Merge pull request #263 from TencentBlueKing/develop

v1.12.8

pkg/abac/pap/department.go

@@ -157,14 +157,14 @@ func (c *departmentController) BulkDelete(subjectIDs []string) error {
 func convertToServiceSubjectDepartments(subjectDepartments []SubjectDepartment) ([]types.SubjectDepartment, error) {
 	serviceSubjectDepartments := make([]types.SubjectDepartment, 0, len(subjectDepartments))
 	for _, subjectDepartment := range subjectDepartments {
-		subjectPK, err := cacheimpls.GetSubjectPK(types.UserType, subjectDepartment.SubjectID)
+		subjectPK, err := cacheimpls.GetLocalSubjectPK(types.UserType, subjectDepartment.SubjectID)
 		if err != nil {
 			return nil, err
 		}
 
 		departmentPKs := make([]int64, 0, len(subjectDepartment.DepartmentIDs))
 		for _, departmentID := range subjectDepartment.DepartmentIDs {
-			departmentPK, err := cacheimpls.GetSubjectPK(types.DepartmentType, departmentID)
+			departmentPK, err := cacheimpls.GetLocalSubjectPK(types.DepartmentType, departmentID)
 			if err != nil {
 				// 兼容不存在的情况
 				if errors.Is(err, sql.ErrNoRows) {

pkg/abac/pap/department_test.go

@@ -117,7 +117,7 @@ var _ = Describe("DepartmentController", func() {
 				errors.New("error"),
 			).AnyTimes()
 
-			patches := gomonkey.ApplyFunc(cacheimpls.GetSubjectPK, func(_type, id string) (pk int64, err error) {
+			patches := gomonkey.ApplyFunc(cacheimpls.GetLocalSubjectPK, func(_type, id string) (pk int64, err error) {
 				switch id {
 				case "1":
 					return int64(1), nil
@@ -151,7 +151,7 @@ var _ = Describe("DepartmentController", func() {
 				nil,
 			).AnyTimes()
 
-			patches := gomonkey.ApplyFunc(cacheimpls.GetSubjectPK, func(_type, id string) (pk int64, err error) {
+			patches := gomonkey.ApplyFunc(cacheimpls.GetLocalSubjectPK, func(_type, id string) (pk int64, err error) {
 				switch id {
 				case "1":
 					return int64(1), nil
@@ -194,7 +194,7 @@ var _ = Describe("DepartmentController", func() {
 				errors.New("error"),
 			).AnyTimes()
 
-			patches := gomonkey.ApplyFunc(cacheimpls.GetSubjectPK, func(_type, id string) (pk int64, err error) {
+			patches := gomonkey.ApplyFunc(cacheimpls.GetLocalSubjectPK, func(_type, id string) (pk int64, err error) {
 				switch id {
 				case "1":
 					return int64(1), nil
@@ -228,7 +228,7 @@ var _ = Describe("DepartmentController", func() {
 				nil,
 			).AnyTimes()
 
-			patches := gomonkey.ApplyFunc(cacheimpls.GetSubjectPK, func(_type, id string) (pk int64, err error) {
+			patches := gomonkey.ApplyFunc(cacheimpls.GetLocalSubjectPK, func(_type, id string) (pk int64, err error) {
 				switch id {
 				case "1":
 					return int64(1), nil

pkg/abac/pap/group.go

@@ -85,9 +85,9 @@ func (c *groupController) GetSubjectGroupCountBeforeExpiredAt(
 	expiredAt int64,
 ) (count int64, err error) {
 	errorWrapf := errorx.NewLayerFunctionErrorWrapf(GroupCTL, "GetSubjectGroupCountBeforeExpiredAt")
-	subjectPK, err := cacheimpls.GetSubjectPK(_type, id)
+	subjectPK, err := cacheimpls.GetLocalSubjectPK(_type, id)
 	if err != nil {
-		return 0, errorWrapf(err, "cacheimpls.GetSubjectPK _type=`%s`, id=`%s` fail", _type, id)
+		return 0, errorWrapf(err, "cacheimpls.GetLocalSubjectPK _type=`%s`, id=`%s` fail", _type, id)
 	}
 
 	count, err = c.service.GetSubjectGroupCountBeforeExpiredAt(subjectPK, expiredAt)
@@ -110,9 +110,9 @@ func (c *groupController) GetSubjectSystemGroupCountBeforeExpiredAt(
 	expiredAt int64,
 ) (count int64, err error) {
 	errorWrapf := errorx.NewLayerFunctionErrorWrapf(GroupCTL, "GetSubjectSystemGroupCountBeforeExpiredAt")
-	subjectPK, err := cacheimpls.GetSubjectPK(_type, id)
+	subjectPK, err := cacheimpls.GetLocalSubjectPK(_type, id)
 	if err != nil {
-		return 0, errorWrapf(err, "cacheimpls.GetSubjectPK _type=`%s`, id=`%s` fail", _type, id)
+		return 0, errorWrapf(err, "cacheimpls.GetLocalSubjectPK _type=`%s`, id=`%s` fail", _type, id)
 	}
 
