diff --git a/VERSION b/VERSION index e6e1ff3a..656fd0d7 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.12.11 +1.12.12 diff --git a/build/bkpkg-bkiam.yaml b/build/bkpkg-bkiam.yaml new file mode 100644 index 00000000..c35ad419 --- /dev/null +++ b/build/bkpkg-bkiam.yaml @@ -0,0 +1,7 @@ +bkpkg: v1 +name: bkiam +type: file+tar +description: 权限中心后台 +contains: +relations: +bkimports: \ No newline at end of file diff --git a/pkg/api/web/handler/action_slz.go b/pkg/api/web/handler/action_slz.go index ba478676..61afbc8f 100644 --- a/pkg/api/web/handler/action_slz.go +++ b/pkg/api/web/handler/action_slz.go @@ -16,7 +16,7 @@ import ( const ( actionSupportFields = "id,name,name_en,related_resource_types,version,type,auth_type," + - "hidden,description,description_en,related_actions,related_environments" + "hidden,description,description_en,related_actions,related_environments,sensitivity" actionDefaultFields = "id,name,name_en" ) diff --git a/pkg/database/dao/expression.go b/pkg/database/dao/expression.go index d3cd126f..4ab5eb9c 100644 --- a/pkg/database/dao/expression.go +++ b/pkg/database/dao/expression.go @@ -148,20 +148,14 @@ func (m *expressionManager) selectAuthByPKs(expressions *[]AuthExpression, pks [ } func (m *expressionManager) selectBySignaturesType(expressions *[]Expression, signatures []string, _type int64) error { - query := `SELECT - pk, - type, - expression, - signature - FROM expression - WHERE pk IN ( - SELECT - MIN(pk) + query := `SELECT e.pk, e.type, e.expression, e.signature + FROM expression e + JOIN ( + SELECT MIN(pk) AS min_pk FROM expression - WHERE signature IN (?) - AND type = ? + WHERE signature IN (?) AND type = ? GROUP BY signature - )` + ) subquery ON e.pk = subquery.min_pk` return database.SqlxSelect(m.DB, expressions, query, signatures, _type) } diff --git a/pkg/database/dao/expression_test.go b/pkg/database/dao/expression_test.go index 502ed87d..51a90cfe 100644 --- a/pkg/database/dao/expression_test.go +++ b/pkg/database/dao/expression_test.go @@ -141,7 +141,7 @@ func Test_expressionManager_ListDistinctBySignaturesType(t *testing.T) { Signature: "test2", }, } - mockQuery := `^SELECT pk, type, expression, signature FROM expression WHERE pk IN` + mockQuery := `^SELECT e.pk, e.type, e.expression, e.signature FROM expression e` mockRows := database.NewMockRows(mock, mockData...) mock.ExpectQuery(mockQuery).WithArgs("a", "b", int64(1)).WillReturnRows(mockRows) diff --git a/pkg/database/dao/group_resource_policy.go b/pkg/database/dao/group_resource_policy.go index 647c2dba..1f6e44a0 100644 --- a/pkg/database/dao/group_resource_policy.go +++ b/pkg/database/dao/group_resource_policy.go @@ -216,6 +216,10 @@ func (m *groupResourcePolicyManager) BulkDeleteByGroupPKsWithTx( tx *sqlx.Tx, groupPKs []int64, ) error { + if len(groupPKs) == 0 { + return nil + } + sql := `DELETE FROM rbac_group_resource_policy WHERE group_pk IN (?)` return database.SqlxDeleteWithTx(tx, sql, groupPKs) } diff --git a/pkg/database/dao/mock/subject_group.go b/pkg/database/dao/mock/subject_group.go index 25405af0..154d6eac 100644 --- a/pkg/database/dao/mock/subject_group.go +++ b/pkg/database/dao/mock/subject_group.go @@ -64,32 +64,32 @@ func (mr *MockSubjectGroupManagerMockRecorder) BulkDeleteByGroupMembersWithTx(tx return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "BulkDeleteByGroupMembersWithTx", reflect.TypeOf((*MockSubjectGroupManager)(nil).BulkDeleteByGroupMembersWithTx), tx, groupPK, subjectPKs) } -// BulkDeleteByGroupPKs mocks base method. -func (m *MockSubjectGroupManager) BulkDeleteByGroupPKs(tx *sqlx.Tx, groupPKs []int64) error { +// BulkDeleteByGroupPKsWithTx mocks base method. +func (m *MockSubjectGroupManager) BulkDeleteByGroupPKsWithTx(tx *sqlx.Tx, groupPKs []int64) error { m.ctrl.T.Helper() - ret := m.ctrl.Call(m, "BulkDeleteByGroupPKs", tx, groupPKs) + ret := m.ctrl.Call(m, "BulkDeleteByGroupPKsWithTx", tx, groupPKs) ret0, _ := ret[0].(error) return ret0 } -// BulkDeleteByGroupPKs indicates an expected call of BulkDeleteByGroupPKs. -func (mr *MockSubjectGroupManagerMockRecorder) BulkDeleteByGroupPKs(tx, groupPKs interface{}) *gomock.Call { +// BulkDeleteByGroupPKsWithTx indicates an expected call of BulkDeleteByGroupPKsWithTx. +func (mr *MockSubjectGroupManagerMockRecorder) BulkDeleteByGroupPKsWithTx(tx, groupPKs interface{}) *gomock.Call { mr.mock.ctrl.T.Helper() - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "BulkDeleteByGroupPKs", reflect.TypeOf((*MockSubjectGroupManager)(nil).BulkDeleteByGroupPKs), tx, groupPKs) + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "BulkDeleteByGroupPKsWithTx", reflect.TypeOf((*MockSubjectGroupManager)(nil).BulkDeleteByGroupPKsWithTx), tx, groupPKs) } -// BulkDeleteBySubjectPKs mocks base method. -func (m *MockSubjectGroupManager) BulkDeleteBySubjectPKs(tx *sqlx.Tx, subjectPKs []int64) error { +// BulkDeleteBySubjectPKsWithTx mocks base method. +func (m *MockSubjectGroupManager) BulkDeleteBySubjectPKsWithTx(tx *sqlx.Tx, subjectPKs []int64) error { m.ctrl.T.Helper() - ret := m.ctrl.Call(m, "BulkDeleteBySubjectPKs", tx, subjectPKs) + ret := m.ctrl.Call(m, "BulkDeleteBySubjectPKsWithTx", tx, subjectPKs) ret0, _ := ret[0].(error) return ret0 } -// BulkDeleteBySubjectPKs indicates an expected call of BulkDeleteBySubjectPKs. -func (mr *MockSubjectGroupManagerMockRecorder) BulkDeleteBySubjectPKs(tx, subjectPKs interface{}) *gomock.Call { +// BulkDeleteBySubjectPKsWithTx indicates an expected call of BulkDeleteBySubjectPKsWithTx. +func (mr *MockSubjectGroupManagerMockRecorder) BulkDeleteBySubjectPKsWithTx(tx, subjectPKs interface{}) *gomock.Call { mr.mock.ctrl.T.Helper() - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "BulkDeleteBySubjectPKs", reflect.TypeOf((*MockSubjectGroupManager)(nil).BulkDeleteBySubjectPKs), tx, subjectPKs) + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "BulkDeleteBySubjectPKsWithTx", reflect.TypeOf((*MockSubjectGroupManager)(nil).BulkDeleteBySubjectPKsWithTx), tx, subjectPKs) } // BulkUpdateExpiredAtWithTx mocks base method. diff --git a/pkg/database/dao/mock/subject_template_group.go b/pkg/database/dao/mock/subject_template_group.go index d9d8ce65..f9ca1159 100644 --- a/pkg/database/dao/mock/subject_template_group.go +++ b/pkg/database/dao/mock/subject_template_group.go @@ -49,6 +49,20 @@ func (mr *MockSubjectTemplateGroupManagerMockRecorder) BulkCreateWithTx(tx, rela return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "BulkCreateWithTx", reflect.TypeOf((*MockSubjectTemplateGroupManager)(nil).BulkCreateWithTx), tx, relations) } +// BulkDeleteBySubjectPKsWithTx mocks base method. +func (m *MockSubjectTemplateGroupManager) BulkDeleteBySubjectPKsWithTx(tx *sqlx.Tx, subjectPKs []int64) error { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "BulkDeleteBySubjectPKsWithTx", tx, subjectPKs) + ret0, _ := ret[0].(error) + return ret0 +} + +// BulkDeleteBySubjectPKsWithTx indicates an expected call of BulkDeleteBySubjectPKsWithTx. +func (mr *MockSubjectTemplateGroupManagerMockRecorder) BulkDeleteBySubjectPKsWithTx(tx, subjectPKs interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "BulkDeleteBySubjectPKsWithTx", reflect.TypeOf((*MockSubjectTemplateGroupManager)(nil).BulkDeleteBySubjectPKsWithTx), tx, subjectPKs) +} + // BulkDeleteWithTx mocks base method. func (m *MockSubjectTemplateGroupManager) BulkDeleteWithTx(tx *sqlx.Tx, relations []dao.SubjectTemplateGroup) error { m.ctrl.T.Helper() diff --git a/pkg/database/dao/subject_group.go b/pkg/database/dao/subject_group.go index ea8524e1..5efbab4b 100644 --- a/pkg/database/dao/subject_group.go +++ b/pkg/database/dao/subject_group.go @@ -68,8 +68,8 @@ type SubjectGroupManager interface { FilterGroupPKsHasMemberBeforeExpiredAt(groupPKs []int64, expiredAt int64) ([]int64, error) BulkCreateWithTx(tx *sqlx.Tx, relations []SubjectRelation) error - BulkDeleteBySubjectPKs(tx *sqlx.Tx, subjectPKs []int64) error - BulkDeleteByGroupPKs(tx *sqlx.Tx, groupPKs []int64) error + BulkDeleteBySubjectPKsWithTx(tx *sqlx.Tx, subjectPKs []int64) error + BulkDeleteByGroupPKsWithTx(tx *sqlx.Tx, groupPKs []int64) error BulkUpdateExpiredAtWithTx(tx *sqlx.Tx, relations []SubjectRelation) error ListGroupMember(groupPK int64) ([]SubjectRelation, error) @@ -352,16 +352,16 @@ func (m *subjectGroupManager) BulkCreateWithTx(tx *sqlx.Tx, relations []SubjectR return m.bulkInsertWithTx(tx, relations) } -// BulkDeleteBySubjectPKs ... -func (m *subjectGroupManager) BulkDeleteBySubjectPKs(tx *sqlx.Tx, subjectPKs []int64) error { +// BulkDeleteBySubjectPKsWithTx ... +func (m *subjectGroupManager) BulkDeleteBySubjectPKsWithTx(tx *sqlx.Tx, subjectPKs []int64) error { if len(subjectPKs) == 0 { return nil } return m.bulkDeleteBySubjectPKs(tx, subjectPKs) } -// BulkDeleteByGroupPKs ... -func (m *subjectGroupManager) BulkDeleteByGroupPKs(tx *sqlx.Tx, groupPKs []int64) error { +// BulkDeleteByGroupPKsWithTx ... +func (m *subjectGroupManager) BulkDeleteByGroupPKsWithTx(tx *sqlx.Tx, groupPKs []int64) error { if len(groupPKs) == 0 { return nil } diff --git a/pkg/database/dao/subject_template_group.go b/pkg/database/dao/subject_template_group.go index 6961ccdc..315f9f67 100644 --- a/pkg/database/dao/subject_template_group.go +++ b/pkg/database/dao/subject_template_group.go @@ -34,6 +34,7 @@ type SubjectTemplateGroup struct { type SubjectTemplateGroupManager interface { GetTemplateGroupMemberCount(groupPK, templateID int64) (int64, error) + GetMaxExpiredAtBySubjectGroup(subjectPK, groupPK int64, excludeTemplateID int64) (int64, error) ListPagingTemplateGroupMember( groupPK, templateID int64, limit, offset