You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@streampipes.apache.org by ri...@apache.org on 2022/11/29 07:39:27 UTC
[streampipes] branch dev updated: Add user roles for asset management (#813)
This is an automated email from the ASF dual-hosted git repository.
riemer pushed a commit to branch dev
in repository https://gitbox.apache.org/repos/asf/streampipes.git
The following commit(s) were added to refs/heads/dev by this push:
new 155a4603b Add user roles for asset management (#813)
155a4603b is described below
commit 155a4603b7f51600a4c4ed3272db1c6670e21095
Author: Dominik Riemer <do...@gmail.com>
AuthorDate: Tue Nov 29 08:39:10 2022 +0100
Add user roles for asset management (#813)
---
.../streampipes/model/client/user/Privilege.java | 9 ++++++++-
.../org/apache/streampipes/model/client/user/Role.java | 13 ++++++++++++-
.../rest/impl/{admin => }/AssetManagementResource.java | 18 ++++++++----------
.../streampipes/rest/security/AuthConstants.java | 3 +++
ui/deployment/modules.yml | 2 +-
ui/src/app/_enums/user-role.enum.ts | 4 +++-
ui/src/app/home/home.component.html | 2 +-
ui/src/app/home/home.component.ts | 8 ++++++++
ui/src/app/services/available-roles.service.ts | 2 ++
9 files changed, 46 insertions(+), 15 deletions(-)
diff --git a/streampipes-model-client/src/main/java/org/apache/streampipes/model/client/user/Privilege.java b/streampipes-model-client/src/main/java/org/apache/streampipes/model/client/user/Privilege.java
index 5950ba04e..127b0dbd9 100644
--- a/streampipes-model-client/src/main/java/org/apache/streampipes/model/client/user/Privilege.java
+++ b/streampipes-model-client/src/main/java/org/apache/streampipes/model/client/user/Privilege.java
@@ -66,7 +66,11 @@ public enum Privilege {
// FILES
PRIVILEGE_READ_FILES(Constants.PRIVILEGE_READ_FILES_VALUE),
PRIVILEGE_WRITE_FILES(Constants.PRIVILEGE_WRITE_FILES_VALUE),
- PRIVILEGE_DELETE_FILES(Constants.PRIVILEGE_DELETE_FILES_VALUE);
+ PRIVILEGE_DELETE_FILES(Constants.PRIVILEGE_DELETE_FILES_VALUE),
+
+ // ASSETS
+ PRIVILEGE_READ_ASSETS(Constants.PRIVILEGE_READ_ASSETS_VALUE),
+ PRIVILEGE_WRITE_ASSETS(Constants.PRIVILEGE_WRITE_ASSETS_VALUE);
private String privilegeString;
@@ -111,5 +115,8 @@ public enum Privilege {
public static final String PRIVILEGE_READ_FILES_VALUE = "PRIVILEGE_READ_FILES";
public static final String PRIVILEGE_WRITE_FILES_VALUE = "PRIVILEGE_WRITE_FILES";
public static final String PRIVILEGE_DELETE_FILES_VALUE = "PRIVILEGE_DELETE_FILES";
+
+ public static final String PRIVILEGE_READ_ASSETS_VALUE = "PRIVILEGE_READ_ASSETS";
+ public static final String PRIVILEGE_WRITE_ASSETS_VALUE = "PRIVILEGE_WRITE_ASSETS";
}
}
diff --git a/streampipes-model-client/src/main/java/org/apache/streampipes/model/client/user/Role.java b/streampipes-model-client/src/main/java/org/apache/streampipes/model/client/user/Role.java
index 8b963ede5..7f7a843ae 100644
--- a/streampipes-model-client/src/main/java/org/apache/streampipes/model/client/user/Role.java
+++ b/streampipes-model-client/src/main/java/org/apache/streampipes/model/client/user/Role.java
@@ -79,7 +79,16 @@ public enum Role {
Privilege.PRIVILEGE_READ_PIPELINE_ELEMENT
),
- ROLE_APP_USER(Constants.ROLE_APP_USER_VALUE);
+ ROLE_APP_USER(Constants.ROLE_APP_USER_VALUE,
+ Privilege.PRIVILEGE_READ_PIPELINE,
+ Privilege.PRIVILEGE_READ_PIPELINE_ELEMENT),
+
+ ROLE_ASSET_USER(Constants.ROLE_ASSET_USER_VALUE,
+ Privilege.PRIVILEGE_READ_ASSETS),
+
+ ROLE_ASSET_ADMIN(Constants.ROLE_ASSET_ADMIN_VALUE,
+ Privilege.PRIVILEGE_READ_ASSETS,
+ Privilege.PRIVILEGE_WRITE_ASSETS);
private List<Privilege> privileges;
private String roleString;
@@ -109,5 +118,7 @@ public enum Role {
public static final String ROLE_DATA_EXPLORER_USER_VALUE = "ROLE_DATA_EXPLORER_USER";
public static final String ROLE_PIPELINE_USER_VALUE = "ROLE_PIPELINE_USER";
public static final String ROLE_APP_USER_VALUE = "ROLE_APP_USER";
+ public static final String ROLE_ASSET_USER_VALUE = "ROLE_ASSET_USER";
+ public static final String ROLE_ASSET_ADMIN_VALUE = "ROLE_ASSET_ADMIN";
}
}
diff --git a/streampipes-rest/src/main/java/org/apache/streampipes/rest/impl/admin/AssetManagementResource.java b/streampipes-rest/src/main/java/org/apache/streampipes/rest/impl/AssetManagementResource.java
