diff --git a/backend/framework/sdk/src/test/java/base/BaseTest.java b/backend/framework/sdk/src/test/java/base/BaseTest.java index 7268609087..7e2afb694b 100644 --- a/backend/framework/sdk/src/test/java/base/BaseTest.java +++ b/backend/framework/sdk/src/test/java/base/BaseTest.java @@ -85,11 +85,10 @@ public abstract class BaseTest { } if (permissionAuthInfoMap.isEmpty()) { // 获取系统,组织,项目对应的权限测试用户的认证信息 - // 暂时只支持 SYSTEM - // todo 补充 ORGANIZATION PROJECT - String permissionType = UserRoleType.SYSTEM.name(); - AuthInfo authInfo = initAuthInfo(permissionType, "metersphere"); - permissionAuthInfoMap.put(permissionType, authInfo); + // 暂时只支持 SYSTEM, ORGANIZATION + // todo 补充 PROJECT + permissionAuthInfoMap.put(UserRoleType.SYSTEM.name(), initAuthInfo(UserRoleType.SYSTEM.name(), "metersphere")); + permissionAuthInfoMap.put(UserRoleType.ORGANIZATION.name(), initAuthInfo(UserRoleType.ORGANIZATION.name(), "metersphere")); } } diff --git a/backend/services/system-setting/src/main/java/io/metersphere/system/controller/OrganizationUserRoleController.java b/backend/services/system-setting/src/main/java/io/metersphere/system/controller/OrganizationUserRoleController.java index 85e4de59d0..8594e394b0 100644 --- a/backend/services/system-setting/src/main/java/io/metersphere/system/controller/OrganizationUserRoleController.java +++ b/backend/services/system-setting/src/main/java/io/metersphere/system/controller/OrganizationUserRoleController.java @@ -96,7 +96,7 @@ public class OrganizationUserRoleController { @PostMapping("/list-member") @Operation(summary = "获取组织用户组-成员") - @RequiresPermissions(value = {PermissionConstants.ORGANIZATION_USER_ROLE_READ, PermissionConstants.SYSTEM_USER_READ}) + @RequiresPermissions(value = {PermissionConstants.ORGANIZATION_USER_ROLE_READ}) public Pager> listMember(@Validated @RequestBody OrganizationUserRoleMemberRequest request) { Page page = PageHelper.startPage(request.getCurrent(), request.getPageSize()); return PageUtils.setPageInfo(page, organizationUserRoleService.listMember(request)); diff --git a/backend/services/system-setting/src/test/java/io/metersphere/system/controller/OrganizationUserRoleControllerTests.java b/backend/services/system-setting/src/test/java/io/metersphere/system/controller/OrganizationUserRoleControllerTests.java index d7322c7aa4..b219f9b366 100644 --- a/backend/services/system-setting/src/test/java/io/metersphere/system/controller/OrganizationUserRoleControllerTests.java +++ b/backend/services/system-setting/src/test/java/io/metersphere/system/controller/OrganizationUserRoleControllerTests.java @@ -2,17 +2,21 @@ package io.metersphere.system.controller; import base.BaseTest; import io.metersphere.sdk.constants.InternalUserRole; +import io.metersphere.sdk.constants.PermissionConstants; import io.metersphere.sdk.constants.SessionConstants; import io.metersphere.sdk.controller.handler.ResultHolder; import io.metersphere.sdk.dto.request.PermissionSettingUpdateRequest; +import io.metersphere.sdk.log.constants.OperationLogType; import io.metersphere.sdk.service.BaseUserRolePermissionService; import io.metersphere.sdk.util.JSON; import io.metersphere.sdk.util.Pager; import io.metersphere.system.domain.User; import