fix: (rbac) role=>permission
This commit is contained in:
parent
006e162523
commit
d64edd2826
|
@ -2,43 +2,25 @@ package enum
|
|||
|
||||
import "time"
|
||||
|
||||
const CreateUser = "create_user"
|
||||
const UpdateUser = "update_user"
|
||||
const DeleteUser = "delete_user"
|
||||
const GetUser = "get_user"
|
||||
const SearchUser = "search_user"
|
||||
var UserRead = []string{"user::read"}
|
||||
var UserAll = []string{"user::read", "user::write"}
|
||||
|
||||
const CreateRole = "create_role"
|
||||
const UpdateRole = "update_role"
|
||||
const DeleteRole = "delete_role"
|
||||
const GetRole = "get_role"
|
||||
const SearchRole = "search_role"
|
||||
const ListPermission = "list_permission"
|
||||
var RoleRead = []string{"role::read"}
|
||||
var RoleAll = []string{"role::read", "role::write"}
|
||||
|
||||
const CreateRule = "create_rule"
|
||||
const UpdateRule = "update_rule"
|
||||
const DeleteRule = "delete_rule"
|
||||
const GetRule = "get_rule"
|
||||
const SearchRule = "search_rule"
|
||||
//const RuleRead = "rule::read"
|
||||
//const RuleAll = "rule::all"
|
||||
//
|
||||
//const InstanceRead = "instance::read"
|
||||
//const InstanceAll = "instance::all"
|
||||
|
||||
const CreateInstance = "create_instance"
|
||||
const UpdateInstance = "update_instance"
|
||||
const DeleteInstance = "delete_instance"
|
||||
const GetInstance = "get_instance"
|
||||
const SearchInstance = "search_instance"
|
||||
const GetInstanceStatus = "get_instance_status"
|
||||
const ConnectInstance = "connect_instance"
|
||||
const InstanceProxy = "instance_proxy"
|
||||
|
||||
var All = []string{CreateUser, UpdateUser, DeleteUser, GetUser, SearchUser, CreateRole, UpdateRole, DeleteRole, GetRole,
|
||||
SearchRole, ListPermission, CreateRule, UpdateRule, DeleteRule, GetRule, SearchRule, CreateInstance, UpdateInstance, DeleteInstance,
|
||||
GetInstance, SearchInstance, GetInstanceStatus, ConnectInstance, InstanceProxy}
|
||||
|
||||
var Admin = []string{CreateUser, UpdateUser, DeleteUser, GetUser, SearchUser, CreateRole, UpdateRole, DeleteRole, GetRole, SearchRole, ListPermission}
|
||||
var AdminUser = []string{CreateUser, UpdateUser, DeleteUser, GetUser, SearchUser}
|
||||
var Admin []string
|
||||
var BuildRoles = make(map[string]map[string]interface{}, 0)
|
||||
var Permission = make(map[string][]string)
|
||||
|
||||
func init() {
|
||||
Admin = append(Admin, UserAll...)
|
||||
Admin = append(Admin, RoleAll...)
|
||||
BuildRoles["admin"] = map[string]interface{}{
|
||||
"id": "admin",
|
||||
"name": "admin",
|
||||
|
@ -47,39 +29,14 @@ func init() {
|
|||
"description": "is admin",
|
||||
"created": time.Now(),
|
||||
}
|
||||
}
|
||||
//自定义角色=》内置角色 =》权限列表
|
||||
// userrole=> cluster;read => permissionList
|
||||
// login=> userrole=> cluster:read =>permissionList
|
||||
// search require = (search)
|
||||
//Permission = map[string][]string{
|
||||
//
|
||||
// UserRead : {UserRead},
|
||||
// UserAll: {UserRead, UserWrite},
|
||||
//}
|
||||
|
||||
// BuildRoles["admin"] = {
|
||||
// "id":"admin",
|
||||
// "name":"admin",
|
||||
//}
|
||||
//{
|
||||
// "name":"admin",
|
||||
// "id":"admin",
|
||||
//
|
||||
//},{
|
||||
//
|
||||
//}
|
||||
// {
|
||||
// "name": "admin",
|
||||
// Name: "admin",
|
||||
// Description: "管理员",
|
||||
// RoleType: "console",
|
||||
// Permission: rbac.ConsolePermission{
|
||||
// ApiPermission: Admin,
|
||||
// },
|
||||
// BuiltIn: true,
|
||||
// },
|
||||
// {
|
||||
// ORMObjectBase: orm.ORMObjectBase{
|
||||
// ID: "admin_user",
|
||||
// },
|
||||
// Name: "admin_user",
|
||||
// Description: "用户模块管理员",
|
||||
// RoleType: "console",
|
||||
// Permission: rbac.ConsolePermission{
|
||||
// ApiPermission: AdminUser,
|
||||
// },
|
||||
// BuiltIn: true,
|
||||
// },
|
||||
//}
|
||||
}
|
||||
|
|
|
@ -1,17 +1,12 @@
|
|||
package biz
|
||||
|
||||
import (
|
||||
"infini.sh/console/internal/biz/enum"
|
||||
)
|
||||
|
||||
var ClusterApis = make(map[string][]string)
|
||||
var IndexApis = make([]string, 0)
|
||||
|
||||
var RolePermission = make(map[string][]string)
|
||||
|
||||
type ConsolePermisson struct {
|
||||
Api []string `json:"api"`
|
||||
Menu []Menu `json:"menu"`
|
||||
Menu []Menu `json:"menu"`
|
||||
}
|
||||
type Menu struct {
|
||||
Id string `json:"id"`
|
||||
|
@ -21,32 +16,24 @@ type Menu struct {
|
|||
}
|
||||
|
||||
func (role ConsoleRole) ListPermission() interface{} {
|
||||
menu := []Menu{
|
||||
menu := []Menu{{
|
||||
Id: "cluster",
|
||||
Name: "平台管理",
|
||||
Privilege: []string{"none", "read", "all"},
|
||||
},
|
||||
{
|
||||
Id: "cluster",
|
||||
Name: "平台管理",
|
||||
Children: []Menu{
|
||||
{
|
||||
Id: "cluster_overview",
|
||||
Name: "平台概览",
|
||||
Privilege: []string{"none", "write", "read"},
|
||||
},
|
||||
{
|
||||
|
||||
Id: "cluster_elasticsearch",
|
||||
Name: "集群监控",
|
||||
Privilege: []string{"none", "write", "read"},
|
||||
}, {
|
||||
|
||||
Id: "cluster_activities",
|
||||
Name: "集群动态",
|
||||
Privilege: []string{"none", "write", "read"},
|
||||
},
|
||||
},
|
||||
Id: "role",
|
||||
Name: "角色管理",
|
||||
Privilege: []string{"none", "read", "all"},
|
||||
},
|
||||
{
|
||||
Id: "user",
|
||||
Name: "用户管理",
|
||||
Privilege: []string{"none", "read", "all"},
|
||||
},
|
||||
}
|
||||
p := ConsolePermisson{
|
||||
Api: enum.All,
|
||||
|
||||
Menu: menu,
|
||||
}
|
||||
|
||||
|
|
|
@ -17,19 +17,19 @@ type Rbac struct {
|
|||
|
||||
func registerRouter() {
|
||||
r := Rbac{}
|
||||
api.HandleAPIMethod(api.GET, "/permission/:type", m.PermissionRequired(r.ListPermission, enum.ListPermission))
|
||||
api.HandleAPIMethod(api.POST, "/role/:type", m.PermissionRequired(r.CreateRole, enum.CreateRole))
|
||||
api.HandleAPIMethod(api.GET, "/role/:id", m.PermissionRequired(r.GetRole, enum.GetRole))
|
||||
api.HandleAPIMethod(api.DELETE, "/role/:id", m.PermissionRequired(r.DeleteRole, enum.DeleteRole))
|
||||
api.HandleAPIMethod(api.PUT, "/role/:id", m.PermissionRequired(r.UpdateRole, enum.UpdateRole))
|
||||
api.HandleAPIMethod(api.GET, "/role/_search", m.PermissionRequired(r.SearchRole, enum.SearchRole))
|
||||
api.HandleAPIMethod(api.GET, "/permission/:type", m.PermissionRequired(r.ListPermission, enum.RoleRead...))
|
||||
api.HandleAPIMethod(api.POST, "/role/:type", m.PermissionRequired(r.CreateRole, enum.RoleAll...))
|
||||
api.HandleAPIMethod(api.GET, "/role/:id", m.PermissionRequired(r.GetRole, enum.RoleRead...))
|
||||
api.HandleAPIMethod(api.DELETE, "/role/:id", m.PermissionRequired(r.DeleteRole, enum.RoleAll...))
|
||||
api.HandleAPIMethod(api.PUT, "/role/:id", m.PermissionRequired(r.UpdateRole, enum.RoleAll...))
|
||||
api.HandleAPIMethod(api.GET, "/role/_search", m.PermissionRequired(r.SearchRole, enum.RoleRead...))
|
||||
|
||||
api.HandleAPIMethod(api.POST, "/user", m.PermissionRequired(r.CreateUser, enum.CreateUser))
|
||||
api.HandleAPIMethod(api.GET, "/user/:id", m.PermissionRequired(r.GetUser, enum.GetUser))
|
||||
api.HandleAPIMethod(api.DELETE, "/user/:id", m.PermissionRequired(r.DeleteUser, enum.DeleteUser))
|
||||
api.HandleAPIMethod(api.PUT, "/user/:id", m.PermissionRequired(r.UpdateUser, enum.UpdateUser))
|
||||
api.HandleAPIMethod(api.PUT, "/user/:id/role", m.PermissionRequired(r.UpdateUserRole, enum.UpdateUser))
|
||||
api.HandleAPIMethod(api.GET, "/user/_search", m.PermissionRequired(r.SearchUser, enum.SearchUser))
|
||||
api.HandleAPIMethod(api.POST, "/user", m.PermissionRequired(r.CreateUser, enum.UserAll...))
|
||||
api.HandleAPIMethod(api.GET, "/user/:id", m.PermissionRequired(r.GetUser, enum.UserRead...))
|
||||
api.HandleAPIMethod(api.DELETE, "/user/:id", m.PermissionRequired(r.DeleteUser, enum.UserAll...))
|
||||
api.HandleAPIMethod(api.PUT, "/user/:id", m.PermissionRequired(r.UpdateUser, enum.UserAll...))
|
||||
api.HandleAPIMethod(api.PUT, "/user/:id/role", m.PermissionRequired(r.UpdateUserRole, enum.UserAll...))
|
||||
api.HandleAPIMethod(api.GET, "/user/_search", m.PermissionRequired(r.SearchUser, enum.UserRead...))
|
||||
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue