fix(系统设置): 内置成员级别用户组修改权限放开
--bug=1034929 --user=宋昌昌 【系统设置】系统-用户组,系统成员/组织成员/项目成员用户组不能编辑修改 https://www.tapd.cn/55049933/s/1457738
This commit is contained in:
parent
047e4d0936
commit
f602e80ee6
|
@ -409,6 +409,7 @@ get_plugin_instance_error=获取插件接口实现类错误!
|
||||||
user_role_relation_exist_error=用户已在当前用户组!
|
user_role_relation_exist_error=用户已在当前用户组!
|
||||||
internal_user_role_permission_error=内置用户组无法编辑与删除!
|
internal_user_role_permission_error=内置用户组无法编辑与删除!
|
||||||
user_role_relation_remove_admin_user_permission_error=无法将 admin 用户将系统管理员用户组删除!
|
user_role_relation_remove_admin_user_permission_error=无法将 admin 用户将系统管理员用户组删除!
|
||||||
|
internal_admin_user_role_permission_error=内置管理员用户组无法修改权限!
|
||||||
# customField
|
# customField
|
||||||
internal_custom_field_permission_error=系统字段或模板无法删除!
|
internal_custom_field_permission_error=系统字段或模板无法删除!
|
||||||
internal_template_permission_error=系统模板无法删除!
|
internal_template_permission_error=系统模板无法删除!
|
||||||
|
|
|
@ -412,6 +412,7 @@ get_plugin_instance_error=Get the plugin instance error!
|
||||||
user_role_relation_exist_error=The user is already in the current user group!
|
user_role_relation_exist_error=The user is already in the current user group!
|
||||||
internal_user_role_permission_error=Internal user groups cannot be edited or deleted!
|
internal_user_role_permission_error=Internal user groups cannot be edited or deleted!
|
||||||
user_role_relation_remove_admin_user_permission_error=Unable to delete the admin user from the system administrator user group!
|
user_role_relation_remove_admin_user_permission_error=Unable to delete the admin user from the system administrator user group!
|
||||||
|
internal_admin_user_role_permission_error=Internal admin user group cannot be edited or deleted!
|
||||||
|
|
||||||
# customField
|
# customField
|
||||||
internal_custom_field_permission_error=System fields cannot be deleted!
|
internal_custom_field_permission_error=System fields cannot be deleted!
|
||||||
|
|
|
@ -410,6 +410,7 @@ get_plugin_instance_error=获取插件接口实现类错误!
|
||||||
user_role_relation_exist_error=用户已在当前用户组!
|
user_role_relation_exist_error=用户已在当前用户组!
|
||||||
internal_user_role_permission_error=内置用户组无法编辑与删除!
|
internal_user_role_permission_error=内置用户组无法编辑与删除!
|
||||||
user_role_relation_remove_admin_user_permission_error=无法将 admin 用户将系统管理员用户组删除!
|
user_role_relation_remove_admin_user_permission_error=无法将 admin 用户将系统管理员用户组删除!
|
||||||
|
internal_admin_user_role_permission_error=内置管理员用户组无法修改权限!
|
||||||
# customField
|
# customField
|
||||||
internal_custom_field_permission_error=系统字段或模板无法删除!
|
internal_custom_field_permission_error=系统字段或模板无法删除!
|
||||||
internal_template_permission_error=系统模板无法删除!
|
internal_template_permission_error=系统模板无法删除!
|
||||||
|
|
|
@ -409,6 +409,7 @@ get_plugin_instance_error=獲取插件接口實現類錯誤!
|
||||||
user_role_relation_exist_error=用戶已在當前用戶組!
|
user_role_relation_exist_error=用戶已在當前用戶組!
|
||||||
internal_user_role_permission_error=內置用戶組無法編輯與刪除!
|
internal_user_role_permission_error=內置用戶組無法編輯與刪除!
|
||||||
user_role_relation_remove_admin_user_permission_error=無法將 admin 用戶將系統管理員用戶組刪除!
|
user_role_relation_remove_admin_user_permission_error=無法將 admin 用戶將系統管理員用戶組刪除!
|
||||||
|
internal_admin_user_role_permission_error=內置管理員用戶組無法修改權限!
|
||||||
# customField
|
# customField
|
||||||
internal_custom_field_permission_error=系統字段或模板無法刪除!
|
internal_custom_field_permission_error=系統字段或模板無法刪除!
|
||||||
internal_template_permission_error=系統模板無法刪除!
|
internal_template_permission_error=系統模板無法刪除!
