ideal-world
diff --git a/‎Cargo.toml
Lines changed: 5 additions & 3 deletions b/‎Cargo.toml
Lines changed: 5 additions & 3 deletions
diff --git a/‎basic/src/helper.rs
Lines changed: 1 addition & 0 deletions b/‎basic/src/helper.rs
Lines changed: 1 addition & 0 deletions
diff --git a/‎basic/src/helper/bios_ctx_helper.rs
Lines changed: 138 additions & 0 deletions b/‎basic/src/helper/bios_ctx_helper.rs
Lines changed: 138 additions & 0 deletions
diff --git a/‎basic/src/rbum/domain/rbum_cert.rs
Lines changed: 13 additions & 20 deletions b/‎basic/src/rbum/domain/rbum_cert.rs
Lines changed: 13 additions & 20 deletions
diff --git a/‎basic/src/rbum/domain/rbum_cert_conf.rs
Lines changed: 16 additions & 15 deletions b/‎basic/src/rbum/domain/rbum_cert_conf.rs
Lines changed: 16 additions & 15 deletions
@@ -59,9 +59,9 @@ run_script = { version = "0.10" }
 testcontainers-modules = { version = "0.3", features = ["redis"] }
 strum = { version = "0.26", features = ["derive"] }
 # tardis
-tardis = { version = "0.1.0-rc.10" }
+# tardis = { version = "0.1.0-rc.10" }
 # tardis = { path = "../tardis/tardis" }
-# tardis = { git = "https://github.com/ideal-world/tardis.git", rev = "6312e3305c322d48b084e14c23a8de2a879a738a" }
+tardis = { git = "https://github.com/ideal-world/tardis.git", rev = "191f3ec" }
 #spacegate
 
