From bf56e77f2bbbad6870a00d793d126c543429c8b6 Mon Sep 17 00:00:00 2001 From: greysonfang Date: Mon, 25 Nov 2024 12:01:10 +0800 Subject: [PATCH] =?UTF-8?q?feat=EF=BC=9A=E8=8E=B7=E5=8F=96=E6=9C=89?= =?UTF-8?q?=E6=9D=83=E9=99=90=E7=9A=84=E8=B5=84=E6=BA=90=E6=8E=A5=E5=8F=A3?= =?UTF-8?q?=E4=BC=98=E5=8C=96=20#11246?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../rbac/service/RbacPermissionService.kt | 22 ++++++++ .../service/ServicePipelineViewResource.kt | 10 ++++ .../api/ServicePipelineViewResourceImpl.kt | 9 ++++ .../AbstractPipelinePermissionService.kt | 2 +- .../RbacPipelinePermissionService.kt | 50 +++++-------------- 5 files changed, 55 insertions(+), 38 deletions(-) diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/RbacPermissionService.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/RbacPermissionService.kt index 08b14499753..b838929e65a 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/RbacPermissionService.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/RbacPermissionService.kt @@ -51,6 +51,7 @@ import com.tencent.devops.common.auth.rbac.utils.RbacAuthUtils import com.tencent.devops.common.client.Client import com.tencent.devops.common.service.trace.TraceTag import com.tencent.devops.common.service.utils.LogUtils +import com.tencent.devops.process.api.service.ServicePipelineViewResource import com.tencent.devops.process.api.user.UserPipelineViewResource import org.slf4j.LoggerFactory import org.slf4j.MDC @@ -360,6 +361,27 @@ class RbacPermissionService( projectCode = projectCode, resourceType = resourceType ) + + resourceType == AuthResourceType.PIPELINE_DEFAULT.value -> { + val authViewPipelineIds = instanceMap[AuthResourceType.PIPELINE_GROUP.value]?.let { authViewIds -> + client.get(ServicePipelineViewResource::class).listPipelineIdByViewIds(projectCode, authViewIds).data + } ?: emptyList() + + val authPipelineIamIds = instanceMap[AuthResourceType.PIPELINE_DEFAULT.value] ?: emptyList() + val pipelineIds = mutableSetOf().apply { + addAll(authViewPipelineIds) + addAll( + getFinalResourceCodes( + projectCode = projectCode, + resourceType = resourceType, + iamResourceCodes = authPipelineIamIds, + createUser = userId + ) + ) + } + pipelineIds.toList() + } + // 返回具体资源列表 else -> { val iamResourceCodes = instanceMap[resourceType] ?: emptyList() diff --git a/src/backend/ci/core/process/api-process/src/main/kotlin/com/tencent/devops/process/api/service/ServicePipelineViewResource.kt b/src/backend/ci/core/process/api-process/src/main/kotlin/com/tencent/devops/process/api/service/ServicePipelineViewResource.kt index 9f0a1cda35c..13ac3deb123 100644 --- a/src/backend/ci/core/process/api-process/src/main/kotlin/com/tencent/devops/process/api/service/ServicePipelineViewResource.kt +++ b/src/backend/ci/core/process/api-process/src/main/kotlin/com/tencent/devops/process/api/service/ServicePipelineViewResource.kt @@ -208,4 +208,14 @@ interface ServicePipelineViewResource { @PathParam("pipelineId") pipelineId: String ): Result> + + @Operation(summary = "根据视图ID获取流水线ID列表") + @POST + @Path("/pipelines/listPipelineIdByViewIds") + fun listPipelineIdByViewIds( + @PathParam("projectId") + projectId: String, + @Parameter(description = "按视图过滤", required = false) + viewIdsEncode: List + ): Result> } diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/ServicePipelineViewResourceImpl.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/ServicePipelineViewResourceImpl.kt index cf6add53457..906d239d505 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/ServicePipelineViewResourceImpl.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/ServicePipelineViewResourceImpl.kt @@ -208,4 +208,13 @@ class ServicePipelineViewResourceImpl @Autowired constructor( pipelineViewGroupService.listViewIdsByPipelineId(projectId, pipelineId) ) } + + override fun listPipelineIdByViewIds( + projectId: String, + viewIdsEncode: List + ): Result> { + return Result( + pipelineViewGroupService.listPipelineIdsByViewIds(projectId, viewIdsEncode) + ) + } } diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/permission/AbstractPipelinePermissionService.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/permission/AbstractPipelinePermissionService.kt index 0ddfb5f80d6..59bfb948968 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/permission/AbstractPipelinePermissionService.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/permission/AbstractPipelinePermissionService.kt @@ -242,6 +242,6 @@ abstract class AbstractPipelinePermissionService constructor( } override fun isControlPipelineListPermission(projectId: String): Boolean { - return true + return false } } diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/permission/RbacPipelinePermissionService.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/permission/RbacPipelinePermissionService.kt index e841cecf1f0..e56409ea909 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/permission/RbacPipelinePermissionService.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/permission/RbacPipelinePermissionService.kt @@ -186,43 +186,19 @@ class RbacPipelinePermissionService( } } - override fun getResourceByPermission(userId: String, projectId: String, permission: AuthPermission): List { - logger.info("[rbac] get resource by permission|$userId|$projectId|$permission") - val startEpoch = System.currentTimeMillis() - try { - // 获取有权限的流水线、流水线组、项目列表 - val instanceMap = authPermissionApi.getUserResourceAndParentByPermission( - user = userId, - serviceCode = pipelineAuthServiceCode, - projectCode = projectId, - permission = permission, - resourceType = resourceType - ) - return when { - // 如果有项目下所有该资源权限,返回项目下流水线列表 - instanceMap[AuthResourceType.PROJECT.value]?.contains(projectId) == true -> - getAllAuthPipelineIds(projectId = projectId) - - else -> { - // 获取有权限流水线组下的流水线 - val authViewPipelineIds = instanceMap[AuthResourceType.PIPELINE_GROUP.value]?.let { authViewIds -> - pipelineViewGroupCommonService.listPipelineIdsByViewIds(projectId, authViewIds) - } ?: emptyList() - // 获取有权限的流水线列表 - val authPipelineIds = instanceMap[AuthResourceType.PIPELINE_DEFAULT.value] ?: emptyList() - - val pipelineIds = mutableSetOf() - pipelineIds.addAll(authViewPipelineIds) - pipelineIds.addAll(authPipelineIds) - pipelineIds.toList() - } - } - } finally { - logger.info( - "It take(${System.currentTimeMillis() - startEpoch})ms to get resource by permission|" + - "$userId|$projectId|$permission" - ) - } + override fun getResourceByPermission( + userId: String, + projectId: String, + permission: AuthPermission + ): List { + return authPermissionApi.getUserResourceByPermission( + user = userId, + serviceCode = pipelineAuthServiceCode, + resourceType = resourceType, + projectCode = projectId, + permission = permission, + supplier = null + ) } override fun filterPipelines(