diff --git a/src/main/java/org/apache/rocketmq/dashboard/permisssion/PermissionAspect.java b/src/main/java/org/apache/rocketmq/dashboard/permisssion/PermissionAspect.java index e588b47..1f15ae9 100644 --- a/src/main/java/org/apache/rocketmq/dashboard/permisssion/PermissionAspect.java +++ b/src/main/java/org/apache/rocketmq/dashboard/permisssion/PermissionAspect.java @@ -19,6 +19,7 @@ package org.apache.rocketmq.dashboard.permisssion; import jakarta.annotation.Resource; import jakarta.servlet.http.HttpServletRequest; import org.apache.rocketmq.dashboard.config.RMQConfigure; +import org.apache.rocketmq.dashboard.exception.ServiceException; import org.apache.rocketmq.dashboard.model.UserInfo; import org.apache.rocketmq.dashboard.service.PermissionService; import org.apache.rocketmq.dashboard.util.WebUtil; @@ -55,13 +56,13 @@ public class PermissionAspect { HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest(); String url = request.getRequestURI(); UserInfo userInfo = (UserInfo) request.getSession().getAttribute(WebUtil.USER_INFO); -// if (userInfo == null || userInfo.getUser() == null) { -// throw new ServiceException(-1, "user not login"); -// } -// boolean checkResult = permissionService.checkUrlAvailable(userInfo, url); -// if (!checkResult) { -// throw new ServiceException(-1, "no permission"); -// } + if (userInfo == null || userInfo.getUser() == null) { + throw new ServiceException(-1, "user not login"); + } + boolean checkResult = permissionService.checkUrlAvailable(userInfo, url); + if (!checkResult) { + throw new ServiceException(-1, "no permission"); + } } return joinPoint.proceed(); } diff --git a/src/main/java/org/apache/rocketmq/dashboard/permisssion/UserRoleEnum.java b/src/main/java/org/apache/rocketmq/dashboard/permisssion/UserRoleEnum.java index f430a61..1a28f47 100644 --- a/src/main/java/org/apache/rocketmq/dashboard/permisssion/UserRoleEnum.java +++ b/src/main/java/org/apache/rocketmq/dashboard/permisssion/UserRoleEnum.java @@ -17,8 +17,8 @@ package org.apache.rocketmq.dashboard.permisssion; public enum UserRoleEnum { - ADMIN(1, "admin"), - ORDINARY(0, "ordinary"); + SUPER(1, "Super"), + NORMAL(2, "Normal"); private int roleType; private String roleName; diff --git a/src/main/java/org/apache/rocketmq/dashboard/service/impl/PermissionServiceImpl.java b/src/main/java/org/apache/rocketmq/dashboard/service/impl/PermissionServiceImpl.java index 2913391..fa56275 100644 --- a/src/main/java/org/apache/rocketmq/dashboard/service/impl/PermissionServiceImpl.java +++ b/src/main/java/org/apache/rocketmq/dashboard/service/impl/PermissionServiceImpl.java @@ -33,8 +33,9 @@ import java.util.List; import java.util.Map; import java.util.concurrent.ConcurrentHashMap; -import static org.apache.rocketmq.dashboard.permisssion.UserRoleEnum.ADMIN; -import static org.apache.rocketmq.dashboard.permisssion.UserRoleEnum.ORDINARY; +import static org.apache.rocketmq.dashboard.permisssion.UserRoleEnum.NORMAL; +import static org.apache.rocketmq.dashboard.permisssion.UserRoleEnum.SUPER; + @Service public class PermissionServiceImpl implements PermissionService, InitializingBean { @@ -55,10 +56,10 @@ public class PermissionServiceImpl implements PermissionService, InitializingBea public boolean checkUrlAvailable(UserInfo userInfo, String url) { int type = userInfo.getUser().getType(); // if it is admin, it could access all resources - if (type == ADMIN.getRoleType()) { + if (type == SUPER.getRoleType()) { return true; } - String loginUserRole = ORDINARY.getRoleName(); + String loginUserRole = NORMAL.getRoleName(); Map> rolePerms = PermissionFileStore.rolePerms; List perms = rolePerms.get(loginUserRole); for (String perm : perms) { diff --git a/src/main/resources/role-permission.yml b/src/main/resources/role-permission.yml index 9676b39..250652b 100644 --- a/src/main/resources/role-permission.yml +++ b/src/main/resources/role-permission.yml @@ -22,12 +22,13 @@ # **: Matches 0 or more characters. rolePerms: - ordinary: + Normal: - /rocketmq/*.query - /ops/*.query - /dashboard/*.query - /topic/*.query - /topic/sendTopicMessage.do + - /topic/list.queryTopicType - /producer/*.query - /message/*.query - /messageTrace/*.query