test-version22
/
MeterSphere
mirror of https://gitee.com/fit2cloud-feizhiyun/MeterSphere.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

fix: 修复权限相关问题 

--bug=1014158 --user=刘瑞斌 【系统设置】/user/project/member/list/{goPage}/{pageSize} 接口权限没控制 https://www.tapd.cn/55049933/s/1183724
This commit is contained in:
CaptainB 2022-06-16 13:55:38 +08:00 committed by f2c-ci-robot[bot]
parent 26222011e9
commit 8f8c6e30dd
3 changed files with 19 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
backend/src/main/java/io/metersphere/controller/UserController.java
View File

@ -154,16 +154,19 @@ public class UserController {
}
@PostMapping("/project/member/list/{goPage}/{pageSize}")
@RequiresPermissions(value = {
PermissionConstants.PROJECT_USER_READ,
PermissionConstants.WORKSPACE_USER_READ,
PermissionConstants.WORKSPACE_PROJECT_MANAGER_READ
}, logical = Logical.OR)
@RequiresPermissions(PermissionConstants.PROJECT_USER_READ)
public Pager<List<User>> getProjectMemberList(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody QueryMemberRequest request) {
Page<Object> page = PageHelper.startPage(goPage, pageSize, true);
return PageUtils.setPageInfo(page, userService.getProjectMemberList(request));
}
@PostMapping("/ws/project/member/list/{workspaceId}/{goPage}/{pageSize}")
@RequiresPermissions(PermissionConstants.WORKSPACE_PROJECT_MANAGER_READ)
public Pager<List<User>> getProjectMemberListForWorkspace(@PathVariable int goPage, @PathVariable int pageSize, @PathVariable String workspaceId, @RequestBody QueryMemberRequest request) {
Page<Object> page = PageHelper.startPage(goPage, pageSize, true);
return PageUtils.setPageInfo(page, userService.getProjectMemberList(request));
}
@GetMapping("/project/member/list")
public List<User> getProjectMemberListAll() {
QueryMemberRequest request = new QueryMemberRequest();
@ -171,9 +174,9 @@ public class UserController {
return userService.getProjectMemberList(request);
}
@GetMapping("/project/member/option/{projectId}")
public List<User> getProjectMemberOption(@PathVariable String projectId) {
return userService.getProjectMemberOption(projectId);
@GetMapping("/project/member/option")
public List<User> getProjectMemberOption() {
return userService.getProjectMemberOption(SessionUtils.getCurrentProjectId());
}
@GetMapping("/ws/current/member/list")

15
frontend/src/business/components/settings/workspace/MsProject.vue
View File

@ -137,16 +137,16 @@
@close="handleClose">
<el-form :model="form" label-position="right" label-width="100px" size="small" ref="updateUserForm">
<el-form-item label="ID" prop="id">
<el-input v-model="form.id" autocomplete="off" :disabled="true" />
<el-input v-model="form.id" autocomplete="off" :disabled="true"/>
</el-form-item>
<el-form-item :label="$t('commons.username')" prop="name">
<el-input v-model="form.name" autocomplete="off" :disabled="true" />
<el-input v-model="form.name" autocomplete="off" :disabled="true"/>
</el-form-item>
<el-form-item :label="$t('commons.email')" prop="email">
<el-input v-model="form.email" autocomplete="off" :disabled="true"/>
</el-form-item>
<el-form-item :label="$t('commons.phone')" prop="phone">
<el-input v-model="form.phone" autocomplete="off" :disabled="true" />
<el-input v-model="form.phone" autocomplete="off" :disabled="true"/>
</el-form-item>
<el-form-item :label="$t('commons.group')" prop="groupIds"
:rules="{required: true, message: $t('group.please_select_group'), trigger: 'change'}">
@ -173,7 +173,7 @@
:group-scope-id="workspaceId"
ref="addMember"
:user-resource-url="'user/ws/current/member/list'"
@submit="submitForm"/>'
@submit="submitForm"/>
<ms-delete-confirm :title="$t('project.delete')" @delete="_handleDelete" ref="deleteConfirm"/>
@ -303,10 +303,9 @@ export default {
this.currentWorkspaceRow = row;
this.currentProjectId = row.id;
let param = {
name: '',
projectId: row.id
};
this.result = this.$post("/user/project/member/list/1/100000", param, res => {
this.result = this.$post("/user/ws/project/member/list/" + row.workspaceId + "/1/100000", param, res => {
this.memberLineData = res.data.listObject;
let arr = this.memberLineData.filter(item => item.id === getCurrentUserId());
if (arr.length > 0) {
@ -387,7 +386,7 @@ export default {
let param = {
projectId: this.items[i].id
};
let path = "/user/project/member/list/1/100000";
let path = "/user/ws/project/member/list/" + this.condition.workspaceId + "/1/100000";
this.$post(path, param, res => {
let member = res.data.listObject;
this.$set(this.items[i], "memberSize", member.length);
@ -419,7 +418,7 @@ export default {
name: '',
projectId: row.id
};
let path = "/user/project/member/list";
let path = "/user/ws/project/member/list/" + row.workspaceId;
this.result = this.$post(this.buildPagePath(path), param, res => {
let data = res.data;
this.memberLineData = data.listObject;

3
frontend/src/network/user.js
View File

@ -1,4 +1,3 @@
import {getCurrentProjectID} from "@/common/js/utils";
import {get} from "@/common/js/ajax";
import axios from "axios";
import {ORGANIZATION_ID, PROJECT_ID, TokenKey, WORKSPACE_ID} from "@/common/js/constants";
@ -38,5 +37,5 @@ export function logout() {
let baseUrl = '/user/';
export function getProjectMemberOption(callback) {
return baseGet(baseUrl + 'project/member/option/' + getCurrentProjectID(), callback);
return baseGet(baseUrl + 'project/member/option', callback);
}