fix: (rbac) create console role and es role

2022-04-21 15:38:57 +08:00 · 2022-04-21 15:38:57 +08:00 · 8d730834dd
parent bfc314d01d
commit 8d730834dd
5 changed files with 118 additions and 51 deletions
--- a/internal/biz/role.go
+++ b/internal/biz/role.go
@ -12,7 +12,59 @@ import (
 	"time"
 )

-func CreateRole(localUser *User, req dto.CreateRole) (id string, err error) {
+func CreateEsRole(localUser *User, req dto.CreateEsRole) (id string, err error) {
+	q := orm.Query{Size: 1000}
+	q.Conds = orm.And(orm.Eq("name", req.Name))
+
+	err, result := orm.Search(rbac.Role{}, &q)
+	if err != nil {
+		return
+	}
+	if result.Total > 0 {
+		err = fmt.Errorf("role name %s already exists", req.Name)
+		return
+	}
+
+	role := &rbac.Role{
+		Name:        req.Name,
+		Description: req.Description,
+		RoleType:    req.RoleType,
+		Permission:  req.Permission,
+	}
+	role.ID = util.GetUUID()
+	role.Created = time.Now()
+	role.Updated = time.Now()
+	err = orm.Save(role)
+	if err != nil {
+		return
+	}
+	id = role.ID
+	err = orm.Save(GenerateEvent(event.ActivityMetadata{
+		Category: "platform",
+		Group:    "rbac",
+		Name:     "role",
+		Type:     "create",
+		Labels: util.MapStr{
+			"id":          id,
+			"name":        req.Name,
+			"description": req.Description,
+			"permission":  req.Permission,
+			"type":        req.RoleType,
+			"created":     role.Created.Format("2006-01-02 15:04:05"),
+			"updated":     role.Updated.Format("2006-01-02 15:04:05"),
+		},
+		User: util.MapStr{
+			"userid":   localUser.UserId,
+			"username": localUser.Username,
+		},
+	}, nil, nil))
+
+	if err != nil {
+		log.Error(err)
+	}
+	return
+}
+func CreateRole(localUser *User, req dto.CreateConsoleRole) (id string, err error) {

 	q := orm.Query{Size: 1000}
 	q.Conds = orm.And(orm.Eq("name", req.Name))
@ -102,7 +154,7 @@ func DeleteRole(localUser *User, id string) (err error) {
 	return
 }

-func UpdateRole(localUser *User, id string, req dto.UpdateRole) (err error) {
+func UpdateRole(localUser *User, id string, req dto.UpdateConsoleRole) (err error) {
 	role := rbac.Role{}
 	role.ID = id
 	_, err = orm.Get(&role)
--- a/internal/dto/role.go
+++ b/internal/dto/role.go
@ -1,6 +1,6 @@
 package dto

-type CreateRole struct {
+type CreateConsoleRole struct {
 	Name        string         `json:"name"`
 	Description string         `json:"description" `
 	RoleType    string         `json:"type" `
@ -15,9 +15,15 @@ type Menu struct {
 	Name   string `json:"name"`
 	Switch string `json:"switch"`
 }
-type UpdateRole struct {
-	Description string      `json:"description" `
-	Permission  interface{} `json:"permission"`
+type UpdateConsoleRole struct {
+	Description string         `json:"description" `
+	Permission  RolePermission `json:"permission"`
+}
+type CreateEsRole struct {
+	Name        string                  `json:"name"`
+	Description string                  `json:"description" `
+	RoleType    string                  `json:"type" `
+	Permission  ElasticsearchPermission `json:"permission"`
 }
 type ElasticsearchPermission struct {
 	Cluster          []string `json:"cluster" `
--- a/model/rbac/role.go
+++ b/model/rbac/role.go
@ -2,7 +2,6 @@ package rbac

 import (
 	"infini.sh/framework/core/orm"
-	"time"
 )

 type Role struct {
@ -14,9 +13,14 @@ type Role struct {
 	BuiltIn     bool        `json:"builtin" elastic_mapping:"builtin:{type:boolean}"` //是否内置
 }
 type ConsolePermission struct {
-	ApiPermission []string `json:"api_permission"`
-	//ID   string `json:"id" elastic_mapping:"id:{type:keyword}"`
-	//Name string `json:"name" elastic_mapping:"name:{type:keyword}"`
+	Api  []string `json:"api"`
+	Menu []Menu   `json:"menu"`
+}
+
+type Menu struct {
+	Id     string `json:"id"`
+	Name   string `json:"name"`
+	Switch string `json:"switch"`
 }
 type ElasticsearchPermission struct {
 	Cluster          []string `json:"cluster" elastic_mapping:"cluster:{type:object}"`
@ -24,28 +28,3 @@ type ElasticsearchPermission struct {
 	ClusterPrivilege []string `json:"cluster_privilege" elastic_mapping:"cluster_privilege:{type:object}"`
 	IndexPrivilege   []string `json:"index_privilege" elastic_mapping:"index_privilege:{type:object}"`
 }
-
-type ConsoleOperate struct {
-	UserId string `json:"user_id" elastic_mapping:"user_id:{type:keyword}"`
-}
-type Operation struct {
-	Id        string    `json:"id"`
-	Timestamp time.Time `json:"timestamp"`
-	Metadata  struct {
-		Labels struct {
-			Userid   string `json:"userid"`
-			Username string `json:"username"`
-		} `json:"labels"`
-		Category string `json:"category"`
-		Group    string `json:"group"`
-		Name     string `json:"name"`
-		Type     string `json:"type"`
-	} `json:"metadata"`
-	Changelog []struct {
-		From string   `json:"from"`
-		Path []string `json:"path"`
-		To   string   `json:"to"`
-		Type string   `json:"type"`
-	} `json:"changelog"`
-	Payload interface{} `json:"payload"`
-}
--- a/plugin/api/rbac/init.go
+++ b/plugin/api/rbac/init.go
@ -5,7 +5,6 @@ import (
 	"infini.sh/console/internal/biz"
 	"infini.sh/console/internal/biz/enum"
 	m "infini.sh/console/internal/middleware"
-
 	"infini.sh/framework/core/api"
 	"infini.sh/framework/core/util"
 	"os"
@ -57,11 +56,33 @@ func loadJsonConfig() {
 }
 func loadRolePermission() {
 	biz.RolePermission = make(map[string][]string)
-	biz.RolePermission["admin_user"] = enum.AdminUser
+
 	biz.RolePermission["admin"] = enum.Admin
 }
 func init() {
 	registerRouter()
 	loadJsonConfig()
 	loadRolePermission()
+
+}
+func existInternalUser() {
+	//user, err := biz.GetUser("admin")
+	//if errors.Is(err, elastic.ErrNotFound) {
+	//	user.ID = "admin"
+	//	user.Username = "admin"
+	//	hash, _ := bcrypt.GenerateFromPassword([]byte("admin"), bcrypt.DefaultCost)
+	//
+	//	user.Password = string(hash)
+	//	user.Email = ""
+	//	user.Phone = ""
+	//	user.Name = ""
+	//
+	//
+	//	user.Created = time.Now()
+	//	user.Updated = time.Now()
+	//
+	//}
+}
+func existInternalRole() {
+
 }
--- a/plugin/api/rbac/role.go
+++ b/plugin/api/rbac/role.go
@ -14,30 +14,39 @@ import (

 func (h Rbac) CreateRole(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
 	roleType := ps.MustGetParameter("type")
-	var err error
-
-	var req dto.CreateRole
-	err = h.DecodeJSON(r, &req)
-	if err != nil {
-		h.Error400(w, err.Error())
-		return
-	}
-	req.RoleType = roleType
-
-	var id string
 	localUser, err := biz.FromUserContext(r.Context())
 	if err != nil {
 		log.Error(err.Error())
 		h.Error(w, err)
 		return
 	}
-	id, err = biz.CreateRole(localUser, req)
+	var id string
+	switch roleType {
+	case biz.Console:
+		var req dto.CreateConsoleRole
+		err = h.DecodeJSON(r, &req)
+		if err != nil {
+			h.Error400(w, err.Error())
+			return
+		}
+		req.RoleType = roleType
+		id, err = biz.CreateRole(localUser, req)
+	case biz.Elastisearch:
+		var req dto.CreateEsRole
+		err = h.DecodeJSON(r, &req)
+		if err != nil {
+			h.Error400(w, err.Error())
+			return
+		}
+		req.RoleType = roleType
+		id, err = biz.CreateEsRole(localUser, req)
+	}
+
 	if err != nil {
 		_ = log.Error(err.Error())
 		h.Error(w, err)
 		return
 	}
-
 	_ = h.WriteOKJSON(w, core.CreateResponse(id))
 	return

@ -116,7 +125,7 @@ func (h Rbac) DeleteRole(w http.ResponseWriter, r *http.Request, ps httprouter.P
 func (h Rbac) UpdateRole(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
 	id := ps.MustGetParameter("id")

-	var req dto.UpdateRole
+	var req dto.UpdateConsoleRole
 	err := h.DecodeJSON(r, &req)
 	if err != nil {
 		h.Error(w, err)