From 13126a3af64db5f0a2a5109095d34c7753e4b7e7 Mon Sep 17 00:00:00 2001 From: nkorange Date: Tue, 11 Feb 2020 12:26:04 +0800 Subject: [PATCH] Add namespace page access control --- .../nacos/console/controller/NamespaceController.java | 9 +++++++++ .../com/alibaba/nacos/naming/core/ServiceManager.java | 10 ---------- 2 files changed, 9 insertions(+), 10 deletions(-) diff --git a/console/src/main/java/com/alibaba/nacos/console/controller/NamespaceController.java b/console/src/main/java/com/alibaba/nacos/console/controller/NamespaceController.java index d8d005476..626564f53 100644 --- a/console/src/main/java/com/alibaba/nacos/console/controller/NamespaceController.java +++ b/console/src/main/java/com/alibaba/nacos/console/controller/NamespaceController.java @@ -20,6 +20,9 @@ import com.alibaba.nacos.config.server.model.TenantInfo; import com.alibaba.nacos.config.server.service.PersistService; import com.alibaba.nacos.console.model.Namespace; import com.alibaba.nacos.console.model.NamespaceAllInfo; +import com.alibaba.nacos.console.security.nacos.NacosAuthConfig; +import com.alibaba.nacos.core.auth.ActionTypes; +import com.alibaba.nacos.core.auth.Secured; import org.apache.commons.lang3.StringUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.web.bind.annotation.*; @@ -55,6 +58,7 @@ public class NamespaceController { * @return namespace list */ @GetMapping + @Secured(resource = NacosAuthConfig.CONSOLE_RESOURCE_NAME_PREFIX + "namespaces", action = ActionTypes.READ) public RestResult> getNamespaces(HttpServletRequest request, HttpServletResponse response) { RestResult> rr = new RestResult>(); rr.setCode(200); @@ -82,6 +86,7 @@ public class NamespaceController { * @return namespace all info */ @GetMapping(params = "show=all") + @Secured(resource = NacosAuthConfig.CONSOLE_RESOURCE_NAME_PREFIX + "namespaces", action = ActionTypes.READ) public NamespaceAllInfo getNamespace(HttpServletRequest request, HttpServletResponse response, @RequestParam("namespaceId") String namespaceId) { // TODO 获取用kp @@ -106,6 +111,7 @@ public class NamespaceController { * @return whether create ok */ @PostMapping + @Secured(resource = NacosAuthConfig.CONSOLE_RESOURCE_NAME_PREFIX + "namespaces", action = ActionTypes.WRITE) public Boolean createNamespace(HttpServletRequest request, HttpServletResponse response, @RequestParam("customNamespaceId") String namespaceId, @RequestParam("namespaceName") String namespaceName, @@ -138,6 +144,7 @@ public class NamespaceController { * @return java.lang.Boolean */ @GetMapping(params = "checkNamespaceIdExist=true") + @Secured(resource = NacosAuthConfig.CONSOLE_RESOURCE_NAME_PREFIX + "namespaces", action = ActionTypes.READ) public Boolean checkNamespaceIdExist(@RequestParam("customNamespaceId") String namespaceId){ if(StringUtils.isBlank(namespaceId)){ return false; @@ -154,6 +161,7 @@ public class NamespaceController { * @return whether edit ok */ @PutMapping + @Secured(resource = NacosAuthConfig.CONSOLE_RESOURCE_NAME_PREFIX + "namespaces", action = ActionTypes.WRITE) public Boolean editNamespace(@RequestParam("namespace") String namespace, @RequestParam("namespaceShowName") String namespaceShowName, @RequestParam(value = "namespaceDesc", required = false) String namespaceDesc) { @@ -171,6 +179,7 @@ public class NamespaceController { * @return whether del ok */ @DeleteMapping + @Secured(resource = NacosAuthConfig.CONSOLE_RESOURCE_NAME_PREFIX + "namespaces", action = ActionTypes.WRITE) public Boolean deleteConfig(HttpServletRequest request, HttpServletResponse response, @RequestParam("namespaceId") String namespaceId) { persistService.removeTenantInfoAtomic("1", namespaceId); diff --git a/naming/src/main/java/com/alibaba/nacos/naming/core/ServiceManager.java b/naming/src/main/java/com/alibaba/nacos/naming/core/ServiceManager.java index 17ea6ae04..7d1d2db24 100644 --- a/naming/src/main/java/com/alibaba/nacos/naming/core/ServiceManager.java +++ b/naming/src/main/java/com/alibaba/nacos/naming/core/ServiceManager.java @@ -168,12 +168,6 @@ public class ServiceManager implements RecordListener { Service service = chooseServiceMap(namespace).get(name); Loggers.RAFT.info("[RAFT-NOTIFIER] datum is deleted, key: {}", key); - // check again: - if (service != null && !service.allIPs().isEmpty()) { - Loggers.SRV_LOG.warn("service not empty, key: {}", key); - return; - } - if (service != null) { service.destroy(); consistencyService.remove(KeyBuilder.buildInstanceListKey(namespace, name, true)); @@ -414,10 +408,6 @@ public class ServiceManager implements RecordListener { throw new IllegalArgumentException("specified service not exist, serviceName : " + serviceName); } - if (!service.allIPs().isEmpty()) { - throw new IllegalArgumentException("specified service has instances, serviceName : " + serviceName); - } - consistencyService.remove(KeyBuilder.buildServiceMetaKey(namespaceId, serviceName)); }