fix: (rbac) login privllege
This commit is contained in:
parent
2c1b792977
commit
fbacc4ab62
|
@ -99,6 +99,9 @@ func authorize(user Account) (m map[string]interface{}, err error) {
|
|||
"id": user.ID,
|
||||
"expire_in": 86400,
|
||||
"roles": []string{"admin"},
|
||||
"privilege": []string{
|
||||
"system_user:all", "system_role:all", "system_cluster:all", "system_command:all",
|
||||
},
|
||||
}
|
||||
return
|
||||
}
|
||||
|
|
|
@ -8,11 +8,11 @@ var UserAll = []string{"user::read", "user::write"}
|
|||
var RoleRead = []string{"role::read"}
|
||||
var RoleAll = []string{"role::read", "role::write"}
|
||||
|
||||
//const RuleRead = "rule::read"
|
||||
//const RuleAll = "rule::all"
|
||||
//
|
||||
//const InstanceRead = "instance::read"
|
||||
//const InstanceAll = "instance::all"
|
||||
var RuleRead = []string{"rule::read"}
|
||||
var RuleAll = []string{"rule::read", "rule::write"}
|
||||
|
||||
var InstanceRead = []string{"instance::read"}
|
||||
var InstanceAll = []string{"instance::read", "instance::write"}
|
||||
|
||||
var Admin []string
|
||||
var BuildRoles = make(map[string]map[string]interface{}, 0)
|
||||
|
@ -21,14 +21,39 @@ var Permission = make(map[string][]string)
|
|||
func init() {
|
||||
Admin = append(Admin, UserAll...)
|
||||
Admin = append(Admin, RoleAll...)
|
||||
|
||||
UserMenu := Menu{
|
||||
Id: "system_user",
|
||||
Name: "用户管理",
|
||||
Privilege: "all",
|
||||
}
|
||||
RoleMenu := Menu{
|
||||
Id: "system_role",
|
||||
Name: "角色管理",
|
||||
Privilege: "all",
|
||||
}
|
||||
AdminMenu := []Menu{
|
||||
UserMenu, RoleMenu,
|
||||
}
|
||||
|
||||
BuildRoles["admin"] = map[string]interface{}{
|
||||
"id": "admin",
|
||||
"name": "admin",
|
||||
"permission": Admin,
|
||||
"name": "管理员",
|
||||
"permission": AdminMenu,
|
||||
"builtin": true,
|
||||
"description": "is admin",
|
||||
"created": time.Now(),
|
||||
}
|
||||
|
||||
BuildRoles["user_admin"] = map[string]interface{}{
|
||||
"id": "user_admin",
|
||||
"name": "用户管理员",
|
||||
"permission": UserMenu,
|
||||
"builtin": true,
|
||||
"description": "is user admin",
|
||||
"created": time.Now(),
|
||||
}
|
||||
|
||||
//自定义角色=》 =》permissionKey
|
||||
// userrole=> [cluster::all,clust] => permissionValue [cluster::read,cluster::write]
|
||||
// login=> userrole=> cluster::all =>permissionList[]
|
||||
|
|
|
@ -0,0 +1,7 @@
|
|||
package enum
|
||||
|
||||
type Menu struct {
|
||||
Id string `json:"id"`
|
||||
Name string `json:"name"`
|
||||
Privilege string `json:"privilege,omitempty"`
|
||||
}
|
|
@ -2,6 +2,7 @@ package biz
|
|||
|
||||
import (
|
||||
"fmt"
|
||||
"infini.sh/console/internal/biz/enum"
|
||||
"infini.sh/console/internal/dto"
|
||||
"infini.sh/console/model/rbac"
|
||||
"infini.sh/framework/core/event"
|
||||
|
@ -63,6 +64,10 @@ func NewRole(typ string) (r IRole, err error) {
|
|||
}
|
||||
|
||||
func (role ConsoleRole) Create(localUser *User) (id string, err error) {
|
||||
if _, ok := enum.BuildRoles[role.Name]; ok {
|
||||
err = fmt.Errorf("role name %s already exists", role.Name)
|
||||
return
|
||||
}
|
||||
q := orm.Query{Size: 1}
|
||||
q.Conds = orm.And(orm.Eq("name", role.Name))
|
||||
|
||||
|
@ -116,6 +121,11 @@ func (role ConsoleRole) Create(localUser *User) (id string, err error) {
|
|||
|
||||
}
|
||||
func (role ElasticsearchRole) Create(localUser *User) (id string, err error) {
|
||||
|
||||
if _, ok := enum.BuildRoles[role.Name]; ok {
|
||||
err = fmt.Errorf("role name %s already exists", role.Name)
|
||||
return
|
||||
}
|
||||
q := orm.Query{Size: 1}
|
||||
q.Conds = orm.And(orm.Eq("name", role.Name))
|
||||
|
||||
|
|
|
@ -6,12 +6,12 @@ import (
|
|||
"strings"
|
||||
"time"
|
||||
|
||||
"infini.sh/console/config"
|
||||
model2 "infini.sh/console/model"
|
||||
"infini.sh/framework/core/api"
|
||||
httprouter "infini.sh/framework/core/api/router"
|
||||
"infini.sh/framework/core/orm"
|
||||
"infini.sh/framework/core/util"
|
||||
"infini.sh/console/config"
|
||||
model2 "infini.sh/console/model"
|
||||
)
|
||||
|
||||
type APIHandler struct {
|
||||
|
@ -116,3 +116,43 @@ func (handler APIHandler) UpdateDictItemAction(w http.ResponseWriter, req *http.
