Merge user roles and group roles

Signed-off-by: stonezdj <stonezdj@gmail.com>

docs/manage_role_by_ldap_group.md

@@ -54,4 +54,4 @@ If a user is in the LDAP groups with admin privilege (ldap_group_admin_dn), the
 
 ## User privileges and group privileges
 
-If a user has both user-level role and group-level role, only the user level role privileges will be considered.
+If a user has both user-level role and group-level role, these privileges are merged together.

src/common/security/local/context.go

@@ -127,10 +127,24 @@ func (s *SecurityContext) GetProjectRoles(projectIDOrName interface{}) []int {
 			roles = append(roles, common.RoleGuest)
 		}
 	}
-	if len(roles) != 0 {
-		return roles
+	return mergeRoles(roles, s.GetRolesByGroup(projectIDOrName))
+}
+
+func mergeRoles(rolesA, rolesB []int) []int {
+	type void struct{}
+	var roles []int
+	var placeHolder void
+	roleSet := make(map[int]void)
+	for _, r := range rolesA {
+		roleSet[r] = placeHolder
 	}
-	return s.GetRolesByGroup(projectIDOrName)
+	for _, r := range rolesB {
+		roleSet[r] = placeHolder
+	}
+	for r := range roleSet {
+		roles = append(roles, r)
+	}
+	return roles
 }
 
 // GetRolesByGroup - Get the group role of current user to the project

src/common/security/local/context_test.go

@@ -408,3 +408,27 @@ func TestSecurityContext_GetMyProjects(t *testing.T) {
 		})
 	}
 }
+
+func Test_mergeRoles(t *testing.T) {
+	type args struct {
+		rolesA []int
+		rolesB []int
+	}
+	tests := []struct {
+		name string
+		args args
+		want []int
+	}{
+		{"normal", args{[]int{3, 4}, []int{1, 2, 3, 4}}, []int{1, 2, 3, 4}},
+		{"empty", args{[]int{}, []int{}}, []int{}},
+		{"left empty", args{[]int{}, []int{1, 2, 3, 4}}, []int{1, 2, 3, 4}},
+		{"right empty", args{[]int{1, 2, 3, 4}, []int{}}, []int{1, 2, 3, 4}},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if got := mergeRoles(tt.args.rolesA, tt.args.rolesB); !test.CheckSetsEqual(got, tt.want) {
+				t.Errorf("mergeRoles() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}

src/common/utils/test/test.go

@@ -142,3 +142,33 @@ func TraceCfgMap(cfgs map[string]interface{}) {
 		fmt.Printf("%v=%v\n", k, cfgs[k])
 	}
 }
+
+// CheckSetsEqual - check int set if they are equals
+func CheckSetsEqual(setA, setB []int) bool {
+	if len(setA) != len(setB) {
+		return false
+	}
+	type void struct{}
+	var exist void
+	setAll := make(map[int]void)
+	for _, r := range setA {
+		setAll[r] = exist
+	}
+	for _, r := range setB {
+		if _, ok := setAll[r]; !ok {
+			return false
+		}
+	}
+
+	setAll = make(map[int]void)
+	for _, r := range setB {
+		setAll[r] = exist
+	}
+	for _, r := range setA {
+		if _, ok := setAll[r]; !ok {
+			return false
+		}
+	}
+	return true
+
+}