diff --git a/backend/framework/sdk/src/main/resources/i18n/commons_en_US.properties b/backend/framework/sdk/src/main/resources/i18n/commons_en_US.properties index 5eed95c971..b2444d3afd 100644 --- a/backend/framework/sdk/src/main/resources/i18n/commons_en_US.properties +++ b/backend/framework/sdk/src/main/resources/i18n/commons_en_US.properties @@ -233,7 +233,7 @@ test_track.length_less_than=The title is too long, the length must be less than # check owner check_owner_project=The current user does not have permission to operate this project check_owner_test=The current user does not have permission to operate this test -check_owner_case=The current user does not have permission to operate this use case +check_owner_case=The current user does not have permission to operate this resource check_owner_plan=The current user does not have permission to operate this plan check_owner_review=The current user does not have permission to operate this review check_owner_comment=The current user does not have permission to manipulate this comment diff --git a/backend/framework/sdk/src/main/resources/i18n/commons_zh_CN.properties b/backend/framework/sdk/src/main/resources/i18n/commons_zh_CN.properties index 3045e53b02..47f65510ad 100644 --- a/backend/framework/sdk/src/main/resources/i18n/commons_zh_CN.properties +++ b/backend/framework/sdk/src/main/resources/i18n/commons_zh_CN.properties @@ -233,7 +233,7 @@ test_track.length_less_than=标题过长,字数必须小于 # check owner check_owner_project=当前用户没有操作此项目的权限 check_owner_test=当前用户没有操作此测试的权限 -check_owner_case=当前用户没有操作此用例的权限 +check_owner_case=当前用户没有操作此资源的权限 check_owner_plan=当前用户没有操作此计划的权限 check_owner_review=当前用户没有操作此评审的权限 check_owner_comment=当前用户没有操作此评论的权限 diff --git a/backend/framework/sdk/src/main/resources/i18n/commons_zh_TW.properties b/backend/framework/sdk/src/main/resources/i18n/commons_zh_TW.properties index 4e32f3a701..dd5a7b916a 100644 --- a/backend/framework/sdk/src/main/resources/i18n/commons_zh_TW.properties +++ b/backend/framework/sdk/src/main/resources/i18n/commons_zh_TW.properties @@ -232,7 +232,7 @@ test_track.length_less_than=標題過長,字數必須小於 # check owner check_owner_project=當前用戶沒有操作此項目的權限 check_owner_test=當前用戶沒有操作此測試的權限 -check_owner_case=當前用戶沒有操作此用例的權限 +check_owner_case=當前用戶沒有操作此資源的權限 check_owner_plan=當前用戶沒有操作此計劃的權限 check_owner_review=當前用戶沒有操作此評審的權限 check_owner_comment=當前用戶沒有操作此評論的權限 diff --git a/backend/services/system-setting/src/main/java/io/metersphere/system/mapper/ExtCheckOwnerMapper.java b/backend/services/system-setting/src/main/java/io/metersphere/system/mapper/ExtCheckOwnerMapper.java index 9bcf3c2d7c..7cbcb3aa4a 100644 --- a/backend/services/system-setting/src/main/java/io/metersphere/system/mapper/ExtCheckOwnerMapper.java +++ b/backend/services/system-setting/src/main/java/io/metersphere/system/mapper/ExtCheckOwnerMapper.java @@ -6,4 +6,6 @@ import java.util.List; public interface ExtCheckOwnerMapper { boolean checkoutOwner(@Param("table") String resourceType, @Param("projectId") String projectId, @Param("ids") List ids); + + boolean checkoutOrganizationOwner(@Param("table") String resourceType, @Param("organizationId") String organizationId, @Param("ids") List ids); } diff --git a/backend/services/system-setting/src/main/java/io/metersphere/system/mapper/ExtCheckOwnerMapper.xml b/backend/services/system-setting/src/main/java/io/metersphere/system/mapper/ExtCheckOwnerMapper.xml index 3218b45798..5df5a7b82e 100644 --- a/backend/services/system-setting/src/main/java/io/metersphere/system/mapper/ExtCheckOwnerMapper.xml +++ b/backend/services/system-setting/src/main/java/io/metersphere/system/mapper/ExtCheckOwnerMapper.xml @@ -10,4 +10,14 @@ #{id} + + \ No newline at end of file diff --git a/backend/services/system-setting/src/main/java/io/metersphere/system/security/CheckOwnerAspect.java b/backend/services/system-setting/src/main/java/io/metersphere/system/security/CheckOwnerAspect.java index ba9b6df944..6c1397bd68 100644 --- a/backend/services/system-setting/src/main/java/io/metersphere/system/security/CheckOwnerAspect.java +++ b/backend/services/system-setting/src/main/java/io/metersphere/system/security/CheckOwnerAspect.java @@ -31,7 +31,8 @@ public class CheckOwnerAspect { private ExpressionParser parser = new SpelExpressionParser(); private StandardReflectionParameterNameDiscoverer discoverer = new StandardReflectionParameterNameDiscoverer(); - + // 组织归属的资源 + private static final List orgResources = List.of("organization_parameter", "plugin_organization", "project", "service_integration"); @Resource private ExtCheckOwnerMapper extCheckOwnerMapper; @@ -68,6 +69,14 @@ public class CheckOwnerAspect { String resourceType = checkOwner.resourceType(); Expression titleExp = parser.parseExpression(resourceId); Object v = titleExp.getValue(context, Object.class); + if (orgResources.contains(resourceType)) { + handleOrganizationResource(v, resourceType); + } else { + handleProjectResource(v, resourceType); + } + } + + private void handleProjectResource(Object v, String resourceType) { if (v instanceof String id) { if (!extCheckOwnerMapper.checkoutOwner(resourceType, SessionUtils.getCurrentProjectId(), List.of(id))) { throw new MSException(Translator.get("check_owner_case")); @@ -80,4 +89,17 @@ public class CheckOwnerAspect { } } + private void handleOrganizationResource(Object v, String resourceType) { + if (v instanceof String id) { + if (!extCheckOwnerMapper.checkoutOrganizationOwner(resourceType, SessionUtils.getCurrentOrganizationId(), List.of(id))) { + throw new MSException(Translator.get("check_owner_case")); + } + } + if (v instanceof List ids) { + if (!extCheckOwnerMapper.checkoutOrganizationOwner(resourceType, SessionUtils.getCurrentOrganizationId(), ids)) { + throw new MSException(Translator.get("check_owner_case")); + } + } + } + }