v1.5.4 (#229)

* feat: custom apply support instance approver

* fix: fix code

* style: add some comment

* style: update processor node type constants

* fix: 续期邮件企业微信链接显示问题 #158

* fix: 修复续期邮件企业微信链接显示

* fix: itsm support has_instance_approver

* fix: fix has_instance_approver

* fix(backend/plugins/application_ticket/itsm/itsm.py): has_instance_approver to int

* fix: fix

* fix: isChanged status should add user.timestamp

* fix: 我的权限用户组权限查看态提示删除bug #155

* fix: 资源实例无限制的权限，申请权限时不应该能修改 #92654581

* feat(backend/biz/application.py): support all node

* style: rename

* fix: 业务跳转权限中心申请权限，申请期限不能修改 #92209761

* fix(backend/biz/application.py): new method _copy_policy_by_instance_path

* test(tests/biz/policy_tests.py): add biz policy test

* fix: add BK_COMPONENT_API_URL

* fix: delete console

* Ft grant open api add limit (#196)

* feat(auth open api): check policy related resource instance number limit

* refactor(backend/biz/application.py): refact approver process

* refactor: fix discussion

* refactor: remove ApplicationBiz resource_biz

* refactor: move policy process to process.py

* refactor: renmae process.py to application_process.py

* feat: cached apply policy return

* fix: fix

* fix: fix

* fix: Super admin commonActions are empty #91071575

* fix: bugfix

* fix: 取消勾选对应权限的实例报错 #92356085 (#217)

Co-authored-by: polo <polohuang0428@gmail.com>

* optimize the code (#219)

* fix: 取消勾选对应权限的实例报错 #92356085

* fix: optimize the code

Co-authored-by: polo <polohuang0428@gmail.com>

* feat(backend/plugins/application_ticket/itsm/itsm.py): mod application title

* fix: fix style

* style: fix style

* feat(auth api): all api return policy with statistics

* feat: related_policy add update tag

* docs: v1.5.4

* 修复后台关联数据时tag返回值bug (#226)

* fix: 取消勾选对应权限的实例报错 #92356085

* fix: optimize the code

* fix: 修复后台关联数据时tag返回值bug

Co-authored-by: polo <polohuang0428@gmail.com>

Co-authored-by: poloohuang <poloohuang@tencent.com>
Co-authored-by: polo <polohuang0428@gmail.com>
Co-authored-by: nannan00 <17491932+nannan00@users.noreply.github.com>
Co-authored-by: PoloHuang <43561423+huangpeng0428@users.noreply.github.com>

frontend/build/paas-server.js

@@ -59,7 +59,8 @@ const GLOBAL_VAR = {
     CSRF_COOKIE_NAME: process.env.CSRF_COOKIE_NAME || '',
     SESSION_COOKIE_DOMAIN: process.env.SESSION_COOKIE_DOMAIN || '',
     BK_ITSM_APP_URL: process.env.BK_ITSM_APP_URL || '',
-    ENABLE_MODEL_BUILD: process.env.ENABLE_MODEL_BUILD || ''
+    ENABLE_MODEL_BUILD: process.env.ENABLE_MODEL_BUILD || '',
+    BK_COMPONENT_API_URL: process.env.BK_COMPONENT_API_URL || ''
 }
 
 // APA 重定向回首页，由首页Route响应处理

frontend/src/views/grading-admin/components/render-instance-table.vue

@@ -460,7 +460,8 @@
                 window.changeDialog = true
                 const conditionData = this.$refs.renderResourceRef.handleGetValue()
                 const { isEmpty, data } = conditionData
-                if (isEmpty) {
+                if (isEmpty || data[0] === 'none') {
+                    this.isShowResourceInstanceSideslider = false
                     return
                 }
 

