Commit 4f69747e by 张乐 Committed by GitHub

Merge pull request #261 from nobodyiam/portal-permission-merge

Portal user role permission service
parents 14992507 d292642d
......@@ -36,7 +36,7 @@ public class CtripUserInfoHolder implements UserInfoHolder{
String name = (String) getName.invoke(principal);
UserInfo userInfo = new UserInfo();
userInfo.setUsername(name);
userInfo.setUserId(name);
return userInfo;
} catch (Exception e) {
......
......@@ -15,7 +15,7 @@ public class DefaultUserInfoHolder implements UserInfoHolder{
@Override
public UserInfo getUser() {
UserInfo userInfo = new UserInfo();
userInfo.setUsername("apollo");
userInfo.setUserId("apollo");
return userInfo;
}
}
......@@ -32,7 +32,7 @@ public class PortalServerConfigController {
throw new BadRequestException("request payload contains empty");
}
String modifiedBy = userInfoHolder.getUser().getUsername();
String modifiedBy = userInfoHolder.getUser().getUserId();
ServerConfig storedConfig = serverConfigRepository.findByKey(serverConfig.getKey());
......
package com.ctrip.framework.apollo.portal.entity.po;
import com.ctrip.framework.apollo.common.entity.BaseEntity;
import org.hibernate.annotations.SQLDelete;
import org.hibernate.annotations.Where;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.Table;
/**
* @author Jason Song(song_s@ctrip.com)
*/
@Entity
@Table(name = "Permission")
@SQLDelete(sql = "Update Permission set isDeleted = 1 where id = ?")
@Where(clause = "isDeleted = 0")
public class Permission extends BaseEntity {
@Column(name = "PermissionType", nullable = false)
private String permissionType;
@Column(name = "TargetId", nullable = false)
private String targetId;
public String getPermissionType() {
return permissionType;
}
public void setPermissionType(String permissionType) {
this.permissionType = permissionType;
}
public String getTargetId() {
return targetId;
}
public void setTargetId(String targetId) {
this.targetId = targetId;
}
}
package com.ctrip.framework.apollo.portal.entity.po;
import com.ctrip.framework.apollo.common.entity.BaseEntity;
import org.hibernate.annotations.SQLDelete;
import org.hibernate.annotations.Where;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.Table;
/**
* @author Jason Song(song_s@ctrip.com)
*/
@Entity
@Table(name = "Role")
@SQLDelete(sql = "Update Role set isDeleted = 1 where id = ?")
@Where(clause = "isDeleted = 0")
public class Role extends BaseEntity {
@Column(name = "RoleName", nullable = false)
private String roleName;
public String getRoleName() {
return roleName;
}
public void setRoleName(String roleName) {
this.roleName = roleName;
}
}
package com.ctrip.framework.apollo.portal.entity.po;
import com.ctrip.framework.apollo.common.entity.BaseEntity;
import org.hibernate.annotations.SQLDelete;
import org.hibernate.annotations.Where;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.Table;
/**
* @author Jason Song(song_s@ctrip.com)
*/
@Entity
@Table(name = "RolePermission")
@SQLDelete(sql = "Update RolePermission set isDeleted = 1 where id = ?")
@Where(clause = "isDeleted = 0")
public class RolePermission extends BaseEntity {
@Column(name = "RoleId", nullable = false)
private long roleId;
@Column(name = "PermissionId", nullable = false)
private long permissionId;
public long getRoleId() {
return roleId;
}
public void setRoleId(long roleId) {
this.roleId = roleId;
}
public long getPermissionId() {
return permissionId;
}
public void setPermissionId(long permissionId) {
this.permissionId = permissionId;
}
}
package com.ctrip.framework.apollo.portal.entity.po;
public class UserInfo {
private String username;
private String userId;
public String getUsername() {
return username;
public String getUserId() {
return userId;
}
public void setUsername(String username) {
this.username = username;
public void setUserId(String userId) {
this.userId = userId;
}
}
package com.ctrip.framework.apollo.portal.entity.po;
import com.ctrip.framework.apollo.common.entity.BaseEntity;
import org.hibernate.annotations.SQLDelete;
import org.hibernate.annotations.Where;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.Table;
/**
* @author Jason Song(song_s@ctrip.com)
*/
@Entity
@Table(name = "UserRole")
@SQLDelete(sql = "Update UserRole set isDeleted = 1 where id = ?")
