From bb7f4ac3a7263ab4de440d3ecbf0183b6435caf7 Mon Sep 17 00:00:00 2001 From: greysonfang Date: Fri, 28 Jun 2024 14:47:20 +0800 Subject: [PATCH] =?UTF-8?q?feat=EF=BC=9A=E6=94=AF=E6=8C=81=E7=AE=A1?= =?UTF-8?q?=E7=90=86=E5=91=98=E6=9F=A5=E7=9C=8B=E9=A1=B9=E7=9B=AE=E6=88=90?= =?UTF-8?q?=E5=91=98=20#9620?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../api/user/UserAuthResourceGroupResource.kt | 24 +-- .../user/UserAuthResourceMemberResource.kt | 19 ++ .../auth/pojo/dto/ListGroupConditionDTO.kt | 19 ++ .../auth/pojo/vo/ResourceMemberCountVO.kt | 11 ++ .../rbac/config/RbacAuthConfiguration.kt | 2 + .../RbacPermissionResourceGroupService.kt | 166 +++++++++++------- .../RbacPermissionResourceMemberService.kt | 59 +++++++ .../SamplePermissionResourceGroupService.kt | 9 +- .../SamplePermissionResourceMemberService.kt | 79 ++++++++- .../UserAuthResourceGroupResourceImpl.kt | 27 ++- .../UserAuthResourceMemberResourceImpl.kt | 28 ++- .../resources/UserAuthResourceResourceImpl.kt | 14 +- .../iam/PermissionResourceGroupService.kt | 18 +- .../iam/PermissionResourceMemberService.kt | 71 ++++++++ .../devops/common/api/pojo/Pagination.kt | 4 +- 15 files changed, 426 insertions(+), 124 deletions(-) create mode 100644 src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/dto/ListGroupConditionDTO.kt create mode 100644 src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/vo/ResourceMemberCountVO.kt diff --git a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/user/UserAuthResourceGroupResource.kt b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/user/UserAuthResourceGroupResource.kt index 482647a5870..b9e32ef1aba 100644 --- a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/user/UserAuthResourceGroupResource.kt +++ b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/user/UserAuthResourceGroupResource.kt @@ -79,27 +79,9 @@ interface UserAuthResourceGroupResource { ): Result> @GET - @Path("/getMemberGroupCountWithPermissions") - @Operation(summary = "获取项目成员有权限的用户组数量--以资源类型进行分类") - fun getMemberGroupCountWithPermissions( - @Parameter(description = "用户名", required = true) - @HeaderParam(AUTH_HEADER_USER_ID) - userId: String, - @Parameter(description = "项目ID", required = true) - @PathParam("projectId") - projectId: String, - @QueryParam("type") - @Parameter(description = "成员类型") - type: ManagerScopesEnum, - @QueryParam("member") - @Parameter(description = "组织ID/成员ID") - member: String - ): Result> - - @GET - @Path("{resourceType}/getMemberGroupsWithPermissions/{start}/{end}") - @Operation(summary = "获取项目成员有权限的用户组") - fun getMemberGroupsWithPermissions( + @Path("{resourceType}/getMemberGroupsDetails/{start}/{end}") + @Operation(summary = "获取项目成员有权限的用户组详情") + fun getMemberGroupsDetails( @Parameter(description = "用户名", required = true) @HeaderParam(AUTH_HEADER_USER_ID) userId: String, diff --git a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/user/UserAuthResourceMemberResource.kt b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/user/UserAuthResourceMemberResource.kt index 3bc906fb94d..66e611a2572 100644 --- a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/user/UserAuthResourceMemberResource.kt +++ b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/user/UserAuthResourceMemberResource.kt @@ -5,6 +5,7 @@ import com.tencent.devops.auth.pojo.MemberInfo import com.tencent.devops.auth.pojo.dto.GroupMemberHandoverDTO import com.tencent.devops.auth.pojo.dto.GroupMemberRemoveDTO import com.tencent.devops.auth.pojo.dto.GroupMemberRenewalDTO +import com.tencent.devops.auth.pojo.vo.MemberGroupCountWithPermissionsVo import com.tencent.devops.common.api.auth.AUTH_HEADER_USER_ID import com.tencent.devops.common.api.pojo.Pagination import com.tencent.devops.common.api.pojo.Result @@ -111,4 +112,22 @@ interface UserAuthResourceMemberResource { @Parameter(description = "组织ID/成员ID") member: String ): Result?