diff --git a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/enum/RemoveMemberButtonControl.kt b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/enum/RemoveMemberButtonControl.kt index fc06012edd1..55064743eb0 100644 --- a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/enum/RemoveMemberButtonControl.kt +++ b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/enum/RemoveMemberButtonControl.kt @@ -37,6 +37,9 @@ enum class RemoveMemberButtonControl { // 通过模板加入,不允许移出组 TEMPLATE, + // 用户通过组织 间接加入,不允许移出组 + DEPARTMENT, + // 其他,允许移出组 OTHER } diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/RbacPermissionManageFacadeServiceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/RbacPermissionManageFacadeServiceImpl.kt index a94d06cc606..33966d3d72c 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/RbacPermissionManageFacadeServiceImpl.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/RbacPermissionManageFacadeServiceImpl.kt @@ -152,7 +152,8 @@ class RbacPermissionManageFacadeServiceImpl( resourceGroup = resourceGroup, groupMemberDetail = groupMemberDetail, uniqueManagerGroups = uniqueManagerGroups, - authResourceGroupMember = it + authResourceGroupMember = it, + operateChannel = operateChannel ) ) } @@ -234,7 +235,8 @@ class RbacPermissionManageFacadeServiceImpl( resourceGroup: TAuthResourceGroupRecord, groupMemberDetail: MemberGroupDetailsResponse?, uniqueManagerGroups: List, - authResourceGroupMember: AuthResourceGroupMember + authResourceGroupMember: AuthResourceGroupMember, + operateChannel: OperateChannel? ): GroupDetailsInfoVo { // 如果用户离职,查询权限中心接口会报错,因此从数据库直接取数据,而不去调用权限中心接口。 val (expiredAt, joinedTime) = if (groupMemberDetail != null) { @@ -275,6 +277,10 @@ class RbacPermissionManageFacadeServiceImpl( authResourceGroupMember.memberType == MemberType.TEMPLATE.type -> RemoveMemberButtonControl.TEMPLATE + operateChannel == OperateChannel.PERSONAL && + authResourceGroupMember.memberType == MemberType.DEPARTMENT.type -> + RemoveMemberButtonControl.DEPARTMENT + resourceGroup.resourceType == AuthResourceType.PROJECT.value && uniqueManagerGroups.contains(authResourceGroupMember.iamGroupId) -> RemoveMemberButtonControl.UNIQUE_MANAGER @@ -285,9 +291,11 @@ class RbacPermissionManageFacadeServiceImpl( else -> RemoveMemberButtonControl.OTHER }, - joinedType = when (authResourceGroupMember.memberType) { - MemberType.TEMPLATE.type -> JoinedType.TEMPLATE - MemberType.DEPARTMENT.type -> JoinedType.DEPARTMENT + joinedType = when { + authResourceGroupMember.memberType == MemberType.TEMPLATE.type -> JoinedType.TEMPLATE + authResourceGroupMember.memberType == MemberType.DEPARTMENT.type && + operateChannel == OperateChannel.PERSONAL -> JoinedType.DEPARTMENT + else -> JoinedType.DIRECT }, operator = ""