int64, @@ -46,7 +47,7 @@ type SubjectTemplateGroupManager interface { BulkUpdateExpiredAtWithTx(tx *sqlx.Tx, relations []SubjectTemplateGroup) error BulkUpdateExpiredAtByRelationWithTx(tx *sqlx.Tx, relations []SubjectRelation) error BulkDeleteWithTx(tx *sqlx.Tx, relations []SubjectTemplateGroup) error - GetMaxExpiredAtBySubjectGroup(subjectPK, groupPK int64, excludeTemplateID int64) (int64, error) + BulkDeleteBySubjectPKsWithTx(tx *sqlx.Tx, subjectPKs []int64) error } type subjectTemplateGroupManager struct { @@ -235,3 +236,13 @@ func (m *subjectTemplateGroupManager) ListThinRelationWithMaxExpiredAtByGroupPK( return relations, err } + +func (m *subjectTemplateGroupManager) BulkDeleteBySubjectPKsWithTx(tx *sqlx.Tx, subjectPKs []int64) error { + if len(subjectPKs) == 0 { + return nil + } + + sql := `DELETE FROM subject_template_group + WHERE subject_pk in (?)` + return database.SqlxDeleteWithTx(tx, sql, subjectPKs) +} diff --git a/pkg/service/group.go b/pkg/service/group.go index 2eb775c9..dfa3716f 100644 --- a/pkg/service/group.go +++ b/pkg/service/group.go @@ -879,7 +879,7 @@ func (l *groupService) BulkDeleteByGroupPKsWithTx(tx *sqlx.Tx, groupPKs []int64) errorWrapf := errorx.NewLayerFunctionErrorWrapf(GroupSVC, "BulkDeleteByGroupPKsWithTx") // 批量用户组删除成员关系 subjectRelation - err := l.manager.BulkDeleteByGroupPKs(tx, groupPKs) + err := l.manager.BulkDeleteByGroupPKsWithTx(tx, groupPKs) if err != nil { return errorWrapf( err, "manager.BulkDeleteByGroupPKs group_pks=`%+v` fail", groupPKs) @@ -893,12 +893,22 @@ func (l *groupService) BulkDeleteBySubjectPKsWithTx(tx *sqlx.Tx, subjectPKs []in errorWrapf := errorx.NewLayerFunctionErrorWrapf(GroupSVC, "BulkDeleteBySubjectPKsWithTx") // 批量其加入的用户组关系 subjectRelation - err := l.manager.BulkDeleteBySubjectPKs(tx, subjectPKs) + err := l.manager.BulkDeleteBySubjectPKsWithTx(tx, subjectPKs) if err != nil { return errorWrapf( err, "manager.BulkDeleteBySubjectPKs subject_pks=`%+v` fail", subjectPKs) } + // 批量删除subject template group + err = l.subjectTemplateGroupManager.BulkDeleteBySubjectPKsWithTx(tx, subjectPKs) + if err != nil { + return errorWrapf( + err, + "subjectTemplateGroupManager.BulkDeleteBySubjectPKsWithTx subjectPKs=`%+v` fail", + subjectPKs, + ) + } + // 批量删除用户的subject system group err = l.subjectSystemGroupManager.DeleteBySubjectPKsWithTx(tx, subjectPKs) if err != nil { diff --git a/pkg/service/group_test.go b/pkg/service/group_test.go index 77e7e47e..f05a28e7 100644 --- a/pkg/service/group_test.go +++ b/pkg/service/group_test.go @@ -81,7 +81,7 @@ var _ = Describe("GroupService", func() { It("manager.BulkDeleteBySubjectPKs fail", func() { mockSubjectService := mock.NewMockSubjectGroupManager(ctl) - mockSubjectService.EXPECT().BulkDeleteBySubjectPKs(gomock.Any(), []int64{1, 2}).Return( + mockSubjectService.EXPECT().BulkDeleteBySubjectPKsWithTx(gomock.Any(), []int64{1, 2}).Return( errors.New("error"), ).AnyTimes() @@ -94,10 +94,37 @@ var _ = Describe("GroupService", func() { assert.Contains(GinkgoT(), err.Error(), "BulkDeleteBySubjectPKs") }) + It("manager.BulkDeleteBySubjectPKs fail", func() { + mockSubjectService := mock.NewMockSubjectGroupManager(ctl) + + mockSubjectService.EXPECT().BulkDeleteBySubjectPKsWithTx(gomock.Any(), []int64{1, 2}).Return( + nil, + ).AnyTimes() + + mockSubjectTemplateGroupService := mock.NewMockSubjectTemplateGroupManager(ctl) + mockSubjectTemplateGroupService.EXPECT().BulkDeleteBySubjectPKsWithTx(gomock.Any(), []int64{1, 2}).Return( + errors.New("error"), + ).AnyTimes() + + manager := &groupService{ + manager: mockSubjectService, + subjectTemplateGroupManager: mockSubjectTemplateGroupService, + } + + err := manager.BulkDeleteBySubjectPKsWithTx(nil, []int64{1, 2}) + assert.Error(GinkgoT(), err) + assert.Contains(GinkgoT(), err.Error(), "subjectTemplateGroupManager.BulkDeleteBySubjectPKsWithTx") + }) + It("subjectSystemGroupManager.DeleteBySubjectPKsWithTx fail", func() { mockSubjectService := mock.NewMockSubjectGroupManager(ctl) - mockSubjectService.EXPECT().BulkDeleteBySubjectPKs(gomock.Any(), []int64{1, 2}).Return( + mockSubjectService.EXPECT().BulkDeleteBySubjectPKsWithTx(gomock.Any(), []int64{1, 2}).Return( + nil, + ).AnyTimes() + + mockSubjectTemplateGroupService := mock.NewMockSubjectTemplateGroupManager(ctl) + mockSubjectTemplateGroupService.EXPECT().BulkDeleteBySubjectPKsWithTx(gomock.Any(), []int64{1, 2}).Return( nil, ).AnyTimes() @@ -107,8 +134,9 @@ var _ = Describe("GroupService", func() { ).AnyTimes() manager := &groupService{ - manager: mockSubjectService, - subjectSystemGroupManager: mockSubjectSystemGroupService, + manager: mockSubjectService, + subjectSystemGroupManager: mockSubjectSystemGroupService, + subjectTemplateGroupManager: mockSubjectTemplateGroupService, } err := manager.BulkDeleteBySubjectPKsWithTx(nil, []int64{1, 2}) @@ -119,7 +147,12 @@ var _ = Describe("GroupService", func() { It("ok", func() { mockSubjectService := mock.NewMockSubjectGroupManager(ctl) - mockSubjectService.EXPECT().BulkDeleteBySubjectPKs(gomock.Any(), []int64{1, 2}).Return( + mockSubjectService.EXPECT().BulkDeleteBySubjectPKsWithTx(gomock.Any(), []int64{1, 2}).Return( + nil, + ).AnyTimes() + + mockSubjectTemplateGroupService := mock.NewMockSubjectTemplateGroupManager(ctl) + mockSubjectTemplateGroupService.EXPECT().BulkDeleteBySubjectPKsWithTx(gomock.Any(), []int64{1, 2}).Return( nil, ).AnyTimes() @@ -129,8 +162,9 @@ var _ = Describe("GroupService", func() { ).AnyTimes() manager := &groupService{ - manager: mockSubjectService, - subjectSystemGroupManager: mockSubjectSystemGroupService, + manager: mockSubjectService, + subjectSystemGroupManager: mockSubjectSystemGroupService, + subjectTemplateGroupManager: mockSubjectTemplateGroupService, } err := manager.BulkDeleteBySubjectPKsWithTx(nil, []int64{1, 2}) diff --git a/release.md b/release.md index 10fdc614..80788a28 100644 --- a/release.md +++ b/release.md @@ -1,3 +1,27 @@ +# 1.12.12 + +- add: add default sensitivity level query +- update: optimize SQL for expression queries + +# 1.12.11 + +- add: subject template group api +- add: instace:paste select mod +- update: update requirements version + +# 1.12.10 + +- update: feat: add subject cache batch get + +# 1.12.9 + +- update: update policy list order + +# 1.12.8 + +- update: user subject local cache replace subject cache +- bugfix: action update with hidden + # 1.12.7 - bugfix: delete unreferenced expression