mml

2023-08-18 13:57:36 +08:00
parent 3e726ddd99
commit 882baa2e0b
5 changed files with 49 additions and 34 deletions
--- a/features/dbrest/dbrest.go
+++ b/features/dbrest/dbrest.go
@@ -29,30 +29,30 @@ type XormInsertResponse struct {

 var (
 	// database management rest pattern， discard
-	XormGetDataUri    = config.DefaultUriPrefix + "/databaseManagement/{apiVersion}/elementType/{databaseName}/objectType/{tableName}"
-	XormSelectDataUri = config.DefaultUriPrefix + "/databaseManagement/{apiVersion}/select/{databaseName}/{tableName}"
-	XormInsertDataUri = config.DefaultUriPrefix + "/databaseManagement/{apiVersion}/insert/{databaseName}/{tableName}"
-	XormUpdateDataUri = config.DefaultUriPrefix + "/databaseManagement/{apiVersion}/update/{databaseName}/{tableName}"
-	XormDeleteDataUri = config.DefaultUriPrefix + "/databaseManagement/{apiVersion}/delete/{databaseName}/{tableName}"
+	XormGetDataUri    = config.DefaultUriPrefix + "/{managementModule}/{apiVersion}/elementType/{databaseName}/objectType/{tableName}"
+	XormSelectDataUri = config.DefaultUriPrefix + "/{managementModule}/{apiVersion}/select/{databaseName}/{tableName}"
+	XormInsertDataUri = config.DefaultUriPrefix + "/{managementModule}/{apiVersion}/insert/{databaseName}/{tableName}"
+	XormUpdateDataUri = config.DefaultUriPrefix + "/{managementModule}/{apiVersion}/update/{databaseName}/{tableName}"
+	XormDeleteDataUri = config.DefaultUriPrefix + "/{managementModule}/{apiVersion}/delete/{databaseName}/{tableName}"

-	CustomXormGetDataUri    = config.UriPrefix + "/databaseManagement/{apiVersion}/elementType/{databaseName}/objectType/{tableName}"
-	CustomXormSelectDataUri = config.UriPrefix + "/databaseManagement/{apiVersion}/select/{databaseName}/{tableName}"
-	CustomXormInsertDataUri = config.UriPrefix + "/databaseManagement/{apiVersion}/insert/{databaseName}/{tableName}"
-	CustomXormUpdateDataUri = config.UriPrefix + "/databaseManagement/{apiVersion}/update/{databaseName}/{tableName}"
-	CustomXormDeleteDataUri = config.UriPrefix + "/databaseManagement/{apiVersion}/delete/{databaseName}/{tableName}"
+	CustomXormGetDataUri    = config.UriPrefix + "/{managementModule}/{apiVersion}/elementType/{databaseName}/objectType/{tableName}"
+	CustomXormSelectDataUri = config.UriPrefix + "/{managementModule}/{apiVersion}/select/{databaseName}/{tableName}"
+	CustomXormInsertDataUri = config.UriPrefix + "/{managementModule}/{apiVersion}/insert/{databaseName}/{tableName}"
+	CustomXormUpdateDataUri = config.UriPrefix + "/{managementModule}/{apiVersion}/update/{databaseName}/{tableName}"
+	CustomXormDeleteDataUri = config.UriPrefix + "/{managementModule}/{apiVersion}/delete/{databaseName}/{tableName}"

-	XormCommonUri  = config.DefaultUriPrefix + "/databaseManagement/{apiVersion}/{databaseName}/{tableName}" // for internal
-	XormExtDataUri = config.DefaultUriPrefix + "/dataManagement/{apiVersion}/{dataStorage}/{dataObject}"     // for external
-	XormDataSQLUri = config.DefaultUriPrefix + "/dataManagement/{apiVersion}/{dataStorage}/{dataObject}"     // for external
+	XormCommonUri  = config.DefaultUriPrefix + "/{managementModule}/{apiVersion}/{databaseName}/{tableName}" // for internal
+	XormExtDataUri = config.DefaultUriPrefix + "/{managementModule}/{apiVersion}/{dataStorage}/{dataObject}" // for external
+	XormDataSQLUri = config.DefaultUriPrefix + "/{managementModule}/{apiVersion}/{dataStorage}/{dataObject}" // for external

-	CustomXormCommonUri  = config.UriPrefix + "/databaseManagement/{apiVersion}/{databaseName}/{tableName}" // for internal
-	CustomXormExtDataUri = config.UriPrefix + "/dataManagement/{apiVersion}/{dataStorage}/{dataObject}"     // for external
-	CustomXormDataSQLUri = config.UriPrefix + "/dataManagement/{apiVersion}/{dataStorage}/{dataObject}"     // for external
+	CustomXormCommonUri  = config.UriPrefix + "/{managementModule}/{apiVersion}/{databaseName}/{tableName}" // for internal
+	CustomXormExtDataUri = config.UriPrefix + "/{managementModule}/{apiVersion}/{dataStorage}/{dataObject}" // for external
+	CustomXormDataSQLUri = config.UriPrefix + "/{managementModule}/{apiVersion}/{dataStorage}/{dataObject}" // for external

 	// 查询数据库连接情况
-	UriDbConnection = config.DefaultUriPrefix + "/dataManagement/{apiVersion}/dbConnection"
+	UriDbConnection = config.DefaultUriPrefix + "/{managementModule}/{apiVersion}/dbConnection"
 	// 终结非法的数据库连接
-	UriDbStop = config.DefaultUriPrefix + "/dataManagement/{apiVersion}/dbStop"
+	UriDbStop = config.DefaultUriPrefix + "/{managementModule}/{apiVersion}/dbStop"
 )

 var xormResponse XormResponse
@@ -261,12 +261,13 @@ func ExtDatabaseGetData(w http.ResponseWriter, r *http.Request) {
 	}

 	vars := mux.Vars(r)
+	module := vars["managementModule"]
 	dbname := vars["dataStorage"]
 	tbname := vars["dataObject"]

-	log.Debugf("token:%s, method:%s, dbname:%s, tbname:%s", token, r.Method, dbname, tbname)
+	log.Debugf("token:%s, method:%s, dbname:%s, tbname:%s", token, r.Method, module, dbname, tbname)

-	exist, err := services.CheckUserPermission(token, strings.ToLower(r.Method), dbname, tbname)
+	exist, err := services.CheckUserPermission(token, strings.ToLower(r.Method), module, dbname, tbname)
 	if err != nil {
 		log.Error("Failed to get permission:", err)
 		services.ResponseForbidden403NotPermission(w)
@@ -349,11 +350,12 @@ func ExtDatabaseInsertData(w http.ResponseWriter, r *http.Request) {
 	}

 	vars := mux.Vars(r)
+	module := vars["managementModule"]
 	dbname := vars["dataStorage"]
 	tbname := vars["dataObject"]

-	log.Debugf("token:%s, method:%s, dbname:%s, tbname:%s", token, r.Method, dbname, tbname)
-	exist, err := services.CheckUserPermission(token, strings.ToLower(r.Method), dbname, tbname)
+	log.Debugf("token:%s, method:%s, dbname:%s, tbname:%s", token, r.Method, module, dbname, tbname)
+	exist, err := services.CheckUserPermission(token, strings.ToLower(r.Method), module, dbname, tbname)
 	if err != nil {
 		log.Error("Failed to get permission:", err)
 		services.ResponseForbidden403NotPermission(w)
@@ -403,11 +405,12 @@ func ExtDatabaseUpdateData(w http.ResponseWriter, r *http.Request) {
 	}

 	vars := mux.Vars(r)
+	module := vars["managementModule"]
 	dbname := vars["dataStorage"]
 	tbname := vars["dataObject"]

-	log.Debugf("token:%s, method:%s, dbname:%s, tbname:%s", token, r.Method, dbname, tbname)
-	exist, err := services.CheckUserPermission(token, strings.ToLower(r.Method), dbname, tbname)
+	log.Debugf("token:%s, method:%s, dbname:%s, tbname:%s", token, r.Method, module, dbname, tbname)
+	exist, err := services.CheckUserPermission(token, strings.ToLower(r.Method), module, dbname, tbname)
 	if err != nil {
 		log.Error("Failed to get permission:", err)
 		services.ResponseForbidden403NotPermission(w)
@@ -464,11 +467,12 @@ func ExtDatabaseDeleteData(w http.ResponseWriter, r *http.Request) {
 	}

 	vars := mux.Vars(r)
+	module := vars["managementModule"]
 	dbname := vars["dataStorage"]
 	tbname := vars["dataObject"]

-	log.Debugf("token:%s, method:%s, dbname:%s, tbname:%s", token, r.Method, dbname, tbname)
-	exist, err := services.CheckUserPermission(token, strings.ToLower(r.Method), dbname, tbname)
+	log.Debugf("token:%s, method:%s, module:%, dbname:%s, tbname:%s", token, r.Method, module, dbname, tbname)
+	exist, err := services.CheckUserPermission(token, strings.ToLower(r.Method), module, dbname, tbname)
 	if err != nil {
 		log.Error("Failed to get permission:", err)
 		services.ResponseForbidden403NotPermission(w)
--- a/features/lm/logbak.go
+++ b/features/lm/logbak.go
@@ -90,11 +90,12 @@ func ExtDatabaseBackupData(w http.ResponseWriter, r *http.Request) {
 	}

 	vars := mux.Vars(r)
+	module := vars["managementModule"]
 	dbname := vars["dataStorage"]
 	tbname := vars["dataObject"]

-	log.Debugf("token:%s, method:%s, dbname:%s, tbname:%s", token, r.Method, dbname, tbname)
-	exist, err := services.CheckUserPermission(token, strings.ToLower(r.Method), dbname, tbname)
+	log.Debugf("token:%s, method:%s, dbname:%s, tbname:%s", token, r.Method, module, dbname, tbname)
+	exist, err := services.CheckUserPermission(token, strings.ToLower(r.Method), module, dbname, tbname)
 	if err != nil {
 		log.Error("Failed to get permission:", err)
 		services.ResponseForbidden403NotPermission(w)
--- a/features/mml/mml.go
+++ b/features/mml/mml.go
@@ -57,6 +57,7 @@ func PostMMLToNF(w http.ResponseWriter, r *http.Request) {
 	}

 	vars := mux.Vars(r)
+	module := vars["managementModule"]
 	neType := vars["elementTypeValue"]
 	params := r.URL.Query()
 	neId := params["ne_id"]
@@ -67,13 +68,13 @@ func PostMMLToNF(w http.ResponseWriter, r *http.Request) {
 	}
 	log.Debug("neType:", neType, "neId", neId)

-	log.Debugf("token:%s, method:%s, dbname:%s, tbname:%s", token, r.Method, neType, neId[0])
+	log.Debugf("token:%s, method:%s, managementModule:%s dbname:%s, tbname:%s", token, r.Method, module, neType, neId[0])

 	var buf [8192]byte
 	var n int
 	var mmlResult []string

-	exist, err := services.CheckUserPermission(token, strings.ToLower(r.Method), neType, neId[0])
+	exist, err := services.CheckUserPermission(token, strings.ToLower(r.Method), module, neType, neId[0])
 	if err != nil {
 		log.Error("Failed to get permission:", err)
 		errMsg := fmt.Sprintf("RetCode = -1 operation failed: do not have the operation permissions")
--- a/lib/dborm/dborm.go
+++ b/lib/dborm/dborm.go
@@ -1484,14 +1484,14 @@ type permission struct {
 	Object         string `json:"object"`
 }

-func IsPermissionAllowed(token, method, dbname, tbname string) (bool, error) {
+func IsPermissionAllowed(token, method, module, dbname, tbname string) (bool, error) {
 	log.Info("IsPermissionAllowed processing... ")

 	exist, err := xEngine.Table("permission").
 		Join("INNER", "role_permission", "permission.permission_name = role_permission.p_name").
 		Join("INNER", "user_role", "role_permission.r_name = user_role.r_name").
 		Join("INNER", "session", "user_role.u_name = session.account_id and session.access_token=?", token).
-		Where("method in ('*',?) and element in ('*',?) and object in ('*',?)", method, dbname, tbname).
+		Where("method in ('*',?) and management in ('*',?) and element in ('*',?) and object in ('*',?)", method, module, dbname, tbname).
 		Exist()
 	if err != nil {
 		return false, err
--- a/lib/services/services.go
+++ b/lib/services/services.go
@@ -417,9 +417,18 @@ func CheckCommonValidRequest(w http.ResponseWriter, r *http.Request) (string, er
 	return token, nil
 }

-func CheckUserPermission(token, method, dbname, tbname string) (bool, error) {
+func CheckUserPermission(token, method, module, dbname, tbname string) (bool, error) {
 	if config.GetYamlConfig().OMC.RBACMode == true {
-		exist, err := dborm.IsPermissionAllowed(token, method, dbname, tbname)
+		if module == "" {
+			module = "*"
+		}
+		if dbname == "" {
+			dbname = "*"
+		}
+		if tbname == "" {
+			tbname = "*"
+		}
+		exist, err := dborm.IsPermissionAllowed(token, method, module, dbname, tbname)
 		if err != nil {
 			return false, err
 		}