TencentBlueKing · zhu327 · Apr 9, 2024 · Apr 9, 2024
diff --git a/pkg/abac/pap/group.go b/pkg/abac/pap/group.go
@@ -44,7 +44,7 @@
 	ListPagingSubjectSystemGroups(
 		_type, id, systemID string, beforeExpiredAt, limit, offset int64,
 	) ([]SubjectGroup, error)
-	FilterGroupsHasMemberBeforeExpiredAt(subjects []Subject, expiredAt int64) ([]Subject, error)
+	ListGroupSubjectBeforeExpiredAtBySubjects(subjects []Subject, expiredAt int64) ([]GroupSubject, error)
 	CheckSubjectEffectGroups(_type, id string, groupIDs []string) (map[string]map[string]interface{}, error)
 
 	GetGroupMemberCount(_type, id string) (int64, error)
@@ -141,7 +141,7 @@
 	return c.service.GetGroupSubjectCountBeforeExpiredAt(expiredAt)
 }
 
-func (c *groupController) FilterGroupsHasMemberBeforeExpiredAt(subjects []Subject, expiredAt int64) ([]Subject, error) {
+func (c *groupController) ListGroupSubjectBeforeExpiredAtBySubjects(subjects []Subject, expiredAt int64) ([]GroupSubject, error) {
 	errorWrapf := errorx.NewLayerFunctionErrorWrapf(GroupCTL, "FilterGroupsHasMemberBeforeExpiredAt")
 
 	svcSubjects := convertToServiceSubjects(subjects)
@@ -150,32 +150,20 @@
 		return nil, errorWrapf(err, "service.ListPKsBySubjects subjects=`%+v` fail", subjects)
 	}
 
-	existGroupPKs, err := c.service.FilterGroupPKsHasMemberBeforeExpiredAt(groupPKs, expiredAt)
+	svcRelations, err := c.service.ListGroupSubjectBeforeExpiredAtByGroupPKs(groupPKs, expiredAt)
 	if err != nil {
 		return nil, errorWrapf(
-			err, "service.FilterGroupPKsHasMemberBeforeExpiredAt groupPKs=`%+v`, expiredAt=`%d` fail",
+			err, "service.ListGroupSubjectBeforeExpiredAtByGroupPKs groupPKs=`%+v`, expiredAt=`%d` fail",
 			groupPKs, expiredAt,
 		)
 	}
 
-	existSubjects, err := cacheimpls.BatchGetSubjectByPKs(existGroupPKs)
+	relations, err := convertToGroupSubjects(svcRelations)
 	if err != nil {
-		return nil, errorWrapf(
-			err, "cacheimpls.BatchGetSubjectByPKs groupPKs=`%+v` fail",
-			existGroupPKs,
-		)
-	}
-
-	existGroups := make([]Subject, 0, len(existGroupPKs))
-	for _, subject := range existSubjects {
-		existGroups = append(existGroups, Subject{
-			Type: subject.Type,
-			ID:   subject.ID,
-			Name: subject.Name,
-		})
+		return nil, errorWrapf(err, "convertToGroupSubjects svcRelations=`%+v` fail", svcRelations)
 	}
 
-	return existGroups, nil
+	return relations, nil
 }
 
 func (c *groupController) CheckSubjectEffectGroups(

diff --git a/pkg/abac/pap/mock/group.go b/pkg/abac/pap/mock/group.go
diff --git a/pkg/api/web/handler/group.go b/pkg/api/web/handler/group.go
@@ -319,10 +319,10 @@ func ListExistGroupsHasMemberBeforeExpiredAt(c *gin.Context) {
 	copier.Copy(&papSubjects, &body.Subjects)
 
 	ctl := pap.NewGroupController()
-	existGroups, err := ctl.FilterGroupsHasMemberBeforeExpiredAt(papSubjects, body.BeforeExpiredAt)
+	existGroups, err := ctl.ListGroupSubjectBeforeExpiredAtBySubjects(papSubjects, body.BeforeExpiredAt)
 	if err != nil {
 		err = errorWrapf(
-			err, "ctl.FilterGroupsHasMemberBeforeExpiredAt subjects=`%+v`, beforeExpiredAt=`%d`",
+			err, "ctl.ListGroupSubjectBeforeExpiredAtBySubjects subjects=`%+v`, beforeExpiredAt=`%d`",
 			papSubjects, body.BeforeExpiredAt,
 		)
 		util.SystemErrorJSONResponse(c, err)

diff --git a/pkg/database/dao/mock/subject_group.go b/pkg/database/dao/mock/subject_group.go
diff --git a/pkg/database/dao/subject_group.go b/pkg/database/dao/subject_group.go
@@ -65,7 +65,10 @@ type SubjectGroupManager interface {
 	) (members []ThinSubjectRelation, err error)
 	ListRelationBySubjectPKGroupPKs(subjectPK int64, groupPKs []int64) ([]SubjectRelation, error)
 
