opensource/supermq
1
0
Fork 0
mirror of https://github.com/absmach/supermq.git synced 2026-06-23 04:00:27 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

NOISSUE - Add alarm relation to rules (#424)

Browse Source 
Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>
This commit is contained in:
Steve Munene
2026-03-05 17:21:34 +03:00
committed by GitHub
parent 178a62c08f
commit be1dc130d6
4 changed files with 51 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files
alarms/operations.go
+18 -6
View File
@@ -17,18 +17,24 @@ const (
OpListAlarms
OpUpdateAlarm
OpDeleteAlarm
OpAssignAlarm
OpAcknowledgeAlarm
OpResolveAlarm
)
const (
OpAddAlarmStr = "OpAddAlarm"
OpViewAlarmStr = "OpViewAlarm"
OpListAlarmsStr = "OpListAlarms"
OpUpdateAlarmStr = "OpUpdateAlarm"
OpDeleteAlarmStr = "OpDeleteAlarm"
OpAddAlarmStr = "OpAddAlarm"
OpViewAlarmStr = "OpViewAlarm"
OpListAlarmsStr = "OpListAlarms"
OpUpdateAlarmStr = "OpUpdateAlarm"
OpDeleteAlarmStr = "OpDeleteAlarm"
OpAssignAlarmStr = "OpAssignAlarm"
OpAcknowledgeAlarmStr = "OpAcknowledgeAlarm"
OpResolveAlarmStr = "OpResolveAlarm"
)
func GetPermission(op permissions.Operation) (string, error) {
if op < OpAddAlarm || op > OpDeleteAlarm {
if op < OpAddAlarm || op > OpResolveAlarm {
return "", errors.New("invalid operation")
}
@@ -51,6 +57,12 @@ func OperationName(op permissions.Operation) string {
return OpUpdateAlarmStr
case OpDeleteAlarm:
return OpDeleteAlarmStr
case OpAssignAlarm:
return OpAssignAlarmStr
case OpAcknowledgeAlarm:
return OpAcknowledgeAlarmStr
case OpResolveAlarm:
return OpResolveAlarmStr
default:
return "unknown"
}
docker/permission.yaml
+3
View File
@@ -22,6 +22,9 @@ rule:
- enable: update_permission
- disable: update_permission
- delete: delete_permission
- alarm_assign: alarm_assign_permission
- alarm_acknowledge: alarm_acknowledge_permission
- alarm_resolve: alarm_resolve_permission
roles_operations:
- add: manage_role_permission
- remove: manage_role_permission
docker/spicedb/combined-schema.zed
+15 -23
View File
@@ -312,10 +312,6 @@ definition domain {
relation alarm_update: role#member | team#member
relation alarm_read: role#member | team#member
relation alarm_delete: role#member | team#member
relation alarm_manage_role: role#member | team#member
relation alarm_add_role_users: role#member | team#member
relation alarm_remove_role_users: role#member | team#member
relation alarm_view_role_users: role#member | team#member
relation rule_create: role#member | team#member
relation rule_update: role#member | team#member
relation rule_read: role#member | team#member
@@ -353,7 +349,7 @@ definition domain {
channel_manage_role + channel_add_role_users + channel_remove_role_users + channel_view_role_users +
group_update + group_membership + group_read + group_delete + group_set_child + group_set_parent +
group_manage_role + group_add_role_users + group_remove_role_users + group_view_role_users +
alarm_create + alarm_update + alarm_read + alarm_delete + alarm_manage_role + alarm_add_role_users + alarm_remove_role_users + alarm_view_role_users + rule_create + rule_update + rule_read + rule_delete + rule_manage_role + rule_add_role_users + rule_remove_role_users + rule_view_role_users + report_create + report_update + report_read + report_delete + report_manage_role + report_add_role_users + report_remove_role_users + report_view_role_users +
alarm_create + alarm_update + alarm_read + alarm_delete + rule_create + rule_update + rule_read + rule_delete + rule_manage_role + rule_add_role_users + rule_remove_role_users + rule_view_role_users + rule_alarm_assign + rule_alarm_acknowledge + rule_alarm_resolve + report_create + report_update + report_read + report_delete + report_manage_role + report_add_role_users + report_remove_role_users + report_view_role_users +
organization->admin
permission admin = (read & update & enable & disable & delete & manage_role & add_role_users & remove_role_users & view_role_users) + organization->admin
@@ -403,10 +399,6 @@ definition domain {
permission alarm_update_permission = alarm_update + team->alarm_update + organization->admin
permission alarm_read_permission = alarm_read + team->alarm_read + organization->admin
permission alarm_delete_permission = alarm_delete + team->alarm_delete + organization->admin
permission alarm_manage_role_permission = alarm_manage_role + team->alarm_manage_role + organization->admin
permission alarm_add_role_users_permission = alarm_add_role_users + team->alarm_add_role_users + organization->admin
permission alarm_remove_role_users_permission = alarm_remove_role_users + team->alarm_remove_role_users + organization->admin
permission alarm_view_role_users_permission = alarm_view_role_users + team->alarm_view_role_users + organization->admin
permission rule_create_permission = rule_create + team->rule_create + organization->admin
permission rule_update_permission = rule_update + team->rule_update + organization->admin
permission rule_read_permission = rule_read + team->rule_read + organization->admin
@@ -415,6 +407,9 @@ definition domain {
permission rule_add_role_users_permission = rule_add_role_users + team->rule_add_role_users + organization->admin
permission rule_remove_role_users_permission = rule_remove_role_users + team->rule_remove_role_users + organization->admin
permission rule_view_role_users_permission = rule_view_role_users + team->rule_view_role_users + organization->admin
permission rule_alarm_assign_permission = rule_alarm_assign + team->rule_alarm_assign + organization->admin
permission rule_alarm_acknowledge_permission = rule_alarm_acknowledge + team->rule_alarm_acknowledge + organization->admin
permission rule_alarm_resolve_permission = rule_alarm_resolve + team->rule_alarm_resolve + organization->admin
permission report_create_permission = report_create + team->report_create + organization->admin
permission report_update_permission = report_update + team->report_update + organization->admin
