From 41e3e1e502e096fb067b6468ca840b4538bf8d25 Mon Sep 17 00:00:00 2001 From: Timmy Date: Wed, 9 Aug 2023 09:49:40 +0800 Subject: [PATCH 1/2] bugfix: action update with hidden (#262) --- pkg/api/model/handler/action.go | 4 ++++ pkg/api/model/handler/action_slz.go | 1 + pkg/service/action.go | 4 ++++ 3 files changed, 9 insertions(+) diff --git a/pkg/api/model/handler/action.go b/pkg/api/model/handler/action.go index c12d6a04..98d0fa3e 100644 --- a/pkg/api/model/handler/action.go +++ b/pkg/api/model/handler/action.go @@ -188,6 +188,9 @@ func UpdateAction(c *gin.Context) { if _, ok := data["type"]; ok { allowEmptyFields.AddKey("Type") } + if _, ok := data["hidden"]; ok { + allowEmptyFields.AddKey("Hidden") + } if _, ok := data["related_resource_types"]; ok { allowEmptyFields.AddKey("RelatedResourceTypes") } @@ -216,6 +219,7 @@ func UpdateAction(c *gin.Context) { Version: body.Version, AuthType: body.AuthType, Type: body.Type, + Hidden: body.Hidden, RelatedResourceTypes: convertToRelatedResourceTypes(body.RelatedResourceTypes), RelatedActions: body.RelatedActions, RelatedEnvironments: convertToRelatedEnvironments(body.RelatedEnvironments), diff --git a/pkg/api/model/handler/action_slz.go b/pkg/api/model/handler/action_slz.go index 3c314fa8..f8c19885 100644 --- a/pkg/api/model/handler/action_slz.go +++ b/pkg/api/model/handler/action_slz.go @@ -73,6 +73,7 @@ type actionUpdateSerializer struct { AuthType string `json:"auth_type" binding:"omitempty,oneof=rbac abac" example:"abac"` Type string `json:"type" binding:"omitempty,oneof=create edit view delete list manage execute debug use"` + Hidden bool `json:"hidden" binding:"omitempty" example:"false"` RelatedResourceTypes []relatedResourceType `json:"related_resource_types"` RelatedActions []string `json:"related_actions"` diff --git a/pkg/service/action.go b/pkg/service/action.go index a64414d1..b8b51d63 100644 --- a/pkg/service/action.go +++ b/pkg/service/action.go @@ -473,6 +473,9 @@ func (l *actionService) Update(system, actionID string, action types.Action) err if action.AllowEmptyFields.HasKey("Type") { allowBlank.AddKey("Type") } + if action.AllowEmptyFields.HasKey("Hidden") { + allowBlank.AddKey("Hidden") + } if action.AllowEmptyFields.HasKey("Description") { allowBlank.AddKey("Description") } @@ -513,6 +516,7 @@ func (l *actionService) Update(system, actionID string, action types.Action) err Sensitivity: action.Sensitivity, AuthType: action.AuthType, Type: action.Type, + Hidden: action.Hidden, Version: action.Version, RelatedActions: relatedActions, RelatedEnvironments: relatedEnvironments, From a49f83a322c815f0ec5d1206ce974e232dec1f57 Mon Sep 17 00:00:00 2001 From: Timmy Date: Wed, 9 Aug 2023 09:49:50 +0800 Subject: [PATCH 2/2] feat: use local subject cache (#261) --- pkg/abac/pap/department.go | 4 +-- pkg/abac/pap/department_test.go | 8 ++--- pkg/abac/pap/group.go | 48 ++++++++++++++-------------- pkg/abac/pap/group_test.go | 4 +-- pkg/api/debug/handler/cache.go | 2 +- pkg/api/debug/handler/query.go | 2 +- pkg/cacheimpls/local_subject_role.go | 2 +- 7 files changed, 35 insertions(+), 35 deletions(-) diff --git a/pkg/abac/pap/department.go