fix: (rbac) cluster privilege change map to []string

internal/biz/permission.go

@@ -15,7 +15,7 @@ type Role struct {
 		Id   string `json:"id"`
 		Name string `json:"name"`
 	} `json:"cluster,omitempty"`
-	ClusterPrivilege []map[string][]string `json:"cluster_privilege,omitempty"`
+	ClusterPrivilege []string `json:"cluster_privilege,omitempty"`
 	Index            []struct {
 		Name      []string `json:"name"`
 		Privilege []string `json:"privilege"`

internal/biz/role.go

@@ -31,15 +31,19 @@ type ConsoleRole struct {
 	Platform    []string `json:"platform,omitempty"`
 }
 
-type MenuPermission struct {
-	Id        string `json:"id"`
-	Privilege string `json:"privilege"`
-}
 type ElasticsearchRole struct {
 	Name        string `json:"name"`
 	Description string `json:"description" `
 	RoleType    string `json:"type" `
-	rbac.ElasticRole
+	Cluster     []struct {
+		Id   string `json:"id"`
+		Name string `json:"name"`
+	} `json:"cluster,omitempty"`
+	ClusterPrivilege []string `json:"cluster_privilege,omitempty"`
+	Index            []struct {
+		Name      []string `json:"name"`
+		Privilege []string `json:"privilege"`
+	} `json:"index,omitempty"`
 }
 
 func NewRole(typ string) (r IRole, err error) {
@@ -63,12 +67,15 @@ func (role ConsoleRole) Update(localUser *User, model rbac.Role) (err error) {
 	changeLog, _ := util.DiffTwoObject(model, role)
 	model.Description = role.Description
 	model.Platform = role.Platform
-
 	model.Updated = time.Now()
 	err = orm.Save(model)
 	if err != nil {
 		return
 	}
+	RoleMap[role.Name] = Role{
+		Name:     model.Name,
+		Platform: model.Platform,
+	}
 	err = orm.Save(GenerateEvent(event.ActivityMetadata{
 		Category: "platform",
 		Group:    "rbac",
@@ -100,6 +107,12 @@ func (role ElasticsearchRole) Update(localUser *User, model rbac.Role) (err erro
 	if err != nil {
 		return
 	}
+	RoleMap[role.Name] = Role{
+		Name:             model.Name,
+		Cluster:          model.Cluster,
+		ClusterPrivilege: model.ClusterPrivilege,
+		Index:            model.Index,
+	}
 	err = orm.Save(GenerateEvent(event.ActivityMetadata{
 		Category: "platform",
 		Group:    "rbac",
@@ -150,6 +163,10 @@ func (role ConsoleRole) Create(localUser *User) (id string, err error) {
 		return
 	}
 	id = newRole.ID
+	RoleMap[role.Name] = Role{
+		Name:     newRole.Name,
+		Platform: newRole.Platform,
+	}
 	err = orm.Save(GenerateEvent(event.ActivityMetadata{
 		Category: "platform",
 		Group:    "rbac",
@@ -210,6 +227,12 @@ func (role ElasticsearchRole) Create(localUser *User) (id string, err error) {
 		return
 	}
 	id = newRole.ID
+	RoleMap[role.Name] = Role{
+		Name:             newRole.Name,
+		Cluster:          newRole.Cluster,
+		ClusterPrivilege: newRole.ClusterPrivilege,
+		Index:            newRole.Index,
+	}
 	err = orm.Save(GenerateEvent(event.ActivityMetadata{
 		Category: "platform",
 		Group:    "rbac",
@@ -249,6 +272,7 @@ func DeleteRole(localUser *User, id string) (err error) {
 	if err != nil {
 		return
 	}
+	delete(RoleMap, role.Name)
 	err = orm.Save(GenerateEvent(event.ActivityMetadata{
 		Category: "platform",
 		Group:    "rbac",

internal/biz/user.go

@@ -28,6 +28,7 @@ func DeleteUser(localUser *User, id string) (err error) {
 	if err != nil {
 		return
 	}
+
 	err = orm.Save(GenerateEvent(event.ActivityMetadata{
 		Category: "platform",
 		Group:    "rbac",
@@ -190,6 +191,7 @@ func UpdateUserRole(localUser *User, id string, req dto.UpdateUserRole) (err err
 	if err != nil {
 		return
 	}
+
 	err = orm.Save(GenerateEvent(event.ActivityMetadata{
 		Category: "platform",
 		Group:    "rbac",

