feat：用户个人视角权限管理优化 #11138

TencentBlueKing · Dec 19, 2024 · 8181d2f · 8181d2f
1 parent 34887b5
commit 8181d2f
Show file tree

Hide file tree

Showing 4 changed files with 49 additions and 10 deletions.
diff --git a/...ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/enum/HandoverAction.kt b/...ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/enum/HandoverAction.kt
@@ -1,14 +1,14 @@
 package com.tencent.devops.auth.pojo.enum
 
-enum class HandoverAction(val value: Int) {
+enum class HandoverAction(val value: Int, val alias: String) {
     // 审批成功
-    AGREE(1),
+    AGREE(1, "已通过"),
 
     // 审批驳回
-    REJECT(2),
+    REJECT(2, "已被拒绝"),
 
     // 撤销
-    REVOKE(3);
+    REVOKE(3, "撤销");
 
     companion object {
         fun get(value: Int): HandoverAction {

diff --git a/...uth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/config/RbacAuthConfiguration.kt b/...uth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/config/RbacAuthConfiguration.kt
@@ -219,7 +219,9 @@ class RbacAuthConfiguration {
         rbacCacheService: RbacCacheService,
         redisOperation: RedisOperation,
         authorizationDao: AuthAuthorizationDao,
-        authResourceService: AuthResourceService
+        authResourceService: AuthResourceService,
+        client: Client,
+        config: CommonConfig
     ) = RbacPermissionManageFacadeServiceImpl(
         permissionResourceGroupService = permissionResourceGroupService,
         groupPermissionService = groupPermissionService,
@@ -236,7 +238,9 @@ class RbacAuthConfiguration {
         rbacCacheService = rbacCacheService,
         redisOperation = redisOperation,
         authorizationDao = authorizationDao,
-        authResourceService = authResourceService
+        authResourceService = authResourceService,
+        client = client,
+        config = config
     )
 
