hugegraph-server/hugegraph-api/src/main/java/org/apache/hugegraph/api/auth/AccessAPI.java - incubator-hugegraph - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more
  * contributor license agreements. See the NOTICE file distributed with this
  * work for additional information regarding copyright ownership. The ASF
  * licenses this file to You under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
  * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
  * License for the specific language governing permissions and limitations
  * under the License.
  */

 package org.apache.hugegraph.api.auth;

 import java.util.List;

 import io.swagger.v3.oas.annotations.tags.Tag;
 import jakarta.ws.rs.Consumes;
 import jakarta.ws.rs.DELETE;
 import jakarta.ws.rs.DefaultValue;
 import jakarta.ws.rs.GET;
 import jakarta.ws.rs.POST;
 import jakarta.ws.rs.PUT;
 import jakarta.ws.rs.PathParam;
 import jakarta.ws.rs.Produces;
 import jakarta.ws.rs.QueryParam;
 import jakarta.ws.rs.core.Context;

 import jakarta.inject.Singleton;
 import jakarta.ws.rs.Path;
 import org.apache.hugegraph.core.GraphManager;
 import org.apache.hugegraph.define.Checkable;
 import org.slf4j.Logger;

 import org.apache.hugegraph.HugeGraph;
 import org.apache.hugegraph.api.API;
 import org.apache.hugegraph.api.filter.StatusFilter.Status;
 import org.apache.hugegraph.auth.HugeAccess;
 import org.apache.hugegraph.auth.HugePermission;
 import org.apache.hugegraph.backend.id.Id;
 import org.apache.hugegraph.exception.NotFoundException;
 import org.apache.hugegraph.util.E;
 import org.apache.hugegraph.util.Log;
 import com.codahale.metrics.annotation.Timed;
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.annotation.JsonProperty;

 @Path("graphs/{graph}/auth/accesses")
 @Singleton
 @Tag(name = "AccessAPI")
 public class AccessAPI extends API {

     private static final Logger LOG = Log.logger(AccessAPI.class);

     @POST
     @Timed
     @Status(Status.CREATED)
     @Consumes(APPLICATION_JSON)
     @Produces(APPLICATION_JSON_WITH_CHARSET)
     public String create(@Context GraphManager manager,
                          @PathParam("graph") String graph,
                          JsonAccess jsonAccess) {
         LOG.debug("Graph [{}] create access: {}", graph, jsonAccess);
         checkCreatingBody(jsonAccess);

         HugeGraph g = graph(manager, graph);
         HugeAccess access = jsonAccess.build();
         access.id(manager.authManager().createAccess(access));
         return manager.serializer(g).writeAuthElement(access);
     }

     @PUT
     @Timed
     @Path("{id}")
     @Consumes(APPLICATION_JSON)
     @Produces(APPLICATION_JSON_WITH_CHARSET)
     public String update(@Context GraphManager manager,
                          @PathParam("graph") String graph,
                          @PathParam("id") String id,
                          JsonAccess jsonAccess) {
         LOG.debug("Graph [{}] update access: {}", graph, jsonAccess);
         checkUpdatingBody(jsonAccess);

         HugeGraph g = graph(manager, graph);
         HugeAccess access;
         try {
             access = manager.authManager().getAccess(UserAPI.parseId(id));
         } catch (NotFoundException e) {
             throw new IllegalArgumentException("Invalid access id: " + id);
         }
         access = jsonAccess.build(access);
         manager.authManager().updateAccess(access);
         return manager.serializer(g).writeAuthElement(access);
     }

     @GET
     @Timed
     @Produces(APPLICATION_JSON_WITH_CHARSET)
     public String list(@Context GraphManager manager,
                        @PathParam("graph") String graph,
                        @QueryParam("group") String group,
                        @QueryParam("target") String target,
                        @QueryParam("limit") @DefaultValue("100") long limit) {
         LOG.debug("Graph [{}] list belongs by group {} or target {}",
                   graph, group, target);
         E.checkArgument(group == null || target == null,
                         "Can't pass both group and target at the same time");

         HugeGraph g = graph(manager, graph);
         List<HugeAccess> belongs;
         if (group != null) {
             Id id = UserAPI.parseId(group);
             belongs = manager.authManager().listAccessByGroup(id, limit);
         } else if (target != null) {
             Id id = UserAPI.parseId(target);
             belongs = manager.authManager().listAccessByTarget(id, limit);
         } else {
             belongs = manager.authManager().listAllAccess(limit);
         }
         return manager.serializer(g).writeAuthElements("accesses", belongs);
     }

     @GET
     @Timed
     @Path("{id}")
     @Produces(APPLICATION_JSON_WITH_CHARSET)
     public String get(@Context GraphManager manager,
                       @PathParam("graph") String graph,
                       @PathParam("id") String id) {
         LOG.debug("Graph [{}] get access: {}", graph, id);

