feat: (rbac) localuser

2022-04-18 18:20:15 +08:00 · 2022-04-18 18:20:15 +08:00 · 65dd1f2209
parent 8c013a613b
commit 65dd1f2209
9 changed files with 190 additions and 84 deletions
--- a/internal/biz/context.go
+++ b/internal/biz/context.go
@ -21,9 +21,3 @@ func FromUserContext(ctx context.Context) (*User, error) {
 	}
 	return reqUser.User, nil
 }
-func NewPermissionContext(ctx context.Context) {
-
-}
-func FromPermissionContext(ctx context.Context) {
-
-}
--- a/internal/biz/event.go
+++ b/internal/biz/event.go
@ -0,0 +1,17 @@
+package biz
+
+import (
+	"infini.sh/framework/core/event"
+	"infini.sh/framework/core/util"
+	"time"
+)
+
+func GenerateEvent(metadata event.ActivityMetadata, fields util.MapStr) *event.Activity {
+	return &event.Activity{
+		ID:        util.GetUUID(),
+		Timestamp: time.Now(),
+		Metadata:  metadata,
+		Fields:    fields,
+	}
+
+}
--- a/internal/biz/permission.go
+++ b/internal/biz/permission.go
@ -1,15 +1,45 @@
 package biz

+import "fmt"
+
 var ClusterApis = make([]string, 0)
 var EsApis = make(map[string][]string)

+type RoleType = string
+
+const (
+	Console      RoleType = "console"
+	Elastisearch RoleType = "elasticsearch"
+)
+
+type IRole interface {
+	ListPermission() interface{}
+}
+type ConsoleRole struct {
+}
+type ElasticsearchRole struct {
+}
+
+func NewRole(typ string) (r IRole, err error) {
+	switch typ {
+	case Console:
+		r = &ConsoleRole{}
+
+	case Elastisearch:
+		r = &ElasticsearchRole{}
+	default:
+		err = fmt.Errorf("role type %s not support", typ)
+	}
+	return
+}
+
 type ConsolePermisson struct {
 	Id   string `json:"id"`
 	Name string `json:"name"`
 }

-func ListConsolePermisson() (list []ConsolePermisson, err error) {
-	list = []ConsolePermisson{
+func (r ConsoleRole) ListPermission() interface{} {
+	list := []ConsolePermisson{
 		{
 			Id:   "cluster_overview",
 			Name: "平台概览",
@ -35,7 +65,36 @@ func ListConsolePermisson() (list []ConsolePermisson, err error) {
 			Name: "集群动态搜索",
 		},
 	}
-	return
+	return list
+}
+func (r ElasticsearchRole) ListPermission() interface{} {
+	list := []ConsolePermisson{
+		{
+			Id:   "cluster_overview",
+			Name: "平台概览",
+		},
+		{
+			Id:   "cluster_search",
+			Name: "平台搜索",
+		},
+		{
+			Id:   "cluster_elasticsearch",
+			Name: "集群监控",
+		},
+		{
+			Id:   "cluster_elasticsearch_refresh",
+			Name: "集群监控刷新",
+		},
+		{
+			Id:   "cluster_activities",
+			Name: "集群动态",
+		},
+		{
+			Id:   "cluster_activities_search",
+			Name: "集群动态搜索",
+		},
+	}
+	return list
 }

 type ElasticsearchPermisson struct {
--- a/internal/biz/role.go
+++ b/internal/biz/role.go
@ -4,6 +4,8 @@ import (
 	"fmt"
 	"infini.sh/console/internal/dto"
 	"infini.sh/console/model/rbac"
+	"infini.sh/framework/core/event"
+	log "src/github.com/cihub/seelog"

 	"infini.sh/framework/core/util"
 	"strings"
@ -12,7 +14,7 @@ import (
 	"infini.sh/framework/core/orm"
 )

-func CreateRole(req dto.CreateRole) (id string, err error) {
+func CreateRole(localUser *User, req dto.CreateRole) (id string, err error) {

