Skip to content

Commit

Permalink
feat:用户个人视角 权限管理优化 #11138
Browse files Browse the repository at this point in the history
  • Loading branch information
@fcfang123
fcfang123 committed Dec 19, 2024
1 parent 721af6b commit 799da8c
Show file tree
Hide file tree
Showing 21 changed files with 90 additions and 94 deletions.
54 changes: 26 additions & 28 deletions ...uth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/config/RbacAuthConfiguration.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,7 @@ import com.tencent.devops.auth.provider.rbac.service.AuthResourceService
import com.tencent.devops.auth.provider.rbac.service.ItsmService
import com.tencent.devops.auth.provider.rbac.service.PermissionGradeManagerService
import com.tencent.devops.auth.provider.rbac.service.PermissionSubsetManagerService
import com.tencent.devops.auth.provider.rbac.service.RbacCacheService
import com.tencent.devops.auth.provider.rbac.service.RbacCommonService
import com.tencent.devops.auth.provider.rbac.service.RbacPermissionApplyService
import com.tencent.devops.auth.provider.rbac.service.RbacPermissionAuthMonitorSpaceService
import com.tencent.devops.auth.provider.rbac.service.RbacPermissionAuthorizationScopesService
Expand Down Expand Up @@ -216,7 +216,7 @@ class RbacAuthConfiguration {
syncIamGroupMemberService: PermissionResourceGroupSyncService,
authAuthorizationDao: AuthAuthorizationDao,
permissionHandoverApplicationService: PermissionHandoverApplicationService,
rbacCacheService: RbacCacheService,
rbacCommonService: RbacCommonService,
redisOperation: RedisOperation,
authorizationDao: AuthAuthorizationDao,
authResourceService: AuthResourceService,
Expand All @@ -235,7 +235,7 @@ class RbacAuthConfiguration {
syncIamGroupMemberService = syncIamGroupMemberService,
authAuthorizationDao = authAuthorizationDao,
permissionHandoverApplicationService = permissionHandoverApplicationService,
rbacCacheService = rbacCacheService,
rbacCommonService = rbacCommonService,
redisOperation = redisOperation,
authorizationDao = authorizationDao,
authResourceService = authResourceService,
Expand All @@ -246,7 +246,7 @@ class RbacAuthConfiguration {
@Bean
fun permissionResourceGroupPermissionService(
v2ManagerService: V2ManagerService,
rbacCacheService: RbacCacheService,
rbacCommonService: RbacCommonService,
monitorSpaceService: AuthMonitorSpaceService,
authResourceGroupDao: AuthResourceGroupDao,
dslContext: DSLContext,
Expand All @@ -260,7 +260,7 @@ class RbacAuthConfiguration {
objectMapper: ObjectMapper
) = RbacPermissionResourceGroupPermissionService(
v2ManagerService = v2ManagerService,
rbacCacheService = rbacCacheService,
rbacCommonService = rbacCommonService,
monitorSpaceService = monitorSpaceService,
authResourceGroupDao = authResourceGroupDao,
dslContext = dslContext,
Expand All @@ -282,7 +282,7 @@ class RbacAuthConfiguration {
authResourceGroupMemberDao: AuthResourceGroupMemberDao,
dslContext: DSLContext,
deptService: DeptService,
rbacCacheService: RbacCacheService
rbacCommonService: RbacCommonService
) = RbacPermissionResourceMemberService(
authResourceService = authResourceService,
iamV2ManagerService = iamV2ManagerService,
Expand Down Expand Up @@ -319,7 +319,7 @@ class RbacAuthConfiguration {
iamV2PolicyService: PolicyService,
authResourceCodeConverter: AuthResourceCodeConverter,
superManagerService: SuperManagerService,
rbacCacheService: RbacCacheService,
rbacCommonService: RbacCommonService,
client: Client,
authProjectUserMetricsService: AuthProjectUserMetricsService
) = RbacPermissionService(
Expand All @@ -329,7 +329,7 @@ class RbacAuthConfiguration {
policyService = iamV2PolicyService,
authResourceCodeConverter = authResourceCodeConverter,
superManagerService = superManagerService,
rbacCacheService = rbacCacheService,
rbacCommonService = rbacCommonService,
client = client,
authProjectUserMetricsService = authProjectUserMetricsService
)
Expand All @@ -341,7 +341,7 @@ class RbacAuthConfiguration {
authResourceService: AuthResourceService,
authResourceGroupDao: AuthResourceGroupDao,
dslContext: DSLContext,
rbacCacheService: RbacCacheService,
rbacCommonService: RbacCommonService,
resourceGroupMemberService: RbacPermissionResourceMemberService,
client: Client,
resourceMemberService: PermissionResourceMemberService,
Expand All @@ -351,7 +351,7 @@ class RbacAuthConfiguration {
