diff --git a/internal/biz/account.go b/internal/biz/account.go index 47d62fc8..6513179f 100644 --- a/internal/biz/account.go +++ b/internal/biz/account.go @@ -11,7 +11,6 @@ import ( "infini.sh/framework/core/global" "infini.sh/framework/core/orm" "infini.sh/framework/core/util" - "time" ) @@ -41,7 +40,7 @@ const Secret = "console" func authenticateUser(username string, password string) (user Account, err error) { - err, result := orm.GetBy("username", username, rbac.User{}) + err, result := orm.GetBy("name", username, rbac.User{}) if err != nil { err = ErrNotFound return @@ -75,7 +74,7 @@ func authenticateAdmin(username string, password string) (user Account, err erro user.ID = username user.Username = username user.Roles = []rbac.UserRole{{ - Id: "admin", Name: "admin", + ID: "admin", Name: "admin", }} return user, nil } @@ -85,7 +84,7 @@ func authorize(user Account) (m map[string]interface{}, err error) { for _, v := range user.Roles { role := RoleMap[v.Name] roles = append(roles, v.Name) - privilege = append(privilege, role.Platform...) + privilege = append(privilege, role.Privilege.Platform...) } token := jwt.NewWithClaims(jwt.SigningMethodHS256, UserClaims{ User: &User{ @@ -143,8 +142,8 @@ func Login(username string, password string) (m map[string]interface{}, err erro "password": password, }, User: util.MapStr{ - "userid": user.ID, - "username": user.Username, + "id": user.ID, + "name": user.Username, }, }, nil, nil)) return @@ -181,8 +180,8 @@ func UpdatePassword(localUser *User, req dto.UpdatePassword) (err error) { "new_password": req.NewPassword, }, User: util.MapStr{ - "userid": user.ID, - "username": user.Username, + "id": user.ID, + "name": user.Name, }, }, nil, nil)) return @@ -212,8 +211,8 @@ func UpdateProfile(localUser *User, req dto.UpdateProfile) (err error) { "phone": req.Phone, }, User: util.MapStr{ - "userid": user.ID, - "username": user.Username, + "id": user.ID, + "name": user.Name, }, }, nil, nil)) return diff --git a/internal/biz/enum/const.go b/internal/biz/enum/const.go index 249bfc4e..3992f463 100644 --- a/internal/biz/enum/const.go +++ b/internal/biz/enum/const.go @@ -27,8 +27,8 @@ const ( IndexAll = "data.index:all" IndexRead = "data.index:read" - ViewsAll = "data.views:all" - ViewsRead = "data.views:read" + ViewsAll = "data.view:all" + ViewsRead = "data.view:read" DiscoverAll = "data.discover:all" DiscoverRead = "data.discover:read" @@ -83,8 +83,8 @@ var ( RuleAllPermission = []string{"rule:read", "rule:write"} AlertReadPermission = []string{"alert:read"} AlertAllPermission = []string{"alert:read", "alert:write"} - ChannelReadPermssion = []string{"channel:read"} - ChannnelAllPermission = []string{"channel:read", "channel:write"} + ChannelReadPermission = []string{"channel:read"} + ChannelAllPermission = []string{"channel:read", "channel:write"} ClusterOverviewReadPermission = []string{"clusterOverview:read"} ClusterOverviewAllPermission = []string{"clusterOverview:read", "clusterOverview:write"} @@ -147,8 +147,8 @@ func init() { RuleAll: RuleAllPermission, AlertRead: AlertReadPermission, AlertAll: AlertAllPermission, - ChannelRead: ChannelReadPermssion, - ChannelAll: ChannnelAllPermission, + ChannelRead: ChannelReadPermission, + ChannelAll: ChannelAllPermission, ClusterOverviewRead: ClusterOverviewReadPermission, ClusterOverviewAll: ClusterOverviewAllPermission, diff --git a/internal/biz/permission.go b/internal/biz/permission.go index