Merge pull request #1452 from gentics/dev-gpu-311-permissions-endpoints

Dev gpu 311 permissions endpoints

CHANGELOG.adoc

@@ -25,7 +25,9 @@ include::content/docs/variables.adoc-include[]
 [[v1.10.0]]
 == 1.10.0 (TBD)
 
-icon:check[] Core: The OrientDB database as been updated to version 3.2.10.
+icon:plus[] Core: The OrientDB database as been updated to version 3.2.10.
+
+icon:plus[] Rest: The new endpoints `/api/v2/.../rolePermissions` allow getting, granting and revoking permissions on entities for multiple roles in a single request.
 
 [[v1.9.3]]
 == 1.9.3 (22.09.2022)

common/src/main/resources/i18n/translations_de.properties

@@ -114,6 +114,7 @@ role_missing_parentgroup_field=Es wurde keine Gruppe für die Rolle angegeben. D
 role_updated_permission=Berechtigung für Rolle {0} wurde aktualisiert.
 role_permission_path_missing=Es wurde kein Pfad angegeben.
 role_error_permission_name_unknown=Name der angegebenen Berechtigung "{0}" ist unbekannt.
+role_reference_uuid_or_name_missing=Es wurde kein Name oder Uuid für die Rolle angegeben.
 
 project_deleted=Projekt "{0}" wurde gelöscht.
 project_version_purge_enqueued=Der Auftrag für die Projektversionsbereinigung wurde eingereiht.

common/src/main/resources/i18n/translations_en.properties

@@ -112,7 +112,8 @@ role_conflicting_name=Role name is conflicting with an existing role.
 role_missing_parentgroup_field=No parent group was specified for the role. Please set a parent group uuid.
 role_updated_permission=Permission for role {0} updated.
 role_permission_path_missing=No path was specified.
-role_error_permission_name_unknown=Found permission name "{0}" is unknown. 
+role_error_permission_name_unknown=Found permission name "{0}" is unknown.
+role_reference_uuid_or_name_missing=The role reference must contain either name or uuid.
 
 project_deleted=Project "{0}" was deleted.
 project_version_purge_enqueued=Project version purge job was queued.

core/src/main/java/com/gentics/mesh/core/endpoint/RolePermissionHandlingEndpoint.java

