github.com/polarismesh/polaris@v1.17.8/service/instance_authability.go

github.com/polarismesh/polaris@v1.17.8/service/instance_authability.go (about)

     1  /**
     2   * Tencent is pleased to support the open source community by making Polaris available.
     3   *
     4   * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved.
     5   *
     6   * Licensed under the BSD 3-Clause License (the "License");
     7   * you may not use this file except in compliance with the License.
     8   * You may obtain a copy of the License at
     9   *
    10   * https://opensource.org/licenses/BSD-3-Clause
    11   *
    12   * Unless required by applicable law or agreed to in writing, software distributed
    13   * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
    14   * CONDITIONS OF ANY KIND, either express or implied. See the License for the
    15   * specific language governing permissions and limitations under the License.
    16   */
    17  
    18  package service
    19  
    20  import (
    21  	"context"
    22  
    23  	apimodel "github.com/polarismesh/specification/source/go/api/v1/model"
    24  	apiservice "github.com/polarismesh/specification/source/go/api/v1/service_manage"
    25  
    26  	api "github.com/polarismesh/polaris/common/api/v1"
    27  	"github.com/polarismesh/polaris/common/model"
    28  	authcommon "github.com/polarismesh/polaris/common/model/auth"
    29  	"github.com/polarismesh/polaris/common/utils"
    30  )
    31  
    32  // CreateInstances create instances
    33  func (svr *serverAuthAbility) CreateInstances(ctx context.Context,
    34  	reqs []*apiservice.Instance) *apiservice.BatchWriteResponse {
    35  	authCtx := svr.collectInstanceAuthContext(ctx, reqs, model.Create, "CreateInstances")
    36  
    37  	_, err := svr.strategyMgn.GetAuthChecker().CheckConsolePermission(authCtx)
    38  	if err != nil {
    39  		resp := api.NewResponseWithMsg(convertToErrCode(err), err.Error())
    40  		batchResp := api.NewBatchWriteResponse(apimodel.Code_ExecuteSuccess)
    41  		api.Collect(batchResp, resp)
    42  		return batchResp
    43  	}
    44  
    45  	ctx = authCtx.GetRequestContext()
    46  	ctx = context.WithValue(ctx, utils.ContextAuthContextKey, authCtx)
    47  
    48  	return svr.targetServer.CreateInstances(ctx, reqs)
    49  }
    50  
    51  // DeleteInstances delete instances
    52  func (svr *serverAuthAbility) DeleteInstances(ctx context.Context,
    53  	reqs []*apiservice.Instance) *apiservice.BatchWriteResponse {
    54  	authCtx := svr.collectInstanceAuthContext(ctx, reqs, model.Delete, "DeleteInstances")
    55  
    56  	_, err := svr.strategyMgn.GetAuthChecker().CheckConsolePermission(authCtx)
    57  	if err != nil {
    58  		resp := api.NewResponseWithMsg(convertToErrCode(err), err.Error())
    59  		batchResp := api.NewBatchWriteResponse(apimodel.Code_ExecuteSuccess)
    60  		api.Collect(batchResp, resp)
    61  		return batchResp
    62  	}
    63  
    64  	ctx = authCtx.GetRequestContext()
    65  	ctx = context.WithValue(ctx, utils.ContextAuthContextKey, authCtx)
    66  
    67  	return svr.targetServer.DeleteInstances(ctx, reqs)
    68  }
    69  
    70  // DeleteInstancesByHost 目前只允许 super account 进行数据删除
    71  func (svr *serverAuthAbility) DeleteInstancesByHost(ctx context.Context,
    72  	reqs []*apiservice.Instance) *apiservice.BatchWriteResponse {
    73  	authCtx := svr.collectInstanceAuthContext(ctx, reqs, model.Delete, "DeleteInstancesByHost")
    74  
    75  	if _, err := svr.strategyMgn.GetAuthChecker().CheckConsolePermission(authCtx); err != nil {
    76  		return api.NewBatchWriteResponse(convertToErrCode(err))
    77  	}
    78  	ctx = authCtx.GetRequestContext()
    79  	ctx = context.WithValue(ctx, utils.ContextAuthContextKey, authCtx)
