提供一个创建用户的OpenAPI

apollo-portal/src/main/java/com/ctrip/framework/apollo/openapi/auth/ConsumerPermissionValidator.java

@@ -94,6 +94,18 @@ public boolean hasManageAppMasterPermission(String appId) {
     throw new UnsupportedOperationException("Not supported operation");
   }
 
+  @Override
+  public boolean hasCreateUserPermission() {
+    long consumerId = consumerAuthUtil.retrieveConsumerIdFromCtx();
+    return permissionService.consumerHasPermission(consumerId, PermissionType.CREATE_USER,
+        SYSTEM_PERMISSION_TARGET_ID);
+  }
+
+  @Override
+  public boolean hasCreateUserPermission(String userId) {
+    return false;
+  }
+
   @Override
   protected boolean hasPermissions(List<Permission> requiredPerms) {
     if (requiredPerms == null || requiredPerms.isEmpty()) {

apollo-portal/src/main/java/com/ctrip/framework/apollo/openapi/dto/OpenUserDTO.java

@@ -0,0 +1,77 @@
+/*
+ * Copyright 2025 Apollo Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package com.ctrip.framework.apollo.openapi.dto;
+
+/**
+ * Open API User DTO for user management operations.
+ *
+ * @author dreamweaver
+ */
+public class OpenUserDTO {
+
+  private String username;
+  private String userDisplayName;
+  private String password;
+  private String email;
+  private Integer enabled;
+
+  public String getUsername() {
+    return username;
+  }
+
+  public void setUsername(String username) {
+    this.username = username;
+  }
+
+  public String getUserDisplayName() {
+    return userDisplayName;
+  }
+
+  public void setUserDisplayName(String userDisplayName) {
+    this.userDisplayName = userDisplayName;
+  }
+
+  public String getPassword() {
+    return password;
+  }
+
+  public void setPassword(String password) {
+    this.password = password;
+  }
+
+  public String getEmail() {
+    return email;
+  }
+
+  public void setEmail(String email) {
+    this.email = email;
+  }
+
+  public Integer getEnabled() {
+    return enabled;
+  }
+
+  public void setEnabled(Integer enabled) {
+    this.enabled = enabled;
+  }
+
+  @Override
+  public String toString() {
+    return "OpenUserDTO{" + "username='" + username + '\'' + ", userDisplayName='" + userDisplayName
+        + '\'' + ", email='" + email + '\'' + ", enabled=" + enabled + '}';
+  }
+}

apollo-portal/src/main/java/com/ctrip/framework/apollo/openapi/service/ConsumerService.java

@@ -19,6 +19,7 @@
 import static com.ctrip.framework.apollo.portal.service.SystemRoleManagerService.CREATE_APPLICATION_ROLE_NAME;
 
 import com.ctrip.framework.apollo.common.exception.BadRequestException;
+import com.ctrip.framework.apollo.portal.service.SystemRoleManagerService;
 import com.ctrip.framework.apollo.common.exception.NotFoundException;
 import com.ctrip.framework.apollo.openapi.entity.Consumer;
 import com.ctrip.framework.apollo.openapi.entity.ConsumerAudit;
@@ -206,7 +207,7 @@ public List<ConsumerRole> assignNamespaceRoleToConsumer(String token, String app
   }
 
   private ConsumerInfo convert(Consumer consumer, String token, boolean allowCreateApplication,
-      Integer rateLimit) {
+      boolean allowCreateUser, Integer rateLimit) {
     ConsumerInfo consumerInfo = new ConsumerInfo();
     consumerInfo.setConsumerId(consumer.getId());
     consumerInfo.setAppId(consumer.getAppId());
@@ -219,6 +220,7 @@ private ConsumerInfo convert(Consumer consumer, String token, boolean allowCreat
 
     consumerInfo.setToken(token);
     consumerInfo.setAllowCreateApplication(allowCreateApplication);
+    consumerInfo.setAllowCreateUser(allowCreateUser);
     return consumerInfo;
   }
 
@@ -232,13 +234,17 @@ public ConsumerInfo getConsumerInfoByAppId(String appId) {
       return null;
     }
     return convert(consumer, consumerToken.getToken(), isAllowCreateApplication(consumer.getId()),
-        getRateLimit(consumer.getId()));
+        isAllowCreateUser(consumer.getId()), getRateLimit(consumer.getId()));
   }
 
   private boolean isAllowCreateApplication(Long consumerId) {
     return isAllowCreateApplication(Collections.singletonList(consumerId)).get(0);
   }
 
