change model data struct
This commit is contained in:
parent
d7af5dfe12
commit
51497469e4
|
@ -11,7 +11,6 @@ import (
|
|||
"infini.sh/framework/core/global"
|
||||
"infini.sh/framework/core/orm"
|
||||
"infini.sh/framework/core/util"
|
||||
|
||||
"time"
|
||||
)
|
||||
|
||||
|
@ -41,7 +40,7 @@ const Secret = "console"
|
|||
|
||||
func authenticateUser(username string, password string) (user Account, err error) {
|
||||
|
||||
err, result := orm.GetBy("username", username, rbac.User{})
|
||||
err, result := orm.GetBy("name", username, rbac.User{})
|
||||
if err != nil {
|
||||
err = ErrNotFound
|
||||
return
|
||||
|
@ -75,7 +74,7 @@ func authenticateAdmin(username string, password string) (user Account, err erro
|
|||
user.ID = username
|
||||
user.Username = username
|
||||
user.Roles = []rbac.UserRole{{
|
||||
Id: "admin", Name: "admin",
|
||||
ID: "admin", Name: "admin",
|
||||
}}
|
||||
return user, nil
|
||||
}
|
||||
|
@ -85,7 +84,7 @@ func authorize(user Account) (m map[string]interface{}, err error) {
|
|||
for _, v := range user.Roles {
|
||||
role := RoleMap[v.Name]
|
||||
roles = append(roles, v.Name)
|
||||
privilege = append(privilege, role.Platform...)
|
||||
privilege = append(privilege, role.Privilege.Platform...)
|
||||
}
|
||||
token := jwt.NewWithClaims(jwt.SigningMethodHS256, UserClaims{
|
||||
User: &User{
|
||||
|
@ -143,8 +142,8 @@ func Login(username string, password string) (m map[string]interface{}, err erro
|
|||
"password": password,
|
||||
},
|
||||
User: util.MapStr{
|
||||
"userid": user.ID,
|
||||
"username": user.Username,
|
||||
"id": user.ID,
|
||||
"name": user.Username,
|
||||
},
|
||||
}, nil, nil))
|
||||
return
|
||||
|
@ -181,8 +180,8 @@ func UpdatePassword(localUser *User, req dto.UpdatePassword) (err error) {
|
|||
"new_password": req.NewPassword,
|
||||
},
|
||||
User: util.MapStr{
|
||||
"userid": user.ID,
|
||||
"username": user.Username,
|
||||
"id": user.ID,
|
||||
"name": user.Name,
|
||||
},
|
||||
}, nil, nil))
|
||||
return
|
||||
|
@ -212,8 +211,8 @@ func UpdateProfile(localUser *User, req dto.UpdateProfile) (err error) {
|
|||
"phone": req.Phone,
|
||||
},
|
||||
User: util.MapStr{
|
||||
"userid": user.ID,
|
||||
"username": user.Username,
|
||||
"id": user.ID,
|
||||
"name": user.Name,
|
||||
},
|
||||
}, nil, nil))
|
||||
return
|
||||
|
|
|
@ -27,8 +27,8 @@ const (
|
|||
|
||||
IndexAll = "data.index:all"
|
||||
IndexRead = "data.index:read"
|
||||
ViewsAll = "data.views:all"
|
||||
ViewsRead = "data.views:read"
|
||||
ViewsAll = "data.view:all"
|
||||
ViewsRead = "data.view:read"
|
||||
DiscoverAll = "data.discover:all"
|
||||
DiscoverRead = "data.discover:read"
|
||||
|
||||
|
@ -83,8 +83,8 @@ var (
|
|||
RuleAllPermission = []string{"rule:read", "rule:write"}
|
||||
AlertReadPermission = []string{"alert:read"}
|
||||
AlertAllPermission = []string{"alert:read", "alert:write"}
|
||||
ChannelReadPermssion = []string{"channel:read"}
|
||||
ChannnelAllPermission = []string{"channel:read", "channel:write"}
|
||||
ChannelReadPermission = []string{"channel:read"}
|
||||
ChannelAllPermission = []string{"channel:read", "channel:write"}
|
||||
|
||||
ClusterOverviewReadPermission = []string{"clusterOverview:read"}
|
||||
ClusterOverviewAllPermission = []string{"clusterOverview:read", "clusterOverview:write"}
|
||||
|
@ -147,8 +147,8 @@ func init() {
|
|||
RuleAll: RuleAllPermission,
|
||||
AlertRead: AlertReadPermission,
|
||||
AlertAll: AlertAllPermission,
|
||||
ChannelRead: ChannelReadPermssion,
|
||||
ChannelAll: ChannnelAllPermission,
|
||||
ChannelRead: ChannelReadPermission,
|
||||
ChannelAll: ChannelAllPermission,
|
||||
|
||||
ClusterOverviewRead: ClusterOverviewReadPermission,
|
||||
ClusterOverviewAll: ClusterOverviewAllPermission,
|
