fix(项目管理): 项目管理后台接口补足权限校验

--task=1012120 --user=宋天阳 检查所有API权限控制是否有加 RequiresPermissions
https://www.tapd.cn/55049933/s/1377485
This commit is contained in:
song-tianyang 2023-05-31 14:55:52 +08:00 committed by 建国
parent c275ee1567
commit 14326dcbf5
13 changed files with 121 additions and 33 deletions

View File

@ -71,7 +71,6 @@ public class FilterChainUtils {
filterChainDefinitionMap.put("/system/theme", "anon");
filterChainDefinitionMap.put("/system/save/baseurl/**", "anon");
filterChainDefinitionMap.put("/system/timeout", "anon");
filterChainDefinitionMap.put("/file/metadata/info/**", "anon");
filterChainDefinitionMap.put("/v1/catalog/**", "anon");
filterChainDefinitionMap.put("/v1/agent/**", "anon");

View File

@ -17,12 +17,13 @@ import io.metersphere.environment.utils.TcpTreeTableDataParser;
import io.metersphere.i18n.Translator;
import io.metersphere.log.annotation.MsAuditLog;
import io.metersphere.request.EnvironmentRequest;
import jakarta.annotation.Resource;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.json.JSONArray;
import org.json.JSONObject;
import org.springframework.web.bind.annotation.*;
import org.springframework.web.multipart.MultipartFile;
import jakarta.annotation.Resource;
import java.sql.DriverManager;
import java.util.List;
import java.util.Map;
@ -38,6 +39,7 @@ public class TestEnvironmentController {
private BaseEnvGroupProjectService baseEnvGroupProjectService;
@GetMapping("/list/{projectId}")
@RequiresPermissions("PROJECT_ENVIRONMENT:READ")
public List<ApiTestEnvironmentWithBLOBs> list(@PathVariable String projectId) {
return baseEnvironmentService.list(projectId);
}
@ -51,23 +53,27 @@ public class TestEnvironmentController {
* @return
*/
@PostMapping("/list/{goPage}/{pageSize}")
@RequiresPermissions("PROJECT_ENVIRONMENT:READ")
public Pager<List<ApiTestEnvironmentWithBLOBs>> listByCondition(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody EnvironmentRequest environmentRequest) {
Page<Object> page = PageHelper.startPage(goPage, pageSize, true);
return PageUtils.setPageInfo(page, baseEnvironmentService.listByConditions(environmentRequest));
}
@GetMapping("/get/{id}")
@RequiresPermissions("PROJECT_ENVIRONMENT:READ")
public ApiTestEnvironmentWithBLOBs get(@PathVariable String id) {
return baseEnvironmentService.get(id);
}
@PostMapping(value = "/get/entry")
@RequiresPermissions("PROJECT_ENVIRONMENT:READ")
public List<KeyStoreEntry> getEntry(@RequestPart("request") String password, @RequestPart(value = "file") MultipartFile sslFiles) {
return commandService.get(password, sslFiles);
}
@PostMapping("/add")
@RequiresPermissions("PROJECT_ENVIRONMENT:READ+CREATE")
@MsAuditLog(module = OperLogModule.PROJECT_ENVIRONMENT_SETTING, type = OperLogConstants.CREATE, title = "#apiTestEnvironmentWithBLOBs.name", project = "#apiTestEnvironmentWithBLOBs.projectId", msClass = BaseEnvironmentService.class)
public String create(@RequestPart("request") TestEnvironmentDTO apiTestEnvironmentWithBLOBs, @RequestPart(value = "files", required = false) List<MultipartFile> sslFiles, @RequestPart(value = "variablesFiles", required = false) List<MultipartFile> variableFile) {
checkParams(apiTestEnvironmentWithBLOBs);
@ -75,12 +81,14 @@ public class TestEnvironmentController {
}
@PostMapping("/import")
@RequiresPermissions("PROJECT_ENVIRONMENT:READ+IMPORT")
public String create(@RequestBody List<TestEnvironmentDTO> environments) {
environments.forEach(this::checkParams);
return baseEnvironmentService.importEnvironment(environments);
}
@PostMapping(value = "/update")
@RequiresPermissions("PROJECT_ENVIRONMENT:READ+EDIT")
@MsAuditLog(module = OperLogModule.PROJECT_ENVIRONMENT_SETTING, type = OperLogConstants.UPDATE, beforeEvent = "#msClass.getLogDetails(#apiTestEnvironment.id)", content = "#msClass.getLogDetails(#apiTestEnvironment.id)", msClass = BaseEnvironmentService.class)
public void update(@RequestPart("request") TestEnvironmentDTO apiTestEnvironment, @RequestPart(value = "files", required = false) List<MultipartFile> sslFiles, @RequestPart(value = "variablesFiles", required = false) List<MultipartFile> variableFile) {
checkParams(apiTestEnvironment);
@ -115,6 +123,7 @@ public class TestEnvironmentController {
}
@GetMapping("/delete/{id}")
@RequiresPermissions("PROJECT_ENVIRONMENT:READ+DELETE")
@MsAuditLog(module = OperLogModule.PROJECT_ENVIRONMENT_SETTING, type = OperLogConstants.DELETE, beforeEvent = "#msClass.getLogDetails(#id)", msClass = BaseEnvironmentService.class)
public void delete(@PathVariable String id) {
baseEnvironmentService.delete(id);
@ -122,11 +131,13 @@ public class TestEnvironmentController {
@GetMapping("/group/map/{groupId}")
@RequiresPermissions("PROJECT_ENVIRONMENT:READ")
public Map<String, String> getEnvMap(@PathVariable String groupId) {
return baseEnvGroupProjectService.getEnvMap(groupId);
}
@GetMapping("/module/list/{projectId}/{protocol}")
@RequiresPermissions("PROJECT_ENVIRONMENT:READ")
public List<ApiModuleDTO> getNodeByProjectId(@PathVariable String projectId, @PathVariable String protocol) {
return baseEnvironmentService.getNodeTreeByProjectId(projectId, protocol);
}
@ -137,6 +148,7 @@ public class TestEnvironmentController {
}
@PostMapping("/database/validate")
@RequiresPermissions("PROJECT_ENVIRONMENT:READ")
public void validate(@RequestBody DatabaseConfig databaseConfig) {
try {
DriverManager.getConnection(databaseConfig.getDbUrl(), databaseConfig.getUsername(), databaseConfig.getPassword());

