Merge pull request #317 from actiontech/ce-2691

Ce 2691
actiontech · Oct 22, 2024 · 4b5364d · 4b5364d
2 parents a203de6 + 0c280dc
commit 4b5364d
Show file tree

Hide file tree

Showing 8 changed files with 74 additions and 40 deletions.
diff --git a/internal/dms/biz/role.go b/internal/dms/biz/role.go
@@ -69,14 +69,16 @@ func initRole() []*Role {
 			Desc: "project admin",
 		},
 		{
-			UID:  pkgConst.UIDOfRoleSQLEAdmin,
-			Name: "SQLE管理员",
-			Desc: "拥有该权限的用户可以创建/编辑工单，审核/驳回工单，上线工单,创建/编辑扫描任务",
+			UID:  pkgConst.UIDOfRoleDevEngineer,
+			Name: "开发工程师",
 		},
 		{
-			UID:  pkgConst.UIDOfRoleProvisionAdmin,
-			Name: "provision管理员",
-			Desc: "拥有该权限的用户可以授权数据源数据权限",
+			UID:  pkgConst.UIDOfRoleDevManager,
+			Name: "开发主管",
+		},
+		{
+			UID:  pkgConst.UIDOfRoleOpsEngineer,
+			Name: "运维工程师",
 		},
 	}
 }
@@ -149,18 +151,33 @@ func (d *RoleUsecase) InitRoles(ctx context.Context) (err error) {
 			if err = d.InsureOpPermissionsToRole(ctx, []string{pkgConst.UIDOfOpPermissionProjectAdmin}, roleId); err != nil {
 				return fmt.Errorf("insure op permissions in role failed: %v", err)
 			}
-		case pkgConst.UIDOfRoleSQLEAdmin:
-			if err = d.InsureOpPermissionsToRole(ctx, []string{pkgConst.UIDOfOpPermissionCreateWorkflow,
-				pkgConst.UIDOfOpPermissionAuditWorkflow, pkgConst.UIDOfOpPermissionExecuteWorkflow,
-				pkgConst.UIDOfOpPermissionViewOthersWorkflow, pkgConst.UIDOfOpPermissionSaveAuditPlan,
-				pkgConst.UIDOfOpPermissionViewOthersAuditPlan, pkgConst.UIDOfOpPermissionSQLQuery,
-				pkgConst.UIDOfOpPermissionExportApprovalReject, pkgConst.UIDOfOpPermissionExportCreate,
-				pkgConst.UIDOfOpPermissionCreateOptimization, pkgConst.UIDOfOpPermissionViewOthersOptimization,
-				pkgConst.UIDOfOpPermissionCreatePipeline}, roleId); err != nil {
+		case pkgConst.UIDOfRoleDevEngineer:
+			if err := d.InsureOpPermissionsToRole(ctx, []string{
+				pkgConst.UIDOfOpPermissionCreateWorkflow,
+				pkgConst.UIDOfOpPermissionSQLQuery,
+				pkgConst.UIDOfOpPermissionCreatePipeline,
+				pkgConst.UIDOfOpPermissionCreateOptimization,
+			}, roleId); err != nil {
+				return fmt.Errorf("insure op permissions in role failed: %v", err)
+			}
+		case pkgConst.UIDOfRoleDevManager:
+			if err := d.InsureOpPermissionsToRole(ctx, []string{
+				pkgConst.UIDOfOpPermissionViewOthersWorkflow,
+				pkgConst.UIDOfOpPermissionAuditWorkflow,
+				pkgConst.UIDOfOpPermissionCreatePipeline,
+				pkgConst.UIDOfOpPermissionViewOthersOptimization,
+			}, roleId); err != nil {
 				return fmt.Errorf("insure op permissions in role failed: %v", err)
 			}
-		case pkgConst.UIDOfRoleProvisionAdmin:
-			if err = d.InsureOpPermissionsToRole(ctx, []string{pkgConst.UIDOfOpPermissionAuthDBServiceData}, roleId); err != nil {
+		case pkgConst.UIDOfRoleOpsEngineer:
+			if err := d.InsureOpPermissionsToRole(ctx, []string{
+				pkgConst.UIDOfOpPermissionViewOthersWorkflow,
+				pkgConst.UIDOfOpPermissionExecuteWorkflow,
+				pkgConst.UIDOfOpPermissionSaveAuditPlan,
+				pkgConst.UIDOfOpPermissionViewOthersAuditPlan,
+				pkgConst.UIDOfOpPermissionExportCreate,
+				pkgConst.UIDOfOpPermissionAuthDBServiceData,
+			}, roleId); err != nil {
 				return fmt.Errorf("insure op permissions in role failed: %v", err)
 			}
 		default:

diff --git a/internal/dms/pkg/constant/const.go b/internal/dms/pkg/constant/const.go
@@ -36,9 +36,10 @@ const (
 
