IKC-440 Preload default permissions for inmemory authentication

kouncil-backend/src/main/java/com/consdata/kouncil/config/security/inmemory/InMemoryBaseDataLoader.java

@@ -0,0 +1,106 @@
+package com.consdata.kouncil.config.security.inmemory;
+
+import static com.consdata.kouncil.config.security.inmemory.InMemoryConst.ADMIN_DEFAULT_GROUP;
+import static com.consdata.kouncil.config.security.inmemory.InMemoryConst.EDITOR_DEFAULT_GROUP;
+import static com.consdata.kouncil.config.security.inmemory.InMemoryConst.VIEWER_DEFAULT_GROUP;
+
+import com.consdata.kouncil.model.admin.SystemFunction;
+import com.consdata.kouncil.model.admin.SystemFunctionName;
+import com.consdata.kouncil.model.admin.UserGroup;
+import com.consdata.kouncil.security.function.SystemFunctionsRepository;
+import com.consdata.kouncil.security.group.UserGroupRepository;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import java.util.stream.StreamSupport;
+import javax.annotation.PostConstruct;
+import lombok.RequiredArgsConstructor;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.stereotype.Component;
+
+@Component
+@RequiredArgsConstructor
+@ConditionalOnProperty(prefix = "kouncil.auth", name = "active-provider", havingValue = "inmemory")
+public class InMemoryBaseDataLoader {
+
+    private final SystemFunctionsRepository systemFunctionsRepository;
+    private final UserGroupRepository userGroupRepository;
+    private final InMemoryUserManager inMemoryUserManager;
+
+    private static final List<SystemFunctionName> ADMIN_FUNCTIONS = List.of(SystemFunctionName.BROKERS_LIST, SystemFunctionName.BROKER_DETAILS,
+            SystemFunctionName.CONSUMER_GROUP_LIST, SystemFunctionName.CONSUMER_GROUP_DETAILS, SystemFunctionName.CONSUMER_GROUP_DELETE,
+            SystemFunctionName.LOGIN,
+            SystemFunctionName.USER_GROUPS, SystemFunctionName.USER_GROUPS_LIST, SystemFunctionName.USER_GROUP_CREATE, SystemFunctionName.USER_GROUP_UPDATE,
+            SystemFunctionName.USER_GROUP_DELETE,
+            SystemFunctionName.CLUSTER_LIST, SystemFunctionName.CLUSTER_CREATE, SystemFunctionName.CLUSTER_UPDATE, SystemFunctionName.CLUSTER_DETAILS,
+            SystemFunctionName.CLUSTER_DELETE);
+
+    private static final List<SystemFunctionName> EDITOR_FUNCTIONS = List.of(
+            SystemFunctionName.TOPIC_LIST, SystemFunctionName.TOPIC_CREATE, SystemFunctionName.TOPIC_UPDATE, SystemFunctionName.TOPIC_DELETE,
+            SystemFunctionName.TOPIC_MESSAGES,
+            SystemFunctionName.TOPIC_RESEND_MESSAGE, SystemFunctionName.TOPIC_SEND_MESSAGE,
+            SystemFunctionName.TRACK_LIST,
+            SystemFunctionName.SCHEMA_LIST, SystemFunctionName.SCHEMA_CREATE, SystemFunctionName.SCHEMA_UPDATE, SystemFunctionName.SCHEMA_DELETE,
+            SystemFunctionName.SCHEMA_DETAILS,
+            SystemFunctionName.LOGIN,
+            SystemFunctionName.CLUSTER_LIST, SystemFunctionName.CLUSTER_CREATE, SystemFunctionName.CLUSTER_UPDATE, SystemFunctionName.CLUSTER_DETAILS,
+            SystemFunctionName.CLUSTER_DELETE);
+
+    private static final List<SystemFunctionName> VIEWER_FUNCTIONS = List.of(
+            SystemFunctionName.TOPIC_LIST, SystemFunctionName.TOPIC_MESSAGES,
+            SystemFunctionName.TRACK_LIST,
+            SystemFunctionName.SCHEMA_LIST, SystemFunctionName.SCHEMA_DETAILS,
+            SystemFunctionName.LOGIN,
+            SystemFunctionName.CLUSTER_LIST, SystemFunctionName.CLUSTER_DETAILS);
+
+    @PostConstruct
+    public void init() {
+        List<UserGroup> userGroups = StreamSupport.stream(userGroupRepository.findAll().spliterator(), false).toList();
+
+        if (userGroups.isEmpty()) {
+            Set<String> roleMapping = Set.of(ADMIN_DEFAULT_GROUP, EDITOR_DEFAULT_GROUP, VIEWER_DEFAULT_GROUP);
+
+            List<UserGroup> groups = new ArrayList<>();
+            roleMapping.stream().filter(groupCode -> !groupCode.isEmpty())
+                    .forEach(groupCode -> {
+                        UserGroup group = new UserGroup();
+                        group.setCode(groupCode);
+                        group.setName(groupCode.replace("_", " "));
+                        group.setFunctions(new HashSet<>());
+                        groups.add(group);
+                    });
+
+            userGroupRepository.saveAll(groups);
+
+            Map<String, UserGroup> groupMap = new HashMap<>();
+            groups.forEach(savedGroup -> groupMap.put(savedGroup.getCode(), savedGroup));
+
+            List<SystemFunction> functions = StreamSupport.stream(systemFunctionsRepository.findAll().spliterator(), false).toList();
+
+            functions.forEach(function -> {
+                if (ADMIN_FUNCTIONS.contains(function.getName())) {
+                    addFunctionToUserGroup(function, ADMIN_DEFAULT_GROUP, groupMap);
+                }
+                if (EDITOR_FUNCTIONS.contains(function.getName())) {
+                    addFunctionToUserGroup(function, EDITOR_DEFAULT_GROUP, groupMap);
+                }
+                if (VIEWER_FUNCTIONS.contains(function.getName())) {
+                    addFunctionToUserGroup(function, VIEWER_DEFAULT_GROUP, groupMap);
+                }
+            });
+
+            userGroupRepository.saveAll(groups);
+        }
+
+        inMemoryUserManager.createDefaultUsers();
+    }
+
+    private void addFunctionToUserGroup(SystemFunction function, String role, Map<String, UserGroup> groupMap) {
+        if (groupMap.get(role) != null) {
+            groupMap.get(role).getFunctions().add(function);
+        }
+    }
+}

