refactor(系统设置): 超级用户组权限

This commit is contained in:
shiziyuan9527 2022-12-22 10:58:18 +08:00 committed by lyh
parent 19205a7879
commit eef046300b
8 changed files with 35 additions and 30 deletions

View File

@ -24,6 +24,7 @@ export const ROLE_ORG_ADMIN = 'org_admin';
export const ROLE_TEST_MANAGER = 'test_manager';
export const ROLE_TEST_USER = 'test_user';
export const ROLE_TEST_VIEWER = 'test_viewer';
export const SUPER_GROUP = 'super_group';
export const ORGANIZATION_ID = 'organization_id';
export const WORKSPACE_ID = 'workspace_id';

View File

@ -1,8 +1,12 @@
import {LicenseKey} from "./constants";
import {LicenseKey, SUPER_GROUP} from "./constants";
import {getCurrentProjectID, getCurrentUser, getCurrentWorkspaceId} from "./token";
export function hasPermission(permission) {
let user = getCurrentUser();
let index = user.groups.findIndex(g => g.id === SUPER_GROUP);
if (index !== -1) {
return true;
}
user.userGroups.forEach(ug => {
user.groupPermissions.forEach(gp => {
@ -13,20 +17,6 @@ export function hasPermission(permission) {
});
});
let superGroupPermissions = user.userGroups.filter(ug => ug.group && ug.group.id === 'super_group')
.flatMap(ug => ug.userGroupPermissions)
.map(g => g.permissionId)
.reduce((total, current) => {
total.add(current);
return total;
}, new Set);
for (const p of superGroupPermissions) {
if (p === permission) {
return true;
}
}
// todo 权限验证
let currentProjectPermissions = user.userGroups.filter(ug => ug.group && ug.group.type === 'PROJECT')
.filter(ug => ug.sourceId === getCurrentProjectID())

View File

@ -2,6 +2,7 @@ package io.metersphere.commons.utils;
import io.metersphere.base.domain.Group;
import io.metersphere.base.domain.UserGroupPermission;
import io.metersphere.commons.constants.UserGroupConstants;
import io.metersphere.commons.user.SessionUser;
import org.apache.commons.collections4.MapUtils;
import org.apache.commons.lang3.StringUtils;
@ -141,6 +142,15 @@ public class SessionUtils {
}
}));
long count = user.getGroups()
.stream()
.filter(g -> StringUtils.equals(g.getId(), UserGroupConstants.SUPER_GROUP))
.count();
if (count > 0) {
return true;
}
Set<String> currentProjectPermissions = getCurrentProjectPermissions(userGroupPermissions, projectId, group, user);
if (currentProjectPermissions.contains(permission)) {

View File

@ -70,8 +70,6 @@ public class GroupService {
@Resource
private BaseUserService baseUserService;
private static final String GLOBAL = "global";
private static final String SUPER_GROUP = "super_group";
// 服务权限拼装顺序
private static final String[] servicePermissionLoadOrder = {MicroServiceName.PROJECT_MANAGEMENT,
@ -225,7 +223,7 @@ public class GroupService {
}
public void editGroupPermission(EditGroupRequest request) {
if (StringUtils.equals(request.getUserGroupId(), SUPER_GROUP)) {
if (StringUtils.equals(request.getUserGroupId(), UserGroupConstants.SUPER_GROUP)) {
return;
}
List<GroupPermission> permissions = request.getPermissions();

View File

@ -68,7 +68,6 @@ public class GroupService {
private UserMapper userMapper;
private static final String GLOBAL = "global";
private static final String SUPER_GROUP = "super_group";
private static final String PERSONAL_PREFIX = "PERSONAL";
@ -236,7 +235,7 @@ public class GroupService {
public void editGroupPermission(EditGroupRequest request) {
// 超级用户组禁止修改权限
if (StringUtils.equals(request.getUserGroupId(), SUPER_GROUP)) {
if (StringUtils.equals(request.getUserGroupId(), UserGroupConstants.SUPER_GROUP)) {
return;
}
List<GroupPermission> permissions = request.getPermissions();
@ -331,19 +330,21 @@ public class GroupService {
private List<GroupResourceDTO> getResourcePermission(List<GroupResource> resources, List<GroupPermission> permissions, Group group, List<String> permissionList) {
List<GroupResourceDTO> dto = new ArrayList<>();
List<GroupResource> grs;
if (StringUtils.equals(group.getId(), SUPER_GROUP)) {
if (StringUtils.equals(group.getId(), UserGroupConstants.SUPER_GROUP)) {
grs = resources;
permissions.forEach(p -> p.setChecked(true));
} else {
grs = resources
.stream()
.filter(g -> g.getId().startsWith(group.getType()) || g.getId().startsWith(PERSONAL_PREFIX))
.collect(Collectors.toList());
permissions.forEach(p -> {
if (permissionList.contains(p.getId())) {
p.setChecked(true);
}
});
}
permissions.forEach(p -> {
if (permissionList.contains(p.getId())) {
p.setChecked(true);
}
});
for (GroupResource r : grs) {
GroupResourceDTO resourceDTO = new GroupResourceDTO();
resourceDTO.setResource(r);

View File

@ -71,7 +71,7 @@
import GroupPermission from "./GroupPermission";
import {PROJECT_GROUP_SCOPE, USER_GROUP_SCOPE} from "metersphere-frontend/src/utils/table-constants";
import {hasLicense} from "metersphere-frontend/src/utils/permission";
import {GROUP_TYPE} from 'metersphere-frontend/src/utils/constants'
import {GROUP_TYPE, SUPER_GROUP} from 'metersphere-frontend/src/utils/constants'
import {getUserGroupPermission, modifyUserGroupPermission} from "../../../api/user-group";
export default {
@ -99,7 +99,7 @@ export default {
},
isReadOnly() {
return function (data) {
if (this.group.id === 'super_group') {
if (this.group.id === SUPER_GROUP) {
return true;
}
const isDefaultSystemGroup = this.group.id === 'admin' && data.resource.id === 'SYSTEM_GROUP';

View File

@ -13,6 +13,8 @@
</template>
<script>
import {SUPER_GROUP} from 'metersphere-frontend/src/utils/constants';
export default {
name: "GroupPermission",
props: {
@ -45,7 +47,7 @@ export default {
isReadOnly() {
return function (permission) {
//
if (this.group.id === 'super_group') {
if (this.group.id === SUPER_GROUP) {
return true;
}
//

View File

@ -46,7 +46,7 @@
<el-table-column prop="description" :label="$t('group.description')" show-overflow-tooltip/>
<el-table-column :label="$t('commons.operating')" min-width="120">
<template v-slot="scope">
<div v-if="scope.row.id === 'super_group'">
<div v-if="scope.row.id === SUPER_GROUP">
<ms-table-operator
:is-show="true"
@editClick="edit(scope.row)" @deleteClick="del(scope.row)">
@ -101,6 +101,8 @@ import {_sort} from "metersphere-frontend/src/utils/tableUtils";
import GroupMember from "./GroupMember";
import {hasPermission} from "metersphere-frontend/src/utils/permission";
import {delUserGroupById, getUserGroupListByPage} from "../../../api/user-group";
import {SUPER_GROUP} from 'metersphere-frontend/src/utils/constants'
export default {
name: "UserGroup",
@ -123,6 +125,7 @@ export default {
total: 0,
screenHeight: 'calc(100vh - 160px)',
groups: [],
SUPER_GROUP
};
},
activated() {