|
||||||
|
|
|
@ -28,7 +28,8 @@ public enum CommonResultCode implements IResultCode {
|
||||||
STATUS_ITEM_NOT_EXIST(100015, "status_item.not.exist"),
|
STATUS_ITEM_NOT_EXIST(100015, "status_item.not.exist"),
|
||||||
STATUS_ITEM_EXIST(100016, "status_item.exist"),
|
STATUS_ITEM_EXIST(100016, "status_item.exist"),
|
||||||
FIELD_VALIDATE_ERROR(100017, "field_validate_error"),
|
FIELD_VALIDATE_ERROR(100017, "field_validate_error"),
|
||||||
STATUS_DEFINITION_REQUIRED_ERROR(100018, "status_definition_required_error");;
|
STATUS_DEFINITION_REQUIRED_ERROR(100018, "status_definition_required_error"),
|
||||||
|
ADMIN_USER_ROLE_PERMISSION(100019, "internal_admin_user_role_permission_error");
|
||||||
|
|
||||||
|
|
||||||
private int code;
|
private int code;
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
package io.metersphere.system.service;
|
package io.metersphere.system.service;
|
||||||
|
|
||||||
|
import io.metersphere.sdk.constants.InternalUserRole;
|
||||||
import io.metersphere.sdk.constants.UserRoleEnum;
|
import io.metersphere.sdk.constants.UserRoleEnum;
|
||||||
import io.metersphere.sdk.exception.MSException;
|
import io.metersphere.sdk.exception.MSException;
|
||||||
import io.metersphere.sdk.util.JSON;
|
import io.metersphere.sdk.util.JSON;
|
||||||
|
@ -26,6 +27,7 @@ import org.springframework.transaction.annotation.Transactional;
|
||||||
import java.util.*;
|
import java.util.*;
|
||||||
import java.util.stream.Collectors;
|
import java.util.stream.Collectors;
|
||||||
|
|
||||||
|
import static io.metersphere.system.controller.handler.result.CommonResultCode.ADMIN_USER_ROLE_PERMISSION;
|
||||||
import static io.metersphere.system.controller.handler.result.CommonResultCode.INTERNAL_USER_ROLE_PERMISSION;
|
import static io.metersphere.system.controller.handler.result.CommonResultCode.INTERNAL_USER_ROLE_PERMISSION;
|
||||||
import static io.metersphere.system.controller.result.SystemResultCode.NO_GLOBAL_USER_ROLE_PERMISSION;
|
import static io.metersphere.system.controller.result.SystemResultCode.NO_GLOBAL_USER_ROLE_PERMISSION;
|
||||||
|
|
||||||
|
@ -186,6 +188,13 @@ public class BaseUserRoleService {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public void checkAdminUserRole(UserRole userRole) {
|
||||||
|
if (StringUtils.equalsAny(userRole.getId(), InternalUserRole.ADMIN.getValue(),
|
||||||
|
InternalUserRole.ORG_ADMIN.getValue(), InternalUserRole.PROJECT_ADMIN.getValue())) {
|
||||||
|
throw new MSException(ADMIN_USER_ROLE_PERMISSION);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* 校验是否是全局用户组,是全局抛异常
|
* 校验是否是全局用户组,是全局抛异常
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -61,6 +61,7 @@ public class GlobalUserRoleService extends BaseUserRoleService {
|
||||||
/**
|
/**
|
||||||
* 校验是否是全局用户组,非全局抛异常
|
* 校验是否是全局用户组,非全局抛异常
|
||||||
*/
|
*/
|
||||||
|
@Override
|
||||||
public void checkGlobalUserRole(UserRole userRole) {
|
public void checkGlobalUserRole(UserRole userRole) {
|
||||||
if (!StringUtils.equals(userRole.getScopeId(), UserRoleScope.GLOBAL)) {
|
if (!StringUtils.equals(userRole.getScopeId(), UserRoleScope.GLOBAL)) {
|
||||||
throw new MSException(GLOBAL_USER_ROLE_PERMISSION);
|
throw new MSException(GLOBAL_USER_ROLE_PERMISSION);
|
||||||
|
@ -153,7 +154,8 @@ public class GlobalUserRoleService extends BaseUserRoleService {
|
||||||
public void updatePermissionSetting(PermissionSettingUpdateRequest request) {
|
public void updatePermissionSetting(PermissionSettingUpdateRequest request) {
|
||||||
UserRole userRole = getWithCheck(request.getUserRoleId());
|
UserRole userRole = getWithCheck(request.getUserRoleId());
|
||||||
checkGlobalUserRole(userRole);
|
checkGlobalUserRole(userRole);
|
||||||
checkInternalUserRole(userRole);
|
// 内置管理员级别用户组无法更改权限
|
||||||
|
checkAdminUserRole(userRole);
|
||||||
super.updatePermissionSetting(request);
|
super.updatePermissionSetting(request);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,26 +1,26 @@
|
||||||
package io.metersphere.system.controller;
|
package io.metersphere.system.controller;
|
||||||
|
|
||||||
import io.metersphere.system.base.BaseTest;
|
|
||||||
import io.metersphere.sdk.constants.*;
|
import io.metersphere.sdk.constants.*;
|
||||||
import io.metersphere.system.dto.permission.Permission;
|
|
||||||
import io.metersphere.system.dto.permission.PermissionDefinitionItem;
|
|
||||||
import io.metersphere.system.dto.sdk.request.PermissionSettingUpdateRequest;
