From abad11e3bfafbdbf25be4b606f3815445fe6af70 Mon Sep 17 00:00:00 2001 From: xushuhui Date: Wed, 20 Apr 2022 17:36:45 +0800 Subject: [PATCH] feat: (rbac) builtin role --- internal/biz/enum/const.go | 76 ++++++++++++++++++++++------------- internal/biz/role.go | 1 + plugin/api/account/account.go | 6 +-- plugin/api/rbac/role.go | 25 ++++++++---- 4 files changed, 69 insertions(+), 39 deletions(-) diff --git a/internal/biz/enum/const.go b/internal/biz/enum/const.go index 8c68288b..7f755ad8 100644 --- a/internal/biz/enum/const.go +++ b/internal/biz/enum/const.go @@ -1,9 +1,6 @@ package enum -import ( - "infini.sh/console/model/rbac" - "infini.sh/framework/core/orm" -) +import "time" const CreateUser = "create_user" const UpdateUser = "update_user" @@ -36,29 +33,50 @@ const InstanceProxy = "instance_proxy" var Admin = []string{CreateUser, UpdateUser, DeleteUser, GetUser, SearchUser, CreateRole, UpdateRole, DeleteRole, GetRole, SearchRole, ListPermission} var AdminUser = []string{CreateUser, UpdateUser, DeleteUser, GetUser, SearchUser} var AdminRole = []string{CreateRole, UpdateRole, DeleteRole, GetRole, SearchRole, ListPermission} -var BuildRoles = []rbac.Role{ - { - ORMObjectBase: orm.ORMObjectBase{ - ID: "admin", - }, - Name: "admin", - Description: "管理员", - RoleType: "console", - Permission: rbac.ConsolePermission{ - ApiPermission: Admin, - }, - BuiltIn: true, - }, - { - ORMObjectBase: orm.ORMObjectBase{ - ID: "admin_user", - }, - Name: "admin_user", - Description: "用户模块管理员", - RoleType: "console", - Permission: rbac.ConsolePermission{ - ApiPermission: AdminUser, - }, - BuiltIn: true, - }, +var BuildRoles = make(map[string]map[string]interface{}, 0) + +func init() { + BuildRoles["admin"] = map[string]interface{}{ + "id": "admin", + "name": "admin", + "permission": AdminUser, + "builtin": true, + "description": "is admin", + "created": time.Now(), + } } + +// BuildRoles["admin"] = { +// "id":"admin", +// "name":"admin", +//} +//{ +// "name":"admin", +// "id":"admin", +// +//},{ +// +//} +// { +// "name": "admin", +// Name: "admin", +// Description: "管理员", +// RoleType: "console", +// Permission: rbac.ConsolePermission{ +// ApiPermission: Admin, +// }, +// BuiltIn: true, +// }, +// { +// ORMObjectBase: orm.ORMObjectBase{ +// ID: "admin_user", +// }, +// Name: "admin_user", +// Description: "用户模块管理员", +// RoleType: "console", +// Permission: rbac.ConsolePermission{ +// ApiPermission: AdminUser, +// }, +// BuiltIn: true, +// }, +//} diff --git a/internal/biz/role.go b/internal/biz/role.go index e723df34..9716136b 100644 --- a/internal/biz/role.go +++ b/internal/biz/role.go @@ -147,6 +147,7 @@ func GetRole(id string) (role rbac.Role, err error) { return } func SearchRole(keyword string, from, size int) (roles orm.Result, err error) { + query := orm.Query{} queryDSL := `{"query":{"bool":{"must":[%s]}}, "from": %d,"size": %d}` diff --git a/plugin/api/account/account.go b/plugin/api/account/account.go index 52f41b5e..9e14a402 100644 --- a/plugin/api/account/account.go +++ b/plugin/api/account/account.go @@ -19,14 +19,14 @@ func init() { account := Account{} api.HandleAPIMethod(api.POST, "/account/login", account.Login) - //api.HandleAPIMethod(api.GET, "/account/current_user", account.CurrentUser) + api.HandleAPIMethod(api.GET, "/account/current_user", account.CurrentUser) api.HandleAPIMethod(api.DELETE, "/account/logout", account.Logout) api.HandleAPIMethod(api.GET, "/account/profile", m.LoginRequired(account.Profile)) api.HandleAPIMethod(api.PUT, "/account/password", m.LoginRequired(account.UpdatePassword)) } -const userInSession = "user_in_session" +const userInSession = "user_session:" func (h Account) Login(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { @@ -44,7 +44,7 @@ func (h Account) Login(w http.ResponseWriter, r *http.Request, ps httprouter.Par } data["status"] = "ok" - api.SetSession(w, r, userInSession, req.Username) + //api.SetSession(w, r, userInSession+req.Username, req.Username) h.WriteOKJSON(w, data) } diff --git a/plugin/api/rbac/role.go b/plugin/api/rbac/role.go index 8e996f6c..3bc0fac1 100644 --- a/plugin/api/rbac/role.go +++ b/plugin/api/rbac/role.go @@ -7,6 +7,8 @@ import ( "infini.sh/console/internal/core" "infini.sh/console/internal/dto" httprouter "infini.sh/framework/core/api/router" + "infini.sh/framework/core/elastic" + "infini.sh/framework/core/util" "net/http" ) @@ -55,15 +57,24 @@ func (h Rbac) SearchRole(w http.ResponseWriter, r *http.Request, ps httprouter.P h.Error(w, err) return } - roles := make([]interface{}, 0) - for _, role := range enum.BuildRoles { - roles = append(roles, role) - } - for _, v := range res.Result { - roles = append(roles, v) + response := elastic.SearchResponse{} + util.FromJSONBytes(res.Raw, &response) + + list := response.Hits.Hits + var index string + for _, v := range list { + index = v.Index } - h.WriteOKJSON(w, core.Response{Hit: roles, Total: res.Total + int64(len(enum.BuildRoles))}) + list = append(list, elastic.IndexDocument{ + ID: "admin", + Index: index, + Type: "_doc", + Source: enum.BuildRoles["admin"], + }) + response.Hits.Hits = list + + h.WriteOKJSON(w, response) return }