diff --git a/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/APIAdmin.java b/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/APIAdmin.java index 8d06ba4e1ed2..ec8884b3bdb0 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/APIAdmin.java +++ b/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/APIAdmin.java @@ -17,6 +17,7 @@ */ package org.wso2.carbon.apimgt.api; +import org.wso2.carbon.apimgt.api.dto.GatewayVisibilityPermissionConfigurationDTO; import org.wso2.carbon.apimgt.api.dto.KeyManagerConfigurationDTO; import org.wso2.carbon.apimgt.api.dto.KeyManagerPermissionConfigurationDTO; import org.wso2.carbon.apimgt.api.model.APICategory; @@ -354,6 +355,14 @@ KeyManagerConfigurationDTO updateKeyManagerConfiguration(KeyManagerConfiguration */ KeyManagerPermissionConfigurationDTO getKeyManagerPermissions(String id) throws APIManagementException; + /** + * This method used to get gateway visibility permissions with gateway environment id and role + * @param id uuid of gateway environment + * @return gateway visibility permissions + * @throws APIManagementException + */ + GatewayVisibilityPermissionConfigurationDTO getGatewayVisibilityPermissions(String id) throws APIManagementException; + /** * hTis method used to delete IDP mapped with key manager * @param organization organization requested diff --git a/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/APIConsumer.java b/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/APIConsumer.java index bd20ce915dab..493379475763 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/APIConsumer.java +++ b/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/APIConsumer.java @@ -32,8 +32,8 @@ import org.wso2.carbon.apimgt.api.model.CommentList; import org.wso2.carbon.apimgt.api.model.Application; import org.wso2.carbon.apimgt.api.model.Comment; +import org.wso2.carbon.apimgt.api.model.Environment; import org.wso2.carbon.apimgt.api.model.Identifier; -import org.wso2.carbon.apimgt.api.model.KeyManagerApplicationInfo; import org.wso2.carbon.apimgt.api.model.Monetization; import org.wso2.carbon.apimgt.api.model.OAuthApplicationInfo; import org.wso2.carbon.apimgt.api.model.ResourceFile; @@ -883,6 +883,16 @@ List getKeyManagerConfigurationsByOrganization(Strin boolean isKeyManagerByNameAllowedForUser(String keyManagerName, String organization, String username) throws APIManagementException; + /** + * This method used to retrieve gateway environment for tenant + * @param organization organization of the gateway environment + * @param username username of the logged-in user + * @return Environment list + * @throws APIManagementException if error occurred + */ + Map getGatewayEnvironmentsByOrganization(String organization, String username) + throws APIManagementException; + /** * Remove application keys. * @param application application diff --git a/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/dto/GatewayVisibilityPermissionConfigurationDTO.java b/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/dto/GatewayVisibilityPermissionConfigurationDTO.java new file mode 100644 index 000000000000..09f098f6f1b6 --- /dev/null +++ b/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/dto/GatewayVisibilityPermissionConfigurationDTO.java @@ -0,0 +1,60 @@ +/* + * Copyright (c) 2025, WSO2 LLC. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 LLC. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.wso2.carbon.apimgt.api.dto; + +import java.io.Serializable; +import java.util.ArrayList; +import java.util.List; + +/** + *GatewayVisibilityPermissionConfiguration model + */ +public class GatewayVisibilityPermissionConfigurationDTO implements Serializable { + + private String permissionType = null; + private List roles = new ArrayList(); + + public GatewayVisibilityPermissionConfigurationDTO () { + this.setPermissionType("PUBLIC"); + } + + public GatewayVisibilityPermissionConfigurationDTO(String permissionType, List roles) { + this.permissionType = permissionType; + this.roles = roles; + } + + public String getPermissionType () { + return permissionType; + } + + public void setPermissionType (String permissionType) { + this.permissionType = permissionType; + } + + public List getRoles() { + return roles; + } + + public void setRoles(List roles) { + if (roles == null) { + return; + } + this.roles = roles; + } +} diff --git a/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/model/APIRevisionDeployment.java b/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/model/APIRevisionDeployment.java index 30b9b5b9d5fa..ef4aa655b5c4 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/model/APIRevisionDeployment.java +++ b/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/model/APIRevisionDeployment.java @@ -32,8 +32,8 @@ public class APIRevisionDeployment implements Serializable { private boolean isDisplayOnDevportal; private String deployedTime; private String successDeployedTime; - private String visibility; + private String permissionType; public int getId() { return id; @@ -106,4 +106,12 @@ public String getVisibility() { public void setVisibility(String visibility) { this.visibility = visibility; } + + public String getPermissionType() { + return permissionType; + } + + public void setPermissionType(String permissionType) { + this.permissionType = permissionType; + } } diff --git a/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/model/Environment.java b/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/model/Environment.java index 8b6715e17b6c..117b31824c3e 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/model/Environment.java +++ b/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/model/Environment.java @@ -21,6 +21,7 @@ import org.apache.commons.lang3.StringUtils; import org.wso2.carbon.apimgt.api.APIManagementException; import org.wso2.carbon.apimgt.api.APIConstants; +import org.wso2.carbon.apimgt.api.dto.GatewayVisibilityPermissionConfigurationDTO; import java.io.Serializable; import java.util.ArrayList; @@ -58,6 +59,8 @@ public class Environment implements Serializable { private String[] visibilityRoles; private String visibility; + private GatewayVisibilityPermissionConfigurationDTO permissions = new GatewayVisibilityPermissionConfigurationDTO(); + public boolean isDefault() { return isDefault; } @@ -188,12 +191,23 @@ public void setVisibility(String[] visibilityRoles) { builder.deleteCharAt(builder.length() - 1); this.visibility = builder.toString(); } else { - this.visibility = "all"; - this.visibilityRoles[0] = "all"; + this.visibility = "PUBLIC"; + this.visibilityRoles[0] = "internal/everyone"; } this.visibilityRoles = visibilityRoles; } + public GatewayVisibilityPermissionConfigurationDTO getPermissions() { + return permissions; + } + + public void setPermissions(GatewayVisibilityPermissionConfigurationDTO permissions) { + if (permissions == null) { + permissions = new GatewayVisibilityPermissionConfigurationDTO(); + } + this.permissions = permissions; + } + public String getDisplayName() { return displayName; } diff --git a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIAdminImpl.java b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIAdminImpl.java index 1027c4e2f59e..3eb8f5aa00e3 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIAdminImpl.java +++ b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIAdminImpl.java @@ -39,6 +39,7 @@ import org.wso2.carbon.apimgt.api.APIManagementException; import org.wso2.carbon.apimgt.api.APIMgtResourceNotFoundException; import org.wso2.carbon.apimgt.api.ExceptionCodes; +import org.wso2.carbon.apimgt.api.dto.GatewayVisibilityPermissionConfigurationDTO; import org.wso2.carbon.apimgt.api.dto.KeyManagerConfigurationDTO; import org.wso2.carbon.apimgt.api.model.API; import org.wso2.carbon.apimgt.api.dto.KeyManagerPermissionConfigurationDTO; @@ -925,6 +926,18 @@ public KeyManagerPermissionConfigurationDTO getKeyManagerPermissions(String id) return keyManagerPermissionConfigurationDTO; } + @Override + public GatewayVisibilityPermissionConfigurationDTO getGatewayVisibilityPermissions(String id) throws APIManagementException { + + GatewayVisibilityPermissionConfigurationDTO gatewayVisibilityPermissionConfigurationDTO; + try { + gatewayVisibilityPermissionConfigurationDTO = apiMgtDAO.getGatewayVisibilityPermissions(id); + } catch (APIManagementException e) { + throw new APIManagementException("Gateway Visibility Permissions retrieval failed for gateway environment id " + id, e); + } + return gatewayVisibilityPermissionConfigurationDTO; + } + private IdentityProvider updatedIDP(IdentityProvider retrievedIDP, KeyManagerConfigurationDTO keyManagerConfigurationDTO) { diff --git a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConstants.java b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConstants.java index e5b0289ee0e5..902c69825176 100755 --- a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConstants.java +++ b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConstants.java @@ -3195,6 +3195,10 @@ public enum ConfigType { public static final String WSO2_APK_GATEWAY = "wso2/apk"; public static final String WSO2_SYNAPSE_GATEWAY = "wso2/synapse"; + public static final String PERMISSION_ALLOW = "ALLOW"; + public static final String PERMISSION_DENY = "DENY"; + public static final String PERMISSION_NOT_RESTRICTED = "PUBLIC"; + // Protocol variables public static final String HTTP_TRANSPORT_PROTOCOL_NAME = "http"; public static final String HTTPS_TRANSPORT_PROTOCOL_NAME = "https"; diff --git a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConsumerImpl.java b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConsumerImpl.java index 362f8a9a1bd1..7bf468db9118 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConsumerImpl.java +++ b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConsumerImpl.java @@ -194,9 +194,6 @@ public class APIConsumerImpl extends AbstractAPIManager implements APIConsumer { public static final String API_NAME = "apiName"; public static final String API_VERSION = "apiVersion"; public static final String API_PROVIDER = "apiProvider"; - private static final String PERMISSION_ALLOW = "ALLOW"; - private static final String PERMISSION_DENY = "DENY"; - private static final String PERMISSION_NOT_RESTRICTED = "PUBLIC"; private static final String PRESERVED_CASE_SENSITIVE_VARIABLE = "preservedCaseSensitive"; private static final String GET_SUB_WORKFLOW_REF_FAILED = "Failed to get external workflow reference for " + @@ -4036,11 +4033,8 @@ public API getLightweightAPIByUUID(String uuid, String organization) throws APIM API api = APIMapper.INSTANCE.toApi(devPortalApi); // populate relevant external info environment - List environments = null; - if (api.getEnvironments() != null) { - environments = APIUtil.getEnvironmentsOfAPI(api); - } - api.setEnvironments(APIUtil.extractEnvironmentsForAPI(environments, organization, userNameWithoutChange)); + Map environments = getGatewayEnvironmentsByOrganization(organization, username); + api.setEnvironments(APIUtil.extractEnvironmentsForAPI(environments.toString(), organization)); //CORS . if null is returned, set default config from the configuration if (api.getCorsConfiguration() == null) { api.setCorsConfiguration(APIUtil.getDefaultCorsConfiguration()); @@ -4628,14 +4622,14 @@ public boolean isKeyManagerAllowedForUser(String keyManagerId, String username) APIAdmin apiAdmin = new APIAdminImpl(); KeyManagerPermissionConfigurationDTO