Skip to content

Commit

Permalink
feat:用户个人视角 权限管理优化 #11138
Browse files Browse the repository at this point in the history
  • Loading branch information
@fcfang123
fcfang123 committed Dec 19, 2024
1 parent df24827 commit 14a83b4
Show file tree
Hide file tree
Showing 9 changed files with 77 additions and 11 deletions.
7 changes: 4 additions & 3 deletions ...pi-auth/src/main/kotlin/com/tencent/devops/auth/api/service/ServiceProjectAuthResource.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@

package com.tencent.devops.auth.api.service

import com.tencent.devops.auth.pojo.vo.AuthProjectVO
import com.tencent.devops.auth.pojo.vo.ProjectPermissionInfoVO
import com.tencent.devops.common.api.auth.AUTH_HEADER_DEVOPS_BK_TOKEN
import com.tencent.devops.common.api.auth.AUTH_HEADER_DEVOPS_USER_ID
Expand Down Expand Up @@ -262,11 +263,11 @@ interface ServiceProjectAuthResource {
): Result<ProjectPermissionInfoVO>

@GET
@Path("/listUserProjects")
@Path("/listUserProjectsWithAuthorization")
@Operation(summary = "获取用户授权相关的项目")
fun listUserProjects(
fun listUserProjectsWithAuthorization(
@HeaderParam(AUTH_HEADER_DEVOPS_USER_ID)
@Parameter(description = "用户ID", required = true)
userId: String
): Result<List<String>>
): Result<List<AuthProjectVO>>
}
11 changes: 11 additions & 0 deletions ...uth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/user/UserAuthResourceResource.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,8 +29,10 @@
package com.tencent.devops.auth.api.user

import com.tencent.devops.auth.pojo.AuthResourceInfo
import com.tencent.devops.auth.pojo.vo.AuthProjectVO
import com.tencent.devops.auth.pojo.vo.IamGroupInfoVo
import com.tencent.devops.auth.pojo.vo.IamGroupMemberInfoVo
import com.tencent.devops.common.api.auth.AUTH_HEADER_DEVOPS_USER_ID
import com.tencent.devops.common.api.auth.AUTH_HEADER_USER_ID
import com.tencent.devops.common.api.pojo.Pagination
import com.tencent.devops.common.api.pojo.Result
Expand Down Expand Up @@ -213,4 +215,13 @@ interface UserAuthResourceResource {
@PathParam("resourceCode")
resourceCode: String
): Result<AuthResourceInfo>

@GET
@Path("/listUserProjectsWithAuthorization")
@Operation(summary = "获取用户授权相关的项目")
fun listUserProjectsWithAuthorization(
@HeaderParam(AUTH_HEADER_DEVOPS_USER_ID)
@Parameter(description = "用户ID", required = true)
userId: String
): Result<List<AuthProjectVO>>
}
11 changes: 11 additions & 0 deletions ...nd/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/vo/AuthProjectVO.kt
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
package com.tencent.devops.auth.pojo.vo

import io.swagger.v3.oas.annotations.media.Schema

@Schema(title = "项目返回体")
data class AuthProjectVO(
@get:Schema(title = "数量")
val projectCode: String,
@get:Schema(title = "项目")
val projectName: String
)
13 changes: 13 additions & 0 deletions ...kend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/dao/AuthResourceDao.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -314,6 +314,19 @@ class AuthResourceDao {
}
}

fun listByResourceCodes(
dslContext: DSLContext,
resourceType: String,
resourceCodes: List<String>
): List<AuthResourceInfo> {
return with(TAuthResource.T_AUTH_RESOURCE) {
dslContext.selectFrom(this)
.where(RESOURCE_TYPE.eq(resourceType))
.and(RESOURCE_CODE.`in`(resourceCodes))
.fetch().map { convert(it) }
}
}

