Skip to content

Commit

Permalink
feat:用户个人视角 权限管理优化 #11138
Browse files Browse the repository at this point in the history
  • Loading branch information
fcfang123 committed Dec 16, 2024
1 parent 4d3bcb6 commit 9258095
Show file tree
Hide file tree
Showing 7 changed files with 93 additions and 39 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,7 @@ object AuthI18nConstants {
const val BK_MEMBER_EXPIRED_AT_DISPLAY_PERMANENT = "bkMemberExpiredAtDisplayPermanent" // 有效期: 永久

const val BK_APPLY_TO_HANDOVER = "bkApplyToHandover" // 申请移交
const val BK_HANDOVER_GROUPS = "bkHandoverGroups" // {0}个权限用户组
const val BK_HANDOVER_AUTHORIZATIONS = "bkHandoverAuthorizations" // {0}个授权
const val BK_HANDOVER_GROUPS = "bkHandoverGroups" // 个权限用户组
const val BK_HANDOVER_AUTHORIZATIONS = "bkHandoverAuthorizations" //个授权
const val BK_PROJECT = "bk_project" // 蓝盾项目
}
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
package com.tencent.devops.auth.pojo.enum

enum class HandoverType(val value: String) {
enum class HandoverType(val value: String, val alias: String) {
// 用户组
GROUP("group"),
GROUP("group", "用户组"),

// 授权
AUTHORIZATION("authorization");
AUTHORIZATION("authorization", "授权管理");

companion object {
fun get(value: String): HandoverType {
Expand Down
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
package com.tencent.devops.auth.provider.rbac.service

import com.tencent.devops.auth.constant.AuthI18nConstants
import com.tencent.devops.auth.constant.AuthI18nConstants.BK_APPLY_TO_HANDOVER
import com.tencent.devops.auth.constant.AuthI18nConstants.BK_HANDOVER_AUTHORIZATIONS
import com.tencent.devops.auth.constant.AuthI18nConstants.BK_HANDOVER_GROUPS
import com.tencent.devops.auth.constant.AuthMessageCode
import com.tencent.devops.auth.dao.AuthAuthorizationDao
import com.tencent.devops.auth.dao.AuthHandoverDetailDao
Expand All @@ -22,33 +24,42 @@ import com.tencent.devops.common.api.exception.ErrorCodeException
import com.tencent.devops.common.api.model.SQLPage
import com.tencent.devops.common.api.util.DateTimeUtil
import com.tencent.devops.common.api.util.PageUtil
import com.tencent.devops.common.auth.api.ResourceTypeId
import com.tencent.devops.common.auth.api.pojo.ResourceAuthorizationConditionRequest
import com.tencent.devops.common.client.Client
import com.tencent.devops.common.notify.enums.NotifyType
import com.tencent.devops.common.redis.RedisOperation
import com.tencent.devops.common.web.utils.I18nUtil
import com.tencent.devops.notify.api.service.ServiceNotifyMessageTemplateResource
import com.tencent.devops.notify.pojo.SendNotifyMessageTemplateRequest
import org.jooq.DSLContext
import org.jooq.impl.DSL
import org.slf4j.LoggerFactory
import java.time.LocalDateTime


class RbacPermissionHandoverApplicationService(
private val dslContext: DSLContext,
private val handoverOverviewDao: AuthHandoverOverviewDao,
private val handoverDetailDao: AuthHandoverDetailDao,
private val authorizationDao: AuthAuthorizationDao,
private val authResourceGroupDao: AuthResourceGroupDao,
private val rbacCacheService: RbacCacheService,
private val redisOperation: RedisOperation
private val redisOperation: RedisOperation,
private val authResourceService: AuthResourceService,
private val client: Client
) : PermissionHandoverApplicationService {
override fun createHandoverApplication(
overview: HandoverOverviewCreateDTO,
details: List<HandoverDetailDTO>
): String {
logger.info("create handover application:{}|{}", overview, details)
val flowNo = generateFlowNo()
val title = generateTitle(

