[codex] Complete portal OpenAPI migration

CHANGES.md

@@ -16,6 +16,7 @@ Apollo 3.0.0
 * [Change: migrate Apollo Portal namespace core UI operations to OpenAPI](https://github.com/apolloconfig/apollo/pull/5612)
 * [Change: migrate Apollo Portal release, branch, and instance UI operations to OpenAPI](https://github.com/apolloconfig/apollo/pull/5616)
 * [Change: migrate Apollo Portal permission and AccessKey UI operations to OpenAPI](https://github.com/apolloconfig/apollo/pull/5617)
+* [Change: complete Apollo Portal UI management OpenAPI migration](https://github.com/apolloconfig/apollo/pull/5618)
 
 ------------------
 All issues and pull requests are [here](https://github.com/apolloconfig/apollo/milestone/18?closed=1)

apollo-portal/pom.xml

@@ -27,7 +27,7 @@
 	<artifactId>apollo-portal</artifactId>
 	<name>Apollo Portal</name>
 	<properties>
-		<apollo.openapi.spec.url>https://raw.githubusercontent.com/apolloconfig/apollo-openapi/refs/tags/v0.3.3/apollo-openapi.yaml</apollo.openapi.spec.url>
+		<apollo.openapi.spec.url>https://raw.githubusercontent.com/apolloconfig/apollo-openapi/refs/tags/v0.3.4/apollo-openapi.yaml</apollo.openapi.spec.url>
 		<github.path>${project.artifactId}</github.path>
 		<maven.build.timestamp.format>yyyyMMddHHmmss</maven.build.timestamp.format>
 	</properties>

apollo-portal/src/main/java/com/ctrip/framework/apollo/openapi/server/service/ServerAppOpenApiService.java

@@ -28,10 +28,11 @@
 import com.ctrip.framework.apollo.openapi.model.OpenMissEnvDTO;
 import com.ctrip.framework.apollo.openapi.util.OpenApiModelConverters;
 import com.ctrip.framework.apollo.portal.component.PortalSettings;
-import com.ctrip.framework.apollo.portal.entity.model.AppModel;
+import com.ctrip.framework.apollo.portal.enricher.adapter.OpenAppDtoUserInfoEnrichedAdapter;
 import com.ctrip.framework.apollo.portal.environment.Env;
 import com.ctrip.framework.apollo.portal.listener.AppDeletionEvent;
 import com.ctrip.framework.apollo.portal.listener.AppInfoChangedEvent;
+import com.ctrip.framework.apollo.portal.service.AdditionalUserInfoEnrichService;
 import com.ctrip.framework.apollo.portal.service.AppService;
 import com.ctrip.framework.apollo.portal.service.ClusterService;
 import com.ctrip.framework.apollo.portal.service.RoleInitializationService;
@@ -61,16 +62,19 @@ public class ServerAppOpenApiService implements AppOpenApiService {
   private final AppService appService;
   private final ApplicationEventPublisher publisher;
   private final RoleInitializationService roleInitializationService;
+  private final AdditionalUserInfoEnrichService additionalUserInfoEnrichService;
   private static final Logger logger = LoggerFactory.getLogger(ServerAppOpenApiService.class);
 
   public ServerAppOpenApiService(PortalSettings portalSettings, ClusterService clusterService,
       AppService appService, ApplicationEventPublisher publisher,
-      RoleInitializationService roleInitializationService) {
+      RoleInitializationService roleInitializationService,
+      AdditionalUserInfoEnrichService additionalUserInfoEnrichService) {
     this.portalSettings = portalSettings;
     this.clusterService = clusterService;
     this.appService = appService;
     this.publisher = publisher;
     this.roleInitializationService = roleInitializationService;
+    this.additionalUserInfoEnrichService = additionalUserInfoEnrichService;
   }
 
   private App convert(OpenAppDTO dto) {
@@ -137,7 +141,7 @@ public List<OpenEnvClusterInfo> getEnvClusterInfo(String appId) {
   @Override
   public List<OpenAppDTO> getAllApps() {
     final List<App> apps = this.appService.findAll();
-    return OpenApiModelConverters.fromApps(apps);
+    return enrichApps(OpenApiModelConverters.fromApps(apps));
   }
 
