[inlong] branch master updated: [INLONG-8622][Manager] User API Permissions Optimization (#8623)

Tue, 01 Aug 2023 23:27:15 -0700 

This is an automated email from the ASF dual-hosted git repository.

dockerzhang pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/inlong.git


The following commit(s) were added to refs/heads/master by this push:
     new 6b50691690 [INLONG-8622][Manager] User API Permissions Optimization 
(#8623)
6b50691690 is described below

commit 6b50691690f315cb2b57255be9207621831b385a
Author: Hao <[email protected]>
AuthorDate: Wed Aug 2 14:27:07 2023 +0800

    [INLONG-8622][Manager] User API Permissions Optimization (#8623)
---
 .../org/apache/inlong/manager/web/controller/UserController.java     | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git 
a/inlong-manager/manager-web/src/main/java/org/apache/inlong/manager/web/controller/UserController.java
 
b/inlong-manager/manager-web/src/main/java/org/apache/inlong/manager/web/controller/UserController.java
index 8d5d39f60c..340f55c93b 100644
--- 
a/inlong-manager/manager-web/src/main/java/org/apache/inlong/manager/web/controller/UserController.java
+++ 
b/inlong-manager/manager-web/src/main/java/org/apache/inlong/manager/web/controller/UserController.java
@@ -27,6 +27,7 @@ import org.apache.inlong.manager.service.user.UserService;
 
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
+import org.apache.shiro.authz.annotation.Logical;
 import org.apache.shiro.authz.annotation.RequiresRoles;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.validation.annotation.Validated;
@@ -74,12 +75,14 @@ public class UserController {
 
     @GetMapping("/user/getByName/{name}")
     @ApiOperation(value = "Get user by name")
+    @RequiresRoles(logical = Logical.OR, value = {UserRoleCode.INLONG_ADMIN, 
UserRoleCode.INLONG_OPERATOR})
     public Response<UserInfo> getByName(@PathVariable String name) {
         return Response.success(userService.getByName(name));
     }
 
     @PostMapping("/user/listAll")
     @ApiOperation(value = "List all users")
+    @RequiresRoles(logical = Logical.OR, value = {UserRoleCode.INLONG_ADMIN, 
UserRoleCode.TENANT_ADMIN})
     public Response<PageResult<UserInfo>> list(@RequestBody UserRequest 
request) {
         return Response.success(userService.list(request));
     }
@@ -93,7 +96,7 @@ public class UserController {
 
     @DeleteMapping("/user/delete")
     @ApiOperation(value = "Delete user by id")
-    @RequiresRoles(value = UserRoleCode.TENANT_ADMIN)
+    @RequiresRoles(value = UserRoleCode.INLONG_ADMIN)
     public Response<Boolean> delete(@RequestParam("id") Integer id) {
         String currentUser = LoginUserUtils.getLoginUser().getName();
         return Response.success(userService.delete(id, currentUser));

Reply via email to