mirror of
https://github.com/certd/certd.git
synced 2026-05-15 12:37:30 +08:00
chore: history projectId
This commit is contained in:
xiaojunnuo
@@ -66,7 +66,8 @@ export class HistoryService extends BaseService<HistoryEntity> {
|
||||
pipelineId: pipeline.id,
|
||||
title: pipeline.title,
|
||||
status: 'start',
|
||||
triggerType
|
||||
triggerType,
|
||||
projectId: pipeline.projectId,
|
||||
};
|
||||
const { id } = await this.add(bean);
|
||||
//清除大于pipeline.keepHistoryCount的历史记录
|
||||
|
||||
@@ -747,20 +747,35 @@ export class PipelineService extends BaseService<PipelineEntity> {
|
||||
return;
|
||||
}
|
||||
|
||||
async getProjectId(pipelineId: number) {
|
||||
const pipelineEntity = await this.repository.findOne({
|
||||
select: {
|
||||
projectId: true,
|
||||
},
|
||||
where: {
|
||||
id: pipelineId,
|
||||
},
|
||||
});
|
||||
return pipelineEntity.projectId;
|
||||
}
|
||||
private async saveHistory(history: RunHistory) {
|
||||
//修改pipeline状态
|
||||
const pipelineEntity = new PipelineEntity();
|
||||
let pipelineEntity = new PipelineEntity();
|
||||
pipelineEntity.id = parseInt(history.pipeline.id);
|
||||
pipelineEntity.status = history.pipeline.status.result + "";
|
||||
pipelineEntity.lastHistoryTime = history.pipeline.status.startTime;
|
||||
await this.update(pipelineEntity);
|
||||
|
||||
const projectId = await this.getProjectId(pipelineEntity.id);
|
||||
pipelineEntity.projectId = projectId;
|
||||
|
||||
const entity: HistoryEntity = new HistoryEntity();
|
||||
entity.id = parseInt(history.id);
|
||||
entity.userId = history.pipeline.userId;
|
||||
entity.status = pipelineEntity.status;
|
||||
entity.pipeline = JSON.stringify(history.pipeline);
|
||||
entity.pipelineId = parseInt(history.pipeline.id);
|
||||
entity.projectId = pipelineEntity.projectId;
|
||||
await this.historyService.save(entity);
|
||||
|
||||
const logEntity: HistoryLogEntity = new HistoryLogEntity();
|
||||
@@ -769,6 +784,7 @@ export class PipelineService extends BaseService<PipelineEntity> {
|
||||
logEntity.pipelineId = entity.pipelineId;
|
||||
logEntity.historyId = entity.id;
|
||||
logEntity.logs = JSON.stringify(history.logs);
|
||||
logEntity.projectId = pipelineEntity.projectId;
|
||||
await this.historyLogService.addOrUpdate(logEntity);
|
||||
}
|
||||
|
||||
@@ -984,7 +1000,7 @@ export class PipelineService extends BaseService<PipelineEntity> {
|
||||
throw new NeedVIPException("此功能需要升级专业版");
|
||||
}
|
||||
|
||||
if (!userId || ids.length === 0) {
|
||||
if (userId == null || ids.length === 0) {
|
||||
return;
|
||||
}
|
||||
const where:any = {
|
||||
|
||||
@@ -28,15 +28,15 @@ export class AuthService {
|
||||
}
|
||||
|
||||
//管理员有权限查看其他用户的数据
|
||||
async checkEntityUserId(ctx: any, service: any, id: any = 0, userKey = 'userId') {
|
||||
async checkEntityUserId(ctx: any, service: any, ids: number| number[] = null, userKey = 'userId') {
|
||||
const isAdmin = await this.isAdmin(ctx);
|
||||
if (isAdmin) {
|
||||
return true;
|
||||
}
|
||||
await service.checkUserId(id, ctx.user.id, userKey);
|
||||
await service.checkUserId(ids, ctx.user.id, userKey);
|
||||
}
|
||||
|
||||
async checkEntityProjectId(service:any,projectId = 0,id:any=0){
|
||||
await service.checkUserId(id, projectId , "projectId");
|
||||
async checkEntityProjectId(service:any,ids:number| number[] = null,projectId = null){
|
||||
await service.checkUserId(ids, projectId , "projectId");
|
||||
}
|
||||
}
|
||||
|
||||
@@ -9,6 +9,12 @@ import { PermissionService } from './permission-service.js';
|
||||
import * as _ from 'lodash-es';
|
||||
import { RolePermissionService } from './role-permission-service.js';
|
||||
import { LRUCache } from 'lru-cache';
|
||||
|
||||
const permissionCache = new LRUCache<string, any>({
|
||||
max: 1000,
|
||||
ttl: 1000 * 60 * 10,
|
||||
});
|
||||
|
||||
/**
|
||||
* 角色
|
||||
*/
|
||||
@@ -24,10 +30,7 @@ export class RoleService extends BaseService<RoleEntity> {
|
||||
@Inject()
|
||||
rolePermissionService: RolePermissionService;
