topdog/supersonic
1
0
Fork 0
mirror of https://github.com/tencentmusic/supersonic.git synced 2025-12-17 16:02:14 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

(improvement)(auth) support super admin configuration

Browse Source
This commit is contained in:
jolunoluo
2023-09-20 11:08:40 +08:00
parent 3fe726ac23
commit b824cd8ce7
27 changed files with 273 additions and 158 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
auth/api/src/main/java/com/tencent/supersonic/auth/api/authentication/constant/UserConstants.java
View File

@@ -12,6 +12,8 @@ public class UserConstants {
public static final String TOKEN_USER_EMAIL = "token_user_email"; public static final String TOKEN_USER_EMAIL = "token_user_email";
public static final String TOKEN_IS_ADMIN = "token_is_admin";
public static final String TOKEN_ALGORITHM = "HS512"; public static final String TOKEN_ALGORITHM = "HS512";
public static final String TOKEN_CREATE_TIME = "token_create_time"; public static final String TOKEN_CREATE_TIME = "token_create_time";

11
auth/api/src/main/java/com/tencent/supersonic/auth/api/authentication/pojo/User.java
View File

@@ -18,17 +18,22 @@ public class User {
private String email; private String email;
public static User get(Long id, String name, String displayName, String email) { private Integer isAdmin;
return new User(id, name, displayName, email);
public static User get(Long id, String name, String displayName, String email, Integer isAdmin) {
return new User(id, name, displayName, email, isAdmin);
} }
public static User getFakeUser() { public static User getFakeUser() {
return new User(1L, "admin", "admin", "admin@email"); return new User(1L, "admin", "admin", "admin@email", 1);
} }
public String getDisplayName() { public String getDisplayName() {
return StringUtils.isBlank(displayName) ? name : displayName; return StringUtils.isBlank(displayName) ? name : displayName;
} }
public boolean isSuperAdmin() {
return isAdmin != null && isAdmin == 1;
}
} }

9
auth/api/src/main/java/com/tencent/supersonic/auth/api/authentication/pojo/UserWithPassword.java
View File

@@ -9,13 +9,14 @@ public class UserWithPassword extends User {
private String password; private String password;
public UserWithPassword(Long id, String name, String displayName, String email, String password) { public UserWithPassword(Long id, String name, String displayName, String email, String password, Integer isAdmin) {
super(id, name, displayName, email); super(id, name, displayName, email, isAdmin);
this.password = password; this.password = password;
} }
public static UserWithPassword get(Long id, String name, String displayName, String email, String password) { public static UserWithPassword get(Long id, String name, String displayName,
return new UserWithPassword(id, name, displayName, email, password); String email, String password, Integer isAdmin) {
return new UserWithPassword(id, name, displayName, email, password, isAdmin);
} }
} }

2
auth/authentication/src/main/java/com/tencent/supersonic/auth/authentication/adaptor/DefaultUserAdaptor.java
View File

@@ -71,7 +71,7 @@ public class DefaultUserAdaptor implements UserAdaptor {
} }
if (userDO.getPassword().equals(userReq.getPassword())) { if (userDO.getPassword().equals(userReq.getPassword())) {
UserWithPassword user = UserWithPassword.get(userDO.getId(), userDO.getName(), userDO.getDisplayName(), UserWithPassword user = UserWithPassword.get(userDO.getId(), userDO.getName(), userDO.getDisplayName(),
userDO.getEmail(), userDO.getPassword()); userDO.getEmail(), userDO.getPassword(), userDO.getIsAdmin());
return userTokenUtils.generateToken(user); return userTokenUtils.generateToken(user);
} }
throw new RuntimeException("password not correct, please try again"); throw new RuntimeException("password not correct, please try again");

32
auth/authentication/src/main/java/com/tencent/supersonic/auth/authentication/persistence/dataobject/UserDO.java
View File

@@ -1,7 +1,6 @@
package com.tencent.supersonic.auth.authentication.persistence.dataobject; package com.tencent.supersonic.auth.authentication.persistence.dataobject;
public class UserDO { public class UserDO {
/** /**
* *
*/ */
@@ -28,6 +27,12 @@ public class UserDO {
private String email; private String email;
/** /**
*
*/
private Integer isAdmin;
/**
*
* @return id * @return id
*/ */
public Long getId() { public Long getId() {
@@ -35,6 +40,7 @@ public class UserDO {
} }
/** /**
*
* @param id * @param id
*/ */
public void setId(Long id) { public void setId(Long id) {
@@ -42,6 +48,7 @@ public class UserDO {
} }
/** /**
*
* @return name * @return name
*/ */
public String getName() { public String getName() {
@@ -49,6 +56,7 @@ public class UserDO {
} }
/** /**
*
* @param name * @param name
*/ */
public void setName(String name) { public void setName(String name) {
@@ -56,6 +64,7 @@ public class UserDO {
} }
/** /**
*
* @return password * @return password
*/ */
public String getPassword() { public String getPassword() {
@@ -63,6 +72,7 @@ public class UserDO {
} }
/** /**
*
* @param password * @param password
*/ */
public void setPassword(String password) { public void setPassword(String password) {
@@ -70,6 +80,7 @@ public class UserDO {
} }
/** /**
*
* @return display_name * @return display_name
*/ */
public String getDisplayName() { public String getDisplayName() {
@@ -77,6 +88,7 @@ public class UserDO {
} }
/** /**
*
* @param displayName * @param displayName
*/ */
public void setDisplayName(String displayName) { public void setDisplayName(String displayName) {
@@ -84,6 +96,7 @@ public class UserDO {
} }
/** /**
*
* @return email * @return email
*/ */
public String getEmail() { public String getEmail() {
@@ -91,9 +104,26 @@ public class UserDO {
} }
/** /**
*
* @param email * @param email
*/ */
public void setEmail(String email) { public void setEmail(String email) {
this.email = email == null ? null : email.trim(); this.email = email == null ? null : email.trim();
} }
/**
*
* @return is_admin
*/
public Integer getIsAdmin() {
return isAdmin;
}
/**
*
* @param isAdmin
*/
public void setIsAdmin(Integer isAdmin) {
this.isAdmin = isAdmin;
}
} }

178
auth/authentication/src/main/java/com/tencent/supersonic/auth/authentication/persistence/dataobject/UserDOExample.java
View File

