diff --git a/.gitignore b/.gitignore index 7300ad13..cdf18888 100644 --- a/.gitignore +++ b/.gitignore @@ -5,21 +5,28 @@ **/.DS_Store .var .run -.build resource/static temp etc/powerx-* -config.yml -logs/ wechat.log -#/powerx.go -/deploy/dependencies/data/ -/deploy/powerx -/deploy/powerxctl -/deploy/powerx.exe -/deploy/powerxctl.exe + + +.build +*.log +logs/ + + +deploy/dependencies/data/ +deploy/powerx +deploy/powerxctl +deploy/powerx.exe +deploy/powerxctl.exe +deploy/data +deploy/logs/ +deploy/etc/powerx.yaml +deploy/dashboard/dist/ /powerx /powerxctl \ No newline at end of file diff --git a/api/admin.crm.api b/api/admin.crm.api index 61a0a58d..23e7c6bd 100644 --- a/api/admin.crm.api +++ b/api/admin.crm.api @@ -3,8 +3,6 @@ import "admin/crm/customerdomain/customer.api" import "admin/crm/market/media.api" import "admin/crm/market/store.api" import "admin/crm/business/opportunity.api" -//import "admin/crm/product/productcategory.api" -//import "admin/crm/product/pricebookentry.api" import "admin/crm/product/pricebook.api" import "admin/crm/product/product.api" import "admin/crm/product/artisan.api" diff --git a/deploy/dashboard/README.md b/deploy/dashboard/README.md new file mode 100644 index 00000000..02a40caa --- /dev/null +++ b/deploy/dashboard/README.md @@ -0,0 +1,17 @@ +# 本地打包PowerXDashboard的Docker镜像 + + +```shell +# 按照你的环境和需求,可替换{xxx}里的值 + +# 进入你的项目文件根目录下 +> cd {your_project_path} + +# 编译项目中deploy/docker/Dockerfile +> docker build -t {powerx-dashboard}:{latest} -f ./deploy/docker/Dockerfile . + +# 编译完后的镜像,直接用docker可以跑起来 +> docker run -p {3000}:{80} -it {powerx-dashboard}:{latest} + +``` + diff --git a/deploy/dashboard/docker/Dockerfile b/deploy/dashboard/docker/Dockerfile new file mode 100644 index 00000000..ca2423d0 --- /dev/null +++ b/deploy/dashboard/docker/Dockerfile @@ -0,0 +1,33 @@ +# 第一阶段 +FROM node:19 AS builder + + +# 拷贝项目文件到容器中 +WORKDIR /app +# COPY ./dashboard/dist /app/dist +COPY ./dashboard /app/ + +# 安装依赖 +# RUN #yarn install + +# 执行yarn build +# RUN yarn build:notsc + +# ------------------------------------------------ + +# 第二阶段 +FROM nginx:latest + +# 拷贝构建产物到nginx容器中 +COPY --from=builder /app/dist /usr/share/nginx/html +COPY --from=builder /app/nginx.conf /etc/nginx/conf.d/default.conf + +RUN chmod -R 777 /var/log/ +# RUN touch /var/log/nginx/access.log +# RUN touch /var/log/nginx/error.log + +# 暴露80端口 +EXPOSE 80 + +# 启动nginx +CMD ["nginx", "-g", "daemon off;"] diff --git a/deploy/dashboard/nginx-ssl.conf b/deploy/dashboard/nginx-ssl.conf new file mode 100644 index 00000000..a6d49b58 --- /dev/null +++ b/deploy/dashboard/nginx-ssl.conf @@ -0,0 +1,69 @@ +server { + listen 80; + server_name api.artisan-cloud.com dashboard.artisan-cloud.com; + + # 重定向 HTTP 请求到 HTTPS + return 301 https://$server_name$request_uri; +} + +server { + listen 443 ssl; + server_name api.artisan-cloud.com; + + + ssl_certificate /etc/ssl/api.artisancloud.com.pem; + ssl_certificate_key /etc/ssl/api.artisancloud.com.key; + + # 配置 SSL 协议和密码套件,可根据需要自定义 + ssl_protocols TLSv1.2 TLSv1.3; + ssl_prefer_server_ciphers on; + ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384; + + + # 访问日志 + access_log /var/log/nginx/access.log; + + # 错误日志 + error_log /var/log/nginx/error.log error; + + # 拦截 /api 请求并代理到 server:8888 + location /api { + proxy_pass http://server:8888; + } + + # 其他请求解析为静态资源 + location / { + root /usr/share/nginx/html; + index index.html index.htm; + try_files $uri $uri/ /index.html; + } +} + +server { + listen 443 ssl; + server_name dashboard.artisan-cloud.com; + + + ssl_certificate /etc/ssl/dashboard.artisancloud.com.pem; + ssl_certificate_key /etc/ssl/dashboard.artisancloud.com.key; + + + # 配置 SSL 协议和密码套件,可根据需要自定义 + ssl_protocols TLSv1.2 TLSv1.3; + ssl_prefer_server_ciphers on; + ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384; + + + # 访问日志 + access_log /var/log/nginx/access.log; + + # 错误日志 + error_log /var/log/nginx/error.log error; + + # 其他请求解析为静态资源 + location / { + root /usr/share/nginx/html; + index index.html index.htm; + try_files $uri $uri/ /index.html; + } +} diff --git a/deploy/dashboard/nginx.conf b/deploy/dashboard/nginx.conf new file mode 100644 index 00000000..c31a0788 --- /dev/null +++ b/deploy/dashboard/nginx.conf @@ -0,0 +1,22 @@ +server { + listen 80; + server_name localhost; + + # 拦截 /api 请求并代理到 server:8888 + location /api { + proxy_pass http://server:8888; + } + + # 访问日志 + access_log /var/log/nginx/access.log; + + # 错误日志 + error_log /var/log/nginx/error.log error; + + # 其他请求解析为静态资源 + location / { + root /usr/share/nginx/html; + index index.html index.htm; + try_files $uri $uri/ /index.html; + } +} \ No newline at end of file diff --git a/deploy/docker-compose.yaml b/deploy/docker-compose.yaml index 28841046..f435ef48 100644 --- a/deploy/docker-compose.yaml +++ b/deploy/docker-compose.yaml @@ -3,61 +3,62 @@ version: '3.8' services: postgres: image: postgres:latest - container_name: postgres-PowerX + container_name: postgres-powerx environment: - POSTGRES_USER: PowerX - POSTGRES_PASSWORD: PowerXpw - POSTGRES_DB: PowerX + POSTGRES_USER: "powerx" + POSTGRES_PASSWORD: "powerxpw" + POSTGRES_DB: powerx volumes: - ./data/postgres:/var/lib/postgresql/data ports: - "5432:5432" networks: - - PowerX-network + - powerx-network healthcheck: - test: ["CMD-SHELL", "pg_isready -U PowerX"] - interval: 10s + test: ["CMD-SHELL", "pg_isready -U powerx"] + interval: 5s retries: 5 redis: image: redis:latest - container_name: redis-PowerX + container_name: redis-powerx ports: - "6379:6379" networks: - - PowerX-network + - powerx-network healthcheck: test: ["CMD", "redis-cli", "ping"] - interval: 30s + interval: 5s timeout: 10s retries: 5 minio: image: minio/minio:latest - container_name: minio-PowerX - command: server --console-address ":9090" /mnt/data + container_name: minio-powerx + command: server --address :9001 --console-address ":9090" /mnt/data environment: MINIO_CONFIG_ENV_FILE: /etc/config.env volumes: - ./data/minio:/mnt/data - ./etc/minio.env:/etc/config.env ports: - - "9000:9000" + - "9001:9001" - "9090:9090" networks: - - PowerX-network + - powerx-network server: build: - context: ./PowerX - dockerfile: deploy/docker/Dockerfile - container_name: PowerX-server + context: ./ + dockerfile: docker/Dockerfile + container_name: server-powerx volumes: - ./etc/powerx.yaml:/app/etc/powerx.yaml + - ./logs/powerx/:/app/logs/ ports: - "8888:8888" networks: - - PowerX-network + - powerx-network depends_on: redis: condition: service_healthy @@ -72,13 +73,16 @@ services: web: build: - context: ./PowerXDashboard - dockerfile: deploy/docker/Dockerfile - container_name: PowerX-web + context: ./ + dockerfile: dashboard/docker/Dockerfile + container_name: web-powerx + volumes: + - ./etc/powerx.yaml:/app/etc/powerx.yaml + - ./logs/nginx/:/var/log/nginx ports: - "3000:80" networks: - - PowerX-network + - powerx-network depends_on: postgres: condition: service_healthy @@ -87,11 +91,11 @@ services: network-tools: image: nicolaka/netshoot:latest - container_name: network-tools + container_name: network-tools-powerx command: sleep infinity networks: - - PowerX-network + - powerx-network networks: - PowerX-network: + powerx-network: driver: bridge diff --git a/deploy/docker/Dockerfile b/deploy/docker/Dockerfile index 9643065a..404727e3 100644 --- a/deploy/docker/Dockerfile +++ b/deploy/docker/Dockerfile @@ -7,7 +7,7 @@ ENV GOPROXY=https://goproxy.cn,direct # 拷贝当前目录到docker内 WORKDIR /app RUN ls -l -COPY ./deploy /app/ +COPY ./ /app/ COPY ./etc/ /app/etc/ @@ -24,6 +24,9 @@ COPY --from=builder /app/Makefile /app/Makefile COPY --from=builder /app/powerx /app/powerx COPY --from=builder /app/etc/ /app/etc/ +RUN chmod +x /app/powerxctl +RUN chmod +x /app/Makefile +RUN chmod +x /app/powerx WORKDIR /app diff --git a/deploy/etc/Readme.md b/deploy/etc/Readme.md new file mode 100644 index 00000000..a200a7f5 --- /dev/null +++ b/deploy/etc/Readme.md @@ -0,0 +1,6 @@ +## 配置说明 +#### [rbac_model.conf](rbac_model.conf) +基于域的RBAC模型, 建议不要变更 + +#### [rbac_policy.csv](rbac_policy.csv) +对应RBAC模型的策略文件, 如果不需要SAAS化或者动态管理, 建议直接使用该文件配置 \ No newline at end of file diff --git a/deploy/etc/admin_api.csv b/deploy/etc/admin_api.csv new file mode 100644 index 00000000..6b621b9f --- /dev/null +++ b/deploy/etc/admin_api.csv @@ -0,0 +1,66 @@ +admin/auth,/api/v1/admin/auth/access/actions/basic-login,post,登录 +admin/auth,/api/v1/admin/auth/access/actions/exchange-token,post,Exchange +admin/common,/api/v1/admin/common/options/employees,get,员工Options远程搜索 +admin/common,/api/v1/admin/common/options/employee-query,get,查询员工过滤条件 +admin/common,/api/v1/admin/common/options/departments,get,部门Options远程搜索 +admin/customer,/api/v1/admin/customer/customers/:id,get,查询客户 +admin/customer,/api/v1/admin/customer/customers,get,获取客户列表 +admin/customer,/api/v1/admin/customer/customers,post,创建客户 +admin/customer,/api/v1/admin/customer/customers/:id,patch,更新客户 +admin/customer,/api/v1/admin/customer/customers/:id,delete,删除客户 +admin/customer,/api/v1/admin/customer/customers/:id/actions/employees,post,为客户分配员工 +admin/department,/api/v1/admin/department/department-tree/:depId,get,查询组织架构 +admin/department,/api/v1/admin/department/departments/:id,get,获取单个部门详情 +admin/department,/api/v1/admin/department/departments,post,创建新部门 +admin/department,/api/v1/admin/department/departments/:id,patch,更新部门信息(可选更新) +admin/department,/api/v1/admin/department/departments/:id,delete,删除部门 +admin/dictionary,/api/v1/admin/dictionary/types,get,获取字典类型列表 +admin/dictionary,/api/v1/admin/dictionary/types,post,创建字典类型 +admin/dictionary,/api/v1/admin/dictionary/types/:id,put,更新字典类型 +admin/dictionary,/api/v1/admin/dictionary/types/:id,delete,删除字典类型 +admin/dictionary,/api/v1/admin/dictionary/items,get,获取字典项列表 +admin/dictionary,/api/v1/admin/dictionary/items,post,创建字典项 +admin/dictionary,/api/v1/admin/dictionary/items/:id,put,更新字典项 +admin/dictionary,/api/v1/admin/dictionary/items/:id,delete,删除字典项 +admin/employee,/api/v1/admin/employee/employees/actions/sync,post,同步员工 +admin/employee,/api/v1/admin/employee/employees/:id,get,查询员工 +admin/employee,/api/v1/admin/employee/employees,get,List员工 +admin/employee,/api/v1/admin/employee/employees,post,创建员工 +admin/employee,/api/v1/admin/employee/employees/:id,patch,编辑员工信息 +admin/employee,/api/v1/admin/employee/employees/:id,delete,删除员工 +admin/employee,/api/v1/admin/employee/employees/actions/reset-password,post,重设密码 +admin/lead,/api/v1/admin/lead/leads,get,查询线索列表 +admin/lead,/api/v1/admin/lead/leads,post,创建线索 +admin/lead,/api/v1/admin/lead/leads/:id,patch,编辑线索 +admin/lead,/api/v1/admin/lead/leads/:id,delete,删除线索 +admin/lead,/api/v1/admin/lead/leads/:id/actions/assign-to-employee,post,分配线索给员工 +admin/media,/api/v1/admin/media/medias,get,查询媒资列表 +admin/media,/api/v1/admin/media/medias/actions/create-upload-url,post,请求媒资上传链接 +admin/media,/api/v1/admin/media/medias/:mediaKey,put,创建或更新媒资 +admin/media,/api/v1/admin/media/medias/:key,get,根据媒资key获取媒资 +admin/media,/api/v1/admin/media/medias/:key,delete,删除媒资 +admin/opportunity,/api/v1/admin/opportunity/opportunities,get,查询商机列表 +admin/opportunity,/api/v1/admin/opportunity/opportunities,post,创建商机 +admin/opportunity,/api/v1/admin/opportunity/opportunities/:id/assign-employee,put,为商机分配员工 +admin/opportunity,/api/v1/admin/opportunity/opportunities/:id,put,修改商机信息 +admin/opportunity,/api/v1/admin/opportunity/opportunities/:id,delete,删除商机 +admin/permission,/api/v1/admin/permission/roles,get,查询角色列表 +admin/permission,/api/v1/admin/permission/roles,post,创建角色 +admin/permission,/api/v1/admin/permission/roles/:roleCode,get,获取角色详情 +admin/permission,/api/v1/admin/permission/roles/:roleCode,patch,更新角色详情 +admin/permission,/api/v1/admin/permission/roles/:roleCode/users,get,获取角色的用户列表 +admin/permission,/api/v1/admin/permission/roles/:roleCode/actions/set-permissions,post,为角色授予API权限 +admin/permission,/api/v1/admin/permission/api-list,get,查询API列表 +admin/permission,/api/v1/admin/permission/users/:userId/actions/set-roles,post,为用户授予角色 +admin/contract-way,/api/v1/admin/contract-way/group-tree,get,获取渠道活码分组树 +admin/contract-way,/api/v1/admin/contract-way/groups,get,查询渠道活码分组列表 +admin/contract-way,/api/v1/admin/contract-way,get,查询渠道活码 +admin/contract-way,/api/v1/admin/contract-way,post,创建活码 +admin/contract-way,/api/v1/admin/contract-way/:id,put,修改活码 +admin/contract-way,/api/v1/admin/contract-way/:id,delete,删除活码 +admin/scrm/customer,/api/v1/admin/scrm/customer/customers/:id,get,查询客户详情 +admin/scrm/customer,/api/v1/admin/scrm/customer/customers,get,查询客户详情列表 +admin/scrm/customer,/api/v1/admin/scrm/customer/customers/:id,patch,修改客户信息 +admin/userinfo,/api/v1/admin/user-center/user-info,get,获取用户信息 +admin/userinfo,/api/v1/admin/user-center/menu-roles,get,获取用户可见菜单 +admin/userinfo,/api/v1/admin/user-center/users/actions/modify-password,post,修改密码 diff --git a/deploy/etc/admin_api_group.csv b/deploy/etc/admin_api_group.csv new file mode 100644 index 00000000..a97ca2aa --- /dev/null +++ b/deploy/etc/admin_api_group.csv @@ -0,0 +1,13 @@ +admin/auth,/api/v1/admin/auth,公开接口-登录相关,公开接口-登录相关 +admin/common,/api/v1/admin/common,通用接口,通用接口 +admin/customer,/api/v1/admin/customer,客户管理,客户管理 +admin/department,/api/v1/admin/department,待命名分组,待描述 +admin/dictionary,/api/v1/admin/dictionary,字典管理API,字典管理API +admin/employee,/api/v1/admin/employee,员工管理,员工管理 +admin/lead,/api/v1/admin/lead,线索池,线索池 +admin/media,/api/v1/admin/media,媒资管理,媒资管理 +admin/opportunity,/api/v1/admin/opportunity,商机管理,商机管理 +admin/permission,/api/v1/admin/permission,权限管理,权限管理 +admin/contract-way,/api/v1/admin/contract-way,Contract Way Management,Contract Way Management +admin/scrm/customer,/api/v1/admin/scrm/customer,企业微信客户管理,企业微信客户管理 +admin/userinfo,/api/v1/admin/user-center,用户中心,用户中心 diff --git a/deploy/etc/powerx-example.yaml b/deploy/etc/powerx-example.yaml new file mode 100644 index 00000000..93599711 --- /dev/null +++ b/deploy/etc/powerx-example.yaml @@ -0,0 +1,84 @@ +Server: + Name: PowerX后台系统 # 服务器名称 + Host: 0.0.0.0 # 服务器地址 + Port: 8888 # 服务器端口 + Timeout: 30000 # 超时时间 + +Root: + Account: root # 管理员账号 + Password: root # 管理员密码 + Name: 超级管理员 # 管理员名称 + +JWT: + JWTSecret: dev # Dashboard JWT密钥 + MPJWTSecret: dev_mp # 小程序 JWT密钥 + WebJWTSecret: dev_web # Web JWT密钥 + +Casbin: + SelfHosted: true # 是否使用自己的Casbin服务 + +PowerXDatabase: + # 数据驱动 + Driver: postgres # 我们主要使用基于Gorm+postgres +# Driver: mysql # 可以连接,但是我们未基于mysql来开发应用。 + + # 数据库连接信息 + DSN: host=host.docker.internal user=powerx password=powerxpw dbname=powerx port=5432 sslmode=disable TimeZone=UTC + # 数据库是否初始化定制的种子数据 + SeedCommerceData: false + +WechatOA: + AppId: wx93607xxxxxxxxxx # 微信公众号AppID + Secret: 6ZwxxxtFouxxxxxxxxxxxxxxxxxxx0tgXYw4oh7KI # 微信公众号Secret + AESKey: PBcwPOp0e6tFou # 微信公众号AES密钥 + OAuth: + Callback: "https://wechat-oa.artisan-cloud.com/callback" + Scopes: [ ] + HttpDebug: true # 是否启用HTTP调试模式 + Debug: false # 是否启用微信hint的调试模式 + +WechatPay: + AppId: wx93607xxxxxxxxxx # 微信支付AppID + AESKey: PBcwPOp0e6tFou # 微信支付AES密钥 + MchId: "1626253240" # 商户号 + MchApiV3Key: # 商户API密钥 + Key: # 商户支付密钥 + CertPath: # 商户证书路径 + KeyPath: # 商户证书密钥路径 + RSAPublicKeyPath: # 微信支付平台RSA公钥路径 + SerialNo: # 微信支付平台证书序列号 + WechatPaySerial: # 微信支付序列号 + NotifyUrl: # 微信支付通知URL + HttpDebug: true # 是否启用HTTP调试模式 + Debug: false # 是否启用微信hint的调试模式 + +WechatMP: + AppId: wx93607xxxxxxxxxx # 微信小程序AppID + Secret: 188c70xxxxxxxxxx70xxxxxxxxxx56c4 # 微信小程序Secret + AESKey: PBcwPOp0e6tFou # 微信小程序AES密钥 + OAuth: + Callback: "https://wechat-mp.artisan-cloud.com/callback" + Scopes: [ ] + HttpDebug: true # 是否启用HTTP调试模式 + Debug: false # 是否启用微信hint的调试模式 + +WeWork: + CropId: wx93607xxxxxxxxxx # 