEnvironmentProtocolURIDTO; import org.wso2.carbon.apimgt.rest.api.publisher.v1.dto.VHostDTO; @@ -59,6 +61,14 @@ public static EnvironmentDTO fromEnvironmentToDTO(Environment environment) { environmentDTO.setServerUrl(environment.getServerURL()); environmentDTO.setShowInApiConsole(environment.isShowInConsole()); environmentDTO.setProvider(environment.getProvider()); + GatewayVisibilityPermissionConfigurationDTO permissions = environment.getPermissions(); + if (permissions != null) { + EnvironmentPermissionsDTO environmentPermissionsDTO = new EnvironmentPermissionsDTO(); + environmentPermissionsDTO.setPermissionType(EnvironmentPermissionsDTO.PermissionTypeEnum + .fromValue(permissions.getPermissionType())); + environmentPermissionsDTO.setRoles(permissions.getRoles()); + environmentDTO.setPermissions(environmentPermissionsDTO); + } environmentDTO.setVhosts(environment.getVhosts().stream().map(EnvironmentMappingUtil::fromVHostToVHostDTO) .collect(Collectors.toList())); environmentDTO.setAdditionalProperties(fromAdditionalPropertiesToAdditionalPropertiesDTO diff --git a/components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/impl/ApisApiServiceImpl.java b/components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/impl/ApisApiServiceImpl.java index da6a6d7ab74a..e003a0131873 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/impl/ApisApiServiceImpl.java +++ b/components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/impl/ApisApiServiceImpl.java @@ -4571,7 +4571,7 @@ private APIDTO importAsyncAPISpecification(InputStream definition, String defini public Response updateAPIDeployment(String apiId, String deploymentId, APIRevisionDeploymentDTO apIRevisionDeploymentDTO, MessageContext messageContext) throws APIManagementException { APIProvider apiProvider = RestApiCommonUtil.getLoggedInUserProvider(); - + String organization = RestApiUtil.getValidatedOrganization(messageContext); //validate if api exists APIInfo apiInfo = CommonUtils.validateAPIExistence(apiId); //validate API update operation permitted based on the LC state @@ -4581,6 +4581,7 @@ public Response updateAPIDeployment(String apiId, String deploymentId, APIRevisi String vhost = apIRevisionDeploymentDTO.getVhost(); Boolean displayOnDevportal = apIRevisionDeploymentDTO.isDisplayOnDevportal(); String decodedDeploymentName = ApisApiServiceImplUtils.getDecodedDeploymentName(deploymentId); + Map environments = APIUtil.getEnvironments(organization); APIRevisionDeployment apiRevisionDeployment = ApisApiServiceImplUtils.mapApiRevisionDeployment(revisionId, vhost, displayOnDevportal, decodedDeploymentName); apiProvider.updateAPIDisplayOnDevportal(apiId, revisionId, apiRevisionDeployment); diff --git a/components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1/src/main/resources/publisher-api.yaml b/components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1/src/main/resources/publisher-api.yaml index abd313167b27..0b0d3e13b16a 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1/src/main/resources/publisher-api.yaml +++ b/components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1/src/main/resources/publisher-api.yaml @@ -11850,6 +11850,22 @@ components: type: array items: $ref: '#/components/schemas/AdditionalProperty' + permissions: + type: object + properties: + permissionType: + type: string + example: ALLOW + default: PUBLIC + enum: + - PUBLIC + - ALLOW + - DENY + roles: + type: array + items: + type: string + example: Internal/everyone EnvironmentList: title: Environment List type: object diff --git a/components/apimgt/org.wso2.carbon.apimgt.rest.api.store.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/store/v1/impl/ApisApiServiceImpl.java b/components/apimgt/org.wso2.carbon.apimgt.rest.api.store.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/store/v1/impl/ApisApiServiceImpl.java index c22b2114da0f..760396966e2e 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.rest.api.store.