Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat:用户个人视角 权限管理优化 #11138 #11215

Open
wants to merge 26 commits into
base: master
Choose a base branch
from
Open

feat:用户个人视角 权限管理优化 #11138 #11215

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
26 commits
Select commit Hold shift + click to select a range
bc9f5cd
feat:用户个人视角 权限管理优化 #11138
fcfang123 Oct 28, 2024
906ab3e
feat:用户个人视角 权限管理优化 #11138
fcfang123 Nov 11, 2024
36cd09b
feat:用户个人视角 权限管理优化 #11138
fcfang123 Nov 14, 2024
8b07d6e
feat:用户个人视角 权限管理优化 #11138
fcfang123 Nov 14, 2024
712e056
feat:用户个人视角 权限管理优化 #11138
fcfang123 Nov 14, 2024
753a8c0
feat:用户个人视角 权限管理优化 #11138
fcfang123 Nov 14, 2024
773dcd9
feat:用户个人视角 权限管理优化 #11138
fcfang123 Nov 15, 2024
d9cc732
feat:用户个人视角 权限管理优化 #11138
fcfang123 Nov 15, 2024
36ce9ea
feat:用户个人视角 权限管理优化 #11138
fcfang123 Nov 15, 2024
9e6f7ae
feat:用户个人视角 权限管理优化 #11138
fcfang123 Nov 15, 2024
717dd2d
feat:用户个人视角 权限管理优化 #11138
fcfang123 Nov 15, 2024
ba1dead
feat:用户个人视角 权限管理优化 #11138
fcfang123 Nov 15, 2024
237ffb6
feat:用户个人视角 权限管理优化 #11138
fcfang123 Nov 15, 2024
f9eba02
feat:用户个人视角 权限管理优化 #11138
fcfang123 Nov 15, 2024
8b96481
feat:用户个人视角 权限管理优化 #11138
fcfang123 Nov 15, 2024
60929d0
feat:用户个人视角 权限管理优化 #11138
fcfang123 Nov 18, 2024
a37597a
feat:用户个人视角 权限管理优化 #11138
fcfang123 Nov 18, 2024
a2b38b0
feat:用户个人视角 权限管理优化 #11138
fcfang123 Nov 20, 2024
994dcb8
feat:用户个人视角 权限管理优化 #11138
fcfang123 Nov 26, 2024
ae8d8d5
feat:用户个人视角 权限管理优化 #11138
fcfang123 Nov 29, 2024
5342b9f
feat:用户个人视角 权限管理优化 #11138
fcfang123 Dec 2, 2024
4fbdb4c
feat:用户个人视角 权限管理优化 #11138
fcfang123 Dec 3, 2024
052b431
feat:用户个人视角 权限管理优化 #11138
fcfang123 Dec 4, 2024
c51b0b6
feat:用户个人视角 权限管理优化 #11138
fcfang123 Dec 4, 2024
2cc000a
feat:用户个人视角 权限管理优化 #11138
fcfang123 Dec 4, 2024
7e2379e
feat:用户个人视角 权限管理优化 #11138
fcfang123 Dec 4, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 10 additions & 0 deletions ...pi-auth/src/main/kotlin/com/tencent/devops/auth/api/service/ServiceProjectAuthResource.kt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ package com.tencent.devops.auth.api.service

import com.tencent.devops.auth.pojo.vo.ProjectPermissionInfoVO
import com.tencent.devops.common.api.auth.AUTH_HEADER_DEVOPS_BK_TOKEN
import com.tencent.devops.common.api.auth.AUTH_HEADER_DEVOPS_USER_ID
import com.tencent.devops.common.api.auth.AUTH_HEADER_GIT_TYPE
import com.tencent.devops.common.api.auth.AUTH_HEADER_USER_ID
import com.tencent.devops.common.api.pojo.Result
Expand Down Expand Up @@ -247,4 +248,13 @@ interface ServiceProjectAuthResource {
@Parameter(description = "项目Code", required = true)
projectCode: String
): Result<ProjectPermissionInfoVO>

