Merge branch 'master' into issue_756

src/backend/analyst/api-analyst/src/main/kotlin/com/tencent/bkrepo/analyst/pojo/request/ScanQualityUpdateRequest.kt

@@ -49,10 +49,10 @@ data class ScanQualityUpdateRequest(
             if (redLine != null && redLine < 0) {
                 throw ErrorCodeException(CommonMessageCode.PARAMETER_INVALID, level.levelName)
             }
-            redLine?.let { map[level.levelName] = it }
+            map[level.levelName] = redLine
         }
-        this.forbidScanUnFinished?.let { map[ScanQualityUpdateRequest::forbidScanUnFinished.name] = it }
-        this.forbidQualityUnPass?.let { map[ScanQualityUpdateRequest::forbidQualityUnPass.name] = it }
+        map[ScanQualityUpdateRequest::forbidScanUnFinished.name] = this.forbidScanUnFinished
+        map[ScanQualityUpdateRequest::forbidQualityUnPass.name] = this.forbidQualityUnPass
         return map
     }
 }

src/backend/analyst/api-analyst/src/main/kotlin/com/tencent/bkrepo/analyst/pojo/rule/RuleArtifact.kt

@@ -39,4 +39,8 @@ data class RuleArtifact(
      * 制品版本
      */
     val version: String? = null
-)
+) {
+    companion object {
+        const val RULE_FIELD_LATEST_VERSION = "latestVersion"
+    }
+}

src/backend/analyst/biz-analyst/src/main/kotlin/com/tencent/bkrepo/analyst/dao/ScanPlanDao.kt

@@ -245,7 +245,12 @@ class ScanPlanDao : ScannerSimpleMongoDao<TScanPlan>() {
     private fun buildQualityUpdate(quality: Map<String, Any?>): Update {
         val update = Update()
         quality.forEach { entry ->
-            update.set("${TScanPlan::scanQuality.name}.${entry.key}", entry.value)
+            val key = "${TScanPlan::scanQuality.name}.${entry.key}"
+            if (entry.value == null) {
+                update.unset(key)
+            } else {
+                update.set(key, entry.value)
+            }
         }
         return update
     }

src/backend/analyst/biz-analyst/src/main/kotlin/com/tencent/bkrepo/analyst/event/ScanEventConsumer.kt

@@ -32,6 +32,7 @@ import com.tencent.bkrepo.analyst.pojo.AutoScanConfiguration
 import com.tencent.bkrepo.analyst.pojo.ScanTriggerType
 import com.tencent.bkrepo.analyst.pojo.request.ScanRequest
 import com.tencent.bkrepo.analyst.pojo.rule.RuleArtifact
+import com.tencent.bkrepo.analyst.pojo.rule.RuleArtifact.Companion.RULE_FIELD_LATEST_VERSION
 import com.tencent.bkrepo.analyst.service.ProjectScanConfigurationService
 import com.tencent.bkrepo.analyst.service.ScanService
 import com.tencent.bkrepo.analyst.service.ScannerService
@@ -253,12 +254,14 @@ class ScanEventConsumer(
             }
 
             if ((event.type == EventType.VERSION_CREATED || event.type == EventType.VERSION_UPDATED)) {
-                val valuesToMatch = mapOf(
+                val valuesToMatch = mapOf<String, Any>(
                     PackageSummary::projectId.name to projectId,
                     PackageSummary::repoName.name to repoName,
                     PackageSummary::type.name to data[VersionCreatedEvent::packageType.name] as String,
                     RuleArtifact::name.name to data[VersionCreatedEvent::packageName.name] as String,
-                    RuleArtifact::version.name to data[VersionCreatedEvent::packageVersion.name] as String
+                    RuleArtifact::version.name to data[VersionCreatedEvent::packageVersion.name] as String,
+                    // 默认当前正在创建的是最新版本
+                    RULE_FIELD_LATEST_VERSION to true
                 )
                 return RuleMatcher.match(rule, valuesToMatch)
             }

src/backend/analyst/biz-analyst/src/main/kotlin/com/tencent/bkrepo/analyst/statemachine/TaskStateMachineConfiguration.kt

