From 4e199b84eb77cabf3658bc7e1736ee4d6abb76c4 Mon Sep 17 00:00:00 2001 From: rainzm Date: Fri, 29 Jan 2021 20:03:03 +0800 Subject: [PATCH] fix(notify): be compatible with member's permission changes every user can create, modify and delete their own receiver info --- cmd/climc/shell/notifyv2/config.go | 2 +- pkg/cloudcommon/notifyclient/notify.go | 2 +- pkg/notify/models/config.go | 16 +------------ pkg/notify/models/receiver.go | 14 ++++++++++++ pkg/notify/policy/defaults.go | 31 ++++++++++++++++++-------- 5 files changed, 39 insertions(+), 26 deletions(-) diff --git a/cmd/climc/shell/notifyv2/config.go b/cmd/climc/shell/notifyv2/config.go index 3db4eb8b9a..0741883deb 100644 --- a/cmd/climc/shell/notifyv2/config.go +++ b/cmd/climc/shell/notifyv2/config.go @@ -111,7 +111,7 @@ func init() { } R(&ConfigGetTypesOptions{}, "notify-config-get-types", "Get all Config types", func(s *mcclient.ClientSession, args *ConfigGetTypesOptions) error { param := jsonutils.Marshal(args) - result, err := modules.NotifyConfig.PerformClassAction(s, "get-types", param) + result, err := modules.NotifyReceiver.PerformClassAction(s, "get-types", param) if err != nil { return err } diff --git a/pkg/cloudcommon/notifyclient/notify.go b/pkg/cloudcommon/notifyclient/notify.go index f54ecc6d6d..a7193c9e9c 100644 --- a/pkg/cloudcommon/notifyclient/notify.go +++ b/pkg/cloudcommon/notifyclient/notify.go @@ -514,7 +514,7 @@ func notifyRobot(ctx context.Context, robot string, recipientId []string, isGrou s := auth.GetAdminSession(ctx, consts.GetRegion(), "") params := jsonutils.NewDict() params.Set("robot", jsonutils.NewString(robot)) - result, err := modules.NotifyConfig.PerformClassAction(s, "get-types", params) + result, err := modules.NotifyReceiver.PerformClassAction(s, "get-types", params) if err != nil { return err } diff --git a/pkg/notify/models/config.go b/pkg/notify/models/config.go index e9407329e8..04b2ab9ae7 100644 --- a/pkg/notify/models/config.go +++ b/pkg/notify/models/config.go @@ -160,10 +160,6 @@ func (c *SConfig) StartRepullSubcontactTask(ctx context.Context, userCred mcclie return nil } -func (cm *SConfigManager) AllowPerformGetTypes(ctx context.Context, userCred mcclient.TokenCredential, query jsonutils.JSONObject) bool { - return true -} - func (cm *SConfigManager) filterContactType(cTypes []string, robot string) []string { var judge func(string) bool ret := make([]string, 0, len(cTypes)/2) @@ -189,16 +185,6 @@ func (cm *SConfigManager) filterContactType(cTypes []string, robot string) []str return ret } -func (cm *SConfigManager) PerformGetTypes(ctx context.Context, userCred mcclient.TokenCredential, query jsonutils.JSONObject, input api.ConfigManagerGetTypesInput) (api.ConfigManagerGetTypesOutput, error) { - output := api.ConfigManagerGetTypesOutput{} - allContactType, err := cm.allContactType() - if err != nil { - return output, err - } - output.Types = sortContactType(cm.filterContactType(allContactType, input.Robot)) - return output, nil -} - var sortedCTypes = []string{ api.WEBCONSOLE, api.EMAIL, api.MOBILE, api.DINGTALK, api.FEISHU, api.WORKWX, api.DINGTALK_ROBOT, api.FEISHU_ROBOT, api.WORKWX_ROBOT, } @@ -407,7 +393,7 @@ func (self *SConfigManager) InitializeData() error { } func (cm *SConfigManager) ResourceScope() rbacutils.TRbacScope { - return rbacutils.ScopeUser + return rbacutils.ScopeSystem } func (cm *SConfigManager) AllowCreateItem(ctx context.Context, userCred mcclient.TokenCredential, query jsonutils.JSONObject, data jsonutils.JSONObject) bool { diff --git a/pkg/notify/models/receiver.go b/pkg/notify/models/receiver.go index 666e69c0d9..66a6f7af91 100644 --- a/pkg/notify/models/receiver.go +++ b/pkg/notify/models/receiver.go @@ -592,6 +592,20 @@ func (rm *SReceiverManager) ListItemFilter(ctx context.Context, q *sqlchemy.SQue return q, nil } +func (r *SReceiverManager) AllowPerformGetTypes(ctx context.Context, userCred mcclient.TokenCredential, query jsonutils.JSONObject) bool { + return true +} + +func (cm *SReceiverManager) PerformGetTypes(ctx context.Context, userCred mcclient.TokenCredential, query jsonutils.JSONObject, input api.ConfigManagerGetTypesInput) (api.ConfigManagerGetTypesOutput, error) { + output := api.ConfigManagerGetTypesOutput{} + allContactType, err := ConfigManager.allContactType() + if err != nil { + return output, err + } + output.Types = sortContactType(ConfigManager.filterContactType(allContactType, input.Robot)) + return output, nil +} + func (rm *SReceiverManager) FetchCustomizeColumns(ctx context.Context, userCred mcclient.TokenCredential, query jsonutils.JSONObject, objs []interface{}, fields stringutils2.SSortedStrings, isList bool) []api.ReceiverDetails { sRows := rm.SStatusStandaloneResourceBaseManager.FetchCustomizeColumns(ctx, userCred, query, objs, fields, isList) dRows := rm.SDomainizedResourceBaseManager.FetchCustomizeColumns(ctx, userCred, query, objs, fields, isList) diff --git a/pkg/notify/policy/defaults.go b/pkg/notify/policy/defaults.go index 144b66611e..e7b990dcca 100644 --- a/pkg/notify/policy/defaults.go +++ b/pkg/notify/policy/defaults.go @@ -21,11 +21,12 @@ import ( ) const ( - PolicyActionGet = common_policy.PolicyActionGet - PolicyActionList = common_policy.PolicyActionList - PolicyActionCreate = common_policy.PolicyActionCreate - PolicyActionUpdate = common_policy.PolicyActionUpdate - PolicyActionDelete = common_policy.PolicyActionDelete + PolicyActionPerform = common_policy.PolicyActionPerform + PolicyActionGet = common_policy.PolicyActionGet + PolicyActionList = common_policy.PolicyActionList + PolicyActionCreate = common_policy.PolicyActionCreate + PolicyActionUpdate = common_policy.PolicyActionUpdate + PolicyActionDelete = common_policy.PolicyActionDelete ) var ( @@ -36,28 +37,40 @@ var ( Rules: []rbacutils.SRbacRule{ { Service: api.SERVICE_TYPE, - Resource: "contacts", + Resource: "receivers", + Action: PolicyActionGet, + Result: rbacutils.Allow, + }, + { + Service: api.SERVICE_TYPE, + Resource: "receivers", Action: PolicyActionList, Result: rbacutils.Allow, }, { Service: api.SERVICE_TYPE, - Resource: "contacts", + Resource: "receivers", Action: PolicyActionCreate, Result: rbacutils.Allow, }, { Service: api.SERVICE_TYPE, - Resource: "contacts", + Resource: "receivers", Action: PolicyActionUpdate, Result: rbacutils.Allow, }, { Service: api.SERVICE_TYPE, - Resource: "contacts", + Resource: "receivers", Action: PolicyActionDelete, Result: rbacutils.Allow, }, + { + Service: api.SERVICE_TYPE, + Resource: "receivers", + Action: PolicyActionPerform, + Result: rbacutils.Allow, + }, }, }, }