From 2a68d6458a67422d82cf2b61205c49e7784d1b70 Mon Sep 17 00:00:00 2001 From: donggyu Date: Wed, 20 Mar 2024 17:33:47 +0900 Subject: [PATCH 1/5] re mapping permissions --- .../delivery/api/endpoints_permission_test.go | 70 +++ .../delivery/api/generated_endpoints.go.go | 8 - internal/model/permission.go | 585 +++++++++++++----- pkg/domain/endpoint.go | 8 +- pkg/domain/permission.go | 4 - 5 files changed, 513 insertions(+), 162 deletions(-) create mode 100644 internal/delivery/api/endpoints_permission_test.go diff --git a/internal/delivery/api/endpoints_permission_test.go b/internal/delivery/api/endpoints_permission_test.go new file mode 100644 index 00000000..e6033894 --- /dev/null +++ b/internal/delivery/api/endpoints_permission_test.go @@ -0,0 +1,70 @@ +package api_test + +import ( + "github.com/openinfradev/tks-api/internal/delivery/api" + "github.com/openinfradev/tks-api/internal/model" + "testing" +) + +func TestEndpointsUsage(t *testing.T) { + var allEndpoints []string + for _, v := range api.ApiMap { + allEndpoints = append(allEndpoints, v.Name) + } + //allEndpoints := []Endpoint{ + // Login, Logout, RefreshToken, FindId, // 계속해서 모든 Endpoint 추가 + // // 나머지 Endpoint 상수들을 여기에 추가 + //} + usageCount := make(map[string]int) + ps := model.NewAdminPermissionSet() + + permissions := []*model.Permission{ + ps.Dashboard, + ps.Notification, + ps.Configuration, + ps.ProjectManagement, + ps.Stack, + ps.SecurityPolicy, + ps.Common, + ps.Admin, + } + + leafPermissions := make([]*model.Permission, 0) + + for _, perm := range permissions { + leafPermissions = model.GetEdgePermission(perm, leafPermissions, nil) + } + + // Permission 설정에서 Endpoint 사용 횟수 카운트 + for _, perm := range leafPermissions { + countEndpoints(perm, usageCount) + } + + var unusedEndpoints, duplicatedEndpoints []string + + // 미사용 또는 중복 사용된 Endpoint 확인 및 출력 + for _, endpoint := range allEndpoints { + count, exists := usageCount[endpoint] + if !exists { + unusedEndpoints = append(unusedEndpoints, endpoint) + } else if count > 1 { + duplicatedEndpoints = append(duplicatedEndpoints, endpoint) + } + } + + for _, endpoint := range unusedEndpoints { + t.Logf("Unused Endpoint: %s", endpoint) + } + + t.Logf("\n") + for _, endpoint := range duplicatedEndpoints { + t.Logf("Duplicated Endpoint: %s", endpoint) + } + +} + +func countEndpoints(perm *model.Permission, usageCount map[string]int) { + for _, endpoint := range perm.Endpoints { + usageCount[endpoint.Name]++ + } +} diff --git a/internal/delivery/api/generated_endpoints.go.go b/internal/delivery/api/generated_endpoints.go.go index 891ac188..ede19eb8 100644 --- a/internal/delivery/api/generated_endpoints.go.go +++ b/internal/delivery/api/generated_endpoints.go.go @@ -35,10 +35,6 @@ var ApiMap = map[Endpoint]EndpointInfo{ Name: "VerifyToken", Group: "Auth", }, - DeleteToken: { - Name: "DeleteToken", - Group: "Auth", - }, CreateUser: { Name: "CreateUser", Group: "User", @@ -826,8 +822,6 @@ func (e Endpoint) String() string { return "VerifyIdentityForLostPassword" case VerifyToken: return "VerifyToken" - case DeleteToken: - return "DeleteToken" case CreateUser: return "CreateUser" case ListUser: @@ -1234,8 +1228,6 @@ func GetEndpoint(name string) Endpoint { return VerifyIdentityForLostPassword case "VerifyToken": return VerifyToken - case "DeleteToken": - return DeleteToken case "CreateUser": return CreateUser case "ListUser": diff --git a/internal/model/permission.go b/internal/model/permission.go index 5025d766..746b1257 100644 --- a/internal/model/permission.go +++ b/internal/model/permission.go @@ -11,9 +11,9 @@ type PermissionKind string const ( DashBoardPermission PermissionKind = "대시보드" - StackPermission PermissionKind = "스택 관리" - SecurityPolicyPermission PermissionKind = "보안/정책 관리" - ProjectManagementPermission PermissionKind = "프로젝트 관리" + StackPermission PermissionKind = "스택" + SecurityPolicyPermission PermissionKind = "정책" + ProjectManagementPermission PermissionKind = "프로젝트" NotificationPermission PermissionKind = "알림" ConfigurationPermission PermissionKind = "설정" ) @@ -42,6 +42,8 @@ type PermissionSet struct { ProjectManagement *Permission `gorm:"-:all" json:"project_management,omitempty"` Notification *Permission `gorm:"-:all" json:"notification,omitempty"` Configuration *Permission `gorm:"-:all" json:"configuration,omitempty"` + Common *Permission `gorm:"-:all" json:"common,omitempty"` + Admin *Permission `gorm:"-:all" json:"admin,omitempty"` } func NewDefaultPermissionSet() *PermissionSet { @@ -52,6 +54,20 @@ func NewDefaultPermissionSet() *PermissionSet { ProjectManagement: newProjectManagement(), Notification: newNotification(), Configuration: newConfiguration(), + Common: newCommon(), + } +} + +func NewAdminPermissionSet() *PermissionSet { + return &PermissionSet{ + Admin: newAdmin(), + Dashboard: newDashboard(), + Stack: newStack(), + SecurityPolicy: newSecurityPolicy(), + ProjectManagement: newProjectManagement(), + Notification: newNotification(), + Configuration: newConfiguration(), + Common: newCommon(), } } @@ -101,84 +117,98 @@ func newDashboard() *Permission { api.GetResourcesDashboard, ), }, + { + ID: uuid.New(), + Name: "수정", + IsAllowed: helper.BoolP(false), + }, }, }, + }, + } + + return dashboard +} + +func newStack() *Permission { + stack := &Permission{ + ID: uuid.New(), + Name: string(StackPermission), + Children: []*Permission{ { ID: uuid.New(), - Name: "대시보드 설정", + Name: "스택", Children: []*Permission{ { ID: uuid.New(), Name: "조회", IsAllowed: helper.BoolP(false), + Endpoints: endpointObjects( + api.GetStacks, + api.GetStack, + api.CheckStackName, + api.GetStackStatus, + api.GetStackKubeConfig, + + api.SetFavoriteStack, + api.DeleteFavoriteStack, + + // Cluster + api.GetCluster, + api.GetClusters, + api.GetClusterSiteValues, + api.GetBootstrapKubeconfig, + api.GetNodes, + + // AppGroup + api.GetAppgroups, + api.GetAppgroup, + api.GetApplications, + ), }, { ID: uuid.New(), Name: "생성", IsAllowed: helper.BoolP(false), + Endpoints: endpointObjects( + api.CreateStack, + api.InstallStack, + api.CreateAppgroup, + + // Cluster + api.CreateCluster, + api.ImportCluster, + api.InstallCluster, + api.CreateBootstrapKubeconfig, + + // AppGroup + api.CreateAppgroup, + api.CreateApplication, + ), }, { ID: uuid.New(), Name: "수정", IsAllowed: helper.BoolP(false), + Endpoints: endpointObjects( + api.UpdateStack, + ), }, { ID: uuid.New(), Name: "삭제", IsAllowed: helper.BoolP(false), - }, - }, - }, - }, - } + Endpoints: endpointObjects( + api.DeleteStack, - return dashboard -} + // Cluster + api.DeleteCluster, -func newStack() *Permission { - stack := &Permission{ - ID: uuid.New(), - Name: string(StackPermission), - Children: []*Permission{ - { - ID: uuid.New(), - Name: "조회", - IsAllowed: helper.BoolP(false), - Endpoints: endpointObjects( - api.GetStacks, - api.GetStack, - api.CheckStackName, - api.GetStackStatus, - api.GetStackKubeConfig, - - api.SetFavoriteStack, - api.DeleteFavoriteStack, - ), - }, - { - ID: uuid.New(), - Name: "생성", - IsAllowed: helper.BoolP(false), - Endpoints: endpointObjects( - api.CreateStack, - api.InstallStack, - ), - }, - { - ID: uuid.New(), - Name: "수정", - IsAllowed: helper.BoolP(false), - Endpoints: endpointObjects( - api.UpdateStack, - ), - }, - { - ID: uuid.New(), - Name: "삭제", - IsAllowed: helper.BoolP(false), - Endpoints: endpointObjects( - api.DeleteStack, - ), + // AppGroup + api.DeleteAppgroup, + ), + }, + }, }, }, } @@ -193,27 +223,107 @@ func newSecurityPolicy() *Permission { Children: []*Permission{ { ID: uuid.New(), - Name: "보안/정책", + Name: "정책", Children: []*Permission{ { ID: uuid.New(), Name: "조회", IsAllowed: helper.BoolP(false), + Endpoints: endpointObjects( + // PolicyTemplate + api.ListPolicyTemplate, + api.GetPolicyTemplate, + api.GetPolicyTemplateDeploy, + api.ListPolicyTemplateStatistics, + api.ListPolicyTemplateVersions, + api.GetPolicyTemplateVersion, + api.ExistsPolicyTemplateName, + api.ExistsPolicyTemplateKind, + + // ClusterPolicyStatus + api.ListClusterPolicyStatus, + api.GetClusterPolicyTemplateStatus, + + // Policy + api.GetMandatoryPolicies, + api.ListPolicy, + api.GetPolicy, + api.ExistsPolicyName, + + // OrganizationPolicyTemplate + api.ListOrganizationPolicyTemplate, + api.GetOrganizationPolicyTemplate, + api.GetOrganizationPolicyTemplateDeploy, + api.ListOrganizationPolicyTemplateStatistics, + api.ListOrganizationPolicyTemplateVersions, + api.GetOrganizationPolicyTemplateVersion, + api.ExistsOrganizationPolicyTemplateKind, + api.ExistsOrganizationPolicyTemplateName, + + // PolicyTemplateExample + api.ListPolicyTemplateExample, + api.GetPolicyTemplateExample, + ), }, { ID: uuid.New(), Name: "생성", IsAllowed: helper.BoolP(false), + Endpoints: endpointObjects( + // PolicyTemplate + api.CreatePolicyTemplate, + api.CreatePolicyTemplateVersion, + + // Policy + api.SetMandatoryPolicies, + api.CreatePolicy, + + // OrganizationPolicyTemplate + api.CreateOrganizationPolicyTemplate, + api.CreateOrganizationPolicyTemplateVersion, + ), }, { ID: uuid.New(), Name: "수정", IsAllowed: helper.BoolP(false), + Endpoints: endpointObjects( + // PolicyTemplate + api.UpdatePolicyTemplate, + + // ClusterPolicyStatus + api.UpdateClusterPolicyTemplateStatus, + + // Policy + api.UpdatePolicy, + api.UpdatePolicyTargetClusters, + + // OrganizationPolicyTemplate + api.UpdateOrganizationPolicyTemplate, + + // PolicyTemplateExample + api.UpdatePolicyTemplateExample, + ), }, { ID: uuid.New(), Name: "삭제", IsAllowed: helper.BoolP(false), + Endpoints: endpointObjects( + // PolicyTemplate + api.DeletePolicyTemplate, + api.DeletePolicyTemplateVersion, + + // Policy + api.DeletePolicy, + + // OrganizationPolicyTemplate + api.DeleteOrganizationPolicyTemplate, + api.DeleteOrganizationPolicyTemplateVersion, + + // PolicyTemplateExample + api.DeletePolicyTemplateExample, + ), }, }, }, @@ -223,77 +333,98 @@ func newSecurityPolicy() *Permission { return security_policy } -func newProjectManagement() *Permission { - projectManagement := &Permission{ +func newNotification() *Permission { + notification := &Permission{ ID: uuid.New(), - Name: string(ProjectManagementPermission), + Name: string(NotificationPermission), Children: []*Permission{ { ID: uuid.New(), - Name: "프로젝트", + Name: "시스템 알림", Children: []*Permission{ { ID: uuid.New(), Name: "조회", IsAllowed: helper.BoolP(false), Endpoints: endpointObjects( - api.GetProjects, - api.GetProject, + api.GetSystemNotification, + api.GetSystemNotifications, ), }, { ID: uuid.New(), - Name: "생성", + Name: "수정", IsAllowed: helper.BoolP(false), Endpoints: endpointObjects( - api.CreateProject, + api.UpdateSystemNotification, + api.CreateSystemNotificationAction, ), }, + { + ID: uuid.New(), + Name: "다운로드", + IsAllowed: helper.BoolP(false), + Children: []*Permission{}, + }, }, }, { ID: uuid.New(), - Name: "앱 서빙", + Name: "정책 알림", + Children: []*Permission{ + { + ID: uuid.New(), + Name: "조회", + IsAllowed: helper.BoolP(false), + Children: []*Permission{}, + }, + { + ID: uuid.New(), + Name: "다운로드", + IsAllowed: helper.BoolP(false), + Children: []*Permission{}, + }, + }, + }, + }, + } + + return notification +} + +func newProjectManagement() *Permission { + projectManagement := &Permission{ + ID: uuid.New(), + Name: string(ProjectManagementPermission), + Children: []*Permission{ + { + ID: uuid.New(), + Name: "프로젝트", Children: []*Permission{ { ID: uuid.New(), Name: "조회", IsAllowed: helper.BoolP(false), Endpoints: endpointObjects( - api.GetAppServeApps, - api.GetAppServeApp, - api.GetNumOfAppsOnStack, - api.GetAppServeAppLatestTask, - api.IsAppServeAppExist, - api.IsAppServeAppNameExist, + api.GetProjects, + api.GetProject, + api.GetProjectKubeconfig, ), }, { ID: uuid.New(), - Name: "빌드", + Name: "생성", IsAllowed: helper.BoolP(false), Endpoints: endpointObjects( - api.CreateAppServeApp, - api.IsAppServeAppExist, - api.IsAppServeAppNameExist, - api.UpdateAppServeApp, - api.UpdateAppServeAppEndpoint, - api.UpdateAppServeAppStatus, - api.RollbackAppServeApp, + api.CreateProject, ), }, { ID: uuid.New(), - Name: "배포", + Name: "수정", IsAllowed: helper.BoolP(false), Endpoints: endpointObjects( - api.CreateAppServeApp, - api.IsAppServeAppExist, - api.IsAppServeAppNameExist, - api.UpdateAppServeApp, - api.UpdateAppServeAppEndpoint, - api.UpdateAppServeAppStatus, - api.RollbackAppServeApp, + api.UpdateProject, ), }, { @@ -301,14 +432,14 @@ func newProjectManagement() *Permission { Name: "삭제", IsAllowed: helper.BoolP(false), Endpoints: endpointObjects( - api.DeleteAppServeApp, + api.DeleteProject, ), }, }, }, { ID: uuid.New(), - Name: "설정-일반", + Name: "일반 설정", Children: []*Permission{ { ID: uuid.New(), @@ -330,19 +461,11 @@ func newProjectManagement() *Permission { api.UpdateProject, ), }, - { - ID: uuid.New(), - Name: "삭제", - IsAllowed: helper.BoolP(false), - Endpoints: endpointObjects( - api.DeleteProject, - ), - }, }, }, { ID: uuid.New(), - Name: "설정-멤버", + Name: "구성원 설정", Children: []*Permission{ { ID: uuid.New(), @@ -383,7 +506,7 @@ func newProjectManagement() *Permission { }, { ID: uuid.New(), - Name: "설정-네임스페이스", + Name: "네임스페이스", Children: []*Permission{ { ID: uuid.New(), @@ -392,6 +515,7 @@ func newProjectManagement() *Permission { Endpoints: endpointObjects( api.GetProjectNamespaces, api.GetProjectNamespace, + api.GetProjectNamespaceK8sResources, ), }, { @@ -406,7 +530,9 @@ func newProjectManagement() *Permission { ID: uuid.New(), Name: "수정", IsAllowed: helper.BoolP(false), - Endpoints: endpointObjects(), + Endpoints: endpointObjects( + api.UpdateProjectNamespace, + ), }, { ID: uuid.New(), @@ -418,43 +544,67 @@ func newProjectManagement() *Permission { }, }, }, - }, - } - - return projectManagement -} - -func newNotification() *Permission { - notification := &Permission{ - ID: uuid.New(), - Name: string(NotificationPermission), - Children: []*Permission{ { ID: uuid.New(), - Name: "시스템 경고", + Name: "앱 서빙", Children: []*Permission{ { ID: uuid.New(), Name: "조회", IsAllowed: helper.BoolP(false), + Endpoints: endpointObjects( + api.GetAppServeApps, + api.GetAppServeApp, + api.GetNumOfAppsOnStack, + api.GetAppServeAppLatestTask, + api.IsAppServeAppExist, + api.IsAppServeAppNameExist, + api.GetAppServeAppTaskDetail, + api.GetAppServeAppTasksByAppId, + ), }, - }, - }, - { - ID: uuid.New(), - Name: "보안/정책 감사로그", - Children: []*Permission{ { ID: uuid.New(), - Name: "조회", + Name: "생성", + IsAllowed: helper.BoolP(false), + Endpoints: endpointObjects( + api.CreateAppServeApp, + api.IsAppServeAppExist, + api.IsAppServeAppNameExist, + api.UpdateAppServeApp, + api.UpdateAppServeAppEndpoint, + api.UpdateAppServeAppStatus, + api.RollbackAppServeApp, + ), + }, + { + ID: uuid.New(), + Name: "수정", IsAllowed: helper.BoolP(false), + Endpoints: endpointObjects( + api.CreateAppServeApp, + api.IsAppServeAppExist, + api.IsAppServeAppNameExist, + api.UpdateAppServeApp, + api.UpdateAppServeAppEndpoint, + api.UpdateAppServeAppStatus, + api.RollbackAppServeApp, + ), + }, + { + ID: uuid.New(), + Name: "삭제", + IsAllowed: helper.BoolP(false), + Endpoints: endpointObjects( + api.DeleteAppServeApp, + ), }, }, }, }, } - return notification + return projectManagement } func newConfiguration() *Permission { @@ -486,38 +636,44 @@ func newConfiguration() *Permission { ID: uuid.New(), Name: "조회", IsAllowed: helper.BoolP(false), + Endpoints: endpointObjects( + api.GetCloudAccounts, + api.GetCloudAccount, + api.CheckCloudAccountName, + api.CheckAwsAccountId, + api.GetResourceQuota, + ), }, { ID: uuid.New(), Name: "생성", IsAllowed: helper.BoolP(false), + Endpoints: endpointObjects( + api.CreateCloudAccount, + ), }, { ID: uuid.New(), Name: "수정", IsAllowed: helper.BoolP(false), + Endpoints: endpointObjects( + api.UpdateCloudAccount, + ), }, { ID: uuid.New(), Name: "삭제", IsAllowed: helper.BoolP(false), + Endpoints: endpointObjects( + api.DeleteCloudAccount, + api.DeleteForceCloudAccount, + ), }, }, }, { ID: uuid.New(), - Name: "스택 템플릿", - Children: []*Permission{ - { - ID: uuid.New(), - Name: "조회", - IsAllowed: helper.BoolP(false), - }, - }, - }, - { - ID: uuid.New(), - Name: "프로젝트 관리", + Name: "프로젝트", Children: []*Permission{ { ID: uuid.New(), @@ -529,16 +685,6 @@ func newConfiguration() *Permission { Name: "생성", IsAllowed: helper.BoolP(false), }, - { - ID: uuid.New(), - Name: "수정", - IsAllowed: helper.BoolP(false), - }, - { - ID: uuid.New(), - Name: "삭제", - IsAllowed: helper.BoolP(false), - }, }, }, { @@ -549,73 +695,120 @@ func newConfiguration() *Permission { ID: uuid.New(), Name: "조회", IsAllowed: helper.BoolP(false), + Endpoints: endpointObjects( + api.ListUser, + api.GetUser, + api.CheckId, + api.CheckEmail, + ), }, { ID: uuid.New(), Name: "생성", IsAllowed: helper.BoolP(false), + Endpoints: endpointObjects( + api.CreateUser, + api.CheckId, + api.CheckEmail, + ), }, { ID: uuid.New(), Name: "수정", IsAllowed: helper.BoolP(false), + Endpoints: endpointObjects( + api.UpdateUser, + api.ResetPassword, + ), }, { ID: uuid.New(), Name: "삭제", IsAllowed: helper.BoolP(false), + Endpoints: endpointObjects( + api.DeleteUser, + ), }, }, }, { ID: uuid.New(), - Name: "사용자 권한 관리", + Name: "역할 및 권한", Children: []*Permission{ { ID: uuid.New(), Name: "조회", IsAllowed: helper.BoolP(false), + Endpoints: endpointObjects( + api.ListTksRoles, + api.GetTksRole, + api.GetPermissionsByRoleId, + api.GetPermissionTemplates, + ), }, { ID: uuid.New(), Name: "생성", IsAllowed: helper.BoolP(false), + Endpoints: endpointObjects( + api.CreateTksRole, + ), }, { ID: uuid.New(), Name: "수정", IsAllowed: helper.BoolP(false), + Endpoints: endpointObjects( + api.UpdateTksRole, + api.UpdatePermissionsByRoleId, + ), }, { ID: uuid.New(), Name: "삭제", IsAllowed: helper.BoolP(false), + Endpoints: endpointObjects( + api.DeleteTksRole, + ), }, }, }, { ID: uuid.New(), - Name: "알림 설정", + Name: "시스템 알림", Children: []*Permission{ { ID: uuid.New(), Name: "조회", IsAllowed: helper.BoolP(false), + Endpoints: endpointObjects( + api.GetSystemNotificationRules, + api.GetSystemNotificationRule, + ), }, { ID: uuid.New(), Name: "생성", IsAllowed: helper.BoolP(false), + Endpoints: endpointObjects( + api.CreateSystemNotificationRule, + ), }, { ID: uuid.New(), Name: "수정", IsAllowed: helper.BoolP(false), + Endpoints: endpointObjects( + api.UpdateSystemNotificationRule, + ), }, { ID: uuid.New(), Name: "삭제", IsAllowed: helper.BoolP(false), + Endpoints: endpointObjects( + api.DeleteSystemNotificationRule, + ), }, }, }, @@ -625,6 +818,110 @@ func newConfiguration() *Permission { return configuration } +func newCommon() *Permission { + common := &Permission{ + ID: uuid.New(), + Name: "공통", + IsAllowed: helper.BoolP(true), + Endpoints: endpointObjects( + // Auth + api.Login, + api.Logout, + api.RefreshToken, + api.FindId, + api.FindPassword, + api.VerifyIdentityForLostId, + api.VerifyIdentityForLostPassword, + api.VerifyToken, + + // Stack + api.SetFavoriteStack, + api.DeleteFavoriteStack, + + // Project + api.SetFavoriteProject, + api.SetFavoriteProjectNamespace, + api.UnSetFavoriteProject, + api.UnSetFavoriteProjectNamespace, + + // MyProfile + api.GetMyProfile, + api.UpdateMyProfile, + api.UpdateMyPassword, + api.RenewPasswordExpiredDate, + api.DeleteMyProfile, + + // StackTemplate + api.GetOrganizationStackTemplates, + api.GetOrganizationStackTemplate, + + // Utiliy + api.CompileRego, + ), + } + + return common + +} + +func newAdmin() *Permission { + admin := &Permission{ + ID: uuid.New(), + Name: "관리자", + IsAllowed: helper.BoolP(true), + Endpoints: endpointObjects( + // Organization + api.Admin_CreateOrganization, + api.Admin_DeleteOrganization, + api.UpdateOrganization, + api.GetOrganization, + api.GetOrganizations, + api.UpdatePrimaryCluster, + api.CheckOrganizationName, + + // User + api.ResetPassword, + api.CheckId, + api.CheckEmail, + + // StackTemplate + api.Admin_GetStackTemplates, + api.Admin_GetStackTemplate, + api.Admin_GetStackTemplateServices, + api.Admin_CreateStackTemplate, + api.Admin_UpdateStackTemplate, + api.Admin_DeleteStackTemplate, + api.Admin_UpdateStackTemplateOrganizations, + api.Admin_CheckStackTemplateName, + + // Admin + api.Admin_GetUser, + api.Admin_ListUser, + api.Admin_CreateUser, + api.Admin_UpdateUser, + api.Admin_DeleteUser, + api.Admin_GetSystemNotificationTemplate, + api.Admin_CreateSystemNotificationTemplate, + api.Admin_ListUser, + api.Admin_GetTksRole, + api.Admin_GetProjects, + api.Admin_UpdateSystemNotificationTemplate, + api.Admin_ListTksRoles, + api.Admin_GetSystemNotificationTemplates, + + // Audit + api.GetAudits, + api.GetAudit, + api.DeleteAudit, + + api.CreateSystemNotification, + api.DeleteSystemNotification, + ), + } + + return admin +} + func (p *PermissionSet) SetAllowedPermissionSet() { edgePermissions := make([]*Permission, 0) edgePermissions = append(edgePermissions, GetEdgePermission(p.Dashboard, edgePermissions, nil)...) diff --git a/pkg/domain/endpoint.go b/pkg/domain/endpoint.go index e2a2127d..33acdc92 100644 --- a/pkg/domain/endpoint.go +++ b/pkg/domain/endpoint.go @@ -1,10 +1,6 @@ package domain -import "time" - type EndpointResponse struct { - Name string `json:"name"` - Group string `json:"group"` - CreatedAt time.Time `json:"createdAt"` - UpdatedAt time.Time `json:"updatedAt"` + Name string `json:"name"` + Group string `json:"group"` } diff --git a/pkg/domain/permission.go b/pkg/domain/permission.go index f7b69f40..8be227a2 100644 --- a/pkg/domain/permission.go +++ b/pkg/domain/permission.go @@ -8,11 +8,7 @@ type PermissionResponse struct { ID uuid.UUID `json:"ID"` Name string `json:"name"` IsAllowed *bool `json:"is_allowed,omitempty"` - RoleID *string `json:"role_id,omitempty"` - Role *RoleResponse `json:"role,omitempty"` Endpoints []*EndpointResponse `json:"endpoints,omitempty"` - ParentID *uuid.UUID `json:"parent_id,omitempty"` - Parent *PermissionResponse `json:"parent,omitempty"` Children []*PermissionResponse `json:"children,omitempty"` } From 4b23ce03f342d3d4f97ee059688383e48cfca188 Mon Sep 17 00:00:00 2001 From: donggyu Date: Fri, 22 Mar 2024 17:41:55 +0900 Subject: [PATCH 2/5] change permission API --- internal/delivery/api/endpoint.go | 1 + .../delivery/api/endpoints_permission_test.go | 2 +- .../delivery/api/generated_endpoints.go.go | 16 ++ internal/delivery/http/permission.go | 168 +++++++++++++++--- internal/model/permission.go | 153 +++++++++++++--- internal/route/route.go | 1 + internal/usecase/permission.go | 44 ++++- pkg/domain/permission.go | 60 +++++-- 8 files changed, 379 insertions(+), 66 deletions(-) diff --git a/internal/delivery/api/endpoint.go b/internal/delivery/api/endpoint.go index 2364a2ea..81e11753 100644 --- a/internal/delivery/api/endpoint.go +++ b/internal/delivery/api/endpoint.go @@ -195,6 +195,7 @@ const ( GetPermissionTemplates GetPermissionsByRoleId UpdatePermissionsByRoleId + GetPermissionsByAccountId // Admin_User Admin_CreateUser diff --git a/internal/delivery/api/endpoints_permission_test.go b/internal/delivery/api/endpoints_permission_test.go index e6033894..b012f456 100644 --- a/internal/delivery/api/endpoints_permission_test.go +++ b/internal/delivery/api/endpoints_permission_test.go @@ -24,7 +24,7 @@ func TestEndpointsUsage(t *testing.T) { ps.Configuration, ps.ProjectManagement, ps.Stack, - ps.SecurityPolicy, + ps.Policy, ps.Common, ps.Admin, } diff --git a/internal/delivery/api/generated_endpoints.go.go b/internal/delivery/api/generated_endpoints.go.go index ede19eb8..4d5dccdb 100644 --- a/internal/delivery/api/generated_endpoints.go.go +++ b/internal/delivery/api/generated_endpoints.go.go @@ -35,6 +35,10 @@ var ApiMap = map[Endpoint]EndpointInfo{ Name: "VerifyToken", Group: "Auth", }, + DeleteToken: { + Name: "DeleteToken", + Group: "Auth", + }, CreateUser: { Name: "CreateUser", Group: "User", @@ -599,6 +603,10 @@ var ApiMap = map[Endpoint]EndpointInfo{ Name: "UpdatePermissionsByRoleId", Group: "Permission", }, + GetPermissionsByAccountId: { + Name: "GetPermissionsByAccountId", + Group: "Permission", + }, Admin_CreateUser: { Name: "Admin_CreateUser", Group: "Admin_User", @@ -822,6 +830,8 @@ func (e Endpoint) String() string { return "VerifyIdentityForLostPassword" case VerifyToken: return "VerifyToken" + case DeleteToken: + return "DeleteToken" case CreateUser: return "CreateUser" case ListUser: @@ -1104,6 +1114,8 @@ func (e Endpoint) String() string { return "GetPermissionsByRoleId" case UpdatePermissionsByRoleId: return "UpdatePermissionsByRoleId" + case GetPermissionsByAccountId: + return "GetPermissionsByAccountId" case Admin_CreateUser: return "Admin_CreateUser" case Admin_ListUser: @@ -1228,6 +1240,8 @@ func GetEndpoint(name string) Endpoint { return VerifyIdentityForLostPassword case "VerifyToken": return VerifyToken + case "DeleteToken": + return DeleteToken case "CreateUser": return CreateUser case "ListUser": @@ -1510,6 +1524,8 @@ func GetEndpoint(name string) Endpoint { return GetPermissionsByRoleId case "UpdatePermissionsByRoleId": return UpdatePermissionsByRoleId + case "GetPermissionsByAccountId": + return GetPermissionsByAccountId case "Admin_CreateUser": return Admin_CreateUser case "Admin_ListUser": diff --git a/internal/delivery/http/permission.go b/internal/delivery/http/permission.go index 9e660850..8ec9b7e9 100644 --- a/internal/delivery/http/permission.go +++ b/internal/delivery/http/permission.go @@ -1,15 +1,14 @@ package http import ( + "context" "net/http" "github.com/gorilla/mux" "github.com/openinfradev/tks-api/internal/model" - "github.com/openinfradev/tks-api/internal/serializer" "github.com/openinfradev/tks-api/internal/usecase" "github.com/openinfradev/tks-api/pkg/domain" "github.com/openinfradev/tks-api/pkg/httpErrors" - "github.com/openinfradev/tks-api/pkg/log" ) type IPermissionHandler interface { @@ -20,11 +19,13 @@ type IPermissionHandler interface { type PermissionHandler struct { permissionUsecase usecase.IPermissionUsecase + userUsecase usecase.IUserUsecase } func NewPermissionHandler(usecase usecase.Usecase) *PermissionHandler { return &PermissionHandler{ permissionUsecase: usecase.Permission, + userUsecase: usecase.User, } } @@ -41,20 +42,110 @@ func NewPermissionHandler(usecase usecase.Usecase) *PermissionHandler { func (h PermissionHandler) GetPermissionTemplates(w http.ResponseWriter, r *http.Request) { permissionSet := model.NewDefaultPermissionSet() - var premissionSetResponse domain.PermissionSetResponse - if err := serializer.Map(r.Context(), permissionSet, &premissionSetResponse); err != nil { - log.Info(r.Context(), err) + var out domain.GetPermissionTemplatesResponse + out.Permissions = new(domain.PermissionTemplateResponse) + + out.Permissions.Dashboard = convertModelToPermissionTemplateResponse(r.Context(), permissionSet.Dashboard) + out.Permissions.Stack = convertModelToPermissionTemplateResponse(r.Context(), permissionSet.Stack) + out.Permissions.Policy = convertModelToPermissionTemplateResponse(r.Context(), permissionSet.Policy) + out.Permissions.ProjectManagement = convertModelToPermissionTemplateResponse(r.Context(), permissionSet.ProjectManagement) + out.Permissions.Notification = convertModelToPermissionTemplateResponse(r.Context(), permissionSet.Notification) + out.Permissions.Configuration = convertModelToPermissionTemplateResponse(r.Context(), permissionSet.Configuration) + + ResponseJSON(w, r, http.StatusOK, out) +} + +func convertModelToPermissionTemplateResponse(ctx context.Context, permission *model.Permission) *domain.TemplateResponse { + var permissionResponse domain.TemplateResponse + + permissionResponse.Key = permission.Key + permissionResponse.Name = permission.Name + if permission.IsAllowed != nil { + permissionResponse.IsAllowed = permission.IsAllowed } - var out domain.GetPermissionTemplatesResponse - out.Permissions = append(out.Permissions, premissionSetResponse.Dashboard) - out.Permissions = append(out.Permissions, premissionSetResponse.Stack) - out.Permissions = append(out.Permissions, premissionSetResponse.SecurityPolicy) - out.Permissions = append(out.Permissions, premissionSetResponse.ProjectManagement) - out.Permissions = append(out.Permissions, premissionSetResponse.Notification) - out.Permissions = append(out.Permissions, premissionSetResponse.Configuration) + for _, child := range permission.Children { + permissionResponse.Children = append(permissionResponse.Children, convertModelToPermissionTemplateResponse(ctx, child)) + } + + return &permissionResponse +} + +// GetPermissionsByAccountId godoc +// +// @Tags Permission +// @Summary Get Permissions By Account ID +// @Description Get Permissions By Account ID +// @Accept json +// @Produce json +// @Success 200 {object} domain.GetUsersPermissionsResponse +// @Router /organizations/{organizationId}/users/{accountId}/permissions [get] +// @Security JWT +func (h PermissionHandler) GetPermissionsByAccountId(w http.ResponseWriter, r *http.Request) { + var organizationId, accountId string + + vars := mux.Vars(r) + if v, ok := vars["accountId"]; !ok { + ErrorJSON(w, r, httpErrors.NewBadRequestError(nil, "", "")) + return + } else { + accountId = v + } + if v, ok := vars["organizationId"]; !ok { + ErrorJSON(w, r, httpErrors.NewBadRequestError(nil, "", "")) + return + } else { + organizationId = v + } + + user, err := h.userUsecase.GetByAccountId(r.Context(), accountId, organizationId) + if err != nil { + ErrorJSON(w, r, httpErrors.NewInternalServerError(err, "", "")) + return + } + var roles []*model.Role + roles = append(roles, &user.Role) + + var permissionSets []*model.PermissionSet + for _, role := range roles { + permissionSet, err := h.permissionUsecase.GetPermissionSetByRoleId(r.Context(), role.ID) + if err != nil { + ErrorJSON(w, r, httpErrors.NewInternalServerError(err, "", "")) + return + } + permissionSets = append(permissionSets, permissionSet) + } + + mergedPermissionSet := h.permissionUsecase.MergePermissionWithOrOperator(r.Context(), permissionSets...) + + var permissions domain.MergedPermissionSetResponse + permissions.Dashboard = convertModelToMergedPermissionSetResponse(r.Context(), mergedPermissionSet.Dashboard) + permissions.Stack = convertModelToMergedPermissionSetResponse(r.Context(), mergedPermissionSet.Stack) + permissions.Policy = convertModelToMergedPermissionSetResponse(r.Context(), mergedPermissionSet.Policy) + permissions.ProjectManagement = convertModelToMergedPermissionSetResponse(r.Context(), mergedPermissionSet.ProjectManagement) + permissions.Notification = convertModelToMergedPermissionSetResponse(r.Context(), mergedPermissionSet.Notification) + permissions.Configuration = convertModelToMergedPermissionSetResponse(r.Context(), mergedPermissionSet.Configuration) + + var out domain.GetUsersPermissionsResponse + out.Permissions = &permissions ResponseJSON(w, r, http.StatusOK, out) + +} + +func convertModelToMergedPermissionSetResponse(ctx context.Context, permission *model.Permission) *domain.MergePermissionResponse { + var permissionResponse domain.MergePermissionResponse + + permissionResponse.Key = permission.Key + if permission.IsAllowed != nil { + permissionResponse.IsAllowed = permission.IsAllowed + } + + for _, child := range permission.Children { + permissionResponse.Children = append(permissionResponse.Children, convertModelToMergedPermissionSetResponse(ctx, child)) + } + + return &permissionResponse } // GetPermissionsByRoleId godoc @@ -85,22 +176,50 @@ func (h PermissionHandler) GetPermissionsByRoleId(w http.ResponseWriter, r *http return } - var premissionSetResponse domain.PermissionSetResponse - if err := serializer.Map(r.Context(), permissionSet, &premissionSetResponse); err != nil { - log.Info(r.Context(), err) - } + var permissionSetResponse domain.PermissionSetResponse + permissionSetResponse.Dashboard = convertModelToPermissionResponse(r.Context(), permissionSet.Dashboard) + permissionSetResponse.Stack = convertModelToPermissionResponse(r.Context(), permissionSet.Stack) + permissionSetResponse.Policy = convertModelToPermissionResponse(r.Context(), permissionSet.Policy) + permissionSetResponse.ProjectManagement = convertModelToPermissionResponse(r.Context(), permissionSet.ProjectManagement) + permissionSetResponse.Notification = convertModelToPermissionResponse(r.Context(), permissionSet.Notification) + permissionSetResponse.Configuration = convertModelToPermissionResponse(r.Context(), permissionSet.Configuration) var out domain.GetPermissionsByRoleIdResponse - out.Permissions = append(out.Permissions, premissionSetResponse.Dashboard) - out.Permissions = append(out.Permissions, premissionSetResponse.Stack) - out.Permissions = append(out.Permissions, premissionSetResponse.SecurityPolicy) - out.Permissions = append(out.Permissions, premissionSetResponse.ProjectManagement) - out.Permissions = append(out.Permissions, premissionSetResponse.Notification) - out.Permissions = append(out.Permissions, premissionSetResponse.Configuration) + out.Permissions = &permissionSetResponse ResponseJSON(w, r, http.StatusOK, out) } +func convertModelToPermissionResponse(ctx context.Context, permission *model.Permission) *domain.PermissionResponse { + var permissionResponse domain.PermissionResponse + + permissionResponse.ID = permission.ID + permissionResponse.Key = permission.Key + permissionResponse.Name = permission.Name + if permission.IsAllowed != nil { + permissionResponse.IsAllowed = permission.IsAllowed + } + + for _, endpoint := range permission.Endpoints { + permissionResponse.Endpoints = append(permissionResponse.Endpoints, convertModelToEndpointResponse(ctx, endpoint)) + } + + for _, child := range permission.Children { + permissionResponse.Children = append(permissionResponse.Children, convertModelToPermissionResponse(ctx, child)) + } + + return &permissionResponse +} + +func convertModelToEndpointResponse(ctx context.Context, endpoint *model.Endpoint) *domain.EndpointResponse { + var endpointResponse domain.EndpointResponse + + endpointResponse.Name = endpoint.Name + endpointResponse.Group = endpoint.Group + + return &endpointResponse +} + // UpdatePermissionsByRoleId godoc // // @Tags Permission @@ -124,9 +243,8 @@ func (h PermissionHandler) UpdatePermissionsByRoleId(w http.ResponseWriter, r *h for _, permissionResponse := range input.Permissions { var permission model.Permission - if err := serializer.Map(r.Context(), permissionResponse, &permission); err != nil { - log.Info(r.Context(), err) - } + permission.ID = permissionResponse.ID + permission.IsAllowed = permissionResponse.IsAllowed if err := h.permissionUsecase.UpdatePermission(r.Context(), &permission); err != nil { ErrorJSON(w, r, httpErrors.NewInternalServerError(err, "", "")) diff --git a/internal/model/permission.go b/internal/model/permission.go index 746b1257..87e06b6e 100644 --- a/internal/model/permission.go +++ b/internal/model/permission.go @@ -10,12 +10,42 @@ import ( type PermissionKind string const ( - DashBoardPermission PermissionKind = "대시보드" - StackPermission PermissionKind = "스택" - SecurityPolicyPermission PermissionKind = "정책" - ProjectManagementPermission PermissionKind = "프로젝트" - NotificationPermission PermissionKind = "알림" - ConfigurationPermission PermissionKind = "설정" + DashBoardPermission PermissionKind = "대시보드" + StackPermission PermissionKind = "스택" + PolicyPermission PermissionKind = "정책" + ProjectPermission PermissionKind = "프로젝트" + NotificationPermission PermissionKind = "알림" + ConfigurationPermission PermissionKind = "설정" + + OperationRead = "READ" + OperationCreate = "CREATE" + OperationUpdate = "UPDATE" + OperationDelete = "DELETE" + OperationDownload = "DOWNLOAD" + + // Key + TopDashboardKey = "DASHBOARD" + MiddleDashboardKey = "DASHBOARD-DASHBOARD" + TopStackKey = "STACK" + MiddleStackKey = "STACK-STACK" + TopPolicyKey = "POLICY" + MiddlePolicyKey = "POLICY-POLICY" + TopNotificationKey = "NOTIFICATION" + MiddleNotificationKey = "NOTIFICATION-SYSTEM_NOTIFICATION" + MiddlePolicyNotificationKey = "NOTIFICATION-POLICY_NOTIFICATION" + TopProjectKey = "PROJECT" + MiddleProjectKey = "PROJECT-PROJECT_LIST" + MiddleProjectCommonConfigurationKey = "PROJECT-PROJECT_COMMON_CONFIGURATION" + MiddleProjectMemberConfigurationKey = "PROJECT-PROJECT_MEMBER_CONFIGURATION" + MiddleProjectNamespaceKey = "PROJECT-PROJECT_NAMESPACE" + MiddleProjectAppServeKey = "PROJECT-PROJECT_APP_SERVE" + TopConfigurationKey = "CONFIGURATION" + MiddleConfigurationKey = "CONFIGURATION-CONFIGURATION" + MiddleConfigurationCloudAccountKey = "CONFIGURATION-CLOUD_ACCOUNT" + MiddleConfigurationProjectKey = "CONFIGURATION-PROJECT" + MiddleConfigurationUserKey = "CONFIGURATION-USER" + MiddleConfigurationRoleKey = "CONFIGURATION-ROLE" + MiddleConfigurationSystemNotificationKey = "CONFIGURATION-SYSTEM_NOTIFICATION" ) type Permission struct { @@ -23,6 +53,7 @@ type Permission struct { ID uuid.UUID `gorm:"primarykey;type:uuid;" json:"ID"` Name string `json:"name"` + Key string `gorm:"type:text;" json:"key,omitempty"` IsAllowed *bool `gorm:"type:boolean;" json:"is_allowed,omitempty"` RoleID *string `json:"role_id,omitempty"` @@ -38,7 +69,7 @@ type Permission struct { type PermissionSet struct { Dashboard *Permission `gorm:"-:all" json:"dashboard,omitempty"` Stack *Permission `gorm:"-:all" json:"stack,omitempty"` - SecurityPolicy *Permission `gorm:"-:all" json:"security_policy,omitempty"` + Policy *Permission `gorm:"-:all" json:"policy,omitempty"` ProjectManagement *Permission `gorm:"-:all" json:"project_management,omitempty"` Notification *Permission `gorm:"-:all" json:"notification,omitempty"` Configuration *Permission `gorm:"-:all" json:"configuration,omitempty"` @@ -50,11 +81,12 @@ func NewDefaultPermissionSet() *PermissionSet { return &PermissionSet{ Dashboard: newDashboard(), Stack: newStack(), - SecurityPolicy: newSecurityPolicy(), - ProjectManagement: newProjectManagement(), + Policy: newPolicy(), + ProjectManagement: newProject(), Notification: newNotification(), Configuration: newConfiguration(), Common: newCommon(), + Admin: nil, } } @@ -63,8 +95,8 @@ func NewAdminPermissionSet() *PermissionSet { Admin: newAdmin(), Dashboard: newDashboard(), Stack: newStack(), - SecurityPolicy: newSecurityPolicy(), - ProjectManagement: newProjectManagement(), + Policy: newPolicy(), + ProjectManagement: newProject(), Notification: newNotification(), Configuration: newConfiguration(), Common: newCommon(), @@ -101,14 +133,17 @@ func newDashboard() *Permission { dashboard := &Permission{ ID: uuid.New(), Name: string(DashBoardPermission), + Key: TopDashboardKey, Children: []*Permission{ { ID: uuid.New(), Name: "대시보드", + Key: MiddleDashboardKey, Children: []*Permission{ { ID: uuid.New(), Name: "조회", + Key: OperationRead, IsAllowed: helper.BoolP(false), Endpoints: endpointObjects( api.GetChartsDashboard, @@ -120,6 +155,7 @@ func newDashboard() *Permission { { ID: uuid.New(), Name: "수정", + Key: OperationUpdate, IsAllowed: helper.BoolP(false), }, }, @@ -134,14 +170,17 @@ func newStack() *Permission { stack := &Permission{ ID: uuid.New(), Name: string(StackPermission), + Key: TopStackKey, Children: []*Permission{ { ID: uuid.New(), Name: "스택", + Key: MiddleStackKey, Children: []*Permission{ { ID: uuid.New(), Name: "조회", + Key: OperationRead, IsAllowed: helper.BoolP(false), Endpoints: endpointObjects( api.GetStacks, @@ -169,6 +208,7 @@ func newStack() *Permission { { ID: uuid.New(), Name: "생성", + Key: OperationCreate, IsAllowed: helper.BoolP(false), Endpoints: endpointObjects( api.CreateStack, @@ -189,6 +229,7 @@ func newStack() *Permission { { ID: uuid.New(), Name: "수정", + Key: OperationUpdate, IsAllowed: helper.BoolP(false), Endpoints: endpointObjects( api.UpdateStack, @@ -197,6 +238,7 @@ func newStack() *Permission { { ID: uuid.New(), Name: "삭제", + Key: OperationDelete, IsAllowed: helper.BoolP(false), Endpoints: endpointObjects( api.DeleteStack, @@ -216,18 +258,21 @@ func newStack() *Permission { return stack } -func newSecurityPolicy() *Permission { - security_policy := &Permission{ +func newPolicy() *Permission { + policy := &Permission{ ID: uuid.New(), - Name: string(SecurityPolicyPermission), + Name: string(PolicyPermission), + Key: TopPolicyKey, Children: []*Permission{ { ID: uuid.New(), Name: "정책", + Key: MiddlePolicyKey, Children: []*Permission{ { ID: uuid.New(), Name: "조회", + Key: OperationRead, IsAllowed: helper.BoolP(false), Endpoints: endpointObjects( // PolicyTemplate @@ -268,6 +313,7 @@ func