From 0c198d750b5049f098f5eda4ee6c86706a50a2b5 Mon Sep 17 00:00:00 2001
From: chenjianxing <jianxing.chen@fit2cloud.com>
Date: Mon, 12 Jun 2023 14:10:28 +0800
Subject: [PATCH] =?UTF-8?q?refactor(=E6=B5=8B=E8=AF=95=E8=B7=9F=E8=B8=AA):?=
 =?UTF-8?q?=20=E8=A1=A5=E5=85=85=E6=B5=8B=E8=AF=95=E8=B7=9F=E8=B8=AA?=
 =?UTF-8?q?=E6=8E=A5=E5=8F=A3=E6=9D=83=E9=99=90=E6=A0=A1=E9=AA=8C?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../constants/PermissionConstants.java        | 10 ++-
 .../controller/AttachmentController.java      | 14 +++
 .../controller/IssueCommentController.java    |  7 +-
 .../controller/IssuesController.java          | 24 +++++
 .../controller/MinderExtraNodeController.java |  3 +
 .../controller/TestCaseCommentController.java |  7 ++
 .../controller/TestCaseController.java        | 57 ++++++++++--
 .../controller/TestCaseIssuesController.java  |  5 ++
 .../controller/TestCaseNodeController.java    | 23 +++++
 .../controller/TestCaseReportController.java  | 51 -----------
 .../TestCaseReportTemplateController.java     | 49 -----------
 .../controller/TestCaseReviewController.java  |  9 +-
 .../controller/TestPlanController.java        | 47 ++++++++--
 .../controller/TestPlanReportController.java  | 12 +++
 .../TestPlanTestCaseController.java           | 21 +++++
 .../TestReviewTestCaseController.java         |  8 +-
 .../controller/TrackController.java           |  7 ++
 .../service/TestCaseReportService.java        | 87 -------------------
 .../TestCaseReportTemplateService.java        | 87 -------------------
 .../service/issue/platform/LocalPlatform.java |  2 +-
 20 files changed, 235 insertions(+), 295 deletions(-)
 delete mode 100644 test-track/backend/src/main/java/io/metersphere/controller/TestCaseReportController.java
 delete mode 100644 test-track/backend/src/main/java/io/metersphere/controller/TestCaseReportTemplateController.java
 delete mode 100644 test-track/backend/src/main/java/io/metersphere/service/TestCaseReportService.java
 delete mode 100644 test-track/backend/src/main/java/io/metersphere/service/TestCaseReportTemplateService.java

diff --git a/framework/sdk-parent/sdk/src/main/java/io/metersphere/commons/constants/PermissionConstants.java b/framework/sdk-parent/sdk/src/main/java/io/metersphere/commons/constants/PermissionConstants.java
index a95fb25fbb..3ffd57b08f 100644
--- a/framework/sdk-parent/sdk/src/main/java/io/metersphere/commons/constants/PermissionConstants.java
+++ b/framework/sdk-parent/sdk/src/main/java/io/metersphere/commons/constants/PermissionConstants.java
@@ -90,6 +90,7 @@ public class PermissionConstants {
 
     public static final String PROJECT_OPERATING_LOG_READ = "PROJECT_OPERATING_LOG:READ";
 
+    public static final String PROJECT_TRACK_HOME = "PROJECT_TRACK_HOME:READ";
     public static final String PROJECT_TRACK_CASE_READ = "PROJECT_TRACK_CASE:READ";
     public static final String PROJECT_TRACK_CASE_READ_CREATE = "PROJECT_TRACK_CASE:READ+CREATE";
     public static final String PROJECT_TRACK_CASE_READ_EDIT = "PROJECT_TRACK_CASE:READ+EDIT";
@@ -98,6 +99,11 @@ public class PermissionConstants {
     public static final String PROJECT_TRACK_CASE_READ_COPY = "PROJECT_TRACK_CASE:READ+COPY";
     public static final String PROJECT_TRACK_CASE_READ_IMPORT = "PROJECT_TRACK_CASE:READ+IMPORT";
     public static final String PROJECT_TRACK_CASE_READ_EXPORT = "PROJECT_TRACK_CASE:READ+EXPORT";
+    public static final String PROJECT_TRACK_CASE_READ_BATCH_DELETE = "PROJECT_TRACK_CASE:READ+BATCH_DELETE";
+    public static final String PROJECT_TRACK_CASE_READ_BATCH_ADD_PUBLIC = "PROJECT_TRACK_CASE:READ+BATCH_ADD_PUBLIC";
+    public static final String PROJECT_TRACK_CASE_READ_BATCH_EDIT = "PROJECT_TRACK_CASE:READ+BATCH_EDIT";
+    public static final String PROJECT_TRACK_CASE_READ_MOVE_EDIT = "PROJECT_TRACK_CASE:READ+BATCH_MOVE";
+    public static final String PROJECT_TRACK_CASE_READ_BATCH_COPY = "PROJECT_TRACK_CASE:READ+BATCH_COPY";
 
     public static final String PROJECT_TRACK_REVIEW_READ = "PROJECT_TRACK_REVIEW:READ";
     public static final String PROJECT_TRACK_REVIEW_READ_CREATE = "PROJECT_TRACK_REVIEW:READ+CREATE";
@@ -214,7 +220,6 @@ public class PermissionConstants {
     public static final String PROJECT_TEMPLATE_READ_CUSTOM = "PROJECT_TEMPLATE:READ+CUSTOM";
     public static final String PROJECT_TEMPLATE_READ_REPORT_TEMPLATE = "PROJECT_TEMPLATE:READ+REPORT_TEMPLATE";
 
-
     public static final String WORKSPACE_PROJECT_ENVIRONMENT_GROUP_READ = "WORKSPACE_PROJECT_ENVIRONMENT:READ+CREATE_GROUP";
     public static final String WORKSPACE_PROJECT_ENVIRONMENT_GROUP_DELETE = "WORKSPACE_PROJECT_ENVIRONMENT:READ+DELETE_GROUP";
     public static final String WORKSPACE_PROJECT_ENVIRONMENT_GROUP_EDIT = "WORKSPACE_PROJECT_ENVIRONMENT:READ+EDIT_GROUP";
@@ -223,4 +228,7 @@ public class PermissionConstants {
     public static final String SYSTEM_PLUGIN_DEL = "SYSTEM_PLUGIN:DEL";
     public static final String SYSTEM_PLUGIN_UPLOAD = "SYSTEM_PLUGIN:UPLOAD";
     public static final String SYSTEM_PLUGIN_READ = "SYSTEM_PLUGIN:READ";
+
+    public static final String PERSONAL_INFORMATION_READ_THIRD_ACCOUNT = "PERSONAL_INFORMATION:READ+THIRD_ACCOUNT";
+
 }
diff --git a/test-track/backend/src/main/java/io/metersphere/controller/AttachmentController.java b/test-track/backend/src/main/java/io/metersphere/controller/AttachmentController.java
index 38648cd656..876e1a1c33 100644
--- a/test-track/backend/src/main/java/io/metersphere/controller/AttachmentController.java
+++ b/test-track/backend/src/main/java/io/metersphere/controller/AttachmentController.java
@@ -3,11 +3,14 @@ package io.metersphere.controller;
 import io.metersphere.base.domain.FileAttachmentMetadata;
 import io.metersphere.commons.constants.OperLogConstants;
 import io.metersphere.commons.constants.OperLogModule;
+import io.metersphere.commons.constants.PermissionConstants;
 import io.metersphere.log.annotation.MsAuditLog;
 import io.metersphere.metadata.service.FileMetadataService;
 import io.metersphere.request.attachment.AttachmentDumpRequest;
 import io.metersphere.xpack.track.dto.AttachmentRequest;
 import io.metersphere.service.AttachmentService;
+import org.apache.shiro.authz.annotation.Logical;
+import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
@@ -32,12 +35,14 @@ public class AttachmentController {
 
     @MsAuditLog(module = OperLogModule.TRACK_BUG, type = OperLogConstants.UPDATE, content = "#msClass.getLogDetails(#request.belongId, #request.belongType, #file.getOriginalFilename(), false)", msClass = AttachmentService.class)
     @PostMapping(value = "/issue/upload", consumes = {"multipart/form-data"})
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_ISSUE_READ_EDIT)
     public void uploadIssueAttachment(@RequestPart("request") AttachmentRequest request, @RequestPart(value = "file", required = false) MultipartFile file) {
         attachmentService.uploadAttachment(request, file);
     }
 
     @MsAuditLog(module = OperLogModule.TRACK_TEST_CASE, type = OperLogConstants.UPDATE, content = "#msClass.getLogDetails(#request.belongId, #request.belongType, #file.getOriginalFilename(), false)", msClass = AttachmentService.class)
     @PostMapping(value = "/testcase/upload", consumes = {"multipart/form-data"})
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_CASE_READ_EDIT)
     public void uploadTestCaseAttachment(@RequestPart("request") AttachmentRequest request, @RequestPart(value = "file", required = false) MultipartFile file) {
         attachmentService.uploadAttachment(request, file);
     }
@@ -58,6 +63,7 @@ public class AttachmentController {
     }
 
     @GetMapping("/download/{id}/{isLocal}")
+    @RequiresPermissions(value = {PermissionConstants.PROJECT_TRACK_CASE_READ, PermissionConstants.PROJECT_TRACK_ISSUE_READ}, logical = Logical.OR)
     public ResponseEntity<byte[]> downloadAttachment(@PathVariable("id") String fileId, @PathVariable("isLocal") Boolean isLocal) {
         if (isLocal) {
             return attachmentService.downloadLocalAttachment(fileId);
@@ -69,46 +75,54 @@ public class AttachmentController {
 
     @MsAuditLog(module = OperLogModule.TRACK_TEST_CASE, type = OperLogConstants.UPDATE, beforeEvent = "#msClass.getLogDetails(#attachmentId, 'testcase')", msClass = AttachmentService.class)
     @GetMapping("/delete/testcase/{attachmentId}")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_CASE_READ_EDIT)
     public void deleteTestCaseAttachment(@PathVariable String attachmentId) {
         attachmentService.deleteAttachment(attachmentId, "testcase");
     }
 
     @MsAuditLog(module = OperLogModule.TRACK_BUG, type = OperLogConstants.UPDATE, beforeEvent = "#msClass.getLogDetails(#attachmentId, 'issue')", msClass = AttachmentService.class)
     @GetMapping("/delete/issue/{attachmentId}")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_ISSUE_READ_EDIT)
     public void deleteIssueAttachment(@PathVariable String attachmentId) {
         attachmentService.deleteAttachment(attachmentId, "issue");
     }
 
     @PostMapping("/metadata/list")
+    @RequiresPermissions(value = {PermissionConstants.PROJECT_TRACK_CASE_READ, PermissionConstants.PROJECT_TRACK_ISSUE_READ}, logical = Logical.OR)
     public List<FileAttachmentMetadata> listMetadata(@RequestBody AttachmentRequest request) {
         return attachmentService.listMetadata(request);
     }
 
     @PostMapping("/testcase/metadata/relate")
     @MsAuditLog(module = OperLogModule.TRACK_TEST_CASE, type = OperLogConstants.UPDATE, content = "#msClass.getLogDetails(#request.belongId, #request.belongType, #request.metadataRefIds, true)", msClass = AttachmentService.class)
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_CASE_READ_EDIT)
     public void caseRelate(@RequestBody AttachmentRequest request) {
         attachmentService.relate(request);
     }
 
     @PostMapping("/issue/metadata/relate")
     @MsAuditLog(module = OperLogModule.TRACK_BUG, type = OperLogConstants.UPDATE, content = "#msClass.getLogDetails(#request.belongId, #request.belongType, #request.metadataRefIds, true)", msClass = AttachmentService.class)
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_ISSUE_READ_EDIT)
     public void issueRelate(@RequestBody AttachmentRequest request) {
         attachmentService.relate(request);
     }
 
     @PostMapping("/testcase/metadata/unrelated")
     @MsAuditLog(module = OperLogModule.TRACK_TEST_CASE, type = OperLogConstants.UPDATE, beforeEvent = "#msClass.getLogDetails(#request.belongId, #request.belongType, #request.metadataRefIds)", msClass = AttachmentService.class)
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_CASE_READ_EDIT)
     public void caseUnrelated(@RequestBody AttachmentRequest request) {
         attachmentService.unrelated(request);
     }
 
     @PostMapping("/issue/metadata/unrelated")
     @MsAuditLog(module = OperLogModule.TRACK_BUG, type = OperLogConstants.UPDATE, beforeEvent = "#msClass.getLogDetails(#request.belongId, #request.belongType, #request.metadataRefIds)", msClass = AttachmentService.class)
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_ISSUE_READ_EDIT)
     public void issueUnrelated(@RequestBody AttachmentRequest request) {
         attachmentService.unrelated(request);
     }
 
     @PostMapping(value = "/metadata/dump")
+    @RequiresPermissions(value = {PermissionConstants.PROJECT_TRACK_CASE_READ_EDIT, PermissionConstants.PROJECT_TRACK_ISSUE_READ_EDIT}, logical = Logical.OR)
     public void dumpFile(@RequestBody AttachmentDumpRequest request) {
         List<MultipartFile> files = new ArrayList<>();
         MultipartFile file = attachmentService.getAttachmentMultipartFile(request.getAttachmentId());
diff --git a/test-track/backend/src/main/java/io/metersphere/controller/IssueCommentController.java b/test-track/backend/src/main/java/io/metersphere/controller/IssueCommentController.java
index d9bd13739c..caa88fd691 100644
--- a/test-track/backend/src/main/java/io/metersphere/controller/IssueCommentController.java
+++ b/test-track/backend/src/main/java/io/metersphere/controller/IssueCommentController.java
@@ -29,7 +29,7 @@ public class IssueCommentController {
     private IssueCommentService issueCommentService;
 
