diff --git a/core/security/enum/const.go b/core/security/enum/const.go index 74f5f807..58f93fa5 100644 --- a/core/security/enum/const.go +++ b/core/security/enum/const.go @@ -38,6 +38,8 @@ const ( CommandRead = "system.command:read" CredentialAll = "system.credential:all" CredentialRead = "system.credential:read" + SmtpServerAll = "system.smtp_server:all" + SmtpServerRead = "system.smtp_server:read" InstanceRead = "gateway.instance:read" InstanceAll = "gateway.instance:all" @@ -142,6 +144,8 @@ const ( PermissionMigrationTaskWrite = "task:write" PermissionComparisonTaskRead = "comparison_task:read" PermissionComparisonTaskWrite = "comparison_task:write" + PermissionSmtpServerRead = "smtp_server:read" + PermissionSmtpServerWrite = "smtp_server:write" ) var ( @@ -217,6 +221,8 @@ var ( DashboardAllPermission = []string{PermissionLayoutRead, PermissionLayoutWrite} WorkbenchReadPermission = []string{PermissionElasticsearchClusterRead, PermissionActivityRead, PermissionAlertMessageRead, PermissionElasticsearchMetricRead} WorkbenchAllPermission = WorkbenchReadPermission + SmtpServerReadPermission = []string{PermissionSmtpServerRead} + SmtpServerAllPermission = []string{PermissionSmtpServerRead, PermissionSmtpServerWrite} ) var AdminPrivilege = []string{ @@ -228,7 +234,7 @@ var AdminPrivilege = []string{ ClusterOverviewAll, MonitoringAll, ActivitiesAll, AliasAll, AgentInstanceAll, CredentialAll, DataMigrationAll, DataComparisonAll, DashboardAll, DevtoolConsoleAll, - WorkbenchAll, TenantCustomerAll, SubscriptionAll, AuditLogsAll, + WorkbenchAll, TenantCustomerAll, SubscriptionAll, AuditLogsAll, SmtpServerAll, } func init() { @@ -298,6 +304,8 @@ func init() { SubscriptionRead: SubscriptionReadPermission, SubscriptionAll: SubscriptionAllPermission, + SmtpServerRead: SmtpServerReadPermission, + SmtpServerAll: SmtpServerAllPermission, } } diff --git a/plugin/api/email/api.go b/plugin/api/email/api.go index ec986bef..9515131b 100644 --- a/plugin/api/email/api.go +++ b/plugin/api/email/api.go @@ -29,6 +29,8 @@ package email import ( log "github.com/cihub/seelog" + "infini.sh/console/core" + "infini.sh/console/core/security/enum" "infini.sh/console/model" "infini.sh/console/plugin/api/email/common" "infini.sh/framework/core/api" @@ -38,17 +40,17 @@ import ( ) type EmailAPI struct { - api.Handler + core.Handler } func InitAPI() { email := EmailAPI{} - api.HandleAPIMethod(api.POST, "/email/server/_test", email.testEmailServer) - api.HandleAPIMethod(api.GET, "/email/server/:email_server_id", email.getEmailServer) - api.HandleAPIMethod(api.POST, "/email/server", email.createEmailServer) - api.HandleAPIMethod(api.PUT, "/email/server/:email_server_id", email.updateEmailServer) - api.HandleAPIMethod(api.DELETE, "/email/server/:email_server_id", email.deleteEmailServer) - api.HandleAPIMethod(api.GET, "/email/server/_search", email.searchEmailServer) + api.HandleAPIMethod(api.POST, "/email/server/_test", email.RequirePermission(email.testEmailServer, enum.PermissionSmtpServerRead)) + api.HandleAPIMethod(api.GET, "/email/server/:email_server_id", email.RequirePermission(email.getEmailServer, enum.PermissionAlertRuleRead)) + api.HandleAPIMethod(api.POST, "/email/server", email.RequirePermission(email.createEmailServer, enum.PermissionSmtpServerWrite)) + api.HandleAPIMethod(api.PUT, "/email/server/:email_server_id", email.RequirePermission(email.updateEmailServer, enum.PermissionSmtpServerWrite)) + api.HandleAPIMethod(api.DELETE, "/email/server/:email_server_id", email.RequirePermission(email.deleteEmailServer, enum.PermissionSmtpServerWrite)) + api.HandleAPIMethod(api.GET, "/email/server/_search", email.RequirePermission(email.searchEmailServer, enum.PermissionSmtpServerRead)) credential.RegisterChangeEvent(func(cred *credential.Credential) { query := util.MapStr{