Add promotion persmission #2182
Conversation
Signed-off-by: muralibasani <[email protected]>
| @@ -47,6 +49,8 @@ public class DefaultDataService { | |||
| @Value("${klaw.clusterapi.url:http://localhost:9343}") | |||
| private String clusterApiUrl; | |||
|
|
|||
| private boolean extraPermissionForTopicsPromotion; | |||
There was a problem hiding this comment.
This doesnt look like it is used.
|
|
||
| KwProperties kwProperties38 = | ||
| new KwProperties( | ||
| KLAW_EXTRA_PERMISSION_TOPIC_PROMOTION_KEY, |
There was a problem hiding this comment.
I would probably call this KLAW_OPTIONAL_PERMISSION_TOPIC_PROMOTION_KEY
| KLAW_EXTRA_PERMISSION_TOPIC_PROMOTION_KEY, | ||
| tenantId, | ||
| "false", | ||
| "Need of an extra permission APPROVE_TOPICS_PROMOTION to promote topics"); |
There was a problem hiding this comment.
"Optional permission APPROVE_TOPICS_PROMOTION to allow users to promote topics but not create topics"
| @@ -708,6 +709,16 @@ public ApiResponse approveTopicRequests(String topicId) throws KlawException { | |||
| int tenantId = commonUtilsService.getTenantId(userName); | |||
| TopicRequest topicRequest = getTopicRequestFromTopicId(Integer.parseInt(topicId), tenantId); | |||
|
|
|||
| String needOfExtraPermissionForPromote = | |||
There was a problem hiding this comment.
maybe "isOptionalExtraPermissionForPromote" as it is a boolean?
| @@ -708,6 +709,16 @@ public ApiResponse approveTopicRequests(String topicId) throws KlawException { | |||
| int tenantId = commonUtilsService.getTenantId(userName); | |||
| TopicRequest topicRequest = getTopicRequestFromTopicId(Integer.parseInt(topicId), tenantId); | |||
|
|
|||
| String needOfExtraPermissionForPromote = | |||
| manageDatabase.getKwPropertyValue(KLAW_EXTRA_PERMISSION_TOPIC_PROMOTION_KEY, tenantId); | |||
| if (topicRequest.getRequestOperationType().equals(RequestOperationType.PROMOTE.value) | |||
There was a problem hiding this comment.
This means that if a user also has the CreateTopic Permission they will also require the optional promote permission.
Should it be in the check that they have either the Create or Promote version?
This is just a question though on the UX I don't mind which way its implemented as long as we are happy.
There was a problem hiding this comment.
Valid question. Approve_topics permission is always required. But if they set this server config property to true, then approve_topics_promotion check is validated
| allUserInfo.stream().map(UserInfo::getTenantId).collect(Collectors.toSet()); | ||
|
|
||
| for (int tenantId : tenantIds) { | ||
| List<KwProperties> kwPropertiesList = selectDataJdbc.selectAllKwPropertiesPerTenant(tenantId); |
There was a problem hiding this comment.
Sorry just realised it's probably worth putting a check in here to only update it if it does not already exist?
Signed-off-by: muralibasani <[email protected]>
Signed-off-by: muralibasani <[email protected]>
Signed-off-by: muralibasani <[email protected]>
Signed-off-by: muralibasani <[email protected]>
Signed-off-by: muralibasani <[email protected]>
Signed-off-by: muralibasani <[email protected]>
| public boolean migrate() { | ||
| log.info( | ||
| "Start to migrate 2.8.0 data. Add new server property klaw.extra.permission.topic.promote."); | ||
|
|
There was a problem hiding this comment.
minor correction klaw.extra.permission.topic.promote. ->klaw.extra.permission.topic.create
| KLAW_OPTIONAL_PERMISSION_NEW_TOPIC_CREATION_KEY, | ||
| tenantId, | ||
| "false", | ||
| "Need of an extra permission " + APPROVE_TOPICS_CREATE + " to create new topics"); |
There was a problem hiding this comment.
| "Need of an extra permission " + APPROVE_TOPICS_CREATE + " to create new topics"); | |
| "Enforce extra permission " + APPROVE_TOPICS_CREATE + " to create new topics"); |
Signed-off-by: muralibasani <[email protected]>
…promote-permission
Signed-off-by: muralibasani <[email protected]>
Signed-off-by: muralibasani <[email protected]>
Signed-off-by: muralibasani <[email protected]>
Signed-off-by: muralibasani <[email protected]>
Linked issue
Resolves: #2121
What kind of change does this PR introduce?
New permission when topics are promoted
a config is added if new permission is required to promote topics
a new permission is added and this should be manually assigned to role by users
on topic promotion, apart from APPROVE_TOPICS, a check is added to look for permission APPROVE_TOPICS_PROMOTION if server config for extra permission is set to true. by default it is false.
Bug fix
New feature
[ X] Refactor
Docs update
CI update
What is the current behavior?
Describe the state of the application before this PR. Illustrations appreciated (videos, gifs, screenshots).
there is no extra permission to promote topics
What is the new behavior?
Describe the state of the application after this PR. Illustrations appreciated (videos, gifs, screenshots).
a new permission is added to check if the user has promote topics permission
Other information
Additional changes, explanations of the approach taken, unresolved issues, necessary follow ups, etc.
Requirements (all must be checked before review)
mainbranch have been pulledpnpm linthas been run successfully