diff --git a/backend/framework/sdk/src/main/resources/i18n/system_en_US.properties b/backend/framework/sdk/src/main/resources/i18n/system_en_US.properties index 0229eaf964..182ec18171 100644 --- a/backend/framework/sdk/src/main/resources/i18n/system_en_US.properties +++ b/backend/framework/sdk/src/main/resources/i18n/system_en_US.properties @@ -164,6 +164,7 @@ global_user_role_relation_system_permission_error=no global user role relation s global_user_role_limit_error=At least one user group is required organization_user_role_permission_error=no organization user role permission project_user_role_permission_error=no project user role permission +no_global_user_role_permission_error=no global user role permission user_role_exist=User role already exists user_role_not_exist=User role not exist user_role_not_edit=User role can not edit diff --git a/backend/framework/sdk/src/main/resources/i18n/system_zh_CN.properties b/backend/framework/sdk/src/main/resources/i18n/system_zh_CN.properties index ccee60af8c..8e464d1036 100644 --- a/backend/framework/sdk/src/main/resources/i18n/system_zh_CN.properties +++ b/backend/framework/sdk/src/main/resources/i18n/system_zh_CN.properties @@ -163,6 +163,7 @@ global_user_role_relation_system_permission_error=没有权限操作非系统级 global_user_role_limit_error=至少需要有一个用户组 organization_user_role_permission_error=没有权限操作非组织用户组 project_user_role_permission_error=没有权限操作非项目用户组 +no_global_user_role_permission_error=没有权限操作全局用户组 user_role_exist=用户组已存在 user_role_not_exist=用户组不存在 user_role_not_edit=用户组无法编辑 diff --git a/backend/framework/sdk/src/main/resources/i18n/system_zh_TW.properties b/backend/framework/sdk/src/main/resources/i18n/system_zh_TW.properties index 38be56fe8e..f51900a0e9 100644 --- a/backend/framework/sdk/src/main/resources/i18n/system_zh_TW.properties +++ b/backend/framework/sdk/src/main/resources/i18n/system_zh_TW.properties @@ -163,6 +163,7 @@ global_user_role_relation_system_permission_error=沒有權限操作非系統級 global_user_role_limit_error=至少需要有一个用户组 organization_user_role_permission_error=沒有權限操作非組織用戶組 project_user_role_permission_error=沒有權限操作非項目用戶組 +no_global_user_role_permission_error=沒有權限操作全局用戶組 user_role_exist=用戶組已存在 user_role_not_exist=用戶組不存在 user_role_not_edit=用戶組無法編輯 diff --git a/backend/services/project-management/src/main/java/io/metersphere/project/service/ProjectUserRoleService.java b/backend/services/project-management/src/main/java/io/metersphere/project/service/ProjectUserRoleService.java index 2773522b89..97495eb0b5 100644 --- a/backend/services/project-management/src/main/java/io/metersphere/project/service/ProjectUserRoleService.java +++ b/backend/services/project-management/src/main/java/io/metersphere/project/service/ProjectUserRoleService.java @@ -85,9 +85,9 @@ public class ProjectUserRoleService extends BaseUserRoleService { @Override public UserRole update(UserRole userRole) { UserRole oldRole = get(userRole.getId()); - // 非像项目用户组不允许修改, 内置用户组不允许修改 + // 非项目用户组, 全局用户组不允许修改 checkProjectUserRole(oldRole); - checkInternalUserRole(oldRole); + checkGlobalUserRole(oldRole); userRole.setType(UserRoleType.PROJECT.name()); checkNewRoleExist(userRole); return super.update(userRole); @@ -147,7 +147,7 @@ public class ProjectUserRoleService extends BaseUserRoleService { public void updatePermissionSetting(PermissionSettingUpdateRequest request) { UserRole userRole = get(request.getUserRoleId()); checkProjectUserRole(userRole); - checkInternalUserRole(userRole); + checkGlobalUserRole(userRole); super.updatePermissionSetting(request); } diff --git a/backend/services/project-management/src/test/java/io/metersphere/project/controller/ProjectUserRoleControllerTests.java b/backend/services/project-management/src/test/java/io/metersphere/project/controller/ProjectUserRoleControllerTests.java index 6efd0de6cb..c478f625c6 100644 --- a/backend/services/project-management/src/test/java/io/metersphere/project/controller/ProjectUserRoleControllerTests.java +++ b/backend/services/project-management/src/test/java/io/metersphere/project/controller/ProjectUserRoleControllerTests.java @@ -37,6 +37,7 @@ import java.util.Set; import java.util.stream.Collectors; import static io.metersphere.system.controller.handler.result.CommonResultCode.INTERNAL_USER_ROLE_PERMISSION; +import static io.metersphere.system.controller.result.SystemResultCode.NO_GLOBAL_USER_ROLE_PERMISSION; import static io.metersphere.system.controller.result.SystemResultCode.NO_PROJECT_USER_ROLE_PERMISSION; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*; @@ -153,10 +154,10 @@ public class ProjectUserRoleControllerTests extends BaseTest { request = new ProjectUserRoleEditRequest(); request.setId(InternalUserRole.ADMIN.getValue()); this.requestPost(PROJECT_USER_ROLE_UPDATE, request).andExpect(jsonPath("$.code").value(NO_PROJECT_USER_ROLE_PERMISSION.getCode())); - // 非内置用户组异常 + // 非全局用户组异常 request = new ProjectUserRoleEditRequest(); request.setId(InternalUserRole.PROJECT_ADMIN.getValue()); - this.requestPost(PROJECT_USER_ROLE_UPDATE, request).andExpect(jsonPath("$.code").value(INTERNAL_USER_ROLE_PERMISSION.getCode())); + this.requestPost(PROJECT_USER_ROLE_UPDATE, request).andExpect(jsonPath("$.code").value(NO_GLOBAL_USER_ROLE_PERMISSION.getCode())); // 用户组名称已存在 request = new ProjectUserRoleEditRequest(); request.setId("default-pro-role-id-2"); @@ -268,10 +269,10 @@ public class ProjectUserRoleControllerTests extends BaseTest { request.setUserRoleId(InternalUserRole.ADMIN.getValue()); this.requestPost(PROJECT_USER_ROLE_PERMISSION_UPDATE, request) .andExpect(jsonPath("$.code").value(NO_PROJECT_USER_ROLE_PERMISSION.getCode())); - // 内置用户组异常 + // 全局用户组异常 request.setUserRoleId(InternalUserRole.PROJECT_ADMIN.getValue()); this.requestPost(PROJECT_USER_ROLE_PERMISSION_UPDATE, request) - .andExpect(jsonPath("$.code").value(INTERNAL_USER_ROLE_PERMISSION.getCode())); + .andExpect(jsonPath("$.code").value(NO_GLOBAL_USER_ROLE_PERMISSION.getCode())); } @Test diff --git a/backend/services/system-setting/src/main/java/io/metersphere/system/controller/result/SystemResultCode.java b/backend/services/system-setting/src/main/java/io/metersphere/system/controller/result/SystemResultCode.java index b981aa5090..ae1b01be8e 100644 --- a/backend/services/system-setting/src/main/java/io/metersphere/system/controller/result/SystemResultCode.java +++ b/backend/services/system-setting/src/main/java/io/metersphere/system/controller/result/SystemResultCode.java @@ -26,7 +26,8 @@ public enum SystemResultCode implements IResultCode { ORGANIZATION_TEMPLATE_PERMISSION(101009, "organization_template_permission_error"), PLUGIN_SCRIPT_EXIST(101010, "plugin.script.exist"), PLUGIN_SCRIPT_FORMAT(101011, "plugin.script.format"), - NO_PROJECT_USER_ROLE_PERMISSION(101012, "project_user_role_permission_error"); + NO_PROJECT_USER_ROLE_PERMISSION(101012, "project_user_role_permission_error"), + NO_GLOBAL_USER_ROLE_PERMISSION(101013, "no_global_user_role_permission_error"); private