Skip to content

Commit

Permalink
Merge pull request #12551 from BiyonFernando/marketplace_access_control
Browse files Browse the repository at this point in the history
Adding role based access control to marketplace assistant
  • Loading branch information
RakhithaRR authored Sep 27, 2024
2 parents 5e1f831 + 086a180 commit 8a8ad9a
Show file tree
Hide file tree
Showing 7 changed files with 99 additions and 27 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -1752,7 +1752,10 @@ private ConfigParameters() {
public static final String QUERY = "query";
public static final String HISTORY = "history";
public static final String VERSION = "version";
public static final String VISIBILITYROLES = "visibility_roles";
public static final String APIM_VERSION = "apim_version";
public static final String DESCRIPTION = "description";
public static final String USERROLES = "user_roles";

public static final String DEMOTE_TO_CREATED= "Demote to Created";
public static final String BLOCK = "Block";
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -1140,7 +1140,8 @@ public API updateAPI(API api, API existingAPI) throws APIManagementException {
APIEvent apiEvent = new APIEvent(UUID.randomUUID().toString(), System.currentTimeMillis(),
APIConstants.EventType.API_UPDATE.name(), tenantId, organization, api.getId().getApiName(), apiId,
api.getUuid(), api.getId().getVersion(), api.getType(), api.getContext(),
APIUtil.replaceEmailDomainBack(api.getId().getProviderName()), api.getStatus(), action, api.getApiSecurity(), api.getVisibility());
APIUtil.replaceEmailDomainBack(api.getId().getProviderName()), api.getStatus(), action,
api.getApiSecurity(), api.getVisibility(), api.getVisibleRoles());
APIUtil.sendNotification(apiEvent, APIConstants.NotifierType.API.name());

// Extracting API details for the recommendation system
Expand Down Expand Up @@ -2679,7 +2680,7 @@ public void deleteAPI(String apiUuid, String organization) throws APIManagementE
APIConstants.EventType.API_DELETE.name(), tenantId, organization, api.getId().getApiName(), apiId,
api.getUuid(), api.getId().getVersion(), api.getType(), api.getContext(),
APIUtil.replaceEmailDomainBack(api.getId().getProviderName()),
api.getStatus(), api.getApiSecurity(), api.getStatus(), api.getVisibility());
api.getStatus(), api.getApiSecurity(), api.getStatus(), api.getVisibility(), api.getVisibleRoles());
APIUtil.sendNotification(apiEvent, APIConstants.NotifierType.API.name());
} else {
log.debug("Event has not published to gateways due to API id has failed to retrieve from DB for API "
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@
import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.apimgt.impl.utils.APIUtil;


/**
* The default API notification service implementation in which API creation, update, delete and LifeCycle change
* events are published to gateway.
Expand Down Expand Up @@ -69,31 +70,16 @@ private void process (Event event) throws NotifierException {

if (APIConstants.EventType.API_UPDATE.name().equals(event.getType())) {
String currentStatus = apiEvent.getCurrentStatus().toUpperCase();
if (!APIConstants.API_GLOBAL_VISIBILITY.equals(apiEvent.getApiVisibility())) {
switch (currentStatus) {
case APIConstants.PROTOTYPED:
case APIConstants.PUBLISHED:
deleteRequest(apiEvent);
break;
default:
break;
}
} else {
switch (currentStatus) {
case APIConstants.PROTOTYPED:
case APIConstants.PUBLISHED:
postRequest(apiEvent);
break;
default:
break;
}
switch (currentStatus) {
case APIConstants.PROTOTYPED:
case APIConstants.PUBLISHED:
postRequest(apiEvent);
break;
default:
break;
}
} else {

if (!APIConstants.API_GLOBAL_VISIBILITY.equals(apiEvent.getApiVisibility())) {
return;
}

if (APIConstants.EventType.API_LIFECYCLE_CHANGE.name().equals(event.getType())) {
String lifecycleEvent = apiEvent.getLifecycleEvent();
String currentStatus = apiEvent.getCurrentStatus().toUpperCase();
Expand Down Expand Up @@ -205,6 +191,13 @@ public void run() {
payload.put(APIConstants.TENANT_DOMAIN, apiEvent.getTenantDomain());
payload.put(APIConstants.VERSION, apiEvent.getApiVersion());