val title = generateOverviewContent(
groupCount = overview.groupCount,
authorizationCount = overview.authorizationCount
)
).first
dslContext.transaction { configuration ->
val transactionContext = DSL.using(configuration)
handoverOverviewDao.create(
Expand All @@ -63,33 +74,79 @@ class RbacPermissionHandoverApplicationService(
handoverDetailDTOs = details.map { it.copy(flowNo = flowNo) }
)
}
// todo 发送邮件/devops-notices通知

val projectName = authResourceService.get(
projectCode = overview.projectCode,
resourceType = ResourceTypeId.PROJECT,
resourceCode = overview.projectCode
)
val handoverOverview = getHandoverOverview(flowNo)
val resourceType2CountOfHandover = getResourceType2CountOfHandoverApplication(flowNo)

val handoverOverviewContentOfEmail = generateOverviewContent(
groupCount = handoverOverview.groupCount,
authorizationCount = handoverOverview.authorizationCount
).second
val handoverOverviewTableBuilder = StringBuilder()
resourceType2CountOfHandover.forEach {
handoverOverviewTableBuilder.append(
java.lang.String.format(
HANDOVER_APPLICATION_TABLE_OF_EMAIL, it.type.alias, it.resourceType, it.count
)
)
}
val handoverOverviewTable = handoverOverviewTableBuilder.toString()
val bodyParams = mapOf(
"handoverFrom" to overview.applicant,
"handoverTo" to overview.approver,
"projectName" to projectName.resourceName,
"handoverOverviews" to handoverOverviewContentOfEmail,
"handoverOverviewContentOfRtx" to title,
"table" to handoverOverviewTable
)
// 发邮件
val request = SendNotifyMessageTemplateRequest(
templateCode = TEMPLATE_CODE,
bodyParams = bodyParams,
titleParams = bodyParams,
notifyType = mutableSetOf(NotifyType.RTX.name, NotifyType.EMAIL.name),
receivers = mutableSetOf(overview.approver)
)
kotlin.runCatching {
client.get(ServiceNotifyMessageTemplateResource::class).sendNotifyMessageByTemplate(request)
}.onFailure {
logger.warn("notify email fail ${it.message}|$bodyParams|${overview.approver}")
}
return flowNo
}

override fun generateTitle(
private fun generateOverviewContent(
groupCount: Int,
authorizationCount: Int
): String {
return I18nUtil.getCodeLanMessage(messageCode = AuthI18nConstants.BK_APPLY_TO_HANDOVER).let {
when {
groupCount > 0 && authorizationCount > 0 -> {
it.plus(I18nUtil.getCodeLanMessage(AuthI18nConstants.BK_HANDOVER_GROUPS, params = arrayOf(groupCount.toString()))).plus(",").plus(
I18nUtil.getCodeLanMessage(AuthI18nConstants.BK_HANDOVER_AUTHORIZATIONS, params = arrayOf(authorizationCount.toString()))
)
}
): Pair<String, String> {
val bkHandoverGroups = I18nUtil.getCodeLanMessage(BK_HANDOVER_GROUPS)
val bkHandoverAuthorizations = I18nUtil.getCodeLanMessage(BK_HANDOVER_AUTHORIZATIONS)
var titleOfApplication = I18nUtil.getCodeLanMessage(BK_APPLY_TO_HANDOVER)
var handoverOverviewContentOfEmail = ""

when {
groupCount > 0 && authorizationCount > 0 -> {
titleOfApplication.plus(groupCount).plus(bkHandoverGroups.plus(",").plus(authorizationCount).plus(bkHandoverAuthorizations))
handoverOverviewContentOfEmail = """<span class="num">${groupCount}</span>$bkHandoverGroups,
|<span class="num">${authorizationCount}</span>$bkHandoverAuthorizations""".trimMargin()
}

