add perm function in routers

This commit is contained in:
Ulric Qin 2021-12-10 09:44:06 +08:00
parent d2cb48a2ef
commit 964d50b4e7
2 changed files with 92 additions and 66 deletions

View File

@ -78,25 +78,51 @@ CREATE TABLE `role_operation`(
-- Admin is special, who has no concrete operation but can do anything.
insert into `role_operation`(role_name, operation) values('Guest', '/metric/explorer');
insert into `role_operation`(role_name, operation) values('Guest', '/object/explorer');
insert into `role_operation`(role_name, operation) values('Guest', '/dashboards');
insert into `role_operation`(role_name, operation) values('Guest', '/help/version');
insert into `role_operation`(role_name, operation) values('Guest', '/help/contact');
insert into `role_operation`(role_name, operation) values('Standard', '/metric/explorer');
insert into `role_operation`(role_name, operation) values('Standard', '/object/explorer');
insert into `role_operation`(role_name, operation) values('Standard', '/dashboards');
insert into `role_operation`(role_name, operation) values('Standard', '/users');
insert into `role_operation`(role_name, operation) values('Standard', '/user-groups');
insert into `role_operation`(role_name, operation) values('Standard', '/busi-groups');
insert into `role_operation`(role_name, operation) values('Standard', '/targets');
insert into `role_operation`(role_name, operation) values('Standard', '/alert-rules');
insert into `role_operation`(role_name, operation) values('Standard', '/alert-mutes');
insert into `role_operation`(role_name, operation) values('Standard', '/alert-subscribes');
insert into `role_operation`(role_name, operation) values('Standard', '/alert-cur-events');
insert into `role_operation`(role_name, operation) values('Standard', '/alert-his-events');
insert into `role_operation`(role_name, operation) values('Standard', '/job-tpls');
insert into `role_operation`(role_name, operation) values('Standard', '/job-tasks');
insert into `role_operation`(role_name, operation) values('Standard', '/help/version');
insert into `role_operation`(role_name, operation) values('Standard', '/help/contact');
insert into `role_operation`(role_name, operation) values('Standard', '/users');
insert into `role_operation`(role_name, operation) values('Standard', '/user-groups');
insert into `role_operation`(role_name, operation) values('Standard', '/user-groups/add');
insert into `role_operation`(role_name, operation) values('Standard', '/user-groups/put');
insert into `role_operation`(role_name, operation) values('Standard', '/user-groups/del');
insert into `role_operation`(role_name, operation) values('Standard', '/busi-groups');
insert into `role_operation`(role_name, operation) values('Standard', '/busi-groups/add');
insert into `role_operation`(role_name, operation) values('Standard', '/busi-groups/put');
insert into `role_operation`(role_name, operation) values('Standard', '/busi-groups/del');
insert into `role_operation`(role_name, operation) values('Standard', '/targets');
insert into `role_operation`(role_name, operation) values('Standard', '/targets/add');
insert into `role_operation`(role_name, operation) values('Standard', '/targets/put');
insert into `role_operation`(role_name, operation) values('Standard', '/targets/del');
insert into `role_operation`(role_name, operation) values('Standard', '/dashboards');
insert into `role_operation`(role_name, operation) values('Standard', '/dashboards/add');
