diff --git a/internal/biz/role.go b/internal/biz/role.go index 9716136b..a788bf87 100644 --- a/internal/biz/role.go +++ b/internal/biz/role.go @@ -12,7 +12,59 @@ import ( "time" ) -func CreateRole(localUser *User, req dto.CreateRole) (id string, err error) { +func CreateEsRole(localUser *User, req dto.CreateEsRole) (id string, err error) { + q := orm.Query{Size: 1000} + q.Conds = orm.And(orm.Eq("name", req.Name)) + + err, result := orm.Search(rbac.Role{}, &q) + if err != nil { + return + } + if result.Total > 0 { + err = fmt.Errorf("role name %s already exists", req.Name) + return + } + + role := &rbac.Role{ + Name: req.Name, + Description: req.Description, + RoleType: req.RoleType, + Permission: req.Permission, + } + role.ID = util.GetUUID() + role.Created = time.Now() + role.Updated = time.Now() + err = orm.Save(role) + if err != nil { + return + } + id = role.ID + err = orm.Save(GenerateEvent(event.ActivityMetadata{ + Category: "platform", + Group: "rbac", + Name: "role", + Type: "create", + Labels: util.MapStr{ + "id": id, + "name": req.Name, + "description": req.Description, + "permission": req.Permission, + "type": req.RoleType, + "created": role.Created.Format("2006-01-02 15:04:05"), + "updated": role.Updated.Format("2006-01-02 15:04:05"), + }, + User: util.MapStr{ + "userid": localUser.UserId, + "username": localUser.Username, + }, + }, nil, nil)) + + if err != nil { + log.Error(err) + } + return +} +func CreateRole(localUser *User, req dto.CreateConsoleRole) (id string, err error) { q := orm.Query{Size: 1000} q.Conds = orm.And(orm.Eq("name", req.Name)) @@ -102,7 +154,7 @@ func DeleteRole(localUser *User, id string) (err error) { return } -func UpdateRole(localUser *User, id string, req dto.UpdateRole) (err error) { +func UpdateRole(localUser *User, id string, req dto.UpdateConsoleRole) (err error) { role := rbac.Role{} role.ID = id _, err = orm.Get(&role) diff --git a/internal/dto/role.go b/internal/dto/role.go index fb56ebb1..ca5e65e3 100644 --- a/internal/dto/role.go +++ b/internal/dto/role.go @@ -1,6 +1,6 @@ package dto -type CreateRole struct { +type CreateConsoleRole struct { Name string `json:"name"` Description string `json:"description" ` RoleType string `json:"type" ` @@ -15,9 +15,15 @@ type Menu struct { Name string `json:"name"` Switch string `json:"switch"` } -type UpdateRole struct { - Description string `json:"description" ` - Permission interface{} `json:"permission"` +type UpdateConsoleRole struct { + Description string `json:"description" ` + Permission RolePermission `json:"permission"` +} +type CreateEsRole struct { + Name string `json:"name"` + Description string `json:"description" ` + RoleType string `json:"type" ` + Permission ElasticsearchPermission `json:"permission"` } type ElasticsearchPermission struct { Cluster []string `json:"cluster" ` diff --git a/model/rbac/role.go b/model/rbac/role.go index 07331e6c..b36ec54f 100644 --- a/model/rbac/role.go +++ b/model/rbac/role.go @@ -2,7 +2,6 @@ package rbac import ( "infini.sh/framework/core/orm" - "time" ) type Role struct { @@ -14,9 +13,14 @@ type Role struct { BuiltIn bool `json:"builtin" elastic_mapping:"builtin:{type:boolean}"` //是否内置 } type ConsolePermission struct { - ApiPermission []string `json:"api_permission"` - //ID string `json:"id" elastic_mapping:"id:{type:keyword}"` - //Name string `json:"name" elastic_mapping:"name:{type:keyword}"` + Api []string `json:"api"` + Menu []Menu `json:"menu"` +} + +type Menu struct { + Id string `json:"id"` + Name string `json:"name"` + Switch string `json:"switch"` } type ElasticsearchPermission struct { Cluster []string `json:"cluster" elastic_mapping:"cluster:{type:object}"` @@ -24,28 +28,3 @@ type ElasticsearchPermission struct { ClusterPrivilege []string `json:"cluster_privilege" elastic_mapping:"cluster_privilege:{type:object}"` IndexPrivilege []string `json:"index_privilege" elastic_mapping:"index_privilege:{type:object}"` } - -type ConsoleOperate struct { - UserId string `json:"user_id" elastic_mapping:"user_id:{type:keyword}"` -} -type Operation struct { - Id string `json:"id"` - Timestamp time.Time `json:"timestamp"` - Metadata struct { - Labels struct { - Userid string `json:"userid"` - Username string `json:"username"` - } `json:"labels"` - Category string `json:"category"` - Group string `json:"group"` - Name string `json:"name"` - Type string `json:"type"` - } `json:"metadata"` - Changelog []struct { - From string `json:"from"` - Path []string `json:"path"` - To string `json:"to"` - Type string `json:"type"` - } `json:"changelog"` - Payload interface{} `json:"payload"` -} diff --git a/plugin/api/rbac/init.go b/plugin/api/rbac/init.go index d9abb13b..348d0760 100644 --- a/plugin/api/rbac/init.go +++ b/plugin/api/rbac/init.go @@ -5,7 +5,6 @@ import ( "infini.sh/console/internal/biz" "infini.sh/console/internal/biz/enum" m "infini.sh/console/internal/middleware" - "infini.sh/framework/core/api" "infini.sh/framework/core/util" "os" @@ -57,11 +56,33 @@ func loadJsonConfig() { } func loadRolePermission() { biz.RolePermission = make(map[string][]string) - biz.RolePermission["admin_user"] = enum.AdminUser + biz.RolePermission["admin"] = enum.Admin } func init() { registerRouter() loadJsonConfig() loadRolePermission() + +} +func existInternalUser() { + //user, err := biz.GetUser("admin") + //if errors.Is(err, elastic.ErrNotFound) { + // user.ID = "admin" + // user.Username = "admin" + // hash, _ := bcrypt.GenerateFromPassword([]byte("admin"), bcrypt.DefaultCost) + // + // user.Password = string(hash) + // user.Email = "" + // user.Phone = "" + // user.Name = "" + // + // + // user.Created = time.Now() + // user.Updated = time.Now() + // + //} +} +func existInternalRole() { + } diff --git a/plugin/api/rbac/role.go b/plugin/api/rbac/role.go index 86029c6c..50421b69 100644 --- a/plugin/api/rbac/role.go +++ b/plugin/api/rbac/role.go @@ -14,30 +14,39 @@ import ( func (h Rbac) CreateRole(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { roleType := ps.MustGetParameter("type") - var err error - - var req dto.CreateRole - err = h.DecodeJSON(r, &req) - if err != nil { - h.Error400(w, err.Error()) - return - } - req.RoleType = roleType - - var id string localUser, err := biz.FromUserContext(r.Context()) if err != nil { log.Error(err.Error()) h.Error(w, err) return } - id, err = biz.CreateRole(localUser, req) + var id string + switch roleType { + case biz.Console: + var req dto.CreateConsoleRole + err = h.DecodeJSON(r, &req) + if err != nil { + h.Error400(w, err.Error()) + return + } + req.RoleType = roleType + id, err = biz.CreateRole(localUser, req) + case biz.Elastisearch: + var req dto.CreateEsRole + err = h.DecodeJSON(r, &req) + if err != nil { + h.Error400(w, err.Error()) + return + } + req.RoleType = roleType + id, err = biz.CreateEsRole(localUser, req) + } + if err != nil { _ = log.Error(err.Error()) h.Error(w, err) return } - _ = h.WriteOKJSON(w, core.CreateResponse(id)) return @@ -116,7 +125,7 @@ func (h Rbac) DeleteRole(w http.ResponseWriter, r *http.Request, ps httprouter.P func (h Rbac) UpdateRole(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { id := ps.MustGetParameter("id") - var req dto.UpdateRole + var req dto.UpdateConsoleRole err := h.DecodeJSON(r, &req) if err != nil { h.Error(w, err)