b4199c64..5a5234a0 100644 --- a/internal/biz/permission.go +++ b/internal/biz/permission.go @@ -1,11 +1,14 @@ package biz -import "infini.sh/console/internal/core" +import ( + "infini.sh/console/internal/core" + "infini.sh/console/model/rbac" +) var ClusterApis = make(map[string][]string) var IndexApis = make([]string, 50) -var RoleMap = make(map[string]Role) +var RoleMap = make(map[string]rbac.Role) type Token struct { JwtStr string `json:"jwt_str"` @@ -17,19 +20,7 @@ var TokenMap = make(map[string]Token) var EsApiRoutes = core.NewRouter() -type Role struct { - Name string `json:"name"` - Platform []string `json:"platform,omitempty"` - Cluster []struct { - Id string `json:"id"` - Name string `json:"name"` - } `json:"cluster,omitempty"` - ClusterPrivilege []string `json:"cluster_privilege,omitempty"` - Index []struct { - Name []string `json:"name"` - Privilege []string `json:"privilege"` - } `json:"index,omitempty"` -} + type RolePermission struct { Platform []string `json:"platform,omitempty"` Cluster []string `json:"cluster"` @@ -37,30 +28,17 @@ type RolePermission struct { IndexPrivilege map[string][]string `json:"index_privilege"` } -type ConsolePermisson struct { - Platform []Platform `json:"platform"` -} -type Platform struct { - Id string `json:"id"` - Privilege map[string]string `json:"privilege,omitempty"` - Children []Platform `json:"children,omitempty"` -} -func (role ConsoleRole) ListPermission() interface{} { - - p := ConsolePermisson{} - return p -} -func (role ElasticsearchRole) ListPermission() interface{} { - list := ElasticsearchPermisson{ +func ListElasticsearchPermission() interface{} { + list := ElasticsearchPermission{ ClusterPrivileges: ClusterApis, IndexPrivileges: IndexApis, } return list } -type ElasticsearchPermisson struct { +type ElasticsearchPermission struct { IndexPrivileges []string `json:"index_privileges"` ClusterPrivileges map[string][]string `json:"cluster_privileges"` } diff --git a/internal/biz/role.go b/internal/biz/role.go index dc17d724..b5d0de28 100644 --- a/internal/biz/role.go +++ b/internal/biz/role.go @@ -16,68 +16,25 @@ import ( type RoleType = string const ( - Console RoleType = "console" + Platform RoleType = "platform" Elastisearch RoleType = "elasticsearch" ) -type IRole interface { - ListPermission() interface{} - Create(localUser *User) (id string, err error) - Update(localUser *User, model rbac.Role) (err error) -} -type ConsoleRole struct { - Name string `json:"name"` - Description string `json:"description"` - RoleType string `json:"type" ` - Platform []string `json:"platform,omitempty"` -} - -type ElasticsearchRole struct { - Name string `json:"name"` - Description string `json:"description" ` - RoleType string `json:"type" ` - Cluster []struct { - Id string `json:"id"` - Name string `json:"name"` - } `json:"cluster,omitempty"` - ClusterPrivilege []string `json:"cluster_privilege,omitempty"` - Index []struct { - Name []string `json:"name"` - Privilege []string `json:"privilege"` - } `json:"index,omitempty"` -} - -func NewRole(typ string) (r IRole, err error) { - switch typ { - case Console: - r = &ConsoleRole{ - RoleType: typ, - } - - case Elastisearch: - r = &ElasticsearchRole{ - RoleType: typ, - } - default: - err = fmt.Errorf("role type %s not support", typ) +func UpdateRole(localUser *User, role *rbac.Role) (err error) { + model, err := GetRole(role.ID) + if err != nil { + return err } - return -} -func (role