feat: 权限中心v3默认用户组支持op配置权限组合 TencentBlueKing#5418

fitzcao · Mar 2, 2022 · 04e8b87 · 04e8b87
1 parent 141a81f
commit 04e8b87
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 53 deletions.
diff --git a/...ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/constant/AuthMessageCode.kt b/...ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/constant/AuthMessageCode.kt
@@ -55,6 +55,7 @@ object AuthMessageCode {
     const val DEFAULT_GROUP_UPDATE_NAME_ERROR = "2121010" // 权限系统：该分组为默认分组,不允许重命名
     const val CAN_NOT_FIND_RELATION = "2121011" // 权限系统：用户组无关联系统用户组
     const val IAM_SYSTEM_ERROR = "2121012" // 权限系统：Iam权限中心异常。异常信息{0}
+    const val USER_NOT_EXIST = "2121012" // 权限系统: 用户中心非法用户/组织 {0}
 
     const val TOKEN_TICKET_FAIL = "2121106" // 权限系统：token校验失败
     const val PARENT_TYPE_FAIL = "2121107" // 权限系统：父类资源必须为"项目"

diff --git a/...core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/AuthDeptServiceImpl.kt b/...core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/AuthDeptServiceImpl.kt
@@ -39,6 +39,7 @@ import com.tencent.devops.auth.common.Constants.HTTP_RESULT
 import com.tencent.devops.auth.common.Constants.NAME
 import com.tencent.devops.auth.common.Constants.USERNAME
 import com.tencent.devops.auth.common.Constants.USER_LABLE
+import com.tencent.devops.auth.constant.AuthMessageCode
 import com.tencent.devops.auth.entity.SearchUserAndDeptEntity
 import com.tencent.devops.auth.entity.SearchDeptUserEntity
 import com.tencent.devops.auth.entity.SearchProfileDeptEntity
@@ -47,11 +48,12 @@ import com.tencent.devops.auth.entity.UserDeptTreeInfo
 import com.tencent.devops.auth.pojo.vo.BkUserInfoVo
 import com.tencent.devops.auth.pojo.vo.DeptInfoVo
 import com.tencent.devops.auth.pojo.vo.UserAndDeptInfoVo
-import com.tencent.devops.common.api.exception.RemoteServiceException
+import com.tencent.devops.common.api.exception.OperationException
 import com.tencent.devops.common.api.util.JsonUtil
 import com.tencent.devops.common.api.util.OkhttpUtils
 import com.tencent.devops.common.auth.api.pojo.EsbBaseReq
 import com.tencent.devops.common.redis.RedisOperation
+import com.tencent.devops.common.service.utils.MessageCodeUtil
 import okhttp3.MediaType
 import okhttp3.Request
 import okhttp3.RequestBody
@@ -286,16 +288,22 @@ class AuthDeptServiceImpl @Autowired constructor(
         OkhttpUtils.doHttp(request).use {
             if (!it.isSuccessful) {
                 // 请求错误
-                throw RemoteServiceException("call user center fail, response: ($it)")
+                logger.warn("call user center fail, $url| $searchEntity|response: ($it)")
+                throw OperationException(
+                    MessageCodeUtil.getCodeLanMessage(
+                    messageCode = AuthMessageCode.USER_NOT_EXIST
+                ))
             }
             val responseStr = it.body()!!.string()
             logger.info("user center response： $responseStr")
             val responseDTO = JsonUtil.to(responseStr, ResponseDTO::class.java)
             if (responseDTO.code != 0L || responseDTO.result == false) {
                 // 请求错误
-                throw RemoteServiceException(
-                    "call user center fail: $responseStr"
-                )
+                logger.warn("call user center fail, $url| $searchEntity| response: ($it)")
+                throw OperationException(
+                    MessageCodeUtil.getCodeLanMessage(
+                        messageCode = AuthMessageCode.USER_NOT_EXIST
+                    ))
             }
             logger.info("user center response：${objectMapper.writeValueAsString(responseDTO.data)}")
             return objectMapper.writeValueAsString(responseDTO.data)

