Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
zhangjian1949
apollo
提交
14ccb66e
apollo
项目概览
zhangjian1949
/
apollo
与 Fork 源项目一致
从无法访问的项目Fork
通知
3
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
apollo
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
14ccb66e
编写于
4月 28, 2017
作者:
张
张乐
提交者:
GitHub
4月 28, 2017
浏览文件
操作
浏览文件
下载
差异文件
Merge pull request #604 from timothynode/master
change Role Service to interface impl
上级
bc0e4846
701a384c
变更
9
隐藏空白更改
内联
并排
Showing
9 changed file
with
396 addition
and
314 deletion
+396
-314
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/service/RoleInitializationService.java
...work/apollo/portal/service/RoleInitializationService.java
+3
-114
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/service/RolePermissionService.java
...ramework/apollo/portal/service/RolePermissionService.java
+11
-183
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/spi/configuration/AuthConfiguration.java
...rk/apollo/portal/spi/configuration/AuthConfiguration.java
+4
-5
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/spi/configuration/RoleConfiguration.java
...rk/apollo/portal/spi/configuration/RoleConfiguration.java
+24
-0
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/spi/defaultimpl/DefaultRoleInitializationService.java
...tal/spi/defaultimpl/DefaultRoleInitializationService.java
+120
-0
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/spi/defaultimpl/DefaultRolePermissionService.java
.../portal/spi/defaultimpl/DefaultRolePermissionService.java
+223
-0
apollo-portal/src/test/java/com/ctrip/framework/apollo/portal/AllTests.java
...test/java/com/ctrip/framework/apollo/portal/AllTests.java
+2
-2
apollo-portal/src/test/java/com/ctrip/framework/apollo/portal/spi/defaultImpl/RoleInitializationServiceTest.java
...portal/spi/defaultImpl/RoleInitializationServiceTest.java
+7
-9
apollo-portal/src/test/java/com/ctrip/framework/apollo/portal/spi/defaultImpl/RolePermissionServiceTest.java
...llo/portal/spi/defaultImpl/RolePermissionServiceTest.java
+2
-1
未找到文件。
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/service/RoleInitializationService.java
浏览文件 @
14ccb66e
package
com.ctrip.framework.apollo.portal.service
;
package
com.ctrip.framework.apollo.portal.service
;
import
com.google.common.collect.FluentIterable
;
import
com.google.common.collect.Lists
;
import
com.google.common.collect.Sets
;
import
com.ctrip.framework.apollo.common.entity.App
;
import
com.ctrip.framework.apollo.common.entity.App
;
import
com.ctrip.framework.apollo.core.ConfigConsts
;
import
com.ctrip.framework.apollo.portal.constant.PermissionType
;
import
com.ctrip.framework.apollo.portal.constant.RoleType
;
import
com.ctrip.framework.apollo.portal.entity.po.Permission
;
import
com.ctrip.framework.apollo.portal.entity.po.Role
;
import
com.ctrip.framework.apollo.portal.spi.UserInfoHolder
;
import
com.ctrip.framework.apollo.portal.util.RoleUtils
;
import
org.springframework.beans.factory.annotation.Autowired
;
import
org.springframework.stereotype.Service
;
import
org.springframework.transaction.annotation.Transactional
;
import
java.util.Set
;
@Service
public
class
RoleInitializationService
{
@Autowired
private
UserInfoHolder
userInfoHolder
;
@Autowired
private
RolePermissionService
rolePermissionService
;
@Transactional
public
void
initAppRoles
(
App
app
)
{
String
appId
=
app
.
getAppId
();
String
appMasterRoleName
=
RoleUtils
.
buildAppMasterRoleName
(
appId
);
//has created before
if
(
rolePermissionService
.
findRoleByRoleName
(
appMasterRoleName
)
!=
null
)
{
return
;
}
String
operator
=
userInfoHolder
.
getUser
().
getUserId
();
//create app permissions
createAppMasterRole
(
appId
);
//assign master role to user
rolePermissionService
.
assignRoleToUsers
(
RoleUtils
.
buildAppMasterRoleName
(
appId
),
Sets
.
newHashSet
(
app
.
getOwnerName
()),
operator
);
initNamespaceRoles
(
appId
,
ConfigConsts
.
NAMESPACE_APPLICATION
);
//assign modify、release namespace role to user
rolePermissionService
.
assignRoleToUsers
(
RoleUtils
.
buildNamespaceRoleName
(
appId
,
ConfigConsts
.
NAMESPACE_APPLICATION
,
RoleType
.
MODIFY_NAMESPACE
),
Sets
.
newHashSet
(
operator
),
operator
);
rolePermissionService
.
assignRoleToUsers
(
RoleUtils
.
buildNamespaceRoleName
(
appId
,
ConfigConsts
.
NAMESPACE_APPLICATION
,
RoleType
.
RELEASE_NAMESPACE
),
Sets
.
newHashSet
(
operator
),
operator
);
}
@Transactional
public
void
initNamespaceRoles
(
String
appId
,
String
namespaceName
)
{
String
modifyNamespaceRoleName
=
RoleUtils
.
buildModifyNamespaceRoleName
(
appId
,
namespaceName
);
if
(
rolePermissionService
.
findRoleByRoleName
(
modifyNamespaceRoleName
)
==
null
)
{
createDefaultNamespaceRole
(
appId
,
namespaceName
,
PermissionType
.
MODIFY_NAMESPACE
,
RoleUtils
.
buildModifyNamespaceRoleName
(
appId
,
namespaceName
));
}
String
releaseNamespaceRoleName
=
RoleUtils
.
buildReleaseNamespaceRoleName
(
appId
,
namespaceName
);
if
(
rolePermissionService
.
findRoleByRoleName
(
releaseNamespaceRoleName
)
==
null
)
{
createDefaultNamespaceRole
(
appId
,
namespaceName
,
PermissionType
.
