diff --git a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/ServiceGroupResource.kt b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/ServiceGroupResource.kt deleted file mode 100644 index 440ecb2523be..000000000000 --- a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/ServiceGroupResource.kt +++ /dev/null @@ -1,77 +0,0 @@ -/* - * Tencent is pleased to support the open source community by making BK-CI 蓝鲸持续集成平台 available. - * - * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. - * - * BK-CI 蓝鲸持续集成平台 is licensed under the MIT license. - * - * A copy of the MIT License is included in this file. - * - * - * Terms of the MIT License: - * --------------------------------------------------- - * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated - * documentation files (the "Software"), to deal in the Software without restriction, including without limitation the - * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to - * permit persons to whom the Software is furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in all copies or substantial portions of - * the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT - * LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN - * NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, - * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE - * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - */ - -package com.tencent.devops.auth.api - -import com.tencent.devops.auth.pojo.dto.GroupDTO -import com.tencent.devops.common.api.auth.AUTH_HEADER_USER_ID -import com.tencent.devops.common.api.pojo.Result -import io.swagger.v3.oas.annotations.tags.Tag -import io.swagger.v3.oas.annotations.Operation -import io.swagger.v3.oas.annotations.Parameter -import javax.ws.rs.Consumes -import javax.ws.rs.HeaderParam -import javax.ws.rs.POST -import javax.ws.rs.Path -import javax.ws.rs.PathParam -import javax.ws.rs.Produces -import javax.ws.rs.core.MediaType - -@Tag(name = "AUTH_GROUP", description = "权限-用户组") -@Path("/service/auth/group") -@Produces(MediaType.APPLICATION_JSON) -@Consumes(MediaType.APPLICATION_JSON) -interface ServiceGroupResource { - - @POST - @Path("/projectCodes/{projectCode}/") - @Operation(summary = "项目下添加指定组") - fun createGroup( - @Parameter(description = "用户名", required = true) - @HeaderParam(AUTH_HEADER_USER_ID) - userId: String, - @Parameter(description = "项目标识", required = true) - @PathParam("projectCode") - projectCode: String, - @Parameter(description = "用户组信息", required = true) - groupInfo: GroupDTO - ): Result - - @POST - @Path("/projectCodes/{projectCode}/batchCreate") - @Operation(summary = "项目下添加指定组") - fun batchCreateGroup( - @Parameter(description = "用户名", required = true) - @HeaderParam(AUTH_HEADER_USER_ID) - userId: String, - @Parameter(description = "项目标识", required = true) - @PathParam("projectCode") - projectCode: String, - @Parameter(description = "用户组信息", required = true) - groupInfos: List - ): Result -} diff --git a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/ServiceUserGroupResource.kt b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/ServiceUserGroupResource.kt deleted file mode 100644 index a297c2c1c29b..000000000000 --- a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/ServiceUserGroupResource.kt +++ /dev/null @@ -1,59 +0,0 @@ -/* - * Tencent is pleased to support the open source community by making BK-CI 蓝鲸持续集成平台 available. - * - * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. - * - * BK-CI 蓝鲸持续集成平台 is licensed under the MIT license. - * - * A copy of the MIT License is included in this file. - * - * - * Terms of the MIT License: - * --------------------------------------------------- - * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated - * documentation files (the "Software"), to deal in the Software without restriction, including without limitation the - * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to - * permit persons to whom the Software is furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in all copies or substantial portions of - * the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT - * LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN - * NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, - * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE - * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - */ - -package com.tencent.devops.auth.api - -import com.tencent.devops.common.api.auth.AUTH_HEADER_USER_ID -import com.tencent.devops.common.api.pojo.Result -import io.swagger.v3.oas.annotations.tags.Tag -import io.swagger.v3.oas.annotations.Operation -import io.swagger.v3.oas.annotations.Parameter -import javax.ws.rs.Consumes -import javax.ws.rs.POST -import javax.ws.rs.Path -import javax.ws.rs.PathParam -import javax.ws.rs.Produces -import javax.ws.rs.core.MediaType - -@Tag(name = "AUTH_USER_GROUP", description = "权限-用户-用户组") -@Path("/service/auth/userGroup") -@Produces(MediaType.APPLICATION_JSON) -@Consumes(MediaType.APPLICATION_JSON) -interface ServiceUserGroupResource { - - @POST - @Path("/users/{userId}/groupIds/{groupId}") - @Operation(summary = "添加用户到指定组") - fun addUser2Group( - @Parameter(description = "用户名", required = true) - @PathParam(AUTH_HEADER_USER_ID) - userId: String, - @Parameter(description = "用户组Id", required = true) - @PathParam("groupId") - groupId: Int - ): Result -} diff --git a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/callback/OpCallBackResource.kt b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/op/OpCallBackResource.kt similarity index 98% rename from src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/callback/OpCallBackResource.kt rename to src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/op/OpCallBackResource.kt index 363eecb272f0..26167b0f38b8 100644 --- a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/callback/OpCallBackResource.kt +++ b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/op/OpCallBackResource.kt @@ -25,7 +25,7 @@ * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ -package com.tencent.devops.auth.api.callback +package com.tencent.devops.auth.api.op import com.tencent.devops.auth.pojo.IamCallBackInfo import com.tencent.devops.auth.pojo.IamCallBackInterfaceDTO diff --git a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/open/OpenPermissionAuthResource.kt b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/open/OpenPermissionAuthResource.kt new file mode 100644 index 000000000000..9ccfe984daef --- /dev/null +++ b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/open/OpenPermissionAuthResource.kt @@ -0,0 +1,374 @@ +/* + * Tencent is pleased to support the open source community by making BK-CI 蓝鲸持续集成平台 available. + * + * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. + * + * BK-CI 蓝鲸持续集成平台 is licensed under the MIT license. + * + * A copy of the MIT License is included in this file. + * + * + * Terms of the MIT License: + * --------------------------------------------------- + * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated + * documentation files (the "Software"), to deal in the Software without restriction, including without limitation the + * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all copies or substantial portions of + * the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT + * LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN + * NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, + * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + */ + +package com.tencent.devops.auth.api.open + +import com.tencent.devops.common.api.auth.AUTH_HEADER_DEVOPS_BK_TOKEN +import com.tencent.devops.common.api.auth.AUTH_HEADER_DEVOPS_USER_ID +import com.tencent.devops.common.api.auth.AUTH_HEADER_GIT_TYPE +import com.tencent.devops.common.api.pojo.Result +import com.tencent.devops.common.auth.api.AuthPermission +import com.tencent.devops.common.auth.api.pojo.AuthResourceInstance +import io.swagger.v3.oas.annotations.Operation +import io.swagger.v3.oas.annotations.Parameter +import io.swagger.v3.oas.annotations.tags.Tag +import javax.ws.rs.Consumes +import javax.ws.rs.DELETE +import javax.ws.rs.GET +import javax.ws.rs.HeaderParam +import javax.ws.rs.POST +import javax.ws.rs.PUT +import javax.ws.rs.Path +import javax.ws.rs.PathParam +import javax.ws.rs.Produces +import javax.ws.rs.QueryParam +import javax.ws.rs.core.MediaType + +@Tag(name = "AUTH_OPEN_PERMISSION", description = "权限--权限校验以及资源操作相关接口") +@Path("/open/service/auth/permission") +@Produces(MediaType.APPLICATION_JSON) +@Consumes(MediaType.APPLICATION_JSON) +@SuppressWarnings("LongParameterList") +interface OpenPermissionAuthResource { + + @GET + @Path("/projects/{projectCode}/action/validate") + @Operation(summary = "校验用户是否有具体操作的权限") + fun validateUserActionPermission( + @HeaderParam(AUTH_HEADER_DEVOPS_USER_ID) + @Parameter(description = "待校验用户ID", required = true) + userId: String, + @HeaderParam(AUTH_HEADER_DEVOPS_BK_TOKEN) + @Parameter(description = "认证token", required = true) + token: String, + @HeaderParam(AUTH_HEADER_GIT_TYPE) + @Parameter(description = "系统类型") + type: String? = null, + @QueryParam("action") + @Parameter(description = "资源类型", required = true) + action: String + ): Result + + @GET + @Path("/projects/{projectCode}/resource/validate") + @Operation(summary = "校验用户是否有具体资源的操作权限") + fun validateUserResourcePermission( + @HeaderParam(AUTH_HEADER_DEVOPS_USER_ID) + @Parameter(description = "待校验用户ID", required = true) + userId: String, + @HeaderParam(AUTH_HEADER_DEVOPS_BK_TOKEN) + @Parameter(description = "认证token", required = true) + token: String, + @HeaderParam(AUTH_HEADER_GIT_TYPE) + @Parameter(description = "系统类型") + type: String? = null, + @QueryParam("action") + @Parameter(description = "资源类型", required = true) + action: String, + @QueryParam("projectCode") + @Parameter(description = "项目编码", required = true) + projectCode: String, + // 此处resourceCode实际为resourceType + @QueryParam("resourceCode") + @Parameter(description = "资源类型", required = false) + resourceCode: String? + ): Result + + @GET + @Path("/projects/{projectCode}/relation/validate") + @Operation(summary = "校验用户是否有具体资源实例的操作权限") + fun validateUserResourcePermissionByRelation( + @HeaderParam(AUTH_HEADER_DEVOPS_USER_ID) + @Parameter(description = "待校验用户ID", required = true) + userId: String, + @HeaderParam(AUTH_HEADER_DEVOPS_BK_TOKEN) + @Parameter(description = "认证token", required = true) + token: String, + @HeaderParam(AUTH_HEADER_GIT_TYPE) + @Parameter(description = "系统类型") + type: String? = null, + @QueryParam("action") + @Parameter(description = "action类型", required = true) + action: String, + @PathParam("projectCode") + @Parameter(description = "项目Code", required = true) + projectCode: String, + @QueryParam("resourceCode") + @Parameter(description = "资源code", required = true) + resourceCode: String, + @QueryParam("resourceType") + @Parameter(description = "资源类型", required = true) + resourceType: String, + @QueryParam("relationResourceType") + @Parameter(description = "关联资源,一般为Project", required = false) + relationResourceType: String? = null + ): Result + + @POST + @Path("/projects/{projectCode}/instance/validate") + @Operation(summary = "校验用户是否有具体资源实例的操作权限") + fun validateUserResourcePermissionByInstance( + @HeaderParam(AUTH_HEADER_DEVOPS_USER_ID) + @Parameter(description = "待校验用户ID", required = true) + userId: String, + @HeaderParam(AUTH_HEADER_DEVOPS_BK_TOKEN) + @Parameter(description = "认证token", required = true) + token: String, + @HeaderParam(AUTH_HEADER_GIT_TYPE) + @Parameter(description = "系统类型") + type: String? = null, + @QueryParam("action") + @Parameter(description = "action类型", required = true) + action: String, + @PathParam("projectCode") + @Parameter(description = "项目Code", required = true) + projectCode: String, + resource: AuthResourceInstance + ): Result + + @POST + @Path("/projects/{projectCode}/relation/validate/batch") + @Operation(summary = "批量校验用户是否有具体资源实例的操作权限") + fun batchValidateUserResourcePermissionByRelation( + @HeaderParam(AUTH_HEADER_DEVOPS_USER_ID) + @Parameter(description = "待校验用户ID", required = true) + userId: String, + @HeaderParam(AUTH_HEADER_DEVOPS_BK_TOKEN) + @Parameter(description = "认证token", required = true) + token: String, + @HeaderParam(AUTH_HEADER_GIT_TYPE) + @Parameter(description = "系统类型") + type: String? = null, + @PathParam("projectCode") + @Parameter(description = "项目Code", required = true) + projectCode: String, + @QueryParam("resourceCode") + @Parameter(description = "资源code", required = true) + resourceCode: String, + @QueryParam("resourceType") + @Parameter(description = "资源类型", required = true) + resourceType: String, + @QueryParam("relationResourceType") + @Parameter(description = "关联资源,一般为Project", required = false) + relationResourceType: String? = null, + @Parameter(description = "action类型列表", required = true) + action: List + ): Result + + @GET + @Path("/projects/{projectCode}/action/instanceAndParent") + @Operation(summary = "获取用户所拥有指定权限下的指定类型资源和类型父资源code列表") + fun getUserResourceAndParentByPermission( + @HeaderParam(AUTH_HEADER_DEVOPS_USER_ID) + @Parameter(description = "待校验用户ID", required = true) + userId: String, + @HeaderParam(AUTH_HEADER_DEVOPS_BK_TOKEN) + @Parameter(description = "认证token", required = true) + token: String, + @HeaderParam(AUTH_HEADER_GIT_TYPE) + @Parameter(description = "系统类型") + type: String? = null, + @QueryParam("action") + @Parameter(description = "action类型") + action: String, + @PathParam("projectCode") + @Parameter(description = "项目Code", required = true) + projectCode: String, + @QueryParam("resourceType") + @Parameter(description = "资源类型") + resourceType: String + ): Result>> + + @GET + @Path("/projects/{projectCode}/actions/instance/map") + @Operation(summary = "获取用户某项目下多操作的资源实例列表") + fun getUserResourcesByPermissions( + @HeaderParam(AUTH_HEADER_DEVOPS_USER_ID) + @Parameter(description = "待校验用户ID", required = true) + userId: String, + @HeaderParam(AUTH_HEADER_DEVOPS_BK_TOKEN) + @Parameter(description = "认证token", required = true) + token: String, + @HeaderParam(AUTH_HEADER_GIT_TYPE) + @Parameter(description = "系统类型") + type: String? = null, + @QueryParam("action") + @Parameter(description = "action类型") + action: List, + @PathParam("projectCode") + @Parameter(description = "项目Code", required = true) + projectCode: String, + @QueryParam("resourceType") + @Parameter(description = "资源类型") + resourceType: String + ): Result>> + + @GET + @Path("/projects/{projectCode}/action/instance") + @Operation(summary = "获取用户某项目下指定操作的资源实例列表") + fun getUserResourceByPermission( + @HeaderParam(AUTH_HEADER_DEVOPS_USER_ID) + @Parameter(description = "待校验用户ID", required = true) + userId: String, + @HeaderParam(AUTH_HEADER_DEVOPS_BK_TOKEN) + @Parameter(description = "认证token", required = true) + token: String, + @HeaderParam(AUTH_HEADER_GIT_TYPE) + @Parameter(description = "系统类型") + type: String? = null, + @QueryParam("action") + @Parameter(description = "action类型") + action: String, + @PathParam("projectCode") + @Parameter(description = "项目Code", required = true) + projectCode: String, + @QueryParam("resourceType") + @Parameter(description = "资源类型") + resourceType: String + ): Result> + + @POST + @Path("/projects/{projectCode}/actions/instance/filter") + @Operation(summary = "过滤用户某项目下多操作的资源实例列表") + fun filterUserResourcesByPermissions( + @HeaderParam(AUTH_HEADER_DEVOPS_USER_ID) + @Parameter(description = "待校验用户ID", required = true) + userId: String, + @HeaderParam(AUTH_HEADER_DEVOPS_BK_TOKEN) + @Parameter(description = "认证token", required = true) + token: String, + @HeaderParam(AUTH_HEADER_GIT_TYPE) + @Parameter(description = "系统类型") + type: String? = null, + @QueryParam("action") + @Parameter(description = "action类型") + actions: List, + @PathParam("projectCode") + @Parameter(description = "项目Code", required = true) + projectCode: String, + @QueryParam("resourceType") + @Parameter(description = "资源类型") + resourceType: String, + resources: List + ): Result>> + + @Path("/projects/{projectCode}/create/relation") + @POST + @Operation(summary = "创建权限中心资源") + fun resourceCreateRelation( + @HeaderParam(AUTH_HEADER_DEVOPS_USER_ID) + @Parameter(description = "待校验用户ID", required = true) + userId: String, + @HeaderParam(AUTH_HEADER_DEVOPS_BK_TOKEN) + @Parameter(description = "认证token", required = true) + token: String, + @HeaderParam(AUTH_HEADER_GIT_TYPE) + @Parameter(description = "系统类型") + type: String? = null, + @PathParam("projectCode") + @Parameter(description = "项目Id") + projectCode: String, + @QueryParam("resourceType") + @Parameter(description = "资源类型") + resourceType: String, + @QueryParam("resourceCode") + @Parameter(description = "资源Code") + resourceCode: String, + @QueryParam("resourceName") + @Parameter(description = "资源名称") + resourceName: String + ): Result + + @Path("/projects/{projectCode}/modify/relation") + @PUT + @Operation(summary = "修改权限中心资源") + fun resourceModifyRelation( + @HeaderParam(AUTH_HEADER_DEVOPS_BK_TOKEN) + @Parameter(description = "认证token", required = true) + token: String, + @HeaderParam(AUTH_HEADER_GIT_TYPE) + @Parameter(description = "系统类型") + type: String? = null, + @PathParam("projectCode") + @Parameter(description = "项目Id") + projectCode: String, + @QueryParam("resourceType") + @Parameter(description = "资源类型") + resourceType: String, + @QueryParam("resourceCode") + @Parameter(description = "资源Code") + resourceCode: String, + @QueryParam("resourceName") + @Parameter(description = "资源名称") + resourceName: String + ): Result + + @Path("/projects/{projectCode}/delete/relation") + @DELETE + @Operation(summary = "删除权限中心资源") + fun resourceDeleteRelation( + @HeaderParam(AUTH_HEADER_DEVOPS_BK_TOKEN) + @Parameter(description = "认证token", required = true) + token: String, + @HeaderParam(AUTH_HEADER_GIT_TYPE) + @Parameter(description = "系统类型") + type: String? = null, + @PathParam("projectCode") + @Parameter(description = "项目Id") + projectCode: String, + @QueryParam("resourceType") + @Parameter(description = "资源类型") + resourceType: String, + @QueryParam("resourceCode") + @Parameter(description = "资源Code") + resourceCode: String + ): Result + + @Path("/projects/{projectCode}/cancel/relation") + @PUT + @Operation(summary = "取消权限中心资源") + fun resourceCancelRelation( + @HeaderParam(AUTH_HEADER_DEVOPS_USER_ID) + @Parameter(description = "操作用户ID", required = true) + userId: String, + @HeaderParam(AUTH_HEADER_DEVOPS_BK_TOKEN) + @Parameter(description = "认证token", required = true) + token: String, + @HeaderParam(AUTH_HEADER_GIT_TYPE) + @Parameter(description = "系统类型") + type: String? = null, + @PathParam("projectCode") + @Parameter(description = "项目Id") + projectCode: String, + @QueryParam("resourceType") + @Parameter(description = "资源类型") + resourceType: String, + @QueryParam("resourceCode") + @Parameter(description = "资源Code") + resourceCode: String + ): Result +} diff --git a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/open/OpenProjectAuthResource.kt b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/open/OpenProjectAuthResource.kt new file mode 100644 index 000000000000..f0e9bc380701 --- /dev/null +++ b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/open/OpenProjectAuthResource.kt @@ -0,0 +1,250 @@ +/* + * Tencent is pleased to support the open source community by making BK-CI 蓝鲸持续集成平台 available. + * + * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. + * + * BK-CI 蓝鲸持续集成平台 is licensed under the MIT license. + * + * A copy of the MIT License is included in this file. + * + * + * Terms of the MIT License: + * --------------------------------------------------- + * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated + * documentation files (the "Software"), to deal in the Software without restriction, including without limitation the + * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all copies or substantial portions of + * the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT + * LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN + * NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, + * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + */ + +package com.tencent.devops.auth.api.open + +import com.tencent.devops.auth.pojo.vo.ProjectPermissionInfoVO +import com.tencent.devops.common.api.auth.AUTH_HEADER_DEVOPS_BK_TOKEN +import com.tencent.devops.common.api.auth.AUTH_HEADER_GIT_TYPE +import com.tencent.devops.common.api.auth.AUTH_HEADER_USER_ID +import com.tencent.devops.common.api.pojo.Result +import com.tencent.devops.common.auth.api.pojo.BKAuthProjectRolesResources +import com.tencent.devops.common.auth.api.pojo.BkAuthGroup +import com.tencent.devops.common.auth.api.pojo.BkAuthGroupAndUserList +import io.swagger.v3.oas.annotations.Operation +import io.swagger.v3.oas.annotations.Parameter +import io.swagger.v3.oas.annotations.tags.Tag +import javax.ws.rs.Consumes +import javax.ws.rs.GET +import javax.ws.rs.HeaderParam +import javax.ws.rs.POST +import javax.ws.rs.Path +import javax.ws.rs.PathParam +import javax.ws.rs.Produces +import javax.ws.rs.QueryParam +import javax.ws.rs.core.MediaType + +@Tag(name = "AUTH_SERVICE_PROJECT", description = "权限--项目相关接口") +@Path("/open/service/auth/projects") +@Produces(MediaType.APPLICATION_JSON) +@Consumes(MediaType.APPLICATION_JSON) +interface OpenProjectAuthResource { + @GET + @Path("/{projectCode}/users/byGroup") + @Operation(summary = "获取项目成员 (需要对接的权限中心支持该功能才可以)") + fun getProjectUsers( + @HeaderParam(AUTH_HEADER_DEVOPS_BK_TOKEN) + @Parameter(description = "认证token", required = true) + token: String, + @HeaderParam(AUTH_HEADER_GIT_TYPE) + @Parameter(description = "系统类型") + type: String? = null, + @PathParam("projectCode") + @Parameter(description = "项目Code", required = true) + projectCode: String, + @QueryParam("group") + @Parameter(description = "用户组类型", required = false) + group: BkAuthGroup? = null + ): Result> + + @GET + @Path("/{projectCode}/users") + @Operation(summary = "拉取项目所有成员,并按项目角色组分组成员信息返回") + fun getProjectGroupAndUserList( + @HeaderParam(AUTH_HEADER_DEVOPS_BK_TOKEN) + @Parameter(description = "认证token", required = true) + token: String, + @PathParam("projectCode") + @Parameter(description = "项目Code", required = true) + projectCode: String + ): Result> + + @GET + @Path("/users/{userId}") + @Operation(summary = "获取用户有管理权限的项目Code") + fun getUserProjects( + @HeaderParam(AUTH_HEADER_DEVOPS_BK_TOKEN) + @Parameter(description = "认证token", required = true) + token: String, + @PathParam("userId") + @Parameter(description = "用户userId", required = true) + userId: String + ): Result> + + @GET + @Path("/users/{userId}/{action}") + @Operation(summary = "获取用户有某种项目资源类型权限的项目Code") + fun getUserProjectsByPermission( + @HeaderParam(AUTH_HEADER_DEVOPS_BK_TOKEN) + @Parameter(description = "认证token", required = true) + token: String, + @PathParam("userId") + @Parameter(description = "用户userId", required = true) + userId: String, + @PathParam("action") + @Parameter(description = "项目资源类型action", required = true) + action: String, + @QueryParam("resourceType") + @Parameter(description = "资源类型", required = true) + resourceType: String? = null + ): Result> + + @GET + @Path("/{projectCode}/users/{userId}/isProjectUsers") + @Operation(summary = "判断是否某个项目中某个组角色的成员") + fun isProjectUser( + @HeaderParam(AUTH_HEADER_DEVOPS_BK_TOKEN) + @Parameter(description = "认证token", required = true) + token: String, + @HeaderParam(AUTH_HEADER_GIT_TYPE) + @Parameter(description = "系统类型") + type: String? = null, + @PathParam("userId") + @Parameter(description = "用户Id", required = true) + userId: String, + @PathParam("projectCode") + @Parameter(description = "项目Code", required = true) + projectCode: String, + @QueryParam("group") + @Parameter(description = "用户组类型", required = false) + group: BkAuthGroup? = null + ): Result + + @GET + @Path("/{projectCode}/users/{userId}/checkUserInProjectLevelGroup") + @Operation(summary = "是否该用户在项目级别的组中") + fun checkUserInProjectLevelGroup( + @HeaderParam(AUTH_HEADER_DEVOPS_BK_TOKEN) + @Parameter(description = "认证token", required = true) + token: String, + @HeaderParam(AUTH_HEADER_GIT_TYPE) + @PathParam("userId") + @Parameter(description = "用户Id", required = true) + userId: String, + @PathParam("projectCode") + @Parameter(description = "项目Code", required = true) + projectCode: String + ): Result + + @GET + @Path("/{projectCode}/users/{userId}/checkProjectManager") + @Operation(summary = "判断是否是项目管理员") + fun checkProjectManager( + @HeaderParam(AUTH_HEADER_DEVOPS_BK_TOKEN) + @Parameter(description = "认证token", required = true) + token: String, + @HeaderParam(AUTH_HEADER_GIT_TYPE) + @Parameter(description = "系统类型") + type: String? = null, + @PathParam("userId") + @Parameter(description = "用户Id", required = true) + userId: String, + @PathParam("projectCode") + @Parameter(description = "项目Code", required = true) + projectCode: String + ): Result + + @GET + @Path("/projectIds/{projectId}/checkManager") + @Operation(summary = "判断是否是项目管理员或CI管理员") + fun checkManager( + @HeaderParam(AUTH_HEADER_DEVOPS_BK_TOKEN) + @Parameter(description = "认证token", required = true) + token: String, + @Parameter(description = "用户名", required = true) + @HeaderParam(AUTH_HEADER_USER_ID) + userId: String, + @PathParam("projectId") + @Parameter(description = "项目Id", required = true) + projectId: String + ): Result + + @POST + @Path("/{projectCode}/createUser") + @Operation(summary = "添加单个用户到指定项目指定分组") + fun createProjectUser( + @HeaderParam(AUTH_HEADER_DEVOPS_BK_TOKEN) + @Parameter(description = "认证token", required = true) + token: String, + @QueryParam("userId") + @Parameter(description = "用户Id", required = true) + userId: String, + @PathParam("projectCode") + @Parameter(description = "项目Code", required = true) + projectCode: String, + @QueryParam("roleCode") + @Parameter(description = "用户组Code", required = true) + roleCode: String + ): Result + + @POST + @Path("/{projectCode}/batchCreateProjectUser/{roleCode}") + @Operation(summary = "批量添加用户到指定项目指定分组") + fun batchCreateProjectUser( + @HeaderParam(AUTH_HEADER_DEVOPS_BK_TOKEN) + @Parameter(description = "认证token", required = true) + token: String, + @Parameter(description = "用户名", required = true) + @HeaderParam(AUTH_HEADER_USER_ID) + userId: String, + @Parameter(description = "项目Code", required = true) + @PathParam("projectCode") + projectCode: String, + @Parameter(description = "用户组Code", required = true) + @PathParam("roleCode") + roleCode: String, + @Parameter(description = "添加用户集合", required = true) + members: List + ): Result + + @GET + @Path("/{projectCode}/roles") + @Operation(summary = "获取项目角色") + fun getProjectRoles( + @HeaderParam(AUTH_HEADER_DEVOPS_BK_TOKEN) + @Parameter(description = "认证token", required = true) + token: String, + @PathParam("projectCode") + @Parameter(description = "项目Code", required = true) + projectCode: String, + @QueryParam("projectId") + @Parameter(description = "项目Id", required = true) + projectId: String + ): Result> + + @GET + @Path("/{projectCode}/getProjectPermissionInfo") + @Operation(summary = "获取项目权限信息") + fun getProjectPermissionInfo( + @HeaderParam(AUTH_HEADER_DEVOPS_BK_TOKEN) + @Parameter(description = "认证token", required = true) + token: String, + @PathParam("projectCode") + @Parameter(description = "项目Code", required = true) + projectCode: String + ): Result +} diff --git a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/open/OpenResourceMemberResource.kt b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/open/OpenResourceMemberResource.kt new file mode 100644 index 000000000000..196d3a321a44 --- /dev/null +++ b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/open/OpenResourceMemberResource.kt @@ -0,0 +1,99 @@ +package com.tencent.devops.auth.api.open + +import com.tencent.devops.common.api.auth.AUTH_HEADER_DEVOPS_BK_TOKEN +import com.tencent.devops.common.api.pojo.Result +import com.tencent.devops.common.auth.api.AuthResourceType +import com.tencent.devops.common.auth.api.pojo.BkAuthGroup +import com.tencent.devops.common.auth.api.pojo.BkAuthGroupAndUserList +import com.tencent.devops.project.pojo.ProjectCreateUserInfo +import com.tencent.devops.project.pojo.ProjectDeleteUserInfo +import io.swagger.v3.oas.annotations.Operation +import io.swagger.v3.oas.annotations.Parameter +import io.swagger.v3.oas.annotations.tags.Tag +import javax.ws.rs.Consumes +import javax.ws.rs.DELETE +import javax.ws.rs.GET +import javax.ws.rs.HeaderParam +import javax.ws.rs.POST +import javax.ws.rs.Path +import javax.ws.rs.PathParam +import javax.ws.rs.Produces +import javax.ws.rs.QueryParam +import javax.ws.rs.core.MediaType + +@Tag(name = "AUTH_SERVICE_RESOURCE", description = "权限--资源相关接口") +@Path("/open/service/auth/resource/member") +@Produces(MediaType.APPLICATION_JSON) +@Consumes(MediaType.APPLICATION_JSON) +interface OpenResourceMemberResource { + /** + * @param resourceType 是个枚举类型详见 AuthResourceType + * @see AuthResourceType + */ + @GET + @Path("/{projectCode}/getResourceGroupUsers") + @Operation(summary = "获取特定资源下用户组成员") + fun getResourceGroupMembers( + @HeaderParam(AUTH_HEADER_DEVOPS_BK_TOKEN) + @Parameter(description = "认证token", required = true) + token: String, + @PathParam("projectCode") + @Parameter(description = "项目Code", required = true) + projectCode: String, + @QueryParam("resourceType") + @Parameter(description = "资源类型", required = false) + resourceType: String, + @QueryParam("resourceCode") + @Parameter(description = "资源code", required = false) + resourceCode: String, + @QueryParam("group") + @Parameter(description = "资源用户组类型", required = false) + group: BkAuthGroup? = null + ): Result> + + @GET + @Path("/{projectCode}/getResourceUsers") + @Operation(summary = "拉取资源下所有成员,并按项目角色组分组成员信息返回") + fun getResourceGroupAndMembers( + @HeaderParam(AUTH_HEADER_DEVOPS_BK_TOKEN) + @Parameter(description = "认证token", required = true) + token: String, + @PathParam("projectCode") + @Parameter(description = "项目Code", required = true) + projectCode: String, + @QueryParam("resourceType") + @Parameter(description = "资源类型", required = false) + resourceType: String, + @QueryParam("resourceCode") + @Parameter(description = "资源code", required = false) + resourceCode: String + ): Result> + + @POST + @Path("/{projectCode}/batchAddResourceGroupMembers/") + @Operation(summary = "用户组添加成员") + fun batchAddResourceGroupMembers( + @HeaderParam(AUTH_HEADER_DEVOPS_BK_TOKEN) + @Parameter(description = "认证token", required = true) + token: String, + @PathParam("projectCode") + @Parameter(description = "项目Code", required = true) + projectCode: String, + @Parameter(description = "用户组添加成员请求体", required = true) + projectCreateUserInfo: ProjectCreateUserInfo + ): Result + + @DELETE + @Path("/{projectCode}/batchDeleteResourceGroupMembers/") + @Operation(summary = "用户组删除成员") + fun batchDeleteResourceGroupMembers( + @HeaderParam(AUTH_HEADER_DEVOPS_BK_TOKEN) + @Parameter(description = "认证token", required = true) + token: String, + @PathParam("projectCode") + @Parameter(description = "项目Code", required = true) + projectCode: String, + @Parameter(description = "用户组删除成员请求体", required = true) + projectDeleteUserInfo: ProjectDeleteUserInfo + ): Result +} diff --git a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/service/ServiceGroupStrategyResource.kt b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/service/ServiceGroupStrategyResource.kt deleted file mode 100644 index 76dbfab87d4b..000000000000 --- a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/service/ServiceGroupStrategyResource.kt +++ /dev/null @@ -1,48 +0,0 @@ -/* - * Tencent is pleased to support the open source community by making BK-CI 蓝鲸持续集成平台 available. - * - * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. - * - * BK-CI 蓝鲸持续集成平台 is licensed under the MIT license. - * - * A copy of the MIT License is included in this file. - * - * - * Terms of the MIT License: - * --------------------------------------------------- - * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated - * documentation files (the "Software"), to deal in the Software without restriction, including without limitation the - * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to - * permit persons to whom the Software is furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in all copies or substantial portions of - * the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT - * LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN - * NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, - * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE - * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - */ - -package com.tencent.devops.auth.api.service - -import com.tencent.devops.auth.pojo.StrategyEntity -import io.swagger.v3.oas.annotations.tags.Tag -import io.swagger.v3.oas.annotations.Operation -import javax.ws.rs.Consumes -import javax.ws.rs.GET -import javax.ws.rs.Path -import javax.ws.rs.Produces -import javax.ws.rs.core.MediaType - -@Tag(name = "AUTH_GROUP_STRATEGY", description = "权限-用户-策略") -@Path("/service/auth/strategy") -@Produces(MediaType.APPLICATION_JSON) -@Consumes(MediaType.APPLICATION_JSON) -interface ServiceGroupStrategyResource { - @GET - @Path("/getGroupStrategy") - @Operation(summary = "获取组策略") - fun getGroupStrategy(): List -} diff --git a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/service/ServiceManagerResource.kt b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/service/ServiceManagerResource.kt deleted file mode 100644 index c0353028065f..000000000000 --- a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/service/ServiceManagerResource.kt +++ /dev/null @@ -1,69 +0,0 @@ -/* - * Tencent is pleased to support the open source community by making BK-CI 蓝鲸持续集成平台 available. - * - * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. - * - * BK-CI 蓝鲸持续集成平台 is licensed under the MIT license. - * - * A copy of the MIT License is included in this file. - * - * - * Terms of the MIT License: - * --------------------------------------------------- - * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated - * documentation files (the "Software"), to deal in the Software without restriction, including without limitation the - * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to - * permit persons to whom the Software is furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in all copies or substantial portions of - * the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT - * LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN - * NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, - * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE - * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - */ - -package com.tencent.devops.auth.api.service - -import com.tencent.devops.common.api.auth.AUTH_HEADER_DEVOPS_BK_TOKEN -import com.tencent.devops.common.api.auth.AUTH_HEADER_DEVOPS_USER_ID -import com.tencent.devops.common.api.pojo.Result -import io.swagger.v3.oas.annotations.Parameter -import io.swagger.v3.oas.annotations.tags.Tag -import javax.ws.rs.Consumes -import javax.ws.rs.GET -import javax.ws.rs.HeaderParam -import javax.ws.rs.Path -import javax.ws.rs.PathParam -import javax.ws.rs.Produces -import javax.ws.rs.QueryParam -import javax.ws.rs.core.MediaType - -@Tag(name = "SERVICE_MANAGER", description = "权限校验--超级管理员") -@Path("/open/service/auth/manager") -@Produces(MediaType.APPLICATION_JSON) -@Consumes(MediaType.APPLICATION_JSON) -interface ServiceManagerResource { - - @GET - @Path("/projects/{projectCode}") - fun validateManagerPermission( - @HeaderParam(AUTH_HEADER_DEVOPS_USER_ID) - @Parameter(description = "待校验用户ID", required = true) - userId: String, - @HeaderParam(AUTH_HEADER_DEVOPS_BK_TOKEN) - @Parameter(description = "认证token", required = true) - token: String, - @PathParam("projectCode") - @Parameter(description = "项目编码", required = true) - projectCode: String, - @QueryParam("action") - @Parameter(description = "资源类型", required = true) - action: String, - @QueryParam("resourceCode") - @Parameter(description = "资源编码", required = false) - resourceCode: String - ): Result -} diff --git a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/service/ServicePermissionAuthResource.kt b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/service/ServicePermissionAuthResource.kt index 6b7fbc569cd4..bcb816ef5629 100644 --- a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/service/ServicePermissionAuthResource.kt +++ b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/service/ServicePermissionAuthResource.kt @@ -27,7 +27,6 @@ package com.tencent.devops.auth.api.service -import com.tencent.devops.auth.pojo.dto.GrantInstanceDTO import com.tencent.devops.common.api.auth.AUTH_HEADER_DEVOPS_BK_TOKEN import com.tencent.devops.common.api.auth.AUTH_HEADER_DEVOPS_USER_ID import com.tencent.devops.common.api.auth.AUTH_HEADER_GIT_TYPE @@ -50,7 +49,7 @@ import javax.ws.rs.QueryParam import javax.ws.rs.core.MediaType @Tag(name = "AUTH_SERVICE_PERMISSION", description = "权限--权限校验以及资源操作相关接口") -@Path("/open/service/auth/permission") +@Path("/service/auth/permission") @Produces(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON) @SuppressWarnings("LongParameterList") @@ -372,20 +371,4 @@ interface ServicePermissionAuthResource { @Parameter(description = "资源Code") resourceCode: String ): Result - - @Path("/projects/{projectCode}/grant") - @POST - @Operation(summary = "授权实例级别权限") - fun grantInstancePermission( - @HeaderParam(AUTH_HEADER_DEVOPS_USER_ID) - @Parameter(description = "操作用户ID", required = true) - userId: String, - @HeaderParam(AUTH_HEADER_DEVOPS_BK_TOKEN) - @Parameter(description = "认证token", required = true) - token: String, - @PathParam("projectCode") - @Parameter(description = "项目Id") - projectCode: String, - grantInstance: GrantInstanceDTO - ): Result } diff --git a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/service/ServiceProjectAuthResource.kt b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/service/ServiceProjectAuthResource.kt index 2b12f32d9157..31fc7fdb84c6 100644 --- a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/service/ServiceProjectAuthResource.kt +++ b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/service/ServiceProjectAuthResource.kt @@ -49,7 +49,7 @@ import javax.ws.rs.QueryParam import javax.ws.rs.core.MediaType @Tag(name = "AUTH_SERVICE_PROJECT", description = "权限--项目相关接口") -@Path("/open/service/auth/projects") +@Path("/service/auth/projects") @Produces(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON) interface ServiceProjectAuthResource { diff --git a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/service/ServiceResourceGroupResource.kt b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/service/ServiceResourceGroupResource.kt index 22867da08a64..c5fd9ed32b69 100644 --- a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/service/ServiceResourceGroupResource.kt +++ b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/service/ServiceResourceGroupResource.kt @@ -2,8 +2,11 @@ package com.tencent.devops.auth.api.service import com.tencent.devops.auth.pojo.dto.GroupAddDTO import com.tencent.devops.auth.pojo.request.CustomGroupCreateReq +import com.tencent.devops.auth.pojo.vo.GroupDetailsInfoVo import com.tencent.devops.auth.pojo.vo.GroupPermissionDetailVo import com.tencent.devops.common.api.annotation.BkInterfaceI18n +import com.tencent.devops.common.api.auth.AUTH_HEADER_USER_ID +import com.tencent.devops.common.api.model.SQLPage import com.tencent.devops.common.api.pojo.Result import com.tencent.devops.common.auth.api.pojo.BkAuthGroup import io.swagger.v3.oas.annotations.Operation @@ -12,6 +15,7 @@ import io.swagger.v3.oas.annotations.tags.Tag import javax.ws.rs.Consumes import javax.ws.rs.DELETE import javax.ws.rs.GET +import javax.ws.rs.HeaderParam import javax.ws.rs.POST import javax.ws.rs.Path import javax.ws.rs.PathParam @@ -37,6 +41,48 @@ interface ServiceResourceGroupResource { groupId: Int ): Result>> + @GET + @Path("/{projectCode}/{resourceType}/getMemberGroupsDetails") + @Operation(summary = "获取项目成员有权限的用户组详情") + fun getMemberGroupsDetails( + @Parameter(description = "用户名", required = true) + @HeaderParam(AUTH_HEADER_USER_ID) + userId: String, + @Parameter(description = "项目ID", required = true) + @PathParam("projectCode") + projectCode: String, + @Parameter(description = "资源类型") + @PathParam("resourceType") + resourceType: String, + @QueryParam("memberId") + @Parameter(description = "组织ID/成员ID") + memberId: String, + @QueryParam("groupName") + @Parameter(description = "用户组名称") + groupName: String?, + @QueryParam("minExpiredAt") + @Parameter(description = "最小过期时间") + minExpiredAt: Long?, + @QueryParam("maxExpiredAt") + @Parameter(description = "最大过期时间") + maxExpiredAt: Long?, + @QueryParam("relatedResourceType") + @Parameter(description = "资源类型") + relatedResourceType: String?, + @QueryParam("relatedResourceCode") + @Parameter(description = "资源ID") + relatedResourceCode: String?, + @QueryParam("action") + @Parameter(description = "操作") + action: String?, + @Parameter(description = "起始位置,从0开始") + @QueryParam("start") + start: Int?, + @Parameter(description = "每页多少条") + @QueryParam("limit") + limit: Int? + ): Result> + @POST @Path("/{projectCode}/createGroupByGroupCode/") @Operation(summary = "根据groupCode添加用户组") diff --git a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/service/ServiceResourceMemberResource.kt b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/service/ServiceResourceMemberResource.kt index 67c65238e089..f7e3b61387ac 100644 --- a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/service/ServiceResourceMemberResource.kt +++ b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/service/ServiceResourceMemberResource.kt @@ -1,6 +1,8 @@ package com.tencent.devops.auth.api.service +import com.tencent.devops.auth.pojo.request.GroupMemberSingleRenewalReq import com.tencent.devops.common.api.auth.AUTH_HEADER_DEVOPS_BK_TOKEN +import com.tencent.devops.common.api.auth.AUTH_HEADER_USER_ID import com.tencent.devops.common.api.pojo.Result import com.tencent.devops.common.auth.api.AuthResourceType import com.tencent.devops.common.auth.api.pojo.BkAuthGroup @@ -15,6 +17,7 @@ import javax.ws.rs.DELETE import javax.ws.rs.GET import javax.ws.rs.HeaderParam import javax.ws.rs.POST +import javax.ws.rs.PUT import javax.ws.rs.Path import javax.ws.rs.PathParam import javax.ws.rs.Produces @@ -22,7 +25,7 @@ import javax.ws.rs.QueryParam import javax.ws.rs.core.MediaType @Tag(name = "AUTH_SERVICE_RESOURCE", description = "权限--资源相关接口") -@Path("/open/service/auth/resource/member") +@Path("/service/auth/resource/member") @Produces(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON) interface ServiceResourceMemberResource { @@ -96,4 +99,21 @@ interface ServiceResourceMemberResource { @Parameter(description = "用户组删除成员请求体", required = true) projectDeleteUserInfo: ProjectDeleteUserInfo ): Result + + @PUT + @Path("/{projectCode}/renewal") + @Operation(summary = "续期单个组成员权限--无需进行审批") + fun renewalGroupMember( + @HeaderParam(AUTH_HEADER_DEVOPS_BK_TOKEN) + @Parameter(description = "认证token", required = true) + token: String, + @Parameter(description = "用户名", required = true) + @HeaderParam(AUTH_HEADER_USER_ID) + userId: String, + @Parameter(description = "项目ID", required = true) + @PathParam("projectCode") + projectCode: String, + @Parameter(description = "续期成员请求实体") + renewalConditionReq: GroupMemberSingleRenewalReq + ): Result } diff --git a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/user/UserAuthUrlResource.kt b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/user/UserAuthUrlResource.kt deleted file mode 100644 index 611478b95343..000000000000 --- a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/user/UserAuthUrlResource.kt +++ /dev/null @@ -1,67 +0,0 @@ -/* - * Tencent is pleased to support the open source community by making BK-CI 蓝鲸持续集成平台 available. - * - * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. - * - * BK-CI 蓝鲸持续集成平台 is licensed under the MIT license. - * - * A copy of the MIT License is included in this file. - * - * - * Terms of the MIT License: - * --------------------------------------------------- - * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated - * documentation files (the "Software"), to deal in the Software without restriction, including without limitation the - * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to - * permit persons to whom the Software is furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in all copies or substantial portions of - * the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT - * LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN - * NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, - * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE - * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - */ - -package com.tencent.devops.auth.api.user - -import com.tencent.devops.auth.pojo.PermissionUrlDTO -import