diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineAtomService.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineAtomService.kt index 33750f2cc74..82850c24f58 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineAtomService.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineAtomService.kt @@ -374,7 +374,11 @@ class PipelineAtomService @Autowired constructor( private fun validateUserAtomPermission(atomCode: String, userId: String) { val validateResult = - client.get(ServiceStoreResource::class).isStoreMember(atomCode, StoreTypeEnum.ATOM, userId) + client.get(ServiceStoreResource::class).validatePipelineUserAtomPermission( + storeCode = atomCode, + storeType = StoreTypeEnum.ATOM, + userId = userId + ) if (validateResult.isNotOk()) { throw ErrorCodeException( errorCode = validateResult.status.toString(), diff --git a/src/backend/ci/core/store/api-store/src/main/kotlin/com/tencent/devops/store/api/common/ServiceStoreResource.kt b/src/backend/ci/core/store/api-store/src/main/kotlin/com/tencent/devops/store/api/common/ServiceStoreResource.kt index 5e7a2ab0350..626c2af6949 100644 --- a/src/backend/ci/core/store/api-store/src/main/kotlin/com/tencent/devops/store/api/common/ServiceStoreResource.kt +++ b/src/backend/ci/core/store/api-store/src/main/kotlin/com/tencent/devops/store/api/common/ServiceStoreResource.kt @@ -109,6 +109,21 @@ interface ServiceStoreResource { userId: String ): Result + @Operation(summary = "校验流水线用户访问插件信息权限") + @GET + @Path("/codes/{storeCode}/pipeline/user/validate") + fun validatePipelineUserAtomPermission( + @Parameter(description = "标识", required = true) + @PathParam("storeCode") + storeCode: String, + @Parameter(description = "类型", required = true) + @QueryParam("storeType") + storeType: StoreTypeEnum, + @Parameter(description = "用户ID", required = true) + @QueryParam("userId") + userId: String + ): Result + @Operation(summary = "判断错误码是否合规") @POST @Path("/codes/{storeCode}/errorCode/compliance") diff --git a/src/backend/ci/core/store/biz-store/src/main/kotlin/com/tencent/devops/store/common/dao/StorePipelineRelDao.kt b/src/backend/ci/core/store/biz-store/src/main/kotlin/com/tencent/devops/store/common/dao/StorePipelineRelDao.kt index 1ffbfdf00d0..82248cc78e1 100644 --- a/src/backend/ci/core/store/biz-store/src/main/kotlin/com/tencent/devops/store/common/dao/StorePipelineRelDao.kt +++ b/src/backend/ci/core/store/biz-store/src/main/kotlin/com/tencent/devops/store/common/dao/StorePipelineRelDao.kt @@ -86,6 +86,14 @@ class StorePipelineRelDao { } } + fun getStorePipelineRelByPipelineId(dslContext: DSLContext, pipelineId: String): TStorePipelineRelRecord? { + with(TStorePipelineRel.T_STORE_PIPELINE_REL) { + return dslContext.selectFrom(this) + .where(PIPELINE_ID.eq(pipelineId)) + .fetchOne() + } + } + fun getStorePipelineRelByStoreCode( dslContext: DSLContext, storeCode: String, @@ -96,7 +104,6 @@ class StorePipelineRelDao { .where(STORE_CODE.eq(storeCode)) .and(STORE_TYPE.eq(storeType.type.toByte())) .orderBy(UPDATE_TIME.desc()) - .limit(1) .fetchOne() } } diff --git a/src/backend/ci/core/store/biz-store/src/main/kotlin/com/tencent/devops/store/common/dao/StoreProjectRelDao.kt b/src/backend/ci/core/store/biz-store/src/main/kotlin/com/tencent/devops/store/common/dao/StoreProjectRelDao.kt index caa97055138..4465f1d76e1 100644 --- a/src/backend/ci/core/store/biz-store/src/main/kotlin/com/tencent/devops/store/common/dao/StoreProjectRelDao.kt +++ b/src/backend/ci/core/store/biz-store/src/main/kotlin/com/tencent/devops/store/common/dao/StoreProjectRelDao.kt @@ -627,6 +627,7 @@ class StoreProjectRelDao { .where(CREATOR.eq(userId)) .and(STORE_CODE.eq(storeCode)) .and(STORE_TYPE.eq(storeType)) + .and(TYPE.eq(StoreProjectTypeEnum.COMMON.type.toByte())) .fetchOne(0, Long::class.java) != 