Merge branch 'main' of https://github.com/ideal-world/bios

support/iam/src/basic/serv/iam_cert_mail_vcode_serv.rs

@@ -273,7 +273,8 @@ impl IamCertMailVCodeServ {
             if cached_vcode == input_vcode {
                 let rel_rbum_cert_conf_id =
                     IamCertServ::get_cert_conf_id_by_kind(IamCertKernelKind::MailVCode.to_string().as_str(), Some(IamTenantServ::get_id_by_ctx(&ctx, funs)?), funs).await?;
-                let id = if Self::check_bind_mail(mail, vec![rel_rbum_cert_conf_id.clone()], &ctx.owner.clone(), funs, &ctx).await.is_ok() {
+                Self::check_mail_bound(mail, vec![rel_rbum_cert_conf_id.clone()], funs, &ctx).await?;
+                let id = if Self::check_account_bind_mail(vec![rel_rbum_cert_conf_id.clone()], &ctx.owner.clone(), funs, &ctx).await.is_ok() {
                     RbumCertServ::add_rbum(
                         &mut RbumCertAddReq {
                             ak: TrimString(mail.trim().to_string()),
@@ -342,7 +343,7 @@ impl IamCertMailVCodeServ {
         Err(funs.err().unauthorized("iam_cert_mail_vcode", "activate", "email or verification code error", "401-iam-cert-valid"))
     }
 
-    pub async fn check_bind_mail(mail: &str, rel_rbum_cert_conf_ids: Vec<String>, rel_rbum_id: &str, funs: &TardisFunsInst, ctx: &TardisContext) -> TardisResult<()> {
+    async fn check_account_bind_mail(rel_rbum_cert_conf_ids: Vec<String>, rel_rbum_id: &str, funs: &TardisFunsInst, ctx: &TardisContext) -> TardisResult<()> {
         // check bind or not
         if RbumCertServ::count_rbums(
             &RbumCertFilterReq {
@@ -364,6 +365,10 @@ impl IamCertMailVCodeServ {
         {
             return Err(funs.err().conflict("iam_cert_mail_vcode", "bind", "email already exist bind", "409-iam-cert-email-bind-already-exist"));
         }
+        Ok(())
+    }
+
+    async fn check_mail_bound(mail: &str, rel_rbum_cert_conf_ids: Vec<String>, funs: &TardisFunsInst, ctx: &TardisContext) -> TardisResult<()> {
         // check existence or not
         if RbumCertServ::count_rbums(
             &RbumCertFilterReq {

support/iam/src/basic/serv/iam_cert_phone_vcode_serv.rs

@@ -297,7 +297,8 @@ impl IamCertPhoneVCodeServ {
             if cached_vcode == input_vcode {
                 let rel_rbum_cert_conf_id =
                     IamCertServ::get_cert_conf_id_by_kind(IamCertKernelKind::PhoneVCode.to_string().as_str(), Some(IamTenantServ::get_id_by_ctx(&ctx, funs)?), funs).await?;
-                let id = if Self::check_bind_phone(phone, vec![rel_rbum_cert_conf_id.clone()], &ctx.owner.clone(), funs, &ctx).await.is_ok() {
+                Self::check_phone_bound(phone, vec![rel_rbum_cert_conf_id.clone()], funs, &ctx).await?;
+                let id = if Self::check_account_bind_phone(vec![rel_rbum_cert_conf_id.clone()], &ctx.owner.clone(), funs, &ctx).await.is_ok() {
                     RbumCertServ::add_rbum(
                         &mut RbumCertAddReq {
                             ak: TrimString(phone.trim().to_string()),
@@ -365,7 +366,7 @@ impl IamCertPhoneVCodeServ {
         Err(funs.err().unauthorized("iam_cert_phone_vcode", "bind", "phone or verification code error", "401-iam-cert-valid"))
     }
 
-    pub async fn check_bind_phone(phone: &str, rel_rbum_cert_conf_ids: Vec<String>, rel_rbum_id: &str, funs: &TardisFunsInst, ctx: &TardisContext) -> TardisResult<()> {
+    async fn check_account_bind_phone(rel_rbum_cert_conf_ids: Vec<String>, rel_rbum_id: &str, funs: &TardisFunsInst, ctx: &TardisContext) -> TardisResult<()> {
         // check bind or not
         if RbumCertServ::count_rbums(
             &RbumCertFilterReq {
@@ -387,6 +388,10 @@ impl IamCertPhoneVCodeServ {
         {
             return Err(funs.err().conflict("iam_cert_phone_vcode", "bind", "phone already exist bind", "409-iam-cert-phone-bind-already-exist"));
         }
+        Ok(())
+    }
+
+    async fn check_phone_bound(phone: &str, rel_rbum_cert_conf_ids: Vec<String>, funs: &TardisFunsInst, ctx: &TardisContext) -> TardisResult<()> {
         // check existence or not
         if RbumCertServ::count_rbums(
             &RbumCertFilterReq {

support/iam/src/basic/serv/iam_rel_serv.rs

@@ -427,10 +427,12 @@ impl IamRelServ {
                 // 1) Find the list of roles associated with a menu or element resource (ready to remove the binding to the API resource from the cache)
                 let sys_ctx = IamCertServ::use_sys_ctx_unsafe(ctx.clone())?;
                 let rel_role_ids = Self::find_from_id_rels(&IamRelKind::IamResRole, true, res_other_id, None, None, funs, &sys_ctx).await?;
+                let rel_api_role_ids = Self::find_from_id_rels(&IamRelKind::IamResRole, true, res_api_id, None, None, funs, &sys_ctx).await?;
+                let rel_api_res_ids = Self::find_from_id_rels(&IamRelKind::IamResApi, true, res_api_id, None, None, funs, &sys_ctx).await?;
                 let mut remove_role_ids = Vec::new();
                 for rel_role_id in rel_role_ids {
                     // 2) If an API resource is explicitly associated with a role, it cannot be removed
-                    if Self::exist_rels(&IamRelKind::IamResRole, res_api_id, &rel_role_id, funs, &sys_ctx).await? {
+                    if rel_api_role_ids.contains(&rel_role_id) {
                         continue;
                     }
                     // 3) Find the list of resources associated with the associated role (indirect relationship)
@@ -442,7 +444,7 @@ impl IamRelServ {
                         .collect::<Vec<String>>();
                     // 5) If these associated resources are explicitly associated with API resources, they cannot be removed
                     for rel_res_id in rel_res_ids {
-                        if Self::exist_rels(&IamRelKind::IamResApi, res_api_id, &rel_res_id, funs, &sys_ctx).await? {
+                        if rel_api_res_ids.contains(&rel_res_id) {
                             break;
                         }
                     }