[feat]: org component role setting (#80)

Signed-off-by: kevin <kevin@lindb.io>

Author: kevin6025

model/acl.go

@@ -36,3 +36,8 @@ type ResourceACLParam struct {
 func (p *ResourceACLParam) ToParams() []any {
 	return []any{p.Role.String(), fmt.Sprintf("%d", p.OrgID), p.Category.String(), p.Resource, p.Action.String()}
 }
+
+// ToStringParams returns casbin params.
+func (p *ResourceACLParam) ToStringParams() []string {
+	return []string{p.Role.String(), fmt.Sprintf("%d", p.OrgID), p.Category.String(), p.Resource, p.Action.String()}
+}

model/acl_test.go

@@ -33,4 +33,12 @@ func Test_ResourceACLParam_ToParams(t *testing.T) {
 		Resource: "abc",
 		Action:   accesscontrol.Write,
 	}).ToParams())
+
+	assert.Equal(t, []string{"Admin", "123", "Dashboard", "abc", "write"}, (&ResourceACLParam{
+		Role:     accesscontrol.RoleAdmin,
+		OrgID:    123,
+		Category: accesscontrol.Dashboard,
+		Resource: "abc",
+		Action:   accesscontrol.Write,
+	}).ToStringParams())
 }

model/component.go

@@ -76,7 +76,7 @@ type Component struct {
 	Role  accesscontrol.RoleType `json:"role" gorm:"column:role"`
 	Order int                    `json:"order" gorm:"column:order"`
 
-	ParentUID string       `json:"parentUID" gorm:"column:parent_uid"`
+	ParentUID string       `json:"parentUID,omitempty" gorm:"column:parent_uid"`
 	Children  []*Component `json:"children,omitempty" gorm:"-"`
 }
 

service/authorize.go

@@ -57,6 +57,8 @@ type AuthorizeService interface {
 	AddResourcePolicy(aclParam *modelpkg.ResourceACLParam) error
 	// RemoveResourcePoliciesByCategory removes resource level acl policies by category.
 	RemoveResourcePoliciesByCategory(orgID int64, category accesscontrol.ResourceCategory) error
+	// UpdateResourceRole updates the acl role for resource.
+	UpdateResourceRole(alcParam *modelpkg.ResourceACLParam) error
 	// CheckResourceACL checks resource if can be accesed by given param.
 	CheckResourceACL(aclParam *modelpkg.ResourceACLParam) bool
 	// CheckResourcesACL checks resource list if can be accesed by given params.
@@ -139,6 +141,14 @@ func (srv *authorizeService) RemoveResourcePoliciesByCategory(orgID int64, categ
 	return err
 }
 
+// UpdateResourceRole updates the acl role for resource.
+func (srv *authorizeService) UpdateResourceRole(alcParam *modelpkg.ResourceACLParam) error {
+	_, err := srv.resource.UpdateFilteredPolicies(
+		[][]string{alcParam.ToStringParams()},
+		1, fmt.Sprintf("%d", alcParam.OrgID), alcParam.Category.String(), alcParam.Resource, alcParam.Action.String())
+	return err
+}
+
 // CheckResourceACL checks resource if can be accesed by given param.
 func (srv *authorizeService) CheckResourceACL(aclParam *modelpkg.ResourceACLParam) bool {
 	params := aclParam.ToParams()

service/authorize_test.go

@@ -276,3 +276,25 @@ func TestAuthorizeService_AddResourcePolicy(t *testing.T) {
 		assert.NoError(t, err)
 	})
 }
+
+func TestAuthorizeService_UpdateResourcesRole(t *testing.T) {
+	ctrl := gomock.NewController(t)
+	defer ctrl.Finish()
+
+	enforcer := casbinmock.NewMockIEnforcer(ctrl)
+	srv := &authorizeService{
+		resource: enforcer,
+		logger:   logger.GetLogger("Service", "AuthTest"),
+	}
+	enforcer.EXPECT().UpdateFilteredPolicies(
+		[][]string{{"Admin", "123", "Component", "abc", "write"}},
+		1, "123", accesscontrol.Component.String(), "abc", "write").Return(false, fmt.Errorf("err"))
+	err := srv.UpdateResourceRole(&modelpkg.ResourceACLParam{
+		OrgID:    123,
+		Category: accesscontrol.Component,
+		Role:     accesscontrol.RoleAdmin,
+		Resource: "abc",
+		Action:   accesscontrol.Write,
+	})
+	assert.Error(t, err)
+}

