多组用户权限控制

[dc514lrain]

我想在管理端控制不同用户的查看权限，以免一个开发组的员工看到另一个project下的配置，不知道可以做到吗？我看到现有的“负责人”级别权限只能控制修改发布权限，但是他们依旧有读权限

[dosubot[bot]]

To control viewing permissions for different user groups in the admin panel, you'll need to implement a more granular access control system. Here's a streamlined approach:

1. Extend the Role Model: Introduce group-based roles by modifying the RoleType enum to include roles specific to each project or development group.

2. Adjust Permission Checks: Update methods like hasPermission to evaluate both the user's role and their group membership when accessing resources.

3. Implement Group Assignment: Add or modify endpoints in PermissionController for assigning users to group-based roles, ensuring these methods handle group contexts effectively.

4. Update Services: Extend RolePermissionService and other relevant services to support group assignments and permission checks.

5. UI Changes: Modify the frontend to manage group memberships and display permissions accordingly.

6. Database Modifications: Alter the database schema to include group information and permissions.

Here's a code snippet to illustrate assigning group-based roles:

@PreAuthorize(value = "@permissionValidator.hasAssignRolePermission(#appId)")
@PostMapping("/apps/{appId}/groups/{groupId}/namespaces/{namespaceName}/roles/{roleType}")
public ResponseEntity<Void> assignGroupNamespaceRoleToUser(@PathVariable String appId, @PathVariable String groupId, @PathVariable String namespaceName,
                                                            @PathVariable String roleType, @RequestBody String user) {
    // Validation and role assignment logic here, including group ID considerations
    return ResponseEntity.ok().build();
}

This approach requires careful planning and testing to ensure security and functionality. For implementation details, refer to the Apollo project's PermissionController.java and RoleType.java, as well as the database schema documentation.

Sources

• apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/controller/PermissionController.java
• apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/constant/RoleType.java
• scripts/sql/profiles/mysql-default/apolloportaldb.sql

About Dosu

This response is meant to be useful and save you time. It is not meant to be a precise solution, but rather a starting point for your own research.

Help me be more useful! Please leave a 👍 if this is helpful and 👎 if it is irrelevant.

If you want to continue the conversation, start your reply with @dosu-bot.

[nobodyiam]

6.1 配置查看权限