diff --git a/backend/src/main/java/io/metersphere/controller/OrganizationController.java b/backend/src/main/java/io/metersphere/controller/OrganizationController.java index 158ceb53bec0211cb36d408df8dfb544747ac62e..cfd103e5f97e2750a8d49f9f0e80dddf180af937 100644 --- a/backend/src/main/java/io/metersphere/controller/OrganizationController.java +++ b/backend/src/main/java/io/metersphere/controller/OrganizationController.java @@ -37,6 +37,7 @@ public class OrganizationController { } @GetMapping("/delete/{organizationId}") + @RequiresRoles(RoleConstants.ADMIN) public void deleteOrganization(@PathVariable(value = "organizationId") String organizationId) { organizationService.deleteOrganization(organizationId); } @PostMapping("/update") diff --git a/backend/src/main/java/io/metersphere/controller/UserController.java b/backend/src/main/java/io/metersphere/controller/UserController.java index f5f2dd54b575f09e57d6d9c6deefdd09b441e7d7..8fc38ecb06d4537e67d132a1c9a9d2f889a6b1e5 100644 --- a/backend/src/main/java/io/metersphere/controller/UserController.java +++ b/backend/src/main/java/io/metersphere/controller/UserController.java @@ -12,7 +12,9 @@ import io.metersphere.controller.request.member.QueryMemberRequest; import io.metersphere.controller.request.organization.AddOrgMemberRequest; import io.metersphere.controller.request.organization.QueryOrgMemberRequest; import io.metersphere.dto.UserDTO; +import io.metersphere.service.OrganizationService; import io.metersphere.service.UserService; +import io.metersphere.service.WorkspaceService; import io.metersphere.user.SessionUser; import io.metersphere.user.SessionUtils; import org.apache.shiro.authz.annotation.Logical; @@ -28,6 +30,10 @@ public class UserController { @Resource private UserService userService; + @Resource + private OrganizationService organizationService; + @Resource + private WorkspaceService workspaceService; // admin api @PostMapping("/special/add") @@ -123,7 +129,6 @@ public class UserController { @PostMapping("/switch/source/org/{sourceId}") @RequiresRoles(RoleConstants.ORG_ADMIN) public UserDTO switchOrganization(@PathVariable(value = "sourceId") String sourceId) { - // todo checkOrganizationOwner() UserDTO user = SessionUtils.getUser(); userService.switchUserRole(user,"organization",sourceId); return SessionUtils.getUser(); @@ -132,7 +137,6 @@ public class UserController { @PostMapping("/switch/source/ws/{sourceId}") @RequiresRoles(value = {RoleConstants.TEST_MANAGER,RoleConstants.TEST_VIEWER,RoleConstants.TEST_USER}, logical = Logical.OR) public UserDTO switchWorkspace(@PathVariable(value = "sourceId") String sourceId) { - // todo checkWorkspaceOwner() UserDTO user = SessionUtils.getUser(); userService.switchUserRole(user, "workspace", sourceId); return SessionUtils.getUser(); @@ -150,7 +154,6 @@ public class UserController { @RequiresRoles(value = {RoleConstants.ORG_ADMIN,RoleConstants.TEST_MANAGER, RoleConstants.TEST_USER,RoleConstants.TEST_VIEWER}, logical = Logical.OR) public Pager> getMemberList(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody QueryMemberRequest request) { - // todo 检查是否是该工作空间的所有者 或者是 该工作空间的父级组织的所有者 Page page = PageHelper.startPage(goPage, pageSize, true); return PageUtils.setPageInfo(page, userService.getMemberList(request)); } @@ -162,7 +165,6 @@ public class UserController { @RequiresRoles(value = {RoleConstants.ORG_ADMIN,RoleConstants.TEST_MANAGER, RoleConstants.TEST_USER,RoleConstants.TEST_VIEWER}, logical = Logical.OR) public List getMemberList(@RequestBody QueryMemberRequest request) { - // todo 检查是否是该工作空间的所有者 或者是 该工作空间的父级组织的所有者 return userService.getMemberList(request); } @@ -172,7 +174,8 @@ public class UserController { @PostMapping("/ws/member/add") @RequiresRoles(value = {RoleConstants.TEST_MANAGER,RoleConstants.ORG_ADMIN}, logical = Logical.OR) public void addMember(@RequestBody AddMemberRequest request) { - // todo check + String wsId = request.getWorkspaceId(); + workspaceService.checkWorkspaceOwner(wsId); userService.addMember(request); } @@ -182,7 +185,7 @@ public class UserController { @GetMapping("/ws/member/delete/{workspaceId}/{userId}") @RequiresRoles(value = {RoleConstants.TEST_MANAGER,RoleConstants.ORG_ADMIN}, logical = Logical.OR) public void deleteMember(@PathVariable String workspaceId, @PathVariable String userId) { - // todo check + workspaceService.checkWorkspaceOwner(workspaceId); userService.deleteMember(workspaceId, userId); } @@ -190,9 +193,9 @@ public class UserController { * 添加组织成员 */ @PostMapping("/org/member/add") - @RequiresRoles(value = {RoleConstants.ORG_ADMIN,RoleConstants.TEST_MANAGER}, logical = Logical.OR) + @RequiresRoles(RoleConstants.ORG_ADMIN) public void addOrganizationMember(@RequestBody AddOrgMemberRequest request) { - // todo check + organizationService.checkOrgOwner(request.getOrganizationId()); userService.addOrganizationMember(request); } @@ -200,9 +203,9 @@ public class UserController { * 删除组织成员 */ @GetMapping("/org/member/delete/{organizationId}/{userId}") - @RequiresRoles(value = {RoleConstants.ORG_ADMIN,RoleConstants.TEST_MANAGER}, logical = Logical.OR) + @RequiresRoles(RoleConstants.ORG_ADMIN) public void delOrganizationMember(@PathVariable String organizationId, @PathVariable String userId) { - // todo check + organizationService.checkOrgOwner(organizationId); userService.delOrganizationMember(organizationId, userId); } @@ -210,10 +213,8 @@ public class UserController { * 查询组织成员列表 */ @PostMapping("/org/member/list/{goPage}/{pageSize}") - @RequiresRoles(value = {RoleConstants.ORG_ADMIN,RoleConstants.TEST_MANAGER, - RoleConstants.TEST_USER,RoleConstants.TEST_VIEWER}, logical = Logical.OR) + @RequiresRoles(value = {RoleConstants.ORG_ADMIN,RoleConstants.TEST_MANAGER}, logical = Logical.OR) public Pager> getOrgMemberList(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody QueryOrgMemberRequest request) { - // todo check Page page = PageHelper.startPage(goPage, pageSize, true); return PageUtils.setPageInfo(page, userService.getOrgMemberList(request)); } @@ -222,10 +223,8 @@ public class UserController { * 组织成员列表不分页 */ @PostMapping("/org/member/list/all") - @RequiresRoles(value = {RoleConstants.ORG_ADMIN,RoleConstants.TEST_MANAGER, - RoleConstants.TEST_USER,RoleConstants.TEST_VIEWER}, logical = Logical.OR) + @RequiresRoles(value = {RoleConstants.ORG_ADMIN,RoleConstants.TEST_MANAGER}, logical = Logical.OR) public List getOrgMemberList(@RequestBody QueryOrgMemberRequest request) { - // todo check return userService.getOrgMemberList(request); } diff --git a/backend/src/main/java/io/metersphere/controller/UserRoleController.java b/backend/src/main/java/io/metersphere/controller/UserRoleController.java index d0c6e24ea0ebee9b16197bbd63fc21d8cc2b7a28..35a3645201136de1bb40ac91e0d624fa2976fddc 100644 --- a/backend/src/main/java/io/metersphere/controller/UserRoleController.java +++ b/backend/src/main/java/io/metersphere/controller/UserRoleController.java @@ -26,6 +26,7 @@ public class UserRoleController { } @GetMapping("/list/ws/{workspaceId}/{userId}") + @RequiresRoles(value = {RoleConstants.ADMIN,RoleConstants.ORG_ADMIN}, logical = Logical.OR) public List getWorkspaceMemberRole(@PathVariable String workspaceId, @PathVariable String userId) { return