Skip to content

A
apollo
Commit cefdda6d authored by anthonywanted's avatar anthonywanted Committed by nobodyiam
Browse files
Options

实现了权限精确到环境

parent a6563b81
Show whitespace changes
Inline Side-by-side
Showing with 752 additions and 215 deletions
apollo-portal/src/main/java/com/ctrip/framework/apollo/openapi/auth/ConsumerPermissionValidator.java
View file @ cefdda6d
...@@ -27,7 +27,7 @@ public class ConsumerPermissionValidator { ...@@ -27,7 +27,7 @@ public class ConsumerPermissionValidator {
} }
return permissionService.consumerHasPermission(consumerAuthUtil.retrieveConsumerId(request), return permissionService.consumerHasPermission(consumerAuthUtil.retrieveConsumerId(request),
PermissionType.MODIFY_NAMESPACE, PermissionType.MODIFY_NAMESPACE,
RoleUtils.buildNamespaceTargetId(appId, namespaceName)); RoleUtils.buildNamespaceTargetId(appId, namespaceName, null));
} }
...@@ -38,7 +38,7 @@ public class ConsumerPermissionValidator { ...@@ -38,7 +38,7 @@ public class ConsumerPermissionValidator {
} }
return permissionService.consumerHasPermission(consumerAuthUtil.retrieveConsumerId(request), return permissionService.consumerHasPermission(consumerAuthUtil.retrieveConsumerId(request),
PermissionType.RELEASE_NAMESPACE, PermissionType.RELEASE_NAMESPACE,
RoleUtils.buildNamespaceTargetId(appId, namespaceName)); RoleUtils.buildNamespaceTargetId(appId, namespaceName, null));
} }
......
apollo-portal/src/main/java/com/ctrip/framework/apollo/openapi/service/ConsumerService.java
View file @ cefdda6d
...@@ -113,16 +113,16 @@ public class ConsumerService { ...@@ -113,16 +113,16 @@ public class ConsumerService {
} }
@Transactional @Transactional
public List<ConsumerRole> assignNamespaceRoleToConsumer(String token, String appId, String namespaceName) { public List<ConsumerRole> assignNamespaceRoleToConsumer(String token, String appId, String namespaceName, String env) {
Long consumerId = getConsumerIdByToken(token); Long consumerId = getConsumerIdByToken(token);
if (consumerId == null) { if (consumerId == null) {
throw new BadRequestException("Token is Illegal"); throw new BadRequestException("Token is Illegal");
} }
Role namespaceModifyRole = Role namespaceModifyRole =
rolePermissionService.findRoleByRoleName(RoleUtils.buildModifyNamespaceRoleName(appId, namespaceName)); rolePermissionService.findRoleByRoleName(RoleUtils.buildModifyNamespaceRoleName(appId, namespaceName, env));
Role namespaceReleaseRole = Role namespaceReleaseRole =
rolePermissionService.findRoleByRoleName(RoleUtils.buildReleaseNamespaceRoleName(appId, namespaceName)); rolePermissionService.findRoleByRoleName(RoleUtils.buildReleaseNamespaceRoleName(appId, namespaceName, env));
if (namespaceModifyRole == null || namespaceReleaseRole == null) { if (namespaceModifyRole == null || namespaceReleaseRole == null) {
throw new BadRequestException("Namespace's role does not exist. Please check whether namespace has created."); throw new BadRequestException("Namespace's role does not exist. Please check whether namespace has created.");
......
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/component/PermissionValidator.java
View file @ cefdda6d
...@@ -20,24 +20,24 @@ public class PermissionValidator { ...@@ -20,24 +20,24 @@ public class PermissionValidator {
@Autowired @Autowired
private PortalConfig portalConfig; private PortalConfig portalConfig;
public boolean hasModifyNamespacePermission(String appId, String namespaceName) { public boolean hasModifyNamespacePermission(String appId, String namespaceName, String env) {
return rolePermissionService.userHasPermission(userInfoHolder.getUser().getUserId(), return rolePermissionService.userHasPermission(userInfoHolder.getUser().getUserId(),
PermissionType.MODIFY_NAMESPACE, PermissionType.MODIFY_NAMESPACE,
RoleUtils.buildNamespaceTargetId(appId, namespaceName)); RoleUtils.buildNamespaceTargetId(appId, namespaceName, env));
} }
public boolean hasReleaseNamespacePermission(String appId, String namespaceName) { public boolean hasReleaseNamespacePermission(String appId, String namespaceName, String env) {
return rolePermissionService.userHasPermission(userInfoHolder.getUser().getUserId(), return rolePermissionService.userHasPermission(userInfoHolder.getUser().getUserId(),
PermissionType.RELEASE_NAMESPACE, PermissionType.RELEASE_NAMESPACE,
RoleUtils.buildNamespaceTargetId(appId, namespaceName)); RoleUtils.buildNamespaceTargetId(appId, namespaceName, env));
} }
public boolean hasDeleteNamespacePermission(String appId) { public boolean hasDeleteNamespacePermission(String appId) {
return hasAssignRolePermission(appId) || isSuperAdmin(); return hasAssignRolePermission(appId) || isSuperAdmin();
} }
public boolean hasOperateNamespacePermission(String appId, String namespaceName) { public boolean hasOperateNamespacePermission(String appId, String namespaceName, String env) {
return hasModifyNamespacePermission(appId, namespaceName) || hasReleaseNamespacePermission(appId, namespaceName); return hasModifyNamespacePermission(appId, namespaceName, env) || hasReleaseNamespacePermission(appId, namespaceName, env);
} }
public boolean hasAssignRolePermission(String appId) { public boolean hasAssignRolePermission(String appId) {
...@@ -77,4 +77,8 @@ public class PermissionValidator { ...@@ -77,4 +77,8 @@ public class PermissionValidator {
public boolean isSuperAdmin() { public boolean isSuperAdmin() {
return rolePermissionService.isSuperAdmin(userInfoHolder.getUser().getUserId()); return rolePermissionService.isSuperAdmin(userInfoHolder.getUser().getUserId());
} }
public boolean alwaysTrue() {
return true;
}
} }
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/component/emailbuilder/ConfigPublishEmailBuilder.java
View file @ cefdda6d
...@@ -104,7 +104,7 @@ public abstract class ConfigPublishEmailBuilder { ...@@ -104,7 +104,7 @@ public abstract class ConfigPublishEmailBuilder {
email.setSubject(subject()); email.setSubject(subject());
email.setSenderEmailAddress(portalConfig.emailSender()); email.setSenderEmailAddress(portalConfig.emailSender());
email.setRecipients(recipients(releaseHistory.getAppId(), releaseHistory.getNamespaceName())); email.setRecipients(recipients(releaseHistory.getAppId(), releaseHistory.getNamespaceName(), env.toString()));
String emailBody = emailContent(env, releaseHistory); String emailBody = emailContent(env, releaseHistory);
//clear not used module //clear not used module
...@@ -208,13 +208,19 @@ public abstract class ConfigPublishEmailBuilder { ...@@ -208,13 +208,19 @@ public abstract class ConfigPublishEmailBuilder {
return releaseService.compare(env, releaseHistory.getPreviousReleaseId(), releaseHistory.getReleaseId()); return releaseService.compare(env, releaseHistory.getPreviousReleaseId(), releaseHistory.getReleaseId());
} }
private List<String> recipients(String appId, String namespaceName) { private List<String> recipients(String appId, String namespaceName, String env) {
Set<UserInfo> modifyRoleUsers = Set<UserInfo> modifyRoleUsers =
rolePermissionService rolePermissionService
.queryUsersWithRole(RoleUtils.buildNamespaceRoleName(appId, namespaceName, RoleType.MODIFY_NAMESPACE)); .queryUsersWithRole(RoleUtils.buildNamespaceRoleName(appId, namespaceName, RoleType.MODIFY_NAMESPACE, null));
Set<UserInfo> envModifyRoleUsers =
rolePermissionService
.queryUsersWithRole(RoleUtils.buildNamespaceRoleName(appId, namespaceName, RoleType.MODIFY_NAMESPACE, env));
Set<UserInfo> releaseRoleUsers = Set<UserInfo> releaseRoleUsers =
rolePermissionService rolePermissionService
.queryUsersWithRole(RoleUtils.buildNamespaceRoleName(appId, namespaceName, RoleType.RELEASE_NAMESPACE)); .queryUsersWithRole(RoleUtils.buildNamespaceRoleName(appId, namespaceName, RoleType.RELEASE_NAMESPACE, null));
Set<UserInfo> envReleaseRoleUsers =
rolePermissionService
.queryUsersWithRole(RoleUtils.buildNamespaceRoleName(appId, namespaceName, RoleType.RELEASE_NAMESPACE, env));
Set<UserInfo> owners = rolePermissionService.queryUsersWithRole(RoleUtils.buildAppMasterRoleName(appId)); Set<UserInfo> owners = rolePermissionService.queryUsersWithRole(RoleUtils.buildAppMasterRoleName(appId));
Set<String> userIds = new HashSet<>(modifyRoleUsers.size() + releaseRoleUsers.size() + owners.size()); Set<String> userIds = new HashSet<>(modifyRoleUsers.size() + releaseRoleUsers.size() + owners.size());
...@@ -223,10 +229,18 @@ public abstract class ConfigPublishEmailBuilder { ...@@ -223,10 +229,18 @@ public abstract class ConfigPublishEmailBuilder {
userIds.add(userInfo.getUserId()); userIds.add(userInfo.getUserId());
} }
for (UserInfo userInfo : envModifyRoleUsers) {
userIds.add(userInfo.getUserId());
}
for (UserInfo userInfo : releaseRoleUsers) { for (UserInfo userInfo : releaseRoleUsers) {
userIds.add(userInfo.getUserId()); userIds.add(userInfo.getUserId());
} }
for (UserInfo userInfo : envReleaseRoleUsers) {
userIds.add(userInfo.getUserId());
}
for (UserInfo userInfo : owners) { for (UserInfo userInfo : owners) {
userIds.add(userInfo.getUserId()); userIds.add(userInfo.getUserId());
} }
......
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/controller/AppController.java
View file @ cefdda6d
package com.ctrip.framework.apollo.portal.controller; package com.ctrip.framework.apollo.portal.controller;
import com.ctrip.framework.apollo.core.ConfigConsts;
import com.ctrip.framework.apollo.portal.service.RoleInitializationService;
import com.ctrip.framework.apollo.common.entity.App; import com.ctrip.framework.apollo.common.entity.App;
import com.ctrip.framework.apollo.common.exception.BadRequestException; import com.ctrip.framework.apollo.common.exception.BadRequestException;
import com.ctrip.framework.apollo.common.http.MultiResponseEntity; import com.ctrip.framework.apollo.common.http.MultiResponseEntity;
...@@ -53,6 +56,8 @@ public class AppController { ...@@ -53,6 +56,8 @@ public class AppController {
private ApplicationEventPublisher publisher; private ApplicationEventPublisher publisher;
@Autowired @Autowired
private RolePermissionService rolePermissionService; private RolePermissionService rolePermissionService;
@Autowired
private RoleInitializationService roleInitializationService;
@RequestMapping(value = "", method = RequestMethod.GET) @RequestMapping(value = "", method = RequestMethod.GET)
public List<App> findApps(@RequestParam(value = "appIds", required = false) String appIds) { public List<App> findApps(@RequestParam(value = "appIds", required = false) String appIds) {
...@@ -132,6 +137,8 @@ public class AppController { ...@@ -132,6 +137,8 @@ public class AppController {
appService.createAppInRemote(Env.valueOf(env), app); appService.createAppInRemote(Env.valueOf(env), app);
roleInitializationService.initNamespaceSpecificEnvRoles(app.getAppId(), ConfigConsts.NAMESPACE_APPLICATION, env, userInfoHolder.getUser().getUserId());
return ResponseEntity.ok().build(); return ResponseEntity.ok().build();
} }
......
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/controller/ConsumerController.java
View file @ cefdda6d
...@@ -2,6 +2,7 @@ package com.ctrip.framework.apollo.portal.controller; ...@@ -2,6 +2,7 @@ package com.ctrip.framework.apollo.portal.controller;
import com.ctrip.framework.apollo.common.dto.NamespaceDTO; import com.ctrip.framework.apollo.common.dto.NamespaceDTO;
import com.ctrip.framework.apollo.common.exception.BadRequestException; import com.ctrip.framework.apollo.common.exception.BadRequestException;
import com.ctrip.framework.apollo.core.enums.EnvUtils;
import com.ctrip.framework.apollo.core.utils.StringUtils; import com.ctrip.framework.apollo.core.utils.StringUtils;
import com.ctrip.framework.apollo.openapi.entity.Consumer; import com.ctrip.framework.apollo.openapi.entity.Consumer;
import com.ctrip.framework.apollo.openapi.entity.ConsumerRole; import com.ctrip.framework.apollo.openapi.entity.ConsumerRole;
...@@ -19,12 +20,7 @@ import org.springframework.web.bind.annotation.RequestMethod; ...@@ -19,12 +20,7 @@ import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController; import org.springframework.web.bind.annotation.RestController;
import java.util.Calendar; import java.util.*;
import java.util.Collections;
import java.util.Date;
import java.util.GregorianCalendar;
import java.util.List;
import java.util.Objects;
/** /**
* @author Jason Song(song_s@ctrip.com) * @author Jason Song(song_s@ctrip.com)
...@@ -69,6 +65,7 @@ public class ConsumerController { ...@@ -69,6 +65,7 @@ public class ConsumerController {
@RequestMapping(value = "/consumers/{token}/assign-role", method = RequestMethod.POST) @RequestMapping(value = "/consumers/{token}/assign-role", method = RequestMethod.POST)
public List<ConsumerRole> assignNamespaceRoleToConsumer(@PathVariable String token, public List<ConsumerRole> assignNamespaceRoleToConsumer(@PathVariable String token,
@RequestParam String type, @RequestParam String type,
@RequestParam(required = false) String envs,
@RequestBody NamespaceDTO namespace) { @RequestBody NamespaceDTO namespace) {
String appId = namespace.getAppId(); String appId = namespace.getAppId();
...@@ -77,14 +74,29 @@ public class ConsumerController { ...@@ -77,14 +74,29 @@ public class ConsumerController {
if (StringUtils.isEmpty(appId)) { if (StringUtils.isEmpty(appId)) {
throw new BadRequestException("Params(AppId) can not be empty."); throw new BadRequestException("Params(AppId) can not be empty.");
} }
if (Objects.equals("AppRole", type)) { if (Objects.equals("AppRole", type)) {
return Collections.singletonList(consumerService.assignAppRoleToConsumer(token, appId)); return Collections.singletonList(consumerService.assignAppRoleToConsumer(token, appId));
} else { } else {
if (StringUtils.isEmpty(namespaceName)) { if (StringUtils.isEmpty(namespaceName)) {
throw new BadRequestException("Params(NamespaceName) can not be empty."); throw new BadRequestException("Params(NamespaceName) can not be empty.");
} }
return consumerService.assignNamespaceRoleToConsumer(token, appId, namespaceName); if (null != envs){
String[] envList = envs.split(",");
// validate env parameter
for (String env : envList) {
if (null != env && !"".equals(env) && null == EnvUtils.transformEnv(env)) {
throw new BadRequestException(String.format("env: %s is illegal", env));
}
}
List<ConsumerRole> consumeRoles = new ArrayList<>();
for (String env : envList) {
consumeRoles.addAll(consumerService.assignNamespaceRoleToConsumer(token, appId, namespaceName, env));
}
return consumeRoles;
}
return consumerService.assignNamespaceRoleToConsumer(token, appId, namespaceName, null);
} }
} }
......
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/controller/ItemController.java
View file @ cefdda6d
...@@ -4,15 +4,18 @@ import com.ctrip.framework.apollo.common.dto.ItemDTO; ...@@ -4,15 +4,18 @@ import com.ctrip.framework.apollo.common.dto.ItemDTO;
import com.ctrip.framework.apollo.common.exception.BadRequestException; import com.ctrip.framework.apollo.common.exception.BadRequestException;
import com.ctrip.framework.apollo.core.enums.Env; import com.ctrip.framework.apollo.core.enums.Env;
import com.ctrip.framework.apollo.core.utils.StringUtils; import com.ctrip.framework.apollo.core.utils.StringUtils;
import com.ctrip.framework.apollo.portal.component.PermissionValidator;
import com.ctrip.framework.apollo.portal.entity.model.NamespaceSyncModel; import com.ctrip.framework.apollo.portal.entity.model.NamespaceSyncModel;
import com.ctrip.framework.apollo.portal.entity.model.NamespaceTextModel; import com.ctrip.framework.apollo.portal.entity.model.NamespaceTextModel;
import com.ctrip.framework.apollo.portal.entity.vo.ItemDiffs; import com.ctrip.framework.apollo.portal.entity.vo.ItemDiffs;
import com.ctrip.framework.apollo.portal.entity.vo.NamespaceIdentifier;
import com.ctrip.framework.apollo.portal.service.ItemService; import com.ctrip.framework.apollo.portal.service.ItemService;
import com.ctrip.framework.apollo.portal.spi.UserInfoHolder; import com.ctrip.framework.apollo.portal.spi.UserInfoHolder;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus; import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity; import org.springframework.http.ResponseEntity;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestBody;
...@@ -34,8 +37,10 @@ public class ItemController { ...@@ -34,8 +37,10 @@ public class ItemController {
private ItemService configService; private ItemService configService;
@Autowired @Autowired
private UserInfoHolder userInfoHolder; private UserInfoHolder userInfoHolder;
@Autowired
private PermissionValidator permissionValidator;
@PreAuthorize(value = "@permissionValidator.hasModifyNamespacePermission(#appId, #namespaceName)") @PreAuthorize(value = "@permissionValidator.hasModifyNamespacePermission(#appId, #namespaceName, null) || @permissionValidator.hasModifyNamespacePermission(#appId, #namespaceName, #env)")
@RequestMapping(value = "/apps/{appId}/envs/{env}/clusters/{clusterName}/namespaces/{namespaceName}/items", method = RequestMethod.PUT, consumes = { @RequestMapping(value = "/apps/{appId}/envs/{env}/clusters/{clusterName}/namespaces/{namespaceName}/items", method = RequestMethod.PUT, consumes = {
"application/json"}) "application/json"})
public void modifyItemsByText(@PathVariable String appId, @PathVariable String env, public void modifyItemsByText(@PathVariable String appId, @PathVariable String env,
...@@ -52,7 +57,7 @@ public class ItemController { ...@@ -52,7 +57,7 @@ public class ItemController {
configService.updateConfigItemByText(model); configService.updateConfigItemByText(model);
} }
@PreAuthorize(value = "@permissionValidator.hasModifyNamespacePermission(#appId, #namespaceName)") @PreAuthorize(value = "@permissionValidator.hasModifyNamespacePermission(#appId, #namespaceName, null) || @permissionValidator.hasModifyNamespacePermission(#appId, #namespaceName, #env)")
@RequestMapping(value = "/apps/{appId}/envs/{env}/clusters/{clusterName}/namespaces/{namespaceName}/item", method = RequestMethod.POST) @RequestMapping(value = "/apps/{appId}/envs/{env}/clusters/{clusterName}/namespaces/{namespaceName}/item", method = RequestMethod.POST)
public ItemDTO createItem(@PathVariable String appId, @PathVariable String env, public ItemDTO createItem(@PathVariable String appId, @PathVariable String env,
@PathVariable String clusterName, @PathVariable String namespaceName, @PathVariable String clusterName, @PathVariable String namespaceName,
...@@ -71,7 +76,7 @@ public class ItemController { ...@@ -71,7 +76,7 @@ public class ItemController {
return configService.createItem(appId, Env.valueOf(env), clusterName, namespaceName, item); return configService.createItem(appId, Env.valueOf(env), clusterName, namespaceName, item);
} }
@PreAuthorize(value = "@permissionValidator.hasModifyNamespacePermission(#appId, #namespaceName)") @PreAuthorize(value = "@permissionValidator.hasModifyNamespacePermission(#appId, #namespaceName, null) || @permissionValidator.hasModifyNamespacePermission(#appId, #namespaceName, #env)")
@RequestMapping(value = "/apps/{appId}/envs/{env}/clusters/{clusterName}/namespaces/{namespaceName}/item", method = RequestMethod.PUT) @RequestMapping(value = "/apps/{appId}/envs/{env}/clusters/{clusterName}/namespaces/{namespaceName}/item", method = RequestMethod.PUT)
public void updateItem(@PathVariable String appId, @PathVariable String env, public void updateItem(@PathVariable String appId, @PathVariable String env,
@PathVariable String clusterName, @PathVariable String namespaceName, @PathVariable String clusterName, @PathVariable String namespaceName,
...@@ -85,7 +90,7 @@ public class ItemController { ...@@ -85,7 +90,7 @@ public class ItemController {
} }
@PreAuthorize(value = "@permissionValidator.hasModifyNamespacePermission(#appId, #namespaceName)") @PreAuthorize(value = "@permissionValidator.hasModifyNamespacePermission(#appId, #namespaceName, null) || @permissionValidator.hasModifyNamespacePermission(#appId, #namespaceName, #env) ")
@RequestMapping(value = "/apps/{appId}/envs/{env}/clusters/{clusterName}/namespaces/{namespaceName}/items/{itemId}", method = RequestMethod.DELETE) @RequestMapping(value = "/apps/{appId}/envs/{env}/clusters/{clusterName}/namespaces/{namespaceName}/items/{itemId}", method = RequestMethod.DELETE)
public void deleteItem(@PathVariable String appId, @PathVariable String env, public void deleteItem(@PathVariable String appId, @PathVariable String env,
@PathVariable String clusterName, @PathVariable String namespaceName, @PathVariable String clusterName, @PathVariable String namespaceName,
...@@ -134,16 +139,35 @@ public class ItemController { ...@@ -134,16 +139,35 @@ public class ItemController {
return configService.compare(model.getSyncToNamespaces(), model.getSyncItems()); return configService.compare(model.getSyncToNamespaces(), model.getSyncItems());
} }
@PreAuthorize(value = "@permissionValidator.hasModifyNamespacePermission(#appId, #namespaceName)") //@PreAuthorize(value = "@permissionValidator.hasModifyNamespacePermission(#appId, #namespaceName)")
@PreAuthorize(value="@permissionValidator.alwaysTrue()")
@RequestMapping(value = "/apps/{appId}/namespaces/{namespaceName}/items", method = RequestMethod.PUT, consumes = { @RequestMapping(value = "/apps/{appId}/namespaces/{namespaceName}/items", method = RequestMethod.PUT, consumes = {
"application/json"}) "application/json"})
public ResponseEntity<Void> update(@PathVariable String appId, @PathVariable String namespaceName, public ResponseEntity update(@PathVariable String appId, @PathVariable String namespaceName,
@RequestBody NamespaceSyncModel model) { @RequestBody NamespaceSyncModel model) {
checkModel(Objects.nonNull(model) && !model.isInvalid()); checkModel(Objects.nonNull(model) && !model.isInvalid());
boolean hasPermission = permissionValidator.hasModifyNamespacePermission(appId, namespaceName, null);
Env envNoPermission = null;
// if uses has ModifyNamespace permission then he has permission
if (!hasPermission) {
// else check if user has every env's ModifyNamespace permission
hasPermission = true;
for (NamespaceIdentifier namespaceIdentifier : model.getSyncToNamespaces()) {
// once user has not one of the env's ModifyNamespace permission, then break the loop
hasPermission &= permissionValidator.hasModifyNamespacePermission(namespaceIdentifier.getAppId(), namespaceIdentifier.getNamespaceName(), namespaceIdentifier.getEnv().toString());
if (!hasPermission) {
envNoPermission = namespaceIdentifier.getEnv();
break;
}
}
}
if (hasPermission) {
configService.syncItems(model.getSyncToNamespaces(), model.getSyncItems()); configService.syncItems(model.getSyncToNamespaces(), model.getSyncItems());
return ResponseEntity.status(HttpStatus.OK).build(); return ResponseEntity.status(HttpStatus.OK).build();
} }
else
throw new AccessDeniedException(String.format("您没有修改环境%s的权限", envNoPermission));
}
private boolean isValidItem(ItemDTO item) { private boolean isValidItem(ItemDTO item) {
return Objects.nonNull(item) && !StringUtils.isContainEmpty(item.getKey()); return Objects.nonNull(item) && !StringUtils.isContainEmpty(item.getKey());
......
