feat(project): add built-in project for user (#2895)

* delete useless resource add

* add built-in project for user

* code format

* remove apsara feature code

* code format

* edit description

* edit method return value

* merge two methods

* code optimization

* bind dataSource permission

* edit default project name

* code format

* avoid DB operate in for iteration

* code optimization

* add description param

* code format

* add annotate

server/odc-service/src/main/java/com/oceanbase/odc/service/collaboration/IndividualOrganizationMigrator.java

@@ -99,9 +99,6 @@ private ResourceConfig getResourceConfig(DataSource dataSource, Long userId, Lon
         List<String> resourceLocations = new LinkedList<>();
         resourceLocations.add("migrate/common/V_3_2_0_6__iam_permission.yaml");
         resourceLocations.add("migrate/common/V_3_3_0_4__iam_permission.yaml");
-        resourceLocations.add("migrate/common/V_3_4_0_2__iam_permission.yaml");
-        resourceLocations.add("migrate/common/V_3_4_0_13__data_masking_rule.yaml");
-        resourceLocations.add("migrate/common/V_3_4_0_14__data_masking_rule_segment.yaml");
         resourceLocations.add("migrate/common/V_4_1_0_7__automation_event_metadata.yaml");
         resourceLocations.add("migrate/common/V_4_1_0_14__iam_permission.yaml");
         resourceLocations.add("migrate/common/V_4_2_0_24__resource_role.yaml");

server/odc-service/src/main/java/com/oceanbase/odc/service/collaboration/project/ProjectService.java

@@ -102,7 +102,6 @@ public class ProjectService {
 
     @Autowired
     private UserRepository userRepository;
-
     @Autowired
     private AuthenticationFacade authenticationFacade;
 
@@ -159,21 +158,28 @@ public class ProjectService {
      */
     @SkipAuthorize("odc internal usage")
     @Transactional(rollbackFor = Exception.class)
-    public void createProjectIfNotExists(@NotNull User user) {
-        String projectName = BUILTIN_PROJECT_PREFIX + user.getAccountName();
-        if (repository.findByNameAndOrganizationId(projectName, user.getOrganizationId()).isPresent()) {
-            return;
+    public ProjectEntity createProjectIfNotExists(@NotNull User user, String projectName, String description) {
+        Optional<ProjectEntity> projectOptional =
+                repository.findByNameAndOrganizationId(projectName, user.getOrganizationId());
+        // if project exist
+        if (projectOptional.isPresent()) {
+            return projectOptional.get();
         }
         ProjectEntity projectEntity = new ProjectEntity();
         projectEntity.setBuiltin(true);
         projectEntity.setArchived(false);
         projectEntity.setName(projectName);
         projectEntity.setCreatorId(user.getCreatorId());
+        projectEntity.setDescription(description);
         projectEntity.setLastModifierId(user.getCreatorId());
         projectEntity.setOrganizationId(user.getOrganizationId());
-        projectEntity.setDescription("Built-in project for bastion user " + user.getAccountName());
         projectEntity.setUniqueIdentifier(generateProjectUniqueIdentifier());
-        ProjectEntity saved = repository.saveAndFlush(projectEntity);
+        return repository.saveAndFlush(projectEntity);
+    }
+
+    @SkipAuthorize("odc internal usage")
+    @Transactional(rollbackFor = Exception.class)
+    public void grantRole2BastionUser(@NotNull User user, ProjectEntity projectEntity) {
         // Grant DEVELOPER role to bastion user, and all other roles to user creator(admin)
         Map<ResourceRoleName, ResourceRoleEntity> resourceRoleName2Entity =
                 resourceRoleRepository.findByResourceType(ResourceType.ODC_PROJECT).stream()
@@ -185,7 +191,7 @@ public void createProjectIfNotExists(@NotNull User user) {
             }
             UserResourceRoleEntity entity = new UserResourceRoleEntity();
             entity.setUserId(name == ResourceRoleName.DEVELOPER ? user.getId() : user.getCreatorId());
-            entity.setResourceId(saved.getId());
+            entity.setResourceId(projectEntity.getId());
             entity.setResourceRoleId(resourceRoleEntity.getId());
             entity.setOrganizationId(user.getOrganizationId());
             return entity;

server/odc-service/src/main/java/com/oceanbase/odc/service/iam/UserPermissionService.java

@@ -15,9 +15,11 @@
  */
 package com.oceanbase.odc.service.iam;
 
+import java.util.Arrays;
 import java.util.List;
 import java.util.Objects;
 import java.util.Optional;
+import java.util.stream.Collectors;
 
 import javax.validation.constraints.NotEmpty;
 
@@ -148,5 +150,34 @@ public void bindUserAndDataSourcePermission(@NonNull Long userId, @NonNull Long
         });
     }
 
+    @SkipAuthorize("internal usage")
+    @Transactional(rollbackFor = Exception.class)
+    public void bindUserAndDataSourceAllPermission(@NonNull Long userId, @NonNull Long organizationId) {
+        List<String> actionList = Arrays.asList("create", "read", "update", "delete");
+        List<PermissionEntity> permissionList = actionList.stream()
+                .map(action -> {
+                    PermissionEntity permission = new PermissionEntity();
+                    permission.setAction(action);
+                    permission.setType(PermissionType.PUBLIC_RESOURCE);
+                    permission.setResourceIdentifier("ODC_CONNECTION:*");
+                    permission.setOrganizationId(organizationId);
+                    permission.setCreatorId(userId);
+                    permission.setBuiltIn(true);
+                    permission.setExpireTime(TimeUtils.getMySQLMaxDatetime());
+                    permission.setAuthorizationType(AuthorizationType.USER_AUTHORIZATION);
+                    return permission;
+                }).collect(Collectors.toList());
+        permissionRepository.saveAllAndFlush(permissionList);
+        List<UserPermissionEntity> userPermissionList = permissionList.stream()
+                .map(permission -> {
+                    UserPermissionEntity userPermission = new UserPermissionEntity();
+                    userPermission.setUserId(userId);
+                    userPermission.setPermissionId(permission.getId());
+                    userPermission.setCreatorId(userId);
+                    userPermission.setOrganizationId(organizationId);
+                    return userPermission;
+                }).collect(Collectors.toList());
+        userPermissionRepository.saveAllAndFlush(userPermissionList);
+    }
 
 }

server/odc-service/src/main/java/com/oceanbase/odc/service/iam/auth/CustomAuthenticationSuccessHandler.java

@@ -42,6 +42,7 @@
 import com.oceanbase.odc.core.authority.exception.AuthenticationException;
 import com.oceanbase.odc.core.shared.constant.OdcConstants;
 import com.oceanbase.odc.core.shared.constant.OrganizationType;
+import com.oceanbase.odc.metadb.collaboration.ProjectEntity;
 import com.oceanbase.odc.metadb.iam.OrganizationRepository;
 import com.oceanbase.odc.service.automation.model.TriggerEvent;
 import com.oceanbase.odc.service.collaboration.OrganizationResourceMigrator;
@@ -124,7 +125,12 @@ public void onAuthenticationSuccess(HttpServletRequest httpServletRequest, HttpS
             SecurityContextUtils.switchCurrentUserOrganization(user, team, httpServletRequest, true);
             // If bastion is enabled, every user must hold a built-in project for create temporary SQL console
             if (bastionEnabled) {
-                projectService.createProjectIfNotExists(user);
+                ProjectEntity project = projectService
+                        .createProjectIfNotExists(user,
+                                "USER_PROJECT_" + user.getAccountName(),
+                                "Built-in project for bastion user " + user.getAccountName());
+                projectService.grantRole2BastionUser(user, project);
+                log.info("Create project successfully, projectName={}", project.getName());
             }
         }