fix(系统设置): 内置成员级别用户组修改权限放开

--bug=1034929 --user=宋昌昌 【系统设置】系统-用户组,系统成员/组织成员/项目成员用户组不能编辑修改 https://www.tapd.cn/55049933/s/1457738
This commit is contained in:
song-cc-rock 2024-01-31 21:19:57 +08:00 committed by 刘瑞斌
parent 047e4d0936
commit f602e80ee6
8 changed files with 30 additions and 13 deletions

View File

@ -409,6 +409,7 @@ get_plugin_instance_error=获取插件接口实现类错误!
user_role_relation_exist_error=用户已在当前用户组! user_role_relation_exist_error=用户已在当前用户组!
internal_user_role_permission_error=内置用户组无法编辑与删除! internal_user_role_permission_error=内置用户组无法编辑与删除!
user_role_relation_remove_admin_user_permission_error=无法将 admin 用户将系统管理员用户组删除! user_role_relation_remove_admin_user_permission_error=无法将 admin 用户将系统管理员用户组删除!
internal_admin_user_role_permission_error=内置管理员用户组无法修改权限!
# customField # customField
internal_custom_field_permission_error=系统字段或模板无法删除! internal_custom_field_permission_error=系统字段或模板无法删除!
internal_template_permission_error=系统模板无法删除! internal_template_permission_error=系统模板无法删除!

View File

@ -412,6 +412,7 @@ get_plugin_instance_error=Get the plugin instance error!
user_role_relation_exist_error=The user is already in the current user group user_role_relation_exist_error=The user is already in the current user group
internal_user_role_permission_error=Internal user groups cannot be edited or deleted internal_user_role_permission_error=Internal user groups cannot be edited or deleted
user_role_relation_remove_admin_user_permission_error=Unable to delete the admin user from the system administrator user group user_role_relation_remove_admin_user_permission_error=Unable to delete the admin user from the system administrator user group
internal_admin_user_role_permission_error=Internal admin user group cannot be edited or deleted!
# customField # customField
internal_custom_field_permission_error=System fields cannot be deleted internal_custom_field_permission_error=System fields cannot be deleted

View File

@ -410,6 +410,7 @@ get_plugin_instance_error=获取插件接口实现类错误!
user_role_relation_exist_error=用户已在当前用户组! user_role_relation_exist_error=用户已在当前用户组!
internal_user_role_permission_error=内置用户组无法编辑与删除! internal_user_role_permission_error=内置用户组无法编辑与删除!
user_role_relation_remove_admin_user_permission_error=无法将 admin 用户将系统管理员用户组删除! user_role_relation_remove_admin_user_permission_error=无法将 admin 用户将系统管理员用户组删除!
internal_admin_user_role_permission_error=内置管理员用户组无法修改权限!
# customField # customField
internal_custom_field_permission_error=系统字段或模板无法删除! internal_custom_field_permission_error=系统字段或模板无法删除!
internal_template_permission_error=系统模板无法删除! internal_template_permission_error=系统模板无法删除!

View File

@ -409,6 +409,7 @@ get_plugin_instance_error=獲取插件接口實現類錯誤!
user_role_relation_exist_error=用戶已在當前用戶組! user_role_relation_exist_error=用戶已在當前用戶組!
internal_user_role_permission_error=內置用戶組無法編輯與刪除! internal_user_role_permission_error=內置用戶組無法編輯與刪除!
user_role_relation_remove_admin_user_permission_error=無法將 admin 用戶將系統管理員用戶組刪除! user_role_relation_remove_admin_user_permission_error=無法將 admin 用戶將系統管理員用戶組刪除!
internal_admin_user_role_permission_error=內置管理員用戶組無法修改權限!
# customField # customField
internal_custom_field_permission_error=系統字段或模板無法刪除! internal_custom_field_permission_error=系統字段或模板無法刪除!
internal_template_permission_error=系統模板無法刪除! internal_template_permission_error=系統模板無法刪除!

View File

@ -28,7 +28,8 @@ public enum CommonResultCode implements IResultCode {
STATUS_ITEM_NOT_EXIST(100015, "status_item.not.exist"), STATUS_ITEM_NOT_EXIST(100015, "status_item.not.exist"),
STATUS_ITEM_EXIST(100016, "status_item.exist"), STATUS_ITEM_EXIST(100016, "status_item.exist"),
FIELD_VALIDATE_ERROR(100017, "field_validate_error"), FIELD_VALIDATE_ERROR(100017, "field_validate_error"),
STATUS_DEFINITION_REQUIRED_ERROR(100018, "status_definition_required_error");; STATUS_DEFINITION_REQUIRED_ERROR(100018, "status_definition_required_error"),
ADMIN_USER_ROLE_PERMISSION(100019, "internal_admin_user_role_permission_error");
private int code; private int code;

View File

@ -1,5 +1,6 @@
package io.metersphere.system.service; package io.metersphere.system.service;
import io.metersphere.sdk.constants.InternalUserRole;
import io.metersphere.sdk.constants.UserRoleEnum; import io.metersphere.sdk.constants.UserRoleEnum;
import io.metersphere.sdk.exception.MSException; import io.metersphere.sdk.exception.MSException;
import io.metersphere.sdk.util.JSON; import io.metersphere.sdk.util.JSON;
@ -26,6 +27,7 @@ import org.springframework.transaction.annotation.Transactional;
import java.util.*; import java.util.*;
import java.util.stream.Collectors; import java.util.stream.Collectors;
import static io.metersphere.system.controller.handler.result.CommonResultCode.ADMIN_USER_ROLE_PERMISSION;
import static io.metersphere.system.controller.handler.result.CommonResultCode.INTERNAL_USER_ROLE_PERMISSION; import static io.metersphere.system.controller.handler.result.CommonResultCode.INTERNAL_USER_ROLE_PERMISSION;
import static io.metersphere.system.controller.result.SystemResultCode.NO_GLOBAL_USER_ROLE_PERMISSION; import static io.metersphere.system.controller.result.SystemResultCode.NO_GLOBAL_USER_ROLE_PERMISSION;
@ -186,6 +188,13 @@ public class BaseUserRoleService {
} }
} }
public void checkAdminUserRole(UserRole userRole) {
if (StringUtils.equalsAny(userRole.getId(), InternalUserRole.ADMIN.getValue(),
InternalUserRole.ORG_ADMIN.getValue(), InternalUserRole.PROJECT_ADMIN.getValue())) {
throw new MSException(ADMIN_USER_ROLE_PERMISSION);
}
}
/** /**
* 校验是否是全局用户组是全局抛异常 * 校验是否是全局用户组是全局抛异常
*/ */

View File

@ -61,6 +61,7 @@ public class GlobalUserRoleService extends BaseUserRoleService {
/** /**
* 校验是否是全局用户组非全局抛异常 * 校验是否是全局用户组非全局抛异常
*/ */
@Override
public void checkGlobalUserRole(UserRole userRole) { public void checkGlobalUserRole(UserRole userRole) {
if (!StringUtils.equals(userRole.getScopeId(), UserRoleScope.GLOBAL)) { if (!StringUtils.equals(userRole.getScopeId(), UserRoleScope.GLOBAL)) {
throw new MSException(GLOBAL_USER_ROLE_PERMISSION); throw new MSException(GLOBAL_USER_ROLE_PERMISSION);
@ -153,7 +154,8 @@ public class GlobalUserRoleService extends BaseUserRoleService {
public void updatePermissionSetting(PermissionSettingUpdateRequest request) { public void updatePermissionSetting(PermissionSettingUpdateRequest request) {
UserRole userRole = getWithCheck(request.getUserRoleId()); UserRole userRole = getWithCheck(request.getUserRoleId());
checkGlobalUserRole(userRole); checkGlobalUserRole(userRole);
checkInternalUserRole(userRole); // 内置管理员级别用户组无法更改权限
checkAdminUserRole(userRole);
super.updatePermissionSetting(request); super.updatePermissionSetting(request);
} }
} }

View File

@ -1,26 +1,26 @@
package io.metersphere.system.controller; package io.metersphere.system.controller;
import io.metersphere.system.base.BaseTest;
import io.metersphere.sdk.constants.*; import io.metersphere.sdk.constants.*;
import io.metersphere.system.dto.permission.Permission;
import io.metersphere.system.dto.permission.PermissionDefinitionItem;
import io.metersphere.system.dto.sdk.request.PermissionSettingUpdateRequest;
import io.metersphere.system.dto.sdk.request.UserRoleUpdateRequest;
import io.metersphere.system.log.constants.OperationLogType;
import io.metersphere.system.service.BaseUserRolePermissionService;
import io.metersphere.system.service.BaseUserRoleRelationService;
import io.metersphere.system.uid.IDGenerator;
import io.metersphere.sdk.util.BeanUtils; import io.metersphere.sdk.util.BeanUtils;
import io.metersphere.system.utils.SessionUtils; import io.metersphere.system.base.BaseTest;
import io.metersphere.system.controller.param.PermissionSettingUpdateRequestDefinition; import io.metersphere.system.controller.param.PermissionSettingUpdateRequestDefinition;
import io.metersphere.system.controller.param.UserRoleUpdateRequestDefinition; import io.metersphere.system.controller.param.UserRoleUpdateRequestDefinition;
import io.metersphere.system.domain.User; import io.metersphere.system.domain.User;
import io.metersphere.system.domain.UserRole; import io.metersphere.system.domain.UserRole;
import io.metersphere.system.domain.UserRoleRelation; import io.metersphere.system.domain.UserRoleRelation;
import io.metersphere.system.domain.UserRoleRelationExample; import io.metersphere.system.domain.UserRoleRelationExample;
import io.metersphere.system.dto.permission.Permission;
import io.metersphere.system.dto.permission.PermissionDefinitionItem;
import io.metersphere.system.dto.sdk.request.PermissionSettingUpdateRequest;
import io.metersphere.system.dto.sdk.request.UserRoleUpdateRequest;
import io.metersphere.system.log.constants.OperationLogType;
import io.metersphere.system.mapper.UserMapper; import io.metersphere.system.mapper.UserMapper;
import io.metersphere.system.mapper.UserRoleMapper; import io.metersphere.system.mapper.UserRoleMapper;
import io.metersphere.system.mapper.UserRoleRelationMapper; import io.metersphere.system.mapper.UserRoleRelationMapper;
import io.metersphere.system.service.BaseUserRolePermissionService;
import io.metersphere.system.service.BaseUserRoleRelationService;
import io.metersphere.system.uid.IDGenerator;
import io.metersphere.system.utils.SessionUtils;
import jakarta.annotation.Resource; import jakarta.annotation.Resource;
import org.apache.commons.collections.CollectionUtils; import org.apache.commons.collections.CollectionUtils;
import org.junit.jupiter.api.*; import org.junit.jupiter.api.*;
@ -34,6 +34,7 @@ import java.util.stream.Collectors;
import static io.metersphere.sdk.constants.InternalUserRole.ADMIN; import static io.metersphere.sdk.constants.InternalUserRole.ADMIN;
import static io.metersphere.sdk.constants.InternalUserRole.MEMBER; import static io.metersphere.sdk.constants.InternalUserRole.MEMBER;
import static io.metersphere.system.controller.handler.result.CommonResultCode.ADMIN_USER_ROLE_PERMISSION;
import static io.metersphere.system.controller.handler.result.CommonResultCode.INTERNAL_USER_ROLE_PERMISSION; import static io.metersphere.system.controller.handler.result.CommonResultCode.INTERNAL_USER_ROLE_PERMISSION;
import static io.metersphere.system.controller.handler.result.MsHttpResultCode.NOT_FOUND; import static io.metersphere.system.controller.handler.result.MsHttpResultCode.NOT_FOUND;
import static io.metersphere.system.controller.result.SystemResultCode.GLOBAL_USER_ROLE_EXIST; import static io.metersphere.system.controller.result.SystemResultCode.GLOBAL_USER_ROLE_EXIST;
@ -234,7 +235,7 @@ class GlobalUserRoleControllerTests extends BaseTest {
// @@操作内置用户组异常 // @@操作内置用户组异常
request.setUserRoleId(ADMIN.getValue()); request.setUserRoleId(ADMIN.getValue());
assertErrorCode(this.requestPost(PERMISSION_UPDATE, request), INTERNAL_USER_ROLE_PERMISSION); assertErrorCode(this.requestPost(PERMISSION_UPDATE, request), ADMIN_USER_ROLE_PERMISSION);
// @@校验 NOT_FOUND 异常 // @@校验 NOT_FOUND 异常
request.setUserRoleId("1111"); request.setUserRoleId("1111");