RELEASE_NAMESPACE
,
RoleUtils
.
buildReleaseNamespaceRoleName
(
appId
,
namespaceName
));
}
}
private
void
createAppMasterRole
(
String
appId
)
{
Set
<
Permission
>
appPermissions
=
FluentIterable
.
from
(
Lists
.
newArrayList
(
PermissionType
.
CREATE_CLUSTER
,
PermissionType
.
CREATE_NAMESPACE
,
PermissionType
.
ASSIGN_ROLE
))
.
transform
(
permissionType
->
createPermission
(
appId
,
permissionType
)).
toSet
();
Set
<
Permission
>
createdAppPermissions
=
rolePermissionService
.
createPermissions
(
appPermissions
);
Set
<
Long
>
appPermissionIds
=
FluentIterable
.
from
(
createdAppPermissions
).
transform
(
permission
->
permission
.
getId
()).
toSet
();
//create app master role
Role
appMasterRole
=
createRole
(
RoleUtils
.
buildAppMasterRoleName
(
appId
));
rolePermissionService
.
createRoleWithPermissions
(
appMasterRole
,
appPermissionIds
);
}
private
Permission
createPermission
(
String
targetId
,
String
permissionType
)
{
Permission
permission
=
new
Permission
();
permission
.
setPermissionType
(
permissionType
);
permission
.
setTargetId
(
targetId
);
String
userId
=
userInfoHolder
.
getUser
().
getUserId
();
permission
.
setDataChangeCreatedBy
(
userId
);
permission
.
setDataChangeLastModifiedBy
(
userId
);
return
permission
;
}
private
Role
createRole
(
String
roleName
)
{
Role
role
=
new
Role
();
role
.
setRoleName
(
roleName
);
String
operator
=
userInfoHolder
.
getUser
().
getUserId
();
role
.
setDataChangeCreatedBy
(
operator
);
role
.
setDataChangeLastModifiedBy
(
operator
);
return
role
;
}
private
void
createDefaultNamespaceRole
(
String
appId
,
String
namespaceName
,
String
permissionType
,
String
roleName
)
{
Permission
permission
=
public
interface
RoleInitializationService
{
createPermission
(
RoleUtils
.
buildNamespaceTargetId
(
appId
,
namespaceName
),
permissionType
);
public
void
initAppRoles
(
App
app
);
Permission
createdPermission
=
rolePermissionService
.
createPermission
(
permission
);
Role
role
=
createRole
(
roleName
);
public
void
initNamespaceRoles
(
String
appId
,
String
namespaceName
);
rolePermissionService
.
createRoleWithPermissions
(
role
,
Sets
.
newHashSet
(
createdPermission
.
getId
()));
}
}
}
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/service/RolePermissionService.java
浏览文件 @
14ccb66e
package
com.ctrip.framework.apollo.portal.service
;
package
com.ctrip.framework.apollo.portal.service
;
import
com.google.common.base.Preconditions
;
import
com.ctrip.framework.apollo.portal.entity.bo.UserInfo
;
import
com.google.common.collect.FluentIterable
;
import
com.google.common.collect.HashMultimap
;
import
com.google.common.collect.Multimap
;
import
com.google.common.collect.Sets
;
import
com.ctrip.framework.apollo.portal.component.config.PortalConfig
;
import
com.ctrip.framework.apollo.portal.entity.po.Permission
;
import
com.ctrip.framework.apollo.portal.entity.po.Permission
;
import
com.ctrip.framework.apollo.portal.entity.po.Role
;
import
com.ctrip.framework.apollo.portal.entity.po.Role
;
import
com.ctrip.framework.apollo.portal.entity.po.RolePermission
;
import
com.ctrip.framework.apollo.portal.entity.bo.UserInfo
;
import
com.ctrip.framework.apollo.portal.entity.po.UserRole
;
import
com.ctrip.framework.apollo.portal.repository.PermissionRepository
;
import
com.ctrip.framework.apollo.portal.repository.RolePermissionRepository
;
import
com.ctrip.framework.apollo.portal.repository.RoleRepository
;
import
com.ctrip.framework.apollo.portal.repository.UserRoleRepository
;
import
org.springframework.beans.factory.annotation.Autowired
;
import
org.springframework.stereotype.Service
;
import
org.springframework.transaction.annotation.Transactional
;
import
org.springframework.util.CollectionUtils
;
import
java.util.Collection
;
import
java.util.Collections
;
import
java.util.Date
;
import
java.util.List
;
import
java.util.Set
;
import
java.util.Set
;
/**
/**
* @author Jason Song(song_s@ctrip.com)
* @author Jason Song(song_s@ctrip.com)
*/
*/
@Service
public
interface
RolePermissionService
{
public
class
RolePermissionService
{
@Autowired
private
RoleRepository
roleRepository
;
@Autowired
private
RolePermissionRepository
rolePermissionRepository
;
@Autowired
private
UserRoleRepository
userRoleRepository
;
@Autowired
private
PermissionRepository
permissionRepository
;
@Autowired
private
PortalConfig
portalConfig
;
/**
/**
* Create role with permissions, note that role name should be unique
* Create role with permissions, note that role name should be unique
*/
*/
@Transactional
public
Role
createRoleWithPermissions
(
Role
role
,
Set
<
Long
>
permissionIds
);
public
Role
createRoleWithPermissions
(
Role
role
,
Set
<
Long
>
permissionIds
)
{
Role
current
=
findRoleByRoleName
(
role
.
getRoleName
());
Preconditions
.
checkState
(
current
==
null
,
"Role %s already exists!"
,
role
.
getRoleName
());
Role
createdRole
=
roleRepository
.
save
(
role
);
if
(!
