From e20ff8be4ce0dcc3e31a90a83e4331e393333093 Mon Sep 17 00:00:00 2001 From: stubenhuang Date: Fri, 16 Dec 2022 11:38:59 +0800 Subject: [PATCH 1/8] =?UTF-8?q?feat:=20=E6=B5=81=E6=B0=B4=E7=BA=BF?= =?UTF-8?q?=E7=BB=84=E5=8F=8A=E6=B5=81=E6=B0=B4=E7=BA=BF=E5=88=97=E8=A1=A8?= =?UTF-8?q?=E9=A1=B5=E4=BC=98=E5=8C=96=20#7101?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../api/user/UserProjectMemberResource.kt | 14 ++++++++ .../UserProjectMemberResourceImpl.kt | 32 +++++++++++++------ 2 files changed, 36 insertions(+), 10 deletions(-) diff --git a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/user/UserProjectMemberResource.kt b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/user/UserProjectMemberResource.kt index 2285b310f3b..8deacecd740 100644 --- a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/user/UserProjectMemberResource.kt +++ b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/user/UserProjectMemberResource.kt @@ -33,6 +33,8 @@ import com.tencent.bk.sdk.iam.dto.manager.ManagerRoleGroupInfo import com.tencent.bk.sdk.iam.dto.manager.vo.ManagerGroupMemberVo import com.tencent.devops.auth.pojo.dto.RoleMemberDTO import com.tencent.devops.auth.pojo.vo.ProjectMembersVO +import com.tencent.devops.common.api.auth.AUTH_HEADER_DEVOPS_BK_TOKEN +import com.tencent.devops.common.api.auth.AUTH_HEADER_GIT_TYPE import com.tencent.devops.common.api.auth.AUTH_HEADER_USER_ID import com.tencent.devops.common.api.pojo.Result import io.swagger.annotations.Api @@ -144,4 +146,16 @@ interface UserProjectMemberResource { @ApiParam(name = "待搜用户", required = true) searchUserId: String ): Result?> + + @GET + @Path("/projectIds/{projectId}/checkManager") + @ApiOperation("判断是否是项目管理员或CI管理员") + fun checkProjectManager( + @ApiParam(name = "用户名", required = true) + @HeaderParam(AUTH_HEADER_USER_ID) + userId: String, + @PathParam("projectId") + @ApiParam("项目Id", required = true) + projectId: String + ): Result } diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserProjectMemberResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserProjectMemberResourceImpl.kt index 376b4158734..e99f5b0b77e 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserProjectMemberResourceImpl.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserProjectMemberResourceImpl.kt @@ -34,14 +34,17 @@ import com.tencent.bk.sdk.iam.dto.manager.vo.ManagerGroupMemberVo import com.tencent.devops.auth.api.user.UserProjectMemberResource import com.tencent.devops.auth.pojo.dto.RoleMemberDTO import com.tencent.devops.auth.pojo.vo.ProjectMembersVO +import com.tencent.devops.auth.service.iam.PermissionProjectService import com.tencent.devops.auth.service.iam.PermissionRoleMemberService import com.tencent.devops.common.api.pojo.Result +import com.tencent.devops.common.auth.api.pojo.BkAuthGroup import com.tencent.devops.common.web.RestResource import org.springframework.beans.factory.annotation.Autowired @RestResource class UserProjectMemberResourceImpl @Autowired constructor( - val permissionRoleMemberService: PermissionRoleMemberService + val permissionRoleMemberService: PermissionRoleMemberService, + val permissionProjectService: PermissionProjectService, ) : UserProjectMemberResource { override fun createRoleMember( userId: String, @@ -73,7 +76,8 @@ class UserProjectMemberResourceImpl @Autowired constructor( roleId = roleId, page = page, pageSize = pageSize - )) + ) + ) } override fun getProjectAllMember(projectId: Int, page: Int?, pageSize: Int?): Result { @@ -88,14 +92,16 @@ class UserProjectMemberResourceImpl @Autowired constructor( members: String, type: ManagerScopesEnum ): Result { - Result(permissionRoleMemberService.deleteRoleMember( - userId = userId, - projectId = projectId, - roleId = roleId, - id = members, - type = type, - managerGroup = managerGroup - )) + Result( + permissionRoleMemberService.deleteRoleMember( + userId = userId, + projectId = projectId, + roleId = roleId, + id = members, + type = type, + managerGroup = managerGroup + ) + ) return Result(true) } @@ -106,4 +112,10 @@ class UserProjectMemberResourceImpl @Autowired constructor( ): Result?