 	count, err = c.service.GetSubjectSystemGroupCountBeforeExpiredAt(subjectPK, systemID, expiredAt)
@@ -257,9 +257,9 @@ func (c *groupController) ListPagingSubjectGroups(
 	beforeExpiredAt, limit, offset int64,
 ) ([]SubjectGroup, error) {
 	errorWrapf := errorx.NewLayerFunctionErrorWrapf(GroupCTL, "ListPagingSubjectGroups")
-	subjectPK, err := cacheimpls.GetSubjectPK(_type, id)
+	subjectPK, err := cacheimpls.GetLocalSubjectPK(_type, id)
 	if err != nil {
-		return nil, errorWrapf(err, "cacheimpls.GetSubjectPK _type=`%s`, id=`%s` fail", _type, id)
+		return nil, errorWrapf(err, "cacheimpls.GetLocalSubjectPK _type=`%s`, id=`%s` fail", _type, id)
 	}
 
 	svcSubjectGroups, err := c.service.ListPagingSubjectGroups(subjectPK, beforeExpiredAt, limit, offset)
@@ -285,9 +285,9 @@ func (c *groupController) ListPagingSubjectSystemGroups(
 	beforeExpiredAt, limit, offset int64,
 ) ([]SubjectGroup, error) {
 	errorWrapf := errorx.NewLayerFunctionErrorWrapf(GroupCTL, "ListPagingSubjectSystemGroups")
-	subjectPK, err := cacheimpls.GetSubjectPK(_type, id)
+	subjectPK, err := cacheimpls.GetLocalSubjectPK(_type, id)
 	if err != nil {
-		return nil, errorWrapf(err, "cacheimpls.GetSubjectPK _type=`%s`, id=`%s` fail", _type, id)
+		return nil, errorWrapf(err, "cacheimpls.GetLocalSubjectPK _type=`%s`, id=`%s` fail", _type, id)
 	}
 
 	svcSubjectGroups, err := c.service.ListPagingSubjectSystemGroups(
@@ -316,9 +316,9 @@ func (c *groupController) ListPagingSubjectSystemGroups(
 // GetGroupMemberCount ...
 func (c *groupController) GetGroupMemberCount(_type, id string) (int64, error) {
 	errorWrapf := errorx.NewLayerFunctionErrorWrapf(GroupCTL, "GetGroupMemberCount")
-	groupPK, err := cacheimpls.GetSubjectPK(_type, id)
+	groupPK, err := cacheimpls.GetLocalSubjectPK(_type, id)
 	if err != nil {
-		return 0, errorWrapf(err, "cacheimpls.GetSubjectPK _type=`%s`, id=`%s` fail", _type, id)
+		return 0, errorWrapf(err, "cacheimpls.GetLocalSubjectPK _type=`%s`, id=`%s` fail", _type, id)
 	}
 
 	count, err := c.service.GetGroupMemberCount(groupPK)
@@ -332,9 +332,9 @@ func (c *groupController) GetGroupMemberCount(_type, id string) (int64, error) {
 // ListPagingGroupMember ...
 func (c *groupController) ListPagingGroupMember(_type, id string, limit, offset int64) ([]GroupMember, error) {
 	errorWrapf := errorx.NewLayerFunctionErrorWrapf(GroupCTL, "ListPagingGroupMember")
-	groupPK, err := cacheimpls.GetSubjectPK(_type, id)
+	groupPK, err := cacheimpls.GetLocalSubjectPK(_type, id)
 	if err != nil {
-		return nil, errorWrapf(err, "cacheimpls.GetSubjectPK _type=`%s`, id=`%s` fail", _type, id)
+		return nil, errorWrapf(err, "cacheimpls.GetLocalSubjectPK _type=`%s`, id=`%s` fail", _type, id)
 	}
 
 	svcMembers, err := c.service.ListPagingGroupMember(groupPK, limit, offset)
@@ -379,9 +379,9 @@ func (c *groupController) ListPagingGroupSubjectBeforeExpiredAt(
 // GetGroupMemberCountBeforeExpiredAt ...
 func (c *groupController) GetGroupMemberCountBeforeExpiredAt(_type, id string, expiredAt int64) (int64, error) {
 	errorWrapf := errorx.NewLayerFunctionErrorWrapf(GroupCTL, "GetGroupMemberCountBeforeExpiredAt")
-	groupPK, err := cacheimpls.GetSubjectPK(_type, id)
+	groupPK, err := cacheimpls.GetLocalSubjectPK(_type, id)
 	if err != nil {
-		return 0, errorWrapf(err, "cacheimpls.GetSubjectPK _type=`%s`, id=`%s` fail", _type, id)
+		return 0, errorWrapf(err, "cacheimpls.GetLocalSubjectPK _type=`%s`, id=`%s` fail", _type, id)
 	}
 
 	count, err := c.service.GetGroupMemberCountBeforeExpiredAt(groupPK, expiredAt)
@@ -400,9 +400,9 @@ func (c *groupController) ListPagingGroupMemberBeforeExpiredAt(
 	_type, id string, expiredAt int64, limit, offset int64,
 ) ([]GroupMember, error) {
 	errorWrapf := errorx.NewLayerFunctionErrorWrapf(GroupCTL, "ListPagingGroupMemberBeforeExpiredAt")
-	groupPK, err := cacheimpls.GetSubjectPK(_type, id)
+	groupPK, err := cacheimpls.GetLocalSubjectPK(_type, id)
 	if err != nil {
-		return nil, errorWrapf(err, "cacheimpls.GetSubjectPK _type=`%s`, id=`%s` fail", _type, id)
+		return nil, errorWrapf(err, "cacheimpls.GetLocalSubjectPK _type=`%s`, id=`%s` fail", _type, id)
 	}
 
 	svcMembers, err := c.service.ListPagingGroupMemberBeforeExpiredAt(groupPK, expiredAt, limit, offset)
@@ -439,9 +439,9 @@ func (c *groupController) alterGroupMembers(
 	createIfNotExists bool,
 ) (typeCount map[string]int64, err error) {
 	errorWrapf := errorx.NewLayerFunctionErrorWrapf(GroupCTL, "alterGroupMembers")
-	groupPK, err := cacheimpls.GetSubjectPK(_type, id)
+	groupPK, err := cacheimpls.GetLocalSubjectPK(_type, id)
 	if err != nil {
-		return nil, errorWrapf(err, "cacheimpls.GetSubjectPK _type=`%s`, id=`%s` fail", _type, id)
+		return nil, errorWrapf(err, "cacheimpls.GetLocalSubjectPK _type=`%s`, id=`%s` fail", _type, id)
 	}
 
 	relations, err := c.service.ListGroupMember(groupPK)
@@ -471,9 +471,9 @@ func (c *groupController) alterGroupMembers(
 	}
 
 	for _, m := range members {
-		subjectPK, err := cacheimpls.GetSubjectPK(m.Type, m.ID)
+		subjectPK, err := cacheimpls.GetLocalSubjectPK(m.Type, m.ID)
 		if err != nil {
-			return nil, errorWrapf(err, "cacheimpls.GetSubjectPK _type=`%s`, id=`%s` fail", m.Type, m.ID)
+			return nil, errorWrapf(err, "cacheimpls.GetLocalSubjectPK _type=`%s`, id=`%s` fail", m.Type, m.ID)
 		}
 
 		// member已存在则不再添加
@@ -563,9 +563,9 @@ func (c *groupController) DeleteGroupMembers(
 	userPKs := make([]int64, 0, len(members))
 	departmentPKs := make([]int64, 0, len(members))
 	for _, m := range members {
-		pk, err := cacheimpls.GetSubjectPK(m.Type, m.ID)
+		pk, err := cacheimpls.GetLocalSubjectPK(m.Type, m.ID)
 		if err != nil {
-			return nil, errorWrapf(err, "cacheimpls.GetSubjectPK _type=`%s`, id=`%s` fail", m.Type, m.ID)
+			return nil, errorWrapf(err, "cacheimpls.GetLocalSubjectPK _type=`%s`, id=`%s` fail", m.Type, m.ID)
 		}
 
 		if m.Type == types.UserType {
@@ -575,9 +575,9 @@ func (c *groupController) DeleteGroupMembers(
 		}
 	}
 
-	groupPK, err := cacheimpls.GetSubjectPK(_type, id)
+	groupPK, err := cacheimpls.GetLocalSubjectPK(_type, id)
 	if err != nil {
-		return nil, errorWrapf(err, "cacheimpls.GetSubjectPK _type=`%s`, id=`%s` fail", _type, id)
+		return nil, errorWrapf(err, "cacheimpls.GetLocalSubjectPK _type=`%s`, id=`%s` fail", _type, id)
 	}
 
 	typeCount, err = c.service.BulkDeleteGroupMembers(groupPK, userPKs, departmentPKs)

pkg/abac/pap/group_test.go

@@ -37,7 +37,7 @@ var _ = Describe("GroupController", func() {
 		BeforeEach(func() {
 			ctl = gomock.NewController(GinkgoT())
 