permissions = apiAdmin.getKeyManagerPermissions(keyManagerId); String permissionType = permissions.getPermissionType(); - if (permissions != null && !permissionType.equals(PERMISSION_NOT_RESTRICTED)) { + if (permissions != null && !permissionType.equals(APIConstants.PERMISSION_NOT_RESTRICTED)) { String[] permissionRoles = permissions.getRoles() .stream() .toArray(String[]::new); String[] userRoles = APIUtil.getListOfRoles(username); boolean roleIsRestricted = hasIntersection(userRoles, permissionRoles); - if ((PERMISSION_ALLOW.equals(permissionType) && !roleIsRestricted) - || (PERMISSION_DENY.equals(permissionType) && roleIsRestricted)) { + if ((APIConstants.PERMISSION_ALLOW.equals(permissionType) && !roleIsRestricted) + || (APIConstants.PERMISSION_DENY.equals(permissionType) && roleIsRestricted)) { return false; } } @@ -4661,7 +4655,7 @@ public boolean isKeyManagerByNameAllowedForUser(String keyManagerName, String or KeyManagerPermissionConfigurationDTO permissions = keyManagerConfiguration.getPermissions(); String permissionType = permissions.getPermissionType(); //Checks if the keymanager is permission restricted and if the user is in the restricted list - if (permissions != null && !permissionType.equals(PERMISSION_NOT_RESTRICTED)) { + if (permissions != null && !permissionType.equals(APIConstants.PERMISSION_NOT_RESTRICTED)) { String[] permissionRoles = permissions.getRoles() .stream() .toArray(String[]::new); @@ -4669,14 +4663,32 @@ public boolean isKeyManagerByNameAllowedForUser(String keyManagerName, String or //list of common roles the user has and the restricted list boolean roleIsRestricted = hasIntersection(userRoles, permissionRoles); //Checks if the user is allowed to access the key manager - if ((PERMISSION_ALLOW.equals(permissionType) && !roleIsRestricted) - || (PERMISSION_DENY.equals(permissionType) && roleIsRestricted)) { + if ((APIConstants.PERMISSION_ALLOW.equals(permissionType) && !roleIsRestricted) + || (APIConstants.PERMISSION_DENY.equals(permissionType) && roleIsRestricted)) { return false; } } return true; } + /** + * This method is used to retrieve gateway environments for tenant + * + * @param organization organization of the gateway environment + * @param username username of the logged-in user + * @return Environment list + * @throws APIManagementException if error occurred + */ + @Override + public Map getGatewayEnvironmentsByOrganization(String organization, String username) throws APIManagementException { + + Map environmentsMap = APIUtil.getEnvironments(organization); + Map permittedGatewayEnvironments; + List environmentList = new ArrayList(environmentsMap.values()); + permittedGatewayEnvironments = APIUtil.extractVisibleEnvironmentsForUser(environmentList, username); + return permittedGatewayEnvironments; + } + public static boolean hasIntersection(String[] arr1, String[] arr2) { Set set = new HashSet<>(); diff --git a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIManagerConfiguration.java b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIManagerConfiguration.java index 0c8c19c59b46..0b6c6eb3c768 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIManagerConfiguration.java +++ b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIManagerConfiguration.java @@ -29,6 +29,7 @@ import org.json.simple.JSONArray; import org.json.simple.JSONObject; import org.wso2.carbon.apimgt.api.APIManagementException; +import org.wso2.carbon.apimgt.api.dto.GatewayVisibilityPermissionConfigurationDTO; import org.wso2.carbon.apimgt.api.model.APIPublisher; import org.wso2.carbon.apimgt.api.model.APIStore; import org.wso2.carbon.apimgt.api.model.Environment; @@ -759,15 +760,26 @@ void setEnvironmentConfig(OMElement environmentElem) throws APIManagementExcepti gatewayType = APIConstants.API_GATEWAY_TYPE_REGULAR; } environment.setGatewayType(gatewayType); + GatewayVisibilityPermissionConfigurationDTO permissionsDTO = new GatewayVisibilityPermissionConfigurationDTO(); OMElement visibility = environmentElem.getFirstChildWithName(new QName(APIConstants.API_GATEWAY_VISIBILITY)); - String[] visibilityRoles; + List visibilityRoles = new LinkedList<>(); + String[] visibilityRolesArray; if (visibility == null) { - visibilityRoles = new String[]{"all"}; + permissionsDTO.setPermissionType("PUBLIC"); + environment.setVisibility("PUBLIC"); + visibilityRolesArray = new String[]{APIConstants.EVERYONE_ROLE}; } else { String visibilityString = visibility.getText(); - visibilityRoles = visibilityString.split(","); + visibilityRolesArray = visibilityString.split(","); + for (int i = 0; i < visibilityRolesArray.length; i++) { + visibilityRoles.add(visibilityRolesArray[i]); + } + permissionsDTO.setPermissionType("ALLOW"); + permissionsDTO.setRoles(visibilityRoles); + environment.setVisibility(visibilityString); } - environment.setVisibility(visibilityRoles); + environment.setVisibility(visibilityRolesArray); + environment.setPermissions(permissionsDTO); if (StringUtils.isEmpty(environment.getDisplayName())) {environment.setDisplayName(environment.getName());} environment.setServerURL(APIUtil.replaceSystemProperty(environmentElem.getFirstChildWithName(new QName( APIConstants.API_GATEWAY_SERVER_URL)).getText())); diff --git a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIProviderImpl.java b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIProviderImpl.java index 3560b06ec839..b74103769a85 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIProviderImpl.java +++ b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIProviderImpl.java @@ -5601,11 +5601,11 @@ public API getLightweightAPIByUUID(String uuid, String organization) throws APIM API api = APIMapper.INSTANCE.toApi(publisherAPI); checkAccessControlPermission(userNameWithoutChange, api.getAccessControl(), api.getAccessControlRoles()); // populate relevant external info environment - List environments = null; - if (api.getEnvironments() != null) { - environments = APIUtil.getEnvironmentsOfAPI(api); - } - api.setEnvironments(APIUtil.extractEnvironmentsForAPI(environments, organization, userNameWithoutChange)); + Map environmentsMap = APIUtil.getEnvironments(organization); + Map permittedGatewayEnvironments; + List environmentList = new ArrayList(environmentsMap.values()); + permittedGatewayEnvironments = APIUtil.extractVisibleEnvironmentsForUser(environmentList, username); + api.setEnvironments(APIUtil.extractEnvironmentsForAPI(permittedGatewayEnvironments.toString(), organization)); //CORS . if null is returned, set default config from the configuration if (api.getCorsConfiguration() == null) { api.setCorsConfiguration(APIUtil.getDefaultCorsConfiguration()); diff --git a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/AbstractAPIManager.java b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/AbstractAPIManager.java index c36b90ba556b..1cec63d234f3 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/AbstractAPIManager.java +++ b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/AbstractAPIManager.java @@ -1195,6 +1195,7 @@ public List getResourcesOfAPIProduct(APIProductIdentifier pr protected void populateAPIInformation(String uuid, String organization, API api) throws APIManagementException, OASPersistenceException, ParseException, AsyncSpecPersistenceException { + String username = CarbonContext.getThreadLocalCarbonContext().getUsername(); //UUID if (api.getUuid() == null) { api.setUuid(uuid); @@ -1376,6 +1377,7 @@ protected void populateAPIInformation(String uuid, String organization, API api) protected void populateDevPortalAPIInformation(String uuid, String organization, API api) throws APIManagementException, OASPersistenceException, ParseException { Organization org = new Organization(organization); + String username = CarbonContext.getThreadLocalCarbonContext().getUsername(); //UUID if (api.getUuid() == null) { api.setUuid(uuid); @@ -1520,6 +1522,7 @@ protected void populateDevPortalAPIInformation(String uuid, String organization, protected void populateAPIProductInformation(String uuid, String organization, APIProduct apiProduct) throws APIManagementException, OASPersistenceException, ParseException { Organization org = new Organization(organization); + String username = CarbonContext.getThreadLocalCarbonContext().getUsername(); apiProduct.setOrganization(organization); ApiMgtDAO.getInstance().setAPIProductFromDB(apiProduct); apiProduct.setRating(Float.toString(APIUtil.getAverageRating(apiProduct.getProductId()))); diff --git a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/ApiMgtDAO.java b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/ApiMgtDAO.java index 53b67ed14091..75ae6855edbf 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/ApiMgtDAO.java +++ b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/ApiMgtDAO.java @@ -37,6 +37,7 @@ import org.wso2.carbon.apimgt.api.dto.ClonePolicyMetadataDTO; import org.wso2.carbon.apimgt.api.dto.ConditionDTO; import org.wso2.carbon.apimgt.api.dto.ConditionGroupDTO; +import org.wso2.carbon.apimgt.api.dto.GatewayVisibilityPermissionConfigurationDTO; import org.wso2.carbon.apimgt.api.dto.KeyManagerConfigurationDTO; import org.wso2.carbon.apimgt.api.dto.KeyManagerPermissionConfigurationDTO; import org.wso2.carbon.apimgt.api.dto.UserApplicationAPIUsage; @@ -182,6 +183,7 @@ public class ApiMgtDAO { private boolean forceCaseInsensitiveComparisons = false; private boolean multiGroupAppSharingEnabled = false; private String KeyManagerAccessPublic = "PUBLIC"; + private String GatewayAccessPublic = "PUBLIC"; private static final String[] keyTypes = new String[]{APIConstants.API_KEY_TYPE_PRODUCTION, APIConstants.API_KEY_TYPE_SANDBOX}; String migrationEnabled = System.getProperty(APIConstants.MIGRATE); @@ -9818,6 +9820,40 @@ public KeyManagerPermissionConfigurationDTO getKeyManagerPermissions(String keyM } return keyManagerPermissions; } + + public GatewayVisibilityPermissionConfigurationDTO getGatewayVisibilityPermissions(String gatewayUUID) + throws APIManagementException { + + GatewayVisibilityPermissionConfigurationDTO gatewayVisibilityPermissions = + new GatewayVisibilityPermissionConfigurationDTO(); + try (Connection conn = APIMgtDBUtil.getConnection()) { + conn.setAutoCommit(false); + gatewayVisibilityPermissions = new GatewayVisibilityPermissionConfigurationDTO(); + try { + String getGatewayVisibilityPermissionQuery = SQLConstants.GET_GATEWAY_VISIBILITY_PERMISSIONS_SQL; + conn.setAutoCommit(false); + PreparedStatement ps = conn.prepareStatement(getGatewayVisibilityPermissionQuery); + ps.setString(1, gatewayUUID); + ResultSet resultSet = ps.executeQuery(); + ArrayList roles = new ArrayList<>(); + gatewayVisibilityPermissions.setPermissionType(GatewayAccessPublic); + while (resultSet.next()) { + roles.add(resultSet.getString("ROLE")); + gatewayVisibilityPermissions.setPermissionType(resultSet.getString("PERMISSIONS_TYPE")); + } + gatewayVisibilityPermissions.setRoles(roles); + conn.commit(); + } catch (SQLException e) { + conn.rollback(); + handleException("Failed to get gateway visibility permission information for gateway environment " + gatewayUUID, e); + } + } catch (SQLException e) { + throw new APIManagementException( + "Error while retrieving gateway visibility permissions with id " + gatewayUUID, e); + } + return gatewayVisibilityPermissions; + } + public List getKeyManagerConfigurations() throws APIManagementException { List keyManagerConfigurationDTOS = new ArrayList<>(); @@ -15027,7 +15063,6 @@ public List getAllEnvironments(String tenantDomain) throws APIManag String uuid = rs.getString("UUID"); String name = rs.getString("NAME"); String type = rs.getString("TYPE"); - String visibility = rs.getString("VISIBILITY"); String displayName = rs.getString("DISPLAY_NAME"); String description = rs.getString("DESCRIPTION"); String provider = rs.getString("PROVIDER"); @@ -15038,12 +15073,12 @@ public List getAllEnvironments(String tenantDomain) throws APIManag env.setUuid(uuid); env.setName(name); env.setType(type); - env.setVisibility(visibility); env.setDisplayName(displayName); env.setDescription(description); env.setProvider(provider); env.setGatewayType(gatewayType); env.setVhosts(getVhostGatewayEnvironments(connection, id)); + env.setPermissions(getGatewayVisibilityPermissions(uuid)); envList.add(env); } } @@ -15073,7 +15108,6 @@ public Environment getEnvironment(String tenantDomain, String uuid) throws APIMa Integer id = rs.getInt("ID"); String name = rs.getString("NAME"); String displayName = rs.getString("DISPLAY_NAME"); - String visibility = rs.getString("VISIBILITY"); String description = rs.getString("DESCRIPTION"); String provider = rs.getString("PROVIDER"); @@ -15082,10 +15116,10 @@ public Environment getEnvironment(String tenantDomain, String uuid) throws APIMa env.setUuid(uuid); env.setName(name); env.setDisplayName(displayName); - env.setVisibility(visibility); env.setDescription(description); env.setProvider(provider); env.setVhosts(getVhostGatewayEnvironments(connection, id)); + env.setPermissions(getGatewayVisibilityPermissions(uuid)); } } } catch (SQLException e) { @@ -15115,14 +15149,27 @@ public Environment addEnvironment(String tenantDomain, Environment environment) prepStmt.setString(1, uuid); prepStmt.setString(2, environment.getName()); prepStmt.setString(3, environment.getType()); - prepStmt.setString(4, environment.getVisibility()); - prepStmt.setString(5, environment.getDisplayName()); - prepStmt.setString(6, environment.getDescription()); - prepStmt.setString(7, environment.getProvider()); - prepStmt.setString(8, environment.getGatewayType()); - prepStmt.setString(9, tenantDomain); + prepStmt.setString(4, environment.getDisplayName()); + prepStmt.setString(5, environment.getDescription()); + prepStmt.setString(6, environment.getProvider()); + prepStmt.setString(7, environment.getGatewayType()); + prepStmt.setString(8, tenantDomain); prepStmt.executeUpdate(); + GatewayVisibilityPermissionConfigurationDTO permissionDTO = environment.getPermissions(); + if (permissionDTO != null && !GatewayAccessPublic.equals(permissionDTO.getPermissionType())) { + try (PreparedStatement addPermissionStatement = conn + .prepareStatement(SQLConstants.ADD_GATEWAY_VISIBILITY_PERMISSION_SQL)) { + for (String role : environment.getPermissions().getRoles()) { + addPermissionStatement.setString(1, environment.getUuid()); + addPermissionStatement.setString(2, permissionDTO.getPermissionType()); + addPermissionStatement.setString(3, role); + addPermissionStatement.addBatch(); + } + addPermissionStatement.executeBatch(); + } + } + conn.commit(); ResultSet rs = prepStmt.getGeneratedKeys(); int id = -1; if (rs.next()) { @@ -15254,6 +15301,11 @@ public void deleteEnvironment(String uuid) throws APIManagementException { try (PreparedStatement prepStmt = connection.prepareStatement(SQLConstants.DELETE_ENVIRONMENT_SQL)) { prepStmt.setString(1, uuid); prepStmt.executeUpdate(); + try (PreparedStatement deletePermissionsStatement = connection + .prepareStatement(SQLConstants.DELETE_ALL_GATEWAY_VISIBILITY_PERMISSION_SQL)) { + deletePermissionsStatement.setString(1, uuid); + deletePermissionsStatement.executeUpdate(); + } connection.commit(); } catch (SQLException e) { connection.rollback(); @@ -15278,12 +15330,27 @@ public Environment updateEnvironment(Environment environment) throws APIManageme try (PreparedStatement prepStmt = connection.prepareStatement(SQLConstants.UPDATE_ENVIRONMENT_SQL)) { prepStmt.setString(1, environment.getDisplayName()); prepStmt.setString(2, environment.getDescription()); - prepStmt.setString(3, environment.getVisibility()); - prepStmt.setString(4, environment.getUuid()); + prepStmt.setString(3, environment.getUuid()); prepStmt.executeUpdate(); deleteGatewayVhosts(connection, environment.getId()); addGatewayVhosts(connection, environment.getId(), environment.getVhosts()); connection.commit(); + try (PreparedStatement deletePermissionsStatement = connection.prepareStatement(SQLConstants.DELETE_ALL_GATEWAY_VISIBILITY_PERMISSION_SQL)) { + deletePermissionsStatement.setString(1, environment.getUuid()); + deletePermissionsStatement.executeUpdate(); + } + GatewayVisibilityPermissionConfigurationDTO permissionDTO = environment.getPermissions(); + if (permissionDTO != null && permissionDTO.getPermissionType() != GatewayAccessPublic) { + try (PreparedStatement addPermissionStatement = connection.prepareStatement(SQLConstants.ADD_GATEWAY_VISIBILITY_PERMISSION_SQL)) { + for (String role : permissionDTO.getRoles()) { + addPermissionStatement.setString(1, environment.getUuid()); + addPermissionStatement.setString(2, permissionDTO.getPermissionType()); + addPermissionStatement.setString(3, role); + addPermissionStatement.addBatch(); + } + addPermissionStatement.executeBatch(); + } + } } catch (SQLException e) { connection.rollback(); handleException("Failed to update Environment", e); @@ -18044,6 +18111,7 @@ public void addAPIRevisionDeployment(String apiRevisionId, List extractEnvironmentsForAPI(String environments) throws return environmentStringSet; } - public static Set extractVisibleEnvironmentsForUser(List environments, String organization, String userName) throws APIManagementException { + public static Set extractVisibleEnvironmentsForUser(List environments, String organization, String username) throws APIManagementException { - Set environmentStringSet = new HashSet(); - List userRolesList; - if (userName == null) { - userRolesList = new ArrayList() {{ - add(APIConstants.NULL_USER_ROLE_LIST); - }}; + Map permittedEnvironments; + if (environments != null) { + permittedEnvironments = extractVisibleEnvironmentsForUser(environments, username); } else { - userRolesList = new ArrayList(Arrays.asList(APIUtil.getListOfRoles(userName))); + Map environmentsMap = getEnvironments(organization); + List environmentsList = new ArrayList(environmentsMap.values()); + permittedEnvironments = extractVisibleEnvironmentsForUser(environmentsList, username); } - if (environments != null) { + return permittedEnvironments.keySet(); + } + + public static Map extractVisibleEnvironmentsForUser(List environments, String username) throws APIManagementException { + + Map permittedGatewayEnvironments = new LinkedHashMap<>(); + if (environments.size() > 0) { for (Environment environment : environments) { - String[] permittedRoles = environment.getVisibilityRoles(); - if (permittedRoles[0].equals("all")) { - environmentStringSet.add(environment.toString()); - } else { - for (String role : userRolesList) { - for (String permission : permittedRoles) { - if (role.equals(permission)) { - environmentStringSet.add(environment.toString()); - } - } - } + if (isGatewayAllowedForUser(environment, username)) { + permittedGatewayEnvironments.put(environment.getName(), environment); } } + } + return permittedGatewayEnvironments; + } + + /** + * This method is used to check if gateway environment is allowed for user + * + * @param environment gateway environment + * @param username username of the logged-in user + * @return boolean returns if the gateway environment is allowed for the logged-in user + * @throws APIManagementException if error occurred + */ + public static boolean isGatewayAllowedForUser(Environment environment, String username) throws APIManagementException { + + GatewayVisibilityPermissionConfigurationDTO permissions; + if (environment.getPermissions() == null) { + APIAdmin apiAdmin = new APIAdminImpl(); + permissions = apiAdmin.getGatewayVisibilityPermissions(environment.getUuid()); } else { - Map environmentsMap = getEnvironments(organization); - for (Environment environment : environmentsMap.values()) { - String[] permittedRoles = environment.getVisibilityRoles(); - if (permittedRoles != null && permittedRoles[0].equals("all")) { - environmentStringSet.add(environment.toString()); - } else if (permittedRoles != null) { - for (String role : userRolesList) { - for (String permission : permittedRoles) { - if (role.equals(permission)) { - environmentStringSet.add(environment.toString()); - } - } - } - } else { - environmentStringSet.add(environment.toString()); - } + permissions = environment.getPermissions(); + } + String permissionType = permissions.getPermissionType(); + if (permissions != null && !permissionType.equals(APIConstants.PERMISSION_NOT_RESTRICTED)) { + String[] permissionRoles = permissions.getRoles() + .stream() + .toArray(String[]::new); + String[] userRoles = APIUtil.getListOfRoles(username); + boolean roleIsRestricted = hasIntersection(userRoles, permissionRoles); + if ((APIConstants.PERMISSION_ALLOW.equals(permissionType) && !roleIsRestricted) + || (APIConstants.PERMISSION_DENY.equals(permissionType) && roleIsRestricted)) { + return false; } } - return environmentStringSet; + return true; } - public static Map extractVisibleEnvironmentsForUser(String organization, String userName) throws APIManagementException { + public static boolean hasIntersection(String[] arr1, String[] arr2) { - Map returnEnvironments = new LinkedHashMap<>(); - List userRolesList; - if (userName == null) { - userRolesList = new ArrayList() {{ - add(APIConstants.NULL_USER_ROLE_LIST); - }}; - } else { - userRolesList = new ArrayList(Arrays.asList(APIUtil.getListOfRoles(userName))); - } - Map environmentsMap = getEnvironments(organization); - for (Environment environment : environmentsMap.values()) { - String[] permittedRoles = environment.getVisibilityRoles(); - if (permittedRoles != null && permittedRoles[0].equals("all")) { - returnEnvironments.put(environment.getName(), environment); - } else if (permittedRoles != null) { - for (String role : userRolesList) { - for (String permission : permittedRoles) { - if (role.equals(permission)) { - returnEnvironments.put(environment.getName(), environment); - } - } - } - } else { - returnEnvironments.put(environment.getName(), environment); + Set set = new HashSet<>(); + + for (String element : arr1) { + set.add(element); + } + + for (String element : arr2) { + if (set.contains(element)) { + return true; } } - return returnEnvironments; + + return false; } public static Set extractEnvironmentsForAPI(String environments, String organization) throws APIManagementException { @@ -5143,7 +5141,7 @@ public static Set extractEnvironmentsForAPI(List environmen Set environmentStringSet = null; if (environments == null) { - environmentStringSet = extractVisibleEnvironmentsForUser(environments, organization, userName); + environmentStringSet = extractVisibleEnvironmentsForUser(null, organization, userName); } else { // Handle not to publish to any of the gateways if (environments.contains(APIConstants.API_GATEWAY_NONE)) { diff --git a/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/gen/java/org/wso2/carbon/apimgt/rest/api/admin/v1/dto/EnvironmentDTO.java b/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/gen/java/org/wso2/carbon/apimgt/rest/api/admin/v1/dto/EnvironmentDTO.java index 1df0e1f0e62f..11cef82462f0 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/gen/java/org/wso2/carbon/apimgt/rest/api/admin/v1/dto/EnvironmentDTO.java +++ b/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/gen/java/org/wso2/carbon/apimgt/rest/api/admin/v1/dto/EnvironmentDTO.java @@ -7,6 +7,7 @@ import java.util.ArrayList; import java.util.List; import org.wso2.carbon.apimgt.rest.api.admin.v1.dto.AdditionalPropertyDTO; +import org.wso2.carbon.apimgt.rest.api.admin.v1.dto.EnvironmentPermissionsDTO; import org.wso2.carbon.apimgt.rest.api.admin.v1.dto.GatewayEnvironmentProtocolURIDTO; import org.wso2.carbon.apimgt.rest.api.admin.v1.dto.VHostDTO; import javax.validation.constraints.