floraachy
/
console
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: (rbac) role=>permission

This commit is contained in:
xushuhui 2022-04-22 11:08:34 +08:00
parent 006e162523
commit d64edd2826
3 changed files with 50 additions and 106 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

89
internal/biz/enum/const.go
View File

@ -2,43 +2,25 @@ package enum
import "time" import "time"
const CreateUser = "create_user" var UserRead = []string{"user::read"}
const UpdateUser = "update_user" var UserAll = []string{"user::read", "user::write"}
const DeleteUser = "delete_user"
const GetUser = "get_user"
const SearchUser = "search_user"
const CreateRole = "create_role" var RoleRead = []string{"role::read"}
const UpdateRole = "update_role" var RoleAll = []string{"role::read", "role::write"}
const DeleteRole = "delete_role"
const GetRole = "get_role"
const SearchRole = "search_role"
const ListPermission = "list_permission"
const CreateRule = "create_rule" //const RuleRead = "rule::read"
const UpdateRule = "update_rule" //const RuleAll = "rule::all"
const DeleteRule = "delete_rule" //
const GetRule = "get_rule" //const InstanceRead = "instance::read"
const SearchRule = "search_rule" //const InstanceAll = "instance::all"
const CreateInstance = "create_instance" var Admin []string
const UpdateInstance = "update_instance"
const DeleteInstance = "delete_instance"
const GetInstance = "get_instance"
const SearchInstance = "search_instance"
const GetInstanceStatus = "get_instance_status"
const ConnectInstance = "connect_instance"
const InstanceProxy = "instance_proxy"
var All = []string{CreateUser, UpdateUser, DeleteUser, GetUser, SearchUser, CreateRole, UpdateRole, DeleteRole, GetRole,
SearchRole, ListPermission, CreateRule, UpdateRule, DeleteRule, GetRule, SearchRule, CreateInstance, UpdateInstance, DeleteInstance,
GetInstance, SearchInstance, GetInstanceStatus, ConnectInstance, InstanceProxy}
var Admin = []string{CreateUser, UpdateUser, DeleteUser, GetUser, SearchUser, CreateRole, UpdateRole, DeleteRole, GetRole, SearchRole, ListPermission}
var AdminUser = []string{CreateUser, UpdateUser, DeleteUser, GetUser, SearchUser}
var BuildRoles = make(map[string]map[string]interface{}, 0) var BuildRoles = make(map[string]map[string]interface{}, 0)
var Permission = make(map[string][]string)
func init() { func init() {
Admin = append(Admin, UserAll...)
Admin = append(Admin, RoleAll...)
BuildRoles["admin"] = map[string]interface{}{ BuildRoles["admin"] = map[string]interface{}{
"id": "admin", "id": "admin",
"name": "admin", "name": "admin",
@ -47,39 +29,14 @@ func init() {
"description": "is admin", "description": "is admin",
"created": time.Now(), "created": time.Now(),
} }
} //自定义角色=》内置角色 =》权限列表
// userrole=> clusterread => permissionList
// login=> userrole=> cluster:read =>permissionList
// search require = (search)
//Permission = map[string][]string{
//
// UserRead : {UserRead},
// UserAll: {UserRead, UserWrite},
//}
// BuildRoles["admin"] = { }
// "id":"admin",
// "name":"admin",
//}
//{
// "name":"admin",
// "id":"admin",
//
//},{
//
//}
// {
// "name": "admin",
// Name: "admin",
// Description: "管理员",
// RoleType: "console",
// Permission: rbac.ConsolePermission{
// ApiPermission: Admin,
// },
// BuiltIn: true,
// },
// {
// ORMObjectBase: orm.ORMObjectBase{
// ID: "admin_user",
// },
// Name: "admin_user",
// Description: "用户模块管理员",
// RoleType: "console",
// Permission: rbac.ConsolePermission{
// ApiPermission: AdminUser,
// },
// BuiltIn: true,
// },
//}

