Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
wrr-cat
apollo
提交
0bc91cc1
apollo
项目概览
wrr-cat
/
apollo
与 Fork 源项目一致
从无法访问的项目Fork
通知
2
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
apollo
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
未验证
提交
0bc91cc1
编写于
7月 24, 2018
作者:
J
Jason Song
提交者:
GitHub
7月 24, 2018
浏览文件
操作
浏览文件
下载
差异文件
Merge pull request #1282 from nobodyiam/branch_env_permission
Support role permissions per environment
上级
a6563b81
f27bb7dd
变更
27
隐藏空白更改
内联
并排
Showing
27 changed file
with
763 addition
and
194 deletion
+763
-194
apollo-portal/src/main/java/com/ctrip/framework/apollo/openapi/auth/ConsumerPermissionValidator.java
...work/apollo/openapi/auth/ConsumerPermissionValidator.java
+6
-7
apollo-portal/src/main/java/com/ctrip/framework/apollo/openapi/service/ConsumerService.java
...rip/framework/apollo/openapi/service/ConsumerService.java
+7
-3
apollo-portal/src/main/java/com/ctrip/framework/apollo/openapi/v1/controller/ItemController.java
...ramework/apollo/openapi/v1/controller/ItemController.java
+3
-3
apollo-portal/src/main/java/com/ctrip/framework/apollo/openapi/v1/controller/ReleaseController.java
...ework/apollo/openapi/v1/controller/ReleaseController.java
+1
-1
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/component/PermissionValidator.java
...ramework/apollo/portal/component/PermissionValidator.java
+28
-11
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/component/emailbuilder/ConfigPublishEmailBuilder.java
...tal/component/emailbuilder/ConfigPublishEmailBuilder.java
+16
-2
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/controller/AppController.java
...rip/framework/apollo/portal/controller/AppController.java
+7
-0
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/controller/ConsumerController.java
...ramework/apollo/portal/controller/ConsumerController.java
+26
-7
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/controller/ItemController.java
...ip/framework/apollo/portal/controller/ItemController.java
+30
-8
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/controller/NamespaceBranchController.java
...k/apollo/portal/controller/NamespaceBranchController.java
+6
-6
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/controller/NamespaceController.java
...amework/apollo/portal/controller/NamespaceController.java
+1
-0
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/controller/PermissionController.java
...mework/apollo/portal/controller/PermissionController.java
+90
-0
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/controller/ReleaseController.java
...framework/apollo/portal/controller/ReleaseController.java
+3
-2
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/entity/vo/NamespaceEnvRolesAssignedUsers.java
...ollo/portal/entity/vo/NamespaceEnvRolesAssignedUsers.java
+15
-0
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/service/AppNamespaceService.java
.../framework/apollo/portal/service/AppNamespaceService.java
+1
-0
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/service/RoleInitializationService.java
...work/apollo/portal/service/RoleInitializationService.java
+4
-0
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/spi/defaultimpl/DefaultRoleInitializationService.java
...tal/spi/defaultimpl/DefaultRoleInitializationService.java
+44
-4
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/util/RoleUtils.java
...ava/com/ctrip/framework/apollo/portal/util/RoleUtils.java
+21
-5
apollo-portal/src/main/resources/static/namespace/role.html
apollo-portal/src/main/resources/static/namespace/role.html
+32
-4
apollo-portal/src/main/resources/static/open/manage.html
apollo-portal/src/main/resources/static/open/manage.html
+14
-0
apollo-portal/src/main/resources/static/scripts/controller/open/OpenManageController.js
...es/static/scripts/controller/open/OpenManageController.js
+31
-9
apollo-portal/src/main/resources/static/scripts/controller/role/NamespaceRoleController.js
...static/scripts/controller/role/NamespaceRoleController.js
+182
-108
apollo-portal/src/main/resources/static/scripts/directive/namespace-panel-directive.js
...ces/static/scripts/directive/namespace-panel-directive.js
+38
-6
apollo-portal/src/main/resources/static/scripts/services/ConsumerService.js
...main/resources/static/scripts/services/ConsumerService.js
+3
-2
apollo-portal/src/main/resources/static/scripts/services/PermissionService.js
...in/resources/static/scripts/services/PermissionService.js
+121
-3
apollo-portal/src/test/java/com/ctrip/framework/apollo/openapi/service/ConsumerServiceTest.java
...framework/apollo/openapi/service/ConsumerServiceTest.java
+16
-0
apollo-portal/src/test/java/com/ctrip/framework/apollo/portal/spi/defaultImpl/RoleInitializationServiceTest.java
...portal/spi/defaultImpl/RoleInitializationServiceTest.java
+17
-3
未找到文件。
apollo-portal/src/main/java/com/ctrip/framework/apollo/openapi/auth/ConsumerPermissionValidator.java
浏览文件 @
0bc91cc1
...
@@ -19,26 +19,25 @@ public class ConsumerPermissionValidator {
...
@@ -19,26 +19,25 @@ public class ConsumerPermissionValidator {
private
ConsumerAuthUtil
consumerAuthUtil
;
private
ConsumerAuthUtil
consumerAuthUtil
;
public
boolean
hasModifyNamespacePermission
(
HttpServletRequest
request
,
String
appId
,
String
public
boolean
hasModifyNamespacePermission
(
HttpServletRequest
request
,
String
appId
,
String
namespaceName
,
namespaceName
)
{
String
env
)
{
if
(
hasCreateNamespacePermission
(
request
,
appId
))
{
if
(
hasCreateNamespacePermission
(
request
,
appId
))
{
return
true
;
return
true
;
}
}
return
permissionService
.
consumerHasPermission
(
consumerAuthUtil
.
retrieveConsumerId
(
request
),
return
permissionService
.
consumerHasPermission
(
consumerAuthUtil
.
retrieveConsumerId
(
request
),
PermissionType
.
MODIFY_NAMESPACE
,
PermissionType
.
MODIFY_NAMESPACE
,
RoleUtils
.
buildNamespaceTargetId
(
appId
,
namespaceName
));
RoleUtils
.
buildNamespaceTargetId
(
appId
,
namespaceName
,
env
));
}
}
public
boolean
hasReleaseNamespacePermission
(
HttpServletRequest
request
,
String
appId
,
String
public
boolean
hasReleaseNamespacePermission
(
HttpServletRequest
request
,
String
appId
,
String
namespaceName
,
namespaceName
)
{
String
env
)
{
if
(
hasCreateNamespacePermission
(
request
,
appId
))
{
if
(
hasCreateNamespacePermission
(
request
,
appId
))
{
return
true
;
return
true
;
}
}
return
permissionService
.
consumerHasPermission
(
consumerAuthUtil
.
retrieveConsumerId
(
request
),
return
permissionService
.
consumerHasPermission
(
consumerAuthUtil
.
retrieveConsumerId
(
request
),
PermissionType
.
RELEASE_NAMESPACE
,
PermissionType
.
RELEASE_NAMESPACE
,
RoleUtils
.
buildNamespaceTargetId
(
appId
,
namespaceName
));
RoleUtils
.
buildNamespaceTargetId
(
appId
,
namespaceName
,
env
));
}
}
...
...
apollo-portal/src/main/java/com/ctrip/framework/apollo/openapi/service/ConsumerService.java
浏览文件 @
0bc91cc1
...
@@ -112,17 +112,21 @@ public class ConsumerService {
...
@@ -112,17 +112,21 @@ public class ConsumerService {
return
consumerRepository
.
findOne
(
consumerId
);
return
consumerRepository
.
findOne
(
consumerId
);
}
}
@Transactional
public
List
<
ConsumerRole
>
assignNamespaceRoleToConsumer
(
String
token
,
String
appId
,
String
namespaceName
)
{
public
List
<
ConsumerRole
>
assignNamespaceRoleToConsumer
(
String
token
,
String
appId
,
String
namespaceName
)
{
return
assignNamespaceRoleToConsumer
(
token
,
appId
,
namespaceName
,
null
);
}
@Transactional
public
List
<
ConsumerRole
>
assignNamespaceRoleToConsumer
(
String
token
,
String
appId
,
String
namespaceName
,
String
env
)
{
Long
consumerId
=
getConsumerIdByToken
(
token
);
Long
consumerId
=
getConsumerIdByToken
(
token
);
if
(
consumerId
==
null
)
{
if
(
consumerId
==
null
)
{
throw
new
BadRequestException
(
"Token is Illegal"
);
throw
new
BadRequestException
(
"Token is Illegal"
);
}
}
Role
namespaceModifyRole
=
Role
namespaceModifyRole
=
rolePermissionService
.
findRoleByRoleName
(
RoleUtils
.
buildModifyNamespaceRoleName
(
appId
,
namespaceName
));
rolePermissionService
.
findRoleByRoleName
(
RoleUtils
.
buildModifyNamespaceRoleName
(
appId
,
namespaceName
,
env
));
Role
namespaceReleaseRole
=
Role
namespaceReleaseRole
=
rolePermissionService
.
findRoleByRoleName
(
RoleUtils
.
buildReleaseNamespaceRoleName
(
appId
,
namespaceName
));
rolePermissionService
.
findRoleByRoleName
(
RoleUtils
.
buildReleaseNamespaceRoleName
(
appId
,
namespaceName
,
env
));
if
(
namespaceModifyRole
==
null
||
namespaceReleaseRole
==
null
)
{
if
(
namespaceModifyRole
==
null
||
namespaceReleaseRole
==
null
)
{
throw
new
BadRequestException
(
"Namespace's role does not exist. Please check whether namespace has created."
);
throw
new
BadRequestException
(
"Namespace's role does not exist. Please check whether namespace has created."
);
...
...
apollo-portal/src/main/java/com/ctrip/framework/apollo/openapi/v1/controller/ItemController.java
浏览文件 @
0bc91cc1
...
@@ -32,7 +32,7 @@ public class ItemController {
...
@@ -32,7 +32,7 @@ public class ItemController {
private
UserService
userService
;
private
UserService
userService
;
@PreAuthorize
(
value
=
"@consumerPermissionValidator.hasModifyNamespacePermission(#request, #appId, #namespaceName)"
)
@PreAuthorize
(
value
=
"@consumerPermissionValidator.hasModifyNamespacePermission(#request, #appId, #namespaceName
, #env
)"
)
@RequestMapping
(
value
=
"/apps/{appId}/clusters/{clusterName}/namespaces/{namespaceName}/items"
,
method
=
RequestMethod
.
POST
)
@RequestMapping
(
value
=
"/apps/{appId}/clusters/{clusterName}/namespaces/{namespaceName}/items"
,
method
=
RequestMethod
.
POST
)
public
OpenItemDTO
createItem
(
@PathVariable
String
appId
,
@PathVariable
String
env
,
public
OpenItemDTO
createItem
(
@PathVariable
String
appId
,
@PathVariable
String
env
,
@PathVariable
String
clusterName
,
@PathVariable
String
namespaceName
,
@PathVariable
String
clusterName
,
@PathVariable
String
namespaceName
,
...
@@ -60,7 +60,7 @@ public class ItemController {
...
@@ -60,7 +60,7 @@ public class ItemController {
return
OpenApiBeanUtils
.
transformFromItemDTO
(
createdItem
);
return
OpenApiBeanUtils
.
transformFromItemDTO
(
createdItem
);
}
}
@PreAuthorize
(
value
=
"@consumerPermissionValidator.hasModifyNamespacePermission(#request, #appId, #namespaceName)"
)
@PreAuthorize
(
value
=
"@consumerPermissionValidator.hasModifyNamespacePermission(#request, #appId, #namespaceName
, #env
)"
)
@RequestMapping
(
value
=
"/apps/{appId}/clusters/{clusterName}/namespaces/{namespaceName}/items/{key:.+}"
,
method
=
RequestMethod
.
PUT
)
@RequestMapping
(
value
=
"/apps/{appId}/clusters/{clusterName}/namespaces/{namespaceName}/items/{key:.+}"
,
method
=
RequestMethod
.
PUT
)
public
void
updateItem
(
@PathVariable
String
appId
,
@PathVariable
String
env
,
public
void
updateItem
(
@PathVariable
String
appId
,
@PathVariable
String
env
,
@PathVariable
String
clusterName
,
@PathVariable
String
namespaceName
,
@PathVariable
String
clusterName
,
@PathVariable
String
namespaceName
,
...
@@ -91,7 +91,7 @@ public class ItemController {
...
@@ -91,7 +91,7 @@ public class ItemController {
}
}
@PreAuthorize
(
value
=
"@consumerPermissionValidator.hasModifyNamespacePermission(#request, #appId, #namespaceName)"
)
@PreAuthorize
(
value
=
"@consumerPermissionValidator.hasModifyNamespacePermission(#request, #appId, #namespaceName
, #env
)"
)
@RequestMapping
(
value
=
"/apps/{appId}/clusters/{clusterName}/namespaces/{namespaceName}/items/{key:.+}"
,
method
=
RequestMethod
.
DELETE
)
@RequestMapping
(
value
=
"/apps/{appId}/clusters/{clusterName}/namespaces/{namespaceName}/items/{key:.+}"
,
method
=
RequestMethod
.
DELETE
)
public
void
deleteItem
(
@PathVariable
String
appId
,
@PathVariable
String
env
,
public
void
deleteItem
(
@PathVariable
String
appId
,
@PathVariable
String
env
,
@PathVariable
String
clusterName
,
@PathVariable
String
namespaceName
,
@PathVariable
String
clusterName
,
@PathVariable
String
namespaceName
,
...
...
apollo-portal/src/main/java/com/ctrip/framework/apollo/openapi/v1/controller/ReleaseController.java
浏览文件 @
0bc91cc1
...
@@ -33,7 +33,7 @@ public class ReleaseController {
...
@@ -33,7 +33,7 @@ public class ReleaseController {
@Autowired
@Autowired
private
UserService
userService
;
private
UserService
userService
;
@PreAuthorize
(
value
=
"@consumerPermissionValidator.hasReleaseNamespacePermission(#request, #appId, #namespaceName)"
)
@PreAuthorize
(
value
=
"@consumerPermissionValidator.hasReleaseNamespacePermission(#request, #appId, #namespaceName
, #env
)"
)
@RequestMapping
(
value
=
"/apps/{appId}/clusters/{clusterName}/namespaces/{namespaceName}/releases"
,
method
=
RequestMethod
.
POST
)
@RequestMapping
(
value
=
"/apps/{appId}/clusters/{clusterName}/namespaces/{namespaceName}/releases"
,
method
=
RequestMethod
.
POST
)
public
OpenReleaseDTO
createRelease
(
@PathVariable
String
appId
,
@PathVariable
String
env
,
public
OpenReleaseDTO
createRelease
(
@PathVariable
String
appId
,
@PathVariable
String
env
,
@PathVariable
String
clusterName
,
@PathVariable
String
clusterName
,
...
...
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/component/PermissionValidator.java
浏览文件 @
0bc91cc1
...
@@ -6,7 +6,6 @@ import com.ctrip.framework.apollo.portal.constant.PermissionType;
...
@@ -6,7 +6,6 @@ import com.ctrip.framework.apollo.portal.constant.PermissionType;
import
com.ctrip.framework.apollo.portal.service.RolePermissionService
;
import
com.ctrip.framework.apollo.portal.service.RolePermissionService
;
import
com.ctrip.framework.apollo.portal.spi.UserInfoHolder
;
import
com.ctrip.framework.apollo.portal.spi.UserInfoHolder
;
import
com.ctrip.framework.apollo.portal.util.RoleUtils
;
import
com.ctrip.framework.apollo.portal.util.RoleUtils
;
import
org.springframework.beans.factory.annotation.Autowired
;
import
org.springframework.beans.factory.annotation.Autowired
;
import
org.springframework.stereotype.Component
;
import
org.springframework.stereotype.Component
;
...
@@ -22,14 +21,26 @@ public class PermissionValidator {
...
@@ -22,14 +21,26 @@ public class PermissionValidator {
public
boolean
hasModifyNamespacePermission
(
String
appId
,
String
namespaceName
)
{
public
boolean
hasModifyNamespacePermission
(
String
appId
,
String
namespaceName
)
{
return
rolePermissionService
.
userHasPermission
(
userInfoHolder
.
getUser
().
getUserId
(),
return
rolePermissionService
.
userHasPermission
(
userInfoHolder
.
getUser
().
getUserId
(),
PermissionType
.
MODIFY_NAMESPACE
,
PermissionType
.
MODIFY_NAMESPACE
,
RoleUtils
.
buildNamespaceTargetId
(
appId
,
namespaceName
));
RoleUtils
.
buildNamespaceTargetId
(
appId
,
namespaceName
));
}
public
boolean
hasModifyNamespacePermission
(
String
appId
,
String
namespaceName
,
String
env
)
{
return
hasModifyNamespacePermission
(
appId
,
namespaceName
)
||
rolePermissionService
.
userHasPermission
(
userInfoHolder
.
getUser
().
getUserId
(),
PermissionType
.
