From b0680b3c859b054343e08348f00f547b2327fb43 Mon Sep 17 00:00:00 2001 From: yaoxuwan Date: Thu, 31 Oct 2024 16:49:44 +0800 Subject: [PATCH] =?UTF-8?q?feat:=20PermissionManager=E7=A7=BB=E9=99=A4repo?= =?UTF-8?q?sitory=20feign=E8=B0=83=E7=94=A8=20#2695?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../ScannerPermissionCheckHandler.kt | 2 +- .../archive/core/compress/BDZipManagerTest.kt | 4 - .../auth/service/impl/ProxyServiceImpl.kt | 4 +- .../ArtifactPermissionCheckHandler.kt | 2 +- .../ArtifactPermissionConfiguration.kt | 2 +- .../repository/redirect/CosRedirectService.kt | 2 +- .../repository/virtual/VirtualRepository.kt | 2 +- .../metadata/MetadataAutoConfiguration.kt | 89 ++++++++++++++++++- .../permission}/EdgePermissionManager.kt | 32 +++---- .../metadata/permission}/PermissionManager.kt | 53 ++++------- .../permission}/ProxyPermissionManager.kt | 28 +++--- .../search/common/CommonQueryInterpreter.kt | 2 +- .../search/common/RepoNameRuleInterceptor.kt | 8 +- .../search/node/NodeModelInterceptor.kt | 4 +- .../search/node/NodeQueryInterpreter.kt | 2 +- .../packages/PackageSearchInterpreter.kt | 2 +- .../service/log/OperateLogConfiguration.kt | 2 - .../service/node/PipelineNodeService.kt | 2 +- .../node/impl/PipelineNodeServiceImpl.kt | 4 +- .../security/SecurityAutoConfiguration.kt | 79 +--------------- .../actuator/ActuatorAuthConfiguration.kt | 7 +- .../actuator/ActuatorAuthInterceptor.kt | 6 +- .../security/manager/PrincipalManager.kt | 54 +++++++++++ .../DefaultPermissionCheckHandler.kt | 6 +- .../permission/PermissionConfiguration.kt | 6 +- .../bkrepo/ddc/component/PermissionHelper.kt | 2 +- .../artifact/GenericLocalRepository.kt | 8 +- .../generic/controller/GenericController.kt | 2 +- .../controller/TemporaryAccessController.kt | 2 +- .../bkrepo/generic/service/ProxyService.kt | 2 +- .../generic/service/TemporaryAccessService.kt | 2 +- .../helm/service/impl/HelmOperationService.kt | 2 +- .../task/storage/StorageReconcileJobTest.kt | 4 - .../bkrepo/lfs/service/ObjectService.kt | 2 +- .../media/controller/UserStreamController.kt | 2 +- .../bkrepo/media/service/TokenService.kt | 2 +- .../oci/service/impl/OciBlobServiceImpl.kt | 2 +- .../opdata/controller/FsClientController.kt | 2 +- .../opdata/controller/ProjectController.kt | 4 +- .../api/EdgePullReplicaTaskController.kt | 2 +- .../service/ArtifactReplicaController.kt | 2 +- .../repository/api/PipelineNodeClient.kt | 1 + .../cluster/ClusterMetadataController.kt | 4 +- .../cluster/ClusterNodeController.kt | 2 +- .../cluster/ClusterPackageController.kt | 2 +- .../ClusterPackageDependentsController.kt | 2 +- .../cluster/ClusterRepositoryController.kt | 4 +- .../cluster/ClusterStageController.kt | 2 +- .../service/PipelineNodeController.kt | 2 +- .../controller/user/FavoriteController.kt | 8 +- .../user/UserArtifactPreloadController.kt | 2 +- .../controller/user/UserListViewController.kt | 2 +- .../user/UserMetadataLabelController.kt | 2 +- .../controller/user/UserNodeController.kt | 4 +- .../user/UserOperateLogController.kt | 4 +- .../user/UserPackageDownloadsController.kt | 2 +- .../controller/user/UserPipelineController.kt | 2 +- .../controller/user/UserProjectController.kt | 4 +- .../user/UserRepositoryController.kt | 4 +- .../controller/user/UserShareController.kt | 2 +- .../repository/service/ServiceBaseTest.kt | 2 +- .../service/impl/WebHookServiceImpl.kt | 2 +- .../bkrepo/webhook/service/ServiceBaseTest.kt | 2 +- 63 files changed, 277 insertions(+), 230 deletions(-) rename src/backend/common/{common-security/src/main/kotlin/com/tencent/bkrepo/common/security/manager/edge => common-metadata/metadata-service/src/main/kotlin/com/tencent/bkrepo/common/metadata/permission}/EdgePermissionManager.kt (82%) rename src/backend/common/{common-security/src/main/kotlin/com/tencent/bkrepo/common/security/manager => common-metadata/metadata-service/src/main/kotlin/com/tencent/bkrepo/common/metadata/permission}/PermissionManager.kt (92%) rename src/backend/common/{common-security/src/main/kotlin/com/tencent/bkrepo/common/security/manager/proxy => common-metadata/metadata-service/src/main/kotlin/com/tencent/bkrepo/common/metadata/permission}/ProxyPermissionManager.kt (84%) rename src/backend/{repository/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository => common/common-metadata/metadata-service/src/main/kotlin/com/tencent/bkrepo/common/metadata}/service/node/PipelineNodeService.kt (97%) rename src/backend/{repository/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository => common/common-metadata/metadata-service/src/main/kotlin/com/tencent/bkrepo/common/metadata}/service/node/impl/PipelineNodeServiceImpl.kt (95%) create mode 100644 src/backend/common/common-security/src/main/kotlin/com/tencent/bkrepo/common/security/manager/PrincipalManager.kt diff --git a/src/backend/analyst/biz-analyst/src/main/kotlin/com/tencent/bkrepo/analyst/component/ScannerPermissionCheckHandler.kt b/src/backend/analyst/biz-analyst/src/main/kotlin/com/tencent/bkrepo/analyst/component/ScannerPermissionCheckHandler.kt index 5e747a7583..d776b93b68 100644 --- a/src/backend/analyst/biz-analyst/src/main/kotlin/com/tencent/bkrepo/analyst/component/ScannerPermissionCheckHandler.kt +++ b/src/backend/analyst/biz-analyst/src/main/kotlin/com/tencent/bkrepo/analyst/component/ScannerPermissionCheckHandler.kt @@ -32,13 +32,13 @@ import com.tencent.bkrepo.auth.pojo.enums.ResourceType import com.tencent.bkrepo.common.artifact.constant.PROJECT_ID import com.tencent.bkrepo.common.artifact.repository.context.ArtifactContextHolder import com.tencent.bkrepo.common.security.exception.PermissionException -import com.tencent.bkrepo.common.security.manager.PermissionManager import com.tencent.bkrepo.common.security.permission.Permission import com.tencent.bkrepo.common.security.permission.PermissionCheckHandler import com.tencent.bkrepo.common.security.permission.Principal import com.tencent.bkrepo.common.security.util.SecurityUtils import com.tencent.bkrepo.common.service.util.HttpContextHolder import com.tencent.bkrepo.analyst.model.SubScanTaskDefinition +import com.tencent.bkrepo.common.metadata.permission.PermissionManager import com.tencent.bkrepo.common.artifact.pojo.RepositoryId import com.tencent.bkrepo.common.security.permission.PrincipalType import org.springframework.context.annotation.Primary diff --git a/src/backend/archive/biz-archive/src/test/kotlin/com/tencent/bkrepo/archive/core/compress/BDZipManagerTest.kt b/src/backend/archive/biz-archive/src/test/kotlin/com/tencent/bkrepo/archive/core/compress/BDZipManagerTest.kt index f890ce6254..6ca58de3f5 100644 --- a/src/backend/archive/biz-archive/src/test/kotlin/com/tencent/bkrepo/archive/core/compress/BDZipManagerTest.kt +++ b/src/backend/archive/biz-archive/src/test/kotlin/com/tencent/bkrepo/archive/core/compress/BDZipManagerTest.kt @@ -13,7 +13,6 @@ import com.tencent.bkrepo.common.bksync.file.BkSyncDeltaSource.Companion.toBkSyn import com.tencent.bkrepo.common.metadata.service.file.FileReferenceService import com.tencent.bkrepo.common.storage.StorageAutoConfiguration import com.tencent.bkrepo.common.storage.core.StorageService -import com.tencent.bkrepo.repository.api.RepositoryClient import org.junit.jupiter.api.AfterEach import org.junit.jupiter.api.Assertions import org.junit.jupiter.api.BeforeEach @@ -44,9 +43,6 @@ class BDZipManagerTest @Autowired constructor( @MockBean lateinit var fileReferenceService: FileReferenceService - @MockBean - lateinit var repositoryClient: RepositoryClient - private val timeout = Duration.ofSeconds(10) @BeforeEach diff --git a/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/service/impl/ProxyServiceImpl.kt b/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/service/impl/ProxyServiceImpl.kt index eccaf04b75..db0469f24b 100644 --- a/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/service/impl/ProxyServiceImpl.kt +++ b/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/service/impl/ProxyServiceImpl.kt @@ -27,6 +27,7 @@ package com.tencent.bkrepo.auth.service.impl +import com.tencent.bkrepo.auth.dao.ProxyDao import com.tencent.bkrepo.auth.message.AuthMessageCode import com.tencent.bkrepo.auth.model.TProxy import com.tencent.bkrepo.auth.pojo.enums.PermissionAction @@ -37,15 +38,14 @@ import com.tencent.bkrepo.auth.pojo.proxy.ProxyListOption import com.tencent.bkrepo.auth.pojo.proxy.ProxyStatus import com.tencent.bkrepo.auth.pojo.proxy.ProxyStatusRequest import com.tencent.bkrepo.auth.pojo.proxy.ProxyUpdateRequest -import com.tencent.bkrepo.auth.dao.ProxyDao import com.tencent.bkrepo.auth.service.ProxyService import com.tencent.bkrepo.common.api.constant.StringPool import com.tencent.bkrepo.common.api.exception.ErrorCodeException import com.tencent.bkrepo.common.api.pojo.Page import com.tencent.bkrepo.common.api.util.Preconditions import com.tencent.bkrepo.common.api.util.UrlFormatter +import com.tencent.bkrepo.common.metadata.permission.PermissionManager import com.tencent.bkrepo.common.mongo.dao.util.Pages -import com.tencent.bkrepo.common.security.manager.PermissionManager import com.tencent.bkrepo.common.security.util.AESUtils import com.tencent.bkrepo.common.security.util.SecurityUtils import com.tencent.bkrepo.common.service.util.HttpContextHolder diff --git a/src/backend/common/common-artifact/artifact-service/src/main/kotlin/com/tencent/bkrepo/common/artifact/permission/ArtifactPermissionCheckHandler.kt b/src/backend/common/common-artifact/artifact-service/src/main/kotlin/com/tencent/bkrepo/common/artifact/permission/ArtifactPermissionCheckHandler.kt index 8a50c29e20..edcfb263e3 100644 --- a/src/backend/common/common-artifact/artifact-service/src/main/kotlin/com/tencent/bkrepo/common/artifact/permission/ArtifactPermissionCheckHandler.kt +++ b/src/backend/common/common-artifact/artifact-service/src/main/kotlin/com/tencent/bkrepo/common/artifact/permission/ArtifactPermissionCheckHandler.kt @@ -34,8 +34,8 @@ package com.tencent.bkrepo.common.artifact.permission import com.tencent.bkrepo.auth.pojo.enums.ResourceType import com.tencent.bkrepo.common.artifact.constant.PROJECT_ID import com.tencent.bkrepo.common.artifact.repository.context.ArtifactContextHolder +import com.tencent.bkrepo.common.metadata.permission.PermissionManager import com.tencent.bkrepo.common.security.exception.PermissionException -import com.tencent.bkrepo.common.security.manager.PermissionManager import com.tencent.bkrepo.common.security.permission.Permission import com.tencent.bkrepo.common.security.permission.PermissionCheckHandler import com.tencent.bkrepo.common.security.permission.Principal diff --git a/src/backend/common/common-artifact/artifact-service/src/main/kotlin/com/tencent/bkrepo/common/artifact/permission/ArtifactPermissionConfiguration.kt b/src/backend/common/common-artifact/artifact-service/src/main/kotlin/com/tencent/bkrepo/common/artifact/permission/ArtifactPermissionConfiguration.kt index c4233ffb02..7246f7e06b 100644 --- a/src/backend/common/common-artifact/artifact-service/src/main/kotlin/com/tencent/bkrepo/common/artifact/permission/ArtifactPermissionConfiguration.kt +++ b/src/backend/common/common-artifact/artifact-service/src/main/kotlin/com/tencent/bkrepo/common/artifact/permission/ArtifactPermissionConfiguration.kt @@ -31,7 +31,7 @@ package com.tencent.bkrepo.common.artifact.permission -import com.tencent.bkrepo.common.security.manager.PermissionManager +import com.tencent.bkrepo.common.metadata.permission.PermissionManager import com.tencent.bkrepo.common.security.permission.PermissionCheckHandler import org.springframework.context.annotation.Bean import org.springframework.context.annotation.Configuration diff --git a/src/backend/common/common-artifact/artifact-service/src/main/kotlin/com/tencent/bkrepo/common/artifact/repository/redirect/CosRedirectService.kt b/src/backend/common/common-artifact/artifact-service/src/main/kotlin/com/tencent/bkrepo/common/artifact/repository/redirect/CosRedirectService.kt index 0bfdd3dd15..41798791ac 100644 --- a/src/backend/common/common-artifact/artifact-service/src/main/kotlin/com/tencent/bkrepo/common/artifact/repository/redirect/CosRedirectService.kt +++ b/src/backend/common/common-artifact/artifact-service/src/main/kotlin/com/tencent/bkrepo/common/artifact/repository/redirect/CosRedirectService.kt @@ -37,7 +37,7 @@ import com.tencent.bkrepo.common.artifact.stream.Range import com.tencent.bkrepo.common.artifact.util.http.HttpHeaderUtils.determineMediaType import com.tencent.bkrepo.common.artifact.util.http.HttpHeaderUtils.encodeDisposition import com.tencent.bkrepo.common.artifact.util.http.HttpRangeUtils -import com.tencent.bkrepo.common.security.manager.PermissionManager +import com.tencent.bkrepo.common.metadata.permission.PermissionManager import com.tencent.bkrepo.common.security.util.SecurityUtils import com.tencent.bkrepo.common.service.util.HttpContextHolder import com.tencent.bkrepo.common.storage.config.StorageProperties diff --git a/src/backend/common/common-artifact/artifact-service/src/main/kotlin/com/tencent/bkrepo/common/artifact/repository/virtual/VirtualRepository.kt b/src/backend/common/common-artifact/artifact-service/src/main/kotlin/com/tencent/bkrepo/common/artifact/repository/virtual/VirtualRepository.kt index ba2a9ab3a7..b65909c9b6 100644 --- a/src/backend/common/common-artifact/artifact-service/src/main/kotlin/com/tencent/bkrepo/common/artifact/repository/virtual/VirtualRepository.kt +++ b/src/backend/common/common-artifact/artifact-service/src/main/kotlin/com/tencent/bkrepo/common/artifact/repository/virtual/VirtualRepository.kt @@ -42,7 +42,7 @@ import com.tencent.bkrepo.common.artifact.repository.context.ArtifactSearchConte import com.tencent.bkrepo.common.artifact.repository.core.AbstractArtifactRepository import com.tencent.bkrepo.common.artifact.repository.core.ArtifactRepository import com.tencent.bkrepo.common.artifact.resolve.response.ArtifactResource -import com.tencent.bkrepo.common.security.manager.PermissionManager +import com.tencent.bkrepo.common.metadata.permission.PermissionManager import org.slf4j.LoggerFactory import org.springframework.beans.factory.annotation.Autowired diff --git a/src/backend/common/common-metadata/metadata-service/src/main/kotlin/com/tencent/bkrepo/common/metadata/MetadataAutoConfiguration.kt b/src/backend/common/common-metadata/metadata-service/src/main/kotlin/com/tencent/bkrepo/common/metadata/MetadataAutoConfiguration.kt index 971602d22e..7a66eb1c49 100644 --- a/src/backend/common/common-metadata/metadata-service/src/main/kotlin/com/tencent/bkrepo/common/metadata/MetadataAutoConfiguration.kt +++ b/src/backend/common/common-metadata/metadata-service/src/main/kotlin/com/tencent/bkrepo/common/metadata/MetadataAutoConfiguration.kt @@ -27,15 +27,33 @@ package com.tencent.bkrepo.common.metadata +import com.tencent.bkrepo.auth.api.ServiceExternalPermissionClient +import com.tencent.bkrepo.auth.api.ServicePermissionClient +import com.tencent.bkrepo.auth.api.ServiceUserClient +import com.tencent.bkrepo.common.api.pojo.ClusterArchitecture +import com.tencent.bkrepo.common.api.pojo.ClusterNodeType import com.tencent.bkrepo.common.artifact.properties.ArtifactEventProperties import com.tencent.bkrepo.common.artifact.properties.RouterControllerProperties +import com.tencent.bkrepo.common.metadata.condition.SyncCondition import com.tencent.bkrepo.common.metadata.config.RepositoryProperties +import com.tencent.bkrepo.common.metadata.permission.EdgePermissionManager +import com.tencent.bkrepo.common.metadata.permission.PermissionManager +import com.tencent.bkrepo.common.metadata.permission.ProxyPermissionManager import com.tencent.bkrepo.common.metadata.properties.OperateProperties import com.tencent.bkrepo.common.metadata.properties.ProjectUsageStatisticsProperties +import com.tencent.bkrepo.common.metadata.service.node.NodeService +import com.tencent.bkrepo.common.metadata.service.project.ProjectService +import com.tencent.bkrepo.common.metadata.service.repo.RepositoryService +import com.tencent.bkrepo.common.security.http.core.HttpAuthProperties +import com.tencent.bkrepo.common.security.manager.PrincipalManager +import com.tencent.bkrepo.common.service.cluster.properties.ClusterProperties import com.tencent.bkrepo.common.storage.config.StorageProperties +import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication import org.springframework.boot.context.properties.EnableConfigurationProperties +import org.springframework.context.annotation.Bean import org.springframework.context.annotation.ComponentScan +import org.springframework.context.annotation.Conditional import org.springframework.context.annotation.Configuration @Configuration @@ -49,4 +67,73 @@ import org.springframework.context.annotation.Configuration ArtifactEventProperties::class, RepositoryProperties::class, ) -class MetadataAutoConfiguration +class MetadataAutoConfiguration { + + @Bean + @Suppress("LongParameterList") + @Conditional(SyncCondition::class) + fun permissionManager( + projectService: ProjectService, + repositoryService: RepositoryService, + permissionResource: ServicePermissionClient, + externalPermissionResource: ServiceExternalPermissionClient, + userResource: ServiceUserClient, + nodeService: NodeService, + clusterProperties: ClusterProperties, + httpAuthProperties: HttpAuthProperties, + principalManager: PrincipalManager + ): PermissionManager { + return if (clusterProperties.role == ClusterNodeType.EDGE + && clusterProperties.architecture == ClusterArchitecture.COMMIT_EDGE + && clusterProperties.commitEdge.auth.center + ) { + EdgePermissionManager( + projectService = projectService, + repositoryService = repositoryService, + permissionResource = permissionResource, + externalPermissionResource = externalPermissionResource, + userResource = userResource, + nodeService = nodeService, + clusterProperties = clusterProperties, + httpAuthProperties = httpAuthProperties, + principalManager = principalManager + ) + } else { + PermissionManager( + projectService = projectService, + repositoryService = repositoryService, + permissionResource = permissionResource, + externalPermissionResource = externalPermissionResource, + userResource = userResource, + nodeService = nodeService, + httpAuthProperties = httpAuthProperties, + principalManager = principalManager + ) + } + } + + @Bean + @ConditionalOnMissingBean + @Conditional(SyncCondition::class) + fun proxyPermissionManager( + projectService: ProjectService, + repositoryService: RepositoryService, + permissionResource: ServicePermissionClient, + externalPermissionResource: ServiceExternalPermissionClient, + userResource: ServiceUserClient, + nodeService: NodeService, + httpAuthProperties: HttpAuthProperties, + principalManager: PrincipalManager + ): ProxyPermissionManager { + return ProxyPermissionManager( + projectService = projectService, + repositoryService = repositoryService, + permissionResource = permissionResource, + externalPermissionResource = externalPermissionResource, + userResource = userResource, + nodeService = nodeService, + httpAuthProperties = httpAuthProperties, + principalManager = principalManager + ) + } +} diff --git a/src/backend/common/common-security/src/main/kotlin/com/tencent/bkrepo/common/security/manager/edge/EdgePermissionManager.kt b/src/backend/common/common-metadata/metadata-service/src/main/kotlin/com/tencent/bkrepo/common/metadata/permission/EdgePermissionManager.kt similarity index 82% rename from src/backend/common/common-security/src/main/kotlin/com/tencent/bkrepo/common/security/manager/edge/EdgePermissionManager.kt rename to src/backend/common/common-metadata/metadata-service/src/main/kotlin/com/tencent/bkrepo/common/metadata/permission/EdgePermissionManager.kt index 5e3940f9a1..d8acce0fbf 100644 --- a/src/backend/common/common-security/src/main/kotlin/com/tencent/bkrepo/common/security/manager/edge/EdgePermissionManager.kt +++ b/src/backend/common/common-metadata/metadata-service/src/main/kotlin/com/tencent/bkrepo/common/metadata/permission/EdgePermissionManager.kt @@ -25,39 +25,41 @@ * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ -package com.tencent.bkrepo.common.security.manager.edge +package com.tencent.bkrepo.common.metadata.permission -import com.tencent.bkrepo.auth.api.cluster.ClusterPermissionClient -import com.tencent.bkrepo.auth.api.cluster.ClusterUserClient import com.tencent.bkrepo.auth.api.ServiceExternalPermissionClient import com.tencent.bkrepo.auth.api.ServicePermissionClient import com.tencent.bkrepo.auth.api.ServiceUserClient +import com.tencent.bkrepo.auth.api.cluster.ClusterPermissionClient +import com.tencent.bkrepo.auth.api.cluster.ClusterUserClient import com.tencent.bkrepo.auth.pojo.permission.CheckPermissionRequest +import com.tencent.bkrepo.common.metadata.service.node.NodeService +import com.tencent.bkrepo.common.metadata.service.project.ProjectService +import com.tencent.bkrepo.common.metadata.service.repo.RepositoryService import com.tencent.bkrepo.common.security.http.core.HttpAuthProperties -import com.tencent.bkrepo.common.security.manager.PermissionManager +import com.tencent.bkrepo.common.security.manager.PrincipalManager import com.tencent.bkrepo.common.service.cluster.properties.ClusterProperties import com.tencent.bkrepo.common.service.feign.FeignClientFactory -import com.tencent.bkrepo.repository.api.NodeClient -import com.tencent.bkrepo.repository.api.ProjectClient -import com.tencent.bkrepo.repository.api.RepositoryClient class EdgePermissionManager( - projectClient: ProjectClient, - repositoryClient: RepositoryClient, + projectService: ProjectService, + repositoryService: RepositoryService, permissionResource: ServicePermissionClient, externalPermissionResource: ServiceExternalPermissionClient, userResource: ServiceUserClient, - nodeClient: NodeClient, + nodeService: NodeService, clusterProperties: ClusterProperties, - httpAuthProperties: HttpAuthProperties + httpAuthProperties: HttpAuthProperties, + principalManager: PrincipalManager ) : PermissionManager( - projectClient, - repositoryClient, + projectService, + repositoryService, permissionResource, externalPermissionResource, userResource, - nodeClient, - httpAuthProperties + nodeService, + httpAuthProperties, + principalManager ) { private val centerPermissionClient: ClusterPermissionClient diff --git a/src/backend/common/common-security/src/main/kotlin/com/tencent/bkrepo/common/security/manager/PermissionManager.kt b/src/backend/common/common-metadata/metadata-service/src/main/kotlin/com/tencent/bkrepo/common/metadata/permission/PermissionManager.kt similarity index 92% rename from src/backend/common/common-security/src/main/kotlin/com/tencent/bkrepo/common/security/manager/PermissionManager.kt rename to src/backend/common/common-metadata/metadata-service/src/main/kotlin/com/tencent/bkrepo/common/metadata/permission/PermissionManager.kt index 24eb4ee074..36fef6d4b7 100644 --- a/src/backend/common/common-security/src/main/kotlin/com/tencent/bkrepo/common/security/manager/PermissionManager.kt +++ b/src/backend/common/common-metadata/metadata-service/src/main/kotlin/com/tencent/bkrepo/common/metadata/permission/PermissionManager.kt @@ -29,7 +29,7 @@ * SOFTWARE. */ -package com.tencent.bkrepo.common.security.manager +package com.tencent.bkrepo.common.metadata.permission import com.google.common.cache.CacheBuilder import com.google.common.cache.CacheLoader @@ -48,20 +48,22 @@ import com.tencent.bkrepo.common.api.constant.MediaTypes import com.tencent.bkrepo.common.api.pojo.Response import com.tencent.bkrepo.common.api.util.readJsonString import com.tencent.bkrepo.common.api.util.toJsonString +import com.tencent.bkrepo.common.artifact.api.ArtifactInfo import com.tencent.bkrepo.common.artifact.constant.PIPELINE import com.tencent.bkrepo.common.artifact.exception.NodeNotFoundException import com.tencent.bkrepo.common.artifact.exception.RepoNotFoundException import com.tencent.bkrepo.common.artifact.path.PathUtils +import com.tencent.bkrepo.common.metadata.service.node.NodeService +import com.tencent.bkrepo.common.metadata.service.project.ProjectService +import com.tencent.bkrepo.common.metadata.service.repo.RepositoryService import com.tencent.bkrepo.common.security.exception.AuthenticationException import com.tencent.bkrepo.common.security.exception.PermissionException import com.tencent.bkrepo.common.security.http.core.HttpAuthProperties +import com.tencent.bkrepo.common.security.manager.PrincipalManager import com.tencent.bkrepo.common.security.permission.PrincipalType import com.tencent.bkrepo.common.security.util.SecurityUtils import com.tencent.bkrepo.common.service.util.HttpContextHolder import com.tencent.bkrepo.common.service.util.LocaleMessageUtils -import com.tencent.bkrepo.repository.api.NodeClient -import com.tencent.bkrepo.repository.api.ProjectClient -import com.tencent.bkrepo.repository.api.RepositoryClient import com.tencent.bkrepo.repository.constant.NODE_DETAIL_LIST_KEY import com.tencent.bkrepo.repository.constant.SYSTEM_USER import com.tencent.bkrepo.repository.pojo.node.NodeDetail @@ -81,13 +83,14 @@ import java.util.concurrent.TimeUnit * 权限管理类 */ open class PermissionManager( - private val projectClient: ProjectClient, - private val repositoryClient: RepositoryClient, + private val projectService: ProjectService, + private val repositoryService: RepositoryService, private val permissionResource: ServicePermissionClient, private val externalPermissionResource: ServiceExternalPermissionClient, private val userResource: ServiceUserClient, - private val nodeClient: NodeClient, - private val httpAuthProperties: HttpAuthProperties + private val nodeService: NodeService, + private val httpAuthProperties: HttpAuthProperties, + private val principalManager: PrincipalManager ) { private val httpClient = @@ -202,25 +205,7 @@ open class PermissionManager( * @param principalType 身份类型 */ open fun checkPrincipal(userId: String, principalType: PrincipalType) { - val platformId = SecurityUtils.getPlatformId() - checkAnonymous(userId, platformId) - - if (principalType == PrincipalType.ADMIN) { - if (!isAdminUser(userId)) { - throw PermissionException() - } - } else if (principalType == PrincipalType.PLATFORM) { - if (userId.isEmpty()) { - logger.warn("platform auth with empty userId[$platformId,$userId]") - } - if (platformId == null && !isAdminUser(userId)) { - throw PermissionException() - } - } else if (principalType == PrincipalType.GENERAL) { - if (userId.isEmpty() || userId == ANONYMOUS_USER) { - throw PermissionException() - } - } + principalManager.checkPrincipal(userId, principalType) } /** @@ -286,7 +271,7 @@ open class PermissionManager( */ open fun queryProjectEnabledStatus(projectId: String): Boolean { return try { - projectClient.isProjectEnabled(projectId).data!! + projectService.isProjectEnabled(projectId) } catch (e: Exception) { true } @@ -296,7 +281,7 @@ open class PermissionManager( * 查询仓库信息 */ open fun queryRepositoryInfo(projectId: String, repoName: String): RepositoryInfo { - return repositoryClient.getRepoInfo(projectId, repoName).data ?: throw RepoNotFoundException(repoName) + return repositoryService.getRepoInfo(projectId, repoName) ?: throw RepoNotFoundException(repoName) } private fun serviceRequestCheck(): Boolean { @@ -326,6 +311,7 @@ open class PermissionManager( anonymous: Boolean = false, userId: String = SecurityUtils.getUserId(), ) { + // 判断是否开启认证 if (!httpAuthProperties.enabled) { return @@ -458,9 +444,8 @@ open class PermissionManager( val nodeDetailList = if (repoName.isNullOrBlank() || paths.isNullOrEmpty()) { null } else if (paths.size == 1) { - val node = nodeClient.getNodeDetail(projectId, repoName, paths.first()).data ?: throw NodeNotFoundException( - paths.first() - ) + val node = nodeService.getNodeDetail(ArtifactInfo(projectId, repoName, paths.first())) + ?: throw NodeNotFoundException(paths.first()) listOf(node) } else { queryNodeDetailList(projectId, repoName, paths) @@ -483,8 +468,8 @@ open class PermissionManager( val option = NodeListOption( pageNumber = pageNumber, pageSize = 1000, includeFolder = true, includeMetadata = true, deep = true ) - val records = nodeClient.listNodePage(projectId, repoName, prefix, option).data?.records - if (records.isNullOrEmpty()) { + val records = nodeService.listNodePage(ArtifactInfo(projectId, repoName, prefix), option).records + if (records.isEmpty()) { break } nodeDetailList.addAll(records.filter { paths.contains(it.fullPath) }.map { NodeDetail(it) }) diff --git a/src/backend/common/common-security/src/main/kotlin/com/tencent/bkrepo/common/security/manager/proxy/ProxyPermissionManager.kt b/src/backend/common/common-metadata/metadata-service/src/main/kotlin/com/tencent/bkrepo/common/metadata/permission/ProxyPermissionManager.kt similarity index 84% rename from src/backend/common/common-security/src/main/kotlin/com/tencent/bkrepo/common/security/manager/proxy/ProxyPermissionManager.kt rename to src/backend/common/common-metadata/metadata-service/src/main/kotlin/com/tencent/bkrepo/common/metadata/permission/ProxyPermissionManager.kt index fca7050222..6fcf13bf86 100644 --- a/src/backend/common/common-security/src/main/kotlin/com/tencent/bkrepo/common/security/manager/proxy/ProxyPermissionManager.kt +++ b/src/backend/common/common-metadata/metadata-service/src/main/kotlin/com/tencent/bkrepo/common/metadata/permission/ProxyPermissionManager.kt @@ -25,7 +25,7 @@ * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ -package com.tencent.bkrepo.common.security.manager.proxy +package com.tencent.bkrepo.common.metadata.permission import com.tencent.bkrepo.auth.api.ServiceExternalPermissionClient import com.tencent.bkrepo.auth.api.ServicePermissionClient @@ -35,31 +35,33 @@ import com.tencent.bkrepo.auth.api.proxy.ProxyUserClient import com.tencent.bkrepo.auth.pojo.externalPermission.ExternalPermission import com.tencent.bkrepo.auth.pojo.permission.CheckPermissionRequest import com.tencent.bkrepo.common.artifact.exception.RepoNotFoundException +import com.tencent.bkrepo.common.metadata.service.node.NodeService +import com.tencent.bkrepo.common.metadata.service.project.ProjectService +import com.tencent.bkrepo.common.metadata.service.repo.RepositoryService import com.tencent.bkrepo.common.security.http.core.HttpAuthProperties -import com.tencent.bkrepo.common.security.manager.PermissionManager +import com.tencent.bkrepo.common.security.manager.PrincipalManager import com.tencent.bkrepo.common.service.proxy.ProxyFeignClientFactory -import com.tencent.bkrepo.repository.api.NodeClient -import com.tencent.bkrepo.repository.api.ProjectClient -import com.tencent.bkrepo.repository.api.RepositoryClient import com.tencent.bkrepo.repository.api.proxy.ProxyRepositoryClient import com.tencent.bkrepo.repository.pojo.repo.RepositoryInfo class ProxyPermissionManager( - projectClient: ProjectClient, - repositoryClient: RepositoryClient, + projectService: ProjectService, + repositoryService: RepositoryService, permissionResource: ServicePermissionClient, externalPermissionResource: ServiceExternalPermissionClient, userResource: ServiceUserClient, - nodeClient: NodeClient, - httpAuthProperties: HttpAuthProperties + nodeService: NodeService, + httpAuthProperties: HttpAuthProperties, + principalManager: PrincipalManager ) : PermissionManager( - projectClient, - repositoryClient, + projectService, + repositoryService, permissionResource, externalPermissionResource, userResource, - nodeClient, - httpAuthProperties + nodeService, + httpAuthProperties, + principalManager ) { private val proxyPermissionClient: ProxyPermissionClient by lazy { ProxyFeignClientFactory.create("auth") } diff --git a/src/backend/common/common-metadata/metadata-service/src/main/kotlin/com/tencent/bkrepo/common/metadata/search/common/CommonQueryInterpreter.kt b/src/backend/common/common-metadata/metadata-service/src/main/kotlin/com/tencent/bkrepo/common/metadata/search/common/CommonQueryInterpreter.kt index 19f931f166..d0b5df75ce 100644 --- a/src/backend/common/common-metadata/metadata-service/src/main/kotlin/com/tencent/bkrepo/common/metadata/search/common/CommonQueryInterpreter.kt +++ b/src/backend/common/common-metadata/metadata-service/src/main/kotlin/com/tencent/bkrepo/common/metadata/search/common/CommonQueryInterpreter.kt @@ -28,10 +28,10 @@ package com.tencent.bkrepo.common.metadata.search.common import com.tencent.bkrepo.auth.pojo.enums.PermissionAction +import com.tencent.bkrepo.common.metadata.permission.PermissionManager import com.tencent.bkrepo.common.query.builder.MongoQueryInterpreter import com.tencent.bkrepo.common.query.interceptor.QueryContext import com.tencent.bkrepo.common.query.model.QueryModel -import com.tencent.bkrepo.common.security.manager.PermissionManager open class CommonQueryInterpreter( private val permissionManager: PermissionManager, diff --git a/src/backend/common/common-metadata/metadata-service/src/main/kotlin/com/tencent/bkrepo/common/metadata/search/common/RepoNameRuleInterceptor.kt b/src/backend/common/common-metadata/metadata-service/src/main/kotlin/com/tencent/bkrepo/common/metadata/search/common/RepoNameRuleInterceptor.kt index 4e3572d0f8..91c9ea2000 100644 --- a/src/backend/common/common-metadata/metadata-service/src/main/kotlin/com/tencent/bkrepo/common/metadata/search/common/RepoNameRuleInterceptor.kt +++ b/src/backend/common/common-metadata/metadata-service/src/main/kotlin/com/tencent/bkrepo/common/metadata/search/common/RepoNameRuleInterceptor.kt @@ -36,18 +36,18 @@ import com.tencent.bkrepo.auth.pojo.enums.PermissionAction import com.tencent.bkrepo.common.api.constant.ensureSuffix import com.tencent.bkrepo.common.artifact.exception.RepoNotFoundException import com.tencent.bkrepo.common.artifact.path.PathUtils +import com.tencent.bkrepo.common.metadata.permission.PermissionManager +import com.tencent.bkrepo.common.metadata.service.repo.RepositoryService +import com.tencent.bkrepo.common.metadata.util.NodeQueryHelper.listPermissionPaths import com.tencent.bkrepo.common.metadata.condition.SyncCondition import com.tencent.bkrepo.common.query.enums.OperationType import com.tencent.bkrepo.common.query.interceptor.QueryContext import com.tencent.bkrepo.common.query.interceptor.QueryRuleInterceptor import com.tencent.bkrepo.common.query.model.Rule import com.tencent.bkrepo.common.security.exception.PermissionException -import com.tencent.bkrepo.common.security.manager.PermissionManager import com.tencent.bkrepo.common.security.util.SecurityUtils import com.tencent.bkrepo.repository.pojo.node.NodeInfo import com.tencent.bkrepo.repository.pojo.repo.RepoListOption -import com.tencent.bkrepo.common.metadata.service.repo.RepositoryService -import com.tencent.bkrepo.common.metadata.util.NodeQueryHelper.listPermissionPaths import org.slf4j.LoggerFactory import org.springframework.context.annotation.Conditional import org.springframework.data.mongodb.core.query.Criteria @@ -127,7 +127,7 @@ class RepoNameRuleInterceptor( userId = userId, projectId = projectId, option = RepoListOption() - )?.map { it.name }?.filter { repo -> repo !in (value.map { it.toString() }) } + ).map { it.name }.filter { repo -> repo !in (value.map { it.toString() }) } return buildRule(projectId, repoNameList) } diff --git a/src/backend/common/common-metadata/metadata-service/src/main/kotlin/com/tencent/bkrepo/common/metadata/search/node/NodeModelInterceptor.kt b/src/backend/common/common-metadata/metadata-service/src/main/kotlin/com/tencent/bkrepo/common/metadata/search/node/NodeModelInterceptor.kt index 46e75d4ff7..af8359cf3b 100644 --- a/src/backend/common/common-metadata/metadata-service/src/main/kotlin/com/tencent/bkrepo/common/metadata/search/node/NodeModelInterceptor.kt +++ b/src/backend/common/common-metadata/metadata-service/src/main/kotlin/com/tencent/bkrepo/common/metadata/search/node/NodeModelInterceptor.kt @@ -32,14 +32,14 @@ package com.tencent.bkrepo.common.metadata.search.node import com.tencent.bkrepo.common.api.constant.StringPool +import com.tencent.bkrepo.common.metadata.model.TNode +import com.tencent.bkrepo.common.metadata.permission.PermissionManager import com.tencent.bkrepo.common.query.enums.OperationType import com.tencent.bkrepo.common.query.interceptor.QueryContext import com.tencent.bkrepo.common.query.model.QueryModel import com.tencent.bkrepo.common.query.model.Rule -import com.tencent.bkrepo.common.security.manager.PermissionManager import com.tencent.bkrepo.common.security.permission.PrincipalType import com.tencent.bkrepo.common.security.util.SecurityUtils -import com.tencent.bkrepo.common.metadata.model.TNode import com.tencent.bkrepo.common.metadata.search.common.ModelValidateInterceptor import org.slf4j.LoggerFactory diff --git a/src/backend/common/common-metadata/metadata-service/src/main/kotlin/com/tencent/bkrepo/common/metadata/search/node/NodeQueryInterpreter.kt b/src/backend/common/common-metadata/metadata-service/src/main/kotlin/com/tencent/bkrepo/common/metadata/search/node/NodeQueryInterpreter.kt index 61b46a300e..b0d3e7e8ac 100644 --- a/src/backend/common/common-metadata/metadata-service/src/main/kotlin/com/tencent/bkrepo/common/metadata/search/node/NodeQueryInterpreter.kt +++ b/src/backend/common/common-metadata/metadata-service/src/main/kotlin/com/tencent/bkrepo/common/metadata/search/node/NodeQueryInterpreter.kt @@ -32,9 +32,9 @@ package com.tencent.bkrepo.common.metadata.search.node import com.tencent.bkrepo.common.metadata.condition.SyncCondition +import com.tencent.bkrepo.common.metadata.permission.PermissionManager import com.tencent.bkrepo.common.query.interceptor.QueryContext import com.tencent.bkrepo.common.query.model.QueryModel -import com.tencent.bkrepo.common.security.manager.PermissionManager import com.tencent.bkrepo.common.metadata.search.common.CommonQueryInterpreter import com.tencent.bkrepo.common.metadata.search.common.LocalDatetimeRuleInterceptor import com.tencent.bkrepo.common.metadata.search.common.MetadataRuleInterceptor diff --git a/src/backend/common/common-metadata/metadata-service/src/main/kotlin/com/tencent/bkrepo/common/metadata/search/packages/PackageSearchInterpreter.kt b/src/backend/common/common-metadata/metadata-service/src/main/kotlin/com/tencent/bkrepo/common/metadata/search/packages/PackageSearchInterpreter.kt index 7854b27b74..3e5b213b8e 100644 --- a/src/backend/common/common-metadata/metadata-service/src/main/kotlin/com/tencent/bkrepo/common/metadata/search/packages/PackageSearchInterpreter.kt +++ b/src/backend/common/common-metadata/metadata-service/src/main/kotlin/com/tencent/bkrepo/common/metadata/search/packages/PackageSearchInterpreter.kt @@ -31,9 +31,9 @@ package com.tencent.bkrepo.common.metadata.search.packages +import com.tencent.bkrepo.common.metadata.permission.PermissionManager import com.tencent.bkrepo.common.query.interceptor.QueryContext import com.tencent.bkrepo.common.query.model.QueryModel -import com.tencent.bkrepo.common.security.manager.PermissionManager import com.tencent.bkrepo.common.metadata.search.common.CommonQueryInterpreter import com.tencent.bkrepo.common.metadata.search.common.LocalDatetimeRuleInterceptor import com.tencent.bkrepo.common.metadata.search.common.MetadataRuleInterceptor diff --git a/src/backend/common/common-metadata/metadata-service/src/main/kotlin/com/tencent/bkrepo/common/metadata/service/log/OperateLogConfiguration.kt b/src/backend/common/common-metadata/metadata-service/src/main/kotlin/com/tencent/bkrepo/common/metadata/service/log/OperateLogConfiguration.kt index 42f5a09d16..605934eba1 100644 --- a/src/backend/common/common-metadata/metadata-service/src/main/kotlin/com/tencent/bkrepo/common/metadata/service/log/OperateLogConfiguration.kt +++ b/src/backend/common/common-metadata/metadata-service/src/main/kotlin/com/tencent/bkrepo/common/metadata/service/log/OperateLogConfiguration.kt @@ -11,7 +11,6 @@ import com.tencent.bkrepo.common.metadata.properties.ProjectUsageStatisticsPrope import com.tencent.bkrepo.common.metadata.service.log.impl.CommitEdgeOperateLogServiceImpl import com.tencent.bkrepo.common.metadata.service.log.impl.OperateLogServiceImpl