fix: duplicate authorisation #854

powerjob-server/powerjob-server-auth/src/main/java/tech/powerjob/server/auth/service/permission/PowerJobPermissionService.java

@@ -6,6 +6,7 @@ import tech.powerjob.server.auth.RoleScope;
 
 import java.util.List;
 import java.util.Map;
+import java.util.Set;
 
 /**
  * PowerJob 鉴权服务
@@ -49,9 +50,9 @@ public interface PowerJobPermissionService {
      * 获取有相关权限的用户
      * @param roleScope 角色范围
      * @param target 目标
-     * @return 角色对应的用户列表
+     * @return 角色对应的用户列表，user 可能重复，需要用 SET 去重（save APP/namespace 等场景，创建人自动被授权成为 ADMIN，如果用户在面板将自己添加到管理员，就会存在2套授权机制2次授权出现重复）
      */
-    Map<Role, List<Long>> fetchUserWithPermissions(RoleScope roleScope, Long target);
+    Map<Role, Set<Long>> fetchUserWithPermissions(RoleScope roleScope, Long target);
 
     /**
      * 获取用户有权限的目标

powerjob-server/powerjob-server-auth/src/main/java/tech/powerjob/server/auth/service/permission/PowerJobPermissionServiceImpl.java

@@ -1,9 +1,6 @@
 package tech.powerjob.server.auth.service.permission;
 
-import com.google.common.collect.ArrayListMultimap;
+import com.google.common.collect.*;
-import com.google.common.collect.Lists;
-import com.google.common.collect.Maps;
-import com.google.common.collect.Multimap;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.stereotype.Service;
 import tech.powerjob.server.auth.Permission;
@@ -112,14 +109,15 @@ public class PowerJobPermissionServiceImpl implements PowerJobPermissionService
     }
 
     @Override
-    public Map<Role, List<Long>> fetchUserWithPermissions(RoleScope roleScope, Long target) {
+    public Map<Role, Set<Long>> fetchUserWithPermissions(RoleScope roleScope, Long target) {
         List<UserRoleDO> permissionUserList = userRoleRepository.findAllByScopeAndTarget(roleScope.getV(), target);
-        Map<Role, List<Long>> ret = Maps.newHashMap();
+        Map<Role, Set<Long>> ret = Maps.newHashMap();
         Optional.ofNullable(permissionUserList).orElse(Collections.emptyList()).forEach(userRoleDO -> {
             Role role = Role.of(userRoleDO.getRole());
-            List<Long> userIds = ret.computeIfAbsent(role, ignore -> Lists.newArrayList());
+            Set<Long> userIds = ret.computeIfAbsent(role, ignore -> Sets.newHashSet());
             userIds.add(userRoleDO.getUserId());
         });
+
         return ret;
     }
 

powerjob-server/powerjob-server-starter/src/main/java/tech/powerjob/server/auth/service/impl/WebAuthServiceImpl.java

@@ -1,5 +1,6 @@
 package tech.powerjob.server.auth.service.impl;
 
+import com.google.common.collect.Lists;
 import com.google.common.collect.Maps;
 import com.google.common.collect.Sets;
 import lombok.extern.slf4j.Slf4j;
@@ -42,7 +43,7 @@ public class WebAuthServiceImpl implements WebAuthService {
     public void processPermissionOnSave(RoleScope roleScope, Long target, ComponentUserRoleInfo o) {
         ComponentUserRoleInfo componentUserRoleInfo = Optional.ofNullable(o).orElse(new ComponentUserRoleInfo());
         
-        Map<Role, List<Long>> role2Uids = powerJobPermissionService.fetchUserWithPermissions(roleScope, target);
+        Map<Role, Set<Long>> role2Uids = powerJobPermissionService.fetchUserWithPermissions(roleScope, target);
         diffGrant(roleScope, target, Role.OBSERVER, componentUserRoleInfo.getObserver(), role2Uids);
         diffGrant(roleScope, target, Role.QA, componentUserRoleInfo.getQa(), role2Uids);
         diffGrant(roleScope, target, Role.DEVELOPER, componentUserRoleInfo.getDeveloper(), role2Uids);
@@ -51,12 +52,12 @@ public class WebAuthServiceImpl implements WebAuthService {
 
     @Override
     public ComponentUserRoleInfo fetchComponentUserRoleInfo(RoleScope roleScope, Long target) {
-        Map<Role, List<Long>> role2Uids = powerJobPermissionService.fetchUserWithPermissions(roleScope, target);
+        Map<Role, Set<Long>> role2Uids = powerJobPermissionService.fetchUserWithPermissions(roleScope, target);
         return new ComponentUserRoleInfo()
-                .setObserver(role2Uids.getOrDefault(Role.OBSERVER, Collections.emptyList()))
+                .setObserver(Lists.newArrayList(role2Uids.getOrDefault(Role.OBSERVER, Collections.emptySet())))
-                .setQa(role2Uids.getOrDefault(Role.QA, Collections.emptyList()))
+                .setQa(Lists.newArrayList(role2Uids.getOrDefault(Role.QA, Collections.emptySet())))
-                .setDeveloper(role2Uids.getOrDefault(Role.DEVELOPER, Collections.emptyList()))
+                .setDeveloper(Lists.newArrayList(role2Uids.getOrDefault(Role.DEVELOPER, Collections.emptySet())))
-                .setAdmin(role2Uids.getOrDefault(Role.ADMIN, Collections.emptyList()));
+                .setAdmin(Lists.newArrayList(role2Uids.getOrDefault(Role.ADMIN, Collections.emptySet())));
     }
 
     @Override
@@ -82,9 +83,9 @@ public class WebAuthServiceImpl implements WebAuthService {
         return powerJobPermissionService.fetchUserHadPermissionTargets(roleScope, powerJobUser.getId());
     }
 
-    private void diffGrant(RoleScope roleScope, Long target, Role role, List<Long> uids, Map<Role, List<Long>> originRole2Uids) {
+    private void diffGrant(RoleScope roleScope, Long target, Role role, List<Long> uids, Map<Role, Set<Long>> originRole2Uids) {
 
-        Set<Long> originUids = Sets.newHashSet(Optional.ofNullable(originRole2Uids.get(role)).orElse(Collections.emptyList()));
+        Set<Long> originUids = Sets.newHashSet(Optional.ofNullable(originRole2Uids.get(role)).orElse(Collections.emptySet()));
         Set<Long> currentUids = Sets.newHashSet(Optional.ofNullable(uids).orElse(Collections.emptyList()));
 
         Map<String, Object> extraInfo = Maps.newHashMap();