diff --git a/api/src/main/java/com/github/streamshub/console/api/security/PermissionService.java b/api/src/main/java/com/github/streamshub/console/api/security/PermissionService.java index 86c50ced3..711044777 100644 --- a/api/src/main/java/com/github/streamshub/console/api/security/PermissionService.java +++ b/api/src/main/java/com/github/streamshub/console/api/security/PermissionService.java @@ -4,29 +4,25 @@ import java.util.Set; import java.util.function.Function; import java.util.function.Predicate; +import java.util.stream.Collectors; +import java.util.stream.Stream; import jakarta.enterprise.context.RequestScoped; import jakarta.inject.Inject; import jakarta.ws.rs.ForbiddenException; -import com.github.streamshub.console.api.model.ConsumerGroup; -import com.github.streamshub.console.api.model.KafkaRebalance; -import com.github.streamshub.console.api.model.KafkaRecord; -import com.github.streamshub.console.api.model.Topic; import com.github.streamshub.console.api.support.KafkaContext; import com.github.streamshub.console.config.security.Privilege; +import com.github.streamshub.console.config.security.ResourceTypes; import io.quarkus.security.identity.SecurityIdentity; @RequestScoped public class PermissionService { - private static final Set KAFKA_SUBRESOURCES = Set.of( - ConsumerGroup.API_TYPE, - KafkaRebalance.API_TYPE, - // Records are a sub-resource of topics - Topic.API_TYPE + '/' + KafkaRecord.API_TYPE, - Topic.API_TYPE); + private static final Set KAFKA_SUBRESOURCES = Stream.of(ResourceTypes.Kafka.values()) + .map(v -> v.value()) + .collect(Collectors.toSet()); @Inject SecurityIdentity securityIdentity; diff --git a/api/src/main/java/com/github/streamshub/console/api/service/KafkaRebalanceService.java b/api/src/main/java/com/github/streamshub/console/api/service/KafkaRebalanceService.java index 28ddaf71c..b5f48f52a 100644 --- a/api/src/main/java/com/github/streamshub/console/api/service/KafkaRebalanceService.java +++ b/api/src/main/java/com/github/streamshub/console/api/service/KafkaRebalanceService.java @@ -18,9 +18,12 @@ import com.github.streamshub.console.api.model.Condition; import com.github.streamshub.console.api.model.KafkaRebalance; +import com.github.streamshub.console.api.security.PermissionService; import com.github.streamshub.console.api.support.KafkaContext; import com.github.streamshub.console.api.support.ListRequestContext; import com.github.streamshub.console.config.ConsoleConfig; +import com.github.streamshub.console.config.security.Privilege; +import com.github.streamshub.console.config.security.ResourceTypes; import io.fabric8.kubernetes.client.KubernetesClient; import io.fabric8.kubernetes.client.informers.cache.Cache; @@ -47,11 +50,18 @@ public class KafkaRebalanceService { @Inject KafkaContext kafkaContext; + @Inject + PermissionService permissionService; + public List listRebalances(ListRequestContext listSupport) { final Map statuses = new HashMap<>(); listSupport.meta().put("summary", Map.of("statuses", statuses)); return rebalanceResources() + .filter(permissionService.permitted( + ResourceTypes.Kafka.REBALANCES.value(), + Privilege.LIST, + r -> r.getMetadata().getName())) .map(this::toKafkaRebalance) .map(rebalance -> tallyStatus(statuses, rebalance)) .filter(listSupport)