fix(测试跟踪): 用例部分页面权限问题

--bug=1027231 --user=陈建星【测试跟踪】开启权限评审用例、关联和取消关联用例权限，进入计划任意用例详情中无法进行审批 https://www.tapd.cn/55049933/s/1383921 --bug=1027224 --user=陈建星【测试跟踪】公共用例库只有查看权限进入详情页后点击复制，页面自动跳转接口403 https://www.tapd.cn/55049933/s/1383811 --bug=1027216 --user=陈建星【测试跟踪】只开启批量编辑页面403重定向 https://www.tapd.cn/55049933/s/1383807
metersphere · Jun 20, 2023 · 8cea318 · 8cea318
1 parent 2789da2
commit 8cea318
Show file tree

Hide file tree

Showing 6 changed files with 14 additions and 8 deletions.
diff --git a/backend/src/main/java/io/metersphere/commons/constants/PermissionConstants.java b/backend/src/main/java/io/metersphere/commons/constants/PermissionConstants.java
@@ -93,16 +93,20 @@ public class PermissionConstants {
     public static final String PROJECT_TRACK_CASE_READ_CREATE = "PROJECT_TRACK_CASE:READ+CREATE";
     public static final String PROJECT_TRACK_CASE_READ_EDIT = "PROJECT_TRACK_CASE:READ+EDIT";
     public static final String PROJECT_TRACK_CASE_READ_DELETE = "PROJECT_TRACK_CASE:READ+DELETE";
+    public static final String PROJECT_TRACK_CASE_READ_RECOVER = "PROJECT_TRACK_CASE:READ+RECOVER";
+    public static final String PROJECT_TRACK_CASE_READ_BATCH_REDUCTION = "PROJECT_TRACK_CASE:READ+BATCH_REDUCTION";
     public static final String PROJECT_TRACK_CASE_READ_COPY = "PROJECT_TRACK_CASE:READ+COPY";
     public static final String PROJECT_TRACK_CASE_READ_IMPORT = "PROJECT_TRACK_CASE:READ+IMPORT";
     public static final String PROJECT_TRACK_CASE_READ_EXPORT = "PROJECT_TRACK_CASE:READ+EXPORT";
+    public static final String PROJECT_TRACK_CASE_READ_BATCH_EDIT = "PROJECT_TRACK_CASE:READ+BATCH_EDIT";
     public static final String PROJECT_TRACK_CASE_READ_BATCH_ADD_PUBLIC = "PROJECT_TRACK_CASE:READ+BATCH_ADD_PUBLIC";
 
     public static final String PROJECT_TRACK_REVIEW_READ = "PROJECT_TRACK_REVIEW:READ";
     public static final String PROJECT_TRACK_REVIEW_READ_CREATE = "PROJECT_TRACK_REVIEW:READ+CREATE";
     public static final String PROJECT_TRACK_REVIEW_READ_EDIT = "PROJECT_TRACK_REVIEW:READ+EDIT";
     public static final String PROJECT_TRACK_REVIEW_READ_DELETE = "PROJECT_TRACK_REVIEW:READ+DELETE";
     public static final String PROJECT_TRACK_REVIEW_READ_COMMENT = "PROJECT_TRACK_REVIEW:READ+COMMENT";
+    public static final String PROJECT_TRACK_REVIEW_READ_REVIEW = "PROJECT_TRACK_REVIEW:READ+REVIEW";
     public static final String PROJECT_TRACK_REVIEW_READ_RELEVANCE_OR_CANCEL = "PROJECT_TRACK_REVIEW:READ+RELEVANCE_OR_CANCEL";
 
     public static final String PROJECT_TRACK_PLAN_READ = "PROJECT_TRACK_PLAN:READ";

diff --git a/backend/src/main/java/io/metersphere/controller/CustomFieldTemplateController.java b/backend/src/main/java/io/metersphere/controller/CustomFieldTemplateController.java
@@ -31,7 +31,6 @@ public void update(@RequestBody CustomFieldTemplate request) {
     }
 
     @GetMapping("/{id}")
-    @RequiresPermissions(PermissionConstants.PROJECT_TEMPLATE_READ_CUSTOM)
     public CustomField get(@PathVariable String id) {
         return customFieldTemplateService.getCustomField(id);
     }

diff --git a/backend/src/main/java/io/metersphere/track/controller/TestCaseController.java b/backend/src/main/java/io/metersphere/track/controller/TestCaseController.java
@@ -34,6 +34,7 @@
 import io.metersphere.track.request.testplan.LoadCaseRequest;
 import io.metersphere.track.service.TestCaseService;
 import org.apache.commons.lang3.StringUtils;
+import org.apache.shiro.authz.annotation.Logical;
 import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.MediaType;
@@ -334,7 +335,8 @@ public void testCaseXmindExport(HttpServletResponse response, @RequestBody TestC
     }
 
     @PostMapping("/batch/edit")
-    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_CASE_READ_EDIT)
+    @RequiresPermissions(value = {PermissionConstants.PROJECT_TRACK_CASE_READ_EDIT, PermissionConstants.PROJECT_TRACK_CASE_READ_BATCH_EDIT,
+            PermissionConstants.PROJECT_TRACK_CASE_READ_BATCH_ADD_PUBLIC}, logical = Logical.OR)
     @MsAuditLog(module = OperLogModule.TRACK_TEST_CASE, type = OperLogConstants.BATCH_UPDATE, beforeEvent = "#msClass.getLogDetails(#request.ids)", content = "#msClass.getLogDetails(#request.ids)", msClass = TestCaseService.class)
     @SendNotice(taskType = NoticeConstants.TaskType.TRACK_TEST_CASE_TASK, target = "#targetClass.findByBatchRequest(#request)", targetClass = TestCaseService.class,
             event = NoticeConstants.Event.UPDATE, subject = "测试用例通知")
@@ -350,7 +352,7 @@ public void copyTestCaseBath(@RequestBody TestCaseBatchRequest request) {
     }
 