@@ -4,7 +4,6 @@ import java.util.ArrayList;
import java.util.List; import java.util.List;
public class UserDOExample { public class UserDOExample {
/** /**
* s2_user * s2_user
*/ */
@@ -31,6 +30,7 @@ public class UserDOExample {
protected Integer limitEnd; protected Integer limitEnd;
/** /**
*
* @mbg.generated * @mbg.generated
*/ */
public UserDOExample() { public UserDOExample() {
@@ -38,13 +38,7 @@ public class UserDOExample {
} }
/** /**
* @mbg.generated *
*/
public String getOrderByClause() {
return orderByClause;
}
/**
* @mbg.generated * @mbg.generated
*/ */
public void setOrderByClause(String orderByClause) { public void setOrderByClause(String orderByClause) {
@@ -52,13 +46,15 @@ public class UserDOExample {
} }
/** /**
*
* @mbg.generated * @mbg.generated
*/ */
public boolean isDistinct() { public String getOrderByClause() {
return distinct; return orderByClause;
} }
/** /**
*
* @mbg.generated * @mbg.generated
*/ */
public void setDistinct(boolean distinct) { public void setDistinct(boolean distinct) {
@@ -66,6 +62,15 @@ public class UserDOExample {
} }
/** /**
*
* @mbg.generated
*/
public boolean isDistinct() {
return distinct;
}
/**
*
* @mbg.generated * @mbg.generated
*/ */
public List<Criteria> getOredCriteria() { public List<Criteria> getOredCriteria() {
@@ -73,6 +78,7 @@ public class UserDOExample {
} }
/** /**
*
* @mbg.generated * @mbg.generated
*/ */
public void or(Criteria criteria) { public void or(Criteria criteria) {
@@ -80,6 +86,7 @@ public class UserDOExample {
} }
/** /**
*
* @mbg.generated * @mbg.generated
*/ */
public Criteria or() { public Criteria or() {
@@ -89,6 +96,7 @@ public class UserDOExample {
} }
/** /**
*
* @mbg.generated * @mbg.generated
*/ */
public Criteria createCriteria() { public Criteria createCriteria() {
@@ -100,6 +108,7 @@ public class UserDOExample {
} }
/** /**
*
* @mbg.generated * @mbg.generated
*/ */
protected Criteria createCriteriaInternal() { protected Criteria createCriteriaInternal() {
@@ -108,6 +117,7 @@ public class UserDOExample {
} }
/** /**
*
* @mbg.generated * @mbg.generated
*/ */
public void clear() { public void clear() {
@@ -117,6 +127,15 @@ public class UserDOExample {
} }
/** /**
*
* @mbg.generated
*/
public void setLimitStart(Integer limitStart) {
this.limitStart=limitStart;
}
/**
*
* @mbg.generated * @mbg.generated
*/ */
public Integer getLimitStart() { public Integer getLimitStart() {
@@ -124,31 +143,25 @@ public class UserDOExample {
} }
/** /**
*
* @mbg.generated * @mbg.generated
*/ */
public void setLimitStart(Integer limitStart) { public void setLimitEnd(Integer limitEnd) {
this.limitStart = limitStart; this.limitEnd=limitEnd;
} }
/** /**
*
* @mbg.generated * @mbg.generated
*/ */
public Integer getLimitEnd() { public Integer getLimitEnd() {
return limitEnd; return limitEnd;
} }
/**
* @mbg.generated
*/
public void setLimitEnd(Integer limitEnd) {
this.limitEnd = limitEnd;
}
/** /**
* s2_user null * s2_user null
*/ */
protected abstract static class GeneratedCriteria { protected abstract static class GeneratedCriteria {
protected List<Criterion> criteria; protected List<Criterion> criteria;
protected GeneratedCriteria() { protected GeneratedCriteria() {
@@ -528,6 +541,66 @@ public class UserDOExample {
addCriterion("email not between", value1, value2, "email"); addCriterion("email not between", value1, value2, "email");
return (Criteria) this; return (Criteria) this;
} }
public Criteria andIsAdminIsNull() {
addCriterion("is_admin is null");
return (Criteria) this;
}
public Criteria andIsAdminIsNotNull() {
addCriterion("is_admin is not null");
return (Criteria) this;
}
public Criteria andIsAdminEqualTo(Integer value) {
addCriterion("is_admin =", value, "isAdmin");
return (Criteria) this;
}
public Criteria andIsAdminNotEqualTo(Integer value) {
addCriterion("is_admin <>", value, "isAdmin");
return (Criteria) this;
}
public Criteria andIsAdminGreaterThan(Integer value) {
addCriterion("is_admin >", value, "isAdmin");
return (Criteria) this;
}
public Criteria andIsAdminGreaterThanOrEqualTo(Integer value) {
addCriterion("is_admin >=", value, "isAdmin");
return (Criteria) this;
}
public Criteria andIsAdminLessThan(Integer value) {
addCriterion("is_admin <", value, "isAdmin");
return (Criteria) this;
}
public Criteria andIsAdminLessThanOrEqualTo(Integer value) {
addCriterion("is_admin <=", value, "isAdmin");
return (Criteria) this;
}
public Criteria andIsAdminIn(List<Integer> values) {
addCriterion("is_admin in", values, "isAdmin");
return (Criteria) this;
}
public Criteria andIsAdminNotIn(List<Integer> values) {
addCriterion("is_admin not in", values, "isAdmin");
return (Criteria) this;
}
public Criteria andIsAdminBetween(Integer value1, Integer value2) {
addCriterion("is_admin between", value1, value2, "isAdmin");
return (Criteria) this;
}
public Criteria andIsAdminNotBetween(Integer value1, Integer value2) {
addCriterion("is_admin not between", value1, value2, "isAdmin");
return (Criteria) this;
}
} }
/** /**
@@ -544,7 +617,6 @@ public class UserDOExample {
* s2_user null * s2_user null
*/ */
public static class Criterion { public static class Criterion {
private String condition; private String condition;
private Object value; private Object value;
@@ -561,6 +633,38 @@ public class UserDOExample {
private String typeHandler; private String typeHandler;
public String getCondition() {
return condition;
}
public Object getValue() {
return value;
}
public Object getSecondValue() {
return secondValue;
}
public boolean isNoValue() {
return noValue;
}
public boolean isSingleValue() {
return singleValue;
}
public boolean isBetweenValue() {
return betweenValue;
}
public boolean isListValue() {
return listValue;
}
public String getTypeHandler() {
return typeHandler;
}
protected Criterion(String condition) { protected Criterion(String condition) {
super(); super();
this.condition = condition; this.condition = condition;
@@ -596,37 +700,5 @@ public class UserDOExample {
protected Criterion(String condition, Object value, Object secondValue) { protected Criterion(String condition, Object value, Object secondValue) {
this(condition, value, secondValue, null); this(condition, value, secondValue, null);
} }
public String getCondition() {
return condition;
}
public Object getValue() {
return value;
}
public Object getSecondValue() {
return secondValue;
}
public boolean isNoValue() {
return noValue;
}
public boolean isSingleValue() {
return singleValue;
}
public boolean isBetweenValue() {
return betweenValue;
}
public boolean isListValue() {
return listValue;
}
public String getTypeHandler() {
return typeHandler;
}
} }
} }

