mirror of
https://github.com/certd/certd.git
synced 2026-04-23 19:57:27 +08:00
perf: 支持授权给管理员查看和下载用户证书
This commit is contained in:
xiaojunnuo
@@ -2,6 +2,9 @@ import { ALL, Body, Controller, Inject, Post, Provide, Query } from "@midwayjs/c
|
||||
import { Constants, CrudController } from "@certd/lib-server";
|
||||
import { UserSettingsService } from "../../../modules/mine/service/user-settings-service.js";
|
||||
import { UserSettingsEntity } from "../../../modules/mine/entity/user-settings.js";
|
||||
import { UserGrantSetting } from "../../../modules/mine/service/models.js";
|
||||
import { isPlus } from "@certd/plus-core";
|
||||
import { merge } from "lodash-es";
|
||||
|
||||
/**
|
||||
*/
|
||||
@@ -65,6 +68,26 @@ export class UserSettingsController extends CrudController<UserSettingsService>
|
||||
const entity = await this.service.getByKey(key, this.getUserId());
|
||||
return this.ok(entity);
|
||||
}
|
||||
@Post("/grant/get", { summary: Constants.per.authOnly })
|
||||
async grantSettingsGet() {
|
||||
const userId = this.getUserId();
|
||||
const setting = await this.service.getSetting<UserGrantSetting>(userId, UserGrantSetting);
|
||||
return this.ok(setting);
|
||||
}
|
||||
|
||||
@Post("/grant/save", { summary: Constants.per.authOnly })
|
||||
async grantSettingsSave(@Body(ALL) bean: UserGrantSetting) {
|
||||
if (!isPlus()) {
|
||||
throw new Error('本功能需要开通专业版')
|
||||
}
|
||||
const userId = this.getUserId();
|
||||
const setting = new UserGrantSetting();
|
||||
merge(setting, bean);
|
||||
|
||||
await this.service.saveSetting(userId, setting);
|
||||
return this.ok({});
|
||||
}
|
||||
|
||||
|
||||
|
||||
}
|
||||
|
||||
@@ -1,8 +1,10 @@
|
||||
import {Body, Controller, Inject, Post, Provide, Query} from '@midwayjs/core';
|
||||
import { Body, Controller, Inject, Post, Provide, Query } from '@midwayjs/core';
|
||||
import { PipelineService } from '../../../modules/pipeline/service/pipeline-service.js';
|
||||
import { BaseController, Constants } from '@certd/lib-server';
|
||||
import { BaseController, Constants, PermissionException } from '@certd/lib-server';
|
||||
import { StorageService } from '../../../modules/pipeline/service/storage-service.js';
|
||||
import {CertReader} from "@certd/plugin-cert";
|
||||
import { CertReader } from "@certd/plugin-cert";
|
||||
import { UserSettingsService } from '../../../modules/mine/service/user-settings-service.js';
|
||||
import { UserGrantSetting } from '../../../modules/mine/service/models.js';
|
||||
|
||||
@Provide()
|
||||
@Controller('/api/pi/cert')
|
||||
@@ -12,10 +14,32 @@ export class CertController extends BaseController {
|
||||
@Inject()
|
||||
storeService: StorageService;
|
||||
|
||||
|
||||
@Inject()
|
||||
userSettingsService: UserSettingsService;
|
||||
|
||||
|
||||
@Post('/get', { summary: Constants.per.authOnly })
|
||||
async getCert(@Query('id') id: number) {
|
||||
const userId = this.getUserId();
|
||||
await this.pipelineService.checkUserId(id, userId);
|
||||
|
||||
|
||||
|
||||
const pipleinUserId = await this.pipelineService.getPipelineUserId(id);
|
||||
|
||||
if (pipleinUserId !== userId) {
|
||||
// 如果是管理员,检查用户是否有授权管理员查看
|
||||
const isAdmin = await this.isAdmin()
|
||||
if (!isAdmin) {
|
||||
throw new PermissionException();
|
||||
}
|
||||
// 是否允许管理员查看
|
||||
const setting = await this.userSettingsService.getSetting<UserGrantSetting>(pipleinUserId, UserGrantSetting, false);
|
||||
if (setting?.allowAdminViewCerts !== true) {
|
||||
//不允许管理员查看
|
||||
throw new PermissionException("该流水线的用户还未授权管理员查看证书,请先让用户在”设置->授权委托“中打开开关");
|
||||
}
|
||||
}
|
||||
const privateVars = await this.storeService.getPipelinePrivateVars(id);
