feat：支持管理员查看项目成员 TencentBlueKing#9620

src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/service/ServiceAuthAuthorizationResource.kt

@@ -29,7 +29,7 @@
 package com.tencent.devops.auth.api.service
 
 import com.tencent.devops.common.api.pojo.Result
-import com.tencent.devops.common.auth.api.pojo.ResourceAuthorizationConditionDTO
+import com.tencent.devops.common.auth.api.pojo.ResourceAuthorizationConditionRequest
 import com.tencent.devops.common.auth.api.pojo.ResourceAuthorizationDTO
 import com.tencent.devops.common.auth.api.pojo.ResourceAuthorizationHandoverDTO
 import io.swagger.v3.oas.annotations.Operation
@@ -73,7 +73,7 @@ interface ServiceAuthAuthorizationResource {
         @PathParam("resourceCode")
         @Parameter(description = "资源code", required = true)
         resourceCode: String
-    ): Result<String>
+    ): Result<ResourceAuthorizationDTO>
 
     @GET
     @Path("/listResourceAuthorization")
@@ -83,7 +83,7 @@ interface ServiceAuthAuthorizationResource {
         @PathParam("projectId")
         projectId: String,
         @Parameter(description = "查询条件", required = true)
-        condition: ResourceAuthorizationConditionDTO
+        condition: ResourceAuthorizationConditionRequest
     ): Result<List<ResourceAuthorizationDTO>>
 
     @PUT

src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/user/UserAuthAuthorizationResource.kt

@@ -28,7 +28,7 @@
 
 package com.tencent.devops.auth.api.user
 
-import com.tencent.devops.common.auth.api.pojo.ResourceAuthorizationConditionDTO
+import com.tencent.devops.common.auth.api.pojo.ResourceAuthorizationConditionRequest
 import com.tencent.devops.common.auth.api.pojo.ResourceAuthorizationDTO
 import com.tencent.devops.common.api.auth.AUTH_HEADER_USER_ID
 import com.tencent.devops.common.api.pojo.Result
@@ -41,6 +41,7 @@ import javax.ws.rs.HeaderParam
 import javax.ws.rs.Path
 import javax.ws.rs.PathParam
 import javax.ws.rs.Produces
+import javax.ws.rs.QueryParam
 import javax.ws.rs.core.MediaType
 
 @Tag(name = "USER_RESOURCE_AUTHORIZATION", description = "用户-权限-授权管理")
@@ -51,7 +52,7 @@ interface UserAuthAuthorizationResource {
 
     @GET
     @Path("/{projectId}/listResourceAuthorization")
-    @Operation(summary = "获取资源授权管理")
+    @Operation(summary = "根据条件获取资源授权管理")
     fun listResourceAuthorization(
         @Parameter(description = "用户名", required = true)
         @HeaderParam(AUTH_HEADER_USER_ID)
@@ -60,6 +61,24 @@ interface UserAuthAuthorizationResource {
         @PathParam("projectId")
         projectId: String,
         @Parameter(description = "查询条件", required = true)
-        condition: ResourceAuthorizationConditionDTO
+        condition: ResourceAuthorizationConditionRequest
     ): Result<List<ResourceAuthorizationDTO>>
+
+    @GET
+    @Path("/{projectId}/{resourceType}getResourceAuthorization")
+    @Operation(summary = "获取资源授权管理")
+    fun getResourceAuthorization(
+        @Parameter(description = "用户名", required = true)
+        @HeaderParam(AUTH_HEADER_USER_ID)
+        userId: String,
+        @Parameter(description = "项目ID", required = true)
+        @PathParam("projectId")
+        projectId: String,
+        @Parameter(description = "资源类型", required = true)
+        @PathParam("resourceType")
+        resourceType: String,
+        @Parameter(description = "资源code", required = true)
+        @QueryParam("resourceCode")
+        resourceCode: String
+    ): Result<ResourceAuthorizationDTO>
 }

src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/dao/AuthAuthorizationDao.kt

