组织工作空间添加移除用户时做资源所属检查

This commit is contained in:
shiziyuan9527 2020-03-09 15:10:27 +08:00
parent 6ff15af985
commit 475ea93a6d
8 changed files with 86 additions and 23 deletions

View File

@ -37,6 +37,7 @@ public class OrganizationController {
} }
@GetMapping("/delete/{organizationId}") @GetMapping("/delete/{organizationId}")
@RequiresRoles(RoleConstants.ADMIN)
public void deleteOrganization(@PathVariable(value = "organizationId") String organizationId) { organizationService.deleteOrganization(organizationId); } public void deleteOrganization(@PathVariable(value = "organizationId") String organizationId) { organizationService.deleteOrganization(organizationId); }
@PostMapping("/update") @PostMapping("/update")

View File

@ -12,7 +12,9 @@ import io.metersphere.controller.request.member.QueryMemberRequest;
import io.metersphere.controller.request.organization.AddOrgMemberRequest; import io.metersphere.controller.request.organization.AddOrgMemberRequest;
import io.metersphere.controller.request.organization.QueryOrgMemberRequest; import io.metersphere.controller.request.organization.QueryOrgMemberRequest;
import io.metersphere.dto.UserDTO; import io.metersphere.dto.UserDTO;
import io.metersphere.service.OrganizationService;
import io.metersphere.service.UserService; import io.metersphere.service.UserService;
import io.metersphere.service.WorkspaceService;
import io.metersphere.user.SessionUser; import io.metersphere.user.SessionUser;
import io.metersphere.user.SessionUtils; import io.metersphere.user.SessionUtils;
import org.apache.shiro.authz.annotation.Logical; import org.apache.shiro.authz.annotation.Logical;
@ -28,6 +30,10 @@ public class UserController {
@Resource @Resource
private UserService userService; private UserService userService;
@Resource
private OrganizationService organizationService;
@Resource
private WorkspaceService workspaceService;
// admin api // admin api
@PostMapping("/special/add") @PostMapping("/special/add")
@ -123,7 +129,6 @@ public class UserController {
@PostMapping("/switch/source/org/{sourceId}") @PostMapping("/switch/source/org/{sourceId}")
@RequiresRoles(RoleConstants.ORG_ADMIN) @RequiresRoles(RoleConstants.ORG_ADMIN)
public UserDTO switchOrganization(@PathVariable(value = "sourceId") String sourceId) { public UserDTO switchOrganization(@PathVariable(value = "sourceId") String sourceId) {
// todo checkOrganizationOwner()
UserDTO user = SessionUtils.getUser(); UserDTO user = SessionUtils.getUser();
userService.switchUserRole(user,"organization",sourceId); userService.switchUserRole(user,"organization",sourceId);
return SessionUtils.getUser(); return SessionUtils.getUser();
@ -132,7 +137,6 @@ public class UserController {
@PostMapping("/switch/source/ws/{sourceId}") @PostMapping("/switch/source/ws/{sourceId}")
@RequiresRoles(value = {RoleConstants.TEST_MANAGER,RoleConstants.TEST_VIEWER,RoleConstants.TEST_USER}, logical = Logical.OR) @RequiresRoles(value = {RoleConstants.TEST_MANAGER,RoleConstants.TEST_VIEWER,RoleConstants.TEST_USER}, logical = Logical.OR)
