creating and viewing grants
This commit is contained in:
@ -0,0 +1,64 @@
|
||||
package net.hostsharing.hsadminng.rbac.rbacgrant;
|
||||
|
||||
import net.hostsharing.hsadminng.context.Context;
|
||||
import net.hostsharing.hsadminng.generated.api.v1.api.RbacgrantsApi;
|
||||
import net.hostsharing.hsadminng.generated.api.v1.api.RbacrolesApi;
|
||||
import net.hostsharing.hsadminng.generated.api.v1.model.RbacGrantResource;
|
||||
import net.hostsharing.hsadminng.generated.api.v1.model.RbacRoleResource;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.http.ResponseEntity;
|
||||
import org.springframework.web.bind.annotation.RestController;
|
||||
import org.springframework.web.servlet.mvc.method.annotation.MvcUriComponentsBuilder;
|
||||
|
||||
import javax.transaction.Transactional;
|
||||
import java.util.List;
|
||||
|
||||
import static net.hostsharing.hsadminng.Mapper.map;
|
||||
import static net.hostsharing.hsadminng.Mapper.mapList;
|
||||
|
||||
@RestController
|
||||
|
||||
public class RbacGrantController implements RbacgrantsApi {
|
||||
|
||||
@Autowired
|
||||
private Context context;
|
||||
|
||||
@Autowired
|
||||
private RbacGrantRepository rbacGrantRepository;
|
||||
|
||||
@Override
|
||||
@Transactional
|
||||
public ResponseEntity<List<RbacGrantResource>> listUserGrants(
|
||||
final String currentUser,
|
||||
final String assumedRoles) {
|
||||
|
||||
context.setCurrentUser(currentUser);
|
||||
if (assumedRoles != null && !assumedRoles.isBlank()) {
|
||||
context.assumeRoles(assumedRoles);
|
||||
}
|
||||
return ResponseEntity.ok(mapList(rbacGrantRepository.findAll(), RbacGrantResource.class));
|
||||
}
|
||||
|
||||
@Override
|
||||
@Transactional
|
||||
public ResponseEntity<Void> grantRoleToUser(
|
||||
final String currentUser,
|
||||
final String assumedRoles,
|
||||
final RbacGrantResource body) {
|
||||
|
||||
context.setCurrentUser(currentUser);
|
||||
if (assumedRoles != null && !assumedRoles.isBlank()) {
|
||||
context.assumeRoles(assumedRoles);
|
||||
}
|
||||
|
||||
rbacGrantRepository.save(map(body, RbacGrantEntity.class));
|
||||
|
||||
final var uri =
|
||||
MvcUriComponentsBuilder.fromController(getClass())
|
||||
.path("/api/rbac-grants/{roleUuid}")
|
||||
.buildAndExpand(body.getRoleUuid())
|
||||
.toUri();
|
||||
return ResponseEntity.created(uri).build();
|
||||
}
|
||||
|
||||
}
|
@ -0,0 +1,60 @@
|
||||
package net.hostsharing.hsadminng.rbac.rbacgrant;
|
||||
|
||||
import lombok.*;
|
||||
import net.hostsharing.hsadminng.rbac.rbacrole.RbacRoleType;
|
||||
import org.springframework.data.annotation.Immutable;
|
||||
|
||||
import javax.persistence.*;
|
||||
import java.util.UUID;
|
||||
|
||||
@Entity
|
||||
@Table(name = "rbacgrants_rv")
|
||||
@IdClass(RbacGrantId.class)
|
||||
@Getter
|
||||
@Setter
|
||||
@Builder
|
||||
@ToString
|
||||
@Immutable
|
||||
@NoArgsConstructor
|
||||
@AllArgsConstructor
|
||||
public class RbacGrantEntity {
|
||||
|
||||
@Column(name = "username", updatable = false, insertable = false)
|
||||
private String userName;
|
||||
|
||||
@Column(name = "roleidname", updatable = false, insertable = false)
