apply consumer token and assign consumer role

apollo-portal/src/main/java/com/ctrip/framework/apollo/openapi/repository/ConsumerRepository.java

@@ -8,4 +8,7 @@ import org.springframework.data.repository.PagingAndSortingRepository;
  * @author Jason Song(song_s@ctrip.com)
  */
 public interface ConsumerRepository extends PagingAndSortingRepository<Consumer, Long> {
+
+  Consumer findByAppId(String appId);
+
 }

apollo-portal/src/main/java/com/ctrip/framework/apollo/openapi/repository/ConsumerRoleRepository.java

@@ -21,4 +21,6 @@ public interface ConsumerRoleRepository extends PagingAndSortingRepository<Consu
    * find consumer roles by roleId
    */
   List<ConsumerRole> findByRoleId(long roleId);
+
+  ConsumerRole findByConsumerIdAndRoleId(long consumerId, long roleId);
 }

apollo-portal/src/main/java/com/ctrip/framework/apollo/openapi/repository/ConsumerTokenRepository.java

@@ -17,4 +17,6 @@ public interface ConsumerTokenRepository extends PagingAndSortingRepository<Cons
    * @param validDate the date when the token is valid
    */
   ConsumerToken findTopByTokenAndExpiresAfter(String token, Date validDate);
+
+  ConsumerToken findByConsumerId(Long consumerId);
 }

apollo-portal/src/main/java/com/ctrip/framework/apollo/openapi/service/ConsumerService.java

@@ -6,30 +6,43 @@ import com.google.common.base.Preconditions;
 import com.google.common.base.Strings;
 import com.google.common.hash.Hashing;
 
+import com.ctrip.framework.apollo.common.exception.BadRequestException;
 import com.ctrip.framework.apollo.openapi.entity.Consumer;
 import com.ctrip.framework.apollo.openapi.entity.ConsumerAudit;
+import com.ctrip.framework.apollo.openapi.entity.ConsumerRole;
 import com.ctrip.framework.apollo.openapi.entity.ConsumerToken;
 import com.ctrip.framework.apollo.openapi.repository.ConsumerAuditRepository;
 import com.ctrip.framework.apollo.openapi.repository.ConsumerRepository;
+import com.ctrip.framework.apollo.openapi.repository.ConsumerRoleRepository;
 import com.ctrip.framework.apollo.openapi.repository.ConsumerTokenRepository;
 import com.ctrip.framework.apollo.portal.component.config.PortalConfig;
+import com.ctrip.framework.apollo.portal.entity.bo.UserInfo;
+import com.ctrip.framework.apollo.portal.entity.po.Role;
+import com.ctrip.framework.apollo.portal.service.RolePermissionService;
+import com.ctrip.framework.apollo.portal.spi.UserInfoHolder;
+import com.ctrip.framework.apollo.portal.spi.UserService;
+import com.ctrip.framework.apollo.portal.util.RoleUtils;
 
 import org.apache.commons.lang.time.FastDateFormat;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 
+import java.util.Arrays;
 import java.util.Date;
+import java.util.List;
 
 /**
  * @author Jason Song(song_s@ctrip.com)
  */
 @Service
 public class ConsumerService {
-  static final String TOKEN_SALT_KEY = "consumer.token.salt";
-  private static final FastDateFormat TIMESTAMP_FORMAT = FastDateFormat.getInstance
-      ("yyyyMMddHHmmss");
+
+  private static final FastDateFormat TIMESTAMP_FORMAT = FastDateFormat.getInstance("yyyyMMddHHmmss");
   private static final Joiner KEY_JOINER = Joiner.on("|");
+
+  @Autowired
+  private UserInfoHolder userInfoHolder;
   @Autowired
   private ConsumerTokenRepository consumerTokenRepository;
   @Autowired
@@ -37,14 +50,61 @@ public class ConsumerService {
   @Autowired
   private ConsumerAuditRepository consumerAuditRepository;
   @Autowired
+  private ConsumerRoleRepository consumerRoleRepository;
+  @Autowired
   private PortalConfig portalConfig;
+  @Autowired
+  private RolePermissionService rolePermissionService;
+  @Autowired
+  private UserService userService;
+
+
+  public Consumer createConsumer(Consumer consumer) {
+    String appId = consumer.getAppId();
+
+    Consumer managedConsumer = consumerRepository.findByAppId(appId);
+    if (managedConsumer != null) {
+      throw new BadRequestException("Consumer already exist");
+    }
+
+    String ownerName = consumer.getOwnerName();
+    UserInfo owner = userService.findByUserId(ownerName);
+    if (owner == null) {
+      throw new BadRequestException(String.format("User does not exist. UserId = %s", ownerName));
+    }
+    consumer.setOwnerEmail(owner.getEmail());
+
+    String operator = userInfoHolder.getUser().getUserId();
+    consumer.setDataChangeCreatedBy(operator);
+    consumer.setDataChangeLastModifiedBy(operator);
+
+    return consumerRepository.save(consumer);
+  }
+
+  public ConsumerToken generateAndSaveConsumerToken(Consumer consumer, Date expires) {
+    Preconditions.checkArgument(consumer != null, "Consumer can not be null");
+
+    ConsumerToken consumerToken = generateConsumerToken(consumer, expires);
+    consumerToken.setId(0);
+
+    return consumerTokenRepository.save(consumerToken);
+  }
+
+  public ConsumerToken getConsumerTokenByAppId(String appId) {
+    Consumer consumer = consumerRepository.findByAppId(appId);
+    if (consumer == null) {
+      return null;
+    }
+
+    return consumerTokenRepository.findByConsumerId(consumer.getId());
+  }
 
   public Long getConsumerIdByToken(String token) {
     if (Strings.isNullOrEmpty(token)) {
       return null;
     }
     ConsumerToken consumerToken = consumerTokenRepository.findTopByTokenAndExpiresAfter(token,
-        new Date());
+                                                                                        new Date());
     return consumerToken == null ? null : consumerToken.getConsumerId();
   }
 
