From 964d50b4e7374f555b3cec5e4dbe3a465365a384 Mon Sep 17 00:00:00 2001
From: Ulric Qin <ulric.qin@gmail.com>
Date: Fri, 10 Dec 2021 09:44:06 +0800
Subject: [PATCH] add perm function in routers

---
 docker/initsql/a-n9e.sql    |  34 +++++++++--
 src/webapi/router/router.go | 112 ++++++++++++++++++------------------
 2 files changed, 86 insertions(+), 60 deletions(-)

diff --git a/docker/initsql/a-n9e.sql b/docker/initsql/a-n9e.sql
index 44285c57..c0cc8020 100644
--- a/docker/initsql/a-n9e.sql
+++ b/docker/initsql/a-n9e.sql
@@ -78,25 +78,51 @@ CREATE TABLE `role_operation`(
 -- Admin is special, who has no concrete operation but can do anything.
 insert into `role_operation`(role_name, operation) values('Guest', '/metric/explorer');
 insert into `role_operation`(role_name, operation) values('Guest', '/object/explorer');
-insert into `role_operation`(role_name, operation) values('Guest', '/dashboards');
 insert into `role_operation`(role_name, operation) values('Guest', '/help/version');
 insert into `role_operation`(role_name, operation) values('Guest', '/help/contact');
 insert into `role_operation`(role_name, operation) values('Standard', '/metric/explorer');
 insert into `role_operation`(role_name, operation) values('Standard', '/object/explorer');
-insert into `role_operation`(role_name, operation) values('Standard', '/dashboards');
+insert into `role_operation`(role_name, operation) values('Standard', '/help/version');
+insert into `role_operation`(role_name, operation) values('Standard', '/help/contact');
 insert into `role_operation`(role_name, operation) values('Standard', '/users');
 insert into `role_operation`(role_name, operation) values('Standard', '/user-groups');
+insert into `role_operation`(role_name, operation) values('Standard', '/user-groups/add');
+insert into `role_operation`(role_name, operation) values('Standard', '/user-groups/put');
+insert into `role_operation`(role_name, operation) values('Standard', '/user-groups/del');
 insert into `role_operation`(role_name, operation) values('Standard', '/busi-groups');
+insert into `role_operation`(role_name, operation) values('Standard', '/busi-groups/add');
+insert into `role_operation`(role_name, operation) values('Standard', '/busi-groups/put');
+insert into `role_operation`(role_name, operation) values('Standard', '/busi-groups/del');
 insert into `role_operation`(role_name, operation) values('Standard', '/targets');
+insert into `role_operation`(role_name, operation) values('Standard', '/targets/add');
+insert into `role_operation`(role_name, operation) values('Standard', '/targets/put');
+insert into `role_operation`(role_name, operation) values('Standard', '/targets/del');
+insert into `role_operation`(role_name, operation) values('Standard', '/dashboards');
+insert into `role_operation`(role_name, operation) values('Standard', '/dashboards/add');
+insert into `role_operation`(role_name, operation) values('Standard', '/dashboards/put');
+insert into `role_operation`(role_name, operation) values('Standard', '/dashboards/del');
 insert into `role_operation`(role_name, operation) values('Standard', '/alert-rules');
+insert into `role_operation`(role_name, operation) values('Standard', '/alert-rules/add');
+insert into `role_operation`(role_name, operation) values('Standard', '/alert-rules/put');
+insert into `role_operation`(role_name, operation) values('Standard', '/alert-rules/del');
 insert into `role_operation`(role_name, operation) values('Standard', '/alert-mutes');
+insert into `role_operation`(role_name, operation) values('Standard', '/alert-mutes/add');
+insert into `role_operation`(role_name, operation) values('Standard', '/alert-mutes/del');
 insert into `role_operation`(role_name, operation) values('Standard', '/alert-subscribes');
+insert into `role_operation`(role_name, operation) values('Standard', '/alert-subscribes/add');
+insert into `role_operation`(role_name, operation) values('Standard', '/alert-subscribes/put');
+insert into `role_operation`(role_name, operation) values('Standard', '/alert-subscribes/del');
 insert into `role_operation`(role_name, operation) values('Standard', '/alert-cur-events');
+insert into `role_operation`(role_name, operation) values('Standard', '/alert-cur-events/del');
 insert into `role_operation`(role_name, operation) values('Standard', '/alert-his-events');
 insert into `role_operation`(role_name, operation) values('Standard', '/job-tpls');
+insert into `role_operation`(role_name, operation) values('Standard', '/job-tpls/add');
+insert into `role_operation`(role_name, operation) values('Standard', '/job-tpls/put');
+insert into `role_operation`(role_name, operation) values('Standard', '/job-tpls/del');
 insert into `role_operation`(role_name, operation) values('Standard', '/job-tasks');
-insert into `role_operation`(role_name, operation) values('Standard', '/help/version');
-insert into `role_operation`(role_name, operation) values('Standard', '/help/contact');
+insert into `role_operation`(role_name, operation) values('Standard', '/job-tasks/add');
+insert into `role_operation`(role_name, operation) values('Standard', '/job-tasks/put');
+
 
 -- for alert_rule | collect_rule | mute | dashboard grouping
 CREATE TABLE `busi_group` (
diff --git a/src/webapi/router/router.go b/src/webapi/router/router.go
index 32179358..b593fd34 100644
--- a/src/webapi/router/router.go
+++ b/src/webapi/router/router.go
@@ -127,7 +127,7 @@ func configRoute(r *gin.Engine, version string) {
 		pages.PUT("/self/profile", jwtAuth(), user(), selfProfilePut)
 		pages.PUT("/self/password", jwtAuth(), user(), selfPasswordPut)
 
-		pages.GET("/users", jwtAuth(), user(), userGets)
+		pages.GET("/users", jwtAuth(), user(), perm("/users"), userGets)
 		pages.POST("/users", jwtAuth(), admin(), userAddPost)
 		pages.GET("/user/:id/profile", jwtAuth(), userProfileGet)
 		pages.PUT("/user/:id/profile", jwtAuth(), admin(), userProfilePut)
@@ -135,39 +135,39 @@ func configRoute(r *gin.Engine, version string) {
 		pages.DELETE("/user/:id", jwtAuth(), admin(), userDel)
 
 		pages.GET("/user-groups", jwtAuth(), user(), userGroupGets)
-		pages.POST("/user-groups", jwtAuth(), user(), perm("/user-groups"), userGroupAdd)
+		pages.POST("/user-groups", jwtAuth(), user(), perm("/user-groups/add"), userGroupAdd)
 		pages.GET("/user-group/:id", jwtAuth(), user(), userGroupGet)
-		pages.PUT("/user-group/:id", jwtAuth(), user(), userGroupWrite(), userGroupPut)
-		pages.DELETE("/user-group/:id", jwtAuth(), user(), userGroupWrite(), userGroupDel)
-		pages.POST("/user-group/:id/members", jwtAuth(), user(), userGroupWrite(), userGroupMemberAdd)
-		pages.DELETE("/user-group/:id/members", jwtAuth(), user(), userGroupWrite(), userGroupMemberDel)
-		pages.GET("/user-group/:id/perm/:perm", jwtAuth(), user(), checkBusiGroupPerm)
+		pages.PUT("/user-group/:id", jwtAuth(), user(), perm("/user-groups/put"), userGroupWrite(), userGroupPut)
+		pages.DELETE("/user-group/:id", jwtAuth(), user(), perm("/user-groups/del"), userGroupWrite(), userGroupDel)
+		pages.POST("/user-group/:id/members", jwtAuth(), user(), perm("/user-groups/put"), userGroupWrite(), userGroupMemberAdd)
+		pages.DELETE("/user-group/:id/members", jwtAuth(), user(), perm("/user-groups/put"), userGroupWrite(), userGroupMemberDel)
 