||||
|
|
|
@ -1,11 +1,14 @@
|
|||
package biz
|
||||
|
||||
import "infini.sh/console/internal/core"
|
||||
import (
|
||||
"infini.sh/console/internal/core"
|
||||
"infini.sh/console/model/rbac"
|
||||
)
|
||||
|
||||
var ClusterApis = make(map[string][]string)
|
||||
var IndexApis = make([]string, 50)
|
||||
|
||||
var RoleMap = make(map[string]Role)
|
||||
var RoleMap = make(map[string]rbac.Role)
|
||||
|
||||
type Token struct {
|
||||
JwtStr string `json:"jwt_str"`
|
||||
|
@ -17,19 +20,7 @@ var TokenMap = make(map[string]Token)
|
|||
|
||||
var EsApiRoutes = core.NewRouter()
|
||||
|
||||
type Role struct {
|
||||
Name string `json:"name"`
|
||||
Platform []string `json:"platform,omitempty"`
|
||||
Cluster []struct {
|
||||
Id string `json:"id"`
|
||||
Name string `json:"name"`
|
||||
} `json:"cluster,omitempty"`
|
||||
ClusterPrivilege []string `json:"cluster_privilege,omitempty"`
|
||||
Index []struct {
|
||||
Name []string `json:"name"`
|
||||
Privilege []string `json:"privilege"`
|
||||
} `json:"index,omitempty"`
|
||||
}
|
||||
|
||||
type RolePermission struct {
|
||||
Platform []string `json:"platform,omitempty"`
|
||||
Cluster []string `json:"cluster"`
|
||||
|
@ -37,30 +28,17 @@ type RolePermission struct {
|
|||
|
||||
IndexPrivilege map[string][]string `json:"index_privilege"`
|
||||
}
|
||||
type ConsolePermisson struct {
|
||||
Platform []Platform `json:"platform"`
|
||||
}
|
||||
type Platform struct {
|
||||
Id string `json:"id"`
|
||||
|
||||
Privilege map[string]string `json:"privilege,omitempty"`
|
||||
Children []Platform `json:"children,omitempty"`
|
||||
}
|
||||
|
||||
func (role ConsoleRole) ListPermission() interface{} {
|
||||
|
||||
p := ConsolePermisson{}
|
||||
return p
|
||||
}
|
||||
func (role ElasticsearchRole) ListPermission() interface{} {
|
||||
list := ElasticsearchPermisson{
|
||||
func ListElasticsearchPermission() interface{} {
|
||||
list := ElasticsearchPermission{
|
||||
ClusterPrivileges: ClusterApis,
|
||||
IndexPrivileges: IndexApis,
|
||||
}
|
||||
return list
|
||||
}
|
||||
|
||||
type ElasticsearchPermisson struct {
|
||||
type ElasticsearchPermission struct {
|
||||
IndexPrivileges []string `json:"index_privileges"`
|
||||
ClusterPrivileges map[string][]string `json:"cluster_privileges"`
|
||||
}
|
||||
|
|
|
@ -16,68 +16,25 @@ import (
|
|||
type RoleType = string
|
||||
|
||||
const (
|
||||
Console RoleType = "console"
|
||||
Platform RoleType = "platform"
|
||||
Elastisearch RoleType = "elasticsearch"
|
||||
)
|
||||
|
||||
type IRole interface {
|
||||
ListPermission() interface{}
|
||||
Create(localUser *User) (id string, err error)
|
||||
Update(localUser *User, model rbac.Role) (err error)
|
||||
}
|
||||
type ConsoleRole struct {
|
||||
Name string `json:"name"`
|
||||
Description string `json:"description"`
|
||||
RoleType string `json:"type" `
|
||||
Platform []string `json:"platform,omitempty"`
|
||||
}
|
||||
|
||||
type ElasticsearchRole struct {
|
||||
Name string `json:"name"`
|
||||
Description string `json:"description" `
|
||||
RoleType string `json:"type" `
|
||||
Cluster []struct {
|
||||
Id string `json:"id"`
|
||||
Name string `json:"name"`
|
||||
} `json:"cluster,omitempty"`
|
||||
ClusterPrivilege []string `json:"cluster_privilege,omitempty"`
|
||||
Index []struct {
|
||||
Name []string `json:"name"`
|
||||
Privilege []string `json:"privilege"`
|
||||
} `json:"index,omitempty"`
|
||||
}
|
||||
|
||||
func NewRole(typ string) (r IRole, err error) {
|
||||
switch typ {
|
||||
case Console:
|
||||
r = &ConsoleRole{
|
||||
RoleType: typ,
|
||||
}
|
||||
|
||||
case Elastisearch:
|
||||
r = &ElasticsearchRole{
|
||||
RoleType: typ,
|
||||
}
|
||||
default:
|
||||
err = fmt.Errorf("role type %s not support", typ)
|
||||
