fix: (rbac) create console role and es role
This commit is contained in:
parent
bfc314d01d
commit
8d730834dd
|
@ -12,7 +12,59 @@ import (
|
|||
"time"
|
||||
)
|
||||
|
||||
func CreateRole(localUser *User, req dto.CreateRole) (id string, err error) {
|
||||
func CreateEsRole(localUser *User, req dto.CreateEsRole) (id string, err error) {
|
||||
q := orm.Query{Size: 1000}
|
||||
q.Conds = orm.And(orm.Eq("name", req.Name))
|
||||
|
||||
err, result := orm.Search(rbac.Role{}, &q)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
if result.Total > 0 {
|
||||
err = fmt.Errorf("role name %s already exists", req.Name)
|
||||
return
|
||||
}
|
||||
|
||||
role := &rbac.Role{
|
||||
Name: req.Name,
|
||||
Description: req.Description,
|
||||
RoleType: req.RoleType,
|
||||
Permission: req.Permission,
|
||||
}
|
||||
role.ID = util.GetUUID()
|
||||
role.Created = time.Now()
|
||||
role.Updated = time.Now()
|
||||
err = orm.Save(role)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
id = role.ID
|
||||
err = orm.Save(GenerateEvent(event.ActivityMetadata{
|
||||
Category: "platform",
|
||||
Group: "rbac",
|
||||
Name: "role",
|
||||
Type: "create",
|
||||
Labels: util.MapStr{
|
||||
"id": id,
|
||||
"name": req.Name,
|
||||
"description": req.Description,
|
||||
"permission": req.Permission,
|
||||
"type": req.RoleType,
|
||||
"created": role.Created.Format("2006-01-02 15:04:05"),
|
||||
"updated": role.Updated.Format("2006-01-02 15:04:05"),
|
||||
},
|
||||
User: util.MapStr{
|
||||
"userid": localUser.UserId,
|
||||
"username": localUser.Username,
|
||||
},
|
||||
}, nil, nil))
|
||||
|
||||
if err != nil {
|
||||
log.Error(err)
|
||||
}
|
||||
return
|
||||
}
|
||||
func CreateRole(localUser *User, req dto.CreateConsoleRole) (id string, err error) {
|
||||
|
||||
q := orm.Query{Size: 1000}
|
||||
q.Conds = orm.And(orm.Eq("name", req.Name))
|
||||
|
@ -102,7 +154,7 @@ func DeleteRole(localUser *User, id string) (err error) {
|
|||
return
|
||||
}
|
||||
|
||||
func UpdateRole(localUser *User, id string, req dto.UpdateRole) (err error) {
|
||||
func UpdateRole(localUser *User, id string, req dto.UpdateConsoleRole) (err error) {
|
||||
role := rbac.Role{}
|
||||
role.ID = id
|
||||
_, err = orm.Get(&role)
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
package dto
|
||||
|
||||
type CreateRole struct {
|
||||
type CreateConsoleRole struct {
|
||||
Name string `json:"name"`
|
||||
Description string `json:"description" `
|
||||
RoleType string `json:"type" `
|
||||
|
@ -15,9 +15,15 @@ type Menu struct {
|
|||
Name string `json:"name"`
|
||||
Switch string `json:"switch"`
|
||||
}
|
||||
type UpdateRole struct {
|
||||
Description string `json:"description" `
|
||||
Permission interface{} `json:"permission"`
|
||||
type UpdateConsoleRole struct {
|
||||
Description string `json:"description" `
|
||||
Permission RolePermission `json:"permission"`
|
||||
}
|
||||
type CreateEsRole struct {
|
||||
Name string `json:"name"`
|
||||
Description string `json:"description" `
|
||||
RoleType string `json:"type" `
|
||||
Permission ElasticsearchPermission `json:"permission"`
|
||||
}
|
||||
type ElasticsearchPermission struct {
|
||||
Cluster []string `json:"cluster" `
|
||||
|
|
|
@ -2,7 +2,6 @@ package rbac
|
|||
|
||||
import (
|
||||
"infini.sh/framework/core/orm"
|
||||
"time"
|
||||
)
|
||||
|
||||
type Role struct {
|
||||
|
@ -14,9 +13,14 @@ type Role struct {
|
|||
BuiltIn bool `json:"builtin" elastic_mapping:"builtin:{type:boolean}"` //是否内置
|
||||
}
|
||||
type ConsolePermission struct {
|
||||
ApiPermission []string `json:"api_permission"`
|
||||
//ID string `json:"id" elastic_mapping:"id:{type:keyword}"`
|
||||
//Name string `json:"name" elastic_mapping:"name:{type:keyword}"`
|
||||
Api []string `json:"api"`
|
||||
Menu []Menu `json:"menu"`
|
||||
}
|
||||
|
||||
type Menu struct {
|
||||
Id string `json:"id"`
|
||||
Name string `json:"name"`
|
||||
Switch string `json:"switch"`
|
||||
}
|
||||
type ElasticsearchPermission struct {
|
||||
Cluster []string `json:"cluster" elastic_mapping:"cluster:{type:object}"`
|
||||
|
