Support master role for project member create and update apis (#6780)

* Support master role for project member create and update apis

Signed-off-by: He Weiwei <hweiwei@vmware.com>

* Fix description for role_id in swagger.yaml

Signed-off-by: He Weiwei <hweiwei@vmware.com>

docs/swagger.yaml

@@ -4182,7 +4182,7 @@ definitions:
     properties:
       role_id:
         type: integer
-        description: 'The role id 1 for projectAdmin, 2 for developer, 3 for guest'
+        description: 'The role id 1 for projectAdmin, 2 for developer, 3 for guest, 4 for master'
       member_user:
         $ref: '#/definitions/UserEntity'
       member_group:
@@ -4192,7 +4192,7 @@ definitions:
     properties:
       role_id:
         type: integer
-        description: 'The role id 1 for projectAdmin, 2 for developer, 3 for guest'
+        description: 'The role id 1 for projectAdmin, 2 for developer, 3 for guest, 4 for master'
   UserEntity:
     type: object
     properties:

make/migrations/postgresql/0005_add_master_role.up.sql

@@ -0,0 +1 @@
+INSERT INTO role (role_code, name) VALUES ('DRWS', 'master');

src/common/const.go

@@ -28,6 +28,7 @@ const (
 	RoleProjectAdmin = 1
 	RoleDeveloper    = 2
 	RoleGuest        = 3
+	RoleMaster       = 4
 
 	LabelLevelSystem  = "s"
 	LabelLevelUser    = "u"

src/common/dao/project.go

@@ -249,7 +249,8 @@ func projectQueryConditions(query *models.ProjectQueryParam) (string, []interfac
 				roleID = 2
 			case common.RoleGuest:
 				roleID = 3
-
+			case common.RoleMaster:
+				roleID = 4
 			}
 			params = append(params, roleID)
 		}
@@ -299,7 +300,7 @@ func GetRolesByLDAPGroup(projectID int64, groupDNCondition string) ([]int, error
 	}
 	o := GetOrmer()
 	// Because an LDAP user can be memberof multiple groups,
-	// the role is in descent order (1-admin, 2-developer, 3-guest), use min to select the max privilege role.
+	// the role is in descent order (1-admin, 2-developer, 3-guest, 4-master), use min to select the max privilege role.
 	sql := fmt.Sprintf(
 		`select min(pm.role) from project_member pm 
 		left join user_group ug on pm.entity_type = 'g' and pm.entity_id = ug.id 

src/common/security/local/context.go

@@ -138,6 +138,8 @@ func (s *SecurityContext) GetProjectRoles(projectIDOrName interface{}) []int {
 		switch role.RoleCode {
 		case "MDRWS":
 			roles = append(roles, common.RoleProjectAdmin)
+		case "DRWS":
+			roles = append(roles, common.RoleMaster)
 		case "RWS":
 			roles = append(roles, common.RoleDeveloper)
 		case "RS":

src/core/api/projectmember.go

@@ -160,7 +160,7 @@ func (pma *ProjectMemberAPI) Put() {
 	pmID := pma.id
 	var req models.Member
 	pma.DecodeJSONReq(&req)
-	if req.Role < 1 || req.Role > 3 {
+	if req.Role < 1 || req.Role > 4 {
 		pma.HandleBadRequest(fmt.Sprintf("Invalid role id %v", req.Role))
 		return
 	}
@@ -226,7 +226,7 @@ func AddProjectMember(projectID int64, request models.MemberReq) (int, error) {
 		return 0, ErrDuplicateProjectMember
 	}
 
-	if member.Role < 1 || member.Role > 3 {
+	if member.Role < 1 || member.Role > 4 {
 		// Return invalid role error
 		return 0, ErrInvalidRole
 	}

src/core/api/projectmember_test.go

@@ -209,6 +209,18 @@ func TestProjectMemberAPI_PutAndDelete(t *testing.T) {
 			},
 			code: http.StatusOK,
 		},
+		// 200
+		{
+			request: &testingRequest{
+				method: http.MethodPut,
+				url:    URL,
+				bodyJSON: &models.Member{
+					Role: 4,
+				},
+				credential: admin,
+			},
+			code: http.StatusOK,
+		},
 		// 400
 		{
 			request: &testingRequest{