fix: (rbac) user profile
This commit is contained in:
xushuhui
parent
a1efff50f2
commit
3bb04e4ab1
|
|
@ -22,10 +22,9 @@ type UserClaims struct {
|
|||
*User
|
||||
}
|
||||
type User struct {
|
||||
Username string `json:"username"`
|
||||
UserId string `json:"user_id"`
|
||||
Roles []string `json:"roles"`
|
||||
Privilege []string `json:"privilege"`
|
||||
Username string `json:"username"`
|
||||
UserId string `json:"user_id"`
|
||||
Roles []string `json:"roles"`
|
||||
}
|
||||
type Account struct {
|
||||
ID string `json:"id,omitempty" `
|
||||
|
|
@ -227,6 +226,7 @@ func ValidatePermission(claims *UserClaims, permissions []string) (err error) {
|
|||
}
|
||||
}
|
||||
}
|
||||
|
||||
var count int
|
||||
for _, v := range permissions {
|
||||
if _, ok := userPermissionMap[v]; ok {
|
||||
|
|
|
|||
|
|
@ -21,3 +21,39 @@ func FromUserContext(ctx context.Context) (*User, error) {
|
|||
}
|
||||
return reqUser.User, nil
|
||||
}
|
||||
|
||||
//type EsRole struct {
|
||||
// Cluster []string `json:"cluster,omitempty"`
|
||||
// Index []string `json:"index,omitempty"`
|
||||
//}
|
||||
|
||||
func NewEsContext(ctx context.Context, role EsRole) {
|
||||
//get user es role
|
||||
|
||||
}
|
||||
func ValidateEsPermission(req, userRole EsRole) (err error) {
|
||||
userClusterMap := make(map[string]struct{})
|
||||
userIndexMap := make(map[string]struct{})
|
||||
for _, v := range userRole.Cluster {
|
||||
userClusterMap[v.Id] = struct{}{}
|
||||
}
|
||||
for _, val := range userRole.Index {
|
||||
for _, v := range val.Name {
|
||||
userIndexMap[v] = struct{}{}
|
||||
}
|
||||
|
||||
}
|
||||
//for _, v := range req.Cluster {
|
||||
// if _, ok := userClusterMap[v]; !ok {
|
||||
// err = errors.New("no cluster permission")
|
||||
// return
|
||||
// }
|
||||
//}
|
||||
//for _, v := range req.Index {
|
||||
// if _, ok := userClusterMap[v]; !ok {
|
||||
// err = errors.New("no index permission")
|
||||
// return
|
||||
// }
|
||||
//}
|
||||
return
|
||||
}
|
||||
|
|
|
|||
|
|
@ -16,7 +16,6 @@ var InstanceAll = []string{"instance::read", "instance::write"}
|
|||
|
||||
var Admin []string
|
||||
var BuildRoles = make(map[string]map[string]interface{}, 0)
|
||||
var Permission = make(map[string][]string)
|
||||
|
||||
func init() {
|
||||
Admin = append(Admin, UserAll...)
|
||||
|
|
|
|||
|
|
@ -4,7 +4,19 @@ var ClusterApis = make(map[string][]string)
|
|||
var IndexApis = make([]string, 0)
|
||||
|
||||
var RolePermission = make(map[string][]string)
|
||||
var EsRolePermission = make(map[string]EsRole)
|
||||
|
||||
type EsRole struct {
|
||||
Cluster []struct {
|
||||
Id string `json:"id"`
|
||||
Name string `json:"name"`
|
||||
} `json:"cluster,omitempty"`
|
||||
ClusterPrivilege []map[string][]string `json:"cluster_privilege,omitempty"`
|
||||
Index []struct {
|
||||
Name []string `json:"name"`
|
||||
Privilege []string `json:"privilege"`
|
||||
} `json:"index,omitempty"`
|
||||
}
|
||||
type ConsolePermisson struct {
|
||||
Platform []Platform `json:"platform"`
|
||||
}
|
||||
|
|
|
|||
|
|
@ -135,7 +135,7 @@ func (role ElasticsearchRole) Create(localUser *User) (id string, err error) {
|
|||
return
|
||||
}
|
||||
|
||||
newRole := rbac.ElasticRole{
|
||||
newRole := rbac.Role{
|
||||
Name: role.Name,
|
||||
Description: role.Description,
|
||||
RoleType: role.RoleType,
|
||||
|
|
|
|||
|
|
@ -19,7 +19,19 @@ func LoginRequired(h httprouter.Handle) httprouter.Handle {
|
|||
h(w, r, ps)
|
||||
}
|
||||
}
|
||||
func EsPermissionReqired(h httprouter.Handle) httprouter.Handle {
|
||||
|
||||
return func(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
|
||||
|
||||
claims, err := biz.ValidateLogin(r.Header.Get("Authorization"))
|
||||
if err != nil {
|
||||
w = handleError(w, http.StatusUnauthorized, err)
|
||||
return
|
||||
}
|
||||
r = r.WithContext(biz.NewUserContext(r.Context(), claims))
|
||||
h(w, r, ps)
|
||||
}
|
||||
}
|
||||
func PermissionRequired(h httprouter.Handle, permissions ...string) httprouter.Handle {
|
||||
return func(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
|
||||
claims, err := biz.ValidateLogin(r.Header.Get("Authorization"))
|
||||
|
|
|
|||
|
|
@ -12,6 +12,15 @@ type Role struct {
|
|||
Platform []string `json:"platform,omitempty" `
|
||||
BuiltIn bool `json:"builtin" elastic_mapping:"builtin:{type:boolean}"` //是否内置
|
||||
|
||||
Cluster []struct {
|
||||
Id string `json:"id"`
|
||||
Name string `json:"name"`
|
||||
} `json:"cluster,omitempty"`
|
||||
ClusterPrivilege []map[string][]string `json:"cluster_privilege,omitempty"`
|
||||
Index []struct {
|
||||
Name []string `json:"name"`
|
||||
Privilege []string `json:"privilege"`
|
||||
} `json:"index,omitempty"`
|
||||
}
|
||||
type ConsolePermission struct {
|
||||
Api []string `json:"api"`
|
||||
|
|
|
|||
|
|
@ -103,20 +103,31 @@ func (h Account) Profile(w http.ResponseWriter, r *http.Request, ps httprouter.P
|
|||
h.Error(w, err)
|
||||
return
|
||||
}
|
||||
//user, err := biz.GetUser(reqUser.UserId)
|
||||
//if err != nil {
|
||||
// h.Error(w, err)
|
||||
// return
|
||||
//}
|
||||
//TODO get user from es
|
||||
u := util.MapStr{
|
||||
"user_id": reqUser.UserId,
|
||||
"username": reqUser.Username,
|
||||
"email": "hello@infini.ltd",
|
||||
|
||||
"name": "admin",
|
||||
if reqUser.UserId == "admin" {
|
||||
|
||||
u := util.MapStr{
|
||||
"user_id": "admin",
|
||||
"username": "admin",
|
||||
"email": "admin@infini.ltd",
|
||||
"name": "admin",
|
||||
}
|
||||
h.WriteOKJSON(w, core.FoundResponse(reqUser.UserId, u))
|
||||
} else {
|
||||
user, err := biz.GetUser(reqUser.UserId)
|
||||
if err != nil {
|
||||
h.Error(w, err)
|
||||
return
|
||||
}
|
||||
u := util.MapStr{
|
||||
"user_id": user.ID,
|
||||
"username": user.Username,
|
||||
"email": user.Email,
|
||||
"name": user.Name,
|
||||
}
|
||||
h.WriteOKJSON(w, core.FoundResponse(reqUser.UserId, u))
|
||||
}
|
||||
h.WriteOKJSON(w, core.FoundResponse(reqUser.UserId, u))
|
||||
|
||||
return
|
||||
}
|
||||
func (h Account) UpdatePassword(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ type Rbac struct {
|
|||
|
||||
func registerRouter() {
|
||||
r := Rbac{}
|
||||
api.HandleAPIMethod(api.GET, "/permission/:type", m.PermissionRequired(r.ListPermission, enum.RoleRead...))
|
||||
api.HandleAPIMethod(api.GET, "/permission/:type", r.ListPermission)
|
||||
api.HandleAPIMethod(api.POST, "/role/:type", m.PermissionRequired(r.CreateRole, enum.RoleAll...))
|
||||
api.HandleAPIMethod(api.GET, "/role/:id", m.PermissionRequired(r.GetRole, enum.RoleRead...))
|
||||
api.HandleAPIMethod(api.DELETE, "/role/:id", m.PermissionRequired(r.DeleteRole, enum.RoleAll...))
|
||||
|
|
@ -55,10 +55,11 @@ func loadRolePermission() {
|
|||
biz.RolePermission = make(map[string][]string)
|
||||
|
||||
biz.RolePermission["admin"] = enum.Admin
|
||||
|
||||
}
|
||||
func init() {
|
||||
registerRouter()
|
||||
|
||||
loadJsonConfig()
|
||||
loadRolePermission()
|
||||
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue