Finish rest of the role functions

Signed-off-by: Jin Hai <haijin.chn@gmail.com>

Author: JinHai-CN

admin/client/admin_client.py

@@ -772,7 +772,7 @@ def _show_role(self, command):
         role_name_tree: Tree = command['role_name']
         role_name: str = role_name_tree.children[0].strip("'\"")
         print(f"show role: {role_name}")
-        url = f'http://{self.host}:{self.port}/api/v1/admin/roles/{role_name}/permissions'
+        url = f'http://{self.host}:{self.port}/api/v1/admin/roles/{role_name}/permission'
         response = requests.get(
             url,
             auth=HTTPBasicAuth(self.admin_account, self.admin_password)
@@ -794,7 +794,18 @@ def _grant_permission(self, command):
             action_str: str = action_tree.children[0].strip("'\"")
             actions.append(action_str)
         print(f"grant role_name: {role_name_str}, resource: {resource_str}, actions: {actions}")
-        pass
+        url = f'http://{self.host}:{self.port}/api/v1/admin/roles/{role_name_str}/permission'
+        response = requests.post(
+            url,
+            auth=HTTPBasicAuth(self.admin_account, self.admin_password),
+            json={'actions': actions, 'resource': resource_str}
+        )
+        res_json = response.json()
+        if response.status_code == 200:
+            self._print_table_simple(res_json['data'])
+        else:
+            print(
+                f"Fail to grant role {role_name_str} with {actions} on {resource_str}, code: {res_json['code']}, message: {res_json['message']}")
 
     def _revoke_permission(self, command):
         role_name_tree: Tree = command['role_name']
@@ -807,21 +818,53 @@ def _revoke_permission(self, command):
             action_str: str = action_tree.children[0].strip("'\"")
             actions.append(action_str)
         print(f"revoke role_name: {role_name_str}, resource: {resource_str}, actions: {actions}")
-        pass
+        url = f'http://{self.host}:{self.port}/api/v1/admin/roles/{role_name_str}/permission'
+        response = requests.delete(
+            url,
+            auth=HTTPBasicAuth(self.admin_account, self.admin_password),
+            json={'actions': actions, 'resource': resource_str}
+        )
+        res_json = response.json()
+        if response.status_code == 200:
+            self._print_table_simple(res_json['data'])
+        else:
+            print(
+                f"Fail to revoke role {role_name_str} with {actions} on {resource_str}, code: {res_json['code']}, message: {res_json['message']}")
 
     def _alter_user_role(self, command):
         role_name_tree: Tree = command['role_name']
         role_name_str: str = role_name_tree.children[0].strip("'\"")
         user_name_tree: Tree = command['user_name']
         user_name_str: str = user_name_tree.children[0].strip("'\"")
         print(f"alter_user_role user_name: {user_name_str}, role_name: {role_name_str}")
-        pass
+        url = f'http://{self.host}:{self.port}/api/v1/admin/users/{user_name_str}/role'
+        response = requests.put(
+            url,
+            auth=HTTPBasicAuth(self.admin_account, self.admin_password),
+            json={'role_name': role_name_str}
+        )
+        res_json = response.json()
+        if response.status_code == 200:
+            self._print_table_simple(res_json['data'])
+        else:
+            print(
+                f"Fail to alter user: {user_name_str} to role {role_name_str}, code: {res_json['code']}, message: {res_json['message']}")
 
     def _show_user_permission(self, command):
         user_name_tree: Tree = command['user_name']
         user_name_str: str = user_name_tree.children[0].strip("'\"")
         print(f"show_user_permission user_name: {user_name_str}")
-        pass
+        url = f'http://{self.host}:{self.port}/api/v1/admin/users/{user_name_str}/permission'
+        response = requests.get(
+            url,
+            auth=HTTPBasicAuth(self.admin_account, self.admin_password)
+        )
+        res_json = response.json()
+        if response.status_code == 200:
+            self._print_table_simple(res_json['data'])
+        else:
+            print(
+                f"Fail to show user: {user_name_str} permission, code: {res_json['code']}, message: {res_json['message']}")
 
     def _handle_meta_command(self, command):
         meta_command = command['command']

admin/server/roles.py

@@ -47,23 +47,31 @@ def list_roles() -> Dict[str, Any]:
         raise AdminException(error_msg)
 
     @staticmethod
-    def get_role_permissions(role_name: str) -> Dict[str, Any]:
+    def get_role_permission(role_name: str) -> Dict[str, Any]:
         error_msg = f"not implement: show role {role_name}"
         logging.error(error_msg)
         raise AdminException(error_msg)
 
     @staticmethod
-    def grant_role_permissions(role_name: str, permissions: str) -> Dict[str, Any]:
-        raise AdminException(f"Not implement {inspect.currentframe().f_code.co_name}")
+    def grant_role_permission(role_name: str, actions: list, resource: str) -> Dict[str, Any]:
+        error_msg = f"not implement: grant role {role_name} actions: {actions} on {resource}"
+        logging.error(error_msg)
+        raise AdminException(error_msg)
 
     @staticmethod
-    def revoke_role_permissions(role_name: str, permissions: str) -> Dict[str, Any]:
-        raise AdminException(f"Not implement {inspect.currentframe().f_code.co_name}")
+    def revoke_role_permission(role_name: str, actions: list, resource: str) -> Dict[str, Any]:
+        error_msg = f"not implement: revoke role {role_name} actions: {actions} on {resource}"
+        logging.error(error_msg)
+        raise AdminException(error_msg)
 
     @staticmethod
     def update_user_role(user_name: str, role_name: str) -> Dict[str, Any]:
-        raise AdminException(f"Not implement {inspect.currentframe().f_code.co_name}")
+        error_msg = f"not implement: update user role: {user_name} to role {role_name}"
+        logging.error(error_msg)
+        raise AdminException(error_msg)
 
     @staticmethod
-    def get_user_permissions(user_name: str) -> Dict[str, Any]:
-        raise AdminException(f"Not implement {inspect.currentframe().f_code.co_name}")
+    def get_user_permission(user_name: str) -> Dict[str, Any]:
+        error_msg = f"not implement: get user permission: {user_name}"
+        logging.error(error_msg)
+        raise AdminException(error_msg)

admin/server/routes.py

@@ -259,39 +259,41 @@ def list_roles():
         return error_response(str(e), 500)
 
 
-@admin_bp.route('/roles/<role_name>/permissions', methods=['GET'])
+@admin_bp.route('/roles/<role_name>/permission', methods=['GET'])
 @login_verify
-def get_role_permissions(role_name: str):
+def get_role_permission(role_name: str):
     try:
-        res = RoleMgr.get_role_permissions(role_name)
+        res = RoleMgr.get_role_permission(role_name)
         return success_response(res)
     except Exception as e:
         return error_response(str(e), 500)
 
 
-@admin_bp.route('/roles/<role_name>/permissions', methods=['POST'])
+@admin_bp.route('/roles/<role_name>/permission', methods=['POST'])
 @login_verify
-def grant_role_permissions(role_name: str):
+def grant_role_permission(role_name: str):
     try:
         data = request.get_json()
-        if not data or 'permissions' not in data:
-            return error_response("Permissions are required", 400)
-        permissions: str = data['role_description']
-        res = RoleMgr.grant_role_permissions(role_name, permissions)
+        if not data or 'actions' not in data or 'resource' not in data:
+            return error_response("Permission is required", 400)
+        actions: list = data['actions']
+        resource: str = data['resource']
+        res = RoleMgr.grant_role_permission(role_name, actions, resource)
         return success_response(res)
     except Exception as e:
         return error_response(str(e), 500)
 
 
-@admin_bp.route('/roles/<role_name>/permissions/batch', methods=['DELETE'])
+@admin_bp.route('/roles/<role_name>/permission', methods=['DELETE'])
 @login_verify
-def revoke_role_permissions(role_name: str):
+def revoke_role_permission(role_name: str):
     try:
         data = request.get_json()
-        if not data or 'permissions' not in data:
-            return error_response("Permissions are required", 400)
-        permissions: str = data['role_description']
-        res = RoleMgr.revoke_role_permissions(role_name, permissions)
+        if not data or 'actions' not in data or 'resource' not in data:
+            return error_response("Permission is required", 400)
+        actions: list = data['actions']
+        resource: str = data['resource']
+        res = RoleMgr.revoke_role_permission(role_name, actions, resource)
         return success_response(res)
     except Exception as e:
         return error_response(str(e), 500)
@@ -302,7 +304,7 @@ def revoke_role_permissions(role_name: str):
 def update_user_role(user_name: str):
     try:
         data = request.get_json()
-        if not data or 'permissions' not in data:
+        if not data or 'role_name' not in data:
             return error_response("Role name is required", 400)
         role_name: str = data['role_name']
         res = RoleMgr.update_user_role(user_name, role_name)
@@ -311,11 +313,11 @@ def update_user_role(user_name: str):
         return error_response(str(e), 500)
 
 
-@admin_bp.route('/users/<user_name>/permissions', methods=['GET'])
+@admin_bp.route('/users/<user_name>/permission', methods=['GET'])
 @login_verify
-def get_user_permissions(user_name: str):
+def get_user_permission(user_name: str):
     try:
-        res = RoleMgr.get_user_permissions(user_name)
+        res = RoleMgr.get_user_permission(user_name)
         return success_response(res)
     except Exception as e:
         return error_response(str(e), 500)