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/store/v1/impl/ApisApiServiceImpl.java +++ b/components/apimgt/org.wso2.carbon.apimgt.rest.api.store.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/store/v1/impl/ApisApiServiceImpl.java @@ -1105,14 +1105,14 @@ public Response getWSDLOfAPI(String apiId, String environmentName, String ifNone API api = apiConsumer.getLightweightAPIByUUID(apiId, organization); APIIdentifier apiIdentifier = api.getId(); - List environments = APIUtil.getEnvironmentsOfAPI(api); + Map environments = APIUtil.getEnvironments(organization); if (environments != null && environments.size() > 0) { if (StringUtils.isEmpty(environmentName)) { environmentName = api.getEnvironments().iterator().next(); } Environment selectedEnvironment = null; - for (Environment environment: environments) { + for (Environment environment: environments.values()) { if (environment.getName().equals(environmentName)) { selectedEnvironment = environment; break; diff --git a/components/apimgt/org.wso2.carbon.apimgt.rest.api.store.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/store/v1/mappings/APIMappingUtil.java b/components/apimgt/org.wso2.carbon.apimgt.rest.api.store.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/store/v1/mappings/APIMappingUtil.java index bdbaf8021131..6a89b988bf8e 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.rest.api.store.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/store/v1/mappings/APIMappingUtil.java +++ b/components/apimgt/org.wso2.carbon.apimgt.rest.api.store.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/store/v1/mappings/APIMappingUtil.java @@ -244,6 +244,12 @@ public static APIDTO fromAPItoDTO(API model, String organization) throws APIMana dto.setEnvironmentList(environmentListToReturn); } + if (model.getEnvironments() != null) { + List environmentListToReturn = new ArrayList<>(); + environmentListToReturn.addAll(model.getEnvironments()); + dto.setEnvironmentList(environmentListToReturn); + } + dto.setAuthorizationHeader(model.getAuthorizationHeader()); dto.setApiKeyHeader(model.getApiKeyHeader()); if (model.getApiSecurity() != null) { @@ -506,7 +512,9 @@ private static List setEndpointURLsForAwsAPIs(ApiTypeWrappe public static List fromAPIRevisionListToEndpointsList(APIDTO apidto, String organization) throws APIManagementException { - Map environments = APIUtil.getEnvironments(organization); + Map environmentsMap = APIUtil.getEnvironments(organization); + List environmentsList = new ArrayList(environmentsMap.values()); + Map permittedEnvironments = APIUtil.extractVisibleEnvironmentsForUser(environmentsList, RestApiCommonUtil.getLoggedInUsername()); APIConsumer apiConsumer = RestApiCommonUtil.getLoggedInUserConsumer(); List revisionDeployments = apiConsumer.getAPIRevisionDeploymentListOfAPI(apidto.getId()); @@ -522,7 +530,7 @@ public static List fromAPIRevisionListToEndpointsList(APIDTO for (APIRevisionDeployment revisionDeployment : revisionDeployments) { if (revisionDeployment.isDisplayOnDevportal()) { // Deployed environment - Environment environment = environments.get(revisionDeployment.getDeployment()); + Environment environment = permittedEnvironments.get(revisionDeployment.getDeployment()); if (environment != null) { APIEndpointURLsDTO apiEndpointURLsDTO = fromAPIRevisionToEndpoints(apidto, environment, revisionDeployment.getVhost(), customGatewayUrl, organization); diff --git a/components/apimgt/org.wso2.carbon.apimgt.rest.api.util/src/main/resources/publisher-api.yaml b/components/apimgt/org.wso2.carbon.apimgt.rest.api.util/src/main/resources/publisher-api.yaml index e3da0d27e072..e00e0d030720 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.rest.api.util/src/main/resources/publisher-api.yaml +++ b/components/apimgt/org.wso2.carbon.apimgt.rest.api.util/src/main/resources/publisher-api.yaml @@ -10258,6 +10258,22 @@ components: type: array items: $ref: '#/components/schemas/AdditionalProperty' + permissions: + type: object + properties: + permissionType: + type: string + example: ALLOW + default: PUBLIC + enum: + - PUBLIC + - ALLOW + - DENY + roles: + type: array + items: + type: string + example: Internal/everyone EnvironmentList: title: Environment List type: object diff --git a/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/conf_templates/templates/repository/conf/api-manager.xml.j2 b/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/conf_templates/templates/repository/conf/api-manager.xml.j2 index 86e7b7d51648..ba5f2106f4fc 100644 --- a/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/conf_templates/templates/repository/conf/api-manager.xml.j2 +++ b/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/conf_templates/templates/repository/conf/api-manager.xml.j2 @@ -132,6 +132,10 @@ {{environment_name.name}} {{environment_name.display_name}} {{environment_name.gateway_type}} + + {% if environment_name.visibility is defined %} + {% for role in environment_name.visibility %}{{role}}{{ "," if not loop.last }}{% endfor %} + {% endif %} {{environment_name.description}} {{environment_name.service_url}} diff --git a/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/multi-dc/OGG/oracle/apimgt/tables.sql b/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/multi-dc/OGG/oracle/apimgt/tables.sql index 27d2e24c8ba8..6aca11265625 100644 --- a/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/multi-dc/OGG/oracle/apimgt/tables.sql +++ b/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/multi-dc/OGG/oracle/apimgt/tables.sql @@ -2113,6 +2113,14 @@ CREATE TABLE AM_GATEWAY_ENVIRONMENT ( UNIQUE (UUID), PRIMARY KEY (ID)) / +CREATE TABLE AM_GATEWAY_PERMISSIONS ( + GATEWAY_UUID VARCHAR(50) NOT NULL, + PERMISSIONS_TYPE VARCHAR(50) NOT NULL, + ROLE VARCHAR(255), + PRIMARY KEY (GATEWAY_UUID, ROLE), + FOREIGN KEY (GATEWAY_UUID) REFERENCES AM_GATEWAY_ENVIRONMENT(UUID) ON DELETE CASCADE +) +/ CREATE TABLE AM_GW_VHOST ( GATEWAY_ENV_ID INTEGER NOT NULL, HOST VARCHAR(255) NOT NULL, diff --git a/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/multi-dc/OGG/oracle/apimgt/tables_23c.sql b/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/multi-dc/OGG/oracle/apimgt/tables_23c.sql index 470a1ce503b7..8ae2511fac51 100644 --- a/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/multi-dc/OGG/oracle/apimgt/tables_23c.sql +++ b/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/multi-dc/OGG/oracle/apimgt/tables_23c.sql @@ -2113,6 +2113,14 @@ CREATE TABLE AM_GATEWAY_ENVIRONMENT ( UNIQUE (UUID), PRIMARY KEY (ID)) / +CREATE TABLE AM_GATEWAY_PERMISSIONS ( + GATEWAY_UUID VARCHAR(50) NOT NULL, + PERMISSIONS_TYPE VARCHAR(50) NOT NULL, + ROLE VARCHAR(255), + PRIMARY KEY (GATEWAY_UUID, ROLE), + FOREIGN KEY (GATEWAY_UUID) REFERENCES AM_GATEWAY_ENVIRONMENT(UUID) ON DELETE CASCADE +) +/ CREATE TABLE AM_GW_VHOST ( GATEWAY_ENV_ID INTEGER NOT NULL, HOST VARCHAR(255) NOT NULL, diff --git a/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/multi-dc/Postgresql/apimgt/tables.sql b/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/multi-dc/Postgresql/apimgt/tables.sql index ff29b309ce0b..ebe1d31af828 100644 --- a/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/multi-dc/Postgresql/apimgt/tables.sql +++ b/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/multi-dc/Postgresql/apimgt/tables.sql @@ -2599,7 +2599,13 @@ CREATE TABLE IF NOT EXISTS AM_GATEWAY_ENVIRONMENT ( UNIQUE (UUID), PRIMARY KEY (ID) ); - +CREATE TABLE AM_GATEWAY_PERMISSIONS ( + GATEWAY_UUID VARCHAR(50) NOT NULL, + PERMISSIONS_TYPE VARCHAR(50) NOT NULL, + ROLE VARCHAR(255), + PRIMARY KEY (GATEWAY_UUID, ROLE), + FOREIGN KEY (GATEWAY_UUID) REFERENCES AM_GATEWAY_ENVIRONMENT(UUID) ON DELETE CASCADE +); -- Virtual Hosts Table -- DROP TABLE IF EXISTS AM_GW_VHOST; CREATE TABLE IF NOT EXISTS AM_GW_VHOST ( diff --git a/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/multi-dc/SQLServer/mssql/apimgt/tables.sql