-			patches = gomonkey.ApplyFunc(cacheimpls.GetSubjectPK, func(_type, id string) (pk int64, err error) {
+			patches = gomonkey.ApplyFunc(cacheimpls.GetLocalSubjectPK, func(_type, id string) (pk int64, err error) {
 				switch id {
 				case "1":
 					return int64(1), nil
@@ -281,7 +281,7 @@ var _ = Describe("GroupController", func() {
 		BeforeEach(func() {
 			ctl = gomock.NewController(GinkgoT())
 
-			patches = gomonkey.ApplyFunc(cacheimpls.GetSubjectPK, func(_type, id string) (pk int64, err error) {
+			patches = gomonkey.ApplyFunc(cacheimpls.GetLocalSubjectPK, func(_type, id string) (pk int64, err error) {
 				switch id {
 				case "1":
 					return int64(1), nil

pkg/api/debug/handler/cache.go

@@ -39,7 +39,7 @@ func QueryPolicyCache(c *gin.Context) {
 		return
 	}
 
-	subjectPK, err := cacheimpls.GetSubjectPK(body.SubjectType, body.SubjectID)
+	subjectPK, err := cacheimpls.GetLocalSubjectPK(body.SubjectType, body.SubjectID)
 	if err != nil {
 		util.SystemErrorJSONResponse(c, err)
 		return

pkg/api/debug/handler/query.go

@@ -90,7 +90,7 @@ func QuerySubjects(c *gin.Context) {
 		"type": body.Type,
 		"id":   body.ID,
 	}
-	pk, err := cacheimpls.GetSubjectPK(body.Type, body.ID)
+	pk, err := cacheimpls.GetLocalSubjectPK(body.Type, body.ID)
 	if err != nil {
 		util.SystemErrorJSONResponse(c, err)
 		return

pkg/api/model/handler/action.go

@@ -188,6 +188,9 @@ func UpdateAction(c *gin.Context) {
 	if _, ok := data["type"]; ok {
 		allowEmptyFields.AddKey("Type")
 	}
+	if _, ok := data["hidden"]; ok {
+		allowEmptyFields.AddKey("Hidden")
+	}
 	if _, ok := data["related_resource_types"]; ok {
 		allowEmptyFields.AddKey("RelatedResourceTypes")
 	}
@@ -216,6 +219,7 @@ func UpdateAction(c *gin.Context) {
 		Version:              body.Version,
 		AuthType:             body.AuthType,
 		Type:                 body.Type,
+		Hidden:               body.Hidden,
 		RelatedResourceTypes: convertToRelatedResourceTypes(body.RelatedResourceTypes),
 		RelatedActions:       body.RelatedActions,
 		RelatedEnvironments:  convertToRelatedEnvironments(body.RelatedEnvironments),

pkg/api/model/handler/action_slz.go

@@ -73,6 +73,7 @@ type actionUpdateSerializer struct {
 
 	AuthType string `json:"auth_type" binding:"omitempty,oneof=rbac abac" example:"abac"`
 	Type     string `json:"type" binding:"omitempty,oneof=create edit view delete list manage execute debug use"`
+	Hidden   bool   `json:"hidden" binding:"omitempty" example:"false"`
 
 	RelatedResourceTypes []relatedResourceType `json:"related_resource_types"`
 	RelatedActions       []string              `json:"related_actions"`

pkg/cacheimpls/local_subject_role.go

@@ -45,7 +45,7 @@ func (k SubjectRoleCacheKey) Key() string {
 func retrieveSubjectRole(key cache.Key) (interface{}, error) {
 	k := key.(SubjectRoleCacheKey)
 
-	pk, err := GetSubjectPK(k.SubjectType, k.SubjectID)
+	pk, err := GetLocalSubjectPK(k.SubjectType, k.SubjectID)
 
 	// 如果用户不存在, 表现为没有任何一个系统的特殊角色
 	if errors.Is(err, sql.ErrNoRows) {

pkg/service/action.go

@@ -473,6 +473,9 @@ func (l *actionService) Update(system, actionID string, action types.Action) err
 	if action.AllowEmptyFields.HasKey("Type") {
 		allowBlank.AddKey("Type")
 	}
+	if action.AllowEmptyFields.HasKey("Hidden") {
+		allowBlank.AddKey("Hidden")
+	}
 	if action.AllowEmptyFields.HasKey("Description") {
 		allowBlank.AddKey("Description")
 	}
@@ -513,6 +516,7 @@ func (l *actionService) Update(system, actionID string, action types.Action) err
 		Sensitivity:         action.Sensitivity,
 		AuthType:            action.AuthType,
 		Type:                action.Type,
+		Hidden:              action.Hidden,
 		Version:             action.Version,
 		RelatedActions:      relatedActions,
 		RelatedEnvironments: relatedEnvironments,