@@ -103,6 +103,8 @@ class TaskStateMachineConfiguration(
             transition(PULLED, PULLED, PULL, subtaskActions)
             transition(PULLED, EXECUTING, EXECUTE, subtaskActions)
             transition(PULLED, CREATED, DISPATCH_FAILED, subtaskActions)
+            // 超过最长允许执行的时间时，可能会从PULLED转移到FAILED状态
+            transition(PULLED, FAILED, SubtaskEvent.FAILED, subtaskActions)
 
             // finished state
             transition(BLOCKED, BLOCK_TIMEOUT, SubtaskEvent.BLOCK_TIMEOUT, subtaskActions)

src/backend/analyst/biz-analyst/src/main/kotlin/com/tencent/bkrepo/analyst/statemachine/iterator/PackageIterator.kt

@@ -40,6 +40,7 @@ import com.tencent.bkrepo.repository.api.PackageClient
 import com.tencent.bkrepo.repository.pojo.node.NodeDetail
 import com.tencent.bkrepo.repository.pojo.packages.PackageSummary
 import com.tencent.bkrepo.analyst.pojo.rule.RuleArtifact
+import com.tencent.bkrepo.analyst.pojo.rule.RuleArtifact.Companion.RULE_FIELD_LATEST_VERSION
 import com.tencent.bkrepo.analyst.utils.Request
 import org.slf4j.LoggerFactory
 import kotlin.math.min
@@ -267,7 +268,6 @@ class PackageIterator(
 
     companion object {
         private val logger = LoggerFactory.getLogger(PackageIterator::class.java)
-        private const val RULE_FIELD_LATEST_VERSION = "latestVersion"
 
         private val packageSelect = listOf(
             PackageSummary::projectId.name,

src/backend/analyst/biz-analyst/src/main/kotlin/com/tencent/bkrepo/analyst/statemachine/subtask/action/FinishSubtaskAction.kt

@@ -175,7 +175,7 @@ class FinishSubtaskAction(
 
         // 质量规则检查结果
         val planId = subTask.planId
-        val qualityPass = if (planId != null && overview.isNotEmpty()) {
+        val qualityPass = if (planId != null) {
             scanQualityService.checkScanQualityRedLine(planId, overview as Map<String, Number>)
         } else {
             null

src/backend/analyst/biz-analyst/src/main/kotlin/com/tencent/bkrepo/analyst/statemachine/subtask/action/ReuseResultAction.kt

@@ -100,8 +100,8 @@ class ReuseResultAction(
             val now = LocalDateTime.now()
             val repoInfo = cacheableRepositoryClient.get(projectId, repoName)
             // 质量检查结果
-            val qualityPass = if (!qualityRule.isNullOrEmpty() && overview != null) {
-                scanQualityService.checkScanQualityRedLine(qualityRule, overview, context.scanner)
+            val qualityPass = if (!qualityRule.isNullOrEmpty()) {
+                scanQualityService.checkScanQualityRedLine(qualityRule, overview ?: emptyMap(), context.scanner)
             } else {
                 null
             }

src/backend/auth/api-auth/src/main/kotlin/com/tencent/bkrepo/auth/constant/Constants.kt

@@ -93,6 +93,8 @@ const val AUTH_API_ROLE_SYS_LIST_PREFIX = "api/role/sys/list"
 const val AUTH_API_PERMISSION_LIST_PREFIX = "api/permission/list/inproject"
 const val AUTH_API_PERMISSION_USER_PREFIX = "api/permission/user"
 const val AUTH_API_USER_UPDATE_PREFIX = "api/user/update/info"
+const val AUTH_API_USER_DELETE_PREFIX = "api/user/delete"
+const val AUTH_API_USER_ASSET_USER_GROUP_PREFIX = "api/user/group"
 
 const val AUTH_CLUSTER_TOKEN_INFO_PREFIX = "/cluster/temporary/token/info"
 const val AUTH_CLUSTER_TOKEN_DELETE_PREFIX = "/cluster/temporary/token/delete"

src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/controller/OpenResource.kt

