Merge pull request #10910 from fcfang123/issue-10892

feat：项目成员支持按照过期时间/用户组名称搜索 #10892

src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/user/UserAuthResourceGroupResource.kt

@@ -92,6 +92,15 @@ interface UserAuthResourceGroupResource {
         @QueryParam("memberId")
         @Parameter(description = "组织ID/成员ID")
         memberId: String,
+        @QueryParam("groupName")
+        @Parameter(description = "用户组名称")
+        groupName: String?,
+        @QueryParam("minExpiredAt")
+        @Parameter(description = "最小过期时间")
+        minExpiredAt: Long?,
+        @QueryParam("maxExpiredAt")
+        @Parameter(description = "最大过期时间")
+        maxExpiredAt: Long?,
         @Parameter(description = "起始位置,从0开始")
         @QueryParam("start")
         start: Int,

src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/user/UserAuthResourceMemberResource.kt

@@ -6,6 +6,7 @@ import com.tencent.devops.auth.pojo.request.GroupMemberCommonConditionReq
 import com.tencent.devops.auth.pojo.request.GroupMemberHandoverConditionReq
 import com.tencent.devops.auth.pojo.request.GroupMemberRenewalConditionReq
 import com.tencent.devops.auth.pojo.request.GroupMemberSingleRenewalReq
+import com.tencent.devops.auth.pojo.request.ProjectMembersQueryConditionReq
 import com.tencent.devops.auth.pojo.request.RemoveMemberFromProjectReq
 import com.tencent.devops.auth.pojo.vo.BatchOperateGroupMemberCheckVo
 import com.tencent.devops.auth.pojo.vo.GroupDetailsInfoVo
@@ -32,6 +33,7 @@ import javax.ws.rs.core.MediaType
 @Path("/user/auth/resource/member/{projectId}/")
 @Produces(MediaType.APPLICATION_JSON)
 @Consumes(MediaType.APPLICATION_JSON)
+@Suppress("LongParameterList")
 interface UserAuthResourceMemberResource {
     @GET
     @Path("/listProjectMembers")
@@ -64,6 +66,20 @@ interface UserAuthResourceMemberResource {
         pageSize: Int
     ): Result<SQLPage<ResourceMemberInfo>>
 
+    @POST
+    @Path("/listProjectMembersByCondition")
+    @Operation(summary = "根据条件获取项目下全体成员")
+    fun listProjectMembersByCondition(
+        @Parameter(description = "用户名", required = true)
+        @HeaderParam(AUTH_HEADER_USER_ID)
+        userId: String,
+        @Parameter(description = "项目ID", required = true)
+        @PathParam("projectId")
+        projectId: String,
+        @Parameter(description = "查询条件", required = true)
+        projectMembersQueryConditionReq: ProjectMembersQueryConditionReq
+    ): Result<SQLPage<ResourceMemberInfo>>
+
     @PUT
     @Path("/renewal")
     @Operation(summary = "续期单个组成员权限--无需进行审批")
@@ -177,6 +193,15 @@ interface UserAuthResourceMemberResource {
         projectId: String,
         @QueryParam("memberId")
         @Parameter(description = "组织ID/成员ID")
-        memberId: String
+        memberId: String,
+        @QueryParam("groupName")
+        @Parameter(description = "用户组名称")
+        groupName: String?,
+        @QueryParam("minExpiredAt")
+        @Parameter(description = "最小过期时间")
+        minExpiredAt: Long?,
+        @QueryParam("maxExpiredAt")
+        @Parameter(description = "最大过期时间")
+        maxExpiredAt: Long?
     ): Result<List<MemberGroupCountWithPermissionsVo>>
 }

src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/dto/ProjectMembersQueryConditionDTO.kt

@@ -0,0 +1,61 @@
+package com.tencent.devops.auth.pojo.dto
+
+import com.tencent.devops.auth.pojo.request.ProjectMembersQueryConditionReq
+import com.tencent.devops.common.api.util.DateTimeUtil
+import com.tencent.devops.common.api.util.PageUtil
+import io.swagger.v3.oas.annotations.media.Schema
+import java.time.LocalDateTime
+
+@Schema(title = "项目成员查询业务处理实体")
+data class ProjectMembersQueryConditionDTO(
+    @get:Schema(title = "项目ID")
+    val projectCode: String,
+    @get:Schema(title = "成员类型")
+    val memberType: String? = null,
+    @get:Schema(title = "用户名称")
+    val userName: String? = null,
+    @get:Schema(title = "部门名称")
+    val deptName: String? = null,
+    @get:Schema(title = "用户组名称")
+    val groupName: String? = null,
+    @get:Schema(title = "用户组Id")
+    val iamGroupIds: List<Int>? = null,
+    @get:Schema(title = "最小过期时间")
+    val minExpiredTime: LocalDateTime? = null,
+    @get:Schema(title = "最大过期时间")
+    val maxExpiredTime: LocalDateTime? = null,
+    @get:Schema(title = "离职标识")
+    val departedFlag: Boolean? = false,
+    @get:Schema(title = "是否查询模板")
+    val queryTemplate: Boolean? = false,
+    @get:Schema(title = "限制")
+    val limit: Int? = null,
+    @get:Schema(title = "起始值")
+    val offset: Int? = null
+) {
+    companion object {
+        fun build(
+            projectMembersQueryConditionReq: ProjectMembersQueryConditionReq,
+            iamGroupIds: List<Int>?
+        ): ProjectMembersQueryConditionDTO {
+            return with(projectMembersQueryConditionReq) {
+                val minExpiredTime = minExpiredAt?.let { DateTimeUtil.convertTimestampToLocalDateTime(it / 1000) }
+                val maxExpiredTime = maxExpiredAt?.let { DateTimeUtil.convertTimestampToLocalDateTime(it / 1000) }
+                val limit = PageUtil.convertPageSizeToSQLLimit(page, pageSize)
+                ProjectMembersQueryConditionDTO(
+                    projectCode = projectCode,
+                    memberType = memberType,
+                    userName = userName,
+                    deptName = deptName,
+                    groupName = groupName,
+                    iamGroupIds = iamGroupIds,
+                    minExpiredTime = minExpiredTime,
+                    maxExpiredTime = maxExpiredTime,
+                    departedFlag = departedFlag,
+                    limit = limit.limit,
+                    offset = limit.offset
+                )
+            }
+        }
+    }
+}

