组织工作空间添加移除用户时做资源所属检查
This commit is contained in:
parent
6ff15af985
commit
475ea93a6d
|
@ -37,6 +37,7 @@ public class OrganizationController {
|
||||||
}
|
}
|
||||||
|
|
||||||
@GetMapping("/delete/{organizationId}")
|
@GetMapping("/delete/{organizationId}")
|
||||||
|
@RequiresRoles(RoleConstants.ADMIN)
|
||||||
public void deleteOrganization(@PathVariable(value = "organizationId") String organizationId) { organizationService.deleteOrganization(organizationId); }
|
public void deleteOrganization(@PathVariable(value = "organizationId") String organizationId) { organizationService.deleteOrganization(organizationId); }
|
||||||
|
|
||||||
@PostMapping("/update")
|
@PostMapping("/update")
|
||||||
|
|
|
@ -12,7 +12,9 @@ import io.metersphere.controller.request.member.QueryMemberRequest;
|
||||||
import io.metersphere.controller.request.organization.AddOrgMemberRequest;
|
import io.metersphere.controller.request.organization.AddOrgMemberRequest;
|
||||||
import io.metersphere.controller.request.organization.QueryOrgMemberRequest;
|
import io.metersphere.controller.request.organization.QueryOrgMemberRequest;
|
||||||
import io.metersphere.dto.UserDTO;
|
import io.metersphere.dto.UserDTO;
|
||||||
|
import io.metersphere.service.OrganizationService;
|
||||||
import io.metersphere.service.UserService;
|
import io.metersphere.service.UserService;
|
||||||
|
import io.metersphere.service.WorkspaceService;
|
||||||
import io.metersphere.user.SessionUser;
|
import io.metersphere.user.SessionUser;
|
||||||
import io.metersphere.user.SessionUtils;
|
import io.metersphere.user.SessionUtils;
|
||||||
import org.apache.shiro.authz.annotation.Logical;
|
import org.apache.shiro.authz.annotation.Logical;
|
||||||
|
@ -28,6 +30,10 @@ public class UserController {
|
||||||
|
|
||||||
@Resource
|
@Resource
|
||||||
private UserService userService;
|
private UserService userService;
|
||||||
|
@Resource
|
||||||
|
private OrganizationService organizationService;
|
||||||
|
@Resource
|
||||||
|
private WorkspaceService workspaceService;
|
||||||
|
|
||||||
// admin api
|
// admin api
|
||||||
@PostMapping("/special/add")
|
@PostMapping("/special/add")
|
||||||
|
@ -123,7 +129,6 @@ public class UserController {
|
||||||
@PostMapping("/switch/source/org/{sourceId}")
|
@PostMapping("/switch/source/org/{sourceId}")
|
||||||
@RequiresRoles(RoleConstants.ORG_ADMIN)
|
@RequiresRoles(RoleConstants.ORG_ADMIN)
|
||||||
public UserDTO switchOrganization(@PathVariable(value = "sourceId") String sourceId) {
|
public UserDTO switchOrganization(@PathVariable(value = "sourceId") String sourceId) {
|
||||||
// todo checkOrganizationOwner()
|
|
||||||
UserDTO user = SessionUtils.getUser();
|
UserDTO user = SessionUtils.getUser();
|
||||||
userService.switchUserRole(user,"organization",sourceId);
|
userService.switchUserRole(user,"organization",sourceId);
|
||||||
return SessionUtils.getUser();
|
return SessionUtils.getUser();
|
||||||
|
@ -132,7 +137,6 @@ public class UserController {
|
||||||
@PostMapping("/switch/source/ws/{sourceId}")
|
@PostMapping("/switch/source/ws/{sourceId}")
|
||||||
@RequiresRoles(value = {RoleConstants.TEST_MANAGER,RoleConstants.TEST_VIEWER,RoleConstants.TEST_USER}, logical = Logical.OR)
|
@RequiresRoles(value = {RoleConstants.TEST_MANAGER,RoleConstants.TEST_VIEWER,RoleConstants.TEST_USER}, logical = Logical.OR)
