From 964d50b4e7374f555b3cec5e4dbe3a465365a384 Mon Sep 17 00:00:00 2001 From: Ulric Qin Date: Fri, 10 Dec 2021 09:44:06 +0800 Subject: [PATCH] add perm function in routers --- docker/initsql/a-n9e.sql | 52 +++++++++++++----- src/webapi/router/router.go | 106 ++++++++++++++++++------------------ 2 files changed, 92 insertions(+), 66 deletions(-) diff --git a/docker/initsql/a-n9e.sql b/docker/initsql/a-n9e.sql index 44285c57..c0cc8020 100644 --- a/docker/initsql/a-n9e.sql +++ b/docker/initsql/a-n9e.sql @@ -78,25 +78,51 @@ CREATE TABLE `role_operation`( -- Admin is special, who has no concrete operation but can do anything. insert into `role_operation`(role_name, operation) values('Guest', '/metric/explorer'); insert into `role_operation`(role_name, operation) values('Guest', '/object/explorer'); -insert into `role_operation`(role_name, operation) values('Guest', '/dashboards'); insert into `role_operation`(role_name, operation) values('Guest', '/help/version'); insert into `role_operation`(role_name, operation) values('Guest', '/help/contact'); insert into `role_operation`(role_name, operation) values('Standard', '/metric/explorer'); insert into `role_operation`(role_name, operation) values('Standard', '/object/explorer'); -insert into `role_operation`(role_name, operation) values('Standard', '/dashboards'); -insert into `role_operation`(role_name, operation) values('Standard', '/users'); -insert into `role_operation`(role_name, operation) values('Standard', '/user-groups'); -insert into `role_operation`(role_name, operation) values('Standard', '/busi-groups'); -insert into `role_operation`(role_name, operation) values('Standard', '/targets'); -insert into `role_operation`(role_name, operation) values('Standard', '/alert-rules'); -insert into `role_operation`(role_name, operation) values('Standard', '/alert-mutes'); -insert into `role_operation`(role_name, operation) values('Standard', '/alert-subscribes'); -insert into `role_operation`(role_name, operation) values('Standard', '/alert-cur-events'); -insert into `role_operation`(role_name, operation) values('Standard', '/alert-his-events'); -insert into `role_operation`(role_name, operation) values('Standard', '/job-tpls'); -insert into `role_operation`(role_name, operation) values('Standard', '/job-tasks'); insert into `role_operation`(role_name, operation) values('Standard', '/help/version'); insert into `role_operation`(role_name, operation) values('Standard', '/help/contact'); +insert into `role_operation`(role_name, operation) values('Standard', '/users'); +insert into `role_operation`(role_name, operation) values('Standard', '/user-groups'); +insert into `role_operation`(role_name, operation) values('Standard', '/user-groups/add'); +insert into `role_operation`(role_name, operation) values('Standard', '/user-groups/put'); +insert into `role_operation`(role_name, operation) values('Standard', '/user-groups/del'); +insert into `role_operation`(role_name, operation) values('Standard', '/busi-groups'); +insert into `role_operation`(role_name, operation) values('Standard', '/busi-groups/add'); +insert into `role_operation`(role_name, operation) values('Standard', '/busi-groups/put'); +insert into `role_operation`(role_name, operation) values('Standard', '/busi-groups/del'); +insert into `role_operation`(role_name, operation) values('Standard', '/targets'); +insert into `role_operation`(role_name, operation) values('Standard', '/targets/add'); +insert into `role_operation`(role_name, operation) values('Standard', '/targets/put'); +insert into `role_operation`(role_name, operation) values('Standard', '/targets/del'); +insert