> { return Result(permissionRoleMemberService.getUserGroups(projectId, searchUserId)) } + + override fun checkProjectManager(userId: String, projectId: String): Result { + val result = permissionProjectService.checkProjectManager(userId, projectId) + || permissionProjectService.isProjectUser(userId, projectId, BkAuthGroup.CIADMIN) + return Result(result) + } } From 3822fc4c28d6663fc2620e5437ab8cd68ff3190c Mon Sep 17 00:00:00 2001 From: stubenhuang Date: Fri, 16 Dec 2022 14:33:39 +0800 Subject: [PATCH 2/8] =?UTF-8?q?feat:=20=E6=B5=81=E6=B0=B4=E7=BA=BF?= =?UTF-8?q?=E7=BB=84=E5=8F=8A=E6=B5=81=E6=B0=B4=E7=BA=BF=E5=88=97=E8=A1=A8?= =?UTF-8?q?=E9=A1=B5=E4=BC=98=E5=8C=96=20#7101?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../tencent/devops/auth/api/user/UserProjectMemberResource.kt | 2 -- .../devops/auth/resources/UserProjectMemberResourceImpl.kt | 2 +- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/user/UserProjectMemberResource.kt b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/user/UserProjectMemberResource.kt index 8deacecd740..6d7bcc0332a 100644 --- a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/user/UserProjectMemberResource.kt +++ b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/user/UserProjectMemberResource.kt @@ -33,8 +33,6 @@ import com.tencent.bk.sdk.iam.dto.manager.ManagerRoleGroupInfo import com.tencent.bk.sdk.iam.dto.manager.vo.ManagerGroupMemberVo import com.tencent.devops.auth.pojo.dto.RoleMemberDTO import com.tencent.devops.auth.pojo.vo.ProjectMembersVO -import com.tencent.devops.common.api.auth.AUTH_HEADER_DEVOPS_BK_TOKEN -import com.tencent.devops.common.api.auth.AUTH_HEADER_GIT_TYPE import com.tencent.devops.common.api.auth.AUTH_HEADER_USER_ID import com.tencent.devops.common.api.pojo.Result import io.swagger.annotations.Api diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserProjectMemberResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserProjectMemberResourceImpl.kt index e99f5b0b77e..0d124b70303 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserProjectMemberResourceImpl.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserProjectMemberResourceImpl.kt @@ -44,7 +44,7 @@ import org.springframework.beans.factory.annotation.Autowired @RestResource class UserProjectMemberResourceImpl @Autowired constructor( val permissionRoleMemberService: PermissionRoleMemberService, - val permissionProjectService: PermissionProjectService, + val permissionProjectService: PermissionProjectService ) : UserProjectMemberResource { override fun createRoleMember( userId: String, From ae808d82cf63752626dfd494f0f03e2fabce78e7 Mon Sep 17 00:00:00 2001 From: stubenhuang Date: Fri, 16 Dec 2022 14:45:40 +0800 Subject: [PATCH 3/8] =?UTF-8?q?feat:=20=E6=B5=81=E6=B0=B4=E7=BA=BF?= =?UTF-8?q?=E7=BB=84=E5=8F=8A=E6=B5=81=E6=B0=B4=E7=BA=BF=E5=88=97=E8=A1=A8?= =?UTF-8?q?=E9=A1=B5=E4=BC=98=E5=8C=96=20#7101?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../devops/auth/resources/UserProjectMemberResourceImpl.kt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserProjectMemberResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserProjectMemberResourceImpl.kt index 0d124b70303..7d2ec1cbc06 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserProjectMemberResourceImpl.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserProjectMemberResourceImpl.kt @@ -114,8 +114,8 @@ class UserProjectMemberResourceImpl @Autowired constructor( } override fun checkProjectManager(userId: String, projectId: String): Result { - val result = permissionProjectService.checkProjectManager(userId, projectId) - || permissionProjectService.isProjectUser(userId, projectId, BkAuthGroup.CIADMIN) + val result = permissionProjectService.checkProjectManager(userId, projectId) || + permissionProjectService.isProjectUser(userId, projectId, BkAuthGroup.CIADMIN) return Result(result) } } From da073fbb7745138c1f56c138f8c1a493d0fcc838 Mon Sep 17 00:00:00 2001 From: stubenhuang Date: Fri, 16 Dec 2022 15:24:53 +0800 Subject: [PATCH 4/8] =?UTF-8?q?feat:=20=E6=B5=81=E6=B0=B4=E7=BA=BF?