fix(permission): add project permission check in middleware

[Jarvis1105]

User description

关联的 issue

https://github.com/actiontech/sqle-ee/issues/2387

描述你的变更

• 修复比如规则模版创建的403问题

确认项（pr提交后操作）

Tip

请在指定复审人之前，确认并完成以下事项，完成后✅

---

• 我已完成自测
• 我已记录完整日志方便进行诊断
• 我已在关联的issue里补充了实现方案
• 我已在关联的issue里补充了测试影响面
• 我已确认了变更的兼容性，如果不兼容则在issue里标记 not_compatible
• 我已确认了是否要更新文档，如果要更新则在issue里标记 need_update_doc

---

---

Description

• 增加项目权限判断新方法

• 修改中间件权限校验逻辑

• 支持多种项目权限判断

---

Changes walkthrough 📝

	Relevant files
Enhancement	permission.go 修改中间件中项目权限校验逻辑                                                                                      sqle/api/middleware/permission.go 修改项目操作判断条件 添加调用 HasProjectPermission 方法 +1/-1      permission.go 添加项目权限判断新方法                                                                                            sqle/dms/permission.go 新增 HasProjectPermission 方法 检查多种操作权限类型 +19/-0

---

Need help?

Type /help how to ... in the comments thread for any questions about PR-Agent usage.

Check out the documentation for more information.

[github-actions]

PR Code Suggestions ✨

Latest suggestions up to 826b155
Explore these optional code suggestions:

Category	Suggestion	Impact
Possible issue	检查权限标识拼写 请确认 UserPermission 中权限类型的标识是否拼写正确。注意检查 v1.OpPermissionMangeAuditSQLWhiteList、v1.OpPermissionManageSQLMangeWhiteList 和 v1.OpPermissionManageRoleMange，确保它们与系统中定义的一致，因为拼写错误可能导致权限判断失效，进而引发安全隐患。 sqle/dms/permission.go [109-126] func (p *UserPermission) HasProjectPermission() bool { for _, userOpPermission := range p.opPermissionItem { if userOpPermission.OpPermissionType == v1.OpPermissionTypeAuthDBServiceData || userOpPermission.OpPermissionType == v1.OpPermissionManageProjectDataSource || userOpPermission.OpPermissionType == v1.OpPermissionManageAuditRuleTemplate || userOpPermission.OpPermissionType == v1.OpPermissionManageApprovalTemplate || userOpPermission.OpPermissionType == v1.OpPermissionManageMember || userOpPermission.OpPermissionType == v1.OpPermissionPushRule || - userOpPermission.OpPermissionType == v1.OpPermissionMangeAuditSQLWhiteList || - userOpPermission.OpPermissionType == v1.OpPermissionManageSQLMangeWhiteList || - userOpPermission.OpPermissionType == v1.OpPermissionManageRoleMange || + userOpPermission.OpPermissionType == v1.OpPermissionManageAuditSQLWhiteList || + userOpPermission.OpPermissionType == v1.OpPermissionManageSQLManageWhiteList || + userOpPermission.OpPermissionType == v1.OpPermissionManageRoleManage || userOpPermission.OpPermissionType == v1.OpPermissionDesensitization || userOpPermission.OpPermissionType == v1.OpPermissionTypeProjectAdmin { return true } } return false } Suggestion importance[1-10]: 9 __ Why: The suggestion correctly identifies potential spelling mistakes in permission constants (e.g., OpPermissionMangeAuditSQLWhiteList) and proposes accurate corrections, which is crucial for ensuring proper permission checks and security.	High

---

Previous suggestions

Suggestions up to commit 06a4b59

Category	Suggestion	Impact
Possible issue	检查权限常量拼写 建议仔细检查新添加的权限常量名称，确保没有拼写错误，例如 OpPermissionMangeAuditSQLWhiteList、OpPermissionManageSQLMangeWhiteList 和 OpPermissionManageRoleMange，以避免权限判断失效导致安全问题。 sqle/dms/permission.go [100-117] func (p *UserPermission) HasProjectPermission() bool { for _, userOpPermission := range p.opPermissionItem { if userOpPermission.OpPermissionType == v1.OpPermissionTypeAuthDBServiceData || userOpPermission.OpPermissionType == v1.OpPermissionManageProjectDataSource || userOpPermission.OpPermissionType == v1.OpPermissionManageAuditRuleTemplate || userOpPermission.OpPermissionType == v1.OpPermissionManageApprovalTemplate || userOpPermission.OpPermissionType == v1.OpPermissionManageMember || userOpPermission.OpPermissionType == v1.OpPermissionPushRule || - userOpPermission.OpPermissionType == v1.OpPermissionMangeAuditSQLWhiteList || - userOpPermission.OpPermissionType == v1.OpPermissionManageSQLMangeWhiteList || - userOpPermission.OpPermissionType == v1.OpPermissionManageRoleMange || + userOpPermission.OpPermissionType == v1.OpPermissionManageAuditSQLWhiteList || // corrected + userOpPermission.OpPermissionType == v1.OpPermissionManageSQLWhiteList || // corrected + userOpPermission.OpPermissionType == v1.OpPermissionManageRoleManage || // corrected userOpPermission.OpPermissionType == v1.OpPermissionDesensitization || userOpPermission.OpPermissionType == v1.OpPermissionTypeProjectAdmin { return true } } return false } Suggestion importance[1-10]: 9 __ Why: The suggestion accurately identifies several potential typos in the permission constant names (such as OpPermissionMangeAuditSQLWhiteList, OpPermissionManageSQLMangeWhiteList, and OpPermissionManageRoleMange), which, if left uncorrected, could lead to security issues. The improved code reflects the intended corrections, making the suggestion both impactful and relevant.	High