ConsoleRole) Update(localUser *User, model rbac.Role) (err error) { - + role.Type = model.Type + role.Created = model.Created changeLog, _ := util.DiffTwoObject(model, role) - model.Description = role.Description - model.Platform = role.Platform - model.Updated = time.Now() - err = orm.Save(model) + role.Updated = time.Now() + err = orm.Save(role) if err != nil { return } - RoleMap[model.Name] = Role{ - Name: model.Name, - Platform: model.Platform, - } + RoleMap[model.Name] = model err = orm.Save(GenerateEvent(event.ActivityMetadata{ Category: "platform", @@ -87,7 +44,7 @@ func (role ConsoleRole) Update(localUser *User, model rbac.Role) (err error) { Labels: util.MapStr{ "id": model.ID, "description": model.Description, - "platform": model.Platform, + "privilege": role.Privilege, "updated": model.Updated, }, User: util.MapStr{ @@ -98,44 +55,8 @@ func (role ConsoleRole) Update(localUser *User, model rbac.Role) (err error) { return } -func (role ElasticsearchRole) Update(localUser *User, model rbac.Role) (err error) { - changeLog, _ := util.DiffTwoObject(model, role) - model.Description = role.Description - model.Cluster = role.Cluster - model.Index = role.Index - model.ClusterPrivilege = role.ClusterPrivilege - model.Updated = time.Now() - err = orm.Save(model) - if err != nil { - return - } - RoleMap[model.Name] = Role{ - Name: model.Name, - Cluster: model.Cluster, - ClusterPrivilege: model.ClusterPrivilege, - Index: model.Index, - } - err = orm.Save(GenerateEvent(event.ActivityMetadata{ - Category: "platform", - Group: "rbac", - Name: "role", - Type: "update", - Labels: util.MapStr{ - "id": model.ID, - "description": model.Description, - "platform": model.Platform, - "updated": model.Updated, - }, - User: util.MapStr{ - "userid": localUser.UserId, - "username": localUser.Username, - }, - }, nil, changeLog)) - - return -} -func (role ConsoleRole) Create(localUser *User) (id string, err error) { +func CreateRole(localUser *User, role *rbac.Role) (id string, err error) { if role.Name == "" { err = errors.New("role name is require") return @@ -156,24 +77,15 @@ func (role ConsoleRole) Create(localUser *User) (id string, err error) { return } - newRole := rbac.Role{ - Name: role.Name, - Description: role.Description, - RoleType: role.RoleType, - Platform: role.Platform, - } - newRole.ID = util.GetUUID() - newRole.Created = time.Now() - newRole.Updated = time.Now() - err = orm.Save(&newRole) + role.ID = util.GetUUID() + role.Created = time.Now() + role.Updated = time.Now() + err = orm.Save(role) if err != nil { return } - id = newRole.ID - RoleMap[role.Name] = Role{ - Name: newRole.Name, - Platform: newRole.Platform, - } + id = role.ID + RoleMap[role.Name] = *role err = orm.Save(GenerateEvent(event.ActivityMetadata{ Category: "platform", Group: "rbac", @@ -183,10 +95,8 @@ func (role ConsoleRole) Create(localUser *User) (id string, err error) { "id": id, "name": role.Name, "description": role.Description, - "platform": role.Platform, - "type": role.RoleType, - "created": newRole.Created.Format("2006-01-02 15:04:05"), - "updated": newRole.Updated.Format("2006-01-02 15:04:05"), + "privilege": role.Privilege, + "type": role.Type, }, User: util.MapStr{ "userid": localUser.UserId, @@ -200,76 +110,6 @@ func (role ConsoleRole) Create(localUser *User) (id string, err error) { return } -func (role ElasticsearchRole) Create(localUser *User) (id string, err error) { - if role.Name == "" { - err = errors.New("role name is require") - return - } - if _, ok := enum.BuildRoles[role.Name]; ok { - err = fmt.Errorf("role name %s already exists", role.Name) - return - } - q := orm.Query{Size: 1} - q.Conds = orm.And(orm.Eq("name", role.Name)) - - err, result := orm.Search(rbac.Role{}, &q) - if err != nil { - return - } - if result.Total > 0 { - err = fmt.Errorf("role name %s already exists", role.Name) - return - } - - newRole := rbac.Role{ - Name: role.Name, - Description: role.Description, - RoleType: role.RoleType, - } - newRole.Cluster = role.Cluster - newRole.Index = role.Index - newRole.ClusterPrivilege = role.ClusterPrivilege - newRole.ID = util.GetUUID() - newRole.Created = time.Now() - newRole.Updated = time.Now() - err = orm.Save(&newRole) - if err != nil { - return - } - id = newRole.ID - RoleMap[newRole.Name] = Role{ - Name: newRole.Name, - Cluster: newRole.Cluster, - ClusterPrivilege: newRole.ClusterPrivilege, - Index: newRole.Index, - } - err = orm.Save(GenerateEvent(event.ActivityMetadata{ - Category: "platform", - Group: "rbac", - Name: "role", - Type: "create", - Labels: util.MapStr{ - "id": id, - "name": newRole.Name, - "description": newRole.Description, - "cluster": newRole.Cluster, - "index": newRole.Index, - "cluster_privilege": newRole.ClusterPrivilege, - "type": newRole.RoleType, - "created": newRole.Created.Format("2006-01-02 15:04:05"), - "updated": newRole.Updated.Format("2006-01-02 15:04:05"), - }, - User: util.MapStr{ - "userid": localUser.UserId, - "username": localUser.Username, - }, - }, nil, nil)) - - if err != nil { - log.Error(err) - } - return -} func DeleteRole(localUser *User, id string) (err error) { role := rbac.Role{} role.ID = id @@ -302,11 +142,7 @@ func DeleteRole(localUser *User, id string) (err error) { "id": id, "name": role.Name, "description": role.Description, - "platform": role.Platform, - "cluster": role.Cluster, - "index": role.Index, - "cluster_privilege": role.ClusterPrivilege, - "type": role.RoleType, + "type": role.Type, "created": role.Created.Format("2006-01-02 15:04:05"), "updated": role.Updated.Format("2006-01-02 15:04:05"), }, nil)) @@ -342,7 +178,7 @@ func SearchRole(keyword string, from, size int) (roles orm.Result, err error) { return } func IsAllowRoleType(roleType string) (err error) { - if roleType != Console && roleType != Elastisearch { + if roleType != Platform && roleType != Elastisearch { err = fmt.Errorf("invalid role type %s ", roleType) return } diff --git a/internal/biz/user.go b/internal/biz/user.go index 5777ad56..34a0e20c 100644 --- a/internal/biz/user.go +++ b/internal/biz/user.go @@ -43,11 +43,11 @@ func DeleteUser(localUser *User, id string) (err error) { }, }, util.MapStr{ "id": id, - "username": user.Username, + "name": user.Name, "email": user.Email, "phone": user.Phone, "password": user.Password, - "name": user.Name, + "nickname": user.NickName, "tags": user.Tags, "roles": user.Roles, "created": user.Created, @@ -57,7 +57,7 @@ func DeleteUser(localUser *User, id string) (err error) { } func CreateUser(localUser *User, req dto.CreateUser) (id string, password string, err error) { q := orm.Query{Size: 1000} - q.Conds = orm.And(orm.Eq("username", req.Username)) + q.Conds = orm.And(orm.Eq("name", req.Name)) err, result := orm.Search(rbac.User{}, &q) if err != nil { @@ -71,7 +71,7 @@ func CreateUser(localUser *User, req dto.CreateUser) (id string, password string roles := make([]rbac.UserRole, 