implements rbac-grants get-by-id
This commit is contained in:
@ -25,11 +25,32 @@ public class RbacGrantController implements RbacgrantsApi {
|
||||
@Autowired
|
||||
private RbacGrantRepository rbacGrantRepository;
|
||||
|
||||
@Override
|
||||
@Transactional(readOnly = true)
|
||||
public ResponseEntity<RbacGrantResource> getGrantById(
|
||||
final String currentUser,
|
||||
final String assumedRoles,
|
||||
final UUID grantedRoleUuid,
|
||||
final UUID granteeUserUuid) {
|
||||
|
||||
context.setCurrentUser(currentUser);
|
||||
if (assumedRoles != null && !assumedRoles.isBlank()) {
|
||||
context.assumeRoles(assumedRoles);
|
||||
}
|
||||
|
||||
final var id = new RbacGrantId(granteeUserUuid, grantedRoleUuid);
|
||||
final var result = rbacGrantRepository.findById(id);
|
||||
if (result == null) {
|
||||
return ResponseEntity.notFound().build();
|
||||
}
|
||||
return ResponseEntity.ok(map(result, RbacGrantResource.class));
|
||||
}
|
||||
|
||||
@Override
|
||||
@Transactional(readOnly = true)
|
||||
public ResponseEntity<List<RbacGrantResource>> listUserGrants(
|
||||
final String currentUser,
|
||||
final String assumedRoles) {
|
||||
final String currentUser,
|
||||
final String assumedRoles) {
|
||||
|
||||
context.setCurrentUser(currentUser);
|
||||
if (assumedRoles != null && !assumedRoles.isBlank()) {
|
||||
@ -41,9 +62,9 @@ public class RbacGrantController implements RbacgrantsApi {
|
||||
@Override
|
||||
@Transactional
|
||||
public ResponseEntity<Void> grantRoleToUser(
|
||||
final String currentUser,
|
||||
final String assumedRoles,
|
||||
final RbacGrantResource body) {
|
||||
final String currentUser,
|
||||
final String assumedRoles,
|
||||
final RbacGrantResource body) {
|
||||
|
||||
context.setCurrentUser(currentUser);
|
||||
if (assumedRoles != null && !assumedRoles.isBlank()) {
|
||||
@ -53,20 +74,20 @@ public class RbacGrantController implements RbacgrantsApi {
|
||||
rbacGrantRepository.save(map(body, RbacGrantEntity.class));
|
||||
|
||||
final var uri =
|
||||
MvcUriComponentsBuilder.fromController(getClass())
|
||||
.path("/api/rbac-grants/{roleUuid}")
|
||||
.buildAndExpand(body.getGrantedRoleUuid())
|
||||
.toUri();
|
||||
MvcUriComponentsBuilder.fromController(getClass())
|
||||
.path("/api/rbac-grants/{roleUuid}")
|
||||
.buildAndExpand(body.getGrantedRoleUuid())
|
||||
.toUri();
|
||||
return ResponseEntity.created(uri).build();
|
||||
}
|
||||
|
||||
@Override
|
||||
@Transactional
|
||||
public ResponseEntity<Void> revokeRoleFromUser(
|
||||
final String currentUser,
|
||||
final String assumedRoles,
|
||||
final UUID grantedRoleUuid,
|
||||
final UUID granteeUserUuid) {
|
||||
final String currentUser,
|
||||
final String assumedRoles,
|
||||
final UUID grantedRoleUuid,
|
||||
final UUID granteeUserUuid) {
|
||||
|
||||
context.setCurrentUser(currentUser);
|
||||
if (assumedRoles != null && !assumedRoles.isBlank()) {
|
||||
|
@ -18,6 +18,7 @@ import java.util.UUID;
|
||||
@NoArgsConstructor
|
||||
@AllArgsConstructor
|
||||
public class RbacGrantEntity {
|
||||
|
||||
@Column(name = "grantedbyroleidname", updatable = false, insertable = false)
|
||||
private String grantedByRoleIdName;
|
||||
|
||||
@ -59,6 +60,6 @@ public class RbacGrantEntity {
|
||||
|
||||
public String toDisplay() {
|
||||
return "{ grant " + (assumed ? "assumed " : "") +
|
||||
"role " + grantedRoleIdName + " to user " + granteeUserName + " by role " + grantedByRoleIdName + " }";
|
||||
"role " + grantedRoleIdName + " to user " + granteeUserName + " by role " + grantedByRoleIdName + " }";
|
||||
}
|
||||
}
|
||||
|
@ -8,15 +8,22 @@ import java.util.List;
|
||||
|
||||
public interface RbacGrantRepository extends Repository<RbacGrantEntity, RbacGrantId> {
|
||||
|
||||
@Query(value = """
|
||||
select g from RbacGrantEntity as g
|
||||
where g.grantedRoleUuid=:#{#rbacGrantId.grantedRoleUuid}
|
||||
and g.granteeUserUuid=:#{#rbacGrantId.granteeUserUuid}
|
||||
""")
|
||||
RbacGrantEntity findById(RbacGrantId rbacGrantId);
|
||||
|
||||
List<RbacGrantEntity> findAll();
|
||||
|
||||
void save(final RbacGrantEntity grant);
|
||||
|
||||
@Modifying
|
||||
@Query(value = """
|
||||
delete from RbacGrantEntity as g
|
||||
where g.grantedRoleUuid=:#{#rbacGrantId.grantedRoleUuid}
|
||||
and g.granteeUserUuid=:#{#rbacGrantId.granteeUserUuid}
|
||||
""")
|
||||
delete from RbacGrantEntity as g
|
||||
where g.grantedRoleUuid=:#{#rbacGrantId.grantedRoleUuid}
|
||||
and g.granteeUserUuid=:#{#rbacGrantId.granteeUserUuid}
|
||||
""")
|
||||
void deleteByRbacGrantId(RbacGrantId rbacGrantId);
|
||||
}
|
||||
|
@ -32,7 +32,7 @@ public class RbacUserController implements RbacusersApi {
