jiulinxiri/rocketmq-dashboard
1
0
Fork 0
mirror of https://github.com/apache/rocketmq-dashboard.git synced 2025-09-10 03:29:59 +08:00
Code Issues Packages Projects Releases Wiki Activity

[ISSUE #321] Fix interface permission verification

Browse Source
This commit is contained in:
Crazylychee
2025-06-24 15:21:25 +08:00
committed by GitHub
parent bfd0e26737
commit b43c7abe52
4 changed files with 17 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
src/main/java/org/apache/rocketmq/dashboard/permisssion/PermissionAspect.java
View File

@@ -19,6 +19,7 @@ package org.apache.rocketmq.dashboard.permisssion;
import jakarta.annotation.Resource;
import jakarta.servlet.http.HttpServletRequest;
import org.apache.rocketmq.dashboard.config.RMQConfigure;
import org.apache.rocketmq.dashboard.exception.ServiceException;
import org.apache.rocketmq.dashboard.model.UserInfo;
import org.apache.rocketmq.dashboard.service.PermissionService;
import org.apache.rocketmq.dashboard.util.WebUtil;
@@ -55,13 +56,13 @@ public class PermissionAspect {
HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
String url = request.getRequestURI();
UserInfo userInfo = (UserInfo) request.getSession().getAttribute(WebUtil.USER_INFO);
// if (userInfo == null || userInfo.getUser() == null) {
// throw new ServiceException(-1, "user not login");
// }
// boolean checkResult = permissionService.checkUrlAvailable(userInfo, url);
// if (!checkResult) {
// throw new ServiceException(-1, "no permission");
// }
if (userInfo == null || userInfo.getUser() == null) {
throw new ServiceException(-1, "user not login");
}
boolean checkResult = permissionService.checkUrlAvailable(userInfo, url);
if (!checkResult) {
throw new ServiceException(-1, "no permission");
}
}
return joinPoint.proceed();
}

4
src/main/java/org/apache/rocketmq/dashboard/permisssion/UserRoleEnum.java
View File

@@ -17,8 +17,8 @@
package org.apache.rocketmq.dashboard.permisssion;
public enum UserRoleEnum {
ADMIN(1, "admin"),
ORDINARY(0, "ordinary");
SUPER(1, "Super"),
NORMAL(2, "Normal");
private int roleType;
private String roleName;

9
src/main/java/org/apache/rocketmq/dashboard/service/impl/PermissionServiceImpl.java
View File

@@ -33,8 +33,9 @@ import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import static org.apache.rocketmq.dashboard.permisssion.UserRoleEnum.ADMIN;
import static org.apache.rocketmq.dashboard.permisssion.UserRoleEnum.ORDINARY;
import static org.apache.rocketmq.dashboard.permisssion.UserRoleEnum.NORMAL;
import static org.apache.rocketmq.dashboard.permisssion.UserRoleEnum.SUPER;
@Service
public class PermissionServiceImpl implements PermissionService, InitializingBean {
@@ -55,10 +56,10 @@ public class PermissionServiceImpl implements PermissionService, InitializingBea
public boolean checkUrlAvailable(UserInfo userInfo, String url) {
int type = userInfo.getUser().getType();
// if it is admin, it could access all resources
if (type == ADMIN.getRoleType()) {
if (type == SUPER.getRoleType()) {
return true;
}
String loginUserRole = ORDINARY.getRoleName();
String loginUserRole = NORMAL.getRoleName();
Map<String, List<String>> rolePerms = PermissionFileStore.rolePerms;
List<String> perms = rolePerms.get(loginUserRole);
for (String perm : perms) {

3
src/main/resources/role-permission.yml
View File

@@ -22,12 +22,13 @@
# **: Matches 0 or more characters.
rolePerms:
ordinary:
Normal:
- /rocketmq/*.query
- /ops/*.query
- /dashboard/*.query
- /topic/*.query
- /topic/sendTopicMessage.do
- /topic/list.queryTopicType
- /producer/*.query
- /message/*.query
- /messageTrace/*.query