11
auth/authentication/src/main/java/com/tencent/supersonic/auth/authentication/utils/UserTokenUtils.java
View File

@@ -2,6 +2,7 @@ package com.tencent.supersonic.auth.authentication.utils;
import static com.tencent.supersonic.auth.api.authentication.constant.UserConstants.TOKEN_ALGORITHM; import static com.tencent.supersonic.auth.api.authentication.constant.UserConstants.TOKEN_ALGORITHM;
import static com.tencent.supersonic.auth.api.authentication.constant.UserConstants.TOKEN_CREATE_TIME; import static com.tencent.supersonic.auth.api.authentication.constant.UserConstants.TOKEN_CREATE_TIME;
import static com.tencent.supersonic.auth.api.authentication.constant.UserConstants.TOKEN_IS_ADMIN;
import static com.tencent.supersonic.auth.api.authentication.constant.UserConstants.TOKEN_PREFIX; import static com.tencent.supersonic.auth.api.authentication.constant.UserConstants.TOKEN_PREFIX;
import static com.tencent.supersonic.auth.api.authentication.constant.UserConstants.TOKEN_TIME_OUT; import static com.tencent.supersonic.auth.api.authentication.constant.UserConstants.TOKEN_TIME_OUT;
import static com.tencent.supersonic.auth.api.authentication.constant.UserConstants.TOKEN_USER_DISPLAY_NAME; import static com.tencent.supersonic.auth.api.authentication.constant.UserConstants.TOKEN_USER_DISPLAY_NAME;
@@ -42,6 +43,7 @@ public class UserTokenUtils {
claims.put(TOKEN_USER_PASSWORD, StringUtils.isEmpty(user.getPassword()) ? "" : user.getPassword()); claims.put(TOKEN_USER_PASSWORD, StringUtils.isEmpty(user.getPassword()) ? "" : user.getPassword());
claims.put(TOKEN_USER_DISPLAY_NAME, user.getDisplayName()); claims.put(TOKEN_USER_DISPLAY_NAME, user.getDisplayName());
claims.put(TOKEN_CREATE_TIME, System.currentTimeMillis()); claims.put(TOKEN_CREATE_TIME, System.currentTimeMillis());
claims.put(TOKEN_IS_ADMIN, user.getIsAdmin());
return generate(claims); return generate(claims);
} }
@@ -52,6 +54,7 @@ public class UserTokenUtils {
claims.put(TOKEN_USER_PASSWORD, "admin"); claims.put(TOKEN_USER_PASSWORD, "admin");
claims.put(TOKEN_USER_DISPLAY_NAME, "admin"); claims.put(TOKEN_USER_DISPLAY_NAME, "admin");
claims.put(TOKEN_CREATE_TIME, System.currentTimeMillis()); claims.put(TOKEN_CREATE_TIME, System.currentTimeMillis());
claims.put(TOKEN_IS_ADMIN, 1);
return generate(claims); return generate(claims);
} }
@@ -63,7 +66,9 @@ public class UserTokenUtils {
String userName = String.valueOf(claims.get(TOKEN_USER_NAME)); String userName = String.valueOf(claims.get(TOKEN_USER_NAME));
String email = String.valueOf(claims.get(TOKEN_USER_EMAIL)); String email = String.valueOf(claims.get(TOKEN_USER_EMAIL));
String displayName = String.valueOf(claims.get(TOKEN_USER_DISPLAY_NAME)); String displayName = String.valueOf(claims.get(TOKEN_USER_DISPLAY_NAME));
return User.get(userId, userName, displayName, email); Integer isAdmin = claims.get(TOKEN_IS_ADMIN) == null
? 0 : Integer.parseInt(claims.get(TOKEN_IS_ADMIN).toString());
return User.get(userId, userName, displayName, email, isAdmin);
} }
public UserWithPassword getUserWithPassword(HttpServletRequest request) { public UserWithPassword getUserWithPassword(HttpServletRequest request) {
@@ -79,7 +84,9 @@ public class UserTokenUtils {
String email = String.valueOf(claims.get(TOKEN_USER_EMAIL)); String email = String.valueOf(claims.get(TOKEN_USER_EMAIL));
String displayName = String.valueOf(claims.get(TOKEN_USER_DISPLAY_NAME)); String displayName = String.valueOf(claims.get(TOKEN_USER_DISPLAY_NAME));
String password = String.valueOf(claims.get(TOKEN_USER_PASSWORD)); String password = String.valueOf(claims.get(TOKEN_USER_PASSWORD));
return UserWithPassword.get(userId, userName, displayName, email, password); Integer isAdmin = claims.get(TOKEN_IS_ADMIN) == null
? 0 : Integer.parseInt(claims.get(TOKEN_IS_ADMIN).toString());
return UserWithPassword.get(userId, userName, displayName, email, password, isAdmin);
} }
private Claims getClaims(String token) { private Claims getClaims(String token) {