permission report_read_permission = report_read + team->report_read + organization->admin
@@ -518,10 +513,6 @@ definition team {
relation alarm_update: role#member | team#member
relation alarm_read: role#member | team#member
relation alarm_delete: role#member | team#member
relation alarm_manage_role: role#member | team#member
relation alarm_add_role_users: role#member | team#member
relation alarm_remove_role_users: role#member | team#member
relation alarm_view_role_users: role#member | team#member
relation rule_create: role#member | team#member
relation rule_update: role#member | team#member
relation rule_read: role#member | team#member
@@ -530,6 +521,9 @@ definition team {
relation rule_add_role_users: role#member | team#member
relation rule_remove_role_users: role#member | team#member
relation rule_view_role_users: role#member | team#member
relation rule_alarm_assign: role#member | team#member
relation rule_alarm_acknowledge: role#member | team#member
relation rule_alarm_resolve: role#member | team#member
relation report_create: role#member | team#member
relation report_update: role#member | team#member
relation report_read: role#member | team#member
@@ -646,19 +640,9 @@ relation update: role#member
relation read: role#member
relation delete: role#member
relation manage_role: role#member
relation add_role_users: role#member
relation remove_role_users: role#member
relation view_role_users: role#member
permission update_permission = update + domain->alarm_update_permission
permission read_permission = read + domain->alarm_read_permission
permission delete_permission = delete + domain->alarm_delete_permission
permission manage_role_permission = manage_role + domain->alarm_manage_role_permission
permission add_role_users_permission = add_role_users + domain->alarm_add_role_users_permission
permission remove_role_users_permission = remove_role_users + domain->alarm_remove_role_users_permission
permission view_role_users_permission = view_role_users + domain->alarm_view_role_users_permission
}
definition rule {
@@ -673,6 +657,10 @@ relation add_role_users: role#member
relation remove_role_users: role#member
relation view_role_users: role#member
relation alarm_assign: role#member
relation alarm_acknowledge: role#member
relation alarm_resolve: role#member
permission update_permission = update + domain->rule_update_permission
permission read_permission = read + domain->rule_read_permission
permission delete_permission = delete + domain->rule_delete_permission
@@ -681,6 +669,10 @@ permission manage_role_permission = manage_role + domain->rule_manage_role_permi
permission add_role_users_permission = add_role_users + domain->rule_add_role_users_permission
permission remove_role_users_permission = remove_role_users + domain->rule_remove_role_users_permission
permission view_role_users_permission = view_role_users + domain->rule_view_role_users_permission
permission alarm_assign_permission = alarm_assign + domain->rule_alarm_assign_permission
permission alarm_acknowledge_permission = alarm_acknowledge + domain->rule_alarm_acknowledge_permission
permission alarm_resolve_permission = alarm_resolve + domain->rule_alarm_resolve_permission
}
definition report {
docker/spicedb/override-schema.zed
+15 -23
View File
@@ -32,10 +32,6 @@ definition domain {
relation alarm_update: role#member | team#member
relation alarm_read: role#member | team#member
relation alarm_delete: role#member | team#member
relation alarm_manage_role: role#member | team#member
relation alarm_add_role_users: role#member | team#member
relation alarm_remove_role_users: role#member | team#member
relation alarm_view_role_users: role#member | team#member
relation rule_create: role#member | team#member
relation rule_update: role#member | team#member
@@ -60,10 +56,6 @@ definition domain {
permission alarm_update_permission = alarm_update + team->alarm_update + organization->admin
permission alarm_read_permission = alarm_read + team->alarm_read + organization->admin
permission alarm_delete_permission = alarm_delete + team->alarm_delete + organization->admin
permission alarm_manage_role_permission = alarm_manage_role + team->alarm_manage_role + organization->admin
permission alarm_add_role_users_permission = alarm_add_role_users + team->alarm_add_role_users + organization->admin
permission alarm_remove_role_users_permission = alarm_remove_role_users + team->alarm_remove_role_users + organization->admin
permission alarm_view_role_users_permission = alarm_view_role_users + team->alarm_view_role_users + organization->admin
permission rule_create_permission = rule_create + team->rule_create + organization->admin
permission rule_update_permission = rule_update + team->rule_update + organization->admin
@@ -73,6 +65,9 @@ definition domain {
permission rule_add_role_users_permission = rule_add_role_users + team->rule_add_role_users + organization->admin
permission rule_remove_role_users_permission = rule_remove_role_users + team->rule_remove_role_users + organization->admin
permission rule_view_role_users_permission = rule_view_role_users + team->rule_view_role_users + organization->admin
permission rule_alarm_assign_permission = rule_alarm_assign + team->rule_alarm_assign + organization->admin
permission rule_alarm_acknowledge_permission = rule_alarm_acknowledge + team->rule_alarm_acknowledge + organization->admin
permission rule_alarm_resolve_permission = rule_alarm_resolve + team->rule_alarm_resolve + organization->admin
permission report_create_permission = report_create + team->report_create + organization->admin
permission report_update_permission = report_update + team->report_update + organization->admin
@@ -84,7 +79,7 @@ definition domain {
permission report_view_role_users_permission = report_view_role_users + team->report_view_role_users + organization->admin
// Explicit extension injected into SuperMQ domain `permission membership`.
