From 89e7ef8b40beb18dc871bcbb9d702594713e91f1 Mon Sep 17 00:00:00 2001 From: tjq Date: Fri, 15 Mar 2024 23:32:05 +0800 Subject: [PATCH] fix: duplicate authorisation #854 --- .../permission/PowerJobPermissionService.java | 5 +++-- .../PowerJobPermissionServiceImpl.java | 12 +++++------- .../auth/service/impl/WebAuthServiceImpl.java | 17 +++++++++-------- 3 files changed, 17 insertions(+), 17 deletions(-) diff --git a/powerjob-server/powerjob-server-auth/src/main/java/tech/powerjob/server/auth/service/permission/PowerJobPermissionService.java b/powerjob-server/powerjob-server-auth/src/main/java/tech/powerjob/server/auth/service/permission/PowerJobPermissionService.java index db534abd..64dd7c31 100644 --- a/powerjob-server/powerjob-server-auth/src/main/java/tech/powerjob/server/auth/service/permission/PowerJobPermissionService.java +++ b/powerjob-server/powerjob-server-auth/src/main/java/tech/powerjob/server/auth/service/permission/PowerJobPermissionService.java @@ -6,6 +6,7 @@ import tech.powerjob.server.auth.RoleScope; import java.util.List; import java.util.Map; +import java.util.Set; /** * PowerJob 鉴权服务 @@ -49,9 +50,9 @@ public interface PowerJobPermissionService { * 获取有相关权限的用户 * @param roleScope 角色范围 * @param target 目标 - * @return 角色对应的用户列表 + * @return 角色对应的用户列表,user 可能重复,需要用 SET 去重(save APP/namespace 等场景,创建人自动被授权成为 ADMIN,如果用户在面板将自己添加到管理员,就会存在2套授权机制2次授权出现重复) */ - Map> fetchUserWithPermissions(RoleScope roleScope, Long target); + Map> fetchUserWithPermissions(RoleScope roleScope, Long target); /** * 获取用户有权限的目标 diff --git a/powerjob-server/powerjob-server-auth/src/main/java/tech/powerjob/server/auth/service/permission/PowerJobPermissionServiceImpl.java b/powerjob-server/powerjob-server-auth/src/main/java/tech/powerjob/server/auth/service/permission/PowerJobPermissionServiceImpl.java index dcbad2da..9b1d4970 100644 --- a/powerjob-server/powerjob-server-auth/src/main/java/tech/powerjob/server/auth/service/permission/PowerJobPermissionServiceImpl.java +++ b/powerjob-server/powerjob-server-auth/src/main/java/tech/powerjob/server/auth/service/permission/PowerJobPermissionServiceImpl.java @@ -1,9 +1,6 @@ package tech.powerjob.server.auth.service.permission; -import com.google.common.collect.ArrayListMultimap; -import com.google.common.collect.Lists; -import com.google.common.collect.Maps; -import com.google.common.collect.Multimap; +import com.google.common.collect.*; import lombok.extern.slf4j.Slf4j; import org.springframework.stereotype.Service; import tech.powerjob.server.auth.Permission; @@ -112,14 +109,15 @@ public class PowerJobPermissionServiceImpl implements PowerJobPermissionService } @Override - public Map> fetchUserWithPermissions(RoleScope roleScope, Long target) { + public Map> fetchUserWithPermissions(RoleScope roleScope, Long target) { List permissionUserList = userRoleRepository.findAllByScopeAndTarget(roleScope.getV(), target); - Map> ret = Maps.newHashMap(); + Map> ret = Maps.newHashMap(); Optional.ofNullable(permissionUserList).orElse(Collections.emptyList()).forEach(userRoleDO -> { Role role = Role.of(userRoleDO.getRole()); - List userIds = ret.computeIfAbsent(role, ignore -> Lists.newArrayList()); + Set userIds = ret.computeIfAbsent(role, ignore -> Sets.newHashSet()); userIds.add(userRoleDO.getUserId()); }); + return ret; } diff --git a/powerjob-server/powerjob-server-starter/src/main/java/tech/powerjob/server/auth/service/impl/WebAuthServiceImpl.java b/powerjob-server/powerjob-server-starter/src/main/java/tech/powerjob/server/auth/service/impl/WebAuthServiceImpl.java index 9804f4f3..1fbb7251 100644 --- a/powerjob-server/powerjob-server-starter/src/main/java/tech/powerjob/server/auth/service/impl/WebAuthServiceImpl.java +++ b/powerjob-server/powerjob-server-starter/src/main/java/tech/powerjob/server/auth/service/impl/WebAuthServiceImpl.java @@ -1,5 +1,6 @@ package tech.powerjob.server.auth.service.impl; +import com.google.common.collect.Lists; import com.google.common.collect.Maps; import com.google.common.collect.Sets; import lombok.extern.slf4j.Slf4j; @@ -42,7 +43,7 @@ public class WebAuthServiceImpl implements WebAuthService { public void processPermissionOnSave(RoleScope roleScope, Long target, ComponentUserRoleInfo o) { ComponentUserRoleInfo componentUserRoleInfo = Optional.ofNullable(o).orElse(new ComponentUserRoleInfo()); - Map> role2Uids = powerJobPermissionService.fetchUserWithPermissions(roleScope, target); + Map> role2Uids = powerJobPermissionService.fetchUserWithPermissions(roleScope, target); diffGrant(roleScope, target, Role.OBSERVER, componentUserRoleInfo.getObserver(), role2Uids); diffGrant(roleScope, target, Role.QA, componentUserRoleInfo.getQa(), role2Uids); diffGrant(roleScope, target, Role.DEVELOPER, componentUserRoleInfo.getDeveloper(), role2Uids); @@ -51,12 +52,12 @@ public class WebAuthServiceImpl implements WebAuthService { @Override public ComponentUserRoleInfo fetchComponentUserRoleInfo(RoleScope roleScope, Long target) { - Map> role2Uids = powerJobPermissionService.fetchUserWithPermissions(roleScope, target); + Map> role2Uids = powerJobPermissionService.fetchUserWithPermissions(roleScope, target); return new ComponentUserRoleInfo() - .setObserver(role2Uids.getOrDefault(Role.OBSERVER, Collections.emptyList())) - .setQa(role2Uids.getOrDefault(Role.QA, Collections.emptyList())) - .setDeveloper(role2Uids.getOrDefault(Role.DEVELOPER, Collections.emptyList())) - .setAdmin(role2Uids.getOrDefault(Role.ADMIN, Collections.emptyList())); + .setObserver(Lists.newArrayList(role2Uids.getOrDefault(Role.OBSERVER, Collections.emptySet()))) + .setQa(Lists.newArrayList(role2Uids.getOrDefault(Role.QA, Collections.emptySet()))) + .setDeveloper(Lists.newArrayList(role2Uids.getOrDefault(Role.DEVELOPER, Collections.emptySet()))) + .setAdmin(Lists.newArrayList(role2Uids.getOrDefault(Role.ADMIN, Collections.emptySet()))); } @Override @@ -82,9 +83,9 @@ public class WebAuthServiceImpl implements WebAuthService { return powerJobPermissionService.fetchUserHadPermissionTargets(roleScope, powerJobUser.getId()); } - private void diffGrant(RoleScope roleScope, Long target, Role role, List uids, Map> originRole2Uids) { + private void diffGrant(RoleScope roleScope, Long target, Role role, List uids, Map> originRole2Uids) { - Set originUids = Sets.newHashSet(Optional.ofNullable(originRole2Uids.get(role)).orElse(Collections.emptyList())); + Set originUids = Sets.newHashSet(Optional.ofNullable(originRole2Uids.get(role)).orElse(Collections.emptySet())); Set currentUids = Sets.newHashSet(Optional.ofNullable(uids).orElse(Collections.emptyList())); Map extraInfo = Maps.newHashMap();