authResourceService = authResourceService,
authResourceGroupDao = authResourceGroupDao,
dslContext = dslContext,
rbacCacheService = rbacCacheService,
rbacCommonService = rbacCommonService,
resourceGroupMemberService = resourceGroupMemberService,
client = client,
resourceMemberService = resourceMemberService,
Expand All @@ -376,7 +376,7 @@ class RbacAuthConfiguration {
authResourceService: AuthResourceService,
authResourceGroupConfigDao: AuthResourceGroupConfigDao,
authResourceGroupDao: AuthResourceGroupDao,
rbacCacheService: RbacCacheService,
rbacCommonService: RbacCommonService,
config: CommonConfig,
client: Client,
authResourceCodeConverter: AuthResourceCodeConverter,
Expand All @@ -390,7 +390,7 @@ class RbacAuthConfiguration {
authResourceService = authResourceService,
authResourceGroupConfigDao = authResourceGroupConfigDao,
authResourceGroupDao = authResourceGroupDao,
rbacCacheService = rbacCacheService,
rbacCommonService = rbacCommonService,
config = config,
client = client,
authResourceCodeConverter = authResourceCodeConverter,
Expand All @@ -404,13 +404,13 @@ class RbacAuthConfiguration {
@Primary
fun rbacPermissionResourceValidateService(
permissionService: PermissionService,
rbacCacheService: RbacCacheService,
rbacCommonService: RbacCommonService,
client: Client,
authAuthorizationDao: AuthAuthorizationDao,
dslContext: DSLContext
) = RbacPermissionResourceValidateService(
permissionService = permissionService,
rbacCacheService = rbacCacheService,
rbacCommonService = rbacCommonService,
client = client,
authAuthorizationDao = authAuthorizationDao,
dslContext = dslContext
Expand All @@ -426,7 +426,7 @@ class RbacAuthConfiguration {
@Bean
fun migrateResourceService(
resourceService: ResourceService,
rbacCacheService: RbacCacheService,
rbacCommonService: RbacCommonService,
rbacPermissionResourceService: RbacPermissionResourceService,
migrateCreatorFixService: MigrateCreatorFixService,
authResourceService: AuthResourceService,
Expand All @@ -441,7 +441,7 @@ class RbacAuthConfiguration {
authResourceGroupDao: AuthResourceGroupDao
) = MigrateResourceService(
resourceService = resourceService,
rbacCacheService = rbacCacheService,
rbacCommonService = rbacCommonService,
rbacPermissionResourceService = rbacPermissionResourceService,
migrateCreatorFixService = migrateCreatorFixService,
authResourceService = authResourceService,
Expand Down Expand Up @@ -475,7 +475,7 @@ class RbacAuthConfiguration {
@Bean
fun migrateResultService(
permissionService: PermissionService,
rbacCacheService: RbacCacheService,
rbacCommonService: RbacCommonService,
migrateResourceCodeConverter: MigrateResourceCodeConverter,
authVerifyRecordService: AuthVerifyRecordService,
migrateResourceService: MigrateResourceService,
Expand All @@ -487,7 +487,7 @@ class RbacAuthConfiguration {
redisOperation: RedisOperation
) = MigrateResultService(
permissionService = permissionService,
rbacCacheService = rbacCacheService,
rbacCommonService = rbacCommonService,
migrateResourceCodeConverter = migrateResourceCodeConverter,
authVerifyRecordService = authVerifyRecordService,
migrateResourceService = migrateResourceService,
Expand All @@ -510,7 +510,7 @@ class RbacAuthConfiguration {
migrateIamApiService: MigrateIamApiService,
authResourceCodeConverter: AuthResourceCodeConverter,
permissionService: PermissionService,
rbacCacheService: RbacCacheService,
rbacCommonService: RbacCommonService,
authMigrationDao: AuthMigrationDao,
deptService: DeptService,
permissionResourceGroupPermissionService: PermissionResourceGroupPermissionService,
Expand All @@ -525,7 +525,7 @@ class RbacAuthConfiguration {
migrateResourceCodeConverter = migrateResourceCodeConverter,
authResourceCodeConverter = authResourceCodeConverter,
permissionService = permissionService,
rbacCacheService = rbacCacheService,
rbacCommonService = rbacCommonService,
authMigrationDao = authMigrationDao,
deptService = deptService,
permissionResourceGroupPermissionService = permissionResourceGroupPermissionService,
Expand All @@ -543,7 +543,7 @@ class RbacAuthConfiguration {
migrateIamApiService: MigrateIamApiService,
authResourceCodeConverter: AuthResourceCodeConverter,
permissionService: PermissionService,
rbacCacheService: RbacCacheService,
rbacCommonService: RbacCommonService,
authMigrationDao: AuthMigrationDao,
