This is an automated email from the ASF dual-hosted git repository.
jinrongtong pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/rocketmq-dashboard.git
The following commit(s) were added to refs/heads/master by this push:
new b43c7ab [ISSUE #321] Fix interface permission verification
b43c7ab is described below
commit b43c7abe521dc0df3a8dd717b33e2afbf0efb208
Author: Crazylychee <[email protected]>
AuthorDate: Tue Jun 24 15:21:25 2025 +0800
[ISSUE #321] Fix interface permission verification
---
.../rocketmq/dashboard/permisssion/PermissionAspect.java | 15 ++++++++-------
.../rocketmq/dashboard/permisssion/UserRoleEnum.java | 4 ++--
.../dashboard/service/impl/PermissionServiceImpl.java | 9 +++++----
src/main/resources/role-permission.yml | 3 ++-
4 files changed, 17 insertions(+), 14 deletions(-)
diff --git
a/src/main/java/org/apache/rocketmq/dashboard/permisssion/PermissionAspect.java
b/src/main/java/org/apache/rocketmq/dashboard/permisssion/PermissionAspect.java
index e588b47..1f15ae9 100644
---
a/src/main/java/org/apache/rocketmq/dashboard/permisssion/PermissionAspect.java
+++
b/src/main/java/org/apache/rocketmq/dashboard/permisssion/PermissionAspect.java
@@ -19,6 +19,7 @@ package org.apache.rocketmq.dashboard.permisssion;
import jakarta.annotation.Resource;
import jakarta.servlet.http.HttpServletRequest;
import org.apache.rocketmq.dashboard.config.RMQConfigure;
+import org.apache.rocketmq.dashboard.exception.ServiceException;
import org.apache.rocketmq.dashboard.model.UserInfo;
import org.apache.rocketmq.dashboard.service.PermissionService;
import org.apache.rocketmq.dashboard.util.WebUtil;
@@ -55,13 +56,13 @@ public class PermissionAspect {
HttpServletRequest request = ((ServletRequestAttributes)
RequestContextHolder.getRequestAttributes()).getRequest();
String url = request.getRequestURI();
UserInfo userInfo = (UserInfo)
request.getSession().getAttribute(WebUtil.USER_INFO);
-// if (userInfo == null || userInfo.getUser() == null) {
-// throw new ServiceException(-1, "user not login");
-// }
-// boolean checkResult =
permissionService.checkUrlAvailable(userInfo, url);
-// if (!checkResult) {
-// throw new ServiceException(-1, "no permission");
-// }
+ if (userInfo == null || userInfo.getUser() == null) {
+ throw new ServiceException(-1, "user not login");
+ }
+ boolean checkResult =
permissionService.checkUrlAvailable(userInfo, url);
+ if (!checkResult) {
+ throw new ServiceException(-1, "no permission");
+ }
}
return joinPoint.proceed();
}
diff --git
a/src/main/java/org/apache/rocketmq/dashboard/permisssion/UserRoleEnum.java
b/src/main/java/org/apache/rocketmq/dashboard/permisssion/UserRoleEnum.java
index f430a61..1a28f47 100644
--- a/src/main/java/org/apache/rocketmq/dashboard/permisssion/UserRoleEnum.java
+++ b/src/main/java/org/apache/rocketmq/dashboard/permisssion/UserRoleEnum.java
@@ -17,8 +17,8 @@
package org.apache.rocketmq.dashboard.permisssion;
public enum UserRoleEnum {
- ADMIN(1, "admin"),
- ORDINARY(0, "ordinary");
+ SUPER(1, "Super"),
+ NORMAL(2, "Normal");
private int roleType;
private String roleName;
diff --git
a/src/main/java/org/apache/rocketmq/dashboard/service/impl/PermissionServiceImpl.java
b/src/main/java/org/apache/rocketmq/dashboard/service/impl/PermissionServiceImpl.java
index 2913391..fa56275 100644
---
a/src/main/java/org/apache/rocketmq/dashboard/service/impl/PermissionServiceImpl.java
+++
b/src/main/java/org/apache/rocketmq/dashboard/service/impl/PermissionServiceImpl.java
@@ -33,8 +33,9 @@ import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
-import static org.apache.rocketmq.dashboard.permisssion.UserRoleEnum.ADMIN;
-import static org.apache.rocketmq.dashboard.permisssion.UserRoleEnum.ORDINARY;
+import static org.apache.rocketmq.dashboard.permisssion.UserRoleEnum.NORMAL;
+import static org.apache.rocketmq.dashboard.permisssion.UserRoleEnum.SUPER;
+
@Service
public class PermissionServiceImpl implements PermissionService,
InitializingBean {
@@ -55,10 +56,10 @@ public class PermissionServiceImpl implements
PermissionService, InitializingBea
public boolean checkUrlAvailable(UserInfo userInfo, String url) {
int type = userInfo.getUser().getType();
// if it is admin, it could access all resources
- if (type == ADMIN.getRoleType()) {
+ if (type == SUPER.getRoleType()) {
return true;
}
- String loginUserRole = ORDINARY.getRoleName();
+ String loginUserRole = NORMAL.getRoleName();
Map<String, List<String>> rolePerms = PermissionFileStore.rolePerms;
List<String> perms = rolePerms.get(loginUserRole);
for (String perm : perms) {
diff --git a/src/main/resources/role-permission.yml
b/src/main/resources/role-permission.yml
index 9676b39..250652b 100644
--- a/src/main/resources/role-permission.yml
+++ b/src/main/resources/role-permission.yml
@@ -22,12 +22,13 @@
# **: Matches 0 or more characters.
rolePerms:
- ordinary:
+ Normal:
- /rocketmq/*.query
- /ops/*.query
- /dashboard/*.query
- /topic/*.query
- /topic/sendTopicMessage.do
+ - /topic/list.queryTopicType
- /producer/*.query
- /message/*.query
- /messageTrace/*.query
