From 55169f8bdfa64fc7255ccb3d4caeee00989dd2a4 Mon Sep 17 00:00:00 2001 From: greysonfang Date: Tue, 10 Dec 2024 17:26:30 +0800 Subject: [PATCH] =?UTF-8?q?feat=EF=BC=9A=E7=94=A8=E6=88=B7=E4=B8=AA?= =?UTF-8?q?=E4=BA=BA=E8=A7=86=E8=A7=92=20=E6=9D=83=E9=99=90=E7=AE=A1?= =?UTF-8?q?=E7=90=86=E4=BC=98=E5=8C=96=20#11138?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../rbac/config/RbacAuthConfiguration.kt | 6 ++-- .../RbacPermissionManageFacadeServiceImpl.kt | 28 ++++++++++++++++ .../service/RbacPermissionProjectService.kt | 8 +++-- .../RbacPermissionResourceMemberService.kt | 32 +------------------ .../SamplePermissionManageFacadeService.kt | 4 +++ .../SamplePermissionResourceMemberService.kt | 7 ---- .../iam/PermissionManageFacadeService.kt | 8 +++++ .../iam/PermissionResourceMemberService.kt | 5 --- 8 files changed, 50 insertions(+), 48 deletions(-) diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/config/RbacAuthConfiguration.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/config/RbacAuthConfiguration.kt index 2a3e8fb4dfd..a6d048fa898 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/config/RbacAuthConfiguration.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/config/RbacAuthConfiguration.kt @@ -338,7 +338,8 @@ class RbacAuthConfiguration { rbacCacheService: RbacCacheService, resourceGroupMemberService: RbacPermissionResourceMemberService, client: Client, - resourceMemberService: PermissionResourceMemberService + resourceMemberService: PermissionResourceMemberService, + permissionManageFacadeService: PermissionManageFacadeService ) = RbacPermissionProjectService( authHelper = authHelper, authResourceService = authResourceService, @@ -347,7 +348,8 @@ class RbacAuthConfiguration { rbacCacheService = rbacCacheService, resourceGroupMemberService = resourceGroupMemberService, client = client, - resourceMemberService = resourceMemberService + resourceMemberService = resourceMemberService, + permissionManageFacadeService = permissionManageFacadeService ) @Bean diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/RbacPermissionManageFacadeServiceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/RbacPermissionManageFacadeServiceImpl.kt index 8305fafe844..194b44d23fa 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/RbacPermissionManageFacadeServiceImpl.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/RbacPermissionManageFacadeServiceImpl.kt @@ -63,6 +63,7 @@ import com.tencent.devops.common.api.util.PageUtil import com.tencent.devops.common.api.util.timestamp import com.tencent.devops.common.api.util.timestampmilli import com.tencent.devops.common.auth.api.ActionId +import com.tencent.devops.common.auth.api.AuthPermission import com.tencent.devops.common.auth.api.AuthResourceType import com.tencent.devops.common.auth.api.ResourceTypeId import com.tencent.devops.common.auth.api.pojo.ResetAllResourceAuthorizationReq @@ -1891,6 +1892,33 @@ class RbacPermissionManageFacadeServiceImpl( } } + override fun isProjectMember( + projectCode: String, + userId: String + ): Boolean { + // 获取用户加入的项目级用户组模板ID + val iamTemplateIds = listProjectMemberGroupTemplateIds( + projectCode = projectCode, + memberId = userId + ) + val memberDeptInfos = deptService.getUserInfo( + userId = "admin", + name = userId + )?.deptInfo?.map { it.name!! } + + return authResourceGroupMemberDao.isMemberInProject( + dslContext = dslContext, + projectCode = projectCode, + userId = userId, + iamTemplateIds = iamTemplateIds, + memberDeptInfos = memberDeptInfos + ) || rbacCacheService.validateUserProjectPermission( + userId = userId, + projectCode = projectCode, + permission = AuthPermission.VISIT + ) + } + private fun listGroupsOfHandoverPreview(queryReq: HandoverDetailsQueryReq): SQLPage { val projectCode = queryReq.projectCode val previewConditionReq = queryReq.previewConditionReq!! diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/RbacPermissionProjectService.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/RbacPermissionProjectService.kt index 965440da829..ea9d8453353 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/RbacPermissionProjectService.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/RbacPermissionProjectService.kt @@ -32,6 +32,7 @@ import com.tencent.bk.sdk.iam.helper.AuthHelper import com.tencent.devops.auth.constant.AuthMessageCode import com.tencent.devops.auth.dao.AuthResourceGroupDao import com.tencent.devops.auth.pojo.vo.ProjectPermissionInfoVO +import com.tencent.devops.auth.service.iam.PermissionManageFacadeService import com.tencent.devops.auth.service.iam.PermissionProjectService import com.tencent.devops.auth.service.iam.PermissionResourceMemberService import com.tencent.devops.common.api.exception.ErrorCodeException @@ -56,7 +57,8 @@ class RbacPermissionProjectService( private val rbacCacheService: RbacCacheService, private val resourceGroupMemberService: RbacPermissionResourceMemberService, private val client: Client, - private val resourceMemberService: PermissionResourceMemberService + private val resourceMemberService: PermissionResourceMemberService, + private val permissionManageFacadeService: PermissionManageFacadeService ) : PermissionProjectService { companion object { @@ -153,7 +155,7 @@ class RbacPermissionProjectService( userId: String, projectCode: String ): Boolean { - return resourceMemberService.isProjectMember( + return permissionManageFacadeService.isProjectMember( projectCode = projectCode, userId = userId ) @@ -167,7 +169,7 @@ class RbacPermissionProjectService( // resourceCode = projectCode, // group = null // ).contains(userId) - return resourceMemberService.isProjectMember( + return permissionManageFacadeService.isProjectMember( projectCode = projectCode, userId = userId ) diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/RbacPermissionResourceMemberService.