diff --git a/controllers/group.go b/controllers/group.go new file mode 100644 index 0000000..d41040f --- /dev/null +++ b/controllers/group.go @@ -0,0 +1,213 @@ +package controllers + +import ( + "oc-auth/infrastructure" + + beego "github.com/beego/beego/v2/server/web" +) + +// Operations about auth +type GroupController struct { + beego.Controller +} + +// @Title Create +// @Description create group +// @Param id path string true "the id you want to get" +// @Success 200 {auth} create success! +// @router /:id [post] +func (o *GroupController) Post() { + // store and return Id or post with UUID + id := o.Ctx.Input.Param(":id") + group, code, err := infrastructure.GetPermissionConnector().CreateGroup(id) + if err != nil { + o.Data["json"] = map[string]interface{}{ + "data": nil, + "error": err.Error(), + "code": code, + } + + } else { + o.Data["json"] = map[string]interface{}{ + "data": group, + "error": nil, + "code": 200, + } + } + o.ServeJSON() +} + +// @Title GetByUser +// @Description find group by user id +// @Param id path string true "the id you want to get" +// @Success 200 {auth} string +// @router /user/:id [get] +func (o *GroupController) GetByUser() { + id := o.Ctx.Input.Param(":id") + group, err := infrastructure.GetPermissionConnector().GetGroupByUser(id) + if err != nil { + o.Data["json"] = map[string]interface{}{ + "data": nil, + "error": err.Error(), + "code": 200, + } + + } else { + o.Data["json"] = map[string]interface{}{ + "data": group, + "error": nil, + "code": 200, + } + } + o.ServeJSON() +} + +// @Title GetAll +// @Description find groups +// @Success 200 {group} string +// @router / [get] +func (o *GroupController) GetAll() { + group, err := infrastructure.GetPermissionConnector().GetGroup("") + if err != nil { + o.Data["json"] = map[string]interface{}{ + "data": nil, + "error": err.Error(), + "code": 200, + } + + } else { + o.Data["json"] = map[string]interface{}{ + "data": group, + "error": nil, + "code": 200, + } + } + o.ServeJSON() +} + +// @Title Get +// @Description find group by id +// @Param id path string true "the id you want to get" +// @Success 200 {group} string +// @router /:id [get] +func (o *GroupController) Get() { + id := o.Ctx.Input.Param(":id") + group, err := infrastructure.GetPermissionConnector().GetGroup(id) + if err != nil { + o.Data["json"] = map[string]interface{}{ + "data": nil, + "error": err.Error(), + "code": 200, + } + + } else { + o.Data["json"] = map[string]interface{}{ + "data": group, + "error": nil, + "code": 200, + } + } + o.ServeJSON() +} + +// @Title Delete +// @Description delete the group +// @Param id path string true "The id you want to delete" +// @Success 200 {string} delete success! +// @router /:id [delete] +func (o *GroupController) Delete() { + id := o.Ctx.Input.Param(":id") + group, code, err := infrastructure.GetPermissionConnector().DeleteGroup(id) + if err != nil { + o.Data["json"] = map[string]interface{}{ + "data": nil, + "error": err.Error(), + "code": code, + } + + } else { + o.Data["json"] = map[string]interface{}{ + "data": group, + "error": nil, + "code": 200, + } + } + o.ServeJSON() +} + +// @Title Clear +// @Description clear the group +// @Success 200 {string} delete success! +// @router /clear [delete] +func (o *GroupController) Clear() { + group, code, err := infrastructure.GetPermissionConnector().DeleteGroup("") + if err != nil { + o.Data["json"] = map[string]interface{}{ + "data": nil, + "error": err.Error(), + "code": code, + } + + } else { + o.Data["json"] = map[string]interface{}{ + "data": group, + "error": nil, + "code": 200, + } + } + o.ServeJSON() +} + +// @Title Bind +// @Description bind the group to user +// @Param user_id path string true "The user_id you want to bind" +// @Param group_id path string true "The group_id you want to bind" +// @Success 200 {string} bind success! +// @router /:user_id/:group_id [post] +func (o *GroupController) Bind() { + user_id := o.Ctx.Input.Param(":user_id") + group_id := o.Ctx.Input.Param(":group_id") + group, code, err := infrastructure.GetPermissionConnector().BindGroup(user_id, group_id) + if err != nil { + o.Data["json"] = map[string]interface{}{ + "data": nil, + "error": err.Error(), + "code": code, + } + + } else { + o.Data["json"] = map[string]interface{}{ + "data": group, + "error": nil, + "code": 200, + } + } + o.ServeJSON() +} + +// @Title UnBind +// @Description unbind the group to user +// @Param group_id path string true "The group_id you want to unbind" +// @Param group_id path string true "The user_id you want to unbind" +// @Success 200 {string} bind success! +// @router /:user_id/:group_id [delete] +func (o *GroupController) UnBind() { + user_id := o.Ctx.Input.Param(":user_id") + group_id := o.Ctx.Input.Param(":group_id") + group, code, err := infrastructure.GetPermissionConnector().UnBindGroup(user_id, group_id) + if err != nil { + o.Data["json"] = map[string]interface{}{ + "data": nil, + "error": err.Error(), + "code": code, + } + + } else { + o.Data["json"] = map[string]interface{}{ + "data": group, + "error": nil, + "code": 200, + } + } + o.ServeJSON() +} diff --git a/infrastructure/perms_connectors/keto_connector.go b/infrastructure/perms_connectors/keto_connector.go index 6f1d027..5039b8f 100644 --- a/infrastructure/perms_connectors/keto_connector.go +++ b/infrastructure/perms_connectors/keto_connector.go @@ -80,14 +80,23 @@ func (k KetoConnector) CheckPermission(perm Permission, permDependancies *Permis } func (k KetoConnector) DeleteRole(roleID string) (string, int, error) { - k.deleteRelationShip("", "", roleID, nil) - _, code, err := k.deleteRelationShip(roleID, "", k.scope(), nil) + k.deleteRelationShip("", "member", roleID, nil) + _, code, err := k.deleteRelationShip(roleID, "is", k.scope(), nil) if err != nil { return "", code, err } return roleID, 200, nil } +func (k KetoConnector) DeleteGroup(groupID string) (string, int, error) { + k.deleteRelationShip("", "groups", groupID, nil) + _, code, err := k.deleteRelationShip(groupID, "groupin", k.scope(), nil) + if err != nil { + return "", code, err + } + return groupID, 200, nil +} + func (k KetoConnector) DeletePermission(permID string, relation string, internal bool) (string, int, error) { meth, err := utils.ExtractMethod(relation, internal) if err != nil { @@ -112,6 +121,14 @@ func (k KetoConnector) CreateRole(roleID string) (string, int, error) { return p.Object, 200, nil } +func (k KetoConnector) CreateGroup(groupID string) (string, int, error) { + p, code, err := k.createRelationShip(groupID, "groupin", k.scope(), nil) + if err != nil { + return "", code, err + } + return p.Object, 200, nil +} + func (k KetoConnector) CreatePermission(permID string, relation string, internal bool) (string, int, error) { meth, err := utils.ExtractMethod(relation, internal) if err != nil { @@ -138,6 +155,18 @@ func (k KetoConnector) GetRole(roleID string) ([]string, error) { return arr, nil } +func (k KetoConnector) GetGroup(roleID string) ([]string, error) { + arr := []string{} + groups, err := k.get(roleID, "groupin", k.scope()) + if err != nil { + return arr, err + } + for _, grp := range groups { + arr = append(arr, grp.Object) + } + return arr, nil +} + func (k KetoConnector) GetRoleByUser(userID string) ([]string, error) { arr := []string{} roles, err := k.get("", "member", userID) @@ -150,6 +179,18 @@ func (k KetoConnector) GetRoleByUser(userID string) ([]string, error) { return arr, nil } +func (k KetoConnector) GetGroupByUser(userID string) ([]string, error) { + arr := []string{} + groups, err := k.get("", "groups", userID) + if err != nil { + return arr, err + } + for _, grp := range groups { + arr = append(arr, grp.Object) + } + return arr, nil +} + func (k KetoConnector) GetPermission(permID string, relation string) ([]Permission, error) { meth, err := utils.ExtractMethod(relation, true) if err != nil { @@ -233,6 +274,14 @@ func (k KetoConnector) BindRole(userID string, roleID string) (string, int, erro return roleID, 200, nil } +func (k KetoConnector) BindGroup(userID string, groupID string) (string, int, error) { + _, code, err := k.createRelationShip(groupID, "groups", userID, nil) + if err != nil { + return groupID, code, err + } + return groupID, 200, nil +} + func (k KetoConnector) BindPermission(roleID string, permID string, relation string) (*Permission, int, error) { perms, err := k.GetPermission(permID, relation) if err != nil || len(perms) != 1 { @@ -267,6 +316,14 @@ func (k KetoConnector) UnBindRole(userID string, roleID string) (string, int, er return roleID, 200, nil } +func (k KetoConnector) UnBindGroup(userID string, groupID string) (string, int, error) { + _, code, err := k.deleteRelationShip(groupID, "groups", userID, nil) + if err != nil { + return groupID, code, err + } + return groupID, 200, nil +} + func (k KetoConnector) UnBindPermission(roleID string, permID string, relation string) (*Permission, int, error) { meth, err := utils.ExtractMethod(relation, false) if err != nil { diff --git a/infrastructure/perms_connectors/perms_connector.go b/infrastructure/perms_connectors/perms_connector.go index e9c3d8a..a51556f 100644 --- a/infrastructure/perms_connectors/perms_connector.go +++ b/infrastructure/perms_connectors/perms_connector.go @@ -25,21 +25,27 @@ type PermConnector interface { Status() tools.State CheckPermission(perm Permission, permDependancies *Permission, internal bool) bool BindRole(userID string, roleID string) (string, int, error) + BindGroup(userID string, groupID string) (string, int, error) BindPermission(roleID string, permID string, relation string) (*Permission, int, error) UnBindRole(userID string, roleID string) (string, int, error) + UnBindGroup(userID string, groupID string) (string, int, error) UnBindPermission(roleID string, permID string, relation string) (*Permission, int, error) CreateRole(roleID string) (string, int, error) + CreateGroup(groupID string) (string, int, error) CreatePermission(permID string, relation string, internal bool) (string, int, error) DeleteRole(roleID string) (string, int, error) + DeleteGroup(groupID string) (string, int, error) DeletePermission(permID string, relation string, internal bool) (string, int, error) GetRoleByUser(userID string) ([]string, error) + GetGroupByUser(userID string) ([]string, error) GetPermissionByRole(roleID string) ([]Permission, error) GetPermissionByUser(userID string, internal bool) ([]Permission, error) GetRole(roleID string) ([]string, error) + GetGroup(groupID string) ([]string, error) GetPermission(permID string, relation string) ([]Permission, error) } diff --git a/oc-auth b/oc-auth index 4eed7fa..2706af9 100755 Binary files a/oc-auth and b/oc-auth differ diff --git a/routers/commentsRouter.go b/routers/commentsRouter.go index fb8433c..e18f62f 100644 --- a/routers/commentsRouter.go +++ b/routers/commentsRouter.go @@ -7,6 +7,78 @@ import ( func init() { + beego.GlobalControllerRouter["oc-auth/controllers:GroupController"] = append(beego.GlobalControllerRouter["oc-auth/controllers:GroupController"], + beego.ControllerComments{ + Method: "GetAll", + Router: `/`, + AllowHTTPMethods: []string{"get"}, + MethodParams: param.Make(), + Filters: nil, + Params: nil}) + + beego.GlobalControllerRouter["oc-auth/controllers:GroupController"] = append(beego.GlobalControllerRouter["oc-auth/controllers:GroupController"], + beego.ControllerComments{ + Method: "Post", + Router: `/:id`, + AllowHTTPMethods: []string{"post"}, + MethodParams: param.Make(), + Filters: nil, + Params: nil}) + + beego.GlobalControllerRouter["oc-auth/controllers:GroupController"] = append(beego.GlobalControllerRouter["oc-auth/controllers:GroupController"], + beego.ControllerComments{ + Method: "Get", + Router: `/:id`, + AllowHTTPMethods: []string{"get"}, + MethodParams: param.Make(), + Filters: nil, + Params: nil}) + + beego.GlobalControllerRouter["oc-auth/controllers:GroupController"] = append(beego.GlobalControllerRouter["oc-auth/controllers:GroupController"], + beego.ControllerComments{ + Method: "Delete", + Router: `/:id`, + AllowHTTPMethods: []string{"delete"}, + MethodParams: param.Make(), + Filters: nil, + Params: nil}) + + beego.GlobalControllerRouter["oc-auth/controllers:GroupController"] = append(beego.GlobalControllerRouter["oc-auth/controllers:GroupController"], + beego.ControllerComments{ + Method: "Bind", + Router: `/:user_id/:group_id`, + AllowHTTPMethods: []string{"post"}, + MethodParams: param.Make(), + Filters: nil, + Params: nil}) + + beego.GlobalControllerRouter["oc-auth/controllers:GroupController"] = append(beego.GlobalControllerRouter["oc-auth/controllers:GroupController"], + beego.ControllerComments{ + Method: "UnBind", + Router: `/:user_id/:group_id`, + AllowHTTPMethods: []string{"delete"}, + MethodParams: param.Make(), + Filters: nil, + Params: nil}) + + beego.GlobalControllerRouter["oc-auth/controllers:GroupController"] = append(beego.GlobalControllerRouter["oc-auth/controllers:GroupController"], + beego.ControllerComments{ + Method: "Clear", + Router: `/clear`, + AllowHTTPMethods: []string{"delete"}, + MethodParams: param.Make(), + Filters: nil, + Params: nil}) + + beego.GlobalControllerRouter["oc-auth/controllers:GroupController"] = append(beego.GlobalControllerRouter["oc-auth/controllers:GroupController"], + beego.ControllerComments{ + Method: "GetByUser", + Router: `/user/:id`, + AllowHTTPMethods: []string{"get"}, + MethodParams: param.Make(), + Filters: nil, + Params: nil}) + beego.GlobalControllerRouter["oc-auth/controllers:OAuthController"] = append(beego.GlobalControllerRouter["oc-auth/controllers:OAuthController"], beego.ControllerComments{ Method: "InternalAuthForward", diff --git a/routers/router.go b/routers/router.go index db044b0..a89dde9 100644 --- a/routers/router.go +++ b/routers/router.go @@ -18,6 +18,11 @@ func init() { beego.NSInclude( &controllers.OAuthController{}, ), + beego.NSNamespace("/group", + beego.NSInclude( + &controllers.GroupController{}, + ), + ), beego.NSNamespace("/role", beego.NSInclude( &controllers.RoleController{}, diff --git a/swagger/swagger.json b/swagger/swagger.json index 2a43cf9..77a837c 100644 --- a/swagger/swagger.json +++ b/swagger/swagger.json @@ -37,6 +37,180 @@ } } }, + "/group/": { + "get": { + "tags": [ + "group" + ], + "description": "find groups\n\u003cbr\u003e", + "operationId": "GroupController.GetAll", + "responses": { + "200": { + "description": "{group} string" + } + } + } + }, + "/group/clear": { + "delete": { + "tags": [ + "group" + ], + "description": "clear the group\n\u003cbr\u003e", + "operationId": "GroupController.Clear", + "responses": { + "200": { + "description": "{string} delete success!" + } + } + } + }, + "/group/user/{id}": { + "get": { + "tags": [ + "group" + ], + "description": "find group by user id\n\u003cbr\u003e", + "operationId": "GroupController.GetByUser", + "parameters": [ + { + "in": "path", + "name": "id", + "description": "the id you want to get", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "{auth} string" + } + } + } + }, + "/group/{id}": { + "get": { + "tags": [ + "group" + ], + "description": "find group by id\n\u003cbr\u003e", + "operationId": "GroupController.Get", + "parameters": [ + { + "in": "path", + "name": "id", + "description": "the id you want to get", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "{group} string" + } + } + }, + "post": { + "tags": [ + "group" + ], + "description": "create group\n\u003cbr\u003e", + "operationId": "GroupController.Create", + "parameters": [ + { + "in": "path", + "name": "id", + "description": "the id you want to get", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "{auth} create success!" + } + } + }, + "delete": { + "tags": [ + "group" + ], + "description": "delete the group\n\u003cbr\u003e", + "operationId": "GroupController.Delete", + "parameters": [ + { + "in": "path", + "name": "id", + "description": "The id you want to delete", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "{string} delete