weaviate · bevzzz · Jan 20, 2025 · Jan 20, 2025 · Jan 20, 2025 · Jan 20, 2025
diff --git a/.gitignore b/.gitignore
@@ -9,3 +9,5 @@
 *.iml
 # Maven
 target/
+# maven-lombok-plugin
+.factorypath
diff --git a/pom.xml b/pom.xml
@@ -237,7 +237,7 @@
         </plugin>
         <plugin>
           <artifactId>maven-compiler-plugin</artifactId>
-          <version>3.8.1</version>
+          <version>3.13.0</version>
         </plugin>
         <plugin>
           <artifactId>maven-surefire-plugin</artifactId>
@@ -273,6 +273,13 @@
               </configuration>
             </execution>
           </executions>
+          <dependencies>
+            <dependency>
+              <groupId>org.projectlombok</groupId>
+              <artifactId>lombok</artifactId>
+              <version>${lombok.version}</version>
+            </dependency>
+          </dependencies>
         </plugin>
         <plugin>
           <groupId>org.apache.maven.plugins</groupId>

diff --git a/src/main/java/io/weaviate/client/WeaviateClient.java b/src/main/java/io/weaviate/client/WeaviateClient.java
@@ -17,6 +17,7 @@
 import io.weaviate.client.v1.graphql.GraphQL;
 import io.weaviate.client.v1.misc.Misc;
 import io.weaviate.client.v1.misc.api.MetaGetter;
+import io.weaviate.client.v1.rbac.Roles;
 import io.weaviate.client.v1.schema.Schema;
 import java.util.Optional;
 
@@ -33,7 +34,8 @@ public WeaviateClient(Config config) {
   }
 
   public WeaviateClient(Config config, AccessTokenProvider tokenProvider) {
-    this(config, new CommonsHttpClientImpl(config.getHeaders(), tokenProvider, HttpApacheClientBuilder.build(config)), tokenProvider);
+    this(config, new CommonsHttpClientImpl(config.getHeaders(), tokenProvider, HttpApacheClientBuilder.build(config)),
+        tokenProvider);
   }
 
   public WeaviateClient(Config config, HttpClient httpClient, AccessTokenProvider tokenProvider) {
@@ -87,10 +89,13 @@ public GraphQL graphQL() {
     return new GraphQL(httpClient, config);
   }
 
+  public Roles roles() {
+    return new Roles(httpClient, config);
+  }
+
   private DbVersionProvider initDbVersionProvider() {
     MetaGetter metaGetter = new Misc(httpClient, config, null).metaGetter();
-    DbVersionProvider.VersionGetter getter = () ->
-      Optional.ofNullable(metaGetter.run())
+    DbVersionProvider.VersionGetter getter = () -> Optional.ofNullable(metaGetter.run())
         .filter(result -> !result.hasErrors())
         .map(result -> result.getResult().getVersion());
 

diff --git a/src/main/java/io/weaviate/client/base/BaseClient.java b/src/main/java/io/weaviate/client/base/BaseClient.java
@@ -45,7 +45,6 @@ private Response<T> sendRequest(String endpoint, Object payload, String method,
       HttpResponse response = this.sendHttpRequest(endpoint, payload, method);
       int statusCode = response.getStatusCode();
       String responseBody = response.getBody();
-
       if (statusCode < 399) {
         T body = toResponse(responseBody, classOfT);
         return new Response<>(statusCode, body, null);

diff --git a/src/main/java/io/weaviate/client/v1/backup/api/BackupCanceler.java b/src/main/java/io/weaviate/client/v1/backup/api/BackupCanceler.java
@@ -15,7 +15,8 @@
  * BackupCanceler can cancel an in-progress backup by ID.
  *
  * <p>
- * Canceling backups which have successfully completed before being interrupted is not supported and will result in an error.
+ * Canceling backups which have successfully completed before being interrupted
+ * is not supported and will result in an error.
  */
 public class BackupCanceler extends BaseClient<Void> implements ClientResult<Void> {
   private String backend;
@@ -70,4 +71,3 @@ private String path() {
     return path;
   }
 }
-
diff --git a/src/main/java/io/weaviate/client/v1/rbac/Roles.java b/src/main/java/io/weaviate/client/v1/rbac/Roles.java
@@ -0,0 +1,93 @@
+package io.weaviate.client.v1.rbac;
+
+import io.weaviate.client.Config;
+import io.weaviate.client.base.http.HttpClient;
+import io.weaviate.client.v1.rbac.api.AssignedUsersGetter;
+import io.weaviate.client.v1.rbac.api.PermissionAdder;
+import io.weaviate.client.v1.rbac.api.PermissionChecker;
+import io.weaviate.client.v1.rbac.api.PermissionRemover;
+import io.weaviate.client.v1.rbac.api.RoleAllGetter;
+import io.weaviate.client.v1.rbac.api.RoleAssigner;
+import io.weaviate.client.v1.rbac.api.RoleCreator;
+import io.weaviate.client.v1.rbac.api.RoleDeleter;
+import io.weaviate.client.v1.rbac.api.RoleExists;
+import io.weaviate.client.v1.rbac.api.RoleGetter;
+import io.weaviate.client.v1.rbac.api.RoleRevoker;
+import io.weaviate.client.v1.rbac.api.UserRolesGetter;
+import lombok.RequiredArgsConstructor;
+
+@RequiredArgsConstructor
+public class Roles {
+
+  private final HttpClient httpClient;
+  private final Config config;
+
+  /** Create a new role. */
+  public RoleCreator creator() {
+    return new RoleCreator(httpClient, config);
+  }
+
+  /** Delete a role. */
+  public RoleDeleter deleter() {
+    return new RoleDeleter(httpClient, config);
+  }
+
+  /**
+   * Add permissions to an existing role.
+   * Note: This method is an upsert operation. If the permission already exists,
+   * it will be updated. If it does not exist, it will be created.
+   */
+  public PermissionAdder permissionAdder() {
+    return new PermissionAdder(httpClient, config);
+  }
+
+  /**
+   * Remove permissions from a role.
+   * Note: This method is a downsert operation. If the permission does not
+   * exist, it will be ignored. If these permissions are the only permissions of
+   * the role, the role will be deleted.
+   */
+  public PermissionRemover permissionRemover() {
+    return new PermissionRemover(httpClient, config);
+  }
+
+  /** Check if a role has a permission. */
+  public PermissionChecker permissionChecker() {
+    return new PermissionChecker(httpClient, config);
+  }
+
+  /** Get all existing roles. */
+  public RoleAllGetter allGetter() {
+    return new RoleAllGetter(httpClient, config);
+  };
+
+  /** Get role and its associated permissions. */
+  public RoleGetter getter() {
+    return new RoleGetter(httpClient, config);
+  };
+
+  /** Get roles assigned to a user. */
+  public UserRolesGetter userRolesGetter() {
+    return new UserRolesGetter(httpClient, config);
+  };
+
+  /** Get users assigned to a role. */
+  public AssignedUsersGetter assignedUsersGetter() {
+    return new AssignedUsersGetter(httpClient, config);
+  };
+
+  /** Check if a role exists. */
+  public RoleExists exists() {
+    return new RoleExists(httpClient, config);
+  }
+
+  /** Assign a role to a user. Note that 'root' cannot be assigned. */
+  public RoleAssigner assigner() {
+    return new RoleAssigner(httpClient, config);
+  }
+
+  /** Revoke a role from a user. Note that 'root' cannot be revoked. */
+  public RoleRevoker revoker() {
+    return new RoleRevoker(httpClient, config);
+  }
+}
diff --git a/src/main/java/io/weaviate/client/v1/rbac/api/AssignedUsersGetter.java b/src/main/java/io/weaviate/client/v1/rbac/api/AssignedUsersGetter.java
@@ -0,0 +1,39 @@
+package io.weaviate.client.v1.rbac.api;
+
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+import java.util.Optional;
+
+import io.weaviate.client.Config;
+import io.weaviate.client.base.BaseClient;
+import io.weaviate.client.base.ClientResult;
+import io.weaviate.client.base.Response;
+import io.weaviate.client.base.Result;
+import io.weaviate.client.base.http.HttpClient;
+
+public class AssignedUsersGetter extends BaseClient<String[]> implements ClientResult<List<String>> {
+  private String role;
+
+  public AssignedUsersGetter(HttpClient httpClient, Config config) {
+    super(httpClient, config);
+  }
+
+  public AssignedUsersGetter withRole(String role) {
+    this.role = role;
+    return this;
+  }
+
+  @Override
+  public Result<List<String>> run() {
+    Response<String[]> resp = sendGetRequest(path(), String[].class);
+    List<String> roles = Optional.ofNullable(resp.getBody())
+        .map(Arrays::asList)
+        .orElse(new ArrayList<>());
+    return new Result<>(resp.getStatusCode(), roles, resp.getErrors());
+  }
+
+  private String path() {
+    return String.format("/authz/roles/%s/users", this.role);
+  }
+}
diff --git a/src/main/java/io/weaviate/client/v1/rbac/api/PermissionAdder.java b/src/main/java/io/weaviate/client/v1/rbac/api/PermissionAdder.java
@@ -0,0 +1,47 @@
+package io.weaviate.client.v1.rbac.api;
+
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+
+import io.weaviate.client.Config;
+import io.weaviate.client.base.BaseClient;
+import io.weaviate.client.base.ClientResult;
+import io.weaviate.client.base.Result;
+import io.weaviate.client.base.http.HttpClient;
+import io.weaviate.client.v1.rbac.model.Permission;
+import lombok.AllArgsConstructor;
+
+public class PermissionAdder extends BaseClient<Void> implements ClientResult<Void> {
+  private String role;
+  private List<Permission<?>> permissions = new ArrayList<>();
+
+  public PermissionAdder(HttpClient httpClient, Config config) {
+    super(httpClient, config);
+  }
+
+  public PermissionAdder withRole(String name) {
+    this.role = name;
+    return this;
+  }
+
+  public PermissionAdder withPermissions(Permission<?>... permissions) {
+    this.permissions = Arrays.asList(permissions);
+    return this;
+  }
+
+  @AllArgsConstructor
+  private static class Body {
+    public final List<?> permissions;
+  }
+
+  @Override
+  public Result<Void> run() {
+    List<WeaviatePermission> permissions = WeaviatePermission.mergePermissions(this.permissions);
+    return new Result<Void>(sendPostRequest(path(), new Body(permissions), Void.class));
+  }
+
+  private String path() {
+    return String.format("/authz/roles/%s/add-permissions", this.role);
+  }
+}
diff --git a/src/main/java/io/weaviate/client/v1/rbac/api/PermissionChecker.java b/src/main/java/io/weaviate/client/v1/rbac/api/PermissionChecker.java
@@ -0,0 +1,36 @@
+package io.weaviate.client.v1.rbac.api;
+
+import io.weaviate.client.Config;
+import io.weaviate.client.base.BaseClient;
+import io.weaviate.client.base.ClientResult;
+import io.weaviate.client.base.Result;
+import io.weaviate.client.base.http.HttpClient;
+import io.weaviate.client.v1.rbac.model.Permission;
+
+public class PermissionChecker extends BaseClient<Boolean> implements ClientResult<Boolean> {
+  private String role;
+  private Permission<?> permission;
+
+  public PermissionChecker(HttpClient httpClient, Config config) {
+    super(httpClient, config);
+  }
+
+  public PermissionChecker withRole(String role) {
+    this.role = role;
+    return this;
+  }
+
+  public PermissionChecker withPermission(Permission<?> permission) {
+    this.permission = permission;
+    return this;
+  }
+
+  @Override
+  public Result<Boolean> run() {
+    return new Result<Boolean>(sendPostRequest(path(), permission.toWeaviate(), Boolean.class));
+  }
+
+  private String path() {
+    return String.format("/authz/roles/%s/has-permission", this.role);
+  }
+}
diff --git a/src/main/java/io/weaviate/client/v1/rbac/api/PermissionRemover.java b/src/main/java/io/weaviate/client/v1/rbac/api/PermissionRemover.java
@@ -0,0 +1,47 @@
+package io.weaviate.client.v1.rbac.api;
+
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+
+import io.weaviate.client.Config;
+import io.weaviate.client.base.BaseClient;
+import io.weaviate.client.base.ClientResult;
+import io.weaviate.client.base.Result;
+import io.weaviate.client.base.http.HttpClient;
+import io.weaviate.client.v1.rbac.model.Permission;
+import lombok.AllArgsConstructor;
+
+public class PermissionRemover extends BaseClient<Void> implements ClientResult<Void> {
+  private String role;
+  private List<Permission<?>> permissions = new ArrayList<>();
+
+  public PermissionRemover(HttpClient httpClient, Config config) {
+    super(httpClient, config);
+  }
+
+  public PermissionRemover withRole(String role) {
+    this.role = role;
+    return this;
+  }
+
+  public PermissionRemover withPermissions(Permission<?>... permissions) {
+    this.permissions = Arrays.asList(permissions);
+    return this;
+  }
+
+  @AllArgsConstructor
+  private static class Body {
+    public final List<?> permissions;
+  }
+
+  @Override
+  public Result<Void> run() {
+    List<WeaviatePermission> permissions = WeaviatePermission.mergePermissions(this.permissions);
+    return new Result<Void>(sendPostRequest(path(), new Body(permissions), Void.class));
+  }
+
+  private String path() {
+    return String.format("/authz/roles/%s/remove-permissions", this.role);
+  }
+}
diff --git a/src/main/java/io/weaviate/client/v1/rbac/api/RoleAllGetter.java b/src/main/java/io/weaviate/client/v1/rbac/api/RoleAllGetter.java
@@ -0,0 +1,33 @@
+package io.weaviate.client.v1.rbac.api;
+
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+import java.util.Optional;
+
+import io.weaviate.client.Config;
+import io.weaviate.client.base.BaseClient;
+import io.weaviate.client.base.ClientResult;
+import io.weaviate.client.base.Response;
+import io.weaviate.client.base.Result;
+import io.weaviate.client.base.http.HttpClient;
+import io.weaviate.client.v1.rbac.model.Role;
+
+public class RoleAllGetter extends BaseClient<WeaviateRole[]> implements ClientResult<List<Role>> {
+
+  public RoleAllGetter(HttpClient httpClient, Config config) {
+    super(httpClient, config);
+  }
+
+  @Override
+  public Result<List<Role>> run() {
+    Response<WeaviateRole[]> resp = sendGetRequest("/authz/roles", WeaviateRole[].class);
+    List<Role> roles = Optional.ofNullable(resp.getBody())
+        .map(Arrays::asList)
+        .orElse(new ArrayList<>())
+        .stream()
+        .map(w -> w.toRole())
+        .toList();
+    return new Result<>(resp.getStatusCode(), roles, resp.getErrors());
+  }
+}
-Original file line number
+Diff line change
@@ Expand Up / @@ -9,3 +9,5 @@ @@
     *.iml
     # Maven
     target/
+    # maven-lombok-plugin
+    .factorypath