@@ -52,17 +112,44 @@ public class ConsumerService {
     return consumerRepository.findOne(consumerId);
   }
 
-  public void generateAndEnrichConsumerToken(ConsumerToken consumerToken) {
-    Consumer consumer = getConsumerByConsumerId(consumerToken.getConsumerId());
+  @Transactional
+  public List<ConsumerRole> assignNamespaceRoleToConsumer(String token, String appId, String namespaceName) {
+    Long consumerId = getConsumerIdByToken(token);
+    if (consumerId == null) {
+      throw new BadRequestException("Token is Illegal");
+    }
 
-    Preconditions.checkState(consumer != null, String.format("Consumer with id: %d not found!",
-        consumerToken.getConsumerId()));
+    Role namespaceModifyRole =
+        rolePermissionService.findRoleByRoleName(RoleUtils.buildModifyNamespaceRoleName(appId, namespaceName));
+    Role namespaceReleaseRole =
+        rolePermissionService.findRoleByRoleName(RoleUtils.buildReleaseNamespaceRoleName(appId, namespaceName));
 
-    if (consumerToken.getDataChangeCreatedTime() == null) {
-      consumerToken.setDataChangeCreatedTime(new Date());
+    if (namespaceModifyRole == null || namespaceReleaseRole == null) {
+      throw new BadRequestException("Namespace's role does not exist. Please check whether namespace has created.");
     }
-    consumerToken.setToken(generateConsumerToken(consumer.getAppId(), consumerToken
-        .getDataChangeCreatedTime(), portalConfig.consumerTokenSalt()));
+
+    long namespaceModifyRoleId = namespaceModifyRole.getId();
+    long namespaceReleaseRoleId = namespaceReleaseRole.getId();
+
+    ConsumerRole managedModifyRole = consumerRoleRepository.findByConsumerIdAndRoleId(consumerId, namespaceModifyRoleId);
+    if (managedModifyRole != null) {
+      throw new BadRequestException("Namespace's role has assigned to consumer.");
+    }
+
+    String operator = userInfoHolder.getUser().getUserId();
+
+    ConsumerRole namespaceModifyConsumerRole = createConsumerRole(consumerId, namespaceModifyRoleId, operator);
+    ConsumerRole namespaceReleaseConsumerRole = createConsumerRole(consumerId, namespaceReleaseRoleId, operator);
+
+    ConsumerRole createdModifyConsumerRole = consumerRoleRepository.save(namespaceModifyConsumerRole);
+    ConsumerRole createdReleaseConsumerRole = consumerRoleRepository.save(namespaceReleaseConsumerRole);
+
+    return Arrays.asList(createdModifyConsumerRole, createdReleaseConsumerRole);
+  }
+
+  @Transactional
+  public void createConsumerAudits(Iterable<ConsumerAudit> consumerAudits) {
+    consumerAuditRepository.save(consumerAudits);
   }
 
   @Transactional
@@ -72,15 +159,50 @@ public class ConsumerService {
     return consumerTokenRepository.save(entity);
   }
 
-  @Transactional
-  public void createConsumerAudits(Iterable<ConsumerAudit> consumerAudits) {
-    consumerAuditRepository.save(consumerAudits);
+  private ConsumerToken generateConsumerToken(Consumer consumer, Date expires) {
+    long consumerId = consumer.getId();
+    String createdBy = userInfoHolder.getUser().getUserId();
+    Date createdTime = new Date();
+
+    ConsumerToken consumerToken = new ConsumerToken();
+    consumerToken.setConsumerId(consumerId);
+    consumerToken.setExpires(expires);
+    consumerToken.setDataChangeCreatedBy(createdBy);
+    consumerToken.setDataChangeCreatedTime(createdTime);
+    consumerToken.setDataChangeLastModifiedBy(createdBy);
+    consumerToken.setDataChangeLastModifiedTime(createdTime);
+
+    generateAndEnrichToken(consumer, consumerToken);
+
+    return consumerToken;
+  }
+
+  void generateAndEnrichToken(Consumer consumer, ConsumerToken consumerToken) {
+
+    Preconditions.checkArgument(consumer != null);
+
+    if (consumerToken.getDataChangeCreatedTime() == null) {
+      consumerToken.setDataChangeCreatedTime(new Date());
+    }
+    consumerToken.setToken(generateToken(consumer.getAppId(), consumerToken
+        .getDataChangeCreatedTime(), portalConfig.consumerTokenSalt()));
   }
 
-  String generateConsumerToken(String consumerAppId, Date generationTime, String
+  String generateToken(String consumerAppId, Date generationTime, String
       consumerTokenSalt) {
     return Hashing.sha1().hashString(KEY_JOINER.join(consumerAppId, TIMESTAMP_FORMAT.format
         (generationTime), consumerTokenSalt), Charsets.UTF_8).toString();
   }
 
+    ConsumerRole createConsumerRole(Long consumerId, Long roleId, String operator) {
+    ConsumerRole consumerRole = new ConsumerRole();
+
+    consumerRole.setConsumerId(consumerId);
+    consumerRole.setRoleId(roleId);
+    consumerRole.setDataChangeCreatedBy(operator);
+    consumerRole.setDataChangeLastModifiedBy(operator);
+
+    return consumerRole;
+  }
+
 }

apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/controller/ConsumerController.java

 package com.ctrip.framework.apollo.portal.controller;
 
+import com.ctrip.framework.apollo.common.dto.NamespaceDTO;
+import com.ctrip.framework.apollo.common.exception.BadRequestException;
+import com.ctrip.framework.apollo.core.utils.StringUtils;
+import com.ctrip.framework.apollo.openapi.entity.Consumer;
+import com.ctrip.framework.apollo.openapi.entity.ConsumerRole;
 import com.ctrip.framework.apollo.openapi.entity.ConsumerToken;
 import com.ctrip.framework.apollo.openapi.service.ConsumerService;
-import com.ctrip.framework.apollo.portal.spi.UserInfoHolder;
 
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.format.annotation.DateTimeFormat;
 import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.transaction.annotation.Transactional;
 import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.bind.annotation.RequestParam;
@@ -16,50 +22,60 @@ import org.springframework.web.bind.annotation.RestController;
 import java.util.Calendar;
 import java.util.Date;
 import java.util.GregorianCalendar;
+import java.util.List;
 
 /**
  * @author Jason Song(song_s@ctrip.com)
  */
 @RestController
-@RequestMapping("/consumers")
 public class ConsumerController {
-  private static final Date DEFAULT_EXPIRES = new GregorianCalendar(2099, Calendar.JANUARY, 1)
-      .getTime();
+
+  private static final Date DEFAULT_EXPIRES = new GregorianCalendar(2099, Calendar.JANUARY, 1).getTime();
 
   @Autowired
   private ConsumerService consumerService;
-  @Autowired
-  private UserInfoHolder userInfoHolder;
 
+
+  @Transactional
   @PreAuthorize(value = "@permissionValidator.isSuperAdmin()")
-  @RequestMapping(value = "/{consumerId}/tokens", method = RequestMethod.POST)
-  public ConsumerToken createConsumerToken(@PathVariable long consumerId,
-                                           @RequestParam(value = "expires", required = false)
-                                           @DateTimeFormat(pattern = "yyyyMMddHHmmss") Date
-                                               expires) {
+  @RequestMapping(value = "/consumers", method = RequestMethod.POST)
+  public ConsumerToken createConsumer(@RequestBody Consumer consumer,
+                                      @RequestParam(value = "expires", required = false)
+                                      @DateTimeFormat(pattern = "yyyyMMddHHmmss") Date
+                                          expires) {
+
+    if (StringUtils.isContainEmpty(consumer.getAppId(), consumer.getName(),
+                                   consumer.getOwnerName(), consumer.getOrgId())) {
+      throw new BadRequestException("Params(appId、name、ownerName、orgId) can not be empty.");
+    }
+
+    Consumer createdConsumer = consumerService.createConsumer(consumer);
+
     if (expires == null) {
       expires = DEFAULT_EXPIRES;
     }
 
-    ConsumerToken consumerToken = generateConsumerToken(consumerId, expires);
+    return consumerService.generateAndSaveConsumerToken(createdConsumer, expires);
+  }
 
-    return consumerService.createConsumerToken(consumerToken);
+  @RequestMapping(value = "/consumers/by-appId", method = RequestMethod.GET)
+  public ConsumerToken getConsumerTokenByAppId(@RequestParam String appId) {
+    return consumerService.getConsumerTokenByAppId(appId);
   }
 
-  private ConsumerToken generateConsumerToken(long consumerId, Date expires) {
-    String createdBy = userInfoHolder.getUser().getUserId();
-    Date createdTime = new Date();
+  @PreAuthorize(value = "@permissionValidator.isSuperAdmin()")
+  @RequestMapping(value = "/consumers/{token}/assign-role", method = RequestMethod.POST)
+  public List<ConsumerRole> assignRoleToConsumer(@PathVariable String token, @RequestBody NamespaceDTO namespace) {
 
-    ConsumerToken consumerToken = new ConsumerToken();
-    consumerToken.setConsumerId(consumerId);
-    consumerToken.setExpires(expires);
-    consumerToken.setDataChangeCreatedBy(createdBy);
-    consumerToken.setDataChangeCreatedTime(createdTime);
-    consumerToken.setDataChangeLastModifiedBy(createdBy);
-    consumerToken.setDataChangeLastModifiedTime(createdTime);
+    String appId = namespace.getAppId();
+    String namespaceName = namespace.getNamespaceName();
 
-    consumerService.generateAndEnrichConsumerToken(consumerToken);
+    if (StringUtils.isContainEmpty(appId, namespaceName)) {
+      throw new BadRequestException("Params(AppId、NamespaceName) can not be empty.");
+    }
 
-    return consumerToken;
+    return consumerService.assignNamespaceRoleToConsumer(token, appId, namespaceName);
   }
+
+
 }

apollo-portal/src/main/resources/static/open/manage.html

+<!doctype html>
+<html ng-app="open_manage">
+<head>
+    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+    <link rel="icon" href="../img/config.png">
+    <!-- styles -->
+    <link rel="stylesheet" type="text/css" href="../vendor/bootstrap/css/bootstrap.min.css">
+    <link rel="stylesheet" type="text/css" href="../vendor/angular/angular-toastr-1.4.1.min.css">
+    <link rel="stylesheet" type="text/css" media='all' href="../vendor/angular/loading-bar.min.css">
+    <link rel="stylesheet" type="text/css" href="../styles/common-style.css">
+    <link rel="stylesheet" type="text/css" href="../vendor/select2/select2.min.css">
+    <title>开放平台</title>
+</head>
+
+<body>
+
+<apollonav></apollonav>
+
+
+<div class="container-fluid" ng-controller="OpenManageController">
+    <div class="col-md-10 col-md-offset-1 panel">
+
+        <section class="panel-body" ng-show="isRootUser">
+            <!--project admin-->
+            <section class="row">
+                <h5>创建第三方应用
+                    <small>
+                        (说明: 第三方应用可以通过Apollo开放平台来对配置进行管理)
+                    </small>
+                </h5>
+                <hr>
+                <form class="form-horizontal">
+                    <div class="form-group" valdr-form-group>
+                        <label class="col-sm-2 control-label">
+                            <apollorequiredfield></apollorequiredfield>
+                            第三方应用ID</label>
+                        <div class="col-sm-3">
+                            <input type="text" class="form-control" ng-model="consumer.appId">
+                            <small>(创建前请先查询第三方应用是否已经申请过)</small>
+                        </div>
+                        <div class="col-sm-1">
+                            <button class="btn btn-info" ng-click="getTokenByAppId()">查询</button>
+                        </div>
+                        <div class="col-sm-6">
+                            <h4 style="color: red"
+                                ng-show="consumerToken"
+                                ng-bind="'Token: ' + consumerToken.token"></h4>
+                        </div>
+                    </div>
+                    <div class="form-group">
+                        <label class="col-sm-2 control-label">
+                            <apollorequiredfield></apollorequiredfield>
+                            部门</label>
+                        <div class="col-sm-3">
+                            <select id="organization">
+                                <option></option>
+                            </select>
+                        </div>
+                    </div>
+                    <div class="form-group" valdr-form-group>
+                        <label class="col-sm-2 control-label">
+                            <apollorequiredfield></apollorequiredfield>
+                            第三方应用名称</label>
+                        <div class="col-sm-3">
+                            <input type="text" class="form-control" ng-model="consumer.name">
+                            <small>(建议格式 xx-yy-zz 例:apollo-server)</small>
+                        </div>
+                    </div>
+                    <div class="form-group">
+                        <label class="col-sm-2 control-label">
+                            <apollorequiredfield></apollorequiredfield>
+                            项目负责人</label>
+                        <div class="col-sm-6 J_ownerSelectorPanel">
+                            <apollouserselector apollo-id="'ownerSelector'"></apollouserselector>
+                        </div>
+                    </div>
+
+                    <div class="form-group">
+                        <div class="col-sm-offset-2 col-sm-9">
+                            <button type="submit" class="btn btn-primary"
+                                    ng-disabled="submitBtnDisabled"
+                                    ng-click="createConsumer()">
+                                创建
+                            </button>
+                        </div>
+                    </div>
+                </form>
+            </section>
+
+            <section class="row">
+                <h5>赋权
+                    <small>
+                        (说明: 第三方应用只能管理已经赋权的Namespace)
+                    </small>
+                </h5>
+                <hr>
+                <form class="form-horizontal" ng-submit="assignRoleToConsumer()">
+
+                    <div class="form-group" valdr-form-group>
+                        <label class="col-sm-2 control-label">
+                            <apollorequiredfield></apollorequiredfield>
+                            token</label>
+                        <div class="col-sm-3">
+                            <input type="text" class="form-control" ng-model="consumerRole.token" required>
+                        </div>
+                    </div>
+                    <div class="form-group" valdr-form-group>
+                        <label class="col-sm-2 control-label">
+                            <apollorequiredfield></apollorequiredfield>
+                            被管理的AppId</label>
+                        <div class="col-sm-3">
+                            <input type="text" class="form-control" ng-model="consumerRole.appId" required>
+                        </div>
+                    </div>
+                    <div class="form-group" valdr-form-group>
+                        <label class="col-sm-2 control-label">
+                            <apollorequiredfield></apollorequiredfield>
+                            被管理的Namespace</label>
+                        <div class="col-sm-3">
+                            <input type="text" class="form-control" ng-model="consumerRole.namespaceName" required>
+                            <small>(非properties类型的namespace请加上类型后缀，例如apollo.xml)</small>
+                        </div>
+                    </div>
+                    <div class="form-group">
+                        <div class="col-sm-offset-2 col-sm-9">
+                            <button type="submit" class="btn btn-primary"
+                                    ng-disabled="submitBtnDisabled">
+                                提交
+                            </button>
+                        </div>
+                    </div>
+                </form>
+
+            </section>
+
+        </section>
+
+        <section class="panel-body text-center" ng-if="!isRootUser">
+            <h4>当前页面只对Apollo管理员开放</h4>
+        </section>
+
+    </div>
+</div>
+
+<div ng-include="'../views/common/footer.html'"></div>
+
+<!-- jquery.js -->
+<script src="../vendor/jquery.min.js" type="text/javascript"></script>
+
+<!--angular-->
+<script src="../vendor/angular/angular.min.js"></script>
+<script src="../vendor/angular/angular-route.min.js"></script>
+<script src="../vendor/angular/angular-resource.min.js"></script>
+<script src="../vendor/angular/angular-toastr-1.4.1.tpls.min.js"></script>
+<script src="../vendor/angular/loading-bar.min.js"></script>
+
+<!--valdr-->
+<script src="../vendor/valdr/valdr.min.js" type="text/javascript"></script>
+<script src="../vendor/valdr/valdr-message.min.js" type="text/javascript"></script>
+
+<!-- bootstrap.js -->
+<script src="../vendor/bootstrap/js/bootstrap.min.js" type="text/javascript"></script>
+
+<!--nicescroll-->
+<script src="../vendor/jquery.nicescroll.min.js"></script>
+<script src="../vendor/lodash.min.js"></script>
+
+<script src="../vendor/select2/select2.min.js" type="text/javascript"></script>
+<!--biz-->
+<!--must import-->
+<script type="application/javascript" src="../scripts/app.js"></script>
+<script type="application/javascript" src="../scripts/services/AppService.js"></script>
+<script type="application/javascript" src="../scripts/services/EnvService.js"></script>
+<script type="application/javascript" src="../scripts/services/UserService.js"></script>
+<script type="application/javascript" src="../scripts/services/PermissionService.js"></script>
+<script type="application/javascript" src="../scripts/services/OrganizationService.js"></script>
+<script type="application/javascript" src="../scripts/services/ConsumerService.js"></script>
+
+<script type="application/javascript" src="../scripts/AppUtils.js"></script>
+
+<script type="application/javascript" src="../scripts/PageCommon.js"></script>
+<script type="application/javascript" src="../scripts/directive/directive.js"></script>
+<script type="application/javascript" src="../scripts/valdr.js"></script>
+
+<script type="application/javascript" src="../scripts/controller/open/OpenManageController.js"></script>
+</body>
+</html>

