Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
superrain51
apollo
提交
b3e60336
apollo
项目概览
superrain51
/
apollo
与 Fork 源项目一致
从无法访问的项目Fork
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
apollo
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
b3e60336
编写于
11月 25, 2016
作者:
L
lepdou
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
branch restful api add permission validate
上级
7dcb2464
变更
5
显示空白变更内容
内联
并排
Showing
5 changed file
with
52 addition
and
17 deletion
+52
-17
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/auth/PermissionValidator.java
...rip/framework/apollo/portal/auth/PermissionValidator.java
+4
-0
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/controller/NamespaceBranchController.java
...k/apollo/portal/controller/NamespaceBranchController.java
+27
-3
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/service/NamespaceBranchService.java
...amework/apollo/portal/service/NamespaceBranchService.java
+0
-10
apollo-portal/src/main/resources/static/scripts/directive/item-modal-directive.js
...esources/static/scripts/directive/item-modal-directive.js
+9
-4
apollo-portal/src/main/resources/static/views/component/namespace-panel.html
...ain/resources/static/views/component/namespace-panel.html
+12
-0
未找到文件。
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/auth/PermissionValidator.java
浏览文件 @
b3e60336
...
...
@@ -30,6 +30,10 @@ public class PermissionValidator {
}
public
boolean
hasOperateNamespacePermission
(
String
appId
,
String
namespaceName
){
return
hasModifyNamespacePermission
(
appId
,
namespaceName
)
||
hasReleaseNamespacePermission
(
appId
,
namespaceName
);
}
public
boolean
hasAssignRolePermission
(
String
appId
)
{
return
rolePermissionService
.
userHasPermission
(
userInfoHolder
.
getUser
().
getUserId
(),
PermissionType
.
ASSIGN_ROLE
,
...
...
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/controller/NamespaceBranchController.java
浏览文件 @
b3e60336
package
com.ctrip.framework.apollo.portal.controller
;
import
com.ctrip.framework.apollo.common.constants.NamespaceBranchStatus
;
import
com.ctrip.framework.apollo.common.dto.GrayReleaseRuleDTO
;
import
com.ctrip.framework.apollo.common.dto.NamespaceDTO
;
import
com.ctrip.framework.apollo.common.dto.ReleaseDTO
;
import
com.ctrip.framework.apollo.core.enums.Env
;
import
com.ctrip.framework.apollo.portal.auth.PermissionValidator
;
import
com.ctrip.framework.apollo.portal.entity.model.NamespaceReleaseModel
;
import
com.ctrip.framework.apollo.portal.entity.vo.NamespaceVO
;
import
com.ctrip.framework.apollo.portal.service.NamespaceBranchService
;
import
com.ctrip.framework.apollo.portal.service.ReleaseService
;
import
org.springframework.beans.factory.annotation.Autowired
;
import
org.springframework.security.access.AccessDeniedException
;
import
org.springframework.security.access.prepost.PreAuthorize
;
import
org.springframework.web.bind.annotation.PathVariable
;
import
org.springframework.web.bind.annotation.RequestBody
;
import
org.springframework.web.bind.annotation.RequestMapping
;
...
...
@@ -20,6 +23,10 @@ import org.springframework.web.bind.annotation.RestController;
@RestController
public
class
NamespaceBranchController
{
@Autowired
private
PermissionValidator
permissionValidator
;
@Autowired
private
ReleaseService
releaseService
;
@Autowired
private
NamespaceBranchService
namespaceBranchService
;
...
...
@@ -31,6 +38,7 @@ public class NamespaceBranchController {
return
namespaceBranchService
.
findBranch
(
appId
,
Env
.
valueOf
(
env
),
clusterName
,
namespaceName
);
}
@PreAuthorize
(
value
=
"@permissionValidator.hasModifyNamespacePermission(#appId, #namespaceName)"
)
@RequestMapping
(
value
=
"/apps/{appId}/envs/{env}/clusters/{clusterName}/namespaces/{namespaceName}/branches"
,
method
=
RequestMethod
.
POST
)
public
NamespaceDTO
createBranch
(
@PathVariable
String
appId
,
@PathVariable
String
env
,
...
...
