BE: RBAC: LDAP: Implement user subject type for LDAP & AD. Fixes #730

Author: Haarolean

api/src/main/java/io/kafbat/ui/service/rbac/extractor/RbacActiveDirectoryAuthoritiesExtractor.java

@@ -36,8 +36,11 @@ public Collection<? extends GrantedAuthority> getGrantedAuthorities(DirContextOp
         .filter(r -> r.getSubjects()
             .stream()
             .filter(subject -> subject.getProvider().equals(Provider.LDAP_AD))
-            .filter(subject -> subject.getType().equals("group"))
-            .anyMatch(subject -> adGroups.contains(subject.getValue()))
+            .anyMatch(subject -> switch (subject.getType()) {
+              case "user" -> username.equalsIgnoreCase(subject.getValue());
+              case "group" ->  adGroups.contains(subject.getValue());
+              default -> false;
+            })
         )
         .map(Role::getName)
         .peek(role -> log.trace("Mapped role [{}] for user [{}]", role, username))

api/src/main/java/io/kafbat/ui/service/rbac/extractor/RbacLdapAuthoritiesExtractor.java

@@ -38,8 +38,11 @@ protected Set<GrantedAuthority> getAdditionalRoles(DirContextOperations user, St
         .filter(r -> r.getSubjects()
             .stream()
             .filter(subject -> subject.getProvider().equals(Provider.LDAP))
-            .filter(subject -> subject.getType().equals("group"))
-            .anyMatch(subject -> ldapGroups.contains(subject.getValue()))
+            .anyMatch(subject -> switch (subject.getType()) {
+              case "user" -> username.equalsIgnoreCase(subject.getValue());
+              case "group" -> ldapGroups.contains(subject.getValue());
+              default -> false;
+            })
         )
         .map(Role::getName)
         .peek(role -> log.trace("Mapped role [{}] for user [{}]", role, username))