Skip to content

Commit 1e4cf49

Browse files
wedreamerwedreamer
committed
start test
1 parent 0996c33 commit 1e4cf49

File tree

5 files changed

+398
-16
lines changed

5 files changed

+398
-16
lines changed

src/BaseClient.php

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -156,6 +156,12 @@ public function httpPost($path, $data, $flag = '')
156156
return $this->arrayToObject($result);
157157
}
158158

159+
public function httpPatch($path, $data)
160+
{
161+
$result = $this->send($this->host . $path, $data, 'PATCH');
162+
return $this->arrayToObject($result);
163+
}
164+
159165
/**
160166
* @param $path string
161167
* @return object
@@ -264,6 +270,10 @@ private function send($url, $data = '', $method = 'POST', $time = 30000)
264270
curl_setopt($ch, CURLOPT_POSTFIELDS, is_array($data) ? json_encode($data) : $data);
265271
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "PUT");
266272
break;
273+
case "PATCH":
274+
curl_setopt($ch, CURLOPT_POSTFIELDS, is_array($data) ? json_encode($data) : $data);
275+
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "PATCH");
276+
break;
267277
case "DELETE":
268278
curl_setopt($ch, CURLOPT_POSTFIELDS, is_array($data) ? json_encode($data) : $data);
269279
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "DELETE");

src/Mgmt/AclManagementClient.php

Lines changed: 244 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,7 @@
44

55
use Authing\Types\AllowParam;
66
use Authing\Types\AuthorizedResourcesParam;
7+
use Authing\Types\AuthorizeResourceParam;
78
use Authing\Types\CommonMessage;
89
use Authing\Types\IsActionAllowedParam;
910
use Exception;
@@ -28,6 +29,19 @@ function formatAuthorizedResources($obj)
2829
return $res;
2930
}
3031

32+
function randomString(int $randomLenth = 32)
33+
{
34+
$randomLenth = $randomLenth ?? 32;
35+
$t = 'abcdefhijkmnprstwxyz2345678';
36+
$a = strlen($t);
37+
$n = '';
38+
39+
for ($i = 0; $i < $randomLenth; $i++) {
40+
$n .= t[rand(0, $a)];
41+
}
42+
return $n;
43+
}
44+
3145
class AclManagementClient
3246
{
3347
/**
@@ -129,4 +143,233 @@ public function deleteResource(string $code, string $namespaceCode)
129143
$data = $this->client->httpDelete("/api/v2/resources/$code?namespace=$namespaceCode");
130144
return true;
131145
}
132-
}
146+
147+
public function programmaticAccessAccountList(string $appId, int $page = 1, int $limit = 10)
148+
{
149+
$res = $this->client->httpGet("/api/v2/applications/$appId/programmatic-access-accounts?limit=$limit&page=$page");
150+
return $res;
151+
}
152+
153+
public function createProgrammaticAccessAccount(string $appId, array $options = ["tokenLifetime" => 600])
154+
{
155+
$res = $this->client->httpPost("/api/v2/applications/$appId/programmatic-access-accounts", $options);
156+
return $res;
157+
}
158+
159+
public function disableProgrammaticAccessAccount(string $programmaticAccessAccountId)
160+
{
161+
$data = new stdClass();
162+
$data->id = $programmaticAccessAccountId;
163+
$data->enabled = false;
164+
$res = $this->client->httpPatch('/api/v2/applications/programmatic-access-accounts', $data);
165+
return $res;
166+
}
167+
168+
public function deleteProgrammaticAccessAccount(string $programmaticAccessAccountId)
169+
{
170+
$this->client->httpDelete("/api/v2/applications/programmatic-access-accounts?id=$programmaticAccessAccountId");
171+
return true;
172+
}
173+
174+
public function enableProgrammaticAccessAccount(string $programmaticAccessAccountId)
175+
{
176+
$data = new stdClass();
177+
$data->id = $programmaticAccessAccountId;
178+
$data->enabled = true;
179+
$res = $this->client->httpPatch("/api/v2/applications/programmatic-access-accounts", $data);
180+
return $res;
181+
}
182+
183+
public function refreshProgrammaticAccessAccountSecret(string $programmaticAccessAccountId, string $programmaticAccessAccountSecret = '')
184+
{
185+
$programmaticAccessAccountSecret = randomString(32);
186+
$data = [
187+
'id' => $programmaticAccessAccountId,
188+
'secret' => $programmaticAccessAccountSecret,
189+
];
190+
$res = $this->client->httpPatch('/api/v2/applications/programmatic-access-accounts', $data);
191+
return $res;
192+
}
193+
194+
public function authorizeResource(array $params)
195+
{
196+
$namespace = $params['namespace'];
197+
$resource = $params['resource'];
198+
$opts = $params['opts'];
199+
$param = (new AuthorizeResourceParam())->withNamespace($namespace)->withOpts($ops)->withResource($resource);
200+
$res = $this->client->request($param->createRequest());
201+
return $res;
202+
}
203+
204+
public function listResourcePermissions()
205+
{
206+
# code...
207+
}
208+
209+
public function getApplicationAccessPolicies(array $options)
210+
{
211+
if ($options['appId']) {
212+
throw new Error('请传入 appId');
213+
}
214+
$appId = $options->appId;
215+
$page = $options->page ?? 1;
216+
$limit = $options->limit ?? 10;
217+
$res = $this->client->httpGet("/api/v2/applications/$appId/authorization/records?page=$page&limit=$limit");
218+
return $res;
219+
}
220+
221+
public function enableApplicationAccessPolicy(array $options)
222+
{
223+
if ($options['appId']) {
224+
throw new Error('请传入 appId');
225+
}
226+
if ($options['targetType']) {
227+
throw new Error(
228+
'请传入主体类型,可选值为 USER、ROLE、ORG、GROUP,含义为用户、角色、组织机构节点、用户分组'
229+
);
230+
}
231+
if ($options['targetIdentifiers']) {
232+
throw new Error('请传入主体 id');
233+
}
234+
extract($options, EXTR_OVERWRITE);
235+
$data = [
236+
'targetType' => $targetType,
237+
'namespace' => $namespace,
238+
'targetIdentifiers' => $targetIdentifiers,
239+
'inheritByChildren' => $inheritByChildren,
240+
];
241+
$this->client->httpPost("/api/v2/applications/$appId/authorization/enable-effect", $data);
242+
$_ = new stdClass();
243+
$_->code = 200;
244+
$_->message = '启用应用访问控制策略成功';
245+
return $_;
246+
}
247+