     @PostMapping("/save")
-    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_REVIEW_READ_COMMENT)
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_ISSUE_READ_EDIT)
     @SendNotice(taskType = NoticeConstants.TaskType.DEFECT_TASK, target = "#targetClass.getIssue(#request.issuesId)", targetClass = IssuesService.class,
             event = NoticeConstants.Event.COMMENT, subject = "缺陷")
     @MsRequestLog(module = OperLogModule.TRACK_BUG)
@@ -39,19 +39,20 @@ public class IssueCommentController {
     }
 
     @GetMapping("/list/{issueId}")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_ISSUE_READ)
     public List<IssueCommentDTO> getComments(@PathVariable String issueId) {
         return issueCommentService.getComments(issueId);
     }
 
     @GetMapping("/delete/{commentId}")
-    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_REVIEW_READ_COMMENT)
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_ISSUE_READ_EDIT)
     @MsAuditLog(module = OperLogModule.TRACK_BUG, type = OperLogConstants.DELETE, beforeEvent = "#msClass.getLogDetails(#commentId)", msClass = TestCaseCommentService.class)
     public void deleteComment(@PathVariable String commentId) {
         issueCommentService.delete(commentId);
     }
 
     @PostMapping("/edit")
-    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_REVIEW_READ_COMMENT)
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_ISSUE_READ_EDIT)
     @MsAuditLog(module = OperLogModule.TRACK_BUG, type = OperLogConstants.UPDATE, beforeEvent = "#msClass.getLogDetails(#request.id)", content = "#msClass.getLogDetails(#request.id)", msClass = TestCaseCommentService.class)
     public IssueComment editComment(@RequestBody SaveIssueCommentRequest request) {
        return issueCommentService.edit(request);
diff --git a/test-track/backend/src/main/java/io/metersphere/controller/IssuesController.java b/test-track/backend/src/main/java/io/metersphere/controller/IssuesController.java
index 33222e1728..78cbc8cebe 100644
--- a/test-track/backend/src/main/java/io/metersphere/controller/IssuesController.java
+++ b/test-track/backend/src/main/java/io/metersphere/controller/IssuesController.java
@@ -117,22 +117,26 @@ public class IssuesController {
     }
 
     @GetMapping("/auth/{workspaceId}/{platform}")
+    @RequiresPermissions(PermissionConstants.WORKSPACE_SERVICE_READ)
     public void testAuth(@PathVariable String workspaceId, @PathVariable String platform) {
         issuesService.testAuth(workspaceId, platform);
     }
 
     @PostMapping("/user/auth")
+    @RequiresPermissions(PermissionConstants.PERSONAL_INFORMATION_READ_THIRD_ACCOUNT)
     public void userAuth(@RequestBody AuthUserIssueRequest authUserIssueRequest) {
         issuesService.userAuth(authUserIssueRequest);
     }
 
     @GetMapping("/close/{id}")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_ISSUE_READ_EDIT)
     public void closeLocalIssue(@PathVariable String id) {
         issuesService.closeLocalIssue(id);
     }
 
     @PostMapping("/delete/relate")
     @MsRequestLog(module = OperLogModule.TRACK_BUG)
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_ISSUE_READ)
     public void deleteRelate(@RequestBody IssuesRequest request) {
         issuesService.deleteIssueRelate(request);
     }
@@ -153,92 +157,110 @@ public class IssuesController {
     }
 
     @PostMapping("/tapd/user")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_ISSUE_READ)
     public List<PlatformUser> getTapdUsers(@RequestBody IssuesRequest request) {
         return issuesService.getTapdProjectUsers(request);
     }
 
     @GetMapping("/tapd/current_owner/{id}")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_ISSUE_READ)
     public List<String> getTapdIssueCurrentOwner(@PathVariable String id) {
         return issuesService.getTapdIssueCurrentOwner(id);
     }
 
     @GetMapping("/sync/{projectId}")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_ISSUE_READ)
     public void syncThirdPartyIssues(@PathVariable String projectId) {
         issuesSyncService.syncIssues(projectId);
     }
 
     @PostMapping("/sync/all")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_ISSUE_READ_EDIT)
     public void syncThirdPartyAllIssues(@RequestBody IssueSyncRequest request) {
         issuesSyncService.syncAllIssues(request);
     }
 
     @GetMapping("/sync/check/{projectId}")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_ISSUE_READ_EDIT)
     public IssueSyncCheckResult checkSync(@PathVariable String projectId) {
         return issuesService.checkSync(projectId);
     }
 
     @PostMapping("/change/status")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_ISSUE_READ_EDIT)
     public void changeStatus(@RequestBody IssuesRequest request) {
         issuesService.changeStatus(request);
     }
 
     @PostMapping("/status/count")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_ISSUE_READ)
     public List<IssuesStatusCountDao> getCountByStatus(@RequestBody IssuesCountRequest request) {
         return issuesService.getCountByStatus(request);
     }
 
     @GetMapping("/follow/{issueId}")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_ISSUE_READ)
     public List<String> getFollows(@PathVariable String issueId) {
         return issuesService.getFollows(issueId);
     }
 
     @PostMapping("/up/follows/{issueId}")
     @MsRequestLog(module = OperLogModule.TRACK_BUG)
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_ISSUE_READ_EDIT)
     public void saveFollows(@PathVariable String issueId,@RequestBody List<String> follows) {
         issuesService.saveFollows(issueId,follows);
     }
 
     @GetMapping("/thirdpart/template/{projectId}")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_ISSUE_READ)
     public IssueTemplateDao getThirdPartTemplate(@PathVariable String projectId) {
         return issuesService.getThirdPartTemplate(projectId);
     }
 
     @GetMapping("/plugin/custom/fields/{projectId}")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_ISSUE_READ)
     public List<CustomFieldDao> getPluginCustomFields(@PathVariable String projectId) {
         return issuesService.getPluginCustomFields(projectId);
     }
 
     @GetMapping("/demand/list/{projectId}")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_CASE_READ)
     public List getDemandList(@PathVariable String projectId) {
         return issuesService.getDemandList(projectId);
     }
 
     @GetMapping("/third/part/template/enable/{projectId}")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_ISSUE_READ)
     public boolean thirdPartTemplateEnable(@PathVariable String projectId) {
         return issuesService.thirdPartTemplateEnable(projectId);
     }
 
     @PostMapping("/platform/transitions")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_ISSUE_READ)
     public List<PlatformStatusDTO> getPlatformTransitions(@RequestBody PlatformIssueTypeRequest request) {
         return issuesService.getPlatformTransitions(request);
     }
 
     @PostMapping("/platform/status")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_ISSUE_READ)
     public List<PlatformStatusDTO> getPlatformStatus(@RequestBody PlatformIssueTypeRequest request) {
         return issuesService.getPlatformStatus(request);
     }
 
     @GetMapping("/platform/option")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_ISSUE_READ)
     public List<SelectOption> getPlatformOptions() {
         return platformPluginService.getPlatformOptions();
     }
 
     @PostMapping("/platform/form/option")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_ISSUE_READ)
     public List<SelectOption> getPlatformOptions(@RequestBody PlatformOptionRequest request) {
         return platformPluginService.getFormOption(request);
     }
 
     @PostMapping("/check/third/project")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_ISSUE_READ)
     public void checkThirdProjectExist(@RequestBody Project project) {
         issuesService.checkThirdProjectExist(project);
     }
@@ -251,6 +273,7 @@ public class IssuesController {
 
     @PostMapping("/import")
     @MsAuditLog(module = OperLogModule.TRACK_BUG, type = OperLogConstants.IMPORT, project = "#request.projectId")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_ISSUE_READ_EDIT)
     public ExcelResponse issueImport(@RequestPart("request") IssueImportRequest request,  @RequestPart("file") MultipartFile file) {
         baseCheckPermissionService.checkProjectOwner(request.getProjectId());
         return issuesService.issueImport(request, file);
@@ -258,6 +281,7 @@ public class IssuesController {
 
     @PostMapping("/export")
     @MsAuditLog(module = OperLogModule.TRACK_BUG, type = OperLogConstants.EXPORT, project = "#exportRequest.projectId")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_ISSUE_READ)
     public void exportIssues(@RequestBody IssueExportRequest exportRequest, HttpServletResponse response) {
         issuesService.issueExport(exportRequest, response);
     }
diff --git a/test-track/backend/src/main/java/io/metersphere/controller/MinderExtraNodeController.java b/test-track/backend/src/main/java/io/metersphere/controller/MinderExtraNodeController.java
index c763f1cb24..281fc846df 100644
--- a/test-track/backend/src/main/java/io/metersphere/controller/MinderExtraNodeController.java
+++ b/test-track/backend/src/main/java/io/metersphere/controller/MinderExtraNodeController.java
@@ -1,7 +1,9 @@
 package io.metersphere.controller;
 
 import io.metersphere.base.domain.MinderExtraNode;
+import io.metersphere.commons.constants.PermissionConstants;
 import io.metersphere.service.MinderExtraNodeService;
+import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -18,6 +20,7 @@ public class MinderExtraNodeController {
     MinderExtraNodeService minderExtraNodeService;
 
     @GetMapping("/list/{groupId}/{parentId}")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_CASE_MINDER_OPERATE)
     public List<MinderExtraNode> list(@PathVariable String groupId, @PathVariable String parentId) {
         return minderExtraNodeService.selectByParentId(parentId, groupId);
     }
diff --git a/test-track/backend/src/main/java/io/metersphere/controller/TestCaseCommentController.java b/test-track/backend/src/main/java/io/metersphere/controller/TestCaseCommentController.java
index 9f08bc4385..8a71a4a959 100644
--- a/test-track/backend/src/main/java/io/metersphere/controller/TestCaseCommentController.java
+++ b/test-track/backend/src/main/java/io/metersphere/controller/TestCaseCommentController.java
@@ -11,6 +11,7 @@ import io.metersphere.dto.TestCaseCommentDTO;
 import io.metersphere.request.testreview.SaveCommentRequest;
 import io.metersphere.service.TestCaseCommentService;
 import io.metersphere.service.TestCaseService;
+import org.apache.shiro.authz.annotation.Logical;
 import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.springframework.web.bind.annotation.*;
 
@@ -34,16 +35,22 @@ public class TestCaseCommentController {
     }
 
     @GetMapping("/list/{caseId}/{type}")
+    @RequiresPermissions(value = {PermissionConstants.PROJECT_TRACK_CASE_READ,
+            PermissionConstants.PROJECT_TRACK_REVIEW_READ,  PermissionConstants.PROJECT_TRACK_PLAN_READ}, logical = Logical.OR)
     public List<TestCaseCommentDTO> getCaseComments(@PathVariable String caseId, @PathVariable String type) {
         return testCaseCommentService.getCaseComments(caseId, type);
     }
 
     @GetMapping("/list/{caseId}/{type}/{belongId}")
+    @RequiresPermissions(value = {PermissionConstants.PROJECT_TRACK_CASE_READ,
+            PermissionConstants.PROJECT_TRACK_REVIEW_READ,  PermissionConstants.PROJECT_TRACK_PLAN_READ}, logical = Logical.OR)
     public List<TestCaseCommentDTO> getCaseComments(@PathVariable String caseId, @PathVariable String type, @PathVariable String belongId) {
         return testCaseCommentService.getCaseComments(caseId, type, belongId);
     }
 
     @GetMapping("/list/{caseId}")
+    @RequiresPermissions(value = {PermissionConstants.PROJECT_TRACK_CASE_READ,
+            PermissionConstants.PROJECT_TRACK_REVIEW_READ,  PermissionConstants.PROJECT_TRACK_PLAN_READ}, logical = Logical.OR)
     public List<TestCaseCommentDTO> getCaseComments(@PathVariable String caseId) {
         return testCaseCommentService.getCaseComments(caseId, null);
     }
diff --git a/test-track/backend/src/main/java/io/metersphere/controller/TestCaseController.java b/test-track/backend/src/main/java/io/metersphere/controller/TestCaseController.java
index f99c601e64..535b63c41b 100644
--- a/test-track/backend/src/main/java/io/metersphere/controller/TestCaseController.java
+++ b/test-track/backend/src/main/java/io/metersphere/controller/TestCaseController.java
@@ -78,7 +78,7 @@ public class TestCaseController {
     }
 
     @GetMapping("/list/{projectId}")
-    @RequiresPermissions("PROJECT_TRACK_CASE:READ")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_CASE_READ)
     public List<TestCaseDTO> list(@PathVariable String projectId) {
         baseCheckPermissionService.checkProjectOwner(projectId);
         QueryTestCaseRequest request = new QueryTestCaseRequest();
@@ -87,19 +87,21 @@ public class TestCaseController {
     }
 
     @PostMapping("/list")
-    @RequiresPermissions("PROJECT_TRACK_CASE:READ")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_CASE_READ)
     public List<TestCaseDTO> list(@RequestBody QueryTestCaseRequest request) {
         baseCheckPermissionService.checkProjectOwner(request.getProjectId());
         return testCaseService.listTestCase(request);
     }
 
     @PostMapping("/list/minder")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_CASE_MINDER_OPERATE)
     public List<TestCaseDTO> listForMinder(@RequestBody QueryTestCaseRequest request) {
         baseCheckPermissionService.checkProjectOwner(request.getProjectId());
         return testCaseService.listTestCaseForMinder(request);
     }
 
     @PostMapping("/list/minder/{goPage}/{pageSize}")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_CASE_MINDER_OPERATE)
     public Pager<List<TestCaseDTO>> listForMinder(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody QueryTestCaseRequest request) {
         baseCheckPermissionService.checkProjectOwner(request.getProjectId());
         Page<Object> page = PageHelper.startPage(goPage, pageSize, true);
@@ -107,22 +109,26 @@ public class TestCaseController {
     }
 
