diff --git a/packages/core/pipeline/src/plugin/api.ts b/packages/core/pipeline/src/plugin/api.ts index 27f06be7c..d4c837577 100644 --- a/packages/core/pipeline/src/plugin/api.ts +++ b/packages/core/pipeline/src/plugin/api.ts @@ -18,6 +18,7 @@ export type PluginRequestHandleReq = { input: T; data: any; record: { id: number; type: string; title: string }; + fromType?: "sys" | "user"; // sys、user }; export type UserInfo = { diff --git a/packages/ui/certd-client/src/components/plugins/common/api-test.vue b/packages/ui/certd-client/src/components/plugins/common/api-test.vue index 4a129a4b8..864e1c2a4 100644 --- a/packages/ui/certd-client/src/components/plugins/common/api-test.vue +++ b/packages/ui/certd-client/src/components/plugins/common/api-test.vue @@ -19,6 +19,7 @@ defineOptions({ name: "ApiTest", }); +const fromType: any = inject("getFromType"); const getScope: any = inject("get:scope"); const getPluginType: any = inject("get:plugin:type", () => { return "access"; @@ -55,6 +56,7 @@ const doTest = async () => { action: props.action, input, record, + fromType, }, { onError(err: any) { diff --git a/packages/ui/certd-client/src/components/plugins/lib/index.ts b/packages/ui/certd-client/src/components/plugins/lib/index.ts index bf1086ce2..cc941e41a 100644 --- a/packages/ui/certd-client/src/components/plugins/lib/index.ts +++ b/packages/ui/certd-client/src/components/plugins/lib/index.ts @@ -13,11 +13,12 @@ export type RequestHandleReq = { data?: any; input: T; record?: any; + fromType?: string; // sys、user }; export async function doRequest(req: RequestHandleReq, opts: any = {}) { const url = `/pi/handle/${req.type}`; - const { typeName, action, data, input, record } = req; + const { typeName, action, data, input, record, fromType } = req; const res = await request({ url, method: "post", @@ -27,6 +28,7 @@ export async function doRequest(req: RequestHandleReq, opts: any = {}) { data, input, record, + fromType, }, ...opts, }); diff --git a/packages/ui/certd-client/src/views/certd/access/api.ts b/packages/ui/certd-client/src/views/certd/access/api.ts index 9d81c0c1d..c76f0ced7 100644 --- a/packages/ui/certd-client/src/views/certd/access/api.ts +++ b/packages/ui/certd-client/src/views/certd/access/api.ts @@ -3,6 +3,7 @@ import { request } from "/src/api/service"; export function createAccessApi(from = "user") { const apiPrefix = from === "sys" ? "/sys/access" : "/pi/access"; return { + from, async GetList(query: any) { if (query?.query) { delete query.query.access; diff --git a/packages/ui/certd-client/src/views/certd/access/common.tsx b/packages/ui/certd-client/src/views/certd/access/common.tsx index 2d232714d..ed158a7e8 100644 --- a/packages/ui/certd-client/src/views/certd/access/common.tsx +++ b/packages/ui/certd-client/src/views/certd/access/common.tsx @@ -6,6 +6,7 @@ import SecretPlainGetter from "/@/views/certd/access/access-selector/access/secr import { utils } from "/@/utils"; export function getCommonColumnDefine(crudExpose: any, typeRef: any, api: any) { + provide("getFromType", api.from); provide("accessApi", api); provide("get:plugin:type", () => { return "access"; diff --git a/packages/ui/certd-client/src/views/sys/cname/provider/crud.tsx b/packages/ui/certd-client/src/views/sys/cname/provider/crud.tsx index 025a168bb..6cd29a7ec 100644 --- a/packages/ui/certd-client/src/views/sys/cname/provider/crud.tsx +++ b/packages/ui/certd-client/src/views/sys/cname/provider/crud.tsx @@ -122,7 +122,7 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat title: t("certd.dnsProviderAuthorization"), type: "dict-select", dict: dict({ - url: "/pi/access/list", + url: "/sys/access/list", value: "id", label: "name", }), @@ -133,6 +133,7 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat type: compute(({ form }) => { return form.dnsProviderType; }), + from: "sys", }, rules: [{ required: true, message: t("certd.requiredField") }], }, diff --git a/packages/ui/certd-server/src/controller/user/pipeline/handle-controller.ts b/packages/ui/certd-server/src/controller/user/pipeline/handle-controller.ts index de0ffb8d3..e6393cd62 100644 --- a/packages/ui/certd-server/src/controller/user/pipeline/handle-controller.ts +++ b/packages/ui/certd-server/src/controller/user/pipeline/handle-controller.ts @@ -17,6 +17,7 @@ import {NotificationService} from '../../../modules/pipeline/service/notificatio import {TaskServiceBuilder} from "../../../modules/pipeline/service/getter/task-service-getter.js"; import { cloneDeep } from 'lodash-es'; import { ApiTags } from '@midwayjs/swagger'; +import { AuthService } from '../../../modules/sys/authority/service/auth-service.js'; @Provide() @Controller('/api/pi/handle') @@ -28,6 +29,9 @@ export class HandleController extends BaseController { @Inject() emailService: EmailService; + @Inject() + authService: AuthService; + @Inject() taskServiceBuilder: TaskServiceBuilder; @@ -36,16 +40,26 @@ export class HandleController extends BaseController { @Post('/access', { description: Constants.per.authOnly, summary: "处理授权请求" }) async accessRequest(@Body(ALL) body: AccessRequestHandleReq) { - const {projectId,userId} = await this.getProjectUserIdRead() + let {projectId,userId} = await this.getProjectUserIdRead() + if (body.fromType === 'sys') { + //系统级别的请求 + const pass = await this.authService.checkPermission(this.ctx, "sys:settings:view"); + if (!pass) { + throw new Error('权限不足'); + } + projectId = null + userId = 0 + } + let inputAccess = body.input; if (body.record.id > 0) { const oldEntity = await this.accessService.info(body.record.id); if (oldEntity) { - if (oldEntity.userId !== userId) { - throw new Error('access not found'); + if (oldEntity.userId !== userId && oldEntity.userId !== this.getUserId()) { + throw new Error('您没有权限使用该授权'); } if (oldEntity.projectId && oldEntity.projectId !== projectId) { - throw new Error('access not found'); + throw new Error('您没有权限使用该授权(projectId不匹配)'); } const param: any = { type: body.typeName,