String visibleRoles = apiEvent.getApiVisibleRoles();
if (visibleRoles == null) {
visibleRoles = ""; // Assign an empty string if null
}
payload.put(APIConstants.VISIBILITYROLES, visibleRoles.toLowerCase());
payload.put(APIConstants.APIM_VERSION, APIUtil.getAPIMVersion());

if (marketplaceAssistantConfigurationDto.isKeyProvided()) {
APIUtil.invokeAIService(marketplaceAssistantConfigurationDto.getEndpoint(),
marketplaceAssistantConfigurationDto.getTokenEndpoint(),
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,7 @@ public class APIEvent extends Event {
private String securityScheme;
private String currentStatus;
private String apiVisibility;
private String apiVisibleRoles;
private String lifecycleEvent;

public APIEvent(String uuid, String logLevel, String type, String apiContext, String resourceMethod,
Expand Down Expand Up @@ -148,6 +149,30 @@ public APIEvent(String eventId, long timestamp, String type, int tenantId, Strin
this.apiVisibility = apiVisibility;
}

public APIEvent(String eventId, long timestamp, String type, int tenantId, String tenantDomain, String apiName,
int apiId, String uuid, String apiVersion, String apiType, String apiContext, String apiProvider,
String apiStatus, APIConstants.EventAction action, String securityScheme, String apiVisibility,
String apiVisibleRoles) {
this.eventId = eventId;
this.timeStamp = timestamp;
this.type = type;
this.tenantId = tenantId;
this.apiId = apiId;
this.uuid = uuid;
this.apiVersion = apiVersion;
this.apiName = apiName;
this.apiType = apiType;
this.apiContext = apiContext;
this.apiProvider = apiProvider;
this.apiStatus = apiStatus;
this.tenantDomain = tenantDomain;
this.action = action;
this.securityScheme = securityScheme;
this.currentStatus = apiStatus;
this.apiVisibility = apiVisibility;
this.apiVisibleRoles = apiVisibleRoles;
}

public APIEvent(String eventId, long timestamp, String type, int tenantId, String tenantDomain, String apiName,
int apiId, String uuid, String apiVersion, String apiType, String apiContext, String apiProvider,
String apiStatus, String securityScheme, String action, String currentStatus, String apiVisibility) {
Expand All @@ -170,6 +195,30 @@ public APIEvent(String eventId, long timestamp, String type, int tenantId, Strin
this.apiVisibility = apiVisibility;
}

public APIEvent(String eventId, long timestamp, String type, int tenantId, String tenantDomain, String apiName,
int apiId, String uuid, String apiVersion, String apiType, String apiContext, String apiProvider,
String apiStatus, String securityScheme, String action, String currentStatus,
String apiVisibility, String apiVisibleRoles) {
this.eventId = eventId;
this.timeStamp = timestamp;
this.type = type;
this.tenantId = tenantId;
this.apiId = apiId;
this.uuid = uuid;
this.apiVersion = apiVersion;
this.apiName = apiName;
this.apiType = apiType;
this.apiContext = apiContext;
this.apiProvider = apiProvider;
this.apiStatus = apiStatus;
this.tenantDomain = tenantDomain;
this.securityScheme = securityScheme;
this.lifecycleEvent = action;
this.currentStatus = currentStatus;
this.apiVisibility = apiVisibility;
this.apiVisibleRoles = apiVisibleRoles;
}

@Override
public String toString() {

Expand Down Expand Up @@ -342,4 +391,12 @@ public String getApiVisibility() {
public void setApiVisibility(String apiVisibility) {
this.apiVisibility = apiVisibility;
}

public String getApiVisibleRoles() {
return apiVisibleRoles;
}

public void setApiVisibleRoles(String apiVisibleRoles) {
this.apiVisibleRoles = apiVisibleRoles;
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -10749,4 +10749,8 @@ public static List<ApplicationInfoKeyManager> getPaginatedApplicationList(
}
return applications.subList(offset, endIndex);
}

public static String getAPIMVersion() {
return CarbonUtils.getServerConfiguration().getFirstProperty("Version");
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,7 @@ public static void changeLifecycle(String user, APIProvider apiProvider, String
String uuid = apiTypeWrapper.getUuid();
String currentStatus = apiTypeWrapper.getStatus();
String apiVisibility = apiTypeWrapper.getVisibility();
String apiVisibleRoles = apiTypeWrapper.getVisibleRoles();
targetStatus = LCManagerFactory.getInstance().getLCManager().getStateForTransition(action);

