refactor(测试跟踪): 补充测试跟踪接口权限校验

metersphere · Jun 12, 2023 · cb4b47b · cb4b47b
1 parent 21db088
commit cb4b47b
Show file tree

Hide file tree

Showing 26 changed files with 266 additions and 320 deletions.
diff --git a/backend/src/main/java/io/metersphere/base/mapper/ext/ExtTestCaseMapper.xml b/backend/src/main/java/io/metersphere/base/mapper/ext/ExtTestCaseMapper.xml
@@ -187,20 +187,13 @@
         test_case.delete_user_id ,test_case.delete_time,
         project_version.name as versionName,
         project_version.id as versionId,
-        <if test="request.selectFields != null and request.selectFields.size() > 0">
-            <foreach collection="request.selectFields" item="field" separator=",">
-                ${field}
-            </foreach>
-        </if>
-        <if test="request.selectFields == null or request.selectFields.size() == 0">
-            test_case.id, test_case.node_id, test_case.node_path, test_case.project_id, test_case.`name`,
-            test_case.`type`, test_case.maintainer, test_case.priority, test_case.`method`,
-            test_case.create_time, test_case.update_time, test_case.test_id, test_case.sort, test_case.num,
-            test_case.other_test_name, test_case.review_status, test_case.tags,
-            test_case.demand_id, test_case.demand_name, test_case.`status`,
-            test_case.custom_num, test_case.step_model, test_case.create_user,
-            test_case.custom_fields, test_case.ref_id
-        </if>
+        test_case.id, test_case.node_id, test_case.node_path, test_case.project_id, test_case.`name`,
+        test_case.`type`, test_case.maintainer, test_case.priority, test_case.`method`,
+        test_case.create_time, test_case.update_time, test_case.test_id, test_case.sort, test_case.num,
+        test_case.other_test_name, test_case.review_status, test_case.tags,
+        test_case.demand_id, test_case.demand_name, test_case.`status`,
+        test_case.custom_num, test_case.step_model, test_case.create_user,
+        test_case.custom_fields, test_case.ref_id
         from test_case
         left join project_version on project_version.id = test_case.version_id
         <include refid="queryWhereCondition"/>
@@ -211,21 +204,14 @@
        select
         project_version.name as versionName,
         project_version.id as versionId,
-        <if test="request.selectFields != null and request.selectFields.size() > 0">
-            <foreach collection="request.selectFields" item="field" separator=",">
-                ${field}
-            </foreach>
-        </if>
-        <if test="request.selectFields == null or request.selectFields.size() == 0">
-            test_case.id, test_case.node_id, test_case.node_path, test_case.project_id, test_case.`name`,
-            test_case.`type`, test_case.maintainer, test_case.priority, test_case.`method`,
-            test_case.create_time, test_case.update_time, test_case.test_id, test_case.sort, test_case.num,
-            test_case.other_test_name, test_case.review_status, test_case.tags,
-            test_case.demand_id, test_case.demand_name, test_case.`status`,
-            test_case.custom_num, test_case.step_model, test_case.create_user,u.name as createName,
-            test_case.custom_fields,test_case.case_public ,
-            project.workspace_id , project.name as projectName ,test_case.ref_id ,test_case.`order`
-        </if>
+        test_case.id, test_case.node_id, test_case.node_path, test_case.project_id, test_case.`name`,
+        test_case.`type`, test_case.maintainer, test_case.priority, test_case.`method`,
+        test_case.create_time, test_case.update_time, test_case.test_id, test_case.sort, test_case.num,
+        test_case.other_test_name, test_case.review_status, test_case.tags,
+        test_case.demand_id, test_case.demand_name, test_case.`status`,
+        test_case.custom_num, test_case.step_model, test_case.create_user,u.name as createName,
+        test_case.custom_fields,test_case.case_public ,
+        project.workspace_id , project.name as projectName ,test_case.ref_id ,test_case.`order`
         from test_case left join user u on test_case.create_user=u.id
         left join (select id,workspace_id,NAME from project where workspace_id =#{request.workspaceId})
         project on test_case.project_id = project.id

diff --git a/backend/src/main/java/io/metersphere/commons/constants/PermissionConstants.java b/backend/src/main/java/io/metersphere/commons/constants/PermissionConstants.java
@@ -96,6 +96,7 @@ public class PermissionConstants {
     public static final String PROJECT_TRACK_CASE_READ_COPY = "PROJECT_TRACK_CASE:READ+COPY";
     public static final String PROJECT_TRACK_CASE_READ_IMPORT = "PROJECT_TRACK_CASE:READ+IMPORT";
     public static final String PROJECT_TRACK_CASE_READ_EXPORT = "PROJECT_TRACK_CASE:READ+EXPORT";
+    public static final String PROJECT_TRACK_CASE_READ_BATCH_ADD_PUBLIC = "PROJECT_TRACK_CASE:READ+BATCH_ADD_PUBLIC";
 
     public static final String PROJECT_TRACK_REVIEW_READ = "PROJECT_TRACK_REVIEW:READ";
     public static final String PROJECT_TRACK_REVIEW_READ_CREATE = "PROJECT_TRACK_REVIEW:READ+CREATE";

diff --git a/backend/src/main/java/io/metersphere/controller/CustomFieldController.java b/backend/src/main/java/io/metersphere/controller/CustomFieldController.java
@@ -5,11 +5,13 @@
 import io.metersphere.base.domain.CustomField;
 import io.metersphere.commons.constants.OperLogConstants;
 import io.metersphere.commons.constants.OperLogModule;
+import io.metersphere.commons.constants.PermissionConstants;
 import io.metersphere.commons.utils.PageUtils;
 import io.metersphere.commons.utils.Pager;
 import io.metersphere.controller.request.QueryCustomFieldRequest;
 import io.metersphere.log.annotation.MsAuditLog;
 import io.metersphere.service.CustomFieldService;
+import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.springframework.web.bind.annotation.*;
 
 import javax.annotation.Resource;
@@ -24,45 +26,53 @@ public class CustomFieldController {
     private CustomFieldService customFieldService;
 
     @PostMapping("/add")
+    @RequiresPermissions(PermissionConstants.PROJECT_TEMPLATE_READ_CUSTOM)
     @MsAuditLog(module = OperLogModule.WORKSPACE_TEMPLATE_SETTINGS_FIELD, type = OperLogConstants.CREATE, content = "#msClass.getLogDetails(#customField.id)", msClass = CustomFieldService.class)
     public String add(@RequestBody CustomField customField) {
         return customFieldService.add(customField);
     }
 
     @PostMapping("/list/{goPage}/{pageSize}")
+    @RequiresPermissions(PermissionConstants.PROJECT_TEMPLATE_READ_CUSTOM)
     public Pager<List<CustomField>> list(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody QueryCustomFieldRequest request) {
         Page<List<CustomField>> page = PageHelper.startPage(goPage, pageSize, true);
         return PageUtils.setPageInfo(page, customFieldService.list(request));
     }
 
     @PostMapping("/list/relate/{goPage}/{pageSize}")
+    @RequiresPermissions(PermissionConstants.PROJECT_TEMPLATE_READ_CUSTOM)
     public Pager<List<CustomField>> listRelate(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody QueryCustomFieldRequest request) {
         return customFieldService.listRelate(goPage, pageSize, request);
     }
 
     @GetMapping("/delete/{id}")
+    @RequiresPermissions(PermissionConstants.PROJECT_TEMPLATE_READ_CUSTOM)
     @MsAuditLog(module = OperLogModule.WORKSPACE_TEMPLATE_SETTINGS_FIELD, type = OperLogConstants.DELETE, beforeEvent = "#msClass.getLogDetails(#id)", msClass = CustomFieldService.class)
     public void delete(@PathVariable(value = "id") String id) {
         customFieldService.delete(id);
     }
 
     @PostMapping("/update")
+    @RequiresPermissions(PermissionConstants.PROJECT_TEMPLATE_READ_CUSTOM)
     @MsAuditLog(module = OperLogModule.WORKSPACE_TEMPLATE_SETTINGS_FIELD, type = OperLogConstants.UPDATE, beforeEvent = "#msClass.getLogDetails(#customField.id)", content = "#msClass.getLogDetails(#customField.id)", msClass = CustomFieldService.class)
     public void update(@RequestBody CustomField customField) {
         customFieldService.update(customField);
     }
 
     @PostMapping("/list/ids")
+    @RequiresPermissions(PermissionConstants.PROJECT_TEMPLATE_READ_CUSTOM)
     public List<String> list(@RequestBody QueryCustomFieldRequest request) {
         return customFieldService.listIds(request);
     }
 
