Add missing RBAC action, fix possible exceptions on unknown actions

2023-05-11 16:36:35 +08:00 · 2023-05-11 16:36:35 +08:00 · 86d34fa259
commit 86d34fa259
parent 52a42e698e
2 changed files with 19 additions and 8 deletions
--- a/kafka-ui-api/src/main/java/com/provectus/kafka/ui/controller/AccessController.java
+++ b/kafka-ui-api/src/main/java/com/provectus/kafka/ui/controller/AccessController.java
@ -12,8 +12,11 @@ import java.security.Principal;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.List;
+import java.util.Objects;
 import java.util.stream.Collectors;
+import javax.annotation.Nullable;
 import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.core.context.ReactiveSecurityContextHolder;
 import org.springframework.security.core.context.SecurityContext;
@ -23,14 +26,13 @@ import reactor.core.publisher.Mono;

@RestController
@RequiredArgsConstructor
+@Slf4j
 public class AccessController implements AuthorizationApi {

  private final AccessControlService accessControlService;

  public Mono<ResponseEntity<AuthenticationInfoDTO>> getUserAuthInfo(ServerWebExchange exchange) {
-    AuthenticationInfoDTO dto = new AuthenticationInfoDTO();
-    dto.setRbacEnabled(accessControlService.isRbacEnabled());
-    UserInfoDTO userInfo = new UserInfoDTO();
+    AuthenticationInfoDTO dto = new AuthenticationInfoDTO(accessControlService.isRbacEnabled());

    Mono<List<UserPermissionDTO>> permissions = accessControlService.getUser()
        .map(user -> accessControlService.getRoles()
@ -49,10 +51,7 @@ public class AccessController implements AuthorizationApi {
    return userName
        .zipWith(permissions)
        .map(data -> {
-          userInfo.setUsername(data.getT1());
-          userInfo.setPermissions(data.getT2());
-
-          dto.setUserInfo(userInfo);
+          dto.setUserInfo(new UserInfoDTO(data.getT1(), data.getT2()));
          return dto;
        })
        .switchIfEmpty(Mono.just(dto))
@ -70,11 +69,22 @@ public class AccessController implements AuthorizationApi {
          dto.setActions(permission.getActions()
              .stream()
              .map(String::toUpperCase)
-              .map(ActionDTO::valueOf)
+              .map(this::mapAction)
+              .filter(Objects::nonNull)
              .collect(Collectors.toList()));
          return dto;
        })
        .collect(Collectors.toList());
  }

+  @Nullable
+  private ActionDTO mapAction(String name) {
+    try {
+      return ActionDTO.fromValue(name);
+    } catch (IllegalArgumentException e) {
+      log.warn("Unknown Action [{}], skipping", name);
+      return null;
+    }
+  }
+
 }
--- a/kafka-ui-contract/src/main/resources/swagger/kafka-ui-api.yaml
+++ b/kafka-ui-contract/src/main/resources/swagger/kafka-ui-api.yaml
@ -3452,6 +3452,7 @@ components:
        - MESSAGES_READ
        - MESSAGES_PRODUCE
        - MESSAGES_DELETE
+        - RESTART

    ResourceType:
      type: string