Skip to content

Commit

Permalink
iam: fix bug (#569)
Browse files Browse the repository at this point in the history
  • Loading branch information
@ZzIsGod1019
ZzIsGod1019 authored Dec 26, 2023
1 parent b736da8 commit 2993afb
Show file tree
Hide file tree
Showing 15 changed files with 299 additions and 92 deletions.
7 changes: 6 additions & 1 deletion basic/src/rbum/serv/rbum_set_serv.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -493,7 +493,12 @@ impl RbumCrudOperation<rbum_set_cate::ActiveModel, RbumSetCateAddReq, RbumSetCat
.add(Expr::col((rbum_set_cate::Entity, rbum_set_cate::Column::SysCode)).equals((rbum_set_item::Entity, rbum_set_item::Column::RelRbumSetCateCode)))
.add(Expr::col((rbum_set_cate::Entity, rbum_set_cate::Column::RelRbumSetId)).equals((rbum_set_item::Entity, rbum_set_item::Column::RelRbumSetId))),
)
.and_where(Expr::col((rbum_set_cate::Entity, rbum_set_cate::Column::Id)).eq(id)),
.inner_join(
rbum_item::Entity,
Expr::col((rbum_item::Entity, rbum_item::Column::Id)).equals((rbum_set_item::Entity, rbum_set_item::Column::RelRbumItemId)),
)
.and_where(Expr::col((rbum_set_cate::Entity, rbum_set_cate::Column::Id)).eq(id))
.and_where(Expr::col((rbum_item::Entity, rbum_item::Column::Disabled)).eq(false)),
)
.await?
> 0
Expand Down
7 changes: 4 additions & 3 deletions middleware/flow/src/serv/flow_inst_serv.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -967,7 +967,7 @@ impl FlowInstServ {
)
.await?;
if !resp.rel_bus_objs.is_empty() {
let inst_ids = Self::find_inst_ids_by_rel_obj_ids(resp.rel_bus_objs.pop().unwrap().rel_bus_obj_ids, &change_info, funs, ctx).await?;
let inst_ids = Self::find_inst_ids_by_rel_obj_ids(current_model, resp.rel_bus_objs.pop().unwrap().rel_bus_obj_ids, &change_info, funs, ctx).await?;
Self::do_modify_state_by_post_action(inst_ids, &change_info, updated_instance_list, funs, ctx).await?;
}
}
Expand All @@ -978,6 +978,7 @@ impl FlowInstServ {
Ok(())
}
async fn find_inst_ids_by_rel_obj_ids(
flow_model: &FlowModelDetailResp,
rel_bus_obj_ids: Vec<String>,
change_info: &FlowTransitionActionByStateChangeInfo,
funs: &TardisFunsInst,
Expand All @@ -999,7 +1000,7 @@ impl FlowInstServ {
}
let inst_id = Self::get_inst_ids_by_rel_business_obj_id(vec![rel_obj_id.clone()], funs, ctx).await?.pop().unwrap_or_default();

let resp = FlowExternalServ::do_fetch_rel_obj(&change_info.obj_tag, &inst_id, rel_obj_id, rel_tags, ctx, funs).await?;
let resp = FlowExternalServ::do_fetch_rel_obj(&flow_model.tag, &inst_id, rel_obj_id, rel_tags, ctx, funs).await?;
if !resp.rel_bus_objs.is_empty() {
for rel_bus_obj in resp.rel_bus_objs {
let condition = change_condition
Expand All @@ -1010,7 +1011,7 @@ impl FlowInstServ {
let rel_obj_ids = Self::filter_rel_obj_ids_by_state(&rel_bus_obj.rel_bus_obj_ids, &Some(condition.state_id.clone()), funs, ctx).await?;
match condition.op {
StateChangeConditionOp::And => {
if rel_bus_obj.rel_bus_obj_ids.len() != rel_obj_ids.len() {
if rel_bus_obj.rel_bus_obj_ids.is_empty() || rel_bus_obj.rel_bus_obj_ids.len() != rel_obj_ids.len() {
mismatch_rel_obj_ids.push(rel_obj_id.clone());
continue;
}
Expand Down
1 change: 0 additions & 1 deletion services/bios-all/config/locale/zh-cn.iam
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,6 @@
404-iam-cache-res-rel-not-exist 缓存资源关联不存在

