4
4
5
5
use Authing \Types \AllowParam ;
6
6
use Authing \Types \AuthorizedResourcesParam ;
7
+ use Authing \Types \AuthorizeResourceParam ;
7
8
use Authing \Types \CommonMessage ;
8
9
use Authing \Types \IsActionAllowedParam ;
9
10
use Exception ;
@@ -28,6 +29,19 @@ function formatAuthorizedResources($obj)
28
29
return $ res ;
29
30
}
30
31
32
+ function randomString (int $ randomLenth = 32 )
33
+ {
34
+ $ randomLenth = $ randomLenth ?? 32 ;
35
+ $ t = 'abcdefhijkmnprstwxyz2345678 ' ;
36
+ $ a = strlen ($ t );
37
+ $ n = '' ;
38
+
39
+ for ($ i = 0 ; $ i < $ randomLenth ; $ i ++) {
40
+ $ n .= t[rand (0 , $ a )];
41
+ }
42
+ return $ n ;
43
+ }
44
+
31
45
class AclManagementClient
32
46
{
33
47
/**
@@ -129,4 +143,233 @@ public function deleteResource(string $code, string $namespaceCode)
129
143
$ data = $ this ->client ->httpDelete ("/api/v2/resources/ $ code?namespace= $ namespaceCode " );
130
144
return true ;
131
145
}
132
- }
146
+
147
+ public function programmaticAccessAccountList (string $ appId , int $ page = 1 , int $ limit = 10 )
148
+ {
149
+ $ res = $ this ->client ->httpGet ("/api/v2/applications/ $ appId/programmatic-access-accounts?limit= $ limit&page= $ page " );
150
+ return $ res ;
151
+ }
152
+
153
+ public function createProgrammaticAccessAccount (string $ appId , array $ options = ["tokenLifetime " => 600 ])
154
+ {
155
+ $ res = $ this ->client ->httpPost ("/api/v2/applications/ $ appId/programmatic-access-accounts " , $ options );
156
+ return $ res ;
157
+ }
158
+
159
+ public function disableProgrammaticAccessAccount (string $ programmaticAccessAccountId )
160
+ {
161
+ $ data = new stdClass ();
162
+ $ data ->id = $ programmaticAccessAccountId ;
163
+ $ data ->enabled = false ;
164
+ $ res = $ this ->client ->httpPatch ('/api/v2/applications/programmatic-access-accounts ' , $ data );
165
+ return $ res ;
166
+ }
167
+
168
+ public function deleteProgrammaticAccessAccount (string $ programmaticAccessAccountId )
169
+ {
170
+ $ this ->client ->httpDelete ("/api/v2/applications/programmatic-access-accounts?id= $ programmaticAccessAccountId " );
171
+ return true ;
172
+ }
173
+
174
+ public function enableProgrammaticAccessAccount (string $ programmaticAccessAccountId )
175
+ {
176
+ $ data = new stdClass ();
177
+ $ data ->id = $ programmaticAccessAccountId ;
178
+ $ data ->enabled = true ;
179
+ $ res = $ this ->client ->httpPatch ("/api/v2/applications/programmatic-access-accounts " , $ data );
180
+ return $ res ;
181
+ }
182
+
183
+ public function refreshProgrammaticAccessAccountSecret (string $ programmaticAccessAccountId , string $ programmaticAccessAccountSecret = '' )
184
+ {
185
+ $ programmaticAccessAccountSecret = randomString (32 );
186
+ $ data = [
187
+ 'id ' => $ programmaticAccessAccountId ,
188
+ 'secret ' => $ programmaticAccessAccountSecret ,
189
+ ];
190
+ $ res = $ this ->client ->httpPatch ('/api/v2/applications/programmatic-access-accounts ' , $ data );
191
+ return $ res ;
192
+ }
193
+
194
+ public function authorizeResource (array $ params )
195
+ {
196
+ $ namespace = $ params ['namespace ' ];
197
+ $ resource = $ params ['resource ' ];
198
+ $ opts = $ params ['opts ' ];
199
+ $ param = (new AuthorizeResourceParam ())->withNamespace ($ namespace )->withOpts ($ ops )->withResource ($ resource );
200
+ $ res = $ this ->client ->request ($ param ->createRequest ());
201
+ return $ res ;
202
+ }
203
+
204
+ public function listResourcePermissions ()
205
+ {
206
+ # code...