     @PostMapping("/list")
+    @RequiresPermissions(PermissionConstants.PROJECT_TEMPLATE_READ_CUSTOM)
     public List<CustomField> getList(@RequestBody QueryCustomFieldRequest request) {
         return customFieldService.list(request);
     }
 
     @PostMapping("/default")
+    @RequiresPermissions(PermissionConstants.PROJECT_TEMPLATE_READ_CUSTOM)
     public List<CustomField> getDefaultList(@RequestBody QueryCustomFieldRequest request) {
         return customFieldService.getDefaultField(request);
     }

diff --git a/backend/src/main/java/io/metersphere/controller/CustomFieldTemplateController.java b/backend/src/main/java/io/metersphere/controller/CustomFieldTemplateController.java
@@ -2,8 +2,10 @@
 
 import io.metersphere.base.domain.CustomField;
 import io.metersphere.base.domain.CustomFieldTemplate;
+import io.metersphere.commons.constants.PermissionConstants;
 import io.metersphere.dto.CustomFieldTemplateDao;
 import io.metersphere.service.CustomFieldTemplateService;
+import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.springframework.web.bind.annotation.*;
 
 import javax.annotation.Resource;
@@ -17,16 +19,19 @@ public class CustomFieldTemplateController {
     CustomFieldTemplateService customFieldTemplateService;
 
     @PostMapping("/list")
+    @RequiresPermissions(PermissionConstants.PROJECT_TEMPLATE_READ_CUSTOM)
     public List<CustomFieldTemplateDao> list(@RequestBody CustomFieldTemplate request) {
         return customFieldTemplateService.list(request);
     }
 
     @PostMapping("/update")
+    @RequiresPermissions(PermissionConstants.PROJECT_TEMPLATE_READ_CUSTOM)
     public void update(@RequestBody CustomFieldTemplate request) {
         customFieldTemplateService.update(request);
     }
 
     @GetMapping("/{id}")
+    @RequiresPermissions(PermissionConstants.PROJECT_TEMPLATE_READ_CUSTOM)
     public CustomField get(@PathVariable String id) {
         return customFieldTemplateService.getCustomField(id);
     }

diff --git a/backend/src/main/java/io/metersphere/controller/IssueTemplateController.java b/backend/src/main/java/io/metersphere/controller/IssueTemplateController.java
@@ -5,13 +5,16 @@
 import io.metersphere.base.domain.IssueTemplate;
 import io.metersphere.commons.constants.OperLogConstants;
 import io.metersphere.commons.constants.OperLogModule;
+import io.metersphere.commons.constants.PermissionConstants;
 import io.metersphere.commons.utils.PageUtils;
 import io.metersphere.commons.utils.Pager;
 import io.metersphere.controller.request.BaseQueryRequest;
 import io.metersphere.controller.request.UpdateIssueTemplateRequest;
 import io.metersphere.dto.IssueTemplateDao;
 import io.metersphere.log.annotation.MsAuditLog;
 import io.metersphere.service.IssueTemplateService;
+import org.apache.shiro.authz.annotation.Logical;
+import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.springframework.web.bind.annotation.*;
 
 import javax.annotation.Resource;
@@ -25,35 +28,42 @@ public class IssueTemplateController {
     private IssueTemplateService issueTemplateService;
 
     @PostMapping("/add")
+    @RequiresPermissions(PermissionConstants.PROJECT_TEMPLATE_READ_ISSUE_TEMPLATE)
     @MsAuditLog(module = OperLogModule.WORKSPACE_TEMPLATE_SETTINGS_ISSUE, type = OperLogConstants.CREATE, content = "#msClass.getLogDetails(#request)", msClass = IssueTemplateService.class)
     public void add(@RequestBody UpdateIssueTemplateRequest request) {
         issueTemplateService.add(request);
     }
 
     @PostMapping("/list/{goPage}/{pageSize}")
+    @RequiresPermissions(PermissionConstants.PROJECT_TEMPLATE_READ_ISSUE_TEMPLATE)
     public Pager<List<IssueTemplate>> list(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody BaseQueryRequest request) {
         Page<List<IssueTemplate>> page = PageHelper.startPage(goPage, pageSize, true);
         return PageUtils.setPageInfo(page, issueTemplateService.list(request));
     }
 