permission membership_extension = alarm_create + alarm_update + alarm_read + alarm_delete + alarm_manage_role + alarm_add_role_users + alarm_remove_role_users + alarm_view_role_users + rule_create + rule_update + rule_read + rule_delete + rule_manage_role + rule_add_role_users + rule_remove_role_users + rule_view_role_users + report_create + report_update + report_read + report_delete + report_manage_role + report_add_role_users + report_remove_role_users + report_view_role_users
permission membership_extension = alarm_create + alarm_update + alarm_read + alarm_delete + rule_create + rule_update + rule_read + rule_delete + rule_manage_role + rule_add_role_users + rule_remove_role_users + rule_view_role_users + rule_alarm_assign + rule_alarm_acknowledge + rule_alarm_resolve + report_create + report_update + report_read + report_delete + report_manage_role + report_add_role_users + report_remove_role_users + report_view_role_users
}
@@ -95,10 +90,6 @@ definition team {
relation alarm_update: role#member | team#member
relation alarm_read: role#member | team#member
relation alarm_delete: role#member | team#member
relation alarm_manage_role: role#member | team#member
relation alarm_add_role_users: role#member | team#member
relation alarm_remove_role_users: role#member | team#member
relation alarm_view_role_users: role#member | team#member
relation rule_create: role#member | team#member
relation rule_update: role#member | team#member
@@ -108,6 +99,9 @@ definition team {
relation rule_add_role_users: role#member | team#member
relation rule_remove_role_users: role#member | team#member
relation rule_view_role_users: role#member | team#member
relation rule_alarm_assign: role#member | team#member
relation rule_alarm_acknowledge: role#member | team#member
relation rule_alarm_resolve: role#member | team#member
relation report_create: role#member | team#member
relation report_update: role#member | team#member
@@ -127,19 +121,9 @@ relation update: role#member
relation read: role#member
relation delete: role#member
relation manage_role: role#member
relation add_role_users: role#member
relation remove_role_users: role#member
relation view_role_users: role#member
permission update_permission = update + domain->alarm_update_permission
permission read_permission = read + domain->alarm_read_permission
permission delete_permission = delete + domain->alarm_delete_permission
permission manage_role_permission = manage_role + domain->alarm_manage_role_permission
permission add_role_users_permission = add_role_users + domain->alarm_add_role_users_permission
permission remove_role_users_permission = remove_role_users + domain->alarm_remove_role_users_permission
permission view_role_users_permission = view_role_users + domain->alarm_view_role_users_permission
}
definition rule {
@@ -154,6 +138,10 @@ relation add_role_users: role#member
relation remove_role_users: role#member
relation view_role_users: role#member
relation alarm_assign: role#member
relation alarm_acknowledge: role#member
relation alarm_resolve: role#member
permission update_permission = update + domain->rule_update_permission
permission read_permission = read + domain->rule_read_permission
permission delete_permission = delete + domain->rule_delete_permission
@@ -162,6 +150,10 @@ permission manage_role_permission = manage_role + domain->rule_manage_role_permi
permission add_role_users_permission = add_role_users + domain->rule_add_role_users_permission
permission remove_role_users_permission = remove_role_users + domain->rule_remove_role_users_permission
permission view_role_users_permission = view_role_users + domain->rule_view_role_users_permission
permission alarm_assign_permission = alarm_assign + domain->rule_alarm_assign_permission
permission alarm_acknowledge_permission = alarm_acknowledge + domain->rule_alarm_acknowledge_permission
permission alarm_resolve_permission = alarm_resolve + domain->rule_alarm_resolve_permission
}
definition report {