From 5373eb80a775bfb49b63afddca6ee80b934df14f Mon Sep 17 00:00:00 2001
From: aozhiwei <aozhiwei@kingsome.cn>
Date: Sun, 4 Aug 2024 09:41:23 +0800
Subject: [PATCH] 1

---
 bin/adminserver/config/permission.json | 85 ++++++++++++++------------
 bin/adminserver/config/users.json      |  2 +-
 server/adminserver/mt/Permission.go    | 42 +++++++++++--
 3 files changed, 83 insertions(+), 46 deletions(-)

diff --git a/bin/adminserver/config/permission.json b/bin/adminserver/config/permission.json
index 65924dcf..9bbebf1d 100644
--- a/bin/adminserver/config/permission.json
+++ b/bin/adminserver/config/permission.json
@@ -1,43 +1,48 @@
 {
-    "roles": {
-        "admin": {
-            "api": [
-                "*"
-            ],
-            "ui": [
-                "*"
-            ]
-        },
-        "operator": {
-            "api": [
-                "*"
-            ],
-            "ui": [
-                "*"
-            ]
-        },
-        "service": {
-            "api": [
-                "*"
-            ],
-            "ui": [
-                "*"
-            ]
-        },
-        "guest": {
-            "api": [],
-            "ui": []      
-        }
+  "api": [
+  ],
+  "ui": [
+    
+  ],
+  "roles": {
+    "admin": {
+      "api": [
+        "*"
+      ],
+      "ui": [
+        "*"
+      ]
     },
-    "accounts": {
-        "0x903c617e66902aa1b916DF79c7F1730fba40c2cA": {
-            "roles": [
-                "service"
-            ],
-            "special": {
-                "api": [],
-                "ui": ["addannouncement", "editannouncement", "addaudit", "editaudit"]
-            }
-        }
+    "operator": {
+      "api": [
+        "*"
+      ],
+      "ui": [
+        "*"
+      ]
+    },
+    "service": {
+      "api": [
+        "*"
+      ],
+      "ui": [
+        "*"
+      ]
+    },
+    "guest": {
+      "api": [],
+      "ui": []      
     }
-}
\ No newline at end of file
+  },
+  "accounts": {
+    "0x903c617e66902aa1b916DF79c7F1730fba40c2cA": {
+      "roles": [
+        "service"
+      ],
+      "special": {
+        "api": [],
+        "ui": ["addannouncement", "editannouncement", "addaudit", "editaudit"]
+      }
+    }
+  }
+}
diff --git a/bin/adminserver/config/users.json b/bin/adminserver/config/users.json
index 0c5a8040..73a0f9f6 100644
--- a/bin/adminserver/config/users.json
+++ b/bin/adminserver/config/users.json
@@ -6,7 +6,7 @@
       "service"
     ],
     "special": {
-      "api": [],
+      "api": ["xxx", "-xxx"],
       "ui": ["addannouncement", "editannouncement", "addaudit", "editaudit"]
     }
   }
diff --git a/server/adminserver/mt/Permission.go b/server/adminserver/mt/Permission.go
index facaef32..05e0e54f 100644
--- a/server/adminserver/mt/Permission.go
+++ b/server/adminserver/mt/Permission.go
@@ -14,13 +14,36 @@ type Permission struct {
 	ui  *q5.ConcurrentMap[string, bool]
 }
 
+type role struct {
+	api *q5.ConcurrentMap[string, bool]
+	ui  *q5.ConcurrentMap[string, bool]
+}
+
+type user struct {
+	accountAddress string
+	roleHash *q5.ConcurrentMap[string, *role]
+	api *q5.ConcurrentMap[string, bool]
+	ui  *q5.ConcurrentMap[string, bool]
+	specApi []string
+	specUi []string
+}
+
 type PermissionTable struct {
 	f5.CustomMetaTable
-	accountPermission *q5.ConcurrentMap[string, *Permission]
+	apiHash *q5.ConcurrentMap[string, bool]
+	uiHash  *q5.ConcurrentMap[string, bool]
+	roleHash *q5.ConcurrentMap[string, *role]
+	userHash *q5.ConcurrentMap[string, *Permission]
 }
 
 func (this *PermissionTable) Load() {
-	this.accountPermission = new(q5.ConcurrentMap[string, *Permission])
+	this.apiHash = new(q5.ConcurrentMap[string, bool])
+	this.uiHash = new(q5.ConcurrentMap[string, bool])
+	this.roleHash = new(q5.ConcurrentMap[string, *role])
+	this.userHash = new(q5.ConcurrentMap[string, *Permission])
+	this.loadPermission()
+	this.loadRole()
+	this.loadUser()
 	{
 		if jsonStr, err := f5.ReadJsonFile("../config/permission.json"); err == nil {
 			type cfgPermission struct {
@@ -77,7 +100,7 @@ func (this *PermissionTable) Load() {
 					accpermission.ui.Store(v, !ret)
 				}
 
-				this.accountPermission.Store(strings.ToLower(account), accpermission)
+				this.userHash.Store(strings.ToLower(account), accpermission)
 			}
 		} else {
 			panic(fmt.Sprintf("load metafile error %s %s", "permission.json", err))
@@ -90,7 +113,7 @@ func (this *PermissionTable) CheckAPIPermission(account string, cmd string) bool
 		return false
 	}
 
-	accper, exist := this.accountPermission.Load(account)
+	accper, exist := this.userHash.Load(account)
 	if !exist {
 		return false
 	}
@@ -109,7 +132,7 @@ func (this *PermissionTable) CheckAPIPermission(account string, cmd string) bool
 }
 
 func (this *PermissionTable) GetUIPermission(account string) string {
-	per, exist := this.accountPermission.Load(account)
+	per, exist := this.userHash.Load(account)
 	if !exist {
 		return "{}"
 	}
@@ -123,3 +146,12 @@ func (this *PermissionTable) GetUIPermission(account string) string {
 	v, _ := json.Marshal(kvlist)
 	return string(v)
 }
+
+func (this *PermissionTable) loadPermission() {
+}
+
+func (this *PermissionTable) loadRole() {
+}
+
+func (this *PermissionTable) loadUser() {
+}