fun getResourceCodeByType(
dslContext: DSLContext,
projectCode: String,
Expand Down
5 changes: 3 additions & 2 deletions ...c/main/kotlin/com/tencent/devops/auth/resources/service/ServiceProjectAuthResourceImpl.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@
package com.tencent.devops.auth.resources.service

import com.tencent.devops.auth.api.service.ServiceProjectAuthResource
import com.tencent.devops.auth.pojo.vo.AuthProjectVO
import com.tencent.devops.auth.pojo.vo.ProjectPermissionInfoVO
import com.tencent.devops.auth.service.PermissionAuthorizationService
import com.tencent.devops.auth.service.iam.PermissionProjectService
Expand Down Expand Up @@ -216,9 +217,9 @@ class ServiceProjectAuthResourceImpl @Autowired constructor(
)
}

override fun listUserProjects(userId: String): Result<List<String>> {
override fun listUserProjectsWithAuthorization(userId: String): Result<List<AuthProjectVO>> {
return Result(
permissionAuthorizationService.listUserProjects(
permissionAuthorizationService.listUserProjectsWithAuthorization(
userId = userId
)
)
Expand Down
9 changes: 8 additions & 1 deletion ...th/src/main/kotlin/com/tencent/devops/auth/resources/user/UserAuthResourceResourceImpl.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,8 +31,10 @@ package com.tencent.devops.auth.resources.user
import com.tencent.devops.auth.api.user.UserAuthResourceResource
import com.tencent.devops.auth.pojo.AuthResourceInfo
import com.tencent.devops.auth.pojo.dto.ListGroupConditionDTO
import com.tencent.devops.auth.pojo.vo.AuthProjectVO
import com.tencent.devops.auth.pojo.vo.IamGroupInfoVo
import com.tencent.devops.auth.pojo.vo.IamGroupMemberInfoVo
import com.tencent.devops.auth.service.PermissionAuthorizationService
import com.tencent.devops.auth.service.iam.PermissionResourceGroupService
import com.tencent.devops.auth.service.iam.PermissionResourceService
import com.tencent.devops.auth.service.iam.PermissionResourceValidateService
Expand All @@ -45,7 +47,8 @@ import org.springframework.beans.factory.annotation.Autowired
class UserAuthResourceResourceImpl @Autowired constructor(
private val permissionResourceService: PermissionResourceService,
private val permissionResourceValidateService: PermissionResourceValidateService,
private val permissionResourceGroupService: PermissionResourceGroupService
private val permissionResourceGroupService: PermissionResourceGroupService,
private val permissionAuthorizationService: PermissionAuthorizationService
) : UserAuthResourceResource {
override fun hasManagerPermission(
userId: String,
Expand Down Expand Up @@ -186,4 +189,8 @@ class UserAuthResourceResourceImpl @Autowired constructor(
)
)
}

override fun listUserProjectsWithAuthorization(userId: String): Result<List<AuthProjectVO>> {
return Result(permissionAuthorizationService.listUserProjectsWithAuthorization(userId))
}
}
5 changes: 3 additions & 2 deletions ...iz-auth/src/main/kotlin/com/tencent/devops/auth/service/PermissionAuthorizationService.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@
package com.tencent.devops.auth.service

import com.tencent.devops.auth.pojo.enum.OperateChannel
import com.tencent.devops.auth.pojo.vo.AuthProjectVO
import com.tencent.devops.auth.pojo.vo.ResourceTypeInfoVo
import com.tencent.devops.common.api.model.SQLPage
import com.tencent.devops.common.auth.api.pojo.ResetAllResourceAuthorizationReq
Expand Down Expand Up @@ -85,9 +86,9 @@ interface PermissionAuthorizationService {
/**
* 获取用户授权相关项目
*/
fun listUserProjects(
fun listUserProjectsWithAuthorization(
userId: String
): List<String>
): List<AuthProjectVO>