@@ -0,0 +1,81 @@
+package com.gentics.mesh.core.endpoint;
+
+import static com.gentics.mesh.core.rest.MeshEvent.ROLE_PERMISSIONS_CHANGED;
+import static com.gentics.mesh.http.HttpConstants.APPLICATION_JSON;
+import static io.netty.handler.codec.http.HttpResponseStatus.OK;
+import static io.vertx.core.http.HttpMethod.DELETE;
+import static io.vertx.core.http.HttpMethod.GET;
+import static io.vertx.core.http.HttpMethod.POST;
+
+import com.gentics.mesh.auth.MeshAuthChainImpl;
+import com.gentics.mesh.context.InternalActionContext;
+import com.gentics.mesh.core.endpoint.handler.AbstractCrudHandler;
+import com.gentics.mesh.rest.InternalEndpointRoute;
+import com.gentics.mesh.router.route.AbstractInternalEndpoint;
+
+/**
+ * Abstract endpoint implementation with methods that add routes for getting/granting/revoking role permissions
+ */
+public abstract class RolePermissionHandlingEndpoint extends AbstractInternalEndpoint {
+
+	protected RolePermissionHandlingEndpoint(String basePath, MeshAuthChainImpl chain) {
+		super(basePath, chain);
+	}
+
+	/**
+	 * Add role permission handler
+	 * @param uuidParameterName name of the uuid parameter (e.g. "groupUuid")
+	 * @param uuidParameterExample example of the uuid parameter
+	 * @param typeDescription description of the object type (e.g. "group")
+	 * @param crudHandler crud handler
+	 * @param includePublishPermissions true to include the publish permissions into the example
+	 */
+	protected void addRolePermissionHandler(String uuidParameterName, String uuidParameterExample, String typeDescription,
+			AbstractCrudHandler<?, ?> crudHandler, boolean includePublishPermissions) {
+		String path = "/:" + uuidParameterName + "/rolePermissions";
+		InternalEndpointRoute readPermissionsEndpoint = createRoute();
+		readPermissionsEndpoint.path(path);
+		readPermissionsEndpoint.addUriParameter(uuidParameterName, "Uuid of the " + typeDescription, uuidParameterExample);
+		readPermissionsEndpoint.method(GET);
+		readPermissionsEndpoint.description("Get the permissions on the " + typeDescription + " for all roles.");
+		readPermissionsEndpoint.produces(APPLICATION_JSON);
+		readPermissionsEndpoint.exampleResponse(OK, roleExamples.getObjectPermissionResponse(includePublishPermissions), "Loaded permissions.");
+		readPermissionsEndpoint.blockingHandler(rc -> {
+			InternalActionContext ac = wrap(rc);
+			String uuid = rc.request().getParam(uuidParameterName);
+			crudHandler.handleReadPermissions(ac, uuid);
+		}, false);
+
+		InternalEndpointRoute grantPermissionsEndpoint = createRoute();
+		grantPermissionsEndpoint.path(path);
+		grantPermissionsEndpoint.addUriParameter(uuidParameterName, "Uuid of the " + typeDescription, uuidParameterExample);
+		grantPermissionsEndpoint.method(POST);
+		grantPermissionsEndpoint.description("Grant permissions on the " + typeDescription + " to multiple roles.");
+		grantPermissionsEndpoint.consumes(APPLICATION_JSON);
+		grantPermissionsEndpoint.produces(APPLICATION_JSON);
+		grantPermissionsEndpoint.exampleRequest(roleExamples.getObjectPermissionGrantRequest(includePublishPermissions));
+		grantPermissionsEndpoint.exampleResponse(OK, roleExamples.getObjectPermissionResponse(includePublishPermissions), "Updated permissions.");
+		grantPermissionsEndpoint.events(ROLE_PERMISSIONS_CHANGED);
+		grantPermissionsEndpoint.blockingHandler(rc -> {
+			InternalActionContext ac = wrap(rc);
+			String uuid = rc.request().getParam(uuidParameterName);
+			crudHandler.handleGrantPermissions(ac, uuid);
+		});
+
+		InternalEndpointRoute revokePermissionsEndpoint = createRoute();
+		revokePermissionsEndpoint.path(path);
+		revokePermissionsEndpoint.addUriParameter(uuidParameterName, "Uuid of the " + typeDescription, uuidParameterExample);
+		revokePermissionsEndpoint.method(DELETE);
+		revokePermissionsEndpoint.description("Revoke permissions on the " + typeDescription + " from multiple roles.");
+		revokePermissionsEndpoint.consumes(APPLICATION_JSON);
+		revokePermissionsEndpoint.produces(APPLICATION_JSON);
+		revokePermissionsEndpoint.exampleRequest(roleExamples.getObjectPermissionRevokeRequest(includePublishPermissions));
+		revokePermissionsEndpoint.exampleResponse(OK, roleExamples.getObjectPermissionResponse(includePublishPermissions), "Updated permissions.");
+		revokePermissionsEndpoint.events(ROLE_PERMISSIONS_CHANGED);
+		revokePermissionsEndpoint.blockingHandler(rc -> {
+			InternalActionContext ac = wrap(rc);
+			String uuid = rc.request().getParam(uuidParameterName);
+			crudHandler.handleRevokePermissions(ac, uuid);
+		});
+	}
+}

core/src/main/java/com/gentics/mesh/core/endpoint/RolePermissionHandlingProjectEndpoint.java

