From 74504b122ec3b267c30ced4cb840455fa710f55f Mon Sep 17 00:00:00 2001 From: Daniel Jiang Date: Mon, 29 Jul 2019 00:24:02 +0800 Subject: [PATCH] Update GetRolesByGroupID This commit fixes #8432 When querying the role of group ID, all matched roles should be returned instead of the minimal role ID. Signed-off-by: Daniel Jiang --- src/common/dao/group/usergroup_test.go | 8 +++++++- src/common/dao/project.go | 9 ++------- 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/src/common/dao/group/usergroup_test.go b/src/common/dao/group/usergroup_test.go index b4ad3897d..2b7952ef9 100644 --- a/src/common/dao/group/usergroup_test.go +++ b/src/common/dao/group/usergroup_test.go @@ -57,6 +57,8 @@ func TestMain(m *testing.M) { "update project set owner_id = (select user_id from harbor_user where username = 'member_test_01') where name = 'member_test_01'", "insert into project_member (project_id, entity_id, entity_type, role) values ( (select project_id from project where name = 'member_test_01') , (select user_id from harbor_user where username = 'member_test_01'), 'u', 1)", "insert into project_member (project_id, entity_id, entity_type, role) values ( (select project_id from project where name = 'member_test_01') , (select id from user_group where group_name = 'test_group_01'), 'g', 1)", + "insert into project_member (project_id, entity_id, entity_type, role) values ( (select project_id from project where name = 'member_test_01') , (select id from user_group where group_name = 'test_http_group'), 'g', 4)", + "insert into project_member (project_id, entity_id, entity_type, role) values ( (select project_id from project where name = 'member_test_01') , (select id from user_group where group_name = 'test_myhttp_group'), 'g', 4)", } clearSqls := []string{ @@ -397,6 +399,10 @@ func TestGetRolesByLDAPGroup(t *testing.T) { if err != nil || len(userGroupList) < 1 { t.Errorf("failed to query user group, err %v", err) } + gl2, err2 := GetGroupIDByGroupName([]string{"test_http_group", "test_myhttp_group"}, common.HTTPGroupType) + if err2 != nil || len(gl2) != 2 { + t.Errorf("failed to query http user group, err %v", err) + } project, err := dao.GetProjectByName("member_test_01") if err != nil { t.Errorf("Error occurred when Get project by name: %v", err) @@ -416,7 +422,7 @@ func TestGetRolesByLDAPGroup(t *testing.T) { wantSize int wantErr bool }{ - {"Check normal", args{projectID: project.ProjectID, groupIDs: []int{userGroupList[0].ID}}, 1, false}, + {"Check normal", args{projectID: project.ProjectID, groupIDs: []int{userGroupList[0].ID, gl2[0], gl2[1]}}, 2, false}, {"Check non exist", args{projectID: privateProject.ProjectID, groupIDs: []int{9999}}, 0, false}, } for _, tt := range tests { diff --git a/src/common/dao/project.go b/src/common/dao/project.go index c96af6537..b3066bcf1 100644 --- a/src/common/dao/project.go +++ b/src/common/dao/project.go @@ -302,20 +302,15 @@ func GetRolesByGroupID(projectID int64, groupIDs []int) ([]int, error) { } groupIDCondition := JoinNumberConditions(groupIDs) o := GetOrmer() - // the role is in descent order (1-admin, 2-developer, 3-guest, 4-master), use min to select the max privilege role. sql := fmt.Sprintf( - `select min(pm.role) from project_member pm + `select distinct pm.role from project_member pm left join user_group ug on pm.entity_type = 'g' and pm.entity_id = ug.id where ug.id in ( %s ) and pm.project_id = ?`, groupIDCondition) - log.Debugf("sql:%v", sql) + log.Debugf("sql for GetRolesByGroupID(project ID: %d, group ids: %v):%v", projectID, groupIDs, sql) if _, err := o.Raw(sql, projectID).QueryRows(&roles); err != nil { log.Warningf("Error in GetRolesByGroupID, error: %v", err) return nil, err } - // If there is no row selected, the min returns an empty row, to avoid return 0 as role - if len(roles) == 1 && roles[0] == 0 { - return []int{}, nil - } return roles, nil }