 		pages.GET("/busi-groups", jwtAuth(), user(), busiGroupGets)
-		pages.POST("/busi-groups", jwtAuth(), user(), perm("/busi-groups"), busiGroupAdd)
+		pages.POST("/busi-groups", jwtAuth(), user(), perm("/busi-groups/add"), busiGroupAdd)
 		pages.GET("/busi-groups/alertings", jwtAuth(), busiGroupAlertingsGets)
 		pages.GET("/busi-group/:id", jwtAuth(), user(), bgro(), busiGroupGet)
-		pages.PUT("/busi-group/:id", jwtAuth(), user(), bgrw(), busiGroupPut)
-		pages.POST("/busi-group/:id/members", jwtAuth(), user(), bgrw(), busiGroupMemberAdd)
-		pages.DELETE("/busi-group/:id/members", jwtAuth(), user(), bgrw(), busiGroupMemberDel)
-		pages.DELETE("/busi-group/:id", jwtAuth(), user(), bgrw(), busiGroupDel)
-
-		pages.GET("/targets", jwtAuth(), user(), targetGets)
-		pages.DELETE("/targets", jwtAuth(), user(), targetDel)
-		pages.GET("/targets/tags", jwtAuth(), user(), targetGetTags)
-		pages.POST("/targets/tags", jwtAuth(), user(), targetBindTags)
-		pages.DELETE("/targets/tags", jwtAuth(), user(), targetUnbindTags)
-		pages.PUT("/targets/note", jwtAuth(), user(), targetUpdateNote)
-		pages.PUT("/targets/bgid", jwtAuth(), user(), targetUpdateBgid)
-
-		pages.GET("/busi-group/:id/dashboards", jwtAuth(), user(), bgro(), dashboardGets)
-		pages.POST("/busi-group/:id/dashboards", jwtAuth(), user(), bgrw(), dashboardAdd)
-		pages.POST("/busi-group/:id/dashboards/export", jwtAuth(), user(), bgro(), dashboardExport)
-		pages.POST("/busi-group/:id/dashboards/import", jwtAuth(), user(), bgrw(), dashboardImport)
-		pages.POST("/busi-group/:id/dashboard/:did/clone", jwtAuth(), user(), bgrw(), dashboardClone)
-		pages.GET("/busi-group/:id/dashboard/:did", jwtAuth(), user(), bgro(), dashboardGet)
-		pages.PUT("/busi-group/:id/dashboard/:did", jwtAuth(), user(), bgrw(), dashboardPut)
-		pages.DELETE("/busi-group/:id/dashboard/:did", jwtAuth(), user(), bgrw(), dashboardDel)
+		pages.PUT("/busi-group/:id", jwtAuth(), user(), perm("/busi-groups/put"), bgrw(), busiGroupPut)
+		pages.POST("/busi-group/:id/members", jwtAuth(), user(), perm("/busi-groups/put"), bgrw(), busiGroupMemberAdd)
+		pages.DELETE("/busi-group/:id/members", jwtAuth(), user(), perm("/busi-groups/put"), bgrw(), busiGroupMemberDel)
+		pages.DELETE("/busi-group/:id", jwtAuth(), user(), perm("/busi-groups/del"), bgrw(), busiGroupDel)
+		pages.GET("/busi-group/:id/perm/:perm", jwtAuth(), user(), checkBusiGroupPerm)
+
+		pages.GET("/targets", jwtAuth(), user(), perm("/targets"), targetGets)
+		pages.DELETE("/targets", jwtAuth(), user(), perm("/targets/del"), targetDel)
+		pages.GET("/targets/tags", jwtAuth(), user(), perm("/targets"), targetGetTags)
+		pages.POST("/targets/tags", jwtAuth(), user(), perm("/targets/put"), targetBindTags)
+		pages.DELETE("/targets/tags", jwtAuth(), user(), perm("/targets/put"), targetUnbindTags)
+		pages.PUT("/targets/note", jwtAuth(), user(), perm("/targets/put"), targetUpdateNote)
+		pages.PUT("/targets/bgid", jwtAuth(), user(), perm("/targets/put"), targetUpdateBgid)
+
+		pages.GET("/busi-group/:id/dashboards", jwtAuth(), user(), perm("/dashboards"), bgro(), dashboardGets)
+		pages.POST("/busi-group/:id/dashboards", jwtAuth(), user(), perm("/dashboards/add"), bgrw(), dashboardAdd)
+		pages.POST("/busi-group/:id/dashboards/export", jwtAuth(), user(), perm("/dashboards"), bgro(), dashboardExport)
+		pages.POST("/busi-group/:id/dashboards/import", jwtAuth(), user(), perm("/dashboards/add"), bgrw(), dashboardImport)
+		pages.POST("/busi-group/:id/dashboard/:did/clone", jwtAuth(), user(), perm("/dashboards/add"), bgrw(), dashboardClone)
+		pages.GET("/busi-group/:id/dashboard/:did", jwtAuth(), user(), perm("/dashboards"), bgro(), dashboardGet)
+		pages.PUT("/busi-group/:id/dashboard/:did", jwtAuth(), user(), perm("/dashboards/put"), bgrw(), dashboardPut)
+		pages.DELETE("/busi-group/:id/dashboard/:did", jwtAuth(), user(), perm("/dashboards/del"), bgrw(), dashboardDel)
 
 		pages.GET("/busi-group/:id/chart-groups", jwtAuth(), user(), bgro(), chartGroupGets)
 		pages.POST("/busi-group/:id/chart-groups", jwtAuth(), user(), bgrw(), chartGroupAdd)
@@ -182,22 +182,22 @@ func configRoute(r *gin.Engine, version string) {
 		pages.GET("/share-charts", chartShareGets)
 		pages.POST("/share-charts", jwtAuth(), chartShareAdd)
 