frontend/src/views/perm-apply/components/resource-instance-table.vue

@@ -94,7 +94,7 @@
                     </template>
                     <template v-else>
                         <!-- 22 -->
-                        <template v-if="!row.isNew && !row.isExpired && !row.isChanged">
+                        <template v-if="!row.isNew && !row.isExpired">
                             <!-- 33 -->
                             <div class="mock-disabled-select">{{row.expired_display}}</div>
                         </template>
@@ -144,7 +144,7 @@
                                 <bk-button
                                     class="cancel-renewal-action"
                                     outline
-                                    v-if="!row.isNew && !row.isShowRenewal && !row.isChanged"
+                                    v-if="!row.isNew && !row.isShowRenewal"
                                     @click="handleCancelRenewal(row)">
                                     {{ $t(`m.permApply['取消续期']`) }}
                                 </bk-button>
@@ -344,7 +344,6 @@
             list: {
                 handler (value) {
                     this.tableList = value
-                    console.log('this.tableList', this.tableList)
                 },
                 immediate: true
             },
@@ -601,14 +600,20 @@
             },
 
             async handleMainActionSubmit (payload, relatedActions) {
-                const curPayload = _.cloneDeep(payload)
+                let curPayload = _.cloneDeep(payload)
                 this.sliderLoading = true
-                curPayload.forEach(item => {
-                    item.instances = item.instance || []
-                    item.attributes = item.attribute || []
-                    delete item.instance
-                    delete item.attribute
-                })
+                curPayload = curPayload.filter(e => {
+                    if ((e.instance && e.instance.length > 0) || (e.attribute && e.attribute.length > 0)) {
+                        e.instances = e.instance || []
+                        e.attributes = e.attribute || []
+                        delete e.instance
+                        delete e.attribute
+                        return true
+                    }
+                    return false
+                }
+                    
+                )
                 const curData = _.cloneDeep(this.tableList[this.curIndex])
                 curData.related_resource_types = [curData.related_resource_types[this.curResIndex]]
                 curData.related_resource_types[0].condition = curPayload
@@ -660,10 +665,11 @@
                 if (payload.length < 1) {
                     return
                 }
-        
+                
                 payload.forEach(item => {
                     const curIndex = this.tableList.findIndex(sub => sub.id === item.id)
                     if (curIndex > -1) {
+                        const curData = this.tableList[curIndex]
                         this.needEmitFlag = true
                         const inOriginalList = !!this.originalList.filter(
                             original => String(original.id) === String(item.id)
@@ -672,7 +678,7 @@
                         this.tableList.splice(
                             curIndex,
                             1,
-                            new Policy({ ...item, tag: item.tag || 'add', isShowRelatedText: true, inOriginalList }, '', false)
+                            new Policy({ ...item, tag: curData.tag === 'add' ? 'add' : item.tag, isShowRelatedText: true, inOriginalList }, '', false)
                         )
                     }
                 })

frontend/src/views/perm-template/components/render-content.vue

@@ -291,8 +291,8 @@
                     this.description = res.data.description
                     this.systemName = res.data.system.name
                     this.originalCustomTmplList = _.cloneDeep(res.data.actions)
-                    this.handleActionLinearData()
-                    this.fetchCommonActions(this.systemValue)
+                    await this.handleActionLinearData()
+                    await this.fetchCommonActions(this.systemValue)
                     this.initialTempName = this.tempName
                     this.initialDescription = this.description
                 } catch (e) {
@@ -570,14 +570,14 @@
                 }
             },
 
-            handleSysSelected (value, option) {
+            async handleSysSelected (value, option) {
                 window.changeDialog = true
                 this.commonActions = []
                 this.linearAction = []
                 this.curSelectActions = []
                 this.requestQueue = ['actions', 'commonActions']
-                this.fetchActions(value)
-                this.fetchCommonActions(value)
+                await this.fetchActions(value)
+                await this.fetchCommonActions(value)
             },
 
             handleSelect (payload) {

release.md

@@ -1,3 +1,16 @@
+# V1.5.4
+
+### 功能优化
+* 自定义权限申请支持实例审批人
+* 跳转申请不合并用户的已有权限
+* 授权api返回策略的实例数量
+
+### 缺陷修复
+* 修复企业微信邮件中续期邮件链接显示问题
+* 我的权限用户组权限查看态提示删除bug 
+* 业务跳转权限中心申请权限，申请期限不能修改
+* 修复通用操作显示问题
+
 # V1.5.3
 