 	UIDOfProjectDefault = "700300"
 
-	UIDOfRoleProjectAdmin   = "700400"
-	UIDOfRoleSQLEAdmin      = "700401"
-	UIDOfRoleProvisionAdmin = "700402"
+	UIDOfRoleProjectAdmin = "700400"
+	UIDOfRoleDevEngineer  = "700403"
+	UIDOfRoleDevManager   = "700404"
+	UIDOfRoleOpsEngineer  = "700405"
 )
 
 func ConvertPermissionIdToType(opPermissionUid string) (apiOpPermissionTyp dmsCommonV1.OpPermissionType, err error) {

diff --git a/internal/dms/service/member_group.go b/internal/dms/service/member_group.go
@@ -124,7 +124,7 @@ func (d *DMSService) buildRoleWithOpRanges(ctx context.Context, roleWithOpRanges
 				return nil, fmt.Errorf("unsupported op range type: %v", r.OpRangeType)
 			}
 		}
-		if role.UID == pkgConst.UIDOfRoleProjectAdmin || role.UID == pkgConst.UIDOfRoleSQLEAdmin || role.UID == pkgConst.UIDOfRoleProvisionAdmin {
+		if role.UID == pkgConst.UIDOfRoleProjectAdmin || role.UID == pkgConst.UIDOfRoleDevEngineer || role.UID == pkgConst.UIDOfRoleDevManager || role.UID == pkgConst.UIDOfRoleOpsEngineer {
 			// built in role, localize name and desc
 			role.Name = locale.Bundle.LocalizeMsgByCtx(ctx, RoleNameByUID[role.GetUID()])
 			role.Desc = locale.Bundle.LocalizeMsgByCtx(ctx, RoleDescByUID[role.GetUID()])

diff --git a/internal/dms/service/role.go b/internal/dms/service/role.go
@@ -14,15 +14,17 @@ import (
 )
 
 var RoleNameByUID = map[string]*i18n.Message{
-	pkgConst.UIDOfRoleProjectAdmin:   locale.NameRoleProjectAdmin,
-	pkgConst.UIDOfRoleSQLEAdmin:      locale.NameRoleSQLEAdmin,
-	pkgConst.UIDOfRoleProvisionAdmin: locale.NameRoleProvisionAdmin,
+	pkgConst.UIDOfRoleProjectAdmin: locale.NameRoleProjectAdmin,
+	pkgConst.UIDOfRoleDevEngineer:  locale.NameRoleDevEngineer,
+	pkgConst.UIDOfRoleDevManager:   locale.NameRoleDevManager,
+	pkgConst.UIDOfRoleOpsEngineer:  locale.NameRoleOpsEngineer,
 }
 
 var RoleDescByUID = map[string]*i18n.Message{
-	pkgConst.UIDOfRoleProjectAdmin:   locale.DescRoleProjectAdmin,
-	pkgConst.UIDOfRoleSQLEAdmin:      locale.DescRoleSQLEAdmin,
-	pkgConst.UIDOfRoleProvisionAdmin: locale.DescRoleProvisionAdmin,
+	pkgConst.UIDOfRoleProjectAdmin: locale.DescRoleProjectAdmin,
+	pkgConst.UIDOfRoleDevEngineer:  locale.DescRoleDevEngineer,
+	pkgConst.UIDOfRoleDevManager:   locale.DescRoleDevManager,
+	pkgConst.UIDOfRoleOpsEngineer:  locale.DescRoleOpsEngineer,
 }
 
 func (d *DMSService) AddRole(ctx context.Context, currentUserUid string, req *dmsV1.AddRoleReq) (reply *dmsV1.AddRoleReply, err error) {
@@ -108,7 +110,7 @@ func (d *DMSService) ListRoles(ctx context.Context, req *dmsV1.ListRoleReq) (rep
 