@@ -1,6 +1,6 @@
 package com.tencent.devops.auth.dao
 
-import com.tencent.devops.common.auth.api.pojo.ResourceAuthorizationConditionDTO
+import com.tencent.devops.common.auth.api.pojo.ResourceAuthorizationConditionRequest
 import com.tencent.devops.common.auth.api.pojo.ResourceAuthorizationDTO
 import com.tencent.devops.common.auth.api.pojo.ResourceAuthorizationHandoverDTO
 import com.tencent.devops.model.auth.tables.TAuthResourceAuthorization
@@ -97,7 +97,7 @@ class AuthAuthorizationDao {
 
     fun list(
         dslContext: DSLContext,
-        condition: ResourceAuthorizationConditionDTO
+        condition: ResourceAuthorizationConditionRequest
     ): Result<TAuthResourceAuthorizationRecord> {
         return with(TAuthResourceAuthorization.T_AUTH_RESOURCE_AUTHORIZATION) {
             dslContext.selectFrom(this)
@@ -109,7 +109,6 @@ class AuthAuthorizationDao {
                     ) else it
                 }
                 .let { if (condition.handoverFrom != null) it.and(HANDOVER_FROM.eq(condition.handoverFrom)) else it }
-                // todo 时间搜索
                 .let {
                     if (condition.page != null && condition.pageSize != null) {
                         it.limit((condition.page!! - 1) * condition.pageSize!!, condition.pageSize)

src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserAuthAuthorizationResourceImpl.kt

@@ -2,14 +2,12 @@ package com.tencent.devops.auth.resources
 
 import com.tencent.devops.auth.api.user.UserAuthAuthorizationResource
 import com.tencent.devops.auth.constant.AuthMessageCode
-import com.tencent.devops.common.auth.api.pojo.ResourceAuthorizationConditionDTO
+import com.tencent.devops.common.auth.api.pojo.ResourceAuthorizationConditionRequest
 import com.tencent.devops.common.auth.api.pojo.ResourceAuthorizationDTO
 import com.tencent.devops.auth.service.PermissionAuthorizationService
 import com.tencent.devops.auth.service.iam.PermissionProjectService
-import com.tencent.devops.auth.service.iam.PermissionResourceService
 import com.tencent.devops.common.api.exception.PermissionForbiddenException
 import com.tencent.devops.common.api.pojo.Result
-import com.tencent.devops.common.auth.api.AuthResourceType
 import com.tencent.devops.common.web.RestResource
 import com.tencent.devops.common.web.utils.I18nUtil
 
@@ -21,21 +19,43 @@ class UserAuthAuthorizationResourceImpl(
     override fun listResourceAuthorization(
         userId: String,
         projectId: String,
-        condition: ResourceAuthorizationConditionDTO
+        condition: ResourceAuthorizationConditionRequest
     ): Result<List<ResourceAuthorizationDTO>> {
+        verifyProjectManager(userId, projectId)
+        return Result(
+            permissionAuthorizationService.listResourceAuthorizations(
+                condition = condition
+            )
+        )
+    }
+
+    override fun getResourceAuthorization(
+        userId: String,
+        projectId: String,
+        resourceType: String,
+        resourceCode: String
+    ): Result<ResourceAuthorizationDTO> {
+        return Result(
+            permissionAuthorizationService.getResourceAuthorization(
+                resourceType = resourceType,
+                projectCode = projectId,
+                resourceCode = resourceCode
+            )
+        )
+    }
+
+    private fun verifyProjectManager(
+        userId: String,
+        projectId: String
+    ) {
         val hasProjectManagePermission = permissionProjectService.checkProjectManager(
             userId = userId,
-            projectCode = condition.projectCode
+            projectCode = projectId
         )
         if (!hasProjectManagePermission) {
             throw PermissionForbiddenException(
                 message = I18nUtil.getCodeLanMessage(AuthMessageCode.ERROR_AUTH_NO_MANAGE_PERMISSION)
             )
         }
-        return Result(
-            permissionAuthorizationService.listResourceAuthorizations(
-                condition = condition
-            )
-        )
     }
 }

src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/service/ServiceAuthAuthorizationResourceImpl.kt

@@ -3,7 +3,7 @@ package com.tencent.devops.auth.resources.service
 import com.tencent.devops.auth.api.service.ServiceAuthAuthorizationResource
 import com.tencent.devops.auth.service.PermissionAuthorizationService
 import com.tencent.devops.common.api.pojo.Result
-import com.tencent.devops.common.auth.api.pojo.ResourceAuthorizationConditionDTO
+import com.tencent.devops.common.auth.api.pojo.ResourceAuthorizationConditionRequest
 import com.tencent.devops.common.auth.api.pojo.ResourceAuthorizationDTO
 import com.tencent.devops.common.auth.api.pojo.ResourceAuthorizationHandoverDTO
 import com.tencent.devops.common.web.RestResource
@@ -27,9 +27,9 @@ class ServiceAuthAuthorizationResourceImpl constructor(
         projectId: String,
         resourceType: String,
         resourceCode: String
-    ): Result<String> {
+    ): Result<ResourceAuthorizationDTO> {
         return Result(
-            permissionAuthorizationService.getResourceAuthorizationHandoverTo(
+            permissionAuthorizationService.getResourceAuthorization(
                 projectCode = projectId,
                 resourceType = resourceType,
                 resourceCode = resourceCode
@@ -39,7 +39,7 @@ class ServiceAuthAuthorizationResourceImpl constructor(
 
