mirror of
https://github.com/goharbor/harbor.git
synced 2025-02-23 07:11:36 +01:00
update code per review comments
1, rename table name to permission_policy 2, rename functions name Signed-off-by: Wang Yan <wangyan@vmware.com>
This commit is contained in:
Wang Yan
parent
ec15e320bf
commit
9723655378
@ -1,5 +1,4 @@
|
||||
ALTER TABLE schedule ADD COLUMN IF NOT EXISTS cron_type varchar(64);
|
||||
<<<<<<< HEAD
|
||||
|
||||
DO $$
|
||||
DECLARE
|
||||
@ -12,19 +11,19 @@ BEGIN
|
||||
UPDATE artifact SET size=art_size WHERE id = art.id;
|
||||
END LOOP;
|
||||
END $$;
|
||||
=======
|
||||
|
||||
ALTER TABLE robot ADD COLUMN IF NOT EXISTS secret varchar(2048);
|
||||
|
||||
CREATE TABLE IF NOT EXISTS role_permission (
|
||||
id SERIAL PRIMARY KEY NOT NULL,
|
||||
role_type varchar(255) NOT NULL,
|
||||
role_id int NOT NULL,
|
||||
rbac_policy_id int NOT NULL,
|
||||
permission_policy_id int NOT NULL,
|
||||
creation_time timestamp default CURRENT_TIMESTAMP,
|
||||
CONSTRAINT unique_role_permission UNIQUE (role_type, role_id, rbac_policy_id)
|
||||
CONSTRAINT unique_role_permission UNIQUE (role_type, role_id, permission_policy_id)
|
||||
);
|
||||
|
||||
CREATE TABLE IF NOT EXISTS rbac_policy (
|
||||
CREATE TABLE IF NOT EXISTS permission_policy (
|
||||
id SERIAL PRIMARY KEY NOT NULL,
|
||||
/*
|
||||
scope:
|
||||
@ -39,4 +38,3 @@ CREATE TABLE IF NOT EXISTS rbac_policy (
|
||||
creation_time timestamp default CURRENT_TIMESTAMP,
|
||||
CONSTRAINT unique_rbac_policy UNIQUE (scope, resource, action, effect)
|
||||
);
|
||||
>>>>>>> ae2bcebdd (add role permission manager for robot enhancement)
|
||||
|
||||
@ -2,7 +2,6 @@ package dao
|
||||
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"github.com/goharbor/harbor/src/lib/errors"
|
||||
"github.com/goharbor/harbor/src/lib/orm"
|
||||
"github.com/goharbor/harbor/src/lib/q"
|
||||
@ -16,20 +15,20 @@ type DAO interface {
|
||||
CreatePermission(ctx context.Context, rp *model.RolePermission) (int64, error)
|
||||
// DeletePermission ...
|
||||
DeletePermission(ctx context.Context, id int64) error
|
||||
// ListPermission ...
|
||||
ListPermission(ctx context.Context, query *q.Query) ([]*model.RolePermission, error)
|
||||
// DeletePermissionByRole ...
|
||||
DeletePermissionByRole(ctx context.Context, roleType string, roleID int64) error
|
||||
// ListPermissions ...
|
||||
ListPermissions(ctx context.Context, query *q.Query) ([]*model.RolePermission, error)
|
||||
// DeletePermissionsByRole ...
|
||||
DeletePermissionsByRole(ctx context.Context, roleType string, roleID int64) error
|
||||
|
||||
// CreateRbacPolicy ...
|
||||
CreateRbacPolicy(ctx context.Context, rp *model.RbacPolicy) (int64, error)
|
||||
CreateRbacPolicy(ctx context.Context, pp *model.PermissionPolicy) (int64, error)
|
||||
// DeleteRbacPolicy ...
|
||||
DeleteRbacPolicy(ctx context.Context, id int64) error
|
||||
// ListRbacPolicy list RbacPolicy according to the query.
|
||||
ListRbacPolicy(ctx context.Context, query *q.Query) ([]*model.RbacPolicy, error)
|
||||
// ListRbacPolicies list PermissionPolicy according to the query.
|
||||
ListRbacPolicies(ctx context.Context, query *q.Query) ([]*model.PermissionPolicy, error)
|
||||
|
||||
// GetPermissionsByRole ...