groupCount > 0 -> {
it.plus(I18nUtil.getCodeLanMessage(AuthI18nConstants.BK_HANDOVER_GROUPS, params = arrayOf(groupCount.toString())))
}
groupCount > 0 -> {
titleOfApplication.plus(groupCount).plus(bkHandoverGroups)
handoverOverviewContentOfEmail = """<span class="num">${groupCount}</span>$bkHandoverGroups""".trimMargin()
}

else -> {
it.plus(
I18nUtil.getCodeLanMessage(AuthI18nConstants.BK_HANDOVER_AUTHORIZATIONS, params = arrayOf(authorizationCount.toString()))
)
}
else -> {
titleOfApplication.plus(authorizationCount).plus(bkHandoverAuthorizations)
handoverOverviewContentOfEmail = """<span class="num">${authorizationCount}</span>$bkHandoverAuthorizations""".trimMargin()
}
}
return Pair(titleOfApplication, handoverOverviewContentOfEmail)
}

/**
Expand Down Expand Up @@ -301,5 +358,7 @@ class RbacPermissionHandoverApplicationService(
private val logger = LoggerFactory.getLogger(RbacPermissionHandoverApplicationService::class.java)
private const val FLOW_NO_PREFIX = "REQ"
private const val FLOW_NO_KEY = "AUTH:HANDOVER:FLOW:NO:%s"
private const val HANDOVER_APPLICATION_TABLE_OF_EMAIL = "<tr><td>%s</td><td>%s</td><td>%s</td></tr>"
private const val TEMPLATE_CODE = "BK_PERMISSIONS_HANDOVER_APPLICATION"
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -20,8 +20,6 @@ class SamplePermissionHandoverApplicationService : PermissionHandoverApplication
return ""
}

override fun generateTitle(groupCount: Int, authorizationCount: Int): String = ""

override fun generateFlowNo(): String = ""

override fun updateHandoverApplication(overview: HandoverOverviewUpdateReq) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -21,11 +21,6 @@ interface PermissionHandoverApplicationService {
details: List<HandoverDetailDTO>
): String

/**
* 生成交接单标题
* */
fun generateTitle(groupCount: Int, authorizationCount: Int): String

/**
* 生成流程单号
* */
Expand Down
5 changes: 3 additions & 2 deletions support-files/i18n/auth/message_en_US.properties
Original file line number Diff line number Diff line change
Expand Up @@ -342,5 +342,6 @@ bkMemberExpiredAtDisplayExpired=expired
bkMemberExpiredAtDisplayNormal={0} days
bkMemberExpiredAtDisplayPermanent=permanent
bkApplyToHandover=apply to hand over
bkHandoverGroups={0} groups
bkHandoverAuthorizations={0} authorizations
bkHandoverGroups= groups
bkHandoverAuthorizations= authorizations
bk_project=bkci project
6 changes: 3 additions & 3 deletions support-files/i18n/auth/message_zh_CN.properties
Original file line number Diff line number Diff line change
Expand Up @@ -90,7 +90,6 @@
2121095=该交接申请单正在被处理中,请耐心等待
2121096=交接操作不合法,用户没有对应代码库授权的权限,请交接完代码库授权后再进行重试。
2121098=由于直接退出用户组,会导致授权失效,必须进行用户组移交

bkAdministratorNotExpired=权限还未过期,不需要操作
bkAgreeRenew=同意续期
bkApproverAgreeRenew=审批人同意了您的权限续期
Expand Down Expand Up @@ -344,5 +343,6 @@ bkMemberExpiredAtDisplayExpired=已过期
bkMemberExpiredAtDisplayNormal={0} 天
bkMemberExpiredAtDisplayPermanent=永久
bkApplyToHandover=申请移交
bkHandoverGroups={0}个权限用户组
bkHandoverAuthorizations={0}个授权
bkHandoverGroups=个权限用户组
bkHandoverAuthorizations=个授权
bk_project=蓝盾项目

0 comments on commit 9258095

Please sign in to comment.