WIP

minwoox · Nov 21, 2024 · c06e107 · c06e107
1 parent 35459a1
commit c06e107
Show file tree

Hide file tree

Showing 40 changed files with 1,014 additions and 931 deletions.
diff --git a/.../src/main/java/com/linecorp/centraldogma/internal/client/armeria/ArmeriaCentralDogma.java b/.../src/main/java/com/linecorp/centraldogma/internal/client/armeria/ArmeriaCentralDogma.java
@@ -906,8 +906,8 @@ private <T> CompletableFuture<T> watch(Revision lastKnownRevision, long timeoutM
     }
 
     private static void validateProjectName(String projectName) {
-        // We don't know if the token has the permission to access internal projects.
-        // The server will reject the request if the token does not have the permission.
+        // We don't know if the token has the role to access internal projects.
+        // The server will reject the request if the token does not have the required role.
         Util.validateProjectName(projectName, "projectName", true);
     }
 

diff --git a/common/src/main/java/com/linecorp/centraldogma/common/ProjectRole.java b/common/src/main/java/com/linecorp/centraldogma/common/ProjectRole.java
@@ -54,4 +54,19 @@ public static ProjectRole of(JsonNode node) {
             throw new IllegalArgumentException(e);
         }
     }
+
+    /**
+     * Returns {@code true} if this {@link ProjectRole} has the specified {@link ProjectRole}.
+     */
+    public boolean has(ProjectRole other) {
+        requireNonNull(other, "other");
+        if (this == OWNER) {
+            return true;
+        }
+        if (this == MEMBER) {
+            return other != OWNER;
+        }
+        // this == GUEST
+        return this == other;
+    }
 }
diff --git a/common/src/main/java/com/linecorp/centraldogma/common/RepositoryRole.java b/common/src/main/java/com/linecorp/centraldogma/common/RepositoryRole.java
@@ -0,0 +1,51 @@
+/*
+ * Copyright 2024 LINE Corporation
+ *
+ * LINE Corporation licenses this file to you under the Apache License,
+ * version 2.0 (the "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at:
+ *
+ *   https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+package com.linecorp.centraldogma.common;
+
+import static java.util.Objects.requireNonNull;
+
+/**
+ * Roles for a repository.
+ */
+public enum RepositoryRole {
+    /**
+     * Able to read a file from a repository.
+     */
+    READ,
+    /**
+     * Able to write a file to a repository.
+     */
+    WRITE,
+    /**
+     * Able to manage a repository.
+     */
+    ADMIN;
+
+    /**
+     * Returns {@code true} if this {@link RepositoryRole} has the specified {@link RepositoryRole}.
+     */
+    public boolean has(RepositoryRole other) {
+        requireNonNull(other, "other");
+        if (this == ADMIN) {
+            return true;
+        }
+        if (this == WRITE) {
+            return other != ADMIN;
+        }
+        // this == READ
+        return this == other;
+    }
+}
diff --git a/common/src/main/java/com/linecorp/centraldogma/internal/Jackson.java b/common/src/main/java/com/linecorp/centraldogma/internal/Jackson.java
@@ -28,9 +28,12 @@
 import java.util.Iterator;
 import java.util.Set;
 
+import javax.annotation.Nullable;
+
 import com.fasterxml.jackson.core.JsonFactory;
 import com.fasterxml.jackson.core.JsonGenerator;
 import com.fasterxml.jackson.core.JsonParseException;
+import com.fasterxml.jackson.core.JsonParser;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.core.TreeNode;
 import com.fasterxml.jackson.core.io.JsonStringEncoder;
@@ -185,6 +188,10 @@ public static <T> T readValue(File file, TypeReference<T> typeReference) throws
         return compactMapper.readValue(file, typeReference);
     }
 
+    public static <T> T readValue(JsonParser jp, TypeReference<T> typeReference) throws IOException {
+        return compactMapper.readValue(jp, typeReference);
+    }
+
     public static JsonNode readTree(String data) throws JsonParseException {
         try {
             return compactMapper.readTree(data);
@@ -231,7 +238,7 @@ public static String writeValueAsPrettyString(Object value) throws JsonProcessin
         }
     }
 
-    public static <T extends JsonNode> T valueToTree(Object value) {
+    public static <T extends JsonNode> T valueToTree(@Nullable Object value) {
         return compactMapper.valueToTree(value);
     }
 

diff --git a/...rmission/src/test/java/com/linecorp/centraldogma/server/test/XdsMemberPermissionTest.java b/...rmission/src/test/java/com/linecorp/centraldogma/server/test/XdsMemberPermissionTest.java
@@ -144,7 +144,7 @@ void shouldAllowMembersToAccessInternalProjects() throws Exception {
                                 .execute().status())
                 .isEqualTo(HttpStatus.FORBIDDEN);
 
