Merge pull request #3079 from actiontech/fix_audit_plan_permit

LordofAvernus · web-flow · commit 8ff68b1f73ca · 2025-07-04T18:19:55.000+08:00
fix: save audit plan permission
diff --git a/sqle/api/controller/v1/audit_plan.go b/sqle/api/controller/v1/audit_plan.go
@@ -666,7 +666,7 @@ func GetAuditPlans(c echo.Context) error {
 		"offset":                          offset,
 	}
 	if !up.CanViewProject() {
-		instanceNames, err := dms.GetInstanceNamesInProjectByIds(c.Request().Context(), projectUid, up.GetInstancesByOP(v1.OpPermissionTypeViewOtherAuditPlan))
+		instanceNames, err := dms.GetInstanceNamesInProjectByIds(c.Request().Context(), projectUid, up.GetInstancesByOP(v1.OpPermissionTypeSaveAuditPlan))
 		if err != nil {
 			return err
 		}
@@ -797,7 +797,7 @@ func GetAuditPlanReports(c echo.Context) error {
 	}
 	apName := c.Param("audit_plan_name")
 
-	_, exist, err := GetAuditPlanIfCurrentUserCanView(c, projectUid, apName, v1.OpPermissionTypeViewOtherAuditPlan)
+	_, exist, err := GetAuditPlanIfCurrentUserCanView(c, projectUid, apName, v1.OpPermissionTypeSaveAuditPlan)
 	if err != nil {
 		return controller.JSONBaseErrorReq(c, err)
 	}
@@ -857,7 +857,7 @@ func GetAuditPlanReport(c echo.Context) error {
 	}
 	apName := c.Param("audit_plan_name")
 
-	ap, exist, err := GetAuditPlanIfCurrentUserCanView(c, projectUid, apName, v1.OpPermissionTypeViewOtherAuditPlan)
+	ap, exist, err := GetAuditPlanIfCurrentUserCanView(c, projectUid, apName, v1.OpPermissionTypeSaveAuditPlan)
 	if err != nil {
 		return controller.JSONBaseErrorReq(c, err)
 	}
@@ -1225,7 +1225,7 @@ func GetAuditPlanNotifyConfig(c echo.Context) error {
 	}
 	apName := c.Param("audit_plan_name")
 
-	ap, exist, err := GetAuditPlanIfCurrentUserCanView(c, projectUid, apName, v1.OpPermissionTypeViewOtherAuditPlan)
+	ap, exist, err := GetAuditPlanIfCurrentUserCanView(c, projectUid, apName, v1.OpPermissionTypeSaveAuditPlan)
 	if err != nil {
 		return controller.JSONBaseErrorReq(c, err)
 	}
@@ -1401,7 +1401,7 @@ func GetAuditPlanSQLs(c echo.Context) error {
 	}
 	apName := c.Param("audit_plan_name")
 
-	ap, exist, err := GetAuditPlanIfCurrentUserCanView(c, projectUid, apName, v1.OpPermissionTypeViewOtherAuditPlan)
+	ap, exist, err := GetAuditPlanIfCurrentUserCanView(c, projectUid, apName, v1.OpPermissionTypeSaveAuditPlan)
 	if err != nil {
 		return controller.JSONBaseErrorReq(c, err)
 	}
@@ -1482,7 +1482,7 @@ func GetAuditPlanReportSQLsV1(c echo.Context) error {
 	}
 	apName := c.Param("audit_plan_name")
 
-	ap, exist, err := GetAuditPlanIfCurrentUserCanView(c, projectUid, apName, v1.OpPermissionTypeViewOtherAuditPlan)
+	ap, exist, err := GetAuditPlanIfCurrentUserCanView(c, projectUid, apName, v1.OpPermissionTypeSaveAuditPlan)
 	if err != nil {
 		return controller.JSONBaseErrorReq(c, err)
 	}
diff --git a/sqle/api/controller/v1/project_permission.go b/sqle/api/controller/v1/project_permission.go
@@ -329,7 +329,7 @@ func GetInstanceAuditPlanIfCurrentUserCanView(c echo.Context, projectId, instanc
 			return ap, true, nil
 		}
 	}
-	opTypes := []dmsV1.OpPermissionType{dmsV1.OpPermissionTypeViewOtherAuditPlan, dmsV1.OpPermissionTypeSaveAuditPlan}
+	opTypes := []dmsV1.OpPermissionType{dmsV1.OpPermissionTypeSaveAuditPlan}
 	for _, opType := range opTypes {
 		dbServiceReq := &dmsV2.ListDBServiceReq{
 			ProjectUid: projectId,
@@ -344,7 +344,7 @@ func GetInstanceAuditPlanIfCurrentUserCanView(c echo.Context, projectId, instanc
 			}
 		}
 	}
-	return ap, false, errors.NewUserNotPermissionError(dmsV1.GetOperationTypeDesc(dmsV1.OpPermissionTypeViewOtherAuditPlan))
+	return ap, false, errors.NewUserNotPermissionError(dmsV1.GetOperationTypeDesc(dmsV1.OpPermissionTypeSaveAuditPlan))
 }
 
