mirror of
https://github.com/kubevela/kubevela.git
synced 2026-05-16 06:16:52 +00:00
Feat: add RBAC support (#3493)
* Feat: add the rbac data model Signed-off-by: barnettZQG <barnett.zqg@gmail.com> * Feat: add some api about the project Signed-off-by: barnettZQG <barnett.zqg@gmail.com> * Feat: add CRUD about the project and the project user Signed-off-by: barnettZQG <barnett.zqg@gmail.com> * Feat: add CRUD about the role and perm check filter function Signed-off-by: barnettZQG <barnett.zqg@gmail.com> * Feat: update swagger config Signed-off-by: barnettZQG <barnett.zqg@gmail.com> * Feat: add default roles and perm policies Signed-off-by: barnettZQG <barnett.zqg@gmail.com> * Feat: add perm check filter for all webservice Signed-off-by: barnettZQG <barnett.zqg@gmail.com> * Feat: change the method that find project name Signed-off-by: barnettZQG <barnett.zqg@gmail.com> * Feat: query applications and envs by user perm Signed-off-by: barnettZQG <barnett.zqg@gmail.com> * Feat: support get login user info Signed-off-by: barnettZQG <barnett.zqg@gmail.com> * Fix: change default permissions Signed-off-by: barnettZQG <barnett.zqg@gmail.com> * Feat: change PermPolicy to Permission Signed-off-by: barnettZQG <barnett.zqg@gmail.com> * Feat: add some unit test and fix the e2e test error Signed-off-by: barnettZQG <barnett.zqg@gmail.com> * Fix: change some comment word Signed-off-by: barnettZQG <barnett.zqg@gmail.com> * Fix: e2e api path error Signed-off-by: barnettZQG <barnett.zqg@gmail.com>
This commit is contained in:
barnettZQG
GitHub
@@ -27,3 +27,21 @@ var ErrProjectNamespaceFail = NewBcode(400, 30003, "project bind namespace failu
|
||||
|
||||
// ErrProjectNamespaceIsExist the namespace belongs to the other project
|
||||
var ErrProjectNamespaceIsExist = NewBcode(400, 30004, "the namespace belongs to the other project")
|
||||
|
||||
// ErrProjectDenyDeleteByApplication the project can't be deleted as there are applications inside
|
||||
var ErrProjectDenyDeleteByApplication = NewBcode(400, 30005, "the project can't be deleted as there are applications inside")
|
||||
|
||||
// ErrProjectDenyDeleteByEnvironment the project can't be deleted because there are environments inside
|
||||
var ErrProjectDenyDeleteByEnvironment = NewBcode(400, 30006, "the project can't be deleted before you clean up all the environments inside")
|
||||
|
||||
// ErrProjectDenyDeleteByTarget the project can't be deleted as there are targets inside
|
||||
var ErrProjectDenyDeleteByTarget = NewBcode(400, 30007, "the project can't be deleted before you clean up all these targets inside")
|
||||
|
||||
// ErrProjectRoleCheckFailure means the specified role does't belong to this project or not exist
|
||||
var ErrProjectRoleCheckFailure = NewBcode(400, 30008, "the specified role does't belong to this project or not exist")
|
||||
|
||||
// ErrProjectUserExist means the user is already exist in this project
|
||||
var ErrProjectUserExist = NewBcode(400, 30009, "the user is already exist in this project")
|
||||
|
||||
// ErrProjectOwnerIsNotExist means the project owner name is invalid
|
||||
var ErrProjectOwnerIsNotExist = NewBcode(400, 30010, "the project owner name is invalid")
|
||||
|
||||
@@ -27,4 +27,6 @@ var (
|
||||
ErrUserCannotModified = NewBcode(400, 14004, "the user cannot be modified in dex login mode")
|
||||
// ErrUserInvalidPassword is the error of user invalid password
|
||||
ErrUserInvalidPassword = NewBcode(400, 14005, "the password is invalid")
|
||||
// ErrDexConfigNotFound means the dex config is not configured
|
||||
ErrDexConfigNotFound = NewBcode(200, 14006, "the dex config is not found")
|
||||
)
|
||||
|
||||
28
pkg/apiserver/rest/utils/bcode/015_rbac.go
Normal file
28
pkg/apiserver/rest/utils/bcode/015_rbac.go
Normal file
@@ -0,0 +1,28 @@
|
||||
/*
|
||||
Copyright 2022 The KubeVela Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package bcode
|
||||
|
||||
var (
|
||||
// ErrRolePermissionCheckFailure means the perm policy is invalid where create or update role
|
||||
ErrRolePermissionCheckFailure = NewBcode(400, 15001, "the permissions are invalid")
|
||||
// ErrRoleIsExist means the role is exist
|
||||
ErrRoleIsExist = NewBcode(400, 15002, "the role name is exist")
|
||||
// ErrRoleIsNotExist means the role is not exist
|
||||
ErrRoleIsNotExist = NewBcode(400, 15003, "the role is not exist")
|
||||
// ErrPermissionNotExist means the permission is not exist
|
||||
ErrPermissionNotExist = NewBcode(404, 15004, "the permission is not exist")
|
||||
)
|
||||
@@ -35,6 +35,12 @@ import (
|
||||
// ErrServer an unexpected mistake.
|
||||
var ErrServer = NewBcode(500, 500, "The service has lapsed.")
|
||||
|
||||
// ErrForbidden check user perms failure
|
||||
var ErrForbidden = NewBcode(403, 403, "403 Forbidden")
|
||||
|
||||
// ErrUnauthorized check user auth failure
|
||||
var ErrUnauthorized = NewBcode(401, 401, "401 Unauthorized")
|
||||
|
||||
// Bcode business error code
|
||||
type Bcode struct {
|
||||
HTTPCode int32 `json:"-"`
|
||||
|
||||
Reference in New Issue
Block a user