wso2 · npamudika · Jan 24, 2025 · Dec 8, 2024 · Dec 13, 2024 · Dec 15, 2024
@@ -17,6 +17,7 @@
 */
 package org.wso2.carbon.apimgt.api;
 
+import org.wso2.carbon.apimgt.api.dto.GatewayVisibilityPermissionConfigurationDTO;
 import org.wso2.carbon.apimgt.api.dto.KeyManagerConfigurationDTO;
 import org.wso2.carbon.apimgt.api.dto.KeyManagerPermissionConfigurationDTO;
 import org.wso2.carbon.apimgt.api.model.APICategory;
@@ -354,6 +355,14 @@ KeyManagerConfigurationDTO updateKeyManagerConfiguration(KeyManagerConfiguration
      */
     KeyManagerPermissionConfigurationDTO getKeyManagerPermissions(String id) throws APIManagementException;
 
+    /**
+     * This method used to get gateway visibility permissions with gateway environment id and role
+     * @param id uuid of gateway environment
+     * @return gateway visibility permissions
+     * @throws APIManagementException
+     */
+    GatewayVisibilityPermissionConfigurationDTO getGatewayVisibilityPermissions(String id) throws APIManagementException;
+
     /**
      * hTis method used to delete IDP mapped with key manager
      * @param organization organization requested

@@ -32,8 +32,8 @@
 import org.wso2.carbon.apimgt.api.model.CommentList;
 import org.wso2.carbon.apimgt.api.model.Application;
 import org.wso2.carbon.apimgt.api.model.Comment;
+import org.wso2.carbon.apimgt.api.model.Environment;
 import org.wso2.carbon.apimgt.api.model.Identifier;
-import org.wso2.carbon.apimgt.api.model.KeyManagerApplicationInfo;
 import org.wso2.carbon.apimgt.api.model.Monetization;
 import org.wso2.carbon.apimgt.api.model.OAuthApplicationInfo;
 import org.wso2.carbon.apimgt.api.model.ResourceFile;
@@ -883,6 +883,16 @@ List<KeyManagerConfigurationDTO> getKeyManagerConfigurationsByOrganization(Strin
     boolean isKeyManagerByNameAllowedForUser(String keyManagerName, String organization, String username)
             throws APIManagementException;
 
+    /**
+     * This method used to retrieve gateway environment for tenant
+     * @param organization organization of the gateway environment
+     * @param username username of the logged-in user
+     * @return Environment list
+     * @throws APIManagementException if error occurred
+     */
+    Map<String, Environment> getGatewayEnvironmentsByOrganization(String organization, String username)
+            throws APIManagementException;
+
     /**
      * Remove application keys.
      * @param application   application

@@ -0,0 +1,60 @@
+/*
+ *  Copyright (c) 2025, WSO2 LLC. (http://www.wso2.org) All Rights Reserved.
+ *
+ *  WSO2 LLC. licenses this file to you under the Apache License,
+ *  Version 2.0 (the "License"); you may not use this file except
+ *  in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.apimgt.api.dto;
+
+import java.io.Serializable;
+import java.util.ArrayList;
+import java.util.List;
+
+/**
+ *GatewayVisibilityPermissionConfiguration model
+ */
+public class GatewayVisibilityPermissionConfigurationDTO implements Serializable {
+
+    private String permissionType = null;
+    private List<String> roles = new ArrayList<String>();
+
+    public GatewayVisibilityPermissionConfigurationDTO () {
+        this.setPermissionType("PUBLIC");
+    }
+
+    public GatewayVisibilityPermissionConfigurationDTO(String permissionType, List<String> roles) {
+        this.permissionType = permissionType;
+        this.roles = roles;
+    }
+
+    public String getPermissionType () {
+        return permissionType;
+    }
+
+    public void setPermissionType (String permissionType) {
+        this.permissionType = permissionType;
+    }
+
+    public List<String> getRoles() {
+        return roles;
+    }
+
+    public void setRoles(List<String> roles) {
+        if (roles == null) {
+            return;
+        }
+        this.roles = roles;
+    }
+}
@@ -21,6 +21,7 @@
 import org.apache.commons.lang3.StringUtils;
 import org.wso2.carbon.apimgt.api.APIManagementException;
 import org.wso2.carbon.apimgt.api.APIConstants;
+import org.wso2.carbon.apimgt.api.dto.GatewayVisibilityPermissionConfigurationDTO;
 
 import java.io.Serializable;
 import java.util.ArrayList;
@@ -55,6 +56,11 @@ public class Environment implements Serializable {
     private String gatewayType;
     private Map<String, String> additionalProperties = new HashMap<>();
 