 # spacegate-kernel = { git = "https://github.com/ideal-world/spacegate.git", rev = "f37a81a", features = [
@@ -74,8 +74,10 @@ tardis = { version = "0.1.0-rc.10" }
 #   "k8s",
 #   "ext-redis",
 # ] }
-spacegate-shell = { git = "https://github.com/ideal-world/spacegate.git", branch = "master",  features = [
+spacegate-shell = { git = "https://github.com/ideal-world/spacegate.git", branch = "master", features = [
   "cache",
   "k8s",
   "ext-redis",
 ] }
+
+spacegate-plugin = { git = "https://github.com/ideal-world/spacegate.git", branch = "master" }
@@ -1,3 +1,4 @@
+pub mod bios_ctx_helper;
 pub mod db_helper;
 pub mod request_helper;
 pub mod url_helper;
@@ -0,0 +1,138 @@
+use crate::rbum::rbum_config::RbumConfigApi;
+use tardis::{
+    basic::{dto::TardisContext, error::TardisError, result::TardisResult},
+    web::poem::Request,
+    TardisFuns, TardisFunsInst,
+};
+
+fn unsafe_check_ctx<F>(request: &Request, f: F, check: bool, funs: &TardisFunsInst, ctx: &mut TardisContext) -> TardisResult<()>
+where
+    F: FnOnce(TardisContext, &mut TardisContext),
+{
+    if check && !ctx.owner.is_empty() {
+        return Ok(());
+    }
+    let bios_ctx = if let Some(bios_ctx) = request.header(&funs.rbum_head_key_bios_ctx()).or_else(|| request.header(&funs.rbum_head_key_bios_ctx().to_lowercase())) {
+        TardisFuns::json.str_to_obj::<TardisContext>(&TardisFuns::crypto.base64.decode_to_string(bios_ctx)?)?
+    } else {
+        if ctx.owner.is_empty() && ctx.ak.is_empty() && ctx.own_paths.is_empty() && ctx.roles.is_empty() && ctx.groups.is_empty() {
+            return Err(TardisError::unauthorized(
+                &format!("[Basic] Request is not legal, missing header [{}]", funs.rbum_head_key_bios_ctx()),
+                "401-auth-req-ak-not-exist",
+            ));
+        } else {
+            return Ok(());
+        }
+    };
+
+    if bios_ctx.own_paths.contains(&ctx.own_paths) {
+        f(bios_ctx, ctx);
+
+        Ok(())
+    } else {
+        Err(TardisError::forbidden(
+            &format!("[Basic] Request is not legal from head [{}]", funs.rbum_head_key_bios_ctx()),
+            "403-auth-req-permission-denied",
+        ))
+    }
+}
+
+// xxx_check_own function will check the owner is empty or not.
+pub fn check_own_fill_ctx(request: &Request, funs: &TardisFunsInst, ctx: &mut TardisContext) -> TardisResult<()> {
+    unsafe_check_ctx(
+        request,
+        |bios_ctx, ctx| {
+            let mut roles = bios_ctx.roles.clone();
+            for role in bios_ctx.roles.clone() {
+                if role.contains(':') {
+                    let extend_role = role.split(':').collect::<Vec<_>>()[0];
+                    roles.push(extend_role.to_string());
+                }
+            }
+            ctx.owner = bios_ctx.owner.clone();
+            ctx.roles = roles;
+            ctx.groups = bios_ctx.groups;
+            ctx.own_paths = bios_ctx.own_paths;
+        },
+        true,
+        funs,
+        ctx,
+    )
+}
+
+pub fn unsafe_fill_ctx(request: &Request, funs: &TardisFunsInst, ctx: &mut TardisContext) -> TardisResult<()> {
+    unsafe_check_ctx(
+        request,
+        |bios_ctx, ctx| {
+            let mut roles = bios_ctx.roles.clone();
+            for role in bios_ctx.roles.clone() {
+                if role.contains(':') {
+                    let extend_role = role.split(':').collect::<Vec<_>>()[0];
+                    roles.push(extend_role.to_string());
+                }
+            }
+            ctx.owner = bios_ctx.owner.clone();
+            ctx.roles = roles;
+            ctx.groups = bios_ctx.groups;
+            ctx.own_paths = bios_ctx.own_paths;
+        },
+        false,
+        funs,
+        ctx,
+    )
+}
+
+pub fn unsfae_fill_owner_only(request: &Request, funs: &TardisFunsInst, ctx: &mut TardisContext) -> TardisResult<()> {
+    unsafe_check_ctx(
+        request,
+        |bios_ctx, ctx| {
+            ctx.owner = bios_ctx.owner.clone();
+        },
+        false,
+        funs,
+        ctx,
+    )
+}
+
+pub fn unsfae_fill_own_paths_only(request: &Request, funs: &TardisFunsInst, ctx: &mut TardisContext) -> TardisResult<()> {
+    unsafe_check_ctx(
+        request,
+        |bios_ctx, ctx| {
+            ctx.own_paths = bios_ctx.own_paths;
+        },
+        false,
+        funs,
+        ctx,
+    )
+}
+
+pub fn unsfae_fill_roles_only(request: &Request, funs: &TardisFunsInst, ctx: &mut TardisContext) -> TardisResult<()> {
+    unsafe_check_ctx(
+        request,
+        |bios_ctx, ctx| {
+            let mut roles = bios_ctx.roles.clone();
+            for role in bios_ctx.roles.clone() {
+                if role.contains(':') {
+                    let extend_role = role.split(':').collect::<Vec<_>>()[0];
+                    roles.push(extend_role.to_string());
+                }
+            }
+            ctx.roles = roles;
+        },
+        false,
+        funs,
+        ctx,
+    )
+}
+
+pub fn unsfae_fill_groups_only(request: &Request, funs: &TardisFunsInst, ctx: &mut TardisContext) -> TardisResult<()> {
+    unsafe_check_ctx(
+        request,
+        |bios_ctx, ctx| {
+            ctx.groups = bios_ctx.groups;
+        },
+        false,
+        funs,
+        ctx,
+    )
+}
@@ -3,13 +3,14 @@ use tardis::chrono::{self, Utc};
 use tardis::db::reldb_client::TardisActiveModel;
 use tardis::db::sea_orm;
 use tardis::db::sea_orm::prelude::*;
-use tardis::db::sea_orm::sea_query::{ColumnDef, Index, IndexCreateStatement, Table, TableCreateStatement};
+use tardis::db::sea_orm::sea_query::{ColumnDef, IndexCreateStatement, Table, TableCreateStatement};
 use tardis::db::sea_orm::*;
+use tardis::TardisCreateIndex;
 
 /// Credential or authentication instance model
 ///
 /// Uniform use of cert refers to credentials or authentication
-#[derive(Clone, Debug, PartialEq, Eq, DeriveEntityModel)]
+#[derive(Clone, Debug, PartialEq, Eq, DeriveEntityModel, TardisCreateIndex)]
 #[sea_orm(table_name = "rbum_cert")]
 pub struct Model {
     #[sea_orm(primary_key, auto_increment = false)]
@@ -40,6 +41,7 @@ pub struct Model {
     /// Associated [cert configuration](crate::rbum::domain::rbum_cert_conf::Model) id
     pub rel_rbum_cert_conf_id: String,
     /// Associated [resource kind](crate::rbum::rbum_enumeration::RbumCertRelKind) id
+    #[index(index_id = "id")]
     pub rel_rbum_kind: i16,
     /// Associated resource id
     ///
@@ -54,20 +56,25 @@ pub struct Model {
     ///
     /// * if rel_rbum_kind == Rel
     ///  - In the CMDB service, a resource can be sliced (E.g. DB instance), we can specify slice information of association
+    #[index(index_id = "id")]
     pub rel_rbum_id: String,
 
     pub own_paths: String,
     pub owner: String,
     pub create_time: chrono::DateTime<Utc>,
     pub update_time: chrono::DateTime<Utc>,
+    pub create_by: String,
+    pub update_by: String,
 }
 
 impl TardisActiveModel for ActiveModel {
     fn fill_ctx(&mut self, ctx: &TardisContext, is_insert: bool) {
         if is_insert {
             self.own_paths = Set(ctx.own_paths.to_string());
             self.owner = Set(ctx.owner.to_string());
+            self.create_by = Set(ctx.owner.to_string());
         }
+        self.update_by = Set(ctx.owner.to_string());
     }
 
     fn create_table_statement(db: DbBackend) -> TableCreateStatement {
@@ -90,7 +97,9 @@ impl TardisActiveModel for ActiveModel {
             // Basic
             .col(ColumnDef::new(Column::OwnPaths).not_null().string())
             .col(ColumnDef::new(Column::Owner).not_null().string())
-            .col(ColumnDef::new(Column::Status).not_null().small_integer());
+            .col(ColumnDef::new(Column::Status).not_null().small_integer())
+            .col(ColumnDef::new(Column::CreateBy).not_null().string())
+            .col(ColumnDef::new(Column::UpdateBy).not_null().string());
         if db == DatabaseBackend::Postgres {
             builder
                 .col(ColumnDef::new(Column::StartTime).not_null().timestamp_with_time_zone())
@@ -111,23 +120,7 @@ impl TardisActiveModel for ActiveModel {
     }
 
     fn create_index_statement() -> Vec<IndexCreateStatement> {
-        vec![
-            // todo delete index
-            // Index::create()
-            //     .name(&format!("idx-{}-ak", Entity.table_name()))
-            //     .table(Entity)
-            //     .col(Column::OwnPaths)
-            //     .col(Column::RelRbumKind)
-            //     .col(Column::RelRbumCertConfId)
-            //     .col(Column::Ak)
-            //     .to_owned(),
-            Index::create()
-                .name(&format!("idx-{}-{}", Entity.table_name(), Column::RelRbumKind.to_string()))
-                .table(Entity)
-                .col(Column::RelRbumKind)
-                .col(Column::RelRbumId)
-                .to_owned(),
-        ]
+        tardis_create_index_statement()
     }
 }
 
