refactor(系统设置): 超级用户组权限

framework/sdk-parent/frontend/src/utils/constants.js

@@ -24,6 +24,7 @@ export const ROLE_ORG_ADMIN = 'org_admin';
 export const ROLE_TEST_MANAGER = 'test_manager';
 export const ROLE_TEST_USER = 'test_user';
 export const ROLE_TEST_VIEWER = 'test_viewer';
+export const SUPER_GROUP = 'super_group';
 
 export const ORGANIZATION_ID = 'organization_id';
 export const WORKSPACE_ID = 'workspace_id';

framework/sdk-parent/frontend/src/utils/permission.js

@@ -1,8 +1,12 @@
-import {LicenseKey} from "./constants";
+import {LicenseKey, SUPER_GROUP} from "./constants";
 import {getCurrentProjectID, getCurrentUser, getCurrentWorkspaceId} from "./token";
 
 export function hasPermission(permission) {
   let user = getCurrentUser();
+  let index = user.groups.findIndex(g => g.id === SUPER_GROUP);
+  if (index !== -1) {
+    return true;
+  }
 
   user.userGroups.forEach(ug => {
     user.groupPermissions.forEach(gp => {
@@ -13,20 +17,6 @@ export function hasPermission(permission) {
     });
   });
 
-  let superGroupPermissions = user.userGroups.filter(ug => ug.group && ug.group.id === 'super_group')
-    .flatMap(ug => ug.userGroupPermissions)
-    .map(g => g.permissionId)
-    .reduce((total, current) => {
-      total.add(current);
-      return total;
-    }, new Set);
-
-  for (const p of superGroupPermissions) {
-    if (p === permission) {
-      return true;
-    }
-  }
-
   // todo 权限验证
   let currentProjectPermissions = user.userGroups.filter(ug => ug.group && ug.group.type === 'PROJECT')
     .filter(ug => ug.sourceId === getCurrentProjectID())

framework/sdk-parent/sdk/src/main/java/io/metersphere/commons/utils/SessionUtils.java

@@ -2,6 +2,7 @@ package io.metersphere.commons.utils;
 
 import io.metersphere.base.domain.Group;
 import io.metersphere.base.domain.UserGroupPermission;
+import io.metersphere.commons.constants.UserGroupConstants;
 import io.metersphere.commons.user.SessionUser;
 import org.apache.commons.collections4.MapUtils;
 import org.apache.commons.lang3.StringUtils;
@@ -141,6 +142,15 @@ public class SessionUtils {
             }
         }));
 
+        long count = user.getGroups()
+                .stream()
+                .filter(g -> StringUtils.equals(g.getId(), UserGroupConstants.SUPER_GROUP))
+                .count();
+
+        if (count > 0) {
+            return true;
+        }
+
 
         Set<String> currentProjectPermissions = getCurrentProjectPermissions(userGroupPermissions, projectId, group, user);
         if (currentProjectPermissions.contains(permission)) {

project-management/backend/src/main/java/io/metersphere/service/GroupService.java

@@ -70,8 +70,6 @@ public class GroupService {
     @Resource
     private BaseUserService baseUserService;
     private static final String GLOBAL = "global";
-    private static final String SUPER_GROUP = "super_group";
-
 
     // 服务权限拼装顺序
     private static final String[] servicePermissionLoadOrder = {MicroServiceName.PROJECT_MANAGEMENT,
@@ -225,7 +223,7 @@ public class GroupService {
     }
 
     public void editGroupPermission(EditGroupRequest request) {
-        if (StringUtils.equals(request.getUserGroupId(), SUPER_GROUP)) {
+        if (StringUtils.equals(request.getUserGroupId(), UserGroupConstants.SUPER_GROUP)) {
             return;
         }
         List<GroupPermission> permissions = request.getPermissions();

system-setting/backend/src/main/java/io/metersphere/service/GroupService.java

@@ -68,7 +68,6 @@ public class GroupService {
     private UserMapper userMapper;
 
     private static final String GLOBAL = "global";
-    private static final String SUPER_GROUP = "super_group";
     private static final String PERSONAL_PREFIX = "PERSONAL";
 