= =?UTF-8?q?=E7=BB=84=E5=8F=8A=E6=B5=81=E6=B0=B4=E7=BA=BF=E5=88=97=E8=A1=A8?= =?UTF-8?q?=E9=A1=B5=E4=BC=98=E5=8C=96=20#7101?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../devops/auth/resources/UserProjectMemberResourceImpl.kt | 2 +- .../com/tencent/devops/common/auth/api/pojo/BkAuthGroup.kt | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserProjectMemberResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserProjectMemberResourceImpl.kt index 7d2ec1cbc06..67b3cfc3d2b 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserProjectMemberResourceImpl.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserProjectMemberResourceImpl.kt @@ -115,7 +115,7 @@ class UserProjectMemberResourceImpl @Autowired constructor( override fun checkProjectManager(userId: String, projectId: String): Result { val result = permissionProjectService.checkProjectManager(userId, projectId) || - permissionProjectService.isProjectUser(userId, projectId, BkAuthGroup.CIADMIN) + permissionProjectService.isProjectUser(userId, projectId, BkAuthGroup.CI_MANAGER) return Result(result) } } diff --git a/src/backend/ci/core/common/common-auth/common-auth-api/src/main/kotlin/com/tencent/devops/common/auth/api/pojo/BkAuthGroup.kt b/src/backend/ci/core/common/common-auth/common-auth-api/src/main/kotlin/com/tencent/devops/common/auth/api/pojo/BkAuthGroup.kt index 2e75ff1dfb1..172e7d6b3de 100644 --- a/src/backend/ci/core/common/common-auth/common-auth-api/src/main/kotlin/com/tencent/devops/common/auth/api/pojo/BkAuthGroup.kt +++ b/src/backend/ci/core/common/common-auth/common-auth-api/src/main/kotlin/com/tencent/devops/common/auth/api/pojo/BkAuthGroup.kt @@ -31,13 +31,14 @@ package com.tencent.devops.common.auth.api.pojo * 项目角色组 */ enum class BkAuthGroup(val value: String) { - CIADMIN("ciAdmin"), // CI管理员 + CIADMIN("ciAdmin"), // CI管理员 TODO : 看IAM接口找不到这个标志, 用的是ci_manager MANAGER("manager"), // 管理员 DEVELOPER("developer"), // 开发人员 MAINTAINER("maintainer"), // 运维人员 TESTER("tester"), // 测试人员 PM("pm"), // 产品人员 - QC("qc"); // 质量管理员 + QC("qc"), // 质量管理员 + CI_MANAGER("ci_manager"); // CI 管理员 companion object { fun get(value: String): BkAuthGroup { From 7b782b28f186f1a349277cff27695fc93e482053 Mon Sep 17 00:00:00 2001 From: stubenhuang Date: Mon, 19 Dec 2022 11:21:46 +0800 Subject: [PATCH 5/8] =?UTF-8?q?feat:=20=E6=B5=81=E6=B0=B4=E7=BA=BF?= =?UTF-8?q?=E7=BB=84=E5=8F=8A=E6=B5=81=E6=B0=B4=E7=BA=BF=E5=88=97=E8=A1=A8?= =?UTF-8?q?=E9=A1=B5=E4=BC=98=E5=8C=96=20#7101?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../auth/api/service/ServiceProjectAuthResource.kt | 13 +++++++++++++ .../auth/api/user/UserProjectMemberResource.kt | 2 +- .../auth/resources/UserProjectMemberResourceImpl.kt | 2 +- .../service/ServiceProjectAuthResourceImpl.kt | 6 ++++++ .../service/view/PipelineViewGroupService.kt | 5 ++--- .../service/view/PipelineViewGroupServiceTest.kt | 8 ++++---- 6 files changed, 27 insertions(+), 9 deletions(-) diff --git a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/service/ServiceProjectAuthResource.kt b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/service/ServiceProjectAuthResource.kt index 880fa09008d..439fc8b3d28 100644 --- a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/service/ServiceProjectAuthResource.kt +++ b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/service/ServiceProjectAuthResource.kt @@ -29,6 +29,7 @@ package com.tencent.devops.auth.api.service import com.tencent.devops.common.api.auth.AUTH_HEADER_DEVOPS_BK_TOKEN import com.tencent.devops.common.api.auth.AUTH_HEADER_GIT_TYPE +import com.tencent.devops.common.api.auth.AUTH_HEADER_USER_ID import com.tencent.devops.common.api.pojo.Result import com.tencent.devops.common.auth.api.pojo.BKAuthProjectRolesResources import com.tencent.devops.common.auth.api.pojo.BkAuthGroup @@ -133,6 +134,18 @@ interface ServiceProjectAuthResource { projectCode: String ): Result + @GET + @Path("/projectIds/{projectId}/checkManager") + @ApiOperation("判断是否是项目管理员或CI管理员") + fun checkManager( + @ApiParam(name = "用户名", required = true) + @HeaderParam(AUTH_HEADER_USER_ID) + userId: String, + @PathParam("projectId") + @ApiParam("项目Id", required = true) + projectId: String + ): Result + @POST @Path("/{projectCode}/createUser") @ApiOperation("添加用户到指定项目指定分组") diff --git a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/user/UserProjectMemberResource.kt b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/user/UserProjectMemberResource.kt index 6d7bcc0332a..eb820e05d2d 100644 --- a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/user/UserProjectMemberResource.kt +++ b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/user/UserProjectMemberResource.kt @@ -148,7 +148,7 @@ interface UserProjectMemberResource { @GET @Path("/projectIds/{projectId}/checkManager") @ApiOperation("判断是否是项目管理员或CI管理员") - fun checkProjectManager( + fun checkManager( @ApiParam(name = "用户名", required = true) @HeaderParam(AUTH_HEADER_USER_ID) userId: String, diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserProjectMemberResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserProjectMemberResourceImpl.kt index 67b3cfc3d2b..c14de3fe690 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserProjectMemberResourceImpl.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserProjectMemberResourceImpl.kt @@ -113,7 +113,7 @@ class UserProjectMemberResourceImpl @Autowired constructor( return Result(permissionRoleMemberService.getUserGroups(projectId, searchUserId)) } - override fun checkProjectManager(userId: String, projectId: String): Result { + override fun checkManager(userId: String, projectId: String): Result { val result = permissionProjectService.checkProjectManager(userId, projectId) || permissionProjectService.isProjectUser(userId, projectId, BkAuthGroup.CI_MANAGER) return Result(result) diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/service/ServiceProjectAuthResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/service/ServiceProjectAuthResourceImpl.kt index f9a1ec4ffef..8560610f62e 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/service/ServiceProjectAuthResourceImpl.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/service/ServiceProjectAuthResourceImpl.kt @@ -85,6 +85,12 @@ class ServiceProjectAuthResourceImpl @Autowired constructor( ) } + override fun checkManager(userId: String, projectId: String): Result { + val result = permissionProjectService.checkProjectManager(userId, projectId) || + permissionProjectService.isProjectUser(userId, projectId, BkAuthGroup.CI_MANAGER) + return Result(result) + } + override fun checkProjectManager( token: String, type: String?, diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/view/PipelineViewGroupService.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/view/PipelineViewGroupService.kt index 6cbaacb1ee7..a8a47d79871 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/view/PipelineViewGroupService.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/view/PipelineViewGroupService.kt @@ -30,11 +30,11 @@ package com.tencent.devops.process.service.view import com.fasterxml.jackson.core.type.TypeReference import com.fasterxml.jackson.databind.ObjectMapper import com.github.benmanes.caffeine.cache.Caffeine +import com.tencent.devops.auth.api.service.ServiceProjectAuthResource import com.tencent.devops.common.api.exception.ErrorCodeException import com.tencent.devops.common.api.util.HashUtil import com.tencent.devops.common.api.util.Watcher import com.tencent.devops.common.api.util.timestamp -import com.tencent.devops.common.auth.api.AuthPermission