com.tencent.devops.common.api.pojo.Result -import io.swagger.v3.oas.annotations.tags.Tag -import io.swagger.v3.oas.annotations.Operation -import io.swagger.v3.oas.annotations.Parameter -import javax.ws.rs.Consumes -import javax.ws.rs.GET -import javax.ws.rs.Path -import javax.ws.rs.Produces -import javax.ws.rs.POST -import javax.ws.rs.QueryParam -import javax.ws.rs.core.MediaType - -@Tag(name = "AUTH_RESOURCE", description = "用户态-权限") -@Path("/user/auth") -@Produces(MediaType.APPLICATION_JSON) -@Consumes(MediaType.APPLICATION_JSON) -interface UserAuthUrlResource { - - @POST - @Path("/permissionUrl") - @Operation(summary = "权限申请重定向Url") - fun permissionUrl( - @Parameter(description = "待申请实例信息") - permissionUrlDTO: List - ): Result - - @GET - @Path("/group/permission/url") - fun getRolePermissionUrl( - @Parameter(description = "待分配权限用户组所属项目") - @QueryParam("projectId") - projectId: String, - @Parameter(description = "用户组Id") - @QueryParam("roleId") - roleId: String? - ): Result -} diff --git a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/user/UserProjectMemberResource.kt b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/user/UserProjectMemberResource.kt index e9e8d73b9c7f..5a106df02959 100644 --- a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/user/UserProjectMemberResource.kt +++ b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/user/UserProjectMemberResource.kt @@ -28,25 +28,17 @@ package com.tencent.devops.auth.api.user -import com.tencent.bk.sdk.iam.constants.ManagerScopesEnum -import com.tencent.bk.sdk.iam.dto.manager.ManagerRoleGroupInfo -import com.tencent.bk.sdk.iam.dto.manager.vo.ManagerGroupMemberVo -import com.tencent.devops.auth.pojo.dto.RoleMemberDTO -import com.tencent.devops.auth.pojo.vo.ProjectMembersVO import com.tencent.devops.common.api.auth.AUTH_HEADER_USER_ID import com.tencent.devops.common.api.pojo.Result -import io.swagger.v3.oas.annotations.tags.Tag import io.swagger.v3.oas.annotations.Operation import io.swagger.v3.oas.annotations.Parameter +import io.swagger.v3.oas.annotations.tags.Tag import javax.ws.rs.Consumes -import javax.ws.rs.DELETE import javax.ws.rs.GET import javax.ws.rs.HeaderParam -import javax.ws.rs.POST import javax.ws.rs.Path import javax.ws.rs.PathParam import javax.ws.rs.Produces -import javax.ws.rs.QueryParam import javax.ws.rs.core.MediaType @Tag(name = "USER_PROJECT_MEMBER", description = "用户组—用户") @@ -54,97 +46,6 @@ import javax.ws.rs.core.MediaType @Produces(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON) interface UserProjectMemberResource { - @POST - @Path("/projectIds/{projectId}/roleIds/{roleId}") - @Operation(summary = "项目下添加指定组组员") - fun createRoleMember( - @Parameter(description = "用户名", required = true) - @HeaderParam(AUTH_HEADER_USER_ID) - userId: String, - @Parameter(description = "项目标识", required = true) - @PathParam("projectId") - projectId: Int, - @Parameter(description = "角色Id", required = true) - @PathParam("roleId") - roleId: Int, - @Parameter(description = "是否为管理员分组", required = true) - @QueryParam("managerGroup") - managerGroup: Boolean, - @Parameter(description = "添加用户集合", required = true) - members: List - ): Result - - @GET - @Path("/projectIds/{projectId}/roleIds/{roleId}") - @Operation(summary = "查询项目下指定用户组用户") - fun getRoleMember( - @Parameter(description = "项目标识", required = true) - @PathParam("projectId") - projectId: Int, - @Parameter(description = "角色Id", required = true) - @PathParam("roleId") - roleId: Int, - @Parameter(description = "页数", required = true) - @QueryParam("path") - page: Int?, - @Parameter(description = "页面大小", required = true) - @QueryParam("pageSize") - pageSize: Int? - ): Result - - @GET - @Path("projectIds/{projectId}/members/all") - @Operation(summary = "获取项目下所有用户") - fun getProjectAllMember( - @Parameter(description = "项目标识", required = true) - @PathParam("projectId") - projectId: Int, - @Parameter(description = "页数", required = true) - @QueryParam("path") - page: Int?, - @Parameter(description = "页面大小", required = true) - @QueryParam("pageSize") - pageSize: Int? - ): Result - - @DELETE - @Path("/projectIds/{projectId}/roleIds/{roleId}") - @Operation(summary = "删除项目下指定用户组用户") - fun deleteRoleMember( - @Parameter(description = "用户名", required = true) - @HeaderParam(AUTH_HEADER_USER_ID) - userId: String, - @Parameter(description = "项目标识", required = true) - @PathParam("projectId") - projectId: Int, - @Parameter(description = "角色Id", required = true) - @PathParam("roleId") - roleId: Int, - @Parameter(description = "是否为管理员分组", required = true) - @QueryParam("managerGroup") - managerGroup: Boolean, - @Parameter(description = "待删除用户或组织Id", required = true) - @QueryParam("id") - members: String, - @Parameter(description = "组员类型 user:单用户, dept:组织", required = true) - @QueryParam("type") - type: ManagerScopesEnum - ): Result - - @GET - @Path("projectIds/{projectId}/user/groups") - @Operation(summary = "获取指定用户指定项目下的用户组") - fun getUserAllGroup( - @Parameter(description = "用户名", required = true) - @HeaderParam(AUTH_HEADER_USER_ID) - userId: String, - @Parameter(description = "项目标识", required = true) - @PathParam("projectId") - projectId: Int, - @Parameter(description = "待搜用户", required = true) - searchUserId: String - ): Result?> - @GET @Path("/projectIds/{projectId}/checkManager") @Operation(summary = "判断是否是项目管理员或CI管理员") diff --git a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/user/UserProjectRoleResource.kt b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/user/UserProjectRoleResource.kt deleted file mode 100644 index a4b27df373d6..000000000000 --- a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/user/UserProjectRoleResource.kt +++ /dev/null @@ -1,136 +0,0 @@ -/* - * Tencent is pleased to support the open source community by making BK-CI 蓝鲸持续集成平台 available. - * - * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. - * - * BK-CI 蓝鲸持续集成平台 is licensed under the MIT license. - * - * A copy of the MIT License is included in this file. - * - * - * Terms of the MIT License: - * --------------------------------------------------- - * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated - * documentation files (the "Software"), to deal in the Software without restriction, including without limitation the - * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to - * permit persons to whom the Software is furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in all copies or substantial portions of - * the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT - * LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN - * NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, - * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE - * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - * - */ - -package com.tencent.devops.auth.api.user - -import com.tencent.devops.auth.pojo.DefaultGroup -import com.tencent.devops.auth.pojo.dto.ProjectRoleDTO -import com.tencent.devops.auth.pojo.vo.GroupInfoVo -import com.tencent.devops.common.api.auth.AUTH_HEADER_USER_ID -import com.tencent.devops.common.api.pojo.Result -import io.swagger.v3.oas.annotations.tags.Tag -import io.swagger.v3.oas.annotations.Operation -import io.swagger.v3.oas.annotations.Parameter -import javax.ws.rs.Consumes -import javax.ws.rs.DELETE -import javax.ws.rs.GET -import javax.ws.rs.HeaderParam -import javax.ws.rs.POST -import javax.ws.rs.PUT -import javax.ws.rs.Path -import javax.ws.rs.PathParam -import javax.ws.rs.Produces -import javax.ws.rs.QueryParam -import javax.ws.rs.core.MediaType - -@Tag(name = "USER_PROJECT_ROLE", description = "项目-用户组") -@Path("/user/project/roles") -@Produces(MediaType.APPLICATION_JSON) -@Consumes(MediaType.APPLICATION_JSON) -interface UserProjectRoleResource { - @POST - @Path("/projectIds/{projectId}/") - @Operation(summary = "项目下添加指定组") - fun createProjectRole( - @Parameter(description = "用户名", required = true) - @HeaderParam(AUTH_HEADER_USER_ID) - userId: String, - @Parameter(description = "项目标识", required = true) - @PathParam("projectId") - projectId: Int, - @Parameter(description = "项目标识", required = true) - @QueryParam("projectCode") - projectCode: String, - @Parameter(description = "用户组信息", required = true) - groupInfo: ProjectRoleDTO - ): Result - - @PUT - @Path("/projectIds/{projectId}/roleIds/{roleId}") - @Operation(summary = "用户组重命名") - fun updateProjectRole( - @Parameter(description = "用户名", required = true) - @HeaderParam(AUTH_HEADER_USER_ID) - userId: String, - @Parameter(description = "项目标识", required = true) - @PathParam("projectId") - projectId: Int, - @Parameter(description = "角色Id", required = true) - @PathParam("roleId") - roleId: Int, - @Parameter(description = "用户组信息", required = true) - groupInfo: ProjectRoleDTO - ): Result - - @GET - @Path("/projectIds/{projectId}") - @Operation(summary = "获取用户组") - fun getProjectRoles( - @Parameter(description = "用户名", required = true) - @HeaderParam(AUTH_HEADER_USER_ID) - userId: String, - @Parameter(description = "项目标识", required = true) - @PathParam("projectId") - projectId: Int - ): Result> - - @DELETE - @Path("/projectIds/{projectId}/roles/{roleId}") - @Operation(summary = "删除用户组") - fun deleteProjectRole( - @Parameter(description = "用户名", required = true) - @HeaderParam(AUTH_HEADER_USER_ID) - userId: String, - @Parameter(description = "项目标识", required = true) - @PathParam("projectId") - projectId: Int, - @Parameter(description = "角色Id", required = true) - @PathParam("roleId") - roleId: Int - ): Result - - @GET - @Path("/projects/{projectId}/manager/hasPermission") - @Operation(summary = "是否有项目管理操作的权限") - fun hashPermission( - @Parameter(description = "用户名", required = true) - @HeaderParam(AUTH_HEADER_USER_ID) - userId: String, - @Parameter(description = "项目标识", required = true) - @PathParam("projectId") - projectId: Int - ): Result - - @GET - @Path("/default/role") - fun getDefaultRole( - @Parameter(description = "用户名", required = true) - @HeaderParam(AUTH_HEADER_USER_ID) - userId: String - ): Result> -} diff --git a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/vo/GroupDetailsInfoVo.kt b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/vo/GroupDetailsInfoVo.kt index 26bd35b3aff9..6193dda5c6ef 100644 --- a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/vo/GroupDetailsInfoVo.kt +++ b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/vo/GroupDetailsInfoVo.kt @@ -20,7 +20,7 @@ data class GroupDetailsInfoVo( val groupDesc: String? = null, @get:Schema(title = "有效期,天") val expiredAtDisplay: String, - @get:Schema(title = "过期时间戳,秒") + @get:Schema(title = "过期时间戳,毫秒") val expiredAt: Long, @get:Schema(title = "加入时间") val joinedTime: Long, diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/dao/AuthGroupDao.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/dao/AuthGroupDao.kt deleted file mode 100644 index acad2517975f..000000000000 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/dao/AuthGroupDao.kt +++ /dev/null @@ -1,194 +0,0 @@ -/* - * Tencent is pleased to support the open source community by making BK-CI 蓝鲸持续集成平台 available. - * - * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. - * - * BK-CI 蓝鲸持续集成平台 is licensed under the MIT license. - * - * A copy of the MIT License is included in this file. - * - * - * Terms of the MIT License: - * --------------------------------------------------- - * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated - * documentation files (the "Software"), to deal in the Software without restriction, including without limitation the - * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to - * permit persons to whom the Software is furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in all copies or substantial portions of - * the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT - * LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN - * NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, - * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE - * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - */ - -package com.tencent.devops.auth.dao - -import com.tencent.devops.auth.entity.GroupCreateInfo -import com.tencent.devops.model.auth.tables.TAuthGroupInfo -import com.tencent.devops.model.auth.tables.records.TAuthGroupInfoRecord -import org.jooq.DSLContext -import org.jooq.Result -import org.springframework.stereotype.Repository -import java.time.LocalDateTime - -@Repository -class AuthGroupDao { - - fun createGroup(dslContext: DSLContext, groupCreateInfo: GroupCreateInfo): Int { - with(TAuthGroupInfo.T_AUTH_GROUP_INFO) { - return dslContext.insertInto( - this, - GROUP_NAME, - GROUP_CODE, - GROUP_TYPE, - RELATION_ID, - DISPLAY_NAME, - PROJECT_CODE, - CREATE_USER, - CREATE_TIME, - UPDATE_USER, - UPDATE_TIME - ).values( - groupCreateInfo.groupName, - groupCreateInfo.groupCode, - groupCreateInfo.groupType, - groupCreateInfo.relationId, - groupCreateInfo.displayName, - groupCreateInfo.projectCode, - groupCreateInfo.user, - LocalDateTime.now(), - null, - null - ).returning(ID).fetchOne()!!.id - } - } - - fun getGroup(dslContext: DSLContext, projectCode: String, groupCode: String): TAuthGroupInfoRecord? { - with(TAuthGroupInfo.T_AUTH_GROUP_INFO) { - return dslContext.selectFrom(this) - .where(PROJECT_CODE.eq(projectCode).and(GROUP_CODE.eq(groupCode).and(IS_DELETE.eq(false)))).fetchAny() - } - } - - fun getGroupByProject(dslContext: DSLContext, projectCode: String): Result { - with(TAuthGroupInfo.T_AUTH_GROUP_INFO) { - return dslContext.selectFrom(this) - .where(PROJECT_CODE.eq(projectCode).and(IS_DELETE.eq(false))).fetch() - } - } - - fun getGroupByCodes( - dslContext: DSLContext, - projectCode: String, - groupCodes: List - ): Result { - with(TAuthGroupInfo.T_AUTH_GROUP_INFO) { - return dslContext.selectFrom(this) - .where(PROJECT_CODE.eq(projectCode).and(GROUP_CODE.`in`(groupCodes).and(IS_DELETE.eq(false)))).fetch() - } - } - - fun getGroupById(dslContext: DSLContext, groupId: Int): TAuthGroupInfoRecord? { - with(TAuthGroupInfo.T_AUTH_GROUP_INFO) { - return dslContext.selectFrom(this) - .where(ID.eq(groupId)).fetchOne() - } - } - - fun getGroupByRelationId(dslContext: DSLContext, relationId: Int): TAuthGroupInfoRecord? { - with(TAuthGroupInfo.T_AUTH_GROUP_INFO) { - return dslContext.selectFrom(this).where(RELATION_ID.eq(relationId.toString())).fetchAny() - } - } - - fun getGroupByRelationIds(dslContext: DSLContext, relationIds: List): Result { - with(TAuthGroupInfo.T_AUTH_GROUP_INFO) { - return dslContext.selectFrom(this).where(RELATION_ID.`in`(relationIds).and(IS_DELETE.eq(false))).fetch() - } - } - - fun getGroupByName(dslContext: DSLContext, projectCode: String, groupName: String): TAuthGroupInfoRecord? { - with(TAuthGroupInfo.T_AUTH_GROUP_INFO) { - return dslContext.selectFrom(this).where(PROJECT_CODE.eq(projectCode) - .and(GROUP_NAME.eq(groupName))).fetchAny() - } - } - - fun batchCreateGroups(dslContext: DSLContext, groups: List) { - if (groups.isEmpty()) { - return - } - dslContext.batch(groups.map { - with(TAuthGroupInfo.T_AUTH_GROUP_INFO) { - dslContext.insertInto( - this, - GROUP_NAME, - GROUP_CODE, - GROUP_TYPE, - RELATION_ID, - DISPLAY_NAME, - PROJECT_CODE, - CREATE_USER, - CREATE_TIME, - UPDATE_USER, - UPDATE_TIME - ).values( - it.groupName, - it.groupCode, - it.groupType, - it.relationId, - it.displayName, - it.projectCode, - it.user, - LocalDateTime.now(), - null, - null - ) - } - }).execute() - } - - fun update( - dslContext: DSLContext, - id: Int, - groupName: String, - displayName: String, - userId: String - ): Int { - with(TAuthGroupInfo.T_AUTH_GROUP_INFO) { - return dslContext.update(this).set(GROUP_NAME, groupName) - .set(DISPLAY_NAME, displayName) - .set(UPDATE_USER, userId) - .set(UPDATE_TIME, LocalDateTime.now()) - .where(ID.eq(id)).execute() - } - } - - fun updateRelationId(dslContext: DSLContext, roleId: Int, relationId: String): Int { - with(TAuthGroupInfo.T_AUTH_GROUP_INFO) { - return dslContext.update(this).set(RELATION_ID, relationId).where(ID.eq(roleId)).execute() - } - } - - fun getRelationId(dslContext: DSLContext, roleId: Int): TAuthGroupInfoRecord? { - with(TAuthGroupInfo.T_AUTH_GROUP_INFO) { - return dslContext.selectFrom(this).where(ID.eq(roleId)).fetchAny() - } - } - - fun softDelete(dslContext: DSLContext, roleId: Int) { - with(TAuthGroupInfo.T_AUTH_GROUP_INFO) { - dslContext.update(this).set(IS_DELETE, true).where(ID.eq(roleId)).execute() - } - } - - fun deleteRole(dslContext: DSLContext, roleId: Int) { - with(TAuthGroupInfo.T_AUTH_GROUP_INFO) { - dslContext.delete(this).where(ID.eq(roleId)).execute() - } - } -} diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/dao/AuthGroupPermissionDao.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/dao/AuthGroupPermissionDao.kt deleted file mode 100644 index b102acae7854..000000000000 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/dao/AuthGroupPermissionDao.kt +++ /dev/null @@ -1,98 +0,0 @@ -/* - * Tencent is pleased to support the open source community by making BK-CI 蓝鲸持续集成平台 available. - * - * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. - * - * BK-CI 蓝鲸持续集成平台 is licensed under the MIT license. - * - * A copy of the MIT License is included in this file. - * - * - * Terms of the MIT License: - * --------------------------------------------------- - * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated - * documentation files (the "Software"), to deal in the Software without restriction, including without limitation the - * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to - * permit persons to whom the Software is furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in all copies or substantial portions of - * the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT - * LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN - * NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, - * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE - * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - */ - -package com.tencent.devops.auth.dao - -import com.tencent.devops.common.api.util.UUIDUtil -import com.tencent.devops.model.auth.tables.TAuthGroupPerssion -import com.tencent.devops.model.auth.tables.records.TAuthGroupPerssionRecord -import org.jooq.DSLContext -import org.jooq.Result -import org.springframework.stereotype.Repository -import java.time.LocalDateTime -import java.util.UUID - -@Repository -class AuthGroupPermissionDao { - - fun create(dslContext: DSLContext, groupCode: String, userId: String, authAction: String): Int { - with(TAuthGroupPerssion.T_AUTH_GROUP_PERSSION) { - return dslContext.insertInto( - this, - ID, - GROUP_CODE, - AUTH_ACTION, - CREATE_USER, - CREATE_TIME, - UPDATE_USER, - UPDATE_TIME - ).values( - UUIDUtil.generate(), - groupCode, - authAction, - userId, - LocalDateTime.now(), - null, - null - ).execute() - } - } - - fun batchCreateAction(dslContext: DSLContext, groupCode: String, userId: String, authActions: List) { - if (authActions.isEmpty()) { - return - } - dslContext.batch(authActions.map { - with(TAuthGroupPerssion.T_AUTH_GROUP_PERSSION) { - dslContext.insertInto( - this, - ID, - GROUP_CODE, - AUTH_ACTION, - CREATE_USER, - CREATE_TIME, - UPDATE_USER, - UPDATE_TIME - ).values( - UUID.randomUUID().toString(), - groupCode, - it, - userId, - LocalDateTime.now(), - null, - null - ) - } - }).execute() - } - - fun getByGroupCode(dslContext: DSLContext, groupCode: String): Result? { - with(TAuthGroupPerssion.T_AUTH_GROUP_PERSSION) { - return dslContext.selectFrom(this).where(GROUP_CODE.eq(groupCode)).fetch() - } - } -} diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/dao/AuthGroupUserDao.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/dao/AuthGroupUserDao.kt deleted file mode 100644 index 83ac4ee0cda4..000000000000 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/dao/AuthGroupUserDao.kt +++ /dev/null @@ -1,65 +0,0 @@ -/* - * Tencent is pleased to support the open source community by making BK-CI 蓝鲸持续集成平台 available. - * - * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. - * - * BK-CI 蓝鲸持续集成平台 is licensed under the MIT license. - * - * A copy of the MIT License is included in this file. - * - * - * Terms of the MIT License: - * --------------------------------------------------- - * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated - * documentation files (the "Software"), to deal in the Software without restriction, including without limitation the - * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to - * permit persons to whom the Software is furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in all copies or substantial portions of - * the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT - * LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN - * NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, - * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE - * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - */ - -package com.tencent.devops.auth.dao - -import com.tencent.devops.common.api.util.UUIDUtil -import com.tencent.devops.model.auth.tables.TAuthGroupUser -import com.tencent.devops.model.auth.tables.records.TAuthGroupUserRecord -import org.jooq.DSLContext -import org.springframework.stereotype.Repository -import java.time.LocalDateTime - -@Repository -class AuthGroupUserDao { - - fun create(dslContext: DSLContext, userId: String, groupId: String): Int { - with(TAuthGroupUser.T_AUTH_GROUP_USER) { - return dslContext.insertInto( - this, - ID, - USER_ID, - GROUP_ID, - CREATE_USER, - CREATE_TIME - ).values( - UUIDUtil.generate(), - userId, - groupId, - userId, - LocalDateTime.now() - ).execute() - } - } - - fun get(dslContext: DSLContext, userId: String, groupId: String): TAuthGroupUserRecord? { - with(TAuthGroupUser.T_AUTH_GROUP_USER) { - return dslContext.selectFrom(this) - .where(USER_ID.eq(userId).and(GROUP_ID.eq(groupId))).fetchOne() - } - } -} diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/RbacPermissionApplyService.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/RbacPermissionApplyService.kt index bc836f761a11..e5ff247f4909 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/RbacPermissionApplyService.