Merge pull request #4511 from fitzcao/issues_4510

feat: 质量红线权限补齐 #4510

Merge pull request #4511 from fitzcao/issues_4510
feat: 质量红线权限补齐 #4510
3fc266e6 · irwinsun · GitHub · d04dff7e · eb081206 · 3fc266e6
Unverified Commit 3fc266e6 authored 3 years ago by irwinsun Committed by GitHub 3 years ago
Hide whitespace changes
Inline Side-by-side

Showing

with 428 additions and 170 deletions
+428 -170
--- a/src/backend/ci/core/process/biz-process-sample/src/main/kotlin/com/tencent/devops/process/permission/service/impl/V3PipelinePermissionService.kt
+++ b/src/backend/ci/core/process/biz-process-sample/src/main/kotlin/com/tencent/devops/process/permission/service/impl/V3PipelinePermissionService.kt
@@ -139,13 +139,7 @@ class V3PipelinePermissionService constructor(
    }

    override fun supplierForFakePermission(projectId: String): () -> MutableList<String> {
-        return {
-            val fakeList = mutableListOf<String>()
-            pipelineInfoDao.listPipelineIdByProject(dslContext, projectId).forEach {
-                fakeList.add(it)
-            }
-            fakeList
-        }
+        return { mutableListOf() }
    }

    override fun getResourceByPermission(userId: String, projectId: String, permission: AuthPermission): List<String> {

--- a/src/backend/ci/core/quality/biz-quality-sample/src/main/kotlin/com/tencent/devops/quality/QualityConfiguration.kt
+++ b/src/backend/ci/core/quality/biz-quality-sample/src/main/kotlin/com/tencent/devops/quality/QualityConfiguration.kt
@@ -30,8 +30,12 @@ package com.tencent.devops.quality
 import com.tencent.devops.common.auth.api.AuthPermissionApi
 import com.tencent.devops.common.auth.api.AuthResourceApi
 import com.tencent.devops.common.auth.code.QualityAuthServiceCode
+import com.tencent.devops.quality.dao.QualityNotifyGroupDao
+import com.tencent.devops.quality.dao.v2.QualityRuleDao
 import com.tencent.devops.quality.service.QualityPermissionService
 import com.tencent.devops.quality.service.SampleQualityPermissionServiceImpl
+import com.tencent.devops.quality.service.V3QualityPermissionServiceImpl
+import org.jooq.DSLContext
 import org.springframework.boot.autoconfigure.AutoConfigureOrder
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty
 import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication
@@ -50,8 +54,26 @@ class QualityConfiguration {
    fun sampleQualityPermissionService(
        authPermissionApi: AuthPermissionApi,
        authResourceApi: AuthResourceApi,
-        qualityAuthServiceCode: QualityAuthServiceCode
+        qualityAuthServiceCode: QualityAuthServiceCode,
+        qualityRuleDao: QualityRuleDao,
+        groupDao: QualityNotifyGroupDao,
+        dslContext: DSLContext
    ): QualityPermissionService = SampleQualityPermissionServiceImpl(
+        authPermissionApi = authPermissionApi,
+        authResourceApi = authResourceApi,
+        qualityAuthServiceCode = qualityAuthServiceCode,
+        qualityRuleDao = qualityRuleDao,
+        groupDao = groupDao,
+        dslContext = dslContext
+    )
+
+    @Bean
+    @ConditionalOnProperty(prefix = "auth", name = ["idProvider"], havingValue = "v3")
+    fun v3QualityPermissionServiceImpl(
+        authPermissionApi: AuthPermissionApi,
+        authResourceApi: AuthResourceApi,
+        qualityAuthServiceCode: QualityAuthServiceCode
+    ): QualityPermissionService = V3QualityPermissionServiceImpl(
        authPermissionApi = authPermissionApi,
        authResourceApi = authResourceApi,
        qualityAuthServiceCode = qualityAuthServiceCode

