fix: 修复工作空间权限相关问题

2023-05-08 19:02:23 +08:00 · 2023-05-08 19:02:23 +08:00 · e3b5107a53
parent 9d70c0e343
commit e3b5107a53
2 changed files with 8 additions and 0 deletions
--- a/framework/sdk-parent/sdk/src/main/java/io/metersphere/controller/ServiceIntegrationController.java
+++ b/framework/sdk-parent/sdk/src/main/java/io/metersphere/controller/ServiceIntegrationController.java
@ -3,10 +3,12 @@ package io.metersphere.controller;
 import io.metersphere.base.domain.ServiceIntegration;
 import io.metersphere.commons.constants.OperLogConstants;
 import io.metersphere.commons.constants.OperLogModule;
+import io.metersphere.commons.constants.PermissionConstants;
 import io.metersphere.commons.utils.SessionUtils;
 import io.metersphere.log.annotation.MsAuditLog;
 import io.metersphere.request.IntegrationRequest;
 import io.metersphere.service.BaseIntegrationService;
+import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.springframework.web.bind.annotation.*;

 import jakarta.annotation.Resource;
@ -21,22 +23,26 @@ public class ServiceIntegrationController {

    @PostMapping("/save")
    @MsAuditLog(module = OperLogModule.WORKSPACE_SERVICE_INTEGRATION, type = OperLogConstants.UPDATE, beforeEvent = "#msClass.getLogDetails(#service.workspaceId, #service.platform)",  content = "#msClass.getLogDetails(#service.workspaceId, #service.platform)", msClass = BaseIntegrationService.class)
+    @RequiresPermissions(PermissionConstants.WORKSPACE_SERVICE_READ_EDIT)
    public ServiceIntegration save(@RequestBody ServiceIntegration service) {
        return baseIntegrationService.save(service);
    }

    @PostMapping("/type")
+    @RequiresPermissions(PermissionConstants.WORKSPACE_SERVICE_READ)
    public ServiceIntegration getByPlatform(@RequestBody IntegrationRequest request) {
        return baseIntegrationService.get(request);
    }

    @PostMapping("/delete")
    @MsAuditLog(module = OperLogModule.WORKSPACE_SERVICE_INTEGRATION, title = "#request.platform", type = OperLogConstants.DELETE, msClass = BaseIntegrationService.class)
+    @RequiresPermissions(PermissionConstants.WORKSPACE_SERVICE_READ_EDIT)
    public void delete(@RequestBody IntegrationRequest request) {
        baseIntegrationService.delete(request);
    }

    @GetMapping("/all")
+    @RequiresPermissions(PermissionConstants.WORKSPACE_SERVICE_READ)
    public List<ServiceIntegration> getAll() {
        return baseIntegrationService.getAll(SessionUtils.getCurrentWorkspaceId());
    }
--- a/system-setting/backend/src/main/java/io/metersphere/controller/UserController.java
+++ b/system-setting/backend/src/main/java/io/metersphere/controller/UserController.java
@ -174,6 +174,7 @@ public class UserController {
     */
    @GetMapping("/ws/member/delete/{workspaceId}/{userId}")
    @MsAuditLog(module = OperLogModule.WORKSPACE_MEMBER, type = OperLogConstants.DELETE, title = "删除工作空间成员")
+    @RequiresPermissions(PermissionConstants.WORKSPACE_USER_READ_DELETE)
    public void deleteMember(@PathVariable String workspaceId, @PathVariable String userId) {
 //        workspaceService.checkWorkspaceOwner(workspaceId);
        String currentUserId = SessionUtils.getUser().getId();
@ -185,6 +186,7 @@ public class UserController {

    @GetMapping("/project/member/delete/{projectId}/{userId}")
 //    @MsAuditLog(module = "workspace_member", type = OperLogConstants.DELETE, title = "删除工作空间成员")
+    @RequiresPermissions(value={PermissionConstants.PROJECT_USER_READ_DELETE}, logical = Logical.OR)
    public void deleteProjectMember(@PathVariable String projectId, @PathVariable String userId) {
        String currentUserId = SessionUtils.getUser().getId();
        if (StringUtils.equals(userId, currentUserId)) {