Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
wrr-cat
apollo
提交
f27bb7dd
apollo
项目概览
wrr-cat
/
apollo
与 Fork 源项目一致
从无法访问的项目Fork
通知
2
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
apollo
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
f27bb7dd
编写于
7月 24, 2018
作者:
N
nobodyiam
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
refactor and fix some bugs
上级
cefdda6d
变更
18
隐藏空白更改
内联
并排
Showing
18 changed file
with
122 addition
and
90 deletion
+122
-90
apollo-portal/src/main/java/com/ctrip/framework/apollo/openapi/auth/ConsumerPermissionValidator.java
...work/apollo/openapi/auth/ConsumerPermissionValidator.java
+6
-7
apollo-portal/src/main/java/com/ctrip/framework/apollo/openapi/service/ConsumerService.java
...rip/framework/apollo/openapi/service/ConsumerService.java
+4
-0
apollo-portal/src/main/java/com/ctrip/framework/apollo/openapi/v1/controller/ItemController.java
...ramework/apollo/openapi/v1/controller/ItemController.java
+3
-3
apollo-portal/src/main/java/com/ctrip/framework/apollo/openapi/v1/controller/ReleaseController.java
...ework/apollo/openapi/v1/controller/ReleaseController.java
+1
-1
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/component/PermissionValidator.java
...ramework/apollo/portal/component/PermissionValidator.java
+23
-10
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/component/emailbuilder/ConfigPublishEmailBuilder.java
...tal/component/emailbuilder/ConfigPublishEmailBuilder.java
+2
-2
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/controller/ConsumerController.java
...ramework/apollo/portal/controller/ConsumerController.java
+11
-4
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/controller/ItemController.java
...ip/framework/apollo/portal/controller/ItemController.java
+6
-8
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/controller/NamespaceBranchController.java
...k/apollo/portal/controller/NamespaceBranchController.java
+5
-6
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/controller/NamespaceController.java
...amework/apollo/portal/controller/NamespaceController.java
+2
-2
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/controller/PermissionController.java
...mework/apollo/portal/controller/PermissionController.java
+5
-5
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/controller/ReleaseController.java
...framework/apollo/portal/controller/ReleaseController.java
+3
-2
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/spi/defaultimpl/DefaultRoleInitializationService.java
...tal/spi/defaultimpl/DefaultRoleInitializationService.java
+5
-5
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/util/RoleUtils.java
...ava/com/ctrip/framework/apollo/portal/util/RoleUtils.java
+21
-13
apollo-portal/src/main/resources/static/namespace/role.html
apollo-portal/src/main/resources/static/namespace/role.html
+6
-6
apollo-portal/src/main/resources/static/open/manage.html
apollo-portal/src/main/resources/static/open/manage.html
+9
-6
apollo-portal/src/test/java/com/ctrip/framework/apollo/openapi/service/ConsumerServiceTest.java
...framework/apollo/openapi/service/ConsumerServiceTest.java
+3
-3
apollo-portal/src/test/java/com/ctrip/framework/apollo/portal/spi/defaultImpl/RoleInitializationServiceTest.java
...portal/spi/defaultImpl/RoleInitializationServiceTest.java
+7
-7
未找到文件。
apollo-portal/src/main/java/com/ctrip/framework/apollo/openapi/auth/ConsumerPermissionValidator.java
浏览文件 @
f27bb7dd
...
@@ -19,26 +19,25 @@ public class ConsumerPermissionValidator {
...
@@ -19,26 +19,25 @@ public class ConsumerPermissionValidator {
private
ConsumerAuthUtil
consumerAuthUtil
;
private
ConsumerAuthUtil
consumerAuthUtil
;
public
boolean
hasModifyNamespacePermission
(
HttpServletRequest
request
,
String
appId
,
String
public
boolean
hasModifyNamespacePermission
(
HttpServletRequest
request
,
String
appId
,
String
namespaceName
,
namespaceName
)
{
String
env
)
{
if
(
hasCreateNamespacePermission
(
request
,
appId
))
{
if
(
hasCreateNamespacePermission
(
request
,
appId
))
{
return
true
;
return
true
;
}
}
return
permissionService
.
consumerHasPermission
(
consumerAuthUtil
.
retrieveConsumerId
(
request
),
return
permissionService
.
consumerHasPermission
(
consumerAuthUtil
.
retrieveConsumerId
(
request
),
PermissionType
.
MODIFY_NAMESPACE
,
PermissionType
.
MODIFY_NAMESPACE
,
RoleUtils
.
buildNamespaceTargetId
(
appId
,
namespaceName
,
null
));
RoleUtils
.
buildNamespaceTargetId
(
appId
,
namespaceName
,
env
));
}
}
public
boolean
hasReleaseNamespacePermission
(
HttpServletRequest
request
,
String
appId
,
String
public
boolean
hasReleaseNamespacePermission
(
HttpServletRequest
request
,
String
appId
,
String
namespaceName
,
namespaceName
)
{
String
env
)
{
if
(
hasCreateNamespacePermission
(
request
,
appId
))
{
if
(
hasCreateNamespacePermission
(
request
,
appId
))
{
return
true
;
return
true
;
}
}
return
permissionService
.
consumerHasPermission
(
consumerAuthUtil
.
retrieveConsumerId
(
request
),
return
permissionService
.
consumerHasPermission
(
consumerAuthUtil
.
retrieveConsumerId
(
request
),
PermissionType
.
RELEASE_NAMESPACE
,
PermissionType
.
RELEASE_NAMESPACE
,
RoleUtils
.
buildNamespaceTargetId
(
appId
,
namespaceName
,
null
));
RoleUtils
.
buildNamespaceTargetId
(
appId
,
namespaceName
,
env
));
}
}
...
...
apollo-portal/src/main/java/com/ctrip/framework/apollo/openapi/service/ConsumerService.java
浏览文件 @
f27bb7dd
...
@@ -112,6 +112,10 @@ public class ConsumerService {
...
@@ -112,6 +112,10 @@ public class ConsumerService {
return
consumerRepository
.
findOne
(
consumerId
);
return
consumerRepository
.
findOne
(
consumerId
);
}
}
public
List
<
ConsumerRole
>
assignNamespaceRoleToConsumer
(
String
token
,
String
appId
,
String
namespaceName
)
{
return
assignNamespaceRoleToConsumer
(
token
,
appId
,
namespaceName
,
null
);
}
@Transactional
@Transactional
public
List
<
ConsumerRole
>
assignNamespaceRoleToConsumer
(
String
token
,
String
appId
,
String
namespaceName
,
String
env
)
{
public
List
<
ConsumerRole
>
assignNamespaceRoleToConsumer
(
String
token
,
String
appId
,
String
namespaceName
,
String
env
)
{
Long
consumerId
=
getConsumerIdByToken
(
token
);
Long
consumerId
=
getConsumerIdByToken
(
token
);
...
...
apollo-portal/src/main/java/com/ctrip/framework/apollo/openapi/v1/controller/ItemController.java
浏览文件 @
f27bb7dd
...
@@ -32,7 +32,7 @@ public class ItemController {
...
@@ -32,7 +32,7 @@ public class ItemController {
private
UserService
userService
;
private
UserService
userService
;
@PreAuthorize
(
value
=
"@consumerPermissionValidator.hasModifyNamespacePermission(#request, #appId, #namespaceName)"
)
@PreAuthorize
(
value
=
"@consumerPermissionValidator.hasModifyNamespacePermission(#request, #appId, #namespaceName
, #env
)"
)
@RequestMapping
(
value
=
"/apps/{appId}/clusters/{clusterName}/namespaces/{namespaceName}/items"
,
method
=
RequestMethod
.
POST
)
@RequestMapping
(
value
=
"/apps/{appId}/clusters/{clusterName}/namespaces/{namespaceName}/items"
,
method
=
RequestMethod
.
POST
)
public
OpenItemDTO
createItem
(
@PathVariable
String
appId
,
@PathVariable
String
env
,
public
OpenItemDTO
createItem
(
@PathVariable
String
appId
,
@PathVariable
String
env
,
@PathVariable
String
clusterName
,
@PathVariable
String
namespaceName
,
@PathVariable
String
clusterName
,
@PathVariable
String
namespaceName
,
...
@@ -60,7 +60,7 @@ public class ItemController {
...
@@ -60,7 +60,7 @@ public class ItemController {
return
OpenApiBeanUtils
.
transformFromItemDTO
(
createdItem
);
return
OpenApiBeanUtils
.
transformFromItemDTO
(
createdItem
);
}
}
@PreAuthorize
(
value
=
"@consumerPermissionValidator.hasModifyNamespacePermission(#request, #appId, #namespaceName)"
)
@PreAuthorize
(
value
=
"@consumerPermissionValidator.hasModifyNamespacePermission(#request, #appId, #namespaceName
, #env
)"
)
@RequestMapping
(
value
=
"/apps/{appId}/clusters/{clusterName}/namespaces/{namespaceName}/items/{key:.+}"
,
method
=
RequestMethod
.
PUT
)
@RequestMapping
(
value
=
"/apps/{appId}/clusters/{clusterName}/namespaces/{namespaceName}/items/{key:.+}"
,
method
=
RequestMethod
.
PUT
)
public
void
updateItem
(
@PathVariable
String
appId
,
@PathVariable
String
env
,
public
void
updateItem
(
@PathVariable
String
appId
,
@PathVariable
String
env
,
@PathVariable
String
clusterName
,
@PathVariable
String
namespaceName
,
@PathVariable
String
clusterName
,
@PathVariable
String
namespaceName
,
...
@@ -91,7 +91,7 @@ public class ItemController {
...
@@ -91,7 +91,7 @@ public class ItemController {
}
}
@PreAuthorize
(
value
=
"@consumerPermissionValidator.hasModifyNamespacePermission(#request, #appId, #namespaceName)"
)
@PreAuthorize
(
value
=
"@consumerPermissionValidator.hasModifyNamespacePermission(#request, #appId, #namespaceName
, #env
)"
)
@RequestMapping
(
value
=
"/apps/{appId}/clusters/{clusterName}/namespaces/{namespaceName}/items/{key:.+}"
,
method
=
RequestMethod
.
DELETE
)
@RequestMapping
(
value
=
"/apps/{appId}/clusters/{clusterName}/namespaces/{namespaceName}/items/{key:.+}"
,
method
=
RequestMethod
.
DELETE
)
public
void
deleteItem
(
@PathVariable
String
appId
,
@PathVariable
String
env
,
public
void
deleteItem
(
@PathVariable
String
appId
,
@PathVariable
String
env
,
@PathVariable
String
clusterName
,
@PathVariable
String
namespaceName
,
@PathVariable
String
clusterName
,
@PathVariable
String
namespaceName
,
...
...
apollo-portal/src/main/java/com/ctrip/framework/apollo/openapi/v1/controller/ReleaseController.java
浏览文件 @
f27bb7dd
...
@@ -33,7 +33,7 @@ public class ReleaseController {
...
@@ -33,7 +33,7 @@ public class ReleaseController {
@Autowired
@Autowired
private
UserService
userService
;
private
UserService
userService
;
@PreAuthorize
(
value
=
"@consumerPermissionValidator.hasReleaseNamespacePermission(#request, #appId, #namespaceName)"
)
@PreAuthorize
(
value
=
"@consumerPermissionValidator.hasReleaseNamespacePermission(#request, #appId, #namespaceName
, #env
)"
)
@RequestMapping
(
value
=
"/apps/{appId}/clusters/{clusterName}/namespaces/{namespaceName}/releases"
,
method
=
RequestMethod
.
POST
)
@RequestMapping
(
value
=
"/apps/{appId}/clusters/{clusterName}/namespaces/{namespaceName}/releases"
,
method
=
RequestMethod
.
POST
)
public
OpenReleaseDTO
createRelease
(
@PathVariable
String
appId
,
@PathVariable
String
env
,
public
OpenReleaseDTO
createRelease
(
@PathVariable
String
appId
,
@PathVariable
String
env
,
@PathVariable
String
clusterName
,
@PathVariable
String
clusterName
,
...
...
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/component/PermissionValidator.java
浏览文件 @
f27bb7dd
...
@@ -6,7 +6,6 @@ import com.ctrip.framework.apollo.portal.constant.PermissionType;
...
@@ -6,7 +6,6 @@ import com.ctrip.framework.apollo.portal.constant.PermissionType;
import
com.ctrip.framework.apollo.portal.service.RolePermissionService
;
import
com.ctrip.framework.apollo.portal.service.RolePermissionService
;
import
com.ctrip.framework.apollo.portal.spi.UserInfoHolder
;
import
com.ctrip.framework.apollo.portal.spi.UserInfoHolder
;
import
com.ctrip.framework.apollo.portal.util.RoleUtils
;
import
com.ctrip.framework.apollo.portal.util.RoleUtils
;
import
org.springframework.beans.factory.annotation.Autowired
;
import
org.springframework.beans.factory.annotation.Autowired
;
import
org.springframework.stereotype.Component
;
import
org.springframework.stereotype.Component
;
...
@@ -20,24 +19,42 @@ public class PermissionValidator {
...
@@ -20,24 +19,42 @@ public class PermissionValidator {
@Autowired
@Autowired
private
PortalConfig
portalConfig
;
private
PortalConfig
portalConfig
;
public
boolean
hasModifyNamespacePermission
(
String
appId
,
String
namespaceName
,
String
env
)
{
public
boolean
hasModifyNamespacePermission
(
String
appId
,
String
namespaceName
)
{
return
rolePermissionService
.
userHasPermission
(
userInfoHolder
.
getUser
().
getUserId
(),
return
rolePermissionService
.
userHasPermission
(
userInfoHolder
.
getUser
().
getUserId
(),
PermissionType
.
MODIFY_NAMESPACE
,
PermissionType
.
MODIFY_NAMESPACE
,
RoleUtils
.
buildNamespaceTargetId
(
appId
,
namespaceName
,
env
));
RoleUtils
.
buildNamespaceTargetId
(
appId
,
namespaceName
));
}
}
public
boolean
hasReleaseNamespacePermission
(
String
appId
,
String
namespaceName
,
String
env
)
{
public
boolean
hasModifyNamespacePermission
(
String
appId
,
String
namespaceName
,
String
env
)
{
return
hasModifyNamespacePermission
(
appId
,
namespaceName
)
||
rolePermissionService
.
userHasPermission
(
userInfoHolder
.
getUser
().
getUserId
(),
PermissionType
.
MODIFY_NAMESPACE
,
RoleUtils
.
buildNamespaceTargetId
(
appId
,
namespaceName
,
env
));
}
public
boolean
hasReleaseNamespacePermission
(
String
appId
,
String
namespaceName
)
{
return
rolePermissionService
.
userHasPermission
(
userInfoHolder
.
getUser
().
getUserId
(),
return
rolePermissionService
.
userHasPermission
(
userInfoHolder
.
getUser
().
getUserId
(),
PermissionType
.
RELEASE_NAMESPACE
,
PermissionType
.
RELEASE_NAMESPACE
,
RoleUtils
.
buildNamespaceTargetId
(
appId
,
namespaceName
,
env
));
RoleUtils
.
buildNamespaceTargetId
(
appId
,
namespaceName
));
}
public
boolean
hasReleaseNamespacePermission
(
String
appId
,
String
namespaceName
,
String
env
)
{
return
hasReleaseNamespacePermission
(
appId
,
namespaceName
)
||
rolePermissionService
.
userHasPermission
(
userInfoHolder
.
getUser
().
getUserId
(),
PermissionType
.
RELEASE_NAMESPACE
,
RoleUtils
.
buildNamespaceTargetId
(
appId
,
namespaceName
,
env
));
}
}
public
boolean
hasDeleteNamespacePermission
(
String
appId
)
{
public
boolean
hasDeleteNamespacePermission
(
String
appId
)
{
return
hasAssignRolePermission
(
appId
)
||
isSuperAdmin
();
return
hasAssignRolePermission
(
appId
)
||
isSuperAdmin
();
}
}
public
boolean
hasOperateNamespacePermission
(
String
appId
,
String
namespaceName
)
{
return
hasModifyNamespacePermission
(
appId
,
namespaceName
)
||
hasReleaseNamespacePermission
(
appId
,
namespaceName
);
}
public
boolean
hasOperateNamespacePermission
(
String
appId
,
String
namespaceName
,
String
env
)
{
public
boolean
hasOperateNamespacePermission
(
String
appId
,
String
namespaceName
,
String
env
)
{
return
hasModifyNamespacePermission
(
appId
,
namespaceName
,
env
)
||
hasReleaseNamespacePermission
(
appId
,
namespaceName
,
env
);
return
hasOperateNamespacePermission
(
appId
,
namespaceName
)
||
hasModifyNamespacePermission
(
appId
,
namespaceName
,
env
)
||
hasReleaseNamespacePermission
(
appId
,
namespaceName
,
env
);
}
}
public
boolean
hasAssignRolePermission
(
String
appId
)
{
public
boolean
hasAssignRolePermission
(
String
appId
)
{
...
@@ -77,8 +94,4 @@ public class PermissionValidator {
...
@@ -77,8 +94,4 @@ public class PermissionValidator {
public
boolean
isSuperAdmin
()
{
public
boolean
isSuperAdmin
()
{
return
rolePermissionService
.
isSuperAdmin
(
userInfoHolder
.
getUser
().
getUserId
());
return
rolePermissionService
.
isSuperAdmin
(
userInfoHolder
.
getUser
().
getUserId
());
}
}
public
boolean
alwaysTrue
()
{
return
true
;
}
}
}
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/component/emailbuilder/ConfigPublishEmailBuilder.java
浏览文件 @
f27bb7dd
...
@@ -211,13 +211,13 @@ public abstract class ConfigPublishEmailBuilder {
...
@@ -211,13 +211,13 @@ public abstract class ConfigPublishEmailBuilder {
private
List
<
String
>
recipients
(
String
appId
,
String
namespaceName
,
String
env
)
{
private
List
<
String
>
recipients
(
String
appId
,
String
namespaceName
,
String
env
)
{
Set
<
UserInfo
>
modifyRoleUsers
=
Set
<
UserInfo
>
modifyRoleUsers
=
rolePermissionService
rolePermissionService
.
queryUsersWithRole
(
RoleUtils
.
buildNamespaceRoleName
(
appId
,
namespaceName
,
RoleType
.
MODIFY_NAMESPACE
,
null
));
.
queryUsersWithRole
(
RoleUtils
.
buildNamespaceRoleName
(
appId
,
namespaceName
,
RoleType
.
MODIFY_NAMESPACE
));
Set
<
UserInfo
>
envModifyRoleUsers
=
Set
<
UserInfo
>
envModifyRoleUsers
=
rolePermissionService
rolePermissionService
.
queryUsersWithRole
(
RoleUtils
.
buildNamespaceRoleName
(
appId
,
namespaceName
,
RoleType
.
MODIFY_NAMESPACE
,
env
));
.
queryUsersWithRole
(
RoleUtils
.
buildNamespaceRoleName
(
appId
,
namespaceName
,
RoleType
.
MODIFY_NAMESPACE
,
env
));
Set
<
UserInfo
>
releaseRoleUsers
=
Set
<
UserInfo
>
releaseRoleUsers
=
rolePermissionService
rolePermissionService
.
queryUsersWithRole
(
RoleUtils
.
buildNamespaceRoleName
(
appId
,
namespaceName
,
RoleType
.
RELEASE_NAMESPACE
,
null
));
.
queryUsersWithRole
(
RoleUtils
.
buildNamespaceRoleName
(
appId
,
namespaceName
,
RoleType
.
RELEASE_NAMESPACE
));
Set
<
UserInfo
>
envReleaseRoleUsers
=
Set
<
UserInfo
>
envReleaseRoleUsers
=
rolePermissionService
rolePermissionService
.
queryUsersWithRole
(
RoleUtils
.
buildNamespaceRoleName
(
appId
,
namespaceName
,
RoleType
.
RELEASE_NAMESPACE
,
env
));
.
queryUsersWithRole
(
RoleUtils
.
buildNamespaceRoleName
(
appId
,
namespaceName
,
RoleType
.
RELEASE_NAMESPACE
,
env
));
...
...
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/controller/ConsumerController.java
浏览文件 @
f27bb7dd
...
@@ -9,6 +9,8 @@ import com.ctrip.framework.apollo.openapi.entity.ConsumerRole;
...
@@ -9,6 +9,8 @@ import com.ctrip.framework.apollo.openapi.entity.ConsumerRole;
import
com.ctrip.framework.apollo.openapi.entity.ConsumerToken
;
import
com.ctrip.framework.apollo.openapi.entity.ConsumerToken
;
import
com.ctrip.framework.apollo.openapi.service.ConsumerService
;
import
com.ctrip.framework.apollo.openapi.service.ConsumerService
;
import
com.google.common.base.Strings
;
import
com.google.common.collect.Lists
;
import
org.springframework.beans.factory.annotation.Autowired
;
import
org.springframework.beans.factory.annotation.Autowired
;
import
org.springframework.format.annotation.DateTimeFormat
;
import
org.springframework.format.annotation.DateTimeFormat
;
import
org.springframework.security.access.prepost.PreAuthorize
;
import
org.springframework.security.access.prepost.PreAuthorize
;
...
@@ -81,12 +83,17 @@ public class ConsumerController {
...
@@ -81,12 +83,17 @@ public class ConsumerController {
throw
new
BadRequestException
(
"Params(NamespaceName) can not be empty."
);
throw
new
BadRequestException
(
"Params(NamespaceName) can not be empty."
);
}
}
if
(
null
!=
envs
){
if
(
null
!=
envs
){
String
[]
envList
=
envs
.
split
(
","
);
String
[]
envArray
=
envs
.
split
(
","
);
List
<
String
>
envList
=
Lists
.
newArrayList
();
// validate env parameter
// validate env parameter
for
(
String
env
:
envList
)
{
for
(
String
env
:
envArray
)
{
if
(
null
!=
env
&&
!
""
.
equals
(
env
)
&&
null
==
EnvUtils
.
transformEnv
(
env
))
{
if
(
Strings
.
isNullOrEmpty
(
env
))
{
continue
;
}
if
(
null
==
EnvUtils
.
transformEnv
(
env
))
{
throw
new
BadRequestException
(
String
.
format
(
"env: %s is illegal"
,
env
));
throw
new
BadRequestException
(
String
.
format
(
"env: %s is illegal"
,
env
));
}
}
envList
.
add
(
env
);
}
}
List
<
ConsumerRole
>
consumeRoles
=
new
ArrayList
<>();
List
<
ConsumerRole
>
consumeRoles
=
new
ArrayList
<>();
...
@@ -96,7 +103,7 @@ public class ConsumerController {
...
@@ -96,7 +103,7 @@ public class ConsumerController {
return
consumeRoles
;
return
consumeRoles
;
}
}
return
consumerService
.
assignNamespaceRoleToConsumer
(
token
,
appId
,
namespaceName
,
null
);
return
consumerService
.
assignNamespaceRoleToConsumer
(
token
,
appId
,
namespaceName
);
}
}
}
}
...
...
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/controller/ItemController.java
浏览文件 @
f27bb7dd
...
@@ -40,7 +40,7 @@ public class ItemController {
...
@@ -40,7 +40,7 @@ public class ItemController {
@Autowired
@Autowired
private
PermissionValidator
permissionValidator
;
private
PermissionValidator
permissionValidator
;
@PreAuthorize
(
value
=
"@permissionValidator.hasModifyNamespacePermission(#appId, #namespaceName,
null) || @permissionValidator.hasModifyNamespacePermission(#appId, #namespaceName,
#env)"
)
@PreAuthorize
(
value
=
"@permissionValidator.hasModifyNamespacePermission(#appId, #namespaceName, #env)"
)
@RequestMapping
(
value
=
"/apps/{appId}/envs/{env}/clusters/{clusterName}/namespaces/{namespaceName}/items"
,
method
=
RequestMethod
.
PUT
,
consumes
=
{
@RequestMapping
(
value
=
"/apps/{appId}/envs/{env}/clusters/{clusterName}/namespaces/{namespaceName}/items"
,
method
=
RequestMethod
.
PUT
,
consumes
=
{
"application/json"
})
"application/json"
})
public
void
modifyItemsByText
(
@PathVariable
String
appId
,
@PathVariable
String
env
,
public
void
modifyItemsByText
(
@PathVariable
String
appId
,
@PathVariable
String
env
,
...
@@ -57,7 +57,7 @@ public class ItemController {
...
@@ -57,7 +57,7 @@ public class ItemController {
configService
.
updateConfigItemByText
(
model
);
configService
.
updateConfigItemByText
(
model
);
}
}
@PreAuthorize
(
value
=
"@permissionValidator.hasModifyNamespacePermission(#appId, #namespaceName,
null) || @permissionValidator.hasModifyNamespacePermission(#appId, #namespaceName,
#env)"
)
@PreAuthorize
(
value
=
"@permissionValidator.hasModifyNamespacePermission(#appId, #namespaceName, #env)"
)
@RequestMapping
(
value
=
"/apps/{appId}/envs/{env}/clusters/{clusterName}/namespaces/{namespaceName}/item"
,
method
=
RequestMethod
.
POST
)
@RequestMapping
(
value
=
"/apps/{appId}/envs/{env}/clusters/{clusterName}/namespaces/{namespaceName}/item"
,
method
=
RequestMethod
.
POST
)
public
ItemDTO
createItem
(
@PathVariable
String
appId
,
@PathVariable
String
env
,
public
ItemDTO
createItem
(
@PathVariable
String
appId
,
@PathVariable
String
env
,
@PathVariable
String
clusterName
,
@PathVariable
String
namespaceName
,
@PathVariable
String
clusterName
,
@PathVariable
String
namespaceName
,
...
@@ -76,7 +76,7 @@ public class ItemController {
...
@@ -76,7 +76,7 @@ public class ItemController {
return
configService
.
createItem
(
appId
,
Env
.
valueOf
(
env
),
clusterName
,
namespaceName
,
item
);
return
configService
.
createItem
(
appId
,
Env
.
valueOf
(
env
),
clusterName
,
namespaceName
,
item
);
}
}
@PreAuthorize
(
value
=
"@permissionValidator.hasModifyNamespacePermission(#appId, #namespaceName,
null) || @permissionValidator.hasModifyNamespacePermission(#appId, #namespaceName,
#env)"
)
@PreAuthorize
(
value
=
"@permissionValidator.hasModifyNamespacePermission(#appId, #namespaceName, #env)"
)
@RequestMapping
(
value
=
"/apps/{appId}/envs/{env}/clusters/{clusterName}/namespaces/{namespaceName}/item"
,
method
=
RequestMethod
.
PUT
)
@RequestMapping
(
value
=
"/apps/{appId}/envs/{env}/clusters/{clusterName}/namespaces/{namespaceName}/item"
,
method
=
RequestMethod
.
PUT
)
public
void
updateItem
(
@PathVariable
String
appId
,
@PathVariable
String
env
,
public
void
updateItem
(
@PathVariable
String
appId
,
@PathVariable
String
env
,
@PathVariable
String
clusterName
,
@PathVariable
String
namespaceName
,
@PathVariable
String
clusterName
,
@PathVariable
String
namespaceName
,
...
@@ -90,7 +90,7 @@ public class ItemController {
...
@@ -90,7 +90,7 @@ public class ItemController {
}
}
@PreAuthorize
(
value
=
"@permissionValidator.hasModifyNamespacePermission(#appId, #namespaceName,
null) || @permissionValidator.hasModifyNamespacePermission(#appId, #namespaceName,
#env) "
)
@PreAuthorize
(
value
=
"@permissionValidator.hasModifyNamespacePermission(#appId, #namespaceName, #env) "
)
@RequestMapping
(
value
=
"/apps/{appId}/envs/{env}/clusters/{clusterName}/namespaces/{namespaceName}/items/{itemId}"
,
method
=
RequestMethod
.
DELETE
)
@RequestMapping
(
value
=
"/apps/{appId}/envs/{env}/clusters/{clusterName}/namespaces/{namespaceName}/items/{itemId}"
,
method
=
RequestMethod
.
DELETE
)
public
void
deleteItem
(
@PathVariable
String
appId
,
@PathVariable
String
env
,
public
void
deleteItem
(
@PathVariable
String
appId
,
@PathVariable
String
env
,
@PathVariable
String
clusterName
,
@PathVariable
String
namespaceName
,
@PathVariable
String
clusterName
,
@PathVariable
String
namespaceName
,
...
@@ -139,14 +139,12 @@ public class ItemController {
...
@@ -139,14 +139,12 @@ public class ItemController {
return
configService
.
compare
(
model
.
getSyncToNamespaces
(),
model
.
getSyncItems
());
return
configService
.
compare
(
model
.
getSyncToNamespaces
(),
model
.
getSyncItems
());
}
}
//@PreAuthorize(value = "@permissionValidator.hasModifyNamespacePermission(#appId, #namespaceName)")
@PreAuthorize
(
value
=
"@permissionValidator.alwaysTrue()"
)
@RequestMapping
(
value
=
"/apps/{appId}/namespaces/{namespaceName}/items"
,
method
=
RequestMethod
.
PUT
,
consumes
=
{
@RequestMapping
(
value
=
"/apps/{appId}/namespaces/{namespaceName}/items"
,
method
=
RequestMethod
.
PUT
,
consumes
=
{
"application/json"
})
"application/json"
})
public
ResponseEntity
update
(
@PathVariable
String
appId
,
@PathVariable
String
namespaceName
,
public
ResponseEntity
<
Void
>
update
(
@PathVariable
String
appId
,
@PathVariable
String
namespaceName
,
@RequestBody
NamespaceSyncModel
model
)
{
@RequestBody
NamespaceSyncModel
model
)
{
checkModel
(
Objects
.
nonNull
(
model
)
&&
!
model
.
isInvalid
());
checkModel
(
Objects
.
nonNull
(
model
)
&&
!
model
.
isInvalid
());
boolean
hasPermission
=
permissionValidator
.
hasModifyNamespacePermission
(
appId
,
namespaceName
,
null
);
boolean
hasPermission
=
permissionValidator
.
hasModifyNamespacePermission
(
appId
,
namespaceName
);
Env
envNoPermission
=
null
;
Env
envNoPermission
=
null
;
// if uses has ModifyNamespace permission then he has permission
// if uses has ModifyNamespace permission then he has permission
if
(!
hasPermission
)
{
if
(!
hasPermission
)
{
...
...
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/controller/NamespaceBranchController.java
浏览文件 @
f27bb7dd
...
@@ -46,7 +46,7 @@ public class NamespaceBranchController {
...
@@ -46,7 +46,7 @@ public class NamespaceBranchController {
return
namespaceBranchService
.
findBranch
(
appId
,
Env
.
valueOf
(
env
),
clusterName
,
namespaceName
);
return
namespaceBranchService
.
findBranch
(
appId
,
Env
.
valueOf
(
env
),
clusterName
,
namespaceName
);
}
}
@PreAuthorize
(
value
=
"@permissionValidator.hasModifyNamespacePermission(#appId, #namespaceName,
null) || @permissionValidator.hasModifyNamespacePermission(#appId, #namespaceName,
#env)"
)
@PreAuthorize
(
value
=
"@permissionValidator.hasModifyNamespacePermission(#appId, #namespaceName, #env)"
)
@RequestMapping
(
value
=
"/apps/{appId}/envs/{env}/clusters/{clusterName}/namespaces/{namespaceName}/branches"
,
method
=
RequestMethod
.
POST
)
@RequestMapping
(
value
=
"/apps/{appId}/envs/{env}/clusters/{clusterName}/namespaces/{namespaceName}/branches"
,
method
=
RequestMethod
.
POST
)
public
NamespaceDTO
createBranch
(
@PathVariable
String
appId
,
public
NamespaceDTO
createBranch
(
@PathVariable
String
appId
,
@PathVariable
String
env
,
@PathVariable
String
env
,
...
@@ -63,9 +63,8 @@ public class NamespaceBranchController {
...
@@ -63,9 +63,8 @@ public class NamespaceBranchController {
@PathVariable
String
namespaceName
,
@PathVariable
String
namespaceName
,
@PathVariable
String
branchName
)
{
@PathVariable
String
branchName
)
{
boolean
canDelete
=
permissionValidator
.
hasReleaseNamespacePermission
(
appId
,
namespaceName
,
null
)
||
boolean
canDelete
=
permissionValidator
.
hasReleaseNamespacePermission
(
appId
,
namespaceName
,
env
)
||
permissionValidator
.
hasReleaseNamespacePermission
(
appId
,
namespaceName
,
env
)
||
(
permissionValidator
.
hasModifyNamespacePermission
(
appId
,
namespaceName
,
env
)
&&
((
permissionValidator
.
hasModifyNamespacePermission
(
appId
,
namespaceName
,
null
)
||
permissionValidator
.
hasModifyNamespacePermission
(
appId
,
namespaceName
,
env
))
&&
releaseService
.
loadLatestRelease
(
appId
,
Env
.
valueOf
(
env
),
branchName
,
namespaceName
)
==
null
);
releaseService
.
loadLatestRelease
(
appId
,
Env
.
valueOf
(
env
),
branchName
,
namespaceName
)
==
null
);
...
@@ -82,7 +81,7 @@ public class NamespaceBranchController {
...
@@ -82,7 +81,7 @@ public class NamespaceBranchController {
@PreAuthorize
(
value
=
"@permissionValidator.hasReleaseNamespacePermission(#appId, #namespaceName,
null) || @permissionValidator.hasReleaseNamespacePermission(#appId, #namespaceName,
#env)"
)
@PreAuthorize
(
value
=
"@permissionValidator.hasReleaseNamespacePermission(#appId, #namespaceName, #env)"
)
@RequestMapping
(
value
=
"/apps/{appId}/envs/{env}/clusters/{clusterName}/namespaces/{namespaceName}/branches/{branchName}/merge"
,
method
=
RequestMethod
.
POST
)
@RequestMapping
(
value
=
"/apps/{appId}/envs/{env}/clusters/{clusterName}/namespaces/{namespaceName}/branches/{branchName}/merge"
,
method
=
RequestMethod
.
POST
)
public
ReleaseDTO
merge
(
@PathVariable
String
appId
,
@PathVariable
String
env
,
public
ReleaseDTO
merge
(
@PathVariable
String
appId
,
@PathVariable
String
env
,
@PathVariable
String
clusterName
,
@PathVariable
String
namespaceName
,
@PathVariable
String
clusterName
,
@PathVariable
String
namespaceName
,
...
@@ -121,7 +120,7 @@ public class NamespaceBranchController {
...
@@ -121,7 +120,7 @@ public class NamespaceBranchController {
}
}
@PreAuthorize
(
value
=
"@permissionValidator.hasOperateNamespacePermission(#appId, #namespaceName,
null) || @permissionValidator.hasOperateNamespacePermission(#appId, #namespaceName,
#env)"
)
@PreAuthorize
(
value
=
"@permissionValidator.hasOperateNamespacePermission(#appId, #namespaceName, #env)"
)
@RequestMapping
(
value
=
"/apps/{appId}/envs/{env}/clusters/{clusterName}/namespaces/{namespaceName}/branches/{branchName}/rules"
,
method
=
RequestMethod
.
PUT
)
@RequestMapping
(
value
=
"/apps/{appId}/envs/{env}/clusters/{clusterName}/namespaces/{namespaceName}/branches/{branchName}/rules"
,
method
=
RequestMethod
.
PUT
)
public
void
updateBranchRules
(
@PathVariable
String
appId
,
@PathVariable
String
env
,
public
void
updateBranchRules
(
@PathVariable
String
appId
,
@PathVariable
String
env
,
@PathVariable
String
clusterName
,
@PathVariable
String
namespaceName
,
@PathVariable
String
clusterName
,
@PathVariable
String
namespaceName
,
...
...
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/controller/NamespaceController.java
浏览文件 @
f27bb7dd
...
@@ -208,10 +208,10 @@ public class NamespaceController {
...
