mirror of
https://github.com/veops/oneterm.git
synced 2025-09-27 03:36:02 +08:00
103 lines
2.6 KiB
Go
103 lines
2.6 KiB
Go
package service
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"strings"
|
|
|
|
"github.com/gin-gonic/gin"
|
|
"github.com/samber/lo"
|
|
"github.com/spf13/cast"
|
|
"github.com/veops/oneterm/internal/model"
|
|
"github.com/veops/oneterm/internal/repository"
|
|
dbpkg "github.com/veops/oneterm/pkg/db"
|
|
"gorm.io/gorm"
|
|
)
|
|
|
|
// CommandService handles command business logic
|
|
type CommandService struct {
|
|
repo repository.CommandRepository
|
|
}
|
|
|
|
// NewCommandService creates a new command service
|
|
func NewCommandService() *CommandService {
|
|
return &CommandService{
|
|
repo: repository.NewCommandRepository(),
|
|
}
|
|
}
|
|
|
|
// CheckDependencies checks if command has dependent assets
|
|
func (s *CommandService) CheckDependencies(ctx context.Context, commandId int) (string, error) {
|
|
assetName := ""
|
|
err := dbpkg.DB.
|
|
Model(model.DefaultAsset).
|
|
Select("name").
|
|
Where(fmt.Sprintf("JSON_CONTAINS(cmd_ids, '%d')", commandId)).
|
|
First(&assetName).
|
|
Error
|
|
|
|
return assetName, err
|
|
}
|
|
|
|
// BuildQuery constructs command query with basic filters
|
|
func (s *CommandService) BuildQuery(ctx *gin.Context) (*gorm.DB, error) {
|
|
db := dbpkg.DB.Model(&model.Command{})
|
|
|
|
// Apply filters
|
|
db = dbpkg.FilterEqual(ctx, db, "id", "enable")
|
|
db = dbpkg.FilterLike(ctx, db, "name")
|
|
db = dbpkg.FilterSearch(ctx, db, "name", "cmd")
|
|
|
|
// Handle IDs filter
|
|
if q, ok := ctx.GetQuery("ids"); ok {
|
|
db = db.Where("id IN ?", lo.Map(strings.Split(q, ","), func(s string, _ int) int { return cast.ToInt(s) }))
|
|
}
|
|
|
|
// Apply category filter
|
|
if category := ctx.Query("category"); category != "" {
|
|
db = db.Where("category = ?", category)
|
|
}
|
|
|
|
// Apply risk level filter
|
|
if riskLevelStr := ctx.Query("risk_level"); riskLevelStr != "" {
|
|
riskLevel := cast.ToInt(riskLevelStr)
|
|
db = db.Where("risk_level = ?", riskLevel)
|
|
}
|
|
|
|
return db, nil
|
|
}
|
|
|
|
// GetAuthorizedCommandIds gets command IDs that the user is authorized to access using V2 authorization system
|
|
func (s *CommandService) GetAuthorizedCommandIds(ctx *gin.Context) ([]int, error) {
|
|
// Use V2 authorization system to get authorized asset IDs
|
|
authV2Service := NewAuthorizationV2Service()
|
|
_, assetIds, _, err := authV2Service.GetAuthorizationScopeByACL(ctx)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
// No authorized assets means no authorized commands
|
|
if len(assetIds) == 0 {
|
|
return []int{}, nil
|
|
}
|
|
|
|
// Get command IDs from authorized assets
|
|
cmdIds := make([]model.Slice[int], 0)
|
|
if err = dbpkg.DB.
|
|
Model(model.DefaultAsset).
|
|
Select("cmd_ids").
|
|
Where("id IN ?", assetIds).
|
|
Find(&cmdIds).
|
|
Error; err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
// Flatten and unique the command IDs
|
|
ids := make([]int, 0)
|
|
for _, s := range cmdIds {
|
|
ids = append(ids, s...)
|
|
}
|
|
|
|
return lo.Uniq(ids), nil
|
|
}
|