The error message is not user-friendly when adding duplicate permissi… (

#12805) * The error message is not user-friendly when adding duplicate permissions. (#12273) * The error message is not user-friendly when adding duplicate permissions. (#12773) * add some unit test. * fix ci fail.
alibaba · Dec 5, 2024 · 66705e3 · 66705e3
1 parent 7651eb3
commit 66705e3
Show file tree

Hide file tree

Showing 4 changed files with 63 additions and 0 deletions.
diff --git a/...gin/src/main/java/com/alibaba/nacos/plugin/auth/impl/controller/PermissionController.java b/...gin/src/main/java/com/alibaba/nacos/plugin/auth/impl/controller/PermissionController.java
@@ -16,6 +16,7 @@
 
 package com.alibaba.nacos.plugin.auth.impl.controller;
 
+import com.alibaba.nacos.api.model.v2.Result;
 import com.alibaba.nacos.auth.annotation.Secured;
 import com.alibaba.nacos.common.model.RestResultUtils;
 import com.alibaba.nacos.common.utils.StringUtils;
@@ -105,4 +106,18 @@ public Object deletePermission(@RequestParam String role, @RequestParam String r
         nacosRoleService.deletePermission(role, resource, action);
         return RestResultUtils.success("delete permission ok!");
     }
+
+    /**
+     * Judge whether a permission is duplicate.
+     *
+     * @param role     the role
+     * @param resource the related resource
+     * @param action   the related action
+     * @return true if duplicate, false otherwise
+     */
+    @GetMapping
+    @Secured(resource = AuthConstants.CONSOLE_RESOURCE_NAME_PREFIX + "permissions", action = ActionTypes.READ)
+    public Result<Boolean> isDuplicatePermission(@RequestParam String role, @RequestParam String resource, @RequestParam String action) {
+        return nacosRoleService.isDuplicatePermission(role, resource, action);
+    }
 }
diff --git a/...h-plugin/src/main/java/com/alibaba/nacos/plugin/auth/impl/roles/NacosRoleServiceImpl.java b/...h-plugin/src/main/java/com/alibaba/nacos/plugin/auth/impl/roles/NacosRoleServiceImpl.java
@@ -16,6 +16,7 @@
 
 package com.alibaba.nacos.plugin.auth.impl.roles;
 
+import com.alibaba.nacos.api.model.v2.Result;
 import com.alibaba.nacos.auth.config.AuthConfigs;
 import com.alibaba.nacos.common.utils.CollectionUtils;
 import com.alibaba.nacos.common.utils.ConcurrentHashSet;
@@ -370,5 +371,28 @@ public boolean hasGlobalAdminRole() {
         authConfigs.setHasGlobalAdminRole(hasGlobalAdminRole);
         return hasGlobalAdminRole;
     }
+
+    /**
+     * judge whether the permission is duplicate.
+     *
+     * @param role role name
+     * @param resource resource
+     * @param action action
+     * @return true if duplicate, false otherwise
+     */
+    public Result<Boolean> isDuplicatePermission(String role, String resource, String action) {
+        List<PermissionInfo> permissionInfos = getPermissions(role);
+        if (CollectionUtils.isEmpty(permissionInfos)) {
+            return Result.success(Boolean.FALSE);
+        }
+        for (PermissionInfo permissionInfo : permissionInfos) {
+            boolean resourceMatch = StringUtils.equals(resource, permissionInfo.getResource());
+            boolean actionMatch = StringUtils.equals(action, permissionInfo.getAction()) || "rw".equals(permissionInfo.getAction());
+            if (resourceMatch && actionMatch) {
+                return Result.success(Boolean.TRUE);
+            }
+        }
+        return Result.success(Boolean.FALSE);
+    }
 
 }
diff --git a/...src/test/java/com/alibaba/nacos/plugin/auth/impl/controller/PermissionControllerTest.java b/...src/test/java/com/alibaba/nacos/plugin/auth/impl/controller/PermissionControllerTest.java
@@ -16,6 +16,7 @@
 
 package com.alibaba.nacos.plugin.auth.impl.controller;
 
+import com.alibaba.nacos.api.model.v2.Result;
 import com.alibaba.nacos.common.model.RestResult;
 import com.alibaba.nacos.persistence.model.Page;
 import com.alibaba.nacos.plugin.auth.impl.persistence.PermissionInfo;
@@ -86,4 +87,12 @@ void testDeletePermission() {
         assertEquals(200, result.getCode());
     }
 
+    @Test
+    void testDuplicatePermission() {
+        when(nacosRoleService.isDuplicatePermission(anyString(), anyString(), anyString())).thenReturn(
+                Result.success(Boolean.TRUE));
+        Result<Boolean> result = permissionController.isDuplicatePermission("admin", "test", "test");
+        assertEquals(0, result.getCode());
+    }
+
 }
diff --git a/...ugin/src/test/java/com/alibaba/nacos/plugin/auth/impl/roles/NacosRoleServiceImplTest.java b/...ugin/src/test/java/com/alibaba/nacos/plugin/auth/impl/roles/NacosRoleServiceImplTest.java
@@ -36,6 +36,7 @@
 
 import java.lang.reflect.Field;
 import java.lang.reflect.Method;
+import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
 import java.util.Properties;
@@ -45,6 +46,8 @@
 import static org.junit.jupiter.api.Assertions.assertNotNull;
 import static org.junit.jupiter.api.Assertions.assertNull;
 import static org.junit.jupiter.api.Assertions.assertTrue;
+import static org.mockito.Mockito.spy;
+import static org.mockito.Mockito.when;
 
 /**
  * NacosRoleServiceImpl Test.
@@ -203,4 +206,16 @@ void joinResource() throws Exception {
         Object invoke = method.invoke(nacosRoleService, new Resource[] {resource});
         assertNotNull(invoke);
     }
+
+    @Test
+    void duplicatePermission() {
+        List<PermissionInfo> permissionInfos = new ArrayList<>();
+        PermissionInfo permissionInfo = new PermissionInfo();
+        permissionInfo.setAction("rw");
+        permissionInfo.setResource("test");
+        permissionInfos.add(permissionInfo);
+        NacosRoleServiceImpl spy = spy(nacosRoleService);
+        when(spy.getPermissions("admin")).thenReturn(permissionInfos);
+        spy.isDuplicatePermission("admin", "test", "r");
+    }
 }