Merge pull request #685 from actiontech/chore/sqle-ee-issue-2448

[feature]: add permission control for navigation menus and routing

Author: Rain-1214

packages/base/src/App.tsx

@@ -14,11 +14,16 @@ import { StyledEngineProvider, ThemeProvider } from '@mui/system';
 import {
   EmptyBox,
   HeaderProgress,
+  LocalStorageWrapper,
   SpinIndicator,
   useTypedNavigate
 } from '@actiontech/shared';
 import { useNotificationContext } from '@actiontech/shared/lib/hooks';
-import { SupportLanguage, SupportTheme } from '@actiontech/shared/lib/enum';
+import {
+  StorageKey,
+  SupportLanguage,
+  SupportTheme
+} from '@actiontech/shared/lib/enum';
 import Nav from './page/Nav';
 import {
   useChangeTheme,
@@ -57,6 +62,7 @@ import sharedEmitterKey from '@actiontech/shared/lib/data/EmitterKey';
 import useRecentlySelectedZone from './hooks/useRecentlySelectedZone';
 import { debounce } from 'lodash';
 import './index.less';
+import { IUserBindProject } from '@actiontech/shared/lib/api/base/service/common';
 
 dayjs.extend(updateLocale);
 dayjs.updateLocale('zh-cn', {
@@ -113,7 +119,9 @@ function App() {
   const {
     isUserInfoFetched,
     theme,
-    language: currentLanguage
+    language: currentLanguage,
+    username,
+    bindProjects
   } = useCurrentUser();
 
   const { fetchModuleSupportStatus, isFeatureSupportFetched } =
@@ -141,13 +149,37 @@ function App() {
   );
   // #endif
 
+  const catchProjectID = useMemo<string>(() => {
+    const data = LocalStorageWrapper.get(StorageKey.DMS_Project_Catch);
+    try {
+      const recentlyProjectsRecord = JSON.parse(data || '{}');
+      const localData: Pick<IUserBindProject, 'project_id' | 'project_name'>[] =
+        recentlyProjectsRecord[username] ?? [];
+      const recentlyProjects =
+        localData.filter((v) =>
+          bindProjects.some((project) => project.project_id === v.project_id)
+        ) ?? [];
+
+      return recentlyProjects[0]?.project_id ?? '';
+    } catch (error) {
+      // eslint-disable-next-line no-console
+      console.error(error);
+      return '';
+    }
+  }, [bindProjects, username]);
+
   const AuthRouterConfigData = useMemo(() => {
     const filterRoutesByPermission: (
       routes: RouterConfigItem[]
     ) => RouterConfigItem[] = (routes) => {
       const verifiedRoutes: RouterConfigItem[] = [];
       return routes.reduce((acc, route) => {
-        if (route.permission && !checkPagePermission(route.permission)) {
+        if (
+          route.permission &&
+          !checkPagePermission(route.permission, {
+            targetProjectID: catchProjectID
+          })
+        ) {
           return acc;
         }
         if (route.children) {
@@ -166,7 +198,12 @@ function App() {
       return filterRoutesByPermission(AuthRouterConfig);
     }
     return AuthRouterConfig;
-  }, [checkPagePermission, isFeatureSupportFetched, isUserInfoFetched]);
+  }, [
+    checkPagePermission,
+    catchProjectID,
+    isFeatureSupportFetched,
+    isUserInfoFetched
+  ]);
 
   const elements = useRoutes(
     token ? (AuthRouterConfigData as RouteObject[]) : unAuthRouterConfig

packages/base/src/page/Nav/SideMenu/MenuList/index.tsx

@@ -73,7 +73,9 @@ const MenuList: React.FC<Props> = ({ projectID }) => {
     ): CustomMenuItemType[] => {
       return requiredMenus.filter((menu) => {
         if (menu?.permission) {
-          return checkPagePermission(menu.permission);
+          return checkPagePermission(menu.permission, {
+            targetProjectID: projectID
+          });
         }
 
         if ((menu as SubMenuType)?.children) {

packages/base/src/page/Nav/SideMenu/MenuList/menus/__tests__/__snapshots__/common.test.tsx.snap