public UserDTO switchWorkspace(@PathVariable(value = "sourceId") String sourceId) { public UserDTO switchWorkspace(@PathVariable(value = "sourceId") String sourceId) {
// todo checkWorkspaceOwner()
UserDTO user = SessionUtils.getUser(); UserDTO user = SessionUtils.getUser();
userService.switchUserRole(user, "workspace", sourceId); userService.switchUserRole(user, "workspace", sourceId);
return SessionUtils.getUser(); return SessionUtils.getUser();
@ -150,7 +154,6 @@ public class UserController {
@RequiresRoles(value = {RoleConstants.ORG_ADMIN,RoleConstants.TEST_MANAGER, @RequiresRoles(value = {RoleConstants.ORG_ADMIN,RoleConstants.TEST_MANAGER,
RoleConstants.TEST_USER,RoleConstants.TEST_VIEWER}, logical = Logical.OR) RoleConstants.TEST_USER,RoleConstants.TEST_VIEWER}, logical = Logical.OR)
public Pager<List<User>> getMemberList(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody QueryMemberRequest request) { public Pager<List<User>> getMemberList(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody QueryMemberRequest request) {
// todo 检查是否是该工作空间的所有者 或者是 该工作空间的父级组织的所有者
Page<Object> page = PageHelper.startPage(goPage, pageSize, true); Page<Object> page = PageHelper.startPage(goPage, pageSize, true);
return PageUtils.setPageInfo(page, userService.getMemberList(request)); return PageUtils.setPageInfo(page, userService.getMemberList(request));
} }
@ -162,7 +165,6 @@ public class UserController {
@RequiresRoles(value = {RoleConstants.ORG_ADMIN,RoleConstants.TEST_MANAGER, @RequiresRoles(value = {RoleConstants.ORG_ADMIN,RoleConstants.TEST_MANAGER,
RoleConstants.TEST_USER,RoleConstants.TEST_VIEWER}, logical = Logical.OR) RoleConstants.TEST_USER,RoleConstants.TEST_VIEWER}, logical = Logical.OR)
public List<User> getMemberList(@RequestBody QueryMemberRequest request) { public List<User> getMemberList(@RequestBody QueryMemberRequest request) {
// todo 检查是否是该工作空间的所有者 或者是 该工作空间的父级组织的所有者
return userService.getMemberList(request); return userService.getMemberList(request);
} }
@ -172,7 +174,8 @@ public class UserController {
@PostMapping("/ws/member/add") @PostMapping("/ws/member/add")
@RequiresRoles(value = {RoleConstants.TEST_MANAGER,RoleConstants.ORG_ADMIN}, logical = Logical.OR) @RequiresRoles(value = {RoleConstants.TEST_MANAGER,RoleConstants.ORG_ADMIN}, logical = Logical.OR)
public void addMember(@RequestBody AddMemberRequest request) { public void addMember(@RequestBody AddMemberRequest request) {
// todo check String wsId = request.getWorkspaceId();
workspaceService.checkWorkspaceOwner(wsId);
userService.addMember(request); userService.addMember(request);
} }
@ -182,7 +185,7 @@ public class UserController {
@GetMapping("/ws/member/delete/{workspaceId}/{userId}") @GetMapping("/ws/member/delete/{workspaceId}/{userId}")
@RequiresRoles(value = {RoleConstants.TEST_MANAGER,RoleConstants.ORG_ADMIN}, logical = Logical.OR) @RequiresRoles(value = {RoleConstants.TEST_MANAGER,RoleConstants.ORG_ADMIN}, logical = Logical.OR)
public void deleteMember(@PathVariable String workspaceId, @PathVariable String userId) { public void deleteMember(@PathVariable String workspaceId, @PathVariable String userId) {
// todo check workspaceService.checkWorkspaceOwner(workspaceId);