View File

@ -11,12 +11,10 @@ import io.metersphere.commons.utils.Pager;
import io.metersphere.dto.FileMetadataDTO;
import io.metersphere.log.annotation.MsAuditLog;
import io.metersphere.metadata.service.FileMetadataService;
import io.metersphere.metadata.vo.DownloadRequest;
import io.metersphere.metadata.vo.DumpFileRequest;
import io.metersphere.metadata.vo.FileMetadataCreateRequest;
import io.metersphere.metadata.vo.MoveFIleMetadataRequest;
import io.metersphere.metadata.vo.*;
import io.metersphere.request.QueryProjectFileRequest;
import jakarta.annotation.Resource;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.springframework.http.HttpHeaders;
import org.springframework.http.MediaType;
import org.springframework.http.ResponseEntity;
@ -32,36 +30,42 @@ public class FileMetadataController {
private FileMetadataService fileMetadataService;
@GetMapping(value = "/info/{fileId}")
public ResponseEntity<byte[]> image(@PathVariable("fileId") String fileId) {
return fileMetadataService.getFile(fileId);
@RequiresPermissions("PROJECT_FILE:READ")
public FileResponse image(@PathVariable("fileId") String fileId) {
FileResponse fileResponse = new FileResponse();
fileResponse.setBytes(fileMetadataService.getFile(fileId).getBody());
return fileResponse;
}
@PostMapping("/project/{projectId}/{goPage}/{pageSize}")
public Pager<List<FileMetadataDTO>> getProjectFiles(@PathVariable String projectId,
@PathVariable int goPage, @PathVariable int pageSize,
@RequestBody QueryProjectFileRequest request) {
@RequiresPermissions("PROJECT_FILE:READ")
public Pager<List<FileMetadataDTO>> getProjectFiles(@PathVariable String projectId, @PathVariable int goPage, @PathVariable int pageSize, @RequestBody QueryProjectFileRequest request) {
fileMetadataService.checkProjectFileHasModuleId(projectId);
Page<Object> page = PageHelper.startPage(goPage, pageSize, true);
return PageUtils.setPageInfo(page, fileMetadataService.getFileMetadataByProject(projectId, request));
}
@PostMapping(value = "/create")
@RequiresPermissions("PROJECT_FILE:READ+UPLOAD+JAR")
@MsAuditLog(module = OperLogModule.PROJECT_FILE_MANAGEMENT, type = OperLogConstants.CREATE, title = "#request.name", content = "#msClass.getLogDetails(#request.id)", msClass = FileMetadataService.class)
public List<FileMetadata> create(@RequestPart("request") FileMetadataCreateRequest request, @RequestPart(value = "file", required = false) List<MultipartFile> files) {
return fileMetadataService.create(request, files);
}
@PostMapping(value = "/upload")
@RequiresPermissions("PROJECT_FILE:READ+UPLOAD+JAR")
public FileMetadata upload(@RequestPart("request") FileMetadataWithBLOBs request, @RequestPart(value = "file", required = false) List<MultipartFile> files) {
return fileMetadataService.reLoad(request, files);
}
@GetMapping(value = "/download/{id}")
@RequiresPermissions("PROJECT_FILE:READ+DOWNLOAD+JAR")
public ResponseEntity<byte[]> download(@PathVariable("id") String id) {
return fileMetadataService.getFile(id);
}
@PostMapping(value = "/download/zip")
@RequiresPermissions("PROJECT_FILE:READ+DOWNLOAD+JAR")
public ResponseEntity<byte[]> downloadBodyFiles(@RequestBody DownloadRequest request) {
try {
byte[] bytes = fileMetadataService.exportZip(request);
@ -75,49 +79,58 @@ public class FileMetadataController {
}
@GetMapping(value = "/delete/{fileId}")
@RequiresPermissions("PROJECT_FILE:READ+DELETE+JAR")
@MsAuditLog(module = OperLogModule.PROJECT_FILE_MANAGEMENT, type = OperLogConstants.DELETE, beforeEvent = "#msClass.getLogDetails(#fileId)", msClass = FileMetadataService.class)
public void deleteFile(@PathVariable String fileId) {
fileMetadataService.deleteFile(fileId);
}
@PostMapping(value = "/delete/batch")
@RequiresPermissions("PROJECT_FILE:READ+BATCH+DELETE")
public void deleteBatch(@RequestBody List<String> ids) {
fileMetadataService.deleteBatch(ids);
}
@GetMapping(value = "/get/type/all")
@RequiresPermissions("PROJECT_FILE:READ")
public List<String> getTypes() {
return fileMetadataService.getTypes();
}
@PostMapping(value = "/move")
@RequiresPermissions("PROJECT_FILE:READ+BATCH+MOVE")
@MsAuditLog(module = OperLogModule.PROJECT_FILE_MANAGEMENT, type = OperLogConstants.UPDATE, beforeEvent = "#msClass.getLogDetails(#request.id)", title = "#request.name", content = "#msClass.getLogDetails(#request.id)", msClass = FileMetadataService.class)
public void move(@RequestBody MoveFIleMetadataRequest request) {
fileMetadataService.move(request);
}
@PostMapping(value = "/update")
@RequiresPermissions("PROJECT_FILE:READ+UPLOAD+JAR")
@MsAuditLog(module = OperLogModule.PROJECT_FILE_MANAGEMENT, type = OperLogConstants.UPDATE, beforeEvent = "#msClass.getLogDetails(#request.id)", title = "#request.name", content = "#msClass.getLogDetails(#request.id)", msClass = FileMetadataService.class)
public void update(@RequestBody FileMetadataWithBLOBs request) {
fileMetadataService.update(request);
}
@PostMapping(value = "/dump/file", consumes = {"multipart/form-data"})
@RequiresPermissions("PROJECT_FILE:READ+UPLOAD+JAR")
public void dumpFile(@RequestPart("request") DumpFileRequest request, @RequestPart(value = "files", required = false) List<MultipartFile> files) {
fileMetadataService.dumpFile(request, files);
}
@GetMapping(value = "/count/{projectId}/{createUser}")
@RequiresPermissions("PROJECT_FILE:READ")
public long myFiles(@PathVariable String projectId, @PathVariable String createUser) {
return fileMetadataService.myFiles(createUser, projectId);
}
@GetMapping(value = "/exist/{fileId}")
@RequiresPermissions("PROJECT_FILE:READ")
public boolean exist(@PathVariable("fileId") String fileId) {
return fileMetadataService.exist(fileId);
}
@PostMapping(value = "/exists")
@RequiresPermissions("PROJECT_FILE:READ")
public List<String> exist(@RequestBody List<String> fileIds) {
return fileMetadataService.exists(fileIds);
}

