diff --git a/internal/biz/account.go b/internal/biz/account.go index 34440f58..53254aa2 100644 --- a/internal/biz/account.go +++ b/internal/biz/account.go @@ -99,6 +99,9 @@ func authorize(user Account) (m map[string]interface{}, err error) { "id": user.ID, "expire_in": 86400, "roles": []string{"admin"}, + "privilege": []string{ + "system_user:all", "system_role:all", "system_cluster:all", "system_command:all", + }, } return } diff --git a/internal/biz/enum/const.go b/internal/biz/enum/const.go index 2c1175a9..d2b08c17 100644 --- a/internal/biz/enum/const.go +++ b/internal/biz/enum/const.go @@ -8,11 +8,11 @@ var UserAll = []string{"user::read", "user::write"} var RoleRead = []string{"role::read"} var RoleAll = []string{"role::read", "role::write"} -//const RuleRead = "rule::read" -//const RuleAll = "rule::all" -// -//const InstanceRead = "instance::read" -//const InstanceAll = "instance::all" +var RuleRead = []string{"rule::read"} +var RuleAll = []string{"rule::read", "rule::write"} + +var InstanceRead = []string{"instance::read"} +var InstanceAll = []string{"instance::read", "instance::write"} var Admin []string var BuildRoles = make(map[string]map[string]interface{}, 0) @@ -21,14 +21,39 @@ var Permission = make(map[string][]string) func init() { Admin = append(Admin, UserAll...) Admin = append(Admin, RoleAll...) + + UserMenu := Menu{ + Id: "system_user", + Name: "用户管理", + Privilege: "all", + } + RoleMenu := Menu{ + Id: "system_role", + Name: "角色管理", + Privilege: "all", + } + AdminMenu := []Menu{ + UserMenu, RoleMenu, + } + BuildRoles["admin"] = map[string]interface{}{ "id": "admin", - "name": "admin", - "permission": Admin, + "name": "管理员", + "permission": AdminMenu, "builtin": true, "description": "is admin", "created": time.Now(), } + + BuildRoles["user_admin"] = map[string]interface{}{ + "id": "user_admin", + "name": "用户管理员", + "permission": UserMenu, + "builtin": true, + "description": "is user admin", + "created": time.Now(), + } + //自定义角色=》 =》permissionKey // userrole=> [cluster::all,clust] => permissionValue [cluster::read,cluster::write] // login=> userrole=> cluster::all =>permissionList[] diff --git a/internal/biz/enum/menu.go b/internal/biz/enum/menu.go new file mode 100644 index 00000000..f12602f7 --- /dev/null +++ b/internal/biz/enum/menu.go @@ -0,0 +1,7 @@ +package enum + +type Menu struct { + Id string `json:"id"` + Name string `json:"name"` + Privilege string `json:"privilege,omitempty"` +} diff --git a/internal/biz/role.go b/internal/biz/role.go index 52b67fbb..6566c29d 100644 --- a/internal/biz/role.go +++ b/internal/biz/role.go @@ -2,6 +2,7 @@ package biz import ( "fmt" + "infini.sh/console/internal/biz/enum" "infini.sh/console/internal/dto" "infini.sh/console/model/rbac" "infini.sh/framework/core/event" @@ -63,6 +64,10 @@ func NewRole(typ string) (r IRole, err error) { } func (role ConsoleRole) Create(localUser *User) (id string, err error) { + if _, ok := enum.BuildRoles[role.Name]; ok { + err = fmt.Errorf("role name %s already exists", role.Name) + return + } q := orm.Query{Size: 1} q.Conds = orm.And(orm.Eq("name", role.Name)) @@ -116,6 +121,11 @@ func (role ConsoleRole) Create(localUser *User) (id string, err error) { } func (role ElasticsearchRole) Create(localUser *User) (id string, err error) { + + if _, ok := enum.BuildRoles[role.Name]; ok { + err = fmt.Errorf("role name %s already exists", role.Name) + return + } q := orm.Query{Size: 1} q.Conds = orm.And(orm.Eq("name", role.Name)) diff --git a/plugin/api/index_management/index.go b/plugin/api/index_management/index.go index 50e48c97..519e60b9 100644 --- a/plugin/api/index_management/index.go +++ b/plugin/api/index_management/index.go @@ -6,12 +6,12 @@ import ( "strings" "time" + "infini.sh/console/config" + model2 "infini.sh/console/model" "infini.sh/framework/core/api" httprouter "infini.sh/framework/core/api/router" "infini.sh/framework/core/orm" "infini.sh/framework/core/util" - "infini.sh/console/config" - model2 "infini.sh/console/model" ) type APIHandler struct { @@ -116,3 +116,43 @@ func (handler APIHandler) UpdateDictItemAction(w http.ResponseWriter, req *http. handler.WriteJSON(w, resp, http.StatusOK) } +func (handler APIHandler) ListIndex(w http.ResponseWriter, req *http.Request, ps httprouter.Params) { + // clusterIds := handler.GetParameterOrDefault(req, "cluster_id", "") + // keyword := handler.GetParameterOrDefault(req, "keyword", "") + // Ids := strings.Split(clusterIds, ",") + // var dsl = `{ + // "_source": ["metadata.index_name"], + // "collapse": { + // "field": "metadata.index_name" + // }, + // "size": 100, + // "query": { + // "bool": { + // "must": [ + // { + // "terms": { + // "metadata.cluster_id": [%s] + // } + // },%s + // ], + // "must_not": [ + // { + // "term": { + // "metadata.labels.state": { + // "value": "delete" + // } + // } + // } + // ] + // } + // } + //}` + // var likeDsl = `{ + // "wildcard": { + // "metadata.index_name": { + // "value": "*inf*" + // } + // } + // }` + return +} diff --git a/plugin/api/init.go b/plugin/api/init.go index c7f323aa..cc10b933 100644 --- a/plugin/api/init.go +++ b/plugin/api/init.go @@ -33,18 +33,18 @@ func Init(cfg *config.AppConfig) { api.HandleAPIMethod(api.GET, path.Join(pathPrefix, "rebuild/_search"), handler.HandleGetRebuildListAction) api.HandleAPIMethod(api.DELETE, path.Join(pathPrefix, "rebuild/:id"), handler.HandleDeleteRebuildAction) - api.HandleAPIMethod(api.GET, path.Join(esPrefix, "_cat/indices"), handler.HandleGetIndicesAction) + api.HandleAPIMethod(api.GET, path.Join(esPrefix, "_cat/indices"), handler.HandleGetIndicesAction) api.HandleAPIMethod(api.GET, path.Join(esPrefix, "index/:index/_mappings"), handler.HandleGetMappingsAction) api.HandleAPIMethod(api.GET, path.Join(esPrefix, "index/:index/_settings"), handler.HandleGetSettingsAction) api.HandleAPIMethod(api.PUT, path.Join(esPrefix, "index/:index/_settings"), handler.HandleUpdateSettingsAction) api.HandleAPIMethod(api.DELETE, path.Join(esPrefix, "index/:index"), handler.HandleDeleteIndexAction) api.HandleAPIMethod(api.POST, path.Join(esPrefix, "index/:index"), handler.HandleCreateIndexAction) - api.HandleAPIMethod(api.POST, path.Join(pathPrefix, "elasticsearch/command"), handler.HandleAddCommonCommandAction) - api.HandleAPIMethod(api.PUT, path.Join(pathPrefix, "elasticsearch/command/:cid"), handler.HandleSaveCommonCommandAction) + api.HandleAPIMethod(api.POST, path.Join(pathPrefix, "elasticsearch/command"), handler.HandleAddCommonCommandAction) + api.HandleAPIMethod(api.PUT, path.Join(pathPrefix, "elasticsearch/command/:cid"), handler.HandleSaveCommonCommandAction) api.HandleAPIMethod(api.GET, path.Join(pathPrefix, "elasticsearch/command"), handler.HandleQueryCommonCommandAction) api.HandleAPIMethod(api.DELETE, path.Join(pathPrefix, "elasticsearch/command/:cid"), handler.HandleDeleteCommonCommandAction) - + api.HandleAPIMethod(api.GET, path.Join(pathPrefix, "cluster/indices"), handler.ListIndex) //task.RegisterScheduleTask(task.ScheduleTask{ // Description: "sync reindex task result", // Task: func() { diff --git a/plugin/api/rbac/role.go b/plugin/api/rbac/role.go index 73928ad6..92657cfa 100644 --- a/plugin/api/rbac/role.go +++ b/plugin/api/rbac/role.go @@ -67,19 +67,23 @@ func (h Rbac) SearchRole(w http.ResponseWriter, r *http.Request, ps httprouter.P util.FromJSONBytes(res.Raw, &response) list := response.Hits.Hits + total := response.GetTotal() var index string for _, v := range list { index = v.Index } + for k, v := range enum.BuildRoles { + list = append(list, elastic.IndexDocument{ + ID: k, + Index: index, + Type: "_doc", + Source: v, + }) + total++ + } - list = append(list, elastic.IndexDocument{ - ID: "admin", - Index: index, - Type: "_doc", - Source: enum.BuildRoles["admin"], - }) response.Hits.Hits = list - response.Hits.Total = response.GetTotal() + 1 + response.Hits.Total = total h.WriteOKJSON(w, response) return