func createSystemUserInMemory() {
permission := &rbac.Permission{"system-all", "*", "*", "*"}
permissionSlice := make([]*rbac.Permission, 0)
permissionSlice = append(permissionSlice, permission)
role := &rbac.Role{"system-admin", permissionSlice, "system-admin"}
roleSlice := make([]*rbac.Role, 0)
roleSlice = append(roleSlice, role)
resource := &rbac.Resource{"system-all", "*", "*"}
resourceSlice := make([]*rbac.Resource, 0)
resourceSlice = append(resourceSlice, resource)
metaDataMap := make(map[string]string)
// Use time as password and have it encrypted so no one other than system could use
user := rbac.CreateUser("system", time.Now().String(), roleSlice, resourceSlice, "system-admin", metaDataMap, nil, false)
// Set the duration to 100 years
duration := time.Duration(time.Hour * 24 * 365 * 100)
token, err := generateToken(user, duration)
if err != nil {
log.Critical(err)
return
}
rbac.SetCache(token, user, duration)
SystemAdminToken = token
}
func putUser(request *restful.Request, response *restful.Response) {
name := request.PathParameter("name")
user := rbac.User{}
err := request.ReadEntity(&user)
if err != nil {
jsonMap := make(map[string]interface{})
jsonMap["Error"] = "Read body failure"
jsonMap["ErrorMessage"] = err.Error()
jsonMap["name"] = name
errorMessageByteSlice, _ := json.Marshal(jsonMap)
log.Error(jsonMap)
response.WriteErrorString(400, string(errorMessageByteSlice))
return
}
if name != user.Name {
jsonMap := make(map[string]interface{})
jsonMap["Error"] = "Path parameter name is different from name in the body"
jsonMap["path"] = name
jsonMap["body"] = user.Name
errorMessageByteSlice, _ := json.Marshal(jsonMap)
log.Error(jsonMap)
response.WriteErrorString(400, string(errorMessageByteSlice))
return
}
oldUser, _ := authorization.GetStorage().LoadUser(name)
if oldUser == nil {
jsonMap := make(map[string]interface{})
jsonMap["Error"] = "The user to update deosn't exist"
jsonMap["ErrorMessage"] = err.Error()
jsonMap["name"] = name
errorMessageByteSlice, _ := json.Marshal(jsonMap)
log.Error(jsonMap)
response.WriteErrorString(404, string(errorMessageByteSlice))
return
}
createdUser := rbac.CreateUser(user.Name, user.EncodedPassword, user.RoleSlice, user.ResourceSlice, user.Description, user.MetaDataMap, user.ExpiredTime, user.Disabled)
err = authorization.GetStorage().SaveUser(createdUser)
if err != nil {
jsonMap := make(map[string]interface{})
jsonMap["Error"] = "Save user failure"
jsonMap["ErrorMessage"] = err.Error()
jsonMap["user"] = user
errorMessageByteSlice, _ := json.Marshal(jsonMap)
log.Error(jsonMap)
response.WriteErrorString(422, string(errorMessageByteSlice))
return
}
}
func postUser(request *restful.Request, response *restful.Response) {
user := rbac.User{}
err := request.ReadEntity(&user)
if err != nil {
jsonMap := make(map[string]interface{})
jsonMap["Error"] = "Read body failure"
jsonMap["ErrorMessage"] = err.Error()
errorMessageByteSlice, _ := json.Marshal(jsonMap)
log.Error(jsonMap)
response.WriteErrorString(400, string(errorMessageByteSlice))
return
}
oldUser, _ := authorization.GetStorage().LoadUser(user.Name)
if oldUser != nil {
jsonMap := make(map[string]interface{})
jsonMap["Error"] = "The user to create already exists"
jsonMap["ErrorMessage"] = err.Error()
jsonMap["name"] = user.Name
errorMessageByteSlice, _ := json.Marshal(jsonMap)
log.Error(jsonMap)
response.WriteErrorString(409, string(errorMessageByteSlice))
return
}
createdUser := rbac.CreateUser(user.Name, user.EncodedPassword, user.RoleSlice, user.ResourceSlice, user.Description, user.MetaDataMap, user.ExpiredTime, user.Disabled)
err = authorization.GetStorage().SaveUser(createdUser)
if err != nil {
jsonMap := make(map[string]interface{})
jsonMap["Error"] = "Save user failure"
jsonMap["ErrorMessage"] = err.Error()
jsonMap["user"] = user
errorMessageByteSlice, _ := json.Marshal(jsonMap)
log.Error(jsonMap)
response.WriteErrorString(422, string(errorMessageByteSlice))
return
}
}
func createDefaultUser() {
user, _ := GetStorage().LoadUser("admin")
if user == nil {
permission := &rbac.Permission{"all", "*", "*", "*"}
permissionSlice := make([]*rbac.Permission, 0)
permissionSlice = append(permissionSlice, permission)
role := &rbac.Role{"admin", permissionSlice, "admin"}
roleSlice := make([]*rbac.Role, 0)
roleSlice = append(roleSlice, role)
resource := &rbac.Resource{"all", "*", "*"}
resourceSlice := make([]*rbac.Resource, 0)
resourceSlice = append(resourceSlice, resource)
metaDataMap := make(map[string]string)
user := rbac.CreateUser("admin", "password", roleSlice, resourceSlice, "admin", metaDataMap, nil, false)
if err := GetStorage().SaveRole(role); err != nil {
log.Critical(err)
}
if err := GetStorage().SaveUser(user); err != nil {
log.Critical(err)
}
}
}