> + + @GET + @Path("/getMemberGroupCount") + @Operation(summary = "获取项目成员有权限的用户组数量--以资源类型进行分类") + fun getMemberGroupCount( + @Parameter(description = "用户名", required = true) + @HeaderParam(AUTH_HEADER_USER_ID) + userId: String, + @Parameter(description = "项目ID", required = true) + @PathParam("projectId") + projectId: String, + @QueryParam("type") + @Parameter(description = "成员类型") + type: ManagerScopesEnum, + @QueryParam("member") + @Parameter(description = "组织ID/成员ID") + member: String + ): Result> } diff --git a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/dto/ListGroupConditionDTO.kt b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/dto/ListGroupConditionDTO.kt new file mode 100644 index 00000000000..da7be65f41c --- /dev/null +++ b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/dto/ListGroupConditionDTO.kt @@ -0,0 +1,19 @@ +package com.tencent.devops.auth.pojo.dto + +import io.swagger.v3.oas.annotations.media.Schema + +@Schema(title = "获取用户组列表条件") +data class ListGroupConditionDTO( + @get:Schema(title = "项目ID") + val projectId: String, + @get:Schema(title = "资源类型") + val resourceType: String, + @get:Schema(title = "资源CODE") + val resourceCode: String, + @get:Schema(title = "是否获取项目成员组,该字段仅在resourceType为project时生效") + val getAllProjectMemberGroup: Boolean = false, + @get:Schema(title = "页数") + val page: Int, + @get:Schema(title = "页大小") + val pageSize: Int +) diff --git a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/vo/ResourceMemberCountVO.kt b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/vo/ResourceMemberCountVO.kt new file mode 100644 index 00000000000..b533a9310d9 --- /dev/null +++ b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/vo/ResourceMemberCountVO.kt @@ -0,0 +1,11 @@ +package com.tencent.devops.auth.pojo.vo + +import io.swagger.v3.oas.annotations.media.Schema + +@Schema(title = "资源成员数量") +data class ResourceMemberCountVO( + @get:Schema(title = "用户组人数") + val userCount: Int, + @get:Schema(title = "用户组部门数") + val departmentCount: Int +) diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/config/RbacAuthConfiguration.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/config/RbacAuthConfiguration.kt index e7d3d85424c..420243dd033 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/config/RbacAuthConfiguration.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/config/RbacAuthConfiguration.kt @@ -167,6 +167,7 @@ class RbacAuthConfiguration { permissionSubsetManagerService: PermissionSubsetManagerService, permissionProjectService: PermissionProjectService, permissionGroupPoliciesService: PermissionGroupPoliciesService, + permissionResourceMemberService: PermissionResourceMemberService, authResourceGroupDao: AuthResourceGroupDao, dslContext: DSLContext, v2ManagerService: V2ManagerService, @@ -179,6 +180,7 @@ class RbacAuthConfiguration { permissionSubsetManagerService = permissionSubsetManagerService, permissionProjectService = permissionProjectService, permissionGroupPoliciesService = permissionGroupPoliciesService, + permissionResourceMemberService = permissionResourceMemberService, authResourceGroupDao = authResourceGroupDao, dslContext = dslContext, v2ManagerService = v2ManagerService, diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/RbacPermissionResourceGroupService.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/RbacPermissionResourceGroupService.kt index a268a41f87f..db945fc607a 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/RbacPermissionResourceGroupService.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/RbacPermissionResourceGroupService.kt @@ -28,11 +28,10 @@ package com.tencent.devops.auth.provider.rbac.service -import com.tencent.bk.sdk.iam.constants.ManagerScopesEnum import com.tencent.bk.sdk.iam.dto.InstancesDTO import com.tencent.bk.sdk.iam.dto.V2PageInfoDTO import com.tencent.bk.sdk.iam.dto.manager.ManagerRoleGroup -import com.tencent.bk.sdk.iam.dto.manager.dto.GroupMemberRenewApplicationDTO +import com.tencent.bk.sdk.iam.dto.manager.V2ManagerRoleGroupInfo import com.tencent.bk.sdk.iam.dto.manager.dto.ManagerRoleGroupDTO import com.tencent.bk.sdk.iam.dto.manager.dto.SearchGroupDTO import com.tencent.bk.sdk.iam.service.v2.V2ManagerService @@ -48,9 +47,10 @@ import com.tencent.devops.auth.dao.AuthResourceGroupConfigDao import com.tencent.devops.auth.dao.AuthResourceGroupDao import com.tencent.devops.auth.pojo.RelatedResourceInfo import com.tencent.devops.auth.pojo.dto.GroupAddDTO -import com.tencent.devops.auth.pojo.dto.GroupMemberRenewalDTO +import com.tencent.devops.auth.pojo.dto.ListGroupConditionDTO import com.tencent.devops.auth.pojo.dto.RenameGroupDTO import com.tencent.devops.auth.pojo.enum.GroupMemberStatus +import com.tencent.devops.auth.pojo.vo.GroupDetailsInfoVo import com.tencent.devops.auth.pojo.vo.GroupPermissionDetailVo import com.tencent.devops.auth.pojo.vo.IamGroupInfoVo import com.tencent.devops.auth.pojo.vo.IamGroupMemberInfoVo @@ -58,6 +58,7 @@ import com.tencent.devops.auth.pojo.vo.IamGroupPoliciesVo import com.tencent.devops.auth.service.AuthMonitorSpaceService import com.tencent.devops.auth.service.iam.PermissionProjectService import com.tencent.devops.auth.service.iam.PermissionResourceGroupService +import com.tencent.devops.auth.service.iam.PermissionResourceMemberService import com.tencent.devops.common.api.exception.ErrorCodeException import com.tencent.devops.common.api.exception.PermissionForbiddenException import com.tencent.devops.common.api.pojo.Pagination @@ -70,13 +71,14 @@ import org.slf4j.LoggerFactory import org.springframework.beans.factory.annotation.Autowired import org.springframework.beans.factory.annotation.Value -@Suppress("LongParameterList") +@Suppress("LongParameterList", "IMPLICIT_CAST_TO_ANY") class RbacPermissionResourceGroupService @Autowired constructor( private val iamV2ManagerService: V2ManagerService, private val authResourceService: AuthResourceService, private val permissionSubsetManagerService: PermissionSubsetManagerService, private val permissionProjectService: PermissionProjectService, private val permissionGroupPoliciesService: PermissionGroupPoliciesService, + private val permissionResourceMemberService: PermissionResourceMemberService, private val dslContext: DSLContext, private val authResourceGroupDao: AuthResourceGroupDao, private val v2ManagerService: V2ManagerService, @@ -97,76 +99,108 @@ class RbacPermissionResourceGroupService @Autowired constructor( private val logger = LoggerFactory.getLogger(RbacPermissionResourceGroupService::class.java) private const val MAX_GROUP_NAME_LENGTH = 32 private const val MIN_GROUP_NAME_LENGTH = 5 + private const val FIRST_PAGE = 1 // 毫秒转换 private const val MILLISECOND = 1000 } override fun listGroup( - projectId: String, - resourceType: String, - resourceCode: String, - page: Int, - pageSize: Int + listGroupConditionDTO: ListGroupConditionDTO ): Pagination { - val resourceInfo = authResourceService.get( - projectCode = projectId, - resourceType = resourceType, - resourceCode = resourceCode - ) - val validPage = PageUtil.getValidPage(page) - val validPageSize = PageUtil.getValidPageSize(pageSize) - val iamGroupInfoList = if (resourceType == AuthResourceType.PROJECT.value) { - val searchGroupDTO = SearchGroupDTO.builder().inherit(false).build() - val pageInfoDTO = V2PageInfoDTO() - pageInfoDTO.page = page - pageInfoDTO.pageSize = pageSize - val iamGroupInfoList = iamV2ManagerService.getGradeManagerRoleGroupV2( - resourceInfo.relationId, - searchGroupDTO, - pageInfoDTO - ) - iamGroupInfoList.results - } else { - permissionSubsetManagerService.listGroup( - subsetManagerId = resourceInfo.relationId, - page = validPage, - pageSize = validPageSize + with(listGroupConditionDTO) { + val resourceInfo = authResourceService.get( + projectCode = projectId, + resourceType = resourceType, + resourceCode = resourceCode ) - } - val resourceGroupMap = authResourceGroupDao.getByResourceCode( - dslContext = dslContext, - projectCode = projectId, - resourceType = resourceType, - resourceCode = resourceCode - ).associateBy { it.relationId.toInt() } - val iamGroupInfoVoList = iamGroupInfoList.map { - val resourceGroup = resourceGroupMap[it.id] - val defaultGroup = resourceGroup?.defaultGroup ?: false - // 默认组名需要支持国际化 - val groupName = if (defaultGroup) { - I18nUtil.getCodeLanMessage( - messageCode = "${resourceGroup!!.resourceType}.