|
|
||||||
import io.metersphere.system.dto.sdk.request.UserRoleUpdateRequest;
|
|
||||||
import io.metersphere.system.log.constants.OperationLogType;
|
|
||||||
import io.metersphere.system.service.BaseUserRolePermissionService;
|
|
||||||
import io.metersphere.system.service.BaseUserRoleRelationService;
|
|
||||||
import io.metersphere.system.uid.IDGenerator;
|
|
||||||
import io.metersphere.sdk.util.BeanUtils;
|
import io.metersphere.sdk.util.BeanUtils;
|
||||||
import io.metersphere.system.utils.SessionUtils;
|
import io.metersphere.system.base.BaseTest;
|
||||||
import io.metersphere.system.controller.param.PermissionSettingUpdateRequestDefinition;
|
import io.metersphere.system.controller.param.PermissionSettingUpdateRequestDefinition;
|
||||||
import io.metersphere.system.controller.param.UserRoleUpdateRequestDefinition;
|
import io.metersphere.system.controller.param.UserRoleUpdateRequestDefinition;
|
||||||
import io.metersphere.system.domain.User;
|
import io.metersphere.system.domain.User;
|
||||||
import io.metersphere.system.domain.UserRole;
|
import io.metersphere.system.domain.UserRole;
|
||||||
import io.metersphere.system.domain.UserRoleRelation;
|
import io.metersphere.system.domain.UserRoleRelation;
|
||||||
import io.metersphere.system.domain.UserRoleRelationExample;
|
import io.metersphere.system.domain.UserRoleRelationExample;
|
||||||
|
import io.metersphere.system.dto.permission.Permission;
|
||||||
|
import io.metersphere.system.dto.permission.PermissionDefinitionItem;
|
||||||
|
import io.metersphere.system.dto.sdk.request.PermissionSettingUpdateRequest;
|
||||||
|
import io.metersphere.system.dto.sdk.request.UserRoleUpdateRequest;
|
||||||
|
import io.metersphere.system.log.constants.OperationLogType;
|
||||||
import io.metersphere.system.mapper.UserMapper;
|
import io.metersphere.system.mapper.UserMapper;
|
||||||
import io.metersphere.system.mapper.UserRoleMapper;
|
import io.metersphere.system.mapper.UserRoleMapper;
|
||||||
import io.metersphere.system.mapper.UserRoleRelationMapper;
|
import io.metersphere.system.mapper.UserRoleRelationMapper;
|
||||||
|
import io.metersphere.system.service.BaseUserRolePermissionService;
|
||||||
|
import io.metersphere.system.service.BaseUserRoleRelationService;
|
||||||
|
import io.metersphere.system.uid.IDGenerator;
|
||||||
|
import io.metersphere.system.utils.SessionUtils;
|
||||||
import jakarta.annotation.Resource;
|
import jakarta.annotation.Resource;
|
||||||
import org.apache.commons.collections.CollectionUtils;
|
import org.apache.commons.collections.CollectionUtils;
|
||||||
import org.junit.jupiter.api.*;
|
import org.junit.jupiter.api.*;
|
||||||
|
@ -34,6 +34,7 @@ import java.util.stream.Collectors;
|
||||||
|
|
||||||
import static io.metersphere.sdk.constants.InternalUserRole.ADMIN;
|
import static io.metersphere.sdk.constants.InternalUserRole.ADMIN;
|
||||||
import static io.metersphere.sdk.constants.InternalUserRole.MEMBER;
|
import static io.metersphere.sdk.constants.InternalUserRole.MEMBER;
|
||||||
|
import static io.metersphere.system.controller.handler.result.CommonResultCode.ADMIN_USER_ROLE_PERMISSION;
|
||||||
import static io.metersphere.system.controller.handler.result.CommonResultCode.INTERNAL_USER_ROLE_PERMISSION;
|
import static io.metersphere.system.controller.handler.result.CommonResultCode.INTERNAL_USER_ROLE_PERMISSION;
|
||||||
import static io.metersphere.system.controller.handler.result.MsHttpResultCode.NOT_FOUND;
|
import static io.metersphere.system.controller.handler.result.MsHttpResultCode.NOT_FOUND;
|
||||||
import static io.metersphere.system.controller.result.SystemResultCode.GLOBAL_USER_ROLE_EXIST;
|
import static io.metersphere.system.controller.result.SystemResultCode.GLOBAL_USER_ROLE_EXIST;
|
||||||
|
@ -234,7 +235,7 @@ class GlobalUserRoleControllerTests extends BaseTest {
|
||||||
|
|
||||||
// @@操作内置用户组异常
|
// @@操作内置用户组异常
|
||||||
request.setUserRoleId(ADMIN.getValue());
|
request.setUserRoleId(ADMIN.getValue());
|
||||||
assertErrorCode(this.requestPost(PERMISSION_UPDATE, request), INTERNAL_USER_ROLE_PERMISSION);
|
assertErrorCode(this.requestPost(PERMISSION_UPDATE, request), ADMIN_USER_ROLE_PERMISSION);
|
||||||
|
|
||||||
// @@校验 NOT_FOUND 异常
|
// @@校验 NOT_FOUND 异常
|
||||||
request.setUserRoleId("1111");
|
request.setUserRoleId("1111");
|
||||||
|
|
Loading…
Reference in New Issue