From 273e64cd1b7096769fad294918017a4db13a1fb4 Mon Sep 17 00:00:00 2001
From: bachmanity1 <81428651+bachmanity1@users.noreply.github.com>
Date: Sun, 11 Aug 2024 00:05:08 +0900
Subject: [PATCH] BE: RBAC: Impl separate permissions for topic analysis (#513)

Co-authored-by: Roman Zabaluev <gpg@haarolean.dev>
---
 .../java/io/kafbat/ui/controller/TopicsController.java   | 9 +++++----
 .../io/kafbat/ui/model/rbac/permission/TopicAction.java  | 2 ++
 .../src/components/Topics/Topic/Statistics/Metrics.tsx   | 4 ++--
 .../components/Topics/Topic/Statistics/Statistics.tsx    | 2 +-
 frontend/src/components/Topics/Topic/Topic.tsx           | 9 +++++++--
 5 files changed, 17 insertions(+), 9 deletions(-)

diff --git a/api/src/main/java/io/kafbat/ui/controller/TopicsController.java b/api/src/main/java/io/kafbat/ui/controller/TopicsController.java
index 6ccfd18fd..c230f4751 100644
--- a/api/src/main/java/io/kafbat/ui/controller/TopicsController.java
+++ b/api/src/main/java/io/kafbat/ui/controller/TopicsController.java
@@ -1,9 +1,10 @@
 package io.kafbat.ui.controller;
 
+import static io.kafbat.ui.model.rbac.permission.TopicAction.ANALYSIS_RUN;
+import static io.kafbat.ui.model.rbac.permission.TopicAction.ANALYSIS_VIEW;
 import static io.kafbat.ui.model.rbac.permission.TopicAction.CREATE;
 import static io.kafbat.ui.model.rbac.permission.TopicAction.DELETE;
 import static io.kafbat.ui.model.rbac.permission.TopicAction.EDIT;
-import static io.kafbat.ui.model.rbac.permission.TopicAction.MESSAGES_READ;
 import static io.kafbat.ui.model.rbac.permission.TopicAction.VIEW;
 import static java.util.stream.Collectors.toList;
 
@@ -272,7 +273,7 @@ public Mono<ResponseEntity<Void>> analyzeTopic(String clusterName, String topicN
 
     var context = AccessContext.builder()
         .cluster(clusterName)
-        .topicActions(topicName, MESSAGES_READ)
+        .topicActions(topicName, ANALYSIS_RUN)
         .operationName("analyzeTopic")
         .build();
 
@@ -288,7 +289,7 @@ public Mono<ResponseEntity<Void>> cancelTopicAnalysis(String clusterName, String
                                                         ServerWebExchange exchange) {
     var context = AccessContext.builder()
         .cluster(clusterName)
-        .topicActions(topicName, MESSAGES_READ)
+        .topicActions(topicName, ANALYSIS_RUN)
         .operationName("cancelTopicAnalysis")
         .build();
 
@@ -306,7 +307,7 @@ public Mono<ResponseEntity<TopicAnalysisDTO>> getTopicAnalysis(String clusterNam
 
     var context = AccessContext.builder()
         .cluster(clusterName)
-        .topicActions(topicName, MESSAGES_READ)
+        .topicActions(topicName, ANALYSIS_VIEW)
         .operationName("getTopicAnalysis")
         .build();
 
diff --git a/api/src/main/java/io/kafbat/ui/model/rbac/permission/TopicAction.java b/api/src/main/java/io/kafbat/ui/model/rbac/permission/TopicAction.java
index 8efbc6fe0..c1b0aeb16 100644
--- a/api/src/main/java/io/kafbat/ui/model/rbac/permission/TopicAction.java
+++ b/api/src/main/java/io/kafbat/ui/model/rbac/permission/TopicAction.java
@@ -13,6 +13,8 @@ public enum TopicAction implements PermissibleAction {
   MESSAGES_READ(VIEW),
   MESSAGES_PRODUCE(VIEW),
   MESSAGES_DELETE(VIEW, EDIT),
+  ANALYSIS_VIEW(VIEW),
+  ANALYSIS_RUN(VIEW, ANALYSIS_VIEW),
 
   ;
 
diff --git a/frontend/src/components/Topics/Topic/Statistics/Metrics.tsx b/frontend/src/components/Topics/Topic/Statistics/Metrics.tsx
index f24d6bf5e..aec1b53bb 100644
--- a/frontend/src/components/Topics/Topic/Statistics/Metrics.tsx
+++ b/frontend/src/components/Topics/Topic/Statistics/Metrics.tsx
@@ -60,7 +60,7 @@ const Metrics: React.FC = () => {
           buttonSize="M"
           permission={{
             resource: ResourceType.TOPIC,
-            action: Action.MESSAGES_READ,
+            action: Action.ANALYSIS_RUN,
             value: params.topicName,
           }}
         >
@@ -110,7 +110,7 @@ const Metrics: React.FC = () => {
           buttonSize="S"
           permission={{
             resource: ResourceType.TOPIC,
-            action: Action.MESSAGES_READ,
+            action: Action.ANALYSIS_RUN,
             value: params.topicName,
           }}
         >
diff --git a/frontend/src/components/Topics/Topic/Statistics/Statistics.tsx b/frontend/src/components/Topics/Topic/Statistics/Statistics.tsx
index fd275028b..2088cd46b 100644
--- a/frontend/src/components/Topics/Topic/Statistics/Statistics.tsx
+++ b/frontend/src/components/Topics/Topic/Statistics/Statistics.tsx
@@ -31,7 +31,7 @@ const Statistics: React.FC = () => {
                 buttonSize="M"
                 permission={{
                   resource: ResourceType.TOPIC,
-                  action: Action.MESSAGES_READ,
+                  action: Action.ANALYSIS_RUN,
                   value: params.topicName,
                 }}
               >
diff --git a/frontend/src/components/Topics/Topic/Topic.tsx b/frontend/src/components/Topics/Topic/Topic.tsx
index b5bcf8d52..a40bcfc12 100644
--- a/frontend/src/components/Topics/Topic/Topic.tsx
+++ b/frontend/src/components/Topics/Topic/Topic.tsx
@@ -194,12 +194,17 @@ const Topic: React.FC = () => {
         >
           Settings
         </NavLink>
-        <NavLink
+        <ActionNavLink
           to={clusterTopicStatisticsRelativePath}
           className={({ isActive }) => (isActive ? 'is-active' : '')}
+          permission={{
+            resource: ResourceType.TOPIC,
+            action: Action.ANALYSIS_VIEW,
+            value: topicName,
+          }}
         >
           Statistics
-        </NavLink>
+        </ActionNavLink>
       </Navbar>
       <Suspense fallback={<PageLoader />}>
         <Routes>