diff --git a/backend/src/main/java/io/metersphere/base/mapper/ext/ExtTestCaseMapper.java b/backend/src/main/java/io/metersphere/base/mapper/ext/ExtTestCaseMapper.java index 9661a711db..87a829a773 100644 --- a/backend/src/main/java/io/metersphere/base/mapper/ext/ExtTestCaseMapper.java +++ b/backend/src/main/java/io/metersphere/base/mapper/ext/ExtTestCaseMapper.java @@ -20,4 +20,12 @@ public interface ExtTestCaseMapper { TestCase getMaxNumByProjectId(@Param("projectId") String projectId); + /** + * 检查某工作空间下是否有某用例 + * @param caseId + * @param workspaceId + * @return TestCase ID + */ + List checkIsHave(@Param("caseId") String caseId, @Param("workspaceId") String workspaceId); + } diff --git a/backend/src/main/java/io/metersphere/base/mapper/ext/ExtTestCaseMapper.xml b/backend/src/main/java/io/metersphere/base/mapper/ext/ExtTestCaseMapper.xml index d12d9656fe..51195acfbf 100644 --- a/backend/src/main/java/io/metersphere/base/mapper/ext/ExtTestCaseMapper.xml +++ b/backend/src/main/java/io/metersphere/base/mapper/ext/ExtTestCaseMapper.xml @@ -251,4 +251,11 @@ + \ No newline at end of file diff --git a/backend/src/main/java/io/metersphere/base/mapper/ext/ExtTestCaseReviewMapper.java b/backend/src/main/java/io/metersphere/base/mapper/ext/ExtTestCaseReviewMapper.java index 7dcd8afe4e..aab6849b78 100644 --- a/backend/src/main/java/io/metersphere/base/mapper/ext/ExtTestCaseReviewMapper.java +++ b/backend/src/main/java/io/metersphere/base/mapper/ext/ExtTestCaseReviewMapper.java @@ -15,4 +15,12 @@ public interface ExtTestCaseReviewMapper { List listByWorkspaceId(@Param("workspaceId") String workspaceId); List listRelate(@Param("request") QueryTestReviewRequest request); + + /** + * 检查某工作空间下是否有某测试评审 + * @param reviewId + * @param workspaceId + * @return Review ID + */ + List checkIsHave(@Param("reviewId") String reviewId, @Param("workspaceId") String workspaceId); } diff --git a/backend/src/main/java/io/metersphere/base/mapper/ext/ExtTestCaseReviewMapper.xml b/backend/src/main/java/io/metersphere/base/mapper/ext/ExtTestCaseReviewMapper.xml index 30b739c64d..d0eac18a7f 100644 --- a/backend/src/main/java/io/metersphere/base/mapper/ext/ExtTestCaseReviewMapper.xml +++ b/backend/src/main/java/io/metersphere/base/mapper/ext/ExtTestCaseReviewMapper.xml @@ -58,4 +58,11 @@ order by test_case_review.update_time desc + \ No newline at end of file diff --git a/backend/src/main/java/io/metersphere/service/CheckOwnerService.java b/backend/src/main/java/io/metersphere/service/CheckOwnerService.java index 2a0ef39497..c14517cc50 100644 --- a/backend/src/main/java/io/metersphere/service/CheckOwnerService.java +++ b/backend/src/main/java/io/metersphere/service/CheckOwnerService.java @@ -4,11 +4,11 @@ import io.metersphere.api.dto.APITestResult; import io.metersphere.api.dto.QueryAPITestRequest; import io.metersphere.base.domain.Project; import io.metersphere.base.mapper.ProjectMapper; -import io.metersphere.base.mapper.ext.ExtApiTestMapper; -import io.metersphere.base.mapper.ext.ExtLoadTestMapper; +import io.metersphere.base.mapper.ext.*; import io.metersphere.commons.utils.SessionUtils; import io.metersphere.dto.LoadTestDTO; import io.metersphere.i18n.Translator; +import io.metersphere.track.dto.TestPlanDTO; import io.metersphere.track.request.testplan.QueryTestPlanRequest; import org.apache.commons.collections.CollectionUtils; import org.apache.commons.lang3.StringUtils; @@ -26,6 +26,12 @@ public class CheckOwnerService { private ExtApiTestMapper extApiTestMapper; @Resource private ExtLoadTestMapper extLoadTestMapper; + @Resource + private ExtTestCaseMapper extTestCaseMapper; + @Resource + private ExtTestPlanMapper extTestPlanMapper; + @Resource + private ExtTestCaseReviewMapper extTestCaseReviewMapper; public void checkProjectOwner(String projectId) { String workspaceId = SessionUtils.getCurrentWorkspaceId(); @@ -61,4 +67,31 @@ public class CheckOwnerService { throw new UnauthorizedException(Translator.get("check_owner_test")); } } + + public void checkTestCaseOwner(String caseId) { + String workspaceId = SessionUtils.getCurrentWorkspaceId(); + List list = extTestCaseMapper.checkIsHave(caseId, workspaceId); + if (CollectionUtils.size(list) != 1) { + throw new UnauthorizedException(Translator.get("check_owner_case")); + } + } + + public void checkTestPlanOwner(String planId) { + String workspaceId = SessionUtils.getCurrentWorkspaceId(); + io.metersphere.track.request.testcase.QueryTestPlanRequest request = new io.metersphere.track.request.testcase.QueryTestPlanRequest(); + request.setWorkspaceId(workspaceId); + request.setId(planId); + List list = extTestPlanMapper.list(request); + if (CollectionUtils.size(list) != 1) { + throw new UnauthorizedException(Translator.get("check_owner_plan")); + } + } + + public void checkTestReviewOwner(String reviewId) { + String workspaceId = SessionUtils.getCurrentWorkspaceId(); + List list = extTestCaseReviewMapper.checkIsHave(reviewId, workspaceId); + if (CollectionUtils.size(list) != 1) { + throw new UnauthorizedException(Translator.get("check_owner_review")); + } + } } diff --git a/backend/src/main/java/io/metersphere/track/controller/TestCaseController.java b/backend/src/main/java/io/metersphere/track/controller/TestCaseController.java index d1def98d05..c6778e9ec8 100644 --- a/backend/src/main/java/io/metersphere/track/controller/TestCaseController.java +++ b/backend/src/main/java/io/metersphere/track/controller/TestCaseController.java @@ -83,11 +83,13 @@ public class TestCaseController { @GetMapping("/get/{testCaseId}") public TestCaseWithBLOBs getTestCase(@PathVariable String testCaseId) { + checkOwnerService.checkTestCaseOwner(testCaseId); return testCaseService.getTestCase(testCaseId); } @GetMapping("/project/{testCaseId}") public Project getProjectByTestCaseId(@PathVariable String testCaseId) { + checkOwnerService.checkTestCaseOwner(testCaseId); return testCaseService.getProjectByTestCaseId(testCaseId); } @@ -106,6 +108,7 @@ public class TestCaseController { @PostMapping("/delete/{testCaseId}") @RequiresRoles(value = {RoleConstants.TEST_USER, RoleConstants.TEST_MANAGER}, logical = Logical.OR) public int deleteTestCase(@PathVariable String testCaseId) { + checkOwnerService.checkTestCaseOwner(testCaseId); return testCaseService.deleteTestCase(testCaseId); } diff --git a/backend/src/main/java/io/metersphere/track/controller/TestCaseNodeController.java b/backend/src/main/java/io/metersphere/track/controller/TestCaseNodeController.java index 83328ec917..e1109a1428 100644 --- a/backend/src/main/java/io/metersphere/track/controller/TestCaseNodeController.java +++ b/backend/src/main/java/io/metersphere/track/controller/TestCaseNodeController.java @@ -43,11 +43,13 @@ public class TestCaseNodeController { @GetMapping("/list/plan/{planId}") public List getNodeByPlanId(@PathVariable String planId) { + checkOwnerService.checkTestPlanOwner(planId); return testCaseNodeService.getNodeByPlanId(planId); } @GetMapping("/list/review/{reviewId}") public List getNodeByReviewId(@PathVariable String reviewId) { + checkOwnerService.checkTestReviewOwner(reviewId); return testCaseNodeService.getNodeByReviewId(reviewId); } diff --git a/backend/src/main/java/io/metersphere/track/controller/TestCaseReviewController.java b/backend/src/main/java/io/metersphere/track/controller/TestCaseReviewController.java index 2bc29ebad7..7f52fc1bf3 100644 --- a/backend/src/main/java/io/metersphere/track/controller/TestCaseReviewController.java +++ b/backend/src/main/java/io/metersphere/track/controller/TestCaseReviewController.java @@ -9,6 +9,7 @@ import io.metersphere.commons.constants.RoleConstants; import io.metersphere.commons.utils.PageUtils; import io.metersphere.commons.utils.Pager; import io.metersphere.commons.utils.SessionUtils; +import io.metersphere.service.CheckOwnerService; import io.metersphere.track.dto.TestCaseReviewDTO; import io.metersphere.track.dto.TestReviewDTOWithMetric; import io.metersphere.track.request.testreview.ReviewRelevanceRequest; @@ -32,6 +33,8 @@ public class TestCaseReviewController { TestCaseReviewService testCaseReviewService; @Resource TestReviewProjectService testReviewProjectService; + @Resource + CheckOwnerService checkOwnerService; @PostMapping("/list/{goPage}/{pageSize}") public Pager> list(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody QueryCaseReviewRequest request) { @@ -71,6 +74,7 @@ public class TestCaseReviewController { @GetMapping("/delete/{reviewId}") @RequiresRoles(value = {RoleConstants.TEST_USER, RoleConstants.TEST_MANAGER}, logical = Logical.OR) public void deleteCaseReview(@PathVariable String reviewId) { + checkOwnerService.checkTestReviewOwner(reviewId); testCaseReviewService.deleteCaseReview(reviewId); } @@ -103,12 +107,14 @@ public class TestCaseReviewController { @PostMapping("/get/{reviewId}") public TestCaseReview getTestReview(@PathVariable String reviewId) { + checkOwnerService.checkTestReviewOwner(reviewId); return testCaseReviewService.getTestReview(reviewId); } @PostMapping("/edit/status/{reviewId}") @RequiresRoles(value = {RoleConstants.TEST_USER, RoleConstants.TEST_MANAGER}, logical = Logical.OR) public void editTestPlanStatus(@PathVariable String reviewId) { + checkOwnerService.checkTestReviewOwner(reviewId); testCaseReviewService.editTestReviewStatus(reviewId); } diff --git a/backend/src/main/java/io/metersphere/track/controller/TestPlanController.java b/backend/src/main/java/io/metersphere/track/controller/TestPlanController.java index 7f9135fcb9..d34f960a38 100644 --- a/backend/src/main/java/io/metersphere/track/controller/TestPlanController.java +++ b/backend/src/main/java/io/metersphere/track/controller/TestPlanController.java @@ -8,6 +8,7 @@ import io.metersphere.commons.constants.RoleConstants; import io.metersphere.commons.utils.PageUtils; import io.metersphere.commons.utils.Pager; import io.metersphere.commons.utils.SessionUtils; +import io.metersphere.service.CheckOwnerService; import io.metersphere.track.dto.TestCaseReportMetricDTO; import io.metersphere.track.dto.TestPlanDTO; import io.metersphere.track.dto.TestPlanDTOWithMetric; @@ -32,6 +33,8 @@ public class TestPlanController { TestPlanService testPlanService; @Resource TestPlanProjectService testPlanProjectService; + @Resource + CheckOwnerService checkOwnerService; @PostMapping("/list/{goPage}/{pageSize}") public Pager> list(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody QueryTestPlanRequest request) { @@ -70,6 +73,7 @@ public class TestPlanController { @PostMapping("/get/{testPlanId}") public TestPlan getTestPlan(@PathVariable String testPlanId) { + checkOwnerService.checkTestPlanOwner(testPlanId); return testPlanService.getTestPlan(testPlanId); } @@ -88,12 +92,14 @@ public class TestPlanController { @PostMapping("/edit/status/{planId}") @RequiresRoles(value = {RoleConstants.TEST_USER, RoleConstants.TEST_MANAGER}, logical = Logical.OR) public void editTestPlanStatus(@PathVariable String planId) { + checkOwnerService.checkTestPlanOwner(planId); testPlanService.editTestPlanStatus(planId); } @PostMapping("/delete/{testPlanId}") @RequiresRoles(value = {RoleConstants.TEST_USER, RoleConstants.TEST_MANAGER}, logical = Logical.OR) public int deleteTestPlan(@PathVariable String testPlanId) { + checkOwnerService.checkTestPlanOwner(testPlanId); return testPlanService.deleteTestPlan(testPlanId); } @@ -109,6 +115,7 @@ public class TestPlanController { @GetMapping("/project/name/{planId}") public String getProjectNameByPlanId(@PathVariable String planId) { + checkOwnerService.checkTestPlanOwner(planId); return testPlanService.getProjectNameByPlanId(planId); } diff --git a/backend/src/main/resources/i18n/messages_en_US.properties b/backend/src/main/resources/i18n/messages_en_US.properties index a6f319bf20..03340f13b2 100644 --- a/backend/src/main/resources/i18n/messages_en_US.properties +++ b/backend/src/main/resources/i18n/messages_en_US.properties @@ -161,4 +161,7 @@ test_track.length_less_than=The title is too long, the length must be less than # check owner check_owner_project=The current user does not have permission to operate this project check_owner_test=The current user does not have permission to operate this test +check_owner_case=The current user does not have permission to operate this use case +check_owner_plan=The current user does not have permission to operate this plan +check_owner_review=The current user does not have permission to operate this review upload_content_is_null=Imported content is empty \ No newline at end of file diff --git a/backend/src/main/resources/i18n/messages_zh_CN.properties b/backend/src/main/resources/i18n/messages_zh_CN.properties index fa4611ee14..efc123244f 100644 --- a/backend/src/main/resources/i18n/messages_zh_CN.properties +++ b/backend/src/main/resources/i18n/messages_zh_CN.properties @@ -161,4 +161,7 @@ test_track.length_less_than=标题过长,字数必须小于 # check owner check_owner_project=当前用户没有操作此项目的权限 check_owner_test=当前用户没有操作此测试的权限 +check_owner_case=当前用户没有操作此用例的权限 +check_owner_plan=当前用户没有操作此计划的权限 +check_owner_review=当前用户没有操作此评审的权限 upload_content_is_null=导入内容为空 \ No newline at end of file diff --git a/backend/src/main/resources/i18n/messages_zh_TW.properties b/backend/src/main/resources/i18n/messages_zh_TW.properties index 13f7ba0b9a..4916b0c676 100644 --- a/backend/src/main/resources/i18n/messages_zh_TW.properties +++ b/backend/src/main/resources/i18n/messages_zh_TW.properties @@ -162,4 +162,7 @@ test_track.length_less_than=標題過長,字數必須小於 # check owner check_owner_project=當前用戶沒有操作此項目的權限 check_owner_test=當前用戶沒有操作此測試的權限 +check_owner_case=當前用戶沒有操作此用例的權限 +check_owner_plan=當前用戶沒有操作此計劃的權限 +check_owner_review=當前用戶沒有操作此評審的權限 upload_content_is_null=導入內容為空 \ No newline at end of file