diff --git a/packages/libs/lib-server/src/basic/base-controller.ts b/packages/libs/lib-server/src/basic/base-controller.ts index b618e3cde..092016580 100644 --- a/packages/libs/lib-server/src/basic/base-controller.ts +++ b/packages/libs/lib-server/src/basic/base-controller.ts @@ -105,13 +105,17 @@ export abstract class BaseController { * @param service 检查记录是否属于某用户或某项目 * @param id */ - async checkEntityOwner(service:any,id:number,permission:string){ + async checkOwner(service:any,id:number,permission:string,allowAdmin:boolean = false){ let { projectId,userId } = await this.getProjectUserId(permission) const authService:any = await this.applicationContext.getAsync("authService"); if (projectId) { - await authService.checkEntityProjectId(service, id, projectId); + await authService.checkProjectId(service, id, projectId); }else{ - await authService.checkEntityUserId(this.ctx, service, id); + if(allowAdmin){ + await authService.checkUserIdButAllowAdmin(this.ctx, service, id); + }else{ + await authService.checkUserId(this.ctx, service, id); + } } return {projectId,userId} } diff --git a/packages/ui/certd-client/src/views/certd/access/access-selector/access/crud.tsx b/packages/ui/certd-client/src/views/certd/access/access-selector/access/crud.tsx index d6361928e..e06d69f00 100644 --- a/packages/ui/certd-client/src/views/certd/access/access-selector/access/crud.tsx +++ b/packages/ui/certd-client/src/views/certd/access/access-selector/access/crud.tsx @@ -151,6 +151,9 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat title: t("certd.fields.projectName"), type: "dict-select", dict: myProjectDict, + form: { + show: false, + }, }, }, }, diff --git a/packages/ui/certd-client/src/views/certd/access/crud.tsx b/packages/ui/certd-client/src/views/certd/access/crud.tsx index 5643939cb..0dc6bad77 100644 --- a/packages/ui/certd-client/src/views/certd/access/crud.tsx +++ b/packages/ui/certd-client/src/views/certd/access/crud.tsx @@ -127,6 +127,9 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat title: t("certd.fields.projectName"), type: "dict-select", dict: myProjectDict, + form: { + show: false, + }, }, }, }, diff --git a/packages/ui/certd-client/src/views/certd/history/crud.tsx b/packages/ui/certd-client/src/views/certd/history/crud.tsx index 092f8865d..a49d805d7 100644 --- a/packages/ui/certd-client/src/views/certd/history/crud.tsx +++ b/packages/ui/certd-client/src/views/certd/history/crud.tsx @@ -206,6 +206,9 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat title: t("certd.fields.projectName"), type: "dict-select", dict: myProjectDict, + form: { + show: false, + }, }, updateTime: { title: t("certd.fields.updateTime"), diff --git a/packages/ui/certd-client/src/views/certd/monitor/cert/crud.tsx b/packages/ui/certd-client/src/views/certd/monitor/cert/crud.tsx index 19aa8c94a..0e033542c 100644 --- a/packages/ui/certd-client/src/views/certd/monitor/cert/crud.tsx +++ b/packages/ui/certd-client/src/views/certd/monitor/cert/crud.tsx @@ -351,6 +351,9 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat title: t("certd.fields.projectName"), type: "dict-select", dict: myProjectDict, + form: { + show: false, + }, }, }, }, diff --git a/packages/ui/certd-client/src/views/certd/monitor/site/crud.tsx b/packages/ui/certd-client/src/views/certd/monitor/site/crud.tsx index 15bece7e3..e5c8ebf76 100644 --- a/packages/ui/certd-client/src/views/certd/monitor/site/crud.tsx +++ b/packages/ui/certd-client/src/views/certd/monitor/site/crud.tsx @@ -813,6 +813,9 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat title: t("certd.fields.projectName"), type: "dict-select", dict: myProjectDict, + form: { + show: false, + }, }, }, }, diff --git a/packages/ui/certd-client/src/views/certd/notification/common.tsx b/packages/ui/certd-client/src/views/certd/notification/common.tsx index 24d2fdf04..a54582397 100644 --- a/packages/ui/certd-client/src/views/certd/notification/common.tsx +++ b/packages/ui/certd-client/src/views/certd/notification/common.tsx @@ -255,6 +255,9 @@ export function getCommonColumnDefine(crudExpose: any, typeRef: any, api: any) { title: t("certd.fields.projectName"), type: "dict-select", dict: myProjectDict, + form: { + show: false, + }, }, }; } diff --git a/packages/ui/certd-client/src/views/certd/open/openkey/crud.tsx b/packages/ui/certd-client/src/views/certd/open/openkey/crud.tsx index 9c4eac861..d95075cbb 100644 --- a/packages/ui/certd-client/src/views/certd/open/openkey/crud.tsx +++ b/packages/ui/certd-client/src/views/certd/open/openkey/crud.tsx @@ -173,6 +173,9 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat title: t("certd.fields.projectName"), type: "dict-select", dict: myProjectDict, + form: { + show: false, + }, }, createTime: { title: t("certd.fields.createTime"), diff --git a/packages/ui/certd-client/src/views/certd/pipeline/group/crud.tsx b/packages/ui/certd-client/src/views/certd/pipeline/group/crud.tsx index 9dae8c6b8..2ada545a5 100644 --- a/packages/ui/certd-client/src/views/certd/pipeline/group/crud.tsx +++ b/packages/ui/certd-client/src/views/certd/pipeline/group/crud.tsx @@ -140,6 +140,9 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat title: t("certd.fields.projectName"), type: "dict-select", dict: myProjectDict, + form: { + show: false, + }, }, }, }, diff --git a/packages/ui/certd-client/src/views/certd/pipeline/template/crud.tsx b/packages/ui/certd-client/src/views/certd/pipeline/template/crud.tsx index 2204e0fe8..be9c3c961 100644 --- a/packages/ui/certd-client/src/views/certd/pipeline/template/crud.tsx +++ b/packages/ui/certd-client/src/views/certd/pipeline/template/crud.tsx @@ -245,6 +245,9 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat title: t("certd.fields.projectName"), type: "dict-select", dict: myProjectDict, + form: { + show: false, + }, }, }, }, diff --git a/packages/ui/certd-server/src/controller/user/addon/addon-controller.ts b/packages/ui/certd-server/src/controller/user/addon/addon-controller.ts index 3eacd0171..641683d27 100644 --- a/packages/ui/certd-server/src/controller/user/addon/addon-controller.ts +++ b/packages/ui/certd-server/src/controller/user/addon/addon-controller.ts @@ -140,7 +140,7 @@ export class AddonController extends CrudController { const simple = await this.service.getSimpleInfo(res.id); return this.ok(simple); } - await this.authService.checkEntityUserId(this.ctx, this.service, id); + await this.authService.checkUserIdButAllowAdmin(this.ctx, this.service, id); const res = await this.service.getSimpleInfo(id); return this.ok(res); } diff --git a/packages/ui/certd-server/src/controller/user/monitor/cert-info-controller.ts b/packages/ui/certd-server/src/controller/user/monitor/cert-info-controller.ts index 054717f1a..c6dad8ef1 100644 --- a/packages/ui/certd-server/src/controller/user/monitor/cert-info-controller.ts +++ b/packages/ui/certd-server/src/controller/user/monitor/cert-info-controller.ts @@ -30,7 +30,10 @@ export class CertInfoController extends CrudController { @Post('/page', { summary: Constants.per.authOnly }) async page(@Body(ALL) body: any) { body.query = body.query ?? {}; - body.query.userId = this.getUserId(); + + const { projectId, userId } = await this.getProjectUserIdRead() + body.query.projectId = projectId + body.query.userId = userId; const domains = body.query?.domains; delete body.query.domains; @@ -76,17 +79,20 @@ export class CertInfoController extends CrudController { @Post('/list', { summary: Constants.per.authOnly }) async list(@Body(ALL) body: any) { body.query = body.query ?? {}; - body.query.userId = this.getUserId(); + const { projectId, userId } = await this.getProjectUserIdRead() + body.query.projectId = projectId + body.query.userId = userId; return await super.list(body); } @Post('/getOptionsByIds', { summary: Constants.per.authOnly }) async getOptionsByIds(@Body(ALL) body: {ids:any[]}) { - + const { projectId, userId } = await this.getProjectUserIdRead() const list = await this.service.list({ query:{ - userId: this.getUserId(), + projectId, + userId, }, buildQuery: (bq: SelectQueryBuilder) => { bq.andWhere('id in (:...ids)', { ids: body.ids }); @@ -107,33 +113,37 @@ export class CertInfoController extends CrudController { @Post('/add', { summary: Constants.per.authOnly }) async add(@Body(ALL) bean: any) { - bean.userId = this.getUserId(); + const { projectId, userId } = await this.getProjectUserIdWrite() + bean.projectId = projectId + bean.userId = userId; return await super.add(bean); } @Post('/update', { summary: Constants.per.authOnly }) async update(@Body(ALL) bean) { - await this.service.checkUserId(bean.id, this.getUserId()); + await this.checkOwner(this.service,bean.id,"write"); delete bean.userId; return await super.update(bean); } @Post('/info', { summary: Constants.per.authOnly }) async info(@Query('id') id: number) { - await this.service.checkUserId(id, this.getUserId()); + await this.checkOwner(this.service,id,"read"); return await super.info(id); } @Post('/delete', { summary: Constants.per.authOnly }) async delete(@Query('id') id: number) { - await this.service.checkUserId(id, this.getUserId()); + await this.checkOwner(this.service,id,"write"); return await super.delete(id); } @Post('/all', { summary: Constants.per.authOnly }) async all() { + const { projectId, userId } = await this.getProjectUserIdRead() const list: any = await this.service.find({ where: { - userId: this.getUserId(), + projectId, + userId, }, }); return this.ok(list); @@ -143,7 +153,7 @@ export class CertInfoController extends CrudController { @Post('/getCert', { summary: Constants.per.authOnly }) async getCert(@Query('id') id: number) { - await this.service.checkUserId(id, this.getUserId()); + await this.checkOwner(this.getService(),id,"read"); const certInfoEntity = await this.service.info(id); const certInfo = JSON.parse(certInfoEntity.certInfo); return this.ok(certInfo); @@ -151,7 +161,8 @@ export class CertInfoController extends CrudController { @Get('/download', { summary: Constants.per.authOnly }) async download(@Query('id') id: number) { - const certInfo = await this.service.info(id) + await this.checkOwner(this.getService(),id,"read"); + const certInfo = await this.getService().info(id) if (certInfo == null) { throw new CommonException('file not found'); } diff --git a/packages/ui/certd-server/src/controller/user/monitor/site-info-controller.ts b/packages/ui/certd-server/src/controller/user/monitor/site-info-controller.ts index 4ebda0274..68bbd1736 100644 --- a/packages/ui/certd-server/src/controller/user/monitor/site-info-controller.ts +++ b/packages/ui/certd-server/src/controller/user/monitor/site-info-controller.ts @@ -26,7 +26,9 @@ export class SiteInfoController extends CrudController { @Post('/page', { summary: Constants.per.authOnly }) async page(@Body(ALL) body: any) { body.query = body.query ?? {}; - body.query.userId = this.getUserId(); + const { projectId, userId } = await this.getProjectUserIdRead() + body.query.projectId = projectId + body.query.userId = userId; const certDomains = body.query.certDomains; const domain = body.query.domain; const name = body.query.name; @@ -55,13 +57,17 @@ export class SiteInfoController extends CrudController { @Post('/list', { summary: Constants.per.authOnly }) async list(@Body(ALL) body: any) { body.query = body.query ?? {}; - body.query.userId = this.getUserId(); + const { projectId, userId } = await this.getProjectUserIdRead() + body.query.projectId = projectId + body.query.userId = userId; return await super.list(body); } @Post('/add', { summary: Constants.per.authOnly }) async add(@Body(ALL) bean: any) { - bean.userId = this.getUserId(); + const { projectId, userId } = await this.getProjectUserIdWrite() + bean.projectId = projectId + bean.userId = userId; const res = await this.service.add(bean); const entity = await this.service.info(res.id); if (entity.disabled) { @@ -72,7 +78,7 @@ export class SiteInfoController extends CrudController { @Post('/update', { summary: Constants.per.authOnly }) async update(@Body(ALL) bean) { - await this.service.checkUserId(bean.id, this.getUserId()); + await this.checkOwner(this.service,bean.id,"write"); delete bean.userId; await this.service.update(bean); const entity = await this.service.info(bean.id); @@ -83,27 +89,27 @@ export class SiteInfoController extends CrudController { } @Post('/info', { summary: Constants.per.authOnly }) async info(@Query('id') id: number) { - await this.service.checkUserId(id, this.getUserId()); + await this.checkOwner(this.service,id,"read"); return await super.info(id); } @Post('/delete', { summary: Constants.per.authOnly }) async delete(@Query('id') id: number) { - await this.service.checkUserId(id, this.getUserId()); + await this.checkOwner(this.service,id,"write"); return await super.delete(id); } @Post('/batchDelete', { summary: Constants.per.authOnly }) async batchDelete(@Body(ALL) body: any) { - const userId = this.getUserId(); - await this.service.batchDelete(body.ids,userId); + const { projectId, userId } = await this.getProjectUserIdWrite() + await this.service.batchDelete(body.ids,userId,projectId); return this.ok(); } @Post('/check', { summary: Constants.per.authOnly }) async check(@Body('id') id: number) { - await this.service.checkUserId(id, this.getUserId()); + await this.checkOwner(this.service,id,"read"); await this.service.check(id, true, 0); await utils.sleep(1000); return this.ok(); @@ -111,26 +117,27 @@ export class SiteInfoController extends CrudController { @Post('/checkAll', { summary: Constants.per.authOnly }) async checkAll() { - const userId = this.getUserId(); - await this.service.checkAllByUsers(userId); + const { projectId, userId } = await this.getProjectUserIdWrite() + await this.service.checkAllByUsers(userId,projectId); return this.ok(); } @Post('/import', { summary: Constants.per.authOnly }) async doImport(@Body(ALL) body: any) { - const userId = this.getUserId(); + const { projectId, userId } = await this.getProjectUserIdWrite() await this.service.doImport({ text:body.text, groupId:body.groupId, - userId + userId, + projectId }) return this.ok(); } + @Post('/ipCheckChange', { summary: Constants.per.authOnly }) async ipCheckChange(@Body(ALL) bean: any) { - const userId = this.getUserId(); - await this.service.checkUserId(bean.id, userId) + await this.checkOwner(this.service,bean.id,"read"); await this.service.ipCheckChange({ id: bean.id, ipCheck: bean.ipCheck @@ -140,8 +147,7 @@ export class SiteInfoController extends CrudController { @Post('/disabledChange', { summary: Constants.per.authOnly }) async disabledChange(@Body(ALL) bean: any) { - const userId = this.getUserId(); - await this.service.checkUserId(bean.id, userId) + await this.checkOwner(this.service,bean.id,"write"); await this.service.disabledChange({ id: bean.id, disabled: bean.disabled @@ -151,14 +157,19 @@ export class SiteInfoController extends CrudController { @Post("/setting/get", { summary: Constants.per.authOnly }) async get() { - const userId = this.getUserId(); + const { userId } = await this.getProjectUserIdRead() const setting = await this.service.getSetting(userId) return this.ok(setting); } @Post("/setting/save", { summary: Constants.per.authOnly }) async save(@Body(ALL) bean: any) { - const userId = this.getUserId(); + const { userId } = await this.getProjectUserIdWrite() + if(userId === 0){ + if(!this.isAdmin()){ + throw new Error("仅管理员可以修改"); + } + } const setting = new UserSiteMonitorSetting(); merge(setting, bean); diff --git a/packages/ui/certd-server/src/controller/user/monitor/site-ip-controller.ts b/packages/ui/certd-server/src/controller/user/monitor/site-ip-controller.ts index 8df6ccd56..6c170884a 100644 --- a/packages/ui/certd-server/src/controller/user/monitor/site-ip-controller.ts +++ b/packages/ui/certd-server/src/controller/user/monitor/site-ip-controller.ts @@ -22,8 +22,10 @@ export class SiteInfoController extends CrudController { @Post('/page', { summary: Constants.per.authOnly }) async page(@Body(ALL) body: any) { + const { projectId, userId } = await this.getProjectUserIdRead() body.query = body.query ?? {}; - body.query.userId = this.getUserId(); + body.query.userId = userId; + body.query.projectId = projectId const res = await this.service.page({ query: body.query, page: body.page, @@ -35,13 +37,17 @@ export class SiteInfoController extends CrudController { @Post('/list', { summary: Constants.per.authOnly }) async list(@Body(ALL) body: any) { body.query = body.query ?? {}; - body.query.userId = this.getUserId(); + const { projectId, userId } = await this.getProjectUserIdRead() + body.query.userId = userId; + body.query.projectId = projectId return await super.list(body); } @Post('/add', { summary: Constants.per.authOnly }) async add(@Body(ALL) bean: any) { - bean.userId = this.getUserId(); + const { projectId, userId } = await this.getProjectUserIdWrite() + bean.userId = userId; + bean.projectId = projectId bean.from = "manual" const res = await this.service.add(bean); const siteEntity = await this.siteInfoService.info(bean.siteId); @@ -54,7 +60,7 @@ export class SiteInfoController extends CrudController { @Post('/update', { summary: Constants.per.authOnly }) async update(@Body(ALL) bean) { - await this.service.checkUserId(bean.id, this.getUserId()); + await this.checkOwner(this.service,bean.id,"write"); delete bean.userId; await this.service.update(bean); const siteEntity = await this.siteInfoService.info(bean.siteId); @@ -66,23 +72,24 @@ export class SiteInfoController extends CrudController { } @Post('/info', { summary: Constants.per.authOnly }) async info(@Query('id') id: number) { - await this.service.checkUserId(id, this.getUserId()); + await this.checkOwner(this.service,id,"read"); return await super.info(id); } @Post('/delete', { summary: Constants.per.authOnly }) async delete(@Query('id') id: number) { + await this.checkOwner(this.service,id,"write"); const entity = await this.service.info(id); - await this.service.checkUserId(id, this.getUserId()); - const res = await super.delete(id); await this.service.updateIpCount(entity.siteId) return res } + + @Post('/check', { summary: Constants.per.authOnly }) async check(@Body('id') id: number) { - await this.service.checkUserId(id, this.getUserId()); + await this.checkOwner(this.service,id,"read"); const entity = await this.service.info(id); const siteEntity = await this.siteInfoService.info(entity.siteId); const