From eda6b316dc4a3cc5e722654bd9d3e9951756c8de Mon Sep 17 00:00:00 2001 From: Jorden_Reuter Date: Fri, 27 Sep 2024 08:50:22 +0200 Subject: [PATCH] feat: added permissions to openapi and helm --- .../pages/onecx-shell-bff-docs.adoc | 11 ++++ .../pages/onecx-shell-bff-extensions.adoc | 54 +++++++++---------- .../pages/onecx-shell-bff.adoc | 24 +++++---- src/main/helm/values.yaml | 11 ++++ src/main/openapi/openapi-bff.yaml | 20 +++++++ 5 files changed, 82 insertions(+), 38 deletions(-) diff --git a/docs/modules/onecx-shell-bff/pages/onecx-shell-bff-docs.adoc b/docs/modules/onecx-shell-bff/pages/onecx-shell-bff-docs.adoc index b98f986..44a6fff 100644 --- a/docs/modules/onecx-shell-bff/pages/onecx-shell-bff-docs.adoc +++ b/docs/modules/onecx-shell-bff/pages/onecx-shell-bff-docs.adoc @@ -88,6 +88,17 @@ app: image: repository: "onecx/onecx-shell-bff" operator: + # Permission + permission: + enabled: true + spec: + permissions: + workspaceConfig: + read: permission on all GET requests and POST search + userProfile: + read: permission on all GET requests and POST search + permission: + read: permission on all GET requests and POST search keycloak: client: enabled: true diff --git a/docs/modules/onecx-shell-bff/pages/onecx-shell-bff-extensions.adoc b/docs/modules/onecx-shell-bff/pages/onecx-shell-bff-extensions.adoc index abdc4d5..d552ed4 100644 --- a/docs/modules/onecx-shell-bff/pages/onecx-shell-bff-extensions.adoc +++ b/docs/modules/onecx-shell-bff/pages/onecx-shell-bff-extensions.adoc @@ -12,25 +12,25 @@ h| Version | https://quarkus.io/guides/rest[Link] | https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-rest.adoc[Link] -| 3.13.2 +| 3.14.4 | quarkus-smallrye-openapi | https://quarkus.io/guides/openapi-swaggerui[Link] | https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-smallrye-openapi.adoc[Link] -| 3.13.2 +| 3.14.4 | quarkus-rest-jackson | https://quarkus.io/guides/rest-json[Link] | -| 3.13.2 +| 3.14.4 | quarkus-smallrye-health | https://quarkus.io/guides/smallrye-health[Link] | https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-smallrye-health.adoc[Link] -| 3.13.2 +| 3.14.4 | quarkus-openapi-generator @@ -42,98 +42,98 @@ h| Version | https://quarkus.io/guides/rest-client[Link] | -| 3.13.2 +| 3.14.4 | tkit-quarkus-log-cdi | https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-log-cdi.html[Link] -| https://github.com/1000kit/tkit-quarkus/blob/2.31.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-log-cdi.adoc[Link] -| 2.31.0 +| https://github.com/1000kit/tkit-quarkus/blob/2.32.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-log-cdi.adoc[Link] +| 2.32.0 | tkit-quarkus-log-rs | https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-log-rs.html[Link] -| https://github.com/1000kit/tkit-quarkus/blob/2.31.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-log-rs.adoc[Link] -| 2.31.0 +| https://github.com/1000kit/tkit-quarkus/blob/2.32.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-log-rs.adoc[Link] +| 2.32.0 | tkit-quarkus-log-json | https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-log-json.html[Link] -| https://github.com/1000kit/tkit-quarkus/blob/2.31.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-log-json.adoc[Link] -| 2.31.0 +| https://github.com/1000kit/tkit-quarkus/blob/2.32.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-log-json.adoc[Link] +| 2.32.0 | tkit-quarkus-rest | https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-rest.html[Link] -| https://github.com/1000kit/tkit-quarkus/blob/2.31.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-rest.adoc[Link] -| 2.31.0 +| https://github.com/1000kit/tkit-quarkus/blob/2.32.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-rest.adoc[Link] +| 2.32.0 | tkit-quarkus-rest-context | https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-rest-context.html[Link] -| https://github.com/1000kit/tkit-quarkus/blob/2.31.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-rest-context.adoc[Link] -| 2.31.0 +| https://github.com/1000kit/tkit-quarkus/blob/2.32.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-rest-context.adoc[Link] +| 2.32.0 | tkit-quarkus-security | https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-security.html[Link] -| https://github.com/1000kit/tkit-quarkus/blob/2.31.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-security.adoc[Link] -| 2.31.0 +| https://github.com/1000kit/tkit-quarkus/blob/2.32.