Merge pull request #2877 from actiontech/fix_workflow_permission

Fix workflow permission

Author: BugsGuru

sqle/api/controller/v1/project_permission.go

@@ -27,7 +27,7 @@ func CheckCurrentUserCanOperateWorkflow(c echo.Context, projectUid string, workf
 	}
 
 	s := model.GetStorage()
-	access, err := s.UserCanAccessWorkflow(userId, workflow)
+	access, err := s.UserCanAccessWorkflow(userId, workflow.WorkflowId)
 	if err != nil {
 		return err
 	}
@@ -57,7 +57,7 @@ func CheckCurrentUserCanViewWorkflow(c echo.Context, projectUid string, workflow
 	}
 
 	s := model.GetStorage()
-	access, err := s.UserCanAccessWorkflow(userId, workflow)
+	access, err := s.UserCanAccessWorkflow(userId, workflow.WorkflowId)
 	if err != nil {
 		return err
 	}
@@ -88,7 +88,7 @@ func CheckCurrentUserCanOperateTasks(c echo.Context, projectUid string, workflow
 
 	s := model.GetStorage()
 
-	access, err := s.UserCanAccessWorkflow(userId, workflow)
+	access, err := s.UserCanAccessWorkflow(userId, workflow.WorkflowId)
 	if err != nil {
 		return err
 	}
@@ -139,14 +139,15 @@ func checkCurrentUserCanViewTask(c echo.Context, task *model.Task, ops []dmsV1.O
 	}
 
 	s := model.GetStorage()
-	workflow, exist, err := s.GetWorkflowByTaskId(task.ID)
+	workflowId, exist, err := s.GetWorkflowIdByTaskId(task.ID)
 	if err != nil {
 		return err
 	}
 	if !exist {
 		return errors.NewTaskNoExistOrNoAccessErr()
 	}
-	access, err := s.UserCanAccessWorkflow(userId, workflow)
+
+	access, err := s.UserCanAccessWorkflow(userId, workflowId)
 	if err != nil {
 		return err
 	}
@@ -179,14 +180,15 @@ func checkCurrentUserCanOpTask(c echo.Context, task *model.Task, ops []dmsV1.OpP
 	}
 
 	s := model.GetStorage()
-	workflow, exist, err := s.GetWorkflowByTaskId(task.ID)
+	workflowId, exist, err := s.GetWorkflowIdByTaskId(task.ID)
 	if err != nil {
 		return err
 	}
 	if !exist {
 		return errors.NewTaskNoExistOrNoAccessErr()
 	}
-	access, err := s.UserCanAccessWorkflow(userId, workflow)
+
+	access, err := s.UserCanAccessWorkflow(userId, workflowId)
 	if err != nil {
 		return err
 	}

sqle/api/controller/v1/task.go

@@ -529,7 +529,7 @@ func GetTaskSQLs(c echo.Context) error {
 		return controller.JSONBaseErrorReq(c, err)
 	}
 
-	err = CheckCurrentUserCanViewTaskDMS(c, task)
+	err = CheckCurrentUserCanViewTask(c, task)
 	if err != nil {
 		return controller.JSONBaseErrorReq(c, err)
 	}
@@ -793,15 +793,6 @@ func CheckCurrentUserCanOpTask(c echo.Context, task *model.Task) (err error) {
 	return checkCurrentUserCanOpTask(c, task, []dmsV1.OpPermissionType{dmsV1.OpPermissionTypeViewOthersWorkflow})
 }
 
