moul/sshportal
1
1
Fork 0
mirror of https://github.com/moul/sshportal.git synced 2025-01-06 07:32:01 +08:00
Code Issues Projects Releases Packages Wiki Activity

Add ACLs

Browse source
This commit is contained in:
Manfred Touron 2017-11-10 18:35:21 +01:00
parent 2f38f0c7b4
commit fbb596d8f7
1 changed files with 37 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

39
db.go
View file

@ -61,6 +61,7 @@ type UserGroup struct {
gorm.Model gorm.Model
Name string Name string
Users []User `gorm:"many2many:user_user_groups;"` Users []User `gorm:"many2many:user_user_groups;"`
ACLs []ACL `gorm:"many2many:user_group_acls;"`
Comment string Comment string
} }
@ -68,6 +69,17 @@ type HostGroup struct {
gorm.Model gorm.Model
Name string Name string
Hosts []Host `gorm:"many2many:host_host_groups;"` Hosts []Host `gorm:"many2many:host_host_groups;"`
ACLs []ACL `gorm:"many2many:host_group_acls;"`
Comment string
}
type ACL struct {
gorm.Model
HostGroups []HostGroup `gorm:"many2many:host_group_acls;"`
UserGroups []UserGroup `gorm:"many2many:user_group_acls;"`
HostPattern string
Action string
Weight uint
Comment string Comment string
} }
@ -78,6 +90,7 @@ func dbInit(db *gorm.DB) error {
db.AutoMigrate(&UserKey{}) db.AutoMigrate(&UserKey{})
db.AutoMigrate(&UserGroup{}) db.AutoMigrate(&UserGroup{})
db.AutoMigrate(&HostGroup{}) db.AutoMigrate(&HostGroup{})
db.AutoMigrate(&ACL{})
// FIXME: check if indexes exist to avoid gorm warns // FIXME: check if indexes exist to avoid gorm warns
db.Exec(`CREATE UNIQUE INDEX uix_keys_name ON "ssh_keys"("name") WHERE ("deleted_at" IS NULL)`) db.Exec(`CREATE UNIQUE INDEX uix_keys_name ON "ssh_keys"("name") WHERE ("deleted_at" IS NULL)`)
db.Exec(`CREATE UNIQUE INDEX uix_hosts_name ON "hosts"("name") WHERE ("deleted_at" IS NULL)`) db.Exec(`CREATE UNIQUE INDEX uix_hosts_name ON "hosts"("name") WHERE ("deleted_at" IS NULL)`)
@ -130,6 +143,28 @@ func dbInit(db *gorm.DB) error {
} }
} }
// create default acl
if err := db.Table("acls").Count(&count).Error; err != nil {
return err
}
if count == 0 {
var defaultUserGroup UserGroup
db.Where("name = ?", "default").First(&defaultUserGroup)
var defaultHostGroup HostGroup
db.Where("name = ?", "default").First(&defaultHostGroup)
acl := ACL{
UserGroups: []UserGroup{defaultUserGroup},
HostGroups: []HostGroup{defaultHostGroup},
Action: "allow",
//HostPattern: "",
//Weight: 0,
Comment: "created by sshportal",
}
if err := db.Create(&acl).Error; err != nil {
return err
}
}
// create admin user // create admin user
var defaultUserGroup UserGroup var defaultUserGroup UserGroup
db.Where("name = ?", "default").First(&defaultUserGroup) db.Where("name = ?", "default").First(&defaultUserGroup)
@ -275,7 +310,7 @@ func FindKeysByIdOrName(db *gorm.DB, queries []string) ([]*SSHKey, error) {
func FindHostGroupByIdOrName(db *gorm.DB, query string) (*HostGroup, error) { func FindHostGroupByIdOrName(db *gorm.DB, query string) (*HostGroup, error) {
var hostGroup HostGroup var hostGroup HostGroup
if err := db.Preload("Hosts").Where("id = ?", query).Or("name = ?", query).First(&hostGroup).Error; err != nil { if err := db.Preload("ACLs").Preload("Hosts").Where("id = ?", query).Or("name = ?", query).First(&hostGroup).Error; err != nil {
return nil, err return nil, err
} }
return &hostGroup, nil return &hostGroup, nil
@ -296,7 +331,7 @@ func FindHostGroupsByIdOrName(db *gorm.DB, queries []string) ([]*HostGroup, erro
func FindUserGroupByIdOrName(db *gorm.DB, query string) (*UserGroup, error) { func FindUserGroupByIdOrName(db *gorm.DB, query string) (*UserGroup, error) {
var userGroup UserGroup var userGroup UserGroup
if err := db.Preload("Users").Where("id = ?", query).Or("name = ?", query).First(&userGroup).Error; err != nil { if err := db.Preload("ACLs").Preload("Users").Where("id = ?", query).Or("name = ?", query).First(&userGroup).Error; err != nil {
return nil, err return nil, err
} }
return &userGroup, nil return &userGroup, nil