fix: 增加用户组接口的权限校验
This commit is contained in:
CaptainB
fit2-zhao
parent
6a2bf297a3
commit
a23f75d93b
|
|
@ -1,8 +1,11 @@
|
|||
package io.metersphere.controller;
|
||||
|
||||
import io.metersphere.base.domain.User;
|
||||
import io.metersphere.base.domain.UserGroup;
|
||||
import io.metersphere.commons.constants.OperLogConstants;
|
||||
import io.metersphere.commons.constants.OperLogModule;
|
||||
import io.metersphere.commons.constants.UserGroupConstants;
|
||||
import io.metersphere.commons.user.SessionUser;
|
||||
import io.metersphere.commons.utils.SessionUtils;
|
||||
import io.metersphere.dto.UserDTO;
|
||||
import io.metersphere.log.annotation.MsAuditLog;
|
||||
|
|
@ -11,12 +14,10 @@ import io.metersphere.request.member.EditPassWordRequest;
|
|||
import io.metersphere.request.member.EditSeleniumServerRequest;
|
||||
import io.metersphere.request.member.QueryMemberRequest;
|
||||
import io.metersphere.service.BaseUserService;
|
||||
import jakarta.annotation.Resource;
|
||||
import org.springframework.web.bind.annotation.*;
|
||||
|
||||
import jakarta.annotation.Resource;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Objects;
|
||||
import java.util.*;
|
||||
|
||||
@RestController
|
||||
@RequestMapping("/user")
|
||||
|
|
@ -26,6 +27,13 @@ public class BaseUserController {
|
|||
|
||||
@GetMapping("/ws/current/member/list")
|
||||
public List<User> getCurrentWorkspaceMember() {
|
||||
SessionUser user = SessionUtils.getUser();
|
||||
Optional<UserGroup> any = user.getUserGroups().stream()
|
||||
.filter(ug -> (ug.getSourceId().equals(SessionUtils.getCurrentWorkspaceId()) || ug.getGroupId().equals(UserGroupConstants.SUPER_GROUP)))
|
||||
.findAny();
|
||||
if (any.isEmpty()) {
|
||||
return new ArrayList<>();
|
||||
}
|
||||
QueryMemberRequest request = new QueryMemberRequest();
|
||||
request.setWorkspaceId(SessionUtils.getCurrentWorkspaceId());
|
||||
return baseUserService.getMemberList(request);
|
||||
|
|
@ -56,6 +64,13 @@ public class BaseUserController {
|
|||
|
||||
@GetMapping("/project/member/list")
|
||||
public List<User> getProjectMemberListAll() {
|
||||
SessionUser user = SessionUtils.getUser();
|
||||
Optional<UserGroup> any = user.getUserGroups().stream()
|
||||
.filter(ug -> (ug.getSourceId().equals(SessionUtils.getCurrentProjectId()) || ug.getGroupId().equals(UserGroupConstants.SUPER_GROUP)))
|
||||
.findAny();
|
||||
if (any.isEmpty()) {
|
||||
return new ArrayList<>();
|
||||
}
|
||||
QueryMemberRequest request = new QueryMemberRequest();
|
||||
request.setProjectId(SessionUtils.getCurrentProjectId());
|
||||
return baseUserService.getProjectMemberList(request);
|
||||
|
|
@ -68,6 +83,13 @@ public class BaseUserController {
|
|||
|
||||
@GetMapping("/project/member/{projectId}")
|
||||
public List<User> getProjectMembers(@PathVariable String projectId) {
|
||||
SessionUser user = SessionUtils.getUser();
|
||||
Optional<UserGroup> any = user.getUserGroups().stream()
|
||||
.filter(ug -> (ug.getSourceId().equals(projectId) || ug.getGroupId().equals(UserGroupConstants.SUPER_GROUP)))
|
||||
.findAny();
|
||||
if (any.isEmpty()) {
|
||||
return new ArrayList<>();
|
||||
}
|
||||
QueryMemberRequest request = new QueryMemberRequest();
|
||||
request.setProjectId(projectId);
|
||||
return baseUserService.getProjectMemberList(request);
|
||||
|
|
|
|||
|
|
@ -91,11 +91,6 @@ public class GroupController {
|
|||
groupService.editGroupPermission(editGroupRequest);
|
||||
}
|
||||
|
||||
@GetMapping("/all/{userId}")
|
||||
public List<Map<String, Object>> getAllUserGroup(@PathVariable("userId") String userId) {
|
||||
return groupService.getAllUserGroup(userId);
|
||||
}
|
||||
|
||||
@PostMapping("/list")
|
||||
public List<Group> getGroupsByType(@RequestBody GroupRequest request) {
|
||||
return groupService.getGroupsByType(request);
|
||||
|
|
|
|||
|
|
@ -4,10 +4,13 @@ import com.github.pagehelper.Page;
|
|||
import com.github.pagehelper.PageHelper;
|
||||
import io.metersphere.base.domain.Group;
|
||||
import io.metersphere.base.domain.User;
|
||||
import io.metersphere.base.domain.UserGroup;
|
||||
import io.metersphere.base.domain.Workspace;
|
||||
import io.metersphere.commons.constants.OperLogConstants;
|
||||
import io.metersphere.commons.constants.OperLogModule;
|
||||
import io.metersphere.commons.constants.PermissionConstants;
|
||||
import io.metersphere.commons.constants.UserGroupConstants;
|
||||
import io.metersphere.commons.user.SessionUser;
|
||||
import io.metersphere.commons.utils.PageUtils;
|
||||
import io.metersphere.commons.utils.Pager;
|
||||
import io.metersphere.commons.utils.SessionUtils;
|
||||
|
|
@ -25,9 +28,8 @@ import org.apache.shiro.authz.annotation.RequiresPermissions;
|
|||
import org.springframework.web.bind.annotation.*;
|
||||
|
||||
import jakarta.annotation.Resource;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.UUID;
|
||||
|
||||
import java.util.*;
|
||||
|
||||
|
||||
@RequestMapping("/user/group")
|
||||
|
|
@ -47,6 +49,13 @@ public class GroupController {
|
|||
|
||||
@GetMapping("/get/all")
|
||||
public List<GroupDTO> getAllGroup() {
|
||||
SessionUser user = SessionUtils.getUser();
|
||||
Optional<UserGroup> any = user.getUserGroups().stream()
|
||||
.filter(ug -> (ug.getGroupId().equals(UserGroupConstants.SUPER_GROUP)))
|
||||
.findAny();
|
||||
if (any.isEmpty()) {
|
||||
return new ArrayList<>();
|
||||
}
|
||||
return groupService.getAllGroup();
|
||||
}
|
||||
|
||||
|
|
@ -91,6 +100,7 @@ public class GroupController {
|
|||
}
|
||||
|
||||
@GetMapping("/all/{userId}")
|
||||
@RequiresPermissions(PermissionConstants.SYSTEM_USER_READ_EDIT)
|
||||
public List<Map<String, Object>> getAllUserGroup(@PathVariable("userId") String userId) {
|
||||
return groupService.getAllUserGroup(userId);
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue