Skip to content

Commit

Permalink
[Server] fix update agent permission verification
Browse files Browse the repository at this point in the history
  • Loading branch information
@roryye
roryye committed May 16, 2024
1 parent 53409b0 commit 27e1cdf
Show file tree
Hide file tree
Showing 6 changed files with 41 additions and 18 deletions.
7 changes: 2 additions & 5 deletions server/controller/common/const.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -690,11 +690,8 @@ const (
const (
SET_RESOURCE_TYPE_DOMAIN = "domain"
SET_RESOURCE_TYPE_SUB_DOMAIN = "sub_domain"

SET_RESOURCE_TYPE_AGENT = "agent"
)

const TRISOLARIS_NODE_TYPE_MASTER = "master"

// RESOURCE TYPE used to permission verification.
const (
RESOURCE_TYPE_AGENT = "agent"
)
24 changes: 21 additions & 3 deletions server/controller/http/service/permission_verification.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,9 @@ func (ra *ResourceAccess) CanAddResource(teamID int, resourceType, resourceUUID
if err := permitVerify(url, ra.userInfo, teamID); err != nil {
return err
}
if resourceType == common.SET_RESOURCE_TYPE_AGENT {
return nil
}

url = fmt.Sprintf(urlResource, ra.fpermit.Host, ra.fpermit.Port, ra.userInfo.ORGID)
body := map[string]interface{}{
Expand All @@ -74,13 +77,20 @@ func (ra *ResourceAccess) CanUpdateResource(teamID int, resourceType, resourceUU
return nil
}
url := fmt.Sprintf(urlPermitVerify, ra.fpermit.Host, ra.fpermit.Port, ra.userInfo.ORGID, AccessUpdate)
url += fmt.Sprintf("&resource_type=%s&resource_id=%s", resourceType, resourceUUID)
if resourceType == common.SET_RESOURCE_TYPE_AGENT {
url += fmt.Sprintf("&team_id=%s&resource_type=%s", teamID, resourceType)
} else {
url += fmt.Sprintf("&resource_type=%s&resource_id=%s", resourceType, resourceUUID)
}

if err := permitVerify(url, ra.userInfo, teamID); err != nil {
return err
}
if resourceUp == nil || len(resourceUp) == 0 {
if resourceType == common.SET_RESOURCE_TYPE_AGENT ||
resourceUp == nil || len(resourceUp) == 0 {
return nil
}

url = fmt.Sprintf(urlResource, ra.fpermit.Host, ra.fpermit.Port, ra.userInfo.ORGID)
body := map[string]interface{}{
"resource_where": map[string]interface{}{
Expand All @@ -97,10 +107,18 @@ func (ra *ResourceAccess) CanDeleteResource(teamID int, resourceType, resourceUU
return nil
}
url := fmt.Sprintf(urlPermitVerify, ra.fpermit.Host, ra.fpermit.Port, ra.userInfo.ORGID, AccessDelete)
url += fmt.Sprintf("&resource_type=%s&resource_id=%s", resourceType, resourceUUID)
if resourceType == common.SET_RESOURCE_TYPE_AGENT {
url += fmt.Sprintf("&team_id=%s&resource_type=%s", teamID, resourceType)
} else {
url += fmt.Sprintf("&resource_type=%s&resource_id=%s", resourceType, resourceUUID)
}

if err := permitVerify(url, ra.userInfo, teamID); err != nil {
return err
}
if resourceType == common.SET_RESOURCE_TYPE_AGENT {
return nil
}

url = fmt.Sprintf(urlResource, ra.fpermit.Host, ra.fpermit.Port, ra.userInfo.ORGID)
body := map[string]interface{}{
Expand Down
8 changes: 4 additions & 4 deletions server/controller/http/service/vtap.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -241,7 +241,7 @@ func (a *Agent) Get(filter map[string]interface{}) (resp []model.Vtap, err error
}

func (a *Agent) Create(vtapCreate model.VtapCreate) (model.Vtap, error) {
if err := a.resourceAccess.CanAddResource(vtapCreate.TeamID, common.RESOURCE_TYPE_AGENT, ""); err != nil {
if err := a.resourceAccess.CanAddResource(vtapCreate.TeamID, common.SET_RESOURCE_TYPE_AGENT, ""); err != nil {
return model.Vtap{}, err
}
dbInfo, err := mysql.GetDB(a.resourceAccess.userInfo.ORGID)
Expand Down Expand Up @@ -317,7 +317,7 @@ func (a *Agent) Update(lcuuid, name string, vtapUpdate map[string]interface{}) (
} else {
return model.Vtap{}, NewError(httpcommon.INVALID_PARAMETERS, "must specify name or lcuuid")
}
if err := a.resourceAccess.CanUpdateResource(vtap.TeamID, common.RESOURCE_TYPE_AGENT, "", nil); err != nil {
if err := a.resourceAccess.CanUpdateResource(vtap.TeamID, common.SET_RESOURCE_TYPE_AGENT, "", nil); err != nil {
return model.Vtap{}, err
}

Expand Down Expand Up @@ -409,7 +409,7 @@ func (a *Agent) UpdateVtapLicenseType(lcuuid string, vtapUpdate map[string]inter
if ret := db.Where("lcuuid = ?", lcuuid).First(&vtap); ret.Error != nil {
return model.Vtap{}, NewError(httpcommon.RESOURCE_NOT_FOUND, fmt.Sprintf("vtap (%s) not found", lcuuid))
}
if err := a.resourceAccess.CanUpdateResource(vtap.TeamID, common.RESOURCE_TYPE_AGENT, "", nil); err != nil {
if err := a.resourceAccess.CanUpdateResource(vtap.TeamID, common.SET_RESOURCE_TYPE_AGENT, "", nil); err != nil {
return model.Vtap{}, err
}