service/component.go

@@ -278,20 +278,35 @@ func (srv *componentService) SaveOrgComponents(ctx context.Context, orgUID strin
 // UpdateRolesOfOrgComponent updates roles for current org.
 func (srv *componentService) UpdateRolesOfOrgComponent(ctx context.Context, cmps []model.OrgComponentInfo) error {
 	user := util.GetUser(ctx)
-	return srv.db.Transaction(func(tx dbpkg.DB) error {
+	if err := srv.db.Transaction(func(tx dbpkg.DB) error {
 		for _, cmp := range cmps {
 			cmpFromDB := &model.Component{}
 			if err := tx.Get(cmpFromDB, "uid=?", cmp.ComponentUID); err != nil {
 				return err
 			}
 			if err := tx.UpdateSingle(&model.OrgComponent{},
 				"role", cmp.Role,
-				"org_id and component_id=?", user.Org.ID, cmpFromDB.ID); err != nil {
+				"org_id=? and component_id=?", user.Org.ID, cmpFromDB.ID); err != nil {
 				return err
 			}
 		}
 		return nil
-	})
+	}); err != nil {
+		return err
+	}
+	// update acl role
+	for _, cmp := range cmps {
+		if err := srv.authorizeSrv.UpdateResourceRole(&model.ResourceACLParam{
+			Role:     cmp.Role,
+			OrgID:    user.Org.ID,
+			Category: accesscontrol.Component,
+			Resource: cmp.ComponentUID,
+			Action:   accesscontrol.Write,
+		}); err != nil {
+			return err
+		}
+	}
+	return nil
 }
 
 // saveComponentTree saves component tree.

service/component_test.go

@@ -482,7 +482,19 @@ func TestComponentService_UpdateRolesOfOrgComponent(t *testing.T) {
 			prepare: func() {
 				mockDB.EXPECT().Get(gomock.Any(), "uid=?", "123").Return(nil)
 				mockDB.EXPECT().UpdateSingle(gomock.Any(), "role",
-					accesscontrol.RoleAdmin, gomock.Any(), gomock.Any(), gomock.Any()).Return(fmt.Errorf("err"))
+					accesscontrol.RoleAdmin, "org_id=? and component_id=?", int64(12),
+					gomock.Any()).Return(fmt.Errorf("err"))
+			},
+			wantErr: true,
+		},
+		{
+			name: "update acl role failure",
+			prepare: func() {
+				mockDB.EXPECT().Get(gomock.Any(), "uid=?", "123").Return(nil)
+				mockDB.EXPECT().UpdateSingle(gomock.Any(), "role",
+					accesscontrol.RoleAdmin, "org_id=? and component_id=?", int64(12),
+					gomock.Any()).Return(nil)
+				authorizeSrv.EXPECT().UpdateResourceRole(gomock.Any()).Return(fmt.Errorf("err"))
 			},
 			wantErr: true,
 		},
@@ -491,7 +503,9 @@ func TestComponentService_UpdateRolesOfOrgComponent(t *testing.T) {
 			prepare: func() {
 				mockDB.EXPECT().Get(gomock.Any(), "uid=?", "123").Return(nil)
 				mockDB.EXPECT().UpdateSingle(gomock.Any(), "role",
-					accesscontrol.RoleAdmin, gomock.Any(), gomock.Any(), gomock.Any()).Return(nil)
+					accesscontrol.RoleAdmin, "org_id=? and component_id=?", int64(12),
+					gomock.Any()).Return(nil)
+				authorizeSrv.EXPECT().UpdateResourceRole(gomock.Any()).Return(nil)
 			},
 			wantErr: false,
 		},

web/src/features/setting/Setting.tsx

@@ -44,6 +44,7 @@ import ListDataSource from './datasource/ListDataSource';
 import OrgList from './org/OrgList';
 import UserList from './user/UserList';
 import ComponentSetting from './component/ComponentSetting';
+import OrgComponent from './component/OrgComponent';
 const { Meta } = Card;
 const { Text, Title } = Typography;
 
