dependant actions added

kafka-ui-api/src/main/java/com/provectus/kafka/ui/model/rbac/Permission.java

@@ -10,7 +10,6 @@ import javax.annotation.Nullable;
 import lombok.EqualsAndHashCode;
 import lombok.Getter;
 import lombok.ToString;
-import org.apache.commons.collections.CollectionUtils;
 
 @Getter
 @ToString
@@ -20,7 +19,7 @@ public class Permission {
   Resource resource;
 
   List<String> actions;
-  transient List<PermissibleAction> parsedActions;
+  transient List<PermissibleAction> parsedActions; //includes all dependant actions
 
   @Nullable
   String value;
@@ -54,7 +53,7 @@ public class Permission {
     if (actions.stream().anyMatch("ALL"::equalsIgnoreCase)) {
       this.parsedActions = resource.allActions();
     } else {
-      this.parsedActions = resource.parseActions(actions);
+      this.parsedActions = resource.parseActionsWithDependantsUnnest(actions);
     }
   }
 

kafka-ui-api/src/main/java/com/provectus/kafka/ui/model/rbac/Resource.java

@@ -11,6 +11,7 @@ import com.provectus.kafka.ui.model.rbac.permission.SchemaAction;
 import com.provectus.kafka.ui.model.rbac.permission.TopicAction;
 import jakarta.annotation.Nullable;
 import java.util.List;
+import java.util.stream.Stream;
 import org.apache.commons.lang3.EnumUtils;
 
 public enum Resource {
@@ -48,7 +49,7 @@ public enum Resource {
     return EnumUtils.getEnum(Resource.class, name);
   }
 
-  public List<PermissibleAction> parseActions(List<String> actionsToParse) {
+  public List<PermissibleAction> parseActionsWithDependantsUnnest(List<String> actionsToParse) {
     return actionsToParse.stream()
         .map(toParse -> actions.stream()
             .filter(a -> toParse.equalsIgnoreCase(a.name()))
@@ -56,6 +57,8 @@ public enum Resource {
             .orElseThrow(() -> new IllegalArgumentException(
                 "'%s' actions not applicable for resource %s".formatted(toParse, name())))
         )
+        // unnesting all dependant actions
+        .flatMap(a -> Stream.concat(Stream.of(a), a.unnestAllDependants()))
         .toList();
   }
 

kafka-ui-api/src/main/java/com/provectus/kafka/ui/model/rbac/permission/AclAction.java

@@ -7,12 +7,18 @@ import org.jetbrains.annotations.Nullable;
 public enum AclAction implements PermissibleAction {
 
   VIEW,
-  EDIT
+  EDIT(VIEW)
 
   ;
 
   public static final Set<AclAction> ALTER_ACTIONS = Set.of(EDIT);
 
+  private final PermissibleAction[] dependantActions;
+
+  AclAction(AclAction... dependantActions) {
+    this.dependantActions = dependantActions;
+  }
+
   @Nullable
   public static AclAction fromString(String name) {
     return EnumUtils.getEnum(AclAction.class, name);
@@ -22,4 +28,9 @@ public enum AclAction implements PermissibleAction {
   public boolean isAlter() {
     return ALTER_ACTIONS.contains(this);
   }
+
+  @Override
+  public PermissibleAction[] dependantActions() {
+    return dependantActions;
+  }
 }

kafka-ui-api/src/main/java/com/provectus/kafka/ui/model/rbac/permission/ApplicationConfigAction.java

@@ -7,12 +7,18 @@ import org.jetbrains.annotations.Nullable;
 public enum ApplicationConfigAction implements PermissibleAction {
 
   VIEW,
-  EDIT
+  EDIT(VIEW)
 
   ;
 
   public static final Set<ApplicationConfigAction> ALTER_ACTIONS = Set.of(EDIT);
 
+  private final PermissibleAction[] dependantActions;
+
+  ApplicationConfigAction(ApplicationConfigAction... dependantActions) {
+    this.dependantActions = dependantActions;
+  }
+
   @Nullable
   public static ApplicationConfigAction fromString(String name) {
     return EnumUtils.getEnum(ApplicationConfigAction.class, name);
@@ -22,4 +28,9 @@ public enum ApplicationConfigAction implements PermissibleAction {
   public boolean isAlter() {
     return ALTER_ACTIONS.contains(this);
   }
+
+  @Override
+  public PermissibleAction[] dependantActions() {
+    return dependantActions;
+  }
 }

kafka-ui-api/src/main/java/com/provectus/kafka/ui/model/rbac/permission/AuditAction.java

@@ -12,6 +12,12 @@ public enum AuditAction implements PermissibleAction {
 
   private static final Set<AuditAction> ALTER_ACTIONS = Set.of();
 
+  private final AclAction[] dependantActions;
+
+  AuditAction(AclAction... dependantActions) {
+    this.dependantActions = dependantActions;
+  }
+
   @Nullable
   public static AuditAction fromString(String name) {
     return EnumUtils.getEnum(AuditAction.class, name);
@@ -21,4 +27,9 @@ public enum AuditAction implements PermissibleAction {
   public boolean isAlter() {
     return ALTER_ACTIONS.contains(this);
   }
+
+  @Override
+  public PermissibleAction[] dependantActions() {
+    return dependantActions;
+  }
 }

kafka-ui-api/src/main/java/com/provectus/kafka/ui/model/rbac/permission/ClusterConfigAction.java

@@ -7,12 +7,18 @@ import org.jetbrains.annotations.Nullable;
 public enum ClusterConfigAction implements PermissibleAction {
 
   VIEW,
-  EDIT
+  EDIT(VIEW)
 
   ;
 
   public static final Set<ClusterConfigAction> ALTER_ACTIONS = Set.of(EDIT);
 
+  private final ClusterConfigAction[] dependantActions;
+
+  ClusterConfigAction(ClusterConfigAction... dependantActions) {
+    this.dependantActions = dependantActions;
+  }
+
   @Nullable
   public static ClusterConfigAction fromString(String name) {
     return EnumUtils.getEnum(ClusterConfigAction.class, name);
@@ -22,4 +28,9 @@ public enum ClusterConfigAction implements PermissibleAction {
   public boolean isAlter() {
     return ALTER_ACTIONS.contains(this);
   }
+
+  @Override
+  public PermissibleAction[] dependantActions() {
+    return dependantActions;
+  }
 }

kafka-ui-api/src/main/java/com/provectus/kafka/ui/model/rbac/permission/ConnectAction.java

@@ -7,12 +7,18 @@ import org.jetbrains.annotations.Nullable;
 public enum ConnectAction implements PermissibleAction {
 
   VIEW,
-  EDIT,
-  CREATE,
-  RESTART
+  EDIT(VIEW),
+  CREATE(VIEW),
+  RESTART(VIEW)
 
   ;
 
+  private final ConnectAction[] dependantActions;
+
+  ConnectAction(ConnectAction... dependantActions) {
+    this.dependantActions = dependantActions;
+  }
+
   public static final Set<ConnectAction> ALTER_ACTIONS = Set.of(CREATE, EDIT, RESTART);
 
   @Nullable
@@ -24,4 +30,9 @@ public enum ConnectAction implements PermissibleAction {
   public boolean isAlter() {
     return ALTER_ACTIONS.contains(this);
   }
+
+  @Override
+  public PermissibleAction[] dependantActions() {
+    return dependantActions;
+  }
 }

kafka-ui-api/src/main/java/com/provectus/kafka/ui/model/rbac/permission/ConsumerGroupAction.java

@@ -7,13 +7,19 @@ import org.jetbrains.annotations.Nullable;
 public enum ConsumerGroupAction implements PermissibleAction {
 
   VIEW,
-  DELETE,
-  RESET_OFFSETS
+  DELETE(VIEW),
+  RESET_OFFSETS(VIEW)
 
   ;
 
   public static final Set<ConsumerGroupAction> ALTER_ACTIONS = Set.of(DELETE, RESET_OFFSETS);
 
+  private final ConsumerGroupAction[] dependantActions;
+
+  ConsumerGroupAction(ConsumerGroupAction... dependantActions) {
+    this.dependantActions = dependantActions;
+  }
+
   @Nullable
   public static ConsumerGroupAction fromString(String name) {
     return EnumUtils.getEnum(ConsumerGroupAction.class, name);
@@ -23,4 +29,9 @@ public enum ConsumerGroupAction implements PermissibleAction {
   public boolean isAlter() {
     return ALTER_ACTIONS.contains(this);
   }
+
+  @Override
+  public PermissibleAction[] dependantActions() {
+    return dependantActions;
+  }
 }

kafka-ui-api/src/main/java/com/provectus/kafka/ui/model/rbac/permission/KsqlAction.java

@@ -12,6 +12,12 @@ public enum KsqlAction implements PermissibleAction {
 
   public static final Set<KsqlAction> ALTER_ACTIONS = Set.of(EXECUTE);
 
+  private final KsqlAction[] dependantActions;
+
+  KsqlAction(KsqlAction... dependantActions) {
+    this.dependantActions = dependantActions;
+  }
+
   @Nullable
   public static KsqlAction fromString(String name) {
     return EnumUtils.getEnum(KsqlAction.class, name);
@@ -21,4 +27,9 @@ public enum KsqlAction implements PermissibleAction {
   public boolean isAlter() {
     return ALTER_ACTIONS.contains(this);
   }
+
+  @Override
+  public PermissibleAction[] dependantActions() {
+    return dependantActions;
+  }
 }

kafka-ui-api/src/main/java/com/provectus/kafka/ui/model/rbac/permission/PermissibleAction.java