diff --git a/...h/src/main/kotlin/com/tencent/devops/auth/service/iam/impl/IamPermissionRoleExtService.kt b/...h/src/main/kotlin/com/tencent/devops/auth/service/iam/impl/IamPermissionRoleExtService.kt
@@ -213,71 +213,23 @@ open class IamPermissionRoleExtService @Autowired constructor(
     }
 
     private fun addDevelopPermission(roleId: Int, projectCode: String) {
-//        val actions = mutableListOf<String>()
-//        actions.add(PROJECT)
-//        actions.add(PIPELINEACTION)
-//        actions.add(CREDENTIALACTION)
-//        actions.add(CERTACTION)
-//        actions.add(REPERTORYACTION)
-//        actions.add(ENVIRONMENTACTION)
-//        actions.add(NODEACTION)
-//        actions.add(REPORTACTION)
-//        val authorizationScopes = buildCreateAuthorizationScopes(actions, projectCode)
-//        iamManagerService.createRolePermission(roleId, authorizationScopes)
         addIamGroupAction(roleId, projectCode, DefaultGroupType.DEVELOPER)
     }
 
     private fun addTestPermission(roleId: Int, projectCode: String) {
         val actions = mutableListOf<String>()
-//        actions.add(PROJECT)
-//        actions.add(PIPELINEACTION)
-//        actions.add(CREDENTIALACTION)
-//        actions.add(REPERTORYACTION)
-//        actions.add(ENVIRONMENTACTION)
-//        actions.add(NODEACTION)
-//        val authorizationScopes = buildCreateAuthorizationScopes(actions, projectCode)
-//        iamManagerService.createRolePermission(roleId, authorizationScopes)
         addIamGroupAction(roleId, projectCode, DefaultGroupType.TESTER)
     }
 
     private fun addPMPermission(roleId: Int, projectCode: String) {
-//        val actions = mutableListOf<String>()
-//        actions.add(PROJECT)
-//        actions.add(CREDENTIALACTION)
-//        actions.add(REPERTORYACTION)
-//        val authorizationScopes = buildCreateAuthorizationScopes(actions, projectCode)
-//        iamManagerService.createRolePermission(roleId, authorizationScopes)
         addIamGroupAction(roleId, projectCode, DefaultGroupType.PM)
     }
 
     private fun addQCPermission(roleId: Int, projectCode: String) {
-//        val createActions = mutableListOf<String>()
-//        createActions.add(PROJECT)
-//        createActions.add(CREDENTIALACTION)
-//        createActions.add(REPERTORYACTION)
-//        createActions.add(RULECREATEACTION)
-//        createActions.add(GROUPCREATEACTION)
-//        val createAuthorizationScopes = buildCreateAuthorizationScopes(createActions, projectCode)
-//        iamManagerService.createRolePermission(roleId, createAuthorizationScopes)
-//        val ruleAction = RULEACTION.split(",")
-//        val ruleAuthorizationScopes = buildOtherAuthorizationScopes(ruleAction, projectCode, "rule")
-//        iamManagerService.createRolePermission(roleId, ruleAuthorizationScopes)
-//        val groupAction = GROUPACTION.split(",")
-//        val groupAuthorizationScopes = buildOtherAuthorizationScopes(groupAction, projectCode, "quality_group")
-//        iamManagerService.createRolePermission(roleId, groupAuthorizationScopes)
         addIamGroupAction(roleId, projectCode, DefaultGroupType.QC)
     }
 
     private fun addMaintainerPermission(roleId: Int, projectCode: String) {
-//        val actions = mutableListOf<String>()
-//        actions.add(PROJECT)
-//        actions.add(PIPELINEACTION)
-//        actions.add(CREDENTIALACTION)
-//        actions.add(REPERTORYACTION)
-//        actions.add(ENVIRONMENTACTION)
-//        actions.add(NODEACTION)
-//        val authorizationScopes = buildCreateAuthorizationScopes(actions, projectCode)
-//        iamManagerService.createRolePermission(roleId, authorizationScopes)
         addIamGroupAction(roleId, projectCode, DefaultGroupType.MAINTAINER)
     }