mirror of
https://github.com/goharbor/harbor.git
synced 2024-09-30 22:37:43 +02:00
Merge pull request #8447 from reasonerjt/group-perm-merge-1.8
Update GetRolesByGroupID -- cherrypick 1.8
This commit is contained in:
commit
8dc103c6de
@ -57,6 +57,8 @@ func TestMain(m *testing.M) {
|
|||||||
"update project set owner_id = (select user_id from harbor_user where username = 'member_test_01') where name = 'member_test_01'",
|
"update project set owner_id = (select user_id from harbor_user where username = 'member_test_01') where name = 'member_test_01'",
|
||||||
"insert into project_member (project_id, entity_id, entity_type, role) values ( (select project_id from project where name = 'member_test_01') , (select user_id from harbor_user where username = 'member_test_01'), 'u', 1)",
|
"insert into project_member (project_id, entity_id, entity_type, role) values ( (select project_id from project where name = 'member_test_01') , (select user_id from harbor_user where username = 'member_test_01'), 'u', 1)",
|
||||||
"insert into project_member (project_id, entity_id, entity_type, role) values ( (select project_id from project where name = 'member_test_01') , (select id from user_group where group_name = 'test_group_01'), 'g', 1)",
|
"insert into project_member (project_id, entity_id, entity_type, role) values ( (select project_id from project where name = 'member_test_01') , (select id from user_group where group_name = 'test_group_01'), 'g', 1)",
|
||||||
|
"insert into project_member (project_id, entity_id, entity_type, role) values ( (select project_id from project where name = 'member_test_01') , (select id from user_group where group_name = 'test_http_group'), 'g', 4)",
|
||||||
|
"insert into project_member (project_id, entity_id, entity_type, role) values ( (select project_id from project where name = 'member_test_01') , (select id from user_group where group_name = 'test_myhttp_group'), 'g', 4)",
|
||||||
}
|
}
|
||||||
|
|
||||||
clearSqls := []string{
|
clearSqls := []string{
|
||||||
@ -397,6 +399,10 @@ func TestGetRolesByLDAPGroup(t *testing.T) {
|
|||||||
if err != nil || len(userGroupList) < 1 {
|
if err != nil || len(userGroupList) < 1 {
|
||||||
t.Errorf("failed to query user group, err %v", err)
|
t.Errorf("failed to query user group, err %v", err)
|
||||||
}
|
}
|
||||||
|
gl2, err2 := GetGroupIDByGroupName([]string{"test_http_group", "test_myhttp_group"}, common.HTTPGroupType)
|
||||||
|
if err2 != nil || len(gl2) != 2 {
|
||||||
|
t.Errorf("failed to query http user group, err %v", err)
|
||||||
|
}
|
||||||
project, err := dao.GetProjectByName("member_test_01")
|
project, err := dao.GetProjectByName("member_test_01")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Errorf("Error occurred when Get project by name: %v", err)
|
t.Errorf("Error occurred when Get project by name: %v", err)
|
||||||
@ -416,7 +422,7 @@ func TestGetRolesByLDAPGroup(t *testing.T) {
|
|||||||
wantSize int
|
wantSize int
|
||||||
wantErr bool
|
wantErr bool
|
||||||
}{
|
}{
|
||||||
{"Check normal", args{projectID: project.ProjectID, groupIDs: []int{userGroupList[0].ID}}, 1, false},
|
{"Check normal", args{projectID: project.ProjectID, groupIDs: []int{userGroupList[0].ID, gl2[0], gl2[1]}}, 2, false},
|
||||||
{"Check non exist", args{projectID: privateProject.ProjectID, groupIDs: []int{9999}}, 0, false},
|
{"Check non exist", args{projectID: privateProject.ProjectID, groupIDs: []int{9999}}, 0, false},
|
||||||
}
|
}
|
||||||
for _, tt := range tests {
|
for _, tt := range tests {
|
||||||
|
@ -302,20 +302,15 @@ func GetRolesByGroupID(projectID int64, groupIDs []int) ([]int, error) {
|
|||||||
}
|
}
|
||||||
groupIDCondition := JoinNumberConditions(groupIDs)
|
groupIDCondition := JoinNumberConditions(groupIDs)
|
||||||
o := GetOrmer()
|
o := GetOrmer()
|
||||||
// the role is in descent order (1-admin, 2-developer, 3-guest, 4-master), use min to select the max privilege role.
|
|
||||||
sql := fmt.Sprintf(
|
sql := fmt.Sprintf(
|
||||||
`select min(pm.role) from project_member pm
|
`select distinct pm.role from project_member pm
|
||||||
left join user_group ug on pm.entity_type = 'g' and pm.entity_id = ug.id
|
left join user_group ug on pm.entity_type = 'g' and pm.entity_id = ug.id
|
||||||
where ug.id in ( %s ) and pm.project_id = ?`,
|
where ug.id in ( %s ) and pm.project_id = ?`,
|
||||||
groupIDCondition)
|
groupIDCondition)
|
||||||
log.Debugf("sql:%v", sql)
|
log.Debugf("sql for GetRolesByGroupID(project ID: %d, group ids: %v):%v", projectID, groupIDs, sql)
|
||||||
if _, err := o.Raw(sql, projectID).QueryRows(&roles); err != nil {
|
if _, err := o.Raw(sql, projectID).QueryRows(&roles); err != nil {
|
||||||
log.Warningf("Error in GetRolesByGroupID, error: %v", err)
|
log.Warningf("Error in GetRolesByGroupID, error: %v", err)
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
// If there is no row selected, the min returns an empty row, to avoid return 0 as role
|
|
||||||
if len(roles) == 1 && roles[0] == 0 {
|
|
||||||
return []int{}, nil
|
|
||||||
}
|
|
||||||
return roles, nil
|
return roles, nil
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user