feat: IAM回调添加项目审批人 TencentBlueKing#5228 提供批量校验action接口

Signed-off-by: fitzcao <cao150260819@126.com>
fitzcao · Sep 24, 2021 · 88c43f5 · 88c43f5
1 parent 33e0b62
commit 88c43f5
Show file tree

Hide file tree

Showing 2 changed files with 54 additions and 0 deletions.
diff --git a/...auth/src/main/kotlin/com/tencent/devops/auth/api/service/ServicePermissionAuthResource.kt b/...auth/src/main/kotlin/com/tencent/devops/auth/api/service/ServicePermissionAuthResource.kt
@@ -113,6 +113,33 @@ interface ServicePermissionAuthResource {
         relationResourceType: String? = null
     ): Result<Boolean>
 
+    @GET
+    @Path("/projects/{projectCode}/relation/validate/batch")
+    @ApiOperation("校验用户是否有action的权限")
+    fun batchValidateUserResourcePermissionByRelation(
+        @HeaderParam(AUTH_HEADER_DEVOPS_USER_ID)
+        @ApiParam("待校验用户ID", required = true)
+        userId: String,
+        @HeaderParam(AUTH_HEADER_DEVOPS_BK_TOKEN)
+        @ApiParam("认证token", required = true)
+        token: String,
+        @QueryParam("action")
+        @ApiParam("action类型", required = true)
+        action: List<String>,
+        @PathParam("projectCode")
+        @ApiParam("项目Code", required = true)
+        projectCode: String,
+        @QueryParam("resourceCode")
+        @ApiParam("资源code", required = true)
+        resourceCode: String,
+        @QueryParam("resourceType")
+        @ApiParam("资源类型", required = true)
+        resourceType: String,
+        @QueryParam("relationResourceType")
+        @ApiParam("关联资源,一般为Project", required = false)
+        relationResourceType: String? = null
+    ): Result<Boolean>
+
     @GET
     @Path("/projects/{projectCode}/action/instance")
     @ApiOperation("获取用户某项目下指定资源action的实例列表")

diff --git a/...ain/kotlin/com/tencent/devops/auth/resources/service/ServicePermissionAuthResourceImpl.kt b/...ain/kotlin/com/tencent/devops/auth/resources/service/ServicePermissionAuthResourceImpl.kt
@@ -80,6 +80,33 @@ class ServicePermissionAuthResourceImpl @Autowired constructor(
         )
     }
 
+    override fun batchValidateUserResourcePermissionByRelation(
+        userId: String,
+        token: String,
+        action: List<String>,
+        projectCode: String,
+        resourceCode: String,
+        resourceType: String,
+        relationResourceType: String?
+    ): Result<Boolean> {
+        var actionCheckPermission = true
+        action.forEach {
+            val checkActionPermission = permissionService.validateUserResourcePermissionByRelation(
+                userId = userId,
+                action = it,
+                projectCode = projectCode,
+                resourceCode = resourceCode,
+                resourceType = resourceType,
+                relationResourceType = relationResourceType
+            )
+            if (!checkActionPermission) {
+                actionCheckPermission = false
+                return@forEach
+            }
+        }
+        return Result(actionCheckPermission)
+    }
+
     override fun getUserResourceByPermission(
         userId: String,
         token: String,