import com.tencent.devops.common.client.Client import com.tencent.devops.common.pipeline.enums.ChannelCode import com.tencent.devops.common.redis.RedisOperation @@ -59,7 +59,6 @@ import com.tencent.devops.process.pojo.classify.PipelineViewPreview import com.tencent.devops.process.pojo.classify.enums.Logic import com.tencent.devops.process.service.view.lock.PipelineViewGroupLock import com.tencent.devops.process.utils.PIPELINE_VIEW_UNCLASSIFIED -import com.tencent.devops.project.api.service.ServiceProjectResource import org.apache.commons.lang3.StringUtils import org.jooq.DSLContext import org.jooq.impl.DSL @@ -638,7 +637,7 @@ class PipelineViewGroupService @Autowired constructor( } fun hasPermission(userId: String, projectId: String) = - client.get(ServiceProjectResource::class).hasPermission(userId, projectId, AuthPermission.MANAGE).data ?: false + client.get(ServiceProjectAuthResource::class).checkManager(userId, projectId).data ?: false fun listView(userId: String, projectId: String, projected: Boolean?, viewType: Int?): List { val views = pipelineViewDao.list(dslContext, userId, projectId, projected, viewType) diff --git a/src/backend/ci/core/process/biz-process/src/test/kotlin/com/tencent/devops/process/service/view/PipelineViewGroupServiceTest.kt b/src/backend/ci/core/process/biz-process/src/test/kotlin/com/tencent/devops/process/service/view/PipelineViewGroupServiceTest.kt index 9f8aa335d85..d345a10013a 100644 --- a/src/backend/ci/core/process/biz-process/src/test/kotlin/com/tencent/devops/process/service/view/PipelineViewGroupServiceTest.kt +++ b/src/backend/ci/core/process/biz-process/src/test/kotlin/com/tencent/devops/process/service/view/PipelineViewGroupServiceTest.kt @@ -1,6 +1,8 @@ package com.tencent.devops.process.service.view +import com.tencent.devops.auth.api.service.ServiceProjectAuthResource import com.tencent.devops.common.api.exception.ErrorCodeException +import com.tencent.devops.common.api.pojo.Result import com.tencent.devops.common.api.util.HashUtil import com.tencent.devops.common.test.BkCiAbstractTest import com.tencent.devops.model.process.Tables.T_PIPELINE_INFO @@ -25,8 +27,6 @@ import com.tencent.devops.process.pojo.classify.PipelineViewForm import com.tencent.devops.process.pojo.classify.PipelineViewPipelineCount import com.tencent.devops.process.pojo.classify.PipelineViewPreview import com.tencent.devops.process.utils.PIPELINE_VIEW_UNCLASSIFIED -import com.tencent.devops.project.api.service.ServiceProjectResource -import com.tencent.devops.project.pojo.Result import io.mockk.every import io.mockk.justRun import io.mockk.mockk @@ -832,7 +832,7 @@ class PipelineViewGroupServiceTest : BkCiAbstractTest() { @DisplayName("返回值测试1") fun test_1() { every { - client.mockGet(ServiceProjectResource::class).hasPermission(any(), any(), any()) + client.mockGet(ServiceProjectAuthResource::class).checkManager(any(), any()) } returns Result(true) self.hasPermission("test", "test").let { Assertions.assertEquals(true, it) @@ -843,7 +843,7 @@ class PipelineViewGroupServiceTest : BkCiAbstractTest() { @DisplayName("返回值测试2") fun test_2() { every { - client.mockGet(ServiceProjectResource::class).hasPermission(any(), any(), any()) + client.mockGet(ServiceProjectAuthResource::class).checkManager(any(), any()) } returns Result(false) self.hasPermission("test", "test").let { Assertions.assertEquals(false, it) From affede9f27053b035b5236687fa1989f99be7490 Mon Sep 17 00:00:00 2001 From: stubenhuang Date: Mon, 19 Dec 2022 11:54:30 +0800 Subject: [PATCH 6/8] =?UTF-8?q?feat:=20=E6=B5=81=E6=B0=B4=E7=BA=BF?= =?UTF-8?q?=E7=BB=84=E5=8F=8A=E6=B5=81=E6=B0=B4=E7=BA=BF=E5=88=97=E8=A1=A8?= =?UTF-8?q?=E9=A1=B5=E4=BC=98=E5=8C=96=20#7101?