Support binding user and role (#231)
### Motivation
This is the third pr of task #14.
After merging this pr
1. pulsar-manager platform will have the preliminary multi-tenant capability. After each user logs in to the platform for the first time, a default tenant named his user name will be created for him, and a default role will be created. The role will be bound to tenant resources, bind the user to the tenant, and then the user can only see and operate the resources of the tenant bound to him when entering the platform.
2. Join other tenants. The administrator of one tenant can invite other users to join the tenant he manages, and only need to create a record in role bing.
3. Create roles. The tenant's administrator can create some roles under this tenant. The roles bind different resources. When other users enter, they can be assigned different roles, thus limiting their operation of different resources.
### Modifications
* Create default tenant, default role, default role binding
* Cache namespace
* Create role binding
* Add role binding page
### Verifying this change
Add unit test
diff --git a/front-end/src/api/roleBinding.js b/front-end/src/api/roleBinding.js
new file mode 100644
index 0000000..50e71e8
--- /dev/null
+++ b/front-end/src/api/roleBinding.js
@@ -0,0 +1,51 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+import request from '@/utils/request'
+
+const SPRING_BASE_URL = '/pulsar-manager'
+
+export function fetchRoleBinding(query) {
+ return request({
+ url: SPRING_BASE_URL + '/role-binding',
+ method: 'get',
+ params: { query }
+ })
+}
+
+export function putRoleBinding(roleName, userName, data) {
+ return request({
+ headers: { 'Content-Type': 'application/json' },
+ url: SPRING_BASE_URL + `/role-binding/${roleName}/${userName}`,
+ method: 'put',
+ data
+ })
+}
+
+export function updateRoleBinding(roleName, userName, data) {
+ return request({
+ headers: { 'Content-Type': 'application/json' },
+ url: SPRING_BASE_URL + `/role-binding/${roleName}/${userName}`,
+ method: 'post',
+ data
+ })
+}
+
+export function deleteRoleBinding(data) {
+ return request({
+ headers: { 'Content-Type': 'application/json' },
+ url: SPRING_BASE_URL + '/role-binding',
+ method: 'delete',
+ data
+ })
+}
diff --git a/front-end/src/api/roles.js b/front-end/src/api/roles.js
index b2a792a..37fe7a2 100644
--- a/front-end/src/api/roles.js
+++ b/front-end/src/api/roles.js
@@ -56,3 +56,17 @@
method: 'get'
})
}
+
+export function getResource(resourceType) {
+ return request({
+ url: SPRING_BASE_URL + `/role/resource/${resourceType}`,
+ method: 'get'
+ })
+}
+
+export function getResourceVerbs(resourceType) {
+ return request({
+ url: SPRING_BASE_URL + `/role/resourceVerbs/${resourceType}`,
+ method: 'get'
+ })
+}
diff --git a/front-end/src/lang/en.js b/front-end/src/lang/en.js
index 8264b31..3a2d729 100644
--- a/front-end/src/lang/en.js
+++ b/front-end/src/lang/en.js
@@ -805,6 +805,7 @@
colResource: 'Resource',
roleNamePlaceHolder: 'Please input role name',
roleDescPlaceHolder: 'Please input role description',
+ resourceNamePlaceHolder: 'Please select resource name',
resourceTypePlaceHolder: 'Please select resource type',
resourcePlaceHolder: 'Please select resource',
resourceVerbsPlaceHolder: 'Please select role verbs',
diff --git a/front-end/src/router/index.js b/front-end/src/router/index.js
index edd8944..dd253c5 100644
--- a/front-end/src/router/index.js
+++ b/front-end/src/router/index.js
@@ -242,6 +242,13 @@
hidden: false
},
{
+ path: '/roleBinding',
+ component: () => import('@/views/management/roleBinding/index'),
+ name: 'RoleBinding',
+ meta: { title: 'RoleBinding', noCache: true },
+ hidden: false
+ },
+ {
path: '/tokens',
component: () => import('@/views/management/tokens/index'),
name: 'Tokens',
diff --git a/front-end/src/store/modules/user.js b/front-end/src/store/modules/user.js
index 1b3b823..2f6cc3b 100644
--- a/front-end/src/store/modules/user.js
+++ b/front-end/src/store/modules/user.js
@@ -16,6 +16,7 @@
import { setName, removeName } from '@/utils/username'
import { removeEnvironment } from '@/utils/environment'
import { Message } from 'element-ui'
+import { setTenant, removeTenant } from '../../utils/tenant'
const user = {
state: {
@@ -75,6 +76,7 @@
commit('SET_TOKEN', response.headers.token)
setToken(response.headers.token)
setName(response.headers.username)
+ setTenant(response.headers.tenant)
resolve()
}).catch(error => {
reject(error)
@@ -109,6 +111,7 @@
commit('SET_ROLES', [])
removeToken()
removeName()
+ removeTenant()
removeEnvironment()
resolve()
}).catch(error => {
@@ -123,6 +126,7 @@
commit('SET_TOKEN', '')
removeToken()
removeName()
+ removeTenant()
removeEnvironment()
resolve()
})
diff --git a/front-end/src/utils/request.js b/front-end/src/utils/request.js
index 07dcca3..1f971ee 100644
--- a/front-end/src/utils/request.js
+++ b/front-end/src/utils/request.js
@@ -18,6 +18,7 @@
import { getToken } from '@/utils/auth'
import { getName } from '@/utils/username'
import { getEnvironment } from '@/utils/environment'
+import { getTenant } from '@/utils/tenant'
import router from '../router'
// create an axios instance
@@ -34,6 +35,7 @@
config.headers['token'] = getToken()
}
config.headers['username'] = getName()
+ config.headers['tenant'] = getTenant()
config.headers['environment'] = getEnvironment()
return config
},
diff --git a/front-end/src/utils/tenant.js b/front-end/src/utils/tenant.js
new file mode 100644
index 0000000..568bf2c
--- /dev/null
+++ b/front-end/src/utils/tenant.js
@@ -0,0 +1,28 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+import Cookies from 'js-cookie'
+
+const tenant = 'tenant'
+
+export function getTenant() {
+ return Cookies.get(tenant)
+}
+
+export function setTenant(name) {
+ return Cookies.set(tenant, name)
+}
+
+export function removeTenant() {
+ return Cookies.remove(tenant)
+}
diff --git a/front-end/src/views/management/roleBinding/index.vue b/front-end/src/views/management/roleBinding/index.vue
new file mode 100644
index 0000000..48f269a
--- /dev/null
+++ b/front-end/src/views/management/roleBinding/index.vue
@@ -0,0 +1,327 @@
+<!--
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+-->
+<template>
+ <div class="app-container">
+ <el-button type="primary" icon="el-icon-plus" @click="handleCreateRoleBinding">Create RoleBinding</el-button>
+
+ <el-row :gutter="24">
+ <el-col :xs="{span: 24}" :sm="{span: 24}" :md="{span: 24}" :lg="{span: 24}" :xl="{span: 24}" style="margin-top:15px">
+ <el-table
+ v-loading="roleBindingListLoading"
+ :key="roleBindingTableKey"
+ :data="roleBindingList"
+ border
+ fit
+ highlight-current-row
+ style="width: 100%;">
+ <el-table-column label="Role Binding Name" min-width="50px" align="center">
+ <template slot-scope="scope">
+ <span>{{ scope.row.name }}</span>
+ </template>
+ </el-table-column>
+ <el-table-column label="Role name" align="center" min-width="100px">
+ <template slot-scope="scope">
+ <span>{{ scope.row.roleName }}</span>
+ </template>
+ </el-table-column>
+ <el-table-column label="User Name" align="center" min-width="100px">
+ <template slot-scope="scope">
+ <span>{{ scope.row.userName }}</span>
+ </template>
+ </el-table-column>
+ <el-table-column label="Binding Description" align="center" min-width="100px">
+ <template slot-scope="scope">
+ <span>{{ scope.row.description }}</span>
+ </template>
+ </el-table-column>
+ <el-table-column :label="$t('table.actions')" align="center" class-name="small-padding fixed-width">
+ <template slot-scope="scope">
+ <el-button :disabled="scope.row.resourceType=='TENANTS'" type="primary" size="mini" @click="handleUpdateRole(scope.row)">{{ $t('table.edit') }}</el-button>
+ <el-button :disabled="scope.row.resourceType=='TENANTS'" size="mini" type="danger" @click="handleDeleteRole(scope.row)">{{ $t('table.delete') }}</el-button>
+ </template>
+ </el-table-column>
+ </el-table>
+ </el-col>
+ </el-row>
+
+ <el-dialog :title="textMap[dialogStatus]" :visible.sync="dialogFormVisible" width="30%">
+ <el-form ref="form" :rules="rules" :model="form" label-position="top">
+ <el-form-item v-if="dialogStatus==='create'" label="Name" prop="name">
+ <el-input v-model="form.name" placeholder="Please input name"/>
+ </el-form-item>
+ <el-form-item v-if="dialogStatus==='create'" label="Description">
+ <el-input :rows="2" v-model="form.description" placeholder="Please input description" type="textarea"/>
+ </el-form-item>
+ <el-form-item v-if="dialogStatus==='create'" label="Role Name" prop="roleName">
+ <el-select
+ v-model="form.roleName"
+ placeholder="Please select role name"
+ style="width:100%">
+ <el-option
+ v-for="item in roleListOptions"
+ :key="item.value"
+ :label="item.label"
+ :value="item.value"/>
+ </el-select>
+ </el-form-item>
+ <el-form-item v-if="dialogStatus==='create'" label="User Name" prop="userName">
+ <el-input :rows="2" v-model="form.userName" placeholder="Please input user name"/>
+ </el-form-item>
+ <el-form-item v-if="dialogStatus==='update'" label="Role binding name">
+ <span>{{ form.name }} </span>
+ </el-form-item>
+ <el-form-item v-if="dialogStatus==='update'" label="Role Name">
+ <el-select v-model="form.roleName" placeholder="Please select role" style="width:100%">
+ <el-option
+ v-for="item in roleListOptions"
+ :key="item.value"
+ :label="item.label"
+ :value="item.value"/>
+ </el-select>
+ </el-form-item>
+ <el-form-item v-if="dialogStatus==='update'" label="User Name">
+ <el-input :rows="2" v-model="form.userName" placeholder="Please input user name"/>
+ </el-form-item>
+ <el-form-item v-if="dialogStatus==='update'" label="Description">
+ <el-input :rows="2" v-model="form.description" placeholder="Please input description" type="textarea"/>
+ </el-form-item>
+ <el-form-item v-if="dialogStatus==='delete'">
+ <h4>Delete Role Binding {{ form.name }}</h4>
+ </el-form-item>
+ <el-form-item>
+ <el-button type="primary" @click="handleOptions()">{{ $t('table.confirm') }}</el-button>
+ <el-button @click="dialogFormVisible = false">{{ $t('table.cancel') }}</el-button>
+ </el-form-item>
+ </el-form>
+ </el-dialog>
+ </div>
+</template>
+
+<script>
+import {
+ fetchRoleBinding,
+ putRoleBinding,
+ updateRoleBinding,
+ deleteRoleBinding
+} from '@/api/roleBinding'
+
+import { fetchRoles } from '@/api/roles'
+
+export default {
+ name: 'RoleBinding',
+ data() {
+ return {
+ roleBindingList: [],
+ roleBindingTableKey: 0,
+ roleBindingListLoading: false,
+ textMap: {
+ create: 'New role binding',
+ delete: 'Delete role binding',
+ update: 'Update role binding'
+ },
+ dialogFormVisible: false,
+ dialogStatus: '',
+ form: {
+ name: '',
+ description: '',
+ roleName: '',
+ roleId: 0,
+ userName: '',
+ userId: 0
+ },
+ roleListOptions: [],
+ roleNameValue: '',
+ temp: {
+ 'name': '',
+ 'description': '',
+ 'roleName': '',
+ 'roleId': 0,
+ 'userName': '',
+ 'userId': 0
+ },
+ superUser: false,
+ description: '',
+ rules: {
+ name: [{ required: true, message: 'Name is required', trigger: 'blur' }]
+ }
+ }
+ },
+ created() {
+ this.getRoleBinding()
+ },
+ methods: {
+ getRoleBinding() {
+ fetchRoleBinding().then(response => {
+ if (!response.data) return
+ this.roleBindingList = []
+ for (var i = 0; i < response.data.data.length; i++) {
+ this.roleBindingList.push({
+ 'name': response.data.data[i].name,
+ 'description': response.data.data[i].description,
+ 'roleName': response.data.data[i].roleName,
+ 'roleId': response.data.data[i].roleId,
+ 'userName': response.data.data[i].userName,
+ 'userId': response.data.data[i].userId
+ })
+ }
+ })
+ },
+ handleCreateRoleBinding() {
+ this.form.name = ''
+ this.form.description = ''
+ this.form.roleName = ''
+ this.form.roleId = 0
+ this.form.userName = ''
+ this.form.userId = 0
+ this.dialogFormVisible = true
+ this.handleGetRoles()
+ this.dialogStatus = 'create'
+ },
+ handleDeleteRole(row) {
+ this.temp.name = row.name
+ this.temp.roleId = row.roleId
+ this.temp.userId = row.userId
+ this.dialogFormVisible = true
+ this.dialogStatus = 'delete'
+ },
+ handleUpdateRole(row) {
+ this.form.name = row.name
+ this.form.description = row.description
+ this.form.roleName = row.roleName
+ this.form.roleId = row.roleId
+ this.form.userName = row.userName
+ this.form.userId = row.userId
+ this.handleGetRoles()
+ this.dialogFormVisible = true
+ this.dialogStatus = 'update'
+ },
+ handleOptions() {
+ this.$refs['form'].validate((valid) => {
+ if (valid) {
+ switch (this.dialogStatus) {
+ case 'create':
+ this.createRoleBinding()
+ break
+ case 'delete':
+ this.deleteRoleBinding()
+ break
+ case 'update':
+ this.updateRoleBinding()
+ break
+ }
+ }
+ })
+ },
+ createRoleBinding() {
+ const data = {
+ 'name': this.form.name,
+ 'description': this.form.description,
+ 'roleId': this.form.roleId,
+ 'userId': 0,
+ 'roleSource': 'placeholder'
+ }
+ this.roleBindingList = []
+ putRoleBinding(this.form.roleName, this.form.userName, data).then(response => {
+ if (!response.data) return
+ if (response.data.hasOwnProperty('error')) {
+ this.$notify({
+ title: 'error',
+ message: response.data.error,
+ type: 'error',
+ duration: 2000
+ })
+ return
+ }
+ this.$notify({
+ title: 'success',
+ message: 'Create role binding success',
+ type: 'success',
+ duration: 2000
+ })
+ this.dialogFormVisible = false
+ this.getRoleBinding()
+ })
+ },
+ updateRoleBinding() {
+ const data = {
+ 'description': this.form.description,
+ 'roleId': this.form.roleId,
+ 'userId': this.form.userId,
+ 'name': this.form.name
+ }
+ updateRoleBinding(this.form.roleName, this.form.userName, data).then(response => {
+ if (!response.data) return
+ if (response.data.hasOwnProperty('error')) {
+ this.$notify({
+ title: 'error',
+ message: response.data.error,
+ type: 'error',
+ duration: 2000
+ })
+ return
+ }
+ this.$notify({
+ title: 'success',
+ message: 'Update role binding success',
+ type: 'success',
+ duration: 2000
+ })
+ this.dialogFormVisible = false
+ this.getRoleBinding()
+ })
+ },
+ deleteRoleBinding() {
+ const data = {
+ 'name': this.temp.name,
+ 'roleId': this.temp.roleId,
+ 'userId': this.temp.userId
+ }
+ deleteRoleBinding(data).then(response => {
+ if (!response.data) return
+ if (response.data.hasOwnProperty('error')) {
+ this.$notify({
+ title: 'error',
+ message: response.data.error,
+ type: 'error',
+ duration: 2000
+ })
+ return
+ }
+ this.$notify({
+ title: 'success',
+ message: 'Delete role success',
+ type: 'success',
+ duration: 2000
+ })
+ this.dialogFormVisible = false
+ this.getRoleBinding()
+ })
+ },
+ handleGetRoles() {
+ fetchRoles().then(response => {
+ if (!response.data) return
+ this.roleListOptions = []
+ for (var i = 0; i < response.data.data.length; i++) {
+ this.roleListOptions.push({
+ 'value': response.data.data[i].roleName,
+ 'label': response.data.data[i].roleName
+ })
+ }
+ })
+ }
+ }
+}
+</script>
diff --git a/front-end/src/views/management/roles/index.vue b/front-end/src/views/management/roles/index.vue
index 0a014c7..54c8519 100644
--- a/front-end/src/views/management/roles/index.vue
+++ b/front-end/src/views/management/roles/index.vue
@@ -59,8 +59,8 @@
</el-table-column>
<el-table-column :label="$t('table.actions')" align="center" class-name="small-padding fixed-width">