-// TODO 使用DMS的权限校验
-func CheckCurrentUserCanViewTaskDMS(c echo.Context, task *model.Task) error {
-	_, err := controller.GetCurrentUser(c, dms.GetUser)
-	if err != nil {
-		return err
-	}
-	return nil
-}
-
 type SQLExplain struct {
 	SQL     string `json:"sql"`
 	Message string `json:"message"`

sqle/log/logger.go

@@ -78,11 +78,11 @@ func (h *gormLogWrapper) LogMode(level gormLog.LogLevel) gormLog.Interface {
 }
 
 func (h *gormLogWrapper) Trace(ctx context.Context, begin time.Time, fc func() (sql string, rowsAffected int64), err error) {
-	if h.logLevel <= gormLog.Silent {
+	if h.logLevel != gormLog.Info {
 		return
 	}
 	sql, rowsAffected := fc()
-	h.logger.Trace(fmt.Sprintf("trace: sql: %v; rowsAffected: %v; err: %v", sql, rowsAffected, err))
+	h.logger.Debugf(fmt.Sprintf("trace: sql: %v; rowsAffected: %v; err: %v", sql, rowsAffected, err))
 }
 
 func (h *gormLogWrapper) Error(ctx context.Context, format string, a ...interface{}) {

sqle/model/project_permission.go

@@ -337,7 +337,7 @@ import "github.com/actiontech/sqle/sqle/errors"
 //  LEFT JOIN workflow_step_user AS op_wst_re_user ON op_ws.id = op_wst_re_user.workflow_step_id
 // */
 
-func (s *Storage) UserCanAccessWorkflow(userId string, workflow *Workflow) (bool, error) {
+func (s *Storage) UserCanAccessWorkflow(userId string, workflowId string) (bool, error) {
 	query := `SELECT count(w.id) FROM workflows AS w
 JOIN workflow_records AS wr ON w.workflow_record_id = wr.id AND w.workflow_id = ?
 LEFT JOIN workflow_steps AS cur_ws ON wr.current_workflow_step_id = cur_ws.id
@@ -348,7 +348,7 @@ where w.deleted_at IS NULL
 AND (w.create_user_id = ? OR cur_ws.assignees REGEXP ? OR op_ws.assignees REGEXP ?)
 `
 	var count int64
-	err := s.db.Raw(query, workflow.WorkflowId, userId, userId, userId).Count(&count).Error
+	err := s.db.Raw(query, workflowId, userId, userId, userId).Count(&count).Error
 	if err != nil {
 		return false, errors.New(errors.ConnectStorageError, err)
 	}

sqle/model/workflow.go

@@ -1062,9 +1062,9 @@ func (s *Storage) GetWorkflowRecordCountByTaskIds(ids []uint) (int64, error) {
 	return count, nil
 }
 
-func (s *Storage) GetWorkflowByTaskId(id uint) (*Workflow, bool, error) {
+func (s *Storage) GetWorkflowIdByTaskId(id uint) (string, bool, error) {
 	workflow := &Workflow{}
-	err := s.db.Model(&Workflow{}).Select("workflows.id").
+	err := s.db.Model(&Workflow{}).Select("workflows.workflow_id").
 		Joins("LEFT JOIN workflow_records AS wr ON "+
 			"workflows.workflow_record_id = wr.id").
 		Joins("LEFT JOIN workflow_record_history ON "+
@@ -1078,12 +1078,12 @@ func (s *Storage) GetWorkflowByTaskId(id uint) (*Workflow, bool, error) {
 		Where("wir.task_id = ? OR h_wir.task_id = ? AND workflows.id IS NOT NULL", id, id).
 		Limit(1).Group("workflows.id").First(workflow).Error
 	if err == gorm.ErrRecordNotFound {
-		return nil, false, nil
+		return "", false, nil
 	}
 	if err != nil {
-		return nil, false, errors.New(errors.ConnectStorageError, err)
+		return "", false, errors.New(errors.ConnectStorageError, err)
 	}
-	return workflow, true, nil
+	return workflow.WorkflowId, true, nil
 }
 
 func (s *Storage) GetLastWorkflow() (*Workflow, bool, error) {

sqle/server/workflow_schedule.go

@@ -354,7 +354,7 @@ func CheckCurrentUserCanOperateWorkflowByUser(user *model.User, projectUid strin
 		return nil
 	}
 
-	access, err := s.UserCanAccessWorkflow(user.GetIDStr(), workflow)
+	access, err := s.UserCanAccessWorkflow(user.GetIDStr(), workflow.WorkflowId)
 	if err != nil {
 		return err
 	}