补充统一的权限方案
This commit is contained in:
parent
8c58769937
commit
0d7cdec6ea
@ -1,14 +1,18 @@
|
||||
package policy
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"time"
|
||||
|
||||
"122.51.31.227/go-course/go18/devcloud/mcenter/apps/namespace"
|
||||
"122.51.31.227/go-course/go18/devcloud/mcenter/apps/role"
|
||||
"122.51.31.227/go-course/go18/devcloud/mcenter/apps/user"
|
||||
"github.com/infraboard/mcube/v2/ioc/config/datasource"
|
||||
"github.com/infraboard/mcube/v2/ioc/config/validator"
|
||||
"github.com/infraboard/mcube/v2/tools/pretty"
|
||||
"github.com/infraboard/modules/iam/apps"
|
||||
"gorm.io/gorm"
|
||||
)
|
||||
|
||||
func NewPolicy() *Policy {
|
||||
@ -41,7 +45,7 @@ func (p *Policy) String() string {
|
||||
func NewCreatePolicyRequest() *CreatePolicyRequest {
|
||||
return &CreatePolicyRequest{
|
||||
ResourceScope: ResourceScope{
|
||||
Scope: map[string]string{},
|
||||
Scope: map[string][]string{},
|
||||
},
|
||||
RoleId: []uint64{},
|
||||
Extras: map[string]string{},
|
||||
@ -70,11 +74,41 @@ type CreatePolicyRequest struct {
|
||||
Extras map[string]string `json:"extras" bson:"extras" gorm:"column:extras;serializer:json;type:json" description:"扩展信息" optional:"true"`
|
||||
}
|
||||
|
||||
// 资源需要组合ResourceLabel使用
|
||||
type ResourceScope struct {
|
||||
// 空间
|
||||
NamespaceId *uint64 `json:"namespace_id" bson:"namespace_id" gorm:"column:namespace_id;type:varchar(200);index" description:"策略生效的空间Id" optional:"true"`
|
||||
// 访问范围, 需要提前定义scope, 比如环境, 后端开发小组,开发资源
|
||||
Scope map[string]string `json:"scope" bson:"scope" gorm:"column:scope;serializer:json;type:json" description:"数据访问的范围" optional:"true"`
|
||||
Scope map[string][]string `json:"scope" bson:"scope" gorm:"column:scope;serializer:json;type:json" description:"数据访问的范围" optional:"true"`
|
||||
}
|
||||
|
||||
// 辅助函数:将字符串切片转换为 JSON 数组字符串
|
||||
func toJsonArray(arr []string) string {
|
||||
b, _ := json.Marshal(arr)
|
||||
return string(b)
|
||||
}
|
||||
|
||||
func (r ResourceScope) GormResourceFilter(query *gorm.DB) {
|
||||
if r.NamespaceId != nil {
|
||||
query = query.Where("namespace = ?", r.NamespaceId)
|
||||
}
|
||||
|
||||
switch datasource.Get().Provider {
|
||||
case datasource.PROVIDER_POSTGRES:
|
||||
for key, values := range r.Scope {
|
||||
for k, v := range r.Scope {
|
||||
// 创建一个临时 JSON 对象 {"key": ["value1", "value2"]}
|
||||
jsonCondition := fmt.Sprintf(`{"%s": %s}`, k, toJsonArray(v))
|
||||
query = query.Where("label @> ?", jsonCondition)
|
||||
}
|
||||
query = query.Where("label -->>? IN ?", key, values)
|
||||
}
|
||||
case datasource.PROVIDER_MYSQL:
|
||||
// 过滤条件, Label
|
||||
for key, values := range r.Scope {
|
||||
query = query.Where("label->>? IN (?)", "$."+key, values)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func (r *CreatePolicyRequest) Validate() error {
|
||||
@ -85,3 +119,10 @@ func (r *CreatePolicyRequest) SetNamespaceId(namespaceId uint64) *CreatePolicyRe
|
