hostsharing/hs.hsadmin.ng
1
0
Fork 0
Code Activity

implements REST API DELETE to /api/rbac-grants/{grantedRoleUuid}/{granteeUserUuid}:

Browse Source
This commit is contained in:
Michael Hoennig
2022-08-17 17:34:10 +02:00
parent 787400c089
commit 8a62d9802e
9 changed files with 150 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantController.java
View File

@ -60,4 +60,22 @@ public class RbacGrantController implements RbacgrantsApi {
return ResponseEntity.created(uri).build();
}
@Override
@Transactional
public ResponseEntity<Void> revokeRoleFromUser(
final String currentUser,
final String assumedRoles,
final UUID grantedRoleUuid,
final UUID granteeUserUuid) {
context.setCurrentUser(currentUser);
if (assumedRoles != null && !assumedRoles.isBlank()) {
context.assumeRoles(assumedRoles);
}
rbacGrantRepository.deleteByRbacGrantId(new RbacGrantId(granteeUserUuid, grantedRoleUuid));
return ResponseEntity.noContent().build();
}
}

4
src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantEntity.java
View File

@ -53,6 +53,10 @@ public class RbacGrantEntity {
@Enumerated(EnumType.STRING)
private RbacRoleType grantedRoleType;
RbacGrantId getRbacGrantId() {
return new RbacGrantId(granteeUserUuid, grantedRoleUuid);
}
public String toDisplay() {
return "{ grant " + (assumed ? "assumed " : "") +
"role " + grantedRoleIdName + " to user " + granteeUserName + " by role " + grantedByRoleIdName + " }";

2
src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantId.java
View File

@ -1,5 +1,6 @@
package net.hostsharing.hsadminng.rbac.rbacgrant;
import lombok.AllArgsConstructor;
import lombok.EqualsAndHashCode;
import lombok.Getter;
import lombok.NoArgsConstructor;
@ -10,6 +11,7 @@ import java.util.UUID;
@Getter
@EqualsAndHashCode
@NoArgsConstructor
@AllArgsConstructor
public class RbacGrantId implements Serializable {
private UUID granteeUserUuid;

10
src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantRepository.java
View File

@ -1,5 +1,7 @@
package net.hostsharing.hsadminng.rbac.rbacgrant;
import org.springframework.data.jpa.repository.Modifying;
import org.springframework.data.jpa.repository.Query;
import org.springframework.data.repository.Repository;
import java.util.List;
@ -10,5 +12,11 @@ public interface RbacGrantRepository extends Repository<RbacGrantEntity, RbacGra
void save(final RbacGrantEntity grant);
void delete(final RbacGrantEntity grant);
@Modifying
@Query(value = """
delete from RbacGrantEntity as g
where g.grantedRoleUuid=:#{#rbacGrantId.grantedRoleUuid}
and g.granteeUserUuid=:#{#rbacGrantId.granteeUserUuid}
""")
void deleteByRbacGrantId(RbacGrantId rbacGrantId);
}

3
src/main/resources/api-definition.yaml
View File

@ -22,6 +22,9 @@ paths:
/api/rbac-grants:
$ref: "./api-definition/rbac-grants.yaml"
/api/rbac-grants/{grantedRoleUuid}/{granteeUserUuid}:
$ref: "./api-definition/rbac-grants-id.yaml"
# HS
/api/customers:

30
src/main/resources/api-definition/rbac-grants-id.yaml Normal file
View File

@ -0,0 +1,30 @@
delete:
tags:
- rbacgrants
operationId: revokeRoleFromUser
parameters:
- $ref: './api-definition/auth.yaml#/components/parameters/currentUser'
- $ref: './api-definition/auth.yaml#/components/parameters/assumedRoles'
- name: grantedRoleUuid
in: path
required: true
schema:
type: string
format: uuid
description: UUID of the granted role.
- name: granteeUserUuid
in: path
required: true
schema:
type: string
format: uuid
description: UUID of the user to whom the role was granted.
responses:
"204":
description: No Content
"401":
$ref: './api-definition/error-responses.yaml#/components/responses/Unauthorized'
"403":
$ref: './api-definition/error-responses.yaml#/components/responses/Forbidden'
"404":
$ref: './api-definition/error-responses.yaml#/components/responses/NotFound'

1
src/main/resources/api-definition/rbac-grants.yaml
View File

@ -31,6 +31,7 @@ post:
responses:
"201":
description: OK
content:
"401":
$ref: './api-definition/error-responses.yaml#/components/responses/Unauthorized'
"403":