domain = siteEntity.domain; @@ -93,8 +100,7 @@ export class SiteInfoController extends CrudController { @Post('/checkAll', { summary: Constants.per.authOnly }) async checkAll(@Body('siteId') siteId: number) { - const userId = this.getUserId(); - await this.siteInfoService.checkUserId(siteId, userId); + await this.getProjectUserIdRead() const siteEntity = await this.siteInfoService.info(siteId); await this.service.syncAndCheck(siteEntity); return this.ok(); @@ -102,22 +108,20 @@ export class SiteInfoController extends CrudController { @Post('/sync', { summary: Constants.per.authOnly }) async sync(@Body('siteId') siteId: number) { - const userId = this.getUserId(); + await this.getProjectUserIdWrite() const entity = await this.siteInfoService.info(siteId) - if(entity.userId != userId){ - throw new Error('无权限') - } await this.service.sync(entity); return this.ok(); } @Post('/import', { summary: Constants.per.authOnly }) async doImport(@Body(ALL) body: any) { - const userId = this.getUserId(); + const { userId, projectId } = await this.getProjectUserIdWrite() await this.service.doImport({ text:body.text, userId, - siteId:body.siteId + siteId:body.siteId, + projectId }) return this.ok(); } diff --git a/packages/ui/certd-server/src/controller/user/pipeline/access-controller.ts b/packages/ui/certd-server/src/controller/user/pipeline/access-controller.ts index 2aa5b2bd3..be21b7e5b 100644 --- a/packages/ui/certd-server/src/controller/user/pipeline/access-controller.ts +++ b/packages/ui/certd-server/src/controller/user/pipeline/access-controller.ts @@ -102,7 +102,7 @@ export class AccessController extends CrudController { @Post('/simpleInfo', { summary: Constants.per.authOnly }) async simpleInfo(@Query('id') id: number) { - await this.authService.checkEntityUserId(this.ctx, this.service, id); + await this.authService.checkUserIdButAllowAdmin(this.ctx, this.service, id); const res = await this.service.getSimpleInfo(id); return this.ok(res); } diff --git a/packages/ui/certd-server/src/controller/user/pipeline/history-controller.ts b/packages/ui/certd-server/src/controller/user/pipeline/history-controller.ts index 7c4e10708..8cfc62b2f 100644 --- a/packages/ui/certd-server/src/controller/user/pipeline/history-controller.ts +++ b/packages/ui/certd-server/src/controller/user/pipeline/history-controller.ts @@ -159,7 +159,7 @@ export class HistoryController extends CrudController { @Post('/update', { summary: Constants.per.authOnly }) async update(@Body(ALL) bean) { - await this.checkEntityOwner(this.getService(), bean.id,"write"); + await this.checkOwner(this.getService(), bean.id,"write",true); delete bean.userId; return super.update(bean); } @@ -173,7 +173,7 @@ export class HistoryController extends CrudController { //修改 delete bean.projectId; delete bean.userId; - await this.checkEntityOwner(this.getService(), bean.id,"write"); + await this.checkOwner(this.getService(), bean.id,"write",true); } await this.service.save(bean); @@ -189,7 +189,7 @@ export class HistoryController extends CrudController { //修改 delete bean.projectId; delete bean.userId; - await this.checkEntityOwner(this.logService, bean.id,"write"); + await this.checkOwner(this.logService, bean.id,"write",true); } await this.logService.save(bean); return this.ok(bean.id); @@ -197,14 +197,14 @@ export class HistoryController extends CrudController { @Post('/delete', { summary: Constants.per.authOnly }) async delete(@Query('id') id: number) { - await this.checkEntityOwner(this.getService(), id,"write"); + await this.checkOwner(this.getService(), id,"write",true); await super.delete(id); return this.ok(); } @Post('/deleteByIds', { summary: Constants.per.authOnly }) async deleteByIds(@Body(ALL) body: any) { - let {userId} = await this.checkEntityOwner(this.getService(), body.ids,"write"); + let {userId} = await this.checkOwner(this.getService(), body.ids,"write",true); const isAdmin = await this.authService.isAdmin(this.ctx); userId = isAdmin ? null : userId; await this.getService().deleteByIds(body.ids, userId); @@ -213,14 +213,14 @@ export class HistoryController extends CrudController { @Post('/detail', { summary: Constants.per.authOnly }) async detail(@Query('id') id: number) { - await this.checkEntityOwner(this.getService(), id,"read"); + await this.checkOwner(this.getService(), id,"read",true); const detail = await this.service.detail(id); return this.ok(detail); } @Post('/logs', { summary: Constants.per.authOnly }) async logs(@Query('id') id: number) { - await this.checkEntityOwner(this.logService, id,"read"); + await