diff --git a/controllers/group.go b/controllers/group.go
new file mode 100644
index 0000000..d41040f
--- /dev/null
+++ b/controllers/group.go
@@ -0,0 +1,213 @@
+package controllers
+
+import (
+ "oc-auth/infrastructure"
+
+ beego "github.com/beego/beego/v2/server/web"
+)
+
+// Operations about auth
+type GroupController struct {
+ beego.Controller
+}
+
+// @Title Create
+// @Description create group
+// @Param id path string true "the id you want to get"
+// @Success 200 {auth} create success!
+// @router /:id [post]
+func (o *GroupController) Post() {
+ // store and return Id or post with UUID
+ id := o.Ctx.Input.Param(":id")
+ group, code, err := infrastructure.GetPermissionConnector().CreateGroup(id)
+ if err != nil {
+ o.Data["json"] = map[string]interface{}{
+ "data": nil,
+ "error": err.Error(),
+ "code": code,
+ }
+
+ } else {
+ o.Data["json"] = map[string]interface{}{
+ "data": group,
+ "error": nil,
+ "code": 200,
+ }
+ }
+ o.ServeJSON()
+}
+
+// @Title GetByUser
+// @Description find group by user id
+// @Param id path string true "the id you want to get"
+// @Success 200 {auth} string
+// @router /user/:id [get]
+func (o *GroupController) GetByUser() {
+ id := o.Ctx.Input.Param(":id")
+ group, err := infrastructure.GetPermissionConnector().GetGroupByUser(id)
+ if err != nil {
+ o.Data["json"] = map[string]interface{}{
+ "data": nil,
+ "error": err.Error(),
+ "code": 200,
+ }
+
+ } else {
+ o.Data["json"] = map[string]interface{}{
+ "data": group,
+ "error": nil,
+ "code": 200,
+ }
+ }
+ o.ServeJSON()
+}
+
+// @Title GetAll
+// @Description find groups
+// @Success 200 {group} string
+// @router / [get]
+func (o *GroupController) GetAll() {
+ group, err := infrastructure.GetPermissionConnector().GetGroup("")
+ if err != nil {
+ o.Data["json"] = map[string]interface{}{
+ "data": nil,
+ "error": err.Error(),
+ "code": 200,
+ }
+
+ } else {
+ o.Data["json"] = map[string]interface{}{
+ "data": group,
+ "error": nil,
+ "code": 200,
+ }
+ }
+ o.ServeJSON()
+}
+
+// @Title Get
+// @Description find group by id
+// @Param id path string true "the id you want to get"
+// @Success 200 {group} string
+// @router /:id [get]
+func (o *GroupController) Get() {
+ id := o.Ctx.Input.Param(":id")
+ group, err := infrastructure.GetPermissionConnector().GetGroup(id)
+ if err != nil {
+ o.Data["json"] = map[string]interface{}{
+ "data": nil,
+ "error": err.Error(),
+ "code": 200,
+ }
+
+ } else {
+ o.Data["json"] = map[string]interface{}{
+ "data": group,
+ "error": nil,
+ "code": 200,
+ }
+ }
+ o.ServeJSON()
+}
+
+// @Title Delete
+// @Description delete the group
+// @Param id path string true "The id you want to delete"
+// @Success 200 {string} delete success!
+// @router /:id [delete]
+func (o *GroupController) Delete() {
+ id := o.Ctx.Input.Param(":id")
+ group, code, err := infrastructure.GetPermissionConnector().DeleteGroup(id)
+ if err != nil {
+ o.Data["json"] = map[string]interface{}{
+ "data": nil,
+ "error": err.Error(),
+ "code": code,
+ }
+
+ } else {
+ o.Data["json"] = map[string]interface{}{
+ "data": group,
+ "error": nil,
+ "code": 200,
+ }
+ }
+ o.ServeJSON()
+}
+
+// @Title Clear
+// @Description clear the group
+// @Success 200 {string} delete success!
