Skip to content

Commit

Permalink
refactor methods about check permissions and user info when noauth ac…
Browse files Browse the repository at this point in the history 
…tive
  • Loading branch information
@baixinsui
baixinsui committed Apr 9, 2024
1 parent 23ca1a5 commit f452f0c
Show file tree
Hide file tree
Showing 31 changed files with 815 additions and 479 deletions.
7 changes: 6 additions & 1 deletion modules/api/src/main/java/org/eclipse/xpanse/api/config/ServiceTemplateEntityConverter.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@

import java.util.List;
import java.util.Objects;
import org.apache.commons.lang3.StringUtils;
import org.eclipse.xpanse.api.controllers.ServiceCatalogApi;
import org.eclipse.xpanse.modules.database.servicetemplate.ServiceTemplateEntity;
import org.eclipse.xpanse.modules.models.servicetemplate.FlavorBasic;
Expand Down Expand Up @@ -35,7 +36,11 @@ public static ServiceTemplateDetailVo convertToServiceTemplateDetailVo(
serviceTemplateDetailVo.setIcon(serviceTemplateEntity.getOcl().getIcon());
serviceTemplateDetailVo.setDescription(
serviceTemplateEntity.getOcl().getDescription());
serviceTemplateDetailVo.setNamespace(serviceTemplateEntity.getOcl().getNamespace());
if (StringUtils.isNotEmpty(serviceTemplateEntity.getNamespace())) {
serviceTemplateDetailVo.setNamespace(serviceTemplateEntity.getNamespace());
} else {
serviceTemplateDetailVo.setNamespace(serviceTemplateEntity.getOcl().getNamespace());
}
serviceTemplateDetailVo.setBilling(serviceTemplateEntity.getOcl().getBilling());
serviceTemplateDetailVo.setFlavors(serviceTemplateEntity.getOcl().getFlavors());
serviceTemplateDetailVo.setDeployment(serviceTemplateEntity.getOcl().getDeployment());
Expand Down
41 changes: 19 additions & 22 deletions modules/api/src/main/java/org/eclipse/xpanse/api/controllers/AdminServicesApi.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.tags.Tag;
import jakarta.annotation.Nullable;
import jakarta.annotation.Resource;
import java.util.ArrayList;
import java.util.List;
import java.util.Objects;
Expand All @@ -31,7 +32,7 @@
import org.eclipse.xpanse.modules.policy.PolicyManager;
import org.eclipse.xpanse.modules.security.IdentityProviderManager;
import org.eclipse.xpanse.modules.security.IdentityProviderService;
import org.eclipse.xpanse.modules.security.common.CurrentUserInfo;
import org.eclipse.xpanse.modules.security.UserServiceHelper;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.security.access.annotation.Secured;
Expand All @@ -52,30 +53,29 @@
@Secured({ROLE_ADMIN})
public class AdminServicesApi {

private final IdentityProviderManager identityProviderManager;
private final PluginManager pluginManager;
private final DatabaseManager databaseManager;
private final TerraformBootManager terraformBootManager;
private final TofuMakerManager tofuMakerManager;
private final PolicyManager policyManager;
private final OpenTelemetryCollectorHealthCheck openTelemetryHealthCheck;
@Resource
private IdentityProviderManager identityProviderManager;
@Resource
private PluginManager pluginManager;
@Resource
private DatabaseManager databaseManager;
@Resource
private PolicyManager policyManager;
@Resource
private OpenTelemetryCollectorHealthCheck openTelemetryHealthCheck;
@Resource
private UserServiceHelper userServiceHelper;