<template slot-scope="scope">
- <el-button type="primary" size="mini" @click="handleUpdateRole(scope.row)">{{ $t('table.edit') }}</el-button>
- <el-button size="mini" type="danger" @click="handleDeleteRole(scope.row)">{{ $t('table.delete') }}</el-button>
+ <el-button :disabled="scope.row.resourceType=='TENANTS'" type="primary" size="mini" @click="handleUpdateRole(scope.row)">{{ $t('table.edit') }}</el-button>
+ <el-button :disabled="scope.row.resourceType=='TENANTS'" size="mini" type="danger" @click="handleDeleteRole(scope.row)">{{ $t('table.delete') }}</el-button>
</template>
</el-table-column>
</el-table>
@@ -73,10 +73,17 @@
<el-input v-model="form.name" :placeholder="$t('role.roleNamePlaceHolder')"/>
</el-form-item>
<el-form-item v-if="dialogStatus==='create'" :label="$t('role.colRoleDesc')">
- <el-input :rows="2" v-model="form.description" :placeholder="$t('role.roleDescPlaceHolder')"/>
+ <el-input :rows="2" v-model="form.description" :placeholder="$t('role.roleDescPlaceHolder')" type="textarea"/>
</el-form-item>
- <el-form-item v-if="dialogStatus==='create'" :label="$t('role.colResourceType')">
- <el-select v-model="resourceTypeValue" :placeholder="$t('role.resourceTypePlaceHolder')">
+ <el-form-item v-if="dialogStatus==='create'" :label="$t('role.colResourceName')" prop="resourceName">
+ <el-input :rows="2" v-model="form.resourceName" :placeholder="$t('role.resourceNamePlaceHolder')"/>
+ </el-form-item>
+ <el-form-item v-if="dialogStatus==='create'" :label="$t('role.colResourceType')" prop="resourceType">
+ <el-select
+ v-model="form.resourceType"
+ :placeholder="$t('role.resourceTypePlaceHolder')"
+ style="width:100%"
+ @change="handleChangeResourceType(form.resourceType)">
<el-option
v-for="item in resourceTypeListOptions"
:key="item.value"
@@ -84,8 +91,8 @@
:value="item.value"/>
</el-select>
</el-form-item>
- <el-form-item v-if="dialogStatus==='create'" :label="$t('role.colResource')">
- <el-select v-model="form.resource" :placeholder="$t('role.resourcePlaceHolder')">
+ <el-form-item v-if="dialogStatus==='create'" :label="$t('role.colResource')" prop="resource">
+ <el-select v-model="form.resource" :placeholder="$t('role.resourcePlaceHolder')" style="width:100%">
<el-option
v-for="item in resourceListOptions"
:key="item.value"
@@ -93,14 +100,14 @@
:value="item.value"/>
</el-select>
</el-form-item>
- <el-form-item v-if="dialogStatus==='create'" :label="$t('role.colResourceVerbs')">
+ <el-form-item v-if="dialogStatus==='create'" :label="$t('role.colResourceVerbs')" prop="resourceVerbs">
<el-select
v-model="form.resourceVerbs"
:placeholder="$t('role.resourceVerbsPlaceHolder')"
multiple
- collapse-tags>
+ style="width:100%">
<el-option
- v-for="item in resourceVerbsOptions"
+ v-for="item in resourceVerbsListOptions"
:key="item.value"
:label="item.label"
:value="item.value"/>
@@ -109,11 +116,8 @@
<el-form-item v-if="dialogStatus==='update'" :label="$t('role.colRoleName')">
<span>{{ form.name }} </span>
</el-form-item>
- <el-form-item v-if="dialogStatus==='update'" :label="$t('role.colRoleDesc')">
- <el-input :rows="2" v-model="form.description" :placeholder="$t('role.roleNamePlaceHolder')"/>
- </el-form-item>
<el-form-item v-if="dialogStatus==='update'" :label="$t('role.colResourceType')">
- <el-select v-model="resourceTypeValue" :placeholder="$t('role.resourceTypePlaceHolder')">
+ <el-select v-model="form.resourceType" :placeholder="$t('role.resourceTypePlaceHolder')" style="width:100%">
<el-option
v-for="item in resourceTypeListOptions"
:key="item.value"
@@ -122,7 +126,7 @@
</el-select>
</el-form-item>
<el-form-item v-if="dialogStatus==='update'" :label="$t('role.colResource')">
- <el-select v-model="form.resource" :placeholder="$t('role.resourcePlaceHolder')">
+ <el-select v-model="form.resource" :placeholder="$t('role.resourcePlaceHolder')" style="width:100%">
<el-option
v-for="item in resourceListOptions"
:key="item.value"
@@ -135,15 +139,15 @@
v-model="form.resourceVerbs"
:placeholder="$t('role.resourceVerbsPlaceHolder')"
multiple
- collapse-tags>
+ style="width:100%">
<el-option
- v-for="item in resourceVerbsOptions"
+ v-for="item in resourceVerbsListOptions"
:key="item.value"
:label="item.label"
:value="item.value"/>
</el-select>
</el-form-item>
- <el-form-item v-if="dialogStatus==='update'" :label="$t('role.colResourceDesc')">
+ <el-form-item v-if="dialogStatus==='update'" :label="$t('role.colRoleDesc')">
<el-input :rows="2" v-model="form.description" :placeholder="$t('role.roleDescPlaceHolder')" type="textarea"/>
</el-form-item>
<el-form-item v-if="dialogStatus==='delete'">
@@ -159,7 +163,15 @@
</template>
<script>
-import { fetchRoles, putRole, getResourceType } from '@/api/roles'
+import {
+ fetchRoles,
+ putRole,
+ getResourceType,
+ getResource,
+ getResourceVerbs,
+ updateRole,
+ deleteRole
+} from '@/api/roles'
export default {
name: 'RolesInfo',
@@ -181,6 +193,7 @@
resourceType: '',
resourceName: '',
resourceVerbs: [],
+ resource: '',
roleSource: '',
resourceId: ''
},
@@ -196,11 +209,15 @@
resource: '',
resourceListOptions: [],
resourceVerbs: '',
- resourceVerbsOptions: [],
+ resourceVerbsListOptions: [],
superUser: false,
description: '',
rules: {
- name: [{ required: true, message: this.$i18n.t('role.roleNameIsRequired'), trigger: 'blur' }]
+ name: [{ required: true, message: this.$i18n.t('role.roleNameIsRequired'), trigger: 'blur' }],
+ resourceName: [{ required: true, message: 'Please input resource name', trigger: 'blur' }],
+ resourceType: [{ required: true, message: 'Please select resource name', trigger: 'blur' }],
+ resource: [{ required: true, message: 'Please select resource', trigger: 'blur' }],
+ resourceVerbs: [{ required: true, message: 'Please select resource verbs', trigger: 'blur' }]
}
}
},
@@ -228,6 +245,7 @@
this.roleList.push({
'name': response.data.data[i].roleName,
'description': response.data.data[i].description,
+ 'resource': response.data.data[i].resource,
'resourceType': response.data.data[i].resourceType,
'resourceName': response.data.data[i].resourceName,
'resourceVerbs': response.data.data[i].resourceVerbs,
@@ -238,30 +256,32 @@
}
})
},
+ getRoleByRoleName() {
+ },
handleCreateRole() {
this.form.name = ''
this.form.description = ''
this.form.resourceType = ''
this.form.resourceName = ''
this.form.resourceVerbs = ''
+ this.form.resource = ''
this.dialogFormVisible = true
this.dialogStatus = 'create'
},
handleDeleteRole(row) {
this.temp.name = row.name
- this.temp.description = row.description
- this.temp.resourceType = row.resourceType
- this.temp.resourceName = row.resourceName
- this.temp.resourceVerbs = row.resourceVerbs
this.dialogFormVisible = true
this.dialogStatus = 'delete'
},
handleUpdateRole(row) {
this.form.name = row.name
this.form.description = row.description
+ this.form.resource = row.resource
+ this.form.resourceId = row.resourceId
this.form.resourceType = row.resourceType
this.form.resourceName = row.resourceName
- this.form.resourceVerbs = row.resourceVerbs
+ this.form.resourceVerbs = row.resourceVerbs.split(',')
+ this.handleChangeResourceType(row)
this.dialogFormVisible = true
this.dialogStatus = 'update'
},
@@ -287,8 +307,9 @@
'roleName': this.form.name,
'description': this.form.description,
'resourceType': this.form.resourceType,
- 'resourceName': this.form.sourceName,
- 'resourceVerbs': this.form.resourceVerbs,
+ 'resourceName': this.form.resourceName,
+ 'resourceId': this.form.resource,
+ 'resourceVerbs': this.form.resourceVerbs.join(','),
'roleSource': 'placeholder'
}
this.resourceTypeListOptions = []
@@ -312,6 +333,87 @@
this.dialogFormVisible = false
this.getRoles()
})
+ },
+ updateRole() {
+ const data = {
+ 'roleName': this.form.name,
+ 'description': this.form.description,
+ 'resourceType': this.form.resourceType,
+ 'resourceName': this.form.resourceName,
+ 'resourceId': this.form.resourceId,
+ 'resourceVerbs': this.form.resourceVerbs.join(','),
+ 'roleSource': 'placeholder'
+ }
+ updateRole(data).then(response => {
+ if (!response.data) return
+ if (response.data.hasOwnProperty('error')) {
+ this.$notify({
+ title: 'error',
+ message: response.data.error,
+ type: 'error',
+ duration: 2000
+ })
+ return
+ }
+ this.$notify({
+ title: 'success',
+ message: 'Update role success',
+ type: 'success',
+ duration: 2000
+ })
+ this.dialogFormVisible = false
+ this.getRoles()
+ })
+ },
+ deleteRole() {
+ const data = {
+ 'roleName': this.temp.name
+ }
+ deleteRole(data).then(response => {
+ if (!response.data) return
+ if (response.data.hasOwnProperty('error')) {
+ this.$notify({
+ title: 'error',
+ message: response.data.error,
+ type: 'error',
+ duration: 2000
+ })
+ return
+ }
+ this.$notify({
+ title: 'success',
+ message: 'Delete role success',
+ type: 'success',
+ duration: 2000
+ })
+ this.dialogFormVisible = false
+ this.getRoles()
+ })
+ },
+ handleChangeResourceType(row) {
+ getResource(row.resourceType).then(response => {
+ if (!response.data) return
+ this.resourceListOptions = []
+ for (var i = 0; i < response.data.data.length; i++) {
+ if (row.resourceId === response.data.data[i].id) {
+ this.form.resource = response.data.data[i].name
+ }
+ this.resourceListOptions.push({
+ 'value': response.data.data[i].id,
+ 'label': response.data.data[i].name
+ })
+ }
+ })
+ getResourceVerbs(row.resourceType).then(response => {
+ if (!response.data) return
+ this.resourceVerbsListOptions = []
+ for (var i = 0; i < response.data.data.length; i++) {
+ this.resourceVerbsListOptions.push({
+ 'value': response.data.data[i],
+ 'label': response.data.data[i]
+ })
+ }
+ })
}
}
}
diff --git a/src/main/java/org/apache/pulsar/manager/controller/LoginController.java b/src/main/java/org/apache/pulsar/manager/controller/LoginController.java
index bf83928..f52e27d 100644
--- a/src/main/java/org/apache/pulsar/manager/controller/LoginController.java
+++ b/src/main/java/org/apache/pulsar/manager/controller/LoginController.java
@@ -104,6 +104,7 @@
result.put("login", "success");
headers.add("token", token);
headers.add("username", userAccount);
+ headers.add("tenant", userAccount);
jwtService.setToken(request.getSession().getId(), token);
// Create default role and tenant
rolesService.createDefaultRoleAndTenant(userAccount);
@@ -115,6 +116,7 @@
result.put("login", "success");
headers.add("token", token);
headers.add("username", userAccount);
+ headers.add("tenant", userAccount);
jwtService.setToken(request.getSession().getId(), token);
return new ResponseEntity<>(result, headers, HttpStatus.OK);
}
diff --git a/src/main/java/org/apache/pulsar/manager/controller/RoleBindingController.java b/src/main/java/org/apache/pulsar/manager/controller/RoleBindingController.java
new file mode 100644
index 0000000..a0937c4
--- /dev/null
+++ b/src/main/java/org/apache/pulsar/manager/controller/RoleBindingController.java
@@ -0,0 +1,209 @@
+/**
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.pulsar.manager.controller;
+
+import com.google.common.collect.Maps;
+import io.swagger.annotations.Api;
+import io.swagger.annotations.ApiOperation;
+import io.swagger.annotations.ApiParam;
+import io.swagger.annotations.ApiResponse;
+import io.swagger.annotations.ApiResponses;
+import org.apache.pulsar.manager.entity.RoleBindingEntity;
+import org.apache.pulsar.manager.entity.RoleBindingRepository;
+import org.apache.pulsar.manager.entity.UserInfoEntity;
+import org.apache.pulsar.manager.entity.UsersRepository;
+import org.apache.pulsar.manager.service.RoleBindingService;
+import org.apache.pulsar.manager.service.RolesService;
+import org.hibernate.validator.constraints.Range;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.ResponseEntity;
+import org.springframework.validation.annotation.Validated;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.validation.constraints.Min;
+import java.util.List;
+import java.util.Map;
+import java.util.Optional;
+
+/**
+ * Role binding Query class.
+ */
+@RestController
+@RequestMapping(value = "/pulsar-manager")
+@Api(description = "Support more flexible queries to role bind.")
+@Validated
+public class RoleBindingController {
+
+ @Autowired
+ private RoleBindingRepository roleBindingRepository;
+
+ @Autowired
+ private RolesService rolesService;
+
+ @Autowired
+ private UsersRepository usersRepository;
+
+ @Autowired
+ private RoleBindingService roleBindingService;
+
+ @ApiOperation(value = "Get the list of role binding")
+ @ApiResponses({
+ @ApiResponse(code = 200, message = "ok"),
+ @ApiResponse(code = 404, message = "Not found"),
+ @ApiResponse(code = 500, message = "Internal server error")
+ })
+ @RequestMapping(value = "/role-binding", method = RequestMethod.GET)
+ public ResponseEntity<Map<String, Object>> getRoleBingList(
+ @ApiParam(value = "page_num", defaultValue = "1", example = "1")
+ @RequestParam(name = "page_num", defaultValue = "1")
+ @Min(value = 1, message = "page_num is incorrect, should be greater than 0.")
+ Integer pageNum,
+ @ApiParam(value = "page_size", defaultValue = "10", example = "10")
+ @RequestParam(name="page_size", defaultValue = "10")
+ @Range(min = 1, max = 1000, message = "page_size is incorrect, should be greater than 0 and less than 1000.")
+ Integer pageSize) {
+ Map<String, Object> result = Maps.newHashMap();
+ HttpServletRequest request = ((ServletRequestAttributes)
+ RequestContextHolder.getRequestAttributes()).getRequest();
+ String token = request.getHeader("token");
+ String tenant = request.getHeader("tenant");
+ Map<String, String> validateResult = rolesService.validateCurrentTenant(token, tenant);
+ if (validateResult.get("error") != null) {
+ result.put("error", validateResult.get("error"));
+ return ResponseEntity.ok(result);
+ }
+ List<Map<String, Object>> userRoleInfo = roleBindingService.getRoleBindingList(token, tenant);
+ result.put("total", userRoleInfo.size());
+ result.put("data", userRoleInfo);
+ return ResponseEntity.ok(result);
+ }
+
+ @ApiOperation(value = "Create a role binding")
+ @ApiResponses({
+ @ApiResponse(code = 200, message = "ok"),
+ @ApiResponse(code = 404, message = "Not found"),
+ @ApiResponse(code = 500, message = "Internal server error")
+ })
+ @RequestMapping(value = "/role-binding/{roleName}/{userName}", method = RequestMethod.PUT)
+ public ResponseEntity<Map<String, Object>> addRoleBinding(
+ @PathVariable("roleName") String roleName,
+ @PathVariable("userName") String userName,
+ @RequestBody RoleBindingEntity roleBindingEntity) {
+ Map<String, Object> result = Maps.newHashMap();
+ HttpServletRequest request = ((ServletRequestAttributes)
+ RequestContextHolder.getRequestAttributes()).getRequest();
+ String token = request.getHeader("token");
+ String tenant = request.getHeader("tenant");
+ Map<String, Object> validateResult = roleBindingService.validateCreateRoleBinding(
+ token, tenant, roleName, userName);
+ if (validateResult.get("error") != null) {
+ result.put("error", validateResult.get("error"));
+ return ResponseEntity.ok(result);
+ }
+ /**
+ * To do
+ * If the bound user is not himself, the platform needs to send a notification to the other party,
+ * and the other party agrees to decide whether to bind or not.