/**
* 修改资源授权管理
Expand Down
20 changes: 17 additions & 3 deletions ...uth/src/main/kotlin/com/tencent/devops/auth/service/PermissionAuthorizationServiceImpl.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,11 +5,13 @@ import com.tencent.devops.auth.constant.AuthI18nConstants
import com.tencent.devops.auth.constant.AuthMessageCode
import com.tencent.devops.auth.constant.AuthMessageCode.ERROR_REPERTORY_HANDOVER_AUTHORIZATION
import com.tencent.devops.auth.dao.AuthAuthorizationDao
import com.tencent.devops.auth.dao.AuthResourceDao
import com.tencent.devops.auth.pojo.dto.HandoverDetailDTO
import com.tencent.devops.auth.pojo.dto.HandoverOverviewCreateDTO
import com.tencent.devops.auth.pojo.enum.HandoverStatus
import com.tencent.devops.auth.pojo.enum.HandoverType
import com.tencent.devops.auth.pojo.enum.OperateChannel
import com.tencent.devops.auth.pojo.vo.AuthProjectVO
import com.tencent.devops.auth.pojo.vo.ResourceTypeInfoVo
import com.tencent.devops.auth.service.iam.PermissionHandoverApplicationService
import com.tencent.devops.auth.service.iam.PermissionResourceValidateService
Expand Down Expand Up @@ -46,7 +48,8 @@ class PermissionAuthorizationServiceImpl(
private val permissionResourceValidateService: PermissionResourceValidateService,
private val deptService: DeptService,
private val permissionService: PermissionService,
private val permissionHandoverApplicationService: PermissionHandoverApplicationService
private val permissionHandoverApplicationService: PermissionHandoverApplicationService,
private val authResourceDao: AuthResourceDao
) : PermissionAuthorizationService {
companion object {
private val logger = LoggerFactory.getLogger(PermissionAuthorizationServiceImpl::class.java)
Expand Down Expand Up @@ -182,8 +185,19 @@ class PermissionAuthorizationServiceImpl(
return SQLPage(count = count.toLong(), records = records)
}

override fun listUserProjects(userId: String): List<String> {
return authAuthorizationDao.listUserProjects(dslContext, userId)
override fun listUserProjectsWithAuthorization(userId: String): List<AuthProjectVO> {
val projectCodesWithAuthorization = authAuthorizationDao.listUserProjects(dslContext, userId)
val projectInfos = authResourceDao.listByResourceCodes(
dslContext = dslContext,
resourceType = ResourceTypeId.PROJECT,
resourceCodes = projectCodesWithAuthorization
)
return projectInfos.map {
AuthProjectVO(
projectCode = it.resourceCode,
projectName = it.resourceName
)
}
}

override fun modifyResourceAuthorization(resourceAuthorizationList: List<ResourceAuthorizationDTO>): Boolean {
Expand Down
7 changes: 7 additions & 0 deletions support-files/sql/2004_v3.x/2030_ci_auth-update_v3.0_mysql.sql
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,13 @@ BEGIN
ALTER TABLE T_AUTH_OAUTH2_ACCESS_TOKEN ADD COLUMN `PASS_WORD` VARCHAR(64) DEFAULT NULL COMMENT '用于密码模式' AFTER `USER_NAME`;
END IF;

IF NOT EXISTS(SELECT 1
FROM information_schema.statistics
WHERE TABLE_SCHEMA = db
AND TABLE_NAME = 'T_AUTH_RESOURCE_AUTHORIZATION'
AND INDEX_NAME = 'HANDOVER_FROM_PROJECT_CODE_INDEX') THEN
ALTER TABLE T_AUTH_RESOURCE_AUTHORIZATION ADD INDEX `HANDOVER_FROM_PROJECT_CODE_INDEX` (`HANDOVER_FROM`,`PROJECT_CODE`);
END IF;
COMMIT;
END <CI_UBF>
DELIMITER ;
Expand Down

0 comments on commit 14a83b4

Please sign in to comment.