 
@@ -236,7 +235,7 @@ public class GroupService {
 
     public void editGroupPermission(EditGroupRequest request) {
         // 超级用户组禁止修改权限
-        if (StringUtils.equals(request.getUserGroupId(), SUPER_GROUP)) {
+        if (StringUtils.equals(request.getUserGroupId(), UserGroupConstants.SUPER_GROUP)) {
             return;
         }
         List<GroupPermission> permissions = request.getPermissions();
@@ -331,19 +330,21 @@ public class GroupService {
     private List<GroupResourceDTO> getResourcePermission(List<GroupResource> resources, List<GroupPermission> permissions, Group group, List<String> permissionList) {
         List<GroupResourceDTO> dto = new ArrayList<>();
         List<GroupResource> grs;
-        if (StringUtils.equals(group.getId(), SUPER_GROUP)) {
+        if (StringUtils.equals(group.getId(), UserGroupConstants.SUPER_GROUP)) {
             grs = resources;
+            permissions.forEach(p -> p.setChecked(true));
         } else {
             grs = resources
                     .stream()
                     .filter(g -> g.getId().startsWith(group.getType()) || g.getId().startsWith(PERSONAL_PREFIX))
                     .collect(Collectors.toList());
-        }
             permissions.forEach(p -> {
                 if (permissionList.contains(p.getId())) {
                     p.setChecked(true);
                 }
             });
+        }
+
         for (GroupResource r : grs) {
             GroupResourceDTO resourceDTO = new GroupResourceDTO();
             resourceDTO.setResource(r);

system-setting/frontend/src/business/system/group/EditPermission.vue

@@ -71,7 +71,7 @@
 import GroupPermission from "./GroupPermission";
 import {PROJECT_GROUP_SCOPE, USER_GROUP_SCOPE} from "metersphere-frontend/src/utils/table-constants";
 import {hasLicense} from "metersphere-frontend/src/utils/permission";
-import {GROUP_TYPE} from 'metersphere-frontend/src/utils/constants'
+import {GROUP_TYPE, SUPER_GROUP} from 'metersphere-frontend/src/utils/constants'
 import {getUserGroupPermission, modifyUserGroupPermission} from "../../../api/user-group";
 
 export default {
@@ -99,7 +99,7 @@ export default {
     },
     isReadOnly() {
       return function (data) {
-        if (this.group.id === 'super_group') {
+        if (this.group.id === SUPER_GROUP) {
           return true;
         }
         const isDefaultSystemGroup = this.group.id === 'admin' && data.resource.id === 'SYSTEM_GROUP';

system-setting/frontend/src/business/system/group/GroupPermission.vue

@@ -13,6 +13,8 @@
 </template>
 
 <script>
+import {SUPER_GROUP} from 'metersphere-frontend/src/utils/constants';
+
 export default {
   name: "GroupPermission",
   props: {
@@ -45,7 +47,7 @@ export default {
     isReadOnly() {
       return function (permission) {
         // 禁止取消系统管理员用户组权限
-        if (this.group.id === 'super_group') {
+        if (this.group.id === SUPER_GROUP) {
           return true;
         }
         // 禁止取消系统管理员用户组和超级管理员用户组的读取和设置权限

system-setting/frontend/src/business/system/group/UserGroup.vue

@@ -46,7 +46,7 @@
         <el-table-column prop="description" :label="$t('group.description')" show-overflow-tooltip/>
         <el-table-column :label="$t('commons.operating')" min-width="120">
           <template v-slot="scope">
-            <div v-if="scope.row.id === 'super_group'">
+            <div v-if="scope.row.id === SUPER_GROUP">
               <ms-table-operator
                 :is-show="true"
                 @editClick="edit(scope.row)" @deleteClick="del(scope.row)">
@@ -101,6 +101,8 @@ import {_sort} from "metersphere-frontend/src/utils/tableUtils";
 import GroupMember from "./GroupMember";
 import {hasPermission} from "metersphere-frontend/src/utils/permission";
 import {delUserGroupById, getUserGroupListByPage} from "../../../api/user-group";
+import {SUPER_GROUP} from 'metersphere-frontend/src/utils/constants'
+
 
 export default {
   name: "UserGroup",
@@ -123,6 +125,7 @@ export default {
       total: 0,
       screenHeight: 'calc(100vh - 160px)',
       groups: [],
+      SUPER_GROUP
     };
   },
   activated() {