into `role_operation`(role_name, operation) values('Standard', '/dashboards'); +insert into `role_operation`(role_name, operation) values('Standard', '/dashboards/add'); +insert into `role_operation`(role_name, operation) values('Standard', '/dashboards/put'); +insert into `role_operation`(role_name, operation) values('Standard', '/dashboards/del'); +insert into `role_operation`(role_name, operation) values('Standard', '/alert-rules'); +insert into `role_operation`(role_name, operation) values('Standard', '/alert-rules/add'); +insert into `role_operation`(role_name, operation) values('Standard', '/alert-rules/put'); +insert into `role_operation`(role_name, operation) values('Standard', '/alert-rules/del'); +insert into `role_operation`(role_name, operation) values('Standard', '/alert-mutes'); +insert into `role_operation`(role_name, operation) values('Standard', '/alert-mutes/add'); +insert into `role_operation`(role_name, operation) values('Standard', '/alert-mutes/del'); +insert into `role_operation`(role_name, operation) values('Standard', '/alert-subscribes'); +insert into `role_operation`(role_name, operation) values('Standard', '/alert-subscribes/add'); +insert into `role_operation`(role_name, operation) values('Standard', '/alert-subscribes/put'); +insert into `role_operation`(role_name, operation) values('Standard', '/alert-subscribes/del'); +insert into `role_operation`(role_name, operation) values('Standard', '/alert-cur-events'); +insert into `role_operation`(role_name, operation) values('Standard', '/alert-cur-events/del'); +insert into `role_operation`(role_name, operation) values('Standard', '/alert-his-events'); +insert into `role_operation`(role_name, operation) values('Standard', '/job-tpls'); +insert into `role_operation`(role_name, operation) values('Standard', '/job-tpls/add'); +insert into `role_operation`(role_name, operation) values('Standard', '/job-tpls/put'); +insert into `role_operation`(role_name, operation) values('Standard', '/job-tpls/del'); +insert into `role_operation`(role_name, operation) values('Standard', '/job-tasks'); +insert into `role_operation`(role_name, operation) values('Standard', '/job-tasks/add'); +insert into `role_operation`(role_name, operation) values('Standard', '/job-tasks/put'); + -- for alert_rule | collect_rule | mute | dashboard grouping CREATE TABLE `busi_group` ( diff --git a/src/webapi/router/router.go b/src/webapi/router/router.go index 32179358..b593fd34 100644 --- a/src/webapi/router/router.go +++ b/src/webapi/router/router.go @@ -127,7 +127,7 @@ func configRoute(r *gin.Engine, version string) { pages.PUT("/self/profile", jwtAuth(), user(), selfProfilePut) pages.PUT("/self/password", jwtAuth(), user(), selfPasswordPut) - pages.GET("/users", jwtAuth(), user(), userGets) + pages.GET("/users", jwtAuth(), user(), perm("/users"), userGets) pages.POST("/users", jwtAuth(), admin(), userAddPost) pages.GET("/user/:id/profile", jwtAuth(), userProfileGet) pages.PUT("/user/:id/profile", jwtAuth(), admin(), userProfilePut) @@ -135,39 +135,39 @@ func configRoute(r *gin.Engine, version string) { pages.DELETE("/user/:id", jwtAuth(), admin(), userDel) pages.GET("/user-groups", jwtAuth(), user(), userGroupGets) - pages.POST("/user-groups", jwtAuth(), user(), perm("/user-groups"), userGroupAdd) + pages.POST("/user-groups", jwtAuth(), user(), perm("/user-groups/add"), userGroupAdd) pages.GET("/user-group/:id", jwtAuth(), user(), userGroupGet) - pages.PUT("/user-group/:id", jwtAuth(), user(), userGroupWrite(), userGroupPut) - pages.DELETE("/user-group/:id", jwtAuth(), user(), userGroupWrite(), userGroupDel) - pages.POST("/user-group/:id/members", jwtAuth(), user(), userGroupWrite(), userGroupMemberAdd) - pages.DELETE("/user-group/:id/members", jwtAuth(), user(), userGroupWrite(), userGroupMemberDel) - pages.GET("/user-group/:id/perm/:perm", jwtAuth(), user(), checkBusiGroupPerm) + pages.PUT("/user-group/:id", jwtAuth(), user(), perm("/user-groups/put"), userGroupWrite(), userGroupPut) + pages.DELETE("/user-group/:id", jwtAuth(), user(), perm("/user-groups/del"), userGroupWrite(), userGroupDel) + pages.POST("/user-group/:id/members", jwtAuth(), user(), perm("/user-groups/put"), userGroupWrite(), userGroupMemberAdd) + pages.DELETE("/user-group/:id/members", jwtAuth(), user(), perm("/user-groups/put"), userGroupWrite(), userGroupMemberDel) pages.GET("/busi-groups", jwtAuth(), user(), busiGroupGets) - pages.POST("/busi-groups", jwtAuth(), user(), perm("/busi-groups"), busiGroupAdd) + pages.POST("/busi-groups", jwtAuth(), user(), perm("/busi-groups/add"), busiGroupAdd) pages.GET("/busi-groups/alertings", jwtAuth(), busiGroupAlertingsGets) pages.GET("/busi-group/:id", jwtAuth(), user(), bgro(), busiGroupGet) - pages.PUT("/busi-group/:id", jwtAuth(), user(), bgrw(), busiGroupPut) - pages.POST("/busi-group/:id/members", jwtAuth(), user(), bgrw(), busiGroupMemberAdd) - pages.DELETE("/busi-group/:id/members", jwtAuth(), user(), bgrw(), busiGroupMemberDel) - pages.DELETE("/busi-group/:id", jwtAuth(), user(), bgrw(), busiGroupDel) + pages.PUT("/busi-group/:id", jwtAuth(), user(), perm("/busi-groups/put"), bgrw(), busiGroupPut) + pages.POST("/busi-group/:id/members", jwtAuth(), user(), perm("/busi-groups/put"), bgrw(), busiGroupMemberAdd) + pages.DELETE("/busi-group/:id/members", jwtAuth(), user(), perm("/busi-groups/put"), bgrw(), busiGroupMemberDel) + pages.DELETE("/busi-group/:id", jwtAuth(), user(), perm("/busi-groups/del"), bgrw(), busiGroupDel) + pages.GET("/busi-group/:id/perm/:perm", jwtAuth(), user(), checkBusiGroupPerm) - pages.GET("/targets", jwtAuth(), user(), targetGets) - pages.DELETE("/targets", jwtAuth(), user(), targetDel) - pages.GET("/targets/tags", jwtAuth(), user(), targetGetTags) - pages.POST("/targets/tags", jwtAuth(), user(), targetBindTags) - pages.DELETE("/targets/tags", jwtAuth(), user(), targetUnbindTags) - pages.PUT("/targets/note", jwtAuth(), user(), targetUpdateNote) - pages.PUT("/targets/bgid", jwtAuth(), user(), targetUpdateBgid) + pages.GET("/targets", jwtAuth(), user(), perm("/targets"), targetGets) + pages.DELETE("/targets", jwtAuth(), user(), perm("/targets/del"), targetDel) + pages.GET("/targets/tags", jwtAuth(), user(), perm("/targets"), targetGetTags) + pages.POST("/targets/tags", jwtAuth(), user(), perm("/targets/put"), targetBindTags) + pages.DELETE("/targets/tags", jwtAuth(), user(), perm("/targets/put"), targetUnbindTags) + pages.PUT("/targets/note", jwtAuth(), user(), perm("/targets/put"), targetUpdateNote) + pages.PUT("/targets/bgid", jwtAuth(), user(), perm("/targets/put"), targetUpdateBgid) - pages.GET("/busi-group/:id/dashboards", jwtAuth(), user(), bgro(), dashboardGets) - pages.POST("/busi-group/:id/dashboards", jwtAuth(), user(), bgrw(), dashboardAdd) - pages.POST("/busi-group/:id/dashboards/export", jwtAuth(), user(), bgro(), dashboardExport) - pages.POST("/busi-group/:id/dashboards/import", jwtAuth(), user(), bgrw(), dashboardImport) - pages.POST("/busi-group/:id/dashboard/:did/clone", jwtAuth(), user(), bgrw(), dashboardClone) - pages.GET("/busi-group/:id/dashboard/:did", jwtAuth(), user(), bgro(), dashboardGet) - pages.PUT("/busi-group/:id/dashboard/:did", jwtAuth(), user(), bgrw(), dashboardPut) - pages.DELETE("/busi-group/:id/dashboard/:did", jwtAuth(), user(), bgrw(), dashboardDel) + pages.GET("/busi-group/:id/dashboards", jwtAuth(), user(), perm("/dashboards"), bgro(), dashboardGets) + pages.POST("/busi-group/:id/dashboards", jwtAuth(), user(), perm("/dashboards/add"), bgrw(), dashboardAdd) + pages.POST("/busi-group/:id/dashboards/export", jwtAuth(), user(), perm("/dashboards"), bgro(), dashboardExport) + pages.POST("/busi-group/:id/dashboards/import", jwtAuth(), user(), perm("/dashboards/add"), bgrw(), dashboardImport) + pages.POST("/busi-group/:id/dashboard/:did/clone", jwtAuth(), user(), perm("/dashboards/add"), bgrw(), dashboardClone) + pages.GET("/busi-group/:id/dashboard/:did", jwtAuth(), user(), perm("/dashboards"), bgro(), dashboardGet) + pages.PUT("/busi-group/:id/dashboard/:did", jwtAuth(), user(), perm("/dashboards/put"), bgrw(), dashboardPut) + pages.DELETE("/busi-group/:id/dashboard/:did", jwtAuth(), user(), perm("/dashboards/del"), bgrw(), dashboardDel) pages.GET("/busi-group/:id/chart-groups", jwtAuth(), user(), bgro(), chartGroupGets) pages.POST("/busi-group/:id/chart-groups", jwtAuth(), user(), bgrw(), chartGroupAdd) @@ -182,22 +182,22 @@ func configRoute(r *gin.Engine, version string) { pages.GET("/share-charts", chartShareGets) pages.POST("/share-charts", jwtAuth(), chartShareAdd) - pages.GET("/busi-group/:id/alert-rules", jwtAuth(), user(), alertRuleGets) - pages.POST("/busi-group/:id/alert-rules", jwtAuth(), user(), bgrw(), alertRuleAdd) - pages.DELETE("/busi-group/:id/alert-rules", jwtAuth(), user(), bgrw(), alertRuleDel) - pages.PUT("/busi-group/:id/alert-rules/fields", jwtAuth(), user(), bgrw(), alertRulePutFields) - pages.PUT("/busi-group/:id/alert-rule/:arid", jwtAuth(), user(), bgrw(), alertRulePut) - pages.GET("/alert-rule/:arid", jwtAuth(), user(), alertRuleGet) + pages.GET("/busi-group/:id/alert-rules", jwtAuth(), user(), perm("/alert-rules"), alertRuleGets) + pages.POST("/busi-group/:id/alert-rules", jwtAuth(), user(), perm("/alert-rules/add"), bgrw(), alertRuleAdd) + pages.DELETE("/busi-group/:id/alert-rules", jwtAuth(), user(), perm("/alert-rules/del"), bgrw(), alertRuleDel) + pages.PUT("/busi-group/:id/alert-rules/fields", jwtAuth(), user(), perm("/alert-rules/put"), bgrw(), alertRulePutFields) + pages.PUT("/busi-group/:id/alert-rule/:arid", jwtAuth(), user(), perm("/alert-rules/put"), bgrw(), alertRulePut) + pages.GET("/alert-rule/:arid", jwtAuth(), user(), perm("/alert-rules"), alertRuleGet) - pages.GET("/busi-group/:id/alert-mutes", jwtAuth(), user(), bgro(), alertMuteGets) - pages.POST("/busi-group/:id/alert-mutes", jwtAuth(), user(), bgrw(), alertMuteAdd) - pages.DELETE("/busi-group/:id/alert-mutes", jwtAuth(), user(), bgrw(), alertMuteDel) + pages.GET("/busi-group/:id/alert-mutes", jwtAuth(), user(), perm("/alert-mutes"), bgro(), alertMuteGets) + pages.POST("/busi-group/:id/alert-mutes", jwtAuth(), user(), perm("/alert-mutes/add"), bgrw(), alertMuteAdd) + pages.DELETE("/busi-group/:id/alert-mutes", jwtAuth(), user(), perm("/alert-mutes/del"), bgrw(), alertMuteDel) - pages.GET("/busi-group/:id/alert-subscribes", jwtAuth(), user(), bgro(), alertSubscribeGets) - pages.GET("/alert-subscribe/:sid", jwtAuth(), user(), alertSubscribeGet) - pages.POST("/busi-group/:id/alert-subscribes", jwtAuth(), user(), bgrw(), alertSubscribeAdd) - pages.PUT("/busi-group/:id/alert-subscribes", jwtAuth(), user(), bgrw(), alertSubscribePut) - pages.DELETE("/busi-group/:id/alert-subscribes", jwtAuth(), user(), bgrw(), alertSubscribeDel) + pages.GET("/busi