floraachy
/
console
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: (rbac) create console role and es role

This commit is contained in:
xushuhui 2022-04-21 15:38:57 +08:00
parent bfc314d01d
commit 8d730834dd
5 changed files with 118 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
internal/biz/role.go
View File

@ -12,7 +12,59 @@ import (
"time" "time"
) )
func CreateRole(localUser *User, req dto.CreateRole) (id string, err error) { func CreateEsRole(localUser *User, req dto.CreateEsRole) (id string, err error) {
q := orm.Query{Size: 1000}
q.Conds = orm.And(orm.Eq("name", req.Name))
err, result := orm.Search(rbac.Role{}, &q)
if err != nil {
return
}
if result.Total > 0 {
err = fmt.Errorf("role name %s already exists", req.Name)
return
}
role := &rbac.Role{
Name: req.Name,
Description: req.Description,
RoleType: req.RoleType,
Permission: req.Permission,
}
role.ID = util.GetUUID()
role.Created = time.Now()
role.Updated = time.Now()
err = orm.Save(role)
if err != nil {
return
}
id = role.ID
err = orm.Save(GenerateEvent(event.ActivityMetadata{
Category: "platform",
Group: "rbac",
Name: "role",
Type: "create",
Labels: util.MapStr{
"id": id,
"name": req.Name,
"description": req.Description,
"permission": req.Permission,
"type": req.RoleType,
"created": role.Created.Format("2006-01-02 15:04:05"),
"updated": role.Updated.Format("2006-01-02 15:04:05"),
},
User: util.MapStr{
"userid": localUser.UserId,
"username": localUser.Username,
},
}, nil, nil))
if err != nil {
log.Error(err)
}
return
}
func CreateRole(localUser *User, req dto.CreateConsoleRole) (id string, err error) {
q := orm.Query{Size: 1000} q := orm.Query{Size: 1000}
q.Conds = orm.And(orm.Eq("name", req.Name)) q.Conds = orm.And(orm.Eq("name", req.Name))
@ -102,7 +154,7 @@ func DeleteRole(localUser *User, id string) (err error) {
return return
} }
func UpdateRole(localUser *User, id string, req dto.UpdateRole) (err error) { func UpdateRole(localUser *User, id string, req dto.UpdateConsoleRole) (err error) {
role := rbac.Role{} role := rbac.Role{}
role.ID = id role.ID = id
_, err = orm.Get(&role) _, err = orm.Get(&role)

12
internal/dto/role.go
View File

@ -1,6 +1,6 @@
package dto package dto
type CreateRole struct { type CreateConsoleRole struct {
Name string `json:"name"` Name string `json:"name"`
Description string `json:"description" ` Description string `json:"description" `
RoleType string `json:"type" ` RoleType string `json:"type" `
@ -15,9 +15,15 @@ type Menu struct {
Name string `json:"name"` Name string `json:"name"`
Switch string `json:"switch"` Switch string `json:"switch"`
} }
type UpdateRole struct { type UpdateConsoleRole struct {
Description string `json:"description" ` Description string `json:"description" `
Permission interface{} `json:"permission"` Permission RolePermission `json:"permission"`
}
type CreateEsRole struct {
Name string `json:"name"`
Description string `json:"description" `
RoleType string `json:"type" `
Permission ElasticsearchPermission `json:"permission"`
} }
type ElasticsearchPermission struct { type ElasticsearchPermission struct {
Cluster []string `json:"cluster" ` Cluster []string `json:"cluster" `

37
model/rbac/role.go
View File

@ -2,7 +2,6 @@ package rbac
import ( import (
"infini.sh/framework/core/orm" "infini.sh/framework/core/orm"
"time"
) )
type Role struct { type Role struct {
@ -14,9 +13,14 @@ type Role struct {
BuiltIn bool `json:"builtin" elastic_mapping:"builtin:{type:boolean}"` //是否内置 BuiltIn bool `json:"builtin" elastic_mapping:"builtin:{type:boolean}"` //是否内置
} }
type ConsolePermission struct { type ConsolePermission struct {
ApiPermission []string `json:"api_permission"` Api []string `json:"api"`
//ID string `json:"id" elastic_mapping:"id:{type:keyword}"` Menu []Menu `json:"menu"`
//Name string `json:"name" elastic_mapping:"name:{type:keyword}"` }
type Menu struct {
Id string `json:"id"`
Name string `json:"name"`
Switch string `json:"switch"`
} }
type ElasticsearchPermission struct { type ElasticsearchPermission struct {
Cluster []string `json:"cluster" elastic_mapping:"cluster:{type:object}"` Cluster []string `json:"cluster" elastic_mapping:"cluster:{type:object}"`
@ -24,28 +28,3 @@ type ElasticsearchPermission struct {
ClusterPrivilege []string `json:"cluster_privilege" elastic_mapping:"cluster_privilege:{type:object}"` ClusterPrivilege []string `json:"cluster_privilege" elastic_mapping:"cluster_privilege:{type:object}"`
IndexPrivilege []string `json:"index_privilege" elastic_mapping:"index_privilege:{type:object}"` IndexPrivilege []string `json:"index_privilege" elastic_mapping:"index_privilege:{type:object}"`
} }
type ConsoleOperate struct {
UserId string `json:"user_id" elastic_mapping:"user_id:{type:keyword}"`
}
type Operation struct {
Id string `json:"id"`
Timestamp time.Time `json:"timestamp"`
Metadata struct {
Labels struct {
Userid string `json:"userid"`
Username string `json:"username"`
} `json:"labels"`
Category string `json:"category"`
Group string `json:"group"`
Name string `json:"name"`
Type string `json:"type"`
} `json:"metadata"`
Changelog []struct {
From string `json:"from"`
Path []string `json:"path"`
To string `json:"to"`
Type string `json:"type"`
} `json:"changelog"`
Payload interface{} `json:"payload"`
}

25
plugin/api/rbac/init.go
View File

@ -5,7 +5,6 @@ import (
"infini.sh/console/internal/biz" "infini.sh/console/internal/biz"
"infini.sh/console/internal/biz/enum" "infini.sh/console/internal/biz/enum"
m "infini.sh/console/internal/middleware" m "infini.sh/console/internal/middleware"
"infini.sh/framework/core/api" "infini.sh/framework/core/api"
"infini.sh/framework/core/util" "infini.sh/framework/core/util"
"os" "os"
@ -57,11 +56,33 @@ func loadJsonConfig() {
} }
func loadRolePermission() { func loadRolePermission() {
biz.RolePermission = make(map[string][]string) biz.RolePermission = make(map[string][]string)
biz.RolePermission["admin_user"] = enum.AdminUser
biz.RolePermission["admin"] = enum.Admin biz.RolePermission["admin"] = enum.Admin
} }
func init() { func init() {
registerRouter() registerRouter()
loadJsonConfig() loadJsonConfig()
loadRolePermission() loadRolePermission()
}
func existInternalUser() {
//user, err := biz.GetUser("admin")
//if errors.Is(err, elastic.ErrNotFound) {
// user.ID = "admin"
// user.Username = "admin"
// hash, _ := bcrypt.GenerateFromPassword([]byte("admin"), bcrypt.DefaultCost)
//
// user.Password = string(hash)
// user.Email = ""
// user.Phone = ""
// user.Name = ""
//
//
// user.Created = time.Now()
// user.Updated = time.Now()
//
//}
}
func existInternalRole() {
} }

35
plugin/api/rbac/role.go
View File

@ -14,30 +14,39 @@ import (
func (h Rbac) CreateRole(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { func (h Rbac) CreateRole(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
roleType := ps.MustGetParameter("type") roleType := ps.MustGetParameter("type")
var err error
var req dto.CreateRole
err = h.DecodeJSON(r, &req)
if err != nil {
h.Error400(w, err.Error())
return
}
req.RoleType = roleType
var id string
localUser, err := biz.FromUserContext(r.Context()) localUser, err := biz.FromUserContext(r.Context())
if err != nil { if err != nil {
log.Error(err.Error()) log.Error(err.Error())
h.Error(w, err) h.Error(w, err)
return return
} }
var id string
switch roleType {
case biz.Console:
var req dto.CreateConsoleRole
err = h.DecodeJSON(r, &req)
if err != nil {
h.Error400(w, err.Error())
return
}
req.RoleType = roleType
id, err = biz.CreateRole(localUser, req) id, err = biz.CreateRole(localUser, req)
case biz.Elastisearch:
var req dto.CreateEsRole
err = h.DecodeJSON(r, &req)
if err != nil {
h.Error400(w, err.Error())
return
}
req.RoleType = roleType
id, err = biz.CreateEsRole(localUser, req)
}
if err != nil { if err != nil {
_ = log.Error(err.Error()) _ = log.Error(err.Error())
h.Error(w, err) h.Error(w, err)
return return
} }
_ = h.WriteOKJSON(w, core.CreateResponse(id)) _ = h.WriteOKJSON(w, core.CreateResponse(id))
return return
@ -116,7 +125,7 @@ func (h Rbac) DeleteRole(w http.ResponseWriter, r *http.Request, ps httprouter.P
func (h Rbac) UpdateRole(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { func (h Rbac) UpdateRole(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
id := ps.MustGetParameter("id") id := ps.MustGetParameter("id")
var req dto.UpdateRole var req dto.UpdateConsoleRole
err := h.DecodeJSON(r, &req) err := h.DecodeJSON(r, &req)
if err != nil { if err != nil {
h.Error(w, err) h.Error(w, err)