diff --git a/server/adminserver/mt/Permission.go b/server/adminserver/mt/Permission.go index 2ca1956f..14f1b275 100644 --- a/server/adminserver/mt/Permission.go +++ b/server/adminserver/mt/Permission.go @@ -33,79 +33,17 @@ type PermissionTable struct { apiHash *q5.ConcurrentMap[string, bool] uiHash *q5.ConcurrentMap[string, bool] roleHash *q5.ConcurrentMap[string, *role] - userHash *q5.ConcurrentMap[string, *Permission] + userHash *q5.ConcurrentMap[string, *user] } func (this *PermissionTable) Load() { this.apiHash = new(q5.ConcurrentMap[string, bool]) this.uiHash = new(q5.ConcurrentMap[string, bool]) this.roleHash = new(q5.ConcurrentMap[string, *role]) - this.userHash = new(q5.ConcurrentMap[string, *Permission]) + this.userHash = new(q5.ConcurrentMap[string, *user]) this.loadPermission() this.loadRole() this.loadUser() - { - if jsonStr, err := f5.ReadJsonFile("../config/permission.json"); err == nil { - type cfgPermission struct { - API []string `json:"api"` - UI []string `json:"ui"` - } - type AccountConfig struct { - Roles []string `json:"roles"` - Special cfgPermission `json:"special"` - } - permissioncfg := struct { - Roles map[string]cfgPermission `json:"roles"` - Accounts map[string]AccountConfig `json:"accounts"` - }{} - - if err := json.Unmarshal([]byte(jsonStr), &permissioncfg); err != nil { - panic(fmt.Sprintf("load metafile json decode error %s %s", "permission.json", err)) - } - - for account, cfg := range permissioncfg.Accounts { - accpermission := new(Permission) - accpermission.api = new(q5.ConcurrentMap[string, bool]) - accpermission.ui = new(q5.ConcurrentMap[string, bool]) - //load permission of the account's roles - for _, role := range cfg.Roles { - rp, exist := permissioncfg.Roles[role] - if !exist { - continue - } - - for _, v := range rp.API { - accpermission.api.Store(v, true) - } - - for _, v := range rp.UI { - accpermission.ui.Store(v, true) - } - } - - //load special permission - for _, v := range cfg.Special.API { - ret := strings.HasPrefix(v, "-") - if ret { - v = v[1:] - } - accpermission.api.Store(v, !ret) - } - - for _, v := range cfg.Special.UI { - ret := strings.HasPrefix(v, "-") - if ret { - v = v[1:] - } - accpermission.ui.Store(v, !ret) - } - - this.userHash.Store(strings.ToLower(account), accpermission) - } - } else { - panic(fmt.Sprintf("load metafile error %s %s", "permission.json", err)) - } - } } func (this *PermissionTable) CheckAPIPermission(account string, cmd string) bool { @@ -161,18 +99,105 @@ func (this *PermissionTable) loadRole() { panic(fmt.Sprintf("load metafile error %s %s", "roles.json", err)) } } - for _, role := range roles { - if jsonStr, err := f5.ReadJsonFile("../config/role/" + role + ".json"); err == nil { - rolePermission := struct{ - Api []string `json:"api"` - Ui []string `json:"ui"` - }{} - if err := q5.DecodeJson(jsonStr, &rolePermission); err != nil { - panic(fmt.Sprintf("parse role metafile error %s %s", role + ".json", err)) + { + for _, name := range roles { + if jsonStr, err := f5.ReadJsonFile("../config/role/" + name + ".json"); err == nil { + rolePermission := struct{ + Api []string `json:"api"` + Ui []string `json:"ui"` + }{} + if err := q5.DecodeJson(jsonStr, &rolePermission); err != nil { + panic(fmt.Sprintf("parse role metafile error %s %s", name + ".json", err)) + } + p := this.newRole() + for _, pName := range rolePermission.Api { + p.api.Store(pName, true) + } + for _, pName := range rolePermission.Ui { + p.api.Store(pName, true) + } + this.roleHash.Store(name, p) } } } } func (this *PermissionTable) loadUser() { + users := []struct { + AccountAddress string `json:"account_address"` + Roles []string `json:"roles"` + Special struct { + Api []string `json:"api"` + Ui []string `json:"ui"` + } `json:"special"` + }{} + { + if jsonStr, err := f5.ReadJsonFile("../config/users.json"); err == nil { + if err := q5.DecodeJson(jsonStr, &users); err != nil { + panic(fmt.Sprintf("parse metafile error %s %s", "usersa.json", err)) + } + } else { + panic(fmt.Sprintf("load metafile error %s %s", "users.json", err)) + } + } + { + for _, u := range users { + p := this.newUser() + p.accountAddress = strings.ToLower(u.AccountAddress) + for _, r := range u.Roles { + if pr, ok := this.roleHash.Load(r); ok { + p.roleHash.Store(r, *pr) + } else { + panic(fmt.Sprintf("load metafile error %s role:%s not exists", "users.json", r)) + } + } + for _, pName := range u.Special.Api { + q5.AppendSlice(&p.specApi, pName) + } + for _, pName := range u.Special.Ui { + q5.AppendSlice(&p.specApi, pName) + } + this.genUserPermission(p) + this.userHash.Store(p.accountAddress, p) + } + } +} + +func (this *PermissionTable) newRole() *role { + p := new(role) + p.api = new(q5.ConcurrentMap[string, bool]) + p.ui = new(q5.ConcurrentMap[string, bool]) + return p +} + +func (this *PermissionTable) newUser() *user { + p := new(user) + p.roleHash = new(q5.ConcurrentMap[string, *role]) + p.api = new(q5.ConcurrentMap[string, bool]) + p.ui = new(q5.ConcurrentMap[string, bool]) + p.specApi = []string{} + p.specUi = []string{} + this.apiHash.Range(func (key string, val bool) bool { + p.api.Store(key, false) + return true + }) + this.uiHash.Range(func (key string, val bool) bool { + p.ui.Store(key, false) + return true + }) + return p +} + +func (this *PermissionTable) genUserPermission(u *user) { + u.roleHash.Range(func(key string, val *role) bool { + val.api.Range(func(key2 string, val2 bool) bool { + u.api.Store(key2, true) + return true + }) + val.ui.Range(func(key2 string, val2 bool) bool { + u.ui.Store(key2, true) + return true + }) + return true + }) }