2018-02-24 04:26:38 +00:00
|
|
|
package security
|
2017-09-26 12:50:09 +00:00
|
|
|
|
2018-02-24 04:26:38 +00:00
|
|
|
import (
|
|
|
|
"strings"
|
|
|
|
|
|
|
|
"github.com/cuigh/auxo/net/web"
|
|
|
|
"github.com/cuigh/swirl/biz"
|
|
|
|
"github.com/cuigh/swirl/model"
|
|
|
|
)
|
|
|
|
|
|
|
|
// Checker check permission of user
|
|
|
|
func Checker(user web.User, h web.HandlerInfo) bool {
|
|
|
|
if au, ok := user.(*model.AuthUser); ok {
|
|
|
|
return au.IsAllowed(h.Name())
|
|
|
|
}
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
|
|
|
// Permiter is a middleware for validate data permission.
|
|
|
|
func Permiter(next web.HandlerFunc) web.HandlerFunc {
|
|
|
|
return func(ctx web.Context) error {
|
|
|
|
opt := ctx.Handler().Option("perm")
|
|
|
|
if opt != "" {
|
|
|
|
array := strings.Split(opt, ",")
|
|
|
|
err := biz.Perm.Check(ctx.User(), array[0], array[1], ctx.P(array[2]))
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return next(ctx)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// Perm holds permission key and description.
|
2017-09-26 12:50:09 +00:00
|
|
|
type Perm struct {
|
|
|
|
Key string
|
|
|
|
Text string
|
|
|
|
}
|
|
|
|
|
2018-02-24 04:26:38 +00:00
|
|
|
// PermGroup holds information of a perm group.
|
2017-09-26 12:50:09 +00:00
|
|
|
type PermGroup struct {
|
|
|
|
Name string
|
|
|
|
Perms []Perm
|
|
|
|
}
|
|
|
|
|
2018-02-24 04:26:38 +00:00
|
|
|
// Perms holds all valid perm groups.
|
2017-09-26 12:50:09 +00:00
|
|
|
var Perms = []PermGroup{
|
|
|
|
{
|
|
|
|
Name: "Registry",
|
|
|
|
Perms: []Perm{
|
|
|
|
{Key: "registry.list", Text: "View list"},
|
|
|
|
{Key: "registry.create", Text: "Create"},
|
|
|
|
{Key: "registry.delete", Text: "Delete"},
|
|
|
|
{Key: "registry.update", Text: "Update"},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Name: "Node",
|
|
|
|
Perms: []Perm{
|
|
|
|
{Key: "node.list", Text: "View list"},
|
|
|
|
{Key: "node.detail", Text: "View detail"},
|
|
|
|
{Key: "node.raw", Text: "View raw"},
|
|
|
|
{Key: "node.edit", Text: "View edit"},
|
|
|
|
{Key: "node.update", Text: "Update"},
|
|
|
|
{Key: "node.delete", Text: "Delete"},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Name: "Network",
|
|
|
|
Perms: []Perm{
|
|
|
|
{Key: "network.list", Text: "View list"},
|
|
|
|
{Key: "network.new", Text: "View new"},
|
|
|
|
{Key: "network.detail", Text: "View detail"},
|
|
|
|
{Key: "network.raw", Text: "View raw"},
|
|
|
|
{Key: "network.create", Text: "Create"},
|
|
|
|
{Key: "network.delete", Text: "Delete"},
|
|
|
|
{Key: "network.disconnect", Text: "Disconnect container"},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Name: "Service",
|
|
|
|
Perms: []Perm{
|
|
|
|
{Key: "service.list", Text: "View list"},
|
|
|
|
{Key: "service.new", Text: "View new"},
|
|
|
|
{Key: "service.detail", Text: "View detail"},
|
|
|
|
{Key: "service.raw", Text: "View raw"},
|
2017-09-28 12:13:22 +00:00
|
|
|
{Key: "service.logs", Text: "View logs"},
|
2018-03-09 11:00:03 +00:00
|
|
|
