Skip to content

Commit b0c0e06

Browse files
committed
BE: RBAC: Fix viewable topics filter (#3946)
(cherry picked from commit 6fe6165)
1 parent 556ec29 commit b0c0e06

File tree

3 files changed

+19
-14
lines changed

3 files changed

+19
-14
lines changed

kafka-ui-api/src/main/java/com/provectus/kafka/ui/controller/TopicsController.java

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -167,12 +167,13 @@ public Mono<ResponseEntity<TopicsResponseDTO>> getTopics(String clusterName,
167167
ServerWebExchange exchange) {
168168

169169
return topicsService.getTopicsForPagination(getCluster(clusterName))
170-
.flatMap(existingTopics -> {
170+
.flatMap(topics -> accessControlService.filterViewableTopics(topics, clusterName))
171+
.flatMap(topics -> {
171172
int pageSize = perPage != null && perPage > 0 ? perPage : DEFAULT_PAGE_SIZE;
172173
var topicsToSkip = ((page != null && page > 0 ? page : 1) - 1) * pageSize;
173174
var comparator = sortOrder == null || !sortOrder.equals(SortOrderDTO.DESC)
174175
? getComparatorForTopic(orderBy) : getComparatorForTopic(orderBy).reversed();
175-
List<InternalTopic> filtered = existingTopics.stream()
176+
List<InternalTopic> filtered = topics.stream()
176177
.filter(topic -> !topic.isInternal()
177178
|| showInternal != null && showInternal)
178179
.filter(topic -> search == null || StringUtils.containsIgnoreCase(topic.getName(), search))
@@ -189,7 +190,6 @@ public Mono<ResponseEntity<TopicsResponseDTO>> getTopics(String clusterName,
189190

190191
return topicsService.loadTopics(getCluster(clusterName), topicsPage)
191192
.flatMapMany(Flux::fromIterable)
192-
.filterWhen(dto -> accessControlService.isTopicAccessible(dto, clusterName))
193193
.collectList()
194194
.map(topicsToRender ->
195195
new TopicsResponseDTO()

kafka-ui-api/src/main/java/com/provectus/kafka/ui/service/rbac/AccessControlService.java

Lines changed: 14 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -202,19 +202,23 @@ public boolean isTopicAccessible(AccessContext context, AuthenticatedUser user)
202202
return isAccessible(Resource.TOPIC, context.getTopic(), user, context, requiredActions);
203203
}
204204

205-
public Mono<Boolean> isTopicAccessible(InternalTopic dto, String clusterName) {
205+
public Mono<List<InternalTopic>> filterViewableTopics(List<InternalTopic> topics, String clusterName) {
206206
if (!rbacEnabled) {
207-
return Mono.just(true);
207+
return Mono.just(topics);
208208
}
209209

210-
AccessContext accessContext = AccessContext
211-
.builder()
212-
.cluster(clusterName)
213-
.topic(dto.getName())
214-
.topicActions(TopicAction.VIEW)
215-
.build();
216-
217-
return getUser().map(u -> isTopicAccessible(accessContext, u));
210+
return getUser()
211+
.map(user -> topics.stream()
212+
.filter(topic -> {
213+
var accessContext = AccessContext
214+
.builder()
215+
.cluster(clusterName)
216+
.topic(topic.getName())
217+
.topicActions(TopicAction.VIEW)
218+
.build();
219+
return isTopicAccessible(accessContext, user);
220+
}
221+
).toList());
218222
}
219223

220224
private boolean isConsumerGroupAccessible(AccessContext context, AuthenticatedUser user) {

kafka-ui-api/src/test/java/com/provectus/kafka/ui/util/AccessControlServiceMock.java

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,7 @@
55
import static org.mockito.Mockito.when;
66

77
import com.provectus.kafka.ui.service.rbac.AccessControlService;
8+
import java.util.Collections;
89
import org.mockito.Mockito;
910
import reactor.core.publisher.Mono;
1011

@@ -16,7 +17,7 @@ public AccessControlService getMock() {
1617
when(mock.validateAccess(any())).thenReturn(Mono.empty());
1718
when(mock.isSchemaAccessible(anyString(), anyString())).thenReturn(Mono.just(true));
1819

19-
when(mock.isTopicAccessible(any(), anyString())).thenReturn(Mono.just(true));
20+
when(mock.filterViewableTopics(any(), any())).then(invocation -> Mono.just(invocation.getArgument(0)));
2021

2122
return mock;
2223
}

0 commit comments

Comments
 (0)