    80  	if authcommon.ParseUserRole(ctx) == model.SubAccountUserRole {
    81  		ret := api.NewBatchWriteResponse(apimodel.Code_ExecuteSuccess)
    82  		api.Collect(ret, api.NewResponse(apimodel.Code_NotAllowedAccess))
    83  		return ret
    84  	}
    85  
    86  	return svr.targetServer.DeleteInstancesByHost(ctx, reqs)
    87  }
    88  
    89  // UpdateInstances update instances
    90  func (svr *serverAuthAbility) UpdateInstances(ctx context.Context,
    91  	reqs []*apiservice.Instance) *apiservice.BatchWriteResponse {
    92  	authCtx := svr.collectInstanceAuthContext(ctx, reqs, model.Modify, "UpdateInstances")
    93  
    94  	_, err := svr.strategyMgn.GetAuthChecker().CheckConsolePermission(authCtx)
    95  	if err != nil {
    96  		return api.NewBatchWriteResponseWithMsg(convertToErrCode(err), err.Error())
    97  	}
    98  
    99  	ctx = authCtx.GetRequestContext()
   100  	ctx = context.WithValue(ctx, utils.ContextAuthContextKey, authCtx)
   101  
   102  	return svr.targetServer.UpdateInstances(ctx, reqs)
   103  }
   104  
   105  // UpdateInstancesIsolate update instances
   106  func (svr *serverAuthAbility) UpdateInstancesIsolate(ctx context.Context,
   107  	reqs []*apiservice.Instance) *apiservice.BatchWriteResponse {
   108  	authCtx := svr.collectInstanceAuthContext(ctx, reqs, model.Modify, "UpdateInstancesIsolate")
   109  
   110  	_, err := svr.strategyMgn.GetAuthChecker().CheckConsolePermission(authCtx)
   111  	if err != nil {
   112  		return api.NewBatchWriteResponseWithMsg(convertToErrCode(err), err.Error())
   113  	}
   114  
   115  	ctx = authCtx.GetRequestContext()
   116  	ctx = context.WithValue(ctx, utils.ContextAuthContextKey, authCtx)
   117  
   118  	return svr.targetServer.UpdateInstancesIsolate(ctx, reqs)
   119  }
   120  
   121  // GetInstances get instances
   122  func (svr *serverAuthAbility) GetInstances(ctx context.Context,
   123  	query map[string]string) *apiservice.BatchQueryResponse {
   124  	authCtx := svr.collectInstanceAuthContext(ctx, nil, model.Read, "GetInstances")
   125  	_, err := svr.strategyMgn.GetAuthChecker().CheckConsolePermission(authCtx)
   126  	if err != nil {
   127  		return api.NewBatchQueryResponseWithMsg(convertToErrCode(err), err.Error())
   128  	}
   129  
   130  	ctx = authCtx.GetRequestContext()
   131  	ctx = context.WithValue(ctx, utils.ContextAuthContextKey, authCtx)
   132  
   133  	return svr.targetServer.GetInstances(ctx, query)
   134  }
   135  
   136  // GetInstancesCount get instances to count
   137  func (svr *serverAuthAbility) GetInstancesCount(ctx context.Context) *apiservice.BatchQueryResponse {
   138  	authCtx := svr.collectInstanceAuthContext(ctx, nil, model.Read, "GetInstancesCount")
   139  	_, err := svr.strategyMgn.GetAuthChecker().CheckConsolePermission(authCtx)
   140  	if err != nil {
   141  		return api.NewBatchQueryResponseWithMsg(convertToErrCode(err), err.Error())
   142  	}
   143  	ctx = authCtx.GetRequestContext()
   144  	ctx = context.WithValue(ctx, utils.ContextAuthContextKey, authCtx)
   145  
   146  	return svr.targetServer.GetInstancesCount(ctx)
   147  }
   148  
   149  func (svr *serverAuthAbility) GetInstanceLabels(ctx context.Context,
   150  	query map[string]string) *apiservice.Response {
   151  
   152  	authCtx := svr.collectInstanceAuthContext(ctx, nil, model.Read, "GetInstanceLabels")
   153  	_, err := svr.strategyMgn.GetAuthChecker().CheckConsolePermission(authCtx)
   154  	if err != nil {
   155  		return api.NewResponseWithMsg(convertToErrCode(err), err.Error())
   156  	}
   157  	ctx = authCtx.GetRequestContext()
   158  	ctx = context.WithValue(ctx, utils.ContextAuthContextKey, authCtx)
   159  	return svr.targetServer.GetInstanceLabels(ctx, query)
   160  }