fix: (rbac) es apis

internal/biz/permission.go

@@ -5,7 +5,8 @@ import (
 	"infini.sh/console/internal/biz/enum"
 )
 
-var ClusterApis = make([]string, 0)
+var ClusterApis = make(map[string][]string)
+var IndexApis = make([]string, 0)
 var EsApis = make(map[string][]string)
 var RolePermission = make(map[string][]string)
 
@@ -18,8 +19,24 @@ const (
 
 type IRole interface {
 	ListPermission() interface{}
+
+	Create(localUser *User) (id string, err error)
+}
+type ConsoleRole struct {
+	Name        string     `json:"name"`
+	Description string     `json:"description" `
+	RoleType    string     `json:"type" `
+	Permission  Permission `json:"permission"`
+}
+type Permission struct {
+	Api  []string         `json:"api"`
+	Menu []MenuPermission `json:"menu"`
+}
+type MenuPermission struct {
+	Id        string `json:"id"`
+	Name      string `json:"name"`
+	Privilege string `json:"privilege"`
 }
-type ConsoleRole struct{}
 type ElasticsearchRole struct{}
 
 func NewRole(typ string) (r IRole, err error) {
@@ -46,22 +63,13 @@ type Menu struct {
 	Children  []Menu   `json:"children,omitempty"`
 }
 
-func (r ConsoleRole) ListPermission() interface{} {
+func (role ConsoleRole) Create(localUser *User) (id string, err error) {
-
+	return
-	//	{
+}
-	//		Id:   "cluster_elasticsearch_refresh",
+func (role ElasticsearchRole) Create(localUser *User) (id string, err error) {
-	//		Name: "集群监控刷新",
+	return
-	//	},
+}
-	//	{
+func (role ConsoleRole) ListPermission() interface{} {
-	//		Id:   "cluster_activities",
-	//		Name: "集群动态",
-	//	},
-	//	{
-	//		Id:   "cluster_activities_search",
-	//		Name: "集群动态搜索",
-	//	},
-	//
-	//}
 	menu := []Menu{
 		{
 			Id:   "cluster",
@@ -93,15 +101,15 @@ func (r ConsoleRole) ListPermission() interface{} {
 
 	return p
 }
-func (r ElasticsearchRole) ListPermission() interface{} {
+func (role ElasticsearchRole) ListPermission() interface{} {
 	list := ElasticsearchPermisson{
 		ClusterPrivileges: ClusterApis,
-		IndexPrivileges:   EsApis["indices"],
+		IndexPrivileges:   IndexApis,
 	}
 	return list
 }
 
 type ElasticsearchPermisson struct {
-	IndexPrivileges   []string `json:"index_privileges"`
+	IndexPrivileges   []string            `json:"index_privileges"`
-	ClusterPrivileges []string `json:"cluster_privileges"`
+	ClusterPrivileges map[string][]string `json:"cluster_privileges"`
 }

internal/biz/role.go

@@ -215,3 +215,10 @@ func SearchRole(keyword string, from, size int) (roles orm.Result, err error) {
 
 	return
 }
+func IsAllowRoleType(roleType string) (err error) {
+	if roleType != Console && roleType != Elastisearch {
+		err = fmt.Errorf("invalid role type %s ", roleType)
+		return
+	}
+	return
+}

plugin/api/rbac/init.go

@@ -41,17 +41,14 @@ func loadJsonConfig() {
 		panic("load json file err " + err.Error())
 
 	}
-
+	apis := make(map[string][]string)
-	err = json.Unmarshal(bytes, &biz.EsApis)
+	err = json.Unmarshal(bytes, &apis)
 	if err != nil {
 		panic("json config unmarshal err " + err.Error())
 	}
-	list := make([]string, 0)
+	biz.IndexApis = apis["indices"]
-	list = append(list, "*")
+	delete(apis, "indices")
-	for k := range biz.EsApis {
+	biz.ClusterApis = apis
-		list = append(list, k)
-	}
-	biz.ClusterApis = list
 
 }
 func loadRolePermission() {

plugin/api/rbac/permission.go

@@ -9,6 +9,12 @@ import (
 
 func (h Rbac) ListPermission(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
 	typ := ps.MustGetParameter("type")
+
+	err := biz.IsAllowRoleType(typ)
+	if err != nil {
+		h.Error400(w, err.Error())
+		return
+	}
 	role, err := biz.NewRole(typ)
 
 	if err != nil {

plugin/api/rbac/role.go

@@ -14,6 +14,11 @@ import (
 
 func (h Rbac) CreateRole(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
 	roleType := ps.MustGetParameter("type")
+	err := biz.IsAllowRoleType(roleType)
+	if err != nil {
+		h.Error400(w, err.Error())
+		return
+	}
 	localUser, err := biz.FromUserContext(r.Context())
 	if err != nil {
 		log.Error(err.Error())