53
auth/authentication/src/main/resources/mapper/UserDOMapper.xml
View File

@@ -2,11 +2,12 @@
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd"> <!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<mapper namespace="com.tencent.supersonic.auth.authentication.persistence.mapper.UserDOMapper"> <mapper namespace="com.tencent.supersonic.auth.authentication.persistence.mapper.UserDOMapper">
<resultMap id="BaseResultMap" type="com.tencent.supersonic.auth.authentication.persistence.dataobject.UserDO"> <resultMap id="BaseResultMap" type="com.tencent.supersonic.auth.authentication.persistence.dataobject.UserDO">
<id column="id" jdbcType="BIGINT" property="id" /> <result column="id" jdbcType="BIGINT" property="id" />
<result column="name" jdbcType="VARCHAR" property="name" /> <result column="name" jdbcType="VARCHAR" property="name" />
<result column="password" jdbcType="VARCHAR" property="password" /> <result column="password" jdbcType="VARCHAR" property="password" />
<result column="display_name" jdbcType="VARCHAR" property="displayName" /> <result column="display_name" jdbcType="VARCHAR" property="displayName" />
<result column="email" jdbcType="VARCHAR" property="email" /> <result column="email" jdbcType="VARCHAR" property="email" />
<result column="is_admin" jdbcType="INTEGER" property="isAdmin" />
</resultMap> </resultMap>
<sql id="Example_Where_Clause"> <sql id="Example_Where_Clause">
<where> <where>
@@ -38,7 +39,7 @@
</where> </where>
</sql> </sql>
<sql id="Base_Column_List"> <sql id="Base_Column_List">
id, name, password, display_name, email id, name, password, display_name, email, is_admin
</sql> </sql>
<select id="selectByExample" parameterType="com.tencent.supersonic.auth.authentication.persistence.dataobject.UserDOExample" resultMap="BaseResultMap"> <select id="selectByExample" parameterType="com.tencent.supersonic.auth.authentication.persistence.dataobject.UserDOExample" resultMap="BaseResultMap">
select select
@@ -57,21 +58,13 @@
limit #{limitStart} , #{limitEnd} limit #{limitStart} , #{limitEnd}
</if> </if>
</select> </select>
<select id="selectByPrimaryKey" parameterType="java.lang.Long" resultMap="BaseResultMap">
select
<include refid="Base_Column_List" />
from s2_user
where id = #{id,jdbcType=BIGINT}
</select>
<delete id="deleteByPrimaryKey" parameterType="java.lang.Long">
delete from s2_user
where id = #{id,jdbcType=BIGINT}
</delete>
<insert id="insert" parameterType="com.tencent.supersonic.auth.authentication.persistence.dataobject.UserDO"> <insert id="insert" parameterType="com.tencent.supersonic.auth.authentication.persistence.dataobject.UserDO">
insert into s2_user (id, name, password, insert into s2_user (id, name, password,
display_name, email) display_name, email, is_admin
)
values (#{id,jdbcType=BIGINT}, #{name,jdbcType=VARCHAR}, #{password,jdbcType=VARCHAR}, values (#{id,jdbcType=BIGINT}, #{name,jdbcType=VARCHAR}, #{password,jdbcType=VARCHAR},
#{displayName,jdbcType=VARCHAR}, #{email,jdbcType=VARCHAR}) #{displayName,jdbcType=VARCHAR}, #{email,jdbcType=VARCHAR}, #{isAdmin,jdbcType=INTEGER}
)
</insert> </insert>
<insert id="insertSelective" parameterType="com.tencent.supersonic.auth.authentication.persistence.dataobject.UserDO"> <insert id="insertSelective" parameterType="com.tencent.supersonic.auth.authentication.persistence.dataobject.UserDO">
insert into s2_user insert into s2_user
@@ -91,6 +84,9 @@
<if test="email != null"> <if test="email != null">
email, email,
</if> </if>
<if test="isAdmin != null">
is_admin,
</if>
</trim> </trim>
<trim prefix="values (" suffix=")" suffixOverrides=","> <trim prefix="values (" suffix=")" suffixOverrides=",">
<if test="id != null"> <if test="id != null">
@@ -108,6 +104,9 @@
<if test="email != null"> <if test="email != null">
#{email,jdbcType=VARCHAR}, #{email,jdbcType=VARCHAR},
</if> </if>
<if test="isAdmin != null">
#{isAdmin,jdbcType=INTEGER},
</if>
</trim> </trim>
</insert> </insert>
<select id="countByExample" parameterType="com.tencent.supersonic.auth.authentication.persistence.dataobject.UserDOExample" resultType="java.lang.Long"> <select id="countByExample" parameterType="com.tencent.supersonic.auth.authentication.persistence.dataobject.UserDOExample" resultType="java.lang.Long">
@@ -116,30 +115,4 @@
<include refid="Example_Where_Clause" /> <include refid="Example_Where_Clause" />
</if> </if>
</select> </select>
<update id="updateByPrimaryKeySelective" parameterType="com.tencent.supersonic.auth.authentication.persistence.dataobject.UserDO">
update s2_user
<set>
<if test="name != null">
name = #{name,jdbcType=VARCHAR},
</if>
<if test="password != null">
password = #{password,jdbcType=VARCHAR},
</if>
<if test="displayName != null">
display_name = #{displayName,jdbcType=VARCHAR},
</if>
<if test="email != null">
email = #{email,jdbcType=VARCHAR},
</if>
</set>
where id = #{id,jdbcType=BIGINT}
</update>
<update id="updateByPrimaryKey" parameterType="com.tencent.supersonic.auth.authentication.persistence.dataobject.UserDO">
update s2_user
set name = #{name,jdbcType=VARCHAR},
password = #{password,jdbcType=VARCHAR},
display_name = #{displayName,jdbcType=VARCHAR},
email = #{email,jdbcType=VARCHAR}
where id = #{id,jdbcType=BIGINT}
</update>
</mapper> </mapper>

2
launchers/chat/src/main/resources/db/chat-data-h2.sql
View File

@@ -1,4 +1,4 @@
insert into s2_user (id, `name`, password, display_name, email) values (1, 'admin','admin','admin','admin@xx.com'); insert into s2_user (id, `name`, password, display_name, email, is_admin) values (1, 'admin','admin','admin','admin@xx.com', 1);
insert into s2_user (id, `name`, password, display_name, email) values (2, 'jack','123456','jack','jack@xx.com'); insert into s2_user (id, `name`, password, display_name, email) values (2, 'jack','123456','jack','jack@xx.com');
insert into s2_user (id, `name`, password, display_name, email) values (3, 'tom','123456','tom','tom@xx.com'); insert into s2_user (id, `name`, password, display_name, email) values (3, 'tom','123456','tom','tom@xx.com');
insert into s2_user (id, `name`, password, display_name, email) values (4, 'lucy','123456','lucy','lucy@xx.com'); insert into s2_user (id, `name`, password, display_name, email) values (4, 'lucy','123456','lucy','lucy@xx.com');

