组织，工作空间管理员无法移除自身

f0427d47 · shiziyuan9527 · c1035e00 · f0427d47 · f0427d47 · f0427d47
3 changed file
--- a/backend/src/main/java/io/metersphere/controller/UserController.java
+++ b/backend/src/main/java/io/metersphere/controller/UserController.java
@@ -4,6 +4,7 @@ import com.github.pagehelper.Page;
 import com.github.pagehelper.PageHelper;
 import io.metersphere.base.domain.User;
 import io.metersphere.commons.constants.RoleConstants;
+import io.metersphere.commons.exception.MSException;
 import io.metersphere.commons.utils.PageUtils;
 import io.metersphere.commons.utils.Pager;
 import io.metersphere.controller.request.UserRequest;
@@ -17,6 +18,7 @@ import io.metersphere.service.UserService;
 import io.metersphere.service.WorkspaceService;
 import io.metersphere.user.SessionUser;
 import io.metersphere.user.SessionUtils;
+import org.apache.commons.lang3.StringUtils;
 import org.apache.shiro.authz.annotation.Logical;
 import org.apache.shiro.authz.annotation.RequiresRoles;
 import org.springframework.beans.BeanUtils;
@@ -120,6 +122,9 @@ public class UserController {
    @PostMapping("/update/current")
    public UserDTO updateCurrentUser(@RequestBody User user) {
+        UserDTO userDTO = userService.getUserDTO(user.getId());
+        BeanUtils.copyProperties(user, userDTO);
+        SessionUtils.putUser(SessionUser.fromUser(userDTO));
        userService.updateUser(user);
        return SessionUtils.getUser();
    }
@@ -182,6 +187,10 @@ public class UserController {
    @RequiresRoles(value = {RoleConstants.TEST_MANAGER,RoleConstants.ORG_ADMIN}, logical = Logical.OR)
    public void deleteMember(@PathVariable String workspaceId, @PathVariable String userId) {
        workspaceService.checkWorkspaceOwner(workspaceId);
+        String currentUserId = SessionUtils.getUser().getId();
+        if (StringUtils.equals(userId, currentUserId)) {
+            MSException.throwException("Insufficient permissions!");
+        }
        userService.deleteMember(workspaceId, userId);
    }
@@ -202,6 +211,10 @@ public class UserController {
    @RequiresRoles(RoleConstants.ORG_ADMIN)
    public void delOrganizationMember(@PathVariable String organizationId, @PathVariable String userId) {
        organizationService.checkOrgOwner(organizationId);
+        String currentUserId = SessionUtils.getUser().getId();
+        if (StringUtils.equals(userId, currentUserId)) {
+            MSException.throwException("Insufficient permissions!");
+        }
        userService.delOrganizationMember(organizationId, userId);
    }

--- a/backend/src/main/java/io/metersphere/service/UserService.java
+++ b/backend/src/main/java/io/metersphere/service/UserService.java
@@ -124,11 +124,8 @@ public class UserService {
    }
    public void updateUser(User user) {
-        UserDTO userDTO = getUserDTO(user.getId());
-        BeanUtils.copyProperties(user, userDTO);
        // MD5
        user.setPassword(CodingUtil.md5(user.getPassword()));
-        SessionUtils.putUser(SessionUser.fromUser(userDTO));
        user.setUpdateTime(System.currentTimeMillis());
        userMapper.updateByPrimaryKeySelective(user);
    }

--- a/frontend/src/business/components/settings/workspace/WorkspaceMember.vue
+++ b/frontend/src/business/components/settings/workspace/WorkspaceMember.vue
@@ -175,14 +175,11 @@
          cancelButtonText: this.$t('commons.cancel'),
          type: 'warning'
        }).then(() => {
-          this.loading = true;
+          this.result = this.$get('/user/ws/member/delete/' + this.currentUser().lastWorkspaceId + '/' + row.id,() => {
-          this.$get('/user/ws/member/delete/' + this.currentUser().lastWorkspaceId + '/' + row.id).then(() => {
+            this.$success(this.$t('commons.delete_success'));
            this.initTableData();
-            this.loading = false;
          });
-          this.$success(this.$t('commons.delete_success'));
        }).catch(() => {
-          this.loading = false;
          this.$info(this.$t('commons.delete_cancel'));
        });
      },