Merge pull request #2507 from TencentBlueKing/develop

v1.10.22

frontend/src/views/group/add-perm/index.vue

@@ -848,7 +848,7 @@
           this.isShowAddActionSideslider = true;
         } else {
           this.isShowAddSideslider = true;
-          this.permSideWidth = 1160;
+          this.permSideWidth = 960;
         }
       }
     }

frontend/src/views/group/components/render-instance-table.vue

@@ -11,12 +11,12 @@
       @row-mouse-enter="handleRowMouseEnter"
       @row-mouse-leave="handleRowMouseLeave">
       <!-- eslint-disable max-len -->
-      <bk-table-column :resizable="false" :label="$t(`m.common['模板名称']`)" width="180" v-if="isCreateMode">
+      <bk-table-column :resizable="false" :label="$t(`m.common['模板名称']`)" v-if="isCreateMode">
         <template slot-scope="{ row }">
           <span>{{ !!row.isAggregate ? row.actions[0].detail.name || row.actions[0].displayName : row.displayName }}</span>
         </template>
       </bk-table-column>
-      <bk-table-column :resizable="false" :label="$t(`m.common['操作']`)" width="180">
+      <bk-table-column :resizable="false" :label="$t(`m.common['操作']`)">
         <template slot-scope="{ row }">
           <div v-if="!!row.isAggregate" style="padding: 10px 0;">
             <span class="action-name" :title="row.name">{{ row.name }}</span>
@@ -26,12 +26,12 @@
           </div>
         </template>
       </bk-table-column>
-      <bk-table-column :resizable="false" :label="$t(`m.common['所属系统']`)" width="180" v-if="isCreateMode">
+      <bk-table-column :resizable="false" :label="$t(`m.common['所属系统']`)" v-if="isCreateMode">
         <template slot-scope="{ row }">
           <span>{{ !!row.isAggregate ? row.system_name : row.detail.system.name }}</span>
         </template>
       </bk-table-column>
-      <bk-table-column :resizable="false" :label="$t(`m.common['资源实例']`)" min-width="450">
+      <bk-table-column :resizable="false" :label="$t(`m.common['资源实例']`)" :min-width="450">
         <template slot-scope="{ row, $index }">
           <template v-if="!isEdit">
             <template v-if="!row.isEmpty">
@@ -834,8 +834,7 @@
           if (customData) {
             const curCondition = customData.resource_groups[this.curGroupIndex]
               .related_resource_types[this.curResIndex].conditionBackup;
-            // conditionBackup代表的是接口返回的缓存数据，处理新增未提交的资源实例删除
-            console.log(curCondition, 5655);
+            // conditionBackup代表的是接口返回的缓存数据，处理新增未提交的资源实例删
             const curPaths
               = curCondition.length
                 && curCondition.reduce((prev, next) => {
@@ -1837,8 +1836,12 @@
                           ? attribute.map(({ id, name, values }) => ({ id, name, values }))
                           : [];
                         const instanceList = (instance && instance.length > 0)
-                          ? instance.map(({ name, type, paths }) => {
-                            const tempPath = _.cloneDeep(paths);
+                          ? instance.map(({ name, type, path, paths }) => {
+                            // 这里paths和path存在数据不同步问题，所以当paths为空时，需要判断path是否存在数据
+                            let tempPath = _.cloneDeep(paths);
+                            if (!tempPath.length && path && path.length) {
+                              tempPath = _.cloneDeep(path);
+                            }
                             tempPath.forEach(pathItem => {
                               pathItem.forEach(pathSubItem => {
                                 delete pathSubItem.disabled;
@@ -1981,8 +1984,11 @@
                           ? attribute.map(({ id, name, values }) => ({ id, name, values }))
                           : [];
                         const instanceList = (instance && instance.length > 0)
-                          ? instance.map(({ name, type, paths }) => {
-                            const tempPath = _.cloneDeep(paths);
+                          ? instance.map(({ name, type, path, paths }) => {
+                            let tempPath = _.cloneDeep(paths);
+                            if (!tempPath.length && path && path.length) {
+                              tempPath = _.cloneDeep(path);
+                            }
                             tempPath.forEach(pathItem => {
                               pathItem.forEach(pathSubItem => {
                                 delete pathSubItem.disabled;

frontend/src/views/manage-spaces/secondary-manage-space/components/render-instance-table.vue

