refactor(系统设置): 组织用户组功能添加权限及日志校验

This commit is contained in:
song-cc-rock 2023-08-02 11:19:59 +08:00 committed by fit2-zhao
parent 35aff1064c
commit e596e26051
4 changed files with 86 additions and 49 deletions

View File

@ -85,11 +85,10 @@ public abstract class BaseTest {
}
if (permissionAuthInfoMap.isEmpty()) {
// 获取系统组织项目对应的权限测试用户的认证信息
// 暂时只支持 SYSTEM
// todo 补充 ORGANIZATION PROJECT
String permissionType = UserRoleType.SYSTEM.name();
AuthInfo authInfo = initAuthInfo(permissionType, "metersphere");
permissionAuthInfoMap.put(permissionType, authInfo);
// 暂时只支持 SYSTEM, ORGANIZATION
// todo 补充 PROJECT
permissionAuthInfoMap.put(UserRoleType.SYSTEM.name(), initAuthInfo(UserRoleType.SYSTEM.name(), "metersphere"));
permissionAuthInfoMap.put(UserRoleType.ORGANIZATION.name(), initAuthInfo(UserRoleType.ORGANIZATION.name(), "metersphere"));
}
}

View File

@ -96,7 +96,7 @@ public class OrganizationUserRoleController {
@PostMapping("/list-member")
@Operation(summary = "获取组织用户组-成员")
@RequiresPermissions(value = {PermissionConstants.ORGANIZATION_USER_ROLE_READ, PermissionConstants.SYSTEM_USER_READ})
@RequiresPermissions(value = {PermissionConstants.ORGANIZATION_USER_ROLE_READ})
public Pager<List<User>> listMember(@Validated @RequestBody OrganizationUserRoleMemberRequest request) {
Page<Object> page = PageHelper.startPage(request.getCurrent(), request.getPageSize());
return PageUtils.setPageInfo(page, organizationUserRoleService.listMember(request));