b/pkg/abac/pap/department.go index 5125d494..652de3e8 100644 --- a/pkg/abac/pap/department.go +++ b/pkg/abac/pap/department.go @@ -157,14 +157,14 @@ func (c *departmentController) BulkDelete(subjectIDs []string) error { func convertToServiceSubjectDepartments(subjectDepartments []SubjectDepartment) ([]types.SubjectDepartment, error) { serviceSubjectDepartments := make([]types.SubjectDepartment, 0, len(subjectDepartments)) for _, subjectDepartment := range subjectDepartments { - subjectPK, err := cacheimpls.GetSubjectPK(types.UserType, subjectDepartment.SubjectID) + subjectPK, err := cacheimpls.GetLocalSubjectPK(types.UserType, subjectDepartment.SubjectID) if err != nil { return nil, err } departmentPKs := make([]int64, 0, len(subjectDepartment.DepartmentIDs)) for _, departmentID := range subjectDepartment.DepartmentIDs { - departmentPK, err := cacheimpls.GetSubjectPK(types.DepartmentType, departmentID) + departmentPK, err := cacheimpls.GetLocalSubjectPK(types.DepartmentType, departmentID) if err != nil { // 兼容不存在的情况 if errors.Is(err, sql.ErrNoRows) { diff --git a/pkg/abac/pap/department_test.go b/pkg/abac/pap/department_test.go index 7a4b9b81..73b8f86e 100644 --- a/pkg/abac/pap/department_test.go +++ b/pkg/abac/pap/department_test.go @@ -117,7 +117,7 @@ var _ = Describe("DepartmentController", func() { errors.New("error"), ).AnyTimes() - patches := gomonkey.ApplyFunc(cacheimpls.GetSubjectPK, func(_type, id string) (pk int64, err error) { + patches := gomonkey.ApplyFunc(cacheimpls.GetLocalSubjectPK, func(_type, id string) (pk int64, err error) { switch id { case "1": return int64(1), nil @@ -151,7 +151,7 @@ var _ = Describe("DepartmentController", func() { nil, ).AnyTimes() - patches := gomonkey.ApplyFunc(cacheimpls.GetSubjectPK, func(_type, id string) (pk int64, err error) { + patches := gomonkey.ApplyFunc(cacheimpls.GetLocalSubjectPK, func(_type, id string) (pk int64, err error) { switch id { case "1": return int64(1), nil @@ -194,7 +194,7 @@ var _ = Describe("DepartmentController", func() { errors.New("error"), ).AnyTimes() - patches := gomonkey.ApplyFunc(cacheimpls.GetSubjectPK, func(_type, id string) (pk int64, err error) { + patches := gomonkey.ApplyFunc(cacheimpls.GetLocalSubjectPK, func(_type, id string) (pk int64, err error) { switch id { case "1": return int64(1), nil @@ -228,7 +228,7 @@ var _ = Describe("DepartmentController", func() { nil, ).AnyTimes() - patches := gomonkey.ApplyFunc(cacheimpls.GetSubjectPK, func(_type, id string) (pk int64, err error) { + patches := gomonkey.ApplyFunc(cacheimpls.GetLocalSubjectPK, func(_type, id string) (pk int64, err error) { switch id { case "1": return int64(1), nil diff --git a/pkg/abac/pap/group.go b/pkg/abac/pap/group.go index 33e8c866..067f8923 100644 --- a/pkg/abac/pap/group.go +++ b/pkg/abac/pap/group.go @@ -85,9 +85,9 @@ func (c *groupController) GetSubjectGroupCountBeforeExpiredAt( expiredAt int64, ) (count int64, err error) { errorWrapf := errorx.NewLayerFunctionErrorWrapf(GroupCTL, "GetSubjectGroupCountBeforeExpiredAt") - subjectPK, err := cacheimpls.GetSubjectPK(_type, id) + subjectPK, err := cacheimpls.GetLocalSubjectPK(_type, id) if