fix: (rbac) login privllege

This commit is contained in:
xushuhui 2022-04-22 15:55:15 +08:00
parent 2c1b792977
commit fbacc4ab62
7 changed files with 109 additions and 20 deletions

View File

@ -99,6 +99,9 @@ func authorize(user Account) (m map[string]interface{}, err error) {
"id": user.ID,
"expire_in": 86400,
"roles": []string{"admin"},
"privilege": []string{
"system_user:all", "system_role:all", "system_cluster:all", "system_command:all",
},
}
return
}

View File

@ -8,11 +8,11 @@ var UserAll = []string{"user::read", "user::write"}
var RoleRead = []string{"role::read"}
var RoleAll = []string{"role::read", "role::write"}
//const RuleRead = "rule::read"
//const RuleAll = "rule::all"
//
//const InstanceRead = "instance::read"
//const InstanceAll = "instance::all"
var RuleRead = []string{"rule::read"}
var RuleAll = []string{"rule::read", "rule::write"}
var InstanceRead = []string{"instance::read"}
var InstanceAll = []string{"instance::read", "instance::write"}
var Admin []string
var BuildRoles = make(map[string]map[string]interface{}, 0)
@ -21,14 +21,39 @@ var Permission = make(map[string][]string)
func init() {
Admin = append(Admin, UserAll...)
Admin = append(Admin, RoleAll...)
UserMenu := Menu{
Id: "system_user",
Name: "用户管理",
Privilege: "all",
}
RoleMenu := Menu{
Id: "system_role",
Name: "角色管理",
Privilege: "all",
}
AdminMenu := []Menu{
UserMenu, RoleMenu,
}
BuildRoles["admin"] = map[string]interface{}{
"id": "admin",
"name": "admin",
"permission": Admin,
"name": "管理员",
"permission": AdminMenu,
"builtin": true,
"description": "is admin",
"created": time.Now(),
}
BuildRoles["user_admin"] = map[string]interface{}{
"id": "user_admin",
"name": "用户管理员",
"permission": UserMenu,
"builtin": true,
"description": "is user admin",
"created": time.Now(),
}
//自定义角色=》 =》permissionKey
// userrole=> [cluster::all,clust] => permissionValue [cluster::read,cluster::write]
// login=> userrole=> cluster::all =>permissionList[]

View File

@ -0,0 +1,7 @@
package enum
type Menu struct {
Id string `json:"id"`
Name string `json:"name"`
Privilege string `json:"privilege,omitempty"`
}

View File

@ -2,6 +2,7 @@ package biz
import (
"fmt"
"infini.sh/console/internal/biz/enum"
"infini.sh/console/internal/dto"
"infini.sh/console/model/rbac"
"infini.sh/framework/core/event"
@ -63,6 +64,10 @@ func NewRole(typ string) (r IRole, err error) {
}
func (role ConsoleRole) Create(localUser *User) (id string, err error) {
if _, ok := enum.BuildRoles[role.Name]; ok {
err = fmt.Errorf("role name %s already exists", role.Name)
return
}
q := orm.Query{Size: 1}
q.Conds = orm.And(orm.Eq("name", role.Name))
@ -116,6 +121,11 @@ func (role ConsoleRole) Create(localUser *User) (id string, err error) {
}
func (role ElasticsearchRole) Create(localUser *User) (id string, err error) {
if _, ok := enum.BuildRoles[role.Name]; ok {
err = fmt.Errorf("role name %s already exists", role.Name)
return
}
q := orm.Query{Size: 1}
q.Conds = orm.And(orm.Eq("name", role.Name))