@@ -36,6 +36,7 @@ import com.tencent.bkrepo.auth.pojo.enums.AuthPermissionType
 import com.tencent.bkrepo.auth.pojo.enums.PermissionAction
 import com.tencent.bkrepo.auth.pojo.enums.ResourceType
 import com.tencent.bkrepo.auth.pojo.permission.CheckPermissionRequest
+import com.tencent.bkrepo.auth.pojo.user.UserInfo
 import com.tencent.bkrepo.auth.service.PermissionService
 import com.tencent.bkrepo.common.api.exception.ErrorCodeException
 import com.tencent.bkrepo.common.api.message.CommonMessageCode
@@ -55,6 +56,15 @@ open class OpenResource(private val permissionService: PermissionService) {
         }
     }
 
+    /**
+     *  userId's assetUsers contain userContext or userContext be admin
+     */
+    fun preCheckUserOrAssetUser(userId: String, users:List<UserInfo>) {
+        if(!users.any { userInfo -> userInfo.userId.equals(userId) }) {
+            preCheckContextUser(userId)
+        }
+    }
+
     /**
      * the userContext should be admin
      */

src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/controller/user/UserController.kt

@@ -57,6 +57,7 @@ import com.tencent.bkrepo.common.security.exception.AuthenticationException
 import com.tencent.bkrepo.common.security.http.jwt.JwtAuthProperties
 import com.tencent.bkrepo.common.security.util.JwtUtils
 import com.tencent.bkrepo.common.security.util.RsaUtils
+import com.tencent.bkrepo.common.security.util.SecurityUtils
 import com.tencent.bkrepo.common.service.util.HttpContextHolder
 import com.tencent.bkrepo.common.service.util.ResponseBuilder
 import io.swagger.annotations.ApiOperation
@@ -133,9 +134,9 @@ class UserController @Autowired constructor(
     }
 
     @ApiOperation("删除用户")
-    @DeleteMapping("/{uid}")
+    @DeleteMapping("/delete/{uid}")
     fun deleteById(@PathVariable uid: String): Response<Boolean> {
-        preCheckContextUser(uid)
+        preCheckUserOrAssetUser(uid, userService.getRelatedUserById(SecurityUtils.getUserId()))
         userService.deleteById(uid)
         return ResponseBuilder.success(true)
     }
@@ -206,7 +207,7 @@ class UserController @Autowired constructor(
         @RequestParam expiredAt: String?,
         @RequestParam projectId: String?
     ): Response<Token?> {
-        preCheckContextUser(uid)
+        preCheckUserOrAssetUser(uid, userService.getRelatedUserById(SecurityUtils.getUserId()))
         // add user token
         val result = userService.addUserToken(uid, name, expiredAt)
         return ResponseBuilder.success(result)
@@ -363,6 +364,16 @@ class UserController @Autowired constructor(
         return ResponseBuilder.success(userService.validateEntityUser(uid))
     }
 
+    @ApiOperation("相关虚拟列表")
+    @GetMapping("/group")
+    fun userGroup(
+        @RequestParam userName: String? = null,
+        @RequestParam asstUser: String,
+    ): Response<List<UserInfo>> {
+        val result = userService.getRelatedUserById(asstUser,userName)
+        return ResponseBuilder.success(result)
+    }
+
     companion object {
         private val logger = LoggerFactory.getLogger(UserController::class.java)
     }

src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/interceptor/AuthInterceptor.kt