33
internal/biz/permission.go
View File

@ -1,16 +1,11 @@
package biz package biz
import (
"infini.sh/console/internal/biz/enum"
)
var ClusterApis = make(map[string][]string) var ClusterApis = make(map[string][]string)
var IndexApis = make([]string, 0) var IndexApis = make([]string, 0)
var RolePermission = make(map[string][]string) var RolePermission = make(map[string][]string)
type ConsolePermisson struct { type ConsolePermisson struct {
Api []string `json:"api"`
Menu []Menu `json:"menu"` Menu []Menu `json:"menu"`
} }
type Menu struct { type Menu struct {
@ -21,32 +16,24 @@ type Menu struct {
} }
func (role ConsoleRole) ListPermission() interface{} { func (role ConsoleRole) ListPermission() interface{} {
menu := []Menu{ menu := []Menu{{
{
Id: "cluster", Id: "cluster",
Name: "平台管理", Name: "平台管理",
Children: []Menu{ Privilege: []string{"none", "read", "all"},
{
Id: "cluster_overview",
Name: "平台概览",
Privilege: []string{"none", "write", "read"},
}, },
{ {
Id: "role",
Id: "cluster_elasticsearch", Name: "角色管理",
Name: "集群监控", Privilege: []string{"none", "read", "all"},
Privilege: []string{"none", "write", "read"},
}, {
Id: "cluster_activities",
Name: "集群动态",
Privilege: []string{"none", "write", "read"},
},
}, },
{
Id: "user",
Name: "用户管理",
Privilege: []string{"none", "read", "all"},
}, },
} }
p := ConsolePermisson{ p := ConsolePermisson{
Api: enum.All,
Menu: menu, Menu: menu,
} }

24
plugin/api/rbac/init.go
View File

@ -17,19 +17,19 @@ type Rbac struct {
func registerRouter() { func registerRouter() {
r := Rbac{} r := Rbac{}
api.HandleAPIMethod(api.GET, "/permission/:type", m.PermissionRequired(r.ListPermission, enum.ListPermission)) api.HandleAPIMethod(api.GET, "/permission/:type", m.PermissionRequired(r.ListPermission, enum.RoleRead...))
api.HandleAPIMethod(api.POST, "/role/:type", m.PermissionRequired(r.CreateRole, enum.CreateRole)) api.HandleAPIMethod(api.POST, "/role/:type", m.PermissionRequired(r.CreateRole, enum.RoleAll...))
api.HandleAPIMethod(api.GET, "/role/:id", m.PermissionRequired(r.GetRole, enum.GetRole)) api.HandleAPIMethod(api.GET, "/role/:id", m.PermissionRequired(r.GetRole, enum.RoleRead...))
api.HandleAPIMethod(api.DELETE, "/role/:id", m.PermissionRequired(r.DeleteRole, enum.DeleteRole)) api.HandleAPIMethod(api.DELETE, "/role/:id", m.PermissionRequired(r.DeleteRole, enum.RoleAll...))
api.HandleAPIMethod(api.PUT, "/role/:id", m.PermissionRequired(r.UpdateRole, enum.UpdateRole)) api.HandleAPIMethod(api.PUT, "/role/:id", m.PermissionRequired(r.UpdateRole, enum.RoleAll...))
api.HandleAPIMethod(api.GET, "/role/_search", m.PermissionRequired(r.SearchRole, enum.SearchRole)) api.HandleAPIMethod(api.GET, "/role/_search", m.PermissionRequired(r.SearchRole, enum.RoleRead...))
api.HandleAPIMethod(api.POST, "/user", m.PermissionRequired(r.CreateUser, enum.CreateUser)) api.HandleAPIMethod(api.POST, "/user", m.PermissionRequired(r.CreateUser, enum.UserAll...))
api.HandleAPIMethod(api.GET, "/user/:id", m.PermissionRequired(r.GetUser, enum.GetUser)) api.HandleAPIMethod(api.GET, "/user/:id", m.PermissionRequired(r.GetUser, enum.UserRead...))
api.HandleAPIMethod(api.DELETE, "/user/:id", m.PermissionRequired(r.DeleteUser, enum.DeleteUser)) api.HandleAPIMethod(api.DELETE, "/user/:id", m.PermissionRequired(r.DeleteUser, enum.UserAll...))
api.HandleAPIMethod(api.PUT, "/user/:id", m.PermissionRequired(r.UpdateUser, enum.UpdateUser)) api.HandleAPIMethod(api.PUT, "/user/:id", m.PermissionRequired(r.UpdateUser, enum.UserAll...))
api.HandleAPIMethod(api.PUT, "/user/:id/role", m.PermissionRequired(r.UpdateUserRole, enum.UpdateUser)) api.HandleAPIMethod(api.PUT, "/user/:id/role", m.PermissionRequired(r.UpdateUserRole, enum.UserAll...))
api.HandleAPIMethod(api.GET, "/user/_search", m.PermissionRequired(r.SearchUser, enum.SearchUser)) api.HandleAPIMethod(api.GET, "/user/_search", m.PermissionRequired(r.SearchUser, enum.UserRead...))
} }