Skip to content

Commit

Permalink
feat: add admin-ui scopes in config-api-rs-protect.json #3508
Browse files Browse the repository at this point in the history
  • Loading branch information
@duttarnab
duttarnab committed Jan 4, 2023
1 parent 255f8f3 commit 5e64713
Show file tree
Hide file tree
Showing 4 changed files with 118 additions and 68 deletions.
10 changes: 6 additions & 4 deletions ...admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/rest/license/LicenseResource.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,9 +5,11 @@
import io.jans.ca.plugin.adminui.model.auth.LicenseRequest;
import io.jans.ca.plugin.adminui.model.auth.LicenseResponse;
import io.jans.ca.plugin.adminui.service.license.LicenseDetailsService;
import io.jans.ca.plugin.adminui.utils.AppConstants;
import io.jans.ca.plugin.adminui.utils.ErrorResponse;
import io.jans.configapi.core.rest.ProtectedApi;

import io.jans.configapi.util.ApiAccessConstants;
import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.parameters.RequestBody;
import io.swagger.v3.oas.annotations.media.Content;
Expand Down Expand Up @@ -53,7 +55,7 @@ public class LicenseResource {
@ApiResponse(responseCode = "500", description = "InternalServerError", content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = LicenseApiResponse.class, description = "License response")))})
@GET
@Path(IS_ACTIVE)
@ProtectedApi(scopes = {SCOPE_LICENSE_READ}, groupScopes = {SCOPE_LICENSE_WRITE})
@ProtectedApi(scopes = {SCOPE_LICENSE_READ}, groupScopes = {SCOPE_LICENSE_WRITE}, superScopes = { AppConstants.SCOPE_ADMINUI_READ })
@Produces(MediaType.APPLICATION_JSON)
public Response isActive() {
LicenseApiResponse licenseResponse = null;
Expand All @@ -79,7 +81,7 @@ public Response isActive() {
@ApiResponse(responseCode = "500", description = "InternalServerError", content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = LicenseApiResponse.class, description = "License response")))})
@POST
@Path(ACTIVATE_LICENSE)
@ProtectedApi(scopes = {SCOPE_LICENSE_WRITE})
@ProtectedApi(scopes = {SCOPE_LICENSE_WRITE}, superScopes = { AppConstants.SCOPE_ADMINUI_WRITE })
@Produces(MediaType.APPLICATION_JSON)
public Response activateLicense(@Valid @NotNull LicenseRequest licenseRequest) {
LicenseApiResponse licenseResponse = null;
Expand All @@ -105,7 +107,7 @@ public Response activateLicense(@Valid @NotNull LicenseRequest licenseRequest) {
@ApiResponse(responseCode = "500", description = "InternalServerError", content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = LicenseApiResponse.class, description = "License response")))})
@POST
@Path(SAVE_API_CREDENTIALS)
@ProtectedApi(scopes = {SCOPE_LICENSE_WRITE})
@ProtectedApi(scopes = {SCOPE_LICENSE_WRITE}, superScopes = { AppConstants.SCOPE_ADMINUI_WRITE })
@Produces(MediaType.APPLICATION_JSON)
public Response saveLicenseCredentials(@Valid @NotNull LicenseSpringCredentials licenseSpringCredentials) {
LicenseApiResponse licenseResponse = null;
Expand All @@ -130,7 +132,7 @@ public Response saveLicenseCredentials(@Valid @NotNull LicenseSpringCredentials
@ApiResponse(responseCode = "500", description = "InternalServerError")})
@GET
@Path(LICENSE_DETAILS)
@ProtectedApi(scopes = {SCOPE_LICENSE_READ}, groupScopes = {SCOPE_LICENSE_WRITE})
@ProtectedApi(scopes = {SCOPE_LICENSE_READ}, groupScopes = {SCOPE_LICENSE_WRITE}, superScopes = { AppConstants.SCOPE_ADMINUI_READ })
@Produces(MediaType.APPLICATION_JSON)
public Response getLicenseDetails() {
try {
Expand Down
31 changes: 16 additions & 15 deletions ...n-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/rest/user/UserManagementResource.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
import io.jans.as.model.config.adminui.RolePermissionMapping;
import io.jans.ca.plugin.adminui.model.exception.ApplicationException;
import io.jans.ca.plugin.adminui.service.user.UserManagementService;
import io.jans.ca.plugin.adminui.utils.AppConstants;
import io.jans.ca.plugin.adminui.utils.ErrorResponse;
import io.jans.configapi.core.rest.ProtectedApi;
import io.swagger.v3.oas.annotations.Operation;
Expand Down Expand Up @@ -62,7 +63,7 @@ public class UserManagementResource {
@GET
@Path(ROLES)
@Produces(MediaType.APPLICATION_JSON)
@ProtectedApi(scopes = {SCOPE_ROLE_READ}, groupScopes = {SCOPE_ROLE_WRITE})
@ProtectedApi(scopes = {SCOPE_ROLE_READ}, groupScopes = {SCOPE_ROLE_WRITE}, superScopes = {AppConstants.SCOPE_ADMINUI_READ})
public Response getAllRoles() {
try {
log.info("Get all Admin-UI roles.");
Expand Down Expand Up @@ -90,7 +91,7 @@ public Response getAllRoles() {
@POST
@Path(ROLES)
@Produces(MediaType.APPLICATION_JSON)
@ProtectedApi(scopes = SCOPE_ROLE_WRITE)
@ProtectedApi(scopes = {SCOPE_ROLE_WRITE}, superScopes = {AppConstants.SCOPE_ADMINUI_WRITE})
public Response addRole(@Valid @NotNull AdminRole roleArg) {
try {
log.info("Adding Admin-UI role.");
Expand Down Expand Up @@ -118,7 +119,7 @@ public Response addRole(@Valid @NotNull AdminRole roleArg) {
@PUT
@Path(ROLES)
@Produces(MediaType.APPLICATION_JSON)
@ProtectedApi(scopes = SCOPE_ROLE_WRITE)
@ProtectedApi(scopes = {SCOPE_ROLE_WRITE}, superScopes = {AppConstants.SCOPE_ADMINUI_WRITE})
public Response editRole(@Valid @NotNull AdminRole roleArg) {
try {
log.info("Editing Admin-UI role.");
Expand All @@ -145,7 +146,7 @@ public Response editRole(@Valid @NotNull AdminRole roleArg) {
@GET
@Path(ROLES + ROLE_PATH_VARIABLE)
@Produces(MediaType.APPLICATION_JSON)
@ProtectedApi(scopes = {SCOPE_ROLE_READ}, groupScopes = {SCOPE_ROLE_WRITE})
@ProtectedApi(scopes = {SCOPE_ROLE_READ}, groupScopes = {SCOPE_ROLE_WRITE}, superScopes = {AppConstants.SCOPE_ADMINUI_READ})
public Response getRole(@PathParam(ROLE_CONST) @NotNull String adminUIRole) {
try {
log.info("Get all Admin-UI roles.");
Expand All @@ -172,7 +173,7 @@ public Response getRole(@PathParam(ROLE_CONST) @NotNull String adminUIRole) {
@DELETE
@Path(ROLES + ROLE_PATH_VARIABLE)
@Produces(MediaType.APPLICATION_JSON)
@ProtectedApi(scopes = SCOPE_ROLE_DELETE)
@ProtectedApi(scopes = {SCOPE_ROLE_DELETE}, superScopes = {AppConstants.SCOPE_ADMINUI_DELETE})
public Response deleteRole(@PathParam(ROLE_CONST) @NotNull String adminUIRole) {
try {
log.info("Deleting Admin-UI role.");
Expand All @@ -199,7 +200,7 @@ public Response deleteRole(@PathParam(ROLE_CONST) @NotNull String adminUIRole) {
@GET
@Path(PERMISSIONS)
@Produces(MediaType.APPLICATION_JSON)
@ProtectedApi(scopes = {SCOPE_PERMISSION_READ}, groupScopes = {SCOPE_PERMISSION_WRITE})
@ProtectedApi(scopes = {SCOPE_PERMISSION_READ}, groupScopes = {SCOPE_PERMISSION_WRITE}, superScopes = {AppConstants.SCOPE_ADMINUI_READ})
public Response getAllPermissions() {
try {
log.info("Get all Admin-UI permissions.");
Expand Down Expand Up @@ -227,7 +228,7 @@ public Response getAllPermissions() {
@POST
@Path(PERMISSIONS)
@Produces(MediaType.APPLICATION_JSON)
@ProtectedApi(scopes = SCOPE_PERMISSION_WRITE)
@ProtectedApi(scopes = {SCOPE_PERMISSION_WRITE}, superScopes = {AppConstants.SCOPE_ADMINUI_WRITE})
public Response addPermission(@Valid @NotNull AdminPermission permissionArg) {
try {
log.info("Adding Admin-UI permissions.");
Expand Down Expand Up @@ -255,7 +256,7 @@ public Response addPermission(@Valid @NotNull AdminPermission permissionArg) {
@PUT
@Path(PERMISSIONS)
@Produces(MediaType.APPLICATION_JSON)
@ProtectedApi(scopes = SCOPE_PERMISSION_WRITE)
@ProtectedApi(scopes = {SCOPE_PERMISSION_WRITE}, superScopes = {AppConstants.SCOPE_ADMINUI_WRITE})
public Response editPermission(@Valid @NotNull AdminPermission permissionArg) {
try {
log.info("Editing Admin-UI permissions.");
Expand All @@ -282,7 +283,7 @@ public Response editPermission(@Valid @NotNull AdminPermission permissionArg) {
@GET
@Path(PERMISSIONS + PERMISSION_PATH_VARIABLE)
@Produces(MediaType.APPLICATION_JSON)
@ProtectedApi(scopes = {SCOPE_PERMISSION_READ}, groupScopes = {SCOPE_PERMISSION_WRITE})
@ProtectedApi(scopes = {SCOPE_PERMISSION_READ}, groupScopes = {SCOPE_PERMISSION_WRITE}, superScopes = {AppConstants.SCOPE_ADMINUI_READ})
public Response getPermission(@PathParam(PERMISSION_CONST) @NotNull String adminUIPermission) {
try {
log.info("Get Admin-UI permission.");
Expand All @@ -309,7 +310,7 @@ public Response getPermission(@PathParam(PERMISSION_CONST) @NotNull String admin
@DELETE
@Path(PERMISSIONS + PERMISSION_PATH_VARIABLE)
@Produces(MediaType.APPLICATION_JSON)
@ProtectedApi(scopes = SCOPE_PERMISSION_DELETE)
@ProtectedApi(scopes = {SCOPE_PERMISSION_DELETE}, superScopes = {AppConstants.SCOPE_ADMINUI_DELETE})
public Response deletePermission(@PathParam(PERMISSION_CONST) @NotNull String adminUIPermission) {
try {
log.info("Deleting Admin-UI permission.");
Expand All @@ -336,7 +337,7 @@ public Response deletePermission(@PathParam(PERMISSION_CONST) @NotNull String ad
@GET
@Path(ROLE_PERMISSIONS_MAPPING)
@Produces(MediaType.APPLICATION_JSON)
@ProtectedApi(scopes = {SCOPE_ROLE_PERMISSION_MAPPING_READ}, groupScopes = {SCOPE_ROLE_PERMISSION_MAPPING_WRITE})
@ProtectedApi(scopes = {SCOPE_ROLE_PERMISSION_MAPPING_READ}, groupScopes = {SCOPE_ROLE_PERMISSION_MAPPING_WRITE}, superScopes = {AppConstants.SCOPE_ADMINUI_READ})
public Response getAllAdminUIRolePermissionsMapping() {
try {
