You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@dlab.apache.org by of...@apache.org on 2020/04/28 12:53:56 UTC
[incubator-dlab] 04/06: Added permissions for bucket browser
This is an automated email from the ASF dual-hosted git repository.
ofuks pushed a commit to branch bucket-browser-gcp
in repository https://gitbox.apache.org/repos/asf/incubator-dlab.git
commit e84ca635019c375a6ac3089658edcfee72045d18
Author: Oleh Fuks <ol...@gmail.com>
AuthorDate: Tue Apr 28 12:35:54 2020 +0300
Added permissions for bucket browser
---
.../dlab/backendapi/resources/BucketResource.java | 5 +++
.../dlab/backendapi/resources/dto/UserRoleDto.java | 1 +
.../src/main/resources/mongo/aws/mongo_roles.json | 48 ++++++++++++++++++++++
.../main/resources/mongo/azure/mongo_roles.json | 48 ++++++++++++++++++++++
.../src/main/resources/mongo/gcp/mongo_roles.json | 48 ++++++++++++++++++++++
5 files changed, 150 insertions(+)
diff --git a/services/self-service/src/main/java/com/epam/dlab/backendapi/resources/BucketResource.java b/services/self-service/src/main/java/com/epam/dlab/backendapi/resources/BucketResource.java
index a98daa2..7198e35 100644
--- a/services/self-service/src/main/java/com/epam/dlab/backendapi/resources/BucketResource.java
+++ b/services/self-service/src/main/java/com/epam/dlab/backendapi/resources/BucketResource.java
@@ -27,6 +27,7 @@ import lombok.extern.slf4j.Slf4j;
import org.glassfish.jersey.media.multipart.FormDataContentDisposition;
import org.glassfish.jersey.media.multipart.FormDataParam;
+import javax.annotation.security.RolesAllowed;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
@@ -54,6 +55,7 @@ public class BucketResource {
@Path("/{bucket}/endpoint/{endpoint}")
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
+ @RolesAllowed("/api/bucket/view")
public Response getListOfObjects(@Auth UserInfo userInfo,
@PathParam("bucket") String bucket,
@PathParam("endpoint") String endpoint) {
@@ -64,6 +66,7 @@ public class BucketResource {
@Path("/upload")
@Consumes(MediaType.MULTIPART_FORM_DATA)
@Produces(MediaType.APPLICATION_JSON)
+ @RolesAllowed("/api/bucket/upload")
public Response uploadObject(@Auth UserInfo userInfo,
@FormDataParam("object") String object,
@FormDataParam("bucket") String bucket,
@@ -78,6 +81,7 @@ public class BucketResource {
@Path("/{bucket}/object/{object}/endpoint/{endpoint}/download")
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_OCTET_STREAM)
+ @RolesAllowed("/api/bucket/download")
public Response downloadObject(@Auth UserInfo userInfo,
@PathParam("bucket") String bucket,
@PathParam("object") String object,
@@ -91,6 +95,7 @@ public class BucketResource {
@Path("/{bucket}/object/{object}/endpoint/{endpoint}")
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
+ @RolesAllowed("/api/bucket/delete")
public Response deleteObject(@Auth UserInfo userInfo,
@PathParam("bucket") String bucket,
@PathParam("object") String object,
diff --git a/services/self-service/src/main/java/com/epam/dlab/backendapi/resources/dto/UserRoleDto.java b/services/self-service/src/main/java/com/epam/dlab/backendapi/resources/dto/UserRoleDto.java
index 5c90602..84551af 100644
--- a/services/self-service/src/main/java/com/epam/dlab/backendapi/resources/dto/UserRoleDto.java
+++ b/services/self-service/src/main/java/com/epam/dlab/backendapi/resources/dto/UserRoleDto.java
@@ -50,6 +50,7 @@ public class UserRoleDto {
NOTEBOOK_SHAPE,
COMPUTATIONAL_SHAPE,
BILLING,
+ BUCKET_BROWSER,
ADMINISTRATION
}
}
diff --git a/services/self-service/src/main/resources/mongo/aws/mongo_roles.json b/services/self-service/src/main/resources/mongo/aws/mongo_roles.json
index 9998d84..076dc75 100644
--- a/services/self-service/src/main/resources/mongo/aws/mongo_roles.json
+++ b/services/self-service/src/main/resources/mongo/aws/mongo_roles.json
@@ -324,6 +324,54 @@
]
},
{
+ "_id": "bucketBrowserView",
+ "description": "Allow to view objects within the bucket",
+ "type": "BUCKET_BROWSER",
+ "cloud": "GCP",
+ "pages": [
+ "/api/bucket/view"
+ ],
+ "groups": [
+ "$anyuser"
+ ]
+ },
+ {
+ "_id": "bucketBrowserUpload",
+ "description": "Allow to upload object to the bucket",
+ "type": "BUCKET_BROWSER",
+ "cloud": "GCP",
+ "pages": [
+ "/api/bucket/upload"
+ ],
+ "groups": [
+ "$anyuser"
+ ]
+ },
+ {
+ "_id": "bucketBrowserDownload",
+ "description": "Allow to download object from the bucket",
+ "type": "BUCKET_BROWSER",
+ "cloud": "GCP",
+ "pages": [
+ "/api/bucket/download"
+ ],
+ "groups": [
+ "$anyuser"
+ ]
+ },
+ {
+ "_id": "bucketBrowserDelete",
+ "description": "Allow to delete object from the bucket",
+ "type": "BUCKET_BROWSER",
+ "cloud": "GCP",
+ "pages": [
+ "/api/bucket/delete"
+ ],
+ "groups": [
+ "$anyuser"
+ ]
+ },
+ {
"_id": "admin",
"description": "Allow to execute administration operation",
"type": "ADMINISTRATION",
diff --git a/services/self-service/src/main/resources/mongo/azure/mongo_roles.json b/services/self-service/src/main/resources/mongo/azure/mongo_roles.json
index 113a705..886b635 100644
--- a/services/self-service/src/main/resources/mongo/azure/mongo_roles.json
+++ b/services/self-service/src/main/resources/mongo/azure/mongo_roles.json
@@ -264,6 +264,54 @@
]
},
{
+ "_id": "bucketBrowserView",
+ "description": "Allow to view objects within the bucket",
+ "type": "BUCKET_BROWSER",
+ "cloud": "GCP",
+ "pages": [
+ "/api/bucket/view"
+ ],
+ "groups": [
+ "$anyuser"
+ ]
+ },
+ {
+ "_id": "bucketBrowserUpload",
+ "description": "Allow to upload object to the bucket",
+ "type": "BUCKET_BROWSER",
+ "cloud": "GCP",
+ "pages": [
+ "/api/bucket/upload"
+ ],
+ "groups": [
+ "$anyuser"
+ ]
+ },
+ {
+ "_id": "bucketBrowserDownload",
+ "description": "Allow to download object from the bucket",
+ "type": "BUCKET_BROWSER",
+ "cloud": "GCP",
+ "pages": [
+ "/api/bucket/download"
+ ],
+ "groups": [
+ "$anyuser"
+ ]
+ },
+ {
+ "_id": "bucketBrowserDelete",
+ "description": "Allow to delete object from the bucket",
+ "type": "BUCKET_BROWSER",
+ "cloud": "GCP",
+ "pages": [
+ "/api/bucket/delete"
+ ],
+ "groups": [
+ "$anyuser"
+ ]
+ },
+ {
"_id": "admin",
"description": "Allow to execute administration operation",
"type": "ADMINISTRATION",
diff --git a/services/self-service/src/main/resources/mongo/gcp/mongo_roles.json b/services/self-service/src/main/resources/mongo/gcp/mongo_roles.json
index 8098628..1dc61ae 100644
--- a/services/self-service/src/main/resources/mongo/gcp/mongo_roles.json
+++ b/services/self-service/src/main/resources/mongo/gcp/mongo_roles.json
@@ -300,6 +300,54 @@
]
},
{
+ "_id": "bucketBrowserView",
+ "description": "Allow to view objects within the bucket",
+ "type": "BUCKET_BROWSER",
+ "cloud": "GCP",
+ "pages": [
+ "/api/bucket/view"
+ ],
+ "groups": [
+ "$anyuser"
+ ]
+ },
+ {
+ "_id": "bucketBrowserUpload",
+ "description": "Allow to upload object to the bucket",
+ "type": "BUCKET_BROWSER",
+ "cloud": "GCP",
+ "pages": [
+ "/api/bucket/upload"
+ ],
+ "groups": [
+ "$anyuser"
+ ]
+ },
+ {
+ "_id": "bucketBrowserDownload",
+ "description": "Allow to download object from the bucket",
+ "type": "BUCKET_BROWSER",
+ "cloud": "GCP",
+ "pages": [
+ "/api/bucket/download"
+ ],
+ "groups": [
+ "$anyuser"
+ ]
+ },
+ {
+ "_id": "bucketBrowserDelete",
+ "description": "Allow to delete object from the bucket",
+ "type": "BUCKET_BROWSER",
+ "cloud": "GCP",
+ "pages": [
+ "/api/bucket/delete"
+ ],
+ "groups": [
+ "$anyuser"
+ ]
+ },
+ {
"_id": "admin",
"description": "Allow to execute administration operation",
"type": "ADMINISTRATION",
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@dlab.apache.org
For additional commands, e-mail: commits-help@dlab.apache.org