|
||||||
public UserDTO switchWorkspace(@PathVariable(value = "sourceId") String sourceId) {
|
public UserDTO switchWorkspace(@PathVariable(value = "sourceId") String sourceId) {
|
||||||
// todo checkWorkspaceOwner()
|
|
||||||
UserDTO user = SessionUtils.getUser();
|
UserDTO user = SessionUtils.getUser();
|
||||||
userService.switchUserRole(user, "workspace", sourceId);
|
userService.switchUserRole(user, "workspace", sourceId);
|
||||||
return SessionUtils.getUser();
|
return SessionUtils.getUser();
|
||||||
|
@ -150,7 +154,6 @@ public class UserController {
|
||||||
@RequiresRoles(value = {RoleConstants.ORG_ADMIN,RoleConstants.TEST_MANAGER,
|
@RequiresRoles(value = {RoleConstants.ORG_ADMIN,RoleConstants.TEST_MANAGER,
|
||||||
RoleConstants.TEST_USER,RoleConstants.TEST_VIEWER}, logical = Logical.OR)
|
RoleConstants.TEST_USER,RoleConstants.TEST_VIEWER}, logical = Logical.OR)
|
||||||
public Pager<List<User>> getMemberList(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody QueryMemberRequest request) {
|
public Pager<List<User>> getMemberList(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody QueryMemberRequest request) {
|
||||||
// todo 检查是否是该工作空间的所有者 或者是 该工作空间的父级组织的所有者
|
|
||||||
Page<Object> page = PageHelper.startPage(goPage, pageSize, true);
|
Page<Object> page = PageHelper.startPage(goPage, pageSize, true);
|
||||||
return PageUtils.setPageInfo(page, userService.getMemberList(request));
|
return PageUtils.setPageInfo(page, userService.getMemberList(request));
|
||||||
}
|
}
|
||||||
|
@ -162,7 +165,6 @@ public class UserController {
|
||||||
@RequiresRoles(value = {RoleConstants.ORG_ADMIN,RoleConstants.TEST_MANAGER,
|
@RequiresRoles(value = {RoleConstants.ORG_ADMIN,RoleConstants.TEST_MANAGER,
|
||||||
RoleConstants.TEST_USER,RoleConstants.TEST_VIEWER}, logical = Logical.OR)
|
RoleConstants.TEST_USER,RoleConstants.TEST_VIEWER}, logical = Logical.OR)
|
||||||
public List<User> getMemberList(@RequestBody QueryMemberRequest request) {
|
public List<User> getMemberList(@RequestBody QueryMemberRequest request) {
|
||||||
// todo 检查是否是该工作空间的所有者 或者是 该工作空间的父级组织的所有者
|
|
||||||
return userService.getMemberList(request);
|
return userService.getMemberList(request);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -172,7 +174,8 @@ public class UserController {
|
||||||
@PostMapping("/ws/member/add")
|
@PostMapping("/ws/member/add")
|
||||||
@RequiresRoles(value = {RoleConstants.TEST_MANAGER,RoleConstants.ORG_ADMIN}, logical = Logical.OR)
|
@RequiresRoles(value = {RoleConstants.TEST_MANAGER,RoleConstants.ORG_ADMIN}, logical = Logical.OR)
|
||||||
public void addMember(@RequestBody AddMemberRequest request) {
|
public void addMember(@RequestBody AddMemberRequest request) {
|
||||||
// todo check
|
String wsId = request.getWorkspaceId();
|
||||||
|
workspaceService.checkWorkspaceOwner(wsId);
|
||||||
userService.addMember(request);
|
userService.addMember(request);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -182,7 +185,7 @@ public class UserController {
|
||||||
@GetMapping("/ws/member/delete/{workspaceId}/{userId}")
|
@GetMapping("/ws/member/delete/{workspaceId}/{userId}")
|
||||||
@RequiresRoles(value = {RoleConstants.TEST_MANAGER,RoleConstants.ORG_ADMIN}, logical = Logical.OR)