1
launchers/chat/src/main/resources/db/chat-schema-h2.sql
View File

@@ -87,6 +87,7 @@ create table s2_user
display_name varchar(100) null, display_name varchar(100) null,
password varchar(100) null, password varchar(100) null,
email varchar(100) null, email varchar(100) null,
is_admin INT null,
PRIMARY KEY (`id`) PRIMARY KEY (`id`)
); );
COMMENT ON TABLE s2_user IS 'user information table'; COMMENT ON TABLE s2_user IS 'user information table';

2
launchers/semantic/src/main/resources/db/semantic-data-h2.sql
View File

@@ -36,7 +36,7 @@ insert into s2_auth_groups (group_id, config)
values (2, '{"domainId":"1","name":"tom_sales_permission","groupId":2,"authRules":[{"metrics":["stay_hours"],"dimensions":["page"]}],"dimensionFilters":["department in (''sales'')"],"dimensionFilterDescription":"开通 tom sales部门权限", "authorizedUsers":["tom"],"authorizedDepartmentIds":[]}'); values (2, '{"domainId":"1","name":"tom_sales_permission","groupId":2,"authRules":[{"metrics":["stay_hours"],"dimensions":["page"]}],"dimensionFilters":["department in (''sales'')"],"dimensionFilterDescription":"开通 tom sales部门权限", "authorizedUsers":["tom"],"authorizedDepartmentIds":[]}');
insert into s2_user (id, `name`, password, display_name, email) values (1, 'admin','admin','admin','admin@xx.com'); insert into s2_user (id, `name`, password, display_name, email, is_admin) values (1, 'admin','admin','admin','admin@xx.com', 1);
insert into s2_user (id, `name`, password, display_name, email) values (2, 'jack','123456','jack','jack@xx.com'); insert into s2_user (id, `name`, password, display_name, email) values (2, 'jack','123456','jack','jack@xx.com');
insert into s2_user (id, `name`, password, display_name, email) values (3, 'tom','123456','tom','tom@xx.com'); insert into s2_user (id, `name`, password, display_name, email) values (3, 'tom','123456','tom','tom@xx.com');
insert into s2_user (id, `name`, password, display_name, email) values (4, 'lucy','123456','lucy','lucy@xx.com'); insert into s2_user (id, `name`, password, display_name, email) values (4, 'lucy','123456','lucy','lucy@xx.com');

1
launchers/semantic/src/main/resources/db/semantic-schema-h2.sql
View File

@@ -80,6 +80,7 @@ create table s2_user
display_name varchar(100) null, display_name varchar(100) null,
password varchar(100) null, password varchar(100) null,
email varchar(100) null, email varchar(100) null,
is_admin INT null,
PRIMARY KEY (`id`) PRIMARY KEY (`id`)
); );
COMMENT ON TABLE s2_user IS 'user information table'; COMMENT ON TABLE s2_user IS 'user information table';

4
launchers/standalone/src/main/resources/db/data-h2.sql
View File

@@ -1,8 +1,8 @@
-- sample user -- sample user
insert into s2_user (id, `name`, password, display_name, email) values (1, 'admin','admin','admin','admin@xx.com'); insert into s2_user (id, `name`, password, display_name, email, is_admin) values (1, 'admin','admin','admin','admin@xx.com', 1);
insert into s2_user (id, `name`, password, display_name, email) values (2, 'jack','123456','jack','jack@xx.com'); insert into s2_user (id, `name`, password, display_name, email) values (2, 'jack','123456','jack','jack@xx.com');
insert into s2_user (id, `name`, password, display_name, email) values (3, 'tom','123456','tom','tom@xx.com'); insert into s2_user (id, `name`, password, display_name, email) values (3, 'tom','123456','tom','tom@xx.com');
insert into s2_user (id, `name`, password, display_name, email) values (4, 'lucy','123456','lucy','lucy@xx.com'); insert into s2_user (id, `name`, password, display_name, email, is_admin) values (4, 'lucy','123456','lucy','lucy@xx.com', 1);
insert into s2_user (id, `name`, password, display_name, email) values (5, 'alice','123456','alice','alice@xx.com'); insert into s2_user (id, `name`, password, display_name, email) values (5, 'alice','123456','alice','alice@xx.com');
-- sample models -- sample models

1
launchers/standalone/src/main/resources/db/schema-h2.sql
View File

@@ -87,6 +87,7 @@ create table s2_user
display_name varchar(100) null, display_name varchar(100) null,
password varchar(100) null, password varchar(100) null,
email varchar(100) null, email varchar(100) null,
is_admin INT null,
PRIMARY KEY (`id`) PRIMARY KEY (`id`)
); );
COMMENT ON TABLE s2_user IS 'user information table'; COMMENT ON TABLE s2_user IS 'user information table';

3
launchers/standalone/src/main/resources/db/schema-mysql.sql
View File

@@ -369,7 +369,8 @@ create table s2_user
display_name varchar(100) null, display_name varchar(100) null,
password varchar(100) null, password varchar(100) null,
email varchar(100) null, email varchar(100) null,
is_admin int(11) null,
PRIMARY KEY (`id`) PRIMARY KEY (`id`)
); );
insert into s2_user (id, `name`, password, display_name, email) values (1, 'admin','admin','admin','admin@xx.com'); insert into s2_user (id, `name`, password, display_name, email, is_admin) values (1, 'admin','admin','admin','admin@xx.com', 1);

3
launchers/standalone/src/main/resources/db/sql-update.sql
View File

@@ -52,3 +52,6 @@ ALTER TABLE s2_model add alias varchar(200) default null after domain_id;
--20230919 --20230919
alter table s2_metric add tags varchar(500) null; alter table s2_metric add tags varchar(500) null;
--20230920
alter table s2_user add is_admin int null;

2
launchers/standalone/src/test/java/com/tencent/supersonic/util/DataUtils.java
View File

@@ -23,7 +23,7 @@ import static java.time.LocalDate.now;
public class DataUtils { public class DataUtils {
private static final User user_test = new User(1L, "admin", "admin", "admin@email"); private static final User user_test = User.getFakeUser();
public static User getUser() { public static User getUser() {
return user_test; return user_test;

