0ct0pu5/kafka-ui
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add missing RBAC action, fix possible exceptions on unknown actions

Browse source
This commit is contained in:
Roman Zabaluev 2023-05-11 16:36:35 +08:00
parent 52a42e698e
commit 86d34fa259
2 changed files with 19 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
kafka-ui-api/src/main/java/com/provectus/kafka/ui/controller/AccessController.java
View file

@ -12,8 +12,11 @@ import java.security.Principal;
import java.util.Collection; import java.util.Collection;
import java.util.Collections; import java.util.Collections;
import java.util.List; import java.util.List;
import java.util.Objects;
import java.util.stream.Collectors; import java.util.stream.Collectors;
import javax.annotation.Nullable;
import lombok.RequiredArgsConstructor; import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.springframework.http.ResponseEntity; import org.springframework.http.ResponseEntity;
import org.springframework.security.core.context.ReactiveSecurityContextHolder; import org.springframework.security.core.context.ReactiveSecurityContextHolder;
import org.springframework.security.core.context.SecurityContext; import org.springframework.security.core.context.SecurityContext;
@ -23,14 +26,13 @@ import reactor.core.publisher.Mono;
@RestController @RestController
@RequiredArgsConstructor @RequiredArgsConstructor
@Slf4j
public class AccessController implements AuthorizationApi { public class AccessController implements AuthorizationApi {
private final AccessControlService accessControlService; private final AccessControlService accessControlService;
public Mono<ResponseEntity<AuthenticationInfoDTO>> getUserAuthInfo(ServerWebExchange exchange) { public Mono<ResponseEntity<AuthenticationInfoDTO>> getUserAuthInfo(ServerWebExchange exchange) {
AuthenticationInfoDTO dto = new AuthenticationInfoDTO(); AuthenticationInfoDTO dto = new AuthenticationInfoDTO(accessControlService.isRbacEnabled());
dto.setRbacEnabled(accessControlService.isRbacEnabled());
UserInfoDTO userInfo = new UserInfoDTO();
Mono<List<UserPermissionDTO>> permissions = accessControlService.getUser() Mono<List<UserPermissionDTO>> permissions = accessControlService.getUser()
.map(user -> accessControlService.getRoles() .map(user -> accessControlService.getRoles()
@ -49,10 +51,7 @@ public class AccessController implements AuthorizationApi {
return userName return userName
.zipWith(permissions) .zipWith(permissions)
.map(data -> { .map(data -> {
userInfo.setUsername(data.getT1()); dto.setUserInfo(new UserInfoDTO(data.getT1(), data.getT2()));
userInfo.setPermissions(data.getT2());
dto.setUserInfo(userInfo);
return dto; return dto;
}) })
.switchIfEmpty(Mono.just(dto)) .switchIfEmpty(Mono.just(dto))
@ -70,11 +69,22 @@ public class AccessController implements AuthorizationApi {
dto.setActions(permission.getActions() dto.setActions(permission.getActions()
.stream() .stream()
.map(String::toUpperCase) .map(String::toUpperCase)
.map(ActionDTO::valueOf) .map(this::mapAction)
.filter(Objects::nonNull)
.collect(Collectors.toList())); .collect(Collectors.toList()));
return dto; return dto;
}) })
.collect(Collectors.toList()); .collect(Collectors.toList());
} }
@Nullable
private ActionDTO mapAction(String name) {
try {
return ActionDTO.fromValue(name);
} catch (IllegalArgumentException e) {
log.warn("Unknown Action [{}], skipping", name);
return null;
}
}
} }

1
kafka-ui-contract/src/main/resources/swagger/kafka-ui-api.yaml
View file

@ -3452,6 +3452,7 @@ components:
- MESSAGES_READ - MESSAGES_READ
- MESSAGES_PRODUCE - MESSAGES_PRODUCE
- MESSAGES_DELETE - MESSAGES_DELETE
- RESTART
ResourceType: ResourceType:
type: string type: string