func UpdateRole(localUser *User, role *rbac.Role) (err error) {
|
||||
model, err := GetRole(role.ID)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return
|
||||
}
|
||||
func (role ConsoleRole) Update(localUser *User, model rbac.Role) (err error) {
|
||||
|
||||
role.Type = model.Type
|
||||
role.Created = model.Created
|
||||
changeLog, _ := util.DiffTwoObject(model, role)
|
||||
model.Description = role.Description
|
||||
model.Platform = role.Platform
|
||||
model.Updated = time.Now()
|
||||
err = orm.Save(model)
|
||||
role.Updated = time.Now()
|
||||
err = orm.Save(role)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
RoleMap[model.Name] = Role{
|
||||
Name: model.Name,
|
||||
Platform: model.Platform,
|
||||
}
|
||||
RoleMap[model.Name] = model
|
||||
|
||||
err = orm.Save(GenerateEvent(event.ActivityMetadata{
|
||||
Category: "platform",
|
||||
|
@ -87,7 +44,7 @@ func (role ConsoleRole) Update(localUser *User, model rbac.Role) (err error) {
|
|||
Labels: util.MapStr{
|
||||
"id": model.ID,
|
||||
"description": model.Description,
|
||||
"platform": model.Platform,
|
||||
"privilege": role.Privilege,
|
||||
"updated": model.Updated,
|
||||
},
|
||||
User: util.MapStr{
|
||||
|
@ -98,44 +55,8 @@ func (role ConsoleRole) Update(localUser *User, model rbac.Role) (err error) {
|
|||
|
||||
return
|
||||
}
|
||||
func (role ElasticsearchRole) Update(localUser *User, model rbac.Role) (err error) {
|
||||
|
||||
changeLog, _ := util.DiffTwoObject(model, role)
|
||||
model.Description = role.Description
|
||||
model.Cluster = role.Cluster
|
||||
model.Index = role.Index
|
||||
model.ClusterPrivilege = role.ClusterPrivilege
|
||||
model.Updated = time.Now()
|
||||
err = orm.Save(model)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
RoleMap[model.Name] = Role{
|
||||
Name: model.Name,
|
||||
Cluster: model.Cluster,
|
||||
ClusterPrivilege: model.ClusterPrivilege,
|
||||
Index: model.Index,
|
||||
}
|
||||
err = orm.Save(GenerateEvent(event.ActivityMetadata{
|
||||
Category: "platform",
|
||||
Group: "rbac",
|
||||
Name: "role",
|
||||
Type: "update",
|
||||
Labels: util.MapStr{
|
||||
"id": model.ID,
|
||||
"description": model.Description,
|
||||
"platform": model.Platform,
|
||||
"updated": model.Updated,
|
||||
},
|
||||
User: util.MapStr{
|
||||
"userid": localUser.UserId,
|
||||
"username": localUser.Username,
|
||||
},
|
||||
}, nil, changeLog))
|
||||
|
||||
return
|
||||
}
|
||||
func (role ConsoleRole) Create(localUser *User) (id string, err error) {
|
||||
func CreateRole(localUser *User, role *rbac.Role) (id string, err error) {
|
||||
if role.Name == "" {
|
||||
err = errors.New("role name is require")
|
||||
return
|
||||
|
@ -156,24 +77,15 @@ func (role ConsoleRole) Create(localUser *User) (id string, err error) {
|
|||
return
|
||||
}
|
||||
|
||||
newRole := rbac.Role{
|
||||
Name: role.Name,
|
||||
Description: role.Description,
|
||||
RoleType: role.RoleType,
|
||||
Platform: role.Platform,
|
||||
}
|
||||
newRole.ID = util.GetUUID()
|
||||
newRole.Created = time.Now()
|
||||
newRole.Updated = time.Now()
|
||||
err = orm.Save(&newRole)
|
||||
role.ID = util.GetUUID()
|
||||
role.Created = time.Now()
|
||||
role.Updated = time.Now()
|
||||
err = orm.Save(role)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
id = newRole.ID
|
||||
RoleMap[role.Name] = Role{
|
||||
Name: newRole.Name,
|
||||
Platform: newRole.Platform,
|
||||
}
|
||||
id = role.ID
|
||||
RoleMap[role.Name] = *role
|
||||
err = orm.Save(GenerateEvent(event.ActivityMetadata{
|
||||
Category: "platform",
|
||||
Group: "rbac",
|
||||
|
@ -183,10 +95,8 @@ func (role ConsoleRole) Create(localUser *User) (id string, err error) {
|
|||
"id": id,
|
||||
"name": role.Name,
|
||||
"description": role.Description,
|
||||
