From 60ee9e84873e08b2320701cbffd2c5eed40d547f Mon Sep 17 00:00:00 2001
From: owenlxu <owenlxu@tencent.com>
Date: Tue, 26 Dec 2023 21:32:19 +0800
Subject: [PATCH 1/2] =?UTF-8?q?feat:=20=E6=9D=83=E9=99=90=E7=9B=B8?=
 =?UTF-8?q?=E5=85=B3=E6=8E=A5=E5=8F=A3=E5=85=81=E8=AE=B8=E9=A1=B9=E7=9B=AE?=
 =?UTF-8?q?=E7=AE=A1=E7=90=86=E5=91=98=E8=AE=BF=E9=97=AE=20#1594?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 docs/apidoc/auth/permission.md                | 285 +-----------------
 .../tencent/bkrepo/auth/constant/Constants.kt |  11 +-
 .../controller/user/PermissionController.kt   |  47 +--
 .../auth/interceptor/AuthInterceptor.kt       |  16 +-
 .../bkrepo/auth/service/PermissionService.kt  |  15 +-
 .../service/local/PermissionServiceImpl.kt    |  65 +---
 .../bkrepo/auth/PermissionServiceTest.kt      |  52 ----
 7 files changed, 55 insertions(+), 436 deletions(-)

diff --git a/docs/apidoc/auth/permission.md b/docs/apidoc/auth/permission.md
index fe0681f04a..382a4e4523 100644
--- a/docs/apidoc/auth/permission.md
+++ b/docs/apidoc/auth/permission.md
@@ -410,44 +410,7 @@
 |departments|string array|部门id|the department id|
 |actions|string array|action id|the action id|
 
-### 更新权限绑定仓库
 
-- API: PUT /auth/api/permission/repo
-- 功能说明：
-	- 中文：更新权限绑定仓库
-	- English：update permission repo
-- input body:
-
-``` json
-{
-    "permissionId":"5ea4f6608c165f702f5bd41e",
-    "repos":[
-        "owen",
-        "tt"
-    ]
-}
-```
-- input 字段说明
-
-
-|字段|类型|是否必须|默认值|说明|Description|
-|---|---|---|---|---|---|
-|permissionId|string|是|无|角色主键id|the permission primary key|
-|repos|string array|是|[]|仓库名称列表|the repo name array|
-
-- output:
-
-```
-
-```
-- output 字段说明
-
-| 字段|类型|说明|Description|
-|---|---|---|---|
-|code|bool|错误编码。 0表示success，>0表示失败错误 |0:success, other: failure|
-|message|result message|错误消息 |the failure message |
-|data | object array | result data,具体字段见创建请求 |the data for response|
-|traceId|string|请求跟踪id|the trace id|
 