@@ -0,0 +1,83 @@
+package com.gentics.mesh.core.endpoint;
+
+import static com.gentics.mesh.core.rest.MeshEvent.ROLE_PERMISSIONS_CHANGED;
+import static com.gentics.mesh.http.HttpConstants.APPLICATION_JSON;
+import static io.netty.handler.codec.http.HttpResponseStatus.OK;
+import static io.vertx.core.http.HttpMethod.DELETE;
+import static io.vertx.core.http.HttpMethod.GET;
+import static io.vertx.core.http.HttpMethod.POST;
+
+import com.gentics.mesh.auth.MeshAuthChainImpl;
+import com.gentics.mesh.cli.BootstrapInitializer;
+import com.gentics.mesh.context.InternalActionContext;
+import com.gentics.mesh.core.endpoint.handler.AbstractCrudHandler;
+import com.gentics.mesh.rest.InternalEndpointRoute;
+import com.gentics.mesh.router.route.AbstractProjectEndpoint;
+
+/**
+ * Abstract endpoint implementation with methods that add routes for getting/granting/revoking role permissions
+ */
+public abstract class RolePermissionHandlingProjectEndpoint extends AbstractProjectEndpoint {
+
+	protected RolePermissionHandlingProjectEndpoint(String basePath, MeshAuthChainImpl chain,
+			BootstrapInitializer boot) {
+		super(basePath, chain, boot);
+	}
+
+	/**
+	 * Add role permission handler
+	 * @param uuidParameterName name of the uuid parameter (e.g. "groupUuid")
+	 * @param uuidParameterExample example of the uuid parameter
+	 * @param typeDescription description of the object type (e.g. "group")
+	 * @param crudHandler crud handler
+	 * @param includePublishPermissions true to include the publish permissions into the example
+	 */
+	protected void addRolePermissionHandler(String uuidParameterName, String uuidParameterExample, String typeDescription,
+			AbstractCrudHandler<?, ?> crudHandler, boolean includePublishPermissions) {
+		String path = "/:" + uuidParameterName + "/rolePermissions";
+		InternalEndpointRoute readPermissionsEndpoint = createRoute();
+		readPermissionsEndpoint.path(path);
+		readPermissionsEndpoint.addUriParameter(uuidParameterName, "Uuid of the " + typeDescription, uuidParameterExample);
+		readPermissionsEndpoint.method(GET);
+		readPermissionsEndpoint.description("Get the permissions on the " + typeDescription + " for all roles.");
+		readPermissionsEndpoint.produces(APPLICATION_JSON);
+		readPermissionsEndpoint.exampleResponse(OK, roleExamples.getObjectPermissionResponse(includePublishPermissions), "Loaded permissions.");
+		readPermissionsEndpoint.blockingHandler(rc -> {
+			InternalActionContext ac = wrap(rc);
+			String uuid = rc.request().getParam(uuidParameterName);
+			crudHandler.handleReadPermissions(ac, uuid);
+		}, false);
+
+		InternalEndpointRoute grantPermissionsEndpoint = createRoute();
+		grantPermissionsEndpoint.path(path);
+		grantPermissionsEndpoint.addUriParameter(uuidParameterName, "Uuid of the " + typeDescription, uuidParameterExample);
+		grantPermissionsEndpoint.method(POST);
+		grantPermissionsEndpoint.description("Grant permissions on the " + typeDescription + " to multiple roles.");
+		grantPermissionsEndpoint.consumes(APPLICATION_JSON);
+		grantPermissionsEndpoint.produces(APPLICATION_JSON);
+		grantPermissionsEndpoint.exampleRequest(roleExamples.getObjectPermissionGrantRequest(includePublishPermissions));
+		grantPermissionsEndpoint.exampleResponse(OK, roleExamples.getObjectPermissionResponse(includePublishPermissions), "Updated permissions.");
+		grantPermissionsEndpoint.events(ROLE_PERMISSIONS_CHANGED);
+		grantPermissionsEndpoint.blockingHandler(rc -> {
+			InternalActionContext ac = wrap(rc);
+			String uuid = rc.request().getParam(uuidParameterName);
+			crudHandler.handleGrantPermissions(ac, uuid);
+		});
+
+		InternalEndpointRoute revokePermissionsEndpoint = createRoute();
+		revokePermissionsEndpoint.path(path);
+		revokePermissionsEndpoint.addUriParameter(uuidParameterName, "Uuid of the " + typeDescription, uuidParameterExample);
+		revokePermissionsEndpoint.method(DELETE);
+		revokePermissionsEndpoint.description("Revoke permissions on the " + typeDescription + " from multiple roles.");
+		revokePermissionsEndpoint.consumes(APPLICATION_JSON);
+		revokePermissionsEndpoint.produces(APPLICATION_JSON);
+		revokePermissionsEndpoint.exampleRequest(roleExamples.getObjectPermissionRevokeRequest(includePublishPermissions));
+		revokePermissionsEndpoint.exampleResponse(OK, roleExamples.getObjectPermissionResponse(includePublishPermissions), "Updated permissions.");
+		revokePermissionsEndpoint.events(ROLE_PERMISSIONS_CHANGED);
+		revokePermissionsEndpoint.blockingHandler(rc -> {
+			InternalActionContext ac = wrap(rc);
+			String uuid = rc.request().getParam(uuidParameterName);
+			crudHandler.handleRevokePermissions(ac, uuid);
+		});
+	}
+}