"platform": role.Platform,
|
||||
"type": role.RoleType,
|
||||
"created": newRole.Created.Format("2006-01-02 15:04:05"),
|
||||
"updated": newRole.Updated.Format("2006-01-02 15:04:05"),
|
||||
"privilege": role.Privilege,
|
||||
"type": role.Type,
|
||||
},
|
||||
User: util.MapStr{
|
||||
"userid": localUser.UserId,
|
||||
|
@ -200,76 +110,6 @@ func (role ConsoleRole) Create(localUser *User) (id string, err error) {
|
|||
return
|
||||
|
||||
}
|
||||
func (role ElasticsearchRole) Create(localUser *User) (id string, err error) {
|
||||
if role.Name == "" {
|
||||
err = errors.New("role name is require")
|
||||
return
|
||||
}
|
||||
if _, ok := enum.BuildRoles[role.Name]; ok {
|
||||
err = fmt.Errorf("role name %s already exists", role.Name)
|
||||
return
|
||||
}
|
||||
q := orm.Query{Size: 1}
|
||||
q.Conds = orm.And(orm.Eq("name", role.Name))
|
||||
|
||||
err, result := orm.Search(rbac.Role{}, &q)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
if result.Total > 0 {
|
||||
err = fmt.Errorf("role name %s already exists", role.Name)
|
||||
return
|
||||
}
|
||||
|
||||
newRole := rbac.Role{
|
||||
Name: role.Name,
|
||||
Description: role.Description,
|
||||
RoleType: role.RoleType,
|
||||
}
|
||||
newRole.Cluster = role.Cluster
|
||||
newRole.Index = role.Index
|
||||
newRole.ClusterPrivilege = role.ClusterPrivilege
|
||||
newRole.ID = util.GetUUID()
|
||||
newRole.Created = time.Now()
|
||||
newRole.Updated = time.Now()
|
||||
err = orm.Save(&newRole)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
id = newRole.ID
|
||||
RoleMap[newRole.Name] = Role{
|
||||
Name: newRole.Name,
|
||||
Cluster: newRole.Cluster,
|
||||
ClusterPrivilege: newRole.ClusterPrivilege,
|
||||
Index: newRole.Index,
|
||||
}
|
||||
err = orm.Save(GenerateEvent(event.ActivityMetadata{
|
||||
Category: "platform",
|
||||
Group: "rbac",
|
||||
Name: "role",
|
||||
Type: "create",
|
||||
Labels: util.MapStr{
|
||||
"id": id,
|
||||
"name": newRole.Name,
|
||||
"description": newRole.Description,
|
||||
"cluster": newRole.Cluster,
|
||||
"index": newRole.Index,
|
||||
"cluster_privilege": newRole.ClusterPrivilege,
|
||||
"type": newRole.RoleType,
|
||||
"created": newRole.Created.Format("2006-01-02 15:04:05"),
|
||||
"updated": newRole.Updated.Format("2006-01-02 15:04:05"),
|
||||
},
|
||||
User: util.MapStr{
|
||||
"userid": localUser.UserId,
|
||||
"username": localUser.Username,
|
||||
},
|
||||
}, nil, nil))
|
||||
|
||||
if err != nil {
|
||||
log.Error(err)
|
||||
}
|
||||
return
|
||||
}
|
||||
func DeleteRole(localUser *User, id string) (err error) {
|
||||
role := rbac.Role{}
|
||||
role.ID = id
|
||||
|
@ -302,11 +142,7 @@ func DeleteRole(localUser *User, id string) (err error) {
|
|||
"id": id,
|
||||
"name": role.Name,
|
||||
"description": role.Description,
|
||||
"platform": role.Platform,
|
||||
"cluster": role.Cluster,
|
||||
"index": role.Index,
|
||||
"cluster_privilege": role.ClusterPrivilege,
|
||||
"type": role.RoleType,
|
||||
"type": role.Type,
|
||||
"created": role.Created.Format("2006-01-02 15:04:05"),
|
||||
"updated": role.Updated.Format("2006-01-02 15:04:05"),
|
||||
}, nil))
|
||||
|
@ -342,7 +178,7 @@ func SearchRole(keyword string, from, size int) (roles orm.Result, err error) {
|
|||
return
|
||||
}
|
||||
func IsAllowRoleType(roleType string) (err error) {
|
||||
if roleType != Console && roleType != Elastisearch {
|
||||
if roleType != Platform && roleType != Elastisearch {
|
||||
err = fmt.Errorf("invalid role type %s ", roleType)
|
||||
return
|
||||
}
|
||||
|
|
|
@ -43,11 +43,11 @@ func DeleteUser(localUser *User, id string) (err error) {
|
|||
},
|
||||
}, util.MapStr{
|
||||
"id": id,
|
||||
"username": user.Username,
|
||||
"name": user.Name,
|
||||
"email": user.Email,
|
||||
"phone": user.Phone,
|
||||
"password": user.Password,
|
||||
"name": user.Name,
|
||||
"nickname": user.NickName,
|
||||
"tags": user.Tags,
|
||||
"roles": user.Roles,
|
||||
"created": user.Created,
|
||||
|
@ -57,7 +57,7 @@ func DeleteUser(localUser *User, id string) (err error) {
|
|||
}
|
||||
func CreateUser(localUser *User, req dto.CreateUser) (id string, password string, err error) {
|
||||
q := orm.Query{Size: 1000}
|
||||
q.Conds = orm.And(orm.Eq("username", req.Username))
|
||||
q.Conds = orm.And(orm.Eq("name", req.Name))
|
||||
|
||||
err, result := orm.Search(rbac.User{}, &q)
|
||||
if err != nil {
|
||||
|
@ -71,7 +71,7 @@ func CreateUser(localUser *User, req dto.CreateUser) (id string, password string
|
|||
roles := make([]rbac.UserRole, 0)
|
||||
for _, v := range req.Roles {
|
||||
roles = append(roles, rbac.UserRole{
|
||||
Id: v.Id,
|
||||
ID: v.Id,
|
||||
Name: v.Name,
|
||||
})
|
||||
}
|
||||
|
@ -82,7 +82,7 @@ func CreateUser(localUser *User, req dto.CreateUser) (id string, password string
|
|||
}
|
||||
user := rbac.User{
|
||||
Name: req.Name,
|
||||
Username: req.Username,
|
||||
NickName: req.NickName,
|
||||
Password: string(hash),
|
||||
Email: req.Email,
|
||||
Phone: req.Phone,
|
||||
|
@ -106,11 +106,11 @@ func CreateUser(localUser *User, req dto.CreateUser) (id string, password string
|
|||
Type: "create",
|
||||
Labels: util.MapStr{
|
||||
"id": id,
|
||||
"username": user.Username,
|
||||
"name": user.Name,
|
||||
"email": user.Email,
|
||||
"phone": user.Phone,
|
||||
"password": user.Password,
|
||||
"name": user.Name,
|
||||
"nick_name": user.NickName,
|
||||
"tags": user.Tags,
|
||||
"roles": user.Roles,
|
||||
"created": user.Created,
|
||||
|
@ -133,7 +133,7 @@ func UpdateUser(localUser *User, id string, req dto.UpdateUser) (err error) {
|
|||
roles := make([]rbac.UserRole, 0)
|
||||
for _, v := range req.Roles {
|
||||
roles = append(roles, rbac.UserRole{
|
||||
Id: v.Id,
|
||||
ID: v.Id,
|
||||
Name: v.Name,
|
||||
})
|
||||
}
|
||||
|
@ -183,7 +183,7 @@ func UpdateUserRole(localUser *User, id string, req dto.UpdateUserRole) (err err
|
|||
roles := make([]rbac.UserRole, 0)
|
||||
for _, v := range req.Roles {
|
||||
roles = append(roles, rbac.UserRole{
|
||||
Id: v.Id,
|
||||
ID: v.Id,
|
||||
Name: v.Name,
|
||||
})
|
||||
}
|
||||
|
@ -257,7 +257,9 @@ func UpdateUserPassword(localUser *User, id string, password string) (err error)
|
|||
if err != nil {
|
||||
return
|
||||
}
|
||||
delete(TokenMap, localUser.UserId)
|
||||
if localUser.UserId == id {
|
||||
delete(TokenMap, localUser.UserId)
|
||||
}
|
||||
err = orm.Save(GenerateEvent(event.ActivityMetadata{
|
||||
Category: "platform",
|
||||
Group: "rbac",
|
||||
|
|
|
@ -114,22 +114,22 @@ func CombineUserRoles(roleNames []string) RolePermission {
|
|||
m := make(map[string][]string)
|
||||
for _, val := range roleNames {
|
||||
role := RoleMap[val]
|
||||
for _, v := range role.Cluster {
|
||||
newRole.Cluster = append(newRole.Cluster, v.Id)
|
||||
for _, v := range role.Privilege.Elasticsearch.Cluster.Resources {
|
||||
newRole.Cluster = append(newRole.Cluster, v.ID)
|
||||
}
|
||||
for _, v := range role.ClusterPrivilege {
|
||||
for _, v := range role.Privilege.Elasticsearch.Cluster.Permissions {
|
||||
newRole.ClusterPrivilege = append(newRole.ClusterPrivilege, v)
|
||||
}
|
||||
for _, v := range role.Platform {
|
||||
for _, v := range role.Privilege.Platform {
|
||||
newRole.Platform = append(newRole.Platform, v)
|
||||
}
|
||||
for _, v := range role.Index {
|
||||
for _, v := range role.Privilege.Elasticsearch.Index {
|
||||
|
||||
for _, name := range v.Name {
|
||||
if _, ok := m[name]; ok {
|
||||
m[name] = append(m[name], v.Privilege...)
|
||||
m[name] = append(m[name], v.Permissions...)