   @Override
@@ -146,7 +150,7 @@ public List<OpenAppDTO> getAppsInfo(List<String> appIds) {
       return Collections.emptyList();
     }
     final List<App> apps = this.appService.findByAppIds(new HashSet<>(appIds));
-    return OpenApiModelConverters.fromApps(apps);
+    return enrichApps(OpenApiModelConverters.fromApps(apps));
   }
 
   @Override
@@ -180,7 +184,7 @@ public List<OpenAppDTO> getAppsBySelf(Set<String> appIds, Integer page, Integer
       return Collections.emptyList();
     }
     List<App> apps = appService.findByAppIds(targetAppIds, pageable);
-    return OpenApiModelConverters.fromApps(apps);
+    return enrichApps(OpenApiModelConverters.fromApps(apps));
   }
 
   /**
@@ -245,4 +249,10 @@ public List<OpenMissEnvDTO> findMissEnvs(String appId) {
     }
     return response;
   }
+
+  private List<OpenAppDTO> enrichApps(List<OpenAppDTO> apps) {
+    additionalUserInfoEnrichService.enrichAdditionalUserInfo(apps,
+        OpenAppDtoUserInfoEnrichedAdapter::new);
+    return apps;
+  }
 }

apollo-portal/src/main/java/com/ctrip/framework/apollo/openapi/server/service/ServerPermissionOpenApiService.java

@@ -239,6 +239,7 @@ public void addCreateApplicationRoleToUsers(List<String> userIds, String operato
   @Override
   public void deleteCreateApplicationRoleFromUser(String userId, String operator) {
     RequestPrecondition.checkArgumentsNotEmpty(userId);
+    checkUserExists(userId);
     rolePermissionService.removeRoleFromUsers(SystemRoleManagerService.CREATE_APPLICATION_ROLE_NAME,
         Sets.newHashSet(userId), operator);
   }
@@ -265,6 +266,7 @@ public void addManageAppMasterRoleToUser(String appId, String userId, String ope
   @Override
   public void removeManageAppMasterRoleFromUser(String appId, String userId, String operator) {
     RequestPrecondition.checkArgumentsNotEmpty(userId);
+    checkUserExists(userId);
     roleInitializationService.initManageAppMasterRole(appId, operator);
     rolePermissionService.removeRoleFromUsers(
         RoleUtils.buildAppRoleName(appId, PermissionType.MANAGE_APP_MASTER),

apollo-portal/src/main/java/com/ctrip/framework/apollo/openapi/util/OpenApiModelConverters.java

@@ -58,12 +58,14 @@
 import com.ctrip.framework.apollo.openapi.model.OpenReleaseChangeDTO;
 import com.ctrip.framework.apollo.openapi.model.OpenReleaseDTO;
 import com.ctrip.framework.apollo.openapi.model.OpenReleaseDiffDTO;
+import com.ctrip.framework.apollo.openapi.model.OpenUserDTO;
 import com.ctrip.framework.apollo.openapi.model.OpenUserInfoDTO;
 import com.ctrip.framework.apollo.portal.entity.bo.ItemBO;
 import com.ctrip.framework.apollo.portal.entity.bo.KVEntity;
 import com.ctrip.framework.apollo.portal.entity.bo.NamespaceBO;
 import com.ctrip.framework.apollo.portal.entity.bo.UserInfo;
 import com.ctrip.framework.apollo.portal.entity.model.NamespaceTextModel;
+import com.ctrip.framework.apollo.portal.entity.po.UserPO;
 import com.ctrip.framework.apollo.portal.entity.vo.AppRolesAssignedUsers;
 import com.ctrip.framework.apollo.portal.entity.vo.ClusterNamespaceRolesAssignedUsers;
 import com.ctrip.framework.apollo.portal.entity.vo.EnvClusterInfo;
@@ -560,6 +562,14 @@ public static OpenUserInfoDTO fromUserInfo(final UserInfo userInfo) {
     return BeanUtils.transform(OpenUserInfoDTO.class, userInfo);
   }
 