internal/biz/validate.go

@@ -89,18 +89,23 @@ func validateCluster(req EsRequest, userRole RolePermission, route string) (err
 		}
 	}
 	return errors.New("no cluster api permission")
+}
+func FilterCluster() {
+
 }
 func CombineUserRoles(roleNames []string) RolePermission {
 	newRole := RolePermission{}
-	for _, v := range roleNames {
-		role := RoleMap[v]
+	for _, val := range roleNames {
+		role := RoleMap[val]
 		for _, v := range role.Cluster {
 			newRole.Cluster = append(newRole.Cluster, v.Id)
 		}
+		for _, v := range role.ClusterPrivilege {
+			newRole.ClusterPrivilege = append(newRole.ClusterPrivilege, v)
+		}
 		for _, v := range role.Platform {
 			newRole.Platform = append(newRole.Platform, v)
 		}
-
 		for _, v := range role.Index {
 			newRole.Index = append(newRole.Index, v.Name...)
 			newRole.IndexPrivilege = append(newRole.IndexPrivilege, v.Privilege...)

internal/biz/validate_test.go

@@ -0,0 +1,155 @@
+package biz
+
+import (
+	"github.com/stretchr/testify/assert"
+	"testing"
+)
+
+func Test_validateIndex(t *testing.T) {
+	type args struct {
+		req      EsRequest
+		userRole RolePermission
+		route    string
+	}
+	tests := []struct {
+		name string
+		args args
+		want string
+	}{
+		{"no index permission",
+			args{
+				req: EsRequest{
+					Method:  "GET",
+					Cluster: []string{"cluster1"},
+					Index:   []string{"index2"},
+					Path:    "/index1/_mapping",
+				},
+				userRole: RolePermission{
+					Cluster: []string{
+						"cluster1",
+					},
+					Index: []string{
+						"index1",
+					},
+					ClusterPrivilege: []string{
+						"cat.*",
+					},
+					IndexPrivilege: []string{
+						"indices.get_mapping",
+					},
+				},
+				route: "indices.get_mapping",
+			}, "no index permission",
+		},
+		{"no index api permission",
+			args{
+				req: EsRequest{
+					Method:  "GET",
+					Cluster: []string{"cluster1"},
+					Index:   []string{"index1"},
+					Path:    "/index1/_mapping",
+				},
+				userRole: RolePermission{
+					Cluster: []string{
+						"cluster1",
+					},
+					Index: []string{
+
+						"index1",
+					},
+					ClusterPrivilege: []string{
+						"cat.*",
+					},
+					IndexPrivilege: []string{
+						"indices.delete",
+					},
+				},
+				route: "indices.get_mapping",
+			},
+			"no index api permission",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+
+			got := validateIndex(tt.args.req, tt.args.userRole, tt.args.route)
+
+			assert.EqualError(t, got, tt.want)
+		})
+	}
+}
+func Test_validateCluster(t *testing.T) {
+	type args struct {
+		req      EsRequest
+		userRole RolePermission
+		route    string
+	}
+	tests := []struct {
+		name string
+		args args
+		want string
+	}{
+		{"no cluster permission",
+			args{
+				req: EsRequest{
+					Method:  "GET",
+					Cluster: []string{"cluster1"},
+					Index:   []string{"index2"},
+					Path:    "/index1/_mapping",
+				},
+				userRole: RolePermission{
+					Cluster: []string{
+						"cluster2",
+					},
+					Index: []string{
+						"index1",
+					},
+					ClusterPrivilege: []string{
+						"cat.*",
+					},
+					IndexPrivilege: []string{
+						"indices.get_mapping",
+					},
+				},
+				route: "indices.get_mapping",
+			}, "no cluster permission",
+		},
+		{"no cluster api permission",
+			args{
+				req: EsRequest{
+					Method:  "GET",
+					Cluster: []string{"cluster1"},
+					Index:   []string{"index1"},
+					Path:    "/index1/_mapping",
+				},
+				userRole: RolePermission{
+					Cluster: []string{
+						"cluster1",
+					},
+					Index: []string{
+
+						"index1",
+					},
+					ClusterPrivilege: []string{
+						"cat.*",
+					},
+					IndexPrivilege: []string{
+						"indices.delete",
+					},
+				},
+				route: "indices.get_mapping",
+			},
+			"no cluster api permission",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+
+			got := validateCluster(tt.args.req, tt.args.userRole, tt.args.route)
+
+			assert.EqualError(t, got, tt.want)
+		})
+	}
+}

model/rbac/role.go

@@ -16,7 +16,7 @@ type Role struct {
 		Id   string `json:"id"`
 		Name string `json:"name"`
 	} `json:"cluster,omitempty"`
-	ClusterPrivilege []map[string][]string `json:"cluster_privilege,omitempty"`
+	ClusterPrivilege []string `json:"cluster_privilege,omitempty"`
 	Index            []struct {
 		Name      []string `json:"name"`
 		Privilege []string `json:"privilege"`