+// @router /clear [delete]
+func (o *GroupController) Clear() {
+ group, code, err := infrastructure.GetPermissionConnector().DeleteGroup("")
+ if err != nil {
+ o.Data["json"] = map[string]interface{}{
+ "data": nil,
+ "error": err.Error(),
+ "code": code,
+ }
+
+ } else {
+ o.Data["json"] = map[string]interface{}{
+ "data": group,
+ "error": nil,
+ "code": 200,
+ }
+ }
+ o.ServeJSON()
+}
+
+// @Title Bind
+// @Description bind the group to user
+// @Param user_id path string true "The user_id you want to bind"
+// @Param group_id path string true "The group_id you want to bind"
+// @Success 200 {string} bind success!
+// @router /:user_id/:group_id [post]
+func (o *GroupController) Bind() {
+ user_id := o.Ctx.Input.Param(":user_id")
+ group_id := o.Ctx.Input.Param(":group_id")
+ group, code, err := infrastructure.GetPermissionConnector().BindGroup(user_id, group_id)
+ if err != nil {
+ o.Data["json"] = map[string]interface{}{
+ "data": nil,
+ "error": err.Error(),
+ "code": code,
+ }
+
+ } else {
+ o.Data["json"] = map[string]interface{}{
+ "data": group,
+ "error": nil,
+ "code": 200,
+ }
+ }
+ o.ServeJSON()
+}
+
+// @Title UnBind
+// @Description unbind the group to user
+// @Param group_id path string true "The group_id you want to unbind"
+// @Param group_id path string true "The user_id you want to unbind"
+// @Success 200 {string} bind success!
+// @router /:user_id/:group_id [delete]
+func (o *GroupController) UnBind() {
+ user_id := o.Ctx.Input.Param(":user_id")
+ group_id := o.Ctx.Input.Param(":group_id")
+ group, code, err := infrastructure.GetPermissionConnector().UnBindGroup(user_id, group_id)
+ if err != nil {
+ o.Data["json"] = map[string]interface{}{
+ "data": nil,
+ "error": err.Error(),
+ "code": code,
+ }
+
+ } else {
+ o.Data["json"] = map[string]interface{}{
+ "data": group,
+ "error": nil,
+ "code": 200,
+ }
+ }
+ o.ServeJSON()
+}
diff --git a/infrastructure/perms_connectors/keto_connector.go b/infrastructure/perms_connectors/keto_connector.go
index 6f1d027..5039b8f 100644
--- a/infrastructure/perms_connectors/keto_connector.go
+++ b/infrastructure/perms_connectors/keto_connector.go
@@ -80,14 +80,23 @@ func (k KetoConnector) CheckPermission(perm Permission, permDependancies *Permis
}
func (k KetoConnector) DeleteRole(roleID string) (string, int, error) {
- k.deleteRelationShip("", "", roleID, nil)
- _, code, err := k.deleteRelationShip(roleID, "", k.scope(), nil)
+ k.deleteRelationShip("", "member", roleID, nil)
+ _, code, err := k.deleteRelationShip(roleID, "is", k.scope(), nil)
if err != nil {
return "", code, err
}
return roleID, 200, nil
}
+func (k KetoConnector) DeleteGroup(groupID string) (string, int, error) {
+ k.deleteRelationShip("", "groups", groupID, nil)
+ _, code, err := k.deleteRelationShip(groupID, "groupin", k.scope(), nil)
+ if err != nil {
+ return "", code, err
+ }
+ return groupID, 200, nil
+}
+
func (k KetoConnector) DeletePermission(permID string, relation string, internal bool) (string, int, error) {
meth, err := utils.ExtractMethod(relation, internal)
if err != nil {
@@ -112,6 +121,14 @@ func (k KetoConnector) CreateRole(roleID string) (string, int, error) {
return p.Object, 200, nil
}
+func (k KetoConnector) CreateGroup(groupID string) (string, int, error) {
+ p, code, err := k.createRelationShip(groupID, "groupin", k.scope(), nil)
+ if err != nil {