--- a/src/backend/ci/core/quality/biz-quality-sample/src/main/kotlin/com/tencent/devops/quality/service/AbsQualityPermissionServiceImpl.kt
+++ b/src/backend/ci/core/quality/biz-quality-sample/src/main/kotlin/com/tencent/devops/quality/service/AbsQualityPermissionServiceImpl.kt
+/*
+ * Tencent is pleased to support the open source community by making BK-CI 蓝鲸持续集成平台 available.
+ *
+ * Copyright (C) 2019 THL A29 Limited, a Tencent company.  All rights reserved.
+ *
+ * BK-CI 蓝鲸持续集成平台 is licensed under the MIT license.
+ *
+ * A copy of the MIT License is included in this file.
+ *
+ *
+ * Terms of the MIT License:
+ * ---------------------------------------------------
+ * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated
+ * documentation files (the "Software"), to deal in the Software without restriction, including without limitation the
+ * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all copies or substantial portions of
+ * the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
+ * LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
+ * NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+ * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+
+package com.tencent.devops.quality.service
+
+import com.tencent.devops.common.api.constant.CommonMessageCode
+import com.tencent.devops.common.api.exception.PermissionForbiddenException
+import com.tencent.devops.common.api.util.HashUtil
+import com.tencent.devops.common.auth.api.AuthPermission
+import com.tencent.devops.common.auth.api.AuthPermissionApi
+import com.tencent.devops.common.auth.api.AuthResourceApi
+import com.tencent.devops.common.auth.api.AuthResourceType
+import com.tencent.devops.common.auth.code.QualityAuthServiceCode
+import com.tencent.devops.common.service.utils.MessageCodeUtil
+
+@Suppress("ALL")
+abstract class AbsQualityPermissionServiceImpl constructor(
+    open val authPermissionApi: AuthPermissionApi,
+    open val authResourceApi: AuthResourceApi,
+    open val qualityAuthServiceCode: QualityAuthServiceCode
+) : QualityPermissionService {
+
+    override fun validateGroupPermission(
+        userId: String,
+        projectId: String,
+        groupId: Long,
+        authPermission: AuthPermission,
+        message: String
+    ) {
+        if (!authPermissionApi.validateUserResourcePermission(
+                user = userId,
+                serviceCode = qualityAuthServiceCode,
+                resourceType = AuthResourceType.QUALITY_GROUP,
+                projectCode = projectId,
+                resourceCode = HashUtil.encodeLongId(groupId),
+                permission = authPermission
+            )) {
+            val permissionMsg = MessageCodeUtil.getCodeLanMessage(
+                messageCode = "${CommonMessageCode.MSG_CODE_PERMISSION_PREFIX}${authPermission.value}",
+                defaultMessage = authPermission.alias
+            )
+            throw PermissionForbiddenException(
+                message = message,
+                params = arrayOf(permissionMsg))
+        }
+    }
+
+    override fun createGroupResource(userId: String, projectId: String, groupId: Long, groupName: String) {
+        authResourceApi.createResource(
+            user = userId,
+            serviceCode = qualityAuthServiceCode,
+            resourceType = AuthResourceType.QUALITY_GROUP,
+            projectCode = projectId,
+            resourceCode = HashUtil.encodeLongId(groupId),
+            resourceName = groupName
+        )
+    }
+
+    override fun modifyGroupResource(projectId: String, groupId: Long, groupName: String) {
+        authResourceApi.modifyResource(
+            serviceCode = qualityAuthServiceCode,
+            resourceType = AuthResourceType.QUALITY_GROUP,
+            projectCode = projectId,
+            resourceCode = HashUtil.encodeLongId(groupId),
+            resourceName = groupName
+        )
+    }
+
+    override fun deleteGroupResource(projectId: String, groupId: Long) {
+        authResourceApi.deleteResource(
+            serviceCode = qualityAuthServiceCode,
+            resourceType = AuthResourceType.QUALITY_GROUP,
+            projectCode = projectId,
+            resourceCode = HashUtil.encodeLongId(groupId)
+        )
+    }
+
+    override fun filterGroup(
+        user: String,
+        projectId: String,
+        authPermissions: Set<AuthPermission>
+    ): Map<AuthPermission, List<Long>> {
+        val permissionResourceMap = authPermissionApi.getUserResourcesByPermissions(
+            user = user,
+            serviceCode = qualityAuthServiceCode,
+            resourceType = AuthResourceType.QUALITY_GROUP,
+            projectCode = projectId,
+            permissions = authPermissions,
+            supplier = supplierForPermissionRule(projectId)
+        )
+        val map = mutableMapOf<AuthPermission, List<Long>>()
+        permissionResourceMap.forEach { (key, value) ->