207
+ }
208
+
209
+ public function getApplicationAccessPolicies (array $ options )
210
+ {
211
+ if ($ options ['appId ' ]) {
212
+ throw new Error ('请传入 appId ' );
213
+ }
214
+ $ appId = $ options ->appId ;
215
+ $ page = $ options ->page ?? 1 ;
216
+ $ limit = $ options ->limit ?? 10 ;
217
+ $ res = $ this ->client ->httpGet ("/api/v2/applications/ $ appId/authorization/records?page= $ page&limit= $ limit " );
218
+ return $ res ;
219
+ }
220
+
221
+ public function enableApplicationAccessPolicy (array $ options )
222
+ {
223
+ if ($ options ['appId ' ]) {
224
+ throw new Error ('请传入 appId ' );
225
+ }
226
+ if ($ options ['targetType ' ]) {
227
+ throw new Error (
228
+ '请传入主体类型,可选值为 USER、ROLE、ORG、GROUP,含义为用户、角色、组织机构节点、用户分组 '
229
+ );
230
+ }
231
+ if ($ options ['targetIdentifiers ' ]) {
232
+ throw new Error ('请传入主体 id ' );
233
+ }
234
+ extract ($ options , EXTR_OVERWRITE );
235
+ $ data = [
236
+ 'targetType ' => $ targetType ,
237
+ 'namespace ' => $ namespace ,
238
+ 'targetIdentifiers ' => $ targetIdentifiers ,
239
+ 'inheritByChildren ' => $ inheritByChildren ,
240
+ ];
241
+ $ this ->client ->httpPost ("/api/v2/applications/ $ appId/authorization/enable-effect " , $ data );
242
+ $ _ = new stdClass ();
243
+ $ _ ->code = 200 ;
244
+ $ _ ->message = '启用应用访问控制策略成功 ' ;
245
+ return $ _ ;
246
+ }
247
+
248
+ public function disableApplicationAccessPolicy (array $ options )
249
+ {
250
+ if ($ options ['appId ' ]) {
251
+ throw new Error ('请传入 appId ' );
252
+ }
253
+ if ($ options ['targetType ' ]) {
254
+ throw new Error (
255
+ '请传入主体类型,可选值为 USER、ROLE、ORG、GROUP,含义为用户、角色、组织机构节点、用户分组 '
256
+ );
257
+ }
258
+ if ($ options ['targetIdentifiers ' ]) {
259
+ throw new Error ('请传入主体 id ' );
260
+ }
261
+ extract ($ options , EXTR_OVERWRITE );
262
+ $ data = [
263
+ 'targetType ' => $ targetType ,
264
+ 'namespace ' => $ namespace ,
265
+ 'targetIdentifiers ' => $ targetIdentifiers ,
266
+ 'inheritByChildren ' => $ inheritByChildren ,
267
+ ];
268
+ $ this ->client ->httpPost ("/api/v2/applications/ $ appId/authorization/disable-effect " , $ data );
269
+ $ _ = new stdClass ();
270
+ $ _ ->code = 200 ;
271
+ $ _ ->message = '停用应用访问控制策略成功 ' ;
272
+ return $ _ ;
273
+ }
274
+
275
+ public function deleteApplicationAccessPolicy (array $ options )
276
+ {
277
+ if ($ options ['appId ' ]) {
278
+ throw new Error ('请传入 appId ' );
279
+ }
280
+ if ($ options ['targetType ' ]) {
281
+ throw new Error (
282
+ '请传入主体类型,可选值为 USER、ROLE、ORG、GROUP,含义为用户、角色、组织机构节点、用户分组 '
283
+ );
284
+ }
285
+ if ($ options ['targetIdentifiers ' ]) {
286
+ throw new Error ('请传入主体 id ' );
287
+ }
288
+ extract ($ options , EXTR_OVERWRITE );
289
+ $ data = [
290
+ 'targetType ' => $ targetType ,
291
+ 'namespace ' => $ namespace ,
292