@@ -1583,8 +1583,12 @@
                           ? attribute.map(({ id, name, values }) => ({ id, name, values }))
                           : [];
                         const instanceList = (instance && instance.length > 0)
-                          ? instance.map(({ name, type, paths }) => {
-                            const tempPath = _.cloneDeep(paths);
+                          ? instance.map(({ name, type, path, paths }) => {
+                            // 这里paths和path存在数据不同步问题，所以当paths为空时，需要判断path是否存在数据
+                            let tempPath = _.cloneDeep(paths);
+                            if (!tempPath.length && path && path.length) {
+                              tempPath = _.cloneDeep(path);
+                            }
                             tempPath.forEach(pathItem => {
                               pathItem.forEach(pathSubItem => {
                                 delete pathSubItem.disabled;
@@ -1725,8 +1729,12 @@
                           ? attribute.map(({ id, name, values }) => ({ id, name, values }))
                           : [];
                         const instanceList = (instance && instance.length > 0)
-                          ? instance.map(({ name, type, paths }) => {
-                            const tempPath = _.cloneDeep(paths);
+                          ? instance.map(({ name, type, path, paths }) => {
+                            // 这里paths和path存在数据不同步问题，所以当paths为空时，需要判断path是否存在数据
+                            let tempPath = _.cloneDeep(paths);
+                            if (!tempPath.length && path && path.length) {
+                              tempPath = _.cloneDeep(path);
+                            }
                             tempPath.forEach(pathItem => {
                               pathItem.forEach(pathSubItem => {
                                 delete pathSubItem.disabled;
@@ -1849,8 +1857,11 @@
                           ? attribute.map(({ id, name, values }) => ({ id, name, values })) : [];
         
                         const instanceList = (instance && instance.length > 0)
-                          ? instance.map(({ name, type, path }) => {
-                            const tempPath = _.cloneDeep(path);
+                          ? instance.map(({ name, type, path, paths }) => {
+                            let tempPath = _.cloneDeep(paths);
+                            if (!tempPath.length && path && path.length) {
+                              tempPath = _.cloneDeep(path);
+                            }
                             tempPath.forEach(pathItem => {
                               pathItem.forEach(pathSubItem => {
                                 delete pathSubItem.disabled;

frontend/src/views/perm-apply/apply-custom-perm/index.vue

@@ -794,24 +794,27 @@
         curSelectActions () {
             const allActionIds = [];
             this.originalCustomTmplList.forEach(payload => {
-                if (!payload.actionsAllDisabled) {
-                    payload.actions.forEach(item => {
-                        if (item.checked) {
-                            allActionIds.push(item.id);
+              if (!payload.actionsAllDisabled) {
+                payload.actions.forEach(item => {
+                    if (item.checked) {
+                        allActionIds.push(item.id);
+                    }
+                });
+                (payload.sub_groups || []).forEach(subItem => {
+                    (subItem.actions || []).forEach(act => {
+                        if (act.checked) {
+                            allActionIds.push(act.id);
                         }
-                    })
-                    ;(payload.sub_groups || []).forEach(subItem => {
-                        (subItem.actions || []).forEach(act => {
-                            if (act.checked) {
-                                allActionIds.push(act.id);
-                            }
-                        });
                     });
-                }
+                });
+              }
             });
             // 监听新增或移除的操作，重新组装数据
             this.getFilterAggregateAction();
-            this.handleUnlimitedActionChange(this.isAllUnlimited);
+            // 这里是为了处理无限制和无资源实例后台都是空数据的情况，所以为了兼容编辑回显状态下为空的数据，首次加载不需要调用批量无限制
+            if (this.isAllUnlimited) {
+              this.handleUnlimitedActionChange(this.isAllUnlimited);
+            }
             return allActionIds;
         }
     },
@@ -2281,9 +2284,9 @@
             }
             // 此处处理related_resource_types中value的赋值
             return new Policy({
-                            ...item,
-                            related_actions: relatedActions,
-                            tid: this.routerQuery.cache_id ? this.routerQuery.cache_id : ''
+              ...item,
+              related_actions: relatedActions,
+              tid: this.routerQuery.cache_id ? this.routerQuery.cache_id : ''
             });
           });
           this.tableData = data;

