Skip to content

apollo
apollo

wrr-cat / apollo
与 Fork 源项目一致

从无法访问的项目Fork

通知 2
Star 0
Fork 0
apollo
apollo

体验新版 GitCode,发现更多精彩内容 >>

提交 f27bb7dd 编写于 作者: N nobodyiam
浏览文件
操作

refactor and fix some bugs

上级 cefdda6d
显示空白变更内容
内联 并排
Showing with 122 addition and 90 deletion
apollo-portal/src/main/java/com/ctrip/framework/apollo/openapi/auth/ConsumerPermissionValidator.java
浏览文件 @ f27bb7dd
......@@ -19,26 +19,25 @@ public class ConsumerPermissionValidator {
private ConsumerAuthUtil consumerAuthUtil;
public boolean hasModifyNamespacePermission(HttpServletRequest request, String appId, String
namespaceName) {
public boolean hasModifyNamespacePermission(HttpServletRequest request, String appId, String namespaceName,
String env) {
if (hasCreateNamespacePermission(request, appId)) {
return true;
}
return permissionService.consumerHasPermission(consumerAuthUtil.retrieveConsumerId(request),
PermissionType.MODIFY_NAMESPACE,
RoleUtils.buildNamespaceTargetId(appId, namespaceName, null));
RoleUtils.buildNamespaceTargetId(appId, namespaceName, env));
}
public boolean hasReleaseNamespacePermission(HttpServletRequest request, String appId, String
namespaceName) {
public boolean hasReleaseNamespacePermission(HttpServletRequest request, String appId, String namespaceName,
String env) {
if (hasCreateNamespacePermission(request, appId)) {
return true;
}
return permissionService.consumerHasPermission(consumerAuthUtil.retrieveConsumerId(request),
PermissionType.RELEASE_NAMESPACE,
RoleUtils.buildNamespaceTargetId(appId, namespaceName, null));
RoleUtils.buildNamespaceTargetId(appId, namespaceName, env));
}
......
apollo-portal/src/main/java/com/ctrip/framework/apollo/openapi/service/ConsumerService.java
浏览文件 @ f27bb7dd
......@@ -112,6 +112,10 @@ public class ConsumerService {
return consumerRepository.findOne(consumerId);
}
public List<ConsumerRole> assignNamespaceRoleToConsumer(String token, String appId, String namespaceName) {
return assignNamespaceRoleToConsumer(token, appId, namespaceName, null);
}
@Transactional
public List<ConsumerRole> assignNamespaceRoleToConsumer(String token, String appId, String namespaceName, String env) {
Long consumerId = getConsumerIdByToken(token);
......
apollo-portal/src/main/java/com/ctrip/framework/apollo/openapi/v1/controller/ItemController.java
浏览文件 @ f27bb7dd
......@@ -32,7 +32,7 @@ public class ItemController {
private UserService userService;
@PreAuthorize(value = "@consumerPermissionValidator.hasModifyNamespacePermission(#request, #appId, #namespaceName)")
@PreAuthorize(value = "@consumerPermissionValidator.hasModifyNamespacePermission(#request, #appId, #namespaceName, #env)")
@RequestMapping(value = "/apps/{appId}/clusters/{clusterName}/namespaces/{namespaceName}/items", method = RequestMethod.POST)
public OpenItemDTO createItem(@PathVariable String appId, @PathVariable String env,
@PathVariable String clusterName, @PathVariable String namespaceName,
......@@ -60,7 +60,7 @@ public class ItemController {
return OpenApiBeanUtils.transformFromItemDTO(createdItem);
}
@PreAuthorize(value = "@consumerPermissionValidator.hasModifyNamespacePermission(#request, #appId, #namespaceName)")
@PreAuthorize(value = "@consumerPermissionValidator.hasModifyNamespacePermission(#request, #appId, #namespaceName, #env)")
@RequestMapping(value = "/apps/{appId}/clusters/{clusterName}/namespaces/{namespaceName}/items/{key:.+}", method = RequestMethod.PUT)
public void updateItem(@PathVariable String appId, @PathVariable String env,
@PathVariable String clusterName, @PathVariable String namespaceName,
......@@ -91,7 +91,7 @@ public class ItemController {
}
@PreAuthorize(value = "@consumerPermissionValidator.hasModifyNamespacePermission(#request, #appId, #namespaceName)")
@PreAuthorize(value = "@consumerPermissionValidator.hasModifyNamespacePermission(#request, #appId, #namespaceName, #env)")
@RequestMapping(value = "/apps/{appId}/clusters/{clusterName}/namespaces/{namespaceName}/items/{key:.+}", method = RequestMethod.DELETE)
public void deleteItem(@PathVariable String appId, @PathVariable String env,
@PathVariable String clusterName, @PathVariable String namespaceName,
......
apollo-portal/src/main/java/com/ctrip/framework/apollo/openapi/v1/controller/ReleaseController.java
浏览文件 @ f27bb7dd
......@@ -33,7 +33,7 @@ public class ReleaseController {
@Autowired
private UserService userService;
@PreAuthorize(value = "@consumerPermissionValidator.hasReleaseNamespacePermission(#request, #appId, #namespaceName)")
@PreAuthorize(value = "@consumerPermissionValidator.hasReleaseNamespacePermission(#request, #appId, #namespaceName, #env)")
@RequestMapping(value = "/apps/{appId}/clusters/{clusterName}/namespaces/{namespaceName}/releases", method = RequestMethod.POST)
public OpenReleaseDTO createRelease(@PathVariable String appId, @PathVariable String env,
@PathVariable String clusterName,
......
