Merge c3a1aed into 70e288a

Author: adameat

ydb/core/viewer/json_handlers.h

@@ -74,7 +74,7 @@ struct TJsonHandlers {
                 json << ',';
             }
             TString name = itJson->first;
-            json << "\"/" << name << '"' << ":{";
+            json << "\"/viewer" << name << '"' << ":{";
                 json << "\"get\":{";
                     json << "\"tags\":[\"" << TTagInfo::TagName << "\"],";
                     json << "\"produces\":[\"application/json\"],";

ydb/core/viewer/json_whoami.h

@@ -1,6 +1,8 @@
 #pragma once
 #include <ydb/library/actors/core/actor_bootstrapped.h>
 #include <ydb/library/actors/core/mon.h>
+#include <library/cpp/json/json_value.h>
+#include <library/cpp/json/json_writer.h>
 #include <ydb/core/base/tablet_pipe.h>
 #include <ydb/library/services/services.pb.h>
 #include <ydb/core/tx/schemeshard/schemeshard.h>
@@ -14,7 +16,6 @@ using namespace NActors;
 
 class TJsonWhoAmI : public TActorBootstrapped<TJsonWhoAmI> {
     IViewer* Viewer;
-    TJsonSettings JsonSettings;
     NMon::TEvHttpInfo::TPtr Event;
 
 public:
@@ -28,18 +29,48 @@ class TJsonWhoAmI : public TActorBootstrapped<TJsonWhoAmI> {
     {}
 
     void Bootstrap(const TActorContext& ctx) {
-        const auto& params(Event->Get()->Request.GetParams());
-        JsonSettings.EnumAsNumbers = !FromStringWithDefault<bool>(params.Get("enums"), false);
-        JsonSettings.UI64AsString = !FromStringWithDefault<bool>(params.Get("ui64"), false);
         ReplyAndDie(ctx);
     }
 
+    bool CheckGroupMembership(std::unique_ptr<NACLib::TUserToken>& token, const NProtoBuf::RepeatedPtrField<TString>& sids) {
+        if (sids.empty()) {
+            return true;
+        }
+        for (const auto& sid : sids) {
+            if (token->IsExist(sid)) {
+                return true;
+            }
+        }
+        return false;
+    }
+
     void ReplyAndDie(const  TActorContext &ctx) {
         NACLibProto::TUserToken userToken;
         Y_PROTOBUF_SUPPRESS_NODISCARD userToken.ParseFromString(Event->Get()->UserToken);
-        TStringStream json;
-        TProtoToJson::ProtoToJson(json, userToken, JsonSettings);
-        ctx.Send(Event->Sender, new NMon::TEvHttpInfoRes(Viewer->GetHTTPOKJSON(Event->Get()) + json.Str(), 0, NMon::IEvHttpInfoRes::EContentType::Custom));
+        NJson::TJsonValue json(NJson::JSON_MAP);
+        if (userToken.HasUserSID()) {
+            json["UserSID"] = userToken.GetUserSID();
+        }
+        if (userToken.HasGroupSIDs() && userToken.GetGroupSIDs().BucketsSize() > 0) {
+            NJson::TJsonValue& groupSIDs(json["GroupSIDs"]);
+            groupSIDs.SetType(NJson::JSON_ARRAY);
+            for (const auto& buckets : userToken.GetGroupSIDs().GetBuckets()) {
+                for (const auto& group : buckets.GetValues()) {
+                    groupSIDs.AppendValue(group);
+                }
+            }
+        }
+        if (userToken.HasOriginalUserToken()) {
+            json["OriginalUserToken"] = userToken.GetOriginalUserToken();
+        }
+        if (userToken.HasAuthType()) {
+            json["AuthType"] = userToken.GetAuthType();
+        }
+        auto token = std::make_unique<NACLib::TUserToken>(userToken);
+        json["IsViewerAllowed"] = CheckGroupMembership(token, AppData()->DomainsConfig.GetSecurityConfig().GetViewerAllowedSIDs());
+        json["IsMonitoringAllowed"] = CheckGroupMembership(token, AppData()->DomainsConfig.GetSecurityConfig().GetMonitoringAllowedSIDs());
+        json["IsAdministrationAllowed"] = CheckGroupMembership(token, AppData()->DomainsConfig.GetSecurityConfig().GetAdministrationAllowedSIDs());
+        ctx.Send(Event->Sender, new NMon::TEvHttpInfoRes(Viewer->GetHTTPOKJSON(Event->Get()) + NJson::WriteJson(json, false), 0, NMon::IEvHttpInfoRes::EContentType::Custom));
         Die(ctx);
     }
 
@@ -52,17 +83,52 @@ class TJsonWhoAmI : public TActorBootstrapped<TJsonWhoAmI> {
 template <>
 struct TJsonRequestSchema<TJsonWhoAmI> {
     static TString GetSchema() {
-        TStringStream stream;
-        TProtoToJson::ProtoToJsonSchema<NACLibProto::TUserToken>(stream);
-        return stream.Str();
+        return R"___(
+            {
+                "type": "object",
+                "title": "WhoAmI",
+                "properties": {
+                    "UserSID": {
+                        "type": "string",
+                        "description": "User ID / name"
+                    },
+                    "GroupSID": {
+                        "type": "array",
+                        "items": {
+                            "type": "string"
+                        },
+                        "description": "User groups"
+                    },
+                    "OriginalUserToken": {
+                        "type": "string",
+                        "description": "User's token used to authenticate"
+                    },
+                    "AuthType": {
+                        "type": "string",
+                        "description": "Authentication type"
+                    },
+                    "IsViewerAllowed": {
+                        "type": "boolean",
+                        "description": "Is user allowed to view data"
+                    },
+                    "IsMonitoringAllowed": {
+                        "type": "boolean",
+                        "description": "Is user allowed to view deeper and make simple changes"
+                    },
+                    "IsAdministrationAllowed": {
+                        "type": "boolean",
+                        "description": "Is user allowed to do unrestricted changes in the system"
+                    }
+                }
+            }
+            )___";
     }
 };
 
 template <>
 struct TJsonRequestParameters<TJsonWhoAmI> {
     static TString GetParameters() {
-        return R"___([{"name":"enums","in":"query","description":"convert enums to strings","required":false,"type":"boolean"},
-                      {"name":"ui64","in":"query","description":"return ui64 as numbers","required":false,"type":"boolean"}])___";
+        return "[]";
     }
 };