/**
* Constructor for AdminServicesApi bean.
*/
public AdminServicesApi(IdentityProviderManager identityProviderManager,
PluginManager pluginManager, DatabaseManager databaseManager,
@Nullable TerraformBootManager terraformBootManager,
@Nullable TofuMakerManager tofuMakerManager,
PolicyManager policyManager,
OpenTelemetryCollectorHealthCheck openTelemetryHealthCheck) {
this.identityProviderManager = identityProviderManager;
this.pluginManager = pluginManager;
this.databaseManager = databaseManager;
public AdminServicesApi(
@Nullable TerraformBootManager terraformBootManager,
@Nullable TofuMakerManager tofuMakerManager) {
this.terraformBootManager = terraformBootManager;
this.tofuMakerManager = tofuMakerManager;
this.policyManager = policyManager;
this.openTelemetryHealthCheck = openTelemetryHealthCheck;
}


Expand Down Expand Up @@ -179,14 +179,11 @@ private List<BackendSystemStatus> checkHealthOfAllBackendSystems() {
}

private void processShownFields(BackendSystemStatus backendSystemStatus) {
CurrentUserInfo currentUserInfo = identityProviderManager.getCurrentUserInfo();
boolean allFieldsShown = Objects.nonNull(currentUserInfo) && !CollectionUtils.isEmpty(
currentUserInfo.getRoles()) && currentUserInfo.getRoles().contains(ROLE_ADMIN);
if (!allFieldsShown) {
boolean userHasRoleAdmin = userServiceHelper.currentUserHasRole(ROLE_ADMIN);
if (!userHasRoleAdmin) {
backendSystemStatus.setEndpoint(null);
backendSystemStatus.setDetails(null);
}

}

}
10 changes: 4 additions & 6 deletions modules/api/src/main/java/org/eclipse/xpanse/api/controllers/CspServiceTemplateApi.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,6 @@
import jakarta.annotation.Resource;
import jakarta.validation.Valid;
import java.util.List;
import java.util.Optional;
import java.util.UUID;
import lombok.extern.slf4j.Slf4j;
import org.eclipse.xpanse.api.config.ServiceTemplateEntityConverter;
Expand All @@ -29,7 +28,7 @@
import org.eclipse.xpanse.modules.models.servicetemplate.enums.ServiceHostingType;
import org.eclipse.xpanse.modules.models.servicetemplate.enums.ServiceRegistrationState;
import org.eclipse.xpanse.modules.models.servicetemplate.view.ServiceTemplateDetailVo;
import org.eclipse.xpanse.modules.security.IdentityProviderManager;
import org.eclipse.xpanse.modules.security.UserServiceHelper;
import org.eclipse.xpanse.modules.servicetemplate.ServiceTemplateManage;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
Expand Down Expand Up @@ -58,7 +57,7 @@ public class CspServiceTemplateApi {
@Resource
private ServiceTemplateManage serviceTemplateManage;
@Resource
private IdentityProviderManager identityProviderManager;
private UserServiceHelper userServiceHelper;

/**
* List service templates with query params.
Expand Down Expand Up @@ -88,10 +87,9 @@ public List<ServiceTemplateDetailVo> listManagedServiceTemplates(
@Parameter(name = "serviceRegistrationState", description = "state of registration")
@RequestParam(name = "serviceRegistrationState", required = false)
ServiceRegistrationState serviceRegistrationState) {
Optional<Csp> cspOptional = identityProviderManager.getCspFromMetadata();
Csp cspName = cspOptional.orElse(null);
Csp csp = userServiceHelper.getCurrentUserManageCsp();
ServiceTemplateQueryModel queryRequest =
new ServiceTemplateQueryModel(categoryName, cspName, serviceName, serviceVersion,
new ServiceTemplateQueryModel(categoryName, csp, serviceName, serviceVersion,
serviceHostingType, serviceRegistrationState, false);
List<ServiceTemplateEntity> serviceTemplateEntities =
serviceTemplateManage.listServiceTemplates(queryRequest);
Expand Down
14 changes: 4 additions & 10 deletions modules/api/src/main/java/org/eclipse/xpanse/api/controllers/ExistingCloudResourcesApi.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,16 +13,14 @@
import io.swagger.v3.oas.annotations.tags.Tag;
import jakarta.annotation.Resource;
import java.util.List;
import java.util.Optional;
import lombok.extern.slf4j.Slf4j;
import org.eclipse.xpanse.modules.models.common.enums.Csp;
import org.eclipse.xpanse.modules.models.service.deploy.enums.DeployResourceKind;
import org.eclipse.xpanse.modules.orchestrator.OrchestratorPlugin;
import org.eclipse.xpanse.modules.orchestrator.PluginManager;
import org.eclipse.xpanse.modules.security.IdentityProviderManager;
import org.eclipse.xpanse.modules.security.UserServiceHelper;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.annotation.Secured;
import org.springframework.web.bind.annotation.CrossOrigin;
import org.springframework.web.bind.annotation.GetMapping;
Expand All @@ -47,7 +45,7 @@ public class ExistingCloudResourcesApi {
private PluginManager pluginManager;