 	ret := make([]*dmsV1.ListRole, len(roles))
 	for i, r := range roles {
-		if r.UID == pkgConst.UIDOfRoleProjectAdmin || r.UID == pkgConst.UIDOfRoleSQLEAdmin || r.UID == pkgConst.UIDOfRoleProvisionAdmin {
+		if r.UID == pkgConst.UIDOfRoleProjectAdmin || r.UID == pkgConst.UIDOfRoleDevEngineer || r.UID == pkgConst.UIDOfRoleDevManager || r.UID == pkgConst.UIDOfRoleOpsEngineer {
 			// built in role, localize name and desc
 			r.Name = locale.Bundle.LocalizeMsgByCtx(ctx, RoleNameByUID[r.GetUID()])
 			r.Desc = locale.Bundle.LocalizeMsgByCtx(ctx, RoleDescByUID[r.GetUID()])

diff --git a/internal/pkg/locale/active.en.toml b/internal/pkg/locale/active.en.toml
@@ -46,14 +46,17 @@ DescOpPermissionExportCreate = "Create data export task; Users with this permiss
 DescOpPermissionGlobalManagement = "Global management; Users with this permission can manage all resources on the platform"
 DescOpPermissionGlobalView = "Global view; Users with this permission can view global information"
 DescOpPermissionProjectAdmin = "Project management; Users with this permission can manage all resources under the project"
-DescOpPermissionSQLQuery = "SQL query; Users with this permission can execute SQL query"
+DescOpPermissionSQLQuery = "SQL workbench query; Users with this permission can execute SQL query"
 DescOpPermissionSaveAuditPlan = "View others' created scan task; Users with this permission can view others' created scan task"
 DescOpPermissionViewOthersAuditPlan = "Create/edit scan task; Users with this permission can create/edit scan task"
 DescOpPermissionViewOthersOptimization = "View others' created SQL optimization; Users with this permission can view others' created SQL optimization"
 DescOpPermissionViewOthersWorkflow = "View others' created workflow; Users with this permission can view others' created workflow"
 DescRoleProjectAdmin = "Project admin"
 DescRoleProvisionAdmin = "Users with this permission can authorize db instance data permissions"
 DescRoleSQLEAdmin = "Users with this permission can create/edit workflow, approve/reject workflow, execute workflow, create/edit scan task"
+DescRoleDevEngineer = "Users with this permission can create/edit workflow, execute SQL query, configure pipelines, create SQL optimization"
+DescRoleDevManager = "Users with this permission can view others' created workflow, approve/reject workflow, configure pipelines, view others' created SQL optimization"
+DescRoleOpsEngineer = "Users with this permission can view others' created workflow, execute workflow, create scan task, view others' created scan task, create data export task, authorize db instance data permissions"
 IDBPCErrBusinessNonExist = "Project business is fixed but doesn't exist"
 IDBPCErrDB2DbNameInvalid = "DB2 database name is incorrect"
 IDBPCErrDbTypeInvalid = "DB instance type is invalid or corresponding plugin is not installed"
@@ -88,7 +91,7 @@ NameOpPermissionExportCreate = "Create data export task"
 NameOpPermissionGlobalManagement = "Global management"
 NameOpPermissionGlobalView = "Global view"
 NameOpPermissionProjectAdmin = "Project management"
-NameOpPermissionSQLQuery = "SQL query"
+NameOpPermissionSQLQuery = "SQL workbench query"
 NameOpPermissionSaveAuditPlan = "Create/Edit scan task"
 NameOpPermissionViewOthersAuditPlan = "View others' created scan task"
 NameOpPermissionViewOthersOptimization = "View others' created SQL optimization"
@@ -101,6 +104,9 @@ ProjectBusiness = "Available business"
 ProjectCreateTime = "Create time"
 ProjectDesc = "Project description"
 ProjectName = "Project name"
+NameRoleDevEngineer = "Developer"
+NameRoleDevManager = "Development manager"
+NameRoleOpsEngineer = "Operation engineer"
 ProjectNotAvailable = "Unavailable"
 ProjectStatus = "Project status"
 StatDisable = "Disabled"