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/controller/NamespaceBranchController.java
View file @ cefdda6d
...@@ -46,7 +46,7 @@ public class NamespaceBranchController { ...@@ -46,7 +46,7 @@ public class NamespaceBranchController {
return namespaceBranchService.findBranch(appId, Env.valueOf(env), clusterName, namespaceName); return namespaceBranchService.findBranch(appId, Env.valueOf(env), clusterName, namespaceName);
} }
@PreAuthorize(value = "@permissionValidator.hasModifyNamespacePermission(#appId, #namespaceName)") @PreAuthorize(value = "@permissionValidator.hasModifyNamespacePermission(#appId, #namespaceName, null) || @permissionValidator.hasModifyNamespacePermission(#appId, #namespaceName, #env)")
@RequestMapping(value = "/apps/{appId}/envs/{env}/clusters/{clusterName}/namespaces/{namespaceName}/branches", method = RequestMethod.POST) @RequestMapping(value = "/apps/{appId}/envs/{env}/clusters/{clusterName}/namespaces/{namespaceName}/branches", method = RequestMethod.POST)
public NamespaceDTO createBranch(@PathVariable String appId, public NamespaceDTO createBranch(@PathVariable String appId,
@PathVariable String env, @PathVariable String env,
...@@ -63,8 +63,9 @@ public class NamespaceBranchController { ...@@ -63,8 +63,9 @@ public class NamespaceBranchController {
@PathVariable String namespaceName, @PathVariable String namespaceName,
@PathVariable String branchName) { @PathVariable String branchName) {
boolean canDelete = permissionValidator.hasReleaseNamespacePermission(appId, namespaceName) || boolean canDelete = permissionValidator.hasReleaseNamespacePermission(appId, namespaceName, null) ||
(permissionValidator.hasModifyNamespacePermission(appId, namespaceName) && permissionValidator.hasReleaseNamespacePermission(appId, namespaceName, env) ||
((permissionValidator.hasModifyNamespacePermission(appId, namespaceName, null) || permissionValidator.hasModifyNamespacePermission(appId, namespaceName, env)) &&
releaseService.loadLatestRelease(appId, Env.valueOf(env), branchName, namespaceName) == null); releaseService.loadLatestRelease(appId, Env.valueOf(env), branchName, namespaceName) == null);
...@@ -81,7 +82,7 @@ public class NamespaceBranchController { ...@@ -81,7 +82,7 @@ public class NamespaceBranchController {
@PreAuthorize(value = "@permissionValidator.hasReleaseNamespacePermission(#appId, #namespaceName)") @PreAuthorize(value = "@permissionValidator.hasReleaseNamespacePermission(#appId, #namespaceName, null) || @permissionValidator.hasReleaseNamespacePermission(#appId, #namespaceName, #env)")
@RequestMapping(value = "/apps/{appId}/envs/{env}/clusters/{clusterName}/namespaces/{namespaceName}/branches/{branchName}/merge", method = RequestMethod.POST) @RequestMapping(value = "/apps/{appId}/envs/{env}/clusters/{clusterName}/namespaces/{namespaceName}/branches/{branchName}/merge", method = RequestMethod.POST)
public ReleaseDTO merge(@PathVariable String appId, @PathVariable String env, public ReleaseDTO merge(@PathVariable String appId, @PathVariable String env,
@PathVariable String clusterName, @PathVariable String namespaceName, @PathVariable String clusterName, @PathVariable String namespaceName,
...@@ -120,7 +121,7 @@ public class NamespaceBranchController { ...@@ -120,7 +121,7 @@ public class NamespaceBranchController {
} }
@PreAuthorize(value = "@permissionValidator.hasOperateNamespacePermission(#appId, #namespaceName)") @PreAuthorize(value = "@permissionValidator.hasOperateNamespacePermission(#appId, #namespaceName, null) || @permissionValidator.hasOperateNamespacePermission(#appId, #namespaceName, #env)")
@RequestMapping(value = "/apps/{appId}/envs/{env}/clusters/{clusterName}/namespaces/{namespaceName}/branches/{branchName}/rules", method = RequestMethod.PUT) @RequestMapping(value = "/apps/{appId}/envs/{env}/clusters/{clusterName}/namespaces/{namespaceName}/branches/{branchName}/rules", method = RequestMethod.PUT)
public void updateBranchRules(@PathVariable String appId, @PathVariable String env, public void updateBranchRules(@PathVariable String appId, @PathVariable String env,
@PathVariable String clusterName, @PathVariable String namespaceName, @PathVariable String clusterName, @PathVariable String namespaceName,
......
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/controller/NamespaceController.java
View file @ cefdda6d
...@@ -104,6 +104,7 @@ public class NamespaceController { ...@@ -104,6 +104,7 @@ public class NamespaceController {
String operator = userInfoHolder.getUser().getUserId(); String operator = userInfoHolder.getUser().getUserId();
roleInitializationService.initNamespaceRoles(appId, namespaceName, operator); roleInitializationService.initNamespaceRoles(appId, namespaceName, operator);
roleInitializationService.initNamespaceEnvRoles(appId, namespaceName, operator);
for (NamespaceCreationModel model : models) { for (NamespaceCreationModel model : models) {
NamespaceDTO namespace = model.getNamespace(); NamespaceDTO namespace = model.getNamespace();
...@@ -207,10 +208,10 @@ public class NamespaceController { ...@@ -207,10 +208,10 @@ public class NamespaceController {
String operator = userInfoHolder.getUser().getUserId(); String operator = userInfoHolder.getUser().getUserId();
rolePermissionService rolePermissionService
.assignRoleToUsers(RoleUtils.buildNamespaceRoleName(appId, namespaceName, RoleType.MODIFY_NAMESPACE), .assignRoleToUsers(RoleUtils.buildNamespaceRoleName(appId, namespaceName, RoleType.MODIFY_NAMESPACE, null),
Sets.newHashSet(operator), operator); Sets.newHashSet(operator), operator);
rolePermissionService rolePermissionService
.assignRoleToUsers(RoleUtils.buildNamespaceRoleName(appId, namespaceName, RoleType.RELEASE_NAMESPACE), .assignRoleToUsers(RoleUtils.buildNamespaceRoleName(appId, namespaceName, RoleType.RELEASE_NAMESPACE, null),
Sets.newHashSet(operator), operator); Sets.newHashSet(operator), operator);
} }
} }
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/controller/PermissionController.java
View file @ cefdda6d
package com.ctrip.framework.apollo.portal.controller; package com.ctrip.framework.apollo.portal.controller;
import com.ctrip.framework.apollo.core.enums.Env;
import com.ctrip.framework.apollo.core.enums.EnvUtils;
import com.ctrip.framework.apollo.portal.entity.vo.NamespaceEnvRolesAssignedUsers;
import com.ctrip.framework.apollo.portal.service.RoleInitializationService;
import com.google.common.collect.Sets; import com.google.common.collect.Sets;
import com.ctrip.framework.apollo.common.exception.BadRequestException; import com.ctrip.framework.apollo.common.exception.BadRequestException;
...@@ -37,6 +41,14 @@ public class PermissionController { ...@@ -37,6 +41,14 @@ public class PermissionController {
private RolePermissionService rolePermissionService; private RolePermissionService rolePermissionService;
@Autowired @Autowired
private UserService userService; private UserService userService;
@Autowired
private RoleInitializationService roleInitializationService;
@RequestMapping(value = "/apps/{appId}/initPermission", method = RequestMethod.POST)
public ResponseEntity<Void> initAppPermission(@PathVariable String appId, @RequestBody String namespaceName) {
roleInitializationService.initNamespaceEnvRoles(appId, namespaceName, userInfoHolder.getUser().getUserId());
return ResponseEntity.ok().build();
}
@RequestMapping(value = "/apps/{appId}/permissions/{permissionType}", method = RequestMethod.GET) @RequestMapping(value = "/apps/{appId}/permissions/{permissionType}", method = RequestMethod.GET)
public ResponseEntity<PermissionCondition> hasPermission(@PathVariable String appId, @PathVariable String permissionType) { public ResponseEntity<PermissionCondition> hasPermission(@PathVariable String appId, @PathVariable String permissionType) {
...@@ -55,7 +67,19 @@ public class PermissionController { ...@@ -55,7 +67,19 @@ public class PermissionController {
permissionCondition.setHasPermission( permissionCondition.setHasPermission(
rolePermissionService.userHasPermission(userInfoHolder.getUser().getUserId(), permissionType, rolePermissionService.userHasPermission(userInfoHolder.getUser().getUserId(), permissionType,
RoleUtils.buildNamespaceTargetId(appId, namespaceName))); RoleUtils.buildNamespaceTargetId(appId, namespaceName, null)));
return ResponseEntity.ok().body(permissionCondition);
}
@RequestMapping(value = "/apps/{appId}/envs/{env}/namespaces/{namespaceName}/permissions/{permissionType}", method = RequestMethod.GET)
public ResponseEntity<PermissionCondition> hasPermission(@PathVariable String appId, @PathVariable String env, @PathVariable String namespaceName,
@PathVariable String permissionType) {
PermissionCondition permissionCondition = new PermissionCondition();
permissionCondition.setHasPermission(
rolePermissionService.userHasPermission(userInfoHolder.getUser().getUserId(), permissionType,
RoleUtils.buildNamespaceTargetId(appId, namespaceName, env)));
return ResponseEntity.ok().body(permissionCondition); return ResponseEntity.ok().body(permissionCondition);
} }
...@@ -70,6 +94,72 @@ public class PermissionController { ...@@ -70,6 +94,72 @@ public class PermissionController {
} }
@RequestMapping(value = "/apps/{appId}/envs/{env}/namespaces/{namespaceName}/role_users", method = RequestMethod.GET)
public NamespaceEnvRolesAssignedUsers getNamespaceEnvRoles(@PathVariable String appId, @PathVariable String env, @PathVariable String namespaceName) {
// validate env parameter
if (null == EnvUtils.transformEnv(env)) {
throw new BadRequestException("env is illegal");
}
NamespaceEnvRolesAssignedUsers assignedUsers = new NamespaceEnvRolesAssignedUsers();
assignedUsers.setNamespaceName(namespaceName);
assignedUsers.setAppId(appId);
assignedUsers.setEnv(Env.fromString(env));
Set<UserInfo> releaseNamespaceUsers =
rolePermissionService.queryUsersWithRole(RoleUtils.buildReleaseNamespaceRoleName(appId, namespaceName, env));
assignedUsers.setReleaseRoleUsers(releaseNamespaceUsers);
Set<UserInfo> modifyNamespaceUsers =
rolePermissionService.queryUsersWithRole(RoleUtils.buildModifyNamespaceRoleName(appId, namespaceName, env));
assignedUsers.setModifyRoleUsers(modifyNamespaceUsers);
return assignedUsers;
}
@PreAuthorize(value = "@permissionValidator.hasAssignRolePermission(#appId)")
@RequestMapping(value = "/apps/{appId}/envs/{env}/namespaces/{namespaceName}/roles/{roleType}", method = RequestMethod.POST)
public ResponseEntity<Void> assignNamespaceEnvRoleToUser(@PathVariable String appId, @PathVariable String env, @PathVariable String namespaceName,
@PathVariable String roleType, @RequestBody String user) {
checkUserExists(user);
RequestPrecondition.checkArgumentsNotEmpty(user);
if (!RoleType.isValidRoleType(roleType)) {
throw new BadRequestException("role type is illegal");
}
// validate env parameter
if (null == EnvUtils.transformEnv(env)) {
throw new BadRequestException("env is illegal");
}
Set<String> assignedUser = rolePermissionService.assignRoleToUsers(RoleUtils.buildNamespaceRoleName(appId, namespaceName, roleType, env),
Sets.newHashSet(user), userInfoHolder.getUser().getUserId());
if (CollectionUtils.isEmpty(assignedUser)) {
throw new BadRequestException(user + "已授权");
}
return ResponseEntity.ok().build();
}
@PreAuthorize(value = "@permissionValidator.hasAssignRolePermission(#appId)")
@RequestMapping(value = "/apps/{appId}/envs/{env}/namespaces/{namespaceName}/roles/{roleType}", method = RequestMethod.DELETE)
public ResponseEntity<Void> removeNamespaceEnvRoleFromUser(@PathVariable String appId, @PathVariable String env, @PathVariable String namespaceName,
@PathVariable String roleType, @RequestParam String user) {
RequestPrecondition.checkArgumentsNotEmpty(user);
if (!RoleType.isValidRoleType(roleType)) {
throw new BadRequestException("role type is illegal");
}
// validate env parameter
if (null == EnvUtils.transformEnv(env)) {
throw new BadRequestException("env is illegal");
}
rolePermissionService.removeRoleFromUsers(RoleUtils.buildNamespaceRoleName(appId, namespaceName, roleType, env),
Sets.newHashSet(user), userInfoHolder.getUser().getUserId());
return ResponseEntity.ok().build();
}
@RequestMapping(value = "/apps/{appId}/namespaces/{namespaceName}/role_users", method = RequestMethod.GET) @RequestMapping(value = "/apps/{appId}/namespaces/{namespaceName}/role_users", method = RequestMethod.GET)
public NamespaceRolesAssignedUsers getNamespaceRoles(@PathVariable String appId, @PathVariable String namespaceName) { public NamespaceRolesAssignedUsers getNamespaceRoles(@PathVariable String appId, @PathVariable String namespaceName) {
...@@ -78,11 +168,11 @@ public class PermissionController { ...@@ -78,11 +168,11 @@ public class PermissionController {
assignedUsers.setAppId(appId); assignedUsers.setAppId(appId);
Set<UserInfo> releaseNamespaceUsers = Set<UserInfo> releaseNamespaceUsers =
rolePermissionService.queryUsersWithRole(RoleUtils.buildReleaseNamespaceRoleName(appId, namespaceName)); rolePermissionService.queryUsersWithRole(RoleUtils.buildReleaseNamespaceRoleName(appId, namespaceName, null));
assignedUsers.setReleaseRoleUsers(releaseNamespaceUsers); assignedUsers.setReleaseRoleUsers(releaseNamespaceUsers);
Set<UserInfo> modifyNamespaceUsers = Set<UserInfo> modifyNamespaceUsers =
rolePermissionService.queryUsersWithRole(RoleUtils.buildModifyNamespaceRoleName(appId, namespaceName)); rolePermissionService.queryUsersWithRole(RoleUtils.buildModifyNamespaceRoleName(appId, namespaceName, null));
assignedUsers.setModifyRoleUsers(modifyNamespaceUsers); assignedUsers.setModifyRoleUsers(modifyNamespaceUsers);
return assignedUsers; return assignedUsers;
...@@ -98,7 +188,7 @@ public class PermissionController { ...@@ -98,7 +188,7 @@ public class PermissionController {
if (!RoleType.isValidRoleType(roleType)) { if (!RoleType.isValidRoleType(roleType)) {
throw new BadRequestException("role type is illegal"); throw new BadRequestException("role type is illegal");
} }
Set<String> assignedUser = rolePermissionService.assignRoleToUsers(RoleUtils.buildNamespaceRoleName(appId, namespaceName, roleType), Set<String> assignedUser = rolePermissionService.assignRoleToUsers(RoleUtils.buildNamespaceRoleName(appId, namespaceName, roleType, null),
Sets.newHashSet(user), userInfoHolder.getUser().getUserId()); Sets.newHashSet(user), userInfoHolder.getUser().getUserId());
if (CollectionUtils.isEmpty(assignedUser)) { if (CollectionUtils.isEmpty(assignedUser)) {
throw new BadRequestException(user + "已授权"); throw new BadRequestException(user + "已授权");
...@@ -116,7 +206,7 @@ public class PermissionController { ...@@ -116,7 +206,7 @@ public class PermissionController {
if (!RoleType.isValidRoleType(roleType)) { if (!RoleType.isValidRoleType(roleType)) {
throw new BadRequestException("role type is illegal"); throw new BadRequestException("role type is illegal");
} }
rolePermissionService.removeRoleFromUsers(RoleUtils.buildNamespaceRoleName(appId, namespaceName, roleType), rolePermissionService.removeRoleFromUsers(RoleUtils.buildNamespaceRoleName(appId, namespaceName, roleType, null),
Sets.newHashSet(user), userInfoHolder.getUser().getUserId()); Sets.newHashSet(user), userInfoHolder.getUser().getUserId());
return ResponseEntity.ok().build(); return ResponseEntity.ok().build();
} }
......
