alibaba#1105 Access control finish 83%

config/src/main/java/com/alibaba/nacos/config/server/auth/RoleInfo.java

@@ -0,0 +1,30 @@
+package com.alibaba.nacos.config.server.auth;
+
+/**
+ * Role Info
+ *
+ * @author nkorange
+ * @since 1.2.0
+ */
+public class RoleInfo {
+
+ private String role;
+
+ private String username;
+
+ public String getRole() {
+ return role;
+ }
+
+ public void setRole(String role) {
+ this.role = role;
+ }
+
+ public String getUsername() {
+ return username;
+ }
+
+ public void setUsername(String username) {
+ this.username = username;
+ }
+}

config/src/main/java/com/alibaba/nacos/config/server/auth/RolePersistService.java

@@ -41,20 +41,20 @@
 public class RolePersistService extends PersistService {
 
 
- public Page<String> getRoles(int pageNo, int pageSize) {
+ public Page<RoleInfo> getRoles(int pageNo, int pageSize) {
 
- PaginationHelper<String> helper = new PaginationHelper<>();
+ PaginationHelper<RoleInfo> helper = new PaginationHelper<>();
 
  String sqlCountRows = "select count(*) from (select distinct role from roles) roles where ";
  String sqlFetchRows
- = "select distinct role from roles where ";
+ = "select role,username from roles where ";
 
  String where = " 1=1 ";
 
  try {
- Page<String> pageInfo = helper.fetchPage(jt, sqlCountRows
+ Page<RoleInfo> pageInfo = helper.fetchPage(jt, sqlCountRows
  + where, sqlFetchRows + where, new ArrayList<String>().toArray(), pageNo,
- pageSize, STRING_ROW_MAPPER);
+ pageSize, ROLE_INFO_ROW_MAPPER);
  if (pageInfo == null) {
  pageInfo = new Page<>();
  pageInfo.setTotalCount(0);
@@ -67,13 +67,13 @@ public Page<String> getRoles(int pageNo, int pageSize) {
  }
  }
 
- public Page<String> getRolesByUserName(String username, int pageNo, int pageSize) {
+ public Page<RoleInfo> getRolesByUserName(String username, int pageNo, int pageSize) {
 
- PaginationHelper<String> helper = new PaginationHelper<>();
+ PaginationHelper<RoleInfo> helper = new PaginationHelper<>();
 
  String sqlCountRows = "select count(*) from roles where ";
  String sqlFetchRows
- = "select role from roles where ";
+ = "select role,username from roles where ";
 
  String where = " username='" + username + "' ";
 
@@ -84,7 +84,7 @@ public Page<String> getRolesByUserName(String username, int pageNo, int pageSize
  try {
  return helper.fetchPage(jt, sqlCountRows
  + where, sqlFetchRows + where, new ArrayList<String>().toArray(), pageNo,
- pageSize, STRING_ROW_MAPPER);
+ pageSize, ROLE_INFO_ROW_MAPPER);
  } catch (CannotGetJdbcConnectionException e) {
  fatalLog.error("[db-error] " + e.toString(), e);
  throw e;
@@ -123,14 +123,17 @@ public void deleteRole(String role, String username) {
  }
  }
 
- private static final class StringRowMapper implements
- RowMapper<String> {
+ private static final class RoleInfoRowMapper implements
+ RowMapper<RoleInfo> {
  @Override
- public String mapRow(ResultSet rs, int rowNum)
+ public RoleInfo mapRow(ResultSet rs, int rowNum)
  throws SQLException {
- return rs.getString("role");
+ RoleInfo roleInfo = new RoleInfo();
+ roleInfo.setRole(rs.getString("role"));
+ roleInfo.setUsername(rs.getString("username"));
+ return roleInfo;
  }
  }
 