err != nil { - return 0, errorWrapf(err, "cacheimpls.GetSubjectPK _type=`%s`, id=`%s` fail", _type, id) + return 0, errorWrapf(err, "cacheimpls.GetLocalSubjectPK _type=`%s`, id=`%s` fail", _type, id) } count, err = c.service.GetSubjectGroupCountBeforeExpiredAt(subjectPK, expiredAt) @@ -110,9 +110,9 @@ func (c *groupController) GetSubjectSystemGroupCountBeforeExpiredAt( expiredAt int64, ) (count int64, err error) { errorWrapf := errorx.NewLayerFunctionErrorWrapf(GroupCTL, "GetSubjectSystemGroupCountBeforeExpiredAt") - subjectPK, err := cacheimpls.GetSubjectPK(_type, id) + subjectPK, err := cacheimpls.GetLocalSubjectPK(_type, id) if err != nil { - return 0, errorWrapf(err, "cacheimpls.GetSubjectPK _type=`%s`, id=`%s` fail", _type, id) + return 0, errorWrapf(err, "cacheimpls.GetLocalSubjectPK _type=`%s`, id=`%s` fail", _type, id) } count, err = c.service.GetSubjectSystemGroupCountBeforeExpiredAt(subjectPK, systemID, expiredAt) @@ -257,9 +257,9 @@ func (c *groupController) ListPagingSubjectGroups( beforeExpiredAt, limit, offset int64, ) ([]SubjectGroup, error) { errorWrapf := errorx.NewLayerFunctionErrorWrapf(GroupCTL, "ListPagingSubjectGroups") - subjectPK, err := cacheimpls.GetSubjectPK(_type, id) + subjectPK, err := cacheimpls.GetLocalSubjectPK(_type, id) if err != nil { - return nil, errorWrapf(err, "cacheimpls.GetSubjectPK _type=`%s`, id=`%s` fail", _type, id) + return nil, errorWrapf(err, "cacheimpls.GetLocalSubjectPK _type=`%s`, id=`%s` fail", _type, id) } svcSubjectGroups, err := c.service.ListPagingSubjectGroups(subjectPK, beforeExpiredAt, limit, offset) @@ -285,9 +285,9 @@ func (c *groupController) ListPagingSubjectSystemGroups( beforeExpiredAt, limit, offset int64, ) ([]SubjectGroup, error) { errorWrapf := errorx.NewLayerFunctionErrorWrapf(GroupCTL, "ListPagingSubjectSystemGroups") - subjectPK, err := cacheimpls.GetSubjectPK(_type, id) + subjectPK, err := cacheimpls.GetLocalSubjectPK(_type, id) if err != nil { - return nil, errorWrapf(err, "cacheimpls.GetSubjectPK _type=`%s`, id=`%s` fail", _type, id) + return nil, errorWrapf(err, "cacheimpls.GetLocalSubjectPK _type=`%s`, id=`%s` fail", _type, id) } svcSubjectGroups, err := c.service.ListPagingSubjectSystemGroups( @@ -316,9 +316,9 @@ func (c *groupController) ListPagingSubjectSystemGroups( // GetGroupMemberCount ... func (c *groupController) GetGroupMemberCount(_type, id string) (int64, error) { errorWrapf := errorx.NewLayerFunctionErrorWrapf(GroupCTL, "GetGroupMemberCount") - groupPK, err := cacheimpls.GetSubjectPK(_type, id) + groupPK, err := cacheimpls.GetLocalSubjectPK(_type, id) if err != nil { - return 0, errorWrapf(err, "cacheimpls.GetSubjectPK _type=`%s`, id=`%s` fail", _type, id) + return 0, errorWrapf(err, "cacheimpls.GetLocalSubjectPK _type=`%s`, id=`%s` fail", _type, id) } count, err := c.service.GetGroupMemberCount(groupPK) @@ -332,9 +332,9 @@ func (c *groupController) GetGroupMemberCount(_type, id string) (int64, error) { // ListPagingGroupMember ... func (c *groupController) ListPagingGroupMember(_type, id string, limit, offset int64) ([]GroupMember, error) { errorWrapf := errorx.NewLayerFunctionErrorWrapf(GroupCTL, "ListPagingGroupMember") - groupPK, err := cacheimpls.GetSubjectPK(_type, id) + groupPK, err := cacheimpls.GetLocalSubjectPK(_type, id) if err != nil { - return nil, errorWrapf(err, "cacheimpls.GetSubjectPK _type=`%s`, id=`%s` fail", _type, id) + return nil, errorWrapf(err, "cacheimpls.GetLocalSubjectPK _type=`%s`, id=`%s` fail", _type, id) } svcMembers, err := c.service.ListPagingGroupMember(groupPK, limit, offset) @@ -379,9 +379,9 @@ func (c *groupController) ListPagingGroupSubjectBeforeExpiredAt( // GetGroupMemberCountBeforeExpiredAt ... func (c *groupController) GetGroupMemberCountBeforeExpiredAt(_type, id string, expiredAt int64) (int64, error) { errorWrapf := errorx.NewLayerFunctionErrorWrapf(GroupCTL, "GetGroupMemberCountBeforeExpiredAt") - groupPK, err := cacheimpls.GetSubjectPK(_type, id) + groupPK, err := cacheimpls.GetLocalSubjectPK(_type, id) if err != nil { - return 0, errorWrapf(err, "cacheimpls.GetSubjectPK _type=`%s`, id=`%s` fail", _type, id) + return 0, errorWrapf(err, "cacheimpls.GetLocalSubjectPK _type=`%s`, id=`%s` fail", _type, id) } count, err := c.service.GetGroupMemberCountBeforeExpiredAt(groupPK, expiredAt) @@ -400,9 +400,9 @@ func (c *groupController) ListPagingGroupMemberBeforeExpiredAt( _type, id string, expiredAt int64, limit, offset int64, ) ([]GroupMember, error) { errorWrapf := errorx.NewLayerFunctionErrorWrapf(GroupCTL, "ListPagingGroupMemberBeforeExpiredAt") - groupPK, err := cacheimpls.GetSubjectPK(_type, id) + groupPK, err := cacheimpls.GetLocalSubjectPK(_type, id) if err != nil { - return nil, errorWrapf(err, "cacheimpls.GetSubjectPK _type=`%s`, id=`%s` fail", _type, id) + return nil, errorWrapf(err, "cacheimpls.GetLocalSubjectPK _type=`%s`, id=`%s` fail", _type, id) } svcMembers, err := c.service.ListPagingGroupMemberBeforeExpiredAt(groupPK, expiredAt, limit, offset) @@ -439,9 +439,9 @@ func (c *groupController) alterGroupMembers( createIfNotExists bool, ) (typeCount map[string]int64, err error) { errorWrapf := errorx.NewLayerFunctionErrorWrapf(GroupCTL, "alterGroupMembers") - groupPK, err := cacheimpls.GetSubjectPK(_type, id) + groupPK, err := cacheimpls.GetLocalSubjectPK(_type, id) if err != nil { - return nil, errorWrapf(err, "cacheimpls.GetSubjectPK _type=`%s`, id=`%s` fail", _type, id) + return nil, errorWrapf(err, "cacheimpls.GetLocalSubjectPK _type=`%s`, id=`%s` fail", _type, id) } relations, err := c.service.ListGroupMember(groupPK) @@ -471,9 +471,9 @@ func (c *groupController) alterGroupMembers( } for _, m := range members { - subjectPK, err := cacheimpls.GetSubjectPK(m.Type, m.ID) + subjectPK, err := cacheimpls.GetLocalSubjectPK(m.Type, m.ID) if err != nil { - return nil, errorWrapf(err, "cacheimpls.GetSubjectPK _type=`%s`, id=`%s` fail", m.Type, m.ID) + return nil, errorWrapf(err, "cacheimpls.GetLocalSubjectPK _type=`%s`, id=`%s` fail", m.Type, m.ID) } // member已存在则不再添加 @@ -563,9 +563,9 @@ func (c *groupController) DeleteGroupMembers( userPKs := make([]int64, 0, len(members)) departmentPKs := make([]int64, 0, len(members)) for _, m := range members { - pk, err := cacheimpls.GetSubjectPK(m.Type, m.ID) + pk, err := cacheimpls.GetLocalSubjectPK(m.Type, m.ID) if err != nil { - return nil, errorWrapf(err, "cacheimpls.GetSubjectPK _type=`%s`, id=`%s` fail", m.Type, m.ID) + return nil, errorWrapf(err, "cacheimpls.GetLocalSubjectPK _type=`%s`, id=`%s` fail", m.Type, m.ID) } if m.Type == types.UserType { @@ -575,9 +575,9 @@ func (c *groupController) DeleteGroupMembers( } } - groupPK, err := cacheimpls.GetSubjectPK(_type, id) + groupPK, err := cacheimpls.GetLocalSubjectPK(_type, id) if err != nil { - return nil, errorWrapf(err, "cacheimpls.GetSubjectPK _type=`%s`, id=`%s` fail", _type, id) + return nil, errorWrapf(err, "cacheimpls.GetLocalSubjectPK _type=`%s`, id=`%s` fail", _type, id) } typeCount, err = c.service.BulkDeleteGroupMembers(groupPK, userPKs, departmentPKs) diff --git a/pkg/abac/pap/group_test.go b/pkg/abac/pap/group_test.go index 34450be4..13adc5a3 100644 --- a/pkg/abac/pap/group_test.go +++ b/pkg/abac/pap/group_test.go @@ -37,7 +37,7 @@ var _ = Describe("GroupController", func() { BeforeEach(func() { ctl = gomock.NewController(GinkgoT()) - patches = gomonkey.ApplyFunc(cacheimpls.GetSubjectPK, func(_type, id string) (pk int64, err error) { + patches = gomonkey.ApplyFunc(cacheimpls.GetLocalSubjectPK, func(_type, id string) (pk int64, err error) { switch id { case "1": return int64(1), nil @@ -281,7 +281,7 @@ var _ = Describe("GroupController", func() { BeforeEach(func() { ctl = gomock.NewController(GinkgoT()) - patches = gomonkey.ApplyFunc(cacheimpls.GetSubjectPK, func(_type, id string) (pk int64, err error) { + patches = gomonkey.ApplyFunc(cacheimpls.GetLocalSubjectPK, func(_type, id string) (pk int64, err error) { switch id { case "1": return int64(1), nil diff --git a/pkg/api/debug/handler/cache.go b/pkg/api/debug/handler/cache.go index 5c25dfeb..a6a03753 100644 --- a/pkg/api/debug/handler/cache.go +++ b/pkg/api/debug/handler/cache.go @@ -39,7 +39,7 @@ func QueryPolicyCache(c *gin.Context) { return } - subjectPK, err := cacheimpls.GetSubjectPK(body.SubjectType, body.SubjectID) + subjectPK, err := cacheimpls.GetLocalSubjectPK(body.SubjectType, body.SubjectID) if err != nil { util.SystemErrorJSONResponse(c, err) return diff --git a/pkg/api/debug/handler/query.go b/pkg/api/debug/handler/query.go index 8c6d4d84..680a7713 100644 --- a/pkg/api/debug/handler/query.go +++ b/pkg/api/debug/handler/query.go @@ -90,7 +90,7 @@ func QuerySubjects(c *gin.Context) { "type": body.Type, "id": body.ID, } - pk, err := cacheimpls.GetSubjectPK(body.Type, body.ID) + pk, err := cacheimpls.GetLocalSubjectPK(body.Type, body.ID) if err != nil { util.SystemErrorJSONResponse(c, err) return diff --git a/pkg/cacheimpls/local_subject_role.go b/pkg/cacheimpls/local_subject_role.go index 3b686d81..fc433782 100644 --- a/pkg/cacheimpls/local_subject_role.go +++ b/pkg/cacheimpls/local_subject_role.go @@ -45,7 +45,7 @@ func (k SubjectRoleCacheKey) Key() string { func retrieveSubjectRole(key cache.Key) (interface{}, error) { k := key.(SubjectRoleCacheKey) - pk, err := GetSubjectPK(k.SubjectType, k.SubjectID) + pk, err := GetLocalSubjectPK(k.SubjectType, k.SubjectID) // 如果用户不存在, 表现为没有任何一个系统的特殊角色 if errors.Is(err, sql.ErrNoRows) {