+    private String[] visibilityRoles;
+    private String visibility;
+
+    private GatewayVisibilityPermissionConfigurationDTO permissions = new GatewayVisibilityPermissionConfigurationDTO();
+
     public boolean isDefault() {
         return isDefault;
     }
@@ -159,6 +165,49 @@ public void setName(String name) {
         }
     }
 
+    public String getVisibility() {
+        return visibility;
+    }
+
+    public void setVisibility(String visibility) {
+        this.visibility = visibility;
+    }
+
+    public String[] getVisibilityRoles() {
+        if (visibilityRoles != null) {
+            return visibilityRoles;
+        } else if (visibility != null) {
+            return visibility.split(",");
+        }
+        return null;
+    }
+
+    public void setVisibility(String[] visibilityRoles) {
+        if (visibilityRoles != null && !"".equals(visibilityRoles[0].trim())) {
+            StringBuilder builder = new StringBuilder();
+            for (String role : visibilityRoles) {
+                builder.append(role).append(',');
+            }
+            builder.deleteCharAt(builder.length() - 1);
+            this.visibility = builder.toString();
+        } else {
+            this.visibility = "PUBLIC";
+            this.visibilityRoles[0] = "internal/everyone";
+        }
+        this.visibilityRoles = visibilityRoles;
+    }
+
+    public GatewayVisibilityPermissionConfigurationDTO getPermissions() {
+        return permissions;
+    }
+
+    public void setPermissions(GatewayVisibilityPermissionConfigurationDTO permissions) {
+        if (permissions == null) {
+            permissions = new GatewayVisibilityPermissionConfigurationDTO();
+        }
+        this.permissions = permissions;
+    }
+
     public String getDisplayName() {
         return displayName;
     }

@@ -39,6 +39,7 @@
 import org.wso2.carbon.apimgt.api.APIManagementException;
 import org.wso2.carbon.apimgt.api.APIMgtResourceNotFoundException;
 import org.wso2.carbon.apimgt.api.ExceptionCodes;
+import org.wso2.carbon.apimgt.api.dto.GatewayVisibilityPermissionConfigurationDTO;
 import org.wso2.carbon.apimgt.api.dto.KeyManagerConfigurationDTO;
 import org.wso2.carbon.apimgt.api.model.API;
 import org.wso2.carbon.apimgt.api.dto.KeyManagerPermissionConfigurationDTO;
@@ -925,6 +926,18 @@ public KeyManagerPermissionConfigurationDTO getKeyManagerPermissions(String id)
         return keyManagerPermissionConfigurationDTO;
     }
 
+    @Override
+    public GatewayVisibilityPermissionConfigurationDTO getGatewayVisibilityPermissions(String id) throws APIManagementException {
+
+        GatewayVisibilityPermissionConfigurationDTO gatewayVisibilityPermissionConfigurationDTO;
+        try {
+            gatewayVisibilityPermissionConfigurationDTO = apiMgtDAO.getGatewayVisibilityPermissions(id);
+        } catch (APIManagementException e) {
+            throw new APIManagementException("Gateway Visibility Permissions retrieval failed for gateway environment id " + id, e);
+        }
+        return gatewayVisibilityPermissionConfigurationDTO;
+    }
+
     private IdentityProvider updatedIDP(IdentityProvider retrievedIDP,
                                         KeyManagerConfigurationDTO keyManagerConfigurationDTO) {
 

@@ -758,6 +758,7 @@ private Permissions() {
     public static final String API_GATEWAY = "APIGateway.";
     public static final String API_GATEWAY_NAME = "Name";
     public static final String API_GATEWAY_DISPLAY_NAME = "DisplayName";
+    public static final String API_GATEWAY_VISIBILITY = "Visibility";
     public static final String API_GATEWAY_SERVER_URL = "ServerURL";
     public static final String API_GATEWAY_USERNAME = "Username";
     public static final String API_GATEWAY_PASSWORD = "Password";
@@ -3194,6 +3195,10 @@ public enum ConfigType {
     public static final String WSO2_APK_GATEWAY = "wso2/apk";
     public static final String WSO2_SYNAPSE_GATEWAY = "wso2/synapse";
 
+    public static final String PERMISSION_ALLOW = "ALLOW";
+    public static final String PERMISSION_DENY = "DENY";
+    public static final String PERMISSION_NOT_RESTRICTED = "PUBLIC";
+
     // Protocol variables
     public static final String HTTP_TRANSPORT_PROTOCOL_NAME = "http";
     public static final String HTTPS_TRANSPORT_PROTOCOL_NAME = "https";