this.checkOwner(this.logService, id,"read",true); const logInfo = await this.logService.info(id); return this.ok(logInfo); } diff --git a/packages/ui/certd-server/src/controller/user/pipeline/notification-controller.ts b/packages/ui/certd-server/src/controller/user/pipeline/notification-controller.ts index 2f0028577..2c063e36b 100644 --- a/packages/ui/certd-server/src/controller/user/pipeline/notification-controller.ts +++ b/packages/ui/certd-server/src/controller/user/pipeline/notification-controller.ts @@ -127,7 +127,7 @@ export class NotificationController extends CrudController const simple = await this.service.getSimpleInfo(res.id); return this.ok(simple); } - await this.authService.checkEntityUserId(this.ctx, this.service, id); + await this.authService.checkUserIdButAllowAdmin(this.ctx, this.service, id); const res = await this.service.getSimpleInfo(id); return this.ok(res); } diff --git a/packages/ui/certd-server/src/controller/user/pipeline/pipeline-controller.ts b/packages/ui/certd-server/src/controller/user/pipeline/pipeline-controller.ts index 40b49c861..7acca305c 100644 --- a/packages/ui/certd-server/src/controller/user/pipeline/pipeline-controller.ts +++ b/packages/ui/certd-server/src/controller/user/pipeline/pipeline-controller.ts @@ -95,7 +95,7 @@ export class PipelineController extends CrudController { @Post('/update', { summary: Constants.per.authOnly }) async update(@Body(ALL) bean) { - await this.checkEntityOwner(this.getService(), bean.id,"write"); + await this.checkOwner(this.getService(), bean.id,"write",true); delete bean.userId; return super.update(bean); } @@ -104,7 +104,7 @@ export class PipelineController extends CrudController { async save(@Body(ALL) bean: { addToMonitorEnabled: boolean, addToMonitorDomains: string } & PipelineEntity) { const { userId } = await this.getProjectUserIdWrite() if (bean.id > 0) { - await this.checkEntityOwner(this.getService(), bean.id,"write"); + await this.checkOwner(this.getService(), bean.id,"write",true); } else { bean.userId = userId; } @@ -131,14 +131,14 @@ export class PipelineController extends CrudController { @Post('/delete', { summary: Constants.per.authOnly }) async delete(@Query('id') id: number) { - await this.checkEntityOwner(this.getService(), id,"write"); + await this.checkOwner(this.getService(), id,"write",true); await this.service.delete(id); return this.ok({}); } @Post('/disabled', { summary: Constants.per.authOnly }) async disabled(@Body(ALL) bean) { - await this.checkEntityOwner(this.getService(), bean.id,"write"); + await this.checkOwner(this.getService(), bean.id,"write",true); delete bean.userId; await this.service.disabled(bean.id, bean.disabled); return this.ok({}); @@ -146,21 +146,21 @@ export class PipelineController extends CrudController { @Post('/detail', { summary: Constants.per.authOnly }) async detail(@Query('id') id: number) { - await this.checkEntityOwner(this.getService(), id,"read"); + await this.checkOwner(this.getService(), id,"read",true); const detail = await this.service.detail(id); return this.ok(detail); } @Post('/trigger', { summary: Constants.per.authOnly }) async trigger(@Query('id') id: number, @Query('stepId') stepId?: string) { - await this.checkEntityOwner(this.getService(), id,"write"); + await this.checkOwner(this.getService(), id,"write",true); await this.service.trigger(id, stepId, true); return this.ok({}); } @Post('/cancel', { summary: Constants.per.authOnly }) async cancel(@Query('historyId') historyId: number) { - await this.checkEntityOwner(this.historyService, historyId,"write"); + await this.checkOwner(this.historyService, historyId,"write",true); await this.service.cancel(historyId); return this.ok({}); } @@ -258,7 +258,7 @@ export class PipelineController extends CrudController { @Post('/refreshWebhookKey', { summary: Constants.per.authOnly }) async refreshWebhookKey(@Body('id') id: number) { - await this.checkEntityOwner(this.getService(), id,"write"); + await this.checkOwner(this.getService(), id,"write",true); const res = await this.service.refreshWebhookKey(id); return this.ok({ webhookKey: res, diff --git a/packages/ui/certd-server/src/controller/user/pipeline/template-controller.ts b/packages/ui/certd-server/src/controller/user/pipeline/template-controller.ts index 28f5e164a..27641589a 100644 --- a/packages/ui/certd-server/src/controller/user/pipeline/template-controller.ts +++ b/packages/ui/certd-server/src/controller/user/pipeline/template-controller.ts @@ -19,10 +19,14 @@ export class TemplateController extends CrudController { @Post('/page', { summary: Constants.per.authOnly }) async page(@Body(ALL) body) { + body.query = body.query ?? {}; delete body.query.userId; + const { projectId, userId } = await this.getProjectUserIdRead() + body.query.projectId = projectId + const buildQuery = qb => { - qb.andWhere('user_id = :userId', { userId: this.getUserId() }); + qb.andWhere('user_id = :userId', { userId: userId }); }; const res = await this.service.page({ query: body.query, @@ -36,49 +40,58 @@ export class TemplateController extends CrudController { @Post('/list', { summary: Constants.per.authOnly }) async list(@Body(ALL) body) { body.query = body.query ?? {}; - body.query.userId = this.getUserId(); + const { projectId, userId } = await this.getProjectUserIdRead() + body.query.projectId = projectId + body.query.userId = userId return super.list(body); } @Post('/add', { summary: Constants.per.authOnly }) async add(@Body(ALL) bean) { - bean.userId = this.getUserId(); + const { projectId, userId } = await this.getProjectUserIdRead() + bean.userId = userId; + bean.projectId = projectId checkPlus() return super.add(bean); } @Post('/update', { summary: Constants.per.authOnly }) async update(@Body(ALL) bean) { - await this.service.checkUserId(bean.id, this.getUserId()); + await this.checkOwner(this.service, bean.id, "write"); delete bean.userId; return super.update(bean); } @Post('/info', { summary: Constants.per.authOnly }) async info(@Query('id') id: number) { - await this.service.checkUserId(id, this.getUserId()); + await this.checkOwner(this.service, id, "read"); return super.info(id); } @Post('/delete', { summary: Constants.per.authOnly }) async delete(@Query('id') id: number) { - await this.service.batchDelete([id], this.getUserId()); + const { userId ,projectId } = await this.getProjectUserIdWrite() + await this.service.batchDelete([id], userId,projectId); return this.ok({}); } @Post('/batchDelete', { summary: Constants.per.authOnly }) async batchDelete(@Body('ids') ids: number[]) { - await this.service.batchDelete(ids, this.getUserId()); + const { userId ,projectId } = await this.getProjectUserIdWrite() + await this.service.batchDelete(ids, userId,projectId); return this.ok({}); } @Post('/detail', { summary: Constants.per.authOnly }) async detail(@Query('id') id: number) { - const detail = await this.service.detail(id, this.getUserId()); + const { userId ,projectId } = await this.getProjectUserIdRead() + const detail = await this.service.detail(id, userId,projectId); return this.ok(detail); } @Post('/createPipelineByTemplate', { summary: Constants.per.authOnly }) async createPipelineByTemplate(@Body(ALL) body: any) { - body.userId = this.getUserId(); + const { userId ,projectId } = await this.getProjectUserIdWrite() + body.userId = userId; + body.projectId = projectId checkPlus() const res = await this.service.createPipelineByTemplate(body); return this.ok(res); diff --git a/packages/ui/certd-server/src/modules/monitor/service/site-info-service.ts b/packages/ui/certd-server/src/modules/monitor/service/site-info-service.ts index e465bca13..580e2d8ef 100644 --- a/packages/ui/certd-server/src/modules/monitor/service/site-info-service.ts +++ b/packages/ui/certd-server/src/modules/monitor/service/site-info-service.ts @@ -1,7 +1,7 @@ import {Inject, Provide, Scope, ScopeEnum} from "@midwayjs/core"; import {BaseService, NeedSuiteException, NeedVIPException, SysSettingsService} from "@certd/lib-server"; import {InjectEntityModel} from "@midwayjs/typeorm"; -import {Repository} from "typeorm"; +import {In, Repository} from "typeorm"; import {SiteInfoEntity} from "../entity/site-info.js"; import {siteTester} from "./site-tester.js"; import dayjs from "dayjs"; @@ -344,12 +344,12 @@ export class SiteInfoService extends BaseService { } } - async checkAllByUsers(userId: any) { + async checkAllByUsers(userId: any,projectId?: number) { if (!userId) { throw new Error("userId is required"); } const sites = await this.repository.find({ - where: {userId} + where: {userId,projectId} }); this.checkList(sites,false); } @@ -418,7 +418,7 @@ export class SiteInfoService extends BaseService { } } - async doImport(req: { text: string; userId: number,groupId?:number }) { + async doImport(req: { text: string; userId: number,groupId?:number,projectId?:number }) { if (!req.text) { throw new Error("text is required"); } @@ -461,7 +461,8 @@ export class SiteInfoService extends BaseService { httpsPort: port, userId: req.userId, remark, - groupId: req.groupId + groupId: req.groupId, + projectId: req.projectId }); } @@ -537,4 +538,12 @@ export class SiteInfoService extends BaseService { logger.info(`站点证书检查完成[${userId??'