+ return "", code, err
+ }
+ return p.Object, 200, nil
+}
+
func (k KetoConnector) CreatePermission(permID string, relation string, internal bool) (string, int, error) {
meth, err := utils.ExtractMethod(relation, internal)
if err != nil {
@@ -138,6 +155,18 @@ func (k KetoConnector) GetRole(roleID string) ([]string, error) {
return arr, nil
}
+func (k KetoConnector) GetGroup(roleID string) ([]string, error) {
+ arr := []string{}
+ groups, err := k.get(roleID, "groupin", k.scope())
+ if err != nil {
+ return arr, err
+ }
+ for _, grp := range groups {
+ arr = append(arr, grp.Object)
+ }
+ return arr, nil
+}
+
func (k KetoConnector) GetRoleByUser(userID string) ([]string, error) {
arr := []string{}
roles, err := k.get("", "member", userID)
@@ -150,6 +179,18 @@ func (k KetoConnector) GetRoleByUser(userID string) ([]string, error) {
return arr, nil
}
+func (k KetoConnector) GetGroupByUser(userID string) ([]string, error) {
+ arr := []string{}
+ groups, err := k.get("", "groups", userID)
+ if err != nil {
+ return arr, err
+ }
+ for _, grp := range groups {
+ arr = append(arr, grp.Object)
+ }
+ return arr, nil
+}
+
func (k KetoConnector) GetPermission(permID string, relation string) ([]Permission, error) {
meth, err := utils.ExtractMethod(relation, true)
if err != nil {
@@ -233,6 +274,14 @@ func (k KetoConnector) BindRole(userID string, roleID string) (string, int, erro
return roleID, 200, nil
}
+func (k KetoConnector) BindGroup(userID string, groupID string) (string, int, error) {
+ _, code, err := k.createRelationShip(groupID, "groups", userID, nil)
+ if err != nil {
+ return groupID, code, err
+ }
+ return groupID, 200, nil
+}
+
func (k KetoConnector) BindPermission(roleID string, permID string, relation string) (*Permission, int, error) {
perms, err := k.GetPermission(permID, relation)
if err != nil || len(perms) != 1 {
@@ -267,6 +316,14 @@ func (k KetoConnector) UnBindRole(userID string, roleID string) (string, int, er
return roleID, 200, nil
}
+func (k KetoConnector) UnBindGroup(userID string, groupID string) (string, int, error) {
+ _, code, err := k.deleteRelationShip(groupID, "groups", userID, nil)
+ if err != nil {
+ return groupID, code, err
+ }
+ return groupID, 200, nil
+}
+
func (k KetoConnector) UnBindPermission(roleID string, permID string, relation string) (*Permission, int, error) {
meth, err := utils.ExtractMethod(relation, false)
if err != nil {
diff --git a/infrastructure/perms_connectors/perms_connector.go b/infrastructure/perms_connectors/perms_connector.go
index e9c3d8a..a51556f 100644
--- a/infrastructure/perms_connectors/perms_connector.go
+++ b/infrastructure/perms_connectors/perms_connector.go
@@ -25,21 +25,27 @@ type PermConnector interface {
Status() tools.State
CheckPermission(perm Permission, permDependancies *Permission, internal bool) bool
BindRole(userID string, roleID string) (string, int, error)
+ BindGroup(userID string, groupID string) (string, int, error)
BindPermission(roleID string, permID string, relation string) (*Permission, int, error)
UnBindRole(userID string, roleID string) (string, int, error)
+ UnBindGroup(userID string, groupID string) (string, int, error)
UnBindPermission(roleID string, permID string, relation string) (*Permission, int, error)
CreateRole(roleID string) (string, int, error)
+ CreateGroup(groupID string) (string, int, error)
