diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/dao/AuthHandoverOverviewDao.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/dao/AuthHandoverOverviewDao.kt index e4e837b8457..0a33192d780 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/dao/AuthHandoverOverviewDao.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/dao/AuthHandoverOverviewDao.kt @@ -87,19 +87,23 @@ class AuthHandoverOverviewDao { .where(buildQueryConditions(queryRequest)) .let { when { - queryRequest.sortType == SortType.FLOW_NO && queryRequest.collationType == CollationType.ASC -> { + queryRequest.sortType == SortType.FLOW_NO && + queryRequest.collationType == CollationType.ASC -> { it.orderBy(FLOW_NO.asc()) } - queryRequest.sortType == SortType.FLOW_NO && queryRequest.collationType == CollationType.DESC -> { + queryRequest.sortType == SortType.FLOW_NO && + queryRequest.collationType == CollationType.DESC -> { it.orderBy(FLOW_NO.desc()) } - queryRequest.sortType == SortType.CREATE_TIME && queryRequest.collationType == CollationType.ASC -> { + queryRequest.sortType == SortType.CREATE_TIME && + queryRequest.collationType == CollationType.ASC -> { it.orderBy(CREATE_TIME.asc()) } - queryRequest.sortType == SortType.CREATE_TIME && queryRequest.collationType == CollationType.DESC -> { + queryRequest.sortType == SortType.CREATE_TIME && + queryRequest.collationType == CollationType.DESC -> { it.orderBy(CREATE_TIME.desc()) } @@ -147,8 +151,20 @@ class AuthHandoverOverviewDao { queryRequest.applicant?.let { conditions.add(APPLICANT.like("%${queryRequest.applicant}%")) } queryRequest.approver?.let { conditions.add(APPROVER.like("%${queryRequest.approver}%")) } queryRequest.handoverStatus?.let { conditions.add(STATUS.eq(queryRequest.handoverStatus!!.value)) } - queryRequest.minCreatedTime?.let { conditions.add(CREATE_TIME.ge(DateTimeUtil.convertTimestampToLocalDateTime(it / 1000))) } - queryRequest.maxCreatedTime?.let { conditions.add(CREATE_TIME.le(DateTimeUtil.convertTimestampToLocalDateTime(it / 1000))) } + queryRequest.minCreatedTime?.let { + conditions.add( + CREATE_TIME.ge( + DateTimeUtil.convertTimestampToLocalDateTime(it / 1000) + ) + ) + } + queryRequest.maxCreatedTime?.let { + conditions.add( + CREATE_TIME.le( + DateTimeUtil.convertTimestampToLocalDateTime(it / 1000) + ) + ) + } return conditions } } diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/RbacPermissionManageFacadeServiceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/RbacPermissionManageFacadeServiceImpl.kt index 5217956eae7..21544767805 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/RbacPermissionManageFacadeServiceImpl.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/RbacPermissionManageFacadeServiceImpl.kt @@ -688,13 +688,19 @@ class RbacPermissionManageFacadeServiceImpl( operateChannel = OperateChannel.PERSONAL, minExpiredAt = LocalDateTime.now().timestampmilli() ) - logger.debug("list all user groups joined after operated groups: {}, {}", count, userGroupsJoinedAfterOperatedGroups) + logger.debug( + "list all user groups joined after operated groups: {}, {}", + count, userGroupsJoinedAfterOperatedGroups + ) val isHasProjectVisitPermAfterOperatedGroups = checkProjectVisitPermission( projectCode = projectCode, iamGroupIds = userGroupsJoinedAfterOperatedGroups.map { it.iamGroupId } ) - logger.debug("whether the user has project visit perm after operated groups: {}", isHasProjectVisitPermAfterOperatedGroups) + logger.debug( + "whether the user has project visit perm after operated groups: {}", + isHasProjectVisitPermAfterOperatedGroups + ) val invalidAuthorizationsDTO = if (count == 0L || !isHasProjectVisitPermAfterOperatedGroups) { // 若用户已退出了所有的用户组或失去了项目访问权限,则直接返回项目下所有的授权 @@ -716,13 +722,14 @@ class RbacPermissionManageFacadeServiceImpl( ) } logger.info( - "invalid authorizations after operated groups|$projectCode|$iamGroupIdsOfDirectlyJoined|$memberId|$invalidAuthorizationsDTO" + "invalid authorizations after operated groups|$projectCode|$iamGroupIdsOfDirectlyJoined|$memberId|" + + "$invalidAuthorizationsDTO" ) return invalidAuthorizationsDTO } finally { logger.info( - "It take(${System.currentTimeMillis() - startEpoch})ms to check invalid authorizations after operated groups" + - "|$projectCode|$iamGroupIdsOfDirectlyJoined|$memberId" + "It take(${System.currentTimeMillis() - startEpoch})ms to check invalid authorizations " + + "after operated groups |$projectCode|$iamGroupIdsOfDirectlyJoined|$memberId" ) } } @@ -829,7 +836,10 @@ class RbacPermissionManageFacadeServiceImpl( ).second ) }.map { it.iamGroupId } - logger.debug("list pipeline and project groups joined after operated groups:{}", userGroupsJoinedAfterOperatedGroups) + logger.debug( + "list pipeline and project groups joined after operated groups:{}", + userGroupsJoinedAfterOperatedGroups + ) // 3.查询未退出的流水线/项目级别的用户组中是否包含项目级别的流水线执行权限。 val hasAllPipelineExecutePermAfterOperateGroups = groupPermissionService.isGroupsHasProjectLevelPermission( @@ -837,7 +847,10 @@ class RbacPermissionManageFacadeServiceImpl( filterIamGroupIds = userGroupsJoinedAfterOperatedGroups, action = ActionId.PIPELINE_EXECUTE ) - logger.debug("has all pipeline execute perm after operate groups:{}", hasAllPipelineExecutePermAfterOperateGroups) + logger.debug( + "has all pipeline execute perm after operate groups:{}", + hasAllPipelineExecutePermAfterOperateGroups + ) // 3.1.若用户在未退出的组中拥有整个项目的流水线执行权限,则本次不会对任何的流水线代持人权限造成影响。 if (hasAllPipelineExecutePermAfterOperateGroups) @@ -881,7 +894,10 @@ class RbacPermissionManageFacadeServiceImpl( relatedResourceType = ResourceTypeId.PIPELINE, action = ActionId.PIPELINE_EXECUTE )[ResourceTypeId.PIPELINE] ?: emptyList() - logger.debug("pipelines with execute perm after operate groups:{}", pipelinesWithExecutePermAfterOperatedGroups) + logger.debug( + "pipelines with execute perm after operate groups:{}", + pipelinesWithExecutePermAfterOperatedGroups + ) val pipelinesWithExecutePermInOperateGroups = groupPermissionService.listGroupResourcesWithPermission( projectCode = projectCode, @@ -1401,7 +1417,8 @@ class RbacPermissionManageFacadeServiceImpl( ), operateGroupMemberTask = ::deleteTask ) - if (toHandoverGroups.isEmpty() && invalidPipelines.isEmpty() && invalidRepertoryIds.isEmpty() && invalidEnvNodeIds.isEmpty()) { + if (toHandoverGroups.isEmpty() && invalidPipelines.isEmpty() && invalidRepertoryIds.isEmpty() && + invalidEnvNodeIds.isEmpty()) { return "true" } val handoverDetails = buildHandoverDetails( @@ -1617,7 +1634,8 @@ class RbacPermissionManageFacadeServiceImpl( iamGroupIdsOfDirectlyJoined = groupsOfDirectlyJoined, memberId = conditionReq.targetMember.id ) - val (invalidGroups, invalidPipelines, invalidRepositoryIds, invalidEnvNodeIds) = invalidAuthorizationsDTO + val (invalidGroups, invalidPipelines, invalidRepositoryIds, invalidEnvNodeIds) = + invalidAuthorizationsDTO // 当批量移出时, // 