import com.tencent.bkrepo.common.metadata.service.project.ProjectUsageStatisticsService -import com.tencent.bkrepo.common.security.manager.PermissionManager import com.tencent.bkrepo.common.service.cluster.properties.ClusterProperties import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty @@ -31,7 +30,6 @@ class OperateLogConfiguration { fun operateLogService( operateProperties: OperateProperties, operateLogDao: OperateLogDao, - permissionManager: PermissionManager, clusterProperties: ClusterProperties ): OperateLogService { return if (clusterProperties.role == ClusterNodeType.EDGE && diff --git a/src/backend/repository/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository/service/node/PipelineNodeService.kt b/src/backend/common/common-metadata/metadata-service/src/main/kotlin/com/tencent/bkrepo/common/metadata/service/node/PipelineNodeService.kt similarity index 97% rename from src/backend/repository/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository/service/node/PipelineNodeService.kt rename to src/backend/common/common-metadata/metadata-service/src/main/kotlin/com/tencent/bkrepo/common/metadata/service/node/PipelineNodeService.kt index 54ae16fefb..1d67cf8ed7 100644 --- a/src/backend/repository/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository/service/node/PipelineNodeService.kt +++ b/src/backend/common/common-metadata/metadata-service/src/main/kotlin/com/tencent/bkrepo/common/metadata/service/node/PipelineNodeService.kt @@ -25,7 +25,7 @@ * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ -package com.tencent.bkrepo.repository.service.node +package com.tencent.bkrepo.common.metadata.service.node import com.tencent.bkrepo.common.artifact.constant.PIPELINE import com.tencent.bkrepo.repository.pojo.node.NodeInfo diff --git a/src/backend/repository/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository/service/node/impl/PipelineNodeServiceImpl.kt b/src/backend/common/common-metadata/metadata-service/src/main/kotlin/com/tencent/bkrepo/common/metadata/service/node/impl/PipelineNodeServiceImpl.kt similarity index 95% rename from src/backend/repository/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository/service/node/impl/PipelineNodeServiceImpl.kt rename to src/backend/common/common-metadata/metadata-service/src/main/kotlin/com/tencent/bkrepo/common/metadata/service/node/impl/PipelineNodeServiceImpl.kt index 39f7d818b2..d988179197 100644 --- a/src/backend/repository/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository/service/node/impl/PipelineNodeServiceImpl.kt +++ b/src/backend/common/common-metadata/metadata-service/src/main/kotlin/com/tencent/bkrepo/common/metadata/service/node/impl/PipelineNodeServiceImpl.kt @@ -25,7 +25,7 @@ * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ -package com.tencent.bkrepo.repository.service.node.impl +package com.tencent.bkrepo.common.metadata.service.node.impl import com.tencent.bkrepo.auth.api.ServicePipelineClient import com.tencent.bkrepo.common.artifact.api.DefaultArtifactInfo @@ -33,7 +33,7 @@ import com.tencent.bkrepo.common.artifact.path.PathUtils import com.tencent.bkrepo.repository.pojo.node.NodeInfo import com.tencent.bkrepo.repository.pojo.node.NodeListOption import com.tencent.bkrepo.common.metadata.service.node.NodeService -import com.tencent.bkrepo.repository.service.node.PipelineNodeService +import com.tencent.bkrepo.common.metadata.service.node.PipelineNodeService import org.springframework.stereotype.Service @Service diff --git a/src/backend/common/common-security/src/main/kotlin/com/tencent/bkrepo/common/security/SecurityAutoConfiguration.kt b/src/backend/common/common-security/src/main/kotlin/com/tencent/bkrepo/common/security/SecurityAutoConfiguration.kt index c666134bca..2f5bd0c80b 100644 --- a/src/backend/common/common-security/src/main/kotlin/com/tencent/bkrepo/common/security/SecurityAutoConfiguration.kt +++ b/src/backend/common/common-security/src/main/kotlin/com/tencent/bkrepo/common/security/SecurityAutoConfiguration.kt @@ -31,31 +31,19 @@ package com.tencent.bkrepo.common.security -import com.tencent.bkrepo.auth.api.ServiceExternalPermissionClient -import com.tencent.bkrepo.auth.api.ServicePermissionClient -import com.tencent.bkrepo.auth.api.ServiceUserClient -import com.tencent.bkrepo.common.api.pojo.ClusterArchitecture -import com.tencent.bkrepo.common.api.pojo.ClusterNodeType import com.tencent.bkrepo.common.security.actuator.ActuatorAuthConfiguration import com.tencent.bkrepo.common.security.crypto.CryptoConfiguration import com.tencent.bkrepo.common.security.exception.SecurityExceptionHandler import com.tencent.bkrepo.common.security.http.HttpAuthConfiguration -import com.tencent.bkrepo.common.security.http.core.HttpAuthProperties import com.tencent.bkrepo.common.security.interceptor.devx.DevXAccessInterceptor import com.tencent.bkrepo.common.security.interceptor.devx.DevXProperties import com.tencent.bkrepo.common.security.manager.AuthenticationManager -import com.tencent.bkrepo.common.security.manager.PermissionManager +import com.tencent.bkrepo.common.security.manager.PrincipalManager import com.tencent.bkrepo.common.security.manager.ci.CIPermissionManager import com.tencent.bkrepo.common.security.manager.ci.CIPermissionProperties -import com.tencent.bkrepo.common.security.manager.edge.EdgePermissionManager -import com.tencent.bkrepo.common.security.manager.proxy.ProxyPermissionManager import com.tencent.bkrepo.common.security.permission.PermissionConfiguration import com.tencent.bkrepo.common.security.proxy.ProxyAuthConfiguration import com.tencent.bkrepo.common.security.service.ServiceAuthConfiguration -import com.tencent.bkrepo.common.service.cluster.properties.ClusterProperties -import com.tencent.bkrepo.repository.api.NodeClient -import com.tencent.bkrepo.repository.api.ProjectClient -import com.tencent.bkrepo.repository.api.RepositoryClient import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication @@ -66,7 +54,6 @@ import org.springframework.context.annotation.Import import org.springframework.web.servlet.config.annotation.InterceptorRegistry import org.springframework.web.servlet.config.annotation.WebMvcConfigurer -@Suppress("SpringJavaInjectionPointsAutowiringInspection") @Configuration @ConditionalOnWebApplication @Import( @@ -78,50 +65,12 @@ import org.springframework.web.servlet.config.annotation.WebMvcConfigurer ActuatorAuthConfiguration::class, CryptoConfiguration::class, AuthenticationManager::class, - CIPermissionManager::class + CIPermissionManager::class, + PrincipalManager::class ) @EnableConfigurationProperties(DevXProperties::class, CIPermissionProperties::class) class SecurityAutoConfiguration { - @Bean - @Suppress("LongParameterList") - fun permissionManager( - projectClient: ProjectClient, - repositoryClient: RepositoryClient, - permissionResource: ServicePermissionClient, - externalPermissionResource: ServiceExternalPermissionClient, - userResource: ServiceUserClient, - nodeClient: NodeClient, - clusterProperties: ClusterProperties, - httpAuthProperties: HttpAuthProperties - ): PermissionManager { - return if (clusterProperties.role == ClusterNodeType.EDGE - && clusterProperties.architecture == ClusterArchitecture.COMMIT_EDGE - && clusterProperties.commitEdge.auth.center - ) { - EdgePermissionManager( - projectClient = projectClient, - repositoryClient = repositoryClient, - permissionResource = permissionResource, - externalPermissionResource = externalPermissionResource, - userResource = userResource, - nodeClient = nodeClient, - clusterProperties = clusterProperties, - httpAuthProperties = httpAuthProperties - ) - } else { - PermissionManager( - projectClient = projectClient, - repositoryClient = repositoryClient, - permissionResource = permissionResource, - externalPermissionResource = externalPermissionResource, - userResource = userResource, - nodeClient = nodeClient, - httpAuthProperties = httpAuthProperties - ) - } - } - @Bean @ConditionalOnProperty(value = ["devx.enabled"]) fun devXAccessInterceptorConfigure( @@ -151,26 +100,4 @@ class SecurityAutoConfiguration { fun devXAccessInterceptor(properties: DevXProperties): DevXAccessInterceptor { return DevXAccessInterceptor(properties) } - - @Bean - @ConditionalOnMissingBean - fun proxyPermissionManager( - projectClient: ProjectClient, - repositoryClient: RepositoryClient, - permissionResource: ServicePermissionClient, - externalPermissionResource: ServiceExternalPermissionClient, - userResource: ServiceUserClient, - nodeClient: NodeClient, - httpAuthProperties: HttpAuthProperties - ): ProxyPermissionManager { - return ProxyPermissionManager( - projectClient = projectClient, - repositoryClient = repositoryClient, - permissionResource = permissionResource, - externalPermissionResource = externalPermissionResource, - userResource = userResource, - nodeClient = nodeClient, - httpAuthProperties = httpAuthProperties - ) - } } diff --git a/src/backend/common/common-security/src/main/kotlin/com/tencent/bkrepo/common/security/actuator/ActuatorAuthConfiguration.kt b/src/backend/common/common-security/src/main/kotlin/com/tencent/bkrepo/common/security/actuator/ActuatorAuthConfiguration.kt index 1d98929cac..6c3e205c20 100644 --- a/src/backend/common/common-security/src/main/kotlin/com/tencent/bkrepo/common/security/actuator/ActuatorAuthConfiguration.kt +++ b/src/backend/common/common-security/src/main/kotlin/com/tencent/bkrepo/common/security/actuator/ActuatorAuthConfiguration.kt @@ -32,7 +32,7 @@ package com.tencent.bkrepo.common.security.actuator import com.tencent.bkrepo.common.security.manager.AuthenticationManager -import com.tencent.bkrepo.common.security.manager.PermissionManager +import com.tencent.bkrepo.common.security.manager.PrincipalManager import org.springframework.boot.actuate.autoconfigure.endpoint.web.CorsEndpointProperties import org.springframework.boot.actuate.autoconfigure.endpoint.web.WebEndpointProperties import org.springframework.boot.actuate.autoconfigure.web.server.ManagementPortType @@ -47,7 +47,6 @@ import org.springframework.boot.actuate.endpoint.web.servlet.WebMvcEndpointHandl import org.springframework.context.annotation.Bean import org.springframework.context.annotation.Configuration import org.springframework.core.env.Environment -import java.util.ArrayList @Configuration class ActuatorAuthConfiguration { @@ -83,8 +82,8 @@ class ActuatorAuthConfiguration { @Bean fun actuatorAuthInterceptor( authenticationManager: AuthenticationManager, - permissionManager: PermissionManager + principalManager: PrincipalManager ): ActuatorAuthInterceptor { - return ActuatorAuthInterceptor(authenticationManager, permissionManager) + return ActuatorAuthInterceptor(authenticationManager, principalManager) } } diff --git a/src/backend/common/common-security/src/main/kotlin/com/tencent/bkrepo/common/security/actuator/ActuatorAuthInterceptor.kt b/src/backend/common/common-security/src/main/kotlin/com/tencent/bkrepo/common/security/actuator/ActuatorAuthInterceptor.kt index 21eb1f65c6..2f2b333646 100644 --- a/src/backend/common/common-security/src/main/kotlin/com/tencent/bkrepo/common/security/actuator/ActuatorAuthInterceptor.kt +++ b/src/backend/common/common-security/src/main/kotlin/com/tencent/bkrepo/common/security/actuator/ActuatorAuthInterceptor.kt @@ -37,7 +37,7 @@ import com.tencent.bkrepo.common.api.constant.StringPool import com.tencent.bkrepo.common.security.exception.AuthenticationException import com.tencent.bkrepo.common.security.exception.PermissionException import com.tencent.bkrepo.common.security.manager.AuthenticationManager -import com.tencent.bkrepo.common.security.manager.PermissionManager +import com.tencent.bkrepo.common.security.manager.PrincipalManager import com.tencent.bkrepo.common.security.permission.PrincipalType import org.springframework.util.AntPathMatcher import org.springframework.web.servlet.handler.HandlerInterceptorAdapter @@ -47,7 +47,7 @@ import javax.servlet.http.HttpServletResponse class ActuatorAuthInterceptor( private val authenticationManager: AuthenticationManager, - private val permissionManager: PermissionManager + private val principalManager: PrincipalManager ) : HandlerInterceptorAdapter() { private val antPathMatcher = AntPathMatcher() @@ -65,7 +65,7 @@ class ActuatorAuthInterceptor( val parts = decodedHeader.split(StringPool.COLON) require(parts.size >= 2) val userId = authenticationManager.checkUserAccount(parts[0], parts[1]) - permissionManager.checkPrincipal(userId, PrincipalType.ADMIN) + principalManager.checkPrincipal(userId, PrincipalType.ADMIN) return true } catch (exception: AuthenticationException) { throw exception diff --git a/src/backend/common/common-security/src/main/kotlin/com/tencent/bkrepo/common/security/manager/PrincipalManager.kt b/src/backend/common/common-security/src/main/kotlin/com/tencent/bkrepo/common/security/manager/PrincipalManager.kt new file mode 100644 index 0000000000..db33a6a926 --- /dev/null +++ b/src/backend/common/common-security/src/main/kotlin/com/tencent/bkrepo/common/security/manager/PrincipalManager.kt @@ -0,0 +1,54 @@ +package com.tencent.bkrepo.common.security.manager + +import com.tencent.bkrepo.auth.api.ServiceUserClient +import com.tencent.bkrepo.common.api.constant.ANONYMOUS_USER +import com.tencent.bkrepo.common.security.exception.AuthenticationException +import