         HugeGraph g = graph(manager, graph);
         HugeAccess access = manager.authManager().getAccess(UserAPI.parseId(id));
         return manager.serializer(g).writeAuthElement(access);
     }

     @DELETE
     @Timed
     @Path("{id}")
     @Consumes(APPLICATION_JSON)
     public void delete(@Context GraphManager manager,
                        @PathParam("graph") String graph,
                        @PathParam("id") String id) {
         LOG.debug("Graph [{}] delete access: {}", graph, id);

         @SuppressWarnings("unused") // just check if the graph exists
         HugeGraph g = graph(manager, graph);
         try {
             manager.authManager().deleteAccess(UserAPI.parseId(id));
         } catch (NotFoundException e) {
             throw new IllegalArgumentException("Invalid access id: " + id);
         }
     }

     @JsonIgnoreProperties(value = {"id", "access_creator",
                                    "access_create", "access_update"})
     private static class JsonAccess implements Checkable {

         @JsonProperty("group")
         private String group;
         @JsonProperty("target")
         private String target;
         @JsonProperty("access_permission")
         private HugePermission permission;
         @JsonProperty("access_description")
         private String description;

         public HugeAccess build(HugeAccess access) {
             E.checkArgument(this.group == null ||
                             access.source().equals(UserAPI.parseId(this.group)),
                             "The group of access can't be updated");
             E.checkArgument(this.target == null ||
                             access.target().equals(UserAPI.parseId(this.target)),
                             "The target of access can't be updated");
             E.checkArgument(this.permission == null ||
                             access.permission().equals(this.permission),
                             "The permission of access can't be updated");
             if (this.description != null) {
                 access.description(this.description);
             }
             return access;
         }

         public HugeAccess build() {
             HugeAccess access = new HugeAccess(UserAPI.parseId(this.group),
                                                UserAPI.parseId(this.target));
             access.permission(this.permission);
             access.description(this.description);
             return access;
         }

         @Override
         public void checkCreate(boolean isBatch) {
             E.checkArgumentNotNull(this.group,
                                    "The group of access can't be null");
             E.checkArgumentNotNull(this.target,
                                    "The target of access can't be null");
             E.checkArgumentNotNull(this.permission,
                                    "The permission of access can't be null");
         }

         @Override
         public void checkUpdate() {
             E.checkArgumentNotNull(this.description,
                                    "The description of access can't be null");
         }
     }
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one or more
	* contributor license agreements. See the NOTICE file distributed with this
	* work for additional information regarding copyright ownership. The ASF
	* licenses this file to You under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
	* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
	* License for the specific language governing permissions and limitations
	* under the License.
	*/

	package org.apache.hugegraph.api.auth;

	import java.util.List;

	import io.swagger.v3.oas.annotations.tags.Tag;
	import jakarta.ws.rs.Consumes;
	import jakarta.ws.rs.DELETE;
	import jakarta.ws.rs.DefaultValue;
	import jakarta.ws.rs.GET;
	import jakarta.ws.rs.POST;
	import jakarta.ws.rs.PUT;
	import jakarta.ws.rs.PathParam;
	import jakarta.ws.rs.Produces;
	import jakarta.ws.rs.QueryParam;
	import jakarta.ws.rs.core.Context;

	import jakarta.inject.Singleton;
	import jakarta.ws.rs.Path;
	import org.apache.hugegraph.core.GraphManager;
	import org.apache.hugegraph.define.Checkable;
	import org.slf4j.Logger;

	import org.apache.hugegraph.HugeGraph;
	import org.apache.hugegraph.api.API;
	import org.apache.hugegraph.api.filter.StatusFilter.Status;
	import org.apache.hugegraph.auth.HugeAccess;
	import org.apache.hugegraph.auth.HugePermission;
	import org.apache.hugegraph.backend.id.Id;
	import org.apache.hugegraph.exception.NotFoundException;
	import org.apache.hugegraph.util.E;
	import org.apache.hugegraph.util.Log;
	import com.codahale.metrics.annotation.Timed;
	import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
	import com.fasterxml.jackson.annotation.JsonProperty;

	@Path("graphs/{graph}/auth/accesses")
	@Singleton
	@Tag(name = "AccessAPI")
	public class AccessAPI extends API {

	private static final Logger LOG = Log.logger(AccessAPI.class);

	@POST
	@Timed
	@Status(Status.CREATED)
	@Consumes(APPLICATION_JSON)
	@Produces(APPLICATION_JSON_WITH_CHARSET)
	public String create(@Context GraphManager manager,
	@PathParam("graph") String graph,
	JsonAccess jsonAccess) {
	LOG.debug("Graph [{}] create access: {}", graph, jsonAccess);
	checkCreatingBody(jsonAccess);

	HugeGraph g = graph(manager, graph);
	HugeAccess access = jsonAccess.build();
	access.id(manager.authManager().createAccess(access));
	return manager.serializer(g).writeAuthElement(access);
	}

	@PUT
	@Timed
	@Path("{id}")
	@Consumes(APPLICATION_JSON)
	@Produces(APPLICATION_JSON_WITH_CHARSET)
	public String update(@Context GraphManager manager,
	@PathParam("graph") String graph,
	@PathParam("id") String id,
	JsonAccess jsonAccess) {
	LOG.debug("Graph [{}] update access: {}", graph, jsonAccess);
	checkUpdatingBody(jsonAccess);

	HugeGraph g = graph(manager, graph);
	HugeAccess access;
	try {
	access = manager.authManager().getAccess(UserAPI.parseId(id));
	} catch (NotFoundException e) {
	throw new IllegalArgumentException("Invalid access id: " + id);
	}
	access = jsonAccess.build(access);
	manager.authManager().updateAccess(access);
	return manager.serializer(g).writeAuthElement(access);
	}

	@GET
	@Timed
	@Produces(APPLICATION_JSON_WITH_CHARSET)
	public String list(@Context GraphManager manager,
	@PathParam("graph") String graph,
	@QueryParam("group") String group,
	@QueryParam("target") String target,
	@QueryParam("limit") @DefaultValue("100") long limit) {
	LOG.debug("Graph [{}] list belongs by group {} or target {}",
	graph, group, target);
	E.checkArgument(group == null \|\| target == null,
	"Can't pass both group and target at the same time");

	HugeGraph g = graph(manager, graph);
	List<HugeAccess> belongs;
	if (group != null) {
	Id id = UserAPI.parseId(group);
	belongs = manager.authManager().listAccessByGroup(id, limit);
	} else if (target != null) {
	Id id = UserAPI.parseId(target);
	belongs = manager.authManager().listAccessByTarget(id, limit);
	} else {
	belongs = manager.authManager().listAllAccess(limit);
	}
	return manager.serializer(g).writeAuthElements("accesses", belongs);
	}

	@GET
	@Timed
	@Path("{id}")
	@Produces(APPLICATION_JSON_WITH_CHARSET)
	public String get(@Context GraphManager manager,
	@PathParam("graph") String graph,
	@PathParam("id") String id) {
	LOG.debug("Graph [{}] get access: {}", graph, id);

	HugeGraph g = graph(manager, graph);
	HugeAccess access = manager.authManager().getAccess(UserAPI.parseId(id));
	return manager.serializer(g).writeAuthElement(access);
	}

	@DELETE
	@Timed
	@Path("{id}")
	@Consumes(APPLICATION_JSON)
	public void delete(@Context GraphManager manager,
	@PathParam("graph") String graph,
	@PathParam("id") String id) {
	LOG.debug("Graph [{}] delete access: {}", graph, id);

	@SuppressWarnings("unused") // just check if the graph exists
	HugeGraph g = graph(manager, graph);
	try {
	manager.authManager().deleteAccess(UserAPI.parseId(id));
	} catch (NotFoundException e) {
	throw new IllegalArgumentException("Invalid access id: " + id);
	}
	}

	@JsonIgnoreProperties(value = {"id", "access_creator",
	"access_create", "access_update"})
	private static class JsonAccess implements Checkable {

	@JsonProperty("group")
	private String group;
	@JsonProperty("target")
	private String target;
	@JsonProperty("access_permission")
	private HugePermission permission;
	@JsonProperty("access_description")
	private String description;

	public HugeAccess build(HugeAccess access) {
	E.checkArgument(this.group == null \|\|
	access.source().equals(UserAPI.parseId(this.group)),
	"The group of access can't be updated");
	E.checkArgument(this.target == null \|\|
	access.target().equals(UserAPI.parseId(this.target)),
	"The target of access can't be updated");
	E.checkArgument(this.permission == null \|\|
	access.permission().equals(this.permission),
	"The permission of access can't be updated");
	if (this.description != null) {
	access.description(this.description);
	}
	return access;
	}

	public HugeAccess build() {
	HugeAccess access = new HugeAccess(UserAPI.parseId(this.group),
	UserAPI.parseId(this.target));
	access.permission(this.permission);
	access.description(this.description);
	return access;
	}

	@Override
	public void checkCreate(boolean isBatch) {
	E.checkArgumentNotNull(this.group,
	"The group of access can't be null");
	E.checkArgumentNotNull(this.target,
	"The target of access can't be null");
	E.checkArgumentNotNull(this.permission,
	"The permission of access can't be null");
	}

	@Override
	public void checkUpdate() {
	E.checkArgumentNotNull(this.description,
	"The description of access can't be null");
	}
	}
	}