test-version22
/
MeterSphere
mirror of https://gitee.com/fit2cloud-feizhiyun/MeterSphere.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

fix: 修复权限相关问题 

--bug=1014158 --user=刘瑞斌 【系统设置】/user/project/member/list/{goPage}/{pageSize} 接口权限没控制 https://www.tapd.cn/55049933/s/1183724
This commit is contained in:
CaptainB 2022-06-16 13:55:38 +08:00 committed by f2c-ci-robot[bot]
parent 26222011e9
commit 8f8c6e30dd
3 changed files with 19 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
backend/src/main/java/io/metersphere/controller/UserController.java
View File

@ -154,16 +154,19 @@ public class UserController {
} }
@PostMapping("/project/member/list/{goPage}/{pageSize}") @PostMapping("/project/member/list/{goPage}/{pageSize}")
@RequiresPermissions(value = { @RequiresPermissions(PermissionConstants.PROJECT_USER_READ)
PermissionConstants.PROJECT_USER_READ,
PermissionConstants.WORKSPACE_USER_READ,
PermissionConstants.WORKSPACE_PROJECT_MANAGER_READ
}, logical = Logical.OR)
public Pager<List<User>> getProjectMemberList(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody QueryMemberRequest request) { public Pager<List<User>> getProjectMemberList(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody QueryMemberRequest request) {
Page<Object> page = PageHelper.startPage(goPage, pageSize, true); Page<Object> page = PageHelper.startPage(goPage, pageSize, true);
return PageUtils.setPageInfo(page, userService.getProjectMemberList(request)); return PageUtils.setPageInfo(page, userService.getProjectMemberList(request));
} }
@PostMapping("/ws/project/member/list/{workspaceId}/{goPage}/{pageSize}")
@RequiresPermissions(PermissionConstants.WORKSPACE_PROJECT_MANAGER_READ)
public Pager<List<User>> getProjectMemberListForWorkspace(@PathVariable int goPage, @PathVariable int pageSize, @PathVariable String workspaceId, @RequestBody QueryMemberRequest request) {
Page<Object> page = PageHelper.startPage(goPage, pageSize, true);
return PageUtils.setPageInfo(page, userService.getProjectMemberList(request));
}
@GetMapping("/project/member/list") @GetMapping("/project/member/list")
public List<User> getProjectMemberListAll() { public List<User> getProjectMemberListAll() {
QueryMemberRequest request = new QueryMemberRequest(); QueryMemberRequest request = new QueryMemberRequest();
@ -171,9 +174,9 @@ public class UserController {
return userService.getProjectMemberList(request); return userService.getProjectMemberList(request);
} }
@GetMapping("/project/member/option/{projectId}") @GetMapping("/project/member/option")
public List<User> getProjectMemberOption(@PathVariable String projectId) { public List<User> getProjectMemberOption() {
return userService.getProjectMemberOption(projectId); return userService.getProjectMemberOption(SessionUtils.getCurrentProjectId());
} }
@GetMapping("/ws/current/member/list") @GetMapping("/ws/current/member/list")

15
frontend/src/business/components/settings/workspace/MsProject.vue
View File

@ -137,16 +137,16 @@
@close="handleClose"> @close="handleClose">
<el-form :model="form" label-position="right" label-width="100px" size="small" ref="updateUserForm"> <el-form :model="form" label-position="right" label-width="100px" size="small" ref="updateUserForm">
<el-form-item label="ID" prop="id"> <el-form-item label="ID" prop="id">
<el-input v-model="form.id" autocomplete="off" :disabled="true" /> <el-input v-model="form.id" autocomplete="off" :disabled="true"/>
</el-form-item> </el-form-item>
<el-form-item :label="$t('commons.username')" prop="name"> <el-form-item :label="$t('commons.username')" prop="name">
<el-input v-model="form.name" autocomplete="off" :disabled="true" /> <el-input v-model="form.name" autocomplete="off" :disabled="true"/>
</el-form-item> </el-form-item>
<el-form-item :label="$t('commons.email')" prop="email"> <el-form-item :label="$t('commons.email')" prop="email">
<el-input v-model="form.email" autocomplete="off" :disabled="true"/> <el-input v-model="form.email" autocomplete="off" :disabled="true"/>
</el-form-item> </el-form-item>
<el-form-item :label="$t('commons.phone')" prop="phone"> <el-form-item :label="$t('commons.phone')" prop="phone">
<el-input v-model="form.phone" autocomplete="off" :disabled="true" /> <el-input v-model="form.phone" autocomplete="off" :disabled="true"/>
</el-form-item> </el-form-item>
<el-form-item :label="$t('commons.group')" prop="groupIds" <el-form-item :label="$t('commons.group')" prop="groupIds"
:rules="{required: true, message: $t('group.please_select_group'), trigger: 'change'}"> :rules="{required: true, message: $t('group.please_select_group'), trigger: 'change'}">
@ -173,7 +173,7 @@
:group-scope-id="workspaceId" :group-scope-id="workspaceId"
ref="addMember" ref="addMember"
:user-resource-url="'user/ws/current/member/list'" :user-resource-url="'user/ws/current/member/list'"
@submit="submitForm"/>' @submit="submitForm"/>
<ms-delete-confirm :title="$t('project.delete')" @delete="_handleDelete" ref="deleteConfirm"/> <ms-delete-confirm :title="$t('project.delete')" @delete="_handleDelete" ref="deleteConfirm"/>
@ -303,10 +303,9 @@ export default {
this.currentWorkspaceRow = row; this.currentWorkspaceRow = row;
this.currentProjectId = row.id; this.currentProjectId = row.id;
let param = { let param = {
name: '',
projectId: row.id projectId: row.id
}; };
this.result = this.$post("/user/project/member/list/1/100000", param, res => { this.result = this.$post("/user/ws/project/member/list/" + row.workspaceId + "/1/100000", param, res => {
this.memberLineData = res.data.listObject; this.memberLineData = res.data.listObject;
let arr = this.memberLineData.filter(item => item.id === getCurrentUserId()); let arr = this.memberLineData.filter(item => item.id === getCurrentUserId());
if (arr.length > 0) { if (arr.length > 0) {
@ -387,7 +386,7 @@ export default {
let param = { let param = {
projectId: this.items[i].id projectId: this.items[i].id
}; };
let path = "/user/project/member/list/1/100000"; let path = "/user/ws/project/member/list/" + this.condition.workspaceId + "/1/100000";
this.$post(path, param, res => { this.$post(path, param, res => {
let member = res.data.listObject; let member = res.data.listObject;
this.$set(this.items[i], "memberSize", member.length); this.$set(this.items[i], "memberSize", member.length);
@ -419,7 +418,7 @@ export default {
name: '', name: '',
projectId: row.id projectId: row.id
}; };
let path = "/user/project/member/list"; let path = "/user/ws/project/member/list/" + row.workspaceId;
this.result = this.$post(this.buildPagePath(path), param, res => { this.result = this.$post(this.buildPagePath(path), param, res => {
let data = res.data; let data = res.data;
this.memberLineData = data.listObject; this.memberLineData = data.listObject;

3
frontend/src/network/user.js
View File

@ -1,4 +1,3 @@
import {getCurrentProjectID} from "@/common/js/utils";
import {get} from "@/common/js/ajax"; import {get} from "@/common/js/ajax";
import axios from "axios"; import axios from "axios";
import {ORGANIZATION_ID, PROJECT_ID, TokenKey, WORKSPACE_ID} from "@/common/js/constants"; import {ORGANIZATION_ID, PROJECT_ID, TokenKey, WORKSPACE_ID} from "@/common/js/constants";
@ -38,5 +37,5 @@ export function logout() {
let baseUrl = '/user/'; let baseUrl = '/user/';
export function getProjectMemberOption(callback) { export function getProjectMemberOption(callback) {
return baseGet(baseUrl + 'project/member/option/' + getCurrentProjectID(), callback); return baseGet(baseUrl + 'project/member/option', callback);
} }