Expand Down Expand Up @@ -513,7 +513,7 @@ func (a *Agent) Delete(lcuuid string) (resp map[string]string, err error) {
if ret := db.Where("lcuuid = ?", lcuuid).First(&vtap); ret.Error != nil {
return map[string]string{}, NewError(httpcommon.RESOURCE_NOT_FOUND, fmt.Sprintf("vtap (%s) not found", lcuuid))
}
if err := a.resourceAccess.CanDeleteResource(vtap.TeamID, common.RESOURCE_TYPE_AGENT, ""); err != nil {
if err := a.resourceAccess.CanDeleteResource(vtap.TeamID, common.SET_RESOURCE_TYPE_AGENT, ""); err != nil {
return nil, err
}

Expand Down
8 changes: 8 additions & 0 deletions server/controller/http/service/vtap_filter.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,14 @@ type UserInfo struct {
DatabaseName string
}

func NewUserInfo(t, id, orgID int) *UserInfo {
return &UserInfo{
Type: t,
ID: id,
ORGID: orgID,
}
}

func GetUserInfo(c *gin.Context) *UserInfo {
orgID, _ := c.Get(common.HEADER_KEY_X_ORG_ID)
userType, _ := c.Get(common.HEADER_KEY_X_USER_TYPE)
Expand Down
6 changes: 3 additions & 3 deletions server/controller/http/service/vtap_group.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -141,7 +141,7 @@ func (a *AgentGroup) Get(filter map[string]interface{}) (resp []model.VtapGroup,

func (a *AgentGroup) Create(vtapGroupCreate model.VtapGroupCreate) (resp model.VtapGroup, err error) {
userInfo := a.resourceAccess.userInfo
if err := a.resourceAccess.CanAddResource(vtapGroupCreate.TeamID, common.RESOURCE_TYPE_AGENT, ""); err != nil {
if err := a.resourceAccess.CanAddResource(vtapGroupCreate.TeamID, common.SET_RESOURCE_TYPE_AGENT, ""); err != nil {
return model.VtapGroup{}, err
}

Expand Down Expand Up @@ -245,7 +245,7 @@ func (a *AgentGroup) Update(lcuuid string, vtapGroupUpdate map[string]interface{
if ret := db.Where("lcuuid = ?", lcuuid).First(&vtapGroup); ret.Error != nil {
return model.VtapGroup{}, NewError(httpcommon.RESOURCE_NOT_FOUND, fmt.Sprintf("vtap_group (%s) not found", lcuuid))
}
if err := a.resourceAccess.CanUpdateResource(vtapGroup.TeamID, common.RESOURCE_TYPE_AGENT, "", nil); err != nil {
if err := a.resourceAccess.CanUpdateResource(vtapGroup.TeamID, common.SET_RESOURCE_TYPE_AGENT, "", nil); err != nil {
return model.VtapGroup{}, err
}

Expand Down Expand Up @@ -362,7 +362,7 @@ func (a *AgentGroup) Delete(lcuuid string) (resp map[string]string, err error) {
if ret := db.Where("lcuuid = ?", lcuuid).First(&vtapGroup); ret.Error != nil {
return map[string]string{}, NewError(httpcommon.RESOURCE_NOT_FOUND, fmt.Sprintf("vtap_group (%s) not found", lcuuid))
}
if err := a.resourceAccess.CanDeleteResource(vtapGroup.TeamID, common.RESOURCE_TYPE_AGENT, ""); err != nil {
if err := a.resourceAccess.CanDeleteResource(vtapGroup.TeamID, common.SET_RESOURCE_TYPE_AGENT, ""); err != nil {
return nil, err
}

Expand Down
6 changes: 3 additions & 3 deletions server/controller/http/service/vtap_group_config.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -535,7 +535,7 @@ func (a *AgentGroupConfig) CreateVTapGroupConfig(orgID int, createData *agent_co
return nil, fmt.Errorf("vtapgroup (%s) not found", vTapGroupLcuuid)
}

if err := a.resourceAccess.CanAddResource(dbGroup.TeamID, common.RESOURCE_TYPE_AGENT, ""); err != nil {
if err := a.resourceAccess.CanAddResource(dbGroup.TeamID, common.SET_RESOURCE_TYPE_AGENT, ""); err != nil {
return nil, err
}

Expand Down Expand Up @@ -568,7 +568,7 @@ func (a *AgentGroupConfig) DeleteVTapGroupConfig(orgID int, lcuuid string) (*age
if err := db.Where("lcuuid = ?", dbConfig.VTapGroupLcuuid).First(&vtapGroup).Error; err != nil {
return nil, err
}
if err := a.resourceAccess.CanDeleteResource(vtapGroup.TeamID, common.RESOURCE_TYPE_AGENT, ""); err != nil {
if err := a.resourceAccess.CanDeleteResource(vtapGroup.TeamID, common.SET_RESOURCE_TYPE_AGENT, ""); err != nil {
return nil, err
}

Expand Down Expand Up @@ -596,7 +596,7 @@ func (a *AgentGroupConfig) UpdateVTapGroupConfig(orgID int, lcuuid string, updat
if err := db.Where("lcuuid = ?", dbConfig.VTapGroupLcuuid).First(&vtapGroup).Error; err != nil {
return nil, err
}
if err := a.resourceAccess.CanUpdateResource(vtapGroup.TeamID, common.RESOURCE_TYPE_AGENT, "", nil); err != nil {
if err := a.resourceAccess.CanUpdateResource(vtapGroup.TeamID, common.SET_RESOURCE_TYPE_AGENT, "", nil); err != nil {
return nil, err
}

Expand Down

0 comments on commit 27e1cdf

Please sign in to comment.