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/component/PermissionValidator.java
浏览文件 @ f27bb7dd
......@@ -6,7 +6,6 @@ import com.ctrip.framework.apollo.portal.constant.PermissionType;
import com.ctrip.framework.apollo.portal.service.RolePermissionService;
import com.ctrip.framework.apollo.portal.spi.UserInfoHolder;
import com.ctrip.framework.apollo.portal.util.RoleUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
......@@ -20,24 +19,42 @@ public class PermissionValidator {
@Autowired
private PortalConfig portalConfig;
public boolean hasModifyNamespacePermission(String appId, String namespaceName, String env) {
public boolean hasModifyNamespacePermission(String appId, String namespaceName) {
return rolePermissionService.userHasPermission(userInfoHolder.getUser().getUserId(),
PermissionType.MODIFY_NAMESPACE,
RoleUtils.buildNamespaceTargetId(appId, namespaceName, env));
RoleUtils.buildNamespaceTargetId(appId, namespaceName));
}
public boolean hasReleaseNamespacePermission(String appId, String namespaceName, String env) {
public boolean hasModifyNamespacePermission(String appId, String namespaceName, String env) {
return hasModifyNamespacePermission(appId, namespaceName) ||
rolePermissionService.userHasPermission(userInfoHolder.getUser().getUserId(),
PermissionType.MODIFY_NAMESPACE, RoleUtils.buildNamespaceTargetId(appId, namespaceName, env));
}
public boolean hasReleaseNamespacePermission(String appId, String namespaceName) {
return rolePermissionService.userHasPermission(userInfoHolder.getUser().getUserId(),
PermissionType.RELEASE_NAMESPACE,
RoleUtils.buildNamespaceTargetId(appId, namespaceName, env));
RoleUtils.buildNamespaceTargetId(appId, namespaceName));
}
public boolean hasReleaseNamespacePermission(String appId, String namespaceName, String env) {
return hasReleaseNamespacePermission(appId, namespaceName) ||
rolePermissionService.userHasPermission(userInfoHolder.getUser().getUserId(),
PermissionType.RELEASE_NAMESPACE, RoleUtils.buildNamespaceTargetId(appId, namespaceName, env));
}
public boolean hasDeleteNamespacePermission(String appId) {
return hasAssignRolePermission(appId) || isSuperAdmin();
}
public boolean hasOperateNamespacePermission(String appId, String namespaceName) {
return hasModifyNamespacePermission(appId, namespaceName) || hasReleaseNamespacePermission(appId, namespaceName);
}
public boolean hasOperateNamespacePermission(String appId, String namespaceName, String env) {
return hasModifyNamespacePermission(appId, namespaceName, env) || hasReleaseNamespacePermission(appId, namespaceName, env);
return hasOperateNamespacePermission(appId, namespaceName) ||
hasModifyNamespacePermission(appId, namespaceName, env) ||
hasReleaseNamespacePermission(appId, namespaceName, env);
}
public boolean hasAssignRolePermission(String appId) {
......@@ -77,8 +94,4 @@ public class PermissionValidator {
public boolean isSuperAdmin() {
return rolePermissionService.isSuperAdmin(userInfoHolder.getUser().getUserId());
}
public boolean alwaysTrue() {
return true;
}
}
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/component/emailbuilder/ConfigPublishEmailBuilder.java
浏览文件 @ f27bb7dd
......@@ -211,13 +211,13 @@ public abstract class ConfigPublishEmailBuilder {
private List<String> recipients(String appId, String namespaceName, String env) {
Set<UserInfo> modifyRoleUsers =
rolePermissionService
.queryUsersWithRole(RoleUtils.buildNamespaceRoleName(appId, namespaceName, RoleType.MODIFY_NAMESPACE, null));
.queryUsersWithRole(RoleUtils.buildNamespaceRoleName(appId, namespaceName, RoleType.MODIFY_NAMESPACE));
Set<UserInfo> envModifyRoleUsers =
rolePermissionService
.queryUsersWithRole(RoleUtils.buildNamespaceRoleName(appId, namespaceName, RoleType.MODIFY_NAMESPACE, env));
Set<UserInfo> releaseRoleUsers =
rolePermissionService
.queryUsersWithRole(RoleUtils.buildNamespaceRoleName(appId, namespaceName, RoleType.RELEASE_NAMESPACE, null));
.queryUsersWithRole(RoleUtils.buildNamespaceRoleName(appId, namespaceName, RoleType.RELEASE_NAMESPACE));
Set<UserInfo> envReleaseRoleUsers =
rolePermissionService
.queryUsersWithRole(RoleUtils.buildNamespaceRoleName(appId, namespaceName, RoleType.RELEASE_NAMESPACE, env));
......
