change model data struct

2022-05-06 16:01:42 +08:00 · 2022-05-06 16:01:42 +08:00 · 51497469e4
parent d7af5dfe12
commit 51497469e4
14 changed files with 145 additions and 336 deletions
--- a/internal/biz/account.go
+++ b/internal/biz/account.go
@ -11,7 +11,6 @@ import (
 	"infini.sh/framework/core/global"
 	"infini.sh/framework/core/orm"
 	"infini.sh/framework/core/util"
-
 	"time"
 )

@ -41,7 +40,7 @@ const Secret = "console"

 func authenticateUser(username string, password string) (user Account, err error) {

-	err, result := orm.GetBy("username", username, rbac.User{})
+	err, result := orm.GetBy("name", username, rbac.User{})
 	if err != nil {
 		err = ErrNotFound
 		return
@ -75,7 +74,7 @@ func authenticateAdmin(username string, password string) (user Account, err erro
 	user.ID = username
 	user.Username = username
 	user.Roles = []rbac.UserRole{{
-		Id: "admin", Name: "admin",
+		ID: "admin", Name: "admin",
 	}}
 	return user, nil
 }
@ -85,7 +84,7 @@ func authorize(user Account) (m map[string]interface{}, err error) {
 	for _, v := range user.Roles {
 		role := RoleMap[v.Name]
 		roles = append(roles, v.Name)
-		privilege = append(privilege, role.Platform...)
+		privilege = append(privilege, role.Privilege.Platform...)
 	}
 	token := jwt.NewWithClaims(jwt.SigningMethodHS256, UserClaims{
 		User: &User{
@ -143,8 +142,8 @@ func Login(username string, password string) (m map[string]interface{}, err erro
 			"password": password,
 		},
 		User: util.MapStr{
-			"userid":   user.ID,
-			"username": user.Username,
+			"id":   user.ID,
+			"name": user.Username,
 		},
 	}, nil, nil))
 	return
@ -181,8 +180,8 @@ func UpdatePassword(localUser *User, req dto.UpdatePassword) (err error) {
 			"new_password": req.NewPassword,
 		},
 		User: util.MapStr{
-			"userid":   user.ID,
-			"username": user.Username,
+			"id":   user.ID,
+			"name": user.Name,
 		},
 	}, nil, nil))
 	return
@ -212,8 +211,8 @@ func UpdateProfile(localUser *User, req dto.UpdateProfile) (err error) {
 			"phone": req.Phone,
 		},
 		User: util.MapStr{
-			"userid":   user.ID,
-			"username": user.Username,
+			"id":   user.ID,
+			"name": user.Name,
 		},
 	}, nil, nil))
 	return
--- a/internal/biz/enum/const.go
+++ b/internal/biz/enum/const.go
@ -27,8 +27,8 @@ const (

 	IndexAll     = "data.index:all"
 	IndexRead    = "data.index:read"
-	ViewsAll     = "data.views:all"
-	ViewsRead    = "data.views:read"
+	ViewsAll     = "data.view:all"
+	ViewsRead    = "data.view:read"
 	DiscoverAll  = "data.discover:all"
 	DiscoverRead = "data.discover:read"

@ -83,8 +83,8 @@ var (
 	RuleAllPermission     = []string{"rule:read", "rule:write"}
 	AlertReadPermission   = []string{"alert:read"}
 	AlertAllPermission    = []string{"alert:read", "alert:write"}
-	ChannelReadPermssion  = []string{"channel:read"}
-	ChannnelAllPermission = []string{"channel:read", "channel:write"}
+	ChannelReadPermission = []string{"channel:read"}
+	ChannelAllPermission  = []string{"channel:read", "channel:write"}

 	ClusterOverviewReadPermission = []string{"clusterOverview:read"}
 	ClusterOverviewAllPermission  = []string{"clusterOverview:read", "clusterOverview:write"}
@ -147,8 +147,8 @@ func init() {
 		RuleAll:     RuleAllPermission,
 		AlertRead:   AlertReadPermission,
 		AlertAll:    AlertAllPermission,
-		ChannelRead: ChannelReadPermssion,
-		ChannelAll:  ChannnelAllPermission,
+		ChannelRead: ChannelReadPermission,
+		ChannelAll:  ChannelAllPermission,

