Merge remote-tracking branch 'upstream/main'

Author: ruibaby

application/src/main/java/run/halo/app/content/comment/CommentServiceImpl.java

@@ -5,6 +5,7 @@
 import static run.halo.app.extension.index.query.QueryFactory.isNull;
 
 import java.time.Instant;
+import java.util.Set;
 import java.util.function.Function;
 import org.apache.commons.lang3.BooleanUtils;
 import org.springframework.data.domain.Sort;
@@ -16,6 +17,7 @@
 import reactor.core.publisher.Mono;
 import run.halo.app.core.extension.User;
 import run.halo.app.core.extension.content.Comment;
+import run.halo.app.core.extension.service.RoleService;
 import run.halo.app.core.extension.service.UserService;
 import run.halo.app.extension.Extension;
 import run.halo.app.extension.ListOptions;
@@ -30,6 +32,7 @@
 import run.halo.app.metrics.CounterService;
 import run.halo.app.metrics.MeterUtils;
 import run.halo.app.plugin.ExtensionComponentsFinder;
+import run.halo.app.security.authorization.AuthorityUtils;
 
 /**
  * Comment service implementation.
@@ -42,6 +45,7 @@ public class CommentServiceImpl implements CommentService {
 
     private final ReactiveExtensionClient client;
     private final UserService userService;
+    private final RoleService roleService;
     private final ExtensionComponentsFinder extensionComponentsFinder;
 
     private final SystemConfigurableEnvironmentFetcher environmentFetcher;
@@ -50,12 +54,14 @@ public class CommentServiceImpl implements CommentService {
     public CommentServiceImpl(ReactiveExtensionClient client,
         UserService userService, ExtensionComponentsFinder extensionComponentsFinder,
         SystemConfigurableEnvironmentFetcher environmentFetcher,
-        CounterService counterService) {
+        CounterService counterService, RoleService roleService
+    ) {
         this.client = client;
         this.userService = userService;
         this.extensionComponentsFinder = extensionComponentsFinder;
         this.environmentFetcher = environmentFetcher;
         this.counterService = counterService;
+        this.roleService = roleService;
     }
 
     @Override
@@ -113,7 +119,21 @@ public Mono<Comment> create(Comment comment) {
                 }
                 // populate owner from current user
                 return fetchCurrentUser()
-                    .map(this::toCommentOwner)
+                    .flatMap(currentUser -> ReactiveSecurityContextHolder.getContext()
+                        .flatMap(securityContext -> {
+                            var authentication = securityContext.getAuthentication();
+                            var roles = AuthorityUtils.authoritiesToRoles(
+                                authentication.getAuthorities());
+                            return roleService.contains(roles,
+                                    Set.of(AuthorityUtils.COMMENT_MANAGEMENT_ROLE_NAME))
+                                .doOnNext(result -> {
+                                    if (result) {
+                                        comment.getSpec().setApproved(true);
+                                        comment.getSpec().setApprovedTime(Instant.now());
+                                    }
+                                })
+                                .thenReturn(toCommentOwner(currentUser));
+                        }))
                     .map(owner -> {
                         comment.getSpec().setOwner(owner);
                         return comment;

application/src/main/java/run/halo/app/content/comment/ReplyServiceImpl.java

@@ -6,6 +6,7 @@
 import static run.halo.app.extension.router.selector.SelectorUtil.labelAndFieldSelectorToPredicate;
 
 import java.time.Instant;
+import java.util.Set;
 import java.util.function.Function;
 import java.util.function.Predicate;
 import lombok.RequiredArgsConstructor;
@@ -19,6 +20,7 @@
 import run.halo.app.core.extension.User;
 import run.halo.app.core.extension.content.Comment;
 import run.halo.app.core.extension.content.Reply;
+import run.halo.app.core.extension.service.RoleService;
 import run.halo.app.core.extension.service.UserService;
 import run.halo.app.extension.Extension;
 import run.halo.app.extension.ListOptions;
@@ -29,6 +31,7 @@
 import run.halo.app.extension.router.selector.FieldSelector;
 import run.halo.app.metrics.CounterService;
 import run.halo.app.metrics.MeterUtils;
+import run.halo.app.security.authorization.AuthorityUtils;
 
 /**
  * A default implementation of {@link ReplyService}.
@@ -42,6 +45,7 @@ public class ReplyServiceImpl implements ReplyService {
 
     private final ReactiveExtensionClient client;
     private final UserService userService;
+    private final RoleService roleService;
     private final CounterService counterService;
 