+  public static List<OpenUserInfoDTO> fromUserInfos(final List<UserInfo> userInfos) {
+    if (CollectionUtils.isEmpty(userInfos)) {
+      return Collections.emptyList();
+    }
+    return userInfos.stream().map(OpenApiModelConverters::fromUserInfo)
+        .collect(Collectors.toList());
+  }
+
   public static List<OpenUserInfoDTO> fromUserInfos(final Set<UserInfo> userInfos) {
     if (CollectionUtils.isEmpty(userInfos)) {
       return Collections.emptyList();
@@ -569,6 +579,17 @@ public static List<OpenUserInfoDTO> fromUserInfos(final Set<UserInfo> userInfos)
         .map(OpenApiModelConverters::fromUserInfo).collect(Collectors.toList());
   }
 
+  public static UserPO toUserPO(final OpenUserDTO user) {
+    Preconditions.checkArgument(user != null);
+    UserPO result = new UserPO();
+    result.setUsername(user.getUsername());
+    result.setUserDisplayName(user.getUserDisplayName());
+    result.setPassword(user.getPassword());
+    result.setEmail(user.getEmail());
+    result.setEnabled(user.getEnabled() == null ? 0 : user.getEnabled());
+    return result;
+  }
+
   public static OpenAppRoleUserDTO fromAppRolesAssignedUsers(
       final AppRolesAssignedUsers assignedUsers) {
     Preconditions.checkArgument(assignedUsers != null);

apollo-portal/src/main/java/com/ctrip/framework/apollo/openapi/v1/controller/AppController.java

@@ -19,6 +19,7 @@
 import com.ctrip.framework.apollo.audit.annotation.ApolloAuditLog;
 import com.ctrip.framework.apollo.audit.annotation.OpType;
 import com.ctrip.framework.apollo.common.exception.BadRequestException;
+import com.ctrip.framework.apollo.common.utils.InputValidator;
 import com.ctrip.framework.apollo.openapi.api.AppManagementApi;
 import com.ctrip.framework.apollo.openapi.model.OpenAppDTO;
 import com.ctrip.framework.apollo.openapi.model.OpenCreateAppDTO;
@@ -78,6 +79,7 @@ public AppController(final ConsumerAuthUtil consumerAuthUtil,
    */
   @Transactional
   @PreAuthorize(value = "@unifiedPermissionValidator.hasCreateApplicationPermission()")
+  @ApolloAuditLog(type = OpType.CREATE, name = "App.create")
   @Override
   public ResponseEntity<Void> createApp(OpenCreateAppDTO req) {
     if (null == req.getApp()) {
@@ -87,6 +89,7 @@ public ResponseEntity<Void> createApp(OpenCreateAppDTO req) {
     if (!StringUtils.hasText(app.getAppId())) {
       throw new BadRequestException("AppId is null or blank");
     }
+    validatePortalCreateApp(app);
     String resolvedOperator = resolveOperator(app.getDataChangeCreatedBy());
     app.setDataChangeCreatedBy(resolvedOperator);
     app.setDataChangeLastModifiedBy(resolvedOperator);
@@ -172,7 +175,8 @@ public ResponseEntity<List<OpenAppDTO>> getAppsBySelf(Integer page, Integer size
    * POST /openapi/v1/apps/envs/{env}
    */
   @Override
-  @PreAuthorize(value = "@unifiedPermissionValidator.hasCreateApplicationPermission()")
+  @PreAuthorize(value = "@unifiedPermissionValidator.hasCreateApplicationPermission()"
+      + " || (#app != null && @unifiedPermissionValidator.isAppAdmin(#app.appId))")
   @ApolloAuditLog(type = OpType.CREATE, name = "App.create.forEnv")
   public ResponseEntity<Void> createAppInEnv(String env, OpenAppDTO app, String operator) {
     if (app == null) {
@@ -190,8 +194,8 @@ public ResponseEntity<Void> createAppInEnv(String env, OpenAppDTO app, String op
    * Delete App (new added)
    */
   @Override
-  @PreAuthorize(value = "@unifiedPermissionValidator.isAppAdmin(#appId)")
-  @ApolloAuditLog(type = OpType.DELETE, name = "App.delete")
+  @PreAuthorize(value = "@unifiedPermissionValidator.isSuperAdmin()")
+  @ApolloAuditLog(type = OpType.RPC, name = "App.delete")
   public ResponseEntity<Void> deleteApp(String appId, String operator) {
     String resolvedOperator = resolveOperator(operator);
     appOpenApiService.deleteApp(appId, resolvedOperator);
@@ -229,6 +233,28 @@ private String resolveOperator(String operator) {
         UserIdentityContextHolder.getAuthType());
   }
 
+  private void validatePortalCreateApp(OpenAppDTO app) {
+    if (!UserIdentityConstants.USER.equals(UserIdentityContextHolder.getAuthType())) {
+      return;
+    }
+    if (!StringUtils.hasText(app.getName())) {
+      throw BadRequestException.appNameIsBlank();
+    }
+    if (!InputValidator.isValidClusterNamespace(app.getAppId())) {
+      throw new BadRequestException("Invalid AppId format: %s",
+          InputValidator.INVALID_CLUSTER_NAMESPACE_MESSAGE);
+    }
+    if (!StringUtils.hasText(app.getOrgId())) {
+      throw BadRequestException.orgIdIsBlank();
+    }
+    if (!StringUtils.hasText(app.getOrgName())) {
+      throw new BadRequestException("orgName can not be blank");
+    }
+    if (!StringUtils.hasText(app.getOwnerName())) {
+      throw BadRequestException.ownerNameIsBlank();
+    }
+  }
+
   private Set<String> findAppIdsAuthorizedByCurrentIdentity() {
     if (UserIdentityConstants.USER.equals(UserIdentityContextHolder.getAuthType())) {
       UserInfo loginUser = userInfoHolder.getUser();

apollo-portal/src/main/java/com/ctrip/framework/apollo/openapi/v1/controller/ClusterController.java

@@ -55,6 +55,7 @@ public ResponseEntity<OpenClusterDTO> getCluster(String appId, String clusterNam
   }
 
   @PreAuthorize(value = "@unifiedPermissionValidator.hasCreateClusterPermission(#appId)")
+  @ApolloAuditLog(type = OpType.CREATE, name = "Cluster.create")
   @Override
   public ResponseEntity<OpenClusterDTO> createCluster(String appId, String env,
       OpenClusterDTO cluster) {
@@ -83,7 +84,7 @@ public ResponseEntity<OpenClusterDTO> createCluster(String appId, String env,
   /**
    * Delete Clusters
    */
-  @PreAuthorize(value = "@unifiedPermissionValidator.isAppAdmin(#appId)")
+  @PreAuthorize(value = "@unifiedPermissionValidator.isSuperAdmin()")
   @ApolloAuditLog(type = OpType.DELETE, name = "Cluster.delete")
   @Override
   public ResponseEntity<Void> deleteCluster(String env, String appId, String clusterName,

apollo-portal/src/main/java/com/ctrip/framework/apollo/openapi/v1/controller/NamespaceBranchController.java

@@ -16,6 +16,8 @@
  */
 package com.ctrip.framework.apollo.openapi.v1.controller;
 
