fix: (rbac) user profile
This commit is contained in:
xushuhui
parent
a1efff50f2
commit
3bb04e4ab1
|
|
@ -22,10 +22,9 @@ type UserClaims struct {
|
||||||
*User
|
*User
|
||||||
}
|
}
|
||||||
type User struct {
|
type User struct {
|
||||||
Username string `json:"username"`
|
Username string `json:"username"`
|
||||||
UserId string `json:"user_id"`
|
UserId string `json:"user_id"`
|
||||||
Roles []string `json:"roles"`
|
Roles []string `json:"roles"`
|
||||||
Privilege []string `json:"privilege"`
|
|
||||||
}
|
}
|
||||||
type Account struct {
|
type Account struct {
|
||||||
ID string `json:"id,omitempty" `
|
ID string `json:"id,omitempty" `
|
||||||
|
|
@ -227,6 +226,7 @@ func ValidatePermission(claims *UserClaims, permissions []string) (err error) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
var count int
|
var count int
|
||||||
for _, v := range permissions {
|
for _, v := range permissions {
|
||||||
if _, ok := userPermissionMap[v]; ok {
|
if _, ok := userPermissionMap[v]; ok {
|
||||||
|
|
|
||||||
|
|
@ -21,3 +21,39 @@ func FromUserContext(ctx context.Context) (*User, error) {
|
||||||
}
|
}
|
||||||
return reqUser.User, nil
|
return reqUser.User, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
//type EsRole struct {
|
||||||
|
// Cluster []string `json:"cluster,omitempty"`
|
||||||
|
// Index []string `json:"index,omitempty"`
|
||||||
|
//}
|
||||||
|
|
||||||
|
func NewEsContext(ctx context.Context, role EsRole) {
|
||||||
|
//get user es role
|
||||||
|
|
||||||
|
}
|
||||||
|
func ValidateEsPermission(req, userRole EsRole) (err error) {
|
||||||
|
userClusterMap := make(map[string]struct{})
|
||||||
|
userIndexMap := make(map[string]struct{})
|
||||||
|
for _, v := range userRole.Cluster {
|
||||||
|
userClusterMap[v.Id] = struct{}{}
|
||||||
|
}
|
||||||
|
for _, val := range userRole.Index {
|
||||||
|
for _, v := range val.Name {
|
||||||
|
userIndexMap[v] = struct{}{}
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
//for _, v := range req.Cluster {
|
||||||
|
// if _, ok := userClusterMap[v]; !ok {
|
||||||
|
// err = errors.New("no cluster permission")
|
||||||
|
// return
|
||||||
|
// }
|
||||||
|
//}
|
||||||
|
//for _, v := range req.Index {
|
||||||
|
// if _, ok := userClusterMap[v]; !ok {
|
||||||
|
// err = errors.New("no index permission")
|
||||||
|
// return
|
||||||
|
// }
|
||||||
|
//}
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
|
||||||
|
|
@ -16,7 +16,6 @@ var InstanceAll = []string{"instance::read", "instance::write"}
|
||||||
|
|
||||||
var Admin []string
|
var Admin []string
|
||||||
var BuildRoles = make(map[string]map[string]interface{}, 0)
|
var BuildRoles = make(map[string]map[string]interface{}, 0)
|
||||||
var Permission = make(map[string][]string)
|
|
||||||
|
|
||||||
func init() {
|
func init() {
|
||||||
Admin = append(Admin, UserAll...)
|
Admin = append(Admin, UserAll...)
|
||||||
|
|
|
||||||
|
|
@ -4,7 +4,19 @@ var ClusterApis = make(map[string][]string)
|
||||||
var IndexApis = make([]string, 0)
|
var IndexApis = make([]string, 0)
|
||||||
|
|
||||||
var RolePermission = make(map[string][]string)
|
var RolePermission = make(map[string][]string)
|
||||||
|
var EsRolePermission = make(map[string]EsRole)
|
||||||
|
|
||||||
|
type EsRole struct {
|
||||||
|
Cluster []struct {
|
||||||
|
Id string `json:"id"`
|
||||||
|
Name string `json:"name"`
|
||||||
|
} `json:"cluster,omitempty"`
|
||||||
|
ClusterPrivilege []map[string][]string `json:"cluster_privilege,omitempty"`
|
||||||
|
Index []struct {
|
||||||
|
Name []string `json:"name"`
|
||||||
|
Privilege []string `json:"privilege"`
|
||||||
|
} `json:"index,omitempty"`
|
||||||
|
}
|
||||||
type ConsolePermisson struct {
|
type ConsolePermisson struct {
|
||||||
Platform []Platform `json:"platform"`
|
Platform []Platform `json:"platform"`
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -135,7 +135,7 @@ func (role ElasticsearchRole) Create(localUser *User) (id string, err error) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
newRole := rbac.ElasticRole{
|
newRole := rbac.Role{
|
||||||
Name: role.Name,
|
Name: role.Name,
|
||||||
Description: role.Description,
|
Description: role.Description,
|
||||||
RoleType: role.RoleType,
|
RoleType: role.RoleType,
|
||||||
|
|
|
||||||
|
|
@ -19,7 +19,19 @@ func LoginRequired(h httprouter.Handle) httprouter.Handle {
|
||||||
h(w, r, ps)
|
h(w, r, ps)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
func EsPermissionReqired(h httprouter.Handle) httprouter.Handle {
|
||||||
|
|
||||||
|
return func(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
|
||||||
|
|
||||||
|
claims, err := biz.ValidateLogin(r.Header.Get("Authorization"))
|
||||||
|
if err != nil {
|
||||||
|
w = handleError(w, http.StatusUnauthorized, err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
r = r.WithContext(biz.NewUserContext(r.Context(), claims))
|
||||||
|
h(w, r, ps)
|
||||||
|
}
|
||||||
|
}
|
||||||
func PermissionRequired(h httprouter.Handle, permissions ...string) httprouter.Handle {
|
func PermissionRequired(h httprouter.Handle, permissions ...string) httprouter.Handle {
|
||||||
return func(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
|
return func(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
|
||||||
claims, err := biz.ValidateLogin(r.Header.Get("Authorization"))
|
claims, err := biz.ValidateLogin(r.Header.Get("Authorization"))
|
||||||
|
|
|
||||||
|
|
@ -12,6 +12,15 @@ type Role struct {
|
||||||
Platform []string `json:"platform,omitempty" `
|
Platform []string `json:"platform,omitempty" `
|
||||||
BuiltIn bool `json:"builtin" elastic_mapping:"builtin:{type:boolean}"` //是否内置
|
BuiltIn bool `json:"builtin" elastic_mapping:"builtin:{type:boolean}"` //是否内置
|
||||||
|
|
||||||
|
Cluster []struct {
|
||||||
|
Id string `json:"id"`
|
||||||
|
Name string `json:"name"`
|
||||||
|
} `json:"cluster,omitempty"`
|
||||||
|
ClusterPrivilege []map[string][]string `json:"cluster_privilege,omitempty"`
|
||||||
|
Index []struct {
|
||||||
|
Name []string `json:"name"`
|
||||||
|
Privilege []string `json:"privilege"`
|
||||||
|
} `json:"index,omitempty"`
|
||||||
}
|
}
|
||||||
type ConsolePermission struct {
|
type ConsolePermission struct {
|
||||||
Api []string `json:"api"`
|
Api []string `json:"api"`
|
||||||
|
|
|
||||||
|
|
@ -103,20 +103,31 @@ func (h Account) Profile(w http.ResponseWriter, r *http.Request, ps httprouter.P
|
||||||
h.Error(w, err)
|
h.Error(w, err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
//user, err := biz.GetUser(reqUser.UserId)
|
|
||||||
//if err != nil {
|
|
||||||
// h.Error(w, err)
|
|
||||||
// return
|
|
||||||
//}
|
|
||||||
//TODO get user from es
|
|
||||||
u := util.MapStr{
|
|
||||||
"user_id": reqUser.UserId,
|
|
||||||
"username": reqUser.Username,
|
|
||||||
"email": "hello@infini.ltd",
|
|
||||||
|
|
||||||
"name": "admin",
|
if reqUser.UserId == "admin" {
|
||||||
|
|
||||||
|
u := util.MapStr{
|
||||||
|
"user_id": "admin",
|
||||||
|
"username": "admin",
|
||||||
|
"email": "admin@infini.ltd",
|
||||||
|
"name": "admin",
|
||||||
|
}
|
||||||
|
h.WriteOKJSON(w, core.FoundResponse(reqUser.UserId, u))
|
||||||
|
} else {
|
||||||
|
user, err := biz.GetUser(reqUser.UserId)
|
||||||
|
if err != nil {
|
||||||
|
h.Error(w, err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
u := util.MapStr{
|
||||||
|
"user_id": user.ID,
|
||||||
|
"username": user.Username,
|
||||||
|
"email": user.Email,
|
||||||
|
"name": user.Name,
|
||||||
|
}
|
||||||
|
h.WriteOKJSON(w, core.FoundResponse(reqUser.UserId, u))
|
||||||
}
|
}
|
||||||
h.WriteOKJSON(w, core.FoundResponse(reqUser.UserId, u))
|
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
func (h Account) UpdatePassword(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
|
func (h Account) UpdatePassword(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
|
||||||
|
|
|
||||||
|
|
@ -17,7 +17,7 @@ type Rbac struct {
|
||||||
|
|
||||||
func registerRouter() {
|
func registerRouter() {
|
||||||
r := Rbac{}
|
r := Rbac{}
|
||||||
api.HandleAPIMethod(api.GET, "/permission/:type", m.PermissionRequired(r.ListPermission, enum.RoleRead...))
|
api.HandleAPIMethod(api.GET, "/permission/:type", r.ListPermission)
|
||||||
api.HandleAPIMethod(api.POST, "/role/:type", m.PermissionRequired(r.CreateRole, enum.RoleAll...))
|
api.HandleAPIMethod(api.POST, "/role/:type", m.PermissionRequired(r.CreateRole, enum.RoleAll...))
|
||||||
api.HandleAPIMethod(api.GET, "/role/:id", m.PermissionRequired(r.GetRole, enum.RoleRead...))
|
api.HandleAPIMethod(api.GET, "/role/:id", m.PermissionRequired(r.GetRole, enum.RoleRead...))
|
||||||
api.HandleAPIMethod(api.DELETE, "/role/:id", m.PermissionRequired(r.DeleteRole, enum.RoleAll...))
|
api.HandleAPIMethod(api.DELETE, "/role/:id", m.PermissionRequired(r.DeleteRole, enum.RoleAll...))
|
||||||
|
|
@ -55,10 +55,11 @@ func loadRolePermission() {
|
||||||
biz.RolePermission = make(map[string][]string)
|
biz.RolePermission = make(map[string][]string)
|
||||||
|
|
||||||
biz.RolePermission["admin"] = enum.Admin
|
biz.RolePermission["admin"] = enum.Admin
|
||||||
|
|
||||||
}
|
}
|
||||||
func init() {
|
func init() {
|
||||||
registerRouter()
|
registerRouter()
|
||||||
|
loadJsonConfig()
|
||||||
loadRolePermission()
|
loadRolePermission()
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue