check permission add project and app name (#3038)

kakj-go · recallsong · web-flow · commit 29ae6b2c2f4e · 2021-11-16T10:14:06.000+08:00
* shared http transport (#3014) * shared http transport * disable connection pool * not permission return project name and app name Co-authored-by: RecallSong <13607438+recallsong@users.noreply.github.com>
diff --git a/apistructs/permission.go b/apistructs/permission.go
@@ -172,7 +172,13 @@ type PermissionList struct {
 	Exist bool `json:"exist"`
 
 	// 无权限（access=false）时，该字段返回联系人 ID 列表，例如无应用权限时，返回应用管理员列表
-	ContactsWhenNoPermission []string `json:"contactsWhenNoPermission,omitempty"`
+	ContactsWhenNoPermission []string   `json:"contactsWhenNoPermission,omitempty"`
+	ScopeInfo                *ScopeInfo `json:"scopeInfo"`
+}
+
+type ScopeInfo struct {
+	ProjectName string `json:"projectName"`
+	AppName     string `json:"appName"`
 }
 
 // PermissionListResponse 权限列表响应信息
diff --git a/modules/core-services/endpoints/permission.go b/modules/core-services/endpoints/permission.go
@@ -203,11 +203,51 @@ func (e *Endpoints) ScopeRoleAccess(ctx context.Context, r *http.Request, vars m
 		for _, mem := range members {
 			permission.ContactsWhenNoPermission = append(permission.ContactsWhenNoPermission, mem.UserID)
 		}
+
+		permission, err = e.buildScopeInfo(accessReq, permission)
+		if err != nil {
+			return apierrors.ErrAccessPermission.InternalError(err).ToResp(), nil
+		}
 	}
 
 	return httpserver.OkResp(permission, permission.ContactsWhenNoPermission)
 }
 
+func (e *Endpoints) buildScopeInfo(accessReq apistructs.ScopeRoleAccessRequest, permission apistructs.PermissionList) (apistructs.PermissionList, error) {
+	queryScopeType := accessReq.Scope.Type
+	queryScopeID, err := strconv.ParseInt(accessReq.Scope.ID, 10, 64)
+	if err != nil {
+		return permission, err
+	}
+
+	// point appName
+	if queryScopeType == "app" {
+		app, err := e.app.Get(queryScopeID)
+		if err != nil {
+			return permission, err
+		}
+		if permission.ScopeInfo == nil {
+			permission.ScopeInfo = &apistructs.ScopeInfo{}
+		}
+		permission.ScopeInfo.AppName = app.Name
+		queryScopeType = "project"
+		queryScopeID = app.ProjectID
+	}
+
+	// point projectName
+	if queryScopeType == "project" {
+		project, err := e.project.GetModelProject(queryScopeID)
+		if err != nil {
+			return permission, err
+		}
+		if permission.ScopeInfo == nil {
+			permission.ScopeInfo = &apistructs.ScopeInfo{}
+		}
+		permission.ScopeInfo.ProjectName = project.DisplayName
+	}
+	return permission, nil
+}
+
 // 获取权限
 func (e *Endpoints) getPermission(userID string, scopeType apistructs.ScopeType, scopeID int64) (apistructs.ScopeRole, error) {
 	// 若为系统管理员 & 查询系统范围权限，则返回true；若系统管理员查询企业/项目/应用等，应返回false
diff --git a/modules/core-services/endpoints/permission_test.go b/modules/core-services/endpoints/permission_test.go
@@ -0,0 +1,95 @@
+// Copyright (c) 2021 Terminus, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package endpoints
+
+import (
+	"reflect"
+	"testing"
+
+	"bou.ke/monkey"
+
+	"github.com/erda-project/erda/apistructs"
+	"github.com/erda-project/erda/modules/core-services/model"
+	"github.com/erda-project/erda/modules/core-services/services/application"
+	"github.com/erda-project/erda/modules/core-services/services/project"
+)
+
+func TestEndpoints_buildScopeInfo(t *testing.T) {
+	type args struct {
+		accessReq  apistructs.ScopeRoleAccessRequest
+		permission apistructs.PermissionList
+	}
+	tests := []struct {
+		name    string
+		args    args
+		want    apistructs.PermissionList
+		wantErr bool
+	}{
+		{
+			name: "test_app_name",
+			args: args{
+				accessReq: apistructs.ScopeRoleAccessRequest{
+					Scope: apistructs.Scope{
+						Type: "app",
+						ID:   "1",
+					},
+				},
+				permission: apistructs.PermissionList{},
+			},
+			want: apistructs.PermissionList{
+				ScopeInfo: &apistructs.ScopeInfo{
+					ProjectName: "test",
+					AppName:     "test",
+				},
+			},
+			wantErr: false,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			e := &Endpoints{}
+
+			var app = &application.Application{}
+
+			patch1 := monkey.PatchInstanceMethod(reflect.TypeOf(app), "Get", func(app *application.Application, applicationID int64) (*model.Application, error) {
+				return &model.Application{
+					Name:      "test",
+					ProjectID: 1,
+				}, nil
+			})
+			defer patch1.Unpatch()
+
+			var pj = &project.Project{}
+			patch2 := monkey.PatchInstanceMethod(reflect.TypeOf(pj), "GetModelProject", func(project *project.Project, projectID int64) (*model.Project, error) {
+				return &model.Project{
+					DisplayName: "test",
+				}, nil
+			})
+			defer patch2.Unpatch()
+
+			e.app = app
+			e.project = pj
+
+			got, err := e.buildScopeInfo(tt.args.accessReq, tt.args.permission)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("buildScopeInfo() error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+			if !reflect.DeepEqual(got, tt.want) {
+				t.Errorf("buildScopeInfo() got = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