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/RbacPermissionApplyService.kt @@ -27,7 +27,6 @@ import com.tencent.devops.auth.pojo.vo.AuthRedirectGroupInfoVo import com.tencent.devops.auth.pojo.vo.ManagerRoleGroupVO import com.tencent.devops.auth.pojo.vo.ResourceTypeInfoVo import com.tencent.devops.auth.service.DeptService -import com.tencent.devops.auth.service.GroupUserService import com.tencent.devops.auth.service.iam.PermissionApplyService import com.tencent.devops.auth.service.iam.PermissionService import com.tencent.devops.common.api.exception.ErrorCodeException @@ -640,7 +639,7 @@ class RbacPermissionApplyService @Autowired constructor( } companion object { - private val logger = LoggerFactory.getLogger(GroupUserService::class.java) + private val logger = LoggerFactory.getLogger(RbacPermissionApplyService::class.java) private val executor = Executors.newFixedThreadPool(10) } } diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/RbacPermissionResourceMemberService.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/RbacPermissionResourceMemberService.kt index d5525d3fb698..8fd0e90c4b65 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/RbacPermissionResourceMemberService.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/RbacPermissionResourceMemberService.kt @@ -683,7 +683,7 @@ class RbacPermissionResourceMemberService( dslContext = dslContext, projectCode = projectCode, iamGroupId = groupId, - expiredTime = DateTimeUtil.convertTimestampToLocalDateTime(expiredAt), + expiredTime = DateTimeUtil.convertTimestampToLocalDateTime(finalExpiredAt), memberId = targetMember.id ) } diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/sample/config/MockAuthConfiguration.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/sample/config/MockAuthConfiguration.kt index 279ba8e8728b..84587ca37b79 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/sample/config/MockAuthConfiguration.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/sample/config/MockAuthConfiguration.kt @@ -5,11 +5,9 @@ import com.tencent.devops.auth.provider.sample.service.SampleAuthAuthorizationSc import com.tencent.devops.auth.provider.sample.service.SampleAuthMonitorSpaceService import com.tencent.devops.auth.provider.sample.service.SampleAuthPermissionProjectService import com.tencent.devops.auth.provider.sample.service.SampleAuthPermissionService -import com.tencent.devops.auth.provider.sample.service.SampleGrantPermissionServiceImpl import com.tencent.devops.auth.provider.sample.service.SampleOrganizationService import com.tencent.devops.auth.provider.sample.service.SamplePermissionApplyService import com.tencent.devops.auth.provider.sample.service.SamplePermissionExtService -import com.tencent.devops.auth.provider.sample.service.SamplePermissionGradeService import com.tencent.devops.auth.provider.sample.service.SamplePermissionItsmCallbackService import com.tencent.devops.auth.provider.sample.service.SamplePermissionMigrateService import com.tencent.devops.auth.provider.sample.service.SamplePermissionResourceGroupAndMemberFacadeService @@ -19,9 +17,6 @@ import com.tencent.devops.auth.provider.sample.service.SamplePermissionResourceG import com.tencent.devops.auth.provider.sample.service.SamplePermissionResourceMemberService import com.tencent.devops.auth.provider.sample.service.SamplePermissionResourceService import com.tencent.devops.auth.provider.sample.service.SamplePermissionResourceValidateService -import com.tencent.devops.auth.provider.sample.service.SamplePermissionRoleMemberService -import com.tencent.devops.auth.provider.sample.service.SamplePermissionRoleService -import com.tencent.devops.auth.provider.sample.service.SamplePermissionUrlServiceImpl import com.tencent.devops.auth.provider.sample.service.SampleSuperManagerServiceImpl import com.tencent.devops.auth.service.AuthAuthorizationScopesService import com.tencent.devops.auth.service.AuthMonitorSpaceService @@ -32,8 +27,6 @@ import com.tencent.devops.auth.service.PermissionAuthorizationService import com.tencent.devops.auth.service.SuperManagerService import com.tencent.devops.auth.service.iam.PermissionApplyService import com.tencent.devops.auth.service.iam.PermissionExtService -import com.tencent.devops.auth.service.iam.PermissionGradeService -import com.tencent.devops.auth.service.iam.PermissionGrantService import com.tencent.devops.auth.service.iam.PermissionItsmCallbackService import com.tencent.devops.auth.service.iam.PermissionMigrateService import com.tencent.devops.auth.service.iam.PermissionProjectService @@ -44,10 +37,7 @@ import com.tencent.devops.auth.service.iam.PermissionResourceGroupSyncService import com.tencent.devops.auth.service.iam.PermissionResourceMemberService import com.tencent.devops.auth.service.iam.PermissionResourceService import com.tencent.devops.auth.service.iam.PermissionResourceValidateService -import com.tencent.devops.auth.service.iam.PermissionRoleMemberService -import com.tencent.devops.auth.service.iam.PermissionRoleService import com.tencent.devops.auth.service.iam.PermissionService -import com.tencent.devops.auth.service.iam.PermissionUrlService import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean import org.springframework.context.annotation.Bean @@ -67,10 +57,6 @@ class MockAuthConfiguration { @ConditionalOnMissingBean(PermissionExtService::class) fun permissionExtService() = SamplePermissionExtService() - @Bean - @ConditionalOnMissingBean(PermissionUrlService::class) - fun permissionUrlService() = SamplePermissionUrlServiceImpl() - @Bean @ConditionalOnMissingBean(PermissionProjectService::class) fun sampleAuthPermissionProjectService() = SampleAuthPermissionProjectService() @@ -79,26 +65,10 @@ class MockAuthConfiguration { @ConditionalOnMissingBean(PermissionService::class) fun sampleAuthPermissionService() = SampleAuthPermissionService() - @Bean - @ConditionalOnMissingBean(PermissionGrantService::class) - fun sampleGrantPermissionServiceImpl() = SampleGrantPermissionServiceImpl() - @Bean @ConditionalOnMissingBean(SuperManagerService::class) fun sampleSuperManagerServiceImpl() = SampleSuperManagerServiceImpl() - @Bean - @ConditionalOnMissingBean(PermissionGradeService::class) - fun samplePermissionGradeService() = SamplePermissionGradeService() - - @Bean - @ConditionalOnMissingBean(PermissionRoleMemberService::class) - fun samplePermissionRoleMemberService() = SamplePermissionRoleMemberService() - - @Bean - @ConditionalOnMissingBean(PermissionRoleService::class) - fun samplePermissionRoleService() = SamplePermissionRoleService() - @Bean @ConditionalOnMissingBean(OrganizationService::class) fun sampleOrganizationService() = SampleOrganizationService() diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/sample/service/SampleGrantPermissionServiceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/sample/service/SampleGrantPermissionServiceImpl.kt deleted file mode 100644 index 7b51e11baef6..000000000000 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/sample/service/SampleGrantPermissionServiceImpl.kt +++ /dev/null @@ -1,10 +0,0 @@ -package com.tencent.devops.auth.provider.sample.service - -import com.tencent.devops.auth.pojo.dto.GrantInstanceDTO -import com.tencent.devops.auth.service.iam.PermissionGrantService - -class SampleGrantPermissionServiceImpl : PermissionGrantService { - override fun grantInstancePermission(projectId: String, grantInfo: GrantInstanceDTO): Boolean { - return false - } -} diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/sample/service/SamplePermissionGradeService.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/sample/service/SamplePermissionGradeService.kt deleted file mode 100644 index 4a69f0e43437..000000000000 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/sample/service/SamplePermissionGradeService.kt +++ /dev/null @@ -1,36 +0,0 @@ -/* - * Tencent is pleased to support the open source community by making BK-CI 蓝鲸持续集成平台 available. - * - * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. - * - * BK-CI 蓝鲸持续集成平台 is licensed under the MIT license. - * - * A copy of the MIT License is included in this file. - * - * - * Terms of the MIT License: - * --------------------------------------------------- - * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated - * documentation files (the "Software"), to deal in the Software without restriction, including without limitation the - * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to - * permit persons to whom the Software is furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in all copies or substantial portions of - * the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT - * LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN - * NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, - * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE - * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - */ - -package com.tencent.devops.auth.provider.sample.service - -import com.tencent.devops.auth.service.iam.PermissionGradeService - -class SamplePermissionGradeService : PermissionGradeService { - override fun checkGradeManagerUser(userId: String, projectId: Int) { - TODO("Not yet implemented") - } -} diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/sample/service/SamplePermissionRoleMemberService.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/sample/service/SamplePermissionRoleMemberService.kt deleted file mode 100644 index e3ca29e427f6..000000000000 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/sample/service/SamplePermissionRoleMemberService.kt +++ /dev/null @@ -1,71 +0,0 @@ -/* - * Tencent is pleased to support the open source community by making BK-CI 蓝鲸持续集成平台 available. - * - * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. - * - * BK-CI 蓝鲸持续集成平台 is licensed under the MIT license. - * - * A copy of the MIT License is included in this file. - * - * - * Terms of the MIT License: - * --------------------------------------------------- - * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated - * documentation files (the "Software"), to deal in the Software without restriction, including without limitation the - * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to - * permit persons to whom the Software is furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in all copies or substantial portions of - * the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT - * LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN - * NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, - * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE - * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - */ - -package com.tencent.devops.auth.provider.sample.service - -import com.tencent.bk.sdk.iam.constants.ManagerScopesEnum -import com.tencent.bk.sdk.iam.dto.manager.ManagerRoleGroupInfo -import com.tencent.bk.sdk.iam.dto.manager.vo.ManagerGroupMemberVo -import com.tencent.devops.auth.pojo.dto.RoleMemberDTO -import com.tencent.devops.auth.pojo.vo.ProjectMembersVO -import com.tencent.devops.auth.service.iam.PermissionRoleMemberService - -class SamplePermissionRoleMemberService : PermissionRoleMemberService { - override fun createRoleMember( - userId: String, - projectId: Int, - roleId: Int, - members: List, - managerGroup: Boolean, - checkAGradeManager: Boolean? - ) { - TODO("Not yet implemented") - } - - override fun deleteRoleMember( - userId: String, - projectId: Int, - roleId: Int, - id: String, - type: ManagerScopesEnum, - managerGroup: Boolean - ) { - TODO("Not yet implemented") - } - - override fun getRoleMember(projectId: Int, roleId: Int, page: Int?, pageSize: Int?): ManagerGroupMemberVo { - TODO("Not yet implemented") - } - - override fun getProjectAllMember(projectId: Int, page: Int?, pageSize: Int?): ProjectMembersVO? { - TODO("Not yet implemented") - } - - override fun getUserGroups(projectId: Int, userId: String): List? { - TODO("Not yet implemented") - } -} diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/sample/service/SamplePermissionRoleService.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/sample/service/SamplePermissionRoleService.kt deleted file mode 100644 index cc3f1b215c59..000000000000 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/sample/service/SamplePermissionRoleService.kt +++ /dev/null @@ -1,60 +0,0 @@ -/* - * Tencent is pleased to support the open source community by making BK-CI 蓝鲸持续集成平台 available. - * - * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. - * - * BK-CI 蓝鲸持续集成平台 is licensed under the MIT license. - * - * A copy of the MIT License is included in this file. - * - * - * Terms of the MIT License: - * --------------------------------------------------- - * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated - * documentation files (the "Software"), to deal in the Software without restriction, including without limitation the - * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to - * permit persons to whom the Software is furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in all copies or substantial portions of - * the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT - * LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN - * NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, - * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE - * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - */ - -package com.tencent.devops.auth.provider.sample.service - -import com.tencent.devops.auth.pojo.DefaultGroup -import com.tencent.devops.auth.pojo.dto.ProjectRoleDTO -import com.tencent.devops.auth.pojo.vo.GroupInfoVo -import com.tencent.devops.auth.service.iam.PermissionRoleService - -class SamplePermissionRoleService : PermissionRoleService { - override fun createPermissionRole( - userId: String, - projectId: Int, - projectCode: String, - groupInfo: ProjectRoleDTO - ): Int { - TODO("Not yet implemented") - } - - override fun renamePermissionRole(userId: String, projectId: Int, roleId: Int, groupInfo: ProjectRoleDTO) { - TODO("Not yet implemented") - } - - override fun getPermissionRole(projectId: Int): List { - TODO("Not yet implemented") - } - - override fun deletePermissionRole(userId: String, projectId: Int, roleId: Int) { - TODO("Not yet implemented") - } - - override fun getDefaultRole(): List { - TODO("Not yet implemented") - } -} diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/sample/service/SamplePermissionUrlServiceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/sample/service/SamplePermissionUrlServiceImpl.kt deleted file mode 100644 index f1a00323d0fe..000000000000 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/sample/service/SamplePermissionUrlServiceImpl.kt +++ /dev/null @@ -1,42 +0,0 @@ -/* - * Tencent is pleased to support the open source community by making BK-CI 蓝鲸持续集成平台 available. - * - * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. - * - * BK-CI 蓝鲸持续集成平台 is licensed under the MIT license. - * - * A copy of the MIT License is included in this file. - * - * - * Terms of the MIT License: - * --------------------------------------------------- - * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated - * documentation files (the "Software"), to deal in the Software without restriction, including without limitation the - * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to - * permit persons to whom the Software is furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in all copies or substantial portions of - * the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT - * LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN - * NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, - * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE - * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - */ - -package com.tencent.devops.auth.provider.sample.service - -import com.tencent.devops.auth.pojo.PermissionUrlDTO -import com.tencent.devops.auth.service.iam.PermissionUrlService -import com.tencent.devops.common.api.pojo.Result - -class SamplePermissionUrlServiceImpl : PermissionUrlService { - override fun getPermissionUrl(permissionUrlDTO: List): Result { - return Result("") - } - - override fun getRolePermissionUrl(projectId: String, groupId: String?): String? { - return null - } -} diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/ServiceGroupResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/ServiceGroupResourceImpl.kt deleted file mode 100644 index 5f1d238df129..000000000000 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/ServiceGroupResourceImpl.kt +++ /dev/null @@ -1,54 +0,0 @@ -/* - * Tencent is pleased to support the open source community by making BK-CI 蓝鲸持续集成平台 available. - * - * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. - * - * BK-CI 蓝鲸持续集成平台 is licensed under the MIT license. - * - * A copy of the MIT License is included in this file. - * - * - * Terms of the MIT License: - * --------------------------------------------------- - * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated - * documentation files (the "Software"), to deal in the Software without restriction, including without limitation the - * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to - * permit persons to whom the Software is furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in all copies or substantial portions of - * the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT - * LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN - * NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, - * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE - * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - */ - -package com.tencent.devops.auth.resources - -import com.tencent.devops.auth.api.ServiceGroupResource -import com.tencent.devops.auth.pojo.dto.GroupDTO -import com.tencent.devops.auth.service.AuthGroupService -import com.tencent.devops.common.api.pojo.Result -import com.tencent.devops.common.web.RestResource -import org.springframework.beans.factory.annotation.Autowired - -@RestResource -class ServiceGroupResourceImpl @Autowired constructor( - val authGroupService: AuthGroupService -) : ServiceGroupResource { - - override fun createGroup( - userId: String, - projectCode: String, - groupInfo: GroupDTO - ): Result { - authGroupService.createGroup(userId, projectCode, groupInfo) - return Result(true) - } - - override fun batchCreateGroup(userId: String, projectCode: String, groupInfos: List): Result { - return authGroupService.batchCreate(userId, projectCode, groupInfos) - } -} diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/ServiceUserGroupResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/ServiceUserGroupResourceImpl.kt deleted file mode 100644 index 381baddf45c6..000000000000 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/ServiceUserGroupResourceImpl.kt +++ /dev/null @@ -1,44 +0,0 @@ -/* - * Tencent is pleased to support the open source community by making BK-CI 蓝鲸持续集成平台 available. - * - * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. - * - * BK-CI 蓝鲸持续集成平台 is licensed under the MIT license. - * - * A copy of the MIT License is included in this file. - * - * - * Terms of the MIT License: - * --------------------------------------------------- - * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated - * documentation files (the "Software"), to deal in the Software without restriction, including without limitation the - * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to - * permit persons to whom the Software is furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in all copies or substantial portions of - * the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT - * LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN - * NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, - * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE - * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - */ - -package com.tencent.devops.auth.resources - -import com.tencent.devops.auth.api.ServiceUserGroupResource -import com.tencent.devops.auth.service.GroupUserService -import com.tencent.devops.common.api.pojo.Result -import org.springframework.beans.factory.annotation.Autowired -import org.springframework.web.bind.annotation.RestController - -@RestController -class ServiceUserGroupResourceImpl @Autowired constructor( - val groupUserService: GroupUserService -) : ServiceUserGroupResource { - - override fun addUser2Group(userId: String, groupId: Int): Result { - return groupUserService.addUser2Group(userId, groupId) - } -} diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserProjectMemberResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserProjectMemberResourceImpl.kt deleted file mode 100644 index c14de3fe6904..000000000000 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserProjectMemberResourceImpl.kt +++ /dev/null @@ -1,121 +0,0 @@ -/* - * Tencent is pleased to support the open source community by making BK-CI 蓝鲸持续集成平台 available. - * - * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. - * - * BK-CI 蓝鲸持续集成平台 is licensed under the MIT license. - * - * A copy of the MIT License is included in this file. - * - * - * Terms of the MIT License: - * --------------------------------------------------- - * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated - * documentation files (the "Software"), to deal in the Software without restriction, including without limitation the - * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to - * permit persons to whom the Software is furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in all copies or substantial portions of - * the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT - * LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN - * NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, - * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE - * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - * - */ - -package com.tencent.devops.auth.resources - -import com.tencent.bk.sdk.iam.constants.ManagerScopesEnum -import com.tencent.bk.sdk.iam.dto.manager.ManagerRoleGroupInfo -import com.tencent.bk.sdk.iam.dto.manager.vo.ManagerGroupMemberVo -import com.tencent.devops.auth.api.user.UserProjectMemberResource -import com.tencent.devops.auth.pojo.dto.RoleMemberDTO -import com.tencent.devops.auth.pojo.vo.ProjectMembersVO -import com.tencent.devops.auth.service.iam.PermissionProjectService -import com.tencent.devops.auth.service.iam.PermissionRoleMemberService -import com.tencent.devops.common.api.pojo.Result -import com.tencent.devops.common.auth.api.pojo.BkAuthGroup -import com.tencent.devops.common.web.RestResource -import org.springframework.beans.factory.annotation.Autowired - -@RestResource -class UserProjectMemberResourceImpl @Autowired constructor( - val permissionRoleMemberService: PermissionRoleMemberService, - val permissionProjectService: PermissionProjectService -) : UserProjectMemberResource { - override fun createRoleMember( - userId: String, - projectId: Int, - roleId: Int, - managerGroup: Boolean, - members: List - ): Result { - permissionRoleMemberService.createRoleMember( - userId = userId, - projectId = projectId, - roleId = roleId, - members = members, - managerGroup = managerGroup, - checkAGradeManager = true - ) - return Result(true) - } - - override fun getRoleMember( - projectId: Int, - roleId: Int, - page: Int?, - pageSize: Int? - ): Result { - return Result( - permissionRoleMemberService.getRoleMember( - projectId = projectId, - roleId = roleId, - page = page, - pageSize = pageSize - ) - ) - } - - override fun getProjectAllMember(projectId: Int, page: Int?, pageSize: Int?): Result { - return Result(permissionRoleMemberService.getProjectAllMember(projectId, page, pageSize)) - } - - override fun deleteRoleMember( - userId: String, - projectId: Int, - roleId: Int, - managerGroup: Boolean, - members: String, - type: ManagerScopesEnum - ): Result { - Result( - permissionRoleMemberService.deleteRoleMember( - userId = userId, - projectId = projectId, - roleId = roleId, - id = members, - type = type, - managerGroup = managerGroup - ) - ) - return Result(true) - } - - override fun getUserAllGroup( - userId: String, - projectId: Int, - searchUserId: String - ): Result?> { - return Result(permissionRoleMemberService.getUserGroups(projectId, searchUserId)) - } - - override fun checkManager(userId: String, projectId: String): Result { - val result = permissionProjectService.checkProjectManager(userId, projectId) || - permissionProjectService.isProjectUser(userId, projectId, BkAuthGroup.CI_MANAGER) - return Result(result) - } -} diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserProjectRoleResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserProjectRoleResourceImpl.kt deleted file mode 100644 index 04716d8c2009..000000000000 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserProjectRoleResourceImpl.kt +++ /dev/null @@ -1,99 +0,0 @@ -/* - * Tencent is pleased to support the open source community by making BK-CI 蓝鲸持续集成平台 available. - * - * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. - * - * BK-CI 蓝鲸持续集成平台 is licensed under the MIT license. - * - * A copy of the MIT License is included in this file. - * - * - * Terms of the MIT License: - * --------------------------------------------------- - * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated - * documentation files (the "Software"), to deal in the Software without restriction, including without limitation the - * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to - * permit persons to whom the Software is furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in all copies or substantial portions of - * the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT - * LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN - * NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, - * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE - * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - * - */ - -package com.tencent.devops.auth.resources - -import com.tencent.devops.auth.api.user.UserProjectRoleResource -import com.tencent.devops.auth.pojo.DefaultGroup -import com.tencent.devops.auth.pojo.dto.ProjectRoleDTO -import com.tencent.devops.auth.pojo.vo.GroupInfoVo -import com.tencent.devops.auth.service.iam.PermissionGradeService -import com.tencent.devops.auth.service.iam.PermissionRoleService -import com.tencent.devops.common.api.exception.PermissionForbiddenException -import com.tencent.devops.common.api.pojo.Result -import com.tencent.devops.common.web.RestResource -import org.springframework.beans.factory.annotation.Autowired - -@RestResource -class UserProjectRoleResourceImpl @Autowired constructor( - val permissionRoleService: PermissionRoleService, - val permissionGradeService: PermissionGradeService -) : UserProjectRoleResource { - override fun createProjectRole( - userId: String, - projectId: Int, - projectCode: String, - groupInfo: ProjectRoleDTO - ): Result { - return Result( - permissionRoleService.createPermissionRole( - userId = userId, - projectId = projectId, - projectCode = projectCode, - groupInfo = groupInfo - ).toString() - ) - } - - override fun updateProjectRole( - userId: String, - projectId: Int, - roleId: Int, - groupInfo: ProjectRoleDTO - ): Result { - permissionRoleService.renamePermissionRole( - userId = userId, - projectId = projectId, - roleId = roleId, - groupInfo = groupInfo - ) - return Result(true) - } - - override fun getProjectRoles(userId: String, projectId: Int): Result> { - return Result(permissionRoleService.getPermissionRole(projectId)) - } - - override fun deleteProjectRole(userId: String, projectId: Int, roleId: Int): Result { - permissionRoleService.deletePermissionRole(userId, projectId, roleId) - return Result(true) - } - - override fun hashPermission(userId: String, projectId: Int): Result { - try { - permissionGradeService.checkGradeManagerUser(userId, projectId) - } catch (e: PermissionForbiddenException) { - return Result(false) - } - return Result(true) - } - - override fun getDefaultRole(userId: String): Result> { - return Result(permissionRoleService.getDefaultRole()) - } -} diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/ExternalAuthItsmCallbackResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/external/ExternalAuthItsmCallbackResourceImpl.kt similarity index 98% rename from src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/ExternalAuthItsmCallbackResourceImpl.kt rename to src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/external/ExternalAuthItsmCallbackResourceImpl.kt index 8690520c2638..7a65f7f317a9 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/ExternalAuthItsmCallbackResourceImpl.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/external/ExternalAuthItsmCallbackResourceImpl.kt @@ -26,7 +26,7 @@ * */ -package com.tencent.devops.auth.resources +package com.tencent.devops.auth.resources.external import com.tencent.devops.auth.api.callback.ExternalAuthItsmCallbackResource import com.tencent.devops.auth.pojo.ItsmCallBackInfo diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/ExternalThirdLoginResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/external/ExternalThirdLoginResourceImpl.kt similarity index 97% rename from src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/ExternalThirdLoginResourceImpl.kt rename to src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/external/ExternalThirdLoginResourceImpl.kt index 528f10584dc5..d23dbca915a4 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/ExternalThirdLoginResourceImpl.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/external/ExternalThirdLoginResourceImpl.kt @@ -25,7 +25,7 @@ * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ -package com.tencent.devops.auth.resources +package com.tencent.devops.auth.resources.external import com.tencent.devops.auth.api.login.ExternalThirdLoginResource import com.tencent.devops.auth.service.ThirdLoginService diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/Oauth2DesktopEndpointResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/oauth2/Oauth2DesktopEndpointResourceImpl.kt similarity index 96% rename from src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/Oauth2DesktopEndpointResourceImpl.kt rename to src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/oauth2/Oauth2DesktopEndpointResourceImpl.kt index aae663c0ef3a..08a1ce1151f2 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/Oauth2DesktopEndpointResourceImpl.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/oauth2/Oauth2DesktopEndpointResourceImpl.kt @@ -1,4 +1,4 @@ -package com.tencent.devops.auth.resources +package com.tencent.devops.auth.resources.oauth2 import com.tencent.devops.auth.api.oauth2.Oauth2DesktopEndpointResource import com.tencent.devops.auth.pojo.dto.Oauth2AuthorizationCodeDTO diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/Oauth2ServiceEndpointResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/oauth2/Oauth2ServiceEndpointResourceImpl.kt similarity index 98% rename from src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/Oauth2ServiceEndpointResourceImpl.kt rename to src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/oauth2/Oauth2ServiceEndpointResourceImpl.kt index a46201635613..77d6006aa59a 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/Oauth2ServiceEndpointResourceImpl.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/oauth2/Oauth2ServiceEndpointResourceImpl.kt @@ -1,4 +1,4 @@ -package com.tencent.devops.auth.resources +package com.tencent.devops.auth.resources.oauth2 import com.tencent.devops.auth.api.oauth2.Oauth2ServiceEndpointResource import com.tencent.devops.auth.pojo.Oauth2AccessTokenRequest diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/OpAuthMigrateResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/op/OpAuthMigrateResourceImpl.kt similarity index 99% rename from src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/OpAuthMigrateResourceImpl.kt rename to src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/op/OpAuthMigrateResourceImpl.kt index 8592c98a9b3a..a43804cbe068 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/OpAuthMigrateResourceImpl.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/op/OpAuthMigrateResourceImpl.kt @@ -26,7 +26,7 @@ * */ -package com.tencent.devops.auth.resources +package com.tencent.devops.auth.resources.op import com.tencent.devops.auth.api.migrate.OpAuthMigrateResource import com.tencent.devops.auth.pojo.dto.MigrateResourceDTO diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/OpAuthResourceGroupPermSyncResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/op/OpAuthResourceGroupPermSyncResourceImpl.kt similarity index 98% rename from src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/OpAuthResourceGroupPermSyncResourceImpl.kt rename to src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/op/OpAuthResourceGroupPermSyncResourceImpl.kt index 104eb3c4cc82..fdd544d0b68f 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/OpAuthResourceGroupPermSyncResourceImpl.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/op/OpAuthResourceGroupPermSyncResourceImpl.kt @@ -25,7 +25,7 @@ * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ -package com.tencent.devops.auth.resources +package com.tencent.devops.auth.resources.op import com.tencent.devops.auth.api.sync.OpAuthResourceGroupPermSyncResource import com.tencent.devops.auth.service.iam.PermissionResourceGroupPermissionService diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/OpAuthResourceGroupSyncResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/op/OpAuthResourceGroupSyncResourceImpl.kt similarity index 98% rename from src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/OpAuthResourceGroupSyncResourceImpl.kt rename to src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/op/OpAuthResourceGroupSyncResourceImpl.kt index 40cccbbb9baf..b5bae65a2645 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/OpAuthResourceGroupSyncResourceImpl.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/op/OpAuthResourceGroupSyncResourceImpl.kt @@ -25,7 +25,7 @@ * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ -package com.tencent.devops.auth.resources +package com.tencent.devops.auth.resources.op import com.tencent.devops.auth.api.sync.OpAuthResourceGroupSyncResource import com.tencent.devops.auth.service.iam.PermissionResourceGroupSyncService diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/OpCallBackResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/op/OpCallBackResourceImpl.kt similarity index 96% rename from src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/OpCallBackResourceImpl.kt rename to src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/op/OpCallBackResourceImpl.kt index cb51a10eb15d..40503d8992c4 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/OpCallBackResourceImpl.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/op/OpCallBackResourceImpl.kt @@ -25,9 +25,9 @@ * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ -package com.tencent.devops.auth.resources +package com.tencent.devops.auth.resources.op -import com.tencent.devops.auth.api.callback.OpCallBackResource +import com.tencent.devops.auth.api.op.OpCallBackResource import com.tencent.devops.auth.pojo.IamCallBackInfo import com.tencent.devops.auth.pojo.IamCallBackInterfaceDTO import com.tencent.devops.auth.service.CallBackService diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/OpManagerOrganizationResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/op/OpManagerOrganizationResourceImpl.kt similarity index 98% rename from src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/OpManagerOrganizationResourceImpl.kt rename to src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/op/OpManagerOrganizationResourceImpl.kt index 48e3c3b6d3a0..8e6ca5763c38 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/OpManagerOrganizationResourceImpl.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/op/OpManagerOrganizationResourceImpl.kt @@ -25,7 +25,7 @@ * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ -package com.tencent.devops.auth.resources +package com.tencent.devops.auth.resources.op import com.tencent.devops.auth.api.manager.OpManagerOrganizationResource import com.tencent.devops.auth.pojo.ManageOrganizationEntity diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/OpManagerStrategyResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/op/OpManagerStrategyResourceImpl.kt similarity index 98% rename from src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/OpManagerStrategyResourceImpl.kt rename to src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/op/OpManagerStrategyResourceImpl.kt index c4e1d48557bd..8de3d17ece0f 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/OpManagerStrategyResourceImpl.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/op/OpManagerStrategyResourceImpl.kt @@ -25,7 +25,7 @@ * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ -package com.tencent.devops.auth.resources +package com.tencent.devops.auth.resources.op import com.tencent.devops.auth.api.manager.OpManagerStrategyResource import com.tencent.devops.auth.pojo.StrategyEntity diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/OpManagerUserResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/op/OpManagerUserResourceImpl.kt similarity index 99% rename from src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/OpManagerUserResourceImpl.kt rename to src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/op/OpManagerUserResourceImpl.kt index d09a76baae48..f513f1ec44f1 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/OpManagerUserResourceImpl.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/op/OpManagerUserResourceImpl.kt @@ -25,7 +25,7 @@ * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ -package com.tencent.devops.auth.resources +package com.tencent.devops.auth.resources.op import com.tencent.devops.auth.api.manager.OpManagerUserResource import com.tencent.devops.auth.pojo.ManagerUserEntity diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/OpOauth2ResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/op/OpOauth2ResourceImpl.kt similarity index 96% rename from src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/OpOauth2ResourceImpl.kt rename to src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/op/OpOauth2ResourceImpl.kt index cc5ae56a2563..a99a00651bcb 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/OpOauth2ResourceImpl.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/op/OpOauth2ResourceImpl.kt @@ -1,4 +1,4 @@ -package com.tencent.devops.auth.resources +package com.tencent.devops.auth.resources.op import com.tencent.devops.auth.api.oauth2.OpOauth2Resource import com.tencent.devops.auth.pojo.dto.ClientDetailsDTO diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/OpPermissionFacadeResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/op/OpPermissionFacadeResourceImpl.kt similarity index 96% rename from src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/OpPermissionFacadeResourceImpl.kt rename to src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/op/OpPermissionFacadeResourceImpl.kt index fa1e3ae544d3..d98383997c03 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/OpPermissionFacadeResourceImpl.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/op/OpPermissionFacadeResourceImpl.kt @@ -1,4 +1,4 @@ -package com.tencent.devops.auth.resources +package com.tencent.devops.auth.resources.op import com.tencent.devops.auth.api.op.OpPermissionFacadeResource import com.tencent.devops.auth.pojo.request.CustomGroupCreateReq diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/OpenAuthResourceCallBackResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/open/OpenAuthResourceCallBackResourceImpl.kt similarity index 98% rename from src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/OpenAuthResourceCallBackResourceImpl.kt rename to src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/open/OpenAuthResourceCallBackResourceImpl.kt index 1ea7995c582f..4e3a66dfe3c6 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/OpenAuthResourceCallBackResourceImpl.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/open/OpenAuthResourceCallBackResourceImpl.kt @@ -26,7 +26,7 @@ * */ -package com.tencent.devops.auth.resources +package com.tencent.devops.auth.resources.open import com.tencent.bk.sdk.iam.dto.callback.request.CallbackRequestDTO import com.tencent.bk.sdk.iam.dto.callback.response.CallbackBaseResponseDTO diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/open/OpenPermissionAuthResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/open/OpenPermissionAuthResourceImpl.kt new file mode 100644 index 000000000000..615ff1cf000e --- /dev/null +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/open/OpenPermissionAuthResourceImpl.kt @@ -0,0 +1,293 @@ +/* + * Tencent is pleased to support the open source community by making BK-CI 蓝鲸持续集成平台 available. + * + * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. + * + * BK-CI 蓝鲸持续集成平台 is licensed under the MIT license. + * + * A copy of the MIT License is included in this file. + * + * + * Terms of the MIT License: + * --------------------------------------------------- + * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated + * documentation files (the "Software"), to deal in the Software without restriction, including without limitation the + * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all copies or substantial portions of + * the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT + * LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN + * NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, + * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + */ + +package com.tencent.devops.auth.resources.open + +import com.tencent.devops.auth.api.open.OpenPermissionAuthResource +import com.tencent.devops.auth.service.iam.PermissionExtService +import com.tencent.devops.auth.service.iam.PermissionService +import com.tencent.devops.common.api.pojo.Result +import com.tencent.devops.common.auth.api.AuthPermission +import com.tencent.devops.common.auth.api.pojo.AuthResourceInstance +import com.tencent.devops.common.web.RestResource +import com.tencent.devops.common.web.annotation.BkApiPermission +import com.tencent.devops.common.web.constant.BkApiHandleType +import org.springframework.beans.factory.annotation.Autowired + +@RestResource +class OpenPermissionAuthResourceImpl @Autowired constructor( + val permissionService: PermissionService, + val permissionExtService: PermissionExtService +) : OpenPermissionAuthResource { + + @BkApiPermission([BkApiHandleType.API_OPEN_TOKEN_CHECK]) + override fun validateUserActionPermission( + userId: String, + token: String, + type: String?, + action: String + ): Result { + return Result(permissionService.validateUserActionPermission(userId, action)) + } + + @BkApiPermission([BkApiHandleType.API_OPEN_TOKEN_CHECK]) + override fun validateUserResourcePermission( + userId: String, + token: String, + type: String?, + action: String, + projectCode: String, + resourceCode: String? + ): Result { + return Result(permissionService.validateUserResourcePermission(userId, action, projectCode, resourceCode)) + } + + @BkApiPermission([BkApiHandleType.API_OPEN_TOKEN_CHECK]) + override fun validateUserResourcePermissionByRelation( + userId: String, + token: String, + type: String?, + action: String, + projectCode: String, + resourceCode: String, + resourceType: String, + relationResourceType: String? + ): Result { + return Result( + permissionService.validateUserResourcePermissionByRelation( + userId = userId, + action = action, + projectCode = projectCode, + resourceCode = resourceCode, + resourceType = resourceType, + relationResourceType = relationResourceType + ) + ) + } + + @BkApiPermission([BkApiHandleType.API_OPEN_TOKEN_CHECK]) + override fun validateUserResourcePermissionByInstance( + userId: String, + token: String, + type: String?, + action: String, + projectCode: String, + resource: AuthResourceInstance + ): Result { + return Result( + permissionService.validateUserResourcePermissionByInstance( + userId = userId, + action = action, + projectCode = projectCode, + resource = resource + ) + ) + } + + @BkApiPermission([BkApiHandleType.API_OPEN_TOKEN_CHECK]) + override fun batchValidateUserResourcePermissionByRelation( + userId: String, + token: String, + type: String?, + projectCode: String, + resourceCode: String, + resourceType: String, + relationResourceType: String?, + action: List + ): Result { + var actionCheckPermission = true + action.forEach { + val checkActionPermission = permissionService.validateUserResourcePermissionByRelation( + userId = userId, + action = it, + projectCode = projectCode, + resourceCode = resourceCode, + resourceType = resourceType, + relationResourceType = relationResourceType + ) + if (!checkActionPermission) { + actionCheckPermission = false + return@forEach + } + } + return Result(actionCheckPermission) + } + + @BkApiPermission([BkApiHandleType.API_OPEN_TOKEN_CHECK]) + override fun getUserResourceByPermission( + userId: String, + token: String, + type: String?, + action: String, + projectCode: String, + resourceType: String + ): Result> { + return Result( + permissionService.getUserResourceByAction( + userId = userId, + action = action, + projectCode = projectCode, + resourceType = resourceType + ) + ) + } + + @BkApiPermission([BkApiHandleType.API_OPEN_TOKEN_CHECK]) + override fun getUserResourcesByPermissions( + userId: String, + token: String, + type: String?, + actions: List, + projectCode: String, + resourceType: String + ): Result>> { + return Result( + permissionService.getUserResourcesByActions( + userId = userId, + actions = actions, + projectCode = projectCode, + resourceType = resourceType + ) + ) + } + + @BkApiPermission([BkApiHandleType.API_OPEN_TOKEN_CHECK]) + override fun filterUserResourcesByPermissions( + userId: String, + token: String, + type: String?, + actions: List, + projectCode: String, + resourceType: String, + resources: List + ): Result>> { + return Result( + permissionService.filterUserResourcesByActions( + userId = userId, + actions = actions, + projectCode = projectCode, + resourceType = resourceType, + resources = resources + ) + ) + } + + @BkApiPermission([BkApiHandleType.API_OPEN_TOKEN_CHECK]) + override fun getUserResourceAndParentByPermission( + userId: String, + token: String, + type: String?, + action: String, + projectCode: String, + resourceType: String + ): Result>> { + return Result( + permissionService.getUserResourceAndParentByPermission( + userId = userId, + action = action, + projectCode = projectCode, + resourceType = resourceType + ) + ) + } + + @BkApiPermission([BkApiHandleType.API_OPEN_TOKEN_CHECK]) + override fun resourceCreateRelation( + userId: String, + token: String, + type: String?, + projectCode: String, + resourceType: String, + resourceCode: String, + resourceName: String + ): Result { + return Result( + permissionExtService.resourceCreateRelation( + userId = userId, + projectCode = projectCode, + resourceType = resourceType, + resourceCode = resourceCode, + resourceName = resourceName + ) + ) + } + + @BkApiPermission([BkApiHandleType.API_OPEN_TOKEN_CHECK]) + override fun resourceModifyRelation( + token: String, + type: String?, + projectCode: String, + resourceType: String, + resourceCode: String, + resourceName: String + ): Result { + return Result( + permissionExtService.resourceModifyRelation( + projectCode = projectCode, + resourceType = resourceType, + resourceCode = resourceCode, + resourceName = resourceName + ) + ) + } + + @BkApiPermission([BkApiHandleType.API_OPEN_TOKEN_CHECK]) + override fun resourceDeleteRelation( + token: String, + type: String?, + projectCode: String, + resourceType: String, + resourceCode: String + ): Result { + return Result( + permissionExtService.resourceDeleteRelation( + projectCode = projectCode, + resourceType = resourceType, + resourceCode = resourceCode + ) + ) + } + + @BkApiPermission([BkApiHandleType.API_OPEN_TOKEN_CHECK]) + override fun resourceCancelRelation( + userId: String, + token: String, + type: String?, + projectCode: String, + resourceType: String, + resourceCode: String + ): Result { + return Result( + permissionExtService.resourceCancelRelation( + userId = userId, + projectCode = projectCode, + resourceType = resourceType, + resourceCode = resourceCode + ) + ) + } +} diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/open/OpenProjectAuthResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/open/OpenProjectAuthResourceImpl.kt new file mode 100644 index 000000000000..8b85c8c6797f --- /dev/null +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/open/OpenProjectAuthResourceImpl.kt @@ -0,0 +1,204 @@ +/* + * Tencent is pleased to support the open source community by making BK-CI 蓝鲸持续集成平台 available. + * + * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. + * + * BK-CI 蓝鲸持续集成平台 is licensed under the MIT license. + * + * A copy of the MIT License is included in this file. + * + * + * Terms of the MIT License: + * --------------------------------------------------- + * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated + * documentation files (the "Software"), to deal in the Software without restriction, including without limitation the + * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all copies or substantial portions of + * the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT + * LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN + * NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, + * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + */ + +package com.tencent.devops.auth.resources.open + +import com.tencent.devops.auth.api.open.OpenProjectAuthResource +import com.tencent.devops.auth.pojo.vo.ProjectPermissionInfoVO +import com.tencent.devops.auth.service.iam.PermissionProjectService +import com.tencent.devops.common.api.pojo.Result +import com.tencent.devops.common.auth.api.pojo.BKAuthProjectRolesResources +import com.tencent.devops.common.auth.api.pojo.BkAuthGroup +import com.tencent.devops.common.auth.api.pojo.BkAuthGroupAndUserList +import com.tencent.devops.common.web.RestResource +import com.tencent.devops.common.web.annotation.BkApiPermission +import com.tencent.devops.common.web.constant.BkApiHandleType +import org.springframework.beans.factory.annotation.Autowired + +@RestResource +class OpenProjectAuthResourceImpl @Autowired constructor( + val permissionProjectService: PermissionProjectService +) : OpenProjectAuthResource { + @BkApiPermission([BkApiHandleType.API_OPEN_TOKEN_CHECK]) + override fun getProjectUsers( + token: String, + type: String?, + projectCode: String, + group: BkAuthGroup? + ): Result> { + return Result( + permissionProjectService.getProjectUsers( + projectCode = projectCode, + group = group + ) + ) + } + + @BkApiPermission([BkApiHandleType.API_OPEN_TOKEN_CHECK]) + override fun getProjectGroupAndUserList( + token: String, + projectCode: String + ): Result> { + return Result( + permissionProjectService.getProjectGroupAndUserList(projectCode = projectCode) + ) + } + + @BkApiPermission([BkApiHandleType.API_OPEN_TOKEN_CHECK]) + override fun getUserProjects(token: String, userId: String): Result> { + return Result(permissionProjectService.getUserProjects(userId)) + } + + @BkApiPermission([BkApiHandleType.API_OPEN_TOKEN_CHECK]) + override fun getUserProjectsByPermission( + token: String, + userId: String, + action: String, + resourceType: String? + ): Result> { + return Result( + permissionProjectService.getUserProjectsByPermission( + userId = userId, + action = action, + resourceType = resourceType + ) + ) + } + + @BkApiPermission([BkApiHandleType.API_OPEN_TOKEN_CHECK]) + override fun isProjectUser( + token: String, + type: String?, + userId: String, + projectCode: String, + group: BkAuthGroup? + ): Result { + return Result( + permissionProjectService.isProjectUser( + userId = userId, + projectCode = projectCode, + group = group + ) + ) + } + + @BkApiPermission([BkApiHandleType.API_OPEN_TOKEN_CHECK]) + override fun checkUserInProjectLevelGroup( + token: String, + userId: String, + projectCode: String + ): Result { + return Result( + permissionProjectService.checkUserInProjectLevelGroup( + userId = userId, + projectCode = projectCode + ) + ) + } + + @BkApiPermission([BkApiHandleType.API_OPEN_TOKEN_CHECK]) + override fun checkManager(token: String, userId: String, projectId: String): Result { + val result = permissionProjectService.checkProjectManager(userId, projectId) || + permissionProjectService.isProjectUser(userId, projectId, BkAuthGroup.CI_MANAGER) + return Result(result) + } + + @BkApiPermission([BkApiHandleType.API_OPEN_TOKEN_CHECK]) + override fun checkProjectManager( + token: String, + type: String?, + userId: String, + projectCode: String + ): Result { + return Result( + permissionProjectService.checkProjectManager( + userId = userId, + projectCode = projectCode + ) + ) + } + + @BkApiPermission([BkApiHandleType.API_OPEN_TOKEN_CHECK]) + override fun createProjectUser( + token: String, + userId: String, + projectCode: String, + role: String + ): Result { + return Result( + permissionProjectService.createProjectUser( + userId = userId, + projectCode = projectCode, + roleCode = role + ) + ) + } + + @BkApiPermission([BkApiHandleType.API_OPEN_TOKEN_CHECK]) + override fun batchCreateProjectUser( + token: String, + userId: String, + projectCode: String, + roleCode: String, + members: List + ): Result { + return Result( + permissionProjectService.batchCreateProjectUser( + userId = userId, + projectCode = projectCode, + roleCode = roleCode, + members = members + ) + ) + } + + @BkApiPermission([BkApiHandleType.API_OPEN_TOKEN_CHECK]) + override fun getProjectRoles( + token: String, + projectCode: String, + projectId: String + ): Result> { + return Result( + permissionProjectService.getProjectRoles( + projectCode = projectCode, + projectId = projectId + ) + ) + } + + @BkApiPermission([BkApiHandleType.API_OPEN_TOKEN_CHECK]) + override fun getProjectPermissionInfo( + token: String, + projectCode: String + ): Result { + return Result( + permissionProjectService.getProjectPermissionInfo( + projectCode = projectCode + ) + ) + } +} diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/open/OpenResourceMemberResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/open/OpenResourceMemberResourceImpl.kt new file mode 100644 index 000000000000..36d0953e3883 --- /dev/null +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/open/OpenResourceMemberResourceImpl.kt @@ -0,0 +1,112 @@ +package com.tencent.devops.auth.resources.open + +import com.tencent.devops.auth.api.open.OpenResourceMemberResource +import com.tencent.devops.auth.service.iam.PermissionResourceMemberService +import com.tencent.devops.common.api.pojo.Result +import com.tencent.devops.common.auth.api.pojo.BkAuthGroup +import com.tencent.devops.common.auth.api.pojo.BkAuthGroupAndUserList +import com.tencent.devops.common.web.RestResource +import com.tencent.devops.common.web.annotation.BkApiPermission +import com.tencent.devops.common.web.constant.BkApiHandleType +import com.tencent.devops.project.pojo.ProjectCreateUserInfo +import com.tencent.devops.project.pojo.ProjectDeleteUserInfo +import java.util.concurrent.TimeUnit + +@RestResource +class OpenResourceMemberResourceImpl( + private val permissionResourceMemberService: PermissionResourceMemberService +) : OpenResourceMemberResource { + @BkApiPermission([BkApiHandleType.API_OPEN_TOKEN_CHECK]) + override fun getResourceGroupMembers( + token: String, + projectCode: String, + resourceType: String, + resourceCode: String, + group: BkAuthGroup? + ): Result> { + return Result( + permissionResourceMemberService.getResourceGroupMembers( + projectCode = projectCode, + resourceType = resourceType, + resourceCode = resourceCode, + group = group + ) + ) + } + + @BkApiPermission([BkApiHandleType.API_OPEN_TOKEN_CHECK]) + override fun getResourceGroupAndMembers( + token: String, + projectCode: String, + resourceType: String, + resourceCode: String + ): Result> { + return Result( + permissionResourceMemberService.getResourceGroupAndMembers( + projectCode = projectCode, + resourceType = resourceType, + resourceCode = resourceCode + ) + ) + } + + @BkApiPermission([BkApiHandleType.API_OPEN_TOKEN_CHECK]) + override fun batchAddResourceGroupMembers( + token: String, + projectCode: String, + projectCreateUserInfo: ProjectCreateUserInfo + ): Result { + with(projectCreateUserInfo) { + val expiredTime = System.currentTimeMillis() / 1000 + TimeUnit.DAYS.toSeconds(365L) + return Result( + permissionResourceMemberService.batchAddResourceGroupMembers( + projectCode = projectCode, + iamGroupId = getIamGroupId( + groupId = groupId, + projectCode = projectCode, + roleName = roleName, + roleId = roleId + ), + expiredTime = expiredTime, + members = userIds, + departments = deptIds + ) + ) + } + } + + @BkApiPermission([BkApiHandleType.API_OPEN_TOKEN_CHECK]) + override fun batchDeleteResourceGroupMembers( + token: String, + projectCode: String, + projectDeleteUserInfo: ProjectDeleteUserInfo + ): Result { + with(projectDeleteUserInfo) { + return Result( + permissionResourceMemberService.batchDeleteResourceGroupMembers( + projectCode = projectCode, + iamGroupId = getIamGroupId( + groupId = groupId, + projectCode = projectCode, + roleName = roleName, + roleId = roleId + ), + members = userIds, + departments = deptIds + ) + ) + } + } + + private fun getIamGroupId( + groupId: Int?, + projectCode: String, + roleName: String?, + roleId: Int? + ): Int { + return groupId ?: permissionResourceMemberService.roleCodeToIamGroupId( + projectCode = projectCode, + roleCode = roleName ?: BkAuthGroup.getByRoleId(roleId!!).value + ) + } +} diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/ServiceAuthResourceCallBackResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/service/ServiceAuthResourceCallBackResourceImpl.kt similarity index 98% rename from src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/ServiceAuthResourceCallBackResourceImpl.kt rename to src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/service/ServiceAuthResourceCallBackResourceImpl.kt index 48ef616ce6e9..55bed829a210 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/ServiceAuthResourceCallBackResourceImpl.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/service/ServiceAuthResourceCallBackResourceImpl.kt @@ -26,7 +26,7 @@ * */ -package com.tencent.devops.auth.resources +package com.tencent.devops.auth.resources.service import com.tencent.bk.sdk.iam.dto.callback.request.CallbackRequestDTO import com.tencent.bk.sdk.iam.dto.callback.response.CallbackBaseResponseDTO diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/service/ServiceGroupStrategyResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/service/ServiceGroupStrategyResourceImpl.kt deleted file mode 100644 index 1f76b72900e7..000000000000 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/service/ServiceGroupStrategyResourceImpl.kt +++ /dev/null @@ -1,43 +0,0 @@ -/* - * Tencent is pleased to support the open source community by making BK-CI 蓝鲸持续集成平台 available. - * - * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. - * - * BK-CI 蓝鲸持续集成平台 is licensed under the MIT license. - * - * A copy of the MIT License is included in this file. - * - * - * Terms of the MIT License: - * --------------------------------------------------- - * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated - * documentation files (the "Software"), to deal in the Software without restriction, including without limitation the - * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to - * permit persons to whom the Software is furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in all copies or substantial portions of - * the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT - * LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN - * NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, - * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE - * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - */ - -package com.tencent.devops.auth.resources.service - -import com.tencent.devops.auth.api.service.ServiceGroupStrategyResource -import com.tencent.devops.auth.pojo.StrategyEntity -import com.tencent.devops.auth.service.StrategyService -import com.tencent.devops.common.web.RestResource -import org.springframework.beans.factory.annotation.Autowired - -@RestResource -class ServiceGroupStrategyResourceImpl @Autowired constructor( - private val strategyService: StrategyService -) : ServiceGroupStrategyResource { - override fun getGroupStrategy(): List { - return strategyService.listStrategy() - } -} diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/ServiceManagerApprovalResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/service/ServiceManagerApprovalResourceImpl.kt similarity index 98% rename from src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/ServiceManagerApprovalResourceImpl.kt rename to src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/service/ServiceManagerApprovalResourceImpl.kt index 7e629317eb5f..b1a6b52309f0 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/ServiceManagerApprovalResourceImpl.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/service/ServiceManagerApprovalResourceImpl.kt @@ -25,7 +25,7 @@ * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ -package com.tencent.devops.auth.resources +package com.tencent.devops.auth.resources.service import com.tencent.devops.auth.api.manager.ServiceManagerApprovalResource import com.tencent.devops.auth.pojo.enum.ApprovalType diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/service/ServiceManagerResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/service/ServiceManagerResourceImpl.kt deleted file mode 100644 index 9ecb56fb985f..000000000000 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/service/ServiceManagerResourceImpl.kt +++ /dev/null @@ -1,57 +0,0 @@ -/* - * Tencent is pleased to support the open source community by making BK-CI 蓝鲸持续集成平台 available. - * - * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. - * - * BK-CI 蓝鲸持续集成平台 is licensed under the MIT license. - * - * A copy of the MIT License is included in this file. - * - * - * Terms of the MIT License: - * --------------------------------------------------- - * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated - * documentation files (the "Software"), to deal in the Software without restriction, including without limitation the - * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to - * permit persons to whom the Software is furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in all copies or substantial portions of - * the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT - * LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN - * NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, - * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE - * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - */ - -package com.tencent.devops.auth.resources.service - -import com.tencent.devops.auth.api.service.ServiceManagerResource -import com.tencent.devops.auth.service.SuperManagerService -import com.tencent.devops.common.api.pojo.Result -import com.tencent.devops.common.web.RestResource -import com.tencent.devops.common.web.annotation.BkApiPermission -import com.tencent.devops.common.web.constant.BkApiHandleType -import org.springframework.beans.factory.annotation.Autowired - -@RestResource -class ServiceManagerResourceImpl @Autowired constructor( - val superManagerService: SuperManagerService -) : ServiceManagerResource { - @BkApiPermission([BkApiHandleType.API_OPEN_TOKEN_CHECK]) - override fun validateManagerPermission( - userId: String, - token: String, - projectCode: String, - action: String, - resourceCode: String - ): Result { - return Result(superManagerService.projectManagerCheck( - userId = userId, - projectCode = projectCode, - action = action, - resourceType = resourceCode - )) - } -} diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/ServiceManagerUserResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/service/ServiceManagerUserResourceImpl.kt similarity index 97% rename from src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/ServiceManagerUserResourceImpl.kt rename to src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/service/ServiceManagerUserResourceImpl.kt index fb88a0d1791f..27b7ef299e21 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/ServiceManagerUserResourceImpl.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/service/ServiceManagerUserResourceImpl.kt @@ -25,7 +25,7 @@ * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ -package com.tencent.devops.auth.resources +package com.tencent.devops.auth.resources.service import com.tencent.devops.auth.api.manager.ServiceManagerUserResource import com.tencent.devops.auth.pojo.UserPermissionInfo diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/ServiceMonitorSpaceResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/service/ServiceMonitorSpaceResourceImpl.kt similarity index 98% rename from src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/ServiceMonitorSpaceResourceImpl.kt rename to src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/service/ServiceMonitorSpaceResourceImpl.kt index 194e40946ab2..763b09e70b29 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/ServiceMonitorSpaceResourceImpl.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/service/ServiceMonitorSpaceResourceImpl.kt @@ -25,7 +25,7 @@ * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ -package com.tencent.devops.auth.resources +package com.tencent.devops.auth.resources.service import com.tencent.devops.auth.api.service.ServiceMonitorSpaceResource import com.tencent.devops.auth.service.AuthMonitorSpaceService diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/service/ServicePermissionAuthResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/service/ServicePermissionAuthResourceImpl.kt index 0772fa5cfb7f..24eb78b3c4e6 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/service/ServicePermissionAuthResourceImpl.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/service/ServicePermissionAuthResourceImpl.kt @@ -28,9 +28,7 @@ package com.tencent.devops.auth.resources.service import com.tencent.devops.auth.api.service.ServicePermissionAuthResource -import com.tencent.devops.auth.pojo.dto.GrantInstanceDTO import com.tencent.devops.auth.service.iam.PermissionExtService -import com.tencent.devops.auth.service.iam.PermissionGrantService import com.tencent.devops.auth.service.iam.PermissionService import com.tencent.devops.common.api.pojo.Result import com.tencent.devops.common.auth.api.AuthPermission @@ -43,8 +41,7 @@ import org.springframework.beans.factory.annotation.Autowired @RestResource class ServicePermissionAuthResourceImpl @Autowired constructor( val permissionService: PermissionService, - val permissionExtService: PermissionExtService, - val permissionGrantService: PermissionGrantService + val permissionExtService: PermissionExtService ) : ServicePermissionAuthResource { @BkApiPermission([BkApiHandleType.API_OPEN_TOKEN_CHECK]) @@ -293,19 +290,4 @@ class ServicePermissionAuthResourceImpl @Autowired constructor( ) ) } - - @BkApiPermission([BkApiHandleType.API_OPEN_TOKEN_CHECK]) - override fun grantInstancePermission( - userId: String, - token: String, - projectCode: String, - grantInstance: GrantInstanceDTO - ): Result { - return Result( - permissionGrantService.grantInstancePermission( - projectId = projectCode, - grantInfo = grantInstance - ) - ) - } } diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/service/ServiceResourceGroupResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/service/ServiceResourceGroupResourceImpl.kt index f336c2275ff8..cea4a8350a87 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/service/ServiceResourceGroupResourceImpl.