From 0ce0c7136cfbb567dbf1abff516cca044ee72ccb Mon Sep 17 00:00:00 2001
From: greysonfang <greysonfang@tencent.com>
Date: Mon, 5 Aug 2024 15:00:57 +0800
Subject: [PATCH] =?UTF-8?q?feat=EF=BC=9A=E6=94=AF=E6=8C=81=E7=AE=A1?=
 =?UTF-8?q?=E7=90=86=E5=91=98=E6=9F=A5=E7=9C=8B=E9=A1=B9=E7=9B=AE=E6=88=90?=
 =?UTF-8?q?=E5=91=98=20#9620?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../auth/dao/AuthResourceGroupMemberDao.kt    |  6 ++--
 .../RbacPermissionResourceMemberService.kt    | 33 ++++++++++++++++---
 2 files changed, 31 insertions(+), 8 deletions(-)

diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/dao/AuthResourceGroupMemberDao.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/dao/AuthResourceGroupMemberDao.kt
index e568e3f8649..7518d9621d8 100644
--- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/dao/AuthResourceGroupMemberDao.kt
+++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/dao/AuthResourceGroupMemberDao.kt
@@ -476,10 +476,10 @@ class AuthResourceGroupMemberDao {
         projectCode: String,
         memberId: String,
         iamTemplateIds: List<String>,
-        resourceType: String?,
+        resourceType: String? = null,
         iamGroupIds: List<Int>? = null,
-        offset: Int?,
-        limit: Int?
+        offset: Int? = null,
+        limit: Int? = null
     ): List<AuthResourceGroupMember> {
         val conditions = buildMemberGroupCondition(
             projectCode = projectCode,
diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/RbacPermissionResourceMemberService.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/RbacPermissionResourceMemberService.kt
index a3e7d3c50dc..e8d867e72b6 100644
--- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/RbacPermissionResourceMemberService.kt
+++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/RbacPermissionResourceMemberService.kt
@@ -36,6 +36,7 @@ import com.tencent.devops.common.api.exception.ErrorCodeException
 import com.tencent.devops.common.api.model.SQLPage
 import com.tencent.devops.common.api.util.DateTimeUtil
 import com.tencent.devops.common.api.util.PageUtil
+import com.tencent.devops.common.api.util.timestamp
 import com.tencent.devops.common.api.util.timestampmilli
 import com.tencent.devops.common.auth.api.AuthResourceType
 import com.tencent.devops.common.auth.api.pojo.BkAuthGroup
@@ -862,6 +863,7 @@ class RbacPermissionResourceMemberService constructor(
                 } else {
                     // 永久期限 不允许再续期
                     val groupCountOfPermanentExpiredTime = listMemberGroupsDetails(
+                        projectCode = projectCode,
                         memberId = conditionReq.targetMember.id,
                         memberType = conditionReq.targetMember.type,
                         groupIds = groupIdsOfDirectJoined
@@ -1027,6 +1029,7 @@ class RbacPermissionResourceMemberService constructor(
         ).first
         val targetMember = conditionReq.targetMember
         val memberGroupsDetailsList = listMemberGroupsDetails(
+            projectCode = projectCode,
             memberId = targetMember.id,
             memberType = targetMember.type,
             groupIds = groupIds
@@ -1131,6 +1134,7 @@ class RbacPermissionResourceMemberService constructor(
     }
 
     private fun listMemberGroupsDetails(
+        projectCode: String,
         memberId: String,
         memberType: String,
         groupIds: List<Int>
@@ -1141,11 +1145,30 @@ class RbacPermissionResourceMemberService constructor(
             CompletableFuture.supplyAsync(
                 {
                     memberGroupsDetailsList.addAll(
-                        iamV2ManagerService.listMemberGroupsDetails(
-                            memberType,
-                            memberId,
-                            it.joinToString(",")
-                        )
+                        // 若离职，则从数据库获取用户加入组的过期时间，调用iam接口会报错。
+                        // 虽然数据库的过期时间可能不是最新的。
+                        if (memberType == ManagerScopesEnum.getType(ManagerScopesEnum.USER) &&
+                            deptService.isUserDeparted(userId = memberId)) {
+                            val records = authResourceGroupMemberDao.listMemberGroupDetail(
+                                dslContext = dslContext,
+                                projectCode = projectCode,
+                                memberId = memberId,
+                                iamTemplateIds = emptyList(),
+                                iamGroupIds = it
+                            )
+                            records.map { record ->
+                                MemberGroupDetailsResponse().apply {
+                                    id = record.iamGroupId
+                                    expiredAt = record.expiredTime.timestamp()
+                                }
+                            }
+                        } else {
+                            iamV2ManagerService.listMemberGroupsDetails(
+                                memberType,
+                                memberId,
+                                it.joinToString(",")
+                            )
+                        }
                     )
                 }, executorService
             )