     @GetMapping("/delete/{id}")
+    @RequiresPermissions(PermissionConstants.PROJECT_TEMPLATE_READ_ISSUE_TEMPLATE)
     @MsAuditLog(module = OperLogModule.WORKSPACE_TEMPLATE_SETTINGS_ISSUE, type = OperLogConstants.DELETE, beforeEvent = "#msClass.getLogDetails(#id)", msClass = IssueTemplateService.class)
     public void delete(@PathVariable(value = "id") String id) {
         issueTemplateService.delete(id);
     }
 
     @PostMapping("/update")
+    @RequiresPermissions(PermissionConstants.PROJECT_TEMPLATE_READ_ISSUE_TEMPLATE)
     @MsAuditLog(module = OperLogModule.WORKSPACE_TEMPLATE_SETTINGS_ISSUE, type = OperLogConstants.UPDATE, beforeEvent = "#msClass.getLogDetails(#request.id,#request.customFields)", content = "#msClass.getLogDetails(#request)", msClass = IssueTemplateService.class)
     public void update(@RequestBody UpdateIssueTemplateRequest request) {
         issueTemplateService.update(request);
     }
 
     @GetMapping({"/option/{projectId}", "/option"})
+    @RequiresPermissions(value = {PermissionConstants.PROJECT_TEMPLATE_READ_ISSUE_TEMPLATE,
+            PermissionConstants.WORKSPACE_PROJECT_MANAGER_READ_CREATE, PermissionConstants.WORKSPACE_PROJECT_MANAGER_READ_EDIT}, logical = Logical.OR)
     public List<IssueTemplate> list(@PathVariable(required = false) String projectId) {
         return issueTemplateService.getOption(projectId);
     }
 
     @GetMapping("/get/relate/{projectId}")
+    @RequiresPermissions(value = {PermissionConstants.PROJECT_TEMPLATE_READ_ISSUE_TEMPLATE, PermissionConstants.PROJECT_TRACK_ISSUE_READ}, logical = Logical.OR)
     public IssueTemplateDao getTemplate(@PathVariable String projectId) {
         return issueTemplateService.getTemplate(projectId);
     }

diff --git a/backend/src/main/java/io/metersphere/controller/TestCaseTemplateController.java b/backend/src/main/java/io/metersphere/controller/TestCaseTemplateController.java
@@ -6,13 +6,16 @@
 import io.metersphere.base.domain.TestCaseTemplateWithBLOBs;
 import io.metersphere.commons.constants.OperLogConstants;
 import io.metersphere.commons.constants.OperLogModule;
+import io.metersphere.commons.constants.PermissionConstants;
 import io.metersphere.commons.utils.PageUtils;
 import io.metersphere.commons.utils.Pager;
 import io.metersphere.controller.request.BaseQueryRequest;
 import io.metersphere.controller.request.UpdateCaseFieldTemplateRequest;
 import io.metersphere.dto.TestCaseTemplateDao;
 import io.metersphere.log.annotation.MsAuditLog;
 import io.metersphere.service.TestCaseTemplateService;
+import org.apache.shiro.authz.annotation.Logical;
+import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.springframework.web.bind.annotation.*;
 
 import javax.annotation.Resource;
@@ -27,35 +30,42 @@ public class TestCaseTemplateController {
     private TestCaseTemplateService testCaseTemplateService;
 
     @PostMapping("/add")
+    @RequiresPermissions(PermissionConstants.PROJECT_TEMPLATE_READ_CASE_TEMPLATE)
     @MsAuditLog(module = OperLogModule.WORKSPACE_TEMPLATE_SETTINGS_CASE, type = OperLogConstants.CREATE, content = "#msClass.getLogDetails(#request.id)", msClass = TestCaseTemplateService.class)
     public void add(@RequestBody UpdateCaseFieldTemplateRequest request) {
         testCaseTemplateService.add(request);
     }
 
     @PostMapping("/list/{goPage}/{pageSize}")
+    @RequiresPermissions(PermissionConstants.PROJECT_TEMPLATE_READ_CASE_TEMPLATE)
     public Pager<List<TestCaseTemplateWithBLOBs>> list(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody BaseQueryRequest request) {
         Page<List<TestCaseTemplateWithBLOBs>> page = PageHelper.startPage(goPage, pageSize, true);
         return PageUtils.setPageInfo(page, testCaseTemplateService.list(request));
     }
 