${resourceGroup.groupCode}" + - AuthI18nConstants.AUTH_RESOURCE_GROUP_CONFIG_GROUP_NAME_SUFFIX, - defaultMessage = resourceGroup.groupName + val validPage = PageUtil.getValidPage(page) + val validPageSize = PageUtil.getValidPageSize(pageSize) + val iamGroupInfoList = if (resourceType == AuthResourceType.PROJECT.value) { + val searchGroupDTO = SearchGroupDTO.builder().inherit(false).build() + val pageInfoDTO = V2PageInfoDTO() + pageInfoDTO.page = page + pageInfoDTO.pageSize = pageSize + val iamGroupInfoList = iamV2ManagerService.getGradeManagerRoleGroupV2( + resourceInfo.relationId, + searchGroupDTO, + pageInfoDTO ) + iamGroupInfoList.results } else { - it.name + permissionSubsetManagerService.listGroup( + subsetManagerId = resourceInfo.relationId, + page = validPage, + pageSize = validPageSize + ) } - IamGroupInfoVo( + val resourceGroupMap = authResourceGroupDao.getByResourceCode( + dslContext = dslContext, + projectCode = projectId, + resourceType = resourceType, + resourceCode = resourceCode + ).associateBy { it.relationId.toInt() } + val iamGroupInfoVoList = iamGroupInfoList.map { + val resourceGroup = resourceGroupMap[it.id] + val defaultGroup = resourceGroup?.defaultGroup ?: false + // 默认组名需要支持国际化 + val groupName = if (defaultGroup) { + I18nUtil.getCodeLanMessage( + messageCode = "${resourceGroup!!.resourceType}.${resourceGroup.groupCode}" + + AuthI18nConstants.AUTH_RESOURCE_GROUP_CONFIG_GROUP_NAME_SUFFIX, + defaultMessage = resourceGroup.groupName + ) + } else { + it.name + } + IamGroupInfoVo( + managerId = resourceInfo.relationId.toInt(), + defaultGroup = defaultGroup, + groupId = it.id, + name = groupName, + displayName = it.name, + userCount = it.userCount, + departmentCount = it.departmentCount + ) + }.plusAllProjectMemberGroup( managerId = resourceInfo.relationId.toInt(), - defaultGroup = defaultGroup, - groupId = it.id, - name = groupName, - displayName = it.name, - userCount = it.userCount, - departmentCount = it.departmentCount + condition = listGroupConditionDTO + ).sortedBy { it.groupId } + return Pagination( + hasNext = iamGroupInfoVoList.size == pageSize, + records = iamGroupInfoVoList ) - }.sortedBy { it.groupId } - return Pagination( - hasNext = iamGroupInfoVoList.size == pageSize, - records = iamGroupInfoVoList - ) + } + } + + private fun List.plusAllProjectMemberGroup( + managerId: Int, + condition: ListGroupConditionDTO + ): List { + val shouldPlusAllProjectMemberGroup = condition.page == FIRST_PAGE && + condition.resourceType == AuthResourceType.PROJECT.value && + condition.getAllProjectMemberGroup + + if (shouldPlusAllProjectMemberGroup) { + val resourceMemberCount = permissionResourceMemberService.getResourceMemberCount( + projectCode = condition.projectId, + resourceType = AuthResourceType.PROJECT.value, + resourceCode = condition.projectId + ) + // 从数据库中获取数据 + val allProjectMemberGroup = IamGroupInfoVo( + managerId = managerId, + defaultGroup = true, + groupId = 0, + name = "全部项目成员组", + displayName = "全部项目成员组", + userCount = resourceMemberCount.userCount, + departmentCount = resourceMemberCount.departmentCount, + projectMemberGroup = true + ) + this.toMutableList().add(0, allProjectMemberGroup) + } + return this } override fun listUserBelongGroup( @@ -483,6 +517,16 @@ class RbacPermissionResourceGroupService @Autowired constructor( return true } + override fun getMemberGroupsDetails( + projectId: String, + resourceType: String, + member: String, + start: Int, + end: Int + ): Pagination { + TODO("Not yet implemented") + } + private fun getGroupPermissionDetailBySystem(iamSystemId: String, groupId: Int): List { val iamGroupPermissionDetailList = try { v2ManagerService.getGroupPermissionDetail(groupId, iamSystemId) diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/RbacPermissionResourceMemberService.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/RbacPermissionResourceMemberService.kt index e3f5e7f3962..748d1421ddb 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/RbacPermissionResourceMemberService.