feat：用户个人视角权限管理优化 #11138

TencentBlueKing · Nov 18, 2024 · 28c4b67 · 28c4b67
1 parent d01a9ac
commit 28c4b67
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 5 deletions.
diff --git a/...h/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/enum/RemoveMemberButtonControl.kt b/...h/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/enum/RemoveMemberButtonControl.kt
@@ -37,6 +37,9 @@ enum class RemoveMemberButtonControl {
     // 通过模板加入，不允许移出组
     TEMPLATE,
 
+    // 用户通过组织 间接加入，不允许移出组
+    DEPARTMENT,
+
     // 其他，允许移出组
     OTHER
 }
diff --git a/...in/com/tencent/devops/auth/provider/rbac/service/RbacPermissionManageFacadeServiceImpl.kt b/...in/com/tencent/devops/auth/provider/rbac/service/RbacPermissionManageFacadeServiceImpl.kt
@@ -152,7 +152,8 @@ class RbacPermissionManageFacadeServiceImpl(
                     resourceGroup = resourceGroup,
                     groupMemberDetail = groupMemberDetail,
                     uniqueManagerGroups = uniqueManagerGroups,
-                    authResourceGroupMember = it
+                    authResourceGroupMember = it,
+                    operateChannel = operateChannel
                 )
             )
         }
@@ -234,7 +235,8 @@ class RbacPermissionManageFacadeServiceImpl(
         resourceGroup: TAuthResourceGroupRecord,
         groupMemberDetail: MemberGroupDetailsResponse?,
         uniqueManagerGroups: List<Int>,
-        authResourceGroupMember: AuthResourceGroupMember
+        authResourceGroupMember: AuthResourceGroupMember,
+        operateChannel: OperateChannel?
     ): GroupDetailsInfoVo {
         // 如果用户离职，查询权限中心接口会报错，因此从数据库直接取数据，而不去调用权限中心接口。
         val (expiredAt, joinedTime) = if (groupMemberDetail != null) {
@@ -275,6 +277,10 @@ class RbacPermissionManageFacadeServiceImpl(
                 authResourceGroupMember.memberType == MemberType.TEMPLATE.type ->
                     RemoveMemberButtonControl.TEMPLATE
 
+                operateChannel == OperateChannel.PERSONAL &&
+                    authResourceGroupMember.memberType == MemberType.DEPARTMENT.type ->
+                    RemoveMemberButtonControl.DEPARTMENT
+
                 resourceGroup.resourceType == AuthResourceType.PROJECT.value &&
                     uniqueManagerGroups.contains(authResourceGroupMember.iamGroupId) ->
                     RemoveMemberButtonControl.UNIQUE_MANAGER
@@ -285,9 +291,11 @@ class RbacPermissionManageFacadeServiceImpl(
                 else ->
                     RemoveMemberButtonControl.OTHER
             },
-            joinedType = when (authResourceGroupMember.memberType) {
-                MemberType.TEMPLATE.type -> JoinedType.TEMPLATE
-                MemberType.DEPARTMENT.type -> JoinedType.DEPARTMENT
+            joinedType = when {
+                authResourceGroupMember.memberType == MemberType.TEMPLATE.type -> JoinedType.TEMPLATE
+                authResourceGroupMember.memberType == MemberType.DEPARTMENT.type &&
+                    operateChannel == OperateChannel.PERSONAL -> JoinedType.DEPARTMENT
+
                 else -> JoinedType.DIRECT
             },
             operator = ""