+ */
+ roleBindingEntity.setRoleId((Long) validateResult.get("roleId"));
+ roleBindingEntity.setUserId((Long) validateResult.get("userId"));
+ roleBindingRepository.save(roleBindingEntity);
+ result.put("message", "Role binding create success");
+ return ResponseEntity.ok(result);
+ }
+
+ @ApiOperation(value = "Create a role binding")
+ @ApiResponses({
+ @ApiResponse(code = 200, message = "ok"),
+ @ApiResponse(code = 404, message = "Not found"),
+ @ApiResponse(code = 500, message = "Internal server error")
+ })
+ @RequestMapping(value = "/role-binding/{roleName}/{userName}", method = RequestMethod.POST)
+ public ResponseEntity<Map<String, Object>> updateRoleBinding(
+ @PathVariable String roleName,
+ @PathVariable String userName,
+ @RequestBody RoleBindingEntity roleBindingEntity) {
+ Map<String, Object> result = Maps.newHashMap();
+ HttpServletRequest request = ((ServletRequestAttributes)
+ RequestContextHolder.getRequestAttributes()).getRequest();
+ String token = request.getHeader("token");
+ Map<String, String> stringMap = roleBindingService.validateCurrentUser(token, roleBindingEntity);
+ if (stringMap.get("error") != null) {
+ result.put("error", stringMap.get("error"));
+ return ResponseEntity.ok(result);
+ }
+ // check old role binding
+ Optional<RoleBindingEntity> oldRoleBindingEntityOptional = roleBindingRepository.findByUserIdAndRoleId(
+ roleBindingEntity.getUserId(), roleBindingEntity.getRoleId());
+ if (!oldRoleBindingEntityOptional.isPresent()) {
+ result.put("error", "Update failed, role binding no exist");
+ return ResponseEntity.ok(result);
+ }
+
+ Optional<UserInfoEntity> checkUserInfoEntityOptional = usersRepository.findByUserName(userName);
+ if (!checkUserInfoEntityOptional.isPresent()) {
+ result.put("error", "User no exist.");
+ return ResponseEntity.ok(result);
+ }
+ UserInfoEntity checkUserInfoEntity = checkUserInfoEntityOptional.get();
+ // check new role biding
+ Optional<RoleBindingEntity> newRoleBindingEntityOptional = roleBindingRepository.findByUserIdAndRoleId(
+ checkUserInfoEntity.getUserId(), roleBindingEntity.getRoleId());
+ if (newRoleBindingEntityOptional.isPresent()) {
+ result.put("error", "This role binding is exist");
+ return ResponseEntity.ok(result);
+ }
+ roleBindingEntity.setRoleBindingId(oldRoleBindingEntityOptional.get().getRoleBindingId());
+
+ roleBindingEntity.setUserId(checkUserInfoEntity.getUserId());
+ roleBindingRepository.update(roleBindingEntity);
+ result.put("message", "Role binding update success");
+ return ResponseEntity.ok(result);
+ }
+
+ @ApiOperation(value = "Delete a role binding")
+ @ApiResponses({
+ @ApiResponse(code = 200, message = "ok"),
+ @ApiResponse(code = 404, message = "Not found"),
+ @ApiResponse(code = 500, message = "Internal server error")
+ })
+ @RequestMapping(value = "/role-binding", method = RequestMethod.DELETE)
+ public ResponseEntity<Map<String, Object>> deleteRoleBinding(@RequestBody RoleBindingEntity roleBindingEntity) {
+ Map<String, Object> result = Maps.newHashMap();
+ HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
+ String token = request.getHeader("token");
+ Map<String, String> stringMap = roleBindingService.validateCurrentUser(token, roleBindingEntity);
+ if (stringMap.get("error") != null) {
+ result.put("error", stringMap.get("error"));
+ return ResponseEntity.ok(result);
+ }
+ Optional<RoleBindingEntity> roleBindingEntityOptional = roleBindingRepository.findByUserIdAndRoleId(
+ roleBindingEntity.getUserId(), roleBindingEntity.getRoleId());
+ if (!roleBindingEntityOptional.isPresent()) {
+ result.put("error", "This role binding no exist");
+ return ResponseEntity.ok(result);
+ }
+ roleBindingRepository.delete(roleBindingEntity.getRoleId(), roleBindingEntity.getUserId());
+ result.put("message", "Delete role binding success");
+ return ResponseEntity.ok(result);
+ }
+}
diff --git a/src/main/java/org/apache/pulsar/manager/controller/RolesController.java b/src/main/java/org/apache/pulsar/manager/controller/RolesController.java
index 96f6421..ca5cef4 100644
--- a/src/main/java/org/apache/pulsar/manager/controller/RolesController.java
+++ b/src/main/java/org/apache/pulsar/manager/controller/RolesController.java
@@ -14,22 +14,23 @@
package org.apache.pulsar.manager.controller;
-import com.github.pagehelper.Page;
import com.google.common.collect.Maps;
+import com.google.common.collect.Sets;
import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiParam;
import io.swagger.annotations.ApiResponse;
import io.swagger.annotations.ApiResponses;
+import org.apache.pulsar.manager.entity.NamespaceEntity;
+import org.apache.pulsar.manager.entity.NamespacesRepository;
import org.apache.pulsar.manager.entity.RoleInfoEntity;
import org.apache.pulsar.manager.entity.RolesRepository;
-import org.apache.pulsar.manager.entity.UserInfoEntity;
-import org.apache.pulsar.manager.entity.UsersRepository;
import org.apache.pulsar.manager.service.RolesService;
import org.apache.pulsar.manager.utils.ResourceType;
import org.hibernate.validator.constraints.Range;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.ResponseEntity;
import org.springframework.validation.annotation.Validated;
+import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
@@ -39,10 +40,11 @@
import org.springframework.web.context.request.ServletRequestAttributes;
import javax.servlet.http.HttpServletRequest;
-import javax.validation.Valid;
import javax.validation.constraints.Min;
+import java.util.List;
import java.util.Map;
import java.util.Optional;
+import java.util.Set;
/**
* Roles management controller.
@@ -56,10 +58,10 @@
private RolesRepository rolesRepository;
@Autowired
- private UsersRepository usersRepository;
+ private RolesService rolesService;
@Autowired
- private RolesService rolesService;
+ private NamespacesRepository namespacesRepository;
@ApiOperation(value = "Get the list of existing roles, support paging, the default is 10 per page")
@ApiResponses({
@@ -77,10 +79,20 @@
@RequestParam(name = "page_size", defaultValue = "10")
@Range(min = 1, max = 1000, message = "page_size is incorrect, should be greater than 0 and less than 1000.")
Integer pageSize) {
- Page<RoleInfoEntity> roleInfoList = rolesRepository.findRolesList(pageNum, pageSize);
+ HttpServletRequest request = ((ServletRequestAttributes)
+ RequestContextHolder.getRequestAttributes()).getRequest();
+ String token = request.getHeader("token");
Map<String, Object> result = Maps.newHashMap();
- result.put("total", roleInfoList.getTotal());
- result.put("data", roleInfoList.getResult());
+ String tenant = request.getHeader("tenant");
+ Map<String, String> validateResult = rolesService.validateCurrentTenant(token, tenant);
+ if (validateResult.get("error") != null) {
+ result.put("error", validateResult.get("error"));
+ return ResponseEntity.ok(result);
+ }
+ List<RoleInfoEntity> roleInfoLists = rolesRepository.findRolesListByRoleSource(tenant);
+
+ result.put("total", roleInfoLists.size());
+ result.put("data", roleInfoLists);
return ResponseEntity.ok(result);
}
@@ -92,35 +104,37 @@
})
@RequestMapping(value = "/roles/role", method = RequestMethod.PUT)
public ResponseEntity<Map<String, Object>> addRole(
- @RequestBody RoleInfoEntity roleInfoEntity
- ) {
- Optional<RoleInfoEntity> optionalRoleInfoEntity = rolesRepository.findByRoleName(
- roleInfoEntity.getRoleName(), roleInfoEntity.getRoleSource());
+ @RequestBody RoleInfoEntity roleInfoEntity) {
+ HttpServletRequest request = ((ServletRequestAttributes)
+ RequestContextHolder.getRequestAttributes()).getRequest();
+ String token = request.getHeader("token");
Map<String, Object> result = Maps.newHashMap();
+ String tenant = request.getHeader("tenant");
+ Map<String, String> validateResult = rolesService.validateCurrentTenant(token, tenant);
+ if (validateResult.get("error") != null) {
+ result.put("error", validateResult.get("error"));
+ return ResponseEntity.ok(result);
+ }
+
+ Optional<RoleInfoEntity> optionalRoleInfoEntity = rolesRepository.findByRoleName(
+ roleInfoEntity.getRoleName(), tenant);
if (optionalRoleInfoEntity.isPresent()) {
result.put("error", "Failed add a role, role already exists.");
return ResponseEntity.ok(result);
}
/**
- * Set the role flag, 0 for super user, will be initialized when the platform is established, can access all
- * resources. 1 for ordinary users logged in from the platform, can access limited resources.
+ * Set the role flag,
+ * 0 for super user, will be initialized when the platform is established, can access all resources.
+ * 1 for ordinary users logged in from the platform, can access limited resources.
*/
roleInfoEntity.setFlag(1);
- if (roleInfoEntity.getRoleName().isEmpty() || !roleInfoEntity.getRoleSource().isEmpty()) {
- result.put("error", "Role name and role source cannot be empty.");
- return ResponseEntity.ok(result);
- }
- Optional<UserInfoEntity> userInfoEntityOptional = usersRepository.findByUserName(
- roleInfoEntity.getRoleSource());
- if (!userInfoEntityOptional.isPresent()) {
- result.put("error", "User does not exist, please check.");
- return ResponseEntity.ok(result);
- }
+
Map<String, String> roleInfoEntityValidate = rolesService.validateRoleInfoEntity(roleInfoEntity);
if (roleInfoEntityValidate.get("error") != null) {
result.put("error", roleInfoEntityValidate.get("error"));
return ResponseEntity.ok(result);
}
+ roleInfoEntity.setRoleSource(tenant);
rolesRepository.save(roleInfoEntity);
result.put("message", "Create a role success");
return ResponseEntity.ok(result);
@@ -134,20 +148,38 @@
})
@RequestMapping(value = "/roles/role", method = RequestMethod.POST)
public ResponseEntity<Map<String, Object>> updateRole(@RequestBody RoleInfoEntity roleInfoEntity) {
- Optional<RoleInfoEntity> optionalRoleInfoEntity = rolesRepository.findByRoleName(
- roleInfoEntity.getRoleName(), roleInfoEntity.getRoleSource());
Map<String, Object> result = Maps.newHashMap();
+ HttpServletRequest request = ((ServletRequestAttributes)
+ RequestContextHolder.getRequestAttributes()).getRequest();
+ String token = request.getHeader("token");
+ String tenant = request.getHeader("tenant");
+ Map<String, String> validateResult = rolesService.validateCurrentTenant(token, tenant);
+ if (validateResult.get("error") != null) {
+ result.put("error", validateResult.get("error"));
+ return ResponseEntity.ok(result);
+ }
+ Optional<RoleInfoEntity> optionalRoleInfoEntity = rolesRepository.findByRoleName(
+ roleInfoEntity.getRoleName(), tenant);
if (!optionalRoleInfoEntity.isPresent()) {
result.put("error", "Failed update a role, role does not exist.");
return ResponseEntity.ok(result);
}
- Map<String, String> roleInfoEntityValidate = rolesService.validateRoleInfoEntity(roleInfoEntity);
- if (roleInfoEntityValidate.get("error") != null) {
- result.put("error", roleInfoEntityValidate.get("error"));
+ RoleInfoEntity roleInfo = optionalRoleInfoEntity.get();
+ if (ResourceType.NAMESPACES.name().equals(roleInfoEntity.getResourceType())
+ || ResourceType.TOPICS.name().equals(roleInfoEntity.getResourceType())) {
+ // More resource type need be added
+ Map<String, String> roleInfoEntityValidate = rolesService.validateRoleInfoEntity(roleInfoEntity);
+ if (roleInfoEntityValidate.get("error") != null) {
+ result.put("error", roleInfoEntityValidate.get("error"));
+ return ResponseEntity.ok(result);
+ }
+ roleInfoEntity.setFlag(roleInfo.getFlag());
+ roleInfoEntity.setRoleSource(tenant);
+ rolesRepository.update(roleInfoEntity);
+ result.put("message", "Update a role success");
return ResponseEntity.ok(result);
}
- rolesRepository.update(roleInfoEntity);
- result.put("message", "Update a role success");
+ result.put("error", "Unsupported resource types");
return ResponseEntity.ok(result);
}
@@ -159,15 +191,24 @@
})
@RequestMapping(value = "/roles/role", method = RequestMethod.DELETE)
public ResponseEntity<Map<String, Object>> deleteRole(@RequestBody RoleInfoEntity roleInfoEntity) {
- Optional<RoleInfoEntity> optionalRoleInfoEntity = rolesRepository.findByRoleName(
- roleInfoEntity.getRoleName(), roleInfoEntity.getRoleSource());
Map<String, Object> result = Maps.newHashMap();
+ HttpServletRequest request = ((ServletRequestAttributes)
+ RequestContextHolder.getRequestAttributes()).getRequest();
+ String token = request.getHeader("token");
+ String tenant = request.getHeader("tenant");
+ Map<String, String> validateResult = rolesService.validateCurrentTenant(token, tenant);
+ if (validateResult.get("error") != null) {
+ result.put("error", validateResult.get("error"));
+ return ResponseEntity.ok(result);
+ }
+ Optional<RoleInfoEntity> optionalRoleInfoEntity = rolesRepository.findByRoleName(
+ roleInfoEntity.getRoleName(), tenant);
if (!optionalRoleInfoEntity.isPresent()) {
- result.put("error", "Failed update a role, role does not exist.");
+ result.put("error", "Failed delete a role, role does not exist.");
return ResponseEntity.ok(result);
}
// Cancel a permission
- rolesRepository.delete(roleInfoEntity.getRoleName(), roleInfoEntity.getRoleSource());
+ rolesRepository.delete(roleInfoEntity.getRoleName(), tenant);
result.put("message", "Delete a role success");
return ResponseEntity.ok(result);
}
@@ -181,10 +222,57 @@
@RequestMapping(value = "/role/resourceType", method = RequestMethod.GET)
public ResponseEntity<Map<String, Object>> getResourceType() {
Map<String, Object> result = Maps.newHashMap();
- HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
- String username = request.getHeader("username");
- Optional<UserInfoEntity> userInfoEntityOptional = usersRepository.findByUserName(username);
- result.put("resourceType", ResourceType.values());
+ Set<String> resourceTypeList = Sets.newHashSet();
+ resourceTypeList.add(ResourceType.NAMESPACES.name());
+ resourceTypeList.add(ResourceType.TOPICS.name());
+ resourceTypeList.add(ResourceType.SCHEMAS.name());
+ resourceTypeList.add(ResourceType.FUNCTIONS.name());
+ result.put("resourceType", resourceTypeList);
+ return ResponseEntity.ok(result);
+ }
+
+ @ApiOperation(value = "Get resource list by user id")
+ @ApiResponses({
+ @ApiResponse(code = 200, message = "ok"),
+ @ApiResponse(code = 404, message = "Not found"),
+ @ApiResponse(code = 500, message = "Internal server error")
+ })
+ @RequestMapping(value = "/role/resource/{resourceType}", method = RequestMethod.GET)
+ public ResponseEntity<Map<String, Object>> getResource(@PathVariable String resourceType) {
+ Map<String, Object> result = Maps.newHashMap();
+ HttpServletRequest request = ((ServletRequestAttributes)
+ RequestContextHolder.getRequestAttributes()).getRequest();
+ String token = request.getHeader("token");
+ String tenant = request.getHeader("tenant");
+ Map<String, String> validateResult = rolesService.validateCurrentTenant(token, tenant);
+ if (validateResult.get("error") != null) {
+ result.put("error", validateResult.get("error"));
+ return ResponseEntity.ok(result);
+ }
+ List<NamespaceEntity> namespaceEntities = namespacesRepository.findByTenant(tenant);
+ Set<Map<String, Object>> nameSet = Sets.newHashSet();
+ for (NamespaceEntity namespaceEntity : namespaceEntities) {
+ Map<String, Object> namespace = Maps.newHashMap();
+ namespace.put("name", namespaceEntity.getNamespace());
+ namespace.put("id", namespaceEntity.getNamespaceId());
+ nameSet.add(namespace);
+ }
+ result.put("data", nameSet);
+ return ResponseEntity.ok(result);
+ }
+
+ @ApiOperation(value = "Get resource verbs by resource type and resource name")
+ @ApiResponses({
+ @ApiResponse(code = 200, message = "ok"),
+ @ApiResponse(code = 404, message = "Not found"),
+ @ApiResponse(code = 500, message = "Internal server error")
+ })
+ @RequestMapping(value = "/role/resourceVerbs/{resourceType}", method = RequestMethod.GET)
+ public ResponseEntity<Map<String, Object>> getResourceVerbs(
+ @PathVariable String resourceType) {
+ Map<String, Object> result = Maps.newHashMap();
+ Set<String> verbsSet = rolesService.getResourceVerbs(resourceType);
