fix: (rbac) es apis

This commit is contained in:
xushuhui 2022-04-21 17:11:26 +08:00
parent 9a6c9489f9
commit 882eea91a5
5 changed files with 53 additions and 30 deletions

View File

@ -5,7 +5,8 @@ import (
"infini.sh/console/internal/biz/enum"
)
var ClusterApis = make([]string, 0)
var ClusterApis = make(map[string][]string)
var IndexApis = make([]string, 0)
var EsApis = make(map[string][]string)
var RolePermission = make(map[string][]string)
@ -18,8 +19,24 @@ const (
type IRole interface {
ListPermission() interface{}
Create(localUser *User) (id string, err error)
}
type ConsoleRole struct {
Name string `json:"name"`
Description string `json:"description" `
RoleType string `json:"type" `
Permission Permission `json:"permission"`
}
type Permission struct {
Api []string `json:"api"`
Menu []MenuPermission `json:"menu"`
}
type MenuPermission struct {
Id string `json:"id"`
Name string `json:"name"`
Privilege string `json:"privilege"`
}
type ConsoleRole struct{}
type ElasticsearchRole struct{}
func NewRole(typ string) (r IRole, err error) {
@ -46,22 +63,13 @@ type Menu struct {
Children []Menu `json:"children,omitempty"`
}
func (r ConsoleRole) ListPermission() interface{} {
// {
// Id: "cluster_elasticsearch_refresh",
// Name: "集群监控刷新",
// },
// {
// Id: "cluster_activities",
// Name: "集群动态",
// },
// {
// Id: "cluster_activities_search",
// Name: "集群动态搜索",
// },
//
//}
func (role ConsoleRole) Create(localUser *User) (id string, err error) {
return
}
func (role ElasticsearchRole) Create(localUser *User) (id string, err error) {
return
}
func (role ConsoleRole) ListPermission() interface{} {
menu := []Menu{
{
Id: "cluster",
@ -93,15 +101,15 @@ func (r ConsoleRole) ListPermission() interface{} {
return p
}
func (r ElasticsearchRole) ListPermission() interface{} {
func (role ElasticsearchRole) ListPermission() interface{} {
list := ElasticsearchPermisson{
ClusterPrivileges: ClusterApis,
IndexPrivileges: EsApis["indices"],
IndexPrivileges: IndexApis,
}
return list
}
type ElasticsearchPermisson struct {
IndexPrivileges []string `json:"index_privileges"`
ClusterPrivileges []string `json:"cluster_privileges"`
IndexPrivileges []string `json:"index_privileges"`
ClusterPrivileges map[string][]string `json:"cluster_privileges"`
}

View File

@ -215,3 +215,10 @@ func SearchRole(keyword string, from, size int) (roles orm.Result, err error) {
return
}
func IsAllowRoleType(roleType string) (err error) {
if roleType != Console && roleType != Elastisearch {
err = fmt.Errorf("invalid role type %s ", roleType)
return
}
return
}

View File

@ -41,17 +41,14 @@ func loadJsonConfig() {
panic("load json file err " + err.Error())
}
err = json.Unmarshal(bytes, &biz.EsApis)
apis := make(map[string][]string)
err = json.Unmarshal(bytes, &apis)
if err != nil {
panic("json config unmarshal err " + err.Error())
}
list := make([]string, 0)
list = append(list, "*")
for k := range biz.EsApis {
list = append(list, k)
}
biz.ClusterApis = list
biz.IndexApis = apis["indices"]
delete(apis, "indices")
biz.ClusterApis = apis
}
func loadRolePermission() {

View File

@ -9,6 +9,12 @@ import (
func (h Rbac) ListPermission(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
typ := ps.MustGetParameter("type")
err := biz.IsAllowRoleType(typ)
if err != nil {
h.Error400(w, err.Error())
return
}
role, err := biz.NewRole(typ)
if err != nil {

View File

@ -14,6 +14,11 @@ import (
func (h Rbac) CreateRole(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
roleType := ps.MustGetParameter("type")
err := biz.IsAllowRoleType(roleType)
if err != nil {
h.Error400(w, err.Error())
return
}
localUser, err := biz.FromUserContext(r.Context())
if err != nil {
log.Error(err.Error())