*; @@ -30,13 +31,13 @@ public class EnvironmentDTO { private String displayName = null; private String provider = null; private String type = "hybrid"; - private String visibility = "all"; private String gatewayType = "Regular"; private String description = null; private Boolean isReadOnly = null; private List vhosts = new ArrayList(); private List endpointURIs = new ArrayList(); private List additionalProperties = new ArrayList(); + private EnvironmentPermissionsDTO permissions = null; /** **/ @@ -124,23 +125,6 @@ public void setType(String type) { this.type = type; } - /** - **/ - public EnvironmentDTO visibility(String visibility) { - this.visibility = visibility; - return this; - } - - - @ApiModelProperty(example = "role1, role2", value = "") - @JsonProperty("visibility") - public String getVisibility() { - return visibility; - } - public void setVisibility(String visibility) { - this.visibility = visibility; - } - /** **/ public EnvironmentDTO gatewayType(String gatewayType) { @@ -247,6 +231,24 @@ public void setAdditionalProperties(List additionalProper this.additionalProperties = additionalProperties; } + /** + **/ + public EnvironmentDTO permissions(EnvironmentPermissionsDTO permissions) { + this.permissions = permissions; + return this; + } + + + @ApiModelProperty(value = "") + @Valid + @JsonProperty("permissions") + public EnvironmentPermissionsDTO getPermissions() { + return permissions; + } + public void setPermissions(EnvironmentPermissionsDTO permissions) { + this.permissions = permissions; + } + @Override public boolean equals(java.lang.Object o) { @@ -262,18 +264,18 @@ public boolean equals(java.lang.Object o) { Objects.equals(displayName, environment.displayName) && Objects.equals(provider, environment.provider) && Objects.equals(type, environment.type) && - Objects.equals(visibility, environment.visibility) && Objects.equals(gatewayType, environment.gatewayType) && Objects.equals(description, environment.description) && Objects.equals(isReadOnly, environment.isReadOnly) && Objects.equals(vhosts, environment.vhosts) && Objects.equals(endpointURIs, environment.endpointURIs) && - Objects.equals(additionalProperties, environment.additionalProperties); + Objects.equals(additionalProperties, environment.additionalProperties) && + Objects.equals(permissions, environment.permissions); } @Override public int hashCode() { - return Objects.hash(id, name, displayName, provider, type, visibility, gatewayType, description, isReadOnly, vhosts, endpointURIs, additionalProperties); + return Objects.hash(id, name, displayName, provider, type, gatewayType, description, isReadOnly, vhosts, endpointURIs, additionalProperties, permissions); } @Override @@ -286,13 +288,13 @@ public String toString() { sb.append(" displayName: ").append(toIndentedString(displayName)).append("\n"); sb.append(" provider: ").append(toIndentedString(provider)).append("\n"); sb.append(" type: ").append(toIndentedString(type)).append("\n"); - sb.append(" visibility: ").append(toIndentedString(visibility)).append("\n"); sb.append(" gatewayType: ").append(toIndentedString(gatewayType)).append("\n"); sb.append(" description: ").append(toIndentedString(description)).append("\n"); sb.append(" isReadOnly: ").append(toIndentedString(isReadOnly)).append("\n"); sb.append(" vhosts: ").append(toIndentedString(vhosts)).append("\n"); sb.append(" endpointURIs: ").append(toIndentedString(endpointURIs)).append("\n"); sb.append(" additionalProperties: ").append(toIndentedString(additionalProperties)).append("\n"); + sb.append(" permissions: ").append(toIndentedString(permissions)).append("\n"); sb.append("}"); return sb.toString(); } diff --git a/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/gen/java/org/wso2/carbon/apimgt/rest/api/admin/v1/dto/EnvironmentPermissionsDTO.java b/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/gen/java/org/wso2/carbon/apimgt/rest/api/admin/v1/dto/EnvironmentPermissionsDTO.java new file mode 100644 index 000000000000..bb18457a412e --- /dev/null +++ b/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/gen/java/org/wso2/carbon/apimgt/rest/api/admin/v1/dto/EnvironmentPermissionsDTO.java @@ -0,0 +1,135 @@ +package org.wso2.carbon.apimgt.rest.api.admin.v1.dto; + +import com.fasterxml.jackson.annotation.JsonProperty; +import com.fasterxml.jackson.annotation.JsonCreator; +import io.swagger.annotations.ApiModel; +import io.swagger.annotations.ApiModelProperty; +import java.util.ArrayList; +import java.util.List; +import javax.validation.constraints.*; + + +import io.swagger.annotations.*; +import java.util.Objects; + +import javax.xml.bind.annotation.*; +import org.wso2.carbon.apimgt.rest.api.common.annotations.Scope; +import com.fasterxml.jackson.annotation.JsonCreator; + +import javax.validation.Valid; + + + +public class EnvironmentPermissionsDTO { + + + @XmlType(name="PermissionTypeEnum") + @XmlEnum(String.class) + public enum PermissionTypeEnum { + PUBLIC("PUBLIC"), + ALLOW("ALLOW"), + DENY("DENY"); + private String value; + + PermissionTypeEnum (String v) { + value = v; + } + + public String value() { + return value; + } + + @Override + public String toString() { + return String.valueOf(value); + } + + @JsonCreator + public static PermissionTypeEnum fromValue(String v) { + for (PermissionTypeEnum b : PermissionTypeEnum.values()) { + if (String.valueOf(b.value).equals(v)) { + return b; + } + } +return null; + } + } + private PermissionTypeEnum permissionType = PermissionTypeEnum.PUBLIC; + private List roles = new ArrayList(); + + /** + **/ + public EnvironmentPermissionsDTO permissionType(PermissionTypeEnum permissionType) { + this.permissionType = permissionType; + return this; + } + + + @ApiModelProperty(example = "ALLOW", value = "") + @JsonProperty("permissionType") + public PermissionTypeEnum getPermissionType() { + return permissionType; + } + public void setPermissionType(PermissionTypeEnum permissionType) { + this.permissionType = permissionType; + } + + /** + **/ + public EnvironmentPermissionsDTO roles(List roles) { + this.roles = roles; + return this; + } + + + @ApiModelProperty(value = "") + @JsonProperty("roles") + public List getRoles() { + return roles; + } + public void setRoles(List roles) { + this.roles = roles; + } + + + @Override + public boolean equals(java.lang.Object o) { + if (this == o) { + return true; + } + if (o == null || getClass() != o.getClass()) { + return false; + } + EnvironmentPermissionsDTO environmentPermissions = (EnvironmentPermissionsDTO) o; + return Objects.equals(permissionType, environmentPermissions.permissionType) && + Objects.equals(roles, environmentPermissions.roles); + } + + @Override + public int hashCode() { + return Objects.hash(permissionType, roles); + } + + @Override + public String toString() { + StringBuilder sb = new StringBuilder(); + sb.append("class EnvironmentPermissionsDTO {\n"); + + sb.append(" permissionType: ").append(toIndentedString(permissionType)).append("\n"); + sb.append(" roles: ").append(toIndentedString(roles)).append("\n"); + sb.append("}"); + return sb.toString(); + } + + /** + * Convert the given object to string with each line indented by 4 spaces + * (except the first line). + */ + private String toIndentedString(java.lang.Object o) { + if (o == null) { + return "null"; + } + return o.toString().replace("\n", "\n "); + } +} + diff --git a/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/admin/v1/impl/EnvironmentsApiServiceImpl.java b/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/admin/v1/impl/EnvironmentsApiServiceImpl.java index f305c978a3fa..8804b5b6cb5c 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/admin/v1/impl/EnvironmentsApiServiceImpl.java +++ b/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/admin/v1/impl/EnvironmentsApiServiceImpl.java @@ -5,6 +5,8 @@ import org.apache.commons.logging.LogFactory; import org.wso2.carbon.apimgt.api.APIAdmin; import org.wso2.carbon.apimgt.api.APIManagementException; +import org.wso2.carbon.apimgt.api.ExceptionCodes; +import org.wso2.carbon.apimgt.api.dto.GatewayVisibilityPermissionConfigurationDTO; import org.wso2.carbon.apimgt.api.model.Environment; import org.wso2.carbon.apimgt.impl.APIAdminImpl; import org.wso2.carbon.apimgt.impl.utils.APIUtil; @@ -23,6 +25,7 @@ import java.net.URI; import java.net.URISyntaxException; +import java.util.Arrays; import java.util.List; import javax.ws.rs.core.Response; @@ -69,13 +72,20 @@ public Response environmentsEnvironmentIdPut(String environmentId, EnvironmentDT body.setId(environmentId); String organization = RestApiUtil.getValidatedOrganization(messageContext); Environment env = EnvironmentMappingUtil.fromEnvDtoToEnv(body); - apiAdmin.updateEnvironment(organization, env); + GatewayVisibilityPermissionConfigurationDTO gatewayVisibilityPermissionConfigurationDTO = + env.getPermissions(); URI location = null; try { - location = new URI(RestApiConstants.RESOURCE_PATH_ENVIRONMENT + "/" + environmentId); + this.validatePermissions(gatewayVisibilityPermissionConfigurationDTO); + apiAdmin.updateEnvironment(organization, env); + location = new URI(RestApiConstants.RESOURCE_PATH_ENVIRONMENT + "/" + environmentId); } catch (URISyntaxException e) { String errorMessage = "Error while updating Environment : " + environmentId; RestApiUtil.handleInternalServerError(errorMessage, e, log); + } catch (IllegalArgumentException e) { + String error = "Error while storing gateway visibility permissions with name " + + body.getName() + " in tenant " + organization; + throw new APIManagementException(error, e, ExceptionCodes.ROLE_DOES_NOT_EXIST); } String info = "{'id':'" + environmentId + "'}"; APIUtil.logAuditMessage(APIConstants.AuditLogConstants.GATEWAY_ENVIRONMENTS, info, @@ -106,10 +116,9 @@ public Response environmentsGet(MessageContext messageContext) throws APIManagem * @throws APIManagementException if failed to create */ public Response environmentsPost(EnvironmentDTO body, MessageContext messageContext) throws APIManagementException { + String organization = RestApiUtil.getValidatedOrganization(messageContext); try { APIAdmin apiAdmin = new APIAdminImpl(); - //String tenantDomain = RestApiCommonUtil.getLoggedInUserTenantDomain(); - String organization = RestApiUtil.getValidatedOrganization(messageContext); String gatewayType = body.getGatewayType(); if (!