直接加入的组中,唯一管理员组/影响流水线代持权限不允许被移出 @@ -1663,7 +1681,8 @@ class RbacPermissionManageFacadeServiceImpl( // iam用的是秒级时间戳 it.expiredAt == PERMANENT_EXPIRED_TIME / 1000 }.size - val groupsOfInOperableWhenBatchRenewal = groupCountOfPermanentExpiredTime + groupsOfTemplateOrDeptJoined.size + val groupsOfInOperableWhenBatchRenewal = groupCountOfPermanentExpiredTime + + groupsOfTemplateOrDeptJoined.size BatchOperateGroupMemberCheckVo( totalCount = totalCount, operableCount = totalCount - groupsOfInOperableWhenBatchRenewal, @@ -1913,7 +1932,9 @@ class RbacPermissionManageFacadeServiceImpl( return true } - override fun getResourceType2CountOfHandover(queryReq: ResourceType2CountOfHandoverQuery): List { + override fun getResourceType2CountOfHandover( + queryReq: ResourceType2CountOfHandoverQuery + ): List { queryReq.check() return if (queryReq.queryChannel == HandoverQueryChannel.HANDOVER_APPLICATION) { permissionHandoverApplicationService.getResourceType2CountOfHandoverApplication(queryReq.flowNo!!) @@ -1923,7 +1944,9 @@ class RbacPermissionManageFacadeServiceImpl( } // 交接预览 - private fun getResourceType2CountOfHandoverPreview(queryReq: ResourceType2CountOfHandoverQuery): List { + private fun getResourceType2CountOfHandoverPreview( + queryReq: ResourceType2CountOfHandoverQuery + ): List { val projectCode = queryReq.projectCode val previewConditionReq = queryReq.previewConditionReq!! val batchOperateType = queryReq.batchOperateType!! @@ -1988,7 +2011,9 @@ class RbacPermissionManageFacadeServiceImpl( return result } - override fun listAuthorizationsOfHandover(queryReq: HandoverDetailsQueryReq): SQLPage { + override fun listAuthorizationsOfHandover( + queryReq: HandoverDetailsQueryReq + ): SQLPage { queryReq.check() return if (queryReq.queryChannel == HandoverQueryChannel.HANDOVER_APPLICATION) { permissionHandoverApplicationService.listAuthorizationsOfHandoverApplication(queryReq) @@ -1997,7 +2022,9 @@ class RbacPermissionManageFacadeServiceImpl( } } - private fun listAuthorizationsOfHandoverPreview(queryReq: HandoverDetailsQueryReq): SQLPage { + private fun listAuthorizationsOfHandoverPreview( + queryReq: HandoverDetailsQueryReq + ): SQLPage { val projectCode = queryReq.projectCode val previewConditionReq = queryReq.previewConditionReq!! val groupIdsDirectlyJoined = getGroupIdsByGroupMemberCondition( diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/sample/service/SamplePermissionManageFacadeService.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/sample/service/SamplePermissionManageFacadeService.kt index 97a78367e41..f0a56157cf8 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/sample/service/SamplePermissionManageFacadeService.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/sample/service/SamplePermissionManageFacadeService.kt @@ -155,11 +155,15 @@ class SamplePermissionManageFacadeService : PermissionManageFacadeService { override fun batchHandleHanoverApplications(request: HandoverOverviewBatchUpdateReq): Boolean = true - override fun getResourceType2CountOfHandover(queryReq: ResourceType2CountOfHandoverQuery): List { + override fun getResourceType2CountOfHandover( + queryReq: ResourceType2CountOfHandoverQuery + ): List { return emptyList() } - override fun listAuthorizationsOfHandover(queryReq: HandoverDetailsQueryReq): SQLPage { + override fun listAuthorizationsOfHandover( + queryReq: HandoverDetailsQueryReq + ): SQLPage { return SQLPage(0, emptyList()) }