248+
public function disableApplicationAccessPolicy(array $options)
249+
{
250+
if ($options['appId']) {
251+
throw new Error('请传入 appId');
252+
}
253+
if ($options['targetType']) {
254+
throw new Error(
255+
'请传入主体类型,可选值为 USER、ROLE、ORG、GROUP,含义为用户、角色、组织机构节点、用户分组'
256+
);
257+
}
258+
if ($options['targetIdentifiers']) {
259+
throw new Error('请传入主体 id');
260+
}
261+
extract($options, EXTR_OVERWRITE);
262+
$data = [
263+
'targetType' => $targetType,
264+
'namespace' => $namespace,
265+
'targetIdentifiers' => $targetIdentifiers,
266+
'inheritByChildren' => $inheritByChildren,
267+
];
268+
$this->client->httpPost("/api/v2/applications/$appId/authorization/disable-effect", $data);
269+
$_ = new stdClass();
270+
$_->code = 200;
271+
$_->message = '停用应用访问控制策略成功';
272+
return $_;
273+
}
274+
275+
public function deleteApplicationAccessPolicy(array $options)
276+
{
277+
if ($options['appId']) {
278+
throw new Error('请传入 appId');
279+
}
280+
if ($options['targetType']) {
281+
throw new Error(
282+
'请传入主体类型,可选值为 USER、ROLE、ORG、GROUP,含义为用户、角色、组织机构节点、用户分组'
283+
);
284+
}
285+
if ($options['targetIdentifiers']) {
286+
throw new Error('请传入主体 id');
287+
}
288+
extract($options, EXTR_OVERWRITE);
289+
$data = [
290+
'targetType' => $targetType,
291+
'namespace' => $namespace,
292+
'targetIdentifiers' => $targetIdentifiers,
293+
'inheritByChildren' => $inheritByChildren,
294+
];
295+
$this->client->httpPost("/api/v2/applications/$appId/authorization/revoke", $data);
296+
$_ = new stdClass();
297+
$_->code = 200;
298+
$_->message = '删除应用访问控制策略成功';
299+
return $_;
300+
}
301+
302+
public function allowAccessApplication(array $options)
303+
{
304+
if ($options['appId']) {
305+
throw new Error('请传入 appId');
306+
}
307+
if ($options['targetType']) {
308+
throw new Error(
309+
'请传入主体类型,可选值为 USER、ROLE、ORG、GROUP,含义为用户、角色、组织机构节点、用户分组'
310+
);
311+
}
312+
if ($options['targetIdentifiers']) {
313+
throw new Error('请传入主体 id');
314+
}
315+
extract($options, EXTR_OVERWRITE);
316+
$data = [
317+
'targetType' => $targetType,
318+
'namespace' => $namespace,
319+
'targetIdentifiers' => $targetIdentifiers,
320+
'inheritByChildren' => $inheritByChildren,
321+
];
322+
$this->client->httpPost("/api/v2/applications/$appId/authorization/allow", $data);
323+
$_ = new stdClass();
324+
$_->code = 200;
325+
$_->message = '允许主体访问应用的策略配置已生效';
326+
return $_;
327+
}
328+
329+
public function denyAccessApplication(array $options)
330+
{
331+
if ($options['appId']) {
332+
throw new Error('请传入 appId');
333+
}
334+
if ($options['targetType']) {
335+
throw new Error(
336+
'请传入主体类型,可选值为 USER、ROLE、ORG、GROUP,含义为用户、角色、组织机构节点、用户分组'
337+
);
338+
}
339+
if ($options['targetIdentifiers']) {
340+
throw new Error('请传入主体 id');
341+
}
342+
extract($options, EXTR_OVERWRITE);
343+
$data = [
344+
'targetType' => $targetType,
345+
'namespace' => $namespace,
346+
'targetIdentifiers' => $targetIdentifiers,
347+
'inheritByChildren' => $inheritByChildren,
348+
];
349+
$this->client->httpPost("/api/v2/applications/$appId/authorization/deny", $data);
350+
$_ = new stdClass();
351+
$_->code = 200;
352+
$_->message = '拒绝主体访问应用的策略配置已生效';
353+
return $_;
354+
}
355+
356+
public function updateDefaultApplicationAccessPolicy(array $options)
357+
{
358+
if ($options['appId']) {
359+
throw new Error('请传入 appId');
360+
}
361+
if ($options['defaultStrategy']) {
362+
throw new Error(
363+
'请传入默认策略,可选值为 ALLOW_ALL、DENY_ALL,含义为默认允许所有用户登录应用、默认拒绝所有用户登录应用'
364+
);
365+
}
366+
$appId = $options['appId'];
367+
$data = new stdClass();
368+
$data->permissionStrategy = new stdClass();
369+
$data->permissionStrategy->defaultStrategy = $options['defaultStrategy'];
370+
$res = $this->client->httpPost("/api/v2/applications/$appId", $data);
371+
return $res;
372+
}
373+
374+
375+
}

src/Mgmt/OrgManagementClient.php

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -284,4 +284,6 @@ public function listAuthorizedResourcesByNodeCode(string $orgId, string $code, s
284284
$_->totalCount = $totalCount;
285285
return $_;
286286
}
287+
288+
287289
}

0 commit comments

Comments
 (0)