@@ -46,21 +54,35 @@ public class NamespaceBranchController {
@PathVariable
String
clusterName
,
@PathVariable
String
namespaceName
,
@PathVariable
String
branchName
)
{
boolean
canDelete
=
permissionValidator
.
hasReleaseNamespacePermission
(
appId
,
namespaceName
)
||
(
permissionValidator
.
hasModifyNamespacePermission
(
appId
,
namespaceName
)
&&
releaseService
.
loadLatestRelease
(
appId
,
Env
.
valueOf
(
env
),
branchName
,
namespaceName
)
==
null
);
if
(!
canDelete
)
{
throw
new
AccessDeniedException
(
"Forbidden operation. "
+
"Caused by: 1.you don't have release permission "
+
"or 2. you don't have modification permission "
+
"or 3. you have modification permission but branch has been released"
);
}
namespaceBranchService
.
deleteBranch
(
appId
,
Env
.
valueOf
(
env
),
clusterName
,
namespaceName
,
branchName
);
}
@PreAuthorize
(
value
=
"@permissionValidator.hasReleaseNamespacePermission(#appId, #namespaceName)"
)
@RequestMapping
(
value
=
"/apps/{appId}/envs/{env}/clusters/{clusterName}/namespaces/{namespaceName}/branches/{branchName}/merge"
,
method
=
RequestMethod
.
POST
)
public
ReleaseDTO
merge
(
@PathVariable
String
appId
,
@PathVariable
String
env
,
@PathVariable
String
clusterName
,
@PathVariable
String
namespaceName
,
@PathVariable
String
branchName
,
@RequestParam
(
value
=
"deleteBranch"
,
defaultValue
=
"true"
)
boolean
deleteBranch
,
@RequestBody
NamespaceReleaseModel
model
)
{
ReleaseDTO
createdRelease
=
namespaceBranchService
.
merge
(
appId
,
Env
.
valueOf
(
env
),
clusterName
,
namespaceName
,
branchName
,
return
namespaceBranchService
.
merge
(
appId
,
Env
.
valueOf
(
env
),
clusterName
,
namespaceName
,
branchName
,
model
.
getReleaseTitle
(),
model
.
getReleaseComment
(),
deleteBranch
);
return
createdRelease
;
}
...
...
@@ -73,6 +95,8 @@ public class NamespaceBranchController {
return
namespaceBranchService
.
findBranchGrayRules
(
appId
,
Env
.
valueOf
(
env
),
clusterName
,
namespaceName
,
branchName
);
}
@PreAuthorize
(
value
=
"@permissionValidator.hasOperateNamespacePermission(#appId, #namespaceName)"
)
@RequestMapping
(
value
=
"/apps/{appId}/envs/{env}/clusters/{clusterName}/namespaces/{namespaceName}/branches/{branchName}/rules"
,
method
=
RequestMethod
.
PUT
)
public
void
updateBranchRules
(
@PathVariable
String
appId
,
@PathVariable
String
env
,
@PathVariable
String
clusterName
,
@PathVariable
String
namespaceName
,
...
...
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/service/NamespaceBranchService.java
浏览文件 @
b3e60336
...
...
@@ -76,16 +76,6 @@ public class NamespaceBranchService {
String
operator
=
userInfoHolder
.
getUser
().
getUserId
();
//Refusing request if user has not release permission and branch has been released
if
(!
permissionValidator
.
hasReleaseNamespacePermission
(
appId
,
namespaceName
)
&&
(!
permissionValidator
.
hasModifyNamespacePermission
(
appId
,
namespaceName
)
||
releaseService
.
loadLatestRelease
(
appId
,
env
,
branchName
,
namespaceName
)
!=
null
))
{
throw
new
BadRequestException
(
"Forbidden operation. "
+
"Cause by: you has not release permission "
+
"or you has not modify permission "
+
"or you has modify permission but branch has been released"
);
}
namespaceBranchAPI
.
deleteBranch
(
appId
,
env
,
clusterName
,
namespaceName
,
branchName
,
operator
);
Cat
.
logEvent
(
CatEventType
.
DELETE_GRAY_RELEASE
,
...
...
apollo-portal/src/main/resources/static/scripts/directive/item-modal-directive.js
浏览文件 @
b3e60336
...
...
