diff --git a/src/backend/ci/core/process/biz-base/src/main/kotlin/com/tencent/devops/process/engine/service/PipelineRepositoryService.kt b/src/backend/ci/core/process/biz-base/src/main/kotlin/com/tencent/devops/process/engine/service/PipelineRepositoryService.kt index f8746a953b0..e4deb5ba371 100644 --- a/src/backend/ci/core/process/biz-base/src/main/kotlin/com/tencent/devops/process/engine/service/PipelineRepositoryService.kt +++ b/src/backend/ci/core/process/biz-base/src/main/kotlin/com/tencent/devops/process/engine/service/PipelineRepositoryService.kt @@ -30,7 +30,6 @@ package com.tencent.devops.process.engine.service import com.tencent.bk.audit.context.ActionAuditContext import com.tencent.devops.auth.api.service.ServiceAuthAuthorizationResource import com.tencent.devops.common.api.constant.CommonMessageCode -import com.tencent.devops.common.api.constant.KEY_VERSION import com.tencent.devops.common.api.exception.DependNotFoundException import com.tencent.devops.common.api.exception.ErrorCodeException import com.tencent.devops.common.api.exception.InvalidParamException @@ -58,10 +57,7 @@ import com.tencent.devops.common.pipeline.option.MatrixControlOption import com.tencent.devops.common.pipeline.pojo.BuildNo import com.tencent.devops.common.pipeline.pojo.MatrixPipelineInfo import com.tencent.devops.common.pipeline.pojo.PipelineModelAndSetting -import com.tencent.devops.common.pipeline.pojo.element.Element import com.tencent.devops.common.pipeline.pojo.element.SubPipelineCallElement -import com.tencent.devops.common.pipeline.pojo.element.market.MarketBuildAtomElement -import com.tencent.devops.common.pipeline.pojo.element.market.MarketBuildLessAtomElement import com.tencent.devops.common.pipeline.pojo.element.trigger.ManualTriggerElement import com.tencent.devops.common.pipeline.pojo.setting.PipelineRunLockType import com.tencent.devops.common.pipeline.pojo.setting.PipelineSetting @@ -125,9 +121,6 @@ import com.tencent.devops.process.utils.PipelineVersionUtils import com.tencent.devops.process.yaml.utils.NotifyTemplateUtils import com.tencent.devops.project.api.service.ServiceAllocIdResource import com.tencent.devops.store.api.atom.ServiceAtomResource -import com.tencent.devops.store.pojo.common.ATOM_SENSITIVE_PARAM_KEY_PREFIX -import com.tencent.devops.store.pojo.common.STORE_NORMAL_PROJECT_RUN_INFO_KEY_PREFIX -import com.tencent.devops.store.pojo.common.enums.StoreTypeEnum import java.time.LocalDateTime import java.util.concurrent.atomic.AtomicInteger import javax.ws.rs.core.Response @@ -1313,7 +1306,7 @@ class PipelineRepositoryService constructor( pipelineId: String, version: Int? = null, includeDraft: Boolean? = false, - checkPermission: Boolean? = true + editPermission: Boolean? = true ): PipelineResourceVersion? { // TODO 取不到则直接从旧版本表读,待下架 val resource = if (version == null) { @@ -1358,7 +1351,7 @@ class PipelineRepositoryService constructor( e.customEnv = (e.customEnv ?: emptyList()).plus(oldCustomEnv) } e.additionalOptions?.customEnv = null - if (checkPermission != true) { + if (editPermission != true) { pipelineInfoService.transferSensitiveParam(testAtomCodes ?: emptyList(), e) } } diff --git a/src/backend/ci/core/process/biz-base/src/main/kotlin/com/tencent/devops/process/service/pipeline/PipelineTransferYamlService.kt b/src/backend/ci/core/process/biz-base/src/main/kotlin/com/tencent/devops/process/service/pipeline/PipelineTransferYamlService.kt index 81c3e5c1f90..0cc5c425863 100644 --- a/src/backend/ci/core/process/biz-base/src/main/kotlin/com/tencent/devops/process/service/pipeline/PipelineTransferYamlService.kt +++ b/src/backend/ci/core/process/biz-base/src/main/kotlin/com/tencent/devops/process/service/pipeline/PipelineTransferYamlService.kt @@ -50,7 +50,6 @@ import