CollectionUtils
.
isEmpty
(
permissionIds
))
{
Iterable
<
RolePermission
>
rolePermissions
=
FluentIterable
.
from
(
permissionIds
).
transform
(
permissionId
->
{
RolePermission
rolePermission
=
new
RolePermission
();
rolePermission
.
setRoleId
(
createdRole
.
getId
());
rolePermission
.
setPermissionId
(
permissionId
);
rolePermission
.
setDataChangeCreatedBy
(
createdRole
.
getDataChangeCreatedBy
());
rolePermission
.
setDataChangeLastModifiedBy
(
createdRole
.
getDataChangeLastModifiedBy
());
return
rolePermission
;
});
rolePermissionRepository
.
save
(
rolePermissions
);
}
return
createdRole
;
}
/**
/**
* Assign role to users
* Assign role to users
*
*
* @return the users assigned roles
* @return the users assigned roles
*/
*/
@Transactional
public
Set
<
String
>
assignRoleToUsers
(
String
roleName
,
Set
<
String
>
userIds
,
public
Set
<
String
>
assignRoleToUsers
(
String
roleName
,
Set
<
String
>
userIds
,
String
operatorUserId
)
{
String
operatorUserId
);
Role
role
=
findRoleByRoleName
(
roleName
);
Preconditions
.
checkState
(
role
!=
null
,
"Role %s doesn't exist!"
,
roleName
);
List
<
UserRole
>
existedUserRoles
=
userRoleRepository
.
findByUserIdInAndRoleId
(
userIds
,
role
.
getId
());
Set
<
String
>
existedUserIds
=
FluentIterable
.
from
(
existedUserRoles
).
transform
(
userRole
->
userRole
.
getUserId
()).
toSet
();
Set
<
String
>
toAssignUserIds
=
Sets
.
difference
(
userIds
,
existedUserIds
);
Iterable
<
UserRole
>
toCreate
=
FluentIterable
.
from
(
toAssignUserIds
).
transform
(
userId
->
{
UserRole
userRole
=
new
UserRole
();
userRole
.
setRoleId
(
role
.
getId
());
userRole
.
setUserId
(
userId
);
userRole
.
setDataChangeCreatedBy
(
operatorUserId
);
userRole
.
setDataChangeLastModifiedBy
(
operatorUserId
);
return
userRole
;
});
userRoleRepository
.
save
(
toCreate
);
return
toAssignUserIds
;
}
/**
/**
* Remove role from users
* Remove role from users
*/
*/
@Transactional
public
void
removeRoleFromUsers
(
String
roleName
,
Set
<
String
>
userIds
,
String
operatorUserId
);
public
void
removeRoleFromUsers
(
String
roleName
,
Set
<
String
>
userIds
,
String
operatorUserId
)
{
Role
role
=
findRoleByRoleName
(
roleName
);
Preconditions
.
checkState
(
role
!=
null
,
"Role %s doesn't exist!"
,
roleName
);
List
<
UserRole
>
existedUserRoles
=
userRoleRepository
.
findByUserIdInAndRoleId
(
userIds
,
role
.
getId
());
for
(
UserRole
userRole
:
existedUserRoles
)
{
userRole
.
setDeleted
(
true
);
userRole
.
setDataChangeLastModifiedTime
(
new
Date
());
userRole
.
setDataChangeLastModifiedBy
(
operatorUserId
);
}
userRoleRepository
.
save
(
existedUserRoles
);
}
/**
/**
* Query users with role
* Query users with role
*/
*/
public
Set
<
UserInfo
>
queryUsersWithRole
(
String
roleName
)
{
public
Set
<
UserInfo
>
queryUsersWithRole
(
String
roleName
);
Role
role
=
findRoleByRoleName
(
roleName
);
if
(
role
==
null
)
{
return
Collections
.
emptySet
();
}
List
<
UserRole
>
userRoles
=
userRoleRepository
.
findByRoleId
(
role
.
getId
());
Set
<
UserInfo
>
users
=
FluentIterable
.
from
(
userRoles
).
transform
(
userRole
->
{
UserInfo
userInfo
=
new
UserInfo
();
userInfo
.
setUserId
(
userRole
.
getUserId
());
return
userInfo
;
}).
toSet
();
return
users
;
}
/**
/**
* Find role by role name, note that roleName should be unique
* Find role by role name, note that roleName should be unique
*/
*/
public
Role
findRoleByRoleName
(
String
roleName
)
{
public
Role
findRoleByRoleName
(
String
roleName
);
return
roleRepository
.
findTopByRoleName
(
roleName
);
}
/**
/**
* Check whether user has the permission
* Check whether user has the permission
*/
*/
public
boolean
userHasPermission
(
String
userId
,
String
permissionType
,
String
targetId
)
{
public
boolean
userHasPermission
(
String
userId
,
String
permissionType
,
String
targetId
);
Permission
permission
=
permissionRepository
.
findTopByPermissionTypeAndTargetId
(
permissionType
,
targetId
);
if
(
permission
==
null
)
{
return
false
;
}
if
(
isSuperAdmin
(
userId
))
{
return
true
;
}
List
<
UserRole
>
userRoles
=
userRoleRepository
.
findByUserId
(
userId
);
public
boolean
isSuperAdmin
(
String
userId
);
if
(
CollectionUtils
.
isEmpty
(
userRoles
))
{
return
false
;
}
Set
<
Long
>
roleIds
=
FluentIterable
.
from
(
userRoles
).
transform
(
userRole
->
userRole
.
getRoleId
()).
toSet
();
List
<
RolePermission
>
rolePermissions
=
rolePermissionRepository
.
findByRoleIdIn
(
roleIds
);
if
(
CollectionUtils
.
