Merge remote-tracking branch 'origin/dev' into dev

backend/src/main/java/io/metersphere/controller/UserController.java

@@ -4,6 +4,7 @@ import com.github.pagehelper.Page;
 import com.github.pagehelper.PageHelper;
 import io.metersphere.base.domain.User;
 import io.metersphere.commons.constants.RoleConstants;
+import io.metersphere.commons.exception.MSException;
 import io.metersphere.commons.utils.PageUtils;
 import io.metersphere.commons.utils.Pager;
 import io.metersphere.controller.request.UserRequest;
@@ -17,6 +18,7 @@ import io.metersphere.service.UserService;
 import io.metersphere.service.WorkspaceService;
 import io.metersphere.user.SessionUser;
 import io.metersphere.user.SessionUtils;
+import org.apache.commons.lang3.StringUtils;
 import org.apache.shiro.authz.annotation.Logical;
 import org.apache.shiro.authz.annotation.RequiresRoles;
 import org.springframework.beans.BeanUtils;
@@ -120,6 +122,9 @@ public class UserController {
 
     @PostMapping("/update/current")
     public UserDTO updateCurrentUser(@RequestBody User user) {
+        UserDTO userDTO = userService.getUserDTO(user.getId());
+        BeanUtils.copyProperties(user, userDTO);
+        SessionUtils.putUser(SessionUser.fromUser(userDTO));
         userService.updateUser(user);
         return SessionUtils.getUser();
     }
@@ -182,6 +187,10 @@ public class UserController {
     @RequiresRoles(value = {RoleConstants.TEST_MANAGER,RoleConstants.ORG_ADMIN}, logical = Logical.OR)
     public void deleteMember(@PathVariable String workspaceId, @PathVariable String userId) {
         workspaceService.checkWorkspaceOwner(workspaceId);
+        String currentUserId = SessionUtils.getUser().getId();
+        if (StringUtils.equals(userId, currentUserId)) {
+            MSException.throwException("Insufficient permissions!");
+        }
         userService.deleteMember(workspaceId, userId);
     }
 
@@ -202,6 +211,10 @@ public class UserController {
     @RequiresRoles(RoleConstants.ORG_ADMIN)
     public void delOrganizationMember(@PathVariable String organizationId, @PathVariable String userId) {
         organizationService.checkOrgOwner(organizationId);
+        String currentUserId = SessionUtils.getUser().getId();
+        if (StringUtils.equals(userId, currentUserId)) {
+            MSException.throwException("Insufficient permissions!");
+        }
         userService.delOrganizationMember(organizationId, userId);
     }
 

backend/src/main/java/io/metersphere/service/UserService.java

@@ -124,11 +124,8 @@ public class UserService {
     }
 
     public void updateUser(User user) {
-        UserDTO userDTO = getUserDTO(user.getId());
-        BeanUtils.copyProperties(user, userDTO);
         // MD5
         user.setPassword(CodingUtil.md5(user.getPassword()));
-        SessionUtils.putUser(SessionUser.fromUser(userDTO));
         user.setUpdateTime(System.currentTimeMillis());
         userMapper.updateByPrimaryKeySelective(user);
     }

frontend/src/business/components/settings/workspace/WorkspaceMember.vue

@@ -175,14 +175,11 @@
           cancelButtonText: this.$t('commons.cancel'),
           type: 'warning'
         }).then(() => {
-          this.loading = true;
-          this.$get('/user/ws/member/delete/' + this.currentUser().lastWorkspaceId + '/' + row.id).then(() => {
+          this.result = this.$get('/user/ws/member/delete/' + this.currentUser().lastWorkspaceId + '/' + row.id,() => {
+            this.$success(this.$t('commons.delete_success'));
             this.initTableData();
-            this.loading = false;
           });
-          this.$success(this.$t('commons.delete_success'));
         }).catch(() => {
-          this.loading = false;
           this.$info(this.$t('commons.delete_cancel'));
         });
       },