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/controller/ConsumerController.java
浏览文件 @ f27bb7dd
......@@ -9,6 +9,8 @@ import com.ctrip.framework.apollo.openapi.entity.ConsumerRole;
import com.ctrip.framework.apollo.openapi.entity.ConsumerToken;
import com.ctrip.framework.apollo.openapi.service.ConsumerService;
import com.google.common.base.Strings;
import com.google.common.collect.Lists;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.format.annotation.DateTimeFormat;
import org.springframework.security.access.prepost.PreAuthorize;
......@@ -81,12 +83,17 @@ public class ConsumerController {
throw new BadRequestException("Params(NamespaceName) can not be empty.");
}
if (null != envs){
String[] envList = envs.split(",");
String[] envArray = envs.split(",");
List<String> envList = Lists.newArrayList();
// validate env parameter
for (String env : envList) {
if (null != env && !"".equals(env) && null == EnvUtils.transformEnv(env)) {
for (String env : envArray) {
if (Strings.isNullOrEmpty(env)) {
continue;
}
if (null == EnvUtils.transformEnv(env)) {
throw new BadRequestException(String.format("env: %s is illegal", env));
}
envList.add(env);
}
List<ConsumerRole> consumeRoles = new ArrayList<>();
......@@ -96,7 +103,7 @@ public class ConsumerController {
return consumeRoles;
}
return consumerService.assignNamespaceRoleToConsumer(token, appId, namespaceName, null);
return consumerService.assignNamespaceRoleToConsumer(token, appId, namespaceName);
}
}
......
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/controller/ItemController.java
浏览文件 @ f27bb7dd
......@@ -40,7 +40,7 @@ public class ItemController {
@Autowired
private PermissionValidator permissionValidator;
@PreAuthorize(value = "@permissionValidator.hasModifyNamespacePermission(#appId, #namespaceName, null) || @permissionValidator.hasModifyNamespacePermission(#appId, #namespaceName, #env)")
@PreAuthorize(value = "@permissionValidator.hasModifyNamespacePermission(#appId, #namespaceName, #env)")
@RequestMapping(value = "/apps/{appId}/envs/{env}/clusters/{clusterName}/namespaces/{namespaceName}/items", method = RequestMethod.PUT, consumes = {
"application/json"})
public void modifyItemsByText(@PathVariable String appId, @PathVariable String env,
......@@ -57,7 +57,7 @@ public class ItemController {
configService.updateConfigItemByText(model);
}
@PreAuthorize(value = "@permissionValidator.hasModifyNamespacePermission(#appId, #namespaceName, null) || @permissionValidator.hasModifyNamespacePermission(#appId, #namespaceName, #env)")
@PreAuthorize(value = "@permissionValidator.hasModifyNamespacePermission(#appId, #namespaceName, #env)")
@RequestMapping(value = "/apps/{appId}/envs/{env}/clusters/{clusterName}/namespaces/{namespaceName}/item", method = RequestMethod.POST)
public ItemDTO createItem(@PathVariable String appId, @PathVariable String env,
@PathVariable String clusterName, @PathVariable String namespaceName,
......@@ -76,7 +76,7 @@ public class ItemController {
return configService.createItem(appId, Env.valueOf(env), clusterName, namespaceName, item);
}
@PreAuthorize(value = "@permissionValidator.hasModifyNamespacePermission(#appId, #namespaceName, null) || @permissionValidator.hasModifyNamespacePermission(#appId, #namespaceName, #env)")
@PreAuthorize(value = "@permissionValidator.hasModifyNamespacePermission(#appId, #namespaceName, #env)")
@RequestMapping(value = "/apps/{appId}/envs/{env}/clusters/{clusterName}/namespaces/{namespaceName}/item", method = RequestMethod.PUT)
public void updateItem(@PathVariable String appId, @PathVariable String env,
@PathVariable String clusterName, @PathVariable String namespaceName,
......@@ -90,7 +90,7 @@ public class ItemController {
}
@PreAuthorize(value = "@permissionValidator.hasModifyNamespacePermission(#appId, #namespaceName, null) || @permissionValidator.hasModifyNamespacePermission(#appId, #namespaceName, #env) ")
@PreAuthorize(value = "@permissionValidator.hasModifyNamespacePermission(#appId, #namespaceName, #env) ")
@RequestMapping(value = "/apps/{appId}/envs/{env}/clusters/{clusterName}/namespaces/{namespaceName}/items/{itemId}", method = RequestMethod.DELETE)
public void deleteItem(@PathVariable String appId, @PathVariable String env,
@PathVariable String clusterName, @PathVariable String namespaceName,
......@@ -139,14 +139,12 @@ public class ItemController {
return configService.compare(model.getSyncToNamespaces(), model.getSyncItems());
}
//@PreAuthorize(value = "@permissionValidator.hasModifyNamespacePermission(#appId, #namespaceName)")
@PreAuthorize(value="@permissionValidator.alwaysTrue()")
@RequestMapping(value = "/apps/{appId}/namespaces/{namespaceName}/items", method = RequestMethod.PUT, consumes = {
"application/json"})
public ResponseEntity update(@PathVariable String appId, @PathVariable String namespaceName,
public ResponseEntity<Void> update(@PathVariable String appId, @PathVariable String namespaceName,
@RequestBody NamespaceSyncModel model) {
checkModel(Objects.nonNull(model) && !model.isInvalid());
boolean hasPermission = permissionValidator.hasModifyNamespacePermission(appId, namespaceName, null);
boolean hasPermission = permissionValidator.hasModifyNamespacePermission(appId, namespaceName);
Env envNoPermission = null;
// if uses has ModifyNamespace permission then he has permission
if (!hasPermission) {
......
