PullRequest: 876 用户权限模块调整权限判断方式

之瑛 · 蚂蚁代码服务 · commit 93f5c9ada505 · 2025-07-09T18:32:52.000+08:00
Merge branch 'fix/user-auth of git@code.alipay.com:oceanbase/oceanbase-developer-center.git into dev-4.3.4 https://code.alipay.com/oceanbase/oceanbase-developer-center/pull_requests/876 Reviewed-by: 晓康 <xxk268858@oceanbase.com> * feat: 权限判断更新 * feat: 团队空间 admin 判断 * feat: 自己无法编辑自己 * fix: delete 鉴权 * refactor: 删除多余代码
diff --git a/src/component/ODCSetting/index.tsx b/src/component/ODCSetting/index.tsx
@@ -88,9 +88,7 @@ const ODCSetting: React.FC<IProps> = ({ modalStore }) => {
   const formBoxRef = React.createRef<HTMLDivElement>();
   const scrollSwitcher = useRef<Boolean>(true);
   const [spaceType, setSpaceType] = useState(ESpaceType.USER);
-  const isAdmin = odc.appConfig.manage.user.isAdmin({
-    roleIds: login.user?.roleIds,
-  });
+  const isAdmin = odc.appConfig.manage.user.isODCOrganizationConfig?.(login.user);
   const [searchValue, setSearchValue] = useState('');
 
   const getData = useCallback(
diff --git a/src/d.ts/index.ts b/src/d.ts/index.ts
@@ -183,6 +183,7 @@ export enum IManagerResourceType {
   environment = 'ODC_ENVIRONMENT',
   individual_organization = 'ODC_INDIVIDUAL_ORGANIZATION',
   database = 'ODC_DATABASE',
+  odc_organization_config = 'ODC_ORGANIZATION_CONFIG',
 }
 
 export enum actionTypes {
@@ -234,6 +235,8 @@ export interface IManagerUser {
     resourceIdentifier: number;
     action: string;
   }[];
+  systemOperationPermissions?: IPermission[];
+  resourceManagementPermissions?: IPermission[];
   extraProperties?: Record<string, string>;
   errorMessage?: string;
 }
diff --git a/src/page/Auth/User/component/DetailContent/index.tsx b/src/page/Auth/User/component/DetailContent/index.tsx
@@ -176,6 +176,12 @@ const UserDetail: React.FC<{
     );
   };
 
+  const canDelete = () =>
+    canAcess({
+      resourceIdentifier: IManagerResourceType.user,
+      action: actionTypes.delete,
+    }).accessible;
+
   return (
     <>
       <Descriptions column={1}>
@@ -283,7 +289,7 @@ const UserDetail: React.FC<{
         </Descriptions.Item>
       </Descriptions>
       <Divider />
-      {odc.appConfig.manage.user.delete && (
+      {odc.appConfig.manage.user.delete && canDelete() && (
         <Space size={5}>
           <span>
             {
diff --git a/src/page/Auth/User/index.tsx b/src/page/Auth/User/index.tsx
@@ -47,6 +47,7 @@ import { ResourceContext } from '../context';
 import DetailContent from './component/DetailContent';
 import FormModal from './component/FormModal';
 import styles from './index.less';
+import login from '@/store/login';
 
 interface IProps {
   userStore?: UserStore;
@@ -180,7 +181,7 @@ class UserPage extends React.PureComponent<IProps, IState> {
         ],
 
         render: (enabled, record) => {
-          const disabledOp = this.isAdminOrMe(record);
+          const disabledOp = this.isMe(record);
           return (
             <StatusSwitch
               disabled={disabledOp}
@@ -202,7 +203,7 @@ class UserPage extends React.PureComponent<IProps, IState> {
         key: 'action',
         fixed: 'right' as FixedType,
         render: (value, record) => {
-          const disabledOp = this.isAdminOrMe(record);
+          const disabledOp = this.isMe(record);
           return (
             <Action.Group>
               <Action.Link
@@ -346,15 +347,11 @@ class UserPage extends React.PureComponent<IProps, IState> {
     this.tableRef.current.reload();
   };
 
-  private isAdminOrMe = (user: IManagerUser) => {
+  private isMe = (user: IManagerUser) => {
     const {
       userStore: { user: me },
     } = this.props;
-    const isAdmin = odc.appConfig.manage.user.isAdmin
-      ? odc.appConfig.manage.user.isAdmin(user)
-      : user?.builtIn && user?.accountName === 'admin';
-    const isMeUser = user?.id === me?.id;
-    return isAdmin || isMeUser;
+    return user?.id === me?.id;
   };
 
   private handleCreate = () => {
@@ -403,7 +400,7 @@ class UserPage extends React.PureComponent<IProps, IState> {
   render() {
     const { formModalVisible, detailModalVisible, editId, detailId, users, roles, user } =
       this.state;
-    const disabledOp = this.isAdminOrMe(user);
+    const disabledOp = this.isMe(user);
     const canAcessCreate = canAcess({
       resourceIdentifier: IManagerResourceType.user,
       action: actionTypes.create,
diff --git a/src/plugins/defaultConfig.ts b/src/plugins/defaultConfig.ts
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-import { IRoles, type IManagerUser } from '@/d.ts';
+import { actionTypes, IManagerResourceType, IRoles, type IManagerUser } from '@/d.ts';
 
 export default {
   login: {
@@ -42,6 +42,11 @@ export default {
       isAdmin: (user: Pick<IManagerUser, 'roleIds'>) => {
         return user?.roleIds?.includes(IRoles.SYSTEM_ADMIN);
       },
+      isODCOrganizationConfig: (user: Pick<IManagerUser, 'systemOperationPermissions'>) => {
+        return user?.systemOperationPermissions?.some(
+          (item) => item?.resourceType === IManagerResourceType.odc_organization_config,
+        );
+      },
       tabInVisible: (setting) => {
         return false;
       },
