增加环境维护人，控制对应配置修改权限

src/main/java/com/qmth/ops/api/controller/admin/AppController.java

@@ -47,14 +47,14 @@ public class AppController {
 
     @PostMapping("/insert")
     public AppDTO insert(@RequestAttribute AdminSession adminSession, App app) {
-        adminSession.validateRole(Role.ADMIN, Role.OPS);
+        adminSession.validateRole(Role.ADMIN);
         appService.insert(app);
         return appService.findDTO(app.getId());
     }
 
     @PostMapping("/update")
     public AppDTO update(@RequestAttribute AdminSession adminSession, App app) {
-        adminSession.validateRole(Role.ADMIN, Role.OPS);
+        adminSession.validateRole(Role.ADMIN);
         appService.update(app);
         return appService.findDTO(app.getId());
     }
@@ -62,7 +62,7 @@ public class AppController {
     @PostMapping("/master_version")
     public AppDTO updateMasterVersion(@RequestAttribute AdminSession adminSession, @RequestParam Long id,
             @RequestParam Long versionId) {
-        adminSession.validateRole(Role.ADMIN, Role.OPS);
+        adminSession.validateRole(Role.ADMIN);
         appService.setMasterVersion(appService.getById(id), versionService.getById(versionId));
         return appService.findDTO(id);
     }

src/main/java/com/qmth/ops/api/controller/admin/EnvController.java

@@ -37,13 +37,13 @@ public class EnvController {
 
     @PostMapping("/insert")
     public Env insert(@RequestAttribute AdminSession adminSession, Env env) {
-        adminSession.validateRole(Role.ADMIN, Role.OPS);
+        adminSession.validateRole(Role.ADMIN);
         return envService.insert(env);
     }
 
     @PostMapping("/update")
     public Env update(@RequestAttribute AdminSession adminSession, Env env) {
-        adminSession.validateRole(Role.ADMIN, Role.OPS);
+        adminSession.validateRole(Role.ADMIN);
         return envService.update(env);
     }
 

src/main/java/com/qmth/ops/api/controller/admin/ModuleController.java

@@ -27,13 +27,13 @@ public class ModuleController {
 
     @PostMapping("/insert")
     public Module insert(@RequestAttribute AdminSession adminSession, Module module) {
-        adminSession.validateRole(Role.ADMIN, Role.DEV);
+        adminSession.validateRole(Role.ADMIN);
         return moduleService.insert(module);
     }
 
     @PostMapping("/update")
     public Module update(@RequestAttribute AdminSession adminSession, Module module) {
-        adminSession.validateRole(Role.ADMIN, Role.DEV);
+        adminSession.validateRole(Role.ADMIN);
         return moduleService.update(module);
     }
 

src/main/java/com/qmth/ops/api/controller/admin/NginxConfigController.java

@@ -3,7 +3,6 @@ package com.qmth.ops.api.controller.admin;
 import com.qmth.ops.api.constants.OpsApiConstants;
 import com.qmth.ops.api.security.AdminSession;
 import com.qmth.ops.biz.domain.NginxConfig;
-import com.qmth.ops.biz.domain.Role;
 import com.qmth.ops.biz.service.AppService;
 import com.qmth.ops.biz.service.EnvService;
 import com.qmth.ops.biz.service.ModuleService;
@@ -39,8 +38,8 @@ public class NginxConfigController {
     @PostMapping("/update")
     public Object update(@RequestAttribute AdminSession adminSession, @RequestParam Long appId,
             @RequestParam Long envId, @RequestParam(required = false) Long moduleId, @RequestParam String content) {
-        adminSession.validateRole(Role.DEV, Role.OPS, Role.ADMIN);
         adminSession.validateApp(appService.getById(appId));
+        adminSession.validateEnv(envService.getById(envId));
         return nginxConfigService.update(appService.getById(appId), envService.getById(envId),
                 moduleId != null ? moduleService.getById(moduleId) : null, content);
     }

src/main/java/com/qmth/ops/api/controller/admin/PropertyController.java

@@ -69,7 +69,7 @@ public class PropertyController {
             @RequestParam Long versionId, @RequestParam Long moduleId, @RequestParam MultipartFile file,
             @RequestParam FileFormat extension, @RequestParam(required = false) Long inheritVersionId)
             throws IOException {
-        adminSession.validateRole(Role.DEV);
+        adminSession.validateRole(Role.ADMIN, Role.DEV);
         adminSession.validateApp(appService.getById(appId));
         return propertyService.updateBaseline(appService.getById(appId), versionService.getById(versionId),
                 moduleService.getById(moduleId), file.getInputStream(), extension,
@@ -78,7 +78,7 @@ public class PropertyController {
 
