Skip to content

Commit

Permalink
check permission add project and app name (#3038)
Browse files Browse the repository at this point in the history
* shared http transport (#3014)

* shared http transport

* disable connection pool

* not permission return project name and app name

Co-authored-by: RecallSong <13607438+recallsong@users.noreply.github.com>
  • Loading branch information
kakj-go and recallsong authored Nov 16, 2021
1 parent c581d45 commit 29ae6b2
Show file tree
Hide file tree
Showing 3 changed files with 142 additions and 1 deletion.
8 changes: 7 additions & 1 deletion apistructs/permission.go
Original file line number Diff line number Diff line change
Expand Up @@ -172,7 +172,13 @@ type PermissionList struct {
Exist bool `json:"exist"`

// 无权限(access=false)时,该字段返回联系人 ID 列表,例如无应用权限时,返回应用管理员列表
ContactsWhenNoPermission []string `json:"contactsWhenNoPermission,omitempty"`
ContactsWhenNoPermission []string `json:"contactsWhenNoPermission,omitempty"`
ScopeInfo *ScopeInfo `json:"scopeInfo"`
}

type ScopeInfo struct {
ProjectName string `json:"projectName"`
AppName string `json:"appName"`
}

// PermissionListResponse 权限列表响应信息
Expand Down
40 changes: 40 additions & 0 deletions modules/core-services/endpoints/permission.go
Original file line number Diff line number Diff line change
Expand Up @@ -203,11 +203,51 @@ func (e *Endpoints) ScopeRoleAccess(ctx context.Context, r *http.Request, vars m
for _, mem := range members {
permission.ContactsWhenNoPermission = append(permission.ContactsWhenNoPermission, mem.UserID)
}

permission, err = e.buildScopeInfo(accessReq, permission)
if err != nil {
return apierrors.ErrAccessPermission.InternalError(err).ToResp(), nil
}
}

return httpserver.OkResp(permission, permission.ContactsWhenNoPermission)
}

func (e *Endpoints) buildScopeInfo(accessReq apistructs.ScopeRoleAccessRequest, permission apistructs.PermissionList) (apistructs.PermissionList, error) {
queryScopeType := accessReq.Scope.Type
queryScopeID, err := strconv.ParseInt(accessReq.Scope.ID, 10, 64)
if err != nil {
return permission, err
}

// point appName
if queryScopeType == "app" {
app, err := e.app.Get(queryScopeID)
if err != nil {
return permission, err
}
if permission.ScopeInfo == nil {
permission.ScopeInfo = &apistructs.ScopeInfo{}
}
permission.ScopeInfo.AppName = app.Name
queryScopeType = "project"
queryScopeID = app.ProjectID
}

// point projectName
if queryScopeType == "project" {
project, err := e.project.GetModelProject(queryScopeID)
if err != nil {
return permission, err
}
if permission.ScopeInfo == nil {
permission.ScopeInfo = &apistructs.ScopeInfo{}
}
permission.ScopeInfo.ProjectName = project.DisplayName
}
return permission, nil
}

// 获取权限
func (e *Endpoints) getPermission(userID string, scopeType apistructs.ScopeType, scopeID int64) (apistructs.ScopeRole, error) {
// 若为系统管理员 & 查询系统范围权限,则返回true;若系统管理员查询企业/项目/应用等,应返回false
Expand Down
95 changes: 95 additions & 0 deletions modules/core-services/endpoints/permission_test.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,95 @@
// Copyright (c) 2021 Terminus, Inc.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package endpoints

import (
"reflect"
"testing"

"bou.ke/monkey"

"github.com/erda-project/erda/apistructs"
"github.com/erda-project/erda/modules/core-services/model"
"github.com/erda-project/erda/modules/core-services/services/application"
"github.com/erda-project/erda/modules/core-services/services/project"
)

func TestEndpoints_buildScopeInfo(t *testing.T) {
type args struct {
accessReq apistructs.ScopeRoleAccessRequest
permission apistructs.PermissionList
}
tests := []struct {
name string
args args
want apistructs.PermissionList
wantErr bool
}{
{
name: "test_app_name",
args: args{
accessReq: apistructs.ScopeRoleAccessRequest{
Scope: apistructs.Scope{
Type: "app",
ID: "1",
},
},
permission: apistructs.PermissionList{},
},
want: apistructs.PermissionList{
ScopeInfo: &apistructs.ScopeInfo{
ProjectName: "test",
AppName: "test",
},
},
wantErr: false,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
e := &Endpoints{}

var app = &application.Application{}

patch1 := monkey.PatchInstanceMethod(reflect.TypeOf(app), "Get", func(app *application.Application, applicationID int64) (*model.Application, error) {
return &model.Application{
Name: "test",
ProjectID: 1,
}, nil
})
defer patch1.Unpatch()

var pj = &project.Project{}
patch2 := monkey.PatchInstanceMethod(reflect.TypeOf(pj), "GetModelProject", func(project *project.Project, projectID int64) (*model.Project, error) {
return &model.Project{
DisplayName: "test",
}, nil
})
defer patch2.Unpatch()

e.app = app
e.project = pj

got, err := e.buildScopeInfo(tt.args.accessReq, tt.args.permission)
if (err != nil) != tt.wantErr {
t.Errorf("buildScopeInfo() error = %v, wantErr %v", err, tt.wantErr)
return
}
if !reflect.DeepEqual(got, tt.want) {
t.Errorf("buildScopeInfo() got = %v, want %v", got, tt.want)
}
})
}
}

0 comments on commit 29ae6b2

Please sign in to comment.