 func GetInstanceAuditPlanIfCurrentUserCanOp(c echo.Context, projectId, instanceAuditPlanID string, opType dmsV1.OpPermissionType) (*model.InstanceAuditPlan, bool, error) {
@@ -399,7 +399,7 @@ func GetAuditPlantReportAndInstanceIfCurrentUserCanView(c echo.Context, projectI
 	auditPlanReport *model.AuditPlanReportV2, auditPlanReportSQLV2 *model.AuditPlanReportSQLV2, instance *model.Instance,
 	err error) {
 
-	ap, exist, err := GetAuditPlanIfCurrentUserCanView(c, projectId, auditPlanName, dmsV1.OpPermissionTypeViewOtherAuditPlan)
+	ap, exist, err := GetAuditPlanIfCurrentUserCanView(c, projectId, auditPlanName, dmsV1.OpPermissionTypeSaveAuditPlan)
 	if err != nil {
 		return nil, nil, nil, err
 	}
diff --git a/sqle/api/controller/v2/audit_plan.go b/sqle/api/controller/v2/audit_plan.go
@@ -101,7 +101,7 @@ func GetAuditPlans(c echo.Context) error {
 		"offset":                          offset,
 	}
 	if !up.IsAdmin() {
-		instanceNames, err := dms.GetInstanceNamesInProjectByIds(c.Request().Context(), projectUid, up.GetInstancesByOP(dmsV1.OpPermissionTypeViewOtherAuditPlan))
+		instanceNames, err := dms.GetInstanceNamesInProjectByIds(c.Request().Context(), projectUid, up.GetInstancesByOP(dmsV1.OpPermissionTypeSaveAuditPlan))
 		if err != nil {
 			return err
 		}
@@ -195,7 +195,7 @@ func GetAuditPlanReportSQLs(c echo.Context) error {
 	}
 	apName := c.Param("audit_plan_name")
 
-	ap, exist, err := v1.GetAuditPlanIfCurrentUserCanView(c, projectUid, apName, dmsV1.OpPermissionTypeViewOtherAuditPlan)
+	ap, exist, err := v1.GetAuditPlanIfCurrentUserCanView(c, projectUid, apName, dmsV1.OpPermissionTypeSaveAuditPlan)
 	if err != nil {
 		return controller.JSONBaseErrorReq(c, err)
 	}
diff --git a/sqle/api/controller/v2/instance_audit_plan.go b/sqle/api/controller/v2/instance_audit_plan.go
@@ -249,7 +249,7 @@ func GetInstanceAuditPlans(c echo.Context) error {
 	}
 	if !up.CanViewProject() {
 		// 如果有配置SQL管控权限，那么可以查看自己创建的或者该权限对应数据源的
-		accessibleInstanceId := up.GetInstancesByOP(dmsCommonV1.OpPermissionTypeViewOtherAuditPlan, dmsCommonV1.OpPermissionTypeSaveAuditPlan)
+		accessibleInstanceId := up.GetInstancesByOP(dmsCommonV1.OpPermissionTypeSaveAuditPlan)
 		if len(accessibleInstanceId) > 0 {
 			data["accessible_instances_id"] = fmt.Sprintf("\"%s\"", strings.Join(accessibleInstanceId, "\",\""))
 		}

