feat：获取有权限的资源接口优化 TencentBlueKing#11246

fcfang123 · Nov 25, 2024 · bf56e77 · bf56e77
1 parent 7c057ff
commit bf56e77
Show file tree

Hide file tree

Showing 5 changed files with 55 additions and 38 deletions.
diff --git a/...th/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/RbacPermissionService.kt b/...th/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/RbacPermissionService.kt
@@ -51,6 +51,7 @@ import com.tencent.devops.common.auth.rbac.utils.RbacAuthUtils
 import com.tencent.devops.common.client.Client
 import com.tencent.devops.common.service.trace.TraceTag
 import com.tencent.devops.common.service.utils.LogUtils
+import com.tencent.devops.process.api.service.ServicePipelineViewResource
 import com.tencent.devops.process.api.user.UserPipelineViewResource
 import org.slf4j.LoggerFactory
 import org.slf4j.MDC
@@ -360,6 +361,27 @@ class RbacPermissionService(
                         projectCode = projectCode,
                         resourceType = resourceType
                     )
+
+                resourceType == AuthResourceType.PIPELINE_DEFAULT.value -> {
+                    val authViewPipelineIds = instanceMap[AuthResourceType.PIPELINE_GROUP.value]?.let { authViewIds ->
+                        client.get(ServicePipelineViewResource::class).listPipelineIdByViewIds(projectCode, authViewIds).data
+                    } ?: emptyList()
+
+                    val authPipelineIamIds = instanceMap[AuthResourceType.PIPELINE_DEFAULT.value] ?: emptyList()
+                    val pipelineIds = mutableSetOf<String>().apply {
+                        addAll(authViewPipelineIds)
+                        addAll(
+                            getFinalResourceCodes(
+                                projectCode = projectCode,
+                                resourceType = resourceType,
+                                iamResourceCodes = authPipelineIamIds,
+                                createUser = userId
+                            )
+                        )
+                    }
+                    pipelineIds.toList()
+                }
+
                 // 返回具体资源列表
                 else -> {
                     val iamResourceCodes = instanceMap[resourceType] ?: emptyList()

diff --git a/...ess/src/main/kotlin/com/tencent/devops/process/api/service/ServicePipelineViewResource.kt b/...ess/src/main/kotlin/com/tencent/devops/process/api/service/ServicePipelineViewResource.kt
@@ -208,4 +208,14 @@ interface ServicePipelineViewResource {
         @PathParam("pipelineId")
         pipelineId: String
     ): Result<Set<Long>>
+
+    @Operation(summary = "根据视图ID获取流水线ID列表")
+    @POST
+    @Path("/pipelines/listPipelineIdByViewIds")
+    fun listPipelineIdByViewIds(
+        @PathParam("projectId")
+        projectId: String,
+        @Parameter(description = "按视图过滤", required = false)
+        viewIdsEncode: List<String>
+    ): Result<List<String>>
 }
diff --git a/...process/src/main/kotlin/com/tencent/devops/process/api/ServicePipelineViewResourceImpl.kt b/...process/src/main/kotlin/com/tencent/devops/process/api/ServicePipelineViewResourceImpl.kt
@@ -208,4 +208,13 @@ class ServicePipelineViewResourceImpl @Autowired constructor(
             pipelineViewGroupService.listViewIdsByPipelineId(projectId, pipelineId)
         )
     }
+
+    override fun listPipelineIdByViewIds(
+        projectId: String,
+        viewIdsEncode: List<String>
+    ): Result<List<String>> {
+        return Result(
+            pipelineViewGroupService.listPipelineIdsByViewIds(projectId, viewIdsEncode)
+        )
+    }
 }
diff --git a/...rc/main/kotlin/com/tencent/devops/process/permission/AbstractPipelinePermissionService.kt b/...rc/main/kotlin/com/tencent/devops/process/permission/AbstractPipelinePermissionService.kt
@@ -242,6 +242,6 @@ abstract class AbstractPipelinePermissionService constructor(
     }
 
     override fun isControlPipelineListPermission(projectId: String): Boolean {
-        return true
+        return false
     }
 }
diff --git a/...ss/src/main/kotlin/com/tencent/devops/process/permission/RbacPipelinePermissionService.kt b/...ss/src/main/kotlin/com/tencent/devops/process/permission/RbacPipelinePermissionService.kt
@@ -186,43 +186,19 @@ class RbacPipelinePermissionService(
         }
     }
 
-    override fun getResourceByPermission(userId: String, projectId: String, permission: AuthPermission): List<String> {
-        logger.info("[rbac] get resource by permission|$userId|$projectId|$permission")
-        val startEpoch = System.currentTimeMillis()
-        try {
-            // 获取有权限的流水线、流水线组、项目列表
-            val instanceMap = authPermissionApi.getUserResourceAndParentByPermission(
-                user = userId,
-                serviceCode = pipelineAuthServiceCode,
-                projectCode = projectId,
-                permission = permission,
-                resourceType = resourceType
-            )
-            return when {
-                // 如果有项目下所有该资源权限,返回项目下流水线列表
-                instanceMap[AuthResourceType.PROJECT.value]?.contains(projectId) == true ->
-                    getAllAuthPipelineIds(projectId = projectId)
-
-                else -> {
-                    // 获取有权限流水线组下的流水线
-                    val authViewPipelineIds = instanceMap[AuthResourceType.PIPELINE_GROUP.value]?.let { authViewIds ->
-                        pipelineViewGroupCommonService.listPipelineIdsByViewIds(projectId, authViewIds)
-                    } ?: emptyList()
-                    // 获取有权限的流水线列表
-                    val authPipelineIds = instanceMap[AuthResourceType.PIPELINE_DEFAULT.value] ?: emptyList()
-
-                    val pipelineIds = mutableSetOf<String>()
-                    pipelineIds.addAll(authViewPipelineIds)
-                    pipelineIds.addAll(authPipelineIds)
-                    pipelineIds.toList()
-                }
-            }
-        } finally {
-            logger.info(
-                "It take(${System.currentTimeMillis() - startEpoch})ms to get resource by permission|" +
-                    "$userId|$projectId|$permission"
-            )
-        }
+    override fun getResourceByPermission(
+        userId: String,
+        projectId: String,
+        permission: AuthPermission
+    ): List<String> {
+        return authPermissionApi.getUserResourceByPermission(
+            user = userId,
+            serviceCode = pipelineAuthServiceCode,
+            resourceType = resourceType,
+            projectCode = projectId,
+            permission = permission,
+            supplier = null
+        )
     }
 
     override fun filterPipelines(