+import com.ctrip.framework.apollo.audit.annotation.ApolloAuditLog;
+import com.ctrip.framework.apollo.audit.annotation.OpType;
 import com.ctrip.framework.apollo.common.dto.GrayReleaseRuleDTO;
 import com.ctrip.framework.apollo.common.dto.NamespaceDTO;
 import com.ctrip.framework.apollo.common.dto.ReleaseDTO;
@@ -74,6 +76,7 @@ public NamespaceBranchController(final UnifiedPermissionValidator unifiedPermiss
 
   @PreAuthorize(
       value = "@openapiNamespaceBranchController.canCreateBranch(#appId, #env, #clusterName, #namespaceName)")
+  @ApolloAuditLog(type = OpType.CREATE, name = "NamespaceBranch.create")
   @Override
   public ResponseEntity<OpenNamespaceDTO> createBranch(String appId, String env, String clusterName,
       String namespaceName, String operator) {
@@ -85,6 +88,7 @@ public ResponseEntity<OpenNamespaceDTO> createBranch(String appId, String env, S
   }
 
   @Override
+  @ApolloAuditLog(type = OpType.DELETE, name = "NamespaceBranch.delete")
   public ResponseEntity<Void> deleteBranch(String env, String appId, String clusterName,
       String namespaceName, String branchName, String operator) {
     String resolvedOperator = resolveOperator(operator, null);
@@ -124,6 +128,7 @@ public ResponseEntity<OpenGrayReleaseRuleDTO> getBranchGrayRules(String appId, S
 
   @PreAuthorize(
       value = "@openapiNamespaceBranchController.canMergeBranch(#appId, #env, #clusterName, #namespaceName)")
+  @ApolloAuditLog(type = OpType.UPDATE, name = "NamespaceBranch.merge")
   @Override
   public ResponseEntity<OpenReleaseDTO> merge(String appId, String env, String clusterName,
       String namespaceName, String branchName, Boolean deleteBranch,
@@ -134,6 +139,7 @@ public ResponseEntity<OpenReleaseDTO> merge(String appId, String env, String clu
 
   @PreAuthorize(
       value = "@openapiNamespaceBranchController.canMergeBranch(#appId, #env, #clusterName, #namespaceName)")
+  @ApolloAuditLog(type = OpType.UPDATE, name = "NamespaceBranch.merge")
   @Override
   public ResponseEntity<OpenReleaseDTO> mergeBranch(String env, String appId, String clusterName,
       String namespaceName, String branchName, Boolean deleteBranch,
@@ -144,6 +150,7 @@ public ResponseEntity<OpenReleaseDTO> mergeBranch(String env, String appId, Stri
 
   @PreAuthorize(
       value = "@openapiNamespaceBranchController.canUpdateBranchRules(#appId, #env, #clusterName, #namespaceName)")
+  @ApolloAuditLog(type = OpType.UPDATE, name = "NamespaceBranch.updateBranchRules")
   @Override
   public ResponseEntity<Void> updateBranchRules(String appId, String env, String clusterName,
       String namespaceName, String branchName, OpenGrayReleaseRuleDTO openGrayReleaseRuleDTO,

apollo-portal/src/main/java/com/ctrip/framework/apollo/openapi/v1/controller/PermissionController.java

@@ -185,7 +185,6 @@ public ResponseEntity<OpenPermissionConditionDTO> hasRootPermission(String userI
   }
 
   @Override
-  @PreAuthorize(value = "@unifiedPermissionValidator.hasAssignRolePermission(#appId)")
   @ApolloAuditLog(type = OpType.CREATE, name = "Auth.initAppPermission")
   public ResponseEntity<Void> initAppPermission(String appId, String namespaceName,
       String operator) {
@@ -195,7 +194,6 @@ public ResponseEntity<Void> initAppPermission(String appId, String namespaceName
   }
 
   @Override
-  @PreAuthorize(value = "@unifiedPermissionValidator.hasAssignRolePermission(#appId)")
   @ApolloAuditLog(type = OpType.CREATE, name = "Auth.initClusterNamespacePermission")
   public ResponseEntity<Void> initClusterNamespacePermission(String appId, String env,
       String clusterName, String operator) {