 
@@ -3,18 +3,21 @@ use tardis::chrono::{self, Utc};
 use tardis::db::reldb_client::TardisActiveModel;
 use tardis::db::sea_orm;
 use tardis::db::sea_orm::prelude::*;
-use tardis::db::sea_orm::sea_query::{ColumnDef, Index, IndexCreateStatement, Table, TableCreateStatement};
+use tardis::db::sea_orm::sea_query::{ColumnDef, IndexCreateStatement, Table, TableCreateStatement};
 use tardis::db::sea_orm::*;
+use tardis::TardisCreateIndex;
 
 /// Credential or authentication configuration model
 ///
 /// Uniform use of cert refers to credentials or authentication
-#[derive(Clone, Debug, PartialEq, Eq, DeriveEntityModel)]
+#[derive(Clone, Debug, PartialEq, Eq, DeriveEntityModel, TardisCreateIndex)]
 #[sea_orm(table_name = "rbum_cert_conf")]
 pub struct Model {
     #[sea_orm(primary_key, auto_increment = false)]
     pub id: String,
+    #[index(index_id = "id_2", unique)]
     pub kind: String,
+    #[index(index_id = "id_2", unique)]
     pub supplier: String,
     pub name: String,
     pub note: String,
@@ -59,22 +62,29 @@ pub struct Model {
     /// see [status][crate::rbum::rbum_enumeration::RbumCertConfStatusKind]
     pub status: i16,
     /// Associated [resource domain](crate::rbum::domain::rbum_domain::Model) id
+    #[index(index_id = "id_2", unique)]
     pub rel_rbum_domain_id: String,
     /// Associated [resource](crate::rbum::domain::rbum_item::Model) id
+    #[index(index_id = "id_2", unique)]
     pub rel_rbum_item_id: String,
 
+    #[index()]
     pub own_paths: String,
     pub owner: String,
     pub create_time: chrono::DateTime<Utc>,
     pub update_time: chrono::DateTime<Utc>,
+    pub create_by: String,
+    pub update_by: String,
 }
 
 impl TardisActiveModel for ActiveModel {
     fn fill_ctx(&mut self, ctx: &TardisContext, is_insert: bool) {
         if is_insert {
             self.own_paths = Set(ctx.own_paths.to_string());
             self.owner = Set(ctx.owner.to_string());
+            self.create_by = Set(ctx.owner.to_string());
         }
+        self.update_by = Set(ctx.owner.to_string());
     }
 
     fn create_table_statement(db: DbBackend) -> TableCreateStatement {
@@ -111,7 +121,9 @@ impl TardisActiveModel for ActiveModel {
             .col(ColumnDef::new(Column::Status).not_null().small_integer())
             // Basic
             .col(ColumnDef::new(Column::OwnPaths).not_null().string())
-            .col(ColumnDef::new(Column::Owner).not_null().string());
+            .col(ColumnDef::new(Column::Owner).not_null().string())
+            .col(ColumnDef::new(Column::CreateBy).not_null().string())
+            .col(ColumnDef::new(Column::UpdateBy).not_null().string());
         if db == DatabaseBackend::Postgres {
             builder
                 .col(ColumnDef::new(Column::CreateTime).extra("DEFAULT CURRENT_TIMESTAMP".to_string()).timestamp_with_time_zone())
@@ -128,18 +140,7 @@ impl TardisActiveModel for ActiveModel {
     }
 
     fn create_index_statement() -> Vec<IndexCreateStatement> {
-        vec![
-            Index::create().name(&format!("idx-{}-{}", Entity.table_name(), Column::OwnPaths.to_string())).table(Entity).col(Column::OwnPaths).to_owned(),
-            Index::create()
-                .name(&format!("idx-{}-{}", Entity.table_name(), Column::Kind.to_string()))
-                .table(Entity)
-                .col(Column::Kind)
-                .col(Column::Supplier)
-                .col(Column::RelRbumDomainId)
-                .col(Column::RelRbumItemId)
-                .unique()
-                .to_owned(),
-        ]
+        tardis_create_index_statement()
     }
 }