b/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/multi-dc/SQLServer/mssql/apimgt/tables.sql index 8ce87ce766fe..ab3b2cefa80b 100644 --- a/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/multi-dc/SQLServer/mssql/apimgt/tables.sql +++ b/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/multi-dc/SQLServer/mssql/apimgt/tables.sql @@ -2487,6 +2487,13 @@ CREATE TABLE AM_GATEWAY_ENVIRONMENT ( PRIMARY KEY (ID) ); +CREATE TABLE AM_GATEWAY_PERMISSIONS ( + GATEWAY_UUID VARCHAR(50) NOT NULL, + PERMISSIONS_TYPE VARCHAR(50) NOT NULL, + ROLE VARCHAR(255), + PRIMARY KEY (GATEWAY_UUID, ROLE), + FOREIGN KEY (GATEWAY_UUID) REFERENCES AM_GATEWAY_ENVIRONMENT(UUID) ON DELETE CASCADE +); -- Virtual Hosts Table -- IF NOT EXISTS (SELECT * FROM SYS.OBJECTS WHERE OBJECT_ID = OBJECT_ID(N'[DBO].[AM_GW_VHOST]') AND TYPE IN (N'U')) CREATE TABLE AM_GW_VHOST ( diff --git a/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/db2.sql b/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/db2.sql index 18f79845fdb9..0fe395dbb83a 100644 --- a/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/db2.sql +++ b/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/db2.sql @@ -3018,7 +3018,14 @@ CREATE TABLE AM_GATEWAY_ENVIRONMENT ( UNIQUE (UUID), PRIMARY KEY (ID)) / - +CREATE TABLE AM_GATEWAY_PERMISSIONS ( + GATEWAY_UUID VARCHAR(50) NOT NULL, + PERMISSIONS_TYPE VARCHAR(50) NOT NULL, + ROLE VARCHAR(255), + PRIMARY KEY (GATEWAY_UUID, ROLE), + FOREIGN KEY (GATEWAY_UUID) REFERENCES AM_GATEWAY_ENVIRONMENT(UUID) ON DELETE CASCADE +) +/ -- Virtual Hosts Table -- CREATE TABLE AM_GW_VHOST ( GATEWAY_ENV_ID INTEGER NOT NULL, diff --git a/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/h2.sql b/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/h2.sql index 8c0ad159e94b..b5ed55ba4935 100644 --- a/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/h2.sql +++ b/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/h2.sql @@ -2246,6 +2246,13 @@ CREATE TABLE IF NOT EXISTS AM_GATEWAY_ENVIRONMENT ( UNIQUE (UUID), PRIMARY KEY (ID) ); +CREATE TABLE AM_GATEWAY_PERMISSIONS ( + GATEWAY_UUID VARCHAR(50) NOT NULL, + PERMISSIONS_TYPE VARCHAR(50) NOT NULL, + ROLE VARCHAR(255), + PRIMARY KEY (GATEWAY_UUID, ROLE), + FOREIGN KEY (GATEWAY_UUID) REFERENCES AM_GATEWAY_ENVIRONMENT(UUID) ON DELETE CASCADE +); -- Virtual Hosts Table -- CREATE TABLE IF NOT EXISTS AM_GW_VHOST ( diff --git a/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mssql.sql b/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mssql.sql index 2f4e61448898..087ba7b9154b 100644 --- a/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mssql.sql +++ b/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mssql.sql @@ -2511,6 +2511,14 @@ CREATE TABLE AM_GATEWAY_ENVIRONMENT ( PRIMARY KEY (ID) ); +CREATE TABLE AM_GATEWAY_PERMISSIONS ( + GATEWAY_UUID VARCHAR(50) NOT NULL, + PERMISSIONS_TYPE VARCHAR(50) NOT NULL, + ROLE VARCHAR(255), + PRIMARY KEY (GATEWAY_UUID, ROLE), + FOREIGN KEY (GATEWAY_UUID) REFERENCES AM_GATEWAY_ENVIRONMENT(UUID) ON DELETE CASCADE +); + -- Virtual Hosts Table -- IF NOT EXISTS (SELECT * FROM SYS.OBJECTS WHERE OBJECT_ID = OBJECT_ID(N'[DBO].[AM_GW_VHOST]') AND TYPE IN (N'U')) CREATE TABLE AM_GW_VHOST ( diff --git a/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql.sql b/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql.sql index f82158dc982d..cbf282d2b684 100644 --- a/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql.sql +++ b/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql.sql @@ -2282,6 +2282,14 @@ CREATE TABLE IF NOT EXISTS AM_GATEWAY_ENVIRONMENT ( PRIMARY KEY (ID) ); +CREATE TABLE AM_GATEWAY_PERMISSIONS ( + GATEWAY_UUID VARCHAR(50) NOT NULL, + PERMISSIONS_TYPE VARCHAR(50) NOT NULL, + ROLE VARCHAR(255), + PRIMARY KEY (GATEWAY_UUID, ROLE), + FOREIGN KEY (GATEWAY_UUID) REFERENCES AM_GATEWAY_ENVIRONMENT(UUID) ON DELETE CASCADE +); + -- Virtual Hosts Table -- CREATE TABLE IF NOT EXISTS AM_GW_VHOST ( GATEWAY_ENV_ID INTEGER