feat(admin): list a user's roles and groups (0.4.2)#59
Merged
Conversation
Adds GET /admin/api/v1/users/{id}/roles and /users/{id}/groups (returning
[{value}] id arrays, backed by UserRoleService.findRoleIdsForUser /
GroupMembershipService.findGroupsForUser) so the admin console can manage a
user's access from the user side. Assign/revoke already exist on the role and
group resources.
Test: AdminRbacEnforcementTests hits both new endpoints (200 + JSON array).
Full suite green: 55 tests, 0 failures/0 errors. Docs/CHANGELOG + install
coordinates bumped to 0.4.2.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
The admin API could assign/revoke a user's roles (on the role resource) and group membership (on the group resource), but there was no way to read what a user already has — so the admin console couldn't manage a user's access from the user side. Adds:
GET /admin/api/v1/users/{id}/roles→[{ "value": "<roleId>" }]GET /admin/api/v1/users/{id}/groups→[{ "value": "<groupId>" }]Backed by existing
UserRoleService.findRoleIdsForUser/GroupMembershipService.findGroupsForUser(thin delegations, injected intoUserAdminController). Assign/revoke continue to live on/roles/{roleId}/users/{userId}and/groups/{groupId}/members/{userId}.Verification
AdminRbacEnforcementTestscalls both new endpoints as the seeded admin (200 + JSON array). Full suite green: 55 tests, 0 failures / 0 errors (./gradlew build, Testcontainers). Docs/CHANGELOG + install coordinates → 0.4.2.Pairs with admin-ui (Users page gains role/group management dialogs). After release, a consumer (e.g. bookrecord) bumps to 0.4.2 to expose the endpoints.
요약 (한국어)
사용자에게 역할/그룹을 부여·회수하는 API는 있었지만 그 사용자가 이미 무엇을 가졌는지 읽을 방법이 없어서, admin 콘솔이 사용자 화면에서 접근권한을 관리할 수 없었습니다. 추가:
GET /users/{id}/roles,GET /users/{id}/groups([{value}]배열)기존
findRoleIdsForUser/findGroupsForUser위임. 부여/회수는 기존 역할·그룹 리소스에 존재.검증:
AdminRbacEnforcementTests가 두 엔드포인트 호출(200+배열). 전체 그린 55 tests, 0/0. 문서/CHANGELOG + 좌표 0.4.2.