View File

@ -6,12 +6,12 @@ import (
"strings"
"time"
"infini.sh/console/config"
model2 "infini.sh/console/model"
"infini.sh/framework/core/api"
httprouter "infini.sh/framework/core/api/router"
"infini.sh/framework/core/orm"
"infini.sh/framework/core/util"
"infini.sh/console/config"
model2 "infini.sh/console/model"
)
type APIHandler struct {
@ -116,3 +116,43 @@ func (handler APIHandler) UpdateDictItemAction(w http.ResponseWriter, req *http.
handler.WriteJSON(w, resp, http.StatusOK)
}
func (handler APIHandler) ListIndex(w http.ResponseWriter, req *http.Request, ps httprouter.Params) {
// clusterIds := handler.GetParameterOrDefault(req, "cluster_id", "")
// keyword := handler.GetParameterOrDefault(req, "keyword", "")
// Ids := strings.Split(clusterIds, ",")
// var dsl = `{
// "_source": ["metadata.index_name"],
// "collapse": {
// "field": "metadata.index_name"
// },
// "size": 100,
// "query": {
// "bool": {
// "must": [
// {
// "terms": {
// "metadata.cluster_id": [%s]
// }
// },%s
// ],
// "must_not": [
// {
// "term": {
// "metadata.labels.state": {
// "value": "delete"
// }
// }
// }
// ]
// }
// }
//}`
// var likeDsl = `{
// "wildcard": {
// "metadata.index_name": {
// "value": "*inf*"
// }
// }
// }`
return
}

View File

@ -33,18 +33,18 @@ func Init(cfg *config.AppConfig) {
api.HandleAPIMethod(api.GET, path.Join(pathPrefix, "rebuild/_search"), handler.HandleGetRebuildListAction)
api.HandleAPIMethod(api.DELETE, path.Join(pathPrefix, "rebuild/:id"), handler.HandleDeleteRebuildAction)
api.HandleAPIMethod(api.GET, path.Join(esPrefix, "_cat/indices"), handler.HandleGetIndicesAction)
api.HandleAPIMethod(api.GET, path.Join(esPrefix, "_cat/indices"), handler.HandleGetIndicesAction)
api.HandleAPIMethod(api.GET, path.Join(esPrefix, "index/:index/_mappings"), handler.HandleGetMappingsAction)
api.HandleAPIMethod(api.GET, path.Join(esPrefix, "index/:index/_settings"), handler.HandleGetSettingsAction)
api.HandleAPIMethod(api.PUT, path.Join(esPrefix, "index/:index/_settings"), handler.HandleUpdateSettingsAction)
api.HandleAPIMethod(api.DELETE, path.Join(esPrefix, "index/:index"), handler.HandleDeleteIndexAction)
api.HandleAPIMethod(api.POST, path.Join(esPrefix, "index/:index"), handler.HandleCreateIndexAction)
api.HandleAPIMethod(api.POST, path.Join(pathPrefix, "elasticsearch/command"), handler.HandleAddCommonCommandAction)
api.HandleAPIMethod(api.PUT, path.Join(pathPrefix, "elasticsearch/command/:cid"), handler.HandleSaveCommonCommandAction)
api.HandleAPIMethod(api.POST, path.Join(pathPrefix, "elasticsearch/command"), handler.HandleAddCommonCommandAction)
api.HandleAPIMethod(api.PUT, path.Join(pathPrefix, "elasticsearch/command/:cid"), handler.HandleSaveCommonCommandAction)
api.HandleAPIMethod(api.GET, path.Join(pathPrefix, "elasticsearch/command"), handler.HandleQueryCommonCommandAction)
api.HandleAPIMethod(api.DELETE, path.Join(pathPrefix, "elasticsearch/command/:cid"), handler.HandleDeleteCommonCommandAction)
api.HandleAPIMethod(api.GET, path.Join(pathPrefix, "cluster/indices"), handler.ListIndex)
//task.RegisterScheduleTask(task.ScheduleTask{
// Description: "sync reindex task result",
// Task: func() {

View File

@ -67,19 +67,23 @@ func (h Rbac) SearchRole(w http.ResponseWriter, r *http.Request, ps httprouter.P
util.FromJSONBytes(res.Raw, &response)
list := response.Hits.Hits
total := response.GetTotal()
var index string
for _, v := range list {
index = v.Index
}
for k, v := range enum.BuildRoles {
list = append(list, elastic.IndexDocument{
ID: k,
Index: index,
Type: "_doc",
Source: v,
})
total++
}
list = append(list, elastic.IndexDocument{
ID: "admin",
Index: index,
Type: "_doc",
Source: enum.BuildRoles["admin"],
})
response.Hits.Hits = list
response.Hits.Total = response.GetTotal() + 1
response.Hits.Total = total
h.WriteOKJSON(w, response)
return