|
||||
GetPermissionsByRole(ctx context.Context, roleType string, roleID int64) ([]*model.RolePermissions, error)
|
||||
GetPermissionsByRole(ctx context.Context, roleType string, roleID int64) ([]*model.UniversalRolePermission, error)
|
||||
}
|
||||
|
||||
// New returns an instance of the default DAO
|
||||
@ -45,7 +44,7 @@ func (d *dao) CreatePermission(ctx context.Context, rp *model.RolePermission) (i
|
||||
return 0, err
|
||||
}
|
||||
rp.CreationTime = time.Now()
|
||||
return ormer.InsertOrUpdate(rp, "role_type, role_id, rbac_policy_id")
|
||||
return ormer.InsertOrUpdate(rp, "role_type, role_id, permission_policy_id")
|
||||
}
|
||||
|
||||
func (d *dao) DeletePermission(ctx context.Context, id int64) (err error) {
|
||||
@ -65,7 +64,7 @@ func (d *dao) DeletePermission(ctx context.Context, id int64) (err error) {
|
||||
return nil
|
||||
}
|
||||
|
||||
func (d *dao) ListPermission(ctx context.Context, query *q.Query) ([]*model.RolePermission, error) {
|
||||
func (d *dao) ListPermissions(ctx context.Context, query *q.Query) ([]*model.RolePermission, error) {
|
||||
rps := []*model.RolePermission{}
|
||||
qs, err := orm.QuerySetter(ctx, &model.RolePermission{}, query)
|
||||
if err != nil {
|
||||
@ -77,7 +76,7 @@ func (d *dao) ListPermission(ctx context.Context, query *q.Query) ([]*model.Role
|
||||
return rps, nil
|
||||
}
|
||||
|
||||
func (d *dao) DeletePermissionByRole(ctx context.Context, roleType string, roleID int64) error {
|
||||
func (d *dao) DeletePermissionsByRole(ctx context.Context, roleType string, roleID int64) error {
|
||||
qs, err := orm.QuerySetter(ctx, &model.RolePermission{}, &q.Query{
|
||||
Keywords: map[string]interface{}{
|
||||
"role_type": roleType,
|
||||
@ -97,13 +96,13 @@ func (d *dao) DeletePermissionByRole(ctx context.Context, roleType string, roleI
|
||||
return err
|
||||
}
|
||||
|
||||
func (d *dao) CreateRbacPolicy(ctx context.Context, rp *model.RbacPolicy) (id int64, err error) {
|
||||
func (d *dao) CreateRbacPolicy(ctx context.Context, pp *model.PermissionPolicy) (id int64, err error) {
|
||||
ormer, err := orm.FromContext(ctx)
|
||||
if err != nil {
|
||||
return 0, err
|
||||
}
|
||||
rp.CreationTime = time.Now()
|
||||
return ormer.InsertOrUpdate(rp, "scope, resource, action, effect")
|
||||
pp.CreationTime = time.Now()
|
||||
return ormer.InsertOrUpdate(pp, "scope, resource, action, effect")
|
||||
}
|
||||
|
||||
func (d *dao) DeleteRbacPolicy(ctx context.Context, id int64) (err error) {
|
||||
@ -111,7 +110,7 @@ func (d *dao) DeleteRbacPolicy(ctx context.Context, id int64) (err error) {
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
n, err := ormer.Delete(&model.RbacPolicy{
|
||||
n, err := ormer.Delete(&model.PermissionPolicy{
|
||||
ID: id,
|
||||
})
|
||||
if err != nil {
|
||||
@ -123,27 +122,25 @@ func (d *dao) DeleteRbacPolicy(ctx context.Context, id int64) (err error) {
|
||||
return nil
|
||||
}
|
||||
|
||||
func (d *dao) ListRbacPolicy(ctx context.Context, query *q.Query) ([]*model.RbacPolicy, error) {
|
||||
rps := []*model.RbacPolicy{}
|
||||
qs, err := orm.QuerySetter(ctx, &model.RbacPolicy{}, query)
|
||||
func (d *dao) ListRbacPolicies(ctx context.Context, query *q.Query) ([]*model.PermissionPolicy, error) {
|
||||
pps := []*model.PermissionPolicy{}
|
||||
qs, err := orm.QuerySetter(ctx, &model.PermissionPolicy{}, query)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if _, err = qs.All(&rps); err != nil {
|
||||
if _, err = qs.All(&pps); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return rps, nil
|
||||
return pps, nil
|
||||
}
|
||||
|
||||
func (d *dao) GetPermissionsByRole(ctx context.Context, roleType string, roleID int64) ([]*model.RolePermissions, error) {
|
||||
var rps []*model.RolePermissions
|
||||
func (d *dao) GetPermissionsByRole(ctx context.Context, roleType string, roleID int64) ([]*model.UniversalRolePermission, error) {
|
||||
var rps []*model.UniversalRolePermission
|
||||
ormer, err := orm.FromContext(ctx)
|
||||
if err != nil {
|
||||
return rps, err
|
||||
}
|
||||