@Where(clause = "isDeleted = 0")
public class UserRole extends BaseEntity {
@Column(name = "UserId", nullable = false)
private String userId;
@Column(name = "RoleId", nullable = false)
private long roleId;
public String getUserId() {
return userId;
}
public void setUserId(String userId) {
this.userId = userId;
}
public long getRoleId() {
return roleId;
}
public void setRoleId(long roleId) {
this.roleId = roleId;
}
}
package com.ctrip.framework.apollo.portal.repository;
import com.ctrip.framework.apollo.portal.entity.po.Permission;
import org.springframework.data.repository.PagingAndSortingRepository;
import java.util.Collection;
import java.util.List;
/**
* @author Jason Song(song_s@ctrip.com)
*/
public interface PermissionRepository extends PagingAndSortingRepository<Permission, Long> {
/**
* find permission by permission type and targetId
*/
Permission findTopByPermissionTypeAndTargetId(String permissionType, String targetId);
/**
* find permissions by permission types and targetId
* @param permissionTypes
* @param targetId
* @return
*/
List<Permission> findByPermissionTypeInAndTargetId(Collection<String> permissionTypes,
String targetId);
}
package com.ctrip.framework.apollo.portal.repository;
import com.ctrip.framework.apollo.portal.entity.po.RolePermission;
import org.springframework.data.repository.PagingAndSortingRepository;
import java.util.Collection;
import java.util.List;
/**
* @author Jason Song(song_s@ctrip.com)
*/
public interface RolePermissionRepository extends PagingAndSortingRepository<RolePermission, Long> {
/**
* find role permissions by role ids
*/
List<RolePermission> findByRoleIdIn(Collection<Long> roleId);
}
package com.ctrip.framework.apollo.portal.repository;
import com.ctrip.framework.apollo.portal.entity.po.Role;
import org.springframework.data.repository.PagingAndSortingRepository;
/**
* @author Jason Song(song_s@ctrip.com)
*/
public interface RoleRepository extends PagingAndSortingRepository<Role, Long> {
/**
* find role by role name
* @param roleName
* @return
*/
Role findTopByRoleName(String roleName);
}
package com.ctrip.framework.apollo.portal.repository;
import com.ctrip.framework.apollo.portal.entity.po.UserRole;
import org.springframework.data.repository.PagingAndSortingRepository;
import java.util.Collection;
import java.util.List;
import java.util.Set;
/**
* @author Jason Song(song_s@ctrip.com)
*/
public interface UserRoleRepository extends PagingAndSortingRepository<UserRole, Long> {
/**
* find user roles by userId
* @param userId
* @return
*/
List<UserRole> findByUserId(String userId);
/**
* find user roles by roleId
* @param roleId
* @return
*/
List<UserRole> findByRoleId(long roleId);
/**
* find user roles by userIds and roleId
* @param userId
* @param roleId
* @return
*/
List<UserRole> findByUserIdInAndRoleId(Collection<String> userId, long roleId);
}
......@@ -98,7 +98,7 @@ public class PortalAppService {
}
private void enrichUserInfo(AppDTO app){
String username = userInfoHolder.getUser().getUsername();
String username = userInfoHolder.getUser().getUserId();
app.setDataChangeCreatedBy(username);
app.setDataChangeLastModifiedBy(username);
}
......
