fix: (rbac) es apis
This commit is contained in:
parent
9a6c9489f9
commit
882eea91a5
|
@ -5,7 +5,8 @@ import (
|
|||
"infini.sh/console/internal/biz/enum"
|
||||
)
|
||||
|
||||
var ClusterApis = make([]string, 0)
|
||||
var ClusterApis = make(map[string][]string)
|
||||
var IndexApis = make([]string, 0)
|
||||
var EsApis = make(map[string][]string)
|
||||
var RolePermission = make(map[string][]string)
|
||||
|
||||
|
@ -18,8 +19,24 @@ const (
|
|||
|
||||
type IRole interface {
|
||||
ListPermission() interface{}
|
||||
|
||||
Create(localUser *User) (id string, err error)
|
||||
}
|
||||
type ConsoleRole struct {
|
||||
Name string `json:"name"`
|
||||
Description string `json:"description" `
|
||||
RoleType string `json:"type" `
|
||||
Permission Permission `json:"permission"`
|
||||
}
|
||||
type Permission struct {
|
||||
Api []string `json:"api"`
|
||||
Menu []MenuPermission `json:"menu"`
|
||||
}
|
||||
type MenuPermission struct {
|
||||
Id string `json:"id"`
|
||||
Name string `json:"name"`
|
||||
Privilege string `json:"privilege"`
|
||||
}
|
||||
type ConsoleRole struct{}
|
||||
type ElasticsearchRole struct{}
|
||||
|
||||
func NewRole(typ string) (r IRole, err error) {
|
||||
|
@ -46,22 +63,13 @@ type Menu struct {
|
|||
Children []Menu `json:"children,omitempty"`
|
||||
}
|
||||
|
||||
func (r ConsoleRole) ListPermission() interface{} {
|
||||
|
||||
// {
|
||||
// Id: "cluster_elasticsearch_refresh",
|
||||
// Name: "集群监控刷新",
|
||||
// },
|
||||
// {
|
||||
// Id: "cluster_activities",
|
||||
// Name: "集群动态",
|
||||
// },
|
||||
// {
|
||||
// Id: "cluster_activities_search",
|
||||
// Name: "集群动态搜索",
|
||||
// },
|
||||
//
|
||||
//}
|
||||
func (role ConsoleRole) Create(localUser *User) (id string, err error) {
|
||||
return
|
||||
}
|
||||
func (role ElasticsearchRole) Create(localUser *User) (id string, err error) {
|
||||
return
|
||||
}
|
||||
func (role ConsoleRole) ListPermission() interface{} {
|
||||
menu := []Menu{
|
||||
{
|
||||
Id: "cluster",
|
||||
|
@ -93,15 +101,15 @@ func (r ConsoleRole) ListPermission() interface{} {
|
|||
|
||||
return p
|
||||
}
|
||||
func (r ElasticsearchRole) ListPermission() interface{} {
|
||||
func (role ElasticsearchRole) ListPermission() interface{} {
|
||||
list := ElasticsearchPermisson{
|
||||
ClusterPrivileges: ClusterApis,
|
||||
IndexPrivileges: EsApis["indices"],
|
||||
IndexPrivileges: IndexApis,
|
||||
}
|
||||
return list
|
||||
}
|
||||
|
||||
type ElasticsearchPermisson struct {
|
||||
IndexPrivileges []string `json:"index_privileges"`
|
||||
ClusterPrivileges []string `json:"cluster_privileges"`
|
||||
IndexPrivileges []string `json:"index_privileges"`
|
||||
ClusterPrivileges map[string][]string `json:"cluster_privileges"`
|
||||
}
|
||||
|
|
|
@ -215,3 +215,10 @@ func SearchRole(keyword string, from, size int) (roles orm.Result, err error) {
|
|||
|
||||
return
|
||||
}
|
||||
func IsAllowRoleType(roleType string) (err error) {
|
||||
if roleType != Console && roleType != Elastisearch {
|
||||
err = fmt.Errorf("invalid role type %s ", roleType)
|
||||
return
|
||||
}
|
||||
return
|
||||
}
|
||||
|
|
|
@ -41,17 +41,14 @@ func loadJsonConfig() {
|
|||
panic("load json file err " + err.Error())
|
||||
|
||||
}
|
||||
|
||||
err = json.Unmarshal(bytes, &biz.EsApis)
|
||||
apis := make(map[string][]string)
|
||||
err = json.Unmarshal(bytes, &apis)
|
||||
if err != nil {
|
||||
panic("json config unmarshal err " + err.Error())
|
||||
}
|
||||
list := make([]string, 0)
|
||||
list = append(list, "*")
|
||||
for k := range biz.EsApis {
|
||||
list = append(list, k)
|
||||
}
|
||||
biz.ClusterApis = list
|
||||
biz.IndexApis = apis["indices"]
|
||||
delete(apis, "indices")
|
||||
biz.ClusterApis = apis
|
||||
|
||||
}
|
||||
func loadRolePermission() {
|
||||
|
|
|
@ -9,6 +9,12 @@ import (
|
|||
|
||||
func (h Rbac) ListPermission(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
|
||||
typ := ps.MustGetParameter("type")
|
||||
|
||||
err := biz.IsAllowRoleType(typ)
|
||||
if err != nil {
|
||||
h.Error400(w, err.Error())
|
||||
return
|
||||
}
|
||||
role, err := biz.NewRole(typ)
|
||||
|
||||
if err != nil {
|
||||
|
|
|
@ -14,6 +14,11 @@ import (
|
|||
|
||||
func (h Rbac) CreateRole(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
|
||||
roleType := ps.MustGetParameter("type")
|
||||
err := biz.IsAllowRoleType(roleType)
|
||||
if err != nil {
|
||||
h.Error400(w, err.Error())
|
||||
return
|
||||
}
|
||||
localUser, err := biz.FromUserContext(r.Context())
|
||||
if err != nil {
|
||||
log.Error(err.Error())
|
||||
|
|
Loading…
Reference in New Issue