Add Group To Keto

This commit is contained in:
mr 2024-11-27 11:12:46 +01:00
parent be071ec328
commit 01daaae766
8 changed files with 667 additions and 2 deletions

213
controllers/group.go Normal file
View File

@ -0,0 +1,213 @@
package controllers
import (
"oc-auth/infrastructure"
beego "github.com/beego/beego/v2/server/web"
)
// Operations about auth
type GroupController struct {
beego.Controller
}
// @Title Create
// @Description create group
// @Param id path string true "the id you want to get"
// @Success 200 {auth} create success!
// @router /:id [post]
func (o *GroupController) Post() {
// store and return Id or post with UUID
id := o.Ctx.Input.Param(":id")
group, code, err := infrastructure.GetPermissionConnector().CreateGroup(id)
if err != nil {
o.Data["json"] = map[string]interface{}{
"data": nil,
"error": err.Error(),
"code": code,
}
} else {
o.Data["json"] = map[string]interface{}{
"data": group,
"error": nil,
"code": 200,
}
}
o.ServeJSON()
}
// @Title GetByUser
// @Description find group by user id
// @Param id path string true "the id you want to get"
// @Success 200 {auth} string
// @router /user/:id [get]
func (o *GroupController) GetByUser() {
id := o.Ctx.Input.Param(":id")
group, err := infrastructure.GetPermissionConnector().GetGroupByUser(id)
if err != nil {
o.Data["json"] = map[string]interface{}{
"data": nil,
"error": err.Error(),
"code": 200,
}
} else {
o.Data["json"] = map[string]interface{}{
"data": group,
"error": nil,
"code": 200,
}
}
o.ServeJSON()
}
// @Title GetAll
// @Description find groups
// @Success 200 {group} string
// @router / [get]
func (o *GroupController) GetAll() {
group, err := infrastructure.GetPermissionConnector().GetGroup("")
if err != nil {
o.Data["json"] = map[string]interface{}{
"data": nil,
"error": err.Error(),
"code": 200,
}
} else {
o.Data["json"] = map[string]interface{}{
"data": group,
"error": nil,
"code": 200,
}
}
o.ServeJSON()
}
// @Title Get
// @Description find group by id
// @Param id path string true "the id you want to get"
// @Success 200 {group} string
// @router /:id [get]
func (o *GroupController) Get() {
id := o.Ctx.Input.Param(":id")
group, err := infrastructure.GetPermissionConnector().GetGroup(id)
if err != nil {
o.Data["json"] = map[string]interface{}{
"data": nil,
"error": err.Error(),
"code": 200,
}
} else {
o.Data["json"] = map[string]interface{}{
"data": group,
"error": nil,
"code": 200,
}
}
o.ServeJSON()
}
// @Title Delete
// @Description delete the group
// @Param id path string true "The id you want to delete"
// @Success 200 {string} delete success!
// @router /:id [delete]
func (o *GroupController) Delete() {
id := o.Ctx.Input.Param(":id")
group, code, err := infrastructure.GetPermissionConnector().DeleteGroup(id)
if err != nil {
o.Data["json"] = map[string]interface{}{
"data": nil,
"error": err.Error(),
"code": code,
}
} else {
o.Data["json"] = map[string]interface{}{
"data": group,
"error": nil,
"code": 200,
}
}
o.ServeJSON()
}
// @Title Clear
// @Description clear the group
// @Success 200 {string} delete success!
// @router /clear [delete]
func (o *GroupController) Clear() {
group, code, err := infrastructure.GetPermissionConnector().DeleteGroup("")
if err != nil {
o.Data["json"] = map[string]interface{}{
"data": nil,
"error": err.Error(),
"code": code,
}
} else {
o.Data["json"] = map[string]interface{}{
"data": group,
"error": nil,
"code": 200,
}
}
o.ServeJSON()
}
// @Title Bind
// @Description bind the group to user
// @Param user_id path string true "The user_id you want to bind"
// @Param group_id path string true "The group_id you want to bind"
// @Success 200 {string} bind success!
// @router /:user_id/:group_id [post]
func (o *GroupController) Bind() {
user_id := o.Ctx.Input.Param(":user_id")
group_id := o.Ctx.Input.Param(":group_id")
group, code, err := infrastructure.GetPermissionConnector().BindGroup(user_id, group_id)
if err != nil {
o.Data["json"] = map[string]interface{}{
"data": nil,
"error": err.Error(),
"code": code,
}
} else {
o.Data["json"] = map[string]interface{}{
"data": group,
"error": nil,
"code": 200,
}
}
o.ServeJSON()
}
// @Title UnBind
// @Description unbind the group to user
// @Param group_id path string true "The group_id you want to unbind"
// @Param group_id path string true "The user_id you want to unbind"
// @Success 200 {string} bind success!
// @router /:user_id/:group_id [delete]
func (o *GroupController) UnBind() {
user_id := o.Ctx.Input.Param(":user_id")
group_id := o.Ctx.Input.Param(":group_id")
group, code, err := infrastructure.GetPermissionConnector().UnBindGroup(user_id, group_id)
if err != nil {
o.Data["json"] = map[string]interface{}{
"data": nil,
"error": err.Error(),
"code": code,
}
} else {
o.Data["json"] = map[string]interface{}{
"data": group,
"error": nil,
"code": 200,
}
}
o.ServeJSON()
}

