/**
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.pulsar.manager.controller;
import com.google.common.collect.Maps;
import com.google.common.collect.Sets;
import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiParam;
import io.swagger.annotations.ApiResponse;
import io.swagger.annotations.ApiResponses;
import org.apache.pulsar.manager.entity.NamespaceEntity;
import org.apache.pulsar.manager.entity.NamespacesRepository;
import org.apache.pulsar.manager.entity.RoleInfoEntity;
import org.apache.pulsar.manager.entity.RolesRepository;
import org.apache.pulsar.manager.service.RolesService;
import org.apache.pulsar.manager.utils.ResourceType;
import org.hibernate.validator.constraints.Range;
import org.springframework.http.ResponseEntity;
import org.springframework.validation.annotation.Validated;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;
import javax.servlet.http.HttpServletRequest;
import javax.validation.constraints.Min;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
/**
* Roles management controller.
*/
@RestController
@RequestMapping(value = "/pulsar-manager")
@Validated
public class RolesController {
private final RolesRepository rolesRepository;
private final RolesService rolesService;
private final NamespacesRepository namespacesRepository;
private final HttpServletRequest request;
public RolesController(
RolesRepository rolesRepository,
RolesService rolesService,
NamespacesRepository namespacesRepository,
HttpServletRequest request) {
this.rolesRepository = rolesRepository;
this.rolesService = rolesService;
this.namespacesRepository = namespacesRepository;
this.request = request;
}
@ApiOperation(value = "Get the list of existing roles, support paging, the default is 10 per page")
@ApiResponses({
@ApiResponse(code = 200, message = "ok"),
@ApiResponse(code = 404, message = "Not found"),
@ApiResponse(code = 500, message = "Internal server error")
})
@RequestMapping(value = "/roles", method = RequestMethod.GET)
public ResponseEntity<Map<String, Object>> getRoles(
@ApiParam(value = "page_num", defaultValue = "1", example = "1")
@RequestParam(name = "page_num", defaultValue = "1")
@Min(value = 1, message = "page_num is incorrect, should be greater than 0.")
Integer pageNum,
@ApiParam(value = "page_size", defaultValue = "10", example = "10")
@RequestParam(name = "page_size", defaultValue = "10")
@Range(min = 1, max = 1000, message = "page_size is incorrect, should be greater than 0 and less than 1000.")
Integer pageSize) {
String token = request.getHeader("token");
Map<String, Object> result = Maps.newHashMap();
String tenant = request.getHeader("tenant");
if (rolesService.isSuperUser(token)) {
List<RoleInfoEntity> roleInfoEntities = rolesRepository.findAllRolesList();
result.put("total", roleInfoEntities.size());
result.put("data", roleInfoEntities);
return ResponseEntity.ok(result);
}
Map<String, String> validateResult = rolesService.validateCurrentTenant(token, tenant);
if (validateResult.get("error") != null) {
result.put("error", validateResult.get("error"));
return ResponseEntity.ok(result);
}
List<RoleInfoEntity> roleInfoLists = rolesRepository.findRolesListByRoleSource(tenant);
result.put("total", roleInfoLists.size());
result.put("data", roleInfoLists);
return ResponseEntity.ok(result);
}
@ApiOperation(value = "Create a role")
@ApiResponses({
@ApiResponse(code = 200, message = "ok"),
@ApiResponse(code = 404, message = "Not found"),
@ApiResponse(code = 500, message = "Internal server error")
})
@RequestMapping(value = "/roles/role", method = RequestMethod.PUT)
public ResponseEntity<Map<String, Object>> addRole(
@RequestBody RoleInfoEntity roleInfoEntity) {
String token = request.getHeader("token");
Map<String, Object> result = Maps.newHashMap();
String tenant = request.getHeader("tenant");
Map<String, String> validateResult = rolesService.validateCurrentTenant(token, tenant);
if (validateResult.get("error") != null) {
result.put("error", validateResult.get("error"));
return ResponseEntity.ok(result);
}
Optional<RoleInfoEntity> optionalRoleInfoEntity = rolesRepository.findByRoleName(
roleInfoEntity.getRoleName(), tenant);
if (optionalRoleInfoEntity.isPresent()) {
result.put("error", "Failed add a role, role already exists.");
return ResponseEntity.ok(result);
}
/**
* Set the role flag,
* 0 for super user, will be initialized when the platform is established, can access all resources.
* 1 for ordinary users logged in from the platform, can access limited resources.