@GET
@Path("/listUserProjects")
@Operation(summary = "获取用户授权相关的项目")
fun listUserProjects(
@HeaderParam(AUTH_HEADER_DEVOPS_USER_ID)
@Parameter(description = "用户ID", required = true)
userId: String
): Result<List<String>>
}
4 changes: 4 additions & 0 deletions ...pi-auth/src/main/kotlin/com/tencent/devops/auth/api/user/UserAuthAuthorizationResource.kt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@

package com.tencent.devops.auth.api.user

import com.tencent.devops.auth.pojo.enum.OperateChannel
import com.tencent.devops.auth.pojo.vo.ResourceTypeInfoVo
import com.tencent.devops.common.api.auth.AUTH_HEADER_USER_ID
import com.tencent.devops.common.api.auth.AUTH_HEADER_USER_ID_DEFAULT_VALUE
Expand Down Expand Up @@ -68,6 +69,9 @@ interface UserAuthAuthorizationResource {
@Parameter(description = "项目ID", required = true)
@PathParam("projectId")
projectId: String,
@Parameter(description = "操作渠道", required = true)
@QueryParam("operateChannel")
operateChannel: OperateChannel?,
@Parameter(description = "查询条件", required = true)
condition: ResourceAuthorizationConditionRequest
): Result<SQLPage<ResourceAuthorizationResponse>>
Expand Down
100 changes: 100 additions & 0 deletions ...uth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/user/UserAuthHandoverResource.kt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,100 @@
package com.tencent.devops.auth.api.user

import com.tencent.devops.auth.pojo.request.HandoverDetailsQueryReq
import com.tencent.devops.auth.pojo.request.HandoverOverviewQueryReq
import com.tencent.devops.auth.pojo.request.HandoverOverviewUpdateReq
import com.tencent.devops.auth.pojo.request.ResourceType2CountOfHandoverQuery
import com.tencent.devops.auth.pojo.vo.HandoverAuthorizationDetailVo
import com.tencent.devops.auth.pojo.vo.HandoverGroupDetailVo
import com.tencent.devops.auth.pojo.vo.HandoverOverviewVo
import com.tencent.devops.auth.pojo.vo.ResourceType2CountVo
import com.tencent.devops.common.api.auth.AUTH_HEADER_USER_ID
import com.tencent.devops.common.api.auth.AUTH_HEADER_USER_ID_DEFAULT_VALUE
import com.tencent.devops.common.api.model.SQLPage
import com.tencent.devops.common.api.pojo.Result
import com.tencent.devops.common.auth.api.pojo.ResourceAuthorizationHandoverConditionRequest
import io.swagger.v3.oas.annotations.Operation
import io.swagger.v3.oas.annotations.Parameter
import io.swagger.v3.oas.annotations.tags.Tag
import javax.ws.rs.Consumes
import javax.ws.rs.HeaderParam
import javax.ws.rs.POST
import javax.ws.rs.Path
import javax.ws.rs.PathParam
import javax.ws.rs.Produces
import javax.ws.rs.core.MediaType

@Tag(name = "USER_RESOURCE_AUTHORIZATION", description = "用户-权限-交接相关")
@Path("/user/auth/handover/")
@Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_JSON)
interface UserAuthHandoverResource {
@POST
@Path("/{projectId}/handoverAuthorizationsApplication")
@Operation(summary = "交接授权申请")
fun handoverAuthorizationsApplication(
@Parameter(description = "用户ID", required = true, example = AUTH_HEADER_USER_ID_DEFAULT_VALUE)
@HeaderParam(AUTH_HEADER_USER_ID)
userId: String,
@Parameter(description = "项目ID", required = true)
@PathParam("projectId")
projectId: String,
@Parameter(description = "资源授权交接条件实体", required = true)
condition: ResourceAuthorizationHandoverConditionRequest
): Result<Boolean>

@POST
@Path("/listHandoverOverviews")
@Operation(summary = "权限交接总览列表")
fun listHandoverOverviews(
@Parameter(description = "用户名", required = true)
@HeaderParam(AUTH_HEADER_USER_ID)
userId: String,
@Parameter(description = "权限交接总览查询", required = true)
queryRequest: HandoverOverviewQueryReq
): Result<SQLPage<HandoverOverviewVo>>

@POST
@Path("/getResourceType2CountOfHandover")
@Operation(summary = "获取资源授权管理数量")
fun getResourceType2CountOfHandover(
@Parameter(description = "用户名", required = true)
@HeaderParam(AUTH_HEADER_USER_ID)
userId: String,
@Parameter(description = "查询请求体", required = true)
queryReq: ResourceType2CountOfHandoverQuery
): Result<List<ResourceType2CountVo>>

@POST
@Path("/listAuthorizationsOfHandover")
@Operation(summary = "获取交接单中授权相关")
fun listAuthorizationsOfHandover(
@Parameter(description = "用户名", required = true)
@HeaderParam(AUTH_HEADER_USER_ID)
userId: String,
@Parameter(description = "权限交接详细查询请求体", required = true)
queryReq: HandoverDetailsQueryReq
): Result<SQLPage<HandoverAuthorizationDetailVo>>

@POST
@Path("/listGroupsOfHandover")
@Operation(summary = "获取交接单中用户组相关")
fun listGroupsOfHandover(
@Parameter(description = "用户名", required = true)
@HeaderParam(AUTH_HEADER_USER_ID)
userId: String,
@Parameter(description = "权限交接详细查询请求体", required = true)
queryReq: HandoverDetailsQueryReq
): Result<SQLPage<HandoverGroupDetailVo>>

@POST
@Path("/handleHanoverApplication")
@Operation(summary = "处理交接审批单")
fun handleHanoverApplication(
@Parameter(description = "用户名", required = true)
@HeaderParam(AUTH_HEADER_USER_ID)
userId: String,
@Parameter(description = "更新权限交接总览请求体", required = true)
request: HandoverOverviewUpdateReq
): Result<Boolean>
}
4 changes: 4 additions & 0 deletions ...pi-auth/src/main/kotlin/com/tencent/devops/auth/api/user/UserAuthResourceGroupResource.kt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@ package com.tencent.devops.auth.api.user

import com.tencent.devops.auth.pojo.dto.GroupMemberRenewalDTO
import com.tencent.devops.auth.pojo.dto.RenameGroupDTO
import com.tencent.devops.auth.pojo.enum.OperateChannel
import com.tencent.devops.auth.pojo.vo.GroupDetailsInfoVo
import com.tencent.devops.auth.pojo.vo.IamGroupPoliciesVo
import com.tencent.devops.common.api.annotation.BkInterfaceI18n
Expand Down Expand Up @@ -110,6 +111,9 @@ interface UserAuthResourceGroupResource {
@QueryParam("action")
@Parameter(description = "操作")
action: String?,
@QueryParam("operateChannel")
@Parameter(description = "操作渠道")
operateChannel: OperateChannel?,
@Parameter(description = "起始位置,从0开始")
@QueryParam("start")
start: Int,
Expand Down
53 changes: 43 additions & 10 deletions ...i-auth/src/main/kotlin/com/tencent/devops/auth/api/user/UserAuthResourceMemberResource.kt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,15 +2,17 @@ package com.tencent.devops.auth.api.user

import com.tencent.devops.auth.pojo.ResourceMemberInfo
import com.tencent.devops.auth.pojo.enum.BatchOperateType
import com.tencent.devops.auth.pojo.enum.OperateChannel
import com.tencent.devops.auth.pojo.request.GroupMemberCommonConditionReq
import com.tencent.devops.auth.pojo.request.GroupMemberHandoverConditionReq
import com.tencent.devops.auth.pojo.request.GroupMemberRemoveConditionReq
import com.tencent.devops.auth.pojo.request.GroupMemberRenewalConditionReq
import com.tencent.devops.auth.pojo.request.GroupMemberSingleRenewalReq
import com.tencent.devops.auth.pojo.request.ProjectMembersQueryConditionReq
import com.tencent.devops.auth.pojo.request.RemoveMemberFromProjectReq
import com.tencent.devops.auth.pojo.vo.BatchOperateGroupMemberCheckVo
import com.tencent.devops.auth.pojo.vo.GroupDetailsInfoVo
import com.tencent.devops.auth.pojo.vo.MemberGroupCountWithPermissionsVo
import com.tencent.devops.auth.pojo.vo.ResourceType2CountVo
import com.tencent.devops.common.api.auth.AUTH_HEADER_USER_ID
import com.tencent.devops.common.api.model.SQLPage
import com.tencent.devops.common.api.pojo.Result
Expand Down Expand Up @@ -96,8 +98,8 @@ interface UserAuthResourceMemberResource {