|
@RequiresRoles(value = {RoleConstants.TEST_MANAGER,RoleConstants.ORG_ADMIN}, logical = Logical.OR)
|
||||||
public void deleteMember(@PathVariable String workspaceId, @PathVariable String userId) {
|
public void deleteMember(@PathVariable String workspaceId, @PathVariable String userId) {
|
||||||
// todo check
|
workspaceService.checkWorkspaceOwner(workspaceId);
|
||||||
userService.deleteMember(workspaceId, userId);
|
userService.deleteMember(workspaceId, userId);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -190,9 +193,9 @@ public class UserController {
|
||||||
* 添加组织成员
|
* 添加组织成员
|
||||||
*/
|
*/
|
||||||
@PostMapping("/org/member/add")
|
@PostMapping("/org/member/add")
|
||||||
@RequiresRoles(value = {RoleConstants.ORG_ADMIN,RoleConstants.TEST_MANAGER}, logical = Logical.OR)
|
@RequiresRoles(RoleConstants.ORG_ADMIN)
|
||||||
public void addOrganizationMember(@RequestBody AddOrgMemberRequest request) {
|
public void addOrganizationMember(@RequestBody AddOrgMemberRequest request) {
|
||||||
// todo check
|
organizationService.checkOrgOwner(request.getOrganizationId());
|
||||||
userService.addOrganizationMember(request);
|
userService.addOrganizationMember(request);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -200,9 +203,9 @@ public class UserController {
|
||||||
* 删除组织成员
|
* 删除组织成员
|
||||||
*/
|
*/
|
||||||
@GetMapping("/org/member/delete/{organizationId}/{userId}")
|
@GetMapping("/org/member/delete/{organizationId}/{userId}")
|
||||||
@RequiresRoles(value = {RoleConstants.ORG_ADMIN,RoleConstants.TEST_MANAGER}, logical = Logical.OR)
|
@RequiresRoles(RoleConstants.ORG_ADMIN)
|
||||||
public void delOrganizationMember(@PathVariable String organizationId, @PathVariable String userId) {
|
public void delOrganizationMember(@PathVariable String organizationId, @PathVariable String userId) {
|
||||||
// todo check
|
organizationService.checkOrgOwner(organizationId);
|
||||||
userService.delOrganizationMember(organizationId, userId);
|
userService.delOrganizationMember(organizationId, userId);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -210,10 +213,8 @@ public class UserController {
|
||||||
* 查询组织成员列表
|
* 查询组织成员列表
|
||||||
*/
|
*/
|
||||||
@PostMapping("/org/member/list/{goPage}/{pageSize}")
|
@PostMapping("/org/member/list/{goPage}/{pageSize}")
|
||||||
@RequiresRoles(value = {RoleConstants.ORG_ADMIN,RoleConstants.TEST_MANAGER,
|
@RequiresRoles(value = {RoleConstants.ORG_ADMIN,RoleConstants.TEST_MANAGER}, logical = Logical.OR)
|
||||||
RoleConstants.TEST_USER,RoleConstants.TEST_VIEWER}, logical = Logical.OR)
|
|
||||||
public Pager<List<User>> getOrgMemberList(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody QueryOrgMemberRequest request) {
|
public Pager<List<User>> getOrgMemberList(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody QueryOrgMemberRequest request) {
|
||||||
// todo check
|
|
||||||
Page<Object> page = PageHelper.startPage(goPage, pageSize, true);
|
Page<Object> page = PageHelper.startPage(goPage, pageSize, true);
|
||||||
return PageUtils.setPageInfo(page, userService.getOrgMemberList(request));
|
return PageUtils.setPageInfo(page, userService.getOrgMemberList(request));
|
||||||
}
|
}
|
||||||
|
@ -222,10 +223,8 @@ public class UserController {
|
||||||
* 组织成员列表不分页
|
