feat(frontend): 授权规则重构 TencentBlueKing#7031

# Reviewed, transaction id: 20592
JustaCattt · Oct 14, 2024 · ef5995d · ef5995d
1 parent ce1c6c7
commit ef5995d
Show file tree

Hide file tree

Showing 67 changed files with 1,238 additions and 5,108 deletions.
diff --git a/dbm-ui/frontend/src/locales/zh-cn.json b/dbm-ui/frontend/src/locales/zh-cn.json
@@ -3536,5 +3536,7 @@
     "不允许超过 x 位连续字符": "不允许超过 {x} 位连续字符",
     "TendbCluster-主域名": "TendbCluster-主域名",
     "TendbCluster-从域名": "TendbCluster-从域名",
+    "不允许的字符: s": "不允许的字符: {s}",
+    "包含特殊字符_除空格外": "包含特殊字符_除空格外",
     "这行勿动！新增翻译请在上一行添加！": ""
 }
diff --git a/dbm-ui/frontend/src/services/model/mongodb/mongodb-permission-account.ts b/dbm-ui/frontend/src/services/model/mongodb/mongodb-permission-account.ts
@@ -11,9 +11,11 @@
  * the specific language governing permissions and limitations under the License.
  */
 
+import type { PermissionRule } from '@services/types';
+
 import { isRecentDays } from '@utils';
 
-export default class MongodbPermissonAccount {
+export default class MongodbPermissonAccount implements PermissionRule {
   account: {
     account_id: number;
     bk_biz_id: number;
@@ -22,6 +24,10 @@ export default class MongodbPermissonAccount {
     password: string;
     user: string;
   };
+  permission: {
+    mongodb_account_delete: boolean;
+    mongodb_add_account_rule: boolean;
+  };
   rules: Array<{
     access_db: string;
     account_id: number;
@@ -34,6 +40,7 @@ export default class MongodbPermissonAccount {
 
   constructor(payload = {} as MongodbPermissonAccount) {
     this.account = payload.account;
+    this.permission = payload.permission;
     this.rules = payload.rules;
   }
 

diff --git a/dbm-ui/frontend/src/services/model/mysql/mysql-permission-account.ts b/dbm-ui/frontend/src/services/model/mysql/mysql-permission-account.ts
@@ -11,33 +11,21 @@
  * the specific language governing permissions and limitations under the License.
  */
 
+import type { PermissionRule, PermissionRuleAccount, PermissionRuleInfo } from '@services/types';
+
 import { isRecentDays } from '@utils';
 
-export default class MysqlPermissonAccount {
-  account: {
-    account_id: number;
-    bk_biz_id: number;
-    create_time: string;
-    creator: string;
-    user: string;
-  };
+export default class MysqlPermissionAccount implements PermissionRule {
+  account: PermissionRuleAccount;
   permission: {
     mysql_account_delete: boolean;
     mysql_add_account_rule: boolean;
     tendbcluster_account_delete: boolean;
     tendbcluster_add_account_rule: boolean;
   };
-  rules: Array<{
-    access_db: string;
-    account_id: number;
-    bk_biz_id: number;
-    create_time: string;
-    creator: string;
-    privilege: string;
-    rule_id: number;
-  }>;
+  rules: PermissionRuleInfo[];
 
-  constructor(payload = {} as MysqlPermissonAccount) {
+  constructor(payload = {} as MysqlPermissionAccount) {
     this.account = payload.account;
     this.permission = payload.permission;
     this.rules = payload.rules;

diff --git a/dbm-ui/frontend/src/services/model/sqlserver/sqlserver-permission-account.ts b/dbm-ui/frontend/src/services/model/sqlserver/sqlserver-permission-account.ts
@@ -13,9 +13,11 @@
 
 import dayjs from 'dayjs';
 
+import type { PermissionRule } from '@services/types';
+
 import { utcDisplayTime } from '@utils';
 
-export default class SqlserverPermissionAccount {
+export default class SqlserverPermissionAccount implements PermissionRule {
   account: {
     account_id: number;
     bk_biz_id: number;
@@ -24,6 +26,10 @@ export default class SqlserverPermissionAccount {
     password: string;
     user: string;
   };
+  permission: {
+    sqlserver_account_delete: boolean;
+    sqlserver_add_account_rule: boolean;
+  };
   rules: {
     access_db: string;
     account_id: number;
@@ -36,6 +42,7 @@ export default class SqlserverPermissionAccount {
 
   constructor(payload: SqlserverPermissionAccount) {
     this.account = payload.account;
+    this.permission = payload.permission;
     this.rules = payload.rules;
   }
 

diff --git a/dbm-ui/frontend/src/services/source/mongodbPermissionAccount.ts b/dbm-ui/frontend/src/services/source/mongodbPermissionAccount.ts
@@ -27,7 +27,7 @@ const path = `/apis/mongodb/bizs/${currentBizId}/permission/account`;
 /**
  * 添加账号规则
  */
-export function addMongodbAccountRule(params: {
+export function addAccountRule(params: {
   access_db: string;
   privilege: {
     mongo_user: string[];
@@ -42,21 +42,21 @@ export function addMongodbAccountRule(params: {
 /**
  * 创建账号
  */
-export function createMongodbAccount(params: { user: string; password: string; account_type?: AccountTypesValues }) {
+export function createAccount(params: { user: string; password: string; account_type?: AccountTypesValues }) {
   return http.post<null>(`${path}/create_account/`, params);
 }
 
 /**
  * 删除账号
  */
-export function deleteMongodbAccount(params: { bizId: number; account_id: number; account_type?: AccountTypesValues }) {
+export function deleteAccount(params: { bizId: number; account_id: number; account_type?: AccountTypesValues }) {
   return http.delete<null>(`${path}/delete_account/`, params);
 }
 
 /**
  * 查询账号规则列表
  */
-export function getMongodbPermissionRules(
+export function getPermissionRules(
   params: {
     limit?: number;
     offset?: number;
@@ -78,11 +78,7 @@ export function getMongodbPermissionRules(
 /**
  * 查询账号规则
  */
-export function queryMongodbAccountRules(params: {
-  user: string;
-  access_dbs: string[];
-  account_type?: AccountTypesValues;
-}) {
+export function queryAccountRules(params: { user: string; access_dbs: string[]; account_type?: AccountTypesValues }) {
   return http.post<ListBase<MongodbPermissonAccountModel[]>>(`${path}/query_account_rules/`, params).then((res) => ({
     ...res,
     results: res.results.map((item) => new MongodbPermissonAccountModel(item)),

diff --git a/dbm-ui/frontend/src/services/source/mongodbPermissionAuthorize.ts b/dbm-ui/frontend/src/services/source/mongodbPermissionAuthorize.ts
@@ -22,7 +22,7 @@ const path = `/apis/mongodb/bizs/${currentBizId}/permission/authorize`;
 /**
  * MongoDB 授权规则前置检查
  */
-export function preCheckMongodbAuthorizeRules(params: {
+export function preCheckAuthorizeRules(params: {
   mongo_users: {
     user: string;
     access_dbs: string[];