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/RbacPermissionResourceMemberService.kt @@ -11,10 +11,17 @@ import com.tencent.bk.sdk.iam.dto.manager.dto.SearchGroupDTO import com.tencent.bk.sdk.iam.service.v2.V2ManagerService import com.tencent.devops.auth.constant.AuthMessageCode import com.tencent.devops.auth.dao.AuthResourceGroupDao +import com.tencent.devops.auth.pojo.MemberInfo +import com.tencent.devops.auth.pojo.dto.GroupMemberHandoverDTO +import com.tencent.devops.auth.pojo.dto.GroupMemberRemoveDTO import com.tencent.devops.auth.pojo.dto.GroupMemberRenewalDTO +import com.tencent.devops.auth.pojo.vo.MemberGroupCountWithPermissionsVo +import com.tencent.devops.auth.pojo.vo.ResourceMemberCountVO import com.tencent.devops.auth.service.DeptService import com.tencent.devops.auth.service.iam.PermissionResourceMemberService import com.tencent.devops.common.api.exception.ErrorCodeException +import com.tencent.devops.common.api.pojo.Pagination +import com.tencent.devops.common.api.pojo.Result import com.tencent.devops.common.auth.api.AuthResourceType import com.tencent.devops.common.auth.api.pojo.BkAuthGroup import com.tencent.devops.common.auth.api.pojo.BkAuthGroupAndUserList @@ -371,6 +378,10 @@ class RbacPermissionResourceMemberService constructor( return true } + override fun batchRenewalGroupMembers(batchRenewalMemberDTO: List): Boolean { + TODO("Not yet implemented") + } + override fun deleteGroupMember( userId: String, projectCode: String, @@ -386,6 +397,14 @@ class RbacPermissionResourceMemberService constructor( return true } + override fun batchRemoveGroupMembers(projectId: String, batchRemoveMemberDTO: List): Boolean { + TODO("Not yet implemented") + } + + override fun removeMemberFromProject(projectId: String, type: ManagerScopesEnum, member: String): Boolean { + TODO("Not yet implemented") + } + override fun addGroupMember( userId: String, /*user 或 department*/ @@ -402,6 +421,46 @@ class RbacPermissionResourceMemberService constructor( return true } + override fun batchHandoverGroupMembers(projectId: String, batchHandoverMemberDTO: List): Boolean { + TODO("Not yet implemented") + } + + override fun getResourceMemberCount( + projectCode: String, + resourceType: String, + resourceCode: String + ): ResourceMemberCountVO { + if (resourceType == AuthResourceType.PROJECT.value) { + return ResourceMemberCountVO( + userCount = 0, + departmentCount = 0 + ) + } + return ResourceMemberCountVO( + userCount = 0, + departmentCount = 0 + ) + } + + override fun listResourceMembers( + projectCode: String, + resourceType: String, + userName: String?, + deptName: String?, + page: Int, + pageSize: Int + ): Pagination { + TODO("Not yet implemented") + } + + override fun getMemberGroups(projectId: String, resourceType: String, member: String, start: Int, end: Int): List { + TODO("Not yet implemented") + } + + override fun getMemberGroupsCount(projectId: String, type: ManagerScopesEnum, member: String): List { + TODO("Not yet implemented") + } + companion object { private val logger = LoggerFactory.getLogger(RbacPermissionResourceMemberService::class.java) diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/sample/service/SamplePermissionResourceGroupService.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/sample/service/SamplePermissionResourceGroupService.kt index a0069dc9698..ebb772166fb 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/sample/service/SamplePermissionResourceGroupService.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/sample/service/SamplePermissionResourceGroupService.kt @@ -29,6 +29,7 @@ package com.tencent.devops.auth.provider.sample.service import com.tencent.devops.auth.pojo.dto.GroupAddDTO +import com.tencent.devops.auth.pojo.dto.ListGroupConditionDTO import com.tencent.devops.auth.pojo.dto.RenameGroupDTO import com.tencent.devops.auth.pojo.vo.GroupPermissionDetailVo import com.tencent.devops.auth.pojo.vo.IamGroupInfoVo @@ -39,13 +40,7 @@ import com.tencent.devops.common.api.pojo.Pagination class SamplePermissionResourceGroupService : PermissionResourceGroupService { - override fun listGroup( - projectId: String, - resourceType: String, - resourceCode: String, - page: Int, - pageSize: Int - ): Pagination { + override fun listGroup(listGroupConditionDTO: ListGroupConditionDTO): Pagination { return Pagination(false, emptyList()) } diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/sample/service/SamplePermissionResourceMemberService.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/sample/service/SamplePermissionResourceMemberService.kt index 22dbe54fcee..c434da94344 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/sample/service/SamplePermissionResourceMemberService.