server/resource/v4/role_resource.go - servicecomb-service-center - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more
  * contributor license agreements.  See the NOTICE file distributed with
  * this work for additional information regarding copyright ownership.
  * The ASF licenses this file to You under the Apache License, Version 2.0
  * (the "License"); you may not use this file except in compliance with
  * the License.  You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 package v4

 import (
 	"context"
 	"encoding/json"
 	"io/ioutil"
 	"net/http"

 	"github.com/apache/servicecomb-service-center/datasource"
 	errorsEx "github.com/apache/servicecomb-service-center/pkg/errors"
 	"github.com/apache/servicecomb-service-center/pkg/log"
 	"github.com/apache/servicecomb-service-center/pkg/rest"
 	"github.com/apache/servicecomb-service-center/server/rest/controller"
 	"github.com/apache/servicecomb-service-center/server/service/rbac/dao"

 	"github.com/go-chassis/cari/discovery"
 	"github.com/go-chassis/cari/rbac"
 )

 var ErrConflictRole int32 = 409002

 type RoleResource struct {
 }

 //URLPatterns define http pattern
 func (rr *RoleResource) URLPatterns() []rest.Route {
 	return []rest.Route{
 		{Method: http.MethodGet, Path: "/v4/roles", Func: rr.GetRolePermission},
 		{Method: http.MethodPost, Path: "/v4/roles", Func: rr.CreateRolePermission},
 		{Method: http.MethodPut, Path: "/v4/roles/:roleName", Func: rr.UpdateRolePermission},
 		{Method: http.MethodGet, Path: "/v4/roles/:roleName", Func: rr.GetRole},
 		{Method: http.MethodDelete, Path: "/v4/roles/:roleName", Func: rr.DeleteRole},
 	}
 }

 //GetRolePermission list all roles and there's permissions
 func (rr *RoleResource) GetRolePermission(w http.ResponseWriter, req *http.Request) {
 	rs, num, err := dao.ListRole(context.TODO())
 	if err != nil {
 		log.Error(errorsEx.MsgGetRoleFailed, err)
 		controller.WriteError(w, discovery.ErrInternal, errorsEx.MsgGetRoleFailed)
 		return
 	}
 	resp := &rbac.RoleResponse{
 		Total: num,
 		Roles: rs,
 	}
 	controller.WriteResponse(w, req, nil, resp)
 }

 //roleParse parse the role info from the request body
 func (rr *RoleResource) roleParse(body []byte) (*rbac.Role, error) {
 	role := &rbac.Role{}
 	err := json.Unmarshal(body, role)
 	if err != nil {
 		log.Error("json err", err)
 		return nil, err
 	}
 	// TODO: validate role
 	return role, nil
 }

 //CreateRolePermission create new role and assign permissions
 func (rr *RoleResource) CreateRolePermission(w http.ResponseWriter, req *http.Request) {
 	body, err := ioutil.ReadAll(req.Body)
 	if err != nil {
 		log.Error("read body err", err)
 		controller.WriteError(w, discovery.ErrInternal, err.Error())
 		return
 	}
 	role, err := rr.roleParse(body)
 	if err != nil {
 		controller.WriteError(w, discovery.ErrInvalidParams, errorsEx.MsgJSON)
 		return
 	}
 	err = dao.CreateRole(context.TODO(), role)
 	if err != nil {
 		if err == datasource.ErrRoleDuplicated {
 			controller.WriteError(w, ErrConflictRole, "")
 			return
 		}
 		log.Error(errorsEx.MsgOperateRoleFailed, err)
 		controller.WriteError(w, discovery.ErrInternal, errorsEx.MsgOperateRoleFailed)
 		return
 	}
 	controller.WriteSuccess(w, req)
 }

 //UpdateRolePermission update role permissions
 func (rr *RoleResource) UpdateRolePermission(w http.ResponseWriter, req *http.Request) {
 	body, err := ioutil.ReadAll(req.Body)
 	if err != nil {
 		log.Error("read body err", err)
 		controller.WriteError(w, discovery.ErrInternal, err.Error())
 		return
 	}
 	role, err := rr.roleParse(body)
 	if err != nil {
 		controller.WriteError(w, discovery.ErrInvalidParams, errorsEx.MsgJSON)
 		return
 	}
 	name := req.URL.Query().Get(":roleName")
 	err = dao.EditRole(context.TODO(), name, role)
 	if err != nil {
 		log.Error(errorsEx.MsgOperateRoleFailed, err)
 		controller.WriteError(w, discovery.ErrInternal, errorsEx.MsgOperateRoleFailed)
 		return
 	}
 	controller.WriteSuccess(w, req)
 }

 //GetRole get the role info according to role name
 func (rr *RoleResource) GetRole(w http.ResponseWriter, r *http.Request) {
 	role, err := dao.GetRole(context.TODO(), r.URL.Query().Get(":roleName"))
 	if err != nil {
 		log.Error(errorsEx.MsgGetRoleFailed, err)
 		controller.WriteError(w, discovery.ErrInternal, errorsEx.MsgGetRoleFailed)
 	}
 	controller.WriteResponse(w, r, nil, role)
 }