......@@ -67,7 +67,7 @@ public class PortalConfigService {
}
try {
changeSets.setDataChangeLastModifiedBy(userInfoHolder.getUser().getUsername());
changeSets.setDataChangeLastModifiedBy(userInfoHolder.getUser().getUserId());
itemAPI.updateItems(appId, env, clusterName, namespaceName, changeSets);
} catch (Exception e) {
logger.error("itemAPI.updateItems error. appId{},env:{},clusterName:{},namespaceName:{}", appId, env, clusterName,
......@@ -83,7 +83,7 @@ public class PortalConfigService {
throw new BadRequestException(
"namespace:" + namespaceName + " not exist in env:" + env + ", cluster:" + clusterName);
}
String username = userInfoHolder.getUser().getUsername();
String username = userInfoHolder.getUser().getUserId();
if (StringUtils.isEmpty(item.getDataChangeCreatedBy())) {
item.setDataChangeCreatedBy(username);
}
......@@ -93,7 +93,7 @@ public class PortalConfigService {
}
public void deleteItem(Env env, long itemId) {
itemAPI.deleteItem(env, itemId, userInfoHolder.getUser().getUsername());
itemAPI.deleteItem(env, itemId, userInfoHolder.getUser().getUserId());
}
/**
......@@ -102,7 +102,7 @@ public class PortalConfigService {
public ReleaseDTO createRelease(NamespaceReleaseModel model) {
return releaseAPI.release(model.getAppId(), model.getEnv(), model.getClusterName(),
model.getNamespaceName(), model.getReleaseBy(), model.getReleaseComment()
, userInfoHolder.getUser().getUsername());
, userInfoHolder.getUser().getUserId());
}
public List<ItemDTO> findItems(String appId, Env env, String clusterName, String namespaceName) {
......@@ -114,7 +114,7 @@ public class PortalConfigService {
for (ItemDiffs itemDiff : itemDiffs) {
NamespaceIdentifer namespaceIdentifer = itemDiff.getNamespace();
ItemChangeSets changeSets = itemDiff.getDiffs();
changeSets.setDataChangeLastModifiedBy(userInfoHolder.getUser().getUsername());
changeSets.setDataChangeLastModifiedBy(userInfoHolder.getUser().getUserId());
try {
itemAPI
.updateItems(namespaceIdentifer.getAppId(), namespaceIdentifer.getEnv(),
......
......@@ -54,14 +54,14 @@ public class PortalNamespaceService {
public NamespaceDTO createNamespace(Env env, NamespaceDTO namespace) {
if (StringUtils.isEmpty(namespace.getDataChangeCreatedBy())){
namespace.setDataChangeCreatedBy(userInfoHolder.getUser().getUsername());
namespace.setDataChangeCreatedBy(userInfoHolder.getUser().getUserId());
}
namespace.setDataChangeLastModifiedBy(userInfoHolder.getUser().getUsername());
namespace.setDataChangeLastModifiedBy(userInfoHolder.getUser().getUserId());
return namespaceAPI.createNamespace(env, namespace);
}
public void createAppNamespace(AppNamespaceDTO appNamespace) {
String operator = userInfoHolder.getUser().getUsername();
String operator = userInfoHolder.getUser().getUserId();
if (StringUtils.isEmpty(appNamespace.getDataChangeCreatedBy())){
appNamespace.setDataChangeCreatedBy(operator);
}
......
package com.ctrip.framework.apollo.portal.service;
import com.google.common.base.Preconditions;
import com.google.common.collect.FluentIterable;
import com.google.common.collect.HashMultimap;
import com.google.common.collect.Multimap;
import com.google.common.collect.Sets;
import com.ctrip.framework.apollo.portal.entity.po.Permission;
import com.ctrip.framework.apollo.portal.entity.po.Role;
import com.ctrip.framework.apollo.portal.entity.po.RolePermission;
import com.ctrip.framework.apollo.portal.entity.po.UserInfo;
import com.ctrip.framework.apollo.portal.entity.po.UserRole;
import com.ctrip.framework.apollo.portal.repository.PermissionRepository;
import com.ctrip.framework.apollo.portal.repository.RolePermissionRepository;
import com.ctrip.framework.apollo.portal.repository.RoleRepository;
import com.ctrip.framework.apollo.portal.repository.UserRoleRepository;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.util.CollectionUtils;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.List;
import java.util.Set;
/**
* @author Jason Song(song_s@ctrip.com)
*/
@Service
public class RolePermissionService {
@Autowired
private RoleRepository roleRepository;
@Autowired
private RolePermissionRepository rolePermissionRepository;
@Autowired
private UserRoleRepository userRoleRepository;
@Autowired
private PermissionRepository permissionRepository;
/**
* Create role with permissions, note that role name should be unique
*/
@Transactional
public Role createRoleWithPermissions(Role role, Set<Long> permissionIds) {
Role current = roleRepository.findTopByRoleName(role.getRoleName());
Preconditions.checkState(current == null, "Role %s already exists!", role.getRoleName());
Role createdRole = roleRepository.save(role);
if (!CollectionUtils.isEmpty(permissionIds)) {
Iterable<RolePermission> rolePermissions = FluentIterable.from(permissionIds).transform(
permissionId -> {
RolePermission rolePermission = new RolePermission();
rolePermission.setRoleId(createdRole.getId());
rolePermission.setPermissionId(permissionId);
rolePermission.setDataChangeCreatedBy(createdRole.getDataChangeCreatedBy());