diff --git a/internal/pkg/locale/active.zh.toml b/internal/pkg/locale/active.zh.toml
@@ -46,14 +46,17 @@ DescOpPermissionExportCreate = "创建数据导出任务；拥有该权限的用
 DescOpPermissionGlobalManagement = "全局管理；拥有该权限的用户可以管理平台的所有资源"
 DescOpPermissionGlobalView = "全局浏览；拥有该权限的用户可以查看全局信息"
 DescOpPermissionProjectAdmin = "项目管理；拥有该权限的用户可以管理项目下的所有资源"
-DescOpPermissionSQLQuery = "SQL查询；拥有该权限的用户可以执行SQL查询"
+DescOpPermissionSQLQuery = "SQL工作台查询；拥有该权限的用户可以执行SQL查询"
 DescOpPermissionSaveAuditPlan = "创建/编辑扫描任务；拥有该权限的用户可以创建/编辑扫描任务"
 DescOpPermissionViewOthersAuditPlan = "查看他人创建的扫描任务；拥有该权限的用户可以查看他人创建的扫描任务"
 DescOpPermissionViewOthersOptimization = "查看他人创建的智能调优；拥有该权限的用户可以查看他人创建的智能调优"
 DescOpPermissionViewOthersWorkflow = "查看他人创建的工单；拥有该权限的用户可以查看他人创建的工单"
 DescRoleProjectAdmin = "project admin"
 DescRoleProvisionAdmin = "拥有该权限的用户可以授权数据源数据权限"
 DescRoleSQLEAdmin = "拥有该权限的用户可以创建/编辑工单，审核/驳回工单，上线工单,创建/编辑扫描任务"
+DescRoleDevEngineer = "创建/编辑工单,SQL工作台查询,配置流水线,创建智能调优"
+DescRoleDevManager = "审核/驳回工单,查看他人创建的工单,查看他人创建的智能调优,配置流水线"
+DescRoleOpsEngineer = "查看他人创建的工单,上线工单,创建/编辑扫描任务,查看他人创建的扫描任务,创建数据导出任务,授权数据源数据"
 IDBPCErrBusinessNonExist = "项目业务固定且所属业务不存在"
 IDBPCErrDB2DbNameInvalid = "DB2数据库名错误"
 IDBPCErrDbTypeInvalid = "数据源类型不规范或对应插件未安装"
@@ -88,14 +91,17 @@ NameOpPermissionExportCreate = "创建数据导出任务"
 NameOpPermissionGlobalManagement = "全局管理"
 NameOpPermissionGlobalView = "全局浏览"
 NameOpPermissionProjectAdmin = "项目管理"
-NameOpPermissionSQLQuery = "SQL查询"
+NameOpPermissionSQLQuery = "SQL工作台查询"
 NameOpPermissionSaveAuditPlan = "创建/编辑扫描任务"
 NameOpPermissionViewOthersAuditPlan = "查看他人创建的扫描任务"
 NameOpPermissionViewOthersOptimization = "查看他人创建的智能调优"
 NameOpPermissionViewOthersWorkflow = "查看他人创建的工单"
 NameRoleProjectAdmin = "项目管理员"
 NameRoleProvisionAdmin = "provision管理员"
 NameRoleSQLEAdmin = "SQLE管理员"
+NameRoleDevEngineer = "开发工程师"
+NameRoleDevManager = "开发主管"
+NameRoleOpsEngineer = "运维工程师"
 ProjectAvailable = "可用"
 ProjectBusiness = "可用业务"
 ProjectCreateTime = "创建时间"

diff --git a/internal/pkg/locale/message_zh.go b/internal/pkg/locale/message_zh.go
@@ -33,7 +33,7 @@ var (
 	NameOpPermissionViewOthersWorkflow     = &i18n.Message{ID: "NameOpPermissionViewOthersWorkflow", Other: "查看他人创建的工单"}
 	NameOpPermissionViewOthersAuditPlan    = &i18n.Message{ID: "NameOpPermissionViewOthersAuditPlan", Other: "查看他人创建的扫描任务"}
 	NameOpPermissionSaveAuditPlan          = &i18n.Message{ID: "NameOpPermissionSaveAuditPlan", Other: "创建/编辑扫描任务"}
-	NameOpPermissionSQLQuery               = &i18n.Message{ID: "NameOpPermissionSQLQuery", Other: "SQL查询"}
+	NameOpPermissionSQLQuery               = &i18n.Message{ID: "NameOpPermissionSQLQuery", Other: "SQL工作台查询"}
 	NameOpPermissionExportApprovalReject   = &i18n.Message{ID: "NameOpPermissionExportApprovalReject", Other: "审批/驳回数据导出工单"}
 	NameOpPermissionExportCreate           = &i18n.Message{ID: "NameOpPermissionExportCreate", Other: "创建数据导出任务"}
 	NameOpPermissionCreateOptimization     = &i18n.Message{ID: "NameOpPermissionCreateOptimization", Other: "创建智能调优"}
@@ -53,7 +53,7 @@ var (
 	DescOpPermissionViewOthersWorkflow     = &i18n.Message{ID: "DescOpPermissionViewOthersWorkflow", Other: "查看他人创建的工单；拥有该权限的用户可以查看他人创建的工单"}
 	DescOpPermissionViewOthersAuditPlan    = &i18n.Message{ID: "DescOpPermissionViewOthersAuditPlan", Other: "查看他人创建的扫描任务；拥有该权限的用户可以查看他人创建的扫描任务"}
 	DescOpPermissionSaveAuditPlan          = &i18n.Message{ID: "DescOpPermissionSaveAuditPlan", Other: "创建/编辑扫描任务；拥有该权限的用户可以创建/编辑扫描任务"}
-	DescOpPermissionSQLQuery               = &i18n.Message{ID: "DescOpPermissionSQLQuery", Other: "SQL查询；拥有该权限的用户可以执行SQL查询"}
+	DescOpPermissionSQLQuery               = &i18n.Message{ID: "DescOpPermissionSQLQuery", Other: "SQL工作台查询；拥有该权限的用户可以执行SQL工作台查询"}
 	DescOpPermissionExportApprovalReject   = &i18n.Message{ID: "DescOpPermissionExportApprovalReject", Other: "审批/驳回数据导出工单；拥有该权限的用户可以执行审批导出数据工单或者驳回导出数据工单"}
 	DescOpPermissionExportCreate           = &i18n.Message{ID: "DescOpPermissionExportCreate", Other: "创建数据导出任务；拥有该权限的用户可以创建数据导出任务或者工单"}
 	DescOpPermissionCreateOptimization     = &i18n.Message{ID: "DescOpPermissionCreateOptimization", Other: "创建智能调优；拥有该权限的用户可以创建智能调优"}
@@ -63,13 +63,15 @@ var (
 