userService.deleteMember(workspaceId, userId); userService.deleteMember(workspaceId, userId);
} }
@ -190,9 +193,9 @@ public class UserController {
* 添加组织成员 * 添加组织成员
*/ */
@PostMapping("/org/member/add") @PostMapping("/org/member/add")
@RequiresRoles(value = {RoleConstants.ORG_ADMIN,RoleConstants.TEST_MANAGER}, logical = Logical.OR) @RequiresRoles(RoleConstants.ORG_ADMIN)
public void addOrganizationMember(@RequestBody AddOrgMemberRequest request) { public void addOrganizationMember(@RequestBody AddOrgMemberRequest request) {
// todo check organizationService.checkOrgOwner(request.getOrganizationId());
userService.addOrganizationMember(request); userService.addOrganizationMember(request);
} }
@ -200,9 +203,9 @@ public class UserController {
* 删除组织成员 * 删除组织成员
*/ */
@GetMapping("/org/member/delete/{organizationId}/{userId}") @GetMapping("/org/member/delete/{organizationId}/{userId}")
@RequiresRoles(value = {RoleConstants.ORG_ADMIN,RoleConstants.TEST_MANAGER}, logical = Logical.OR) @RequiresRoles(RoleConstants.ORG_ADMIN)
public void delOrganizationMember(@PathVariable String organizationId, @PathVariable String userId) { public void delOrganizationMember(@PathVariable String organizationId, @PathVariable String userId) {
// todo check organizationService.checkOrgOwner(organizationId);
userService.delOrganizationMember(organizationId, userId); userService.delOrganizationMember(organizationId, userId);
} }
@ -210,10 +213,8 @@ public class UserController {
* 查询组织成员列表 * 查询组织成员列表
*/ */
@PostMapping("/org/member/list/{goPage}/{pageSize}") @PostMapping("/org/member/list/{goPage}/{pageSize}")
@RequiresRoles(value = {RoleConstants.ORG_ADMIN,RoleConstants.TEST_MANAGER, @RequiresRoles(value = {RoleConstants.ORG_ADMIN,RoleConstants.TEST_MANAGER}, logical = Logical.OR)
RoleConstants.TEST_USER,RoleConstants.TEST_VIEWER}, logical = Logical.OR)
public Pager<List<User>> getOrgMemberList(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody QueryOrgMemberRequest request) { public Pager<List<User>> getOrgMemberList(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody QueryOrgMemberRequest request) {
// todo check
Page<Object> page = PageHelper.startPage(goPage, pageSize, true); Page<Object> page = PageHelper.startPage(goPage, pageSize, true);
return PageUtils.setPageInfo(page, userService.getOrgMemberList(request)); return PageUtils.setPageInfo(page, userService.getOrgMemberList(request));
} }
@ -222,10 +223,8 @@ public class UserController {
* 组织成员列表不分页 * 组织成员列表不分页
*/ */
@PostMapping("/org/member/list/all") @PostMapping("/org/member/list/all")
@RequiresRoles(value = {RoleConstants.ORG_ADMIN,RoleConstants.TEST_MANAGER, @RequiresRoles(value = {RoleConstants.ORG_ADMIN,RoleConstants.TEST_MANAGER}, logical = Logical.OR)
RoleConstants.TEST_USER,RoleConstants.TEST_VIEWER}, logical = Logical.OR)
public List<User> getOrgMemberList(@RequestBody QueryOrgMemberRequest request) { public List<User> getOrgMemberList(@RequestBody QueryOrgMemberRequest request) {
// todo check
return userService.getOrgMemberList(request); return userService.getOrgMemberList(request);
} }

View File

@ -26,6 +26,7 @@ public class UserRoleController {
} }
@GetMapping("/list/ws/{workspaceId}/{userId}") @GetMapping("/list/ws/{workspaceId}/{userId}")
@RequiresRoles(value = {RoleConstants.ADMIN,RoleConstants.ORG_ADMIN}, logical = Logical.OR)
public List<Role> getWorkspaceMemberRole(@PathVariable String workspaceId, @PathVariable String userId) { public List<Role> getWorkspaceMemberRole(@PathVariable String workspaceId, @PathVariable String userId) {
return userRoleService.getWorkspaceMemberRoles(workspaceId, userId); return userRoleService.getWorkspaceMemberRoles(workspaceId, userId);
} }

View File

@ -40,7 +40,7 @@ public class WorkspaceController {
@PostMapping("update") @PostMapping("update")
@RequiresRoles(RoleConstants.ORG_ADMIN) @RequiresRoles(RoleConstants.ORG_ADMIN)
public Workspace updateWorkspace(@RequestBody Workspace workspace) { public Workspace updateWorkspace(@RequestBody Workspace workspace) {
workspaceService.checkOwner(workspace.getId()); workspaceService.checkWorkspaceOwnerByOrgAdmin(workspace.getId());
return workspaceService.saveWorkspace(workspace); return workspaceService.saveWorkspace(workspace);
} }
@ -53,7 +53,7 @@ public class WorkspaceController {
@GetMapping("delete/{workspaceId}") @GetMapping("delete/{workspaceId}")
@RequiresRoles(RoleConstants.ORG_ADMIN) @RequiresRoles(RoleConstants.ORG_ADMIN)
public void deleteWorkspace(@PathVariable String workspaceId) { public void deleteWorkspace(@PathVariable String workspaceId) {
workspaceService.checkOwner(workspaceId); workspaceService.checkWorkspaceOwnerByOrgAdmin(workspaceId);
workspaceService.deleteWorkspace(workspaceId); workspaceService.deleteWorkspace(workspaceId);
} }

View File

@ -6,8 +6,13 @@ import io.metersphere.base.mapper.UserMapper;
import io.metersphere.base.mapper.UserRoleMapper; import io.metersphere.base.mapper.UserRoleMapper;
import io.metersphere.base.mapper.ext.ExtOrganizationMapper; import io.metersphere.base.mapper.ext.ExtOrganizationMapper;
import io.metersphere.base.mapper.ext.ExtUserRoleMapper; import io.metersphere.base.mapper.ext.ExtUserRoleMapper;
import io.metersphere.commons.constants.RoleConstants;
import io.metersphere.commons.exception.MSException;
import io.metersphere.dto.OrganizationMemberDTO; import io.metersphere.dto.OrganizationMemberDTO;
import io.metersphere.dto.UserRoleHelpDTO; import io.metersphere.dto.UserRoleHelpDTO;
import io.metersphere.i18n.Translator;
import io.metersphere.user.SessionUser;
import io.metersphere.user.SessionUtils;
import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.BeanUtils; import org.springframework.beans.BeanUtils;
import org.springframework.stereotype.Service; import org.springframework.stereotype.Service;
@ -109,4 +114,16 @@ public class OrganizationService {
public Integer checkSourceRole(String orgId, String userId, String roleId) { public Integer checkSourceRole(String orgId, String userId, String roleId) {
return extOrganizationMapper.checkSourceRole(orgId, userId, roleId); return extOrganizationMapper.checkSourceRole(orgId, userId, roleId);
} }
public void checkOrgOwner(String organizationId) {
SessionUser user = SessionUtils.getUser();
List<String> collect = user.getUserRoles().stream()
.filter(ur -> RoleConstants.ORG_ADMIN.equals(ur.getRoleId()))
.map(UserRole::getSourceId)
.collect(Collectors.toList());
if (!collect.contains(organizationId)) {
MSException.throwException(Translator.get("organization_does_not_belong_to_user"));
}
}
} }

View File

@ -91,15 +91,16 @@ public class WorkspaceService {
} }
/** /**
* ORG_ADMIN 需要检查是否有操作此工作空间的权限 * ORG_ADMIN需要检查是否有操作此工作空间的权限
*/ */
public void checkOwner(String workspaceId) { public void checkWorkspaceOwnerByOrgAdmin(String workspaceId) {
checkWorkspaceIsExist(workspaceId);
WorkspaceExample example = new WorkspaceExample();
SessionUser user = SessionUtils.getUser(); SessionUser user = SessionUtils.getUser();
List<String> orgIds = user.getUserRoles().stream() List<String> orgIds = user.getUserRoles().stream()
.filter(ur -> RoleConstants.ORG_ADMIN.equals(ur.getRoleId())) .filter(ur -> RoleConstants.ORG_ADMIN.equals(ur.getRoleId()))
.map(UserRole::getSourceId) .map(UserRole::getSourceId)
.collect(Collectors.toList()); .collect(Collectors.toList());
WorkspaceExample example = new WorkspaceExample();
example.createCriteria() example.createCriteria()
.andOrganizationIdIn(orgIds) .andOrganizationIdIn(orgIds)
.andIdEqualTo(workspaceId); .andIdEqualTo(workspaceId);
@ -108,6 +109,48 @@ public class WorkspaceService {
} }
} }
public void checkWorkspaceOwnerByTestManager(String workspaceId) {
checkWorkspaceIsExist(workspaceId);
SessionUser user = SessionUtils.getUser();
List<String> wsIds = user.getUserRoles().stream()
.filter(ur -> RoleConstants.TEST_MANAGER.equals(ur.getRoleId()))
.map(UserRole::getSourceId)
.collect(Collectors.toList());
boolean contains = wsIds.contains(workspaceId);
if (!contains) {
MSException.throwException(Translator.get("workspace_does_not_belong_to_user"));
}
}
public void checkWorkspaceOwner(String workspaceId) {
checkWorkspaceIsExist(workspaceId);
WorkspaceExample example = new WorkspaceExample();
SessionUser user = SessionUtils.getUser();
List<String> orgIds = user.getUserRoles().stream()
.filter(ur -> RoleConstants.ORG_ADMIN.equals(ur.getRoleId()))
.map(UserRole::getSourceId)
.collect(Collectors.toList());
example.createCriteria()
.andOrganizationIdIn(orgIds)
.andIdEqualTo(workspaceId);
List<String> wsIds = user.getUserRoles().stream()
.filter(ur -> RoleConstants.TEST_MANAGER.equals(ur.getRoleId()))
.map(UserRole::getSourceId)
.collect(Collectors.toList());
boolean contains = wsIds.contains(workspaceId);
if (workspaceMapper.countByExample(example) == 0 && !contains) {
MSException.throwException(Translator.get("workspace_does_not_belong_to_user"));
}
}
public void checkWorkspaceIsExist(String workspaceId) {
WorkspaceExample example = new WorkspaceExample();
example.createCriteria().andIdEqualTo(workspaceId);
if (workspaceMapper.countByExample(example) == 0) {
MSException.throwException("workspace_not_exist");
}
}
public List<Workspace> getWorkspaceListByUserId(String userId) { public List<Workspace> getWorkspaceListByUserId(String userId) {
List<UserRoleHelpDTO> userRoleHelpList = extUserRoleMapper.getUserRoleHelpList(userId); List<UserRoleHelpDTO> userRoleHelpList = extUserRoleMapper.getUserRoleHelpList(userId);
List<String> workspaceIds = new ArrayList<>(); List<String> workspaceIds = new ArrayList<>();

View File

@ -5,5 +5,6 @@
"project_name_already_exists": "The project name already exists", "project_name_already_exists": "The project name already exists",
"workspace_name_is_null": "Workspace name cannot be null", "workspace_name_is_null": "Workspace name cannot be null",
"workspace_name_already_exists": "The workspace name already exists", "workspace_name_already_exists": "The workspace name already exists",
"workspace_does_not_belong_to_user": "The current workspace does not belong to the current user" "workspace_does_not_belong_to_user": "The current workspace does not belong to the current user",
"organization_does_not_belong_to_user": "The current organization does not belong to the current user"
} }

View File

@ -5,5 +5,6 @@
"project_name_already_exists": "项目名称已存在", "project_name_already_exists": "项目名称已存在",
"workspace_name_is_null": "工作空间名不能为空", "workspace_name_is_null": "工作空间名不能为空",
"workspace_name_already_exists": "工作空间名已存在", "workspace_name_already_exists": "工作空间名已存在",
"workspace_does_not_belong_to_user": "当前工作空间不属于当前用户" "workspace_does_not_belong_to_user": "当前工作空间不属于当前用户",
"organization_does_not_belong_to_user": "当前组织不属于当前用户"
} }