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/controller/NamespaceBranchController.java
浏览文件 @ f27bb7dd
......@@ -46,7 +46,7 @@ public class NamespaceBranchController {
return namespaceBranchService.findBranch(appId, Env.valueOf(env), clusterName, namespaceName);
}
@PreAuthorize(value = "@permissionValidator.hasModifyNamespacePermission(#appId, #namespaceName, null) || @permissionValidator.hasModifyNamespacePermission(#appId, #namespaceName, #env)")
@PreAuthorize(value = "@permissionValidator.hasModifyNamespacePermission(#appId, #namespaceName, #env)")
@RequestMapping(value = "/apps/{appId}/envs/{env}/clusters/{clusterName}/namespaces/{namespaceName}/branches", method = RequestMethod.POST)
public NamespaceDTO createBranch(@PathVariable String appId,
@PathVariable String env,
......@@ -63,9 +63,8 @@ public class NamespaceBranchController {
@PathVariable String namespaceName,
@PathVariable String branchName) {
boolean canDelete = permissionValidator.hasReleaseNamespacePermission(appId, namespaceName, null) ||
permissionValidator.hasReleaseNamespacePermission(appId, namespaceName, env) ||
((permissionValidator.hasModifyNamespacePermission(appId, namespaceName, null) || permissionValidator.hasModifyNamespacePermission(appId, namespaceName, env)) &&
boolean canDelete = permissionValidator.hasReleaseNamespacePermission(appId, namespaceName, env) ||
(permissionValidator.hasModifyNamespacePermission(appId, namespaceName, env) &&
releaseService.loadLatestRelease(appId, Env.valueOf(env), branchName, namespaceName) == null);
......@@ -82,7 +81,7 @@ public class NamespaceBranchController {
@PreAuthorize(value = "@permissionValidator.hasReleaseNamespacePermission(#appId, #namespaceName, null) || @permissionValidator.hasReleaseNamespacePermission(#appId, #namespaceName, #env)")
@PreAuthorize(value = "@permissionValidator.hasReleaseNamespacePermission(#appId, #namespaceName, #env)")
@RequestMapping(value = "/apps/{appId}/envs/{env}/clusters/{clusterName}/namespaces/{namespaceName}/branches/{branchName}/merge", method = RequestMethod.POST)
public ReleaseDTO merge(@PathVariable String appId, @PathVariable String env,
@PathVariable String clusterName, @PathVariable String namespaceName,
......@@ -121,7 +120,7 @@ public class NamespaceBranchController {
}
@PreAuthorize(value = "@permissionValidator.hasOperateNamespacePermission(#appId, #namespaceName, null) || @permissionValidator.hasOperateNamespacePermission(#appId, #namespaceName, #env)")
@PreAuthorize(value = "@permissionValidator.hasOperateNamespacePermission(#appId, #namespaceName, #env)")
@RequestMapping(value = "/apps/{appId}/envs/{env}/clusters/{clusterName}/namespaces/{namespaceName}/branches/{branchName}/rules", method = RequestMethod.PUT)
public void updateBranchRules(@PathVariable String appId, @PathVariable String env,
@PathVariable String clusterName, @PathVariable String namespaceName,
......