 // role
 var (
-	NameRoleProjectAdmin   = &i18n.Message{ID: "NameRoleProjectAdmin", Other: "项目管理员"}
-	NameRoleSQLEAdmin      = &i18n.Message{ID: "NameRoleSQLEAdmin", Other: "SQLE管理员"}
-	NameRoleProvisionAdmin = &i18n.Message{ID: "NameRoleProvisionAdmin", Other: "provision管理员"}
+	NameRoleProjectAdmin = &i18n.Message{ID: "NameRoleProjectAdmin", Other: "项目管理员"}
+	NameRoleDevEngineer  = &i18n.Message{ID: "NameRoleDevEngineer", Other: "开发工程师"}
+	NameRoleDevManager   = &i18n.Message{ID: "NameRoleDevManager", Other: "开发主管"}
+	NameRoleOpsEngineer  = &i18n.Message{ID: "NameRoleOpsEngineer", Other: "运维工程师"}
 
-	DescRoleProjectAdmin   = &i18n.Message{ID: "DescRoleProjectAdmin", Other: "project admin"}
-	DescRoleSQLEAdmin      = &i18n.Message{ID: "DescRoleSQLEAdmin", Other: "拥有该权限的用户可以创建/编辑工单，审核/驳回工单，上线工单,创建/编辑扫描任务"}
-	DescRoleProvisionAdmin = &i18n.Message{ID: "DescRoleProvisionAdmin", Other: "拥有该权限的用户可以授权数据源数据权限"}
+	DescRoleProjectAdmin = &i18n.Message{ID: "DescRoleProjectAdmin", Other: "project admin"}
+	DescRoleDevEngineer  = &i18n.Message{ID: "DescRoleDevEngineer", Other: "拥有该权限的用户可以创建/编辑工单,SQL工作台查询,配置流水线,创建智能调优"}
+	DescRoleDevManager   = &i18n.Message{ID: "DescRoleDevManager", Other: "拥有该权限的用户可以创建/编辑工单,审核/驳回工单,配置流水线,查看他人创建的智能调优"}
+	DescRoleOpsEngineer  = &i18n.Message{ID: "DescRoleOpsEngineer", Other: "拥有该权限的用户可以上线工单,查看他人创建的工单,创建智能扫描,查看他人的扫描任务,数据导出,授权数据源数据"}
 )
 
 // license

diff --git a/pkg/dms-common/api/dms/v1/user.go b/pkg/dms-common/api/dms/v1/user.go
@@ -264,7 +264,7 @@ func GetOperationTypeDesc(opType OpPermissionType) string {
 	case OpPermissionTypeSaveAuditPlan:
 		return "创建扫描任务权限"
 	case OpPermissionTypeSQLQuery:
-		return "SQL查询"
+		return "SQL工作台查询"
 	case OpPermissionTypeCreateOptimization:
 		return "创建智能调优"
 	case OpPermissionTypeViewOthersOptimization: