From 148bf4d14c1f6822f429a15be3f1f803e619a6d4 Mon Sep 17 00:00:00 2001
From: shiziyuan9527 <yuhao.li@fit2cloud.com>
Date: Fri, 26 Nov 2021 17:07:45 +0800
Subject: [PATCH] =?UTF-8?q?fix(=E7=B3=BB=E7=BB=9F=E8=AE=BE=E7=BD=AE):=20?=
 =?UTF-8?q?=E6=9D=83=E9=99=90=E8=AE=BE=E7=BD=AE=E9=97=AE=E9=A2=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

--bug=1008303 --user=lyh 【系统设置】用户组与权限，只给了用户模块的查看权限，但是能进行操作
https://www.tapd.cn/55049933/s/1075611
---
 .../db/migration/V100__v1.15.2_release.sql    | 24 ++++++++++++++
 backend/src/main/resources/permission.json    | 32 ++++++++++++-------
 .../settings/system/BaseSetting.vue           |  2 +-
 .../settings/system/EmailSetting.vue          |  2 +-
 .../settings/system/LdapSetting.vue           |  2 +-
 .../settings/system/SystemWorkspace.vue       |  7 ++--
 .../settings/system/group/UserGroup.vue       |  6 +++-
 .../environment/EnvironmentGroupList.vue      | 10 ++++--
 8 files changed, 65 insertions(+), 20 deletions(-)
 create mode 100644 backend/src/main/resources/db/migration/V100__v1.15.2_release.sql

diff --git a/backend/src/main/resources/db/migration/V100__v1.15.2_release.sql b/backend/src/main/resources/db/migration/V100__v1.15.2_release.sql
new file mode 100644
index 0000000000..c9ccb69015
--- /dev/null
+++ b/backend/src/main/resources/db/migration/V100__v1.15.2_release.sql
@@ -0,0 +1,24 @@
+-- project admin
+insert into user_group_permission (id, group_id, permission_id, module_id)
+values (UUID(), 'project_admin', 'WORKSPACE_PROJECT_ENVIRONMENT:READ+CREATE_GROUP', 'WORKSPACE_PROJECT_ENVIRONMENT');
+insert into user_group_permission (id, group_id, permission_id, module_id)
+values (UUID(), 'project_admin', 'WORKSPACE_PROJECT_ENVIRONMENT:READ+EDIT_GROUP', 'WORKSPACE_PROJECT_ENVIRONMENT');
+insert into user_group_permission (id, group_id, permission_id, module_id)
+values (UUID(), 'project_admin', 'WORKSPACE_PROJECT_ENVIRONMENT:READ+COPY_GROUP', 'WORKSPACE_PROJECT_ENVIRONMENT');
+insert into user_group_permission (id, group_id, permission_id, module_id)
+values (UUID(), 'project_admin', 'WORKSPACE_PROJECT_ENVIRONMENT:READ+DELETE_GROUP', 'WORKSPACE_PROJECT_ENVIRONMENT');
+-- project member
+insert into user_group_permission (id, group_id, permission_id, module_id)
+values (UUID(), 'project_member', 'WORKSPACE_PROJECT_ENVIRONMENT:READ+CREATE_GROUP', 'WORKSPACE_PROJECT_ENVIRONMENT');
+insert into user_group_permission (id, group_id, permission_id, module_id)
+values (UUID(), 'project_member', 'WORKSPACE_PROJECT_ENVIRONMENT:READ+EDIT_GROUP', 'WORKSPACE_PROJECT_ENVIRONMENT');
+insert into user_group_permission (id, group_id, permission_id, module_id)
+values (UUID(), 'project_member', 'WORKSPACE_PROJECT_ENVIRONMENT:READ+COPY_GROUP', 'WORKSPACE_PROJECT_ENVIRONMENT');
+insert into user_group_permission (id, group_id, permission_id, module_id)
+values (UUID(), 'project_member', 'WORKSPACE_PROJECT_ENVIRONMENT:READ+DELETE_GROUP', 'WORKSPACE_PROJECT_ENVIRONMENT');
+-- delete old permission
+delete
+from user_group_permission
+where permission_id = 'WORKSPACE_TEMPLATE:READ+REPORT_TEMPLATE';
+
+
diff --git a/backend/src/main/resources/permission.json b/backend/src/main/resources/permission.json
index 088158dd2e..60354593bf 100644
--- a/backend/src/main/resources/permission.json
