set role/permission

574d7e0c · shajiaiming · 69f02353 · 574d7e0c · 574d7e0c · 574d7e0c
Commit 574d7e0c authored Apr 29, 2021 by shajiaiming
5 changed files
--- a/pkg/errno/errno.go
+++ b/pkg/errno/errno.go
@@ -69,7 +69,7 @@ var (
 	ErrSn         = &Errno{Code: 20004, Message: "Sn error."}
 	ErrAk         = &Errno{Code: 20005, Message: "Ak error."}

-	PermissionDenied = &Errno{Code:403, Message:"Permission Denied"}
+	PermissionDenied = &Errno{Code: 403, Message: "Permission Denied"}

 	// coin errors
 	ErrCoinNotFound = &Errno{Code: 20101, Message: "The coin was not found."}
@@ -208,9 +208,11 @@ var (
 	ErrDeleteClientApp   = &Errno{Code: 20105, Message: "The client app delete error."}

 	// role errors
-	ErrRoleNotFound = &Errno{Code: 20101, Message: "The role was not found."}
-	ErrCountRole    = &Errno{Code: 20102, Message: "The roles statistic error."}
-	ErrAddRole      = &Errno{Code: 20103, Message: "The role add error."}
-	ErrUpdateRole   = &Errno{Code: 20104, Message: "The role update error."}
-	ErrDeleteRole   = &Errno{Code: 20105, Message: "The role delete error."}
+	ErrRoleNotFound  = &Errno{Code: 20101, Message: "The role was not found."}
+	ErrCountRole     = &Errno{Code: 20102, Message: "The roles statistic error."}
+	ErrAddRole       = &Errno{Code: 20103, Message: "The role add error."}
+	ErrUpdateRole    = &Errno{Code: 20104, Message: "The role update error."}
+	ErrDeleteRole    = &Errno{Code: 20105, Message: "The role delete error."}
+	ErrSetRole       = &Errno{Code: 20106, Message: "The role set error."}
+	ErrSetPremission = &Errno{Code: 20107, Message: "The role set premission."}
 )
--- a/routers/api/backend/admin_role.go
+++ b/routers/api/backend/admin_role.go
@@ -3,6 +3,7 @@ package backend
 import (
 	"bwallet/pkg/errno"
 	"bwallet/pkg/handler"
+	"bwallet/pkg/util"
 	"bwallet/service/casbin_service"
 	"bwallet/validate_service"
 	"github.com/gin-gonic/gin"
@@ -44,3 +45,68 @@ func EditAdminRole(c *gin.Context) {
 func DeleteAdminRole(c *gin.Context) {

 }
+
+func SetRole(c *gin.Context) {
+	token := c.Request.Header.Get("Token")
+	user, _ := util.ParseToken(token)
+	group := user.UserInfo.Group
+
+	if ("administrator" != group || "admin" != group) {
+		handler.SendResponse(c, errno.ErrUserAuthIncorrect, nil)
+		return
+	}
+
+	role := validate_service.SetRole{}
+	c.ShouldBindJSON(&role)
+	if ok, errors := validate_service.ValidateInputs(role); !ok {
+		for _, err := range errors {
+			handler.SendResponse(c, errno.ErrBind, strings.Join(err, " "))
+			return
+		}
+	}
+
+	casbin_service := casbin_service.CasbinRole{
+		Ptype: role.Type,
+		V0:    role.Value,
+		V1:    role.AllowRole,
+	}
+	if err := casbin_service.AddPolicy(); err != nil {
+		handler.SendResponse(c, errno.ErrAddCoin, nil)
+		return
+	}
+
+	handler.SendResponse(c, nil, nil)
+}
+
+func SetPermission(c *gin.Context) {
+	token := c.Request.Header.Get("Token")
+	user, _ := util.ParseToken(token)
+	group := user.UserInfo.Group
+
+	if ("administrator" != group || "admin" != group) {
+		handler.SendResponse(c, errno.ErrUserAuthIncorrect, nil)
+		return
+	}
+
+	permission := validate_service.SetPermission{}
+	c.ShouldBindJSON(&permission)
+	if ok, errors := validate_service.ValidateInputs(permission); !ok {
+		for _, err := range errors {
+			handler.SendResponse(c, errno.ErrBind, strings.Join(err, " "))
+			return
+		}
+	}
+
+	casbin_service := casbin_service.CasbinRole{
+		Ptype: permission.Type,
+		V0:    permission.Value,
+		//V1:    permission.Permission,
+	}
+
+	if err := casbin_service.AddGroupingPolicy(); err != nil {
+		handler.SendResponse(c, errno.ErrAddCoin, nil)
+		return
+	}
+
+	handler.SendResponse(c, nil, nil)
+}
--- a/routers/router.go
+++ b/routers/router.go
@@ -154,6 +154,8 @@ func InitRouter() *gin.Engine {
 		api.GET("/user-roles", backend.GetAdminRoles)
 		api.POST("/user-role", backend.AddAdminRole)
 		api.DELETE("/user-role", backend.DeleteAdminRole)
+		api.POST("/set-role", backend.SetRole)
+		api.POST("/set-permission", backend.SetPermission)

 		api.GET("/api-modules", backend.GetApiModules)
 	}

--- a/service/casbin_service/casbin_rule.go
+++ b/service/casbin_service/casbin_rule.go
@@ -24,12 +24,11 @@ func (r *CasbinRole) GetAllRolesRelation() ([]*models.Role, error) {
 	return roles, nil
 }

-func (r *CasbinRole) AddRoleRelation() error {
+func (r *CasbinRole) AddPolicy() error {
 	role := map[string]interface{}{
 		"ptype": r.Ptype,
 		"v0":    r.V0,
 		"v1":    r.V1,
-		"v2":    r.V2,
 	}

 	if err := models.AddPolicy(role); err != nil {
@@ -39,6 +38,21 @@ func (r *CasbinRole) AddRoleRelation() error {
 	return nil
 }

+func (r *CasbinRole) AddGroupingPolicy() error {
+	permission := map[string]interface{}{
+		"ptype": r.Ptype,
+		"v0":    r.V0,
+		"v1":    r.V1,
+		"v2":    r.V2,
+	}
+
+	if err := models.AddGroupingPolicy(permission); err != nil {
+		return err
+	}
+
+	return nil
+}
+
 func (r *CasbinRole) getMaps() (map[string]interface{}) {
 	maps := make(map[string]interface{})


--- a/validate_service/admin_role.go
+++ b/validate_service/admin_role.go
@@ -4,3 +4,18 @@ type AdminRole struct {
 	Uid    uint8 `json:"uid" validate:"required"`
 	RoleId uint8 `json:"role_id" validate:"required"`
 }
+
+type SetRole struct {
+	Type      string `json:"type" validate:"required"`
+	Value     string `json:"value" validate:"required"`
+	AllowRole string `json:"allow_role" validate:"required"`
+}
+
+type SetPermission struct {
+	Type       string `json:"type" validate:"required"`
+	Value      string `json:"value" validate:"required"`
+	Permission struct {
+		Path   string `json:"path" validate:"required"`
+		Method string `json:"method" validate:"required"`
+	} `json:"permission" validate:"required"`
+}