From d1330c32e40ccbca3ad544f9d153814140d53271 Mon Sep 17 00:00:00 2001 From: greysonfang Date: Thu, 6 Jun 2024 16:40:41 +0800 Subject: [PATCH] =?UTF-8?q?feat=EF=BC=9A=E6=94=AF=E6=8C=81=E7=AE=A1?= =?UTF-8?q?=E7=90=86=E5=91=98=E6=9F=A5=E7=9C=8B=E9=A1=B9=E7=9B=AE=E6=88=90?= =?UTF-8?q?=E5=91=98=20#9620?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../api/user/UserAuthResourceGroupResource.kt | 67 +++++++++-- .../user/UserAuthResourceMemberResource.kt | 113 ++++++++++++++++++ .../tencent/devops/auth/pojo/MemberInfo.kt | 5 +- .../auth/pojo/dto/GroupMemberHandoverDTO.kt | 40 +++++++ .../auth/pojo/dto/GroupMemberRemoveDTO.kt | 38 ++++++ .../auth/pojo/dto/GroupMemberRenewalDTO.kt | 6 +- .../devops/auth/pojo/enum/JoinedType.kt | 36 ++++++ .../devops/auth/pojo/enum/OperateSource.kt | 36 ++++++ .../pojo/enum/RemoveMemberButtonControl.kt | 39 ++++++ .../devops/auth/pojo/vo/GroupDetailsInfoVo.kt | 31 +++++ .../devops/auth/pojo/vo/IamGroupInfoVo.kt | 4 +- .../vo/MemberGroupCountWithPermissionsVo.kt | 11 ++ .../RbacPermissionResourceGroupService.kt | 17 +-- .../SamplePermissionResourceGroupService.kt | 1 - .../UserAuthResourceGroupResourceImpl.kt | 33 ++++- .../UserAuthResourceMemberResourceImpl.kt | 63 ++++++++++ .../iam/PermissionResourceGroupService.kt | 1 - 17 files changed, 515 insertions(+), 26 deletions(-) create mode 100644 src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/user/UserAuthResourceMemberResource.kt create mode 100644 src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/dto/GroupMemberHandoverDTO.kt create mode 100644 src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/dto/GroupMemberRemoveDTO.kt create mode 100644 src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/enum/JoinedType.kt create mode 100644 src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/enum/OperateSource.kt create mode 100644 src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/enum/RemoveMemberButtonControl.kt create mode 100644 src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/vo/GroupDetailsInfoVo.kt create mode 100644 src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/vo/MemberGroupCountWithPermissionsVo.kt create mode 100644 src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserAuthResourceMemberResourceImpl.kt diff --git a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/user/UserAuthResourceGroupResource.kt b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/user/UserAuthResourceGroupResource.kt index 9f3d3900624..a54adaf2060 100644 --- a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/user/UserAuthResourceGroupResource.kt +++ b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/user/UserAuthResourceGroupResource.kt @@ -28,11 +28,15 @@ package com.tencent.devops.auth.api.user +import com.tencent.bk.sdk.iam.constants.ManagerScopesEnum import com.tencent.devops.auth.pojo.dto.GroupMemberRenewalDTO import com.tencent.devops.auth.pojo.dto.RenameGroupDTO +import com.tencent.devops.auth.pojo.vo.GroupDetailsInfoVo +import com.tencent.devops.auth.pojo.vo.MemberGroupCountWithPermissionsVo import com.tencent.devops.auth.pojo.vo.IamGroupPoliciesVo import com.tencent.devops.common.api.annotation.BkInterfaceI18n import com.tencent.devops.common.api.auth.AUTH_HEADER_USER_ID +import com.tencent.devops.common.api.pojo.Pagination import com.tencent.devops.common.api.pojo.Result import io.swagger.v3.oas.annotations.tags.Tag import io.swagger.v3.oas.annotations.Operation @@ -45,16 +49,18 @@ import javax.ws.rs.PUT import javax.ws.rs.Path import javax.ws.rs.PathParam import javax.ws.rs.Produces +import javax.ws.rs.QueryParam import javax.ws.rs.core.MediaType @Tag(name = "AUTH_RESOURCE_GROUP", description = "用户态-iam用户组") -@Path("/user/auth/resource/group/{projectId}/{resourceType}") +@Path("/user/auth/resource/group/{projectId}/") @Produces(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON) +@Suppress("LongParameterList") interface UserAuthResourceGroupResource { @GET - @Path("{groupId}/groupPolicies") + @Path("{resourceType}/{groupId}/groupPolicies") @Operation(summary = "获取组策略详情") @BkInterfaceI18n(keyPrefixNames = ["{data[*].action}"]) fun getGroupPolicies( @@ -72,9 +78,52 @@ interface UserAuthResourceGroupResource { groupId: Int ): Result> + @GET + @Path("/getMemberGroupCountWithPermissions") + @Operation(summary = "获取项目成员有权限的用户组数量--以资源类型进行分类") + fun getMemberGroupCountWithPermissions( + @Parameter(description = "用户名", required = true) + @HeaderParam(AUTH_HEADER_USER_ID) + userId: String, + @Parameter(description = "项目ID", required = true) + @PathParam("projectId") + projectId: String, + @QueryParam("type") + @Parameter(description = "成员类型") + type: ManagerScopesEnum, + @QueryParam("member") + @Parameter(description = "组织ID/成员ID") + member: String + ): Result> + + @GET + @Path("{resourceType}/getMemberGroupsWithPermissions/{offset}/{limit}") + @Operation(summary = "获取项目成员有权限的用户组") + fun getMemberGroupsWithPermissions( + @Parameter(description = "用户名", required = true) + @HeaderParam(AUTH_HEADER_USER_ID) + userId: String, + @Parameter(description = "项目ID", required = true) + @PathParam("projectId") + projectId: String, + @Parameter(description = "资源类型") + @PathParam("resourceType") + resourceType: String, + @QueryParam("member") + @Parameter(description = "组织ID/成员ID") + member: String, + @Parameter(description = "资源类型") + @PathParam("offset") + offset: Int, + @Parameter(description = "资源类型") + @PathParam("limit") + limit: Int + ): Result> + + //todo 改造一下,注意该接口发生变化,需要前端配合修改 @PUT - @Path("{groupId}/member/renewal") - @Operation(summary = "用户续期") + @Path("{resourceType}/member/renewal") + @Operation(summary = "用户主动发起续期--需进行审批") fun renewal( @Parameter(description = "用户名", required = true) @HeaderParam(AUTH_HEADER_USER_ID) @@ -85,14 +134,12 @@ interface UserAuthResourceGroupResource { @Parameter(description = "资源类型") @PathParam("resourceType") resourceType: String, - @Parameter(description = "用户组Id") - @PathParam("groupId") - groupId: Int, + @Parameter(description = "续期请求实体") memberRenewalDTO: GroupMemberRenewalDTO ): Result @DELETE - @Path("{groupId}/member") + @Path("{resourceType}/{groupId}/member") @Operation(summary = "用户退出") fun deleteMember( @Parameter(description = "用户名", required = true) @@ -110,7 +157,7 @@ interface UserAuthResourceGroupResource { ): Result @DELETE - @Path("{groupId}") + @Path("{resourceType}/{groupId}") @Operation(summary = "删除组") fun deleteGroup( @Parameter(description = "用户名", required = true) @@ -128,7 +175,7 @@ interface UserAuthResourceGroupResource { ): Result @PUT - @Path("{groupId}/rename") + @Path("{resourceType}/{groupId}/rename") @Operation(summary = "重命名组") fun rename( @Parameter(description = "用户名", required = true) diff --git a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/user/UserAuthResourceMemberResource.kt b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/user/UserAuthResourceMemberResource.kt new file mode 100644 index 00000000000..7f1ee15b5bc --- /dev/null +++ b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/user/UserAuthResourceMemberResource.kt @@ -0,0 +1,113 @@ +package com.tencent.devops.auth.api.user + +import com.tencent.bk.sdk.iam.constants.ManagerScopesEnum +import com.tencent.devops.auth.pojo.MemberInfo +import com.tencent.devops.auth.pojo.dto.GroupMemberHandoverDTO +import com.tencent.devops.auth.pojo.dto.GroupMemberRemoveDTO +import com.tencent.devops.auth.pojo.dto.GroupMemberRenewalDTO +import com.tencent.devops.common.api.auth.AUTH_HEADER_USER_ID +import com.tencent.devops.common.api.pojo.Pagination +import com.tencent.devops.common.api.pojo.Result +import io.swagger.v3.oas.annotations.Operation +import io.swagger.v3.oas.annotations.Parameter +import io.swagger.v3.oas.annotations.tags.Tag +import javax.ws.rs.Consumes +import javax.ws.rs.DELETE +import javax.ws.rs.GET +import javax.ws.rs.HeaderParam +import javax.ws.rs.PUT +import javax.ws.rs.Path +import javax.ws.rs.PathParam +import javax.ws.rs.Produces +import javax.ws.rs.QueryParam +import javax.ws.rs.core.MediaType + +@Tag(name = "AUTH_RESOURCE_MEMBER", description = "用户态-iam用户") +@Path("/user/auth/resource/member/{projectId}/") +@Produces(MediaType.APPLICATION_JSON) +@Consumes(MediaType.APPLICATION_JSON) +interface UserAuthResourceMemberResource { + @GET + @Path("/listProjectMembers") + @Operation(summary = "获取项目下全体成员") + @Suppress("LongParameterList") + fun listProjectMembers( + @Parameter(description = "用户名", required = true) + @HeaderParam(AUTH_HEADER_USER_ID) + userId: String, + @Parameter(description = "项目ID", required = true) + @PathParam("projectId") + projectId: String, + @Parameter(description = "用户名称搜索") + @QueryParam("userName") + userName: String?, + @Parameter(description = "组织搜索") + @QueryParam("userName") + deptName: String?, + @Parameter(description = "第几页") + @QueryParam("page") + page: Int, + @Parameter(description = "每页多少条") + @QueryParam("pageSize") + pageSize: Int + ): Result> + + @PUT + @Path("/batch/renewal") + @Operation(summary = "批量续期组成员权限--无需进行审批") + fun batchRenewalGroupMembers( + @Parameter(description = "用户名", required = true) + @HeaderParam(AUTH_HEADER_USER_ID) + userId: String, + @Parameter(description = "项目ID", required = true) + @PathParam("projectId") + projectId: String, + @Parameter(description = "批量续期成员请求实体") + batchRenewalMemberDTO: List + ): Result + + @DELETE + @Path("/batch/remove") + @Operation(summary = "批量移除用户组成员") + fun batchRemoveGroupMembers( + @Parameter(description = "用户名", required = true) + @HeaderParam(AUTH_HEADER_USER_ID) + userId: String, + @Parameter(description = "项目ID", required = true) + @PathParam("projectId") + projectId: String, + @Parameter(description = "批量移除成员请求实体") + batchRemoveMemberDTO: List + ): Result + + @DELETE + @Path("/batch/handover") + @Operation(summary = "批量交接用户组成员") + fun batchHandoverGroupMembers( + @Parameter(description = "用户名", required = true) + @HeaderParam(AUTH_HEADER_USER_ID) + userId: String, + @Parameter(description = "项目ID", required = true) + @PathParam("projectId") + projectId: String, + @Parameter(description = "批量交接成员请求实体") + batchHandoverMemberDTO: List + ): Result + + @DELETE + @Path("/removeMemberFromProject") + fun removeMemberFromProject( + @Parameter(description = "用户名", required = true) + @HeaderParam(AUTH_HEADER_USER_ID) + userId: String, + @Parameter(description = "项目ID", required = true) + @PathParam("projectId") + projectId: String, + @QueryParam("type") + @Parameter(description = "成员类型") + type: ManagerScopesEnum, + @QueryParam("member") + @Parameter(description = "组织ID/成员ID") + member: String + ): Result?> +} diff --git a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/MemberInfo.kt b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/MemberInfo.kt index 53f315d9223..8831e3c0784 100644 --- a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/MemberInfo.kt +++ b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/MemberInfo.kt @@ -1,5 +1,6 @@ package com.tencent.devops.auth.pojo +import com.tencent.bk.sdk.iam.constants.ManagerScopesEnum import io.swagger.v3.oas.annotations.media.Schema @Schema(title = "成员信息") @@ -8,6 +9,6 @@ data class MemberInfo( val id: String, @get:Schema(title = "成员名称") val name: String, - @get:Schema(title = "成员类别") - val type: String + @get:Schema(title = "成员类型") + val type: ManagerScopesEnum ) diff --git a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/dto/GroupMemberHandoverDTO.kt b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/dto/GroupMemberHandoverDTO.kt new file mode 100644 index 00000000000..a6d4f81cdb4 --- /dev/null +++ b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/dto/GroupMemberHandoverDTO.kt @@ -0,0 +1,40 @@ +/* + * Tencent is pleased to support the open source community by making BK-CI 蓝鲸持续集成平台 available. + * + * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. + * + * BK-CI 蓝鲸持续集成平台 is licensed under the MIT license. + * + * A copy of the MIT License is included in this file. + * + * + * Terms of the MIT License: + * --------------------------------------------------- + * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated + * documentation files (the "Software"), to deal in the Software without restriction, including