View File

@ -2,17 +2,21 @@ package io.metersphere.system.controller;
import base.BaseTest;
import io.metersphere.sdk.constants.InternalUserRole;
import io.metersphere.sdk.constants.PermissionConstants;
import io.metersphere.sdk.constants.SessionConstants;
import io.metersphere.sdk.controller.handler.ResultHolder;
import io.metersphere.sdk.dto.request.PermissionSettingUpdateRequest;
import io.metersphere.sdk.log.constants.OperationLogType;
import io.metersphere.sdk.service.BaseUserRolePermissionService;
import io.metersphere.sdk.util.JSON;
import io.metersphere.sdk.util.Pager;
import io.metersphere.system.domain.User;
import io.metersphere.system.domain.UserRole;
import io.metersphere.system.dto.OrganizationDTO;
import io.metersphere.system.request.OrganizationUserRoleEditRequest;
import io.metersphere.system.request.OrganizationUserRoleMemberEditRequest;
import io.metersphere.system.request.OrganizationUserRoleMemberRequest;
import io.metersphere.system.service.OrganizationService;
import jakarta.annotation.Resource;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang3.StringUtils;
@ -46,6 +50,8 @@ public class OrganizationUserRoleControllerTests extends BaseTest {
private MockMvc mockMvc;
@Resource
private BaseUserRolePermissionService baseUserRolePermissionService;
@Resource
private OrganizationService organizationService;
public static final String ORGANIZATION_ROLE_TYPE = "ORGANIZATION";
public static final String ORGANIZATION_USER_ROLE_LIST = "/user/role/organization/list";
@ -71,6 +77,9 @@ public class OrganizationUserRoleControllerTests extends BaseTest {
Assertions.assertNotNull(resultHolder);
// 返回总条数是否为init_organization_user_role.sql中的数据总数
Assertions.assertFalse(JSON.parseArray(JSON.toJSONString(resultHolder.getData())).isEmpty());
// 权限校验
OrganizationDTO defaultOrganization = getDefault();
requestGetPermissionTest(PermissionConstants.ORGANIZATION_USER_ROLE_READ, ORGANIZATION_USER_ROLE_LIST + "/" + defaultOrganization.getId());
}
@Test
@ -80,7 +89,7 @@ public class OrganizationUserRoleControllerTests extends BaseTest {
request.setName("default-org-role-5");
request.setType(ORGANIZATION_ROLE_TYPE);
request.setScopeId("default-organization-2");
this.requestPost(ORGANIZATION_USER_ROLE_ADD, request, status().isOk());
MvcResult addResult = this.responsePost(ORGANIZATION_USER_ROLE_ADD, request);
// 验证是否添加成功
String organizationId = "default-organization-2";
MvcResult mvcResult = this.responseGet(ORGANIZATION_USER_ROLE_LIST + "/" + organizationId);
@ -91,6 +100,13 @@ public class OrganizationUserRoleControllerTests extends BaseTest {
Assertions.assertNotNull(resultHolder);
// 返回总条数是否为init_organization_user_role.sql中的数据总数
Assertions.assertFalse(JSON.parseArray(JSON.toJSONString(resultHolder.getData())).isEmpty());
// 日志校验
String addResultStr = addResult.getResponse().getContentAsString(StandardCharsets.UTF_8);
ResultHolder addResultHolder = JSON.parseObject(addResultStr, ResultHolder.class);
UserRole userRole = JSON.parseObject(JSON.toJSONString(addResultHolder.getData()), UserRole.class);
checkLog(userRole.getId(), OperationLogType.ADD);
// 权限校验
requestPostPermissionTest(PermissionConstants.ORGANIZATION_USER_ROLE_READ_ADD, ORGANIZATION_USER_ROLE_ADD, request);
}
@Test
@ -148,6 +164,10 @@ public class OrganizationUserRoleControllerTests extends BaseTest {
// 返回总条数是否包含修改后的数据
List<UserRole> userRoles = JSON.parseArray(JSON.toJSONString(resultHolder.getData()), UserRole.class);
Assertions.assertTrue(userRoles.stream().anyMatch(userRole -> "default-org-role-x".equals(userRole.getName())));
// 日志校验
checkLog(request.getId(), OperationLogType.UPDATE);
// 权限校验
requestPostPermissionTest(PermissionConstants.ORGANIZATION_USER_ROLE_READ_UPDATE, ORGANIZATION_USER_ROLE_UPDATE, request);
}
@Test
@ -165,6 +185,10 @@ public class OrganizationUserRoleControllerTests extends BaseTest {
@Order(6)
public void testOrganizationUserRoleDeleteSuccess() throws Exception {
this.requestGet(ORGANIZATION_USER_ROLE_DELETE + "/default-org-role-id-2", status().isOk());
// 日志校验
checkLog("default-org-role-id-2", OperationLogType.DELETE);
// 权限校验
requestGetPermissionTest(PermissionConstants.ORGANIZATION_USER_ROLE_READ_DELETE, ORGANIZATION_USER_ROLE_DELETE + "/default-org-role-id-2");
}
@Test
@ -178,6 +202,8 @@ public class OrganizationUserRoleControllerTests extends BaseTest {
Assertions.assertNotNull(resultHolder);
// 返回总条数是否为init_organization_user_role.sql中的数据总数
Assertions.assertEquals(1, JSON.parseArray(JSON.toJSONString(resultHolder.getData())).size());
// 权限校验
requestGetPermissionTest(PermissionConstants.ORGANIZATION_USER_ROLE_READ, ORGANIZATION_USER_ROLE_PERMISSION_SETTING + "/default-org-role-id-3");
}
@Test
@ -193,17 +219,8 @@ public class OrganizationUserRoleControllerTests extends BaseTest {
@Test
@Order(9)
public void testOrganizationUserRolePermissionUpdateSuccess() throws Exception {
PermissionSettingUpdateRequest request = new PermissionSettingUpdateRequest();
PermissionSettingUpdateRequest request = getPermissionSettingUpdateRequest();
request.setUserRoleId("default-org-role-id-3");
request.setPermissions(new ArrayList<>() {
{
// 取消ORGANIZATION_USER_ROLE:READ权限
add(new PermissionSettingUpdateRequest.PermissionUpdateRequest("ORGANIZATION_USER_ROLE:READ", false));
// 添加ORGANIZATION_USER_ROLE:CREATE, ORGANIZATION_USER_ROLE:UPDATE权限
add(new PermissionSettingUpdateRequest.PermissionUpdateRequest("ORGANIZATION_USER_ROLE:CREATE", true));
add(new PermissionSettingUpdateRequest.PermissionUpdateRequest("ORGANIZATION_USER_ROLE:UPDATE", true));
}
});