     @PostMapping("/batch/copy/public")
-    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_CASE_READ_EDIT)
+    @RequiresPermissions(value = {PermissionConstants.PROJECT_TRACK_CASE_READ_COPY, PermissionConstants.PROJECT_TRACK_CASE_READ_CREATE}, logical = Logical.OR)
     @MsAuditLog(module = OperLogModule.TRACK_TEST_CASE, type = OperLogConstants.BATCH_ADD, beforeEvent = "#msClass.getLogDetails(#request.ids)", content = "#msClass.getLogDetails(#request.ids)", msClass = TestCaseService.class)
     @SendNotice(taskType = NoticeConstants.TaskType.TRACK_TEST_CASE_TASK, target = "#targetClass.findByBatchRequest(#request)", targetClass = TestCaseService.class,
             event = NoticeConstants.Event.CREATE, subject = "测试用例通知")
@@ -385,7 +387,7 @@ public void deleteToGcBatchPublic(@RequestBody TestCaseBatchRequest request) {
     }
 
     @PostMapping("/reduction")
-    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_CASE_READ_DELETE)
+    @RequiresPermissions(value = {PermissionConstants.PROJECT_TRACK_CASE_READ_RECOVER, PermissionConstants.PROJECT_TRACK_CASE_READ_BATCH_REDUCTION}, logical = Logical.OR)
     @MsAuditLog(module = OperLogModule.TRACK_TEST_CASE, type = OperLogConstants.RESTORE, beforeEvent = "#msClass.getLogDetails(#request.ids)", msClass = TestCaseService.class)
     public void reduction(@RequestBody TestCaseBatchRequest request) {
         testCaseService.reduction(request);

diff --git a/backend/src/main/java/io/metersphere/track/controller/TestReviewTestCaseController.java b/backend/src/main/java/io/metersphere/track/controller/TestReviewTestCaseController.java
@@ -50,14 +50,14 @@ public void deleteTestCaseBatch(@RequestBody TestReviewCaseBatchRequest request)
     }
 
     @PostMapping("/batch/edit/status")
-    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_REVIEW_READ_EDIT)
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_REVIEW_READ_REVIEW)
     @MsAuditLog(module = OperLogModule.TRACK_TEST_CASE_REVIEW, type = OperLogConstants.BATCH_UPDATE, beforeEvent = "#msClass.batchLogDetails(#request)", content = "#msClass.getLogDetails(#request)", msClass = TestReviewTestCaseService.class)
     public void editTestCaseBatch(@RequestBody TestReviewCaseBatchRequest request) {
         testReviewTestCaseService.editTestCaseBatchStatus(request);
     }
 
     @PostMapping("/minder/edit/{reviewId}")
-    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_REVIEW_READ_EDIT)
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_REVIEW_READ_REVIEW)
     @MsAuditLog(module = OperLogModule.TRACK_TEST_CASE_REVIEW, type = OperLogConstants.ASSOCIATE_CASE, content = "#msClass.getLogDetails(#testCases)", msClass = TestReviewTestCaseService.class)
     public void editTestCaseForMinder(@PathVariable("reviewId") String reviewId, @RequestBody List<TestCaseReviewTestCase> testCases) {
         testReviewTestCaseService.editTestCaseForMinder(reviewId, testCases);
@@ -77,7 +77,7 @@ public Pager<List<TestReviewCaseDTO>> listForMinder(@PathVariable int goPage, @P
     }
 
     @PostMapping("/edit")
-    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_REVIEW_READ_EDIT)
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_REVIEW_READ_REVIEW)
     @MsAuditLog(module = OperLogModule.TRACK_TEST_CASE_REVIEW, type = OperLogConstants.REVIEW, content = "#msClass.getLogDetails(#testCaseReviewTestCase)", msClass = TestReviewTestCaseService.class)
     public void editTestCase(@RequestBody TestCaseReviewTestCase testCaseReviewTestCase) {
         testReviewTestCaseService.editTestCase(testCaseReviewTestCase);

diff --git a/frontend/src/business/components/track/case/components/TestCaseEditShow.vue b/frontend/src/business/components/track/case/components/TestCaseEditShow.vue
@@ -27,6 +27,7 @@
                               :is-read="true"
                               @compare="compare" @checkout="checkout" @create="create" @del="del"/>
           <ms-table-button v-if="this.path!=='/test/case/add'"
+                           v-permission="['PROJECT_TRACK_CASE:READ+COPY']"
                            id="inputDelay"
                            type="primary"
                            :content="$t('commons.copy')"

diff --git a/frontend/src/business/components/track/review/view/components/TestReviewTestCaseList.vue b/frontend/src/business/components/track/review/view/components/TestReviewTestCaseList.vue
@@ -270,7 +270,7 @@ export default {
         {
           tip: this.$t('commons.edit'), icon: "el-icon-edit",
           exec: this.handleEdit,
-          permissions: ['PROJECT_TRACK_CASE:READ+EDIT']
+          permissions: ['PROJECT_TRACK_REVIEW:READ+REVIEW']
         },
         {
           tip: this.$t('test_track.plan_view.cancel_relevance'), icon: "el-icon-unlock", type: "danger",