View File

@ -80,14 +80,23 @@ func (k KetoConnector) CheckPermission(perm Permission, permDependancies *Permis
}
func (k KetoConnector) DeleteRole(roleID string) (string, int, error) {
k.deleteRelationShip("", "", roleID, nil)
_, code, err := k.deleteRelationShip(roleID, "", k.scope(), nil)
k.deleteRelationShip("", "member", roleID, nil)
_, code, err := k.deleteRelationShip(roleID, "is", k.scope(), nil)
if err != nil {
return "", code, err
}
return roleID, 200, nil
}
func (k KetoConnector) DeleteGroup(groupID string) (string, int, error) {
k.deleteRelationShip("", "groups", groupID, nil)
_, code, err := k.deleteRelationShip(groupID, "groupin", k.scope(), nil)
if err != nil {
return "", code, err
}
return groupID, 200, nil
}
func (k KetoConnector) DeletePermission(permID string, relation string, internal bool) (string, int, error) {
meth, err := utils.ExtractMethod(relation, internal)
if err != nil {
@ -112,6 +121,14 @@ func (k KetoConnector) CreateRole(roleID string) (string, int, error) {
return p.Object, 200, nil
}
func (k KetoConnector) CreateGroup(groupID string) (string, int, error) {
p, code, err := k.createRelationShip(groupID, "groupin", k.scope(), nil)
if err != nil {
return "", code, err
}
return p.Object, 200, nil
}
func (k KetoConnector) CreatePermission(permID string, relation string, internal bool) (string, int, error) {
meth, err := utils.ExtractMethod(relation, internal)
if err != nil {
@ -138,6 +155,18 @@ func (k KetoConnector) GetRole(roleID string) ([]string, error) {
return arr, nil
}
func (k KetoConnector) GetGroup(roleID string) ([]string, error) {
arr := []string{}
groups, err := k.get(roleID, "groupin", k.scope())
if err != nil {
return arr, err
}
for _, grp := range groups {
arr = append(arr, grp.Object)
}
return arr, nil
}
func (k KetoConnector) GetRoleByUser(userID string) ([]string, error) {
arr := []string{}
roles, err := k.get("", "member", userID)
@ -150,6 +179,18 @@ func (k KetoConnector) GetRoleByUser(userID string) ([]string, error) {
return arr, nil
}
func (k KetoConnector) GetGroupByUser(userID string) ([]string, error) {
arr := []string{}
groups, err := k.get("", "groups", userID)
if err != nil {
return arr, err
}
for _, grp := range groups {
arr = append(arr, grp.Object)
}
return arr, nil
}
func (k KetoConnector) GetPermission(permID string, relation string) ([]Permission, error) {
meth, err := utils.ExtractMethod(relation, true)
if err != nil {
@ -233,6 +274,14 @@ func (k KetoConnector) BindRole(userID string, roleID string) (string, int, erro
return roleID, 200, nil
}
func (k KetoConnector) BindGroup(userID string, groupID string) (string, int, error) {
_, code, err := k.createRelationShip(groupID, "groups", userID, nil)
if err != nil {
return groupID, code, err
}
return groupID, 200, nil
}
func (k KetoConnector) BindPermission(roleID string, permID string, relation string) (*Permission, int, error) {
perms, err := k.GetPermission(permID, relation)
if err != nil || len(perms) != 1 {
@ -267,6 +316,14 @@ func (k KetoConnector) UnBindRole(userID string, roleID string) (string, int, er
return roleID, 200, nil
}
func (k KetoConnector) UnBindGroup(userID string, groupID string) (string, int, error) {
_, code, err := k.deleteRelationShip(groupID, "groups", userID, nil)
if err != nil {
return groupID, code, err
}
return groupID, 200, nil
}
func (k KetoConnector) UnBindPermission(roleID string, permID string, relation string) (*Permission, int, error) {
meth, err := utils.ExtractMethod(relation, false)
if err != nil {

