This is an automated email from the ASF dual-hosted git repository. ofuks pushed a commit to branch bucket-browser-gcp in repository https://gitbox.apache.org/repos/asf/incubator-dlab.git
commit e84ca635019c375a6ac3089658edcfee72045d18 Author: Oleh Fuks <olegfuk...@gmail.com> AuthorDate: Tue Apr 28 12:35:54 2020 +0300 Added permissions for bucket browser --- .../dlab/backendapi/resources/BucketResource.java | 5 +++ .../dlab/backendapi/resources/dto/UserRoleDto.java | 1 + .../src/main/resources/mongo/aws/mongo_roles.json | 48 ++++++++++++++++++++++ .../main/resources/mongo/azure/mongo_roles.json | 48 ++++++++++++++++++++++ .../src/main/resources/mongo/gcp/mongo_roles.json | 48 ++++++++++++++++++++++ 5 files changed, 150 insertions(+) diff --git a/services/self-service/src/main/java/com/epam/dlab/backendapi/resources/BucketResource.java b/services/self-service/src/main/java/com/epam/dlab/backendapi/resources/BucketResource.java index a98daa2..7198e35 100644 --- a/services/self-service/src/main/java/com/epam/dlab/backendapi/resources/BucketResource.java +++ b/services/self-service/src/main/java/com/epam/dlab/backendapi/resources/BucketResource.java @@ -27,6 +27,7 @@ import lombok.extern.slf4j.Slf4j; import org.glassfish.jersey.media.multipart.FormDataContentDisposition; import org.glassfish.jersey.media.multipart.FormDataParam; +import javax.annotation.security.RolesAllowed; import javax.ws.rs.Consumes; import javax.ws.rs.DELETE; import javax.ws.rs.GET; @@ -54,6 +55,7 @@ public class BucketResource { @Path("/{bucket}/endpoint/{endpoint}") @Consumes(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON) + @RolesAllowed("/api/bucket/view") public Response getListOfObjects(@Auth UserInfo userInfo, @PathParam("bucket") String bucket, @PathParam("endpoint") String endpoint) { @@ -64,6 +66,7 @@ public class BucketResource { @Path("/upload") @Consumes(MediaType.MULTIPART_FORM_DATA) @Produces(MediaType.APPLICATION_JSON) + @RolesAllowed("/api/bucket/upload") public Response uploadObject(@Auth UserInfo userInfo, @FormDataParam("object") String object, @FormDataParam("bucket") String bucket, @@ -78,6 +81,7 @@ public class BucketResource { @Path("/{bucket}/object/{object}/endpoint/{endpoint}/download") @Consumes(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_OCTET_STREAM) + @RolesAllowed("/api/bucket/download") public Response downloadObject(@Auth UserInfo userInfo, @PathParam("bucket") String bucket, @PathParam("object") String object, @@ -91,6 +95,7 @@ public class BucketResource { @Path("/{bucket}/object/{object}/endpoint/{endpoint}") @Consumes(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON) + @RolesAllowed("/api/bucket/delete") public Response deleteObject(@Auth UserInfo userInfo, @PathParam("bucket") String bucket, @PathParam("object") String object, diff --git a/services/self-service/src/main/java/com/epam/dlab/backendapi/resources/dto/UserRoleDto.java b/services/self-service/src/main/java/com/epam/dlab/backendapi/resources/dto/UserRoleDto.java index 5c90602..84551af 100644 --- a/services/self-service/src/main/java/com/epam/dlab/backendapi/resources/dto/UserRoleDto.java +++ b/services/self-service/src/main/java/com/epam/dlab/backendapi/resources/dto/UserRoleDto.java @@ -50,6 +50,7 @@ public class UserRoleDto { NOTEBOOK_SHAPE, COMPUTATIONAL_SHAPE, BILLING, + BUCKET_BROWSER, ADMINISTRATION } } diff --git a/services/self-service/src/main/resources/mongo/aws/mongo_roles.json b/services/self-service/src/main/resources/mongo/aws/mongo_roles.json index 9998d84..076dc75 100644 --- a/services/self-service/src/main/resources/mongo/aws/mongo_roles.json +++ b/services/self-service/src/main/resources/mongo/aws/mongo_roles.json @@ -324,6 +324,54 @@ ] }, { + "_id": "bucketBrowserView", + "description": "Allow to view objects within the bucket", + "type": "BUCKET_BROWSER", + "cloud": "GCP", + "pages": [ + "/api/bucket/view" + ], + "groups": [ + "$anyuser" + ] + }, + { + "_id": "bucketBrowserUpload", + "description": "Allow to upload object to the bucket", + "type": "BUCKET_BROWSER", + "cloud": "GCP", + "pages": [ + "/api/bucket/upload" + ], + "groups": [ + "$anyuser" + ] + }, + { + "_id": "bucketBrowserDownload", + "description": "Allow to download object from the bucket", + "type": "BUCKET_BROWSER", + "cloud": "GCP", + "pages": [ + "/api/bucket/download" + ], + "groups": [ + "$anyuser" + ] + }, + { + "_id": "bucketBrowserDelete", + "description": "Allow to delete object from the bucket", + "type": "BUCKET_BROWSER", + "cloud": "GCP", + "pages": [ + "/api/bucket/delete" + ], + "groups": [ + "$anyuser" + ] + }, + { "_id": "admin", "description": "Allow to execute administration operation", "type": "ADMINISTRATION", diff --git a/services/self-service/src/main/resources/mongo/azure/mongo_roles.json b/services/self-service/src/main/resources/mongo/azure/mongo_roles.json index 113a705..886b635 100644 --- a/services/self-service/src/main/resources/mongo/azure/mongo_roles.json +++ b/services/self-service/src/main/resources/mongo/azure/mongo_roles.json @@ -264,6 +264,54 @@ ] }, { + "_id": "bucketBrowserView", + "description": "Allow to view objects within the bucket", + "type": "BUCKET_BROWSER", + "cloud": "GCP", + "pages": [ + "/api/bucket/view" + ], + "groups": [ + "$anyuser" + ] + }, + { + "_id": "bucketBrowserUpload", + "description": "Allow to upload object to the bucket", + "type": "BUCKET_BROWSER", + "cloud": "GCP", + "pages": [ + "/api/bucket/upload" + ], + "groups": [ + "$anyuser" + ] + }, + { + "_id": "bucketBrowserDownload", + "description": "Allow to download object from the bucket", + "type": "BUCKET_BROWSER", + "cloud": "GCP", + "pages": [ + "/api/bucket/download" + ], + "groups": [ + "$anyuser" + ] + }, + { + "_id": "bucketBrowserDelete", + "description": "Allow to delete object from the bucket", + "type": "BUCKET_BROWSER", + "cloud": "GCP", + "pages": [ + "/api/bucket/delete" + ], + "groups": [ + "$anyuser" + ] + }, + { "_id": "admin", "description": "Allow to execute administration operation", "type": "ADMINISTRATION", diff --git a/services/self-service/src/main/resources/mongo/gcp/mongo_roles.json b/services/self-service/src/main/resources/mongo/gcp/mongo_roles.json index 8098628..1dc61ae 100644 --- a/services/self-service/src/main/resources/mongo/gcp/mongo_roles.json +++ b/services/self-service/src/main/resources/mongo/gcp/mongo_roles.json @@ -300,6 +300,54 @@ ] }, { + "_id": "bucketBrowserView", + "description": "Allow to view objects within the bucket", + "type": "BUCKET_BROWSER", + "cloud": "GCP", + "pages": [ + "/api/bucket/view" + ], + "groups": [ + "$anyuser" + ] + }, + { + "_id": "bucketBrowserUpload", + "description": "Allow to upload object to the bucket", + "type": "BUCKET_BROWSER", + "cloud": "GCP", + "pages": [ + "/api/bucket/upload" + ], + "groups": [ + "$anyuser" + ] + }, + { + "_id": "bucketBrowserDownload", + "description": "Allow to download object from the bucket", + "type": "BUCKET_BROWSER", + "cloud": "GCP", + "pages": [ + "/api/bucket/download" + ], + "groups": [ + "$anyuser" + ] + }, + { + "_id": "bucketBrowserDelete", + "description": "Allow to delete object from the bucket", + "type": "BUCKET_BROWSER", + "cloud": "GCP", + "pages": [ + "/api/bucket/delete" + ], + "groups": [ + "$anyuser" + ] + }, + { "_id": "admin", "description": "Allow to execute administration operation", "type": "ADMINISTRATION", --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@dlab.apache.org For additional commands, e-mail: commits-h...@dlab.apache.org