-        // Grant the user permission to access the internal project.
+        // Grant the user role to access the internal project.
         final AggregatedHttpResponse res =
                 adminWebClient.prepare()
                               .post("/api/v1/metadata/@xds/members")
@@ -154,7 +154,7 @@ void shouldAllowMembersToAccessInternalProjects() throws Exception {
 
         // @xds project should be visible to member users.
         assertThat(userClient.listProjects().join()).containsOnly("foo", "@xds");
-        // Read and write permission should be granted as well.
+        // Read and write should be granted as well.
         userRepo.commit("Update test.txt", Change.ofTextUpsert("/text.txt", "bar"))
                 .push()
                 .join();

diff --git a/server/src/main/java/com/linecorp/centraldogma/server/CentralDogma.java b/server/src/main/java/com/linecorp/centraldogma/server/CentralDogma.java
@@ -143,9 +143,8 @@
 import com.linecorp.centraldogma.server.internal.api.TokenService;
 import com.linecorp.centraldogma.server.internal.api.WatchService;
 import com.linecorp.centraldogma.server.internal.api.auth.ApplicationTokenAuthorizer;
-import com.linecorp.centraldogma.server.internal.api.auth.RequiresPermissionDecorator.RequiresReadPermissionDecoratorFactory;
-import com.linecorp.centraldogma.server.internal.api.auth.RequiresPermissionDecorator.RequiresWritePermissionDecoratorFactory;
-import com.linecorp.centraldogma.server.internal.api.auth.RequiresRoleDecorator.RequiresRoleDecoratorFactory;
+import com.linecorp.centraldogma.server.internal.api.auth.RequiresProjectRoleDecorator.RequiresProjectRoleDecoratorFactory;
+import com.linecorp.centraldogma.server.internal.api.auth.RequiresRepositoryRoleDecorator.RequiresRepositoryRoleDecoratorFactory;
 import com.linecorp.centraldogma.server.internal.api.converter.HttpApiRequestConverter;
 import com.linecorp.centraldogma.server.internal.mirror.DefaultMirroringServicePlugin;
 import com.linecorp.centraldogma.server.internal.mirror.MirrorRunner;
@@ -837,9 +836,8 @@ private void configureHttpApi(ServerBuilder sb,
                 // See JacksonRequestConverterFunctionTest
                 new JacksonRequestConverterFunction(new ObjectMapper()),
                 new HttpApiRequestConverter(projectApiManager),
-                new RequiresReadPermissionDecoratorFactory(mds),
-                new RequiresWritePermissionDecoratorFactory(mds),
-                new RequiresRoleDecoratorFactory(mds)
+                new RequiresRepositoryRoleDecoratorFactory(mds),
+                new RequiresProjectRoleDecoratorFactory(mds)
         );
         sb.dependencyInjector(dependencyInjector, false)
           // TODO(ikhoon): Consider exposing ReflectiveDependencyInjector as a public API via

diff --git a/.../main/java/com/linecorp/centraldogma/server/internal/admin/service/RepositoryService.java b/.../main/java/com/linecorp/centraldogma/server/internal/admin/service/RepositoryService.java
@@ -47,6 +47,7 @@
 import com.linecorp.centraldogma.common.Markup;
 import com.linecorp.centraldogma.common.Query;
 import com.linecorp.centraldogma.common.QueryType;
+import com.linecorp.centraldogma.common.RepositoryRole;
 import com.linecorp.centraldogma.common.Revision;
 import com.linecorp.centraldogma.internal.Jackson;
 import com.linecorp.centraldogma.server.command.Command;
@@ -59,16 +60,15 @@
 import com.linecorp.centraldogma.server.internal.admin.dto.RevisionDto;
 import com.linecorp.centraldogma.server.internal.admin.util.RestfulJsonResponseConverter;
 import com.linecorp.centraldogma.server.internal.api.AbstractService;
-import com.linecorp.centraldogma.server.internal.api.auth.RequiresReadPermission;
-import com.linecorp.centraldogma.server.internal.api.auth.RequiresWritePermission;
+import com.linecorp.centraldogma.server.internal.api.auth.RequiresRepositoryRole;
 import com.linecorp.centraldogma.server.internal.storage.project.ProjectApiManager;
 import com.linecorp.centraldogma.server.metadata.User;
 import com.linecorp.centraldogma.server.storage.repository.Repository;
 