newSecurityPolicy() *Permission { { ID: uuid.New(), Name: "생성", + Key: OperationCreate, IsAllowed: helper.BoolP(false), Endpoints: endpointObjects( // PolicyTemplate @@ -286,6 +332,7 @@ func newSecurityPolicy() *Permission { { ID: uuid.New(), Name: "수정", + Key: OperationUpdate, IsAllowed: helper.BoolP(false), Endpoints: endpointObjects( // PolicyTemplate @@ -308,6 +355,7 @@ func newSecurityPolicy() *Permission { { ID: uuid.New(), Name: "삭제", + Key: OperationDelete, IsAllowed: helper.BoolP(false), Endpoints: endpointObjects( // PolicyTemplate @@ -330,21 +378,24 @@ func newSecurityPolicy() *Permission { }, } - return security_policy + return policy } func newNotification() *Permission { notification := &Permission{ ID: uuid.New(), Name: string(NotificationPermission), + Key: TopNotificationKey, Children: []*Permission{ { ID: uuid.New(), Name: "시스템 알림", + Key: MiddleNotificationKey, Children: []*Permission{ { ID: uuid.New(), Name: "조회", + Key: OperationRead, IsAllowed: helper.BoolP(false), Endpoints: endpointObjects( api.GetSystemNotification, @@ -354,6 +405,7 @@ func newNotification() *Permission { { ID: uuid.New(), Name: "수정", + Key: OperationUpdate, IsAllowed: helper.BoolP(false), Endpoints: endpointObjects( api.UpdateSystemNotification, @@ -363,6 +415,7 @@ func newNotification() *Permission { { ID: uuid.New(), Name: "다운로드", + Key: OperationDownload, IsAllowed: helper.BoolP(false), Children: []*Permission{}, }, @@ -371,16 +424,19 @@ func newNotification() *Permission { { ID: uuid.New(), Name: "정책 알림", + Key: MiddlePolicyNotificationKey, Children: []*Permission{ { ID: uuid.New(), Name: "조회", + Key: OperationRead, IsAllowed: helper.BoolP(false), Children: []*Permission{}, }, { ID: uuid.New(), Name: "다운로드", + Key: OperationDownload, IsAllowed: helper.BoolP(false), Children: []*Permission{}, }, @@ -392,18 +448,21 @@ func newNotification() *Permission { return notification } -func newProjectManagement() *Permission { - projectManagement := &Permission{ +func newProject() *Permission { + project := &Permission{ ID: uuid.New(), - Name: string(ProjectManagementPermission), + Name: string(ProjectPermission), + Key: TopProjectKey, Children: []*Permission{ { ID: uuid.New(), - Name: "프로젝트", + Name: "프로젝트 목록", + Key: MiddleProjectKey, Children: []*Permission{ { ID: uuid.New(), Name: "조회", + Key: OperationRead, IsAllowed: helper.BoolP(false), Endpoints: endpointObjects( api.GetProjects, @@ -414,6 +473,7 @@ func newProjectManagement() *Permission { { ID: uuid.New(), Name: "생성", + Key: OperationCreate, IsAllowed: helper.BoolP(false), Endpoints: endpointObjects( api.CreateProject, @@ -422,6 +482,7 @@ func newProjectManagement() *Permission { { ID: uuid.New(), Name: "수정", + Key: OperationUpdate, IsAllowed: helper.BoolP(false), Endpoints: endpointObjects( api.UpdateProject, @@ -430,6 +491,7 @@ func newProjectManagement() *Permission { { ID: uuid.New(), Name: "삭제", + Key: OperationDelete, IsAllowed: helper.BoolP(false), Endpoints: endpointObjects( api.DeleteProject, @@ -440,10 +502,12 @@ func newProjectManagement() *Permission { { ID: uuid.New(), Name: "일반 설정", + Key: MiddleProjectCommonConfigurationKey, Children: []*Permission{ { ID: uuid.New(), Name: "조회", + Key: OperationRead, IsAllowed: helper.BoolP(false), Endpoints: endpointObjects( api.GetProjects, @@ -456,6 +520,7 @@ func newProjectManagement() *Permission { { ID: uuid.New(), Name: "수정", + Key: OperationUpdate, IsAllowed: helper.BoolP(false), Endpoints: endpointObjects( api.UpdateProject, @@ -466,10 +531,12 @@ func newProjectManagement() *Permission { { ID: uuid.New(), Name: "구성원 설정", + Key: MiddleProjectMemberConfigurationKey, Children: []*Permission{ { ID: uuid.New(), Name: "조회", + Key: OperationRead, IsAllowed: helper.BoolP(false), Endpoints: endpointObjects( api.GetProjectMembers, @@ -481,6 +548,7 @@ func newProjectManagement() *Permission { { ID: uuid.New(), Name: "생성", + Key: OperationCreate, IsAllowed: helper.BoolP(false), Endpoints: endpointObjects( api.AddProjectMember, @@ -489,6 +557,7 @@ func newProjectManagement() *Permission { { ID: uuid.New(), Name: "수정", + Key: OperationUpdate, IsAllowed: helper.BoolP(false), Endpoints: endpointObjects( api.UpdateProjectMemberRole, @@ -497,6 +566,7 @@ func newProjectManagement() *Permission { { ID: uuid.New(), Name: "삭제", + Key: OperationDelete, IsAllowed: helper.BoolP(false), Endpoints: endpointObjects( api.RemoveProjectMember, @@ -507,10 +577,12 @@ func newProjectManagement() *Permission { { ID: uuid.New(), Name: "네임스페이스", + Key: MiddleProjectNamespaceKey, Children: []*Permission{ { ID: uuid.New(), Name: "조회", + Key: OperationRead, IsAllowed: helper.BoolP(false), Endpoints: endpointObjects( api.GetProjectNamespaces, @@ -521,6 +593,7 @@ func newProjectManagement() *Permission { { ID: uuid.New(), Name: "생성", + Key: OperationCreate, IsAllowed: helper.BoolP(false), Endpoints: endpointObjects( api.CreateProjectNamespace, @@ -529,6 +602,7 @@ func newProjectManagement() *Permission { { ID: uuid.New(), Name: "수정", + Key: OperationUpdate, IsAllowed: helper.BoolP(false), Endpoints: endpointObjects( api.UpdateProjectNamespace, @@ -537,6 +611,7 @@ func newProjectManagement() *Permission { { ID: uuid.New(), Name: "삭제", + Key: OperationDelete, IsAllowed: helper.BoolP(false), Endpoints: endpointObjects( api.DeleteProjectNamespace, @@ -547,10 +622,12 @@ func newProjectManagement() *Permission { { ID: uuid.New(), Name: "앱 서빙", + Key: MiddleProjectAppServeKey, Children: []*Permission{ { ID: uuid.New(), Name: "조회", + Key: OperationRead, IsAllowed: helper.BoolP(false), Endpoints: endpointObjects( api.GetAppServeApps, @@ -566,6 +643,7 @@ func newProjectManagement() *Permission { { ID: uuid.New(), Name: "생성", + Key: OperationCreate, IsAllowed: helper.BoolP(false), Endpoints: endpointObjects( api.CreateAppServeApp, @@ -580,6 +658,7 @@ func newProjectManagement() *Permission { { ID: uuid.New(), Name: "수정", + Key: OperationUpdate, IsAllowed: helper.BoolP(false), Endpoints: endpointObjects( api.CreateAppServeApp, @@ -594,6 +673,7 @@ func newProjectManagement() *Permission { { ID: uuid.New(), Name: "삭제", + Key: OperationDelete, IsAllowed: helper.BoolP(false), Endpoints: endpointObjects( api.DeleteAppServeApp, @@ -604,26 +684,30 @@ func newProjectManagement() *Permission { }, } - return projectManagement + return project } func newConfiguration() *Permission { configuration := &Permission{ ID: uuid.New(), Name: string(ConfigurationPermission), + Key: TopConfigurationKey, Children: []*Permission{ { ID: uuid.New(), Name: "일반", + Key: MiddleConfigurationKey, Children: []*Permission{ { ID: uuid.New(), Name: "조회", + Key: OperationRead, IsAllowed: helper.BoolP(false), }, { ID: uuid.New(), Name: "수정", + Key: OperationUpdate, IsAllowed: helper.BoolP(false), }, }, @@ -631,10 +715,12 @@ func newConfiguration() *Permission { { ID: uuid.New(), Name: "클라우드 계정", + Key: MiddleConfigurationCloudAccountKey, Children: []*Permission{ { ID: uuid.New(), Name: "조회", + Key: OperationRead, IsAllowed: helper.BoolP(false), Endpoints: endpointObjects( api.GetCloudAccounts, @@ -647,6 +733,7 @@ func newConfiguration() *Permission { { ID: uuid.New(), Name: "생성", + Key: OperationCreate, IsAllowed: helper.BoolP(false), Endpoints: endpointObjects( api.CreateCloudAccount, @@ -655,6 +742,7 @@ func newConfiguration() *Permission { { ID: uuid.New(), Name: "수정", + Key: OperationUpdate, IsAllowed: helper.BoolP(false), Endpoints: endpointObjects( api.UpdateCloudAccount, @@ -663,6 +751,7 @@ func newConfiguration() *Permission { { ID: uuid.New(), Name: "삭제", + Key: OperationDelete, IsAllowed: helper.BoolP(false), Endpoints: endpointObjects( api.DeleteCloudAccount, @@ -674,15 +763,18 @@ func newConfiguration() *Permission { { ID: uuid.New(), Name: "프로젝트", + Key: MiddleConfigurationProjectKey, Children: []*Permission{ { ID: uuid.New(), Name: "조회", + Key: OperationRead, IsAllowed: helper.BoolP(false), }, { ID: uuid.New(), Name: "생성", + Key: OperationCreate, IsAllowed: helper.BoolP(false), }, }, @@ -690,10 +782,12 @@ func newConfiguration() *Permission { { ID: uuid.New(), Name: "사용자", + Key: MiddleConfigurationUserKey, Children: []*Permission{ { ID: uuid.New(), Name: "조회", + Key: OperationRead, IsAllowed: helper.BoolP(false), Endpoints: endpointObjects( api.ListUser, @@ -705,6 +799,7 @@ func newConfiguration() *Permission { { ID: uuid.New(), Name: "생성", + Key: OperationCreate, IsAllowed: helper.BoolP(false), Endpoints: endpointObjects( api.CreateUser, @@ -715,6 +810,7 @@ func newConfiguration() *Permission { { ID: uuid.New(), Name: "수정", + Key: OperationUpdate, IsAllowed: helper.BoolP(false), Endpoints: endpointObjects( api.UpdateUser, @@ -724,6 +820,7 @@ func newConfiguration() *Permission { { ID: uuid.New(), Name: "삭제", + Key: OperationDelete, IsAllowed: helper.BoolP(false), Endpoints: endpointObjects( api.DeleteUser, @@ -734,10 +831,12 @@ func newConfiguration() *Permission { { ID: uuid.New(), Name: "역할 및 권한", + Key: MiddleConfigurationRoleKey, Children: []*Permission{ { ID: uuid.New(), Name: "조회", + Key: OperationRead, IsAllowed: helper.BoolP(false), Endpoints: endpointObjects( api.ListTksRoles, @@ -749,6 +848,7 @@ func newConfiguration() *Permission { { ID: uuid.New(), Name: "생성", + Key: OperationCreate, IsAllowed: helper.BoolP(false), Endpoints: endpointObjects( api.CreateTksRole, @@ -757,6 +857,7 @@ func newConfiguration() *Permission { { ID: uuid.New(), Name: "수정", + Key: OperationUpdate, IsAllowed: helper.BoolP(false), Endpoints: endpointObjects( api.UpdateTksRole, @@ -766,6 +867,7 @@ func newConfiguration() *Permission { { ID: uuid.New(), Name: "삭제", + Key: OperationDelete, IsAllowed: helper.BoolP(false), Endpoints: endpointObjects( api.DeleteTksRole, @@ -776,10 +878,12 @@ func newConfiguration() *Permission { { ID: uuid.New(), Name: "시스템 알림", + Key: MiddleConfigurationSystemNotificationKey, Children: []*Permission{ { ID: uuid.New(), Name: "조회", + Key: OperationRead, IsAllowed: helper.BoolP(false), Endpoints: endpointObjects( api.GetSystemNotificationRules, @@ -789,6 +893,7 @@ func newConfiguration() *Permission { { ID: uuid.New(), Name: "생성", + Key: OperationCreate, IsAllowed: helper.BoolP(false), Endpoints: endpointObjects( api.CreateSystemNotificationRule, @@ -797,6 +902,7 @@ func newConfiguration() *Permission { { ID: uuid.New(), Name: "수정", + Key: OperationUpdate, IsAllowed: helper.BoolP(false), Endpoints: endpointObjects( api.UpdateSystemNotificationRule, @@ -805,6 +911,7 @@ func newConfiguration() *Permission { { ID: uuid.New(), Name: "삭제", + Key: OperationDelete, IsAllowed: helper.BoolP(false), Endpoints: endpointObjects( api.DeleteSystemNotificationRule, @@ -926,7 +1033,7 @@ func (p *PermissionSet) SetAllowedPermissionSet() { edgePermissions := make([]*Permission, 0) edgePermissions = append(edgePermissions, GetEdgePermission(p.Dashboard, edgePermissions, nil)...) edgePermissions = append(edgePermissions, GetEdgePermission(p.Stack, edgePermissions, nil)...) - edgePermissions = append(edgePermissions, GetEdgePermission(p.SecurityPolicy, edgePermissions, nil)...) + edgePermissions = append(edgePermissions, GetEdgePermission(p.Policy, edgePermissions, nil)...) edgePermissions = append(edgePermissions, GetEdgePermission(p.ProjectManagement, edgePermissions, nil)...) edgePermissions = append(edgePermissions, GetEdgePermission(p.Notification, edgePermissions, nil)...) edgePermissions = append(edgePermissions, GetEdgePermission(p.Configuration, edgePermissions, nil)...) @@ -943,7 +1050,7 @@ func (p *PermissionSet) SetUserPermissionSet() { edgePermissions := make([]*Permission, 0) edgePermissions = append(edgePermissions, GetEdgePermission(p.Dashboard, edgePermissions, nil)...) edgePermissions = append(edgePermissions, GetEdgePermission(p.Stack, edgePermissions, &f)...) - edgePermissions = append(edgePermissions, GetEdgePermission(p.SecurityPolicy, edgePermissions, &f)...) + edgePermissions = append(edgePermissions, GetEdgePermission(p.Policy, edgePermissions, &f)...) edgePermissions = append(edgePermissions, GetEdgePermission(p.ProjectManagement, edgePermissions, &f)...) edgePermissions = append(edgePermissions, GetEdgePermission(p.Notification, edgePermissions, &f)...) //edgePermissions = append(edgePermissions, GetEdgePermission(p.Configuration, edgePermissions, &f)...) @@ -956,7 +1063,7 @@ func (p *PermissionSet) SetUserPermissionSet() { func (p *PermissionSet) SetRoleId(roleId string) { setRoleIdToPermission(p.Dashboard, roleId) setRoleIdToPermission(p.Stack, roleId) - setRoleIdToPermission(p.SecurityPolicy, roleId) + setRoleIdToPermission(p.Policy, roleId) setRoleIdToPermission(p.ProjectManagement, roleId) setRoleIdToPermission(p.Notification, roleId) setRoleIdToPermission(p.Configuration, roleId) diff --git a/internal/route/route.go b/internal/route/route.go index bb00ba3b..acaf2a65 100644 --- a/internal/route/route.go +++ b/internal/route/route.go @@ -291,6 +291,7 @@ func SetupRouter(db *gorm.DB, argoClient argowf.ArgoClient, kc keycloak.IKeycloa r.Handle(API_PREFIX+API_VERSION+"/permissions/templates", customMiddleware.Handle(internalApi.GetPermissionTemplates, http.HandlerFunc(permissionHandler.GetPermissionTemplates))).Methods(http.MethodGet) r.Handle(API_PREFIX+API_VERSION+"/organizations/{organizationId}/roles/{roleId}/permissions", customMiddleware.Handle(internalApi.GetPermissionsByRoleId, http.HandlerFunc(permissionHandler.GetPermissionsByRoleId))).Methods(http.MethodGet) r.Handle(API_PREFIX+API_VERSION+"/organizations/{organizationId}/roles/{roleId}/permissions", customMiddleware.Handle(internalApi.UpdatePermissionsByRoleId, http.HandlerFunc(permissionHandler.UpdatePermissionsByRoleId))).Methods(http.MethodPut) + r.Handle(API_PREFIX+API_VERSION+"/organizations/{organizationId}/users/{accountId}/permissions", customMiddleware.Handle(internalApi.GetPermissionsByAccountId, http.HandlerFunc(permissionHandler.GetPermissionsByAccountId))).Methods(http.MethodGet) policyTemplateHandler := delivery.NewPolicyTemplateHandler(usecaseFactory) r.Handle(API_PREFIX+API_VERSION+ADMINAPI_PREFIX+"/policy-templates", customMiddleware.Handle(internalApi.ListPolicyTemplate, http.HandlerFunc(policyTemplateHandler.ListPolicyTemplate))).Methods(http.MethodGet) diff --git a/internal/usecase/permission.go b/internal/usecase/permission.go index 32b6bf0d..7db6be5d 100644 --- a/internal/usecase/permission.go +++ b/internal/usecase/permission.go @@ -15,6 +15,7 @@ type IPermissionUsecase interface { GetAllowedPermissionSet(ctx context.Context) *model.PermissionSet GetUserPermissionSet(ctx context.Context) *model.PermissionSet UpdatePermission(ctx context.Context, permission *model.Permission) error + MergePermissionWithOrOperator(ctx context.Context, permissionSet ...*model.PermissionSet) *model.PermissionSet } type PermissionUsecase struct { @@ -35,7 +36,7 @@ func (p PermissionUsecase) CreatePermissionSet(ctx context.Context, permissionSe if err = p.repo.Create(ctx, permissionSet.Stack); err != nil { return err } - if err = p.repo.Create(ctx, permissionSet.SecurityPolicy); err != nil { + if err = p.repo.Create(ctx, permissionSet.Policy); err != nil { return err } if err = p.repo.Create(ctx, permissionSet.ProjectManagement); err != nil { @@ -54,7 +55,7 @@ func (p PermissionUsecase) GetPermissionSetByRoleId(ctx context.Context, roleId permissionSet := &model.PermissionSet{ Dashboard: nil, Stack: nil, - SecurityPolicy: nil, + Policy: nil, ProjectManagement: nil, Notification: nil, Configuration: nil, @@ -70,9 +71,9 @@ func (p PermissionUsecase) GetPermissionSetByRoleId(ctx context.Context, roleId permissionSet.Dashboard = permission case string(model.StackPermission): permissionSet.Stack = permission - case string(model.SecurityPolicyPermission): - permissionSet.SecurityPolicy = permission - case string(model.ProjectManagementPermission): + case string(model.PolicyPermission): + permissionSet.Policy = permission + case string(model.ProjectPermission): permissionSet.ProjectManagement = permission case string(model.NotificationPermission): permissionSet.Notification = permission @@ -115,3 +116,36 @@ func (p PermissionUsecase) GetUserPermissionSet(ctx context.Context) *model.Perm permissionSet.SetUserPermissionSet() return permissionSet } + +func (p PermissionUsecase) MergePermissionWithOrOperator(ctx context.Context, permissionSet ...