Merge user roles and group roles

Signed-off-by: stonezdj <stonezdj@gmail.com>
2024-09-20 17:25:32 +00:00 · 2019-08-05 15:09:59 +08:00 · 2019-08-05 15:09:59 +08:00 · 7d8fcf04cc
commit 7d8fcf04cc
parent 41b8e60e6a
4 changed files with 72 additions and 4 deletions
--- a/docs/manage_role_by_ldap_group.md
+++ b/docs/manage_role_by_ldap_group.md
@ -49,4 +49,4 @@ If a user is in the LDAP groups with admin privilege (ldap_group_admin_dn), the

 ## User privileges and group privileges

-If a user has both user-level role and group-level role, only the user level role privileges will be considered.
+If a user has both user-level role and group-level role, these privileges are merged together.
--- a/src/common/security/local/context.go
+++ b/src/common/security/local/context.go
@ -127,10 +127,24 @@ func (s *SecurityContext) GetProjectRoles(projectIDOrName interface{}) []int {
 			roles = append(roles, common.RoleGuest)
 		}
 	}
-	if len(roles) != 0 {
-		return roles
+	return mergeRoles(roles, s.GetRolesByGroup(projectIDOrName))
+}
+
+func mergeRoles(rolesA, rolesB []int) []int {
+	type void struct{}
+	var roles []int
+	var placeHolder void
+	roleSet := make(map[int]void)
+	for _, r := range rolesA {
+		roleSet[r] = placeHolder
 	}
-	return s.GetRolesByGroup(projectIDOrName)
+	for _, r := range rolesB {
+		roleSet[r] = placeHolder
+	}
+	for r := range roleSet {
+		roles = append(roles, r)
+	}
+	return roles
 }

 // GetRolesByGroup - Get the group role of current user to the project
--- a/src/common/security/local/context_test.go
+++ b/src/common/security/local/context_test.go
@ -408,3 +408,27 @@ func TestSecurityContext_GetMyProjects(t *testing.T) {
 		})
 	}
 }
+
+func Test_mergeRoles(t *testing.T) {
+	type args struct {
+		rolesA []int
+		rolesB []int
+	}
+	tests := []struct {
+		name string
+		args args
+		want []int
+	}{
+		{"normal", args{[]int{3, 4}, []int{1, 2, 3, 4}}, []int{1, 2, 3, 4}},
+		{"empty", args{[]int{}, []int{}}, []int{}},
+		{"left empty", args{[]int{}, []int{1, 2, 3, 4}}, []int{1, 2, 3, 4}},
+		{"right empty", args{[]int{1, 2, 3, 4}, []int{}}, []int{1, 2, 3, 4}},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if got := mergeRoles(tt.args.rolesA, tt.args.rolesB); !test.CheckSetsEqual(got, tt.want) {
+				t.Errorf("mergeRoles() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
--- a/src/common/utils/test/test.go
+++ b/src/common/utils/test/test.go
@ -142,3 +142,33 @@ func TraceCfgMap(cfgs map[string]interface{}) {
 		fmt.Printf("%v=%v\n", k, cfgs[k])
 	}
 }
+
+// CheckSetsEqual - check int set if they are equals
+func CheckSetsEqual(setA, setB []int) bool {
+	if len(setA) != len(setB) {
+		return false
+	}
+	type void struct{}
+	var exist void
+	setAll := make(map[int]void)
+	for _, r := range setA {
+		setAll[r] = exist
+	}
+	for _, r := range setB {
+		if _, ok := setAll[r]; !ok {
+			return false
+		}
+	}
+
+	setAll = make(map[int]void)
+	for _, r := range setB {
+		setAll[r] = exist
+	}
+	for _, r := range setA {
+		if _, ok := setAll[r]; !ok {
+			return false
+		}
+	}
+	return true
+
+}