deptService: DeptService,
permissionResourceGroupPermissionService: PermissionResourceGroupPermissionService,
Expand All @@ -558,7 +558,7 @@ class RbacAuthConfiguration {
migrateResourceCodeConverter = migrateResourceCodeConverter,
authResourceCodeConverter = authResourceCodeConverter,
permissionService = permissionService,
rbacCacheService = rbacCacheService,
rbacCommonService = rbacCommonService,
authMigrationDao = authMigrationDao,
deptService = deptService,
permissionResourceGroupPermissionService = permissionResourceGroupPermissionService,
Expand All @@ -581,7 +581,6 @@ class RbacAuthConfiguration {
dslContext: DSLContext,
authMigrationDao: AuthMigrationDao,
authMonitorSpaceDao: AuthMonitorSpaceDao,
cacheService: RbacCacheService,
permissionResourceMemberService: RbacPermissionResourceMemberService,
migrateResourceAuthorizationService: MigrateResourceAuthorizationService,
migrateResourceGroupService: MigrateResourceGroupService
Expand All @@ -599,7 +598,6 @@ class RbacAuthConfiguration {
dslContext = dslContext,
authMigrationDao = authMigrationDao,
authMonitorSpaceDao = authMonitorSpaceDao,
cacheService = cacheService,
permissionResourceMemberService = permissionResourceMemberService,
migrateResourceAuthorizationService = migrateResourceAuthorizationService,
migrateResourceGroupService = migrateResourceGroupService
Expand Down Expand Up @@ -631,7 +629,7 @@ class RbacAuthConfiguration {
handoverDetailDao: AuthHandoverDetailDao,
authorizationDao: AuthAuthorizationDao,
authResourceGroupDao: AuthResourceGroupDao,
rbacCacheService: RbacCacheService,
rbacCommonService: RbacCommonService,
redisOperation: RedisOperation,
client: Client,
config: CommonConfig,
Expand All @@ -642,7 +640,7 @@ class RbacAuthConfiguration {
handoverDetailDao = handoverDetailDao,
authorizationDao = authorizationDao,
authResourceGroupDao = authResourceGroupDao,
rbacCacheService = rbacCacheService,
rbacCommonService = rbacCommonService,
redisOperation = redisOperation,
client = client,
config = config,
Expand Down Expand Up @@ -685,7 +683,7 @@ class RbacAuthConfiguration {
authResourceGroupDao: AuthResourceGroupDao,
iamV2ManagerService: V2ManagerService,
authResourceGroupMemberDao: AuthResourceGroupMemberDao,
rbacCacheService: RbacCacheService,
rbacCommonService: RbacCommonService,
redisOperation: RedisOperation,
authResourceSyncDao: AuthResourceSyncDao,
authResourceGroupApplyDao: AuthResourceGroupApplyDao,
Expand All @@ -698,7 +696,7 @@ class RbacAuthConfiguration {
authResourceGroupDao = authResourceGroupDao,
iamV2ManagerService = iamV2ManagerService,
authResourceGroupMemberDao = authResourceGroupMemberDao,
rbacCacheService = rbacCacheService,
rbacCommonService = rbacCommonService,
redisOperation = redisOperation,
authResourceSyncDao = authResourceSyncDao,
authResourceGroupApplyDao = authResourceGroupApplyDao,
Expand Down
4 changes: 2 additions & 2 deletions .../src/main/kotlin/com/tencent/devops/auth/provider/rbac/config/RbacServiceConfiguration.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ import com.tencent.devops.auth.provider.rbac.service.AuthResourceService
import com.tencent.devops.auth.provider.rbac.service.ItsmService
import com.tencent.devops.auth.provider.rbac.service.PermissionGradeManagerService
import com.tencent.devops.auth.provider.rbac.service.PermissionSubsetManagerService
import com.tencent.devops.auth.provider.rbac.service.RbacCacheService
import com.tencent.devops.auth.provider.rbac.service.RbacCommonService
import com.tencent.devops.auth.service.AuthAuthorizationScopesService
import com.tencent.devops.auth.service.AuthProjectUserMetricsService
import com.tencent.devops.auth.service.BkHttpRequestService
Expand All @@ -72,7 +72,7 @@ class RbacServiceConfiguration {
iamConfiguration: IamConfiguration,
authResourceGroupConfigDao: AuthResourceGroupConfigDao,
authProjectUserMetricsService: AuthProjectUserMetricsService
) = RbacCacheService(
) = RbacCommonService(
dslContext = dslContext,
authResourceTypeDao = authResourceTypeDao,
authActionDao = authActionDao,
Expand Down
4 changes: 2 additions & 2 deletions ...provider/rbac/service/RbacCacheService.kt → ...rovider/rbac/service/RbacCommonService.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ import org.slf4j.LoggerFactory
import java.util.concurrent.TimeUnit