core/src/main/java/com/gentics/mesh/core/endpoint/branch/BranchEndpoint.java

@@ -28,15 +28,15 @@
 import com.gentics.mesh.auth.MeshAuthChainImpl;
 import com.gentics.mesh.cli.BootstrapInitializer;
 import com.gentics.mesh.context.InternalActionContext;
+import com.gentics.mesh.core.endpoint.RolePermissionHandlingProjectEndpoint;
 import com.gentics.mesh.parameter.impl.GenericParametersImpl;
 import com.gentics.mesh.parameter.impl.PagingParametersImpl;
 import com.gentics.mesh.rest.InternalEndpointRoute;
-import com.gentics.mesh.router.route.AbstractProjectEndpoint;
 
 /**
  * Verticle for REST endpoints to manage branches.
  */
-public class BranchEndpoint extends AbstractProjectEndpoint {
+public class BranchEndpoint extends RolePermissionHandlingProjectEndpoint {
 
 	private BranchCrudHandler crudHandler;
 
@@ -67,6 +67,7 @@ public void registerEndPoints() {
 		addNodeMigrationHandler();
 		addMicronodeMigrationHandler();
 		addTagsHandler();
+		addRolePermissionHandler("branchUuid", BRANCH_UUID, "branch", crudHandler, false);
 	}
 
 	private void addMicroschemaInfoHandler() {

core/src/main/java/com/gentics/mesh/core/endpoint/group/GroupEndpoint.java

@@ -24,16 +24,16 @@
 
 import com.gentics.mesh.auth.MeshAuthChainImpl;
 import com.gentics.mesh.context.InternalActionContext;
+import com.gentics.mesh.core.endpoint.RolePermissionHandlingEndpoint;
 import com.gentics.mesh.parameter.impl.GenericParametersImpl;
 import com.gentics.mesh.parameter.impl.PagingParametersImpl;
 import com.gentics.mesh.parameter.impl.RolePermissionParametersImpl;
 import com.gentics.mesh.rest.InternalEndpointRoute;
-import com.gentics.mesh.router.route.AbstractInternalEndpoint;
 
 /**
- * Endpoint defintion for /api/v1/groups
+ * Endpoint definition for /api/v1/groups
  */
-public class GroupEndpoint extends AbstractInternalEndpoint {
+public class GroupEndpoint extends RolePermissionHandlingEndpoint {
 
 	private GroupCrudHandler crudHandler;
 
@@ -63,6 +63,7 @@ public void registerEndPoints() {
 		addReadHandler();
 		addUpdateHandler();
 		addDeleteHandler();
+		addRolePermissionHandler("groupUuid", GROUP_CLIENT_UUID, "group", crudHandler, false);
 	}
 
 	private void addGroupRoleHandlers() {