com.tencent.bkrepo.common.security.exception.PermissionException +import com.tencent.bkrepo.common.security.permission.PrincipalType +import com.tencent.bkrepo.common.security.util.SecurityUtils +import org.slf4j.LoggerFactory + +class PrincipalManager( + private val serviceUserClient: ServiceUserClient +) { + + fun checkPrincipal(userId: String, principalType: PrincipalType) { + val platformId = SecurityUtils.getPlatformId() + checkAnonymous(userId, platformId) + + if (principalType == PrincipalType.ADMIN) { + if (!isAdminUser(userId)) { + throw PermissionException() + } + } else if (principalType == PrincipalType.PLATFORM) { + if (userId.isEmpty()) { + logger.warn("platform auth with empty userId[$platformId,$userId]") + } + if (platformId == null && !isAdminUser(userId)) { + throw PermissionException() + } + } else if (principalType == PrincipalType.GENERAL) { + if (userId.isEmpty() || userId == ANONYMOUS_USER) { + throw PermissionException() + } + } + } + + /** + * 检查是否为匿名用户,如果是匿名用户则返回401并提示登录 + */ + private fun checkAnonymous(userId: String, platformId: String?) { + if (userId == ANONYMOUS_USER && platformId == null) { + throw AuthenticationException() + } + } + + private fun isAdminUser(userId: String): Boolean { + return serviceUserClient.userInfoById(userId).data?.admin == true + } + + companion object { + private val logger = LoggerFactory.getLogger(PrincipalManager::class.java) + } + +} diff --git a/src/backend/common/common-security/src/main/kotlin/com/tencent/bkrepo/common/security/permission/DefaultPermissionCheckHandler.kt b/src/backend/common/common-security/src/main/kotlin/com/tencent/bkrepo/common/security/permission/DefaultPermissionCheckHandler.kt index 18d45b3802..2d389a89be 100644 --- a/src/backend/common/common-security/src/main/kotlin/com/tencent/bkrepo/common/security/permission/DefaultPermissionCheckHandler.kt +++ b/src/backend/common/common-security/src/main/kotlin/com/tencent/bkrepo/common/security/permission/DefaultPermissionCheckHandler.kt @@ -31,13 +31,13 @@ package com.tencent.bkrepo.common.security.permission -import com.tencent.bkrepo.common.security.manager.PermissionManager +import com.tencent.bkrepo.common.security.manager.PrincipalManager open class DefaultPermissionCheckHandler( - private val permissionManager: PermissionManager + private val principalManager: PrincipalManager ) : PermissionCheckHandler { override fun onPrincipalCheck(userId: String, principal: Principal) { - permissionManager.checkPrincipal(userId, principal.type) + principalManager.checkPrincipal(userId, principal.type) } } diff --git a/src/backend/common/common-security/src/main/kotlin/com/tencent/bkrepo/common/security/permission/PermissionConfiguration.kt b/src/backend/common/common-security/src/main/kotlin/com/tencent/bkrepo/common/security/permission/PermissionConfiguration.kt index 7fce064139..7960acc49b 100644 --- a/src/backend/common/common-security/src/main/kotlin/com/tencent/bkrepo/common/security/permission/PermissionConfiguration.kt +++ b/src/backend/common/common-security/src/main/kotlin/com/tencent/bkrepo/common/security/permission/PermissionConfiguration.kt @@ -31,7 +31,7 @@ package com.tencent.bkrepo.common.security.permission -import com.tencent.bkrepo.common.security.manager.PermissionManager +import com.tencent.bkrepo.common.security.manager.PrincipalManager import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean import org.springframework.context.annotation.Bean import org.springframework.context.annotation.Configuration @@ -46,7 +46,7 @@ class PermissionConfiguration { @Bean @ConditionalOnMissingBean - fun permissionCheckHandler(permissionManager: PermissionManager): PermissionCheckHandler { - return DefaultPermissionCheckHandler(permissionManager) + fun permissionCheckHandler(principalManager: PrincipalManager): PermissionCheckHandler { + return DefaultPermissionCheckHandler(principalManager) } } diff --git a/src/backend/ddc/biz-ddc/src/main/kotlin/com/tencent/bkrepo/ddc/component/PermissionHelper.kt b/src/backend/ddc/biz-ddc/src/main/kotlin/com/tencent/bkrepo/ddc/component/PermissionHelper.kt index d8fc27d7f8..27921e9e25 100644 --- a/src/backend/ddc/biz-ddc/src/main/kotlin/com/tencent/bkrepo/ddc/component/PermissionHelper.kt +++ b/src/backend/ddc/biz-ddc/src/main/kotlin/com/tencent/bkrepo/ddc/component/PermissionHelper.kt @@ -29,7 +29,7 @@ package com.tencent.bkrepo.ddc.component import com.tencent.bkrepo.auth.pojo.enums.PermissionAction import com.tencent.bkrepo.common.artifact.repository.context.ArtifactContextHolder -import com.tencent.bkrepo.common.security.manager.PermissionManager +import com.tencent.bkrepo.common.metadata.permission.PermissionManager import com.tencent.bkrepo.ddc.utils.DdcUtils.DIR_BLOBS import org.springframework.stereotype.Component diff --git a/src/backend/generic/biz-generic/src/main/kotlin/com/tencent/bkrepo/generic/artifact/GenericLocalRepository.kt b/src/backend/generic/biz-generic/src/main/kotlin/com/tencent/bkrepo/generic/artifact/GenericLocalRepository.kt index f0a7d3c4f0..f63fb0a8da 100644 --- a/src/backend/generic/biz-generic/src/main/kotlin/com/tencent/bkrepo/generic/artifact/GenericLocalRepository.kt +++ b/src/backend/generic/biz-generic/src/main/kotlin/com/tencent/bkrepo/generic/artifact/GenericLocalRepository.kt @@ -65,6 +65,7 @@ import com.tencent.bkrepo.common.artifact.stream.EmptyInputStream import com.tencent.bkrepo.common.artifact.stream.Range import com.tencent.bkrepo.common.artifact.util.chunked.ChunkedUploadUtils import com.tencent.bkrepo.common.artifact.util.http.HttpRangeUtils +import com.tencent.bkrepo.common.metadata.service.node.PipelineNodeService import com.tencent.bkrepo.common.query.model.Rule import com.tencent.bkrepo.common.security.manager.ci.CIPermissionManager import com.tencent.bkrepo.common.security.manager.ci.CIPermissionManager.Companion.METADATA_BUILD_ID @@ -110,7 +111,6 @@ import com.tencent.bkrepo.replication.pojo.task.objects.ReplicaObjectInfo import com.tencent.bkrepo.replication.pojo.task.request.ReplicaTaskCreateRequest import com.tencent.bkrepo.replication.pojo.task.setting.ConflictStrategy import com.tencent.bkrepo.replication.pojo.task.setting.ReplicaSetting -import com.tencent.bkrepo.repository.api.PipelineNodeClient import com.tencent.bkrepo.repository.constant.NODE_DETAIL_LIST_KEY import com.tencent.bkrepo.repository.pojo.metadata.MetadataModel import com.tencent.bkrepo.repository.pojo.node.NodeDetail @@ -135,7 +135,7 @@ import kotlin.reflect.full.memberProperties class GenericLocalRepository( private val replicaTaskClient: ReplicaTaskClient, private val clusterNodeClient: ClusterNodeClient, - private val pipelineNodeClient: PipelineNodeClient, + private val pipelineNodeService: PipelineNodeService, private val ciPermissionManager: CIPermissionManager ) : LocalRepository() { @@ -632,7 +632,7 @@ class GenericLocalRepository( return if (isSearchPipelineRoot) { // 仅在查询流水线仓库第一页时返回用户有权限的流水线目录 if (queryModel.page.pageNumber == DEFAULT_PAGE_NUMBER) { - pipelineNodeClient.listPipeline(context.projectId, context.repoName).data!!.map { node -> + pipelineNodeService.listPipeline(context.projectId, context.repoName).map { node -> val nodePropMap = LinkedHashMap() NodeInfo::class.memberProperties .filter { it.name != NodeInfo::deleted.name } @@ -734,7 +734,7 @@ class GenericLocalRepository( val headerNames = request.headerNames for (headerName in headerNames) { if (headerName.startsWith(BKREPO_META_PREFIX, true)) { - val key = headerName.substring(BKREPO_META_PREFIX.length).trim().toLowerCase() + val key = headerName.substring(BKREPO_META_PREFIX.length).trim().lowercase(Locale.getDefault()) if (key.isNotBlank()) { metadata[key] = HeaderUtils.getUrlDecodedHeader(headerName)!! } diff --git a/src/backend/generic/biz-generic/src/main/kotlin/com/tencent/bkrepo/generic/controller/GenericController.kt b/src/backend/generic/biz-generic/src/main/kotlin/com/tencent/bkrepo/generic/controller/GenericController.kt index e24bc6f9f4..759a38e866 100644 --- a/src/backend/generic/biz-generic/src/main/kotlin/com/tencent/bkrepo/generic/controller/GenericController.kt +++ b/src/backend/generic/biz-generic/src/main/kotlin/com/tencent/bkrepo/generic/controller/GenericController.kt @@ -45,9 +45,9 @@ import com.tencent.bkrepo.common.artifact.constant.ARTIFACT_INFO_KEY import com.tencent.bkrepo.common.artifact.message.ArtifactMessageCode import com.tencent.bkrepo.common.artifact.router.Router import com.tencent.bkrepo.common.artifact.util.PipelineRepoUtils +import com.tencent.bkrepo.common.metadata.permission.PermissionManager import com.tencent.bkrepo.common.mongo.dao.util.Pages import com.tencent.bkrepo.common.query.model.QueryModel -import com.tencent.bkrepo.common.security.manager.PermissionManager import com.tencent.bkrepo.common.security.permission.Permission import com.tencent.bkrepo.common.service.util.HttpContextHolder import com.tencent.bkrepo.common.service.util.ResponseBuilder diff --git a/src/backend/generic/biz-generic/src/main/kotlin/com/tencent/bkrepo/generic/controller/TemporaryAccessController.kt b/src/backend/generic/biz-generic/src/main/kotlin/com/tencent/bkrepo/generic/controller/TemporaryAccessController.kt index f74e13c4b8..14d442c05a 100644 --- a/src/backend/generic/biz-generic/src/main/kotlin/com/tencent/bkrepo/generic/controller/TemporaryAccessController.kt +++ b/src/backend/generic/biz-generic/src/main/kotlin/com/tencent/bkrepo/generic/controller/TemporaryAccessController.kt @@ -38,7 +38,7 @@ import com.tencent.bkrepo.common.artifact.api.ArtifactFile import com.tencent.bkrepo.common.artifact.api.ArtifactPathVariable import com.tencent.bkrepo.common.artifact.metrics.ChunkArtifactTransferMetrics import com.tencent.bkrepo.common.artifact.router.Router -import com.tencent.bkrepo.common.security.manager.PermissionManager +import com.tencent.bkrepo.common.metadata.permission.PermissionManager import com.tencent.bkrepo.common.security.permission.Principal import com.tencent.bkrepo.common.security.permission.PrincipalType import com.tencent.bkrepo.common.service.util.HttpContextHolder diff --git a/src/backend/generic/biz-generic/src/main/kotlin/com/tencent/bkrepo/generic/service/ProxyService.kt b/src/backend/generic/biz-generic/src/main/kotlin/com/tencent/bkrepo/generic/service/ProxyService.kt index e04c804811..8efa909f40 100644 --- a/src/backend/generic/biz-generic/src/main/kotlin/com/tencent/bkrepo/generic/service/ProxyService.kt +++ b/src/backend/generic/biz-generic/src/main/kotlin/com/tencent/bkrepo/generic/service/ProxyService.kt @@ -45,7 +45,7 @@ import com.tencent.bkrepo.common.artifact.stream.ArtifactInputStream import com.tencent.bkrepo.common.artifact.stream.Range import com.tencent.bkrepo.common.artifact.stream.bound import com.tencent.bkrepo.common.artifact.util.http.HttpRangeUtils -import com.tencent.bkrepo.common.security.manager.PermissionManager +import com.tencent.bkrepo.common.metadata.permission.PermissionManager import com.tencent.bkrepo.common.security.util.AESUtils import com.tencent.bkrepo.common.security.util.SecurityUtils import com.tencent.bkrepo.common.service.cluster.properties.ClusterProperties diff --git a/src/backend/generic/biz-generic/src/main/kotlin/com/tencent/bkrepo/generic/service/TemporaryAccessService.kt b/src/backend/generic/biz-generic/src/main/kotlin/com/tencent/bkrepo/generic/service/TemporaryAccessService.kt index 61221071e2..f9fea00d69 100644 --- a/src/backend/generic/biz-generic/src/main/kotlin/com/tencent/bkrepo/generic/service/TemporaryAccessService.kt +++ b/src/backend/generic/biz-generic/src/main/kotlin/com/tencent/bkrepo/generic/service/TemporaryAccessService.kt @@ -61,7 +61,7 @@ import com.tencent.bkrepo.common.artifact.repository.context.ArtifactContextHold import com.tencent.bkrepo.common.artifact.repository.context.ArtifactDownloadContext import com.tencent.bkrepo.common.artifact.repository.context.ArtifactUploadContext import com.tencent.bkrepo.common.metadata.service.repo.RepositoryService -import com.tencent.bkrepo.common.security.manager.PermissionManager +import com.tencent.bkrepo.common.metadata.permission.PermissionManager import com.tencent.bkrepo.common.security.util.SecurityUtils import com.tencent.bkrepo.common.service.util.HeaderUtils import com.tencent.bkrepo.common.service.util.HttpContextHolder diff --git a/src/backend/helm/biz-helm/src/main/kotlin/com/tencent/bkrepo/helm/service/impl/HelmOperationService.kt b/src/backend/helm/biz-helm/src/main/kotlin/com/tencent/bkrepo/helm/service/impl/HelmOperationService.kt index 6a8b373bb8..4c8e96d666 100644 --- a/src/backend/helm/biz-helm/src/main/kotlin/com/tencent/bkrepo/helm/service/impl/HelmOperationService.kt +++ b/src/backend/helm/biz-helm/src/main/kotlin/com/tencent/bkrepo/helm/service/impl/HelmOperationService.kt @@ -37,7 +37,7 @@ import com.tencent.bkrepo.common.artifact.repository.context.ArtifactContextHold import com.tencent.bkrepo.common.artifact.repository.context.ArtifactRemoveContext import com.tencent.bkrepo.common.artifact.resolve.response.ArtifactChannel import com.tencent.bkrepo.common.artifact.util.PackageKeys -import com.tencent.bkrepo.common.security.manager.PermissionManager +import com.tencent.bkrepo.common.metadata.permission.PermissionManager import com.tencent.bkrepo.common.security.util.SecurityUtils import com.tencent.bkrepo.helm.config.HelmProperties import