refactor(项目管理): 增加当前用户是否有当前项目权限的接口

2024-02-04 14:51:28 +08:00 · 2024-02-04 14:51:28 +08:00 · 830f4e4725
parent de74dac4b8
commit 830f4e4725
3 changed files with 88 additions and 5 deletions
--- a/backend/services/project-management/src/main/java/io/metersphere/project/controller/ProjectController.java
+++ b/backend/services/project-management/src/main/java/io/metersphere/project/controller/ProjectController.java
@ -5,10 +5,10 @@ import io.metersphere.project.request.ProjectSwitchRequest;
 import io.metersphere.project.service.ProjectLogService;
 import io.metersphere.project.service.ProjectService;
 import io.metersphere.sdk.constants.PermissionConstants;
-import io.metersphere.system.dto.sdk.OptionDTO;
-import io.metersphere.system.dto.user.UserDTO;
 import io.metersphere.system.dto.ProjectDTO;
 import io.metersphere.system.dto.UpdateProjectRequest;
+import io.metersphere.system.dto.sdk.OptionDTO;
+import io.metersphere.system.dto.user.UserDTO;
 import io.metersphere.system.log.annotation.Log;
 import io.metersphere.system.log.constants.OperationLogType;
 import io.metersphere.system.security.CheckOwner;
@ -64,8 +64,15 @@ public class ProjectController {
    @GetMapping("/pool-options/{type}/{projectId}")
    @Operation(summary = "项目管理-获取项目下的资源池")
    @RequiresPermissions(PermissionConstants.PROJECT_BASE_INFO_READ)
-    public List<OptionDTO> getPoolOptions(@PathVariable String type , @PathVariable String projectId) {
+    public List<OptionDTO> getPoolOptions(@PathVariable String type, @PathVariable String projectId) {
        return projectService.getPoolOptions(projectId, type);
    }

+    @GetMapping("/has-permission/{id}")
+    @Operation(summary = "项目管理-获取当前用户是否有当前项目的权限")
+    @CheckOwner(resourceId = "#id", resourceType = "project")
+    public boolean hasPermission(@PathVariable String id) {
+        return projectService.hasPermission(id, SessionUtils.getUserId());
+    }
+
 }
--- a/backend/services/project-management/src/main/java/io/metersphere/project/service/ProjectService.java
+++ b/backend/services/project-management/src/main/java/io/metersphere/project/service/ProjectService.java
@ -76,7 +76,7 @@ public class ProjectService {
        userRoleRelationExample.createCriteria().andUserIdEqualTo(userId).andRoleIdEqualTo(InternalUserRole.ADMIN.name());
        if (userRoleRelationMapper.countByExample(userRoleRelationExample) > 0) {
            ProjectExample example = new ProjectExample();
-            example.createCriteria().andOrganizationIdEqualTo(organizationId).andEnableEqualTo(true);
+            example.createCriteria().andOrganizationIdEqualTo(organizationId);
            return projectMapper.selectByExample(example);
        }
        return extProjectMapper.getUserProject(organizationId, userId);
@ -198,4 +198,25 @@ public class ProjectService {
        Long pos = getLastPosFunc.apply(projectId);
        return (pos == null ? 0 : pos) + ORDER_STEP;
    }
+
+    public boolean hasPermission(String id, String userId) {
+        boolean hasPermission = true;
+        //判断用户是否是系统管理员
+        UserRoleRelationExample userRoleRelationExample = new UserRoleRelationExample();
+        userRoleRelationExample.createCriteria().andUserIdEqualTo(userId).andRoleIdEqualTo(InternalUserRole.ADMIN.name());
+        if (userRoleRelationMapper.countByExample(userRoleRelationExample) > 0) {
+            return hasPermission;
+        }
+        ProjectExample example = new ProjectExample();
+        example.createCriteria().andIdEqualTo(id).andEnableEqualTo(true);
+        if (CollectionUtils.isEmpty(projectMapper.selectByExample(example))) {
+            return false;
+        }
+        userRoleRelationExample = new UserRoleRelationExample();
+        userRoleRelationExample.createCriteria().andUserIdEqualTo(userId).andSourceIdEqualTo(id);
+        if (CollectionUtils.isEmpty(userRoleRelationMapper.selectByExample(userRoleRelationExample))) {
+            return false;
+        }
+        return hasPermission;
+    }
 }
--- a/backend/services/project-management/src/test/java/io/metersphere/project/controller/ProjectControllerTests.java
+++ b/backend/services/project-management/src/test/java/io/metersphere/project/controller/ProjectControllerTests.java
@ -13,11 +13,14 @@ import io.metersphere.sdk.constants.SessionConstants;
 import io.metersphere.sdk.util.JSON;
 import io.metersphere.system.base.BaseTest;
 import io.metersphere.system.controller.handler.ResultHolder;
+import io.metersphere.system.domain.UserRoleRelation;
 import io.metersphere.system.dto.ProjectDTO;
 import io.metersphere.system.dto.UpdateProjectRequest;
 import io.metersphere.system.dto.user.UserDTO;
 import io.metersphere.system.invoker.ProjectServiceInvoker;
 import io.metersphere.system.log.constants.OperationLogType;
+import io.metersphere.system.mapper.UserRoleRelationMapper;
+import io.metersphere.system.uid.IDGenerator;
 import jakarta.annotation.Resource;
 import org.apache.commons.collections.CollectionUtils;
 import org.apache.commons.lang3.StringUtils;
@ -41,7 +44,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;