|
||||
return this.ok(privateVars.cert);
|
||||
}
|
||||
@@ -24,7 +48,7 @@ export class CertController extends BaseController {
|
||||
@Post('/readCertDetail', { summary: Constants.per.authOnly })
|
||||
async readCertDetail(@Body('crt') crt: string) {
|
||||
if (!crt) {
|
||||
throw new Error('crt is required');
|
||||
throw new Error('crt is required');
|
||||
}
|
||||
const certDetail = CertReader.readCertDetail(crt)
|
||||
return this.ok(certDetail);
|
||||
|
||||
@@ -10,6 +10,8 @@ import * as fs from "fs";
|
||||
import { logger } from "@certd/basic";
|
||||
import { AuthService } from "../../../modules/sys/authority/service/auth-service.js";
|
||||
import { In } from "typeorm";
|
||||
import { UserSettingsService } from "../../../modules/mine/service/user-settings-service.js";
|
||||
import { UserGrantSetting } from "../../../modules/mine/service/models.js";
|
||||
|
||||
/**
|
||||
* 证书
|
||||
@@ -30,6 +32,9 @@ export class HistoryController extends CrudController<HistoryService> {
|
||||
@Inject()
|
||||
sysSettingsService: SysSettingsService;
|
||||
|
||||
@Inject()
|
||||
userSettingsService: UserSettingsService;
|
||||
|
||||
getService(): HistoryService {
|
||||
return this.service;
|
||||
}
|
||||
@@ -77,7 +82,7 @@ export class HistoryController extends CrudController<HistoryService> {
|
||||
|
||||
@Post('/list', { summary: Constants.per.authOnly })
|
||||
async list(@Body(ALL) body) {
|
||||
const isAdmin = await this.authService.isAdmin(this.ctx);
|
||||
const isAdmin = this.authService.isAdmin(this.ctx);
|
||||
if (!isAdmin) {
|
||||
body.userId = this.getUserId();
|
||||
}
|
||||
@@ -89,7 +94,7 @@ export class HistoryController extends CrudController<HistoryService> {
|
||||
};
|
||||
const withDetail = body.withDetail;
|
||||
delete body.withDetail;
|
||||
let select:any = null
|
||||
let select: any = null
|
||||
if (!withDetail) {
|
||||
select = {
|
||||
pipeline: true, // 后面这里改成false
|
||||
@@ -193,7 +198,6 @@ export class HistoryController extends CrudController<HistoryService> {
|
||||
|
||||
@Post('/files', { summary: Constants.per.authOnly })
|
||||
async files(@Query('pipelineId') pipelineId: number, @Query('historyId') historyId: number) {
|
||||
await this.authService.checkEntityUserId(this.ctx, this.service, historyId);
|
||||
const files = await this.getFiles(historyId, pipelineId);
|
||||
return this.ok(files);
|
||||
}
|
||||
@@ -210,14 +214,24 @@ export class HistoryController extends CrudController<HistoryService> {
|
||||
throw new CommonException('historyId is null');
|
||||
}
|
||||
if (history.userId !== this.getUserId()) {
|
||||
throw new PermissionException();
|
||||
// 如果是管理员,检查用户是否有授权管理员查看
|
||||
const isAdmin = await this.isAdmin()
|
||||
if (!isAdmin) {
|
||||
throw new PermissionException();
|
||||
}
|
||||
// 是否允许管理员查看
|
||||
const setting = await this.userSettingsService.getSetting<UserGrantSetting>(history.userId, UserGrantSetting, false);
|
||||
if (setting?.allowAdminViewCerts!==true) {
|
||||
//不允许管理员查看
|
||||
throw new PermissionException("该流水线的用户还未授权管理员下载证书,请先让用户在”设置->授权委托“中打开开关");
|
||||
}
|
||||
//允许管理员查看
|
||||
}
|
||||
return await this.service.getFiles(history);
|
||||
}
|
||||
|
||||
@Get('/download', { summary: Constants.per.authOnly })
|
||||
async download(@Query('pipelineId') pipelineId: number, @Query('historyId') historyId: number, @Query('fileId') fileId: string) {
|
||||
await this.authService.checkEntityUserId(this.ctx, this.service, historyId);
|
||||
const files = await this.getFiles(historyId, pipelineId);
|
||||
const file = files.find(f => f.id === fileId);
|
||||
if (file == null) {
|
||||
|
||||
Reference in New Issue
Block a user