final int code; private final String message; diff --git a/backend/services/system-setting/src/main/java/io/metersphere/system/service/BaseUserRoleService.java b/backend/services/system-setting/src/main/java/io/metersphere/system/service/BaseUserRoleService.java index df7c065266..0e78085923 100644 --- a/backend/services/system-setting/src/main/java/io/metersphere/system/service/BaseUserRoleService.java +++ b/backend/services/system-setting/src/main/java/io/metersphere/system/service/BaseUserRoleService.java @@ -5,10 +5,8 @@ import io.metersphere.sdk.dto.Permission; import io.metersphere.sdk.dto.PermissionDefinitionItem; import io.metersphere.sdk.dto.request.PermissionSettingUpdateRequest; import io.metersphere.sdk.exception.MSException; -import io.metersphere.system.uid.UUID; import io.metersphere.sdk.util.JSON; import io.metersphere.sdk.util.PermissionCache; -import io.metersphere.system.utils.ServiceUtils; import io.metersphere.sdk.util.Translator; import io.metersphere.system.domain.User; import io.metersphere.system.domain.UserRole; @@ -16,6 +14,8 @@ import io.metersphere.system.domain.UserRoleExample; import io.metersphere.system.domain.UserRoleRelation; import io.metersphere.system.mapper.UserMapper; import io.metersphere.system.mapper.UserRoleMapper; +import io.metersphere.system.uid.UUID; +import io.metersphere.system.utils.ServiceUtils; import jakarta.annotation.Resource; import org.apache.commons.collections.CollectionUtils; import org.apache.commons.lang3.BooleanUtils; @@ -27,6 +27,7 @@ import java.util.*; import java.util.stream.Collectors; import static io.metersphere.system.controller.handler.result.CommonResultCode.INTERNAL_USER_ROLE_PERMISSION; +import static io.metersphere.system.controller.result.SystemResultCode.NO_GLOBAL_USER_ROLE_PERMISSION; /** * @author jianxing @@ -183,6 +184,15 @@ public class BaseUserRoleService { } } + /** + * 校验是否是全局用户组,是全局抛异常 + */ + public void checkGlobalUserRole(UserRole userRole) { + if (StringUtils.equals(userRole.getScopeId(), UserRoleEnum.GLOBAL.toString())) { + throw new MSException(NO_GLOBAL_USER_ROLE_PERMISSION); + } + } + public UserRole get(String id) { return userRoleMapper.selectByPrimaryKey(id); } diff --git a/backend/services/system-setting/src/main/java/io/metersphere/system/service/OrganizationUserRoleService.java b/backend/services/system-setting/src/main/java/io/metersphere/system/service/OrganizationUserRoleService.java index 35333d5659..2ad0caa962 100644 --- a/backend/services/system-setting/src/main/java/io/metersphere/system/service/OrganizationUserRoleService.java +++ b/backend/services/system-setting/src/main/java/io/metersphere/system/service/OrganizationUserRoleService.java @@ -60,9 +60,9 @@ public class OrganizationUserRoleService extends BaseUserRoleService { @Override public UserRole update(UserRole userRole) { UserRole oldRole = get(userRole.getId()); - // 非组织用户组不允许修改, 内置用户组不允许修改 + // 非组织用户组不允许修改, 全局用户组不允许修改 checkOrgUserRole(oldRole); - checkInternalUserRole(oldRole); + checkGlobalUserRole(oldRole); userRole.setType(UserRoleType.ORGANIZATION.name()); checkNewRoleExist(userRole); return super.update(userRole); @@ -122,7 +122,7 @@ public class OrganizationUserRoleService extends BaseUserRoleService { public void updatePermissionSetting(PermissionSettingUpdateRequest request) { UserRole userRole = get(request.getUserRoleId()); checkOrgUserRole(userRole); - checkInternalUserRole(userRole); + checkGlobalUserRole(userRole); super.updatePermissionSetting(request); } diff --git a/backend/services/system-setting/src/test/java/io/metersphere/system/controller/OrganizationUserRoleControllerTests.java b/backend/services/system-setting/src/test/java/io/metersphere/system/controller/OrganizationUserRoleControllerTests.java index 66bf02ac39..fe272991b8 100644 --- a/backend/services/system-setting/src/test/java/io/metersphere/system/controller/OrganizationUserRoleControllerTests.java +++ b/backend/services/system-setting/src/test/java/io/metersphere/system/controller/OrganizationUserRoleControllerTests.java @@ -1,20 +1,20 @@ package io.metersphere.system.controller; -import io.metersphere.system.base.BaseTest; import io.metersphere.sdk.constants.InternalUserRole; import io.metersphere.sdk.constants.PermissionConstants; import io.metersphere.sdk.constants.SessionConstants; -import io.metersphere.system.controller.handler.ResultHolder; import io.metersphere.sdk.dto.request.PermissionSettingUpdateRequest; -import io.metersphere.system.service.BaseUserRolePermissionService; import io.metersphere.sdk.util.JSON; import io.metersphere.sdk.util.Pager; +import io.metersphere.system.base.BaseTest; +import io.metersphere.system.controller.handler.ResultHolder; import io.metersphere.system.domain.User; import io.metersphere.system.domain.UserRole; import io.metersphere.system.dto.OrganizationDTO; import io.metersphere.system.request.OrganizationUserRoleEditRequest; import io.metersphere.system.request.OrganizationUserRoleMemberEditRequest; import io.metersphere.system.request.OrganizationUserRoleMemberRequest; +import io.metersphere.system.service.BaseUserRolePermissionService; import io.metersphere.system.service.OrganizationService; import jakarta.annotation.Resource; import org.apache.commons.collections4.CollectionUtils; @@ -36,6 +36,7 @@ import java.util.Set; import java.util.stream.Collectors; import static io.metersphere.system.controller.handler.result.CommonResultCode.INTERNAL_USER_ROLE_PERMISSION; +import static io.metersphere.system.controller.result.SystemResultCode.NO_GLOBAL_USER_ROLE_PERMISSION; import static io.metersphere.system.controller.result.SystemResultCode.NO_ORG_USER_ROLE_PERMISSION; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*; @@ -125,7 +126,7 @@ public class OrganizationUserRoleControllerTests extends BaseTest { // 非内置用户组异常 request = new OrganizationUserRoleEditRequest(); request.setId(InternalUserRole.ORG_ADMIN.getValue()); - this.requestPost(ORGANIZATION_USER_ROLE_UPDATE, request).andExpect(jsonPath("$.code").value(INTERNAL_USER_ROLE_PERMISSION.getCode())); + this.requestPost(ORGANIZATION_USER_ROLE_UPDATE, request).andExpect(jsonPath("$.code").value(NO_GLOBAL_USER_ROLE_PERMISSION.getCode())); // 用户组名称已存在 request = new OrganizationUserRoleEditRequest(); request.setId("default-org-role-id-2"); @@ -233,7 +234,7 @@ public class OrganizationUserRoleControllerTests extends BaseTest { // 内置用户组异常 request.setUserRoleId(InternalUserRole.ORG_ADMIN.getValue()); this.requestPost(ORGANIZATION_USER_ROLE_PERMISSION_UPDATE, request) - .andExpect(jsonPath("$.code").value(INTERNAL_USER_ROLE_PERMISSION.getCode())); + .andExpect(jsonPath("$.code").value(NO_GLOBAL_USER_ROLE_PERMISSION.getCode())); } @Test