chore: 禁止普通用户使用不安全插件，比如复制到本机、自定义js脚本等

packages/ui/certd-server/src/modules/authority/controller/permission-controller.ts

@@ -1,12 +1,4 @@
-import {
-  ALL,
-  Body,
-  Controller,
-  Inject,
-  Post,
-  Provide,
-  Query,
-} from '@midwayjs/core';
+import { ALL, Body, Controller, Inject, Post, Provide, Query } from '@midwayjs/core';
 import { CrudController } from '../../../basic/crud-controller.js';
 import { PermissionService } from '../service/permission-service.js';
 
@@ -49,7 +41,7 @@ export class PermissionController extends CrudController<PermissionService> {
   @Post('/delete', { summary: 'sys:auth:per:remove' })
   async delete(
     @Query('id')
-    id : number
+    id: number
   ) {
     return await super.delete(id);
   }

packages/ui/certd-server/src/modules/authority/service/user-role-service.ts

@@ -16,4 +16,6 @@ export class UserRoleService extends BaseService<UserRoleEntity> {
   getRepository() {
     return this.repository;
   }
+
+
 }

packages/ui/certd-server/src/modules/authority/service/user-service.ts

@@ -204,4 +204,16 @@ export class UserService extends BaseService<UserEntity> {
     }
     await super.delete(ids);
   }
+
+  async isAdmin(userId: any) {
+    const userRoles = await this.userRoleService.find({
+      where: {
+        userId,
+      },
+    });
+    const roleIds = userRoles.map(item => item.roleId);
+    if (roleIds.includes(1)) {
+      return true;
+    }
+  }
 }

packages/ui/certd-server/src/modules/pipeline/service/pipeline-service.ts

@@ -4,7 +4,7 @@ import { In, Repository } from 'typeorm';
 import { BaseService } from '../../../basic/base-service.js';
 import { PipelineEntity } from '../entity/pipeline.js';
 import { PipelineDetail } from '../entity/vo/pipeline-detail.js';
-import { Executor, isPlus, Pipeline, ResultType, RunHistory } from '@certd/pipeline';
+import { Executor, isPlus, Pipeline, ResultType, RunHistory, UserInfo } from '@certd/pipeline';
 import { AccessService } from './access-service.js';
 import { DbStorage } from './db-storage.js';
 import { StorageService } from './storage-service.js';
@@ -16,9 +16,11 @@ import { HistoryLogService } from './history-log-service.js';
 import { logger } from '../../../utils/logger.js';
 import { EmailService } from '../../basic/service/email-service.js';
 import { NeedVIPException } from '../../../basic/exception/vip-exception.js';
+import { UserService } from '../../authority/service/user-service.js';
 
 const runningTasks: Map<string | number, Executor> = new Map();
 const freeCount = 10;
+
 /**
  * 证书申请
  */
@@ -38,6 +40,9 @@ export class PipelineService extends BaseService<PipelineEntity> {
   @Inject()
   historyLogService: HistoryLogService;
 
+  @Inject()
+  userService: UserService;
+
   @Inject()
   cron: Cron;
 
@@ -331,9 +336,13 @@ export class PipelineService extends BaseService<PipelineEntity> {
 
     const userId = entity.userId;
     const historyId = await this.historyService.start(entity);
-
+    const userIsAdmin = await this.userService.isAdmin(userId);
+    const user: UserInfo = {
+      id: userId,
+      role: userIsAdmin ? 'admin' : 'user',
+    };
     const executor = new Executor({
-      userId,
+      user,
       pipeline,
       onChanged,
       accessService: this.accessService,