2 年之前 · 902f11a1d9
--- a/kafka-ui-api/src/main/java/com/provectus/kafka/ui/model/rbac/Permission.java
+++ b/kafka-ui-api/src/main/java/com/provectus/kafka/ui/model/rbac/Permission.java
@@ -1,5 +1,6 @@
 
				 package com.provectus.kafka.ui.model.rbac;
			
 
				 
			
 
				+import static com.provectus.kafka.ui.model.rbac.Resource.ACL;
			
 
				 import static com.provectus.kafka.ui.model.rbac.Resource.APPLICATIONCONFIG;
			
 
				 import static com.provectus.kafka.ui.model.rbac.Resource.CLUSTERCONFIG;
			
 
				 import static com.provectus.kafka.ui.model.rbac.Resource.KSQL;
			
@@ -27,7 +28,7 @@ import org.springframework.util.Assert;
 
				 @EqualsAndHashCode
			
 
				 public class Permission {
			
 
				 
			
 
				-  private static final List<Resource> RBAC_ACTION_EXEMPT_LIST = List.of(KSQL, CLUSTERCONFIG, APPLICATIONCONFIG);
			
 
				+  private static final List<Resource> RBAC_ACTION_EXEMPT_LIST = List.of(KSQL, CLUSTERCONFIG, APPLICATIONCONFIG, ACL);
			
 
				 
			
 
				   Resource resource;
			
 
				   List<String> actions;
			
--- a/kafka-ui-api/src/main/java/com/provectus/kafka/ui/service/FeatureService.java
+++ b/kafka-ui-api/src/main/java/com/provectus/kafka/ui/service/FeatureService.java
@@ -9,7 +9,6 @@ import java.util.Map;
 
				 import java.util.Optional;
			
 
				 import java.util.Set;
			
 
				 import java.util.function.Predicate;
			
 
				-import lombok.RequiredArgsConstructor;
			
 
				 import lombok.extern.slf4j.Slf4j;
			
 
				 import org.apache.kafka.common.acl.AclOperation;
			
 
				 import org.springframework.stereotype.Service;
			
@@ -17,12 +16,9 @@ import reactor.core.publisher.Flux;
 
				 import reactor.core.publisher.Mono;
			
 
				 
			
 
				 @Service
			
 
				-@RequiredArgsConstructor
			
 
				 @Slf4j
			
 
				 public class FeatureService {
			
 
				 
			
 
				-  private final AdminClientService adminClientService;
			
 
				-
			
 
				   public Mono<List<ClusterFeature>> getAvailableFeatures(ReactiveAdminClient adminClient,
			
 
				                                                          KafkaCluster cluster,
			
 
				                                                          ClusterDescription clusterDescription) {
			
@@ -43,8 +39,8 @@ public class FeatureService {
 
				     }
			
 
				 
			
 
				     features.add(topicDeletionEnabled(adminClient));
			
 
				-    features.add(aclView(cluster));
			
 
				-    features.add(aclEdit(clusterDescription));
			
 
				+    features.add(aclView(adminClient));
			
 
				+    features.add(aclEdit(adminClient, clusterDescription));
			
 
				 
			
 
				     return Flux.fromIterable(features).flatMap(m -> m).collectList();
			
 
				   }
			
@@ -55,19 +51,23 @@ public class FeatureService {
 
				         : Mono.empty();
			
 
				   }
			
 
				 
			
 
				-  private Mono<ClusterFeature> aclEdit(ClusterDescription clusterDescription) {
			
 
				+  private Mono<ClusterFeature> aclEdit(ReactiveAdminClient adminClient, ClusterDescription clusterDescription) {
			
 
				     var authorizedOps = Optional.ofNullable(clusterDescription.getAuthorizedOperations()).orElse(Set.of());
			
 
				-    boolean canEdit = authorizedOps.contains(AclOperation.ALL) || authorizedOps.contains(AclOperation.ALTER);
			
 
				+    boolean canEdit = aclViewEnabled(adminClient)
			
 
				+        && (authorizedOps.contains(AclOperation.ALL) || authorizedOps.contains(AclOperation.ALTER));
			
 
				     return canEdit
			
 
				         ? Mono.just(ClusterFeature.KAFKA_ACL_EDIT)
			
 
				         : Mono.empty();
			
 
				   }
			
 
				 
			
 
				-  private Mono<ClusterFeature> aclView(KafkaCluster cluster) {
			
 
				-    return adminClientService.get(cluster).flatMap(
			
 
				-        ac -> ac.getClusterFeatures().contains(ReactiveAdminClient.SupportedFeature.AUTHORIZED_SECURITY_ENABLED)
			
 
				-            ? Mono.just(ClusterFeature.KAFKA_ACL_VIEW)
			
 
				-            : Mono.empty()
			
 
				-    );
			
 
				+  private Mono<ClusterFeature> aclView(ReactiveAdminClient adminClient) {
			
 
				+    return aclViewEnabled(adminClient)
			
 
				+        ? Mono.just(ClusterFeature.KAFKA_ACL_VIEW)
			
 
				+        : Mono.empty();
			
 
				   }
			
 
				+
			
 
				+  private boolean aclViewEnabled(ReactiveAdminClient adminClient) {
			
 
				+    return adminClient.getClusterFeatures().contains(ReactiveAdminClient.SupportedFeature.AUTHORIZED_SECURITY_ENABLED);
			
 
				+  }
			
 
				+
			
 
				 }
			
--- a/kafka-ui-api/src/main/java/com/provectus/kafka/ui/service/acl/AclsService.java
+++ b/kafka-ui-api/src/main/java/com/provectus/kafka/ui/service/acl/AclsService.java
@@ -3,6 +3,7 @@ package com.provectus.kafka.ui.service.acl;
 
				 import com.google.common.collect.Sets;
			
 
				 import com.provectus.kafka.ui.model.KafkaCluster;
			
 
				 import com.provectus.kafka.ui.service.AdminClientService;
			
 
				+import java.util.Comparator;
			
 
				 import java.util.List;
			
 
				 import java.util.Set;
			
 
				 import lombok.RequiredArgsConstructor;
			
@@ -39,7 +40,8 @@ public class AclsService {
 
				   public Flux<AclBinding> listAcls(KafkaCluster cluster, ResourcePatternFilter filter) {
			
 
				     return adminClientService.get(cluster)
			
 
				         .flatMap(c -> c.listAcls(filter))
			
 
				-        .flatMapIterable(acls -> acls);
			
 
				+        .flatMapIterable(acls -> acls)
			
 
				+        .sort(Comparator.comparing(AclBinding::toString));  //sorting to keep stable order on different calls
			
 
				   }
			
 
				 
			
 
				   public Mono<String> getAclAsCsvString(KafkaCluster cluster) {