+++ b/backend/src/main/resources/permission.json
@@ -105,11 +105,6 @@
       "name": "编辑",
       "resourceId": "SYSTEM_SETTING"
     },
-    {
-      "id": "SYSTEM_SETTING:READ+AUTH_MANAGE",
-      "name": "授权管理",
-      "resourceId": "SYSTEM_SETTING"
-    },
     {
       "id": "SYSTEM_QUOTA:READ",
       "name": "查询系统配额",
@@ -202,7 +197,7 @@
     },
     {
       "id": "WORKSPACE_PROJECT_ENVIRONMENT:READ",
-      "name": "查询环境",
+      "name": "查询",
       "resourceId": "WORKSPACE_PROJECT_ENVIRONMENT"
     },
     {
@@ -235,6 +230,26 @@
       "name": "导出环境",
       "resourceId": "WORKSPACE_PROJECT_ENVIRONMENT"
     },
+    {
+      "id": "WORKSPACE_PROJECT_ENVIRONMENT:READ+CREATE_GROUP",
+      "name": "创建环境组",
+      "resourceId": "WORKSPACE_PROJECT_ENVIRONMENT"
+    },
+    {
+      "id": "WORKSPACE_PROJECT_ENVIRONMENT:READ+EDIT_GROUP",
+      "name": "编辑环境组",
+      "resourceId": "WORKSPACE_PROJECT_ENVIRONMENT"
+    },
+    {
+      "id": "WORKSPACE_PROJECT_ENVIRONMENT:READ+COPY_GROUP",
+      "name": "复制环境组",
+      "resourceId": "WORKSPACE_PROJECT_ENVIRONMENT"
+    },
+    {
+      "id": "WORKSPACE_PROJECT_ENVIRONMENT:READ+DELETE_GROUP",
+      "name": "删除环境组",
+      "resourceId": "WORKSPACE_PROJECT_ENVIRONMENT"
+    },
     {
       "id": "WORKSPACE_OPERATING_LOG:READ",
       "name": "查询操作日志",
@@ -260,11 +275,6 @@
       "name": "自定义字段",
       "resourceId": "WORKSPACE_TEMPLATE"
     },
-    {
-      "id": "WORKSPACE_TEMPLATE:READ+REPORT_TEMPLATE",
-      "name": "测试报告模版",
-      "resourceId": "WORKSPACE_TEMPLATE"
-    },
     {
       "id": "PROJECT_USER:READ",
       "name": "查询成员",
diff --git a/frontend/src/business/components/settings/system/BaseSetting.vue b/frontend/src/business/components/settings/system/BaseSetting.vue
index dfaa923adc..92514a6c0a 100644
--- a/frontend/src/business/components/settings/system/BaseSetting.vue
+++ b/frontend/src/business/components/settings/system/BaseSetting.vue
@@ -19,7 +19,7 @@
       </el-row>
     </el-form>
     <div>
-      <el-button @click="edit" v-if="showEdit" size="small">{{ $t('commons.edit') }}</el-button>
+      <el-button @click="edit" v-if="showEdit" size="small" v-permission="['SYSTEM_SETTING:READ+EDIT']">{{ $t('commons.edit') }}</el-button>
       <el-button type="success" @click="save('formInline')" v-if="showSave" :disabled="disabledSave" size="small">
         {{ $t('commons.save') }}
       </el-button>
diff --git a/frontend/src/business/components/settings/system/EmailSetting.vue b/frontend/src/business/components/settings/system/EmailSetting.vue
index 575702a9dd..fd8e02dfd7 100644
--- a/frontend/src/business/components/settings/system/EmailSetting.vue
+++ b/frontend/src/business/components/settings/system/EmailSetting.vue
@@ -61,7 +61,7 @@
       <el-button type="primary" @click="testConnection('formInline')" :disabled="disabledConnection" size="small">
         {{ $t('system_parameter_setting.test_connection') }}
       </el-button>
-      <el-button @click="edit" v-if="showEdit" size="small">{{ $t('commons.edit') }}</el-button>
+      <el-button @click="edit" v-if="showEdit" size="small" v-permission="['SYSTEM_SETTING:READ+EDIT']">{{ $t('commons.edit') }}</el-button>