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../auth/api/service/ServiceProjectAuthResource.kt | 3 +++ .../service/view/PipelineViewGroupService.kt | 7 +++++-- .../service/view/PipelineViewGroupServiceTest.kt | 14 +++++++++++--- 3 files changed, 19 insertions(+), 5 deletions(-) diff --git a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/service/ServiceProjectAuthResource.kt b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/service/ServiceProjectAuthResource.kt index 439fc8b3d28..aa205fd0e59 100644 --- a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/service/ServiceProjectAuthResource.kt +++ b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/service/ServiceProjectAuthResource.kt @@ -138,6 +138,9 @@ interface ServiceProjectAuthResource { @Path("/projectIds/{projectId}/checkManager") @ApiOperation("判断是否是项目管理员或CI管理员") fun checkManager( + @HeaderParam(AUTH_HEADER_DEVOPS_BK_TOKEN) + @ApiParam("认证token", required = true) + token: String, @ApiParam(name = "用户名", required = true) @HeaderParam(AUTH_HEADER_USER_ID) userId: String, diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/view/PipelineViewGroupService.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/view/PipelineViewGroupService.kt index a8a47d79871..33c7bc2047e 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/view/PipelineViewGroupService.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/view/PipelineViewGroupService.kt @@ -36,6 +36,7 @@ import com.tencent.devops.common.api.util.HashUtil import com.tencent.devops.common.api.util.Watcher import com.tencent.devops.common.api.util.timestamp import com.tencent.devops.common.client.Client +import com.tencent.devops.common.client.ClientTokenService import com.tencent.devops.common.pipeline.enums.ChannelCode import com.tencent.devops.common.redis.RedisOperation import com.tencent.devops.common.service.utils.LogUtils @@ -79,7 +80,8 @@ class PipelineViewGroupService @Autowired constructor( private val dslContext: DSLContext, private val redisOperation: RedisOperation, private val objectMapper: ObjectMapper, - private val client: Client + private val client: Client, + private val clientTokenService: ClientTokenService ) { private val allPipelineInfoCache = Caffeine.newBuilder() .maximumSize(10) @@ -637,7 +639,8 @@ class PipelineViewGroupService @Autowired constructor( } fun hasPermission(userId: String, projectId: String) = - client.get(ServiceProjectAuthResource::class).checkManager(userId, projectId).data ?: false + client.get(ServiceProjectAuthResource::class) + .checkManager(clientTokenService.getSystemToken(userId)!!, userId, projectId).data ?: false fun listView(userId: String, projectId: String, projected: Boolean?, viewType: Int?): List { val views = pipelineViewDao.list(dslContext, userId, projectId, projected, viewType) diff --git a/src/backend/ci/core/process/biz-process/src/test/kotlin/com/tencent/devops/process/service/view/PipelineViewGroupServiceTest.kt b/src/backend/ci/core/process/biz-process/src/test/kotlin/com/tencent/devops/process/service/view/PipelineViewGroupServiceTest.kt index d345a10013a..bd5d1fbdfd0 100644 --- a/src/backend/ci/core/process/biz-process/src/test/kotlin/com/tencent/devops/process/service/view/PipelineViewGroupServiceTest.kt +++ b/src/backend/ci/core/process/biz-process/src/test/kotlin/com/tencent/devops/process/service/view/PipelineViewGroupServiceTest.kt @@ -4,6 +4,7 @@ import com.tencent.devops.auth.api.service.ServiceProjectAuthResource import com.tencent.devops.common.api.exception.ErrorCodeException import com.tencent.devops.common.api.pojo.Result import com.tencent.devops.common.api.util.HashUtil +import com.tencent.devops.common.client.ClientTokenService import com.tencent.devops.common.test.BkCiAbstractTest import com.tencent.devops.model.process.Tables.T_PIPELINE_INFO import com.tencent.devops.model.process.Tables.T_PIPELINE_VIEW @@ -46,6 +47,7 @@ class PipelineViewGroupServiceTest : BkCiAbstractTest() { private val pipelineViewGroupDao: PipelineViewGroupDao = mockk() private val pipelineViewTopDao: PipelineViewTopDao = mockk() private val pipelineInfoDao: PipelineInfoDao = mockk() + private