From 3f8e06a8bc3c8414e2c74dca8383dbc58e1f13c0 Mon Sep 17 00:00:00 2001
From: He Weiwei <hweiwei@vmware.com>
Date: Wed, 23 Jan 2019 14:56:23 +0800
Subject: [PATCH] Support master role for project member create and update apis
 (#6780)

* Support master role for project member create and update apis

Signed-off-by: He Weiwei <hweiwei@vmware.com>

* Fix description for role_id in swagger.yaml

Signed-off-by: He Weiwei <hweiwei@vmware.com>
---
 docs/swagger.yaml                                    |  4 ++--
 .../postgresql/0005_add_master_role.up.sql           |  1 +
 src/common/const.go                                  |  1 +
 src/common/dao/project.go                            |  5 +++--
 src/common/security/local/context.go                 |  2 ++
 src/core/api/projectmember.go                        |  4 ++--
 src/core/api/projectmember_test.go                   | 12 ++++++++++++
 7 files changed, 23 insertions(+), 6 deletions(-)
 create mode 100644 make/migrations/postgresql/0005_add_master_role.up.sql

diff --git a/docs/swagger.yaml b/docs/swagger.yaml
index eef1cce21..a8b7ddcb2 100644
--- a/docs/swagger.yaml
+++ b/docs/swagger.yaml
@@ -4182,7 +4182,7 @@ definitions:
     properties:
       role_id:
         type: integer
-        description: 'The role id 1 for projectAdmin, 2 for developer, 3 for guest'
+        description: 'The role id 1 for projectAdmin, 2 for developer, 3 for guest, 4 for master'
       member_user:
         $ref: '#/definitions/UserEntity'
       member_group:
@@ -4192,7 +4192,7 @@ definitions:
     properties:
       role_id:
         type: integer
-        description: 'The role id 1 for projectAdmin, 2 for developer, 3 for guest'
+        description: 'The role id 1 for projectAdmin, 2 for developer, 3 for guest, 4 for master'
   UserEntity:
     type: object
     properties:
diff --git a/make/migrations/postgresql/0005_add_master_role.up.sql b/make/migrations/postgresql/0005_add_master_role.up.sql
new file mode 100644
index 000000000..d24d3f5e6
--- /dev/null
+++ b/make/migrations/postgresql/0005_add_master_role.up.sql
@@ -0,0 +1 @@
+INSERT INTO role (role_code, name) VALUES ('DRWS', 'master');
\ No newline at end of file
diff --git a/src/common/const.go b/src/common/const.go
index 5dc0325e1..d6ecda41b 100644
--- a/src/common/const.go
+++ b/src/common/const.go
@@ -28,6 +28,7 @@ const (
 	RoleProjectAdmin = 1
 	RoleDeveloper    = 2
 	RoleGuest        = 3
+	RoleMaster       = 4
 
 	LabelLevelSystem  = "s"
 	LabelLevelUser    = "u"
diff --git a/src/common/dao/project.go b/src/common/dao/project.go
index 80751a35f..423b6b23b 100644
--- a/src/common/dao/project.go
+++ b/src/common/dao/project.go
@@ -249,7 +249,8 @@ func projectQueryConditions(query *models.ProjectQueryParam) (string, []interfac
 				roleID = 2
 			case common.RoleGuest:
 				roleID = 3
-
+			case common.RoleMaster:
+				roleID = 4
 			}
 			params = append(params, roleID)
 		}
@@ -299,7 +300,7 @@ func GetRolesByLDAPGroup(projectID int64, groupDNCondition string) ([]int, error
 	}
 	o := GetOrmer()
 	// Because an LDAP user can be memberof multiple groups,
-	// the role is in descent order (1-admin, 2-developer, 3-guest), use min to select the max privilege role.
+	// the role is in descent order (1-admin, 2-developer, 3-guest, 4-master), use min to select the max privilege role.
 	sql := fmt.Sprintf(
 		`select min(pm.role) from project_member pm 
 		left join user_group ug on pm.entity_type = 'g' and pm.entity_id = ug.id 
diff --git a/src/common/security/local/context.go b/src/common/security/local/context.go
index e7c2bc557..ab4d11f4a 100644
--- a/src/common/security/local/context.go
+++ b/src/common/security/local/context.go
@@ -138,6 +138,8 @@ func (s *SecurityContext) GetProjectRoles(projectIDOrName interface{}) []int {
 		switch role.RoleCode {
 		case "MDRWS":
 			roles = append(roles, common.RoleProjectAdmin)
+		case "DRWS":
+			roles = append(roles, common.RoleMaster)
 		case "RWS":
 			roles = append(roles, common.RoleDeveloper)
 		case "RS":
diff --git a/src/core/api/projectmember.go b/src/core/api/projectmember.go
index 6dfef750a..d94ae1e0f 100644
--- a/src/core/api/projectmember.go
+++ b/src/core/api/projectmember.go
@@ -160,7 +160,7 @@ func (pma *ProjectMemberAPI) Put() {
 	pmID := pma.id
 	var req models.Member
 	pma.DecodeJSONReq(&req)
-	if req.Role < 1 || req.Role > 3 {
+	if req.Role < 1 || req.Role > 4 {
 		pma.HandleBadRequest(fmt.Sprintf("Invalid role id %v", req.Role))
 		return
 	}
@@ -226,7 +226,7 @@ func AddProjectMember(projectID int64, request models.MemberReq) (int, error) {
 		return 0, ErrDuplicateProjectMember
 	}
 
-	if member.Role < 1 || member.Role > 3 {
+	if member.Role < 1 || member.Role > 4 {
 		// Return invalid role error
 		return 0, ErrInvalidRole
 	}
diff --git a/src/core/api/projectmember_test.go b/src/core/api/projectmember_test.go
index 8de569c10..e440ce0e9 100644
--- a/src/core/api/projectmember_test.go
+++ b/src/core/api/projectmember_test.go
@@ -209,6 +209,18 @@ func TestProjectMemberAPI_PutAndDelete(t *testing.T) {
 			},
 			code: http.StatusOK,
 		},
+		// 200
+		{
+			request: &testingRequest{
+				method: http.MethodPut,
+				url:    URL,
+				bodyJSON: &models.Member{
+					Role: 4,
+				},
+				credential: admin,
+			},
+			code: http.StatusOK,
+		},
 		// 400
 		{
 			request: &testingRequest{