without limitation the + * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all copies or substantial portions of + * the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT + * LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN + * NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, + * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + */ + +package com.tencent.devops.auth.pojo.dto + +import io.swagger.v3.oas.annotations.media.Schema + +@Schema(title = "用户组成员交接") +data class GroupMemberHandoverDTO( + @get:Schema(title = "组ID") + val groupId: Int, + @get:Schema(title = "交接人") + val handoverFrom: String, + @get:Schema(title = "授予人") + val handoverTo: String +) diff --git a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/dto/GroupMemberRemoveDTO.kt b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/dto/GroupMemberRemoveDTO.kt new file mode 100644 index 00000000000..1a246083426 --- /dev/null +++ b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/dto/GroupMemberRemoveDTO.kt @@ -0,0 +1,38 @@ +/* + * Tencent is pleased to support the open source community by making BK-CI 蓝鲸持续集成平台 available. + * + * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. + * + * BK-CI 蓝鲸持续集成平台 is licensed under the MIT license. + * + * A copy of the MIT License is included in this file. + * + * + * Terms of the MIT License: + * --------------------------------------------------- + * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated + * documentation files (the "Software"), to deal in the Software without restriction, including without limitation the + * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all copies or substantial portions of + * the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT + * LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN + * NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, + * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + */ + +package com.tencent.devops.auth.pojo.dto + +import io.swagger.v3.oas.annotations.media.Schema + +@Schema(title = "用户组成员移除") +data class GroupMemberRemoveDTO( + @get:Schema(title = "组成员") + val member: String, + @get:Schema(title = "组ID") + val groupId: Int +) diff --git a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/dto/GroupMemberRenewalDTO.kt b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/dto/GroupMemberRenewalDTO.kt index d0b85831b0a..c3ce886486f 100644 --- a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/dto/GroupMemberRenewalDTO.kt +++ b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/dto/GroupMemberRenewalDTO.kt @@ -31,6 +31,10 @@ import io.swagger.v3.oas.annotations.media.Schema @Schema(title = "用户组成员续期") data class GroupMemberRenewalDTO( - @get:Schema(title = "过期时间戳(单位秒),即用户或部门在 expired_at 后将不具有该用户组的相关权限") + @get:Schema(title = "组成员") + val member: String, + @get:Schema(title = "组ID") + val groupId: Int, + @get:Schema(title = "过期时间戳(单位秒)") val expiredAt: Long ) diff --git a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/enum/JoinedType.kt b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/enum/JoinedType.kt new file mode 100644 index 00000000000..06b700c88bd --- /dev/null +++ b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/enum/JoinedType.kt @@ -0,0 +1,36 @@ +/* + * Tencent is pleased to support the open source community by making BK-CI 蓝鲸持续集成平台 available. + * + * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. + * + * BK-CI 蓝鲸持续集成平台 is licensed under the MIT license. + * + * A copy of the MIT License is included in this file. + * + * + * Terms of the MIT License: + * --------------------------------------------------- + * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated + * documentation files (the "Software"), to deal in the Software without restriction, including without limitation the + * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all copies or substantial portions of + * the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT + * LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN + * NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, + * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + */ + +package com.tencent.devops.auth.pojo.enum + +enum class JoinedType { + // 直接加入 + DIRECT, + + // 通过模板加入 + TEMPLATE +} diff --git a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/enum/OperateSource.kt b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/enum/OperateSource.kt new file mode 100644 index 00000000000..cc2a0e8931b --- /dev/null +++ b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/enum/OperateSource.kt @@ -0,0 +1,36 @@ +/* + * Tencent is pleased to support the open source community by making BK-CI 蓝鲸持续集成平台 available. + * + * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. + * + * BK-CI 蓝鲸持续集成平台 is licensed under the MIT license. + * + * A copy of the MIT License is included in this file. + * + * + * Terms of the MIT License: + * --------------------------------------------------- + * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated + * documentation files (the "Software"), to deal in the Software without restriction, including without limitation the + * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all copies or substantial portions of + * the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT + * LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN + * NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, + * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + */ + +package com.tencent.devops.auth.pojo.enum + +enum class OperateSource { + // 直接加入 + DIRECT, + + // 通过API加入 + API +} diff --git a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/enum/RemoveMemberButtonControl.kt b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/enum/RemoveMemberButtonControl.kt new file mode 100644 index 00000000000..b64a6aa8b58 --- /dev/null +++ b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/enum/RemoveMemberButtonControl.kt @@ -0,0 +1,39 @@ +/* + * Tencent is pleased to support the open source community by making BK-CI 蓝鲸持续集成平台 available. + * + * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. + * + * BK-CI 蓝鲸持续集成平台 is licensed under the MIT license. + * + * A copy of the MIT License is included in this file. + * + * + * Terms of the MIT License: + * --------------------------------------------------- + * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated + * documentation files (the "Software"), to deal in the Software without restriction, including without limitation the + * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all copies or substantial portions of + * the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT + * LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN + * NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, + * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + */ + +package com.tencent.devops.auth.pojo.enum + +enum class RemoveMemberButtonControl { + // 唯一管理员,不允许移出组 + UNIQUE_MANAGER, + + // 通过模板加入,不允许移出组 + TEMPLATE, + + // 其他,允许移出组 + OTHER +} diff --git a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/vo/GroupDetailsInfoVo.kt b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/vo/GroupDetailsInfoVo.kt new file mode 100644 index 00000000000..d4b223d6267 --- /dev/null +++ b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/vo/GroupDetailsInfoVo.kt @@ -0,0 +1,31 @@ +package com.tencent.devops.auth.pojo.vo + +import com.tencent.devops.auth.pojo.enum.OperateSource +import com.tencent.devops.auth.pojo.enum.RemoveMemberButtonControl +import io.swagger.v3.oas.annotations.media.Schema + +@Schema(title = "用户组详细信息") +data class GroupDetailsInfoVo( + @get:Schema(title = "资源实例code") + val resourceCode: String, + @get:Schema(title = "资源实例名称") + val resourceName: String, + @get:Schema(title = "用户组ID") + val groupId: Int, + @get:Schema(title = "用户组名称") + val groupName: String, + @get:Schema(title = "用户组描述") + val groupDesc: String, + @get:Schema(title = "有效期,天") + val validityPeriod: Int, + @get:Schema(title = "过期时间戳,秒") + val expiredAt: Long, + @get:Schema(title = "加入时间") + val joinedTime: String, + @get:Schema(title = "移除成员按钮控制") + val removeMemberButtonControl: RemoveMemberButtonControl, + @get:Schema(title = "操作来源,直接加入/API加入") + val operateSource: OperateSource, + @get:Schema(title = "操作人") + val operator: String +) diff --git a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/vo/IamGroupInfoVo.kt b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/vo/IamGroupInfoVo.kt index 0bb72a20556..20d499b4e42 100644 --- a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/vo/IamGroupInfoVo.kt +++ b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/vo/IamGroupInfoVo.kt @@ -17,5 +17,7 @@ data class IamGroupInfoVo( @get:Schema(title = "用户组人数") val userCount: Int, @get:Schema(title = "用户组部门数") - val departmentCount: Int = 0 + val departmentCount: Int = 0, + @get:Schema(title = "是否为项目成员组") + val projectMemberGroup: Boolean? = null ) diff --git a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/vo/MemberGroupCountWithPermissionsVo.kt b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/vo/MemberGroupCountWithPermissionsVo.kt new file mode 100644 index 00000000000..2240c00f4de --- /dev/null +++ b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/vo/MemberGroupCountWithPermissionsVo.kt @@ -0,0 +1,11 @@ +package com.tencent.devops.auth.pojo.vo + +import io.swagger.v3.oas.annotations.media.Schema + +@Schema(title = "用户有权限的用户组数量") +data class MemberGroupCountWithPermissionsVo( + @get:Schema(title = "资源类型") + val resourceType: String, + @get:Schema(title = "数量") + val count: Int +) diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/RbacPermissionResourceGroupService.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/RbacPermissionResourceGroupService.kt index 4704349b204..368d1a06294 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/RbacPermissionResourceGroupService.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/RbacPermissionResourceGroupService.kt @@ -234,16 +234,17 @@ class RbacPermissionResourceGroupService @Autowired constructor( userId: String, projectId: String, resourceType: String, - groupId: Int, memberRenewalDTO: GroupMemberRenewalDTO ): Boolean { - logger.info("renewal group member|$userId|$projectId|$resourceType|$groupId") - val managerMemberGroupDTO = GroupMemberRenewApplicationDTO.builder() - .groupIds(listOf(groupId)) - .expiredAt(memberRenewalDTO.expiredAt) - .reason("renewal user group") - .applicant(userId).build() - iamV2ManagerService.renewalRoleGroupMemberApplication(managerMemberGroupDTO) + logger.info("renewal group member|$userId|$projectId|$resourceType|${memberRenewalDTO.groupId}") + with(memberRenewalDTO) { + val managerMemberGroupDTO = GroupMemberRenewApplicationDTO.builder() + .groupIds(listOf(groupId)) + .expiredAt(expiredAt) + .reason("renewal user group") + .applicant(member).build() + iamV2ManagerService.renewalRoleGroupMemberApplication(managerMemberGroupDTO) + } return true } diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/sample/service/SamplePermissionResourceGroupService.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/sample/service/SamplePermissionResourceGroupService.kt index 85b0245b8b1..1dbd5088c4d 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/sample/service/SamplePermissionResourceGroupService.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/sample/service/SamplePermissionResourceGroupService.kt @@ -70,7 +70,6 @@ class SamplePermissionResourceGroupService : PermissionResourceGroupService { userId: String, projectId: String, resourceType: String, - groupId: Int, memberRenewalDTO: GroupMemberRenewalDTO ): Boolean { return true diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserAuthResourceGroupResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserAuthResourceGroupResourceImpl.kt index f8e576da207..c445d3e22b7 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserAuthResourceGroupResourceImpl.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserAuthResourceGroupResourceImpl.kt @@ -28,11 +28,15 @@ package com.tencent.devops.auth.resources +import com.tencent.bk.sdk.iam.constants.ManagerScopesEnum import com.tencent.devops.auth.api.user.UserAuthResourceGroupResource import com.tencent.devops.auth.pojo.dto.GroupMemberRenewalDTO import com.tencent.devops.auth.pojo.dto.RenameGroupDTO +import com.tencent.devops.auth.pojo.vo.GroupDetailsInfoVo import com.tencent.devops.auth.pojo.vo.IamGroupPoliciesVo +import com.tencent.devops.auth.pojo.vo.MemberGroupCountWithPermissionsVo import com.tencent.devops.auth.service.iam.PermissionResourceGroupService +import com.tencent.devops.common.api.pojo.Pagination import com.tencent.devops.common.api.pojo.Result import com.tencent.devops.common.web.RestResource import org.springframework.beans.factory.annotation.Autowired @@ -57,11 +61,37 @@ class UserAuthResourceGroupResourceImpl @Autowired constructor( ) } + override fun getMemberGroupCountWithPermissions( + userId: String, + projectId: String, + type: ManagerScopesEnum, + member: String + ): Result> { + return Result( + emptyList() + ) + } + + override fun getMemberGroupsWithPermissions( + userId: String, + projectId: String, + resourceType: String, + member: String, + offset: Int, + limit: Int + ): Result> { + return Result( + Pagination( + hasNext = false, + records = emptyList() + ) + ) + } + override fun renewal( userId: String, projectId: String, resourceType: String, - groupId: Int, memberRenewalDTO: GroupMemberRenewalDTO ): Result { return Result( @@ -69,7 +99,6 @@ class UserAuthResourceGroupResourceImpl @Autowired constructor( userId = userId, projectId = projectId, resourceType = resourceType, - groupId = groupId, memberRenewalDTO = memberRenewalDTO ) ) diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserAuthResourceMemberResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserAuthResourceMemberResourceImpl.kt new file mode 100644 index 00000000000..88401aeb1ca --- /dev/null +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserAuthResourceMemberResourceImpl.kt @@ -0,0 +1,63 @@ +package com.tencent.devops.auth.resources + +import com.tencent.bk.sdk.iam.constants.ManagerScopesEnum +import com.tencent.devops.auth.api.user.UserAuthResourceMemberResource +import com.tencent.devops.auth.pojo.MemberInfo +import com.tencent.devops.auth.pojo.dto.GroupMemberHandoverDTO +import com.tencent.devops.auth.pojo.dto.GroupMemberRemoveDTO +import com.tencent.devops.auth.pojo.dto.GroupMemberRenewalDTO +import com.tencent.devops.common.api.pojo.Pagination +import com.tencent.devops.common.api.pojo.Result +import com.tencent.devops.common.web.RestResource + +@RestResource +class UserAuthResourceMemberResourceImpl : UserAuthResourceMemberResource { + override fun listProjectMembers( + userId: String, + projectId: String, + userName: String?, + deptName: String?, + page: Int, + pageSize: Int + ): Result> { + return Result( + Pagination( + hasNext = false, + records = emptyList() + ) + ) + } + + override fun batchRenewalGroupMembers( + userId: String, + projectId: String, + batchRenewalMemberDTO: List + ): Result { + return Result(true) + } + + override fun batchRemoveGroupMembers( + userId: String, + projectId: String, + batchRemoveMemberDTO: List + ): Result { + return Result(true) + } + + override fun batchHandoverGroupMembers( + userId: String, + projectId: String, + batchHandoverMemberDTO: List + ): Result { + return Result(true) + } + + override fun removeMemberFromProject( + userId: String, + projectId: String, + type: ManagerScopesEnum, + member: String + ): Result?> { + return Result(emptyList()) + } +} diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/iam/PermissionResourceGroupService.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/iam/PermissionResourceGroupService.kt index 49f4b54e25b..c8879949176 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/iam/PermissionResourceGroupService.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/iam/PermissionResourceGroupService.kt @@ -74,7 +74,6 @@ interface PermissionResourceGroupService { userId: String, projectId: String, resourceType: String, - groupId: Int, memberRenewalDTO: GroupMemberRenewalDTO ): Boolean