Skip to content

Commit

Permalink
feat: 用户表数据增加命名空间黑白名单数据权限字段信息 #186
Browse files Browse the repository at this point in the history
  • Loading branch information
heqingpan committed Dec 22, 2024
1 parent eb11bc9 commit 98e1847
Show file tree
Hide file tree
Showing 6 changed files with 136 additions and 4 deletions.
2 changes: 2 additions & 0 deletions src/common/model/mod.rs
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
pub mod privilege;

use std::{collections::HashMap, sync::Arc};

use serde::{Deserialize, Serialize};
Expand Down
94 changes: 94 additions & 0 deletions src/common/model/privilege.rs
Original file line number Diff line number Diff line change
@@ -0,0 +1,94 @@
use bitflags::bitflags;
use serde::{Deserialize, Serialize};
use std::collections::HashSet;

bitflags! {
/// Represents a set of flags.
#[derive(Debug, Clone, Copy, PartialEq, Eq, PartialOrd, Ord, Hash)]
pub struct PrivilegeGroupFlags: u8 {
/// The value `ENABLE`, at bit position `0`.
const ENABLE = 0b00000001;
/// The value `WHILE_LIST_IS_ALL`, at bit position `1`.
const WHILE_LIST_IS_ALL = 0b00000010;
/// The value `BLACK_LIST_IS_ALL`, at bit position `2`.
const BLACK_LIST_IS_ALL= 0b00000100;
}
}

///
/// 数据权限组
/// 支持分别设置黑白名单
#[derive(Clone, Serialize, Deserialize, Default)]
#[serde(rename_all = "camelCase")]
pub struct PrivilegeGroup<T>
where
T: Sized + std::hash::Hash + std::cmp::Eq,
{
pub enabled: bool,
pub white_list_is_all: bool,
pub whitelist: Option<HashSet<T>>,
pub black_list_is_all: bool,
pub blacklist: Option<HashSet<T>>,
}

impl<T> PrivilegeGroup<T>
where
T: Sized + std::hash::Hash + std::cmp::Eq,
{
pub fn new(
flags: u8,
whitelist: Option<HashSet<T>>,
blacklist: Option<HashSet<T>>,
) -> PrivilegeGroup<T> {
let enabled = flags & PrivilegeGroupFlags::ENABLE.bits() > 0;
let white_list_is_all = flags & PrivilegeGroupFlags::WHILE_LIST_IS_ALL.bits() > 0;
let black_list_is_all = flags & PrivilegeGroupFlags::BLACK_LIST_IS_ALL.bits() > 0;
Self {
enabled,
white_list_is_all,
black_list_is_all,
whitelist,
blacklist,
}
}

pub fn empty() -> Self {
Self {
enabled: true,
white_list_is_all: false,
whitelist: None,
black_list_is_all: false,
blacklist: None,
}
}

pub fn all() -> Self {
Self {
enabled: true,
white_list_is_all: true,
whitelist: None,
black_list_is_all: false,
blacklist: None,
}
}

pub fn get_flags(&self) -> u8 {
let mut v = 0;
if self.enabled {
v |= PrivilegeGroupFlags::ENABLE.bits();
}
if self.white_list_is_all {
v |= PrivilegeGroupFlags::WHILE_LIST_IS_ALL.bits();
}
if self.black_list_is_all {
v |= PrivilegeGroupFlags::BLACK_LIST_IS_ALL.bits();
}
v
}

pub fn set_flags(&mut self, flags: u8) {
self.enabled = flags & PrivilegeGroupFlags::ENABLE.bits() > 0;
self.white_list_is_all = flags & PrivilegeGroupFlags::WHILE_LIST_IS_ALL.bits() > 0;
self.black_list_is_all = flags & PrivilegeGroupFlags::BLACK_LIST_IS_ALL.bits() > 0;
}
}
3 changes: 3 additions & 0 deletions src/transfer/mysql/dao/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,9 @@ impl From<UserDO> for UserDo {
roles,
extend_info,
password_hash: v.password,
namespace_privilege_flags: None,
namespace_white_list: Default::default(),
namespace_black_list: Default::default(),
}
}
}
3 changes: 3 additions & 0 deletions src/transfer/sqlite/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,9 @@ impl From<UserDO> for UserDo {
roles,
extend_info,
password_hash: v.password_hash,
namespace_privilege_flags: None,
namespace_white_list: Default::default(),
namespace_black_list: Default::default(),
}
}
}
3 changes: 3 additions & 0 deletions src/user/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -234,6 +234,9 @@ impl Handler<UserManagerReq> for UserManager {
.collect(),
enable: true,
extend_info: user.extend_info.unwrap_or_default(),
namespace_privilege_flags: None,
namespace_white_list: Default::default(),
namespace_black_list: Default::default(),
};
let user_data = user_do.to_bytes();
let req = TableManagerReq::Set {
Expand Down
35 changes: 31 additions & 4 deletions src/user/model.rs
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
use std::{collections::HashMap, sync::Arc};

use serde::{Deserialize, Serialize};

use crate::common::model::privilege::{PrivilegeGroup, PrivilegeGroupFlags};
use crate::user::permission::UserRoleHelper;
use serde::{Deserialize, Serialize};
use std::collections::HashSet;
use std::{collections::HashMap, sync::Arc};

#[derive(Clone, prost::Message, Serialize, Deserialize)]
pub struct UserDo {
Expand All @@ -25,6 +25,12 @@ pub struct UserDo {
::std::collections::HashMap<::prost::alloc::string::String, ::prost::alloc::string::String>,
#[prost(string, optional, tag = "9")]
pub password_hash: Option<String>,
#[prost(uint32, optional, tag = "10")]
pub namespace_privilege_flags: Option<u32>,
#[prost(string, repeated, tag = "11")]
pub namespace_white_list: ::prost::alloc::vec::Vec<String>,
#[prost(string, repeated, tag = "12")]
pub namespace_black_list: ::prost::alloc::vec::Vec<String>,
}

impl UserDo {
Expand All @@ -51,6 +57,7 @@ pub struct UserDto {
pub enable: Option<bool>,
pub roles: Option<Vec<Arc<String>>>,
pub extend_info: Option<HashMap<String, String>>,
pub namespace_privilege: Option<PrivilegeGroup<Arc<String>>>,
}

impl From<UserDo> for UserDto {
Expand All @@ -59,6 +66,25 @@ impl From<UserDo> for UserDto {
for role in &value.roles {
roles.push(UserRoleHelper::get_role(role));
}
let namespace_privilege_flags = value.namespace_privilege_flags.unwrap_or_default() as u8;
let namespace_privilege =
if namespace_privilege_flags & PrivilegeGroupFlags::ENABLE.bits() > 0 {
let mut namespace_whitelist = HashSet::new();
for item in &value.namespace_white_list {
namespace_whitelist.insert(Arc::new(item.clone()));
}
let mut namespace_black_list = HashSet::new();
for item in &value.namespace_black_list {
namespace_black_list.insert(Arc::new(item.clone()));
}
Some(PrivilegeGroup::new(
value.namespace_privilege_flags.unwrap_or_default() as u8,
Some(namespace_whitelist),
Some(namespace_black_list),
))
} else {
Some(PrivilegeGroup::default())
};
Self {
username: Arc::new(value.username),
nickname: Some(value.nickname),
Expand All @@ -71,6 +97,7 @@ impl From<UserDo> for UserDto {
enable: Some(value.enable),
roles: Some(roles),
extend_info: Some(value.extend_info),
namespace_privilege,
}
}
}

0 comments on commit 98e1847

Please sign in to comment.