 //DeleteRole delete the role info by role name
 func (rr *RoleResource) DeleteRole(w http.ResponseWriter, req *http.Request) {
 	_, err := dao.DeleteRole(context.TODO(), req.URL.Query().Get(":roleName"))
 	if err != nil {
 		log.Error(errorsEx.MsgJSON, err)
 		controller.WriteError(w, discovery.ErrInternal, errorsEx.MsgJSON)
 		return
 	}
 	controller.WriteSuccess(w, req)
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one or more
	* contributor license agreements. See the NOTICE file distributed with
	* this work for additional information regarding copyright ownership.
	* The ASF licenses this file to You under the Apache License, Version 2.0
	* (the "License"); you may not use this file except in compliance with
	* the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	package v4

	import (
	"context"
	"encoding/json"
	"io/ioutil"
	"net/http"

	"github.com/apache/servicecomb-service-center/datasource"
	errorsEx "github.com/apache/servicecomb-service-center/pkg/errors"
	"github.com/apache/servicecomb-service-center/pkg/log"
	"github.com/apache/servicecomb-service-center/pkg/rest"
	"github.com/apache/servicecomb-service-center/server/rest/controller"
	"github.com/apache/servicecomb-service-center/server/service/rbac/dao"

	"github.com/go-chassis/cari/discovery"
	"github.com/go-chassis/cari/rbac"
	)

	var ErrConflictRole int32 = 409002

	type RoleResource struct {
	}

	//URLPatterns define http pattern
	func (rr *RoleResource) URLPatterns() []rest.Route {
	return []rest.Route{
	{Method: http.MethodGet, Path: "/v4/roles", Func: rr.GetRolePermission},
	{Method: http.MethodPost, Path: "/v4/roles", Func: rr.CreateRolePermission},
	{Method: http.MethodPut, Path: "/v4/roles/:roleName", Func: rr.UpdateRolePermission},
	{Method: http.MethodGet, Path: "/v4/roles/:roleName", Func: rr.GetRole},
	{Method: http.MethodDelete, Path: "/v4/roles/:roleName", Func: rr.DeleteRole},
	}
	}

	//GetRolePermission list all roles and there's permissions
	func (rr RoleResource) GetRolePermission(w http.ResponseWriter, req http.Request) {
	rs, num, err := dao.ListRole(context.TODO())
	if err != nil {
	log.Error(errorsEx.MsgGetRoleFailed, err)
	controller.WriteError(w, discovery.ErrInternal, errorsEx.MsgGetRoleFailed)
	return
	}
	resp := &rbac.RoleResponse{
	Total: num,
	Roles: rs,
	}
	controller.WriteResponse(w, req, nil, resp)
	}

	//roleParse parse the role info from the request body
	func (rr RoleResource) roleParse(body []byte) (rbac.Role, error) {
	role := &rbac.Role{}
	err := json.Unmarshal(body, role)
	if err != nil {
	log.Error("json err", err)
	return nil, err
	}
	// TODO: validate role
	return role, nil
	}

	//CreateRolePermission create new role and assign permissions
	func (rr RoleResource) CreateRolePermission(w http.ResponseWriter, req http.Request) {
	body, err := ioutil.ReadAll(req.Body)
	if err != nil {
	log.Error("read body err", err)
	controller.WriteError(w, discovery.ErrInternal, err.Error())
	return
	}
	role, err := rr.roleParse(body)
	if err != nil {
	controller.WriteError(w, discovery.ErrInvalidParams, errorsEx.MsgJSON)
	return
	}
	err = dao.CreateRole(context.TODO(), role)
	if err != nil {
	if err == datasource.ErrRoleDuplicated {
	controller.WriteError(w, ErrConflictRole, "")
	return
	}
	log.Error(errorsEx.MsgOperateRoleFailed, err)
	controller.WriteError(w, discovery.ErrInternal, errorsEx.MsgOperateRoleFailed)
	return
	}
	controller.WriteSuccess(w, req)
	}

	//UpdateRolePermission update role permissions
	func (rr RoleResource) UpdateRolePermission(w http.ResponseWriter, req http.Request) {
	body, err := ioutil.ReadAll(req.Body)
	if err != nil {
	log.Error("read body err", err)
	controller.WriteError(w, discovery.ErrInternal, err.Error())
	return
	}
	role, err := rr.roleParse(body)
	if err != nil {
	controller.WriteError(w, discovery.ErrInvalidParams, errorsEx.MsgJSON)
	return
	}
	name := req.URL.Query().Get(":roleName")
	err = dao.EditRole(context.TODO(), name, role)
	if err != nil {
	log.Error(errorsEx.MsgOperateRoleFailed, err)
	controller.WriteError(w, discovery.ErrInternal, errorsEx.MsgOperateRoleFailed)
	return
	}
	controller.WriteSuccess(w, req)
	}

	//GetRole get the role info according to role name
	func (rr RoleResource) GetRole(w http.ResponseWriter, r http.Request) {
	role, err := dao.GetRole(context.TODO(), r.URL.Query().Get(":roleName"))
	if err != nil {
	log.Error(errorsEx.MsgGetRoleFailed, err)
	controller.WriteError(w, discovery.ErrInternal, errorsEx.MsgGetRoleFailed)
	}
	controller.WriteResponse(w, r, nil, role)
	}

	//DeleteRole delete the role info by role name
	func (rr RoleResource) DeleteRole(w http.ResponseWriter, req http.Request) {
	_, err := dao.DeleteRole(context.TODO(), req.URL.Query().Get(":roleName"))
	if err != nil {
	log.Error(errorsEx.MsgJSON, err)
	controller.WriteError(w, discovery.ErrInternal, errorsEx.MsgJSON)
	return
	}
	controller.WriteSuccess(w, req)
	}