diff --git a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/dto/MemberGroupJoinedDTO.kt b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/dto/MemberGroupJoinedDTO.kt new file mode 100644 index 00000000000..0d25b99c849 --- /dev/null +++ b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/dto/MemberGroupJoinedDTO.kt @@ -0,0 +1,11 @@ +package com.tencent.devops.auth.pojo.dto + +import com.tencent.devops.auth.pojo.enum.MemberType +import io.swagger.v3.oas.annotations.media.Schema + +data class MemberGroupJoinedDTO( + @get:Schema(title = "组id") + val id: Int, + @get:Schema(title = "组成员类型") + val memberType: MemberType +) diff --git a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/request/GroupMemberCommonConditionReq.kt b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/request/GroupMemberCommonConditionReq.kt index 2a82af2f08c..651969f3bd0 100644 --- a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/request/GroupMemberCommonConditionReq.kt +++ b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/request/GroupMemberCommonConditionReq.kt @@ -1,13 +1,14 @@ package com.tencent.devops.auth.pojo.request import com.tencent.devops.auth.pojo.ResourceMemberInfo +import com.tencent.devops.auth.pojo.dto.MemberGroupJoinedDTO import com.tencent.devops.auth.pojo.enum.OperateChannel import io.swagger.v3.oas.annotations.media.Schema @Schema(title = "用户组成员处理公共请求体") open class GroupMemberCommonConditionReq( @get:Schema(title = "组IDs") - open val groupIds: List = emptyList(), + open val groupIds: List = emptyList(), @get:Schema(title = "全选的资源类型") open val resourceTypes: List = emptyList(), @get:Schema(title = "全量选择") diff --git a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/request/GroupMemberHandoverConditionReq.kt b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/request/GroupMemberHandoverConditionReq.kt index 7e32532c48e..bd53c502ae3 100644 --- a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/request/GroupMemberHandoverConditionReq.kt +++ b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/request/GroupMemberHandoverConditionReq.kt @@ -29,6 +29,7 @@ package com.tencent.devops.auth.pojo.request import com.tencent.devops.auth.constant.AuthMessageCode.INVALID_HANDOVER_TO import com.tencent.devops.auth.pojo.ResourceMemberInfo +import com.tencent.devops.auth.pojo.dto.MemberGroupJoinedDTO import com.tencent.devops.auth.pojo.enum.OperateChannel import com.tencent.devops.common.api.exception.ErrorCodeException import io.swagger.v3.oas.annotations.media.Schema @@ -36,7 +37,7 @@ import io.swagger.v3.oas.annotations.media.Schema @Schema(title = "用户组成员交接条件请求体") data class GroupMemberHandoverConditionReq( @get:Schema(title = "组IDs") - override val groupIds: List = emptyList(), + override val groupIds: List = emptyList(), @get:Schema(title = "全选的资源类型") override val resourceTypes: List = emptyList(), @get:Schema(title = "全量选择") diff --git a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/request/GroupMemberRemoveConditionReq.kt b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/request/GroupMemberRemoveConditionReq.kt index 1c4e68da1e6..c801a294134 100644 --- a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/request/GroupMemberRemoveConditionReq.kt +++ b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/request/GroupMemberRemoveConditionReq.kt @@ -29,6 +29,7 @@ package com.tencent.devops.auth.pojo.request import com.tencent.devops.auth.constant.AuthMessageCode.INVALID_HANDOVER_TO import com.tencent.devops.auth.pojo.ResourceMemberInfo +import com.tencent.devops.auth.pojo.dto.MemberGroupJoinedDTO import com.tencent.devops.auth.pojo.enum.OperateChannel import