|
||||
} else {
|
||||
m[name] = v.Privilege
|
||||
m[name] = v.Permissions
|
||||
}
|
||||
|
||||
}
|
||||
|
@ -225,7 +225,7 @@ func ValidatePermission(claims *UserClaims, permissions []string) (err error) {
|
|||
userPermissions := make([]string, 0)
|
||||
for _, role := range user.Roles {
|
||||
if _, ok := RoleMap[role]; ok {
|
||||
for _, v := range RoleMap[role].Platform {
|
||||
for _, v := range RoleMap[role].Privilege.Platform {
|
||||
userPermissions = append(userPermissions, v)
|
||||
|
||||
//all include read
|
||||
|
|
|
@ -16,7 +16,7 @@ type ElasticsearchPermission struct {
|
|||
IndexPrivilege []string `json:"index_privilege" `
|
||||
}
|
||||
type CreateUser struct {
|
||||
Username string `json:"username"`
|
||||
NickName string `json:"nick_name"`
|
||||
|
||||
Name string `json:"name"`
|
||||
Email string `json:"email"`
|
||||
|
|
|
@ -1,51 +1,40 @@
|
|||
package rbac
|
||||
|
||||
import (
|
||||
"infini.sh/framework/core/orm"
|
||||
"time"
|
||||
)
|
||||
|
||||
type Role struct {
|
||||
orm.ORMObjectBase
|
||||
Name string `json:"name" elastic_mapping:"name:{type:keyword}"`
|
||||
Description string `json:"description" elastic_mapping:"description:{type:text}"`
|
||||
RoleType string `json:"type" elastic_mapping:"type:{type:keyword}"`
|
||||
Platform []string `json:"platform,omitempty" `
|
||||
BuiltIn bool `json:"builtin" elastic_mapping:"builtin:{type:boolean}"` //是否内置
|
||||
|
||||
Cluster []struct {
|
||||
Id string `json:"id"`
|
||||
Name string `json:"name"`
|
||||
} `json:"cluster,omitempty"`
|
||||
ClusterPrivilege []string `json:"cluster_privilege,omitempty"`
|
||||
Index []struct {
|
||||
Name []string `json:"name"`
|
||||
Privilege []string `json:"privilege"`
|
||||
} `json:"index,omitempty"`
|
||||
}
|
||||
type ConsolePermission struct {
|
||||
Api []string `json:"api"`
|
||||
Menu []Menu `json:"menu"`
|
||||
ID string `json:"id,omitempty" elastic_meta:"_id" elastic_mapping:"id: { type: keyword }"`
|
||||
Created time.Time `json:"created,omitempty" elastic_mapping:"created: { type: date }"`
|
||||
Updated time.Time `json:"updated,omitempty" elastic_mapping:"updated: { type: date }"`
|
||||
Name string `json:"name" elastic_mapping:"name: { type: keyword }"`
|
||||
Type string `json:"type" elastic_mapping:"type: { type: keyword }"`
|
||||
Description string `json:"description" elastic_mapping:"description: { type: text }"`
|
||||
Builtin bool `json:"builtin" elastic_mapping:"builtin: { type: boolean }"`
|
||||
Privilege RolePrivilege `json:"privilege" elastic_mapping:"privilege: { type: object }"`
|
||||
}
|
||||
|
||||
type Menu struct {
|
||||
Id string `json:"id"`
|
||||
Name string `json:"name"`
|
||||
Privilege string `json:"privilege"`
|
||||
type RolePrivilege struct {
|
||||
Platform []string `json:"platform,omitempty" elastic_mapping:"platform: { type: keyword }"`
|
||||
Elasticsearch ElasticsearchPrivilege `json:"elasticsearch,omitempty" elastic_mapping:"elasticsearch: { type: object }"`
|
||||
}
|
||||
|
||||
type ElasticRole struct {
|
||||
orm.ORMObjectBase
|
||||
Name string `json:"name" elastic_mapping:"name:{type:keyword}"`
|
||||
Description string `json:"description" elastic_mapping:"description:{type:text}"`
|
||||
RoleType string `json:"type" elastic_mapping:"type:{type:keyword}"`
|
||||
BuiltIn bool `json:"builtin" elastic_mapping:"builtin:{type:boolean}"` //是否内置
|
||||
Cluster []struct {
|
||||
Id string `json:"id"`
|
||||
Name string `json:"name"`
|
||||
} `json:"cluster,omitempty"`
|
||||
ClusterPrivilege []map[string][]string `json:"cluster_privilege,omitempty"`
|
||||
Index []struct {
|
||||
Name []string `json:"name"`
|
||||
Privilege []string `json:"privilege"`
|
||||
} `json:"index,omitempty"`
|
||||
type ElasticsearchPrivilege struct {
|
||||
Cluster ClusterPrivilege `json:"cluster,omitempty" elastic_mapping:"cluster: { type: object }"`
|
||||
Index []IndexPrivilege `json:"index,omitempty" elastic_mapping:"index: { type: object }"`
|
||||
}
|
||||
|
||||
type InnerCluster struct {
|
||||
ID string `json:"id" elastic_mapping:"id: { type: keyword }"`
|
||||
Name string `json:"name" elastic_mapping:"name: { type: keyword }"`
|
||||
}
|
||||
type ClusterPrivilege struct {
|
||||
Resources []InnerCluster `json:"resources,omitempty" elastic_mapping:"resources: { type: object }"`
|
||||
Permissions []string `json:"permissions,omitempty" elastic_mapping:"permissions: { type: keyword }"`
|
||||
}
|
||||
|
||||
type IndexPrivilege struct {
|
||||
Name []string `json:"name,omitempty" elastic_mapping:"name: { type: keyword }"`
|
||||
Permissions []string `json:"permissions,omitempty" elastic_mapping:"permissions: { type: keyword }"`
|
||||
}
|
|
@ -1,18 +1,23 @@
|
|||
package rbac
|
||||
|
||||
import "infini.sh/framework/core/orm"
|
||||
import (
|
||||
"time"
|
||||
)
|
||||
|
||||
type User struct {
|
||||
orm.ORMObjectBase
|
||||
Username string `json:"username" elastic_mapping:"username:{type:keyword}"`
|
||||
Password string `json:"password" elastic_mapping:"password:{type:text}"`
|
||||
Name string `json:"name" elastic_mapping:"name:{type:keyword}"`
|
||||
Phone string `json:"phone" elastic_mapping:"phone:{type:keyword}"`
|
||||
Email string `json:"email" elastic_mapping:"email:{type:keyword}"`
|
||||
Roles []UserRole `json:"roles"`
|
||||
Tags []string `json:"tags,omitempty" elastic_mapping:"tags:{type:text}"`
|
||||
ID string `json:"id,omitempty" elastic_meta:"_id" elastic_mapping:"id: { type: keyword }"`
|
||||
Created time.Time `json:"created,omitempty" elastic_mapping:"created: { type: date }"`
|
||||
Updated time.Time `json:"updated,omitempty" elastic_mapping:"updated: { type: date }"`
|
||||
Name string `json:"name" elastic_mapping:"name: { type: keyword }"`
|
||||
NickName string `json:"nick_name" elastic_mapping:"nick_name: { type: keyword }"`
|
||||
Password string `json:"password" elastic_mapping:"password: { type: keyword }"`
|
||||
Email string `json:"email" elastic_mapping:"email: { type: keyword }"`
|
||||
Phone string `json:"phone" elastic_mapping:"phone: { type: keyword }"`
|
||||
Tags []string `json:"tags" elastic_mapping:"mobile: { type: keyword }"`
|
||||
Roles []UserRole `json:"roles" elastic_mapping:"roles: { type: object }"`
|
||||
}
|
||||
|
||||
type UserRole struct {
|
||||
Id string `json:"id" elastic_mapping:"id:{type:keyword}"`
|
||||
Name string `json:"name" elastic_mapping:"name:{type:keyword}" `
|
||||
}
|
||||
ID string `json:"id" elastic_mapping:"id: { type: keyword }"`
|
||||
Name string `json:"name" elastic_mapping:"name: { type: keyword }"`
|
||||
}
|
|
@ -114,9 +114,9 @@ func (h Account) Profile(w http.ResponseWriter, r *http.Request, ps httprouter.P
|
|||
|
||||
u := util.MapStr{
|
||||
"user_id": "admin",
|
||||
"username": "admin",
|
||||
"name": "admin",
|
||||
"email": "admin@infini.ltd",
|
||||
"name": "admin",
|
||||
"nick_name": "admin",
|
||||
"phone": "13011111111",
|
||||
}
|
||||
h.WriteOKJSON(w, core.FoundResponse(reqUser.UserId, u))
|
||||
|
@ -128,9 +128,9 @@ func (h Account) Profile(w http.ResponseWriter, r *http.Request, ps httprouter.P
|
|||
}
|
||||
u := util.MapStr{
|
||||
"user_id": user.ID,
|
||||
"username": user.Username,
|
||||
"name": user.Name,
|
||||
"email": user.Email,
|
||||
"name": user.Name,
|
||||
"nick_name": user.NickName,
|
||||
"phone": user.Phone,
|
||||
}
|
||||
h.WriteOKJSON(w, core.FoundResponse(reqUser.UserId, u))
|
||||
|
|
|
@ -6,12 +6,13 @@ import (
|
|||
"infini.sh/console/internal/biz"
|
||||
"infini.sh/console/internal/biz/enum"
|
||||
m "infini.sh/console/internal/middleware"
|
||||
"infini.sh/console/model/rbac"
|
||||
"infini.sh/framework/core/api"
|
||||
"infini.sh/framework/core/elastic"
|
||||
"infini.sh/framework/core/util"
|
||||
"os"
|
||||
"path"
|
||||
log "src/github.com/cihub/seelog"
|
||||
