refactor(系统设置): 超级用户组权限
This commit is contained in:
parent
19205a7879
commit
eef046300b
|
@ -24,6 +24,7 @@ export const ROLE_ORG_ADMIN = 'org_admin';
|
|||
export const ROLE_TEST_MANAGER = 'test_manager';
|
||||
export const ROLE_TEST_USER = 'test_user';
|
||||
export const ROLE_TEST_VIEWER = 'test_viewer';
|
||||
export const SUPER_GROUP = 'super_group';
|
||||
|
||||
export const ORGANIZATION_ID = 'organization_id';
|
||||
export const WORKSPACE_ID = 'workspace_id';
|
||||
|
|
|
@ -1,8 +1,12 @@
|
|||
import {LicenseKey} from "./constants";
|
||||
import {LicenseKey, SUPER_GROUP} from "./constants";
|
||||
import {getCurrentProjectID, getCurrentUser, getCurrentWorkspaceId} from "./token";
|
||||
|
||||
export function hasPermission(permission) {
|
||||
let user = getCurrentUser();
|
||||
let index = user.groups.findIndex(g => g.id === SUPER_GROUP);
|
||||
if (index !== -1) {
|
||||
return true;
|
||||
}
|
||||
|
||||
user.userGroups.forEach(ug => {
|
||||
user.groupPermissions.forEach(gp => {
|
||||
|
@ -13,20 +17,6 @@ export function hasPermission(permission) {
|
|||
});
|
||||
});
|
||||
|
||||
let superGroupPermissions = user.userGroups.filter(ug => ug.group && ug.group.id === 'super_group')
|
||||
.flatMap(ug => ug.userGroupPermissions)
|
||||
.map(g => g.permissionId)
|
||||
.reduce((total, current) => {
|
||||
total.add(current);
|
||||
return total;
|
||||
}, new Set);
|
||||
|
||||
for (const p of superGroupPermissions) {
|
||||
if (p === permission) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
// todo 权限验证
|
||||
let currentProjectPermissions = user.userGroups.filter(ug => ug.group && ug.group.type === 'PROJECT')
|
||||
.filter(ug => ug.sourceId === getCurrentProjectID())
|
||||
|
|
|
@ -2,6 +2,7 @@ package io.metersphere.commons.utils;
|
|||
|
||||
import io.metersphere.base.domain.Group;
|
||||
import io.metersphere.base.domain.UserGroupPermission;
|
||||
import io.metersphere.commons.constants.UserGroupConstants;
|
||||
import io.metersphere.commons.user.SessionUser;
|
||||
import org.apache.commons.collections4.MapUtils;
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
|
@ -141,6 +142,15 @@ public class SessionUtils {
|
|||
}
|
||||
}));
|
||||
|
||||
long count = user.getGroups()
|
||||
.stream()
|
||||
.filter(g -> StringUtils.equals(g.getId(), UserGroupConstants.SUPER_GROUP))
|
||||
.count();
|
||||
|
||||
if (count > 0) {
|
||||
return true;
|
||||
}
|
||||
|
||||
|
||||
Set<String> currentProjectPermissions = getCurrentProjectPermissions(userGroupPermissions, projectId, group, user);
|
||||
if (currentProjectPermissions.contains(permission)) {
|
||||
|
|
|
@ -70,8 +70,6 @@ public class GroupService {
|
|||
@Resource
|
||||
private BaseUserService baseUserService;
|
||||
private static final String GLOBAL = "global";
|
||||
private static final String SUPER_GROUP = "super_group";
|
||||
|
||||
|
||||
// 服务权限拼装顺序
|
||||
private static final String[] servicePermissionLoadOrder = {MicroServiceName.PROJECT_MANAGEMENT,
|
||||
|
@ -225,7 +223,7 @@ public class GroupService {
|
|||
}
|
||||
|
||||
public void editGroupPermission(EditGroupRequest request) {
|
||||
if (StringUtils.equals(request.getUserGroupId(), SUPER_GROUP)) {
|
||||
if (StringUtils.equals(request.getUserGroupId(), UserGroupConstants.SUPER_GROUP)) {
|
||||
return;
|
||||
}
|
||||
List<GroupPermission> permissions = request.getPermissions();
|
||||
|
|
|
@ -68,7 +68,6 @@ public class GroupService {
|
|||
private UserMapper userMapper;
|
||||
|
||||
private static final String GLOBAL = "global";
|
||||
private static final String SUPER_GROUP = "super_group";
|
||||
private static final String PERSONAL_PREFIX = "PERSONAL";
|
||||
|
||||
|
||||
|
@ -236,7 +235,7 @@ public class GroupService {
|
|||
|
||||
public void editGroupPermission(EditGroupRequest request) {
|
||||
// 超级用户组禁止修改权限
|
||||
