AlexisSouquiere
commented
8 months ago @usb-tech07 if you did the upgrade from 0.24.0 to dev, did you took into account the breaking changes on the roles/permissions configuration ? https://akhq.io/docs/configuration/authentifications/groups.html#roles. Otherwise, please share your application.yml and some logs to investigate.
The objective is to check for each controller endpoint, annotated with the AKHQSecured annotation, if the given resource and action match the user's permissions. I'm not sure about the use case you ran into to get a problem here
Hi, need some help on this line of code which checks if the annotation's actions are part of security role's actions. The java contains method is used which only checks the element is the list. However, annotation's actions is defined as an array. So contains method always failed to filter the groups properly. Looks like the logic here is to find if two sets have common actions. We change the implementation to use Collections.disjoint() method and it can filter groups properly. We are not sure if there is any better solution, please advise it.
https://github.com/tchiotludo/akhq/blob/15e7ee13f41c0908b716e4f682b0a2a766129a23/src/main/java/org/akhq/controllers/AbstractController.java#L163