fix the issue that project owner cannot manage application master even if...

fix the issue that project owner cannot manage application master even if role.manage-app-master.enabled is turned off (#2627)

fix the issue that project owner cannot manage application master even if...
fix the issue that project owner cannot manage application master even if role.manage-app-master.enabled is turned off (#2627)
0fcce200 · Jason Song · GitHub · 0cae4838 · 0fcce200 · 0fcce200
Commit 0fcce200 authored Oct 01, 2019 by Jason Song Committed by GitHub Oct 01, 2019
6 changed files
--- a/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/controller/PermissionController.java
+++ b/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/controller/PermissionController.java
@@ -322,7 +322,7 @@ public class PermissionController {
    roleInitializationService.initManageAppMasterRole(appId, userInfoHolder.getUser().getUserId());
    Set<String> userIds = new HashSet<>();
    userIds.add(userId);
-    rolePermissionService.assignRoleToUsers(RoleUtils.buildManageAppMasterRoleName(PermissionType.MANAGE_APP_MASTER, appId),
+    rolePermissionService.assignRoleToUsers(RoleUtils.buildAppRoleName(appId, PermissionType.MANAGE_APP_MASTER),
            userIds, userInfoHolder.getUser().getUserId());
    return ResponseEntity.ok().build();
  }
@@ -334,7 +334,7 @@ public class PermissionController {
    roleInitializationService.initManageAppMasterRole(appId, userInfoHolder.getUser().getUserId());
    Set<String> userIds = new HashSet<>();
    userIds.add(userId);
-    rolePermissionService.removeRoleFromUsers(RoleUtils.buildManageAppMasterRoleName(PermissionType.MANAGE_APP_MASTER, appId),
+    rolePermissionService.removeRoleFromUsers(RoleUtils.buildAppRoleName(appId, PermissionType.MANAGE_APP_MASTER),
            userIds, userInfoHolder.getUser().getUserId());
    return ResponseEntity.ok().build();
  }

--- a/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/spi/defaultimpl/DefaultRoleInitializationService.java
+++ b/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/spi/defaultimpl/DefaultRoleInitializationService.java
@@ -130,7 +130,7 @@ public class DefaultRoleInitializationService implements RoleInitializationServi
  private void createManageAppMasterRole(String appId, String operator) {
    Permission permission = createPermission(appId, PermissionType.MANAGE_APP_MASTER, operator);
    rolePermissionService.createPermission(permission);
-    Role role = createRole(RoleUtils.buildManageAppMasterRoleName(PermissionType.MANAGE_APP_MASTER, appId), operator);
+    Role role = createRole(RoleUtils.buildAppRoleName(appId, PermissionType.MANAGE_APP_MASTER), operator);
    Set<Long> permissionIds = new HashSet<>();
    permissionIds.add(permission.getId());
    rolePermissionService.createRoleWithPermissions(role, permissionIds);
@@ -139,7 +139,7 @@ public class DefaultRoleInitializationService implements RoleInitializationServi
  // fix historical data
  @Transactional
  public void initManageAppMasterRole(String appId, String operator) {
-    String manageAppMasterRoleName = RoleUtils.buildManageAppMasterRoleName(PermissionType.MANAGE_APP_MASTER, appId);
+    String manageAppMasterRoleName = RoleUtils.buildAppRoleName(appId, PermissionType.MANAGE_APP_MASTER);
    if (rolePermissionService.findRoleByRoleName(manageAppMasterRoleName) != null) {
      return;
    }

--- a/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/util/RoleUtils.java
+++ b/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/util/RoleUtils.java
@@ -89,8 +89,4 @@ public class RoleUtils {
  public static String buildCreateApplicationRoleName(String permissionType, String permissionTargetId) {
    return STRING_JOINER.join(permissionType, permissionTargetId);
  }
-  public static String buildManageAppMasterRoleName(String permissionType, String permissionTargetId) {
-    return STRING_JOINER.join(permissionType, permissionTargetId);
-  }
 }
--- a/apollo-portal/src/main/resources/static/scripts/controller/SettingController.js
+++ b/apollo-portal/src/main/resources/static/scripts/controller/SettingController.js
@@ -63,6 +63,12 @@ function SettingController($scope, $location, toastr,
            .then(function (result) {
                $scope.hasAssignUserPermission = result.hasPermission;
+                PermissionService.has_open_manage_app_master_role_limit().then(function (value) {
+                     if (!value.isManageAppMasterPermissionEnabled) {
+                        $scope.hasManageAppMasterPermission = $scope.hasAssignUserPermission;
+                        return;
+                     }
                    PermissionService.has_manage_app_master_permission($scope.pageContext.appId).then(function (res) {
                        $scope.hasManageAppMasterPermission = res.hasPermission && $scope.hasAssignUserPermission;
@@ -70,7 +76,7 @@ function SettingController($scope, $location, toastr,
                            $scope.hasManageAppMasterPermission = value.hasPermission || $scope.hasManageAppMasterPermission;
                        });
                    });
+                });
            });
    }

--- a/apollo-portal/src/main/resources/static/scripts/services/PermissionService.js
+++ b/apollo-portal/src/main/resources/static/scripts/services/PermissionService.js
@@ -67,6 +67,10 @@ appService.service('PermissionService', ['$resource', '$q', function ($resource,
        remove_app_role_from_user: {
            method: 'DELETE',
            url: '/apps/:appId/roles/:roleType?user=:user'
+        },
+        has_open_manage_app_master_role_limit: {
+            method: 'GET',
+            url: '/system/role/manageAppMaster'
        }
    });
@@ -320,6 +324,17 @@ appService.service('PermissionService', ['$resource', '$q', function ($resource,
                    d.reject(result);
                });
            return d.promise;
+        },
+        has_open_manage_app_master_role_limit: function () {
+            var d = $q.defer();
+            permission_resource.has_open_manage_app_master_role_limit({},
+                function (result) {
+                    d.resolve(result);
+                },
+                function (result) {
+                    d.reject(result);
+                });
+            return d.promise;
        }
    }
 }]);
--- a/apollo-portal/src/main/resources/static/system-role-manage.html
+++ b/apollo-portal/src/main/resources/static/system-role-manage.html
@@ -25,7 +25,7 @@
            <section class="row">
                <h5>为用户添加创建应用权限
                    <small>
-                        (暂时只允许系统管理员操作)
+                        (系统参数中设置 role.create-application.enabled=true 会限制只有超级管理员和拥有创建应用权限的帐号可以创建项目)
                    </small>
                </h5>
                <hr>
@@ -62,7 +62,7 @@
            <section class="row">
                <h5>修改应用管理员分配权限
                    <small>
-                        (应用管理员分配权限仅限制非superAdmin以外的用户能否为应用添加其他管理员，不影响其他权限)
+                        (系统参数中设置 role.manage-app-master.enabled=true 会限制只有超级管理员和拥有管理员分配权限的帐号可以修改项目管理员)
                    </small>
                </h5>
                <hr>