isEmpty
(
rolePermissions
))
{
return
false
;
}
for
(
RolePermission
rolePermission
:
rolePermissions
)
{
if
(
rolePermission
.
getPermissionId
()
==
permission
.
getId
())
{
return
true
;
}
}
return
false
;
}
public
boolean
isSuperAdmin
(
String
userId
)
{
return
portalConfig
.
superAdmins
().
contains
(
userId
);
}
/**
/**
* Create permission, note that permissionType + targetId should be unique
* Create permission, note that permissionType + targetId should be unique
*/
*/
@Transactional
public
Permission
createPermission
(
Permission
permission
);
public
Permission
createPermission
(
Permission
permission
)
{
String
permissionType
=
permission
.
getPermissionType
();
String
targetId
=
permission
.
getTargetId
();
Permission
current
=
permissionRepository
.
findTopByPermissionTypeAndTargetId
(
permissionType
,
targetId
);
Preconditions
.
checkState
(
current
==
null
,
"Permission with permissionType %s targetId %s already exists!"
,
permissionType
,
targetId
);
return
permissionRepository
.
save
(
permission
);
}
/**
/**
* Create permissions, note that permissionType + targetId should be unique
* Create permissions, note that permissionType + targetId should be unique
*/
*/
@Transactional
public
Set
<
Permission
>
createPermissions
(
Set
<
Permission
>
permissions
);
public
Set
<
Permission
>
createPermissions
(
Set
<
Permission
>
permissions
)
{
Multimap
<
String
,
String
>
targetIdPermissionTypes
=
HashMultimap
.
create
();
for
(
Permission
permission
:
permissions
)
{
targetIdPermissionTypes
.
put
(
permission
.
getTargetId
(),
permission
.
getPermissionType
());
}
for
(
String
targetId
:
targetIdPermissionTypes
.
keySet
())
{
Collection
<
String
>
permissionTypes
=
targetIdPermissionTypes
.
get
(
targetId
);
List
<
Permission
>
current
=
permissionRepository
.
findByPermissionTypeInAndTargetId
(
permissionTypes
,
targetId
);
Preconditions
.
checkState
(
CollectionUtils
.
isEmpty
(
current
),
"Permission with permissionType %s targetId %s already exists!"
,
permissionTypes
,
targetId
);
}
Iterable
<
Permission
>
results
=
permissionRepository
.
save
(
permissions
);
return
FluentIterable
.
from
(
results
).
toSet
();
}
}
}
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/spi/configuration/AuthConfiguration.java
浏览文件 @
14ccb66e
package
com.ctrip.framework.apollo.portal.spi.configuration
;
package
com.ctrip.framework.apollo.portal.spi.configuration
;
import
com.google.common.collect.Maps
;
import
com.ctrip.framework.apollo.portal.component.config.PortalConfig
;
import
com.ctrip.framework.apollo.portal.component.config.PortalConfig
;
import
com.ctrip.framework.apollo.portal.spi.LogoutHandler
;
import
com.ctrip.framework.apollo.portal.spi.LogoutHandler
;
import
com.ctrip.framework.apollo.portal.spi.SsoHeartbeatHandler
;
import
com.ctrip.framework.apollo.portal.spi.SsoHeartbeatHandler
;
...
@@ -15,7 +13,7 @@ import com.ctrip.framework.apollo.portal.spi.defaultimpl.DefaultLogoutHandler;
...
@@ -15,7 +13,7 @@ import com.ctrip.framework.apollo.portal.spi.defaultimpl.DefaultLogoutHandler;
import
com.ctrip.framework.apollo.portal.spi.defaultimpl.DefaultSsoHeartbeatHandler
;
import
com.ctrip.framework.apollo.portal.spi.defaultimpl.DefaultSsoHeartbeatHandler
;
import
com.ctrip.framework.apollo.portal.spi.defaultimpl.DefaultUserInfoHolder
;
import
com.ctrip.framework.apollo.portal.spi.defaultimpl.DefaultUserInfoHolder
;
import
com.ctrip.framework.apollo.portal.spi.defaultimpl.DefaultUserService
;
import
com.ctrip.framework.apollo.portal.spi.defaultimpl.DefaultUserService
;
import
com.google.common.collect.Maps
;
import
org.springframework.beans.factory.annotation.Autowired
;
import
org.springframework.beans.factory.annotation.Autowired
;
import
org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean
;
import
org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean
;
import
org.springframework.boot.context.embedded.FilterRegistrationBean
;
import
org.springframework.boot.context.embedded.FilterRegistrationBean
;
...
@@ -24,11 +22,10 @@ import org.springframework.context.annotation.Bean;
...
@@ -24,11 +22,10 @@ import org.springframework.context.annotation.Bean;
import
org.springframework.context.annotation.Configuration
;
import
org.springframework.context.annotation.Configuration
;
import
org.springframework.context.annotation.Profile
;
import
org.springframework.context.annotation.Profile
;
import
javax.servlet.Filter
;
import
java.util.EventListener
;
import
java.util.EventListener
;
import
java.util.Map
;
import
java.util.Map
;
import
javax.servlet.Filter
;
@Configuration
@Configuration
public
class
AuthConfiguration
{
public
class
AuthConfiguration
{
...
@@ -168,6 +165,7 @@ public class AuthConfiguration {
...
@@ -168,6 +165,7 @@ public class AuthConfiguration {
public
SsoHeartbeatHandler
ctripSsoHeartbeatHandler
()
{
public
SsoHeartbeatHandler
ctripSsoHeartbeatHandler
()
{
return
new
CtripSsoHeartbeatHandler
();
return
new
CtripSsoHeartbeatHandler
();
}
}
}
}
...
@@ -201,6 +199,7 @@ public class AuthConfiguration {
...