@@ -43,6 +43,8 @@ import com.tencent.bkrepo.auth.constant.AUTH_API_PROJECT_ADMIN_PREFIX
 import com.tencent.bkrepo.auth.constant.AUTH_API_ROLE_SYS_LIST_PREFIX
 import com.tencent.bkrepo.auth.constant.AUTH_API_TOKEN_LIST_PREFIX
 import com.tencent.bkrepo.auth.constant.AUTH_API_TOKEN_PREFIX
+import com.tencent.bkrepo.auth.constant.AUTH_API_USER_DELETE_PREFIX
+import com.tencent.bkrepo.auth.constant.AUTH_API_USER_ASSET_USER_GROUP_PREFIX
 import com.tencent.bkrepo.auth.constant.AUTH_API_USER_INFO_PREFIX
 import com.tencent.bkrepo.auth.constant.AUTH_API_USER_LIST_PREFIX
 import com.tencent.bkrepo.auth.constant.AUTH_API_USER_UPDATE_PREFIX
@@ -244,7 +246,9 @@ class AuthInterceptor(
             AUTH_API_ROLE_SYS_LIST_PREFIX,
             AUTH_API_PERMISSION_LIST_PREFIX,
             AUTH_API_PERMISSION_USER_PREFIX,
-            AUTH_API_USER_UPDATE_PREFIX
+            AUTH_API_USER_UPDATE_PREFIX,
+            AUTH_API_USER_DELETE_PREFIX,
+            AUTH_API_USER_ASSET_USER_GROUP_PREFIX
         )
 
         private val anonymousAccessApiSet = setOf(

src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/repository/UserRepository.kt

@@ -41,6 +41,6 @@ interface UserRepository : MongoRepository<TUser, String> {
     fun findFirstByUserIdAndRoles(userId: String, roleId: String): TUser?
     fun deleteByUserId(userId: String)
     fun findAllByRolesIn(rids: List<String>): List<TUser>
-
+    fun findAllByAsstUsersIn(userIds: List<String>): List<TUser>
     fun findFirstByUserIdAndRolesIn(userId: String, rids: List<String>): TUser?
 }

src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/service/UserService.kt

@@ -90,4 +90,6 @@ interface UserService {
     fun removeUserAccount(userId: String, accountId: String): Boolean
 
     fun validateEntityUser(userId: String): Boolean
+
+    fun getRelatedUserById(asstUser: String, userName: String? = null): List<UserInfo>
 }

src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/service/local/UserServiceImpl.kt

@@ -418,6 +418,11 @@ class UserServiceImpl constructor(
         return record != null && !record.group
     }
 
+    override fun getRelatedUserById(asstUser: String, userName: String?): List<UserInfo> {
+        val query = UserQueryHelper.getUserByAsstUsers(asstUser, userName)
+        return mongoTemplate.find(query, TUser::class.java).map { UserRequestUtil.convToUserInfo(it) }
+    }
+
     companion object {
         private val logger = LoggerFactory.getLogger(UserServiceImpl::class.java)
     }

src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/util/query/UserQueryHelper.kt

@@ -4,6 +4,9 @@ import com.tencent.bkrepo.auth.model.TUser
 import com.tencent.bkrepo.auth.util.DataDigestUtils
 import org.springframework.data.mongodb.core.query.Criteria
 import org.springframework.data.mongodb.core.query.Query
+import org.springframework.data.mongodb.core.query.Query.query
+import org.springframework.data.mongodb.core.query.and
+
 
 object UserQueryHelper {
 
@@ -62,4 +65,19 @@ object UserQueryHelper {
         locked?.let { criteria.and(TUser::locked.name).`is`(locked) }
         return Query(criteria)
     }
+
+    fun getUserByAsstUsers(userId: String, userName: String?): Query {
+        val criteria = Criteria()
+        userName?.let {
+            criteria.orOperator(
+                Criteria.where(TUser::userId.name).regex("^$userName"),
+                Criteria.where(TUser::name.name).regex("^$userName")
+            )
+        }
+        userId.let {
+            criteria.and(TUser::asstUsers.name).`in`( *arrayOf(userId))
+            criteria.and(TUser::group.name).`is`(true)
+        }
+        return Query(criteria)
+    }
 }

src/backend/common/common-api/src/main/kotlin/com/tencent/bkrepo/common/api/constant/Constants.kt

@@ -106,3 +106,9 @@ const val TEMPORARY_TOKEN_AUTH_PREFIX = "Temporary "
 const val MS_AUTH_HEADER_UID = "X-BKREPO-MS-UID"
 
 const val MS_REQUEST_SRC_CLUSTER = "X-BKREPO-MS-CLUSTER"
+
+/**
+ * 验证是否允许下载时，写入request attributes的key
+ */
+const val CLIENT_ADDRESS = "clientAddress"
+const val DOWNLOAD_SOURCE = "downloadSource"

src/backend/common/common-api/src/main/kotlin/com/tencent/bkrepo/common/api/message/CommonMessageCode.kt

@@ -54,6 +54,7 @@ enum class CommonMessageCode(private val key: String) : MessageCode {
     REQUEST_RANGE_INVALID("system.request-range.invalid"),
     MODIFY_PASSWORD_FAILED("modify.password.failed"),
     OPERATION_CROSS_CLUSTER_NOT_ALLOWED("operation.cross-cluster.not-allowed"),
+    MEDIA_TYPE_UNACCEPTABLE("system.media-type.unacceptable"),
     ;
 
     override fun getBusinessCode() = ordinal + 1

src/backend/common/common-artifact/artifact-api/src/main/kotlin/com/tencent/bkrepo/common/artifact/message/ArtifactMessageCode.kt

@@ -66,7 +66,8 @@ enum class ArtifactMessageCode(private val key: String) : MessageCode {
     ARTIFACT_SIZE_TOO_LARGE("artifact.size.too-large"),
     ARTIFACT_TYPE_UNSUPPORTED("artifact.type.unsupported"),
     ARTIFACT_FORBIDDEN("artifact.forbidden"),
-    NODE_CREATE_TIMEOUT("artifact.node.create.timeout")
+    NODE_CREATE_TIMEOUT("artifact.node.create.timeout"),
+    SIZE_CHECK_FAILED("artifact.size.check-failed")
     ;
 
     override fun getBusinessCode() = ordinal + 1

src/backend/common/common-artifact/artifact-api/src/main/kotlin/com/tencent/bkrepo/common/artifact/pojo/RepositoryType.kt

@@ -42,7 +42,6 @@ enum class RepositoryType {
     PYPI,
     NPM,
     HELM,
-    RDS,
     COMPOSER,
     RPM,
     NUGET,

src/backend/common/common-artifact/artifact-api/src/main/resources/i18n/messages_en.properties

@@ -33,6 +33,7 @@ artifact.receive.failed=Receive artifact stream failed: {0}
 artifact.response.failed=Response artifact stream failed: {0}
 artifact.data.not-found=Artifact file data not found
 artifact.digest.check-failed=Failed to check artifact {0} digest
+artifact.size.check-failed=Failed to check artifact {0} size
 artifact.project.existed=Project [{0}] existed
 artifact.repository.not-found=Repository [{0}] not found
 artifact.repository.existed=Repository [{0}] existed

src/backend/common/common-artifact/artifact-api/src/main/resources/i18n/messages_zh_CN.properties

@@ -28,6 +28,7 @@ artifact.receive.failed=数据流接收异常: {0}
 artifact.response.failed=数据流响应异常: {0}
 artifact.data.not-found=构件文件数据不存在
 artifact.digest.check-failed=校验构件{0}摘要失败
+artifact.size.check-failed=校验构件{0}大小失败
 artifact.project.not-found=项目[{0}]不存在
 artifact.project.existed=项目[{0}]已存在
 artifact.repository.not-found=仓库[{0}]不存在

src/backend/common/common-artifact/artifact-api/src/main/resources/i18n/messages_zh_TW.properties