(APIConstants.API_GATEWAY_TYPE_REGULAR.equals(gatewayType) || APIConstants.API_GATEWAY_TYPE_APK.equals(gatewayType))) { throw new APIManagementException("Invalid gateway type: " + gatewayType); @@ -119,6 +128,9 @@ public Response environmentsPost(EnvironmentDTO body, MessageContext messageCont } Environment env = EnvironmentMappingUtil.fromEnvDtoToEnv(body); EnvironmentDTO envDTO = EnvironmentMappingUtil.fromEnvToEnvDTO(apiAdmin.addEnvironment(organization, env)); + GatewayVisibilityPermissionConfigurationDTO gatewayVisibilityPermissionConfigurationDTO = + env.getPermissions(); + this.validatePermissions(gatewayVisibilityPermissionConfigurationDTO); URI location = new URI(RestApiConstants.RESOURCE_PATH_ENVIRONMENT + "/" + envDTO.getId()); APIUtil.logAuditMessage(APIConstants.AuditLogConstants.GATEWAY_ENVIRONMENTS, new Gson().toJson(envDTO), APIConstants.AuditLogConstants.CREATED, RestApiCommonUtil.getLoggedInUsername()); @@ -126,10 +138,32 @@ public Response environmentsPost(EnvironmentDTO body, MessageContext messageCont } catch (URISyntaxException e) { String errorMessage = "Error while adding gateway environment : " + body.getName() + "-" + e.getMessage(); RestApiUtil.handleInternalServerError(errorMessage, e, log); + } catch (IllegalArgumentException e) { + String error = "Error while storing gateway visibility permission roles with name " + + body.getName() + " in tenant " + organization; + throw new APIManagementException(error, e, ExceptionCodes.ROLE_DOES_NOT_EXIST); } return null; } + public void validatePermissions(GatewayVisibilityPermissionConfigurationDTO permissionDTO) + throws IllegalArgumentException, APIManagementException { + + if (permissionDTO != null && permissionDTO.getRoles() != null) { + String username = RestApiCommonUtil.getLoggedInUsername(); + String[] allowedPermissionTypes = {"PUBLIC", "ALLOW", "DENY"}; + String permissionType = permissionDTO.getPermissionType(); + if (!Arrays.stream(allowedPermissionTypes).anyMatch(permissionType::equals)) { + throw new APIManagementException("Invalid permission type"); + } + for (String role : permissionDTO.getRoles()) { + if (!APIUtil.isRoleNameExist(username, role)) { + throw new IllegalArgumentException("Invalid user roles found in visibleRoles list"); + } + } + } + } + /** * Check whether the vhost configuration is supported for APK gateway type * @param vhosts diff --git a/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/admin/v1/utils/mappings/EnvironmentMappingUtil.java b/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/admin/v1/utils/mappings/EnvironmentMappingUtil.java index b64facf77c46..1951448641f9 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/admin/v1/utils/mappings/EnvironmentMappingUtil.java +++ b/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/admin/v1/utils/mappings/EnvironmentMappingUtil.java @@ -17,11 +17,13 @@ package org.wso2.carbon.apimgt.rest.api.admin.v1.utils.mappings; +import org.wso2.carbon.apimgt.api.dto.GatewayVisibilityPermissionConfigurationDTO; import org.wso2.carbon.apimgt.api.model.Environment; import org.wso2.carbon.apimgt.api.model.VHost; import org.wso2.carbon.apimgt.rest.api.admin.v1.dto.AdditionalPropertyDTO; import org.wso2.carbon.apimgt.rest.api.admin.v1.dto.EnvironmentDTO; import org.wso2.carbon.apimgt.rest.api.admin.v1.dto.EnvironmentListDTO; +import org.wso2.carbon.apimgt.rest.api.admin.v1.dto.EnvironmentPermissionsDTO; import org.wso2.carbon.apimgt.rest.api.admin.v1.dto.VHostDTO; import java.util.ArrayList; @@ -63,12 +65,19 @@ public static EnvironmentDTO fromEnvToEnvDTO(Environment env) { envDTO.setDescription(env.getDescription()); envDTO.setProvider(env.getProvider()); envDTO.setGatewayType(env.getGatewayType()); - envDTO.setVisibility(env.getVisibility()); envDTO.setIsReadOnly(env.isReadOnly()); envDTO.setVhosts(env.getVhosts().stream().map(EnvironmentMappingUtil::fromVHostToVHostDTO) .collect(Collectors.toList())); envDTO.setAdditionalProperties(fromAdditionalPropertiesToAdditionalPropertiesDTO (env.getAdditionalProperties())); + GatewayVisibilityPermissionConfigurationDTO permissions = env.getPermissions(); + if (permissions != null) { + EnvironmentPermissionsDTO environmentPermissionsDTO = new EnvironmentPermissionsDTO(); + environmentPermissionsDTO.setPermissionType(EnvironmentPermissionsDTO.PermissionTypeEnum + .fromValue(permissions.getPermissionType())); + environmentPermissionsDTO.setRoles(permissions.getRoles()); + envDTO.setPermissions(environmentPermissionsDTO); + } return envDTO; } @@ -135,12 +144,20 @@ public static Environment fromEnvDtoToEnv(EnvironmentDTO envDTO) { env.setDescription(envDTO.getDescription()); env.setProvider(envDTO.getProvider()); env.setGatewayType(envDTO.getGatewayType()); - env.setVisibility(envDTO.getVisibility()); env.setReadOnly(false); env.setVhosts(envDTO.getVhosts().stream().map(EnvironmentMappingUtil::fromVHostDtoToVHost) .collect(Collectors.toList())); env.setAdditionalProperties(fromAdditionalPropertiesDTOToAdditionalProperties (envDTO.getAdditionalProperties())); + EnvironmentPermissionsDTO permissions = envDTO.getPermissions(); + if (permissions != null && permissions.getPermissionType() != null) { + GatewayVisibilityPermissionConfigurationDTO permissionsConfiguration = new GatewayVisibilityPermissionConfigurationDTO(); + permissionsConfiguration.setPermissionType(permissions.getPermissionType().toString()); + permissionsConfiguration.setRoles(permissions.getRoles()); + env.setPermissions(permissionsConfiguration); + } else { + env.setPermissions(new GatewayVisibilityPermissionConfigurationDTO()); + } return env; } diff --git a/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/resources/admin-api.yaml b/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/resources/admin-api.yaml index 28005fc5c5db..64dabe3665eb 100755 --- a/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/resources/admin-api.yaml +++ b/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/resources/admin-api.yaml @@ -4674,10 +4674,6 @@ components: type: string default: hybrid example: hybrid - visibility: - type: string - default: all - example: role1, role2 gatewayType: type: string example: Regular @@ -4703,6 +4699,22 @@ components: type: array items: $ref: '#/components/schemas/AdditionalProperty' + permissions: + type: object + properties: + permissionType: + type: string + example: ALLOW + default: PUBLIC + enum: + - PUBLIC + - ALLOW + - DENY + roles: + type: array + items: + type: string + example: Internal/everyone EnvironmentList: title: Environment List type: object diff --git a/components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/admin-api.yaml b/components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/admin-api.yaml index 28005fc5c5db..64dabe3665eb 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/admin-api.yaml +++ b/components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/admin-api.yaml @@ -4674,10 +4674,6 @@ components: type: string default: hybrid example: hybrid - visibility: - type: string - default: all - example: role1, role2 gatewayType: type: string example: Regular @@ -4703,6 +4699,22 @@ components: type: array items: $ref: '#/components/schemas/AdditionalProperty' + permissions: + type: object + properties: + permissionType: + type: string + example: ALLOW + default: PUBLIC + enum: + - PUBLIC + - ALLOW + - DENY + roles: + type: array + items: + type: string + example: Internal/everyone EnvironmentList: title: Environment List type: object diff --git a/components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml b/components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml index 3f9c3ad949c2..79a4629ce01a 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml +++ b/components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml @@ -10589,6 +10589,14 @@ components: visibility: type: string example: Role1, Role2 + permissionType: + type: string + example: PUBLIC + default: PUBLIC + enum: + - PUBLIC + - ALLOW + - DENY displayOnDevportal: type: boolean example: true @@ -11838,9 +11846,6 @@ components: provider: type: string example: wso2 - visibility: - type: string - example: Role1, Role2 showInApiConsole: type: boolean example: true @@ -11856,6 +11861,22 @@ components: type: array items: $ref: '#/components/schemas/AdditionalProperty' + permissions: + type: object + properties: + permissionType: + type: string + example: ALLOW + default: PUBLIC + enum: + - PUBLIC + - ALLOW + - DENY + roles: + type: array + items: + type: string + example: Internal/everyone EnvironmentList: title: Environment List type: object diff --git a/components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/gen/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/dto/APIRevisionDeploymentDTO.java b/components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/gen/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/dto/APIRevisionDeploymentDTO.java index 38f98d173aaa..8d63ee756e32 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/gen/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/dto/APIRevisionDeploymentDTO.java +++ b/components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/gen/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/dto/APIRevisionDeploymentDTO.java @@ -57,6 +57,39 @@ public static StatusEnum fromValue(String v) { private StatusEnum status = StatusEnum.CREATED; private String vhost = null; private String visibility = null; + + @XmlType(name="PermissionTypeEnum") + @XmlEnum(String.class) + public enum PermissionTypeEnum { + PUBLIC("PUBLIC"), + ALLOW("ALLOW"), + DENY("DENY"); + private String value; + + PermissionTypeEnum (String v) { + value = v; + } + + public String value() { + return value; + } + + @Override + public String toString() { + return String.valueOf(value); + } + + @JsonCreator + public static PermissionTypeEnum fromValue(String v) { + for (PermissionTypeEnum b : PermissionTypeEnum.values()) { + if (String.valueOf(b.value).equals(v)) { + return b; + } + } +return null; + } + } + private PermissionTypeEnum permissionType = PermissionTypeEnum.PUBLIC; private Boolean displayOnDevportal = true; private java.util.Date deployedTime = null; private java.util.Date successDeployedTime = null; @@ -146,6 +179,23 @@ public void setVisibility(String visibility) { this.visibility = visibility; } + /** + **/ + public APIRevisionDeploymentDTO permissionType(PermissionTypeEnum permissionType) { + this.permissionType = permissionType; + return this; + } + + + @ApiModelProperty(example = "PUBLIC", value = "") + @JsonProperty("permissionType") + public PermissionTypeEnum getPermissionType() { + return permissionType; + } + public void setPermissionType(PermissionTypeEnum permissionType) { + this.permissionType = permissionType; + } + /** **/ public APIRevisionDeploymentDTO displayOnDevportal(Boolean displayOnDevportal) { @@ -212,6 +262,7 @@ public boolean equals(java.lang.Object o) { Objects.equals(status, apIRevisionDeployment.status) && Objects.equals(vhost, apIRevisionDeployment.vhost) && Objects.equals(visibility, apIRevisionDeployment.visibility) && + Objects.equals(permissionType, apIRevisionDeployment.permissionType) && Objects.equals(displayOnDevportal, apIRevisionDeployment.displayOnDevportal) && Objects.equals(deployedTime, apIRevisionDeployment.deployedTime) && Objects.equals(successDeployedTime, apIRevisionDeployment.successDeployedTime); @@ -219,7 +270,7 @@ public boolean equals(java.lang.Object o) { @Override public int hashCode() { - return Objects.hash(revisionUuid, name, status, vhost, visibility, displayOnDevportal, deployedTime, successDeployedTime); + return Objects.hash(revisionUuid, name, status, vhost, visibility, permissionType, displayOnDevportal, deployedTime, successDeployedTime); } @Override @@ -232,6 +283,7 @@ public String toString() { sb.append(" status: ").append(toIndentedString(status)).append("\n"); sb.append(" vhost: ").append(toIndentedString(vhost)).append("\n"); sb.append(" visibility: ").append(toIndentedString(visibility)).append("\n"); + sb.append(" permissionType: ").append(toIndentedString(permissionType)).append("\n"); sb.append(" displayOnDevportal: ").append(toIndentedString(displayOnDevportal)).append("\n"); sb.append(" deployedTime: ").append(toIndentedString(deployedTime)).append("\n"); sb.append(" successDeployedTime: ").append(toIndentedString(successDeployedTime)).append("\n"); diff --git a/components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/gen/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/dto/EnvironmentDTO.java b/components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/gen/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/dto/EnvironmentDTO.java index f6efe65399ca..24aa315f85f6 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/gen/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/dto/EnvironmentDTO.java +++ b/components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/gen/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/dto/EnvironmentDTO.java @@ -7,6 +7,7 @@ import java.util.ArrayList; import java.util.List; import org.wso2.carbon.apimgt.rest.api.publisher.v1.dto.AdditionalPropertyDTO; +import org.wso2.carbon.apimgt.rest.api.publisher.v1.dto.EnvironmentPermissionsDTO; import org.wso2.carbon.apimgt.rest.api.publisher.v1.dto.GatewayEnvironmentProtocolURIDTO; import org.wso2.carbon.apimgt.rest.api.publisher.v1.dto.VHostDTO; import javax.validation.constraints.*; @@ -32,11 +33,11 @@ public class EnvironmentDTO { private String gatewayType = "Regular"; private String serverUrl = null; private String provider = null; - private String visibility = null; private Boolean showInApiConsole = null; private List vhosts = new ArrayList(); private List endpointURIs = new ArrayList(); private List additionalProperties = new ArrayList(); + private EnvironmentPermissionsDTO permissions = null; /** **/ @@ -161,23 +162,6 @@ public void setProvider(String provider) { this.provider = provider; } - /** - **/ - public EnvironmentDTO visibility(String visibility) { - this.visibility = visibility; - return this; - } - - - @ApiModelProperty(example = "Role1, Role2", value = "") - @JsonProperty("visibility") - public String getVisibility() { - return visibility; - } - public void setVisibility(String visibility) { - this.visibility = visibility; - } - /** **/ public EnvironmentDTO showInApiConsole(Boolean showInApiConsole) { @@ -250,6 +234,24 @@ public void setAdditionalProperties(List additionalProper this.additionalProperties = additionalProperties; } + /** + **/ + public EnvironmentDTO permissions(EnvironmentPermissionsDTO permissions) { + this.permissions = permissions; + return this; + } + + + @ApiModelProperty(value = "") + @Valid + @JsonProperty("permissions") + public EnvironmentPermissionsDTO getPermissions() { + return permissions; + } + public void setPermissions(EnvironmentPermissionsDTO permissions) { + this.permissions = permissions; + } + @Override public boolean equals(java.lang.Object o) { @@ -267,16 +269,16 @@ public boolean equals(java.lang.Object o) { Objects.equals(gatewayType, environment.gatewayType) && Objects.equals(serverUrl, environment.serverUrl) && Objects.equals(provider, environment.provider) && - Objects.equals(visibility, environment.visibility) && Objects.equals(showInApiConsole, environment.showInApiConsole) && Objects.equals(vhosts, environment.vhosts) && Objects.equals(endpointURIs, environment.endpointURIs) && - Objects.equals(additionalProperties, environment.additionalProperties); + Objects.equals(additionalProperties, environment.additionalProperties) && + Objects.equals(permissions, environment.permissions); } @Override public int hashCode() { - return Objects.hash(id, name, displayName, type, gatewayType, serverUrl, provider, visibility, showInApiConsole, vhosts, endpointURIs, additionalProperties); + return Objects.hash(id, name, displayName, type, gatewayType, serverUrl, provider, showInApiConsole, vhosts, endpointURIs, additionalProperties, permissions); } @Override @@ -291,11 +293,11 @@ public String toString() { sb.append(" gatewayType: ").append(toIndentedString(gatewayType)).append("\n"); sb.append(" serverUrl: ").append(toIndentedString(serverUrl)).append("\n"); sb.append(" provider: ").append(toIndentedString(provider)).append("\n"); - sb.append(" visibility: ").append(toIndentedString(visibility)).append("\n"); sb.append(" showInApiConsole: ").append(toIndentedString(showInApiConsole)).append("\n"); sb.append(" vhosts: ").append(toIndentedString(vhosts)).append("\n"); sb.append(" endpointURIs: ").append(toIndentedString(endpointURIs)).append("\n"); sb.append(" additionalProperties: ").append(toIndentedString(additionalProperties)).append("\n"); + sb.append(" permissions: ").append(toIndentedString(permissions)).append("\n"); sb.append("}"); return sb.toString(); } diff --git a/components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/gen/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/dto/EnvironmentPermissionsDTO.java b/components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/gen/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/dto/EnvironmentPermissionsDTO.java new file mode 100644 index 000000000000..136a46905d86 --- /dev/null +++ b/components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/gen/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/dto/EnvironmentPermissionsDTO.java @@ -0,0 +1,135 @@ +package org.wso2.carbon.apimgt.rest.api.publisher.v1.dto; + +import com.fasterxml.jackson.annotation.JsonProperty; +import com.fasterxml.jackson.annotation.JsonCreator; +import io.swagger.annotations.ApiModel; +import io.swagger.annotations.ApiModelProperty; +import java.util.ArrayList; +import java.util.List; +import javax.validation.constraints.*; + + +import io.swagger.annotations.*; +import java.util.Objects; + +import javax.xml.bind.annotation.*; +import org.wso2.carbon.apimgt.rest.api.common.annotations.Scope; +import com.fasterxml.jackson.annotation.JsonCreator; + +import javax.validation.Valid; + + + +public class EnvironmentPermissionsDTO { + + + @XmlType(name="PermissionTypeEnum") + @XmlEnum(String.class) + public enum PermissionTypeEnum { + PUBLIC("PUBLIC"), + ALLOW("ALLOW"), + DENY("DENY"); + private String value; + + PermissionTypeEnum (String v) { + value = v; + } + + public String value() { + return value; + } + + @Override + public String toString() { + return String.valueOf(value); + } + + @JsonCreator + public static PermissionTypeEnum fromValue(String v) { + for (PermissionTypeEnum b : PermissionTypeEnum.values()) { + if (String.valueOf(b.value).equals(v)) { + return b; + } + } +return null; + } + } + private PermissionTypeEnum permissionType = PermissionTypeEnum.PUBLIC; + private List roles = new ArrayList(); + + /** + **/ + public EnvironmentPermissionsDTO permissionType(PermissionTypeEnum permissionType) { + this.permissionType = permissionType; + return this; + } + + + @ApiModelProperty(example = "ALLOW", value = "") + @JsonProperty("permissionType") + public PermissionTypeEnum getPermissionType() { + return permissionType; + } + public void setPermissionType(PermissionTypeEnum permissionType) { + this.permissionType = permissionType; + } + + /** + **/ + public EnvironmentPermissionsDTO roles(List roles) { + this.roles = roles; + return this; + } + + + @ApiModelProperty(value = "") + @JsonProperty("roles") + public List getRoles() { + return roles; + } + public void setRoles(List roles) { + this.roles = roles; + } + + + @Override + public boolean equals(java.lang.Object o) { + if (this == o) { + return true; + } + if (o == null || getClass() != o.getClass()) { + return false; + } + EnvironmentPermissionsDTO environmentPermissions = (EnvironmentPermissionsDTO) o; + return Objects.equals(permissionType, environmentPermissions.permissionType) && + Objects.equals(roles, environmentPermissions.roles); + } + + @Override + public int hashCode() { + return Objects.hash(permissionType, roles); + } + + @Override + public String toString() { + StringBuilder sb = new StringBuilder(); + sb.append("class EnvironmentPermissionsDTO {\n"); + + sb.append(" permissionType: ").append(toIndentedString(permissionType)).append("\n"); + sb.append(" roles: ").append(toIndentedString(roles)).append("\n"); + sb.append("}"); + return sb.toString(); + } + + /** + * Convert the given object to string with each line indented by 4 spaces + * (except the first line). + */ + private String toIndentedString(java.lang.Object o) { + if (o == null) { + return "null"; + } + return o.toString().replace("\n", "\n "); + } +} + diff --git a/components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/common/mappings/APIMappingUtil.java b/components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/common/mappings/APIMappingUtil.java index 146cebac0cba..75004e1058d3 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/common/mappings/APIMappingUtil.java +++ b/components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/common/mappings/APIMappingUtil.java @@ -1084,7 +1084,8 @@ public static APIDTO fromAPItoDTO(API model, APIProvider apiProvider) } public static APIDTO fromAPItoDTO(API model, boolean preserveCredentials, - APIProvider apiProviderParam) throws APIManagementException { + APIProvider apiProviderParam) + throws APIManagementException { APIProvider apiProvider; if (apiProviderParam != null) { diff --git a/components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/common/mappings/EnvironmentMappingUtil.java b/components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/common/mappings/EnvironmentMappingUtil.java index 414323dc7fa8..c55436042143 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/common/mappings/EnvironmentMappingUtil.java +++ b/components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/common/mappings/EnvironmentMappingUtil.java @@ -20,6 +20,7 @@ package org.wso2.carbon.apimgt.rest.api.publisher.v1.common.mappings; +import org.wso2.carbon.apimgt.api.dto.GatewayVisibilityPermissionConfigurationDTO; import org.wso2.carbon.apimgt.api.model.AsyncProtocolEndpoint; import org.wso2.carbon.apimgt.api.model.Environment; import org.wso2.carbon.apimgt.api.model.VHost; @@ -28,6 +29,7 @@ import org.wso2.carbon.apimgt.rest.api.publisher.v1.dto.AdditionalPropertyDTO; import org.wso2.carbon.apimgt.rest.api.publisher.v1.dto.EnvironmentDTO; import org.wso2.carbon.apimgt.rest.api.publisher.v1.dto.EnvironmentListDTO; +import org.wso2.carbon.apimgt.rest.api.publisher.v1.dto.EnvironmentPermissionsDTO; import org.wso2.carbon.apimgt.rest.api.publisher.v1.dto.GatewayEnvironmentProtocolURIDTO; import org.wso2.carbon.apimgt.rest.api.publisher.v1.dto.VHostDTO; @@ -59,7 +61,14 @@ public static EnvironmentDTO fromEnvironmentToDTO(Environment environment) { environmentDTO.setServerUrl(environment.getServerURL()); environmentDTO.setShowInApiConsole(environment.isShowInConsole()); environmentDTO.setProvider(environment.getProvider()); - environmentDTO.setVisibility(environment.getVisibility()); + GatewayVisibilityPermissionConfigurationDTO permissions = environment.getPermissions(); + if (permissions != null) { + EnvironmentPermissionsDTO environmentPermissionsDTO = new EnvironmentPermissionsDTO(); + environmentPermissionsDTO.setPermissionType(EnvironmentPermissionsDTO.PermissionTypeEnum + .fromValue(permissions.getPermissionType())); + environmentPermissionsDTO.setRoles(permissions.getRoles()); + environmentDTO.setPermissions(environmentPermissionsDTO); + } environmentDTO.setVhosts(environment.getVhosts().stream().map(EnvironmentMappingUtil::fromVHostToVHostDTO) .collect(Collectors.toList())); environmentDTO.setAdditionalProperties(fromAdditionalPropertiesToAdditionalPropertiesDTO diff --git a/components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/impl/ApisApiServiceImpl.java b/components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/impl/ApisApiServiceImpl.java index 92e047e36f95..1aeca934c640 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/impl/ApisApiServiceImpl.java +++ b/components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/impl/ApisApiServiceImpl.java @@ -4583,7 +4583,8 @@ public Response updateAPIDeployment(String apiId, String deploymentId, APIRevisi String decodedDeploymentName = ApisApiServiceImplUtils.getDecodedDeploymentName(deploymentId); Map environments = APIUtil.getEnvironments(organization); APIRevisionDeployment apiRevisionDeployment = ApisApiServiceImplUtils.mapApiRevisionDeployment(revisionId, vhost, - displayOnDevportal, decodedDeploymentName, environments.get(decodedDeploymentName).getVisibility()); + displayOnDevportal, decodedDeploymentName, environments.get(decodedDeploymentName).getVisibility(), + environments.get(decodedDeploymentName).getPermissions().getPermissionType()); apiProvider.updateAPIDisplayOnDevportal(apiId, revisionId, apiRevisionDeployment); APIRevisionDeployment apiRevisionDeploymentsResponse = apiProvider. getAPIRevisionDeployment(decodedDeploymentName, revisionId); diff --git a/components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1/src/main/resources/publisher-api.yaml b/components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1/src/main/resources/publisher-api.yaml index 3f9c3ad949c2..79a4629ce01a 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1/src/main/resources/publisher-api.yaml +++ b/components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1/src/main/resources/publisher-api.yaml @@ -10589,6 +10589,14 @@ components: visibility: type: string example: Role1, Role2 + permissionType: + type: string + example: PUBLIC + default: PUBLIC + enum: + - PUBLIC + - ALLOW + - DENY displayOnDevportal: type: boolean example: true @@ -11838,9 +11846,6 @@ components: provider: type: string example: wso2 - visibility: - type: string - example: Role1, Role2 showInApiConsole: type: boolean example: true @@ -11856,6 +11861,22 @@ components: type: array items: $ref: '#/components/schemas/AdditionalProperty' + permissions: + type: object + properties: + permissionType: + type: string + example: ALLOW + default: PUBLIC + enum: + - PUBLIC + - ALLOW + - DENY + roles: + type: array + items: + type: string + example: Internal/everyone EnvironmentList: title: Environment List type: object diff --git a/components/apimgt/org.wso2.carbon.apimgt.rest.api.store.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/store/v1/mappings/APIMappingUtil.java b/components/apimgt/org.wso2.carbon.apimgt.rest.api.store.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/store/v1/mappings/APIMappingUtil.java index 8c756afdc82a..6a89b988bf8e 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.rest.api.store.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/store/v1/mappings/APIMappingUtil.java +++ b/components/apimgt/org.wso2.carbon.apimgt.rest.api.store.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/store/v1/mappings/APIMappingUtil.java @@ -512,7 +512,9 @@ private static List setEndpointURLsForAwsAPIs(ApiTypeWrappe public static List fromAPIRevisionListToEndpointsList(APIDTO apidto, String organization) throws APIManagementException { - Map environments = APIUtil.extractVisibleEnvironmentsForUser(organization, RestApiCommonUtil.getLoggedInUsername()); + Map environmentsMap = APIUtil.getEnvironments(organization); + List environmentsList = new ArrayList(environmentsMap.values()); + Map permittedEnvironments = APIUtil.extractVisibleEnvironmentsForUser(environmentsList, RestApiCommonUtil.getLoggedInUsername()); APIConsumer apiConsumer = RestApiCommonUtil.getLoggedInUserConsumer(); List revisionDeployments = apiConsumer.getAPIRevisionDeploymentListOfAPI(apidto.getId()); @@ -528,7 +530,7 @@ public static List fromAPIRevisionListToEndpointsList(APIDTO for (APIRevisionDeployment revisionDeployment : revisionDeployments) { if (revisionDeployment.isDisplayOnDevportal()) { // Deployed environment - Environment environment = environments.get(revisionDeployment.getDeployment()); + Environment environment = permittedEnvironments.get(revisionDeployment.getDeployment()); if (environment != null) { APIEndpointURLsDTO apiEndpointURLsDTO = fromAPIRevisionToEndpoints(apidto, environment, revisionDeployment.getVhost(), customGatewayUrl, organization); diff --git a/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/multi-dc/OGG/oracle/apimgt/tables.sql b/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/multi-dc/OGG/oracle/apimgt/tables.sql index 27d2e24c8ba8..6aca11265625 100644 --- a/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/multi-dc/OGG/oracle/apimgt/tables.sql +++ b/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/multi-dc/OGG/oracle/apimgt/tables.sql @@ -2113,6 +2113,14 @@ CREATE TABLE AM_GATEWAY_ENVIRONMENT ( UNIQUE (UUID), PRIMARY KEY (ID)) / +CREATE TABLE AM_GATEWAY_PERMISSIONS ( + GATEWAY_UUID VARCHAR(50) NOT NULL, + PERMISSIONS_TYPE VARCHAR(50) NOT NULL, + ROLE VARCHAR(255), + PRIMARY KEY (GATEWAY_UUID, ROLE), + FOREIGN KEY (GATEWAY_UUID) REFERENCES AM_GATEWAY_ENVIRONMENT(UUID) ON DELETE CASCADE +) +/ CREATE TABLE AM_GW_VHOST ( GATEWAY_ENV_ID INTEGER NOT NULL, HOST VARCHAR(255) NOT NULL, diff --git a/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/multi-dc/OGG/oracle/apimgt/tables_23c.sql b/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/multi-dc/OGG/oracle/apimgt/tables_23c.sql index 470a1ce503b7..da907b8646b8 100644 --- a/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/multi-dc/OGG/oracle/apimgt/tables_23c.sql +++ b/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/multi-dc/OGG/oracle/apimgt/tables_23c.sql @@ -2088,6 +2088,8 @@ CREATE TABLE AM_DEPLOYMENT_REVISION_MAPPING ( REVISION_STATUS VARCHAR(255) NULL, DISPLAY_ON_DEVPORTAL INTEGER DEFAULT 0, DEPLOYED_TIME TIMESTAMP DEFAULT CURRENT_TIMESTAMP, + GW_VISIBILITY VARCHAR(2048) NULL, + PERMISSION_TYPE VARCHAR(255) DEFAULT 'PUBLIC', PRIMARY KEY (NAME, REVISION_UUID), FOREIGN KEY (REVISION_UUID) REFERENCES AM_REVISION(REVISION_UUID) ON DELETE CASCADE) / @@ -2113,6 +2115,14 @@ CREATE TABLE AM_GATEWAY_ENVIRONMENT ( UNIQUE (UUID), PRIMARY KEY (ID)) / +CREATE TABLE AM_GATEWAY_PERMISSIONS ( + GATEWAY_UUID VARCHAR(50) NOT NULL, + PERMISSIONS_TYPE VARCHAR(50) NOT NULL, + ROLE VARCHAR(255), + PRIMARY KEY (GATEWAY_UUID, ROLE), + FOREIGN KEY (GATEWAY_UUID) REFERENCES AM_GATEWAY_ENVIRONMENT(UUID) ON DELETE CASCADE +) +/ CREATE TABLE AM_GW_VHOST ( GATEWAY_ENV_ID INTEGER NOT NULL, HOST VARCHAR(255) NOT NULL, diff --git a/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/multi-dc/Postgresql/apimgt/tables.sql b/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/multi-dc/Postgresql/apimgt/tables.sql index ff29b309ce0b..7a910040db1a 100644 --- a/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/multi-dc/Postgresql/apimgt/tables.sql +++ b/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/multi-dc/Postgresql/apimgt/tables.sql @@ -2567,6 +2567,8 @@ CREATE TABLE IF NOT EXISTS AM_DEPLOYMENT_REVISION_MAPPING ( REVISION_STATUS VARCHAR(255) NULL, DISPLAY_ON_DEVPORTAL BOOLEAN DEFAULT '0', DEPLOYED_TIME TIMESTAMP DEFAULT CURRENT_TIMESTAMP, + GW_VISIBILITY VARCHAR(2048) NULL, + PERMISSION_TYPE VARCHAR(255) DEFAULT 'PUBLIC', PRIMARY KEY (NAME, REVISION_UUID), FOREIGN KEY (REVISION_UUID) REFERENCES AM_REVISION(REVISION_UUID) ON UPDATE CASCADE ON DELETE CASCADE ); @@ -2599,7 +2601,13 @@ CREATE TABLE IF NOT EXISTS AM_GATEWAY_ENVIRONMENT ( UNIQUE (UUID), PRIMARY KEY (ID) ); - +CREATE TABLE AM_GATEWAY_PERMISSIONS ( + GATEWAY_UUID VARCHAR(50) NOT NULL, + PERMISSIONS_TYPE VARCHAR(50) NOT NULL, + ROLE VARCHAR(255), + PRIMARY KEY (GATEWAY_UUID, ROLE), + FOREIGN KEY (GATEWAY_UUID) REFERENCES AM_GATEWAY_ENVIRONMENT(UUID) ON DELETE CASCADE +); -- Virtual Hosts Table -- DROP TABLE IF EXISTS AM_GW_VHOST; CREATE TABLE IF NOT EXISTS AM_GW_VHOST ( diff --git a/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/multi-dc/SQLServer/mssql/apimgt/tables.sql b/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/multi-dc/SQLServer/mssql/apimgt/tables.sql index 8ce87ce766fe..5e6e1b786d42 100644 --- a/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/multi-dc/SQLServer/mssql/apimgt/tables.sql +++ b/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/multi-dc/SQLServer/mssql/apimgt/tables.sql @@ -2456,6 +2456,8 @@ CREATE TABLE AM_DEPLOYMENT_REVISION_MAPPING ( REVISION_STATUS VARCHAR(255) NULL, DISPLAY_ON_DEVPORTAL BIT DEFAULT 0, DEPLOYED_TIME DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP, + GW_VISIBILITY VARCHAR(2048) NULL, + PERMISSION_TYPE VARCHAR(255) DEFAULT 'PUBLIC', PRIMARY KEY (NAME, REVISION_UUID), FOREIGN KEY (REVISION_UUID) REFERENCES AM_REVISION(REVISION_UUID) ON UPDATE CASCADE ON DELETE CASCADE ); @@ -2487,6 +2489,13 @@ CREATE TABLE AM_GATEWAY_ENVIRONMENT ( PRIMARY KEY (ID) ); +CREATE TABLE AM_GATEWAY_PERMISSIONS ( + GATEWAY_UUID VARCHAR(50) NOT NULL, + PERMISSIONS_TYPE VARCHAR(50) NOT NULL, + ROLE VARCHAR(255), + PRIMARY KEY (GATEWAY_UUID, ROLE), + FOREIGN KEY (GATEWAY_UUID) REFERENCES AM_GATEWAY_ENVIRONMENT(UUID) ON DELETE CASCADE +); -- Virtual Hosts Table -- IF NOT EXISTS (SELECT * FROM SYS.OBJECTS WHERE OBJECT_ID = OBJECT_ID(N'[DBO].