Merge pull request #7814 from yongyiduan/issue_7812_1.9

[stream]github 审核权限优化 #7812
TencentBlueKing · Oct 18, 2022 · fdc5cb8 · fdc5cb8
2 parents 2e792ee + 304f57d
commit fdc5cb8
Show file tree

Hide file tree

Showing 5 changed files with 10 additions and 6 deletions.
diff --git a/.../core/stream/api-stream/src/main/kotlin/com/tencent/devops/stream/pojo/GitRequestEvent.kt b/.../core/stream/api-stream/src/main/kotlin/com/tencent/devops/stream/pojo/GitRequestEvent.kt
@@ -107,7 +107,8 @@ data class GitRequestEvent(
 fun GitRequestEvent.isMr() = objectKind == StreamGitObjectKind.MERGE_REQUEST.value
 
 fun GitRequestEvent.isFork(): Boolean {
-    return objectKind == StreamGitObjectKind.MERGE_REQUEST.value &&
+    return (objectKind == StreamGitObjectKind.MERGE_REQUEST.value ||
+        objectKind == StreamGitObjectKind.PULL_REQUEST.value) &&
         sourceGitProjectId != null &&
         sourceGitProjectId != gitProjectId
 }

diff --git a/...eam/src/main/kotlin/com/tencent/devops/stream/trigger/actions/github/GithubPRActionGit.kt b/...eam/src/main/kotlin/com/tencent/devops/stream/trigger/actions/github/GithubPRActionGit.kt
@@ -36,6 +36,7 @@ import com.tencent.devops.common.webhook.pojo.code.github.isPrForkNotMergeEvent
 import com.tencent.devops.process.yaml.v2.enums.StreamMrEventAction
 import com.tencent.devops.process.yaml.v2.enums.StreamObjectKind
 import com.tencent.devops.process.yaml.v2.models.on.TriggerOn
+import com.tencent.devops.repository.pojo.enums.GithubAccessLevelEnum
 import com.tencent.devops.stream.dao.StreamBasicSettingDao
 import com.tencent.devops.stream.pojo.GitRequestEvent
 import com.tencent.devops.stream.pojo.enums.TriggerReason
@@ -118,7 +119,8 @@ class GithubPRActionGit(
                 userId = this.data.eventCommon.userId
             ).accessLevel
 
-            accessLevel >= 30
+            // >= TRIAGE
+            accessLevel >= GithubAccessLevelEnum.TRIAGE.level
         } catch (error: ErrorCodeException) {
             false
         }

diff --git a/...-stream/src/main/kotlin/com/tencent/devops/stream/trigger/actions/tgit/TGitMrActionGit.kt b/...-stream/src/main/kotlin/com/tencent/devops/stream/trigger/actions/tgit/TGitMrActionGit.kt
@@ -41,6 +41,7 @@ import com.tencent.devops.common.webhook.pojo.code.git.isMrMergeEvent
 import com.tencent.devops.process.yaml.v2.enums.StreamMrEventAction
 import com.tencent.devops.process.yaml.v2.enums.StreamObjectKind
 import com.tencent.devops.process.yaml.v2.models.on.TriggerOn
+import com.tencent.devops.repository.pojo.enums.GitAccessLevelEnum
 import com.tencent.devops.scm.pojo.WebhookCommit
 import com.tencent.devops.scm.utils.code.git.GitUtils
 import com.tencent.devops.stream.dao.StreamBasicSettingDao
@@ -126,7 +127,7 @@ class TGitMrActionGit(
                 search = this.data.eventCommon.userId
             ).find { it.userId == this.data.eventCommon.userId }?.accessLevel
 
-            accessLevel != null && accessLevel >= 30
+            accessLevel != null && accessLevel >= GitAccessLevelEnum.DEVELOPER.level
         } catch (error: ErrorCodeException) {
             false
         }

diff --git a/...-stream/src/main/kotlin/com/tencent/devops/stream/trigger/git/service/GithubApiService.kt b/...-stream/src/main/kotlin/com/tencent/devops/stream/trigger/git/service/GithubApiService.kt
@@ -188,7 +188,7 @@ class GithubApiService @Autowired constructor(
             ),
             token = cred.toToken()
         ).data?.let {
-            GithubProjectUserInfo(GithubAccessLevelEnum.getGithubAccessLevel(it.permission).level, it.user.login)
+            GithubProjectUserInfo(GithubAccessLevelEnum.getGithubAccessLevel(it.roleName).level, it.user.login)
         } ?: GithubProjectUserInfo(GithubAccessLevelEnum.GUEST.level, "no_user")
     }
 

diff --git a/...in/com/tencent/devops/stream/trigger/parsers/triggerParameter/GithubRequestEventHandle.kt b/...in/com/tencent/devops/stream/trigger/parsers/triggerParameter/GithubRequestEventHandle.kt
@@ -80,9 +80,9 @@ object GithubRequestEventHandle {
             sourceGitProjectId = gitMrEvent.pullRequest.head.repo.id.toLong(),
             // Merged动作使用目标分支，因为源分支可能已被删除
             branch = if (gitMrEvent.pullRequest.merged == true) {
-                gitMrEvent.pullRequest.head.ref
-            } else {
                 gitMrEvent.pullRequest.base.ref
+            } else {
+                gitMrEvent.pullRequest.head.ref
             },
             targetBranch = gitMrEvent.pullRequest.base.ref,
             commitId = gitMrEvent.pullRequest.head.sha,