From 882eea91a5f5b6d9a32d1774c5b1cdb8d181d0f9 Mon Sep 17 00:00:00 2001
From: xushuhui <xushuhui@infini.ltd>
Date: Thu, 21 Apr 2022 17:11:26 +0800
Subject: [PATCH] fix: (rbac) es apis

---
 internal/biz/permission.go    | 52 ++++++++++++++++++++---------------
 internal/biz/role.go          |  7 +++++
 plugin/api/rbac/init.go       | 13 ++++-----
 plugin/api/rbac/permission.go |  6 ++++
 plugin/api/rbac/role.go       |  5 ++++
 5 files changed, 53 insertions(+), 30 deletions(-)

diff --git a/internal/biz/permission.go b/internal/biz/permission.go
index d3b1c24f..762df697 100644
--- a/internal/biz/permission.go
+++ b/internal/biz/permission.go
@@ -5,7 +5,8 @@ import (
 	"infini.sh/console/internal/biz/enum"
 )
 
-var ClusterApis = make([]string, 0)
+var ClusterApis = make(map[string][]string)
+var IndexApis = make([]string, 0)
 var EsApis = make(map[string][]string)
 var RolePermission = make(map[string][]string)
 
@@ -18,8 +19,24 @@ const (
 
 type IRole interface {
 	ListPermission() interface{}
+
+	Create(localUser *User) (id string, err error)
+}
+type ConsoleRole struct {
+	Name        string     `json:"name"`
+	Description string     `json:"description" `
+	RoleType    string     `json:"type" `
+	Permission  Permission `json:"permission"`
+}
+type Permission struct {
+	Api  []string         `json:"api"`
+	Menu []MenuPermission `json:"menu"`
+}
+type MenuPermission struct {
+	Id        string `json:"id"`
+	Name      string `json:"name"`
+	Privilege string `json:"privilege"`
 }
-type ConsoleRole struct{}
 type ElasticsearchRole struct{}
 
 func NewRole(typ string) (r IRole, err error) {
@@ -46,22 +63,13 @@ type Menu struct {
 	Children  []Menu   `json:"children,omitempty"`
 }
 
-func (r ConsoleRole) ListPermission() interface{} {
-
-	//	{
-	//		Id:   "cluster_elasticsearch_refresh",
-	//		Name: "集群监控刷新",
-	//	},
-	//	{
-	//		Id:   "cluster_activities",
-	//		Name: "集群动态",
-	//	},
-	//	{
-	//		Id:   "cluster_activities_search",
-	//		Name: "集群动态搜索",
-	//	},
-	//
-	//}
+func (role ConsoleRole) Create(localUser *User) (id string, err error) {
+	return
+}
+func (role ElasticsearchRole) Create(localUser *User) (id string, err error) {
+	return
+}
+func (role ConsoleRole) ListPermission() interface{} {
 	menu := []Menu{
 		{
 			Id:   "cluster",
@@ -93,15 +101,15 @@ func (r ConsoleRole) ListPermission() interface{} {
 
 	return p
 }
-func (r ElasticsearchRole) ListPermission() interface{} {
+func (role ElasticsearchRole) ListPermission() interface{} {
 	list := ElasticsearchPermisson{
 		ClusterPrivileges: ClusterApis,
-		IndexPrivileges:   EsApis["indices"],
+		IndexPrivileges:   IndexApis,
 	}
 	return list
 }
 
 type ElasticsearchPermisson struct {
-	IndexPrivileges   []string `json:"index_privileges"`
-	ClusterPrivileges []string `json:"cluster_privileges"`
+	IndexPrivileges   []string            `json:"index_privileges"`
+	ClusterPrivileges map[string][]string `json:"cluster_privileges"`
 }
diff --git a/internal/biz/role.go b/internal/biz/role.go
index a788bf87..30ca06cd 100644
--- a/internal/biz/role.go
+++ b/internal/biz/role.go
@@ -215,3 +215,10 @@ func SearchRole(keyword string, from, size int) (roles orm.Result, err error) {
 
 	return
 }
+func IsAllowRoleType(roleType string) (err error) {
+	if roleType != Console && roleType != Elastisearch {
+		err = fmt.Errorf("invalid role type %s ", roleType)
+		return
+	}
+	return
+}
diff --git a/plugin/api/rbac/init.go b/plugin/api/rbac/init.go
index 348d0760..e87880f5 100644
--- a/plugin/api/rbac/init.go
+++ b/plugin/api/rbac/init.go
@@ -41,17 +41,14 @@ func loadJsonConfig() {
 		panic("load json file err " + err.Error())
 
 	}
-
-	err = json.Unmarshal(bytes, &biz.EsApis)
+	apis := make(map[string][]string)
+	err = json.Unmarshal(bytes, &apis)
 	if err != nil {
 		panic("json config unmarshal err " + err.Error())
 	}
-	list := make([]string, 0)
-	list = append(list, "*")
-	for k := range biz.EsApis {
-		list = append(list, k)
-	}
-	biz.ClusterApis = list
+	biz.IndexApis = apis["indices"]
+	delete(apis, "indices")
+	biz.ClusterApis = apis
 
 }
 func loadRolePermission() {
diff --git a/plugin/api/rbac/permission.go b/plugin/api/rbac/permission.go
index 138c2bc7..7a356cc8 100644
--- a/plugin/api/rbac/permission.go
+++ b/plugin/api/rbac/permission.go
@@ -9,6 +9,12 @@ import (
 
 func (h Rbac) ListPermission(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
 	typ := ps.MustGetParameter("type")
+
+	err := biz.IsAllowRoleType(typ)
+	if err != nil {
+		h.Error400(w, err.Error())
+		return
+	}
 	role, err := biz.NewRole(typ)
 
 	if err != nil {
diff --git a/plugin/api/rbac/role.go b/plugin/api/rbac/role.go
index 50421b69..f73e8f7c 100644
--- a/plugin/api/rbac/role.go
+++ b/plugin/api/rbac/role.go
@@ -14,6 +14,11 @@ import (
 
 func (h Rbac) CreateRole(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
 	roleType := ps.MustGetParameter("type")
+	err := biz.IsAllowRoleType(roleType)
+	if err != nil {
+		h.Error400(w, err.Error())
+		return
+	}
 	localUser, err := biz.FromUserContext(r.Context())
 	if err != nil {
 		log.Error(err.Error())