添加@RequiresRoles注解

2020-03-04 15:22:57 +08:00 · 2020-03-04 15:22:57 +08:00 · 088bf06f0d
parent bba185a6ae
commit 088bf06f0d
9 changed files with 45 additions and 17 deletions
--- a/backend/src/main/java/io/metersphere/controller/OrganizationController.java
+++ b/backend/src/main/java/io/metersphere/controller/OrganizationController.java
@ -3,10 +3,13 @@ package io.metersphere.controller;
 import com.github.pagehelper.Page;
 import com.github.pagehelper.PageHelper;
 import io.metersphere.base.domain.Organization;
 import io.metersphere.commons.constants.RoleConstants;
 import io.metersphere.commons.utils.PageUtils;
 import io.metersphere.commons.utils.Pager;
 import io.metersphere.dto.OrganizationMemberDTO;
 import io.metersphere.service.OrganizationService;
 import org.apache.shiro.authz.annotation.Logical;
 import org.apache.shiro.authz.annotation.RequiresRoles;
 import org.springframework.web.bind.annotation.*;
 import javax.annotation.Resource;
 import java.util.List;
@ -19,12 +22,15 @@ public class OrganizationController {
    private OrganizationService organizationService;
    @PostMapping("/add")
    @RequiresRoles(RoleConstants.ADMIN)
    public Organization addOrganization(@RequestBody Organization organization) { return organizationService.addOrganization(organization); }
    @GetMapping("/list")
    @RequiresRoles(value = {RoleConstants.ADMIN,RoleConstants.ORG_ADMIN,RoleConstants.TEST_MANAGER}, logical = Logical.OR)
    public List<Organization> getOrganizationList() { return organizationService.getOrganizationList(); }
    @PostMapping("/list/{goPage}/{pageSize}")
    @RequiresRoles(value = {RoleConstants.ADMIN,RoleConstants.ORG_ADMIN}, logical = Logical.OR)
    public Pager<List<Organization>> getOrganizationList(@PathVariable int goPage, @PathVariable int pageSize) {
        Page<Object> page = PageHelper.startPage(goPage, pageSize, true);
        return PageUtils.setPageInfo(page, organizationService.getOrganizationList());
@ -34,6 +40,7 @@ public class OrganizationController {
    public void deleteOrganization(@PathVariable(value = "organizationId") String organizationId) { organizationService.deleteOrganization(organizationId); }
    @PostMapping("/update")
    @RequiresRoles(value = {RoleConstants.ADMIN,RoleConstants.ORG_ADMIN}, logical = Logical.OR)
    public void updateOrganization(@RequestBody Organization organization) { organizationService.updateOrganization(organization); }
    @GetMapping("/list/userorg/{userId}")
@ -42,6 +49,7 @@ public class OrganizationController {
    }
    @PostMapping("/member/update")
    @RequiresRoles(value = {RoleConstants.ADMIN,RoleConstants.ORG_ADMIN}, logical = Logical.OR)
    public void updateOrgMember(@RequestBody OrganizationMemberDTO memberDTO) {
        organizationService.updateOrgMember(memberDTO);
    }
--- a/backend/src/main/java/io/metersphere/controller/UserController.java
+++ b/backend/src/main/java/io/metersphere/controller/UserController.java
@ -17,6 +17,7 @@ import io.metersphere.dto.UserRoleDTO;
 import io.metersphere.service.UserService;
 import io.metersphere.user.SessionUser;
 import io.metersphere.user.SessionUtils;
 import org.apache.shiro.authz.annotation.Logical;
 import org.apache.shiro.authz.annotation.RequiresRoles;
 import org.springframework.beans.BeanUtils;
 import org.springframework.web.bind.annotation.*;
@ -31,6 +32,7 @@ public class UserController {
    private UserService userService;
    @PostMapping("/add")
    @RequiresRoles(RoleConstants.ADMIN)
    public UserDTO insertUser(@RequestBody User user) {
        return userService.insert(user);
    }
@ -41,17 +43,20 @@ public class UserController {
    }
    @PostMapping("/list/{goPage}/{pageSize}")
    @RequiresRoles(RoleConstants.ADMIN)
    public Pager<List<User>> getUserList(@PathVariable int goPage, @PathVariable int pageSize) {
        Page<Object> page = PageHelper.startPage(goPage, pageSize, true);
        return PageUtils.setPageInfo(page, userService.getUserList());
    }
    @GetMapping("/delete/{userId}")
    @RequiresRoles(RoleConstants.ADMIN)
    public void deleteUser(@PathVariable(value = "userId") String userId) {
        userService.deleteUser(userId);
    }
    @PostMapping("/update")
    @RequiresRoles(RoleConstants.ADMIN)
    public void updateUser(@RequestBody User user) {
        userService.updateUser(user);
    }
@ -103,7 +108,6 @@ public class UserController {
     * 获取工作空间成员用户 不分页
     */
    @PostMapping("/member/list/all")
    @RequiresRoles(RoleConstants.ADMIN)
    public List<User> getMemberList(@RequestBody QueryMemberRequest request) {
        return userService.getMemberList(request);
    }
@ -112,7 +116,7 @@ public class UserController {
     * 添加成员
     */
    @PostMapping("/member/add")
-    //@RequiresRoles(RoleConstants.TEST_MANAGER)
+    @RequiresRoles(value = {RoleConstants.TEST_MANAGER,RoleConstants.ORG_ADMIN,RoleConstants.ADMIN}, logical = Logical.OR)
    public void addMember(@RequestBody AddMemberRequest request) {
        userService.addMember(request);
    }
@ -121,7 +125,7 @@ public class UserController {
     * 删除成员
     */
    @GetMapping("/member/delete/{workspaceId}/{userId}")
-    //@RequiresRoles(RoleConstants.TEST_MANAGER)
+    @RequiresRoles(value = {RoleConstants.TEST_MANAGER, RoleConstants.ADMIN, RoleConstants.ORG_ADMIN}, logical = Logical.OR)
    public void deleteMember(@PathVariable String workspaceId, @PathVariable String userId) {
        userService.deleteMember(workspaceId, userId);
    }
@ -130,6 +134,7 @@ public class UserController {
     * 添加组织成员
     */
    @PostMapping("/orgmember/add")
    @RequiresRoles(value = {RoleConstants.ADMIN, RoleConstants.ORG_ADMIN}, logical = Logical.OR)
    public void addOrganizationMember(@RequestBody AddOrgMemberRequest request) {
        userService.addOrganizationMember(request);
    }
@ -138,6 +143,7 @@ public class UserController {
     * 删除组织成员
     */
    @GetMapping("/orgmember/delete/{organizationId}/{userId}")
    @RequiresRoles(value = {RoleConstants.ADMIN,RoleConstants.ORG_ADMIN}, logical = Logical.OR)
    public void delOrganizationMember(@PathVariable String organizationId, @PathVariable String userId) {
        userService.delOrganizationMember(organizationId, userId);
    }
--- a/backend/src/main/java/io/metersphere/controller/UserRoleController.java
+++ b/backend/src/main/java/io/metersphere/controller/UserRoleController.java
@ -1,7 +1,10 @@
 package io.metersphere.controller;
 import io.metersphere.base.domain.Role;
 import io.metersphere.commons.constants.RoleConstants;
 import io.metersphere.service.UserRoleService;
 import org.apache.shiro.authz.annotation.Logical;
 import org.apache.shiro.authz.annotation.RequiresRoles;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestMapping;
@ -17,12 +20,13 @@ public class UserRoleController {
    private UserRoleService userRoleService;
    @GetMapping("/list/org/{orgId}/{userId}")
    @RequiresRoles(value = {RoleConstants.ADMIN,RoleConstants.ORG_ADMIN}, logical = Logical.OR)
    public List<Role> getOrganizationMemberRoles(@PathVariable String orgId, @PathVariable String userId) {
        return userRoleService.getOrganizationMemberRoles(orgId, userId);
    }
    @GetMapping("/list/ws/{workspaceId}/{userId}")
-    public List<Role> workspaceId(@PathVariable String workspaceId, @PathVariable String userId) {
+    public List<Role> getWorkspaceMemberRole(@PathVariable String workspaceId, @PathVariable String userId) {
        return userRoleService.getWorkspaceMemberRoles(workspaceId, userId);
    }
 }
--- a/backend/src/main/java/io/metersphere/controller/WorkspaceController.java
+++ b/backend/src/main/java/io/metersphere/controller/WorkspaceController.java
@ -12,6 +12,7 @@ import io.metersphere.dto.WorkspaceDTO;
 import io.metersphere.dto.WorkspaceMemberDTO;
 import io.metersphere.service.WorkspaceService;
 import io.metersphere.user.SessionUtils;
 import org.apache.shiro.authz.annotation.Logical;
 import org.apache.shiro.authz.annotation.RequiresRoles;
 import org.springframework.web.bind.annotation.*;
@ -83,6 +84,7 @@ public class WorkspaceController {
    }
    @PostMapping("/member/update")
    @RequiresRoles(value = {RoleConstants.ADMIN, RoleConstants.ORG_ADMIN, RoleConstants.TEST_MANAGER}, logical = Logical.OR)
    public void updateOrgMember(@RequestBody WorkspaceMemberDTO memberDTO) {
        workspaceService.updateWorkspaceMember(memberDTO);
    }
--- a/frontend/src/performance/components/HeaderUser.vue
+++ b/frontend/src/performance/components/HeaderUser.vue
@ -5,7 +5,7 @@
               class="header-user-menu align-right"
               background-color="#2c2a48"
               text-color="#fff">
-        <el-submenu index="1" popper-class="submenu" v-permission="['org_admin']">
+        <el-submenu index="1" popper-class="submenu">
          <template slot="title">【组织】{{currentOrganizationName}}</template>
          <label v-for="(item,index) in organizationList" :key="index">
            <el-menu-item @click="changeOrg(item)">{{item.name}}
@ -41,7 +41,7 @@
 </template>
 <script>
-  import {ROLE_ORG_ADMIN, ROLE_TEST_MANAGER, ROLE_TEST_USER, ROLE_TEST_VIEWER, TokenKey} from '../../common/constants';
+  import { ROLE_TEST_MANAGER, ROLE_TEST_USER, ROLE_TEST_VIEWER, TokenKey} from '../../common/constants';
  export default {
    name: "MsUser",
@ -89,7 +89,7 @@
      },
      initMenuData() {
        let roles = this.currentUser.roles.map(r => r.id);
