[INLONG-12094][Manager] Fix the problem of ordinary users can create new packages (#12095)

Co-authored-by: wakefu <wakefu@tencent.com>

Author: fuweng11

inlong-manager/manager-web/src/main/java/org/apache/inlong/manager/web/controller/ModuleController.java

@@ -30,6 +30,7 @@
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiImplicitParam;
 import io.swagger.annotations.ApiOperation;
+import org.apache.shiro.authz.annotation.RequiresRoles;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.PathVariable;
@@ -38,6 +39,8 @@
 import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.bind.annotation.RestController;
 
+import static org.apache.inlong.manager.pojo.user.UserRoleCode.INLONG_ADMIN;
+
 /**
  * Inlong module control layer
  */
@@ -51,13 +54,15 @@ public class ModuleController {
 
     @RequestMapping(value = "/module/save", method = RequestMethod.POST)
     @ApiOperation(value = "Save inlong module")
+    @RequiresRoles(INLONG_ADMIN)
     public Response<Integer> save(@Validated(SaveValidation.class) @RequestBody ModuleRequest request) {
         String operator = LoginUserUtils.getLoginUser().getName();
         return Response.success(moduleService.save(request, operator));
     }
 
     @RequestMapping(value = "/module/update", method = RequestMethod.POST)
     @ApiOperation(value = "Update inlong module")
+    @RequiresRoles(INLONG_ADMIN)
     public Response<Boolean> update(@Validated(UpdateValidation.class) @RequestBody ModuleRequest request) {
         return Response.success(moduleService.update(request, LoginUserUtils.getLoginUser().getName()));
     }
@@ -77,6 +82,7 @@ public Response<PageResult<ModuleResponse>> listByCondition(@RequestBody ModuleP
 
     @RequestMapping(value = "/module/delete/{id}", method = RequestMethod.DELETE)
     @ApiOperation(value = "Delete module config")
+    @RequiresRoles(INLONG_ADMIN)
     public Response<Boolean> delete(@PathVariable Integer id) {
         return Response.success(moduleService.delete(id, LoginUserUtils.getLoginUser().getName()));
     }

inlong-manager/manager-web/src/main/java/org/apache/inlong/manager/web/controller/PackageController.java

@@ -30,6 +30,7 @@
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiImplicitParam;
 import io.swagger.annotations.ApiOperation;
+import org.apache.shiro.authz.annotation.RequiresRoles;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.PathVariable;
@@ -38,6 +39,8 @@
 import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.bind.annotation.RestController;
 
+import static org.apache.inlong.manager.pojo.user.UserRoleCode.INLONG_ADMIN;
+
 /**
  * Inlong package control layer
  */
@@ -51,13 +54,15 @@ public class PackageController {
 
     @RequestMapping(value = "/package/save", method = RequestMethod.POST)
     @ApiOperation(value = "Save inlong package")
+    @RequiresRoles(INLONG_ADMIN)
     public Response<Integer> save(@Validated(SaveValidation.class) @RequestBody PackageRequest request) {
         String operator = LoginUserUtils.getLoginUser().getName();
         return Response.success(packageService.save(request, operator));
     }
 
     @RequestMapping(value = "/package/update", method = RequestMethod.POST)
     @ApiOperation(value = "Update inlong package")
+    @RequiresRoles(INLONG_ADMIN)
     public Response<Boolean> update(@Validated(UpdateValidation.class) @RequestBody PackageRequest request) {
         return Response.success(packageService.update(request, LoginUserUtils.getLoginUser().getName()));
     }
@@ -77,6 +82,7 @@ public Response<PageResult<PackageResponse>> listByCondition(@RequestBody Packag
 
     @RequestMapping(value = "/package/delete/{id}", method = RequestMethod.DELETE)
     @ApiOperation(value = "Delete package config")
+    @RequiresRoles(INLONG_ADMIN)
     public Response<Boolean> delete(@PathVariable Integer id) {
         return Response.success(packageService.delete(id, LoginUserUtils.getLoginUser().getName()));
     }