View File

@ -8,9 +8,11 @@ import io.metersphere.metadata.service.FileModuleService;
import io.metersphere.metadata.vo.DragFileModuleRequest;
import io.metersphere.metadata.vo.FileModuleVo;
import io.metersphere.service.BaseCheckPermissionService;
import jakarta.annotation.Resource;
import org.apache.shiro.authz.annotation.Logical;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.springframework.web.bind.annotation.*;
import jakarta.annotation.Resource;
import java.util.List;
@RequestMapping("/file/module")
@ -29,30 +31,35 @@ public class FileModuleController {
}
@PostMapping("/add")
@RequiresPermissions("PROJECT_FILE:READ+UPLOAD+JAR")
@MsAuditLog(module = OperLogModule.PROJECT_FILE_MANAGEMENT, type = OperLogConstants.CREATE, title = "#node.name", content = "#msClass.getLogDetails(#node)", msClass = FileModuleService.class)
public String addNode(@RequestBody FileModule node) {
return fileModuleService.addNode(node);
}
@PostMapping("/edit")
@RequiresPermissions("PROJECT_FILE:READ+UPLOAD+JAR")
@MsAuditLog(module = OperLogModule.PROJECT_FILE_MANAGEMENT, type = OperLogConstants.UPDATE, beforeEvent = "#msClass.getLogDetails(#node)", title = "#node.name", content = "#msClass.getLogDetails(#node)", msClass = FileModuleService.class)
public int editNode(@RequestBody DragFileModuleRequest node) {
return fileModuleService.editNode(node);
}
@PostMapping("/delete")
@RequiresPermissions(value = {"PROJECT_FILE:READ+BATCH+DELETE", "PROJECT_FILE:READ+DELETE+JAR"}, logical = Logical.OR)
@MsAuditLog(module = OperLogModule.PROJECT_FILE_MANAGEMENT, type = OperLogConstants.DELETE, beforeEvent = "#msClass.getLogDetails(#nodeIds)", msClass = FileModuleService.class)
public int deleteNode(@RequestBody List<String> nodeIds) {
return fileModuleService.deleteNode(nodeIds);
}
@PostMapping("/drag")
@RequiresPermissions(value = {"PROJECT_FILE:READ+UPLOAD+JAR", "PROJECT_FILE:READ+BATCH+MOVE"}, logical = Logical.OR)
@MsAuditLog(module = OperLogModule.PROJECT_FILE_MANAGEMENT, type = OperLogConstants.UPDATE, beforeEvent = "#msClass.getLogDetails(#node)", title = "#node.name", content = "#msClass.getLogDetails(#node)", msClass = FileModuleService.class)
public void dragNode(@RequestBody DragFileModuleRequest node) {
fileModuleService.dragNode(node);
}
@PostMapping("/pos")
@RequiresPermissions(value = {"PROJECT_FILE:READ+UPLOAD+JAR", "PROJECT_FILE:READ+BATCH+MOVE"}, logical = Logical.OR)
public void treeSort(@RequestBody List<String> ids) {
fileModuleService.sort(ids);
}