@Suppress("MagicNumber", "LongParameterList")
class RbacCacheService constructor(
class RbacCommonService(
private val dslContext: DSLContext,
private val authResourceTypeDao: AuthResourceTypeDao,
private val authActionDao: AuthActionDao,
Expand All @@ -42,7 +42,7 @@ class RbacCacheService constructor(
) {

companion object {
private val logger = LoggerFactory.getLogger(RbacCacheService::class.java)
private val logger = LoggerFactory.getLogger(RbacCommonService::class.java)
}

/*获取资源类型下的动作*/
Expand Down
16 changes: 8 additions & 8 deletions ...c/main/kotlin/com/tencent/devops/auth/provider/rbac/service/RbacPermissionApplyService.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,7 @@ class RbacPermissionApplyService @Autowired constructor(
val authResourceService: AuthResourceService,
val authResourceGroupConfigDao: AuthResourceGroupConfigDao,
val authResourceGroupDao: AuthResourceGroupDao,
val rbacCacheService: RbacCacheService,
val rbacCommonService: RbacCommonService,
val config: CommonConfig,
val client: Client,
val authResourceCodeConverter: AuthResourceCodeConverter,
Expand All @@ -80,11 +80,11 @@ class RbacPermissionApplyService @Autowired constructor(
private val codeccTaskDetailRedirectUri = "${config.devopsHostGateway}/console/codecc/%s/task/%s/detail?buildNum=latest"
private val groupPermissionDetailRedirectUri = "${config.devopsHostGateway}/permission/group/detail?group_id=%s&x-devops-project-id=%s"
override fun listResourceTypes(userId: String): List<ResourceTypeInfoVo> {
return rbacCacheService.listResourceTypes()
return rbacCommonService.listResourceTypes()
}

override fun listActions(userId: String, resourceType: String): List<ActionInfoVo> {
return rbacCacheService.listResourceType2Action(resourceType)
return rbacCommonService.listResourceType2Action(resourceType)
}

