fix: (rbac) login privllege

2022-04-22 15:55:15 +08:00 · 2022-04-22 15:55:15 +08:00 · fbacc4ab62
parent 2c1b792977
commit fbacc4ab62
7 changed files with 109 additions and 20 deletions
--- a/internal/biz/account.go
+++ b/internal/biz/account.go
@ -99,6 +99,9 @@ func authorize(user Account) (m map[string]interface{}, err error) {
 		"id":           user.ID,
 		"expire_in":    86400,
 		"roles":        []string{"admin"},
+		"privilege": []string{
+			"system_user:all", "system_role:all", "system_cluster:all", "system_command:all",
+		},
 	}
 	return
 }
--- a/internal/biz/enum/const.go
+++ b/internal/biz/enum/const.go
@ -8,11 +8,11 @@ var UserAll = []string{"user::read", "user::write"}
 var RoleRead = []string{"role::read"}
 var RoleAll = []string{"role::read", "role::write"}

-//const RuleRead = "rule::read"
-//const RuleAll = "rule::all"
-//
-//const InstanceRead = "instance::read"
-//const InstanceAll = "instance::all"
+var RuleRead = []string{"rule::read"}
+var RuleAll = []string{"rule::read", "rule::write"}
+
+var InstanceRead = []string{"instance::read"}
+var InstanceAll = []string{"instance::read", "instance::write"}

 var Admin []string
 var BuildRoles = make(map[string]map[string]interface{}, 0)
@ -21,14 +21,39 @@ var Permission = make(map[string][]string)
 func init() {
 	Admin = append(Admin, UserAll...)
 	Admin = append(Admin, RoleAll...)
+
+	UserMenu := Menu{
+		Id:        "system_user",
+		Name:      "用户管理",
+		Privilege: "all",
+	}
+	RoleMenu := Menu{
+		Id:        "system_role",
+		Name:      "角色管理",
+		Privilege: "all",
+	}
+	AdminMenu := []Menu{
+		UserMenu, RoleMenu,
+	}
+
 	BuildRoles["admin"] = map[string]interface{}{
 		"id":          "admin",
-		"name":        "admin",
-		"permission":  Admin,
+		"name":        "管理员",
+		"permission":  AdminMenu,
 		"builtin":     true,
 		"description": "is admin",
 		"created":     time.Now(),
 	}
+
+	BuildRoles["user_admin"] = map[string]interface{}{
+		"id":          "user_admin",
+		"name":        "用户管理员",
+		"permission":  UserMenu,
+		"builtin":     true,
+		"description": "is user admin",
+		"created":     time.Now(),
+	}
+
 	//自定义角色=》 =》permissionKey
 	// userrole=> [cluster::all,clust] =>  permissionValue [cluster::read,cluster::write]
 	// login=> userrole=> cluster::all =>permissionList[]
--- a/internal/biz/enum/menu.go
+++ b/internal/biz/enum/menu.go
@ -0,0 +1,7 @@
+package enum
+
+type Menu struct {
+	Id        string `json:"id"`
+	Name      string `json:"name"`
+	Privilege string `json:"privilege,omitempty"`
+}
--- a/internal/biz/role.go
+++ b/internal/biz/role.go
@ -2,6 +2,7 @@ package biz

 import (
 	"fmt"
+	"infini.sh/console/internal/biz/enum"
 	"infini.sh/console/internal/dto"
 	"infini.sh/console/model/rbac"
 	"infini.sh/framework/core/event"
@ -63,6 +64,10 @@ func NewRole(typ string) (r IRole, err error) {
 }

 func (role ConsoleRole) Create(localUser *User) (id string, err error) {
+	if _, ok := enum.BuildRoles[role.Name]; ok {
+		err = fmt.Errorf("role name %s already exists", role.Name)
+		return
+	}
 	q := orm.Query{Size: 1}
 	q.Conds = orm.And(orm.Eq("name", role.Name))

@ -116,6 +121,11 @@ func (role ConsoleRole) Create(localUser *User) (id string, err error) {

 }
 func (role ElasticsearchRole) Create(localUser *User) (id string, err error) {
+
+	if _, ok := enum.BuildRoles[role.Name]; ok {
+		err = fmt.Errorf("role name %s already exists", role.Name)
+		return
+	}
 	q := orm.Query{Size: 1}
 	q.Conds = orm.And(orm.Eq("name", role.Name))

--- a/plugin/api/index_management/index.go
+++ b/plugin/api/index_management/index.go
@ -6,12 +6,12 @@ import (
 	"strings"
 	"time"

+	"infini.sh/console/config"
+	model2 "infini.sh/console/model"
 	"infini.sh/framework/core/api"
 	httprouter "infini.sh/framework/core/api/router"
 	"infini.sh/framework/core/orm"
 	"infini.sh/framework/core/util"
-	"infini.sh/console/config"
-	model2 "infini.sh/console/model"
 )

 type APIHandler struct {
@ -116,3 +116,43 @@ func (handler APIHandler) UpdateDictItemAction(w http.ResponseWriter, req *http.
 	handler.WriteJSON(w, resp, http.StatusOK)