View File

@ -6,9 +6,10 @@ import io.metersphere.commons.utils.SessionUtils;
import io.metersphere.log.annotation.MsAuditLog;
import io.metersphere.notice.domain.MessageDetail;
import io.metersphere.notice.service.NoticeService;
import jakarta.annotation.Resource;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.springframework.web.bind.annotation.*;
import jakarta.annotation.Resource;
import java.util.List;
@RestController
@ -24,6 +25,7 @@ public class NoticeController {
}
@PostMapping("update/message/task")
@RequiresPermissions("PROJECT_MESSAGE:READ+EDIT")
@MsAuditLog(module = OperLogModule.WORKSPACE_MESSAGE_SETTINGS, type = OperLogConstants.UPDATE, beforeEvent = "#msClass.getLogDetails(#messageDetail.id)", content = "#msClass.getLogDetails(#messageDetail.id)", msClass = NoticeService.class)
public void updateMessage(@RequestBody MessageDetail messageDetail) {
noticeService.saveMessageTask(messageDetail);
@ -41,6 +43,7 @@ public class NoticeController {
}
@GetMapping("/delete/message/{identification}")
@RequiresPermissions("PROJECT_MESSAGE:READ+DELETE")
@MsAuditLog(module = OperLogModule.WORKSPACE_MESSAGE_SETTINGS, type = OperLogConstants.DELETE, beforeEvent = "#msClass.getDelLogDetails(#identification)", msClass = NoticeService.class)
public int deleteMessage(@PathVariable String identification) {
return noticeService.delMessage(identification);

View File

@ -9,6 +9,8 @@ import io.metersphere.commons.utils.PageUtils;
import io.metersphere.commons.utils.Pager;
import io.metersphere.request.CustomFunctionRequest;
import jakarta.annotation.Resource;
import org.apache.shiro.authz.annotation.Logical;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.springframework.web.bind.annotation.*;
import java.util.List;
@ -25,16 +27,19 @@ public class CustomFunctionController {
private CustomFunctionService customFunctionService;
@PostMapping("/save")
@RequiresPermissions("PROJECT_CUSTOM_CODE:READ+CREATE")
public CustomFunctionWithBLOBs save(@RequestBody CustomFunctionRequest request) {
return customFunctionService.save(request);
}
@GetMapping("/delete/{id}")
@RequiresPermissions("PROJECT_CUSTOM_CODE:READ+DELETE")
public void delete(@PathVariable String id) {
customFunctionService.delete(id);
}
@PostMapping("/update")
@RequiresPermissions("PROJECT_CUSTOM_CODE:READ+EDIT")
public void update(@RequestBody CustomFunctionRequest request) {
customFunctionService.update(request);
}
@ -46,6 +51,7 @@ public class CustomFunctionController {
}
@GetMapping("/copy/{id}")
@RequiresPermissions("PROJECT_CUSTOM_CODE:READ+COPY")
public CustomFunctionWithBLOBs copy(@PathVariable String id) {
return customFunctionService.copy(id);
}
@ -56,6 +62,7 @@ public class CustomFunctionController {
}
@PostMapping("/run")
@RequiresPermissions(value = {"PROJECT_CUSTOM_CODE:READ+CREATE", "PROJECT_CUSTOM_CODE:READ+COPY"}, logical = Logical.OR)
public void run(@RequestBody Object request) {
customFunctionService.run(request);
}