src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/request/ProjectMembersQueryConditionReq.kt

@@ -0,0 +1,36 @@
+package com.tencent.devops.auth.pojo.request
+
+import io.swagger.v3.oas.annotations.media.Schema
+
+@Schema(title = "项目成员查询业务处理请求体")
+data class ProjectMembersQueryConditionReq(
+    @get:Schema(title = "项目ID")
+    val projectCode: String,
+    @get:Schema(title = "成员类型")
+    val memberType: String?,
+    @get:Schema(title = "用户名称")
+    val userName: String?,
+    @get:Schema(title = "部门名称")
+    val deptName: String?,
+    @get:Schema(title = "用户组名称")
+    val groupName: String?,
+    @get:Schema(title = "最小过期时间")
+    val minExpiredAt: Long?,
+    @get:Schema(title = "最大过期时间")
+    val maxExpiredAt: Long?,
+    @get:Schema(title = "离职标识")
+    val departedFlag: Boolean? = false,
+    @get:Schema(title = "第几页")
+    val page: Int,
+    @get:Schema(title = "页数")
+    val pageSize: Int
+) {
+    // 当查询到权限相关信息时，如组名称，过期时间，操作，资源类型时，走复杂查询逻辑
+    fun isComplexQuery(): Boolean {
+        return groupName != null || minExpiredAt != null || maxExpiredAt != null
+    }
+
+    fun isNeedToQueryIamGroupIds(): Boolean {
+        return groupName != null
+    }
+}

src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/cron/AuthCronSyncGroupAndMember.kt

@@ -45,7 +45,10 @@ class AuthCronSyncGroupAndMember(
         }
     }
 
-    @Scheduled(cron = "0 0 8,16 * * ?")
+    /**
+     * 一小时，同步一次用户申请加入组的单据，若连续两个月未审批单据，将不再进行扫描
+     * */
+    @Scheduled(initialDelay = 10000, fixedRate = 3600000)
     fun syncIamGroupMembersOfApplyRegularly() {
         if (!enable) {
             return

src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/dao/AuthAuthorizationDao.kt

@@ -96,7 +96,7 @@ class AuthAuthorizationDao {
                                     .set(HANDOVER_FROM_CN_NAME, resourceAuthorizationDto.handoverToCnName)
                                     .set(HANDOVER_TIME, LocalDateTime.now())
                             } else {
-                                it
+                                it.set(HANDOVER_TIME, HANDOVER_TIME)
                             }
                         }
                         .set(RESOURCE_NAME, resourceAuthorizationDto.resourceName)

src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/dao/AuthResourceGroupDao.kt

@@ -29,6 +29,7 @@
 package com.tencent.devops.auth.dao
 
 import com.tencent.devops.auth.pojo.AuthResourceGroup
+import com.tencent.devops.common.auth.api.AuthResourceType
 import com.tencent.devops.model.auth.tables.TAuthResourceGroup
 import com.tencent.devops.model.auth.tables.records.TAuthResourceGroupRecord
 import org.jooq.DSLContext
@@ -252,12 +253,31 @@ class AuthResourceGroupDao {
     fun listIamGroupIdsByConditions(
         dslContext: DSLContext,
         projectCode: String,
-        iamGroupIds: List<String>
+        iamGroupIds: List<String>? = null,
+        groupName: String? = null,
+        iamTemplateIds: List<Int>? = null
     ): List<Int> {
         return with(TAuthResourceGroup.T_AUTH_RESOURCE_GROUP) {
             dslContext.select(RELATION_ID).from(this)
                 .where(PROJECT_CODE.eq(projectCode))
-                .and(RELATION_ID.`in`(iamGroupIds))
+                .let {
+                    if (!iamGroupIds.isNullOrEmpty())
+                        it.and(RELATION_ID.`in`(iamGroupIds))
+                    else it
+                }
+                .let {
+                    if (groupName != null)
+                        it.and(GROUP_NAME.like("%$groupName%"))
+                    else
+                        it
+                }
+                .let {
+                    if (!iamTemplateIds.isNullOrEmpty()) {
+                        it.and(RESOURCE_TYPE.eq(AuthResourceType.PROJECT.value))
+                        it.and(IAM_TEMPLATE_ID.`in`(iamTemplateIds))
+                    } else
+                        it
+                }
                 .fetch().map { it.value1().toInt() }
         }
     }