@@ -77,6 +78,7 @@ const Setting: React.FC = () => {
             '/setting/org/teams',
             '/setting/orgs',
             '/setting/components',
+            '/setting/orgs/components',
           ].indexOf(location.pathname) >= 0
             ? location.pathname
             : '/setting/datasources'
@@ -104,6 +106,12 @@ const Setting: React.FC = () => {
         <TabPane itemKey="/setting/components" tab="Component" icon={<Icon icon="menu" style={{ marginRight: 8 }} />}>
           <ComponentSetting />
         </TabPane>
+        <TabPane
+          itemKey="/setting/orgs/components"
+          tab="Org. Component"
+          icon={<Icon icon="menu" style={{ marginRight: 8 }} />}>
+          <OrgComponent />
+        </TabPane>
       </Tabs>
     </Card>
   );

web/src/features/setting/component/ComponentSetting.tsx

@@ -31,7 +31,6 @@ import * as IconFontsStyles from '@src/styles/icon-fonts/fonts.scss?inline';
 import { useRequest } from '@src/hooks';
 import { ComponentSrv } from '@src/services';
 import { ApiKit } from '@src/utils';
-import FormSlot from '@douyinfe/semi-ui/lib/es/form/slot';
 import EmptyImg from '@src/images/empty.svg';
 import { Component, Feature, FeatureRepositoryInst, RoleList } from '@src/types';
 
@@ -257,9 +256,9 @@ const ComponentSetting: React.FC = () => {
           getFormApi={(api: any) => {
             formApi.current = api;
           }}>
-          <FormSlot label="Parent">
+          <Form.Slot label="Parent">
             <Tag size="large">{currentParent ? currentParent.label : 'Root'}</Tag>
-          </FormSlot>
+          </Form.Slot>
           <Form.Input field="label" label="Label" rules={[{ required: true, message: 'Label is required' }]} />
           <Form.Select
             label="Role"