MODIFY_NAMESPACE
,
RoleUtils
.
buildNamespaceTargetId
(
appId
,
namespaceName
,
env
));
}
}
public
boolean
hasReleaseNamespacePermission
(
String
appId
,
String
namespaceName
)
{
public
boolean
hasReleaseNamespacePermission
(
String
appId
,
String
namespaceName
)
{
return
rolePermissionService
.
userHasPermission
(
userInfoHolder
.
getUser
().
getUserId
(),
return
rolePermissionService
.
userHasPermission
(
userInfoHolder
.
getUser
().
getUserId
(),
PermissionType
.
RELEASE_NAMESPACE
,
PermissionType
.
RELEASE_NAMESPACE
,
RoleUtils
.
buildNamespaceTargetId
(
appId
,
namespaceName
));
RoleUtils
.
buildNamespaceTargetId
(
appId
,
namespaceName
));
}
public
boolean
hasReleaseNamespacePermission
(
String
appId
,
String
namespaceName
,
String
env
)
{
return
hasReleaseNamespacePermission
(
appId
,
namespaceName
)
||
rolePermissionService
.
userHasPermission
(
userInfoHolder
.
getUser
().
getUserId
(),
PermissionType
.
RELEASE_NAMESPACE
,
RoleUtils
.
buildNamespaceTargetId
(
appId
,
namespaceName
,
env
));
}
}
public
boolean
hasDeleteNamespacePermission
(
String
appId
)
{
public
boolean
hasDeleteNamespacePermission
(
String
appId
)
{
...
@@ -40,17 +51,23 @@ public class PermissionValidator {
...
@@ -40,17 +51,23 @@ public class PermissionValidator {
return
hasModifyNamespacePermission
(
appId
,
namespaceName
)
||
hasReleaseNamespacePermission
(
appId
,
namespaceName
);
return
hasModifyNamespacePermission
(
appId
,
namespaceName
)
||
hasReleaseNamespacePermission
(
appId
,
namespaceName
);
}
}
public
boolean
hasOperateNamespacePermission
(
String
appId
,
String
namespaceName
,
String
env
)
{
return
hasOperateNamespacePermission
(
appId
,
namespaceName
)
||
hasModifyNamespacePermission
(
appId
,
namespaceName
,
env
)
||
hasReleaseNamespacePermission
(
appId
,
namespaceName
,
env
);
}
public
boolean
hasAssignRolePermission
(
String
appId
)
{
public
boolean
hasAssignRolePermission
(
String
appId
)
{
return
rolePermissionService
.
userHasPermission
(
userInfoHolder
.
getUser
().
getUserId
(),
return
rolePermissionService
.
userHasPermission
(
userInfoHolder
.
getUser
().
getUserId
(),
PermissionType
.
ASSIGN_ROLE
,
PermissionType
.
ASSIGN_ROLE
,
appId
);
appId
);
}
}
public
boolean
hasCreateNamespacePermission
(
String
appId
)
{
public
boolean
hasCreateNamespacePermission
(
String
appId
)
{
return
rolePermissionService
.
userHasPermission
(
userInfoHolder
.
getUser
().
getUserId
(),
return
rolePermissionService
.
userHasPermission
(
userInfoHolder
.
getUser
().
getUserId
(),
PermissionType
.
CREATE_NAMESPACE
,
PermissionType
.
CREATE_NAMESPACE
,
appId
);
appId
);
}
}
public
boolean
hasCreateAppNamespacePermission
(
String
appId
,
AppNamespace
appNamespace
)
{
public
boolean
hasCreateAppNamespacePermission
(
String
appId
,
AppNamespace
appNamespace
)
{
...
@@ -66,8 +83,8 @@ public class PermissionValidator {
...
@@ -66,8 +83,8 @@ public class PermissionValidator {
public
boolean
hasCreateClusterPermission
(
String
appId
)
{
public
boolean
hasCreateClusterPermission
(
String
appId
)
{
return
rolePermissionService
.
userHasPermission
(
userInfoHolder
.
getUser
().
getUserId
(),
return
rolePermissionService
.
userHasPermission
(
userInfoHolder
.
getUser
().
getUserId
(),
PermissionType
.
CREATE_CLUSTER
,
PermissionType
.
CREATE_CLUSTER
,
appId
);
appId
);
}
}
public
boolean
isAppAdmin
(
String
appId
)
{
public
boolean
isAppAdmin
(
String
appId
)
{
...
...
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/component/emailbuilder/ConfigPublishEmailBuilder.java
浏览文件 @
0bc91cc1
...
@@ -104,7 +104,7 @@ public abstract class ConfigPublishEmailBuilder {
...
@@ -104,7 +104,7 @@ public abstract class ConfigPublishEmailBuilder {
email
.
setSubject
(
subject
());
email
.
setSubject
(
subject
());
email
.
setSenderEmailAddress
(
portalConfig
.
emailSender
());
email
.
setSenderEmailAddress
(
portalConfig
.
emailSender
());
email
.
setRecipients
(
recipients
(
releaseHistory
.
getAppId
(),
releaseHistory
.
getNamespaceName
()));
email
.
setRecipients
(
recipients
(
releaseHistory
.
getAppId
(),
releaseHistory
.
getNamespaceName
()
,
env
.
toString
()
));
String
emailBody
=
emailContent
(
env
,
releaseHistory
);
String
emailBody
=
emailContent
(
env
,
releaseHistory
);
//clear not used module
//clear not used module
...
@@ -208,13 +208,19 @@ public abstract class ConfigPublishEmailBuilder {
...
@@ -208,13 +208,19 @@ public abstract class ConfigPublishEmailBuilder {
return
releaseService
.
compare
(
env
,
releaseHistory
.
getPreviousReleaseId
(),
releaseHistory
.
getReleaseId
());
return
releaseService
.
compare
(
env
,
releaseHistory
.
getPreviousReleaseId
(),
releaseHistory
.
getReleaseId
());
}
}
private
List
<
String
>
recipients
(
String
appId
,
String
namespaceName
)
{
private
List
<
String
>
recipients
(
String
appId
,
String
namespaceName
,
String
env
)
{
Set
<
UserInfo
>
modifyRoleUsers
=
Set
<
UserInfo
>
modifyRoleUsers
=
rolePermissionService
rolePermissionService
.
queryUsersWithRole
(
RoleUtils
.
buildNamespaceRoleName
(
appId
,
namespaceName
,
RoleType
.
MODIFY_NAMESPACE
));
.
queryUsersWithRole
(
RoleUtils
.
buildNamespaceRoleName
(
appId
,
namespaceName
,
RoleType
.
MODIFY_NAMESPACE
));
Set
<
UserInfo
>
envModifyRoleUsers
=
rolePermissionService
.
queryUsersWithRole
(
RoleUtils
.
buildNamespaceRoleName
(
appId
,
namespaceName
,
RoleType
.
MODIFY_NAMESPACE
,
env
));
Set
<
UserInfo
>
releaseRoleUsers
=
Set
<
UserInfo
>
releaseRoleUsers
=
rolePermissionService
rolePermissionService
.
queryUsersWithRole
(
RoleUtils
.
buildNamespaceRoleName
(
appId
,
namespaceName
,
RoleType
.
RELEASE_NAMESPACE
));
.
queryUsersWithRole
(
RoleUtils
.
buildNamespaceRoleName
(
appId
,
namespaceName
,
RoleType
.
RELEASE_NAMESPACE
));
Set
<
UserInfo
>
envReleaseRoleUsers
=
rolePermissionService
.
queryUsersWithRole
(
RoleUtils
.
buildNamespaceRoleName
(
appId
,
namespaceName
,
RoleType
.
RELEASE_NAMESPACE
,
env
));
Set
<
UserInfo
>
owners
=
rolePermissionService
.
queryUsersWithRole
(
RoleUtils
.
buildAppMasterRoleName
(
appId
));
Set
<
UserInfo
>
owners
=
rolePermissionService
.
queryUsersWithRole
(
RoleUtils
.
buildAppMasterRoleName
(
appId
));
Set
<
String
>
userIds
=
new
HashSet
<>(
modifyRoleUsers
.
size
()
+
releaseRoleUsers
.
size
()
+
owners
.
size
());
Set
<
String
>
userIds
=
new
HashSet
<>(
modifyRoleUsers
.
size
()
+
releaseRoleUsers
.
size
()
+
owners
.
size
());
...
@@ -223,10 +229,18 @@ public abstract class ConfigPublishEmailBuilder {
...
@@ -223,10 +229,18 @@ public abstract class ConfigPublishEmailBuilder {
userIds
.
add
(
userInfo
.
getUserId
());
userIds
.
add
(
userInfo
.
getUserId
());
}
}
for
(
UserInfo
userInfo
:
envModifyRoleUsers
)
{
userIds
.
add
(
userInfo
.
getUserId
());
}
for
(
UserInfo
userInfo
:
releaseRoleUsers
)
{
for
(
UserInfo
userInfo
:
releaseRoleUsers
)
{
userIds
.
add
(
userInfo
.
getUserId
());
userIds
.
add
(
userInfo
.
getUserId
());
}
}
for
(
UserInfo
userInfo
:
envReleaseRoleUsers
)
{
userIds
.
add
(
userInfo
.
getUserId
());
}
for
(
UserInfo
userInfo
:
owners
)
{
for
(
UserInfo
userInfo
:
owners
)
{
userIds
.
add
(
userInfo
.
getUserId
());
userIds
.
add
(
userInfo
.
getUserId
());
}
}
...
...
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/controller/AppController.java
浏览文件 @
0bc91cc1
package
com.ctrip.framework.apollo.portal.controller
;
package
com.ctrip.framework.apollo.portal.controller
;
import
com.ctrip.framework.apollo.core.ConfigConsts
;
import
com.ctrip.framework.apollo.portal.service.RoleInitializationService
;
import
com.ctrip.framework.apollo.common.entity.App
;
import
com.ctrip.framework.apollo.common.entity.App
;
import
com.ctrip.framework.apollo.common.exception.BadRequestException
;
import
com.ctrip.framework.apollo.common.exception.BadRequestException
;
import
com.ctrip.framework.apollo.common.http.MultiResponseEntity
;
import
com.ctrip.framework.apollo.common.http.MultiResponseEntity
;
...
@@ -53,6 +56,8 @@ public class AppController {
...
@@ -53,6 +56,8 @@ public class AppController {
private
ApplicationEventPublisher
publisher
;
private
ApplicationEventPublisher
publisher
;
@Autowired
@Autowired
private
RolePermissionService
rolePermissionService
;
private
RolePermissionService
rolePermissionService
;
@Autowired
private
RoleInitializationService
roleInitializationService
;
@RequestMapping
(
value
=
""
,
method
=
RequestMethod
.
GET
)
@RequestMapping
(
value
=
""
,
method
=
RequestMethod
.
GET
)
public
List
<
App
>
findApps
(
@RequestParam
(
value
=
"appIds"
,
required
=
false
)
String
appIds
)
{
public
List
<
App
>
findApps
(
@RequestParam
(
value
=
"appIds"
,
required
=
false
)
String
appIds
)
{
...
@@ -132,6 +137,8 @@ public class AppController {
...
@@ -132,6 +137,8 @@ public class AppController {
appService
.
createAppInRemote
(
Env
.
valueOf
(
env
),
app
);
appService
.
createAppInRemote
(
Env
.
valueOf
(
env
),
app
);
roleInitializationService
.
initNamespaceSpecificEnvRoles
(
app
.
getAppId
(),
ConfigConsts
.
NAMESPACE_APPLICATION
,
env
,
userInfoHolder
.
getUser
().
getUserId
());
return
ResponseEntity
.
ok
().
build
();
return
ResponseEntity
.
ok
().
build
();
}
}
...
...
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/controller/ConsumerController.java
浏览文件 @
0bc91cc1
...
@@ -2,12 +2,15 @@ package com.ctrip.framework.apollo.portal.controller;
...
@@ -2,12 +2,15 @@ package com.ctrip.framework.apollo.portal.controller;
import
com.ctrip.framework.apollo.common.dto.NamespaceDTO
;
import
com.ctrip.framework.apollo.common.dto.NamespaceDTO
;
import
com.ctrip.framework.apollo.common.exception.BadRequestException
;
import
com.ctrip.framework.apollo.common.exception.BadRequestException
;
import
com.ctrip.framework.apollo.core.enums.EnvUtils
;
import
com.ctrip.framework.apollo.core.utils.StringUtils
;
import
com.ctrip.framework.apollo.core.utils.StringUtils
;
import
com.ctrip.framework.apollo.openapi.entity.Consumer
;
import
com.ctrip.framework.apollo.openapi.entity.Consumer
;
import
com.ctrip.framework.apollo.openapi.entity.ConsumerRole
;
import
com.ctrip.framework.apollo.openapi.entity.ConsumerRole
;
import
com.ctrip.framework.apollo.openapi.entity.ConsumerToken
;
import
com.ctrip.framework.apollo.openapi.entity.ConsumerToken
;
import
com.ctrip.framework.apollo.openapi.service.ConsumerService
;
import
com.ctrip.framework.apollo.openapi.service.ConsumerService
;
import
com.google.common.base.Strings
;
import
com.google.common.collect.Lists
;
import
org.springframework.beans.factory.annotation.Autowired
;
import
org.springframework.beans.factory.annotation.Autowired
;
import
org.springframework.format.annotation.DateTimeFormat
;
import
org.springframework.format.annotation.DateTimeFormat
;
import
org.springframework.security.access.prepost.PreAuthorize
;
import
org.springframework.security.access.prepost.PreAuthorize
;
...
@@ -19,12 +22,7 @@ import org.springframework.web.bind.annotation.RequestMethod;
...
@@ -19,12 +22,7 @@ import org.springframework.web.bind.annotation.RequestMethod;
import
org.springframework.web.bind.annotation.RequestParam
;
import
org.springframework.web.bind.annotation.RequestParam
;
import
org.springframework.web.bind.annotation.RestController
;
import
org.springframework.web.bind.annotation.RestController
;
import
java.util.Calendar
;
import
java.util.*
;
import
java.util.Collections
;
import
java.util.Date
;
import
java.util.GregorianCalendar
;
import
java.util.List
;
import
java.util.Objects
;
/**
/**
* @author Jason Song(song_s@ctrip.com)
* @author Jason Song(song_s@ctrip.com)
...
@@ -69,6 +67,7 @@ public class ConsumerController {
...
@@ -69,6 +67,7 @@ public class ConsumerController {
@RequestMapping
(
value
=
"/consumers/{token}/assign-role"
,
method
=
RequestMethod
.
POST
)
@RequestMapping
(
value
=
"/consumers/{token}/assign-role"
,
method
=
RequestMethod
.
POST
)
public
List
<
ConsumerRole
>
assignNamespaceRoleToConsumer
(
@PathVariable
String
token
,
public
List
<
ConsumerRole
>
assignNamespaceRoleToConsumer
(
@PathVariable
String
token
,
@RequestParam
String
type
,
@RequestParam
String
type
,
@RequestParam
(
required
=
false
)
String
envs
,
@RequestBody
NamespaceDTO
namespace
)
{
@RequestBody
NamespaceDTO
namespace
)
{
String
appId
=
namespace
.
getAppId
();
String
appId
=
namespace
.
getAppId
();
...
@@ -77,13 +76,33 @@ public class ConsumerController {
...
@@ -77,13 +76,33 @@ public class ConsumerController {
if
(
StringUtils
.
isEmpty
(
appId
))
{
if
(
StringUtils
.
isEmpty
(
appId
))
{
throw
new
BadRequestException
(
"Params(AppId) can not be empty."
);
throw
new
BadRequestException
(
"Params(AppId) can not be empty."
);
}
}
if
(
Objects
.
equals
(
"AppRole"
,
type
))
{
if
(
Objects
.
equals
(
"AppRole"
,
type
))
{
return
Collections
.
singletonList
(
consumerService
.
assignAppRoleToConsumer
(
token
,
appId
));
return
Collections
.
singletonList
(
consumerService
.
assignAppRoleToConsumer
(
token
,
appId
));
}
else
{
}
else
{
if
(
StringUtils
.
isEmpty
(
namespaceName
))
{
if
(
StringUtils
.
isEmpty
(
namespaceName
))
{
throw
new
BadRequestException
(
"Params(NamespaceName) can not be empty."
);
throw
new
BadRequestException
(
"Params(NamespaceName) can not be empty."
);
}
}
if
(
null
!=
envs
){
String
[]
envArray
=
envs
.
split
(
","
);
List
<
String
>
envList
=
Lists
.
newArrayList
();
// validate env parameter
for
(
String
env
:
envArray
)
{
if
(
Strings
.
isNullOrEmpty
(
env
))
{
continue
;
}
if
(
null
==
EnvUtils
.
transformEnv
(
env
))
{
throw
new
BadRequestException
(
String
.
format
(
"env: %s is illegal"
,
env
));
}
envList
.
add
(
env
);
}
List
<
ConsumerRole
>
consumeRoles
=
new
ArrayList
<>();
for
(
String
env
:
envList
)
{
consumeRoles
.
addAll
(
consumerService
.
assignNamespaceRoleToConsumer
(
token
,
appId
,
namespaceName
,
env
));
}
return
consumeRoles
;
}
return
consumerService
.
assignNamespaceRoleToConsumer
(
token
,
appId
,
namespaceName
);
return
consumerService
.
assignNamespaceRoleToConsumer
(
token
,
appId
,
namespaceName
);
}
}
}
}
...
...
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/controller/ItemController.java
浏览文件 @
0bc91cc1
...
@@ -4,15 +4,18 @@ import com.ctrip.framework.apollo.common.dto.ItemDTO;
...
@@ -4,15 +4,18 @@ import com.ctrip.framework.apollo.common.dto.ItemDTO;
import
com.ctrip.framework.apollo.common.exception.BadRequestException
;
import
com.ctrip.framework.apollo.common.exception.BadRequestException
;
import
com.ctrip.framework.apollo.core.enums.Env
;
import
com.ctrip.framework.apollo.core.enums.Env
;
import
com.ctrip.framework.apollo.core.utils.StringUtils
;
import
com.ctrip.framework.apollo.core.utils.StringUtils
;
import
com.ctrip.framework.apollo.portal.component.PermissionValidator
;
import
com.ctrip.framework.apollo.portal.entity.model.NamespaceSyncModel
;
import
com.ctrip.framework.apollo.portal.entity.model.NamespaceSyncModel
;
import
com.ctrip.framework.apollo.portal.entity.model.NamespaceTextModel
;
import
com.ctrip.framework.apollo.portal.entity.model.NamespaceTextModel
;
import
com.ctrip.framework.apollo.portal.entity.vo.ItemDiffs
;
import
com.ctrip.framework.apollo.portal.entity.vo.ItemDiffs
;
import
com.ctrip.framework.apollo.portal.entity.vo.NamespaceIdentifier
;
import
com.ctrip.framework.apollo.portal.service.ItemService
;
import
com.ctrip.framework.apollo.portal.service.ItemService
;
import
com.ctrip.framework.apollo.portal.spi.UserInfoHolder
;
import
com.ctrip.framework.apollo.portal.spi.UserInfoHolder
;
import
org.springframework.beans.factory.annotation.Autowired
;
import
org.springframework.beans.factory.annotation.Autowired
;
import
org.springframework.http.HttpStatus
;
import
org.springframework.http.HttpStatus
;
import
org.springframework.http.ResponseEntity
;
import
org.springframework.http.ResponseEntity
;
import
org.springframework.security.access.AccessDeniedException
;
import
org.springframework.security.access.prepost.PreAuthorize
;
import
org.springframework.security.access.prepost.PreAuthorize
;
import
org.springframework.web.bind.annotation.PathVariable
;
import
org.springframework.web.bind.annotation.PathVariable
;
import
org.springframework.web.bind.annotation.RequestBody
;
import
org.springframework.web.bind.annotation.RequestBody
;
...
@@ -34,8 +37,10 @@ public class ItemController {
...
@@ -34,8 +37,10 @@ public class ItemController {
private
ItemService
configService
;
private
ItemService
configService
;
@Autowired
@Autowired
private
UserInfoHolder
userInfoHolder
;
private
UserInfoHolder
userInfoHolder
;
@Autowired
private
PermissionValidator
permissionValidator
;
@PreAuthorize
(
value
=
"@permissionValidator.hasModifyNamespacePermission(#appId, #namespaceName)"
)
@PreAuthorize
(
value
=
"@permissionValidator.hasModifyNamespacePermission(#appId, #namespaceName
, #env
)"
)
@RequestMapping
(
value
=
"/apps/{appId}/envs/{env}/clusters/{clusterName}/namespaces/{namespaceName}/items"
,
method
=
RequestMethod
.
PUT
,
consumes
=
{
@RequestMapping
(
value
=
"/apps/{appId}/envs/{env}/clusters/{clusterName}/namespaces/{namespaceName}/items"
,
method
=
RequestMethod
.
PUT
,
consumes
=
{
"application/json"
})
"application/json"
})
public
void
modifyItemsByText
(
@PathVariable
String
appId
,
@PathVariable
String
env
,
public
void
modifyItemsByText
(
@PathVariable
String
appId
,
@PathVariable
String
env
,
...
@@ -52,7 +57,7 @@ public class ItemController {
...
@@ -52,7 +57,7 @@ public class ItemController {
configService
.
updateConfigItemByText
(
model
);
configService
.
updateConfigItemByText
(
model
);
}
}
@PreAuthorize
(
value
=
"@permissionValidator.hasModifyNamespacePermission(#appId, #namespaceName)"
)
@PreAuthorize
(
value
=
"@permissionValidator.hasModifyNamespacePermission(#appId, #namespaceName
, #env
)"
)
@RequestMapping
(
value
=
"/apps/{appId}/envs/{env}/clusters/{clusterName}/namespaces/{namespaceName}/item"
,
method
=
RequestMethod
.
POST
)
@RequestMapping
(
value
=
"/apps/{appId}/envs/{env}/clusters/{clusterName}/namespaces/{namespaceName}/item"
,
method
=
RequestMethod
.
POST
)
public
ItemDTO
createItem
(
@PathVariable
String
appId
,
@PathVariable
String
env
,
public
ItemDTO
createItem
(
@PathVariable
String
appId
,
@PathVariable
String
env
,
@PathVariable
String
clusterName
,
@PathVariable
String
namespaceName
,
@PathVariable
String
clusterName
,
@PathVariable
String
namespaceName
,
...
@@ -71,7 +76,7 @@ public class ItemController {
...
@@ -71,7 +76,7 @@ public class ItemController {
return
configService
.
createItem
(
appId
,
Env
.
valueOf
(
env
),
clusterName
,
namespaceName
,
item
);
return
configService
.
createItem
(
appId
,
Env
.
valueOf
(
env
),
clusterName
,
namespaceName
,
item
);
}
}
@PreAuthorize
(
value
=
"@permissionValidator.hasModifyNamespacePermission(#appId, #namespaceName)"
)
@PreAuthorize
(
value
=
"@permissionValidator.hasModifyNamespacePermission(#appId, #namespaceName
, #env
)"
)
@RequestMapping
(
value
=
"/apps/{appId}/envs/{env}/clusters/{clusterName}/namespaces/{namespaceName}/item"
,
method
=
RequestMethod
.
PUT
)
@RequestMapping
(
value
=
"/apps/{appId}/envs/{env}/clusters/{clusterName}/namespaces/{namespaceName}/item"
,
method
=
RequestMethod
.
PUT
)
public
void
updateItem
(
@PathVariable
String
appId
,
@PathVariable
String
env
,
public
void
updateItem
(
@PathVariable
String
appId
,
@PathVariable
String
env
,
@PathVariable
String
clusterName
,
@PathVariable
String
namespaceName
,
@PathVariable
String
clusterName
,
@PathVariable
String
namespaceName
,
...
@@ -85,7 +90,7 @@ public class ItemController {
...
@@ -85,7 +90,7 @@ public class ItemController {
}
}
@PreAuthorize
(
value
=
"@permissionValidator.hasModifyNamespacePermission(#appId, #namespaceName
)
"
)
@PreAuthorize
(
value
=
"@permissionValidator.hasModifyNamespacePermission(#appId, #namespaceName
, #env)
"
)
@RequestMapping
(
value
=
"/apps/{appId}/envs/{env}/clusters/{clusterName}/namespaces/{namespaceName}/items/{itemId}"
,
method
=
RequestMethod
.
DELETE
)
@RequestMapping
(
value
=
"/apps/{appId}/envs/{env}/clusters/{clusterName}/namespaces/{namespaceName}/items/{itemId}"
,
method
=
RequestMethod
.
DELETE
)
public
void
deleteItem
(
@PathVariable
String
appId
,
@PathVariable
String
env
,
public
void
deleteItem
(
@PathVariable
String
appId
,
@PathVariable
String
env
,
@PathVariable
String
clusterName
,
@PathVariable
String
namespaceName
,
@PathVariable
String
clusterName
,
@PathVariable
String
namespaceName
,
...
@@ -134,15 +139,32 @@ public class ItemController {
...
@@ -134,15 +139,32 @@ public class ItemController {
return
configService
.
compare
(
model
.
getSyncToNamespaces
(),
model
.
getSyncItems
());
return
configService
.
compare
(
model
.
getSyncToNamespaces
(),
model
.
getSyncItems
());
}
}
@PreAuthorize
(
value
=
"@permissionValidator.hasModifyNamespacePermission(#appId, #namespaceName)"
)
@RequestMapping
(
value
=
"/apps/{appId}/namespaces/{namespaceName}/items"
,
method
=
RequestMethod
.
PUT
,
consumes
=
{
@RequestMapping
(
value
=
"/apps/{appId}/namespaces/{namespaceName}/items"
,
method
=
RequestMethod
.
PUT
,
consumes
=
{
"application/json"
})
"application/json"
})
public
ResponseEntity
<
Void
>
update
(
@PathVariable
String
appId
,
@PathVariable
String
namespaceName
,
public
ResponseEntity
<
Void
>
update
(
@PathVariable
String
appId
,
@PathVariable
String
namespaceName
,
@RequestBody
NamespaceSyncModel
model
)
{
@RequestBody
NamespaceSyncModel
model
)
{
checkModel
(
Objects
.
nonNull
(
model
)
&&
!
model
.
isInvalid
());
checkModel
(
Objects
.
nonNull
(
model
)
&&
!
model
.
isInvalid
());
boolean
hasPermission
=
permissionValidator
.
hasModifyNamespacePermission
(
appId
,
namespaceName
);
configService
.
syncItems
(
model
.
getSyncToNamespaces
(),
model
.
getSyncItems
());
Env
envNoPermission
=
null
;
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
build
();
// if uses has ModifyNamespace permission then he has permission
if
(!
hasPermission
)
{
// else check if user has every env's ModifyNamespace permission
hasPermission
=
true
;
for
(
NamespaceIdentifier
namespaceIdentifier
:
model
.
getSyncToNamespaces
())
{
// once user has not one of the env's ModifyNamespace permission, then break the loop
hasPermission
&=
permissionValidator
.
hasModifyNamespacePermission
(
namespaceIdentifier
.
getAppId
(),
namespaceIdentifier
.
getNamespaceName
(),
namespaceIdentifier
.
getEnv
().
toString
());
if
(!
hasPermission
)
{
envNoPermission
=
namespaceIdentifier
.
getEnv
();
break
;
}
}
}
if
(
hasPermission
)
{
configService
.
syncItems
(
model
.
getSyncToNamespaces
(),
model
.
getSyncItems
());
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
build
();
}
else
throw
new
AccessDeniedException
(
String
.
format
(
"您没有修改环境%s的权限"
,
envNoPermission
));
}
}
private
boolean
isValidItem
(
ItemDTO
item
)
{
private
boolean
isValidItem
(
ItemDTO
item
)
{
...
...
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/controller/NamespaceBranchController.java
浏览文件 @
0bc91cc1
...
@@ -46,7 +46,7 @@ public class NamespaceBranchController {
...
@@ -46,7 +46,7 @@ public class NamespaceBranchController {
return
namespaceBranchService
.
findBranch
(
appId
,
Env
.
valueOf
(
env
),
clusterName
,
namespaceName
);
return
namespaceBranchService
.
findBranch
(
appId
,
Env
.
valueOf
(
env
),
clusterName
,
namespaceName
);
}
}
@PreAuthorize
(
value
=
"@permissionValidator.hasModifyNamespacePermission(#appId, #namespaceName)"
)
@PreAuthorize
(
value
=
"@permissionValidator.hasModifyNamespacePermission(#appId, #namespaceName
, #env
)"
)
@RequestMapping
(
value
=
"/apps/{appId}/envs/{env}/clusters/{clusterName}/namespaces/{namespaceName}/branches"
,
method
=
RequestMethod
.
POST
)
@RequestMapping
(
value
=
"/apps/{appId}/envs/{env}/clusters/{clusterName}/namespaces/{namespaceName}/branches"
,
method
=
RequestMethod
.
POST
)
public
NamespaceDTO
createBranch
(
@PathVariable
String
appId
,
public
NamespaceDTO
createBranch
(
@PathVariable
String
appId
,
@PathVariable
String
env
,
@PathVariable
String
env
,
...
@@ -63,9 +63,9 @@ public class NamespaceBranchController {
...
@@ -63,9 +63,9 @@ public class NamespaceBranchController {
@PathVariable
String
namespaceName
,
@PathVariable
String
namespaceName
,
@PathVariable
String
branchName
)
{
@PathVariable
String
branchName
)
{
boolean
canDelete
=
permissionValidator
.
hasReleaseNamespacePermission
(
appId
,
namespaceName
)
||
boolean
canDelete
=
permissionValidator
.
hasReleaseNamespacePermission
(
appId
,
namespaceName
,
env
)
||
(
permissionValidator
.
hasModifyNamespacePermission
(
appId
,
namespaceName
)
&&
(
permissionValidator
.
hasModifyNamespacePermission
(
appId
,
namespaceName
,
env
)
&&
releaseService
.
loadLatestRelease
(
appId
,
Env
.
valueOf
(
env
),
branchName
,
namespaceName
)
==
null
);
releaseService
.
loadLatestRelease
(
appId
,
Env
.
valueOf
(
env
),
branchName
,
namespaceName
)
==
null
);
if
(!
canDelete
)
{
if
(!
canDelete
)
{
...
@@ -81,7 +81,7 @@ public class NamespaceBranchController {
...
@@ -81,7 +81,7 @@ public class NamespaceBranchController {
@PreAuthorize
(
value
=
"@permissionValidator.hasReleaseNamespacePermission(#appId, #namespaceName)"
)
@PreAuthorize
(
value
=
"@permissionValidator.hasReleaseNamespacePermission(#appId, #namespaceName
, #env
)"
)
@RequestMapping
(
value
=
"/apps/{appId}/envs/{env}/clusters/{clusterName}/namespaces/{namespaceName}/branches/{branchName}/merge"
,
method
=
RequestMethod
.
POST
)
@RequestMapping
(
value
=
"/apps/{appId}/envs/{env}/clusters/{clusterName}/namespaces/{namespaceName}/branches/{branchName}/merge"
,
method
=
RequestMethod
.
POST
)
public
ReleaseDTO
merge
(
@PathVariable
String
appId
,
@PathVariable
String
env
,
public
ReleaseDTO
merge
(
@PathVariable
String
appId
,
@PathVariable
String
env
,
@PathVariable
String
clusterName
,
@PathVariable
String
namespaceName
,
@PathVariable
String
clusterName
,
@PathVariable
String
namespaceName
,
...
@@ -120,7 +120,7 @@ public class NamespaceBranchController {
...
@@ -120,7 +120,7 @@ public class NamespaceBranchController {
}
}
@PreAuthorize
(
value
=
"@permissionValidator.hasOperateNamespacePermission(#appId, #namespaceName)"
)
@PreAuthorize
(
value
=
"@permissionValidator.hasOperateNamespacePermission(#appId, #namespaceName
, #env
)"
)
@RequestMapping
(
value
=
"/apps/{appId}/envs/{env}/clusters/{clusterName}/namespaces/{namespaceName}/branches/{branchName}/rules"
,
method
=
RequestMethod
.
PUT
)
@RequestMapping
(
value
=
"/apps/{appId}/envs/{env}/clusters/{clusterName}/namespaces/{namespaceName}/branches/{branchName}/rules"
,
method
=
RequestMethod
.
PUT
)
public
void
updateBranchRules
(
@PathVariable
String
appId
,
@PathVariable
String
env
,
public
void
updateBranchRules
(
@PathVariable
String
appId
,
@PathVariable
String
env
,
@PathVariable
String
clusterName
,
@PathVariable
String
namespaceName
,
@PathVariable
String
clusterName
,
@PathVariable
String
namespaceName
,
...
...
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/controller/NamespaceController.java
浏览文件 @
0bc91cc1
...
@@ -104,6 +104,7 @@ public class NamespaceController {
...
@@ -104,6 +104,7 @@ public class NamespaceController {
String
operator
=
userInfoHolder
.
getUser
().
getUserId
();
String
operator
=
userInfoHolder
.
getUser
().
getUserId
();
roleInitializationService
.
initNamespaceRoles
(
appId
,
namespaceName
,
operator
);
roleInitializationService
.
initNamespaceRoles
(
appId
,
namespaceName
,
operator
);
roleInitializationService
.
initNamespaceEnvRoles
(
appId
,
namespaceName
,
operator
);
for
(
NamespaceCreationModel
model
:
models
)
{
for
(
NamespaceCreationModel
model
:
models
)
{
NamespaceDTO
namespace
=
model
.
getNamespace
();
NamespaceDTO
namespace
=
model
.
getNamespace
();
...
...
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/controller/PermissionController.java
浏览文件 @
0bc91cc1
package
com.ctrip.framework.apollo.portal.controller
;
package
com.ctrip.framework.apollo.portal.controller
;
import
com.ctrip.framework.apollo.core.enums.Env
;
import
com.ctrip.framework.apollo.core.enums.EnvUtils
;
import
com.ctrip.framework.apollo.portal.entity.vo.NamespaceEnvRolesAssignedUsers
;
import
com.ctrip.framework.apollo.portal.service.RoleInitializationService
;
import
com.google.common.collect.Sets
;
import
com.google.common.collect.Sets
;
import
com.ctrip.framework.apollo.common.exception.BadRequestException
;
import
com.ctrip.framework.apollo.common.exception.BadRequestException
;
...
@@ -37,6 +41,14 @@ public class PermissionController {
...
@@ -37,6 +41,14 @@ public class PermissionController {
private
RolePermissionService
rolePermissionService
;
private
RolePermissionService
rolePermissionService
;
@Autowired
@Autowired
private
UserService
userService
;
private
UserService
userService
;
@Autowired
private
RoleInitializationService
roleInitializationService
;
@RequestMapping
(
value
=
"/apps/{appId}/initPermission"
,
method
=
RequestMethod
.
POST
)
public
ResponseEntity
<
Void
>
initAppPermission
(
@PathVariable
String
appId
,
@RequestBody
String
namespaceName
)
{
roleInitializationService
.
initNamespaceEnvRoles
(
appId
,
namespaceName
,
userInfoHolder
.
getUser
().
getUserId
());
return
ResponseEntity
.
ok
().
build
();
}
@RequestMapping
(
value
=
"/apps/{appId}/permissions/{permissionType}"
,
method
=
RequestMethod
.
GET
)
@RequestMapping
(
value
=
"/apps/{appId}/permissions/{permissionType}"
,
method
=
RequestMethod
.
GET
)
public
ResponseEntity
<
PermissionCondition
>
hasPermission
(
@PathVariable
String
appId
,
@PathVariable
String
permissionType
)
{
public
ResponseEntity
<
PermissionCondition
>
hasPermission
(
@PathVariable
String
appId
,
@PathVariable
String
permissionType
)
{
...
@@ -60,6 +72,18 @@ public class PermissionController {
...
@@ -60,6 +72,18 @@ public class PermissionController {
return
ResponseEntity
.
ok
().
body
(
permissionCondition
);
return
ResponseEntity
.
ok
().
body
(
permissionCondition
);
}
}
@RequestMapping
(
value
=
"/apps/{appId}/envs/{env}/namespaces/{namespaceName}/permissions/{permissionType}"
,
method
=
RequestMethod
.
GET
)
public
ResponseEntity
<
PermissionCondition
>
hasPermission
(
@PathVariable
String
appId
,
@PathVariable
String
env
,
@PathVariable
String
namespaceName
,
@PathVariable
String
permissionType
)
{
PermissionCondition
permissionCondition
=
new
PermissionCondition
();
permissionCondition
.
setHasPermission
(
rolePermissionService
.
userHasPermission
(
userInfoHolder
.
getUser
().
getUserId
(),
permissionType
,
RoleUtils
.
buildNamespaceTargetId
(
appId
,
namespaceName
,
env
)));
return
ResponseEntity
.
ok
().
body
(
permissionCondition
);
}
@RequestMapping
(
value
=
"/permissions/root"
,
method
=
RequestMethod
.
GET
)
@RequestMapping
(
value
=
"/permissions/root"
,
method
=
RequestMethod
.
GET
)
public
ResponseEntity
<
PermissionCondition
>
hasRootPermission
()
{
public
ResponseEntity
<
PermissionCondition
>
hasRootPermission
()
{
PermissionCondition
permissionCondition
=
new
PermissionCondition
();
PermissionCondition
permissionCondition
=
new
PermissionCondition
();
...
@@ -70,6 +94,72 @@ public class PermissionController {
...
@@ -70,6 +94,72 @@ public class PermissionController {
}
}
@RequestMapping
(
value
=
"/apps/{appId}/envs/{env}/namespaces/{namespaceName}/role_users"
,
method
=
RequestMethod
.
GET
)
public
NamespaceEnvRolesAssignedUsers
getNamespaceEnvRoles
(
@PathVariable
String
appId
,
@PathVariable
String
env
,
@PathVariable
String
namespaceName
)
{
// validate env parameter
if
(
null
==
EnvUtils
.
transformEnv
(
env
))
{
throw
new
BadRequestException
(
"env is illegal"
);
}
NamespaceEnvRolesAssignedUsers
assignedUsers
=
new
NamespaceEnvRolesAssignedUsers
();
assignedUsers
.
setNamespaceName
(
namespaceName
);
assignedUsers
.
setAppId
(
appId
);
assignedUsers
.
setEnv
(
Env
.
fromString
(
env
));
Set
<
UserInfo
>
releaseNamespaceUsers
=
rolePermissionService
.
queryUsersWithRole
(
RoleUtils
.
buildReleaseNamespaceRoleName
(
appId
,
namespaceName
,
env
));
assignedUsers
.
setReleaseRoleUsers
(
releaseNamespaceUsers
);
Set
<
UserInfo
>
modifyNamespaceUsers
=
rolePermissionService
.
queryUsersWithRole
(
RoleUtils
.
buildModifyNamespaceRoleName
(
appId
,
namespaceName
,
env
));
assignedUsers
.
setModifyRoleUsers
(
modifyNamespaceUsers
);
return
assignedUsers
;
}
@PreAuthorize
(
value
=
"@permissionValidator.hasAssignRolePermission(#appId)"
)
@RequestMapping
(
value
=
"/apps/{appId}/envs/{env}/namespaces/{namespaceName}/roles/{roleType}"
,
method
=
RequestMethod
.
POST
)
public
ResponseEntity
<
Void
>
assignNamespaceEnvRoleToUser
(
@PathVariable
String
appId
,
@PathVariable
String
env
,
@PathVariable
String
namespaceName
,
@PathVariable
String
roleType
,
@RequestBody
String
user
)
{
checkUserExists
(
user
);
RequestPrecondition
.
checkArgumentsNotEmpty
(
user
);
if
(!
RoleType
.
isValidRoleType
(
roleType
))
{
throw
new
BadRequestException
(
"role type is illegal"
);
}
// validate env parameter
if
(
null
==
EnvUtils
.
transformEnv
(
env
))
{
throw
new
BadRequestException
(
"env is illegal"
);
}
Set
<
String
>
assignedUser
=
rolePermissionService
.
assignRoleToUsers
(
RoleUtils
.
buildNamespaceRoleName
(
appId
,
namespaceName
,
roleType
,
env
),
Sets
.
newHashSet
(
user
),
userInfoHolder
.
getUser
().
getUserId
());
if
(
CollectionUtils
.
isEmpty
(
assignedUser
))
{
throw
new
BadRequestException
(
user
+
"已授权"
);
}
return
ResponseEntity
.
ok
().
build
();
}
@PreAuthorize
(
value
=
"@permissionValidator.hasAssignRolePermission(#appId)"
)
@RequestMapping
(
value
=
"/apps/{appId}/envs/{env}/namespaces/{namespaceName}/roles/{roleType}"
,
method
=
RequestMethod
.
DELETE
)
public
ResponseEntity
<
Void
>
removeNamespaceEnvRoleFromUser
(
@PathVariable
String
appId
,
@PathVariable
String
env
,
@PathVariable
String
namespaceName
,
@PathVariable
String
roleType
,
@RequestParam
String
user
)
{
RequestPrecondition
.
checkArgumentsNotEmpty
(
user
);
if
(!
RoleType
.
isValidRoleType
(
roleType
))
{
throw
new
BadRequestException
(
"role type is illegal"
);
}
// validate env parameter
if
(
null
==
EnvUtils
.
transformEnv
(
env
))
{
throw
new
BadRequestException
(
"env is illegal"
);
}
rolePermissionService
.
removeRoleFromUsers
(
RoleUtils
.
buildNamespaceRoleName
(
appId
,
namespaceName
,
roleType
,
env
),
Sets
.
newHashSet
(
user
),
userInfoHolder
.
getUser
().
getUserId
());
return
ResponseEntity
.
ok
().
build
();
}
@RequestMapping
(
value
=
"/apps/{appId}/namespaces/{namespaceName}/role_users"
,
method
=
RequestMethod
.
GET
)
@RequestMapping
(
value
=
"/apps/{appId}/namespaces/{namespaceName}/role_users"
,
method
=
RequestMethod
.
GET
)
public
NamespaceRolesAssignedUsers
getNamespaceRoles
(
@PathVariable
String
appId
,
@PathVariable
String
namespaceName
)
{
public
NamespaceRolesAssignedUsers
getNamespaceRoles
(
@PathVariable
String
appId
,
@PathVariable
String
namespaceName
)
{
...
...
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/controller/ReleaseController.java
浏览文件 @
0bc91cc1
...
@@ -36,7 +36,7 @@ public class ReleaseController {
...
@@ -36,7 +36,7 @@ public class ReleaseController {
@Autowired
@Autowired
private
PortalConfig
portalConfig
;
private
PortalConfig
portalConfig
;
@PreAuthorize
(
value
=
"@permissionValidator.hasReleaseNamespacePermission(#appId, #namespaceName)"
)
@PreAuthorize
(
value
=
"@permissionValidator.hasReleaseNamespacePermission(#appId, #namespaceName
, #env
)"
)
@RequestMapping
(
value
=
"/apps/{appId}/envs/{env}/clusters/{clusterName}/namespaces/{namespaceName}/releases"
,
method
=
RequestMethod
.
POST
)
@RequestMapping
(
value
=
"/apps/{appId}/envs/{env}/clusters/{clusterName}/namespaces/{namespaceName}/releases"
,
method
=
RequestMethod
.
POST
)
public
ReleaseDTO
createRelease
(
@PathVariable
String
appId
,
public
ReleaseDTO
createRelease
(
@PathVariable
String
appId
,
@PathVariable
String
env
,
@PathVariable
String
clusterName
,
@PathVariable
String
env
,
@PathVariable
String
clusterName
,
...
@@ -67,7 +67,7 @@ public class ReleaseController {
...
@@ -67,7 +67,7 @@ public class ReleaseController {
return
createdRelease
;
return
createdRelease
;
}
}
@PreAuthorize
(
value
=
"@permissionValidator.hasReleaseNamespacePermission(#appId, #namespaceName)"
)
@PreAuthorize
(
value
=
"@permissionValidator.hasReleaseNamespacePermission(#appId, #namespaceName
, #env
)"
)
@RequestMapping
(
value
=
"/apps/{appId}/envs/{env}/clusters/{clusterName}/namespaces/{namespaceName}/branches/{branchName}/releases"
,
@RequestMapping
(
value
=
"/apps/{appId}/envs/{env}/clusters/{clusterName}/namespaces/{namespaceName}/branches/{branchName}/releases"
,
method
=
RequestMethod
.
POST
)
method
=
RequestMethod
.
POST
)
public
ReleaseDTO
createGrayRelease
(
@PathVariable
String
appId
,
public
ReleaseDTO
createGrayRelease
(
@PathVariable
String
appId
,
...
@@ -138,6 +138,7 @@ public class ReleaseController {
...
@@ -138,6 +138,7 @@ public class ReleaseController {
}
}
@PreAuthorize
(
value
=
"@permissionValidator.hasReleaseNamespacePermission(#appId, #namespaceName, #env)"
)
@RequestMapping
(
path
=
"/envs/{env}/releases/{releaseId}/rollback"
,
method
=
RequestMethod
.
PUT
)
@RequestMapping
(
path
=
"/envs/{env}/releases/{releaseId}/rollback"
,
method
=
RequestMethod
.
PUT
)
public
void
rollback
(
@PathVariable
String
env
,
public
void
rollback
(
@PathVariable
String
env
,
@PathVariable
long
releaseId
)
{
@PathVariable
long
releaseId
)
{
...
...
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/entity/vo/NamespaceEnvRolesAssignedUsers.java
0 → 100644
浏览文件 @
0bc91cc1
package
com.ctrip.framework.apollo.portal.entity.vo
;
import
com.ctrip.framework.apollo.core.enums.Env
;
public
class
NamespaceEnvRolesAssignedUsers
extends
NamespaceRolesAssignedUsers
{
private
Env
env
;
public
Env
getEnv
()
{
return
env
;
}
public
void
setEnv
(
Env
env
)
{
this
.
env
=
env
;
}
}
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/service/AppNamespaceService.java
浏览文件 @
0bc91cc1
...
@@ -116,6 +116,7 @@ public class AppNamespaceService {
...
@@ -116,6 +116,7 @@ public class AppNamespaceService {
AppNamespace
createdAppNamespace
=
appNamespaceRepository
.
save
(
appNamespace
);
AppNamespace
createdAppNamespace
=
appNamespaceRepository
.
save
(
appNamespace
);
roleInitializationService
.
initNamespaceRoles
(
appNamespace
.
getAppId
(),
appNamespace
.
getName
(),
operator
);
roleInitializationService
.
initNamespaceRoles
(
appNamespace
.
getAppId
(),
appNamespace
.
getName
(),
operator
);
roleInitializationService
.
initNamespaceEnvRoles
(
appNamespace
.
getAppId
(),
appNamespace
.
getName
(),
operator
);
return
createdAppNamespace
;
return
createdAppNamespace
;
}
}
...
...
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/service/RoleInitializationService.java
浏览文件 @
0bc91cc1
...
@@ -8,4 +8,8 @@ public interface RoleInitializationService {
...
@@ -8,4 +8,8 @@ public interface RoleInitializationService {
public
void
initNamespaceRoles
(
String
appId
,
String
namespaceName
,
String
operator
);
public
void
initNamespaceRoles
(
String
appId
,
String
namespaceName
,
String
operator
);
public
void
initNamespaceEnvRoles
(
String
appId
,
String
namespaceName
,
String
operator
);
public
void
initNamespaceSpecificEnvRoles
(
String
appId
,
String
namespaceName
,
String
env
,
String
operator
);
}
}
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/spi/defaultimpl/DefaultRoleInitializationService.java
浏览文件 @
0bc91cc1
package
com.ctrip.framework.apollo.portal.spi.defaultimpl
;
package
com.ctrip.framework.apollo.portal.spi.defaultimpl
;
import
com.ctrip.framework.apollo.core.enums.Env
;
import
com.ctrip.framework.apollo.portal.component.config.PortalConfig
;
import
com.google.common.collect.FluentIterable
;
import
com.google.common.collect.FluentIterable
;
import
com.google.common.collect.Lists
;
import
com.google.common.collect.Lists
;
import
com.google.common.collect.Sets
;
import
com.google.common.collect.Sets
;
...
@@ -18,7 +20,7 @@ import com.ctrip.framework.apollo.portal.util.RoleUtils;
...
@@ -18,7 +20,7 @@ import com.ctrip.framework.apollo.portal.util.RoleUtils;
import
org.springframework.beans.factory.annotation.Autowired
;
import
org.springframework.beans.factory.annotation.Autowired
;
import
org.springframework.transaction.annotation.Transactional
;
import
org.springframework.transaction.annotation.Transactional
;
import
java.util.
Set
;
import
java.util.
*
;
/**
/**
* Created by timothy on 2017/4/26.
* Created by timothy on 2017/4/26.
...
@@ -29,6 +31,8 @@ public class DefaultRoleInitializationService implements RoleInitializationServi
...
@@ -29,6 +31,8 @@ public class DefaultRoleInitializationService implements RoleInitializationServi
private
UserInfoHolder
userInfoHolder
;
private
UserInfoHolder
userInfoHolder
;
@Autowired
@Autowired
private
RolePermissionService
rolePermissionService
;
private
RolePermissionService
rolePermissionService
;
@Autowired
private
PortalConfig
portalConfig
;
@Transactional
@Transactional
public
void
initAppRoles
(
App
app
)
{
public
void
initAppRoles
(
App
app
)
{
...
@@ -47,9 +51,10 @@ public class DefaultRoleInitializationService implements RoleInitializationServi
...
@@ -47,9 +51,10 @@ public class DefaultRoleInitializationService implements RoleInitializationServi
//assign master role to user
//assign master role to user
rolePermissionService
rolePermissionService
.
assignRoleToUsers
(
RoleUtils
.
buildAppMasterRoleName
(
appId
),
Sets
.
newHashSet
(
app
.
getOwnerName
()),
.
assignRoleToUsers
(
RoleUtils
.
buildAppMasterRoleName
(
appId
),
Sets
.
newHashSet
(
app
.
getOwnerName
()),
operator
);
operator
);
initNamespaceRoles
(
appId
,
ConfigConsts
.
NAMESPACE_APPLICATION
,
operator
);
initNamespaceRoles
(
appId
,
ConfigConsts
.
NAMESPACE_APPLICATION
,
operator
);
initNamespaceEnvRoles
(
appId
,
ConfigConsts
.
NAMESPACE_APPLICATION
,
operator
);
//assign modify、release namespace role to user
//assign modify、release namespace role to user
rolePermissionService
.
assignRoleToUsers
(
rolePermissionService
.
assignRoleToUsers
(
...
