fix: 修复权限相关问题
--bug=1013914 --user=刘瑞斌 【接口测试】只读用户权限,可以调用/project/list/{goPage}/{pageSize} https://www.tapd.cn/55049933/s/1179339
This commit is contained in:
parent
2dfb5568fb
commit
3de626c046
|
@ -1,21 +1,20 @@
|
||||||
package io.metersphere.security.realm;
|
package io.metersphere.security.realm;
|
||||||
|
|
||||||
|
import io.metersphere.base.domain.Group;
|
||||||
import io.metersphere.base.domain.UserGroupPermission;
|
import io.metersphere.base.domain.UserGroupPermission;
|
||||||
import io.metersphere.commons.user.SessionUser;
|
import io.metersphere.commons.user.SessionUser;
|
||||||
import io.metersphere.commons.utils.SessionUtils;
|
import io.metersphere.commons.utils.SessionUtils;
|
||||||
import io.metersphere.dto.GroupResourceDTO;
|
|
||||||
import io.metersphere.dto.UserDTO;
|
import io.metersphere.dto.UserDTO;
|
||||||
import io.metersphere.i18n.Translator;
|
import io.metersphere.i18n.Translator;
|
||||||
import io.metersphere.service.UserService;
|
import io.metersphere.service.UserService;
|
||||||
|
import org.apache.commons.lang3.StringUtils;
|
||||||
import org.apache.shiro.authc.*;
|
import org.apache.shiro.authc.*;
|
||||||
import org.apache.shiro.authz.AuthorizationInfo;
|
import org.apache.shiro.authz.AuthorizationInfo;
|
||||||
import org.apache.shiro.realm.AuthorizingRealm;
|
import org.apache.shiro.realm.AuthorizingRealm;
|
||||||
import org.apache.shiro.subject.PrincipalCollection;
|
import org.apache.shiro.subject.PrincipalCollection;
|
||||||
|
|
||||||
import javax.annotation.Resource;
|
import javax.annotation.Resource;
|
||||||
import java.util.List;
|
import java.util.*;
|
||||||
import java.util.Objects;
|
|
||||||
import java.util.Set;
|
|
||||||
import java.util.stream.Collectors;
|
import java.util.stream.Collectors;
|
||||||
|
|
||||||
public abstract class BaseRealm extends AuthorizingRealm {
|
public abstract class BaseRealm extends AuthorizingRealm {
|
||||||
|
@ -44,12 +43,57 @@ public abstract class BaseRealm extends AuthorizingRealm {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public boolean isPermitted(PrincipalCollection principals, String permission) {
|
public boolean isPermitted(PrincipalCollection principals, String permission) {
|
||||||
Set<String> permissions = Objects.requireNonNull(SessionUtils.getUser()).getGroupPermissions().stream()
|
Map<String, List<UserGroupPermission>> userGroupPermissions = new HashMap<>();
|
||||||
.map(GroupResourceDTO::getUserGroupPermissions)
|
Map<String, Group> group = new HashMap<>();
|
||||||
.flatMap(List::stream)
|
SessionUser user = Objects.requireNonNull(SessionUtils.getUser());
|
||||||
|
user.getUserGroups().forEach(ug -> user.getGroupPermissions().forEach(gp -> {
|
||||||
|
if (StringUtils.equals(gp.getGroup().getId(), ug.getGroupId())) {
|
||||||
|
userGroupPermissions.put(ug.getId(), gp.getUserGroupPermissions());
|
||||||
|
group.put(ug.getId(), gp.getGroup());
|
||||||
|
}
|
||||||
|
}));
|
||||||
|
|
||||||
|
|
||||||
|
Set<String> currentProjectPermissions = getCurrentProjectPermissions(userGroupPermissions, group, user);
|
||||||
|
if (currentProjectPermissions.contains(permission)) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
Set<String> currentWorkspacePermissions = getCurrentWorkspacePermissions(userGroupPermissions, group, user);
|
||||||
|
if (currentWorkspacePermissions.contains(permission)) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
Set<String> systemPermissions = getSystemPermissions(userGroupPermissions, group, user);
|
||||||
|
return systemPermissions.contains(permission);
|
||||||
|
}
|
||||||
|
|
||||||
|
private Set<String> getSystemPermissions(Map<String, List<UserGroupPermission>> userGroupPermissions, Map<String, Group> group, SessionUser user) {
|
||||||
|
return user.getUserGroups().stream()
|
||||||
|
.filter(ug -> group.get(ug.getId()) != null && StringUtils.equals(group.get(ug.getId()).getType(), "SYSTEM"))
|
||||||
|
.filter(ug -> StringUtils.equals(ug.getSourceId(), "system") || StringUtils.equals(ug.getSourceId(), "'adminSourceId'"))
|
||||||
|
.flatMap(ug -> userGroupPermissions.get(ug.getId()).stream())
|
||||||
.map(UserGroupPermission::getPermissionId)
|
.map(UserGroupPermission::getPermissionId)
|
||||||
.collect(Collectors.toSet());