       <el-button type="success" @click="save('formInline')" v-if="showSave" :disabled="disabledSave" size="small">
         {{ $t('commons.save') }}
       </el-button>
diff --git a/frontend/src/business/components/settings/system/LdapSetting.vue b/frontend/src/business/components/settings/system/LdapSetting.vue
index fc9ea67764..51f6002a65 100644
--- a/frontend/src/business/components/settings/system/LdapSetting.vue
+++ b/frontend/src/business/components/settings/system/LdapSetting.vue
@@ -31,7 +31,7 @@
       <el-button type="primary" size="small" :disabled="!showLogin || !show" @click="testLogin">
         {{ $t('ldap.test_login') }}
       </el-button>
-      <el-button v-if="showEdit" size="small" @click="edit">{{ $t('ldap.edit') }}</el-button>
+      <el-button v-if="showEdit" size="small" @click="edit" v-permission="['SYSTEM_SETTING:READ+EDIT']">{{ $t('ldap.edit') }}</el-button>
       <el-button type="success" v-if="showSave" size="small" @click="save('form')">{{ $t('commons.save') }}
       </el-button>
       <el-button type="info" v-if="showCancel" size="small" @click="cancel">{{ $t('commons.cancel') }}</el-button>
diff --git a/frontend/src/business/components/settings/system/SystemWorkspace.vue b/frontend/src/business/components/settings/system/SystemWorkspace.vue
index b143b073a8..e4751085e6 100644
--- a/frontend/src/business/components/settings/system/SystemWorkspace.vue
+++ b/frontend/src/business/components/settings/system/SystemWorkspace.vue
@@ -14,7 +14,7 @@
         <el-table-column prop="description" :label="$t('commons.description')"/>
         <el-table-column :label="$t('commons.member')">
           <template v-slot:default="scope">
-            <el-link type="primary" class="member-size" @click="cellClick(scope.row)">
+            <el-link type="primary" class="member-size" @click="cellClick(scope.row)" :disabled="disabledEditWorkspaceMember">
               {{ scope.row.memberSize }}
             </el-link>
           </template>
@@ -161,7 +161,7 @@ import MsTableOperator from "../../common/components/MsTableOperator";
 import MsTableOperatorButton from "../../common/components/MsTableOperatorButton";
 import MsDialogFooter from "../../common/components/MsDialogFooter";
 import {
-  getCurrentWorkspaceId,
+  getCurrentWorkspaceId, hasPermission,
   listenGoBack,
   removeGoBackListener
 } from "@/common/js/utils";
@@ -400,6 +400,9 @@ export default {
   computed: {
     workspaceId() {
       return getCurrentWorkspaceId();
+    },
+    disabledEditWorkspaceMember() {
+      return !hasPermission('SYSTEM_WORKSPACE:READ+EDIT');
     }
   },
   data() {
diff --git a/frontend/src/business/components/settings/system/group/UserGroup.vue b/frontend/src/business/components/settings/system/group/UserGroup.vue
index 363d413c11..f033124dcb 100644
--- a/frontend/src/business/components/settings/system/group/UserGroup.vue
+++ b/frontend/src/business/components/settings/system/group/UserGroup.vue
@@ -17,7 +17,7 @@
         </el-table-column>
         <el-table-column :label="$t('commons.member')" width="100">
           <template v-slot:default="scope">
-            <el-link type="primary" class="member-size" @click="memberClick(scope.row)">
+            <el-link type="primary" class="member-size" @click="memberClick(scope.row)" :disabled="disabledEditGroupMember">
               {{ scope.row.memberSize || 0 }}
             </el-link>
           </template>
@@ -79,6 +79,7 @@ import EditPermission from "@/business/components/settings/system/group/EditPerm
 import MsDeleteConfirm from "@/business/components/common/components/MsDeleteConfirm";
 import {_sort} from "@/common/js/tableUtils";
 import GroupMember from "@/business/components/settings/system/group/GroupMember";
+import {hasPermission} from "@/common/js/utils";
 
 export default {
   name: "UserGroup",
@@ -110,6 +111,9 @@ export default {
   computed: {
     userGroupType() {
       return USER_GROUP_SCOPE;
+    },
+    disabledEditGroupMember() {
+      return !hasPermission('SYSTEM_GROUP:READ+EDIT');
     }
   },
   methods: {
diff --git a/frontend/src/business/components/settings/workspace/environment/EnvironmentGroupList.vue b/frontend/src/business/components/settings/workspace/environment/EnvironmentGroupList.vue
index 650f4e6025..a91c8fdd36 100644
--- a/frontend/src/business/components/settings/workspace/environment/EnvironmentGroupList.vue
+++ b/frontend/src/business/components/settings/workspace/environment/EnvironmentGroupList.vue
@@ -3,7 +3,7 @@
     <el-card class="table-card" v-loading="result.loading">
       <template v-slot:header>
         <ms-table-header :create-tip="btnTips" :condition.sync="condition" :show-create="!readOnly"
-                         @search="search" @create="createEnvironment">
+                         @search="search" @create="createEnvironment" :create-permission="['WORKSPACE_PROJECT_ENVIRONMENT:READ+CREATE_GROUP']">
         </ms-table-header>
       </template>
       <el-table :data="environmentGroupList"
@@ -26,7 +26,7 @@
             </span>
             <span v-else>
               <span>{{ scope.row.name }}</span>
-              <i class="el-icon-edit" style="cursor:pointer;margin-left: 4px;" @click="editName(scope.row)"/>
+              <i class="el-icon-edit" style="cursor:pointer;margin-left: 4px;" @click="editName(scope.row)" v-permission="['WORKSPACE_PROJECT_ENVIRONMENT:READ+EDIT_GROUP']"/>
             </span>
           </template>
         </el-table-column>
@@ -38,9 +38,13 @@
         <el-table-column :label="$t('commons.operating')" width="350">
           <template v-slot:default="scope">
             <div v-if="!readOnly">
-              <ms-table-operator @editClick="editEnvironment(scope.row)" @deleteClick="deleteEnvironment(scope.row)">
+              <ms-table-operator @editClick="editEnvironment(scope.row)"
+                                 :edit-permission="['WORKSPACE_PROJECT_ENVIRONMENT:READ+EDIT_GROUP']"
+                                 :delete-permission="['WORKSPACE_PROJECT_ENVIRONMENT:READ+DELETE_GROUP']"
+                                 @deleteClick="deleteEnvironment(scope.row)">
                 <template v-slot:middle>
                   <ms-table-operator-button :tip="$t('commons.copy')" @exec="copyEnvironment(scope.row)"
+                                            v-permission="['WORKSPACE_PROJECT_ENVIRONMENT:READ+COPY_GROUP']"
                                             icon="el-icon-document-copy" type="info"/>
                 </template>
               </ms-table-operator>