io.metersphere.system.domain.UserRole; +import io.metersphere.system.dto.OrganizationDTO; import io.metersphere.system.request.OrganizationUserRoleEditRequest; import io.metersphere.system.request.OrganizationUserRoleMemberEditRequest; import io.metersphere.system.request.OrganizationUserRoleMemberRequest; +import io.metersphere.system.service.OrganizationService; import jakarta.annotation.Resource; import org.apache.commons.collections4.CollectionUtils; import org.apache.commons.lang3.StringUtils; @@ -46,6 +50,8 @@ public class OrganizationUserRoleControllerTests extends BaseTest { private MockMvc mockMvc; @Resource private BaseUserRolePermissionService baseUserRolePermissionService; + @Resource + private OrganizationService organizationService; public static final String ORGANIZATION_ROLE_TYPE = "ORGANIZATION"; public static final String ORGANIZATION_USER_ROLE_LIST = "/user/role/organization/list"; @@ -71,6 +77,9 @@ public class OrganizationUserRoleControllerTests extends BaseTest { Assertions.assertNotNull(resultHolder); // 返回总条数是否为init_organization_user_role.sql中的数据总数 Assertions.assertFalse(JSON.parseArray(JSON.toJSONString(resultHolder.getData())).isEmpty()); + // 权限校验 + OrganizationDTO defaultOrganization = getDefault(); + requestGetPermissionTest(PermissionConstants.ORGANIZATION_USER_ROLE_READ, ORGANIZATION_USER_ROLE_LIST + "/" + defaultOrganization.getId()); } @Test @@ -80,7 +89,7 @@ public class OrganizationUserRoleControllerTests extends BaseTest { request.setName("default-org-role-5"); request.setType(ORGANIZATION_ROLE_TYPE); request.setScopeId("default-organization-2"); - this.requestPost(ORGANIZATION_USER_ROLE_ADD, request, status().isOk()); + MvcResult addResult = this.responsePost(ORGANIZATION_USER_ROLE_ADD, request); // 验证是否添加成功 String organizationId = "default-organization-2"; MvcResult mvcResult = this.responseGet(ORGANIZATION_USER_ROLE_LIST + "/" + organizationId); @@ -91,6 +100,13 @@ public class OrganizationUserRoleControllerTests extends BaseTest { Assertions.assertNotNull(resultHolder); // 返回总条数是否为init_organization_user_role.sql中的数据总数 Assertions.assertFalse(JSON.parseArray(JSON.toJSONString(resultHolder.getData())).isEmpty()); + // 日志校验 + String addResultStr = addResult.getResponse().getContentAsString(StandardCharsets.UTF_8); + ResultHolder addResultHolder = JSON.parseObject(addResultStr, ResultHolder.class); + UserRole userRole = JSON.parseObject(JSON.toJSONString(addResultHolder.getData()), UserRole.class); + checkLog(userRole.getId(), OperationLogType.ADD); + // 权限校验 + requestPostPermissionTest(PermissionConstants.ORGANIZATION_USER_ROLE_READ_ADD, ORGANIZATION_USER_ROLE_ADD, request); } @Test @@ -148,6 +164,10 @@ public class OrganizationUserRoleControllerTests extends BaseTest { // 返回总条数是否包含修改后的数据 List userRoles = JSON.parseArray(JSON.toJSONString(resultHolder.getData()), UserRole.class); Assertions.assertTrue(userRoles.stream().anyMatch(userRole -> "default-org-role-x".equals(userRole.getName()))); + // 日志校验 + checkLog(request.getId(), OperationLogType.UPDATE); + // 权限校验 + requestPostPermissionTest(PermissionConstants.ORGANIZATION_USER_ROLE_READ_UPDATE, ORGANIZATION_USER_ROLE_UPDATE, request); } @Test @@ -165,6 +185,10 @@ public class OrganizationUserRoleControllerTests extends BaseTest { @Order(6) public void testOrganizationUserRoleDeleteSuccess() throws Exception { this.requestGet(ORGANIZATION_USER_ROLE_DELETE + "/default-org-role-id-2", status().isOk()); + // 日志校验 + checkLog("default-org-role-id-2", OperationLogType.DELETE); + // 权限校验 + requestGetPermissionTest(PermissionConstants.ORGANIZATION_USER_ROLE_READ_DELETE, ORGANIZATION_USER_ROLE_DELETE + "/default-org-role-id-2"); } @Test @@ -178,6 +202,8 @@ public class OrganizationUserRoleControllerTests extends BaseTest { Assertions.assertNotNull(resultHolder); // 返回总条数是否为init_organization_user_role.sql中的数据总数 Assertions.assertEquals(1, JSON.parseArray(JSON.toJSONString(resultHolder.getData())).size()); + // 权限校验 + requestGetPermissionTest(PermissionConstants.ORGANIZATION_USER_ROLE_READ, ORGANIZATION_USER_ROLE_PERMISSION_SETTING + "/default-org-role-id-3"); } @Test @@ -193,17 +219,8 @@ public class OrganizationUserRoleControllerTests extends BaseTest { @Test @Order(9) public void testOrganizationUserRolePermissionUpdateSuccess() throws Exception { - PermissionSettingUpdateRequest request = new PermissionSettingUpdateRequest(); + PermissionSettingUpdateRequest request = getPermissionSettingUpdateRequest(); request.setUserRoleId("default-org-role-id-3"); - request.setPermissions(new ArrayList<>() { - { - // 取消ORGANIZATION_USER_ROLE:READ权限 - add(new PermissionSettingUpdateRequest.PermissionUpdateRequest("ORGANIZATION_USER_ROLE:READ", false)); - // 添加ORGANIZATION_USER_ROLE:CREATE, ORGANIZATION_USER_ROLE:UPDATE权限 - add(new PermissionSettingUpdateRequest.PermissionUpdateRequest("ORGANIZATION_USER_ROLE:CREATE", true)); - add(new PermissionSettingUpdateRequest.PermissionUpdateRequest("ORGANIZATION_USER_ROLE:UPDATE", true)); - } - }); this.requestPost(ORGANIZATION_USER_ROLE_PERMISSION_UPDATE, request, status().isOk()); // 返回权限勾选ORGANIZATION_USER_ROLE:CREATE Set permissionIds = baseUserRolePermissionService.getPermissionIdSetByRoleId(request.getUserRoleId()); @@ -213,50 +230,25 @@ public class OrganizationUserRoleControllerTests extends BaseTest { .collect(Collectors.toSet()); // 校验请求成功数据 Assertions.assertEquals(requestPermissionIds, permissionIds); + // 日志校验 + checkLog(request.getUserRoleId(), OperationLogType.UPDATE); + // 权限校验 + requestPostPermissionTest(PermissionConstants.ORGANIZATION_USER_ROLE_READ_UPDATE, ORGANIZATION_USER_ROLE_PERMISSION_UPDATE, request); } @Test @Order(10) public void testOrganizationUserRolePermissionUpdateError() throws Exception { - PermissionSettingUpdateRequest request = new PermissionSettingUpdateRequest(); - request.setUserRoleId("default-org-role-id-10"); - request.setPermissions(new ArrayList<>() { - { - // 取消ORGANIZATION_USER_ROLE:READ权限 - add(new PermissionSettingUpdateRequest.PermissionUpdateRequest("ORGANIZATION_USER_ROLE:READ", false)); - // 添加ORGANIZATION_USER_ROLE:CREATE, ORGANIZATION_USER_ROLE:UPDATE权限 - add(new PermissionSettingUpdateRequest.PermissionUpdateRequest("ORGANIZATION_USER_ROLE:CREATE", true)); - add(new PermissionSettingUpdateRequest.PermissionUpdateRequest("ORGANIZATION_USER_ROLE:UPDATE", true)); - } - }); // 用户组不存在 + PermissionSettingUpdateRequest request = getPermissionSettingUpdateRequest(); + request.setUserRoleId("default-org-role-id-10"); this.requestPost(ORGANIZATION_USER_ROLE_PERMISSION_UPDATE, request, status().is5xxServerError()); // 非组织下用户组异常 - request = new PermissionSettingUpdateRequest(); request.setUserRoleId(InternalUserRole.ADMIN.getValue()); - request.setPermissions(new ArrayList<>() { - { - // 取消ORGANIZATION_USER_ROLE:READ权限 - add(new PermissionSettingUpdateRequest.PermissionUpdateRequest("ORGANIZATION_USER_ROLE:READ", false)); - // 添加ORGANIZATION_USER_ROLE:CREATE, ORGANIZATION_USER_ROLE:UPDATE权限 - add(new PermissionSettingUpdateRequest.PermissionUpdateRequest("ORGANIZATION_USER_ROLE:CREATE", true)); - add(new PermissionSettingUpdateRequest.PermissionUpdateRequest("ORGANIZATION_USER_ROLE:UPDATE", true)); - } - }); this.requestPost(ORGANIZATION_USER_ROLE_PERMISSION_UPDATE, request) .andExpect(jsonPath("$.code").value(NO_ORG_USER_ROLE_PERMISSION.getCode())); // 内置用户组异常 - request = new PermissionSettingUpdateRequest(); request.setUserRoleId(InternalUserRole.ORG_ADMIN.getValue()); - request.setPermissions(new ArrayList<>() { - { - // 取消ORGANIZATION_USER_ROLE:READ权限 - add(new PermissionSettingUpdateRequest.PermissionUpdateRequest("ORGANIZATION_USER_ROLE:READ", false)); - // 添加ORGANIZATION_USER_ROLE:CREATE, ORGANIZATION_USER_ROLE:UPDATE权限 - add(new PermissionSettingUpdateRequest.PermissionUpdateRequest("ORGANIZATION_USER_ROLE:CREATE", true)); - add(new PermissionSettingUpdateRequest.PermissionUpdateRequest("ORGANIZATION_USER_ROLE:UPDATE", true)); - } - }); this.requestPost(ORGANIZATION_USER_ROLE_PERMISSION_UPDATE, request) .andExpect(jsonPath("$.code").value(INTERNAL_USER_ROLE_PERMISSION.getCode())); } @@ -290,6 +282,9 @@ public class OrganizationUserRoleControllerTests extends BaseTest { Assertions.assertTrue(StringUtils.contains(user.getName(), request.getKeyword()) || StringUtils.contains(user.getId(), request.getKeyword())); } + // 权限校验 + request.setOrganizationId(getDefault().getId()); + requestPostPermissionTest(PermissionConstants.ORGANIZATION_USER_ROLE_READ, ORGANIZATION_USER_ROLE_LIST_MEMBER, request); } @Test @@ -319,6 +314,11 @@ public class OrganizationUserRoleControllerTests extends BaseTest { request.setUserRoleId("default-org-role-id-3"); request.setUserIds(List.of("admin")); this.requestPost(ORGANIZATION_USER_ROLE_ADD_MEMBER, request, status().isOk()); + // 日志校验 + checkLog(request.getUserRoleId(), OperationLogType.UPDATE); + // 权限校验 + request.setOrganizationId(getDefault().getId()); + requestPostPermissionTest(PermissionConstants.ORGANIZATION_USER_ROLE_READ_UPDATE, ORGANIZATION_USER_ROLE_ADD_MEMBER, request); } @Test @@ -348,6 +348,11 @@ public class OrganizationUserRoleControllerTests extends BaseTest { this.requestPost(ORGANIZATION_USER_ROLE_ADD_MEMBER, request, status().isOk()); // 成员组织用户组存在多个, 移除成功 this.requestPost(ORGANIZATION_USER_ROLE_REMOVE_MEMBER, request, status().isOk()); + // 日志校验 + checkLog(request.getUserRoleId(), OperationLogType.UPDATE); + // 权限校验 + request.setOrganizationId(getDefault().getId()); + requestPostPermissionTest(PermissionConstants.ORGANIZATION_USER_ROLE_READ_UPDATE, ORGANIZATION_USER_ROLE_REMOVE_MEMBER, request); } @Test @@ -380,6 +385,24 @@ public class OrganizationUserRoleControllerTests extends BaseTest { this.requestGet(ORGANIZATION_USER_ROLE_DELETE + "/default-org-role-id-3", status().isOk()); } + private PermissionSettingUpdateRequest getPermissionSettingUpdateRequest(){ + PermissionSettingUpdateRequest request = new PermissionSettingUpdateRequest(); + request.setPermissions(new ArrayList<>() { + { + // 取消ORGANIZATION_USER_ROLE:READ权限 + add(new PermissionSettingUpdateRequest.PermissionUpdateRequest("ORGANIZATION_USER_ROLE:READ", false)); + // 添加ORGANIZATION_USER_ROLE:CREATE, ORGANIZATION_USER_ROLE:UPDATE权限 + add(new PermissionSettingUpdateRequest.PermissionUpdateRequest("ORGANIZATION_USER_ROLE:CREATE", true)); + add(new PermissionSettingUpdateRequest.PermissionUpdateRequest("ORGANIZATION_USER_ROLE:UPDATE", true)); + } + }); + return request; + } + + private OrganizationDTO getDefault() { + return organizationService.getDefault(); + } + private void requestPost(String url, Object param, ResultMatcher resultMatcher) throws Exception { mockMvc.perform(MockMvcRequestBuilders.post(url) .header(SessionConstants.HEADER_TOKEN, sessionId) diff --git a/backend/services/system-setting/src/test/resources/dml/init_permission_test.sql b/backend/services/system-setting/src/test/resources/dml/init_permission_test.sql index eb69443fc1..8f3e676998 100644 --- a/backend/services/system-setting/src/test/resources/dml/init_permission_test.sql +++ b/backend/services/system-setting/src/test/resources/dml/init_permission_test.sql @@ -1,5 +1,5 @@ -- 初始化用于权限测试的用户 -insert into user(id, name, email, password, create_time, update_time, language, last_organization_id, phone, source, +INSERT INTO user(id, name, email, password, create_time, update_time, language, last_organization_id, phone, source, last_project_id, create_user, update_user, deleted) VALUES ('SYSTEM', 'SYSTEM', 'SYSTEM@fit2cloud.com', MD5('metersphere'), UNIX_TIMESTAMP() * 1000, @@ -12,3 +12,18 @@ VALUES ('SYSTEM', '系统级别权限校验', '', 1, 'SYSTEM', 1620674220005, 16 -- 初始化用户和组的关系 INSERT INTO user_role_relation (id, user_id, role_id, source_id, create_time, create_user) VALUES ('SYSTEM', 'SYSTEM', 'SYSTEM', 'SYSTEM', 1684747668375, 'admin'); + +-- 初始化用于权限测试的组织用户 +INSERT INTO user(id, name, email, password, create_time, update_time, language, last_organization_id, phone, source, + last_project_id, create_user, update_user, deleted) +VALUES ('ORGANIZATION', 'ORGANIZATION', 'ORGANIZATION@fit2cloud.com', MD5('metersphere'), + UNIX_TIMESTAMP() * 1000, + UNIX_TIMESTAMP() * 1000, NULL, NUll, '', 'LOCAL', NULL, 'admin', 'admin', false); + +-- 初始化一个用于权限测试的用户组,这里默认使用 ORGANIZATION 作为ID,如果是组织和项目级别类似,便于根据权限的前缀找到对应测试的用户组 +INSERT INTO user_role (id, name, description, internal, type, create_time, update_time, create_user, scope_id) +VALUES ('ORGANIZATION', '组织级别权限校验', '', 1, 'ORGANIZATION', 1620674220005, 1620674220000, 'admin', 'GLOBAL'); + +-- 初始化用户和组的关系 +INSERT INTO user_role_relation (id, user_id, role_id, source_id, create_time, create_user) +SELECT 'ORGANIZATION', 'ORGANIZATION', 'ORGANIZATION', id, 1684747668375, 'admin' FROM organization WHERE num = 100001; \ No newline at end of file