@@ -194,9 +194,6 @@ public class APIConsumerImpl extends AbstractAPIManager implements APIConsumer {
     public static final String API_NAME = "apiName";
     public static final String API_VERSION = "apiVersion";
     public static final String API_PROVIDER = "apiProvider";
-    private static final String PERMISSION_ALLOW = "ALLOW";
-    private static final String PERMISSION_DENY = "DENY";
-    private static final String PERMISSION_NOT_RESTRICTED = "PUBLIC";
     private static final String PRESERVED_CASE_SENSITIVE_VARIABLE = "preservedCaseSensitive";
 
     private static final String GET_SUB_WORKFLOW_REF_FAILED = "Failed to get external workflow reference for " +
@@ -4035,13 +4032,9 @@ public API getLightweightAPIByUUID(String uuid, String organization) throws APIM
                         devPortalApi.getVisibleRoles());
                 API api = APIMapper.INSTANCE.toApi(devPortalApi);
 
-                /// populate relavant external info
-                // environment
-                String environmentString = null;
-                if (api.getEnvironments() != null) {
-                    environmentString = String.join(",", api.getEnvironments());
-                }
-                api.setEnvironments(APIUtil.extractEnvironmentsForAPI(environmentString, organization));
+                // populate relevant external info environment
+                Map<String, Environment> environments = getGatewayEnvironmentsByOrganization(organization, username);
+                api.setEnvironments(APIUtil.extractEnvironmentsForAPI(environments.toString(), organization));
                 //CORS . if null is returned, set default config from the configuration
                 if (api.getCorsConfiguration() == null) {
                     api.setCorsConfiguration(APIUtil.getDefaultCorsConfiguration());
@@ -4629,14 +4622,14 @@ public boolean isKeyManagerAllowedForUser(String keyManagerId, String username)
         APIAdmin apiAdmin = new APIAdminImpl();
         KeyManagerPermissionConfigurationDTO permissions = apiAdmin.getKeyManagerPermissions(keyManagerId);
         String permissionType = permissions.getPermissionType();
-        if (permissions != null && !permissionType.equals(PERMISSION_NOT_RESTRICTED)) {
+        if (permissions != null && !permissionType.equals(APIConstants.PERMISSION_NOT_RESTRICTED)) {
             String[] permissionRoles = permissions.getRoles()
                     .stream()
                     .toArray(String[]::new);
             String[] userRoles = APIUtil.getListOfRoles(username);
             boolean roleIsRestricted = hasIntersection(userRoles, permissionRoles);
-            if ((PERMISSION_ALLOW.equals(permissionType) && !roleIsRestricted)
-                    || (PERMISSION_DENY.equals(permissionType) && roleIsRestricted)) {
+            if ((APIConstants.PERMISSION_ALLOW.equals(permissionType) && !roleIsRestricted)
+                    || (APIConstants.PERMISSION_DENY.equals(permissionType) && roleIsRestricted)) {
                 return false;
             }
         }
@@ -4662,22 +4655,40 @@ public boolean isKeyManagerByNameAllowedForUser(String keyManagerName, String or
         KeyManagerPermissionConfigurationDTO permissions = keyManagerConfiguration.getPermissions();
         String permissionType = permissions.getPermissionType();
         //Checks if the keymanager is permission restricted and if the user is in the restricted list
-        if (permissions != null && !permissionType.equals(PERMISSION_NOT_RESTRICTED)) {
+        if (permissions != null && !permissionType.equals(APIConstants.PERMISSION_NOT_RESTRICTED)) {
             String[] permissionRoles = permissions.getRoles()
                     .stream()
                     .toArray(String[]::new);
             String[] userRoles = APIUtil.getListOfRoles(username);
             //list of common roles the user has and the restricted list
             boolean roleIsRestricted = hasIntersection(userRoles, permissionRoles);
             //Checks if the user is allowed to access the key manager
-            if ((PERMISSION_ALLOW.equals(permissionType) && !roleIsRestricted)
-                    || (PERMISSION_DENY.equals(permissionType) && roleIsRestricted)) {
+            if ((APIConstants.PERMISSION_ALLOW.equals(permissionType) && !roleIsRestricted)
+                    || (APIConstants.PERMISSION_DENY.equals(permissionType) && roleIsRestricted)) {
                 return false;
             }
         }
         return true;
     }
 