com.tencent.devops.common.pipeline.pojo.transfer.YamlWithVersion import com.tencent.devops.process.engine.dao.PipelineInfoDao import com.tencent.devops.process.engine.dao.PipelineYamlInfoDao import com.tencent.devops.process.engine.service.PipelineInfoService -import com.tencent.devops.process.engine.service.PipelineRepositoryService import com.tencent.devops.process.pojo.pipeline.PipelineResourceVersion import com.tencent.devops.process.yaml.pojo.TemplatePath import com.tencent.devops.process.yaml.pojo.YamlVersion @@ -132,6 +131,13 @@ class PipelineTransferYamlService @Autowired constructor( aspects ) } + // 无编辑权限需要对流水线插件敏感参数做处理 + if (editPermission == false) { + val projectTestAtomCodes = client.get(ServiceAtomResource::class).getTestAtoms(projectId).data + data.modelAndSetting?.model?.stages?.forEach { + transferElementSensitiveParam(projectTestAtomCodes, it.containers) + } + } PipelineTransferAspectLoader.sharedEnvTransfer(aspects) when (actionType) { TransferActionType.FULL_MODEL2YAML -> { @@ -206,13 +212,6 @@ class PipelineTransferYamlService @Autowired constructor( ) val model = modelTransfer.yaml2Model(input) val setting = modelTransfer.yaml2Setting(input) - // 无编辑权限需要对流水线插件敏感参数做处理 - if (editPermission == false) { - val projectTestAtomCodes = client.get(ServiceAtomResource::class).getTestAtoms(projectId).data - model.stages.forEach { - transferElementSensitiveParam(projectTestAtomCodes, it.containers) - } - } logger.info(watcher.toString()) return TransferResponse( yamlWithVersion = YamlWithVersion( @@ -267,7 +266,8 @@ class PipelineTransferYamlService @Autowired constructor( userId: String, projectId: String, pipelineId: String, - resource: PipelineResourceVersion + resource: PipelineResourceVersion, + editPermission: Boolean? = null ): PreviewResponse { val setting = pipelineSettingVersionService.getPipelineSetting( userId = userId, @@ -289,7 +289,8 @@ class PipelineTransferYamlService @Autowired constructor( projectId = projectId, pipelineId = pipelineId, actionType = TransferActionType.FULL_MODEL2YAML, - data = TransferBody(modelAndSetting) + data = TransferBody(modelAndSetting), + editPermission = editPermission ).yamlWithVersion?.yamlStr ?: return PreviewResponse("") try { TransferMapper.getYamlLevelOneIndex(yaml).forEach { (key, value) -> diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineVersionFacadeService.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineVersionFacadeService.kt index 573ef2be0a8..ec79dfd808b 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineVersionFacadeService.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineVersionFacadeService.kt @@ -612,7 +612,7 @@ class PipelineVersionFacadeService @Autowired constructor( statusCode = Response.Status.NOT_FOUND.statusCode, errorCode = ProcessMessageCode.ERROR_PIPELINE_NOT_EXISTS ) - val checkPermission = pipelinePermissionService.checkPipelinePermission( + val editPermission = pipelinePermissionService.checkPipelinePermission( userId = userId, projectId = projectId, pipelineId = pipelineId, @@ -623,7 +623,7 @@ class PipelineVersionFacadeService @Autowired constructor( pipelineId = pipelineId, version = version, includeDraft = true, - checkPermission = checkPermission + editPermission = editPermission ) ?: throw ErrorCodeException( errorCode = ProcessMessageCode.ERROR_NO_PIPELINE_VERSION_EXISTS_BY_ID, params = arrayOf(version.toString()) @@ -657,7 +657,11 @@ class PipelineVersionFacadeService @Autowired constructor( } val (yamlSupported, yamlPreview, msg) = try { val response = transferService.buildPreview( - userId, projectId, pipelineId, resource + userId = userId, + projectId = projectId, + pipelineId = pipelineId, + resource = resource, + editPermission = editPermission ) Triple(true, response, null) } catch (e: PipelineTransferException) {