val clientTokenService: ClientTokenService = mockk() private val self: PipelineViewGroupService = spyk( PipelineViewGroupService( @@ -57,7 +59,8 @@ class PipelineViewGroupServiceTest : BkCiAbstractTest() { dslContext = dslContext, redisOperation = redisOperation, objectMapper = objectMapper, - client = client + client = client, + clientTokenService = clientTokenService ), recordPrivateCalls = true ) @@ -828,11 +831,16 @@ class PipelineViewGroupServiceTest : BkCiAbstractTest() { @Nested inner class HasPermission { + @BeforeEach + fun beforeEach() { + every { clientTokenService.getSystemToken(any()) } returns "" + } + @Test @DisplayName("返回值测试1") fun test_1() { every { - client.mockGet(ServiceProjectAuthResource::class).checkManager(any(), any()) + client.mockGet(ServiceProjectAuthResource::class).checkManager(any(), any(), any()) } returns Result(true) self.hasPermission("test", "test").let { Assertions.assertEquals(true, it) @@ -843,7 +851,7 @@ class PipelineViewGroupServiceTest : BkCiAbstractTest() { @DisplayName("返回值测试2") fun test_2() { every { - client.mockGet(ServiceProjectAuthResource::class).checkManager(any(), any()) + client.mockGet(ServiceProjectAuthResource::class).checkManager(any(), any(), any()) } returns Result(false) self.hasPermission("test", "test").let { Assertions.assertEquals(false, it) From 4ffa0febf02f2e40df1f32bceff17f2239f574ae Mon Sep 17 00:00:00 2001 From: stubenhuang Date: Mon, 19 Dec 2022 11:57:21 +0800 Subject: [PATCH 7/8] =?UTF-8?q?feat:=20=E6=B5=81=E6=B0=B4=E7=BA=BF?= =?UTF-8?q?=E7=BB=84=E5=8F=8A=E6=B5=81=E6=B0=B4=E7=BA=BF=E5=88=97=E8=A1=A8?= =?UTF-8?q?=E9=A1=B5=E4=BC=98=E5=8C=96=20#7101?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../auth/resources/service/ServiceProjectAuthResourceImpl.kt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/service/ServiceProjectAuthResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/service/ServiceProjectAuthResourceImpl.kt index 8560610f62e..39611d3fa1d 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/service/ServiceProjectAuthResourceImpl.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/service/ServiceProjectAuthResourceImpl.kt @@ -85,7 +85,7 @@ class ServiceProjectAuthResourceImpl @Autowired constructor( ) } - override fun checkManager(userId: String, projectId: String): Result { + override fun checkManager(token: String, userId: String, projectId: String): Result { val result = permissionProjectService.checkProjectManager(userId, projectId) || permissionProjectService.isProjectUser(userId, projectId, BkAuthGroup.CI_MANAGER) return Result(result) From d99fcc3de80b0eb3ba54a48e1006a8ea8e263113 Mon Sep 17 00:00:00 2001 From: stubenhuang Date: Mon, 19 Dec 2022 12:04:26 +0800 Subject: [PATCH 8/8] =?UTF-8?q?feat:=20=E6=B5=81=E6=B0=B4=E7=BA=BF?= =?UTF-8?q?=E7=BB=84=E5=8F=8A=E6=B5=81=E6=B0=B4=E7=BA=BF=E5=88=97=E8=A1=A8?= =?UTF-8?q?=E9=A1=B5=E4=BC=98=E5=8C=96=20#7101?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../devops/process/service/view/PipelineViewGroupService.kt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/view/PipelineViewGroupService.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/view/PipelineViewGroupService.kt index 33c7bc2047e..33984e7b797 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/view/PipelineViewGroupService.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/view/PipelineViewGroupService.kt @@ -640,7 +640,7 @@ class PipelineViewGroupService @Autowired constructor( fun hasPermission(userId: String, projectId: String) = client.get(ServiceProjectAuthResource::class) - .checkManager(clientTokenService.getSystemToken(userId)!!, userId, projectId).data ?: false + .checkManager(clientTokenService.getSystemToken(null)!!, userId, projectId).data ?: false fun listView(userId: String, projectId: String, projected: Boolean?, viewType: Int?): List { val views = pipelineViewDao.list(dslContext, userId, projectId, projected, viewType)