hostsharing/hs.hsadmin.ng
1
0
Fork 0
Code Activity

api-definition subdirectories rbac+test

Browse Source
This commit is contained in:
Michael Hoennig
2022-09-02 13:11:15 +02:00
parent 3541b0c48c
commit cd9be1db75
38 changed files with 373 additions and 329 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/main/resources/api-definition/rbac/api-mappings.yaml Normal file
View File

@@ -0,0 +1,12 @@
openapi-processor-mapping: v2
options:
package-name: net.hostsharing.hsadminng.rbac.generated.api.v1
model-name-suffix: Resource
map:
result: org.springframework.http.ResponseEntity
types:
- type: array => java.util.List
- type: string:uuid => java.util.UUID

1
src/main/resources/api-definition/rbac/auth.yaml Symbolic link
View File

@@ -0,0 +1 @@
../auth.yaml

1
src/main/resources/api-definition/rbac/error-responses.yaml Symbolic link
View File

@@ -0,0 +1 @@
../error-responses.yaml

28
src/main/resources/api-definition/rbac/rbac-grant-schemas.yaml Normal file
View File

@@ -0,0 +1,28 @@
components:
schemas:
RbacGrant:
type: object
properties:
grantedByRoleIdName:
type: string
grantedByRoleUuid:
type: string
format: uuid
assumed:
type: boolean
grantedRoleIdName:
type: string
grantedRoleUuid:
type: string
format: uuid
granteeUserName:
type: string
granteeUserUuid:
type: string
format: uuid
required:
- grantedRoleUuid
- granteeUserUuid

65
src/main/resources/api-definition/rbac/rbac-grants-with-id.yaml Normal file
View File

@@ -0,0 +1,65 @@
get:
tags:
- rbac-grants
operationId: getGrantById
parameters:
- $ref: './auth.yaml#/components/parameters/currentUser'
- $ref: './auth.yaml#/components/parameters/assumedRoles'
- name: grantedRoleUuid
in: path
required: true
schema:
type: string
format: uuid
description: UUID of the granted role.
- name: granteeUserUuid
in: path
required: true
schema:
type: string
format: uuid
description: UUID of the user to whom the role was granted.
responses:
"200":
description: OK
content:
'application/json':
schema:
$ref: './rbac-grant-schemas.yaml#/components/schemas/RbacGrant'
"401":
$ref: './error-responses.yaml#/components/responses/Unauthorized'
"403":
$ref: './error-responses.yaml#/components/responses/Forbidden'
"404":
$ref: './error-responses.yaml#/components/responses/NotFound'
delete:
tags:
- rbac-grants
operationId: revokeRoleFromUser
parameters:
- $ref: './auth.yaml#/components/parameters/currentUser'
- $ref: './auth.yaml#/components/parameters/assumedRoles'
- name: grantedRoleUuid
in: path
required: true
schema:
type: string
format: uuid
description: UUID of the granted role.
- name: granteeUserUuid
in: path
required: true
schema:
type: string
format: uuid
description: UUID of the user to whom the role was granted.
responses:
"204":
description: No Content
"401":
$ref: './error-responses.yaml#/components/responses/Unauthorized'
"403":
$ref: './error-responses.yaml#/components/responses/Forbidden'
"404":
$ref: './error-responses.yaml#/components/responses/NotFound'

43
src/main/resources/api-definition/rbac/rbac-grants.yaml Normal file
View File

@@ -0,0 +1,43 @@
get:
tags:
- rbac-grants
operationId: listUserGrants
parameters:
- $ref: './auth.yaml#/components/parameters/currentUser'
- $ref: './auth.yaml#/components/parameters/assumedRoles'
responses:
"200":
description: OK
content:
'application/json':
schema:
type: array
items:
$ref: './rbac-grant-schemas.yaml#/components/schemas/RbacGrant'
post:
tags:
- rbac-grants
operationId: grantRoleToUser
parameters:
- $ref: './auth.yaml#/components/parameters/currentUser'
- $ref: './auth.yaml#/components/parameters/assumedRoles'
requestBody:
required: true
content:
application/json:
schema:
$ref: './rbac-grant-schemas.yaml#/components/schemas/RbacGrant'
responses:
"201":
description: OK
content:
'application/json':
schema:
$ref: './rbac-grant-schemas.yaml#/components/schemas/RbacGrant'
"401":
$ref: './error-responses.yaml#/components/responses/Unauthorized'
"403":
$ref: './error-responses.yaml#/components/responses/Forbidden'
"409":
$ref: './error-responses.yaml#/components/responses/Conflict'

26
src/main/resources/api-definition/rbac/rbac-role-schemas.yaml Normal file
View File

@@ -0,0 +1,26 @@
components:
schemas:
RbacRole:
type: object
properties:
uuid:
type: string
format: uuid
objectUuid:
type: string
format: uuid
objectTable:
type: string
objectIdName:
type: string
roleType:
type: string
enum:
- owner
- admin
- tenant
roleName:
type: string

16
src/main/resources/api-definition/rbac/rbac-roles.yaml Normal file
View File

@@ -0,0 +1,16 @@
get:
tags:
- rbac-roles
operationId: listRoles
parameters:
- $ref: './auth.yaml#/components/parameters/currentUser'
- $ref: './auth.yaml#/components/parameters/assumedRoles'
responses:
"200":
description: OK
content:
'application/json':
schema:
type: array
items:
$ref: './rbac-role-schemas.yaml#/components/schemas/RbacRole'

33
src/main/resources/api-definition/rbac/rbac-user-schemas.yaml Normal file
View File

@@ -0,0 +1,33 @@
components:
schemas:
RbacUser:
type: object
properties:
uuid:
type: string
format: uuid
name:
type: string
RbacUserPermission:
type: object
properties:
objectUuid:
type: string
format: uuid
objectTable:
type: string
objectIdName:
type: string
roleName:
type: string
roleUuid:
type: string
format: uuid
permissionUuid:
type: string
format: uuid
op:
type: string

28
src/main/resources/api-definition/rbac/rbac-users-with-id-permissions.yaml Normal file
View File

@@ -0,0 +1,28 @@
get:
tags:
- rbac-users
description: 'List all visible permissions granted to the given user; reduced '
operationId: listUserPermissions
parameters:
- $ref: './auth.yaml#/components/parameters/currentUser'
- $ref: './auth.yaml#/components/parameters/assumedRoles'
- name: userUuid
in: path
required: true
schema:
type: string
format: uuid
responses:
"200":
description: OK
content:
'application/json':
schema:
type: array
items:
$ref: './rbac-user-schemas.yaml#/components/schemas/RbacUserPermission'
"401":
$ref: './error-responses.yaml#/components/responses/Unauthorized'
"403":
$ref: './error-responses.yaml#/components/responses/Forbidden'

51
src/main/resources/api-definition/rbac/rbac-users-with-uuid.yaml Normal file
View File

@@ -0,0 +1,51 @@
get:
tags:
- rbac-users
description: 'Fetch a single user by its id, if visible for the current subject.'
operationId: getUserById
parameters:
- $ref: './auth.yaml#/components/parameters/currentUser'
- $ref: './auth.yaml#/components/parameters/assumedRoles'
- name: userUuid
in: path
required: true
schema:
type: string
format: uuid
responses:
"200":
description: OK
content:
'application/json':
schema:
$ref: './rbac-user-schemas.yaml#/components/schemas/RbacUser'
"401":
$ref: './error-responses.yaml#/components/responses/Unauthorized'
"403":
$ref: './error-responses.yaml#/components/responses/Forbidden'
delete:
tags:
- rbac-users
operationId: deleteUserByUuid
parameters:
- $ref: './auth.yaml#/components/parameters/currentUser'
- $ref: './auth.yaml#/components/parameters/assumedRoles'
- name: userUuid
in: path
required: true
schema:
type: string
format: uuid
description: UUID of the user to delete.
responses:
"204":
description: No Content
"401":
$ref: './error-responses.yaml#/components/responses/Unauthorized'
"403":
$ref: './error-responses.yaml#/components/responses/Forbidden'
"404":
$ref: './error-responses.yaml#/components/responses/NotFound'

48
src/main/resources/api-definition/rbac/rbac-users.yaml Normal file
View File

@@ -0,0 +1,48 @@
get:
tags:
- rbac-users
description: List accessible RBAC users with optional filter by name.
operationId: listUsers
parameters:
- $ref: './auth.yaml#/components/parameters/currentUser'
- $ref: './auth.yaml#/components/parameters/assumedRoles'
- name: name
in: query
required: false
schema:
type: string
responses:
'200':
description: OK
content:
'application/json':
schema:
type: array
items:
$ref: './rbac-user-schemas.yaml#/components/schemas/RbacUser'
'401':
$ref: './error-responses.yaml#/components/responses/Unauthorized'
'403':
$ref: './error-responses.yaml#/components/responses/Forbidden'
post:
tags:
- rbac-users
description: Create a new RBAC user.
operationId: createUser
requestBody:
required: true
content:
application/json:
schema:
$ref: './rbac-user-schemas.yaml#/components/schemas/RbacUser'
responses:
'201':
description: Created
content:
'application/json':
schema:
$ref: './rbac-user-schemas.yaml#/components/schemas/RbacUser'
'409':
$ref: './error-responses.yaml#/components/responses/Conflict'

28
src/main/resources/api-definition/rbac/rbac.yaml Normal file
View File

@@ -0,0 +1,28 @@
openapi: 3.0.1
info:
title: Hostsharing hsadmin-ng API
version: v0
servers:
- url: http://localhost:8080
description: Local development default URL.
paths:
/api/rbac/users:
$ref: './rbac-users.yaml'
/api/rbac/users/{userUuid}/permissions:
$ref: './rbac-users-with-id-permissions.yaml'
/api/rbac/users/{userUuid}:
$ref: './rbac-users-with-uuid.yaml'
/api/rbac/roles:
$ref: './rbac-roles.yaml'
/api/rbac/grants:
$ref: './rbac-grants.yaml'
/api/rbac/grants/{grantedRoleUuid}/{granteeUserUuid}:
$ref: './rbac-grants-with-id.yaml'