 	q := orm.Query{Size: 1000}
 	q.Conds = orm.And(orm.Eq("name", req.Name))
@ -36,10 +38,36 @@ func CreateRole(req dto.CreateRole) (id string, err error) {
 	role.Created = time.Now()
 	role.Updated = time.Now()
 	err = orm.Save(role)
+	if err != nil {
+		return
+	}
 	id = role.ID
+	err = orm.Save(GenerateEvent(event.ActivityMetadata{
+		Category: "platform",
+		Group:    "rbac",
+		Name:     "role",
+		Type:     "create",
+		Labels: util.MapStr{
+			"id":          id,
+			"name":        req.Name,
+			"description": req.Description,
+			"permission":  req.Permission,
+			"type":        req.RoleType,
+			"created":     role.Created.Format("2006-01-02 15:04:05"),
+			"updated":     role.Updated.Format("2006-01-02 15:04:05"),
+		},
+		User: util.MapStr{
+			"userid":   localUser.UserId,
+			"username": localUser.Username,
+		},
+	}, nil))
+
+	if err != nil {
+		log.Error(err)
+	}
 	return
 }
-func DeleteRole(id string) (err error) {
+func DeleteRole(localUser *User, id string) (err error) {
 	role := rbac.Role{}
 	role.ID = id
 	_, err = orm.Get(&role)
@ -47,10 +75,31 @@ func DeleteRole(id string) (err error) {
 		err = ErrNotFound
 		return
 	}
-	return orm.Delete(role)
+	err = orm.Delete(role)
+	if err != nil {
+		return
+	}
+	err = orm.Save(GenerateEvent(event.ActivityMetadata{
+		Category: "platform",
+		Group:    "rbac",
+		Name:     "role",
+		Type:     "delete",
+		Labels: util.MapStr{
+			"id": id,
+		},
+		User: util.MapStr{
+			"userid":   localUser.UserId,
+			"username": localUser.Username,
+		},
+	}, nil))
+
+	if err != nil {
+		log.Error(err)
+	}
+	return
 }

-func UpdateRole(id string, req dto.UpdateRole) (err error) {
+func UpdateRole(localUser *User, id string, req dto.UpdateRole) (err error) {
 	role := rbac.Role{}
 	role.ID = id
 	_, err = orm.Get(&role)
--- a/plugin/api/account/account.go
+++ b/plugin/api/account/account.go
@ -18,11 +18,10 @@ func init() {
 	account := Account{}
 	api.HandleAPIMethod(api.POST, "/account/login", account.Login)

-	api.HandleAPIMethod(api.GET, "/account/current_user", account.CurrentUser)
+	//api.HandleAPIMethod(api.GET, "/account/current_user", account.CurrentUser)

-	api.HandleAPIMethod(api.DELETE, "/account/logout", account.Logout)
-	api.HandleAPIMethod(api.GET, "/account/profile",
-		m.LoginRequired(account.Profile))
+	api.HandleAPIMethod(api.DELETE, "/account/logout", m.LoginRequired(account.Logout))
+	api.HandleAPIMethod(api.GET, "/account/profile", m.LoginRequired(account.Profile))
 }

 const userInSession = "user_in_session"
@ -41,7 +40,7 @@ func (h Account) Login(w http.ResponseWriter, r *http.Request, ps httprouter.Par
 		h.Error(w, err)
 		return
 	}
-	h.WriteJSON(w, data, http.StatusOK)
+	h.WriteOKJSON(w, data)
 }

 func (h Account) CurrentUser(w http.ResponseWriter, req *http.Request, ps httprouter.Params) {
--- a/plugin/api/rbac/init.go
+++ b/plugin/api/rbac/init.go
@ -17,20 +17,20 @@ type Rbac struct {

 func registerRouter() {
 	r := Rbac{}
-	api.HandleAPIMethod(api.GET, "/permission/:type", r.ListPermission)
-	api.HandleAPIMethod(api.POST, "/role/:type", r.CreateRole)
-	api.HandleAPIMethod(api.GET, "/role/:id", m.LoginRequired(r.GetRole))
-	api.HandleAPIMethod(api.DELETE, "/role/:id", r.DeleteRole)
-	api.HandleAPIMethod(api.PUT, "/role/:id", r.UpdateRole)
+	api.HandleAPIMethod(api.GET, "/permission/:type", m.LoginRequired(m.PermissionRequired(r.ListPermission, "list.permission")))
+	api.HandleAPIMethod(api.POST, "/role/:type", m.LoginRequired(m.PermissionRequired(r.CreateRole, "create.role")))
+	api.HandleAPIMethod(api.GET, "/role/:id", m.LoginRequired(m.PermissionRequired(r.GetRole, "get.role")))
+	api.HandleAPIMethod(api.DELETE, "/role/:id", m.LoginRequired(m.PermissionRequired(r.DeleteRole, "delete.role")))
+	api.HandleAPIMethod(api.PUT, "/role/:id", m.LoginRequired(m.PermissionRequired(r.UpdateRole, "update.role")))
 	api.HandleAPIMethod(api.GET, "/role/_search", m.LoginRequired(m.PermissionRequired(r.SearchRole, "search.role")))

