forked from alibaba/nacos
-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[ISSUE alibaba#12017] Add the console backend API for auth section
* Add user handling module * Add role handling module * Add permission handling module
- Loading branch information
1 parent
0ad172f
commit 052112a
Showing
12 changed files
with
1,442 additions
and
0 deletions.
There are no files selected for viewing
110 changes: 110 additions & 0 deletions
110
...c/main/java/com/alibaba/nacos/console/controller/v3/auth/ConsolePermissionController.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,110 @@ | ||
/* | ||
* Copyright 1999-2024 Alibaba Group Holding Ltd. | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"); | ||
* you may not use this file except in compliance with the License. | ||
* You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, | ||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
* See the License for the specific language governing permissions and | ||
* limitations under the License. | ||
* | ||
*/ | ||
|
||
package com.alibaba.nacos.console.controller.v3.auth; | ||
|
||
import com.alibaba.nacos.api.model.v2.Result; | ||
import com.alibaba.nacos.auth.annotation.Secured; | ||
import com.alibaba.nacos.common.utils.StringUtils; | ||
import com.alibaba.nacos.config.server.paramcheck.ConfigDefaultHttpParamExtractor; | ||
import com.alibaba.nacos.console.proxy.auth.PermissionProxy; | ||
import com.alibaba.nacos.core.paramcheck.ExtractorManager; | ||
import com.alibaba.nacos.persistence.model.Page; | ||
import com.alibaba.nacos.plugin.auth.constant.ActionTypes; | ||
import com.alibaba.nacos.plugin.auth.impl.constant.AuthConstants; | ||
import com.alibaba.nacos.plugin.auth.impl.persistence.PermissionInfo; | ||
import org.springframework.beans.factory.annotation.Autowired; | ||
import org.springframework.web.bind.annotation.DeleteMapping; | ||
import org.springframework.web.bind.annotation.GetMapping; | ||
import org.springframework.web.bind.annotation.PostMapping; | ||
import org.springframework.web.bind.annotation.RequestMapping; | ||
import org.springframework.web.bind.annotation.RequestParam; | ||
import org.springframework.web.bind.annotation.RestController; | ||
|
||
/** | ||
* Controller for handling HTTP requests related to permission operations. | ||
* | ||
* @author zhangyukun on:2024/8/16 | ||
*/ | ||
@RestController | ||
@RequestMapping("/v3/console/auth/permission") | ||
@ExtractorManager.Extractor(httpExtractor = ConfigDefaultHttpParamExtractor.class) | ||
public class ConsolePermissionController { | ||
|
||
private final PermissionProxy permissionProxy; | ||
|
||
/** | ||
* Constructs a new ConsolePermissionController with the provided PermissionProxy. | ||
* | ||
* @param permissionProxy the proxy used for handling permission-related operations | ||
*/ | ||
@Autowired | ||
public ConsolePermissionController(PermissionProxy permissionProxy) { | ||
this.permissionProxy = permissionProxy; | ||
} | ||
|
||
/** | ||
* Add a permission to a role. | ||
* | ||
* @param role the role | ||
* @param resource the related resource | ||
* @param action the related action | ||
* @return ok if succeed | ||
*/ | ||
@PostMapping | ||
@Secured(resource = AuthConstants.CONSOLE_RESOURCE_NAME_PREFIX + "permissions", action = ActionTypes.WRITE) | ||
public Object createPermission(@RequestParam String role, @RequestParam String resource, @RequestParam String action) { | ||
permissionProxy.createPermission(role, resource, action); | ||
return Result.success("add permission ok!"); | ||
} | ||
|
||
|
||
/** | ||
* Delete a permission from a role. | ||
* | ||
* @param role the role | ||
* @param resource the related resource | ||
* @param action the related action | ||
* @return ok if succeed | ||
*/ | ||
@DeleteMapping | ||
@Secured(resource = AuthConstants.CONSOLE_RESOURCE_NAME_PREFIX + "permissions", action = ActionTypes.WRITE) | ||
public Object deletePermission(@RequestParam String role, @RequestParam String resource, | ||
@RequestParam String action) { | ||
permissionProxy.deletePermission(role, resource, action); | ||
return Result.success("delete permission ok!"); | ||
} | ||
|
||
/** | ||
* Query permissions of a role. | ||
* | ||
* @param role the role | ||
* @param pageNo page index | ||
* @param pageSize page size | ||
* @param search the type of search (accurate or blur) | ||
* @return permission of a role | ||
*/ | ||
@GetMapping("/list") | ||
@Secured(resource = AuthConstants.CONSOLE_RESOURCE_NAME_PREFIX + "permissions", action = ActionTypes.READ) | ||
public Result<Page<PermissionInfo>> getPermissionList(@RequestParam int pageNo, @RequestParam int pageSize, | ||
@RequestParam(name = "role", defaultValue = StringUtils.EMPTY) String role, | ||
@RequestParam(name = "search", defaultValue = "accurate") String search) { | ||
Page<PermissionInfo> permissionPage = permissionProxy.getPermissionList(role, pageNo, pageSize, search); | ||