if (StringUtils.equals(request.getUserGroupId(), SUPER_GROUP)) {
|
||||
if (StringUtils.equals(request.getUserGroupId(), UserGroupConstants.SUPER_GROUP)) {
|
||||
return;
|
||||
}
|
||||
List<GroupPermission> permissions = request.getPermissions();
|
||||
|
@ -331,19 +330,21 @@ public class GroupService {
|
|||
private List<GroupResourceDTO> getResourcePermission(List<GroupResource> resources, List<GroupPermission> permissions, Group group, List<String> permissionList) {
|
||||
List<GroupResourceDTO> dto = new ArrayList<>();
|
||||
List<GroupResource> grs;
|
||||
if (StringUtils.equals(group.getId(), SUPER_GROUP)) {
|
||||
if (StringUtils.equals(group.getId(), UserGroupConstants.SUPER_GROUP)) {
|
||||
grs = resources;
|
||||
permissions.forEach(p -> p.setChecked(true));
|
||||
} else {
|
||||
grs = resources
|
||||
.stream()
|
||||
.filter(g -> g.getId().startsWith(group.getType()) || g.getId().startsWith(PERSONAL_PREFIX))
|
||||
.collect(Collectors.toList());
|
||||
permissions.forEach(p -> {
|
||||
if (permissionList.contains(p.getId())) {
|
||||
p.setChecked(true);
|
||||
}
|
||||
});
|
||||
}
|
||||
permissions.forEach(p -> {
|
||||
if (permissionList.contains(p.getId())) {
|
||||
p.setChecked(true);
|
||||
}
|
||||
});
|
||||
|
||||
for (GroupResource r : grs) {
|
||||
GroupResourceDTO resourceDTO = new GroupResourceDTO();
|
||||
resourceDTO.setResource(r);
|
||||
|
|
|
@ -71,7 +71,7 @@
|
|||
import GroupPermission from "./GroupPermission";
|
||||
import {PROJECT_GROUP_SCOPE, USER_GROUP_SCOPE} from "metersphere-frontend/src/utils/table-constants";
|
||||
import {hasLicense} from "metersphere-frontend/src/utils/permission";
|
||||
import {GROUP_TYPE} from 'metersphere-frontend/src/utils/constants'
|
||||
import {GROUP_TYPE, SUPER_GROUP} from 'metersphere-frontend/src/utils/constants'
|
||||
import {getUserGroupPermission, modifyUserGroupPermission} from "../../../api/user-group";
|
||||
|
||||
export default {
|
||||
|
@ -99,7 +99,7 @@ export default {
|
|||
},
|
||||
isReadOnly() {
|
||||
return function (data) {
|
||||
if (this.group.id === 'super_group') {
|
||||
if (this.group.id === SUPER_GROUP) {
|
||||
return true;
|
||||
}
|
||||
const isDefaultSystemGroup = this.group.id === 'admin' && data.resource.id === 'SYSTEM_GROUP';
|
||||
|
|
|
@ -13,6 +13,8 @@
|
|||
</template>
|
||||
|
||||
<script>
|
||||
import {SUPER_GROUP} from 'metersphere-frontend/src/utils/constants';
|
||||
|
||||
export default {
|
||||
name: "GroupPermission",
|
||||
props: {
|
||||
|
@ -45,7 +47,7 @@ export default {
|
|||
isReadOnly() {
|
||||
return function (permission) {
|
||||
// 禁止取消系统管理员用户组权限
|
||||
if (this.group.id === 'super_group') {
|
||||
if (this.group.id === SUPER_GROUP) {
|
||||
return true;
|
||||
}
|
||||
// 禁止取消系统管理员用户组和超级管理员用户组的读取和设置权限
|
||||
|
|
|
@ -46,7 +46,7 @@
|
|||
<el-table-column prop="description" :label="$t('group.description')" show-overflow-tooltip/>
|
||||
<el-table-column :label="$t('commons.operating')" min-width="120">
|
||||
<template v-slot="scope">
|
||||
<div v-if="scope.row.id === 'super_group'">
|
||||
<div v-if="scope.row.id === SUPER_GROUP">
|
||||
<ms-table-operator
|
||||
:is-show="true"
|
||||
@editClick="edit(scope.row)" @deleteClick="del(scope.row)">
|
||||
|
@ -101,6 +101,8 @@ import {_sort} from "metersphere-frontend/src/utils/tableUtils";
|
|||
import GroupMember from "./GroupMember";
|
||||
import {hasPermission} from "metersphere-frontend/src/utils/permission";
|
||||
import {delUserGroupById, getUserGroupListByPage} from "../../../api/user-group";
|
||||
import {SUPER_GROUP} from 'metersphere-frontend/src/utils/constants'
|
||||
|
||||
|
||||
export default {
|
||||
name: "UserGroup",
|
||||
|
@ -123,6 +125,7 @@ export default {
|
|||
total: 0,
|
||||
screenHeight: 'calc(100vh - 160px)',
|
||||
groups: [],
|
||||
SUPER_GROUP
|
||||
};
|
||||
},
|
||||
activated() {
|
||||
|
|
Loading…
Reference in New Issue