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/sample/service/SamplePermissionResourceMemberService.kt @@ -1,7 +1,15 @@ package com.tencent.devops.auth.provider.sample.service +import com.tencent.bk.sdk.iam.constants.ManagerScopesEnum +import com.tencent.devops.auth.pojo.MemberInfo +import com.tencent.devops.auth.pojo.dto.GroupMemberHandoverDTO +import com.tencent.devops.auth.pojo.dto.GroupMemberRemoveDTO import com.tencent.devops.auth.pojo.dto.GroupMemberRenewalDTO +import com.tencent.devops.auth.pojo.vo.MemberGroupCountWithPermissionsVo +import com.tencent.devops.auth.pojo.vo.ResourceMemberCountVO import com.tencent.devops.auth.service.iam.PermissionResourceMemberService +import com.tencent.devops.common.api.pojo.Pagination +import com.tencent.devops.common.api.pojo.Result import com.tencent.devops.common.auth.api.pojo.BkAuthGroup import com.tencent.devops.common.auth.api.pojo.BkAuthGroupAndUserList @@ -43,7 +51,11 @@ class SamplePermissionResourceMemberService : PermissionResourceMemberService { roleCode: String ): Int = 0 - override fun autoRenewal(projectCode: String, resourceType: String, resourceCode: String) = Unit + override fun autoRenewal( + projectCode: String, + resourceType: String, + resourceCode: String + ) = Unit override fun renewalGroupMember( userId: String, @@ -52,6 +64,12 @@ class SamplePermissionResourceMemberService : PermissionResourceMemberService { memberRenewalDTO: GroupMemberRenewalDTO ): Boolean = true + override fun batchRenewalGroupMembers( + batchRenewalMemberDTO: List + ): Boolean { + TODO("Not yet implemented") + } + override fun deleteGroupMember( userId: String, projectCode: String, @@ -59,10 +77,69 @@ class SamplePermissionResourceMemberService : PermissionResourceMemberService { groupId: Int ): Boolean = true + override fun batchRemoveGroupMembers( + projectId: String, + batchRemoveMemberDTO: List + ): Boolean { + TODO("Not yet implemented") + } + + override fun removeMemberFromProject( + projectId: String, + type: ManagerScopesEnum, member: String + ): Boolean { + TODO("Not yet implemented") + } + override fun addGroupMember( userId: String, memberType: String, expiredAt: Long, groupId: Int ): Boolean = true + + override fun batchHandoverGroupMembers( + projectId: String, + batchHandoverMemberDTO: List + ): Boolean { + TODO("Not yet implemented") + } + + override fun getResourceMemberCount( + projectCode: String, + resourceType: String, + resourceCode: String + ): ResourceMemberCountVO = ResourceMemberCountVO( + userCount = 0, + departmentCount = 0 + ) + + override fun listResourceMembers( + projectCode: String, + resourceType: String, + userName: String?, + deptName: String?, + page: Int, + pageSize: Int + ): Pagination { + TODO("Not yet implemented") + } + + override fun getMemberGroups( + projectId: String, + resourceType: String, + member: String, + start: Int, + end: Int + ): List { + TODO("Not yet implemented") + } + + override fun getMemberGroupsCount( + projectId: String, + type: ManagerScopesEnum, + member: String + ): List { + TODO("Not yet implemented") + } } diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserAuthResourceGroupResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserAuthResourceGroupResourceImpl.kt index b49aaeaf59b..bd98cf299d3 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserAuthResourceGroupResourceImpl.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserAuthResourceGroupResourceImpl.kt @@ -63,29 +63,22 @@ class UserAuthResourceGroupResourceImpl @Autowired constructor( ) } - override fun getMemberGroupCountWithPermissions( - userId: String, - projectId: String, - type: ManagerScopesEnum, - member: String - ): Result> { - return Result( - emptyList() - ) - } - - override fun getMemberGroupsWithPermissions( + override fun getMemberGroupsDetails( userId: String, projectId: String, resourceType: String, member: String, - offset: Int, - limit: Int + start: Int, + end: Int ): Result> { return Result( - Pagination( - hasNext = false, - records = emptyList() + // todo 权限校验 + permissionResourceGroupService.getMemberGroupsDetails( + projectId = projectId, + resourceType = resourceType, + member = member, + start = start, + end = end ) ) } diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserAuthResourceMemberResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserAuthResourceMemberResourceImpl.kt index 88401aeb1ca..b9c8fae196c 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserAuthResourceMemberResourceImpl.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserAuthResourceMemberResourceImpl.kt @@ -6,12 +6,17 @@ import com.tencent.devops.auth.pojo.MemberInfo import com.tencent.devops.auth.pojo.dto.GroupMemberHandoverDTO import com.tencent.devops.auth.pojo.dto.GroupMemberRemoveDTO import com.tencent.devops.auth.pojo.dto.GroupMemberRenewalDTO +import com.tencent.devops.auth.pojo.vo.MemberGroupCountWithPermissionsVo +import com.tencent.devops.auth.service.iam.PermissionResourceMemberService import com.tencent.devops.common.api.pojo.Pagination import com.tencent.devops.common.api.pojo.Result +import com.tencent.devops.common.auth.api.AuthResourceType import com.tencent.devops.common.web.RestResource @RestResource -class UserAuthResourceMemberResourceImpl : UserAuthResourceMemberResource { +class UserAuthResourceMemberResourceImpl( + private val permissionResourceMemberService: PermissionResourceMemberService +) : UserAuthResourceMemberResource { override fun listProjectMembers( userId: String, projectId: String, @@ -20,10 +25,15 @@ class UserAuthResourceMemberResourceImpl : UserAuthResourceMemberResource { page: Int, pageSize: Int ): Result> { + // todo 校验权限 return Result( - Pagination( - hasNext = false, - records = emptyList() + permissionResourceMemberService.listResourceMembers( + projectCode = projectId, + resourceType = AuthResourceType.PROJECT.value, + userName = userName, + deptName = deptName, + page = page, + pageSize = pageSize ) ) } @@ -33,6 +43,7 @@ class UserAuthResourceMemberResourceImpl : UserAuthResourceMemberResource { projectId: String, batchRenewalMemberDTO: List ): Result { + // todo 权限校验 return Result(true) } @@ -60,4 +71,13 @@ class UserAuthResourceMemberResourceImpl : UserAuthResourceMemberResource { ): Result?> { return Result(emptyList()) } + + override fun getMemberGroupCount( + userId: String, + projectId: String, + type: ManagerScopesEnum, + member: String + ): Result> { + TODO("Not yet implemented") + } } diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserAuthResourceResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserAuthResourceResourceImpl.kt index 00884871858..b181bd5ad04 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserAuthResourceResourceImpl.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserAuthResourceResourceImpl.kt @@ -30,6 +30,7 @@ package com.tencent.devops.auth.resources import com.tencent.devops.auth.api.user.UserAuthResourceResource import com.tencent.devops.auth.pojo.AuthResourceInfo +import com.tencent.devops.auth.pojo.dto.ListGroupConditionDTO import com.tencent.devops.auth.pojo.vo.IamGroupInfoVo import com.tencent.devops.auth.pojo.vo.IamGroupMemberInfoVo import com.tencent.devops.auth.service.iam.PermissionResourceGroupService @@ -86,11 +87,14 @@ class UserAuthResourceResourceImpl @Autowired constructor( ): Result> { return Result( permissionResourceGroupService.listGroup( - projectId = projectId, - resourceType = resourceType, - resourceCode = resourceCode, - page = page, - pageSize = pageSize + ListGroupConditionDTO( + projectId = projectId, + resourceType = resourceType, + resourceCode = resourceCode, + getAllProjectMemberGroup = true, + page = page, + pageSize = pageSize + ) ) ) } diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/iam/PermissionResourceGroupService.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/iam/PermissionResourceGroupService.kt index 58912f914ba..c180a179ee8 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/iam/PermissionResourceGroupService.