fix(系统设置): 权限设置问题

--bug=1008303 --user=lyh 【系统设置】用户组与权限,只给了用户模块的查看权限,但是能进行操作
https://www.tapd.cn/55049933/s/1075611
This commit is contained in:
shiziyuan9527 2021-11-26 17:07:45 +08:00 committed by shiziyuan9527
parent 454d84037c
commit 148bf4d14c
8 changed files with 65 additions and 20 deletions

View File

@ -0,0 +1,24 @@
-- project admin
insert into user_group_permission (id, group_id, permission_id, module_id)
values (UUID(), 'project_admin', 'WORKSPACE_PROJECT_ENVIRONMENT:READ+CREATE_GROUP', 'WORKSPACE_PROJECT_ENVIRONMENT');
insert into user_group_permission (id, group_id, permission_id, module_id)
values (UUID(), 'project_admin', 'WORKSPACE_PROJECT_ENVIRONMENT:READ+EDIT_GROUP', 'WORKSPACE_PROJECT_ENVIRONMENT');
insert into user_group_permission (id, group_id, permission_id, module_id)
values (UUID(), 'project_admin', 'WORKSPACE_PROJECT_ENVIRONMENT:READ+COPY_GROUP', 'WORKSPACE_PROJECT_ENVIRONMENT');
insert into user_group_permission (id, group_id, permission_id, module_id)
values (UUID(), 'project_admin', 'WORKSPACE_PROJECT_ENVIRONMENT:READ+DELETE_GROUP', 'WORKSPACE_PROJECT_ENVIRONMENT');
-- project member
insert into user_group_permission (id, group_id, permission_id, module_id)
values (UUID(), 'project_member', 'WORKSPACE_PROJECT_ENVIRONMENT:READ+CREATE_GROUP', 'WORKSPACE_PROJECT_ENVIRONMENT');
insert into user_group_permission (id, group_id, permission_id, module_id)
values (UUID(), 'project_member', 'WORKSPACE_PROJECT_ENVIRONMENT:READ+EDIT_GROUP', 'WORKSPACE_PROJECT_ENVIRONMENT');
insert into user_group_permission (id, group_id, permission_id, module_id)
values (UUID(), 'project_member', 'WORKSPACE_PROJECT_ENVIRONMENT:READ+COPY_GROUP', 'WORKSPACE_PROJECT_ENVIRONMENT');
insert into user_group_permission (id, group_id, permission_id, module_id)
values (UUID(), 'project_member', 'WORKSPACE_PROJECT_ENVIRONMENT:READ+DELETE_GROUP', 'WORKSPACE_PROJECT_ENVIRONMENT');
-- delete old permission
delete
from user_group_permission
where permission_id = 'WORKSPACE_TEMPLATE:READ+REPORT_TEMPLATE';

View File

@ -105,11 +105,6 @@
"name": "编辑", "name": "编辑",
"resourceId": "SYSTEM_SETTING" "resourceId": "SYSTEM_SETTING"
}, },
{
"id": "SYSTEM_SETTING:READ+AUTH_MANAGE",
"name": "授权管理",
"resourceId": "SYSTEM_SETTING"
},
{ {
"id": "SYSTEM_QUOTA:READ", "id": "SYSTEM_QUOTA:READ",
"name": "查询系统配额", "name": "查询系统配额",
@ -202,7 +197,7 @@
}, },
{ {
"id": "WORKSPACE_PROJECT_ENVIRONMENT:READ", "id": "WORKSPACE_PROJECT_ENVIRONMENT:READ",
"name": "查询环境", "name": "查询",
"resourceId": "WORKSPACE_PROJECT_ENVIRONMENT" "resourceId": "WORKSPACE_PROJECT_ENVIRONMENT"
}, },
{ {
@ -235,6 +230,26 @@
"name": "导出环境", "name": "导出环境",
"resourceId": "WORKSPACE_PROJECT_ENVIRONMENT" "resourceId": "WORKSPACE_PROJECT_ENVIRONMENT"
}, },
{
"id": "WORKSPACE_PROJECT_ENVIRONMENT:READ+CREATE_GROUP",
"name": "创建环境组",
"resourceId": "WORKSPACE_PROJECT_ENVIRONMENT"
},
{
"id": "WORKSPACE_PROJECT_ENVIRONMENT:READ+EDIT_GROUP",
"name": "编辑环境组",
"resourceId": "WORKSPACE_PROJECT_ENVIRONMENT"
},
{
"id": "WORKSPACE_PROJECT_ENVIRONMENT:READ+COPY_GROUP",
"name": "复制环境组",
"resourceId": "WORKSPACE_PROJECT_ENVIRONMENT"
},
{
"id": "WORKSPACE_PROJECT_ENVIRONMENT:READ+DELETE_GROUP",
"name": "删除环境组",
"resourceId": "WORKSPACE_PROJECT_ENVIRONMENT"
},
{ {
"id": "WORKSPACE_OPERATING_LOG:READ", "id": "WORKSPACE_OPERATING_LOG:READ",
"name": "查询操作日志", "name": "查询操作日志",
@ -260,11 +275,6 @@
"name": "自定义字段", "name": "自定义字段",
"resourceId": "WORKSPACE_TEMPLATE" "resourceId": "WORKSPACE_TEMPLATE"
}, },
{
"id": "WORKSPACE_TEMPLATE:READ+REPORT_TEMPLATE",
"name": "测试报告模版",
"resourceId": "WORKSPACE_TEMPLATE"
},
{ {
"id": "PROJECT_USER:READ", "id": "PROJECT_USER:READ",
"name": "查询成员", "name": "查询成员",

View File

@ -19,7 +19,7 @@
</el-row> </el-row>
</el-form> </el-form>
<div> <div>
<el-button @click="edit" v-if="showEdit" size="small">{{ $t('commons.edit') }}</el-button> <el-button @click="edit" v-if="showEdit" size="small" v-permission="['SYSTEM_SETTING:READ+EDIT']">{{ $t('commons.edit') }}</el-button>
<el-button type="success" @click="save('formInline')" v-if="showSave" :disabled="disabledSave" size="small"> <el-button type="success" @click="save('formInline')" v-if="showSave" :disabled="disabledSave" size="small">
{{ $t('commons.save') }} {{ $t('commons.save') }}
</el-button> </el-button>

View File

@ -61,7 +61,7 @@
<el-button type="primary" @click="testConnection('formInline')" :disabled="disabledConnection" size="small"> <el-button type="primary" @click="testConnection('formInline')" :disabled="disabledConnection" size="small">
{{ $t('system_parameter_setting.test_connection') }} {{ $t('system_parameter_setting.test_connection') }}
</el-button> </el-button>
<el-button @click="edit" v-if="showEdit" size="small">{{ $t('commons.edit') }}</el-button> <el-button @click="edit" v-if="showEdit" size="small" v-permission="['SYSTEM_SETTING:READ+EDIT']">{{ $t('commons.edit') }}</el-button>
<el-button type="success" @click="save('formInline')" v-if="showSave" :disabled="disabledSave" size="small"> <el-button type="success" @click="save('formInline')" v-if="showSave" :disabled="disabledSave" size="small">
{{ $t('commons.save') }} {{ $t('commons.save') }}
</el-button> </el-button>

View File

@ -31,7 +31,7 @@
<el-button type="primary" size="small" :disabled="!showLogin || !show" @click="testLogin"> <el-button type="primary" size="small" :disabled="!showLogin || !show" @click="testLogin">
{{ $t('ldap.test_login') }} {{ $t('ldap.test_login') }}
</el-button> </el-button>
<el-button v-if="showEdit" size="small" @click="edit">{{ $t('ldap.edit') }}</el-button> <el-button v-if="showEdit" size="small" @click="edit" v-permission="['SYSTEM_SETTING:READ+EDIT']">{{ $t('ldap.edit') }}</el-button>
<el-button type="success" v-if="showSave" size="small" @click="save('form')">{{ $t('commons.save') }} <el-button type="success" v-if="showSave" size="small" @click="save('form')">{{ $t('commons.save') }}
</el-button> </el-button>
<el-button type="info" v-if="showCancel" size="small" @click="cancel">{{ $t('commons.cancel') }}</el-button> <el-button type="info" v-if="showCancel" size="small" @click="cancel">{{ $t('commons.cancel') }}</el-button>

View File

@ -14,7 +14,7 @@
<el-table-column prop="description" :label="$t('commons.description')"/> <el-table-column prop="description" :label="$t('commons.description')"/>
<el-table-column :label="$t('commons.member')"> <el-table-column :label="$t('commons.member')">
<template v-slot:default="scope"> <template v-slot:default="scope">
<el-link type="primary" class="member-size" @click="cellClick(scope.row)"> <el-link type="primary" class="member-size" @click="cellClick(scope.row)" :disabled="disabledEditWorkspaceMember">
{{ scope.row.memberSize }} {{ scope.row.memberSize }}
</el-link> </el-link>
</template> </template>
@ -161,7 +161,7 @@ import MsTableOperator from "../../common/components/MsTableOperator";
import MsTableOperatorButton from "../../common/components/MsTableOperatorButton"; import MsTableOperatorButton from "../../common/components/MsTableOperatorButton";
import MsDialogFooter from "../../common/components/MsDialogFooter"; import MsDialogFooter from "../../common/components/MsDialogFooter";
import { import {
getCurrentWorkspaceId, getCurrentWorkspaceId, hasPermission,
listenGoBack, listenGoBack,
removeGoBackListener removeGoBackListener
} from "@/common/js/utils"; } from "@/common/js/utils";
@ -400,6 +400,9 @@ export default {
computed: { computed: {
workspaceId() { workspaceId() {
return getCurrentWorkspaceId(); return getCurrentWorkspaceId();
},
disabledEditWorkspaceMember() {
return !hasPermission('SYSTEM_WORKSPACE:READ+EDIT');
} }
}, },
data() { data() {