|
||||
|
||||
permissionCache = new LRUCache<string, any>({
|
||||
max: 1000,
|
||||
ttl: 1000 * 60 * 10,
|
||||
});
|
||||
|
||||
|
||||
//@ts-ignore
|
||||
getRepository() {
|
||||
@@ -84,7 +87,7 @@ export class RoleService extends BaseService<RoleEntity> {
|
||||
//再添加
|
||||
await this.addRoles(userId, roles);
|
||||
|
||||
this.permissionCache.clear();
|
||||
permissionCache.clear();
|
||||
}
|
||||
|
||||
async getPermissionTreeByRoleId(id: any) {
|
||||
@@ -105,7 +108,7 @@ export class RoleService extends BaseService<RoleEntity> {
|
||||
permissionId,
|
||||
});
|
||||
}
|
||||
this.permissionCache.clear();
|
||||
permissionCache.clear();
|
||||
}
|
||||
|
||||
async getPermissionSetByRoleIds(roleIds: number[]): Promise<Set<string>> {
|
||||
@@ -120,12 +123,12 @@ export class RoleService extends BaseService<RoleEntity> {
|
||||
|
||||
async getCachedPermissionSetByRoleIds(roleIds: number[]): Promise<Set<string>> {
|
||||
const roleIdsKey = roleIds.join(',');
|
||||
let permissionSet = this.permissionCache.get(roleIdsKey);
|
||||
let permissionSet = permissionCache.get(roleIdsKey);
|
||||
if (permissionSet) {
|
||||
return permissionSet;
|
||||
}
|
||||
permissionSet = await this.getPermissionSetByRoleIds(roleIds);
|
||||
this.permissionCache.set(roleIdsKey, permissionSet);
|
||||
permissionCache.set(roleIdsKey, permissionSet);
|
||||
return permissionSet;
|
||||
}
|
||||
|
||||
|
||||
@@ -1,10 +1,16 @@
|
||||
import { BaseService, SysSettingsService } from '@certd/lib-server';
|
||||
import { Inject, Provide, Scope, ScopeEnum } from '@midwayjs/core';
|
||||
import { InjectEntityModel } from '@midwayjs/typeorm';
|
||||
import { LRUCache } from 'lru-cache';
|
||||
import { Repository } from 'typeorm';
|
||||
import { ProjectEntity } from '../entity/project.js';
|
||||
import { ProjectMemberService } from './project-member-service.js';
|
||||
|
||||
const projectCache = new LRUCache<string, any>({
|
||||
max: 1000,
|
||||
ttl: 1000 * 60 * 10,
|
||||
});
|
||||
|
||||
@Provide()
|
||||
@Scope(ScopeEnum.Request, { allowDowngrade: true })
|
||||
export class ProjectService extends BaseService<ProjectEntity> {
|
||||
@@ -23,7 +29,7 @@ export class ProjectService extends BaseService<ProjectEntity> {
|
||||
}
|
||||
|
||||
async add(bean: ProjectEntity) {
|
||||
const {name} = bean;
|
||||
const { name } = bean;
|
||||
if (!name) {
|
||||
throw new Error('项目名称不能为空');
|
||||
}
|
||||
@@ -33,17 +39,25 @@ export class ProjectService extends BaseService<ProjectEntity> {
|
||||
userId: 0,
|
||||
},
|
||||
});
|
||||
if (exist) {
|
||||
throw new Error('项目名称已存在');
|
||||
}
|
||||
bean.disabled = false
|
||||
return await super.add(bean)
|
||||
if (exist) {
|
||||
throw new Error('项目名称已存在');
|
||||
}
|
||||
bean.disabled = false
|
||||
const res= await super.add(bean)
|
||||
projectCache.clear();
|
||||
return res;
|
||||
}
|
||||
|
||||
async update( bean: ProjectEntity) {
|
||||
const res= await super.update(bean)
|
||||
projectCache.clear();
|
||||
return res;
|
||||
}
|
||||
|
||||
async setDisabled(id: number, disabled: boolean) {
|
||||
await this.repository.update({
|
||||
id,
|
||||
userId:0,
|
||||
userId: 0,
|
||||
}, {
|
||||
disabled,
|
||||
});
|
||||
@@ -55,7 +69,7 @@ export class ProjectService extends BaseService<ProjectEntity> {
|
||||
const projectIds = memberList.map(item => item.projectId);
|
||||
const projectList = await this.repository.createQueryBuilder('project')
|
||||
.where(' project.disabled = false')
|
||||
.where(' project.userId = :userId', { userId:0 })
|
||||
.where(' project.userId = :userId', { userId: 0 })
|
||||
.where(' project.id IN (:...projectIds) or project.adminId = :userId', { projectIds, userId })
|
||||
.getMany();
|
||||
|
||||
@@ -67,7 +81,7 @@ export class ProjectService extends BaseService<ProjectEntity> {
|
||||
projectList.forEach(item => {
|
||||
if (item.adminId === userId) {
|
||||
item.permission = 'admin';
|
||||
}else{
|
||||
} else {
|
||||