* 组织成员列表不分页
|
||||||
*/
|
*/
|
||||||
@PostMapping("/org/member/list/all")
|
@PostMapping("/org/member/list/all")
|
||||||
@RequiresRoles(value = {RoleConstants.ORG_ADMIN,RoleConstants.TEST_MANAGER,
|
@RequiresRoles(value = {RoleConstants.ORG_ADMIN,RoleConstants.TEST_MANAGER}, logical = Logical.OR)
|
||||||
RoleConstants.TEST_USER,RoleConstants.TEST_VIEWER}, logical = Logical.OR)
|
|
||||||
public List<User> getOrgMemberList(@RequestBody QueryOrgMemberRequest request) {
|
public List<User> getOrgMemberList(@RequestBody QueryOrgMemberRequest request) {
|
||||||
// todo check
|
|
||||||
return userService.getOrgMemberList(request);
|
return userService.getOrgMemberList(request);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -26,6 +26,7 @@ public class UserRoleController {
|
||||||
}
|
}
|
||||||
|
|
||||||
@GetMapping("/list/ws/{workspaceId}/{userId}")
|
@GetMapping("/list/ws/{workspaceId}/{userId}")
|
||||||
|
@RequiresRoles(value = {RoleConstants.ADMIN,RoleConstants.ORG_ADMIN}, logical = Logical.OR)
|
||||||
public List<Role> getWorkspaceMemberRole(@PathVariable String workspaceId, @PathVariable String userId) {
|
public List<Role> getWorkspaceMemberRole(@PathVariable String workspaceId, @PathVariable String userId) {
|
||||||
return userRoleService.getWorkspaceMemberRoles(workspaceId, userId);
|
return userRoleService.getWorkspaceMemberRoles(workspaceId, userId);
|
||||||
}
|
}
|
||||||
|
|
|
@ -40,7 +40,7 @@ public class WorkspaceController {
|
||||||
@PostMapping("update")
|
@PostMapping("update")
|
||||||
@RequiresRoles(RoleConstants.ORG_ADMIN)
|
@RequiresRoles(RoleConstants.ORG_ADMIN)
|
||||||
public Workspace updateWorkspace(@RequestBody Workspace workspace) {
|
public Workspace updateWorkspace(@RequestBody Workspace workspace) {
|
||||||
workspaceService.checkOwner(workspace.getId());
|
workspaceService.checkWorkspaceOwnerByOrgAdmin(workspace.getId());
|
||||||
return workspaceService.saveWorkspace(workspace);
|
return workspaceService.saveWorkspace(workspace);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -53,7 +53,7 @@ public class WorkspaceController {
|
||||||
@GetMapping("delete/{workspaceId}")
|
@GetMapping("delete/{workspaceId}")
|
||||||
@RequiresRoles(RoleConstants.ORG_ADMIN)
|
@RequiresRoles(RoleConstants.ORG_ADMIN)
|
||||||
public void deleteWorkspace(@PathVariable String workspaceId) {
|
public void deleteWorkspace(@PathVariable String workspaceId) {
|
||||||
workspaceService.checkOwner(workspaceId);
|
workspaceService.checkWorkspaceOwnerByOrgAdmin(workspaceId);
|
||||||
workspaceService.deleteWorkspace(workspaceId);
|
workspaceService.deleteWorkspace(workspaceId);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -6,8 +6,13 @@ import io.metersphere.base.mapper.UserMapper;
|
||||||
import io.metersphere.base.mapper.UserRoleMapper;
|
import io.metersphere.base.mapper.UserRoleMapper;
|
||||||
import io.metersphere.base.mapper.ext.ExtOrganizationMapper;
|
import io.metersphere.base.mapper.ext.ExtOrganizationMapper;
|
||||||
import io.metersphere.base.mapper.ext.ExtUserRoleMapper;
|
import io.metersphere.base.mapper.ext.ExtUserRoleMapper;
|
||||||
|
import io.metersphere.commons.constants.RoleConstants;
|
||||||
|
import io.metersphere.commons.exception.MSException;
|
||||||
import io.metersphere.dto.OrganizationMemberDTO;
