[ISSUE #5]Add permission control when loginRequired is true. (#6)

* [ISSUE #5]Add permission control when loginRequired is true.

* optimize the code

* Wildcard characters are supported

* add Apache License headers

Co-authored-by: zhangjidi2016 <zhangjidi@cmss.chinamobile.com>

docs/1_0_0/UserGuide_CN.md

@@ -91,7 +91,7 @@ server.port=8443
 ## 登录访问Dashboard
 在访问Dashboard时支持按用户名和密码登录控制台，在操作完成后登出。需要做如下的设置:
 
-* 1.在Spring配置文件resources/application.properties中修改 开启登录功能
+* 1.在Spring配置文件resources/application.properties中修改rocketmq.config.loginRequired=true开启登录功能
 ```$xslt
 # 开启登录功能
 rocketmq.config.loginRequired=true
@@ -112,4 +112,41 @@ admin=admin,1
 user1=user1
 user2=user2
 ```
-* 3. 启动控制台则开启了登录功能
+* 3.启动控制台则开启了登录功能
+
+## 权限检验
+如果用户访问console时开启了登录功能，会按照登录的角色对访问的接口进行权限控制。
+* 1.在Spring配置文件resources/application.properties中修改rocketmq.config.loginRequired=true开启登录功能
+```$xslt
+# 开启登录功能
+rocketmq.config.loginRequired=true
+
+# Dashboard文件目录，登录用户配置文件所在目录
+rocketmq.config.dataPath=/tmp/rocketmq-console/data   
+```
+* 2.确保${rocketmq.config.dataPath}定义的目录存在，并且该目录下创建访问权限配置文件"role-permission.yml", 
+如果该目录下不存在此文件，则默认使用resources/role-permission.yml文件。该文件保存了普通用户角色所有能访问的接口地址。
+role-permission.yml文件格式为:
+```$xslt
+# 该文件支持热修改，即添加和修改用户时，不需要重新启动console
+# 格式，如果增加和删除接口权限，直接在列表中增加和删除接口地址即可。
+# 接口路径配置支持通配符
+# * 表示匹配0或多个不是/的字符
+# ** 表示匹配0或多个任意字符
+# ? 表示匹配1个任意字符
+
+rolePerms:
+  # 普通用户
+  ordinary:
+    - /rocketmq/nsaddr
+    - /ops/*
+    - /dashboard/**
+    - /topic/*.query
+    - /topic/sendTopicMessage.do
+    - /producer/*.query
+    - /message/*
+    - /messageTrace/*
+    - /monitor/*
+    ....
+```
+* 3.前端页面显示上，为了更好区分普通用户和admin用户权限，关于资源的删除、更新等操作按钮不对普通用户角色显示，如果要执行资源相关操作，需要退出使用admin角色登录。

docs/1_0_0/UserGuide_EN.md

@@ -115,4 +115,44 @@ admin=admin,1
 user1=user1
 user2=user2
 ```
-* 3. Restart Dashboard Application after above configuration setting well.  
+* 3.Restart Console Application after above configuration setting well.  
+
+
+## Permission Control
+If the login function is enabled when a user accesses the Console, the user controls the access permission of the interface based on the login role.
+
+* 1.Turn on the property in resources/application.properties.
+```$xslt
+# open the login func
+rocketmq.config.loginRequired=true
+
+# Directory of ashboard & login user configure file 
+rocketmq.config.dataPath=/tmp/rocketmq-console/data
+```
+* 2.Make sure the directory defined in property ${rocketmq.config.dataPath} exists and the permission control file "role-permission.yml" is created under it. 
+The console system will use the resources/role-permission.yml by default if a customized file is not found。
+
+The format in the content of role-permission.yml:
+```$xslt
+# This file supports hot change, any change will be auto-reloaded without Console restarting.
+# Format: To add or delete interface permissions, add or delete interface addresses from the list.
+# the interface paths can be configured with wildcard characters.
+# ?: Matches 1 characters.
+# *: Matches 0 or more characters that are not /.
+# **: Matches 0 or more characters.
+
+rolePerms:
+  # ordinary user
+  ordinary:
+    - /rocketmq/nsaddr
+    - /ops/*
+    - /dashboard/**
+    - /topic/*.query
+    - /topic/sendTopicMessage.do
+    - /producer/*.query
+    - /message/*
+    - /messageTrace/*
+    - /monitor/*
+    ....
+```
+* 3.On the front page, operation buttons such as deleting and updating resources are not displayed for common users in order to better distinguish the rights of common users and admin users. If need to operate related resources, log out and use the admin role to log in