this.requestPost(ORGANIZATION_USER_ROLE_PERMISSION_UPDATE, request, status().isOk());
// 返回权限勾选ORGANIZATION_USER_ROLE:CREATE
Set<String> permissionIds = baseUserRolePermissionService.getPermissionIdSetByRoleId(request.getUserRoleId());
@ -213,50 +230,25 @@ public class OrganizationUserRoleControllerTests extends BaseTest {
.collect(Collectors.toSet());
// 校验请求成功数据
Assertions.assertEquals(requestPermissionIds, permissionIds);
// 日志校验
checkLog(request.getUserRoleId(), OperationLogType.UPDATE);
// 权限校验
requestPostPermissionTest(PermissionConstants.ORGANIZATION_USER_ROLE_READ_UPDATE, ORGANIZATION_USER_ROLE_PERMISSION_UPDATE, request);
}
@Test
@Order(10)
public void testOrganizationUserRolePermissionUpdateError() throws Exception {
PermissionSettingUpdateRequest request = new PermissionSettingUpdateRequest();
request.setUserRoleId("default-org-role-id-10");
request.setPermissions(new ArrayList<>() {
{
// 取消ORGANIZATION_USER_ROLE:READ权限
add(new PermissionSettingUpdateRequest.PermissionUpdateRequest("ORGANIZATION_USER_ROLE:READ", false));
// 添加ORGANIZATION_USER_ROLE:CREATE, ORGANIZATION_USER_ROLE:UPDATE权限
add(new PermissionSettingUpdateRequest.PermissionUpdateRequest("ORGANIZATION_USER_ROLE:CREATE", true));
add(new PermissionSettingUpdateRequest.PermissionUpdateRequest("ORGANIZATION_USER_ROLE:UPDATE", true));
}
});
// 用户组不存在
PermissionSettingUpdateRequest request = getPermissionSettingUpdateRequest();
request.setUserRoleId("default-org-role-id-10");
this.requestPost(ORGANIZATION_USER_ROLE_PERMISSION_UPDATE, request, status().is5xxServerError());
// 非组织下用户组异常
request = new PermissionSettingUpdateRequest();
request.setUserRoleId(InternalUserRole.ADMIN.getValue());
request.setPermissions(new ArrayList<>() {
{
// 取消ORGANIZATION_USER_ROLE:READ权限
add(new PermissionSettingUpdateRequest.PermissionUpdateRequest("ORGANIZATION_USER_ROLE:READ", false));
// 添加ORGANIZATION_USER_ROLE:CREATE, ORGANIZATION_USER_ROLE:UPDATE权限
add(new PermissionSettingUpdateRequest.PermissionUpdateRequest("ORGANIZATION_USER_ROLE:CREATE", true));
add(new PermissionSettingUpdateRequest.PermissionUpdateRequest("ORGANIZATION_USER_ROLE:UPDATE", true));
}
});
this.requestPost(ORGANIZATION_USER_ROLE_PERMISSION_UPDATE, request)
.andExpect(jsonPath("$.code").value(NO_ORG_USER_ROLE_PERMISSION.getCode()));
// 内置用户组异常
request = new PermissionSettingUpdateRequest();
request.setUserRoleId(InternalUserRole.ORG_ADMIN.getValue());
request.setPermissions(new ArrayList<>() {
{
// 取消ORGANIZATION_USER_ROLE:READ权限
add(new PermissionSettingUpdateRequest.PermissionUpdateRequest("ORGANIZATION_USER_ROLE:READ", false));
// 添加ORGANIZATION_USER_ROLE:CREATE, ORGANIZATION_USER_ROLE:UPDATE权限
add(new PermissionSettingUpdateRequest.PermissionUpdateRequest("ORGANIZATION_USER_ROLE:CREATE", true));
add(new PermissionSettingUpdateRequest.PermissionUpdateRequest("ORGANIZATION_USER_ROLE:UPDATE", true));
}
});
this.requestPost(ORGANIZATION_USER_ROLE_PERMISSION_UPDATE, request)
.andExpect(jsonPath("$.code").value(INTERNAL_USER_ROLE_PERMISSION.getCode()));
}
@ -290,6 +282,9 @@ public class OrganizationUserRoleControllerTests extends BaseTest {
Assertions.assertTrue(StringUtils.contains(user.getName(), request.getKeyword())
|| StringUtils.contains(user.getId(), request.getKeyword()));
}
// 权限校验
request.setOrganizationId(getDefault().getId());
requestPostPermissionTest(PermissionConstants.ORGANIZATION_USER_ROLE_READ, ORGANIZATION_USER_ROLE_LIST_MEMBER, request);
}
@Test
@ -319,6 +314,11 @@ public class OrganizationUserRoleControllerTests extends BaseTest {
request.setUserRoleId("default-org-role-id-3");
request.setUserIds(List.of("admin"));
this.requestPost(ORGANIZATION_USER_ROLE_ADD_MEMBER, request, status().isOk());
// 日志校验
checkLog(request.getUserRoleId(), OperationLogType.UPDATE);
// 权限校验
request.setOrganizationId(getDefault().getId());
requestPostPermissionTest(PermissionConstants.ORGANIZATION_USER_ROLE_READ_UPDATE, ORGANIZATION_USER_ROLE_ADD_MEMBER, request);
}
@Test
@ -348,6 +348,11 @@ public class OrganizationUserRoleControllerTests extends BaseTest {
this.requestPost(ORGANIZATION_USER_ROLE_ADD_MEMBER, request, status().isOk());
// 成员组织用户组存在多个, 移除成功
this.requestPost(ORGANIZATION_USER_ROLE_REMOVE_MEMBER, request, status().isOk());
// 日志校验
checkLog(request.getUserRoleId(), OperationLogType.UPDATE);
// 权限校验
request.setOrganizationId(getDefault().getId());
requestPostPermissionTest(PermissionConstants.ORGANIZATION_USER_ROLE_READ_UPDATE, ORGANIZATION_USER_ROLE_REMOVE_MEMBER, request);
}
@Test
@ -380,6 +385,24 @@ public class OrganizationUserRoleControllerTests extends BaseTest {
this.requestGet(ORGANIZATION_USER_ROLE_DELETE + "/default-org-role-id-3", status().isOk());
}
private PermissionSettingUpdateRequest getPermissionSettingUpdateRequest(){
PermissionSettingUpdateRequest request = new PermissionSettingUpdateRequest();
request.setPermissions(new ArrayList<>() {
{
// 取消ORGANIZATION_USER_ROLE:READ权限
add(new PermissionSettingUpdateRequest.PermissionUpdateRequest("ORGANIZATION_USER_ROLE:READ", false));
// 添加ORGANIZATION_USER_ROLE:CREATE, ORGANIZATION_USER_ROLE:UPDATE权限
add(new PermissionSettingUpdateRequest.PermissionUpdateRequest("ORGANIZATION_USER_ROLE:CREATE", true));
add(new PermissionSettingUpdateRequest.PermissionUpdateRequest("ORGANIZATION_USER_ROLE:UPDATE", true));
}
});
return request;
}
private OrganizationDTO getDefault() {
return organizationService.getDefault();
}
private void requestPost(String url, Object param, ResultMatcher resultMatcher) throws Exception {
mockMvc.perform(MockMvcRequestBuilders.post(url)
.header(SessionConstants.HEADER_TOKEN, sessionId)

