fix(系统): 修复列表修改用户组权限问题

--bug=1046471 --user=王旭 【系统】组织用户组的项目添加成员和编辑成员权限勾选，所属用户仍无权限添加/编辑成员 https://www.tapd.cn/55049933/s/1580238

backend/services/project-management/src/main/java/io/metersphere/project/controller/ProjectMemberController.java

@@ -24,6 +24,7 @@ import io.swagger.v3.oas.annotations.Parameters;
 import io.swagger.v3.oas.annotations.media.Schema;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import jakarta.annotation.Resource;
+import org.apache.shiro.authz.annotation.Logical;
 import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.*;
@@ -64,8 +65,8 @@ public class ProjectMemberController {
 
     @GetMapping("/get-role/option/{projectId}")
     @Operation(summary = "项目管理-成员-获取用户组下拉选项")
-    @RequiresPermissions(PermissionConstants.PROJECT_USER_READ)
+    //@RequiresPermissions(PermissionConstants.PROJECT_USER_READ)
-    @CheckOwner(resourceId = "#projectId", resourceType = "project")
+    @RequiresPermissions(value = {PermissionConstants.PROJECT_USER_READ, PermissionConstants.SYSTEM_ORGANIZATION_PROJECT_READ}, logical = Logical.OR)
     public List<OptionDTO> getRoleOption(@PathVariable String projectId) {
         return projectMemberService.getRoleOption(projectId);
     }
@@ -130,7 +131,6 @@ public class ProjectMemberController {
     @PostMapping("/update-member")
     @Operation(summary = "系统设置-系统-组织与项-项目-更新成员用户组")
     @RequiresPermissions(PermissionConstants.ORGANIZATION_PROJECT_MEMBER_UPDATE)
-    @CheckOwner(resourceId = "#request.getProjectId()", resourceType = "project")
     public void updateProjectMemberRole(@RequestBody ProjectMemberEditRequest request) {
         projectMemberService.updateMember(request, SessionUtils.getUserId(), "/project/member/update-member", OperationLogModule.SETTING_ORGANIZATION_PROJECT);
     }

backend/services/system-setting/src/main/java/io/metersphere/system/controller/OrganizationController.java

@@ -107,7 +107,8 @@ public class OrganizationController {
 
     @GetMapping("/user/role/list/{organizationId}")
     @Operation(summary = "系统设置-组织-成员-获取当前组织下的所有自定义用户组以及组织级别的用户组")
-    @RequiresPermissions(PermissionConstants.ORGANIZATION_MEMBER_READ)
+    //@RequiresPermissions(PermissionConstants.ORGANIZATION_MEMBER_READ)
+    @RequiresPermissions(value = {PermissionConstants.ORGANIZATION_MEMBER_READ, PermissionConstants.SYSTEM_ORGANIZATION_PROJECT_READ}, logical = Logical.OR)
     public List<OptionDTO> getUserRoleList(@PathVariable(value = "organizationId") String organizationId) {
         return organizationService.getUserRoleList(organizationId);
     }

backend/services/system-setting/src/main/java/io/metersphere/system/controller/SystemProjectController.java

@@ -30,6 +30,7 @@ import io.swagger.v3.oas.annotations.tags.Tag;
 import jakarta.annotation.Resource;
 import jakarta.validation.constraints.NotBlank;
 import org.apache.commons.lang3.StringUtils;
+import org.apache.shiro.authz.annotation.Logical;
 import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.*;
@@ -124,7 +125,6 @@ public class SystemProjectController {
     @PostMapping("/member-list")
     @RequiresPermissions(PermissionConstants.SYSTEM_ORGANIZATION_PROJECT_READ)
     @Operation(summary = "系统设置-系统-组织与项目-项目-成员列表")
-    @CheckOwner(resourceId = "#request.projectId", resourceType = "project")
     public Pager<List<UserExtendDTO>> getProjectMember(@Validated @RequestBody ProjectMemberRequest request) {
         Page<Object> page = PageHelper.startPage(request.getCurrent(), request.getPageSize());
         return PageUtils.setPageInfo(page, systemProjectService.getProjectMember(request));

frontend/src/views/setting/organization/project/components/userDrawer.vue

@@ -265,6 +265,7 @@
     () => {
       setLoadListParams({ projectId: props.projectId });
       fetchData();
+      getUserGroupOptions();
     }
   );
   watch(