 }
+func (handler APIHandler) ListIndex(w http.ResponseWriter, req *http.Request, ps httprouter.Params) {
+	//	clusterIds := handler.GetParameterOrDefault(req, "cluster_id", "")
+	//	keyword := handler.GetParameterOrDefault(req, "keyword", "")
+	//	Ids := strings.Split(clusterIds, ",")
+	//	var dsl = `{
+	//  "_source": ["metadata.index_name"],
+	//  "collapse": {
+	//    "field": "metadata.index_name"
+	//  },
+	//  "size": 100,
+	//  "query": {
+	//    "bool": {
+	//      "must": [
+	//        {
+	//          "terms": {
+	//            "metadata.cluster_id": [%s]
+	//          }
+	//        },%s
+	//      ],
+	//      "must_not": [
+	//        {
+	//          "term": {
+	//            "metadata.labels.state": {
+	//              "value": "delete"
+	//            }
+	//          }
+	//        }
+	//      ]
+	//    }
+	//  }
+	//}`
+	//	var likeDsl = `{
+	//          "wildcard": {
+	//            "metadata.index_name": {
+	//              "value": "*inf*"
+	//            }
+	//          }
+	//        }`
+	return
+}
--- a/plugin/api/init.go
+++ b/plugin/api/init.go
@ -33,18 +33,18 @@ func Init(cfg *config.AppConfig) {
 	api.HandleAPIMethod(api.GET, path.Join(pathPrefix, "rebuild/_search"), handler.HandleGetRebuildListAction)
 	api.HandleAPIMethod(api.DELETE, path.Join(pathPrefix, "rebuild/:id"), handler.HandleDeleteRebuildAction)

-	api.HandleAPIMethod(api.GET,  path.Join(esPrefix, "_cat/indices"), handler.HandleGetIndicesAction)
+	api.HandleAPIMethod(api.GET, path.Join(esPrefix, "_cat/indices"), handler.HandleGetIndicesAction)
 	api.HandleAPIMethod(api.GET, path.Join(esPrefix, "index/:index/_mappings"), handler.HandleGetMappingsAction)
 	api.HandleAPIMethod(api.GET, path.Join(esPrefix, "index/:index/_settings"), handler.HandleGetSettingsAction)
 	api.HandleAPIMethod(api.PUT, path.Join(esPrefix, "index/:index/_settings"), handler.HandleUpdateSettingsAction)
 	api.HandleAPIMethod(api.DELETE, path.Join(esPrefix, "index/:index"), handler.HandleDeleteIndexAction)
 	api.HandleAPIMethod(api.POST, path.Join(esPrefix, "index/:index"), handler.HandleCreateIndexAction)

-	api.HandleAPIMethod(api.POST,  path.Join(pathPrefix, "elasticsearch/command"), handler.HandleAddCommonCommandAction)
-	api.HandleAPIMethod(api.PUT,  path.Join(pathPrefix, "elasticsearch/command/:cid"), handler.HandleSaveCommonCommandAction)
+	api.HandleAPIMethod(api.POST, path.Join(pathPrefix, "elasticsearch/command"), handler.HandleAddCommonCommandAction)
+	api.HandleAPIMethod(api.PUT, path.Join(pathPrefix, "elasticsearch/command/:cid"), handler.HandleSaveCommonCommandAction)
 	api.HandleAPIMethod(api.GET, path.Join(pathPrefix, "elasticsearch/command"), handler.HandleQueryCommonCommandAction)
 	api.HandleAPIMethod(api.DELETE, path.Join(pathPrefix, "elasticsearch/command/:cid"), handler.HandleDeleteCommonCommandAction)
-
+	api.HandleAPIMethod(api.GET, path.Join(pathPrefix, "cluster/indices"), handler.ListIndex)
 	//task.RegisterScheduleTask(task.ScheduleTask{
 	//	Description: "sync reindex task result",
 	//	Task: func() {
--- a/plugin/api/rbac/role.go
+++ b/plugin/api/rbac/role.go
@ -67,19 +67,23 @@ func (h Rbac) SearchRole(w http.ResponseWriter, r *http.Request, ps httprouter.P
 	util.FromJSONBytes(res.Raw, &response)

 	list := response.Hits.Hits
+	total := response.GetTotal()
 	var index string
 	for _, v := range list {
 		index = v.Index
 	}
+	for k, v := range enum.BuildRoles {
+		list = append(list, elastic.IndexDocument{
+			ID:     k,
+			Index:  index,
+			Type:   "_doc",
+			Source: v,
+		})
+		total++
+	}

-	list = append(list, elastic.IndexDocument{
-		ID:     "admin",
-		Index:  index,
-		Type:   "_doc",
-		Source: enum.BuildRoles["admin"],
-	})
 	response.Hits.Hits = list
-	response.Hits.Total = response.GetTotal() + 1
+	response.Hits.Total = total

 	h.WriteOKJSON(w, response)
 	return