test-version22
/
MeterSphere
mirror of https://gitee.com/fit2cloud-feizhiyun/MeterSphere.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

test(系统设置): 支持多个权限校验

This commit is contained in:
song-cc-rock 2023-08-17 14:34:31 +08:00 committed by f2c-ci-robot[bot]
parent 9ffb53388a
commit 0120db4fc6
3 changed files with 93 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

109
backend/framework/sdk/src/test/java/io/metersphere/sdk/base/BaseTest.java
View File

@ -1,8 +1,8 @@
package io.metersphere.sdk.base;
import com.jayway.jsonpath.JsonPath;
import io.metersphere.sdk.base.param.InvalidateParamInfo;
import io.metersphere.sdk.base.param.ParamGeneratorFactory;
import com.jayway.jsonpath.JsonPath;
import io.metersphere.sdk.constants.SessionConstants;
import io.metersphere.sdk.constants.UserRoleType;
import io.metersphere.sdk.controller.handler.result.IResultCode;
@ -13,6 +13,7 @@ import io.metersphere.sdk.mapper.OperationLogMapper;
import io.metersphere.sdk.util.JSON;
import io.metersphere.sdk.util.Pager;
import io.metersphere.system.domain.UserRolePermission;
import io.metersphere.system.domain.UserRolePermissionExample;
import io.metersphere.system.mapper.UserRolePermissionMapper;
import io.metersphere.validation.groups.Created;
import io.metersphere.validation.groups.Updated;
@ -172,10 +173,10 @@ public abstract class BaseTest {
protected MvcResult requestMultipartWithOkAndReturn(String url, MultiValueMap<String, Object> paramMap, Object... uriVariables) throws Exception {
return this.requestMultipartWithOk(url, paramMap, uriVariables).andReturn();
}
private MockHttpServletRequestBuilder getPermissionMultipartRequestBuilder(String permissionId, String url,
private MockHttpServletRequestBuilder getPermissionMultipartRequestBuilder(String roleId, String url,
MultiValueMap<String, Object> paramMap,
Object[] uriVariables) {
AuthInfo authInfo = getPermissionAuthInfo(permissionId);
AuthInfo authInfo = getPermissionAuthInfo(roleId);
return getMultipartRequestBuilderWithParam(url, paramMap, uriVariables)
.header(SessionConstants.HEADER_TOKEN, authInfo.getSessionId())
.header(SessionConstants.CSRF_TOKEN, authInfo.getCsrfToken());
@ -328,10 +329,6 @@ public abstract class BaseTest {
System.out.println("paramValidateTest-end: ====================================");
}
protected void requestPostPermissionTest(String permissionId, String url, Object param, Object... uriVariables) throws Exception {
requestPermissionTest(permissionId, url, () -> getPermissionPostRequestBuilder(permissionId, url, param, uriVariables));
}
/**
* 校验权限
* 实现步骤
@ -353,7 +350,7 @@ public abstract class BaseTest {
UserRolePermission userRolePermission = initUserRolePermission(roleId, permissionId);
// 添加后刷新下权限
refreshUserPermission(permissionId);
refreshUserPermission(roleId);
int status = mockMvc.perform(requestBuilderGetFunc.get())
.andReturn()
@ -369,7 +366,7 @@ public abstract class BaseTest {
userRolePermissionMapper.deleteByPrimaryKey(userRolePermission.getId());
// 删除后刷新下权限
refreshUserPermission(permissionId);
refreshUserPermission(roleId);
// 删除权限后调用接口校验是否没有权限
status = mockMvc.perform(requestBuilderGetFunc.get())
@ -382,26 +379,98 @@ public abstract class BaseTest {
}
}
/**
* 校验多个权限(同级别权限: 列如都是SYSTEM)
*
* @param permissionIds 多个权限
* @param url 请求url
* @param requestBuilderGetFunc 请求构造器
* @throws Exception 请求抛出异常
*/
private void requestPermissionsTest(List<String> permissionIds, String url, Supplier<MockHttpServletRequestBuilder> requestBuilderGetFunc) throws Exception {
// 相同的用户组
String roleId = permissionIds.get(0).split("_")[0];
for (String permissionId : permissionIds) {
// 多个权限插入同一个用户组
initUserRolePermission(roleId, permissionId);
}
// 根据roleId刷新用户
refreshUserPermissionByRoleId(roleId);
int status = mockMvc.perform(requestBuilderGetFunc.get())
.andReturn()
.getResponse()
.getStatus();
// 校验是否有权限
if (status == HttpStatus.FORBIDDEN.value()) {
throw new MSException(String.format("接口 %s 权限校验失败 %s", getBasePath() + url, permissionIds));
}
// 删除权限
UserRolePermissionExample example = new UserRolePermissionExample();
example.createCriteria().andRoleIdEqualTo(roleId);
userRolePermissionMapper.deleteByExample(example);
// 删除后刷新下权限
refreshUserPermissionByRoleId(roleId);
// 删除权限后调用接口校验是否没有权限
status = mockMvc.perform(requestBuilderGetFunc.get())
.andReturn()
.getResponse()
.getStatus();
if (status != HttpStatus.FORBIDDEN.value()) {
throw new MSException(String.format("接口 %s 没有设置权限 %s", getBasePath() + url, permissionIds));
}
}
/**
* 调用 is-login 接口刷新权限
*
* @param permissionId
* @param roleId
* @throws Exception
*/
private void refreshUserPermission(String permissionId) throws Exception {
AuthInfo authInfo = getPermissionAuthInfo(permissionId);
private void refreshUserPermission(String roleId) throws Exception {
AuthInfo authInfo = getPermissionAuthInfo(roleId);
MockHttpServletRequestBuilder requestBuilder = MockMvcRequestBuilders.get("/is-login")
.header(SessionConstants.HEADER_TOKEN, authInfo.getSessionId())
.header(SessionConstants.CSRF_TOKEN, authInfo.getCsrfToken());
mockMvc.perform(requestBuilder);
}
private void refreshUserPermissionByRoleId(String roleId) throws Exception {
AuthInfo authInfo = permissionAuthInfoMap.get(roleId);
MockHttpServletRequestBuilder requestBuilder = MockMvcRequestBuilders.get("/is-login")
.header(SessionConstants.HEADER_TOKEN, authInfo.getSessionId())
.header(SessionConstants.CSRF_TOKEN, authInfo.getCsrfToken());
mockMvc.perform(requestBuilder);
}
protected void requestPostPermissionTest(String permissionId, String url, Object param, Object... uriVariables) throws Exception {
requestPermissionTest(permissionId, url, () -> getPermissionPostRequestBuilder(permissionId.split("_")[0], url, param, uriVariables));
}
protected void requestGetPermissionTest(String permissionId, String url, Object... uriVariables) throws Exception {
requestPermissionTest(permissionId, url, () -> getPermissionRequestBuilder(permissionId, url, uriVariables));
requestPermissionTest(permissionId, url, () -> getPermissionRequestBuilder(permissionId.split("_")[0], url, uriVariables));
}
protected void requestMultipartPermissionTest(String permissionId, String url, MultiValueMap<String, Object> paramMap, Object... uriVariables) throws Exception {
requestPermissionTest(permissionId, url, () -> getPermissionMultipartRequestBuilder(permissionId, url, paramMap, uriVariables));
requestPermissionTest(permissionId, url, () -> getPermissionMultipartRequestBuilder(permissionId.split("_")[0], url, paramMap, uriVariables));
}
protected void requestPostPermissionsTest(List<String> permissionIds, String url, Object param, Object... uriVariables) throws Exception {
requestPermissionsTest(permissionIds, url, () -> getPermissionPostRequestBuilder(permissionIds.get(0).split("_")[0], url, param, uriVariables));
}
protected void requestGetPermissionsTest(List<String> permissionIds, String url, Object... uriVariables) throws Exception {
requestPermissionsTest(permissionIds, url, () -> getPermissionRequestBuilder(permissionIds.get(0).split("_")[0], url, uriVariables));
}
protected void requestMultipartPermissionsTest(List<String> permissionIds, String url, MultiValueMap<String, Object> paramMap, Object... uriVariables) throws Exception {
requestPermissionsTest(permissionIds, url, () -> getPermissionMultipartRequestBuilder(permissionIds.get(0).split("_")[0], url, paramMap, uriVariables));
}
/**
@ -420,8 +489,8 @@ public abstract class BaseTest {
return userRolePermission;
}
private MockHttpServletRequestBuilder getPermissionPostRequestBuilder(String permissionId, String url, Object param, Object... uriVariables) {
AuthInfo authInfo = getPermissionAuthInfo(permissionId);
private MockHttpServletRequestBuilder getPermissionPostRequestBuilder(String roleId, String url, Object param, Object... uriVariables) {
AuthInfo authInfo = getPermissionAuthInfo(roleId);
return MockMvcRequestBuilders.post(getBasePath() + url, uriVariables)
.header(SessionConstants.HEADER_TOKEN, authInfo.getSessionId())
.header(SessionConstants.CSRF_TOKEN, authInfo.getCsrfToken())
@ -429,12 +498,12 @@ public abstract class BaseTest {
.contentType(MediaType.APPLICATION_JSON);
}
private AuthInfo getPermissionAuthInfo(String permissionId) {
return permissionAuthInfoMap.get(permissionId.split("_")[0]);
private AuthInfo getPermissionAuthInfo(String roleId) {
return permissionAuthInfoMap.get(roleId);
}
private MockHttpServletRequestBuilder getPermissionRequestBuilder(String permissionId, String url, Object... uriVariables) {
AuthInfo authInfo = getPermissionAuthInfo(permissionId);
private MockHttpServletRequestBuilder getPermissionRequestBuilder(String roleId, String url, Object... uriVariables) {
AuthInfo authInfo = getPermissionAuthInfo(roleId);
return MockMvcRequestBuilders.get(getBasePath() + url, uriVariables)
.header(SessionConstants.HEADER_TOKEN, authInfo.getSessionId())
.header(SessionConstants.CSRF_TOKEN, authInfo.getCsrfToken());

2
backend/services/system-setting/src/test/java/io/metersphere/system/controller/OrganizationUserRoleControllerTests.java
View File

@ -284,7 +284,7 @@ public class OrganizationUserRoleControllerTests extends BaseTest {
}
// 权限校验
request.setOrganizationId(getDefault().getId());
requestPostPermissionTest(PermissionConstants.ORGANIZATION_USER_ROLE_READ, ORGANIZATION_USER_ROLE_LIST_MEMBER, request);
requestPostPermissionsTest(List.of(PermissionConstants.ORGANIZATION_USER_ROLE_READ, PermissionConstants.ORGANIZATION_MEMBER_READ), ORGANIZATION_USER_ROLE_LIST_MEMBER, request);
}
@Test

3
backend/services/system-setting/src/test/java/io/metersphere/system/controller/SystemOrganizationControllerTests.java
View File

@ -187,6 +187,9 @@ public class SystemOrganizationControllerTests extends BaseTest{
// 返回值中取出第一条ID最大的数据, 并判断是否是default-admin
UserExtend userExtend1 = JSON.parseArray(JSON.toJSONString(sortPageData.getList()), UserExtend.class).get(0);
Assertions.assertTrue(StringUtils.contains(userExtend1.getId(), "default-admin"));
// 权限校验
requestPostPermissionsTest(List.of(PermissionConstants.SYSTEM_ORGANIZATION_PROJECT_READ, PermissionConstants.SYSTEM_USER_READ),
ORGANIZATION_LIST_MEMBER, organizationRequest);
}
@Test