Original file line number	Diff line number	Diff line change
`@@ -666,7 +666,7 @@ func GetAuditPlans(c echo.Context) error {`
`666`	`666`	`"offset": offset,`
`667`	`667`	`}`
`668`	`668`	`if !up.CanViewProject() {`
`669`		`- instanceNames, err := dms.GetInstanceNamesInProjectByIds(c.Request().Context(), projectUid, up.GetInstancesByOP(v1.OpPermissionTypeViewOtherAuditPlan))`
	`669`	`+ instanceNames, err := dms.GetInstanceNamesInProjectByIds(c.Request().Context(), projectUid, up.GetInstancesByOP(v1.OpPermissionTypeSaveAuditPlan))`
`670`	`670`	`if err != nil {`
`671`	`671`	`return err`
`672`	`672`	`}`
`@@ -797,7 +797,7 @@ func GetAuditPlanReports(c echo.Context) error {`
`797`	`797`	`}`
`798`	`798`	`apName := c.Param("audit_plan_name")`
`799`	`799`
`800`		`- _, exist, err := GetAuditPlanIfCurrentUserCanView(c, projectUid, apName, v1.OpPermissionTypeViewOtherAuditPlan)`
	`800`	`+ _, exist, err := GetAuditPlanIfCurrentUserCanView(c, projectUid, apName, v1.OpPermissionTypeSaveAuditPlan)`
`801`	`801`	`if err != nil {`
`802`	`802`	`return controller.JSONBaseErrorReq(c, err)`
`803`	`803`	`}`
`@@ -857,7 +857,7 @@ func GetAuditPlanReport(c echo.Context) error {`
`857`	`857`	`}`
`858`	`858`	`apName := c.Param("audit_plan_name")`
`859`	`859`
`860`		`- ap, exist, err := GetAuditPlanIfCurrentUserCanView(c, projectUid, apName, v1.OpPermissionTypeViewOtherAuditPlan)`
	`860`	`+ ap, exist, err := GetAuditPlanIfCurrentUserCanView(c, projectUid, apName, v1.OpPermissionTypeSaveAuditPlan)`
`861`	`861`	`if err != nil {`
`862`	`862`	`return controller.JSONBaseErrorReq(c, err)`
`863`	`863`	`}`
`@@ -1225,7 +1225,7 @@ func GetAuditPlanNotifyConfig(c echo.Context) error {`
`1225`	`1225`	`}`
`1226`	`1226`	`apName := c.Param("audit_plan_name")`
`1227`	`1227`
`1228`		`- ap, exist, err := GetAuditPlanIfCurrentUserCanView(c, projectUid, apName, v1.OpPermissionTypeViewOtherAuditPlan)`
	`1228`	`+ ap, exist, err := GetAuditPlanIfCurrentUserCanView(c, projectUid, apName, v1.OpPermissionTypeSaveAuditPlan)`
`1229`	`1229`	`if err != nil {`
`1230`	`1230`	`return controller.JSONBaseErrorReq(c, err)`
`1231`	`1231`	`}`
`@@ -1401,7 +1401,7 @@ func GetAuditPlanSQLs(c echo.Context) error {`
`1401`	`1401`	`}`
`1402`	`1402`	`apName := c.Param("audit_plan_name")`
`1403`	`1403`
`1404`		`- ap, exist, err := GetAuditPlanIfCurrentUserCanView(c, projectUid, apName, v1.OpPermissionTypeViewOtherAuditPlan)`
	`1404`	`+ ap, exist, err := GetAuditPlanIfCurrentUserCanView(c, projectUid, apName, v1.OpPermissionTypeSaveAuditPlan)`
`1405`	`1405`	`if err != nil {`
`1406`	`1406`	`return controller.JSONBaseErrorReq(c, err)`
`1407`	`1407`	`}`
`@@ -1482,7 +1482,7 @@ func GetAuditPlanReportSQLsV1(c echo.Context) error {`
`1482`	`1482`	`}`
`1483`	`1483`	`apName := c.Param("audit_plan_name")`
`1484`	`1484`
`1485`		`- ap, exist, err := GetAuditPlanIfCurrentUserCanView(c, projectUid, apName, v1.OpPermissionTypeViewOtherAuditPlan)`
	`1485`	`+ ap, exist, err := GetAuditPlanIfCurrentUserCanView(c, projectUid, apName, v1.OpPermissionTypeSaveAuditPlan)`
`1486`	`1486`	`if err != nil {`
`1487`	`1487`	`return controller.JSONBaseErrorReq(c, err)`
`1488`	`1488`	`}`
Original file line number	Diff line number	Diff line change
`@@ -329,7 +329,7 @@ func GetInstanceAuditPlanIfCurrentUserCanView(c echo.Context, projectId, instanc`
`329`	`329`	`return ap, true, nil`
`330`	`330`	`}`
`331`	`331`	`}`
`332`		`- opTypes := []dmsV1.OpPermissionType{dmsV1.OpPermissionTypeViewOtherAuditPlan, dmsV1.OpPermissionTypeSaveAuditPlan}`
	`332`	`+ opTypes := []dmsV1.OpPermissionType{dmsV1.OpPermissionTypeSaveAuditPlan}`
`333`	`333`	`for _, opType := range opTypes {`
`334`	`334`	`dbServiceReq := &dmsV2.ListDBServiceReq{`
`335`	`335`	`ProjectUid: projectId,`
`@@ -344,7 +344,7 @@ func GetInstanceAuditPlanIfCurrentUserCanView(c echo.Context, projectId, instanc`
`344`	`344`	`}`
`345`	`345`	`}`
`346`	`346`	`}`
`347`		`- return ap, false, errors.NewUserNotPermissionError(dmsV1.GetOperationTypeDesc(dmsV1.OpPermissionTypeViewOtherAuditPlan))`
	`347`	`+ return ap, false, errors.NewUserNotPermissionError(dmsV1.GetOperationTypeDesc(dmsV1.OpPermissionTypeSaveAuditPlan))`
`348`	`348`	`}`
`349`	`349`
`350`	`350`	`func GetInstanceAuditPlanIfCurrentUserCanOp(c echo.Context, projectId, instanceAuditPlanID string, opType dmsV1.OpPermissionType) (*model.InstanceAuditPlan, bool, error) {`
`@@ -399,7 +399,7 @@ func GetAuditPlantReportAndInstanceIfCurrentUserCanView(c echo.Context, projectI`
`399`	`399`	`auditPlanReport model.AuditPlanReportV2, auditPlanReportSQLV2 model.AuditPlanReportSQLV2, instance *model.Instance,`
`400`	`400`	`err error) {`
`401`	`401`
`402`		`- ap, exist, err := GetAuditPlanIfCurrentUserCanView(c, projectId, auditPlanName, dmsV1.OpPermissionTypeViewOtherAuditPlan)`
	`402`	`+ ap, exist, err := GetAuditPlanIfCurrentUserCanView(c, projectId, auditPlanName, dmsV1.OpPermissionTypeSaveAuditPlan)`
`403`	`403`	`if err != nil {`
`404`	`404`	`return nil, nil, nil, err`
`405`	`405`	`}`
Original file line number	Diff line number	Diff line change
`@@ -101,7 +101,7 @@ func GetAuditPlans(c echo.Context) error {`
`101`	`101`	`"offset": offset,`
`102`	`102`	`}`
`103`	`103`	`if !up.IsAdmin() {`
`104`		`- instanceNames, err := dms.GetInstanceNamesInProjectByIds(c.Request().Context(), projectUid, up.GetInstancesByOP(dmsV1.OpPermissionTypeViewOtherAuditPlan))`
	`104`	`+ instanceNames, err := dms.GetInstanceNamesInProjectByIds(c.Request().Context(), projectUid, up.GetInstancesByOP(dmsV1.OpPermissionTypeSaveAuditPlan))`
`105`	`105`	`if err != nil {`
`106`	`106`	`return err`
`107`	`107`	`}`
`@@ -195,7 +195,7 @@ func GetAuditPlanReportSQLs(c echo.Context) error {`
`195`	`195`	`}`
`196`	`196`	`apName := c.Param("audit_plan_name")`
`197`	`197`
`198`		`- ap, exist, err := v1.GetAuditPlanIfCurrentUserCanView(c, projectUid, apName, dmsV1.OpPermissionTypeViewOtherAuditPlan)`
	`198`	`+ ap, exist, err := v1.GetAuditPlanIfCurrentUserCanView(c, projectUid, apName, dmsV1.OpPermissionTypeSaveAuditPlan)`
`199`	`199`	`if err != nil {`
`200`	`200`	`return controller.JSONBaseErrorReq(c, err)`
`201`	`201`	`}`
Original file line number	Diff line number	Diff line change
`@@ -249,7 +249,7 @@ func GetInstanceAuditPlans(c echo.Context) error {`
`249`	`249`	`}`
`250`	`250`	`if !up.CanViewProject() {`
`251`	`251`	`// 如果有配置SQL管控权限，那么可以查看自己创建的或者该权限对应数据源的`
`252`		`- accessibleInstanceId := up.GetInstancesByOP(dmsCommonV1.OpPermissionTypeViewOtherAuditPlan, dmsCommonV1.OpPermissionTypeSaveAuditPlan)`
	`252`	`+ accessibleInstanceId := up.GetInstancesByOP(dmsCommonV1.OpPermissionTypeSaveAuditPlan)`
`253`	`253`	`if len(accessibleInstanceId) > 0 {`
`254`	`254`	`data["accessible_instances_id"] = fmt.Sprintf("\"%s\"", strings.Join(accessibleInstanceId, "\",\""))`
`255`	`255`	`}`