View File

@ -12,9 +12,11 @@ import io.metersphere.log.annotation.MsAuditLog;
import io.metersphere.request.BaseQueryRequest;
import io.metersphere.request.UpdateApiTemplateRequest;
import io.metersphere.service.ApiTemplateService;
import jakarta.annotation.Resource;
import org.apache.shiro.authz.annotation.Logical;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.springframework.web.bind.annotation.*;
import jakarta.annotation.Resource;
import java.util.List;
@RequestMapping("field/template/api")
@ -25,35 +27,41 @@ public class ApiTemplateController {
private ApiTemplateService apiTemplateService;
@PostMapping("/add")
@RequiresPermissions("PROJECT_TEMPLATE:READ+API_TEMPLATE")
@MsAuditLog(module = OperLogModule.WORKSPACE_TEMPLATE_SETTINGS_API, type = OperLogConstants.CREATE, content = "#msClass.getLogDetails(#request.id)", msClass = ApiTemplateService.class)
public void add(@RequestBody UpdateApiTemplateRequest request) {
apiTemplateService.add(request);
}
@PostMapping("/list/{goPage}/{pageSize}")
@RequiresPermissions(value = {"PROJECT_TEMPLATE:READ+API_TEMPLATE", "PROJECT_TEMPLATE:READ"}, logical = Logical.OR)
public Pager<List<ApiTemplate>> list(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody BaseQueryRequest request) {
Page<List<ApiTemplate>> page = PageHelper.startPage(goPage, pageSize, true);
return PageUtils.setPageInfo(page, apiTemplateService.list(request));
}
@GetMapping("/delete/{id}")
@RequiresPermissions("PROJECT_TEMPLATE:READ+API_TEMPLATE")
@MsAuditLog(module = OperLogModule.WORKSPACE_TEMPLATE_SETTINGS_API, type = OperLogConstants.DELETE, beforeEvent = "#msClass.getLogDetails(#id)", msClass = ApiTemplateService.class)
public void delete(@PathVariable(value = "id") String id) {
apiTemplateService.delete(id);
}
@PostMapping("/update")
@RequiresPermissions("PROJECT_TEMPLATE:READ+API_TEMPLATE")
@MsAuditLog(module = OperLogModule.WORKSPACE_TEMPLATE_SETTINGS_API, type = OperLogConstants.UPDATE, beforeEvent = "#msClass.getLogDetails(#request.id)", content = "#msClass.getLogDetails(#request.id)", msClass = ApiTemplateService.class)
public void update(@RequestBody UpdateApiTemplateRequest request) {
apiTemplateService.update(request);
}
@GetMapping({"/option/{projectId}", "/option"})
@RequiresPermissions(value = {"PROJECT_TEMPLATE:READ+API_TEMPLATE", "PROJECT_TEMPLATE:READ"}, logical = Logical.OR)
public List<ApiTemplate> list(@PathVariable(required = false) String projectId) {
return apiTemplateService.getOption(projectId);
}
@GetMapping("/get-template/relate/{projectId}")
@RequiresPermissions(value = {"PROJECT_TEMPLATE:READ+API_TEMPLATE", "PROJECT_TEMPLATE:READ"}, logical = Logical.OR)
public ApiTemplateDTO getTemplate(@PathVariable String projectId) {
return apiTemplateService.getTemplate(projectId);
}

View File

@ -19,12 +19,12 @@ import io.metersphere.request.GroupRequest;
import io.metersphere.request.group.EditGroupRequest;
import io.metersphere.request.group.EditGroupUserRequest;
import io.metersphere.service.GroupService;
import jakarta.annotation.Resource;
import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.authz.annotation.Logical;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.springframework.web.bind.annotation.*;
import jakarta.annotation.Resource;
import java.util.List;
import java.util.Map;
import java.util.UUID;
@ -46,6 +46,7 @@ public class GroupController {
}
@GetMapping("/get/all")
@RequiresPermissions(value = {PermissionConstants.SYSTEM_GROUP_READ, PermissionConstants.SYSTEM_USER_READ, PermissionConstants.WORKSPACE_USER_READ}, logical = Logical.OR)
public List<GroupDTO> getAllGroup() {
return groupService.getAllGroup();
}
@ -149,6 +150,7 @@ public class GroupController {
@PostMapping("/edit/member")
@MsRequestLog(module = OperLogModule.GROUP_PERMISSION)
@RequiresPermissions(value = {PermissionConstants.SYSTEM_GROUP_READ_EDIT, PermissionConstants.PROJECT_GROUP_READ_EDIT}, logical = Logical.OR)
public void editGroupUser(@RequestBody EditGroupUserRequest request) {
groupService.editGroupUser(request);
}

