Skip to content

Commit

Permalink
refactor and fix some bugs
Browse files Browse the repository at this point in the history
  • Loading branch information
@nobodyiam
nobodyiam committed Jul 23, 2018
1 parent cefdda6 commit f27bb7d
Show file tree
Hide file tree
Showing 18 changed files with 122 additions and 90 deletions.
13 changes: 6 additions & 7 deletions ...al/src/main/java/com/ctrip/framework/apollo/openapi/auth/ConsumerPermissionValidator.java
View file
Expand Up @@ -19,26 +19,25 @@ public class ConsumerPermissionValidator {
private ConsumerAuthUtil consumerAuthUtil;


public boolean hasModifyNamespacePermission(HttpServletRequest request, String appId, String
namespaceName) {

public boolean hasModifyNamespacePermission(HttpServletRequest request, String appId, String namespaceName,
String env) {
if (hasCreateNamespacePermission(request, appId)) {
return true;
}
return permissionService.consumerHasPermission(consumerAuthUtil.retrieveConsumerId(request),
PermissionType.MODIFY_NAMESPACE,
RoleUtils.buildNamespaceTargetId(appId, namespaceName, null));
RoleUtils.buildNamespaceTargetId(appId, namespaceName, env));

}

public boolean hasReleaseNamespacePermission(HttpServletRequest request, String appId, String
namespaceName) {
public boolean hasReleaseNamespacePermission(HttpServletRequest request, String appId, String namespaceName,
String env) {
if (hasCreateNamespacePermission(request, appId)) {
return true;
}
return permissionService.consumerHasPermission(consumerAuthUtil.retrieveConsumerId(request),
PermissionType.RELEASE_NAMESPACE,
RoleUtils.buildNamespaceTargetId(appId, namespaceName, null));
RoleUtils.buildNamespaceTargetId(appId, namespaceName, env));

}

Expand Down
4 changes: 4 additions & 0 deletions apollo-portal/src/main/java/com/ctrip/framework/apollo/openapi/service/ConsumerService.java
View file
Expand Up @@ -112,6 +112,10 @@ public Consumer getConsumerByConsumerId(long consumerId) {
return consumerRepository.findOne(consumerId);
}

public List<ConsumerRole> assignNamespaceRoleToConsumer(String token, String appId, String namespaceName) {
return assignNamespaceRoleToConsumer(token, appId, namespaceName, null);
}

@Transactional
public List<ConsumerRole> assignNamespaceRoleToConsumer(String token, String appId, String namespaceName, String env) {
Long consumerId = getConsumerIdByToken(token);
Expand Down
6 changes: 3 additions & 3 deletions ...portal/src/main/java/com/ctrip/framework/apollo/openapi/v1/controller/ItemController.java
View file
Expand Up @@ -32,7 +32,7 @@ public class ItemController {
private UserService userService;


@PreAuthorize(value = "@consumerPermissionValidator.hasModifyNamespacePermission(#request, #appId, #namespaceName)")
@PreAuthorize(value = "@consumerPermissionValidator.hasModifyNamespacePermission(#request, #appId, #namespaceName, #env)")
@RequestMapping(value = "/apps/{appId}/clusters/{clusterName}/namespaces/{namespaceName}/items", method = RequestMethod.POST)
public OpenItemDTO createItem(@PathVariable String appId, @PathVariable String env,
@PathVariable String clusterName, @PathVariable String namespaceName,
Expand Down Expand Up @@ -60,7 +60,7 @@ public OpenItemDTO createItem(@PathVariable String appId, @PathVariable String e
return OpenApiBeanUtils.transformFromItemDTO(createdItem);
}

@PreAuthorize(value = "@consumerPermissionValidator.hasModifyNamespacePermission(#request, #appId, #namespaceName)")
@PreAuthorize(value = "@consumerPermissionValidator.hasModifyNamespacePermission(#request, #appId, #namespaceName, #env)")
@RequestMapping(value = "/apps/{appId}/clusters/{clusterName}/namespaces/{namespaceName}/items/{key:.+}", method = RequestMethod.PUT)
public void updateItem(@PathVariable String appId, @PathVariable String env,
@PathVariable String clusterName, @PathVariable String namespaceName,
Expand Down Expand Up @@ -91,7 +91,7 @@ public void updateItem(@PathVariable String appId, @PathVariable String env,
}