kouncil-backend/src/main/java/com/consdata/kouncil/config/security/inmemory/InMemoryWebSecurityConfig.java

@@ -23,13 +23,6 @@
 @EnableGlobalMethodSecurity(jsr250Enabled = true, securedEnabled = true, prePostEnabled = true)
 public class InMemoryWebSecurityConfig {
 
-    private final InMemoryUserManager inMemoryUserManager;
-
-    @PostConstruct
-    public void init() {
-        inMemoryUserManager.createDefaultUsers();
-    }
-
     @Bean
     public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         http

kouncil-backend/src/test/java/com/consdata/kouncil/KouncilInMemoryApplicationTests.java

@@ -1,7 +1,16 @@
 package com.consdata.kouncil;
 
-import static org.assertj.core.api.AssertionsForClassTypes.assertThat;
+import static com.consdata.kouncil.config.security.inmemory.InMemoryConst.ADMIN_DEFAULT_GROUP;
+import static com.consdata.kouncil.config.security.inmemory.InMemoryConst.EDITOR_DEFAULT_GROUP;
+import static com.consdata.kouncil.config.security.inmemory.InMemoryConst.VIEWER_DEFAULT_GROUP;
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.junit.jupiter.api.Assertions.assertAll;
 
+import com.consdata.kouncil.security.group.UserGroupsService;
+import com.consdata.kouncil.security.group.dto.UserGroupDto;
+import java.util.List;
+import java.util.Map;
+import java.util.stream.Collectors;
 import org.junit.jupiter.api.Test;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.context.SpringBootTest;
@@ -12,9 +21,24 @@ class KouncilInMemoryApplicationTests {
     @Autowired
     private InfoController controller;
 
+    @Autowired
+    private UserGroupsService userGroupsService;
+
     @Test
     void contextLoads() {
         assertThat(controller).isNotNull();
     }
 
+    @Test
+    void should_load_groups_and_permissions_on_startup() {
+        List<UserGroupDto> userGroups = userGroupsService.getUserGroups();
+        Map<String, UserGroupDto> userGroupsMap = userGroups.stream().collect(Collectors.toMap(UserGroupDto::getCode, userGroup -> userGroup));
+
+        assertAll(
+                () -> assertThat(userGroupsMap).hasSize(3),
+                () -> assertThat(userGroupsMap.get(ADMIN_DEFAULT_GROUP).getFunctions()).hasSize(16),
+                () -> assertThat(userGroupsMap.get(EDITOR_DEFAULT_GROUP).getFunctions()).hasSize(19),
+                () -> assertThat(userGroupsMap.get(VIEWER_DEFAULT_GROUP).getFunctions()).hasSize(8)
+        );
+    }
 }

kouncil-backend/src/test/java/com/consdata/kouncil/security/FirstTimeLoginControllerInMemoryTest.java

@@ -10,8 +10,11 @@
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 
 import com.consdata.kouncil.config.security.inmemory.FirstTimeLoginController;
+import com.consdata.kouncil.config.security.inmemory.InMemoryBaseDataLoader;
 import com.consdata.kouncil.config.security.inmemory.InMemoryUserManager;
 import com.consdata.kouncil.config.security.inmemory.InMemoryWebSecurityConfig;
+import com.consdata.kouncil.security.function.SystemFunctionsRepository;
+import com.consdata.kouncil.security.group.UserGroupRepository;
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.nio.file.Paths;
@@ -27,13 +30,19 @@
 
 @ExtendWith(SpringExtension.class)
 @WebMvcTest(value = AuthController.class)
-@ContextConfiguration(classes = {FirstTimeLoginController.class, InMemoryUserManager.class, InMemoryWebSecurityConfig.class})
+@ContextConfiguration(classes = {
+        FirstTimeLoginController.class, InMemoryUserManager.class, InMemoryWebSecurityConfig.class, InMemoryBaseDataLoader.class
+})
 class FirstTimeLoginControllerInMemoryTest {
 
     @Autowired
     private MockMvc mockMvc;
     @MockBean
     private UserRolesMapping userRolesMapping;
+    @MockBean
+    private SystemFunctionsRepository systemFunctionsRepository;
+    @MockBean
+    private UserGroupRepository userGroupRepository;
 
     @Test
     @WithMockUser(username = "admin", roles = {"ADMIN"})

kouncil-frontend/libs/feat-clusters/src/lib/clusters/clusters.component.ts

@@ -23,7 +23,8 @@ import {ServersService} from '@app/common-servers';
     <div class="main-container">
       <div class="toolbar-container">
         <div class="toolbar">
-          <button mat-button class="action-button-blue" (click)="createCluster()">
+          <button mat-button *ngIf="authService.canAccess([SystemFunctionName.CLUSTER_CREATE])"
+                  class="action-button-blue" (click)="createCluster()">
             Add new cluster
           </button>
         </div>