apollo-portal/src/main/resources/static/scripts/AppUtils.js

-appUtil.service('AppUtil', ['toastr', '$window', function (toastr, $window) {
+appUtil.service('AppUtil', ['toastr', '$window', '$q', function (toastr, $window, $q) {
 
     function parseErrorMsg(response) {
         if (response.status == -1) {
@@ -10,9 +10,31 @@ appUtil.service('AppUtil', ['toastr', '$window', function (toastr, $window) {
         }
         return msg;
     }
+
+    function ajax(resource, requestParams, requestBody) {
+        var d = $q.defer();
+        if (requestBody) {
+            resource(requestParams, requestBody, function (result) {
+                         d.resolve(result);
+                     },
+                     function (result) {
+                         d.reject(result);
+                     });
+        } else {
+            resource(requestParams, function (result) {
+                         d.resolve(result);
+                     },
+                     function (result) {
+                         d.reject(result);
+                     });
+        }
+
+        return d.promise;
+    }
+    
     return {
         errorMsg: parseErrorMsg,
-        
+        ajax: ajax,
         showErrorMsg: function (response, title) {
             toastr.error(parseErrorMsg(response), title);
         },

apollo-portal/src/main/resources/static/scripts/app.js

@@ -28,6 +28,8 @@ var role_module = angular.module('role', ['app.service', 'apollo.directive', 'ap
 var cluster_module = angular.module('cluster', ['app.service', 'apollo.directive', 'app.util', 'toastr', 'angular-loading-bar' , 'valdr']);
 //release history
 var release_history_module = angular.module('release_history', ['app.service', 'apollo.directive', 'app.util', 'toastr', 'angular-loading-bar']);
+//open manage
+var open_manage_module = angular.module('open_manage', ['app.service', 'apollo.directive', 'app.util', 'toastr', 'angular-loading-bar']);
 
 
 

apollo-portal/src/main/resources/static/scripts/controller/open/OpenManageController.js