 		ClusterOverviewRead: ClusterOverviewReadPermission,
 		ClusterOverviewAll:  ClusterOverviewAllPermission,
--- a/internal/biz/permission.go
+++ b/internal/biz/permission.go
@ -1,11 +1,14 @@
 package biz

-import "infini.sh/console/internal/core"
+import (
+	"infini.sh/console/internal/core"
+	"infini.sh/console/model/rbac"
+)

 var ClusterApis = make(map[string][]string)
 var IndexApis = make([]string, 50)

-var RoleMap = make(map[string]Role)
+var RoleMap = make(map[string]rbac.Role)

 type Token struct {
 	JwtStr   string `json:"jwt_str"`
@ -17,19 +20,7 @@ var TokenMap = make(map[string]Token)

 var EsApiRoutes = core.NewRouter()

-type Role struct {
-	Name     string   `json:"name"`
-	Platform []string `json:"platform,omitempty"`
-	Cluster  []struct {
-		Id   string `json:"id"`
-		Name string `json:"name"`
-	} `json:"cluster,omitempty"`
-	ClusterPrivilege []string `json:"cluster_privilege,omitempty"`
-	Index            []struct {
-		Name      []string `json:"name"`
-		Privilege []string `json:"privilege"`
-	} `json:"index,omitempty"`
-}
+
 type RolePermission struct {
 	Platform         []string `json:"platform,omitempty"`
 	Cluster          []string `json:"cluster"`
@ -37,30 +28,17 @@ type RolePermission struct {

 	IndexPrivilege map[string][]string `json:"index_privilege"`
 }
-type ConsolePermisson struct {
-	Platform []Platform `json:"platform"`
-}
-type Platform struct {
-	Id string `json:"id"`

-	Privilege map[string]string `json:"privilege,omitempty"`
-	Children  []Platform        `json:"children,omitempty"`
-}

-func (role ConsoleRole) ListPermission() interface{} {
-
-	p := ConsolePermisson{}
-	return p
-}
-func (role ElasticsearchRole) ListPermission() interface{} {
-	list := ElasticsearchPermisson{
+func ListElasticsearchPermission() interface{} {
+	list := ElasticsearchPermission{
 		ClusterPrivileges: ClusterApis,
 		IndexPrivileges:   IndexApis,
 	}
 	return list
 }

-type ElasticsearchPermisson struct {
+type ElasticsearchPermission struct {
 	IndexPrivileges   []string            `json:"index_privileges"`
 	ClusterPrivileges map[string][]string `json:"cluster_privileges"`
 }
--- a/internal/biz/role.go
+++ b/internal/biz/role.go
@ -16,68 +16,25 @@ import (
 type RoleType = string

 const (
-	Console      RoleType = "console"
+	Platform     RoleType = "platform"
 	Elastisearch RoleType = "elasticsearch"
 )

-type IRole interface {
-	ListPermission() interface{}
-	Create(localUser *User) (id string, err error)
-	Update(localUser *User, model rbac.Role) (err error)
-}
-type ConsoleRole struct {
-	Name        string   `json:"name"`
-	Description string   `json:"description"`
-	RoleType    string   `json:"type" `
-	Platform    []string `json:"platform,omitempty"`
-}
-
-type ElasticsearchRole struct {
-	Name        string `json:"name"`
-	Description string `json:"description" `
-	RoleType    string `json:"type" `
-	Cluster     []struct {
-		Id   string `json:"id"`
-		Name string `json:"name"`
-	} `json:"cluster,omitempty"`
-	ClusterPrivilege []string `json:"cluster_privilege,omitempty"`
-	Index            []struct {
-		Name      []string `json:"name"`
-		Privilege []string `json:"privilege"`
-	} `json:"index,omitempty"`
-}
-
-func NewRole(typ string) (r IRole, err error) {
-	switch typ {
-	case Console:
-		r = &ConsoleRole{
-			RoleType: typ,
-		}
-
-	case Elastisearch:
-		r = &ElasticsearchRole{
-			RoleType: typ,
-		}
-	default:
-		err = fmt.Errorf("role type %s not support", typ)
+func UpdateRole(localUser *User, role *rbac.Role) (err error) {
+	model, err := GetRole(role.ID)
+	if err != nil {
+		return err
 	}
-	return
-}
-func (role ConsoleRole) Update(localUser *User, model rbac.Role) (err error) {
-
+	role.Type = model.Type
+	role.Created = model.Created
 	changeLog, _ := util.DiffTwoObject(model, role)
-	model.Description = role.Description
-	model.Platform = role.Platform
-	model.Updated = time.Now()
-	err = orm.Save(model)
+	role.Updated = time.Now()
+	err = orm.Save(role)
 	if err != nil {
 		return
 	}

