diff --git a/pkg/abac/pap/group.go b/pkg/abac/pap/group.go index 711d0fa9..161cb5bc 100644 --- a/pkg/abac/pap/group.go +++ b/pkg/abac/pap/group.go @@ -44,7 +44,7 @@ type GroupController interface { ListPagingSubjectSystemGroups( _type, id, systemID string, beforeExpiredAt, limit, offset int64, ) ([]SubjectGroup, error) - FilterGroupsHasMemberBeforeExpiredAt(subjects []Subject, expiredAt int64) ([]Subject, error) + ListGroupSubjectBeforeExpiredAtBySubjects(subjects []Subject, expiredAt int64) ([]GroupSubject, error) CheckSubjectEffectGroups(_type, id string, groupIDs []string) (map[string]map[string]interface{}, error) GetGroupMemberCount(_type, id string) (int64, error) @@ -141,7 +141,7 @@ func (c *groupController) GetGroupSubjectCountBeforeExpiredAt(expiredAt int64) ( return c.service.GetGroupSubjectCountBeforeExpiredAt(expiredAt) } -func (c *groupController) FilterGroupsHasMemberBeforeExpiredAt(subjects []Subject, expiredAt int64) ([]Subject, error) { +func (c *groupController) ListGroupSubjectBeforeExpiredAtBySubjects(subjects []Subject, expiredAt int64) ([]GroupSubject, error) { errorWrapf := errorx.NewLayerFunctionErrorWrapf(GroupCTL, "FilterGroupsHasMemberBeforeExpiredAt") svcSubjects := convertToServiceSubjects(subjects) @@ -150,32 +150,20 @@ func (c *groupController) FilterGroupsHasMemberBeforeExpiredAt(subjects []Subjec return nil, errorWrapf(err, "service.ListPKsBySubjects subjects=`%+v` fail", subjects) } - existGroupPKs, err := c.service.FilterGroupPKsHasMemberBeforeExpiredAt(groupPKs, expiredAt) + svcRelations, err := c.service.ListGroupSubjectBeforeExpiredAtByGroupPKs(groupPKs, expiredAt) if err != nil { return nil, errorWrapf( - err, "service.FilterGroupPKsHasMemberBeforeExpiredAt groupPKs=`%+v`, expiredAt=`%d` fail", + err, "service.ListGroupSubjectBeforeExpiredAtByGroupPKs groupPKs=`%+v`, expiredAt=`%d` fail", groupPKs, expiredAt, ) } - existSubjects, err := cacheimpls.BatchGetSubjectByPKs(existGroupPKs) + relations, err := convertToGroupSubjects(svcRelations) if err != nil { - return nil, errorWrapf( - err, "cacheimpls.BatchGetSubjectByPKs groupPKs=`%+v` fail", - existGroupPKs, - ) - } - - existGroups := make([]Subject, 0, len(existGroupPKs)) - for _, subject := range existSubjects { - existGroups = append(existGroups, Subject{ - Type: subject.Type, - ID: subject.ID, - Name: subject.Name, - }) + return nil, errorWrapf(err, "convertToGroupSubjects svcRelations=`%+v` fail", svcRelations) } - return existGroups, nil + return relations, nil } func (c *groupController) CheckSubjectEffectGroups( diff --git a/pkg/abac/pap/mock/group.go b/pkg/abac/pap/mock/group.go index da0e8745..1286628d 100644 --- a/pkg/abac/pap/mock/group.go +++ b/pkg/abac/pap/mock/group.go @@ -108,21 +108,6 @@ func (mr *MockGroupControllerMockRecorder) DeleteGroupMembers(_type, id, members return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "DeleteGroupMembers", reflect.TypeOf((*MockGroupController)(nil).DeleteGroupMembers), _type, id, members) } -// FilterGroupsHasMemberBeforeExpiredAt mocks base method. -func (m *MockGroupController) FilterGroupsHasMemberBeforeExpiredAt(subjects []pap.Subject, expiredAt int64) ([]pap.Subject, error) { - m.ctrl.T.Helper() - ret := m.ctrl.Call(m, "FilterGroupsHasMemberBeforeExpiredAt", subjects, expiredAt) - ret0, _ := ret[0].