+open_manage_module.controller('OpenManageController',
+                              ['$scope', 'toastr', 'AppUtil', 'OrganizationService', 'ConsumerService', 'PermissionService',
+                               OpenManageController]);
+
+function OpenManageController($scope, toastr, AppUtil, OrganizationService, ConsumerService, PermissionService) {
+
+    var $orgWidget = $('#organization');
+
+    $scope.consumer = {};
+    $scope.consumerRole = {};
+
+    $scope.submitBtnDisabled = false;
+    $scope.userSelectWidgetId = 'toAssignMasterRoleUser';
+
+    $scope.getTokenByAppId = getTokenByAppId;
+    $scope.createConsumer = createConsumer;
+    $scope.assignRoleToConsumer = assignRoleToConsumer;
+
+    init();
+
+    function init() {
+        initOrganization();
+        initPermission();
+
+    }
+
+    function initOrganization() {
+        OrganizationService.find_organizations().then(function (result) {
+            var organizations = [];
+            result.forEach(function (item) {
+                var org = {};
+                org.id = item.orgId;
+                org.text = item.orgName + '(' + item.orgId + ')';
+                org.name = item.orgName;
+                organizations.push(org);
+            });
+            $orgWidget.select2({
+                                   placeholder: '请选择部门',
+                                   width: '100%',
+                                   data: organizations
+                               });
+        }, function (result) {
+            toastr.error(AppUtil.errorMsg(result), "load organizations error");
+        });
+    }
+
+    function initPermission() {
+        PermissionService.has_root_permission()
+            .then(function (result) {
+                  $scope.isRootUser = result.hasPermission;
+            })
+    }
+
+    function getTokenByAppId() {
+        if (!$scope.consumer.appId) {
+            toastr.warning("请输入appId");
+            return;
+        }
+
+        ConsumerService.getConsumerTokenByAppId($scope.consumer.appId)
+            .then(function (consumerToken) {
+
+                if (consumerToken.token) {
+                    $scope.consumerToken = consumerToken;
+                    $scope.consumerRole.token = consumerToken.token;
+                } else {
+                    $scope.consumerToken = {token: 'App(' + $scope.consumer.appId + ')未创建，请先创建'};
+                }
+            })
+    }
+
+    function createConsumer() {
+        $scope.submitBtnDisabled = true;
+
+        if (!$scope.consumer.appId) {
+            toastr.warning("请输入appId");
+            return;
+        }
+        var selectedOrg = $orgWidget.select2('data')[0];
+
+        if (!selectedOrg.id) {
+            toastr.warning("请选择部门");
+            return;
+        }
+
+        $scope.consumer.orgId = selectedOrg.id;
+        $scope.consumer.orgName = selectedOrg.name;
+
+        // owner
+        var owner = $('.ownerSelector').select2('data')[0];
+        if (!owner) {
+            toastr.warning("请选择应用负责人");
+            return;
+        }
+        $scope.consumer.ownerName = owner.id;
+
+        ConsumerService.createConsumer($scope.consumer)
+            .then(function (consumerToken) {
+                toastr.success("创建成功");
+                $scope.consumerToken = consumerToken;
+                $scope.consumerRole.token = consumerToken.token;
+                $scope.submitBtnDisabled = false;
+                $scope.consumer = {};
+            }, function (response) {
+                AppUtil.showErrorMsg(response, "创建失败");
+                $scope.submitBtnDisabled = false;
+            })
+
+    }
+
+    function assignRoleToConsumer() {
+        ConsumerService.assignRoleToConsumer($scope.consumerRole.token,
+                                             $scope.consumerRole.appId,
+                                             $scope.consumerRole.namespaceName)
+            .then(function (consumerRoles) {
+                toastr.success("赋权成功");
+            }, function (response) {
+                AppUtil.showErrorMsg(response, "赋权失败");
+            })
+    }
+}

apollo-portal/src/main/resources/static/scripts/services/ConsumerService.js

+appService.service('ConsumerService', ['$resource', '$q', 'AppUtil', 
+                                       function ($resource, $q, AppUtil) {
+    var resource = $resource('', {}, {
+        create_consumer: {
+            method: 'POST',
+            isArray: false,
+            url: '/consumers'
+        },
+        get_consumer_token_by_appId: {
+            method: 'GET',
+            isArray: false,
+            url: '/consumers/by-appId'
+        },
+        assign_role_to_consumer: {
+            method: 'POST',
+            isArray: true,
+            url: '/consumers/:token/assign-role'
+        }
+
+    });
+
+                                           
+    return {
+        createConsumer: function (consumer) {
+            return AppUtil.ajax(resource.create_consumer, {}, consumer);
+        },
+        getConsumerTokenByAppId: function (appId) {
+            return AppUtil.ajax(resource.get_consumer_token_by_appId, {
+                appId: appId
+            });
+        },
+        assignRoleToConsumer: function (token, appId, namespaceName) {
+            return AppUtil.ajax(resource.assign_role_to_consumer, {token: token}, {
+                appId: appId,
+                namespaceName: namespaceName
+            })
+        }
+    }
+}]);

apollo-portal/src/test/java/com/ctrip/framework/apollo/openapi/service/ConsumerServiceTest.java

 package com.ctrip.framework.apollo.openapi.service;
 
 import com.ctrip.framework.apollo.openapi.entity.Consumer;
+import com.ctrip.framework.apollo.openapi.entity.ConsumerRole;
 import com.ctrip.framework.apollo.openapi.entity.ConsumerToken;
 import com.ctrip.framework.apollo.openapi.repository.ConsumerRepository;
+import com.ctrip.framework.apollo.openapi.repository.ConsumerRoleRepository;
 import com.ctrip.framework.apollo.openapi.repository.ConsumerTokenRepository;
+import com.ctrip.framework.apollo.portal.AbstractUnitTest;
 import com.ctrip.framework.apollo.portal.component.config.PortalConfig;
+import com.ctrip.framework.apollo.portal.entity.bo.UserInfo;
+import com.ctrip.framework.apollo.portal.entity.po.Role;
+import com.ctrip.framework.apollo.portal.service.RolePermissionService;
+import com.ctrip.framework.apollo.portal.spi.UserInfoHolder;
+import com.ctrip.framework.apollo.portal.spi.UserService;
+import com.ctrip.framework.apollo.portal.util.RoleUtils;
 
 import org.junit.Before;
 import org.junit.Test;
-import org.junit.runner.RunWith;
+import org.mockito.InjectMocks;
 import org.mockito.Mock;
-import org.mockito.runners.MockitoJUnitRunner;
-import org.springframework.test.util.ReflectionTestUtils;
+import org.mockito.Spy;
 
 import java.util.Calendar;
 import java.util.Date;
@@ -22,37 +30,41 @@ import static org.junit.Assert.assertNull;
 import static org.mockito.Matchers.any;
 import static org.mockito.Matchers.anyString;
 import static org.mockito.Matchers.eq;
+import static org.mockito.Mockito.doReturn;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.never;
-import static org.mockito.Mockito.spy;
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.when;
 
-/**
- * @author Jason Song(song_s@ctrip.com)
- */
-@RunWith(MockitoJUnitRunner.class)
-public class ConsumerServiceTest {
-  private ConsumerService consumerService;
+public class ConsumerServiceTest extends AbstractUnitTest {
+
   @Mock
   private ConsumerTokenRepository consumerTokenRepository;
   @Mock
   private ConsumerRepository consumerRepository;
   @Mock
   private PortalConfig portalConfig;
-  private String someTokenSalt;
+  @Mock
+  private UserService userService;
+  @Mock
+  private UserInfoHolder userInfoHolder;
+  @Mock
+  private ConsumerRoleRepository consumerRoleRepository;
+  @Mock
+  private RolePermissionService rolePermissionService;
+  @Spy
+  @InjectMocks
+  private ConsumerService consumerService;
+
+
+  private String someTokenSalt = "someTokenSalt";
+  private String testAppId = "testAppId";
+  private String testConsumerName = "testConsumerName";
+  private String testOwner = "testOwner";
 
   @Before
   public void setUp() throws Exception {
-    consumerService = spy(new ConsumerService());
-    ReflectionTestUtils.setField(consumerService, "consumerTokenRepository",
-        consumerTokenRepository);
-    ReflectionTestUtils.setField(consumerService, "consumerRepository",
-        consumerRepository);
-    ReflectionTestUtils.setField(consumerService, "portalConfig",
-                                 portalConfig);
-    someTokenSalt = "someTokenSalt";
     when(portalConfig.consumerTokenSalt()).thenReturn(someTokenSalt);
 
   }
@@ -76,7 +88,7 @@ public class ConsumerServiceTest {
 
     assertNull(consumerId);
     verify(consumerTokenRepository, never()).findTopByTokenAndExpiresAfter(anyString(), any(Date
-        .class));
+                                                                                                .class));
   }
 
   @Test
@@ -107,7 +119,7 @@ public class ConsumerServiceTest {
     String tokenSalt = "apollo";
 
     assertEquals("d0da35292dd5079eeb73cc3a5f7c0759afabd806", consumerService
-        .generateConsumerToken(someConsumerAppId, generationTime, tokenSalt));
+        .generateToken(someConsumerAppId, generationTime, tokenSalt));
   }
 
   @Test
@@ -120,27 +132,104 @@ public class ConsumerServiceTest {
 
     when(consumerRepository.findOne(someConsumerId)).thenReturn(consumer);
     when(consumer.getAppId()).thenReturn(someConsumerAppId);
-    when(consumerService.generateConsumerToken(someConsumerAppId, generationTime, someTokenSalt))
+    when(consumerService.generateToken(someConsumerAppId, generationTime, someTokenSalt))
         .thenReturn(someToken);
 
     ConsumerToken consumerToken = new ConsumerToken();
     consumerToken.setConsumerId(someConsumerId);
     consumerToken.setDataChangeCreatedTime(generationTime);
 
-    consumerService.generateAndEnrichConsumerToken(consumerToken);
+    consumerService.generateAndEnrichToken(consumer, consumerToken);
 
     assertEquals(someToken, consumerToken.getToken());
   }
 
-  @Test(expected = IllegalStateException.class)
+  @Test(expected = IllegalArgumentException.class)
   public void testGenerateAndEnrichConsumerTokenWithConsumerNotFound() throws Exception {
     long someConsumerIdNotExist = 1;
 
     ConsumerToken consumerToken = new ConsumerToken();
     consumerToken.setConsumerId(someConsumerIdNotExist);
 
-    when(consumerRepository.findOne(someConsumerIdNotExist)).thenReturn(null);
+    consumerService.generateAndEnrichToken(null, consumerToken);
+  }
+
+  @Test
+  public void testCreateConsumer() {
+    Consumer consumer = createConsumer(testConsumerName, testAppId, testOwner);
+    UserInfo owner = createUser(testOwner);
+
+    when(consumerRepository.findByAppId(testAppId)).thenReturn(null);
+    when(userService.findByUserId(testOwner)).thenReturn(owner);
+    when(userInfoHolder.getUser()).thenReturn(owner);
+
+    consumerService.createConsumer(consumer);
+
+    verify(consumerRepository).save(consumer);
+  }
+
+  @Test
+  public void testAssignNamespaceRoleToConsumer() {
+    Long consumerId = 1L;
+    String token = "token";
+
+    doReturn(consumerId).when(consumerService).getConsumerIdByToken(token);
+
+    String testNamespace = "namespace";
+    String modifyRoleName = RoleUtils.buildModifyNamespaceRoleName(testAppId, testNamespace);
+    String releaseRoleName = RoleUtils.buildReleaseNamespaceRoleName(testAppId, testNamespace);
+    long modifyRoleId = 1;
+    long releaseRoleId = 2;
+    Role modifyRole = createRole(modifyRoleId, modifyRoleName);
+    Role releaseRole = createRole(releaseRoleId, releaseRoleName);
+    when(rolePermissionService.findRoleByRoleName(modifyRoleName)).thenReturn(modifyRole);
+    when(rolePermissionService.findRoleByRoleName(releaseRoleName)).thenReturn(releaseRole);
+
+    when(consumerRoleRepository.findByConsumerIdAndRoleId(consumerId, modifyRoleId)).thenReturn(null);
+
+    UserInfo owner = createUser(testOwner);
+    when(userInfoHolder.getUser()).thenReturn(owner);
+
+    ConsumerRole namespaceModifyConsumerRole = createConsumerRole(consumerId, modifyRoleId);
+    ConsumerRole namespaceReleaseConsumerRole = createConsumerRole(consumerId, releaseRoleId);
+    doReturn(namespaceModifyConsumerRole).when(consumerService).createConsumerRole(consumerId, modifyRoleId, testOwner);
+    doReturn(namespaceReleaseConsumerRole).when(consumerService).createConsumerRole(consumerId, releaseRoleId, testOwner);
+
+    consumerService.assignNamespaceRoleToConsumer(token, testAppId, testNamespace);
+
+    verify(consumerRoleRepository).save(namespaceModifyConsumerRole);
+    verify(consumerRoleRepository).save(namespaceReleaseConsumerRole);
+
+
+  }
+
+  private Consumer createConsumer(String name, String appId, String ownerName) {
+    Consumer consumer = new Consumer();
+
+    consumer.setName(name);
+    consumer.setAppId(appId);
+    consumer.setOwnerName(ownerName);
+
+    return consumer;
+  }
+
+  private Role createRole(long roleId, String roleName) {
+    Role role = new Role();
+    role.setId(roleId);
+    role.setRoleName(roleName);
+    return role;
+  }
+
+  private ConsumerRole createConsumerRole(long consumerId, long roleId) {
+    ConsumerRole consumerRole = new ConsumerRole();
+    consumerRole.setConsumerId(consumerId);
+    consumerRole.setRoleId(roleId);
+    return consumerRole;
+  }
 
-    consumerService.generateAndEnrichConsumerToken(consumerToken);
+  private UserInfo createUser(String userId) {
+    UserInfo userInfo = new UserInfo();
+    userInfo.setUserId(userId);
+    return userInfo;
   }
 }

apollo-portal/src/test/java/com/ctrip/framework/apollo/portal/AllTests.java

@@ -9,7 +9,6 @@ import com.ctrip.framework.apollo.openapi.util.ConsumerAuthUtilTest;
 import com.ctrip.framework.apollo.portal.component.txtresolver.FileTextResolverTest;
 import com.ctrip.framework.apollo.portal.component.txtresolver.PropertyResolverTest;
 import com.ctrip.framework.apollo.portal.config.ConfigTest;
-import com.ctrip.framework.apollo.portal.controller.ConsumerControllerTest;
 import com.ctrip.framework.apollo.portal.service.AppNamespaceServiceTest;
 import com.ctrip.framework.apollo.portal.service.ConfigServiceTest;
 import com.ctrip.framework.apollo.portal.service.FavoriteServiceTest;
@@ -29,7 +28,7 @@ import org.junit.runners.Suite.SuiteClasses;
     AppNamespaceServiceTest.class, RoleInitializationServiceTest.class, FileTextResolverTest.class,
     RetryableRestTemplateTest.class, ConsumerRolePermissionServiceTest.class,
     ConsumerAuthenticationFilterTest.class, ConsumerAuthUtilTest.class, ConsumerServiceTest.class,
-    ConsumerControllerTest.class, ConsumerAuditUtilTest.class, ConfigTest.class, FavoriteServiceTest.class,
+    ConsumerAuditUtilTest.class, ConfigTest.class, FavoriteServiceTest.class,
     CtripUserServiceTest.class
 
 })

apollo-portal/src/test/java/com/ctrip/framework/apollo/portal/controller/ConsumerControllerTest.java

-package com.ctrip.framework.apollo.portal.controller;
-
-import com.ctrip.framework.apollo.openapi.entity.ConsumerToken;
-import com.ctrip.framework.apollo.openapi.service.ConsumerService;
-import com.ctrip.framework.apollo.portal.spi.UserInfoHolder;
-import com.ctrip.framework.apollo.portal.entity.bo.UserInfo;
-
-import org.junit.Before;
-import org.junit.Test;
-import org.junit.runner.RunWith;
-import org.mockito.Mock;
-import org.mockito.runners.MockitoJUnitRunner;
-import org.springframework.test.util.ReflectionTestUtils;
-
-import java.util.Date;
-
-import static org.junit.Assert.assertEquals;
-import static org.mockito.Matchers.any;
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.times;
-import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
-
-/**
- * @author Jason Song(song_s@ctrip.com)
- */
-@RunWith(MockitoJUnitRunner.class)
-public class ConsumerControllerTest {
-  private ConsumerController consumerController;
-  @Mock
-  private ConsumerService consumerService;
-  @Mock
-  private UserInfoHolder userInfoHolder;
-
-  @Before
-  public void setUp() throws Exception {
-    consumerController = new ConsumerController();
-    ReflectionTestUtils.setField(consumerController, "consumerService", consumerService);
-    ReflectionTestUtils.setField(consumerController, "userInfoHolder", userInfoHolder);
-  }
-
-  @Test
-  public void testCreateConsumerToken() throws Exception {
-    UserInfo userInfo = mock(UserInfo.class);
-    String someUserId = "someUser";
-    ConsumerToken consumerToken = mock(ConsumerToken.class);
-    long someConsumerId = 1;
-    Date someDateExpires = new Date();
-
-    when(userInfo.getUserId()).thenReturn(someUserId);
-    when(userInfoHolder.getUser()).thenReturn(userInfo);
-    when(consumerService.createConsumerToken(any(ConsumerToken.class))).thenReturn(consumerToken);
-
-    assertEquals(consumerToken, consumerController.createConsumerToken(someConsumerId, someDateExpires));
-    verify(consumerService, times(1)).generateAndEnrichConsumerToken(any(ConsumerToken.class));
-    verify(consumerService, times(1)).createConsumerToken(any(ConsumerToken.class));
-  }
-
-}