CreatePermission(permID string, relation string, internal bool) (string, int, error)
DeleteRole(roleID string) (string, int, error)
+ DeleteGroup(groupID string) (string, int, error)
DeletePermission(permID string, relation string, internal bool) (string, int, error)
GetRoleByUser(userID string) ([]string, error)
+ GetGroupByUser(userID string) ([]string, error)
GetPermissionByRole(roleID string) ([]Permission, error)
GetPermissionByUser(userID string, internal bool) ([]Permission, error)
GetRole(roleID string) ([]string, error)
+ GetGroup(groupID string) ([]string, error)
GetPermission(permID string, relation string) ([]Permission, error)
}
diff --git a/oc-auth b/oc-auth
index 4eed7fa..2706af9 100755
Binary files a/oc-auth and b/oc-auth differ
diff --git a/routers/commentsRouter.go b/routers/commentsRouter.go
index fb8433c..e18f62f 100644
--- a/routers/commentsRouter.go
+++ b/routers/commentsRouter.go
@@ -7,6 +7,78 @@ import (
func init() {
+ beego.GlobalControllerRouter["oc-auth/controllers:GroupController"] = append(beego.GlobalControllerRouter["oc-auth/controllers:GroupController"],
+ beego.ControllerComments{
+ Method: "GetAll",
+ Router: `/`,
+ AllowHTTPMethods: []string{"get"},
+ MethodParams: param.Make(),
+ Filters: nil,
+ Params: nil})
+
+ beego.GlobalControllerRouter["oc-auth/controllers:GroupController"] = append(beego.GlobalControllerRouter["oc-auth/controllers:GroupController"],
+ beego.ControllerComments{
+ Method: "Post",
+ Router: `/:id`,
+ AllowHTTPMethods: []string{"post"},
+ MethodParams: param.Make(),
+ Filters: nil,
+ Params: nil})
+
+ beego.GlobalControllerRouter["oc-auth/controllers:GroupController"] = append(beego.GlobalControllerRouter["oc-auth/controllers:GroupController"],
+ beego.ControllerComments{
+ Method: "Get",
+ Router: `/:id`,
+ AllowHTTPMethods: []string{"get"},
+ MethodParams: param.Make(),
+ Filters: nil,
+ Params: nil})
+
+ beego.GlobalControllerRouter["oc-auth/controllers:GroupController"] = append(beego.GlobalControllerRouter["oc-auth/controllers:GroupController"],
+ beego.ControllerComments{
+ Method: "Delete",
+ Router: `/:id`,
+ AllowHTTPMethods: []string{"delete"},
+ MethodParams: param.Make(),
+ Filters: nil,
+ Params: nil})
+
+ beego.GlobalControllerRouter["oc-auth/controllers:GroupController"] = append(beego.GlobalControllerRouter["oc-auth/controllers:GroupController"],
+ beego.ControllerComments{
+ Method: "Bind",
+ Router: `/:user_id/:group_id`,
+ AllowHTTPMethods: []string{"post"},
+ MethodParams: param.Make(),
+ Filters: nil,
+ Params: nil})
+
+ beego.GlobalControllerRouter["oc-auth/controllers:GroupController"] = append(beego.GlobalControllerRouter["oc-auth/controllers:GroupController"],
+ beego.ControllerComments{
+ Method: "UnBind",
+ Router: `/:user_id/:group_id`,
+ AllowHTTPMethods: []string{"delete"},
+ MethodParams: param.Make(),
+ Filters: nil,
+ Params: nil})
+
+ beego.GlobalControllerRouter["oc-auth/controllers:GroupController"] = append(beego.GlobalControllerRouter["oc-auth/controllers:GroupController"],
+ beego.ControllerComments{
+ Method: "Clear",
+ Router: `/clear`,
+ AllowHTTPMethods: []string{"delete"},
+ MethodParams: param.Make(),
+ Filters: nil,
+ Params: nil})
+
+ beego.GlobalControllerRouter["oc-auth/controllers:GroupController"] = append(beego.GlobalControllerRouter["oc-auth/controllers:GroupController"],
+ beego.ControllerComments{
+ Method: "GetByUser",
