From 28c4b677bd2cd85e4c61db32fbddccf7b4fa8895 Mon Sep 17 00:00:00 2001 From: greysonfang Date: Fri, 15 Nov 2024 16:28:06 +0800 Subject: [PATCH] =?UTF-8?q?feat=EF=BC=9A=E7=94=A8=E6=88=B7=E4=B8=AA?= =?UTF-8?q?=E4=BA=BA=E8=A7=86=E8=A7=92=20=E6=9D=83=E9=99=90=E7=AE=A1?= =?UTF-8?q?=E7=90=86=E4=BC=98=E5=8C=96=20#11138?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../pojo/enum/RemoveMemberButtonControl.kt | 3 +++ .../RbacPermissionManageFacadeServiceImpl.kt | 18 +++++++++++++----- 2 files changed, 16 insertions(+), 5 deletions(-) diff --git a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/enum/RemoveMemberButtonControl.kt b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/enum/RemoveMemberButtonControl.kt index fc06012edd14..55064743eb0f 100644 --- a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/enum/RemoveMemberButtonControl.kt +++ b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/enum/RemoveMemberButtonControl.kt @@ -37,6 +37,9 @@ enum class RemoveMemberButtonControl { // 通过模板加入,不允许移出组 TEMPLATE, + // 用户通过组织 间接加入,不允许移出组 + DEPARTMENT, + // 其他,允许移出组 OTHER } diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/RbacPermissionManageFacadeServiceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/RbacPermissionManageFacadeServiceImpl.kt index a94d06cc6066..33966d3d72c6 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/RbacPermissionManageFacadeServiceImpl.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/RbacPermissionManageFacadeServiceImpl.kt @@ -152,7 +152,8 @@ class RbacPermissionManageFacadeServiceImpl( resourceGroup = resourceGroup, groupMemberDetail = groupMemberDetail, uniqueManagerGroups = uniqueManagerGroups, - authResourceGroupMember = it + authResourceGroupMember = it, + operateChannel = operateChannel ) ) } @@ -234,7 +235,8 @@ class RbacPermissionManageFacadeServiceImpl( resourceGroup: TAuthResourceGroupRecord, groupMemberDetail: MemberGroupDetailsResponse?, uniqueManagerGroups: List, - authResourceGroupMember: AuthResourceGroupMember + authResourceGroupMember: AuthResourceGroupMember, + operateChannel: OperateChannel? ): GroupDetailsInfoVo { // 如果用户离职,查询权限中心接口会报错,因此从数据库直接取数据,而不去调用权限中心接口。 val (expiredAt, joinedTime) = if (groupMemberDetail != null) { @@ -275,6 +277,10 @@ class RbacPermissionManageFacadeServiceImpl( authResourceGroupMember.memberType == MemberType.TEMPLATE.type -> RemoveMemberButtonControl.TEMPLATE + operateChannel == OperateChannel.PERSONAL && + authResourceGroupMember.memberType == MemberType.DEPARTMENT.type -> + RemoveMemberButtonControl.DEPARTMENT + resourceGroup.resourceType == AuthResourceType.PROJECT.value && uniqueManagerGroups.contains(authResourceGroupMember.iamGroupId) -> RemoveMemberButtonControl.UNIQUE_MANAGER @@ -285,9 +291,11 @@ class RbacPermissionManageFacadeServiceImpl( else -> RemoveMemberButtonControl.OTHER }, - joinedType = when (authResourceGroupMember.memberType) { - MemberType.TEMPLATE.type -> JoinedType.TEMPLATE - MemberType.DEPARTMENT.type -> JoinedType.DEPARTMENT + joinedType = when { + authResourceGroupMember.memberType == MemberType.TEMPLATE.type -> JoinedType.TEMPLATE + authResourceGroupMember.memberType == MemberType.DEPARTMENT.type && + operateChannel == OperateChannel.PERSONAL -> JoinedType.DEPARTMENT + else -> JoinedType.DIRECT }, operator = ""