     @GetMapping("/relationship/case/{id}/{relationshipType}")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_CASE_READ)
     public List<RelationshipEdgeDTO> getRelationshipCase(@PathVariable("id") String id, @PathVariable("relationshipType") String relationshipType) {
         return testCaseService.getRelationshipCase(id, relationshipType);
     }
 
     @PostMapping("/relationship/add")
     @MsRequestLog(module = OperLogModule.TRACK_TEST_CASE)
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_CASE_READ_CREATE)
     public void saveRelationshipBatch(@RequestBody TestCaseRelationshipEdgeRequest request) {
         testCaseService.saveRelationshipBatch(request);
     }
 
     @GetMapping("/relationship/case/count/{id}")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_CASE_READ)
     public int getRelationshipCase(@PathVariable("id") String id) {
         return testCaseService.getRelationshipCount(id);
     }
 
     @GetMapping("recent/{count}")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_CASE_READ)
     public List<TestCase> recentTestPlans(@PathVariable int count) {
         String currentWorkspaceId = SessionUtils.getCurrentWorkspaceId();
         QueryTestCaseRequest request = new QueryTestCaseRequest();
@@ -132,70 +138,83 @@ public class TestCaseController {
     }
 
     @PostMapping("/relate/{goPage}/{pageSize}")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_CASE_READ)
     public Pager<List<TestCaseDTO>> getTestCaseRelateList(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody QueryTestCaseRequest request) {
         return testCaseService.getTestCaseRelateList(request, goPage, pageSize);
     }
 
     @PostMapping("/relationship/relate/{goPage}/{pageSize}")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_CASE_READ)
     public Pager<List<TestCaseDTO>> getRelationshipRelateList(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody QueryTestCaseRequest request) {
         return testCaseService.getRelationshipRelateList(request, goPage, pageSize);
     }
 
     @PostMapping("/relate/issue/{goPage}/{pageSize}")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_CASE_READ)
     public Pager<List<TestCaseDTO>> getTestCaseIssueRelateList(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody QueryTestCaseRequest request) {
         Page<Object> page = PageHelper.startPage(goPage, pageSize, true);
         return PageUtils.setPageInfo(page, testCaseService.getTestCaseIssueRelateList(request));
     }
 
     @GetMapping("/relate/test/list/{caseId}")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_CASE_READ)
     public List<TestCaseTestDao> getRelateTest(@PathVariable String caseId) {
         return testCaseService.getRelateTest(caseId);
     }
 
     @PostMapping("/relate/test/{type}/{caseId}")
     @MsRequestLog(module = OperLogModule.TRACK_TEST_CASE)
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_CASE_READ_EDIT)
     public void relateTest(@PathVariable String type, @PathVariable String caseId, @RequestBody List<String> apiIds) {
         testCaseService.relateTest(type, caseId, apiIds);
     }
 
     @GetMapping("/relate/delete/{caseId}/{testId}")
     @MsRequestLog(module = OperLogModule.TRACK_TEST_CASE)
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_CASE_READ_EDIT)
     public void relateDelete(@PathVariable String caseId, @PathVariable String testId) {
         testCaseService.relateDelete(caseId, testId);
     }
 
     @PostMapping("/reviews/case/{goPage}/{pageSize}")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_CASE_READ)
     public Pager<List<TestCaseDTO>> getReviewCase(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody QueryTestCaseRequest request) {
         Page<Object> page = PageHelper.startPage(goPage, pageSize, true);
         return PageUtils.setPageInfo(page, testCaseService.getReviewCase(request));
     }
 
     @GetMapping("/get/{testCaseId}")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_CASE_READ)
     public TestCaseDTO getTestCase(@PathVariable String testCaseId) {
         return testCaseService.getTestCase(testCaseId);
     }
 
     @GetMapping("/get/version/{refId}/{versionId}")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_CASE_READ)
     public TestCaseDTO getTestCaseByVersion(@PathVariable String refId, @PathVariable String versionId) {
         return testCaseService.getTestCaseByVersion(refId, versionId);
     }
 
     @GetMapping("/get/step/{testCaseId}")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_CASE_READ)
     public TestCaseWithBLOBs getTestCaseStep(@PathVariable String testCaseId) {
         return testCaseService.getTestCaseStep(testCaseId);
     }
 
     @GetMapping("/get/simple/{testCaseId}")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_CASE_READ)
     public TestCaseWithBLOBs getSimpleCase(@PathVariable String testCaseId) {
         return testCaseService.getSimpleCase(testCaseId);
     }
 
     @GetMapping("/get/edit/simple/{testCaseId}")
+    // 权限校验在service中
     public TestCaseWithBLOBs getSimpleCaseForEdit(@PathVariable String testCaseId) {
         return testCaseService.getSimpleCaseForEdit(testCaseId);
     }
 
     @GetMapping("/project/{testCaseId}")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_CASE_READ)
     public Project getProjectByTestCaseId(@PathVariable String testCaseId) {
         trackCheckPermissionService.checkTestCaseOwner(testCaseId);
         return testCaseService.getProjectByTestCaseId(testCaseId);
@@ -216,6 +235,7 @@ public class TestCaseController {
 
     @PostMapping("/edit/order")
     @MsRequestLog(module = OperLogModule.TRACK_TEST_CASE)
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_CASE_READ_EDIT)
     public void orderCase(@RequestBody ResetOrderRequest request) {
         trackCheckPermissionService.checkTestCaseOwner(request.getMoveId());
         testCaseService.updateOrder(request);
@@ -225,18 +245,21 @@ public class TestCaseController {
     @MsAuditLog(module = OperLogModule.TRACK_TEST_CASE, type = OperLogConstants.UPDATE, beforeEvent = "#msClass.getLogDetails(#request.id)", title = "#request.name", content = "#msClass.getLogDetails(#request.id)", msClass = TestCaseService.class)
     @SendNotice(taskType = NoticeConstants.TaskType.TRACK_TEST_CASE_TASK, target = "#targetClass.getTestCase(#request.id)", targetClass = TestCaseService.class,
             event = NoticeConstants.Event.UPDATE, subject = "测试用例通知")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_CASE_READ_EDIT)
     public TestCase editTestCase(@RequestPart("request") EditTestCaseRequest request) {
         return testCaseService.edit(request);
     }
 
     @PostMapping(value = "/edit/testPlan", consumes = {"multipart/form-data"})
     @MsAuditLog(module = OperLogModule.TRACK_TEST_CASE, type = OperLogConstants.UPDATE, beforeEvent = "#msClass.getLogBeforeDetails(#request.id)", title = "#request.name", content = "#msClass.getLogDetails(#request.id)", msClass = TestCaseService.class)
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_CASE_READ_EDIT)
     public String editTestCaseByTestPlan(@RequestPart("request") EditTestCaseRequest request, @RequestPart(value = "file", required = false) List<MultipartFile> files) {
         return testCaseService.editTestCase(request, files);
     }
 
     @PostMapping("/delete/{testCaseId}")
     @MsAuditLog(module = OperLogModule.TRACK_TEST_CASE, type = OperLogConstants.DELETE, beforeEvent = "#msClass.getLogDetails(#testCaseId)", msClass = TestCaseService.class)
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_CASE_READ_DELETE)
     public int deleteTestCase(@PathVariable String testCaseId) {
         trackCheckPermissionService.checkTestCaseOwner(testCaseId);
         return testCaseService.deleteTestCaseBySameVersion(testCaseId);
@@ -246,6 +269,7 @@ public class TestCaseController {
     @MsAuditLog(module = OperLogModule.TRACK_TEST_CASE, type = OperLogConstants.GC, beforeEvent = "#msClass.getLogDetails(#testCaseId)", msClass = TestCaseService.class)
     @SendNotice(taskType = NoticeConstants.TaskType.TRACK_TEST_CASE_TASK, event = NoticeConstants.Event.DELETE, target = "#targetClass.getTestCase(#testCaseId)", targetClass = TestCaseService.class,
             subject = "测试用例通知")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_CASE_READ_DELETE)
     public int deleteToGC(@PathVariable String testCaseId) {
         trackCheckPermissionService.checkTestCaseOwner(testCaseId);
         return testCaseService.deleteTestCaseToGc(testCaseId);
@@ -255,6 +279,7 @@ public class TestCaseController {
     @MsAuditLog(module = OperLogModule.TRACK_TEST_CASE, type = OperLogConstants.GC, beforeEvent = "#msClass.getLogDetails(#testCaseId)", msClass = TestCaseService.class)
     @SendNotice(taskType = NoticeConstants.TaskType.TRACK_TEST_CASE_TASK, event = NoticeConstants.Event.DELETE, target = "#targetClass.getTestCase(#testCaseId)", targetClass = TestCaseService.class,
             subject = "测试用例通知")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_CASE_READ_BATCH_ADD_PUBLIC)
     public void deletePublic(@PathVariable String versionId, @PathVariable String refId) {
         testCaseService.deleteTestCasePublic(versionId, refId);
     }
@@ -262,6 +287,7 @@ public class TestCaseController {
 
     @PostMapping("/import")
     @MsAuditLog(module = OperLogModule.TRACK_TEST_CASE, type = OperLogConstants.IMPORT, project = "#request.projectId")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_CASE_READ_IMPORT)
     public ExcelResponse testCaseImport(@RequestPart("request") TestCaseImportRequest request, @RequestPart("file") MultipartFile file, HttpServletRequest httpRequest) {
         baseCheckPermissionService.checkProjectOwner(request.getProjectId());
         return testCaseService.testCaseImport(file, request, httpRequest);
@@ -299,7 +325,7 @@ public class TestCaseController {
     }
 
     @PostMapping("/batch/edit")
-    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_CASE_READ_EDIT)
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_CASE_READ_BATCH_EDIT)
     @MsAuditLog(module = OperLogModule.TRACK_TEST_CASE, type = OperLogConstants.BATCH_UPDATE, beforeEvent = "#msClass.getLogDetails(#request.ids)", content = "#msClass.getLogDetails(#request.ids)", msClass = TestCaseService.class)
     @SendNotice(taskType = NoticeConstants.TaskType.TRACK_TEST_CASE_TASK, target = "#targetClass.findByBatchRequest(#request)", targetClass = TestCaseService.class,
             event = NoticeConstants.Event.UPDATE, subject = "测试用例通知")
@@ -309,19 +335,20 @@ public class TestCaseController {
 
     @PostMapping("/batch/relate/demand")
     @MsAuditLog(module = OperLogModule.TRACK_TEST_CASE, type = OperLogConstants.BATCH_UPDATE, beforeEvent = "#msClass.getLogDetails(#request.ids)", content = "#msClass.getLogDetails(#request.ids)", msClass = TestCaseService.class)
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_CASE_READ_BATCH_EDIT)
     public void batchRelateDemand(@RequestBody TestCaseBatchRequest request) {
         testCaseService.batchRelateDemand(request);
     }
 
     @PostMapping("/batch/copy")
-    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_CASE_READ_COPY)
     @MsAuditLog(module = OperLogModule.TRACK_TEST_CASE, type = OperLogConstants.BATCH_ADD, beforeEvent = "#msClass.getLogDetails(#request.ids)", content = "#msClass.getLogDetails(#request.ids)", msClass = TestCaseService.class)
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_CASE_READ_BATCH_COPY)
     public void copyTestCaseBath(@RequestBody TestCaseBatchRequest request) {
         testCaseService.copyTestCaseBath(request);
     }
 
     @PostMapping("/batch/copy/public")
-    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_CASE_READ_EDIT)
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_CASE_READ_BATCH_COPY)
     @MsAuditLog(module = OperLogModule.TRACK_TEST_CASE, type = OperLogConstants.BATCH_ADD, beforeEvent = "#msClass.getLogDetails(#request.ids)", content = "#msClass.getLogDetails(#request.ids)", msClass = TestCaseService.class)
     @SendNotice(taskType = NoticeConstants.TaskType.TRACK_TEST_CASE_TASK, target = "#targetClass.findByBatchRequest(#request)", targetClass = TestCaseService.class,
             event = NoticeConstants.Event.CREATE, subject = "测试用例通知")
@@ -331,7 +358,7 @@ public class TestCaseController {
 
 
     @PostMapping("/batch/delete")
-    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_CASE_READ_DELETE)
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_CASE_READ_BATCH_DELETE)
     @MsAuditLog(module = OperLogModule.TRACK_TEST_CASE, type = OperLogConstants.BATCH_DEL, beforeEvent = "#msClass.getLogDetails(#request.ids)", msClass = TestCaseService.class)
     public void deleteTestCaseBath(@RequestBody TestCaseBatchRequest request) {
         testCaseService.deleteTestCaseBath(request);
@@ -350,18 +377,21 @@ public class TestCaseController {
     @MsAuditLog(module = OperLogModule.TRACK_TEST_CASE, type = OperLogConstants.BATCH_DEL, beforeEvent = "#msClass.getLogDetails(#request.ids)", msClass = TestCaseService.class)
     @SendNotice(taskType = NoticeConstants.TaskType.TRACK_TEST_CASE_TASK, target = "#targetClass.findByBatchRequest(#request)", targetClass = TestCaseService.class,
             event = NoticeConstants.Event.DELETE, subject = "测试用例通知")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_CASE_READ_DELETE)
     public void deleteToGcBatchPublic(@RequestBody TestCaseBatchRequest request) {
         testCaseService.deleteToGcBatchPublic(request);
     }
 
     @PostMapping("/reduction")
     @MsAuditLog(module = OperLogModule.TRACK_TEST_CASE, type = OperLogConstants.RESTORE, beforeEvent = "#msClass.getLogDetails(#request.ids)", msClass = TestCaseService.class)
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_CASE_READ_DELETE)
     public void reduction(@RequestBody TestCaseBatchRequest request) {
         testCaseService.reduction(request);
     }
 