{Key: "service.stats", Text: "View stats"},
|
2017-09-26 12:50:09 +00:00
|
|
|
{Key: "service.edit", Text: "View edit"},
|
|
|
|
{Key: "service.create", Text: "Create"},
|
|
|
|
{Key: "service.delete", Text: "Delete"},
|
|
|
|
{Key: "service.update", Text: "Update"},
|
|
|
|
{Key: "service.scale", Text: "Scale"},
|
2017-10-26 08:16:51 +00:00
|
|
|
{Key: "service.rollback", Text: "Rollback"},
|
2018-04-13 07:18:29 +00:00
|
|
|
{Key: "service.restart", Text: "Restart"},
|
2017-09-26 12:50:09 +00:00
|
|
|
},
|
|
|
|
},
|
2017-10-09 13:02:41 +00:00
|
|
|
{
|
|
|
|
Name: "Template",
|
|
|
|
Perms: []Perm{
|
2017-10-19 06:24:38 +00:00
|
|
|
{Key: "template.list", Text: "View list"},
|
|
|
|
{Key: "template.new", Text: "View new"},
|
|
|
|
{Key: "template.edit", Text: "View edit"},
|
|
|
|
{Key: "template.create", Text: "Create"},
|
|
|
|
{Key: "template.delete", Text: "Delete"},
|
|
|
|
{Key: "template.update", Text: "Update"},
|
2017-10-09 13:02:41 +00:00
|
|
|
},
|
|
|
|
},
|
2017-09-26 12:50:09 +00:00
|
|
|
{
|
|
|
|
Name: "Stack",
|
|
|
|
Perms: []Perm{
|
2018-04-16 09:21:20 +00:00
|
|
|
{Key: "stack.list", Text: "View list"},
|
|
|
|
{Key: "stack.new", Text: "View new"},
|
|
|
|
{Key: "stack.detail", Text: "View detail"},
|
|
|
|
{Key: "stack.edit", Text: "View edit"},
|
|
|
|
{Key: "stack.create", Text: "Create"},
|
|
|
|
{Key: "stack.update", Text: "Update"},
|
|
|
|
{Key: "stack.deploy", Text: "Deploy"},
|
|
|
|
{Key: "stack.shutdown", Text: "Shutdown"},
|
|
|
|
{Key: "stack.delete", Text: "Delete"},
|
2017-09-26 12:50:09 +00:00
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Name: "Task",
|
|
|
|
Perms: []Perm{
|
2017-10-19 12:40:05 +00:00
|
|
|
{Key: "task.list", Text: "View list"},
|
2017-09-26 12:50:09 +00:00
|
|
|
{Key: "task.detail", Text: "View detail"},
|
|
|
|
{Key: "task.raw", Text: "View raw"},
|
2018-02-23 03:06:45 +00:00
|
|
|
{Key: "task.logs", Text: "View logs"},
|
2017-09-26 12:50:09 +00:00
|
|
|
},
|
|
|
|
},
|
2017-10-10 08:26:53 +00:00
|
|
|
{
|
|
|
|
Name: "Image",
|
|
|
|
Perms: []Perm{
|
|
|
|
{Key: "image.list", Text: "View list"},
|
|
|
|
{Key: "image.detail", Text: "View detail"},
|
|
|
|
{Key: "image.raw", Text: "View raw"},
|
|
|
|
{Key: "image.delete", Text: "Delete"},
|
|
|
|
},
|
|
|
|
},
|
2017-09-26 12:50:09 +00:00
|
|
|
{
|
|
|
|
Name: "Container",
|
|
|
|
Perms: []Perm{
|
|
|
|
{Key: "container.list", Text: "View list"},
|
|
|
|
{Key: "container.detail", Text: "View detail"},
|
|
|
|
{Key: "container.raw", Text: "View raw"},
|
2018-02-23 03:06:45 +00:00
|
|
|
{Key: "container.logs", Text: "View logs"},
|
2018-06-14 10:49:28 +00:00
|
|
|
{Key: "container.exec", Text: "View exec"},
|
|
|
|
{Key: "container.connect", Text: "Connect"},
|
2017-10-10 08:26:53 +00:00
|
|
|
{Key: "container.delete", Text: "Delete"},
|
2017-09-26 12:50:09 +00:00
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Name: "Volume",
|
|
|
|
Perms: []Perm{
|
|
|
|
{Key: "volume.list", Text: "View list"},
|
|
|
|
{Key: "volume.new", Text: "View new"},
|
|
|
|
{Key: "volume.detail", Text: "View detail"},
|
|
|
|
{Key: "volume.raw", Text: "View raw"},
|
|
|
|
{Key: "volume.create", Text: "Create"},
|
|
|
|
{Key: "volume.delete", Text: "Delete"},
|
|
|
|
{Key: "volume.prune", Text: "Prune"},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Name: "Secret",
|
|
|
|
Perms: []Perm{
|
|
|
|
{Key: "secret.list", Text: "View list"},
|
|
|
|
{Key: "secret.new", Text: "View new"},
|
2017-09-27 07:36:50 +00:00
|
|
|
{Key: "secret.edit", Text: "View edit"},
|
2017-09-26 12:50:09 +00:00
|
|
|
{Key: "secret.create", Text: "Create"},
|
|
|
|
{Key: "secret.delete", Text: "Delete"},
|
2017-09-27 07:36:50 +00:00
|
|
|
{Key: "secret.update", Text: "Update"},
|
2017-09-26 12:50:09 +00:00
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Name: "Config",
|
|
|
|
Perms: []Perm{
|
|
|
|
{Key: "config.list", Text: "View list"},
|
|
|
|
{Key: "config.new", Text: "View new"},
|
2017-09-27 07:36:50 +00:00
|
|
|
{Key: "config.edit", Text: "View edit"},
|
2017-09-26 12:50:09 +00:00
|
|
|
{Key: "config.create", Text: "Create"},
|
|
|
|
{Key: "config.delete", Text: "Delete"},
|
2017-09-27 07:36:50 +00:00
|
|
|
{Key: "config.update", Text: "Update"},
|
2017-09-26 12:50:09 +00:00
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Name: "Role",
|
|
|
|
Perms: []Perm{
|
|
|
|
{Key: "role.list", Text: "View list"},
|
|
|
|
{Key: "role.new", Text: "View new"},
|
|
|
|
{Key: "role.detail", Text: "View detail"},
|
|
|
|
{Key: "role.edit", Text: "View edit"},
|
|
|
|
{Key: "role.create", Text: "Create"},
|
|
|
|
{Key: "role.delete", Text: "Delete"},
|
|
|
|
{Key: "role.update", Text: "Update"},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Name: "User",
|
|
|
|
Perms: []Perm{
|
|
|
|
{Key: "user.list", Text: "View list"},
|
|
|
|
{Key: "user.new", Text: "View new"},
|
|
|
|
{Key: "user.detail", Text: "View detail"},
|
|
|
|
{Key: "user.edit", Text: "View edit"},
|
|
|
|
{Key: "user.create", Text: "Create"},
|
|
|
|
{Key: "user.delete", Text: "Delete"},
|
|
|
|
{Key: "user.update", Text: "Update"},
|
|
|
|
{Key: "user.block", Text: "Block"},
|
|
|
|
{Key: "user.unblock", Text: "Unblock"},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Name: "Setting",
|
|
|
|
Perms: []Perm{
|
|
|
|
{Key: "setting.edit", Text: "View edit"},
|
|
|
|
{Key: "setting.update", Text: "Update"},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Name: "Event",
|
|
|
|
Perms: []Perm{
|
|
|
|
{Key: "event.list", Text: "View list"},
|
|
|
|
},
|
|
|
|
},
|
2018-03-22 08:13:54 +00:00
|
|
|
{
|
|
|
|
Name: "Chart",
|
|
|
|
Perms: []Perm{
|
|
|
|
{Key: "chart.list", Text: "View list"},
|
|
|
|
{Key: "chart.new", Text: "View new"},
|
|
|
|
{Key: "chart.edit", Text: "View edit"},
|
|
|
|
{Key: "chart.create", Text: "Create"},
|
|
|
|
{Key: "chart.delete", Text: "Delete"},
|
|
|
|
{Key: "chart.update", Text: "Update"},
|
2018-03-27 08:32:30 +00:00
|
|
|
{Key: "chart.save_dashboard", Text: "Save dashboard"},
|
2018-03-22 08:13:54 +00:00
|
|
|
},
|
|
|
|
},
|
2017-09-26 12:50:09 +00:00
|
|
|
}
|