diff --git a/dbm-ui/frontend/src/services/source/mysqlPermissionAccount.ts b/dbm-ui/frontend/src/services/source/mysqlPermissionAccount.ts
@@ -0,0 +1,96 @@
+/*
+ * TencentBlueKing is pleased to support the open source community by making 蓝鲸智云-DB管理系统(BlueKing-BK-DBM) available.
+ *
+ * Copyright (C) 2017-2023 THL A29 Limited, a Tencent company. All rights reserved.
+ *
+ * Licensed under the MIT License (the "License"); you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at https://opensource.org/licenses/MIT
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed
+ * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for
+ * the specific language governing permissions and limitations under the License.
+ */
+import MysqlPermissionAccountModel from '@services/model/mysql/mysql-permission-account';
+import type { ListBase } from '@services/types';
+
+import { useGlobalBizs } from '@stores';
+
+import type { AccountTypesValues } from '@common/const';
+
+import http, { type IRequestPayload } from '../http';
+import type { AccountRule, CreateAccountParams, PermissionRule } from '../types/permission';
+
+const { currentBizId } = useGlobalBizs();
+
+const path = `/apis/mysql/bizs/${currentBizId}/permission/account`;
+
+/**
+ * 查询账号规则列表
+ */
+export const getPermissionRules = (
+  params: {
+    limit?: number;
+    offset?: number;
+    bk_biz_id: number;
+    rule_ids?: string;
+    user?: string;
+    access_db?: string;
+    privilege?: string;
+    account_type?: AccountTypesValues;
+  },
+  payload = {} as IRequestPayload,
+) =>
+  http.get<ListBase<MysqlPermissionAccountModel[]>>(`${path}/list_account_rules/`, params, payload).then((res) => ({
+    ...res,
+    results: res.results.map((item) => new MysqlPermissionAccountModel(item)),
+  }));
+/**
+ * 创建账户
+ */
+export const createAccount = (params: CreateAccountParams) => http.post(`${path}/create_account/`, params);
+
+/**
+ * 删除账号
+ */
+export const deleteAccount = (params: { bizId: number; account_id: number; account_type?: AccountTypesValues }) =>
+  http.delete(`${path}/delete_account/`, params);
+
+/**
+ * 添加账号规则
+ */
+export const createAccountRule = (params: AccountRule & { bk_biz_id: number }) =>
+  http.post(`${path}/add_account_rule/`, params);
+
+/**
+ * 修改账号规则
+ */
+export const modifyAccountRule = (
+  params: AccountRule & {
+    rule_id: number;
+    bk_biz_id: number;
+  },
+) => http.post(`${path}/modify_account_rule/`, params);
+
+/**
+ * 查询账号规则
+ */
+export const queryAccountRules = (params: { user: string; access_dbs: string[]; account_type: AccountTypesValues }) =>
+  http.post<ListBase<PermissionRule[]>>(`${path}/query_account_rules/`, params);
+
+/**
+ * 添加账号规则前置检查
+ */
+export const preCheckAddAccountRule = (params: {
+  account_id: number | null;
+  access_db: string;
+  privilege: {
+    dml: string[];
+    ddl: string[];
+    glob: string[];
+  };
+  account_type: AccountTypesValues;
+}) =>
+  http.post<{
+    force_run: boolean;
+    warning: string | null;
+  }>(`${path}/pre_check_add_account_rule/`, params);
diff --git a/dbm-ui/frontend/src/services/source/mysqlPermissionAuthorize.ts b/dbm-ui/frontend/src/services/source/mysqlPermissionAuthorize.ts
@@ -0,0 +1,40 @@
+/*
+ * TencentBlueKing is pleased to support the open source community by making 蓝鲸智云-DB管理系统(BlueKing-BK-DBM) available.
+ *
+ * Copyright (C) 2017-2023 THL A29 Limited, a Tencent company. All rights reserved.
+ *
+ * Licensed under the MIT License (the "License"); you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at https://opensource.org/licenses/MIT
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed
+ * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for
+ * the specific language governing permissions and limitations under the License.
+ */
+import http from '../http';
+import type { AuthorizePreCheckData, AuthorizePreCheckResult } from '../types/permission';
+
+/**
+ * 授权规则前置检查
+ */
+export const preCheckAuthorizeRules = (params: AuthorizePreCheckData & { bizId: number }) =>
+  http.post<AuthorizePreCheckResult>(`/apis/mysql/bizs/${params.bizId}/permission/authorize/pre_check_rules/`, params);
+
+/**
+ * 权限克隆前置检查
+ */
+export const precheckPermissionClone = (params: {
+  bizId: number;
+  clone_type: 'instance' | 'client';
+  clone_list: Array<{ source: string; target: string }>;
+  clone_cluster_type: 'mysql' | 'tendbcluster';
+}) =>
+  http.post<{
+    clone_data_list: Array<{
+      message: string;
+      source: string;
+      target: Array<string> | string;
+    }>;
+    clone_uid: string;
+    message: string;
+    pre_check: boolean;
+  }>(`/apis/mysql/bizs/${params.bizId}/permission/clone/pre_check_clone/`, params);