fix(系统设置): 内置成员级别用户组修改权限放开

--bug=1034929 --user=宋昌昌 【系统设置】系统-用户组，系统成员/组织成员/项目成员用户组不能编辑修改 https://www.tapd.cn/55049933/s/1457738

backend/framework/sdk/src/main/resources/i18n/commons.properties

@@ -409,6 +409,7 @@ get_plugin_instance_error=获取插件接口实现类错误！
 user_role_relation_exist_error=用户已在当前用户组！
 internal_user_role_permission_error=内置用户组无法编辑与删除！
 user_role_relation_remove_admin_user_permission_error=无法将 admin 用户将系统管理员用户组删除！
+internal_admin_user_role_permission_error=内置管理员用户组无法修改权限!
 # customField
 internal_custom_field_permission_error=系统字段或模板无法删除！
 internal_template_permission_error=系统模板无法删除！

backend/framework/sdk/src/main/resources/i18n/commons_en_US.properties

@@ -412,6 +412,7 @@ get_plugin_instance_error=Get the plugin instance error!
 user_role_relation_exist_error=The user is already in the current user group！
 internal_user_role_permission_error=Internal user groups cannot be edited or deleted！
 user_role_relation_remove_admin_user_permission_error=Unable to delete the admin user from the system administrator user group！
+internal_admin_user_role_permission_error=Internal admin user group cannot be edited or deleted!
 
 # customField
 internal_custom_field_permission_error=System fields cannot be deleted！

backend/framework/sdk/src/main/resources/i18n/commons_zh_CN.properties

@@ -410,6 +410,7 @@ get_plugin_instance_error=获取插件接口实现类错误！
 user_role_relation_exist_error=用户已在当前用户组！
 internal_user_role_permission_error=内置用户组无法编辑与删除！
 user_role_relation_remove_admin_user_permission_error=无法将 admin 用户将系统管理员用户组删除！
+internal_admin_user_role_permission_error=内置管理员用户组无法修改权限!
 # customField
 internal_custom_field_permission_error=系统字段或模板无法删除！
 internal_template_permission_error=系统模板无法删除！

backend/framework/sdk/src/main/resources/i18n/commons_zh_TW.properties

@@ -409,6 +409,7 @@ get_plugin_instance_error=獲取插件接口實現類錯誤！
 user_role_relation_exist_error=用戶已在當前用戶組！
 internal_user_role_permission_error=內置用戶組無法編輯與刪除！
 user_role_relation_remove_admin_user_permission_error=無法將 admin 用戶將系統管理員用戶組刪除！
+internal_admin_user_role_permission_error=內置管理員用戶組無法修改權限!
 # customField
 internal_custom_field_permission_error=系統字段或模板無法刪除！
 internal_template_permission_error=系統模板無法刪除！

backend/services/system-setting/src/main/java/io/metersphere/system/controller/handler/result/CommonResultCode.java

@@ -28,7 +28,8 @@ public enum CommonResultCode implements IResultCode {
     STATUS_ITEM_NOT_EXIST(100015, "status_item.not.exist"),
     STATUS_ITEM_EXIST(100016, "status_item.exist"),
     FIELD_VALIDATE_ERROR(100017, "field_validate_error"),
-    STATUS_DEFINITION_REQUIRED_ERROR(100018, "status_definition_required_error");;
+    STATUS_DEFINITION_REQUIRED_ERROR(100018, "status_definition_required_error"),
+    ADMIN_USER_ROLE_PERMISSION(100019, "internal_admin_user_role_permission_error");
 
 
     private int code;

backend/services/system-setting/src/main/java/io/metersphere/system/service/BaseUserRoleService.java

@@ -1,5 +1,6 @@
 package io.metersphere.system.service;
 
+import io.metersphere.sdk.constants.InternalUserRole;
 import io.metersphere.sdk.constants.UserRoleEnum;
 import io.metersphere.sdk.exception.MSException;
 import io.metersphere.sdk.util.JSON;
@@ -26,6 +27,7 @@ import org.springframework.transaction.annotation.Transactional;
 import java.util.*;
 import java.util.stream.Collectors;
 
+import static io.metersphere.system.controller.handler.result.CommonResultCode.ADMIN_USER_ROLE_PERMISSION;
 import static io.metersphere.system.controller.handler.result.CommonResultCode.INTERNAL_USER_ROLE_PERMISSION;
 import static io.metersphere.system.controller.result.SystemResultCode.NO_GLOBAL_USER_ROLE_PERMISSION;
 
@@ -186,6 +188,13 @@ public class BaseUserRoleService {
         }
     }
 
+    public void checkAdminUserRole(UserRole userRole) {
+        if (StringUtils.equalsAny(userRole.getId(), InternalUserRole.ADMIN.getValue(),
+                InternalUserRole.ORG_ADMIN.getValue(), InternalUserRole.PROJECT_ADMIN.getValue())) {
+            throw new MSException(ADMIN_USER_ROLE_PERMISSION);
+        }
+    }
+
     /**
      * 校验是否是全局用户组，是全局抛异常
      */

backend/services/system-setting/src/main/java/io/metersphere/system/service/GlobalUserRoleService.java