-        if (roles.indexOf(ROLE_ORG_ADMIN) > -1) {
+        // if (roles.indexOf(ROLE_ORG_ADMIN) > -1) {
          this.$get("/organization/list/userorg/" + this.currentUserId, response => {
            let data = response.data;
            this.organizationList = data;
@ -98,9 +98,9 @@
              this.currentOrganizationName = org[0].name;
            }
          });
-        }
+        // }
        if (roles.indexOf(ROLE_TEST_MANAGER) > -1 || roles.indexOf(ROLE_TEST_USER) > -1 || roles.indexOf(ROLE_TEST_VIEWER) > -1) {
-          if (this.currentUser.lastOrganizationId === null) {
+          if (!this.currentUser.lastOrganizationId) {
            return false;
          }
          this.$get("/workspace/list/orgworkspace/", response => {
--- a/frontend/src/performance/components/settings/organization/OrganizationMember.vue
+++ b/frontend/src/performance/components/settings/organization/OrganizationMember.vue
@ -236,6 +236,14 @@
        });
      },
      create() {
        let orgId = this.currentUser().lastOrganizationId;
        if (!orgId) {
          this.$message({
            type: 'warning',
            message: this.$t('organization.select_organization')
          })
          return false;
        }
        this.form = {};
        this.result = this.$get('/user/besideorg/list/' + this.currentUser().lastOrganizationId, response => {
          this.createVisible = true;
@ -246,13 +254,13 @@
        })
      },
      submitForm(formName) {
        this.loading = true;
        this.$refs[formName].validate((valid) => {
          let orgId = this.currentUser().lastOrganizationId;
          if (valid) {
            let param = {
              userIds: this.form.userIds,
              roleIds: this.form.roleIds,
-              organizationId: this.currentUser().lastOrganizationId
+              organizationId: orgId
            };
            this.result = this.$post("user/orgmember/add", param,() => {
              this.initTableData();
--- a/frontend/src/performance/components/settings/organization/OrganizationWorkspace.vue
+++ b/frontend/src/performance/components/settings/organization/OrganizationWorkspace.vue
@ -65,7 +65,7 @@
    <el-dialog :visible.sync="memberVisible" width="70%" :destroy-on-close="true" @close="closeMemberFunc">
      <el-row type="flex" justify="space-between" align="middle">
        <span class="member-title">{{$t('commons.member')}}
-          <ms-create-box :tips="addTips" :exec="addMember"/>
+          <ms-create-box :tips="addTips" :exec="addMember" v-permission="['admin','org_admin']"/>
        </span>
        <span class="search">
          <el-input type="text" size="small"
--- a/frontend/src/performance/components/settings/system/User.vue
+++ b/frontend/src/performance/components/settings/system/User.vue
@ -129,11 +129,11 @@
        rule: {
          id: [
            { required: true, message: this.$t('user.input_id'), trigger: 'blur'},
-            { min: 2, max: 10, message: this.$t('commons.input_limit', [2, 10]), trigger: 'blur' }
+            { min: 2, max: 20, message: this.$t('commons.input_limit', [2, 20]), trigger: 'blur' }
          ],
          name: [
            {required: true, message: this.$t('user.input_name'), trigger: 'blur'},
-            { min: 2, max: 10, message: this.$t('commons.input_limit', [2, 50]), trigger: 'blur' },
+            { min: 2, max: 20, message: this.$t('commons.input_limit', [2, 20]), trigger: 'blur' },
            {
              required: true,
              pattern: /^[\u4e00-\u9fa5_a-zA-Z0-9.·-]+$/,
--- a/frontend/src/performance/components/settings/workspace/WorkspaceMember.vue
+++ b/frontend/src/performance/components/settings/workspace/WorkspaceMember.vue
@ -2,7 +2,7 @@
  <div v-loading="result.loading">
    <el-card>
      <div slot="header">
-        <el-row type="flex" justify="space-between" align="middle">
+        <el-row type="flex" justify="space-between" align="middle" v-permission="['test_manager']">
          <span class="title">成员
            <ms-create-box :tips="btnTips" :exec="create"/>
          </span>
@ -25,8 +25,8 @@
        </el-table-column>
        <el-table-column>
          <template slot-scope="scope">
-            <el-button @click="edit(scope.row)" type="primary" icon="el-icon-edit" size="mini" circle/>
+            <el-button @click="edit(scope.row)" type="primary" icon="el-icon-edit" size="mini" circle v-permission="['test_manager']"/>
-            <el-button @click="del(scope.row)" type="danger" icon="el-icon-delete" size="mini" circle/>
+            <el-button @click="del(scope.row)" type="danger" icon="el-icon-delete" size="mini" circle v-permission="['test_manager']"/>
          </template>
        </el-table-column>
      </el-table>