fix: mismatching between pipeline permissions and actual obtained values

[winfredLIN]

关联的 issue

ISSUE #3140
TEST #3140 (comment)

描述你的变更

1. 问题修复：修复用户看不到自己创建的流水线的问题，经确认，查看流水线的权限逻辑如下：

   • 超级管理员或项目管理员：可以查看项目中的所有流水线
   • 拥有"查看流水线"权限的普通用户：可以查看指定数据源相关的流水线 + 自己创建的所有流水线
   • 普通用户：只能查看自己创建的流水线

2. 增加代码可读性：在代码中显式地区分不同类型权限

3. 性能优化：解决了查询流水线节点的1+N多次查询的问题

确认项（pr提交后操作）

Tip

请在指定复审人之前，确认并完成以下事项，完成后✅

---

• 我已完成自测
• 我已记录完整日志方便进行诊断
• 我已在关联的issue里补充了实现方案
• 我已在关联的issue里补充了测试影响面
• 我已确认了变更的兼容性，如果不兼容则在issue里标记 not_compatible
• 我已确认了是否要更新文档，如果要更新则在issue里标记 need_update_doc

---

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.

---

linxiaotao seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[github-actions]

PR Reviewer Guide 🔍

🎫 Ticket compliance analysis 🔶 3140 - Partially compliant Compliant requirements: • 修正流水线权限判断逻辑 • 调整 API 层与数据存储层调用逻辑 • 增加批量获取流水线节点接口 Non-compliant requirements: • 明确区分不同类型权限 Requires further human verification: • 权限逻辑在实际业务场景下是否完全满足预期，还需要进一步验证

⏱️ Estimated effort to review: 3 🔵🔵🔵⚪⚪

🧪 PR contains tests

🔒 No security concerns identified

⚡ Recommended focus areas for review 权限验证 请确认在 GetPipelineListWithPermission 中的权限判断逻辑完全符合业务需求，并保证对不同角色的权限分支处理清晰、无歧义。 // GetPipelineListWithPermission 根据用户权限获取流水线列表 func (svc PipelineSvc) GetPipelineListWithPermission(limit, offset uint32, fuzzySearchNameDesc string, projectUID string, userPermission *dms.UserPermission, userId string) (count uint64, pipelines []*Pipeline, err error) { s := model.GetStorage() // 根据用户权限确定查询参数 var queryUserId string var rangeDatasourceIds []string var canViewAll bool // 权限判断逻辑 if userPermission.IsAdmin() || userPermission.IsProjectAdmin() { // 超级管理员或项目管理员：可以查看所有流水线 canViewAll = true } else if viewPipelinePermission := userPermission.GetOnePermission(v1.OpPermissionViewPipeline); viewPipelinePermission != nil { // 拥有"查看流水线"权限的普通用户：可以查看指定数据源相关的流水线 + 自己创建的所有流水线 queryUserId = userId rangeDatasourceIds = viewPipelinePermission.RangeUids canViewAll = false } else { // 普通用户：只能查看自己创建的流水线 queryUserId = userId rangeDatasourceIds = nil canViewAll = false } // 执行数据库查询 modelPipelines, count, err := s.GetPipelineList(model.ProjectUID(projectUID), fuzzySearchNameDesc, limit, offset, queryUserId, rangeDatasourceIds, canViewAll) if err != nil { return 0, nil, err } // 转换为服务层对象 pipelines = make([]*Pipeline, 0, len(modelPipelines)) if len(modelPipelines) == 0 { return count, pipelines, nil } // 收集所有pipeline ID pipelineIDs := make([]uint, 0, len(modelPipelines)) for _, mp := range modelPipelines { pipelineIDs = append(pipelineIDs, mp.ID) } // 批量获取所有节点 nodesMap, err := s.GetPipelineNodesInBatch(pipelineIDs) if err != nil { return 0, nil, err } // 组装结果 for _, modelPipeline := range modelPipelines { nodes := nodesMap[modelPipeline.ID] pipelines = append(pipelines, svc.toPipeline(modelPipeline, nodes)) } return count, pipelines, nil } 批量查询优化 请检查 GetPipelineNodesInBatch 函数的实现，确保批量查询节点时对数据进行适当分组及索引优化，以避免性能瓶颈。 // GetPipelineNodesInBatch 批量获取多个流水线的节点 func (s *Storage) GetPipelineNodesInBatch(pipelineIDs []uint) (map[uint][]*PipelineNode, error) { if len(pipelineIDs) == 0 { return make(map[uint][]*PipelineNode), nil } var nodes []*PipelineNode err := s.db.Model(PipelineNode{}).Where("pipeline_id IN (?)", pipelineIDs).Find(&nodes).Error if err != nil { return nil, errors.New(errors.ConnectStorageError, err) } // 按pipeline_id分组 nodeMap := make(map[uint][]*PipelineNode) for _, node := range nodes { nodeMap[node.PipelineID] = append(nodeMap[node.PipelineID], node) } return nodeMap, nil }

[github-actions]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
Possible issue	初始化 Service 变量 请确保对 pipelineSvc 进行适当初始化，否则在调用方法时可能会出现 nil 指针解引用错误，导致程序 panic。建议在使用前对其进行实例化或通过依赖注入提供有效的实例。 sqle/api/controller/v1/pipeline.go [239-240] -var pipelineSvc pipeline.PipelineSvc +pipelineSvc := pipeline.NewPipelineSvc() // 根据实际情况初始化 Service count, pipelineList, err := pipelineSvc.GetPipelineListWithPermission(limit, offset, req.FuzzySearchNameDesc, projectUid, userPermission, user.GetIDStr()) Suggestion importance[1-10]: 8 __ Why: The suggestion correctly identifies a potential nil pointer dereference issue with the uninitialized pipelineSvc variable. The improved code calls a constructor (pipeline.NewPipelineSvc()) to properly initialize the service, which is important for ensuring runtime safety.	Medium