diff --git a/packages/core/pipeline/src/core/executor.ts b/packages/core/pipeline/src/core/executor.ts index 3d7ef07f..b4ee8d53 100644 --- a/packages/core/pipeline/src/core/executor.ts +++ b/packages/core/pipeline/src/core/executor.ts @@ -1,7 +1,7 @@ import { ConcurrencyStrategy, NotificationWhen, Pipeline, ResultType, Runnable, RunStrategy, Stage, Step, Task } from "../dt/index.js"; import _ from "lodash-es"; import { RunHistory, RunnableCollection } from "./run-history.js"; -import { AbstractTaskPlugin, PluginDefine, pluginRegistry, TaskInstanceContext } from "../plugin/index.js"; +import { AbstractTaskPlugin, PluginDefine, pluginRegistry, TaskInstanceContext, UserInfo } from "../plugin/index.js"; import { ContextFactory, IContext } from "./context.js"; import { IStorage } from "./storage.js"; import { logger } from "../utils/util.log.js"; @@ -16,13 +16,13 @@ import { hashUtils, utils } from "../utils/index.js"; // import { TimeoutPromise } from "../utils/util.promise.js"; export type ExecutorOptions = { - userId: any; pipeline: Pipeline; storage: IStorage; onChanged: (history: RunHistory) => Promise; accessService: IAccessService; emailService: IEmailService; fileRootDir?: string; + user: UserInfo; }; export class Executor { @@ -46,7 +46,7 @@ export class Executor { this.onChanged = async (history: RunHistory) => { await options.onChanged(history); }; - this.pipeline.userId = options.userId; + this.pipeline.userId = options.user.id; this.contextFactory = new ContextFactory(options.storage); this.logger = logger; this.pipelineContext = this.contextFactory.getContext("pipeline", this.pipeline.id); @@ -269,7 +269,7 @@ export class Executor { accessService: this.options.accessService, emailService: this.options.emailService, pipelineContext: this.pipelineContext, - userContext: this.contextFactory.getContext("user", this.options.userId), + userContext: this.contextFactory.getContext("user", this.options.user.id), fileStore: new FileStore({ scope: this.pipeline.id, parent: this.runtime.id, @@ -277,6 +277,7 @@ export class Executor { }), signal: this.abort.signal, utils, + user: this.options.user, }; instance.setCtx(taskCtx); diff --git a/packages/core/pipeline/src/plugin/api.ts b/packages/core/pipeline/src/plugin/api.ts index 4c244009..9ea94a0b 100644 --- a/packages/core/pipeline/src/plugin/api.ts +++ b/packages/core/pipeline/src/plugin/api.ts @@ -9,7 +9,10 @@ import { ILogger, logger, utils } from "../utils/index.js"; import { HttpClient } from "../utils/util.request"; import dayjs from "dayjs"; import _ from "lodash-es"; - +export type UserInfo = { + role: "admin" | "user"; + id: any; +}; export enum ContextScope { global, pipeline, @@ -81,6 +84,8 @@ export type TaskInstanceContext = { signal: AbortSignal; //工具类 utils: typeof utils; + + user: UserInfo; }; export abstract class AbstractTaskPlugin implements ITaskPlugin { @@ -170,6 +175,10 @@ export abstract class AbstractTaskPlugin implements ITaskPlugin { } throw new Error(`action ${req.action} not found`); } + + isAdmin() { + return this.ctx.user.role === "admin"; + } } export type OutputVO = { diff --git a/packages/ui/certd-client/src/views/sys/authority/permission/index.vue b/packages/ui/certd-client/src/views/sys/authority/permission/index.vue index 867dbc21..12625ace 100644 --- a/packages/ui/certd-client/src/views/sys/authority/permission/index.vue +++ b/packages/ui/certd-client/src/views/sys/authority/permission/index.vue @@ -4,11 +4,19 @@
权限管理