409-iam-rel-kind-api-conflict 请求来源类型必须是API类型

404-iam-res-not-exist 资源不存在

409-iam-cate-menu-conflict 当前目录只能挂一个菜单
Expand Down
2 changes: 2 additions & 0 deletions support/iam/src/basic/dto/iam_res_dto.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,7 @@ pub struct IamResAddReq {
pub double_auth_msg: Option<String>,
pub need_login: Option<bool>,
pub disabled: Option<bool>,
pub bind_api_res: Option<Vec<String>>,
}

impl IamResAddReq {
Expand Down Expand Up @@ -72,6 +73,7 @@ pub struct IamResModifyReq {
pub double_auth: Option<bool>,
pub double_auth_msg: Option<String>,
pub need_login: Option<bool>,
pub bind_api_res: Option<Vec<String>>,
}

#[derive(poem_openapi::Object, sea_orm::FromQueryResult, Serialize, Deserialize, Debug)]
Expand Down
4 changes: 3 additions & 1 deletion support/iam/src/basic/serv/iam_account_serv.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -439,6 +439,8 @@ impl IamAccountServ {
ctx: &TardisContext,
) -> TardisResult<IamAccountDetailAggResp> {
let account = IamAccountServ::get_item(account_id, filter, funs, ctx).await?;
let mut mock_tenant_ctx = ctx.clone();
mock_tenant_ctx.own_paths = IamTenantServ::get_id_by_ctx(ctx, funs)?;
let set_id = if use_sys_org {
IamSetServ::get_set_id_by_code(&IamSetServ::get_default_code(&IamSetKind::Org, ""), true, funs, ctx).await?
} else {
Expand Down Expand Up @@ -536,7 +538,7 @@ impl IamAccountServ {
.into_iter()
.map(|r| (r.rel_rbum_cert_conf_code.unwrap_or("".to_string()), r.ak))
.collect(),
orgs: IamSetServ::find_set_paths(&account.id, &set_id, funs, ctx).await?.into_iter().map(|r| r.into_iter().map(|rr| rr.name).join("/")).collect(),
orgs: IamSetServ::find_set_paths(&account.id, &set_id, funs, &mock_tenant_ctx).await?.into_iter().map(|r| r.into_iter().map(|rr| rr.name).join("/")).collect(),
exts: account_attrs
.into_iter()
.map(|r| IamAccountAttrResp {
Expand Down
25 changes: 24 additions & 1 deletion support/iam/src/basic/serv/iam_app_serv.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,16 +2,19 @@ use std::collections::HashSet;

use async_trait::async_trait;
use bios_basic::rbum::dto::rbum_rel_dto::RbumRelBoneResp;
use bios_basic::rbum::serv::rbum_crud_serv::RbumCrudOperation;
use bios_basic::rbum::serv::rbum_rel_serv::RbumRelServ;
use bios_basic::rbum::serv::rbum_set_serv::RbumSetItemServ;
use bios_sdk_invoke::clients::spi_kv_client::SpiKvClient;
use tardis::basic::dto::TardisContext;
use tardis::basic::field::TrimString;
use tardis::basic::result::TardisResult;
use tardis::db::sea_orm::sea_query::{Expr, SelectStatement};
use tardis::db::sea_orm::*;
use tardis::futures_util::future::join_all;
use tardis::{TardisFuns, TardisFunsInst};

use bios_basic::rbum::dto::rbum_filer_dto::{RbumBasicFilterReq, RbumItemRelFilterReq};
use bios_basic::rbum::dto::rbum_filer_dto::{RbumBasicFilterReq, RbumItemRelFilterReq, RbumSetItemFilterReq};
use bios_basic::rbum::dto::rbum_item_dto::{RbumItemKernelAddReq, RbumItemKernelModifyReq};
use bios_basic::rbum::helper::rbum_scope_helper;
use bios_basic::rbum::rbum_enumeration::RbumRelFromKind;
Expand Down Expand Up @@ -257,6 +260,26 @@ impl IamAppServ {
)
.await?;
}
if let Some(disabled) = &modify_req.disabled {
if *disabled {
join_all(
RbumSetItemServ::find_id_rbums(
&RbumSetItemFilterReq {
rel_rbum_item_ids: Some(vec![id.to_string()]),
..Default::default()
},
None,
None,
funs,
ctx,
)
.await?
.into_iter()
.map(|set_item_id| async move { RbumSetItemServ::delete_rbum(&set_item_id, funs, ctx).await }),
)
.await;
}
}
Ok(())
}

