test-version22
/
MeterSphere
mirror of https://gitee.com/fit2cloud-feizhiyun/MeterSphere.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

fix(系统设置): 修复查询越权问题

This commit is contained in:
wxg0103 2024-04-25 18:04:29 +08:00 committed by 刘瑞斌
parent 07d7f0c18a
commit c2e69ff9ec
2 changed files with 3 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
framework/sdk-parent/sdk/src/main/java/io/metersphere/service/BaseCheckPermissionService.java
View File

@ -102,10 +102,10 @@ public class BaseCheckPermissionService {
return; return;
} }
UserDTO userDTO = baseUserService.getUserDTO(SessionUtils.getUserId()); UserDTO userDTO = baseUserService.getUserDTO(SessionUtils.getUserId());
List<String> groupIds = userDTO.getGroups() List<String> groupIds = userDTO.getUserGroups()
.stream() .stream()
.filter(g -> StringUtils.equals(g.getType(), UserGroupType.WORKSPACE) && StringUtils.equals(g.getScopeId(), workspaceId)) .filter(g -> StringUtils.equals(g.getSourceId(), workspaceId))
.map(Group::getId) .map(UserGroup::getId)
.toList(); .toList();
if (CollectionUtils.isEmpty(groupIds)) { if (CollectionUtils.isEmpty(groupIds)) {
MSException.throwException(Translator.get("check_owner_workspace")); MSException.throwException(Translator.get("check_owner_workspace"));

2
system-setting/backend/src/main/java/io/metersphere/controller/UserController.java
View File

@ -91,7 +91,6 @@ public class UserController {
@PostMapping("/special/ws/member/list/{goPage}/{pageSize}") @PostMapping("/special/ws/member/list/{goPage}/{pageSize}")
@RequiresPermissions(PermissionConstants.SYSTEM_WORKSPACE_READ) @RequiresPermissions(PermissionConstants.SYSTEM_WORKSPACE_READ)
public Pager<List<User>> getMemberListByAdmin(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody QueryMemberRequest request) { public Pager<List<User>> getMemberListByAdmin(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody QueryMemberRequest request) {
baseCheckPermissionService.checkWorkspacePermission(request.getWorkspaceId());
Page<Object> page = PageHelper.startPage(goPage, pageSize, true); Page<Object> page = PageHelper.startPage(goPage, pageSize, true);
return PageUtils.setPageInfo(page, baseUserService.getMemberList(request)); return PageUtils.setPageInfo(page, baseUserService.getMemberList(request));
} }
@ -99,7 +98,6 @@ public class UserController {
@PostMapping("/special/ws/member/list/all") @PostMapping("/special/ws/member/list/all")
@RequiresPermissions(value = {PermissionConstants.SYSTEM_WORKSPACE_READ, PermissionConstants.WORKSPACE_USER_READ}, logical = Logical.OR) @RequiresPermissions(value = {PermissionConstants.SYSTEM_WORKSPACE_READ, PermissionConstants.WORKSPACE_USER_READ}, logical = Logical.OR)
public List<User> getMemberListByAdmin(@RequestBody QueryMemberRequest request) { public List<User> getMemberListByAdmin(@RequestBody QueryMemberRequest request) {
baseCheckPermissionService.checkWorkspacePermission(request.getWorkspaceId());
return baseUserService.getMemberList(request); return baseUserService.getMemberList(request);
} }