frontend/src/views/perm-template/edit/sync.vue

@@ -499,8 +499,11 @@
                           : [];
         
                         const instanceList = (instance && instance.length > 0)
-                          ? instance.map(({ name, type, paths }) => {
-                            const tempPath = _.cloneDeep(paths);
+                          ? instance.map(({ name, type, path, paths }) => {
+                            let tempPath = _.cloneDeep(paths);
+                            if (!tempPath.length && path && path.length) {
+                              tempPath = _.cloneDeep(path);
+                            }
                             tempPath.forEach(pathItem => {
                               pathItem.forEach(pathSubItem => {
                                 delete pathSubItem.disabled;

saas/VERSION

@@ -1 +1 @@
-1.10.21
+1.10.22

saas/backend/api/management/constants.py

@@ -82,6 +82,8 @@ class ManagementAPIEnum(BaseAPIEnum):
     # 审批
     V2_APPLICATION_APPROVAL = auto()
     V2_APPLICATION_CANCEL = auto()
+    # 人员模版
+    V2_SUBJECT_TEMPLATE_LIST = auto()
 
     _choices_labels = skip(
         (

saas/backend/api/management/v2/filters.py

@@ -11,6 +11,7 @@
 
 from backend.apps.group.models import Group
 from backend.apps.role.models import Role
+from backend.apps.subject_template.models import SubjectTemplate
 
 
 class GroupFilter(filters.FilterSet):
@@ -35,3 +36,17 @@ class Meta:
         fields = [
             "name",
         ]
+
+
+class SubjectTemplateFilter(filters.FilterSet):
+    id = filters.NumberFilter(label="ID")
+    name = filters.CharFilter(label="名字", lookup_expr="icontains")
+    description = filters.CharFilter(label="描述", lookup_expr="icontains")
+
+    class Meta:
+        model = SubjectTemplate
+        fields = [
+            "name",
+            "id",
+            "description",
+        ]

saas/backend/api/management/v2/serializers.py

@@ -16,6 +16,7 @@
 from backend.apps.group.models import Group
 from backend.apps.role.models import Role, RoleUser
 from backend.apps.role.serializers import GradeMangerBaseInfoSLZ, RoleScopeSubjectSLZ
+from backend.apps.subject_template.models import SubjectTemplate
 from backend.biz.role import RoleCheckBiz
 from backend.service.constants import GroupMemberType
 from backend.service.models import Subject
@@ -328,3 +329,9 @@ class Meta:
 
     def get_members(self, obj):
         return [one.username for one in RoleUser.objects.filter(role_id=obj.id)]
+
+
+class ManagementSubjectTemplateSLZ(serializers.ModelSerializer):
+    class Meta:
+        model = SubjectTemplate
+        fields = ("id", "name", "description", "readonly", "source_group_id", "creator", "created_time")

saas/backend/api/management/v2/urls.py

@@ -144,4 +144,10 @@
         views.ManagementSubsetManagerViewSet.as_view({"get": "retrieve", "post": "update", "delete": "destroy"}),
         name="open.management.v2.subset_manager",
     ),
+    # -------------- Subject Template --------------
+    path(
+        "grade_managers/<int:id>/subject_templates/",
+        views.ManagementGradeManagerSubjectTemplateViewSet.as_view({"get": "list"}),
+        name="open.management.v2.grade_manager_subject_template",
+    ),
 ]

saas/backend/api/management/v2/views/__init__.py

@@ -28,6 +28,7 @@
     ManagementSystemManagerGroupViewSet,
 )
 from .subject import ManagementDepartmentGroupBelongViewSet, ManagementUserGroupBelongViewSet
+from .subject_template import ManagementGradeManagerSubjectTemplateViewSet
 from .subset_manager import ManagementSubsetManagerCreateListViewSet, ManagementSubsetManagerViewSet
 