     override fun listResourceAuthorization(
         projectId: String,
-        condition: ResourceAuthorizationConditionDTO
+        condition: ResourceAuthorizationConditionRequest
     ): Result<List<ResourceAuthorizationDTO>> {
         return Result(
             permissionAuthorizationService.listResourceAuthorizations(

src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/PermissionAuthorizationService.kt

@@ -27,39 +27,40 @@
 
 package com.tencent.devops.auth.service
 
-import com.tencent.devops.common.auth.api.pojo.ResourceAuthorizationConditionDTO
+import com.tencent.devops.common.auth.api.pojo.ResourceAuthorizationConditionRequest
 import com.tencent.devops.common.auth.api.pojo.ResourceAuthorizationDTO
-import com.tencent.devops.common.auth.api.pojo.ResourceAuthorizationHandoverConditionDTO
 import com.tencent.devops.common.auth.api.pojo.ResourceAuthorizationHandoverDTO
-import com.tencent.devops.common.auth.api.pojo.ResourceAuthorizationHandoverResult
-import com.tencent.devops.common.auth.enums.ResourceAuthorizationHandoverStatus
 
 interface PermissionAuthorizationService {
     /**
      * 增加资源授权管理
      */
-    fun addResourceAuthorization(resourceAuthorizationList: List<ResourceAuthorizationDTO>): Boolean
+    fun addResourceAuthorization(
+        resourceAuthorizationList: List<ResourceAuthorizationDTO>
+    ): Boolean
 
     /**
-     * 获取资源授予人
+     * 获取资源授权记录
      */
-    fun getResourceAuthorizationHandoverTo(
+    fun getResourceAuthorization(
         projectCode: String,
         resourceType: String,
         resourceCode: String
-    ): String
+    ): ResourceAuthorizationDTO
 
     /**
-     * 获取项目资源授予记录
+     * 获取项目资源授予记录--根据条件
      */
     fun listResourceAuthorizations(
-        condition: ResourceAuthorizationConditionDTO
+        condition: ResourceAuthorizationConditionRequest
     ): List<ResourceAuthorizationDTO>
 
     /**
      * 修改资源授权管理
      */
-    fun modifyResourceAuthorization(resourceAuthorizationList: List<ResourceAuthorizationDTO>): Boolean
+    fun modifyResourceAuthorization(
+        resourceAuthorizationList: List<ResourceAuthorizationDTO>
+    ): Boolean
 
     /**
      * 删除资源授权管理

src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/PermissionAuthorizationServiceImpl.kt

@@ -1,18 +1,11 @@
 package com.tencent.devops.auth.service
 
-import com.tencent.devops.auth.constant.AuthMessageCode
 import com.tencent.devops.auth.dao.AuthAuthorizationDao
 import com.tencent.devops.auth.service.iam.PermissionProjectService
 import com.tencent.devops.common.api.exception.ErrorCodeException
-import com.tencent.devops.common.api.exception.PermissionForbiddenException
-import com.tencent.devops.common.auth.api.pojo.ResourceAuthorizationConditionDTO
+import com.tencent.devops.common.auth.api.pojo.ResourceAuthorizationConditionRequest
 import com.tencent.devops.common.auth.api.pojo.ResourceAuthorizationDTO
-import com.tencent.devops.common.auth.api.pojo.ResourceAuthorizationHandoverConditionDTO
 import com.tencent.devops.common.auth.api.pojo.ResourceAuthorizationHandoverDTO
-import com.tencent.devops.common.auth.api.pojo.ResourceAuthorizationHandoverResult
-import com.tencent.devops.common.auth.enums.HandoverChannelCode
-import com.tencent.devops.common.auth.enums.ResourceAuthorizationHandoverStatus
-import com.tencent.devops.common.web.utils.I18nUtil
 import org.jooq.DSLContext
 import org.springframework.stereotype.Service
 
@@ -30,21 +23,31 @@ class PermissionAuthorizationServiceImpl constructor(
         return true
     }
 
