[Feature] Optimization of workspace administrator permissions

[wxyn]

Search before asking

• I had searched in the issues and found no similar feature requirement.

Problem Description

The current workspace management module requires optimization of some permission management and functional user experience, including the following points:

1. There is an error in the creator and joining time in the [User Information]. The current display shows the updated person and the latest update time;
2. When the name and creator are the same user in [User Information], the user will not be allowed to be deleted or edited - the front-end will remove restrictions;
3. [User Information] The workspace administrator cannot authorize workspace administrators to other colleagues. After investigation, it was found that only the workspace creator or super administrator, namely the linkis management console administrator, has the authority to authorize other colleagues as workspace administrators;
4. [User Information] Enter the user name in the search box, and press Enter key to fail to search;

Description

Optimize the 1-4 mentioned in some sections as follows

1. The creator and joining time in [User Information] should not change since the user joined the workspace. At the same time, add fields for the modifier and modification time;
2. When the name and creator are the same user in [User Information], editing and deletion operations are still allowed;
3. [User Information] Release the restrictions on authorizing workspace administrators. Both workspace administrators and workspace creators have the authority to authorize or cancel other users as workspace administrators.
4. Workspace administrator queries users support fuzzy queries based on UM account names.
5. Other users (including workspace administrators) are not allowed to modify the information of workspace creators, and workspace creators can modify their own permissions.
6. Remove the role of super administrator (linkis administrator).
7. Users starting with 'v_' and 'hduser' are not allowed as workspace administrators

Workspace Management - User Management Module

User search: Search based on the user's UM account and role
The workspace administrator supports fuzzy queries based on UM account names when querying users. The query results should meet both user name and role query criteria.

Permission editing
The creator of a workspace must be a workspace administrator;
The workspace administrator can modify the information of any member within the space (except for the workspace administrator);
The workspace creator can modify their own permissions (cannot cancel their administrator role) and any user's permissions;
Only workspace creators have the authority to authorize or revoke users' administrator roles.

1. The workspace administrator has no buttons for editing or deleting workspace creators in the operation bar;
2. When the workspace administrator edits their own permissions, the administrator role multiple selection button is grayed out and cannot be modified;
3. The workspace administrator has no buttons in the operation column for other administrators;
4. After the workspace creator enters workspace management, there is no deletion option for their own operations.
   Adding Users starting with 'v_' and 'hduser' as workspace administrators is not supported
   Checking the 'Administrator' role is not allowed in automatic user joining
   Whether it is a workspace creator or workspace administrator, when configuring the "User Auto Join" feature, the "Administrator" role is grayed out and not allowed to be selected.

Use case

No response

solutions

Interface involved

Add workspace users: rest_j/v1/dss/framework/workspace/addWorkspaceUser

Edit workspace users: rest_j/v1/dss/framework/workspace/updateWorkspaceUser

Query workspace users; rest_j/v1/dss/framework/workspace/getWorkspaceUsers

achieve

1. Add update_user and update_time to the dss_workspace_user_role table, and display the modification person and time respectively

alter table dss_workspace_user_role add `update_user` varchar(32) DEFAULT NULL;
alter table dss_workspace_user_role add `update_time` datetime DEFAULT NULL;

2. Supports fuzzy query of user names and joint query of user names and roles

"<script>",
      "select created_by as creator, username as username, create_time as joinTime," + 
             "workspace_id as workspaceId, group_concat(role_id) as roleIds," +
             "update_time as updateTime, update_user as updateUser " +
       "from dss_workspace_user_role " +
       "where workspace_id = #{workspaceId} ",
            "<if test='username != null'>and username like concat('%',#{username},'%')</if> " + 
            "group by username " +
            "<if test='roleId != null'>HAVING FIND_IN_SET(#{roleId},roleIds)</if> " +
            "order by id desc",
"</script>"

3. When you edit or add a workspace user, the previous logic deletes all roles under the user and reinserts them. Therefore, the user creation time will change when you insert the user. The implementation is as follows:

1. Query the role information based on the user name and workspace id, and obtain a message to obtain the creation time createTime
2. updateUser is the current user
3. updateTime is the current update time now

"insert into dss_workspace_user_role(workspace_id, username, role_id, create_time, created_by,user_id, update_user, update_time)" +
"values(#{workspaceId}, #{username}, #{roleId}, #{createTime}, #{createdBy}, #{userId}), #{updateUser}, now()"

4. Match the user starting with "v_" and the user starting with "hduser" based on the user name prefix

Anything else

No response

Are you willing to submit a PR?

• Yes I am willing to submit a PR!

[zqburde]

Add it in DSS1.1.2