override fun listGroupsForApply(
Expand Down Expand Up @@ -263,7 +263,7 @@ class RbacPermissionApplyService @Autowired constructor(
return managerRoleGroupInfoList.map { gInfo ->
val dbGroupRecord = dbGroupRecords.find { record -> record.relationId == gInfo.id.toString() }
val resourceType = dbGroupRecord?.resourceType ?: AuthResourceType.PROJECT.value
val resourceTypeName = rbacCacheService.getResourceTypeInfo(resourceType).name
val resourceTypeName = rbacCommonService.getResourceTypeInfo(resourceType).name
val resourceName = dbGroupRecord?.resourceName ?: projectName
val resourceCode = dbGroupRecord?.resourceCode ?: projectId
val memberJoinedResult = verifyMemberJoinedResult[gInfo.id.toInt()]
Expand Down Expand Up @@ -326,7 +326,7 @@ class RbacPermissionApplyService @Autowired constructor(
itsmService.buildGroupApplyItsmValue(
ApplyJoinGroupFormDataInfo(
projectName = projectInfo.projectName,
resourceTypeName = rbacCacheService.getResourceTypeInfo(resourceGroupInfo.resourceType).name,
resourceTypeName = rbacCommonService.getResourceTypeInfo(resourceGroupInfo.resourceType).name,
resourceName = resourceGroupInfo.resourceName,
groupName = resourceGroupInfo.groupName,
validityPeriod = generateValidityPeriod(applyJoinGroupInfo.expiredAt.toLong()),
Expand Down Expand Up @@ -487,11 +487,11 @@ class RbacPermissionApplyService @Autowired constructor(
)
val groupInfoList: MutableList<AuthRedirectGroupInfoVo> = mutableListOf()
// 判断action是否为空
val actionInfo = if (action != null) rbacCacheService.getActionInfo(action) else null
val actionInfo = if (action != null) rbacCommonService.getActionInfo(action) else null
val iamRelatedResourceType = actionInfo?.relatedResourceType ?: resourceType
val resourceTypeName = I18nUtil.getCodeLanMessage(
messageCode = resourceType + AuthI18nConstants.RESOURCE_TYPE_NAME_SUFFIX,
defaultMessage = rbacCacheService.getResourceTypeInfo(resourceType).name
defaultMessage = rbacCommonService.getResourceTypeInfo(resourceType).name
)

val projectInfo = authResourceService.get(
Expand Down Expand Up @@ -578,7 +578,7 @@ class RbacPermissionApplyService @Autowired constructor(
)
} else {
if (isEnablePermission) {
rbacCacheService.getGroupConfigAction(finalResourceType).forEach {
rbacCommonService.getGroupConfigAction(finalResourceType).forEach {
if (it.actions.contains(action)) {
buildRedirectGroupInfo(
groupInfoList = groupInfoList,
Expand Down
8 changes: 4 additions & 4 deletions ...com/tencent/devops/auth/provider/rbac/service/RbacPermissionHandoverApplicationService.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ class RbacPermissionHandoverApplicationService(
private val handoverDetailDao: AuthHandoverDetailDao,
private val authorizationDao: AuthAuthorizationDao,
private val authResourceGroupDao: AuthResourceGroupDao,
private val rbacCacheService: RbacCacheService,
private val rbacCommonService: RbacCommonService,
private val redisOperation: RedisOperation,
private val client: Client,
private val config: CommonConfig,
Expand Down Expand Up @@ -82,7 +82,7 @@ class RbacPermissionHandoverApplicationService(
val handoverOverviewTableBuilder = StringBuilder()
resourceType2CountOfHandover.forEach {
handoverOverviewTableBuilder.append(
java.lang.String.format(
String.format(
HANDOVER_APPLICATION_TABLE_OF_EMAIL, it.type.alias, it.resourceTypeName, it.count
)
)
Expand Down Expand Up @@ -295,15 +295,15 @@ class RbacPermissionHandoverApplicationService(
val result = mutableListOf<ResourceType2CountVo>()
if (resourceType2CountWithGroup.isNotEmpty()) {
result.addAll(
rbacCacheService.convertResourceType2Count(
rbacCommonService.convertResourceType2Count(
resourceType2Count = resourceType2CountWithGroup,
type = HandoverType.GROUP
)
)
}
if (resourceType2CountWithAuthorization.isNotEmpty()) {
result.addAll(
rbacCacheService.convertResourceType2Count(
rbacCommonService.convertResourceType2Count(
resourceType2Count = resourceType2CountWithAuthorization,
type = HandoverType.AUTHORIZATION
)
Expand Down
Loading

0 comments on commit 799da8c

Please sign in to comment.