-	api.HandleAPIMethod(api.POST, "/user", r.CreateUser)
-	api.HandleAPIMethod(api.GET, "/user/:id", r.GetUser)
-	api.HandleAPIMethod(api.GET, "/user/search", r.SearchUser)
-	api.HandleAPIMethod(api.DELETE, "/user/:id", r.DeleteUser)
-	api.HandleAPIMethod(api.PUT, "/user/:id", r.UpdateUser)
-	api.HandleAPIMethod(api.PUT, "/user/:id/role", r.UpdateUserRole)
-	api.HandleAPIMethod(api.GET, "/user/_search", r.SearchUser)
+	api.HandleAPIMethod(api.POST, "/user", m.LoginRequired(m.PermissionRequired(r.CreateUser, "create.user")))
+	api.HandleAPIMethod(api.GET, "/user/:id", m.LoginRequired(m.PermissionRequired(r.GetUser, "get.user")))
+	api.HandleAPIMethod(api.GET, "/user/search", m.LoginRequired(m.PermissionRequired(r.SearchUser, "search.user")))
+	api.HandleAPIMethod(api.DELETE, "/user/:id", m.LoginRequired(m.PermissionRequired(r.DeleteUser, "delete.user")))
+	api.HandleAPIMethod(api.PUT, "/user/:id", m.LoginRequired(m.PermissionRequired(r.UpdateUser, "update.user")))
+	api.HandleAPIMethod(api.PUT, "/user/:id/role", m.LoginRequired(m.PermissionRequired(r.UpdateUserRole, "update.user.role")))
+	api.HandleAPIMethod(api.GET, "/user/_search", m.LoginRequired(m.PermissionRequired(r.SearchUser, "search.user")))

 }

--- a/plugin/api/rbac/permission.go
+++ b/plugin/api/rbac/permission.go
@ -2,50 +2,24 @@ package rbac

 import (
 	log "github.com/cihub/seelog"
-	"github.com/pkg/errors"
 	"infini.sh/console/internal/biz"

 	httprouter "infini.sh/framework/core/api/router"
 	"net/http"
 )

-type RoleType = string
-
-const (
-	Console      RoleType = "console"
-	Elastisearch RoleType = "elasticsearch"
-)
-
-func validateRoleType(roleType RoleType) (err error) {
-	if roleType != Console && roleType != Elastisearch {
-		err = errors.New("unsupport type parmeter " + roleType)
-	}
-	return
-}
-func (h Rbac) ListPermission(w http.ResponseWriter, req *http.Request, ps httprouter.Params) {
+func (h Rbac) ListPermission(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
 	typ := ps.MustGetParameter("type")
-	err := validateRoleType(typ)
+	role, err := biz.NewRole(typ)
+
 	if err != nil {
 		_ = log.Error(err.Error())
 		h.Error(w, err)
 		return
 	}
-	var permissons interface{}
-	switch typ {
-	case Console:
-		permissons, err = biz.ListConsolePermisson()
-
-	case Elastisearch:
-		permissons, err = biz.ListElasticsearchPermisson()
-	}
-	if err != nil {
-		_ = log.Error(err.Error())
-		h.Error(w, err)
-		return
-	}
-
-	_ = h.WriteJSON(w, Response{
-		Hit: permissons,
-	}, http.StatusOK)
+	permissions := role.ListPermission()
+	h.WriteOKJSON(w, Response{
+		Hit: permissions,
+	})
 	return
 }
--- a/plugin/api/rbac/role.go
+++ b/plugin/api/rbac/role.go
@ -4,7 +4,6 @@ import (
 	log "github.com/cihub/seelog"
 	"infini.sh/console/internal/biz"
 	"infini.sh/console/internal/dto"
-
 	httprouter "infini.sh/framework/core/api/router"
 	"net/http"
 )
@ -12,12 +11,6 @@ import (
 func (h Rbac) CreateRole(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
 	roleType := ps.MustGetParameter("type")
 	var err error
-	err = validateRoleType(roleType)
-	if err != nil {
-		_ = log.Error(err.Error())
-		h.Error(w, err)
-		return
-	}

 	var req dto.CreateRole
 	err = h.DecodeJSON(r, &req)
@ -28,13 +21,20 @@ func (h Rbac) CreateRole(w http.ResponseWriter, r *http.Request, ps httprouter.P
 	req.RoleType = roleType

 	var id string
-	id, err = biz.CreateRole(req)
+	localUser, err := biz.FromUserContext(r.Context())
+	if err != nil {
+		log.Error(err.Error())
+		h.Error(w, err)
+		return
+	}
+	id, err = biz.CreateRole(localUser, req)
 	if err != nil {
 		_ = log.Error(err.Error())
 		h.Error(w, err)
 		return
 	}
-	_ = h.WriteJSON(w, CreateResponse(id), http.StatusOK)
+
+	_ = h.WriteOKJSON(w, CreateResponse(id))
 	return

 }
@ -54,7 +54,7 @@ func (h Rbac) SearchRole(w http.ResponseWriter, r *http.Request, ps httprouter.P
 		return
 	}

-	h.WriteJSON(w, Response{Hit: res.Result, Total: res.Total}, http.StatusOK)
+	h.WriteOKJSON(w, Response{Hit: res.Result, Total: res.Total})
 	return

 }
@ -68,38 +68,52 @@ func (h Rbac) GetRole(w http.ResponseWriter, r *http.Request, ps httprouter.Para
 		h.Error(w, err)
 		return
 	}
-	h.WriteJSON(w, Response{Hit: role}, http.StatusOK)
+	h.WriteOKJSON(w, Response{Hit: role})
 	return
 }

 func (h Rbac) DeleteRole(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
 	id := ps.MustGetParameter("id")
-	err := biz.DeleteRole(id)
+
+	localUser, err := biz.FromUserContext(r.Context())
+	if err != nil {
+		log.Error(err.Error())
+		h.Error(w, err)
+		return
+	}
+	err = biz.DeleteRole(localUser, id)

 	if err != nil {
 		_ = log.Error(err.Error())
 		h.Error(w, err)
 		return
 	}
-	_ = h.WriteJSON(w, DeleteResponse(id), http.StatusOK)
+	_ = h.WriteOKJSON(w, DeleteResponse(id))
 	return
 }

 func (h Rbac) UpdateRole(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
 	id := ps.MustGetParameter("id")
+
 	var req dto.UpdateRole
 	err := h.DecodeJSON(r, &req)
 	if err != nil {
 		h.Error(w, err)
 		return
 	}
-	err = biz.UpdateRole(id, req)
+	localUser, err := biz.FromUserContext(r.Context())
+	if err != nil {
+		log.Error(err.Error())
+		h.Error(w, err)
+		return
+	}
+	err = biz.UpdateRole(localUser, id, req)

 	if err != nil {
 		_ = log.Error(err.Error())
 		h.Error(w, err)
 		return
 	}
-	_ = h.WriteJSON(w, UpdateResponse(id), http.StatusOK)
+	_ = h.WriteOKJSON(w, UpdateResponse(id))
 	return
 }
--- a/plugin/api/rbac/user.go
+++ b/plugin/api/rbac/user.go
@ -33,7 +33,7 @@ func (h Rbac) CreateUser(w http.ResponseWriter, r *http.Request, ps httprouter.P
 		h.Error(w, err)
 		return
 	}
-	_ = h.WriteJSON(w, CreateResponse(id), http.StatusOK)
+	_ = h.WriteOKJSON(w, CreateResponse(id))
 	return

 }
@ -51,7 +51,7 @@ func (h Rbac) GetUser(w http.ResponseWriter, r *http.Request, ps httprouter.Para
 		h.Error(w, err)
 		return
 	}
-	h.WriteJSON(w, Response{Hit: user}, http.StatusOK)
+	h.WriteOKJSON(w, Response{Hit: user})
 	return
 }

@ -71,7 +71,7 @@ func (h Rbac) UpdateUser(w http.ResponseWriter, r *http.Request, ps httprouter.P
 		h.Error(w, err)
 		return
 	}
-	_ = h.WriteJSON(w, UpdateResponse(id), http.StatusOK)
+	_ = h.WriteOKJSON(w, UpdateResponse(id))
 	return
 }

@ -91,7 +91,7 @@ func (h Rbac) UpdateUserRole(w http.ResponseWriter, r *http.Request, ps httprout
 		h.Error(w, err)
 		return
 	}
-	_ = h.WriteJSON(w, UpdateResponse(id), http.StatusOK)
+	_ = h.WriteOKJSON(w, UpdateResponse(id))
 	return
 }

@ -107,7 +107,7 @@ func (h Rbac) DeleteUser(w http.ResponseWriter, r *http.Request, ps httprouter.P
 		h.Error(w, err)
 		return
 	}
-	_ = h.WriteJSON(w, DeleteResponse(id), http.StatusOK)
+	_ = h.WriteOKJSON(w, DeleteResponse(id))
 	return
 }

@ -125,7 +125,7 @@ func (h Rbac) SearchUser(w http.ResponseWriter, r *http.Request, ps httprouter.P
 		return
 	}

-	h.WriteJSON(w, Response{Hit: res.Result, Total: res.Total}, http.StatusOK)
+	h.WriteOKJSON(w, Response{Hit: res.Result, Total: res.Total})
 	return

 }