@@ -261,6 +261,7 @@ exports[`test genMenuItemsWithMenuStructTree should match snapshot 4`] = `
         >
           流水线配置
         </ForwardRef(TypedLink)>,
+        "permission": "page:pipeline_configuration",
         "structKey": "pipeline-configuration",
         "to": "/sqle/project/600300/pipeline-configuration",
       },
@@ -282,6 +283,7 @@ exports[`test genMenuItemsWithMenuStructTree should match snapshot 4`] = `
         >
           SQL管控
         </ForwardRef(TypedLink)>,
+        "permission": "page:sql_management",
         "structKey": "sql-management",
         "to": "/sqle/project/600300/sql-management",
       },
@@ -296,6 +298,7 @@ exports[`test genMenuItemsWithMenuStructTree should match snapshot 4`] = `
         >
           SQL管控配置
         </ForwardRef(TypedLink)>,
+        "permission": "page:sql_management_conf",
         "structKey": "sql-management-conf",
         "to": "/sqle/project/600300/sql-management-conf",
       },

packages/base/src/page/Nav/SideMenu/MenuList/menus/sqle.tsx

@@ -84,7 +84,8 @@ const sqlManagementMenuItem: GenerateMenuItemI18nConfig = (projectID) => ({
   }),
   icon: <ManagementFilled width={18} height={18} />,
   key: `sqle/project/${SIDE_MENU_DATA_PLACEHOLDER_KEY}/sql-management`,
-  structKey: 'sql-management'
+  structKey: 'sql-management',
+  permission: PERMISSIONS.PAGES.SQLE.SQL_MANAGEMENT
 });
 
 const projectRuleTemplateMenuItem: GenerateMenuItemI18nConfig = (
@@ -149,7 +150,8 @@ const sqlManagementConf: GenerateMenuItemI18nConfig = (projectID) => ({
   }),
   icon: <PlanFilled width={18} height={18} />,
   key: `sqle/project/${SIDE_MENU_DATA_PLACEHOLDER_KEY}/sql-management-conf`,
-  structKey: 'sql-management-conf'
+  structKey: 'sql-management-conf',
+  permission: PERMISSIONS.PAGES.SQLE.SQL_MANAGEMENT_CONF
 });
 
 const pushRuleConfiguration: GenerateMenuItemI18nConfig = (projectID) => ({
@@ -169,7 +171,8 @@ const pipelineConfiguration: GenerateMenuItemI18nConfig = (projectID) => ({
   }),
   icon: <PipelineOutlined width={18} height={18} />,
   key: `sqle/project/${SIDE_MENU_DATA_PLACEHOLDER_KEY}/pipeline-configuration`,
-  structKey: 'pipeline-configuration'
+  structKey: 'pipeline-configuration',
+  permission: PERMISSIONS.PAGES.SQLE.PIPELINE_CONFIGURATION
 });
 
 const versionManagement: GenerateMenuItemI18nConfig = (projectID) => ({

packages/shared/lib/features/usePermission/__tests__/__snapshots__/index.test.ts.snap

@@ -32,6 +32,9 @@ exports[`usePermission should match snapshot 1`] = `
         "TEST": "action:test_db_service",
         "TEST_IN_MORE_BUTTON": "action:test_db_service_in_more_button",
       },
+      "GLOBAL_DASHBOARD": {
+        "PENDING_SQL_NAVIGATE_TO_SQL_MANAGEMENT": "action:global_dashboard_pending_sql_navigate_to_sql_management",
+      },
       "GLOBAL_DATA_SOURCE": {
         "ADD": "action:add_global_db_service",
         "BATCH_IMPORT": "action:batch_import_global_db_service",
@@ -239,8 +242,11 @@ exports[`usePermission should match snapshot 1`] = `
     "SQLE": {
       "KNOWLEDGE": "page:knowledge",
       "OPERATION_RECORD": "page:operation_record",
+      "PIPELINE_CONFIGURATION": "page:pipeline_configuration",
       "REPORT_STATISTICS": "page:report_statistics",
       "RULE_MANAGEMENT": "page:rule_management",
+      "SQL_MANAGEMENT": "page:sql_management",
+      "SQL_MANAGEMENT_CONF": "page:sql_management_conf",
       "SQL_OPTIMIZATION": "page:sql_optimization",
     },
   },
@@ -954,6 +960,15 @@ exports[`usePermission should match snapshot 2`] = `
     "id": "action:export_workflow",
     "type": "action",
   },
+  "action:global_dashboard_pending_sql_navigate_to_sql_management": {
+    "id": "action:global_dashboard_pending_sql_navigate_to_sql_management",
+    "projectManager": true,
+    "role": [
+      "admin",
+      "systemAdministrator",
+    ],
+    "type": "action",
+  },
   "action:global_rule_template_create_rule_template": {
     "id": "action:global_rule_template_create_rule_template",
     "role": [
@@ -1535,6 +1550,15 @@ exports[`usePermission should match snapshot 2`] = `
     ],
     "type": "page",
   },
+  "page:pipeline_configuration": {
+    "id": "page:pipeline_configuration",
+    "projectManager": true,
+    "role": [
+      "admin",
+      "systemAdministrator",
+    ],
+    "type": "page",
+  },
   "page:report_statistics": {
     "id": "page:report_statistics",
     "role": [
@@ -1563,6 +1587,24 @@ exports[`usePermission should match snapshot 2`] = `
     ],
     "type": "page",
   },
+  "page:sql_management": {
+    "id": "page:sql_management",
+    "projectManager": true,
+    "role": [
+      "admin",
+      "systemAdministrator",
+    ],
+    "type": "page",
+  },
+  "page:sql_management_conf": {
+    "id": "page:sql_management_conf",
+    "projectManager": true,
+    "role": [
+      "admin",
+      "systemAdministrator",
+    ],
+    "type": "page",
+  },
   "page:sql_optimization": {
     "id": "page:sql_optimization",
     "moduleSupport": [

packages/shared/lib/features/usePermission/__tests__/index.test.ts

@@ -157,7 +157,15 @@ describe('usePermission', () => {
         [SystemRole.systemAdministrator]: false,
         [SystemRole.projectDirector]: false,
         [SystemRole.auditAdministrator]: false
-      }
+      },
+      bindProjects: [
+        {
+          project_id: mockProjectInfo.projectID,
+          project_name: 'test',
+          is_manager: true,
+          archived: false
+        }
+      ]
     });
     const { result } = renderHook(() => usePermission());
 
@@ -184,6 +192,9 @@ describe('usePermission', () => {
         PERMISSIONS.PAGES.SQLE.SQL_OPTIMIZATION
       )
     ).toBeFalsy();
+    expect(
+      result.current.checkPagePermission(PERMISSIONS.PAGES.SQLE.SQL_MANAGEMENT)
+    ).toBeTruthy();
   });
 
   it('should check action permission correctly', () => {

packages/shared/lib/features/usePermission/index.type.ts

@@ -46,3 +46,7 @@ export type CheckActionPermissionOtherValues<T> = {
   authDataSourceId?: string;
   targetProjectID?: string;
 };
+
+export type CheckPagePermissionOtherValues = {
+  targetProjectID?: string;
+};

packages/shared/lib/features/usePermission/permissionManifest.ts

@@ -114,7 +114,34 @@ export const PERMISSION_MANIFEST: Record<
       SystemRole.certainProjectManager
     ]
   },
+  [PERMISSIONS.PAGES.SQLE.PIPELINE_CONFIGURATION]: {
+    id: PERMISSIONS.PAGES.SQLE.PIPELINE_CONFIGURATION,
+    type: 'page',
+    role: [SystemRole.admin, SystemRole.systemAdministrator],
+    projectManager: true
+  },
+  [PERMISSIONS.PAGES.SQLE.SQL_MANAGEMENT]: {
+    id: PERMISSIONS.PAGES.SQLE.SQL_MANAGEMENT,
+    type: 'page',
+    role: [SystemRole.admin, SystemRole.systemAdministrator],
+    projectManager: true
+  },
+  [PERMISSIONS.PAGES.SQLE.SQL_MANAGEMENT_CONF]: {
+    id: PERMISSIONS.PAGES.SQLE.SQL_MANAGEMENT_CONF,
+    type: 'page',
+    role: [SystemRole.admin, SystemRole.systemAdministrator],
+    projectManager: true
+  },
   // action
+  // global dashboard
+  [PERMISSIONS.ACTIONS.BASE.GLOBAL_DASHBOARD
+    .PENDING_SQL_NAVIGATE_TO_SQL_MANAGEMENT]: {
+    id: PERMISSIONS.ACTIONS.BASE.GLOBAL_DASHBOARD
+      .PENDING_SQL_NAVIGATE_TO_SQL_MANAGEMENT,
+    type: 'action',
+    role: [SystemRole.admin, SystemRole.systemAdministrator],
+    projectManager: true
+  },
 
