From 04e8b87e7b1ac5ea539e6786e6b2e441f315a622 Mon Sep 17 00:00:00 2001 From: fitzcao Date: Wed, 2 Mar 2022 15:22:30 +0800 Subject: [PATCH] =?UTF-8?q?feat:=20=E6=9D=83=E9=99=90=E4=B8=AD=E5=BF=83v3?= =?UTF-8?q?=E9=BB=98=E8=AE=A4=E7=94=A8=E6=88=B7=E7=BB=84=E6=94=AF=E6=8C=81?= =?UTF-8?q?op=E9=85=8D=E7=BD=AE=E6=9D=83=E9=99=90=E7=BB=84=E5=90=88=20#541?= =?UTF-8?q?8?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../devops/auth/constant/AuthMessageCode.kt | 1 + .../auth/service/AuthDeptServiceImpl.kt | 18 +++++-- .../iam/impl/IamPermissionRoleExtService.kt | 48 ------------------- 3 files changed, 14 insertions(+), 53 deletions(-) diff --git a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/constant/AuthMessageCode.kt b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/constant/AuthMessageCode.kt index f627ab79144..f235e3eebaf 100644 --- a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/constant/AuthMessageCode.kt +++ b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/constant/AuthMessageCode.kt @@ -55,6 +55,7 @@ object AuthMessageCode { const val DEFAULT_GROUP_UPDATE_NAME_ERROR = "2121010" // 权限系统:该分组为默认分组,不允许重命名 const val CAN_NOT_FIND_RELATION = "2121011" // 权限系统:用户组无关联系统用户组 const val IAM_SYSTEM_ERROR = "2121012" // 权限系统:Iam权限中心异常。异常信息{0} + const val USER_NOT_EXIST = "2121012" // 权限系统: 用户中心非法用户/组织 {0} const val TOKEN_TICKET_FAIL = "2121106" // 权限系统:token校验失败 const val PARENT_TYPE_FAIL = "2121107" // 权限系统:父类资源必须为"项目" diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/AuthDeptServiceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/AuthDeptServiceImpl.kt index fc32a7bfd17..59ea85e4c07 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/AuthDeptServiceImpl.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/AuthDeptServiceImpl.kt @@ -39,6 +39,7 @@ import com.tencent.devops.auth.common.Constants.HTTP_RESULT import com.tencent.devops.auth.common.Constants.NAME import com.tencent.devops.auth.common.Constants.USERNAME import com.tencent.devops.auth.common.Constants.USER_LABLE +import com.tencent.devops.auth.constant.AuthMessageCode import com.tencent.devops.auth.entity.SearchUserAndDeptEntity import com.tencent.devops.auth.entity.SearchDeptUserEntity import com.tencent.devops.auth.entity.SearchProfileDeptEntity @@ -47,11 +48,12 @@ import com.tencent.devops.auth.entity.UserDeptTreeInfo import com.tencent.devops.auth.pojo.vo.BkUserInfoVo import com.tencent.devops.auth.pojo.vo.DeptInfoVo import com.tencent.devops.auth.pojo.vo.UserAndDeptInfoVo -import com.tencent.devops.common.api.exception.RemoteServiceException +import com.tencent.devops.common.api.exception.OperationException import com.tencent.devops.common.api.util.JsonUtil import com.tencent.devops.common.api.util.OkhttpUtils import com.tencent.devops.common.auth.api.pojo.EsbBaseReq import com.tencent.devops.common.redis.RedisOperation +import com.tencent.devops.common.service.utils.MessageCodeUtil import okhttp3.MediaType import okhttp3.Request import okhttp3.RequestBody @@ -286,16 +288,22 @@ class AuthDeptServiceImpl @Autowired constructor( OkhttpUtils.doHttp(request).use { if (!it.isSuccessful) { // 请求错误 - throw RemoteServiceException("call user center fail, response: ($it)") + logger.warn("call user center fail, $url| $searchEntity|response: ($it)") + throw OperationException( + MessageCodeUtil.getCodeLanMessage( + messageCode = AuthMessageCode.USER_NOT_EXIST + )) } val responseStr = it.body()!!.string() logger.info("user center response: $responseStr") val responseDTO = JsonUtil.to(responseStr, ResponseDTO::class.java) if (responseDTO.code != 0L || responseDTO.result == false) { // 请求错误 - throw RemoteServiceException( - "call user center fail: $responseStr" - ) + logger.warn("call user center fail, $url| $searchEntity| response: ($it)") + throw OperationException( + MessageCodeUtil.getCodeLanMessage( + messageCode = AuthMessageCode.USER_NOT_EXIST + )) } logger.info("user center response:${objectMapper.writeValueAsString(responseDTO.data)}") return objectMapper.writeValueAsString(responseDTO.data) diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/iam/impl/IamPermissionRoleExtService.