+            map[key] = value.map { HashUtil.decodeIdToLong(it) }
+        }
+        return map
+    }
+
+    override fun validateRulePermission(userId: String, projectId: String, authPermission: AuthPermission): Boolean {
+        return authPermissionApi.validateUserResourcePermission(
+            user = userId,
+            serviceCode = qualityAuthServiceCode,
+            resourceType = AuthResourceType.QUALITY_GROUP,
+            projectCode = projectId,
+            permission = authPermission
+        )
+    }
+
+    override fun validateRulePermission(
+        userId: String,
+        projectId: String,
+        authPermission: AuthPermission,
+        message: String
+    ) {
+        if (!authPermissionApi.validateUserResourcePermission(
+                user = userId,
+                serviceCode = qualityAuthServiceCode,
+                resourceType = AuthResourceType.QUALITY_GROUP,
+                projectCode = projectId,
+                permission = authPermission
+            )) {
+            val permissionMsg = MessageCodeUtil.getCodeLanMessage(
+                messageCode = "${CommonMessageCode.MSG_CODE_PERMISSION_PREFIX}${authPermission.value}",
+                defaultMessage = authPermission.alias
+            )
+            throw PermissionForbiddenException(
+                message = message,
+                params = arrayOf(permissionMsg)
+            )
+        }
+    }
+
+    override fun validateRulePermission(
+        userId: String,
+        projectId: String,
+        ruleId: Long,
+        authPermission: AuthPermission,
+        message: String
+    ) {
+        if (!authPermissionApi.validateUserResourcePermission(
+                user = userId,
+                serviceCode = qualityAuthServiceCode,
+                resourceType = AuthResourceType.QUALITY_GROUP,
+                projectCode = projectId,
+                resourceCode = HashUtil.encodeLongId(ruleId),
+                permission = authPermission)) {
+            val permissionMsg = MessageCodeUtil.getCodeLanMessage(
+                messageCode = "${CommonMessageCode.MSG_CODE_PERMISSION_PREFIX}${authPermission.value}",
+                defaultMessage = authPermission.alias
+            )
+            throw PermissionForbiddenException(
+                message = message,
+                params = arrayOf(permissionMsg)
+            )
+        }
+    }
+
+    override fun createRuleResource(userId: String, projectId: String, ruleId: Long, ruleName: String) {
+        authResourceApi.createResource(
+            user = userId,
+            serviceCode = qualityAuthServiceCode,
+            resourceType = AuthResourceType.QUALITY_RULE,
+            projectCode = projectId,
+            resourceCode = HashUtil.encodeLongId(ruleId),
+            resourceName = ruleName
+        )
+    }
+
+    override fun modifyRuleResource(projectId: String, ruleId: Long, ruleName: String) {
+        authResourceApi.modifyResource(
+            serviceCode = qualityAuthServiceCode,
+            resourceType = AuthResourceType.QUALITY_RULE,
+            projectCode = projectId,
+            resourceCode = HashUtil.encodeLongId(ruleId),
+            resourceName = ruleName
+        )
+    }
+
+    override fun deleteRuleResource(projectId: String, ruleId: Long) {
+        authResourceApi.deleteResource(
+            serviceCode = qualityAuthServiceCode,
+            resourceType = AuthResourceType.QUALITY_RULE,
+            projectCode = projectId,
+            resourceCode = HashUtil.encodeLongId(ruleId)
+        )
+    }
+
+    override fun filterRules(
+        userId: String,
+        projectId: String,
+        bkAuthPermissionSet: Set<AuthPermission>
+    ): Map<AuthPermission, List<Long>> {
+        val permissionResourceMap = authPermissionApi.getUserResourcesByPermissions(
+            user = userId,
+            serviceCode = qualityAuthServiceCode,
+            resourceType = AuthResourceType.QUALITY_RULE,
+            projectCode = projectId,
+            permissions = bkAuthPermissionSet,
+            supplier = supplierForPermissionGroup(projectId)
+        )
+        val permissionRuleMap = mutableMapOf<AuthPermission, List<Long>>()
+        permissionResourceMap.forEach { (permission, list) ->
+            permissionRuleMap[permission] = list.map { HashUtil.decodeIdToLong(it) }
+        }
+        return permissionRuleMap
+    }
+
+    abstract fun supplierForPermissionGroup(projectId: String): () -> MutableList<String>
+
+    abstract fun supplierForPermissionRule(projectId: String): () -> MutableList<String>
+}
--- a/src/backend/ci/core/quality/biz-quality-sample/src/main/kotlin/com/tencent/devops/quality/service/SampleQualityPermissionServiceImpl.kt
+++ b/src/backend/ci/core/quality/biz-quality-sample/src/main/kotlin/com/tencent/devops/quality/service/SampleQualityPermissionServiceImpl.kt
@@ -27,22 +27,23 @@

 package com.tencent.devops.quality.service

-import com.tencent.devops.common.api.constant.CommonMessageCode
-import com.tencent.devops.common.api.exception.PermissionForbiddenException
-import com.tencent.devops.common.api.util.HashUtil
 import com.tencent.devops.common.auth.api.AuthPermission
 import com.tencent.devops.common.auth.api.AuthPermissionApi
 import com.tencent.devops.common.auth.api.AuthResourceApi
-import com.tencent.devops.common.auth.api.AuthResourceType
 import com.tencent.devops.common.auth.code.QualityAuthServiceCode
-import com.tencent.devops.common.service.utils.MessageCodeUtil
+import com.tencent.devops.quality.dao.QualityNotifyGroupDao
+import com.tencent.devops.quality.dao.v2.QualityRuleDao
+import org.jooq.DSLContext

 @Suppress("ALL")
 class SampleQualityPermissionServiceImpl constructor(
-    val authPermissionApi: AuthPermissionApi,
-    val authResourceApi: AuthResourceApi,
-    val qualityAuthServiceCode: QualityAuthServiceCode
-) : QualityPermissionService {
+    override val authPermissionApi: AuthPermissionApi,
+    override val authResourceApi: AuthResourceApi,
+    override val qualityAuthServiceCode: QualityAuthServiceCode,
+    val qualityRuleDao: QualityRuleDao,
+    val groupDao: QualityNotifyGroupDao,
+    val dslContext: DSLContext
+) : AbsQualityPermissionServiceImpl(authPermissionApi, authResourceApi, qualityAuthServiceCode) {

    override fun validateGroupPermission(
        userId: String,
@@ -51,52 +52,19 @@ class SampleQualityPermissionServiceImpl constructor(
        authPermission: AuthPermission,
        message: String
    ) {
-        if (!authPermissionApi.validateUserResourcePermission(
-                user = userId,
-                serviceCode = qualityAuthServiceCode,
-                resourceType = AuthResourceType.QUALITY_GROUP,
-                projectCode = projectId,
-                resourceCode = HashUtil.encodeLongId(groupId),
-                permission = authPermission
-            )) {
-            val permissionMsg = MessageCodeUtil.getCodeLanMessage(
-                messageCode = "${CommonMessageCode.MSG_CODE_PERMISSION_PREFIX}${authPermission.value}",
-                defaultMessage = authPermission.alias
-            )
-            throw PermissionForbiddenException(
-                message = message,
-                params = arrayOf(permissionMsg))
-        }
+        super.validateGroupPermission(userId, projectId, groupId, authPermission, message)
    }

    override fun createGroupResource(userId: String, projectId: String, groupId: Long, groupName: String) {
-        authResourceApi.createResource(
-            user = userId,
-            serviceCode = qualityAuthServiceCode,
-            resourceType = AuthResourceType.QUALITY_GROUP,
-            projectCode = projectId,
-            resourceCode = HashUtil.encodeLongId(groupId),
-            resourceName = groupName
-        )
+        super.createGroupResource(userId, projectId, groupId, groupName)
    }

    override fun modifyGroupResource(projectId: String, groupId: Long, groupName: String) {
-        authResourceApi.modifyResource(
-            serviceCode = qualityAuthServiceCode,
-            resourceType = AuthResourceType.QUALITY_GROUP,
-            projectCode = projectId,
-            resourceCode = HashUtil.encodeLongId(groupId),
-            resourceName = groupName
-        )
+        super.modifyGroupResource(projectId, groupId, groupName)
    }

    override fun deleteGroupResource(projectId: String, groupId: Long) {
-        authResourceApi.deleteResource(
-            serviceCode = qualityAuthServiceCode,
-            resourceType = AuthResourceType.QUALITY_GROUP,
-            projectCode = projectId,
-            resourceCode = HashUtil.encodeLongId(groupId)
-        )
+        super.deleteGroupResource(projectId, groupId)
    }

