fix: 修复权限相关问题
This commit is contained in:
CaptainB
f2c-ci-robot[bot]
parent
b6b83b998d
commit
c389a163e2
|
|
@ -17,6 +17,7 @@ import io.metersphere.dto.UserGroupPermissionDTO;
|
|||
import io.metersphere.excel.domain.ExcelResponse;
|
||||
import io.metersphere.i18n.Translator;
|
||||
import io.metersphere.log.annotation.MsAuditLog;
|
||||
import io.metersphere.service.CheckPermissionService;
|
||||
import io.metersphere.service.UserService;
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
import org.apache.shiro.authz.annotation.Logical;
|
||||
|
|
@ -36,6 +37,8 @@ public class UserController {
|
|||
|
||||
@Resource
|
||||
private UserService userService;
|
||||
@Resource
|
||||
private CheckPermissionService checkPermissionService;
|
||||
|
||||
@PostMapping("/special/add")
|
||||
@MsAuditLog(module = OperLogModule.SYSTEM_USER, type = OperLogConstants.CREATE, content = "#msClass.getLogDetails(#user)", msClass = UserService.class)
|
||||
|
|
@ -163,7 +166,9 @@ public class UserController {
|
|||
@PostMapping("/ws/project/member/list/{workspaceId}/{goPage}/{pageSize}")
|
||||
@RequiresPermissions(PermissionConstants.WORKSPACE_PROJECT_MANAGER_READ)
|
||||
public Pager<List<User>> getProjectMemberListForWorkspace(@PathVariable int goPage, @PathVariable int pageSize, @PathVariable String workspaceId, @RequestBody QueryMemberRequest request) {
|
||||
return userService.getProjectMemberListForWorkspace(workspaceId, goPage, pageSize, request);
|
||||
checkPermissionService.checkProjectBelongToWorkspace(request.getProjectId(), workspaceId);
|
||||
Page<Object> page = PageHelper.startPage(goPage, pageSize, true);
|
||||
return PageUtils.setPageInfo(page, userService.getProjectMemberList(request));
|
||||
}
|
||||
|
||||
@GetMapping("/project/member/list")
|
||||
|
|
|
|||
|
|
@ -1,7 +1,9 @@
|
|||
package io.metersphere.service;
|
||||
|
||||
import io.metersphere.base.domain.Group;
|
||||
import io.metersphere.base.domain.Project;
|
||||
import io.metersphere.base.domain.UserGroup;
|
||||
import io.metersphere.base.mapper.ProjectMapper;
|
||||
import io.metersphere.base.mapper.ext.*;
|
||||
import io.metersphere.commons.constants.UserGroupType;
|
||||
import io.metersphere.commons.exception.MSException;
|
||||
|
|
@ -37,6 +39,8 @@ public class CheckPermissionService {
|
|||
private UserService userService;
|
||||
@Resource
|
||||
private ExtProjectMapper extProjectMapper;
|
||||
@Resource
|
||||
private ProjectMapper projectMapper;
|
||||
|
||||
|
||||
public void checkProjectOwner(String projectId) {
|
||||
|
|
@ -150,4 +154,11 @@ public class CheckPermissionService {
|
|||
.map(UserGroup::getSourceId)
|
||||
.collect(Collectors.toSet());
|
||||
}
|
||||
|
||||
public void checkProjectBelongToWorkspace(String projectId, String workspaceId) {
|
||||
Project project = projectMapper.selectByPrimaryKey(projectId);
|
||||
if (project == null || !StringUtils.equals(project.getWorkspaceId(), workspaceId)) {
|
||||
MSException.throwException(Translator.get("check_owner_project"));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -632,23 +632,18 @@ public class UserService {
|
|||
|
||||
private void autoSwitch(UserDTO user) {
|
||||
// 用户有 last_project_id 权限
|
||||
if (StringUtils.isNotBlank(user.getLastProjectId())) {
|
||||
List<UserGroup> projectUserGroups = user.getUserGroups().stream()
|
||||
.filter(ug -> StringUtils.equals(user.getLastProjectId(), ug.getSourceId()))
|
||||
.collect(Collectors.toList());
|
||||
if (CollectionUtils.isNotEmpty(projectUserGroups)) {
|
||||
return;
|
||||
}
|
||||
if (hasLastProjectPermission(user)) {
|
||||
return;
|
||||
}
|
||||
// 用户有 last_workspace_id 权限
|
||||
if (StringUtils.isNotBlank(user.getLastWorkspaceId())) {
|
||||
List<UserGroup> workspaceUserGroups = user.getUserGroups().stream()
|
||||
.filter(ug -> StringUtils.equals(user.getLastWorkspaceId(), ug.getSourceId()))
|
||||
.collect(Collectors.toList());