@PUT
@Path("/batch/renewal")
@Operation(summary = "批量续期组成员权限--无需进行审批")
fun batchRenewalGroupMembers(
@Operation(summary = "批量续期组成员权限--管理员视角")
fun batchRenewalGroupMembersFromManager(
@Parameter(description = "用户名", required = true)
@HeaderParam(AUTH_HEADER_USER_ID)
userId: String,
Expand All @@ -110,22 +112,50 @@ interface UserAuthResourceMemberResource {

@DELETE
@Path("/batch/remove")
@Operation(summary = "批量移除用户组成员")
fun batchRemoveGroupMembers(
@Operation(summary = "批量移除用户组成员--管理员视角")
fun batchRemoveGroupMembersFromManager(
@Parameter(description = "用户名", required = true)
@HeaderParam(AUTH_HEADER_USER_ID)
userId: String,
@Parameter(description = "项目ID", required = true)
@PathParam("projectId")
projectId: String,
@Parameter(description = "批量移除成员请求实体")
removeMemberDTO: GroupMemberCommonConditionReq
removeMemberDTO: GroupMemberRemoveConditionReq
): Result<Boolean>

@DELETE
@Path("/batch/personal/remove")
@Operation(summary = "批量退出用户组成员--个人视角")
fun batchRemoveGroupMembersFromPersonal(
@Parameter(description = "用户名", required = true)
@HeaderParam(AUTH_HEADER_USER_ID)
userId: String,
@Parameter(description = "项目ID", required = true)
@PathParam("projectId")
projectId: String,
@Parameter(description = "批量移除成员请求实体")
removeMemberDTO: GroupMemberRemoveConditionReq
): Result<Boolean>

@PUT
@Path("/batch/handover")
@Operation(summary = "批量交接用户组成员")
fun batchHandoverGroupMembers(
@Operation(summary = "批量交接用户组成员--管理员视角")
fun batchHandoverGroupMembersFromManager(
@Parameter(description = "用户名", required = true)
@HeaderParam(AUTH_HEADER_USER_ID)
userId: String,
@Parameter(description = "项目ID", required = true)
@PathParam("projectId")
projectId: String,
@Parameter(description = "批量交接成员请求实体")
handoverMemberDTO: GroupMemberHandoverConditionReq
): Result<Boolean>

@PUT
@Path("/batch/personal/handover")
@Operation(summary = "批量交接用户组成员--个人视角")
fun batchHandoverApplicationFromPersonal(
@Parameter(description = "用户名", required = true)
@HeaderParam(AUTH_HEADER_USER_ID)
userId: String,
Expand Down Expand Up @@ -211,6 +241,9 @@ interface UserAuthResourceMemberResource {
relatedResourceCode: String?,
@QueryParam("action")
@Parameter(description = "操作")
action: String?
): Result<List<MemberGroupCountWithPermissionsVo>>
action: String?,
@QueryParam("operateChannel")
@Parameter(description = "操作渠道")
operateChannel: OperateChannel?
): Result<List<ResourceType2CountVo>>
}
4 changes: 4 additions & 0 deletions .../core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/constant/AuthI18nConstants.kt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,4 +47,8 @@ object AuthI18nConstants {
const val BK_MEMBER_EXPIRED_AT_DISPLAY_EXPIRED = "bkMemberExpiredAtDisplayExpired" // 有效期: 已过期
const val BK_MEMBER_EXPIRED_AT_DISPLAY_NORMAL = "bkMemberExpiredAtDisplayNormal" // 有效期: {0}天
const val BK_MEMBER_EXPIRED_AT_DISPLAY_PERMANENT = "bkMemberExpiredAtDisplayPermanent" // 有效期: 永久

const val BK_APPLY_TO_HANDOVER = "bkApplyToHandover" // 申请移交
const val BK_HANDOVER_GROUPS = "bkHandoverGroups" // {0}个权限用户组
const val BK_HANDOVER_AUTHORIZATIONS = "bkHandoverAuthorizations" // {0}个授权
}
7 changes: 7 additions & 0 deletions ...ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/constant/AuthMessageCode.kt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -142,4 +142,11 @@ object AuthMessageCode {
const val INVALID_EXPIRED_PERM_NOT_ALLOW_TO_HANDOVER = "2121089" // 已过期的权限不允许交接

const val ERROR_USER_INFORMATION_NOT_SYNCED = "2121090" // 请等待第二天用户信息同步后再尝试操作,因为新入职用户的信息尚未同步完成。