     @PostMapping("/baseline/item/update")
     public PropertyItem updateBaselineItem(@RequestAttribute AdminSession adminSession, PropertyItem item) {
-        adminSession.validateRole(Role.DEV);
+        adminSession.validateRole(Role.ADMIN, Role.DEV);
         adminSession.validateApp(appService.getById(item.getAppId()));
         return propertyService.updateBaselineItem(item);
     }
@@ -89,8 +89,9 @@ public class PropertyController {
         adminSession.validateApp(appService.getById(appId));
         Env env = envService.getById(envId);
         List<PropertyItem> list = propertyService.listPropertyItem(appId, versionId, moduleId, env.getId());
-        //非环境可编辑用户，需要隐藏机密信息
-        if (!adminSession.getUser().hasRole(env.getType().getRole())) {
+        //非管理员/运维角色，且非环境维护用户，需要隐藏机密信息
+        if (!adminSession.getUser().hasRole(Role.ADMIN, Role.OPS) && !adminSession.getUser().getId()
+                .equals(env.getUserId())) {
             for (PropertyItem item : list) {
                 //包含密钥/密码类信息
                 if (item.getKey().contains("secret") || item.getKey().contains("password")) {
@@ -113,9 +114,8 @@ public class PropertyController {
 
     @PostMapping("/item/update")
     public PropertyItem updatePropertyItem(@RequestAttribute AdminSession adminSession, PropertyItem item) {
-        adminSession.validateRole(Role.TEST, Role.OPS);
         adminSession.validateApp(appService.getById(item.getAppId()));
-        adminSession.validateEnv(envService.getById(item.getEnvId()).getType());
+        adminSession.validateEnv(envService.getById(item.getEnvId()));
         return propertyService.updatePropertyItem(item);
     }
 

src/main/java/com/qmth/ops/api/security/AdminSession.java

@@ -4,7 +4,7 @@ import com.qmth.boot.core.exception.UnauthorizedException;
 import com.qmth.boot.core.security.model.AccessEntity;
 import com.qmth.ops.api.dto.LoginResult;
 import com.qmth.ops.biz.domain.App;
-import com.qmth.ops.biz.domain.EnvType;
+import com.qmth.ops.biz.domain.Env;
 import com.qmth.ops.biz.domain.Role;
 import com.qmth.ops.biz.domain.User;
 import com.qmth.ops.biz.service.AppUserService;
@@ -44,8 +44,8 @@ public class AdminSession implements AccessEntity {
         }
     }
 
-    public void validateEnv(EnvType envType) {
-        if (!user.hasRole(envType.getRole())) {
+    public void validateEnv(Env env) {
+        if (!user.hasRole(Role.ADMIN) && !user.getId().equals(env.getUserId())) {
             throw new UnauthorizedException("没有环境操作权限");
         }
     }

src/main/java/com/qmth/ops/biz/domain/Env.java

@@ -22,6 +22,8 @@ public class Env implements Serializable {
 
     private EnvType type;
 
+    private Long userId;
+
     private Long createTime;
 
     private Long updateTime;
@@ -66,6 +68,14 @@ public class Env implements Serializable {
         this.type = type;
     }
 
+    public Long getUserId() {
+        return userId;
+    }
+
+    public void setUserId(Long userId) {
+        this.userId = userId;
+    }
+
     public Long getCreateTime() {
         return createTime;
     }

src/main/java/com/qmth/ops/biz/domain/EnvType.java

@@ -2,25 +2,18 @@ package com.qmth.ops.biz.domain;
 
 public enum EnvType {
 
-    TEST("测试环境", Role.TEST, Role.OPS), PROD("生产环境", Role.OPS);
+    TEST("测试环境"), PROD("生产环境");
 
     private String name;
 
-    private Role[] role;
-
-    private EnvType(String name, Role... role) {
+    EnvType(String name) {
         this.name = name;
-        this.role = role;
     }
 
     public String getName() {
         return name;
     }
 
-    public Role[] getRole() {
-        return role;
-    }
-
     public String getCode() {
         return toString().toUpperCase();
     }