From 0d7cdec6ea574594f3b5cb3a5b87ed52b050562c Mon Sep 17 00:00:00 2001 From: yumaojun03 <719118794@qq.com> Date: Sun, 22 Jun 2025 12:08:39 +0800 Subject: [PATCH] =?UTF-8?q?=E8=A1=A5=E5=85=85=E7=BB=9F=E4=B8=80=E7=9A=84?= =?UTF-8?q?=E6=9D=83=E9=99=90=E6=96=B9=E6=A1=88?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- devcloud/mcenter/apps/policy/model.go | 45 ++++++++++++++++++- .../apps/application/impl/application.go | 2 + devcloud/mpaas/apps/application/interface.go | 2 +- devcloud/mpaas/apps/application/model.go | 8 ++-- 4 files changed, 49 insertions(+), 8 deletions(-) diff --git a/devcloud/mcenter/apps/policy/model.go b/devcloud/mcenter/apps/policy/model.go index 917d457..f948491 100644 --- a/devcloud/mcenter/apps/policy/model.go +++ b/devcloud/mcenter/apps/policy/model.go @@ -1,14 +1,18 @@ package policy import ( + "encoding/json" + "fmt" "time" "122.51.31.227/go-course/go18/devcloud/mcenter/apps/namespace" "122.51.31.227/go-course/go18/devcloud/mcenter/apps/role" "122.51.31.227/go-course/go18/devcloud/mcenter/apps/user" + "github.com/infraboard/mcube/v2/ioc/config/datasource" "github.com/infraboard/mcube/v2/ioc/config/validator" "github.com/infraboard/mcube/v2/tools/pretty" "github.com/infraboard/modules/iam/apps" + "gorm.io/gorm" ) func NewPolicy() *Policy { @@ -41,7 +45,7 @@ func (p *Policy) String() string { func NewCreatePolicyRequest() *CreatePolicyRequest { return &CreatePolicyRequest{ ResourceScope: ResourceScope{ - Scope: map[string]string{}, + Scope: map[string][]string{}, }, RoleId: []uint64{}, Extras: map[string]string{}, @@ -70,11 +74,41 @@ type CreatePolicyRequest struct { Extras map[string]string `json:"extras" bson:"extras" gorm:"column:extras;serializer:json;type:json" description:"扩展信息" optional:"true"` } +// 资源需要组合ResourceLabel使用 type ResourceScope struct { // 空间 NamespaceId *uint64 `json:"namespace_id" bson:"namespace_id" gorm:"column:namespace_id;type:varchar(200);index" description:"策略生效的空间Id" optional:"true"` // 访问范围, 需要提前定义scope, 比如环境, 后端开发小组,开发资源 - Scope map[string]string `json:"scope" bson:"scope" gorm:"column:scope;serializer:json;type:json" description:"数据访问的范围" optional:"true"` + Scope map[string][]string `json:"scope" bson:"scope" gorm:"column:scope;serializer:json;type:json" description:"数据访问的范围" optional:"true"` +} + +// 辅助函数:将字符串切片转换为 JSON 数组字符串 +func toJsonArray(arr []string) string { + b, _ := json.Marshal(arr) + return string(b) +} + +func (r ResourceScope) GormResourceFilter(query *gorm.DB) { + if r.NamespaceId != nil { + query = query.Where("namespace = ?", r.NamespaceId) + } + + switch datasource.Get().Provider { + case datasource.PROVIDER_POSTGRES: + for key, values := range r.Scope { + for k, v := range r.Scope { + // 创建一个临时 JSON 对象 {"key": ["value1", "value2"]} + jsonCondition := fmt.Sprintf(`{"%s": %s}`, k, toJsonArray(v)) + query = query.Where("label @> ?", jsonCondition) + } + query = query.Where("label -->>? IN ?", key, values) + } + case datasource.PROVIDER_MYSQL: + // 过滤条件, Label + for key, values := range r.Scope { + query = query.Where("label->>? IN (?)", "$."