success!" + } + } + } + }, + "/group/{user_id}/{group_id}": { + "post": { + "tags": [ + "group" + ], + "description": "bind the group to user\n\u003cbr\u003e", + "operationId": "GroupController.Bind", + "parameters": [ + { + "in": "path", + "name": "user_id", + "description": "The user_id you want to bind", + "required": true, + "type": "string" + }, + { + "in": "path", + "name": "group_id", + "description": "The group_id you want to bind", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "{string} bind success!" + } + } + }, + "delete": { + "tags": [ + "group" + ], + "description": "unbind the group to user\n\u003cbr\u003e", + "operationId": "GroupController.UnBind", + "parameters": [ + { + "in": "path", + "name": "group_id", + "description": "The group_id you want to unbind", + "required": true, + "type": "string" + }, + { + "in": "path", + "name": "group_id", + "description": "The user_id you want to unbind", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "{string} bind success!" + } + } + } + }, "/introspect": { "get": { "tags": [ @@ -518,6 +692,10 @@ "name": "oc-auth/controllersOAuthController", "description": "Operations about auth\n" }, + { + "name": "group", + "description": "Operations about auth\n" + }, { "name": "role", "description": "Operations about auth\n" diff --git a/swagger/swagger.yml b/swagger/swagger.yml index fd5ac6f..fd70eef 100644 --- a/swagger/swagger.yml +++ b/swagger/swagger.yml @@ -28,6 +28,137 @@ paths: responses: "200": description: '{string}' + /group/: + get: + tags: + - group + description: |- + find groups +
+ operationId: GroupController.GetAll + responses: + "200": + description: '{group} string' + /group/{id}: + get: + tags: + - group + description: |- + find group by id +
+ operationId: GroupController.Get + parameters: + - in: path + name: id + description: the id you want to get + required: true + type: string + responses: + "200": + description: '{group} string' + post: + tags: + - group + description: |- + create group +
+ operationId: GroupController.Create + parameters: + - in: path + name: id + description: the id you want to get + required: true + type: string + responses: + "200": + description: '{auth} create success!' + delete: + tags: + - group + description: |- + delete the group +
+ operationId: GroupController.Delete + parameters: + - in: path + name: id + description: The id you want to delete + required: true + type: string + responses: + "200": + description: '{string} delete success!' + /group/{user_id}/{group_id}: + post: + tags: + - group + description: |- + bind the group to user +
+ operationId: GroupController.Bind + parameters: + - in: path + name: user_id + description: The user_id you want to bind + required: true + type: string + - in: path + name: group_id + description: The group_id you want to bind + required: true + type: string + responses: + "200": + description: '{string} bind success!' + delete: + tags: + - group + description: |- + unbind the group to user +
+ operationId: GroupController.UnBind + parameters: + - in: path + name: group_id + description: The group_id you want to unbind + required: true + type: string + - in: path + name: group_id + description: The user_id you want to unbind + required: true + type: string + responses: + "200": + description: '{string} bind success!' + /group/clear: + delete: + tags: + - group + description: |- + clear the group +
+ operationId: GroupController.Clear + responses: + "200": + description: '{string} delete success!' + /group/user/{id}: + get: + tags: + - group + description: |- + find group by user id +
+ operationId: GroupController.GetByUser + parameters: + - in: path + name: id + description: the id you want to get + required: true + type: string + responses: + "200": + description: '{auth} string' /introspect: get: tags: @@ -386,6 +517,9 @@ tags: - name: oc-auth/controllersOAuthController description: | Operations about auth +- name: group + description: | + Operations about auth - name: role description: | Operations about auth