@Resource
private IdentityProviderManager identityProviderManager;
private UserServiceHelper userServiceHelper;

/**
* List existing cloud resources based on type.
Expand All @@ -66,13 +64,9 @@ public List<String> getExistingResourceNamesWithKind(
@Parameter(name = "deployResourceKind", description = "kind of the CloudResource")
@PathVariable("deployResourceKind") DeployResourceKind deployResourceKind) {

Optional<String> userIdOptional = identityProviderManager.getCurrentLoginUserId();
if (userIdOptional.isEmpty()) {
throw new AccessDeniedException(
"No permissions to view resources of services belonging to other users.");
}
String userId = userServiceHelper.getCurrentUserId();
OrchestratorPlugin orchestratorPlugin = pluginManager.getOrchestratorPlugin(csp);
return orchestratorPlugin.getExistingResourceNamesWithKind(userIdOptional.get(), region,
return orchestratorPlugin.getExistingResourceNamesWithKind(userId, region,
deployResourceKind);
}
}
31 changes: 14 additions & 17 deletions modules/api/src/main/java/org/eclipse/xpanse/api/controllers/ServiceDeployerApi.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,10 +19,8 @@
import jakarta.validation.Valid;
import java.util.Collections;
import java.util.List;
import java.util.Optional;
import java.util.UUID;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang3.StringUtils;
import org.eclipse.xpanse.modules.database.service.DeployServiceEntity;
import org.eclipse.xpanse.modules.deployment.DeployService;
import org.eclipse.xpanse.modules.deployment.DeployServiceEntityHandler;
Expand All @@ -38,7 +36,7 @@
import org.eclipse.xpanse.modules.orchestrator.OrchestratorPlugin;
import org.eclipse.xpanse.modules.orchestrator.PluginManager;
import org.eclipse.xpanse.modules.orchestrator.deployment.DeployTask;
import org.eclipse.xpanse.modules.security.IdentityProviderManager;
import org.eclipse.xpanse.modules.security.UserServiceHelper;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.security.access.AccessDeniedException;
Expand Down Expand Up @@ -69,7 +67,7 @@ public class ServiceDeployerApi {
private DeployService deployService;

@Resource
private IdentityProviderManager identityProviderManager;
private UserServiceHelper userServiceHelper;

@Resource
private ServiceDetailsViewManager serviceDetailsViewManager;
Expand Down Expand Up @@ -184,8 +182,8 @@ public UUID deploy(@Valid @RequestBody DeployRequest deployRequest) {
deployRequest.getServiceName(),
deployRequest.getVersion(), deployRequest.getCsp());