insert into `role_operation`(role_name, operation) values('Standard', '/dashboards/put');
insert into `role_operation`(role_name, operation) values('Standard', '/dashboards/del');
insert into `role_operation`(role_name, operation) values('Standard', '/alert-rules');
insert into `role_operation`(role_name, operation) values('Standard', '/alert-rules/add');
insert into `role_operation`(role_name, operation) values('Standard', '/alert-rules/put');
insert into `role_operation`(role_name, operation) values('Standard', '/alert-rules/del');
insert into `role_operation`(role_name, operation) values('Standard', '/alert-mutes');
insert into `role_operation`(role_name, operation) values('Standard', '/alert-mutes/add');
insert into `role_operation`(role_name, operation) values('Standard', '/alert-mutes/del');
insert into `role_operation`(role_name, operation) values('Standard', '/alert-subscribes');
insert into `role_operation`(role_name, operation) values('Standard', '/alert-subscribes/add');
insert into `role_operation`(role_name, operation) values('Standard', '/alert-subscribes/put');
insert into `role_operation`(role_name, operation) values('Standard', '/alert-subscribes/del');
insert into `role_operation`(role_name, operation) values('Standard', '/alert-cur-events');
insert into `role_operation`(role_name, operation) values('Standard', '/alert-cur-events/del');
insert into `role_operation`(role_name, operation) values('Standard', '/alert-his-events');
insert into `role_operation`(role_name, operation) values('Standard', '/job-tpls');
insert into `role_operation`(role_name, operation) values('Standard', '/job-tpls/add');
insert into `role_operation`(role_name, operation) values('Standard', '/job-tpls/put');
insert into `role_operation`(role_name, operation) values('Standard', '/job-tpls/del');
insert into `role_operation`(role_name, operation) values('Standard', '/job-tasks');
insert into `role_operation`(role_name, operation) values('Standard', '/job-tasks/add');
insert into `role_operation`(role_name, operation) values('Standard', '/job-tasks/put');
-- for alert_rule | collect_rule | mute | dashboard grouping
CREATE TABLE `busi_group` (

View File

@ -127,7 +127,7 @@ func configRoute(r *gin.Engine, version string) {
pages.PUT("/self/profile", jwtAuth(), user(), selfProfilePut)
pages.PUT("/self/password", jwtAuth(), user(), selfPasswordPut)
pages.GET("/users", jwtAuth(), user(), userGets)
pages.GET("/users", jwtAuth(), user(), perm("/users"), userGets)
pages.POST("/users", jwtAuth(), admin(), userAddPost)
pages.GET("/user/:id/profile", jwtAuth(), userProfileGet)
pages.PUT("/user/:id/profile", jwtAuth(), admin(), userProfilePut)
@ -135,39 +135,39 @@ func configRoute(r *gin.Engine, version string) {
pages.DELETE("/user/:id", jwtAuth(), admin(), userDel)
pages.GET("/user-groups", jwtAuth(), user(), userGroupGets)
pages.POST("/user-groups", jwtAuth(), user(), perm("/user-groups"), userGroupAdd)
pages.POST("/user-groups", jwtAuth(), user(), perm("/user-groups/add"), userGroupAdd)
pages.GET("/user-group/:id", jwtAuth(), user(), userGroupGet)
pages.PUT("/user-group/:id", jwtAuth(), user(), userGroupWrite(), userGroupPut)
pages.DELETE("/user-group/:id", jwtAuth(), user(), userGroupWrite(), userGroupDel)
pages.POST("/user-group/:id/members", jwtAuth(), user(), userGroupWrite(), userGroupMemberAdd)
pages.DELETE("/user-group/:id/members", jwtAuth(), user(), userGroupWrite(), userGroupMemberDel)
pages.GET("/user-group/:id/perm/:perm", jwtAuth(), user(), checkBusiGroupPerm)
pages.PUT("/user-group/:id", jwtAuth(), user(), perm("/user-groups/put"), userGroupWrite(), userGroupPut)
pages.DELETE("/user-group/:id", jwtAuth(), user(), perm("/user-groups/del"), userGroupWrite(), userGroupDel)
pages.POST("/user-group/:id/members", jwtAuth(), user(), perm("/user-groups/put"), userGroupWrite(), userGroupMemberAdd)
pages.DELETE("/user-group/:id/members", jwtAuth(), user(), perm("/user-groups/put"), userGroupWrite(), userGroupMemberDel)
pages.GET("/busi-groups", jwtAuth(), user(), busiGroupGets)
pages.POST("/busi-groups", jwtAuth(), user(), perm("/busi-groups"), busiGroupAdd)
pages.POST("/busi-groups", jwtAuth(), user(), perm("/busi-groups/add"), busiGroupAdd)
pages.GET("/busi-groups/alertings", jwtAuth(), busiGroupAlertingsGets)
pages.GET("/busi-group/:id", jwtAuth(), user(), bgro(), busiGroupGet)
pages.PUT("/busi-group/:id", jwtAuth(), user(), bgrw(), busiGroupPut)
pages.POST("/busi-group/:id/members", jwtAuth(), user(), bgrw(), busiGroupMemberAdd)
pages.DELETE("/busi-group/:id/members", jwtAuth(), user(), bgrw(), busiGroupMemberDel)
pages.DELETE("/busi-group/:id", jwtAuth(), user(), bgrw(), busiGroupDel)
pages.PUT("/busi-group/:id", jwtAuth(), user(), perm("/busi-groups/put"), bgrw(), busiGroupPut)
pages.POST("/busi-group/:id/members", jwtAuth(), user(), perm("/busi-groups/put"), bgrw(), busiGroupMemberAdd)
pages.DELETE("/busi-group/:id/members", jwtAuth(), user(), perm("/busi-groups/put"), bgrw(), busiGroupMemberDel)
pages.DELETE("/busi-group/:id", jwtAuth(), user(), perm("/busi-groups/del"), bgrw(), busiGroupDel)
pages.GET("/busi-group/:id/perm/:perm", jwtAuth(), user(), checkBusiGroupPerm)
pages.GET("/targets", jwtAuth(), user(), targetGets)
pages.DELETE("/targets", jwtAuth(), user(), targetDel)
pages.GET("/targets/tags", jwtAuth(), user(), targetGetTags)
pages.POST("/targets/tags", jwtAuth(), user(), targetBindTags)
pages.DELETE("/targets/tags", jwtAuth(), user(), targetUnbindTags)
pages.PUT("/targets/note", jwtAuth(), user(), targetUpdateNote)
pages.PUT("/targets/bgid", jwtAuth(), user(), targetUpdateBgid)
pages.GET("/targets", jwtAuth(), user(), perm("/targets"), targetGets)
pages.DELETE("/targets", jwtAuth(), user(), perm("/targets/del"), targetDel)
pages.GET("/targets/tags", jwtAuth(), user(), perm("/targets"), targetGetTags)
pages.POST("/targets/tags", jwtAuth(), user(), perm("/targets/put"), targetBindTags)
pages.DELETE("/targets/tags", jwtAuth(), user(), perm("/targets/put"), targetUnbindTags)
pages.PUT("/targets/note", jwtAuth(), user(), perm("/targets/put"), targetUpdateNote)
pages.PUT("/targets/bgid", jwtAuth(), user(), perm("/targets/put"), targetUpdateBgid)
pages.GET("/busi-group/:id/dashboards", jwtAuth(), user(), bgro(), dashboardGets)
pages.POST("/busi-group/:id/dashboards", jwtAuth(), user(), bgrw(), dashboardAdd)
pages.POST("/busi-group/:id/dashboards/export", jwtAuth(), user(), bgro(), dashboardExport)
pages.POST("/busi-group/:id/dashboards/import", jwtAuth(), user(), bgrw(), dashboardImport)
pages.POST("/busi-group/:id/dashboard/:did/clone", jwtAuth(), user(), bgrw(), dashboardClone)
pages.GET("/busi-group/:id/dashboard/:did", jwtAuth(), user(), bgro(), dashboardGet)
pages.PUT("/busi-group/:id/dashboard/:did", jwtAuth(), user(), bgrw(), dashboardPut)
pages.DELETE("/busi-group/:id/dashboard/:did", jwtAuth(), user(), bgrw(), dashboardDel)
pages.GET("/busi-group/:id/dashboards", jwtAuth(), user(), perm("/dashboards"), bgro(), dashboardGets)
pages.POST("/busi-group/:id/dashboards", jwtAuth(), user(), perm("/dashboards/add"), bgrw(), dashboardAdd)
pages.POST("/busi-group/:id/dashboards/export", jwtAuth(), user(), perm("/dashboards"), bgro(), dashboardExport)
pages.POST("/busi-group/:id/dashboards/import", jwtAuth(), user(), perm("/dashboards/add"), bgrw(), dashboardImport)
pages.POST("/busi-group/:id/dashboard/:did/clone", jwtAuth(), user(), perm("/dashboards/add"), bgrw(), dashboardClone)
pages.GET("/busi-group/:id/dashboard/:did", jwtAuth(), user(), perm("/dashboards"), bgro(), dashboardGet)
pages.PUT("/busi-group/:id/dashboard/:did", jwtAuth(), user(), perm("/dashboards/put"), bgrw(), dashboardPut)
pages.DELETE("/busi-group/:id/dashboard/:did", jwtAuth(), user(), perm("/dashboards/del"), bgrw(), dashboardDel)
pages.GET("/busi-group/:id/chart-groups", jwtAuth(), user(), bgro(), chartGroupGets)
pages.POST("/busi-group/:id/chart-groups", jwtAuth(), user(), bgrw(), chartGroupAdd)
@ -182,22 +182,22 @@ func configRoute(r *gin.Engine, version string) {
pages.GET("/share-charts", chartShareGets)
pages.POST("/share-charts", jwtAuth(), chartShareAdd)
pages.GET("/busi-group/:id/alert-rules", jwtAuth(), user(), alertRuleGets)
pages.POST("/busi-group/:id/alert-rules", jwtAuth(), user(), bgrw(), alertRuleAdd)
pages.DELETE("/busi-group/:id/alert-rules", jwtAuth(), user(), bgrw(), alertRuleDel)
pages.PUT("/busi-group/:id/alert-rules/fields", jwtAuth(), user(), bgrw(), alertRulePutFields)
pages.PUT("/busi-group/:id/alert-rule/:arid", jwtAuth(), user(), bgrw(), alertRulePut)
pages.GET("/alert-rule/:arid", jwtAuth(), user(), alertRuleGet)
pages.GET("/busi-group/:id/alert-rules", jwtAuth(), user(), perm("/alert-rules"), alertRuleGets)
pages.POST("/busi-group/:id/alert-rules", jwtAuth(), user(), perm("/alert-rules/add"), bgrw(), alertRuleAdd)
pages.DELETE("/busi-group/:id/alert-rules", jwtAuth(), user(), perm("/alert-rules/del"), bgrw(), alertRuleDel)
pages.PUT("/busi-group/:id/alert-rules/fields", jwtAuth(), user(), perm("/alert-rules/put"), bgrw(), alertRulePutFields)
pages.PUT("/busi-group/:id/alert-rule/:arid", jwtAuth(), user(), perm("/alert-rules/put"), bgrw(), alertRulePut)
pages.GET("/alert-rule/:arid", jwtAuth(), user(), perm("/alert-rules"), alertRuleGet)
pages.GET("/busi-group/:id/alert-mutes", jwtAuth(), user(), bgro(), alertMuteGets)
pages.POST("/busi-group/:id/alert-mutes", jwtAuth(), user(), bgrw(), alertMuteAdd)
pages.DELETE("/busi-group/:id/alert-mutes", jwtAuth(), user(), bgrw(), alertMuteDel)
pages.GET("/busi-group/:id/alert-mutes", jwtAuth(), user(), perm("/alert-mutes"), bgro(), alertMuteGets)
pages.POST("/busi-group/:id/alert-mutes", jwtAuth(), user(), perm("/alert-mutes/add"), bgrw(), alertMuteAdd)
pages.DELETE("/busi-group/:id/alert-mutes", jwtAuth(), user(), perm("/alert-mutes/del"), bgrw(), alertMuteDel)
pages.GET("/busi-group/:id/alert-subscribes", jwtAuth(), user(), bgro(), alertSubscribeGets)
pages.GET("/alert-subscribe/:sid", jwtAuth(), user(), alertSubscribeGet)
pages.POST("/busi-group/:id/alert-subscribes", jwtAuth(), user(), bgrw(), alertSubscribeAdd)
pages.PUT("/busi-group/:id/alert-subscribes", jwtAuth(), user(), bgrw(), alertSubscribePut)
pages.DELETE("/busi-group/:id/alert-subscribes", jwtAuth(), user(), bgrw(), alertSubscribeDel)
pages.GET("/busi-group/:id/alert-subscribes", jwtAuth(), user(), perm("/alert-subscribes"), bgro(), alertSubscribeGets)
pages.GET("/alert-subscribe/:sid", jwtAuth(), user(), perm("/alert-subscribes"), alertSubscribeGet)
pages.POST("/busi-group/:id/alert-subscribes", jwtAuth(), user(), perm("/alert-subscribes/add"), bgrw(), alertSubscribeAdd)
pages.PUT("/busi-group/:id/alert-subscribes", jwtAuth(), user(), perm("/alert-subscribes/put"), bgrw(), alertSubscribePut)
pages.DELETE("/busi-group/:id/alert-subscribes", jwtAuth(), user(), perm("/alert-subscribes/del"), bgrw(), alertSubscribeDel)
// pages.GET("/busi-group/:id/collect-rules", jwtAuth(), user(), bgro(), collectRuleGets)
// pages.POST("/busi-group/:id/collect-rules", jwtAuth(), user(), bgrw(), collectRuleAdd)
@ -207,7 +207,7 @@ func configRoute(r *gin.Engine, version string) {
pages.GET("/busi-group/:id/alert-his-events", jwtAuth(), user(), bgro(), alertHisEventGets)
pages.GET("/busi-group/:id/alert-cur-events", jwtAuth(), user(), bgro(), alertCurEventGets)
pages.DELETE("/busi-group/:id/alert-cur-events", jwtAuth(), user(), bgrw(), alertCurEventDel)
pages.DELETE("/busi-group/:id/alert-cur-events", jwtAuth(), user(), perm("/alert-cur-events/del"), bgrw(), alertCurEventDel)
if config.C.AnonymousAccess.AlertDetail {
pages.GET("/alert-cur-event/:eid", alertCurEventGet)
@ -217,18 +217,18 @@ func configRoute(r *gin.Engine, version string) {
pages.GET("/alert-his-event/:eid", jwtAuth(), alertHisEventGet)
}
pages.GET("/busi-group/:id/task-tpls", jwtAuth(), user(), bgro(), taskTplGets)
pages.POST("/busi-group/:id/task-tpls", jwtAuth(), user(), bgrw(), taskTplAdd)
pages.DELETE("/busi-group/:id/task-tpl/:tid", jwtAuth(), user(), bgrw(), taskTplDel)
pages.POST("/busi-group/:id/task-tpls/tags", jwtAuth(), user(), bgrw(), taskTplBindTags)
pages.DELETE("/busi-group/:id/task-tpls/tags", jwtAuth(), user(), bgrw(), taskTplUnbindTags)
pages.GET("/busi-group/:id/task-tpl/:tid", jwtAuth(), user(), bgro(), taskTplGet)
pages.PUT("/busi-group/:id/task-tpl/:tid", jwtAuth(), user(), bgrw(), taskTplPut)
pages.GET("/busi-group/:id/task-tpls", jwtAuth(), user(), perm("/job-tpls"), bgro(), taskTplGets)
pages.POST("/busi-group/:id/task-tpls", jwtAuth(), user(), perm("/job-tpls/add"), bgrw(), taskTplAdd)
pages.DELETE("/busi-group/:id/task-tpl/:tid", jwtAuth(), user(), perm("/job-tpls/del"), bgrw(), taskTplDel)
pages.POST("/busi-group/:id/task-tpls/tags", jwtAuth(), user(), perm("/job-tpls/put"), bgrw(), taskTplBindTags)
pages.DELETE("/busi-group/:id/task-tpls/tags", jwtAuth(), user(), perm("/job-tpls/put"), bgrw(), taskTplUnbindTags)
pages.GET("/busi-group/:id/task-tpl/:tid", jwtAuth(), user(), perm("/job-tpls"), bgro(), taskTplGet)
pages.PUT("/busi-group/:id/task-tpl/:tid", jwtAuth(), user(), perm("/job-tpls/put"), bgrw(), taskTplPut)
pages.GET("/busi-group/:id/tasks", jwtAuth(), user(), bgro(), taskGets)
pages.POST("/busi-group/:id/tasks", jwtAuth(), user(), bgrw(), taskAdd)
pages.GET("/busi-group/:id/task/*url", jwtAuth(), user(), bgro(), taskProxy)
pages.PUT("/busi-group/:id/task/*url", jwtAuth(), user(), bgrw(), taskProxy)
pages.GET("/busi-group/:id/tasks", jwtAuth(), user(), perm("/job-tasks"), bgro(), taskGets)
pages.POST("/busi-group/:id/tasks", jwtAuth(), user(), perm("/job-tasks/add"), bgrw(), taskAdd)
pages.GET("/busi-group/:id/task/*url", jwtAuth(), user(), perm("/job-tasks"), bgro(), taskProxy)
pages.PUT("/busi-group/:id/task/*url", jwtAuth(), user(), perm("/job-tasks/put"), bgrw(), taskProxy)
}
service := r.Group("/v1/n9e", gin.BasicAuth(config.C.BasicAuth))