1

2024-08-04 10:47:50 +08:00 · 2024-08-04 10:47:50 +08:00 · fb8113d989
commit fb8113d989
parent be7c1c1278
1 changed files with 97 additions and 72 deletions
--- a/server/adminserver/mt/Permission.go
+++ b/server/adminserver/mt/Permission.go
@ -33,79 +33,17 @@ type PermissionTable struct {
 	apiHash *q5.ConcurrentMap[string, bool]
 	uiHash  *q5.ConcurrentMap[string, bool]
 	roleHash *q5.ConcurrentMap[string, *role]
-	userHash *q5.ConcurrentMap[string, *Permission]
+	userHash *q5.ConcurrentMap[string, *user]
 }

 func (this *PermissionTable) Load() {
 	this.apiHash = new(q5.ConcurrentMap[string, bool])
 	this.uiHash = new(q5.ConcurrentMap[string, bool])
 	this.roleHash = new(q5.ConcurrentMap[string, *role])
-	this.userHash = new(q5.ConcurrentMap[string, *Permission])
+	this.userHash = new(q5.ConcurrentMap[string, *user])
 	this.loadPermission()
 	this.loadRole()
 	this.loadUser()
-	{
-		if jsonStr, err := f5.ReadJsonFile("../config/permission.json"); err == nil {
-			type cfgPermission struct {
-				API []string `json:"api"`
-				UI  []string `json:"ui"`
-			}
-			type AccountConfig struct {
-				Roles   []string      `json:"roles"`
-				Special cfgPermission `json:"special"`
-			}
-			permissioncfg := struct {
-				Roles    map[string]cfgPermission `json:"roles"`
-				Accounts map[string]AccountConfig `json:"accounts"`
-			}{}
-
-			if err := json.Unmarshal([]byte(jsonStr), &permissioncfg); err != nil {
-				panic(fmt.Sprintf("load metafile json decode error %s %s", "permission.json", err))
-			}
-
-			for account, cfg := range permissioncfg.Accounts {
-				accpermission := new(Permission)
-				accpermission.api = new(q5.ConcurrentMap[string, bool])
-				accpermission.ui = new(q5.ConcurrentMap[string, bool])
-				//load permission of the account's roles
-				for _, role := range cfg.Roles {
-					rp, exist := permissioncfg.Roles[role]
-					if !exist {
-						continue
-					}
-
-					for _, v := range rp.API {
-						accpermission.api.Store(v, true)
-					}
-
-					for _, v := range rp.UI {
-						accpermission.ui.Store(v, true)
-					}
-				}
-
-				//load special permission
-				for _, v := range cfg.Special.API {
-					ret := strings.HasPrefix(v, "-")
-					if ret {
-						v = v[1:]
-					}
-					accpermission.api.Store(v, !ret)
-				}
-
-				for _, v := range cfg.Special.UI {
-					ret := strings.HasPrefix(v, "-")
-					if ret {
-						v = v[1:]
-					}
-					accpermission.ui.Store(v, !ret)
-				}
-
-				this.userHash.Store(strings.ToLower(account), accpermission)
-			}
-		} else {
-			panic(fmt.Sprintf("load metafile error %s %s", "permission.json", err))
-		}
-	}
 }

 func (this *PermissionTable) CheckAPIPermission(account string, cmd string) bool {
@ -161,18 +99,105 @@ func (this *PermissionTable) loadRole() {
 			panic(fmt.Sprintf("load metafile error %s %s", "roles.json", err))
 		}
 	}
-	for _, role := range roles {
-		if jsonStr, err := f5.ReadJsonFile("../config/role/" + role + ".json"); err == nil {
-			rolePermission := struct{
-				Api []string `json:"api"`
-				Ui []string `json:"ui"`
-			}{}
-			if err := q5.DecodeJson(jsonStr, &rolePermission); err != nil {
-				panic(fmt.Sprintf("parse role metafile error %s %s", role + ".json", err))
+	{
+		for _, name := range roles {
+			if jsonStr, err := f5.ReadJsonFile("../config/role/" + name + ".json"); err == nil {
+				rolePermission := struct{
+					Api []string `json:"api"`
+					Ui []string `json:"ui"`
+				}{}
+				if err := q5.DecodeJson(jsonStr, &rolePermission); err != nil {
+					panic(fmt.Sprintf("parse role metafile error %s %s", name + ".json", err))
+				}
+				p := this.newRole()
+				for _, pName := range rolePermission.Api {
+					p.api.Store(pName, true)
+				}
+				for _, pName := range rolePermission.Ui {
+					p.api.Store(pName, true)
+				}
+				this.roleHash.Store(name, p)
 			}
 		}
 	}
 }

 func (this *PermissionTable) loadUser() {
+	users := []struct {
+		AccountAddress string `json:"account_address"`
+		Roles []string `json:"roles"`
+		Special struct {
+			Api []string `json:"api"`
+			Ui []string `json:"ui"`
+		} `json:"special"`
+	}{}
+	{
+		if jsonStr, err := f5.ReadJsonFile("../config/users.json"); err == nil {
+			if err := q5.DecodeJson(jsonStr, &users); err != nil {
+				panic(fmt.Sprintf("parse metafile error %s %s", "usersa.json", err))
+			}
+		} else {
+			panic(fmt.Sprintf("load metafile error %s %s", "users.json", err))
+		}
+	}
+	{
+		for _, u := range users {
+			p := this.newUser()
+			p.accountAddress = strings.ToLower(u.AccountAddress)
+			for _, r := range u.Roles {
+				if pr, ok := this.roleHash.Load(r); ok {
+					p.roleHash.Store(r, *pr)
+				} else {
+					panic(fmt.Sprintf("load metafile error %s role:%s not exists", "users.json", r))
+				}
+			}
+			for _, pName := range u.Special.Api {
+				q5.AppendSlice(&p.specApi, pName)
+			}
+			for _, pName := range u.Special.Ui {
+				q5.AppendSlice(&p.specApi, pName)
+			}
+			this.genUserPermission(p)
+			this.userHash.Store(p.accountAddress, p)
+		}
+	}
+}
+
+func (this *PermissionTable) newRole() *role {
+	p := new(role)
+	p.api = new(q5.ConcurrentMap[string, bool])
+	p.ui = new(q5.ConcurrentMap[string, bool])
+	return p
+}
+
+func (this *PermissionTable) newUser() *user {
+	p := new(user)
+	p.roleHash = new(q5.ConcurrentMap[string, *role])
+	p.api = new(q5.ConcurrentMap[string, bool])
+	p.ui = new(q5.ConcurrentMap[string, bool])
+	p.specApi = []string{}
+	p.specUi = []string{}
+	this.apiHash.Range(func (key string, val bool) bool {
+		p.api.Store(key, false)
+		return true
+	})
+	this.uiHash.Range(func (key string, val bool) bool {
+		p.ui.Store(key, false)
+		return true
+	})
+	return p
+}
+
+func (this *PermissionTable) genUserPermission(u *user) {
+	u.roleHash.Range(func(key string, val *role) bool {
+		val.api.Range(func(key2 string, val2 bool) bool {
+			u.api.Store(key2, true)
+			return true
+		})
+		val.ui.Range(func(key2 string, val2 bool) bool {
+			u.ui.Store(key2, true)
+			return true
+		})
+		return true
+	})
 }