sql := fmt.Sprintf(`SELECT rper.role_type, rper.role_id, rpo.scope, rpo.resource, rpo.action, rpo.effect FROM role_permission AS rper LEFT JOIN rbac_policy rpo ON (rper.rbac_policy_id=rpo.id) where rper.role_type='%s' and rper.role_id=%d`, roleType, roleID)
|
||||
|
||||
_, err = ormer.Raw(sql).QueryRows(&rps)
|
||||
_, err = ormer.Raw("SELECT rper.role_type, rper.role_id, ppo.scope, ppo.resource, ppo.action, ppo.effect FROM role_permission AS rper LEFT JOIN permission_policy ppo ON (rper.permission_policy_id=ppo.id) where rper.role_type=? and rper.role_id=?", roleType, roleID).QueryRows(&rps)
|
||||
if err != nil {
|
||||
return rps, err
|
||||
}
|
||||
|
||||
@ -32,49 +32,49 @@ func (suite *DaoTestSuite) SetupSuite() {
|
||||
suite.Suite.ClearTables = []string{"rbac_policy", "role_permission"}
|
||||
|
||||
suite.prepareRolePermission()
|
||||
suite.prepareRbacPolicy()
|
||||
suite.preparePermissionPolicy()
|
||||
}
|
||||
|
||||
func (suite *DaoTestSuite) prepareRolePermission() {
|
||||
rp := &model.RolePermission{
|
||||
RoleType: "robot",
|
||||
RoleID: 1,
|
||||
RBACPolicyID: 2,
|
||||
RoleType: "robot",
|
||||
RoleID: 1,
|
||||
PermissionPolicyID: 2,
|
||||
}
|
||||
id, err := suite.dao.CreatePermission(orm.Context(), rp)
|
||||
suite.permissionID1 = id
|
||||
suite.Nil(err)
|
||||
|
||||
rp2 := &model.RolePermission{
|
||||
RoleType: "robot",
|
||||
RoleID: 1,
|
||||
RBACPolicyID: 3,
|
||||
RoleType: "robot",
|
||||
RoleID: 1,
|
||||
PermissionPolicyID: 3,
|
||||
}
|
||||
id2, err := suite.dao.CreatePermission(orm.Context(), rp2)
|
||||
suite.permissionID2 = id2
|
||||
suite.Nil(err)
|
||||
|
||||
rp3 := &model.RolePermission{
|
||||
RoleType: "robot",
|
||||
RoleID: 1,
|
||||
RBACPolicyID: 4,
|
||||
RoleType: "robot",
|
||||
RoleID: 1,
|
||||
PermissionPolicyID: 4,
|
||||
}
|
||||
id3, err := suite.dao.CreatePermission(orm.Context(), rp3)
|
||||
suite.permissionID3 = id3
|
||||
suite.Nil(err)
|
||||
|
||||
rp4 := &model.RolePermission{
|
||||
RoleType: "serviceaccount",
|
||||
RoleID: 2,
|
||||
RBACPolicyID: 1,
|
||||
RoleType: "serviceaccount",
|
||||
RoleID: 2,
|
||||
PermissionPolicyID: 1,
|
||||
}
|
||||
id4, err := suite.dao.CreatePermission(orm.Context(), rp4)
|
||||
suite.permissionID4 = id4
|
||||
suite.Nil(err)
|
||||
}
|
||||
|
||||
func (suite *DaoTestSuite) prepareRbacPolicy() {
|
||||
rp := &model.RbacPolicy{
|
||||
func (suite *DaoTestSuite) preparePermissionPolicy() {
|
||||
rp := &model.PermissionPolicy{
|
||||
Scope: "/system",
|
||||
Resource: "label",
|
||||
Action: "create",
|
||||
@ -83,7 +83,7 @@ func (suite *DaoTestSuite) prepareRbacPolicy() {
|
||||
suite.rbacPolicyID1 = id
|
||||
suite.Nil(err)
|
||||
|
||||
rp2 := &model.RbacPolicy{
|
||||
rp2 := &model.PermissionPolicy{
|
||||
Scope: "/project/1",
|
||||
Resource: "repository",
|
||||
Action: "push",
|
||||
@ -92,7 +92,7 @@ func (suite *DaoTestSuite) prepareRbacPolicy() {
|
||||
suite.rbacPolicyID2 = id2
|
||||
suite.Nil(err)
|
||||
|
||||
rp3 := &model.RbacPolicy{
|
||||
rp3 := &model.PermissionPolicy{
|
||||
Scope: "/project/1",
|
||||
Resource: "repository",
|
||||
Action: "pull",
|
||||
@ -101,7 +101,7 @@ func (suite *DaoTestSuite) prepareRbacPolicy() {
|
||||
suite.rbacPolicyID3 = id3
|
||||
suite.Nil(err)
|
||||
|
||||
rp4 := &model.RbacPolicy{
|
||||
rp4 := &model.PermissionPolicy{
|
||||
Scope: "/project/2",
|
||||
Resource: "helm-chart",
|
||||
Action: "create",
|
||||
@ -113,9 +113,9 @@ func (suite *DaoTestSuite) prepareRbacPolicy() {
|
||||
|
||||
func (suite *DaoTestSuite) TestCreatePermission() {
|
||||
rp := &model.RolePermission{
|
||||
RoleType: "robot",
|
||||
RoleID: 1,
|
||||
RBACPolicyID: 2,
|
||||
RoleType: "robot",
|
||||
RoleID: 1,
|
||||
PermissionPolicyID: 2,
|
||||
}
|
||||
_, err := suite.dao.CreatePermission(orm.Context(), rp)
|
||||
suite.Nil(err)
|
||||
@ -130,23 +130,23 @@ func (suite *DaoTestSuite) TestDeletePermission() {
|
||||
suite.Nil(err)
|
||||
}
|
||||
|
||||
func (suite *DaoTestSuite) TestListPermission() {
|
||||
rps, err := suite.dao.ListPermission(orm.Context(), &q.Query{
|
||||
func (suite *DaoTestSuite) TestListPermissions() {
