diff --git a/internal/dms/biz/role.go b/internal/dms/biz/role.go index 721d1275..d1fb31ed 100644 --- a/internal/dms/biz/role.go +++ b/internal/dms/biz/role.go @@ -69,14 +69,16 @@ func initRole() []*Role { Desc: "project admin", }, { - UID: pkgConst.UIDOfRoleSQLEAdmin, - Name: "SQLE管理员", - Desc: "拥有该权限的用户可以创建/编辑工单,审核/驳回工单,上线工单,创建/编辑扫描任务", + UID: pkgConst.UIDOfRoleDevEngineer, + Name: "开发工程师", }, { - UID: pkgConst.UIDOfRoleProvisionAdmin, - Name: "provision管理员", - Desc: "拥有该权限的用户可以授权数据源数据权限", + UID: pkgConst.UIDOfRoleDevManager, + Name: "开发主管", + }, + { + UID: pkgConst.UIDOfRoleOpsEngineer, + Name: "运维工程师", }, } } @@ -149,18 +151,33 @@ func (d *RoleUsecase) InitRoles(ctx context.Context) (err error) { if err = d.InsureOpPermissionsToRole(ctx, []string{pkgConst.UIDOfOpPermissionProjectAdmin}, roleId); err != nil { return fmt.Errorf("insure op permissions in role failed: %v", err) } - case pkgConst.UIDOfRoleSQLEAdmin: - if err = d.InsureOpPermissionsToRole(ctx, []string{pkgConst.UIDOfOpPermissionCreateWorkflow, - pkgConst.UIDOfOpPermissionAuditWorkflow, pkgConst.UIDOfOpPermissionExecuteWorkflow, - pkgConst.UIDOfOpPermissionViewOthersWorkflow, pkgConst.UIDOfOpPermissionSaveAuditPlan, - pkgConst.UIDOfOpPermissionViewOthersAuditPlan, pkgConst.UIDOfOpPermissionSQLQuery, - pkgConst.UIDOfOpPermissionExportApprovalReject, pkgConst.UIDOfOpPermissionExportCreate, - pkgConst.UIDOfOpPermissionCreateOptimization, pkgConst.UIDOfOpPermissionViewOthersOptimization, - pkgConst.UIDOfOpPermissionCreatePipeline}, roleId); err != nil { + case pkgConst.UIDOfRoleDevEngineer: + if err := d.InsureOpPermissionsToRole(ctx, []string{ + pkgConst.UIDOfOpPermissionCreateWorkflow, + pkgConst.UIDOfOpPermissionSQLQuery, + pkgConst.UIDOfOpPermissionCreatePipeline, + pkgConst.UIDOfOpPermissionCreateOptimization, + }, roleId); err != nil { + return fmt.Errorf("insure op permissions in role failed: %v", err) + } + case pkgConst.UIDOfRoleDevManager: + if err := d.InsureOpPermissionsToRole(ctx, []string{ + pkgConst.UIDOfOpPermissionViewOthersWorkflow, + pkgConst.UIDOfOpPermissionAuditWorkflow, + pkgConst.UIDOfOpPermissionCreatePipeline, + pkgConst.UIDOfOpPermissionViewOthersOptimization, + }, roleId); err != nil { return fmt.Errorf("insure op permissions in role failed: %v", err) } - case pkgConst.UIDOfRoleProvisionAdmin: - if err = d.InsureOpPermissionsToRole(ctx, []string{pkgConst.UIDOfOpPermissionAuthDBServiceData}, roleId); err != nil { + case pkgConst.UIDOfRoleOpsEngineer: + if err := d.InsureOpPermissionsToRole(ctx, []string{ + pkgConst.UIDOfOpPermissionViewOthersWorkflow, + pkgConst.UIDOfOpPermissionExecuteWorkflow, + pkgConst.UIDOfOpPermissionSaveAuditPlan, + pkgConst.UIDOfOpPermissionViewOthersAuditPlan, + pkgConst.UIDOfOpPermissionExportCreate, + pkgConst.UIDOfOpPermissionAuthDBServiceData, + }, roleId); err != nil { return fmt.Errorf("insure op permissions in role failed: %v", err) } default: diff --git a/internal/dms/pkg/constant/const.go b/internal/dms/pkg/constant/const.go index 9613d81b..68e39e76 100644 --- a/internal/dms/pkg/constant/const.go +++ b/internal/dms/pkg/constant/const.go @@ -36,9 +36,10 @@ const ( UIDOfProjectDefault = "700300" - UIDOfRoleProjectAdmin = "700400" - UIDOfRoleSQLEAdmin = "700401" - UIDOfRoleProvisionAdmin = "700402" + UIDOfRoleProjectAdmin = "700400" + UIDOfRoleDevEngineer = "700403" + UIDOfRoleDevManager = "700404" + UIDOfRoleOpsEngineer = "700405" ) func ConvertPermissionIdToType(opPermissionUid string) (apiOpPermissionTyp dmsCommonV1.OpPermissionType, err error) { diff --git a/internal/dms/service/member_group.go b/internal/dms/service/member_group.go index cfbb79f6..ad8e7e06 100644 --- a/internal/dms/service/member_group.go +++ b/internal/dms/service/member_group.go @@ -124,7 +124,7 @@ func (d *DMSService) buildRoleWithOpRanges(ctx context.Context, roleWithOpRanges return nil, fmt.Errorf("unsupported op range type: %v", r.OpRangeType) } } - if role.UID == pkgConst.UIDOfRoleProjectAdmin || role.UID == pkgConst.UIDOfRoleSQLEAdmin || role.UID == pkgConst.UIDOfRoleProvisionAdmin { + if role.UID == pkgConst.UIDOfRoleProjectAdmin || role.UID == pkgConst.UIDOfRoleDevEngineer || role.UID == pkgConst.UIDOfRoleDevManager || role.UID == pkgConst.UIDOfRoleOpsEngineer { // built in role, localize name and desc role.Name = locale.Bundle.LocalizeMsgByCtx(ctx, RoleNameByUID[role.GetUID()]) role.Desc = locale.Bundle.LocalizeMsgByCtx(ctx, RoleDescByUID[role.GetUID()]) diff --git a/internal/dms/service/role.go b/internal/dms/service/role.go index 320f9159..7a7a0f7f 100644 --- a/internal/dms/service/role.go +++ b/internal/dms/service/role.go @@ -14,15 +14,17 @@ import ( ) var RoleNameByUID = map[string]*i18n.Message{ - pkgConst.UIDOfRoleProjectAdmin: locale.NameRoleProjectAdmin, - pkgConst.UIDOfRoleSQLEAdmin: locale.NameRoleSQLEAdmin, - pkgConst.UIDOfRoleProvisionAdmin: locale.NameRoleProvisionAdmin, + pkgConst.UIDOfRoleProjectAdmin: locale.NameRoleProjectAdmin, + pkgConst.UIDOfRoleDevEngineer: locale.NameRoleDevEngineer, + pkgConst.UIDOfRoleDevManager: locale.NameRoleDevManager, + pkgConst.UIDOfRoleOpsEngineer: locale.NameRoleOpsEngineer, } var RoleDescByUID = map[string]*i18n.Message{ - pkgConst.UIDOfRoleProjectAdmin: locale.DescRoleProjectAdmin, - pkgConst.UIDOfRoleSQLEAdmin: locale.DescRoleSQLEAdmin, - pkgConst.UIDOfRoleProvisionAdmin: locale.DescRoleProvisionAdmin, + pkgConst.UIDOfRoleProjectAdmin: locale.DescRoleProjectAdmin, + pkgConst.UIDOfRoleDevEngineer: locale.DescRoleDevEngineer, + pkgConst.UIDOfRoleDevManager: locale.DescRoleDevManager, + pkgConst.UIDOfRoleOpsEngineer: locale.DescRoleOpsEngineer, } func (d *DMSService) AddRole(ctx context.Context, currentUserUid string, req *dmsV1.AddRoleReq) (reply *dmsV1.AddRoleReply, err error) { @@ -108,7 +110,7 @@ func (d *DMSService) ListRoles(ctx context.Context, req *dmsV1.ListRoleReq) (rep ret := make([]*dmsV1.ListRole, len(roles)) for i, r := range roles { - if r.UID == pkgConst.UIDOfRoleProjectAdmin || r.UID == pkgConst.UIDOfRoleSQLEAdmin || r.UID == pkgConst.UIDOfRoleProvisionAdmin { + if r.UID == pkgConst.UIDOfRoleProjectAdmin || r.UID == pkgConst.UIDOfRoleDevEngineer || r.UID == pkgConst.UIDOfRoleDevManager || r.UID == pkgConst.UIDOfRoleOpsEngineer { // built in role, localize name and desc r.Name = locale.Bundle.LocalizeMsgByCtx(ctx, RoleNameByUID[r.GetUID()]) r.Desc = locale.Bundle.LocalizeMsgByCtx(ctx, RoleDescByUID[r.GetUID()]) diff --git a/internal/pkg/locale/active.en.toml b/internal/pkg/locale/active.en.toml index f46857e4..6aa3b006 100644 --- a/internal/pkg/locale/active.en.toml +++ b/internal/pkg/locale/active.en.toml @@ -46,7 +46,7 @@ DescOpPermissionExportCreate = "Create data export task; Users with this permiss DescOpPermissionGlobalManagement = "Global management; Users with this permission can manage all resources on the platform" DescOpPermissionGlobalView = "Global view; Users with this permission can view global information" DescOpPermissionProjectAdmin = "Project management; Users with this permission can manage all resources under the project" -DescOpPermissionSQLQuery = "SQL query; Users with this permission can execute SQL query" +DescOpPermissionSQLQuery = "SQL workbench query; Users with this permission can execute SQL query" DescOpPermissionSaveAuditPlan = "View others' created scan task; Users with this permission can view others' created scan task" DescOpPermissionViewOthersAuditPlan = "Create/edit scan task; Users with this permission can create/edit scan task" DescOpPermissionViewOthersOptimization = "View others' created SQL optimization; Users with this permission can view others' created SQL optimization" @@ -54,6 +54,9 @@ DescOpPermissionViewOthersWorkflow = "View others' created workflow; Users with DescRoleProjectAdmin = "Project admin" DescRoleProvisionAdmin = "Users with this permission can authorize db instance data permissions" DescRoleSQLEAdmin = "Users with this permission can create/edit workflow, approve/reject workflow, execute workflow, create/edit scan task" +DescRoleDevEngineer = "Users with this permission can create/edit workflow, execute SQL query, configure pipelines, create SQL optimization" +DescRoleDevManager = "Users with this permission can view others' created workflow, approve/reject workflow, configure pipelines, view others' created SQL optimization" +DescRoleOpsEngineer = "Users with this permission can view others' created workflow, execute workflow, create scan task, view others' created scan task, create data export task, authorize db instance data permissions" IDBPCErrBusinessNonExist = "Project business is fixed but doesn't exist" IDBPCErrDB2DbNameInvalid = "DB2 database name is incorrect" IDBPCErrDbTypeInvalid = "DB instance type is invalid or corresponding plugin is not installed" @@ -88,7 +91,7 @@ NameOpPermissionExportCreate = "Create data export task" NameOpPermissionGlobalManagement = "Global management" NameOpPermissionGlobalView = "Global view" NameOpPermissionProjectAdmin = "Project management" -NameOpPermissionSQLQuery = "SQL query" +NameOpPermissionSQLQuery = "SQL workbench query" NameOpPermissionSaveAuditPlan = "Create/Edit scan task" NameOpPermissionViewOthersAuditPlan = "View others' created scan task" NameOpPermissionViewOthersOptimization = "View others' created SQL optimization" @@ -101,6 +104,9 @@ ProjectBusiness = "Available business" ProjectCreateTime = "Create time" ProjectDesc = "Project description" ProjectName = "Project name" +NameRoleDevEngineer = "Developer" +NameRoleDevManager = "Development manager" +NameRoleOpsEngineer = "Operation engineer" ProjectNotAvailable = "Unavailable" ProjectStatus = "Project status" StatDisable = "Disabled" diff --git a/internal/pkg/locale/active.zh.toml b/internal/pkg/locale/active.zh.toml index 90f8d3a3..a4a7212b 100644 --- a/internal/pkg/locale/active.zh.toml +++ b/internal/pkg/locale/active.zh.toml @@ -46,7 +46,7 @@ DescOpPermissionExportCreate = "创建数据导出任务;拥有该权限的用 DescOpPermissionGlobalManagement = "全局管理;拥有该权限的用户可以管理平台的所有资源" DescOpPermissionGlobalView = "全局浏览;拥有该权限的用户可以查看全局信息" DescOpPermissionProjectAdmin = "项目管理;拥有该权限的用户可以管理项目下的所有资源" -DescOpPermissionSQLQuery = "SQL查询;拥有该权限的用户可以执行SQL查询" +DescOpPermissionSQLQuery = "SQL工作台查询;拥有该权限的用户可以执行SQL查询" DescOpPermissionSaveAuditPlan = "创建/编辑扫描任务;拥有该权限的用户可以创建/编辑扫描任务" DescOpPermissionViewOthersAuditPlan = "查看他人创建的扫描任务;拥有该权限的用户可以查看他人创建的扫描任务" DescOpPermissionViewOthersOptimization = "查看他人创建的智能调优;拥有该权限的用户可以查看他人创建的智能调优" @@ -54,6 +54,9 @@ DescOpPermissionViewOthersWorkflow = "查看他人创建的工单;拥有该权 DescRoleProjectAdmin = "project admin" DescRoleProvisionAdmin = "拥有该权限的用户可以授权数据源数据权限" DescRoleSQLEAdmin = "拥有该权限的用户可以创建/编辑工单,审核/驳回工单,上线工单,创建/编辑扫描任务" +DescRoleDevEngineer = "创建/编辑工单,SQL工作台查询,配置流水线,创建智能调优" +DescRoleDevManager = "审核/驳回工单,查看他人创建的工单,查看他人创建的智能调优,配置流水线" +DescRoleOpsEngineer = "查看他人创建的工单,上线工单,创建/编辑扫描任务,查看他人创建的扫描任务,创建数据导出任务,授权数据源数据" IDBPCErrBusinessNonExist = "项目业务固定且所属业务不存在" IDBPCErrDB2DbNameInvalid = "DB2数据库名错误" IDBPCErrDbTypeInvalid = "数据源类型不规范或对应插件未安装" @@ -88,7 +91,7 @@ NameOpPermissionExportCreate = "创建数据导出任务" NameOpPermissionGlobalManagement = "全局管理" NameOpPermissionGlobalView = "全局浏览" NameOpPermissionProjectAdmin = "项目管理" -NameOpPermissionSQLQuery = "SQL查询" +NameOpPermissionSQLQuery = "SQL工作台查询" NameOpPermissionSaveAuditPlan = "创建/编辑扫描任务" NameOpPermissionViewOthersAuditPlan = "查看他人创建的扫描任务" NameOpPermissionViewOthersOptimization = "查看他人创建的智能调优" @@ -96,6 +99,9 @@ NameOpPermissionViewOthersWorkflow = "查看他人创建的工单" NameRoleProjectAdmin = "项目管理员" NameRoleProvisionAdmin = "provision管理员" NameRoleSQLEAdmin = "SQLE管理员" +NameRoleDevEngineer = "开发工程师" +NameRoleDevManager = "开发主管" +NameRoleOpsEngineer = "运维工程师" ProjectAvailable = "可用" ProjectBusiness = "可用业务" ProjectCreateTime = "创建时间" diff --git a/internal/pkg/locale/message_zh.go b/internal/pkg/locale/message_zh.go index 36cf00d5..c2431f36 100644 --- a/internal/pkg/locale/message_zh.go +++ b/internal/pkg/locale/message_zh.go @@ -33,7 +33,7 @@ var ( NameOpPermissionViewOthersWorkflow = &i18n.Message{ID: "NameOpPermissionViewOthersWorkflow", Other: "查看他人创建的工单"} NameOpPermissionViewOthersAuditPlan = &i18n.Message{ID: "NameOpPermissionViewOthersAuditPlan", Other: "查看他人创建的扫描任务"} NameOpPermissionSaveAuditPlan = &i18n.Message{ID: "NameOpPermissionSaveAuditPlan", Other: "创建/编辑扫描任务"} - NameOpPermissionSQLQuery = &i18n.Message{ID: "NameOpPermissionSQLQuery", Other: "SQL查询"} + NameOpPermissionSQLQuery = &i18n.Message{ID: "NameOpPermissionSQLQuery", Other: "SQL工作台查询"} NameOpPermissionExportApprovalReject = &i18n.Message{ID: "NameOpPermissionExportApprovalReject", Other: "审批/驳回数据导出工单"} NameOpPermissionExportCreate = &i18n.Message{ID: "NameOpPermissionExportCreate", Other: "创建数据导出任务"} NameOpPermissionCreateOptimization = &i18n.Message{ID: "NameOpPermissionCreateOptimization", Other: "创建智能调优"} @@ -53,7 +53,7 @@ var ( DescOpPermissionViewOthersWorkflow = &i18n.Message{ID: "DescOpPermissionViewOthersWorkflow", Other: "查看他人创建的工单;拥有该权限的用户可以查看他人创建的工单"} DescOpPermissionViewOthersAuditPlan = &i18n.Message{ID: "DescOpPermissionViewOthersAuditPlan", Other: "查看他人创建的扫描任务;拥有该权限的用户可以查看他人创建的扫描任务"} DescOpPermissionSaveAuditPlan = &i18n.Message{ID: "DescOpPermissionSaveAuditPlan", Other: "创建/编辑扫描任务;拥有该权限的用户可以创建/编辑扫描任务"} - DescOpPermissionSQLQuery = &i18n.Message{ID: "DescOpPermissionSQLQuery", Other: "SQL查询;拥有该权限的用户可以执行SQL查询"} + DescOpPermissionSQLQuery = &i18n.Message{ID: "DescOpPermissionSQLQuery", Other: "SQL工作台查询;拥有该权限的用户可以执行SQL工作台查询"} DescOpPermissionExportApprovalReject = &i18n.Message{ID: "DescOpPermissionExportApprovalReject", Other: "审批/驳回数据导出工单;拥有该权限的用户可以执行审批导出数据工单或者驳回导出数据工单"} DescOpPermissionExportCreate = &i18n.Message{ID: "DescOpPermissionExportCreate", Other: "创建数据导出任务;拥有该权限的用户可以创建数据导出任务或者工单"} DescOpPermissionCreateOptimization = &i18n.Message{ID: "DescOpPermissionCreateOptimization", Other: "创建智能调优;拥有该权限的用户可以创建智能调优"} @@ -63,13 +63,15 @@ var ( // role var ( - NameRoleProjectAdmin = &i18n.Message{ID: "NameRoleProjectAdmin", Other: "项目管理员"} - NameRoleSQLEAdmin = &i18n.Message{ID: "NameRoleSQLEAdmin", Other: "SQLE管理员"} - NameRoleProvisionAdmin = &i18n.Message{ID: "NameRoleProvisionAdmin", Other: "provision管理员"} + NameRoleProjectAdmin = &i18n.Message{ID: "NameRoleProjectAdmin", Other: "项目管理员"} + NameRoleDevEngineer = &i18n.Message{ID: "NameRoleDevEngineer", Other: "开发工程师"} + NameRoleDevManager = &i18n.Message{ID: "NameRoleDevManager", Other: "开发主管"} + NameRoleOpsEngineer = &i18n.Message{ID: "NameRoleOpsEngineer", Other: "运维工程师"} - DescRoleProjectAdmin = &i18n.Message{ID: "DescRoleProjectAdmin", Other: "project admin"} - DescRoleSQLEAdmin = &i18n.Message{ID: "DescRoleSQLEAdmin", Other: "拥有该权限的用户可以创建/编辑工单,审核/驳回工单,上线工单,创建/编辑扫描任务"} - DescRoleProvisionAdmin = &i18n.Message{ID: "DescRoleProvisionAdmin", Other: "拥有该权限的用户可以授权数据源数据权限"} + DescRoleProjectAdmin = &i18n.Message{ID: "DescRoleProjectAdmin", Other: "project admin"} + DescRoleDevEngineer = &i18n.Message{ID: "DescRoleDevEngineer", Other: "拥有该权限的用户可以创建/编辑工单,SQL工作台查询,配置流水线,创建智能调优"} + DescRoleDevManager = &i18n.Message{ID: "DescRoleDevManager", Other: "拥有该权限的用户可以创建/编辑工单,审核/驳回工单,配置流水线,查看他人创建的智能调优"} + DescRoleOpsEngineer = &i18n.Message{ID: "DescRoleOpsEngineer", Other: "拥有该权限的用户可以上线工单,查看他人创建的工单,创建智能扫描,查看他人的扫描任务,数据导出,授权数据源数据"} ) // license diff --git a/pkg/dms-common/api/dms/v1/user.go b/pkg/dms-common/api/dms/v1/user.go index 7cdb310f..d3741df9 100644 --- a/pkg/dms-common/api/dms/v1/user.go +++ b/pkg/dms-common/api/dms/v1/user.go @@ -264,7 +264,7 @@ func GetOperationTypeDesc(opType OpPermissionType) string { case OpPermissionTypeSaveAuditPlan: return "创建扫描任务权限" case OpPermissionTypeSQLQuery: - return "SQL查询" + return "SQL工作台查询" case OpPermissionTypeCreateOptimization: return "创建智能调优" case OpPermissionTypeViewOthersOptimization: