OMC/be.ems
1
0
Fork 0
Code Issues Releases 3 Activity

mml

Browse Source
This commit is contained in:
simonzhangsz
2023-08-18 13:57:36 +08:00
parent 3e726ddd99
commit 882baa2e0b
5 changed files with 49 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
features/dbrest/dbrest.go
View File

@@ -29,30 +29,30 @@ type XormInsertResponse struct {
var ( var (
// database management rest pattern discard // database management rest pattern discard
XormGetDataUri = config.DefaultUriPrefix + "/databaseManagement/{apiVersion}/elementType/{databaseName}/objectType/{tableName}" XormGetDataUri = config.DefaultUriPrefix + "/{managementModule}/{apiVersion}/elementType/{databaseName}/objectType/{tableName}"
XormSelectDataUri = config.DefaultUriPrefix + "/databaseManagement/{apiVersion}/select/{databaseName}/{tableName}" XormSelectDataUri = config.DefaultUriPrefix + "/{managementModule}/{apiVersion}/select/{databaseName}/{tableName}"
XormInsertDataUri = config.DefaultUriPrefix + "/databaseManagement/{apiVersion}/insert/{databaseName}/{tableName}" XormInsertDataUri = config.DefaultUriPrefix + "/{managementModule}/{apiVersion}/insert/{databaseName}/{tableName}"
XormUpdateDataUri = config.DefaultUriPrefix + "/databaseManagement/{apiVersion}/update/{databaseName}/{tableName}" XormUpdateDataUri = config.DefaultUriPrefix + "/{managementModule}/{apiVersion}/update/{databaseName}/{tableName}"
XormDeleteDataUri = config.DefaultUriPrefix + "/databaseManagement/{apiVersion}/delete/{databaseName}/{tableName}" XormDeleteDataUri = config.DefaultUriPrefix + "/{managementModule}/{apiVersion}/delete/{databaseName}/{tableName}"
CustomXormGetDataUri = config.UriPrefix + "/databaseManagement/{apiVersion}/elementType/{databaseName}/objectType/{tableName}" CustomXormGetDataUri = config.UriPrefix + "/{managementModule}/{apiVersion}/elementType/{databaseName}/objectType/{tableName}"
CustomXormSelectDataUri = config.UriPrefix + "/databaseManagement/{apiVersion}/select/{databaseName}/{tableName}" CustomXormSelectDataUri = config.UriPrefix + "/{managementModule}/{apiVersion}/select/{databaseName}/{tableName}"
CustomXormInsertDataUri = config.UriPrefix + "/databaseManagement/{apiVersion}/insert/{databaseName}/{tableName}" CustomXormInsertDataUri = config.UriPrefix + "/{managementModule}/{apiVersion}/insert/{databaseName}/{tableName}"
CustomXormUpdateDataUri = config.UriPrefix + "/databaseManagement/{apiVersion}/update/{databaseName}/{tableName}" CustomXormUpdateDataUri = config.UriPrefix + "/{managementModule}/{apiVersion}/update/{databaseName}/{tableName}"
CustomXormDeleteDataUri = config.UriPrefix + "/databaseManagement/{apiVersion}/delete/{databaseName}/{tableName}" CustomXormDeleteDataUri = config.UriPrefix + "/{managementModule}/{apiVersion}/delete/{databaseName}/{tableName}"
XormCommonUri = config.DefaultUriPrefix + "/databaseManagement/{apiVersion}/{databaseName}/{tableName}" // for internal XormCommonUri = config.DefaultUriPrefix + "/{managementModule}/{apiVersion}/{databaseName}/{tableName}" // for internal
XormExtDataUri = config.DefaultUriPrefix + "/dataManagement/{apiVersion}/{dataStorage}/{dataObject}" // for external XormExtDataUri = config.DefaultUriPrefix + "/{managementModule}/{apiVersion}/{dataStorage}/{dataObject}" // for external
XormDataSQLUri = config.DefaultUriPrefix + "/dataManagement/{apiVersion}/{dataStorage}/{dataObject}" // for external XormDataSQLUri = config.DefaultUriPrefix + "/{managementModule}/{apiVersion}/{dataStorage}/{dataObject}" // for external
CustomXormCommonUri = config.UriPrefix + "/databaseManagement/{apiVersion}/{databaseName}/{tableName}" // for internal CustomXormCommonUri = config.UriPrefix + "/{managementModule}/{apiVersion}/{databaseName}/{tableName}" // for internal
CustomXormExtDataUri = config.UriPrefix + "/dataManagement/{apiVersion}/{dataStorage}/{dataObject}" // for external CustomXormExtDataUri = config.UriPrefix + "/{managementModule}/{apiVersion}/{dataStorage}/{dataObject}" // for external
CustomXormDataSQLUri = config.UriPrefix + "/dataManagement/{apiVersion}/{dataStorage}/{dataObject}" // for external CustomXormDataSQLUri = config.UriPrefix + "/{managementModule}/{apiVersion}/{dataStorage}/{dataObject}" // for external
// 查询数据库连接情况 // 查询数据库连接情况
UriDbConnection = config.DefaultUriPrefix + "/dataManagement/{apiVersion}/dbConnection" UriDbConnection = config.DefaultUriPrefix + "/{managementModule}/{apiVersion}/dbConnection"
// 终结非法的数据库连接 // 终结非法的数据库连接
UriDbStop = config.DefaultUriPrefix + "/dataManagement/{apiVersion}/dbStop" UriDbStop = config.DefaultUriPrefix + "/{managementModule}/{apiVersion}/dbStop"
) )
var xormResponse XormResponse var xormResponse XormResponse
@@ -261,12 +261,13 @@ func ExtDatabaseGetData(w http.ResponseWriter, r *http.Request) {
} }
vars := mux.Vars(r) vars := mux.Vars(r)
module := vars["managementModule"]
dbname := vars["dataStorage"] dbname := vars["dataStorage"]
tbname := vars["dataObject"] tbname := vars["dataObject"]
log.Debugf("token:%s, method:%s, dbname:%s, tbname:%s", token, r.Method, dbname, tbname) log.Debugf("token:%s, method:%s, dbname:%s, tbname:%s", token, r.Method, module, dbname, tbname)
exist, err := services.CheckUserPermission(token, strings.ToLower(r.Method), dbname, tbname) exist, err := services.CheckUserPermission(token, strings.ToLower(r.Method), module, dbname, tbname)
if err != nil { if err != nil {
log.Error("Failed to get permission:", err) log.Error("Failed to get permission:", err)
services.ResponseForbidden403NotPermission(w) services.ResponseForbidden403NotPermission(w)
@@ -349,11 +350,12 @@ func ExtDatabaseInsertData(w http.ResponseWriter, r *http.Request) {
} }
vars := mux.Vars(r) vars := mux.Vars(r)
module := vars["managementModule"]
dbname := vars["dataStorage"] dbname := vars["dataStorage"]
tbname := vars["dataObject"] tbname := vars["dataObject"]
log.Debugf("token:%s, method:%s, dbname:%s, tbname:%s", token, r.Method, dbname, tbname) log.Debugf("token:%s, method:%s, dbname:%s, tbname:%s", token, r.Method, module, dbname, tbname)
exist, err := services.CheckUserPermission(token, strings.ToLower(r.Method), dbname, tbname) exist, err := services.CheckUserPermission(token, strings.ToLower(r.Method), module, dbname, tbname)
if err != nil { if err != nil {
log.Error("Failed to get permission:", err) log.Error("Failed to get permission:", err)
services.ResponseForbidden403NotPermission(w) services.ResponseForbidden403NotPermission(w)
@@ -403,11 +405,12 @@ func ExtDatabaseUpdateData(w http.ResponseWriter, r *http.Request) {
} }
vars := mux.Vars(r) vars := mux.Vars(r)
module := vars["managementModule"]
dbname := vars["dataStorage"] dbname := vars["dataStorage"]
tbname := vars["dataObject"] tbname := vars["dataObject"]
log.Debugf("token:%s, method:%s, dbname:%s, tbname:%s", token, r.Method, dbname, tbname) log.Debugf("token:%s, method:%s, dbname:%s, tbname:%s", token, r.Method, module, dbname, tbname)
exist, err := services.CheckUserPermission(token, strings.ToLower(r.Method), dbname, tbname) exist, err := services.CheckUserPermission(token, strings.ToLower(r.Method), module, dbname, tbname)
if err != nil { if err != nil {
log.Error("Failed to get permission:", err) log.Error("Failed to get permission:", err)
services.ResponseForbidden403NotPermission(w) services.ResponseForbidden403NotPermission(w)
@@ -464,11 +467,12 @@ func ExtDatabaseDeleteData(w http.ResponseWriter, r *http.Request) {
} }
vars := mux.Vars(r) vars := mux.Vars(r)
module := vars["managementModule"]
dbname := vars["dataStorage"] dbname := vars["dataStorage"]
tbname := vars["dataObject"] tbname := vars["dataObject"]
log.Debugf("token:%s, method:%s, dbname:%s, tbname:%s", token, r.Method, dbname, tbname) log.Debugf("token:%s, method:%s, module:%, dbname:%s, tbname:%s", token, r.Method, module, dbname, tbname)
exist, err := services.CheckUserPermission(token, strings.ToLower(r.Method), dbname, tbname) exist, err := services.CheckUserPermission(token, strings.ToLower(r.Method), module, dbname, tbname)
if err != nil { if err != nil {
log.Error("Failed to get permission:", err) log.Error("Failed to get permission:", err)
services.ResponseForbidden403NotPermission(w) services.ResponseForbidden403NotPermission(w)

5
features/lm/logbak.go
View File

@@ -90,11 +90,12 @@ func ExtDatabaseBackupData(w http.ResponseWriter, r *http.Request) {
} }
vars := mux.Vars(r) vars := mux.Vars(r)
module := vars["managementModule"]
dbname := vars["dataStorage"] dbname := vars["dataStorage"]
tbname := vars["dataObject"] tbname := vars["dataObject"]
log.Debugf("token:%s, method:%s, dbname:%s, tbname:%s", token, r.Method, dbname, tbname) log.Debugf("token:%s, method:%s, dbname:%s, tbname:%s", token, r.Method, module, dbname, tbname)
exist, err := services.CheckUserPermission(token, strings.ToLower(r.Method), dbname, tbname) exist, err := services.CheckUserPermission(token, strings.ToLower(r.Method), module, dbname, tbname)
if err != nil { if err != nil {
log.Error("Failed to get permission:", err) log.Error("Failed to get permission:", err)
services.ResponseForbidden403NotPermission(w) services.ResponseForbidden403NotPermission(w)

5
features/mml/mml.go
View File

@@ -57,6 +57,7 @@ func PostMMLToNF(w http.ResponseWriter, r *http.Request) {
} }
vars := mux.Vars(r) vars := mux.Vars(r)
module := vars["managementModule"]
neType := vars["elementTypeValue"] neType := vars["elementTypeValue"]
params := r.URL.Query() params := r.URL.Query()
neId := params["ne_id"] neId := params["ne_id"]
@@ -67,13 +68,13 @@ func PostMMLToNF(w http.ResponseWriter, r *http.Request) {
} }
log.Debug("neType:", neType, "neId", neId) log.Debug("neType:", neType, "neId", neId)
log.Debugf("token:%s, method:%s, dbname:%s, tbname:%s", token, r.Method, neType, neId[0]) log.Debugf("token:%s, method:%s, managementModule:%s dbname:%s, tbname:%s", token, r.Method, module, neType, neId[0])
var buf [8192]byte var buf [8192]byte
var n int var n int
var mmlResult []string var mmlResult []string
exist, err := services.CheckUserPermission(token, strings.ToLower(r.Method), neType, neId[0]) exist, err := services.CheckUserPermission(token, strings.ToLower(r.Method), module, neType, neId[0])
if err != nil { if err != nil {
log.Error("Failed to get permission:", err) log.Error("Failed to get permission:", err)
errMsg := fmt.Sprintf("RetCode = -1 operation failed: do not have the operation permissions") errMsg := fmt.Sprintf("RetCode = -1 operation failed: do not have the operation permissions")

4
lib/dborm/dborm.go
View File

@@ -1484,14 +1484,14 @@ type permission struct {
Object string `json:"object"` Object string `json:"object"`
} }
func IsPermissionAllowed(token, method, dbname, tbname string) (bool, error) { func IsPermissionAllowed(token, method, module, dbname, tbname string) (bool, error) {
log.Info("IsPermissionAllowed processing... ") log.Info("IsPermissionAllowed processing... ")
exist, err := xEngine.Table("permission"). exist, err := xEngine.Table("permission").
Join("INNER", "role_permission", "permission.permission_name = role_permission.p_name"). Join("INNER", "role_permission", "permission.permission_name = role_permission.p_name").
Join("INNER", "user_role", "role_permission.r_name = user_role.r_name"). Join("INNER", "user_role", "role_permission.r_name = user_role.r_name").
Join("INNER", "session", "user_role.u_name = session.account_id and session.access_token=?", token). Join("INNER", "session", "user_role.u_name = session.account_id and session.access_token=?", token).
Where("method in ('*',?) and element in ('*',?) and object in ('*',?)", method, dbname, tbname). Where("method in ('*',?) and management in ('*',?) and element in ('*',?) and object in ('*',?)", method, module, dbname, tbname).
Exist() Exist()
if err != nil { if err != nil {
return false, err return false, err

13
lib/services/services.go
View File

@@ -417,9 +417,18 @@ func CheckCommonValidRequest(w http.ResponseWriter, r *http.Request) (string, er
return token, nil return token, nil
} }
func CheckUserPermission(token, method, dbname, tbname string) (bool, error) { func CheckUserPermission(token, method, module, dbname, tbname string) (bool, error) {
if config.GetYamlConfig().OMC.RBACMode == true { if config.GetYamlConfig().OMC.RBACMode == true {
exist, err := dborm.IsPermissionAllowed(token, method, dbname, tbname) if module == "" {
module = "*"
}
if dbname == "" {
dbname = "*"
}
if tbname == "" {
tbname = "*"
}
exist, err := dborm.IsPermissionAllowed(token, method, module, dbname, tbname)
if err != nil { if err != nil {
return false, err return false, err
} }