+key, values) + } + } } func (r *CreatePolicyRequest) Validate() error { @@ -85,3 +119,10 @@ func (r *CreatePolicyRequest) SetNamespaceId(namespaceId uint64) *CreatePolicyRe r.NamespaceId = &namespaceId return r } + +type ResourceLabel struct { + // 空间 + NamespaceId *uint64 `json:"namespace_id" bson:"namespace_id" gorm:"column:namespace_id;type:varchar(200);index" description:"策略生效的空间Id" optional:"true"` + // 访问范围, 需要提前定义scope, 比如环境, 后端开发小组,开发资源 + Label map[string]string `json:"label" bson:"label" gorm:"column:label;serializer:json;type:json" description:"数据访问的范围" optional:"true"` +} diff --git a/devcloud/mpaas/apps/application/impl/application.go b/devcloud/mpaas/apps/application/impl/application.go index b201a35..5587d5f 100644 --- a/devcloud/mpaas/apps/application/impl/application.go +++ b/devcloud/mpaas/apps/application/impl/application.go @@ -38,6 +38,8 @@ func (i *ApplicationServiceImpl) QueryApplication(ctx context.Context, in *appli query = query.Where("ready = ?", *in.Ready) } + in.GormResourceFilter(query) + err := query.Count(&set.Total).Error if err != nil { return nil, err diff --git a/devcloud/mpaas/apps/application/interface.go b/devcloud/mpaas/apps/application/interface.go index 5ef6980..ab06dc4 100644 --- a/devcloud/mpaas/apps/application/interface.go +++ b/devcloud/mpaas/apps/application/interface.go @@ -31,12 +31,12 @@ type Service interface { } type QueryApplicationRequest struct { - *request.PageRequest policy.ResourceScope QueryApplicationRequestSpec } type QueryApplicationRequestSpec struct { + *request.PageRequest // 应用ID Id string `json:"id" bson:"_id"` // 应用名称 diff --git a/devcloud/mpaas/apps/application/model.go b/devcloud/mpaas/apps/application/model.go index b164d55..78fa4fc 100644 --- a/devcloud/mpaas/apps/application/model.go +++ b/devcloud/mpaas/apps/application/model.go @@ -4,6 +4,7 @@ import ( "bytes" "time" + "122.51.31.227/go-course/go18/devcloud/mcenter/apps/policy" "github.com/google/uuid" "github.com/infraboard/mcube/v2/ioc/config/validator" "github.com/infraboard/mcube/v2/tools/pretty" @@ -71,7 +72,6 @@ func (a *Application) BuildId() { func NewCreateApplicationRequest() *CreateApplicationRequest { return &CreateApplicationRequest{ CreateApplicationSpec: CreateApplicationSpec{ - Labels: map[string]string{}, Extras: map[string]string{}, ImageRepository: []ImageRepository{}, }, @@ -83,8 +83,8 @@ type CreateApplicationRequest struct { CreateBy string `json:"create_by" bson:"create_by" gorm:"column:create_by" description:"创建人"` // 创建时间 CreateAt time.Time `json:"create_at" bson:"create_at" gorm:"column:create_at" description:"创建时间"` - // 应用所属空间名称 - Namespace string `json:"namespace" bson:"namespace" description:"应用所属空间名称" gorm:"column:namespace"` + // 资源范围, Namespace是继承的, Scope是API添加的 + policy.ResourceLabel // 应用创建参数 CreateApplicationSpec } @@ -122,8 +122,6 @@ type CreateApplicationSpec struct { Level *uint32 `json:"level" bson:"level" gorm:"column:level" description:"应用等级, 评估这个应用的重要程度"` // 应用优先级, 应用启动的先后顺序 Priority *uint32 `json:"priority" bson:"priority" gorm:"column:priority" description:"应用优先级, 应用启动的先后顺序"` - // 应用标签 - Labels map[string]string `json:"labels" bson:"labels" gorm:"column:labels;serializer:json" description:"应用标签"` // 额外的其他属性 Extras map[string]string `json:"extras" form:"extras" bson:"extras" gorm:"column:extras;serializer:json;"`