@@ -61,6 +61,7 @@ public class GlobalUserRoleService extends BaseUserRoleService {
     /**
      * 校验是否是全局用户组，非全局抛异常
      */
+    @Override
     public void checkGlobalUserRole(UserRole userRole) {
         if (!StringUtils.equals(userRole.getScopeId(), UserRoleScope.GLOBAL)) {
             throw new MSException(GLOBAL_USER_ROLE_PERMISSION);
@@ -153,7 +154,8 @@ public class GlobalUserRoleService extends BaseUserRoleService {
     public void updatePermissionSetting(PermissionSettingUpdateRequest request) {
         UserRole userRole = getWithCheck(request.getUserRoleId());
         checkGlobalUserRole(userRole);
-        checkInternalUserRole(userRole);
+        // 内置管理员级别用户组无法更改权限
+        checkAdminUserRole(userRole);
         super.updatePermissionSetting(request);
     }
 }

backend/services/system-setting/src/test/java/io/metersphere/system/controller/GlobalUserRoleControllerTests.java

@@ -1,26 +1,26 @@
 package io.metersphere.system.controller;
 
-import io.metersphere.system.base.BaseTest;
 import io.metersphere.sdk.constants.*;
-import io.metersphere.system.dto.permission.Permission;
-import io.metersphere.system.dto.permission.PermissionDefinitionItem;
-import io.metersphere.system.dto.sdk.request.PermissionSettingUpdateRequest;
-import io.metersphere.system.dto.sdk.request.UserRoleUpdateRequest;
-import io.metersphere.system.log.constants.OperationLogType;
-import io.metersphere.system.service.BaseUserRolePermissionService;
-import io.metersphere.system.service.BaseUserRoleRelationService;
-import io.metersphere.system.uid.IDGenerator;
 import io.metersphere.sdk.util.BeanUtils;
-import io.metersphere.system.utils.SessionUtils;
+import io.metersphere.system.base.BaseTest;
 import io.metersphere.system.controller.param.PermissionSettingUpdateRequestDefinition;
 import io.metersphere.system.controller.param.UserRoleUpdateRequestDefinition;
 import io.metersphere.system.domain.User;
 import io.metersphere.system.domain.UserRole;
 import io.metersphere.system.domain.UserRoleRelation;
 import io.metersphere.system.domain.UserRoleRelationExample;
+import io.metersphere.system.dto.permission.Permission;
+import io.metersphere.system.dto.permission.PermissionDefinitionItem;
+import io.metersphere.system.dto.sdk.request.PermissionSettingUpdateRequest;
+import io.metersphere.system.dto.sdk.request.UserRoleUpdateRequest;
+import io.metersphere.system.log.constants.OperationLogType;
 import io.metersphere.system.mapper.UserMapper;
 import io.metersphere.system.mapper.UserRoleMapper;
 import io.metersphere.system.mapper.UserRoleRelationMapper;
+import io.metersphere.system.service.BaseUserRolePermissionService;
+import io.metersphere.system.service.BaseUserRoleRelationService;
+import io.metersphere.system.uid.IDGenerator;
+import io.metersphere.system.utils.SessionUtils;
 import jakarta.annotation.Resource;
 import org.apache.commons.collections.CollectionUtils;
 import org.junit.jupiter.api.*;
@@ -34,6 +34,7 @@ import java.util.stream.Collectors;
 
 import static io.metersphere.sdk.constants.InternalUserRole.ADMIN;
 import static io.metersphere.sdk.constants.InternalUserRole.MEMBER;
+import static io.metersphere.system.controller.handler.result.CommonResultCode.ADMIN_USER_ROLE_PERMISSION;
 import static io.metersphere.system.controller.handler.result.CommonResultCode.INTERNAL_USER_ROLE_PERMISSION;
 import static io.metersphere.system.controller.handler.result.MsHttpResultCode.NOT_FOUND;
 import static io.metersphere.system.controller.result.SystemResultCode.GLOBAL_USER_ROLE_EXIST;
@@ -234,7 +235,7 @@ class GlobalUserRoleControllerTests extends BaseTest {
 
         // @@操作内置用户组异常
         request.setUserRoleId(ADMIN.getValue());
-        assertErrorCode(this.requestPost(PERMISSION_UPDATE, request), INTERNAL_USER_ROLE_PERMISSION);
+        assertErrorCode(this.requestPost(PERMISSION_UPDATE, request), ADMIN_USER_ROLE_PERMISSION);
 
         // @@校验 NOT_FOUND 异常
         request.setUserRoleId("1111");