feat：支持管理员查看项目成员 TencentBlueKing#9620

fcfang123 · Jun 28, 2024 · bb7f4ac · bb7f4ac
1 parent b7a6dc2
commit bb7f4ac
Show file tree

Hide file tree

Showing 15 changed files with 426 additions and 124 deletions.
diff --git a/...pi-auth/src/main/kotlin/com/tencent/devops/auth/api/user/UserAuthResourceGroupResource.kt b/...pi-auth/src/main/kotlin/com/tencent/devops/auth/api/user/UserAuthResourceGroupResource.kt
@@ -79,27 +79,9 @@ interface UserAuthResourceGroupResource {
     ): Result<List<IamGroupPoliciesVo>>
 
     @GET
-    @Path("/getMemberGroupCountWithPermissions")
-    @Operation(summary = "获取项目成员有权限的用户组数量--以资源类型进行分类")
-    fun getMemberGroupCountWithPermissions(
-        @Parameter(description = "用户名", required = true)
-        @HeaderParam(AUTH_HEADER_USER_ID)
-        userId: String,
-        @Parameter(description = "项目ID", required = true)
-        @PathParam("projectId")
-        projectId: String,
-        @QueryParam("type")
-        @Parameter(description = "成员类型")
-        type: ManagerScopesEnum,
-        @QueryParam("member")
-        @Parameter(description = "组织ID/成员ID")
-        member: String
-    ): Result<List<MemberGroupCountWithPermissionsVo>>
-
-    @GET
-    @Path("{resourceType}/getMemberGroupsWithPermissions/{start}/{end}")
-    @Operation(summary = "获取项目成员有权限的用户组")
-    fun getMemberGroupsWithPermissions(
+    @Path("{resourceType}/getMemberGroupsDetails/{start}/{end}")
+    @Operation(summary = "获取项目成员有权限的用户组详情")
+    fun getMemberGroupsDetails(
         @Parameter(description = "用户名", required = true)
         @HeaderParam(AUTH_HEADER_USER_ID)
         userId: String,

diff --git a/...i-auth/src/main/kotlin/com/tencent/devops/auth/api/user/UserAuthResourceMemberResource.kt b/...i-auth/src/main/kotlin/com/tencent/devops/auth/api/user/UserAuthResourceMemberResource.kt
@@ -5,6 +5,7 @@ import com.tencent.devops.auth.pojo.MemberInfo
 import com.tencent.devops.auth.pojo.dto.GroupMemberHandoverDTO
 import com.tencent.devops.auth.pojo.dto.GroupMemberRemoveDTO
 import com.tencent.devops.auth.pojo.dto.GroupMemberRenewalDTO
+import com.tencent.devops.auth.pojo.vo.MemberGroupCountWithPermissionsVo
 import com.tencent.devops.common.api.auth.AUTH_HEADER_USER_ID
 import com.tencent.devops.common.api.pojo.Pagination
 import com.tencent.devops.common.api.pojo.Result
@@ -111,4 +112,22 @@ interface UserAuthResourceMemberResource {
         @Parameter(description = "组织ID/成员ID")
         member: String
     ): Result<List<String>?>
+
+    @GET
+    @Path("/getMemberGroupCount")
+    @Operation(summary = "获取项目成员有权限的用户组数量--以资源类型进行分类")
+    fun getMemberGroupCount(
+        @Parameter(description = "用户名", required = true)
+        @HeaderParam(AUTH_HEADER_USER_ID)
+        userId: String,
+        @Parameter(description = "项目ID", required = true)
+        @PathParam("projectId")
+        projectId: String,
+        @QueryParam("type")
+        @Parameter(description = "成员类型")
+        type: ManagerScopesEnum,
+        @QueryParam("member")
+        @Parameter(description = "组织ID/成员ID")
+        member: String
+    ): Result<List<MemberGroupCountWithPermissionsVo>>
 }
diff --git a/...e/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/dto/ListGroupConditionDTO.kt b/...e/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/dto/ListGroupConditionDTO.kt
@@ -0,0 +1,19 @@
+package com.tencent.devops.auth.pojo.dto
+
+import io.swagger.v3.oas.annotations.media.Schema
+
+@Schema(title = "获取用户组列表条件")
+data class ListGroupConditionDTO(
+    @get:Schema(title = "项目ID")
+    val projectId: String,
+    @get:Schema(title = "资源类型")
+    val resourceType: String,
+    @get:Schema(title = "资源CODE")
+    val resourceCode: String,
+    @get:Schema(title = "是否获取项目成员组，该字段仅在resourceType为project时生效")
+    val getAllProjectMemberGroup: Boolean = false,
+    @get:Schema(title = "页数")
+    val page: Int,
+    @get:Schema(title = "页大小")
+    val pageSize: Int
+)
diff --git a/...re/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/vo/ResourceMemberCountVO.kt b/...re/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/vo/ResourceMemberCountVO.kt
@@ -0,0 +1,11 @@
+package com.tencent.devops.auth.pojo.vo
+
+import io.swagger.v3.oas.annotations.media.Schema
+
+@Schema(title = "资源成员数量")
+data class ResourceMemberCountVO(
+    @get:Schema(title = "用户组人数")
+    val userCount: Int,
+    @get:Schema(title = "用户组部门数")
+    val departmentCount: Int
+)
diff --git a/...uth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/config/RbacAuthConfiguration.kt b/...uth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/config/RbacAuthConfiguration.kt
@@ -167,6 +167,7 @@ class RbacAuthConfiguration {
         permissionSubsetManagerService: PermissionSubsetManagerService,
         permissionProjectService: PermissionProjectService,
         permissionGroupPoliciesService: PermissionGroupPoliciesService,
+        permissionResourceMemberService: PermissionResourceMemberService,
         authResourceGroupDao: AuthResourceGroupDao,
         dslContext: DSLContext,
         v2ManagerService: V2ManagerService,
@@ -179,6 +180,7 @@ class RbacAuthConfiguration {
         permissionSubsetManagerService = permissionSubsetManagerService,
         permissionProjectService = permissionProjectService,
         permissionGroupPoliciesService = permissionGroupPoliciesService,
+        permissionResourceMemberService = permissionResourceMemberService,
         authResourceGroupDao = authResourceGroupDao,
         dslContext = dslContext,
         v2ManagerService = v2ManagerService,