-	RoleMap[model.Name] = Role{
-		Name:     model.Name,
-		Platform: model.Platform,
-	}
+	RoleMap[model.Name] = model

 	err = orm.Save(GenerateEvent(event.ActivityMetadata{
 		Category: "platform",
@ -87,7 +44,7 @@ func (role ConsoleRole) Update(localUser *User, model rbac.Role) (err error) {
 		Labels: util.MapStr{
 			"id":          model.ID,
 			"description": model.Description,
-			"platform":    model.Platform,
+			"privilege":    role.Privilege,
 			"updated":     model.Updated,
 		},
 		User: util.MapStr{
@ -98,44 +55,8 @@ func (role ConsoleRole) Update(localUser *User, model rbac.Role) (err error) {

 	return
 }
-func (role ElasticsearchRole) Update(localUser *User, model rbac.Role) (err error) {

-	changeLog, _ := util.DiffTwoObject(model, role)
-	model.Description = role.Description
-	model.Cluster = role.Cluster
-	model.Index = role.Index
-	model.ClusterPrivilege = role.ClusterPrivilege
-	model.Updated = time.Now()
-	err = orm.Save(model)
-	if err != nil {
-		return
-	}
-	RoleMap[model.Name] = Role{
-		Name:             model.Name,
-		Cluster:          model.Cluster,
-		ClusterPrivilege: model.ClusterPrivilege,
-		Index:            model.Index,
-	}
-	err = orm.Save(GenerateEvent(event.ActivityMetadata{
-		Category: "platform",
-		Group:    "rbac",
-		Name:     "role",
-		Type:     "update",
-		Labels: util.MapStr{
-			"id":          model.ID,
-			"description": model.Description,
-			"platform":    model.Platform,
-			"updated":     model.Updated,
-		},
-		User: util.MapStr{
-			"userid":   localUser.UserId,
-			"username": localUser.Username,
-		},
-	}, nil, changeLog))
-
-	return
-}
-func (role ConsoleRole) Create(localUser *User) (id string, err error) {
+func CreateRole(localUser *User, role *rbac.Role) (id string, err error) {
 	if role.Name == "" {
 		err = errors.New("role name is require")
 		return
@ -156,24 +77,15 @@ func (role ConsoleRole) Create(localUser *User) (id string, err error) {
 		return
 	}

-	newRole := rbac.Role{
-		Name:        role.Name,
-		Description: role.Description,
-		RoleType:    role.RoleType,
-		Platform:    role.Platform,
-	}
-	newRole.ID = util.GetUUID()
-	newRole.Created = time.Now()
-	newRole.Updated = time.Now()
-	err = orm.Save(&newRole)
+	role.ID = util.GetUUID()
+	role.Created = time.Now()
+	role.Updated = time.Now()
+	err = orm.Save(role)
 	if err != nil {
 		return
 	}
-	id = newRole.ID
-	RoleMap[role.Name] = Role{
-		Name:     newRole.Name,
-		Platform: newRole.Platform,
-	}
+	id = role.ID
+	RoleMap[role.Name] = *role
 	err = orm.Save(GenerateEvent(event.ActivityMetadata{
 		Category: "platform",
 		Group:    "rbac",
@ -183,10 +95,8 @@ func (role ConsoleRole) Create(localUser *User) (id string, err error) {
 			"id":          id,
 			"name":        role.Name,
 			"description": role.Description,
-			"platform":    role.Platform,
-			"type":        role.RoleType,
-			"created":     newRole.Created.Format("2006-01-02 15:04:05"),
-			"updated":     newRole.Updated.Format("2006-01-02 15:04:05"),
+			"privilege":    role.Privilege,
+			"type":        role.Type,
 		},
 		User: util.MapStr{
 			"userid":   localUser.UserId,
@ -200,76 +110,6 @@ func (role ConsoleRole) Create(localUser *User) (id string, err error) {
 	return

