implements rbac-grants get-by-id

2022-08-19 17:39:41 +02:00
parent a66ed8e59f
commit 5ea8069608
14 changed files with 292 additions and 78 deletions
--- a/src/main/resources/api-definition.yaml
+++ b/src/main/resources/api-definition.yaml
@ -13,8 +13,11 @@ paths:
    /api/rbac-users:
        $ref: "./api-definition/rbac-users.yaml"

-    /api/rbac-users/{userName}/permissions:
-        $ref: "./api-definition/rbac-users-permissions.yaml"
+    /api/rbac-users/{userUuid}:
+        $ref: "./api-definition/rbac-users-with-id.yaml"
+
+    /api/rbac-users/{userUuid}/permissions:
+        $ref: "./api-definition/rbac-users-with-id-permissions.yaml"

    /api/rbac-roles:
        $ref: "./api-definition/rbac-roles.yaml"
@ -23,7 +26,7 @@ paths:
        $ref: "./api-definition/rbac-grants.yaml"

    /api/rbac-grants/{grantedRoleUuid}/{granteeUserUuid}:
-        $ref: "./api-definition/rbac-grants-id.yaml"
+        $ref: "./api-definition/rbac-grants-with-id.yaml"

    # HS

--- a/src/main/resources/api-definition/rbac-grant-schemas.yaml
+++ b/src/main/resources/api-definition/rbac-grant-schemas.yaml
@ -6,11 +6,20 @@ components:
        RbacGrant:
            type: object
            properties:
+                grantedByRoleIdName:
+                    type: string
+                grantedByRoleUuid:
+                    type: string
+                    format: uuid
                assumed:
                    type: boolean
+                grantedRoleIdName:
+                    type: string
                grantedRoleUuid:
                    type: string
                    format: uuid
+                granteeUserName:
+                    type: string
                granteeUserUuid:
                    type: string
                    format: uuid
--- a/src/main/resources/api-definition/rbac-grants-id.yaml
+++ b/src/main/resources/api-definition/rbac-grants-id.yaml
@ -1,30 +0,0 @@
-delete:
-    tags:
-        - rbacgrants
-    operationId: revokeRoleFromUser
-    parameters:
-        - $ref: './api-definition/auth.yaml#/components/parameters/currentUser'
-        - $ref: './api-definition/auth.yaml#/components/parameters/assumedRoles'
-        - name: grantedRoleUuid
-          in: path
-          required: true
-          schema:
-              type: string
-              format: uuid
-          description: UUID of the granted role.
-        - name: granteeUserUuid
-          in: path
-          required: true
-          schema:
-              type: string
-              format: uuid
-          description: UUID of the user to whom the role was granted.
-    responses:
-        "204":
-            description: No Content
-        "401":
-            $ref: './api-definition/error-responses.yaml#/components/responses/Unauthorized'
-        "403":
-            $ref: './api-definition/error-responses.yaml#/components/responses/Forbidden'
-        "404":
-            $ref: './api-definition/error-responses.yaml#/components/responses/NotFound'
--- a/src/main/resources/api-definition/rbac-grants-with-id.yaml
+++ b/src/main/resources/api-definition/rbac-grants-with-id.yaml
@ -0,0 +1,65 @@
+get:
+  tags:
+    - rbacgrants
+  operationId: getGrantById
+  parameters:
+    - $ref: './api-definition/auth.yaml#/components/parameters/currentUser'
+    - $ref: './api-definition/auth.yaml#/components/parameters/assumedRoles'
+    - name: grantedRoleUuid
+      in: path
+      required: true
+      schema:
+        type: string
+        format: uuid
+      description: UUID of the granted role.
+    - name: granteeUserUuid
+      in: path
+      required: true
+      schema:
+        type: string
+        format: uuid
+      description: UUID of the user to whom the role was granted.
+  responses:
+    "200":
+      description: OK
+      content:
+        'application/json':
+            schema:
+              $ref: './api-definition/rbac-grant-schemas.yaml#/components/schemas/RbacGrant'
+    "401":
+      $ref: './api-definition/error-responses.yaml#/components/responses/Unauthorized'
+    "403":
+      $ref: './api-definition/error-responses.yaml#/components/responses/Forbidden'
+    "404":
+      $ref: './api-definition/error-responses.yaml#/components/responses/NotFound'
+
+delete:
+    tags:
+        - rbacgrants
+    operationId: revokeRoleFromUser
+    parameters:
+        - $ref: './api-definition/auth.yaml#/components/parameters/currentUser'
+        - $ref: './api-definition/auth.yaml#/components/parameters/assumedRoles'
+        - name: grantedRoleUuid
+          in: path
+          required: true
+          schema:
+              type: string
+              format: uuid
+          description: UUID of the granted role.
+        - name: granteeUserUuid
+          in: path
+          required: true
+          schema:
+              type: string
+              format: uuid
+          description: UUID of the user to whom the role was granted.
+    responses:
+        "204":
+            description: No Content
+        "401":
+            $ref: './api-definition/error-responses.yaml#/components/responses/Unauthorized'
+        "403":
+            $ref: './api-definition/error-responses.yaml#/components/responses/Forbidden'
+        "404":
+            $ref: './api-definition/error-responses.yaml#/components/responses/NotFound'
--- a/src/main/resources/api-definition/rbac-grants.yaml
+++ b/src/main/resources/api-definition/rbac-grants.yaml
@ -13,7 +13,7 @@ get:
                    schema:
                        type: array
                        items:
-                            $ref: './api-definition/rbac-grant-schemas.yaml#/components/schemas/RbacGrant'
+                            $ref: './rbac-grant-schemas.yaml#/components/schemas/RbacGrant'

 post:
    tags:
--- a/src/main/resources/api-definition/rbac-users-with-id-permissions.yaml
+++ b/src/main/resources/api-definition/rbac-users-with-id-permissions.yaml
--- a/src/main/resources/api-definition/rbac-users-with-id.yaml
+++ b/src/main/resources/api-definition/rbac-users-with-id.yaml
@ -0,0 +1,27 @@
+get:
+    tags:
+        - rbacusers
+    description: 'Fetch a single user by its id, if visible for the current subject.'
+    operationId: getUserById
+    parameters:
+        - $ref: './api-definition/auth.yaml#/components/parameters/currentUser'
+        - $ref: './api-definition/auth.yaml#/components/parameters/assumedRoles'
+        - name: userName
+          in: path
+          required: true
+          schema:
+              type: string
+    responses:
+        "200":
+            description: OK
+            content:
+                'application/json':
+                    schema:
+                        type: array
+                        items:
+                            $ref: './api-definition/rbac-user-schemas.yaml#/components/schemas/RbacUserPermission'
+
+        "401":
+            $ref: './api-definition/error-responses.yaml#/components/responses/Unauthorized'
+        "403":
+            $ref: './api-definition/error-responses.yaml#/components/responses/Forbidden'