|
.collect(Collectors.toSet());
|
||||||
|
}
|
||||||
|
|
||||||
return permissions.contains(permission);
|
private Set<String> getCurrentWorkspacePermissions(Map<String, List<UserGroupPermission>> userGroupPermissions, Map<String, Group> group, SessionUser user) {
|
||||||
|
String currentWorkspaceId = SessionUtils.getCurrentWorkspaceId();
|
||||||
|
return user.getUserGroups().stream()
|
||||||
|
.filter(ug -> group.get(ug.getId()) != null && StringUtils.equals(group.get(ug.getId()).getType(), "WORKSPACE"))
|
||||||
|
.filter(ug -> StringUtils.equals(ug.getSourceId(), currentWorkspaceId))
|
||||||
|
.flatMap(ug -> userGroupPermissions.get(ug.getId()).stream())
|
||||||
|
.map(UserGroupPermission::getPermissionId)
|
||||||
|
.collect(Collectors.toSet());
|
||||||
|
}
|
||||||
|
|
||||||
|
private Set<String> getCurrentProjectPermissions(Map<String, List<UserGroupPermission>> userGroupPermissions, Map<String, Group> group, SessionUser user) {
|
||||||
|
String currentProjectId = SessionUtils.getCurrentProjectId();
|
||||||
|
return user.getUserGroups().stream()
|
||||||
|
.filter(ug -> group.get(ug.getId()) != null && StringUtils.equals(group.get(ug.getId()).getType(), "PROJECT"))
|
||||||
|
.filter(ug -> StringUtils.equals(ug.getSourceId(), currentProjectId))
|
||||||
|
.flatMap(ug -> userGroupPermissions.get(ug.getId()).stream())
|
||||||
|
.map(UserGroupPermission::getPermissionId)
|
||||||
|
.collect(Collectors.toSet());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -34,16 +34,12 @@ export function hasPermission(permission) {
|
||||||
// todo 权限验证
|
// todo 权限验证
|
||||||
let currentProjectPermissions = user.userGroups.filter(ug => ug.group && ug.group.type === 'PROJECT')
|
let currentProjectPermissions = user.userGroups.filter(ug => ug.group && ug.group.type === 'PROJECT')
|
||||||
.filter(ug => ug.sourceId === getCurrentProjectID())
|
.filter(ug => ug.sourceId === getCurrentProjectID())
|
||||||
.map(ug => ug.userGroupPermissions)
|
.flatMap(ug => ug.userGroupPermissions)
|
||||||
.reduce((total, current) => {
|
|
||||||
return total.concat(current);
|
|
||||||
}, [])
|
|
||||||
.map(g => g.permissionId)
|
.map(g => g.permissionId)
|
||||||
.reduce((total, current) => {
|
.reduce((total, current) => {
|
||||||
total.add(current);
|
total.add(current);
|
||||||
return total;
|
return total;
|
||||||
}, new Set);
|
}, new Set);
|
||||||
|
|
||||||
for (const p of currentProjectPermissions) {
|
for (const p of currentProjectPermissions) {
|
||||||
if (p === permission) {
|
if (p === permission) {
|
||||||
return true;
|
return true;
|
||||||
|
@ -52,10 +48,7 @@ export function hasPermission(permission) {
|
||||||
|
|
||||||
let currentWorkspacePermissions = user.userGroups.filter(ug => ug.group && ug.group.type === 'WORKSPACE')
|
let currentWorkspacePermissions = user.userGroups.filter(ug => ug.group && ug.group.type === 'WORKSPACE')
|
||||||
.filter(ug => ug.sourceId === getCurrentWorkspaceId())
|
.filter(ug => ug.sourceId === getCurrentWorkspaceId())
|
||||||
.map(ug => ug.userGroupPermissions)
|
.flatMap(ug => ug.userGroupPermissions)
|
||||||
.reduce((total, current) => {
|
|
||||||
return total.concat(current);
|
|
||||||
}, [])
|
|
||||||
.map(g => g.permissionId)
|
.map(g => g.permissionId)
|
||||||
.reduce((total, current) => {
|
.reduce((total, current) => {
|
||||||
total.add(current);
|
total.add(current);
|
||||||
|
@ -70,10 +63,7 @@ export function hasPermission(permission) {
|
||||||
|
|
||||||
let systemPermissions = user.userGroups.filter(gp => gp.group && gp.group.type === 'SYSTEM')
|
let systemPermissions = user.userGroups.filter(gp => gp.group && gp.group.type === 'SYSTEM')
|
||||||
.filter(ug => ug.sourceId === 'system' || ug.sourceId === 'adminSourceId')
|
.filter(ug => ug.sourceId === 'system' || ug.sourceId === 'adminSourceId')
|
||||||
.map(ug => ug.userGroupPermissions)
|
.flatMap(ug => ug.userGroupPermissions)
|
||||||
.reduce((total, current) => {
|
|
||||||
return total.concat(current);
|
|
||||||
}, [])
|
|
||||||
.map(g => g.permissionId)
|
.map(g => g.permissionId)
|
||||||
.reduce((total, current) => {
|
.reduce((total, current) => {
|
||||||
total.add(current);
|
total.add(current);
|
||||||
|
|
Loading…
Reference in New Issue