From 475ea93a6df7524433b8be292ad3e22c62a56f42 Mon Sep 17 00:00:00 2001 From: shiziyuan9527 Date: Mon, 9 Mar 2020 15:10:27 +0800 Subject: [PATCH] =?UTF-8?q?=E7=BB=84=E7=BB=87=E5=B7=A5=E4=BD=9C=E7=A9=BA?= =?UTF-8?q?=E9=97=B4=E6=B7=BB=E5=8A=A0=E7=A7=BB=E9=99=A4=E7=94=A8=E6=88=B7?= =?UTF-8?q?=E6=97=B6=E5=81=9A=E8=B5=84=E6=BA=90=E6=89=80=E5=B1=9E=E6=A3=80?= =?UTF-8?q?=E6=9F=A5?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../controller/OrganizationController.java | 1 + .../controller/UserController.java | 31 ++++++------ .../controller/UserRoleController.java | 1 + .../controller/WorkspaceController.java | 4 +- .../service/OrganizationService.java | 17 +++++++ .../metersphere/service/WorkspaceService.java | 49 +++++++++++++++++-- backend/src/main/resources/i18n/en-US.json | 3 +- backend/src/main/resources/i18n/zh-CN.json | 3 +- 8 files changed, 86 insertions(+), 23 deletions(-) diff --git a/backend/src/main/java/io/metersphere/controller/OrganizationController.java b/backend/src/main/java/io/metersphere/controller/OrganizationController.java index 158ceb53be..cfd103e5f9 100644 --- a/backend/src/main/java/io/metersphere/controller/OrganizationController.java +++ b/backend/src/main/java/io/metersphere/controller/OrganizationController.java @@ -37,6 +37,7 @@ public class OrganizationController { } @GetMapping("/delete/{organizationId}") + @RequiresRoles(RoleConstants.ADMIN) public void deleteOrganization(@PathVariable(value = "organizationId") String organizationId) { organizationService.deleteOrganization(organizationId); } @PostMapping("/update") diff --git a/backend/src/main/java/io/metersphere/controller/UserController.java b/backend/src/main/java/io/metersphere/controller/UserController.java index f5f2dd54b5..8fc38ecb06 100644 --- a/backend/src/main/java/io/metersphere/controller/UserController.java +++ b/backend/src/main/java/io/metersphere/controller/UserController.java @@ -12,7 +12,9 @@ import io.metersphere.controller.request.member.QueryMemberRequest; import io.metersphere.controller.request.organization.AddOrgMemberRequest; import io.metersphere.controller.request.organization.QueryOrgMemberRequest; import io.metersphere.dto.UserDTO; +import io.metersphere.service.OrganizationService; import io.metersphere.service.UserService; +import io.metersphere.service.WorkspaceService; import io.metersphere.user.SessionUser; import io.metersphere.user.SessionUtils; import org.apache.shiro.authz.annotation.Logical; @@ -28,6 +30,10 @@ public class UserController { @Resource private UserService userService; + @Resource + private OrganizationService organizationService; + @Resource + private WorkspaceService workspaceService; // admin api @PostMapping("/special/add") @@ -123,7 +129,6 @@ public class UserController { @PostMapping("/switch/source/org/{sourceId}") @RequiresRoles(RoleConstants.ORG_ADMIN) public UserDTO switchOrganization(@PathVariable(value = "sourceId") String sourceId) { - // todo checkOrganizationOwner() UserDTO user = SessionUtils.getUser(); userService.switchUserRole(user,"organization",sourceId); return SessionUtils.getUser(); @@ -132,7 +137,6 @@ public class UserController { @PostMapping("/switch/source/ws/{sourceId}") @RequiresRoles(value = {RoleConstants.TEST_MANAGER,RoleConstants.TEST_VIEWER,RoleConstants.TEST_USER}, logical = Logical.OR) public UserDTO switchWorkspace(@PathVariable(value = "sourceId") String sourceId) { - // todo checkWorkspaceOwner() UserDTO user = SessionUtils.getUser(); userService.switchUserRole(user, "workspace", sourceId); return SessionUtils.getUser(); @@ -150,7 +154,6 @@ public class UserController { @RequiresRoles(value = {RoleConstants.ORG_ADMIN,RoleConstants.TEST_MANAGER, RoleConstants.TEST_USER,RoleConstants.TEST_VIEWER}, logical = Logical.OR) public Pager> getMemberList(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody QueryMemberRequest request) { - // todo 检查是否是该工作空间的所有者 或者是 该工作空间的父级组织的所有者 Page page = PageHelper.startPage(goPage, pageSize, true); return PageUtils.setPageInfo(page, userService.getMemberList(request)); } @@ -162,7 +165,6 @@ public class UserController { @RequiresRoles(value = {RoleConstants.ORG_ADMIN,RoleConstants.TEST_MANAGER, RoleConstants.TEST_USER,RoleConstants.TEST_VIEWER}, logical = Logical.OR) public List getMemberList(@RequestBody QueryMemberRequest request) { - // todo 检查是否是该工作空间的所有者 或者是 该工作空间的父级组织的所有者 return userService.getMemberList(request); } @@ -172,7 +174,8 @@ public class UserController { @PostMapping("/ws/member/add") @RequiresRoles(value = {RoleConstants.TEST_MANAGER,RoleConstants.ORG_ADMIN}, logical = Logical.OR) public void addMember(@RequestBody AddMemberRequest request) { - // todo check + String wsId = request.getWorkspaceId(); + workspaceService.checkWorkspaceOwner(wsId); userService.addMember(request); } @@ -182,7 +185,7 @@ public class UserController { @GetMapping("/ws/member/delete/{workspaceId}/{userId}") @RequiresRoles(value = {RoleConstants.TEST_MANAGER,RoleConstants.ORG_ADMIN}, logical = Logical.OR) public void deleteMember(@PathVariable String workspaceId, @PathVariable String userId) { - // todo check + workspaceService.checkWorkspaceOwner(workspaceId); userService.deleteMember(workspaceId, userId); } @@ -190,9 +193,9 @@ public class UserController { * 添加组织成员 */ @PostMapping("/org/member/add") - @RequiresRoles(value = {RoleConstants.ORG_ADMIN,RoleConstants.TEST_MANAGER}, logical = Logical.OR) + @RequiresRoles(RoleConstants.ORG_ADMIN) public void addOrganizationMember(@RequestBody AddOrgMemberRequest request) { - // todo check + organizationService.checkOrgOwner(request.getOrganizationId()); userService.addOrganizationMember(request); } @@ -200,9 +203,9 @@ public class UserController { * 删除组织成员 */ @GetMapping("/org/member/delete/{organizationId}/{userId}") - @RequiresRoles(value = {RoleConstants.ORG_ADMIN,RoleConstants.TEST_MANAGER}, logical = Logical.OR) + @RequiresRoles(RoleConstants.ORG_ADMIN) public void delOrganizationMember(@PathVariable String organizationId, @PathVariable String userId) { - // todo check + organizationService.checkOrgOwner(organizationId); userService.delOrganizationMember(organizationId, userId); } @@ -210,10 +213,8 @@ public class UserController { * 查询组织成员列表 */ @PostMapping("/org/member/list/{goPage}/{pageSize}") - @RequiresRoles(value = {RoleConstants.ORG_ADMIN,RoleConstants.TEST_MANAGER, - RoleConstants.TEST_USER,RoleConstants.TEST_VIEWER}, logical = Logical.OR) + @RequiresRoles(value = {RoleConstants.ORG_ADMIN,RoleConstants.TEST_MANAGER}, logical = Logical.OR) public Pager> getOrgMemberList(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody QueryOrgMemberRequest request) { - // todo check Page page = PageHelper.startPage(goPage, pageSize, true); return PageUtils.setPageInfo(page, userService.getOrgMemberList(request)); } @@ -222,10 +223,8 @@ public class UserController { * 组织成员列表不分页 */ @PostMapping("/org/member/list/all") - @RequiresRoles(value = {RoleConstants.ORG_ADMIN,RoleConstants.TEST_MANAGER, - RoleConstants.TEST_USER,RoleConstants.TEST_VIEWER}, logical = Logical.OR) + @RequiresRoles(value = {RoleConstants.ORG_ADMIN,RoleConstants.TEST_MANAGER}, logical = Logical.OR) public List getOrgMemberList(@RequestBody QueryOrgMemberRequest request) { - // todo check return userService.getOrgMemberList(request); } diff --git a/backend/src/main/java/io/metersphere/controller/UserRoleController.java b/backend/src/main/java/io/metersphere/controller/UserRoleController.java index d0c6e24ea0..35a3645201 100644 --- a/backend/src/main/java/io/metersphere/controller/UserRoleController.java +++ b/backend/src/main/java/io/metersphere/controller/UserRoleController.java @@ -26,6 +26,7 @@ public class UserRoleController { } @GetMapping("/list/ws/{workspaceId}/{userId}") + @RequiresRoles(value = {RoleConstants.ADMIN,RoleConstants.ORG_ADMIN}, logical = Logical.OR) public List getWorkspaceMemberRole(@PathVariable String workspaceId, @PathVariable String userId) { return userRoleService.getWorkspaceMemberRoles(workspaceId, userId); } diff --git a/backend/src/main/java/io/metersphere/controller/WorkspaceController.java b/backend/src/main/java/io/metersphere/controller/WorkspaceController.java index b5f458baaa..4277b4358d 100644 --- a/backend/src/main/java/io/metersphere/controller/WorkspaceController.java +++ b/backend/src/main/java/io/metersphere/controller/WorkspaceController.java @@ -40,7 +40,7 @@ public class WorkspaceController { @PostMapping("update") @RequiresRoles(RoleConstants.ORG_ADMIN) public Workspace updateWorkspace(@RequestBody Workspace workspace) { - workspaceService.checkOwner(workspace.getId()); + workspaceService.checkWorkspaceOwnerByOrgAdmin(workspace.getId()); return workspaceService.saveWorkspace(workspace); } @@ -53,7 +53,7 @@ public class WorkspaceController { @GetMapping("delete/{workspaceId}") @RequiresRoles(RoleConstants.ORG_ADMIN) public void deleteWorkspace(@PathVariable String workspaceId) { - workspaceService.checkOwner(workspaceId); + workspaceService.checkWorkspaceOwnerByOrgAdmin(workspaceId); workspaceService.deleteWorkspace(workspaceId); } diff --git a/backend/src/main/java/io/metersphere/service/OrganizationService.java b/backend/src/main/java/io/metersphere/service/OrganizationService.java index 1a6465e303..ac651ead6a 100644 --- a/backend/src/main/java/io/metersphere/service/OrganizationService.java +++ b/backend/src/main/java/io/metersphere/service/OrganizationService.java @@ -6,8 +6,13 @@ import io.metersphere.base.mapper.UserMapper; import io.metersphere.base.mapper.UserRoleMapper; import io.metersphere.base.mapper.ext.ExtOrganizationMapper; import io.metersphere.base.mapper.ext.ExtUserRoleMapper; +import io.metersphere.commons.constants.RoleConstants; +import io.metersphere.commons.exception.MSException; import io.metersphere.dto.OrganizationMemberDTO; import io.metersphere.dto.UserRoleHelpDTO; +import io.metersphere.i18n.Translator; +import io.metersphere.user.SessionUser; +import io.metersphere.user.SessionUtils; import org.apache.commons.lang3.StringUtils; import org.springframework.beans.BeanUtils; import org.springframework.stereotype.Service; @@ -109,4 +114,16 @@ public class OrganizationService { public Integer checkSourceRole(String orgId, String userId, String roleId) { return extOrganizationMapper.checkSourceRole(orgId, userId, roleId); } + + public void checkOrgOwner(String organizationId) { + SessionUser user = SessionUtils.getUser(); + List collect = user.getUserRoles().stream() + .filter(ur -> RoleConstants.ORG_ADMIN.equals(ur.getRoleId())) + .map(UserRole::getSourceId) + .collect(Collectors.toList()); + if (!collect.contains(organizationId)) { + MSException.throwException(Translator.get("organization_does_not_belong_to_user")); + } + + } } diff --git a/backend/src/main/java/io/metersphere/service/WorkspaceService.java b/backend/src/main/java/io/metersphere/service/WorkspaceService.java index d2ae432f07..5b9281419a 100644 --- a/backend/src/main/java/io/metersphere/service/WorkspaceService.java +++ b/backend/src/main/java/io/metersphere/service/WorkspaceService.java @@ -91,15 +91,16 @@ public class WorkspaceService { } /** - * ORG_ADMIN 需要检查是否有操作此工作空间的权限 + * ORG_ADMIN需要检查是否有操作此工作空间的权限 */ - public void checkOwner(String workspaceId) { + public void checkWorkspaceOwnerByOrgAdmin(String workspaceId) { + checkWorkspaceIsExist(workspaceId); + WorkspaceExample example = new WorkspaceExample(); SessionUser user = SessionUtils.getUser(); List orgIds = user.getUserRoles().stream() .filter(ur -> RoleConstants.ORG_ADMIN.equals(ur.getRoleId())) .map(UserRole::getSourceId) .collect(Collectors.toList()); - WorkspaceExample example = new WorkspaceExample(); example.createCriteria() .andOrganizationIdIn(orgIds) .andIdEqualTo(workspaceId); @@ -108,6 +109,48 @@ public class WorkspaceService { } } + public void checkWorkspaceOwnerByTestManager(String workspaceId) { + checkWorkspaceIsExist(workspaceId); + SessionUser user = SessionUtils.getUser(); + List wsIds = user.getUserRoles().stream() + .filter(ur -> RoleConstants.TEST_MANAGER.equals(ur.getRoleId())) + .map(UserRole::getSourceId) + .collect(Collectors.toList()); + boolean contains = wsIds.contains(workspaceId); + if (!contains) { + MSException.throwException(Translator.get("workspace_does_not_belong_to_user")); + } + } + + public void checkWorkspaceOwner(String workspaceId) { + checkWorkspaceIsExist(workspaceId); + WorkspaceExample example = new WorkspaceExample(); + SessionUser user = SessionUtils.getUser(); + List orgIds = user.getUserRoles().stream() + .filter(ur -> RoleConstants.ORG_ADMIN.equals(ur.getRoleId())) + .map(UserRole::getSourceId) + .collect(Collectors.toList()); + example.createCriteria() + .andOrganizationIdIn(orgIds) + .andIdEqualTo(workspaceId); + List wsIds = user.getUserRoles().stream() + .filter(ur -> RoleConstants.TEST_MANAGER.equals(ur.getRoleId())) + .map(UserRole::getSourceId) + .collect(Collectors.toList()); + boolean contains = wsIds.contains(workspaceId); + if (workspaceMapper.countByExample(example) == 0 && !contains) { + MSException.throwException(Translator.get("workspace_does_not_belong_to_user")); + } + } + + public void checkWorkspaceIsExist(String workspaceId) { + WorkspaceExample example = new WorkspaceExample(); + example.createCriteria().andIdEqualTo(workspaceId); + if (workspaceMapper.countByExample(example) == 0) { + MSException.throwException("workspace_not_exist"); + } + } + public List getWorkspaceListByUserId(String userId) { List userRoleHelpList = extUserRoleMapper.getUserRoleHelpList(userId); List workspaceIds = new ArrayList<>(); diff --git a/backend/src/main/resources/i18n/en-US.json b/backend/src/main/resources/i18n/en-US.json index 679dffb8b1..8b66b212cf 100644 --- a/backend/src/main/resources/i18n/en-US.json +++ b/backend/src/main/resources/i18n/en-US.json @@ -5,5 +5,6 @@ "project_name_already_exists": "The project name already exists", "workspace_name_is_null": "Workspace name cannot be null", "workspace_name_already_exists": "The workspace name already exists", - "workspace_does_not_belong_to_user": "The current workspace does not belong to the current user" + "workspace_does_not_belong_to_user": "The current workspace does not belong to the current user", + "organization_does_not_belong_to_user": "The current organization does not belong to the current user" } \ No newline at end of file diff --git a/backend/src/main/resources/i18n/zh-CN.json b/backend/src/main/resources/i18n/zh-CN.json index 23fe3b54ed..58a2502874 100644 --- a/backend/src/main/resources/i18n/zh-CN.json +++ b/backend/src/main/resources/i18n/zh-CN.json @@ -5,5 +5,6 @@ "project_name_already_exists": "项目名称已存在", "workspace_name_is_null": "工作空间名不能为空", "workspace_name_already_exists": "工作空间名已存在", - "workspace_does_not_belong_to_user": "当前工作空间不属于当前用户" + "workspace_does_not_belong_to_user": "当前工作空间不属于当前用户", + "organization_does_not_belong_to_user": "当前组织不属于当前用户" } \ No newline at end of file