mirror of
https://github.com/yunionio/cloudpods.git
synced 2026-07-02 18:14:42 +08:00
fix: get user ids by role ids in scope (#15686)
Co-authored-by: Qiu Jian <qiujian@yunionyun.com>
This commit is contained in:
@@ -19,6 +19,7 @@ import (
|
||||
|
||||
"yunion.io/x/jsonutils"
|
||||
"yunion.io/x/pkg/errors"
|
||||
"yunion.io/x/pkg/util/rbacscope"
|
||||
"yunion.io/x/pkg/utils"
|
||||
|
||||
"yunion.io/x/onecloud/pkg/httperrors"
|
||||
@@ -400,6 +401,42 @@ func (this *RoleAssignmentManagerV3) GetProjectRole(s *mcclient.ClientSession, i
|
||||
return data, nil
|
||||
}
|
||||
|
||||
func (man *RoleAssignmentManagerV3) GetUserIdsByRolesInScope(s *mcclient.ClientSession, roleIds []string, roleScope rbacscope.TRbacScope, scopeId string) ([]string, error) {
|
||||
query := jsonutils.NewDict()
|
||||
query.Set("roles", jsonutils.Marshal(roleIds))
|
||||
query.Set("effective", jsonutils.JSONTrue)
|
||||
switch roleScope {
|
||||
case rbacscope.ScopeSystem:
|
||||
case rbacscope.ScopeDomain:
|
||||
if scopeId == "" {
|
||||
return nil, errors.Errorf("need projectDomainId")
|
||||
}
|
||||
query.Set("project_domain_id", jsonutils.NewString(scopeId))
|
||||
case rbacscope.ScopeProject:
|
||||
if scopeId == "" {
|
||||
return nil, errors.Errorf("need projectId")
|
||||
}
|
||||
query.Add(jsonutils.NewString(scopeId), "scope", "project", "id")
|
||||
}
|
||||
ret, err := man.List(s, query)
|
||||
if err != nil {
|
||||
return nil, errors.Wrapf(err, "list RoleAssignments with query %s", query.String())
|
||||
}
|
||||
users := make([]string, 0)
|
||||
for i := range ret.Data {
|
||||
ras := ret.Data[i]
|
||||
user, err := ras.Get("user")
|
||||
if err == nil {
|
||||
id, err := user.GetString("id")
|
||||
if err != nil {
|
||||
return nil, errors.Wrap(err, "unable to get user.id from result of RoleAssignments.List")
|
||||
}
|
||||
users = append(users, id)
|
||||
}
|
||||
}
|
||||
return users, nil
|
||||
}
|
||||
|
||||
func init() {
|
||||
RoleAssignments = RoleAssignmentManagerV3{modules.NewIdentityV3Manager("role_assignment", "role_assignments",
|
||||
[]string{"Scope", "User", "Group", "Role", "Policies"},
|
||||
|
||||
@@ -30,7 +30,6 @@ import (
|
||||
"yunion.io/x/pkg/util/sets"
|
||||
|
||||
"yunion.io/x/onecloud/pkg/apis/monitor"
|
||||
notiapi "yunion.io/x/onecloud/pkg/apis/notify"
|
||||
"yunion.io/x/onecloud/pkg/cloudcommon/db"
|
||||
"yunion.io/x/onecloud/pkg/cloudcommon/notifyclient"
|
||||
"yunion.io/x/onecloud/pkg/hostman/hostinfo/hostconsts"
|
||||
@@ -236,40 +235,8 @@ func (oc *OneCloudNotifier) notifyByUserIds(ctx *alerting.EvalContext, userIds [
|
||||
}
|
||||
|
||||
func getUsersByRoles(roleIds []string, roleScope string, scopeId string) ([]string, error) {
|
||||
query := jsonutils.NewDict()
|
||||
query.Set("roles", jsonutils.Marshal(roleIds))
|
||||
query.Set("effective", jsonutils.JSONTrue)
|
||||
switch roleScope {
|
||||
case notiapi.SUBSCRIBER_SCOPE_SYSTEM:
|
||||
case notiapi.SUBSCRIBER_SCOPE_DOMAIN:
|
||||
if scopeId == "" {
|
||||
return nil, errors.Errorf("need projectDomainId")
|
||||
}
|
||||
query.Set("project_domain_id", jsonutils.NewString(scopeId))
|
||||
case notiapi.SUBSCRIBER_SCOPE_PROJECT:
|
||||
if scopeId == "" {
|
||||
return nil, errors.Errorf("need projectId")
|
||||
}
|
||||
query.Add(jsonutils.NewString(scopeId), "scope", "project", "id")
|
||||
}
|
||||
s := getAdminSession()
|
||||
ret, err := modules.RoleAssignments.List(s, query)
|
||||
if err != nil {
|
||||
return nil, errors.Wrapf(err, "list RoleAssignments with query %s", query.String())
|
||||
}
|
||||
users := make([]string, 0)
|
||||
for i := range ret.Data {
|
||||
ras := ret.Data[i]
|
||||
user, err := ras.Get("user")
|
||||
if err == nil {
|
||||
id, err := user.GetString("id")
|
||||
if err != nil {
|
||||
return nil, errors.Wrap(err, "unable to get user.id from result of RoleAssignments.List")
|
||||
}
|
||||
users = append(users, id)
|
||||
}
|
||||
}
|
||||
return users, nil
|
||||
return modules.RoleAssignments.GetUserIdsByRolesInScope(s, roleIds, rbacscope.String2Scope(roleScope), scopeId)
|
||||
}
|
||||
|
||||
func getLangBystr(str string) language.Tag {
|
||||
|
||||
Reference in New Issue
Block a user