diff --git a/...otlin/com/tencent/devops/auth/provider/rbac/service/RbacPermissionResourceGroupService.kt b/...otlin/com/tencent/devops/auth/provider/rbac/service/RbacPermissionResourceGroupService.kt
@@ -28,11 +28,10 @@
 
 package com.tencent.devops.auth.provider.rbac.service
 
-import com.tencent.bk.sdk.iam.constants.ManagerScopesEnum
 import com.tencent.bk.sdk.iam.dto.InstancesDTO
 import com.tencent.bk.sdk.iam.dto.V2PageInfoDTO
 import com.tencent.bk.sdk.iam.dto.manager.ManagerRoleGroup
-import com.tencent.bk.sdk.iam.dto.manager.dto.GroupMemberRenewApplicationDTO
+import com.tencent.bk.sdk.iam.dto.manager.V2ManagerRoleGroupInfo
 import com.tencent.bk.sdk.iam.dto.manager.dto.ManagerRoleGroupDTO
 import com.tencent.bk.sdk.iam.dto.manager.dto.SearchGroupDTO
 import com.tencent.bk.sdk.iam.service.v2.V2ManagerService
@@ -48,16 +47,18 @@ import com.tencent.devops.auth.dao.AuthResourceGroupConfigDao
 import com.tencent.devops.auth.dao.AuthResourceGroupDao
 import com.tencent.devops.auth.pojo.RelatedResourceInfo
 import com.tencent.devops.auth.pojo.dto.GroupAddDTO
-import com.tencent.devops.auth.pojo.dto.GroupMemberRenewalDTO
+import com.tencent.devops.auth.pojo.dto.ListGroupConditionDTO
 import com.tencent.devops.auth.pojo.dto.RenameGroupDTO
 import com.tencent.devops.auth.pojo.enum.GroupMemberStatus
+import com.tencent.devops.auth.pojo.vo.GroupDetailsInfoVo
 import com.tencent.devops.auth.pojo.vo.GroupPermissionDetailVo
 import com.tencent.devops.auth.pojo.vo.IamGroupInfoVo
 import com.tencent.devops.auth.pojo.vo.IamGroupMemberInfoVo
 import com.tencent.devops.auth.pojo.vo.IamGroupPoliciesVo
 import com.tencent.devops.auth.service.AuthMonitorSpaceService
 import com.tencent.devops.auth.service.iam.PermissionProjectService
 import com.tencent.devops.auth.service.iam.PermissionResourceGroupService
+import com.tencent.devops.auth.service.iam.PermissionResourceMemberService
 import com.tencent.devops.common.api.exception.ErrorCodeException
 import com.tencent.devops.common.api.exception.PermissionForbiddenException
 import com.tencent.devops.common.api.pojo.Pagination
@@ -70,13 +71,14 @@ import org.slf4j.LoggerFactory
 import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.beans.factory.annotation.Value
 