+    /**
+     * This method is used to retrieve gateway environments for tenant
+     *
+     * @param organization organization of the gateway environment
+     * @param username     username of the logged-in user
+     * @return Environment list
+     * @throws APIManagementException if error occurred
+     */
+    @Override
+    public Map<String, Environment> getGatewayEnvironmentsByOrganization(String organization, String username) throws APIManagementException {
+
+        Map<String, Environment> environmentsMap = APIUtil.getEnvironments(organization);
+        Map<String, Environment> permittedGatewayEnvironments;
+        List<Environment> environmentList = new ArrayList<Environment>(environmentsMap.values());
+        permittedGatewayEnvironments = APIUtil.extractVisibleEnvironmentsForUser(environmentList, username);
+        return permittedGatewayEnvironments;
+    }
+
     public static boolean hasIntersection(String[] arr1, String[] arr2) {
 
         Set<String> set = new HashSet<>();

@@ -29,6 +29,7 @@
 import org.json.simple.JSONArray;
 import org.json.simple.JSONObject;
 import org.wso2.carbon.apimgt.api.APIManagementException;
+import org.wso2.carbon.apimgt.api.dto.GatewayVisibilityPermissionConfigurationDTO;
 import org.wso2.carbon.apimgt.api.model.APIPublisher;
 import org.wso2.carbon.apimgt.api.model.APIStore;
 import org.wso2.carbon.apimgt.api.model.Environment;
@@ -62,6 +63,7 @@
 import java.net.URL;
 import java.nio.charset.StandardCharsets;
 import java.util.ArrayList;
+import java.util.Collections;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.Iterator;
@@ -759,6 +761,24 @@ void setEnvironmentConfig(OMElement environmentElem) throws APIManagementExcepti
             gatewayType = APIConstants.API_GATEWAY_TYPE_REGULAR;
         }
         environment.setGatewayType(gatewayType);
+        GatewayVisibilityPermissionConfigurationDTO permissionsDTO = new GatewayVisibilityPermissionConfigurationDTO();
+        OMElement visibility = environmentElem.getFirstChildWithName(new QName(APIConstants.API_GATEWAY_VISIBILITY));
+        List<String> visibilityRoles = new LinkedList<>();
+        String[] visibilityRolesArray;
+        if (visibility == null || StringUtils.isEmpty(visibility.getText())) {
+            permissionsDTO.setPermissionType(APIConstants.PERMISSION_NOT_RESTRICTED);
+            environment.setVisibility(APIConstants.PERMISSION_NOT_RESTRICTED);
+            visibilityRolesArray = new String[]{APIConstants.EVERYONE_ROLE};
+        } else {
+            String visibilityString = visibility.getText();
+            visibilityRolesArray = visibilityString.split(",");
+            Collections.addAll(visibilityRoles, visibilityRolesArray);
+            permissionsDTO.setPermissionType(APIConstants.PERMISSION_ALLOW);
+            permissionsDTO.setRoles(visibilityRoles);
+            environment.setVisibility(visibilityString);
+        }
+        environment.setVisibility(visibilityRolesArray);
+        environment.setPermissions(permissionsDTO);
         if (StringUtils.isEmpty(environment.getDisplayName())) {environment.setDisplayName(environment.getName());}
         environment.setServerURL(APIUtil.replaceSystemProperty(environmentElem.getFirstChildWithName(new QName(
                         APIConstants.API_GATEWAY_SERVER_URL)).getText()));

@@ -5600,13 +5600,12 @@ public API getLightweightAPIByUUID(String uuid, String organization) throws APIM
             if (publisherAPI != null) {
                 API api = APIMapper.INSTANCE.toApi(publisherAPI);
                 checkAccessControlPermission(userNameWithoutChange, api.getAccessControl(), api.getAccessControlRoles());
-                /// populate relavant external info
-                // environment
-                String environmentString = null;
-                if (api.getEnvironments() != null) {
-                    environmentString = String.join(",", api.getEnvironments());
-                }
-                api.setEnvironments(APIUtil.extractEnvironmentsForAPI(environmentString, organization));
+                // populate relevant external info environment
+                Map<String, Environment> environmentsMap = APIUtil.getEnvironments(organization);
+                Map<String, Environment> permittedGatewayEnvironments;
+                List<Environment> environmentList = new ArrayList<Environment>(environmentsMap.values());
+                permittedGatewayEnvironments = APIUtil.extractVisibleEnvironmentsForUser(environmentList, username);
+                api.setEnvironments(APIUtil.extractEnvironmentsForAPI(permittedGatewayEnvironments.toString(), organization));
                 //CORS . if null is returned, set default config from the configuration
                 if (api.getCorsConfiguration() == null) {
                     api.setCorsConfiguration(APIUtil.getDefaultCorsConfiguration());