@@ -201,6 +199,7 @@ public class AuthConfiguration {
public
UserService
defaultUserService
()
{
public
UserService
defaultUserService
()
{
return
new
DefaultUserService
();
return
new
DefaultUserService
();
}
}
}
}
...
...
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/spi/configuration/RoleConfiguration.java
0 → 100644
浏览文件 @
14ccb66e
package
com.ctrip.framework.apollo.portal.spi.configuration
;
import
com.ctrip.framework.apollo.portal.service.RoleInitializationService
;
import
com.ctrip.framework.apollo.portal.service.RolePermissionService
;
import
com.ctrip.framework.apollo.portal.spi.defaultimpl.DefaultRoleInitializationService
;
import
com.ctrip.framework.apollo.portal.spi.defaultimpl.DefaultRolePermissionService
;
import
org.springframework.context.annotation.Bean
;
import
org.springframework.context.annotation.Configuration
;
/**
* @author Timothy Liu(timothy.liu@cvte.com)
*/
@Configuration
public
class
RoleConfiguration
{
@Bean
public
RoleInitializationService
roleInitializationService
()
{
return
new
DefaultRoleInitializationService
();
}
@Bean
public
RolePermissionService
rolePermissionService
()
{
return
new
DefaultRolePermissionService
();
}
}
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/spi/defaultimpl/DefaultRoleInitializationService.java
0 → 100644
浏览文件 @
14ccb66e
package
com.ctrip.framework.apollo.portal.spi.defaultimpl
;
import
com.ctrip.framework.apollo.common.entity.App
;
import
com.ctrip.framework.apollo.core.ConfigConsts
;
import
com.ctrip.framework.apollo.portal.constant.PermissionType
;
import
com.ctrip.framework.apollo.portal.constant.RoleType
;
import
com.ctrip.framework.apollo.portal.entity.po.Permission
;
import
com.ctrip.framework.apollo.portal.entity.po.Role
;
import
com.ctrip.framework.apollo.portal.service.RoleInitializationService
;
import
com.ctrip.framework.apollo.portal.service.RolePermissionService
;
import
com.ctrip.framework.apollo.portal.spi.UserInfoHolder
;
import
com.ctrip.framework.apollo.portal.util.RoleUtils
;
import
com.google.common.collect.FluentIterable
;
import
com.google.common.collect.Lists
;
import
com.google.common.collect.Sets
;
import
org.springframework.beans.factory.annotation.Autowired
;
import
org.springframework.transaction.annotation.Transactional
;
import
java.util.Set
;
/**
* Created by timothy on 2017/4/26.
*/
public
class
DefaultRoleInitializationService
implements
RoleInitializationService
{
@Autowired
private
UserInfoHolder
userInfoHolder
;
@Autowired
private
RolePermissionService
rolePermissionService
;
@Transactional
public
void
initAppRoles
(
App
app
)
{
String
appId
=
app
.
getAppId
();
String
appMasterRoleName
=
RoleUtils
.
buildAppMasterRoleName
(
appId
);
//has created before
if
(
rolePermissionService
.
findRoleByRoleName
(
appMasterRoleName
)
!=
null
)
{
return
;
}
String
operator
=
userInfoHolder
.
getUser
().
getUserId
();
//create app permissions
createAppMasterRole
(
appId
);
//assign master role to user
rolePermissionService
.
assignRoleToUsers
(
RoleUtils
.
buildAppMasterRoleName
(
appId
),
Sets
.
newHashSet
(
app
.
getOwnerName
()),
operator
);
initNamespaceRoles
(
appId
,
ConfigConsts
.
NAMESPACE_APPLICATION
);
//assign modify、release namespace role to user
rolePermissionService
.
assignRoleToUsers
(
RoleUtils
.
buildNamespaceRoleName
(
appId
,
ConfigConsts
.
NAMESPACE_APPLICATION
,
RoleType
.
MODIFY_NAMESPACE
),
Sets
.
newHashSet
(
operator
),
operator
);
rolePermissionService
.
assignRoleToUsers
(
RoleUtils
.
buildNamespaceRoleName
(
appId
,
ConfigConsts
.
NAMESPACE_APPLICATION
,
RoleType
.
RELEASE_NAMESPACE
),
Sets
.
newHashSet
(
operator
),
operator
);
}
@Transactional
public
void
initNamespaceRoles
(
String
appId
,
String
namespaceName
)
{
String
modifyNamespaceRoleName
=
RoleUtils
.
buildModifyNamespaceRoleName
(
appId
,
namespaceName
);
if
(
rolePermissionService
.
findRoleByRoleName
(
modifyNamespaceRoleName
)
==
null
)
{
createDefaultNamespaceRole
(
appId
,
namespaceName
,
PermissionType
.
MODIFY_NAMESPACE
,
RoleUtils
.
buildModifyNamespaceRoleName
(
appId
,
namespaceName
));
}
String
releaseNamespaceRoleName
=
RoleUtils
.
buildReleaseNamespaceRoleName
(
appId
,
namespaceName
);
if
(
rolePermissionService
.
findRoleByRoleName
(
releaseNamespaceRoleName
)
==
null
)
{
createDefaultNamespaceRole
(
appId
,
namespaceName
,
PermissionType
.
RELEASE_NAMESPACE
,
RoleUtils
.
buildReleaseNamespaceRoleName
(
appId
,
namespaceName
));
}
}
private
void
createAppMasterRole
(
String
appId
)
{
Set
<
Permission
>
appPermissions
=
FluentIterable
.
from
(
Lists
.
newArrayList
(
PermissionType
.
CREATE_CLUSTER
,
PermissionType
.
CREATE_NAMESPACE
,
PermissionType
.