     @Override
@@ -75,10 +79,24 @@ public Mono<Reply> create(String commentName, Reply reply) {
                 }
                 // populate owner from current user
                 return fetchCurrentUser()
-                    .map(user -> {
-                        replyToUse.getSpec().setOwner(toCommentOwner(user));
-                        return replyToUse;
-                    })
+                    .flatMap(user ->
+                        ReactiveSecurityContextHolder.getContext()
+                            .flatMap(securityContext -> {
+                                var authentication = securityContext.getAuthentication();
+                                var roles = AuthorityUtils.authoritiesToRoles(
+                                    authentication.getAuthorities());
+                                return roleService.contains(roles,
+                                        Set.of(AuthorityUtils.COMMENT_MANAGEMENT_ROLE_NAME))
+                                    .doOnNext(result -> {
+                                        if (result) {
+                                            reply.getSpec().setApproved(true);
+                                            reply.getSpec().setApprovedTime(Instant.now());
+                                        }
+                                        replyToUse.getSpec().setOwner(toCommentOwner(user));
+                                    })
+                                    .thenReturn(replyToUse);
+                            })
+                    )
                     .switchIfEmpty(
                         Mono.error(new IllegalArgumentException("Reply owner must not be null.")));
             })

application/src/main/java/run/halo/app/security/authorization/AuthorityUtils.java

@@ -24,6 +24,8 @@ public enum AuthorityUtils {
 
     public static final String ANONYMOUS_ROLE_NAME = "anonymous";
 
+    public static final String COMMENT_MANAGEMENT_ROLE_NAME = "role-template-manage-comments";
+
     /**
      * Converts an array of GrantedAuthority objects to a role set.
      *

application/src/test/java/run/halo/app/content/comment/CommentServiceImplTest.java

@@ -10,6 +10,7 @@
 
 import java.util.List;
 import java.util.Map;
+import java.util.Set;
 import org.json.JSONException;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
@@ -33,6 +34,7 @@
 import run.halo.app.core.extension.User;
 import run.halo.app.core.extension.content.Comment;
 import run.halo.app.core.extension.content.Post;
+import run.halo.app.core.extension.service.RoleService;
 import run.halo.app.core.extension.service.UserService;
 import run.halo.app.extension.ListOptions;
 import run.halo.app.extension.ListResult;
@@ -46,6 +48,7 @@
 import run.halo.app.metrics.CounterService;
 import run.halo.app.metrics.MeterUtils;
 import run.halo.app.plugin.ExtensionComponentsFinder;
+import run.halo.app.security.authorization.AuthorityUtils;
 
 /**
  * Tests for {@link CommentServiceImpl}.
@@ -65,6 +68,9 @@ class CommentServiceImplTest {
     @Mock
     private UserService userService;
 
+    @Mock
+    private RoleService roleService;
+
     @Mock
     private ExtensionComponentsFinder extensionComponentsFinder;
 
@@ -90,6 +96,10 @@ void setUp() {
         when(client.fetch(eq(User.class), eq("C-owner")))
             .thenReturn(Mono.empty());
 
+        when(roleService.contains(Set.of("USER"),
+            Set.of(AuthorityUtils.COMMENT_MANAGEMENT_ROLE_NAME)))
+            .thenReturn(Mono.just(false));
+
         PostCommentSubject postCommentSubject = Mockito.mock(PostCommentSubject.class);
         when(extensionComponentsFinder.getExtensions(eq(CommentSubject.class)))
             .thenReturn(List.of(postCommentSubject));

build.gradle

@@ -1,9 +1,9 @@
 plugins {
-    id 'org.springframework.boot' version '3.2.3' apply false
-    id 'io.spring.dependency-management' version '1.1.0' apply false
-    id "com.gorylenko.gradle-git-properties" version "2.3.2" apply false
-    id "de.undercouch.download" version "5.3.1" apply false
-    id "io.freefair.lombok" version "8.4" apply false
+    id 'org.springframework.boot' version '3.2.4' apply false
+    id 'io.spring.dependency-management' version '1.1.4' apply false
+    id "com.gorylenko.gradle-git-properties" version "2.4.1" apply false
+    id "de.undercouch.download" version "5.6.0" apply false
+    id "io.freefair.lombok" version "8.6" apply false
     id 'org.gradle.crypto.checksum' version '1.4.0' apply false
-    id "com.github.node-gradle.node" version "7.0.1" apply false
+    id "com.github.node-gradle.node" version "7.0.2" apply false
 }

platform/application/build.gradle

@@ -18,7 +18,7 @@ ext {
     guava = "32.0.1-jre"
     jsoup = '1.15.3'
     jsonPatch = "1.13"
-    springDocOpenAPI = "2.3.0"
+    springDocOpenAPI = "2.4.0"
     lucene = "9.9.1"
     resilience4jVersion = "2.2.0"
     twoFactorAuth = "1.3"

ui/packages/editor/src/components/Editor.vue

@@ -37,7 +37,7 @@ watch(
     <editor-bubble-menu :editor="editor" />
     <editor-header :editor="editor" />
     <div class="h-full flex flex-row w-full overflow-hidden">
-      <div class="overflow-y-auto flex-1 bg-white">
+      <div class="overflow-y-auto flex-1 bg-white relative">
         <div v-if="$slots.content" class="editor-header-extra">
           <slot name="content" />
         </div>