 ### 更新权限绑定用户
 
@@ -496,250 +459,4 @@
 |code|bool|错误编码。 0表示success，>0表示失败错误 |0:success, other: failure|
 |message|result message|错误消息 |the failure message |
 |data | bool | the request result |the request result|
-|traceId|string|请求跟踪id|the trace id|
-
-### 更新权限绑定角色
-
-- API:PUT /auth/api/permission/role
-- API 名称: update_permission_role
-- 功能说明：
-	- 中文：更新权限绑定角色
-	- English：update permission role
-
-- input body:
-
-``` json
-{
-    "permissionId":"5ea4f6608c165f702f5bd41e",
-    "rId":[
-        "ops",
-        "dev"
-    ]
-}
-```
-
-- input 字段说明
-
-|字段|类型|是否必须|默认值|说明|Description|
-|---|---|---|---|---|---|
-|permissionId|string|是|无|角色主键id|the permission primary key|
-|rId|string array|是|[]|角色主键id列表|the role id primary key array|
-
-- output:
-
-```
-{
-    "code":0,
-    "data":true,
-    "message":"",
-    "traceId":""
-}
-
-```
-- output 字段说明
-
-| 字段|类型|说明|Description|
-|---|---|---|---|
-|code|bool|错误编码。 0表示success，>0表示失败错误 |0:success, other: failure|
-|message|result message|错误消息 |the failure message |
-|data | bool | the request result |the request result|
-|traceId|string|请求跟踪id|the trace id|
-
-
-### 更新权限绑定部门
-
-- API:PUT /auth/api/permission/department
-- API 名称: update_permission_department
-- 功能说明：
-	- 中文：更新角色绑定部门
-	- English：update permission department 
-
-- input body:
-
-``` json
-{
-    "permissionId":"5ea4f6608c165f702f5bd41e",
-    "departmentId":[
-        "ops",
-        "dev"
-    ]
-}
-```
-
-- input 字段说明
-
-|字段|类型|是否必须|默认值|说明|Description|
-|---|---|---|---|---|---|
-|permissionId|string|是|无|角色主键id|the permission primary key|
-|departmentId|string array|是|[]|部门id列表|the department id array|
-
-- output:
-
-```
-{
-    "code":0,
-    "data":true,
-    "message":"",
-    "traceId":""
-}
-
-```
-- output 字段说明
-
-| 字段|类型|说明|Description|
-|---|---|---|---|
-|code|bool|错误编码。 0表示success，>0表示失败错误 |0:success, other: failure|
-|message|result message|错误消息 |the failure message |
-|data | bool | the request result |the request result|
-|traceId|string|请求跟踪id|the trace id|
-
-### 更新权限绑定动作
-
-- API:PUT /auth/api/permission/action
-- API 名称: update_permission_action
-- 功能说明：
-	- 中文：更新角色绑定动作
-	- English：update permission department 
-
-- input body:
-
-``` json
-{
-    "permissionId":"5ea4f6608c165f702f5bd41e",
-    "actions":[
-        "ops",
-        "dev"
-    ]
-}
-```
-
-- input 字段说明
-
-|字段|类型|是否必须|默认值|说明|Description|
-|---|---|---|---|---|---|
-|permissionId|string|是|无|角色主键id|the permission primary key|
-|actions|string array|是|[]|动作列表|the action list|
-
-- output:
-
-```
-{
-    "code":0,
-    "data":true,
-    "message":"",
-    "traceId":""
-}
-
-```
-- output 字段说明
-
-| 字段|类型|说明|Description|
-|---|---|---|---|
-|code|bool|错误编码。 0表示success，>0表示失败错误 |0:success, other: failure|
-|message|result message|错误消息 |the failure message |
-|data | bool | the request result |the request result|
-|traceId|string|请求跟踪id|the trace id|
-
-
-### 更新权限包含路径
-
-- API: PUT /auth/api/permission/includePath
-- API 名称: update_include_path
-- 功能说明：
-	- 中文：更新权限包含路径
-	- English：update permission include path
-- input body:
-
-``` json
-{
-    "permissionId":"5ea4f6608c165f702f5bd41e",
-    "path":[
-        "/path1",
-        "/path2"
-    ]
-}
-```
-
-- input 字段说明
-
-|字段|类型|是否必须|默认值|说明|Description|
-|---|---|---|---|---|---|
-|permissionId|string|是|无|角色主键id|the permission primary key|
-|path|string array|是|[]|路径列表|the path list|
-
-- output:
-```
-{
-    "code":0,
-    "message":null,
-    "data":true,
-    "traceId":""
-}
-
-```
-- output 字段说明
-
-| 字段|类型|说明|Description|
-|---|---|---|---|
-|code|bool|错误编码。 0表示success，>0表示失败错误 |0:success, other: failure|
-|message|result message|错误消息 |the failure message |
-|data | bool | result data |the data for response|
-|traceId|string|请求跟踪id|the trace id|
-
-
-### 更新权限排除路径
-
-- API: PUT /auth/api/permission/excludePath
-
-- API 名称: update_exclude_path
-- 功能说明：
-	- 中文：更新权限排除路径
-	- English：update permission exclude path
-
-- input body:
-
-``` json
-{
-    "permissionId":"5ea4f6608c165f702f5bd41e",
-    "path":[
-        "/path1",
-        "/path2"
-    ]
-}
-```
-
-- input 字段说明
-
-|字段|类型|是否必须|默认值|说明|Description|
-|---|---|---|---|---|---|
-|permissionId|string|是|无|角色主键id|the permission primary key|
-|path|string array|是|[]|路径列表|the path list|
-
-- output:
-
-```
-{
-    "code":0,
-    "message":null,
-    "data":true,
-    "traceId":""
-}
-
-```
-- output 字段说明
-
-| 字段|类型|说明|Description|
-|---|---|---|---|
-|code|bool|错误编码。 0表示success，>0表示失败错误 |0:success, other: failure|
-|message|result message|错误消息 |the failure message |
-|data | bool | result data |the data for response|
-|traceId|string|请求跟踪id|the trace id|
-
-
-
-
-
-
-
-
-
+|traceId|string|请求跟踪id|the trace id|
\ No newline at end of file
diff --git a/src/backend/auth/api-auth/src/main/kotlin/com/tencent/bkrepo/auth/constant/Constants.kt b/src/backend/auth/api-auth/src/main/kotlin/com/tencent/bkrepo/auth/constant/Constants.kt
index 436e2c7baa..5fa2cfcab6 100644
--- a/src/backend/auth/api-auth/src/main/kotlin/com/tencent/bkrepo/auth/constant/Constants.kt
+++ b/src/backend/auth/api-auth/src/main/kotlin/com/tencent/bkrepo/auth/constant/Constants.kt
@@ -98,8 +98,7 @@ const val AUTH_API_TOKEN_PREFIX = "api/user/token"
 const val AUTH_API_USER_LIST_PREFIX = "api/user/list"
 const val AUTH_API_INFO_PREFIX = "api/user/info"
 const val AUTH_API_ROLE_SYS_LIST_PREFIX = "api/role/sys/list"
-const val AUTH_API_PERMISSION_LIST_PREFIX = "api/permission/list/inproject"
-const val AUTH_API_PERMISSION_USER_PREFIX = "api/permission/user"
+
 const val AUTH_API_USER_UPDATE_PREFIX = "api/user/update/info"
 const val AUTH_API_USER_DELETE_PREFIX = "api/user/delete"
 const val AUTH_API_USER_ASSET_USER_GROUP_PREFIX = "api/user/group"
@@ -113,6 +112,14 @@ const val AUTH_CLUSTER_PERMISSION_CHECK_PREFIX = "/cluster/permission/check"
 const val AUTH_API_EXT_PERMISSION_PREFIX = "/api/ext-permission"
 const val AUTH_SERVICE_EXT_PERMISSION_PREFIX = "/service/ext-permission"
 
+const val AUTH_API_PERMISSION_LIST_PREFIX = "/api/permission/list"
+const val AUTH_API_PERMISSION_CREATE_PREFIX = "/api/permission/create"
+const val AUTH_API_PERMISSION_DELETE_PREFIX = "/api/permission/delete"
+const val AUTH_API_PERMISSION_UPDATE_PREFIX = "/api/permission/update/config"
+
+const val AUTH_API_PERMISSION_LIST_IN_PROJECT_PREFIX = "api/permission/list/inproject"
+const val AUTH_API_PERMISSION_USER_PREFIX = "api/permission/user"
+
 const val AUTH_ADMIN = "admin"
 const val AUTH_BUILTIN_ADMIN = "repo_admin"
 const val AUTH_BUILTIN_USER = "repo_user"
diff --git a/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/controller/user/PermissionController.kt b/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/controller/user/PermissionController.kt
index 9197c129f2..e6c014f2f2 100644
--- a/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/controller/user/PermissionController.kt
+++ b/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/controller/user/PermissionController.kt
@@ -35,11 +35,7 @@ import com.tencent.bkrepo.auth.constant.AUTH_API_PERMISSION_PREFIX
 import com.tencent.bkrepo.auth.pojo.permission.CheckPermissionRequest
 import com.tencent.bkrepo.auth.pojo.permission.CreatePermissionRequest
 import com.tencent.bkrepo.auth.pojo.permission.Permission
-import com.tencent.bkrepo.auth.pojo.permission.UpdatePermissionActionRequest
-import com.tencent.bkrepo.auth.pojo.permission.UpdatePermissionDepartmentRequest
-import com.tencent.bkrepo.auth.pojo.permission.UpdatePermissionPathRequest
 import com.tencent.bkrepo.auth.pojo.permission.UpdatePermissionRepoRequest
-import com.tencent.bkrepo.auth.pojo.permission.UpdatePermissionRoleRequest
 import com.tencent.bkrepo.auth.pojo.permission.UpdatePermissionUserRequest
 import com.tencent.bkrepo.auth.controller.OpenResource
 import com.tencent.bkrepo.auth.service.PermissionService
@@ -67,6 +63,11 @@ class PermissionController @Autowired constructor(
     @PostMapping("/create")
     fun createPermission(@RequestBody request: CreatePermissionRequest): Response<Boolean> {
         // todo check request
+        if (request.projectId != null) {
+            preCheckProjectAdmin(request.projectId)
+        } else {
+            preCheckUserAdmin()
+        }
         return ResponseBuilder.success(permissionService.createPermission(request))
     }
 
@@ -96,6 +97,7 @@ class PermissionController @Autowired constructor(
     @ApiOperation("权限列表")
     @GetMapping("/list")
     fun listPermission(@RequestParam projectId: String, @RequestParam repoName: String?): Response<List<Permission>> {
+        preCheckProjectAdmin(projectId)
         return ResponseBuilder.success(permissionService.listPermission(projectId, repoName))
     }
 
@@ -111,21 +113,15 @@ class PermissionController @Autowired constructor(
     @ApiOperation("删除权限")
     @DeleteMapping("/delete/{id}")
     fun deletePermission(@PathVariable id: String): Response<Boolean> {
+        val permission = permissionService.getPermission(id) ?: return ResponseBuilder.success(false)
+        if (permission.projectId != null) {
+            preCheckProjectAdmin(permission.projectId)
+        } else {
+            preCheckUserAdmin()
+        }
         return ResponseBuilder.success(permissionService.deletePermission(id))
     }
 
-    @ApiOperation("更新权限include path")
-    @PutMapping("/includePath")
-    fun updateIncludePermissionPath(@RequestBody request: UpdatePermissionPathRequest): Response<Boolean> {
-        return ResponseBuilder.success(permissionService.updateIncludePath(request))
-    }
-
-    @ApiOperation("更新权限exclude path")
-    @PutMapping("/excludePath")
-    fun updateExcludePermissionPath(@RequestBody request: UpdatePermissionPathRequest): Response<Boolean> {
-        return ResponseBuilder.success(permissionService.updateExcludePath(request))
-    }
-
     @ApiOperation("更新权限权限绑定repo")
     @PutMapping("/repo")
     fun updatePermissionRepo(@RequestBody request: UpdatePermissionRepoRequest): Response<Boolean> {
@@ -143,25 +139,6 @@ class PermissionController @Autowired constructor(
         return ResponseBuilder.success(permissionService.updatePermissionUser(request))
     }
 
-    @ApiOperation("更新权限绑定角色")
-    @PutMapping("/role")
-    fun updatePermissionRole(@RequestBody request: UpdatePermissionRoleRequest): Response<Boolean> {
-        return ResponseBuilder.success(permissionService.updatePermissionRole(request))
-    }
-
-    @ApiOperation("更新权限绑定部门")
-    @PutMapping("/department")
-    fun updatePermissionDepartment(@RequestBody request: UpdatePermissionDepartmentRequest): Response<Boolean> {
-        return ResponseBuilder.success(permissionService.updatePermissionDepartment(request))
-    }
-
-    @ApiOperation("更新权限绑定动作")
-    @PutMapping("/action")
-    fun updatePermissionAction(@RequestBody request: UpdatePermissionActionRequest): Response<Boolean> {
-        return ResponseBuilder.success(permissionService.updatePermissionAction(request))
-    }
-
-
     @ApiOperation("获取项目内置权限列表")
     @GetMapping("/list/inproject")
     fun listProjectBuiltinPermission(
diff --git a/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/interceptor/AuthInterceptor.kt b/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/interceptor/AuthInterceptor.kt
index 584cd1d62e..7b97ef6170 100644
--- a/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/interceptor/AuthInterceptor.kt
+++ b/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/interceptor/AuthInterceptor.kt
@@ -37,7 +37,7 @@ import com.tencent.bkrepo.auth.constant.AUTH_API_EXT_PERMISSION_PREFIX
 import com.tencent.bkrepo.auth.constant.AUTH_API_INFO_PREFIX
 import com.tencent.bkrepo.auth.constant.AUTH_API_KEY_PREFIX
 import com.tencent.bkrepo.auth.constant.AUTH_API_OAUTH_PREFIX
-import com.tencent.bkrepo.auth.constant.AUTH_API_PERMISSION_LIST_PREFIX
+import com.tencent.bkrepo.auth.constant.AUTH_API_PERMISSION_LIST_IN_PROJECT_PREFIX
 import com.tencent.bkrepo.auth.constant.AUTH_API_PERMISSION_USER_PREFIX
 import com.tencent.bkrepo.auth.constant.AUTH_API_PROJECT_ADMIN_PREFIX
 import com.tencent.bkrepo.auth.constant.AUTH_API_ROLE_SYS_LIST_PREFIX
@@ -58,6 +58,10 @@ import com.tencent.bkrepo.auth.constant.AUTH_PROJECT_SUFFIX
 import com.tencent.bkrepo.auth.constant.AUTH_REPO_SUFFIX
 import com.tencent.bkrepo.auth.constant.BASIC_AUTH_HEADER_PREFIX
 import com.tencent.bkrepo.auth.constant.PLATFORM_AUTH_HEADER_PREFIX
+import com.tencent.bkrepo.auth.constant.AUTH_API_PERMISSION_LIST_PREFIX
+import com.tencent.bkrepo.auth.constant.AUTH_API_PERMISSION_CREATE_PREFIX
+import com.tencent.bkrepo.auth.constant.AUTH_API_PERMISSION_DELETE_PREFIX
+import com.tencent.bkrepo.auth.constant.AUTH_API_PERMISSION_UPDATE_PREFIX
 import com.tencent.bkrepo.auth.pojo.oauth.AuthorizationGrantType
 import com.tencent.bkrepo.auth.pojo.user.CreateUserRequest
 import com.tencent.bkrepo.auth.service.AccountService
@@ -249,14 +253,18 @@ class AuthInterceptor(
 
         private val logger = LoggerFactory.getLogger(AuthInterceptor::class.java)
 