- + 添加 - + @@ -49,9 +57,9 @@ export default defineComponent({ const { hasPermissions } = usePermission(); const permission = ref({ - add: hasPermissions("sys:auth:per:add"), - edit: hasPermissions("sys:auth:per:edit"), - remove: hasPermissions("sys:auth:per:remove") + add: hasPermissions("1sys:auth:per:add"), + edit: hasPermissions("1sys:auth:per:edit"), + remove: hasPermissions("1sys:auth:per:remove") }); return { diff --git a/packages/ui/certd-server/src/modules/authority/controller/permission-controller.ts b/packages/ui/certd-server/src/modules/authority/controller/permission-controller.ts index b633639b..aa56ff20 100644 --- a/packages/ui/certd-server/src/modules/authority/controller/permission-controller.ts +++ b/packages/ui/certd-server/src/modules/authority/controller/permission-controller.ts @@ -1,12 +1,4 @@ -import { - ALL, - Body, - Controller, - Inject, - Post, - Provide, - Query, -} from '@midwayjs/core'; +import { ALL, Body, Controller, Inject, Post, Provide, Query } from '@midwayjs/core'; import { CrudController } from '../../../basic/crud-controller.js'; import { PermissionService } from '../service/permission-service.js'; @@ -49,7 +41,7 @@ export class PermissionController extends CrudController { @Post('/delete', { summary: 'sys:auth:per:remove' }) async delete( @Query('id') - id : number + id: number ) { return await super.delete(id); } diff --git a/packages/ui/certd-server/src/modules/authority/service/user-role-service.ts b/packages/ui/certd-server/src/modules/authority/service/user-role-service.ts index 97fc6ebe..54ef4ea6 100644 --- a/packages/ui/certd-server/src/modules/authority/service/user-role-service.ts +++ b/packages/ui/certd-server/src/modules/authority/service/user-role-service.ts @@ -16,4 +16,6 @@ export class UserRoleService extends BaseService { getRepository() { return this.repository; } + + } diff --git a/packages/ui/certd-server/src/modules/authority/service/user-service.ts b/packages/ui/certd-server/src/modules/authority/service/user-service.ts index 632d74df..fcd08ea9 100644 --- a/packages/ui/certd-server/src/modules/authority/service/user-service.ts +++ b/packages/ui/certd-server/src/modules/authority/service/user-service.ts @@ -204,4 +204,16 @@ export class UserService extends BaseService { } await super.delete(ids); } + + async isAdmin(userId: any) { + const userRoles = await this.userRoleService.find({ + where: { + userId, + }, + }); + const roleIds = userRoles.map(item => item.roleId); + if (roleIds.includes(1)) { + return true; + } + } } diff --git a/packages/ui/certd-server/src/modules/pipeline/service/pipeline-service.ts b/packages/ui/certd-server/src/modules/pipeline/service/pipeline-service.ts index 5a2375bc..728439fd 100644 --- a/packages/ui/certd-server/src/modules/pipeline/service/pipeline-service.ts +++ b/packages/ui/certd-server/src/modules/pipeline/service/pipeline-service.ts @@ -4,7 +4,7 @@ import { In, Repository } from 'typeorm'; import { BaseService } from '../../../basic/base-service.js'; import { PipelineEntity } from '../entity/pipeline.js'; import { PipelineDetail } from '../entity/vo/pipeline-detail.js'; -import { Executor, isPlus, Pipeline, ResultType, RunHistory } from '@certd/pipeline'; +import { Executor, isPlus, Pipeline, ResultType, RunHistory, UserInfo } from '@certd/pipeline'; import { AccessService } from './access-service.js'; import { DbStorage } from './db-storage.js'; import { StorageService } from './storage-service.js'; @@ -16,9 +16,11 @@ import { HistoryLogService } from './history-log-service.js'; import { logger } from '../../../utils/logger.js'; import { EmailService } from '../../basic/service/email-service.js'; import { NeedVIPException } from '../../../basic/exception/vip-exception.js'; +import { UserService } from '../../authority/service/user-service.js'; const runningTasks: Map = new Map(); const freeCount = 10; + /** * 证书申请 */ @@ -38,6 +40,9 @@ export class PipelineService extends BaseService { @Inject() historyLogService: HistoryLogService; + @Inject() + userService: UserService; + @Inject() cron: Cron; @@ -331,9 +336,13 @@ export class PipelineService extends BaseService { const userId = entity.userId; const historyId = await this.historyService.start(entity); - + const userIsAdmin = await this.userService.isAdmin(userId); + const user: UserInfo = { + id: userId, + role: userIsAdmin ? 'admin' : 'user', + }; const executor = new Executor({ - userId, + user, pipeline, onChanged, accessService: this.accessService, diff --git a/packages/ui/certd-server/src/plugins/plugin-host/plugin/copy-to-local/index.ts b/packages/ui/certd-server/src/plugins/plugin-host/plugin/copy-to-local/index.ts index 345c99d5..69017a8f 100644 --- a/packages/ui/certd-server/src/plugins/plugin-host/plugin/copy-to-local/index.ts +++ b/packages/ui/certd-server/src/plugins/plugin-host/plugin/copy-to-local/index.ts @@ -8,7 +8,7 @@ import path from 'path'; name: 'CopyToLocal', title: '复制到本机', icon: 'solar:copy-bold-duotone', - desc: '实际上是复制证书到docker容器内的某个路径,需要做目录映射到宿主机', + desc: '【仅管理员使用】实际上是复制证书到docker容器内的某个路径,需要做目录映射到宿主机', group: pluginGroups.host.key, default: { strategy: { @@ -114,6 +114,10 @@ export class CopyCertToLocalPlugin extends AbstractTaskPlugin { fs.copyFileSync(srcFile, destFile); } async execute(): Promise { + if (!this.isAdmin()) { + throw new Error('只有管理员才能运行此任务'); + } + let { crtPath, keyPath, icPath, pfxPath, derPath } = this; const certReader = new CertReader(this.cert); diff --git a/packages/ui/certd-server/src/plugins/plugin-other/plugins/plugin-restart.ts b/packages/ui/certd-server/src/plugins/plugin-other/plugins/plugin-restart.ts index 17617c88..7419cb9b 100644 --- a/packages/ui/certd-server/src/plugins/plugin-other/plugins/plugin-restart.ts +++ b/packages/ui/certd-server/src/plugins/plugin-other/plugins/plugin-restart.ts @@ -4,7 +4,7 @@ import { AbstractTaskPlugin, IsTaskPlugin, pluginGroups, RunStrategy, TaskInput name: 'RestartCertd', title: '重启Certd', icon: 'mdi:restart', - desc: '延迟一定时间后自动杀死自己,然后通过Docker来自动重启', + desc: '【仅管理员】延迟一定时间后自动杀死自己,然后通过Docker来自动重启', group: pluginGroups.other.key, default: { strategy: { @@ -25,6 +25,9 @@ export class RestartCertdPlugin extends AbstractTaskPlugin { delay = 30; async onInstance() {} async execute(): Promise { + if (!this.isAdmin()) { + throw new Error('只有管理员才能运行此任务'); + } this.logger.info(`Certd 将在 ${this.delay} 秒后关闭`); setTimeout(() => { this.logger.info('重启 Certd'); diff --git a/packages/ui/certd-server/src/plugins/plugin-other/plugins/plugin-script.ts b/packages/ui/certd-server/src/plugins/plugin-other/plugins/plugin-script.ts index d7eade59..6e036219 100644 --- a/packages/ui/certd-server/src/plugins/plugin-other/plugins/plugin-script.ts +++ b/packages/ui/certd-server/src/plugins/plugin-other/plugins/plugin-script.ts @@ -9,8 +9,8 @@ export type CustomScriptContext = { @IsTaskPlugin({ name: 'CustomScript', title: '自定义js脚本', - icon:"ri:javascript-line", - desc: '测试', + icon: 'ri:javascript-line', + desc: '【仅管理员】运行自定义js脚本执行', group: pluginGroups.other.key, default: { strategy: { @@ -45,6 +45,9 @@ export class CustomScriptPlugin extends AbstractTaskPlugin { async onInstance() {} async execute(): Promise { + if (!this.isAdmin()) { + throw new Error('只有管理员才能运行此任务'); + } this.logger.info('执行自定义脚本:\n', this.script); const ctx: CustomScriptContext = { CertReader,