@@ -67,13 +72,37 @@ public class DefaultRoleInitializationService implements RoleInitializationServi
...
@@ -67,13 +72,37 @@ public class DefaultRoleInitializationService implements RoleInitializationServi
String
modifyNamespaceRoleName
=
RoleUtils
.
buildModifyNamespaceRoleName
(
appId
,
namespaceName
);
String
modifyNamespaceRoleName
=
RoleUtils
.
buildModifyNamespaceRoleName
(
appId
,
namespaceName
);
if
(
rolePermissionService
.
findRoleByRoleName
(
modifyNamespaceRoleName
)
==
null
)
{
if
(
rolePermissionService
.
findRoleByRoleName
(
modifyNamespaceRoleName
)
==
null
)
{
createNamespaceRole
(
appId
,
namespaceName
,
PermissionType
.
MODIFY_NAMESPACE
,
createNamespaceRole
(
appId
,
namespaceName
,
PermissionType
.
MODIFY_NAMESPACE
,
RoleUtils
.
buildModifyNamespaceRoleName
(
appId
,
namespaceName
)
,
operator
);
modifyNamespaceRoleName
,
operator
);
}
}
String
releaseNamespaceRoleName
=
RoleUtils
.
buildReleaseNamespaceRoleName
(
appId
,
namespaceName
);
String
releaseNamespaceRoleName
=
RoleUtils
.
buildReleaseNamespaceRoleName
(
appId
,
namespaceName
);
if
(
rolePermissionService
.
findRoleByRoleName
(
releaseNamespaceRoleName
)
==
null
)
{
if
(
rolePermissionService
.
findRoleByRoleName
(
releaseNamespaceRoleName
)
==
null
)
{
createNamespaceRole
(
appId
,
namespaceName
,
PermissionType
.
RELEASE_NAMESPACE
,
createNamespaceRole
(
appId
,
namespaceName
,
PermissionType
.
RELEASE_NAMESPACE
,
RoleUtils
.
buildReleaseNamespaceRoleName
(
appId
,
namespaceName
),
operator
);
releaseNamespaceRoleName
,
operator
);
}
}
@Transactional
public
void
initNamespaceEnvRoles
(
String
appId
,
String
namespaceName
,
String
operator
)
{
List
<
Env
>
portalEnvs
=
portalConfig
.
portalSupportedEnvs
();
for
(
Env
env
:
portalEnvs
)
{
initNamespaceSpecificEnvRoles
(
appId
,
namespaceName
,
env
.
toString
(),
operator
);
}
}
@Transactional
public
void
initNamespaceSpecificEnvRoles
(
String
appId
,
String
namespaceName
,
String
env
,
String
operator
)
{
String
modifyNamespaceEnvRoleName
=
RoleUtils
.
buildModifyNamespaceRoleName
(
appId
,
namespaceName
,
env
);
if
(
rolePermissionService
.
findRoleByRoleName
(
modifyNamespaceEnvRoleName
)
==
null
)
{
createNamespaceEnvRole
(
appId
,
namespaceName
,
PermissionType
.
MODIFY_NAMESPACE
,
env
,
modifyNamespaceEnvRoleName
,
operator
);
}
String
releaseNamespaceEnvRoleName
=
RoleUtils
.
buildReleaseNamespaceRoleName
(
appId
,
namespaceName
,
env
);
if
(
rolePermissionService
.
findRoleByRoleName
(
releaseNamespaceEnvRoleName
)
==
null
)
{
createNamespaceEnvRole
(
appId
,
namespaceName
,
PermissionType
.
RELEASE_NAMESPACE
,
env
,
releaseNamespaceEnvRoleName
,
operator
);
}
}
}
}
...
@@ -121,4 +150,15 @@ public class DefaultRoleInitializationService implements RoleInitializationServi
...
@@ -121,4 +150,15 @@ public class DefaultRoleInitializationService implements RoleInitializationServi
rolePermissionService
rolePermissionService
.
createRoleWithPermissions
(
role
,
Sets
.
newHashSet
(
createdPermission
.
getId
()));
.
createRoleWithPermissions
(
role
,
Sets
.
newHashSet
(
createdPermission
.
getId
()));
}
}
private
void
createNamespaceEnvRole
(
String
appId
,
String
namespaceName
,
String
permissionType
,
String
env
,
String
roleName
,
String
operator
)
{
Permission
permission
=
createPermission
(
RoleUtils
.
buildNamespaceTargetId
(
appId
,
namespaceName
,
env
),
permissionType
,
operator
);
Permission
createdPermission
=
rolePermissionService
.
createPermission
(
permission
);
Role
role
=
createRole
(
roleName
,
operator
);
rolePermissionService
.
createRoleWithPermissions
(
role
,
Sets
.
newHashSet
(
createdPermission
.
getId
()));
}
}
}
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/util/RoleUtils.java
浏览文件 @
0bc91cc1
...
@@ -7,7 +7,7 @@ import com.ctrip.framework.apollo.portal.constant.RoleType;
...
@@ -7,7 +7,7 @@ import com.ctrip.framework.apollo.portal.constant.RoleType;
public
class
RoleUtils
{
public
class
RoleUtils
{
private
static
final
Joiner
STRING_JOINER
=
Joiner
.
on
(
ConfigConsts
.
CLUSTER_NAMESPACE_SEPARATOR
);
private
static
final
Joiner
STRING_JOINER
=
Joiner
.
on
(
ConfigConsts
.
CLUSTER_NAMESPACE_SEPARATOR
)
.
skipNulls
()
;
public
static
String
buildAppMasterRoleName
(
String
appId
)
{
public
static
String
buildAppMasterRoleName
(
String
appId
)
{
return
STRING_JOINER
.
join
(
RoleType
.
MASTER
,
appId
);
return
STRING_JOINER
.
join
(
RoleType
.
MASTER
,
appId
);
...
@@ -18,7 +18,11 @@ public class RoleUtils {
...
@@ -18,7 +18,11 @@ public class RoleUtils {
}
}
public
static
String
buildModifyNamespaceRoleName
(
String
appId
,
String
namespaceName
)
{
public
static
String
buildModifyNamespaceRoleName
(
String
appId
,
String
namespaceName
)
{
return
STRING_JOINER
.
join
(
RoleType
.
MODIFY_NAMESPACE
,
appId
,
namespaceName
);
return
buildModifyNamespaceRoleName
(
appId
,
namespaceName
,
null
);
}
public
static
String
buildModifyNamespaceRoleName
(
String
appId
,
String
namespaceName
,
String
env
)
{
return
STRING_JOINER
.
join
(
RoleType
.
MODIFY_NAMESPACE
,
appId
,
namespaceName
,
env
);
}
}
public
static
String
buildModifyDefaultNamespaceRoleName
(
String
appId
)
{
public
static
String
buildModifyDefaultNamespaceRoleName
(
String
appId
)
{
...
@@ -26,11 +30,19 @@ public class RoleUtils {
...
@@ -26,11 +30,19 @@ public class RoleUtils {
}
}
public
static
String
buildReleaseNamespaceRoleName
(
String
appId
,
String
namespaceName
)
{
public
static
String
buildReleaseNamespaceRoleName
(
String
appId
,
String
namespaceName
)
{
return
STRING_JOINER
.
join
(
RoleType
.
RELEASE_NAMESPACE
,
appId
,
namespaceName
);
return
buildReleaseNamespaceRoleName
(
appId
,
namespaceName
,
null
);
}
public
static
String
buildReleaseNamespaceRoleName
(
String
appId
,
String
namespaceName
,
String
env
)
{
return
STRING_JOINER
.
join
(
RoleType
.
RELEASE_NAMESPACE
,
appId
,
namespaceName
,
env
);
}
}
public
static
String
buildNamespaceRoleName
(
String
appId
,
String
namespaceName
,
String
roleType
)
{
public
static
String
buildNamespaceRoleName
(
String
appId
,
String
namespaceName
,
String
roleType
)
{
return
STRING_JOINER
.
join
(
roleType
,
appId
,
namespaceName
);
return
buildNamespaceRoleName
(
appId
,
namespaceName
,
roleType
,
null
);
}
public
static
String
buildNamespaceRoleName
(
String
appId
,
String
namespaceName
,
String
roleType
,
String
env
)
{
return
STRING_JOINER
.
join
(
roleType
,
appId
,
namespaceName
,
env
);
}
}
public
static
String
buildReleaseDefaultNamespaceRoleName
(
String
appId
)
{
public
static
String
buildReleaseDefaultNamespaceRoleName
(
String
appId
)
{
...
@@ -38,7 +50,11 @@ public class RoleUtils {
...
@@ -38,7 +50,11 @@ public class RoleUtils {
}
}
public
static
String
buildNamespaceTargetId
(
String
appId
,
String
namespaceName
)
{
public
static
String
buildNamespaceTargetId
(
String
appId
,
String
namespaceName
)
{
return
STRING_JOINER
.
join
(
appId
,
namespaceName
);
return
buildNamespaceTargetId
(
appId
,
namespaceName
,
null
);
}
public
static
String
buildNamespaceTargetId
(
String
appId
,
String
namespaceName
,
String
env
)
{
return
STRING_JOINER
.
join
(
appId
,
namespaceName
,
env
);
}
}
public
static
String
buildDefaultNamespaceTargetId
(
String
appId
)
{
public
static
String
buildDefaultNamespaceTargetId
(
String
appId
)
{
...
...
apollo-portal/src/main/resources/static/namespace/role.html
浏览文件 @
0bc91cc1
...
@@ -40,16 +40,30 @@
...
@@ -40,16 +40,30 @@
<form
class=
"form-inline"
ng-submit=
"assignRoleToUser('ModifyNamespace')"
>
<form
class=
"form-inline"
ng-submit=
"assignRoleToUser('ModifyNamespace')"
>
<div
class=
"form-group"
>
<div
class=
"form-group"
>
<apollouserselector
apollo-id=
"modifyRoleWidgetId"
></apollouserselector>
<apollouserselector
apollo-id=
"modifyRoleWidgetId"
></apollouserselector>
<select
class=
"form-control input-sm"
ng-model=
"modifyRoleSelectedEnv"
>
<option
value=
""
>
所有环境
</option>
<option
ng-repeat=
"env in envs"
ng-value=
"env"
>
{{env}}
</option>
</select>
</div>
</div>
<button
type=
"submit"
class=
"btn btn-default"
style=
"margin-left: 20px;"
ng-disabled=
"modifyRoleSubmitBtnDisabled"
>
添加
</button>
<button
type=
"submit"
class=
"btn btn-default"
style=
"margin-left: 20px;"
ng-disabled=
"modifyRoleSubmitBtnDisabled"
>
添加
</button>
</form>
</form>
<!-- Split button -->
<!-- Split button -->
<div
class=
"item-container"
>
<div
class=
"item-container"
>
<h5>
所有环境
</h5>
<div
class=
"btn-group item-info"
ng-repeat=
"user in rolesAssignedUsers.modifyRoleUsers"
>
<div
class=
"btn-group item-info"
ng-repeat=
"user in rolesAssignedUsers.modifyRoleUsers"
>
<button
type=
"button"
class=
"btn btn-default"
ng-bind=
"user.userId"
></button>
<button
type=
"button"
class=
"btn btn-default"
ng-bind=
"user.userId"
></button>
<button
type=
"button"
class=
"btn btn-default dropdown-toggle"
data-toggle=
"dropdown"
<button
type=
"button"
class=
"btn btn-default dropdown-toggle"
data-toggle=
"dropdown"
aria-haspopup=
"true"
aria-expanded=
"false"
ng-click=
"removeUserRole('ModifyNamespace', user.userId)"
>
aria-haspopup=
"true"
aria-expanded=
"false"
ng-click=
"removeUserRole('ModifyNamespace', user.userId, null)"
>
<span
class=
"glyphicon glyphicon-remove"
></span>
</button>
</div>
</div>
<div
class=
"item-container"
ng-repeat=
"env in envs"
>
<h5>
{{env}}
</h5>
<div
class=
"btn-group item-info"
ng-repeat=
"user in envRolesAssignedUsers[env].modifyRoleUsers"
>
<button
type=
"button"
class=
"btn btn-default"
ng-bind=
"user.userId"
></button>
<button
type=
"button"
class=
"btn btn-default dropdown-toggle"
data-toggle=
"dropdown"
aria-haspopup=
"true"
aria-expanded=
"false"
ng-click=
"removeUserRole('ModifyNamespace', user.userId, env)"
>
<span
class=
"glyphicon glyphicon-remove"
></span>
<span
class=
"glyphicon glyphicon-remove"
></span>
</button>
</button>
</div>
</div>
...
@@ -69,21 +83,35 @@
...
@@ -69,21 +83,35 @@
<form
class=
"form-inline"
ng-submit=
"assignRoleToUser('ReleaseNamespace')"
>
<form
class=
"form-inline"
ng-submit=
"assignRoleToUser('ReleaseNamespace')"
>
<div
class=
"form-group"
>
<div
class=
"form-group"
>
<apollouserselector
apollo-id=
"releaseRoleWidgetId"
></apollouserselector>
<apollouserselector
apollo-id=
"releaseRoleWidgetId"
></apollouserselector>
<select
class=
"form-control input-sm"
ng-model=
"releaseRoleSelectedEnv"
>
<option
value=
""
>
所有环境
</option>
<option
ng-repeat=
"env in envs"
ng-value=
"env"
>
{{env}}
</option>
</select>
</div>
</div>
<button
type=
"submit"
class=
"btn btn-default"
style=
"margin-left: 20px;"
ng-disabled=
"ReleaseRoleSubmitBtnDisabled"
>
添加
</button>
<button
type=
"submit"
class=
"btn btn-default"
style=
"margin-left: 20px;"
ng-disabled=
"ReleaseRoleSubmitBtnDisabled"
>
添加
</button>
</form>
</form>
<!-- Split button -->
<!-- Split button -->
<div
class=
"item-container"
>
<div
class=
"item-container"
>
<h5>
所有环境
</h5>
<div
class=
"btn-group item-info"
ng-repeat=
"user in rolesAssignedUsers.releaseRoleUsers"
>
<div
class=
"btn-group item-info"
ng-repeat=
"user in rolesAssignedUsers.releaseRoleUsers"
>
<button
type=
"button"
class=
"btn btn-default"
ng-bind=
"user.userId"
></button>
<button
type=
"button"
class=
"btn btn-default"
ng-bind=
"user.userId"
></button>
<button
type=
"button"
class=
"btn btn-default dropdown-toggle"
data-toggle=
"dropdown"
<button
type=
"button"
class=
"btn btn-default dropdown-toggle"
data-toggle=
"dropdown"
aria-haspopup=
"true"
aria-expanded=
"false"
ng-click=
"removeUserRole('ReleaseNamespace', user.userId)"
>
aria-haspopup=
"true"
aria-expanded=
"false"
ng-click=
"removeUserRole('ReleaseNamespace', user.userId
, null
)"
>
<span
class=
"glyphicon glyphicon-remove"
></span>
<span
class=
"glyphicon glyphicon-remove"
></span>
</button>
</button>
</div>
</div>
</div>
</div>
<div
class=
"item-container"
ng-repeat=
"env in envs"
>
<h5>
{{env}}
</h5>
<div
class=
"btn-group item-info"
ng-repeat=
"user in envRolesAssignedUsers[env].releaseRoleUsers"
>
<button
type=
"button"
class=
"btn btn-default"
ng-bind=
"user.userId"
></button>
<button
type=
"button"
class=
"btn btn-default dropdown-toggle"
data-toggle=
"dropdown"
aria-haspopup=
"true"
aria-expanded=
"false"
ng-click=
"removeUserRole('ReleaseNamespace', user.userId, env)"
>
<span
class=
"glyphicon glyphicon-remove"
></span>
</button>
</div>
</div>
</div>
</div>
</div>
</div>
...
...
apollo-portal/src/main/resources/static/open/manage.html
浏览文件 @
0bc91cc1
...
@@ -135,6 +135,20 @@
...
@@ -135,6 +135,20 @@
</label>
</label>
</div>
</div>
</div>
</div>
<div
class=
"form-group"
valdr-form-group
ng-show=
"consumerRole.type=='NamespaceRole'"
>
<label
class=
"col-sm-2 control-label"
>
环境
</label>
<div
class=
"col-sm-10"
>
<div>
<label
class=
"checkbox-inline"
ng-repeat=
"env in envs"
>
<input
type=
"checkbox"
ng-checked=
"env.checked"
ng-click=
"switchSelect(env)"
/>
{{env.env}}
</label>
</div>
<small>
(不选择则所有环境都有权限,如果提示Namespace's role does not exist,请先打开该Namespace的授权页面触发一下权限的初始化动作)
</small>
</div>
</div>
<div
class=
"form-group"
>
<div
class=
"form-group"
>
<div
class=
"col-sm-offset-2 col-sm-9"
>
<div
class=
"col-sm-offset-2 col-sm-9"
>
<button
type=
"submit"
class=
"btn btn-primary"
<button
type=
"submit"
class=
"btn btn-primary"
...