 ### 缺陷修复

saas/VERSION

@@ -1 +1 @@
-1.5.3
+1.5.4

saas/backend/api/authorization/mixins.py

@@ -12,12 +12,13 @@
 from typing import List
 
 from rest_framework import exceptions
+from rest_framework.response import Response
 
 from backend.biz.org_sync.syncer import Syncer
 from backend.biz.policy import PolicyBean, PolicyBeanList, PolicyOperationBiz, PolicyQueryBiz
 from backend.biz.role import RoleAuthorizationScopeChecker, RoleBiz
 from backend.common.error_codes import APIException, error_codes
-from backend.service.constants import SubjectType
+from backend.service.constants import ADMIN_USER, SubjectType
 from backend.service.models import Subject
 
 from .constants import AuthorizationAPIEnum, OperateEnum
@@ -59,6 +60,11 @@ def grant_or_revoke(self, operate: OperateEnum, subject: Subject, policy_list: P
         """授权或回收权限"""
         system_id = policy_list.system_id
 
+        # 对于授权Admin，自动忽略
+        if subject.type == SubjectType.USER.value and subject.id.lower() == ADMIN_USER:
+            # 原样返回，PolicyID=0，默认没有执行实际授权
+            return policy_list.policies
+
         # 检测被授权的用户是否存在，不存在则尝试同步
         if subject.type == SubjectType.USER.value:
             self._check_or_sync_user(subject.id)
@@ -104,3 +110,22 @@ def _check_scope(self, subject: Subject, policy_list: PolicyBeanList):
             # 临时方案：校验不通过，则修改分级管理员的权限范围，使其通过
             need_added_policies = scope_checker.list_not_match_policy(system_id, policy_list.policies)
             self.role_biz.inc_update_auth_scope(role.id, system_id, need_added_policies)
+
+    def policy_response(self, policy: PolicyBean):
+        """所有返回单一策略的接口都统一返回的结构"""
+        return Response(
+            {"policy_id": policy.policy_id, "statistics": {"instance_count": policy.count_all_type_instance()}}
+        )
+
+    def batch_policy_response(self, policies: List[PolicyBean]):
+        """所有返回批量策略的接口都统一返回的结构"""
+        return Response(
+            [
+                {
+                    "action": {"id": p.action_id},
+                    "policy_id": p.policy_id,
+                    "statistics": {"instance_count": p.count_all_type_instance()},
+                }
+                for p in policies
+            ]
+        )

saas/backend/api/authorization/views/resource.py

@@ -10,7 +10,6 @@
 """
 from drf_yasg.utils import swagger_auto_schema
 from rest_framework import serializers, status
-from rest_framework.response import Response
 from rest_framework.views import APIView
 
 from backend.api.authentication import ESBAuthentication
@@ -69,7 +68,7 @@ def post(self, request, *args, **kwargs):
 
         audit_context_setter(operate=operate, subject=subject, system_id=system_id, policies=policies)
 
-        return Response({"policy_id": policies[0].policy_id})
+        return self.policy_response(policies[0])
 
 
 class AuthPathView(AuthViewMixin, ExceptionHandlerMixin, APIView):
@@ -114,7 +113,7 @@ def post(self, request, *args, **kwargs):
 
         audit_context_setter(operate=operate, subject=subject, system_id=system_id, policies=policies)
 
-        return Response({"policy_id": policies[0].policy_id})
+        return self.policy_response(policies[0])
 
 
 class AuthBatchInstanceView(AuthViewMixin, ExceptionHandlerMixin, APIView):
@@ -159,7 +158,7 @@ def post(self, request, *args, **kwargs):
 
         audit_context_setter(operate=operate, subject=subject, system_id=system_id, policies=policies)
 
-        return Response([{"action": {"id": p.action_id}, "policy_id": p.policy_id} for p in policies])
+        return self.batch_policy_response(policies)
 
 
 class AuthBatchPathView(AuthViewMixin, ExceptionHandlerMixin, APIView):
@@ -204,4 +203,4 @@ def post(self, request, *args, **kwargs):
 
         audit_context_setter(operate=operate, subject=subject, system_id=system_id, policies=policies)
 
-        return Response([{"action": {"id": p.action_id}, "policy_id": p.policy_id} for p in policies])
+        return self.batch_policy_response(policies)

saas/backend/api/authorization/views/resource_creator_action.py

@@ -10,7 +10,6 @@
 """
 from drf_yasg.utils import swagger_auto_schema
 from rest_framework import serializers, status
-from rest_framework.response import Response
 from rest_framework.views import APIView
 
 from backend.api.authentication import ESBAuthentication
@@ -78,7 +77,7 @@ def post(self, request, *args, **kwargs):
 
         audit_context_setter(operate=OperateEnum.GRANT.value, subject=subject, system_id=system_id, policies=policies)
 
-        return Response([{"action": {"id": p.action_id}, "policy_id": p.policy_id} for p in policies])
+        return self.batch_policy_response(policies)
 
 
 class BatchResourceCreatorActionView(AuthViewMixin, ExceptionHandlerMixin, APIView):
@@ -130,7 +129,7 @@ def post(self, request, *args, **kwargs):
 
         audit_context_setter(operate=OperateEnum.GRANT.value, subject=subject, system_id=system_id, policies=policies)
 
-        return Response([{"action": {"id": p.action_id}, "policy_id": p.policy_id} for p in policies])
+        return self.batch_policy_response(policies)
 
 
 class ResourceCreatorActionAttributeView(AuthViewMixin, ExceptionHandlerMixin, APIView):
@@ -182,4 +181,4 @@ def post(self, request, *args, **kwargs):
 
         audit_context_setter(operate=OperateEnum.GRANT.value, subject=subject, system_id=system_id, policies=policies)
 
-        return Response([{"action": {"id": p.action_id}, "policy_id": p.policy_id} for p in policies])
+        return self.batch_policy_response(policies)

saas/backend/apps/policy/views.py

@@ -70,25 +70,20 @@ def list(self, request, *args, **kwargs):
         system_id = slz.validated_data["system_id"]
         cache_id = slz.validated_data["cache_id"]
 
-        subject = SvcSubject(type=SubjectType.USER.value, id=request.user.username)
-
-        policies = self.policy_query_biz.list_by_subject(system_id, subject)
-
         if cache_id != "":
             cached_policy_list = self.application_policy_list_cache.get(cache_id)
             if cached_policy_list.system_id != system_id:
                 raise error_codes.INVALID_ARGS.format(_("请求的system与缓存策略数据的system不一致"))
 
-            # 合并申请数据
-            policy_list = PolicyTagBeanList(system_id, parse_obj_as(List[PolicyTagBean], policies))
             apply_policy_list = PolicyTagBeanList(
                 system_id, parse_obj_as(List[PolicyTagBean], cached_policy_list.policies)
             )
             apply_policy_list.set_tag(PolicyTag.ADD.value)
-            policy_list.merge(apply_policy_list)
 
-            return Response([p.dict() for p in policy_list.policies])
+            return Response([p.dict() for p in apply_policy_list.policies])
 
+        subject = SvcSubject(type=SubjectType.USER.value, id=request.user.username)
+        policies = self.policy_query_biz.list_by_subject(system_id, subject)
         return Response([p.dict() for p in policies])
 
     @swagger_auto_schema(
@@ -239,6 +234,17 @@ def create(self, request, *args, **kwargs):
                 system_id, parse_obj_as(List[PolicyTagBean], add_policy_list.policies)
             )
             tag_add_policy_list.set_tag(PolicyTag.ADD.value)  # 对于新增的部分打tag, 方便前端处理
+
+            # 对已有策略中会增加部分实例的策略打update标签
+            for p in target_policy_list.policies:
+                add_policy = add_policy_list.get(p.action_id)
+                if (
+                    add_policy
+                    and not p.has_related_resource_types(add_policy.related_resource_types)
+                    and p.tag != PolicyTag.ADD.value
+                ):
+                    p.tag = PolicyTag.UPDATE.value
+
             target_policy_list.add(tag_add_policy_list)  # 合并
 
         target_policy_list.fill_empty_fields()