*model.PermissionSet) *model.PermissionSet { + var out *model.PermissionSet + for i, ps := range permissionSet { + if i == 0 { + out = ps + continue + } + + out.Dashboard = p.mergePermission(out.Dashboard, ps.Dashboard) + out.Stack = p.mergePermission(out.Stack, ps.Stack) + out.Policy = p.mergePermission(out.Policy, ps.Policy) + out.ProjectManagement = p.mergePermission(out.ProjectManagement, ps.ProjectManagement) + out.Notification = p.mergePermission(out.Notification, ps.Notification) + out.Configuration = p.mergePermission(out.Configuration, ps.Configuration) + } + + return out +} + +func (p PermissionUsecase) mergePermission(mergedPermission, permission *model.Permission) *model.Permission { + var mergedEdgePermissions []*model.Permission + mergedEdgePermissions = model.GetEdgePermission(mergedPermission, mergedEdgePermissions, nil) + + var rightEdgePermissions []*model.Permission + rightEdgePermissions = model.GetEdgePermission(permission, rightEdgePermissions, nil) + + for i, rightEdgePermission := range rightEdgePermissions { + *(mergedEdgePermissions[i].IsAllowed) = *(mergedEdgePermissions[i].IsAllowed) || *(rightEdgePermission.IsAllowed) + } + + return mergedPermission +} diff --git a/pkg/domain/permission.go b/pkg/domain/permission.go index 8be227a2..d9e83240 100644 --- a/pkg/domain/permission.go +++ b/pkg/domain/permission.go @@ -4,31 +4,67 @@ import ( "github.com/google/uuid" ) -type PermissionResponse struct { - ID uuid.UUID `json:"ID"` - Name string `json:"name"` - IsAllowed *bool `json:"is_allowed,omitempty"` - Endpoints []*EndpointResponse `json:"endpoints,omitempty"` - Children []*PermissionResponse `json:"children,omitempty"` +type GetPermissionTemplatesResponse struct { + Permissions *PermissionTemplateResponse `json:"permissions"` +} + +type PermissionTemplateResponse struct { + Dashboard *TemplateResponse `json:"dashboard,omitempty"` + Stack *TemplateResponse `json:"stack,omitempty"` + Policy *TemplateResponse `json:"policy,omitempty"` + ProjectManagement *TemplateResponse `json:"project_management,omitempty"` + Notification *TemplateResponse `json:"notification,omitempty"` + Configuration *TemplateResponse `json:"configuration,omitempty"` +} + +type TemplateResponse struct { + Name string `json:"name"` + Key string `json:"key"` + IsAllowed *bool `json:"is_allowed,omitempty"` + Children []*TemplateResponse `json:"children,omitempty"` +} + +type GetPermissionsByRoleIdResponse struct { + Permissions *PermissionSetResponse `json:"permissions"` } type PermissionSetResponse struct { Dashboard *PermissionResponse `json:"dashboard,omitempty"` Stack *PermissionResponse `json:"stack,omitempty"` - SecurityPolicy *PermissionResponse `json:"security_policy,omitempty"` + Policy *PermissionResponse `json:"policy,omitempty"` ProjectManagement *PermissionResponse `json:"project_management,omitempty"` Notification *PermissionResponse `json:"notification,omitempty"` Configuration *PermissionResponse `json:"configuration,omitempty"` } -type GetPermissionTemplatesResponse struct { - Permissions []*PermissionResponse `json:"permissions"` +type PermissionResponse struct { + ID uuid.UUID `json:"ID"` + Name string `json:"name"` + Key string `json:"key"` + IsAllowed *bool `json:"is_allowed,omitempty"` + Endpoints []*EndpointResponse `json:"endpoints,omitempty"` + Children []*PermissionResponse `json:"children,omitempty"` } -type GetPermissionsByRoleIdResponse struct { +type UpdatePermissionsByRoleIdRequest struct { Permissions []*PermissionResponse `json:"permissions"` } -type UpdatePermissionsByRoleIdRequest struct { - Permissions []*PermissionResponse `json:"permissions"` +type GetUsersPermissionsResponse struct { + Permissions *MergedPermissionSetResponse `json:"permissions"` +} + +type MergedPermissionSetResponse struct { + Dashboard *MergePermissionResponse `json:"dashboard,omitempty"` + Stack *MergePermissionResponse `json:"stack,omitempty"` + Policy *MergePermissionResponse `json:"policy,omitempty"` + ProjectManagement *MergePermissionResponse `json:"project_management,omitempty"` + Notification *MergePermissionResponse `json:"notification,omitempty"` + Configuration *MergePermissionResponse `json:"configuration,omitempty"` +} + +type MergePermissionResponse struct { + Key string `json:"key"` + IsAllowed *bool `json:"is_allowed,omitempty"` + Children []*MergePermissionResponse `json:"children,omitempty"` } From 05aaf0cbd1c67952d780a0d32eac402f4a1872a5 Mon Sep 17 00:00:00 2001 From: donggyu Date: Fri, 22 Mar 2024 17:43:27 +0900 Subject: [PATCH 3/5] lint fix --- internal/usecase/organization.go | 1 - 1 file changed, 1 deletion(-) diff --git a/internal/usecase/organization.go b/internal/usecase/organization.go index ff7c59d0..9fa70a56 100644 --- a/internal/usecase/organization.go +++ b/internal/usecase/organization.go @@ -35,7 +35,6 @@ type OrganizationUsecase struct { roleRepo repository.IRoleRepository clusterRepo repository.IClusterRepository stackTemplateRepo repository.IStackTemplateRepository - policyTemplateRepo repository.IPolicyTemplateRepository systemNotificationTemplateRepo repository.ISystemNotificationTemplateRepository argo argowf.ArgoClient kc keycloak.IKeycloak From 0d331e034e1cfececbd7ae100cd9a5dad50fd1db Mon Sep 17 00:00:00 2001 From: donggyu Date: Fri, 22 Mar 2024 17:45:42 +0900 Subject: [PATCH 4/5] trimming --- internal/delivery/api/endpoint.go | 1 - internal/delivery/api/generated_endpoints.go.go | 8 -------- 2 files changed, 9 deletions(-) diff --git a/internal/delivery/api/endpoint.go b/internal/delivery/api/endpoint.go index 81e11753..42c5d270 100644 --- a/internal/delivery/api/endpoint.go +++ b/internal/delivery/api/endpoint.go @@ -19,7 +19,6 @@ const ( VerifyIdentityForLostId VerifyIdentityForLostPassword VerifyToken - DeleteToken // User CreateUser diff --git a/internal/delivery/api/generated_endpoints.go.go b/internal/delivery/api/generated_endpoints.go.go index 4d5dccdb..df0278f0 100644 --- a/internal/delivery/api/generated_endpoints.go.go +++ b/internal/delivery/api/generated_endpoints.go.go @@ -35,10 +35,6 @@ var ApiMap = map[Endpoint]EndpointInfo{ Name: "VerifyToken", Group: "Auth", }, - DeleteToken: { - Name: "DeleteToken", - Group: "Auth", - }, CreateUser: { Name: "CreateUser", Group: "User", @@ -830,8 +826,6 @@ func (e Endpoint) String() string { return "VerifyIdentityForLostPassword" case VerifyToken: return "VerifyToken" - case DeleteToken: - return "DeleteToken" case CreateUser: return "CreateUser" case ListUser: @@ -1240,8 +1234,6 @@ func GetEndpoint(name string) Endpoint { return VerifyIdentityForLostPassword case "VerifyToken": return VerifyToken - case "DeleteToken": - return DeleteToken case "CreateUser": return CreateUser case "ListUser": From 47fff120c9c9188703e42383183085d3c02d9dde Mon Sep 17 00:00:00 2001 From: donggyu Date: Fri, 22 Mar 2024 17:57:13 +0900 Subject: [PATCH 5/5] minor fix. --- internal/delivery/http/permission.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/internal/delivery/http/permission.go b/internal/delivery/http/permission.go index 8ec9b7e9..04c8a947 100644 --- a/internal/delivery/http/permission.go +++ b/internal/delivery/http/permission.go @@ -15,6 +15,7 @@ type IPermissionHandler interface { GetPermissionTemplates(w http.ResponseWriter, r *http.Request) GetPermissionsByRoleId(w http.ResponseWriter, r *http.Request) UpdatePermissionsByRoleId(w http.ResponseWriter, r *http.Request) + GetPermissionsByAccountId(w http.ResponseWriter, r *http.Request) } type PermissionHandler struct { @@ -22,7 +23,7 @@ type PermissionHandler struct { userUsecase usecase.IUserUsecase } -func NewPermissionHandler(usecase usecase.Usecase) *PermissionHandler { +func NewPermissionHandler(usecase usecase.Usecase) IPermissionHandler { return &PermissionHandler{ permissionUsecase: usecase.Permission, userUsecase: usecase.User,