|
||||
if (CollectionUtils.isNotEmpty(workspaceUserGroups)) {
|
||||
return;
|
||||
}
|
||||
if (hasLastWorkspacePermission(user)) {
|
||||
return;
|
||||
}
|
||||
// 判断其他权限
|
||||
checkNewWorkspaceAndProject(user);
|
||||
}
|
||||
|
||||
private void checkNewWorkspaceAndProject(UserDTO user) {
|
||||
List<UserGroup> userGroups = user.getUserGroups();
|
||||
List<String> projectGroupIds = user.getGroups()
|
||||
.stream().filter(ug -> StringUtils.equals(ug.getType(), UserGroupType.PROJECT))
|
||||
|
|
@ -688,6 +683,56 @@ public class UserService {
|
|||
}
|
||||
}
|
||||
|
||||
private boolean hasLastProjectPermission(UserDTO user) {
|
||||
if (StringUtils.isNotBlank(user.getLastProjectId())) {
|
||||
List<UserGroup> projectUserGroups = user.getUserGroups().stream()
|
||||
.filter(ug -> StringUtils.equals(user.getLastProjectId(), ug.getSourceId()))
|
||||
.collect(Collectors.toList());
|
||||
return CollectionUtils.isNotEmpty(projectUserGroups);
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
private boolean hasLastWorkspacePermission(UserDTO user) {
|
||||
if (StringUtils.isNotBlank(user.getLastWorkspaceId())) {
|
||||
List<UserGroup> workspaceUserGroups = user.getUserGroups().stream()
|
||||
.filter(ug -> StringUtils.equals(user.getLastWorkspaceId(), ug.getSourceId()))
|
||||
.collect(Collectors.toList());
|
||||
if (CollectionUtils.isNotEmpty(workspaceUserGroups)) {
|
||||
ProjectExample example = new ProjectExample();
|
||||
example.createCriteria().andWorkspaceIdEqualTo(user.getLastWorkspaceId());
|
||||
List<Project> projects = projectMapper.selectByExample(example);
|
||||
if (CollectionUtils.isEmpty(projects)) {
|
||||
return true;
|
||||
}
|
||||
List<String> projectIds = projects.stream()
|
||||
.map(Project::getId)
|
||||
.collect(Collectors.toList());
|
||||
|
||||
List<UserGroup> userGroups = user.getUserGroups();
|
||||
List<String> projectGroupIds = user.getGroups()
|
||||
.stream().filter(ug -> StringUtils.equals(ug.getType(), UserGroupType.PROJECT))
|
||||
.map(Group::getId)
|
||||
.collect(Collectors.toList());
|
||||
String projectId = userGroups.stream().filter(ug -> projectGroupIds.contains(ug.getGroupId()))
|
||||
.filter(p -> StringUtils.isNotBlank(p.getSourceId()))
|
||||
.map(UserGroup::getSourceId)
|
||||
.filter(projectIds::contains)
|
||||
.collect(Collectors.toList())
|
||||
.get(0);
|
||||
Project project = projects.stream().filter(p -> StringUtils.equals(projectId, p.getId())).findFirst().get();
|
||||
String wsId = project.getWorkspaceId();
|
||||
user.setId(user.getId());
|
||||
user.setLastProjectId(projectId);
|
||||
user.setLastWorkspaceId(wsId);
|
||||
updateUser(user);
|
||||
SessionUtils.putUser(SessionUser.fromUser(user));
|
||||
return true;
|
||||
}
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
public List<User> searchUser(String condition) {
|
||||
return extUserMapper.searchUser(condition);
|
||||
}
|
||||
|
|
@ -1135,17 +1180,6 @@ public class UserService {
|
|||
return extUserGroupMapper.getProjectMemberList(request);
|
||||
}
|
||||
|
||||
public Pager<List<User>> getProjectMemberListForWorkspace(String workspaceId, int goPage, int pageSize, QueryMemberRequest request) {
|
||||
if (StringUtils.isNotEmpty(request.getProjectId())) {
|
||||
Project project = projectMapper.selectByPrimaryKey(request.getProjectId());
|
||||
if (project == null || !StringUtils.equals(project.getWorkspaceId(), workspaceId)) {
|
||||
return null;
|
||||
}
|
||||
}
|
||||
Page<Object> page = PageHelper.startPage(goPage, pageSize, true);
|
||||
return PageUtils.setPageInfo(page, extUserGroupMapper.getProjectMemberList(request));
|
||||
}
|
||||
|
||||
public void addProjectMember(AddMemberRequest request) {
|
||||
if (CollectionUtils.isEmpty(request.getUserIds())) {
|
||||
LogUtil.info("add project member warning, request param user id list empty!");
|
||||
|
|
|
|||
Loading…
Reference in New Issue