Migrate user permissions to roles #1389
Conversation
… during startup of the master - existing stream and dashboard permissions are preserved - existing other permissions set via the API are preserved - RestPermissions.readerPermissions are migrated to reader role - '*' is migrated to admin role fixes #1382
| final Set<String> fixedPermissions = Sets.newHashSet(); | ||
| final Set<String> fixedRoleIds = Sets.newHashSet(user.getRoleIds()); | ||
|
|
||
| final HashSet<String> permissionSet = Sets.newHashSet(user.getPermissions()); |
joschi
Sep 2, 2015
Contributor
Minor nitpick: Why declare the variable as HashSet (implementation) instead of Set (interface)?
Minor nitpick: Why declare the variable as HashSet (implementation) instead of Set (interface)?
kroepke
Sep 2, 2015
Author
Member
because alt-cmd-v did it.
i'll change it (how can i make intellij make a better choice!?)
because alt-cmd-v did it.
i'll change it (how can i make intellij make a better choice!?)
| final String adminRoleId = roleService.getAdminRoleObjectId(); | ||
| final String readerRoleId = roleService.getReaderRoleObjectId(); | ||
|
|
||
| for (User user : users) { |
joschi
Sep 2, 2015
Contributor
So the migration process will always run on start. Is there some easy way to just run it only once?
So the migration process will always run on start. Is there some easy way to just run it only once?
joschi
Sep 2, 2015
Contributor
For example you could store a simple boolean in MongoDB using ClusterConfigService.
For example you could store a simple boolean in MongoDB using ClusterConfigService.
kroepke
Sep 2, 2015
Author
Member
will do, even though i think it will not make much of a difference, because it won't touch users after they are migrated.
still might be confusing people on debug level
will do, even though i think it will not make much of a difference, because it won't touch users after they are migrated.
still might be confusing people on debug level
joschi
Sep 3, 2015
Contributor
✅
| fixedRoleIds.add(readerRoleId); | ||
| } | ||
| // filter out the individual permissions to dashboards and streams | ||
| final ArrayList<String> dashboardStreamPermissions = Lists.newArrayList( |
joschi
Sep 2, 2015
Contributor
Minor nitpick: Why declare the variable as ArrayList (implementation) instead of List (interface)?
Minor nitpick: Why declare the variable as ArrayList (implementation) instead of List (interface)?
| public boolean apply( | ||
| String permission) { | ||
| return !basePermissions.contains( | ||
| permission) && !permission.equals( |
joschi
Sep 2, 2015
Contributor
This formatting looks weird.
This formatting looks weird.
| final UserPermissionMigrationState migrationState = | ||
| clusterConfigService.getOrDefault(UserPermissionMigrationState.class, | ||
| UserPermissionMigrationState.create(false)); | ||
| if (migrationState.migrationDone()) { |
joschi
Sep 2, 2015
Contributor
We could probably just move this into the startOnThisNode() method and return !migrationState.migrationDone(), which would just not run the periodical in clusters which have already been migrated.
We could probably just move this into the startOnThisNode() method and return !migrationState.migrationDone(), which would just not run the periodical in clusters which have already been migrated.
kroepke
Sep 2, 2015
Author
Member
JA 👍
JA
|
LGTM. |
Migrate pre-1.2.0 user permissions to roles
add periodical to migrate user's permissions to admin or reader roles during startup of the master
fixes #1382