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/controller/ReleaseController.java
View file @ cefdda6d
...@@ -36,7 +36,7 @@ public class ReleaseController { ...@@ -36,7 +36,7 @@ public class ReleaseController {
@Autowired @Autowired
private PortalConfig portalConfig; private PortalConfig portalConfig;
@PreAuthorize(value = "@permissionValidator.hasReleaseNamespacePermission(#appId, #namespaceName)") @PreAuthorize(value = "@permissionValidator.hasReleaseNamespacePermission(#appId, #namespaceName, null) || @permissionValidator.hasReleaseNamespacePermission(#appId, #namespaceName, #env)")
@RequestMapping(value = "/apps/{appId}/envs/{env}/clusters/{clusterName}/namespaces/{namespaceName}/releases", method = RequestMethod.POST) @RequestMapping(value = "/apps/{appId}/envs/{env}/clusters/{clusterName}/namespaces/{namespaceName}/releases", method = RequestMethod.POST)
public ReleaseDTO createRelease(@PathVariable String appId, public ReleaseDTO createRelease(@PathVariable String appId,
@PathVariable String env, @PathVariable String clusterName, @PathVariable String env, @PathVariable String clusterName,
...@@ -67,7 +67,7 @@ public class ReleaseController { ...@@ -67,7 +67,7 @@ public class ReleaseController {
return createdRelease; return createdRelease;
} }
@PreAuthorize(value = "@permissionValidator.hasReleaseNamespacePermission(#appId, #namespaceName)") @PreAuthorize(value = "@permissionValidator.hasReleaseNamespacePermission(#appId, #namespaceName, null) || @permissionValidator.hasReleaseNamespacePermission(#appId, #namespaceName, #env)")
@RequestMapping(value = "/apps/{appId}/envs/{env}/clusters/{clusterName}/namespaces/{namespaceName}/branches/{branchName}/releases", @RequestMapping(value = "/apps/{appId}/envs/{env}/clusters/{clusterName}/namespaces/{namespaceName}/branches/{branchName}/releases",
method = RequestMethod.POST) method = RequestMethod.POST)
public ReleaseDTO createGrayRelease(@PathVariable String appId, public ReleaseDTO createGrayRelease(@PathVariable String appId,
......
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/entity/vo/NamespaceEnvRolesAssignedUsers.java 0 → 100644
View file @ cefdda6d
package com.ctrip.framework.apollo.portal.entity.vo;
import com.ctrip.framework.apollo.core.enums.Env;
public class NamespaceEnvRolesAssignedUsers extends NamespaceRolesAssignedUsers {
private Env env;
public Env getEnv() {
return env;
}
public void setEnv(Env env) {
this.env = env;
}
}
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/service/AppNamespaceService.java
View file @ cefdda6d
...@@ -116,6 +116,7 @@ public class AppNamespaceService { ...@@ -116,6 +116,7 @@ public class AppNamespaceService {
AppNamespace createdAppNamespace = appNamespaceRepository.save(appNamespace); AppNamespace createdAppNamespace = appNamespaceRepository.save(appNamespace);
roleInitializationService.initNamespaceRoles(appNamespace.getAppId(), appNamespace.getName(), operator); roleInitializationService.initNamespaceRoles(appNamespace.getAppId(), appNamespace.getName(), operator);
roleInitializationService.initNamespaceEnvRoles(appNamespace.getAppId(), appNamespace.getName(), operator);
return createdAppNamespace; return createdAppNamespace;
} }
......
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/service/RoleInitializationService.java
View file @ cefdda6d
...@@ -8,4 +8,8 @@ public interface RoleInitializationService { ...@@ -8,4 +8,8 @@ public interface RoleInitializationService {
public void initNamespaceRoles(String appId, String namespaceName, String operator); public void initNamespaceRoles(String appId, String namespaceName, String operator);
public void initNamespaceEnvRoles(String appId, String namespaceName, String operator);
public void initNamespaceSpecificEnvRoles(String appId, String namespaceName, String env, String operator);
} }
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/spi/defaultimpl/DefaultRoleInitializationService.java
View file @ cefdda6d
package com.ctrip.framework.apollo.portal.spi.defaultimpl; package com.ctrip.framework.apollo.portal.spi.defaultimpl;
import com.ctrip.framework.apollo.core.enums.Env;
import com.ctrip.framework.apollo.portal.component.config.PortalConfig;
import com.google.common.collect.FluentIterable; import com.google.common.collect.FluentIterable;
import com.google.common.collect.Lists; import com.google.common.collect.Lists;
import com.google.common.collect.Sets; import com.google.common.collect.Sets;
...@@ -18,7 +20,7 @@ import com.ctrip.framework.apollo.portal.util.RoleUtils; ...@@ -18,7 +20,7 @@ import com.ctrip.framework.apollo.portal.util.RoleUtils;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.transaction.annotation.Transactional; import org.springframework.transaction.annotation.Transactional;
import java.util.Set; import java.util.*;
/** /**
* Created by timothy on 2017/4/26. * Created by timothy on 2017/4/26.
...@@ -29,6 +31,8 @@ public class DefaultRoleInitializationService implements RoleInitializationServi ...@@ -29,6 +31,8 @@ public class DefaultRoleInitializationService implements RoleInitializationServi
private UserInfoHolder userInfoHolder; private UserInfoHolder userInfoHolder;
@Autowired @Autowired
private RolePermissionService rolePermissionService; private RolePermissionService rolePermissionService;
@Autowired
private PortalConfig portalConfig;
@Transactional @Transactional
public void initAppRoles(App app) { public void initAppRoles(App app) {
...@@ -50,13 +54,14 @@ public class DefaultRoleInitializationService implements RoleInitializationServi ...@@ -50,13 +54,14 @@ public class DefaultRoleInitializationService implements RoleInitializationServi
operator); operator);
initNamespaceRoles(appId, ConfigConsts.NAMESPACE_APPLICATION, operator); initNamespaceRoles(appId, ConfigConsts.NAMESPACE_APPLICATION, operator);
initNamespaceEnvRoles(appId, ConfigConsts.NAMESPACE_APPLICATION, operator);
//assign modify、release namespace role to user //assign modify、release namespace role to user
rolePermissionService.assignRoleToUsers( rolePermissionService.assignRoleToUsers(
RoleUtils.buildNamespaceRoleName(appId, ConfigConsts.NAMESPACE_APPLICATION, RoleType.MODIFY_NAMESPACE), RoleUtils.buildNamespaceRoleName(appId, ConfigConsts.NAMESPACE_APPLICATION, RoleType.MODIFY_NAMESPACE, null),
Sets.newHashSet(operator), operator); Sets.newHashSet(operator), operator);
rolePermissionService.assignRoleToUsers( rolePermissionService.assignRoleToUsers(
RoleUtils.buildNamespaceRoleName(appId, ConfigConsts.NAMESPACE_APPLICATION, RoleType.RELEASE_NAMESPACE), RoleUtils.buildNamespaceRoleName(appId, ConfigConsts.NAMESPACE_APPLICATION, RoleType.RELEASE_NAMESPACE, null),
Sets.newHashSet(operator), operator); Sets.newHashSet(operator), operator);
} }
...@@ -64,16 +69,40 @@ public class DefaultRoleInitializationService implements RoleInitializationServi ...@@ -64,16 +69,40 @@ public class DefaultRoleInitializationService implements RoleInitializationServi
@Transactional @Transactional
public void initNamespaceRoles(String appId, String namespaceName, String operator) { public void initNamespaceRoles(String appId, String namespaceName, String operator) {
String modifyNamespaceRoleName = RoleUtils.buildModifyNamespaceRoleName(appId, namespaceName); String modifyNamespaceRoleName = RoleUtils.buildModifyNamespaceRoleName(appId, namespaceName, null);
if (rolePermissionService.findRoleByRoleName(modifyNamespaceRoleName) == null) { if (rolePermissionService.findRoleByRoleName(modifyNamespaceRoleName) == null) {
createNamespaceRole(appId, namespaceName, PermissionType.MODIFY_NAMESPACE, createNamespaceRole(appId, namespaceName, PermissionType.MODIFY_NAMESPACE,
RoleUtils.buildModifyNamespaceRoleName(appId, namespaceName), operator); modifyNamespaceRoleName, operator);
} }
String releaseNamespaceRoleName = RoleUtils.buildReleaseNamespaceRoleName(appId, namespaceName); String releaseNamespaceRoleName = RoleUtils.buildReleaseNamespaceRoleName(appId, namespaceName, null);
if (rolePermissionService.findRoleByRoleName(releaseNamespaceRoleName) == null) { if (rolePermissionService.findRoleByRoleName(releaseNamespaceRoleName) == null) {
createNamespaceRole(appId, namespaceName, PermissionType.RELEASE_NAMESPACE, createNamespaceRole(appId, namespaceName, PermissionType.RELEASE_NAMESPACE,
RoleUtils.buildReleaseNamespaceRoleName(appId, namespaceName), operator); releaseNamespaceRoleName, operator);
}
}
@Transactional
public void initNamespaceEnvRoles(String appId, String namespaceName, String operator) {
List<Env> portalEnvs = portalConfig.portalSupportedEnvs();
for (Env env : portalEnvs) {
initNamespaceSpecificEnvRoles(appId, namespaceName, env.toString(), operator);
}
}
@Transactional
public void initNamespaceSpecificEnvRoles(String appId, String namespaceName, String env, String operator) {
String modifyNamespaceEnvRoleName = RoleUtils.buildModifyNamespaceRoleName(appId, namespaceName, env);
if (rolePermissionService.findRoleByRoleName(modifyNamespaceEnvRoleName) == null) {
createNamespaceEnvRole(appId, namespaceName, PermissionType.MODIFY_NAMESPACE, env,
modifyNamespaceEnvRoleName, operator);
}
String releaseNamespaceEnvRoleName = RoleUtils.buildReleaseNamespaceRoleName(appId, namespaceName, env);
if (rolePermissionService.findRoleByRoleName(releaseNamespaceEnvRoleName) == null) {
createNamespaceEnvRole(appId, namespaceName, PermissionType.RELEASE_NAMESPACE, env,
releaseNamespaceEnvRoleName, operator);
} }
} }
...@@ -114,7 +143,18 @@ public class DefaultRoleInitializationService implements RoleInitializationServi ...@@ -114,7 +143,18 @@ public class DefaultRoleInitializationService implements RoleInitializationServi
String roleName, String operator) { String roleName, String operator) {
Permission permission = Permission permission =
createPermission(RoleUtils.buildNamespaceTargetId(appId, namespaceName), permissionType, operator); createPermission(RoleUtils.buildNamespaceTargetId(appId, namespaceName, null), permissionType, operator);
Permission createdPermission = rolePermissionService.createPermission(permission);
Role role = createRole(roleName, operator);
rolePermissionService
.createRoleWithPermissions(role, Sets.newHashSet(createdPermission.getId()));
}
private void createNamespaceEnvRole(String appId, String namespaceName, String permissionType, String env,
String roleName, String operator) {
Permission permission =
createPermission(RoleUtils.buildNamespaceTargetId(appId, namespaceName, env), permissionType, operator);
Permission createdPermission = rolePermissionService.createPermission(permission); Permission createdPermission = rolePermissionService.createPermission(permission);
Role role = createRole(roleName, operator); Role role = createRole(roleName, operator);
......