|
||||
rps, err := suite.dao.ListPermissions(orm.Context(), &q.Query{
|
||||
Keywords: map[string]interface{}{
|
||||
"role_type": "robot",
|
||||
"role_id": 1,
|
||||
"rbac_policy_id": 4,
|
||||
"role_type": "robot",
|
||||
"role_id": 1,
|
||||
"permission_policy_id": 4,
|
||||
},
|
||||
})
|
||||
suite.Require().Nil(err)
|
||||
suite.Equal(int64(4), rps[0].RBACPolicyID)
|
||||
suite.Equal(int64(4), rps[0].PermissionPolicyID)
|
||||
}
|
||||
|
||||
func (suite *DaoTestSuite) TestDeletePermissionByRole() {
|
||||
err := suite.dao.DeletePermissionByRole(orm.Context(), "serviceaccount", 2)
|
||||
func (suite *DaoTestSuite) TestDeletePermissionsByRole() {
|
||||
err := suite.dao.DeletePermissionsByRole(orm.Context(), "serviceaccount", 2)
|
||||
suite.Require().Nil(err)
|
||||
|
||||
rps, err := suite.dao.ListPermission(orm.Context(), &q.Query{
|
||||
rps, err := suite.dao.ListPermissions(orm.Context(), &q.Query{
|
||||
Keywords: map[string]interface{}{
|
||||
"role_type": "serviceaccount",
|
||||
"role_id": 2,
|
||||
@ -158,7 +158,7 @@ func (suite *DaoTestSuite) TestDeletePermissionByRole() {
|
||||
}
|
||||
|
||||
func (suite *DaoTestSuite) TestCreateRbacPolicy() {
|
||||
rp := &model.RbacPolicy{
|
||||
rp := &model.PermissionPolicy{
|
||||
Scope: "/system",
|
||||
Resource: "label",
|
||||
Action: "create",
|
||||
@ -176,8 +176,8 @@ func (suite *DaoTestSuite) TestDeleteRbacPolicy() {
|
||||
suite.Nil(err)
|
||||
}
|
||||
|
||||
func (suite *DaoTestSuite) TestListRbacPolicy() {
|
||||
rps, err := suite.dao.ListRbacPolicy(orm.Context(), &q.Query{
|
||||
func (suite *DaoTestSuite) TestListRbacPolicies() {
|
||||
rps, err := suite.dao.ListRbacPolicies(orm.Context(), &q.Query{
|
||||
Keywords: map[string]interface{}{
|
||||
"scope": "/project/1",
|
||||
"resource": "repository",
|
||||
@ -189,7 +189,7 @@ func (suite *DaoTestSuite) TestListRbacPolicy() {
|
||||
}
|
||||
|
||||
func (suite *DaoTestSuite) TestGetPermissionsByRole() {
|
||||
rp := &model.RbacPolicy{
|
||||
rp := &model.PermissionPolicy{
|
||||
Scope: "/system",
|
||||
Resource: "label",
|
||||
Action: "delete",
|
||||
@ -198,9 +198,9 @@ func (suite *DaoTestSuite) TestGetPermissionsByRole() {
|
||||
suite.Nil(err)
|
||||
|
||||
rpe := &model.RolePermission{
|
||||
RoleType: "TestGetPermissionsByRole",
|
||||
RoleID: 1,
|
||||
RBACPolicyID: id,
|
||||
RoleType: "TestGetPermissionsByRole",
|
||||
RoleID: 1,
|
||||
PermissionPolicyID: id,
|
||||
}
|
||||
_, err = suite.dao.CreatePermission(orm.Context(), rpe)
|
||||
suite.Nil(err)
|
||||
|
||||
@ -18,19 +18,19 @@ type Manager interface {
|
||||
CreatePermission(ctx context.Context, rp *model.RolePermission) (int64, error)
|
||||
// DeletePermission ...
|
||||
DeletePermission(ctx context.Context, id int64) error
|
||||
// ListPermission list role permissions according to the query.
|
||||
ListPermission(ctx context.Context, query *q.Query) ([]*model.RolePermission, error)
|
||||
// DeletePermissionByRole get permissions by role type and id
|
||||
DeletePermissionByRole(ctx context.Context, roleType string, roleID int64) error
|
||||
// ListPermissions list role permissions according to the query.
|
||||
ListPermissions(ctx context.Context, query *q.Query) ([]*model.RolePermission, error)
|
||||
// DeletePermissionsByRole get permissions by role type and id
|
||||
DeletePermissionsByRole(ctx context.Context, roleType string, roleID int64) error
|
||||
|
||||
// CreateRbacPolicy ...
|
||||
CreateRbacPolicy(ctx context.Context, rp *model.RbacPolicy) (int64, error)
|
||||
CreateRbacPolicy(ctx context.Context, pp *model.PermissionPolicy) (int64, error)
|
||||
// DeleteRbacPolicy ...
|
||||
DeleteRbacPolicy(ctx context.Context, id int64) error
|
||||
// ListRbacPolicy list RbacPolicy according to the query.
|
||||
ListRbacPolicy(ctx context.Context, query *q.Query) ([]*model.RbacPolicy, error)
|
||||
// ListRbacPolicies list PermissionPolicy according to the query.
|
||||
ListRbacPolicies(ctx context.Context, query *q.Query) ([]*model.PermissionPolicy, error)
|
||||
// GetPermissionsByRole ...
|
||||
GetPermissionsByRole(ctx context.Context, roleType string, roleID int64) ([]*model.RolePermissions, error)
|
||||
GetPermissionsByRole(ctx context.Context, roleType string, roleID int64) ([]*model.UniversalRolePermission, error)
|
||||
}
|
||||
|
||||
// NewManager returns an instance of the default manager
|
||||
@ -54,26 +54,26 @@ func (m *manager) DeletePermission(ctx context.Context, id int64) error {
|
||||
return m.dao.DeletePermission(ctx, id)
|
||||
}
|
||||
|
||||
func (m *manager) ListPermission(ctx context.Context, query *q.Query) ([]*model.RolePermission, error) {
|
||||
return m.dao.ListPermission(ctx, query)
|
||||
func (m *manager) ListPermissions(ctx context.Context, query *q.Query) ([]*model.RolePermission, error) {
|
||||
return m.dao.ListPermissions(ctx, query)
|
||||
}
|
||||
|
||||
func (m *manager) DeletePermissionByRole(ctx context.Context, roleType string, roleID int64) error {
|
||||
return m.dao.DeletePermissionByRole(ctx, roleType, roleID)
|
||||
func (m *manager) DeletePermissionsByRole(ctx context.Context, roleType string, roleID int64) error {
|
||||
return m.dao.DeletePermissionsByRole(ctx, roleType, roleID)
|
||||
}
|
||||
|
||||
func (m *manager) CreateRbacPolicy(ctx context.Context, rp *model.RbacPolicy) (int64, error) {
|
||||
return m.dao.CreateRbacPolicy(ctx, rp)
|
||||
func (m *manager) CreateRbacPolicy(ctx context.Context, pp *model.PermissionPolicy) (int64, error) {
|
||||
return m.dao.CreateRbacPolicy(ctx, pp)
|
||||
}
|
||||
|
||||
func (m *manager) DeleteRbacPolicy(ctx context.Context, id int64) error {
|
||||
return m.dao.DeleteRbacPolicy(ctx, id)
|
||||
}
|
||||
|
||||
func (m *manager) ListRbacPolicy(ctx context.Context, query *q.Query) ([]*model.RbacPolicy, error) {
|
||||
return m.dao.ListRbacPolicy(ctx, query)
|
||||
func (m *manager) ListRbacPolicies(ctx context.Context, query *q.Query) ([]*model.PermissionPolicy, error) {
|
||||
return m.dao.ListRbacPolicies(ctx, query)
|
||||
}
|
||||
|
||||
func (m *manager) GetPermissionsByRole(ctx context.Context, roleType string, roleID int64) ([]*model.RolePermissions, error) {
|
||||
func (m *manager) GetPermissionsByRole(ctx context.Context, roleType string, roleID int64) ([]*model.UniversalRolePermission, error) {
|
||||
return m.dao.GetPermissionsByRole(ctx, roleType, roleID)
|
||||
}
|
||||
|
||||
@ -36,31 +36,31 @@ func (m *managerTestSuite) TestDeletePermission() {
|
||||
m.dao.AssertExpectations(m.T())
|
||||
}
|
||||
|
||||
func (m *managerTestSuite) TestListPermission() {
|
||||
m.dao.On("ListPermission", mock.Anything, mock.Anything).Return([]*model.RolePermission{
|
||||
func (m *managerTestSuite) TestListPermissions() {
|
||||
m.dao.On("ListPermissions", mock.Anything, mock.Anything).Return([]*model.RolePermission{
|
||||
{
|
||||
ID: 1,
|
||||
RoleType: "robot",
|
||||
RoleID: 2,
|
||||
RBACPolicyID: 3,
|
||||
ID: 1,
|
||||
RoleType: "robot",
|
||||
RoleID: 2,
|
||||
PermissionPolicyID: 3,
|
||||
},
|
||||
}, nil)
|
||||
rpers, err := m.mgr.ListPermission(context.Background(), nil)
|
||||
rpers, err := m.mgr.ListPermissions(context.Background(), nil)
|
||||
m.Require().Nil(err)
|
||||
m.Equal(1, len(rpers))
|
||||
m.dao.AssertExpectations(m.T())
|
||||
}
|
||||
|
||||
func (m *managerTestSuite) TestDeletePermissionByRole() {
|
||||
m.dao.On("DeletePermissionByRole", mock.Anything, mock.Anything, mock.Anything).Return(nil)
|
||||
err := m.mgr.DeletePermissionByRole(context.Background(), "robot", 1)
|
||||
func (m *managerTestSuite) TestDeletePermissionsByRole() {
|
||||
m.dao.On("DeletePermissionsByRole", mock.Anything, mock.Anything, mock.Anything).Return(nil)
|
||||