+ 'targetIdentifiers ' => $ targetIdentifiers ,
293
+ 'inheritByChildren ' => $ inheritByChildren ,
294
+ ];
295
+ $ this ->client ->httpPost ("/api/v2/applications/ $ appId/authorization/revoke " , $ data );
296
+ $ _ = new stdClass ();
297
+ $ _ ->code = 200 ;
298
+ $ _ ->message = '删除应用访问控制策略成功 ' ;
299
+ return $ _ ;
300
+ }
301
+
302
+ public function allowAccessApplication (array $ options )
303
+ {
304
+ if ($ options ['appId ' ]) {
305
+ throw new Error ('请传入 appId ' );
306
+ }
307
+ if ($ options ['targetType ' ]) {
308
+ throw new Error (
309
+ '请传入主体类型,可选值为 USER、ROLE、ORG、GROUP,含义为用户、角色、组织机构节点、用户分组 '
310
+ );
311
+ }
312
+ if ($ options ['targetIdentifiers ' ]) {
313
+ throw new Error ('请传入主体 id ' );
314
+ }
315
+ extract ($ options , EXTR_OVERWRITE );
316
+ $ data = [
317
+ 'targetType ' => $ targetType ,
318
+ 'namespace ' => $ namespace ,
319
+ 'targetIdentifiers ' => $ targetIdentifiers ,
320
+ 'inheritByChildren ' => $ inheritByChildren ,
321
+ ];
322
+ $ this ->client ->httpPost ("/api/v2/applications/ $ appId/authorization/allow " , $ data );
323
+ $ _ = new stdClass ();
324
+ $ _ ->code = 200 ;
325
+ $ _ ->message = '允许主体访问应用的策略配置已生效 ' ;
326
+ return $ _ ;
327
+ }
328
+
329
+ public function denyAccessApplication (array $ options )
330
+ {
331
+ if ($ options ['appId ' ]) {
332
+ throw new Error ('请传入 appId ' );
333
+ }
334
+ if ($ options ['targetType ' ]) {
335
+ throw new Error (
336
+ '请传入主体类型,可选值为 USER、ROLE、ORG、GROUP,含义为用户、角色、组织机构节点、用户分组 '
337
+ );
338
+ }
339
+ if ($ options ['targetIdentifiers ' ]) {
340
+ throw new Error ('请传入主体 id ' );
341
+ }
342
+ extract ($ options , EXTR_OVERWRITE );
343
+ $ data = [
344
+ 'targetType ' => $ targetType ,
345
+ 'namespace ' => $ namespace ,
346
+ 'targetIdentifiers ' => $ targetIdentifiers ,
347
+ 'inheritByChildren ' => $ inheritByChildren ,
348
+ ];
349
+ $ this ->client ->httpPost ("/api/v2/applications/ $ appId/authorization/deny " , $ data );
350
+ $ _ = new stdClass ();
351
+ $ _ ->code = 200 ;
352
+ $ _ ->message = '拒绝主体访问应用的策略配置已生效 ' ;
353
+ return $ _ ;
354
+ }
355
+
356
+ public function updateDefaultApplicationAccessPolicy (array $ options )
357
+ {
358
+ if ($ options ['appId ' ]) {
359
+ throw new Error ('请传入 appId ' );
360
+ }
361
+ if ($ options ['defaultStrategy ' ]) {
362
+ throw new Error (
363
+ '请传入默认策略,可选值为 ALLOW_ALL、DENY_ALL,含义为默认允许所有用户登录应用、默认拒绝所有用户登录应用 '
364
+ );
365
+ }
366
+ $ appId = $ options ['appId ' ];
367
+ $ data = new stdClass ();
368
+ $ data ->permissionStrategy = new stdClass ();
369
+ $ data ->permissionStrategy ->defaultStrategy = $ options ['defaultStrategy ' ];
370
+ $ res = $ this ->client ->httpPost ("/api/v2/applications/ $ appId " , $ data );
371
+ return $ res ;
372
+ }
373
+
374
+
375
+ }
0 commit comments