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/util/RoleUtils.java
View file @ cefdda6d
...@@ -17,7 +17,9 @@ public class RoleUtils { ...@@ -17,7 +17,9 @@ public class RoleUtils {
return STRING_JOINER.join(roleType, appId); return STRING_JOINER.join(roleType, appId);
} }
public static String buildModifyNamespaceRoleName(String appId, String namespaceName) { public static String buildModifyNamespaceRoleName(String appId, String namespaceName, String env) {
if (null != env && !"".equals(env))
return STRING_JOINER.join(RoleType.MODIFY_NAMESPACE, appId, namespaceName, env);
return STRING_JOINER.join(RoleType.MODIFY_NAMESPACE, appId, namespaceName); return STRING_JOINER.join(RoleType.MODIFY_NAMESPACE, appId, namespaceName);
} }
...@@ -25,11 +27,15 @@ public class RoleUtils { ...@@ -25,11 +27,15 @@ public class RoleUtils {
return STRING_JOINER.join(RoleType.MODIFY_NAMESPACE, appId, ConfigConsts.NAMESPACE_APPLICATION); return STRING_JOINER.join(RoleType.MODIFY_NAMESPACE, appId, ConfigConsts.NAMESPACE_APPLICATION);
} }
public static String buildReleaseNamespaceRoleName(String appId, String namespaceName) { public static String buildReleaseNamespaceRoleName(String appId, String namespaceName, String env) {
if (null != env && !"".equals(env))
return STRING_JOINER.join(RoleType.RELEASE_NAMESPACE, appId, namespaceName, env);
return STRING_JOINER.join(RoleType.RELEASE_NAMESPACE, appId, namespaceName); return STRING_JOINER.join(RoleType.RELEASE_NAMESPACE, appId, namespaceName);
} }
public static String buildNamespaceRoleName(String appId, String namespaceName, String roleType) { public static String buildNamespaceRoleName(String appId, String namespaceName, String roleType, String env) {
if (null != env && !"".equals(env))
return STRING_JOINER.join(roleType, appId, namespaceName, env);
return STRING_JOINER.join(roleType, appId, namespaceName); return STRING_JOINER.join(roleType, appId, namespaceName);
} }
...@@ -37,7 +43,9 @@ public class RoleUtils { ...@@ -37,7 +43,9 @@ public class RoleUtils {
return STRING_JOINER.join(RoleType.RELEASE_NAMESPACE, appId, ConfigConsts.NAMESPACE_APPLICATION); return STRING_JOINER.join(RoleType.RELEASE_NAMESPACE, appId, ConfigConsts.NAMESPACE_APPLICATION);
} }
public static String buildNamespaceTargetId(String appId, String namespaceName) { public static String buildNamespaceTargetId(String appId, String namespaceName, String env) {
if (null != env && !"".equals(env))
return STRING_JOINER.join(appId, namespaceName, env);
return STRING_JOINER.join(appId, namespaceName); return STRING_JOINER.join(appId, namespaceName);
} }
......
apollo-portal/src/main/resources/static/namespace/role.html
View file @ cefdda6d
...@@ -35,21 +35,35 @@ ...@@ -35,21 +35,35 @@
<div class="row"> <div class="row">
<div class="form-horizontal"> <div class="form-horizontal">
<div class="form-group"> <div class="form-group">
<label class="col-sm-2 control-label">修改权<br><small>(可以修改配置)</small></label> <label class="col-sm-2 control-label">修改权<br><small>(可以修改配置,不选择环境则对所有环境授权)</small></label>
<div class="col-sm-8"> <div class="col-sm-8">
<form class="form-inline" ng-submit="assignRoleToUser('ModifyNamespace')"> <form class="form-inline" ng-submit="assignRoleToUser('ModifyNamespace')">
<div class="form-group"> <div class="form-group">
<apollouserselector apollo-id="modifyRoleWidgetId"></apollouserselector> <apollouserselector apollo-id="modifyRoleWidgetId"></apollouserselector>
<select class="form-control input-sm" ng-model="modifyRoleSelectedEnv">
<option value="">可选环境</option>
<option ng-repeat="env in envs" ng-value="env">{{env}}</option>
</select>
</div> </div>
<button type="submit" class="btn btn-default" style="margin-left: 20px;" ng-disabled="modifyRoleSubmitBtnDisabled">添加</button> <button type="submit" class="btn btn-default" style="margin-left: 20px;" ng-disabled="modifyRoleSubmitBtnDisabled">添加</button>
</form> </form>
<!-- Split button --> <!-- Split button -->
<div class="item-container"> <div class="item-container">
<h5>ALL</h5>
<div class="btn-group item-info" ng-repeat="user in rolesAssignedUsers.modifyRoleUsers"> <div class="btn-group item-info" ng-repeat="user in rolesAssignedUsers.modifyRoleUsers">
<button type="button" class="btn btn-default" ng-bind="user.userId"></button> <button type="button" class="btn btn-default" ng-bind="user.userId"></button>
<button type="button" class="btn btn-default dropdown-toggle" data-toggle="dropdown" <button type="button" class="btn btn-default dropdown-toggle" data-toggle="dropdown"
aria-haspopup="true" aria-expanded="false" ng-click="removeUserRole('ModifyNamespace', user.userId)"> aria-haspopup="true" aria-expanded="false" ng-click="removeUserRole('ModifyNamespace', user.userId, null)">
<span class="glyphicon glyphicon-remove"></span>
</button>
</div>
</div>
<div class="item-container" ng-repeat="env in envs">
<h5>{{env}}</h5>
<div class="btn-group item-info" ng-repeat="user in envRolesAssignedUsers[env].modifyRoleUsers">
<button type="button" class="btn btn-default" ng-bind="user.userId"></button>
<button type="button" class="btn btn-default dropdown-toggle" data-toggle="dropdown"
aria-haspopup="true" aria-expanded="false" ng-click="removeUserRole('ModifyNamespace', user.userId, env)">
<span class="glyphicon glyphicon-remove"></span> <span class="glyphicon glyphicon-remove"></span>
</button> </button>
</div> </div>
...@@ -63,27 +77,41 @@ ...@@ -63,27 +77,41 @@
<div class="row" style="margin-top: 10px;"> <div class="row" style="margin-top: 10px;">
<div class="form-horizontal"> <div class="form-horizontal">
<div class="col-sm-2 text-right"> <div class="col-sm-2 text-right">
<label class="control-label">发布权<br><small>(可以发布配置)</small></label> <label class="control-label">发布权<br><small>(可以发布配置,不选择环境则对所有环境授权)</small></label>
</div> </div>
<div class="col-sm-8"> <div class="col-sm-8">
<form class="form-inline" ng-submit="assignRoleToUser('ReleaseNamespace')"> <form class="form-inline" ng-submit="assignRoleToUser('ReleaseNamespace')">
<div class="form-group"> <div class="form-group">
<apollouserselector apollo-id="releaseRoleWidgetId"></apollouserselector> <apollouserselector apollo-id="releaseRoleWidgetId"></apollouserselector>
<select class="form-control input-sm" ng-model="releaseRoleSelectedEnv">
<option value="">可选环境</option>
<option ng-repeat="env in envs" ng-value="env">{{env}}</option>
</select>
</div> </div>
<button type="submit" class="btn btn-default" style="margin-left: 20px;" ng-disabled="ReleaseRoleSubmitBtnDisabled">添加</button> <button type="submit" class="btn btn-default" style="margin-left: 20px;" ng-disabled="ReleaseRoleSubmitBtnDisabled">添加</button>
</form> </form>
<!-- Split button --> <!-- Split button -->
<div class="item-container"> <div class="item-container">
<h5>ALL</h5>
<div class="btn-group item-info" ng-repeat="user in rolesAssignedUsers.releaseRoleUsers"> <div class="btn-group item-info" ng-repeat="user in rolesAssignedUsers.releaseRoleUsers">
<button type="button" class="btn btn-default" ng-bind="user.userId"></button> <button type="button" class="btn btn-default" ng-bind="user.userId"></button>
<button type="button" class="btn btn-default dropdown-toggle" data-toggle="dropdown" <button type="button" class="btn btn-default dropdown-toggle" data-toggle="dropdown"
aria-haspopup="true" aria-expanded="false" ng-click="removeUserRole('ReleaseNamespace', user.userId)"> aria-haspopup="true" aria-expanded="false" ng-click="removeUserRole('ReleaseNamespace', user.userId, null)">
<span class="glyphicon glyphicon-remove"></span> <span class="glyphicon glyphicon-remove"></span>
</button> </button>
</div> </div>
</div> </div>
<div class="item-container" ng-repeat="env in envs">
<h5>{{env}}</h5>
<div class="btn-group item-info" ng-repeat="user in envRolesAssignedUsers[env].releaseRoleUsers">
<button type="button" class="btn btn-default" ng-bind="user.userId"></button>
<button type="button" class="btn btn-default dropdown-toggle" data-toggle="dropdown"
aria-haspopup="true" aria-expanded="false" ng-click="removeUserRole('ReleaseNamespace', user.userId, env)">
<span class="glyphicon glyphicon-remove"></span>
</button>
</div>
</div>
</div> </div>
</div> </div>
......
apollo-portal/src/main/resources/static/open/manage.html
View file @ cefdda6d
...@@ -135,6 +135,17 @@ ...@@ -135,6 +135,17 @@
</label> </label>
</div> </div>
</div> </div>
<div class="form-group" valdr-form-group ng-show="consumerRole.type=='NamespaceRole'">
<label class="col-sm-2 control-label">
环境(不选择则所有环境都有权限)
</label>
<div class="col-sm-3">
<label class="checkbox-inline" ng-repeat="env in envs">
<input type="checkbox" ng-checked="env.checked" ng-click="switchSelect(env)" />
{{env.env}}
</label>
</div>
</div>
<div class="form-group"> <div class="form-group">
<div class="col-sm-offset-2 col-sm-9"> <div class="col-sm-offset-2 col-sm-9">
<button type="submit" class="btn btn-primary" <button type="submit" class="btn btn-primary"
......
apollo-portal/src/main/resources/static/scripts/controller/open/OpenManageController.js
View file @ cefdda6d
open_manage_module.controller('OpenManageController', open_manage_module.controller('OpenManageController',
['$scope', 'toastr', 'AppUtil', 'OrganizationService', 'ConsumerService', 'PermissionService', ['$scope', 'toastr', 'AppUtil', 'OrganizationService', 'ConsumerService', 'PermissionService','EnvService',
OpenManageController]); OpenManageController]);
function OpenManageController($scope, toastr, AppUtil, OrganizationService, ConsumerService, PermissionService) { function OpenManageController($scope, toastr, AppUtil, OrganizationService, ConsumerService, PermissionService, EnvService) {
var $orgWidget = $('#organization'); var $orgWidget = $('#organization');
...@@ -18,12 +18,10 @@ function OpenManageController($scope, toastr, AppUtil, OrganizationService, Cons ...@@ -18,12 +18,10 @@ function OpenManageController($scope, toastr, AppUtil, OrganizationService, Cons
$scope.createConsumer = createConsumer; $scope.createConsumer = createConsumer;
$scope.assignRoleToConsumer = assignRoleToConsumer; $scope.assignRoleToConsumer = assignRoleToConsumer;
init();
function init() { function init() {
initOrganization(); initOrganization();
initPermission(); initPermission();
initEnv();
} }
function initOrganization() { function initOrganization() {
...@@ -50,7 +48,29 @@ function OpenManageController($scope, toastr, AppUtil, OrganizationService, Cons ...@@ -50,7 +48,29 @@ function OpenManageController($scope, toastr, AppUtil, OrganizationService, Cons
PermissionService.has_root_permission() PermissionService.has_root_permission()
.then(function (result) { .then(function (result) {
$scope.isRootUser = result.hasPermission; $scope.isRootUser = result.hasPermission;
}) });
}
function initEnv() {
EnvService.find_all_envs()
.then(function (result){
$scope.envs = new Array();
for (var iLoop = 0; iLoop < result.length; iLoop++) {
$scope.envs.push({ checked : false, env : result[iLoop] });
$scope.envsChecked = new Array();
}
$scope.switchSelect = function (item) {
item.checked = !item.checked;
$scope.envsChecked = new Array();
for (var iLoop = 0; iLoop < $scope.envs.length; iLoop++) {
var env = $scope.envs[iLoop];
if (env.checked) {
$scope.envsChecked.push(env.env);
}
}
};
});
} }
function getTokenByAppId() { function getTokenByAppId() {
...@@ -68,7 +88,7 @@ function OpenManageController($scope, toastr, AppUtil, OrganizationService, Cons ...@@ -68,7 +88,7 @@ function OpenManageController($scope, toastr, AppUtil, OrganizationService, Cons
} else { } else {
$scope.consumerToken = {token: 'App(' + $scope.consumer.appId + ')未创建,请先创建'}; $scope.consumerToken = {token: 'App(' + $scope.consumer.appId + ')未创建,请先创建'};
} }
}) });
} }
function createConsumer() { function createConsumer() {
...@@ -114,7 +134,8 @@ function OpenManageController($scope, toastr, AppUtil, OrganizationService, Cons ...@@ -114,7 +134,8 @@ function OpenManageController($scope, toastr, AppUtil, OrganizationService, Cons
ConsumerService.assignRoleToConsumer($scope.consumerRole.token, ConsumerService.assignRoleToConsumer($scope.consumerRole.token,
$scope.consumerRole.type, $scope.consumerRole.type,
$scope.consumerRole.appId, $scope.consumerRole.appId,
