From 7000885133b86d133452ece9e93e7d3783cd53bf Mon Sep 17 00:00:00 2001
From: guqing <38999863+guqing@users.noreply.github.com>
Date: Fri, 15 Jul 2022 12:23:09 +0800
Subject: [PATCH] refactor: super administrator role has all UI permissions
 (#2247)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

<!--  Thanks for sending a pull request!  Here are some tips for you:
1. 如果这是你的第一次，请阅读我们的贡献指南：<https://github.com/halo-dev/halo/blob/master/CONTRIBUTING.md>。
1. If this is your first time, please read our contributor guidelines: <https://github.com/halo-dev/halo/blob/master/CONTRIBUTING.md>.
2. 请根据你解决问题的类型为 Pull Request 添加合适的标签。
2. Please label this pull request according to what type of issue you are addressing, especially if this is a release targeted pull request.
3. 请确保你已经添加并运行了适当的测试。
3. Ensure you have added or ran the appropriate tests for your PR.
-->

#### What type of PR is this?
/kind improvement
/area core
/milestone 2.0
<!--
添加其中一个类别：
Add one of the following kinds:

/kind bug
/kind cleanup
/kind documentation
/kind feature
/kind improvement

适当添加其中一个或多个类别（可选）：
Optionally add one or more of the following kinds if applicable:

/kind api-change
/kind deprecation
/kind failing-test
/kind flake
/kind regression
-->

#### What this PR does / why we need it:
- 超级管理员具有所有 ui-permissions
- 根据用户名获取权限的接口标记非空文档注解
#### Which issue(s) this PR fixes:

<!--
PR 合并时自动关闭 issue。
Automatically closes linked issue when PR is merged.

用法：`Fixes #<issue 号>`，或者 `Fixes (粘贴 issue 完整链接)`
Usage: `Fixes #<issue number>`, or `Fixes (paste link of issue)`.
-->
Fixes #

#### Special notes for your reviewer:
/cc @halo-dev/sig-halo
#### Does this PR introduce a user-facing change?

<!--
如果当前 Pull Request 的修改不会造成用户侧的任何变更，在 `release-note` 代码块儿中填写 `NONE`。
否则请填写用户侧能够理解的 Release Note。如果当前 Pull Request 包含破坏性更新（Break Change），
Release Note 需要以 `action required` 开头。
If no, just write "NONE" in the release-note block below.
If yes, a release note is required:
Enter your extended release note in the block below. If the PR requires additional action from users switching to the new release, include the string "action required".
-->

```release-note
None
```
---
 .../run/halo/app/core/extension/endpoint/UserEndpoint.java | 7 ++++---
 .../java/run/halo/app/security/SuperAdminInitializer.java  | 5 +++++
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/src/main/java/run/halo/app/core/extension/endpoint/UserEndpoint.java b/src/main/java/run/halo/app/core/extension/endpoint/UserEndpoint.java
index 5ae6895c9..c0b3b7e16 100644
--- a/src/main/java/run/halo/app/core/extension/endpoint/UserEndpoint.java
+++ b/src/main/java/run/halo/app/core/extension/endpoint/UserEndpoint.java
@@ -7,6 +7,7 @@ import static org.springdoc.core.fn.builders.requestbody.Builder.requestBodyBuil
 import com.fasterxml.jackson.core.type.TypeReference;
 import io.micrometer.common.util.StringUtils;
 import io.swagger.v3.oas.annotations.enums.ParameterIn;
+import io.swagger.v3.oas.annotations.media.Schema;
 import java.util.HashSet;
 import java.util.LinkedHashSet;
 import java.util.Map;
@@ -148,8 +149,7 @@ public class UserEndpoint implements CustomEndpoint {
                 return list;
             })
             .map(roles -> {
-                Set<String> uiPermissions =
-                    roles.stream()
+                Set<String> uiPermissions = roles.stream()
                         .map(role -> role.getMetadata().getAnnotations())
                         .filter(Objects::nonNull)
                         .map(this::mergeUiPermissions)
@@ -180,6 +180,7 @@ public class UserEndpoint implements CustomEndpoint {
         return result;
     }
 
-    record UserPermission(Set<Role> roles, Set<String> uiPermissions) {
+    record UserPermission(@Schema(required = true) Set<Role> roles,
+                          @Schema(required = true) Set<String> uiPermissions) {
     }
 }
diff --git a/src/main/java/run/halo/app/security/SuperAdminInitializer.java b/src/main/java/run/halo/app/security/SuperAdminInitializer.java
index c78d2fe42..fd462a65a 100644
--- a/src/main/java/run/halo/app/security/SuperAdminInitializer.java
+++ b/src/main/java/run/halo/app/security/SuperAdminInitializer.java
@@ -1,7 +1,9 @@
 package run.halo.app.security;
 
 import java.time.Instant;
+import java.util.HashMap;
 import java.util.List;
+import java.util.Map;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.RandomStringUtils;
 import org.springframework.boot.context.event.ApplicationReadyEvent;
@@ -68,6 +70,9 @@ public class SuperAdminInitializer implements ApplicationListener<ApplicationRea
     Role createSuperRole() {
         var metadata = new Metadata();
         metadata.setName("super-role");
+        Map<String, String> annotations = new HashMap<>();
+        annotations.put(Role.UI_PERMISSIONS_ANNO, "[\"*\"]");
+        metadata.setAnnotations(annotations);
 
         var superRule = new PolicyRule.Builder()
             .apiGroups("*")