From d1fb92cff4bbf0723822e82885a8775343f6a9ca Mon Sep 17 00:00:00 2001
From: greysonfang <greysonfang@tencent.com>
Date: Thu, 5 Sep 2024 11:02:09 +0800
Subject: [PATCH] =?UTF-8?q?feat=EF=BC=9A=E6=B4=BB=E8=B7=83=E7=94=A8?=
 =?UTF-8?q?=E6=88=B7=E8=AE=B0=E5=BD=95=E6=93=8D=E4=BD=9C=E5=92=8C=E6=AC=A1?=
 =?UTF-8?q?=E6=95=B0=20#10891?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../UserAuthResourceMemberResourceImpl.kt     | 37 +++++++++++++------
 1 file changed, 25 insertions(+), 12 deletions(-)

diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserAuthResourceMemberResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserAuthResourceMemberResourceImpl.kt
index 47912b3d569..952ed7a9d65 100644
--- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserAuthResourceMemberResourceImpl.kt
+++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserAuthResourceMemberResourceImpl.kt
@@ -12,16 +12,19 @@ import com.tencent.devops.auth.pojo.vo.BatchOperateGroupMemberCheckVo
 import com.tencent.devops.auth.pojo.vo.GroupDetailsInfoVo
 import com.tencent.devops.auth.pojo.vo.MemberGroupCountWithPermissionsVo
 import com.tencent.devops.auth.service.iam.PermissionResourceMemberService
+import com.tencent.devops.auth.service.iam.PermissionService
 import com.tencent.devops.common.api.model.SQLPage
 import com.tencent.devops.common.api.pojo.Result
+import com.tencent.devops.common.auth.api.AuthPermission
+import com.tencent.devops.common.auth.api.AuthResourceType
 import com.tencent.devops.common.auth.api.BkManagerCheck
 import com.tencent.devops.common.web.RestResource
 
 @RestResource
 class UserAuthResourceMemberResourceImpl(
-    private val permissionResourceMemberService: PermissionResourceMemberService
+    private val permissionResourceMemberService: PermissionResourceMemberService,
+    private val permissionService: PermissionService
 ) : UserAuthResourceMemberResource {
-    @BkManagerCheck
     override fun listProjectMembers(
         userId: String,
         projectId: String,
@@ -32,17 +35,27 @@ class UserAuthResourceMemberResourceImpl(
         page: Int,
         pageSize: Int
     ): Result<SQLPage<ResourceMemberInfo>> {
-        return Result(
-            permissionResourceMemberService.listProjectMembers(
-                projectCode = projectId,
-                memberType = memberType,
-                userName = userName,
-                deptName = deptName,
-                departedFlag = departedFlag ?: false,
-                page = page,
-                pageSize = pageSize
-            )
+        val hasVisitPermission = permissionService.validateUserResourcePermission(
+            userId = userId,
+            resourceType = AuthResourceType.PROJECT.value,
+            action = AuthPermission.VISIT.value,
+            projectCode = projectId
         )
+        return if (!hasVisitPermission) {
+            Result(SQLPage(0, emptyList()))
+        } else {
+            Result(
+                permissionResourceMemberService.listProjectMembers(
+                    projectCode = projectId,
+                    memberType = memberType,
+                    userName = userName,
+                    deptName = deptName,
+                    departedFlag = departedFlag ?: false,
+                    page = page,
+                    pageSize = pageSize
+                )
+            )
+        }
     }
 
     @BkManagerCheck