@@ -1,5 +1,7 @@
 package com.provectus.kafka.ui.model.rbac.permission;
 
+import java.util.stream.Stream;
+
 public sealed interface PermissibleAction permits
     AclAction, ApplicationConfigAction,
     ConsumerGroupAction, SchemaAction,
@@ -10,4 +12,16 @@ public sealed interface PermissibleAction permits
 
   boolean isAlter();
 
+  /**
+   * Actions that are direct parts (childs) of this action. If current action is allowed for user, then
+   * all dependant actions supposed to be allowed. Dependants can also have their dependants, that can be recursively
+   * unnested with `unnestAllDependants` method.
+   */
+  PermissibleAction[] dependantActions();
+
+  // recursively unnest all action's dependants
+  default Stream<PermissibleAction> unnestAllDependants() {
+    return Stream.of(dependantActions()).flatMap(dep -> Stream.concat(Stream.of(dep), dep.unnestAllDependants()));
+  }
+
 }

kafka-ui-api/src/main/java/com/provectus/kafka/ui/model/rbac/permission/SchemaAction.java

@@ -7,15 +7,21 @@ import org.jetbrains.annotations.Nullable;
 public enum SchemaAction implements PermissibleAction {
 
   VIEW,
-  CREATE,
-  DELETE,
-  EDIT,
+  CREATE(VIEW),
+  DELETE(VIEW),
+  EDIT(VIEW),
   MODIFY_GLOBAL_COMPATIBILITY
 
   ;
 
   public static final Set<SchemaAction> ALTER_ACTIONS = Set.of(CREATE, DELETE, EDIT, MODIFY_GLOBAL_COMPATIBILITY);
 
+  private final SchemaAction[] dependantActions;
+
+  SchemaAction(SchemaAction... dependantActions) {
+    this.dependantActions = dependantActions;
+  }
+
   @Nullable
   public static SchemaAction fromString(String name) {
     return EnumUtils.getEnum(SchemaAction.class, name);
@@ -25,4 +31,9 @@ public enum SchemaAction implements PermissibleAction {
   public boolean isAlter() {
     return ALTER_ACTIONS.contains(this);
   }
+
+  @Override
+  public PermissibleAction[] dependantActions() {
+    return dependantActions;
+  }
 }

kafka-ui-api/src/main/java/com/provectus/kafka/ui/model/rbac/permission/TopicAction.java

@@ -7,17 +7,23 @@ import org.jetbrains.annotations.Nullable;
 public enum TopicAction implements PermissibleAction {
 
   VIEW,
-  CREATE,
-  EDIT,
-  DELETE,
-  MESSAGES_READ,
-  MESSAGES_PRODUCE,
-  MESSAGES_DELETE,
+  CREATE(VIEW),
+  EDIT(VIEW),
+  DELETE(VIEW),
+  MESSAGES_READ(VIEW),
+  MESSAGES_PRODUCE(VIEW),
+  MESSAGES_DELETE(VIEW, EDIT),
 
   ;
 
   public static final Set<TopicAction> ALTER_ACTIONS = Set.of(CREATE, EDIT, DELETE, MESSAGES_PRODUCE, MESSAGES_DELETE);
 
+  private final TopicAction[] dependantActions;
+
+  TopicAction(TopicAction... dependantActions) {
+    this.dependantActions = dependantActions;
+  }
+
   @Nullable
   public static TopicAction fromString(String name) {
     return EnumUtils.getEnum(TopicAction.class, name);
@@ -27,4 +33,9 @@ public enum TopicAction implements PermissibleAction {
   public boolean isAlter() {
     return ALTER_ACTIONS.contains(this);
   }
+
+  @Override
+  public PermissibleAction[] dependantActions() {
+    return dependantActions;
+  }
 }

kafka-ui-api/src/test/java/com/provectus/kafka/ui/model/rbac/PermissionTest.java

@@ -37,4 +37,16 @@ class PermissionTest {
         .isEqualTo(List.of(TopicAction.values()));
   }
 
+  @Test
+  void transformUnnestsDependantActions() {
+    var p = new Permission();
+    p.setResource("toPic");
+    p.setActions(List.of("EDIT"));
+
+    p.transform();
+
+    assertThat(p.getParsedActions())
+        .containsExactlyInAnyOrder(TopicAction.VIEW, TopicAction.EDIT);
+  }
+
 }