...
apollo-portal/src/main/resources/static/scripts/controller/open/OpenManageController.js
浏览文件 @
0bc91cc1
open_manage_module
.
controller
(
'
OpenManageController
'
,
open_manage_module
.
controller
(
'
OpenManageController
'
,
[
'
$scope
'
,
'
toastr
'
,
'
AppUtil
'
,
'
OrganizationService
'
,
'
ConsumerService
'
,
'
PermissionService
'
,
[
'
$scope
'
,
'
toastr
'
,
'
AppUtil
'
,
'
OrganizationService
'
,
'
ConsumerService
'
,
'
PermissionService
'
,
'
EnvService
'
,
OpenManageController
]);
OpenManageController
]);
function
OpenManageController
(
$scope
,
toastr
,
AppUtil
,
OrganizationService
,
ConsumerService
,
PermissionService
)
{
function
OpenManageController
(
$scope
,
toastr
,
AppUtil
,
OrganizationService
,
ConsumerService
,
PermissionService
,
EnvService
)
{
var
$orgWidget
=
$
(
'
#organization
'
);
var
$orgWidget
=
$
(
'
#organization
'
);
...
@@ -18,12 +18,10 @@ function OpenManageController($scope, toastr, AppUtil, OrganizationService, Cons
...
@@ -18,12 +18,10 @@ function OpenManageController($scope, toastr, AppUtil, OrganizationService, Cons
$scope
.
createConsumer
=
createConsumer
;
$scope
.
createConsumer
=
createConsumer
;
$scope
.
assignRoleToConsumer
=
assignRoleToConsumer
;
$scope
.
assignRoleToConsumer
=
assignRoleToConsumer
;
init
();
function
init
()
{
function
init
()
{
initOrganization
();
initOrganization
();
initPermission
();
initPermission
();
initEnv
();
}
}
function
initOrganization
()
{
function
initOrganization
()
{
...
@@ -50,7 +48,29 @@ function OpenManageController($scope, toastr, AppUtil, OrganizationService, Cons
...
@@ -50,7 +48,29 @@ function OpenManageController($scope, toastr, AppUtil, OrganizationService, Cons
PermissionService
.
has_root_permission
()
PermissionService
.
has_root_permission
()
.
then
(
function
(
result
)
{
.
then
(
function
(
result
)
{
$scope
.
isRootUser
=
result
.
hasPermission
;
$scope
.
isRootUser
=
result
.
hasPermission
;
})
});
}
function
initEnv
()
{
EnvService
.
find_all_envs
()
.
then
(
function
(
result
){
$scope
.
envs
=
new
Array
();
for
(
var
iLoop
=
0
;
iLoop
<
result
.
length
;
iLoop
++
)
{
$scope
.
envs
.
push
({
checked
:
false
,
env
:
result
[
iLoop
]
});
$scope
.
envsChecked
=
new
Array
();
}
$scope
.
switchSelect
=
function
(
item
)
{
item
.
checked
=
!
item
.
checked
;
$scope
.
envsChecked
=
new
Array
();
for
(
var
iLoop
=
0
;
iLoop
<
$scope
.
envs
.
length
;
iLoop
++
)
{
var
env
=
$scope
.
envs
[
iLoop
];
if
(
env
.
checked
)
{
$scope
.
envsChecked
.
push
(
env
.
env
);
}
}
};
});
}
}
function
getTokenByAppId
()
{
function
getTokenByAppId
()
{
...
@@ -68,7 +88,7 @@ function OpenManageController($scope, toastr, AppUtil, OrganizationService, Cons
...
@@ -68,7 +88,7 @@ function OpenManageController($scope, toastr, AppUtil, OrganizationService, Cons
}
else
{
}
else
{
$scope
.
consumerToken
=
{
token
:
'
App(
'
+
$scope
.
consumer
.
appId
+
'
)未创建,请先创建
'
};
$scope
.
consumerToken
=
{
token
:
'
App(
'
+
$scope
.
consumer
.
appId
+
'
)未创建,请先创建
'
};
}
}
})
})
;
}
}
function
createConsumer
()
{
function
createConsumer
()
{
...
@@ -114,12 +134,14 @@ function OpenManageController($scope, toastr, AppUtil, OrganizationService, Cons
...
@@ -114,12 +134,14 @@ function OpenManageController($scope, toastr, AppUtil, OrganizationService, Cons
ConsumerService
.
assignRoleToConsumer
(
$scope
.
consumerRole
.
token
,
ConsumerService
.
assignRoleToConsumer
(
$scope
.
consumerRole
.
token
,
$scope
.
consumerRole
.
type
,
$scope
.
consumerRole
.
type
,
$scope
.
consumerRole
.
appId
,
$scope
.
consumerRole
.
appId
,
$scope
.
consumerRole
.
namespaceName
)
$scope
.
consumerRole
.
namespaceName
,
$scope
.
envsChecked
)
.
then
(
function
(
consumerRoles
)
{
.
then
(
function
(
consumerRoles
)
{
toastr
.
success
(
"
赋权成功
"
);
toastr
.
success
(
"
赋权成功
"
);
},
function
(
response
)
{
},
function
(
response
)
{
AppUtil
.
showErrorMsg
(
response
,
"
赋权失败
"
);
AppUtil
.
showErrorMsg
(
response
,
"
赋权失败
"
);
})
})
}
}
init
();
}
}
apollo-portal/src/main/resources/static/scripts/controller/role/NamespaceRoleController.js
浏览文件 @
0bc91cc1
role_module
.
controller
(
'
NamespaceRoleController
'
,
role_module
.
controller
(
'
NamespaceRoleController
'
,
[
'
$scope
'
,
'
$location
'
,
'
$window
'
,
'
toastr
'
,
'
AppService
'
,
'
UserService
'
,
'
AppUtil
'
,
[
'
$scope
'
,
'
$location
'
,
'
$window
'
,
'
toastr
'
,
'
AppService
'
,
'
UserService
'
,
'
AppUtil
'
,
'
EnvService
'
,
'
PermissionService
'
,
'
PermissionService
'
,
function
(
$scope
,
$location
,
$window
,
toastr
,
AppService
,
UserService
,
AppUtil
,
function
(
$scope
,
$location
,
$window
,
toastr
,
AppService
,
UserService
,
AppUtil
,
EnvService
,
PermissionService
)
{
PermissionService
)
{
var
params
=
AppUtil
.
parseParams
(
$location
.
$$url
);
var
params
=
AppUtil
.
parseParams
(
$location
.
$$url
);
$scope
.
pageContext
=
{
$scope
.
pageContext
=
{
appId
:
params
.
appid
,
appId
:
params
.
appid
,
namespaceName
:
params
.
namespaceName
namespaceName
:
params
.
namespaceName
};
};
$scope
.
modifyRoleSubmitBtnDisabled
=
false
;
$scope
.
modifyRoleSubmitBtnDisabled
=
false
;
$scope
.
ReleaseRoleSubmitBtnDisabled
=
false
;
$scope
.
releaseRoleWidgetId
=
'
releaseRoleWidgetId
'
;
$scope
.
modifyRoleWidgetId
=
'
modifyRoleWidgetId
'
;
$scope
.
modifyRoleSelectedEnv
=
""
;
$scope
.
releaseRoleSelectedEnv
=
""
;
PermissionService
.
init_app_namespace_permission
(
$scope
.
pageContext
.
appId
,
$scope
.
pageContext
.
namespaceName
)
.
then
(
function
(
result
)
{
},
function
(
result
)
{
toastr
.
warn
(
AppUtil
.
errorMsg
(
result
),
"
初始化授权出错
"
);
});
PermissionService
.
has_assign_user_permission
(
$scope
.
pageContext
.
appId
)
.
then
(
function
(
result
)
{
$scope
.
hasAssignUserPermission
=
result
.
hasPermission
;
},
function
(
reslt
)
{
});
EnvService
.
find_all_envs
()
.
then
(
function
(
result
){
$scope
.
envs
=
result
;
$scope
.
envRolesAssignedUsers
=
{};
for
(
var
iLoop
=
0
;
iLoop
<
result
.
length
;
iLoop
++
)
{
var
env
=
result
[
iLoop
];
PermissionService
.
get_namespace_env_role_users
(
$scope
.
pageContext
.
appId
,
env
,
$scope
.
pageContext
.
namespaceName
)
.
then
(
function
(
result
)
{
$scope
.
envRolesAssignedUsers
[
result
.
env
]
=
result
;
},
function
(
result
)
{
toastr
.
error
(
AppUtil
.
errorMsg
(
result
),
"
加载
"
+
env
+
"
授权用户出错
"
);
});
}
});
PermissionService
.
get_namespace_role_users
(
$scope
.
pageContext
.
appId
,
$scope
.
pageContext
.
namespaceName
)
.
then
(
function
(
result
)
{
$scope
.
rolesAssignedUsers
=
result
;
},
function
(
result
)
{
toastr
.
error
(
AppUtil
.
errorMsg
(
result
),
"
加载授权用户出错
"
);
});
$scope
.
assignRoleToUser
=
function
(
roleType
)
{
if
(
"
ReleaseNamespace
"
===
roleType
)
{
var
user
=
$
(
'
.
'
+
$scope
.
releaseRoleWidgetId
).
select2
(
'
data
'
)[
0
];
if
(
!
user
)
{
toastr
.
warning
(
"
请选择用户
"
);
return
;
}
$scope
.
ReleaseRoleSubmitBtnDisabled
=
true
;
var
toAssignReleaseNamespaceRoleUser
=
user
.
id
;
var
assignReleaseNamespaceRoleFunc
=
$scope
.
releaseRoleSelectedEnv
===
""
?
PermissionService
.
assign_release_namespace_role
:
function
(
appId
,
namespaceName
,
user
)
{
return
PermissionService
.
assign_release_namespace_env_role
(
appId
,
$scope
.
releaseRoleSelectedEnv
,
namespaceName
,
user
);
};
assignReleaseNamespaceRoleFunc
(
$scope
.
pageContext
.
appId
,
$scope
.
pageContext
.
namespaceName
,
toAssignReleaseNamespaceRoleUser
)
.
then
(
function
(
result
)
{
toastr
.
success
(
"
添加成功
"
);
$scope
.
ReleaseRoleSubmitBtnDisabled
=
false
;
if
(
$scope
.
releaseRoleSelectedEnv
===
""
)
{
$scope
.
rolesAssignedUsers
.
releaseRoleUsers
.
push
(
{
userId
:
toAssignReleaseNamespaceRoleUser
});
}
else
{
$scope
.
envRolesAssignedUsers
[
$scope
.
releaseRoleSelectedEnv
].
releaseRoleUsers
.
push
(
{
userId
:
toAssignReleaseNamespaceRoleUser
});
}
$
(
'
.
'
+
$scope
.
releaseRoleWidgetId
).
select2
(
"
val
"
,
""
);
$scope
.
releaseRoleSelectedEnv
=
""
;
},
function
(
result
)
{
$scope
.
ReleaseRoleSubmitBtnDisabled
=
false
;
$scope
.
ReleaseRoleSubmitBtnDisabled
=
false
;
toastr
.
error
(
AppUtil
.
errorMsg
(
result
),
"
添加失败
"
);
});
}
else
{
var
user
=
$
(
'
.
'
+
$scope
.
modifyRoleWidgetId
).
select2
(
'
data
'
)[
0
];
if
(
!
user
)
{
toastr
.
warning
(
"
请选择用户
"
);
return
;
}
$scope
.
modifyRoleSubmitBtnDisabled
=
true
;
var
toAssignModifyNamespaceRoleUser
=
user
.
id
;
$scope
.
releaseRoleWidgetId
=
'
releaseRoleWidgetId
'
;
var
assignModifyNamespaceRoleFunc
=
$scope
.
modifyRoleSelectedEnv
===
""
?
$scope
.
modifyRoleWidgetId
=
'
modifyRoleWidgetId
'
;
PermissionService
.
assign_modify_namespace_role
:
function
(
appId
,
namespaceName
,
user
)
{
PermissionService
.
has_assign_user_permission
(
$scope
.
pageContext
.
appId
)
return
PermissionService
.
assign_modify_namespace_env_role
(
appId
,
$scope
.
modifyRoleSelectedEnv
,
namespaceName
,
user
);
.
then
(
function
(
result
)
{
};
$scope
.
hasAssignUserPermission
=
result
.
hasPermission
;
},
function
(
reslt
)
{
assignModifyNamespaceRoleFunc
(
$scope
.
pageContext
.
appId
,
$scope
.
pageContext
.
namespaceName
,
});
toAssignModifyNamespaceRoleUser
)
.
then
(
function
(
result
)
{
PermissionService
.
get_namespace_role_users
(
$scope
.
pageContext
.
appId
,
toastr
.
success
(
"
添加成功
"
);
$scope
.
pageContext
.
namespaceName
)
$scope
.
modifyRoleSubmitBtnDisabled
=
false
;
.
then
(
function
(
result
)
{
if
(
$scope
.
modifyRoleSelectedEnv
===
""
)
{
$scope
.
rolesAssignedUsers
=
result
;
$scope
.
rolesAssignedUsers
.
modifyRoleUsers
.
push
(
},
function
(
result
)
{
{
userId
:
toAssignModifyNamespaceRoleUser
});
toastr
.
error
(
AppUtil
.
errorMsg
(
result
),
"
加载授权用户出错
"
);
}
else
{
});
$scope
.
envRolesAssignedUsers
[
$scope
.
modifyRoleSelectedEnv
].
modifyRoleUsers
.
push
(
{
userId
:
toAssignModifyNamespaceRoleUser
});
$scope
.
assignRoleToUser
=
function
(
roleType
)
{
if
(
'
ReleaseNamespace
'
==
roleType
)
{
var
user
=
$
(
'
.
'
+
$scope
.
releaseRoleWidgetId
).
select2
(
'
data
'
)[
0
];
if
(
!
user
)
{
toastr
.
warning
(
"
请选择用户
"
);
return
;
}
$scope
.
ReleaseRoleSubmitBtnDisabled
=
true
;
var
toAssignReleaseNamespaceRoleUser
=
user
.
id
;
PermissionService
.
assign_release_namespace_role
(
$scope
.
pageContext
.
appId
,
$scope
.
pageContext
.
namespaceName
,
toAssignReleaseNamespaceRoleUser
)
.
then
(
function
(
result
)
{
toastr
.
success
(
"
添加成功
"
);
$scope
.
ReleaseRoleSubmitBtnDisabled
=
false
;
$scope
.
rolesAssignedUsers
.
releaseRoleUsers
.
push
(
{
userId
:
toAssignReleaseNamespaceRoleUser
});
$
(
'
.
'
+
$scope
.
releaseRoleWidgetId
).
select2
(
"
val
"
,
""
);
},
function
(
result
)
{
$scope
.
ReleaseRoleSubmitBtnDisabled
=
false
;
toastr
.
error
(
AppUtil
.
errorMsg
(
result
),
"
添加失败
"
);
});
}
else
{
var
user
=
$
(
'
.
'
+
$scope
.
modifyRoleWidgetId
).
select2
(
'
data
'
)[
0
];
if
(
!
user
)
{
toastr
.
warning
(
"
请选择用户
"
);
return
;
}
$scope
.
modifyRoleSubmitBtnDisabled
=
true
;
var
toAssignModifyNamespaceRoleUser
=
user
.
id
;
PermissionService
.
assign_modify_namespace_role
(
$scope
.
pageContext
.
appId
,
$scope
.
pageContext
.
namespaceName
,
toAssignModifyNamespaceRoleUser
)
.
then
(
function
(
result
)
{
toastr
.
success
(
"
添加成功
"
);
$scope
.
modifyRoleSubmitBtnDisabled
=
false
;
$scope
.
rolesAssignedUsers
.
modifyRoleUsers
.
push
(
{
userId
:
toAssignModifyNamespaceRoleUser
});
$
(
'
.
'
+
$scope
.
modifyRoleWidgetId
).
select2
(
"
val
"
,
""
);
},
function
(
result
)
{
$scope
.
modifyRoleSubmitBtnDisabled
=
false
;
toastr
.
error
(
AppUtil
.
errorMsg
(
result
),
"
添加失败
"
);
});
}
};
$scope
.
removeUserRole
=
function
(
roleType
,
user
)
{
if
(
'
ReleaseNamespace
'
==
roleType
)
{
PermissionService
.
remove_release_namespace_role
(
$scope
.
pageContext
.
appId
,
$scope
.
pageContext
.
namespaceName
,
user
)
.
then
(
function
(
result
)
{
toastr
.
success
(
"
删除成功
"
);
removeUserFromList
(
$scope
.
rolesAssignedUsers
.
releaseRoleUsers
,
user
);
},
function
(
result
)
{
toastr
.
error
(
AppUtil
.
errorMsg
(
result
),
"
删除失败
"
);
});
}
else
{
PermissionService
.
remove_modify_namespace_role
(
$scope
.
pageContext
.
appId
,
$scope
.
pageContext
.
namespaceName
,
user
)
.
then
(
function
(
result
)
{
toastr
.
success
(
"
删除成功
"
);
removeUserFromList
(
$scope
.
rolesAssignedUsers
.
modifyRoleUsers
,
user
);
},
function
(
result
)
{
toastr
.
error
(
AppUtil
.
errorMsg
(
result
),
"
删除失败
"
);
});
}
};
function
removeUserFromList
(
list
,
user
)
{
var
index
=
0
;
for
(
var
i
=
0
;
i
<
list
.
length
;
i
++
)
{
if
(
list
[
i
].
userId
==
user
)
{
index
=
i
;
break
;
}
}
list
.
splice
(
index
,
1
);
}
}
$
(
'
.