|
import io.metersphere.dto.OrganizationMemberDTO;
|
||||||
import io.metersphere.dto.UserRoleHelpDTO;
|
import io.metersphere.dto.UserRoleHelpDTO;
|
||||||
|
import io.metersphere.i18n.Translator;
|
||||||
|
import io.metersphere.user.SessionUser;
|
||||||
|
import io.metersphere.user.SessionUtils;
|
||||||
import org.apache.commons.lang3.StringUtils;
|
import org.apache.commons.lang3.StringUtils;
|
||||||
import org.springframework.beans.BeanUtils;
|
import org.springframework.beans.BeanUtils;
|
||||||
import org.springframework.stereotype.Service;
|
import org.springframework.stereotype.Service;
|
||||||
|
@ -109,4 +114,16 @@ public class OrganizationService {
|
||||||
public Integer checkSourceRole(String orgId, String userId, String roleId) {
|
public Integer checkSourceRole(String orgId, String userId, String roleId) {
|
||||||
return extOrganizationMapper.checkSourceRole(orgId, userId, roleId);
|
return extOrganizationMapper.checkSourceRole(orgId, userId, roleId);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public void checkOrgOwner(String organizationId) {
|
||||||
|
SessionUser user = SessionUtils.getUser();
|
||||||
|
List<String> collect = user.getUserRoles().stream()
|
||||||
|
.filter(ur -> RoleConstants.ORG_ADMIN.equals(ur.getRoleId()))
|
||||||
|
.map(UserRole::getSourceId)
|
||||||
|
.collect(Collectors.toList());
|
||||||
|
if (!collect.contains(organizationId)) {
|
||||||
|
MSException.throwException(Translator.get("organization_does_not_belong_to_user"));
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -91,15 +91,16 @@ public class WorkspaceService {
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* ORG_ADMIN 需要检查是否有操作此工作空间的权限
|
* ORG_ADMIN需要检查是否有操作此工作空间的权限
|
||||||
*/
|
*/
|
||||||
public void checkOwner(String workspaceId) {
|
public void checkWorkspaceOwnerByOrgAdmin(String workspaceId) {
|
||||||
|
checkWorkspaceIsExist(workspaceId);
|
||||||
|
WorkspaceExample example = new WorkspaceExample();
|
||||||
SessionUser user = SessionUtils.getUser();
|
SessionUser user = SessionUtils.getUser();
|
||||||
List<String> orgIds = user.getUserRoles().stream()
|
List<String> orgIds = user.getUserRoles().stream()
|
||||||
.filter(ur -> RoleConstants.ORG_ADMIN.equals(ur.getRoleId()))
|
.filter(ur -> RoleConstants.ORG_ADMIN.equals(ur.getRoleId()))
|
||||||
.map(UserRole::getSourceId)
|
.map(UserRole::getSourceId)
|
||||||
.collect(Collectors.toList());
|
.collect(Collectors.toList());
|
||||||
WorkspaceExample example = new WorkspaceExample();
|
|
||||||
example.createCriteria()
|
example.createCriteria()
|
||||||
.andOrganizationIdIn(orgIds)
|
.andOrganizationIdIn(orgIds)
|
||||||
.andIdEqualTo(workspaceId);
|
.andIdEqualTo(workspaceId);
|
||||||
|
@ -108,6 +109,48 @@ public class WorkspaceService {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public void checkWorkspaceOwnerByTestManager(String workspaceId) {
|
||||||
|
checkWorkspaceIsExist(workspaceId);
|
||||||
|
SessionUser user = SessionUtils.getUser();
|
||||||
|
List<String> wsIds = user.getUserRoles().stream()
|
||||||
|
.filter(ur -> RoleConstants.TEST_MANAGER.equals(ur.getRoleId()))
|
||||||
|
.map(UserRole::getSourceId)
|
||||||
|
.collect(Collectors.toList());
|
||||||
|
boolean contains = wsIds.contains(workspaceId);
|
||||||
|
if (!contains) {