Optional<String> userIdOptional = identityProviderManager.getCurrentLoginUserId();
deployRequest.setUserId(userIdOptional.orElse(null));
String currentUserId = this.userServiceHelper.getCurrentUserId();
deployRequest.setUserId(currentUserId);
DeployTask deployTask = this.deployService.createNewDeployTask(deployRequest);
this.deployService.deployService(deployTask);
String successMsg = String.format(
Expand Down Expand Up @@ -213,8 +211,9 @@ public Response destroy(@PathVariable("id") String id) {
log.info("Stopping managed service with id {}", id);
DeployServiceEntity deployServiceEntity =
this.deployServiceEntityHandler.getDeployServiceEntity(UUID.fromString(id));
Optional<String> userIdOptional = identityProviderManager.getCurrentLoginUserId();
if (!StringUtils.equals(userIdOptional.orElse(null), deployServiceEntity.getUserId())) {
boolean currentUserIsOwner =
this.userServiceHelper.currentUserIsOwner(deployServiceEntity.getUserId());
if (!currentUserIsOwner) {
throw new AccessDeniedException(
"No permissions to destroy services belonging to other users.");
}
Expand All @@ -239,8 +238,9 @@ public Response purge(@PathVariable("id") String id) {
log.info("Purging managed service with id {}", id);
DeployServiceEntity deployServiceEntity =
this.deployServiceEntityHandler.getDeployServiceEntity(UUID.fromString(id));
Optional<String> userIdOptional = identityProviderManager.getCurrentLoginUserId();
if (!StringUtils.equals(userIdOptional.orElse(null), deployServiceEntity.getUserId())) {
boolean currentUserIsOwner = this.userServiceHelper.currentUserIsOwner(
deployServiceEntity.getUserId());
if (!currentUserIsOwner) {
throw new AccessDeniedException(
"No permissions to purge services belonging to other users.");
}
Expand Down Expand Up @@ -268,13 +268,10 @@ public List<String> getAvailabilityZones(
@Parameter(name = "regionName", description = "name of the region")
@RequestParam(name = "regionName") String regionName) {

Optional<String> userIdOptional = identityProviderManager.getCurrentLoginUserId();
if (userIdOptional.isPresent()) {
OrchestratorPlugin orchestratorPlugin = pluginManager.getOrchestratorPlugin(csp);
return orchestratorPlugin.getAvailabilityZonesOfRegion(
userIdOptional.get(), regionName);
}
return Collections.emptyList();
String currentUserId = this.userServiceHelper.getCurrentUserId();
OrchestratorPlugin orchestratorPlugin = pluginManager.getOrchestratorPlugin(csp);
return orchestratorPlugin.getAvailabilityZonesOfRegion(
currentUserId, regionName);
}

}
13 changes: 3 additions & 10 deletions modules/api/src/main/java/org/eclipse/xpanse/api/controllers/ServiceMigrationApi.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,6 @@
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.UUID;
import lombok.extern.slf4j.Slf4j;
import org.activiti.engine.runtime.ProcessInstance;
Expand All @@ -30,7 +29,7 @@
import org.eclipse.xpanse.modules.models.workflow.migrate.MigrateRequest;
import org.eclipse.xpanse.modules.models.workflow.migrate.enums.MigrationStatus;
import org.eclipse.xpanse.modules.models.workflow.migrate.view.ServiceMigrationDetails;
import org.eclipse.xpanse.modules.security.IdentityProviderManager;
import org.eclipse.xpanse.modules.security.UserServiceHelper;
import org.eclipse.xpanse.modules.workflow.utils.WorkflowUtils;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
Expand Down Expand Up @@ -61,7 +60,7 @@ public class ServiceMigrationApi {
private DeployServiceEntityHandler deployServiceEntityHandler;

@Resource
private IdentityProviderManager identityProviderManager;
private UserServiceHelper userServiceHelper;

