Add permission control for service resource

model/auth.go

@@ -65,6 +65,7 @@ type Session struct {
 
 type AuthUser struct {
 	user  *User
+	roles []*Role
 	perms map[string]struct{}
 }
 
@@ -74,6 +75,7 @@ func NewAuthUser(user *User, roles []*Role) *AuthUser {
 	}
 	u := &AuthUser{
 		user:  user,
+		roles: roles,
 		perms: make(map[string]struct{}),
 	}
 	for _, role := range roles {
@@ -100,6 +102,15 @@ func (u *AuthUser) Admin() bool {
 	return u.user.Admin
 }
 
+func (u *AuthUser) IsInRole(roleID string) bool {
+	for _, role := range u.roles {
+		if role.ID == roleID {
+			return true
+		}
+	}
+	return false
+}
+
 func (u *AuthUser) IsAllowed(perm string) bool {
 	if u.user.Admin {
 		return true

model/system.go

@@ -2,17 +2,26 @@ package model
 
 import "time"
 
+// LDAP security policy
 const (
 	LDAPSecurityNone     = 0
 	LDAPSecurityTLS      = 1
 	LDAPSecurityStartTLS = 2
 )
 
+// LDAP auth type
 const (
 	LDAPAuthSimple = 0
 	LDAPAuthBind   = 1
 )
 
+// Perm control scope
+const (
+	PermNone      = 0
+	PermWrite     = 1
+	PermReadWrite = 2
+)
+
 // Setting represents the options of swirl.
 type Setting struct {
 	LDAP struct {
@@ -38,3 +47,12 @@ type Setting struct {
 	UpdatedBy string    `bson:"updated_by" json:"updated_by,omitempty"`
 	UpdatedAt time.Time `bson:"updated_at" json:"updated_at,omitempty"`
 }
+
+// Perm holds permissions of Docker resource.
+type Perm struct {
+	ResType string   `json:"res_type"`
+	ResID   string   `json:"res_id"`
+	Scope   int32    `json:"scope"`
+	Roles   []string `json:"roles"`
+	Users   []string `json:"users"`
+}