   //cloud beaver
   [PERMISSIONS.ACTIONS.BASE.CLOUD_BEAVER.EXPORT]: {

packages/shared/lib/features/usePermission/permissions.ts

@@ -13,7 +13,10 @@ export const PERMISSIONS = {
       SQL_OPTIMIZATION: 'page:sql_optimization',
       REPORT_STATISTICS: 'page:report_statistics',
       RULE_MANAGEMENT: 'page:rule_management',
-      KNOWLEDGE: 'page:knowledge'
+      KNOWLEDGE: 'page:knowledge',
+      PIPELINE_CONFIGURATION: 'page:pipeline_configuration',
+      SQL_MANAGEMENT: 'page:sql_management',
+      SQL_MANAGEMENT_CONF: 'page:sql_management_conf'
     }
   },
   ACTIONS: {
@@ -30,6 +33,10 @@ export const PERMISSIONS = {
           DELETE: 'action:delete_role'
         }
       },
+      GLOBAL_DASHBOARD: {
+        PENDING_SQL_NAVIGATE_TO_SQL_MANAGEMENT:
+          'action:global_dashboard_pending_sql_navigate_to_sql_management'
+      },
       GLOBAL_DATA_SOURCE: {
         EDIT: 'action:edit_global_db_service',
         DELETE: 'action:delete_global_db_service',

packages/shared/lib/features/usePermission/usePermission.ts

@@ -3,10 +3,12 @@ import useCurrentUser from '../useCurrentUser';
 import { PERMISSION_MANIFEST, PermissionDetail } from './permissionManifest';
 import { PermissionsConstantType } from './permissions';
 import useCurrentProject from '../useCurrentProject';
+
 import {
   ActiontechTableActionsWithPermissions,
   ActiontechTableToolbarActionWithPermissions,
-  CheckActionPermissionOtherValues
+  CheckActionPermissionOtherValues,
+  CheckPagePermissionOtherValues
 } from './index.type';
 import { ActiontechTableProps } from '../../components/ActiontechTable';
 import {
@@ -44,7 +46,6 @@ const usePermission = () => {
     },
     [bindProjects, projectID]
   );
-
   const checkDbServicePermission = useCallback(
     (
       opPermissionType: OpPermissionItemOpPermissionTypeEnum,
@@ -111,13 +112,23 @@ const usePermission = () => {
   );
 
   const checkPagePermission = useCallback(
-    (requiredPermission: PermissionsConstantType): boolean => {
+    (
+      requiredPermission: PermissionsConstantType,
+      otherValues?: CheckPagePermissionOtherValues
+    ): boolean => {
+      const { targetProjectID } = otherValues ?? {};
       const permissionDetails = PERMISSION_MANIFEST[requiredPermission];
+      const projectAttributesStatus =
+        getProjectAttributesStatus(targetProjectID);
+
       return (
-        checkRoles(permissionDetails) && checkModuleSupport(permissionDetails)
+        ((projectAttributesStatus.isManager &&
+          permissionDetails.projectManager === true) ||
+          checkRoles(permissionDetails)) &&
+        checkModuleSupport(permissionDetails)
       );
     },
-    [checkModuleSupport, checkRoles]
+    [checkModuleSupport, checkRoles, getProjectAttributesStatus]
   );
 
   const checkActionPermission = useCallback(