github.com/polarismesh/polaris@v1.17.8/config/config_file_group_authibility.go

github.com/polarismesh/polaris@v1.17.8/config/config_file_group_authibility.go (about)

     1  /**
     2   * Tencent is pleased to support the open source community by making Polaris available.
     3   *
     4   * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved.
     5   *
     6   * Licensed under the BSD 3-Clause License (the "License");
     7   * you may not use this file except in compliance with the License.
     8   * You may obtain a copy of the License at
     9   *
    10   * https://opensource.org/licenses/BSD-3-Clause
    11   *
    12   * Unless required by applicable law or agreed to in writing, software distributed
    13   * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
    14   * CONDITIONS OF ANY KIND, either express or implied. See the License for the
    15   * specific language governing permissions and limitations under the License.
    16   */
    17  
    18  package config
    19  
    20  import (
    21  	"context"
    22  	"fmt"
    23  
    24  	apiconfig "github.com/polarismesh/specification/source/go/api/v1/config_manage"
    25  	apisecurity "github.com/polarismesh/specification/source/go/api/v1/security"
    26  
    27  	api "github.com/polarismesh/polaris/common/api/v1"
    28  	"github.com/polarismesh/polaris/common/model"
    29  	"github.com/polarismesh/polaris/common/utils"
    30  )
    31  
    32  // CreateConfigFileGroup 创建配置文件组
    33  func (s *serverAuthability) CreateConfigFileGroup(ctx context.Context,
    34  	configFileGroup *apiconfig.ConfigFileGroup) *apiconfig.ConfigResponse {
    35  	authCtx := s.collectConfigGroupAuthContext(ctx, []*apiconfig.ConfigFileGroup{configFileGroup},
    36  		model.Create, "CreateConfigFileGroup")
    37  
    38  	// 验证 token 信息
    39  	if _, err := s.strategyMgn.GetAuthChecker().CheckConsolePermission(authCtx); err != nil {
    40  		return api.NewConfigResponseWithInfo(convertToErrCode(err), err.Error())
    41  	}
    42  
    43  	ctx = authCtx.GetRequestContext()
    44  	ctx = context.WithValue(ctx, utils.ContextAuthContextKey, authCtx)
    45  
    46  	return s.targetServer.CreateConfigFileGroup(ctx, configFileGroup)
    47  }
    48  
    49  // QueryConfigFileGroups 查询配置文件组
    50  func (s *serverAuthability) QueryConfigFileGroups(ctx context.Context,
    51  	filter map[string]string) *apiconfig.ConfigBatchQueryResponse {
    52  
    53  	authCtx := s.collectConfigGroupAuthContext(ctx, nil, model.Read, "QueryConfigFileGroups")
    54  
    55  	if _, err := s.strategyMgn.GetAuthChecker().CheckConsolePermission(authCtx); err != nil {
    56  		return api.NewConfigBatchQueryResponse(convertToErrCode(err))
    57  	}
    58  
    59  	ctx = authCtx.GetRequestContext()
    60  	ctx = context.WithValue(ctx, utils.ContextAuthContextKey, authCtx)
    61  
    62  	resp := s.targetServer.QueryConfigFileGroups(ctx, filter)
    63  	if len(resp.ConfigFileGroups) != 0 {
    64  		principal := model.Principal{
    65  			PrincipalID:   utils.ParseUserID(ctx),
    66  			PrincipalRole: model.PrincipalUser,
    67  		}
    68  		for index := range resp.ConfigFileGroups {
    69  			group := resp.ConfigFileGroups[index]
    70  			editable := true
    71  			// 如果鉴权能力没有开启，那就默认都可以进行编辑
    72  			if s.strategyMgn.GetAuthChecker().IsOpenConsoleAuth() {
    73  				editable = s.targetServer.caches.AuthStrategy().IsResourceEditable(principal,
    74  					apisecurity.ResourceType_ConfigGroups, fmt.Sprintf("%d", group.GetId().GetValue()))
    75  			}
    76  			group.Editable = utils.NewBoolValue(editable)
    77  		}
    78  	}
    79  
    80  	return resp
    81  }
    82  
    83  // DeleteConfigFileGroup 删除配置文件组
    84  func (s *serverAuthability) DeleteConfigFileGroup(
    85  	ctx context.Context, namespace, name string) *apiconfig.ConfigResponse {
    86  	authCtx := s.collectConfigGroupAuthContext(ctx, []*apiconfig.ConfigFileGroup{{Name: utils.NewStringValue(name),
    87  		Namespace: utils.NewStringValue(namespace)}}, model.Delete, "DeleteConfigFileGroup")
    88  
    89  	if _, err := s.strategyMgn.GetAuthChecker().CheckConsolePermission(authCtx); err != nil {
    90  		return api.NewConfigResponseWithInfo(convertToErrCode(err), err.Error())
    91  	}
    92  
    93  	ctx = authCtx.GetRequestContext()
    94  	ctx = context.WithValue(ctx, utils.ContextAuthContextKey, authCtx)
    95  
    96  	return s.targetServer.DeleteConfigFileGroup(ctx, namespace, name)
    97  }
    98  
    99  // UpdateConfigFileGroup 更新配置文件组
   100  func (s *serverAuthability) UpdateConfigFileGroup(ctx context.Context,
   101  	configFileGroup *apiconfig.ConfigFileGroup) *apiconfig.ConfigResponse {
   102  	authCtx := s.collectConfigGroupAuthContext(ctx, []*apiconfig.ConfigFileGroup{configFileGroup},
   103  		model.Modify, "UpdateConfigFileGroup")
   104  
   105  	if _, err := s.strategyMgn.GetAuthChecker().CheckConsolePermission(authCtx); err != nil {
   106  		return api.NewConfigResponseWithInfo(convertToErrCode(err), err.Error())
   107  	}
   108  
   109  	ctx = authCtx.GetRequestContext()
   110  	ctx = context.WithValue(ctx, utils.ContextAuthContextKey, authCtx)
   111  	return s.targetServer.UpdateConfigFileGroup(ctx, configFileGroup)
   112  }