([]pap.Subject) - ret1, _ := ret[1].(error) - return ret0, ret1 -} - -// FilterGroupsHasMemberBeforeExpiredAt indicates an expected call of FilterGroupsHasMemberBeforeExpiredAt. -func (mr *MockGroupControllerMockRecorder) FilterGroupsHasMemberBeforeExpiredAt(subjects, expiredAt interface{}) *gomock.Call { - mr.mock.ctrl.T.Helper() - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "FilterGroupsHasMemberBeforeExpiredAt", reflect.TypeOf((*MockGroupController)(nil).FilterGroupsHasMemberBeforeExpiredAt), subjects, expiredAt) -} - // GetGroupMemberCount mocks base method. func (m *MockGroupController) GetGroupMemberCount(_type, id string) (int64, error) { m.ctrl.T.Helper() @@ -213,6 +198,21 @@ func (mr *MockGroupControllerMockRecorder) GetTemplateGroupMemberCount(_type, id return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetTemplateGroupMemberCount", reflect.TypeOf((*MockGroupController)(nil).GetTemplateGroupMemberCount), _type, id, templateID) } +// ListGroupSubjectBeforeExpiredAtBySubjects mocks base method. +func (m *MockGroupController) ListGroupSubjectBeforeExpiredAtBySubjects(subjects []pap.Subject, expiredAt int64) ([]pap.GroupSubject, error) { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "ListGroupSubjectBeforeExpiredAtBySubjects", subjects, expiredAt) + ret0, _ := ret[0].([]pap.GroupSubject) + ret1, _ := ret[1].(error) + return ret0, ret1 +} + +// ListGroupSubjectBeforeExpiredAtBySubjects indicates an expected call of ListGroupSubjectBeforeExpiredAtBySubjects. +func (mr *MockGroupControllerMockRecorder) ListGroupSubjectBeforeExpiredAtBySubjects(subjects, expiredAt interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ListGroupSubjectBeforeExpiredAtBySubjects", reflect.TypeOf((*MockGroupController)(nil).ListGroupSubjectBeforeExpiredAtBySubjects), subjects, expiredAt) +} + // ListPagingGroupMember mocks base method. func (m *MockGroupController) ListPagingGroupMember(_type, id string, limit, offset int64) ([]pap.GroupMember, error) { m.ctrl.T.Helper() diff --git a/pkg/api/web/handler/group.go b/pkg/api/web/handler/group.go index 11503d90..7284cdfe 100644 --- a/pkg/api/web/handler/group.go +++ b/pkg/api/web/handler/group.go @@ -319,10 +319,10 @@ func ListExistGroupsHasMemberBeforeExpiredAt(c *gin.Context) { copier.Copy(&papSubjects, &body.Subjects) ctl := pap.NewGroupController() - existGroups, err := ctl.FilterGroupsHasMemberBeforeExpiredAt(papSubjects, body.BeforeExpiredAt) + existGroups, err := ctl.ListGroupSubjectBeforeExpiredAtBySubjects(papSubjects, body.BeforeExpiredAt) if err != nil { err = errorWrapf( - err, "ctl.FilterGroupsHasMemberBeforeExpiredAt subjects=`%+v`, beforeExpiredAt=`%d`", + err, "ctl.ListGroupSubjectBeforeExpiredAtBySubjects subjects=`%+v`, beforeExpiredAt=`%d`", papSubjects, body.BeforeExpiredAt, ) util.SystemErrorJSONResponse(c, err) diff --git a/pkg/database/dao/mock/subject_group.go b/pkg/database/dao/mock/subject_group.go index 154d6eac..07a6f0fd 100644 --- a/pkg/database/dao/mock/subject_group.go +++ b/pkg/database/dao/mock/subject_group.go @@ -106,21 +106,6 @@ func (mr *MockSubjectGroupManagerMockRecorder) BulkUpdateExpiredAtWithTx(tx, rel return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "BulkUpdateExpiredAtWithTx", reflect.TypeOf((*MockSubjectGroupManager)(nil).BulkUpdateExpiredAtWithTx), tx, relations) } -// FilterGroupPKsHasMemberBeforeExpiredAt mocks base method. -func (m *MockSubjectGroupManager) FilterGroupPKsHasMemberBeforeExpiredAt(groupPKs []int64, expiredAt int64) ([]int64, error) { - m.ctrl.T.Helper() - ret := m.ctrl.Call(m, "FilterGroupPKsHasMemberBeforeExpiredAt", groupPKs, expiredAt) - ret0, _ := ret[0].([]int64) - ret1, _ := ret[1].(error) - return ret0, ret1 -} - -// FilterGroupPKsHasMemberBeforeExpiredAt indicates an expected call of FilterGroupPKsHasMemberBeforeExpiredAt. -func (mr *MockSubjectGroupManagerMockRecorder) FilterGroupPKsHasMemberBeforeExpiredAt(groupPKs, expiredAt interface{}) *gomock.Call { - mr.mock.ctrl.T.Helper() - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "FilterGroupPKsHasMemberBeforeExpiredAt", reflect.TypeOf((*MockSubjectGroupManager)(nil).FilterGroupPKsHasMemberBeforeExpiredAt), groupPKs, expiredAt) -} - // GetExpiredAtBySubjectGroup mocks base method. func (m *MockSubjectGroupManager) GetExpiredAtBySubjectGroup(subjectPK, groupPK int64) (int64, error) { m.ctrl.T.Helper() @@ -376,6 +361,21 @@ func (mr *MockSubjectGroupManagerMockRecorder) ListRelationBySubjectPKGroupPKs(s return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ListRelationBySubjectPKGroupPKs", reflect.TypeOf((*MockSubjectGroupManager)(nil).ListRelationBySubjectPKGroupPKs), subjectPK, groupPKs) } +// ListRelationBySubjectPKGroupPKsBeforeExpiredAt mocks base method. +func (m *MockSubjectGroupManager) ListRelationBySubjectPKGroupPKsBeforeExpiredAt(groupPKs []int64, expiredAt int64) ([]dao.ThinSubjectRelation, error) { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "ListRelationBySubjectPKGroupPKsBeforeExpiredAt", groupPKs, expiredAt) + ret0, _ := ret[0].([]dao.ThinSubjectRelation) + ret1, _ := ret[1].(error) + return ret0, ret1 +} + +// ListRelationBySubjectPKGroupPKsBeforeExpiredAt indicates an expected call of ListRelationBySubjectPKGroupPKsBeforeExpiredAt. +func (mr *MockSubjectGroupManagerMockRecorder) ListRelationBySubjectPKGroupPKsBeforeExpiredAt(groupPKs, expiredAt interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ListRelationBySubjectPKGroupPKsBeforeExpiredAt", reflect.TypeOf((*MockSubjectGroupManager)(nil).ListRelationBySubjectPKGroupPKsBeforeExpiredAt), groupPKs, expiredAt) +} + // ListThinRelationAfterExpiredAtBySubjectPKs mocks base method. func (m *MockSubjectGroupManager) ListThinRelationAfterExpiredAtBySubjectPKs(subjectPKs []int64, expiredAt int64) ([]dao.ThinSubjectRelation, error) { m.ctrl.T.Helper() diff --git a/pkg/database/dao/subject_group.go b/pkg/database/dao/subject_group.go