 }
-func (role ElasticsearchRole) Create(localUser *User) (id string, err error) {
-	if role.Name == "" {
-		err = errors.New("role name is require")
-		return
-	}
-	if _, ok := enum.BuildRoles[role.Name]; ok {
-		err = fmt.Errorf("role name %s already exists", role.Name)
-		return
-	}
-	q := orm.Query{Size: 1}
-	q.Conds = orm.And(orm.Eq("name", role.Name))
-
-	err, result := orm.Search(rbac.Role{}, &q)
-	if err != nil {
-		return
-	}
-	if result.Total > 0 {
-		err = fmt.Errorf("role name %s already exists", role.Name)
-		return
-	}
-
-	newRole := rbac.Role{
-		Name:        role.Name,
-		Description: role.Description,
-		RoleType:    role.RoleType,
-	}
-	newRole.Cluster = role.Cluster
-	newRole.Index = role.Index
-	newRole.ClusterPrivilege = role.ClusterPrivilege
-	newRole.ID = util.GetUUID()
-	newRole.Created = time.Now()
-	newRole.Updated = time.Now()
-	err = orm.Save(&newRole)
-	if err != nil {
-		return
-	}
-	id = newRole.ID
-	RoleMap[newRole.Name] = Role{
-		Name:             newRole.Name,
-		Cluster:          newRole.Cluster,
-		ClusterPrivilege: newRole.ClusterPrivilege,
-		Index:            newRole.Index,
-	}
-	err = orm.Save(GenerateEvent(event.ActivityMetadata{
-		Category: "platform",
-		Group:    "rbac",
-		Name:     "role",
-		Type:     "create",
-		Labels: util.MapStr{
-			"id":                id,
-			"name":              newRole.Name,
-			"description":       newRole.Description,
-			"cluster":           newRole.Cluster,
-			"index":             newRole.Index,
-			"cluster_privilege": newRole.ClusterPrivilege,
-			"type":              newRole.RoleType,
-			"created":           newRole.Created.Format("2006-01-02 15:04:05"),
-			"updated":           newRole.Updated.Format("2006-01-02 15:04:05"),
-		},
-		User: util.MapStr{
-			"userid":   localUser.UserId,
-			"username": localUser.Username,
-		},
-	}, nil, nil))
-
-	if err != nil {
-		log.Error(err)
-	}
-	return
-}
 func DeleteRole(localUser *User, id string) (err error) {
 	role := rbac.Role{}
 	role.ID = id
@ -302,11 +142,7 @@ func DeleteRole(localUser *User, id string) (err error) {
 		"id":                id,
 		"name":              role.Name,
 		"description":       role.Description,
-		"platform":          role.Platform,
-		"cluster":           role.Cluster,
-		"index":             role.Index,
-		"cluster_privilege": role.ClusterPrivilege,
-		"type":              role.RoleType,
+		"type":              role.Type,
 		"created":           role.Created.Format("2006-01-02 15:04:05"),
 		"updated":           role.Updated.Format("2006-01-02 15:04:05"),
 	}, nil))
@ -342,7 +178,7 @@ func SearchRole(keyword string, from, size int) (roles orm.Result, err error) {
 	return
 }
 func IsAllowRoleType(roleType string) (err error) {
-	if roleType != Console && roleType != Elastisearch {
+	if roleType != Platform && roleType != Elastisearch {
 		err = fmt.Errorf("invalid role type %s ", roleType)
 		return
 	}
--- a/internal/biz/user.go
+++ b/internal/biz/user.go
@ -43,11 +43,11 @@ func DeleteUser(localUser *User, id string) (err error) {
 		},
 	}, util.MapStr{
 		"id":       id,
-		"username": user.Username,
+		"name": user.Name,
 		"email":    user.Email,
 		"phone":    user.Phone,
 		"password": user.Password,
-		"name":     user.Name,
+		"nickname":     user.NickName,
 		"tags":     user.Tags,
 		"roles":    user.Roles,
 		"created":  user.Created,
@ -57,7 +57,7 @@ func DeleteUser(localUser *User, id string) (err error) {
 }
 func CreateUser(localUser *User, req dto.CreateUser) (id string, password string, err error) {
 	q := orm.Query{Size: 1000}
-	q.Conds = orm.And(orm.Eq("username", req.Username))
+	q.Conds = orm.And(orm.Eq("name", req.Name))