    override fun filterGroup(
@@ -104,29 +72,11 @@ class SampleQualityPermissionServiceImpl constructor(
        projectId: String,
        authPermissions: Set<AuthPermission>
    ): Map<AuthPermission, List<Long>> {
-        val permissionResourceMap = authPermissionApi.getUserResourcesByPermissions(
-            user = user,
-            serviceCode = qualityAuthServiceCode,
-            resourceType = AuthResourceType.QUALITY_GROUP,
-            projectCode = projectId,
-            permissions = authPermissions,
-            supplier = null
-        )
-        val map = mutableMapOf<AuthPermission, List<Long>>()
-        permissionResourceMap.forEach { (key, value) ->
-            map[key] = value.map { HashUtil.decodeIdToLong(it) }
-        }
-        return map
+        return super.filterGroup(user, projectId, authPermissions)
    }

    override fun validateRulePermission(userId: String, projectId: String, authPermission: AuthPermission): Boolean {
-        return authPermissionApi.validateUserResourcePermission(
-            user = userId,
-            serviceCode = qualityAuthServiceCode,
-            resourceType = AuthResourceType.QUALITY_GROUP,
-            projectCode = projectId,
-            permission = authPermission
-        )
+        return super.validateRulePermission(userId, projectId, authPermission)
    }

    override fun validateRulePermission(
@@ -135,22 +85,7 @@ class SampleQualityPermissionServiceImpl constructor(
        authPermission: AuthPermission,
        message: String
    ) {
-        if (!authPermissionApi.validateUserResourcePermission(
-                user = userId,
-                serviceCode = qualityAuthServiceCode,
-                resourceType = AuthResourceType.QUALITY_GROUP,
-                projectCode = projectId,
-                permission = authPermission
-            )) {
-            val permissionMsg = MessageCodeUtil.getCodeLanMessage(
-                messageCode = "${CommonMessageCode.MSG_CODE_PERMISSION_PREFIX}${authPermission.value}",
-                defaultMessage = authPermission.alias
-            )
-            throw PermissionForbiddenException(
-                message = message,
-                params = arrayOf(permissionMsg)
-            )
-        }
+        super.validateRulePermission(userId, projectId, authPermission, message)
    }

    override fun validateRulePermission(
@@ -160,52 +95,19 @@ class SampleQualityPermissionServiceImpl constructor(
        authPermission: AuthPermission,
        message: String
    ) {
-        if (!authPermissionApi.validateUserResourcePermission(
-                user = userId,
-                serviceCode = qualityAuthServiceCode,
-                resourceType = AuthResourceType.QUALITY_GROUP,
-                projectCode = projectId,
-                resourceCode = HashUtil.encodeLongId(ruleId),
-                permission = authPermission)) {
-            val permissionMsg = MessageCodeUtil.getCodeLanMessage(
-                messageCode = "${CommonMessageCode.MSG_CODE_PERMISSION_PREFIX}${authPermission.value}",
-                defaultMessage = authPermission.alias
-            )
-            throw PermissionForbiddenException(
-                message = message,
-                params = arrayOf(permissionMsg)
-            )
-        }
+        super.validateRulePermission(userId, projectId, ruleId, authPermission, message)
    }

    override fun createRuleResource(userId: String, projectId: String, ruleId: Long, ruleName: String) {
-        authResourceApi.createResource(
-            user = userId,
-            serviceCode = qualityAuthServiceCode,
-            resourceType = AuthResourceType.QUALITY_RULE,
-            projectCode = projectId,
-            resourceCode = HashUtil.encodeLongId(ruleId),
-            resourceName = ruleName
-        )
+        super.createRuleResource(userId, projectId, ruleId, ruleName)
    }

    override fun modifyRuleResource(projectId: String, ruleId: Long, ruleName: String) {
-        authResourceApi.modifyResource(
-            serviceCode = qualityAuthServiceCode,
-            resourceType = AuthResourceType.QUALITY_RULE,
-            projectCode = projectId,
-            resourceCode = HashUtil.encodeLongId(ruleId),
-            resourceName = ruleName
-        )
+        super.modifyRuleResource(projectId, ruleId, ruleName)
    }

    override fun deleteRuleResource(projectId: String, ruleId: Long) {
-        authResourceApi.deleteResource(
-            serviceCode = qualityAuthServiceCode,
-            resourceType = AuthResourceType.QUALITY_RULE,
-            projectCode = projectId,
-            resourceCode = HashUtil.encodeLongId(ruleId)
-        )
+        super.deleteRuleResource(projectId, ruleId)
    }

    override fun filterRules(
@@ -213,18 +115,34 @@ class SampleQualityPermissionServiceImpl constructor(
        projectId: String,
        bkAuthPermissionSet: Set<AuthPermission>
    ): Map<AuthPermission, List<Long>> {
-        val permissionResourceMap = authPermissionApi.getUserResourcesByPermissions(
-            user = userId,
-            serviceCode = qualityAuthServiceCode,
-            resourceType = AuthResourceType.QUALITY_RULE,
-            projectCode = projectId,
-            permissions = bkAuthPermissionSet,
-            supplier = null
-        )
-        val permissionRuleMap = mutableMapOf<AuthPermission, List<Long>>()
-        permissionResourceMap.forEach { (permission, list) ->
-            permissionRuleMap[permission] = list.map { HashUtil.decodeIdToLong(it) }
+        return super.filterRules(userId, projectId, bkAuthPermissionSet)
+    }
+
+    override fun supplierForPermissionGroup(projectId: String): () -> MutableList<String> {
+        return {
+            val fakeList = mutableListOf<String>()
+            groupDao.list(
+                dslContext = dslContext,
+                projectId = projectId,
+                offset = 0,
+                limit = 500
+            ).forEach {
+                fakeList.add(it.id.toString())
+            }
+            fakeList
+        }
+    }
+
+    override fun supplierForPermissionRule(projectId: String): () -> MutableList<String> {
+        return {
+            val fakeList = mutableListOf<String>()
+            qualityRuleDao.list(
+                dslContext = dslContext,
+                projectId = projectId
+            )?.forEach {
+                fakeList.add(it.id.toString())
+            }
+            fakeList
        }
-        return permissionRuleMap
    }
 }
--- a/src/backend/ci/core/quality/biz-quality-sample/src/main/kotlin/com/tencent/devops/quality/service/V3QualityPermissionServiceImpl.kt
+++ b/src/backend/ci/core/quality/biz-quality-sample/src/main/kotlin/com/tencent/devops/quality/service/V3QualityPermissionServiceImpl.kt
+/*
+ * Tencent is pleased to support the open source community by making BK-CI 蓝鲸持续集成平台 available.
+ *
+ * Copyright (C) 2019 THL A29 Limited, a Tencent company.  All rights reserved.
+ *
+ * BK-CI 蓝鲸持续集成平台 is licensed under the MIT license.
+ *
+ * A copy of the MIT License is included in this file.
+ *
+ *
+ * Terms of the MIT License:
+ * ---------------------------------------------------
+ * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated
+ * documentation files (the "Software"), to deal in the Software without restriction, including without limitation the
+ * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all copies or substantial portions of
+ * the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
+ * LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
+ * NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+ * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+
+package com.tencent.devops.quality.service
+
+import com.tencent.devops.common.auth.api.AuthPermission
+import com.tencent.devops.common.auth.api.AuthPermissionApi
+import com.tencent.devops.common.auth.api.AuthResourceApi
+import com.tencent.devops.common.auth.code.QualityAuthServiceCode
+
+@Suppress("ALL")
+class V3QualityPermissionServiceImpl constructor(
+    override val authPermissionApi: AuthPermissionApi,
+    override val authResourceApi: AuthResourceApi,
+    override val qualityAuthServiceCode: QualityAuthServiceCode
+) : AbsQualityPermissionServiceImpl(authPermissionApi, authResourceApi, qualityAuthServiceCode) {
+    override fun validateGroupPermission(
+        userId: String,
+        projectId: String,
+        groupId: Long,
+        authPermission: AuthPermission,
+        message: String
+    ) {
+        super.validateGroupPermission(userId, projectId, groupId, authPermission, message)
+    }
+
+    override fun createGroupResource(userId: String, projectId: String, groupId: Long, groupName: String) {
+        super.createGroupResource(userId, projectId, groupId, groupName)
+    }
+
+    override fun modifyGroupResource(projectId: String, groupId: Long, groupName: String) {
+        super.modifyGroupResource(projectId, groupId, groupName)
+    }
+
+    override fun deleteGroupResource(projectId: String, groupId: Long) {
+        super.deleteGroupResource(projectId, groupId)
+    }
+
+    override fun filterGroup(user: String, projectId: String, authPermissions: Set<AuthPermission>): Map<AuthPermission, List<Long>> {
+        return super.filterGroup(user, projectId, authPermissions)
+    }
+
+    override fun validateRulePermission(userId: String, projectId: String, authPermission: AuthPermission): Boolean {
+        return super.validateRulePermission(userId, projectId, authPermission)
+    }
+
+    override fun validateRulePermission(userId: String, projectId: String, authPermission: AuthPermission, message: String) {
+        super.validateRulePermission(userId, projectId, authPermission, message)
+    }
+
+    override fun validateRulePermission(
+        userId: String,
+        projectId: String,
+        ruleId: Long,
+        authPermission: AuthPermission,
+        message: String
+    ) {
+        super.validateRulePermission(userId, projectId, ruleId, authPermission, message)
+    }
+
+    override fun createRuleResource(userId: String, projectId: String, ruleId: Long, ruleName: String) {
+        super.createRuleResource(userId, projectId, ruleId, ruleName)
+    }
+
+    override fun modifyRuleResource(projectId: String, ruleId: Long, ruleName: String) {
+        super.modifyRuleResource(projectId, ruleId, ruleName)
+    }
+
+    override fun deleteRuleResource(projectId: String, ruleId: Long) {
+        super.deleteRuleResource(projectId, ruleId)
+    }
+
+    override fun filterRules(
+        userId: String,
+        projectId: String,
+        bkAuthPermissionSet: Set<AuthPermission>
+    ): Map<AuthPermission, List<Long>> {
+        return super.filterRules(userId, projectId, bkAuthPermissionSet)
+    }
+
+    override fun supplierForPermissionGroup(projectId: String): () -> MutableList<String> {
+        return { mutableListOf() }
+    }
+
+    override fun supplierForPermissionRule(projectId: String): () -> MutableList<String> {
+        return { mutableListOf() }
+    }
+}
--- a/src/backend/ci/core/ticket/biz-ticket-sample/src/main/kotlin/com/tencent/devops/ticket/service/V3CertPermissionService.kt
+++ b/src/backend/ci/core/ticket/biz-ticket-sample/src/main/kotlin/com/tencent/devops/ticket/service/V3CertPermissionService.kt
@@ -57,18 +57,7 @@ class V3CertPermissionService @Autowired constructor(
 ) {

    override fun supplierForPermission(projectId: String): () -> MutableList<String> {
-        return {
-            val fakeList = mutableListOf<String>()
-            certDao.listIdByProject(
-                dslContext = dslContext,
-                projectId = projectId,
-                offset = 0,
-                limit = 500
-            ).forEach {
-                fakeList.add(it)
-            }
-            fakeList
-        }
+        return { mutableListOf() }
    }

    override fun validatePermission(
@@ -101,13 +90,13 @@ class V3CertPermissionService @Autowired constructor(
            return true
        }
        return authPermissionApi.validateUserResourcePermission(
-                user = userId,
-                serviceCode = ticketAuthServiceCode,
-                resourceType = AuthResourceType.TICKET_CERT,
-                projectCode = projectId,
-                resourceCode = projectId,
-                permission = AuthPermission.CREATE,
-                relationResourceType = AuthResourceType.PROJECT
+            user = userId,
+            serviceCode = ticketAuthServiceCode,
+            resourceType = AuthResourceType.TICKET_CERT,
+            projectCode = projectId,
+            resourceCode = projectId,
+            permission = AuthPermission.CREATE,
+            relationResourceType = AuthResourceType.PROJECT
        )
    }


--- a/src/backend/ci/core/ticket/biz-ticket-sample/src/main/kotlin/com/tencent/devops/ticket/service/V3CredentialPermissionService.kt
+++ b/src/backend/ci/core/ticket/biz-ticket-sample/src/main/kotlin/com/tencent/devops/ticket/service/V3CredentialPermissionService.kt
@@ -58,18 +58,7 @@ class V3CredentialPermissionService @Autowired constructor(
 ) {

    override fun supplierForFakePermission(projectId: String): () -> MutableList<String> {
-        return {
-            val fakeList = mutableListOf<String>()
-            credentialDao.listByProject(
-                    dslContext = dslContext,
-                    projectId = projectId,
-                    offset = 0,
-                    limit = 500 // 一个项目不会有太多凭证
-            ).forEach {
-                fakeList.add(it.credentialId)
-            }
-            fakeList
-        }
+        return { mutableListOf() }
    }

    override fun validatePermission(