From 6337d932ce85f03ac28aca65e31108b49226db45 Mon Sep 17 00:00:00 2001
From: CaptainB <bin@fit2cloud.com>
Date: Mon, 8 May 2023 19:02:23 +0800
Subject: [PATCH] =?UTF-8?q?fix:=20=E4=BF=AE=E5=A4=8D=E5=B7=A5=E4=BD=9C?=
 =?UTF-8?q?=E7=A9=BA=E9=97=B4=E6=9D=83=E9=99=90=E7=9B=B8=E5=85=B3=E9=97=AE?=
 =?UTF-8?q?=E9=A2=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../controller/ServiceIntegrationController.java            | 6 ++++++
 .../main/java/io/metersphere/controller/UserController.java | 2 ++
 2 files changed, 8 insertions(+)

diff --git a/framework/sdk-parent/sdk/src/main/java/io/metersphere/controller/ServiceIntegrationController.java b/framework/sdk-parent/sdk/src/main/java/io/metersphere/controller/ServiceIntegrationController.java
index 34067bae34..29c0628e3e 100644
--- a/framework/sdk-parent/sdk/src/main/java/io/metersphere/controller/ServiceIntegrationController.java
+++ b/framework/sdk-parent/sdk/src/main/java/io/metersphere/controller/ServiceIntegrationController.java
@@ -3,10 +3,12 @@ package io.metersphere.controller;
 import io.metersphere.base.domain.ServiceIntegration;
 import io.metersphere.commons.constants.OperLogConstants;
 import io.metersphere.commons.constants.OperLogModule;
+import io.metersphere.commons.constants.PermissionConstants;
 import io.metersphere.commons.utils.SessionUtils;
 import io.metersphere.log.annotation.MsAuditLog;
 import io.metersphere.request.IntegrationRequest;
 import io.metersphere.service.BaseIntegrationService;
+import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.springframework.web.bind.annotation.*;
 
 import jakarta.annotation.Resource;
@@ -21,22 +23,26 @@ public class ServiceIntegrationController {
 
     @PostMapping("/save")
     @MsAuditLog(module = OperLogModule.WORKSPACE_SERVICE_INTEGRATION, type = OperLogConstants.UPDATE, beforeEvent = "#msClass.getLogDetails(#service.workspaceId, #service.platform)",  content = "#msClass.getLogDetails(#service.workspaceId, #service.platform)", msClass = BaseIntegrationService.class)
+    @RequiresPermissions(PermissionConstants.WORKSPACE_SERVICE_READ_EDIT)
     public ServiceIntegration save(@RequestBody ServiceIntegration service) {
         return baseIntegrationService.save(service);
     }
 
     @PostMapping("/type")
+    @RequiresPermissions(PermissionConstants.WORKSPACE_SERVICE_READ)
     public ServiceIntegration getByPlatform(@RequestBody IntegrationRequest request) {
         return baseIntegrationService.get(request);
     }
 
     @PostMapping("/delete")
     @MsAuditLog(module = OperLogModule.WORKSPACE_SERVICE_INTEGRATION, title = "#request.platform", type = OperLogConstants.DELETE, msClass = BaseIntegrationService.class)
+    @RequiresPermissions(PermissionConstants.WORKSPACE_SERVICE_READ_EDIT)
     public void delete(@RequestBody IntegrationRequest request) {
         baseIntegrationService.delete(request);
     }
 
     @GetMapping("/all")
+    @RequiresPermissions(PermissionConstants.WORKSPACE_SERVICE_READ)
     public List<ServiceIntegration> getAll() {
         return baseIntegrationService.getAll(SessionUtils.getCurrentWorkspaceId());
     }
diff --git a/system-setting/backend/src/main/java/io/metersphere/controller/UserController.java b/system-setting/backend/src/main/java/io/metersphere/controller/UserController.java
index 815d7b0c90..a6d90ad44c 100644
--- a/system-setting/backend/src/main/java/io/metersphere/controller/UserController.java
+++ b/system-setting/backend/src/main/java/io/metersphere/controller/UserController.java
@@ -174,6 +174,7 @@ public class UserController {
      */
     @GetMapping("/ws/member/delete/{workspaceId}/{userId}")
     @MsAuditLog(module = OperLogModule.WORKSPACE_MEMBER, type = OperLogConstants.DELETE, title = "删除工作空间成员")
+    @RequiresPermissions(PermissionConstants.WORKSPACE_USER_READ_DELETE)
     public void deleteMember(@PathVariable String workspaceId, @PathVariable String userId) {
 //        workspaceService.checkWorkspaceOwner(workspaceId);
         String currentUserId = SessionUtils.getUser().getId();
@@ -185,6 +186,7 @@ public class UserController {
 
     @GetMapping("/project/member/delete/{projectId}/{userId}")
 //    @MsAuditLog(module = "workspace_member", type = OperLogConstants.DELETE, title = "删除工作空间成员")
+    @RequiresPermissions(value={PermissionConstants.PROJECT_USER_READ_DELETE}, logical = Logical.OR)
     public void deleteProjectMember(@PathVariable String projectId, @PathVariable String userId) {
         String currentUserId = SessionUtils.getUser().getId();
         if (StringUtils.equals(userId, currentUserId)) {