log "github.com/cihub/seelog"
|
||||
)
|
||||
|
||||
type Rbac struct {
|
||||
|
@ -70,10 +71,12 @@ func loadJsonConfig() {
|
|||
|
||||
}
|
||||
func loadRolePermission() {
|
||||
biz.RoleMap = make(map[string]biz.Role)
|
||||
biz.RoleMap = make(map[string]rbac.Role)
|
||||
|
||||
biz.RoleMap["admin"] = biz.Role{
|
||||
Platform: enum.AdminPrivilege,
|
||||
biz.RoleMap["admin"] = rbac.Role{
|
||||
Privilege: rbac.RolePrivilege{
|
||||
Platform: enum.AdminPrivilege,
|
||||
},
|
||||
}
|
||||
|
||||
res, err := biz.SearchRole("", 0, 1000)
|
||||
|
@ -85,9 +88,12 @@ func loadRolePermission() {
|
|||
util.FromJSONBytes(res.Raw, &response)
|
||||
|
||||
for _, v := range response.Hits.Hits {
|
||||
var role biz.Role
|
||||
var role rbac.Role
|
||||
delete(v.Source, "created")
|
||||
delete(v.Source, "updated")
|
||||
err = mapstructure.Decode(v.Source, &role)
|
||||
if err != nil {
|
||||
log.Error(err)
|
||||
return
|
||||
}
|
||||
biz.RoleMap[role.Name] = role
|
||||
|
|
|
@ -9,15 +9,16 @@ import (
|
|||
|
||||
func (h Rbac) ListPermission(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
|
||||
typ := ps.MustGetParameter("type")
|
||||
|
||||
role, err := biz.NewRole(typ)
|
||||
|
||||
err := biz.IsAllowRoleType(typ)
|
||||
if err != nil {
|
||||
_ = log.Error(err.Error())
|
||||
h.ErrorInternalServer(w, err.Error())
|
||||
return
|
||||
}
|
||||
permissions := role.ListPermission()
|
||||
var permissions interface{}
|
||||
if typ == biz.Elastisearch {
|
||||
permissions = biz.ListElasticsearchPermission()
|
||||
}
|
||||
h.WriteOKJSON(w, permissions)
|
||||
return
|
||||
}
|
||||
|
|
|
@ -5,6 +5,7 @@ import (
|
|||
"infini.sh/console/internal/biz"
|
||||
"infini.sh/console/internal/biz/enum"
|
||||
"infini.sh/console/internal/core"
|
||||
"infini.sh/console/model/rbac"
|
||||
httprouter "infini.sh/framework/core/api/router"
|
||||
"infini.sh/framework/core/elastic"
|
||||
"infini.sh/framework/core/util"
|
||||
|
@ -20,20 +21,22 @@ func (h Rbac) CreateRole(w http.ResponseWriter, r *http.Request, ps httprouter.P
|
|||
h.ErrorInternalServer(w, err.Error())
|
||||
return
|
||||
}
|
||||
irole, err := biz.NewRole(roleType)
|
||||
err = biz.IsAllowRoleType(roleType)
|
||||
if err != nil {
|
||||
h.ErrorInternalServer(w, err.Error())
|
||||
return
|
||||
}
|
||||
|
||||
err = h.DecodeJSON(r, &irole)
|
||||
role := &rbac.Role{
|
||||
Type: roleType,
|
||||
}
|
||||
err = h.DecodeJSON(r, role)
|
||||
if err != nil {
|
||||
h.Error400(w, err.Error())
|
||||
return
|
||||
}
|
||||
|
||||
var id string
|
||||
id, err = irole.Create(localUser)
|
||||
id, err = biz.CreateRole(localUser, role)
|
||||
|
||||
if err != nil {
|
||||
_ = log.Error(err.Error())
|
||||
|
@ -128,24 +131,14 @@ func (h Rbac) UpdateRole(w http.ResponseWriter, r *http.Request, ps httprouter.P
|
|||
h.ErrorInternalServer(w, err.Error())
|
||||
return
|
||||
}
|
||||
model, err := biz.GetRole(id)
|
||||
if err != nil {
|
||||
h.ErrorInternalServer(w, err.Error())
|
||||
return
|
||||
}
|
||||
irole, err := biz.NewRole(model.RoleType)
|
||||
if err != nil {
|
||||
h.ErrorInternalServer(w, err.Error())
|
||||
return
|
||||
}
|
||||
|
||||
err = h.DecodeJSON(r, &irole)
|
||||
role := &rbac.Role{}
|
||||
err = h.DecodeJSON(r, role)
|
||||
if err != nil {
|
||||
h.Error400(w, err.Error())
|
||||
return
|
||||
}
|
||||
|
||||
err = irole.Update(localUser, model)
|
||||
role.ID = id
|
||||
err = biz.UpdateRole(localUser, role)
|
||||
|
||||
if err != nil {
|
||||
_ = log.Error(err.Error())
|
||||
|
|
|
@ -29,7 +29,7 @@ func (h Rbac) CreateUser(w http.ResponseWriter, r *http.Request, ps httprouter.P
|
|||
h.Error400(w, err.Error())
|
||||
return
|
||||
}
|
||||
if req.Username == "" || req.Phone == "" || req.Email == "" {
|
||||
if req.Name == "" {
|
||||
|
||||
h.Error400(w, "username and phone and email is require")
|
||||
return
|
||||
|
|
Loading…
Reference in New Issue