Skip to content

Commit b370920

Browse files
Merge pull request #2695 from actiontech/issue-2675-6
modify: global workflow display based on roles
2 parents eb287d5 + d9e526d commit b370920

File tree

1 file changed

+89
-22
lines changed

1 file changed

+89
-22
lines changed

sqle/api/controller/v1/workflow.go

Lines changed: 89 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -571,36 +571,58 @@ func GetGlobalWorkflowsV1(c echo.Context) error {
571571
return controller.JSONBaseErrorReq(c, err)
572572
}
573573

574+
// 1. 权限控制
575+
// 1.1. 获取用户的所有权限信息
574576
user, err := controller.GetCurrentUser(c, dms.GetUser)
575577
if err != nil {
576578
return controller.JSONBaseErrorReq(c, err)
577579
}
580+
permissions, isAdmin, err := dmsobject.GetUserOpPermission(c.Request().Context(), "", user.GetIDStr(), dms.GetDMSServerAddress())
581+
if err != nil {
582+
return controller.JSONBaseErrorReq(c, err)
583+
}
584+
// 1.2. 获取用户全局待关注清单的可见性
585+
userVisibility := getGlobalDashBoardVisibilityOfUser(isAdmin, permissions)
586+
if req.FilterCurrentStepAssigneeUserId != "" {
587+
// 如果根据当前用户筛选,则筛选出用户在所有项目中的工单
588+
userVisibility = GlobalDashBoardVisibilityGlobal
589+
}
590+
// 1.3. 若用户可见性为多项目,则需要根据项目id筛选
591+
var projectIdsOfProjectAdmin []string
592+
if userVisibility == GlobalDashBoardVisibilityProjects {
593+
for _, permission := range permissions {
594+
if permission.OpPermissionType == dmsV1.OpPermissionTypeProjectAdmin {
595+
projectIdsOfProjectAdmin = append(projectIdsOfProjectAdmin, permission.RangeUids...)
596+
}
597+
}
598+
}
578599

600+
// 2. 组织筛选项
601+
// 2.1. 基本筛选项
579602
limit, offset := controller.GetLimitAndOffset(req.PageIndex, req.PageSize)
580-
581603
data := map[string]interface{}{
582-
"filter_subject": req.FilterSubject,
583-
"filter_create_time_from": req.FilterCreateTimeFrom,
584-
"filter_create_time_to": req.FilterCreateTimeTo,
585-
"filter_create_user_id": req.FilterCreateUserId,
586-
"filter_task_execute_start_time_from": req.FilterTaskExecuteStartTimeFrom,
587-
"filter_task_execute_start_time_to": req.FilterTaskExecuteStartTimeTo,
588-
"filter_status": req.FilterStatus,
589-
"filter_current_step_assignee_user_id": req.FilterCurrentStepAssigneeUserId,
590-
"filter_task_instance_id": req.FilterTaskInstanceId,
591-
"current_user_id": user.GetIDStr(),
592-
"check_user_can_access": user.Name != model.DefaultAdminUser, // dms-todo: 判断是否是超级管理员
593-
"limit": limit,
594-
"offset": offset,
595-
"filter_status_list": req.FilterStatusList, // 根据SQL工单的状态筛选多个状态的工单
596-
"filter_project_id": req.FilterProjectUid, // 根据项目id筛选某些一个项目下的多个工单
597-
"filter_instance_id": req.FilterInstanceId, // 根据工单记录的数据源id,筛选包含该数据源的工单,多数据源情况下,一旦包含该数据源,则被选中
598-
}
599-
600-
projectMap := make(map[string] /* project uid */ *dmsV1.ListProject)
601-
// 若根据项目优先级筛选,则先请求dms,获取优先级对应的项目信息
604+
// "filter_subject": req.FilterSubject,
605+
// "filter_create_time_from": req.FilterCreateTimeFrom,
606+
// "filter_create_time_to": req.FilterCreateTimeTo,
607+
// "filter_task_execute_start_time_from": req.FilterTaskExecuteStartTimeFrom,
608+
// "filter_task_execute_start_time_to": req.FilterTaskExecuteStartTimeTo,
609+
// "filter_status": req.FilterStatus,
610+
// "filter_current_step_assignee_user_id": req.FilterCurrentStepAssigneeUserId,
611+
// "filter_task_instance_id": req.FilterTaskInstanceId,
612+
// "current_user_id": user.GetIDStr(),
613+
// "check_user_can_access": canViewGlobal,
614+
"filter_create_user_id": req.FilterCreateUserId,
615+
"limit": limit,
616+
"offset": offset,
617+
"filter_status_list": req.FilterStatusList, // 根据SQL工单的状态筛选多个状态的工单
618+
"filter_project_id": req.FilterProjectUid, // 根据项目id筛选某些一个项目下的多个工单
619+
"filter_instance_id": req.FilterInstanceId, // 根据工单记录的数据源id,筛选包含该数据源的工单,多数据源情况下,一旦包含该数据源,则被选中
620+
}
621+
// 2.2 页面筛选项:如果根据项目优先级筛选,则先筛选出对应优先级下的项目
622+
var projectIdsByPriority []string
623+
var projectMap map[string]*dmsV1.ListProject
602624
if req.FilterProjectPriority != "" {
603-
data["filter_project_id_list"], projectMap, err = loadProjectsByPriority(c.Request().Context(), req.FilterProjectPriority)
625+
projectIdsByPriority, projectMap, err = loadProjectsByPriority(c.Request().Context(), req.FilterProjectPriority)
604626
if err != nil {
605627
return controller.JSONBaseErrorReq(c, err)
606628
}
@@ -612,7 +634,26 @@ func GetGlobalWorkflowsV1(c echo.Context) error {
612634
})
613635
}
614636
}
637+
if req.FilterProjectPriority != "" {
638+
// 2.2.1 若根据项目优先级筛选,则根据优先级对应的项目筛选
639+
data["filter_project_id_list"] = projectIdsByPriority
640+
}
615641