similarity index 87%
rename from streampipes-rest/src/main/java/org/apache/streampipes/rest/impl/admin/AssetManagementResource.java
rename to streampipes-rest/src/main/java/org/apache/streampipes/rest/impl/AssetManagementResource.java
index d0317aec5..bbbc0a8bf 100644
--- a/streampipes-rest/src/main/java/org/apache/streampipes/rest/impl/admin/AssetManagementResource.java
+++ b/streampipes-rest/src/main/java/org/apache/streampipes/rest/impl/AssetManagementResource.java
@@ -16,7 +16,7 @@
*
*/
-package org.apache.streampipes.rest.impl.admin;
+package org.apache.streampipes.rest.impl;
import org.apache.streampipes.rest.core.base.impl.AbstractAuthGuardedRestResource;
import org.apache.streampipes.rest.security.AuthConstants;
@@ -37,7 +37,6 @@ import java.util.Map;
@Path("/v2/assets")
@Component
-@PreAuthorize(AuthConstants.IS_ADMIN_ROLE)
public class AssetManagementResource extends AbstractAuthGuardedRestResource {
private static final Logger LOG = LoggerFactory.getLogger(AssetManagementResource.class);
@@ -46,19 +45,15 @@ public class AssetManagementResource extends AbstractAuthGuardedRestResource {
@GET
@Produces(MediaType.APPLICATION_JSON)
- public Response getAll() {
- try {
- List<Map<String, Object>> assets = getGenericStorage().findAll(APP_DOC_TYPE);
- return ok(assets);
- } catch (IOException e) {
- LOG.error("Could not connect to storage", e);
- return fail();
- }
+ @PreAuthorize(AuthConstants.HAS_READ_ASSETS_PRIVILEGE)
+ public List<Map<String, Object>> getAll() throws IOException {
+ return getGenericStorage().findAll(APP_DOC_TYPE);
}
@POST
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
+ @PreAuthorize(AuthConstants.HAS_WRITE_ASSETS_PRIVILEGE)
public Response create(String asset) {
try {
Map<String, Object> obj = getGenericStorage().create(asset);
@@ -72,6 +67,7 @@ public class AssetManagementResource extends AbstractAuthGuardedRestResource {
@GET
@Path("/{id}")
@Produces(MediaType.APPLICATION_JSON)
+ @PreAuthorize(AuthConstants.HAS_READ_ASSETS_PRIVILEGE)
public Response getCategory(@PathParam("id") String assetId) {
try {
Map<String, Object> obj = getGenericStorage().findOne(assetId);
@@ -86,6 +82,7 @@ public class AssetManagementResource extends AbstractAuthGuardedRestResource {
@Path("/{id}")
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
+ @PreAuthorize(AuthConstants.HAS_WRITE_ASSETS_PRIVILEGE)
public Response update(@PathParam("id") String assetId, String asset) {
try {
Map<String, Object> obj = getGenericStorage().update(assetId, asset);
@@ -99,6 +96,7 @@ public class AssetManagementResource extends AbstractAuthGuardedRestResource {
@DELETE
@Path("/{id}/{rev}")
@Produces(MediaType.APPLICATION_JSON)
+ @PreAuthorize(AuthConstants.HAS_WRITE_ASSETS_PRIVILEGE)
public Response delete(@PathParam("id") String assetId, @PathParam("rev") String rev) {
try {
getGenericStorage().delete(assetId, rev);
diff --git a/streampipes-rest/src/main/java/org/apache/streampipes/rest/security/AuthConstants.java b/streampipes-rest/src/main/java/org/apache/streampipes/rest/security/AuthConstants.java
index bd5cb2178..88406f257 100644
--- a/streampipes-rest/src/main/java/org/apache/streampipes/rest/security/AuthConstants.java
+++ b/streampipes-rest/src/main/java/org/apache/streampipes/rest/security/AuthConstants.java
@@ -57,6 +57,9 @@ public class AuthConstants {
public static final String HAS_READ_FILE_PRIVILEGE = BS + IS_ADMIN_ROLE + OR + HAS_ANY_AUTHORITY + PRIVILEGE_READ_FILES_VALUE + Q + BE2;
+ public static final String HAS_READ_ASSETS_PRIVILEGE = BS + IS_ADMIN_ROLE + OR + HAS_ANY_AUTHORITY + PRIVILEGE_READ_ASSETS_VALUE + Q + BE2;
+ public static final String HAS_WRITE_ASSETS_PRIVILEGE = BS + IS_ADMIN_ROLE + OR + HAS_ANY_AUTHORITY + PRIVILEGE_WRITE_ASSETS_VALUE + Q + BE2;
+
public static final String IS_AUTHENTICATED = "isAuthenticated()";
}
diff --git a/ui/deployment/modules.yml b/ui/deployment/modules.yml
index 8655b53f0..d643fb371 100644
--- a/ui/deployment/modules.yml
+++ b/ui/deployment/modules.yml
@@ -107,7 +107,7 @@ spAppOverview:
link: 'apps'
url: '/apps'
title: 'Apps'
- description: 'The app overview allows you to view and open additional StreamPipes plugins.'
+ description: 'The app overview lets you access additional plugins.'
icon: 'apps'
homeImage: '/assets/img/home/configuration.png'
admin: false
diff --git a/ui/src/app/_enums/user-role.enum.ts b/ui/src/app/_enums/user-role.enum.ts
index 488ee4e47..2239132cf 100644
--- a/ui/src/app/_enums/user-role.enum.ts
+++ b/ui/src/app/_enums/user-role.enum.ts
@@ -23,8 +23,10 @@ export enum UserRole {
ROLE_DASHBOARD_ADMIN = 'ROLE_DASHBOARD_ADMIN',
ROLE_DATA_EXPLORER_ADMIN = 'ROLE_DATA_EXPLORER_ADMIN',
ROLE_CONNECT_ADMIN = 'ROLE_CONNECT_ADMIN',
+ ROLE_ASSET_ADMIN = 'ROLE_ASSET_ADMIN',
ROLE_DASHBOARD_USER = 'ROLE_DASHBOARD_USER',
ROLE_DATA_EXPLORER_USER = 'ROLE_DATA_EXPLORER_USER',
ROLE_PIPELINE_USER = 'ROLE_PIPELINE_USER',
- ROLE_APP_USER = 'ROLE_APP_USER'
+ ROLE_APP_USER = 'ROLE_APP_USER',
+ ROLE_ASSET_USER = 'ROLE_ASSET_USER'
}
diff --git a/ui/src/app/home/home.component.html b/ui/src/app/home/home.component.html
index bfad3d359..1033ad917 100644
--- a/ui/src/app/home/home.component.html
+++ b/ui/src/app/home/home.component.html
@@ -25,7 +25,7 @@
</div>
<div fxLayout="column" fxFlex="100" class="home-margin">
<div fxFlex="100" fxLayoutAlign="start center">
- <status fxFlex="100"></status>
+ <status fxFlex="100" *ngIf="showStatus"></status>
</div>
<div fxFlex="100">
<div class="assemblyOptions sp-blue-bg mt-0 round-border" style="padding:5px;">
diff --git a/ui/src/app/home/home.component.ts b/ui/src/app/home/home.component.ts
index 12ef848b9..5cd56b7b9 100644
--- a/ui/src/app/home/home.component.ts
+++ b/ui/src/app/home/home.component.ts
@@ -22,6 +22,8 @@ import { HomeService } from './home.service';
import { Router } from '@angular/router';
import { AppConstants } from '../services/app.constants';
import { SpBreadcrumbService } from '@streampipes/shared-ui';
+import { AuthService } from '../services/auth.service';
+import { UserRole } from '../_enums/user-role.enum';
@Component({
templateUrl: './home.component.html',
@@ -30,8 +32,10 @@ import { SpBreadcrumbService } from '@streampipes/shared-ui';
export class HomeComponent implements OnInit {
serviceLinks = [];
+ showStatus = false;
constructor(private homeService: HomeService,
+ private authService: AuthService,
private sanitizer: DomSanitizer,
private router: Router,
public appConstants: AppConstants,
@@ -40,6 +44,10 @@ export class HomeComponent implements OnInit {
}
ngOnInit() {
+ this.authService.user$.subscribe(userInfo => {
+ const isAdmin = userInfo.roles.indexOf(UserRole.ROLE_ADMIN) > -1;
+ this.showStatus = isAdmin || userInfo.roles.indexOf(UserRole.ROLE_PIPELINE_ADMIN) > -1;
+ });
this.breadcrumbService.updateBreadcrumb([]);
}
diff --git a/ui/src/app/services/available-roles.service.ts b/ui/src/app/services/available-roles.service.ts
index a9aa7f9e6..64893d7e9 100644
--- a/ui/src/app/services/available-roles.service.ts
+++ b/ui/src/app/services/available-roles.service.ts
@@ -34,6 +34,8 @@ export class AvailableRolesService {
{role: UserRole.ROLE_CONNECT_ADMIN, roleTitle: 'Connect Admin', roleDescription: ''},
{role: UserRole.ROLE_PIPELINE_USER, roleTitle: 'Pipeline User', roleDescription: ''},
{role: UserRole.ROLE_PIPELINE_ADMIN, roleTitle: 'Pipeline Admin', roleDescription: ''},
+ {role: UserRole.ROLE_ASSET_USER, roleTitle: 'Asset User', roleDescription: ''},
+ {role: UserRole.ROLE_ASSET_ADMIN, roleTitle: 'Asset Admin', roleDescription: ''},
];