log.info("Get all Admin-UI role-permissions mapping.");
Expand Down Expand Up @@ -364,7 +365,7 @@ public Response getAllAdminUIRolePermissionsMapping() {
@POST
@Path(ROLE_PERMISSIONS_MAPPING)
@Produces(MediaType.APPLICATION_JSON)
@ProtectedApi(scopes = SCOPE_ROLE_PERMISSION_MAPPING_WRITE)
@ProtectedApi(scopes = {SCOPE_ROLE_PERMISSION_MAPPING_WRITE}, superScopes = {AppConstants.SCOPE_ADMINUI_WRITE})
public Response addPermissionsToRole(@Valid @NotNull RolePermissionMapping rolePermissionMappingArg) {
try {
log.info("Adding role-permissions to Admin-UI.");
Expand Down Expand Up @@ -392,7 +393,7 @@ public Response addPermissionsToRole(@Valid @NotNull RolePermissionMapping roleP
@PUT
@Path(ROLE_PERMISSIONS_MAPPING)
@Produces(MediaType.APPLICATION_JSON)
@ProtectedApi(scopes = SCOPE_ROLE_PERMISSION_MAPPING_WRITE)
@ProtectedApi(scopes = {SCOPE_ROLE_PERMISSION_MAPPING_WRITE}, superScopes = {AppConstants.SCOPE_ADMINUI_WRITE})
public Response mapPermissionsToRole(@Valid @NotNull RolePermissionMapping rolePermissionMappingArg) {
try {
log.info("Mapping permissions to Admin-UI role.");
Expand All @@ -419,7 +420,7 @@ public Response mapPermissionsToRole(@Valid @NotNull RolePermissionMapping roleP
@GET
@Path(ROLE_PERMISSIONS_MAPPING + ROLE_PATH_VARIABLE)
@Produces(MediaType.APPLICATION_JSON)
@ProtectedApi(scopes = {SCOPE_ROLE_PERMISSION_MAPPING_READ}, groupScopes = {SCOPE_ROLE_PERMISSION_MAPPING_WRITE})
@ProtectedApi(scopes = {SCOPE_ROLE_PERMISSION_MAPPING_READ}, groupScopes = {SCOPE_ROLE_PERMISSION_MAPPING_WRITE}, superScopes = {AppConstants.SCOPE_ADMINUI_READ})
public Response getAdminUIRolePermissionsMapping(@PathParam(ROLE_CONST) @NotNull String adminUIRole) {
try {
log.info("Get Admin-UI role-permissions mapping by role-name.");
Expand All @@ -446,7 +447,7 @@ public Response getAdminUIRolePermissionsMapping(@PathParam(ROLE_CONST) @NotNull
@DELETE
@Path(ROLE_PERMISSIONS_MAPPING + ROLE_PATH_VARIABLE)
@Produces(MediaType.APPLICATION_JSON)
@ProtectedApi(scopes = SCOPE_ROLE_PERMISSION_MAPPING_DELETE)
@ProtectedApi(scopes = {SCOPE_ROLE_PERMISSION_MAPPING_DELETE}, superScopes = {AppConstants.SCOPE_ADMINUI_DELETE})
public Response removePermissionsFromRole(@PathParam(ROLE_CONST) @NotNull String role) {
try {
log.info("Removing permissions to Admin-UI role.");
Expand Down
3 changes: 3 additions & 0 deletions ...i/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/utils/AppConstants.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,4 +7,7 @@ public interface AppConstants {
//application type
public static final String APPLICATION_KEY_ADMIN_UI = "admin-ui";
public static final String APPLICATION_KEY_ADS = "ads";
public static final String SCOPE_ADMINUI_READ = "https://jans.io/oauth/jans-auth-server/config/adminui/read-all";
public static final String SCOPE_ADMINUI_WRITE = "https://jans.io/oauth/jans-auth-server/config/adminui/write-all";
public static final String SCOPE_ADMINUI_DELETE = "https://jans.io/oauth/jans-auth-server/config/adminui/delete-all";
}
Loading

0 comments on commit 5e64713

Please sign in to comment.