ControlProxy/access-control-template/actemplate/RBAC.yjs

import "ABAC.yjs";
module RBAC {
    function initRBAC(req, allRoles) {
        Global.allRoles = JSON.parse(allRoles);
        Global.roleTable = RocksDBUtil.loadDB("./roleTable", "false");
        initABAC(req);
    }
    function calculatePermission(roles) {
        var ret = [];
        for (var i = 0;
        i<roles.length;
        i++){
            var perms = Global.allRoles[roles[i]];
            if (perms!=null)
                ret = ret.concat(perms);
        }
        return ret;
    }
    @Description("{\"!user\":\"string\",\"!role\":\"string\"}")
    @ArgSchema({
    "!user":"string", "!role":"string"
    })
    @Access({
    "ACFunction":"accept"
    })
    export function addRole(arg) {
        if (Global.allRoles[arg.role]==undefined){
            YancloudUtil.exception({
            "code":500, "msg":"no such role"
            });
        }
        var arr = getRoleInternal(arg.user);
        if (arr.indexOf(arg.role)==-1){
            arr.push(arg.role);
            flushRole(arg.user, arr);
        }
        return arr;
    }

    @Description("两个参数， {\"user\":\"xxxx\", \"role\":\"\"}")
    @ArgSchema({
    "!user":"string", "!role":"string"
    })
    @Access({
    "ACFunction":"accept"
    })
    export function removeRole(arg) {
        if (Global.allRoles[arg.role]==undefined){
            YancloudUtil.exception({
            "code":500, "msg":"no such role"
            });
        }
        var arr = getRoleInternal(arg.user);
        var index = arr.indexOf(arg.role);
        if (index!=-1){
            arr.splice(index, 1);
        }
        flushRole(arg.user, arr);
        return arr;
    }

    function flushRole(user, roles) {
        Global.roleTable.put(user, JSON.stringify(roles));
        var permissions = calculatePermission(roles);
        flushPermission(arg.user, permissions);
    }

    @Description(" use signed request, no other arguments is required")
    @Access("verified")
    export function getMyRole(arg) {
        return getRoleInternal(requester);
    }

    function getRoleInternal(req) {
        var ret = Global.roleTable.get(req);
        if (ret==undefined) return [];
        return JSON.parse(ret);
    }
}
add submodules 2023-11-17 13:37:42 +00:00			`import "ABAC.yjs";`
			`module RBAC {`
			`function initRBAC(req, allRoles) {`
			`Global.allRoles = JSON.parse(allRoles);`
			`Global.roleTable = RocksDBUtil.loadDB("./roleTable", "false");`
			`initABAC(req);`
			`}`
			`function calculatePermission(roles) {`
			`var ret = [];`
			`for (var i = 0;`
			`i<roles.length;`
			`i++){`
			`var perms = Global.allRoles[roles[i]];`
			`if (perms!=null)`
			`ret = ret.concat(perms);`
			`}`
			`return ret;`
			`}`
			`@Description("{\"!user\":\"string\",\"!role\":\"string\"}")`
			`@ArgSchema({`
			`"!user":"string", "!role":"string"`
			`})`
			`@Access({`
			`"ACFunction":"accept"`
			`})`
			`export function addRole(arg) {`
			`if (Global.allRoles[arg.role]==undefined){`
			`YancloudUtil.exception({`
			`"code":500, "msg":"no such role"`
			`});`
			`}`
			`var arr = getRoleInternal(arg.user);`
			`if (arr.indexOf(arg.role)==-1){`
			`arr.push(arg.role);`
			`flushRole(arg.user, arr);`
			`}`
			`return arr;`
			`}`

			`@Description("两个参数， {\"user\":\"xxxx\", \"role\":\"\"}")`
			`@ArgSchema({`
			`"!user":"string", "!role":"string"`
			`})`
			`@Access({`
			`"ACFunction":"accept"`
			`})`
			`export function removeRole(arg) {`
			`if (Global.allRoles[arg.role]==undefined){`
			`YancloudUtil.exception({`
			`"code":500, "msg":"no such role"`
			`});`
			`}`
			`var arr = getRoleInternal(arg.user);`
			`var index = arr.indexOf(arg.role);`
			`if (index!=-1){`
			`arr.splice(index, 1);`
			`}`
			`flushRole(arg.user, arr);`
			`return arr;`
			`}`

			`function flushRole(user, roles) {`
			`Global.roleTable.put(user, JSON.stringify(roles));`
			`var permissions = calculatePermission(roles);`
			`flushPermission(arg.user, permissions);`
			`}`

			`@Description(" use signed request, no other arguments is required")`
			`@Access("verified")`
			`export function getMyRole(arg) {`
			`return getRoleInternal(requester);`
			`}`

			`function getRoleInternal(req) {`
			`var ret = Global.roleTable.get(req);`
			`if (ret==undefined) return [];`
			`return JSON.parse(ret);`
			`}`
			`}`