-group/:id/alert-subscribes", jwtAuth(), user(), perm("/alert-subscribes"), bgro(), alertSubscribeGets) + pages.GET("/alert-subscribe/:sid", jwtAuth(), user(), perm("/alert-subscribes"), alertSubscribeGet) + pages.POST("/busi-group/:id/alert-subscribes", jwtAuth(), user(), perm("/alert-subscribes/add"), bgrw(), alertSubscribeAdd) + pages.PUT("/busi-group/:id/alert-subscribes", jwtAuth(), user(), perm("/alert-subscribes/put"), bgrw(), alertSubscribePut) + pages.DELETE("/busi-group/:id/alert-subscribes", jwtAuth(), user(), perm("/alert-subscribes/del"), bgrw(), alertSubscribeDel) // pages.GET("/busi-group/:id/collect-rules", jwtAuth(), user(), bgro(), collectRuleGets) // pages.POST("/busi-group/:id/collect-rules", jwtAuth(), user(), bgrw(), collectRuleAdd) @@ -207,7 +207,7 @@ func configRoute(r *gin.Engine, version string) { pages.GET("/busi-group/:id/alert-his-events", jwtAuth(), user(), bgro(), alertHisEventGets) pages.GET("/busi-group/:id/alert-cur-events", jwtAuth(), user(), bgro(), alertCurEventGets) - pages.DELETE("/busi-group/:id/alert-cur-events", jwtAuth(), user(), bgrw(), alertCurEventDel) + pages.DELETE("/busi-group/:id/alert-cur-events", jwtAuth(), user(), perm("/alert-cur-events/del"), bgrw(), alertCurEventDel) if config.C.AnonymousAccess.AlertDetail { pages.GET("/alert-cur-event/:eid", alertCurEventGet) @@ -217,18 +217,18 @@ func configRoute(r *gin.Engine, version string) { pages.GET("/alert-his-event/:eid", jwtAuth(), alertHisEventGet) } - pages.GET("/busi-group/:id/task-tpls", jwtAuth(), user(), bgro(), taskTplGets) - pages.POST("/busi-group/:id/task-tpls", jwtAuth(), user(), bgrw(), taskTplAdd) - pages.DELETE("/busi-group/:id/task-tpl/:tid", jwtAuth(), user(), bgrw(), taskTplDel) - pages.POST("/busi-group/:id/task-tpls/tags", jwtAuth(), user(), bgrw(), taskTplBindTags) - pages.DELETE("/busi-group/:id/task-tpls/tags", jwtAuth(), user(), bgrw(), taskTplUnbindTags) - pages.GET("/busi-group/:id/task-tpl/:tid", jwtAuth(), user(), bgro(), taskTplGet) - pages.PUT("/busi-group/:id/task-tpl/:tid", jwtAuth(), user(), bgrw(), taskTplPut) + pages.GET("/busi-group/:id/task-tpls", jwtAuth(), user(), perm("/job-tpls"), bgro(), taskTplGets) + pages.POST("/busi-group/:id/task-tpls", jwtAuth(), user(), perm("/job-tpls/add"), bgrw(), taskTplAdd) + pages.DELETE("/busi-group/:id/task-tpl/:tid", jwtAuth(), user(), perm("/job-tpls/del"), bgrw(), taskTplDel) + pages.POST("/busi-group/:id/task-tpls/tags", jwtAuth(), user(), perm("/job-tpls/put"), bgrw(), taskTplBindTags) + pages.DELETE("/busi-group/:id/task-tpls/tags", jwtAuth(), user(), perm("/job-tpls/put"), bgrw(), taskTplUnbindTags) + pages.GET("/busi-group/:id/task-tpl/:tid", jwtAuth(), user(), perm("/job-tpls"), bgro(), taskTplGet) + pages.PUT("/busi-group/:id/task-tpl/:tid", jwtAuth(), user(), perm("/job-tpls/put"), bgrw(), taskTplPut) - pages.GET("/busi-group/:id/tasks", jwtAuth(), user(), bgro(), taskGets) - pages.POST("/busi-group/:id/tasks", jwtAuth(), user(), bgrw(), taskAdd) - pages.GET("/busi-group/:id/task/*url", jwtAuth(), user(), bgro(), taskProxy) - pages.PUT("/busi-group/:id/task/*url", jwtAuth(), user(), bgrw(), taskProxy) + pages.GET("/busi-group/:id/tasks", jwtAuth(), user(), perm("/job-tasks"), bgro(), taskGets) + pages.POST("/busi-group/:id/tasks", jwtAuth(), user(), perm("/job-tasks/add"), bgrw(), taskAdd) + pages.GET("/busi-group/:id/task/*url", jwtAuth(), user(), perm("/job-tasks"), bgro(), taskProxy) + pages.PUT("/busi-group/:id/task/*url", jwtAuth(), user(), perm("/job-tasks/put"), bgrw(), taskProxy) } service := r.Group("/v1/n9e", gin.BasicAuth(config.C.BasicAuth))