// Update lifecycle state in the registry
Expand All @@ -79,7 +80,8 @@ public static void changeLifecycle(String user, APIProvider apiProvider, String
// Add LC state change event to the event queue
sendLCStateChangeNotification(apiName, apiType, apiContext, apiTypeWrapper.getId().getVersion(), targetStatus,
apiTypeWrapper.getId().getProviderName(), apiTypeWrapper.getId().getId(), uuid, orgId,
apiTypeWrapper.getApi() != null ? apiTypeWrapper.getApi().getApiSecurity() : null, action, currentStatus, apiVisibility);
apiTypeWrapper.getApi() != null ? apiTypeWrapper.getApi().getApiSecurity() : null, action,
currentStatus, apiVisibility, apiVisibleRoles);

// Remove revisions and subscriptions after API retire
if (!apiTypeWrapper.isAPIProduct()) {
Expand Down Expand Up @@ -399,14 +401,15 @@ private static void addLCStateChangeInDatabase(String user, ApiTypeWrapper apiTy
*/
private static void sendLCStateChangeNotification(String apiName, String apiType, String apiContext,
String apiVersion, String targetStatus, String provider, int apiOrApiProductId, String uuid,
String organization, String securityScheme, String action, String currentStatus, String apiVisibility)
String organization, String securityScheme, String action, String currentStatus, String apiVisibility,
String apiVisibleRoles)
throws APIManagementException {

APIEvent apiEvent = new APIEvent(UUID.randomUUID().toString(), System.currentTimeMillis(),
APIConstants.EventType.API_LIFECYCLE_CHANGE.name(), APIUtil.getInternalOrganizationId(organization),
organization, apiName, apiOrApiProductId, uuid, apiVersion, apiType, apiContext,
APIUtil.replaceEmailDomainBack(provider), targetStatus, securityScheme, action, currentStatus,
apiVisibility);
apiVisibility, apiVisibleRoles);
APIUtil.sendNotification(apiEvent, APIConstants.NotifierType.API.name());
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -40,11 +40,16 @@
import org.wso2.carbon.apimgt.rest.api.store.v1.dto.MarketplaceAssistantRequestDTO;
import org.wso2.carbon.apimgt.rest.api.store.v1.dto.MarketplaceAssistantResponseDTO;
import org.wso2.carbon.apimgt.rest.api.util.utils.RestApiUtil;
import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser;
import org.wso2.carbon.identity.oauth.OAuthUtil;
import org.wso2.carbon.identity.oauth2.authz.OAuthAuthzReqMessageContext;

import java.io.IOException;

import javax.ws.rs.core.Response;


public class MarketplaceAssistantApiServiceImpl implements MarketplaceAssistantApiService {

private static final Log log = LogFactory.getLog(MarketplaceAssistantApiServiceImpl.class);
Expand Down Expand Up @@ -77,9 +82,15 @@ public Response marketplaceAssistantExecute(MarketplaceAssistantRequestDTO marke
JSONObject payload = new JSONObject();
String history = new Gson().toJson(marketplaceAssistantRequestDTO.getHistory());

String username = CarbonContext.getThreadLocalCarbonContext().getUsername();
String userRoles = new Gson().toJson(APIUtil.getListOfRoles(username));

payload.put(APIConstants.QUERY, marketplaceAssistantRequestDTO.getQuery());
payload.put(APIConstants.HISTORY, history);
payload.put(APIConstants.TENANT_DOMAIN, organization);
payload.put(APIConstants.USERROLES, userRoles.toLowerCase());
payload.put(APIConstants.APIM_VERSION, APIUtil.getAPIMVersion());

String response;
if (configDto.isKeyProvided()) {
response = APIUtil.invokeAIService(configDto.getEndpoint(), configDto.getTokenEndpoint(),
Expand Down

0 comments on commit 8a8ad9a

Please sign in to comment.