@Resource
private WorkflowUtils workflowUtils;
Expand Down Expand Up @@ -140,13 +139,7 @@ public ServiceMigrationDetails getMigrationOrderDetailsById(
}

private String getUserId() {
Optional<String> userIdOptional = identityProviderManager.getCurrentLoginUserId();
String userId = userIdOptional.orElse(null);
if (StringUtils.isBlank(userId)) {
throw new AccessDeniedException(
"No permissions to migrate services belonging to other users.");
}
return userId;
return userServiceHelper.getCurrentUserId();
}

private Map<String, Object> getMigrateProcessVariable(MigrateRequest migrateRequest,
Expand Down
26 changes: 9 additions & 17 deletions modules/api/src/main/java/org/eclipse/xpanse/api/controllers/UserCloudCredentialsApi.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,18 +12,16 @@
import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.Parameter;
import io.swagger.v3.oas.annotations.tags.Tag;
import jakarta.annotation.Resource;
import jakarta.validation.Valid;
import java.util.List;
import java.util.Optional;
import lombok.extern.slf4j.Slf4j;
import org.eclipse.xpanse.modules.credential.CredentialCenter;
import org.eclipse.xpanse.modules.models.common.enums.Csp;
import org.eclipse.xpanse.modules.models.common.exceptions.UserNotLoggedInException;
import org.eclipse.xpanse.modules.models.credential.AbstractCredentialInfo;
import org.eclipse.xpanse.modules.models.credential.CreateCredential;
import org.eclipse.xpanse.modules.models.credential.enums.CredentialType;
import org.eclipse.xpanse.modules.security.IdentityProviderManager;
import org.springframework.beans.factory.annotation.Autowired;
import org.eclipse.xpanse.modules.security.UserServiceHelper;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.security.access.annotation.Secured;
Expand All @@ -49,15 +47,13 @@
@Secured({ROLE_ADMIN, ROLE_USER})
public class UserCloudCredentialsApi {

private final CredentialCenter credentialCenter;
private final IdentityProviderManager identityProviderManager;

@Autowired
public UserCloudCredentialsApi(CredentialCenter credentialCenter,
IdentityProviderManager identityProviderManager) {
this.credentialCenter = credentialCenter;
this.identityProviderManager = identityProviderManager;
}
@Resource
private CredentialCenter credentialCenter;

@Resource
private UserServiceHelper userServiceHelper;


/**
* Get all cloud provider credentials added by the user for a cloud service provider.
Expand Down Expand Up @@ -141,11 +137,7 @@ public void deleteUserCloudCredential(
}

private String getUserId() {
Optional<String> userIdOptional = identityProviderManager.getCurrentLoginUserId();
if (userIdOptional.isEmpty()) {
throw new UserNotLoggedInException("Unable to get current login information");
}
return userIdOptional.get();
return userServiceHelper.getCurrentUserId();
}

}
9 changes: 4 additions & 5 deletions modules/api/src/main/java/org/eclipse/xpanse/api/controllers/WorkFlowApi.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,12 +16,11 @@
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import lombok.extern.slf4j.Slf4j;
import org.eclipse.xpanse.modules.deployment.migration.consts.MigrateConstants;
import org.eclipse.xpanse.modules.models.workflow.TaskStatus;
import org.eclipse.xpanse.modules.models.workflow.WorkFlowTask;
import org.eclipse.xpanse.modules.security.IdentityProviderManager;
import org.eclipse.xpanse.modules.security.UserServiceHelper;
import org.eclipse.xpanse.modules.workflow.utils.WorkflowUtils;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
Expand Down Expand Up @@ -50,7 +49,7 @@ public class WorkFlowApi {
private WorkflowUtils workflowUtils;

@Resource
private IdentityProviderManager identityProviderManager;
private UserServiceHelper userServiceHelper;

/**
* Query tasks of the given user by status.
Expand All @@ -62,8 +61,8 @@ public class WorkFlowApi {
public List<WorkFlowTask> queryTasks(
@Parameter(name = "status", description = "the status of task")
@RequestParam(name = "status", required = false) TaskStatus status) {
Optional<String> userIdOptional = identityProviderManager.getCurrentLoginUserId();
return workflowUtils.queryAllTasks(status, userIdOptional.orElse(null));
String currentUserId = userServiceHelper.getCurrentUserId();
return workflowUtils.queryAllTasks(status, currentUserId);
}

/**
Expand Down

0 comments on commit f452f0c

Please sign in to comment.