+ result.put("data", verbsSet);
return ResponseEntity.ok(result);
}
}
diff --git a/src/main/java/org/apache/pulsar/manager/dao/NamespacesRepositoryImpl.java b/src/main/java/org/apache/pulsar/manager/dao/NamespacesRepositoryImpl.java
index 1cf833c..ca8f30c 100644
--- a/src/main/java/org/apache/pulsar/manager/dao/NamespacesRepositoryImpl.java
+++ b/src/main/java/org/apache/pulsar/manager/dao/NamespacesRepositoryImpl.java
@@ -40,6 +40,11 @@
}
@Override
+ public Optional<NamespaceEntity> findByNamespaceId(long namespaceId) {
+ return Optional.ofNullable(namespacesMapper.findByNamespaceId(namespaceId));
+ }
+
+ @Override
public Page<NamespaceEntity> findByTenantOrNamespace(Integer pageNum, Integer pageSize, String tenantOrNamespace) {
PageHelper.startPage(pageNum, pageSize);
Page<NamespaceEntity> namespacesEntities = namespacesMapper.findByTenantOrNamespace(tenantOrNamespace);
@@ -61,6 +66,12 @@
}
@Override
+ public List<NamespaceEntity> findByMultiId(List<Long> namespaceIdList) {
+ List<NamespaceEntity> namespacesEntities = namespacesMapper.findByMultiId(namespaceIdList);
+ return namespacesEntities;
+ }
+
+ @Override
public Page<NamespaceEntity> getNamespacesList(Integer pageNum, Integer pageSize) {
PageHelper.startPage(pageNum, pageSize);
Page<NamespaceEntity> namespacesEntities = namespacesMapper.getNamespacesList();
@@ -76,6 +87,12 @@
}
@Override
+ public List<NamespaceEntity> findByTenant(String tenant) {
+ Page<NamespaceEntity> namespacesEntities = namespacesMapper.findAllByTenant(tenant);
+ return namespacesEntities;
+ }
+
+ @Override
public void remove(String tenant, String namespace) {
namespacesMapper.deleteByTenantNamespace(tenant, namespace);
}
diff --git a/src/main/java/org/apache/pulsar/manager/dao/RoleBindingRepositoryImpl.java b/src/main/java/org/apache/pulsar/manager/dao/RoleBindingRepositoryImpl.java
new file mode 100644
index 0000000..d1f64cd
--- /dev/null
+++ b/src/main/java/org/apache/pulsar/manager/dao/RoleBindingRepositoryImpl.java
@@ -0,0 +1,79 @@
+/**
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.pulsar.manager.dao;
+
+import com.github.pagehelper.Page;
+import com.github.pagehelper.PageHelper;
+import org.apache.pulsar.manager.entity.RoleBindingEntity;
+import org.apache.pulsar.manager.entity.RoleBindingRepository;
+import org.apache.pulsar.manager.mapper.RoleBindingMapper;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Repository;
+
+import java.util.List;
+import java.util.Optional;
+
+@Repository
+public class RoleBindingRepositoryImpl implements RoleBindingRepository {
+
+ private RoleBindingMapper roleBindingMapper;
+
+ @Autowired
+ public RoleBindingRepositoryImpl(RoleBindingMapper roleBindingMapper) {
+ this.roleBindingMapper = roleBindingMapper;
+ }
+
+ @Override
+ public long save(RoleBindingEntity roleBindingEntity) {
+ this.roleBindingMapper.insert(roleBindingEntity);
+ return roleBindingEntity.getRoleBindingId();
+ }
+
+ @Override
+ public Optional<RoleBindingEntity> findByUserIdAndRoleId(long userId, long roleId) {
+ return Optional.ofNullable(this.roleBindingMapper.findByUserIdAndRoleId(userId, roleId));
+ }
+
+ @Override
+ public Page<RoleBindingEntity> findByUserId(Integer pageNum, Integer pageSize, long userId) {
+ PageHelper.startPage(pageNum, pageSize);
+ return this.roleBindingMapper.findByUserId(userId);
+ }
+
+ @Override
+ public Page<RoleBindingEntity> getRoleBindingList(Integer pageNum, Integer pageSize) {
+ PageHelper.startPage(pageNum, pageSize);
+ return this.roleBindingMapper.findRoleBindinglist();
+ }
+
+ @Override
+ public List<RoleBindingEntity> findByUserId(long userId) {
+ return this.roleBindingMapper.findAllByUserId(userId);
+ }
+
+ @Override
+ public List<RoleBindingEntity> findByMultiRoleId(List<Long> roleIdList) {
+ return this.roleBindingMapper.findByMultiRoleId(roleIdList);
+ }
+
+ @Override
+ public void update(RoleBindingEntity roleBindingEntity) {
+ this.roleBindingMapper.update(roleBindingEntity);
+ }
+
+ @Override
+ public void delete(long roleId, long userId) {
+ this.roleBindingMapper.delete(roleId, userId);
+ }
+}
diff --git a/src/main/java/org/apache/pulsar/manager/dao/RolesRepositoryImpl.java b/src/main/java/org/apache/pulsar/manager/dao/RolesRepositoryImpl.java
index c579dae..5071ea4 100644
--- a/src/main/java/org/apache/pulsar/manager/dao/RolesRepositoryImpl.java
+++ b/src/main/java/org/apache/pulsar/manager/dao/RolesRepositoryImpl.java
@@ -21,6 +21,7 @@
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Repository;
+import java.util.List;
import java.util.Optional;
@Repository
@@ -51,6 +52,22 @@
}
@Override
+ public List<RoleInfoEntity> findRolesListByRoleSource(String roleSource) {
+ return this.rolesMapper.findRoleListByRoleSource(roleSource);
+ }
+
+ @Override
+ public Page<RoleInfoEntity> findRolesMultiId(Integer pageNum, Integer pageSize, List<Long> idList) {
+ PageHelper.startPage(pageNum, pageSize);
+ return this.rolesMapper.findByMultiId(idList);
+ }
+
+ @Override
+ public List<RoleInfoEntity> findAllRolesByMultiId(List<Long> idList) {
+ return this.rolesMapper.findAllByMultiId(idList);
+ }
+
+ @Override
public void update(RoleInfoEntity roleInfoEntity) {
this.rolesMapper.update(roleInfoEntity);
}
diff --git a/src/main/java/org/apache/pulsar/manager/dao/TenantsRepositoryImpl.java b/src/main/java/org/apache/pulsar/manager/dao/TenantsRepositoryImpl.java
index 1d198fd..9838439 100644
--- a/src/main/java/org/apache/pulsar/manager/dao/TenantsRepositoryImpl.java
+++ b/src/main/java/org/apache/pulsar/manager/dao/TenantsRepositoryImpl.java
@@ -37,6 +37,11 @@
}
@Override
+ public Optional<TenantEntity> findByTenantId(long tenantId) {
+ return Optional.ofNullable(tenantsMapper.findByTenantId(tenantId));
+ }
+
+ @Override
public Page<TenantEntity> getTenantsList(Integer pageNum, Integer pageSize) {
PageHelper.startPage(pageNum, pageSize);
Page<TenantEntity> tenantsEntities = tenantsMapper.getTenantsList();
@@ -51,6 +56,12 @@
}
@Override
+ public List<TenantEntity> findByMultiId(List<Long> tenantIdList) {
+ List<TenantEntity> tenantsEntities = tenantsMapper.findAllByMultiId(tenantIdList);
+ return tenantsEntities;
+ }
+
+ @Override
public long save(TenantEntity tenantsEntity) {
tenantsMapper.insert(tenantsEntity);
return tenantsEntity.getTenantId();
diff --git a/src/main/java/org/apache/pulsar/manager/dao/UsersRepositoryImpl.java b/src/main/java/org/apache/pulsar/manager/dao/UsersRepositoryImpl.java
index bc1848f..5a9b9de 100644
--- a/src/main/java/org/apache/pulsar/manager/dao/UsersRepositoryImpl.java
+++ b/src/main/java/org/apache/pulsar/manager/dao/UsersRepositoryImpl.java
@@ -21,6 +21,7 @@
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Repository;
+import java.util.List;
import java.util.Optional;
@Repository
@@ -35,7 +36,8 @@
@Override
public long save(UserInfoEntity userInfoEntity) {
- return this.usersMapper.save(userInfoEntity);
+ this.usersMapper.save(userInfoEntity);
+ return userInfoEntity.getUserId();
}
@Override
@@ -44,12 +46,27 @@
}
@Override
+ public Optional<UserInfoEntity> findByUserId(long userId) {
+ return Optional.ofNullable(this.usersMapper.findByUserId(userId));
+ }
+
+ @Override
+ public Optional<UserInfoEntity> findByAccessToken(String accessToken) {
+ return Optional.ofNullable(this.usersMapper.findByAccessToken(accessToken));
+ }
+
+ @Override
public Page<UserInfoEntity> findUsersList(Integer pageNum, Integer pageSize) {
PageHelper.startPage(pageNum, pageSize);
return this.usersMapper.findUsersList();
}
@Override
+ public List<UserInfoEntity> findUsersListByMultiUserId(List<Long> userIdList) {
+ return this.usersMapper.findUsersListByMultiUserId(userIdList);
+ }
+
+ @Override
public void update(UserInfoEntity userInfoEntity) {
this.usersMapper.update(userInfoEntity);
}
diff --git a/src/main/java/org/apache/pulsar/manager/entity/NamespacesRepository.java b/src/main/java/org/apache/pulsar/manager/entity/NamespacesRepository.java
index c888414..9093328 100644
--- a/src/main/java/org/apache/pulsar/manager/entity/NamespacesRepository.java
+++ b/src/main/java/org/apache/pulsar/manager/entity/NamespacesRepository.java
@@ -26,16 +26,22 @@
Optional<NamespaceEntity> findByTenantNamespace(String tenant, String namespace);
+ Optional<NamespaceEntity> findByNamespaceId(long namespaceId);
+
Page<NamespaceEntity> findByTenantOrNamespace(Integer pageNum, Integer pageSize, String tenantOrNamespace);
Page<NamespaceEntity> findByNamespace(Integer pageNum, Integer pageSize, String namespace);
Page<NamespaceEntity> findByMultiId(Integer pageNum, Integer pageSize, List<Long> tenantIdList);
+ List<NamespaceEntity> findByMultiId(List<Long> tenantIdList);
+
Page<NamespaceEntity> getNamespacesList(Integer pageNum, Integer pageSize);
Page<NamespaceEntity> findByTenant(Integer pageNum, Integer pageSize, String tenant);
+ List<NamespaceEntity> findByTenant(String tenant);
+
void remove(String tenant, String namespace);
}
diff --git a/src/main/java/org/apache/pulsar/manager/entity/RoleBindingEntity.java b/src/main/java/org/apache/pulsar/manager/entity/RoleBindingEntity.java
new file mode 100644
index 0000000..cf3905f
--- /dev/null
+++ b/src/main/java/org/apache/pulsar/manager/entity/RoleBindingEntity.java
@@ -0,0 +1,43 @@
+/**
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.pulsar.manager.entity;
+
+import com.google.gson.annotations.SerializedName;
+import lombok.Data;
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+import lombok.Setter;
+
+/**
+ * Role binding information entity.
+ */
+@Getter
+@Setter
+@NoArgsConstructor
+@Data
+public class RoleBindingEntity {
+
+ @SerializedName("role_binding_id")
+ private long roleBindingId;
+
+ private String name;
+
+ private String description;
+
+ @SerializedName("user_id")
+ private long userId;
+
+ @SerializedName("role_id")
+ private long roleId;
+}
diff --git a/src/main/java/org/apache/pulsar/manager/entity/RoleBindingRepository.java b/src/main/java/org/apache/pulsar/manager/entity/RoleBindingRepository.java
new file mode 100644
index 0000000..c541cbf
--- /dev/null
+++ b/src/main/java/org/apache/pulsar/manager/entity/RoleBindingRepository.java
@@ -0,0 +1,81 @@
+/**
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.pulsar.manager.entity;
+
+import com.github.pagehelper.Page;
+import org.springframework.stereotype.Repository;
+
+import java.util.List;
+import java.util.Optional;
+
+@Repository
+public interface RoleBindingRepository {
+
+ /**
+ * Create a role binding for user and role
+ * @param roleBindingEntity
+ * @return role binding id
+ */
+ long save(RoleBindingEntity roleBindingEntity);
+
+ /**
+ * Get a RoleBindingEntity
+ * @param userId The user id
+ * @param roleId The role id
+ * @return RoleBindingEntity
+ */
+ Optional<RoleBindingEntity> findByUserIdAndRoleId(long userId, long roleId);
+
+ /**
+ * Get a role id list from table role binding
+ * @param userId The user id
+ * @return RoleBindingEntity
+ */
+ Page<RoleBindingEntity> findByUserId(Integer pageNum, Integer pageSize, long userId);
+
+ /**
+ * Get a role id list from table role binding
+ * @param userId The user id
+ * @return list of RoleBindingEntity
+ */
+ List<RoleBindingEntity> findByUserId(long userId);
+
+ /**
+ * Get a role id list from table role binding
+ * @param roleIdList The role id list
+ * @return list of RoleBindingEntity
+ */
+ List<RoleBindingEntity> findByMultiRoleId(List<Long> roleIdList);
+
+ /**
+ * Get role binding list, support paging.
+ * @param pageNum Get the data on which page.
+ * @param pageSize The number of data per page
+ * @return A list of RoleBindingEntity
+ */
+ Page<RoleBindingEntity> getRoleBindingList(Integer pageNum, Integer pageSize);
+
+ /**
+ * Update a role binding information
+ * @param roleBindingEntity RoleInfoEntity
+ */
+ void update(RoleBindingEntity roleBindingEntity);
+
+ /**
+ * Delete a role binding by role id and user id
+ * @param roleId role id
+ * @param userId userId
+ */
+ void delete(long roleId, long userId);
+}
diff --git a/src/main/java/org/apache/pulsar/manager/entity/RoleInfoEntity.java b/src/main/java/org/apache/pulsar/manager/entity/RoleInfoEntity.java
index 20d961d..4dab9d9 100644
--- a/src/main/java/org/apache/pulsar/manager/entity/RoleInfoEntity.java
+++ b/src/main/java/org/apache/pulsar/manager/entity/RoleInfoEntity.java
@@ -20,7 +20,6 @@
import lombok.NoArgsConstructor;
import lombok.Setter;
-import javax.validation.constraints.NotBlank;
/**
* Role information entity.
diff --git a/src/main/java/org/apache/pulsar/manager/entity/RolesRepository.java b/src/main/java/org/apache/pulsar/manager/entity/RolesRepository.java
index 7928c2c..e14c068 100644
--- a/src/main/java/org/apache/pulsar/manager/entity/RolesRepository.java
+++ b/src/main/java/org/apache/pulsar/manager/entity/RolesRepository.java
@@ -16,6 +16,7 @@
import com.github.pagehelper.Page;
import org.springframework.stereotype.Repository;
+import java.util.List;
import java.util.Optional;
@Repository
@@ -28,7 +29,7 @@
long save(RoleInfoEntity roleInfoEntity);
/**
- * Get a role information by role name. roleSource, and roleName uniquely locate a role.
+ * Get a role information by role name. roleSource, and roleName uniquely locate a role
* @param roleName The role name
* @param roleSource The tenant who created the role
* @return RoleInfoEntity
@@ -38,20 +39,43 @@
/**
* Get role list, support paging.
- * @param pageNum Get the data on which page.
+ * @param pageNum Get the data on which page
* @param pageSize The number of data per page
* @return A list of RoleInfoEntity.
*/
Page<RoleInfoEntity> findRolesList(Integer pageNum, Integer pageSize);
/**
- * Update a role information.
+ * Get role list.
+ * @param roleSource Role source, name of tenant
+ * @return A list of RoleInfoEntity.
+ */
+ List<RoleInfoEntity> findRolesListByRoleSource(String roleSource);
+
+ /**
+ * Get role list, support paging.
+ * @param pageNum Get the data on which page.
+ * @param pageSize The number of data per page
+ * @param idList a list of role id
+ * @return A list of RoleInfoEntity.
+ */
+ Page<RoleInfoEntity> findRolesMultiId(Integer pageNum, Integer pageSize, List<Long> idList);
+
+ /**
+ * Get all role list by role id, support paging.
+ * @param idList a list of role id
+ * @return A list of RoleInfoEntity.
+ */
+ List<RoleInfoEntity> findAllRolesByMultiId(List<Long> idList);
+
+ /**
+ * Update a role information
* @param roleInfoEntity RoleInfoEntity
*/
void update(RoleInfoEntity roleInfoEntity);
/**
- * Delete a role by role name.
+ * Delete a role by role name
* @param roleName role name
* @param roleSource The tenant who created the role
*/
diff --git a/src/main/java/org/apache/pulsar/manager/entity/TenantsRepository.java b/src/main/java/org/apache/pulsar/manager/entity/TenantsRepository.java
index 8de9ea1..9283cd6 100644
--- a/src/main/java/org/apache/pulsar/manager/entity/TenantsRepository.java
+++ b/src/main/java/org/apache/pulsar/manager/entity/TenantsRepository.java
@@ -26,10 +26,14 @@
Optional<TenantEntity> findByName(String tenant);
+ Optional<TenantEntity> findByTenantId(long tenantId);
+
Page<TenantEntity> getTenantsList(Integer pageNum, Integer pageSize);
Page<TenantEntity> findByMultiId(Integer pageNum, Integer pageSize, List<Long> tenantIdList);
+ List<TenantEntity> findByMultiId(List<Long> tenantIdList);
+
void remove(String tenant);
}
diff --git a/src/main/java/org/apache/pulsar/manager/entity/UsersRepository.java b/src/main/java/org/apache/pulsar/manager/entity/UsersRepository.java
index fa467bb..8f975b2 100644
--- a/src/main/java/org/apache/pulsar/manager/entity/UsersRepository.java
+++ b/src/main/java/org/apache/pulsar/manager/entity/UsersRepository.java
@@ -16,6 +16,7 @@
import com.github.pagehelper.Page;
import org.springframework.stereotype.Repository;
+import java.util.List;
import java.util.Optional;
@Repository
@@ -35,6 +36,19 @@
*/
Optional<UserInfoEntity> findByUserName(String name);
+ /**
+ * Get a user information by user id.