index 5efbab4b..220fa8cd 100644 --- a/pkg/database/dao/subject_group.go +++ b/pkg/database/dao/subject_group.go @@ -65,7 +65,10 @@ type SubjectGroupManager interface { ) (members []ThinSubjectRelation, err error) ListRelationBySubjectPKGroupPKs(subjectPK int64, groupPKs []int64) ([]SubjectRelation, error) - FilterGroupPKsHasMemberBeforeExpiredAt(groupPKs []int64, expiredAt int64) ([]int64, error) + ListRelationBySubjectPKGroupPKsBeforeExpiredAt( + groupPKs []int64, + expiredAt int64, + ) ([]ThinSubjectRelation, error) BulkCreateWithTx(tx *sqlx.Tx, relations []SubjectRelation) error BulkDeleteBySubjectPKsWithTx(tx *sqlx.Tx, subjectPKs []int64) error @@ -399,23 +402,24 @@ func (m *subjectGroupManager) ListPagingGroupSubjectBeforeExpiredAt( return } -// FilterGroupPKsHasMemberBeforeExpiredAt get the group pks before timestamp(expiredAt) -func (m *subjectGroupManager) FilterGroupPKsHasMemberBeforeExpiredAt( +// ListRelationBySubjectPKGroupPKsBeforeExpiredAt get the group pks before timestamp(expiredAt) +func (m *subjectGroupManager) ListRelationBySubjectPKGroupPKsBeforeExpiredAt( groupPKs []int64, expiredAt int64, -) ([]int64, error) { - expiredGroupPKs := []int64{} - // TODO: DISTINCT 大表很慢 +) ([]ThinSubjectRelation, error) { + relations := []ThinSubjectRelation{} query := `SELECT - DISTINCT parent_pk + subject_pk, + parent_pk, + policy_expired_at FROM subject_relation WHERE parent_pk IN (?) AND policy_expired_at < ?` - err := database.SqlxSelect(m.DB, &expiredGroupPKs, query, groupPKs, expiredAt) + err := database.SqlxSelect(m.DB, &relations, query, groupPKs, expiredAt) if errors.Is(err, sql.ErrNoRows) { - return expiredGroupPKs, nil + return relations, nil } - return expiredGroupPKs, err + return relations, err } func (m *subjectGroupManager) ListRelationBySubjectPKGroupPKs( diff --git a/pkg/service/group.go b/pkg/service/group.go index dfa3716f..6225736e 100644 --- a/pkg/service/group.go +++ b/pkg/service/group.go @@ -51,7 +51,9 @@ type GroupService interface { subjectPK int64, groupPKs []int64, ) ([]types.SubjectGroupWithSource, error) - FilterGroupPKsHasMemberBeforeExpiredAt(groupPKs []int64, expiredAt int64) ([]int64, error) + ListGroupSubjectBeforeExpiredAtByGroupPKs( + groupPKs []int64, expiredAt int64, + ) ([]types.GroupSubject, error) BulkDeleteBySubjectPKsWithTx(tx *sqlx.Tx, subjectPKs []int64) error BulkDeleteByGroupPKsWithTx(tx *sqlx.Tx, subjectPKs []int64) error @@ -273,11 +275,18 @@ func (l *groupService) ListPagingSubjectSystemGroups( return subjectGroups, err } -// FilterGroupPKsHasMemberBeforeExpiredAt filter the exists and not expired subjects -func (l *groupService) FilterGroupPKsHasMemberBeforeExpiredAt( +// ListGroupSubjectBeforeExpiredAtByGroupPKs filter the exists and not expired subjects +func (l *groupService) ListGroupSubjectBeforeExpiredAtByGroupPKs( groupPKs []int64, expiredAt int64, -) ([]int64, error) { - return l.manager.FilterGroupPKsHasMemberBeforeExpiredAt(groupPKs, expiredAt) +) ([]types.GroupSubject, error) { + daoRelations, err := l.manager.ListRelationBySubjectPKGroupPKsBeforeExpiredAt(groupPKs, expiredAt) + if