'
+
$scope
.
modifyRoleWidgetId
).
select2
(
"
val
"
,
""
);
$scope
.
modifyRoleSelectedEnv
=
""
;
},
function
(
result
)
{
$scope
.
modifyRoleSubmitBtnDisabled
=
false
;
toastr
.
error
(
AppUtil
.
errorMsg
(
result
),
"
添加失败
"
);
});
}
};
$scope
.
removeUserRole
=
function
(
roleType
,
user
,
env
)
{
if
(
"
ReleaseNamespace
"
===
roleType
)
{
var
removeReleaseNamespaceRoleFunc
=
!
env
?
PermissionService
.
remove_release_namespace_role
:
function
(
appId
,
namespaceName
,
user
)
{
return
PermissionService
.
remove_release_namespace_env_role
(
appId
,
env
,
namespaceName
,
user
);
};
removeReleaseNamespaceRoleFunc
(
$scope
.
pageContext
.
appId
,
$scope
.
pageContext
.
namespaceName
,
user
)
.
then
(
function
(
result
)
{
toastr
.
success
(
"
删除成功
"
);
if
(
!
env
)
{
removeUserFromList
(
$scope
.
rolesAssignedUsers
.
releaseRoleUsers
,
user
);
}
else
{
removeUserFromList
(
$scope
.
envRolesAssignedUsers
[
env
].
releaseRoleUsers
,
user
);
}
},
function
(
result
)
{
toastr
.
error
(
AppUtil
.
errorMsg
(
result
),
"
删除失败
"
);
});
}
else
{
var
removeModifyNamespaceRoleFunc
=
!
env
?
PermissionService
.
remove_modify_namespace_role
:
function
(
appId
,
namespaceName
,
user
)
{
return
PermissionService
.
remove_modify_namespace_env_role
(
appId
,
env
,
namespaceName
,
user
);
};
removeModifyNamespaceRoleFunc
(
$scope
.
pageContext
.
appId
,
$scope
.
pageContext
.
namespaceName
,
user
)
.
then
(
function
(
result
)
{
toastr
.
success
(
"
删除成功
"
);
if
(
!
env
)
{
removeUserFromList
(
$scope
.
rolesAssignedUsers
.
modifyRoleUsers
,
user
);
}
else
{
removeUserFromList
(
$scope
.
envRolesAssignedUsers
[
env
].
modifyRoleUsers
,
user
);
}
},
function
(
result
)
{
toastr
.
error
(
AppUtil
.
errorMsg
(
result
),
"
删除失败
"
);
});
}
};
function
removeUserFromList
(
list
,
user
)
{
var
index
=
0
;
for
(
var
i
=
0
;
i
<
list
.
length
;
i
++
)
{
if
(
list
[
i
].
userId
===
user
)
{
index
=
i
;
break
;
}
}
list
.
splice
(
index
,
1
);
}
}]);
}]);
apollo-portal/src/main/resources/static/scripts/directive/namespace-panel-directive.js
浏览文件 @
0bc91cc1
...
@@ -217,10 +217,26 @@ function directive($window, toastr, AppUtil, EventManager, PermissionService, Na
...
@@ -217,10 +217,26 @@ function directive($window, toastr, AppUtil, EventManager, PermissionService, Na
scope
.
appId
,
scope
.
appId
,
namespace
.
baseInfo
.
namespaceName
)
namespace
.
baseInfo
.
namespaceName
)
.
then
(
function
(
result
)
{
.
then
(
function
(
result
)
{
if
(
!
result
.
hasPermission
)
{
PermissionService
.
has_modify_namespace_env_permission
(
scope
.
appId
,
scope
.
env
,
namespace
.
baseInfo
.
namespaceName
)
.
then
(
function
(
result
)
{
//branch has same permission
namespace
.
hasModifyPermission
=
result
.
hasPermission
;
if
(
namespace
.
branch
)
{
namespace
.
branch
.
hasModifyPermission
=
result
.
hasPermission
;
}
});
}
else
{
//branch has same permission
//branch has same permission
namespace
.
hasModifyPermission
=
result
.
hasPermission
;
namespace
.
hasModifyPermission
=
result
.
hasPermission
;
if
(
namespace
.
branch
)
{
if
(
namespace
.
branch
)
{
namespace
.
branch
.
hasModifyPermission
=
result
.
hasPermission
;
namespace
.
branch
.
hasModifyPermission
=
result
.
hasPermission
;
}
}
}
});
});
...
@@ -228,10 +244,26 @@ function directive($window, toastr, AppUtil, EventManager, PermissionService, Na
...
@@ -228,10 +244,26 @@ function directive($window, toastr, AppUtil, EventManager, PermissionService, Na
scope
.
appId
,
scope
.
appId
,
namespace
.
baseInfo
.
namespaceName
)
namespace
.
baseInfo
.
namespaceName
)
.
then
(
function
(
result
)
{
.
then
(
function
(
result
)
{
//branch has same permission
if
(
!
result
.
hasPermission
)
{
namespace
.
hasReleasePermission
=
result
.
hasPermission
;
PermissionService
.
has_release_namespace_env_permission
(
if
(
namespace
.
branch
)
{
scope
.
appId
,
namespace
.
branch
.
hasReleasePermission
=
result
.
hasPermission
;
scope
.
env
,
namespace
.
baseInfo
.
namespaceName
)
.
then
(
function
(
result
)
{
//branch has same permission
namespace
.
hasReleasePermission
=
result
.
hasPermission
;
if
(
namespace
.
branch
)
{
namespace
.
branch
.
hasReleasePermission
=
result
.
hasPermission
;
}
});
}
else
{
//branch has same permission
namespace
.
hasReleasePermission
=
result
.
hasPermission
;
if
(
namespace
.
branch
)
{
namespace
.
branch
.
hasReleasePermission
=
result
.
hasPermission
;
}
}
}
});
});
}
}
...
...
apollo-portal/src/main/resources/static/scripts/services/ConsumerService.js
浏览文件 @
0bc91cc1
...
@@ -29,11 +29,12 @@ appService.service('ConsumerService', ['$resource', '$q', 'AppUtil',
...
@@ -29,11 +29,12 @@ appService.service('ConsumerService', ['$resource', '$q', 'AppUtil',
appId
:
appId
appId
:
appId
});
});
},
},
assignRoleToConsumer
:
function
(
token
,
type
,
appId
,
namespaceName
)
{
assignRoleToConsumer
:
function
(
token
,
type
,
appId
,
namespaceName
,
envs
)
{
return
AppUtil
.
ajax
(
resource
.
assign_role_to_consumer
,
return
AppUtil
.
ajax
(
resource
.
assign_role_to_consumer
,
{
{
token
:
token
,
token
:
token
,
type
:
type
type
:
type
,
envs
:
envs
},
},
{
{
appId
:
appId
,
appId
:
appId
,
...
...
apollo-portal/src/main/resources/static/scripts/services/PermissionService.js
浏览文件 @
0bc91cc1
appService
.
service
(
'
PermissionService
'
,
[
'
$resource
'
,
'
$q
'
,
function
(
$resource
,
$q
)
{
appService
.
service
(
'
PermissionService
'
,
[
'
$resource
'
,
'
$q
'
,
function
(
$resource
,
$q
)
{
var
permission_resource
=
$resource
(
''
,
{},
{
var
permission_resource
=
$resource
(
''
,
{},
{
init_app_namespace_permission
:
{
method
:
'
POST
'
,
url
:
'
/apps/:appId/initPermission?namespace=:namespace
'
},
has_app_permission
:
{
has_app_permission
:
{
method
:
'
GET
'
,
method
:
'
GET
'
,
url
:
'
/apps/:appId/permissions/:permissionType
'
url
:
'
/apps/:appId/permissions/:permissionType
'
...
@@ -8,6 +12,10 @@ appService.service('PermissionService', ['$resource', '$q', function ($resource,
...
@@ -8,6 +12,10 @@ appService.service('PermissionService', ['$resource', '$q', function ($resource,
method
:
'
GET
'
,
method
:
'
GET
'
,
url
:
'
/apps/:appId/namespaces/:namespaceName/permissions/:permissionType
'
url
:
'
/apps/:appId/namespaces/:namespaceName/permissions/:permissionType
'
},
},
has_namespace_env_permission
:
{
method
:
'
GET
'
,
url
:
'
/apps/:appId/envs/:env/namespaces/:namespaceName/permissions/:permissionType
'
},
has_root_permission
:{
has_root_permission
:{
method
:
'
GET
'
,
method
:
'
GET
'
,
url
:
'
/permissions/root
'
url
:
'
/permissions/root
'
...
@@ -16,14 +24,26 @@ appService.service('PermissionService', ['$resource', '$q', function ($resource,
...
@@ -16,14 +24,26 @@ appService.service('PermissionService', ['$resource', '$q', function ($resource,
method
:
'
GET
'
,
method
:
'
GET
'
,
url
:
'
/apps/:appId/namespaces/:namespaceName/role_users
'
url
:
'
/apps/:appId/namespaces/:namespaceName/role_users
'
},
},
get_namespace_env_role_users
:
{
method
:
'
GET
'
,
url
:
'
/apps/:appId/envs/:env/namespaces/:namespaceName/role_users
'
},
assign_namespace_role_to_user
:
{
assign_namespace_role_to_user
:
{
method
:
'
POST
'
,
method
:
'
POST
'
,
url
:
'
/apps/:appId/namespaces/:namespaceName/roles/:roleType
'
url
:
'
/apps/:appId/namespaces/:namespaceName/roles/:roleType
'
},
},
assign_namespace_env_role_to_user
:
{
method
:
'
POST
'
,
url
:
'
/apps/:appId/envs/:env/namespaces/:namespaceName/roles/:roleType
'
},
remove_namespace_role_from_user
:
{
remove_namespace_role_from_user
:
{
method
:
'
DELETE
'
,
method
:
'
DELETE
'
,
url
:
'
/apps/:appId/namespaces/:namespaceName/roles/:roleType?user=:user
'
url
:
'
/apps/:appId/namespaces/:namespaceName/roles/:roleType?user=:user
'
},
},
remove_namespace_env_role_from_user
:
{
method
:
'
DELETE
'
,
url
:
'
/apps/:appId/envs/:env/namespaces/:namespaceName/roles/:roleType?user=:user
'
},
get_app_role_users
:
{
get_app_role_users
:
{
method
:
'
GET
'
,
method
:
'
GET
'
,
url
:
'
/apps/:appId/role_users
'
url
:
'
/apps/:appId/role_users
'
...
@@ -38,6 +58,20 @@ appService.service('PermissionService', ['$resource', '$q', function ($resource,
...
@@ -38,6 +58,20 @@ appService.service('PermissionService', ['$resource', '$q', function ($resource,
}
}
});
});
function
initAppNamespacePermission
(
appId
,
namespace
)
{
var
d
=
$q
.
defer
();
permission_resource
.
init_app_namespace_permission
({
appId
:
appId
,
namespace
:
namespace
},
namespace
,
function
(
result
)
{
d
.
resolve
(
result
);
},
function
(
result
)
{
d
.
reject
(
result
);
});
return
d
.
promise
;
}
function
hasAppPermission
(
appId
,
permissionType
)
{
function
hasAppPermission
(
appId
,
permissionType
)
{
var
d
=
$q
.
defer
();
var
d
=
$q
.
defer
();
permission_resource
.
has_app_permission
({
permission_resource
.
has_app_permission
({
...
@@ -67,6 +101,22 @@ appService.service('PermissionService', ['$resource', '$q', function ($resource,
...
@@ -67,6 +101,22 @@ appService.service('PermissionService', ['$resource', '$q', function ($resource,
return
d
.
promise
;
return
d
.
promise
;
}
}
function
hasNamespaceEnvPermission
(
appId
,
env
,
namespaceName
,
permissionType
)
{
var
d
=
$q
.
defer
();
permission_resource
.
has_namespace_env_permission
({
appId
:
appId
,
namespaceName
:
namespaceName
,
permissionType
:
permissionType
,
env
:
env
},
function
(
result
)
{
d
.
resolve
(
result
);
},
function
(
result
)
{
d
.
reject
(
result
);
});
return
d
.
promise
;
}
function
assignNamespaceRoleToUser
(
appId
,
namespaceName
,
roleType
,
user
)
{
function
assignNamespaceRoleToUser
(
appId
,
namespaceName
,
roleType
,
user
)
{
var
d
=
$q
.
defer
();
var
d
=
$q
.
defer
();
permission_resource
.
assign_namespace_role_to_user
({
permission_resource
.
assign_namespace_role_to_user
({
...
@@ -82,7 +132,23 @@ appService.service('PermissionService', ['$resource', '$q', function ($resource,
...
@@ -82,7 +132,23 @@ appService.service('PermissionService', ['$resource', '$q', function ($resource,
return
d
.
promise
;
return
d
.
promise
;
}
}
function
removeRoleFromUser
(
appId
,
namespaceName
,
roleType
,
user
)
{
function
assignNamespaceEnvRoleToUser
(
appId
,
env
,
namespaceName
,
roleType
,
user
)
{
var
d
=
$q
.
defer
();
permission_resource
.
assign_namespace_env_role_to_user
({
appId
:
appId
,
namespaceName
:
namespaceName
,
roleType
:
roleType
,
env
:
env
},
user
,
function
(
result
)
{
d
.
resolve
(
result
);
},
function
(
result
)
{
d
.
reject
(
result
);
});
return
d
.
promise
;
}
function
removeNamespaceRoleFromUser
(
appId
,
namespaceName
,
roleType
,
user
)
{
var
d
=
$q
.
defer
();
var
d
=
$q
.
defer
();
permission_resource
.
remove_namespace_role_from_user
({
permission_resource
.
remove_namespace_role_from_user
({
appId
:
appId
,
appId
:
appId
,
...
@@ -98,7 +164,27 @@ appService.service('PermissionService', ['$resource', '$q', function ($resource,
...
@@ -98,7 +164,27 @@ appService.service('PermissionService', ['$resource', '$q', function ($resource,
return
d
.
promise
;
return
d
.
promise
;
}
}
function
removeNamespaceEnvRoleFromUser
(
appId
,
env
,
namespaceName
,
roleType
,
user
)
{
var
d
=
$q
.
defer
();
permission_resource
.
remove_namespace_env_role_from_user
({
appId
:
appId
,
namespaceName
:
namespaceName
,
roleType
:
roleType
,
user
:
user
,
env
:
env
},
function
(
result
)
{
d
.
resolve
(
result
);
},
function
(
result
)
{
d
.
reject
(
result
);
});
return
d
.
promise
;
}
return
{
return
{
init_app_namespace_permission
:
function
(
appId
,
namespace
)
{
return
initAppNamespacePermission
(
appId
,
namespace
);
},
has_create_namespace_permission
:
function
(
appId
)
{
has_create_namespace_permission
:
function
(
appId
)
{
return
hasAppPermission
(
appId
,
'
CreateNamespace
'
);
return
hasAppPermission
(
appId
,
'
CreateNamespace
'
);
},
},
...
@@ -111,9 +197,15 @@ appService.service('PermissionService', ['$resource', '$q', function ($resource,
...
@@ -111,9 +197,15 @@ appService.service('PermissionService', ['$resource', '$q', function ($resource,
has_modify_namespace_permission
:
function
(
appId
,
namespaceName
)
{
has_modify_namespace_permission
:
function
(
appId
,
namespaceName
)
{
return
hasNamespacePermission
(
appId
,
namespaceName
,
'
ModifyNamespace
'
);
return
hasNamespacePermission
(
appId
,
namespaceName
,
'
ModifyNamespace
'
);
},
},
has_modify_namespace_env_permission
:
function
(
appId
,
env
,
namespaceName
)
{
return
hasNamespaceEnvPermission
(
appId
,
env
,
namespaceName
,
'
ModifyNamespace
'
);
},
has_release_namespace_permission
:
function
(
appId
,
namespaceName
)
{
has_release_namespace_permission
:
function
(
appId
,
namespaceName
)
{
return
hasNamespacePermission
(
appId
,
namespaceName
,
'
ReleaseNamespace
'
);
return
hasNamespacePermission
(
appId
,
namespaceName
,
'
ReleaseNamespace
'
);
},
},
has_release_namespace_env_permission
:
function
(
appId
,
env
,
namespaceName
)
{
return
hasNamespaceEnvPermission
(
appId
,
env
,
namespaceName
,
'
ReleaseNamespace
'
);
},
has_root_permission
:
function
()
{
has_root_permission
:
function
()
{
var
d
=
$q
.
defer
();
var
d
=
$q
.
defer
();
permission_resource
.
has_root_permission
({
},
permission_resource
.
has_root_permission
({
},
...
@@ -128,14 +220,26 @@ appService.service('PermissionService', ['$resource', '$q', function ($resource,
...
@@ -128,14 +220,26 @@ appService.service('PermissionService', ['$resource', '$q', function ($resource,
assign_modify_namespace_role
:
function
(
appId
,
namespaceName
,
user
)
{
assign_modify_namespace_role
:
function
(
appId
,
namespaceName
,
user
)
{
return
assignNamespaceRoleToUser
(
appId
,
namespaceName
,
'
ModifyNamespace
'
,
user
);
return
assignNamespaceRoleToUser
(
appId
,
namespaceName
,
'
ModifyNamespace
'
,
user
);
},
},
assign_modify_namespace_env_role
:
function
(
appId
,
env
,
namespaceName
,
user
)
{
return
assignNamespaceEnvRoleToUser
(
appId
,
env
,
namespaceName
,
'
ModifyNamespace
'
,
user
);
},
assign_release_namespace_role
:
function
(
appId
,
namespaceName
,
user
)
{
assign_release_namespace_role
:
function
(
appId
,
namespaceName
,
user
)
{
return
assignNamespaceRoleToUser
(
appId
,
namespaceName
,
'
ReleaseNamespace
'
,
user
);
return
assignNamespaceRoleToUser
(
appId
,
namespaceName
,
'
ReleaseNamespace
'
,
user
);
},
},
assign_release_namespace_env_role
:
function
(
appId
,
env
,
namespaceName
,
user
)
{
return
assignNamespaceEnvRoleToUser
(
appId
,
env
,
namespaceName
,
'
ReleaseNamespace
'
,
user
);
},
remove_modify_namespace_role
:
function
(
appId
,
namespaceName
,
user
)
{
remove_modify_namespace_role
:
function
(
appId
,
namespaceName
,
user
)
{
return
removeRoleFromUser
(
appId
,
namespaceName
,
'
ModifyNamespace
'
,
user
);
return
removeNamespaceRoleFromUser
(
appId
,
namespaceName
,
'
ModifyNamespace
'
,
user
);
},
remove_modify_namespace_env_role
:
function
(
appId
,
env
,
namespaceName
,
user
)
{
return
removeNamespaceEnvRoleFromUser
(
appId
,
env
,
namespaceName
,
'
ModifyNamespace
'
,
user
);
},
},
remove_release_namespace_role
:
function
(
appId
,
namespaceName
,
user
)
{
remove_release_namespace_role
:
function
(
appId
,
namespaceName
,
user
)
{
return
removeRoleFromUser
(
appId
,
namespaceName
,
'
ReleaseNamespace
'
,
user
);
return
removeNamespaceRoleFromUser
(
appId
,
namespaceName
,
'
ReleaseNamespace
'
,
user
);
},
remove_release_namespace_env_role
:
function
(
appId
,
env
,
namespaceName
,
user
)
{
return
removeNamespaceEnvRoleFromUser
(
appId
,
env
,
namespaceName
,
'
ReleaseNamespace
'
,
user
);
},
},
get_namespace_role_users
:
function
(
appId
,
namespaceName
)
{
get_namespace_role_users
:
function
(
appId
,
namespaceName
)
{
var
d
=
$q
.
defer
();
var
d
=
$q
.
defer
();
...
@@ -150,6 +254,20 @@ appService.service('PermissionService', ['$resource', '$q', function ($resource,
...
@@ -150,6 +254,20 @@ appService.service('PermissionService', ['$resource', '$q', function ($resource,
});
});
return
d
.
promise
;
return
d
.
promise
;
},
},
get_namespace_env_role_users
:
function
(
appId
,
env
,
namespaceName
)
{
var
d
=
$q
.
defer
();
permission_resource
.
get_namespace_env_role_users
({
appId
:
appId
,
namespaceName
:
namespaceName
,
env
:
env
},
function
(
result
)
{
d
.
resolve
(
result
);
},
function
(
result
)
{
d
.
reject
(
result
);
});
return
d
.
promise
;
},
get_app_role_users
:
function
(
appId
)
{
get_app_role_users
:
function
(
appId
)
{
var
d
=
$q
.
defer
();
var
d
=
$q
.
defer
();
permission_resource
.
get_app_role_users
({
permission_resource
.
get_app_role_users
({
...
...
apollo-portal/src/test/java/com/ctrip/framework/apollo/openapi/service/ConsumerServiceTest.java
浏览文件 @
0bc91cc1
package
com.ctrip.framework.apollo.openapi.service
;
package
com.ctrip.framework.apollo.openapi.service
;
import
com.ctrip.framework.apollo.core.enums.Env
;
import
com.ctrip.framework.apollo.openapi.entity.Consumer
;
import
com.ctrip.framework.apollo.openapi.entity.Consumer
;
import
com.ctrip.framework.apollo.openapi.entity.ConsumerRole
;
import
com.ctrip.framework.apollo.openapi.entity.ConsumerRole
;
import
com.ctrip.framework.apollo.openapi.entity.ConsumerToken
;
import
com.ctrip.framework.apollo.openapi.entity.ConsumerToken
;
...
@@ -178,12 +179,20 @@ public class ConsumerServiceTest extends AbstractUnitTest {
...
@@ -178,12 +179,20 @@ public class ConsumerServiceTest extends AbstractUnitTest {
String
testNamespace
=
"namespace"
;
String
testNamespace
=
"namespace"
;
String
modifyRoleName
=
RoleUtils
.
buildModifyNamespaceRoleName
(
testAppId
,
testNamespace
);
String
modifyRoleName
=
RoleUtils
.
buildModifyNamespaceRoleName
(
testAppId
,
testNamespace
);
String
releaseRoleName
=
RoleUtils
.
buildReleaseNamespaceRoleName
(
testAppId
,
testNamespace
);
String
releaseRoleName
=
RoleUtils
.
buildReleaseNamespaceRoleName
(
testAppId
,
testNamespace
);
String
envModifyRoleName
=
RoleUtils
.
buildModifyNamespaceRoleName
(
testAppId
,
testNamespace
,
Env
.
DEV
.
toString
());
String
envReleaseRoleName
=
RoleUtils
.
buildReleaseNamespaceRoleName
(
testAppId
,
testNamespace
,
Env
.
DEV
.
toString
());
long
modifyRoleId
=
1
;
long
modifyRoleId
=
1
;
long
releaseRoleId
=
2
;
long
releaseRoleId
=
2
;
long
envModifyRoleId
=
3
;
long
envReleaseRoleId
=
4
;
Role
modifyRole
=
createRole
(
modifyRoleId
,
modifyRoleName
);
Role
modifyRole
=
createRole
(
modifyRoleId
,
modifyRoleName
);
Role
releaseRole
=
createRole
(
releaseRoleId
,
releaseRoleName
);
Role
releaseRole
=
createRole
(
releaseRoleId
,
releaseRoleName
);
Role
envModifyRole
=
createRole
(
envModifyRoleId
,
modifyRoleName
);
Role
envReleaseRole
=
createRole
(
envReleaseRoleId
,
releaseRoleName
);
when
(
rolePermissionService
.
findRoleByRoleName
(
modifyRoleName
)).
thenReturn
(
modifyRole
);
when
(
rolePermissionService
.
findRoleByRoleName
(
modifyRoleName
)).
thenReturn
(
modifyRole
);
when
(
rolePermissionService
.
findRoleByRoleName
(
releaseRoleName
)).
thenReturn
(
releaseRole
);
when
(
rolePermissionService
.
findRoleByRoleName
(
releaseRoleName
)).
thenReturn
(
releaseRole
);
when
(
rolePermissionService
.
findRoleByRoleName
(
envModifyRoleName
)).
thenReturn
(
envModifyRole
);
when
(
rolePermissionService
.
findRoleByRoleName
(
envReleaseRoleName
)).
thenReturn
(
envReleaseRole
);
when
(
consumerRoleRepository
.
findByConsumerIdAndRoleId
(
consumerId
,
modifyRoleId
)).
thenReturn
(
null
);
when
(
consumerRoleRepository
.
findByConsumerIdAndRoleId
(
consumerId
,
modifyRoleId
)).
thenReturn
(
null
);
...
@@ -191,14 +200,21 @@ public class ConsumerServiceTest extends AbstractUnitTest {
...
@@ -191,14 +200,21 @@ public class ConsumerServiceTest extends AbstractUnitTest {
when
(
userInfoHolder
.
getUser
()).
thenReturn
(
owner
);
when
(
userInfoHolder
.
getUser
()).
thenReturn
(
owner
);
ConsumerRole
namespaceModifyConsumerRole
=
createConsumerRole
(
consumerId
,
modifyRoleId
);
ConsumerRole
namespaceModifyConsumerRole
=
createConsumerRole
(
consumerId
,
modifyRoleId
);
ConsumerRole
namespaceEnvModifyConsumerRole
=
createConsumerRole
(
consumerId
,
envModifyRoleId
);
ConsumerRole
namespaceReleaseConsumerRole
=
createConsumerRole
(
consumerId
,
releaseRoleId
);
ConsumerRole
namespaceReleaseConsumerRole
=
createConsumerRole
(
consumerId
,
releaseRoleId
);
ConsumerRole
namespaceEnvReleaseConsumerRole
=
createConsumerRole
(
consumerId
,
envReleaseRoleId
);
doReturn
(
namespaceModifyConsumerRole
).
when
(
consumerService
).
createConsumerRole
(
consumerId
,
modifyRoleId
,
testOwner
);
doReturn
(
namespaceModifyConsumerRole
).
when
(
consumerService
).
createConsumerRole
(
consumerId
,
modifyRoleId
,
testOwner
);
doReturn
(
namespaceEnvModifyConsumerRole
).
when
(
consumerService
).
createConsumerRole
(
consumerId
,
envModifyRoleId
,
testOwner
);
doReturn
(
namespaceReleaseConsumerRole
).
when
(
consumerService
).
createConsumerRole
(
consumerId
,
releaseRoleId
,
testOwner
);
doReturn
(
namespaceReleaseConsumerRole
).
when
(
consumerService
).
createConsumerRole
(
consumerId
,
releaseRoleId
,
testOwner
);
doReturn
(
namespaceEnvReleaseConsumerRole
).
when
(
consumerService
).
createConsumerRole
(
consumerId
,
envReleaseRoleId
,
testOwner
);
consumerService
.
assignNamespaceRoleToConsumer
(
token
,
testAppId
,
testNamespace
);
consumerService
.
assignNamespaceRoleToConsumer
(
token
,
testAppId
,
testNamespace
);
consumerService
.
assignNamespaceRoleToConsumer
(
token
,
testAppId
,
testNamespace
,
Env
.
DEV
.
toString
());
verify
(
consumerRoleRepository
).
save
(
namespaceModifyConsumerRole
);
verify
(
consumerRoleRepository
).
save
(
namespaceModifyConsumerRole
);
verify
(
consumerRoleRepository
).
save
(
namespaceEnvModifyConsumerRole
);
verify
(
consumerRoleRepository
).
save
(
namespaceReleaseConsumerRole
);
verify
(
consumerRoleRepository
).
save
(
namespaceReleaseConsumerRole
);
verify
(
consumerRoleRepository
).
save
(
namespaceEnvReleaseConsumerRole
);
}
}
...
...
apollo-portal/src/test/java/com/ctrip/framework/apollo/portal/spi/defaultImpl/RoleInitializationServiceTest.java
浏览文件 @
0bc91cc1
package
com.ctrip.framework.apollo.portal.spi.defaultImpl
;
package
com.ctrip.framework.apollo.portal.spi.defaultImpl
;
import
com.ctrip.framework.apollo.common.entity.App
;
import
com.ctrip.framework.apollo.common.entity.App
;
import
com.ctrip.framework.apollo.core.enums.Env
;
import
com.ctrip.framework.apollo.portal.AbstractUnitTest
;
import
com.ctrip.framework.apollo.portal.AbstractUnitTest
;
import
com.ctrip.framework.apollo.portal.component.config.PortalConfig
;
import
com.ctrip.framework.apollo.portal.constant.PermissionType
;
import
com.ctrip.framework.apollo.portal.constant.PermissionType
;
import
com.ctrip.framework.apollo.portal.entity.bo.UserInfo
;
import
com.ctrip.framework.apollo.portal.entity.bo.UserInfo
;
import
com.ctrip.framework.apollo.portal.entity.po.Permission
;
import
com.ctrip.framework.apollo.portal.entity.po.Permission
;
...
@@ -15,6 +17,9 @@ import org.junit.Test;
...
@@ -15,6 +17,9 @@ import org.junit.Test;
import
org.mockito.InjectMocks
;
import
org.mockito.InjectMocks
;
import
org.mockito.Mock
;
import
org.mockito.Mock
;
import
java.util.ArrayList
;
import
java.util.List
;
import
static
org
.
mockito
.
Matchers
.
any
;
import
static
org
.
mockito
.
Matchers
.
any
;
import
static
org
.
mockito
.
Matchers
.
anySetOf
;
import
static
org
.
mockito
.
Matchers
.
anySetOf
;
import
static
org
.
mockito
.
Matchers
.
anyString
;
import
static
org
.
mockito
.
Matchers
.
anyString
;
...
@@ -32,6 +37,8 @@ public class RoleInitializationServiceTest extends AbstractUnitTest {
...
@@ -32,6 +37,8 @@ public class RoleInitializationServiceTest extends AbstractUnitTest {
private
RolePermissionService
rolePermissionService
;
private
RolePermissionService
rolePermissionService
;
@Mock
@Mock
private
UserInfoHolder
userInfoHolder
;
private
UserInfoHolder
userInfoHolder
;
@Mock
private
PortalConfig
portalConfig
;
@InjectMocks
@InjectMocks
private
DefaultRoleInitializationService
roleInitializationService
;
private
DefaultRoleInitializationService
roleInitializationService
;
...
@@ -53,14 +60,15 @@ public class RoleInitializationServiceTest extends AbstractUnitTest {
...
@@ -53,14 +60,15 @@ public class RoleInitializationServiceTest extends AbstractUnitTest {
when
(
rolePermissionService
.
findRoleByRoleName
(
anyString
())).
thenReturn
(
null
);
when
(
rolePermissionService
.
findRoleByRoleName
(
anyString
())).
thenReturn
(
null
);
when
(
userInfoHolder
.
getUser
()).
thenReturn
(
mockUser
());
when
(
userInfoHolder
.
getUser
()).
thenReturn
(
mockUser
());
when
(
rolePermissionService
.
createPermission
(
any
())).
thenReturn
(
mockPermission
());
when
(
rolePermissionService
.
createPermission
(
any
())).
thenReturn
(
mockPermission
());
when
(
portalConfig
.
portalSupportedEnvs
()).
thenReturn
(
mockPortalSupportedEnvs
());
roleInitializationService
.
initAppRoles
(
mockApp
());
roleInitializationService
.
initAppRoles
(
mockApp
());
verify
(
rolePermissionService
,
times
(
3
)).
findRoleByRoleName
(
anyString
());
verify
(
rolePermissionService
,
times
(
7
)).
findRoleByRoleName
(
anyString
());
verify
(
rolePermissionService
,
times
(
1
)).
assignRoleToUsers
(
verify
(
rolePermissionService
,
times
(
1
)).
assignRoleToUsers
(
RoleUtils
.
buildAppMasterRoleName
(
APP_ID
),
Sets
.
newHashSet
(
CURRENT_USER
),
CURRENT_USER
);
RoleUtils
.
buildAppMasterRoleName
(
APP_ID
),
Sets
.
newHashSet
(
CURRENT_USER
),
CURRENT_USER
);
verify
(
rolePermissionService
,
times
(
2
)).
createPermission
(
any
());
verify
(
rolePermissionService
,
times
(
6
)).
createPermission
(
any
());
verify
(
rolePermissionService
,
times
(
3
)).
createRoleWithPermissions
(
any
(),
anySetOf
(
Long
.
class
));
verify
(
rolePermissionService
,
times
(
7
)).
createRoleWithPermissions
(
any
(),
anySetOf
(
Long
.
class
));
}
}
@Test
@Test
...
@@ -153,5 +161,11 @@ public class RoleInitializationServiceTest extends AbstractUnitTest {
...
@@ -153,5 +161,11 @@ public class RoleInitializationServiceTest extends AbstractUnitTest {
return
permission
;
return
permission
;
}
}
private
List
<
Env
>
mockPortalSupportedEnvs
(){
List
<
Env
>
envArray
=
new
ArrayList
<>();
envArray
.
add
(
Env
.
DEV
);
envArray
.
add
(
Env
.
FAT
);
return
envArray
;
}
}
}
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录