fix: (rbac) create console role and es role

This commit is contained in:
xushuhui 2022-04-21 15:38:57 +08:00
parent bfc314d01d
commit 8d730834dd
5 changed files with 118 additions and 51 deletions

View File

@ -12,7 +12,59 @@ import (
"time"
)
func CreateRole(localUser *User, req dto.CreateRole) (id string, err error) {
func CreateEsRole(localUser *User, req dto.CreateEsRole) (id string, err error) {
q := orm.Query{Size: 1000}
q.Conds = orm.And(orm.Eq("name", req.Name))
err, result := orm.Search(rbac.Role{}, &q)
if err != nil {
return
}
if result.Total > 0 {
err = fmt.Errorf("role name %s already exists", req.Name)
return
}
role := &rbac.Role{
Name: req.Name,
Description: req.Description,
RoleType: req.RoleType,
Permission: req.Permission,
}
role.ID = util.GetUUID()
role.Created = time.Now()
role.Updated = time.Now()
err = orm.Save(role)
if err != nil {
return
}
id = role.ID
err = orm.Save(GenerateEvent(event.ActivityMetadata{
Category: "platform",
Group: "rbac",
Name: "role",
Type: "create",
Labels: util.MapStr{
"id": id,
"name": req.Name,
"description": req.Description,
"permission": req.Permission,
"type": req.RoleType,
"created": role.Created.Format("2006-01-02 15:04:05"),
"updated": role.Updated.Format("2006-01-02 15:04:05"),
},
User: util.MapStr{
"userid": localUser.UserId,
"username": localUser.Username,
},
}, nil, nil))
if err != nil {
log.Error(err)
}
return
}
func CreateRole(localUser *User, req dto.CreateConsoleRole) (id string, err error) {
q := orm.Query{Size: 1000}
q.Conds = orm.And(orm.Eq("name", req.Name))
@ -102,7 +154,7 @@ func DeleteRole(localUser *User, id string) (err error) {
return
}
func UpdateRole(localUser *User, id string, req dto.UpdateRole) (err error) {
func UpdateRole(localUser *User, id string, req dto.UpdateConsoleRole) (err error) {
role := rbac.Role{}
role.ID = id
_, err = orm.Get(&role)

View File

@ -1,6 +1,6 @@
package dto
type CreateRole struct {
type CreateConsoleRole struct {
Name string `json:"name"`
Description string `json:"description" `
RoleType string `json:"type" `
@ -15,9 +15,15 @@ type Menu struct {
Name string `json:"name"`
Switch string `json:"switch"`
}
type UpdateRole struct {
Description string `json:"description" `
Permission interface{} `json:"permission"`
type UpdateConsoleRole struct {
Description string `json:"description" `
Permission RolePermission `json:"permission"`
}
type CreateEsRole struct {
Name string `json:"name"`
Description string `json:"description" `
RoleType string `json:"type" `
Permission ElasticsearchPermission `json:"permission"`
}
type ElasticsearchPermission struct {
Cluster []string `json:"cluster" `

View File

@ -2,7 +2,6 @@ package rbac
import (
"infini.sh/framework/core/orm"
"time"
)
type Role struct {
@ -14,9 +13,14 @@ type Role struct {
BuiltIn bool `json:"builtin" elastic_mapping:"builtin:{type:boolean}"` //是否内置
}
type ConsolePermission struct {
ApiPermission []string `json:"api_permission"`
//ID string `json:"id" elastic_mapping:"id:{type:keyword}"`
//Name string `json:"name" elastic_mapping:"name:{type:keyword}"`
Api []string `json:"api"`
Menu []Menu `json:"menu"`
}
type Menu struct {
Id string `json:"id"`
Name string `json:"name"`
Switch string `json:"switch"`
}
type ElasticsearchPermission struct {
Cluster []string `json:"cluster" elastic_mapping:"cluster:{type:object}"`
@ -24,28 +28,3 @@ type ElasticsearchPermission struct {
ClusterPrivilege []string `json:"cluster_privilege" elastic_mapping:"cluster_privilege:{type:object}"`
IndexPrivilege []string `json:"index_privilege" elastic_mapping:"index_privilege:{type:object}"`
}
type ConsoleOperate struct {
UserId string `json:"user_id" elastic_mapping:"user_id:{type:keyword}"`
}
type Operation struct {
Id string `json:"id"`
Timestamp time.Time `json:"timestamp"`
Metadata struct {
Labels struct {
Userid string `json:"userid"`
Username string `json:"username"`
} `json:"labels"`
Category string `json:"category"`
Group string `json:"group"`
Name string `json:"name"`
Type string `json:"type"`
} `json:"metadata"`
Changelog []struct {
From string `json:"from"`
Path []string `json:"path"`
To string `json:"to"`
Type string `json:"type"`
} `json:"changelog"`
Payload interface{} `json:"payload"`
}

View File

@ -5,7 +5,6 @@ import (
"infini.sh/console/internal/biz"
"infini.sh/console/internal/biz/enum"
m "infini.sh/console/internal/middleware"
"infini.sh/framework/core/api"
"infini.sh/framework/core/util"
"os"
@ -57,11 +56,33 @@ func loadJsonConfig() {
}
func loadRolePermission() {
biz.RolePermission = make(map[string][]string)
biz.RolePermission["admin_user"] = enum.AdminUser
biz.RolePermission["admin"] = enum.Admin
}
func init() {
registerRouter()
loadJsonConfig()
loadRolePermission()
}
func existInternalUser() {
//user, err := biz.GetUser("admin")
//if errors.Is(err, elastic.ErrNotFound) {
// user.ID = "admin"
// user.Username = "admin"
// hash, _ := bcrypt.GenerateFromPassword([]byte("admin"), bcrypt.DefaultCost)
//
// user.Password = string(hash)
// user.Email = ""
// user.Phone = ""
// user.Name = ""
//
//
// user.Created = time.Now()
// user.Updated = time.Now()
//
//}
}
func existInternalRole() {
}

View File

@ -14,30 +14,39 @@ import (
func (h Rbac) CreateRole(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
roleType := ps.MustGetParameter("type")
var err error
var req dto.CreateRole
err = h.DecodeJSON(r, &req)
if err != nil {
h.Error400(w, err.Error())
return
}
req.RoleType = roleType
var id string
localUser, err := biz.FromUserContext(r.Context())
if err != nil {
log.Error(err.Error())
h.Error(w, err)
return
}
id, err = biz.CreateRole(localUser, req)
var id string
switch roleType {
case biz.Console:
var req dto.CreateConsoleRole
err = h.DecodeJSON(r, &req)
if err != nil {
h.Error400(w, err.Error())
return
}
req.RoleType = roleType
id, err = biz.CreateRole(localUser, req)
case biz.Elastisearch:
var req dto.CreateEsRole
err = h.DecodeJSON(r, &req)
if err != nil {
h.Error400(w, err.Error())
return
}
req.RoleType = roleType
id, err = biz.CreateEsRole(localUser, req)
}
if err != nil {
_ = log.Error(err.Error())
h.Error(w, err)
return
}
_ = h.WriteOKJSON(w, core.CreateResponse(id))
return
@ -116,7 +125,7 @@ func (h Rbac) DeleteRole(w http.ResponseWriter, r *http.Request, ps httprouter.P
func (h Rbac) UpdateRole(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
id := ps.MustGetParameter("id")
var req dto.UpdateRole
var req dto.UpdateConsoleRole
err := h.DecodeJSON(r, &req)
if err != nil {
h.Error(w, err)