0) for _, v := range req.Roles { roles = append(roles, rbac.UserRole{ - Id: v.Id, + ID: v.Id, Name: v.Name, }) } @@ -82,7 +82,7 @@ func CreateUser(localUser *User, req dto.CreateUser) (id string, password string } user := rbac.User{ Name: req.Name, - Username: req.Username, + NickName: req.NickName, Password: string(hash), Email: req.Email, Phone: req.Phone, @@ -106,11 +106,11 @@ func CreateUser(localUser *User, req dto.CreateUser) (id string, password string Type: "create", Labels: util.MapStr{ "id": id, - "username": user.Username, + "name": user.Name, "email": user.Email, "phone": user.Phone, "password": user.Password, - "name": user.Name, + "nick_name": user.NickName, "tags": user.Tags, "roles": user.Roles, "created": user.Created, @@ -133,7 +133,7 @@ func UpdateUser(localUser *User, id string, req dto.UpdateUser) (err error) { roles := make([]rbac.UserRole, 0) for _, v := range req.Roles { roles = append(roles, rbac.UserRole{ - Id: v.Id, + ID: v.Id, Name: v.Name, }) } @@ -183,7 +183,7 @@ func UpdateUserRole(localUser *User, id string, req dto.UpdateUserRole) (err err roles := make([]rbac.UserRole, 0) for _, v := range req.Roles { roles = append(roles, rbac.UserRole{ - Id: v.Id, + ID: v.Id, Name: v.Name, }) } @@ -257,7 +257,9 @@ func UpdateUserPassword(localUser *User, id string, password string) (err error) if err != nil { return } - delete(TokenMap, localUser.UserId) + if localUser.UserId == id { + delete(TokenMap, localUser.UserId) + } err = orm.Save(GenerateEvent(event.ActivityMetadata{ Category: "platform", Group: "rbac", diff --git a/internal/biz/validate.go b/internal/biz/validate.go index ebd1bf3b..923738b7 100644 --- a/internal/biz/validate.go +++ b/internal/biz/validate.go @@ -114,22 +114,22 @@ func CombineUserRoles(roleNames []string) RolePermission { m := make(map[string][]string) for _, val := range roleNames { role := RoleMap[val] - for _, v := range role.Cluster { - newRole.Cluster = append(newRole.Cluster, v.Id) + for _, v := range role.Privilege.Elasticsearch.Cluster.Resources { + newRole.Cluster = append(newRole.Cluster, v.ID) } - for _, v := range role.ClusterPrivilege { + for _, v := range role.Privilege.Elasticsearch.Cluster.Permissions { newRole.ClusterPrivilege = append(newRole.ClusterPrivilege, v) } - for _, v := range role.Platform { + for _, v := range role.Privilege.Platform { newRole.Platform = append(newRole.Platform, v) } - for _, v := range role.Index { + for _, v := range role.Privilege.Elasticsearch.Index { for _, name := range v.Name { if _, ok := m[name]; ok { - m[name] = append(m[name], v.Privilege...) + m[name] = append(m[name], v.Permissions...) } else { - m[name] = v.Privilege + m[name] = v.Permissions } } @@ -225,7 +225,7 @@ func ValidatePermission(claims *UserClaims, permissions []string) (err error) { userPermissions := make([]string, 0) for _, role := range user.Roles { if _, ok := RoleMap[role]; ok { - for _, v := range RoleMap[role].Platform { + for _, v := range RoleMap[role].Privilege.Platform { userPermissions = append(userPermissions, v) //all include read diff --git a/internal/dto/role.go b/internal/dto/role.go index e0ca51f0..f56a7c48 100644 --- a/internal/dto/role.go +++ b/internal/dto/role.go @@ -16,7 +16,7 @@ type ElasticsearchPermission struct { IndexPrivilege []string `json:"index_privilege" ` } type CreateUser struct { - Username string `json:"username"` + NickName string `json:"nick_name"` Name string `json:"name"` Email