-@SpringBootTest(webEnvironment= SpringBootTest.WebEnvironment.RANDOM_PORT)
+@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
@AutoConfigureMockMvc
@TestMethodOrder(MethodOrderer.OrderAnnotation.class)
 public class ProjectControllerTests extends BaseTest {
@ -62,6 +65,8 @@ public class ProjectControllerTests extends BaseTest {

    @Resource
    private ProjectService projectService;
+    @Resource
+    private UserRoleRelationMapper userRoleRelationMapper;

    @Autowired
    public ProjectControllerTests(ProjectServiceInvoker serviceInvoker) {
@ -381,4 +386,54 @@ public class ProjectControllerTests extends BaseTest {
        Assertions.assertNotNull(latestVersion);
        Assertions.assertTrue(latestVersion.getLatest());
    }
+
+    @Test
+    @Order(11)
+    public void testHasPermission() throws Exception {
+        //当前用户是系统管理员
+        responseGet(prefix + "/has-permission/" + DEFAULT_PROJECT_ID, status().isOk());
+
+        MvcResult mvcResult = mockMvc.perform(MockMvcRequestBuilders.post("/login")
+                        .content(String.format("{\"username\":\"%s\",\"password\":\"%s\"}", "delete", "deleted@metersphere.io"))
+                        .contentType(MediaType.APPLICATION_JSON))
+                .andExpect(status().isOk())
+                .andExpect(content().contentType(MediaType.APPLICATION_JSON))
+                .andReturn();
+        String sessionId = JsonPath.read(mvcResult.getResponse().getContentAsString(), "$.data.sessionId");
+        String csrfToken = JsonPath.read(mvcResult.getResponse().getContentAsString(), "$.data.csrfToken");
+
+        mockMvc.perform(MockMvcRequestBuilders.get(prefix + "/has-permission/" + "projectId")
+                        .header(SessionConstants.HEADER_TOKEN, sessionId)
+                        .header(SessionConstants.CSRF_TOKEN, csrfToken)
+                        .contentType(MediaType.APPLICATION_JSON))
+                .andExpect(status().isOk())
+                .andExpect(content().contentType(MediaType.APPLICATION_JSON)).andReturn();
+        UserRoleRelation userRoleRelation = new UserRoleRelation();
+        userRoleRelation.setUserId("delete");
+        userRoleRelation.setOrganizationId(DEFAULT_ORGANIZATION_ID);
+        userRoleRelation.setSourceId("projectId");
+        userRoleRelation.setRoleId("1");
+        userRoleRelation.setCreateTime(System.currentTimeMillis());
+        userRoleRelation.setCreateUser("admin");
+        userRoleRelation.setId(IDGenerator.nextStr());
+        userRoleRelationMapper.insertSelective(userRoleRelation);
+        mockMvc.perform(MockMvcRequestBuilders.get(prefix + "/has-permission/" + "projectId")
+                        .header(SessionConstants.HEADER_TOKEN, sessionId)
+                        .header(SessionConstants.CSRF_TOKEN, csrfToken)
+                        .contentType(MediaType.APPLICATION_JSON))
+                .andExpect(status().isOk())
+                .andExpect(content().contentType(MediaType.APPLICATION_JSON)).andReturn();
+
+        ProjectExample example = new ProjectExample();
+        example.createCriteria().andIdEqualTo("projectId");
+        Project project = new Project();
+        project.setEnable(false);
+        projectMapper.updateByExampleSelective(project, example);
+        mockMvc.perform(MockMvcRequestBuilders.get(prefix + "/has-permission/" + "projectId")
+                        .header(SessionConstants.HEADER_TOKEN, sessionId)
+                        .header(SessionConstants.CSRF_TOKEN, csrfToken)
+                        .contentType(MediaType.APPLICATION_JSON))
+                .andExpect(status().isOk())
+                .andExpect(content().contentType(MediaType.APPLICATION_JSON)).andReturn();
+    }
 }