This is an automated email from the ASF dual-hosted git repository.
tianxiaoliang pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/servicecomb-service-center.git
The following commit(s) were added to refs/heads/master by this push:
new eb0085e extract duplicate code (#784)
eb0085e is described below
commit eb0085ea1bf024283c8fea4face1b71f4072e88d
Author: hityc2019 <[email protected]>
AuthorDate: Thu Dec 17 18:38:49 2020 +0800
extract duplicate code (#784)
---
docs/user-guides/rbac.md | 2 +-
server/resource/v4/role_resource.go | 43 ++++++++++++++++++++++---------------
2 files changed, 27 insertions(+), 18 deletions(-)
diff --git a/docs/user-guides/rbac.md b/docs/user-guides/rbac.md
index 20b48c4..48821cc 100644
--- a/docs/user-guides/rbac.md
+++ b/docs/user-guides/rbac.md
@@ -87,7 +87,7 @@ curl -X POST \
Currently, two default roles are provided. You can also add new roles and
assign resources.
### API and resources
-All APIs of the system are divided according to their attributes. For example,
resource account has the permission to create or update or delete user account
when assign the corresponding permissions, resource service has all permission
to create, get, add or delete microservices when permissions equal to "*". For
more details to see
[https://github.com/apache/servicecomb-service-center/blob/master/server/service/rbac/resource.go]()
+All APIs of the system are divided according to their attributes. For example,
resource account has the permission to create or update or delete user account
when assign the corresponding permissions, resource service has all permission
to create, get, add or delete microservices when permissions equal to "*". For
more details to see
[here](https://github.com/apache/servicecomb-service-center/blob/master/server/service/rbac/resource.go).
A new role named "tester" owns resources "service", "instance" and "rule".
```json
{
diff --git a/server/resource/v4/role_resource.go
b/server/resource/v4/role_resource.go
index 1c79b06..103dbfe 100644
--- a/server/resource/v4/role_resource.go
+++ b/server/resource/v4/role_resource.go
@@ -38,7 +38,7 @@ var ErrConflictRole int32 = 409002
type RoleResource struct {
}
-//URLPatterns define htp pattern
+//URLPatterns define http pattern
func (r *RoleResource) URLPatterns() []rest.Route {
return []rest.Route{
{Method: http.MethodGet, Path: "/v4/role", Func:
r.GetRolePermission},
@@ -49,6 +49,7 @@ func (r *RoleResource) URLPatterns() []rest.Route {
}
}
+//GetRolePermission list all roles and there's permissions
func (r *RoleResource) GetRolePermission(w http.ResponseWriter, req
*http.Request) {
rs, _, err := dao.ListRole(context.TODO())
if err != nil {
@@ -68,6 +69,19 @@ func (r *RoleResource) GetRolePermission(w
http.ResponseWriter, req *http.Reques
controller.WriteJSON(w, b)
}
+//roleParse parse the role info from the request body
+func (r *RoleResource) roleParse(body []byte) (*rbacframe.Role, error) {
+ role := &rbacframe.Role{}
+ err := json.Unmarshal(body, role)
+ if err != nil {
+ log.Error("json err", err)
+ return nil, err
+ }
+ // TODO: validate role
+ return role, nil
+}
+
+//CreateRolePermission create new role and assign permissions
func (r *RoleResource) CreateRolePermission(w http.ResponseWriter, req
*http.Request) {
body, err := ioutil.ReadAll(req.Body)
if err != nil {
@@ -75,14 +89,12 @@ func (r *RoleResource) CreateRolePermission(w
http.ResponseWriter, req *http.Req
controller.WriteError(w, discovery.ErrInternal, err.Error())
return
}
- a := &rbacframe.Role{}
- if err = json.Unmarshal(body, a); err != nil {
- log.Error("json err", err)
+ role, err := r.roleParse(body)
+ if err != nil {
controller.WriteError(w, discovery.ErrInvalidParams,
errorsEx.MsgJSON)
return
}
- // TODO: validate role
- err = dao.CreateRole(context.TODO(), a)
+ err = dao.CreateRole(context.TODO(), role)
if err != nil {
if err == datasource.ErrRoleDuplicated {
controller.WriteError(w, ErrConflictRole, "")
@@ -94,6 +106,7 @@ func (r *RoleResource) CreateRolePermission(w
http.ResponseWriter, req *http.Req
}
}
+//UpdateRolePermission update role permissions
func (r *RoleResource) UpdateRolePermission(w http.ResponseWriter, req
*http.Request) {
body, err := ioutil.ReadAll(req.Body)
if err != nil {
@@ -101,32 +114,27 @@ func (r *RoleResource) UpdateRolePermission(w
http.ResponseWriter, req *http.Req
controller.WriteError(w, discovery.ErrInternal, err.Error())
return
}
- a := &rbacframe.Role{}
- if err = json.Unmarshal(body, a); err != nil {
- log.Error("json err", err)
+ role, err := r.roleParse(body)
+ if err != nil {
controller.WriteError(w, discovery.ErrInvalidParams,
errorsEx.MsgJSON)
return
}
- // TODO: validate role
- err = dao.EditRole(context.TODO(), a)
+ err = dao.EditRole(context.TODO(), role)
if err != nil {
- if err == datasource.ErrRoleDuplicated {
- controller.WriteError(w, ErrConflictRole, "")
- return
- }
log.Error(errorsEx.MsgOperateRoleFailed, err)
controller.WriteError(w, discovery.ErrInternal,
errorsEx.MsgOperateRoleFailed)
return
}
}
+//GetRole get the role info according to role name
func (r *RoleResource) GetRole(w http.ResponseWriter, req *http.Request) {
- a, err := dao.GetRole(context.TODO(), req.URL.Query().Get(":roleName"))
+ role, err := dao.GetRole(context.TODO(),
req.URL.Query().Get(":roleName"))
if err != nil {
log.Error(errorsEx.MsgGetRoleFailed, err)
controller.WriteError(w, discovery.ErrInternal,
errorsEx.MsgGetRoleFailed)
}
- v, err := json.Marshal(a)
+ v, err := json.Marshal(role)
if err != nil {
log.Error(errorsEx.MsgJSON, err)
controller.WriteError(w, discovery.ErrInternal,
errorsEx.MsgJSON)
@@ -135,6 +143,7 @@ func (r *RoleResource) GetRole(w http.ResponseWriter, req
*http.Request) {
controller.WriteJSON(w, v)
}
+//DeleteRole delete the role info by role name
func (r *RoleResource) DeleteRole(w http.ResponseWriter, req *http.Request) {
_, err := dao.DeleteRole(context.TODO(),
req.URL.Query().Get(":roleName"))
if err != nil {
