fix: (rbac) login privllege

internal/biz/account.go

@@ -99,6 +99,9 @@ func authorize(user Account) (m map[string]interface{}, err error) {
 		"id":           user.ID,
 		"expire_in":    86400,
 		"roles":        []string{"admin"},
+		"privilege": []string{
+			"system_user:all", "system_role:all", "system_cluster:all", "system_command:all",
+		},
 	}
 	return
 }

internal/biz/enum/const.go

@@ -8,11 +8,11 @@ var UserAll = []string{"user::read", "user::write"}
 var RoleRead = []string{"role::read"}
 var RoleAll = []string{"role::read", "role::write"}
 
-//const RuleRead = "rule::read"
+var RuleRead = []string{"rule::read"}
-//const RuleAll = "rule::all"
+var RuleAll = []string{"rule::read", "rule::write"}
-//
+
-//const InstanceRead = "instance::read"
+var InstanceRead = []string{"instance::read"}
-//const InstanceAll = "instance::all"
+var InstanceAll = []string{"instance::read", "instance::write"}
 
 var Admin []string
 var BuildRoles = make(map[string]map[string]interface{}, 0)
@@ -21,14 +21,39 @@ var Permission = make(map[string][]string)
 func init() {
 	Admin = append(Admin, UserAll...)
 	Admin = append(Admin, RoleAll...)
+
+	UserMenu := Menu{
+		Id:        "system_user",
+		Name:      "用户管理",
+		Privilege: "all",
+	}
+	RoleMenu := Menu{
+		Id:        "system_role",
+		Name:      "角色管理",
+		Privilege: "all",
+	}
+	AdminMenu := []Menu{
+		UserMenu, RoleMenu,
+	}
+
 	BuildRoles["admin"] = map[string]interface{}{
 		"id":          "admin",
-		"name":        "admin",
+		"name":        "管理员",
-		"permission":  Admin,
+		"permission":  AdminMenu,
 		"builtin":     true,
 		"description": "is admin",
 		"created":     time.Now(),
 	}
+
+	BuildRoles["user_admin"] = map[string]interface{}{
+		"id":          "user_admin",
+		"name":        "用户管理员",
+		"permission":  UserMenu,
+		"builtin":     true,
+		"description": "is user admin",
+		"created":     time.Now(),
+	}
+
 	//自定义角色=》 =》permissionKey
 	// userrole=> [cluster::all,clust] =>  permissionValue [cluster::read,cluster::write]
 	// login=> userrole=> cluster::all =>permissionList[]

internal/biz/enum/menu.go

@@ -0,0 +1,7 @@
+package enum
+
+type Menu struct {
+	Id        string `json:"id"`
+	Name      string `json:"name"`
+	Privilege string `json:"privilege,omitempty"`
+}

internal/biz/role.go

@@ -2,6 +2,7 @@ package biz
 
 import (
 	"fmt"
+	"infini.sh/console/internal/biz/enum"
 	"infini.sh/console/internal/dto"
 	"infini.sh/console/model/rbac"
 	"infini.sh/framework/core/event"
@@ -63,6 +64,10 @@ func NewRole(typ string) (r IRole, err error) {
 }
 
 func (role ConsoleRole) Create(localUser *User) (id string, err error) {
+	if _, ok := enum.BuildRoles[role.Name]; ok {
+		err = fmt.Errorf("role name %s already exists", role.Name)
+		return
+	}
 	q := orm.Query{Size: 1}
 	q.Conds = orm.And(orm.Eq("name", role.Name))
 
@@ -116,6 +121,11 @@ func (role ConsoleRole) Create(localUser *User) (id string, err error) {
 
 }
 func (role ElasticsearchRole) Create(localUser *User) (id string, err error) {
+
+	if _, ok := enum.BuildRoles[role.Name]; ok {
+		err = fmt.Errorf("role name %s already exists", role.Name)
+		return
+	}
 	q := orm.Query{Size: 1}
 	q.Conds = orm.And(orm.Eq("name", role.Name))
 

plugin/api/index_management/index.go

@@ -6,12 +6,12 @@ import (
 	"strings"
 	"time"
 
+	"infini.sh/console/config"
+	model2 "infini.sh/console/model"
 	"infini.sh/framework/core/api"
 	httprouter "infini.sh/framework/core/api/router"
 	"infini.sh/framework/core/orm"
 	"infini.sh/framework/core/util"
-	"infini.sh/console/config"
-	model2 "infini.sh/console/model"
 )
 
 type APIHandler struct {
@@ -116,3 +116,43 @@ func (handler APIHandler) UpdateDictItemAction(w http.ResponseWriter, req *http.
 	handler.WriteJSON(w, resp, http.StatusOK)
 
 }
+func (handler APIHandler) ListIndex(w http.ResponseWriter, req *http.Request, ps httprouter.Params) {
+	//	clusterIds := handler.GetParameterOrDefault(req, "cluster_id", "")
+	//	keyword := handler.GetParameterOrDefault(req, "keyword", "")
+	//	Ids := strings.Split(clusterIds, ",")
+	//	var dsl = `{
+	//  "_source": ["metadata.index_name"],
+	//  "collapse": {
+	//    "field": "metadata.index_name"
+	//  },
+	//  "size": 100,
+	//  "query": {
+	//    "bool": {
+	//      "must": [
+	//        {
+	//          "terms": {
+	//            "metadata.cluster_id": [%s]
+	//          }
+	//        },%s
+	//      ],
+	//      "must_not": [
+	//        {
+	//          "term": {
+	//            "metadata.labels.state": {
+	//              "value": "delete"
+	//            }
+	//          }
+	//        }
+	//      ]
+	//    }
+	//  }
+	//}`
+	//	var likeDsl = `{
+	//          "wildcard": {
+	//            "metadata.index_name": {
+	//              "value": "*inf*"
+	//            }
+	//          }
+	//        }`
+	return
+}

plugin/api/init.go

@@ -44,7 +44,7 @@ func Init(cfg *config.AppConfig) {
 	api.HandleAPIMethod(api.PUT, path.Join(pathPrefix, "elasticsearch/command/:cid"), handler.HandleSaveCommonCommandAction)
 	api.HandleAPIMethod(api.GET, path.Join(pathPrefix, "elasticsearch/command"), handler.HandleQueryCommonCommandAction)
 	api.HandleAPIMethod(api.DELETE, path.Join(pathPrefix, "elasticsearch/command/:cid"), handler.HandleDeleteCommonCommandAction)
-
+	api.HandleAPIMethod(api.GET, path.Join(pathPrefix, "cluster/indices"), handler.ListIndex)
 	//task.RegisterScheduleTask(task.ScheduleTask{
 	//	Description: "sync reindex task result",
 	//	Task: func() {

plugin/api/rbac/role.go

@@ -67,19 +67,23 @@ func (h Rbac) SearchRole(w http.ResponseWriter, r *http.Request, ps httprouter.P
 	util.FromJSONBytes(res.Raw, &response)
 
 	list := response.Hits.Hits
+	total := response.GetTotal()
 	var index string
 	for _, v := range list {
 		index = v.Index
 	}
-
+	for k, v := range enum.BuildRoles {
 		list = append(list, elastic.IndexDocument{
-		ID:     "admin",
+			ID:     k,
 			Index:  index,
 			Type:   "_doc",
-		Source: enum.BuildRoles["admin"],
+			Source: v,
 		})
+		total++
+	}
+
 	response.Hits.Hits = list
-	response.Hits.Total = response.GetTotal() + 1
+	response.Hits.Total = total
 
 	h.WriteOKJSON(w, response)
 	return