$scope.consumerRole.namespaceName) $scope.consumerRole.namespaceName,
$scope.envsChecked)
.then(function (consumerRoles) { .then(function (consumerRoles) {
toastr.success("赋权成功"); toastr.success("赋权成功");
}, function (response) { }, function (response) {
...@@ -122,4 +143,5 @@ function OpenManageController($scope, toastr, AppUtil, OrganizationService, Cons ...@@ -122,4 +143,5 @@ function OpenManageController($scope, toastr, AppUtil, OrganizationService, Cons
}) })
} }
init();
} }
apollo-portal/src/main/resources/static/scripts/controller/role/NamespaceRoleController.js
View file @ cefdda6d
role_module.controller('NamespaceRoleController', role_module.controller('NamespaceRoleController',
['$scope', '$location', '$window', 'toastr', 'AppService', 'UserService', 'AppUtil', ['$scope', '$location', '$window', 'toastr', 'AppService', 'UserService', 'AppUtil', 'EnvService',
'PermissionService', 'PermissionService',
function ($scope, $location, $window, toastr, AppService, UserService, AppUtil, function ($scope, $location, $window, toastr, AppService, UserService, AppUtil, EnvService,
PermissionService) { PermissionService) {
var params = AppUtil.parseParams($location.$$url); var params = AppUtil.parseParams($location.$$url);
...@@ -16,6 +16,16 @@ role_module.controller('NamespaceRoleController', ...@@ -16,6 +16,16 @@ role_module.controller('NamespaceRoleController',
$scope.releaseRoleWidgetId = 'releaseRoleWidgetId'; $scope.releaseRoleWidgetId = 'releaseRoleWidgetId';
$scope.modifyRoleWidgetId = 'modifyRoleWidgetId'; $scope.modifyRoleWidgetId = 'modifyRoleWidgetId';
$scope.modifyRoleSelectedEnv = "";
$scope.releaseRoleSelectedEnv = "";
PermissionService.init_app_namespace_permission($scope.pageContext.appId, $scope.pageContext.namespaceName)
.then(function (result) {
}, function(result) {
toastr.warn(AppUtil.errorMsg(result), "初始化授权出错");
});
PermissionService.has_assign_user_permission($scope.pageContext.appId) PermissionService.has_assign_user_permission($scope.pageContext.appId)
.then(function (result) { .then(function (result) {
$scope.hasAssignUserPermission = result.hasPermission; $scope.hasAssignUserPermission = result.hasPermission;
...@@ -23,6 +33,21 @@ role_module.controller('NamespaceRoleController', ...@@ -23,6 +33,21 @@ role_module.controller('NamespaceRoleController',
}); });
EnvService.find_all_envs()
.then(function (result){
$scope.envs = result;
$scope.envRolesAssignedUsers = {};
for (var iLoop = 0; iLoop < result.length; iLoop++) {
var env = result[iLoop];
PermissionService.get_namespace_env_role_users($scope.pageContext.appId, env, $scope.pageContext.namespaceName)
.then(function (result) {
$scope.envRolesAssignedUsers[result.env] = result;
}, function(result) {
toastr.error(AppUtil.errorMsg(result), "加载" + env + "授权用户出错");
});
}
});
PermissionService.get_namespace_role_users($scope.pageContext.appId, PermissionService.get_namespace_role_users($scope.pageContext.appId,
$scope.pageContext.namespaceName) $scope.pageContext.namespaceName)
.then(function (result) { .then(function (result) {
...@@ -32,7 +57,7 @@ role_module.controller('NamespaceRoleController', ...@@ -32,7 +57,7 @@ role_module.controller('NamespaceRoleController',
}); });
$scope.assignRoleToUser = function (roleType) { $scope.assignRoleToUser = function (roleType) {
if ('ReleaseNamespace' == roleType) { if ("ReleaseNamespace" === roleType) {
var user = $('.' + $scope.releaseRoleWidgetId).select2('data')[0]; var user = $('.' + $scope.releaseRoleWidgetId).select2('data')[0];
if (!user) { if (!user) {
toastr.warning("请选择用户"); toastr.warning("请选择用户");
...@@ -40,15 +65,29 @@ role_module.controller('NamespaceRoleController', ...@@ -40,15 +65,29 @@ role_module.controller('NamespaceRoleController',
} }
$scope.ReleaseRoleSubmitBtnDisabled = true; $scope.ReleaseRoleSubmitBtnDisabled = true;
var toAssignReleaseNamespaceRoleUser = user.id; var toAssignReleaseNamespaceRoleUser = user.id;
PermissionService.assign_release_namespace_role($scope.pageContext.appId,
var assignReleaseNamespaceRoleFunc = $scope.releaseRoleSelectedEnv === "" ?
PermissionService.assign_release_namespace_role :
function (appId, namespaceName, user) {
return PermissionService.assign_release_namespace_env_role(appId, $scope.releaseRoleSelectedEnv, namespaceName, user);
};
assignReleaseNamespaceRoleFunc($scope.pageContext.appId,
$scope.pageContext.namespaceName, $scope.pageContext.namespaceName,
toAssignReleaseNamespaceRoleUser) toAssignReleaseNamespaceRoleUser)
.then(function (result) { .then(function (result) {
toastr.success("添加成功"); toastr.success("添加成功");
$scope.ReleaseRoleSubmitBtnDisabled = false; $scope.ReleaseRoleSubmitBtnDisabled = false;
if ($scope.releaseRoleSelectedEnv === "") {
$scope.rolesAssignedUsers.releaseRoleUsers.push( $scope.rolesAssignedUsers.releaseRoleUsers.push(
{userId: toAssignReleaseNamespaceRoleUser}); {userId: toAssignReleaseNamespaceRoleUser});
} else {
$scope.envRolesAssignedUsers[$scope.releaseRoleSelectedEnv].releaseRoleUsers.push(
{userId: toAssignReleaseNamespaceRoleUser});
}
$('.' + $scope.releaseRoleWidgetId).select2("val", ""); $('.' + $scope.releaseRoleWidgetId).select2("val", "");
$scope.releaseRoleSelectedEnv = "";
}, function (result) { }, function (result) {
$scope.ReleaseRoleSubmitBtnDisabled = false; $scope.ReleaseRoleSubmitBtnDisabled = false;
toastr.error(AppUtil.errorMsg(result), "添加失败"); toastr.error(AppUtil.errorMsg(result), "添加失败");
...@@ -61,15 +100,28 @@ role_module.controller('NamespaceRoleController', ...@@ -61,15 +100,28 @@ role_module.controller('NamespaceRoleController',
} }
$scope.modifyRoleSubmitBtnDisabled = true; $scope.modifyRoleSubmitBtnDisabled = true;
var toAssignModifyNamespaceRoleUser = user.id; var toAssignModifyNamespaceRoleUser = user.id;
PermissionService.assign_modify_namespace_role($scope.pageContext.appId,
var assignModifyNamespaceRoleFunc = $scope.modifyRoleSelectedEnv === "" ?
PermissionService.assign_modify_namespace_role :
function (appId, namespaceName, user) {
return PermissionService.assign_modify_namespace_env_role(appId, $scope.modifyRoleSelectedEnv, namespaceName, user);
};
assignModifyNamespaceRoleFunc($scope.pageContext.appId,
$scope.pageContext.namespaceName, $scope.pageContext.namespaceName,
toAssignModifyNamespaceRoleUser) toAssignModifyNamespaceRoleUser)
.then(function (result) { .then(function (result) {
toastr.success("添加成功"); toastr.success("添加成功");
$scope.modifyRoleSubmitBtnDisabled = false; $scope.modifyRoleSubmitBtnDisabled = false;
if ($scope.modifyRoleSelectedEnv === "") {
$scope.rolesAssignedUsers.modifyRoleUsers.push( $scope.rolesAssignedUsers.modifyRoleUsers.push(
{userId: toAssignModifyNamespaceRoleUser}); {userId: toAssignModifyNamespaceRoleUser});
} else {
$scope.envRolesAssignedUsers[$scope.modifyRoleSelectedEnv].modifyRoleUsers.push(
{userId: toAssignModifyNamespaceRoleUser});
}
$('.' + $scope.modifyRoleWidgetId).select2("val", ""); $('.' + $scope.modifyRoleWidgetId).select2("val", "");
$scope.modifyRoleSelectedEnv = "";
}, function (result) { }, function (result) {
$scope.modifyRoleSubmitBtnDisabled = false; $scope.modifyRoleSubmitBtnDisabled = false;
toastr.error(AppUtil.errorMsg(result), "添加失败"); toastr.error(AppUtil.errorMsg(result), "添加失败");
...@@ -77,24 +129,44 @@ role_module.controller('NamespaceRoleController', ...@@ -77,24 +129,44 @@ role_module.controller('NamespaceRoleController',
} }
}; };
$scope.removeUserRole = function (roleType, user) { $scope.removeUserRole = function (roleType, user, env) {
if ('ReleaseNamespace' == roleType) { if ("ReleaseNamespace" === roleType) {
PermissionService.remove_release_namespace_role($scope.pageContext.appId, var removeReleaseNamespaceRoleFunc = !env ?
PermissionService.remove_release_namespace_role :
function (appId, namespaceName, user) {
return PermissionService.remove_release_namespace_env_role(appId, env, namespaceName, user);
};
removeReleaseNamespaceRoleFunc($scope.pageContext.appId,
$scope.pageContext.namespaceName, $scope.pageContext.namespaceName,
user) user)
.then(function (result) { .then(function (result) {
toastr.success("删除成功"); toastr.success("删除成功");
if (!env) {
removeUserFromList($scope.rolesAssignedUsers.releaseRoleUsers, user); removeUserFromList($scope.rolesAssignedUsers.releaseRoleUsers, user);
} else {
removeUserFromList($scope.envRolesAssignedUsers[env].releaseRoleUsers, user);
}
}, function (result) { }, function (result) {
toastr.error(AppUtil.errorMsg(result), "删除失败"); toastr.error(AppUtil.errorMsg(result), "删除失败");
}); });
} else { } else {
PermissionService.remove_modify_namespace_role($scope.pageContext.appId, var removeModifyNamespaceRoleFunc = !env ?
PermissionService.remove_modify_namespace_role :
function (appId, namespaceName, user) {
return PermissionService.remove_modify_namespace_env_role(appId, env, namespaceName, user);
};
removeModifyNamespaceRoleFunc($scope.pageContext.appId,
$scope.pageContext.namespaceName, $scope.pageContext.namespaceName,
user) user)
.then(function (result) { .then(function (result) {
toastr.success("删除成功"); toastr.success("删除成功");
if (!env) {
removeUserFromList($scope.rolesAssignedUsers.modifyRoleUsers, user); removeUserFromList($scope.rolesAssignedUsers.modifyRoleUsers, user);
} else {
removeUserFromList($scope.envRolesAssignedUsers[env].modifyRoleUsers, user);
}
}, function (result) { }, function (result) {
toastr.error(AppUtil.errorMsg(result), "删除失败"); toastr.error(AppUtil.errorMsg(result), "删除失败");
}); });
...@@ -104,7 +176,7 @@ role_module.controller('NamespaceRoleController', ...@@ -104,7 +176,7 @@ role_module.controller('NamespaceRoleController',
function removeUserFromList(list, user) { function removeUserFromList(list, user) {
var index = 0; var index = 0;
for (var i = 0; i < list.length; i++) { for (var i = 0; i < list.length; i++) {
if (list[i].userId == user) { if (list[i].userId === user) {
index = i; index = i;
break; break;
} }
...@@ -112,4 +184,6 @@ role_module.controller('NamespaceRoleController', ...@@ -112,4 +184,6 @@ role_module.controller('NamespaceRoleController',
list.splice(index, 1); list.splice(index, 1);
} }
}]); }]);
apollo-portal/src/main/resources/static/scripts/directive/namespace-panel-directive.js
View file @ cefdda6d
...@@ -217,22 +217,54 @@ function directive($window, toastr, AppUtil, EventManager, PermissionService, Na ...@@ -217,22 +217,54 @@ function directive($window, toastr, AppUtil, EventManager, PermissionService, Na
scope.appId, scope.appId,
namespace.baseInfo.namespaceName) namespace.baseInfo.namespaceName)
.then(function (result) { .then(function (result) {
if (!result.hasPermission) {
PermissionService.has_modify_namespace_env_permission(
scope.appId,
scope.env,
namespace.baseInfo.namespaceName
)
.then(function (result) {
//branch has same permission
namespace.hasModifyPermission = result.hasPermission;
if (namespace.branch) {
namespace.branch.hasModifyPermission = result.hasPermission;
}
});
}
else {
//branch has same permission //branch has same permission
namespace.hasModifyPermission = result.hasPermission; namespace.hasModifyPermission = result.hasPermission;
if (namespace.branch) { if (namespace.branch) {
namespace.branch.hasModifyPermission = result.hasPermission; namespace.branch.hasModifyPermission = result.hasPermission;
} }
}
}); });
PermissionService.has_release_namespace_permission( PermissionService.has_release_namespace_permission(
scope.appId, scope.appId,
namespace.baseInfo.namespaceName) namespace.baseInfo.namespaceName)
.then(function (result) { .then(function (result) {
if (!result.hasPermission) {
PermissionService.has_release_namespace_env_permission(
scope.appId,
scope.env,
namespace.baseInfo.namespaceName
)
.then(function (result) {
//branch has same permission
namespace.hasReleasePermission = result.hasPermission;
if (namespace.branch) {
namespace.branch.hasReleasePermission = result.hasPermission;
}
});
}
else {
//branch has same permission //branch has same permission
namespace.hasReleasePermission = result.hasPermission; namespace.hasReleasePermission = result.hasPermission;
if (namespace.branch) { if (namespace.branch) {
namespace.branch.hasReleasePermission = result.hasPermission; namespace.branch.hasReleasePermission = result.hasPermission;
} }
}
}); });
} }
......
apollo-portal/src/main/resources/static/scripts/services/ConsumerService.js
View file @ cefdda6d
...@@ -29,11 +29,12 @@ appService.service('ConsumerService', ['$resource', '$q', 'AppUtil', ...@@ -29,11 +29,12 @@ appService.service('ConsumerService', ['$resource', '$q', 'AppUtil',
appId: appId appId: appId
}); });
}, },
assignRoleToConsumer: function (token, type, appId, namespaceName) { assignRoleToConsumer: function (token, type, appId, namespaceName, envs) {
return AppUtil.ajax(resource.assign_role_to_consumer, return AppUtil.ajax(resource.assign_role_to_consumer,
{ {
token: token, token: token,
type: type type: type,
envs: envs
}, },
{ {
appId: appId, appId: appId,
......
apollo-portal/src/main/resources/static/scripts/services/PermissionService.js
View file @ cefdda6d
appService.service('PermissionService', ['$resource', '$q', function ($resource, $q) { appService.service('PermissionService', ['$resource', '$q', function ($resource, $q) {
var permission_resource = $resource('', {}, { var permission_resource = $resource('', {}, {
init_app_namespace_permission: {
method: 'POST',
url: '/apps/:appId/initPermission?namespace=:namespace'
},
has_app_permission: { has_app_permission: {
method: 'GET', method: 'GET',
url: '/apps/:appId/permissions/:permissionType' url: '/apps/:appId/permissions/:permissionType'
...@@ -8,6 +12,10 @@ appService.service('PermissionService', ['$resource', '$q', function ($resource, ...@@ -8,6 +12,10 @@ appService.service('PermissionService', ['$resource', '$q', function ($resource,
method: 'GET', method: 'GET',
url: '/apps/:appId/namespaces/:namespaceName/permissions/:permissionType' url: '/apps/:appId/namespaces/:namespaceName/permissions/:permissionType'
}, },
has_namespace_env_permission: {
method: 'GET',
url: '/apps/:appId/envs/:env/namespaces/:namespaceName/permissions/:permissionType'
},
has_root_permission:{ has_root_permission:{
method: 'GET', method: 'GET',
url: '/permissions/root' url: '/permissions/root'
...@@ -16,14 +24,26 @@ appService.service('PermissionService', ['$resource', '$q', function ($resource, ...@@ -16,14 +24,26 @@ appService.service('PermissionService', ['$resource', '$q', function ($resource,
method: 'GET', method: 'GET',
url: '/apps/:appId/namespaces/:namespaceName/role_users' url: '/apps/:appId/namespaces/:namespaceName/role_users'
}, },
get_namespace_env_role_users: {
method: 'GET',
url: '/apps/:appId/envs/:env/namespaces/:namespaceName/role_users'
},
assign_namespace_role_to_user: { assign_namespace_role_to_user: {
method: 'POST', method: 'POST',
url: '/apps/:appId/namespaces/:namespaceName/roles/:roleType' url: '/apps/:appId/namespaces/:namespaceName/roles/:roleType'
}, },
assign_namespace_env_role_to_user: {
method: 'POST',
url: '/apps/:appId/envs/:env/namespaces/:namespaceName/roles/:roleType'
},
remove_namespace_role_from_user: { remove_namespace_role_from_user: {
method: 'DELETE', method: 'DELETE',
url: '/apps/:appId/namespaces/:namespaceName/roles/:roleType?user=:user' url: '/apps/:appId/namespaces/:namespaceName/roles/:roleType?user=:user'
}, },
remove_namespace_env_role_from_user: {
method: 'DELETE',
url: '/apps/:appId/envs/:env/namespaces/:namespaceName/roles/:roleType?user=:user'
},
get_app_role_users: { get_app_role_users: {
method: 'GET', method: 'GET',
url: '/apps/:appId/role_users' url: '/apps/:appId/role_users'
...@@ -38,6 +58,20 @@ appService.service('PermissionService', ['$resource', '$q', function ($resource, ...@@ -38,6 +58,20 @@ appService.service('PermissionService', ['$resource', '$q', function ($resource,
} }
}); });
function initAppNamespacePermission(appId, namespace) {
var d = $q.defer();
permission_resource.init_app_namespace_permission({
appId: appId,
namespace: namespace
}, namespace,
function (result) {
d.resolve(result);
}, function (result) {
d.reject(result);
});
return d.promise;
}
function hasAppPermission(appId, permissionType) { function hasAppPermission(appId, permissionType) {
var d = $q.defer(); var d = $q.defer();
permission_resource.has_app_permission({ permission_resource.has_app_permission({
...@@ -67,6 +101,22 @@ appService.service('PermissionService', ['$resource', '$q', function ($resource, ...@@ -67,6 +101,22 @@ appService.service('PermissionService', ['$resource', '$q', function ($resource,
return d.promise; return d.promise;
} }
function hasNamespaceEnvPermission(appId, env, namespaceName, permissionType) {
var d = $q.defer();
permission_resource.has_namespace_env_permission({
appId: appId,
namespaceName: namespaceName,
permissionType: permissionType,
env: env
},
function (result) {
d.resolve(result);
}, function (result) {
d.reject(result);
});
return d.promise;
}
function assignNamespaceRoleToUser(appId, namespaceName, roleType, user) { function assignNamespaceRoleToUser(appId, namespaceName, roleType, user) {
var d = $q.defer(); var d = $q.defer();
permission_resource.assign_namespace_role_to_user({ permission_resource.assign_namespace_role_to_user({
...@@ -82,7 +132,23 @@ appService.service('PermissionService', ['$resource', '$q', function ($resource, ...@@ -82,7 +132,23 @@ appService.service('PermissionService', ['$resource', '$q', function ($resource,
return d.promise; return d.promise;
} }
function removeRoleFromUser(appId, namespaceName, roleType, user) { function assignNamespaceEnvRoleToUser(appId, env, namespaceName, roleType, user) {
var d = $q.defer();
permission_resource.assign_namespace_env_role_to_user({
appId: appId,
namespaceName: namespaceName,
roleType: roleType,
env: env
}, user,
function (result) {
d.resolve(result);
}, function (result) {
d.reject(result);
});
return d.promise;
}
function removeNamespaceRoleFromUser(appId, namespaceName, roleType, user) {
var d = $q.defer(); var d = $q.defer();
permission_resource.remove_namespace_role_from_user({ permission_resource.remove_namespace_role_from_user({
appId: appId, appId: appId,
...@@ -98,7 +164,27 @@ appService.service('PermissionService', ['$resource', '$q', function ($resource, ...@@ -98,7 +164,27 @@ appService.service('PermissionService', ['$resource', '$q', function ($resource,
return d.promise; return d.promise;
} }
function removeNamespaceEnvRoleFromUser(appId, env, namespaceName, roleType, user) {
var d = $q.defer();
permission_resource.remove_namespace_env_role_from_user({
appId: appId,
namespaceName: namespaceName,
roleType: roleType,
user: user,
env: env
},
function (result) {
d.resolve(result);
}, function (result) {
d.reject(result);
});
return d.promise;
}
return { return {
init_app_namespace_permission: function (appId, namespace) {
return initAppNamespacePermission(appId, namespace);
},
has_create_namespace_permission: function (appId) { has_create_namespace_permission: function (appId) {
return hasAppPermission(appId, 'CreateNamespace'); return hasAppPermission(appId, 'CreateNamespace');
}, },
...@@ -111,9 +197,15 @@ appService.service('PermissionService', ['$resource', '$q', function ($resource, ...@@ -111,9 +197,15 @@ appService.service('PermissionService', ['$resource', '$q', function ($resource,
has_modify_namespace_permission: function (appId, namespaceName) { has_modify_namespace_permission: function (appId, namespaceName) {
return hasNamespacePermission(appId, namespaceName, 'ModifyNamespace'); return hasNamespacePermission(appId, namespaceName, 'ModifyNamespace');
}, },
has_modify_namespace_env_permission: function (appId, env, namespaceName) {
return hasNamespaceEnvPermission(appId, env, namespaceName, 'ModifyNamespace');
},
has_release_namespace_permission: function (appId, namespaceName) { has_release_namespace_permission: function (appId, namespaceName) {
return hasNamespacePermission(appId, namespaceName, 'ReleaseNamespace'); return hasNamespacePermission(appId, namespaceName, 'ReleaseNamespace');
}, },
has_release_namespace_env_permission: function (appId, env, namespaceName) {
return hasNamespaceEnvPermission(appId, env, namespaceName, 'ReleaseNamespace');
},
has_root_permission: function () { has_root_permission: function () {
var d = $q.defer(); var d = $q.defer();
permission_resource.has_root_permission({ }, permission_resource.has_root_permission({ },
...@@ -128,14 +220,26 @@ appService.service('PermissionService', ['$resource', '$q', function ($resource, ...@@ -128,14 +220,26 @@ appService.service('PermissionService', ['$resource', '$q', function ($resource,
assign_modify_namespace_role: function (appId, namespaceName, user) { assign_modify_namespace_role: function (appId, namespaceName, user) {
return assignNamespaceRoleToUser(appId, namespaceName, 'ModifyNamespace', user); return assignNamespaceRoleToUser(appId, namespaceName, 'ModifyNamespace', user);
}, },
assign_modify_namespace_env_role: function (appId, env, namespaceName, user) {
return assignNamespaceEnvRoleToUser(appId, env, namespaceName, 'ModifyNamespace', user);
},
assign_release_namespace_role: function (appId, namespaceName, user) { assign_release_namespace_role: function (appId, namespaceName, user) {
return assignNamespaceRoleToUser(appId, namespaceName, 'ReleaseNamespace', user); return assignNamespaceRoleToUser(appId, namespaceName, 'ReleaseNamespace', user);
}, },
assign_release_namespace_env_role: function (appId, env, namespaceName, user) {
return assignNamespaceEnvRoleToUser(appId, env, namespaceName, 'ReleaseNamespace', user);
},
remove_modify_namespace_role: function (appId, namespaceName, user) { remove_modify_namespace_role: function (appId, namespaceName, user) {
return removeRoleFromUser(appId, namespaceName, 'ModifyNamespace', user); return removeNamespaceRoleFromUser(appId, namespaceName, 'ModifyNamespace', user);
},
remove_modify_namespace_env_role: function (appId, env, namespaceName, user) {
return removeNamespaceEnvRoleFromUser(appId, env, namespaceName, 'ModifyNamespace', user);
}, },
remove_release_namespace_role: function (appId, namespaceName, user) { remove_release_namespace_role: function (appId, namespaceName, user) {
return removeRoleFromUser(appId, namespaceName, 'ReleaseNamespace', user); return removeNamespaceRoleFromUser(appId, namespaceName, 'ReleaseNamespace', user);
},
remove_release_namespace_env_role: function (appId, env, namespaceName, user) {
return removeNamespaceEnvRoleFromUser(appId, env, namespaceName, 'ReleaseNamespace', user);
}, },
get_namespace_role_users: function (appId, namespaceName) { get_namespace_role_users: function (appId, namespaceName) {
var d = $q.defer(); var d = $q.defer();
...@@ -150,6 +254,20 @@ appService.service('PermissionService', ['$resource', '$q', function ($resource, ...@@ -150,6 +254,20 @@ appService.service('PermissionService', ['$resource', '$q', function ($resource,
}); });
return d.promise; return d.promise;
}, },
get_namespace_env_role_users: function (appId, env, namespaceName) {
var d = $q.defer();
permission_resource.get_namespace_env_role_users({
appId: appId,
namespaceName: namespaceName,
env: env
},
function (result) {
d.resolve(result);
}, function (result) {
d.reject(result);
});
return d.promise;
},
get_app_role_users: function (appId) { get_app_role_users: function (appId) {
var d = $q.defer(); var d = $q.defer();
permission_resource.get_app_role_users({ permission_resource.get_app_role_users({
......
apollo-portal/src/test/java/com/ctrip/framework/apollo/openapi/service/ConsumerServiceTest.java
View file @ cefdda6d
package com.ctrip.framework.apollo.openapi.service; package com.ctrip.framework.apollo.openapi.service;
import com.ctrip.framework.apollo.core.enums.Env;
import com.ctrip.framework.apollo.openapi.entity.Consumer; import com.ctrip.framework.apollo.openapi.entity.Consumer;
import com.ctrip.framework.apollo.openapi.entity.ConsumerRole; import com.ctrip.framework.apollo.openapi.entity.ConsumerRole;
import com.ctrip.framework.apollo.openapi.entity.ConsumerToken; import com.ctrip.framework.apollo.openapi.entity.ConsumerToken;
...@@ -176,14 +177,22 @@ public class ConsumerServiceTest extends AbstractUnitTest { ...@@ -176,14 +177,22 @@ public class ConsumerServiceTest extends AbstractUnitTest {
doReturn(consumerId).when(consumerService).getConsumerIdByToken(token); doReturn(consumerId).when(consumerService).getConsumerIdByToken(token);
String testNamespace = "namespace"; String testNamespace = "namespace";
String modifyRoleName = RoleUtils.buildModifyNamespaceRoleName(testAppId, testNamespace); String modifyRoleName = RoleUtils.buildModifyNamespaceRoleName(testAppId, testNamespace, null);
String releaseRoleName = RoleUtils.buildReleaseNamespaceRoleName(testAppId, testNamespace); String releaseRoleName = RoleUtils.buildReleaseNamespaceRoleName(testAppId, testNamespace, null);
String envModifyRoleName = RoleUtils.buildModifyNamespaceRoleName(testAppId, testNamespace, Env.DEV.toString());
String envReleaseRoleName = RoleUtils.buildReleaseNamespaceRoleName(testAppId, testNamespace, Env.DEV.toString());
long modifyRoleId = 1; long modifyRoleId = 1;
long releaseRoleId = 2; long releaseRoleId = 2;
long envModifyRoleId = 3;
long envReleaseRoleId = 4;
Role modifyRole = createRole(modifyRoleId, modifyRoleName); Role modifyRole = createRole(modifyRoleId, modifyRoleName);
Role releaseRole = createRole(releaseRoleId, releaseRoleName); Role releaseRole = createRole(releaseRoleId, releaseRoleName);
Role envModifyRole = createRole(envModifyRoleId, modifyRoleName);
Role envReleaseRole = createRole(envReleaseRoleId, releaseRoleName);
when(rolePermissionService.findRoleByRoleName(modifyRoleName)).thenReturn(modifyRole); when(rolePermissionService.findRoleByRoleName(modifyRoleName)).thenReturn(modifyRole);
when(rolePermissionService.findRoleByRoleName(releaseRoleName)).thenReturn(releaseRole); when(rolePermissionService.findRoleByRoleName(releaseRoleName)).thenReturn(releaseRole);
when(rolePermissionService.findRoleByRoleName(envModifyRoleName)).thenReturn(envModifyRole);
when(rolePermissionService.findRoleByRoleName(envReleaseRoleName)).thenReturn(envReleaseRole);
when(consumerRoleRepository.findByConsumerIdAndRoleId(consumerId, modifyRoleId)).thenReturn(null); when(consumerRoleRepository.findByConsumerIdAndRoleId(consumerId, modifyRoleId)).thenReturn(null);
...@@ -191,14 +200,21 @@ public class ConsumerServiceTest extends AbstractUnitTest { ...@@ -191,14 +200,21 @@ public class ConsumerServiceTest extends AbstractUnitTest {
when(userInfoHolder.getUser()).thenReturn(owner); when(userInfoHolder.getUser()).thenReturn(owner);
ConsumerRole namespaceModifyConsumerRole = createConsumerRole(consumerId, modifyRoleId); ConsumerRole namespaceModifyConsumerRole = createConsumerRole(consumerId, modifyRoleId);
ConsumerRole namespaceEnvModifyConsumerRole = createConsumerRole(consumerId, envModifyRoleId);
ConsumerRole namespaceReleaseConsumerRole = createConsumerRole(consumerId, releaseRoleId); ConsumerRole namespaceReleaseConsumerRole = createConsumerRole(consumerId, releaseRoleId);
ConsumerRole namespaceEnvReleaseConsumerRole = createConsumerRole(consumerId, envReleaseRoleId);
doReturn(namespaceModifyConsumerRole).when(consumerService).createConsumerRole(consumerId, modifyRoleId, testOwner); doReturn(namespaceModifyConsumerRole).when(consumerService).createConsumerRole(consumerId, modifyRoleId, testOwner);
doReturn(namespaceEnvModifyConsumerRole).when(consumerService).createConsumerRole(consumerId, envModifyRoleId, testOwner);
doReturn(namespaceReleaseConsumerRole).when(consumerService).createConsumerRole(consumerId, releaseRoleId, testOwner); doReturn(namespaceReleaseConsumerRole).when(consumerService).createConsumerRole(consumerId, releaseRoleId, testOwner);
doReturn(namespaceEnvReleaseConsumerRole).when(consumerService).createConsumerRole(consumerId, envReleaseRoleId, testOwner);
consumerService.assignNamespaceRoleToConsumer(token, testAppId, testNamespace); consumerService.assignNamespaceRoleToConsumer(token, testAppId, testNamespace, null);
consumerService.assignNamespaceRoleToConsumer(token, testAppId, testNamespace, Env.DEV.toString());
verify(consumerRoleRepository).save(namespaceModifyConsumerRole); verify(consumerRoleRepository).save(namespaceModifyConsumerRole);
verify(consumerRoleRepository).save(namespaceEnvModifyConsumerRole);
verify(consumerRoleRepository).save(namespaceReleaseConsumerRole); verify(consumerRoleRepository).save(namespaceReleaseConsumerRole);
verify(consumerRoleRepository).save(namespaceEnvReleaseConsumerRole);
} }
......
apollo-portal/src/test/java/com/ctrip/framework/apollo/portal/spi/defaultImpl/RoleInitializationServiceTest.java
View file @ cefdda6d
package com.ctrip.framework.apollo.portal.spi.defaultImpl; package com.ctrip.framework.apollo.portal.spi.defaultImpl;
import com.ctrip.framework.apollo.common.entity.App; import com.ctrip.framework.apollo.common.entity.App;
import com.ctrip.framework.apollo.core.enums.Env;
import com.ctrip.framework.apollo.portal.AbstractUnitTest; import com.ctrip.framework.apollo.portal.AbstractUnitTest;
import com.ctrip.framework.apollo.portal.component.config.PortalConfig;
import com.ctrip.framework.apollo.portal.constant.PermissionType; import com.ctrip.framework.apollo.portal.constant.PermissionType;
import com.ctrip.framework.apollo.portal.entity.bo.UserInfo; import com.ctrip.framework.apollo.portal.entity.bo.UserInfo;
import com.ctrip.framework.apollo.portal.entity.po.Permission; import com.ctrip.framework.apollo.portal.entity.po.Permission;
...@@ -15,6 +17,9 @@ import org.junit.Test; ...@@ -15,6 +17,9 @@ import org.junit.Test;
import org.mockito.InjectMocks; import org.mockito.InjectMocks;
import org.mockito.Mock; import org.mockito.Mock;
import java.util.ArrayList;
import java.util.List;
import static org.mockito.Matchers.any; import static org.mockito.Matchers.any;
import static org.mockito.Matchers.anySetOf; import static org.mockito.Matchers.anySetOf;
import static org.mockito.Matchers.anyString; import static org.mockito.Matchers.anyString;
...@@ -32,6 +37,8 @@ public class RoleInitializationServiceTest extends AbstractUnitTest { ...@@ -32,6 +37,8 @@ public class RoleInitializationServiceTest extends AbstractUnitTest {
private RolePermissionService rolePermissionService; private RolePermissionService rolePermissionService;
@Mock @Mock
private UserInfoHolder userInfoHolder; private UserInfoHolder userInfoHolder;
@Mock
private PortalConfig portalConfig;
@InjectMocks @InjectMocks
private DefaultRoleInitializationService roleInitializationService; private DefaultRoleInitializationService roleInitializationService;
...@@ -53,24 +60,25 @@ public class RoleInitializationServiceTest extends AbstractUnitTest { ...@@ -53,24 +60,25 @@ public class RoleInitializationServiceTest extends AbstractUnitTest {
when(rolePermissionService.findRoleByRoleName(anyString())).thenReturn(null); when(rolePermissionService.findRoleByRoleName(anyString())).thenReturn(null);
when(userInfoHolder.getUser()).thenReturn(mockUser()); when(userInfoHolder.getUser()).thenReturn(mockUser());
when(rolePermissionService.createPermission(any())).thenReturn(mockPermission()); when(rolePermissionService.createPermission(any())).thenReturn(mockPermission());
when(portalConfig.portalSupportedEnvs()).thenReturn(mockPortalSupportedEnvs());
roleInitializationService.initAppRoles(mockApp()); roleInitializationService.initAppRoles(mockApp());
verify(rolePermissionService, times(3)).findRoleByRoleName(anyString()); verify(rolePermissionService, times(7)).findRoleByRoleName(anyString());
verify(rolePermissionService, times(1)).assignRoleToUsers( verify(rolePermissionService, times(1)).assignRoleToUsers(
RoleUtils.buildAppMasterRoleName(APP_ID), Sets.newHashSet(CURRENT_USER), CURRENT_USER); RoleUtils.buildAppMasterRoleName(APP_ID), Sets.newHashSet(CURRENT_USER), CURRENT_USER);
verify(rolePermissionService, times(2)).createPermission(any()); verify(rolePermissionService, times(6)).createPermission(any());
verify(rolePermissionService, times(3)).createRoleWithPermissions(any(), anySetOf(Long.class)); verify(rolePermissionService, times(7)).createRoleWithPermissions(any(), anySetOf(Long.class));
} }
@Test @Test
public void testInitNamespaceRoleHasExisted(){ public void testInitNamespaceRoleHasExisted(){
String modifyNamespaceRoleName = RoleUtils.buildModifyNamespaceRoleName(APP_ID, NAMESPACE); String modifyNamespaceRoleName = RoleUtils.buildModifyNamespaceRoleName(APP_ID, NAMESPACE, null);
when(rolePermissionService.findRoleByRoleName(modifyNamespaceRoleName)). when(rolePermissionService.findRoleByRoleName(modifyNamespaceRoleName)).
thenReturn(mockRole(modifyNamespaceRoleName)); thenReturn(mockRole(modifyNamespaceRoleName));
String releaseNamespaceRoleName = RoleUtils.buildReleaseNamespaceRoleName(APP_ID, NAMESPACE); String releaseNamespaceRoleName = RoleUtils.buildReleaseNamespaceRoleName(APP_ID, NAMESPACE, null);
when(rolePermissionService.findRoleByRoleName(releaseNamespaceRoleName)). when(rolePermissionService.findRoleByRoleName(releaseNamespaceRoleName)).
thenReturn(mockRole(releaseNamespaceRoleName)); thenReturn(mockRole(releaseNamespaceRoleName));
...@@ -84,11 +92,11 @@ public class RoleInitializationServiceTest extends AbstractUnitTest { ...@@ -84,11 +92,11 @@ public class RoleInitializationServiceTest extends AbstractUnitTest {
@Test @Test
public void testInitNamespaceRoleNotExisted(){ public void testInitNamespaceRoleNotExisted(){
String modifyNamespaceRoleName = RoleUtils.buildModifyNamespaceRoleName(APP_ID, NAMESPACE); String modifyNamespaceRoleName = RoleUtils.buildModifyNamespaceRoleName(APP_ID, NAMESPACE, null);
when(rolePermissionService.findRoleByRoleName(modifyNamespaceRoleName)). when(rolePermissionService.findRoleByRoleName(modifyNamespaceRoleName)).
thenReturn(null); thenReturn(null);
String releaseNamespaceRoleName = RoleUtils.buildReleaseNamespaceRoleName(APP_ID, NAMESPACE); String releaseNamespaceRoleName = RoleUtils.buildReleaseNamespaceRoleName(APP_ID, NAMESPACE, null);
when(rolePermissionService.findRoleByRoleName(releaseNamespaceRoleName)). when(rolePermissionService.findRoleByRoleName(releaseNamespaceRoleName)).
thenReturn(null); thenReturn(null);
...@@ -105,11 +113,11 @@ public class RoleInitializationServiceTest extends AbstractUnitTest { ...@@ -105,11 +113,11 @@ public class RoleInitializationServiceTest extends AbstractUnitTest {
@Test @Test
public void testInitNamespaceRoleModifyNSExisted(){ public void testInitNamespaceRoleModifyNSExisted(){
String modifyNamespaceRoleName = RoleUtils.buildModifyNamespaceRoleName(APP_ID, NAMESPACE); String modifyNamespaceRoleName = RoleUtils.buildModifyNamespaceRoleName(APP_ID, NAMESPACE, null);
when(rolePermissionService.findRoleByRoleName(modifyNamespaceRoleName)). when(rolePermissionService.findRoleByRoleName(modifyNamespaceRoleName)).
thenReturn(mockRole(modifyNamespaceRoleName)); thenReturn(mockRole(modifyNamespaceRoleName));
String releaseNamespaceRoleName = RoleUtils.buildReleaseNamespaceRoleName(APP_ID, NAMESPACE); String releaseNamespaceRoleName = RoleUtils.buildReleaseNamespaceRoleName(APP_ID, NAMESPACE, null);
when(rolePermissionService.findRoleByRoleName(releaseNamespaceRoleName)). when(rolePermissionService.findRoleByRoleName(releaseNamespaceRoleName)).
thenReturn(null); thenReturn(null);
...@@ -149,9 +157,15 @@ public class RoleInitializationServiceTest extends AbstractUnitTest { ...@@ -149,9 +157,15 @@ public class RoleInitializationServiceTest extends AbstractUnitTest {
private Permission mockPermission(){ private Permission mockPermission(){
Permission permission = new Permission(); Permission permission = new Permission();
permission.setPermissionType(PermissionType.MODIFY_NAMESPACE); permission.setPermissionType(PermissionType.MODIFY_NAMESPACE);
permission.setTargetId(RoleUtils.buildNamespaceTargetId(APP_ID, NAMESPACE)); permission.setTargetId(RoleUtils.buildNamespaceTargetId(APP_ID, NAMESPACE, null));
return permission; return permission;
} }
private List<Env> mockPortalSupportedEnvs(){
List<Env> envArray = new ArrayList<>();
envArray.add(Env.DEV);
envArray.add(Env.FAT);
return envArray;
}
} }
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment