权限管理 & bugfix

apolloconfig · Jun 15, 2016 · 4db23ba · 4db23ba
1 parent 67ecbe8
commit 4db23ba
Show file tree

Hide file tree

Showing 75 changed files with 1,739 additions and 448 deletions.
diff --git a/...rvice/src/main/java/com/ctrip/framework/apollo/adminservice/controller/AppController.java b/...rvice/src/main/java/com/ctrip/framework/apollo/adminservice/controller/AppController.java
@@ -11,7 +11,7 @@
 import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.RestController;
 
-import com.ctrip.framework.apollo.biz.entity.App;
+import com.ctrip.framework.apollo.common.entity.App;
 import com.ctrip.framework.apollo.biz.service.AdminService;
 import com.ctrip.framework.apollo.biz.service.AppService;
 import com.ctrip.framework.apollo.common.utils.BeanUtils;

diff --git a/.../main/java/com/ctrip/framework/apollo/adminservice/controller/AppNamespaceController.java b/.../main/java/com/ctrip/framework/apollo/adminservice/controller/AppNamespaceController.java
@@ -7,7 +7,7 @@
 import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.bind.annotation.RestController;
 
-import com.ctrip.framework.apollo.biz.entity.AppNamespace;
+import com.ctrip.framework.apollo.common.entity.AppNamespace;
 import com.ctrip.framework.apollo.biz.service.AppNamespaceService;
 import com.ctrip.framework.apollo.common.utils.BeanUtils;
 import com.ctrip.framework.apollo.core.dto.AppNamespaceDTO;

diff --git a/...e/src/test/java/com/ctrip/framework/apollo/adminservice/controller/AppControllerTest.java b/...e/src/test/java/com/ctrip/framework/apollo/adminservice/controller/AppControllerTest.java
@@ -9,7 +9,7 @@
 import org.springframework.test.context.jdbc.Sql.ExecutionPhase;
 import org.springframework.web.client.HttpClientErrorException;
 
-import com.ctrip.framework.apollo.biz.entity.App;
+import com.ctrip.framework.apollo.common.entity.App;
 import com.ctrip.framework.apollo.biz.repository.AppRepository;
 import com.ctrip.framework.apollo.common.utils.BeanUtils;
 import com.ctrip.framework.apollo.core.dto.AppDTO;

diff --git a/...t/java/com/ctrip/framework/apollo/adminservice/controller/AppNamespaceControllerTest.java b/...t/java/com/ctrip/framework/apollo/adminservice/controller/AppNamespaceControllerTest.java
@@ -1,6 +1,6 @@
 package com.ctrip.framework.apollo.adminservice.controller;
 
-import com.ctrip.framework.apollo.biz.entity.AppNamespace;
+import com.ctrip.framework.apollo.common.entity.AppNamespace;
 import com.ctrip.framework.apollo.biz.repository.AppNamespaceRepository;
 import com.ctrip.framework.apollo.core.dto.AppNamespaceDTO;
 

diff --git a/...test/java/com/ctrip/framework/apollo/adminservice/controller/ControllerExceptionTest.java b/...test/java/com/ctrip/framework/apollo/adminservice/controller/ControllerExceptionTest.java
@@ -14,12 +14,9 @@
 import org.mockito.runners.MockitoJUnitRunner;
 import org.springframework.data.domain.PageRequest;
 import org.springframework.data.domain.Pageable;
-import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.userdetails.User;
-import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.test.util.ReflectionTestUtils;
 
-import com.ctrip.framework.apollo.biz.entity.App;
+import com.ctrip.framework.apollo.common.entity.App;
 import com.ctrip.framework.apollo.biz.service.AdminService;
 import com.ctrip.framework.apollo.biz.service.AppService;
 import com.ctrip.framework.apollo.core.dto.AppDTO;

diff --git a/...om/ctrip/framework/apollo/adminservice/controller/ControllerIntegrationExceptionTest.java b/...om/ctrip/framework/apollo/adminservice/controller/ControllerIntegrationExceptionTest.java
@@ -16,7 +16,7 @@
 import org.springframework.test.util.ReflectionTestUtils;
 import org.springframework.web.client.HttpStatusCodeException;
 
-import com.ctrip.framework.apollo.biz.entity.App;
+import com.ctrip.framework.apollo.common.entity.App;
 import com.ctrip.framework.apollo.biz.service.AdminService;
 import com.ctrip.framework.apollo.biz.service.AppService;
 import com.ctrip.framework.apollo.core.dto.AppDTO;

diff --git a/...o-biz/src/main/java/com/ctrip/framework/apollo/biz/repository/AppNamespaceRepository.java b/...o-biz/src/main/java/com/ctrip/framework/apollo/biz/repository/AppNamespaceRepository.java
@@ -2,7 +2,7 @@
 
 import org.springframework.data.repository.PagingAndSortingRepository;
 
-import com.ctrip.framework.apollo.biz.entity.AppNamespace;
+import com.ctrip.framework.apollo.common.entity.AppNamespace;
 
 import java.util.List;
 

diff --git a/apollo-biz/src/main/java/com/ctrip/framework/apollo/biz/repository/AppRepository.java b/apollo-biz/src/main/java/com/ctrip/framework/apollo/biz/repository/AppRepository.java
@@ -6,7 +6,7 @@
 import org.springframework.data.repository.PagingAndSortingRepository;
 import org.springframework.data.repository.query.Param;
 
-import com.ctrip.framework.apollo.biz.entity.App;
+import com.ctrip.framework.apollo.common.entity.App;
 
 public interface AppRepository extends PagingAndSortingRepository<App, Long> {
 

diff --git a/apollo-biz/src/main/java/com/ctrip/framework/apollo/biz/service/AdminService.java b/apollo-biz/src/main/java/com/ctrip/framework/apollo/biz/service/AdminService.java
@@ -4,7 +4,7 @@
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 
-import com.ctrip.framework.apollo.biz.entity.App;
+import com.ctrip.framework.apollo.common.entity.App;
 
 @Service
 public class AdminService {

diff --git a/apollo-biz/src/main/java/com/ctrip/framework/apollo/biz/service/AppNamespaceService.java b/apollo-biz/src/main/java/com/ctrip/framework/apollo/biz/service/AppNamespaceService.java
@@ -9,7 +9,7 @@
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 
-import com.ctrip.framework.apollo.biz.entity.AppNamespace;
+import com.ctrip.framework.apollo.common.entity.AppNamespace;
 import com.ctrip.framework.apollo.biz.entity.Audit;
 import com.ctrip.framework.apollo.biz.repository.AppNamespaceRepository;
 import com.ctrip.framework.apollo.common.utils.BeanUtils;

diff --git a/apollo-biz/src/main/java/com/ctrip/framework/apollo/biz/service/AppService.java b/apollo-biz/src/main/java/com/ctrip/framework/apollo/biz/service/AppService.java
@@ -9,7 +9,7 @@
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 
-import com.ctrip.framework.apollo.biz.entity.App;
+import com.ctrip.framework.apollo.common.entity.App;
 import com.ctrip.framework.apollo.biz.entity.Audit;
 import com.ctrip.framework.apollo.biz.repository.AppRepository;
 import com.ctrip.framework.apollo.common.utils.BeanUtils;

diff --git a/...z/src/test/java/com/ctrip/framework/apollo/biz/repository/AppNamespaceRepositoryTest.java b/...z/src/test/java/com/ctrip/framework/apollo/biz/repository/AppNamespaceRepositoryTest.java
@@ -1,7 +1,7 @@
 package com.ctrip.framework.apollo.biz.repository;
 
 import com.ctrip.framework.apollo.biz.BizTestConfiguration;
-import com.ctrip.framework.apollo.biz.entity.AppNamespace;
+import com.ctrip.framework.apollo.common.entity.AppNamespace;
 import com.ctrip.framework.apollo.core.ConfigConsts;
 
 import org.junit.Assert;

diff --git a/apollo-biz/src/test/java/com/ctrip/framework/apollo/biz/repository/AppRepositoryTest.java b/apollo-biz/src/test/java/com/ctrip/framework/apollo/biz/repository/AppRepositoryTest.java
@@ -10,7 +10,7 @@
 import org.springframework.transaction.annotation.Transactional;
 
 import com.ctrip.framework.apollo.biz.BizTestConfiguration;
-import com.ctrip.framework.apollo.biz.entity.App;
+import com.ctrip.framework.apollo.common.entity.App;
 
 @RunWith(SpringJUnit4ClassRunner.class)
 @SpringApplicationConfiguration(classes = BizTestConfiguration.class)

diff --git a/apollo-biz/src/test/java/com/ctrip/framework/apollo/biz/service/AdminServiceTest.java b/apollo-biz/src/test/java/com/ctrip/framework/apollo/biz/service/AdminServiceTest.java
@@ -13,7 +13,7 @@
 import org.springframework.transaction.annotation.Transactional;
 
 import com.ctrip.framework.apollo.biz.BizTestConfiguration;
-import com.ctrip.framework.apollo.biz.entity.App;
+import com.ctrip.framework.apollo.common.entity.App;
 import com.ctrip.framework.apollo.biz.entity.Audit;
 import com.ctrip.framework.apollo.biz.entity.Cluster;
 import com.ctrip.framework.apollo.biz.entity.Namespace;

diff --git a/...biz/src/test/java/com/ctrip/framework/apollo/biz/service/AdminServiceTransactionTest.java b/...biz/src/test/java/com/ctrip/framework/apollo/biz/service/AdminServiceTransactionTest.java
@@ -17,7 +17,7 @@
 import org.springframework.transaction.annotation.Transactional;
 
 import com.ctrip.framework.apollo.biz.BizTestConfiguration;
-import com.ctrip.framework.apollo.biz.entity.App;
+import com.ctrip.framework.apollo.common.entity.App;
 import com.ctrip.framework.apollo.biz.repository.AppNamespaceRepository;
 import com.ctrip.framework.apollo.biz.repository.AppRepository;
 import com.ctrip.framework.apollo.biz.repository.ClusterRepository;

diff --git a/apollo-biz/src/test/java/com/ctrip/framework/apollo/biz/service/ClusterServiceTest.java b/apollo-biz/src/test/java/com/ctrip/framework/apollo/biz/service/ClusterServiceTest.java
@@ -11,7 +11,7 @@
 import org.springframework.transaction.annotation.Transactional;
 
 import com.ctrip.framework.apollo.biz.BizTestConfiguration;
-import com.ctrip.framework.apollo.biz.entity.App;
+import com.ctrip.framework.apollo.common.entity.App;
 import com.ctrip.framework.apollo.core.exception.ServiceException;
 
 @RunWith(SpringJUnit4ClassRunner.class)

diff --git a/apollo-biz/src/test/java/com/ctrip/framework/apollo/biz/service/PrivilegeServiceTest.java b/apollo-biz/src/test/java/com/ctrip/framework/apollo/biz/service/PrivilegeServiceTest.java
@@ -13,7 +13,7 @@
 import org.springframework.transaction.annotation.Transactional;
 
 import com.ctrip.framework.apollo.biz.BizTestConfiguration;
-import com.ctrip.framework.apollo.biz.entity.App;
+import com.ctrip.framework.apollo.common.entity.App;
 import com.ctrip.framework.apollo.biz.entity.Cluster;
 import com.ctrip.framework.apollo.biz.entity.Namespace;
 import com.ctrip.framework.apollo.biz.entity.Privilege;

diff --git a/apollo-common/src/main/java/com/ctrip/framework/apollo/common/auth/WebSecurityConfig.java b/apollo-common/src/main/java/com/ctrip/framework/apollo/common/auth/WebSecurityConfig.java
@@ -3,12 +3,14 @@
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 
 @Configuration
 @EnableWebSecurity
+@EnableGlobalMethodSecurity(prePostEnabled = true)
 public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
 
   @Override

diff --git a/...main/java/com/ctrip/framework/apollo/common/controller/GlobalDefaultExceptionHandler.java b/...main/java/com/ctrip/framework/apollo/common/controller/GlobalDefaultExceptionHandler.java
@@ -3,6 +3,7 @@
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.AccessDeniedException;
 import org.springframework.web.HttpMediaTypeException;
 import org.springframework.web.HttpRequestMethodNotSupportedException;
 import org.springframework.web.bind.annotation.ControllerAdvice;
@@ -28,6 +29,7 @@
 import static org.springframework.http.HttpStatus.BAD_REQUEST;
 import static org.springframework.http.HttpStatus.INTERNAL_SERVER_ERROR;
 import static org.springframework.http.HttpStatus.NOT_FOUND;
+import static org.springframework.http.HttpStatus.UNAUTHORIZED;
 import static org.springframework.http.MediaType.APPLICATION_JSON;
 
 @ControllerAdvice
@@ -42,25 +44,52 @@ public ResponseEntity<Map<String, Object>> exception(HttpServletRequest request,
     return handleError(request, INTERNAL_SERVER_ERROR, ex);
   }
 
+  @ExceptionHandler({HttpRequestMethodNotSupportedException.class, HttpMediaTypeException.class, BadRequestException.class})
+  public ResponseEntity<Map<String, Object>> badRequest(HttpServletRequest request,
+      ServletException ex) {
+    return handleError(request, BAD_REQUEST, ex);
+  }
+
+  @ExceptionHandler(NotFoundException.class)
+  public ResponseEntity<Map<String, Object>> notFound(HttpServletRequest request,
+      NotFoundException ex) {
+    return handleError(request, NOT_FOUND, ex);
+  }
+
+  @ExceptionHandler(HttpStatusCodeException.class)
+  public ResponseEntity<Map<String, Object>> restTemplateException(HttpServletRequest request,
+      HttpStatusCodeException ex) {
+    Map<String, Object> errorAttributes = gson.fromJson(ex.getResponseBodyAsString(), mapType);
+    HttpHeaders headers = new HttpHeaders();
+    headers.setContentType(APPLICATION_JSON);
+    return new ResponseEntity<>(errorAttributes, headers, ex.getStatusCode());
+  }
+
+  @ExceptionHandler(AccessDeniedException.class)
+  public ResponseEntity<Map<String, Object>> accessDeny(HttpServletRequest request,
+                                                        AccessDeniedException ex) {
+    return handleError(request, UNAUTHORIZED, ex);
+  }
+
   private ResponseEntity<Map<String, Object>> handleError(HttpServletRequest request,
-      HttpStatus status, Throwable ex) {
+                                                          HttpStatus status, Throwable ex) {
     return handleError(request, status, ex, ex.getMessage());
   }
 
   private ResponseEntity<Map<String, Object>> handleError(HttpServletRequest request,
-      HttpStatus status, Throwable ex, String message) {
+                                                          HttpStatus status, Throwable ex, String message) {
     ex = resolveError(ex);
     if (ex.getCause() instanceof HttpStatusCodeException) {
       return restTemplateException(request, (HttpStatusCodeException) ex.getCause());
     }
 
     Cat.logError(ex);
-    
+
     Map<String, Object> errorAttributes = new LinkedHashMap<>();
     errorAttributes.put("status", status.value());
     errorAttributes.put("message", message);
     errorAttributes.put("timestamp",
-        LocalDateTime.now().format(DateTimeFormatter.ISO_LOCAL_DATE_TIME));
+                        LocalDateTime.now().format(DateTimeFormatter.ISO_LOCAL_DATE_TIME));
     errorAttributes.put("exception", resolveError(ex).getClass().getName());
 //    errorAttributes.put("stackTrace", ex.getStackTrace());
     if (ex instanceof AbstractBaseException) {
@@ -71,33 +100,6 @@ private ResponseEntity<Map<String, Object>> handleError(HttpServletRequest reque
     return new ResponseEntity<>(errorAttributes, headers, status);
   }
 
-  @ExceptionHandler({HttpRequestMethodNotSupportedException.class, HttpMediaTypeException.class})
-  public ResponseEntity<Map<String, Object>> methodNotSupportedException(HttpServletRequest request,
-      ServletException ex) {
-    return handleError(request, BAD_REQUEST, ex);
-  }
-
-  @ExceptionHandler(NotFoundException.class)
-  public ResponseEntity<Map<String, Object>> notFound(HttpServletRequest request,
-      NotFoundException ex) {
-    return handleError(request, NOT_FOUND, ex);
-  }
-
-  @ExceptionHandler(BadRequestException.class)
-  public ResponseEntity<Map<String, Object>> badRequest(HttpServletRequest request,
-      BadRequestException ex) {
-    return handleError(request, BAD_REQUEST, ex);
-  }
-
-  @ExceptionHandler(HttpStatusCodeException.class)
-  public ResponseEntity<Map<String, Object>> restTemplateException(HttpServletRequest request,
-      HttpStatusCodeException ex) {
-    Map<String, Object> errorAttributes = gson.fromJson(ex.getResponseBodyAsString(), mapType);
-    HttpHeaders headers = new HttpHeaders();
-    headers.setContentType(APPLICATION_JSON);
-    return new ResponseEntity<>(errorAttributes, headers, ex.getStatusCode());
-  }
-
   private Throwable resolveError(Throwable ex) {
     while (ex instanceof ServletException && ex.getCause() != null) {
       ex = ((ServletException) ex).getCause();

diff --git a/...trip/framework/apollo/biz/entity/App.java → ...p/framework/apollo/common/entity/App.java b/...trip/framework/apollo/biz/entity/App.java → ...p/framework/apollo/common/entity/App.java
@@ -1,4 +1,4 @@
-package com.ctrip.framework.apollo.biz.entity;
+package com.ctrip.framework.apollo.common.entity;
 
 import com.ctrip.framework.apollo.common.entity.BaseEntity;
 

diff --git a/...ework/apollo/biz/entity/AppNamespace.java → ...rk/apollo/common/entity/AppNamespace.java b/...ework/apollo/biz/entity/AppNamespace.java → ...rk/apollo/common/entity/AppNamespace.java
@@ -1,6 +1,5 @@
-package com.ctrip.framework.apollo.biz.entity;
+package com.ctrip.framework.apollo.common.entity;
 
-import com.ctrip.framework.apollo.common.entity.BaseEntity;
 
 import javax.persistence.Column;
 import javax.persistence.Entity;

diff --git a/...e/src/main/java/com/ctrip/framework/apollo/configservice/controller/ConfigController.java b/...e/src/main/java/com/ctrip/framework/apollo/configservice/controller/ConfigController.java
@@ -8,7 +8,7 @@
 import com.google.gson.Gson;
 import com.google.gson.reflect.TypeToken;
 
-import com.ctrip.framework.apollo.biz.entity.AppNamespace;
+import com.ctrip.framework.apollo.common.entity.AppNamespace;
 import com.ctrip.framework.apollo.biz.entity.Release;
 import com.ctrip.framework.apollo.biz.service.AppNamespaceService;
 import com.ctrip.framework.apollo.biz.service.ConfigService;

diff --git a/...main/java/com/ctrip/framework/apollo/configservice/controller/NotificationController.java b/...main/java/com/ctrip/framework/apollo/configservice/controller/NotificationController.java
@@ -9,7 +9,7 @@
 import com.google.common.collect.Multimaps;
 import com.google.common.collect.Sets;
 