-        // 项目内权限校验api,开放给basic访问
+        // 项目内权限校验api, 开放给项目内有权限用户使用，具体校验权限在方法内
         private val userProjectApiSet = setOf(
             AUTH_REPO_SUFFIX,
             AUTH_PROJECT_SUFFIX,
             AUTH_API_ACCOUNT_PREFIX,
             AUTH_API_KEY_PREFIX,
             AUTH_API_OAUTH_PREFIX,
-            AUTH_API_EXT_PERMISSION_PREFIX
+            AUTH_API_EXT_PERMISSION_PREFIX,
+            AUTH_API_PERMISSION_LIST_PREFIX,
+            AUTH_API_PERMISSION_CREATE_PREFIX,
+            AUTH_API_PERMISSION_DELETE_PREFIX,
+            AUTH_API_PERMISSION_UPDATE_PREFIX
         )
 
         // 普通用户可访问api,开放给basic and platform用户访问
@@ -268,7 +276,7 @@ class AuthInterceptor(
             AUTH_API_USER_LIST_PREFIX,
             AUTH_API_INFO_PREFIX,
             AUTH_API_ROLE_SYS_LIST_PREFIX,
-            AUTH_API_PERMISSION_LIST_PREFIX,
+            AUTH_API_PERMISSION_LIST_IN_PROJECT_PREFIX,
             AUTH_API_PERMISSION_USER_PREFIX,
             AUTH_API_USER_UPDATE_PREFIX,
             AUTH_API_USER_DELETE_PREFIX,
diff --git a/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/service/PermissionService.kt b/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/service/PermissionService.kt
index ec854b23a6..66ea607b23 100644
--- a/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/service/PermissionService.kt
+++ b/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/service/PermissionService.kt
@@ -58,6 +58,11 @@ interface PermissionService {
      */
     fun listPermissionRepo(projectId: String, userId: String, appId: String?): List<String>
 
+    /**
+     * 获取权限详情
+     */
+    fun getPermission(permissionId: String): Permission?
+
     /**
      * 获取有权限的项目列表
      */
@@ -71,20 +76,10 @@ interface PermissionService {
 
     fun deletePermission(id: String): Boolean
 
-    fun updateIncludePath(request: UpdatePermissionPathRequest): Boolean
-
-    fun updateExcludePath(request: UpdatePermissionPathRequest): Boolean
-
     fun updateRepoPermission(request: UpdatePermissionRepoRequest): Boolean
 
     fun updatePermissionUser(request: UpdatePermissionUserRequest): Boolean
 
-    fun updatePermissionRole(request: UpdatePermissionRoleRequest): Boolean
-
-    fun updatePermissionDepartment(request: UpdatePermissionDepartmentRequest): Boolean
-
-    fun updatePermissionAction(request: UpdatePermissionActionRequest): Boolean
-
     fun listProjectBuiltinPermission(projectId: String): List<Permission>
 
 }
diff --git a/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/service/local/PermissionServiceImpl.kt b/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/service/local/PermissionServiceImpl.kt
index 7bca0437f1..a011f2996e 100644
--- a/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/service/local/PermissionServiceImpl.kt
+++ b/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/service/local/PermissionServiceImpl.kt
@@ -129,22 +129,6 @@ open class PermissionServiceImpl constructor(
         return false
     }
 
-    override fun updateIncludePath(request: UpdatePermissionPathRequest): Boolean {
-        logger.info("update include path request :[$request]")
-        with(request) {
-            checkPermissionExist(permissionId)
-            return updatePermissionById(permissionId, TPermission::includePattern.name, path)
-        }
-    }
-
-    override fun updateExcludePath(request: UpdatePermissionPathRequest): Boolean {
-        logger.info("update exclude path request :[$request]")
-        with(request) {
-            checkPermissionExist(permissionId)
-            return updatePermissionById(permissionId, TPermission::excludePattern.name, path)
-        }
-    }
-
     override fun updateRepoPermission(request: UpdatePermissionRepoRequest): Boolean {
         logger.info("update repo permission request :  [$request]")
         with(request) {
@@ -170,7 +154,7 @@ open class PermissionServiceImpl constructor(
                 removeUserFromRoleBatchCommon(removeRoleUserList, adminRoleId)
                 removeUserFromRoleBatchCommon(addRoleUserList, commonRoleId!!)
                 return true
-            //  update project common user
+                //  update project common user
             } else if (permissionId == PROJECT_VIEWER_ID) {
                 val createUserRequest = RequestUtil.buildProjectViewerRequest(projectId!!)
                 val createAdminRequest = RequestUtil.buildProjectAdminRequest(projectId)
@@ -192,30 +176,6 @@ open class PermissionServiceImpl constructor(
         }
     }
 
-    override fun updatePermissionRole(request: UpdatePermissionRoleRequest): Boolean {
-        logger.info("update permission role request:[$request]")
-        with(request) {
-            checkPermissionExist(permissionId)
-            return updatePermissionById(permissionId, TPermission::roles.name, rId)
-        }
-    }
-
-    override fun updatePermissionDepartment(request: UpdatePermissionDepartmentRequest): Boolean {
-        logger.info("update  permission department request:[$request]")
-        with(request) {
-            checkPermissionExist(permissionId)
-            return updatePermissionById(permissionId, TPermission::departments.name, departmentId)
-        }
-    }
-
-    override fun updatePermissionAction(request: UpdatePermissionActionRequest): Boolean {
-        logger.info("update permission action request:[$request]")
-        with(request) {
-            checkPermissionExist(permissionId)
-            return updatePermissionById(permissionId, TPermission::actions.name, actions)
-        }
-    }
-
     override fun checkPermission(request: CheckPermissionRequest): Boolean {
         logger.debug("check permission  request : [$request] ")
 
@@ -261,12 +221,12 @@ open class PermissionServiceImpl constructor(
     private fun checkProjectUser(request: CheckPermissionRequest, roles: List<String>): Boolean {
         var queryRoles = emptyList<String>()
         if (roles.isNotEmpty() && request.projectId != null) {
-            queryRoles = roles.filter { !it.isNullOrEmpty()  }.toList()
+            queryRoles = roles.filter { !it.isNullOrEmpty() }.toList()
         }
         if (queryRoles.isEmpty()) return false
 
-        if(roleRepository.findByIdIn(queryRoles).
-            any { tRole -> tRole.projectId == request.projectId && tRole.roleId == PROJECT_VIEWER_ID }
+        if (roleRepository.findByIdIn(queryRoles)
+                .any { tRole -> tRole.projectId == request.projectId && tRole.roleId == PROJECT_VIEWER_ID }
             && request.action == READ.toString()
         ) {
             return true
@@ -347,7 +307,7 @@ open class PermissionServiceImpl constructor(
         projectList.addAll(getNoAdminUserProject(userId))
 
         // 取用户关联角色关联的项目
-        if(user.roles.isNotEmpty()) projectList.addAll(getUserCommonRoleProject(user.roles))
+        if (user.roles.isNotEmpty()) projectList.addAll(getUserCommonRoleProject(user.roles))
 
         if (user.roles.isEmpty()) {
             return projectList.distinct()
@@ -371,6 +331,13 @@ open class PermissionServiceImpl constructor(
         return projectList.distinct()
     }
 
+    override fun getPermission(permissionId: String): Permission? {
+        val result = permissionRepository.findFirstById(permissionId) ?: run {
+            return null
+        }
+        return PermRequestUtil.convToPermission(result)
+    }
+
     override fun listPermissionRepo(projectId: String, userId: String, appId: String?): List<String> {
         logger.debug("list repo permission request : [$projectId, $userId] ")
         val user = userRepository.findFirstByUserId(userId) ?: run {
@@ -387,7 +354,7 @@ open class PermissionServiceImpl constructor(
         // 用户为项目管理员
         if (isUserLocalProjectAdmin(userId, projectId)) return getAllRepoByProjectId(projectId)
 
-        if (isUserLocalProjectUser(roles,projectId)) return getAllRepoByProjectId(projectId)
+        if (isUserLocalProjectUser(roles, projectId)) return getAllRepoByProjectId(projectId)
 
         val repoList = mutableListOf<String>()
 
@@ -439,7 +406,7 @@ open class PermissionServiceImpl constructor(
 
     private fun getUserCommonRoleProject(roles: List<String>): List<String> {
         val projectList = mutableListOf<String>()
-        roleRepository.findByIdIn(roles).forEach{
+        roleRepository.findByIdIn(roles).forEach {
             if (it.projectId.isNotEmpty() && it.roleId == PROJECT_VIEWER_ID) {
                 projectList.add(it.projectId)
             }
@@ -549,7 +516,7 @@ open class PermissionServiceImpl constructor(
             createAt = LocalDateTime.now(),
             updateAt = LocalDateTime.now()
         )
-        val projectViewer = Permission (
+        val projectViewer = Permission(
             id = PROJECT_VIEWER_ID,
             resourceType = ResourceType.PROJECT.toString(),
             projectId = projectId,
@@ -559,7 +526,7 @@ open class PermissionServiceImpl constructor(
             updatedBy = SecurityUtils.getUserId(),
             createAt = LocalDateTime.now(),
             updateAt = LocalDateTime.now()
-            )
+        )
         return listOf(projectManager, projectViewer)
     }
 
diff --git a/src/backend/auth/boot-auth/src/test/kotlin/com/tencent/bkrepo/auth/PermissionServiceTest.kt b/src/backend/auth/boot-auth/src/test/kotlin/com/tencent/bkrepo/auth/PermissionServiceTest.kt
index 62f649331e..220b3d8765 100644
--- a/src/backend/auth/boot-auth/src/test/kotlin/com/tencent/bkrepo/auth/PermissionServiceTest.kt
+++ b/src/backend/auth/boot-auth/src/test/kotlin/com/tencent/bkrepo/auth/PermissionServiceTest.kt
@@ -257,42 +257,6 @@ class PermissionServiceTest {
         }
     }
 
-    @DisplayName("修改包含路径测试用例")
-    fun updateIncludePathTest() {
-        assertThrows<ErrorCodeException> {
-            permissionService.updateIncludePath(
-                UpdatePermissionPathRequest(
-                    "test_test",
-                    listOf("/include")
-                )
-            )
-        }
-        permissionService.createPermission(createPermissionRequest(permName = "查询信息权限测试", projectId = "test"))
-        permissionService.listPermission("test", null).forEach {
-            val request = UpdatePermissionPathRequest(it.id!!, listOf("/include"))
-            val updateIncludePath = permissionService.updateIncludePath(request)
-            Assertions.assertTrue(updateIncludePath)
-        }
-    }
-
-    @DisplayName("修改排除路径测试用例")
-    fun updateExcludePathTest() {
-        assertThrows<ErrorCodeException> {
-            permissionService.updateExcludePath(
-                UpdatePermissionPathRequest(
-                    "test_test",
-                    listOf("/exclude")
-                )
-            )
-        }
-        permissionService.createPermission(createPermissionRequest(permName = "查询信息权限测试", projectId = "test"))
-        permissionService.listPermission("test", null).forEach {
-            val request = UpdatePermissionPathRequest(it.id!!, listOf("/exclude"))
-            val updateExcludePath = permissionService.updateExcludePath(request)
-            Assertions.assertTrue(updateExcludePath)
-        }
-    }
-
     @DisplayName("更新权限绑定repo测试")
     fun updateRepoPermissionTest() {
         assertThrows<ErrorCodeException> {
@@ -325,22 +289,6 @@ class PermissionServiceTest {
         }
     }
 
-    @DisplayName("更新权限绑定角色测试")
-    fun updateRolePermissionTest() {
-        val rid = roleService.createRole(createRoleRequest())!!
-        assertThrows<ErrorCodeException> {
-            permissionService.updatePermissionRole(
-                UpdatePermissionRoleRequest("test_test", listOf(rid))
-            )
-        }
-        permissionService.createPermission(createPermissionRequest(permName = "查询信息权限测试", projectId = "test"))
-        permissionService.listPermission("test", null).forEach {
-            val request = UpdatePermissionRoleRequest(it.id!!, listOf(rid))
-            val updateStatus = permissionService.updatePermissionRole(request)
-            Assertions.assertTrue(updateStatus)
-        }
-    }
-
     private fun createUserRequest(
         id: String = userId,
         admin: Boolean = false

From dd3897c1305dddc4f876217eb24b5ba7731e30a0 Mon Sep 17 00:00:00 2001
From: owenlxu <owenlxu@tencent.com>
Date: Tue, 26 Dec 2023 21:40:37 +0800
Subject: [PATCH 2/2] =?UTF-8?q?feat:=20=E6=9D=83=E9=99=90=E7=9B=B8?=
 =?UTF-8?q?=E5=85=B3=E6=8E=A5=E5=8F=A3=E5=85=81=E8=AE=B8=E9=A1=B9=E7=9B=AE?=
 =?UTF-8?q?=E7=AE=A1=E7=90=86=E5=91=98=E8=AE=BF=E9=97=AE=20#1594?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../com/tencent/bkrepo/auth/service/PermissionService.kt      | 4 ----
 .../bkrepo/auth/service/local/PermissionServiceImpl.kt        | 4 ----
 .../kotlin/com/tencent/bkrepo/auth/PermissionServiceTest.kt   | 2 --
 3 files changed, 10 deletions(-)

diff --git a/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/service/PermissionService.kt b/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/service/PermissionService.kt
index 66ea607b23..ed64fa293e 100644
--- a/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/service/PermissionService.kt
+++ b/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/service/PermissionService.kt
@@ -34,11 +34,7 @@ package com.tencent.bkrepo.auth.service
 import com.tencent.bkrepo.auth.pojo.permission.CheckPermissionRequest
 import com.tencent.bkrepo.auth.pojo.permission.CreatePermissionRequest
 import com.tencent.bkrepo.auth.pojo.permission.Permission
-import com.tencent.bkrepo.auth.pojo.permission.UpdatePermissionActionRequest
-import com.tencent.bkrepo.auth.pojo.permission.UpdatePermissionDepartmentRequest
-import com.tencent.bkrepo.auth.pojo.permission.UpdatePermissionPathRequest
 import com.tencent.bkrepo.auth.pojo.permission.UpdatePermissionRepoRequest
-import com.tencent.bkrepo.auth.pojo.permission.UpdatePermissionRoleRequest
 import com.tencent.bkrepo.auth.pojo.permission.UpdatePermissionUserRequest
 
 interface PermissionService {
diff --git a/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/service/local/PermissionServiceImpl.kt b/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/service/local/PermissionServiceImpl.kt
index a011f2996e..c968ab2605 100644
--- a/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/service/local/PermissionServiceImpl.kt
+++ b/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/service/local/PermissionServiceImpl.kt
@@ -50,11 +50,7 @@ import com.tencent.bkrepo.auth.pojo.enums.RoleType
 import com.tencent.bkrepo.auth.pojo.permission.CheckPermissionRequest
 import com.tencent.bkrepo.auth.pojo.permission.CreatePermissionRequest
 import com.tencent.bkrepo.auth.pojo.permission.Permission
-import com.tencent.bkrepo.auth.pojo.permission.UpdatePermissionActionRequest
-import com.tencent.bkrepo.auth.pojo.permission.UpdatePermissionDepartmentRequest
-import com.tencent.bkrepo.auth.pojo.permission.UpdatePermissionPathRequest
 import com.tencent.bkrepo.auth.pojo.permission.UpdatePermissionRepoRequest
-import com.tencent.bkrepo.auth.pojo.permission.UpdatePermissionRoleRequest
 import com.tencent.bkrepo.auth.pojo.permission.UpdatePermissionUserRequest
 import com.tencent.bkrepo.auth.repository.AccountRepository
 import com.tencent.bkrepo.auth.repository.PermissionRepository
diff --git a/src/backend/auth/boot-auth/src/test/kotlin/com/tencent/bkrepo/auth/PermissionServiceTest.kt b/src/backend/auth/boot-auth/src/test/kotlin/com/tencent/bkrepo/auth/PermissionServiceTest.kt
index 220b3d8765..0f9c5af809 100644
--- a/src/backend/auth/boot-auth/src/test/kotlin/com/tencent/bkrepo/auth/PermissionServiceTest.kt
+++ b/src/backend/auth/boot-auth/src/test/kotlin/com/tencent/bkrepo/auth/PermissionServiceTest.kt
@@ -36,9 +36,7 @@ import com.tencent.bkrepo.auth.pojo.enums.ResourceType
 import com.tencent.bkrepo.auth.pojo.enums.RoleType
 import com.tencent.bkrepo.auth.pojo.permission.CheckPermissionRequest
 import com.tencent.bkrepo.auth.pojo.permission.CreatePermissionRequest
-import com.tencent.bkrepo.auth.pojo.permission.UpdatePermissionPathRequest
 import com.tencent.bkrepo.auth.pojo.permission.UpdatePermissionRepoRequest
-import com.tencent.bkrepo.auth.pojo.permission.UpdatePermissionRoleRequest
 import com.tencent.bkrepo.auth.pojo.permission.UpdatePermissionUserRequest
 import com.tencent.bkrepo.auth.pojo.role.CreateRoleRequest
 import com.tencent.bkrepo.auth.pojo.user.CreateUserRequest