const val ERROR_HANDOVER_OVERVIEW_NOT_EXIST = "2121091" // 权限交接记录不存在
const val ERROR_HANDOVER_FINISH = "2121092" // 该交接申请单已被处理,不允许重复操作
const val ERROR_HANDOVER_REVOKE = "2121093" // 由于您不是该交接申请单的发起人,无法进行撤销操作
const val ERROR_HANDOVER_APPROVAL = "2121094" // 由于您不是该交接申请单的审批人,无法进行任何操作
const val ERROR_HANDOVER_HANDLE = "2121095" // 该交接申请单正在被处理中,请耐心等待
const val ERROR_HANDOVER_AUTHORIZATION = "2121096" // 交接操作不合法,用户没有对应授权的权限
}
20 changes: 20 additions & 0 deletions .../core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/dto/HandoverDetailDTO.kt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
package com.tencent.devops.auth.pojo.dto

import com.tencent.devops.auth.pojo.enum.HandoverType
import io.swagger.v3.oas.annotations.media.Schema

@Schema(title = "权限交接详细表")
data class HandoverDetailDTO(
@get:Schema(title = "项目ID")
val projectCode: String,
@get:Schema(title = "流程单号")
val flowNo: String,
@get:Schema(title = "授权/组ID")
val itemId: String,
@get:Schema(title = "组/授权资源关联的资源类型")
val resourceType: String,
@get:Schema(title = "交接类型")
val handoverType: HandoverType,
@get:Schema(title = "审批人")
var approver: String? = null
)
26 changes: 26 additions & 0 deletions ...th/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/dto/HandoverOverviewCreateDTO.kt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
package com.tencent.devops.auth.pojo.dto

import com.tencent.devops.auth.pojo.enum.HandoverStatus
import io.swagger.v3.oas.annotations.media.Schema

@Schema(title = "创建权限交接总览DTO")
data class HandoverOverviewCreateDTO(
@get:Schema(title = "项目ID")
val projectCode: String,
@get:Schema(title = "项目ID")
var title: String,
@get:Schema(title = "流程单号")
var flowNo: String,
@get:Schema(title = "申请人")
val applicant: String,
@get:Schema(title = "审批人")
val approver: String,
@get:Schema(title = "审批结果")
val handoverStatus: HandoverStatus,
@get:Schema(title = "用户组个数")
val groupCount: Int,
@get:Schema(title = "授权个数")
val authorizationCount: Int,
@get:Schema(title = "备注")
val remark: String? = null
)
13 changes: 13 additions & 0 deletions ...uth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/dto/InvalidAuthorizationsDTO.kt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
package com.tencent.devops.auth.pojo.dto

import io.swagger.v3.oas.annotations.media.Schema

@Schema(title = "移除/移交用户组成员导致的无效授权")
data class InvalidAuthorizationsDTO(
@get:Schema(title = "引起代持人权限失效的用户组")
val invalidGroupIds: List<Int>,
@get:Schema(title = "引起代持人权限失效的流水线")
val invalidPipelineIds: List<String>,
@get:Schema(title = "引起oauth失效的代码库")
val invalidRepertoryIds: List<String> = emptyList()
)
21 changes: 21 additions & 0 deletions ...ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/enum/HandoverAction.kt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
package com.tencent.devops.auth.pojo.enum

enum class HandoverAction(val value: Int) {
// 审批成功
AGREE(1),

// 审批驳回
REJECT(2),

// 撤销
REVOKE(3);

companion object {
fun get(value: Int): HandoverAction {
HandoverAction.values().forEach {
if (value == it.value) return it
}
throw IllegalArgumentException("No enum for constant $value")
}
}
}
34 changes: 34 additions & 0 deletions ...e/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/enum/HandoverQueryChannel.kt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
/*
* Tencent is pleased to support the open source community by making BK-CI 蓝鲸持续集成平台 available.
*
* Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved.
*
* BK-CI 蓝鲸持续集成平台 is licensed under the MIT license.
*
* A copy of the MIT License is included in this file.
*
*
* Terms of the MIT License:
* ---------------------------------------------------
* Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated
* documentation files (the "Software"), to deal in the Software without restriction, including without limitation the
* rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
* permit persons to whom the Software is furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all copies or substantial portions of
* the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
* LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
* NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
* WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/

package com.tencent.devops.auth.pojo.enum

enum class HandoverQueryChannel {
PREVIEW,

HANDOVER_APPLICATION
}
Loading
Loading