rolePermission.setDataChangeLastModifiedBy(createdRole.getDataChangeLastModifiedBy());
return rolePermission;
});
rolePermissionRepository.save(rolePermissions);
}
return createdRole;
}
/**
* Assign role to users
*/
@Transactional
public void assignRoleToUsers(String roleName, Set<String> userIds, String operatorUserId) {
Role role = roleRepository.findTopByRoleName(roleName);
Preconditions.checkState(role != null, "Role %s doesn't exist!", roleName);
List<UserRole> existedUserRoles =
userRoleRepository.findByUserIdInAndRoleId(userIds, role.getId());
Set<String> existedUserIds =
FluentIterable.from(existedUserRoles).transform(userRole -> userRole.getUserId()).toSet();
Set<String> toAssignUserIds = Sets.difference(userIds, existedUserIds);
Iterable<UserRole> toCreate = FluentIterable.from(toAssignUserIds).transform(userId -> {
UserRole userRole = new UserRole();
userRole.setRoleId(role.getId());
userRole.setUserId(userId);
userRole.setDataChangeCreatedBy(operatorUserId);
userRole.setDataChangeLastModifiedBy(operatorUserId);
return userRole;
});
userRoleRepository.save(toCreate);
}
/**
* Remove role from users
*/
@Transactional
public void removeRoleFromUsers(String roleName, Set<String> userIds, String operatorUserId) {
Role role = roleRepository.findTopByRoleName(roleName);
Preconditions.checkState(role != null, "Role %s doesn't exist!", roleName);
List<UserRole> existedUserRoles =
userRoleRepository.findByUserIdInAndRoleId(userIds, role.getId());
for (UserRole userRole : existedUserRoles) {
userRole.setDeleted(true);
userRole.setDataChangeLastModifiedTime(new Date());
userRole.setDataChangeLastModifiedBy(operatorUserId);
}
userRoleRepository.save(existedUserRoles);
}
/**
* Query users with role
*/
public Set<UserInfo> queryUsersWithRole(String roleName) {
Role role = roleRepository.findTopByRoleName(roleName);
if (role == null) {
return Collections.emptySet();
}
List<UserRole> userRoles = userRoleRepository.findByRoleId(role.getId());
Set<UserInfo> users = FluentIterable.from(userRoles).transform(userRole -> {
UserInfo userInfo = new UserInfo();
userInfo.setUserId(userRole.getUserId());
return userInfo;
}).toSet();
return users;
}
/**
* Check whether user has the permission
*/
public boolean userHasPermission(String userId, String permissionType, String targetId) {
Permission permission =
permissionRepository.findTopByPermissionTypeAndTargetId(permissionType, targetId);
if (permission == null) {
return false;
}
List<UserRole> userRoles = userRoleRepository.findByUserId(userId);
if (CollectionUtils.isEmpty(userRoles)) {
return false;
}
Set<Long> roleIds =
FluentIterable.from(userRoles).transform(userRole -> userRole.getRoleId()).toSet();
List<RolePermission> rolePermissions = rolePermissionRepository.findByRoleIdIn(roleIds);
if (CollectionUtils.isEmpty(rolePermissions)) {
return false;
}
for (RolePermission rolePermission : rolePermissions) {
if (rolePermission.getPermissionId() == permission.getId()) {
return true;
}
}
return false;
}
/**
* Create permission, note that permissionType + targetId should be unique
*/
@Transactional
public Permission createPermission(Permission permission) {
String permissionType = permission.getPermissionType();
String targetId = permission.getTargetId();
Permission current =
permissionRepository.findTopByPermissionTypeAndTargetId(permissionType, targetId);
Preconditions.checkState(current == null,
"Permission with permissionType %s targetId %s already exists!", permissionType, targetId);
return permissionRepository.save(permission);
}
/**
* Create permissions, note that permissionType + targetId should be unique
*/
@Transactional
public Set<Permission> createPermissions(Set<Permission> permissions) {
Multimap<String, String> targetIdPermissionTypes = HashMultimap.create();
for (Permission permission : permissions) {
targetIdPermissionTypes.put(permission.getTargetId(), permission.getPermissionType());
}
for (String targetId : targetIdPermissionTypes.keySet()) {
Collection<String> permissionTypes = targetIdPermissionTypes.get(targetId);
List<Permission> current =
permissionRepository.findByPermissionTypeInAndTargetId(permissionTypes, targetId);
Preconditions.checkState(CollectionUtils.isEmpty(current),
"Permission with permissionType %s targetId %s already exists!", permissionTypes,
targetId);
}
Iterable<Permission> results = permissionRepository.save(permissions);
return FluentIterable.from(results).toSet();
}
}
package com.ctrip.framework.apollo.portal;
import com.ctrip.framework.apollo.portal.service.RolePermissionServiceTest;
import org.junit.runner.RunWith;
import org.junit.runners.Suite;
import org.junit.runners.Suite.SuiteClasses;
......@@ -8,7 +10,7 @@ import org.junit.runners.Suite.SuiteClasses;
@RunWith(Suite.class)
@SuiteClasses({
ConfigServiceTest.class, PropertyResolverTest.class,
NamespaceServiceTest.class
NamespaceServiceTest.class, ServiceExceptionTest.class, RolePermissionServiceTest.class
})
public class AllTests {
......