@@ -28,6 +28,7 @@ artifact.receive.failed=數據流接收異常: {0}
 artifact.response.failed=數據流响应异常: {0}
 artifact.data.not-found=文件數據不存在
 artifact.digest.check-failed=校驗文件{0}摘要失敗
+artifact.size.check-failed=校驗文件{0}大小失敗
 artifact.project.not-found=項目[{0}]不存在
 artifact.project.existed=項目[{0}]已存在
 artifact.repository.not-found=倉庫[{0}]不存在

src/backend/common/common-artifact/artifact-service/src/main/kotlin/com/tencent/bkrepo/common/artifact/interceptor/DownloadInterceptorFactory.kt

@@ -27,6 +27,7 @@
 
 package com.tencent.bkrepo.common.artifact.interceptor
 
+import com.tencent.bkrepo.common.api.constant.DOWNLOAD_SOURCE
 import com.tencent.bkrepo.common.api.constant.HttpHeaders
 import com.tencent.bkrepo.common.artifact.constant.DownloadInterceptorType
 import com.tencent.bkrepo.common.artifact.constant.FORBID_STATUS
@@ -40,6 +41,7 @@ import com.tencent.bkrepo.common.artifact.interceptor.impl.OfficeNetworkIntercep
 import com.tencent.bkrepo.common.artifact.interceptor.impl.PackageMetadataInterceptor
 import com.tencent.bkrepo.common.artifact.interceptor.impl.WebInterceptor
 import com.tencent.bkrepo.common.service.util.HeaderUtils
+import com.tencent.bkrepo.common.service.util.HttpContextHolder
 import com.tencent.bkrepo.repository.pojo.node.NodeDetail
 import com.tencent.bkrepo.repository.pojo.packages.PackageVersion
 import org.slf4j.LoggerFactory
@@ -112,6 +114,10 @@ class DownloadInterceptorFactory(
         }
 
         private fun getDownloadSource(): DownloadInterceptorType {
+            val downloadSource = HttpContextHolder.getRequestOrNull()?.getAttribute(DOWNLOAD_SOURCE)?.toString()
+            if (!downloadSource.isNullOrBlank()) {
+                return DownloadInterceptorType.valueOf(downloadSource)
+            }
             val userAgent = HeaderUtils.getHeader(HttpHeaders.USER_AGENT) ?: return DownloadInterceptorType.WEB
             logger.debug("download user agent: $userAgent")
             return when {

src/backend/common/common-artifact/artifact-service/src/main/kotlin/com/tencent/bkrepo/common/artifact/interceptor/impl/IpSegmentInterceptor.kt

@@ -64,7 +64,7 @@ class IpSegmentInterceptor(
             return true
         }
 
-        val clientIp = HttpContextHolder.getClientAddress()
+        val clientIp = HttpContextHolder.getClientAddressFromAttribute()
         val officeNetworkIpSegment = if (officeNetworkEnabled) properties.officeNetwork.whiteList else emptyList()
         val ipSegment = officeNetworkIpSegment.plus(customIpSegment)
         ipSegment.forEach {

src/backend/common/common-artifact/artifact-service/src/main/kotlin/com/tencent/bkrepo/common/artifact/util/PackageKeys.kt

@@ -42,7 +42,6 @@ object PackageKeys {
     private const val DOCKER = "docker"
     private const val NPM = "npm"
     private const val HELM = "helm"
-    private const val RDS = "rds"
     private const val RPM = "rpm"
     private const val PYPI = "pypi"
     private const val COMPOSER = "composer"
@@ -110,14 +109,6 @@ object PackageKeys {
         return ofName(HELM, name)
     }
 
-    /**
-     * 生成rds格式key
-     *
-     * 例子: rds://test
-     */
-    fun ofRds(name: String): String {
-        return ofName(RDS, name)
-    }
 
     /**
      * 生成rpm格式key
@@ -184,15 +175,6 @@ object PackageKeys {
         return resolveName(HELM, helmKey)
     }
 
-    /**
-     * 解析rds格式的key
-     *
-     * 例子: rds://test  ->  test
-     */
-    fun resolveRds(rdsKey: String): String {
-        return resolveName(RDS, rdsKey)
-    }
-
     /**
      * 解析docker格式的key
      *