 /**
  * Annotated service object for managing repositories.
  */
-@RequiresReadPermission
+@RequiresRepositoryRole(RepositoryRole.READ)
 @ResponseConverter(RestfulJsonResponseConverter.class)
 public class RepositoryService extends AbstractService {
 
@@ -122,7 +122,7 @@ public CompletionStage<EntryDto> getFile(@Param String projectName,
     @Post
     @Put
     @Path("/projects/{projectName}/repositories/{repoName}/files/revisions/{revision}")
-    @RequiresWritePermission
+    @RequiresRepositoryRole(RepositoryRole.WRITE)
     public CompletionStage<Object> addOrEditFile(@Param String projectName,
                                                  @Param String repoName,
                                                  @Param String revision,
@@ -146,7 +146,7 @@ public CompletionStage<Object> addOrEditFile(@Param String projectName,
      */
     @Post("regex:/projects/(?<projectName>[^/]+)/repositories/(?<repoName>[^/]+)" +
           "/delete/revisions/(?<revision>[^/]+)(?<path>/.*$)")
-    @RequiresWritePermission
+    @RequiresRepositoryRole(RepositoryRole.WRITE)
     public HttpResponse deleteFile(@Param String projectName,
                                    @Param String repoName,
                                    @Param String revision,

diff --git a/server/src/main/java/com/linecorp/centraldogma/server/internal/api/ContentServiceV1.java b/server/src/main/java/com/linecorp/centraldogma/server/internal/api/ContentServiceV1.java
@@ -66,6 +66,7 @@
 import com.linecorp.centraldogma.common.Markup;
 import com.linecorp.centraldogma.common.MergeQuery;
 import com.linecorp.centraldogma.common.Query;
+import com.linecorp.centraldogma.common.RepositoryRole;
 import com.linecorp.centraldogma.common.Revision;
 import com.linecorp.centraldogma.common.RevisionRange;
 import com.linecorp.centraldogma.common.ShuttingDownException;
@@ -79,8 +80,7 @@
 import com.linecorp.centraldogma.server.command.CommandExecutor;
 import com.linecorp.centraldogma.server.command.CommitResult;
 import com.linecorp.centraldogma.server.internal.admin.auth.AuthUtil;
-import com.linecorp.centraldogma.server.internal.api.auth.RequiresReadPermission;
-import com.linecorp.centraldogma.server.internal.api.auth.RequiresWritePermission;
+import com.linecorp.centraldogma.server.internal.api.auth.RequiresRepositoryRole;
 import com.linecorp.centraldogma.server.internal.api.converter.ChangesRequestConverter;
 import com.linecorp.centraldogma.server.internal.api.converter.CommitMessageRequestConverter;
 import com.linecorp.centraldogma.server.internal.api.converter.MergeQueryRequestConverter;
@@ -99,7 +99,7 @@
  * Annotated service object for managing and watching contents.
  */
 @ProducesJson
-@RequiresReadPermission
+@RequiresRepositoryRole(RepositoryRole.READ)
 @RequestConverter(CommitMessageRequestConverter.class)
 public class ContentServiceV1 extends AbstractService {
 
@@ -189,7 +189,7 @@ private static String normalizePath(String path) {
      */
     @Post("/projects/{projectName}/repos/{repoName}/contents")
     @ConsumesJson
-    @RequiresWritePermission
+    @RequiresRepositoryRole(RepositoryRole.WRITE)
     public CompletableFuture<PushResultDto> push(
             ServiceRequestContext ctx,
             @Param @Default("-1") String revision,

