github.com/polarismesh/polaris@v1.17.8/service/service_alias_authability.go

github.com/polarismesh/polaris@v1.17.8/service/service_alias_authability.go (about)

     1  /**
     2   * Tencent is pleased to support the open source community by making Polaris available.
     3   *
     4   * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved.
     5   *
     6   * Licensed under the BSD 3-Clause License (the "License");
     7   * you may not use this file except in compliance with the License.
     8   * You may obtain a copy of the License at
     9   *
    10   * https://opensource.org/licenses/BSD-3-Clause
    11   *
    12   * Unless required by applicable law or agreed to in writing, software distributed
    13   * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
    14   * CONDITIONS OF ANY KIND, either express or implied. See the License for the
    15   * specific language governing permissions and limitations under the License.
    16   */
    17  
    18  package service
    19  
    20  import (
    21  	"context"
    22  
    23  	apisecurity "github.com/polarismesh/specification/source/go/api/v1/security"
    24  	apiservice "github.com/polarismesh/specification/source/go/api/v1/service_manage"
    25  
    26  	api "github.com/polarismesh/polaris/common/api/v1"
    27  	"github.com/polarismesh/polaris/common/model"
    28  	"github.com/polarismesh/polaris/common/utils"
    29  )
    30  
    31  // CreateServiceAlias creates a service alias
    32  func (svr *serverAuthAbility) CreateServiceAlias(
    33  	ctx context.Context, req *apiservice.ServiceAlias) *apiservice.Response {
    34  	authCtx := svr.collectServiceAliasAuthContext(
    35  		ctx, []*apiservice.ServiceAlias{req}, model.Create, "CreateServiceAlias")
    36  
    37  	if _, err := svr.strategyMgn.GetAuthChecker().CheckConsolePermission(authCtx); err != nil {
    38  		return api.NewServiceAliasResponse(convertToErrCode(err), req)
    39  	}
    40  
    41  	ctx = authCtx.GetRequestContext()
    42  	ctx = context.WithValue(ctx, utils.ContextAuthContextKey, authCtx)
    43  
    44  	// 填充 ownerId 信息数据
    45  	ownerId := utils.ParseOwnerID(ctx)
    46  	if len(ownerId) > 0 {
    47  		req.Owners = utils.NewStringValue(ownerId)
    48  	}
    49  
    50  	return svr.targetServer.CreateServiceAlias(ctx, req)
    51  }
    52  
    53  // DeleteServiceAliases deletes service aliases
    54  func (svr *serverAuthAbility) DeleteServiceAliases(ctx context.Context,
    55  	reqs []*apiservice.ServiceAlias) *apiservice.BatchWriteResponse {
    56  	authCtx := svr.collectServiceAliasAuthContext(ctx, reqs, model.Delete, "DeleteServiceAliases")
    57  
    58  	if _, err := svr.strategyMgn.GetAuthChecker().CheckConsolePermission(authCtx); err != nil {
    59  		return api.NewBatchWriteResponse(convertToErrCode(err))
    60  	}
    61  
    62  	ctx = authCtx.GetRequestContext()
    63  	ctx = context.WithValue(ctx, utils.ContextAuthContextKey, authCtx)
    64  
    65  	return svr.targetServer.DeleteServiceAliases(ctx, reqs)
    66  }
    67  
    68  // UpdateServiceAlias updates service alias
    69  func (svr *serverAuthAbility) UpdateServiceAlias(
    70  	ctx context.Context, req *apiservice.ServiceAlias) *apiservice.Response {
    71  	authCtx := svr.collectServiceAliasAuthContext(
    72  		ctx, []*apiservice.ServiceAlias{req}, model.Modify, "UpdateServiceAlias")
    73  
    74  	if _, err := svr.strategyMgn.GetAuthChecker().CheckConsolePermission(authCtx); err != nil {
    75  		return api.NewServiceAliasResponse(convertToErrCode(err), req)
    76  	}
    77  
    78  	ctx = authCtx.GetRequestContext()
    79  	ctx = context.WithValue(ctx, utils.ContextAuthContextKey, authCtx)
    80  
    81  	return svr.targetServer.UpdateServiceAlias(ctx, req)
    82  }
    83  
    84  // GetServiceAliases gets service aliases
    85  func (svr *serverAuthAbility) GetServiceAliases(ctx context.Context,
    86  	query map[string]string) *apiservice.BatchQueryResponse {
    87  	authCtx := svr.collectServiceAliasAuthContext(ctx, nil, model.Read, "GetServiceAliases")
    88  
    89  	if _, err := svr.strategyMgn.GetAuthChecker().CheckConsolePermission(authCtx); err != nil {
    90  		return api.NewBatchQueryResponse(convertToErrCode(err))
    91  	}
    92  
    93  	ctx = authCtx.GetRequestContext()
    94  	ctx = context.WithValue(ctx, utils.ContextAuthContextKey, authCtx)
    95  
    96  	resp := svr.targetServer.GetServiceAliases(ctx, query)
    97  	if len(resp.Aliases) != 0 {
    98  		// 对于服务别名，则是参考源服务是否有编辑权限
    99  		principal := model.Principal{
   100  			PrincipalID:   utils.ParseUserID(ctx),
   101  			PrincipalRole: model.PrincipalUser,
   102  		}
   103  		for index := range resp.Aliases {
   104  			alias := resp.Aliases[index]
   105  			svc := svr.Cache().Service().GetServiceByName(alias.Service.Value, alias.Namespace.Value)
   106  			if svc == nil {
   107  				continue
   108  			}
   109  			editable := true
   110  			// 如果鉴权能力没有开启，那就默认都可以进行编辑
   111  			if svr.strategyMgn.GetAuthChecker().IsOpenConsoleAuth() {
   112  				editable = svr.Cache().AuthStrategy().IsResourceEditable(principal,
   113  					apisecurity.ResourceType_Services, svc.ID)
   114  			}
   115  			alias.Editable = utils.NewBoolValue(editable)
   116  		}
   117  	}
   118  	return resp
   119  }