Merge bf6e347 into f2efea6

Author: adameat

ydb/core/viewer/json_whoami.h

@@ -1,6 +1,8 @@
 #pragma once
 #include <ydb/library/actors/core/actor_bootstrapped.h>
 #include <ydb/library/actors/core/mon.h>
+#include <library/cpp/json/json_value.h>
+#include <library/cpp/json/json_writer.h>
 #include <ydb/core/base/tablet_pipe.h>
 #include <ydb/library/services/services.pb.h>
 #include <ydb/core/tx/schemeshard/schemeshard.h>
@@ -14,7 +16,6 @@ using namespace NActors;
 
 class TJsonWhoAmI : public TActorBootstrapped<TJsonWhoAmI> {
     IViewer* Viewer;
-    TJsonSettings JsonSettings;
     NMon::TEvHttpInfo::TPtr Event;
 
 public:
@@ -28,18 +29,48 @@ class TJsonWhoAmI : public TActorBootstrapped<TJsonWhoAmI> {
     {}
 
     void Bootstrap(const TActorContext& ctx) {
-        const auto& params(Event->Get()->Request.GetParams());
-        JsonSettings.EnumAsNumbers = !FromStringWithDefault<bool>(params.Get("enums"), false);
-        JsonSettings.UI64AsString = !FromStringWithDefault<bool>(params.Get("ui64"), false);
         ReplyAndDie(ctx);
     }
 
+    bool CheckGroupMembership(std::unique_ptr<NACLib::TUserToken>& token, const NProtoBuf::RepeatedPtrField<TString>& sids) {
+        if (sids.empty()) {
+            return true;
+        }
+        for (const auto& sid : sids) {
+            if (token->IsExist(sid)) {
+                return true;
+            }
+        }
+        return false;
+    }
+
     void ReplyAndDie(const  TActorContext &ctx) {
         NACLibProto::TUserToken userToken;
         Y_PROTOBUF_SUPPRESS_NODISCARD userToken.ParseFromString(Event->Get()->UserToken);
-        TStringStream json;
-        TProtoToJson::ProtoToJson(json, userToken, JsonSettings);
-        ctx.Send(Event->Sender, new NMon::TEvHttpInfoRes(Viewer->GetHTTPOKJSON(Event->Get()) + json.Str(), 0, NMon::IEvHttpInfoRes::EContentType::Custom));
+        NJson::TJsonValue json(NJson::JSON_MAP);
+        if (userToken.HasUserSID()) {
+            json["UserSID"] = userToken.GetUserSID();
+        }
+        if (userToken.HasGroupSIDs() && userToken.GetGroupSIDs().BucketsSize() > 0) {
+            NJson::TJsonValue& groupSIDs(json["GroupSIDs"]);
+            groupSIDs.SetType(NJson::JSON_ARRAY);
+            for (const auto& buckets : userToken.GetGroupSIDs().GetBuckets()) {
+                for (const auto& group : buckets.GetValues()) {
+                    groupSIDs.AppendValue(group);
+                }
+            }
+        }
+        if (userToken.HasOriginalUserToken()) {
+            json["OriginalUserToken"] = userToken.HasOriginalUserToken();
+        }
+        if (userToken.HasAuthType()) {
+            json["AuthType"] = userToken.GetAuthType();
+        }
+        auto token = std::make_unique<NACLib::TUserToken>(userToken);
+        json["IsViewerAllowed"] = CheckGroupMembership(token, AppData()->DomainsConfig.GetSecurityConfig().GetViewerAllowedSIDs());
+        json["IsMonitoringAllowed"] = CheckGroupMembership(token, AppData()->DomainsConfig.GetSecurityConfig().GetMonitoringAllowedSIDs());
+        json["IsAdministrationAllowed"] = CheckGroupMembership(token, AppData()->DomainsConfig.GetSecurityConfig().GetAdministrationAllowedSIDs());
+        ctx.Send(Event->Sender, new NMon::TEvHttpInfoRes(Viewer->GetHTTPOKJSON(Event->Get()) + NJson::WriteJson(json, false), 0, NMon::IEvHttpInfoRes::EContentType::Custom));
         Die(ctx);
     }