err := m.mgr.DeletePermissionsByRole(context.Background(), "robot", 1)
|
||||
m.Require().Nil(err)
|
||||
m.dao.AssertExpectations(m.T())
|
||||
}
|
||||
|
||||
func (m *managerTestSuite) TestCreateRbacPolicy() {
|
||||
m.dao.On("CreateRbacPolicy", mock.Anything, mock.Anything).Return(int64(1), nil)
|
||||
_, err := m.mgr.CreateRbacPolicy(context.Background(), &model.RbacPolicy{})
|
||||
_, err := m.mgr.CreateRbacPolicy(context.Background(), &model.PermissionPolicy{})
|
||||
m.Require().Nil(err)
|
||||
m.dao.AssertExpectations(m.T())
|
||||
}
|
||||
@ -72,8 +72,8 @@ func (m *managerTestSuite) TestDeleteRbacPolicy() {
|
||||
m.dao.AssertExpectations(m.T())
|
||||
}
|
||||
|
||||
func (m *managerTestSuite) TestListRbacPolicy() {
|
||||
m.dao.On("ListRbacPolicy", mock.Anything, mock.Anything).Return([]*model.RbacPolicy{
|
||||
func (m *managerTestSuite) TestListRbacPolicies() {
|
||||
m.dao.On("ListRbacPolicies", mock.Anything, mock.Anything).Return([]*model.PermissionPolicy{
|
||||
{
|
||||
ID: 1,
|
||||
Scope: "/system",
|
||||
@ -81,14 +81,14 @@ func (m *managerTestSuite) TestListRbacPolicy() {
|
||||
Action: "create",
|
||||
},
|
||||
}, nil)
|
||||
rpers, err := m.mgr.ListRbacPolicy(context.Background(), nil)
|
||||
rpers, err := m.mgr.ListRbacPolicies(context.Background(), nil)
|
||||
m.Require().Nil(err)
|
||||
m.Equal(1, len(rpers))
|
||||
m.dao.AssertExpectations(m.T())
|
||||
}
|
||||
|
||||
func (m *managerTestSuite) TestGetPermissionsByRole() {
|
||||
m.dao.On("GetPermissionsByRole", mock.Anything, mock.Anything, mock.Anything).Return([]*model.RolePermissions{
|
||||
m.dao.On("GetPermissionsByRole", mock.Anything, mock.Anything, mock.Anything).Return([]*model.UniversalRolePermission{
|
||||
{
|
||||
RoleType: "robot",
|
||||
RoleID: 1,
|
||||
|
||||
@ -7,16 +7,16 @@ import (
|
||||
|
||||
func init() {
|
||||
orm.RegisterModel(&RolePermission{})
|
||||
orm.RegisterModel(&RbacPolicy{})
|
||||
orm.RegisterModel(&PermissionPolicy{})
|
||||
}
|
||||
|
||||
// RolePermission records the relations of role and permission
|
||||
type RolePermission struct {
|
||||
ID int64 `orm:"pk;auto;column(id)"`
|
||||
RoleType string `orm:"column(role_type)"`
|
||||
RoleID int64 `orm:"column(role_id)"`
|
||||
RBACPolicyID int64 `orm:"column(rbac_policy_id)"`
|
||||
CreationTime time.Time `orm:"column(creation_time);auto_now_add" json:"creation_time"`
|
||||
ID int64 `orm:"pk;auto;column(id)"`
|
||||
RoleType string `orm:"column(role_type)"`
|
||||
RoleID int64 `orm:"column(role_id)"`
|
||||
PermissionPolicyID int64 `orm:"column(permission_policy_id)"`
|
||||
CreationTime time.Time `orm:"column(creation_time);auto_now_add" json:"creation_time"`
|
||||
}
|
||||
|
||||
// TableName for role permission
|
||||
@ -24,8 +24,8 @@ func (rp *RolePermission) TableName() string {
|
||||
return "role_permission"
|
||||
}
|
||||
|
||||
// RbacPolicy records the policy of rbac
|
||||
type RbacPolicy struct {
|
||||
// PermissionPolicy records the policy of rbac
|
||||
type PermissionPolicy struct {
|
||||
ID int64 `orm:"pk;auto;column(id)"`
|
||||
Scope string `orm:"column(scope)"`
|
||||
Resource string `orm:"column(resource)"`
|
||||
@ -34,13 +34,13 @@ type RbacPolicy struct {
|
||||
CreationTime time.Time `orm:"column(creation_time);auto_now_add" json:"creation_time"`
|
||||
}
|
||||
|
||||
// TableName for rbac policy
|
||||
func (rbacPolicy *RbacPolicy) TableName() string {
|
||||
return "rbac_policy"
|
||||
// TableName for permission policy
|
||||
func (permissionPolicy *PermissionPolicy) TableName() string {
|
||||
return "permission_policy"
|
||||
}
|
||||
|
||||
// RolePermissions ...
|
||||
type RolePermissions struct {
|
||||
// UniversalRolePermission ...
|
||||
type UniversalRolePermission struct {
|
||||
RoleType string `orm:"column(role_type)"`
|
||||
RoleID int64 `orm:"column(role_id)"`
|
||||
Scope string `orm:"column(scope)"`
|
||||
|
||||
@ -38,20 +38,20 @@ func (_m *DAO) CreatePermission(ctx context.Context, rp *model.RolePermission) (
|
||||
return r0, r1
|
||||
}
|
||||
|
||||
// CreateRbacPolicy provides a mock function with given fields: ctx, rp
|
||||
func (_m *DAO) CreateRbacPolicy(ctx context.Context, rp *model.RbacPolicy) (int64, error) {
|
||||
ret := _m.Called(ctx, rp)
|
||||
// CreateRbacPolicy provides a mock function with given fields: ctx, pp
|
||||
func (_m *DAO) CreateRbacPolicy(ctx context.Context, pp *model.PermissionPolicy) (int64, error) {
|
||||
ret := _m.Called(ctx, pp)
|
||||
|
||||
var r0 int64
|
||||
if rf, ok := ret.Get(0).(func(context.Context, *model.RbacPolicy) int64); ok {
|
||||
r0 = rf(ctx, rp)
|
||||
if rf, ok := ret.Get(0).(func(context.Context, *model.PermissionPolicy) int64); ok {
|
||||
r0 = rf(ctx, pp)
|
||||
} else {
|
||||
r0 = ret.Get(0).(int64)
|
||||
}
|
||||
|
||||
var r1 error
|
||||
if rf, ok := ret.Get(1).(func(context.Context, *model.RbacPolicy) error); ok {
|
||||
r1 = rf(ctx, rp)
|
||||
if rf, ok := ret.Get(1).(func(context.Context, *model.PermissionPolicy) error); ok {
|
||||
r1 = rf(ctx, pp)
|
||||
} else {
|
||||
r1 = ret.Error(1)
|
||||
}
|
||||
@ -73,8 +73,8 @@ func (_m *DAO) DeletePermission(ctx context.Context, id int64) error {
|
||||
return r0
|
||||
}
|
||||
|
||||
// DeletePermissionByRole provides a mock function with given fields: ctx, roleType, roleID
|
||||
func (_m *DAO) DeletePermissionByRole(ctx context.Context, roleType string, roleID int64) error {
|
||||
// DeletePermissionsByRole provides a mock function with given fields: ctx, roleType, roleID
|
||||
func (_m *DAO) DeletePermissionsByRole(ctx context.Context, roleType string, roleID int64) error {
|
||||
ret := _m.Called(ctx, roleType, roleID)
|
||||
|
||||
var r0 error
|
||||
@ -102,15 +102,15 @@ func (_m *DAO) DeleteRbacPolicy(ctx context.Context, id int64) error {
|
||||
}
|
||||
|
||||
// GetPermissionsByRole provides a mock function with given fields: ctx, roleType, roleID
|
||||
func (_m *DAO) GetPermissionsByRole(ctx context.Context, roleType string, roleID int64) ([]*model.RolePermissions, error) {
|
||||
func (_m *DAO) GetPermissionsByRole(ctx context.Context, roleType string, roleID int64) ([]*model.UniversalRolePermission, error) {
|
||||
ret := _m.Called(ctx, roleType, roleID)
|
||||
|
||||
var r0 []*model.RolePermissions
|
||||
if rf, ok := ret.Get(0).(func(context.Context, string, int64) []*model.RolePermissions); ok {
|
||||
var r0 []*model.UniversalRolePermission
|
||||
if rf, ok := ret.Get(0).(func(context.Context, string, int64) []*model.UniversalRolePermission); ok {
|
||||
r0 = rf(ctx, roleType, roleID)
|
||||
} else {
|
||||
if ret.Get(0) != nil {
|
||||
r0 = ret.Get(0).([]*model.RolePermissions)
|
||||
r0 = ret.Get(0).([]*model.UniversalRolePermission)
|
||||
}
|
||||
}
|
||||
|
||||
@ -124,8 +124,8 @@ func (_m *DAO) GetPermissionsByRole(ctx context.Context, roleType string, roleID
|
||||
return r0, r1
|
||||
}
|
||||
|
||||
// ListPermission provides a mock function with given fields: ctx, query
|
||||
func (_m *DAO) ListPermission(ctx context.Context, query *q.Query) ([]*model.RolePermission, error) {
|
||||
// ListPermissions provides a mock function with given fields: ctx, query
|
||||
func (_m *DAO) ListPermissions(ctx context.Context, query *q.Query) ([]*model.RolePermission, error) {
|
||||
ret := _m.Called(ctx, query)
|
||||
|
||||
var r0 []*model.RolePermission
|
||||
@ -147,16 +147,16 @@ func (_m *DAO) ListPermission(ctx context.Context, query *q.Query) ([]*model.Rol
|
||||
return r0, r1
|
||||
}
|
||||
|
||||
// ListRbacPolicy provides a mock function with given fields: ctx, query
|
||||
func (_m *DAO) ListRbacPolicy(ctx context.Context, query *q.Query) ([]*model.RbacPolicy, error) {
|
||||
// ListRbacPolicies provides a mock function with given fields: ctx, query
|
||||
func (_m *DAO) ListRbacPolicies(ctx context.Context, query *q.Query) ([]*model.PermissionPolicy, error) {
|
||||
ret := _m.Called(ctx, query)
|
||||
|
||||
var r0 []*model.RbacPolicy
|
||||
if rf, ok := ret.Get(0).(func(context.Context, *q.Query) []*model.RbacPolicy); ok {
|
||||
var r0 []*model.PermissionPolicy
|
||||
if rf, ok := ret.Get(0).(func(context.Context, *q.Query) []*model.PermissionPolicy); ok {
|
||||
r0 = rf(ctx, query)
|
||||
} else {
|
||||
if ret.Get(0) != nil {
|
||||
r0 = ret.Get(0).([]*model.RbacPolicy)
|
||||
r0 = ret.Get(0).([]*model.PermissionPolicy)