2
launchers/standalone/src/test/resources/db/data-h2.sql
View File

@@ -1,5 +1,5 @@
-- sample user -- sample user
insert into s2_user (id, `name`, password, display_name, email) values (1, 'admin','admin','admin','admin@xx.com'); insert into s2_user (id, `name`, password, display_name, email, is_admin) values (1, 'admin','admin','admin','admin@xx.com', 1);
insert into s2_user (id, `name`, password, display_name, email) values (2, 'jack','123456','jack','jack@xx.com'); insert into s2_user (id, `name`, password, display_name, email) values (2, 'jack','123456','jack','jack@xx.com');
insert into s2_user (id, `name`, password, display_name, email) values (3, 'tom','123456','tom','tom@xx.com'); insert into s2_user (id, `name`, password, display_name, email) values (3, 'tom','123456','tom','tom@xx.com');
insert into s2_user (id, `name`, password, display_name, email) values (4, 'lucy','123456','lucy','lucy@xx.com'); insert into s2_user (id, `name`, password, display_name, email) values (4, 'lucy','123456','lucy','lucy@xx.com');

1
launchers/standalone/src/test/resources/db/schema-h2.sql
View File

@@ -102,6 +102,7 @@ create table s2_user
display_name varchar(100) null, display_name varchar(100) null,
password varchar(100) null, password varchar(100) null,
email varchar(100) null, email varchar(100) null,
is_admin INT null,
PRIMARY KEY (`id`) PRIMARY KEY (`id`)
); );
COMMENT ON TABLE s2_user IS 'user information table'; COMMENT ON TABLE s2_user IS 'user information table';

6
semantic/model/src/main/java/com/tencent/supersonic/semantic/model/application/DatabaseServiceImpl.java
View File

@@ -72,7 +72,8 @@ public class DatabaseServiceImpl implements DatabaseService {
private void fillPermission(List<DatabaseResp> databaseResps, User user) { private void fillPermission(List<DatabaseResp> databaseResps, User user) {
databaseResps.forEach(databaseResp -> { databaseResps.forEach(databaseResp -> {
if (databaseResp.getAdmins().contains(user.getName()) if (databaseResp.getAdmins().contains(user.getName())
|| user.getName().equalsIgnoreCase(databaseResp.getCreatedBy())) { || user.getName().equalsIgnoreCase(databaseResp.getCreatedBy())
|| user.isSuperAdmin()) {
databaseResp.setHasPermission(true); databaseResp.setHasPermission(true);
databaseResp.setHasEditPermission(true); databaseResp.setHasEditPermission(true);
databaseResp.setHasUsePermission(true); databaseResp.setHasUsePermission(true);
@@ -111,7 +112,8 @@ public class DatabaseServiceImpl implements DatabaseService {
List<String> viewers = databaseResp.getViewers(); List<String> viewers = databaseResp.getViewers();
if (!admins.contains(user.getName()) if (!admins.contains(user.getName())
&& !viewers.contains(user.getName()) && !viewers.contains(user.getName())
&& !databaseResp.getCreatedBy().equalsIgnoreCase(user.getName())) { && !databaseResp.getCreatedBy().equalsIgnoreCase(user.getName())
&& !user.isSuperAdmin()) {
String message = String.format("您暂无当前数据库%s权限, 请联系数据库管理员%s开通", String message = String.format("您暂无当前数据库%s权限, 请联系数据库管理员%s开通",
databaseResp.getName(), databaseResp.getName(),
String.join(",", admins)); String.join(",", admins));

29
semantic/model/src/main/java/com/tencent/supersonic/semantic/model/application/DomainServiceImpl.java
View File

