floraachy
/
console
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: (rbac) login set role map

This commit is contained in:
xushuhui 2022-04-25 10:24:05 +08:00
parent e8b57f369a
commit 2593d453e9
2 changed files with 33 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
internal/biz/account.go
View File

@ -83,21 +83,7 @@ func authenticateAdmin(username string, password string) (user Account, err erro
return user, nil return user, nil
} }
func authorize(user Account) (m map[string]interface{}, err error) { func authorize(user Account) (m map[string]interface{}, err error) {
token := jwt.NewWithClaims(jwt.SigningMethodHS256, UserClaims{
User: &User{
Username: user.Username,
UserId: user.ID,
Roles: []string{"admin"},
},
RegisteredClaims: &jwt.RegisteredClaims{
ExpiresAt: jwt.NewNumericDate(time.Now().Add(24 * time.Hour)),
},
})
tokenString, err := token.SignedString([]byte(Secret))
if err != nil {
return
}
var roles, privilege []string var roles, privilege []string
if user.Username == "admin" { if user.Username == "admin" {
roles = append(roles, "admin") roles = append(roles, "admin")
@ -109,9 +95,29 @@ func authorize(user Account) (m map[string]interface{}, err error) {
r, _ := GetRole(v.Id) r, _ := GetRole(v.Id)
privilege = append(privilege, r.Platform...) privilege = append(privilege, r.Platform...)
RolePermission[v.Name] = enum.Role{
Platform: r.Platform,
Cluster: r.Cluster,
ClusterPrivilege: r.ClusterPrivilege,
Index: r.Index,
} }
} }
}
token := jwt.NewWithClaims(jwt.SigningMethodHS256, UserClaims{
User: &User{
Username: user.Username,
UserId: user.ID,
Roles: roles,
},
RegisteredClaims: &jwt.RegisteredClaims{
ExpiresAt: jwt.NewNumericDate(time.Now().Add(24 * time.Hour)),
},
})
tokenString, err := token.SignedString([]byte(Secret))
if err != nil {
return
}
m = util.MapStr{ m = util.MapStr{
"access_token": tokenString, "access_token": tokenString,
"username": user.Username, "username": user.Username,
@ -215,27 +221,33 @@ func ValidateLogin(authorizationHeader string) (clams *UserClaims, err error) {
} }
func ValidatePermission(claims *UserClaims, permissions []string) (err error) { func ValidatePermission(claims *UserClaims, permissions []string) (err error) {
reqUser := claims.User user := claims.User
if reqUser.UserId == "" { if user.UserId == "" {
err = errors.New("user id is empty") err = errors.New("user id is empty")
return return
} }
if reqUser.Roles == nil { if user.Roles == nil {
err = errors.New("api permission is empty") err = errors.New("api permission is empty")
return return
} }
return nil
// 权限校验 // 权限校验
userPermissionMap := make(map[string]struct{}) userPermissionMap := make(map[string]struct{})
for _, role := range reqUser.Roles { for _, role := range user.Roles {
if _, ok := RolePermission[role]; ok { if _, ok := RolePermission[role]; ok {
for _, v := range RolePermission[role].Platform { for _, v := range RolePermission[role].Platform {
userPermissionMap[v] = struct{}{} userPermissionMap[v] = struct{}{}
//all include read
if strings.Contains(v, "all") {
key := v[:len(v)-3] + "read"
userPermissionMap[key] = struct{}{}
} }
} }
} }
//all=>read }
var count int var count int
for _, v := range permissions { for _, v := range permissions {
if _, ok := userPermissionMap[v]; ok { if _, ok := userPermissionMap[v]; ok {

1
plugin/api/rbac/api.go
View File

@ -73,6 +73,7 @@ func init() {
loadRolePermission() loadRolePermission()
} }
func existInternalUser() { func existInternalUser() {
//user, err := biz.GetUser("admin") //user, err := biz.GetUser("admin")
//if errors.Is(err, elastic.ErrNotFound) { //if errors.Is(err, elastic.ErrNotFound) {