-	FilterGroupPKsHasMemberBeforeExpiredAt(groupPKs []int64, expiredAt int64) ([]int64, error)
+	ListRelationBySubjectPKGroupPKsBeforeExpiredAt(
+		groupPKs []int64,
+		expiredAt int64,
+	) ([]ThinSubjectRelation, error)
 
 	BulkCreateWithTx(tx *sqlx.Tx, relations []SubjectRelation) error
 	BulkDeleteBySubjectPKsWithTx(tx *sqlx.Tx, subjectPKs []int64) error
@@ -399,23 +402,24 @@ func (m *subjectGroupManager) ListPagingGroupSubjectBeforeExpiredAt(
 	return
 }
 
-// FilterGroupPKsHasMemberBeforeExpiredAt get the group pks before timestamp(expiredAt)
-func (m *subjectGroupManager) FilterGroupPKsHasMemberBeforeExpiredAt(
+// ListRelationBySubjectPKGroupPKsBeforeExpiredAt get the group pks before timestamp(expiredAt)
+func (m *subjectGroupManager) ListRelationBySubjectPKGroupPKsBeforeExpiredAt(
 	groupPKs []int64,
 	expiredAt int64,
-) ([]int64, error) {
-	expiredGroupPKs := []int64{}
-	// TODO: DISTINCT 大表很慢
+) ([]ThinSubjectRelation, error) {
+	relations := []ThinSubjectRelation{}
 	query := `SELECT
-		 DISTINCT parent_pk
+		 subject_pk,
+		 parent_pk,
+		 policy_expired_at
 		 FROM subject_relation
 		 WHERE parent_pk IN (?)
 		 AND policy_expired_at < ?`
-	err := database.SqlxSelect(m.DB, &expiredGroupPKs, query, groupPKs, expiredAt)
+	err := database.SqlxSelect(m.DB, &relations, query, groupPKs, expiredAt)
 	if errors.Is(err, sql.ErrNoRows) {
-		return expiredGroupPKs, nil
+		return relations, nil
 	}
-	return expiredGroupPKs, err
+	return relations, err
 }
 
 func (m *subjectGroupManager) ListRelationBySubjectPKGroupPKs(

diff --git a/pkg/service/group.go b/pkg/service/group.go
@@ -51,7 +51,9 @@ type GroupService interface {
 		subjectPK int64,
 		groupPKs []int64,
 	) ([]types.SubjectGroupWithSource, error)
-	FilterGroupPKsHasMemberBeforeExpiredAt(groupPKs []int64, expiredAt int64) ([]int64, error)
+	ListGroupSubjectBeforeExpiredAtByGroupPKs(
+		groupPKs []int64, expiredAt int64,
+	) ([]types.GroupSubject, error)
 
 	BulkDeleteBySubjectPKsWithTx(tx *sqlx.Tx, subjectPKs []int64) error
 	BulkDeleteByGroupPKsWithTx(tx *sqlx.Tx, subjectPKs []int64) error
@@ -273,11 +275,18 @@ func (l *groupService) ListPagingSubjectSystemGroups(
 	return subjectGroups, err
 }
 
-// FilterGroupPKsHasMemberBeforeExpiredAt filter the exists and not expired subjects
-func (l *groupService) FilterGroupPKsHasMemberBeforeExpiredAt(
+// ListGroupSubjectBeforeExpiredAtByGroupPKs filter the exists and not expired subjects
+func (l *groupService) ListGroupSubjectBeforeExpiredAtByGroupPKs(
 	groupPKs []int64, expiredAt int64,
-) ([]int64, error) {
-	return l.manager.FilterGroupPKsHasMemberBeforeExpiredAt(groupPKs, expiredAt)
+) ([]types.GroupSubject, error) {
+	daoRelations, err := l.manager.ListRelationBySubjectPKGroupPKsBeforeExpiredAt(groupPKs, expiredAt)
+	if err != nil {
+		return nil, errorx.Wrapf(err, GroupSVC,
+			"ListRelationBySubjectPKGroupPKsBeforeExpiredAt", "ids=`%+v`, expiredAt=`%d`",
+			groupPKs, expiredAt)
+	}
+
+	return convertToGroupSubjects(daoRelations), nil
 }
 
 func (l *groupService) ListEffectSubjectGroupsBySubjectPKGroupPKs(

diff --git a/pkg/service/mock/group.go b/pkg/service/mock/group.go