@PreAuthorize(value = "@consumerPermissionValidator.hasModifyNamespacePermission(#request, #appId, #namespaceName)")
@PreAuthorize(value = "@consumerPermissionValidator.hasModifyNamespacePermission(#request, #appId, #namespaceName, #env)")
@RequestMapping(value = "/apps/{appId}/clusters/{clusterName}/namespaces/{namespaceName}/items/{key:.+}", method = RequestMethod.DELETE)
public void deleteItem(@PathVariable String appId, @PathVariable String env,
@PathVariable String clusterName, @PathVariable String namespaceName,
Expand Down
2 changes: 1 addition & 1 deletion ...tal/src/main/java/com/ctrip/framework/apollo/openapi/v1/controller/ReleaseController.java
View file
Expand Up @@ -33,7 +33,7 @@ public class ReleaseController {
@Autowired
private UserService userService;

@PreAuthorize(value = "@consumerPermissionValidator.hasReleaseNamespacePermission(#request, #appId, #namespaceName)")
@PreAuthorize(value = "@consumerPermissionValidator.hasReleaseNamespacePermission(#request, #appId, #namespaceName, #env)")
@RequestMapping(value = "/apps/{appId}/clusters/{clusterName}/namespaces/{namespaceName}/releases", method = RequestMethod.POST)
public OpenReleaseDTO createRelease(@PathVariable String appId, @PathVariable String env,
@PathVariable String clusterName,
Expand Down
33 changes: 23 additions & 10 deletions ...portal/src/main/java/com/ctrip/framework/apollo/portal/component/PermissionValidator.java
View file
Expand Up @@ -6,7 +6,6 @@
import com.ctrip.framework.apollo.portal.service.RolePermissionService;
import com.ctrip.framework.apollo.portal.spi.UserInfoHolder;
import com.ctrip.framework.apollo.portal.util.RoleUtils;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

Expand All @@ -20,24 +19,42 @@ public class PermissionValidator {
@Autowired
private PortalConfig portalConfig;

public boolean hasModifyNamespacePermission(String appId, String namespaceName, String env) {
public boolean hasModifyNamespacePermission(String appId, String namespaceName) {
return rolePermissionService.userHasPermission(userInfoHolder.getUser().getUserId(),
PermissionType.MODIFY_NAMESPACE,
RoleUtils.buildNamespaceTargetId(appId, namespaceName, env));
RoleUtils.buildNamespaceTargetId(appId, namespaceName));
}

public boolean hasReleaseNamespacePermission(String appId, String namespaceName, String env) {
public boolean hasModifyNamespacePermission(String appId, String namespaceName, String env) {
return hasModifyNamespacePermission(appId, namespaceName) ||
rolePermissionService.userHasPermission(userInfoHolder.getUser().getUserId(),
PermissionType.MODIFY_NAMESPACE, RoleUtils.buildNamespaceTargetId(appId, namespaceName, env));
}

public boolean hasReleaseNamespacePermission(String appId, String namespaceName) {
return rolePermissionService.userHasPermission(userInfoHolder.getUser().getUserId(),
PermissionType.RELEASE_NAMESPACE,
RoleUtils.buildNamespaceTargetId(appId, namespaceName, env));
RoleUtils.buildNamespaceTargetId(appId, namespaceName));
}

public boolean hasReleaseNamespacePermission(String appId, String namespaceName, String env) {
return hasReleaseNamespacePermission(appId, namespaceName) ||
rolePermissionService.userHasPermission(userInfoHolder.getUser().getUserId(),
PermissionType.RELEASE_NAMESPACE, RoleUtils.buildNamespaceTargetId(appId, namespaceName, env));
}

public boolean hasDeleteNamespacePermission(String appId) {
return hasAssignRolePermission(appId) || isSuperAdmin();
}

public boolean hasOperateNamespacePermission(String appId, String namespaceName) {
return hasModifyNamespacePermission(appId, namespaceName) || hasReleaseNamespacePermission(appId, namespaceName);
}

public boolean hasOperateNamespacePermission(String appId, String namespaceName, String env) {
return hasModifyNamespacePermission(appId, namespaceName, env) || hasReleaseNamespacePermission(appId, namespaceName, env);
return hasOperateNamespacePermission(appId, namespaceName) ||
hasModifyNamespacePermission(appId, namespaceName, env) ||
hasReleaseNamespacePermission(appId, namespaceName, env);
}