@ -24,28 +28,3 @@ type ElasticsearchPermission struct {
|
|||
ClusterPrivilege []string `json:"cluster_privilege" elastic_mapping:"cluster_privilege:{type:object}"`
|
||||
IndexPrivilege []string `json:"index_privilege" elastic_mapping:"index_privilege:{type:object}"`
|
||||
}
|
||||
|
||||
type ConsoleOperate struct {
|
||||
UserId string `json:"user_id" elastic_mapping:"user_id:{type:keyword}"`
|
||||
}
|
||||
type Operation struct {
|
||||
Id string `json:"id"`
|
||||
Timestamp time.Time `json:"timestamp"`
|
||||
Metadata struct {
|
||||
Labels struct {
|
||||
Userid string `json:"userid"`
|
||||
Username string `json:"username"`
|
||||
} `json:"labels"`
|
||||
Category string `json:"category"`
|
||||
Group string `json:"group"`
|
||||
Name string `json:"name"`
|
||||
Type string `json:"type"`
|
||||
} `json:"metadata"`
|
||||
Changelog []struct {
|
||||
From string `json:"from"`
|
||||
Path []string `json:"path"`
|
||||
To string `json:"to"`
|
||||
Type string `json:"type"`
|
||||
} `json:"changelog"`
|
||||
Payload interface{} `json:"payload"`
|
||||
}
|
||||
|
|
|
@ -5,7 +5,6 @@ import (
|
|||
"infini.sh/console/internal/biz"
|
||||
"infini.sh/console/internal/biz/enum"
|
||||
m "infini.sh/console/internal/middleware"
|
||||
|
||||
"infini.sh/framework/core/api"
|
||||
"infini.sh/framework/core/util"
|
||||
"os"
|
||||
|
@ -57,11 +56,33 @@ func loadJsonConfig() {
|
|||
}
|
||||
func loadRolePermission() {
|
||||
biz.RolePermission = make(map[string][]string)
|
||||
biz.RolePermission["admin_user"] = enum.AdminUser
|
||||
|
||||
biz.RolePermission["admin"] = enum.Admin
|
||||
}
|
||||
func init() {
|
||||
registerRouter()
|
||||
loadJsonConfig()
|
||||
loadRolePermission()
|
||||
|
||||
}
|
||||
func existInternalUser() {
|
||||
//user, err := biz.GetUser("admin")
|
||||
//if errors.Is(err, elastic.ErrNotFound) {
|
||||
// user.ID = "admin"
|
||||
// user.Username = "admin"
|
||||
// hash, _ := bcrypt.GenerateFromPassword([]byte("admin"), bcrypt.DefaultCost)
|
||||
//
|
||||
// user.Password = string(hash)
|
||||
// user.Email = ""
|
||||
// user.Phone = ""
|
||||
// user.Name = ""
|
||||
//
|
||||
//
|
||||
// user.Created = time.Now()
|
||||
// user.Updated = time.Now()
|
||||
//
|
||||
//}
|
||||
}
|
||||
func existInternalRole() {
|
||||
|
||||
}
|
||||
|
|
|
@ -14,30 +14,39 @@ import (
|
|||
|
||||
func (h Rbac) CreateRole(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
|
||||
roleType := ps.MustGetParameter("type")
|
||||
var err error
|
||||
|
||||
var req dto.CreateRole
|
||||
err = h.DecodeJSON(r, &req)
|
||||
if err != nil {
|
||||
h.Error400(w, err.Error())
|
||||
return
|
||||
}
|
||||
req.RoleType = roleType
|
||||
|
||||
var id string
|
||||
localUser, err := biz.FromUserContext(r.Context())
|
||||
if err != nil {
|
||||
log.Error(err.Error())
|
||||
h.Error(w, err)
|
||||
return
|
||||
}
|
||||
id, err = biz.CreateRole(localUser, req)
|
||||
var id string
|
||||
switch roleType {
|
||||
case biz.Console:
|
||||
var req dto.CreateConsoleRole
|
||||
err = h.DecodeJSON(r, &req)
|
||||
if err != nil {
|
||||
h.Error400(w, err.Error())
|
||||
return
|
||||
}
|
||||
req.RoleType = roleType
|
||||
id, err = biz.CreateRole(localUser, req)
|
||||
case biz.Elastisearch:
|
||||
var req dto.CreateEsRole
|
||||
err = h.DecodeJSON(r, &req)
|
||||
if err != nil {
|
||||
h.Error400(w, err.Error())
|
||||
return
|
||||
}
|
||||
req.RoleType = roleType
|
||||
id, err = biz.CreateEsRole(localUser, req)
|
||||
}
|
||||
|
||||
if err != nil {
|
||||
_ = log.Error(err.Error())
|
||||
h.Error(w, err)
|
||||
return
|
||||
}
|
||||
|
||||
_ = h.WriteOKJSON(w, core.CreateResponse(id))
|
||||
return
|
||||
|
||||
|
@ -116,7 +125,7 @@ func (h Rbac) DeleteRole(w http.ResponseWriter, r *http.Request, ps httprouter.P
|
|||
func (h Rbac) UpdateRole(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
|
||||
id := ps.MustGetParameter("id")
|
||||
|
||||
var req dto.UpdateRole
|
||||
var req dto.UpdateConsoleRole
|
||||
err := h.DecodeJSON(r, &req)
|
||||
if err != nil {
|
||||
h.Error(w, err)
|
||||
|
|
Loading…
Reference in New Issue