- private static final StringRowMapper STRING_ROW_MAPPER = new StringRowMapper();
+ private static final RoleInfoRowMapper ROLE_INFO_ROW_MAPPER = new RoleInfoRowMapper();
 }

console/src/main/java/com/alibaba/nacos/console/controller/UserController.java

@@ -102,26 +102,20 @@ public Object deleteUser(@RequestParam String username) {
  * Update an user
  *
  * @param username username of user
- * @param oldPassword original password of user
  * @param newPassword new password of user
  * @return ok if update succeed
  * @throws IllegalArgumentException if user not exist or oldPassword is incorrect
  * @since 1.2.0
  */
  @PutMapping
  @Secured(resource = NacosAuthConfig.CONSOLE_RESOURCE_NAME_PREFIX + "users", action = ActionTypes.WRITE)
- public Object updateUser(@RequestParam String username, @RequestParam String oldPassword,
- @RequestParam String newPassword) {
+ public Object updateUser(@RequestParam String username, @RequestParam String newPassword) {
 
  User user = userDetailsService.getUser(username);
  if (user == null) {
  throw new IllegalArgumentException("user " + username + " not exist!");
  }
 
- if (!PasswordEncoderUtil.matches(oldPassword, user.getPassword())) {
- throw new IllegalArgumentException("old password incorrect!");
- }
-
  userDetailsService.updateUserPassword(username, PasswordEncoderUtil.encode(newPassword));
 
  return new RestResult<>(200, "update user ok!");

console/src/main/java/com/alibaba/nacos/console/security/nacos/roles/NacosRoleServiceImpl.java

@@ -18,6 +18,7 @@
 
 import com.alibaba.nacos.config.server.auth.PermissionInfo;
 import com.alibaba.nacos.config.server.auth.PermissionPersistService;
+import com.alibaba.nacos.config.server.auth.RoleInfo;
 import com.alibaba.nacos.config.server.auth.RolePersistService;
 import com.alibaba.nacos.config.server.model.Page;
 import com.alibaba.nacos.console.security.nacos.NacosAuthConfig;
@@ -67,15 +68,17 @@ public class NacosRoleServiceImpl {
  */
  public boolean hasPermission(String username, Permission permission) {
 
- Page<String> stringPage = getRoles(username, 1, Integer.MAX_VALUE);
+ Page<RoleInfo> stringPage = getRoles(username, 1, Integer.MAX_VALUE);
  if (stringPage == null || Collections.isEmpty(stringPage.getPageItems())) {
  return false;
  }
- List<String> roles = stringPage.getPageItems();
+ List<RoleInfo> roles = stringPage.getPageItems();
 
  // Global admin pass:
- if (roles.contains(GLOBAL_ADMIN_ROLE)) {
- return true;
+ for (RoleInfo roleInfo : roles) {
+ if (GLOBAL_ADMIN_ROLE.equals(roleInfo.getRole())) {
+ return true;
+ }
  }
 
  // Old global admin can pass resource 'console/':
@@ -84,8 +87,8 @@ public boolean hasPermission(String username, Permission permission) {
  }
 
  // For other roles, use a pattern match to decide if pass or not.
- for (String role : roles) {
- Page<PermissionInfo> pageResult = getPermissionsByRole(role, 1, Integer.MAX_VALUE);
+ for (RoleInfo roleInfo : roles) {
+ Page<PermissionInfo> pageResult = getPermissionsByRole(roleInfo.getRole(), 1, Integer.MAX_VALUE);
  if (pageResult == null || pageResult.getPageItems() == null) {
  continue;
  }
@@ -101,8 +104,8 @@ public boolean hasPermission(String username, Permission permission) {
  return false;
  }
 
- public Page<String> getRoles(String userName, int pageNo, int pageSize) {
- Page<String> roles = rolePersistService.getRolesByUserName(userName, pageNo, pageSize);
+ public Page<RoleInfo> getRoles(String userName, int pageNo, int pageSize) {
+ Page<RoleInfo> roles = rolePersistService.getRolesByUserName(userName, pageNo, pageSize);
  return roles;
  }