+ * @param userId The user id
+ * @return UserInfoEntity
+ */
+ Optional<UserInfoEntity> findByUserId(long userId);
+
+ /**
+ * Get a user information by user access token.
+ * @param accessToken The user token
+ * @return UserInfoEntity
+ */
+ Optional<UserInfoEntity> findByAccessToken(String accessToken);
/**
* Get user list, support paging.
@@ -45,6 +59,13 @@
Page<UserInfoEntity> findUsersList(Integer pageNum, Integer pageSize);
/**
+ * Get user list
+ * @param userIdList A list of user id
+ * @return A list of UserInfoEntity.
+ */
+ List<UserInfoEntity> findUsersListByMultiUserId(List<Long> userIdList);
+
+ /**
* Update a user information.
* @param userInfoEntity UserInfoEntity
*/
diff --git a/src/main/java/org/apache/pulsar/manager/interceptor/AdminHandlerInterceptor.java b/src/main/java/org/apache/pulsar/manager/interceptor/AdminHandlerInterceptor.java
index ac701a4..e0e19f0 100644
--- a/src/main/java/org/apache/pulsar/manager/interceptor/AdminHandlerInterceptor.java
+++ b/src/main/java/org/apache/pulsar/manager/interceptor/AdminHandlerInterceptor.java
@@ -22,6 +22,7 @@
import org.apache.pulsar.manager.entity.UsersRepository;
import org.apache.pulsar.manager.service.JwtService;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
import org.springframework.lang.Nullable;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.ModelAndView;
@@ -29,6 +30,7 @@
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import javax.validation.Valid;
import java.util.Map;
import java.util.Optional;
@@ -47,6 +49,9 @@
@Autowired
private UsersRepository usersRepository;
+ @Value("${user.management.enable}")
+ private boolean userManagementEnable;
+
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
String token = request.getHeader("token");
@@ -79,6 +84,23 @@
response.getWriter().append(gson.toJson(map));
return false;
}
+ if (userManagementEnable) {
+ Optional<UserInfoEntity> optionalUserInfoEntity = usersRepository.findByAccessToken(token);
+ if (!optionalUserInfoEntity.isPresent()) {
+ map.put("message", "Please login.");
+ response.setStatus(401);
+ response.getWriter().append(gson.toJson(map));
+ return false;
+ }
+ String username = request.getHeader("username");
+ UserInfoEntity userInfoEntity = optionalUserInfoEntity.get();
+ if (!userInfoEntity.getName().equals(username)) {
+ map.put("message", "Please login.");
+ response.setStatus(401);
+ response.getWriter().append(gson.toJson(map));
+ return false;
+ }
+ }
String environment = request.getHeader("environment");
Optional<EnvironmentEntity> environmentEntityOptional = environmentsRepository.findByName(environment);
if (!request.getRequestURI().startsWith("/pulsar-manager/environments") && !environmentEntityOptional.isPresent()) {
diff --git a/src/main/java/org/apache/pulsar/manager/mapper/NamespacesMapper.java b/src/main/java/org/apache/pulsar/manager/mapper/NamespacesMapper.java
index e4d0320..06b1b96 100644
--- a/src/main/java/org/apache/pulsar/manager/mapper/NamespacesMapper.java
+++ b/src/main/java/org/apache/pulsar/manager/mapper/NamespacesMapper.java
@@ -43,16 +43,29 @@
"FROM namespaces WHERE namespace=#{namespace}")
Page<NamespaceEntity> findByNamespace(String namespace);
+ @Select("SELECT tenant,namespace,namespace_id as namespaceId " +
+ "FROM namespaces WHERE namespace_id=#{namespaceId}")
+ NamespaceEntity findByNamespaceId(long namespaceId);
+
@Select({"<script>",
"SELECT tenant, namespace, namespace_id as namespaceId FROM namespaces ",
"WHERE namespace_id IN <foreach collection='namespaceIdList' item='namespaceId' open='(' separator=',' close=')'> #{namespaceId} </foreach>" +
"</script>"})
Page<NamespaceEntity> findByMultiId(@Param("namespaceIdList") List<Long> namespaceIdList);
+ @Select({"<script>",
+ "SELECT tenant, namespace, namespace_id as namespaceId FROM namespaces",
+ "WHERE namespace_id IN <foreach collection='namespaceIdList' item='namespaceId' open='(' separator=',' close=')'> #{namespaceId} </foreach>" +
+ "</script>"})
+ List<NamespaceEntity> findAllByMultiId(@Param("namespaceIdList") List<Long> namespaceIdList);
+
@Select("SELECT tenant,namespace,namespace_id as namespaceId " +
"FROM namespaces WHERE tenant=#{tenant}")
Page<NamespaceEntity> findByTenant(String tenant);
+ @Select("SELECT tenant,namespace,namespace_id as namespaceId " +
+ "FROM namespaces WHERE tenant=#{tenant}")
+ Page<NamespaceEntity> findAllByTenant(String tenant);
@Select("SELECT tenant,namespace,namespace_id as namespaceId FROM namespaces")
Page<NamespaceEntity> getNamespacesList();
diff --git a/src/main/java/org/apache/pulsar/manager/mapper/RoleBindingMapper.java b/src/main/java/org/apache/pulsar/manager/mapper/RoleBindingMapper.java
new file mode 100644
index 0000000..728bec1
--- /dev/null
+++ b/src/main/java/org/apache/pulsar/manager/mapper/RoleBindingMapper.java
@@ -0,0 +1,68 @@
+/**
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.pulsar.manager.mapper;
+
+import com.github.pagehelper.Page;
+import org.apache.ibatis.annotations.Delete;
+import org.apache.ibatis.annotations.Insert;
+import org.apache.ibatis.annotations.Mapper;
+import org.apache.ibatis.annotations.Options;
+import org.apache.ibatis.annotations.Param;
+import org.apache.ibatis.annotations.Select;
+import org.apache.ibatis.annotations.Update;
+import org.apache.pulsar.manager.entity.RoleBindingEntity;
+
+import java.util.List;
+import java.util.Optional;
+
+@Mapper
+public interface RoleBindingMapper {
+
+ @Insert("INSERT INTO role_binding (name, description, user_id, role_id) " +
+ "VALUES (#{name}, #{description}, #{userId}, #{roleId})")
+ @Options(useGeneratedKeys=true, keyProperty="roleBindingId", keyColumn="role_binding_id")
+ long insert(RoleBindingEntity roleBindingEntity);
+
+ @Select("SELECT name, role_binding_id as roleBindingId, description, user_id as userId, role_id as roleId " +
+ "FROM role_binding WHERE user_id = #{userId} and role_id=#{roleId}")
+ RoleBindingEntity findByUserIdAndRoleId(@Param("userId") long userId, @Param("roleId") long roleId);
+
+ @Select("SELECT name, role_binding_id as roleBindingId, description, user_id as userId, role_id as roleId " +
+ "FROM role_binding WHERE user_id = #{userId}")
+ Page<RoleBindingEntity> findByUserId(long userId);
+
+ @Select({"<script>",
+ "SELECT name, role_binding_id as roleBindingId, description, user_id as userId, role_id as roleId " +
+ "FROM role_binding",
+ "WHERE role_id IN <foreach collection='roleIdList' item='roleId' open='(' separator=',' close=')'> #{roleId} </foreach>" +
+ "</script>"})
+ List<RoleBindingEntity> findByMultiRoleId(@Param("roleIdList") List<Long> roleIdList);
+
+
+ @Select("SELECT name, role_binding_id as roleBindingId, description, user_id as userId, role_id as roleId " +
+ "FROM role_binding WHERE user_id = #{userId}")
+ List<RoleBindingEntity> findAllByUserId(long userId);
+
+ @Select("SELECT name, role_binding_id as roleBindingId, description, user_id as userId, role_id as roleId " +
+ "FROM role_binding")
+ Page<RoleBindingEntity> findRoleBindinglist();
+
+ @Update("UPDATE role_binding " +
+ "SET description = #{description}, name = #{name}, role_id=#{roleId}, user_id=#{userId} " +
+ "Where role_binding_id=#{roleBindingId}")
+ void update(RoleBindingEntity roleBindingEntity);
+
+ @Delete("DELETE FROM role_binding WHERE role_id = #{roleId} and user_id = #{userId}")
+ void delete(@Param("roleId") long roleId, @Param("userId") long userId);
+}
diff --git a/src/main/java/org/apache/pulsar/manager/mapper/RolesMapper.java b/src/main/java/org/apache/pulsar/manager/mapper/RolesMapper.java
index 21b9587..95342b6 100644
--- a/src/main/java/org/apache/pulsar/manager/mapper/RolesMapper.java
+++ b/src/main/java/org/apache/pulsar/manager/mapper/RolesMapper.java
@@ -23,6 +23,8 @@
import org.apache.ibatis.annotations.Update;
import org.apache.pulsar.manager.entity.RoleInfoEntity;
+import java.util.List;
+
@Mapper
public interface RolesMapper {
@@ -45,6 +47,27 @@
"role_source AS roleSource, flag FROM roles")
Page<RoleInfoEntity> findRoleList();
+ @Select("SELECT role_name AS roleName, role_id AS roleId, description, resource_type AS resourceType," +
+ "resource_name AS resourceName, resource_verbs AS resourceVerbs, resource_id as resourceId," +
+ "role_source AS roleSource, flag FROM roles WHERE role_source=#{roleSource}")
+ List<RoleInfoEntity> findRoleListByRoleSource(String roleSource);
+
+ @Select({"<script>",
+ "SELECT role_name AS roleName, role_id AS roleId, description, resource_type AS resourceType," +
+ "resource_name AS resourceName, resource_verbs AS resourceVerbs, resource_id as resourceId," +
+ "role_source AS roleSource, flag FROM roles",
+ "WHERE role_id IN <foreach collection='roleIdList' item='roleId' open='(' separator=',' close=')'> #{roleId} </foreach>" +
+ "</script>"})
+ Page<RoleInfoEntity> findByMultiId(@Param("roleIdList") List<Long> roleIdList);
+
+ @Select({"<script>",
+ "SELECT role_name AS roleName, role_id AS roleId, description, resource_type AS resourceType," +
+ "resource_name AS resourceName, resource_verbs AS resourceVerbs, resource_id as resourceId," +
+ "role_source AS roleSource, flag FROM roles",
+ "WHERE role_id IN <foreach collection='roleIdList' item='roleId' open='(' separator=',' close=')'> #{roleId} </foreach>" +
+ "</script>"})
+ List<RoleInfoEntity> findAllByMultiId(@Param("roleIdList") List<Long> roleIdList);
+
@Update("UPDATE roles " +
"SET description = #{description}, resource_type = #{resourceType}," +
"resource_name = #{resourceName}, resource_verbs = #{resourceVerbs}," +
diff --git a/src/main/java/org/apache/pulsar/manager/mapper/TenantsMapper.java b/src/main/java/org/apache/pulsar/manager/mapper/TenantsMapper.java
index e095c63..539de32 100644
--- a/src/main/java/org/apache/pulsar/manager/mapper/TenantsMapper.java
+++ b/src/main/java/org/apache/pulsar/manager/mapper/TenantsMapper.java
@@ -40,6 +40,10 @@
TenantEntity findByName(String tenant);
@Select("SELECT tenant, tenant_id as tenantId, admin_roles as adminRoles,allowed_clusters as allowedClusters " +
+ "FROM tenants WHERE tenant_id = #{tenantId}")
+ TenantEntity findByTenantId(long tenantId);
+
+ @Select("SELECT tenant, tenant_id as tenantId, admin_roles as adminRoles,allowed_clusters as allowedClusters " +
"FROM tenants")
Page<TenantEntity> getTenantsList();
@@ -50,6 +54,13 @@
"</script>"})
Page<TenantEntity> findByMultiId(@Param("tenantIdList") List<Long> tenantIdList);
+ @Select({"<script>",
+ "SELECT tenant, tenant_id as tenantId, admin_roles as adminRoles,allowed_clusters as allowedClusters" +
+ " FROM tenants ",
+ "WHERE tenant_id IN <foreach collection='tenantIdList' item='tenantId' open='(' separator=',' close=')'> #{tenantId} </foreach>" +
+ "</script>"})
+ List<TenantEntity> findAllByMultiId(@Param("tenantIdList") List<Long> tenantIdList);
+
@Delete("DELETE FROM tenants WHERE tenant = #{tenant}")
void delete(String tenant);
diff --git a/src/main/java/org/apache/pulsar/manager/mapper/UsersMapper.java b/src/main/java/org/apache/pulsar/manager/mapper/UsersMapper.java
index 466cc32..e1e06f6 100644
--- a/src/main/java/org/apache/pulsar/manager/mapper/UsersMapper.java
+++ b/src/main/java/org/apache/pulsar/manager/mapper/UsersMapper.java
@@ -18,10 +18,13 @@
import org.apache.ibatis.annotations.Insert;
import org.apache.ibatis.annotations.Mapper;
import org.apache.ibatis.annotations.Options;
+import org.apache.ibatis.annotations.Param;
import org.apache.ibatis.annotations.Select;
import org.apache.ibatis.annotations.Update;
import org.apache.pulsar.manager.entity.UserInfoEntity;
+import java.util.List;
+
@Mapper
public interface UsersMapper {
@@ -39,10 +42,32 @@
UserInfoEntity findByUserName(String name);
@Select("SELECT access_token AS accessToken, user_id AS userId, name, description, email," +
+ "phone_number AS phoneNumber, location, company, expire, password " +
+ "FROM users " +
+ "WHERE user_id = #{userId}")
+ UserInfoEntity findByUserId(long userId);
+
+ @Select("SELECT access_token AS accessToken, user_id AS userId, name, description, email," +
+ "phone_number AS phoneNumber, location, company, expire " +
+ "FROM users " +
+ "WHERE access_token = #{accessToken}")
+ UserInfoEntity findByAccessToken(String accessToken);
+
+ @Select("SELECT access_token AS accessToken, user_id AS userId, name, description, email," +
"phone_number AS phoneNumber, location, company, expire " +
"FROM users")
Page<UserInfoEntity> findUsersList();
+
+ @Select({"<script>",
+ "SELECT access_token AS accessToken, user_id AS userId, name, description, email," +
+ "phone_number AS phoneNumber, location, company, expire " +
+ "FROM users ",
+ "WHERE user_id IN <foreach collection='userIdList' item='userId' open='(' separator=',' close=')'> #{userId} </foreach>" +
+ "</script>"})
+ List<UserInfoEntity> findUsersListByMultiUserId(@Param("userIdList") List<Long> userIdList);
+
+
@Update("UPDATE users " +
"SET access_token = #{accessToken}, description = #{description}, email = #{email}," +
"phone_number = #{phoneNumber}, location = #{location}, company = #{company}, expire=#{expire}," +
diff --git a/src/main/java/org/apache/pulsar/manager/service/PulsarEvent.java b/src/main/java/org/apache/pulsar/manager/service/PulsarEvent.java
new file mode 100644
index 0000000..595c399
--- /dev/null
+++ b/src/main/java/org/apache/pulsar/manager/service/PulsarEvent.java
@@ -0,0 +1,22 @@
+/**
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.pulsar.manager.service;
+
+import javax.servlet.http.HttpServletRequest;
+
+public interface PulsarEvent {
+
+ void parsePulsarEvent(String path, HttpServletRequest httpRequest);
+
+}
diff --git a/src/main/java/org/apache/pulsar/manager/service/RoleBindingService.java b/src/main/java/org/apache/pulsar/manager/service/RoleBindingService.java
new file mode 100644
index 0000000..60d7645
--- /dev/null
+++ b/src/main/java/org/apache/pulsar/manager/service/RoleBindingService.java
@@ -0,0 +1,28 @@
+/**
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.pulsar.manager.service;
+
+import org.apache.pulsar.manager.entity.RoleBindingEntity;
+
+import java.util.List;
+import java.util.Map;
+
+public interface RoleBindingService {
+
+ Map<String, String> validateCurrentUser(String token, RoleBindingEntity roleBindingEntity);
+
+ Map<String, Object> validateCreateRoleBinding(String token, String tenant, String roleName, String userName);
+
+ List<Map<String, Object>> getRoleBindingList(String token, String tenant);
+}
diff --git a/src/main/java/org/apache/pulsar/manager/service/RolesService.java b/src/main/java/org/apache/pulsar/manager/service/RolesService.java
index 23f6534..55ee61c 100644
--- a/src/main/java/org/apache/pulsar/manager/service/RolesService.java
+++ b/src/main/java/org/apache/pulsar/manager/service/RolesService.java
@@ -16,10 +16,15 @@
import org.apache.pulsar.manager.entity.RoleInfoEntity;
import java.util.Map;
+import java.util.Set;
public interface RolesService {
Map<String, String> validateRoleInfoEntity(RoleInfoEntity roleInfoEntity);
void createDefaultRoleAndTenant(String tenant);
+
+ Set<String> getResourceVerbs(String resourceVerbs);
+
+ Map<String, String> validateCurrentTenant(String token, String tenant);
}
diff --git a/src/main/java/org/apache/pulsar/manager/service/impl/PulsarEventImpl.java b/src/main/java/org/apache/pulsar/manager/service/impl/PulsarEventImpl.java
new file mode 100644
index 0000000..2042e66
--- /dev/null
+++ b/src/main/java/org/apache/pulsar/manager/service/impl/PulsarEventImpl.java
@@ -0,0 +1,60 @@
+/**
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.pulsar.manager.service.impl;
+
+import org.apache.pulsar.manager.entity.NamespaceEntity;
+import org.apache.pulsar.manager.entity.NamespacesRepository;
+import org.apache.pulsar.manager.service.PulsarEvent;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
+import javax.servlet.http.HttpServletRequest;
+
+@Service
+public class PulsarEventImpl implements PulsarEvent {
+
+ private static final String SEPARATOR = "/";
+
+ private static final String HTTP_PUT = "PUT";
+
+ private static final String HTTP_DELETE = "DELETE";
+
+ private static final String NAMESPACES_PREFIX = "/admin/v2/namespaces";
+
+ @Autowired
+ private NamespacesRepository namespacesRepository;
+
+ private boolean isNamespace(String path, HttpServletRequest request) {
+ if (request.getMethod().equals(HTTP_PUT) && path.startsWith(NAMESPACES_PREFIX)) {
+ return true;
+ }
+ return false;
+ }
+
+ public void parsePulsarEvent(String path, HttpServletRequest request) {
+ if (isNamespace(path, request)) {
+ String[] tenantNamespace = path.split(SEPARATOR);
+ System.out.println(tenantNamespace);
+ System.out.println(tenantNamespace[0]);
+ System.out.println(tenantNamespace[1]);
+ System.out.println(tenantNamespace[2]);
+ NamespaceEntity namespaceEntity = new NamespaceEntity();
+ System.out.println(tenantNamespace[4]);
+ System.out.println(tenantNamespace[5]);
+ namespaceEntity.setTenant(tenantNamespace[4]);
+ namespaceEntity.setNamespace(tenantNamespace[5]);
+ namespacesRepository.save(namespaceEntity);
+ }
+ }
+}
diff --git a/src/main/java/org/apache/pulsar/manager/service/impl/RoleBindingServiceImpl.java b/src/main/java/org/apache/pulsar/manager/service/impl/RoleBindingServiceImpl.java
new file mode 100644
index 0000000..2e0cfa6
--- /dev/null
+++ b/src/main/java/org/apache/pulsar/manager/service/impl/RoleBindingServiceImpl.java
@@ -0,0 +1,143 @@
+/**
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.pulsar.manager.service.impl;
+
+import com.google.common.collect.Maps;
+import org.apache.pulsar.manager.entity.RoleBindingEntity;
+import org.apache.pulsar.manager.entity.RoleBindingRepository;
+import org.apache.pulsar.manager.entity.RoleInfoEntity;
+import org.apache.pulsar.manager.entity.RolesRepository;
+import org.apache.pulsar.manager.entity.UserInfoEntity;
+import org.apache.pulsar.manager.entity.UsersRepository;
+import org.apache.pulsar.manager.service.RoleBindingService;
+import org.apache.pulsar.manager.service.RolesService;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+import java.util.Optional;
+
+@Service
+public class RoleBindingServiceImpl implements RoleBindingService {
+
+ @Autowired
+ private UsersRepository usersRepository;
+
+ @Autowired
+ private RoleBindingRepository roleBindingRepository;
+
+ @Autowired
+ private RolesService rolesService;
+
+ @Autowired
+ private RolesRepository rolesRepository;
+
+ public Map<String, String> validateCurrentUser(String token, RoleBindingEntity roleBindingEntity) {
+ Map<String, String> result = Maps.newHashMap();
+ Optional<UserInfoEntity> userInfoEntityOptional = usersRepository.findByAccessToken(token);
+ if (!userInfoEntityOptional.isPresent()) {
+ result.put("error", "User no exist.");
+ return result;
+ }
+ UserInfoEntity userInfoEntity = userInfoEntityOptional.get();
+ List<RoleBindingEntity> roleBindingEntities = roleBindingRepository.findByUserId(userInfoEntity.getUserId());
+ List<Long> roleIdList = new ArrayList<>();
+ for (RoleBindingEntity r : roleBindingEntities) {
+ roleIdList.add(r.getRoleId());
+ }
+ if (!roleIdList.contains(roleBindingEntity.getRoleId())) {
+ result.put("error", "This operation is illegal for this user");
+ return result;
+ }
+ result.put("message", "Validate current user success");
+ return result;
+ }
+
+ public Map<String, Object> validateCreateRoleBinding(
+ String token, String tenant, String roleName, String userName) {
+ Map<String, Object> result = Maps.newHashMap();
+
+ Optional<UserInfoEntity> userInfoEntityOptional = usersRepository.findByUserName(userName);
+ if (!userInfoEntityOptional.isPresent()) {
+ result.put("error", "The user is not exist");
+ return result;
+ }
+ Map<String, String> validateResult = rolesService.validateCurrentTenant(token, tenant);
+ if (validateResult.get("error") != null) {
+ result.put("error", validateResult.get("error"));
+ return result;
+ }
+
+ Optional<RoleInfoEntity> roleInfoEntityOptional = rolesRepository.findByRoleName(roleName, tenant);
+ if (!roleInfoEntityOptional.isPresent()) {
+ result.put("error", "This role is no exist");
+ return result;
+ }
+
+ Optional<RoleBindingEntity> roleBindingEntityOptional = roleBindingRepository.findByUserIdAndRoleId(
+ userInfoEntityOptional.get().getUserId(), roleInfoEntityOptional.get().getRoleId());
+ if (roleBindingEntityOptional.isPresent()) {
+ result.put("error", "Role binding already exist");
+ return result;
+ }
+ result.put("message", "Validate create role success");
+ result.put("roleId", roleInfoEntityOptional.get().getRoleId());
+ result.put("userId", userInfoEntityOptional.get().getUserId());
+ return result;
+ }
+
+ public List<Map<String, Object>> getRoleBindingList(String token, String tenant) {
+ Optional<UserInfoEntity> userInfoEntityOptional = usersRepository.findByAccessToken(token);
+ List<RoleBindingEntity> roleBindingEntityList = roleBindingRepository.findByUserId(
+ userInfoEntityOptional.get().getUserId());
+ List<Long> roleIdList = new ArrayList<>();
+ roleBindingEntityList.forEach((roleBinding) -> {
+ roleIdList.add(roleBinding.getRoleId());
+ });
+ List<RoleBindingEntity> roleBindingEntities = roleBindingRepository.findByMultiRoleId(roleIdList);
+ List<Long> userIdList = new ArrayList<>();
+ for (RoleBindingEntity roleBindingEntity : roleBindingEntities) {
+ userIdList.add(roleBindingEntity.getUserId());
+ }
+ List<UserInfoEntity> userInfoEntities = usersRepository.findUsersListByMultiUserId(userIdList);
+ Map<Long, UserInfoEntity> userInfoEntityMap = Maps.newHashMap();
+ userInfoEntities.forEach((u) -> {
+ userInfoEntityMap.put(u.getUserId(), u);
+ });
+ List<RoleInfoEntity> roleInfoEntities = rolesRepository.findAllRolesByMultiId(roleIdList);
+ Map<Long, RoleInfoEntity> roleInfoEntityMap = Maps.newHashMap();
+ roleInfoEntities.forEach((r) -> {
+ roleInfoEntityMap.put(r.getRoleId(), r);
+ });
+ List<Map<String, Object>> userRoleInfo = new ArrayList<>();
+ roleBindingEntities.forEach((binding) -> {
+ RoleInfoEntity roleInfoEntity = roleInfoEntityMap.get(binding.getRoleId());
+ if (roleInfoEntity != null && roleInfoEntity.getRoleSource().equals(tenant)) {
+ Map<String, Object> map = Maps.newHashMap();
+ map.put("name", binding.getName());
+ map.put("description", binding.getDescription());
+ map.put("userId", binding.getUserId());
+ if (userInfoEntityMap.get(binding.getUserId()) != null) {
+ map.put("userName", userInfoEntityMap.get(binding.getUserId()).getName());
+ }
+ map.put("roleId", binding.getRoleId());
+ map.put("roleName", roleInfoEntity.getRoleName());
+ userRoleInfo.add(map);
+ }
+ });
+ return userRoleInfo;
+ }
+}
diff --git a/src/main/java/org/apache/pulsar/manager/service/impl/RolesServiceImpl.java b/src/main/java/org/apache/pulsar/manager/service/impl/RolesServiceImpl.java
index 8af3938..fb38855 100644
--- a/src/main/java/org/apache/pulsar/manager/service/impl/RolesServiceImpl.java
+++ b/src/main/java/org/apache/pulsar/manager/service/impl/RolesServiceImpl.java
@@ -15,14 +15,22 @@
import com.github.pagehelper.Page;
import com.google.common.collect.Maps;
+import com.google.common.collect.Sets;
import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang3.EnumUtils;
import org.apache.pulsar.manager.entity.EnvironmentEntity;
import org.apache.pulsar.manager.entity.EnvironmentsRepository;
+import org.apache.pulsar.manager.entity.NamespaceEntity;
+import org.apache.pulsar.manager.entity.NamespacesRepository;
+import org.apache.pulsar.manager.entity.RoleBindingEntity;
+import org.apache.pulsar.manager.entity.RoleBindingRepository;
import org.apache.pulsar.manager.entity.RoleInfoEntity;
import org.apache.pulsar.manager.entity.RolesRepository;
import org.apache.pulsar.manager.entity.TenantEntity;
import org.apache.pulsar.manager.entity.TenantsRepository;
+import org.apache.pulsar.manager.entity.UserInfoEntity;
+import org.apache.pulsar.manager.entity.UsersRepository;
import org.apache.pulsar.manager.service.ClustersService;
import org.apache.pulsar.manager.service.RolesService;
import org.apache.pulsar.manager.service.TenantsService;
@@ -31,12 +39,14 @@
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
+import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
+import java.util.regex.Pattern;
@Slf4j
@Service
@@ -49,6 +59,9 @@
private EnvironmentsRepository environmentsRepository;
@Autowired
+ private UsersRepository usersRepository;
+
+ @Autowired
private TenantsService tenantsService;
@Autowired
@@ -57,10 +70,60 @@
@Autowired
private ClustersService clustersService;
+ @Autowired
+ private RoleBindingRepository roleBindingRepository;
+
+ @Autowired
+ private NamespacesRepository namespacesRepository;
+
private final String VERBS_SEPARATOR = ",";
+ private static final Pattern pattern = Pattern.compile("[A-Za-z0-9_]+");
+
public Map<String, String> validateRoleInfoEntity(RoleInfoEntity roleInfoEntity) {
Map<String, String> validateResult = Maps.newHashMap();
+
+ if (StringUtils.isBlank(roleInfoEntity.getRoleName())) {
+ validateResult.put("error", "Role name cannot be empty");
+ return validateResult;
+ }
+
+ if (StringUtils.isBlank(roleInfoEntity.getResourceName())) {
+ validateResult.put("error", "Resource name cannot be empty");
+ return validateResult;
+ }
+
+ if (!(pattern.matcher(roleInfoEntity.getRoleName()).matches())) {
+ validateResult.put("error", "Role name is illegal");
+ return validateResult;
+ }
+
+ if (!(pattern.matcher(roleInfoEntity.getResourceName()).matches())) {
+ validateResult.put("error", "Resource Name is illegal");
+ return validateResult;
+ }
+
+ if (!EnumUtils.isValidEnum(ResourceType.class, roleInfoEntity.getResourceType())) {
+ validateResult.put("error", "Resource type is illegal");
+ return validateResult;
+ }
+
+ if (ResourceType.TENANTS.name().equals(roleInfoEntity.getResourceType())) {
+ Optional<TenantEntity> tenantEntity = tenantsRepository.findByTenantId(roleInfoEntity.getResourceId());
+ if (!tenantEntity.isPresent()) {
+ validateResult.put("error", "Tenant no exist, please check");
+ return validateResult;
+ }
+ }
+
+ if (ResourceType.NAMESPACES.name().equals(roleInfoEntity.getResourceType())) {
+ Optional<NamespaceEntity> namespaceEntity = namespacesRepository.findByNamespaceId(
+ roleInfoEntity.getResourceId());
+ if (!namespaceEntity.isPresent()) {
+ validateResult.put("error", "Namespace no exist, please check");
+ return validateResult;
+ }
+ }
Set<String> resourceVerbs = new HashSet<>(
Arrays.asList(roleInfoEntity.getResourceVerbs().split(VERBS_SEPARATOR)));
for (String verb : resourceVerbs) {
@@ -113,10 +176,16 @@
tenantEntity.setTenant(tenant);
tenantEntity.setAdminRoles(tenant);
tenantEntity.setAllowedClusters(clusterList.get(0));
- tenantsRepository.save(tenantEntity);
- Optional<TenantEntity> tenantEntityOptional = tenantsRepository.findByName(tenant);
- roleInfoEntity.setResourceId(tenantEntityOptional.get().getTenantId());
- rolesRepository.save(roleInfoEntity);
+ long tenantId = tenantsRepository.save(tenantEntity);
+ roleInfoEntity.setResourceId(tenantId);
+ long roleId = rolesRepository.save(roleInfoEntity);
+ RoleBindingEntity roleBindingEntity = new RoleBindingEntity();
+ roleBindingEntity.setName(tenant);
+ roleBindingEntity.setDescription("This init binding for tenant");
+ roleBindingEntity.setRoleId(roleId);
+ Optional<UserInfoEntity> userInfoEntity = usersRepository.findByUserName(tenant);
+ roleBindingEntity.setUserId(userInfoEntity.get().getUserId());
+ roleBindingRepository.save(roleBindingEntity);
} catch (Exception e) {
/**
* TO DO
@@ -127,4 +196,56 @@
}
}
}
+
+ public Set<String> getResourceVerbs(String resourceType) {
+ Set<String> verbsSet = Sets.newHashSet();
+ if (ResourceType.TENANTS.name().equals(resourceType)) {
+ verbsSet.add(ResourceVerbs.ADMIN.name());
+ }
+ if (ResourceType.NAMESPACES.name().equals(resourceType)) {
+ verbsSet.add(ResourceVerbs.ADMIN.name());
+ verbsSet.add(ResourceVerbs.CONSUME.name());
+ verbsSet.add(ResourceVerbs.PRODUCE.name());
+ verbsSet.add(ResourceVerbs.FUNCTION.name());
+ }
+ if (ResourceType.ALL.name().equals(resourceType)) {
+ verbsSet.add(ResourceVerbs.SUPER_USER.name());
+ verbsSet.add(ResourceVerbs.ADMIN.name());
+ verbsSet.add(ResourceVerbs.CONSUME.name());
+ verbsSet.add(ResourceVerbs.PRODUCE.name());
+ verbsSet.add(ResourceVerbs.FUNCTION.name());
+ }
+ return verbsSet;
+ }
+
+ public Map<String, String> validateCurrentTenant(String token, String tenant) {
+ Map<String, String> result = Maps.newHashMap();
+ Optional<UserInfoEntity> userInfoEntityOptional = usersRepository.findByAccessToken(token);
+ if (!userInfoEntityOptional.isPresent()) {
+ result.put("error", "User no exist.");
+ return result;
+ }
+ UserInfoEntity userInfoEntity = userInfoEntityOptional.get();
+ List<RoleBindingEntity> roleBindingEntities = roleBindingRepository.findByUserId(userInfoEntity.getUserId());
+ List<Long> roleIdList = new ArrayList<>();
+ for (RoleBindingEntity roleBindingEntity : roleBindingEntities) {
+ roleIdList.add(roleBindingEntity.getRoleId());
+ }
+ List<RoleInfoEntity> roleInfoEntities = rolesRepository.findAllRolesByMultiId(roleIdList);
+ List<Long> resourceIdList = new ArrayList<>();
+ for (RoleInfoEntity infoEntity : roleInfoEntities) {
+ resourceIdList.add(infoEntity.getResourceId());
+ }
+ List<TenantEntity> tenantEntities = tenantsRepository.findByMultiId(resourceIdList);
+ Set<String> tenantNameList = Sets.newHashSet();
+ for (TenantEntity tenantEntity : tenantEntities) {
+ tenantNameList.add(tenantEntity.getTenant());
+ }
+ if (!tenantNameList.contains(tenant)) {