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-security.adoc[Link] +| 2.32.0 | quarkus-hibernate-validator | https://quarkus.io/guides/validation[Link] | https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-hibernate-validator.adoc[Link] -| 3.13.2 +| 3.14.4 | onecx-permissions | https://onecx.github.io/docs/onecx-quarkus/current/onecx-quarkus/onecx-permissions.html[Link] -| https://github.com/onecx/onecx-quarkus/blob/0.26.0/docs/modules/onecx-quarkus/pages/includes/onecx-permissions.adoc[Link] -| 0.26.0 +| https://github.com/onecx/onecx-quarkus/blob/0.30.0/docs/modules/onecx-quarkus/pages/includes/onecx-permissions.adoc[Link] +| 0.30.0 | quarkus-oidc | https://quarkus.io/guides/security-oidc-bearer-token-authentication-tutorial[Link] | https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-oidc.adoc[Link] -| 3.13.2 +| 3.14.4 | onecx-core | https://onecx.github.io/docs/onecx-quarkus/current/onecx-quarkus/onecx-core.html[Link] | -| 0.26.0 +| 0.30.0 | quarkus-micrometer-registry-prometheus | https://quarkus.io/guides/telemetry-micrometer[Link] | https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-micrometer-registry-prometheus.adoc[Link] -| 3.13.2 +| 3.14.4 | quarkus-opentelemetry | https://quarkus.io/guides/opentelemetry[Link] | https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-opentelemetry.adoc[Link] -| 3.13.2 +| 3.14.4 | quarkus-arc | https://quarkus.io/guides/cdi-reference[Link] | https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-arc.adoc[Link] -| 3.13.2 +| 3.14.4 | quarkus-container-image-docker | https://quarkus.io/guides/container-image[Link] | https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-container-image-docker.adoc[Link] -| 3.13.2 +| 3.14.4 | quarkus-rest-client-oidc-filter | | -| 3.13.2 +| 3.14.4 |=== \ No newline at end of file diff --git a/docs/modules/onecx-shell-bff/pages/onecx-shell-bff.adoc b/docs/modules/onecx-shell-bff/pages/onecx-shell-bff.adoc index 0f4d2b2..823ad55 100644 --- a/docs/modules/onecx-shell-bff/pages/onecx-shell-bff.adoc +++ b/docs/modules/onecx-shell-bff/pages/onecx-shell-bff.adoc @@ -1,46 +1,48 @@ - :summaryTableId: onecx-shell-bff [.configuration-legend] icon:lock[title=Fixed at build time] Configuration property fixed at build time - All other configuration properties are overridable at runtime [.configuration-reference.searchable, cols="80,.^10,.^10"] |=== -h|[[onecx-shell-bff_configuration]]link:#onecx-shell-bff_configuration[Configuration property] - +h|[.header-title]##Configuration property## h|Type h|Default -a| [[onecx-shell-bff_onecx-shell-permissions-cache-enabled]]`link:#onecx-shell-bff_onecx-shell-permissions-cache-enabled[onecx.shell.permissions.cache-enabled]` - +a| [[onecx-shell-bff_onecx-shell-permissions-cache-enabled]] [.property-path]##`onecx.shell.permissions.cache-enabled`## [.description] -- Enable or disable caching + ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++ONECX_SHELL_PERMISSIONS_CACHE_ENABLED+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] Environment variable: `+++ONECX_SHELL_PERMISSIONS_CACHE_ENABLED+++` endif::add-copy-button-to-env-var[] ---|boolean +-- +|boolean |`true` - -a| [[onecx-shell-bff_onecx-shell-permissions-key-separator]]`link:#onecx-shell-bff_onecx-shell-permissions-key-separator[onecx.shell.permissions.key-separator]` - +a| [[onecx-shell-bff_onecx-shell-permissions-key-separator]] [.property-path]##`onecx.shell.permissions.key-separator`## [.description] -- select default key separator + ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++ONECX_SHELL_PERMISSIONS_KEY_SEPARATOR+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] Environment variable: `+++ONECX_SHELL_PERMISSIONS_KEY_SEPARATOR+++` endif::add-copy-button-to-env-var[] ---|string +-- +|string |`#` -|=== \ No newline at end of file +|=== + + +:!summaryTableId: \ No newline at end of file diff --git a/src/main/helm/values.yaml b/src/main/helm/values.yaml index 5fec5db..bd68919 100644 --- a/src/main/helm/values.yaml +++ b/src/main/helm/values.yaml @@ -3,6 +3,17 @@ app: image: repository: "onecx/onecx-shell-bff" operator: + # Permission + permission: + enabled: true + spec: + permissions: + workspaceConfig: + read: permission on all GET requests and POST search + userProfile: + read: permission on all GET requests and POST search + permission: + read: permission on all GET requests and POST search keycloak: client: enabled: true diff --git a/src/main/openapi/openapi-bff.yaml b/src/main/openapi/openapi-bff.yaml index 70e49ed..cb23893 100644 --- a/src/main/openapi/openapi-bff.yaml +++ b/src/main/openapi/openapi-bff.yaml @@ -14,6 +14,10 @@ servers: paths: /workspaceConfig: post: + x-onecx: + permissions: + workspaceConfig: + - read tags: - "WorkspaceConfig" description: Load all data needed by startup of OneCX UI (components, routes, slots, theme, workspace) @@ -41,6 +45,10 @@ paths: description: 'Not Found' /workspaceConfig/themes/{name}/favicon: get: + x-onecx: + permissions: + workspaceConfig: + - read tags: - "WorkspaceConfig" description: Load favicon by theme name @@ -66,6 +74,10 @@ paths: /workspaceConfig/themes/{name}/logo: get: + x-onecx: + permissions: + workspaceConfig: + - read tags: - "WorkspaceConfig" description: Load logo by theme name @@ -91,6 +103,10 @@ paths: /userProfile: get: + x-onecx: + permissions: + userProfile: + - read tags: - userProfile operationId: getUserProfile @@ -112,6 +128,10 @@ paths: /permissions: post: + x-onecx: + permissions: + permission: + - read tags: - permission operationId: getPermissions