-@Suppress("LongParameterList")
+@Suppress("LongParameterList", "IMPLICIT_CAST_TO_ANY")
 class RbacPermissionResourceGroupService @Autowired constructor(
     private val iamV2ManagerService: V2ManagerService,
     private val authResourceService: AuthResourceService,
     private val permissionSubsetManagerService: PermissionSubsetManagerService,
     private val permissionProjectService: PermissionProjectService,
     private val permissionGroupPoliciesService: PermissionGroupPoliciesService,
+    private val permissionResourceMemberService: PermissionResourceMemberService,
     private val dslContext: DSLContext,
     private val authResourceGroupDao: AuthResourceGroupDao,
     private val v2ManagerService: V2ManagerService,
@@ -97,76 +99,108 @@ class RbacPermissionResourceGroupService @Autowired constructor(
         private val logger = LoggerFactory.getLogger(RbacPermissionResourceGroupService::class.java)
         private const val MAX_GROUP_NAME_LENGTH = 32
         private const val MIN_GROUP_NAME_LENGTH = 5
+        private const val FIRST_PAGE = 1
 
         // 毫秒转换
         private const val MILLISECOND = 1000
     }
 
     override fun listGroup(
-        projectId: String,
-        resourceType: String,
-        resourceCode: String,
-        page: Int,
-        pageSize: Int
+        listGroupConditionDTO: ListGroupConditionDTO
     ): Pagination<IamGroupInfoVo> {
-        val resourceInfo = authResourceService.get(
-            projectCode = projectId,
-            resourceType = resourceType,
-            resourceCode = resourceCode
-        )
-        val validPage = PageUtil.getValidPage(page)
-        val validPageSize = PageUtil.getValidPageSize(pageSize)
-        val iamGroupInfoList = if (resourceType == AuthResourceType.PROJECT.value) {
-            val searchGroupDTO = SearchGroupDTO.builder().inherit(false).build()
-            val pageInfoDTO = V2PageInfoDTO()
-            pageInfoDTO.page = page
-            pageInfoDTO.pageSize = pageSize
-            val iamGroupInfoList = iamV2ManagerService.getGradeManagerRoleGroupV2(
-                resourceInfo.relationId,
-                searchGroupDTO,
-                pageInfoDTO
-            )
-            iamGroupInfoList.results
-        } else {
-            permissionSubsetManagerService.listGroup(
-                subsetManagerId = resourceInfo.relationId,
-                page = validPage,
-                pageSize = validPageSize
+        with(listGroupConditionDTO) {
+            val resourceInfo = authResourceService.get(
+                projectCode = projectId,
+                resourceType = resourceType,
+                resourceCode = resourceCode
             )
-        }
-        val resourceGroupMap = authResourceGroupDao.getByResourceCode(
-            dslContext = dslContext,
-            projectCode = projectId,
-            resourceType = resourceType,
-            resourceCode = resourceCode
-        ).associateBy { it.relationId.toInt() }
-        val iamGroupInfoVoList = iamGroupInfoList.map {
-            val resourceGroup = resourceGroupMap[it.id]
-            val defaultGroup = resourceGroup?.defaultGroup ?: false
-            // 默认组名需要支持国际化
-            val groupName = if (defaultGroup) {
-                I18nUtil.getCodeLanMessage(
-                    messageCode = "${resourceGroup!!.resourceType}.${resourceGroup.groupCode}" +
-                        AuthI18nConstants.AUTH_RESOURCE_GROUP_CONFIG_GROUP_NAME_SUFFIX,
-                    defaultMessage = resourceGroup.groupName
+            val validPage = PageUtil.getValidPage(page)
+            val validPageSize = PageUtil.getValidPageSize(pageSize)
+            val iamGroupInfoList = if (resourceType == AuthResourceType.PROJECT.value) {
+                val searchGroupDTO = SearchGroupDTO.builder().inherit(false).build()
+                val pageInfoDTO = V2PageInfoDTO()
+                pageInfoDTO.page = page
+                pageInfoDTO.pageSize = pageSize
+                val iamGroupInfoList = iamV2ManagerService.getGradeManagerRoleGroupV2(
+                    resourceInfo.relationId,
+                    searchGroupDTO,
+                    pageInfoDTO
                 )
+                iamGroupInfoList.results
             } else {
-                it.name
+                permissionSubsetManagerService.listGroup(