+ result.put("error", "This user no include this tenant");
+ return result;
+ }
+ result.put("message", "Validate tenant success");
+ return result;
+ }
}
diff --git a/src/main/java/org/apache/pulsar/manager/zuul/EnvironmentForward.java b/src/main/java/org/apache/pulsar/manager/zuul/EnvironmentForward.java
index 4be4c8a..068ce0f 100644
--- a/src/main/java/org/apache/pulsar/manager/zuul/EnvironmentForward.java
+++ b/src/main/java/org/apache/pulsar/manager/zuul/EnvironmentForward.java
@@ -13,10 +13,13 @@
*/
package org.apache.pulsar.manager.zuul;
+import org.apache.pulsar.manager.entity.NamespaceEntity;
+import org.apache.pulsar.manager.entity.NamespacesRepository;
import org.apache.pulsar.manager.service.EnvironmentCacheService;
import com.netflix.zuul.ZuulFilter;
import com.netflix.zuul.context.RequestContext;
import org.apache.commons.lang3.StringUtils;
+import org.apache.pulsar.manager.service.PulsarEvent;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
@@ -39,14 +42,18 @@
private static final Logger log = LoggerFactory.getLogger(EnvironmentForward.class);
+ private final PulsarEvent pulsarEvent;
+
@Value("${backend.jwt.token}")
private String pulsarJwtToken;
private final EnvironmentCacheService environmentCacheService;
@Autowired
- public EnvironmentForward(EnvironmentCacheService environmentCacheService) {
+ public EnvironmentForward(
+ EnvironmentCacheService environmentCacheService, PulsarEvent pulsarEvent) {
this.environmentCacheService = environmentCacheService;
+ this.pulsarEvent = pulsarEvent;
}
@Override
@@ -91,6 +98,7 @@
return null;
}
String serviceUrl = environmentCacheService.getServiceUrl(request);
+ System.out.println(serviceUrl);
return forwardRequest(ctx, request, serviceUrl);
}
@@ -99,6 +107,7 @@
try {
ctx.addZuulRequestHeader("Authorization", String.format("Bearer %s", pulsarJwtToken));
ctx.setRouteHost(new URL(serviceUrl));
+ pulsarEvent.parsePulsarEvent(request.getRequestURI(), request);
log.info("Forward request to {} @ path {}",
serviceUrl, request.getRequestURI());
} catch (MalformedURLException e) {
diff --git a/src/main/resources/META-INF/sql/herddb-schema.sql b/src/main/resources/META-INF/sql/herddb-schema.sql
index b6650cc..00d65f5 100644
--- a/src/main/resources/META-INF/sql/herddb-schema.sql
+++ b/src/main/resources/META-INF/sql/herddb-schema.sql
@@ -151,3 +151,37 @@
tenant varchar(255) NOT NULL,
namespace varchar(255) NOT NULL
);
+
+CREATE TABLE IF NOT EXISTS roles (
+ role_id BIGINT PRIMARY KEY AUTO_INCREMENT,
+ role_name varchar(256) NOT NULL,
+ role_source varchar(256) NOT NULL,
+ description varchar(128),
+ resource_id BIGINT NOT NULL,
+ resource_type varchar(48) NOT NULL,
+ resource_name varchar(48) NOT NULL,
+ resource_verbs varchar(256) NOT NULL,
+ flag INT NOT NULL
+);
+
+CREATE TABLE IF NOT EXISTS tenants (
+ tenant_id BIGINT PRIMARY KEY AUTO_INCREMENT,
+ tenant varchar(255) NOT NULL,
+ admin_roles varchar(255),
+ allowed_clusters varchar(255)
+);
+
+CREATE TABLE IF NOT EXISTS namespaces (
+ namespace_id BIGINT PRIMARY KEY AUTO_INCREMENT,
+ tenant varchar(255) NOT NULL,
+ namespace varchar(255) NOT NULL
+);
+
+CREATE TABLE IF NOT EXISTS role_binding(
+ role_binding_id BIGINT PRIMARY KEY AUTO_INCREMENT,
+ name varchar(256) NOT NULL,
+ description varchar(256),
+ role_id BIGINT NOT NULL,
+ user_id BIGINT NOT NULL
+);
+
diff --git a/src/test/java/org/apache/pulsar/manager/dao/NamespacesRepositoryImplTest.java b/src/test/java/org/apache/pulsar/manager/dao/NamespacesRepositoryImplTest.java
index 2871cc7..be96233 100644
--- a/src/test/java/org/apache/pulsar/manager/dao/NamespacesRepositoryImplTest.java
+++ b/src/test/java/org/apache/pulsar/manager/dao/NamespacesRepositoryImplTest.java
@@ -169,6 +169,18 @@
namespacesEntity.getTenant(), namespacesEntity.getNamespace());
Assert.assertEquals(namespacesEntityOptional.get().getTenant(), "test-namespace-public");
Assert.assertEquals(namespacesEntityOptional.get().getNamespace(), "test-namespace-default");
+ namespacesRepository.remove(namespacesEntity.getTenant(), namespacesEntity.getNamespace());
+ }
+
+ @Test
+ public void findByNamespaceIdTest() {
+ NamespaceEntity namespacesEntity = new NamespaceEntity();
+ initNamespaceEntity(namespacesEntity);
+ long namespaceId = namespacesRepository.save(namespacesEntity);
+ Optional<NamespaceEntity> namespacesEntityOptional = namespacesRepository.findByNamespaceId(namespaceId);
+ Assert.assertEquals(namespacesEntityOptional.get().getTenant(), "test-namespace-public");
+ Assert.assertEquals(namespacesEntityOptional.get().getNamespace(), "test-namespace-default");
+ namespacesRepository.remove(namespacesEntity.getTenant(), namespacesEntity.getNamespace());
}
@Test
diff --git a/src/test/java/org/apache/pulsar/manager/dao/RoleBindingRepositoryImplTest.java b/src/test/java/org/apache/pulsar/manager/dao/RoleBindingRepositoryImplTest.java
new file mode 100644
index 0000000..6a95a08
--- /dev/null
+++ b/src/test/java/org/apache/pulsar/manager/dao/RoleBindingRepositoryImplTest.java
@@ -0,0 +1,74 @@
+/**
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.pulsar.manager.dao;
+
+import com.github.pagehelper.Page;
+import org.apache.pulsar.manager.PulsarManagerApplication;
+import org.apache.pulsar.manager.entity.RoleBindingEntity;
+import org.apache.pulsar.manager.entity.RoleBindingRepository;
+import org.apache.pulsar.manager.profiles.HerdDBTestProfile;
+import org.junit.Assert;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.test.context.ActiveProfiles;
+import org.springframework.test.context.junit4.SpringRunner;
+
+@RunWith(SpringRunner.class)
+@SpringBootTest(
+ classes = {
+ PulsarManagerApplication.class,
+ HerdDBTestProfile.class
+ }
+)
+@ActiveProfiles("test")
+public class RoleBindingRepositoryImplTest {
+
+ @Autowired
+ private RoleBindingRepository roleBindingRepository;
+
+ @Test
+ public void roleBindingTest() {
+ RoleBindingEntity roleBindingEntity = new RoleBindingEntity();
+ roleBindingEntity.setDescription("this is description");
+ roleBindingEntity.setName("test-role-binding");
+ roleBindingEntity.setRoleId(1);
+ roleBindingEntity.setUserId(2);
+
+ roleBindingRepository.save(roleBindingEntity);
+
+ Page<RoleBindingEntity> roleBindingEntities = roleBindingRepository.findByUserId(
+ 1, 2, 2);
+ roleBindingEntities.getResult().forEach((r) -> {
+ Assert.assertEquals(r.getRoleBindingId(), 1);
+ Assert.assertEquals(r.getName(), "test-role-binding");
+ Assert.assertEquals(r.getRoleId(), 1);
+ Assert.assertEquals(r.getDescription(), "this is description");
+ });
+
+ roleBindingEntity.setName("update-role-binding");
+ roleBindingEntity.setDescription("this is update description");
+ roleBindingRepository.update(roleBindingEntity);
+ Page<RoleBindingEntity> updateRoleBindingEntities = roleBindingRepository.findByUserId(
+ 1, 2, 2);
+ updateRoleBindingEntities.getResult().forEach((r) -> {
+ Assert.assertEquals(r.getRoleBindingId(), 1);
+ Assert.assertEquals(r.getName(), "update-role-binding");
+ Assert.assertEquals(r.getRoleId(), 1);
+ Assert.assertEquals(r.getDescription(), "this is update description");
+ });
+ }
+
+}
diff --git a/src/test/java/org/apache/pulsar/manager/dao/RolesRepositoryImplTest.java b/src/test/java/org/apache/pulsar/manager/dao/RolesRepositoryImplTest.java
index 31e1ac5..4688074 100644
--- a/src/test/java/org/apache/pulsar/manager/dao/RolesRepositoryImplTest.java
+++ b/src/test/java/org/apache/pulsar/manager/dao/RolesRepositoryImplTest.java
@@ -18,7 +18,6 @@
import org.apache.pulsar.manager.entity.RoleInfoEntity;
import org.apache.pulsar.manager.entity.RolesRepository;
import org.apache.pulsar.manager.profiles.HerdDBTestProfile;
-import org.apache.pulsar.manager.profiles.SqliteDBTestProfile;
import org.junit.Assert;
import org.junit.Test;
import org.junit.runner.RunWith;
@@ -27,6 +26,8 @@
import org.springframework.test.context.ActiveProfiles;
import org.springframework.test.context.junit4.SpringRunner;
+import java.util.ArrayList;
+import java.util.List;
import java.util.Optional;
@RunWith(SpringRunner.class)
@@ -44,7 +45,7 @@
private void initRole(RoleInfoEntity roleInfoEntity) {
roleInfoEntity.setRoleName("test-role-name");
- roleInfoEntity.setRoleSource("admin");
+ roleInfoEntity.setRoleSource("test-tenant");
roleInfoEntity.setResourceType("tenants");
roleInfoEntity.setResourceName("tenants");
roleInfoEntity.setResourceVerbs("admin");
@@ -55,7 +56,7 @@
private void validateRole(RoleInfoEntity role) {
Assert.assertEquals(role.getRoleName(), "test-role-name");
- Assert.assertEquals(role.getRoleSource(), "admin");
+ Assert.assertEquals(role.getRoleSource(), "test-tenant");
Assert.assertEquals(role.getResourceType(), "tenants");
Assert.assertEquals(role.getResourceName(), "tenants");
Assert.assertEquals(role.getResourceVerbs(), "admin");
@@ -80,6 +81,20 @@
}
@Test
+ public void findRolesListByRoleSourceTest() {
+ RoleInfoEntity roleInfoEntity = new RoleInfoEntity();
+ initRole(roleInfoEntity);
+
+ rolesRepository.save(roleInfoEntity);
+
+ List<RoleInfoEntity> rolesList = rolesRepository.findRolesListByRoleSource("test-tenant");
+ rolesList.forEach((role) -> {
+ validateRole(role);
+ rolesRepository.delete(role.getRoleName(), role.getRoleSource());
+ });
+ }
+
+ @Test
public void getRoleInfoTest() {
RoleInfoEntity roleInfoEntity = new RoleInfoEntity();
initRole(roleInfoEntity);
@@ -110,4 +125,21 @@
roleInfoEntity.getRoleName(), roleInfoEntity.getRoleSource());
Assert.assertFalse(deleteRoleInfo.isPresent());
}
+
+ @Test
+ public void findMultiIdTest() {
+ RoleInfoEntity roleInfoEntity = new RoleInfoEntity();
+ initRole(roleInfoEntity);
+
+ long roleId = rolesRepository.save(roleInfoEntity);
+ List<Long> roleIdList = new ArrayList<>();
+ roleIdList.add(roleId);
+ roleIdList.add(roleInfoEntity.getRoleId());
+ Page<RoleInfoEntity> roleInfoEntities = rolesRepository.findRolesMultiId(1, 2, roleIdList);
+ roleInfoEntities.count(true);
+ for (RoleInfoEntity infoEntity : roleInfoEntities.getResult()) {
+ validateRole(infoEntity);
+ rolesRepository.delete(infoEntity.getRoleName(), infoEntity.getRoleSource());
+ }
+ }
}
diff --git a/src/test/java/org/apache/pulsar/manager/dao/TenantsRepositoryImplTest.java b/src/test/java/org/apache/pulsar/manager/dao/TenantsRepositoryImplTest.java
index f4683ba..54b09cf 100644
--- a/src/test/java/org/apache/pulsar/manager/dao/TenantsRepositoryImplTest.java
+++ b/src/test/java/org/apache/pulsar/manager/dao/TenantsRepositoryImplTest.java
@@ -107,4 +107,18 @@
Assert.assertEquals(getTenantEntity.getAllowedClusters(), "test-cluster");
tenantsRepository.remove("test");
}
+
+ @Test
+ public void findByTenantId() {
+ TenantEntity tenantEntity = new TenantEntity();
+ tenantEntity.setTenant("test");
+ tenantEntity.setAdminRoles("test-role");
+ tenantEntity.setAllowedClusters("test-cluster");
+ long tenantId = tenantsRepository.save(tenantEntity);
+ Optional<TenantEntity> result = tenantsRepository.findByTenantId(tenantId);
+ TenantEntity getTenantEntity = result.get();
+ Assert.assertEquals(getTenantEntity.getTenant(), "test");
+ Assert.assertEquals(getTenantEntity.getAdminRoles(), "test-role");
+ Assert.assertEquals(getTenantEntity.getAllowedClusters(), "test-cluster");
+ }
}
\ No newline at end of file
diff --git a/src/test/java/org/apache/pulsar/manager/dao/UsersRepositoryImplTest.java b/src/test/java/org/apache/pulsar/manager/dao/UsersRepositoryImplTest.java
index d34d24a..3d4d311 100644
--- a/src/test/java/org/apache/pulsar/manager/dao/UsersRepositoryImplTest.java
+++ b/src/test/java/org/apache/pulsar/manager/dao/UsersRepositoryImplTest.java
@@ -102,4 +102,16 @@
userInfoEntityOptional = usersRepository.findByUserName(userInfoEntity.getName());
Assert.assertFalse(userInfoEntityOptional.isPresent());
}
+
+ @Test
+ public void findUserByAccessTokenTest() {
+ UserInfoEntity userInfoEntity = new UserInfoEntity();
+ initUser(userInfoEntity);
+ usersRepository.save(userInfoEntity);
+ Optional<UserInfoEntity> userInfoEntityOptional = usersRepository.findByAccessToken(
+ userInfoEntity.getAccessToken());
+ UserInfoEntity getUserInfoEntity = userInfoEntityOptional.get();
+ validateUser(getUserInfoEntity, true);
+ usersRepository.delete(userInfoEntity.getName());
+ }
}
diff --git a/src/test/java/org/apache/pulsar/manager/service/RoleBindingServiceImplTest.java b/src/test/java/org/apache/pulsar/manager/service/RoleBindingServiceImplTest.java
new file mode 100644
index 0000000..08e3ac6
--- /dev/null
+++ b/src/test/java/org/apache/pulsar/manager/service/RoleBindingServiceImplTest.java
@@ -0,0 +1,249 @@
+/**
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.pulsar.manager.service;
+
+import org.apache.pulsar.manager.PulsarManagerApplication;
+import org.apache.pulsar.manager.entity.RoleBindingEntity;
+import org.apache.pulsar.manager.entity.RoleBindingRepository;
+import org.apache.pulsar.manager.entity.RoleInfoEntity;
+import org.apache.pulsar.manager.entity.RolesRepository;
+import org.apache.pulsar.manager.entity.TenantEntity;
+import org.apache.pulsar.manager.entity.TenantsRepository;
+import org.apache.pulsar.manager.entity.UserInfoEntity;
+import org.apache.pulsar.manager.entity.UsersRepository;
+import org.apache.pulsar.manager.profiles.HerdDBTestProfile;
+import org.apache.pulsar.manager.utils.HttpUtil;
+import org.apache.pulsar.manager.utils.ResourceType;
+import org.apache.pulsar.manager.utils.ResourceVerbs;
+import org.junit.Assert;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.powermock.core.classloader.annotations.PowerMockIgnore;
+import org.powermock.core.classloader.annotations.PrepareForTest;
+import org.powermock.modules.junit4.PowerMockRunner;
+import org.powermock.modules.junit4.PowerMockRunnerDelegate;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.test.context.ActiveProfiles;
+import org.springframework.test.context.junit4.SpringRunner;
+
+import java.util.List;
+import java.util.Map;
+
+@RunWith(PowerMockRunner.class)
+@PowerMockRunnerDelegate(SpringRunner.class)
+@PowerMockIgnore( {"javax.*", "sun.*", "com.sun.*", "org.xml.*", "org.w3c.*"})
+@PrepareForTest(HttpUtil.class)
+@SpringBootTest(
+ classes = {
+ PulsarManagerApplication.class,
+ HerdDBTestProfile.class
+ }
+)
+@ActiveProfiles("test")
+public class RoleBindingServiceImplTest {
+
+ @Autowired
+ private UsersRepository usersRepository;
+
+ @Autowired
+ private RoleBindingService roleBindingService;
+
+ @Autowired
+ private TenantsRepository tenantsRepository;
+
+ @Autowired
+ private RolesRepository rolesRepository;
+
+ @Autowired
+ private RoleBindingRepository roleBindingRepository;
+
+ @Test
+ public void validateCurrentUserTest() {
+ UserInfoEntity userInfoEntity = new UserInfoEntity();
+ userInfoEntity.setName("test-user");
+ userInfoEntity.setAccessToken("test-access-token");
+ long userId = usersRepository.save(userInfoEntity);
+
+ RoleBindingEntity roleBindingEntity = new RoleBindingEntity();
+
+ Map<String, String> validateErrorUser = roleBindingService.validateCurrentUser(
+ "test-error-access-token", roleBindingEntity);
+ Assert.assertEquals(validateErrorUser.get("error"), "User no exist.");
+
+ TenantEntity tenantEntity = new TenantEntity();
+ tenantEntity.setTenant("test-tenant");
+ tenantEntity.setAdminRoles("test-admin-roles");
+ tenantEntity.setAllowedClusters("test-allowed-clusters");
+ long tenantId = tenantsRepository.save(tenantEntity);
+ RoleInfoEntity roleInfoEntity = new RoleInfoEntity();
+ roleInfoEntity.setRoleName("test-role");
+ roleInfoEntity.setRoleSource("test-tenant");
+ roleInfoEntity.setResourceId(tenantId);
+ roleInfoEntity.setFlag(1);
+ roleInfoEntity.setResourceName("test-tenant-resource");
+ roleInfoEntity.setResourceType(ResourceType.TENANTS.name());
+ roleInfoEntity.setResourceVerbs(ResourceVerbs.ADMIN.name());
+ long roleId = rolesRepository.save(roleInfoEntity);
+ roleBindingEntity.setUserId(userId);
+ roleBindingEntity.setRoleId(roleId);
+ roleBindingEntity.setName("test-role-binding");
+ roleBindingEntity.setDescription("test-role-binding-description");
+ roleBindingRepository.save(roleBindingEntity);
+
+ roleBindingEntity.setRoleId(10);
+ Map<String, String> validateIllegalUser = roleBindingService.validateCurrentUser(
+ "test-access-token", roleBindingEntity);
+ Assert.assertEquals(validateIllegalUser.get("error"), "This operation is illegal for this user");
+
+ roleBindingEntity.setRoleId(roleId);
+ Map<String, String> validateSuccessUser = roleBindingService.validateCurrentUser(
+ "test-access-token", roleBindingEntity);
+ Assert.assertEquals(validateSuccessUser.get("message"), "Validate current user success");
+
+ roleBindingRepository.delete(roleId, userId);
+ rolesRepository.delete("test-role", "test-tenant");
+ tenantsRepository.remove("test-tenant");
+ usersRepository.delete("test-user");
+ }
+
+ @Test
+ public void validateCreateRoleBinding() {
+ UserInfoEntity userInfoEntity = new UserInfoEntity();
+ userInfoEntity.setName("test-user");
+ userInfoEntity.setAccessToken("test-access-token");
+ long userId = usersRepository.save(userInfoEntity);
+
+ RoleBindingEntity roleBindingEntity = new RoleBindingEntity();
+
+ TenantEntity tenantEntity = new TenantEntity();
+ tenantEntity.setTenant("test-tenant");
+ tenantEntity.setAdminRoles("test-admin-roles");
+ tenantEntity.setAllowedClusters("test-allowed-clusters");
+ long tenantId = tenantsRepository.save(tenantEntity);
+ RoleInfoEntity roleInfoEntity = new RoleInfoEntity();
+ roleInfoEntity.setRoleName("test-role");
+ roleInfoEntity.setRoleSource("test-tenant");
+ roleInfoEntity.setResourceId(tenantId);
+ roleInfoEntity.setFlag(1);
+ roleInfoEntity.setResourceName("test-tenant-resource");
+ roleInfoEntity.setResourceType(ResourceType.TENANTS.name());
+ roleInfoEntity.setResourceVerbs(ResourceVerbs.ADMIN.name());
+ long roleId = rolesRepository.save(roleInfoEntity);
+ roleBindingEntity.setUserId(userId);
+ roleBindingEntity.setRoleId(roleId);
+ roleBindingEntity.setName("test-role-binding");
+ roleBindingEntity.setDescription("test-role-binding-description");
+ roleBindingRepository.save(roleBindingEntity);
+
+ Map<String, Object> validateErrorUser = roleBindingService.validateCreateRoleBinding(
+ "test-error-access-token", "test-error-tenant",
+ "test-role-name", "test-user-name");
+ Assert.assertEquals(validateErrorUser.get("error"), "The user is not exist");
+
+ Map<String, Object> validateErrorRoleName = roleBindingService.validateCreateRoleBinding(
+ "test-access-token", "test-tenant",
+ "test-error-role", "test-user");
+ Assert.assertEquals(validateErrorRoleName.get("error"), "This role is no exist");
+
+ RoleInfoEntity testRoleInfoEntity = new RoleInfoEntity();
+ testRoleInfoEntity.setRoleName("test-no-binding-role");
+ testRoleInfoEntity.setRoleSource("test-tenant");
+ testRoleInfoEntity.setResourceId(tenantId);
+ testRoleInfoEntity.setFlag(1);
+ testRoleInfoEntity.setResourceName("test-no-binding-tenant-resource");
+ testRoleInfoEntity.setResourceType(ResourceType.TENANTS.name());
+ testRoleInfoEntity.setResourceVerbs(ResourceVerbs.ADMIN.name());
+ rolesRepository.save(testRoleInfoEntity);
+
+ TenantEntity testNoBindingTenantEntity = new TenantEntity();
+ testNoBindingTenantEntity.setTenant("test-no-binding-tenant");
+ testNoBindingTenantEntity.setAdminRoles("test-admin-roles");
+ testNoBindingTenantEntity.setAllowedClusters("test-allowed-clusters");
+ long testNoBindingTenantId = tenantsRepository.save(tenantEntity);
+ RoleInfoEntity testNoBindingRoleInfoEntity = new RoleInfoEntity();
+ testNoBindingRoleInfoEntity.setRoleName("test-no-binding-role");
+ testNoBindingRoleInfoEntity.setRoleSource("test-no-binding-tenant");
+ testNoBindingRoleInfoEntity.setResourceId(testNoBindingTenantId);
+ testNoBindingRoleInfoEntity.setFlag(1);
+ testNoBindingRoleInfoEntity.setResourceName("test-no-binding-tenant-resource");
+ testNoBindingRoleInfoEntity.setResourceType(ResourceType.TENANTS.name());
+ testNoBindingRoleInfoEntity.setResourceVerbs(ResourceVerbs.ADMIN.name());
+ rolesRepository.save(testNoBindingRoleInfoEntity);
+
+ Map<String, Object> validateBindingRole = roleBindingService.validateCreateRoleBinding(
+ "test-access-token", "test-tenant",
+ "test-role", "test-user");
+ Assert.assertEquals(validateBindingRole.get("error"), "Role binding already exist");
+
+ Map<String, Object> validateCreateRoleBinding = roleBindingService.validateCreateRoleBinding(
+ "test-access-token", "test-tenant",
+ "test-no-binding-role", "test-user");
+ Assert.assertEquals(validateCreateRoleBinding.get("message"), "Validate create role success");
+
+ roleBindingRepository.delete(roleId, userId);
+ rolesRepository.delete("test-role", "test-tenant");
+ rolesRepository.delete("test-no-binding-role", "test-no-binding-tenant");
+ rolesRepository.delete("test-no-binding-role", "test-tenant");
+ tenantsRepository.remove("test-tenant");
+ tenantsRepository.remove("test-no-binding-tenant");
+ usersRepository.delete("test-user");
+ }
+
+ @Test
+ public void getRoleBindingList() {
+ UserInfoEntity userInfoEntity = new UserInfoEntity();
+ userInfoEntity.setName("test-user-binding");
+ userInfoEntity.setAccessToken("test-access-token-binding");
+ long userId = usersRepository.save(userInfoEntity);
+
+ RoleBindingEntity roleBindingEntity = new RoleBindingEntity();
+
+ TenantEntity tenantEntity = new TenantEntity();
+ tenantEntity.setTenant("test-tenant-binding");
+ tenantEntity.setAdminRoles("test-admin-roles");
+ tenantEntity.setAllowedClusters("test-allowed-clusters");
+ long tenantId = tenantsRepository.save(tenantEntity);
+ RoleInfoEntity roleInfoEntity = new RoleInfoEntity();
+ roleInfoEntity.setRoleName("test-role-binding");
+ roleInfoEntity.setRoleSource("test-tenant-binding");
+ roleInfoEntity.setResourceId(tenantId);
+ roleInfoEntity.setFlag(1);
+ roleInfoEntity.setResourceName("test-tenant-resource");
+ roleInfoEntity.setResourceType(ResourceType.TENANTS.name());
+ roleInfoEntity.setResourceVerbs(ResourceVerbs.ADMIN.name());
+ long roleId = rolesRepository.save(roleInfoEntity);
+ roleBindingEntity.setUserId(userId);
+ roleBindingEntity.setRoleId(roleId);
+ roleBindingEntity.setName("test-role-binding");
+ roleBindingEntity.setDescription("test-role-binding-description");
+ roleBindingRepository.save(roleBindingEntity);
+
+ List<Map<String, Object>> roleBindingMap = roleBindingService.getRoleBindingList(
+ "test-access-token-binding", "test-tenant-binding");
+ for (Map<String, Object> stringObjectMap : roleBindingMap) {
+ Assert.assertEquals(stringObjectMap.get("name"), "test-role-binding");
+ Assert.assertEquals(stringObjectMap.get("userId"), userId);
+ Assert.assertEquals(stringObjectMap.get("userName"), "test-user-binding");
+ Assert.assertEquals(stringObjectMap.get("roleId"), roleId);
+ Assert.assertEquals(stringObjectMap.get("roleName"), "test-role-binding");
+ Assert.assertEquals(stringObjectMap.get("description"), "test-role-binding-description");
+ }
+
+ roleBindingRepository.delete(roleId, userId);
+ rolesRepository.delete("test-role-binding", "test-tenant-binding");
+ tenantsRepository.remove("test-tenant-binding");
+ usersRepository.delete("test-user-binding");
+ }
+}
diff --git a/src/test/java/org/apache/pulsar/manager/service/RolesServiceImplTest.java b/src/test/java/org/apache/pulsar/manager/service/RolesServiceImplTest.java
index bc3972c..dc6b8dc 100644
--- a/src/test/java/org/apache/pulsar/manager/service/RolesServiceImplTest.java
+++ b/src/test/java/org/apache/pulsar/manager/service/RolesServiceImplTest.java
@@ -14,10 +14,16 @@
package org.apache.pulsar.manager.service;
import org.apache.pulsar.manager.PulsarManagerApplication;
-import org.apache.pulsar.manager.entity.EnvironmentsRepository;
+import org.apache.pulsar.manager.entity.NamespaceEntity;
+import org.apache.pulsar.manager.entity.NamespacesRepository;
+import org.apache.pulsar.manager.entity.RoleBindingEntity;
+import org.apache.pulsar.manager.entity.RoleBindingRepository;
import org.apache.pulsar.manager.entity.RoleInfoEntity;
import org.apache.pulsar.manager.entity.RolesRepository;
+import org.apache.pulsar.manager.entity.TenantEntity;
import org.apache.pulsar.manager.entity.TenantsRepository;
+import org.apache.pulsar.manager.entity.UserInfoEntity;
+import org.apache.pulsar.manager.entity.UsersRepository;
import org.apache.pulsar.manager.profiles.HerdDBTestProfile;
import org.apache.pulsar.manager.utils.HttpUtil;
import org.apache.pulsar.manager.utils.ResourceType;
@@ -52,10 +58,72 @@
@Autowired
private RolesService rolesService;
+ @Autowired
+ private UsersRepository usersRepository;
+
+ @Autowired
+ private TenantsRepository tenantsRepository;
+
+ @Autowired
+ private RolesRepository rolesRepository;
+
+ @Autowired
+ private RoleBindingRepository roleBindingRepository;
+
+ @Autowired
+ private NamespacesRepository namespacesRepository;
+
@Test
public void validateRoleInfoEntityTest() {
RoleInfoEntity roleInfoEntity = new RoleInfoEntity();
+ Map<String, String> roleNameIsEmpty = rolesService.validateRoleInfoEntity(roleInfoEntity);
+ Assert.assertEquals(roleNameIsEmpty.get("error"), "Role name cannot be empty");
+
+ roleInfoEntity.setRoleName("------");
+
+ Map<String, String> resourceNameIsEmpty = rolesService.validateRoleInfoEntity(roleInfoEntity);
+ Assert.assertEquals(resourceNameIsEmpty.get("error"), "Resource name cannot be empty");
+
+ roleInfoEntity.setResourceName("===========");
+
+ Map<String, String> roleNameIsIllegal = rolesService.validateRoleInfoEntity(roleInfoEntity);
+ Assert.assertEquals(roleNameIsIllegal.get("error"), "Role name is illegal");
+
+ roleInfoEntity.setRoleName("testRoleName");
+
+ Map<String, String> resourceNameIsIllegal = rolesService.validateRoleInfoEntity(roleInfoEntity);
+ Assert.assertEquals(resourceNameIsIllegal.get("error"), "Resource Name is illegal");
+
+ roleInfoEntity.setResourceName("testResourceName");
+
+ roleInfoEntity.setResourceType("test-resourceType");
+ Map<String, String> resourceTypeIsIllegal = rolesService.validateRoleInfoEntity(roleInfoEntity);
+ Assert.assertEquals(resourceTypeIsIllegal.get("error"), "Resource type is illegal");
+
+ roleInfoEntity.setResourceId(10);
+ roleInfoEntity.setResourceType(ResourceType.TENANTS.name());
+ Map<String, String> resourceNoExist = rolesService.validateRoleInfoEntity(roleInfoEntity);
+ Assert.assertEquals(resourceNoExist.get("error"), "Tenant no exist, please check");
+
+ TenantEntity tenantEntity = new TenantEntity();
+ tenantEntity.setTenant("test-tenant");
+ tenantEntity.setAdminRoles("test-admin-roles");
+ tenantEntity.setAllowedClusters("test-allowed-clusters");
+ long tenantId = tenantsRepository.save(tenantEntity);
+ roleInfoEntity.setResourceId(tenantId);
+
+ roleInfoEntity.setResourceId(20);
+ roleInfoEntity.setResourceType(ResourceType.NAMESPACES.name());
+ Map<String, String> namespaceNoExist = rolesService.validateRoleInfoEntity(roleInfoEntity);
+ Assert.assertEquals(namespaceNoExist.get("error"), "Namespace no exist, please check");
+
+ NamespaceEntity namespaceEntity = new NamespaceEntity();
+ namespaceEntity.setTenant("test-tenant");
+ namespaceEntity.setNamespace("test-namespace");
+ long namespaceId = namespacesRepository.save(namespaceEntity);
+ roleInfoEntity.setResourceId(namespaceId);
+
roleInfoEntity.setResourceVerbs("xxxx");
Map<String, String> stringMapVerbs = rolesService.validateRoleInfoEntity(roleInfoEntity);
Assert.assertTrue(stringMapVerbs.get("error").startsWith("Verb"));
@@ -76,4 +144,46 @@
Map<String, String> stringMapAll = rolesService.validateRoleInfoEntity(roleInfoEntity);
Assert.assertEquals(stringMapAll.get("message"), "Role validate success");
}
+
+ @Test
+ public void validateCurrentTenantTest() {
+ UserInfoEntity userInfoEntity = new UserInfoEntity();
+ userInfoEntity.setName("test-user");
+ userInfoEntity.setAccessToken("test-access-token");
+ long userId = usersRepository.save(userInfoEntity);
+
+ Map<String, String> currentTenantValidateUser = rolesService.validateCurrentTenant(
+ "test-error-access-token", "test-tenant");
+ Assert.assertEquals(currentTenantValidateUser.get("error"), "User no exist.");
+
+ TenantEntity tenantEntity = new TenantEntity();
+ tenantEntity.setTenant("test-tenant");
+ tenantEntity.setAdminRoles("test-admin-roles");
+ tenantEntity.setAllowedClusters("test-allowed-clusters");
+ long tenantId = tenantsRepository.save(tenantEntity);
+ RoleInfoEntity roleInfoEntity = new RoleInfoEntity();
+ roleInfoEntity.setRoleName("test-role");
+ roleInfoEntity.setRoleSource("test-tenant");
+ roleInfoEntity.setResourceId(tenantId);
+ roleInfoEntity.setFlag(1);
+ roleInfoEntity.setResourceName("test-tenant-resource");
+ roleInfoEntity.setResourceType(ResourceType.TENANTS.name());
+ roleInfoEntity.setResourceVerbs(ResourceVerbs.ADMIN.name());
+ long roleId = rolesRepository.save(roleInfoEntity);
+
+ RoleBindingEntity roleBindingEntity = new RoleBindingEntity();
+ roleBindingEntity.setDescription("This is role binding description");
+ roleBindingEntity.setUserId(userId);
+ roleBindingEntity.setRoleId(roleId);
+ roleBindingEntity.setName("test-role-binding");
+ roleBindingRepository.save(roleBindingEntity);
+
+ Map<String, String> currentTenantValidateErrorTenant = rolesService.validateCurrentTenant(
+ "test-access-token", "test-error-tenant");
+ Assert.assertEquals(currentTenantValidateErrorTenant.get("error"), "This user no include this tenant");
+
+ Map<String, String> currentTenantValidateSuccess = rolesService.validateCurrentTenant(
+ "test-access-token", "test-tenant");
+ Assert.assertEquals(currentTenantValidateSuccess.get("message"), "Validate tenant success");
+ }
}