com.tencent.devops.common.api.exception.ErrorCodeException import io.swagger.v3.oas.annotations.media.Schema @@ -36,7 +37,7 @@ import io.swagger.v3.oas.annotations.media.Schema @Schema(title = "用户组成员移除条件请求体") data class GroupMemberRemoveConditionReq( @get:Schema(title = "组IDs") - override val groupIds: List = emptyList(), + override val groupIds: List = emptyList(), @get:Schema(title = "全选的资源类型") override val resourceTypes: List = emptyList(), @get:Schema(title = "全量选择") diff --git a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/request/GroupMemberRenewalConditionReq.kt b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/request/GroupMemberRenewalConditionReq.kt index 6dc53591ffa..37c085a607c 100644 --- a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/request/GroupMemberRenewalConditionReq.kt +++ b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/request/GroupMemberRenewalConditionReq.kt @@ -28,13 +28,14 @@ package com.tencent.devops.auth.pojo.request import com.tencent.devops.auth.pojo.ResourceMemberInfo +import com.tencent.devops.auth.pojo.dto.MemberGroupJoinedDTO import com.tencent.devops.auth.pojo.enum.OperateChannel import io.swagger.v3.oas.annotations.media.Schema @Schema(title = "用户组成员续期") data class GroupMemberRenewalConditionReq( @get:Schema(title = "组IDs") - override val groupIds: List, + override val groupIds: List, @get:Schema(title = "全选某种资源类型下的用户组") override val resourceTypes: List = emptyList(), @get:Schema(title = "全量选择") diff --git a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/vo/GroupDetailsInfoVo.kt b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/vo/GroupDetailsInfoVo.kt index 0e6f8bd256f..153e964a44d 100644 --- a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/vo/GroupDetailsInfoVo.kt +++ b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/vo/GroupDetailsInfoVo.kt @@ -1,6 +1,7 @@ package com.tencent.devops.auth.pojo.vo import com.tencent.devops.auth.pojo.enum.JoinedType +import com.tencent.devops.auth.pojo.enum.MemberType import com.tencent.devops.auth.pojo.enum.RemoveMemberButtonControl import io.swagger.v3.oas.annotations.media.Schema @@ -31,5 +32,7 @@ data class GroupDetailsInfoVo( @get:Schema(title = "操作人") val operator: String, @get:Schema(title = "是否正在交接") - val beingHandedOver: Boolean? = null + val beingHandedOver: Boolean? = null, + @get:Schema(title = "组成员类型") + val memberType: MemberType? = null ) diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/dao/AuthResourceGroupMemberDao.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/dao/AuthResourceGroupMemberDao.kt index 936f8c0fc73..486d11f4721 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/dao/AuthResourceGroupMemberDao.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/dao/AuthResourceGroupMemberDao.kt @@ -548,7 +548,6 @@ class AuthResourceGroupMemberDao { iamTemplateIds: List, resourceType: String? = null, iamGroupIds: List? = null, - excludeIamGroupIds: List? = null, minExpiredAt: LocalDateTime? = null, maxExpiredAt: LocalDateTime? = null, memberDeptInfos: List? = null @@ -559,7 +558,6 @@ class AuthResourceGroupMemberDao { iamTemplateIds = iamTemplateIds, resourceType = resourceType, iamGroupIds = iamGroupIds, - excludeIamGroupIds = excludeIamGroupIds, minExpiredAt = minExpiredAt, maxExpiredAt = maxExpiredAt, memberDeptInfos = memberDeptInfos @@ -584,7 +582,8 @@ class AuthResourceGroupMemberDao { minExpiredAt: LocalDateTime? = null, maxExpiredAt: LocalDateTime? = null, memberDeptInfos: List? = null, - operateChannel: OperateChannel? + filterMemberType: MemberType? = null, + onlyExcludeUserDirectlyJoined: Boolean? = false ): Long { val conditions = buildMemberGroupCondition( projectCode = projectCode, @@ -592,20 +591,49 @@ class AuthResourceGroupMemberDao { iamTemplateIds = iamTemplateIds, resourceType = resourceType, iamGroupIds = iamGroupIds, - excludeIamGroupIds = excludeIamGroupIds, minExpiredAt = minExpiredAt, maxExpiredAt = maxExpiredAt, memberDeptInfos = memberDeptInfos, - operateChannel = operateChannel + filterMemberType = filterMemberType + ) + val excludeConditions = buildExcludeMemberGroupCondition( + excludeIamGroupIds = excludeIamGroupIds, + onlyExcludeUserDirectlyJoined = onlyExcludeUserDirectlyJoined ) return with(TAuthResourceGroupMember.T_AUTH_RESOURCE_GROUP_MEMBER) { dslContext.select(count()) .from(this) .where(conditions) + .let { + excludeConditions.forEach { excludeCondition -> + it.andNot(excludeCondition) + } + it + } .fetchOne(0, Long::class.java) ?: 0L } } + fun buildExcludeMemberGroupCondition( + excludeIamGroupIds: List?, + // 仅排除用户直接加入的组 + onlyExcludeUserDirectlyJoined: Boolean?, + ): MutableList { + val conditions = mutableListOf() + with(TAuthResourceGroupMember.T_AUTH_RESOURCE_GROUP_MEMBER) { + if (!excludeIamGroupIds.isNullOrEmpty()) { + // 仅排除用户直接加入的用户组 + if (onlyExcludeUserDirectlyJoined == true) { + conditions.add(IAM_GROUP_ID.notIn(excludeIamGroupIds).and(MEMBER_TYPE.eq(MemberType.USER.type))) + } else { + // 会把组织/用户/模板加入的組都排除 + conditions.add(IAM_GROUP_ID.notIn(excludeIamGroupIds)) + } + } + } + return conditions + } + fun listMemberGroupIdsInProject( dslContext: DSLContext, projectCode: String, @@ -638,7 +666,8 @@ class AuthResourceGroupMemberDao { minExpiredAt: LocalDateTime? = null, maxExpiredAt: LocalDateTime? = null, memberDeptInfos: List? = null, - operateChannel: OperateChannel? = null, + filterMemberType: MemberType? = null, + onlyExcludeUserDirectlyJoined: Boolean? = false, offset: Int? = null, limit: Int? = null ): List { @@ -648,15 +677,24 @@ class AuthResourceGroupMemberDao { iamTemplateIds = iamTemplateIds, resourceType = resourceType, iamGroupIds = iamGroupIds, - excludeIamGroupIds = excludeIamGroupIds, minExpiredAt = minExpiredAt, maxExpiredAt = maxExpiredAt, memberDeptInfos = memberDeptInfos, - operateChannel = operateChannel + filterMemberType = filterMemberType + ) + val excludeConditions = buildExcludeMemberGroupCondition( + excludeIamGroupIds = excludeIamGroupIds, + onlyExcludeUserDirectlyJoined = onlyExcludeUserDirectlyJoined ) return with(TAuthResourceGroupMember.T_AUTH_RESOURCE_GROUP_MEMBER) { dslContext.selectFrom(this) .where(conditions) + .let { + excludeConditions.forEach { excludeCondition -> + it.andNot(excludeCondition) + } + it + } .orderBy(IAM_GROUP_ID.desc()) .let { if (offset != null && limit != null) it.offset(offset).limit(limit) else it } .fetch() @@ -670,11 +708,10 @@ class AuthResourceGroupMemberDao { iamTemplateIds: List, resourceType: String? = null, iamGroupIds: List? = null, - excludeIamGroupIds: List? = null, minExpiredAt: LocalDateTime? = null, maxExpiredAt: LocalDateTime? = null, memberDeptInfos: List? = null, - operateChannel: OperateChannel? = null + filterMemberType: MemberType? = null ): MutableList { val conditions = mutableListOf() with(TAuthResourceGroupMember.T_AUTH_RESOURCE_GROUP_MEMBER) { @@ -698,20 +735,13 @@ class AuthResourceGroupMemberDao { it } }) + filterMemberType?.let { conditions.add(MEMBER_TYPE.eq(filterMemberType.type)) } resourceType?.let { conditions.add(RESOURCE_TYPE.eq(resourceType)) } minExpiredAt?.let { conditions.add(EXPIRED_TIME.ge(minExpiredAt)) } maxExpiredAt?.let { conditions.add(EXPIRED_TIME.le(maxExpiredAt)) } if (!iamGroupIds.isNullOrEmpty()) { conditions.add(IAM_GROUP_ID.`in`(iamGroupIds)) } - if (!excludeIamGroupIds.isNullOrEmpty()) { - // 个人渠道排除用户组ID时,仅排除用户直接加入的组 - if (operateChannel == OperateChannel.PERSONAL) { - conditions.add(IAM_GROUP_ID.notIn(excludeIamGroupIds).and(MEMBER_TYPE.eq(MemberType.USER.type))) - } else { - conditions.add(IAM_GROUP_ID.notIn(excludeIamGroupIds)) - } - } } return conditions } diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/RbacPermissionManageFacadeServiceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/RbacPermissionManageFacadeServiceImpl.kt index e1d64e0bb07..3f1cc5fca64 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/RbacPermissionManageFacadeServiceImpl.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/RbacPermissionManageFacadeServiceImpl.kt @@ -20,6 +20,7 @@ import com.tencent.devops.auth.pojo.dto.HandoverDetailDTO import com.tencent.devops.auth.pojo.dto.HandoverOverviewCreateDTO import com.tencent.devops.auth.pojo.dto.IamGroupIdsQueryConditionDTO import com.tencent.devops.auth.pojo.dto.InvalidAuthorizationsDTO +import com.tencent.devops.auth.pojo.dto.MemberGroupJoinedDTO import com.tencent.devops.auth.pojo.dto.ProjectMembersQueryConditionDTO import com.tencent.devops.auth.pojo.enum.BatchOperateType import com.tencent.devops.auth.pojo.enum.HandoverAction @@ -321,7 +322,8 @@ class RbacPermissionManageFacadeServiceImpl( }, operator = "", beingHandedOver = authResourceGroupMember.memberType == MemberType.USER.type - && groupsBeingHandover.contains(groupId) + && groupsBeingHandover.contains(groupId), + memberType = MemberType.get(authResourceGroupMember.memberType) ) } @@ -432,10 +434,12 @@ class RbacPermissionManageFacadeServiceImpl( memberId: String, resourceType: String?, iamGroupIds: List?, - excludeIamGroupIds: List?, minExpiredAt: Long?, maxExpiredAt: Long?, operateChannel: OperateChannel?, + filterMemberType: MemberType?, + excludeIamGroupIds: List?, + onlyExcludeUserDirectlyJoined: Boolean?, start: Int?, limit: Int? ): Pair> { @@ -455,11 +459,12 @@ class RbacPermissionManageFacadeServiceImpl( iamTemplateIds = iamTemplateIds, resourceType = resourceType, iamGroupIds = iamGroupIds, - excludeIamGroupIds = excludeIamGroupIds, minExpiredAt = minExpiredTime, maxExpiredAt = maxExpiredTime, memberDeptInfos = memberDeptInfos, - operateChannel = operateChannel + filterMemberType = filterMemberType, + excludeIamGroupIds = excludeIamGroupIds, + onlyExcludeUserDirectlyJoined = onlyExcludeUserDirectlyJoined ) val resourceGroupMembers = authResourceGroupMemberDao.listMemberGroupDetail( dslContext = dslContext, @@ -468,11 +473,12 @@ class RbacPermissionManageFacadeServiceImpl( iamTemplateIds = iamTemplateIds, resourceType = resourceType, iamGroupIds = iamGroupIds, - excludeIamGroupIds = excludeIamGroupIds, minExpiredAt = minExpiredTime, maxExpiredAt = maxExpiredTime, memberDeptInfos = memberDeptInfos, - operateChannel = operateChannel, + filterMemberType = filterMemberType, + excludeIamGroupIds = excludeIamGroupIds, + onlyExcludeUserDirectlyJoined = onlyExcludeUserDirectlyJoined, offset = start, limit = limit ) @@ -540,17 +546,19 @@ class RbacPermissionManageFacadeServiceImpl( } finalMemberGroups.addAll(resourceGroupMembersByCondition) - if (commonCondition.groupIds.isNotEmpty()) { - val groupsOfSelect = listResourceGroupMembers( - projectCode = projectCode, - memberId = commonCondition.targetMember.id, - iamGroupIds = commonCondition.groupIds, - operateChannel = commonCondition.operateChannel - ).second - finalMemberGroups.addAll(groupsOfSelect) + val memberType2groupIds = commonCondition.groupIds.groupBy { it.memberType } + memberType2groupIds.forEach { (memberType, groupIds) -> + val groupsOfSelect = listResourceGroupMembers( + projectCode = projectCode, + memberId = commonCondition.targetMember.id, + iamGroupIds = groupIds.map { it.id }, + operateChannel = commonCondition.operateChannel, + filterMemberType = memberType + ).second + finalMemberGroups.addAll(groupsOfSelect) + } } - // 分类 val result = mutableMapOf>() finalMemberGroups.groupBy { it.memberType }.forEach { (memberType, groups) -> @@ -690,7 +698,8 @@ class RbacPermissionManageFacadeServiceImpl( memberId = memberId, resourceType = ResourceTypeId.PIPELINE, excludeIamGroupIds = operatedGroupsWithExecutePerm, - operateChannel = OperateChannel.PERSONAL + operateChannel = OperateChannel.PERSONAL, + onlyExcludeUserDirectlyJoined = true ).second.toMutableList().apply { addAll( listResourceGroupMembers( @@ -698,7 +707,8 @@ class RbacPermissionManageFacadeServiceImpl( memberId = memberId, resourceType = ResourceTypeId.PROJECT, excludeIamGroupIds = operatedGroupsWithExecutePerm, - operateChannel = OperateChannel.PERSONAL + operateChannel = OperateChannel.PERSONAL, + onlyExcludeUserDirectlyJoined = true ).second ) }.map { it.iamGroupId } @@ -804,6 +814,7 @@ class RbacPermissionManageFacadeServiceImpl( projectCode = projectCode, memberId = memberId, excludeIamGroupIds = iamGroupIds, + onlyExcludeUserDirectlyJoined = true, operateChannel = OperateChannel.PERSONAL ) @@ -854,7 +865,12 @@ class RbacPermissionManageFacadeServiceImpl( projectCode = projectCode, type = BatchOperateType.RENEWAL, conditionReq = GroupMemberRenewalConditionReq( - groupIds = listOf(groupId), + groupIds = listOf( + MemberGroupJoinedDTO( + id = groupId, + memberType = MemberType.get(renewalConditionReq.targetMember.type) + ) + ), targetMember = renewalConditionReq.targetMember, renewalDuration = renewalConditionReq.renewalDuration ), @@ -1145,7 +1161,12 @@ class RbacPermissionManageFacadeServiceImpl( projectCode = projectCode, type = BatchOperateType.REMOVE, conditionReq = GroupMemberRemoveConditionReq( - groupIds = toDeleteGroups, + groupIds = toDeleteGroups.map { + MemberGroupJoinedDTO( + id = it, + memberType = MemberType.USER + ) + }, targetMember = removeMemberDTO.targetMember ), operateGroupMemberTask = ::deleteTask @@ -1157,7 +1178,12 @@ class RbacPermissionManageFacadeServiceImpl( projectCode = projectCode, type = BatchOperateType.HANDOVER, conditionReq = GroupMemberHandoverConditionReq( - groupIds = toHandoverGroups, + groupIds = toHandoverGroups.map { + MemberGroupJoinedDTO( + id = it, + memberType = MemberType.USER + ) + }, targetMember = removeMemberDTO.targetMember, handoverTo = removeMemberDTO.handoverTo!! ), @@ -1243,7 +1269,12 @@ class RbacPermissionManageFacadeServiceImpl( projectCode = projectCode, type = BatchOperateType.REMOVE, conditionReq = GroupMemberRemoveConditionReq( - groupIds = toDeleteGroups, + groupIds = toDeleteGroups.map { + MemberGroupJoinedDTO( + id = it, + memberType = MemberType.USER + ) + }, targetMember = removeMemberDTO.targetMember ), operateGroupMemberTask = ::deleteTask @@ -1326,21 +1357,28 @@ class RbacPermissionManageFacadeServiceImpl( targetMember: ResourceMemberInfo ): Boolean { logger.info("delete single group members from personal:$userId|$targetMember|$projectCode|$groupId") - // 获取导致流水线代持人权限受到影响的用户组及流水线 - val (invalidGroups, invalidPipelines, invalidRepertoryIds) = - listInvalidAuthorizationsAfterOperatedGroups( - projectCode = projectCode, - iamGroupIds = listOf(groupId), - memberId = targetMember.id - ) - if (invalidGroups.isNotEmpty() || invalidPipelines.isNotEmpty() || invalidRepertoryIds.isNotEmpty()) { - throw ErrorCodeException(errorCode = ERROR_SINGLE_GROUP_REMOVE) + if (targetMember.type == MemberType.USER.type){ + // 获取导致流水线代持人权限受到影响的用户组及流水线 + val (invalidGroups, invalidPipelines, invalidRepertoryIds) = + listInvalidAuthorizationsAfterOperatedGroups( + projectCode = projectCode, + iamGroupIds = listOf(groupId), + memberId = targetMember.id + ) + if (invalidGroups.isNotEmpty() || invalidPipelines.isNotEmpty() || invalidRepertoryIds.isNotEmpty()) { + throw ErrorCodeException(errorCode = ERROR_SINGLE_GROUP_REMOVE) + } } batchOperateGroupMembers( projectCode = projectCode, type = BatchOperateType.REMOVE, conditionReq = GroupMemberRemoveConditionReq( - groupIds = listOf(groupId), + groupIds = listOf( + MemberGroupJoinedDTO( + id = groupId, + memberType = MemberType.get(targetMember.type) + ) + ), targetMember = targetMember ), operateGroupMemberTask = ::deleteTask @@ -1928,7 +1966,12 @@ class RbacPermissionManageFacadeServiceImpl( ) val groupMemberHandoverConditionReq = GroupMemberHandoverConditionReq( - groupIds = groupsOfHandover, + groupIds = groupsOfHandover.map { + MemberGroupJoinedDTO( + id = it, + memberType = MemberType.USER + ) + }, targetMember = targetMember, handoverTo = handoverTo ) diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/sample/service/SamplePermissionManageFacadeService.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/sample/service/SamplePermissionManageFacadeService.kt index 238a92fece3..fd3a0fdd1ad 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/sample/service/SamplePermissionManageFacadeService.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/sample/service/SamplePermissionManageFacadeService.kt @@ -5,6 +5,7 @@ import com.tencent.devops.auth.pojo.ResourceMemberInfo import com.tencent.devops.auth.pojo.dto.IamGroupIdsQueryConditionDTO import com.tencent.devops.auth.pojo.dto.InvalidAuthorizationsDTO import com.tencent.devops.auth.pojo.enum.BatchOperateType +import com.tencent.devops.auth.pojo.enum.MemberType import com.tencent.devops.auth.pojo.enum.OperateChannel import com.tencent.devops.auth.pojo.request.GroupMemberCommonConditionReq import com.tencent.devops.auth.pojo.request.GroupMemberHandoverConditionReq @@ -67,10 +68,12 @@ class SamplePermissionManageFacadeService : PermissionManageFacadeService { memberId: String, resourceType: String?, iamGroupIds: List?, - excludeIamGroupIds: List?, minExpiredAt: Long?, maxExpiredAt: Long?, operateChannel: OperateChannel?, + filterMemberType: MemberType?, + excludeIamGroupIds: List?, + onlyExcludeUserDirectlyJoined: Boolean?, start: Int?, limit: Int? ): Pair> = Pair(0, emptyList()) diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/iam/PermissionManageFacadeService.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/iam/PermissionManageFacadeService.kt index 482c05f6586..3f9db68e2c2 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/iam/PermissionManageFacadeService.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/iam/PermissionManageFacadeService.kt @@ -5,6 +5,7 @@ import com.tencent.devops.auth.pojo.ResourceMemberInfo import com.tencent.devops.auth.pojo.dto.IamGroupIdsQueryConditionDTO import com.tencent.devops.auth.pojo.dto.InvalidAuthorizationsDTO import com.tencent.devops.auth.pojo.enum.BatchOperateType +import com.tencent.devops.auth.pojo.enum.MemberType import com.tencent.devops.auth.pojo.enum.OperateChannel import com.tencent.devops.auth.pojo.request.GroupMemberCommonConditionReq import com.tencent.devops.auth.pojo.request.GroupMemberHandoverConditionReq @@ -90,10 +91,12 @@ interface PermissionManageFacadeService { memberId: String, resourceType: String? = null, iamGroupIds: List? = null, - excludeIamGroupIds: List? = null, minExpiredAt: Long? = null, maxExpiredAt: Long? = null, operateChannel: OperateChannel? = OperateChannel.MANAGER, + filterMemberType: MemberType? = null, + excludeIamGroupIds: List? = null, + onlyExcludeUserDirectlyJoined: Boolean? = false, start: Int? = null, limit: Int? = null ): Pair>