642+
if req.FilterProjectPriority != "" && userVisibility == GlobalDashBoardVisibilityProjects {
643+
// 2.2.2 若根据项目优先级筛选,且可以查看多项目待关注SQL,则将可查看的项目和项目优先级筛选后的项目的集合取交集
644+
data["filter_project_id_list"] = utils.IntersectionStringSlice(projectIdsByPriority, projectIdsOfProjectAdmin)
645+
}
646+
// 2.3 若不根据项目优先级筛选
647+
if req.FilterProjectPriority == "" && userVisibility == GlobalDashBoardVisibilityProjects {
648+
// 2.3.1 若可以查看多项目待关注SQL,则通过用户的有权限的项目进行筛选
649+
data["filter_project_id_list"] = projectIdsOfProjectAdmin
650+
}
651+
// 2.4. 若用户可见性为受让人,则可以查看在SQL管控中分配给他的SQL
652+
if userVisibility == GlobalDashBoardVisibilityAssignee {
653+
data["filter_current_step_assignee_user_id"] = user.GetIDStr()
654+
}
655+
656+
// 3. 根据筛选项筛选SQL管控的SQL信息
616657
s := model.GetStorage()
617658
workflows, count, err := s.GetWorkflowsByReq(data)
618659
if err != nil {
@@ -670,6 +711,32 @@ func GetGlobalWorkflowsV1(c echo.Context) error {
670711
})
671712
}
672713

714+
type GlobalDashBoardVisibility string
715+
716+
const GlobalDashBoardVisibilityGlobal GlobalDashBoardVisibility = "global"
717+
const GlobalDashBoardVisibilityProjects GlobalDashBoardVisibility = "projects"
718+
const GlobalDashBoardVisibilityAssignee GlobalDashBoardVisibility = "assignee"
719+
720+
func getGlobalDashBoardVisibilityOfUser(isAdmin bool, permissions []dmsV1.OpPermissionItem) GlobalDashBoardVisibility {
721+
// 角色:全局管理员,全局可查看者
722+
if isAdmin {
723+
return GlobalDashBoardVisibilityGlobal
724+
}
725+
for _, permission := range permissions {
726+
if permission.OpPermissionType == dmsV1.OpPermissionTypeGlobalView || permission.OpPermissionType == dmsV1.OpPermissionTypeGlobalManagement {
727+
return GlobalDashBoardVisibilityGlobal
728+
}
729+
}
730+
// 角色:多项目管理者
731+
for _, permission := range permissions {
732+
if permission.OpPermissionType == dmsV1.OpPermissionTypeProjectAdmin {
733+
return GlobalDashBoardVisibilityProjects
734+
}
735+
}
736+
// 角色:受让人,事件处理者
737+
return GlobalDashBoardVisibilityAssignee
738+
}
739+
673740
// 根据项目优先级从 dms 系统中获取相应的项目列表,并返回项目ID列表和项目映射
674741
func loadProjectsByPriority(ctx context.Context, priority dmsV1.ProjectPriority) (projectIds []string, projectMap map[string] /* project uid */ *dmsV1.ListProject, err error) {
675742
projectMap = make(map[string]*dmsV1.ListProject)

0 commit comments

Comments
 (0)