@@ -53,14 +53,18 @@ function itemModalDirective(toastr, AppUtil, EventManager, ConfigService) {
scope
.
toOperationNamespace
.
baseInfo
.
namespaceName
,
scope
.
item
).
then
(
function
(
result
)
{
toastr
.
success
(
"
添加成功,如需生效请发布
"
);
scope
.
item
.
addItemBtnDisabled
=
false
;
AppUtil
.
hideModal
(
'
#itemModal
'
);
EventManager
.
emit
(
EventManager
.
EventType
.
REFRESH_NAMESPACE
,
{
namespace
:
scope
.
toOperationNamespace
});
toastr
.
success
(
"
添加成功,如需生效请发布
"
);
},
function
(
result
)
{
toastr
.
error
(
AppUtil
.
errorMsg
(
result
),
"
添加失败
"
);
scope
.
item
.
addItemBtnDisabled
=
false
;
});
}
else
{
if
(
selectedClusters
.
length
==
0
)
{
...
...
@@ -75,6 +79,8 @@ function itemModalDirective(toastr, AppUtil, EventManager, ConfigService) {
scope
.
toOperationNamespace
.
baseInfo
.
namespaceName
,
scope
.
item
).
then
(
function
(
result
)
{
scope
.
item
.
addItemBtnDisabled
=
false
;
AppUtil
.
hideModal
(
'
#itemModal
'
);
toastr
.
success
(
cluster
.
env
+
"
,
"
+
scope
.
item
.
key
,
"
添加成功,如需生效请发布
"
);
if
(
cluster
.
env
==
scope
.
env
&&
cluster
.
name
==
scope
.
cluster
)
{
...
...
@@ -86,12 +92,11 @@ function itemModalDirective(toastr, AppUtil, EventManager, ConfigService) {
}
},
function
(
result
)
{
toastr
.
error
(
AppUtil
.
errorMsg
(
result
),
"
添加失败
"
);
scope
.
item
.
addItemBtnDisabled
=
false
;
});
});
}
scope
.
item
.
addItemBtnDisabled
=
false
;
AppUtil
.
hideModal
(
'
#itemModal
'
);
}
else
{
...
...
apollo-portal/src/main/resources/static/views/component/namespace-panel.html
浏览文件 @
b3e60336
...
...
@@ -875,6 +875,11 @@
<!--gray rules-->
<div
class=
"rules-manage-view row"
ng-show=
"namespace.branch.viewType == 'rule'"
>
<div
class=
"alert alert-warning no-radius"
ng-show=
"!namespace.hasModifyPermission && !namespace.hasReleasePermission"
>
<strong>
Tips:
</strong>
您没有权限编辑灰度规则, 具有namespace修改权或者发布权的人员才可以编辑灰度规则. 如需要编辑灰度规则,请找项目管理员申请权限.
</div>
<table
class=
"table table-bordered table-hover"
>
<thead>
<tr>
...
...
@@ -892,9 +897,11 @@
<td
class=
"text-center"
width=
"10%"
>
<img
src=
"img/edit.png"
class=
"i-20 hover"
data-tooltip=
"tooltip"
data-placement=
"bottom"
title=
"修改"
ng-show=
"namespace.hasModifyPermission || namespace.hasReleasePermission"
ng-click=
"editRuleItem(namespace.branch, ruleItem)"
>
<img
src=
"img/cancel.png"
class=
"i-20 hover"
style=
"margin-left: 5px;"
data-tooltip=
"tooltip"
data-placement=
"bottom"
title=
"删除"
ng-show=
"namespace.hasModifyPermission || namespace.hasReleasePermission"
ng-click=
"deleteRuleItem(namespace.branch, ruleItem)"
>
</td>
</tr>
...
...
@@ -902,6 +909,7 @@
</tbody>
</table>
<button
class=
"btn btn-primary"
ng-if=
"namespace.hasModifyPermission || namespace.hasReleasePermission"
ng-show=
"(namespace.isPublic && !namespace.isLinkedNamespace) ||
((!namespace.isPublic || namespace.isLinkedNamespace)
&& (!namespace.branch.rules
...
...
@@ -909,7 +917,11 @@
|| !namespace.branch.rules.ruleItems.length))"
ng-click=
"addRuleItem(namespace.branch)"
>
新增规则
</button>
</div>
<!--instances -->
<div
class=
"panel panel-default"
ng-show=
"namespace.branch.viewType == 'instance'"
>
<div
class=
"panel-heading text-right"
>
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录