From cc750955be7572efcdae1cc94bb00a7d950f071a Mon Sep 17 00:00:00 2001 From: Jian Qiu Date: Mon, 2 Jan 2023 23:44:50 +0800 Subject: [PATCH] fix: get user ids by role ids in scope (#15686) Co-authored-by: Qiu Jian --- .../modules/identity/mod_roleassignments.go | 37 +++++++++++++++++++ pkg/monitor/alerting/notifiers/onecloud.go | 35 +----------------- 2 files changed, 38 insertions(+), 34 deletions(-) diff --git a/pkg/mcclient/modules/identity/mod_roleassignments.go b/pkg/mcclient/modules/identity/mod_roleassignments.go index 9aef1026e2..ef06451a55 100644 --- a/pkg/mcclient/modules/identity/mod_roleassignments.go +++ b/pkg/mcclient/modules/identity/mod_roleassignments.go @@ -19,6 +19,7 @@ import ( "yunion.io/x/jsonutils" "yunion.io/x/pkg/errors" + "yunion.io/x/pkg/util/rbacscope" "yunion.io/x/pkg/utils" "yunion.io/x/onecloud/pkg/httperrors" @@ -400,6 +401,42 @@ func (this *RoleAssignmentManagerV3) GetProjectRole(s *mcclient.ClientSession, i return data, nil } +func (man *RoleAssignmentManagerV3) GetUserIdsByRolesInScope(s *mcclient.ClientSession, roleIds []string, roleScope rbacscope.TRbacScope, scopeId string) ([]string, error) { + query := jsonutils.NewDict() + query.Set("roles", jsonutils.Marshal(roleIds)) + query.Set("effective", jsonutils.JSONTrue) + switch roleScope { + case rbacscope.ScopeSystem: + case rbacscope.ScopeDomain: + if scopeId == "" { + return nil, errors.Errorf("need projectDomainId") + } + query.Set("project_domain_id", jsonutils.NewString(scopeId)) + case rbacscope.ScopeProject: + if scopeId == "" { + return nil, errors.Errorf("need projectId") + } + query.Add(jsonutils.NewString(scopeId), "scope", "project", "id") + } + ret, err := man.List(s, query) + if err != nil { + return nil, errors.Wrapf(err, "list RoleAssignments with query %s", query.String()) + } + users := make([]string, 0) + for i := range ret.Data { + ras := ret.Data[i] + user, err := ras.Get("user") + if err == nil { + id, err := user.GetString("id") + if err != nil { + return nil, errors.Wrap(err, "unable to get user.id from result of RoleAssignments.List") + } + users = append(users, id) + } + } + return users, nil +} + func init() { RoleAssignments = RoleAssignmentManagerV3{modules.NewIdentityV3Manager("role_assignment", "role_assignments", []string{"Scope", "User", "Group", "Role", "Policies"}, diff --git a/pkg/monitor/alerting/notifiers/onecloud.go b/pkg/monitor/alerting/notifiers/onecloud.go index 179e46be93..c3d3ce1f04 100644 --- a/pkg/monitor/alerting/notifiers/onecloud.go +++ b/pkg/monitor/alerting/notifiers/onecloud.go @@ -30,7 +30,6 @@ import ( "yunion.io/x/pkg/util/sets" "yunion.io/x/onecloud/pkg/apis/monitor" - notiapi "yunion.io/x/onecloud/pkg/apis/notify" "yunion.io/x/onecloud/pkg/cloudcommon/db" "yunion.io/x/onecloud/pkg/cloudcommon/notifyclient" "yunion.io/x/onecloud/pkg/hostman/hostinfo/hostconsts" @@ -236,40 +235,8 @@ func (oc *OneCloudNotifier) notifyByUserIds(ctx *alerting.EvalContext, userIds [ } func getUsersByRoles(roleIds []string, roleScope string, scopeId string) ([]string, error) { - query := jsonutils.NewDict() - query.Set("roles", jsonutils.Marshal(roleIds)) - query.Set("effective", jsonutils.JSONTrue) - switch roleScope { - case notiapi.SUBSCRIBER_SCOPE_SYSTEM: - case notiapi.SUBSCRIBER_SCOPE_DOMAIN: - if scopeId == "" { - return nil, errors.Errorf("need projectDomainId") - } - query.Set("project_domain_id", jsonutils.NewString(scopeId)) - case notiapi.SUBSCRIBER_SCOPE_PROJECT: - if scopeId == "" { - return nil, errors.Errorf("need projectId") - } - query.Add(jsonutils.NewString(scopeId), "scope", "project", "id") - } s := getAdminSession() - ret, err := modules.RoleAssignments.List(s, query) - if err != nil { - return nil, errors.Wrapf(err, "list RoleAssignments with query %s", query.String()) - } - users := make([]string, 0) - for i := range ret.Data { - ras := ret.Data[i] - user, err := ras.Get("user") - if err == nil { - id, err := user.GetString("id") - if err != nil { - return nil, errors.Wrap(err, "unable to get user.id from result of RoleAssignments.List") - } - users = append(users, id) - } - } - return users, nil + return modules.RoleAssignments.GetUserIdsByRolesInScope(s, roleIds, rbacscope.String2Scope(roleScope), scopeId) } func getLangBystr(str string) language.Tag {