|
||||
private String roleIdName;
|
||||
|
||||
private boolean managed;
|
||||
private boolean assumed;
|
||||
private boolean empowered;
|
||||
|
||||
@Id
|
||||
@Column(name = "useruuid")
|
||||
private UUID userUuid;
|
||||
|
||||
@Id
|
||||
@Column(name = "roleuuid")
|
||||
private UUID roleUuid;
|
||||
|
||||
@Column(name = "objecttable", updatable = false, insertable = false)
|
||||
private String objectTable;
|
||||
|
||||
@Column(name = "objectuuid", updatable = false, insertable = false)
|
||||
private UUID objectUuid;
|
||||
|
||||
@Column(name = "objectidname", updatable = false, insertable = false)
|
||||
private String objectIdName;
|
||||
|
||||
@Column(name = "roletype", updatable = false, insertable = false)
|
||||
@Enumerated(EnumType.STRING)
|
||||
private RbacRoleType roleType;
|
||||
|
||||
public String toDisplay() {
|
||||
return "grant( " + userName + " -> " + roleIdName + ": " +
|
||||
(managed ? "managed " : "") +
|
||||
(assumed ? "assumed " : "") +
|
||||
(empowered ? "empowered " : "") +
|
||||
")";
|
||||
}
|
||||
}
|
@ -0,0 +1,17 @@
|
||||
package net.hostsharing.hsadminng.rbac.rbacgrant;
|
||||
|
||||
import lombok.EqualsAndHashCode;
|
||||
import lombok.Getter;
|
||||
import lombok.NoArgsConstructor;
|
||||
|
||||
import java.io.Serializable;
|
||||
import java.util.UUID;
|
||||
|
||||
@Getter
|
||||
@EqualsAndHashCode
|
||||
@NoArgsConstructor
|
||||
public class RbacGrantId implements Serializable {
|
||||
|
||||
private UUID userUuid;
|
||||
private UUID roleUuid;
|
||||
}
|
@ -0,0 +1,13 @@
|
||||
package net.hostsharing.hsadminng.rbac.rbacgrant;
|
||||
|
||||
import org.springframework.data.repository.Repository;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
public interface RbacGrantRepository extends Repository<RbacGrantEntity, RbacGrantId> {
|
||||
|
||||
List<RbacGrantEntity> findAll();
|
||||
|
||||
void save(final RbacGrantEntity grant);
|
||||
|
||||
}
|
@ -24,11 +24,15 @@ public class RbacRoleController implements RbacrolesApi {
|
||||
|
||||
@Override
|
||||
@Transactional
|
||||
public ResponseEntity<List<RbacRoleResource>> listRoles(final String currentUser, final String assumedRoles) {
|
||||
public ResponseEntity<List<RbacRoleResource>> listRoles(
|
||||
final String currentUser,
|
||||
final String assumedRoles) {
|
||||
|
||||
context.setCurrentUser(currentUser);
|
||||
if (assumedRoles != null && !assumedRoles.isBlank()) {
|
||||
context.assumeRoles(assumedRoles);
|
||||
}
|
||||
return ResponseEntity.ok(mapList(rbacRoleRepository.findAll(), RbacRoleResource.class));
|
||||
}
|
||||
|
||||
}
|
||||
|
@ -17,6 +17,9 @@ public interface RbacUserRepository extends Repository<RbacUserEntity, UUID> {
|
||||
""")
|
||||
List<RbacUserEntity> findByOptionalNameLike(String userName);
|
||||
|
||||
@Query(value = "select uuid from rbacuser where name=:userName", nativeQuery = true)
|
||||
UUID findUuidByName(String userName);
|
||||
|
||||
RbacUserEntity findByUuid(UUID uuid);
|
||||
|
||||
@Query(value = "select * from grantedPermissions(:userName)", nativeQuery = true)
|
||||
|
Reference in New Issue
Block a user