string `json:"email"` diff --git a/model/rbac/role.go b/model/rbac/role.go index ae17b596..6e1e6fb4 100644 --- a/model/rbac/role.go +++ b/model/rbac/role.go @@ -1,51 +1,40 @@ package rbac import ( - "infini.sh/framework/core/orm" + "time" ) type Role struct { - orm.ORMObjectBase - Name string `json:"name" elastic_mapping:"name:{type:keyword}"` - Description string `json:"description" elastic_mapping:"description:{type:text}"` - RoleType string `json:"type" elastic_mapping:"type:{type:keyword}"` - Platform []string `json:"platform,omitempty" ` - BuiltIn bool `json:"builtin" elastic_mapping:"builtin:{type:boolean}"` //是否内置 - - Cluster []struct { - Id string `json:"id"` - Name string `json:"name"` - } `json:"cluster,omitempty"` - ClusterPrivilege []string `json:"cluster_privilege,omitempty"` - Index []struct { - Name []string `json:"name"` - Privilege []string `json:"privilege"` - } `json:"index,omitempty"` -} -type ConsolePermission struct { - Api []string `json:"api"` - Menu []Menu `json:"menu"` + ID string `json:"id,omitempty" elastic_meta:"_id" elastic_mapping:"id: { type: keyword }"` + Created time.Time `json:"created,omitempty" elastic_mapping:"created: { type: date }"` + Updated time.Time `json:"updated,omitempty" elastic_mapping:"updated: { type: date }"` + Name string `json:"name" elastic_mapping:"name: { type: keyword }"` + Type string `json:"type" elastic_mapping:"type: { type: keyword }"` + Description string `json:"description" elastic_mapping:"description: { type: text }"` + Builtin bool `json:"builtin" elastic_mapping:"builtin: { type: boolean }"` + Privilege RolePrivilege `json:"privilege" elastic_mapping:"privilege: { type: object }"` } -type Menu struct { - Id string `json:"id"` - Name string `json:"name"` - Privilege string `json:"privilege"` +type RolePrivilege struct { + Platform []string `json:"platform,omitempty" elastic_mapping:"platform: { type: keyword }"` + Elasticsearch ElasticsearchPrivilege `json:"elasticsearch,omitempty" elastic_mapping:"elasticsearch: { type: object }"` } -type ElasticRole struct { - orm.ORMObjectBase - Name string `json:"name" elastic_mapping:"name:{type:keyword}"` - Description string `json:"description" elastic_mapping:"description:{type:text}"` - RoleType string `json:"type" elastic_mapping:"type:{type:keyword}"` - BuiltIn bool `json:"builtin" elastic_mapping:"builtin:{type:boolean}"` //是否内置 - Cluster []struct { - Id string `json:"id"` - Name string `json:"name"` - } `json:"cluster,omitempty"` - ClusterPrivilege []map[string][]string `json:"cluster_privilege,omitempty"` - Index []struct { - Name []string `json:"name"` - Privilege []string `json:"privilege"` - } `json:"index,omitempty"` +type ElasticsearchPrivilege struct { + Cluster ClusterPrivilege `json:"cluster,omitempty" elastic_mapping:"cluster: { type: object }"` + Index []IndexPrivilege `json:"index,omitempty" elastic_mapping:"index: { type: object }"` } + +type InnerCluster struct { + ID string `json:"id" elastic_mapping:"id: { type: keyword }"` + Name string `json:"name" elastic_mapping:"name: { type: keyword }"` +} +type ClusterPrivilege struct { + Resources []InnerCluster `json:"resources,omitempty" elastic_mapping:"resources: { type: object }"` + Permissions []string `json:"permissions,omitempty" elastic_mapping:"permissions: { type: keyword }"` +} + +type IndexPrivilege struct { + Name []string `json:"name,omitempty" elastic_mapping:"name: { type: keyword }"` + Permissions []string `json:"permissions,omitempty" elastic_mapping:"permissions: { type: keyword }"` +} \ No newline at end of file diff --git a/model/rbac/user.go b/model/rbac/user.go index 1cd131b3..c5f626a4 100644 --- a/model/rbac/user.go +++ b/model/rbac/user.go @@ -1,18 +1,23 @@ package rbac -import "infini.sh/framework/core/orm" +import ( + "time" +) type User struct { - orm.ORMObjectBase - Username string `json:"username" elastic_mapping:"username:{type:keyword}"` - Password string `json:"password" elastic_mapping:"password:{type:text}"` - Name string `json:"name" elastic_mapping:"name:{type:keyword}"` - Phone string `json:"phone" elastic_mapping:"phone:{type:keyword}"` - Email string `json:"email" elastic_mapping:"email:{type:keyword}"` - Roles []UserRole `json:"roles"` - Tags []string `json:"tags,omitempty" elastic_mapping:"tags:{type:text}"` + ID string `json:"id,omitempty" elastic_meta:"_id" elastic_mapping:"id: { type: keyword }"` + Created time.Time `json:"created,omitempty" elastic_mapping:"created: { type: date }"` + Updated time.Time `json:"updated,omitempty" elastic_mapping:"updated: { type: date }"` + Name string `json:"name" elastic_mapping:"name: { type: keyword }"` + NickName string `json:"nick_name" elastic_mapping:"nick_name: { type: keyword }"` + Password string `json:"password" elastic_mapping:"password: { type: keyword }"` + Email string `json:"email" elastic_mapping:"email: { type: keyword }"` + Phone string `json:"phone" elastic_mapping:"phone: { type: keyword }"` + Tags []string `json:"tags" elastic_mapping:"mobile: { type: keyword }"` + Roles []UserRole `json:"roles" elastic_mapping:"roles: { type: object }"` } + type UserRole struct { - Id string `json:"id" elastic_mapping:"id:{type:keyword}"` - Name string `json:"name" elastic_mapping:"name:{type:keyword}" ` -} + ID string `json:"id" elastic_mapping:"id: { type: keyword }"` + Name string `json:"name" elastic_mapping:"name: { type: keyword }"` +} \ No newline at end of file diff --git a/plugin/api/account/account.go b/plugin/api/account/account.go index 638ddcc9..e82c627d 100644 --- a/plugin/api/account/account.go +++ b/plugin/api/account/account.go @@ -114,9 +114,9 @@ func (h Account) Profile(w http.ResponseWriter, r *http.Request, ps httprouter.P u := util.MapStr{ "user_id": "admin", - "username": "admin", + "name": "admin", "email": "admin@infini.ltd", - "name": "admin", + "nick_name": "admin", "phone": "13011111111", } h.WriteOKJSON(w, core.FoundResponse(reqUser.UserId, u)) @@ -128,9 +128,9 @@ func (h Account) Profile(w http.ResponseWriter, r *http.Request, ps httprouter.P } u := util.MapStr{ "user_id": user.ID, - "username": user.Username, + "name": user.Name, "email": user.Email, - "name": user.Name, + "nick_name": user.NickName, "phone": user.Phone, } h.WriteOKJSON(w, core.FoundResponse(reqUser.UserId, u)) diff --git a/plugin/api/rbac/api.go b/plugin/api/rbac/api.go index 591dcb3a..dccd061b 100644 --- a/plugin/api/rbac/api.go +++ b/plugin/api/rbac/api.go @@ -6,12 +6,13 @@ import ( "infini.sh/console/internal/biz" "infini.sh/console/internal/biz/enum" m "infini.sh/console/internal/middleware" + "infini.sh/console/model/rbac" "infini.sh/framework/core/api" "infini.sh/framework/core/elastic" "infini.sh/framework/core/util" "os" "path" - log "src/github.com/cihub/seelog" + log "github.com/cihub/seelog" ) type Rbac struct { @@ -70,10 +71,12 @@ func loadJsonConfig() { } func