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/service/ServiceResourceGroupResourceImpl.kt @@ -3,9 +3,12 @@ package com.tencent.devops.auth.resources.service import com.tencent.devops.auth.api.service.ServiceResourceGroupResource import com.tencent.devops.auth.pojo.dto.GroupAddDTO import com.tencent.devops.auth.pojo.request.CustomGroupCreateReq +import com.tencent.devops.auth.pojo.vo.GroupDetailsInfoVo import com.tencent.devops.auth.pojo.vo.GroupPermissionDetailVo +import com.tencent.devops.auth.service.iam.PermissionResourceGroupAndMemberFacadeService import com.tencent.devops.auth.service.iam.PermissionResourceGroupPermissionService import com.tencent.devops.auth.service.iam.PermissionResourceGroupService +import com.tencent.devops.common.api.model.SQLPage import com.tencent.devops.common.api.pojo.Result import com.tencent.devops.common.auth.api.pojo.BkAuthGroup import com.tencent.devops.common.web.RestResource @@ -13,7 +16,8 @@ import com.tencent.devops.common.web.RestResource @RestResource class ServiceResourceGroupResourceImpl( val permissionResourceGroupService: PermissionResourceGroupService, - val resourceGroupPermissionService: PermissionResourceGroupPermissionService + val resourceGroupPermissionService: PermissionResourceGroupPermissionService, + val resourceGroupAndMemberFacadeService: PermissionResourceGroupAndMemberFacadeService ) : ServiceResourceGroupResource { override fun getGroupPermissionDetail( projectCode: String, @@ -26,6 +30,37 @@ class ServiceResourceGroupResourceImpl( ) } + override fun getMemberGroupsDetails( + userId: String, + projectCode: String, + resourceType: String, + memberId: String, + groupName: String?, + minExpiredAt: Long?, + maxExpiredAt: Long?, + relatedResourceType: String?, + relatedResourceCode: String?, + action: String?, + start: Int?, + limit: Int? + ): Result> { + return Result( + resourceGroupAndMemberFacadeService.getMemberGroupsDetails( + projectId = projectCode, + resourceType = resourceType, + memberId = memberId, + groupName = groupName, + minExpiredAt = minExpiredAt, + maxExpiredAt = maxExpiredAt, + relatedResourceType = relatedResourceType, + relatedResourceCode = relatedResourceCode, + action = action, + start = start, + limit = limit + ) + ) + } + override fun createGroupByGroupCode( projectCode: String, resourceType: String, diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/service/ServiceResourceMemberResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/service/ServiceResourceMemberResourceImpl.kt index c9946730b02b..02c0636974ff 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/service/ServiceResourceMemberResourceImpl.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/service/ServiceResourceMemberResourceImpl.kt @@ -1,6 +1,7 @@ package com.tencent.devops.auth.resources.service import com.tencent.devops.auth.api.service.ServiceResourceMemberResource +import com.tencent.devops.auth.pojo.request.GroupMemberSingleRenewalReq import com.tencent.devops.auth.service.iam.PermissionResourceMemberService import com.tencent.devops.common.api.pojo.Result import com.tencent.devops.common.auth.api.pojo.BkAuthGroup @@ -98,6 +99,22 @@ class ServiceResourceMemberResourceImpl constructor( } } + @BkApiPermission([BkApiHandleType.API_OPEN_TOKEN_CHECK]) + override fun renewalGroupMember( + token: String, + userId: String, + projectCode: String, + renewalConditionReq: GroupMemberSingleRenewalReq + ): Result { + return Result( + permissionResourceMemberService.renewalGroupMember( + userId = userId, + projectCode = projectCode, + renewalConditionReq = renewalConditionReq + ) + ) + } + private fun getIamGroupId( groupId: Int?, projectCode: String, diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserAuthApplyResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/user/UserAuthApplyResourceImpl.kt similarity index 98% rename from src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserAuthApplyResourceImpl.kt rename to src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/user/UserAuthApplyResourceImpl.kt index 69fa55a46773..10c63c3c4c37 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserAuthApplyResourceImpl.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/user/UserAuthApplyResourceImpl.kt @@ -1,4 +1,4 @@ -package com.tencent.devops.auth.resources +package com.tencent.devops.auth.resources.user import com.tencent.devops.auth.api.user.UserAuthApplyResource import com.tencent.devops.auth.pojo.ApplyJoinGroupInfo diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserAuthAuthorizationResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/user/UserAuthAuthorizationResourceImpl.kt similarity index 98% rename from src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserAuthAuthorizationResourceImpl.kt rename to src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/user/UserAuthAuthorizationResourceImpl.kt index a184fd8cf63e..e4c5ed68aa46 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserAuthAuthorizationResourceImpl.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/user/UserAuthAuthorizationResourceImpl.kt @@ -1,4 +1,4 @@ -package com.tencent.devops.auth.resources +package com.tencent.devops.auth.resources.user import com.tencent.devops.auth.api.user.UserAuthAuthorizationResource import com.tencent.devops.auth.pojo.vo.ResourceTypeInfoVo diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserAuthItsmCallbackResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/user/UserAuthItsmCallbackResourceImpl.kt similarity index 98% rename from src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserAuthItsmCallbackResourceImpl.kt rename to src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/user/UserAuthItsmCallbackResourceImpl.kt index c55888d8d7e6..1104942b8420 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserAuthItsmCallbackResourceImpl.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/user/UserAuthItsmCallbackResourceImpl.kt @@ -26,7 +26,7 @@ * */ -package com.tencent.devops.auth.resources +package com.tencent.devops.auth.resources.user import com.tencent.devops.auth.api.user.UserAuthItsmCallbackResource import com.tencent.devops.auth.dao.AuthItsmCallbackDao diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserAuthPermissionResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/user/UserAuthPermissionResourceImpl.kt similarity index 96% rename from src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserAuthPermissionResourceImpl.kt rename to src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/user/UserAuthPermissionResourceImpl.kt index 16f15f2ac5c8..a9aa3d540af1 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserAuthPermissionResourceImpl.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/user/UserAuthPermissionResourceImpl.kt @@ -1,4 +1,4 @@ -package com.tencent.devops.auth.resources +package com.tencent.devops.auth.resources.user import com.tencent.devops.auth.api.user.UserAuthPermissionResource import com.tencent.devops.auth.pojo.dto.PermissionBatchValidateDTO diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserAuthResourceGroupResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/user/UserAuthResourceGroupResourceImpl.kt similarity index 99% rename from src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserAuthResourceGroupResourceImpl.kt rename to src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/user/UserAuthResourceGroupResourceImpl.kt index a49c03275035..4c99458fb86f 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserAuthResourceGroupResourceImpl.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/user/UserAuthResourceGroupResourceImpl.kt @@ -26,7 +26,7 @@ * */ -package com.tencent.devops.auth.resources +package com.tencent.devops.auth.resources.user import com.tencent.bk.sdk.iam.constants.ManagerScopesEnum import com.tencent.devops.auth.api.user.UserAuthResourceGroupResource diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserAuthResourceGroupSyncResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/user/UserAuthResourceGroupSyncResourceImpl.kt similarity index 98% rename from src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserAuthResourceGroupSyncResourceImpl.kt rename to src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/user/UserAuthResourceGroupSyncResourceImpl.kt index 4a98618ce510..46240f0f3576 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserAuthResourceGroupSyncResourceImpl.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/user/UserAuthResourceGroupSyncResourceImpl.kt @@ -25,7 +25,7 @@ * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ -package com.tencent.devops.auth.resources +package com.tencent.devops.auth.resources.user import com.tencent.devops.auth.api.user.UserAuthResourceGroupSyncResource import com.tencent.devops.auth.pojo.enum.AuthMigrateStatus @@ -40,7 +40,6 @@ class UserAuthResourceGroupSyncResourceImpl @Autowired constructor( private val permissionResourceGroupSyncService: PermissionResourceGroupSyncService, private val permissionResourceGroupPermissionService: PermissionResourceGroupPermissionService ) : UserAuthResourceGroupSyncResource { - override fun syncGroupAndMember(userId: String, projectId: String): Result { permissionResourceGroupSyncService.syncGroupAndMember(projectId) return Result(true) diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserAuthResourceMemberResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/user/UserAuthResourceMemberResourceImpl.kt similarity index 99% rename from src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserAuthResourceMemberResourceImpl.kt rename to src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/user/UserAuthResourceMemberResourceImpl.kt index 4672c1c64ea3..bd76fea6919b 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserAuthResourceMemberResourceImpl.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/user/UserAuthResourceMemberResourceImpl.kt @@ -1,4 +1,4 @@ -package com.tencent.devops.auth.resources +package com.tencent.devops.auth.resources.user import com.tencent.devops.auth.api.user.UserAuthResourceMemberResource import com.tencent.devops.auth.pojo.ResourceMemberInfo diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserAuthResourceResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/user/UserAuthResourceResourceImpl.kt similarity index 99% rename from src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserAuthResourceResourceImpl.kt rename to src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/user/UserAuthResourceResourceImpl.kt index 5ee46656fe52..7df892506cc1 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserAuthResourceResourceImpl.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/user/UserAuthResourceResourceImpl.kt @@ -26,7 +26,7 @@ * */ -package com.tencent.devops.auth.resources +package com.tencent.devops.auth.resources.user import com.tencent.devops.auth.api.user.UserAuthResourceResource import com.tencent.devops.auth.pojo.AuthResourceInfo diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserManagerUserResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/user/UserManagerUserResourceImpl.kt similarity index 97% rename from src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserManagerUserResourceImpl.kt rename to src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/user/UserManagerUserResourceImpl.kt index 53b41873b996..f8d999bc42b4 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserManagerUserResourceImpl.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/user/UserManagerUserResourceImpl.kt @@ -25,7 +25,7 @@ * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ -package com.tencent.devops.auth.resources +package com.tencent.devops.auth.resources.user import com.tencent.devops.auth.api.manager.UserManagerUserResource import com.tencent.devops.auth.service.ManagerUserService diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserMonitorSpaceResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/user/UserMonitorSpaceResourceImpl.kt similarity index 97% rename from src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserMonitorSpaceResourceImpl.kt rename to src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/user/UserMonitorSpaceResourceImpl.kt index 62803cfb6eb3..d7e01441fcf8 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserMonitorSpaceResourceImpl.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/user/UserMonitorSpaceResourceImpl.kt @@ -25,7 +25,7 @@ * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ -package com.tencent.devops.auth.resources +package com.tencent.devops.auth.resources.user import com.tencent.devops.auth.api.user.UserMonitorSpaceResource import com.tencent.devops.auth.service.AuthMonitorSpaceService diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserAuthUrlResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/user/UserProjectMemberResourceImpl.kt similarity index 70% rename from src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserAuthUrlResourceImpl.kt rename to src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/user/UserProjectMemberResourceImpl.kt index 15fddef4fc7f..8b52a40e8628 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserAuthUrlResourceImpl.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/user/UserProjectMemberResourceImpl.kt @@ -25,24 +25,22 @@ * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ -package com.tencent.devops.auth.resources +package com.tencent.devops.auth.resources.user -import com.tencent.devops.auth.api.user.UserAuthUrlResource -import com.tencent.devops.auth.pojo.PermissionUrlDTO -import com.tencent.devops.auth.service.iam.PermissionUrlService +import com.tencent.devops.auth.api.user.UserProjectMemberResource +import com.tencent.devops.auth.service.iam.PermissionProjectService import com.tencent.devops.common.api.pojo.Result +import com.tencent.devops.common.auth.api.pojo.BkAuthGroup import com.tencent.devops.common.web.RestResource import org.springframework.beans.factory.annotation.Autowired @RestResource -class UserAuthUrlResourceImpl @Autowired constructor( - val urlService: PermissionUrlService -) : UserAuthUrlResource { - override fun permissionUrl(permissionUrlDTO: List): Result { - return urlService.getPermissionUrl(permissionUrlDTO) - } - - override fun getRolePermissionUrl(projectId: String, roleId: String?): Result { - return Result(urlService.getRolePermissionUrl(projectId, roleId)) +class UserProjectMemberResourceImpl @Autowired constructor( + val permissionProjectService: PermissionProjectService +) : UserProjectMemberResource { + override fun checkManager(userId: String, projectId: String): Result { + val result = permissionProjectService.checkProjectManager(userId, projectId) || + permissionProjectService.isProjectUser(userId, projectId, BkAuthGroup.CI_MANAGER) + return Result(result) } } diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserThirdLoginResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/user/UserThirdLoginResourceImpl.kt similarity index 97% rename from src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserThirdLoginResourceImpl.kt rename to src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/user/UserThirdLoginResourceImpl.kt index 02dfe4a015a4..58c58d0a2297 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserThirdLoginResourceImpl.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/user/UserThirdLoginResourceImpl.kt @@ -25,7 +25,7 @@ * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ -package com.tencent.devops.auth.resources +package com.tencent.devops.auth.resources.user import com.tencent.devops.auth.api.login.UserThirdLoginResource import com.tencent.devops.auth.service.ThirdLoginService diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserTokenResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/user/UserTokenResourceImpl.kt similarity index 97% rename from src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserTokenResourceImpl.kt rename to src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/user/UserTokenResourceImpl.kt index f5bea0b2c961..6bc3e14768ac 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserTokenResourceImpl.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/user/UserTokenResourceImpl.kt @@ -25,7 +25,7 @@ * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ -package com.tencent.devops.auth.resources +package com.tencent.devops.auth.resources.user import com.tencent.devops.auth.api.user.UserTokenResource import com.tencent.devops.auth.pojo.TokenInfo diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/AuthGroupService.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/AuthGroupService.kt deleted file mode 100644 index 7e778946edb6..000000000000 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/AuthGroupService.kt +++ /dev/null @@ -1,185 +0,0 @@ -/* - * Tencent is pleased to support the open source community by making BK-CI 蓝鲸持续集成平台 available. - * - * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. - * - * BK-CI 蓝鲸持续集成平台 is licensed under the MIT license. - * - * A copy of the MIT License is included in this file. - * - * - * Terms of the MIT License: - * --------------------------------------------------- - * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated - * documentation files (the "Software"), to deal in the Software without restriction, including without limitation the - * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to - * permit persons to whom the Software is furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in all copies or substantial portions of - * the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT - * LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN - * NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, - * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE - * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - */ - -package com.tencent.devops.auth.service - -import com.tencent.devops.auth.constant.AuthMessageCode -import com.tencent.devops.auth.dao.AuthGroupDao -import com.tencent.devops.auth.entity.GroupCreateInfo -import com.tencent.devops.auth.pojo.dto.GroupDTO -import com.tencent.devops.auth.pojo.dto.ProjectRoleDTO -import com.tencent.devops.common.api.exception.OperationException -import com.tencent.devops.common.api.exception.ParamBlankException -import com.tencent.devops.common.api.pojo.Result -import com.tencent.devops.common.auth.api.pojo.DefaultGroupType -import com.tencent.devops.common.web.utils.I18nUtil -import com.tencent.devops.model.auth.tables.records.TAuthGroupInfoRecord -import org.jooq.DSLContext -import org.slf4j.LoggerFactory -import org.springframework.beans.factory.annotation.Autowired -import org.springframework.stereotype.Service - -@Service -class AuthGroupService @Autowired constructor( - val dslContext: DSLContext, - val groupDao: AuthGroupDao -) { - fun createGroup( - userId: String, - projectCode: String, - groupInfo: GroupDTO - ): Int { - logger.info("createGroup : userId = $userId| projectCode = $projectCode | groupInfo = $groupInfo") - val groupRecord = groupDao.getGroup( - dslContext = dslContext, - projectCode = projectCode, - groupCode = groupInfo.groupCode - ) - if (groupRecord != null) { - // 项目下分组已存在,不能重复创建 - logger.warn( - "group is exsit, don't create repeatedly : userId = $userId | " + - "projectCode = $projectCode | groupInfo = $groupInfo " - ) - throw OperationException( - I18nUtil.getCodeLanMessage( - messageCode = AuthMessageCode.GROUP_EXIST, - language = I18nUtil.getLanguage(userId) - ) - ) - } - val groupCreateInfo = GroupCreateInfo( - groupCode = groupInfo.groupCode, - groupType = groupInfo.groupType, - groupName = groupInfo.groupName, - projectCode = projectCode, - relationId = groupInfo.relationId, - displayName = groupInfo.displayName, - user = userId - ) - return groupDao.createGroup(dslContext, groupCreateInfo) - } - - fun batchCreate( - userId: String, - projectCode: String, - groupInfos: List - ): Result { - val groupCodes = groupInfos.map { it.groupCode } - val groupRecord = groupDao.getGroupByCodes( - dslContext = dslContext, - projectCode = projectCode, - groupCodes = groupCodes - ) - if (groupRecord.isNotEmpty) { - // 项目下分组已存在,不能重复创建 - logger.warn( - "group is exsit, don't create repeatedly : userId = $userId | " + - "projectCode = $projectCode | groupInfo = $groupCodes " - ) - throw OperationException( - I18nUtil.getCodeLanMessage(AuthMessageCode.GROUP_EXIST, language = I18nUtil.getLanguage(userId)) - ) - } - val groupCreateInfos = mutableListOf() - groupInfos.forEach { - val groupCreateInfo = GroupCreateInfo( - groupCode = it.groupCode, - groupType = it.groupType, - groupName = it.groupName, - projectCode = projectCode, - relationId = it.relationId, - displayName = it.displayName, - user = userId - ) - groupCreateInfos.add(groupCreateInfo) - } - groupDao.batchCreateGroups(dslContext, groupCreateInfos) - return Result(true) - } - - fun updateGroupName(userId: String, groupId: Int, groupInfo: ProjectRoleDTO): Int { - val groupEntity = groupDao.getGroupById(dslContext, groupId) - ?: throw ParamBlankException("group not exist : groupId = $groupId") - - if (DefaultGroupType.contains(groupEntity.groupCode)) { - throw ParamBlankException(AuthMessageCode.DEFAULT_GROUP_UPDATE_NAME_ERROR) - } - - return groupDao.update( - dslContext, - groupEntity.id, - groupInfo.name, - groupInfo.displayName ?: groupInfo.name, - userId - ) - } - - fun getGroupCode(groupId: Int): TAuthGroupInfoRecord? { - return groupDao.getGroupById(dslContext, groupId) - } - - fun getGroupByName(projectCode: String, groupName: String): TAuthGroupInfoRecord? { - return groupDao.getGroupByName(dslContext, projectCode, groupName) - } - - fun getGroupByCode(projectCode: String, groupCode: String): TAuthGroupInfoRecord? { - return groupDao.getGroup(dslContext, projectCode, groupCode) - } - - fun getGroupByProject(projectCode: String): List? { - return groupDao.getGroupByProject(dslContext, projectCode) - } - - fun bindRelationId(id: Int, relationId: String): Int { - return groupDao.updateRelationId(dslContext, id, relationId) - } - - fun getRelationId(roleId: Int): String? { - val groupInfo = groupDao.getRelationId(dslContext, roleId) ?: return null - return groupInfo.relationId!! - } - - fun deleteGroup(id: Int, softDelete: Boolean? = true) { - if (softDelete!!) { - groupDao.softDelete(dslContext, id) - } else { - groupDao.deleteRole(dslContext, id) - } - } - - fun getGroupByRelationIds(relationIds: List): List { - return groupDao.getGroupByRelationIds( - dslContext = dslContext, - relationIds = relationIds - ) - } - - companion object { - private val logger = LoggerFactory.getLogger(AuthGroupService::class.java) - } -} diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/GroupPermissionService.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/GroupPermissionService.kt deleted file mode 100644 index 726d37247964..000000000000 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/GroupPermissionService.kt +++ /dev/null @@ -1,49 +0,0 @@ -/* - * Tencent is pleased to support the open source community by making BK-CI 蓝鲸持续集成平台 available. - * - * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. - * - * BK-CI 蓝鲸持续集成平台 is licensed under the MIT license. - * - * A copy of the MIT License is included in this file. - * - * - * Terms of the MIT License: - * --------------------------------------------------- - * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated - * documentation files (the "Software"), to deal in the Software without restriction, including without limitation the - * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to - * permit persons to whom the Software is furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in all copies or substantial portions of - * the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT - * LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN - * NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, - * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE - * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - */ - -package com.tencent.devops.auth.service - -import com.tencent.devops.auth.dao.AuthGroupPermissionDao -import org.jooq.DSLContext -import org.springframework.beans.factory.annotation.Autowired -import org.springframework.stereotype.Service - -@Service -class GroupPermissionService @Autowired constructor( - val dslContext: DSLContext, - val groupPermissionDao: AuthGroupPermissionDao -) { - - fun getPermissionByGroupCode(groupCode: String): List? { - val permissionRecord = groupPermissionDao.getByGroupCode(dslContext, groupCode) - var permissionList = mutableListOf() - if (permissionRecord != null) { - permissionList = permissionRecord.map { it.authAction } - } - return permissionList - } -} diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/GroupUserService.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/GroupUserService.kt deleted file mode 100644 index 81a5a3fb12a9..000000000000 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/GroupUserService.kt +++ /dev/null @@ -1,82 +0,0 @@ -/* - * Tencent is pleased to support the open source community by making BK-CI 蓝鲸持续集成平台 available. - * - * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. - * - * BK-CI 蓝鲸持续集成平台 is licensed under the MIT license. - * - * A copy of the MIT License is included in this file. - * - * - * Terms of the MIT License: - * --------------------------------------------------- - * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated - * documentation files (the "Software"), to deal in the Software without restriction, including without limitation the - * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to - * permit persons to whom the Software is furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in all copies or substantial portions of - * the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT - * LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN - * NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, - * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE - * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - */ - -package com.tencent.devops.auth.service - -import com.tencent.devops.auth.constant.AuthMessageCode -import com.tencent.devops.auth.dao.AuthGroupUserDao -import com.tencent.devops.common.api.exception.OperationException -import com.tencent.devops.common.api.pojo.Result -import com.tencent.devops.common.web.utils.I18nUtil -import org.jooq.DSLContext -import org.slf4j.LoggerFactory -import org.springframework.beans.factory.annotation.Autowired -import org.springframework.stereotype.Service - -@Service -class GroupUserService @Autowired constructor( - val dslContext: DSLContext, - val authGroupService: AuthGroupService, - val groupUserDao: AuthGroupUserDao -) { - fun addUser2Group(userId: String, groupId: Int): Result { - logger.info("addUser2Group |$userId| $groupId") - val groupUserRecord = groupUserDao.get( - dslContext = dslContext, - userId = userId, - groupId = groupId.toString() - ) - if (groupUserRecord != null) { - logger.warn("addUser2Group user $userId already in this group $groupId") - throw OperationException( - I18nUtil.getCodeLanMessage( - AuthMessageCode.GROUP_USER_ALREADY_EXIST, - language = I18nUtil.getLanguage(userId) - ) - ) - } - val groupRecord = authGroupService.getGroupCode(groupId) - - if (groupRecord == null) { - logger.warn("addUser2Group group $groupId is not exist") - throw OperationException( - I18nUtil.getCodeLanMessage(AuthMessageCode.GROUP_NOT_EXIST, language = I18nUtil.getLanguage(userId)) - ) - } - // 添加用户至用户组 - groupUserDao.create( - dslContext = dslContext, - userId = userId, - groupId = groupId.toString() - ) - return Result(true) - } - - companion object { - private val logger = LoggerFactory.getLogger(GroupUserService::class.java) - } -} diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/iam/PermissionGradeService.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/iam/PermissionGradeService.kt deleted file mode 100644 index 7196c76544ee..000000000000 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/iam/PermissionGradeService.kt +++ /dev/null @@ -1,33 +0,0 @@ -/* - * Tencent is pleased to support the open source community by making BK-CI 蓝鲸持续集成平台 available. - * - * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. - * - * BK-CI 蓝鲸持续集成平台 is licensed under the MIT license. - * - * A copy of the MIT License is included in this file. - * - * - * Terms of the MIT License: - * --------------------------------------------------- - * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated - * documentation files (the "Software"), to deal in the Software without restriction, including without limitation the - * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to - * permit persons to whom the Software is furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in all copies or substantial portions of - * the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT - * LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN - * NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, - * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE - * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - * - */ - -package com.tencent.devops.auth.service.iam - -interface PermissionGradeService { - fun checkGradeManagerUser(userId: String, projectId: Int) -} diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/iam/PermissionGrantService.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/iam/PermissionGrantService.kt deleted file mode 100644 index 3c9a3304b282..000000000000 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/iam/PermissionGrantService.kt +++ /dev/null @@ -1,10 +0,0 @@ -package com.tencent.devops.auth.service.iam - -import com.tencent.devops.auth.pojo.dto.GrantInstanceDTO - -interface PermissionGrantService { - fun grantInstancePermission( - projectId: String, - grantInfo: GrantInstanceDTO - ): Boolean -} diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/iam/PermissionRoleMemberService.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/iam/PermissionRoleMemberService.kt deleted file mode 100644 index 9c1f7bcdee12..000000000000 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/iam/PermissionRoleMemberService.kt +++ /dev/null @@ -1,61 +0,0 @@ -/* - * Tencent is pleased to support the open source community by making BK-CI 蓝鲸持续集成平台 available. - * - * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. - * - * BK-CI 蓝鲸持续集成平台 is licensed under the MIT license. - * - * A copy of the MIT License is included in this file. - * - * - * Terms of the MIT License: - * --------------------------------------------------- - * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated - * documentation files (the "Software"), to deal in the Software without restriction, including without limitation the - * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to - * permit persons to whom the Software is furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in all copies or substantial portions of - * the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT - * LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN - * NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, - * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE - * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - * - */ - -package com.tencent.devops.auth.service.iam - -import com.tencent.bk.sdk.iam.constants.ManagerScopesEnum -import com.tencent.bk.sdk.iam.dto.manager.ManagerRoleGroupInfo -import com.tencent.bk.sdk.iam.dto.manager.vo.ManagerGroupMemberVo -import com.tencent.devops.auth.pojo.dto.RoleMemberDTO -import com.tencent.devops.auth.pojo.vo.ProjectMembersVO - -interface PermissionRoleMemberService { - fun createRoleMember( - userId: String, - projectId: Int, - roleId: Int, - members: List, - managerGroup: Boolean, - checkAGradeManager: Boolean? = true - ) - - fun deleteRoleMember( - userId: String, - projectId: Int, - roleId: Int, - id: String, - type: ManagerScopesEnum, - managerGroup: Boolean - ) - - fun getRoleMember(projectId: Int, roleId: Int, page: Int?, pageSize: Int?): ManagerGroupMemberVo - - fun getProjectAllMember(projectId: Int, page: Int?, pageSize: Int?): ProjectMembersVO? - - fun getUserGroups(projectId: Int, userId: String): List? -} diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/iam/PermissionRoleService.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/iam/PermissionRoleService.kt deleted file mode 100644 index 5feb43e5d954..000000000000 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/iam/PermissionRoleService.kt +++ /dev/null @@ -1,45 +0,0 @@ -/* - * Tencent is pleased to support the open source community by making BK-CI 蓝鲸持续集成平台 available. - * - * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. - * - * BK-CI 蓝鲸持续集成平台 is licensed under the MIT license. - * - * A copy of the MIT License is included in this file. - * - * - * Terms of the MIT License: - * --------------------------------------------------- - * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated - * documentation files (the "Software"), to deal in the Software without restriction, including without limitation the - * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to - * permit persons to whom the Software is furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in all copies or substantial portions of - * the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT - * LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN - * NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, - * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE - * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - * - */ - -package com.tencent.devops.auth.service.iam - -import com.tencent.devops.auth.pojo.DefaultGroup -import com.tencent.devops.auth.pojo.dto.ProjectRoleDTO -import com.tencent.devops.auth.pojo.vo.GroupInfoVo - -interface PermissionRoleService { - fun createPermissionRole(userId: String, projectId: Int, projectCode: String, groupInfo: ProjectRoleDTO): Int - - fun renamePermissionRole(userId: String, projectId: Int, roleId: Int, groupInfo: ProjectRoleDTO) - - fun getPermissionRole(projectId: Int): List - - fun deletePermissionRole(userId: String, projectId: Int, roleId: Int) - - fun getDefaultRole(): List -} diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/iam/PermissionUrlService.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/iam/PermissionUrlService.kt deleted file mode 100644 index 3cc8e37624da..000000000000 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/iam/PermissionUrlService.kt +++ /dev/null @@ -1,37 +0,0 @@ -/* - * Tencent is pleased to support the open source community by making BK-CI 蓝鲸持续集成平台 available. - * - * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. - * - * BK-CI 蓝鲸持续集成平台 is licensed under the MIT license. - * - * A copy of the MIT License is included in this file. - * - * - * Terms of the MIT License: - * --------------------------------------------------- - * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated - * documentation files (the "Software"), to deal in the Software without restriction, including without limitation the - * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to - * permit persons to whom the Software is furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in all copies or substantial portions of - * the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT - * LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN - * NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, - * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE - * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - */ - -package com.tencent.devops.auth.service.iam - -import com.tencent.devops.auth.pojo.PermissionUrlDTO -import com.tencent.devops.common.api.pojo.Result - -interface PermissionUrlService { - fun getPermissionUrl(permissionUrlDTO: List): Result - - fun getRolePermissionUrl(projectId: String, groupId: String?): String? -} diff --git a/src/backend/ci/core/openapi/api-openapi/src/main/kotlin/com/tencent/devops/openapi/api/apigw/v3/ApigwAuthGrantResourceV3.kt b/src/backend/ci/core/openapi/api-openapi/src/main/kotlin/com/tencent/devops/openapi/api/apigw/v3/ApigwAuthGrantResourceV3.kt deleted file mode 100644 index f4ed65c07ecd..000000000000 --- a/src/backend/ci/core/openapi/api-openapi/src/main/kotlin/com/tencent/devops/openapi/api/apigw/v3/ApigwAuthGrantResourceV3.kt +++ /dev/null @@ -1,44 +0,0 @@ -package com.tencent.devops.openapi.api.apigw.v3 - -import com.tencent.devops.auth.pojo.dto.GrantInstanceDTO -import com.tencent.devops.common.api.auth.AUTH_HEADER_DEVOPS_APP_CODE -import com.tencent.devops.common.api.auth.AUTH_HEADER_USER_ID -import com.tencent.devops.common.api.auth.AUTH_HEADER_USER_ID_DEFAULT_VALUE -import com.tencent.devops.common.api.pojo.Result -import io.swagger.v3.oas.annotations.tags.Tag -import io.swagger.v3.oas.annotations.Operation -import io.swagger.v3.oas.annotations.Parameter -import javax.ws.rs.Consumes -import javax.ws.rs.HeaderParam -import javax.ws.rs.POST -import javax.ws.rs.Path -import javax.ws.rs.PathParam -import javax.ws.rs.Produces -import javax.ws.rs.core.MediaType - -@Tag(name = "OPENAPI_AUTH_V3", description = "OPENAPI-权限相关") -@Path("/{apigwType:apigw-user|apigw-app|apigw}/v3/auth") -@Produces(MediaType.APPLICATION_JSON) -@Consumes(MediaType.APPLICATION_JSON) -@Suppress("ALL") -interface ApigwAuthGrantResourceV3 { - - @Operation(summary = "实例授权", tags = ["v3_app_permission_grant"]) - @POST - @Path("/projects/{projectId}/instance/grant") - fun grantInstancePermission( - @Parameter(description = "appCode", required = true) - @HeaderParam(AUTH_HEADER_DEVOPS_APP_CODE) - appCode: String?, - @Parameter(description = "apigw Type", required = true) - @PathParam("apigwType") - apigwType: String?, - @Parameter(description = "用户ID", required = true, example = AUTH_HEADER_USER_ID_DEFAULT_VALUE) - @HeaderParam(AUTH_HEADER_USER_ID) - userId: String, - @Parameter(description = "项目ID(项目英文名)", required = true) - @PathParam("projectId") - projectId: String, - grantInstance: GrantInstanceDTO - ): Result -} diff --git a/src/backend/ci/core/openapi/api-openapi/src/main/kotlin/com/tencent/devops/openapi/api/apigw/v4/ApigwAuthGrantResourceV4.kt b/src/backend/ci/core/openapi/api-openapi/src/main/kotlin/com/tencent/devops/openapi/api/apigw/v4/ApigwAuthGrantResourceV4.kt deleted file mode 100644 index d62c88a4b8d2..000000000000 --- a/src/backend/ci/core/openapi/api-openapi/src/main/kotlin/com/tencent/devops/openapi/api/apigw/v4/ApigwAuthGrantResourceV4.kt +++ /dev/null @@ -1,44 +0,0 @@ -package com.tencent.devops.openapi.api.apigw.v4 - -import com.tencent.devops.auth.pojo.dto.GrantInstanceDTO -import com.tencent.devops.common.api.auth.AUTH_HEADER_DEVOPS_APP_CODE -import com.tencent.devops.common.api.auth.AUTH_HEADER_USER_ID -import com.tencent.devops.common.api.auth.AUTH_HEADER_USER_ID_DEFAULT_VALUE -import com.tencent.devops.common.api.pojo.Result -import io.swagger.v3.oas.annotations.tags.Tag -import io.swagger.v3.oas.annotations.Operation -import io.swagger.v3.oas.annotations.Parameter -import javax.ws.rs.Consumes -import javax.ws.rs.HeaderParam -import javax.ws.rs.POST -import javax.ws.rs.Path -import javax.ws.rs.PathParam -import javax.ws.rs.Produces -import javax.ws.rs.core.MediaType - -@Tag(name = "OPENAPI_AUTH_V4", description = "OPENAPI-权限相关") -@Path("/{apigwType:apigw-user|apigw-app|apigw}/v4/auth/projects/{projectId}") -@Produces(MediaType.APPLICATION_JSON) -@Consumes(MediaType.APPLICATION_JSON) -@Suppress("ALL") -interface ApigwAuthGrantResourceV4 { - - @Operation(summary = "实例授权", tags = ["v4_app_permission_grant"]) - @POST - @Path("/instance_grant") - fun grantInstancePermission( - @Parameter(description = "appCode", required = true) - @HeaderParam(AUTH_HEADER_DEVOPS_APP_CODE) - appCode: String?, - @Parameter(description = "apigw Type", required = true) - @PathParam("apigwType") - apigwType: String?, - @Parameter(description = "用户ID", required = true, example = AUTH_HEADER_USER_ID_DEFAULT_VALUE) - @HeaderParam(AUTH_HEADER_USER_ID) - userId: String, - @Parameter(description = "项目ID(项目英文名)", required = true) - @PathParam("projectId") - projectId: String, - grantInstance: GrantInstanceDTO - ): Result -} diff --git a/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v3/ApigwAuthGrantResourceV3Impl.kt b/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v3/ApigwAuthGrantResourceV3Impl.kt deleted file mode 100644 index e7ef674387cf..000000000000 --- a/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v3/ApigwAuthGrantResourceV3Impl.kt +++ /dev/null @@ -1,42 +0,0 @@ -package com.tencent.devops.openapi.resources.apigw.v3 - -import com.tencent.devops.auth.api.service.ServicePermissionAuthResource -import com.tencent.devops.auth.pojo.dto.GrantInstanceDTO -import com.tencent.devops.common.api.pojo.Result -import com.tencent.devops.common.client.Client -import com.tencent.devops.common.client.ClientTokenService -import com.tencent.devops.common.web.RestResource -import com.tencent.devops.openapi.api.apigw.v3.ApigwAuthGrantResourceV3 -import com.tencent.devops.openapi.service.OpenapiPermissionService -import org.slf4j.LoggerFactory -import org.springframework.beans.factory.annotation.Autowired - -@RestResource -class ApigwAuthGrantResourceV3Impl @Autowired constructor( - private val client: Client, - private val tokenService: ClientTokenService, - private val openapiPermissionService: OpenapiPermissionService -) : ApigwAuthGrantResourceV3 { - override fun grantInstancePermission( - appCode: String?, - apigwType: String?, - userId: String, - projectId: String, - grantInstance: GrantInstanceDTO - ): Result { - logger.info("OPENAPI_AUTH_GRANT_V3|$userId|grant instance permission|$projectId|$grantInstance") - openapiPermissionService.validProjectManagerPermission(appCode, apigwType, userId, projectId) - return Result( - client.get(ServicePermissionAuthResource::class).grantInstancePermission( - userId = userId, - projectCode = projectId, - grantInstance = grantInstance, - token = tokenService.getSystemToken()!! - ).data ?: false - ) - } - - companion object { - val logger = LoggerFactory.getLogger(ApigwAuthGrantResourceV3Impl::class.java) - } -} diff --git a/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v4/ApigwAuthGrantResourceV4Impl.kt b/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v4/ApigwAuthGrantResourceV4Impl.kt deleted file mode 100644 index 305d39a8b7a2..000000000000 --- a/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v4/ApigwAuthGrantResourceV4Impl.kt +++ /dev/null @@ -1,42 +0,0 @@ -package com.tencent.devops.openapi.resources.apigw.v4 - -import com.tencent.devops.auth.api.service.ServicePermissionAuthResource -import com.tencent.devops.auth.pojo.dto.GrantInstanceDTO -import com.tencent.devops.common.api.pojo.Result -import com.tencent.devops.common.client.Client -import com.tencent.devops.common.client.ClientTokenService -import com.tencent.devops.common.web.RestResource -import com.tencent.devops.openapi.api.apigw.v4.ApigwAuthGrantResourceV4 -import com.tencent.devops.openapi.service.OpenapiPermissionService -import org.slf4j.LoggerFactory -import org.springframework.beans.factory.annotation.Autowired - -@RestResource -class ApigwAuthGrantResourceV4Impl @Autowired constructor( - private val client: Client, - private val tokenService: ClientTokenService, - private val openapiPermissionService: OpenapiPermissionService -) : ApigwAuthGrantResourceV4 { - override fun grantInstancePermission( - appCode: String?, - apigwType: String?, - userId: String, - projectId: String, - grantInstance: GrantInstanceDTO - ): Result { - logger.info("OPENAPI_AUTH_GRANT_V4|$userId|grant instance permission|$projectId|$grantInstance") - openapiPermissionService.validProjectManagerPermission(appCode, apigwType, userId, projectId) - return Result( - client.get(ServicePermissionAuthResource::class).grantInstancePermission( - userId = userId, - projectCode = projectId, - grantInstance = grantInstance, - token = tokenService.getSystemToken()!! - ).data ?: false - ) - } - - companion object { - val logger = LoggerFactory.getLogger(ApigwAuthGrantResourceV4Impl::class.java) - } -}