 __all__ = [
@@ -50,4 +51,5 @@
     "ManagementApplicationCancelView",
     "ManagementGradeManagerViewSet",
     "ManagementSubsetManagerViewSet",
+    "ManagementGradeManagerSubjectTemplateViewSet",
 ]

saas/backend/api/management/v2/views/group.py

@@ -45,6 +45,7 @@
 )
 from backend.apps.group.models import Group
 from backend.apps.group.serializers import GroupAddMemberSLZ
+from backend.apps.group.views import split_members_to_subject_and_template
 from backend.apps.policy.models import Policy
 from backend.apps.policy.serializers import PolicySLZ
 from backend.apps.role.models import Role
@@ -59,6 +60,7 @@
 )
 from backend.biz.policy import PolicyOperationBiz, PolicyQueryBiz
 from backend.biz.role import RoleBiz, RoleListQuery
+from backend.biz.subject_template import SubjectTemplateBiz
 from backend.common.filters import NoCheckModelFilterBackend
 from backend.common.lock import gen_group_upsert_lock
 from backend.common.pagination import CompatiblePagination
@@ -342,6 +344,7 @@ class ManagementGroupMemberViewSet(GenericViewSet):
     biz = GroupBiz()
     group_check_biz = GroupCheckBiz()
     role_biz = RoleBiz()
+    subject_template_biz = SubjectTemplateBiz()
 
     @swagger_auto_schema(
         operation_description="用户组成员列表",
@@ -375,18 +378,26 @@ def create(self, request, *args, **kwargs):
         members_data = data["members"]
         expired_at = data["expired_at"]
         # 成员Dict结构转换为Subject结构，并去重
-        members = list(set(parse_obj_as(List[Subject], members_data)))
+        members, subject_template_ids = split_members_to_subject_and_template(members_data)
 
         # 检测成员是否满足管理的授权范围
         role = self.role_biz.get_role_by_group_id(group.id)
         self.group_check_biz.check_role_subject_scope(role, members)
         self.group_check_biz.check_member_count(group.id, len(members))
 
-        # 添加成员
-        self.biz.add_members(group.id, members, expired_at)
+        # 检查人员模版是否在role的授权范围内
+        self.group_check_biz.check_subject_template(role, subject_template_ids)
+
+        if members:
+            # 添加成员
+            self.biz.add_members(group.id, members, expired_at)
+
+        # 增加人员模版授权操作
+        for _id in subject_template_ids:
+            self.biz.grant_subject_template(group.id, _id, expired_at, request.user.username)
 
         # 写入审计上下文
-        audit_context_setter(group=group, members=[m.dict() for m in members])
+        audit_context_setter(group=group, members=members_data)
 
         return Response({})
 
@@ -404,11 +415,18 @@ def destroy(self, request, *args, **kwargs):
         serializer.is_valid(raise_exception=True)
         data = serializer.validated_data
 
-        members = [Subject(**{"type": data["type"], "id": _id}) for _id in data["ids"]]
-        self.biz.remove_members(str(group.id), members)
+        members_data = [{"type": data["type"], "id": _id} for _id in data["ids"]]
+        # 成员Dict结构转换为Subject结构，并去重
+        members, subject_template_ids = split_members_to_subject_and_template(members_data)
+
+        if members:
+            self.biz.remove_members(str(group.id), members)
+
+        for _id in subject_template_ids:
+            self.subject_template_biz.delete_group(_id, group.id)
 
         # 写入审计上下文
-        audit_context_setter(group=group, members=[m.dict() for m in members])
+        audit_context_setter(group=group, members=members_data)
 
         return Response({})