fix: cname provider授权修改为sys级别

2026-04-03 14:10:54 +08:00 · 2026-03-16 23:27:24 +08:00
parent 5eb4aa3a0e
commit d01bfbec96
7 changed files with 28 additions and 6 deletions
--- a/packages/core/pipeline/src/plugin/api.ts
+++ b/packages/core/pipeline/src/plugin/api.ts
@@ -18,6 +18,7 @@ export type PluginRequestHandleReq<T = any> = {
  input: T;
  data: any;
  record: { id: number; type: string; title: string };
+  fromType?: "sys" | "user"; // sys、user
 };

 export type UserInfo = {
--- a/packages/ui/certd-client/src/components/plugins/common/api-test.vue
+++ b/packages/ui/certd-client/src/components/plugins/common/api-test.vue
@@ -19,6 +19,7 @@ defineOptions({
  name: "ApiTest",
 });

+const fromType: any = inject("getFromType");
 const getScope: any = inject("get:scope");
 const getPluginType: any = inject("get:plugin:type", () => {
  return "access";
@@ -55,6 +56,7 @@ const doTest = async () => {
        action: props.action,
        input,
        record,
+        fromType,
      },
      {
        onError(err: any) {
--- a/packages/ui/certd-client/src/components/plugins/lib/index.ts
+++ b/packages/ui/certd-client/src/components/plugins/lib/index.ts
@@ -13,11 +13,12 @@ export type RequestHandleReq<T = any> = {
  data?: any;
  input: T;
  record?: any;
+  fromType?: string; // sys、user
 };

 export async function doRequest(req: RequestHandleReq, opts: any = {}) {
  const url = `/pi/handle/${req.type}`;
-  const { typeName, action, data, input, record } = req;
+  const { typeName, action, data, input, record, fromType } = req;
  const res = await request({
    url,
    method: "post",
@@ -27,6 +28,7 @@ export async function doRequest(req: RequestHandleReq, opts: any = {}) {
      data,
      input,
      record,
+      fromType,
    },
    ...opts,
  });
--- a/packages/ui/certd-client/src/views/certd/access/api.ts
+++ b/packages/ui/certd-client/src/views/certd/access/api.ts
@@ -3,6 +3,7 @@ import { request } from "/src/api/service";
 export function createAccessApi(from = "user") {
  const apiPrefix = from === "sys" ? "/sys/access" : "/pi/access";
  return {
+    from,
    async GetList(query: any) {
      if (query?.query) {
        delete query.query.access;
--- a/packages/ui/certd-client/src/views/certd/access/common.tsx
+++ b/packages/ui/certd-client/src/views/certd/access/common.tsx
@@ -6,6 +6,7 @@ import SecretPlainGetter from "/@/views/certd/access/access-selector/access/secr
 import { utils } from "/@/utils";

 export function getCommonColumnDefine(crudExpose: any, typeRef: any, api: any) {
+  provide("getFromType", api.from);
  provide("accessApi", api);
  provide("get:plugin:type", () => {
    return "access";
--- a/packages/ui/certd-client/src/views/sys/cname/provider/crud.tsx
+++ b/packages/ui/certd-client/src/views/sys/cname/provider/crud.tsx
@@ -122,7 +122,7 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
          title: t("certd.dnsProviderAuthorization"),
          type: "dict-select",
          dict: dict({
-            url: "/pi/access/list",
+            url: "/sys/access/list",
            value: "id",
            label: "name",
          }),
@@ -133,6 +133,7 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
              type: compute(({ form }) => {
                return form.dnsProviderType;
              }),
+              from: "sys",
            },
            rules: [{ required: true, message: t("certd.requiredField") }],
          },
--- a/packages/ui/certd-server/src/controller/user/pipeline/handle-controller.ts
+++ b/packages/ui/certd-server/src/controller/user/pipeline/handle-controller.ts
@@ -17,6 +17,7 @@ import {NotificationService} from '../../../modules/pipeline/service/notificatio
 import {TaskServiceBuilder} from "../../../modules/pipeline/service/getter/task-service-getter.js";
 import { cloneDeep } from 'lodash-es';
 import { ApiTags } from '@midwayjs/swagger';
+import { AuthService } from '../../../modules/sys/authority/service/auth-service.js';

@Provide()
@Controller('/api/pi/handle')
@@ -28,6 +29,9 @@ export class HandleController extends BaseController {
  @Inject()
  emailService: EmailService;

+  @Inject()
+  authService: AuthService;
+
  @Inject()
  taskServiceBuilder: TaskServiceBuilder;

@@ -36,16 +40,26 @@ export class HandleController extends BaseController {

  @Post('/access', { description: Constants.per.authOnly, summary: "处理授权请求" })
  async accessRequest(@Body(ALL) body: AccessRequestHandleReq) {
-    const {projectId,userId} = await this.getProjectUserIdRead()
+    let {projectId,userId} = await this.getProjectUserIdRead()
+    if (body.fromType === 'sys') {
+      //系统级别的请求
+      const pass = await this.authService.checkPermission(this.ctx, "sys:settings:view");
+      if (!pass) {
+        throw new Error('权限不足');
+      }
+      projectId = null
+      userId = 0
+    }
+   
    let inputAccess = body.input;
    if (body.record.id > 0) {
      const oldEntity = await this.accessService.info(body.record.id);
      if (oldEntity) {
-        if (oldEntity.userId !== userId) {
-          throw new Error('access not found');
+        if (oldEntity.userId !== userId && oldEntity.userId !== this.getUserId()) {
+          throw new Error('您没有权限使用该授权');
        }
        if (oldEntity.projectId && oldEntity.projectId !== projectId) {
-          throw new Error('access not found');
+          throw new Error('您没有权限使用该授权（projectId不匹配）');
        }
        const param: any = {
          type: body.typeName,