diff --git a/backend/src/main/java/io/metersphere/controller/UserController.java b/backend/src/main/java/io/metersphere/controller/UserController.java index 8c38b04282..4d2a968141 100644 --- a/backend/src/main/java/io/metersphere/controller/UserController.java +++ b/backend/src/main/java/io/metersphere/controller/UserController.java @@ -4,6 +4,7 @@ import com.github.pagehelper.Page; import com.github.pagehelper.PageHelper; import io.metersphere.base.domain.User; import io.metersphere.commons.constants.RoleConstants; +import io.metersphere.commons.exception.MSException; import io.metersphere.commons.utils.PageUtils; import io.metersphere.commons.utils.Pager; import io.metersphere.controller.request.UserRequest; @@ -17,6 +18,7 @@ import io.metersphere.service.UserService; import io.metersphere.service.WorkspaceService; import io.metersphere.user.SessionUser; import io.metersphere.user.SessionUtils; +import org.apache.commons.lang3.StringUtils; import org.apache.shiro.authz.annotation.Logical; import org.apache.shiro.authz.annotation.RequiresRoles; import org.springframework.beans.BeanUtils; @@ -120,6 +122,9 @@ public class UserController { @PostMapping("/update/current") public UserDTO updateCurrentUser(@RequestBody User user) { + UserDTO userDTO = userService.getUserDTO(user.getId()); + BeanUtils.copyProperties(user, userDTO); + SessionUtils.putUser(SessionUser.fromUser(userDTO)); userService.updateUser(user); return SessionUtils.getUser(); } @@ -182,6 +187,10 @@ public class UserController { @RequiresRoles(value = {RoleConstants.TEST_MANAGER,RoleConstants.ORG_ADMIN}, logical = Logical.OR) public void deleteMember(@PathVariable String workspaceId, @PathVariable String userId) { workspaceService.checkWorkspaceOwner(workspaceId); + String currentUserId = SessionUtils.getUser().getId(); + if (StringUtils.equals(userId, currentUserId)) { + MSException.throwException("Insufficient permissions!"); + } userService.deleteMember(workspaceId, userId); } @@ -202,6 +211,10 @@ public class UserController { @RequiresRoles(RoleConstants.ORG_ADMIN) public void delOrganizationMember(@PathVariable String organizationId, @PathVariable String userId) { organizationService.checkOrgOwner(organizationId); + String currentUserId = SessionUtils.getUser().getId(); + if (StringUtils.equals(userId, currentUserId)) { + MSException.throwException("Insufficient permissions!"); + } userService.delOrganizationMember(organizationId, userId); } diff --git a/backend/src/main/java/io/metersphere/service/UserService.java b/backend/src/main/java/io/metersphere/service/UserService.java index 120a2afa4e..b40f1c4869 100644 --- a/backend/src/main/java/io/metersphere/service/UserService.java +++ b/backend/src/main/java/io/metersphere/service/UserService.java @@ -124,11 +124,8 @@ public class UserService { } public void updateUser(User user) { - UserDTO userDTO = getUserDTO(user.getId()); - BeanUtils.copyProperties(user, userDTO); // MD5 user.setPassword(CodingUtil.md5(user.getPassword())); - SessionUtils.putUser(SessionUser.fromUser(userDTO)); user.setUpdateTime(System.currentTimeMillis()); userMapper.updateByPrimaryKeySelective(user); } diff --git a/frontend/src/business/components/settings/workspace/WorkspaceMember.vue b/frontend/src/business/components/settings/workspace/WorkspaceMember.vue index 302e0272a1..188f74fafd 100644 --- a/frontend/src/business/components/settings/workspace/WorkspaceMember.vue +++ b/frontend/src/business/components/settings/workspace/WorkspaceMember.vue @@ -175,14 +175,11 @@ cancelButtonText: this.$t('commons.cancel'), type: 'warning' }).then(() => { - this.loading = true; - this.$get('/user/ws/member/delete/' + this.currentUser().lastWorkspaceId + '/' + row.id).then(() => { + this.result = this.$get('/user/ws/member/delete/' + this.currentUser().lastWorkspaceId + '/' + row.id,() => { + this.$success(this.$t('commons.delete_success')); this.initTableData(); - this.loading = false; }); - this.$success(this.$t('commons.delete_success')); }).catch(() => { - this.loading = false; this.$info(this.$t('commons.delete_cancel')); }); },