-		pages.GET("/busi-group/:id/alert-rules", jwtAuth(), user(), alertRuleGets)
-		pages.POST("/busi-group/:id/alert-rules", jwtAuth(), user(), bgrw(), alertRuleAdd)
-		pages.DELETE("/busi-group/:id/alert-rules", jwtAuth(), user(), bgrw(), alertRuleDel)
-		pages.PUT("/busi-group/:id/alert-rules/fields", jwtAuth(), user(), bgrw(), alertRulePutFields)
-		pages.PUT("/busi-group/:id/alert-rule/:arid", jwtAuth(), user(), bgrw(), alertRulePut)
-		pages.GET("/alert-rule/:arid", jwtAuth(), user(), alertRuleGet)
+		pages.GET("/busi-group/:id/alert-rules", jwtAuth(), user(), perm("/alert-rules"), alertRuleGets)
+		pages.POST("/busi-group/:id/alert-rules", jwtAuth(), user(), perm("/alert-rules/add"), bgrw(), alertRuleAdd)
+		pages.DELETE("/busi-group/:id/alert-rules", jwtAuth(), user(), perm("/alert-rules/del"), bgrw(), alertRuleDel)
+		pages.PUT("/busi-group/:id/alert-rules/fields", jwtAuth(), user(), perm("/alert-rules/put"), bgrw(), alertRulePutFields)
+		pages.PUT("/busi-group/:id/alert-rule/:arid", jwtAuth(), user(), perm("/alert-rules/put"), bgrw(), alertRulePut)
+		pages.GET("/alert-rule/:arid", jwtAuth(), user(), perm("/alert-rules"), alertRuleGet)
 
-		pages.GET("/busi-group/:id/alert-mutes", jwtAuth(), user(), bgro(), alertMuteGets)
-		pages.POST("/busi-group/:id/alert-mutes", jwtAuth(), user(), bgrw(), alertMuteAdd)
-		pages.DELETE("/busi-group/:id/alert-mutes", jwtAuth(), user(), bgrw(), alertMuteDel)
+		pages.GET("/busi-group/:id/alert-mutes", jwtAuth(), user(), perm("/alert-mutes"), bgro(), alertMuteGets)
+		pages.POST("/busi-group/:id/alert-mutes", jwtAuth(), user(), perm("/alert-mutes/add"), bgrw(), alertMuteAdd)
+		pages.DELETE("/busi-group/:id/alert-mutes", jwtAuth(), user(), perm("/alert-mutes/del"), bgrw(), alertMuteDel)
 
-		pages.GET("/busi-group/:id/alert-subscribes", jwtAuth(), user(), bgro(), alertSubscribeGets)
-		pages.GET("/alert-subscribe/:sid", jwtAuth(), user(), alertSubscribeGet)
-		pages.POST("/busi-group/:id/alert-subscribes", jwtAuth(), user(), bgrw(), alertSubscribeAdd)
-		pages.PUT("/busi-group/:id/alert-subscribes", jwtAuth(), user(), bgrw(), alertSubscribePut)
-		pages.DELETE("/busi-group/:id/alert-subscribes", jwtAuth(), user(), bgrw(), alertSubscribeDel)
+		pages.GET("/busi-group/:id/alert-subscribes", jwtAuth(), user(), perm("/alert-subscribes"), bgro(), alertSubscribeGets)
+		pages.GET("/alert-subscribe/:sid", jwtAuth(), user(), perm("/alert-subscribes"), alertSubscribeGet)
+		pages.POST("/busi-group/:id/alert-subscribes", jwtAuth(), user(), perm("/alert-subscribes/add"), bgrw(), alertSubscribeAdd)
+		pages.PUT("/busi-group/:id/alert-subscribes", jwtAuth(), user(), perm("/alert-subscribes/put"), bgrw(), alertSubscribePut)
+		pages.DELETE("/busi-group/:id/alert-subscribes", jwtAuth(), user(), perm("/alert-subscribes/del"), bgrw(), alertSubscribeDel)
 