     @Bean

diff --git a/...com/tencent/devops/auth/provider/rbac/service/RbacPermissionHandoverApplicationService.kt b/...com/tencent/devops/auth/provider/rbac/service/RbacPermissionHandoverApplicationService.kt
@@ -97,9 +97,9 @@ class RbacPermissionHandoverApplicationService(
             "table" to handoverOverviewTable,
             "url" to String.format(handoverApplicationUrl, flowNo)
         )
-        // 发邮件
+        logger.info("send handover application email:{} ", bodyParams)
         val request = SendNotifyMessageTemplateRequest(
-            templateCode = TEMPLATE_CODE,
+            templateCode = HANDOVER_APPLICATION_TEMPLATE_CODE,
             bodyParams = bodyParams,
             titleParams = bodyParams,
             notifyType = mutableSetOf(NotifyType.RTX.name, NotifyType.EMAIL.name),
@@ -360,6 +360,6 @@ class RbacPermissionHandoverApplicationService(
         private const val FLOW_NO_PREFIX = "REQ"
         private const val FLOW_NO_KEY = "AUTH:HANDOVER:FLOW:NO:%s"
         private const val HANDOVER_APPLICATION_TABLE_OF_EMAIL = "<tr><td style=\"font-size: 14px;\"  align=\"center\">%s</td><td style=\"font-size: 14px;\"  align=\"center\">%s</td><td style=\"font-size: 14px;\"  align=\"center\">%s</td></tr>"
-        private const val TEMPLATE_CODE = "BK_PERMISSIONS_HANDOVER_APPLICATION"
+        private const val HANDOVER_APPLICATION_TEMPLATE_CODE = "BK_PERMISSIONS_HANDOVER_APPLICATION"
     }
 }
diff --git a/...in/com/tencent/devops/auth/provider/rbac/service/RbacPermissionManageFacadeServiceImpl.kt b/...in/com/tencent/devops/auth/provider/rbac/service/RbacPermissionManageFacadeServiceImpl.kt
@@ -72,10 +72,15 @@ import com.tencent.devops.common.auth.api.pojo.ResetAllResourceAuthorizationReq
 import com.tencent.devops.common.auth.api.pojo.ResourceAuthorizationConditionRequest
 import com.tencent.devops.common.auth.api.pojo.ResourceAuthorizationHandoverConditionRequest
 import com.tencent.devops.common.auth.enums.HandoverChannelCode
+import com.tencent.devops.common.client.Client
+import com.tencent.devops.common.notify.enums.NotifyType
 import com.tencent.devops.common.redis.RedisOperation
+import com.tencent.devops.common.service.config.CommonConfig
 import com.tencent.devops.common.service.utils.RetryUtils
 import com.tencent.devops.common.web.utils.I18nUtil
 import com.tencent.devops.model.auth.tables.records.TAuthResourceGroupRecord
+import com.tencent.devops.notify.api.service.ServiceNotifyMessageTemplateResource
+import com.tencent.devops.notify.pojo.SendNotifyMessageTemplateRequest
 import org.jooq.DSLContext
 import org.slf4j.LoggerFactory
 import java.time.LocalDateTime
@@ -99,7 +104,9 @@ class RbacPermissionManageFacadeServiceImpl(
     private val rbacCacheService: RbacCacheService,
     private val redisOperation: RedisOperation,
     private val authorizationDao: AuthAuthorizationDao,
-    private val authResourceService: AuthResourceService
+    private val authResourceService: AuthResourceService,
+    private val client: Client,
+    private val config: CommonConfig
 ) : PermissionManageFacadeService {
     override fun getMemberGroupsDetails(
         projectId: String,
@@ -1825,6 +1832,30 @@ class RbacPermissionManageFacadeServiceImpl(
                 permissionHandoverApplicationService.updateHandoverApplication(
                     overview = request
                 )
+                val projectName = authResourceService.get(
+                    projectCode = request.projectCode,
+                    resourceType = ResourceTypeId.PROJECT,
+                    resourceCode = request.projectCode
+                ).resourceName
+                val bodyParams = mapOf(
+                    "projectName" to projectName,
+                    "result" to request.handoverAction.alias,
+                    "url" to String.format(handoverApplicationUrl, request.flowNo)
+                )
+                // 发邮件
+                val emailRequest = SendNotifyMessageTemplateRequest(
+                    templateCode = HANDOVER_APPLICATION_RESULT_TEMPLATE_CODE,
+                    bodyParams = bodyParams,
+                    titleParams = bodyParams,
+                    notifyType = mutableSetOf(NotifyType.RTX.name, NotifyType.EMAIL.name),
+                    receivers = mutableSetOf(overview.applicant)
+                )
+                logger.info("send handover application result email:{}|{} ", request, emailRequest)
+                kotlin.runCatching {
+                    client.get(ServiceNotifyMessageTemplateResource::class).sendNotifyMessageByTemplate(emailRequest)
+                }.onFailure {
+                    logger.warn("notify email fail ${it.message}|$bodyParams|${overview.approver}")
+                }
             } catch (e: Exception) {
                 logger.warn("handle hanover application error,$e|$request")
                 throw e
@@ -2286,12 +2317,16 @@ class RbacPermissionManageFacadeServiceImpl(
         }
     }
 
+    private val handoverApplicationUrl = "${config.devopsHostGateway}/console/permission/my-handover?type=handoverFromMe&flowNo=%s"
+
     companion object {
         private val logger = LoggerFactory.getLogger(RbacPermissionResourceMemberService::class.java)
 
         private val executorService = Executors.newFixedThreadPool(30)
 
         // 永久过期时间
         private const val PERMANENT_EXPIRED_TIME = 4102444800000L
+
+        private const val HANDOVER_APPLICATION_RESULT_TEMPLATE_CODE = "BK_PERMISSIONS_HANDOVER_APPLICATION_RESULT"
     }
 }