|
|||
handler.WriteJSON(w, resp, http.StatusOK)
|
||||
|
||||
}
|
||||
func (handler APIHandler) ListIndex(w http.ResponseWriter, req *http.Request, ps httprouter.Params) {
|
||||
// clusterIds := handler.GetParameterOrDefault(req, "cluster_id", "")
|
||||
// keyword := handler.GetParameterOrDefault(req, "keyword", "")
|
||||
// Ids := strings.Split(clusterIds, ",")
|
||||
// var dsl = `{
|
||||
// "_source": ["metadata.index_name"],
|
||||
// "collapse": {
|
||||
// "field": "metadata.index_name"
|
||||
// },
|
||||
// "size": 100,
|
||||
// "query": {
|
||||
// "bool": {
|
||||
// "must": [
|
||||
// {
|
||||
// "terms": {
|
||||
// "metadata.cluster_id": [%s]
|
||||
// }
|
||||
// },%s
|
||||
// ],
|
||||
// "must_not": [
|
||||
// {
|
||||
// "term": {
|
||||
// "metadata.labels.state": {
|
||||
// "value": "delete"
|
||||
// }
|
||||
// }
|
||||
// }
|
||||
// ]
|
||||
// }
|
||||
// }
|
||||
//}`
|
||||
// var likeDsl = `{
|
||||
// "wildcard": {
|
||||
// "metadata.index_name": {
|
||||
// "value": "*inf*"
|
||||
// }
|
||||
// }
|
||||
// }`
|
||||
return
|
||||
}
|
||||
|
|
|
@ -33,18 +33,18 @@ func Init(cfg *config.AppConfig) {
|
|||
api.HandleAPIMethod(api.GET, path.Join(pathPrefix, "rebuild/_search"), handler.HandleGetRebuildListAction)
|
||||
api.HandleAPIMethod(api.DELETE, path.Join(pathPrefix, "rebuild/:id"), handler.HandleDeleteRebuildAction)
|
||||
|
||||
api.HandleAPIMethod(api.GET, path.Join(esPrefix, "_cat/indices"), handler.HandleGetIndicesAction)
|
||||
api.HandleAPIMethod(api.GET, path.Join(esPrefix, "_cat/indices"), handler.HandleGetIndicesAction)
|
||||
api.HandleAPIMethod(api.GET, path.Join(esPrefix, "index/:index/_mappings"), handler.HandleGetMappingsAction)
|
||||
api.HandleAPIMethod(api.GET, path.Join(esPrefix, "index/:index/_settings"), handler.HandleGetSettingsAction)
|
||||
api.HandleAPIMethod(api.PUT, path.Join(esPrefix, "index/:index/_settings"), handler.HandleUpdateSettingsAction)
|
||||
api.HandleAPIMethod(api.DELETE, path.Join(esPrefix, "index/:index"), handler.HandleDeleteIndexAction)
|
||||
api.HandleAPIMethod(api.POST, path.Join(esPrefix, "index/:index"), handler.HandleCreateIndexAction)
|
||||
|
||||
api.HandleAPIMethod(api.POST, path.Join(pathPrefix, "elasticsearch/command"), handler.HandleAddCommonCommandAction)
|
||||
api.HandleAPIMethod(api.PUT, path.Join(pathPrefix, "elasticsearch/command/:cid"), handler.HandleSaveCommonCommandAction)
|
||||
api.HandleAPIMethod(api.POST, path.Join(pathPrefix, "elasticsearch/command"), handler.HandleAddCommonCommandAction)
|
||||
api.HandleAPIMethod(api.PUT, path.Join(pathPrefix, "elasticsearch/command/:cid"), handler.HandleSaveCommonCommandAction)
|
||||
api.HandleAPIMethod(api.GET, path.Join(pathPrefix, "elasticsearch/command"), handler.HandleQueryCommonCommandAction)
|
||||
api.HandleAPIMethod(api.DELETE, path.Join(pathPrefix, "elasticsearch/command/:cid"), handler.HandleDeleteCommonCommandAction)
|
||||
|
||||
api.HandleAPIMethod(api.GET, path.Join(pathPrefix, "cluster/indices"), handler.ListIndex)
|
||||
//task.RegisterScheduleTask(task.ScheduleTask{
|
||||
// Description: "sync reindex task result",
|
||||
// Task: func() {
|
||||
|
|
|
@ -67,19 +67,23 @@ func (h Rbac) SearchRole(w http.ResponseWriter, r *http.Request, ps httprouter.P
|
|||
util.FromJSONBytes(res.Raw, &response)
|
||||
|
||||
list := response.Hits.Hits
|
||||
total := response.GetTotal()
|
||||
var index string
|
||||
for _, v := range list {
|
||||
index = v.Index
|
||||
}
|
||||
for k, v := range enum.BuildRoles {
|
||||
list = append(list, elastic.IndexDocument{
|
||||
ID: k,
|
||||
Index: index,
|
||||
Type: "_doc",
|
||||
Source: v,
|
||||
})
|
||||
total++
|
||||
}
|
||||
|
||||
list = append(list, elastic.IndexDocument{
|
||||
ID: "admin",
|
||||
Index: index,
|
||||
Type: "_doc",
|
||||
Source: enum.BuildRoles["admin"],
|
||||
})
|
||||
response.Hits.Hits = list
|
||||
response.Hits.Total = response.GetTotal() + 1
|
||||
response.Hits.Total = total
|
||||
|
||||
h.WriteOKJSON(w, response)
|
||||
return
|
||||
|
|
Loading…
Reference in New Issue