 		// pages.GET("/busi-group/:id/collect-rules", jwtAuth(), user(), bgro(), collectRuleGets)
 		// pages.POST("/busi-group/:id/collect-rules", jwtAuth(), user(), bgrw(), collectRuleAdd)
@@ -207,7 +207,7 @@ func configRoute(r *gin.Engine, version string) {
 
 		pages.GET("/busi-group/:id/alert-his-events", jwtAuth(), user(), bgro(), alertHisEventGets)
 		pages.GET("/busi-group/:id/alert-cur-events", jwtAuth(), user(), bgro(), alertCurEventGets)
-		pages.DELETE("/busi-group/:id/alert-cur-events", jwtAuth(), user(), bgrw(), alertCurEventDel)
+		pages.DELETE("/busi-group/:id/alert-cur-events", jwtAuth(), user(), perm("/alert-cur-events/del"), bgrw(), alertCurEventDel)
 
 		if config.C.AnonymousAccess.AlertDetail {
 			pages.GET("/alert-cur-event/:eid", alertCurEventGet)
@@ -217,18 +217,18 @@ func configRoute(r *gin.Engine, version string) {
 			pages.GET("/alert-his-event/:eid", jwtAuth(), alertHisEventGet)
 		}
 
-		pages.GET("/busi-group/:id/task-tpls", jwtAuth(), user(), bgro(), taskTplGets)
-		pages.POST("/busi-group/:id/task-tpls", jwtAuth(), user(), bgrw(), taskTplAdd)
-		pages.DELETE("/busi-group/:id/task-tpl/:tid", jwtAuth(), user(), bgrw(), taskTplDel)
-		pages.POST("/busi-group/:id/task-tpls/tags", jwtAuth(), user(), bgrw(), taskTplBindTags)
-		pages.DELETE("/busi-group/:id/task-tpls/tags", jwtAuth(), user(), bgrw(), taskTplUnbindTags)
-		pages.GET("/busi-group/:id/task-tpl/:tid", jwtAuth(), user(), bgro(), taskTplGet)
-		pages.PUT("/busi-group/:id/task-tpl/:tid", jwtAuth(), user(), bgrw(), taskTplPut)
-
-		pages.GET("/busi-group/:id/tasks", jwtAuth(), user(), bgro(), taskGets)
-		pages.POST("/busi-group/:id/tasks", jwtAuth(), user(), bgrw(), taskAdd)
-		pages.GET("/busi-group/:id/task/*url", jwtAuth(), user(), bgro(), taskProxy)
-		pages.PUT("/busi-group/:id/task/*url", jwtAuth(), user(), bgrw(), taskProxy)
+		pages.GET("/busi-group/:id/task-tpls", jwtAuth(), user(), perm("/job-tpls"), bgro(), taskTplGets)
+		pages.POST("/busi-group/:id/task-tpls", jwtAuth(), user(), perm("/job-tpls/add"), bgrw(), taskTplAdd)
+		pages.DELETE("/busi-group/:id/task-tpl/:tid", jwtAuth(), user(), perm("/job-tpls/del"), bgrw(), taskTplDel)
+		pages.POST("/busi-group/:id/task-tpls/tags", jwtAuth(), user(), perm("/job-tpls/put"), bgrw(), taskTplBindTags)
+		pages.DELETE("/busi-group/:id/task-tpls/tags", jwtAuth(), user(), perm("/job-tpls/put"), bgrw(), taskTplUnbindTags)
+		pages.GET("/busi-group/:id/task-tpl/:tid", jwtAuth(), user(), perm("/job-tpls"), bgro(), taskTplGet)
+		pages.PUT("/busi-group/:id/task-tpl/:tid", jwtAuth(), user(), perm("/job-tpls/put"), bgrw(), taskTplPut)
+
+		pages.GET("/busi-group/:id/tasks", jwtAuth(), user(), perm("/job-tasks"), bgro(), taskGets)
+		pages.POST("/busi-group/:id/tasks", jwtAuth(), user(), perm("/job-tasks/add"), bgrw(), taskAdd)
+		pages.GET("/busi-group/:id/task/*url", jwtAuth(), user(), perm("/job-tasks"), bgro(), taskProxy)
+		pages.PUT("/busi-group/:id/task/*url", jwtAuth(), user(), perm("/job-tasks/put"), bgrw(), taskProxy)
 	}
 
 	service := r.Group("/v1/n9e", gin.BasicAuth(config.C.BasicAuth))
-- 
GitLab