feat：项目成员管理优化 TencentBlueKing#10927

vhwweng · Sep 9, 2024 · 23387d6 · 23387d6
1 parent 0b6a6d1
commit 23387d6
Showing 1 changed file with 26 additions and 12 deletions.
diff --git a/...h/src/main/kotlin/com/tencent/devops/auth/resources/UserAuthResourceMemberResourceImpl.kt b/...h/src/main/kotlin/com/tencent/devops/auth/resources/UserAuthResourceMemberResourceImpl.kt
@@ -12,16 +12,20 @@ import com.tencent.devops.auth.pojo.vo.BatchOperateGroupMemberCheckVo
 import com.tencent.devops.auth.pojo.vo.GroupDetailsInfoVo
 import com.tencent.devops.auth.pojo.vo.MemberGroupCountWithPermissionsVo
 import com.tencent.devops.auth.service.iam.PermissionResourceMemberService
+import com.tencent.devops.auth.service.iam.PermissionService
 import com.tencent.devops.common.api.model.SQLPage
 import com.tencent.devops.common.api.pojo.Result
+import com.tencent.devops.common.auth.api.AuthPermission
+import com.tencent.devops.common.auth.api.AuthResourceType
 import com.tencent.devops.common.auth.api.BkManagerCheck
+import com.tencent.devops.common.auth.rbac.utils.RbacAuthUtils
 import com.tencent.devops.common.web.RestResource
 
 @RestResource
 class UserAuthResourceMemberResourceImpl(
-    private val permissionResourceMemberService: PermissionResourceMemberService
+    private val permissionResourceMemberService: PermissionResourceMemberService,
+    private val permissionService: PermissionService
 ) : UserAuthResourceMemberResource {
-    @BkManagerCheck
     override fun listProjectMembers(
         userId: String,
         projectId: String,
@@ -32,17 +36,27 @@ class UserAuthResourceMemberResourceImpl(
         page: Int,
         pageSize: Int
     ): Result<SQLPage<ResourceMemberInfo>> {
-        return Result(
-            permissionResourceMemberService.listProjectMembers(
-                projectCode = projectId,
-                memberType = memberType,
-                userName = userName,
-                deptName = deptName,
-                departedFlag = departedFlag ?: false,
-                page = page,
-                pageSize = pageSize
-            )
+        val hasVisitPermission = permissionService.validateUserResourcePermission(
+            userId = userId,
+            resourceType = AuthResourceType.PROJECT.value,
+            action = RbacAuthUtils.buildAction(AuthPermission.VISIT, AuthResourceType.PROJECT),
+            projectCode = projectId
         )
+        return if (!hasVisitPermission) {
+            Result(SQLPage(0, emptyList()))
+        } else {
+            Result(
+                permissionResourceMemberService.listProjectMembers(
+                    projectCode = projectId,
+                    memberType = memberType,
+                    userName = userName,
+                    deptName = deptName,
+                    departedFlag = departedFlag ?: false,
+                    page = page,
+                    pageSize = pageSize
+                )
+            )
+        }
     }
 
     @BkManagerCheck