*/
roleInfoEntity.setFlag(1);
Map<String, String> roleInfoEntityValidate = rolesService.validateRoleInfoEntity(roleInfoEntity);
if (roleInfoEntityValidate.get("error") != null) {
result.put("error", roleInfoEntityValidate.get("error"));
return ResponseEntity.ok(result);
}
roleInfoEntity.setRoleSource(tenant);
rolesRepository.save(roleInfoEntity);
result.put("message", "Create a role success");
return ResponseEntity.ok(result);
}
@ApiOperation(value = "Update a role")
@ApiResponses({
@ApiResponse(code = 200, message = "ok"),
@ApiResponse(code = 404, message = "Not found"),
@ApiResponse(code = 500, message = "Internal server error")
})
@RequestMapping(value = "/roles/role", method = RequestMethod.POST)
public ResponseEntity<Map<String, Object>> updateRole(@RequestBody RoleInfoEntity roleInfoEntity) {
Map<String, Object> result = Maps.newHashMap();
String token = request.getHeader("token");
String tenant = request.getHeader("tenant");
Map<String, String> validateResult = rolesService.validateCurrentTenant(token, tenant);
if (validateResult.get("error") != null) {
result.put("error", validateResult.get("error"));
return ResponseEntity.ok(result);
}
Optional<RoleInfoEntity> optionalRoleInfoEntity = rolesRepository.findByRoleName(
roleInfoEntity.getRoleName(), tenant);
if (!optionalRoleInfoEntity.isPresent()) {
result.put("error", "Failed update a role, role does not exist.");
return ResponseEntity.ok(result);
}
RoleInfoEntity roleInfo = optionalRoleInfoEntity.get();
if (ResourceType.NAMESPACES.name().equals(roleInfoEntity.getResourceType())
|| ResourceType.TOPICS.name().equals(roleInfoEntity.getResourceType())) {
// More resource type need be added
Map<String, String> roleInfoEntityValidate = rolesService.validateRoleInfoEntity(roleInfoEntity);
if (roleInfoEntityValidate.get("error") != null) {
result.put("error", roleInfoEntityValidate.get("error"));
return ResponseEntity.ok(result);
}
roleInfoEntity.setFlag(roleInfo.getFlag());
roleInfoEntity.setRoleSource(tenant);
rolesRepository.update(roleInfoEntity);
result.put("message", "Update a role success");
return ResponseEntity.ok(result);
}
result.put("error", "Unsupported resource types");
return ResponseEntity.ok(result);
}
@ApiOperation(value = "Delete a role")
@ApiResponses({
@ApiResponse(code = 200, message = "ok"),
@ApiResponse(code = 404, message = "Not found"),
@ApiResponse(code = 500, message = "Internal server error")
})
@RequestMapping(value = "/roles/role", method = RequestMethod.DELETE)
public ResponseEntity<Map<String, Object>> deleteRole(@RequestBody RoleInfoEntity roleInfoEntity) {
Map<String, Object> result = Maps.newHashMap();
String token = request.getHeader("token");
String tenant = request.getHeader("tenant");
Map<String, String> validateResult = rolesService.validateCurrentTenant(token, tenant);
if (validateResult.get("error") != null) {
result.put("error", validateResult.get("error"));
return ResponseEntity.ok(result);
}
Optional<RoleInfoEntity> optionalRoleInfoEntity = rolesRepository.findByRoleName(
roleInfoEntity.getRoleName(), tenant);
if (!optionalRoleInfoEntity.isPresent()) {
result.put("error", "Failed delete a role, role does not exist.");
return ResponseEntity.ok(result);
}
// Cancel a permission
rolesRepository.delete(roleInfoEntity.getRoleName(), tenant);
result.put("message", "Delete a role success");
return ResponseEntity.ok(result);
}
@ApiOperation(value = "Get resource type")
@ApiResponses({
@ApiResponse(code = 200, message = "ok"),
@ApiResponse(code = 404, message = "Not found"),
@ApiResponse(code = 500, message = "Internal server error")
})
@RequestMapping(value = "/role/resourceType", method = RequestMethod.GET)
public ResponseEntity<Map<String, Object>> getResourceType() {
Map<String, Object> result = Maps.newHashMap();
Set<String> resourceTypeList = Sets.newHashSet();
resourceTypeList.add(ResourceType.NAMESPACES.name());
resourceTypeList.add(ResourceType.TOPICS.name());
resourceTypeList.add(ResourceType.SCHEMAS.name());
resourceTypeList.add(ResourceType.FUNCTIONS.name());
result.put("resourceType", resourceTypeList);
return ResponseEntity.ok(result);
}
@ApiOperation(value = "Get resource list by user id")
@ApiResponses({
@ApiResponse(code = 200, message = "ok"),
@ApiResponse(code = 404, message = "Not found"),
@ApiResponse(code = 500, message = "Internal server error")
})
@RequestMapping(value = "/role/resource/{resourceType}", method = RequestMethod.GET)
public ResponseEntity<Map<String, Object>> getResource(@PathVariable String resourceType) {
Map<String, Object> result = Maps.newHashMap();
String token = request.getHeader("token");
String tenant = request.getHeader("tenant");
Map<String, String> validateResult = rolesService.validateCurrentTenant(token, tenant);
if (validateResult.get("error") != null) {
result.put("error", validateResult.get("error"));
return ResponseEntity.ok(result);
}
List<NamespaceEntity> namespaceEntities = namespacesRepository.findByTenant(tenant);
Set<Map<String, Object>> nameSet = Sets.newHashSet();
for (NamespaceEntity namespaceEntity : namespaceEntities) {
Map<String, Object> namespace = Maps.newHashMap();
namespace.put("name", namespaceEntity.getNamespace());
namespace.put("id", namespaceEntity.getNamespaceId());
nameSet.add(namespace);
}
result.put("data", nameSet);
return ResponseEntity.ok(result);
}
@ApiOperation(value = "Get resource verbs by resource type and resource name")
@ApiResponses({
@ApiResponse(code = 200, message = "ok"),
@ApiResponse(code = 404, message = "Not found"),
@ApiResponse(code = 500, message = "Internal server error")
})
@RequestMapping(value = "/role/resourceVerbs/{resourceType}", method = RequestMethod.GET)
public ResponseEntity<Map<String, Object>> getResourceVerbs(
@PathVariable String resourceType) {
Map<String, Object> result = Maps.newHashMap();
Set<String> verbsSet = rolesService.getResourceVerbs(resourceType);
result.put("data", verbsSet);
return ResponseEntity.ok(result);
}
}