err != nil { + return nil, errorx.Wrapf(err, GroupSVC, + "ListRelationBySubjectPKGroupPKsBeforeExpiredAt", "ids=`%+v`, expiredAt=`%d`", + groupPKs, expiredAt) + } + + return convertToGroupSubjects(daoRelations), nil } func (l *groupService) ListEffectSubjectGroupsBySubjectPKGroupPKs( diff --git a/pkg/service/mock/group.go b/pkg/service/mock/group.go index 7bac86b0..edbccbbf 100644 --- a/pkg/service/mock/group.go +++ b/pkg/service/mock/group.go @@ -149,21 +149,6 @@ func (mr *MockGroupServiceMockRecorder) BulkUpdateSubjectSystemGroupBySubjectTem return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "BulkUpdateSubjectSystemGroupBySubjectTemplateGroupWithTx", reflect.TypeOf((*MockGroupService)(nil).BulkUpdateSubjectSystemGroupBySubjectTemplateGroupWithTx), tx, relations) } -// FilterGroupPKsHasMemberBeforeExpiredAt mocks base method. -func (m *MockGroupService) FilterGroupPKsHasMemberBeforeExpiredAt(groupPKs []int64, expiredAt int64) ([]int64, error) { - m.ctrl.T.Helper() - ret := m.ctrl.Call(m, "FilterGroupPKsHasMemberBeforeExpiredAt", groupPKs, expiredAt) - ret0, _ := ret[0].([]int64) - ret1, _ := ret[1].(error) - return ret0, ret1 -} - -// FilterGroupPKsHasMemberBeforeExpiredAt indicates an expected call of FilterGroupPKsHasMemberBeforeExpiredAt. -func (mr *MockGroupServiceMockRecorder) FilterGroupPKsHasMemberBeforeExpiredAt(groupPKs, expiredAt interface{}) *gomock.Call { - mr.mock.ctrl.T.Helper() - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "FilterGroupPKsHasMemberBeforeExpiredAt", reflect.TypeOf((*MockGroupService)(nil).FilterGroupPKsHasMemberBeforeExpiredAt), groupPKs, expiredAt) -} - // GetGroupMemberCount mocks base method. func (m *MockGroupService) GetGroupMemberCount(groupPK int64) (int64, error) { m.ctrl.T.Helper() @@ -374,6 +359,21 @@ func (mr *MockGroupServiceMockRecorder) ListGroupMember(groupPK interface{}) *go return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ListGroupMember", reflect.TypeOf((*MockGroupService)(nil).ListGroupMember), groupPK) } +// ListGroupSubjectBeforeExpiredAtByGroupPKs mocks base method. +func (m *MockGroupService) ListGroupSubjectBeforeExpiredAtByGroupPKs(groupPKs []int64, expiredAt int64) ([]types.GroupSubject, error) { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "ListGroupSubjectBeforeExpiredAtByGroupPKs", groupPKs, expiredAt) + ret0, _ := ret[0].([]types.GroupSubject) + ret1, _ := ret[1].(error) + return ret0, ret1 +} + +// ListGroupSubjectBeforeExpiredAtByGroupPKs indicates an expected call of ListGroupSubjectBeforeExpiredAtByGroupPKs. +func (mr *MockGroupServiceMockRecorder) ListGroupSubjectBeforeExpiredAtByGroupPKs(groupPKs, expiredAt interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ListGroupSubjectBeforeExpiredAtByGroupPKs", reflect.TypeOf((*MockGroupService)(nil).ListGroupSubjectBeforeExpiredAtByGroupPKs), groupPKs, expiredAt) +} + // ListPagingGroupMember mocks base method. func (m *MockGroupService) ListPagingGroupMember(groupPK, limit, offset int64) ([]types.GroupMember, error) { m.ctrl.T.Helper()