     @GetMapping("/delete/{id}")
+    @RequiresPermissions(PermissionConstants.PROJECT_TEMPLATE_READ_CASE_TEMPLATE)
     @MsAuditLog(module = OperLogModule.WORKSPACE_TEMPLATE_SETTINGS_CASE, type = OperLogConstants.DELETE, beforeEvent = "#msClass.getLogDetails(#id)", msClass = TestCaseTemplateService.class)
     public void delete(@PathVariable(value = "id") String id) {
         testCaseTemplateService.delete(id);
     }
 
     @PostMapping("/update")
+    @RequiresPermissions(PermissionConstants.PROJECT_TEMPLATE_READ_CASE_TEMPLATE)
     @MsAuditLog(module = OperLogModule.WORKSPACE_TEMPLATE_SETTINGS_CASE, type = OperLogConstants.UPDATE, beforeEvent = "#msClass.getLogDetails(#request.id)", content = "#msClass.getLogDetails(#request.id)", msClass = TestCaseTemplateService.class)
     public void update(@RequestBody UpdateCaseFieldTemplateRequest request) {
         testCaseTemplateService.update(request);
     }
 
     @GetMapping({"/option/{projectId}", "/option"})
+    @RequiresPermissions(value = {PermissionConstants.PROJECT_TEMPLATE_READ_CASE_TEMPLATE,
+            PermissionConstants.WORKSPACE_PROJECT_MANAGER_READ_CREATE, PermissionConstants.WORKSPACE_PROJECT_MANAGER_READ_EDIT}, logical = Logical.OR)
     public List<TestCaseTemplate> list(@PathVariable(required = false) String projectId) {
         return testCaseTemplateService.getOption(projectId);
     }
 
     @GetMapping("/get/relate/{projectId}")
+    @RequiresPermissions(value = {PermissionConstants.PROJECT_TEMPLATE_READ_CASE_TEMPLATE, PermissionConstants.PROJECT_TRACK_CASE_READ}, logical = Logical.OR)
     public TestCaseTemplateDao getTemplate(@PathVariable String projectId) {
         return testCaseTemplateService.getTemplate(projectId);
     }

diff --git a/backend/src/main/java/io/metersphere/controller/request/BaseQueryRequest.java b/backend/src/main/java/io/metersphere/controller/request/BaseQueryRequest.java
@@ -67,11 +67,6 @@ public class BaseQueryRequest {
      */
     private Map<String, Object> combine;
 
-    /**
-     * 要查询的字段
-     */
-    private List<String> selectFields;
-
     /**
      * 版本 ID
      */

diff --git a/backend/src/main/java/io/metersphere/track/controller/IssueCommentController.java b/backend/src/main/java/io/metersphere/track/controller/IssueCommentController.java
@@ -28,7 +28,7 @@ public class IssueCommentController {
     private IssueCommentService issueCommentService;
 
     @PostMapping("/save")
-    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_REVIEW_READ_COMMENT)
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_ISSUE_READ_EDIT)
     @SendNotice(taskType = NoticeConstants.TaskType.DEFECT_TASK, target = "#targetClass.get(#request.issuesId)", targetClass = IssuesService.class,
             event = NoticeConstants.Event.COMMENT, subject = "缺陷")
     public IssueComment saveComment(@RequestBody IssuesRelevanceRequest request) {
@@ -37,19 +37,20 @@ public IssueComment saveComment(@RequestBody IssuesRelevanceRequest request) {
     }
 
     @GetMapping("/list/{issueId}")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_ISSUE_READ)
     public List<IssueCommentDTO> getComments(@PathVariable String issueId) {
         return issueCommentService.getComments(issueId);
     }
 
     @GetMapping("/delete/{commentId}")
-    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_REVIEW_READ_COMMENT)
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_ISSUE_READ_EDIT)
     @MsAuditLog(module = OperLogModule.TRACK_BUG, type = OperLogConstants.DELETE, beforeEvent = "#msClass.getLogDetails(#commentId)", msClass = TestCaseCommentService.class)
     public void deleteComment(@PathVariable String commentId) {
         issueCommentService.delete(commentId);
     }
 
     @PostMapping("/edit")
-    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_REVIEW_READ_COMMENT)
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_ISSUE_READ_EDIT)
     @MsAuditLog(module = OperLogModule.TRACK_BUG, type = OperLogConstants.UPDATE, beforeEvent = "#msClass.getLogDetails(#request.id)", content = "#msClass.getLogDetails(#request.id)", msClass = TestCaseCommentService.class)
     public IssueComment editComment(@RequestBody SaveIssueCommentRequest request) {
        return issueCommentService.edit(request);