userRoleService.getWorkspaceMemberRoles(workspaceId, userId); } diff --git a/backend/src/main/java/io/metersphere/controller/WorkspaceController.java b/backend/src/main/java/io/metersphere/controller/WorkspaceController.java index b5f458baaae97016a8f52c6e7b6e9a282ed3ce44..4277b4358d60f5be35b29d1f190b12e765628305 100644 --- a/backend/src/main/java/io/metersphere/controller/WorkspaceController.java +++ b/backend/src/main/java/io/metersphere/controller/WorkspaceController.java @@ -40,7 +40,7 @@ public class WorkspaceController { @PostMapping("update") @RequiresRoles(RoleConstants.ORG_ADMIN) public Workspace updateWorkspace(@RequestBody Workspace workspace) { - workspaceService.checkOwner(workspace.getId()); + workspaceService.checkWorkspaceOwnerByOrgAdmin(workspace.getId()); return workspaceService.saveWorkspace(workspace); } @@ -53,7 +53,7 @@ public class WorkspaceController { @GetMapping("delete/{workspaceId}") @RequiresRoles(RoleConstants.ORG_ADMIN) public void deleteWorkspace(@PathVariable String workspaceId) { - workspaceService.checkOwner(workspaceId); + workspaceService.checkWorkspaceOwnerByOrgAdmin(workspaceId); workspaceService.deleteWorkspace(workspaceId); } diff --git a/backend/src/main/java/io/metersphere/service/OrganizationService.java b/backend/src/main/java/io/metersphere/service/OrganizationService.java index 1a6465e303a78115709a4ed2c13dc4cd8ceb670c..ac651ead6ab8bedb9e72f25876d9654e43177586 100644 --- a/backend/src/main/java/io/metersphere/service/OrganizationService.java +++ b/backend/src/main/java/io/metersphere/service/OrganizationService.java @@ -6,8 +6,13 @@ import io.metersphere.base.mapper.UserMapper; import io.metersphere.base.mapper.UserRoleMapper; import io.metersphere.base.mapper.ext.ExtOrganizationMapper; import io.metersphere.base.mapper.ext.ExtUserRoleMapper; +import io.metersphere.commons.constants.RoleConstants; +import io.metersphere.commons.exception.MSException; import io.metersphere.dto.OrganizationMemberDTO; import io.metersphere.dto.UserRoleHelpDTO; +import io.metersphere.i18n.Translator; +import io.metersphere.user.SessionUser; +import io.metersphere.user.SessionUtils; import org.apache.commons.lang3.StringUtils; import org.springframework.beans.BeanUtils; import org.springframework.stereotype.Service; @@ -109,4 +114,16 @@ public class OrganizationService { public Integer checkSourceRole(String orgId, String userId, String roleId) { return extOrganizationMapper.checkSourceRole(orgId, userId, roleId); } + + public void checkOrgOwner(String organizationId) { + SessionUser user = SessionUtils.getUser(); + List collect = user.getUserRoles().stream() + .filter(ur -> RoleConstants.ORG_ADMIN.equals(ur.getRoleId())) + .map(UserRole::getSourceId) + .collect(Collectors.toList()); + if (!collect.contains(organizationId)) { + MSException.throwException(Translator.get("organization_does_not_belong_to_user")); + } + + } } diff --git a/backend/src/main/java/io/metersphere/service/WorkspaceService.java b/backend/src/main/java/io/metersphere/service/WorkspaceService.java index d2ae432f07ed6ee9dc9f1273abea6cd787ae2ceb..5b9281419a7b8851f871cb2d1bab63d0866f509a 100644 --- a/backend/src/main/java/io/metersphere/service/WorkspaceService.java +++ b/backend/src/main/java/io/metersphere/service/WorkspaceService.java @@ -91,15 +91,16 @@ public class WorkspaceService { } /** - * ORG_ADMIN 需要检查是否有操作此工作空间的权限 + * ORG_ADMIN需要检查是否有操作此工作空间的权限 */ - public void checkOwner(String workspaceId) { + public void checkWorkspaceOwnerByOrgAdmin(String workspaceId) { + checkWorkspaceIsExist(workspaceId); + WorkspaceExample example = new WorkspaceExample(); SessionUser user = SessionUtils.getUser(); List orgIds = user.getUserRoles().stream() .filter(ur -> RoleConstants.ORG_ADMIN.equals(ur.getRoleId())) .map(UserRole::getSourceId) .collect(Collectors.toList()); - WorkspaceExample example = new WorkspaceExample(); example.createCriteria() .andOrganizationIdIn(orgIds) .andIdEqualTo(workspaceId); @@ -108,6 +109,48 @@ public class WorkspaceService { } } + public void checkWorkspaceOwnerByTestManager(String workspaceId) { + checkWorkspaceIsExist(workspaceId); + SessionUser user = SessionUtils.getUser(); + List wsIds = user.getUserRoles().stream() + .filter(ur -> RoleConstants.TEST_MANAGER.equals(ur.getRoleId())) + .map(UserRole::getSourceId) + .collect(Collectors.toList()); + boolean contains = wsIds.contains(workspaceId); + if (!contains) { + MSException.throwException(Translator.get("workspace_does_not_belong_to_user")); + } + } + + public void checkWorkspaceOwner(String workspaceId) { + checkWorkspaceIsExist(workspaceId); + WorkspaceExample example = new WorkspaceExample(); + SessionUser user = SessionUtils.getUser(); + List orgIds = user.getUserRoles().stream() + .filter(ur -> RoleConstants.ORG_ADMIN.equals(ur.getRoleId())) + .map(UserRole::getSourceId) + .collect(Collectors.toList()); + example.createCriteria() + .andOrganizationIdIn(orgIds) + .andIdEqualTo(workspaceId); + List wsIds = user.getUserRoles().stream() + .filter(ur -> RoleConstants.TEST_MANAGER.equals(ur.getRoleId())) + .map(UserRole::getSourceId) + .collect(Collectors.toList()); + boolean contains = wsIds.contains(workspaceId); + if (workspaceMapper.countByExample(example) == 0 && !contains) { + MSException.throwException(Translator.get("workspace_does_not_belong_to_user")); + } + } + + public void checkWorkspaceIsExist(String workspaceId) { + WorkspaceExample example = new WorkspaceExample(); + example.createCriteria().andIdEqualTo(workspaceId); + if (workspaceMapper.countByExample(example) == 0) { + MSException.throwException("workspace_not_exist"); + } + } + public List getWorkspaceListByUserId(String userId) { List userRoleHelpList = extUserRoleMapper.getUserRoleHelpList(userId); List workspaceIds = new ArrayList<>(); diff --git a/backend/src/main/resources/i18n/en-US.json b/backend/src/main/resources/i18n/en-US.json index 679dffb8b1122196fb51e42f9018f34a00708635..8b66b212cf892111bdc6bd7db45883bf02be7f13 100644 --- a/backend/src/main/resources/i18n/en-US.json +++ b/backend/src/main/resources/i18n/en-US.json @@ -5,5 +5,6 @@ "project_name_already_exists": "The project name already exists", "workspace_name_is_null": "Workspace name cannot be null", "workspace_name_already_exists": "The workspace name already exists", - "workspace_does_not_belong_to_user": "The current workspace does not belong to the current user" + "workspace_does_not_belong_to_user": "The current workspace does not belong to the current user", + "organization_does_not_belong_to_user": "The current organization does not belong to the current user" } \ No newline at end of file diff --git a/backend/src/main/resources/i18n/zh-CN.json b/backend/src/main/resources/i18n/zh-CN.json index 23fe3b54ed6ac44c60f97d45b8aa823a97bbde26..58a2502874820860185a1ae64b8b7c508d2ac41a 100644 --- a/backend/src/main/resources/i18n/zh-CN.json +++ b/backend/src/main/resources/i18n/zh-CN.json @@ -5,5 +5,6 @@ "project_name_already_exists": "项目名称已存在", "workspace_name_is_null": "工作空间名不能为空", "workspace_name_already_exists": "工作空间名已存在", - "workspace_does_not_belong_to_user": "当前工作空间不属于当前用户" + "workspace_does_not_belong_to_user": "当前工作空间不属于当前用户", + "organization_does_not_belong_to_user": "当前组织不属于当前用户" } \ No newline at end of file