feature: add get self permissions by nodeID (#643)
This commit is contained in:
yubo
GitHub
parent
50f4cc10c4
commit
72573e32cb
|
|
@ -34,6 +34,13 @@ func NodeRoleDel(nodeId, roleId int64, username string) error {
|
|||
return err
|
||||
}
|
||||
|
||||
// RoleIdsBindingUsername
|
||||
func RoleIdsBindingUsername(username string, nids []int64) ([]int64, error) {
|
||||
var ids []int64
|
||||
err := DB["rdb"].Table("node_role").Where("username=?", username).In("node_id", nids).Select("role_id").Find(&ids)
|
||||
return ids, err
|
||||
}
|
||||
|
||||
// NodeIdsBindingUsername 某人在哪些节点配置过权限
|
||||
func NodeIdsBindingUsername(username string) ([]int64, error) {
|
||||
var ids []int64
|
||||
|
|
|
|||
|
|
@ -703,3 +703,32 @@ func UsersGet(where string, args ...interface{}) ([]User, error) {
|
|||
|
||||
return objs, nil
|
||||
}
|
||||
|
||||
func (u *User) PermByNode(node *Node) ([]string, error) {
|
||||
// 我是超管,自然有权限
|
||||
if u.IsRoot == 1 {
|
||||
return config.LocalOpsList, nil
|
||||
}
|
||||
|
||||
// 我是path上游的某个admin,自然有权限
|
||||
nodeIds, err := NodeIdsByPaths(Paths(node.Path))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
if len(nodeIds) == 0 {
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
if yes, err := NodesAdminExists(nodeIds, u.Id); err != nil {
|
||||
return nil, err
|
||||
} else if yes {
|
||||
return config.LocalOpsList, nil
|
||||
}
|
||||
|
||||
if roleIds, err := RoleIdsBindingUsername(u.Username, nodeIds); err != nil {
|
||||
return nil, err
|
||||
} else {
|
||||
return OperationsOfRoles(roleIds)
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -18,8 +18,9 @@ type opsStruct []struct {
|
|||
}
|
||||
|
||||
var (
|
||||
GlobalOps opsStruct
|
||||
LocalOps opsStruct
|
||||
GlobalOps opsStruct
|
||||
LocalOps opsStruct
|
||||
LocalOpsList []string
|
||||
)
|
||||
|
||||
func parseOps() error {
|
||||
|
|
@ -57,5 +58,18 @@ func parseOps() error {
|
|||
|
||||
LocalOps = lc
|
||||
|
||||
m := map[string]struct{}{}
|
||||
for _, v := range lc {
|
||||
for _, v2 := range v.Groups {
|
||||
for _, v3 := range v2.Ops {
|
||||
m[v3.En] = struct{}{}
|
||||
}
|
||||
}
|
||||
}
|
||||
LocalOpsList = []string{}
|
||||
for k, _ := range m {
|
||||
LocalOpsList = append(LocalOpsList, k)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
|
|
|||
|
|
@ -108,6 +108,7 @@ func Config(r *gin.Engine) {
|
|||
userLogin.POST("/self/token", selfTokenPost)
|
||||
userLogin.PUT("/self/token", selfTokenPut)
|
||||
userLogin.GET("/self/perms/global", permGlobalOps)
|
||||
userLogin.GET("/self/perms/local/node/:id", permLocalOps)
|
||||
|
||||
notLogin.PUT("/self/password", selfPasswordPut)
|
||||
|
||||
|
|
|
|||
|
|
@ -119,6 +119,14 @@ func permGlobalOps(c *gin.Context) {
|
|||
renderData(c, operations, err)
|
||||
}
|
||||
|
||||
func permLocalOps(c *gin.Context) {
|
||||
user := loginUser(c)
|
||||
node := Node(urlParamInt64(c, "id"))
|
||||
|
||||
operations, err := user.PermByNode(node)
|
||||
renderData(c, operations, err)
|
||||
}
|
||||
|
||||
func v1PermGlobalOps(c *gin.Context) {
|
||||
user, err := models.UserGet("username=?", queryStr(c, "username"))
|
||||
dangerous(err)
|
||||
|
|
|
|||
Loading…
Reference in New Issue