|
||||
@Override
|
||||
@Transactional
|
||||
public ResponseEntity<RbacUserResource> createUser(
|
||||
@RequestBody final RbacUserResource body
|
||||
@RequestBody final RbacUserResource body
|
||||
) {
|
||||
if (body.getUuid() == null) {
|
||||
body.setUuid(UUID.randomUUID());
|
||||
@ -40,19 +40,27 @@ public class RbacUserController implements RbacusersApi {
|
||||
final var saved = map(body, RbacUserEntity.class);
|
||||
rbacUserRepository.create(saved);
|
||||
final var uri =
|
||||
MvcUriComponentsBuilder.fromController(getClass())
|
||||
.path("/api/rbac-users/{id}")
|
||||
.buildAndExpand(saved.getUuid())
|
||||
.toUri();
|
||||
MvcUriComponentsBuilder.fromController(getClass())
|
||||
.path("/api/rbac-users/{id}")
|
||||
.buildAndExpand(saved.getUuid())
|
||||
.toUri();
|
||||
return ResponseEntity.created(uri).body(map(saved, RbacUserResource.class));
|
||||
}
|
||||
|
||||
@Override
|
||||
@Transactional(readOnly=true)
|
||||
public ResponseEntity<List<RbacUserPermissionResource>> getUserById(
|
||||
final String currentUser,
|
||||
final String assumedRoles,
|
||||
final String userName) {
|
||||
return null;
|
||||
}
|
||||
|
||||
@Override
|
||||
@Transactional(readOnly = true)
|
||||
public ResponseEntity<List<RbacUserResource>> listUsers(
|
||||
@RequestHeader(name = "current-user") final String currentUserName,
|
||||
@RequestHeader(name = "assumed-roles", required = false) final String assumedRoles,
|
||||
@RequestParam(name = "name", required = false) final String userName
|
||||
@RequestHeader(name = "current-user") final String currentUserName,
|
||||
@RequestHeader(name = "assumed-roles", required = false) final String assumedRoles,
|
||||
@RequestParam(name = "name", required = false) final String userName
|
||||
) {
|
||||
context.setCurrentUser(currentUserName);
|
||||
if (assumedRoles != null && !assumedRoles.isBlank()) {
|
||||
@ -62,11 +70,11 @@ public class RbacUserController implements RbacusersApi {
|
||||
}
|
||||
|
||||
@Override
|
||||
@Transactional(readOnly=true)
|
||||
@Transactional(readOnly = true)
|
||||
public ResponseEntity<List<RbacUserPermissionResource>> listUserPermissions(
|
||||
@RequestHeader(name = "current-user") final String currentUserName,
|
||||
@RequestHeader(name = "assumed-roles", required = false) final String assumedRoles,
|
||||
@PathVariable(name = "userName") final String userName
|
||||
@RequestHeader(name = "current-user") final String currentUserName,
|
||||
@RequestHeader(name = "assumed-roles", required = false) final String assumedRoles,
|
||||
@PathVariable(name = "userName") final String userName
|
||||
) {
|
||||
context.setCurrentUser(currentUserName);
|
||||
if (assumedRoles != null && !assumedRoles.isBlank()) {
|
||||
|
@ -3,7 +3,6 @@ package net.hostsharing.hsadminng.rbac.rbacuser;
|
||||
import org.springframework.data.jpa.repository.Modifying;
|
||||
import org.springframework.data.jpa.repository.Query;
|
||||
import org.springframework.data.repository.Repository;
|
||||
import org.springframework.data.repository.query.Param;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.UUID;
|
||||
@ -11,14 +10,15 @@ import java.util.UUID;
|
||||
public interface RbacUserRepository extends Repository<RbacUserEntity, UUID> {
|
||||
|
||||
@Query("""
|
||||
select u from RbacUserEntity u
|
||||
where :userName is null or u.name like concat(:userName, '%')
|
||||
order by u.name
|
||||
""")
|
||||
select u from RbacUserEntity u
|
||||
where :userName is null or u.name like concat(:userName, '%')
|
||||
order by u.name
|
||||
""")
|
||||
List<RbacUserEntity> findByOptionalNameLike(String userName);
|
||||
|
||||
@Query(value = "select uuid from rbacuser where name=:userName", nativeQuery = true)
|
||||
UUID findUuidByName(String userName);
|
||||
// bypasses the restricted view, to be able to grant rights to arbitrary user
|
||||
@Query(value = "select * from rbacuser where name=:userName", nativeQuery = true)
|
||||
RbacUserEntity findByName(String userName);
|
||||
|
||||
RbacUserEntity findByUuid(UUID uuid);
|
||||
|
||||
@ -32,7 +32,7 @@ public interface RbacUserRepository extends Repository<RbacUserEntity, UUID> {
|
||||
*/
|
||||
@Modifying
|
||||
@Query(value = "insert into RBacUser_RV (uuid, name) values( :#{#newUser.uuid}, :#{#newUser.name})", nativeQuery = true)
|
||||
void insert(@Param("newUser") final RbacUserEntity newUser);
|
||||
void insert(final RbacUserEntity newUser);
|
||||
|
||||
default RbacUserEntity create(final RbacUserEntity rbacUserEntity) {
|
||||
if (rbacUserEntity.getUuid() == null) {
|
||||
|
Reference in New Issue
Block a user