-    override fun getResourceAuthorizationHandoverTo(
+    override fun getResourceAuthorization(
         projectCode: String,
         resourceType: String,
         resourceCode: String
-    ): String {
+    ): ResourceAuthorizationDTO {
         return authAuthorizationDao.get(
             dslContext = dslContext,
             projectCode = projectCode,
             resourceType = resourceType,
             resourceCode = resourceCode
-        )?.handoverFrom ?: throw ErrorCodeException(errorCode = "1", defaultMessage = "授权人不存在")
+        )?.let {
+            ResourceAuthorizationDTO(
+                projectCode = it.projectCode,
+                resourceType = it.resourceType,
+                resourceName = it.resourceName,
+                resourceCode = it.resourceCode,
+                handoverTime = it.handoverTime.toString(),
+                handoverFrom = it.handoverFrom
+            )
+            // todo 需要修改
+        } ?: throw ErrorCodeException(errorCode = "1", defaultMessage = "授权人不存在")
     }
 
     override fun listResourceAuthorizations(
-        condition: ResourceAuthorizationConditionDTO
+        condition: ResourceAuthorizationConditionRequest
     ): List<ResourceAuthorizationDTO> {
         return authAuthorizationDao.list(
             dslContext = dslContext,
@@ -55,6 +58,7 @@ class PermissionAuthorizationServiceImpl constructor(
                 resourceType = it.resourceType,
                 resourceName = it.resourceName,
                 resourceCode = it.resourceCode,
+                handoverTime = it.handoverTime.toString(),
                 handoverFrom = it.handoverFrom
             )
         }

src/backend/ci/core/common/common-auth/common-auth-api/src/main/kotlin/com/tencent/devops/common/auth/api/AuthAuthorizationApi.kt

@@ -1,7 +1,7 @@
 package com.tencent.devops.common.auth.api
 
 import com.tencent.devops.common.auth.api.pojo.ResourceAuthorizationDTO
-import com.tencent.devops.common.auth.api.pojo.ResourceAuthorizationHandoverConditionDTO
+import com.tencent.devops.common.auth.api.pojo.ResourceAuthorizationHandoverConditionRequest
 import com.tencent.devops.common.auth.api.pojo.ResourceAuthorizationHandoverDTO
 import com.tencent.devops.common.auth.api.pojo.ResourceAuthorizationHandoverResult
 import com.tencent.devops.common.auth.enums.ResourceAuthorizationHandoverStatus
@@ -20,7 +20,7 @@ interface AuthAuthorizationApi {
     fun resetResourceAuthorization(
         operator: String,
         projectId: String,
-        condition: ResourceAuthorizationHandoverConditionDTO,
+        condition: ResourceAuthorizationHandoverConditionRequest,
         validateSingleResourcePermission: ((
             operator: String,
             projectCode: String,

src/backend/ci/core/common/common-auth/common-auth-api/src/main/kotlin/com/tencent/devops/common/auth/api/pojo/ResourceAuthorizationConditionDTO.kt → src/backend/ci/core/common/common-auth/common-auth-api/src/main/kotlin/com/tencent/devops/common/auth/api/pojo/ResourceAuthorizationConditionRequest.kt

@@ -5,7 +5,7 @@ import io.swagger.v3.oas.annotations.media.Schema
 
 @Schema(title = "资源授权交接条件实体")
 @Suppress("LongParameterList")
-open class ResourceAuthorizationConditionDTO(
+open class ResourceAuthorizationConditionRequest(
     @get:Schema(title = "项目ID")
     open val projectCode: String,
     @get:Schema(title = "资源类型")
@@ -14,8 +14,6 @@ open class ResourceAuthorizationConditionDTO(
     open val resourceName: String?,
     @get:Schema(title = "授予人")
     open val handoverFrom: String?,
-    @get:Schema(title = "交接人")
-    open val handoverTo: String?,
     @get:Schema(title = "greaterThanHandoverTime")
     open val greaterThanHandoverTime: String?,
     @get:Schema(title = "lessThanHandoverTime")

src/backend/ci/core/common/common-auth/common-auth-api/src/main/kotlin/com/tencent/devops/common/auth/api/pojo/ResourceAuthorizationDTO.kt

@@ -12,6 +12,8 @@ open class ResourceAuthorizationDTO(
     open val resourceName: String,
     @get:Schema(title = "资源code")
     open val resourceCode: String,
+    @get:Schema(title = "授权时间")
+    open val handoverTime: String? = null,
     @get:Schema(title = "授予人")
     open val handoverFrom: String? = null
 )