View File

@ -3,13 +3,15 @@ package io.metersphere.controller;
import io.metersphere.base.domain.ProjectApplication;
import io.metersphere.commons.constants.OperLogConstants;
import io.metersphere.commons.constants.OperLogModule;
import io.metersphere.dto.ProjectConfig;
import io.metersphere.log.annotation.MsAuditLog;
import io.metersphere.request.ProjectApplicationRequest;
import io.metersphere.service.ProjectApplicationService;
import org.springframework.web.bind.annotation.*;
import jakarta.annotation.Resource;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
@RestController
@RequestMapping(value = "/project_application")
@ -18,12 +20,14 @@ public class ProjectApplicationController {
private ProjectApplicationService projectApplicationService;
@PostMapping("/update")
@RequiresPermissions("PROJECT_APP_MANAGER:READ+EDIT")
@MsAuditLog(module = OperLogModule.PROJECT_PROJECT_MANAGER, type = OperLogConstants.UPDATE, beforeEvent = "#msClass.getLogDetails(#projectApplication)", content = "#msClass.getLogDetails(#projectApplication)", msClass = ProjectApplicationService.class)
public void updateProject(@RequestBody ProjectApplication projectApplication) {
projectApplicationService.updateProjectApplication(projectApplication);
}
@PostMapping("/update/batch")
@RequiresPermissions("PROJECT_APP_MANAGER:READ+EDIT")
@MsAuditLog(module = OperLogModule.PROJECT_PROJECT_MANAGER, type = OperLogConstants.UPDATE, beforeEvent = "#msClass.getLogDetails(#projectApplication)", content = "#msClass.getLogDetails(#projectApplication)", msClass = ProjectApplicationService.class)
public void updateProjectConfigBatch(@RequestBody ProjectApplicationRequest request) {
projectApplicationService.updateProjectConfigBatch(request);

View File

@ -16,7 +16,6 @@ import io.metersphere.dto.ProjectDTO;
import io.metersphere.dto.WorkspaceMemberDTO;
import io.metersphere.i18n.Translator;
import io.metersphere.log.annotation.MsAuditLog;
import io.metersphere.log.annotation.MsRequestLog;
import io.metersphere.request.AddProjectRequest;
import io.metersphere.request.ProjectRequest;
import io.metersphere.request.member.AddMemberRequest;
@ -40,8 +39,6 @@ public class ProjectController {
@Resource
private ProjectService projectService;
@Resource
private BaseProjectService baseProjectService;
@Resource
private BaseUserService baseUserService;
@Resource
private BaseCheckPermissionService baseCheckPermissionService;
@ -92,6 +89,7 @@ public class ProjectController {
}
@PostMapping("/member/update")
@RequiresPermissions("PROJECT_USER:READ+EDIT")
@MsAuditLog(module = OperLogModule.PROJECT_PROJECT_MEMBER, type = OperLogConstants.UPDATE, beforeEvent = "#msClass.getLogDetails(#memberDTO)", content = "#msClass.getLogDetails(#memberDTO)", msClass = BaseProjectService.class)
public void updateMember(@RequestBody WorkspaceMemberDTO memberDTO) {
projectService.updateMember(memberDTO);
@ -125,7 +123,7 @@ public class ProjectController {
}
@GetMapping("/member/delete/{projectId}/{userId}")
@MsRequestLog(module = OperLogModule.PROJECT_PROJECT_MEMBER)
@RequiresPermissions(PermissionConstants.PROJECT_USER_READ_DELETE)
public void deleteProjectMember(@PathVariable String projectId, @PathVariable String userId) {
String currentUserId = SessionUtils.getUser().getId();
if (StringUtils.equals(userId, currentUserId)) {
@ -140,6 +138,7 @@ public class ProjectController {
}
@PostMapping("/member/add")
@RequiresPermissions("PROJECT_USER:READ+CREATE")
public void addProjectMember(@RequestBody AddMemberRequest request) {
projectService.addProjectMember(request);
}

View File

@ -8,6 +8,10 @@ export function modifyFileMeta(param) {
return post('/file/metadata/update', param);
}
export function getFileBytes(id) {
return get('/file/metadata/info/' + id);
}
export function pullGitFile(data) {
let formData = new FormData();
formData.append("request", new Blob([JSON.stringify(data)], {type: "application/json"}));