+  private boolean isAllowCreateUser(Long consumerId) {
+    return isAllowCreateUser(Collections.singletonList(consumerId)).get(0);
+  }
+
   private Integer getRateLimit(Long consumerId) {
     List<Integer> list = getRateLimit(Collections.singletonList(consumerId));
     if (CollectionUtils.isEmpty(list)) {
@@ -268,6 +274,27 @@ private List<Boolean> isAllowCreateApplication(List<Long> consumerIdList) {
     return list;
   }
 
+  private List<Boolean> isAllowCreateUser(List<Long> consumerIdList) {
+    Role createUserRole = getCreateUserRole();
+    if (createUserRole == null) {
+      List<Boolean> list = new ArrayList<>(consumerIdList.size());
+      for (Long ignored : consumerIdList) {
+        list.add(false);
+      }
+      return list;
+    }
+
+    long roleId = createUserRole.getId();
+    List<Boolean> list = new ArrayList<>(consumerIdList.size());
+    for (Long consumerId : consumerIdList) {
+      ConsumerRole createUserConsumerRole =
+          consumerRoleRepository.findByConsumerIdAndRoleId(consumerId, roleId);
+      list.add(createUserConsumerRole != null);
+    }
+
+    return list;
+  }
+
   private List<Integer> getRateLimit(List<Long> consumerIds) {
     List<ConsumerToken> consumerTokens = consumerTokenRepository.findByConsumerIdIn(consumerIds);
     Map<Long, Integer> consumerRateLimits = consumerTokens.stream().collect(Collectors.toMap(
@@ -282,6 +309,10 @@ private Role getCreateAppRole() {
     return rolePermissionService.findRoleByRoleName(CREATE_APPLICATION_ROLE_NAME);
   }
 
+  private Role getCreateUserRole() {
+    return rolePermissionService.findRoleByRoleName(SystemRoleManagerService.CREATE_USER_ROLE_NAME);
+  }
+
   public ConsumerRole assignCreateApplicationRoleToConsumer(String token) {
     Long consumerId = getConsumerIdByToken(token);
     if (consumerId == null) {
@@ -304,6 +335,28 @@ public ConsumerRole assignCreateApplicationRoleToConsumer(String token) {
     return consumerRoleRepository.save(consumerRole);
   }
 
+  public ConsumerRole assignCreateUserRoleToConsumer(String token) {
+    Long consumerId = getConsumerIdByToken(token);
+    if (consumerId == null) {
+      throw new BadRequestException("Token is Illegal");
+    }
+    Role createUserRole = getCreateUserRole();
+    if (createUserRole == null) {
+      throw NotFoundException.roleNotFound(SystemRoleManagerService.CREATE_USER_ROLE_NAME);
+    }
+
+    long roleId = createUserRole.getId();
+    ConsumerRole createUserConsumerRole =
+        consumerRoleRepository.findByConsumerIdAndRoleId(consumerId, roleId);
+    if (createUserConsumerRole != null) {
+      return createUserConsumerRole;
+    }
+
+    String operator = userInfoHolder.getUser().getUserId();
+    ConsumerRole consumerRole = createConsumerRole(consumerId, roleId, operator);
+    return consumerRoleRepository.save(consumerRole);
+  }
+
 
   @Transactional
   public ConsumerRole assignAppRoleToConsumer(String token, String appId) {
@@ -436,15 +489,16 @@ public List<ConsumerInfo> findConsumerInfoList(Pageable page) {
     List<Long> consumerIdList =
         consumerList.stream().map(Consumer::getId).collect(Collectors.toList());
     List<Boolean> allowCreateApplicationList = isAllowCreateApplication(consumerIdList);
+    List<Boolean> allowCreateUserList = isAllowCreateUser(consumerIdList);
     List<Integer> rateLimitList = getRateLimit(consumerIdList);
 
     List<ConsumerInfo> consumerInfoList = new ArrayList<>(consumerList.size());
 
     for (int i = 0; i < consumerList.size(); i++) {
       Consumer consumer = consumerList.get(i);
       // without token
-      ConsumerInfo consumerInfo =
-          convert(consumer, null, allowCreateApplicationList.get(i), rateLimitList.get(i));
+      ConsumerInfo consumerInfo = convert(consumer, null, allowCreateApplicationList.get(i),
+          allowCreateUserList.get(i), rateLimitList.get(i));
       consumerInfoList.add(consumerInfo);
     }