所有用户'}]`); } + + async batchDelete(ids: number[], userId: number,projectId?:number): Promise { + await this.repository.delete({ + id: In(ids), + userId, + projectId, + }); + } } diff --git a/packages/ui/certd-server/src/modules/monitor/service/site-ip-service.ts b/packages/ui/certd-server/src/modules/monitor/service/site-ip-service.ts index 6d4eb6157..203f7da27 100644 --- a/packages/ui/certd-server/src/modules/monitor/service/site-ip-service.ts +++ b/packages/ui/certd-server/src/modules/monitor/service/site-ip-service.ts @@ -278,7 +278,7 @@ export class SiteIpService extends BaseService { }) } - async doImport(req: { text: string; userId:number, siteId:number }) { + async doImport(req: { text: string; userId:number, siteId:number,projectId?:number }) { if (!req.text) { throw new Error("text is required"); } @@ -289,7 +289,8 @@ export class SiteIpService extends BaseService { const siteEntity = await this.siteInfoRepository.findOne({ where: { id: req.siteId, - userId:req.userId + userId:req.userId, + projectId:req.projectId } }); if (!siteEntity) { @@ -311,6 +312,7 @@ export class SiteIpService extends BaseService { siteId: req.siteId, from: "import", disabled:false, + projectId: req.projectId, }); } diff --git a/packages/ui/certd-server/src/modules/pipeline/service/pipeline-service.ts b/packages/ui/certd-server/src/modules/pipeline/service/pipeline-service.ts index 6405f8891..3d8f9b2e4 100644 --- a/packages/ui/certd-server/src/modules/pipeline/service/pipeline-service.ts +++ b/packages/ui/certd-server/src/modules/pipeline/service/pipeline-service.ts @@ -756,6 +756,9 @@ export class PipelineService extends BaseService { id: pipelineId, }, }); + if(!pipelineEntity){ + return null + } return pipelineEntity.projectId; } private async saveHistory(history: RunHistory) { diff --git a/packages/ui/certd-server/src/modules/pipeline/service/template-service.ts b/packages/ui/certd-server/src/modules/pipeline/service/template-service.ts index cbf97fb08..7e5e41067 100644 --- a/packages/ui/certd-server/src/modules/pipeline/service/template-service.ts +++ b/packages/ui/certd-server/src/modules/pipeline/service/template-service.ts @@ -67,7 +67,7 @@ export class TemplateService extends BaseService { } - async detail(id: number, userId: number) { + async detail(id: number, userId: number,projectId?:number) { const info = await this.info(id) if (!info) { throw new Error('模板不存在'); @@ -75,6 +75,9 @@ export class TemplateService extends BaseService { if (info.userId !== userId) { throw new Error('无权限'); } + if (projectId && info.projectId !== projectId) { + throw new Error('无权限'); + } let pipeline = null if (info.pipelineId) { const pipelineEntity = await this.pipelineService.info(info.pipelineId); @@ -88,19 +91,22 @@ export class TemplateService extends BaseService { } } - async batchDelete(ids: number[], userId: number) { + async batchDelete(ids: number[], userId: number,projectId?:number) { const where: any = { id: In(ids), } - if (userId > 0) { + if (userId != null) { where.userId = userId } + if (projectId) { + where.projectId = projectId + } const list = await this.getRepository().find({where}) ids = list.map(item => item.id) const pipelineIds = list.map(item => item.pipelineId) await this.delete(ids); - await this.pipelineService.batchDelete(pipelineIds, userId) + await this.pipelineService.batchDelete(pipelineIds, userId, projectId) } async createPipelineByTemplate(body: PipelineEntity) { diff --git a/packages/ui/certd-server/src/modules/sys/authority/service/auth-service.ts b/packages/ui/certd-server/src/modules/sys/authority/service/auth-service.ts index 5ed4d78da..3eaa1dd4a 100644 --- a/packages/ui/certd-server/src/modules/sys/authority/service/auth-service.ts +++ b/packages/ui/certd-server/src/modules/sys/authority/service/auth-service.ts @@ -28,7 +28,7 @@ export class AuthService { } //管理员有权限查看其他用户的数据 - async checkEntityUserId(ctx: any, service: any, ids: number| number[] = null, userKey = 'userId') { + async checkUserIdButAllowAdmin(ctx: any, service: any, ids: number| number[] = null, userKey = 'userId') { const isAdmin = await this.isAdmin(ctx); if (isAdmin) { return true; @@ -36,7 +36,11 @@ export class AuthService { await service.checkUserId(ids, ctx.user.id, userKey); } - async checkEntityProjectId(service:any,ids:number| number[] = null,projectId = null){ + async checkProjectId(service:any,ids:number| number[] = null,projectId = null){ await service.checkUserId(ids, projectId , "projectId"); } + + async checkUserId(service:any,ids:number| number[] = null,userId = null){ + await service.checkUserId(ids, userId , "userId"); + } }