|
||||||
|
MSException.throwException(Translator.get("workspace_does_not_belong_to_user"));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
public void checkWorkspaceOwner(String workspaceId) {
|
||||||
|
checkWorkspaceIsExist(workspaceId);
|
||||||
|
WorkspaceExample example = new WorkspaceExample();
|
||||||
|
SessionUser user = SessionUtils.getUser();
|
||||||
|
List<String> orgIds = user.getUserRoles().stream()
|
||||||
|
.filter(ur -> RoleConstants.ORG_ADMIN.equals(ur.getRoleId()))
|
||||||
|
.map(UserRole::getSourceId)
|
||||||
|
.collect(Collectors.toList());
|
||||||
|
example.createCriteria()
|
||||||
|
.andOrganizationIdIn(orgIds)
|
||||||
|
.andIdEqualTo(workspaceId);
|
||||||
|
List<String> wsIds = user.getUserRoles().stream()
|
||||||
|
.filter(ur -> RoleConstants.TEST_MANAGER.equals(ur.getRoleId()))
|
||||||
|
.map(UserRole::getSourceId)
|
||||||
|
.collect(Collectors.toList());
|
||||||
|
boolean contains = wsIds.contains(workspaceId);
|
||||||
|
if (workspaceMapper.countByExample(example) == 0 && !contains) {
|
||||||
|
MSException.throwException(Translator.get("workspace_does_not_belong_to_user"));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
public void checkWorkspaceIsExist(String workspaceId) {
|
||||||
|
WorkspaceExample example = new WorkspaceExample();
|
||||||
|
example.createCriteria().andIdEqualTo(workspaceId);
|
||||||
|
if (workspaceMapper.countByExample(example) == 0) {
|
||||||
|
MSException.throwException("workspace_not_exist");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
public List<Workspace> getWorkspaceListByUserId(String userId) {
|
public List<Workspace> getWorkspaceListByUserId(String userId) {
|
||||||
List<UserRoleHelpDTO> userRoleHelpList = extUserRoleMapper.getUserRoleHelpList(userId);
|
List<UserRoleHelpDTO> userRoleHelpList = extUserRoleMapper.getUserRoleHelpList(userId);
|
||||||
List<String> workspaceIds = new ArrayList<>();
|
List<String> workspaceIds = new ArrayList<>();
|
||||||
|
|
|
@ -5,5 +5,6 @@
|
||||||
"project_name_already_exists": "The project name already exists",
|
"project_name_already_exists": "The project name already exists",
|
||||||
"workspace_name_is_null": "Workspace name cannot be null",
|
"workspace_name_is_null": "Workspace name cannot be null",
|
||||||
"workspace_name_already_exists": "The workspace name already exists",
|
"workspace_name_already_exists": "The workspace name already exists",
|
||||||
"workspace_does_not_belong_to_user": "The current workspace does not belong to the current user"
|
"workspace_does_not_belong_to_user": "The current workspace does not belong to the current user",
|
||||||
|
"organization_does_not_belong_to_user": "The current organization does not belong to the current user"
|
||||||
}
|
}
|
|
@ -5,5 +5,6 @@
|
||||||
"project_name_already_exists": "项目名称已存在",
|
"project_name_already_exists": "项目名称已存在",
|
||||||
"workspace_name_is_null": "工作空间名不能为空",
|
"workspace_name_is_null": "工作空间名不能为空",
|
||||||
"workspace_name_already_exists": "工作空间名已存在",
|
"workspace_name_already_exists": "工作空间名已存在",
|
||||||
"workspace_does_not_belong_to_user": "当前工作空间不属于当前用户"
|
"workspace_does_not_belong_to_user": "当前工作空间不属于当前用户",
|
||||||
|
"organization_does_not_belong_to_user": "当前组织不属于当前用户"
|
||||||
}
|
}
|
Loading…
Reference in New Issue