 
     @PostMapping("/file/download")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_CASE_READ)
     public ResponseEntity<byte[]> download(@RequestBody FileOperationRequest fileOperationRequest) {
         byte[] bytes = fileService.loadFileAsBytes(fileOperationRequest.getId());
         return ResponseEntity.ok()
@@ -371,6 +401,7 @@ public class TestCaseController {
     }
 
     @GetMapping("/file/preview/{fileId}")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_CASE_READ)
     public ResponseEntity<byte[]> preview(@PathVariable String fileId) {
         byte[] bytes = fileService.loadFileAsBytes(fileId);
         return ResponseEntity.ok()
@@ -381,19 +412,21 @@ public class TestCaseController {
 
     @PostMapping("/save")
     @MsAuditLog(module = OperLogModule.TRACK_TEST_CASE, type = OperLogConstants.CREATE, title = "#testCaseWithBLOBs.name", content = "#msClass.getLogDetails(#testCaseWithBLOBs.id)", msClass = TestCaseService.class)
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_CASE_READ_CREATE)
     public TestCaseWithBLOBs saveTestCase(@RequestBody EditTestCaseRequest request) {
         request.setId(UUID.randomUUID().toString());
         return testCaseService.addTestCase(request);
     }
 
     @PostMapping("/minder/edit")
-    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_CASE_READ_EDIT)
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_CASE_MINDER_OPERATE)
     @MsAuditLog(module = OperLogModule.TRACK_TEST_CASE, type = OperLogConstants.MINDER_OPERATION, project = "#request.projectId", beforeEvent = "#msClass.getCaseLogDetails(#request)", content = "#msClass.getCaseLogDetails(#request)", msClass = TestCaseService.class)
     public void minderEdit(@RequestBody TestCaseMinderEditRequest request) {
         testCaseService.minderEdit(request);
     }
 
     @GetMapping("/follow/{caseId}")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_CASE_READ)
     public List<String> getFollows(@PathVariable String caseId) {
         return testCaseService.getFollows(caseId);
     }
@@ -406,17 +439,20 @@ public class TestCaseController {
     }
 
     @GetMapping("versions/{caseId}")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_CASE_READ)
     public List<TestCaseDTO> getTestCaseVersions(@PathVariable String caseId) {
         return testCaseService.getTestCaseVersions(caseId);
     }
 
     @GetMapping("get/{version}/{refId}")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_CASE_READ)
     public TestCaseDTO getTestCase(@PathVariable String version, @PathVariable String refId) {
         return testCaseService.getTestCaseByVersion(refId, version);
     }
 
     @GetMapping("delete/{version}/{refId}")
-    public void deleteApiDefinition(@PathVariable String version, @PathVariable String refId) {
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_CASE_READ_DELETE)
+    public void deleteTestCaseByVersion(@PathVariable String version, @PathVariable String refId) {
         testCaseService.deleteTestCaseByVersion(refId, version);
     }
 
@@ -427,11 +463,13 @@ public class TestCaseController {
      * @return
      */
     @GetMapping("hasOtherInfo/{caseId}")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_CASE_READ)
     public Boolean hasOtherInfo(@PathVariable String caseId) {
         return testCaseService.hasOtherInfo(caseId);
     }
 
     @GetMapping("/update/custom/num/{projectId}")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_CASE_READ_EDIT)
     public void updateCustomNum(@PathVariable String projectId) {
         testCaseService.updateTestCaseCustomNumByProjectId(projectId);
     }
@@ -442,6 +480,7 @@ public class TestCaseController {
      * 项目报告服务需要统计测试用例
      */
     @PostMapping("/count")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_CASE_READ)
     public List<TestCaseCountChartResult> countTestCaseByRequest(@RequestBody TestCaseCountRequest request) {
         return testCaseService.countTestCaseByRequest(request);
     }
@@ -452,11 +491,13 @@ public class TestCaseController {
      * 项目报告服务通过不同类型需要统计测试用例。
      */
     @PostMapping("/count/{type}")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_CASE_READ)
     public List<TestAnalysisChartResult> countTestCaseByRequest(@PathVariable String type, @RequestBody TestAnalysisChartRequest request) {
         return testCaseService.countTestCaseByTypeAndRequest(type, request);
     }
 
     @PostMapping("/select/by/id")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_CASE_READ)
     public List<TestCase> selectByIds(@RequestBody QueryTestCaseRequest request) {
         return testCaseService.selectByIds(request);
     }
diff --git a/test-track/backend/src/main/java/io/metersphere/controller/TestCaseIssuesController.java b/test-track/backend/src/main/java/io/metersphere/controller/TestCaseIssuesController.java
index ad346bfefb..2910e977d0 100644
--- a/test-track/backend/src/main/java/io/metersphere/controller/TestCaseIssuesController.java
+++ b/test-track/backend/src/main/java/io/metersphere/controller/TestCaseIssuesController.java
@@ -2,10 +2,13 @@ package io.metersphere.controller;
 
 import io.metersphere.commons.constants.OperLogConstants;
 import io.metersphere.commons.constants.OperLogModule;
+import io.metersphere.commons.constants.PermissionConstants;
 import io.metersphere.dto.TestCaseDTO;
 import io.metersphere.log.annotation.MsAuditLog;
 import io.metersphere.request.issues.IssuesRelevanceRequest;
 import io.metersphere.service.TestCaseIssueService;
+import org.apache.shiro.authz.annotation.Logical;
+import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -22,11 +25,13 @@ public class TestCaseIssuesController {
     private TestCaseIssueService testCaseIssueService;
 
     @PostMapping("/list")
+    @RequiresPermissions(value = {PermissionConstants.PROJECT_TRACK_CASE_READ, PermissionConstants.PROJECT_TRACK_ISSUE_READ}, logical = Logical.OR)
     public List<TestCaseDTO> list(@RequestBody IssuesRelevanceRequest request) {
         return testCaseIssueService.list(request);
     }
 
     @PostMapping("/relate")
+    @RequiresPermissions(value = {PermissionConstants.PROJECT_TRACK_CASE_READ_EDIT, PermissionConstants.PROJECT_TRACK_ISSUE_READ_EDIT}, logical = Logical.AND)
     @MsAuditLog(module = OperLogModule.TRACK_TEST_CASE, type = OperLogConstants.ASSOCIATE_ISSUE, content = "#msClass.getLogDetails(#request)", msClass = TestCaseIssueService.class)
     public void relate(@RequestBody IssuesRelevanceRequest request) {
         testCaseIssueService.relate(request);
diff --git a/test-track/backend/src/main/java/io/metersphere/controller/TestCaseNodeController.java b/test-track/backend/src/main/java/io/metersphere/controller/TestCaseNodeController.java
index 906615b67b..4bc3aad656 100644
--- a/test-track/backend/src/main/java/io/metersphere/controller/TestCaseNodeController.java
+++ b/test-track/backend/src/main/java/io/metersphere/controller/TestCaseNodeController.java
@@ -3,6 +3,7 @@ package io.metersphere.controller;
 import io.metersphere.base.domain.TestCaseNode;
 import io.metersphere.commons.constants.OperLogConstants;
 import io.metersphere.commons.constants.OperLogModule;
+import io.metersphere.commons.constants.PermissionConstants;
 import io.metersphere.log.annotation.MsAuditLog;
 import io.metersphere.log.annotation.MsRequestLog;
 import io.metersphere.request.testcase.DragNodeRequest;
@@ -14,6 +15,7 @@ import io.metersphere.dto.TestCaseNodeDTO;
 import io.metersphere.service.BaseCheckPermissionService;
 import io.metersphere.service.TestCaseNodeService;
 import io.metersphere.service.wapper.CheckPermissionService;
+import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.springframework.web.bind.annotation.*;
 
 import jakarta.annotation.Resource;
@@ -33,12 +35,14 @@ public class TestCaseNodeController {
     private BaseCheckPermissionService baseCheckPermissionService;
 
     @GetMapping("/list/{projectId}")
+    @RequiresPermissions(value = {PermissionConstants.PROJECT_TRACK_CASE_READ})
     public List<TestCaseNodeDTO> getNodeByProjectId(@PathVariable String projectId) {
         baseCheckPermissionService.checkProjectOwner(projectId);
         return testCaseNodeService.getNodeTreeByProjectId(projectId);
     }
 
     @PostMapping("/list/{projectId}")
+    @RequiresPermissions(value = {PermissionConstants.PROJECT_TRACK_CASE_READ})
     public List<TestCaseNodeDTO> getNodeByCondition(@PathVariable String projectId, @RequestBody(required = false) QueryTestCaseRequest request) {
         // 高级搜索所属模块搜索时, 切换项目时需替换projectId为参数中切换项目
         if (request != null && request.getProjectId() != null) {
@@ -50,6 +54,7 @@ public class TestCaseNodeController {
     }
 
     @PostMapping("/count/{projectId}")
+    @RequiresPermissions(value = {PermissionConstants.PROJECT_TRACK_CASE_READ})
     public Map<String, Integer> getNodeCountMapByProjectId(@PathVariable String projectId, @RequestBody(required = false) QueryTestCaseRequest request) {
         baseCheckPermissionService.checkProjectOwner(projectId);
         return testCaseNodeService.getNodeCountMapByProjectId(projectId,
@@ -57,62 +62,73 @@ public class TestCaseNodeController {
     }
 
     @PostMapping("/minder/extraNode/count")
+    @RequiresPermissions(value = {PermissionConstants.PROJECT_TRACK_CASE_READ})
     public Map<String, Integer> getMinderTreeExtraNodeCount(@RequestBody List<String> nodeIds) {
         return testCaseNodeService.getMinderTreeExtraNodeCount(nodeIds);
     }
 
     @GetMapping("/trashCount/{projectId}")
+    @RequiresPermissions(value = {PermissionConstants.PROJECT_TRACK_CASE_READ})
     public long trashCount(@PathVariable String projectId) {
         baseCheckPermissionService.checkProjectOwner(projectId);
         return testCaseNodeService.trashCount(projectId);
     }
 
     @GetMapping("/publicCount/{workSpaceId}")
+    @RequiresPermissions(value = {PermissionConstants.PROJECT_TRACK_CASE_READ})
     public long publicCount(@PathVariable String workSpaceId) {
         return testCaseNodeService.publicCount(workSpaceId);
     }
 
     /*模块列表列表*/
     @PostMapping("/list/project")
+    @RequiresPermissions(value = {PermissionConstants.PROJECT_TRACK_CASE_READ})
     public List<TestCaseNodeDTO> getAllNodeByProjectId(@RequestBody QueryNodeRequest request) {
         return testCaseNodeService.getAllNodeByProjectId(request);
     }
 
     @GetMapping("/list/plan/{planId}")
+    @RequiresPermissions(value = {PermissionConstants.PROJECT_TRACK_CASE_READ})
     public List<TestCaseNodeDTO> getNodeByPlanId(@PathVariable String planId) {
         trackCheckPermissionService.checkTestPlanOwner(planId);
         return testCaseNodeService.getNodeByPlanId(planId);
     }
 
     @PostMapping("/list/plan/{planId}")
+    @RequiresPermissions(value = {PermissionConstants.PROJECT_TRACK_CASE_READ})
     public List<TestCaseNodeDTO> getNodeByPlanId(@PathVariable String planId, @RequestBody(required = false) QueryTestPlanCaseRequest request) {
         trackCheckPermissionService.checkTestPlanOwner(planId);
         return testCaseNodeService.getNodeByPlanId(planId, Optional.ofNullable(request).orElse(new QueryTestPlanCaseRequest()));
     }
 
     @PostMapping("/list/public/{workspaceId}")
+    @RequiresPermissions(value = {PermissionConstants.PROJECT_TRACK_CASE_READ})
     public List<TestCaseNodeDTO> getPublicCaseNode(@PathVariable String workspaceId, @RequestBody QueryTestCaseRequest request) {
         return testCaseNodeService.getPublicCaseNode(workspaceId, request);
     }
 
     @PostMapping("/list/trash/{projectId}")
+    @RequiresPermissions(value = {PermissionConstants.PROJECT_TRACK_CASE_READ})
     public List<TestCaseNodeDTO> getTrashCaseNode(@PathVariable String projectId, @RequestBody QueryTestCaseRequest request) {
         return testCaseNodeService.getTrashCaseNode(projectId, request);
     }
 
     @PostMapping("/list/plan/relate")
+    @RequiresPermissions(value = {PermissionConstants.PROJECT_TRACK_PLAN_READ})
     public List<TestCaseNodeDTO> getRelatePlanNodes(@RequestBody QueryTestCaseRequest request) {
         trackCheckPermissionService.checkTestPlanOwner(request.getPlanId());
         return testCaseNodeService.getRelatePlanNodes(request);
     }
 
     @PostMapping("/list/review/relate")
+    @RequiresPermissions(value = {PermissionConstants.PROJECT_TRACK_REVIEW_READ})
     public List<TestCaseNodeDTO> getRelateReviewNodes(@RequestBody QueryTestCaseRequest request) {
         trackCheckPermissionService.checkTestReviewOwner(request.getReviewId());
         return testCaseNodeService.getRelateReviewNodes(request);
     }
 
     @GetMapping("/list/plan/{planId}/{runResult}")
+    @RequiresPermissions(value = {PermissionConstants.PROJECT_TRACK_PLAN_READ})
     public List<TestCaseNodeDTO> getNodeByPlanIdAndRunResult(@PathVariable String planId, @PathVariable String runResult) {
         trackCheckPermissionService.checkTestPlanOwner(planId);
         QueryTestPlanCaseRequest request = new QueryTestPlanCaseRequest();
@@ -122,30 +138,35 @@ public class TestCaseNodeController {
     }
 
     @GetMapping("/list/review/{reviewId}")
+    @RequiresPermissions(value = {PermissionConstants.PROJECT_TRACK_REVIEW_READ})
     public List<TestCaseNodeDTO> getNodeByReviewId(@PathVariable String reviewId) {
         trackCheckPermissionService.checkTestReviewOwner(reviewId);
         return testCaseNodeService.getNodeByReviewId(reviewId);
     }
 
     @PostMapping("/list/review/{reviewId}")
+    @RequiresPermissions(value = {PermissionConstants.PROJECT_TRACK_REVIEW_READ})
     public List<TestCaseNodeDTO> getNodeByReviewId(@PathVariable String reviewId, @RequestBody(required = false) QueryCaseReviewRequest request) {
         trackCheckPermissionService.checkTestReviewOwner(reviewId);
         return testCaseNodeService.getNodeByReviewId(reviewId, Optional.ofNullable(request).orElse(new QueryCaseReviewRequest()));
     }
 
     @PostMapping("/add")
+    @RequiresPermissions(value = {PermissionConstants.PROJECT_TRACK_CASE_READ_EDIT})
     @MsAuditLog(module = OperLogModule.TRACK_TEST_CASE, type = OperLogConstants.CREATE, title = "#node.name", content = "#msClass.getLogDetails(#node)", msClass = TestCaseNodeService.class)
     public String addNode(@RequestBody TestCaseNode node) {
         return testCaseNodeService.addNode(node);
     }
 
     @PostMapping("/edit")
+    @RequiresPermissions(value = {PermissionConstants.PROJECT_TRACK_CASE_READ_EDIT})
     @MsAuditLog(module = OperLogModule.TRACK_TEST_CASE, type = OperLogConstants.UPDATE, beforeEvent = "#msClass.getLogDetails(#node)", title = "#node.name", content = "#msClass.getLogDetails(#node)", msClass = TestCaseNodeService.class)
     public int editNode(@RequestBody DragNodeRequest node) {
         return testCaseNodeService.editNode(node);
     }
 
     @PostMapping("/delete")
+    @RequiresPermissions(value = {PermissionConstants.PROJECT_TRACK_CASE_READ_EDIT})
     @MsAuditLog(module = OperLogModule.TRACK_TEST_CASE, type = OperLogConstants.DELETE, beforeEvent = "#msClass.getLogDetails(#nodeIds)", msClass = TestCaseNodeService.class)
     public int deleteNode(@RequestBody List<String> nodeIds) {
         //nodeIds 包含删除节点ID及其所有子节点ID
@@ -153,6 +174,7 @@ public class TestCaseNodeController {
     }
 
     @PostMapping("/drag")
+    @RequiresPermissions(value = {PermissionConstants.PROJECT_TRACK_CASE_READ_EDIT})
     @MsAuditLog(module = OperLogModule.TRACK_TEST_CASE, type = OperLogConstants.UPDATE, beforeEvent = "#msClass.getLogDetails(#node)", title = "#node.name", content = "#msClass.getLogDetails(#node)", msClass = TestCaseNodeService.class)
     public void dragNode(@RequestBody DragNodeRequest node) {
         testCaseNodeService.dragNode(node);
@@ -160,6 +182,7 @@ public class TestCaseNodeController {
 
     @PostMapping("/pos")
     @MsRequestLog(module = OperLogModule.TRACK_TEST_CASE)
+    @RequiresPermissions(value = {PermissionConstants.PROJECT_TRACK_CASE_READ_EDIT})
     public void treeSort(@RequestBody List<String> ids) {
         testCaseNodeService.sort(ids);
     }
diff --git a/test-track/backend/src/main/java/io/metersphere/controller/TestCaseReportController.java b/test-track/backend/src/main/java/io/metersphere/controller/TestCaseReportController.java
deleted file mode 100644
index 1075bc6b1f..0000000000
--- a/test-track/backend/src/main/java/io/metersphere/controller/TestCaseReportController.java
+++ /dev/null
@@ -1,51 +0,0 @@
-package io.metersphere.controller;
-
-import io.metersphere.base.domain.TestCaseReport;
-import io.metersphere.commons.constants.OperLogConstants;
-import io.metersphere.commons.constants.OperLogModule;
-import io.metersphere.log.annotation.MsAuditLog;
-import io.metersphere.request.testCaseReport.CreateReportRequest;
-import io.metersphere.service.TestCaseReportService;
-import org.springframework.web.bind.annotation.*;
-
-import jakarta.annotation.Resource;
-import java.util.List;
-import java.util.UUID;
-
-@RequestMapping("/case/report")
-@RestController
-public class TestCaseReportController {
-
-    @Resource
-    TestCaseReportService testCaseReportService;
-
-    @PostMapping("/list")
-    public List<TestCaseReport> list(@RequestBody TestCaseReport request) {
-        return testCaseReportService.listTestCaseReport(request);
-    }
-
-    @GetMapping("/get/{id}")
-    public TestCaseReport get(@PathVariable String id) {
-        return testCaseReportService.getTestCaseReport(id);
-    }
-
-    @PostMapping("/add")
-    @MsAuditLog(module = OperLogModule.TRACK_TEST_PLAN, type = OperLogConstants.CREATE, content = "#msClass.getLogDetails(#request.id)", msClass = TestCaseReportService.class)
-    public String addByTemplateId(@RequestBody CreateReportRequest request) {
-        request.setId(UUID.randomUUID().toString());
-        return testCaseReportService.addTestCaseReportByTemplateId(request);
-    }
-
-    @PostMapping("/edit")
-    @MsAuditLog(module = OperLogModule.TRACK_TEST_CASE_REVIEW, type = OperLogConstants.UPDATE, beforeEvent = "#msClass.getLogDetails(#TestCaseReport.id)", content = "#msClass.getLogDetails(#TestCaseReport.id)", msClass = TestCaseReportService.class)
-    public void edit(@RequestBody TestCaseReport TestCaseReport) {
-        testCaseReportService.editTestCaseReport(TestCaseReport);
-    }
-
-    @PostMapping("/delete/{id}")
-    @MsAuditLog(module = OperLogModule.TRACK_TEST_PLAN, type = OperLogConstants.DELETE, beforeEvent = "#msClass.getLogDetails(#id)", msClass = TestCaseReportService.class)
-    public int delete(@PathVariable String id) {
-        return testCaseReportService.deleteTestCaseReport(id);
-    }
-
-}
diff --git a/test-track/backend/src/main/java/io/metersphere/controller/TestCaseReportTemplateController.java b/test-track/backend/src/main/java/io/metersphere/controller/TestCaseReportTemplateController.java
deleted file mode 100644
index 276253d964..0000000000
--- a/test-track/backend/src/main/java/io/metersphere/controller/TestCaseReportTemplateController.java
+++ /dev/null
@@ -1,49 +0,0 @@
-package io.metersphere.controller;
-
-import io.metersphere.base.domain.TestCaseReportTemplate;
-import io.metersphere.commons.constants.OperLogConstants;
-import io.metersphere.commons.constants.OperLogModule;
-import io.metersphere.log.annotation.MsAuditLog;
-import io.metersphere.request.testCaseReport.QueryTemplateRequest;
-import io.metersphere.service.TestCaseReportTemplateService;
-import org.springframework.web.bind.annotation.*;
-
-import jakarta.annotation.Resource;
-import java.util.List;
-
-@RequestMapping("/case/report/template")
-@RestController
-public class TestCaseReportTemplateController {
-
-    @Resource
-    TestCaseReportTemplateService testCaseReportTemplateService;
-
-    @PostMapping("/list")
-    public List<TestCaseReportTemplate> list(@RequestBody QueryTemplateRequest request) {
-        return testCaseReportTemplateService.listTestCaseReportTemplate(request);
-    }
-
-    @GetMapping("/get/{id}")
-    public TestCaseReportTemplate get(@PathVariable String id) {
-        return testCaseReportTemplateService.getTestCaseReportTemplate(id);
-    }
-
-    @PostMapping("/add")
-    @MsAuditLog(module = OperLogModule.WORKSPACE_TEMPLATE_SETTINGS, type = OperLogConstants.CREATE, title = "#testCaseReportTemplate.name",sourceId = "#testCaseReportTemplate.id")
-    public void add(@RequestBody TestCaseReportTemplate testCaseReportTemplate) {
-        testCaseReportTemplateService.addTestCaseReportTemplate(testCaseReportTemplate);
-    }
-
-    @PostMapping("/edit")
-    @MsAuditLog(module = OperLogModule.WORKSPACE_TEMPLATE_SETTINGS, type = OperLogConstants.UPDATE, title = "#testCaseReportTemplate.name",sourceId = "#testCaseReportTemplate.id")
-    public void edit(@RequestBody TestCaseReportTemplate testCaseReportTemplate) {
-        testCaseReportTemplateService.editTestCaseReportTemplate(testCaseReportTemplate);
-    }
-
-    @PostMapping("/delete/{id}")
-    @MsAuditLog(module = OperLogModule.WORKSPACE_TEMPLATE_SETTINGS, type = OperLogConstants.DELETE, beforeEvent = "#msClass.getLogDetails(#id)", msClass = TestCaseReportTemplateService.class)
-    public int delete(@PathVariable String id) {
-        return testCaseReportTemplateService.deleteTestCaseReportTemplate(id);
-    }
-
-}
diff --git a/test-track/backend/src/main/java/io/metersphere/controller/TestCaseReviewController.java b/test-track/backend/src/main/java/io/metersphere/controller/TestCaseReviewController.java
index 394cdfdc87..0afc16831d 100644
--- a/test-track/backend/src/main/java/io/metersphere/controller/TestCaseReviewController.java
+++ b/test-track/backend/src/main/java/io/metersphere/controller/TestCaseReviewController.java
@@ -38,8 +38,6 @@ public class TestCaseReviewController {
     TestReviewProjectService testReviewProjectService;
     @Resource
     CheckPermissionService trackCheckPermissionService;
-    @Resource
-    private TestCaseCommentService testCaseCommentService;
 
     @PostMapping("/list/{goPage}/{pageSize}")
     @RequiresPermissions(PermissionConstants.PROJECT_TRACK_REVIEW_READ)
@@ -64,16 +62,19 @@ public class TestCaseReviewController {
     }
 
     @PostMapping("/reviewer")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_REVIEW_READ)
     public List<User> getUserByReviewId(@RequestBody TestCaseReview request) {
         return testCaseReviewService.getUserByReviewId(request);
     }
 
     @PostMapping("/follow")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_REVIEW_READ)
     public List<User> getFollowByReviewId(@RequestBody TestCaseReview request) {
         return testCaseReviewService.getFollowByReviewId(request);
     }
 
     @GetMapping("/recent/{count}")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_REVIEW_READ)
     public List<TestCaseReviewDTO> recentTestPlans(@PathVariable int count) {
         String currentWorkspaceId = SessionUtils.getCurrentWorkspaceId();
         PageHelper.startPage(1, count, true);
@@ -105,12 +106,14 @@ public class TestCaseReviewController {
     }
 
     @PostMapping("/relevance")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_REVIEW_READ_RELEVANCE_OR_CANCEL)
     @MsAuditLog(module = OperLogModule.TRACK_TEST_CASE_REVIEW, type = OperLogConstants.ASSOCIATE_CASE, content = "#msClass.getLogDetails(#request)", msClass = TestCaseReviewService.class)
     public void testReviewRelevance(@RequestBody ReviewRelevanceRequest request) {
         testCaseReviewService.testReviewRelevance(request);
     }
 
     @PostMapping("/projects")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_REVIEW_READ)
     public List<Project> getProjectByReviewId(@RequestBody TestReviewRelevanceRequest request) {
         List<String> projectIds = testReviewProjectService.getProjectIdsByReviewId();
         request.setProjectIds(projectIds);
@@ -118,6 +121,7 @@ public class TestCaseReviewController {
     }
 
     @PostMapping("/project/{goPage}/{pageSize}")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_REVIEW_READ)
     public Pager<List<Project>> getProjectByReviewId(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody TestReviewRelevanceRequest request) {
         List<String> projectIds = testReviewProjectService.getProjectIdsByReviewId();
         request.setProjectIds(projectIds);
@@ -142,6 +146,7 @@ public class TestCaseReviewController {
     }
 
     @PostMapping("/list/all/relate/{goPage}/{pageSize}")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_REVIEW_READ)
     public Pager<List<TestReviewDTOWithMetric>> listRelateAll(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody ReviewRelateRequest request) {
         testCaseReviewService.setReviewIds(request);
         Page<Object> page = PageHelper.startPage(goPage, pageSize, true);
diff --git a/test-track/backend/src/main/java/io/metersphere/controller/TestPlanController.java b/test-track/backend/src/main/java/io/metersphere/controller/TestPlanController.java
index 5d58b794c8..3d2ca40dae 100644
--- a/test-track/backend/src/main/java/io/metersphere/controller/TestPlanController.java
+++ b/test-track/backend/src/main/java/io/metersphere/controller/TestPlanController.java
@@ -60,25 +60,26 @@ public class TestPlanController {
     private TestPlanRerunService testPlanRerunService;
 
     @GetMapping("/auto-check/{testPlanId}")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_PLAN_READ)
     public void autoCheck(@PathVariable String testPlanId) {
         testPlanService.checkTestPlanStatus(testPlanId);
     }
 
     @PostMapping("/list/{goPage}/{pageSize}")
-    @RequiresPermissions("PROJECT_TRACK_PLAN:READ")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_PLAN_READ)
     public Pager<List<TestPlanDTOWithMetric>> list(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody QueryTestPlanRequest request) {
         Page<Object> page = PageHelper.startPage(goPage, pageSize, true);
         return PageUtils.setPageInfo(page, testPlanService.listTestPlan(request));
     }
 
     @PostMapping("/metric")
-    @RequiresPermissions("PROJECT_TRACK_PLAN:READ")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_PLAN_READ)
     public List<TestPlanDTOWithMetric> selectTestPlanMetricById(@RequestBody List<String> ids) {
         return testPlanService.selectTestPlanMetricById(ids);
     }
 