item.permission = memberPermissionMap[item.id] || 'read';
|
||||
}
|
||||
})
|
||||
@@ -75,21 +89,21 @@ export class ProjectService extends BaseService<ProjectEntity> {
|
||||
return projectList
|
||||
}
|
||||
|
||||
async checkAdminPermission({userId, projectId}: {userId: number, projectId: number}) {
|
||||
async checkAdminPermission({ userId, projectId }: { userId: number, projectId: number }) {
|
||||
return await this.checkPermission({
|
||||
userId,
|
||||
projectId,
|
||||
permission: 'admin',
|
||||
})
|
||||
}
|
||||
async checkWritePermission({userId, projectId}: {userId: number, projectId: number}) {
|
||||
async checkWritePermission({ userId, projectId }: { userId: number, projectId: number }) {
|
||||
return await this.checkPermission({
|
||||
userId,
|
||||
projectId,
|
||||
permission: 'write',
|
||||
})
|
||||
}
|
||||
async checkReadPermission({userId, projectId}: {userId: number, projectId: number}) {
|
||||
async checkReadPermission({ userId, projectId }: { userId: number, projectId: number }) {
|
||||
return await this.checkPermission({
|
||||
userId,
|
||||
projectId,
|
||||
@@ -97,47 +111,60 @@ export class ProjectService extends BaseService<ProjectEntity> {
|
||||
})
|
||||
}
|
||||
|
||||
async checkPermission({userId, projectId, permission}: {userId: number, projectId: number, permission: string}) {
|
||||
if (permission !== 'admin' && permission !== 'write' && permission !== 'read') {
|
||||
throw new Error('权限类型错误');
|
||||
}
|
||||
if (!userId ){
|
||||
throw new Error('用户ID不能为空');
|
||||
}
|
||||
if (!projectId ){
|
||||
throw new Error('项目ID不能为空');
|
||||
}
|
||||
const project = await this.findOne({
|
||||
select: ['id', 'userId', 'adminId', 'disabled'],
|
||||
where: {
|
||||
id: projectId,
|
||||
},
|
||||
});
|
||||
if (!project) {
|
||||
throw new Error('项目不存在');
|
||||
async checkPermission({ userId, projectId, permission }: { userId: number, projectId: number, permission: string }) {
|
||||
if (permission !== 'admin' && permission !== 'write' && permission !== 'read') {
|
||||
throw new Error('权限类型错误');
|
||||
}
|
||||
if (project.adminId === userId) {
|
||||
//创建者拥有管理权限
|
||||
return true
|
||||
if (!userId) {
|
||||
throw new Error('用户ID不能为空');
|
||||
}
|
||||
if (project.disabled) {
|
||||
throw new Error('项目已禁用');
|
||||
if (!projectId) {
|
||||
throw new Error('项目ID不能为空');
|
||||
}
|
||||
const member = await this.projectMemberService.getMember(projectId,userId);
|
||||
if (!member) {
|
||||
throw new Error('项目成员不存在');
|
||||
|
||||
const cacheKey = `projectPermission:${projectId}:${userId}`
|
||||
let savedPermission = projectCache.get(cacheKey);
|
||||
|
||||
if (!savedPermission){
|
||||
const project = await this.findOne({
|
||||
select: ['id', 'userId', 'adminId', 'disabled'],
|
||||
where: {
|
||||
id: projectId,
|
||||
},
|
||||
});
|
||||
if (!project) {
|
||||
throw new Error('项目不存在');
|
||||
}
|
||||
if (project.adminId === userId) {
|
||||
//创建者拥有管理权限
|
||||
savedPermission = 'admin';
|
||||
}else{
|
||||
if (project.disabled) {
|
||||
throw new Error('项目已禁用');
|
||||
}
|
||||
const member = await this.projectMemberService.getMember(projectId, userId);
|
||||
if (!member) {
|
||||
throw new Error('项目成员不存在');
|
||||
}
|
||||
savedPermission = member.permission;
|
||||
}
|
||||
}
|
||||
projectCache.set(cacheKey, savedPermission,{ttl: 3 * 60 * 1000});
|
||||
if (!savedPermission) {
|
||||
throw new Error('权限不足');
|
||||
}
|
||||
|
||||
if (permission === 'read') {
|
||||
return true
|
||||
}
|
||||
if (permission === 'write') {
|
||||
if (member.permission === 'admin' || member.permission === 'write') {
|
||||
if (savedPermission === 'admin' || savedPermission === 'write') {
|
||||
return true
|
||||
}else{
|
||||
} else {
|
||||
throw new Error('权限不足');
|
||||
}
|
||||
}
|
||||
if (member.permission !== permission) {
|
||||
if (savedPermission !== permission) {
|
||||
throw new Error('权限不足');
|
||||
}
|
||||
return true
|
||||
|
||||
Reference in New Issue
Block a user