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/controller/NamespaceController.java
浏览文件 @ f27bb7dd
......@@ -208,10 +208,10 @@ public class NamespaceController {
String operator = userInfoHolder.getUser().getUserId();
rolePermissionService
.assignRoleToUsers(RoleUtils.buildNamespaceRoleName(appId, namespaceName, RoleType.MODIFY_NAMESPACE, null),
.assignRoleToUsers(RoleUtils.buildNamespaceRoleName(appId, namespaceName, RoleType.MODIFY_NAMESPACE),
Sets.newHashSet(operator), operator);
rolePermissionService
.assignRoleToUsers(RoleUtils.buildNamespaceRoleName(appId, namespaceName, RoleType.RELEASE_NAMESPACE, null),
.assignRoleToUsers(RoleUtils.buildNamespaceRoleName(appId, namespaceName, RoleType.RELEASE_NAMESPACE),
Sets.newHashSet(operator), operator);
}
}
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/controller/PermissionController.java
浏览文件 @ f27bb7dd
......@@ -67,7 +67,7 @@ public class PermissionController {
permissionCondition.setHasPermission(
rolePermissionService.userHasPermission(userInfoHolder.getUser().getUserId(), permissionType,
RoleUtils.buildNamespaceTargetId(appId, namespaceName, null)));
RoleUtils.buildNamespaceTargetId(appId, namespaceName)));
return ResponseEntity.ok().body(permissionCondition);
}
......@@ -168,11 +168,11 @@ public class PermissionController {
assignedUsers.setAppId(appId);
Set<UserInfo> releaseNamespaceUsers =
rolePermissionService.queryUsersWithRole(RoleUtils.buildReleaseNamespaceRoleName(appId, namespaceName, null));
rolePermissionService.queryUsersWithRole(RoleUtils.buildReleaseNamespaceRoleName(appId, namespaceName));
assignedUsers.setReleaseRoleUsers(releaseNamespaceUsers);
Set<UserInfo> modifyNamespaceUsers =
rolePermissionService.queryUsersWithRole(RoleUtils.buildModifyNamespaceRoleName(appId, namespaceName, null));
rolePermissionService.queryUsersWithRole(RoleUtils.buildModifyNamespaceRoleName(appId, namespaceName));
assignedUsers.setModifyRoleUsers(modifyNamespaceUsers);
return assignedUsers;
......@@ -188,7 +188,7 @@ public class PermissionController {
if (!RoleType.isValidRoleType(roleType)) {
throw new BadRequestException("role type is illegal");
}
Set<String> assignedUser = rolePermissionService.assignRoleToUsers(RoleUtils.buildNamespaceRoleName(appId, namespaceName, roleType, null),
Set<String> assignedUser = rolePermissionService.assignRoleToUsers(RoleUtils.buildNamespaceRoleName(appId, namespaceName, roleType),
Sets.newHashSet(user), userInfoHolder.getUser().getUserId());
if (CollectionUtils.isEmpty(assignedUser)) {
throw new BadRequestException(user + "已授权");
......@@ -206,7 +206,7 @@ public class PermissionController {
if (!RoleType.isValidRoleType(roleType)) {
throw new BadRequestException("role type is illegal");
}
rolePermissionService.removeRoleFromUsers(RoleUtils.buildNamespaceRoleName(appId, namespaceName, roleType, null),
rolePermissionService.removeRoleFromUsers(RoleUtils.buildNamespaceRoleName(appId, namespaceName, roleType),
Sets.newHashSet(user), userInfoHolder.getUser().getUserId());
return ResponseEntity.ok().build();
}
......
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/controller/ReleaseController.java
浏览文件 @ f27bb7dd
......@@ -36,7 +36,7 @@ public class ReleaseController {
@Autowired
private PortalConfig portalConfig;
@PreAuthorize(value = "@permissionValidator.hasReleaseNamespacePermission(#appId, #namespaceName, null) || @permissionValidator.hasReleaseNamespacePermission(#appId, #namespaceName, #env)")
@PreAuthorize(value = "@permissionValidator.hasReleaseNamespacePermission(#appId, #namespaceName, #env)")
@RequestMapping(value = "/apps/{appId}/envs/{env}/clusters/{clusterName}/namespaces/{namespaceName}/releases", method = RequestMethod.POST)
public ReleaseDTO createRelease(@PathVariable String appId,
@PathVariable String env, @PathVariable String clusterName,
......@@ -67,7 +67,7 @@ public class ReleaseController {
return createdRelease;
}
@PreAuthorize(value = "@permissionValidator.hasReleaseNamespacePermission(#appId, #namespaceName, null) || @permissionValidator.hasReleaseNamespacePermission(#appId, #namespaceName, #env)")
@PreAuthorize(value = "@permissionValidator.hasReleaseNamespacePermission(#appId, #namespaceName, #env)")
@RequestMapping(value = "/apps/{appId}/envs/{env}/clusters/{clusterName}/namespaces/{namespaceName}/branches/{branchName}/releases",
method = RequestMethod.POST)
public ReleaseDTO createGrayRelease(@PathVariable String appId,
......@@ -138,6 +138,7 @@ public class ReleaseController {
}
@PreAuthorize(value = "@permissionValidator.hasReleaseNamespacePermission(#appId, #namespaceName, #env)")
@RequestMapping(path = "/envs/{env}/releases/{releaseId}/rollback", method = RequestMethod.PUT)
public void rollback(@PathVariable String env,
@PathVariable long releaseId) {
......