diff --git a/server/src/main/java/com/linecorp/centraldogma/server/internal/api/CredentialServiceV1.java b/server/src/main/java/com/linecorp/centraldogma/server/internal/api/CredentialServiceV1.java
@@ -34,14 +34,14 @@
 import com.linecorp.centraldogma.common.Author;
 import com.linecorp.centraldogma.common.Change;
 import com.linecorp.centraldogma.common.Markup;
+import com.linecorp.centraldogma.common.RepositoryRole;
 import com.linecorp.centraldogma.common.Revision;
 import com.linecorp.centraldogma.internal.api.v1.PushResultDto;
 import com.linecorp.centraldogma.server.command.Command;
 import com.linecorp.centraldogma.server.command.CommandExecutor;
 import com.linecorp.centraldogma.server.command.CommitResult;
 import com.linecorp.centraldogma.server.credential.Credential;
-import com.linecorp.centraldogma.server.internal.api.auth.RequiresReadPermission;
-import com.linecorp.centraldogma.server.internal.api.auth.RequiresWritePermission;
+import com.linecorp.centraldogma.server.internal.api.auth.RequiresRepositoryRole;
 import com.linecorp.centraldogma.server.internal.storage.project.ProjectApiManager;
 import com.linecorp.centraldogma.server.metadata.User;
 import com.linecorp.centraldogma.server.storage.project.Project;
@@ -65,7 +65,7 @@ public CredentialServiceV1(ProjectApiManager projectApiManager, CommandExecutor
      *
      * <p>Returns the list of the credentials in the project.
      */
-    @RequiresReadPermission(repository = Project.REPO_META)
+    @RequiresRepositoryRole(value = RepositoryRole.READ, repository = Project.REPO_META)
     @Get("/projects/{projectName}/credentials")
     public CompletableFuture<List<Credential>> listCredentials(User loginUser,
                                                                @Param String projectName) {
@@ -86,7 +86,7 @@ public CompletableFuture<List<Credential>> listCredentials(User loginUser,
      *
      * <p>Returns the credential for the ID in the project.
      */
-    @RequiresReadPermission(repository = Project.REPO_META)
+    @RequiresRepositoryRole(value = RepositoryRole.READ, repository = Project.REPO_META)
     @Get("/projects/{projectName}/credentials/{id}")
     public CompletableFuture<Credential> getCredentialById(User loginUser,
                                                            @Param String projectName, @Param String id) {
@@ -102,10 +102,10 @@ public CompletableFuture<Credential> getCredentialById(User loginUser,
      *
      * <p>Creates a new credential.
      */
-    @RequiresWritePermission(repository = Project.REPO_META)
-    @Post("/projects/{projectName}/credentials")
     @ConsumesJson
     @StatusCode(201)
+    @Post("/projects/{projectName}/credentials")
+    @RequiresRepositoryRole(value = RepositoryRole.WRITE, repository = Project.REPO_META)
     public CompletableFuture<PushResultDto> createCredential(@Param String projectName,
                                                              Credential credential, Author author, User user) {
         return createOrUpdate(projectName, credential, author, user, false);
@@ -116,9 +116,9 @@ public CompletableFuture<PushResultDto> createCredential(@Param String projectNa
      *
      * <p>Update the existing credential.
      */
-    @RequiresWritePermission(repository = Project.REPO_META)
-    @Put("/projects/{projectName}/credentials/{id}")
     @ConsumesJson
+    @Put("/projects/{projectName}/credentials/{id}")
+    @RequiresRepositoryRole(value = RepositoryRole.WRITE, repository = Project.REPO_META)
     public CompletableFuture<PushResultDto> updateCredential(@Param String projectName, @Param String id,
                                                              Credential credential, Author author, User user) {
         checkArgument(id.equals(credential.id()), "The credential ID (%s) can't be updated", id);
@@ -130,8 +130,8 @@ public CompletableFuture<PushResultDto> updateCredential(@Param String projectNa
      *
      * <p>Delete the existing credential.
      */
-    @RequiresWritePermission(repository = Project.REPO_META)
     @Delete("/projects/{projectName}/credentials/{id}")
+    @RequiresRepositoryRole(value = RepositoryRole.WRITE, repository = Project.REPO_META)
     public CompletableFuture<Void> deleteCredential(@Param String projectName,
                                                     @Param String id, Author author, User user) {
         final MetaRepository metaRepository = metaRepo(projectName, user);

diff --git a/server/src/main/java/com/linecorp/centraldogma/server/internal/api/GitHttpService.java b/server/src/main/java/com/linecorp/centraldogma/server/internal/api/GitHttpService.java
@@ -50,7 +50,8 @@
 import com.linecorp.armeria.server.annotation.Param;
 import com.linecorp.armeria.server.annotation.Post;
 import com.linecorp.armeria.server.annotation.RequestConverter;
-import com.linecorp.centraldogma.server.internal.api.auth.RequiresReadPermission;
+import com.linecorp.centraldogma.common.RepositoryRole;
+import com.linecorp.centraldogma.server.internal.api.auth.RequiresRepositoryRole;
 import com.linecorp.centraldogma.server.internal.api.converter.HttpApiRequestConverter;
 import com.linecorp.centraldogma.server.internal.storage.project.ProjectApiManager;
 import com.linecorp.centraldogma.server.metadata.User;
@@ -60,7 +61,7 @@
  * A service that provides Git HTTP protocol.
  */
 @RequestConverter(HttpApiRequestConverter.class)
-@RequiresReadPermission
+@RequiresRepositoryRole(RepositoryRole.READ)
 public final class GitHttpService {
 
     private static final Logger logger = LoggerFactory.getLogger(GitHttpService.class);