diff --git a/project-management/backend/src/main/java/io/metersphere/service/GroupService.java b/project-management/backend/src/main/java/io/metersphere/service/GroupService.java index a41ca97dc9..58327c28c6 100644 --- a/project-management/backend/src/main/java/io/metersphere/service/GroupService.java +++ b/project-management/backend/src/main/java/io/metersphere/service/GroupService.java @@ -70,6 +70,8 @@ public class GroupService { @Resource private BaseUserService baseUserService; private static final String GLOBAL = "global"; + private static final String SUPER_GROUP = "super_group"; + // 服务权限拼装顺序 private static final String[] servicePermissionLoadOrder = {MicroServiceName.PROJECT_MANAGEMENT, @@ -223,6 +225,9 @@ public class GroupService { } public void editGroupPermission(EditGroupRequest request) { + if (StringUtils.equals(request.getUserGroupId(), SUPER_GROUP)) { + return; + } List permissions = request.getPermissions(); if (CollectionUtils.isEmpty(permissions)) { return; diff --git a/system-setting/backend/src/main/java/io/metersphere/service/GroupService.java b/system-setting/backend/src/main/java/io/metersphere/service/GroupService.java index 44358b274d..4d4d9180ec 100644 --- a/system-setting/backend/src/main/java/io/metersphere/service/GroupService.java +++ b/system-setting/backend/src/main/java/io/metersphere/service/GroupService.java @@ -235,6 +235,10 @@ public class GroupService { } public void editGroupPermission(EditGroupRequest request) { + // 超级用户组禁止修改权限 + if (StringUtils.equals(request.getUserGroupId(), SUPER_GROUP)) { + return; + } List permissions = request.getPermissions(); if (CollectionUtils.isEmpty(permissions)) { return; diff --git a/system-setting/frontend/src/business/system/group/EditPermission.vue b/system-setting/frontend/src/business/system/group/EditPermission.vue index 8519c0a116..46284076b2 100644 --- a/system-setting/frontend/src/business/system/group/EditPermission.vue +++ b/system-setting/frontend/src/business/system/group/EditPermission.vue @@ -99,7 +99,10 @@ export default { }, isReadOnly() { return function (data) { - const isDefaultSystemGroup = (this.group.id === 'admin' || this.group.id === 'super_group') && data.resource.id === 'SYSTEM_GROUP'; + if (this.group.id === 'super_group') { + return true; + } + const isDefaultSystemGroup = this.group.id === 'admin' && data.resource.id === 'SYSTEM_GROUP'; return this.readOnly || isDefaultSystemGroup; } } diff --git a/system-setting/frontend/src/business/system/group/GroupPermission.vue b/system-setting/frontend/src/business/system/group/GroupPermission.vue index 1366075441..25340bcffc 100644 --- a/system-setting/frontend/src/business/system/group/GroupPermission.vue +++ b/system-setting/frontend/src/business/system/group/GroupPermission.vue @@ -44,9 +44,13 @@ export default { computed: { isReadOnly() { return function (permission) { + // 禁止取消系统管理员用户组权限 + if (this.group.id === 'super_group') { + return true; + } // 禁止取消系统管理员用户组和超级管理员用户组的读取和设置权限 const isSystemGroupPermission = permission.id === 'SYSTEM_GROUP:READ' || permission.id === 'SYSTEM_GROUP:READ+SETTING_PERMISSION'; - const isDefaultSystemGroup = (this.group.id === 'admin' || this.group.id === 'super_group') && isSystemGroupPermission; + const isDefaultSystemGroup = this.group.id === 'admin' && isSystemGroupPermission; return this.readOnly || isDefaultSystemGroup; } }