View File

@ -25,21 +25,27 @@ type PermConnector interface {
Status() tools.State
CheckPermission(perm Permission, permDependancies *Permission, internal bool) bool
BindRole(userID string, roleID string) (string, int, error)
BindGroup(userID string, groupID string) (string, int, error)
BindPermission(roleID string, permID string, relation string) (*Permission, int, error)
UnBindRole(userID string, roleID string) (string, int, error)
UnBindGroup(userID string, groupID string) (string, int, error)
UnBindPermission(roleID string, permID string, relation string) (*Permission, int, error)
CreateRole(roleID string) (string, int, error)
CreateGroup(groupID string) (string, int, error)
CreatePermission(permID string, relation string, internal bool) (string, int, error)
DeleteRole(roleID string) (string, int, error)
DeleteGroup(groupID string) (string, int, error)
DeletePermission(permID string, relation string, internal bool) (string, int, error)
GetRoleByUser(userID string) ([]string, error)
GetGroupByUser(userID string) ([]string, error)
GetPermissionByRole(roleID string) ([]Permission, error)
GetPermissionByUser(userID string, internal bool) ([]Permission, error)
GetRole(roleID string) ([]string, error)
GetGroup(groupID string) ([]string, error)
GetPermission(permID string, relation string) ([]Permission, error)
}

BIN
oc-auth

Binary file not shown.

View File

@ -7,6 +7,78 @@ import (
func init() {
beego.GlobalControllerRouter["oc-auth/controllers:GroupController"] = append(beego.GlobalControllerRouter["oc-auth/controllers:GroupController"],
beego.ControllerComments{
Method: "GetAll",
Router: `/`,
AllowHTTPMethods: []string{"get"},
MethodParams: param.Make(),
Filters: nil,
Params: nil})
beego.GlobalControllerRouter["oc-auth/controllers:GroupController"] = append(beego.GlobalControllerRouter["oc-auth/controllers:GroupController"],
beego.ControllerComments{
Method: "Post",
Router: `/:id`,
AllowHTTPMethods: []string{"post"},
MethodParams: param.Make(),
Filters: nil,
Params: nil})
beego.GlobalControllerRouter["oc-auth/controllers:GroupController"] = append(beego.GlobalControllerRouter["oc-auth/controllers:GroupController"],
beego.ControllerComments{
Method: "Get",
Router: `/:id`,
AllowHTTPMethods: []string{"get"},
MethodParams: param.Make(),
Filters: nil,
Params: nil})
beego.GlobalControllerRouter["oc-auth/controllers:GroupController"] = append(beego.GlobalControllerRouter["oc-auth/controllers:GroupController"],
beego.ControllerComments{
Method: "Delete",
Router: `/:id`,
AllowHTTPMethods: []string{"delete"},
MethodParams: param.Make(),
Filters: nil,
Params: nil})
beego.GlobalControllerRouter["oc-auth/controllers:GroupController"] = append(beego.GlobalControllerRouter["oc-auth/controllers:GroupController"],
beego.ControllerComments{
Method: "Bind",
Router: `/:user_id/:group_id`,
AllowHTTPMethods: []string{"post"},
MethodParams: param.Make(),
Filters: nil,
Params: nil})
beego.GlobalControllerRouter["oc-auth/controllers:GroupController"] = append(beego.GlobalControllerRouter["oc-auth/controllers:GroupController"],
beego.ControllerComments{
Method: "UnBind",
Router: `/:user_id/:group_id`,
AllowHTTPMethods: []string{"delete"},
MethodParams: param.Make(),
Filters: nil,
Params: nil})
beego.GlobalControllerRouter["oc-auth/controllers:GroupController"] = append(beego.GlobalControllerRouter["oc-auth/controllers:GroupController"],
beego.ControllerComments{
Method: "Clear",
Router: `/clear`,
AllowHTTPMethods: []string{"delete"},
MethodParams: param.Make(),
Filters: nil,
Params: nil})
beego.GlobalControllerRouter["oc-auth/controllers:GroupController"] = append(beego.GlobalControllerRouter["oc-auth/controllers:GroupController"],
beego.ControllerComments{
Method: "GetByUser",
Router: `/user/:id`,
AllowHTTPMethods: []string{"get"},
MethodParams: param.Make(),
Filters: nil,
Params: nil})
beego.GlobalControllerRouter["oc-auth/controllers:OAuthController"] = append(beego.GlobalControllerRouter["oc-auth/controllers:OAuthController"],
beego.ControllerComments{
Method: "InternalAuthForward",

View File

@ -18,6 +18,11 @@ func init() {
beego.NSInclude(
&controllers.OAuthController{},
),
beego.NSNamespace("/group",
beego.NSInclude(
&controllers.GroupController{},
),
),
beego.NSNamespace("/role",
beego.NSInclude(
&controllers.RoleController{},

View File

@ -37,6 +37,180 @@
}
}
},
"/group/": {
"get": {
"tags": [
"group"
],
"description": "find groups\n\u003cbr\u003e",
"operationId": "GroupController.GetAll",
"responses": {
"200": {
"description": "{group} string"
}
}
}
},
"/group/clear": {
"delete": {
"tags": [
"group"
],
"description": "clear the group\n\u003cbr\u003e",
"operationId": "GroupController.Clear",
"responses": {
"200": {
"description": "{string} delete success!"
}
}
}
},
"/group/user/{id}": {
"get": {
"tags": [
"group"
],
"description": "find group by user id\n\u003cbr\u003e",
"operationId": "GroupController.GetByUser",
"parameters": [
{
"in": "path",
"name": "id",
"description": "the id you want to get",
"required": true,
"type": "string"
}
],
"responses": {
"200": {
"description": "{auth} string"
}
}
}
},
"/group/{id}": {
"get": {
"tags": [
"group"
],
"description": "find group by id\n\u003cbr\u003e",
"operationId": "GroupController.Get",
"parameters": [
{
"in": "path",
"name": "id",
"description": "the id you want to get",
"required": true,
"type": "string"
}
],
"responses": {
"200": {
"description": "{group} string"
}
}
},
"post": {
"tags": [
"group"
],
"description": "create group\n\u003cbr\u003e",
"operationId": "GroupController.Create",
"parameters": [
{
"in": "path",
"name": "id",
"description": "the id you want to get",
"required": true,
"type": "string"
}
],
"responses": {
"200": {
"description": "{auth} create success!"
}
}
},
"delete": {
"tags": [
"group"
],
"description": "delete the group\n\u003cbr\u003e",
"operationId": "GroupController.Delete",
"parameters": [
{
"in": "path",
"name": "id",
"description": "The id you want to delete",
"required": true,
"type": "string"
}
],
"responses": {
"200": {
"description": "{string} delete success!"
}
}
}
},
"/group/{user_id}/{group_id}": {
"post": {
"tags": [
"group"
],
"description": "bind the group to user\n\u003cbr\u003e",
"operationId": "GroupController.Bind",
"parameters": [
{
"in": "path",
"name": "user_id",
"description": "The user_id you want to bind",
"required": true,
"type": "string"
},
{
"in": "path",
"name": "group_id",
"description": "The group_id you want to bind",
"required": true,
"type": "string"
}
],
"responses": {
"200": {
"description": "{string} bind success!"
}
}
},
"delete": {
"tags": [
"group"
],
"description": "unbind the group to user\n\u003cbr\u003e",
"operationId": "GroupController.UnBind",
"parameters": [
{
"in": "path",
"name": "group_id",
"description": "The group_id you want to unbind",
"required": true,
"type": "string"
},
{
"in": "path",
"name": "group_id",
"description": "The user_id you want to unbind",
"required": true,
"type": "string"
}
],
"responses": {
"200": {
"description": "{string} bind success!"
}
}
}
},
"/introspect": {
"get": {
"tags": [
@ -518,6 +692,10 @@
"name": "oc-auth/controllersOAuthController",
"description": "Operations about auth\n"
},
{
"name": "group",
"description": "Operations about auth\n"
},
{
"name": "role",
"description": "Operations about auth\n"

View File

@ -28,6 +28,137 @@ paths:
responses:
"200":
description: '{string}'
/group/:
get:
tags:
- group
description: |-
find groups
<br>
operationId: GroupController.GetAll
responses:
"200":
description: '{group} string'
/group/{id}:
get:
tags:
- group
description: |-
find group by id
<br>
operationId: GroupController.Get
parameters:
- in: path
name: id
description: the id you want to get
required: true
type: string
responses:
"200":
description: '{group} string'
post:
tags:
- group
description: |-
create group
<br>
operationId: GroupController.Create
parameters:
- in: path
name: id
description: the id you want to get
required: true
type: string
responses:
"200":
description: '{auth} create success!'
delete:
tags:
- group
description: |-
delete the group
<br>
operationId: GroupController.Delete
parameters:
- in: path
name: id
description: The id you want to delete
required: true
type: string
responses:
"200":
description: '{string} delete success!'
/group/{user_id}/{group_id}:
post:
tags:
- group
description: |-
bind the group to user
<br>
operationId: GroupController.Bind
parameters:
- in: path
name: user_id
description: The user_id you want to bind
required: true
type: string
- in: path
name: group_id
description: The group_id you want to bind
required: true
type: string
responses:
"200":
description: '{string} bind success!'
delete:
tags:
- group
description: |-
unbind the group to user
<br>
operationId: GroupController.UnBind
parameters:
- in: path
name: group_id
description: The group_id you want to unbind
required: true
type: string
- in: path
name: group_id
description: The user_id you want to unbind
required: true
type: string
responses:
"200":
description: '{string} bind success!'
/group/clear:
delete:
tags:
- group
description: |-
clear the group
<br>
operationId: GroupController.Clear
responses:
"200":
description: '{string} delete success!'
/group/user/{id}:
get:
tags:
- group
description: |-
find group by user id
<br>
operationId: GroupController.GetByUser
parameters:
- in: path
name: id
description: the id you want to get
required: true
type: string
responses:
"200":
description: '{auth} string'
/introspect:
get:
tags:
@ -386,6 +517,9 @@ tags:
- name: oc-auth/controllersOAuthController
description: |
Operations about auth
- name: group
description: |
Operations about auth
- name: role
description: |
Operations about auth