@@ -96,12 +96,12 @@ public class DomainServiceImpl implements DomainService {
@Override @Override
public List<DomainResp> getDomainListWithAdminAuth(User user) { public List<DomainResp> getDomainListWithAdminAuth(User user) {
Set<DomainResp> domainWithAuthAll = getDomainAuthSet(user.getName(), AuthType.ADMIN); Set<DomainResp> domainWithAuthAll = getDomainAuthSet(user, AuthType.ADMIN);
if (!CollectionUtils.isEmpty(domainWithAuthAll)) { if (!CollectionUtils.isEmpty(domainWithAuthAll)) {
List<Long> domainIds = domainWithAuthAll.stream().map(DomainResp::getId).collect(Collectors.toList()); List<Long> domainIds = domainWithAuthAll.stream().map(DomainResp::getId).collect(Collectors.toList());
domainWithAuthAll.addAll(getParentDomain(domainIds)); domainWithAuthAll.addAll(getParentDomain(domainIds));
} }
List<ModelResp> modelResps = modelService.getModelAuthList(user.getName(), AuthType.ADMIN); List<ModelResp> modelResps = modelService.getModelAuthList(user, AuthType.ADMIN);
if (!CollectionUtils.isEmpty(modelResps)) { if (!CollectionUtils.isEmpty(modelResps)) {
List<Long> domainIds = modelResps.stream().map(ModelResp::getDomainId).collect(Collectors.toList()); List<Long> domainIds = modelResps.stream().map(ModelResp::getDomainId).collect(Collectors.toList());
domainWithAuthAll.addAll(getParentDomain(domainIds)); domainWithAuthAll.addAll(getParentDomain(domainIds));
@@ -111,18 +111,18 @@ public class DomainServiceImpl implements DomainService {
} }
@Override @Override
public Set<DomainResp> getDomainAuthSet(String userName, AuthType authTypeEnum) { public Set<DomainResp> getDomainAuthSet(User user, AuthType authTypeEnum) {
List<DomainResp> domainResps = getDomainList(); List<DomainResp> domainResps = getDomainList();
Set<String> orgIds = userService.getUserAllOrgId(userName); Set<String> orgIds = userService.getUserAllOrgId(user.getName());
List<DomainResp> domainWithAuth = Lists.newArrayList(); List<DomainResp> domainWithAuth = Lists.newArrayList();
if (authTypeEnum.equals(AuthType.ADMIN)) { if (authTypeEnum.equals(AuthType.ADMIN)) {
domainWithAuth = domainResps.stream() domainWithAuth = domainResps.stream()
.filter(domainResp -> checkAdminPermission(orgIds, userName, domainResp)) .filter(domainResp -> checkAdminPermission(orgIds, user, domainResp))
.collect(Collectors.toList()); .collect(Collectors.toList());
} }
if (authTypeEnum.equals(AuthType.VISIBLE)) { if (authTypeEnum.equals(AuthType.VISIBLE)) {
domainWithAuth = domainResps.stream() domainWithAuth = domainResps.stream()
.filter(domainResp -> checkViewerPermission(orgIds, userName, domainResp)) .filter(domainResp -> checkViewerPermission(orgIds, user, domainResp))
.collect(Collectors.toList()); .collect(Collectors.toList());
} }
List<Long> domainIds = domainWithAuth.stream().map(DomainResp::getId) List<Long> domainIds = domainWithAuth.stream().map(DomainResp::getId)
@@ -240,11 +240,13 @@ public class DomainServiceImpl implements DomainService {
} }
private boolean checkAdminPermission(Set<String> orgIds, String userName, DomainResp domainResp) { private boolean checkAdminPermission(Set<String> orgIds, User user, DomainResp domainResp) {
List<String> admins = domainResp.getAdmins(); List<String> admins = domainResp.getAdmins();
List<String> adminOrgs = domainResp.getAdminOrgs(); List<String> adminOrgs = domainResp.getAdminOrgs();
if (admins.contains(userName) || domainResp.getCreatedBy().equals(userName)) { if (user.isSuperAdmin()) {
return true;
}
if (admins.contains(user.getName()) || domainResp.getCreatedBy().equals(user.getName())) {
return true; return true;
} }
if (CollectionUtils.isEmpty(adminOrgs)) { if (CollectionUtils.isEmpty(adminOrgs)) {
@@ -258,12 +260,17 @@ public class DomainServiceImpl implements DomainService {
return false; return false;
} }
private boolean checkViewerPermission(Set<String> orgIds, String userName, DomainResp domainDesc) { private boolean checkViewerPermission(Set<String> orgIds, User user, DomainResp domainDesc) {
List<String> admins = domainDesc.getAdmins(); List<String> admins = domainDesc.getAdmins();
List<String> viewers = domainDesc.getViewers(); List<String> viewers = domainDesc.getViewers();
List<String> adminOrgs = domainDesc.getAdminOrgs(); List<String> adminOrgs = domainDesc.getAdminOrgs();
List<String> viewOrgs = domainDesc.getViewOrgs(); List<String> viewOrgs = domainDesc.getViewOrgs();
if (admins.contains(userName) || viewers.contains(userName) || domainDesc.getCreatedBy().equals(userName)) { if (user.isSuperAdmin()) {
return true;
}
if (admins.contains(user.getName())
|| viewers.contains(user.getName())
|| domainDesc.getCreatedBy().equals(user.getName())) {
return true; return true;
} }
if (CollectionUtils.isEmpty(adminOrgs) && CollectionUtils.isEmpty(viewOrgs)) { if (CollectionUtils.isEmpty(adminOrgs) && CollectionUtils.isEmpty(viewOrgs)) {

30
semantic/model/src/main/java/com/tencent/supersonic/semantic/model/application/ModelServiceImpl.java
View File

@@ -97,10 +97,10 @@ public class ModelServiceImpl implements ModelService {
} }
@Override @Override
public List<ModelResp> getModelListWithAuth(String userName, Long domainId, AuthType authType) { public List<ModelResp> getModelListWithAuth(User user, Long domainId, AuthType authType) {
List<ModelResp> modelResps = getModelAuthList(userName, authType); List<ModelResp> modelResps = getModelAuthList(user, authType);
Set<ModelResp> modelRespSet = new HashSet<>(modelResps); Set<ModelResp> modelRespSet = new HashSet<>(modelResps);
List<ModelResp> modelRespsAuthInheritDomain = getModelRespAuthInheritDomain(userName, authType); List<ModelResp> modelRespsAuthInheritDomain = getModelRespAuthInheritDomain(user, authType);
modelRespSet.addAll(modelRespsAuthInheritDomain); modelRespSet.addAll(modelRespsAuthInheritDomain);
if (domainId != null && domainId > 0) { if (domainId != null && domainId > 0) {
modelRespSet = modelRespSet.stream().filter(modelResp -> modelRespSet = modelRespSet.stream().filter(modelResp ->
@@ -109,8 +109,8 @@ public class ModelServiceImpl implements ModelService {
return fillMetricInfo(new ArrayList<>(modelRespSet)); return fillMetricInfo(new ArrayList<>(modelRespSet));
} }
public List<ModelResp> getModelRespAuthInheritDomain(String userName, AuthType authType) { public List<ModelResp> getModelRespAuthInheritDomain(User user, AuthType authType) {
Set<DomainResp> domainResps = domainService.getDomainAuthSet(userName, authType); Set<DomainResp> domainResps = domainService.getDomainAuthSet(user, authType);
if (CollectionUtils.isEmpty(domainResps)) { if (CollectionUtils.isEmpty(domainResps)) {
return Lists.newArrayList(); return Lists.newArrayList();
} }
@@ -121,18 +121,18 @@ public class ModelServiceImpl implements ModelService {
} }
@Override @Override
public List<ModelResp> getModelAuthList(String userName, AuthType authTypeEnum) { public List<ModelResp> getModelAuthList(User user, AuthType authTypeEnum) {
List<ModelResp> modelResps = getModelList(); List<ModelResp> modelResps = getModelList();
Set<String> orgIds = userService.getUserAllOrgId(userName); Set<String> orgIds = userService.getUserAllOrgId(user.getName());
List<ModelResp> modelWithAuth = Lists.newArrayList(); List<ModelResp> modelWithAuth = Lists.newArrayList();
if (authTypeEnum.equals(AuthType.ADMIN)) { if (authTypeEnum.equals(AuthType.ADMIN)) {
modelWithAuth = modelResps.stream() modelWithAuth = modelResps.stream()
.filter(modelResp -> checkAdminPermission(orgIds, userName, modelResp)) .filter(modelResp -> checkAdminPermission(orgIds, user, modelResp))
.collect(Collectors.toList()); .collect(Collectors.toList());
} }
if (authTypeEnum.equals(AuthType.VISIBLE)) { if (authTypeEnum.equals(AuthType.VISIBLE)) {
modelWithAuth = modelResps.stream() modelWithAuth = modelResps.stream()
.filter(domainResp -> checkViewerPermission(orgIds, userName, domainResp)) .filter(domainResp -> checkViewerPermission(orgIds, user, domainResp))
.collect(Collectors.toList()); .collect(Collectors.toList());
} }
return modelWithAuth; return modelWithAuth;
@@ -325,9 +325,13 @@ public class ModelServiceImpl implements ModelService {
return new ArrayList<>(getModelMap().keySet()); return new ArrayList<>(getModelMap().keySet());
} }
public static boolean checkAdminPermission(Set<String> orgIds, String userName, ModelResp modelResp) { public static boolean checkAdminPermission(Set<String> orgIds, User user, ModelResp modelResp) {
List<String> admins = modelResp.getAdmins(); List<String> admins = modelResp.getAdmins();
List<String> adminOrgs = modelResp.getAdminOrgs(); List<String> adminOrgs = modelResp.getAdminOrgs();
if (user.isSuperAdmin()) {
return true;
}
String userName = user.getName();
if (admins.contains(userName) || modelResp.getCreatedBy().equals(userName)) { if (admins.contains(userName) || modelResp.getCreatedBy().equals(userName)) {
return true; return true;
} }
@@ -342,14 +346,18 @@ public class ModelServiceImpl implements ModelService {
return false; return false;
} }
public static boolean checkViewerPermission(Set<String> orgIds, String userName, ModelResp modelResp) { public static boolean checkViewerPermission(Set<String> orgIds, User user, ModelResp modelResp) {
List<String> admins = modelResp.getAdmins(); List<String> admins = modelResp.getAdmins();
List<String> viewers = modelResp.getViewers(); List<String> viewers = modelResp.getViewers();
List<String> adminOrgs = modelResp.getAdminOrgs(); List<String> adminOrgs = modelResp.getAdminOrgs();
List<String> viewOrgs = modelResp.getViewOrgs(); List<String> viewOrgs = modelResp.getViewOrgs();
if (user.isSuperAdmin()) {
return true;
}
if (modelResp.openToAll()) { if (modelResp.openToAll()) {
return true; return true;
} }
String userName = user.getName();
if (admins.contains(userName) || viewers.contains(userName) || modelResp.getCreatedBy().equals(userName)) { if (admins.contains(userName) || viewers.contains(userName) || modelResp.getCreatedBy().equals(userName)) {
return true; return true;
} }

2
semantic/model/src/main/java/com/tencent/supersonic/semantic/model/domain/DomainService.java
View File

@@ -30,7 +30,7 @@ public interface DomainService {
List<DomainResp> getDomainListWithAdminAuth(User user); List<DomainResp> getDomainListWithAdminAuth(User user);
Set<DomainResp> getDomainAuthSet(String userName, AuthType authTypeEnum); Set<DomainResp> getDomainAuthSet(User user, AuthType authTypeEnum);
Set<DomainResp> getDomainChildren(List<Long> domainId); Set<DomainResp> getDomainChildren(List<Long> domainId);

4
semantic/model/src/main/java/com/tencent/supersonic/semantic/model/domain/ModelService.java
View File

@@ -13,9 +13,9 @@ import java.util.Map;
public interface ModelService { public interface ModelService {
List<ModelResp> getModelListWithAuth(String userName, Long domainId, AuthType authType); List<ModelResp> getModelListWithAuth(User user, Long domainId, AuthType authType);
List<ModelResp> getModelAuthList(String userName, AuthType authTypeEnum); List<ModelResp> getModelAuthList(User user, AuthType authTypeEnum);
List<ModelResp> getModelByDomainIds(List<Long> domainIds); List<ModelResp> getModelByDomainIds(List<Long> domainIds);

2
semantic/model/src/main/java/com/tencent/supersonic/semantic/model/rest/ModelController.java
View File

@@ -60,7 +60,7 @@ public class ModelController {
HttpServletRequest request, HttpServletRequest request,
HttpServletResponse response) { HttpServletResponse response) {
User user = UserHolder.findUser(request, response); User user = UserHolder.findUser(request, response);
return modelService.getModelListWithAuth(user.getName(), domainId, AuthType.ADMIN); return modelService.getModelListWithAuth(user, domainId, AuthType.ADMIN);
} }

2
semantic/query/src/main/java/com/tencent/supersonic/semantic/query/service/SchemaServiceImpl.java
View File

@@ -126,7 +126,7 @@ public class SchemaServiceImpl implements SchemaService {
@Override @Override
public List<ModelResp> getModelList(User user, AuthType authTypeEnum, Long domainId) { public List<ModelResp> getModelList(User user, AuthType authTypeEnum, Long domainId) {
return modelService.getModelListWithAuth(user.getName(), domainId, authTypeEnum); return modelService.getModelListWithAuth(user, domainId, authTypeEnum);
} }
} }

4
semantic/query/src/main/java/com/tencent/supersonic/semantic/query/utils/DataPermissionAOP.java
View File

@@ -140,7 +140,7 @@ public class DataPermissionAOP {
private boolean doModelAdmin(User user, QueryStructReq queryStructReq) { private boolean doModelAdmin(User user, QueryStructReq queryStructReq) {
Long modelId = queryStructReq.getModelId(); Long modelId = queryStructReq.getModelId();
List<ModelResp> modelListAdmin = modelService.getModelListWithAuth(user.getName(), null, AuthType.ADMIN); List<ModelResp> modelListAdmin = modelService.getModelListWithAuth(user, null, AuthType.ADMIN);
if (CollectionUtils.isEmpty(modelListAdmin)) { if (CollectionUtils.isEmpty(modelListAdmin)) {
return false; return false;
} else { } else {
@@ -153,7 +153,7 @@ public class DataPermissionAOP {
private void doModelVisible(User user, QueryStructReq queryStructReq) { private void doModelVisible(User user, QueryStructReq queryStructReq) {
Boolean visible = true; Boolean visible = true;
Long modelId = queryStructReq.getModelId(); Long modelId = queryStructReq.getModelId();
List<ModelResp> modelListVisible = modelService.getModelListWithAuth(user.getName(), null, AuthType.VISIBLE); List<ModelResp> modelListVisible = modelService.getModelListWithAuth(user, null, AuthType.VISIBLE);
if (CollectionUtils.isEmpty(modelListVisible)) { if (CollectionUtils.isEmpty(modelListVisible)) {
visible = false; visible = false;
} else { } else {