From 171e7da41f03dc6f17565827463a429ae1eba438 Mon Sep 17 00:00:00 2001
From: powerfool <yuyi.wsy@oceanbase.com>
Date: Wed, 4 Sep 2024 17:11:07 +0800
Subject: [PATCH] Join enforcers with OR and AND logic (#550)

---
 internal/dashboard/business/ac/enforcers.go   | 31 +++++++++++++++++++
 internal/dashboard/router/v1/metric_router.go |  9 ++++--
 2 files changed, 38 insertions(+), 2 deletions(-)

diff --git a/internal/dashboard/business/ac/enforcers.go b/internal/dashboard/business/ac/enforcers.go
index 59a94a64e..50f165cbc 100644
--- a/internal/dashboard/business/ac/enforcers.go
+++ b/internal/dashboard/business/ac/enforcers.go
@@ -58,3 +58,34 @@ func PathGuard(domain, resource, action string) EnforceFunc {
 		return true, nil
 	}
 }
+
+type unionLogic string
+
+const (
+	unionOr  unionLogic = "OR"
+	unionAnd unionLogic = "AND"
+)
+
+func unionHelper(logic unionLogic, enforces ...EnforceFunc) EnforceFunc {
+	allPass := logic == unionAnd
+	return func(c *gin.Context) (bool, error) {
+		for _, enforce := range enforces {
+			ok, err := enforce(c)
+			if err != nil {
+				return false, err
+			}
+			if ok == !allPass {
+				return !allPass, nil
+			}
+		}
+		return allPass, nil
+	}
+}
+
+func OR(enforces ...EnforceFunc) EnforceFunc {
+	return unionHelper(unionOr, enforces...)
+}
+
+func AND(enforces ...EnforceFunc) EnforceFunc {
+	return unionHelper(unionAnd, enforces...)
+}
diff --git a/internal/dashboard/router/v1/metric_router.go b/internal/dashboard/router/v1/metric_router.go
index 9040668ee..f2638e8e4 100644
--- a/internal/dashboard/router/v1/metric_router.go
+++ b/internal/dashboard/router/v1/metric_router.go
@@ -19,7 +19,12 @@ import (
 	h "github.com/oceanbase/ob-operator/internal/dashboard/handler"
 )
 
+var metricGuard = acbiz.OR(
+	acbiz.PathGuard(string(acbiz.DomainOBCluster), "*", "read"),
+	acbiz.PathGuard(string(acbiz.DomainOBProxy), "*", "read"),
+)
+
 func InitMetricRoutes(g *gin.RouterGroup) {
-	g.GET("/metrics", h.Wrap(h.ListMetricMetas, acbiz.PathGuard("system", "*", "read")))
-	g.POST("/metrics/query", h.Wrap(h.QueryMetrics, acbiz.PathGuard("system", "*", "read")))
+	g.GET("/metrics", h.Wrap(h.ListMetricMetas, metricGuard))
+	g.POST("/metrics/query", h.Wrap(h.QueryMetrics, metricGuard))
 }