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/RbacPermissionResourceMemberService.kt index 73f94be7a2a..b0ad89bd245 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/RbacPermissionResourceMemberService.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/RbacPermissionResourceMemberService.kt @@ -41,10 +41,7 @@ class RbacPermissionResourceMemberService( private val authResourceGroupDao: AuthResourceGroupDao, private val authResourceGroupMemberDao: AuthResourceGroupMemberDao, private val dslContext: DSLContext, - private val deptService: DeptService, - private val permissionAuthorizationService: PermissionAuthorizationService, - private val syncIamGroupMemberService: PermissionResourceGroupSyncService, - private val rbacCacheService: RbacCacheService + private val deptService: DeptService ) : PermissionResourceMemberService { override fun getResourceGroupMembers( projectCode: String, @@ -348,33 +345,6 @@ class RbacPermissionResourceMemberService( return true } - override fun isProjectMember( - projectCode: String, - userId: String - ): Boolean { - // 获取用户加入的项目级用户组模板ID - val iamTemplateIds = listProjectMemberGroupTemplateIds( - projectCode = projectCode, - memberId = userId - ) - val memberDeptInfos = deptService.getUserInfo( - userId = "admin", - name = userId - )?.deptInfo?.map { it.name!! } - - return authResourceGroupMemberDao.isMemberInProject( - dslContext = dslContext, - projectCode = projectCode, - userId = userId, - iamTemplateIds = iamTemplateIds, - memberDeptInfos = memberDeptInfos - ) || rbacCacheService.validateUserProjectPermission( - userId = userId, - projectCode = projectCode, - permission = AuthPermission.VISIT - ) - } - private fun verifyGroupBelongToProject( projectCode: String, iamGroupId: Int diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/sample/service/SamplePermissionManageFacadeService.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/sample/service/SamplePermissionManageFacadeService.kt index fd3a0fdd1ad..19f657222f6 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/sample/service/SamplePermissionManageFacadeService.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/sample/service/SamplePermissionManageFacadeService.kt @@ -163,4 +163,8 @@ class SamplePermissionManageFacadeService : PermissionManageFacadeService { override fun listGroupsOfHandover(queryReq: HandoverDetailsQueryReq): SQLPage { return SQLPage(0, emptyList()) } + + override fun isProjectMember(projectCode: String, userId: String): Boolean { + return true + } } diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/sample/service/SamplePermissionResourceMemberService.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/sample/service/SamplePermissionResourceMemberService.kt index 76421044953..79d4ada40a7 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/sample/service/SamplePermissionResourceMemberService.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/sample/service/SamplePermissionResourceMemberService.kt @@ -35,13 +35,6 @@ class SamplePermissionResourceMemberService : PermissionResourceMemberService { departments: List? ) = true - override fun isProjectMember( - projectCode: String, - userId: String - ): Boolean { - return true - } - override fun batchDeleteResourceGroupMembers( projectCode: String, iamGroupId: Int, diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/iam/PermissionManageFacadeService.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/iam/PermissionManageFacadeService.kt index 3f9db68e2c2..74e8bd29431 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/iam/PermissionManageFacadeService.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/iam/PermissionManageFacadeService.kt @@ -232,4 +232,12 @@ interface PermissionManageFacadeService { * 获取交接中用户组相关-分为预览/交接单审批两个场景 * */ fun listGroupsOfHandover(queryReq: HandoverDetailsQueryReq): SQLPage + + /** + * 校验是否为项目成员 + * */ + fun isProjectMember( + projectCode: String, + userId: String + ): Boolean } diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/iam/PermissionResourceMemberService.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/iam/PermissionResourceMemberService.kt index 8c41219925a..7b4aa254ddc 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/iam/PermissionResourceMemberService.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/iam/PermissionResourceMemberService.kt @@ -104,9 +104,4 @@ interface PermissionResourceMemberService { members: List? = emptyList(), departments: List? = emptyList() ): Boolean - - fun isProjectMember( - projectCode: String, - userId: String - ): Boolean }