27
27
import java .util .function .Predicate ;
28
28
import java .util .stream .Collectors ;
29
29
import javax .annotation .Nullable ;
30
+ import lombok .Getter ;
30
31
import lombok .RequiredArgsConstructor ;
31
32
import lombok .extern .slf4j .Slf4j ;
32
33
import org .apache .commons .collections .CollectionUtils ;
@@ -54,7 +55,9 @@ public class AccessControlService {
54
55
private final RoleBasedAccessControlProperties properties ;
55
56
private final Environment environment ;
56
57
58
+ @ Getter
57
59
private boolean rbacEnabled = false ;
60
+ @ Getter
58
61
private Set <ProviderAuthorityExtractor > oauthExtractors = Collections .emptySet ();
59
62
60
63
@ PostConstruct
@@ -107,12 +110,14 @@ private boolean isAccessible(AuthenticatedUser user, AccessContext context) {
107
110
if (context .cluster () != null && !isClusterAccessible (context .cluster (), user )) {
108
111
return false ;
109
112
}
110
- return context .isAccessible (getUserPermissions (user ));
113
+ return context .isAccessible (getUserPermissions (user , context . cluster () ));
111
114
}
112
115
113
- private List <Permission > getUserPermissions (AuthenticatedUser user ) {
114
- return properties .getRoles ().stream ()
116
+ private List <Permission > getUserPermissions (AuthenticatedUser user , String clusterName ) {
117
+ return properties .getRoles ()
118
+ .stream ()
115
119
.filter (filterRole (user ))
120
+ .filter (role -> role .getClusters ().stream ().anyMatch (clusterName ::equalsIgnoreCase ))
116
121
.flatMap (role -> role .getPermissions ().stream ())
117
122
.toList ();
118
123
}
@@ -188,10 +193,6 @@ public Mono<Boolean> isConnectAccessible(String connectName, String clusterName)
188
193
);
189
194
}
190
195
191
- public Set <ProviderAuthorityExtractor > getOauthExtractors () {
192
- return oauthExtractors ;
193
- }
194
-
195
196
public List <Role > getRoles () {
196
197
if (!rbacEnabled ) {
197
198
return Collections .emptyList ();
@@ -203,7 +204,4 @@ private Predicate<Role> filterRole(AuthenticatedUser user) {
203
204
return role -> user .groups ().contains (role .getName ());
204
205
}
205
206
206
- public boolean isRbacEnabled () {
207
- return rbacEnabled ;
208
- }
209
207
}
0 commit comments