This is an automated email from the ASF dual-hosted git repository. riemer pushed a commit to branch update-default-roles-privileges in repository https://gitbox.apache.org/repos/asf/streampipes.git
commit d95cc923b3aa9ca2279b9422c520f9a635d9d15d Author: Dominik Riemer <[email protected]> AuthorDate: Mon Nov 24 19:50:10 2025 +0100 fix: Update default roles and privileges --- .../model/client/user/DefaultPrivilege.java | 14 ----- .../core/migrations/AvailableMigrations.java | 4 +- .../v099/RemoveObsoletePrivilegesMigration.java | 63 ++++++++++++++++++++++ .../management/authorization/PrivilegeManager.java | 46 ++++++++++------ .../user/management/authorization/RoleManager.java | 10 +--- ui/src/app/_enums/user-privilege.enum.ts | 6 --- 6 files changed, 99 insertions(+), 44 deletions(-) diff --git a/streampipes-model-client/src/main/java/org/apache/streampipes/model/client/user/DefaultPrivilege.java b/streampipes-model-client/src/main/java/org/apache/streampipes/model/client/user/DefaultPrivilege.java index 343de0befd..c445fb5240 100644 --- a/streampipes-model-client/src/main/java/org/apache/streampipes/model/client/user/DefaultPrivilege.java +++ b/streampipes-model-client/src/main/java/org/apache/streampipes/model/client/user/DefaultPrivilege.java @@ -37,18 +37,10 @@ public enum DefaultPrivilege { PRIVILEGE_READ_DASHBOARD(Constants.PRIVILEGE_READ_DASHBOARD_VALUE), PRIVILEGE_WRITE_DASHBOARD(Constants.PRIVILEGE_WRITE_DASHBOARD_VALUE), - // Dashboard widget - PRIVILEGE_READ_DASHBOARD_WIDGET(Constants.PRIVILEGE_READ_DASHBOARD_WIDGET_VALUE), - PRIVILEGE_WRITE_DASHBOARD_WIDGET(Constants.PRIVILEGE_WRITE_DASHBOARD_WIDGET_VALUE), - // Data Explorer view PRIVILEGE_READ_DATA_EXPLORER_VIEW(Constants.PRIVILEGE_READ_DATA_EXPLORER_VIEW_VALUE), PRIVILEGE_WRITE_DATA_EXPLORER_VIEW(Constants.PRIVILEGE_WRITE_DATA_EXPLORER_VIEW_VALUE), - // Data Explorer widget - PRIVILEGE_READ_DATA_EXPLORER_WIDGET(Constants.PRIVILEGE_READ_DATA_EXPLORER_WIDGET_VALUE), - PRIVILEGE_WRITE_DATA_EXPLORER_WIDGET(Constants.PRIVILEGE_WRITE_DATA_EXPLORER_WIDGET_VALUE), - // Apps PRIVILEGE_READ_APPS(Constants.PRIVILEGE_READ_APPS_VALUE), PRIVILEGE_WRITE_APPS(Constants.PRIVILEGE_WRITE_APPS_VALUE), @@ -88,15 +80,9 @@ public enum DefaultPrivilege { public static final String PRIVILEGE_READ_DASHBOARD_VALUE = "PRIVILEGE_READ_DASHBOARD"; public static final String PRIVILEGE_WRITE_DASHBOARD_VALUE = "PRIVILEGE_WRITE_DASHBOARD"; - public static final String PRIVILEGE_READ_DASHBOARD_WIDGET_VALUE = "PRIVILEGE_READ_DASHBOARD_WIDGET"; - public static final String PRIVILEGE_WRITE_DASHBOARD_WIDGET_VALUE = "PRIVILEGE_WRITE_DASHBOARD_WIDGET"; - public static final String PRIVILEGE_READ_DATA_EXPLORER_VIEW_VALUE = "PRIVILEGE_READ_DATA_EXPLORER_VIEW"; public static final String PRIVILEGE_WRITE_DATA_EXPLORER_VIEW_VALUE = "PRIVILEGE_WRITE_DATA_EXPLORER_VIEW"; - public static final String PRIVILEGE_READ_DATA_EXPLORER_WIDGET_VALUE = "PRIVILEGE_READ_DATA_EXPLORER_WIDGET"; - public static final String PRIVILEGE_WRITE_DATA_EXPLORER_WIDGET_VALUE = "PRIVILEGE_WRITE_DATA_EXPLORER_WIDGET"; - public static final String PRIVILEGE_READ_APPS_VALUE = "PRIVILEGE_READ_APPS"; public static final String PRIVILEGE_WRITE_APPS_VALUE = "PRIVILEGE_WRITE_APPS"; diff --git a/streampipes-service-core/src/main/java/org/apache/streampipes/service/core/migrations/AvailableMigrations.java b/streampipes-service-core/src/main/java/org/apache/streampipes/service/core/migrations/AvailableMigrations.java index f4bc52efaa..6c7e714913 100644 --- a/streampipes-service-core/src/main/java/org/apache/streampipes/service/core/migrations/AvailableMigrations.java +++ b/streampipes-service-core/src/main/java/org/apache/streampipes/service/core/migrations/AvailableMigrations.java @@ -34,6 +34,7 @@ import org.apache.streampipes.service.core.migrations.v0980.ModifyAssetLinksMigr import org.apache.streampipes.service.core.migrations.v099.AddAssetManagementViewMigration; import org.apache.streampipes.service.core.migrations.v099.CreateAssetPermissionMigration; import org.apache.streampipes.service.core.migrations.v099.MoveAssetContentMigration; +import org.apache.streampipes.service.core.migrations.v099.RemoveObsoletePrivilegesMigration; import org.apache.streampipes.service.core.migrations.v970.AddDataLakePipelineTemplateMigration; import org.apache.streampipes.service.core.migrations.v970.AddLinkSettingsMigration; import org.apache.streampipes.service.core.migrations.v970.AddRolesToUserDbMigration; @@ -68,7 +69,8 @@ public class AvailableMigrations { new FixImportedPermissionsMigration(), new AddAssetManagementViewMigration(), new MoveAssetContentMigration(), - new CreateAssetPermissionMigration() + new CreateAssetPermissionMigration(), + new RemoveObsoletePrivilegesMigration() ); } } diff --git a/streampipes-service-core/src/main/java/org/apache/streampipes/service/core/migrations/v099/RemoveObsoletePrivilegesMigration.java b/streampipes-service-core/src/main/java/org/apache/streampipes/service/core/migrations/v099/RemoveObsoletePrivilegesMigration.java new file mode 100644 index 0000000000..f40bfbac8d --- /dev/null +++ b/streampipes-service-core/src/main/java/org/apache/streampipes/service/core/migrations/v099/RemoveObsoletePrivilegesMigration.java @@ -0,0 +1,63 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +package org.apache.streampipes.service.core.migrations.v099; + +import org.apache.streampipes.model.client.user.Privilege; +import org.apache.streampipes.service.core.migrations.Migration; +import org.apache.streampipes.storage.api.CRUDStorage; +import org.apache.streampipes.storage.management.StorageDispatcher; + +import java.io.IOException; +import java.util.List; + +public class RemoveObsoletePrivilegesMigration implements Migration { + + public CRUDStorage<Privilege> privilegeStorage; + + private static final List<String> privilegesToRemove = List.of( + "PRIVILEGE_READ_DASHBOARD_WIDGET", + "PRIVILEGE_WRITE_DASHBOARD_WIDGET", + "PRIVILEGE_READ_DATA_EXPLORER_WIDGET", + "PRIVILEGE_WRITE_DATA_EXPLORER_WIDGET" + ); + + public RemoveObsoletePrivilegesMigration() { + this.privilegeStorage = StorageDispatcher.INSTANCE.getNoSqlStore().getPrivilegeStorage(); + } + + @Override + public boolean shouldExecute() { + return privilegeStorage.findAll().stream().anyMatch(p -> privilegesToRemove.contains(p.getElementId())); + } + + @Override + public void executeMigration() throws IOException { + privilegesToRemove.forEach(p -> { + var privilege = privilegeStorage.getElementById(p); + if (privilege != null) { + privilegeStorage.deleteElement(privilege); + } + }); + } + + @Override + public String getDescription() { + return "Remove obsolete dashboard and data explorer privileges"; + } +} diff --git a/streampipes-user-management/src/main/java/org/apache/streampipes/user/management/authorization/PrivilegeManager.java b/streampipes-user-management/src/main/java/org/apache/streampipes/user/management/authorization/PrivilegeManager.java index 9d86db2903..dd850d5de4 100644 --- a/streampipes-user-management/src/main/java/org/apache/streampipes/user/management/authorization/PrivilegeManager.java +++ b/streampipes-user-management/src/main/java/org/apache/streampipes/user/management/authorization/PrivilegeManager.java @@ -27,31 +27,47 @@ public class PrivilegeManager { public List<Privilege> makeDefaultPrivileges() { return List.of( - Privilege.create(DefaultPrivilege.Constants.PRIVILEGE_READ_PIPELINE_ELEMENT_VALUE), - Privilege.create(DefaultPrivilege.Constants.PRIVILEGE_WRITE_PIPELINE_ELEMENT_VALUE), + Privilege.create(DefaultPrivilege.Constants.PRIVILEGE_READ_ADAPTER_VALUE), + Privilege.create(DefaultPrivilege.Constants.PRIVILEGE_READ_ASSETS_VALUE), Privilege.create(DefaultPrivilege.Constants.PRIVILEGE_READ_DASHBOARD_VALUE), + Privilege.create(DefaultPrivilege.Constants.PRIVILEGE_READ_DATA_EXPLORER_VIEW_VALUE), + Privilege.create(DefaultPrivilege.Constants.PRIVILEGE_READ_FILES_VALUE), + Privilege.create(DefaultPrivilege.Constants.PRIVILEGE_READ_GENERIC_STORAGE_VALUE), + Privilege.create(DefaultPrivilege.Constants.PRIVILEGE_READ_NOTIFICATIONS_VALUE), + Privilege.create(DefaultPrivilege.Constants.PRIVILEGE_READ_PIPELINE_VALUE), + Privilege.create(DefaultPrivilege.Constants.PRIVILEGE_READ_PIPELINE_ELEMENT_VALUE), + + Privilege.create(DefaultPrivilege.Constants.PRIVILEGE_WRITE_ADAPTER_VALUE), + Privilege.create(DefaultPrivilege.Constants.PRIVILEGE_WRITE_ASSETS_VALUE), Privilege.create(DefaultPrivilege.Constants.PRIVILEGE_WRITE_DASHBOARD_VALUE), + Privilege.create(DefaultPrivilege.Constants.PRIVILEGE_WRITE_DATA_EXPLORER_VIEW_VALUE), + Privilege.create(DefaultPrivilege.Constants.PRIVILEGE_WRITE_FILES_VALUE), + Privilege.create(DefaultPrivilege.Constants.PRIVILEGE_WRITE_GENERIC_STORAGE_VALUE), + Privilege.create(DefaultPrivilege.Constants.PRIVILEGE_WRITE_PIPELINE_VALUE), + Privilege.create(DefaultPrivilege.Constants.PRIVILEGE_WRITE_PIPELINE_ELEMENT_VALUE) + + + + + + + + + + + + + + + - Privilege.create(DefaultPrivilege.Constants.PRIVILEGE_READ_DASHBOARD_WIDGET_VALUE), - Privilege.create(DefaultPrivilege.Constants.PRIVILEGE_WRITE_DASHBOARD_WIDGET_VALUE), - Privilege.create(DefaultPrivilege.Constants.PRIVILEGE_READ_DATA_EXPLORER_VIEW_VALUE), - Privilege.create(DefaultPrivilege.Constants.PRIVILEGE_WRITE_DATA_EXPLORER_VIEW_VALUE), - Privilege.create(DefaultPrivilege.Constants.PRIVILEGE_READ_DATA_EXPLORER_WIDGET_VALUE), - Privilege.create(DefaultPrivilege.Constants.PRIVILEGE_WRITE_DATA_EXPLORER_WIDGET_VALUE), - Privilege.create(DefaultPrivilege.Constants.PRIVILEGE_READ_NOTIFICATIONS_VALUE), - Privilege.create(DefaultPrivilege.Constants.PRIVILEGE_READ_FILES_VALUE), - Privilege.create(DefaultPrivilege.Constants.PRIVILEGE_WRITE_FILES_VALUE), - Privilege.create(DefaultPrivilege.Constants.PRIVILEGE_READ_ASSETS_VALUE), - Privilege.create(DefaultPrivilege.Constants.PRIVILEGE_WRITE_ASSETS_VALUE), - Privilege.create(DefaultPrivilege.Constants.PRIVILEGE_READ_GENERIC_STORAGE_VALUE), - Privilege.create(DefaultPrivilege.Constants.PRIVILEGE_WRITE_GENERIC_STORAGE_VALUE) ); } } diff --git a/streampipes-user-management/src/main/java/org/apache/streampipes/user/management/authorization/RoleManager.java b/streampipes-user-management/src/main/java/org/apache/streampipes/user/management/authorization/RoleManager.java index fb7d6aa34a..d5aa5ebcf1 100644 --- a/streampipes-user-management/src/main/java/org/apache/streampipes/user/management/authorization/RoleManager.java +++ b/streampipes-user-management/src/main/java/org/apache/streampipes/user/management/authorization/RoleManager.java @@ -43,13 +43,12 @@ public class RoleManager { Role.createDefaultRole(DefaultRole.Constants.ROLE_DASHBOARD_ADMIN_VALUE, "Dashboard Admin", List.of( DefaultPrivilege.Constants.PRIVILEGE_READ_DASHBOARD_VALUE, DefaultPrivilege.Constants.PRIVILEGE_WRITE_DASHBOARD_VALUE, - DefaultPrivilege.Constants.PRIVILEGE_READ_PIPELINE_VALUE, + DefaultPrivilege.Constants.PRIVILEGE_READ_DATA_EXPLORER_VIEW_VALUE, DefaultPrivilege.Constants.PRIVILEGE_READ_GENERIC_STORAGE_VALUE )), Role.createDefaultRole(DefaultRole.Constants.ROLE_DASHBOARD_USER_VALUE, "Dashboard User", List.of( DefaultPrivilege.Constants.PRIVILEGE_READ_DASHBOARD_VALUE, - DefaultPrivilege.Constants.PRIVILEGE_READ_DASHBOARD_WIDGET_VALUE, - DefaultPrivilege.Constants.PRIVILEGE_READ_PIPELINE_VALUE, + DefaultPrivilege.Constants.PRIVILEGE_READ_DATA_EXPLORER_VIEW_VALUE, DefaultPrivilege.Constants.PRIVILEGE_READ_GENERIC_STORAGE_VALUE )), Role.createDefaultRole(DefaultRole.Constants.ROLE_PIPELINE_ADMIN_VALUE, "Pipeline Admin", List.of( @@ -82,16 +81,11 @@ public class RoleManager { )), Role.createDefaultRole(DefaultRole.Constants.ROLE_DATA_EXPLORER_ADMIN_VALUE, "Data Explorer Admin", List.of( DefaultPrivilege.Constants.PRIVILEGE_READ_DATA_EXPLORER_VIEW_VALUE, - DefaultPrivilege.Constants.PRIVILEGE_READ_DATA_EXPLORER_WIDGET_VALUE, DefaultPrivilege.Constants.PRIVILEGE_WRITE_DATA_EXPLORER_VIEW_VALUE, - DefaultPrivilege.Constants.PRIVILEGE_WRITE_DATA_EXPLORER_WIDGET_VALUE, - DefaultPrivilege.Constants.PRIVILEGE_READ_PIPELINE_VALUE, DefaultPrivilege.Constants.PRIVILEGE_READ_GENERIC_STORAGE_VALUE )), Role.createDefaultRole(DefaultRole.Constants.ROLE_DATA_EXPLORER_USER_VALUE, "Data Explorer User", List.of( DefaultPrivilege.Constants.PRIVILEGE_READ_DATA_EXPLORER_VIEW_VALUE, - DefaultPrivilege.Constants.PRIVILEGE_READ_DATA_EXPLORER_WIDGET_VALUE, - DefaultPrivilege.Constants.PRIVILEGE_READ_PIPELINE_VALUE, DefaultPrivilege.Constants.PRIVILEGE_READ_GENERIC_STORAGE_VALUE )), Role.createDefaultRole(DefaultRole.Constants.ROLE_CONNECT_ADMIN_VALUE, "Connect Admin", List.of( diff --git a/ui/src/app/_enums/user-privilege.enum.ts b/ui/src/app/_enums/user-privilege.enum.ts index 499a954bed..acde97b208 100644 --- a/ui/src/app/_enums/user-privilege.enum.ts +++ b/ui/src/app/_enums/user-privilege.enum.ts @@ -32,12 +32,6 @@ export enum UserPrivilege { PRIVILEGE_READ_DATA_EXPLORER_VIEW = 'PRIVILEGE_READ_DATA_EXPLORER_VIEW', PRIVILEGE_WRITE_DATA_EXPLORER_VIEW = 'PRIVILEGE_WRITE_DATA_EXPLORER_VIEW', - PRIVILEGE_READ_DATA_EXPLORER_WIDGET = 'PRIVILEGE_READ_DATA_EXPLORER_WIDGET', - PRIVILEGE_WRITE_DATA_EXPLORER_WIDGET = 'PRIVILEGE_WRITE_DATA_EXPLORER_WIDGET', - - PRIVILEGE_READ_DASHBOARD_WIDGET = 'PRIVILEGE_READ_DASHBOARD_WIDGET', - PRIVILEGE_WRITE_DASHBOARD_WIDGET = 'PRIVILEGE_WRITE_DASHBOARD_WIDGET', - PRIVILEGE_READ_APPS = 'PRIVILEGE_READ_APPS', PRIVILEGE_WRITE_APPS = 'PRIVILEGE_WRITE_APPS',