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/spi/defaultimpl/DefaultRoleInitializationService.java
浏览文件 @ f27bb7dd
......@@ -58,10 +58,10 @@ public class DefaultRoleInitializationService implements RoleInitializationServi
//assign modify、release namespace role to user
rolePermissionService.assignRoleToUsers(
RoleUtils.buildNamespaceRoleName(appId, ConfigConsts.NAMESPACE_APPLICATION, RoleType.MODIFY_NAMESPACE, null),
RoleUtils.buildNamespaceRoleName(appId, ConfigConsts.NAMESPACE_APPLICATION, RoleType.MODIFY_NAMESPACE),
Sets.newHashSet(operator), operator);
rolePermissionService.assignRoleToUsers(
RoleUtils.buildNamespaceRoleName(appId, ConfigConsts.NAMESPACE_APPLICATION, RoleType.RELEASE_NAMESPACE, null),
RoleUtils.buildNamespaceRoleName(appId, ConfigConsts.NAMESPACE_APPLICATION, RoleType.RELEASE_NAMESPACE),
Sets.newHashSet(operator), operator);
}
......@@ -69,13 +69,13 @@ public class DefaultRoleInitializationService implements RoleInitializationServi
@Transactional
public void initNamespaceRoles(String appId, String namespaceName, String operator) {
String modifyNamespaceRoleName = RoleUtils.buildModifyNamespaceRoleName(appId, namespaceName, null);
String modifyNamespaceRoleName = RoleUtils.buildModifyNamespaceRoleName(appId, namespaceName);
if (rolePermissionService.findRoleByRoleName(modifyNamespaceRoleName) == null) {
createNamespaceRole(appId, namespaceName, PermissionType.MODIFY_NAMESPACE,
modifyNamespaceRoleName, operator);
}
String releaseNamespaceRoleName = RoleUtils.buildReleaseNamespaceRoleName(appId, namespaceName, null);
String releaseNamespaceRoleName = RoleUtils.buildReleaseNamespaceRoleName(appId, namespaceName);
if (rolePermissionService.findRoleByRoleName(releaseNamespaceRoleName) == null) {
createNamespaceRole(appId, namespaceName, PermissionType.RELEASE_NAMESPACE,
releaseNamespaceRoleName, operator);
......@@ -143,7 +143,7 @@ public class DefaultRoleInitializationService implements RoleInitializationServi
String roleName, String operator) {
Permission permission =
createPermission(RoleUtils.buildNamespaceTargetId(appId, namespaceName, null), permissionType, operator);
createPermission(RoleUtils.buildNamespaceTargetId(appId, namespaceName), permissionType, operator);
Permission createdPermission = rolePermissionService.createPermission(permission);
Role role = createRole(roleName, operator);
......
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/util/RoleUtils.java
浏览文件 @ f27bb7dd
......@@ -7,7 +7,7 @@ import com.ctrip.framework.apollo.portal.constant.RoleType;
public class RoleUtils {
private static final Joiner STRING_JOINER = Joiner.on(ConfigConsts.CLUSTER_NAMESPACE_SEPARATOR);
private static final Joiner STRING_JOINER = Joiner.on(ConfigConsts.CLUSTER_NAMESPACE_SEPARATOR).skipNulls();
public static String buildAppMasterRoleName(String appId) {
return STRING_JOINER.join(RoleType.MASTER, appId);
......@@ -17,36 +17,44 @@ public class RoleUtils {
return STRING_JOINER.join(roleType, appId);
}
public static String buildModifyNamespaceRoleName(String appId, String namespaceName) {
return buildModifyNamespaceRoleName(appId, namespaceName, null);
}
public static String buildModifyNamespaceRoleName(String appId, String namespaceName, String env) {
if (null != env && !"".equals(env))
return STRING_JOINER.join(RoleType.MODIFY_NAMESPACE, appId, namespaceName, env);
return STRING_JOINER.join(RoleType.MODIFY_NAMESPACE, appId, namespaceName);
}
public static String buildModifyDefaultNamespaceRoleName(String appId) {
return STRING_JOINER.join(RoleType.MODIFY_NAMESPACE, appId, ConfigConsts.NAMESPACE_APPLICATION);
}
public static String buildReleaseNamespaceRoleName(String appId, String namespaceName) {
return buildReleaseNamespaceRoleName(appId, namespaceName, null);
}
public static String buildReleaseNamespaceRoleName(String appId, String namespaceName, String env) {
if (null != env && !"".equals(env))
return STRING_JOINER.join(RoleType.RELEASE_NAMESPACE, appId, namespaceName, env);
return STRING_JOINER.join(RoleType.RELEASE_NAMESPACE, appId, namespaceName);
}
public static String buildNamespaceRoleName(String appId, String namespaceName, String roleType) {
return buildNamespaceRoleName(appId, namespaceName, roleType, null);
}
public static String buildNamespaceRoleName(String appId, String namespaceName, String roleType, String env) {
if (null != env && !"".equals(env))
return STRING_JOINER.join(roleType, appId, namespaceName, env);
return STRING_JOINER.join(roleType, appId, namespaceName);
}
public static String buildReleaseDefaultNamespaceRoleName(String appId) {
return STRING_JOINER.join(RoleType.RELEASE_NAMESPACE, appId, ConfigConsts.NAMESPACE_APPLICATION);
}
public static String buildNamespaceTargetId(String appId, String namespaceName) {
return buildNamespaceTargetId(appId, namespaceName, null);
}
public static String buildNamespaceTargetId(String appId, String namespaceName, String env) {
if (null != env && !"".equals(env))
return STRING_JOINER.join(appId, namespaceName, env);
return STRING_JOINER.join(appId, namespaceName);
}
public static String buildDefaultNamespaceTargetId(String appId) {
......