web/src/features/setting/component/OrgComponent.tsx

@@ -0,0 +1,157 @@
+/*
+Licensed to LinDB under one or more contributor
+license agreements. See the NOTICE file distributed with
+this work for additional information regarding copyright
+ownership. LinDB licenses this file to you under
+the Apache License, Version 2.0 (the "License"); you may
+not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+ 
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+*/
+import React, { useCallback, useEffect, useRef, useState } from 'react';
+import { useRequest } from '@src/hooks';
+import { ComponentSrv } from '@src/services';
+import { Component, RoleList } from '@src/types';
+import { isEmpty } from 'lodash-es';
+import { Button, Col, Divider, Empty, Form, Row, Tree, Typography } from '@douyinfe/semi-ui';
+import { Icon, Notification } from '@src/components';
+import EmptyImg from '@src/images/empty.svg';
+import './component.scss';
+import { IconRefresh, IconSaveStroked } from '@douyinfe/semi-icons';
+import { ApiKit } from '@src/utils';
+
+const OrgComponent: React.FC = () => {
+  const { result: navTree, refetch } = useRequest(['load_org_component_tree'], () => {
+    return ComponentSrv.getOrgComponentTree();
+  });
+  const [expandedKeys, setExpandedKeys] = useState<string[]>([]);
+  const [treeData, setTreeData] = useState<any[]>([]);
+  const [editing, setEditing] = useState(false);
+  const [submitting, setSubmitting] = useState(false);
+  const [selectItem, setSelectItem] = useState<any>({});
+  const formApi = useRef<any>();
+
+  const buildTree = useCallback((navTree: Component[], parent: Component | null): any[] => {
+    return navTree.map((nav: Component) => {
+      const item = {
+        label: nav.label,
+        uid: nav.uid,
+        key: nav.uid,
+        value: nav.uid,
+        icon: <Icon icon={nav.icon} style={{ marginRight: 8 }} />,
+        raw: nav,
+        parent: parent,
+        children: !isEmpty(nav.children) ? buildTree(nav.children, nav) : [],
+      };
+      return item;
+    });
+  }, []);
+
+  useEffect(() => {
+    setTreeData(buildTree(navTree || [], null));
+  }, [navTree, buildTree]);
+
+  return (
+    <Row className="menu-setting">
+      <Col span={10} className="menu-tree">
+        <div className="buttons">
+          <Button
+            icon={<IconRefresh />}
+            type="tertiary"
+            onClick={() => {
+              refetch();
+            }}
+          />
+        </div>
+        <Divider />
+        <Tree
+          style={{ marginRight: 4 }}
+          motion={false}
+          draggable
+          onExpand={(keys: string[]) => setExpandedKeys(keys)}
+          expandedKeys={expandedKeys}
+          treeData={treeData}
+          renderLabel={(label: any, item: any) => (
+            <div style={{ display: 'flex', alignItems: 'center' }}>
+              <Typography.Text
+                ellipsis={{ showTooltip: true }}
+                style={{ flex: 1 }}
+                onClick={() => {
+                  setSelectItem(item.raw);
+                  formApi.current.setValues(item.raw, { isOverride: true });
+                  setEditing(true);
+                }}>
+                {label}
+              </Typography.Text>
+            </div>
+          )}
+        />
+      </Col>
+      <Col span={14} className="menu-form">
+        {!editing && (
+          <Empty
+            title="Oops! No edit menu"
+            style={{ display: 'flex', justifyContent: 'center', alignItems: 'center', marginTop: 50 }}
+            image={<img src={EmptyImg} style={{ width: 150, height: 150 }} />}
+            darkModeImage={<img src={EmptyImg} style={{ width: 150, height: 150 }} />}
+            layout="horizontal"
+            description="Please select edit menu"
+          />
+        )}
+
+        <Form
+          style={{ display: editing ? 'block' : 'none', paddingLeft: 24 }}
+          className="linsight-form"
+          labelPosition="left"
+          labelAlign="right"
+          labelWidth={120}
+          allowEmpty
+          onSubmit={async (values: Component) => {
+            try {
+              setSubmitting(true);
+              await ComponentSrv.updateRoleOfOrgComponent([{ componentUid: selectItem.uid, role: values.role }]);
+              refetch();
+              Notification.success('Component save successfully!');
+            } catch (err) {
+              Notification.error(ApiKit.getErrorMsg(err));
+            } finally {
+              setSubmitting(false);
+            }
+          }}
+          getFormApi={(api: any) => {
+            formApi.current = api;
+          }}>
+          <Form.Slot label="Label">
+            <Icon icon={selectItem.icon} />
+            <Typography.Text style={{ marginLeft: 4 }}>{selectItem.label}</Typography.Text>
+          </Form.Slot>
+          <Form.Select
+            label="Role"
+            field="role"
+            optionList={RoleList}
+            rules={[{ required: true, message: 'Label is required' }]}
+          />
+          <Form.Slot>
+            <Button
+              icon={<IconSaveStroked />}
+              loading={submitting}
+              onClick={() => {
+                formApi.current.submitForm();
+              }}>
+              Save
+            </Button>
+          </Form.Slot>
+        </Form>
+      </Col>
+    </Row>
+  );
+};
+
+export default OrgComponent;

web/src/services/component.service.ts

@@ -31,6 +31,14 @@ const getOrgComponents = (orgUID: string): Promise<OrgComponent[]> => {
   return ApiKit.GET<OrgComponent[]>(`${ApiPath.Org}/${orgUID}${ApiPath.Component}`);
 };
 
+const getOrgComponentTree = (): Promise<Component[]> => {
+  return ApiKit.GET<Component[]>(`${ApiPath.Org}/${ApiPath.Component}`);
+};
+
+const updateRoleOfOrgComponent = (cmps: OrgComponent[]): Promise<string> => {
+  return ApiKit.PUT<string>(`${ApiPath.Org}/${ApiPath.Component}/roles`, cmps);
+};
+
 const createComponent = (cmp: Component): Promise<string> => {
   return ApiKit.POST<string>(ApiPath.Component, cmp);
 };
@@ -49,6 +57,8 @@ const sortComponents = (cmps: Component[]): Promise<string> => {
 
 export default {
   getComponentTree,
+  getOrgComponentTree,
+  updateRoleOfOrgComponent,
   saveOrgComponents,
   getOrgComponents,
   createComponent,