ASSIGN_ROLE
))
.
transform
(
permissionType
->
createPermission
(
appId
,
permissionType
)).
toSet
();
Set
<
Permission
>
createdAppPermissions
=
rolePermissionService
.
createPermissions
(
appPermissions
);
Set
<
Long
>
appPermissionIds
=
FluentIterable
.
from
(
createdAppPermissions
).
transform
(
permission
->
permission
.
getId
()).
toSet
();
//create app master role
Role
appMasterRole
=
createRole
(
RoleUtils
.
buildAppMasterRoleName
(
appId
));
rolePermissionService
.
createRoleWithPermissions
(
appMasterRole
,
appPermissionIds
);
}
private
Permission
createPermission
(
String
targetId
,
String
permissionType
)
{
Permission
permission
=
new
Permission
();
permission
.
setPermissionType
(
permissionType
);
permission
.
setTargetId
(
targetId
);
String
userId
=
userInfoHolder
.
getUser
().
getUserId
();
permission
.
setDataChangeCreatedBy
(
userId
);
permission
.
setDataChangeLastModifiedBy
(
userId
);
return
permission
;
}
private
Role
createRole
(
String
roleName
)
{
Role
role
=
new
Role
();
role
.
setRoleName
(
roleName
);
String
operator
=
userInfoHolder
.
getUser
().
getUserId
();
role
.
setDataChangeCreatedBy
(
operator
);
role
.
setDataChangeLastModifiedBy
(
operator
);
return
role
;
}
private
void
createDefaultNamespaceRole
(
String
appId
,
String
namespaceName
,
String
permissionType
,
String
roleName
)
{
Permission
permission
=
createPermission
(
RoleUtils
.
buildNamespaceTargetId
(
appId
,
namespaceName
),
permissionType
);
Permission
createdPermission
=
rolePermissionService
.
createPermission
(
permission
);
Role
role
=
createRole
(
roleName
);
rolePermissionService
.
createRoleWithPermissions
(
role
,
Sets
.
newHashSet
(
createdPermission
.
getId
()));
}
}
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/spi/defaultimpl/DefaultRolePermissionService.java
0 → 100644
浏览文件 @
14ccb66e
package
com.ctrip.framework.apollo.portal.spi.defaultimpl
;
import
com.ctrip.framework.apollo.portal.component.config.PortalConfig
;
import
com.ctrip.framework.apollo.portal.entity.bo.UserInfo
;
import
com.ctrip.framework.apollo.portal.entity.po.Permission
;
import
com.ctrip.framework.apollo.portal.entity.po.Role
;
import
com.ctrip.framework.apollo.portal.entity.po.RolePermission
;
import
com.ctrip.framework.apollo.portal.entity.po.UserRole
;
import
com.ctrip.framework.apollo.portal.repository.PermissionRepository
;
import
com.ctrip.framework.apollo.portal.repository.RolePermissionRepository
;
import
com.ctrip.framework.apollo.portal.repository.RoleRepository
;
import
com.ctrip.framework.apollo.portal.repository.UserRoleRepository
;
import
com.ctrip.framework.apollo.portal.service.RolePermissionService
;
import
com.google.common.base.Preconditions
;
import
com.google.common.collect.FluentIterable
;
import
com.google.common.collect.HashMultimap
;
import
com.google.common.collect.Multimap
;
import
com.google.common.collect.Sets
;
import
org.springframework.beans.factory.annotation.Autowired
;
import
org.springframework.transaction.annotation.Transactional
;
import
org.springframework.util.CollectionUtils
;
import
java.util.*
;
/**
* Created by timothy on 2017/4/26.
*/
public
class
DefaultRolePermissionService
implements
RolePermissionService
{
@Autowired
private
RoleRepository
roleRepository
;
@Autowired
private
RolePermissionRepository
rolePermissionRepository
;
@Autowired
private
UserRoleRepository
userRoleRepository
;
@Autowired
private
PermissionRepository
permissionRepository
;
@Autowired
private
PortalConfig
portalConfig
;
/**
* Create role with permissions, note that role name should be unique
*/
@Transactional
public
Role
createRoleWithPermissions
(
Role
role
,
Set
<
Long
>
permissionIds
)
{
Role
current
=
findRoleByRoleName
(
role
.
getRoleName
());
Preconditions
.
checkState
(
current
==
null
,
"Role %s already exists!"
,
role
.
getRoleName
());
Role
createdRole
=
roleRepository
.
save
(
role
);
if
(!
CollectionUtils
.
isEmpty
(
permissionIds
))
{
Iterable
<
RolePermission
>
rolePermissions
=
FluentIterable
.
from
(
permissionIds
).
transform
(
permissionId
->
{
RolePermission
rolePermission
=
new
RolePermission
();
rolePermission
.
setRoleId
(
createdRole
.
getId
());
rolePermission
.
setPermissionId
(
permissionId
);
rolePermission
.
setDataChangeCreatedBy
(
createdRole
.
getDataChangeCreatedBy
());
rolePermission
.
setDataChangeLastModifiedBy
(
createdRole
.
getDataChangeLastModifiedBy
());
return
rolePermission
;
});
rolePermissionRepository
.
save
(
rolePermissions
);
}
return
createdRole
;
}
/**
* Assign role to users
*
* @return the users assigned roles
*/
@Transactional
public
Set
<
String
>
assignRoleToUsers
(
String
roleName
,
Set
<
String
>
userIds
,
String
operatorUserId
)
{
Role
role
=
findRoleByRoleName
(
roleName
);
Preconditions
.
checkState
(
role
!=
null
,
"Role %s doesn't exist!"
,
roleName
);
List
<
UserRole
>
existedUserRoles
=
userRoleRepository
.
findByUserIdInAndRoleId
(
userIds
,
role
.
getId
());
Set
<
String
>
existedUserIds
=
FluentIterable
.
from
(
existedUserRoles
).
transform
(
userRole
->
userRole
.
getUserId
()).
toSet
();
Set
<
String
>
toAssignUserIds
=
Sets
.
difference
(
userIds
,
existedUserIds
);
Iterable
<
UserRole
>
toCreate
=
FluentIterable
.
from
(
toAssignUserIds
).
transform
(
userId
->
{
UserRole
userRole
=
new
UserRole
();
userRole
.
setRoleId
(
role
.
getId
());
userRole
.
setUserId
(
userId
);
userRole
.
setDataChangeCreatedBy
(
operatorUserId
);
userRole
.
setDataChangeLastModifiedBy
(
operatorUserId
);
return
userRole
;
});
userRoleRepository
.
save
(
toCreate
);
return
toAssignUserIds
;
}
/**
* Remove role from users
*/
@Transactional
public
void
removeRoleFromUsers
(
String
roleName
,
Set
<
String
>
userIds
,
String
operatorUserId
)
{
Role
role
=
findRoleByRoleName
(
roleName
);
Preconditions
.
checkState
(
role
!=
null
,
"Role %s doesn't exist!"
,
roleName
);
List
<
UserRole
>
existedUserRoles
=
userRoleRepository
.
findByUserIdInAndRoleId
(
userIds
,
role
.
getId
());
for
(
UserRole
userRole
:
existedUserRoles
)
{
userRole
.
setDeleted
(
true
);
userRole
.
setDataChangeLastModifiedTime
(
new
Date
());
userRole
.
setDataChangeLastModifiedBy
(
operatorUserId
);
}
userRoleRepository
.
save
(
existedUserRoles
);
}
/**
* Query users with role
*/
public
Set
<
UserInfo
>
queryUsersWithRole
(
String
roleName
)
{
Role
role
=
findRoleByRoleName
(
roleName
);
if
(
role
==
null
)
{
return
Collections
.
emptySet
();
}
List
<
UserRole
>
userRoles
=
userRoleRepository
.
findByRoleId
(
role
.
getId
());
Set
<
UserInfo
>
users
=
FluentIterable
.
from
(
userRoles
).
transform
(
userRole
->
{
UserInfo
userInfo
=
new
UserInfo
();
userInfo
.
setUserId
(
userRole
.
getUserId
());
return
userInfo
;
}).
toSet
();
return
users
;
}
/**
* Find role by role name, note that roleName should be unique
*/
public
Role
findRoleByRoleName
(
String
roleName
)
{
return
roleRepository
.
findTopByRoleName
(
roleName
);
}
/**
* Check whether user has the permission
*/
public
boolean
userHasPermission
(
String
userId
,
String
permissionType
,
String
targetId
)
{
Permission
permission
=
permissionRepository
.
findTopByPermissionTypeAndTargetId
(
permissionType
,
targetId
);
if
(
permission
==
null
)
{
return
false
;
}
if
(
isSuperAdmin
(
userId
))
{
return
true
;
}
List
<
UserRole
>
userRoles
=
userRoleRepository
.
findByUserId
(
userId
);
if
(
CollectionUtils
.
isEmpty
(
userRoles
))
{
return
false
;
}
Set
<
Long
>
roleIds
=
FluentIterable
.
from
(
userRoles
).
transform
(
userRole
->
userRole
.
getRoleId
()).
toSet
();
List
<
RolePermission
>
rolePermissions
=
rolePermissionRepository
.
findByRoleIdIn
(
roleIds
);
if
(
CollectionUtils
.
isEmpty
(
rolePermissions
))
{
return
false
;
}
for
(
RolePermission
rolePermission
:
rolePermissions
)
{
if
(
rolePermission
.
getPermissionId
()
==
permission
.
getId
())
{
return
true
;
}
}
return
false
;
}
public
boolean
isSuperAdmin
(
String
userId
)
{
return
portalConfig
.
superAdmins
().
contains
(
userId
);
}
/**
* Create permission, note that permissionType + targetId should be unique
*/
@Transactional
public
Permission
createPermission
(
Permission
permission
)
{
String
permissionType
=
permission
.
getPermissionType
();
String
targetId
=
permission
.
getTargetId
();
Permission
current
=
permissionRepository
.
findTopByPermissionTypeAndTargetId
(
permissionType
,
targetId
);
Preconditions
.
checkState
(
current
==
null
,
"Permission with permissionType %s targetId %s already exists!"
,
permissionType
,
targetId
);
return
permissionRepository
.
save
(
permission
);
}
/**
* Create permissions, note that permissionType + targetId should be unique
*/
@Transactional
public
Set
<
Permission
>
createPermissions
(
Set
<
Permission
>
permissions
)
{
Multimap
<
String
,
String
>
targetIdPermissionTypes
=
HashMultimap
.
create
();
for
(
Permission
permission
:
permissions
)
{
targetIdPermissionTypes
.
put
(
permission
.
getTargetId
(),
permission
.
getPermissionType
());
}
for
(
String
targetId
:
targetIdPermissionTypes
.
keySet
())
{
Collection
<
String
>
permissionTypes
=
targetIdPermissionTypes
.
get
(
targetId
);
List
<
Permission
>
current
=
permissionRepository
.
findByPermissionTypeInAndTargetId
(
permissionTypes
,
targetId
);
Preconditions
.
checkState
(
CollectionUtils
.
isEmpty
(
current
),
"Permission with permissionType %s targetId %s already exists!"
,
permissionTypes
,
targetId
);
}
Iterable
<
Permission
>
results
=
permissionRepository
.
save
(
permissions
);
return
FluentIterable
.
from
(
results
).
toSet
();
}
}
apollo-portal/src/test/java/com/ctrip/framework/apollo/portal/AllTests.java
浏览文件 @
14ccb66e
...
@@ -13,8 +13,8 @@ import com.ctrip.framework.apollo.portal.service.AppNamespaceServiceTest;
...
