Skip to content

Commit 02877a4

Browse files
authored
RBAC: Fix permissions getting available from other clusters (#330)
1 parent 284c033 commit 02877a4

File tree

2 files changed

+21
-13
lines changed

2 files changed

+21
-13
lines changed

api/src/main/java/io/kafbat/ui/service/rbac/AccessControlService.java

Lines changed: 8 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -27,6 +27,7 @@
2727
import java.util.function.Predicate;
2828
import java.util.stream.Collectors;
2929
import javax.annotation.Nullable;
30+
import lombok.Getter;
3031
import lombok.RequiredArgsConstructor;
3132
import lombok.extern.slf4j.Slf4j;
3233
import org.apache.commons.collections.CollectionUtils;
@@ -54,7 +55,9 @@ public class AccessControlService {
5455
private final RoleBasedAccessControlProperties properties;
5556
private final Environment environment;
5657

58+
@Getter
5759
private boolean rbacEnabled = false;
60+
@Getter
5861
private Set<ProviderAuthorityExtractor> oauthExtractors = Collections.emptySet();
5962

6063
@PostConstruct
@@ -107,12 +110,14 @@ private boolean isAccessible(AuthenticatedUser user, AccessContext context) {
107110
if (context.cluster() != null && !isClusterAccessible(context.cluster(), user)) {
108111
return false;
109112
}
110-
return context.isAccessible(getUserPermissions(user));
113+
return context.isAccessible(getUserPermissions(user, context.cluster()));
111114
}
112115

113-
private List<Permission> getUserPermissions(AuthenticatedUser user) {
114-
return properties.getRoles().stream()
116+
private List<Permission> getUserPermissions(AuthenticatedUser user, String clusterName) {
117+
return properties.getRoles()
118+
.stream()
115119
.filter(filterRole(user))
120+
.filter(role -> role.getClusters().stream().anyMatch(clusterName::equalsIgnoreCase))
116121
.flatMap(role -> role.getPermissions().stream())
117122
.toList();
118123
}
@@ -188,10 +193,6 @@ public Mono<Boolean> isConnectAccessible(String connectName, String clusterName)
188193
);
189194
}
190195

191-
public Set<ProviderAuthorityExtractor> getOauthExtractors() {
192-
return oauthExtractors;
193-
}
194-
195196
public List<Role> getRoles() {
196197
if (!rbacEnabled) {
197198
return Collections.emptyList();
@@ -203,7 +204,4 @@ private Predicate<Role> filterRole(AuthenticatedUser user) {
203204
return role -> user.groups().contains(role.getName());
204205
}
205206

206-
public boolean isRbacEnabled() {
207-
return rbacEnabled;
208-
}
209207
}

frontend/src/components/ACLPage/List/List.tsx

Lines changed: 13 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -7,17 +7,19 @@ import useAppParams from 'lib/hooks/useAppParams';
77
import { useAcls, useDeleteAcl } from 'lib/hooks/api/acl';
88
import { ClusterName } from 'lib/interfaces/cluster';
99
import {
10+
Action,
1011
KafkaAcl,
1112
KafkaAclNamePatternType,
1213
KafkaAclPermissionEnum,
14+
ResourceType,
1315
} from 'generated-sources';
1416
import useBoolean from 'lib/hooks/useBoolean';
15-
import { Button } from 'components/common/Button/Button';
1617
import ACLForm from 'components/ACLPage/Form/Form';
1718
import DeleteIcon from 'components/common/Icons/DeleteIcon';
1819
import { useTheme } from 'styled-components';
1920
import ACLFormContext from 'components/ACLPage/Form/AclFormContext';
2021
import PlusIcon from 'components/common/Icons/PlusIcon';
22+
import ActionButton from 'components/common/ActionComponent/ActionButton/ActionButton';
2123

2224
import * as S from './List.styled';
2325

@@ -148,9 +150,17 @@ const ACList: React.FC = () => {
148150
return (
149151
<S.Container>
150152
<PageHeading text="Access Control List">
151-
<Button buttonType="primary" buttonSize="M" onClick={openFrom}>
153+
<ActionButton
154+
buttonType="primary"
155+
buttonSize="M"
156+
onClick={openFrom}
157+
permission={{
158+
resource: ResourceType.ACL,
159+
action: Action.EDIT,
160+
}}
161+
>
152162
<PlusIcon /> Create ACL
153-
</Button>
163+
</ActionButton>
154164
</PageHeading>
155165
<Table
156166
columns={columns}

0 commit comments

Comments
 (0)