企业微信CropID + AgentId: 1000005 # 企业微信应用AgentID + Secret: 6ZwxxxtFouxxxxxxxxxxxxxxxxxxx0tgXYw4oh7KI # 企业微信应用Secret + Token: tEBuofHfxxxxxxxxxxxxBPTq9K # 企业微信应用的Token,用于处理接收到的消息 + EncodingAESKey: Gv3T4dP5QBDxxxxxxxxxxxxxxxxxxxxxxxc2vwlmUhY # 企业微信应用的 EncodingAESKey,用于加密/解密接收和发送的消息 + HttpDebug: true # 是否启用HTTP调试模式 + Debug: false # 是否启用微信hint的调试模式 + +MediaResource: + LocalStorage: + StoragePath: + OSS: + Enable: true + Minio: + Endpoint: 127.0.0.1:9001 + Credentials: + AccessKey: powerx + SecretKey: powerxpwd + useSSL: false \ No newline at end of file diff --git a/deploy/etc/powerx_test.yaml b/deploy/etc/powerx_test.yaml new file mode 100644 index 00000000..544134e7 --- /dev/null +++ b/deploy/etc/powerx_test.yaml @@ -0,0 +1,68 @@ +Server: + Name: PowerX后台系统 # 服务器名称 + Host: 0.0.0.0 # 服务器地址 + Port: 8888 # 服务器端口 + Timeout: 30000 # 超时时间 + +Root: + Account: root # 管理员账号 + Password: root # 管理员密码 + Name: 超级管理员 # 管理员名称 + +JWT: + JWTSecret: dev # Dashboard JWT密钥 + MPJWTSecret: dev_mp # 小程序 JWT密钥 + WebJWTSecret: dev_web # Web JWT密钥 + +Casbin: + SelfHosted: true # 是否使用自己的Casbin服务 + +PowerXDatabase: + DSN: host=localhost user=postgres password=powerx dbname=powerx port=5432 sslmode=disable TimeZone=UTC + # 数据库连接信息 + +WechatOA: + AppId: wx93607xxxxxxxxxx # 微信公众号AppID + Secret: 6ZwxxxtFouxxxxxxxxxxxxxxxxxxx0tgXYw4oh7KI # 微信公众号Secret + AESKey: PBcwPOp0e6tFou # 微信公众号AES密钥 + HttpDebug: true # 是否启用HTTP调试模式 + +WechatPay: + AppId: wx93607xxxxxxxxxx # 微信支付AppID + AESKey: PBcwPOp0e6tFou # 微信支付AES密钥 + MchId: "1626253240" # 商户号 + MchApiV3Key: # 商户API密钥 + Key: # 商户支付密钥 + CertPath: # 商户证书路径 + KeyPath: # 商户证书密钥路径 + RSAPublicKeyPath: # 微信支付平台RSA公钥路径 + SerialNo: # 微信支付平台证书序列号 + WechatPaySerial: # 微信支付序列号 + NotifyUrl: # 微信支付通知URL + HttpDebug: true # 是否启用HTTP调试模式 + +WechatMP: + AppId: wx93607xxxxxxxxxx # 微信小程序AppID + Secret: 188c70xxxxxxxxxx70xxxxxxxxxx56c4 # 微信小程序Secret + AESKey: PBcwPOp0e6tFou # 微信小程序AES密钥 + HttpDebug: true # 是否启用HTTP调试模式 + +WeWork: + CropId: wx93607xxxxxxxxxx # 企业微信CropID + AgentId: 1000005 # 企业微信应用AgentID + Secret: 6ZwxxxtFouxxxxxxxxxxxxxxxxxxx0tgXYw4oh7KI # 企业微信应用Secret + Token: tEBuofHfxxxxxxxxxxxxBPTq9K # 企业微信应用的Token,用于处理接收到的消息 + EncodingAESKey: Gv3T4dP5QBDxxxxxxxxxxxxxxxxxxxxxxxc2vwlmUhY # 企业微信应用的 EncodingAESKey,用于加密/解密接收和发送的消息 + HttpDebug: true # 是否启用HTTP调试模式 + +MediaResource: + LocalStorage: + StoragePath: + OSS: + Enable: true + Minio: + Endpoint: 127.0.0.1:9001 + Credentials: + AccessKey: powerx + SecretKey: powerxpwd + useSSL: false \ No newline at end of file diff --git a/deploy/etc/rbac_model.conf b/deploy/etc/rbac_model.conf new file mode 100644 index 00000000..8b4c20ee --- /dev/null +++ b/deploy/etc/rbac_model.conf @@ -0,0 +1,14 @@ +[request_definition] +r = sub, obj, act + +[policy_definition] +p = sub, obj, act + +[role_definition] +g = _, _ + +[policy_effect] +e = some(where (p.eft == allow)) + +[matchers] +m = g(r.sub, p.sub) && keyMatch2(r.obj, p.obj) && regexMatch(r.act, p.act) || r.sub == "root" \ No newline at end of file diff --git a/deploy/etc/rbac_policy.csv b/deploy/etc/rbac_policy.csv new file mode 100644 index 00000000..e69de29b