View File

@ -1,5 +1,5 @@
-- 初始化用于权限测试的用户
insert into user(id, name, email, password, create_time, update_time, language, last_organization_id, phone, source,
INSERT INTO user(id, name, email, password, create_time, update_time, language, last_organization_id, phone, source,
last_project_id, create_user, update_user, deleted)
VALUES ('SYSTEM', 'SYSTEM', 'SYSTEM@fit2cloud.com', MD5('metersphere'),
UNIX_TIMESTAMP() * 1000,
@ -12,3 +12,18 @@ VALUES ('SYSTEM', '系统级别权限校验', '', 1, 'SYSTEM', 1620674220005, 16
-- 初始化用户和组的关系
INSERT INTO user_role_relation (id, user_id, role_id, source_id, create_time, create_user)
VALUES ('SYSTEM', 'SYSTEM', 'SYSTEM', 'SYSTEM', 1684747668375, 'admin');
-- 初始化用于权限测试的组织用户
INSERT INTO user(id, name, email, password, create_time, update_time, language, last_organization_id, phone, source,
last_project_id, create_user, update_user, deleted)
VALUES ('ORGANIZATION', 'ORGANIZATION', 'ORGANIZATION@fit2cloud.com', MD5('metersphere'),
UNIX_TIMESTAMP() * 1000,
UNIX_TIMESTAMP() * 1000, NULL, NUll, '', 'LOCAL', NULL, 'admin', 'admin', false);
-- 初始化一个用于权限测试的用户组,这里默认使用 ORGANIZATION 作为ID如果是组织和项目级别类似便于根据权限的前缀找到对应测试的用户组
INSERT INTO user_role (id, name, description, internal, type, create_time, update_time, create_user, scope_id)
VALUES ('ORGANIZATION', '组织级别权限校验', '', 1, 'ORGANIZATION', 1620674220005, 1620674220000, 'admin', 'GLOBAL');
-- 初始化用户和组的关系
INSERT INTO user_role_relation (id, user_id, role_id, source_id, create_time, create_user)
SELECT 'ORGANIZATION', 'ORGANIZATION', 'ORGANIZATION', id, 1684747668375, 'admin' FROM organization WHERE num = 100001;