0L } } diff --git a/src/backend/ci/core/store/biz-store/src/main/kotlin/com/tencent/devops/store/common/resources/ServiceStoreResourceImpl.kt b/src/backend/ci/core/store/biz-store/src/main/kotlin/com/tencent/devops/store/common/resources/ServiceStoreResourceImpl.kt index 949c443ed93..75f6d784bf7 100644 --- a/src/backend/ci/core/store/biz-store/src/main/kotlin/com/tencent/devops/store/common/resources/ServiceStoreResourceImpl.kt +++ b/src/backend/ci/core/store/biz-store/src/main/kotlin/com/tencent/devops/store/common/resources/ServiceStoreResourceImpl.kt @@ -30,6 +30,7 @@ package com.tencent.devops.store.common.resources import com.tencent.devops.common.api.pojo.Result import com.tencent.devops.common.web.RestResource import com.tencent.devops.store.api.common.ServiceStoreResource +import com.tencent.devops.store.common.configuration.StoreInnerPipelineConfig import com.tencent.devops.store.common.service.ClassifyService import com.tencent.devops.store.common.service.StoreBuildService import com.tencent.devops.store.common.service.StoreComponentManageService @@ -53,7 +54,8 @@ class ServiceStoreResourceImpl @Autowired constructor( private val storeErrorCodeService: StoreErrorCodeService, private val storeMemberService: StoreMemberService, private val classifyService: ClassifyService, - private val storeComponentManageService: StoreComponentManageService + private val storeComponentManageService: StoreComponentManageService, + private val storeInnerPipelineConfig: StoreInnerPipelineConfig ) : ServiceStoreResource { override fun uninstall(storeCode: String, storeType: StoreTypeEnum, projectCode: String): Result { @@ -80,6 +82,18 @@ class ServiceStoreResourceImpl @Autowired constructor( ) } + override fun validatePipelineUserAtomPermission( + storeCode: String, + storeType: StoreTypeEnum, + userId: String + ): Result { + return Result( + storeInnerPipelineConfig.innerPipelineUser == userId || storeMemberService.isStoreMember( + userId, storeCode, storeType.type.toByte() + ) + ) + } + override fun isComplianceErrorCode( storeCode: String, storeType: StoreTypeEnum, diff --git a/src/backend/ci/core/store/biz-store/src/main/kotlin/com/tencent/devops/store/common/service/impl/StoreBuildServiceImpl.kt b/src/backend/ci/core/store/biz-store/src/main/kotlin/com/tencent/devops/store/common/service/impl/StoreBuildServiceImpl.kt index 2023bde5eaf..2248b945883 100644 --- a/src/backend/ci/core/store/biz-store/src/main/kotlin/com/tencent/devops/store/common/service/impl/StoreBuildServiceImpl.kt +++ b/src/backend/ci/core/store/biz-store/src/main/kotlin/com/tencent/devops/store/common/service/impl/StoreBuildServiceImpl.kt @@ -62,22 +62,21 @@ class StoreBuildServiceImpl @Autowired constructor( // 查看该次构建流水线属于研发商店哪个组件类型 val storeBuildInfoRecord = storePipelineBuildRelDao.getStorePipelineBuildRelByBuildId(dslContext, buildId) logger.info("handleStoreBuildResult pipelineId:${storeBuildInfoRecord?.pipelineId}") - val storeType = storeBuildInfoRecord?.pipelineId?.let { - storePipelineRelDao.getStoreTypeByLatestPipelineId( - dslContext = dslContext, - pipelineId = it - ) - } - logger.info("handleStoreBuildResult pipelineId:${storeBuildInfoRecord?.pipelineId},storeType:$storeType") - if (storeType == null) { + if (storeBuildInfoRecord == null) { return I18nUtil.generateResponseDataObject( messageCode = CommonMessageCode.PARAMETER_IS_INVALID, params = arrayOf(pipelineId), language = I18nUtil.getLanguage(I18nUtil.getRequestUserId()) ) } + val storeType = storeBuildInfoRecord.pipelineId?.let { + storePipelineRelDao.getStoreTypeByLatestPipelineId( + dslContext = dslContext, + pipelineId = it + ) + } val storeHandleBuildResultService = - getStoreHandleBuildResultService(StoreTypeEnum.getStoreType(storeType.toInt())) + getStoreHandleBuildResultService(StoreTypeEnum.getStoreType(storeType!!.toInt())) val result = storeHandleBuildResultService.handleStoreBuildResult(pipelineId, buildId, storeBuildResultRequest) logger.info("handleStoreBuildResult result is:$result") if (result.isNotOk() || result.data != true) { diff --git a/src/backend/ci/core/store/biz-store/src/main/kotlin/com/tencent/devops/store/common/service/impl/StoreCommonServiceImpl.kt b/src/backend/ci/core/store/biz-store/src/main/kotlin/com/tencent/devops/store/common/service/impl/StoreCommonServiceImpl.kt index 87d35f322fa..08c7a6a3042 100644 --- a/src/backend/ci/core/store/biz-store/src/main/kotlin/com/tencent/devops/store/common/service/impl/StoreCommonServiceImpl.kt +++ b/src/backend/ci/core/store/biz-store/src/main/kotlin/com/tencent/devops/store/common/service/impl/StoreCommonServiceImpl.kt @@ -301,10 +301,9 @@ abstract class StoreCommonServiceImpl : StoreCommonService { val storeBuildInfoRecord = storePipelineBuildRelDao.getStorePipelineBuildRel(dslContext, storeId) if (null != storeBuildInfoRecord) { val pipelineId = storeBuildInfoRecord.pipelineId - val storePipelineRelRecord = storePipelineRelDao.getStorePipelineRelByStoreCode( + val storePipelineRelRecord = storePipelineRelDao.getStorePipelineRelByPipelineId( dslContext = dslContext, - storeType = storeType, - storeCode = storeCode + pipelineId = pipelineId ) var projectCode = storePipelineRelRecord?.projectCode if (projectCode.isNullOrBlank()) { diff --git a/src/backend/ci/core/store/biz-store/src/main/kotlin/com/tencent/devops/store/common/service/impl/StoreMemberServiceImpl.kt b/src/backend/ci/core/store/biz-store/src/main/kotlin/com/tencent/devops/store/common/service/impl/StoreMemberServiceImpl.kt index 6de629540ef..87ab505d195 100644 --- a/src/backend/ci/core/store/biz-store/src/main/kotlin/com/tencent/devops/store/common/service/impl/StoreMemberServiceImpl.kt +++ b/src/backend/ci/core/store/biz-store/src/main/kotlin/com/tencent/devops/store/common/service/impl/StoreMemberServiceImpl.kt @@ -407,9 +407,6 @@ abstract class StoreMemberServiceImpl : StoreMemberService { * 判断是否为成员 */ override fun isStoreMember(userId: String, storeCode: String, storeType: Byte): Boolean { - if (userId == storeInnerPipelineConfig.innerPipelineUser) { - return true - } return storeMemberDao.isStoreMember(dslContext, userId, storeCode, storeType) } diff --git a/src/backend/ci/core/store/biz-store/src/main/kotlin/com/tencent/devops/store/common/service/impl/StorePipelineServiceImpl.kt b/src/backend/ci/core/store/biz-store/src/main/kotlin/com/tencent/devops/store/common/service/impl/StorePipelineServiceImpl.kt index ca17a44acbe..57f60f50748 100644 --- a/src/backend/ci/core/store/biz-store/src/main/kotlin/com/tencent/devops/store/common/service/impl/StorePipelineServiceImpl.kt +++ b/src/backend/ci/core/store/biz-store/src/main/kotlin/com/tencent/devops/store/common/service/impl/StorePipelineServiceImpl.kt @@ -495,6 +495,7 @@ class StorePipelineServiceImpl @Autowired constructor( params = arrayOf(storeCode ?: "$storeType-PIPELINE-BUILD:PUBLIC") ) logger.info("handleStorePublicPipelineModel pipelineId:$pipelineId|publicPipelineId:$publicPipelineId") + // 对已托管给公共项目的组件刷新内置流水线model时则给组件在公共项目下创建单独的流水线 if (storeCode != null && pipelineId == publicPipelineId) { pipelineId = creatStorePipelineByStoreCode( dslContext = dslContext, @@ -600,7 +601,7 @@ class StorePipelineServiceImpl @Autowired constructor( pipelineName ) val model = JsonUtil.to(pipelineModel, Model::class.java) - val pipelineId = client.get(ServicePipelineResource::class).create( + val pipelineId = client.get(ServicePipelineResource::class).create( userId = innerPipelineUser, projectId = innerPipelineProject, pipeline = model,