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/iam/impl/IamPermissionRoleExtService.kt index 07973017173..eff51db1ecc 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/iam/impl/IamPermissionRoleExtService.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/iam/impl/IamPermissionRoleExtService.kt @@ -213,71 +213,23 @@ open class IamPermissionRoleExtService @Autowired constructor( } private fun addDevelopPermission(roleId: Int, projectCode: String) { -// val actions = mutableListOf() -// actions.add(PROJECT) -// actions.add(PIPELINEACTION) -// actions.add(CREDENTIALACTION) -// actions.add(CERTACTION) -// actions.add(REPERTORYACTION) -// actions.add(ENVIRONMENTACTION) -// actions.add(NODEACTION) -// actions.add(REPORTACTION) -// val authorizationScopes = buildCreateAuthorizationScopes(actions, projectCode) -// iamManagerService.createRolePermission(roleId, authorizationScopes) addIamGroupAction(roleId, projectCode, DefaultGroupType.DEVELOPER) } private fun addTestPermission(roleId: Int, projectCode: String) { val actions = mutableListOf() -// actions.add(PROJECT) -// actions.add(PIPELINEACTION) -// actions.add(CREDENTIALACTION) -// actions.add(REPERTORYACTION) -// actions.add(ENVIRONMENTACTION) -// actions.add(NODEACTION) -// val authorizationScopes = buildCreateAuthorizationScopes(actions, projectCode) -// iamManagerService.createRolePermission(roleId, authorizationScopes) addIamGroupAction(roleId, projectCode, DefaultGroupType.TESTER) } private fun addPMPermission(roleId: Int, projectCode: String) { -// val actions = mutableListOf() -// actions.add(PROJECT) -// actions.add(CREDENTIALACTION) -// actions.add(REPERTORYACTION) -// val authorizationScopes = buildCreateAuthorizationScopes(actions, projectCode) -// iamManagerService.createRolePermission(roleId, authorizationScopes) addIamGroupAction(roleId, projectCode, DefaultGroupType.PM) } private fun addQCPermission(roleId: Int, projectCode: String) { -// val createActions = mutableListOf() -// createActions.add(PROJECT) -// createActions.add(CREDENTIALACTION) -// createActions.add(REPERTORYACTION) -// createActions.add(RULECREATEACTION) -// createActions.add(GROUPCREATEACTION) -// val createAuthorizationScopes = buildCreateAuthorizationScopes(createActions, projectCode) -// iamManagerService.createRolePermission(roleId, createAuthorizationScopes) -// val ruleAction = RULEACTION.split(",") -// val ruleAuthorizationScopes = buildOtherAuthorizationScopes(ruleAction, projectCode, "rule") -// iamManagerService.createRolePermission(roleId, ruleAuthorizationScopes) -// val groupAction = GROUPACTION.split(",") -// val groupAuthorizationScopes = buildOtherAuthorizationScopes(groupAction, projectCode, "quality_group") -// iamManagerService.createRolePermission(roleId, groupAuthorizationScopes) addIamGroupAction(roleId, projectCode, DefaultGroupType.QC) } private fun addMaintainerPermission(roleId: Int, projectCode: String) { -// val actions = mutableListOf() -// actions.add(PROJECT) -// actions.add(PIPELINEACTION) -// actions.add(CREDENTIALACTION) -// actions.add(REPERTORYACTION) -// actions.add(ENVIRONMENTACTION) -// actions.add(NODEACTION) -// val authorizationScopes = buildCreateAuthorizationScopes(actions, projectCode) -// iamManagerService.createRolePermission(roleId, authorizationScopes) addIamGroupAction(roleId, projectCode, DefaultGroupType.MAINTAINER) }