||||
r.NamespaceId = &namespaceId
|
||||
return r
|
||||
}
|
||||
|
||||
type ResourceLabel struct {
|
||||
// 空间
|
||||
NamespaceId *uint64 `json:"namespace_id" bson:"namespace_id" gorm:"column:namespace_id;type:varchar(200);index" description:"策略生效的空间Id" optional:"true"`
|
||||
// 访问范围, 需要提前定义scope, 比如环境, 后端开发小组,开发资源
|
||||
Label map[string]string `json:"label" bson:"label" gorm:"column:label;serializer:json;type:json" description:"数据访问的范围" optional:"true"`
|
||||
}
|
||||
|
||||
@ -38,6 +38,8 @@ func (i *ApplicationServiceImpl) QueryApplication(ctx context.Context, in *appli
|
||||
query = query.Where("ready = ?", *in.Ready)
|
||||
}
|
||||
|
||||
in.GormResourceFilter(query)
|
||||
|
||||
err := query.Count(&set.Total).Error
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
||||
@ -31,12 +31,12 @@ type Service interface {
|
||||
}
|
||||
|
||||
type QueryApplicationRequest struct {
|
||||
*request.PageRequest
|
||||
policy.ResourceScope
|
||||
QueryApplicationRequestSpec
|
||||
}
|
||||
|
||||
type QueryApplicationRequestSpec struct {
|
||||
*request.PageRequest
|
||||
// 应用ID
|
||||
Id string `json:"id" bson:"_id"`
|
||||
// 应用名称
|
||||
|
||||
@ -4,6 +4,7 @@ import (
|
||||
"bytes"
|
||||
"time"
|
||||
|
||||
"122.51.31.227/go-course/go18/devcloud/mcenter/apps/policy"
|
||||
"github.com/google/uuid"
|
||||
"github.com/infraboard/mcube/v2/ioc/config/validator"
|
||||
"github.com/infraboard/mcube/v2/tools/pretty"
|
||||
@ -71,7 +72,6 @@ func (a *Application) BuildId() {
|
||||
func NewCreateApplicationRequest() *CreateApplicationRequest {
|
||||
return &CreateApplicationRequest{
|
||||
CreateApplicationSpec: CreateApplicationSpec{
|
||||
Labels: map[string]string{},
|
||||
Extras: map[string]string{},
|
||||
ImageRepository: []ImageRepository{},
|
||||
},
|
||||
@ -83,8 +83,8 @@ type CreateApplicationRequest struct {
|
||||
CreateBy string `json:"create_by" bson:"create_by" gorm:"column:create_by" description:"创建人"`
|
||||
// 创建时间
|
||||
CreateAt time.Time `json:"create_at" bson:"create_at" gorm:"column:create_at" description:"创建时间"`
|
||||
// 应用所属空间名称
|
||||
Namespace string `json:"namespace" bson:"namespace" description:"应用所属空间名称" gorm:"column:namespace"`
|
||||
// 资源范围, Namespace是继承的, Scope是API添加的
|
||||
policy.ResourceLabel
|
||||
// 应用创建参数
|
||||
CreateApplicationSpec
|
||||
}
|
||||
@ -122,8 +122,6 @@ type CreateApplicationSpec struct {
|
||||
Level *uint32 `json:"level" bson:"level" gorm:"column:level" description:"应用等级, 评估这个应用的重要程度"`
|
||||
// 应用优先级, 应用启动的先后顺序
|
||||
Priority *uint32 `json:"priority" bson:"priority" gorm:"column:priority" description:"应用优先级, 应用启动的先后顺序"`
|
||||
// 应用标签
|
||||
Labels map[string]string `json:"labels" bson:"labels" gorm:"column:labels;serializer:json" description:"应用标签"`
|
||||
// 额外的其他属性
|
||||
Extras map[string]string `json:"extras" form:"extras" bson:"extras" gorm:"column:extras;serializer:json;"`
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user