-import com.ctrip.framework.apollo.biz.entity.AppNamespace;
+import com.ctrip.framework.apollo.common.entity.AppNamespace;
 import com.ctrip.framework.apollo.biz.entity.ReleaseMessage;
 import com.ctrip.framework.apollo.biz.message.ReleaseMessageListener;
 import com.ctrip.framework.apollo.biz.message.Topics;

diff --git a/...c/test/java/com/ctrip/framework/apollo/configservice/controller/ConfigControllerTest.java b/...c/test/java/com/ctrip/framework/apollo/configservice/controller/ConfigControllerTest.java
@@ -6,7 +6,7 @@
 import com.google.gson.Gson;
 import com.google.gson.JsonSyntaxException;
 
-import com.ctrip.framework.apollo.biz.entity.AppNamespace;
+import com.ctrip.framework.apollo.common.entity.AppNamespace;
 import com.ctrip.framework.apollo.biz.entity.Release;
 import com.ctrip.framework.apollo.biz.service.AppNamespaceService;
 import com.ctrip.framework.apollo.biz.service.ConfigService;

diff --git a/.../java/com/ctrip/framework/apollo/configservice/controller/NotificationControllerTest.java b/.../java/com/ctrip/framework/apollo/configservice/controller/NotificationControllerTest.java
@@ -4,7 +4,7 @@
 import com.google.common.collect.Lists;
 import com.google.common.collect.Multimap;
 
-import com.ctrip.framework.apollo.biz.entity.AppNamespace;
+import com.ctrip.framework.apollo.common.entity.AppNamespace;
 import com.ctrip.framework.apollo.biz.entity.ReleaseMessage;
 import com.ctrip.framework.apollo.biz.message.Topics;
 import com.ctrip.framework.apollo.biz.service.AppNamespaceService;

diff --git a/apollo-portal/pom.xml b/apollo-portal/pom.xml
@@ -28,6 +28,11 @@
 			<artifactId>h2</artifactId>
 			<scope>test</scope>
 		</dependency>
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-hateoas</artifactId>
+			<version>1.3.5.RELEASE</version>
+		</dependency>
 	</dependencies>
 	<build>
 		<plugins>

diff --git a/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/auth/PermissionValidator.java b/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/auth/PermissionValidator.java
@@ -0,0 +1,50 @@
+package com.ctrip.framework.apollo.portal.auth;
+
+import com.ctrip.framework.apollo.portal.constant.PermissionType;
+import com.ctrip.framework.apollo.portal.service.RolePermissionService;
+import com.ctrip.framework.apollo.portal.util.RoleUtils;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+@Component("permissionValidator")
+public class PermissionValidator {
+
+  @Autowired
+  private UserInfoHolder userInfoHolder;
+  @Autowired
+  private RolePermissionService rolePermissionService;
+
+  public boolean hasModifyNamespacePermission(String appId, String namespaceName){
+    return rolePermissionService.userHasPermission(userInfoHolder.getUser().getUserId(),
+                                            PermissionType.MODIFY_NAMESPACE,
+                                            RoleUtils.buildNamespaceTargetId(appId, namespaceName));
+
+  }
+
+  public boolean hasReleaseNamespacePermission(String appId, String namespaceName){
+    return rolePermissionService.userHasPermission(userInfoHolder.getUser().getUserId(),
+                                                   PermissionType.RELEASE_NAMESPACE,
+                                                   RoleUtils.buildNamespaceTargetId(appId, namespaceName));
+
+  }
+
+  public boolean hasAssignRolePermission(String appId){
+    return rolePermissionService.userHasPermission(userInfoHolder.getUser().getUserId(),
+                                                   PermissionType.ASSIGN_ROLE,
+                                                   appId);
+  }
+
+  public boolean hasCreateNamespacePermission(String appId){
+    return rolePermissionService.userHasPermission(userInfoHolder.getUser().getUserId(),
+                                                   PermissionType.CREATE_NAMESPACE,
+                                                   appId);
+  }
+
+
+  public boolean hasCreateClusterPermission(String appId){
+    return rolePermissionService.userHasPermission(userInfoHolder.getUser().getUserId(),
+                                                   PermissionType.CREATE_CLUSTER,
+                                                   appId);
+  }
+}