(improvement)(auth) support super admin configuration

semantic/model/src/main/java/com/tencent/supersonic/semantic/model/application/DatabaseServiceImpl.java

@@ -72,7 +72,8 @@ public class DatabaseServiceImpl implements DatabaseService {
     private void fillPermission(List<DatabaseResp> databaseResps, User user) {
         databaseResps.forEach(databaseResp -> {
             if (databaseResp.getAdmins().contains(user.getName())
-                    || user.getName().equalsIgnoreCase(databaseResp.getCreatedBy())) {
+                    || user.getName().equalsIgnoreCase(databaseResp.getCreatedBy())
+                    || user.isSuperAdmin()) {
                 databaseResp.setHasPermission(true);
                 databaseResp.setHasEditPermission(true);
                 databaseResp.setHasUsePermission(true);
@@ -111,7 +112,8 @@ public class DatabaseServiceImpl implements DatabaseService {
         List<String> viewers = databaseResp.getViewers();
         if (!admins.contains(user.getName())
                 && !viewers.contains(user.getName())
-                && !databaseResp.getCreatedBy().equalsIgnoreCase(user.getName())) {
+                && !databaseResp.getCreatedBy().equalsIgnoreCase(user.getName())
+                && !user.isSuperAdmin()) {
             String message = String.format("您暂无当前数据库%s权限, 请联系数据库管理员%s开通",
                     databaseResp.getName(),
                     String.join(",", admins));

semantic/model/src/main/java/com/tencent/supersonic/semantic/model/application/DomainServiceImpl.java

@@ -96,12 +96,12 @@ public class DomainServiceImpl implements DomainService {
 
     @Override
     public List<DomainResp> getDomainListWithAdminAuth(User user) {
-        Set<DomainResp> domainWithAuthAll = getDomainAuthSet(user.getName(), AuthType.ADMIN);
+        Set<DomainResp> domainWithAuthAll = getDomainAuthSet(user, AuthType.ADMIN);
         if (!CollectionUtils.isEmpty(domainWithAuthAll)) {
             List<Long> domainIds = domainWithAuthAll.stream().map(DomainResp::getId).collect(Collectors.toList());
             domainWithAuthAll.addAll(getParentDomain(domainIds));
         }
-        List<ModelResp> modelResps = modelService.getModelAuthList(user.getName(), AuthType.ADMIN);
+        List<ModelResp> modelResps = modelService.getModelAuthList(user, AuthType.ADMIN);
         if (!CollectionUtils.isEmpty(modelResps)) {
             List<Long> domainIds = modelResps.stream().map(ModelResp::getDomainId).collect(Collectors.toList());
             domainWithAuthAll.addAll(getParentDomain(domainIds));
@@ -111,18 +111,18 @@ public class DomainServiceImpl implements DomainService {
     }
 
     @Override
-    public Set<DomainResp> getDomainAuthSet(String userName, AuthType authTypeEnum) {
+    public Set<DomainResp> getDomainAuthSet(User user, AuthType authTypeEnum) {
         List<DomainResp> domainResps = getDomainList();
-        Set<String> orgIds = userService.getUserAllOrgId(userName);
+        Set<String> orgIds = userService.getUserAllOrgId(user.getName());
         List<DomainResp> domainWithAuth = Lists.newArrayList();
         if (authTypeEnum.equals(AuthType.ADMIN)) {
             domainWithAuth = domainResps.stream()
-                    .filter(domainResp -> checkAdminPermission(orgIds, userName, domainResp))
+                    .filter(domainResp -> checkAdminPermission(orgIds, user, domainResp))
                     .collect(Collectors.toList());
         }
         if (authTypeEnum.equals(AuthType.VISIBLE)) {
             domainWithAuth = domainResps.stream()
-                    .filter(domainResp -> checkViewerPermission(orgIds, userName, domainResp))
+                    .filter(domainResp -> checkViewerPermission(orgIds, user, domainResp))
                     .collect(Collectors.toList());
         }
         List<Long> domainIds = domainWithAuth.stream().map(DomainResp::getId)
@@ -240,11 +240,13 @@ public class DomainServiceImpl implements DomainService {
     }
 