apollo-portal/src/main/resources/static/namespace/role.html
浏览文件 @ f27bb7dd
......@@ -35,13 +35,13 @@
<div class="row">
<div class="form-horizontal">
<div class="form-group">
<label class="col-sm-2 control-label">修改权<br><small>(可以修改配置,不选择环境则对所有环境授权)</small></label>
<label class="col-sm-2 control-label">修改权<br><small>(可以修改配置)</small></label>
<div class="col-sm-8">
<form class="form-inline" ng-submit="assignRoleToUser('ModifyNamespace')">
<div class="form-group">
<apollouserselector apollo-id="modifyRoleWidgetId"></apollouserselector>
<select class="form-control input-sm" ng-model="modifyRoleSelectedEnv">
<option value="">可选环境</option>
<option value="">所有环境</option>
<option ng-repeat="env in envs" ng-value="env">{{env}}</option>
</select>
</div>
......@@ -49,7 +49,7 @@
</form>
<!-- Split button -->
<div class="item-container">
<h5>ALL</h5>
<h5>所有环境</h5>
<div class="btn-group item-info" ng-repeat="user in rolesAssignedUsers.modifyRoleUsers">
<button type="button" class="btn btn-default" ng-bind="user.userId"></button>
<button type="button" class="btn btn-default dropdown-toggle" data-toggle="dropdown"
......@@ -77,14 +77,14 @@
<div class="row" style="margin-top: 10px;">
<div class="form-horizontal">
<div class="col-sm-2 text-right">
<label class="control-label">发布权<br><small>(可以发布配置,不选择环境则对所有环境授权)</small></label>
<label class="control-label">发布权<br><small>(可以发布配置)</small></label>
</div>
<div class="col-sm-8">
<form class="form-inline" ng-submit="assignRoleToUser('ReleaseNamespace')">
<div class="form-group">
<apollouserselector apollo-id="releaseRoleWidgetId"></apollouserselector>
<select class="form-control input-sm" ng-model="releaseRoleSelectedEnv">
<option value="">可选环境</option>
<option value="">所有环境</option>
<option ng-repeat="env in envs" ng-value="env">{{env}}</option>
</select>
</div>
......@@ -92,7 +92,7 @@
</form>
<!-- Split button -->
<div class="item-container">
<h5>ALL</h5>
<h5>所有环境</h5>
<div class="btn-group item-info" ng-repeat="user in rolesAssignedUsers.releaseRoleUsers">
<button type="button" class="btn btn-default" ng-bind="user.userId"></button>
<button type="button" class="btn btn-default dropdown-toggle" data-toggle="dropdown"
......
apollo-portal/src/main/resources/static/open/manage.html
浏览文件 @ f27bb7dd
......@@ -137,14 +137,17 @@
</div>
<div class="form-group" valdr-form-group ng-show="consumerRole.type=='NamespaceRole'">
<label class="col-sm-2 control-label">
环境(不选择则所有环境都有权限)
环境
</label>
<div class="col-sm-3">
<div class="col-sm-10">
<div>
<label class="checkbox-inline" ng-repeat="env in envs">
<input type="checkbox" ng-checked="env.checked" ng-click="switchSelect(env)" />
{{env.env}}
</label>
</div>
<small>(不选择则所有环境都有权限,如果提示Namespace's role does not exist,请先打开该Namespace的授权页面触发一下权限的初始化动作)</small>
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-2 col-sm-9">
......
apollo-portal/src/test/java/com/ctrip/framework/apollo/openapi/service/ConsumerServiceTest.java
浏览文件 @ f27bb7dd
......@@ -177,8 +177,8 @@ public class ConsumerServiceTest extends AbstractUnitTest {
doReturn(consumerId).when(consumerService).getConsumerIdByToken(token);
String testNamespace = "namespace";
String modifyRoleName = RoleUtils.buildModifyNamespaceRoleName(testAppId, testNamespace, null);
String releaseRoleName = RoleUtils.buildReleaseNamespaceRoleName(testAppId, testNamespace, null);
String modifyRoleName = RoleUtils.buildModifyNamespaceRoleName(testAppId, testNamespace);
String releaseRoleName = RoleUtils.buildReleaseNamespaceRoleName(testAppId, testNamespace);
String envModifyRoleName = RoleUtils.buildModifyNamespaceRoleName(testAppId, testNamespace, Env.DEV.toString());
String envReleaseRoleName = RoleUtils.buildReleaseNamespaceRoleName(testAppId, testNamespace, Env.DEV.toString());
long modifyRoleId = 1;
......@@ -208,7 +208,7 @@ public class ConsumerServiceTest extends AbstractUnitTest {
doReturn(namespaceReleaseConsumerRole).when(consumerService).createConsumerRole(consumerId, releaseRoleId, testOwner);
doReturn(namespaceEnvReleaseConsumerRole).when(consumerService).createConsumerRole(consumerId, envReleaseRoleId, testOwner);
consumerService.assignNamespaceRoleToConsumer(token, testAppId, testNamespace, null);
consumerService.assignNamespaceRoleToConsumer(token, testAppId, testNamespace);
consumerService.assignNamespaceRoleToConsumer(token, testAppId, testNamespace, Env.DEV.toString());
verify(consumerRoleRepository).save(namespaceModifyConsumerRole);
......
apollo-portal/src/test/java/com/ctrip/framework/apollo/portal/spi/defaultImpl/RoleInitializationServiceTest.java
浏览文件 @ f27bb7dd
......@@ -74,11 +74,11 @@ public class RoleInitializationServiceTest extends AbstractUnitTest {
@Test
public void testInitNamespaceRoleHasExisted(){
String modifyNamespaceRoleName = RoleUtils.buildModifyNamespaceRoleName(APP_ID, NAMESPACE, null);
String modifyNamespaceRoleName = RoleUtils.buildModifyNamespaceRoleName(APP_ID, NAMESPACE);
when(rolePermissionService.findRoleByRoleName(modifyNamespaceRoleName)).
thenReturn(mockRole(modifyNamespaceRoleName));
String releaseNamespaceRoleName = RoleUtils.buildReleaseNamespaceRoleName(APP_ID, NAMESPACE, null);
String releaseNamespaceRoleName = RoleUtils.buildReleaseNamespaceRoleName(APP_ID, NAMESPACE);
when(rolePermissionService.findRoleByRoleName(releaseNamespaceRoleName)).
thenReturn(mockRole(releaseNamespaceRoleName));
......@@ -92,11 +92,11 @@ public class RoleInitializationServiceTest extends AbstractUnitTest {
@Test
public void testInitNamespaceRoleNotExisted(){
String modifyNamespaceRoleName = RoleUtils.buildModifyNamespaceRoleName(APP_ID, NAMESPACE, null);
String modifyNamespaceRoleName = RoleUtils.buildModifyNamespaceRoleName(APP_ID, NAMESPACE);
when(rolePermissionService.findRoleByRoleName(modifyNamespaceRoleName)).
thenReturn(null);
String releaseNamespaceRoleName = RoleUtils.buildReleaseNamespaceRoleName(APP_ID, NAMESPACE, null);
String releaseNamespaceRoleName = RoleUtils.buildReleaseNamespaceRoleName(APP_ID, NAMESPACE);
when(rolePermissionService.findRoleByRoleName(releaseNamespaceRoleName)).
thenReturn(null);
......@@ -113,11 +113,11 @@ public class RoleInitializationServiceTest extends AbstractUnitTest {
@Test
public void testInitNamespaceRoleModifyNSExisted(){
String modifyNamespaceRoleName = RoleUtils.buildModifyNamespaceRoleName(APP_ID, NAMESPACE, null);
String modifyNamespaceRoleName = RoleUtils.buildModifyNamespaceRoleName(APP_ID, NAMESPACE);
when(rolePermissionService.findRoleByRoleName(modifyNamespaceRoleName)).
thenReturn(mockRole(modifyNamespaceRoleName));
String releaseNamespaceRoleName = RoleUtils.buildReleaseNamespaceRoleName(APP_ID, NAMESPACE, null);
String releaseNamespaceRoleName = RoleUtils.buildReleaseNamespaceRoleName(APP_ID, NAMESPACE);
when(rolePermissionService.findRoleByRoleName(releaseNamespaceRoleName)).
thenReturn(null);
......@@ -157,7 +157,7 @@ public class RoleInitializationServiceTest extends AbstractUnitTest {
private Permission mockPermission(){
Permission permission = new Permission();
permission.setPermissionType(PermissionType.MODIFY_NAMESPACE);
permission.setTargetId(RoleUtils.buildNamespaceTargetId(APP_ID, NAMESPACE, null));
permission.setTargetId(RoleUtils.buildNamespaceTargetId(APP_ID, NAMESPACE));
return permission;
}
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册