NOT NULL, diff --git a/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql b/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql index 8a243b9ffc46..59541ae6e6c2 100644 --- a/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql +++ b/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql @@ -2434,6 +2434,14 @@ CREATE TABLE IF NOT EXISTS AM_GATEWAY_ENVIRONMENT ( PRIMARY KEY (ID) )ENGINE=NDB; +CREATE TABLE AM_GATEWAY_PERMISSIONS ( + GATEWAY_UUID VARCHAR(50) NOT NULL, + PERMISSIONS_TYPE VARCHAR(50) NOT NULL, + ROLE VARCHAR(255), + PRIMARY KEY (GATEWAY_UUID, ROLE), + FOREIGN KEY (GATEWAY_UUID) REFERENCES AM_GATEWAY_ENVIRONMENT(UUID) ON DELETE CASCADE +)ENGINE=NDB; + -- Virtual Hosts Table -- CREATE TABLE IF NOT EXISTS AM_GW_VHOST ( GATEWAY_ENV_ID INTEGER NOT NULL, diff --git a/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle.sql b/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle.sql index fc86392ec80e..0a6aed95a70d 100644 --- a/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle.sql +++ b/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle.sql @@ -3505,6 +3505,14 @@ CREATE TABLE AM_GATEWAY_ENVIRONMENT ( UNIQUE (UUID), PRIMARY KEY (ID)) / +CREATE TABLE AM_GATEWAY_PERMISSIONS ( + GATEWAY_UUID VARCHAR(50) NOT NULL, + PERMISSIONS_TYPE VARCHAR(50) NOT NULL, + ROLE VARCHAR(255), + PRIMARY KEY (GATEWAY_UUID, ROLE), + FOREIGN KEY (GATEWAY_UUID) REFERENCES AM_GATEWAY_ENVIRONMENT(UUID) ON DELETE CASCADE +) +/ CREATE SEQUENCE AM_GATEWAY_ENV_SEQ START WITH 1 INCREMENT BY 1 NOCACHE / CREATE OR REPLACE TRIGGER AM_GATEWAY_ENVIRONMENT_TRIGGER diff --git a/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_23c.sql b/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_23c.sql index 59046ee60d45..81decde2c171 100644 --- a/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_23c.sql +++ b/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_23c.sql @@ -3505,6 +3505,14 @@ CREATE TABLE AM_GATEWAY_ENVIRONMENT ( UNIQUE (UUID), PRIMARY KEY (ID)) / +CREATE TABLE AM_GATEWAY_PERMISSIONS ( + GATEWAY_UUID VARCHAR(50) NOT NULL, + PERMISSIONS_TYPE VARCHAR(50) NOT NULL, + ROLE VARCHAR(255), + PRIMARY KEY (GATEWAY_UUID, ROLE), + FOREIGN KEY (GATEWAY_UUID) REFERENCES AM_GATEWAY_ENVIRONMENT(UUID) ON DELETE CASCADE +) +/ CREATE SEQUENCE AM_GATEWAY_ENV_SEQ START WITH 1 INCREMENT BY 1 NOCACHE / CREATE OR REPLACE TRIGGER AM_GATEWAY_ENVIRONMENT_TRIGGER diff --git a/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_rac.sql b/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_rac.sql index 304e8bcb1ac6..afe7bfb94ee1 100644 --- a/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_rac.sql +++ b/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_rac.sql @@ -3477,6 +3477,14 @@ CREATE TABLE AM_GATEWAY_ENVIRONMENT ( UNIQUE (UUID), PRIMARY KEY (ID)) / +CREATE TABLE AM_GATEWAY_PERMISSIONS ( + GATEWAY_UUID VARCHAR(50) NOT NULL, + PERMISSIONS_TYPE VARCHAR(50) NOT NULL, + ROLE VARCHAR(255), + PRIMARY KEY (GATEWAY_UUID, ROLE), + FOREIGN KEY (GATEWAY_UUID) REFERENCES AM_GATEWAY_ENVIRONMENT(UUID) ON DELETE CASCADE +) +/ CREATE SEQUENCE AM_GATEWAY_ENV_SEQ START WITH 1 INCREMENT BY 1 CACHE 20 ORDER / CREATE OR REPLACE TRIGGER AM_GATEWAY_ENVIRONMENT_TRIGGER diff --git a/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql b/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql index 8f741c079bf5..d1e1213b8e3f 100644 --- a/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql +++ b/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql @@ -2600,6 +2600,14 @@ CREATE TABLE IF NOT EXISTS AM_GATEWAY_ENVIRONMENT ( PRIMARY KEY (ID) ); +CREATE TABLE AM_GATEWAY_PERMISSIONS ( + GATEWAY_UUID VARCHAR(50) NOT NULL, + PERMISSIONS_TYPE VARCHAR(50) NOT NULL, + ROLE VARCHAR(255), + PRIMARY KEY (GATEWAY_UUID, ROLE), + FOREIGN KEY (GATEWAY_UUID) REFERENCES AM_GATEWAY_ENVIRONMENT(UUID) ON DELETE CASCADE +); + -- Virtual Hosts Table -- DROP TABLE IF EXISTS AM_GW_VHOST; CREATE TABLE IF NOT EXISTS AM_GW_VHOST (