fix(系统设置): 修复查询越权问题

framework/sdk-parent/sdk/src/main/java/io/metersphere/service/BaseCheckPermissionService.java

@@ -102,10 +102,10 @@ public class BaseCheckPermissionService {
             return;
         }
         UserDTO userDTO = baseUserService.getUserDTO(SessionUtils.getUserId());
-        List<String> groupIds = userDTO.getGroups()
+        List<String> groupIds = userDTO.getUserGroups()
                 .stream()
-                .filter(g -> StringUtils.equals(g.getType(), UserGroupType.WORKSPACE) && StringUtils.equals(g.getScopeId(), workspaceId))
-                .map(Group::getId)
+                .filter(g -> StringUtils.equals(g.getSourceId(), workspaceId))
+                .map(UserGroup::getId)
                 .toList();
         if (CollectionUtils.isEmpty(groupIds)) {
             MSException.throwException(Translator.get("check_owner_workspace"));

system-setting/backend/src/main/java/io/metersphere/controller/UserController.java

@@ -91,7 +91,6 @@ public class UserController {
     @PostMapping("/special/ws/member/list/{goPage}/{pageSize}")
     @RequiresPermissions(PermissionConstants.SYSTEM_WORKSPACE_READ)
     public Pager<List<User>> getMemberListByAdmin(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody QueryMemberRequest request) {
-        baseCheckPermissionService.checkWorkspacePermission(request.getWorkspaceId());
         Page<Object> page = PageHelper.startPage(goPage, pageSize, true);
         return PageUtils.setPageInfo(page, baseUserService.getMemberList(request));
     }
@@ -99,7 +98,6 @@ public class UserController {
     @PostMapping("/special/ws/member/list/all")
     @RequiresPermissions(value = {PermissionConstants.SYSTEM_WORKSPACE_READ, PermissionConstants.WORKSPACE_USER_READ}, logical = Logical.OR)
     public List<User> getMemberListByAdmin(@RequestBody QueryMemberRequest request) {
-        baseCheckPermissionService.checkWorkspacePermission(request.getWorkspaceId());
         return baseUserService.getMemberList(request);
     }