 	err, result := orm.Search(rbac.User{}, &q)
 	if err != nil {
@ -71,7 +71,7 @@ func CreateUser(localUser *User, req dto.CreateUser) (id string, password string
 	roles := make([]rbac.UserRole, 0)
 	for _, v := range req.Roles {
 		roles = append(roles, rbac.UserRole{
-			Id:   v.Id,
+			ID:   v.Id,
 			Name: v.Name,
 		})
 	}
@ -82,7 +82,7 @@ func CreateUser(localUser *User, req dto.CreateUser) (id string, password string
 	}
 	user := rbac.User{
 		Name:     req.Name,
-		Username: req.Username,
+		NickName: req.NickName,
 		Password: string(hash),
 		Email:    req.Email,
 		Phone:    req.Phone,
@ -106,11 +106,11 @@ func CreateUser(localUser *User, req dto.CreateUser) (id string, password string
 		Type:     "create",
 		Labels: util.MapStr{
 			"id":       id,
-			"username": user.Username,
+			"name": user.Name,
 			"email":    user.Email,
 			"phone":    user.Phone,
 			"password": user.Password,
-			"name":     user.Name,
+			"nick_name":     user.NickName,
 			"tags":     user.Tags,
 			"roles":    user.Roles,
 			"created":  user.Created,
@ -133,7 +133,7 @@ func UpdateUser(localUser *User, id string, req dto.UpdateUser) (err error) {
 	roles := make([]rbac.UserRole, 0)
 	for _, v := range req.Roles {
 		roles = append(roles, rbac.UserRole{
-			Id:   v.Id,
+			ID:   v.Id,
 			Name: v.Name,
 		})
 	}
@ -183,7 +183,7 @@ func UpdateUserRole(localUser *User, id string, req dto.UpdateUserRole) (err err
 	roles := make([]rbac.UserRole, 0)
 	for _, v := range req.Roles {
 		roles = append(roles, rbac.UserRole{
-			Id:   v.Id,
+			ID:   v.Id,
 			Name: v.Name,
 		})
 	}
@ -257,7 +257,9 @@ func UpdateUserPassword(localUser *User, id string, password string) (err error)
 	if err != nil {
 		return
 	}
-	delete(TokenMap, localUser.UserId)
+	if localUser.UserId == id {
+		delete(TokenMap, localUser.UserId)
+	}
 	err = orm.Save(GenerateEvent(event.ActivityMetadata{
 		Category: "platform",
 		Group:    "rbac",
--- a/internal/biz/validate.go
+++ b/internal/biz/validate.go
@ -114,22 +114,22 @@ func CombineUserRoles(roleNames []string) RolePermission {
 	m := make(map[string][]string)
 	for _, val := range roleNames {
 		role := RoleMap[val]
-		for _, v := range role.Cluster {
-			newRole.Cluster = append(newRole.Cluster, v.Id)
+		for _, v := range role.Privilege.Elasticsearch.Cluster.Resources {
+			newRole.Cluster = append(newRole.Cluster, v.ID)
 		}
-		for _, v := range role.ClusterPrivilege {
+		for _, v := range role.Privilege.Elasticsearch.Cluster.Permissions {
 			newRole.ClusterPrivilege = append(newRole.ClusterPrivilege, v)
 		}
-		for _, v := range role.Platform {
+		for _, v := range role.Privilege.Platform {
 			newRole.Platform = append(newRole.Platform, v)
 		}
-		for _, v := range role.Index {
+		for _, v := range role.Privilege.Elasticsearch.Index {

 			for _, name := range v.Name {
 				if _, ok := m[name]; ok {
-					m[name] = append(m[name], v.Privilege...)
+					m[name] = append(m[name], v.Permissions...)
 				} else {
-					m[name] = v.Privilege
+					m[name] = v.Permissions
 				}

 			}
@ -225,7 +225,7 @@ func ValidatePermission(claims *UserClaims, permissions []string) (err error) {
 	userPermissions := make([]string, 0)
 	for _, role := range user.Roles {
 		if _, ok := RoleMap[role]; ok {
-			for _, v := range RoleMap[role].Platform {
+			for _, v := range RoleMap[role].Privilege.Platform {
 				userPermissions = append(userPermissions, v)

 				//all include read
--- a/internal/dto/role.go
+++ b/internal/dto/role.go
@ -16,7 +16,7 @@ type ElasticsearchPermission struct {
 	IndexPrivilege   []string `json:"index_privilege" `
 }
 type CreateUser struct {
-	Username string `json:"username"`
+	NickName string `json:"nick_name"`

 	Name  string   `json:"name"`
 	Email string   `json:"email"`
--- a/model/rbac/role.go
+++ b/model/rbac/role.go
@ -1,51 +1,40 @@
 package rbac

 import (
-	"infini.sh/framework/core/orm"
+	"time"
 )

 type Role struct {
-	orm.ORMObjectBase
-	Name        string   `json:"name" elastic_mapping:"name:{type:keyword}"`
-	Description string   `json:"description" elastic_mapping:"description:{type:text}"`
-	RoleType    string   `json:"type" elastic_mapping:"type:{type:keyword}"`
-	Platform    []string `json:"platform,omitempty" `
-	BuiltIn     bool     `json:"builtin" elastic_mapping:"builtin:{type:boolean}"` //是否内置
-
-	Cluster []struct {
-		Id   string `json:"id"`
-		Name string `json:"name"`
-	} `json:"cluster,omitempty"`
-	ClusterPrivilege []string `json:"cluster_privilege,omitempty"`
-	Index            []struct {
-		Name      []string `json:"name"`
-		Privilege []string `json:"privilege"`
-	} `json:"index,omitempty"`
-}
-type ConsolePermission struct {
-	Api  []string `json:"api"`
-	Menu []Menu   `json:"menu"`
+	ID      string    `json:"id,omitempty"      elastic_meta:"_id" elastic_mapping:"id: { type: keyword }"`
+	Created time.Time `json:"created,omitempty" elastic_mapping:"created: { type: date }"`
+	Updated time.Time `json:"updated,omitempty" elastic_mapping:"updated: { type: date }"`
+	Name string `json:"name"  elastic_mapping:"name: { type: keyword }"`
+	Type string `json:"type" elastic_mapping:"type: { type: keyword }"`
+	Description string `json:"description"  elastic_mapping:"description: { type: text }"`
+	Builtin bool `json:"builtin" elastic_mapping:"builtin: { type: boolean }"`
+	Privilege RolePrivilege `json:"privilege" elastic_mapping:"privilege: { type: object }"`
 }

-type Menu struct {
-	Id        string `json:"id"`
-	Name      string `json:"name"`
-	Privilege string `json:"privilege"`
+type RolePrivilege struct {
+	Platform []string `json:"platform,omitempty" elastic_mapping:"platform: { type: keyword }"`
+	Elasticsearch ElasticsearchPrivilege `json:"elasticsearch,omitempty" elastic_mapping:"elasticsearch: { type: object }"`
 }

-type ElasticRole struct {
-	orm.ORMObjectBase
-	Name        string `json:"name" elastic_mapping:"name:{type:keyword}"`
-	Description string `json:"description" elastic_mapping:"description:{type:text}"`
-	RoleType    string `json:"type" elastic_mapping:"type:{type:keyword}"`
-	BuiltIn     bool   `json:"builtin" elastic_mapping:"builtin:{type:boolean}"` //是否内置
-	Cluster     []struct {
-		Id   string `json:"id"`
-		Name string `json:"name"`
-	} `json:"cluster,omitempty"`
-	ClusterPrivilege []map[string][]string `json:"cluster_privilege,omitempty"`
-	Index            []struct {
-		Name      []string `json:"name"`
-		Privilege []string `json:"privilege"`
-	} `json:"index,omitempty"`
+type ElasticsearchPrivilege struct {
+	Cluster ClusterPrivilege `json:"cluster,omitempty" elastic_mapping:"cluster: { type: object }"`
+	Index []IndexPrivilege `json:"index,omitempty" elastic_mapping:"index: { type: object }"`
 }
+
+type InnerCluster struct {
+	ID string `json:"id" elastic_mapping:"id: { type: keyword }"`
+	Name string `json:"name" elastic_mapping:"name: { type: keyword }"`
+}
+type ClusterPrivilege struct {
+	Resources []InnerCluster `json:"resources,omitempty" elastic_mapping:"resources: { type: object }"`
+	Permissions []string `json:"permissions,omitempty" elastic_mapping:"permissions: { type: keyword }"`
+}
+
+type IndexPrivilege struct {
+	Name []string `json:"name,omitempty" elastic_mapping:"name: { type: keyword }"`
+	Permissions []string `json:"permissions,omitempty" elastic_mapping:"permissions: { type: keyword }"`
+}
--- a/model/rbac/user.go
+++ b/model/rbac/user.go
@ -1,18 +1,23 @@
 package rbac

-import "infini.sh/framework/core/orm"
+import (
+	"time"
+)

 type User struct {
-	orm.ORMObjectBase
-	Username string     `json:"username" elastic_mapping:"username:{type:keyword}"`
-	Password string     `json:"password" elastic_mapping:"password:{type:text}"`
-	Name     string     `json:"name" elastic_mapping:"name:{type:keyword}"`
-	Phone    string     `json:"phone" elastic_mapping:"phone:{type:keyword}"`
-	Email    string     `json:"email" elastic_mapping:"email:{type:keyword}"`
-	Roles    []UserRole `json:"roles"`
-	Tags     []string   `json:"tags,omitempty" elastic_mapping:"tags:{type:text}"`
+	ID      string    `json:"id,omitempty"      elastic_meta:"_id" elastic_mapping:"id: { type: keyword }"`
+	Created time.Time `json:"created,omitempty" elastic_mapping:"created: { type: date }"`
+	Updated time.Time `json:"updated,omitempty" elastic_mapping:"updated: { type: date }"`
+	Name string `json:"name"  elastic_mapping:"name: { type: keyword }"`
+	NickName string `json:"nick_name"  elastic_mapping:"nick_name: { type: keyword }"`
+	Password string `json:"password"  elastic_mapping:"password: { type: keyword }"`
+	Email string `json:"email" elastic_mapping:"email: { type: keyword }"`
+	Phone string `json:"phone" elastic_mapping:"phone: { type: keyword }"`
+	Tags []string    `json:"tags" elastic_mapping:"mobile: { type: keyword }"`
+	Roles []UserRole `json:"roles" elastic_mapping:"roles: { type: object }"`
 }
+
 type UserRole struct {
-	Id   string `json:"id" elastic_mapping:"id:{type:keyword}"`
-	Name string `json:"name" elastic_mapping:"name:{type:keyword}" `
-}
+	ID string `json:"id" elastic_mapping:"id: { type: keyword }"`
+	Name string `json:"name" elastic_mapping:"name: { type: keyword }"`
+}
--- a/plugin/api/account/account.go
+++ b/plugin/api/account/account.go
@ -114,9 +114,9 @@ func (h Account) Profile(w http.ResponseWriter, r *http.Request, ps httprouter.P

 		u := util.MapStr{
 			"user_id":  "admin",
-			"username": "admin",
+			"name": "admin",
 			"email":    "admin@infini.ltd",
-			"name":     "admin",
+			"nick_name":     "admin",
 			"phone":    "13011111111",
 		}
 		h.WriteOKJSON(w, core.FoundResponse(reqUser.UserId, u))
@ -128,9 +128,9 @@ func (h Account) Profile(w http.ResponseWriter, r *http.Request, ps httprouter.P
 		}
 		u := util.MapStr{
 			"user_id":  user.ID,
-			"username": user.Username,
+			"name": user.Name,
 			"email":    user.Email,
-			"name":     user.Name,
+			"nick_name":     user.NickName,
 			"phone":    user.Phone,
 		}
 		h.WriteOKJSON(w, core.FoundResponse(reqUser.UserId, u))
--- a/plugin/api/rbac/api.go
+++ b/plugin/api/rbac/api.go
@ -6,12 +6,13 @@ import (
 	"infini.sh/console/internal/biz"
 	"infini.sh/console/internal/biz/enum"
 	m "infini.sh/console/internal/middleware"
+	"infini.sh/console/model/rbac"
 	"infini.sh/framework/core/api"
 	"infini.sh/framework/core/elastic"
 	"infini.sh/framework/core/util"
 	"os"
 	"path"
-	log "src/github.com/cihub/seelog"
+	log "github.com/cihub/seelog"
 )

 type Rbac struct {
@ -70,10 +71,12 @@ func loadJsonConfig() {

 }
 func loadRolePermission() {
-	biz.RoleMap = make(map[string]biz.Role)
+	biz.RoleMap = make(map[string]rbac.Role)

-	biz.RoleMap["admin"] = biz.Role{
-		Platform: enum.AdminPrivilege,
+	biz.RoleMap["admin"] = rbac.Role{
+		Privilege: rbac.RolePrivilege{
+			Platform: enum.AdminPrivilege,
+		},
 	}

 	res, err := biz.SearchRole("", 0, 1000)
@ -85,9 +88,12 @@ func loadRolePermission() {
 	util.FromJSONBytes(res.Raw, &response)

 	for _, v := range response.Hits.Hits {
-		var role biz.Role
+		var role rbac.Role
+		delete(v.Source, "created")
+		delete(v.Source, "updated")
 		err = mapstructure.Decode(v.Source, &role)
 		if err != nil {
+			log.Error(err)
 			return
 		}
 		biz.RoleMap[role.Name] = role
--- a/plugin/api/rbac/permission.go
+++ b/plugin/api/rbac/permission.go
@ -9,15 +9,16 @@ import (

 func (h Rbac) ListPermission(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
 	typ := ps.MustGetParameter("type")
-
-	role, err := biz.NewRole(typ)
-
+	err := biz.IsAllowRoleType(typ)
 	if err != nil {
 		_ = log.Error(err.Error())
 		h.ErrorInternalServer(w, err.Error())
 		return
 	}
-	permissions := role.ListPermission()
+	var permissions interface{}
+	if typ == biz.Elastisearch {
+		permissions = biz.ListElasticsearchPermission()
+	}
 	h.WriteOKJSON(w, permissions)
 	return
 }
--- a/plugin/api/rbac/role.go
+++ b/plugin/api/rbac/role.go
@ -5,6 +5,7 @@ import (
 	"infini.sh/console/internal/biz"
 	"infini.sh/console/internal/biz/enum"
 	"infini.sh/console/internal/core"
+	"infini.sh/console/model/rbac"
 	httprouter "infini.sh/framework/core/api/router"
 	"infini.sh/framework/core/elastic"
 	"infini.sh/framework/core/util"
@ -20,20 +21,22 @@ func (h Rbac) CreateRole(w http.ResponseWriter, r *http.Request, ps httprouter.P
 		h.ErrorInternalServer(w, err.Error())
 		return
 	}
-	irole, err := biz.NewRole(roleType)
+	err = biz.IsAllowRoleType(roleType)
 	if err != nil {
 		h.ErrorInternalServer(w, err.Error())
 		return
 	}
-
-	err = h.DecodeJSON(r, &irole)
+	role := &rbac.Role{
+		Type: roleType,
+	}
+	err = h.DecodeJSON(r, role)
 	if err != nil {
 		h.Error400(w, err.Error())
 		return
 	}

 	var id string
-	id, err = irole.Create(localUser)
+	id, err = biz.CreateRole(localUser, role)

 	if err != nil {
 		_ = log.Error(err.Error())
@ -128,24 +131,14 @@ func (h Rbac) UpdateRole(w http.ResponseWriter, r *http.Request, ps httprouter.P
 		h.ErrorInternalServer(w, err.Error())
 		return
 	}
-	model, err := biz.GetRole(id)
-	if err != nil {
-		h.ErrorInternalServer(w, err.Error())
-		return
-	}
-	irole, err := biz.NewRole(model.RoleType)
-	if err != nil {
-		h.ErrorInternalServer(w, err.Error())
-		return
-	}
-
-	err = h.DecodeJSON(r, &irole)
+	role := &rbac.Role{}
+	err = h.DecodeJSON(r, role)
 	if err != nil {
 		h.Error400(w, err.Error())
 		return
 	}
-
-	err = irole.Update(localUser, model)
+	role.ID = id
+	err = biz.UpdateRole(localUser, role)

 	if err != nil {
 		_ = log.Error(err.Error())
--- a/plugin/api/rbac/user.go
+++ b/plugin/api/rbac/user.go
@ -29,7 +29,7 @@ func (h Rbac) CreateUser(w http.ResponseWriter, r *http.Request, ps httprouter.P
 		h.Error400(w, err.Error())
 		return
 	}
-	if req.Username == "" || req.Phone == "" || req.Email == "" {
+	if req.Name == ""  {

 		h.Error400(w, "username and phone and email is require")
 		return