Skip to content

Commit 2d8431a

Browse files
adameatadameat
authored
Merge dea33cb into 70e288a 
2 parents 70e288a + dea33cb commit 2d8431a

File tree

2 files changed

+84
-13
lines changed

2 files changed

+84
-13
lines changed

ydb/core/viewer/json_handlers.h

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -74,7 +74,12 @@ struct TJsonHandlers {
7474
json << ',';
7575
}
7676
TString name = itJson->first;
77-
json << "\"/" << name << '"' << ":{";
77+
if (name.StartsWith("/json/")) {
78+
name = "/viewer" + name;
79+
} else {
80+
name = "/" + name;
81+
}
82+
json << '"' << name << '"' << ":{";
7883
json << "\"get\":{";
7984
json << "\"tags\":[\"" << TTagInfo::TagName << "\"],";
8085
json << "\"produces\":[\"application/json\"],";

ydb/core/viewer/json_whoami.h

Lines changed: 78 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,8 @@
11
#pragma once
22
#include <ydb/library/actors/core/actor_bootstrapped.h>
33
#include <ydb/library/actors/core/mon.h>
4+
#include <library/cpp/json/json_value.h>
5+
#include <library/cpp/json/json_writer.h>
46
#include <ydb/core/base/tablet_pipe.h>
57
#include <ydb/library/services/services.pb.h>
68
#include <ydb/core/tx/schemeshard/schemeshard.h>
@@ -14,7 +16,6 @@ using namespace NActors;
1416

1517
class TJsonWhoAmI : public TActorBootstrapped<TJsonWhoAmI> {
1618
IViewer* Viewer;
17-
TJsonSettings JsonSettings;
1819
NMon::TEvHttpInfo::TPtr Event;
1920

2021
public:
@@ -28,18 +29,48 @@ class TJsonWhoAmI : public TActorBootstrapped<TJsonWhoAmI> {
2829
{}
2930

3031
void Bootstrap(const TActorContext& ctx) {
31-
const auto& params(Event->Get()->Request.GetParams());
32-
JsonSettings.EnumAsNumbers = !FromStringWithDefault<bool>(params.Get("enums"), false);
33-
JsonSettings.UI64AsString = !FromStringWithDefault<bool>(params.Get("ui64"), false);
3432
ReplyAndDie(ctx);
3533
}
3634

35+
bool CheckGroupMembership(std::unique_ptr<NACLib::TUserToken>& token, const NProtoBuf::RepeatedPtrField<TString>& sids) {
36+
if (sids.empty()) {
37+
return true;
38+
}
39+
for (const auto& sid : sids) {
40+
if (token->IsExist(sid)) {
41+
return true;
42+
}
43+
}
44+
return false;
45+
}
46+
3747
void ReplyAndDie(const TActorContext &ctx) {
3848
NACLibProto::TUserToken userToken;
3949
Y_PROTOBUF_SUPPRESS_NODISCARD userToken.ParseFromString(Event->Get()->UserToken);
40-
TStringStream json;
41-
TProtoToJson::ProtoToJson(json, userToken, JsonSettings);
42-
ctx.Send(Event->Sender, new NMon::TEvHttpInfoRes(Viewer->GetHTTPOKJSON(Event->Get()) + json.Str(), 0, NMon::IEvHttpInfoRes::EContentType::Custom));
50+
NJson::TJsonValue json(NJson::JSON_MAP);
51+
if (userToken.HasUserSID()) {
52+
json["UserSID"] = userToken.GetUserSID();
53+
}
54+
if (userToken.HasGroupSIDs() && userToken.GetGroupSIDs().BucketsSize() > 0) {
55+
NJson::TJsonValue& groupSIDs(json["GroupSIDs"]);
56+
groupSIDs.SetType(NJson::JSON_ARRAY);
57+
for (const auto& buckets : userToken.GetGroupSIDs().GetBuckets()) {
58+
for (const auto& group : buckets.GetValues()) {
59+
groupSIDs.AppendValue(group);
60+
}
61+
}
62+
}
63+
if (userToken.HasOriginalUserToken()) {
64+
json["OriginalUserToken"] = userToken.GetOriginalUserToken();
65+
}
66+
if (userToken.HasAuthType()) {
67+
json["AuthType"] = userToken.GetAuthType();
68+
}
69+
auto token = std::make_unique<NACLib::TUserToken>(userToken);
70+
json["IsViewerAllowed"] = CheckGroupMembership(token, AppData()->DomainsConfig.GetSecurityConfig().GetViewerAllowedSIDs());
71+
json["IsMonitoringAllowed"] = CheckGroupMembership(token, AppData()->DomainsConfig.GetSecurityConfig().GetMonitoringAllowedSIDs());
72+
json["IsAdministrationAllowed"] = CheckGroupMembership(token, AppData()->DomainsConfig.GetSecurityConfig().GetAdministrationAllowedSIDs());
73+
ctx.Send(Event->Sender, new NMon::TEvHttpInfoRes(Viewer->GetHTTPOKJSON(Event->Get()) + NJson::WriteJson(json, false), 0, NMon::IEvHttpInfoRes::EContentType::Custom));
4374
Die(ctx);
4475
}
4576

@@ -52,17 +83,52 @@ class TJsonWhoAmI : public TActorBootstrapped<TJsonWhoAmI> {
5283
template <>
5384
struct TJsonRequestSchema<TJsonWhoAmI> {
5485
static TString GetSchema() {
55-
TStringStream stream;
56-
TProtoToJson::ProtoToJsonSchema<NACLibProto::TUserToken>(stream);
57-
return stream.Str();
86+
return R"___(
87+
{
88+
"type": "object",
89+
"title": "WhoAmI",
90+
"properties": {
91+
"UserSID": {
92+
"type": "string",
93+
"description": "User ID / name"
94+
},
95+
"GroupSID": {
96+
"type": "array",
97+
"items": {
98+
"type": "string"
99+
},
100+
"description": "User groups"
101+
},
102+
"OriginalUserToken": {
103+
"type": "string",
104+
"description": "User's token used to authenticate"
105+
},
106+
"AuthType": {
107+
"type": "string",
108+
"description": "Authentication type"
109+
},
110+
"IsViewerAllowed": {
111+
"type": "boolean",
112+
"description": "Is user allowed to view data"
113+
},
114+
"IsMonitoringAllowed": {
115+
"type": "boolean",
116+
"description": "Is user allowed to view deeper and make simple changes"
117+
},
118+
"IsAdministrationAllowed": {
119+
"type": "boolean",
120+
"description": "Is user allowed to do unrestricted changes in the system"
121+
}
122+
}
123+
}
124+
)___";
58125
}
59126
};
60127

61128
template <>
62129
struct TJsonRequestParameters<TJsonWhoAmI> {
63130
static TString GetParameters() {
64-
return R"___([{"name":"enums","in":"query","description":"convert enums to strings","required":false,"type":"boolean"},
65-
{"name":"ui64","in":"query","description":"return ui64 as numbers","required":false,"type":"boolean"}])___";
131+
return "[]";
66132
}
67133
};
68134

0 commit comments

Comments
 (0)