diff --git a/framework/sdk-parent/sdk/src/main/java/io/metersphere/controller/BaseProjectController.java b/framework/sdk-parent/sdk/src/main/java/io/metersphere/controller/BaseProjectController.java index e52aa6877d..29ff4c99a8 100644 --- a/framework/sdk-parent/sdk/src/main/java/io/metersphere/controller/BaseProjectController.java +++ b/framework/sdk-parent/sdk/src/main/java/io/metersphere/controller/BaseProjectController.java @@ -46,6 +46,7 @@ public class BaseProjectController { @GetMapping("/get/{id}") @RequiresPermissions(value = {PermissionConstants.WORKSPACE_PROJECT_MANAGER_READ, PermissionConstants.PROJECT_MANAGER_READ}, logical = Logical.OR) public Project getProject(@PathVariable String id) { + baseProjectService.checkProjectOwner(id, SessionUtils.getUser().getUserGroups()); return baseProjectService.getProjectById(id); } diff --git a/framework/sdk-parent/sdk/src/main/java/io/metersphere/service/BaseProjectService.java b/framework/sdk-parent/sdk/src/main/java/io/metersphere/service/BaseProjectService.java index de55d54d7a..05dd1d8947 100644 --- a/framework/sdk-parent/sdk/src/main/java/io/metersphere/service/BaseProjectService.java +++ b/framework/sdk-parent/sdk/src/main/java/io/metersphere/service/BaseProjectService.java @@ -4,10 +4,7 @@ import io.metersphere.base.domain.*; import io.metersphere.base.mapper.ProjectMapper; import io.metersphere.base.mapper.UserGroupMapper; import io.metersphere.base.mapper.UserMapper; -import io.metersphere.base.mapper.ext.BaseProjectMapper; -import io.metersphere.base.mapper.ext.BaseProjectVersionMapper; -import io.metersphere.base.mapper.ext.BaseUserGroupMapper; -import io.metersphere.base.mapper.ext.BaseUserMapper; +import io.metersphere.base.mapper.ext.*; import io.metersphere.commons.constants.ProjectApplicationType; import io.metersphere.commons.exception.MSException; import io.metersphere.commons.utils.FileUtils; @@ -241,6 +238,20 @@ public class BaseProjectService { return project; } + public void checkProjectOwner(String projectId, List userGroups) { + boolean hasPermission = false; + for (UserGroup userGroup : userGroups) { + // 校验是否有当前项目的用户组 + if (StringUtils.equals(userGroup.getSourceId(), projectId)) { + hasPermission = true; + break; + } + } + if (!hasPermission) { + MSException.throwException(Translator.get("check_owner_case")); + } + } + public List getByCaseTemplateId(String templateId) { ProjectExample example = new ProjectExample(); example.createCriteria().andCaseTemplateIdEqualTo(templateId);