loadRolePermission() { - biz.RoleMap = make(map[string]biz.Role) + biz.RoleMap = make(map[string]rbac.Role) - biz.RoleMap["admin"] = biz.Role{ - Platform: enum.AdminPrivilege, + biz.RoleMap["admin"] = rbac.Role{ + Privilege: rbac.RolePrivilege{ + Platform: enum.AdminPrivilege, + }, } res, err := biz.SearchRole("", 0, 1000) @@ -85,9 +88,12 @@ func loadRolePermission() { util.FromJSONBytes(res.Raw, &response) for _, v := range response.Hits.Hits { - var role biz.Role + var role rbac.Role + delete(v.Source, "created") + delete(v.Source, "updated") err = mapstructure.Decode(v.Source, &role) if err != nil { + log.Error(err) return } biz.RoleMap[role.Name] = role diff --git a/plugin/api/rbac/permission.go b/plugin/api/rbac/permission.go index a77038a6..fc31eb02 100644 --- a/plugin/api/rbac/permission.go +++ b/plugin/api/rbac/permission.go @@ -9,15 +9,16 @@ import ( func (h Rbac) ListPermission(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { typ := ps.MustGetParameter("type") - - role, err := biz.NewRole(typ) - + err := biz.IsAllowRoleType(typ) if err != nil { _ = log.Error(err.Error()) h.ErrorInternalServer(w, err.Error()) return } - permissions := role.ListPermission() + var permissions interface{} + if typ == biz.Elastisearch { + permissions = biz.ListElasticsearchPermission() + } h.WriteOKJSON(w, permissions) return } diff --git a/plugin/api/rbac/role.go b/plugin/api/rbac/role.go index 403f8f3b..ffa6097b 100644 --- a/plugin/api/rbac/role.go +++ b/plugin/api/rbac/role.go @@ -5,6 +5,7 @@ import ( "infini.sh/console/internal/biz" "infini.sh/console/internal/biz/enum" "infini.sh/console/internal/core" + "infini.sh/console/model/rbac" httprouter "infini.sh/framework/core/api/router" "infini.sh/framework/core/elastic" "infini.sh/framework/core/util" @@ -20,20 +21,22 @@ func (h Rbac) CreateRole(w http.ResponseWriter, r *http.Request, ps httprouter.P h.ErrorInternalServer(w, err.Error()) return } - irole, err := biz.NewRole(roleType) + err = biz.IsAllowRoleType(roleType) if err != nil { h.ErrorInternalServer(w, err.Error()) return } - - err = h.DecodeJSON(r, &irole) + role := &rbac.Role{ + Type: roleType, + } + err = h.DecodeJSON(r, role) if err != nil { h.Error400(w, err.Error()) return } var id string - id, err = irole.Create(localUser) + id, err = biz.CreateRole(localUser, role) if err != nil { _ = log.Error(err.Error()) @@ -128,24 +131,14 @@ func (h Rbac) UpdateRole(w http.ResponseWriter, r *http.Request, ps httprouter.P h.ErrorInternalServer(w, err.Error()) return } - model, err := biz.GetRole(id) - if err != nil { - h.ErrorInternalServer(w, err.Error()) - return - } - irole, err := biz.NewRole(model.RoleType) - if err != nil { - h.ErrorInternalServer(w, err.Error()) - return - } - - err = h.DecodeJSON(r, &irole) + role := &rbac.Role{} + err = h.DecodeJSON(r, role) if err != nil { h.Error400(w, err.Error()) return } - - err = irole.Update(localUser, model) + role.ID = id + err = biz.UpdateRole(localUser, role) if err != nil { _ = log.Error(err.Error()) diff --git a/plugin/api/rbac/user.go b/plugin/api/rbac/user.go index 9423b729..b940db12 100644 --- a/plugin/api/rbac/user.go +++ b/plugin/api/rbac/user.go @@ -29,7 +29,7 @@ func (h Rbac) CreateUser(w http.ResponseWriter, r *http.Request, ps httprouter.P h.Error400(w, err.Error()) return } - if req.Username == "" || req.Phone == "" || req.Email == "" { + if req.Name == "" { h.Error400(w, "username and phone and email is require") return