 
-    private boolean checkAdminPermission(Set<String> orgIds, String userName, DomainResp domainResp) {
-
+    private boolean checkAdminPermission(Set<String> orgIds, User user, DomainResp domainResp) {
         List<String> admins = domainResp.getAdmins();
         List<String> adminOrgs = domainResp.getAdminOrgs();
-        if (admins.contains(userName) || domainResp.getCreatedBy().equals(userName)) {
+        if (user.isSuperAdmin()) {
+            return true;
+        }
+        if (admins.contains(user.getName()) || domainResp.getCreatedBy().equals(user.getName())) {
             return true;
         }
         if (CollectionUtils.isEmpty(adminOrgs)) {
@@ -258,12 +260,17 @@ public class DomainServiceImpl implements DomainService {
         return false;
     }
 
-    private boolean checkViewerPermission(Set<String> orgIds, String userName, DomainResp domainDesc) {
+    private boolean checkViewerPermission(Set<String> orgIds, User user, DomainResp domainDesc) {
         List<String> admins = domainDesc.getAdmins();
         List<String> viewers = domainDesc.getViewers();
         List<String> adminOrgs = domainDesc.getAdminOrgs();
         List<String> viewOrgs = domainDesc.getViewOrgs();
-        if (admins.contains(userName) || viewers.contains(userName) || domainDesc.getCreatedBy().equals(userName)) {
+        if (user.isSuperAdmin()) {
+            return true;
+        }
+        if (admins.contains(user.getName())
+                || viewers.contains(user.getName())
+                || domainDesc.getCreatedBy().equals(user.getName())) {
             return true;
         }
         if (CollectionUtils.isEmpty(adminOrgs) && CollectionUtils.isEmpty(viewOrgs)) {

semantic/model/src/main/java/com/tencent/supersonic/semantic/model/application/ModelServiceImpl.java

@@ -97,10 +97,10 @@ public class ModelServiceImpl implements ModelService {
     }
 
     @Override
-    public List<ModelResp> getModelListWithAuth(String userName, Long domainId, AuthType authType) {
-        List<ModelResp> modelResps = getModelAuthList(userName, authType);
+    public List<ModelResp> getModelListWithAuth(User user, Long domainId, AuthType authType) {
+        List<ModelResp> modelResps = getModelAuthList(user, authType);
         Set<ModelResp> modelRespSet = new HashSet<>(modelResps);
-        List<ModelResp> modelRespsAuthInheritDomain = getModelRespAuthInheritDomain(userName, authType);
+        List<ModelResp> modelRespsAuthInheritDomain = getModelRespAuthInheritDomain(user, authType);
         modelRespSet.addAll(modelRespsAuthInheritDomain);
         if (domainId != null && domainId > 0) {
             modelRespSet = modelRespSet.stream().filter(modelResp ->
@@ -109,8 +109,8 @@ public class ModelServiceImpl implements ModelService {
         return fillMetricInfo(new ArrayList<>(modelRespSet));
     }
 
-    public List<ModelResp> getModelRespAuthInheritDomain(String userName, AuthType authType) {
-        Set<DomainResp> domainResps = domainService.getDomainAuthSet(userName, authType);
+    public List<ModelResp> getModelRespAuthInheritDomain(User user, AuthType authType) {
+        Set<DomainResp> domainResps = domainService.getDomainAuthSet(user, authType);
         if (CollectionUtils.isEmpty(domainResps)) {
             return Lists.newArrayList();
         }
@@ -121,18 +121,18 @@ public class ModelServiceImpl implements ModelService {
     }
 
     @Override
-    public List<ModelResp> getModelAuthList(String userName, AuthType authTypeEnum) {
+    public List<ModelResp> getModelAuthList(User user, AuthType authTypeEnum) {
         List<ModelResp> modelResps = getModelList();
-        Set<String> orgIds = userService.getUserAllOrgId(userName);
+        Set<String> orgIds = userService.getUserAllOrgId(user.getName());
         List<ModelResp> modelWithAuth = Lists.newArrayList();
         if (authTypeEnum.equals(AuthType.ADMIN)) {
             modelWithAuth = modelResps.stream()
-                    .filter(modelResp -> checkAdminPermission(orgIds, userName, modelResp))
+                    .filter(modelResp -> checkAdminPermission(orgIds, user, modelResp))
                     .collect(Collectors.toList());
         }
         if (authTypeEnum.equals(AuthType.VISIBLE)) {
             modelWithAuth = modelResps.stream()
-                    .filter(domainResp -> checkViewerPermission(orgIds, userName, domainResp))
+                    .filter(domainResp -> checkViewerPermission(orgIds, user, domainResp))
                     .collect(Collectors.toList());
         }
         return modelWithAuth;
@@ -325,9 +325,13 @@ public class ModelServiceImpl implements ModelService {
         return new ArrayList<>(getModelMap().keySet());
     }
 
-    public static boolean checkAdminPermission(Set<String> orgIds, String userName, ModelResp modelResp) {
+    public static boolean checkAdminPermission(Set<String> orgIds, User user, ModelResp modelResp) {
         List<String> admins = modelResp.getAdmins();
         List<String> adminOrgs = modelResp.getAdminOrgs();
+        if (user.isSuperAdmin()) {
+            return true;
+        }
+        String userName = user.getName();
         if (admins.contains(userName) || modelResp.getCreatedBy().equals(userName)) {
             return true;
         }
@@ -342,14 +346,18 @@ public class ModelServiceImpl implements ModelService {
         return false;
     }
 
-    public static boolean checkViewerPermission(Set<String> orgIds, String userName, ModelResp modelResp) {
+    public static boolean checkViewerPermission(Set<String> orgIds, User user, ModelResp modelResp) {
         List<String> admins = modelResp.getAdmins();
         List<String> viewers = modelResp.getViewers();
         List<String> adminOrgs = modelResp.getAdminOrgs();
         List<String> viewOrgs = modelResp.getViewOrgs();
+        if (user.isSuperAdmin()) {
+            return true;
+        }
         if (modelResp.openToAll()) {
             return true;
         }
+        String userName = user.getName();
         if (admins.contains(userName) || viewers.contains(userName) || modelResp.getCreatedBy().equals(userName)) {
             return true;
         }

semantic/model/src/main/java/com/tencent/supersonic/semantic/model/domain/DomainService.java

@@ -30,7 +30,7 @@ public interface DomainService {
 
     List<DomainResp> getDomainListWithAdminAuth(User user);
 
-    Set<DomainResp> getDomainAuthSet(String userName, AuthType authTypeEnum);
+    Set<DomainResp> getDomainAuthSet(User user, AuthType authTypeEnum);
 
     Set<DomainResp> getDomainChildren(List<Long> domainId);
 

semantic/model/src/main/java/com/tencent/supersonic/semantic/model/domain/ModelService.java

@@ -13,9 +13,9 @@ import java.util.Map;
 
 public interface ModelService {
 
-    List<ModelResp> getModelListWithAuth(String userName, Long domainId, AuthType authType);
+    List<ModelResp> getModelListWithAuth(User user, Long domainId, AuthType authType);
 
-    List<ModelResp> getModelAuthList(String userName, AuthType authTypeEnum);
+    List<ModelResp> getModelAuthList(User user, AuthType authTypeEnum);
 
     List<ModelResp> getModelByDomainIds(List<Long> domainIds);
 

semantic/model/src/main/java/com/tencent/supersonic/semantic/model/rest/ModelController.java

@@ -60,7 +60,7 @@ public class ModelController {
                                          HttpServletRequest request,
                                           HttpServletResponse response) {
         User user = UserHolder.findUser(request, response);
-        return modelService.getModelListWithAuth(user.getName(), domainId, AuthType.ADMIN);
+        return modelService.getModelListWithAuth(user, domainId, AuthType.ADMIN);
     }