@@ -208,10 +208,10 @@ public class NamespaceController {
String
operator
=
userInfoHolder
.
getUser
().
getUserId
();
String
operator
=
userInfoHolder
.
getUser
().
getUserId
();
rolePermissionService
rolePermissionService
.
assignRoleToUsers
(
RoleUtils
.
buildNamespaceRoleName
(
appId
,
namespaceName
,
RoleType
.
MODIFY_NAMESPACE
,
null
),
.
assignRoleToUsers
(
RoleUtils
.
buildNamespaceRoleName
(
appId
,
namespaceName
,
RoleType
.
MODIFY_NAMESPACE
),
Sets
.
newHashSet
(
operator
),
operator
);
Sets
.
newHashSet
(
operator
),
operator
);
rolePermissionService
rolePermissionService
.
assignRoleToUsers
(
RoleUtils
.
buildNamespaceRoleName
(
appId
,
namespaceName
,
RoleType
.
RELEASE_NAMESPACE
,
null
),
.
assignRoleToUsers
(
RoleUtils
.
buildNamespaceRoleName
(
appId
,
namespaceName
,
RoleType
.
RELEASE_NAMESPACE
),
Sets
.
newHashSet
(
operator
),
operator
);
Sets
.
newHashSet
(
operator
),
operator
);
}
}
}
}
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/controller/PermissionController.java
浏览文件 @
f27bb7dd
...
@@ -67,7 +67,7 @@ public class PermissionController {
...
@@ -67,7 +67,7 @@ public class PermissionController {
permissionCondition
.
setHasPermission
(
permissionCondition
.
setHasPermission
(
rolePermissionService
.
userHasPermission
(
userInfoHolder
.
getUser
().
getUserId
(),
permissionType
,
rolePermissionService
.
userHasPermission
(
userInfoHolder
.
getUser
().
getUserId
(),
permissionType
,
RoleUtils
.
buildNamespaceTargetId
(
appId
,
namespaceName
,
null
)));
RoleUtils
.
buildNamespaceTargetId
(
appId
,
namespaceName
)));
return
ResponseEntity
.
ok
().
body
(
permissionCondition
);
return
ResponseEntity
.
ok
().
body
(
permissionCondition
);
}
}
...
@@ -168,11 +168,11 @@ public class PermissionController {
...
@@ -168,11 +168,11 @@ public class PermissionController {
assignedUsers
.
setAppId
(
appId
);
assignedUsers
.
setAppId
(
appId
);
Set
<
UserInfo
>
releaseNamespaceUsers
=
Set
<
UserInfo
>
releaseNamespaceUsers
=
rolePermissionService
.
queryUsersWithRole
(
RoleUtils
.
buildReleaseNamespaceRoleName
(
appId
,
namespaceName
,
null
));
rolePermissionService
.
queryUsersWithRole
(
RoleUtils
.
buildReleaseNamespaceRoleName
(
appId
,
namespaceName
));
assignedUsers
.
setReleaseRoleUsers
(
releaseNamespaceUsers
);
assignedUsers
.
setReleaseRoleUsers
(
releaseNamespaceUsers
);
Set
<
UserInfo
>
modifyNamespaceUsers
=
Set
<
UserInfo
>
modifyNamespaceUsers
=
rolePermissionService
.
queryUsersWithRole
(
RoleUtils
.
buildModifyNamespaceRoleName
(
appId
,
namespaceName
,
null
));
rolePermissionService
.
queryUsersWithRole
(
RoleUtils
.
buildModifyNamespaceRoleName
(
appId
,
namespaceName
));
assignedUsers
.
setModifyRoleUsers
(
modifyNamespaceUsers
);
assignedUsers
.
setModifyRoleUsers
(
modifyNamespaceUsers
);
return
assignedUsers
;
return
assignedUsers
;
...
@@ -188,7 +188,7 @@ public class PermissionController {
...
@@ -188,7 +188,7 @@ public class PermissionController {
if
(!
RoleType
.
isValidRoleType
(
roleType
))
{
if
(!
RoleType
.
isValidRoleType
(
roleType
))
{
throw
new
BadRequestException
(
"role type is illegal"
);
throw
new
BadRequestException
(
"role type is illegal"
);
}
}
Set
<
String
>
assignedUser
=
rolePermissionService
.
assignRoleToUsers
(
RoleUtils
.
buildNamespaceRoleName
(
appId
,
namespaceName
,
roleType
,
null
),
Set
<
String
>
assignedUser
=
rolePermissionService
.
assignRoleToUsers
(
RoleUtils
.
buildNamespaceRoleName
(
appId
,
namespaceName
,
roleType
),
Sets
.
newHashSet
(
user
),
userInfoHolder
.
getUser
().
getUserId
());
Sets
.
newHashSet
(
user
),
userInfoHolder
.
getUser
().
getUserId
());
if
(
CollectionUtils
.
isEmpty
(
assignedUser
))
{
if
(
CollectionUtils
.
isEmpty
(
assignedUser
))
{
throw
new
BadRequestException
(
user
+
"已授权"
);
throw
new
BadRequestException
(
user
+
"已授权"
);
...
@@ -206,7 +206,7 @@ public class PermissionController {
...
@@ -206,7 +206,7 @@ public class PermissionController {
if
(!
RoleType
.
isValidRoleType
(
roleType
))
{
if
(!
RoleType
.
isValidRoleType
(
roleType
))
{
throw
new
BadRequestException
(
"role type is illegal"
);
throw
new
BadRequestException
(
"role type is illegal"
);
}
}
rolePermissionService
.
removeRoleFromUsers
(
RoleUtils
.
buildNamespaceRoleName
(
appId
,
namespaceName
,
roleType
,
null
),
rolePermissionService
.
removeRoleFromUsers
(
RoleUtils
.
buildNamespaceRoleName
(
appId
,
namespaceName
,
roleType
),
Sets
.
newHashSet
(
user
),
userInfoHolder
.
getUser
().
getUserId
());
Sets
.
newHashSet
(
user
),
userInfoHolder
.
getUser
().
getUserId
());
return
ResponseEntity
.
ok
().
build
();
return
ResponseEntity
.
ok
().
build
();
}
}
...
...
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/controller/ReleaseController.java
浏览文件 @
f27bb7dd
...
@@ -36,7 +36,7 @@ public class ReleaseController {
...
@@ -36,7 +36,7 @@ public class ReleaseController {
@Autowired
@Autowired
private
PortalConfig
portalConfig
;
private
PortalConfig
portalConfig
;
@PreAuthorize
(
value
=
"@permissionValidator.hasReleaseNamespacePermission(#appId, #namespaceName,
null) || @permissionValidator.hasReleaseNamespacePermission(#appId, #namespaceName,
#env)"
)
@PreAuthorize
(
value
=
"@permissionValidator.hasReleaseNamespacePermission(#appId, #namespaceName, #env)"
)
@RequestMapping
(
value
=
"/apps/{appId}/envs/{env}/clusters/{clusterName}/namespaces/{namespaceName}/releases"
,
method
=
RequestMethod
.
POST
)
@RequestMapping
(
value
=
"/apps/{appId}/envs/{env}/clusters/{clusterName}/namespaces/{namespaceName}/releases"
,
method
=
RequestMethod
.
POST
)
public
ReleaseDTO
createRelease
(
@PathVariable
String
appId
,
public
ReleaseDTO
createRelease
(
@PathVariable
String
appId
,
@PathVariable
String
env
,
@PathVariable
String
clusterName
,
@PathVariable
String
env
,
@PathVariable
String
clusterName
,
...
@@ -67,7 +67,7 @@ public class ReleaseController {
...
@@ -67,7 +67,7 @@ public class ReleaseController {
return
createdRelease
;
return
createdRelease
;
}
}
@PreAuthorize
(
value
=
"@permissionValidator.hasReleaseNamespacePermission(#appId, #namespaceName,
null) || @permissionValidator.hasReleaseNamespacePermission(#appId, #namespaceName,
#env)"
)
@PreAuthorize
(
value
=
"@permissionValidator.hasReleaseNamespacePermission(#appId, #namespaceName, #env)"
)
@RequestMapping
(
value
=
"/apps/{appId}/envs/{env}/clusters/{clusterName}/namespaces/{namespaceName}/branches/{branchName}/releases"
,
@RequestMapping
(
value
=
"/apps/{appId}/envs/{env}/clusters/{clusterName}/namespaces/{namespaceName}/branches/{branchName}/releases"
,
method
=
RequestMethod
.
POST
)
method
=
RequestMethod
.
POST
)
public
ReleaseDTO
createGrayRelease
(
@PathVariable
String
appId
,
public
ReleaseDTO
createGrayRelease
(
@PathVariable
String
appId
,
...
@@ -138,6 +138,7 @@ public class ReleaseController {
...
@@ -138,6 +138,7 @@ public class ReleaseController {
}
}
@PreAuthorize
(
value
=
"@permissionValidator.hasReleaseNamespacePermission(#appId, #namespaceName, #env)"
)
@RequestMapping
(
path
=
"/envs/{env}/releases/{releaseId}/rollback"
,
method
=
RequestMethod
.
PUT
)
@RequestMapping
(
path
=
"/envs/{env}/releases/{releaseId}/rollback"
,
method
=
RequestMethod
.
