Merge pull request #9520 from fcfang123/bug-9512

bug：申请加入组bug修复 #9512

src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/ResourceGroupInfo.kt

@@ -0,0 +1,20 @@
+package com.tencent.devops.auth.pojo
+
+import io.swagger.annotations.ApiModel
+import io.swagger.annotations.ApiModelProperty
+
+@ApiModel("资源组详情")
+data class ResourceGroupInfo(
+    @ApiModelProperty("用户组ID")
+    val groupId: String,
+    @ApiModelProperty("用户组名称")
+    val groupName: String,
+    @ApiModelProperty("项目code")
+    val projectCode: String,
+    @ApiModelProperty("资源类型")
+    val resourceType: String,
+    @ApiModelProperty("资源名称")
+    val resourceName: String,
+    @ApiModelProperty("资源code")
+    val resourceCode: String
+)

src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/SearchGroupInfo.kt

@@ -8,17 +8,17 @@ data class SearchGroupInfo(
     @ApiModelProperty("分级管理员是否继承查询二级管理员的用户组")
     var inherit: Boolean? = true,
     @ApiModelProperty("操作id筛选")
-    val actionId: String?,
+    val actionId: String? = null,
     @ApiModelProperty("资源类型筛选")
-    val resourceType: String?,
+    val resourceType: String? = null,
     @ApiModelProperty("资源实例筛选")
-    val iamResourceCode: String?,
+    val iamResourceCode: String? = null,
     @ApiModelProperty("用户组名称")
-    val name: String?,
+    val name: String? = null,
     @ApiModelProperty("用户组描述")
-    val description: String?,
+    val description: String? = null,
     @ApiModelProperty("用户组id")
-    val groupId: Int?,
+    val groupId: Int? = null,
     @ApiModelProperty("page")
     val page: Int,
     @ApiModelProperty("pageSize")

src/backend/ci/core/auth/biz-auth-rbac/src/main/kotlin/com/tencent/devops/auth/service/RbacPermissionApplyService.kt

@@ -20,6 +20,7 @@ import com.tencent.devops.auth.pojo.ApplyJoinGroupInfo
 import com.tencent.devops.auth.pojo.AuthResourceInfo
 import com.tencent.devops.auth.pojo.ManagerRoleGroupInfo
 import com.tencent.devops.auth.pojo.RelatedResourceInfo
+import com.tencent.devops.auth.pojo.ResourceGroupInfo
 import com.tencent.devops.auth.pojo.SearchGroupInfo
 import com.tencent.devops.auth.pojo.vo.ActionInfoVo
 import com.tencent.devops.auth.pojo.vo.AuthApplyRedirectInfoVo
@@ -284,15 +285,11 @@ class RbacPermissionApplyService @Autowired constructor(
                 )
             // 构造itsm表格中对应组的详细内容
             val groupContent = applyJoinGroupInfo.groupIds.map { it.toString() }.associateWith {
-                val resourceGroupInfo = authResourceGroupDao.get(
-                    dslContext = dslContext,
+                val resourceGroupInfo = getResourceGroupInfoForApply(
                     projectCode = projectCode,
-                    relationId = it
-                ) ?: throw ErrorCodeException(
-                    errorCode = AuthMessageCode.ERROR_AUTH_GROUP_NOT_EXIST,
-                    defaultMessage = "group($it) not exist"
+                    projectName = projectInfo.projectName,
+                    groupId = it
                 )
-                val relatedResourceType = resourceGroupInfo.resourceType
                 itsmService.buildGroupApplyItsmValue(
                     ApplyJoinGroupFormDataInfo(
                         projectName = projectInfo.projectName,
@@ -302,7 +299,7 @@ class RbacPermissionApplyService @Autowired constructor(
                         validityPeriod = generateValidityPeriod(applyJoinGroupInfo.expiredAt.toLong()),
                         resourceRedirectUri = generateResourceRedirectUri(
                             projectCode = resourceGroupInfo.projectCode,
-                            resourceType = relatedResourceType,
+                            resourceType = resourceGroupInfo.resourceType,
                             resourceCode = resourceGroupInfo.resourceCode
                         ),
                         groupPermissionDetailRedirectUri = String.format(
@@ -332,12 +329,60 @@ class RbacPermissionApplyService @Autowired constructor(
             throw ErrorCodeException(
                 errorCode = AuthMessageCode.APPLY_TO_JOIN_GROUP_FAIL,
                 params = arrayOf(applyJoinGroupInfo.groupIds.toString()),
-                defaultMessage = "Failed to apply to join group(${applyJoinGroupInfo.groupIds})"
+                defaultMessage = "Failed to apply to join group(${e.message}})"
             )
         }
         return true
     }
 
+    private fun getResourceGroupInfoForApply(
+        projectCode: String,
+        projectName: String,
+        groupId: String
+    ): ResourceGroupInfo {
+        logger.info("get resource group for apply :$projectCode|$projectName|$groupId")
+        val dbResourceGroupInfo = authResourceGroupDao.get(
+            dslContext = dslContext,
+            projectCode = projectCode,
+            relationId = groupId
+        )
+        return if (dbResourceGroupInfo != null) {
+            ResourceGroupInfo(
+                groupId = groupId,
+                groupName = dbResourceGroupInfo.groupName,
+                projectCode = projectCode,
+                resourceType = dbResourceGroupInfo.resourceType,
+                resourceName = dbResourceGroupInfo.resourceName,
+                resourceCode = dbResourceGroupInfo.resourceCode
+            )
+        } else {
+            // 若是在权限中心界面创建的组，不会同步到蓝盾库，需要再次调iam查询
+            val gradeManagerId = authResourceService.get(
+                projectCode = projectCode,
+                resourceType = AuthResourceType.PROJECT.value,
+                resourceCode = projectCode
+            ).relationId
+            val iamGroupInfo = getGradeManagerRoleGroup(
+                searchGroupInfo = SearchGroupInfo(
+                    groupId = groupId.toInt(),
+                    page = 1,
+                    pageSize = 10
+                ),
+                bkIamPath = null,
+                relationId = gradeManagerId
+            ).results.first()
+            logger.info("get resource group info from iam:$projectCode|$projectName|$groupId|$iamGroupInfo")
+            ResourceGroupInfo(
+                groupId = groupId,
+                groupName = iamGroupInfo.name,
+                projectCode = projectCode,
+                resourceType = AuthResourceType.PROJECT.value,
+                resourceName = projectName,
+                resourceCode = projectCode
+            )
+        }
+    }
+
     private fun generateValidityPeriod(expiredAt: Long): String {
         val between = expiredAt * 1000 - System.currentTimeMillis()
         return DateTimeUtil.formatDay(between).plus(

src/backend/ci/core/common/common-web/build.gradle.kts

@@ -33,6 +33,7 @@ dependencies {
     api(project(":core:common:common-security"))
     api(project(":core:common:common-client"))
     api(project(":core:common:common-third-sdk:common-sdk-util"))
+    api("com.tencent.bk.sdk:iam-java-sdk")
     api("org.springframework.boot:spring-boot-starter-jersey")
     api("org.springframework.boot:spring-boot-starter-undertow")
     api("org.springframework.boot:spring-boot-starter-web")

src/backend/ci/core/common/common-web/src/main/kotlin/com/tencent/devops/common/web/handler/IamExceptionMapper.kt

@@ -0,0 +1,57 @@
+/*
+ * Tencent is pleased to support the open source community by making BK-CI 蓝鲸持续集成平台 available.
+ *
+ * Copyright (C) 2019 THL A29 Limited, a Tencent company.  All rights reserved.
+ *
+ * BK-CI 蓝鲸持续集成平台 is licensed under the MIT license.
+ *
+ * A copy of the MIT License is included in this file.
+ *
+ *
+ * Terms of the MIT License:
+ * ---------------------------------------------------
+ * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated
+ * documentation files (the "Software"), to deal in the Software without restriction, including without limitation the
+ * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all copies or substantial portions of
+ * the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
+ * LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
+ * NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+ * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+
+package com.tencent.devops.common.web.handler
+
+import com.tencent.bk.sdk.iam.exception.IamException
+import com.tencent.devops.common.api.pojo.Result
+import com.tencent.devops.common.service.Profile
+import com.tencent.devops.common.service.utils.SpringContextUtil
+import com.tencent.devops.common.web.annotation.BkExceptionMapper
+import org.slf4j.LoggerFactory
+import javax.ws.rs.core.MediaType
+import javax.ws.rs.core.Response
+import javax.ws.rs.ext.ExceptionMapper
+
+@BkExceptionMapper
+class IamExceptionMapper : ExceptionMapper<IamException> {
+    companion object {
+        val logger = LoggerFactory.getLogger(IamExceptionMapper::class.java)!!
+    }
+
+    override fun toResponse(exception: IamException): Response {
+        logger.warn("Failed with iam request exception", exception)
+        val status = Response.Status.BAD_REQUEST
+        val message = if (SpringContextUtil.getBean(Profile::class.java).isDebug()) {
+            exception.message
+        } else {
+            "Failed with iam request exception"
+        }
+        return Response.status(status).type(MediaType.APPLICATION_JSON_TYPE)
+            .entity(Result(status = status.statusCode, message = message, data = exception.errorMsg)).build()
+    }
+}

src/backend/ci/core/project/api-project/src/main/kotlin/com/tencent/devops/project/pojo/service/OPPServiceVO.kt

@@ -70,6 +70,8 @@ data class OPPServiceVO(
     val logoUrl: String?,
     @ApiModelProperty("支持webSocket的页面")
     val webSocket: String?,
+    @ApiModelProperty("权重")
+    val weight: Int? = null,
     @ApiModelProperty("创建人")
     val createdUser: String,
     @ApiModelProperty("创建时间")

src/backend/ci/core/project/biz-project/src/main/kotlin/com/tencent/devops/project/dao/ServiceDao.kt

@@ -129,6 +129,7 @@ class ServiceDao {
                 LOGO_URL,
                 WEB_SOCKET,
                 GRAY_IFRAME_URL,
+                WEIGHT,
                 CLUSTER_TYPE
             ).values(
                 serviceCreateInfo.name,
@@ -152,6 +153,7 @@ class ServiceDao {
                 serviceCreateInfo.logoUrl,
                 serviceCreateInfo.webSocket,
                 serviceCreateInfo.grayIframeUrl,
+                serviceCreateInfo.weight,
                 serviceCreateInfo.clusterType
             ).returning().fetchOne()
         }
@@ -237,6 +239,9 @@ class ServiceDao {
             if (serviceUpdateInfo.deleted != null) {
                 execute.set(DELETED, serviceUpdateInfo.deleted)
             }
+            if (serviceUpdateInfo.weight != null) {
+                execute.set(WEIGHT, serviceUpdateInfo.weight)
+            }
             execute.set(CLUSTER_TYPE, serviceUpdateInfo.clusterType)
             return execute.set(UPDATED_USER, userId)
                 .set(UPDATED_TIME, LocalDateTime.now())

src/backend/ci/core/project/biz-project/src/main/kotlin/com/tencent/devops/project/service/impl/AbsUserProjectServiceServiceImpl.kt

@@ -145,6 +145,7 @@ abstract class AbsUserProjectServiceServiceImpl @Autowired constructor(
             projectIdType = tServiceRecord.projectIdType,
             logoUrl = tServiceRecord.logoUrl,
             webSocket = tServiceRecord.webSocket,
+            weight = tServiceRecord.weight,
             createdUser = tServiceRecord.createdUser ?: "",
             createdTime = DateTimeUtil.toDateTime(tServiceRecord.createdTime),
             updatedUser = tServiceRecord.updatedUser ?: "",