com.tencent.bkrepo.helm.exception.HelmFileNotFoundException diff --git a/src/backend/job/biz-job/src/test/kotlin/com/tencent/bkrepo/job/batch/task/storage/StorageReconcileJobTest.kt b/src/backend/job/biz-job/src/test/kotlin/com/tencent/bkrepo/job/batch/task/storage/StorageReconcileJobTest.kt index 84e4a05b8d..702a66d195 100644 --- a/src/backend/job/biz-job/src/test/kotlin/com/tencent/bkrepo/job/batch/task/storage/StorageReconcileJobTest.kt +++ b/src/backend/job/biz-job/src/test/kotlin/com/tencent/bkrepo/job/batch/task/storage/StorageReconcileJobTest.kt @@ -16,7 +16,6 @@ import com.tencent.bkrepo.common.stream.event.supplier.MessageSupplier import com.tencent.bkrepo.job.batch.JobBaseTest import com.tencent.bkrepo.job.batch.utils.NodeCommonUtils import com.tencent.bkrepo.job.migrate.MigrateRepoStorageService -import com.tencent.bkrepo.repository.api.RepositoryClient import com.tencent.bkrepo.router.api.RouterControllerClient import org.junit.jupiter.api.AfterEach import org.junit.jupiter.api.Assertions @@ -64,9 +63,6 @@ class StorageReconcileJobTest @Autowired constructor( @MockBean lateinit var fileReferenceService: FileReferenceService - @MockBean - lateinit var repositoryClient: RepositoryClient - @MockBean lateinit var operateLogService: OperateLogService diff --git a/src/backend/lfs/biz-lfs/src/main/kotlin/com/tencent/bkrepo/lfs/service/ObjectService.kt b/src/backend/lfs/biz-lfs/src/main/kotlin/com/tencent/bkrepo/lfs/service/ObjectService.kt index 121dc72d91..d3ff332fe1 100644 --- a/src/backend/lfs/biz-lfs/src/main/kotlin/com/tencent/bkrepo/lfs/service/ObjectService.kt +++ b/src/backend/lfs/biz-lfs/src/main/kotlin/com/tencent/bkrepo/lfs/service/ObjectService.kt @@ -51,7 +51,7 @@ import com.tencent.bkrepo.common.artifact.repository.context.ArtifactUploadConte import com.tencent.bkrepo.common.artifact.repository.core.ArtifactService import com.tencent.bkrepo.common.metadata.service.node.NodeService import com.tencent.bkrepo.common.metadata.service.repo.RepositoryService -import com.tencent.bkrepo.common.security.manager.PermissionManager +import com.tencent.bkrepo.common.metadata.permission.PermissionManager import com.tencent.bkrepo.common.security.util.SecurityUtils import com.tencent.bkrepo.common.service.util.HeaderUtils import com.tencent.bkrepo.common.service.util.HttpContextHolder diff --git a/src/backend/media/biz-media/src/main/kotlin/com/tencent/bkrepo/media/controller/UserStreamController.kt b/src/backend/media/biz-media/src/main/kotlin/com/tencent/bkrepo/media/controller/UserStreamController.kt index bd93064c6e..48bdb5ab48 100644 --- a/src/backend/media/biz-media/src/main/kotlin/com/tencent/bkrepo/media/controller/UserStreamController.kt +++ b/src/backend/media/biz-media/src/main/kotlin/com/tencent/bkrepo/media/controller/UserStreamController.kt @@ -4,7 +4,7 @@ import com.tencent.bkrepo.auth.pojo.enums.PermissionAction import com.tencent.bkrepo.auth.pojo.enums.ResourceType import com.tencent.bkrepo.common.api.pojo.Response import com.tencent.bkrepo.common.artifact.api.ArtifactPathVariable -import com.tencent.bkrepo.common.security.manager.PermissionManager +import com.tencent.bkrepo.common.metadata.permission.PermissionManager import com.tencent.bkrepo.common.security.permission.Permission import com.tencent.bkrepo.common.service.util.ResponseBuilder import com.tencent.bkrepo.media.artifact.MediaArtifactInfo diff --git a/src/backend/media/biz-media/src/main/kotlin/com/tencent/bkrepo/media/service/TokenService.kt b/src/backend/media/biz-media/src/main/kotlin/com/tencent/bkrepo/media/service/TokenService.kt index 6d58a9daf8..a35226c8d6 100644 --- a/src/backend/media/biz-media/src/main/kotlin/com/tencent/bkrepo/media/service/TokenService.kt +++ b/src/backend/media/biz-media/src/main/kotlin/com/tencent/bkrepo/media/service/TokenService.kt @@ -11,7 +11,7 @@ import com.tencent.bkrepo.common.api.exception.ErrorCodeException import com.tencent.bkrepo.common.artifact.api.ArtifactInfo import com.tencent.bkrepo.common.artifact.message.ArtifactMessageCode import com.tencent.bkrepo.common.artifact.path.PathUtils -import com.tencent.bkrepo.common.security.manager.PermissionManager +import com.tencent.bkrepo.common.metadata.permission.PermissionManager import com.tencent.bkrepo.common.security.util.SecurityUtils import com.tencent.bkrepo.common.service.util.HttpContextHolder import org.springframework.stereotype.Service diff --git a/src/backend/oci/biz-oci/src/main/kotlin/com/tencent/bkrepo/oci/service/impl/OciBlobServiceImpl.kt b/src/backend/oci/biz-oci/src/main/kotlin/com/tencent/bkrepo/oci/service/impl/OciBlobServiceImpl.kt index 1a0ca90e21..a10ebc551b 100644 --- a/src/backend/oci/biz-oci/src/main/kotlin/com/tencent/bkrepo/oci/service/impl/OciBlobServiceImpl.kt +++ b/src/backend/oci/biz-oci/src/main/kotlin/com/tencent/bkrepo/oci/service/impl/OciBlobServiceImpl.kt @@ -43,7 +43,7 @@ import com.tencent.bkrepo.common.artifact.repository.context.ArtifactRemoveConte import com.tencent.bkrepo.common.artifact.repository.context.ArtifactUploadContext import com.tencent.bkrepo.common.metadata.service.node.NodeService import com.tencent.bkrepo.common.metadata.service.repo.RepositoryService -import com.tencent.bkrepo.common.security.manager.PermissionManager +import com.tencent.bkrepo.common.metadata.permission.PermissionManager import com.tencent.bkrepo.common.service.util.HttpContextHolder import com.tencent.bkrepo.common.storage.core.StorageService import com.tencent.bkrepo.oci.constant.BLOB_PATH_VERSION_KEY diff --git a/src/backend/opdata/biz-opdata/src/main/kotlin/com/tencent/bkrepo/opdata/controller/FsClientController.kt b/src/backend/opdata/biz-opdata/src/main/kotlin/com/tencent/bkrepo/opdata/controller/FsClientController.kt index e3cb5d40a8..c85266499a 100644 --- a/src/backend/opdata/biz-opdata/src/main/kotlin/com/tencent/bkrepo/opdata/controller/FsClientController.kt +++ b/src/backend/opdata/biz-opdata/src/main/kotlin/com/tencent/bkrepo/opdata/controller/FsClientController.kt @@ -34,7 +34,7 @@ package com.tencent.bkrepo.opdata.controller import com.tencent.bkrepo.auth.pojo.enums.PermissionAction import com.tencent.bkrepo.common.api.pojo.Page import com.tencent.bkrepo.common.api.pojo.Response -import com.tencent.bkrepo.common.security.manager.PermissionManager +import com.tencent.bkrepo.common.metadata.permission.PermissionManager import com.tencent.bkrepo.common.security.permission.PrincipalType import com.tencent.bkrepo.common.security.util.SecurityUtils import com.tencent.bkrepo.fs.server.api.FsClientClient diff --git a/src/backend/opdata/biz-opdata/src/main/kotlin/com/tencent/bkrepo/opdata/controller/ProjectController.kt b/src/backend/opdata/biz-opdata/src/main/kotlin/com/tencent/bkrepo/opdata/controller/ProjectController.kt index 2e3554c824..7682e00ac4 100644 --- a/src/backend/opdata/biz-opdata/src/main/kotlin/com/tencent/bkrepo/opdata/controller/ProjectController.kt +++ b/src/backend/opdata/biz-opdata/src/main/kotlin/com/tencent/bkrepo/opdata/controller/ProjectController.kt @@ -30,10 +30,10 @@ package com.tencent.bkrepo.opdata.controller import com.tencent.bkrepo.auth.pojo.enums.PermissionAction import com.tencent.bkrepo.common.api.pojo.Page import com.tencent.bkrepo.common.api.pojo.Response -import com.tencent.bkrepo.common.metadata.service.project.ProjectUsageStatisticsService +import com.tencent.bkrepo.common.metadata.permission.PermissionManager import com.tencent.bkrepo.common.metadata.pojo.project.ProjectUsageStatistics import com.tencent.bkrepo.common.metadata.pojo.project.ProjectUsageStatisticsListOption -import com.tencent.bkrepo.common.security.manager.PermissionManager +import com.tencent.bkrepo.common.metadata.service.project.ProjectUsageStatisticsService import com.tencent.bkrepo.common.security.permission.Principal import com.tencent.bkrepo.common.security.permission.PrincipalType import com.tencent.bkrepo.common.security.util.SecurityUtils diff --git a/src/backend/replication/biz-replication/src/main/kotlin/com/tencent/bkrepo/replication/controller/api/EdgePullReplicaTaskController.kt b/src/backend/replication/biz-replication/src/main/kotlin/com/tencent/bkrepo/replication/controller/api/EdgePullReplicaTaskController.kt index 89c89256d8..ae3245e83f 100644 --- a/src/backend/replication/biz-replication/src/main/kotlin/com/tencent/bkrepo/replication/controller/api/EdgePullReplicaTaskController.kt +++ b/src/backend/replication/biz-replication/src/main/kotlin/com/tencent/bkrepo/replication/controller/api/EdgePullReplicaTaskController.kt @@ -30,7 +30,7 @@ package com.tencent.bkrepo.replication.controller.api import com.tencent.bkrepo.auth.pojo.enums.PermissionAction import com.tencent.bkrepo.common.api.pojo.Response import com.tencent.bkrepo.common.api.util.Preconditions -import com.tencent.bkrepo.common.security.manager.PermissionManager +import com.tencent.bkrepo.common.metadata.permission.PermissionManager import com.tencent.bkrepo.common.service.util.ResponseBuilder import com.tencent.bkrepo.replication.pojo.request.ReplicaType import com.tencent.bkrepo.replication.pojo.task.ReplicaTaskInfo diff --git a/src/backend/replication/biz-replication/src/main/kotlin/com/tencent/bkrepo/replication/controller/service/ArtifactReplicaController.kt b/src/backend/replication/biz-replication/src/main/kotlin/com/tencent/bkrepo/replication/controller/service/ArtifactReplicaController.kt index 0f0b9109e7..7dc0b64bec 100644 --- a/src/backend/replication/biz-replication/src/main/kotlin/com/tencent/bkrepo/replication/controller/service/ArtifactReplicaController.kt +++ b/src/backend/replication/biz-replication/src/main/kotlin/com/tencent/bkrepo/replication/controller/service/ArtifactReplicaController.kt @@ -30,6 +30,7 @@ package com.tencent.bkrepo.replication.controller.service import com.tencent.bkrepo.auth.api.ServiceUserClient import com.tencent.bkrepo.auth.pojo.enums.PermissionAction import com.tencent.bkrepo.common.api.pojo.Response +import com.tencent.bkrepo.common.metadata.permission.PermissionManager import com.tencent.bkrepo.common.artifact.api.ArtifactInfo import com.tencent.bkrepo.common.metadata.service.metadata.MetadataService import com.tencent.bkrepo.common.metadata.service.node.NodeService @@ -37,7 +38,6 @@ import com.tencent.bkrepo.common.metadata.service.packages.PackageService import com.tencent.bkrepo.common.metadata.service.project.ProjectService import com.tencent.bkrepo.common.metadata.service.repo.RepositoryService import com.tencent.bkrepo.common.security.exception.PermissionException -import com.tencent.bkrepo.common.security.manager.PermissionManager import com.tencent.bkrepo.common.security.permission.Principal import com.tencent.bkrepo.common.security.permission.PrincipalType import com.tencent.bkrepo.common.service.util.ResponseBuilder diff --git a/src/backend/repository/api-repository/src/main/kotlin/com/tencent/bkrepo/repository/api/PipelineNodeClient.kt b/src/backend/repository/api-repository/src/main/kotlin/com/tencent/bkrepo/repository/api/PipelineNodeClient.kt index 656b7fa95a..c77f742ce9 100644 --- a/src/backend/repository/api-repository/src/main/kotlin/com/tencent/bkrepo/repository/api/PipelineNodeClient.kt +++ b/src/backend/repository/api-repository/src/main/kotlin/com/tencent/bkrepo/repository/api/PipelineNodeClient.kt @@ -40,6 +40,7 @@ import org.springframework.web.bind.annotation.RequestMapping @Api("流水线节点") @FeignClient(REPOSITORY_SERVICE_NAME, contextId = "PipelineNodeClient", primary = false) @RequestMapping("/service/pipeline") +@Deprecated("replace with PipelineNodeService") interface PipelineNodeClient { @GetMapping("/list/{projectId}/{repoName}") @ApiOperation("获取流水线制品目录") diff --git a/src/backend/repository/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository/controller/cluster/ClusterMetadataController.kt b/src/backend/repository/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository/controller/cluster/ClusterMetadataController.kt index 17a2a9e0b2..315e1573cc 100644 --- a/src/backend/repository/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository/controller/cluster/ClusterMetadataController.kt +++ b/src/backend/repository/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository/controller/cluster/ClusterMetadataController.kt @@ -29,12 +29,12 @@ package com.tencent.bkrepo.repository.controller.cluster import com.tencent.bkrepo.auth.pojo.enums.PermissionAction import com.tencent.bkrepo.common.api.pojo.Response -import com.tencent.bkrepo.common.security.manager.PermissionManager +import com.tencent.bkrepo.common.metadata.permission.PermissionManager +import com.tencent.bkrepo.common.metadata.service.metadata.MetadataService import com.tencent.bkrepo.common.service.util.ResponseBuilder import com.tencent.bkrepo.repository.api.cluster.ClusterMetadataClient import com.tencent.bkrepo.repository.pojo.metadata.MetadataDeleteRequest import com.tencent.bkrepo.repository.pojo.metadata.MetadataSaveRequest -import com.tencent.bkrepo.common.metadata.service.metadata.MetadataService import org.springframework.web.bind.annotation.RestController @RestController diff --git a/src/backend/repository/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository/controller/cluster/ClusterNodeController.kt b/src/backend/repository/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository/controller/cluster/ClusterNodeController.kt index 91cf25648e..8b999777b8 100644 --- a/src/backend/repository/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository/controller/cluster/ClusterNodeController.kt +++ b/src/backend/repository/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository/controller/cluster/ClusterNodeController.kt @@ -31,7 +31,7 @@ import com.tencent.bkrepo.auth.pojo.enums.PermissionAction import com.tencent.bkrepo.common.api.pojo.Response import com.tencent.bkrepo.common.artifact.api.ArtifactInfo import com.tencent.bkrepo.common.artifact.path.PathUtils -import com.tencent.bkrepo.common.security.manager.PermissionManager +import com.tencent.bkrepo.common.metadata.permission.PermissionManager import com.tencent.bkrepo.common.service.util.ResponseBuilder import com.tencent.bkrepo.repository.api.cluster.ClusterNodeClient import com.tencent.bkrepo.repository.pojo.node.NodeDeleteResult diff --git a/src/backend/repository/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository/controller/cluster/ClusterPackageController.kt b/src/backend/repository/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository/controller/cluster/ClusterPackageController.kt index fb4869ff69..fa7b85451d 100644 --- a/src/backend/repository/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository/controller/cluster/ClusterPackageController.kt +++ b/src/backend/repository/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository/controller/cluster/ClusterPackageController.kt @@ -33,7 +33,7 @@ package com.tencent.bkrepo.repository.controller.cluster import com.tencent.bkrepo.auth.pojo.enums.PermissionAction import com.tencent.bkrepo.common.api.pojo.Response -import com.tencent.bkrepo.common.security.manager.PermissionManager +import com.tencent.bkrepo.common.metadata.permission.PermissionManager import com.tencent.bkrepo.common.service.util.ResponseBuilder import com.tencent.bkrepo.repository.api.cluster.ClusterPackageClient import com.tencent.bkrepo.repository.pojo.packages.request.PackageUpdateRequest diff --git a/src/backend/repository/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository/controller/cluster/ClusterPackageDependentsController.kt b/src/backend/repository/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository/controller/cluster/ClusterPackageDependentsController.kt index 9a5740bf06..a8da78e8a9 100644 --- a/src/backend/repository/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository/controller/cluster/ClusterPackageDependentsController.kt +++ b/src/backend/repository/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository/controller/cluster/ClusterPackageDependentsController.kt @@ -33,7 +33,7 @@ package com.tencent.bkrepo.repository.controller.cluster import com.tencent.bkrepo.auth.pojo.enums.PermissionAction import com.tencent.bkrepo.common.api.pojo.Response -import com.tencent.bkrepo.common.security.manager.PermissionManager +import com.tencent.bkrepo.common.metadata.permission.PermissionManager import com.tencent.bkrepo.common.service.util.ResponseBuilder import com.tencent.bkrepo.repository.api.cluster.ClusterPackageDependentsClient import com.tencent.bkrepo.repository.pojo.dependent.PackageDependentsRelation diff --git a/src/backend/repository/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository/controller/cluster/ClusterRepositoryController.kt b/src/backend/repository/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository/controller/cluster/ClusterRepositoryController.kt index 04fc3a25df..ba7db7ffa3 100644 --- a/src/backend/repository/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository/controller/cluster/ClusterRepositoryController.kt +++ b/src/backend/repository/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository/controller/cluster/ClusterRepositoryController.kt @@ -29,14 +29,14 @@ package com.tencent.bkrepo.repository.controller.cluster import com.tencent.bkrepo.auth.pojo.enums.PermissionAction import com.tencent.bkrepo.common.api.pojo.Response -import com.tencent.bkrepo.common.security.manager.PermissionManager +import com.tencent.bkrepo.common.metadata.permission.PermissionManager +import com.tencent.bkrepo.common.metadata.service.repo.RepositoryService import com.tencent.bkrepo.common.service.util.ResponseBuilder import com.tencent.bkrepo.repository.api.cluster.ClusterRepositoryClient import com.tencent.bkrepo.repository.pojo.repo.RepoCreateRequest import com.tencent.bkrepo.repository.pojo.repo.RepoDeleteRequest import com.tencent.bkrepo.repository.pojo.repo.RepoUpdateRequest import com.tencent.bkrepo.repository.pojo.repo.RepositoryDetail -import com.tencent.bkrepo.common.metadata.service.repo.RepositoryService import org.springframework.web.bind.annotation.RestController @RestController diff --git a/src/backend/repository/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository/controller/cluster/ClusterStageController.kt b/src/backend/repository/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository/controller/cluster/ClusterStageController.kt index 4018e25219..d60a85ca9c 100644 --- a/src/backend/repository/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository/controller/cluster/ClusterStageController.kt +++ b/src/backend/repository/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository/controller/cluster/ClusterStageController.kt @@ -33,7 +33,7 @@ package com.tencent.bkrepo.repository.controller.cluster import com.tencent.bkrepo.auth.pojo.enums.PermissionAction import com.tencent.bkrepo.common.api.pojo.Response -import com.tencent.bkrepo.common.security.manager.PermissionManager +import com.tencent.bkrepo.common.metadata.permission.PermissionManager import com.tencent.bkrepo.common.service.util.ResponseBuilder import com.tencent.bkrepo.repository.api.cluster.ClusterStageClient import com.tencent.bkrepo.repository.pojo.stage.StageUpgradeRequest diff --git a/src/backend/repository/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository/controller/service/PipelineNodeController.kt b/src/backend/repository/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository/controller/service/PipelineNodeController.kt index 4bc387d177..6f58179144 100644 --- a/src/backend/repository/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository/controller/service/PipelineNodeController.kt +++ b/src/backend/repository/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository/controller/service/PipelineNodeController.kt @@ -32,7 +32,7 @@ import com.tencent.bkrepo.common.security.util.SecurityUtils import com.tencent.bkrepo.common.service.util.ResponseBuilder import com.tencent.bkrepo.repository.api.PipelineNodeClient import com.tencent.bkrepo.repository.pojo.node.NodeInfo -import com.tencent.bkrepo.repository.service.node.PipelineNodeService +import com.tencent.bkrepo.common.metadata.service.node.PipelineNodeService import org.springframework.context.annotation.Primary import org.springframework.web.bind.annotation.RestController diff --git a/src/backend/repository/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository/controller/user/FavoriteController.kt b/src/backend/repository/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository/controller/user/FavoriteController.kt index 1b044b0f30..0aeeb57679 100644 --- a/src/backend/repository/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository/controller/user/FavoriteController.kt +++ b/src/backend/repository/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository/controller/user/FavoriteController.kt @@ -36,13 +36,13 @@ import com.tencent.bkrepo.common.api.constant.ANONYMOUS_USER import com.tencent.bkrepo.common.api.constant.HttpStatus import com.tencent.bkrepo.common.api.pojo.Page import com.tencent.bkrepo.common.api.pojo.Response -import com.tencent.bkrepo.common.security.manager.PermissionManager +import com.tencent.bkrepo.common.metadata.permission.PermissionManager import com.tencent.bkrepo.common.service.util.ResponseBuilder -import com.tencent.bkrepo.repository.pojo.favorite.FavoriteRequest -import com.tencent.bkrepo.repository.pojo.favorite.FavoriteType import com.tencent.bkrepo.repository.pojo.favorite.FavoriteCreateRequest import com.tencent.bkrepo.repository.pojo.favorite.FavoriteQueryRequest +import com.tencent.bkrepo.repository.pojo.favorite.FavoriteRequest import com.tencent.bkrepo.repository.pojo.favorite.FavoriteResult +import com.tencent.bkrepo.repository.pojo.favorite.FavoriteType import com.tencent.bkrepo.repository.service.favorites.FavoriteService import io.swagger.annotations.Api import io.swagger.annotations.ApiOperation @@ -117,4 +117,4 @@ class FavoriteController( return ResponseBuilder.success(favoriteService.queryFavorite(userId, request)) } -} \ No newline at end of file +} diff --git a/src/backend/repository/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository/controller/user/UserArtifactPreloadController.kt b/src/backend/repository/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository/controller/user/UserArtifactPreloadController.kt index 5ced5d2e76..2b1edab60b 100644 --- a/src/backend/repository/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository/controller/user/UserArtifactPreloadController.kt +++ b/src/backend/repository/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository/controller/user/UserArtifactPreloadController.kt @@ -42,8 +42,8 @@ import com.tencent.bkrepo.common.artifact.cache.pojo.ArtifactPreloadStrategyCrea import com.tencent.bkrepo.common.artifact.cache.pojo.ArtifactPreloadStrategyUpdateRequest import com.tencent.bkrepo.common.artifact.cache.service.ArtifactPreloadPlanService import com.tencent.bkrepo.common.artifact.cache.service.ArtifactPreloadStrategyService +import com.tencent.bkrepo.common.metadata.permission.PermissionManager import com.tencent.bkrepo.common.mongo.dao.util.Pages -import com.tencent.bkrepo.common.security.manager.PermissionManager import com.tencent.bkrepo.common.security.permission.Permission import com.tencent.bkrepo.common.security.util.SecurityUtils import com.tencent.bkrepo.common.service.util.ResponseBuilder diff --git a/src/backend/repository/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository/controller/user/UserListViewController.kt b/src/backend/repository/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository/controller/user/UserListViewController.kt index 790d350065..67f318bd32 100644 --- a/src/backend/repository/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository/controller/user/UserListViewController.kt +++ b/src/backend/repository/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository/controller/user/UserListViewController.kt @@ -35,7 +35,7 @@ import com.tencent.bkrepo.auth.pojo.enums.PermissionAction import com.tencent.bkrepo.auth.pojo.enums.ResourceType import com.tencent.bkrepo.common.artifact.api.ArtifactInfo import com.tencent.bkrepo.common.artifact.api.DefaultArtifactInfo.Companion.DEFAULT_MAPPING_URI -import com.tencent.bkrepo.common.security.manager.PermissionManager +import com.tencent.bkrepo.common.metadata.permission.PermissionManager import com.tencent.bkrepo.common.security.permission.Permission import com.tencent.bkrepo.common.security.permission.Principal import com.tencent.bkrepo.common.security.permission.PrincipalType diff --git a/src/backend/repository/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository/controller/user/UserMetadataLabelController.kt b/src/backend/repository/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository/controller/user/UserMetadataLabelController.kt index ba0ada74d7..b78b18d34b 100644 --- a/src/backend/repository/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository/controller/user/UserMetadataLabelController.kt +++ b/src/backend/repository/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository/controller/user/UserMetadataLabelController.kt @@ -29,7 +29,7 @@ package com.tencent.bkrepo.repository.controller.user import com.tencent.bkrepo.auth.pojo.enums.PermissionAction import com.tencent.bkrepo.common.api.pojo.Response -import com.tencent.bkrepo.common.security.manager.PermissionManager +import com.tencent.bkrepo.common.metadata.permission.PermissionManager import com.tencent.bkrepo.common.service.util.ResponseBuilder import com.tencent.bkrepo.repository.pojo.metadata.label.MetadataLabelDetail import com.tencent.bkrepo.repository.pojo.metadata.label.MetadataLabelRequest diff --git a/src/backend/repository/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository/controller/user/UserNodeController.kt b/src/backend/repository/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository/controller/user/UserNodeController.kt index 6cabfe9e36..8db62f11cf 100644 --- a/src/backend/repository/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository/controller/user/UserNodeController.kt +++ b/src/backend/repository/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository/controller/user/UserNodeController.kt @@ -41,13 +41,12 @@ import com.tencent.bkrepo.common.artifact.api.ArtifactPathVariable import com.tencent.bkrepo.common.artifact.api.DefaultArtifactInfo.Companion.DEFAULT_MAPPING_URI import com.tencent.bkrepo.common.artifact.message.ArtifactMessageCode import com.tencent.bkrepo.common.artifact.path.PathUtils +import com.tencent.bkrepo.common.metadata.permission.PermissionManager import com.tencent.bkrepo.common.query.model.QueryModel -import com.tencent.bkrepo.common.security.manager.PermissionManager import com.tencent.bkrepo.common.security.permission.Permission import com.tencent.bkrepo.common.security.permission.Principal import com.tencent.bkrepo.common.security.permission.PrincipalType import com.tencent.bkrepo.common.service.util.ResponseBuilder -import com.tencent.bkrepo.repository.pojo.node.service.NodeArchiveRestoreRequest import com.tencent.bkrepo.repository.pojo.node.NodeDeleteResult import com.tencent.bkrepo.repository.pojo.node.NodeDeletedPoint import com.tencent.bkrepo.repository.pojo.node.NodeDetail @@ -56,6 +55,7 @@ import com.tencent.bkrepo.repository.pojo.node.NodeListOption import com.tencent.bkrepo.common.metadata.pojo.node.NodeRestoreOption import com.tencent.bkrepo.repository.pojo.node.NodeRestoreResult import com.tencent.bkrepo.repository.pojo.node.NodeSizeInfo +import com.tencent.bkrepo.repository.pojo.node.service.NodeArchiveRestoreRequest import com.tencent.bkrepo.repository.pojo.node.service.NodeCreateRequest import com.tencent.bkrepo.repository.pojo.node.service.NodeDeleteRequest import com.tencent.bkrepo.repository.pojo.node.service.NodeLinkRequest diff --git a/src/backend/repository/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository/controller/user/UserOperateLogController.kt b/src/backend/repository/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository/controller/user/UserOperateLogController.kt index c5b5c7c3dc..31e244073c 100644 --- a/src/backend/repository/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository/controller/user/UserOperateLogController.kt +++ b/src/backend/repository/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository/controller/user/UserOperateLogController.kt @@ -30,12 +30,12 @@ package com.tencent.bkrepo.repository.controller.user import com.tencent.bkrepo.auth.pojo.enums.PermissionAction import com.tencent.bkrepo.common.api.pojo.Page import com.tencent.bkrepo.common.api.pojo.Response -import com.tencent.bkrepo.common.metadata.service.log.OperateLogService +import com.tencent.bkrepo.common.metadata.permission.PermissionManager import com.tencent.bkrepo.common.metadata.pojo.log.OpLogListOption import com.tencent.bkrepo.common.metadata.pojo.log.OperateLog import com.tencent.bkrepo.common.metadata.pojo.log.OperateLogResponse +import com.tencent.bkrepo.common.metadata.service.log.OperateLogService import com.tencent.bkrepo.common.security.exception.PermissionException -import com.tencent.bkrepo.common.security.manager.PermissionManager import com.tencent.bkrepo.common.security.permission.PrincipalType import com.tencent.bkrepo.common.security.util.SecurityUtils import com.tencent.bkrepo.common.service.util.ResponseBuilder diff --git a/src/backend/repository/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository/controller/user/UserPackageDownloadsController.kt b/src/backend/repository/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository/controller/user/UserPackageDownloadsController.kt index 5a4c33a046..a228f0509e 100644 --- a/src/backend/repository/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository/controller/user/UserPackageDownloadsController.kt +++ b/src/backend/repository/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository/controller/user/UserPackageDownloadsController.kt @@ -33,7 +33,7 @@ package com.tencent.bkrepo.repository.controller.user import com.tencent.bkrepo.auth.pojo.enums.PermissionAction import com.tencent.bkrepo.common.api.pojo.Response -import com.tencent.bkrepo.common.security.manager.PermissionManager +import com.tencent.bkrepo.common.metadata.permission.PermissionManager import com.tencent.bkrepo.common.service.util.ResponseBuilder import com.tencent.bkrepo.repository.pojo.download.DetailsQueryRequest import com.tencent.bkrepo.repository.pojo.download.PackageDownloadsDetails diff --git a/src/backend/repository/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository/controller/user/UserPipelineController.kt b/src/backend/repository/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository/controller/user/UserPipelineController.kt index b92c2712d1..9b62dc4c6c 100644 --- a/src/backend/repository/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository/controller/user/UserPipelineController.kt +++ b/src/backend/repository/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository/controller/user/UserPipelineController.kt @@ -34,7 +34,7 @@ package com.tencent.bkrepo.repository.controller.user import com.tencent.bkrepo.common.api.pojo.Response import com.tencent.bkrepo.common.service.util.ResponseBuilder import com.tencent.bkrepo.repository.pojo.node.NodeInfo -import com.tencent.bkrepo.repository.service.node.PipelineNodeService +import com.tencent.bkrepo.common.metadata.service.node.PipelineNodeService import org.springframework.web.bind.annotation.GetMapping import org.springframework.web.bind.annotation.PathVariable import org.springframework.web.bind.annotation.RequestAttribute diff --git a/src/backend/repository/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository/controller/user/UserProjectController.kt b/src/backend/repository/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository/controller/user/UserProjectController.kt index b503ee6652..5bc1c43138 100644 --- a/src/backend/repository/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository/controller/user/UserProjectController.kt +++ b/src/backend/repository/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository/controller/user/UserProjectController.kt @@ -30,7 +30,8 @@ package com.tencent.bkrepo.repository.controller.user import com.tencent.bkrepo.auth.pojo.enums.PermissionAction import com.tencent.bkrepo.common.api.pojo.Page import com.tencent.bkrepo.common.api.pojo.Response -import com.tencent.bkrepo.common.security.manager.PermissionManager +import com.tencent.bkrepo.common.metadata.permission.PermissionManager +import com.tencent.bkrepo.common.metadata.service.project.ProjectService import com.tencent.bkrepo.common.security.permission.Principal import com.tencent.bkrepo.common.security.permission.PrincipalType import com.tencent.bkrepo.common.service.util.ResponseBuilder @@ -41,7 +42,6 @@ import com.tencent.bkrepo.repository.pojo.project.ProjectMetricsInfo import com.tencent.bkrepo.repository.pojo.project.ProjectSearchOption import com.tencent.bkrepo.repository.pojo.project.ProjectUpdateRequest import com.tencent.bkrepo.repository.pojo.project.UserProjectCreateRequest -import com.tencent.bkrepo.common.metadata.service.project.ProjectService import io.swagger.annotations.Api import io.swagger.annotations.ApiOperation import io.swagger.annotations.ApiParam diff --git a/src/backend/repository/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository/controller/user/UserRepositoryController.kt b/src/backend/repository/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository/controller/user/UserRepositoryController.kt index a3a6c87556..897d992623 100644 --- a/src/backend/repository/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository/controller/user/UserRepositoryController.kt +++ b/src/backend/repository/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository/controller/user/UserRepositoryController.kt @@ -31,9 +31,10 @@ import com.tencent.bkrepo.auth.pojo.enums.PermissionAction import com.tencent.bkrepo.auth.pojo.enums.ResourceType import com.tencent.bkrepo.common.api.pojo.Page import com.tencent.bkrepo.common.api.pojo.Response +import com.tencent.bkrepo.common.metadata.permission.PermissionManager import com.tencent.bkrepo.common.metadata.service.node.NodeService import com.tencent.bkrepo.common.metadata.service.repo.QuotaService -import com.tencent.bkrepo.common.security.manager.PermissionManager +import com.tencent.bkrepo.common.metadata.service.repo.RepositoryService import com.tencent.bkrepo.common.security.permission.Permission import com.tencent.bkrepo.common.service.util.ResponseBuilder import com.tencent.bkrepo.repository.pojo.repo.ArchiveInfo @@ -46,7 +47,6 @@ import com.tencent.bkrepo.repository.pojo.repo.RepositoryDetail import com.tencent.bkrepo.repository.pojo.repo.RepositoryInfo import com.tencent.bkrepo.repository.pojo.repo.UserRepoCreateRequest import com.tencent.bkrepo.repository.pojo.repo.UserRepoUpdateRequest -import com.tencent.bkrepo.common.metadata.service.repo.RepositoryService import io.swagger.annotations.Api import io.swagger.annotations.ApiOperation import io.swagger.annotations.ApiParam diff --git a/src/backend/repository/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository/controller/user/UserShareController.kt b/src/backend/repository/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository/controller/user/UserShareController.kt index 41a3651790..95830c762a 100644 --- a/src/backend/repository/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository/controller/user/UserShareController.kt +++ b/src/backend/repository/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository/controller/user/UserShareController.kt @@ -39,7 +39,7 @@ import com.tencent.bkrepo.common.artifact.api.ArtifactPathVariable import com.tencent.bkrepo.common.artifact.api.DefaultArtifactInfo import com.tencent.bkrepo.common.artifact.api.DefaultArtifactInfo.Companion.DEFAULT_MAPPING_URI import com.tencent.bkrepo.common.artifact.path.PathUtils -import com.tencent.bkrepo.common.security.manager.PermissionManager +import com.tencent.bkrepo.common.metadata.permission.PermissionManager import com.tencent.bkrepo.common.security.permission.Permission import com.tencent.bkrepo.common.service.util.ResponseBuilder import com.tencent.bkrepo.repository.pojo.share.BatchShareRecordCreateRequest diff --git a/src/backend/repository/biz-repository/src/test/kotlin/com/tencent/bkrepo/repository/service/ServiceBaseTest.kt b/src/backend/repository/biz-repository/src/test/kotlin/com/tencent/bkrepo/repository/service/ServiceBaseTest.kt index 657dec0907..dc990601b3 100644 --- a/src/backend/repository/biz-repository/src/test/kotlin/com/tencent/bkrepo/repository/service/ServiceBaseTest.kt +++ b/src/backend/repository/biz-repository/src/test/kotlin/com/tencent/bkrepo/repository/service/ServiceBaseTest.kt @@ -48,6 +48,7 @@ import com.tencent.bkrepo.common.metadata.dao.node.NodeDao import com.tencent.bkrepo.common.metadata.dao.project.ProjectDao import com.tencent.bkrepo.common.metadata.dao.repo.RepositoryDao import com.tencent.bkrepo.common.metadata.listener.ResourcePermissionListener +import com.tencent.bkrepo.common.metadata.permission.PermissionManager import com.tencent.bkrepo.common.metadata.service.log.OperateLogService import com.tencent.bkrepo.common.metadata.service.project.ProjectService import com.tencent.bkrepo.common.metadata.service.repo.RepositoryService @@ -55,7 +56,6 @@ import com.tencent.bkrepo.common.metadata.service.repo.ResourceClearService import com.tencent.bkrepo.common.metadata.util.RepositoryServiceHelper import com.tencent.bkrepo.common.metadata.util.StorageCredentialHelper import com.tencent.bkrepo.common.security.http.core.HttpAuthProperties -import com.tencent.bkrepo.common.security.manager.PermissionManager import com.tencent.bkrepo.common.security.manager.ci.CIPermissionManager import com.tencent.bkrepo.common.service.cluster.properties.ClusterProperties import com.tencent.bkrepo.common.service.util.ResponseBuilder diff --git a/src/backend/webhook/biz-webhook/src/main/kotlin/com/tencent/bkrepo/webhook/service/impl/WebHookServiceImpl.kt b/src/backend/webhook/biz-webhook/src/main/kotlin/com/tencent/bkrepo/webhook/service/impl/WebHookServiceImpl.kt index fcc74e953b..2a204cf073 100644 --- a/src/backend/webhook/biz-webhook/src/main/kotlin/com/tencent/bkrepo/webhook/service/impl/WebHookServiceImpl.kt +++ b/src/backend/webhook/biz-webhook/src/main/kotlin/com/tencent/bkrepo/webhook/service/impl/WebHookServiceImpl.kt @@ -33,7 +33,7 @@ import com.tencent.bkrepo.common.api.exception.ErrorCodeException import com.tencent.bkrepo.common.api.util.Preconditions import com.tencent.bkrepo.common.api.util.readJsonString import com.tencent.bkrepo.common.artifact.event.base.ArtifactEvent -import com.tencent.bkrepo.common.security.manager.PermissionManager +import com.tencent.bkrepo.common.metadata.permission.PermissionManager import com.tencent.bkrepo.common.security.permission.PrincipalType import com.tencent.bkrepo.webhook.constant.AssociationType import com.tencent.bkrepo.webhook.constant.WebHookRequestStatus diff --git a/src/backend/webhook/biz-webhook/src/test/kotlin/com/tencent/bkrepo/webhook/service/ServiceBaseTest.kt b/src/backend/webhook/biz-webhook/src/test/kotlin/com/tencent/bkrepo/webhook/service/ServiceBaseTest.kt index b9a51826d4..26716f90cc 100644 --- a/src/backend/webhook/biz-webhook/src/test/kotlin/com/tencent/bkrepo/webhook/service/ServiceBaseTest.kt +++ b/src/backend/webhook/biz-webhook/src/test/kotlin/com/tencent/bkrepo/webhook/service/ServiceBaseTest.kt @@ -29,7 +29,7 @@ package com.tencent.bkrepo.webhook.service import com.tencent.bkrepo.auth.api.ServicePermissionClient import com.tencent.bkrepo.auth.api.ServiceUserClient -import com.tencent.bkrepo.common.security.manager.PermissionManager +import com.tencent.bkrepo.common.metadata.permission.PermissionManager import com.tencent.bkrepo.webhook.config.WebHookProperties import com.tencent.bkrepo.webhook.dao.WebHookDao import com.tencent.bkrepo.webhook.dao.WebHookLogDao