public boolean hasAssignRolePermission(String appId) {
Expand Down Expand Up @@ -77,8 +94,4 @@ public boolean isAppAdmin(String appId) {
public boolean isSuperAdmin() {
return rolePermissionService.isSuperAdmin(userInfoHolder.getUser().getUserId());
}

public boolean alwaysTrue() {
return true;
}
}
4 changes: 2 additions & 2 deletions ...a/com/ctrip/framework/apollo/portal/component/emailbuilder/ConfigPublishEmailBuilder.java
View file
Expand Up @@ -211,13 +211,13 @@ private ReleaseCompareResult getReleaseCompareResult(Env env, ReleaseHistoryBO r
private List<String> recipients(String appId, String namespaceName, String env) {
Set<UserInfo> modifyRoleUsers =
rolePermissionService
.queryUsersWithRole(RoleUtils.buildNamespaceRoleName(appId, namespaceName, RoleType.MODIFY_NAMESPACE, null));
.queryUsersWithRole(RoleUtils.buildNamespaceRoleName(appId, namespaceName, RoleType.MODIFY_NAMESPACE));
Set<UserInfo> envModifyRoleUsers =
rolePermissionService
.queryUsersWithRole(RoleUtils.buildNamespaceRoleName(appId, namespaceName, RoleType.MODIFY_NAMESPACE, env));
Set<UserInfo> releaseRoleUsers =
rolePermissionService
.queryUsersWithRole(RoleUtils.buildNamespaceRoleName(appId, namespaceName, RoleType.RELEASE_NAMESPACE, null));
.queryUsersWithRole(RoleUtils.buildNamespaceRoleName(appId, namespaceName, RoleType.RELEASE_NAMESPACE));
Set<UserInfo> envReleaseRoleUsers =
rolePermissionService
.queryUsersWithRole(RoleUtils.buildNamespaceRoleName(appId, namespaceName, RoleType.RELEASE_NAMESPACE, env));
Expand Down
15 changes: 11 additions & 4 deletions ...portal/src/main/java/com/ctrip/framework/apollo/portal/controller/ConsumerController.java
View file
Expand Up @@ -9,6 +9,8 @@
import com.ctrip.framework.apollo.openapi.entity.ConsumerToken;
import com.ctrip.framework.apollo.openapi.service.ConsumerService;

import com.google.common.base.Strings;
import com.google.common.collect.Lists;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.format.annotation.DateTimeFormat;
import org.springframework.security.access.prepost.PreAuthorize;
Expand Down Expand Up @@ -81,12 +83,17 @@ public List<ConsumerRole> assignNamespaceRoleToConsumer(@PathVariable String tok
throw new BadRequestException("Params(NamespaceName) can not be empty.");
}
if (null != envs){
String[] envList = envs.split(",");
String[] envArray = envs.split(",");
List<String> envList = Lists.newArrayList();
// validate env parameter
for (String env : envList) {
if (null != env && !"".equals(env) && null == EnvUtils.transformEnv(env)) {
for (String env : envArray) {
if (Strings.isNullOrEmpty(env)) {
continue;
}
if (null == EnvUtils.transformEnv(env)) {
throw new BadRequestException(String.format("env: %s is illegal", env));
}
envList.add(env);
}

List<ConsumerRole> consumeRoles = new ArrayList<>();
Expand All @@ -96,7 +103,7 @@ public List<ConsumerRole> assignNamespaceRoleToConsumer(@PathVariable String tok
return consumeRoles;
}

return consumerService.assignNamespaceRoleToConsumer(token, appId, namespaceName, null);
return consumerService.assignNamespaceRoleToConsumer(token, appId, namespaceName);
}
}

Expand Down
14 changes: 6 additions & 8 deletions apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/controller/ItemController.java
View file
Expand Up @@ -40,7 +40,7 @@ public class ItemController {
@Autowired
private PermissionValidator permissionValidator;

@PreAuthorize(value = "@permissionValidator.hasModifyNamespacePermission(#appId, #namespaceName, null) || @permissionValidator.hasModifyNamespacePermission(#appId, #namespaceName, #env)")
@PreAuthorize(value = "@permissionValidator.hasModifyNamespacePermission(#appId, #namespaceName, #env)")
@RequestMapping(value = "/apps/{appId}/envs/{env}/clusters/{clusterName}/namespaces/{namespaceName}/items", method = RequestMethod.PUT, consumes = {
"application/json"})
public void modifyItemsByText(@PathVariable String appId, @PathVariable String env,
Expand All @@ -57,7 +57,7 @@ public void modifyItemsByText(@PathVariable String appId, @PathVariable String e
configService.updateConfigItemByText(model);
}

@PreAuthorize(value = "@permissionValidator.hasModifyNamespacePermission(#appId, #namespaceName, null) || @permissionValidator.hasModifyNamespacePermission(#appId, #namespaceName, #env)")
@PreAuthorize(value = "@permissionValidator.hasModifyNamespacePermission(#appId, #namespaceName, #env)")
@RequestMapping(value = "/apps/{appId}/envs/{env}/clusters/{clusterName}/namespaces/{namespaceName}/item", method = RequestMethod.POST)
public ItemDTO createItem(@PathVariable String appId, @PathVariable String env,
@PathVariable String clusterName, @PathVariable String namespaceName,
Expand All @@ -76,7 +76,7 @@ public ItemDTO createItem(@PathVariable String appId, @PathVariable String env,
return configService.createItem(appId, Env.valueOf(env), clusterName, namespaceName, item);
}

@PreAuthorize(value = "@permissionValidator.hasModifyNamespacePermission(#appId, #namespaceName, null) || @permissionValidator.hasModifyNamespacePermission(#appId, #namespaceName, #env)")
@PreAuthorize(value = "@permissionValidator.hasModifyNamespacePermission(#appId, #namespaceName, #env)")
@RequestMapping(value = "/apps/{appId}/envs/{env}/clusters/{clusterName}/namespaces/{namespaceName}/item", method = RequestMethod.PUT)
public void updateItem(@PathVariable String appId, @PathVariable String env,
@PathVariable String clusterName, @PathVariable String namespaceName,
Expand All @@ -90,7 +90,7 @@ public void updateItem(@PathVariable String appId, @PathVariable String env,
}


@PreAuthorize(value = "@permissionValidator.hasModifyNamespacePermission(#appId, #namespaceName, null) || @permissionValidator.hasModifyNamespacePermission(#appId, #namespaceName, #env) ")
@PreAuthorize(value = "@permissionValidator.hasModifyNamespacePermission(#appId, #namespaceName, #env) ")
@RequestMapping(value = "/apps/{appId}/envs/{env}/clusters/{clusterName}/namespaces/{namespaceName}/items/{itemId}", method = RequestMethod.DELETE)
public void deleteItem(@PathVariable String appId, @PathVariable String env,
@PathVariable String clusterName, @PathVariable String namespaceName,
Expand Down Expand Up @@ -139,14 +139,12 @@ public List<ItemDiffs> diff(@RequestBody NamespaceSyncModel model) {
return configService.compare(model.getSyncToNamespaces(), model.getSyncItems());
}

//@PreAuthorize(value = "@permissionValidator.hasModifyNamespacePermission(#appId, #namespaceName)")
@PreAuthorize(value="@permissionValidator.alwaysTrue()")
@RequestMapping(value = "/apps/{appId}/namespaces/{namespaceName}/items", method = RequestMethod.PUT, consumes = {
"application/json"})
public ResponseEntity update(@PathVariable String appId, @PathVariable String namespaceName,
public ResponseEntity<Void> update(@PathVariable String appId, @PathVariable String namespaceName,
@RequestBody NamespaceSyncModel model) {
checkModel(Objects.nonNull(model) && !model.isInvalid());
boolean hasPermission = permissionValidator.hasModifyNamespacePermission(appId, namespaceName, null);
boolean hasPermission = permissionValidator.hasModifyNamespacePermission(appId, namespaceName);
Env envNoPermission = null;
// if uses has ModifyNamespace permission then he has permission
if (!hasPermission) {
Expand Down
11 changes: 5 additions & 6 deletions ...src/main/java/com/ctrip/framework/apollo/portal/controller/NamespaceBranchController.java
View file
Expand Up @@ -46,7 +46,7 @@ public NamespaceBO findBranch(@PathVariable String appId,
return namespaceBranchService.findBranch(appId, Env.valueOf(env), clusterName, namespaceName);
}

