From 0a4a6038885a327c108a931cd59bdcae8c53fa08 Mon Sep 17 00:00:00 2001 From: WangXu10 Date: Wed, 18 Sep 2024 18:36:26 +0800 Subject: [PATCH] =?UTF-8?q?fix(=E7=B3=BB=E7=BB=9F):=20=E4=BF=AE=E5=A4=8D?= =?UTF-8?q?=E5=88=97=E8=A1=A8=E4=BF=AE=E6=94=B9=E7=94=A8=E6=88=B7=E7=BB=84?= =?UTF-8?q?=E6=9D=83=E9=99=90=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --bug=1046471 --user=王旭 【系统】组织用户组的项目添加成员和编辑成员权限勾选,所属用户仍无权限添加/编辑成员 https://www.tapd.cn/55049933/s/1580238 --- .../project/controller/ProjectMemberController.java | 6 +++--- .../system/controller/OrganizationController.java | 3 ++- .../system/controller/SystemProjectController.java | 2 +- .../setting/organization/project/components/userDrawer.vue | 1 + 4 files changed, 7 insertions(+), 5 deletions(-) diff --git a/backend/services/project-management/src/main/java/io/metersphere/project/controller/ProjectMemberController.java b/backend/services/project-management/src/main/java/io/metersphere/project/controller/ProjectMemberController.java index fbe4a8e9dd..51e094e4a1 100644 --- a/backend/services/project-management/src/main/java/io/metersphere/project/controller/ProjectMemberController.java +++ b/backend/services/project-management/src/main/java/io/metersphere/project/controller/ProjectMemberController.java @@ -24,6 +24,7 @@ import io.swagger.v3.oas.annotations.Parameters; import io.swagger.v3.oas.annotations.media.Schema; import io.swagger.v3.oas.annotations.tags.Tag; import jakarta.annotation.Resource; +import org.apache.shiro.authz.annotation.Logical; import org.apache.shiro.authz.annotation.RequiresPermissions; import org.springframework.validation.annotation.Validated; import org.springframework.web.bind.annotation.*; @@ -64,8 +65,8 @@ public class ProjectMemberController { @GetMapping("/get-role/option/{projectId}") @Operation(summary = "项目管理-成员-获取用户组下拉选项") - @RequiresPermissions(PermissionConstants.PROJECT_USER_READ) - @CheckOwner(resourceId = "#projectId", resourceType = "project") + //@RequiresPermissions(PermissionConstants.PROJECT_USER_READ) + @RequiresPermissions(value = {PermissionConstants.PROJECT_USER_READ, PermissionConstants.SYSTEM_ORGANIZATION_PROJECT_READ}, logical = Logical.OR) public List getRoleOption(@PathVariable String projectId) { return projectMemberService.getRoleOption(projectId); } @@ -130,7 +131,6 @@ public class ProjectMemberController { @PostMapping("/update-member") @Operation(summary = "系统设置-系统-组织与项-项目-更新成员用户组") @RequiresPermissions(PermissionConstants.ORGANIZATION_PROJECT_MEMBER_UPDATE) - @CheckOwner(resourceId = "#request.getProjectId()", resourceType = "project") public void updateProjectMemberRole(@RequestBody ProjectMemberEditRequest request) { projectMemberService.updateMember(request, SessionUtils.getUserId(), "/project/member/update-member", OperationLogModule.SETTING_ORGANIZATION_PROJECT); } diff --git a/backend/services/system-setting/src/main/java/io/metersphere/system/controller/OrganizationController.java b/backend/services/system-setting/src/main/java/io/metersphere/system/controller/OrganizationController.java index 1717509db2..73bec4c716 100644 --- a/backend/services/system-setting/src/main/java/io/metersphere/system/controller/OrganizationController.java +++ b/backend/services/system-setting/src/main/java/io/metersphere/system/controller/OrganizationController.java @@ -107,7 +107,8 @@ public class OrganizationController { @GetMapping("/user/role/list/{organizationId}") @Operation(summary = "系统设置-组织-成员-获取当前组织下的所有自定义用户组以及组织级别的用户组") - @RequiresPermissions(PermissionConstants.ORGANIZATION_MEMBER_READ) + //@RequiresPermissions(PermissionConstants.ORGANIZATION_MEMBER_READ) + @RequiresPermissions(value = {PermissionConstants.ORGANIZATION_MEMBER_READ, PermissionConstants.SYSTEM_ORGANIZATION_PROJECT_READ}, logical = Logical.OR) public List getUserRoleList(@PathVariable(value = "organizationId") String organizationId) { return organizationService.getUserRoleList(organizationId); } diff --git a/backend/services/system-setting/src/main/java/io/metersphere/system/controller/SystemProjectController.java b/backend/services/system-setting/src/main/java/io/metersphere/system/controller/SystemProjectController.java index 30b1b19782..951f25f13d 100644 --- a/backend/services/system-setting/src/main/java/io/metersphere/system/controller/SystemProjectController.java +++ b/backend/services/system-setting/src/main/java/io/metersphere/system/controller/SystemProjectController.java @@ -30,6 +30,7 @@ import io.swagger.v3.oas.annotations.tags.Tag; import jakarta.annotation.Resource; import jakarta.validation.constraints.NotBlank; import org.apache.commons.lang3.StringUtils; +import org.apache.shiro.authz.annotation.Logical; import org.apache.shiro.authz.annotation.RequiresPermissions; import org.springframework.validation.annotation.Validated; import org.springframework.web.bind.annotation.*; @@ -124,7 +125,6 @@ public class SystemProjectController { @PostMapping("/member-list") @RequiresPermissions(PermissionConstants.SYSTEM_ORGANIZATION_PROJECT_READ) @Operation(summary = "系统设置-系统-组织与项目-项目-成员列表") - @CheckOwner(resourceId = "#request.projectId", resourceType = "project") public Pager> getProjectMember(@Validated @RequestBody ProjectMemberRequest request) { Page page = PageHelper.startPage(request.getCurrent(), request.getPageSize()); return PageUtils.setPageInfo(page, systemProjectService.getProjectMember(request)); diff --git a/frontend/src/views/setting/organization/project/components/userDrawer.vue b/frontend/src/views/setting/organization/project/components/userDrawer.vue index 0b696ee227..723fe654c9 100644 --- a/frontend/src/views/setting/organization/project/components/userDrawer.vue +++ b/frontend/src/views/setting/organization/project/components/userDrawer.vue @@ -265,6 +265,7 @@ () => { setLoadListParams({ projectId: props.projectId }); fetchData(); + getUserGroupOptions(); } ); watch(