@@ -13,8 +13,8 @@ import com.ctrip.framework.apollo.portal.service.AppNamespaceServiceTest;
import
com.ctrip.framework.apollo.portal.service.ConfigServiceTest
;
import
com.ctrip.framework.apollo.portal.service.ConfigServiceTest
;
import
com.ctrip.framework.apollo.portal.service.FavoriteServiceTest
;
import
com.ctrip.framework.apollo.portal.service.FavoriteServiceTest
;
import
com.ctrip.framework.apollo.portal.service.NamespaceServiceTest
;
import
com.ctrip.framework.apollo.portal.service.NamespaceServiceTest
;
import
com.ctrip.framework.apollo.portal.s
ervice
.RoleInitializationServiceTest
;
import
com.ctrip.framework.apollo.portal.s
pi.defaultImpl
.RoleInitializationServiceTest
;
import
com.ctrip.framework.apollo.portal.s
ervice
.RolePermissionServiceTest
;
import
com.ctrip.framework.apollo.portal.s
pi.defaultImpl
.RolePermissionServiceTest
;
import
com.ctrip.framework.apollo.portal.spi.ctrip.CtripUserServiceTest
;
import
com.ctrip.framework.apollo.portal.spi.ctrip.CtripUserServiceTest
;
import
org.junit.runner.RunWith
;
import
org.junit.runner.RunWith
;
...
...
apollo-portal/src/test/java/com/ctrip/framework/apollo/portal/s
ervice
/RoleInitializationServiceTest.java
→
apollo-portal/src/test/java/com/ctrip/framework/apollo/portal/s
pi/defaultImpl
/RoleInitializationServiceTest.java
浏览文件 @
14ccb66e
package
com.ctrip.framework.apollo.portal.service
;
package
com.ctrip.framework.apollo.portal.spi.defaultImpl
;
import
com.google.common.collect.Sets
;
import
com.ctrip.framework.apollo.common.entity.App
;
import
com.ctrip.framework.apollo.common.entity.App
;
import
com.ctrip.framework.apollo.portal.AbstractUnitTest
;
import
com.ctrip.framework.apollo.portal.AbstractUnitTest
;
import
com.ctrip.framework.apollo.portal.constant.PermissionType
;
import
com.ctrip.framework.apollo.portal.constant.PermissionType
;
import
com.ctrip.framework.apollo.portal.entity.bo.UserInfo
;
import
com.ctrip.framework.apollo.portal.entity.po.Permission
;
import
com.ctrip.framework.apollo.portal.entity.po.Permission
;
import
com.ctrip.framework.apollo.portal.entity.po.Role
;
import
com.ctrip.framework.apollo.portal.entity.po.Role
;
import
com.ctrip.framework.apollo.portal.
entity.bo.UserInfo
;
import
com.ctrip.framework.apollo.portal.
service.RolePermissionService
;
import
com.ctrip.framework.apollo.portal.spi.UserInfoHolder
;
import
com.ctrip.framework.apollo.portal.spi.UserInfoHolder
;
import
com.ctrip.framework.apollo.portal.spi.defaultimpl.DefaultRoleInitializationService
;
import
com.ctrip.framework.apollo.portal.util.RoleUtils
;
import
com.ctrip.framework.apollo.portal.util.RoleUtils
;
import
com.google.common.collect.Sets
;
import
org.junit.Test
;
import
org.junit.Test
;
import
org.mockito.InjectMocks
;
import
org.mockito.InjectMocks
;
import
org.mockito.Mock
;
import
org.mockito.Mock
;
...
@@ -18,9 +18,7 @@ import org.mockito.Mock;
...
@@ -18,9 +18,7 @@ import org.mockito.Mock;
import
static
org
.
mockito
.
Matchers
.
any
;
import
static
org
.
mockito
.
Matchers
.
any
;
import
static
org
.
mockito
.
Matchers
.
anySetOf
;
import
static
org
.
mockito
.
Matchers
.
anySetOf
;
import
static
org
.
mockito
.
Matchers
.
anyString
;
import
static
org
.
mockito
.
Matchers
.
anyString
;
import
static
org
.
mockito
.
Mockito
.
times
;
import
static
org
.
mockito
.
Mockito
.*;
import
static
org
.
mockito
.
Mockito
.
verify
;
import
static
org
.
mockito
.
Mockito
.
when
;
public
class
RoleInitializationServiceTest
extends
AbstractUnitTest
{
public
class
RoleInitializationServiceTest
extends
AbstractUnitTest
{
...
@@ -35,7 +33,7 @@ public class RoleInitializationServiceTest extends AbstractUnitTest {
...
@@ -35,7 +33,7 @@ public class RoleInitializationServiceTest extends AbstractUnitTest {
@Mock
@Mock
private
UserInfoHolder
userInfoHolder
;
private
UserInfoHolder
userInfoHolder
;
@InjectMocks
@InjectMocks
private
RoleInitializationService
roleInitializationService
;
private
Default
RoleInitializationService
roleInitializationService
;
@Test
@Test
...
...
apollo-portal/src/test/java/com/ctrip/framework/apollo/portal/s
ervice
/RolePermissionServiceTest.java
→
apollo-portal/src/test/java/com/ctrip/framework/apollo/portal/s
pi/defaultImpl
/RolePermissionServiceTest.java
浏览文件 @
14ccb66e
package
com.ctrip.framework.apollo.portal.s
ervice
;
package
com.ctrip.framework.apollo.portal.s
pi.defaultImpl
;
import
com.ctrip.framework.apollo.portal.service.RolePermissionService
;
import
com.google.common.collect.FluentIterable
;
import
com.google.common.collect.FluentIterable
;
import
com.google.common.collect.Sets
;
import
com.google.common.collect.Sets
;
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录