[AM_GW_VHOST]') AND TYPE IN (N'U')) CREATE TABLE AM_GW_VHOST ( diff --git a/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/db2.sql b/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/db2.sql index d63dffeef300..9266ecd5fb4e 100644 --- a/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/db2.sql +++ b/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/db2.sql @@ -2991,6 +2991,7 @@ CREATE TABLE AM_DEPLOYMENT_REVISION_MAPPING ( DISPLAY_ON_DEVPORTAL SMALLINT DEFAULT 0, DEPLOYED_TIME TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, GW_VISIBILITY VARCHAR(2048) NULL, + PERMISSION_TYPE VARCHAR(255) DEFAULT 'PUBLIC', PRIMARY KEY (NAME, REVISION_UUID), FOREIGN KEY (REVISION_UUID) REFERENCES AM_REVISION(REVISION_UUID) ON DELETE CASCADE) / @@ -3010,7 +3011,6 @@ CREATE TABLE AM_GATEWAY_ENVIRONMENT ( UUID VARCHAR(45) NOT NULL, NAME VARCHAR(255) NOT NULL, TYPE VARCHAR(255) NULL, - VISIBILITY VARCHAR (1024) NULL, DISPLAY_NAME VARCHAR(255) NULL, DESCRIPTION VARCHAR(1023) NULL, PROVIDER VARCHAR(255) NOT NULL, @@ -3020,7 +3020,14 @@ CREATE TABLE AM_GATEWAY_ENVIRONMENT ( UNIQUE (UUID), PRIMARY KEY (ID)) / - +CREATE TABLE AM_GATEWAY_PERMISSIONS ( + GATEWAY_UUID VARCHAR(50) NOT NULL, + PERMISSIONS_TYPE VARCHAR(50) NOT NULL, + ROLE VARCHAR(255), + PRIMARY KEY (GATEWAY_UUID, ROLE), + FOREIGN KEY (GATEWAY_UUID) REFERENCES AM_GATEWAY_ENVIRONMENT(UUID) ON DELETE CASCADE +) +/ -- Virtual Hosts Table -- CREATE TABLE AM_GW_VHOST ( GATEWAY_ENV_ID INTEGER NOT NULL, diff --git a/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/h2.sql b/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/h2.sql index b0966959f453..d0cb416934c4 100644 --- a/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/h2.sql +++ b/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/h2.sql @@ -2219,6 +2219,7 @@ CREATE TABLE IF NOT EXISTS AM_DEPLOYMENT_REVISION_MAPPING ( DISPLAY_ON_DEVPORTAL BOOLEAN DEFAULT 0, DEPLOYED_TIME TIMESTAMP DEFAULT CURRENT_TIMESTAMP, GW_VISIBILITY VARCHAR(2048) NULL, + PERMISSION_TYPE VARCHAR(255) DEFAULT 'PUBLIC', PRIMARY KEY (NAME, REVISION_UUID), FOREIGN KEY (REVISION_UUID) REFERENCES AM_REVISION(REVISION_UUID) ON UPDATE CASCADE ON DELETE CASCADE ); @@ -2239,7 +2240,6 @@ CREATE TABLE IF NOT EXISTS AM_GATEWAY_ENVIRONMENT ( NAME VARCHAR(255) NOT NULL, DISPLAY_NAME VARCHAR(255) NULL, TYPE VARCHAR(255) NULL, - VISIBILITY VARCHAR (1024) NULL, DESCRIPTION VARCHAR(1023) NULL, PROVIDER VARCHAR(255) NOT NULL, GATEWAY_TYPE VARCHAR(255) NOT NULL, @@ -2248,6 +2248,13 @@ CREATE TABLE IF NOT EXISTS AM_GATEWAY_ENVIRONMENT ( UNIQUE (UUID), PRIMARY KEY (ID) ); +CREATE TABLE AM_GATEWAY_PERMISSIONS ( + GATEWAY_UUID VARCHAR(50) NOT NULL, + PERMISSIONS_TYPE VARCHAR(50) NOT NULL, + ROLE VARCHAR(255), + PRIMARY KEY (GATEWAY_UUID, ROLE), + FOREIGN KEY (GATEWAY_UUID) REFERENCES AM_GATEWAY_ENVIRONMENT(UUID) ON DELETE CASCADE +); -- Virtual Hosts Table -- CREATE TABLE IF NOT EXISTS AM_GW_VHOST ( diff --git a/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mssql.sql b/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mssql.sql index 0be3c5f2249f..d9d7e5ebefbb 100644 --- a/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mssql.sql +++ b/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mssql.sql @@ -2481,6 +2481,7 @@ CREATE TABLE AM_DEPLOYMENT_REVISION_MAPPING ( DISPLAY_ON_DEVPORTAL BIT DEFAULT 0, DEPLOYED_TIME DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP, GW_VISIBILITY VARCHAR(2048) NULL, + PERMISSION_TYPE VARCHAR(255) DEFAULT 'PUBLIC', PRIMARY KEY (NAME, REVISION_UUID), FOREIGN KEY (REVISION_UUID) REFERENCES AM_REVISION(REVISION_UUID) ON UPDATE CASCADE ON DELETE CASCADE ); @@ -2502,7 +2503,6 @@ CREATE TABLE AM_GATEWAY_ENVIRONMENT ( UUID VARCHAR(45) NOT NULL, NAME VARCHAR(255) NOT NULL, TYPE VARCHAR(255) NULL, - VISIBILITY VARCHAR (1024) NULL, DISPLAY_NAME VARCHAR(255) NULL, DESCRIPTION VARCHAR(1023) NULL, PROVIDER VARCHAR(255) NOT NULL, @@ -2513,6 +2513,14 @@ CREATE TABLE AM_GATEWAY_ENVIRONMENT ( PRIMARY KEY (ID) ); +CREATE TABLE AM_GATEWAY_PERMISSIONS ( + GATEWAY_UUID VARCHAR(50) NOT NULL, + PERMISSIONS_TYPE VARCHAR(50) NOT NULL, + ROLE VARCHAR(255), + PRIMARY KEY (GATEWAY_UUID, ROLE), + FOREIGN KEY (GATEWAY_UUID) REFERENCES AM_GATEWAY_ENVIRONMENT(UUID) ON DELETE CASCADE +); + -- Virtual Hosts Table -- IF NOT EXISTS (SELECT * FROM SYS.OBJECTS WHERE OBJECT_ID = OBJECT_ID(N'[DBO].[AM_GW_VHOST]') AND TYPE IN (N'U')) CREATE TABLE AM_GW_VHOST ( diff --git a/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql.sql b/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql.sql index 27db04f7d1da..3d84cdfef8c8 100644 --- a/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql.sql +++ b/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql.sql @@ -2254,6 +2254,7 @@ CREATE TABLE IF NOT EXISTS AM_DEPLOYMENT_REVISION_MAPPING ( DISPLAY_ON_DEVPORTAL BOOLEAN DEFAULT 0, DEPLOYED_TIME TIMESTAMP DEFAULT CURRENT_TIMESTAMP, GW_VISIBILITY VARCHAR(2048) NULL, + PERMISSION_TYPE VARCHAR(255) DEFAULT 'PUBLIC', PRIMARY KEY (NAME, REVISION_UUID), FOREIGN KEY (REVISION_UUID) REFERENCES AM_REVISION(REVISION_UUID) ON UPDATE CASCADE ON DELETE CASCADE )ENGINE INNODB; @@ -2273,7 +2274,6 @@ CREATE TABLE IF NOT EXISTS AM_GATEWAY_ENVIRONMENT ( UUID VARCHAR(45) NOT NULL, NAME VARCHAR(255) NOT NULL, TYPE VARCHAR(255) NULL, - VISIBILITY VARCHAR (1024) NULL, DISPLAY_NAME VARCHAR(255) NULL, DESCRIPTION VARCHAR(1023) NULL, PROVIDER VARCHAR(255) NOT NULL, @@ -2284,6 +2284,14 @@ CREATE TABLE IF NOT EXISTS AM_GATEWAY_ENVIRONMENT ( PRIMARY KEY (ID) ); +CREATE TABLE AM_GATEWAY_PERMISSIONS ( + GATEWAY_UUID VARCHAR(50) NOT NULL, + PERMISSIONS_TYPE VARCHAR(50) NOT NULL, + ROLE VARCHAR(255), + PRIMARY KEY (GATEWAY_UUID, ROLE), + FOREIGN KEY (GATEWAY_UUID) REFERENCES AM_GATEWAY_ENVIRONMENT(UUID) ON DELETE CASCADE +); + -- Virtual Hosts Table -- CREATE TABLE IF NOT EXISTS AM_GW_VHOST ( GATEWAY_ENV_ID INTEGER NOT NULL, diff --git a/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql b/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql index b2a568df80f9..5669acb6b001 100644 --- a/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql +++ b/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql @@ -2398,6 +2398,7 @@ CREATE TABLE IF NOT EXISTS AM_DEPLOYMENT_REVISION_MAPPING ( DISPLAY_ON_DEVPORTAL BOOLEAN DEFAULT 0, DEPLOYED_TIME TIMESTAMP DEFAULT CURRENT_TIMESTAMP, GW_VISIBILITY VARCHAR(2048) NULL, + PERMISSION_TYPE VARCHAR(255) DEFAULT 'PUBLIC', PRIMARY KEY (NAME, REVISION_UUID), FOREIGN KEY (REVISION_UUID) REFERENCES AM_REVISION(REVISION_UUID) ON UPDATE CASCADE ON DELETE CASCADE )ENGINE=NDB; @@ -2425,7 +2426,6 @@ CREATE TABLE IF NOT EXISTS AM_GATEWAY_ENVIRONMENT ( UUID VARCHAR(45) NOT NULL, NAME VARCHAR(255) NOT NULL, TYPE VARCHAR(255) NULL, - VISIBILITY VARCHAR (1024) NULL, DISPLAY_NAME VARCHAR(255) NULL, DESCRIPTION VARCHAR(1023) NULL, PROVIDER VARCHAR(255) NOT NULL, @@ -2436,6 +2436,14 @@ CREATE TABLE IF NOT EXISTS AM_GATEWAY_ENVIRONMENT ( PRIMARY KEY (ID) )ENGINE=NDB; +CREATE TABLE AM_GATEWAY_PERMISSIONS ( + GATEWAY_UUID VARCHAR(50) NOT NULL, + PERMISSIONS_TYPE VARCHAR(50) NOT NULL, + ROLE VARCHAR(255), + PRIMARY KEY (GATEWAY_UUID, ROLE), + FOREIGN KEY (GATEWAY_UUID) REFERENCES AM_GATEWAY_ENVIRONMENT(UUID) ON DELETE CASCADE +)ENGINE=NDB; + -- Virtual Hosts Table -- CREATE TABLE IF NOT EXISTS AM_GW_VHOST ( GATEWAY_ENV_ID INTEGER NOT NULL, diff --git a/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle.sql b/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle.sql index a6c15e3a9c86..50f8d5b8284d 100644 --- a/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle.sql +++ b/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle.sql @@ -3478,6 +3478,7 @@ CREATE TABLE AM_DEPLOYMENT_REVISION_MAPPING ( DISPLAY_ON_DEVPORTAL INTEGER DEFAULT 0, DEPLOYED_TIME TIMESTAMP DEFAULT CURRENT_TIMESTAMP, GW_VISIBILITY VARCHAR(2048) NULL, + PERMISSION_TYPE VARCHAR(255) DEFAULT 'PUBLIC', PRIMARY KEY (NAME, REVISION_UUID), FOREIGN KEY (REVISION_UUID) REFERENCES AM_REVISION(REVISION_UUID) ON DELETE CASCADE) / @@ -3497,7 +3498,6 @@ CREATE TABLE AM_GATEWAY_ENVIRONMENT ( UUID VARCHAR(45) NOT NULL, NAME VARCHAR(255) NOT NULL, TYPE VARCHAR(255) NULL, - VISIBILITY VARCHAR (1024) NULL, DISPLAY_NAME VARCHAR(255) NULL, DESCRIPTION VARCHAR(1023) NULL, PROVIDER VARCHAR(255) NOT NULL, @@ -3507,6 +3507,14 @@ CREATE TABLE AM_GATEWAY_ENVIRONMENT ( UNIQUE (UUID), PRIMARY KEY (ID)) / +CREATE TABLE AM_GATEWAY_PERMISSIONS ( + GATEWAY_UUID VARCHAR(50) NOT NULL, + PERMISSIONS_TYPE VARCHAR(50) NOT NULL, + ROLE VARCHAR(255), + PRIMARY KEY (GATEWAY_UUID, ROLE), + FOREIGN KEY (GATEWAY_UUID) REFERENCES AM_GATEWAY_ENVIRONMENT(UUID) ON DELETE CASCADE +) +/ CREATE SEQUENCE AM_GATEWAY_ENV_SEQ START WITH 1 INCREMENT BY 1 NOCACHE / CREATE OR REPLACE TRIGGER AM_GATEWAY_ENVIRONMENT_TRIGGER diff --git a/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_23c.sql b/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_23c.sql index 64ab72add3e8..5cc6cbed3e64 100644 --- a/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_23c.sql +++ b/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_23c.sql @@ -3478,6 +3478,7 @@ CREATE TABLE AM_DEPLOYMENT_REVISION_MAPPING ( DISPLAY_ON_DEVPORTAL INTEGER DEFAULT 0, DEPLOYED_TIME TIMESTAMP DEFAULT CURRENT_TIMESTAMP, GW_VISIBILITY VARCHAR(2048) NULL, + PERMISSION_TYPE VARCHAR(255) DEFAULT 'PUBLIC', PRIMARY KEY (NAME, REVISION_UUID), FOREIGN KEY (REVISION_UUID) REFERENCES AM_REVISION(REVISION_UUID) ON DELETE CASCADE) / @@ -3497,7 +3498,6 @@ CREATE TABLE AM_GATEWAY_ENVIRONMENT ( UUID VARCHAR(45) NOT NULL, NAME VARCHAR(255) NOT NULL, TYPE VARCHAR(255) NULL, - VISIBILITY VARCHAR (1024) NULL, DISPLAY_NAME VARCHAR(255) NULL, DESCRIPTION VARCHAR(1023) NULL, PROVIDER VARCHAR(255) NOT NULL, @@ -3507,6 +3507,14 @@ CREATE TABLE AM_GATEWAY_ENVIRONMENT ( UNIQUE (UUID), PRIMARY KEY (ID)) / +CREATE TABLE AM_GATEWAY_PERMISSIONS ( + GATEWAY_UUID VARCHAR(50) NOT NULL, + PERMISSIONS_TYPE VARCHAR(50) NOT NULL, + ROLE VARCHAR(255), + PRIMARY KEY (GATEWAY_UUID, ROLE), + FOREIGN KEY (GATEWAY_UUID) REFERENCES AM_GATEWAY_ENVIRONMENT(UUID) ON DELETE CASCADE +) +/ CREATE SEQUENCE AM_GATEWAY_ENV_SEQ START WITH 1 INCREMENT BY 1 NOCACHE / CREATE OR REPLACE TRIGGER AM_GATEWAY_ENVIRONMENT_TRIGGER diff --git a/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_rac.sql b/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_rac.sql index 0a027fce8d76..7c9c59f74a81 100644 --- a/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_rac.sql +++ b/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_rac.sql @@ -3450,6 +3450,7 @@ CREATE TABLE AM_DEPLOYMENT_REVISION_MAPPING ( DISPLAY_ON_DEVPORTAL INTEGER DEFAULT 0, DEPLOYED_TIME TIMESTAMP DEFAULT CURRENT_TIMESTAMP, GW_VISIBILITY VARCHAR(2048) NULL, + PERMISSION_TYPE VARCHAR(255) DEFAULT 'PUBLIC', PRIMARY KEY (NAME, REVISION_UUID), FOREIGN KEY (REVISION_UUID) REFERENCES AM_REVISION(REVISION_UUID) ON DELETE CASCADE) / @@ -3469,7 +3470,6 @@ CREATE TABLE AM_GATEWAY_ENVIRONMENT ( UUID VARCHAR(45) NOT NULL, NAME VARCHAR(255) NOT NULL, TYPE VARCHAR(255) NULL, - VISIBILITY VARCHAR (1024) NULL, DISPLAY_NAME VARCHAR(255) NULL, DESCRIPTION VARCHAR(1023) NULL, PROVIDER VARCHAR(255) NOT NULL, @@ -3479,6 +3479,14 @@ CREATE TABLE AM_GATEWAY_ENVIRONMENT ( UNIQUE (UUID), PRIMARY KEY (ID)) / +CREATE TABLE AM_GATEWAY_PERMISSIONS ( + GATEWAY_UUID VARCHAR(50) NOT NULL, + PERMISSIONS_TYPE VARCHAR(50) NOT NULL, + ROLE VARCHAR(255), + PRIMARY KEY (GATEWAY_UUID, ROLE), + FOREIGN KEY (GATEWAY_UUID) REFERENCES AM_GATEWAY_ENVIRONMENT(UUID) ON DELETE CASCADE +) +/ CREATE SEQUENCE AM_GATEWAY_ENV_SEQ START WITH 1 INCREMENT BY 1 CACHE 20 ORDER / CREATE OR REPLACE TRIGGER AM_GATEWAY_ENVIRONMENT_TRIGGER diff --git a/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql b/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql index e04e848e082e..fcc8a9d2ffb4 100644 --- a/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql +++ b/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql @@ -2568,6 +2568,7 @@ CREATE TABLE IF NOT EXISTS AM_DEPLOYMENT_REVISION_MAPPING ( DISPLAY_ON_DEVPORTAL BOOLEAN DEFAULT '0', DEPLOYED_TIME TIMESTAMP DEFAULT CURRENT_TIMESTAMP, GW_VISIBILITY VARCHAR(2048) NULL, + PERMISSION_TYPE VARCHAR(255) DEFAULT 'PUBLIC', PRIMARY KEY (NAME, REVISION_UUID), FOREIGN KEY (REVISION_UUID) REFERENCES AM_REVISION(REVISION_UUID) ON UPDATE CASCADE ON DELETE CASCADE ); @@ -2591,7 +2592,6 @@ CREATE TABLE IF NOT EXISTS AM_GATEWAY_ENVIRONMENT ( UUID VARCHAR(45) NOT NULL, NAME VARCHAR(255) NOT NULL, TYPE VARCHAR(255) NULL, - VISIBILITY VARCHAR (1024) NULL, DISPLAY_NAME VARCHAR(255) NULL, DESCRIPTION VARCHAR(1023) NULL, PROVIDER VARCHAR(255) NOT NULL, @@ -2602,6 +2602,14 @@ CREATE TABLE IF NOT EXISTS AM_GATEWAY_ENVIRONMENT ( PRIMARY KEY (ID) ); +CREATE TABLE AM_GATEWAY_PERMISSIONS ( + GATEWAY_UUID VARCHAR(50) NOT NULL, + PERMISSIONS_TYPE VARCHAR(50) NOT NULL, + ROLE VARCHAR(255), + PRIMARY KEY (GATEWAY_UUID, ROLE), + FOREIGN KEY (GATEWAY_UUID) REFERENCES AM_GATEWAY_ENVIRONMENT(UUID) ON DELETE CASCADE +); + -- Virtual Hosts Table -- DROP TABLE IF EXISTS AM_GW_VHOST; CREATE TABLE IF NOT EXISTS AM_GW_VHOST (