PUT
)
public
void
rollback
(
@PathVariable
String
env
,
public
void
rollback
(
@PathVariable
String
env
,
@PathVariable
long
releaseId
)
{
@PathVariable
long
releaseId
)
{
...
...
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/spi/defaultimpl/DefaultRoleInitializationService.java
浏览文件 @
f27bb7dd
...
@@ -58,10 +58,10 @@ public class DefaultRoleInitializationService implements RoleInitializationServi
...
@@ -58,10 +58,10 @@ public class DefaultRoleInitializationService implements RoleInitializationServi
//assign modify、release namespace role to user
//assign modify、release namespace role to user
rolePermissionService
.
assignRoleToUsers
(
rolePermissionService
.
assignRoleToUsers
(
RoleUtils
.
buildNamespaceRoleName
(
appId
,
ConfigConsts
.
NAMESPACE_APPLICATION
,
RoleType
.
MODIFY_NAMESPACE
,
null
),
RoleUtils
.
buildNamespaceRoleName
(
appId
,
ConfigConsts
.
NAMESPACE_APPLICATION
,
RoleType
.
MODIFY_NAMESPACE
),
Sets
.
newHashSet
(
operator
),
operator
);
Sets
.
newHashSet
(
operator
),
operator
);
rolePermissionService
.
assignRoleToUsers
(
rolePermissionService
.
assignRoleToUsers
(
RoleUtils
.
buildNamespaceRoleName
(
appId
,
ConfigConsts
.
NAMESPACE_APPLICATION
,
RoleType
.
RELEASE_NAMESPACE
,
null
),
RoleUtils
.
buildNamespaceRoleName
(
appId
,
ConfigConsts
.
NAMESPACE_APPLICATION
,
RoleType
.
RELEASE_NAMESPACE
),
Sets
.
newHashSet
(
operator
),
operator
);
Sets
.
newHashSet
(
operator
),
operator
);
}
}
...
@@ -69,13 +69,13 @@ public class DefaultRoleInitializationService implements RoleInitializationServi
...
@@ -69,13 +69,13 @@ public class DefaultRoleInitializationService implements RoleInitializationServi
@Transactional
@Transactional
public
void
initNamespaceRoles
(
String
appId
,
String
namespaceName
,
String
operator
)
{
public
void
initNamespaceRoles
(
String
appId
,
String
namespaceName
,
String
operator
)
{
String
modifyNamespaceRoleName
=
RoleUtils
.
buildModifyNamespaceRoleName
(
appId
,
namespaceName
,
null
);
String
modifyNamespaceRoleName
=
RoleUtils
.
buildModifyNamespaceRoleName
(
appId
,
namespaceName
);
if
(
rolePermissionService
.
findRoleByRoleName
(
modifyNamespaceRoleName
)
==
null
)
{
if
(
rolePermissionService
.
findRoleByRoleName
(
modifyNamespaceRoleName
)
==
null
)
{
createNamespaceRole
(
appId
,
namespaceName
,
PermissionType
.
MODIFY_NAMESPACE
,
createNamespaceRole
(
appId
,
namespaceName
,
PermissionType
.
MODIFY_NAMESPACE
,
modifyNamespaceRoleName
,
operator
);
modifyNamespaceRoleName
,
operator
);
}
}
String
releaseNamespaceRoleName
=
RoleUtils
.
buildReleaseNamespaceRoleName
(
appId
,
namespaceName
,
null
);
String
releaseNamespaceRoleName
=
RoleUtils
.
buildReleaseNamespaceRoleName
(
appId
,
namespaceName
);
if
(
rolePermissionService
.
findRoleByRoleName
(
releaseNamespaceRoleName
)
==
null
)
{
if
(
rolePermissionService
.
findRoleByRoleName
(
releaseNamespaceRoleName
)
==
null
)
{
createNamespaceRole
(
appId
,
namespaceName
,
PermissionType
.
RELEASE_NAMESPACE
,
createNamespaceRole
(
appId
,
namespaceName
,
PermissionType
.
RELEASE_NAMESPACE
,
releaseNamespaceRoleName
,
operator
);
releaseNamespaceRoleName
,
operator
);
...
@@ -143,7 +143,7 @@ public class DefaultRoleInitializationService implements RoleInitializationServi
...
@@ -143,7 +143,7 @@ public class DefaultRoleInitializationService implements RoleInitializationServi
String
roleName
,
String
operator
)
{
String
roleName
,
String
operator
)
{
Permission
permission
=
Permission
permission
=
createPermission
(
RoleUtils
.
buildNamespaceTargetId
(
appId
,
namespaceName
,
null
),
permissionType
,
operator
);
createPermission
(
RoleUtils
.
buildNamespaceTargetId
(
appId
,
namespaceName
),
permissionType
,
operator
);
Permission
createdPermission
=
rolePermissionService
.
createPermission
(
permission
);
Permission
createdPermission
=
rolePermissionService
.
createPermission
(
permission
);
Role
role
=
createRole
(
roleName
,
operator
);
Role
role
=
createRole
(
roleName
,
operator
);
...
...
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/util/RoleUtils.java
浏览文件 @
f27bb7dd
...
@@ -7,7 +7,7 @@ import com.ctrip.framework.apollo.portal.constant.RoleType;
...
@@ -7,7 +7,7 @@ import com.ctrip.framework.apollo.portal.constant.RoleType;
public
class
RoleUtils
{
public
class
RoleUtils
{
private
static
final
Joiner
STRING_JOINER
=
Joiner
.
on
(
ConfigConsts
.
CLUSTER_NAMESPACE_SEPARATOR
);
private
static
final
Joiner
STRING_JOINER
=
Joiner
.
on
(
ConfigConsts
.
CLUSTER_NAMESPACE_SEPARATOR
)
.
skipNulls
()
;
public
static
String
buildAppMasterRoleName
(
String
appId
)
{
public
static
String
buildAppMasterRoleName
(
String
appId
)
{
return
STRING_JOINER
.
join
(
RoleType
.
MASTER
,
appId
);
return
STRING_JOINER
.
join
(
RoleType
.
MASTER
,
appId
);
...
@@ -17,36 +17,44 @@ public class RoleUtils {
...
@@ -17,36 +17,44 @@ public class RoleUtils {
return
STRING_JOINER
.
join
(
roleType
,
appId
);
return
STRING_JOINER
.
join
(
roleType
,
appId
);
}
}
public
static
String
buildModifyNamespaceRoleName
(
String
appId
,
String
namespaceName
)
{
return
buildModifyNamespaceRoleName
(
appId
,
namespaceName
,
null
);
}
public
static
String
buildModifyNamespaceRoleName
(
String
appId
,
String
namespaceName
,
String
env
)
{
public
static
String
buildModifyNamespaceRoleName
(
String
appId
,
String
namespaceName
,
String
env
)
{
if
(
null
!=
env
&&
!
""
.
equals
(
env
))
return
STRING_JOINER
.
join
(
RoleType
.
MODIFY_NAMESPACE
,
appId
,
namespaceName
,
env
);
return
STRING_JOINER
.
join
(
RoleType
.
MODIFY_NAMESPACE
,
appId
,
namespaceName
,
env
);
return
STRING_JOINER
.
join
(
RoleType
.
MODIFY_NAMESPACE
,
appId
,
namespaceName
);
}
}
public
static
String
buildModifyDefaultNamespaceRoleName
(
String
appId
)
{
public
static
String
buildModifyDefaultNamespaceRoleName
(
String
appId
)
{
return
STRING_JOINER
.
join
(
RoleType
.
MODIFY_NAMESPACE
,
appId
,
ConfigConsts
.
NAMESPACE_APPLICATION
);
return
STRING_JOINER
.
join
(
RoleType
.
MODIFY_NAMESPACE
,
appId
,
ConfigConsts
.
NAMESPACE_APPLICATION
);
}
}
public
static
String
buildReleaseNamespaceRoleName
(
String
appId
,
String
namespaceName
)
{
return
buildReleaseNamespaceRoleName
(
appId
,
namespaceName
,
null
);
}
public
static
String
buildReleaseNamespaceRoleName
(
String
appId
,
String
namespaceName
,
String
env
)
{
public
static
String
buildReleaseNamespaceRoleName
(
String
appId
,
String
namespaceName
,
String
env
)
{
if
(
null
!=
env
&&
!
""
.
equals
(
env
))
return
STRING_JOINER
.
join
(
RoleType
.
RELEASE_NAMESPACE
,
appId
,
namespaceName
,
env
);
return
STRING_JOINER
.
join
(
RoleType
.
RELEASE_NAMESPACE
,
appId
,
namespaceName
,
env
);
}
return
STRING_JOINER
.
join
(
RoleType
.
RELEASE_NAMESPACE
,
appId
,
namespaceName
);
public
static
String
buildNamespaceRoleName
(
String
appId
,
String
namespaceName
,
String
roleType
)
{
return
buildNamespaceRoleName
(
appId
,
namespaceName
,
roleType
,
null
);
}
}
public
static
String
buildNamespaceRoleName
(
String
appId
,
String
namespaceName
,
String
roleType
,
String
env
)
{
public
static
String
buildNamespaceRoleName
(
String
appId
,
String
namespaceName
,
String
roleType
,
String
env
)
{
if
(
null
!=
env
&&
!
""
.
equals
(
env
))
return
STRING_JOINER
.
join
(
roleType
,
appId
,
namespaceName
,
env
);
return
STRING_JOINER
.
join
(
roleType
,
appId
,
namespaceName
,
env
);
return
STRING_JOINER
.
join
(
roleType
,
appId
,
namespaceName
);
}
}
public
static
String
buildReleaseDefaultNamespaceRoleName
(
String
appId
)
{
public
static
String
buildReleaseDefaultNamespaceRoleName
(
String
appId
)
{
return
STRING_JOINER
.
join
(
RoleType
.
RELEASE_NAMESPACE
,
appId
,
ConfigConsts
.
NAMESPACE_APPLICATION
);
return
STRING_JOINER
.
join
(
RoleType
.
RELEASE_NAMESPACE
,
appId
,
ConfigConsts
.
NAMESPACE_APPLICATION
);
}
}
public
static
String
buildNamespaceTargetId
(
String
appId
,
String
namespaceName
)
{
return
buildNamespaceTargetId
(
appId
,
namespaceName
,
null
);
}
public
static
String
buildNamespaceTargetId
(
String
appId
,
String
namespaceName
,
String
env
)
{
public
static
String
buildNamespaceTargetId
(
String
appId
,
String
namespaceName
,
String
env
)
{
if
(
null
!=
env
&&
!
""
.
equals
(
env
))
return
STRING_JOINER
.
join
(
appId
,
namespaceName
,
env
);
return
STRING_JOINER
.
join
(
appId
,
namespaceName
,
env
);
return
STRING_JOINER
.
join
(
appId
,
namespaceName
);
}
}
public
static
String
buildDefaultNamespaceTargetId
(
String
appId
)
{
public
static
String
buildDefaultNamespaceTargetId
(
String
appId
)
{
...
...
apollo-portal/src/main/resources/static/namespace/role.html
浏览文件 @
f27bb7dd
...
@@ -35,13 +35,13 @@
...
@@ -35,13 +35,13 @@
<div
class=
"row"
>
<div
class=
"row"
>
<div
class=
"form-horizontal"
>
<div
class=
"form-horizontal"
>
<div
class=
"form-group"
>
<div
class=
"form-group"
>
<label
class=
"col-sm-2 control-label"
>
修改权
<br><small>
(可以修改配置
,不选择环境则对所有环境授权
)
</small></label>
<label
class=
"col-sm-2 control-label"
>
修改权
<br><small>
(可以修改配置)
</small></label>
<div
class=
"col-sm-8"
>
<div
class=
"col-sm-8"
>
<form
class=
"form-inline"
ng-submit=
"assignRoleToUser('ModifyNamespace')"
>
<form
class=
"form-inline"
ng-submit=
"assignRoleToUser('ModifyNamespace')"
>
<div
class=
"form-group"
>
<div
class=
"form-group"
>
<apollouserselector
apollo-id=
"modifyRoleWidgetId"
></apollouserselector>
<apollouserselector
apollo-id=
"modifyRoleWidgetId"
></apollouserselector>
<select
class=
"form-control input-sm"
ng-model=
"modifyRoleSelectedEnv"
>
<select
class=
"form-control input-sm"
ng-model=
"modifyRoleSelectedEnv"
>
<option
value=
""
>
可选
环境
</option>
<option
value=
""
>
所有
环境
</option>
<option
ng-repeat=
"env in envs"
ng-value=
"env"
>
{{env}}
</option>
<option
ng-repeat=
"env in envs"
ng-value=
"env"
>
{{env}}
</option>
</select>
</select>
</div>
</div>
...
@@ -49,7 +49,7 @@
...
@@ -49,7 +49,7 @@
</form>
</form>
<!-- Split button -->
<!-- Split button -->
<div
class=
"item-container"
>
<div
class=
"item-container"
>
<h5>
ALL
</h5>
<h5>
所有环境
</h5>
<div
class=
"btn-group item-info"
ng-repeat=
"user in rolesAssignedUsers.modifyRoleUsers"
>
<div
class=
"btn-group item-info"
ng-repeat=
"user in rolesAssignedUsers.modifyRoleUsers"
>
<button
type=
"button"
class=
"btn btn-default"
ng-bind=
"user.userId"
></button>
<button
type=
"button"
class=
"btn btn-default"
ng-bind=
"user.userId"
></button>
<button
type=
"button"
class=
"btn btn-default dropdown-toggle"
data-toggle=
"dropdown"
<button
type=
"button"
class=
"btn btn-default dropdown-toggle"
data-toggle=
"dropdown"
...
@@ -77,14 +77,14 @@
...
@@ -77,14 +77,14 @@
<div
class=
"row"
style=
"margin-top: 10px;"
>
<div
class=
"row"
style=
"margin-top: 10px;"
>
<div
class=
"form-horizontal"
>
<div
class=
"form-horizontal"
>
<div
class=
"col-sm-2 text-right"
>
<div
class=
"col-sm-2 text-right"
>
<label
class=
"control-label"
>
发布权
<br><small>
(可以发布配置
,不选择环境则对所有环境授权
)
</small></label>
<label
class=
"control-label"
>
发布权
<br><small>
(可以发布配置)
</small></label>
</div>
</div>
<div
class=
"col-sm-8"
>
<div
class=
"col-sm-8"
>
<form
class=
"form-inline"
ng-submit=
"assignRoleToUser('ReleaseNamespace')"
>
<form
class=
"form-inline"
ng-submit=
"assignRoleToUser('ReleaseNamespace')"
>
<div
class=
"form-group"
>
<div
class=
"form-group"
>
<apollouserselector
apollo-id=
"releaseRoleWidgetId"
></apollouserselector>
<apollouserselector
apollo-id=
"releaseRoleWidgetId"
></apollouserselector>
<select
class=
"form-control input-sm"
ng-model=
"releaseRoleSelectedEnv"
>
<select
class=
"form-control input-sm"
ng-model=
"releaseRoleSelectedEnv"
>
<option
value=
""
>
可选
环境
</option>
<option
value=
""
>
所有
环境
</option>
<option
ng-repeat=
"env in envs"
ng-value=
"env"
>
{{env}}
</option>
<option
ng-repeat=
"env in envs"
ng-value=
"env"
>
{{env}}
</option>
</select>
</select>
</div>
</div>
...
@@ -92,7 +92,7 @@
...
@@ -92,7 +92,7 @@
</form>
</form>
<!-- Split button -->
<!-- Split button -->
<div
class=
"item-container"
>
<div
class=
"item-container"
>
<h5>
ALL
</h5>
<h5>
所有环境
</h5>
<div
class=
"btn-group item-info"
ng-repeat=
"user in rolesAssignedUsers.releaseRoleUsers"
>
<div
class=
"btn-group item-info"
ng-repeat=
"user in rolesAssignedUsers.releaseRoleUsers"
>
<button
type=
"button"
class=
"btn btn-default"
ng-bind=
"user.userId"
></button>
<button
type=
"button"
class=
"btn btn-default"
ng-bind=
"user.userId"
></button>
<button
type=
"button"
class=
"btn btn-default dropdown-toggle"
data-toggle=
"dropdown"
<button
type=
"button"
class=
"btn btn-default dropdown-toggle"
data-toggle=
"dropdown"
...
...
apollo-portal/src/main/resources/static/open/manage.html
浏览文件 @
f27bb7dd
...
@@ -137,13 +137,16 @@
...
@@ -137,13 +137,16 @@
</div>
</div>
<div
class=
"form-group"
valdr-form-group
ng-show=
"consumerRole.type=='NamespaceRole'"
>
<div
class=
"form-group"
valdr-form-group
ng-show=
"consumerRole.type=='NamespaceRole'"
>
<label
class=
"col-sm-2 control-label"
>
<label
class=
"col-sm-2 control-label"
>
环境
(不选择则所有环境都有权限)
环境
</label>
</label>
<div
class=
"col-sm-3"
>
<div
class=
"col-sm-10"
>
<label
class=
"checkbox-inline"
ng-repeat=
"env in envs"
>
<div>
<input
type=
"checkbox"
ng-checked=
"env.checked"
ng-click=
"switchSelect(env)"
/>
<label
class=
"checkbox-inline"
ng-repeat=
"env in envs"
>
{{env.env}}
<input
type=
"checkbox"
ng-checked=
"env.checked"
ng-click=
"switchSelect(env)"
/>
</label>
{{env.env}}
</label>
</div>
<small>
(不选择则所有环境都有权限,如果提示Namespace's role does not exist,请先打开该Namespace的授权页面触发一下权限的初始化动作)
</small>
</div>
</div>
</div>
</div>
<div
class=
"form-group"
>
<div
class=
"form-group"
>
...
...
apollo-portal/src/test/java/com/ctrip/framework/apollo/openapi/service/ConsumerServiceTest.java
浏览文件 @
f27bb7dd
...
@@ -177,8 +177,8 @@ public class ConsumerServiceTest extends AbstractUnitTest {
...
@@ -177,8 +177,8 @@ public class ConsumerServiceTest extends AbstractUnitTest {
doReturn
(
consumerId
).
when
(
consumerService
).
getConsumerIdByToken
(
token
);
doReturn
(
consumerId
).
when
(
consumerService
).
getConsumerIdByToken
(
token
);
String
testNamespace
=
"namespace"
;
String
testNamespace
=
"namespace"
;
String
modifyRoleName
=
RoleUtils
.
buildModifyNamespaceRoleName
(
testAppId
,
testNamespace
,
null
);
String
modifyRoleName
=
RoleUtils
.
buildModifyNamespaceRoleName
(
testAppId
,
testNamespace
);
String
releaseRoleName
=
RoleUtils
.
buildReleaseNamespaceRoleName
(
testAppId
,
testNamespace
,
null
);
String
releaseRoleName
=
RoleUtils
.
buildReleaseNamespaceRoleName
(
testAppId
,
testNamespace
);
String
envModifyRoleName
=
RoleUtils
.
buildModifyNamespaceRoleName
(
testAppId
,
testNamespace
,
Env
.
DEV
.
toString
());
String
envModifyRoleName
=
RoleUtils
.
buildModifyNamespaceRoleName
(
testAppId
,
testNamespace
,
Env
.
DEV
.
toString
());
String
envReleaseRoleName
=
RoleUtils
.
buildReleaseNamespaceRoleName
(
testAppId
,
testNamespace
,
Env
.
DEV
.
toString
());
String
envReleaseRoleName
=
RoleUtils
.
buildReleaseNamespaceRoleName
(
testAppId
,
testNamespace
,
Env
.
DEV
.
toString
());
long
modifyRoleId
=
1
;
long
modifyRoleId
=
1
;
...
@@ -208,7 +208,7 @@ public class ConsumerServiceTest extends AbstractUnitTest {
...
@@ -208,7 +208,7 @@ public class ConsumerServiceTest extends AbstractUnitTest {
doReturn
(
namespaceReleaseConsumerRole
).
when
(
consumerService
).
createConsumerRole
(
consumerId
,
releaseRoleId
,
testOwner
);
doReturn
(
namespaceReleaseConsumerRole
).
when
(
consumerService
).
createConsumerRole
(
consumerId
,
releaseRoleId
,
testOwner
);
doReturn
(
namespaceEnvReleaseConsumerRole
).
when
(
consumerService
).
createConsumerRole
(
consumerId
,
envReleaseRoleId
,
testOwner
);
doReturn
(
namespaceEnvReleaseConsumerRole
).
when
(
consumerService
).
createConsumerRole
(
consumerId
,
envReleaseRoleId
,
testOwner
);
consumerService
.
assignNamespaceRoleToConsumer
(
token
,
testAppId
,
testNamespace
,
null
);
consumerService
.
assignNamespaceRoleToConsumer
(
token
,
testAppId
,
testNamespace
);
consumerService
.
assignNamespaceRoleToConsumer
(
token
,
testAppId
,
testNamespace
,
Env
.
DEV
.
toString
());
consumerService
.
assignNamespaceRoleToConsumer
(
token
,
testAppId
,
testNamespace
,
Env
.
DEV
.
toString
());
verify
(
consumerRoleRepository
).
save
(
namespaceModifyConsumerRole
);
verify
(
consumerRoleRepository
).
save
(
namespaceModifyConsumerRole
);
...
...
apollo-portal/src/test/java/com/ctrip/framework/apollo/portal/spi/defaultImpl/RoleInitializationServiceTest.java
浏览文件 @
f27bb7dd
...
@@ -74,11 +74,11 @@ public class RoleInitializationServiceTest extends AbstractUnitTest {
...
@@ -74,11 +74,11 @@ public class RoleInitializationServiceTest extends AbstractUnitTest {
@Test
@Test
public
void
testInitNamespaceRoleHasExisted
(){
public
void
testInitNamespaceRoleHasExisted
(){
String
modifyNamespaceRoleName
=
RoleUtils
.
buildModifyNamespaceRoleName
(
APP_ID
,
NAMESPACE
,
null
);
String
modifyNamespaceRoleName
=
RoleUtils
.
buildModifyNamespaceRoleName
(
APP_ID
,
NAMESPACE
);
when
(
rolePermissionService
.
findRoleByRoleName
(
modifyNamespaceRoleName
)).
when
(
rolePermissionService
.
findRoleByRoleName
(
modifyNamespaceRoleName
)).
thenReturn
(
mockRole
(
modifyNamespaceRoleName
));
thenReturn
(
mockRole
(
modifyNamespaceRoleName
));
String
releaseNamespaceRoleName
=
RoleUtils
.
buildReleaseNamespaceRoleName
(
APP_ID
,
NAMESPACE
,
null
);
String
releaseNamespaceRoleName
=
RoleUtils
.
buildReleaseNamespaceRoleName
(
APP_ID
,
NAMESPACE
);
when
(
rolePermissionService
.
findRoleByRoleName
(
releaseNamespaceRoleName
)).
when
(
rolePermissionService
.
findRoleByRoleName
(
releaseNamespaceRoleName
)).
thenReturn
(
mockRole
(
releaseNamespaceRoleName
));
thenReturn
(
mockRole
(
releaseNamespaceRoleName
));
...
@@ -92,11 +92,11 @@ public class RoleInitializationServiceTest extends AbstractUnitTest {
...
@@ -92,11 +92,11 @@ public class RoleInitializationServiceTest extends AbstractUnitTest {
@Test
@Test
public
void
testInitNamespaceRoleNotExisted
(){
public
void
testInitNamespaceRoleNotExisted
(){
String
modifyNamespaceRoleName
=
RoleUtils
.
buildModifyNamespaceRoleName
(
APP_ID
,
NAMESPACE
,
null
);
String
modifyNamespaceRoleName
=
RoleUtils
.
buildModifyNamespaceRoleName
(
APP_ID
,
NAMESPACE
);
when
(
rolePermissionService
.
findRoleByRoleName
(
modifyNamespaceRoleName
)).
when
(
rolePermissionService
.
findRoleByRoleName
(
modifyNamespaceRoleName
)).
thenReturn
(
null
);
thenReturn
(
null
);
String
releaseNamespaceRoleName
=
RoleUtils
.
buildReleaseNamespaceRoleName
(
APP_ID
,
NAMESPACE
,
null
);
String
releaseNamespaceRoleName
=
RoleUtils
.
buildReleaseNamespaceRoleName
(
APP_ID
,
NAMESPACE
);
when
(
rolePermissionService
.
findRoleByRoleName
(
releaseNamespaceRoleName
)).
when
(
rolePermissionService
.
findRoleByRoleName
(
releaseNamespaceRoleName
)).
thenReturn
(
null
);
thenReturn
(
null
);
...
@@ -113,11 +113,11 @@ public class RoleInitializationServiceTest extends AbstractUnitTest {
...
@@ -113,11 +113,11 @@ public class RoleInitializationServiceTest extends AbstractUnitTest {
@Test
@Test
public
void
testInitNamespaceRoleModifyNSExisted
(){
public
void
testInitNamespaceRoleModifyNSExisted
(){
String
modifyNamespaceRoleName
=
RoleUtils
.
buildModifyNamespaceRoleName
(
APP_ID
,
NAMESPACE
,
null
);
String
modifyNamespaceRoleName
=
RoleUtils
.
buildModifyNamespaceRoleName
(
APP_ID
,
NAMESPACE
);
when
(
rolePermissionService
.
findRoleByRoleName
(
modifyNamespaceRoleName
)).
when
(
rolePermissionService
.
findRoleByRoleName
(
modifyNamespaceRoleName
)).
thenReturn
(
mockRole
(
modifyNamespaceRoleName
));
thenReturn
(
mockRole
(
modifyNamespaceRoleName
));
String
releaseNamespaceRoleName
=
RoleUtils
.
buildReleaseNamespaceRoleName
(
APP_ID
,
NAMESPACE
,
null
);
String
releaseNamespaceRoleName
=
RoleUtils
.
buildReleaseNamespaceRoleName
(
APP_ID
,
NAMESPACE
);
when
(
rolePermissionService
.
findRoleByRoleName
(
releaseNamespaceRoleName
)).
when
(
rolePermissionService
.
findRoleByRoleName
(
releaseNamespaceRoleName
)).
thenReturn
(
null
);
thenReturn
(
null
);
...
@@ -157,7 +157,7 @@ public class RoleInitializationServiceTest extends AbstractUnitTest {
...
@@ -157,7 +157,7 @@ public class RoleInitializationServiceTest extends AbstractUnitTest {
private
Permission
mockPermission
(){
private
Permission
mockPermission
(){
Permission
permission
=
new
Permission
();
Permission
permission
=
new
Permission
();
permission
.
setPermissionType
(
PermissionType
.
MODIFY_NAMESPACE
);
permission
.
setPermissionType
(
PermissionType
.
MODIFY_NAMESPACE
);
permission
.
setTargetId
(
RoleUtils
.
buildNamespaceTargetId
(
APP_ID
,
NAMESPACE
,
null
));
permission
.
setTargetId
(
RoleUtils
.
buildNamespaceTargetId
(
APP_ID
,
NAMESPACE
));
return
permission
;
return
permission
;
}
}
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录