Expand Down
84 changes: 60 additions & 24 deletions support/iam/src/basic/serv/iam_cert_mail_vcode_serv.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -273,30 +273,66 @@ impl IamCertMailVCodeServ {
if cached_vcode == input_vcode {
let rel_rbum_cert_conf_id =
IamCertServ::get_cert_conf_id_by_kind(IamCertKernelKind::MailVCode.to_string().as_str(), Some(IamTenantServ::get_id_by_ctx(&ctx, funs)?), funs).await?;
Self::check_bind_mail(mail, vec![rel_rbum_cert_conf_id.clone()], &ctx.owner.clone(), funs, &ctx).await?;
let id = RbumCertServ::add_rbum(
&mut RbumCertAddReq {
ak: TrimString(mail.trim().to_string()),
sk: None,
sk_invisible: None,
kind: None,
supplier: None,
vcode: Some(TrimString(input_vcode.to_string())),
ext: None,
start_time: None,
end_time: None,
conn_uri: None,
status: RbumCertStatusKind::Enabled,
rel_rbum_cert_conf_id: Some(rel_rbum_cert_conf_id),
rel_rbum_kind: RbumCertRelKind::Item,
rel_rbum_id: ctx.owner.clone(),
is_outside: false,
is_ignore_check_sk: false,
},
funs,
&ctx,
)
.await?;
let id = if Self::check_bind_mail(mail, vec![rel_rbum_cert_conf_id.clone()], &ctx.owner.clone(), funs, &ctx).await.is_ok() {
RbumCertServ::add_rbum(
&mut RbumCertAddReq {
ak: TrimString(mail.trim().to_string()),
sk: None,
sk_invisible: None,
kind: None,
supplier: None,
vcode: Some(TrimString(input_vcode.to_string())),
ext: None,
start_time: None,
end_time: None,
conn_uri: None,
status: RbumCertStatusKind::Enabled,
rel_rbum_cert_conf_id: Some(rel_rbum_cert_conf_id),
rel_rbum_kind: RbumCertRelKind::Item,
rel_rbum_id: ctx.owner.clone(),
is_outside: false,
is_ignore_check_sk: false,
},
funs,
&ctx,
)
.await?
} else {
let id = RbumCertServ::find_id_rbums(
&RbumCertFilterReq {
status: Some(RbumCertStatusKind::Enabled),
rel_rbum_id: Some(ctx.owner.clone()),
rel_rbum_kind: Some(RbumCertRelKind::Item),
rel_rbum_cert_conf_ids: Some(vec![rel_rbum_cert_conf_id]),
..Default::default()
},
None,
None,
funs,
&ctx,
)
.await?
.pop()
.ok_or_else(|| funs.err().unauthorized("iam_cert_mail_vcode", "activate", "email or verification code error", "401-iam-cert-valid"))?;
RbumCertServ::modify_rbum(
&id,
&mut RbumCertModifyReq {
ak: Some(TrimString(mail.trim().to_string())),
sk: None,
sk_invisible: None,
is_ignore_check_sk: true,
ext: None,
start_time: None,
end_time: None,
conn_uri: None,
status: None,
},
funs,
&ctx,
)
.await?;
id
};
let op_describe = format!("绑定邮箱为{}", mail);
let _ = IamLogClient::add_ctx_task(LogParamTag::IamAccount, Some(ctx.owner.to_string()), op_describe, Some("BindMailbox".to_string()), &ctx).await;