View File

@ -17,7 +17,7 @@
</el-table-column> </el-table-column>
<el-table-column :label="$t('commons.member')" width="100"> <el-table-column :label="$t('commons.member')" width="100">
<template v-slot:default="scope"> <template v-slot:default="scope">
<el-link type="primary" class="member-size" @click="memberClick(scope.row)"> <el-link type="primary" class="member-size" @click="memberClick(scope.row)" :disabled="disabledEditGroupMember">
{{ scope.row.memberSize || 0 }} {{ scope.row.memberSize || 0 }}
</el-link> </el-link>
</template> </template>
@ -79,6 +79,7 @@ import EditPermission from "@/business/components/settings/system/group/EditPerm
import MsDeleteConfirm from "@/business/components/common/components/MsDeleteConfirm"; import MsDeleteConfirm from "@/business/components/common/components/MsDeleteConfirm";
import {_sort} from "@/common/js/tableUtils"; import {_sort} from "@/common/js/tableUtils";
import GroupMember from "@/business/components/settings/system/group/GroupMember"; import GroupMember from "@/business/components/settings/system/group/GroupMember";
import {hasPermission} from "@/common/js/utils";
export default { export default {
name: "UserGroup", name: "UserGroup",
@ -110,6 +111,9 @@ export default {
computed: { computed: {
userGroupType() { userGroupType() {
return USER_GROUP_SCOPE; return USER_GROUP_SCOPE;
},
disabledEditGroupMember() {
return !hasPermission('SYSTEM_GROUP:READ+EDIT');
} }
}, },
methods: { methods: {

View File

@ -3,7 +3,7 @@
<el-card class="table-card" v-loading="result.loading"> <el-card class="table-card" v-loading="result.loading">
<template v-slot:header> <template v-slot:header>
<ms-table-header :create-tip="btnTips" :condition.sync="condition" :show-create="!readOnly" <ms-table-header :create-tip="btnTips" :condition.sync="condition" :show-create="!readOnly"
@search="search" @create="createEnvironment"> @search="search" @create="createEnvironment" :create-permission="['WORKSPACE_PROJECT_ENVIRONMENT:READ+CREATE_GROUP']">
</ms-table-header> </ms-table-header>
</template> </template>
<el-table :data="environmentGroupList" <el-table :data="environmentGroupList"
@ -26,7 +26,7 @@
</span> </span>
<span v-else> <span v-else>
<span>{{ scope.row.name }}</span> <span>{{ scope.row.name }}</span>
<i class="el-icon-edit" style="cursor:pointer;margin-left: 4px;" @click="editName(scope.row)"/> <i class="el-icon-edit" style="cursor:pointer;margin-left: 4px;" @click="editName(scope.row)" v-permission="['WORKSPACE_PROJECT_ENVIRONMENT:READ+EDIT_GROUP']"/>
</span> </span>
</template> </template>
</el-table-column> </el-table-column>
@ -38,9 +38,13 @@
<el-table-column :label="$t('commons.operating')" width="350"> <el-table-column :label="$t('commons.operating')" width="350">
<template v-slot:default="scope"> <template v-slot:default="scope">
<div v-if="!readOnly"> <div v-if="!readOnly">
<ms-table-operator @editClick="editEnvironment(scope.row)" @deleteClick="deleteEnvironment(scope.row)"> <ms-table-operator @editClick="editEnvironment(scope.row)"
:edit-permission="['WORKSPACE_PROJECT_ENVIRONMENT:READ+EDIT_GROUP']"
:delete-permission="['WORKSPACE_PROJECT_ENVIRONMENT:READ+DELETE_GROUP']"
@deleteClick="deleteEnvironment(scope.row)">
<template v-slot:middle> <template v-slot:middle>
<ms-table-operator-button :tip="$t('commons.copy')" @exec="copyEnvironment(scope.row)" <ms-table-operator-button :tip="$t('commons.copy')" @exec="copyEnvironment(scope.row)"
v-permission="['WORKSPACE_PROJECT_ENVIRONMENT:READ+COPY_GROUP']"
icon="el-icon-document-copy" type="info"/> icon="el-icon-document-copy" type="info"/>
</template> </template>
</ms-table-operator> </ms-table-operator>