From 8f8c6e30dd622263d4a75c1bb56fdb65b64ed7fc Mon Sep 17 00:00:00 2001
From: CaptainB <bin@fit2cloud.com>
Date: Thu, 16 Jun 2022 13:55:38 +0800
Subject: [PATCH] =?UTF-8?q?fix:=20=E4=BF=AE=E5=A4=8D=E6=9D=83=E9=99=90?=
 =?UTF-8?q?=E7=9B=B8=E5=85=B3=E9=97=AE=E9=A2=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

--bug=1014158 --user=刘瑞斌 【系统设置】/user/project/member/list/{goPage}/{pageSize} 接口权限没控制 https://www.tapd.cn/55049933/s/1183724
---
 .../controller/UserController.java            | 19 +++++++++++--------
 .../settings/workspace/MsProject.vue          | 15 +++++++--------
 frontend/src/network/user.js                  |  3 +--
 3 files changed, 19 insertions(+), 18 deletions(-)

diff --git a/backend/src/main/java/io/metersphere/controller/UserController.java b/backend/src/main/java/io/metersphere/controller/UserController.java
index 2aa991e7e4..d41b79299b 100644
--- a/backend/src/main/java/io/metersphere/controller/UserController.java
+++ b/backend/src/main/java/io/metersphere/controller/UserController.java
@@ -154,16 +154,19 @@ public class UserController {
     }
 
     @PostMapping("/project/member/list/{goPage}/{pageSize}")
-    @RequiresPermissions(value = {
-            PermissionConstants.PROJECT_USER_READ,
-            PermissionConstants.WORKSPACE_USER_READ,
-            PermissionConstants.WORKSPACE_PROJECT_MANAGER_READ
-    }, logical = Logical.OR)
+    @RequiresPermissions(PermissionConstants.PROJECT_USER_READ)
     public Pager<List<User>> getProjectMemberList(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody QueryMemberRequest request) {
         Page<Object> page = PageHelper.startPage(goPage, pageSize, true);
         return PageUtils.setPageInfo(page, userService.getProjectMemberList(request));
     }
 
+    @PostMapping("/ws/project/member/list/{workspaceId}/{goPage}/{pageSize}")
+    @RequiresPermissions(PermissionConstants.WORKSPACE_PROJECT_MANAGER_READ)
+    public Pager<List<User>> getProjectMemberListForWorkspace(@PathVariable int goPage, @PathVariable int pageSize, @PathVariable String workspaceId, @RequestBody QueryMemberRequest request) {
+        Page<Object> page = PageHelper.startPage(goPage, pageSize, true);
+        return PageUtils.setPageInfo(page, userService.getProjectMemberList(request));
+    }
+
     @GetMapping("/project/member/list")
     public List<User> getProjectMemberListAll() {
         QueryMemberRequest request = new QueryMemberRequest();
@@ -171,9 +174,9 @@ public class UserController {
         return userService.getProjectMemberList(request);
     }
 
-    @GetMapping("/project/member/option/{projectId}")
-    public List<User> getProjectMemberOption(@PathVariable String projectId) {
-        return userService.getProjectMemberOption(projectId);
+    @GetMapping("/project/member/option")
+    public List<User> getProjectMemberOption() {
+        return userService.getProjectMemberOption(SessionUtils.getCurrentProjectId());
     }
 
     @GetMapping("/ws/current/member/list")
diff --git a/frontend/src/business/components/settings/workspace/MsProject.vue b/frontend/src/business/components/settings/workspace/MsProject.vue
index bf8ab989b4..119bd97851 100644
--- a/frontend/src/business/components/settings/workspace/MsProject.vue
+++ b/frontend/src/business/components/settings/workspace/MsProject.vue
@@ -137,16 +137,16 @@
                @close="handleClose">
       <el-form :model="form" label-position="right" label-width="100px" size="small" ref="updateUserForm">
         <el-form-item label="ID" prop="id">
-          <el-input v-model="form.id" autocomplete="off" :disabled="true" />
+          <el-input v-model="form.id" autocomplete="off" :disabled="true"/>
         </el-form-item>
         <el-form-item :label="$t('commons.username')" prop="name">
-          <el-input v-model="form.name" autocomplete="off" :disabled="true" />
+          <el-input v-model="form.name" autocomplete="off" :disabled="true"/>
         </el-form-item>
         <el-form-item :label="$t('commons.email')" prop="email">
           <el-input v-model="form.email" autocomplete="off" :disabled="true"/>
         </el-form-item>
         <el-form-item :label="$t('commons.phone')" prop="phone">
-          <el-input v-model="form.phone" autocomplete="off" :disabled="true" />
+          <el-input v-model="form.phone" autocomplete="off" :disabled="true"/>
         </el-form-item>
         <el-form-item :label="$t('commons.group')" prop="groupIds"
                       :rules="{required: true, message: $t('group.please_select_group'), trigger: 'change'}">
@@ -173,7 +173,7 @@
       :group-scope-id="workspaceId"
       ref="addMember"
       :user-resource-url="'user/ws/current/member/list'"
-      @submit="submitForm"/>'
+      @submit="submitForm"/>
 
     <ms-delete-confirm :title="$t('project.delete')" @delete="_handleDelete" ref="deleteConfirm"/>
 
@@ -303,10 +303,9 @@ export default {
       this.currentWorkspaceRow = row;
       this.currentProjectId = row.id;
       let param = {
-        name: '',
         projectId: row.id
       };
-      this.result = this.$post("/user/project/member/list/1/100000", param, res => {
+      this.result = this.$post("/user/ws/project/member/list/" + row.workspaceId + "/1/100000", param, res => {
         this.memberLineData = res.data.listObject;
         let arr = this.memberLineData.filter(item => item.id === getCurrentUserId());
         if (arr.length > 0) {
@@ -387,7 +386,7 @@ export default {
           let param = {
             projectId: this.items[i].id
           };
-          let path = "/user/project/member/list/1/100000";
+          let path = "/user/ws/project/member/list/" + this.condition.workspaceId + "/1/100000";
           this.$post(path, param, res => {
             let member = res.data.listObject;
             this.$set(this.items[i], "memberSize", member.length);
@@ -419,7 +418,7 @@ export default {
         name: '',
         projectId: row.id
       };
-      let path = "/user/project/member/list";
+      let path = "/user/ws/project/member/list/" + row.workspaceId;
       this.result = this.$post(this.buildPagePath(path), param, res => {
         let data = res.data;
         this.memberLineData = data.listObject;
diff --git a/frontend/src/network/user.js b/frontend/src/network/user.js
index 71dedd4203..ffaf74fc3e 100644
--- a/frontend/src/network/user.js
+++ b/frontend/src/network/user.js
@@ -1,4 +1,3 @@
-import {getCurrentProjectID} from "@/common/js/utils";
 import {get} from "@/common/js/ajax";
 import axios from "axios";
 import {ORGANIZATION_ID, PROJECT_ID, TokenKey, WORKSPACE_ID} from "@/common/js/constants";
@@ -38,5 +37,5 @@ export function logout() {
 let baseUrl = '/user/';
 
 export function getProjectMemberOption(callback) {
-  return baseGet(baseUrl + 'project/member/option/' + getCurrentProjectID(), callback);
+  return baseGet(baseUrl + 'project/member/option', callback);
 }