Expand Down
84 changes: 60 additions & 24 deletions support/iam/src/basic/serv/iam_cert_phone_vcode_serv.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -297,30 +297,66 @@ impl IamCertPhoneVCodeServ {
if cached_vcode == input_vcode {
let rel_rbum_cert_conf_id =
IamCertServ::get_cert_conf_id_by_kind(IamCertKernelKind::PhoneVCode.to_string().as_str(), Some(IamTenantServ::get_id_by_ctx(&ctx, funs)?), funs).await?;
Self::check_bind_phone(phone, vec![rel_rbum_cert_conf_id.clone()], &ctx.owner.clone(), funs, &ctx).await?;
let id = RbumCertServ::add_rbum(
&mut RbumCertAddReq {
ak: TrimString(phone.trim().to_string()),
sk: None,
sk_invisible: None,
kind: None,
supplier: None,
vcode: Some(TrimString(input_vcode.to_string())),
ext: None,
start_time: None,
end_time: None,
conn_uri: None,
status: RbumCertStatusKind::Enabled,
rel_rbum_cert_conf_id: Some(rel_rbum_cert_conf_id),
rel_rbum_kind: RbumCertRelKind::Item,
rel_rbum_id: ctx.owner.clone(),
is_outside: false,
is_ignore_check_sk: false,
},
funs,
&ctx,
)
.await?;
let id = if Self::check_bind_phone(phone, vec![rel_rbum_cert_conf_id.clone()], &ctx.owner.clone(), funs, &ctx).await.is_ok() {
RbumCertServ::add_rbum(
&mut RbumCertAddReq {
ak: TrimString(phone.trim().to_string()),
sk: None,
sk_invisible: None,
kind: None,
supplier: None,
vcode: Some(TrimString(input_vcode.to_string())),
ext: None,
start_time: None,
end_time: None,
conn_uri: None,
status: RbumCertStatusKind::Enabled,
rel_rbum_cert_conf_id: Some(rel_rbum_cert_conf_id),
rel_rbum_kind: RbumCertRelKind::Item,
rel_rbum_id: ctx.owner.clone(),
is_outside: false,
is_ignore_check_sk: false,
},
funs,
&ctx,
)
.await?
} else {
let id = RbumCertServ::find_id_rbums(
&RbumCertFilterReq {
status: Some(RbumCertStatusKind::Enabled),
rel_rbum_id: Some(ctx.owner.clone()),
rel_rbum_kind: Some(RbumCertRelKind::Item),
rel_rbum_cert_conf_ids: Some(vec![rel_rbum_cert_conf_id]),
..Default::default()
},
None,
None,
funs,
&ctx,
)
.await?
.pop()
.ok_or_else(|| funs.err().unauthorized("iam_cert_mail_vcode", "activate", "email or verification code error", "401-iam-cert-valid"))?;
RbumCertServ::modify_rbum(
&id,
&mut RbumCertModifyReq {
ak: Some(TrimString(phone.trim().to_string())),
sk: None,
sk_invisible: None,
is_ignore_check_sk: true,
ext: None,
start_time: None,
end_time: None,
conn_uri: None,
status: None,
},
funs,
&ctx,
)
.await?;
id
};
let op_describe = format!("绑定手机号为{}", phone);
let _ = IamLogClient::add_ctx_task(LogParamTag::IamAccount, Some(ctx.owner.to_string()), op_describe, Some("BindPhone".to_string()), &ctx).await;
return Ok(id);
Expand Down
17 changes: 17 additions & 0 deletions support/iam/src/basic/serv/iam_key_cache_serv.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ use crate::basic::dto::iam_filer_dto::{IamAccountFilterReq, IamAppFilterReq};
use crate::basic::serv::clients::iam_log_client::{IamLogClient, LogParamTag};
use crate::basic::serv::iam_account_serv::IamAccountServ;
use crate::basic::serv::iam_app_serv::IamAppServ;
use crate::basic::serv::iam_cert_serv::IamCertServ;
use crate::basic::serv::iam_rel_serv::IamRelServ;
use crate::iam_config::IamConfig;
use crate::iam_constants;
Expand Down Expand Up @@ -253,6 +254,22 @@ impl IamIdentCacheServ {
Ok(false)
}

pub async fn refresh_account_info_by_account_id(account_id: &str, funs: &TardisFunsInst) -> TardisResult<()> {
log::trace!("refresh account info: account_id={}", account_id);
let tenant_info = funs.cache().hget(format!("{}{}", funs.conf::<IamConfig>().cache_key_account_info_, account_id).as_str(), "").await?;
if tenant_info.is_none() {
return Ok(());
}

let tenant_id = TardisFuns::json.str_to_obj::<TardisContext>(&tenant_info.unwrap())?.own_paths;
let mock_ctx = TardisContext {
own_paths: tenant_id.clone(),
..Default::default()
};
IamCertServ::package_tardis_account_context_and_resp(account_id, &tenant_id, "".to_string(), None, funs, &mock_ctx).await;
Ok(())
}

pub async fn delete_lock_by_account_id(account_id: &str, funs: &TardisFunsInst) -> TardisResult<()> {
log::trace!("delete lock: account_id={}", account_id);
funs.cache().del(&format!("{}{}", funs.rbum_conf_cache_key_cert_locked_(), &account_id)).await?;
Expand Down
Loading

0 comments on commit 2993afb

Please sign in to comment.