return Result.success(permissionPage); | ||
} | ||
|
||
} |
118 changes: 118 additions & 0 deletions
118
...ole/src/main/java/com/alibaba/nacos/console/controller/v3/auth/ConsoleRoleController.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,118 @@ | ||
/* | ||
* Copyright 1999-2024 Alibaba Group Holding Ltd. | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"); | ||
* you may not use this file except in compliance with the License. | ||
* You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, | ||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
* See the License for the specific language governing permissions and | ||
* limitations under the License. | ||
* | ||
*/ | ||
|
||
package com.alibaba.nacos.console.controller.v3.auth; | ||
|
||
import com.alibaba.nacos.api.model.v2.Result; | ||
import com.alibaba.nacos.auth.annotation.Secured; | ||
import com.alibaba.nacos.common.utils.StringUtils; | ||
import com.alibaba.nacos.config.server.paramcheck.ConfigDefaultHttpParamExtractor; | ||
import com.alibaba.nacos.console.proxy.auth.RoleProxy; | ||
import com.alibaba.nacos.core.paramcheck.ExtractorManager; | ||
import com.alibaba.nacos.persistence.model.Page; | ||
import com.alibaba.nacos.plugin.auth.constant.ActionTypes; | ||
import com.alibaba.nacos.plugin.auth.impl.constant.AuthConstants; | ||
import com.alibaba.nacos.plugin.auth.impl.persistence.RoleInfo; | ||
import org.springframework.web.bind.annotation.DeleteMapping; | ||
import org.springframework.web.bind.annotation.GetMapping; | ||
import org.springframework.web.bind.annotation.PostMapping; | ||
import org.springframework.web.bind.annotation.RequestMapping; | ||
import org.springframework.web.bind.annotation.RequestParam; | ||
import org.springframework.web.bind.annotation.RestController; | ||
|
||
import java.util.List; | ||
|
||
/** | ||
* . | ||
* | ||
* @author zhangyukun on:2024/8/16 | ||
*/ | ||
@RestController | ||
@RequestMapping("/v3/console/auth/role") | ||
@ExtractorManager.Extractor(httpExtractor = ConfigDefaultHttpParamExtractor.class) | ||
public class ConsoleRoleController { | ||
|
||
private final RoleProxy roleProxy; | ||
|
||
public ConsoleRoleController(RoleProxy roleProxy) { | ||
this.roleProxy = roleProxy; | ||
} | ||
|
||
/** | ||
* Add a role to a user | ||
* | ||
* <p>This method is used for 2 functions: 1. create a role and bind it to GLOBAL_ADMIN. 2. bind a role to an user. | ||
* | ||
* @param role role name | ||
* @param username username | ||
* @return Code 200 and message 'add role ok!' | ||
*/ | ||
@PostMapping | ||
@Secured(resource = AuthConstants.CONSOLE_RESOURCE_NAME_PREFIX + "roles", action = ActionTypes.WRITE) | ||
public Object createRole(@RequestParam String role, @RequestParam String username) { | ||
roleProxy.createRole(role, username); | ||
return Result.success("add role ok!"); | ||
} | ||
|
||
/** | ||
* Delete a role. If no username is specified, all users under this role are deleted. | ||
* | ||
* @param role role | ||
* @param username username | ||
* @return ok if succeed | ||
*/ | ||
@DeleteMapping | ||
@Secured(resource = AuthConstants.CONSOLE_RESOURCE_NAME_PREFIX + "roles", action = ActionTypes.WRITE) | ||
public Object deleteRole(@RequestParam String role, | ||
@RequestParam(name = "username", defaultValue = StringUtils.EMPTY) String username) { | ||
roleProxy.deleteRole(role, username); | ||
return Result.success("delete role of user " + username + " ok!"); | ||
} | ||
|
||
/** | ||
* Get roles list with the option for accurate or fuzzy search. | ||
* | ||
* @param pageNo number index of page | ||
* @param pageSize page size | ||
* @param username optional, username of user | ||
* @param role optional role | ||
* @param search the type of search: "accurate" for exact match, "blur" for fuzzy match | ||
* @return role list | ||
*/ | ||
@GetMapping("/list") | ||
@Secured(resource = AuthConstants.CONSOLE_RESOURCE_NAME_PREFIX + "roles", action = ActionTypes.READ) | ||
public Result<Page<RoleInfo>> getRoleList(@RequestParam int pageNo, @RequestParam int pageSize, | ||
@RequestParam(name = "username", defaultValue = "") String username, | ||
@RequestParam(name = "role", defaultValue = "") String role, | ||
@RequestParam(name = "search", required = false, defaultValue = "accurate") String search) { | ||
Page<RoleInfo> rolePage = roleProxy.getRoleList(pageNo, pageSize, username, role, search); | ||
return Result.success(rolePage); | ||
} | ||
|
||
/** | ||
* Fuzzy matching role name . | ||
* | ||
* @param role role id | ||
* @return role list | ||
*/ | ||
@GetMapping("/search") | ||
@Secured(resource = AuthConstants.CONSOLE_RESOURCE_NAME_PREFIX + "roles", action = ActionTypes.READ) | ||
public Result<List<String>> getRoleListByRoleName(@RequestParam String role) { | ||
List<String> roles = roleProxy.getRoleListByRoleName(role); | ||
return Result.success(roles); | ||
} | ||
} |
Oops, something went wrong.