     @PostMapping("/dashboard/list/{goPage}/{pageSize}")
-    @RequiresPermissions("PROJECT_TRACK_PLAN:READ")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_PLAN_READ)
     public Pager<List<TestPlanDTOWithMetric>> listByWorkspaceId(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody QueryTestPlanRequest request) {
         Page<Object> page = PageHelper.startPage(goPage, pageSize, true);
         return PageUtils.setPageInfo(page, testPlanService.listByWorkspaceId(request));
@@ -86,6 +87,7 @@ public class TestPlanController {
 
     /*jenkins测试计划*/
     @GetMapping("/list/all/{projectId}/{workspaceId}")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_PLAN_READ)
     public List<TestPlanDTOWithMetric> listByProjectId(@PathVariable String projectId, @PathVariable String workspaceId) {
         QueryTestPlanRequest request = new QueryTestPlanRequest();
         request.setWorkspaceId(workspaceId);
@@ -100,18 +102,20 @@ public class TestPlanController {
     }
 
     @PostMapping("/list/all/{goPage}/{pageSize}")
-    @RequiresPermissions("PROJECT_TRACK_PLAN:READ")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_PLAN_READ)
     public Pager<List<TestPlanDTO>> planListAll(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody QueryTestPlanRequest request) {
         Page<Object> page = PageHelper.startPage(goPage, pageSize, true);
         return PageUtils.setPageInfo(page, testPlanService.planListAll(request));
     }
 
     @GetMapping("/get/stage/option/{projectId}")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_PLAN_READ)
     public List getStageOption(@PathVariable("projectId") String projectId) {
         return testPlanService.getStageOption(projectId);
     }
 
     @GetMapping("recent/{count}/{id}")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_PLAN_READ)
     public List<TestPlan> recentTestPlans(@PathVariable("count") int count, @PathVariable("id") String projectId) {
         PageHelper.startPage(1, count, true);
         return testPlanService.recentTestPlans(projectId);
@@ -143,6 +147,7 @@ public class TestPlanController {
 
     @PostMapping("/fresh/{planId}")
     @MsRequestLog(module = OperLogModule.TRACK_TEST_PLAN)
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_PLAN_READ)
     public TestPlan freshRecentPlan(@PathVariable String planId) {
         AddTestPlanRequest request = new AddTestPlanRequest();
         request.setId(planId);
@@ -191,16 +196,19 @@ public class TestPlanController {
 
     @PostMapping("/relevance")
     @MsAuditLog(module = OperLogModule.TRACK_TEST_PLAN, type = OperLogConstants.ASSOCIATE_CASE, content = "#msClass.getLogDetails(#request)", msClass = TestPlanService.class)
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_PLAN_READ_RELEVANCE_OR_CANCEL)
     public void testPlanRelevance(@RequestBody PlanCaseRelevanceRequest request) {
         testPlanService.testPlanRelevance(request);
     }
 
     @GetMapping("/project/name/{planId}")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_PLAN_READ)
     public String getProjectNameByPlanId(@PathVariable String planId) {
         return testPlanService.getProjectNameByPlanId(planId);
     }
 
     @PostMapping("/project")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_PLAN_READ)
     public List<Project> getProjectByPlanId(@RequestBody TestCaseRelevanceRequest request) {
         List<String> projectIds = testPlanProjectService.getProjectIdsByPlanId(request.getPlanId());
         request.setProjectIds(projectIds);
@@ -208,6 +216,7 @@ public class TestPlanController {
     }
 
     @PostMapping("/project/{goPage}/{pageSize}")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_PLAN_READ)
     public Pager<List<Project>> getProjectByPlanId(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody TestCaseRelevanceRequest request) {
         List<String> projectIds = testPlanProjectService.getProjectIdsByPlanId(request.getPlanId());
         request.setProjectIds(projectIds);
@@ -216,6 +225,7 @@ public class TestPlanController {
     }
 
     @PostMapping("/copy/{id}")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_PLAN_READ_CREATE)
     @MsAuditLog(module = OperLogModule.TRACK_TEST_PLAN, type = OperLogConstants.COPY, content = "#msClass.getLogDetails(#id)", msClass = TestPlanService.class)
     @SendNotice(taskType = NoticeConstants.TaskType.TEST_PLAN_TASK, event = NoticeConstants.Event.CREATE, subject = "测试计划通知")
     public TestPlan copy(@PathVariable String id) {
@@ -223,33 +233,39 @@ public class TestPlanController {
     }
 
     @PostMapping("/api/case/env")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_PLAN_READ)
     public Map<String, List<String>> getApiCaseEnv(@RequestBody List<String> caseIds) {
         return testPlanService.getApiCaseEnv(caseIds);
     }
 
     @PostMapping("/api/scenario/env")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_PLAN_READ)
     public Map<String, List<String>> getApiScenarioEnv(@RequestBody List<String> caseIds) {
         return testPlanService.getApiScenarioEnv(caseIds);
     }
 
     @PostMapping("/case/env")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_PLAN_READ)
     public Map<String, List<String>> getPlanCaseEnv(@RequestBody TestPlan plan) {
         return testPlanService.getPlanCaseEnv(plan.getId());
     }
 
     @PostMapping("/case/relevance/project/ids")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_PLAN_READ)
     public List<String> getRelevanceProjectIds(@RequestBody TestPlan plan) {
         return testPlanService.getRelevanceProjectIds(plan.getId());
     }
 
 
     @PostMapping("/edit/run/config")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_PLAN_READ_RUN)
     @MsRequestLog(module = OperLogModule.TRACK_TEST_PLAN)
     public void updateRunModeConfig(@RequestBody TestPlanRunRequest testplanRunRequest) {
         testPlanService.updateRunModeConfig(testplanRunRequest);
     }
 
     @PostMapping("/run")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_PLAN_READ_RUN)
     @MsRequestLog(module = OperLogModule.TRACK_TEST_PLAN)
     public String run(@RequestBody TestPlanRunRequest testplanRunRequest) {
         if (baseUserService.getUserDTO(testplanRunRequest.getUserId()) == null) {
@@ -259,6 +275,7 @@ public class TestPlanController {
     }
 
     @PostMapping("/run/save")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_PLAN_READ_RUN)
     @MsRequestLog(module = OperLogModule.TRACK_TEST_PLAN)
     public String runAndSave(@RequestBody TestPlanRunRequest testplanRunRequest) {
         testPlanService.updateRunModeConfig(testplanRunRequest);
@@ -266,6 +283,7 @@ public class TestPlanController {
     }
 
     @PostMapping(value = "/run/batch")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_PLAN_READ_RUN)
     @MsAuditLog(module = OperLogModule.TRACK_TEST_PLAN, type = OperLogConstants.EXECUTE, content = "#msClass.getLogDetails(#request.testPlanIds)", msClass = TestPlanService.class)
     public void runBatch(@RequestBody TestPlanRunRequest request) {
         request.setTriggerMode(TriggerMode.BATCH.name());
@@ -273,33 +291,39 @@ public class TestPlanController {
     }
 
     @GetMapping("/report/export/{planId}/{lang}")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_REPORT_READ_EXPORT)
     public void exportHtmlReport(@PathVariable String planId, @PathVariable(required = false) String lang, HttpServletResponse response) throws UnsupportedEncodingException, JsonProcessingException {
         testPlanService.exportPlanReport(planId, lang, response);
     }
 
     @GetMapping("/get/report/export/{planId}")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_REPORT_READ_EXPORT)
     public TestPlanReportDataStruct getExportHtmlReport(@PathVariable String planId, HttpServletResponse response) throws UnsupportedEncodingException {
         return testPlanService.buildPlanReport(planId, true);
     }
 
     @GetMapping("/report/db/export/{reportId}/{lang}")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_REPORT_READ_EXPORT)
     public void exportHtmlDbReport(@PathVariable String reportId, @PathVariable(required = false) String lang, HttpServletResponse response) throws UnsupportedEncodingException, JsonProcessingException {
         testPlanService.exportPlanDbReport(reportId, lang, response);
     }
 
     @GetMapping("/report/functional/result")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_REPORT_READ)
     public TestCaseReportStatusResultDTO getFunctionalResultReport(@PathVariable String planId) {
         return testPlanService.getFunctionalResultReport(planId);
     }
 
     @PostMapping("/edit/report")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_REPORT_READ_EDIT)
     @MsRequestLog(module = OperLogModule.TRACK_TEST_PLAN)
     public void editReport(@RequestBody TestPlanWithBLOBs testPlanWithBLOBs) {
         testPlanService.editReport(testPlanWithBLOBs);
     }
 
     @PostMapping(value = "/schedule/update/enable")
-    public Schedule updateScheduleEnableByPrimyKey(@RequestBody ScheduleInfoRequest request) {
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_PLAN_READ_SCHEDULE)
+    public Schedule updateScheduleEnableByPrimaryKey(@RequestBody ScheduleInfoRequest request) {
         Schedule schedule = baseScheduleService.getSchedule(request.getTaskID());
         schedule.setEnable(request.isEnable());
         testPlanService.updateSchedule(schedule);
@@ -307,6 +331,7 @@ public class TestPlanController {
     }
 
     @PostMapping(value = "/schedule/update/disable")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_PLAN_READ_SCHEDULE)
     @SendNotice(taskType = NoticeConstants.TaskType.TRACK_HOME_TASK, event = NoticeConstants.Event.CLOSE_SCHEDULE, subject = "测试跟踪通知")
     public Schedule disableSchedule(@RequestBody ScheduleInfoRequest request) {
         Schedule schedule = baseScheduleService.getSchedule(request.getTaskID());
@@ -321,6 +346,7 @@ public class TestPlanController {
      * @return
      */
     @GetMapping("/have/exec/case/{id}")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_PLAN_READ)
     public boolean haveExecCase(@PathVariable String id) {
         return testPlanService.haveExecCase(id, true);
     }
@@ -332,32 +358,38 @@ public class TestPlanController {
      * @return
      */
     @GetMapping("/have/ui/case/{id}")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_PLAN_READ)
     public boolean haveUiCase(@PathVariable String id) {
         return testPlanService.haveUiCase(id);
     }
 
     @GetMapping("/principal/{planId}")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_PLAN_READ)
     public List<User> getPlanPrincipal(@PathVariable String planId) {
         return testPlanService.getPlanPrincipal(planId);
     }
 
     @GetMapping("/follow/{planId}")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_PLAN_READ)
     public List<User> getPlanFollow(@PathVariable String planId) {
         return testPlanService.getPlanFollow(planId);
     }
 
     @PostMapping(value = "/schedule/batch/update_enable")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_PLAN_READ_SCHEDULE)
     @MsRequestLog(module = OperLogModule.TRACK_TEST_PLAN_SCHEDULE)
     public void updateBatchScheduleEnable(@RequestBody ScheduleInfoRequest request) {
         testPlanService.batchUpdateScheduleEnable(request);
     }
 
     @PostMapping(value = "/schedule/enable/total")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_PLAN_READ)
     public long countByScheduleEnableTotal(@RequestBody QueryTestPlanRequest request) {
         return testPlanService.countScheduleEnableTotal(request);
     }
 
     @PostMapping(value = "/update/schedule/enable")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_PLAN_READ_SCHEDULE)
     public ScheduleDTO updateTestPlanBySchedule(@RequestBody ScheduleInfoRequest request) {
         Schedule schedule = baseScheduleService.getSchedule(request.getTaskID());
         schedule.setEnable(request.isEnable());
@@ -366,11 +398,13 @@ public class TestPlanController {
     }
 
     @PostMapping(value = "/schedule/update")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_PLAN_READ_SCHEDULE)
     public void updateSchedule(@RequestBody Schedule request) {
         testPlanService.updateSchedule(request);
     }
 
     @PostMapping(value = "/schedule/create")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_PLAN_READ_SCHEDULE)
     @MsAuditLog(module = OperLogModule.TRACK_TEST_PLAN_SCHEDULE, type = OperLogConstants.CREATE,
             title = "#request.name", content = "#msClass.getLogDetails(#request)", msClass = BaseScheduleService.class)
     public void createSchedule(@RequestBody ScheduleRequest request) {
@@ -379,6 +413,7 @@ public class TestPlanController {
 
 
     @GetMapping("/schedule/get/{testId}/{group}")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_PLAN_READ)
     public Schedule schedule(@PathVariable String testId, @PathVariable String group) {
         Schedule schedule = baseScheduleService.getScheduleByResource(testId, group);
         return schedule;
@@ -386,12 +421,14 @@ public class TestPlanController {
 
     @PostMapping(value = "/rerun")
     @MsRequestLog(module = OperLogModule.TRACK_TEST_PLAN)
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_PLAN_READ_RUN)
     public String rerun(@RequestBody TestPlanRerunParametersDTO request) {
         return testPlanRerunService.rerun(request);
     }
 
     @GetMapping(value = "/status/reset/{planId}")
     @MsRequestLog(module = OperLogModule.TRACK_TEST_PLAN)
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_PLAN_READ)
     public void resetStatus(@PathVariable String planId) {
         testPlanService.resetStatus(planId);
     }
diff --git a/test-track/backend/src/main/java/io/metersphere/controller/TestPlanReportController.java b/test-track/backend/src/main/java/io/metersphere/controller/TestPlanReportController.java
index efe7af655e..39a395a682 100644
--- a/test-track/backend/src/main/java/io/metersphere/controller/TestPlanReportController.java
+++ b/test-track/backend/src/main/java/io/metersphere/controller/TestPlanReportController.java
@@ -7,6 +7,7 @@ import io.metersphere.base.domain.TestPlanReportContentWithBLOBs;
 import io.metersphere.commons.constants.NoticeConstants;
 import io.metersphere.commons.constants.OperLogConstants;
 import io.metersphere.commons.constants.OperLogModule;
+import io.metersphere.commons.constants.PermissionConstants;
 import io.metersphere.commons.utils.PageUtils;
 import io.metersphere.commons.utils.Pager;
 import io.metersphere.commons.utils.SessionUtils;
@@ -20,6 +21,7 @@ import io.metersphere.plan.request.TestPlanReportSaveRequest;
 import io.metersphere.plan.service.TestPlanReportService;
 import io.metersphere.request.report.QueryTestPlanReportRequest;
 import jakarta.annotation.Resource;
+import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.springframework.web.bind.annotation.*;
 
 import java.util.List;
@@ -38,27 +40,32 @@ public class TestPlanReportController {
     private TestPlanReportService testPlanReportService;
 
     @PostMapping("/list/{goPage}/{pageSize}")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_REPORT_READ)
     public Pager<List<TestPlanReportDTO>> list(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody QueryTestPlanReportRequest request) {
         Page<Object> page = PageHelper.startPage(goPage, pageSize, true);
         return PageUtils.setPageInfo(page, testPlanReportService.list(request));
     }
 
     @GetMapping("/getMetric/{planId}")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_REPORT_READ)
     public TestPlanReportDTO getMetric(@PathVariable String planId) {
         return testPlanReportService.getMetric(planId);
     }
 
     @GetMapping("/real-time/{planId}")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_REPORT_READ)
     public TestPlanReportDataStruct getRealTimeReport(@PathVariable String planId) {
         return testPlanReportService.getRealTimeReport(planId);
     }
 
     @GetMapping("/db/{reportId}")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_REPORT_READ)
     public TestPlanReportDataStruct getReport(@PathVariable String reportId) {
         return testPlanReportService.getReport(reportId);
     }
 
     @GetMapping("/status/{planId}")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_REPORT_READ)
     public String getStatus(@PathVariable String planId) {
         TestPlanReport report = testPlanReportService.getTestPlanReport(planId);
         String status = report.getStatus();
@@ -66,6 +73,7 @@ public class TestPlanReportController {
     }
 
     @PostMapping("/delete")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_REPORT_READ_DELETE)
     @MsAuditLog(module = OperLogModule.TRACK_REPORT, type = OperLogConstants.DELETE, beforeEvent = "#msClass.getLogDetails(#testPlanReportIdList)", msClass = TestPlanReportService.class)
     @SendNotice(taskType = NoticeConstants.TaskType.TRACK_REPORT_TASK, target = "#targetClass.getReports(#testPlanReportIdList)", targetClass = TestPlanReportService.class,
             event = NoticeConstants.Event.DELETE, subject = "报告通知")
@@ -74,11 +82,13 @@ public class TestPlanReportController {
     }
 
     @PostMapping("/deleteBatchByParams")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_REPORT_READ_DELETE)
     public void deleteBatchByParams(@RequestBody QueryTestPlanReportRequest request) {
         testPlanReportService.delete(request);
     }
 
     @GetMapping("/saveTestPlanReport/{planId}/{triggerMode}")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_REPORT_READ_EDIT)
     public String saveTestPlanReport(@PathVariable String planId, @PathVariable String triggerMode) {
         String userId = SessionUtils.getUser().getId();
         String reportId = UUID.randomUUID().toString();
@@ -91,12 +101,14 @@ public class TestPlanReportController {
 
     @PostMapping("/reName")
     @MsRequestLog(module = OperLogModule.TRACK_REPORT)
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_REPORT_READ_EDIT)
     public void reName(@RequestBody TestPlanReport request) {
         testPlanReportService.reName(request.getId(), request.getName());
     }
 
     @PostMapping("/edit/report")
     @MsRequestLog(module = OperLogModule.TRACK_REPORT)
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_REPORT_READ_EDIT)
     public void editReport(@RequestBody TestPlanReportContentWithBLOBs reportContentWithBLOBs) {
         testPlanReportService.editReport(reportContentWithBLOBs);
     }
diff --git a/test-track/backend/src/main/java/io/metersphere/controller/TestPlanTestCaseController.java b/test-track/backend/src/main/java/io/metersphere/controller/TestPlanTestCaseController.java
index 1b04e3e19d..dae2cd537c 100644
--- a/test-track/backend/src/main/java/io/metersphere/controller/TestPlanTestCaseController.java
+++ b/test-track/backend/src/main/java/io/metersphere/controller/TestPlanTestCaseController.java
@@ -5,6 +5,7 @@ import com.github.pagehelper.PageHelper;
 import io.metersphere.base.domain.TestPlanTestCaseWithBLOBs;
 import io.metersphere.commons.constants.OperLogConstants;
 import io.metersphere.commons.constants.OperLogModule;
+import io.metersphere.commons.constants.PermissionConstants;
 import io.metersphere.commons.utils.PageUtils;
 import io.metersphere.commons.utils.Pager;
 import io.metersphere.dto.TestPlanCaseDTO;
@@ -17,6 +18,7 @@ import io.metersphere.plan.request.function.TestPlanFuncCaseEditRequest;
 import io.metersphere.plan.service.TestPlanTestCaseService;
 import io.metersphere.request.ResetOrderRequest;
 import org.apache.commons.lang3.StringUtils;
+import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.springframework.web.bind.annotation.*;
 
 import jakarta.annotation.Resource;
@@ -31,6 +33,7 @@ public class TestPlanTestCaseController {
     TestPlanTestCaseService testPlanTestCaseService;
 
     @PostMapping("/list/{goPage}/{pageSize}")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_PLAN_READ)
     public Pager<List<TestPlanCaseDTO>> getTestPlanCases(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody QueryTestPlanCaseRequest request) {
         QueryTestPlanCaseRequest paramRequest = testPlanTestCaseService.setCustomNumOrderParam(request);
         Page<Object> page = PageHelper.startPage(goPage, pageSize, true);
@@ -40,6 +43,7 @@ public class TestPlanTestCaseController {
 
     /*jenkins测试计划下全部用例*/
     @GetMapping("/list/{planId}")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_PLAN_READ)
     public List<TestPlanCaseDTO> getTestPlanCaseByPlanId(@PathVariable String planId) {
         QueryTestPlanCaseRequest request = new QueryTestPlanCaseRequest();
         request.setPlanId(planId);
@@ -48,17 +52,20 @@ public class TestPlanTestCaseController {
     }
 
     @PostMapping("/list/minder")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_PLAN_READ)
     public List<TestPlanCaseDTO> listForMinder(@RequestBody QueryTestPlanCaseRequest request) {
         return testPlanTestCaseService.listForMinder(request);
     }
 
     @PostMapping("/list/minder/{goPage}/{pageSize}")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_PLAN_READ)
     public Pager<List<TestPlanCaseDTO>> listForMinder(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody QueryTestPlanCaseRequest request) {
         Page<Object> page = PageHelper.startPage(goPage, pageSize, true);
         return PageUtils.setPageInfo(page, testPlanTestCaseService.listForMinder(request));
     }
 
     @GetMapping("/list/node/{planId}/{nodePaths}")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_PLAN_READ)
     public List<TestPlanCaseDTO> getTestPlanCasesByNodePath(@PathVariable String planId, @PathVariable String nodePaths) {
         String nodePath = nodePaths.replace("f", "/");
         String[] array = nodePath.split(",");
@@ -71,6 +78,7 @@ public class TestPlanTestCaseController {
     }
 
     @GetMapping("/list/node/all/{planId}/{nodePaths}")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_PLAN_READ)
     public List<TestPlanCaseDTO> getTestPlanCasesByNodePaths(@PathVariable String planId, @PathVariable String nodePaths) {
         String nodePath = nodePaths.replace("f", StringUtils.EMPTY);
         String[] array = nodePath.split(",");
@@ -83,71 +91,84 @@ public class TestPlanTestCaseController {
     }
 
     @GetMapping("/get/{caseId}")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_PLAN_READ)
     public TestPlanCaseDTO getTestPlanCases(@PathVariable String caseId) {
         return testPlanTestCaseService.get(caseId);
     }
 
     @PostMapping("recent/{count}")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_PLAN_READ)
     public List<TestPlanCaseDTO> getRecentTestCases(@PathVariable int count, @RequestBody QueryTestPlanCaseRequest request) {
         return testPlanTestCaseService.getRecentTestCases(request, count);
     }
 
     @PostMapping("pending/{count}")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_PLAN_READ)
     public List<TestPlanCaseDTO> getPrepareTestCases(@PathVariable int count, @RequestBody QueryTestPlanCaseRequest request) {
         return testPlanTestCaseService.getPendingTestCases(request, count);
     }
 
     @PostMapping("/list/all")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_PLAN_READ)
     public List<TestPlanCaseDTO> getTestPlanCases(@RequestBody QueryTestPlanCaseRequest request) {
         return testPlanTestCaseService.list(request);
     }
 
     @PostMapping("/idList/all")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_PLAN_READ)
     public List<String> getTestPlanCases(@RequestBody TestPlanFuncCaseBatchRequest request) {
         return testPlanTestCaseService.idList(request);
     }
 
     @PostMapping("/edit")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_PLAN_READ_RUN)
     @MsAuditLog(module = OperLogModule.TRACK_TEST_CASE_REVIEW, type = OperLogConstants.UPDATE, content = "#msClass.getLogDetails(#testPlanTestCase.id)", msClass = TestPlanTestCaseService.class)
     public void editTestCase(@RequestBody TestPlanFuncCaseEditRequest testPlanTestCase) {
         testPlanTestCaseService.editTestCase(testPlanTestCase);
     }
 
     @PostMapping("/minder/edit")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_PLAN_READ_RUN)
     @MsAuditLog(module = OperLogModule.TRACK_TEST_PLAN, type = OperLogConstants.ASSOCIATE_CASE, content = "#msClass.getCaseLogDetails(#testPlanTestCases)", msClass = TestPlanTestCaseService.class)
     public void editTestCaseForMinder(@RequestBody List<TestPlanTestCaseWithBLOBs> testPlanTestCases) {
         testPlanTestCaseService.editTestCaseForMinder(testPlanTestCases);
     }
 
     @PostMapping("/batch/edit")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_PLAN_READ_RUN)
     @MsAuditLog(module = OperLogModule.TRACK_TEST_PLAN, type = OperLogConstants.BATCH_UPDATE, beforeEvent = "#msClass.batchLogDetails(#request.ids)", content = "#msClass.getLogDetails(#request.ids)", msClass = TestPlanTestCaseService.class)
     public void editTestCaseBath(@RequestBody TestPlanCaseBatchRequest request) {
         testPlanTestCaseService.editTestCaseBath(request);
     }
 
     @PostMapping("/batch/delete")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_PLAN_READ_RELEVANCE_OR_CANCEL)
     @MsAuditLog(module = OperLogModule.TRACK_TEST_PLAN, type = OperLogConstants.UN_ASSOCIATE_CASE, beforeEvent = "#msClass.getLogDetails(#request.ids)", msClass = TestPlanTestCaseService.class)
     public void deleteTestCaseBath(@RequestBody TestPlanCaseBatchRequest request) {
         testPlanTestCaseService.deleteTestCaseBath(request);
     }
 
     @PostMapping("/delete/{id}")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_PLAN_READ_RELEVANCE_OR_CANCEL)
     @MsAuditLog(module = OperLogModule.TRACK_TEST_PLAN, type = OperLogConstants.UN_ASSOCIATE_CASE, beforeEvent = "#msClass.getLogDetails(#id)", msClass = TestPlanTestCaseService.class)
     public int deleteTestCase(@PathVariable String id) {
         return testPlanTestCaseService.deleteTestCase(id);
     }
 
     @PostMapping("/list/all/{planId}")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_PLAN_READ)
     public List<TestPlanCaseDTO> getFailureCases(@PathVariable String planId, @RequestBody(required = false) List<String> statusList) {
         return testPlanTestCaseService.getAllCasesByStatusList(planId, statusList);
     }
 
     @GetMapping("/list/all/{planId}")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_PLAN_READ)
     public List<TestPlanCaseDTO> getAllCases(@PathVariable String planId) {
         return testPlanTestCaseService.getAllCases(planId);
     }
 
     @PostMapping("/edit/order")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_PLAN_READ)
     @MsRequestLog(module = OperLogModule.TRACK_TEST_PLAN)
     public void orderCase(@RequestBody ResetOrderRequest request) {
         testPlanTestCaseService.updateOrder(request);
diff --git a/test-track/backend/src/main/java/io/metersphere/controller/TestReviewTestCaseController.java b/test-track/backend/src/main/java/io/metersphere/controller/TestReviewTestCaseController.java
index d874a9732b..670af9707d 100644
--- a/test-track/backend/src/main/java/io/metersphere/controller/TestReviewTestCaseController.java
+++ b/test-track/backend/src/main/java/io/metersphere/controller/TestReviewTestCaseController.java
@@ -32,7 +32,8 @@ public class TestReviewTestCaseController {
     TestReviewTestCaseService testReviewTestCaseService;
 
     @PostMapping("/list/{goPage}/{pageSize}")
-    public Pager<List<TestReviewCaseDTO>> getTestPlanCases(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody QueryCaseReviewRequest request) {
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_REVIEW_READ)
+    public Pager<List<TestReviewCaseDTO>> getTestReviewCases(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody QueryCaseReviewRequest request) {
         Page<Object> page = PageHelper.startPage(goPage, pageSize, true);
         return PageUtils.setPageInfo(page, testReviewTestCaseService.list(request));
     }
@@ -73,11 +74,13 @@ public class TestReviewTestCaseController {
     }
 
     @PostMapping("/list/minder")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_REVIEW_READ)
     public List<TestReviewCaseDTO> listForMinder(@RequestBody QueryCaseReviewRequest request) {
         return testReviewTestCaseService.listForMinder(request);
     }
 
     @PostMapping("/list/minder/{goPage}/{pageSize}")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_REVIEW_READ)
     public Pager<List<TestReviewCaseDTO>> listForMinder(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody QueryCaseReviewRequest request) {
         Page<Object> page = PageHelper.startPage(goPage, pageSize, true);
         return PageUtils.setPageInfo(page, testReviewTestCaseService.listForMinder(request));
@@ -91,16 +94,19 @@ public class TestReviewTestCaseController {
     }
 
     @GetMapping("/get/{reviewId}")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_REVIEW_READ)
     public TestReviewCaseDTO get(@PathVariable String reviewId) {
         return testReviewTestCaseService.get(reviewId);
     }
 
     @GetMapping("/reviewer/status/{id}")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_REVIEW_READ)
     public List<TestCaseComment> getReviewerStatusComment(@PathVariable String id) {
         return testReviewTestCaseService.getReviewerStatusComment(id);
     }
 
     @PostMapping("/edit/order")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_REVIEW_READ)
     @MsRequestLog(module = OperLogModule.TRACK_TEST_CASE_REVIEW)
     public void orderCase(@RequestBody ResetOrderRequest request) {
         testReviewTestCaseService.updateOrder(request);
diff --git a/test-track/backend/src/main/java/io/metersphere/controller/TrackController.java b/test-track/backend/src/main/java/io/metersphere/controller/TrackController.java
index 004586f4e5..b8c026dde1 100644
--- a/test-track/backend/src/main/java/io/metersphere/controller/TrackController.java
+++ b/test-track/backend/src/main/java/io/metersphere/controller/TrackController.java
@@ -4,6 +4,7 @@ package io.metersphere.controller;
 import com.github.pagehelper.Page;
 import io.metersphere.base.domain.TestCase;
 import io.metersphere.commons.constants.MicroServiceName;
+import io.metersphere.commons.constants.PermissionConstants;
 import io.metersphere.commons.utils.PageUtils;
 import io.metersphere.commons.utils.Pager;
 import io.metersphere.dto.*;
@@ -16,6 +17,7 @@ import io.metersphere.utils.DiscoveryUtil;
 import jakarta.annotation.Resource;
 import org.apache.commons.collections.CollectionUtils;
 import org.apache.commons.lang3.StringUtils;
+import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -34,6 +36,7 @@ public class TrackController {
     private TestCaseService testCaseService;
 
     @GetMapping("/count/{projectId}")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_HOME)
     public TrackStatisticsDTO getTrackCount(@PathVariable String projectId) {
         TrackStatisticsDTO statistics = new TrackStatisticsDTO();
 
@@ -64,6 +67,7 @@ public class TrackController {
     }
 
     @GetMapping("/failure/case/about/plan/{projectId}/{versionId}/{pageSize}/{goPage}")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_HOME)
     public Pager<List<ExecutedCaseInfoDTO>> failureCaseAboutTestPlan(@PathVariable String projectId, @PathVariable String versionId,
                                                                      @PathVariable int pageSize, @PathVariable int goPage) {
         if (StringUtils.equalsIgnoreCase(versionId, "default")) {
@@ -102,6 +106,7 @@ public class TrackController {
 
 
     @GetMapping("/relevance/count/{projectId}")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_HOME)
     public TrackStatisticsDTO getRelevanceCount(@PathVariable String projectId) {
         TrackStatisticsDTO statistics = new TrackStatisticsDTO();
 
@@ -143,11 +148,13 @@ public class TrackController {
     }
 
     @GetMapping("/case/bar/{projectId}")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_HOME)
     public List<ChartsData> getCaseMaintenanceBar(@PathVariable String projectId) {
         return trackService.getCaseMaintenanceBar(projectId);
     }
 
     @GetMapping("/bug/count/{projectId}")
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_HOME)
     public BugStatistics getBugStatistics(@PathVariable String projectId) {
         return trackService.getBugStatistics(projectId);
     }
diff --git a/test-track/backend/src/main/java/io/metersphere/service/TestCaseReportService.java b/test-track/backend/src/main/java/io/metersphere/service/TestCaseReportService.java
deleted file mode 100644
index 7a1612d539..0000000000
--- a/test-track/backend/src/main/java/io/metersphere/service/TestCaseReportService.java
+++ /dev/null
@@ -1,87 +0,0 @@
-package io.metersphere.service;
-
-import io.metersphere.base.domain.TestCaseReport;
-import io.metersphere.base.domain.TestCaseReportExample;
-import io.metersphere.base.domain.TestCaseReportTemplate;
-import io.metersphere.base.domain.TestPlanWithBLOBs;
-import io.metersphere.base.mapper.TestCaseReportMapper;
-import io.metersphere.base.mapper.TestCaseReportTemplateMapper;
-import io.metersphere.base.mapper.TestPlanMapper;
-import io.metersphere.commons.utils.BeanUtils;
-import io.metersphere.commons.utils.JSON;
-import io.metersphere.commons.utils.SessionUtils;
-import io.metersphere.log.utils.ReflexObjectUtil;
-import io.metersphere.log.vo.DetailColumn;
-import io.metersphere.log.vo.OperatingLogDetails;
-import io.metersphere.log.vo.track.TestPlanReference;
-import io.metersphere.request.testCaseReport.CreateReportRequest;
-import org.apache.commons.lang3.StringUtils;
-import org.springframework.stereotype.Service;
-import org.springframework.transaction.annotation.Transactional;
-
-import jakarta.annotation.Resource;
-import java.util.List;
-import java.util.UUID;
-
-@Service
-@Transactional(rollbackFor = Exception.class)
-public class TestCaseReportService {
-
-    @Resource
-    TestCaseReportMapper testCaseReportMapper;
-
-    @Resource
-    TestPlanMapper testPlanMapper;
-
-    @Resource
-    TestCaseReportTemplateMapper testCaseReportTemplateMapper;
-
-    public List<TestCaseReport> listTestCaseReport(TestCaseReport request) {
-        TestCaseReportExample example = new TestCaseReportExample();
-        if (StringUtils.isNotBlank(request.getName())) {
-            example.createCriteria().andNameEqualTo(request.getName());
-        }
-        return testCaseReportMapper.selectByExample(example);
-    }
-
-    public TestCaseReport getTestCaseReport(String id) {
-        return testCaseReportMapper.selectByPrimaryKey(id);
-    }
-
-    public void addTestCaseReport(TestCaseReport testCaseReport) {
-        testCaseReport.setId(UUID.randomUUID().toString());
-        testCaseReportMapper.insert(testCaseReport);
-    }
-
-    public void editTestCaseReport(TestCaseReport TestCaseReport) {
-        testCaseReportMapper.updateByPrimaryKeyWithBLOBs(TestCaseReport);
-    }
-
-    public int deleteTestCaseReport(String id) {
-        return testCaseReportMapper.deleteByPrimaryKey(id);
-    }
-
-    public String addTestCaseReportByTemplateId(CreateReportRequest request) {
-        TestCaseReportTemplate template = testCaseReportTemplateMapper.selectByPrimaryKey(request.getTemplateId());
-        TestCaseReport report = new TestCaseReport();
-        BeanUtils.copyBean(report, template);
-        TestPlanWithBLOBs testPlan = testPlanMapper.selectByPrimaryKey(request.getPlanId());
-        report.setName(testPlan.getName());
-        report.setId(request.getId());
-        report.setCreateUser(SessionUtils.getUserId());
-        testCaseReportMapper.insert(report);
-        testPlan.setReportId(report.getId());
-        testPlanMapper.updateByPrimaryKeySelective(testPlan);
-        return report.getId();
-    }
-
-    public String getLogDetails(String id) {
-        TestCaseReport report = testCaseReportMapper.selectByPrimaryKey(id);
-        if (report != null) {
-            List<DetailColumn> columns = ReflexObjectUtil.getColumns(report, TestPlanReference.reportColumns);
-            OperatingLogDetails details = new OperatingLogDetails(JSON.toJSONString(report.getId()), null, report.getName(), report.getCreateUser(), columns);
-            return JSON.toJSONString(details);
-        }
-        return null;
-    }
-}
diff --git a/test-track/backend/src/main/java/io/metersphere/service/TestCaseReportTemplateService.java b/test-track/backend/src/main/java/io/metersphere/service/TestCaseReportTemplateService.java
deleted file mode 100644
index 8c41ce5205..0000000000
--- a/test-track/backend/src/main/java/io/metersphere/service/TestCaseReportTemplateService.java
+++ /dev/null
@@ -1,87 +0,0 @@
-package io.metersphere.service;
-
-import io.metersphere.base.domain.TestCaseReportTemplate;
-import io.metersphere.base.domain.TestCaseReportTemplateExample;
-import io.metersphere.base.mapper.TestCaseReportTemplateMapper;
-import io.metersphere.commons.exception.MSException;
-import io.metersphere.commons.utils.JSON;
-import io.metersphere.commons.utils.SessionUtils;
-import io.metersphere.i18n.Translator;
-import io.metersphere.log.utils.ReflexObjectUtil;
-import io.metersphere.log.vo.DetailColumn;
-import io.metersphere.log.vo.OperatingLogDetails;
-import io.metersphere.log.vo.system.SystemReference;
-import io.metersphere.request.testCaseReport.QueryTemplateRequest;
-import org.apache.commons.lang3.StringUtils;
-import org.springframework.stereotype.Service;
-import org.springframework.transaction.annotation.Transactional;
-
-import jakarta.annotation.Resource;
-import java.util.List;
-import java.util.UUID;
-
-@Service
-@Transactional(rollbackFor = Exception.class)
-public class TestCaseReportTemplateService {
-
-    @Resource
-    TestCaseReportTemplateMapper testCaseReportTemplateMapper;
-
-    public List<TestCaseReportTemplate> listTestCaseReportTemplate(QueryTemplateRequest request) {
-        TestCaseReportTemplateExample example = new TestCaseReportTemplateExample();
-        TestCaseReportTemplateExample.Criteria criteria1 = example.createCriteria();
-        TestCaseReportTemplateExample.Criteria criteria2 = example.createCriteria();
-        if (StringUtils.isNotBlank(request.getName())) {
-            criteria1.andNameLike("%" + request.getName() + "%");
-            criteria2.andNameLike("%" + request.getName() + "%");
-        }
-        if (StringUtils.isNotBlank(request.getWorkspaceId())) {
-            criteria1.andWorkspaceIdEqualTo(request.getWorkspaceId());
-        }
-        if (request.getQueryDefault() != null) {
-            criteria2.andWorkspaceIdIsNull();
-            example.or(criteria2);
-        }
-        return testCaseReportTemplateMapper.selectByExample(example);
-    }
-
-    public TestCaseReportTemplate getTestCaseReportTemplate(String id) {
-        return testCaseReportTemplateMapper.selectByPrimaryKey(id);
-    }
-
-    public void addTestCaseReportTemplate(TestCaseReportTemplate testCaseReportTemplate) {
-        testCaseReportTemplate.setId(UUID.randomUUID().toString());
-        checkCaseReportTemplateExist(testCaseReportTemplate);
-        testCaseReportTemplateMapper.insert(testCaseReportTemplate);
-    }
-
-    public void editTestCaseReportTemplate(TestCaseReportTemplate testCaseReportTemplate) {
-        checkCaseReportTemplateExist(testCaseReportTemplate);
-        testCaseReportTemplateMapper.updateByPrimaryKeyWithBLOBs(testCaseReportTemplate);
-    }
-
-    private void checkCaseReportTemplateExist(TestCaseReportTemplate testCaseReportTemplate) {
-        TestCaseReportTemplateExample example = new TestCaseReportTemplateExample();
-        example.createCriteria()
-                .andNameEqualTo(testCaseReportTemplate.getName())
-                .andWorkspaceIdEqualTo(SessionUtils.getCurrentWorkspaceId())
-                .andIdNotEqualTo(testCaseReportTemplate.getId());
-        if (testCaseReportTemplateMapper.selectByExample(example).size() > 0) {
-            MSException.throwException(Translator.get("test_case_report_template_repeat"));
-        }
-    }
-
-    public int deleteTestCaseReportTemplate(String id) {
-        return testCaseReportTemplateMapper.deleteByPrimaryKey(id);
-    }
-
-    public String getLogDetails(String id) {
-        TestCaseReportTemplate templateWithBLOBs = testCaseReportTemplateMapper.selectByPrimaryKey(id);
-        if (templateWithBLOBs != null) {
-            List<DetailColumn> columns = ReflexObjectUtil.getColumns(templateWithBLOBs, SystemReference.issueFieldColumns);
-            OperatingLogDetails details = new OperatingLogDetails(JSON.toJSONString(templateWithBLOBs.getId()), null, templateWithBLOBs.getName(), templateWithBLOBs.getCreateUser(), columns);
-            return JSON.toJSONString(details);
-        }
-        return null;
-    }
-}
diff --git a/test-track/backend/src/main/java/io/metersphere/service/issue/platform/LocalPlatform.java b/test-track/backend/src/main/java/io/metersphere/service/issue/platform/LocalPlatform.java
index fc92a9c15d..32290c0d7c 100644
--- a/test-track/backend/src/main/java/io/metersphere/service/issue/platform/LocalPlatform.java
+++ b/test-track/backend/src/main/java/io/metersphere/service/issue/platform/LocalPlatform.java
@@ -56,7 +56,7 @@ public class LocalPlatform extends LocalAbstractPlatform {
         issues.setReporter(user.getId());
         issues.setCreateTime(System.currentTimeMillis());
         issues.setUpdateTime(System.currentTimeMillis());
-        issues.setPlatform(IssuesManagePlatform.Local.toString());;
+        issues.setPlatform(IssuesManagePlatform.Local.toString());
         issues.setNum(getNextNum(issuesRequest.getProjectId()));
         issuesMapper.insert(issues);