+                    subsetManagerId = resourceInfo.relationId,
+                    page = validPage,
+                    pageSize = validPageSize
+                )
             }
-            IamGroupInfoVo(
+            val resourceGroupMap = authResourceGroupDao.getByResourceCode(
+                dslContext = dslContext,
+                projectCode = projectId,
+                resourceType = resourceType,
+                resourceCode = resourceCode
+            ).associateBy { it.relationId.toInt() }
+            val iamGroupInfoVoList = iamGroupInfoList.map {
+                val resourceGroup = resourceGroupMap[it.id]
+                val defaultGroup = resourceGroup?.defaultGroup ?: false
+                // 默认组名需要支持国际化
+                val groupName = if (defaultGroup) {
+                    I18nUtil.getCodeLanMessage(
+                        messageCode = "${resourceGroup!!.resourceType}.${resourceGroup.groupCode}" +
+                            AuthI18nConstants.AUTH_RESOURCE_GROUP_CONFIG_GROUP_NAME_SUFFIX,
+                        defaultMessage = resourceGroup.groupName
+                    )
+                } else {
+                    it.name
+                }
+                IamGroupInfoVo(
+                    managerId = resourceInfo.relationId.toInt(),
+                    defaultGroup = defaultGroup,
+                    groupId = it.id,
+                    name = groupName,
+                    displayName = it.name,
+                    userCount = it.userCount,
+                    departmentCount = it.departmentCount
+                )
+            }.plusAllProjectMemberGroup(
                 managerId = resourceInfo.relationId.toInt(),
-                defaultGroup = defaultGroup,
-                groupId = it.id,
-                name = groupName,
-                displayName = it.name,
-                userCount = it.userCount,
-                departmentCount = it.departmentCount
+                condition = listGroupConditionDTO
+            ).sortedBy { it.groupId }
+            return Pagination(
+                hasNext = iamGroupInfoVoList.size == pageSize,
+                records = iamGroupInfoVoList
             )
-        }.sortedBy { it.groupId }
-        return Pagination(
-            hasNext = iamGroupInfoVoList.size == pageSize,
-            records = iamGroupInfoVoList
-        )
+        }
+    }
+
+    private fun List<IamGroupInfoVo>.plusAllProjectMemberGroup(
+        managerId: Int,
+        condition: ListGroupConditionDTO
+    ): List<IamGroupInfoVo> {
+        val shouldPlusAllProjectMemberGroup = condition.page == FIRST_PAGE &&
+            condition.resourceType == AuthResourceType.PROJECT.value &&
+            condition.getAllProjectMemberGroup
+
+        if (shouldPlusAllProjectMemberGroup) {
+            val resourceMemberCount = permissionResourceMemberService.getResourceMemberCount(
+                projectCode = condition.projectId,
+                resourceType = AuthResourceType.PROJECT.value,
+                resourceCode = condition.projectId
+            )
+            // 从数据库中获取数据
+            val allProjectMemberGroup = IamGroupInfoVo(
+                managerId = managerId,
+                defaultGroup = true,
+                groupId = 0,
+                name = "全部项目成员组",
+                displayName = "全部项目成员组",
+                userCount = resourceMemberCount.userCount,
+                departmentCount = resourceMemberCount.departmentCount,
+                projectMemberGroup = true
+            )
+            this.toMutableList().add(0, allProjectMemberGroup)
+        }
+        return this
     }
 
     override fun listUserBelongGroup(
@@ -483,6 +517,16 @@ class RbacPermissionResourceGroupService @Autowired constructor(
         return true
     }
 
+    override fun getMemberGroupsDetails(
+        projectId: String,
+        resourceType: String,
+        member: String,
+        start: Int,
+        end: Int
+    ): Pagination<GroupDetailsInfoVo> {
+        TODO("Not yet implemented")
+    }
+
     private fun getGroupPermissionDetailBySystem(iamSystemId: String, groupId: Int): List<GroupPermissionDetailVo> {
         val iamGroupPermissionDetailList = try {
             v2ManagerService.getGroupPermissionDetail(groupId, iamSystemId)