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/iam/PermissionResourceGroupService.kt @@ -29,7 +29,9 @@ package com.tencent.devops.auth.service.iam import com.tencent.devops.auth.pojo.dto.GroupAddDTO +import com.tencent.devops.auth.pojo.dto.ListGroupConditionDTO import com.tencent.devops.auth.pojo.dto.RenameGroupDTO +import com.tencent.devops.auth.pojo.vo.GroupDetailsInfoVo import com.tencent.devops.auth.pojo.vo.GroupPermissionDetailVo import com.tencent.devops.auth.pojo.vo.IamGroupInfoVo import com.tencent.devops.auth.pojo.vo.IamGroupMemberInfoVo @@ -40,13 +42,7 @@ interface PermissionResourceGroupService { /** * 资源关联的组列表 */ - fun listGroup( - projectId: String, - resourceType: String, - resourceCode: String, - page: Int, - pageSize: Int - ): Pagination + fun listGroup(listGroupConditionDTO: ListGroupConditionDTO): Pagination /** * 获取用户所属组 @@ -94,4 +90,12 @@ interface PermissionResourceGroupService { projectId: String, groupCode: String ): Boolean + + fun getMemberGroupsDetails( + projectId: String, + resourceType: String, + member: String, + start: Int, + end: Int + ): Pagination } diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/iam/PermissionResourceMemberService.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/iam/PermissionResourceMemberService.kt index c1d8ee66e22..e807de632c0 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/iam/PermissionResourceMemberService.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/iam/PermissionResourceMemberService.kt @@ -1,9 +1,17 @@ package com.tencent.devops.auth.service.iam +import com.tencent.bk.sdk.iam.constants.ManagerScopesEnum +import com.tencent.devops.auth.pojo.MemberInfo +import com.tencent.devops.auth.pojo.dto.GroupMemberHandoverDTO +import com.tencent.devops.auth.pojo.dto.GroupMemberRemoveDTO import com.tencent.devops.auth.pojo.dto.GroupMemberRenewalDTO +import com.tencent.devops.auth.pojo.vo.MemberGroupCountWithPermissionsVo +import com.tencent.devops.auth.pojo.vo.ResourceMemberCountVO +import com.tencent.devops.common.api.pojo.Pagination import com.tencent.devops.common.auth.api.pojo.BkAuthGroup import com.tencent.devops.common.auth.api.pojo.BkAuthGroupAndUserList +@Suppress("LongParameterList") interface PermissionResourceMemberService { fun getResourceGroupMembers( projectCode: String, @@ -52,6 +60,10 @@ interface PermissionResourceMemberService { memberRenewalDTO: GroupMemberRenewalDTO ): Boolean + fun batchRenewalGroupMembers( + batchRenewalMemberDTO: List + ): Boolean + fun deleteGroupMember( userId: String, projectCode: String, @@ -59,6 +71,17 @@ interface PermissionResourceMemberService { groupId: Int ): Boolean + fun batchRemoveGroupMembers( + projectId: String, + batchRemoveMemberDTO: List + ): Boolean + + fun removeMemberFromProject( + projectId: String, + type: ManagerScopesEnum, + member: String + ): Boolean + fun addGroupMember( userId: String, /*user or department or template*/ @@ -66,4 +89,52 @@ interface PermissionResourceMemberService { expiredAt: Long, groupId: Int ): Boolean + + fun batchHandoverGroupMembers( + projectId: String, + batchHandoverMemberDTO: List + ): Boolean + + /** + * 获取资源下全部成员数量 + * 如获取流水线A下所有成员数量,会把拥有者/执行者/编辑者/查看者总数量都返回 + * */ + fun getResourceMemberCount( + projectCode: String, + resourceType: String, + resourceCode: String + ): ResourceMemberCountVO + + /** + * 获取资源下全部成员 + * 如获取流水线A下所有成员,会把拥有者/执行者/编辑者/查看者成员都返回 + * */ + fun listResourceMembers( + projectCode: String, + resourceType: String, + userName: String?, + deptName: String?, + page: Int, + pageSize: Int + ): Pagination + + /** + * 获取用户有权限的用户组 + * */ + fun getMemberGroups( + projectId: String, + resourceType: String, + member: String, + start: Int, + end: Int + ): List + + /** + * 获取用户有权限的用户组数量 + * */ + fun getMemberGroupsCount( + projectId: String, + type: ManagerScopesEnum, + member: String + ): List } diff --git a/src/backend/ci/core/common/common-api/src/main/kotlin/com/tencent/devops/common/api/pojo/Pagination.kt b/src/backend/ci/core/common/common-api/src/main/kotlin/com/tencent/devops/common/api/pojo/Pagination.kt index 05f3381ee88..204fed3b359 100644 --- a/src/backend/ci/core/common/common-api/src/main/kotlin/com/tencent/devops/common/api/pojo/Pagination.kt +++ b/src/backend/ci/core/common/common-api/src/main/kotlin/com/tencent/devops/common/api/pojo/Pagination.kt @@ -34,5 +34,7 @@ data class Pagination( @get:Schema(title = "是否有下一页", required = true) val hasNext: Boolean, @get:Schema(title = "数据", required = true) - val records: List + val records: List, + @get:Schema(title = "总记录行数", required = false) + val count: Long? = null )