......@@ -70,7 +70,7 @@ public class ConfigServiceTest {
when(resolver.resolve(0, model.getConfigText(), itemDTOs)).thenReturn(changeSets);
UserInfo userInfo = new UserInfo();
userInfo.setUsername("test");
userInfo.setUserId("test");
when(userInfoHolder.getUser()).thenReturn(userInfo);
try {
......@@ -105,7 +105,7 @@ public class ConfigServiceTest {
when(itemAPI.findItems(appId, Env.valueOf(env), clusterName, namespaceName)).thenReturn(null);
UserInfo userInfo = new UserInfo();
userInfo.setUsername("test");
userInfo.setUserId("test");
when(userInfoHolder.getUser()).thenReturn(userInfo);
List<ItemDiffs> itemDiffses = configService.compare(namespaceIdentifers, sourceItems);
......@@ -146,7 +146,7 @@ public class ConfigServiceTest {
when(itemAPI.findItems(appId, Env.valueOf(env), clusterName, namespaceName)).thenReturn(targetItems);
UserInfo userInfo = new UserInfo();
userInfo.setUsername("test");
userInfo.setUserId("test");
when(userInfoHolder.getUser()).thenReturn(userInfo);
List<ItemDiffs> itemDiffses = configService.compare(namespaceIdentifers, sourceItems);
......
......@@ -45,7 +45,7 @@ public class ServiceExceptionTest extends AbstractPortalTest {
}
private String getBaseAppUrl() {
return "http://localhost:" + port + "/apps/";
return "http://localhost:" + port + "/apps/envs/ALL";
}
@Test
......
spring.datasource.url = jdbc:h2:mem:~/apolloconfigdb;mode=mysql;DB_CLOSE_ON_EXIT=FALSE;DB_CLOSE_DELAY=-1
spring.datasource.url = jdbc:h2:mem:~/apolloportaldb;mode=mysql;DB_CLOSE_ON_EXIT=FALSE;DB_CLOSE_DELAY=-1
spring.jpa.hibernate.naming_strategy=org.hibernate.cfg.EJB3NamingStrategy
spring.jpa.properties.hibernate.show_sql=true
spring.h2.console.enabled = true
......
delete from Permission;
delete from Role;
delete from RolePermission;
delete from UserRole;
INSERT INTO `permission` (`Id`, `PermissionType`, `TargetId`) VALUES (990, 'somePermissionType', 'someTargetId');
INSERT INTO `permission` (`Id`, `PermissionType`, `TargetId`) VALUES (991, 'anotherPermissionType', 'anotherTargetId');
INSERT INTO `rolepermission` (`Id`, `RoleId`, `PermissionId`) VALUES (990, 990, 990);
INSERT INTO `rolepermission` (`Id`, `RoleId`, `PermissionId`) VALUES (991, 990, 991);
INSERT INTO `role` (`Id`, `RoleName`) VALUES (990, 'someRoleName');
INSERT INTO `role` (`Id`, `RoleName`) VALUES (991, 'anotherRoleName');
INSERT INTO `userrole` (`Id`, `UserId`, `RoleId`, `DataChange_CreatedBy`, `DataChange_LastModifiedBy`)
VALUES (990, 'someUser', 990, 'someOperator', 'someOperator');
INSERT INTO `userrole` (`Id`, `UserId`, `RoleId`, `DataChange_CreatedBy`, `DataChange_LastModifiedBy`)
VALUES (991, 'anotherUser', 990, 'someOperator', 'someOperator');
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment