From e93d98176bd8712631b510295eb9c81bf4fb2db1 Mon Sep 17 00:00:00 2001 From: bachmanity1 Date: Tue, 30 Jul 2024 19:06:49 +0900 Subject: [PATCH 1/5] restrict access to the topic analysis feature --- .../java/io/kafbat/ui/model/rbac/permission/TopicAction.java | 2 ++ frontend/src/components/Topics/Topic/Statistics/Statistics.tsx | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/api/src/main/java/io/kafbat/ui/model/rbac/permission/TopicAction.java b/api/src/main/java/io/kafbat/ui/model/rbac/permission/TopicAction.java index 8efbc6fe0..c1b0aeb16 100644 --- a/api/src/main/java/io/kafbat/ui/model/rbac/permission/TopicAction.java +++ b/api/src/main/java/io/kafbat/ui/model/rbac/permission/TopicAction.java @@ -13,6 +13,8 @@ public enum TopicAction implements PermissibleAction { MESSAGES_READ(VIEW), MESSAGES_PRODUCE(VIEW), MESSAGES_DELETE(VIEW, EDIT), + ANALYSIS_VIEW(VIEW), + ANALYSIS_RUN(VIEW, ANALYSIS_VIEW), ; diff --git a/frontend/src/components/Topics/Topic/Statistics/Statistics.tsx b/frontend/src/components/Topics/Topic/Statistics/Statistics.tsx index fd275028b..2088cd46b 100644 --- a/frontend/src/components/Topics/Topic/Statistics/Statistics.tsx +++ b/frontend/src/components/Topics/Topic/Statistics/Statistics.tsx @@ -31,7 +31,7 @@ const Statistics: React.FC = () => { buttonSize="M" permission={{ resource: ResourceType.TOPIC, - action: Action.MESSAGES_READ, + action: Action.ANALYSIS_RUN, value: params.topicName, }} > From 2531db5e084516365d0e39e1a04aebf9c09176c6 Mon Sep 17 00:00:00 2001 From: bachmanity1 Date: Wed, 31 Jul 2024 11:09:08 +0900 Subject: [PATCH 2/5] update topic conotroller --- .../main/java/io/kafbat/ui/controller/TopicsController.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/api/src/main/java/io/kafbat/ui/controller/TopicsController.java b/api/src/main/java/io/kafbat/ui/controller/TopicsController.java index 53e9fc8cd..9d087ec65 100644 --- a/api/src/main/java/io/kafbat/ui/controller/TopicsController.java +++ b/api/src/main/java/io/kafbat/ui/controller/TopicsController.java @@ -1,5 +1,6 @@ package io.kafbat.ui.controller; +import static io.kafbat.ui.model.rbac.permission.TopicAction.ANALYSIS_RUN; import static io.kafbat.ui.model.rbac.permission.TopicAction.CREATE; import static io.kafbat.ui.model.rbac.permission.TopicAction.DELETE; import static io.kafbat.ui.model.rbac.permission.TopicAction.EDIT; @@ -272,7 +273,7 @@ public Mono> analyzeTopic(String clusterName, String topicN var context = AccessContext.builder() .cluster(clusterName) - .topicActions(topicName, MESSAGES_READ) + .topicActions(topicName, ANALYSIS_RUN) .operationName("analyzeTopic") .build(); From 65741156af7af293d8b538ca2768a0dc137199ba Mon Sep 17 00:00:00 2001 From: bachmanity1 Date: Wed, 31 Jul 2024 18:40:42 +0900 Subject: [PATCH 3/5] fix frontend --- .../main/java/io/kafbat/ui/controller/TopicsController.java | 6 +++--- .../io/kafbat/ui/model/rbac/permission/TopicAction.java | 4 ++-- frontend/src/components/Topics/Topic/Statistics/Metrics.tsx | 4 ++-- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/api/src/main/java/io/kafbat/ui/controller/TopicsController.java b/api/src/main/java/io/kafbat/ui/controller/TopicsController.java index 9d087ec65..2dad7bfae 100644 --- a/api/src/main/java/io/kafbat/ui/controller/TopicsController.java +++ b/api/src/main/java/io/kafbat/ui/controller/TopicsController.java @@ -1,10 +1,10 @@ package io.kafbat.ui.controller; import static io.kafbat.ui.model.rbac.permission.TopicAction.ANALYSIS_RUN; +import static io.kafbat.ui.model.rbac.permission.TopicAction.ANALYSIS_VIEW; import static io.kafbat.ui.model.rbac.permission.TopicAction.CREATE; import static io.kafbat.ui.model.rbac.permission.TopicAction.DELETE; import static io.kafbat.ui.model.rbac.permission.TopicAction.EDIT; -import static io.kafbat.ui.model.rbac.permission.TopicAction.MESSAGES_READ; import static io.kafbat.ui.model.rbac.permission.TopicAction.VIEW; import static java.util.stream.Collectors.toList; @@ -289,7 +289,7 @@ public Mono> cancelTopicAnalysis(String clusterName, String ServerWebExchange exchange) { var context = AccessContext.builder() .cluster(clusterName) - .topicActions(topicName, MESSAGES_READ) + .topicActions(topicName, ANALYSIS_RUN) .operationName("cancelTopicAnalysis") .build(); @@ -307,7 +307,7 @@ public Mono> getTopicAnalysis(String clusterNam var context = AccessContext.builder() .cluster(clusterName) - .topicActions(topicName, MESSAGES_READ) + .topicActions(topicName, ANALYSIS_VIEW) .operationName("getTopicAnalysis") .build(); diff --git a/api/src/main/java/io/kafbat/ui/model/rbac/permission/TopicAction.java b/api/src/main/java/io/kafbat/ui/model/rbac/permission/TopicAction.java index c1b0aeb16..aa4080395 100644 --- a/api/src/main/java/io/kafbat/ui/model/rbac/permission/TopicAction.java +++ b/api/src/main/java/io/kafbat/ui/model/rbac/permission/TopicAction.java @@ -13,8 +13,8 @@ public enum TopicAction implements PermissibleAction { MESSAGES_READ(VIEW), MESSAGES_PRODUCE(VIEW), MESSAGES_DELETE(VIEW, EDIT), - ANALYSIS_VIEW(VIEW), - ANALYSIS_RUN(VIEW, ANALYSIS_VIEW), + ANALYSIS_VIEW(VIEW, MESSAGES_READ), + ANALYSIS_RUN(VIEW, ANALYSIS_VIEW, MESSAGES_READ), ; diff --git a/frontend/src/components/Topics/Topic/Statistics/Metrics.tsx b/frontend/src/components/Topics/Topic/Statistics/Metrics.tsx index f24d6bf5e..aec1b53bb 100644 --- a/frontend/src/components/Topics/Topic/Statistics/Metrics.tsx +++ b/frontend/src/components/Topics/Topic/Statistics/Metrics.tsx @@ -60,7 +60,7 @@ const Metrics: React.FC = () => { buttonSize="M" permission={{ resource: ResourceType.TOPIC, - action: Action.MESSAGES_READ, + action: Action.ANALYSIS_RUN, value: params.topicName, }} > @@ -110,7 +110,7 @@ const Metrics: React.FC = () => { buttonSize="S" permission={{ resource: ResourceType.TOPIC, - action: Action.MESSAGES_READ, + action: Action.ANALYSIS_RUN, value: params.topicName, }} > From dfa585a2e27f3570fc299aa6fdcd96f0930d80c0 Mon Sep 17 00:00:00 2001 From: bachmanity1 Date: Sat, 3 Aug 2024 00:40:31 +0900 Subject: [PATCH 4/5] disbale statistics tab unless ANALYSIS_VIEW action is allowed --- frontend/src/components/Topics/Topic/Topic.tsx | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/frontend/src/components/Topics/Topic/Topic.tsx b/frontend/src/components/Topics/Topic/Topic.tsx index b5bcf8d52..a40bcfc12 100644 --- a/frontend/src/components/Topics/Topic/Topic.tsx +++ b/frontend/src/components/Topics/Topic/Topic.tsx @@ -194,12 +194,17 @@ const Topic: React.FC = () => { > Settings - (isActive ? 'is-active' : '')} + permission={{ + resource: ResourceType.TOPIC, + action: Action.ANALYSIS_VIEW, + value: topicName, + }} > Statistics - + }> From e75f16ba867b67dd8b39ad3dab6a712fbb40f524 Mon Sep 17 00:00:00 2001 From: bachmanity1 Date: Sat, 3 Aug 2024 00:54:10 +0900 Subject: [PATCH 5/5] remove MESSAGES_READ from ANALYSIS dependant actions --- .../java/io/kafbat/ui/model/rbac/permission/TopicAction.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/api/src/main/java/io/kafbat/ui/model/rbac/permission/TopicAction.java b/api/src/main/java/io/kafbat/ui/model/rbac/permission/TopicAction.java index aa4080395..c1b0aeb16 100644 --- a/api/src/main/java/io/kafbat/ui/model/rbac/permission/TopicAction.java +++ b/api/src/main/java/io/kafbat/ui/model/rbac/permission/TopicAction.java @@ -13,8 +13,8 @@ public enum TopicAction implements PermissibleAction { MESSAGES_READ(VIEW), MESSAGES_PRODUCE(VIEW), MESSAGES_DELETE(VIEW, EDIT), - ANALYSIS_VIEW(VIEW, MESSAGES_READ), - ANALYSIS_RUN(VIEW, ANALYSIS_VIEW, MESSAGES_READ), + ANALYSIS_VIEW(VIEW), + ANALYSIS_RUN(VIEW, ANALYSIS_VIEW), ;