+ Router: `/user/:id`,
+ AllowHTTPMethods: []string{"get"},
+ MethodParams: param.Make(),
+ Filters: nil,
+ Params: nil})
+
beego.GlobalControllerRouter["oc-auth/controllers:OAuthController"] = append(beego.GlobalControllerRouter["oc-auth/controllers:OAuthController"],
beego.ControllerComments{
Method: "InternalAuthForward",
diff --git a/routers/router.go b/routers/router.go
index db044b0..a89dde9 100644
--- a/routers/router.go
+++ b/routers/router.go
@@ -18,6 +18,11 @@ func init() {
beego.NSInclude(
&controllers.OAuthController{},
),
+ beego.NSNamespace("/group",
+ beego.NSInclude(
+ &controllers.GroupController{},
+ ),
+ ),
beego.NSNamespace("/role",
beego.NSInclude(
&controllers.RoleController{},
diff --git a/swagger/swagger.json b/swagger/swagger.json
index 2a43cf9..77a837c 100644
--- a/swagger/swagger.json
+++ b/swagger/swagger.json
@@ -37,6 +37,180 @@
}
}
},
+ "/group/": {
+ "get": {
+ "tags": [
+ "group"
+ ],
+ "description": "find groups\n\u003cbr\u003e",
+ "operationId": "GroupController.GetAll",
+ "responses": {
+ "200": {
+ "description": "{group} string"
+ }
+ }
+ }
+ },
+ "/group/clear": {
+ "delete": {
+ "tags": [
+ "group"
+ ],
+ "description": "clear the group\n\u003cbr\u003e",
+ "operationId": "GroupController.Clear",
+ "responses": {
+ "200": {
+ "description": "{string} delete success!"
+ }
+ }
+ }
+ },
+ "/group/user/{id}": {
+ "get": {
+ "tags": [
+ "group"
+ ],
+ "description": "find group by user id\n\u003cbr\u003e",
+ "operationId": "GroupController.GetByUser",
+ "parameters": [
+ {
+ "in": "path",
+ "name": "id",
+ "description": "the id you want to get",
+ "required": true,
+ "type": "string"
+ }
+ ],
+ "responses": {
+ "200": {
+ "description": "{auth} string"
+ }
+ }
+ }
+ },
+ "/group/{id}": {
+ "get": {
+ "tags": [
+ "group"
+ ],
+ "description": "find group by id\n\u003cbr\u003e",
+ "operationId": "GroupController.Get",
+ "parameters": [
+ {
+ "in": "path",
+ "name": "id",
+ "description": "the id you want to get",
+ "required": true,
+ "type": "string"
+ }
+ ],
+ "responses": {
+ "200": {
+ "description": "{group} string"
+ }
+ }
+ },
+ "post": {
+ "tags": [
+ "group"
+ ],
+ "description": "create group\n\u003cbr\u003e",
+ "operationId": "GroupController.Create",
+ "parameters": [
+ {
+ "in": "path",
+ "name": "id",
+ "description": "the id you want to get",
+ "required": true,
+ "type": "string"
+ }
+ ],
+ "responses": {
+ "200": {
+ "description": "{auth} create success!"
+ }
+ }
+ },
+ "delete": {
+ "tags": [
+ "group"
+ ],
+ "description": "delete the group\n\u003cbr\u003e",
+ "operationId": "GroupController.Delete",
+ "parameters": [
+ {
+ "in": "path",
+ "name": "id",
+ "description": "The id you want to delete",
+ "required": true,
+ "type": "string"
+ }
+ ],
+ "responses": {
+ "200": {
+ "description": "{string} delete success!"
+ }
+ }
+ }
+ },
+ "/group/{user_id}/{group_id}": {
+ "post": {
+ "tags": [
+ "group"
+ ],
+ "description": "bind the group to user\n\u003cbr\u003e",
+ "operationId": "GroupController.Bind",
+ "parameters": [
+ {
+ "in": "path",
+ "name": "user_id",
+ "description": "The user_id you want to bind",
+ "required": true,
+ "type": "string"
+ },
+ {
+ "in": "path",
+ "name": "group_id",
+ "description": "The group_id you want to bind",
+ "required": true,
+ "type": "string"
+ }
+ ],
+ "responses": {
+ "200": {
+ "description": "{string} bind success!"