View File

@ -52,12 +52,14 @@
<el-col :span="18" style="padding-top: 80px">
<el-card
:body-style="{ padding: '0px' }"
v-if="isImage(data.type) && !isRepositoryFile()"
v-if="isImage(data) && !isRepositoryFile()"
>
<div v-loading="fileBase64Str==='' || fileBase64Str === 'loading'">
<img
:src="'/project/file/metadata/info/' + data.id"
:src="fileBase64Str"
class="ms-edit-image"
/>
</div>
</el-card>
<el-card :body-style="{ padding: '0px' }" v-else>
<div class="ms-edit-image">
@ -231,7 +233,7 @@
<script>
import {operationConfirm} from "metersphere-frontend/src/utils";
import {getCurrentProjectID} from "metersphere-frontend/src/utils/token";
import {getFileMetaPages, modifyFileMeta, pullGitFile, uploadFileMeta,} from "../../../../api/file";
import {getFileBytes, getFileMetaPages, modifyFileMeta, pullGitFile, uploadFileMeta,} from "../../../../api/file";
import FileVersionList from "@/business/menu/file/list/FileVersionList";
import FileCaseRelevanceList from "@/business/menu/file/list/FileCaseRelevanceList";
import {hasPermission} from "metersphere-frontend/src/utils/permission";
@ -249,6 +251,7 @@ export default {
return {
data: {},
visible: false,
fileBase64Str: '',
isFirst: false,
isLast: false,
isPullBtnLoading: false,
@ -389,6 +392,7 @@ export default {
this.showPanel = "baseInfo";
this.pageSize = size;
this.currentPage = page;
this.fileBase64Str = '';
this.total = t;
this.data = data;
this.results = this.metadataArray;
@ -436,8 +440,17 @@ export default {
return type || "";
}
},
isImage(type) {
return type && this.images.indexOf(type.toLowerCase()) !== -1;
isImage(data) {
let type = data.type;
let isImage = type && this.images.indexOf(type.toLowerCase()) !== -1;
if (isImage && this.fileBase64Str === '') {
this.fileBase64Str = 'loading';
getFileBytes(data.id).then(res => {
let fileRsp = res.data;
this.fileBase64Str = "data:image/png;base64," + fileRsp.bytes;
})
}
return isImage;
},
download() {
this.$emit("download", this.data);

View File

@ -4,7 +4,9 @@
<el-row :gutter="20">
<el-col :span="4" v-for="item in data" :key="item.id">
<el-card :body-style="{ padding: '0px' }" class="ms-card-item" @click.native="handleView(item)">
<img :src="'/project/file/metadata/info/'+item.id" class="ms-image" v-if="isImage(item.type)"/>
<div v-loading="fileBase64Str==='' || fileBase64Str === 'loading'" v-if="isImage(item)">
<img :src="fileBase64Str" class="ms-edit-image"/>
</div>
<div class="ms-image" v-else>
<div class="ms-file">
<div class="icon-title">{{ getType(item.type) }}</div>
@ -35,6 +37,7 @@
<script>
import MsTablePagination from "metersphere-frontend/src/components/pagination/TablePagination";
import MsEditFileMetadata from "../edit/EditFileMetadata";
import {getFileBytes} from "@/api/file";
export default {
name: "MsFileThumbnail",
@ -44,6 +47,7 @@ export default {
currentPage: 1,
pageSize: 10,
total: 0,
fileBase64Str: '',
images: ["bmp", "jpg", "png", "tif", "gif", "pcx", "tga", "exif", "fpx", "svg", "psd", "cdr", "pcd", "dxf", "ufo", "eps", "ai", "raw", "WMF", "webp", "avif", "apng", "jpeg"]
};
},
@ -56,6 +60,7 @@ export default {
nodeTree: []
},
created() {
this.fileBase64Str = '';
this.currentPage = this.page;
this.pageSize = this.size;
this.total = this.pageTotal;
@ -86,10 +91,22 @@ export default {
return type || "";
},
change() {
this.fileBase64Str = '';
this.$emit("change", this.pageSize, this.currentPage);
},
isImage(type) {
return (type && this.images.indexOf(type.toLowerCase()) !== -1);
isImage(item) {
let type = item.type;
let isImage = (type && this.images.indexOf(type.toLowerCase()) !== -1);
if (isImage) {
if (isImage && this.fileBase64Str === '') {
this.fileBase64Str = 'loading';
getFileBytes(item.id).then(res => {
let fileRsp = res.data;
this.fileBase64Str = "data:image/png;base64," + fileRsp.bytes;
})
}
}
return isImage;
}
},
}