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -37,20 +37,20 @@ func (_m *Manager) CreatePermission(ctx context.Context, rp *model.RolePermissio
|
||||
return r0, r1
|
||||
}
|
||||
|
||||
// CreateRbacPolicy provides a mock function with given fields: ctx, rp
|
||||
func (_m *Manager) CreateRbacPolicy(ctx context.Context, rp *model.RbacPolicy) (int64, error) {
|
||||
ret := _m.Called(ctx, rp)
|
||||
// CreateRbacPolicy provides a mock function with given fields: ctx, pp
|
||||
func (_m *Manager) CreateRbacPolicy(ctx context.Context, pp *model.PermissionPolicy) (int64, error) {
|
||||
ret := _m.Called(ctx, pp)
|
||||
|
||||
var r0 int64
|
||||
if rf, ok := ret.Get(0).(func(context.Context, *model.RbacPolicy) int64); ok {
|
||||
r0 = rf(ctx, rp)
|
||||
if rf, ok := ret.Get(0).(func(context.Context, *model.PermissionPolicy) int64); ok {
|
||||
r0 = rf(ctx, pp)
|
||||
} else {
|
||||
r0 = ret.Get(0).(int64)
|
||||
}
|
||||
|
||||
var r1 error
|
||||
if rf, ok := ret.Get(1).(func(context.Context, *model.RbacPolicy) error); ok {
|
||||
r1 = rf(ctx, rp)
|
||||
if rf, ok := ret.Get(1).(func(context.Context, *model.PermissionPolicy) error); ok {
|
||||
r1 = rf(ctx, pp)
|
||||
} else {
|
||||
r1 = ret.Error(1)
|
||||
}
|
||||
@ -72,8 +72,8 @@ func (_m *Manager) DeletePermission(ctx context.Context, id int64) error {
|
||||
return r0
|
||||
}
|
||||
|
||||
// DeletePermissionByRole provides a mock function with given fields: ctx, roleType, roleID
|
||||
func (_m *Manager) DeletePermissionByRole(ctx context.Context, roleType string, roleID int64) error {
|
||||
// DeletePermissionsByRole provides a mock function with given fields: ctx, roleType, roleID
|
||||
func (_m *Manager) DeletePermissionsByRole(ctx context.Context, roleType string, roleID int64) error {
|
||||
ret := _m.Called(ctx, roleType, roleID)
|
||||
|
||||
var r0 error
|
||||
@ -101,15 +101,15 @@ func (_m *Manager) DeleteRbacPolicy(ctx context.Context, id int64) error {
|
||||
}
|
||||
|
||||
// GetPermissionsByRole provides a mock function with given fields: ctx, roleType, roleID
|
||||
func (_m *Manager) GetPermissionsByRole(ctx context.Context, roleType string, roleID int64) ([]*model.RolePermissions, error) {
|
||||
func (_m *Manager) GetPermissionsByRole(ctx context.Context, roleType string, roleID int64) ([]*model.UniversalRolePermission, error) {
|
||||
ret := _m.Called(ctx, roleType, roleID)
|
||||
|
||||
var r0 []*model.RolePermissions
|
||||
if rf, ok := ret.Get(0).(func(context.Context, string, int64) []*model.RolePermissions); ok {
|
||||
var r0 []*model.UniversalRolePermission
|
||||
if rf, ok := ret.Get(0).(func(context.Context, string, int64) []*model.UniversalRolePermission); ok {
|
||||
r0 = rf(ctx, roleType, roleID)
|
||||
} else {
|
||||
if ret.Get(0) != nil {
|
||||
r0 = ret.Get(0).([]*model.RolePermissions)
|
||||
r0 = ret.Get(0).([]*model.UniversalRolePermission)
|
||||
}
|
||||
}
|
||||
|
||||
@ -123,8 +123,8 @@ func (_m *Manager) GetPermissionsByRole(ctx context.Context, roleType string, ro
|
||||
return r0, r1
|
||||
}
|
||||
|
||||
// ListPermission provides a mock function with given fields: ctx, query
|
||||
func (_m *Manager) ListPermission(ctx context.Context, query *q.Query) ([]*model.RolePermission, error) {
|
||||
// ListPermissions provides a mock function with given fields: ctx, query
|
||||
func (_m *Manager) ListPermissions(ctx context.Context, query *q.Query) ([]*model.RolePermission, error) {
|
||||
ret := _m.Called(ctx, query)
|
||||
|
||||
var r0 []*model.RolePermission
|
||||
@ -146,16 +146,16 @@ func (_m *Manager) ListPermission(ctx context.Context, query *q.Query) ([]*model
|
||||
return r0, r1
|
||||
}
|
||||
|
||||
// ListRbacPolicy provides a mock function with given fields: ctx, query
|
||||
func (_m *Manager) ListRbacPolicy(ctx context.Context, query *q.Query) ([]*model.RbacPolicy, error) {
|
||||
// ListRbacPolicies provides a mock function with given fields: ctx, query
|
||||
func (_m *Manager) ListRbacPolicies(ctx context.Context, query *q.Query) ([]*model.PermissionPolicy, error) {
|
||||
ret := _m.Called(ctx, query)
|
||||
|
||||
var r0 []*model.RbacPolicy
|
||||
if rf, ok := ret.Get(0).(func(context.Context, *q.Query) []*model.RbacPolicy); ok {
|
||||
var r0 []*model.PermissionPolicy
|
||||
if rf, ok := ret.Get(0).(func(context.Context, *q.Query) []*model.PermissionPolicy); ok {
|
||||
r0 = rf(ctx, query)
|
||||
} else {
|
||||
if ret.Get(0) != nil {
|
||||
r0 = ret.Get(0).([]*model.RbacPolicy)
|
||||
r0 = ret.Get(0).([]*model.PermissionPolicy)
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user