+ }
+ }
+ },
+ "delete": {
+ "tags": [
+ "group"
+ ],
+ "description": "unbind the group to user\n\u003cbr\u003e",
+ "operationId": "GroupController.UnBind",
+ "parameters": [
+ {
+ "in": "path",
+ "name": "group_id",
+ "description": "The group_id you want to unbind",
+ "required": true,
+ "type": "string"
+ },
+ {
+ "in": "path",
+ "name": "group_id",
+ "description": "The user_id you want to unbind",
+ "required": true,
+ "type": "string"
+ }
+ ],
+ "responses": {
+ "200": {
+ "description": "{string} bind success!"
+ }
+ }
+ }
+ },
"/introspect": {
"get": {
"tags": [
@@ -518,6 +692,10 @@
"name": "oc-auth/controllersOAuthController",
"description": "Operations about auth\n"
},
+ {
+ "name": "group",
+ "description": "Operations about auth\n"
+ },
{
"name": "role",
"description": "Operations about auth\n"
diff --git a/swagger/swagger.yml b/swagger/swagger.yml
index fd5ac6f..fd70eef 100644
--- a/swagger/swagger.yml
+++ b/swagger/swagger.yml
@@ -28,6 +28,137 @@ paths:
responses:
"200":
description: '{string}'
+ /group/:
+ get:
+ tags:
+ - group
+ description: |-
+ find groups
+
+ operationId: GroupController.GetAll
+ responses:
+ "200":
+ description: '{group} string'
+ /group/{id}:
+ get:
+ tags:
+ - group
+ description: |-
+ find group by id
+
+ operationId: GroupController.Get
+ parameters:
+ - in: path
+ name: id
+ description: the id you want to get
+ required: true
+ type: string
+ responses:
+ "200":
+ description: '{group} string'
+ post:
+ tags:
+ - group
+ description: |-
+ create group
+
+ operationId: GroupController.Create
+ parameters:
+ - in: path
+ name: id
+ description: the id you want to get
+ required: true
+ type: string
+ responses:
+ "200":
+ description: '{auth} create success!'
+ delete:
+ tags:
+ - group
+ description: |-
+ delete the group
+
+ operationId: GroupController.Delete
+ parameters:
+ - in: path
+ name: id
+ description: The id you want to delete
+ required: true
+ type: string
+ responses:
+ "200":
+ description: '{string} delete success!'
+ /group/{user_id}/{group_id}:
+ post:
+ tags:
+ - group
+ description: |-
+ bind the group to user
+
+ operationId: GroupController.Bind
+ parameters:
+ - in: path
+ name: user_id
+ description: The user_id you want to bind
+ required: true
+ type: string
+ - in: path
+ name: group_id
+ description: The group_id you want to bind
+ required: true
+ type: string
+ responses:
+ "200":
+ description: '{string} bind success!'
+ delete:
+ tags:
+ - group
+ description: |-
+ unbind the group to user
+
+ operationId: GroupController.UnBind
+ parameters:
+ - in: path
+ name: group_id
+ description: The group_id you want to unbind
+ required: true
+ type: string
+ - in: path
+ name: group_id
+ description: The user_id you want to unbind
+ required: true
+ type: string
+ responses:
+ "200":
+ description: '{string} bind success!'
+ /group/clear:
+ delete:
+ tags:
+ - group
+ description: |-
+ clear the group
+
+ operationId: GroupController.Clear
+ responses:
+ "200":
+ description: '{string} delete success!'
+ /group/user/{id}:
+ get:
+ tags:
+ - group
+ description: |-
+ find group by user id
+
+ operationId: GroupController.GetByUser
+ parameters:
+ - in: path
+ name: id
+ description: the id you want to get
+ required: true
+ type: string
+ responses:
+ "200":
+ description: '{auth} string'
/introspect:
get:
tags:
@@ -386,6 +517,9 @@ tags:
- name: oc-auth/controllersOAuthController
description: |
Operations about auth
+- name: group
+ description: |
+ Operations about auth
- name: role
description: |
Operations about auth