@PreAuthorize(value = "@permissionValidator.hasModifyNamespacePermission(#appId, #namespaceName, null) || @permissionValidator.hasModifyNamespacePermission(#appId, #namespaceName, #env)")
@PreAuthorize(value = "@permissionValidator.hasModifyNamespacePermission(#appId, #namespaceName, #env)")
@RequestMapping(value = "/apps/{appId}/envs/{env}/clusters/{clusterName}/namespaces/{namespaceName}/branches", method = RequestMethod.POST)
public NamespaceDTO createBranch(@PathVariable String appId,
@PathVariable String env,
Expand All @@ -63,9 +63,8 @@ public void deleteBranch(@PathVariable String appId,
@PathVariable String namespaceName,
@PathVariable String branchName) {

boolean canDelete = permissionValidator.hasReleaseNamespacePermission(appId, namespaceName, null) ||
permissionValidator.hasReleaseNamespacePermission(appId, namespaceName, env) ||
((permissionValidator.hasModifyNamespacePermission(appId, namespaceName, null) || permissionValidator.hasModifyNamespacePermission(appId, namespaceName, env)) &&
boolean canDelete = permissionValidator.hasReleaseNamespacePermission(appId, namespaceName, env) ||
(permissionValidator.hasModifyNamespacePermission(appId, namespaceName, env) &&
releaseService.loadLatestRelease(appId, Env.valueOf(env), branchName, namespaceName) == null);


Expand All @@ -82,7 +81,7 @@ public void deleteBranch(@PathVariable String appId,



@PreAuthorize(value = "@permissionValidator.hasReleaseNamespacePermission(#appId, #namespaceName, null) || @permissionValidator.hasReleaseNamespacePermission(#appId, #namespaceName, #env)")
@PreAuthorize(value = "@permissionValidator.hasReleaseNamespacePermission(#appId, #namespaceName, #env)")
@RequestMapping(value = "/apps/{appId}/envs/{env}/clusters/{clusterName}/namespaces/{namespaceName}/branches/{branchName}/merge", method = RequestMethod.POST)
public ReleaseDTO merge(@PathVariable String appId, @PathVariable String env,
@PathVariable String clusterName, @PathVariable String namespaceName,
Expand Down Expand Up @@ -121,7 +120,7 @@ public GrayReleaseRuleDTO getBranchGrayRules(@PathVariable String appId, @PathVa
}


@PreAuthorize(value = "@permissionValidator.hasOperateNamespacePermission(#appId, #namespaceName, null) || @permissionValidator.hasOperateNamespacePermission(#appId, #namespaceName, #env)")
@PreAuthorize(value = "@permissionValidator.hasOperateNamespacePermission(#appId, #namespaceName, #env)")
@RequestMapping(value = "/apps/{appId}/envs/{env}/clusters/{clusterName}/namespaces/{namespaceName}/branches/{branchName}/rules", method = RequestMethod.PUT)
public void updateBranchRules(@PathVariable String appId, @PathVariable String env,
@PathVariable String clusterName, @PathVariable String namespaceName,
Expand Down
4 changes: 2 additions & 2 deletions ...ortal/src/main/java/com/ctrip/framework/apollo/portal/controller/NamespaceController.java
View file
Expand Up @@ -208,10 +208,10 @@ private void assignNamespaceRoleToOperator(String appId, String namespaceName) {
String operator = userInfoHolder.getUser().getUserId();

rolePermissionService
.assignRoleToUsers(RoleUtils.buildNamespaceRoleName(appId, namespaceName, RoleType.MODIFY_NAMESPACE, null),
.assignRoleToUsers(RoleUtils.buildNamespaceRoleName(appId, namespaceName, RoleType.MODIFY_NAMESPACE),
Sets.newHashSet(operator), operator);
rolePermissionService
.assignRoleToUsers(RoleUtils.buildNamespaceRoleName(appId, namespaceName, RoleType.RELEASE_NAMESPACE, null),
.assignRoleToUsers(RoleUtils.buildNamespaceRoleName(appId, namespaceName, RoleType.RELEASE_NAMESPACE),
Sets.newHashSet(operator), operator);
}
}

0 comments on commit f27bb7d

Please sign in to comment.