fix(项目管理): 项目管理后台接口增加权限校验

项目管理后台接口增加权限校验
This commit is contained in:
song-tianyang 2023-06-12 14:48:27 +08:00 committed by 建国
parent c0d027f0e6
commit 21db088955
6 changed files with 27 additions and 0 deletions

View File

@ -11,6 +11,7 @@ import io.metersphere.api.service.CommandService;
import io.metersphere.base.domain.ApiTestEnvironmentWithBLOBs;
import io.metersphere.commons.constants.OperLogConstants;
import io.metersphere.commons.constants.OperLogModule;
import io.metersphere.commons.constants.PermissionConstants;
import io.metersphere.commons.exception.MSException;
import io.metersphere.commons.utils.LogUtil;
import io.metersphere.commons.utils.PageUtils;
@ -18,6 +19,7 @@ import io.metersphere.commons.utils.Pager;
import io.metersphere.controller.request.EnvironmentRequest;
import io.metersphere.i18n.Translator;
import io.metersphere.log.annotation.MsAuditLog;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.springframework.web.bind.annotation.*;
import org.springframework.web.multipart.MultipartFile;
@ -64,6 +66,7 @@ public class ApiTestEnvironmentController {
}
@PostMapping("/add")
@RequiresPermissions(PermissionConstants.PROJECT_ENVIRONMENT_READ_CREATE)
@MsAuditLog(module = OperLogModule.PROJECT_ENVIRONMENT_SETTING, type = OperLogConstants.CREATE, content = "#msClass.getLogDetails(#apiTestEnvironmentWithBLOBs.id)", msClass = ApiTestEnvironmentService.class)
public String create(@RequestPart("request") ApiTestEnvironmentDTO apiTestEnvironmentWithBLOBs, @RequestPart(value = "files", required = false) List<MultipartFile> sslFiles) {
checkParams(apiTestEnvironmentWithBLOBs);
@ -71,6 +74,7 @@ public class ApiTestEnvironmentController {
}
@PostMapping(value = "/update")
@RequiresPermissions(PermissionConstants.PROJECT_ENVIRONMENT_READ_EDIT)
@MsAuditLog(module = OperLogModule.PROJECT_ENVIRONMENT_SETTING, type = OperLogConstants.UPDATE, beforeEvent = "#msClass.getLogDetails(#apiTestEnvironment.id)", content = "#msClass.getLogDetails(#apiTestEnvironment.id)", msClass = ApiTestEnvironmentService.class)
public void update(@RequestPart("request") ApiTestEnvironmentDTO apiTestEnvironment, @RequestPart(value = "files", required = false) List<MultipartFile> sslFiles) {
checkParams(apiTestEnvironment);
@ -105,6 +109,7 @@ public class ApiTestEnvironmentController {
}
@GetMapping("/delete/{id}")
@RequiresPermissions(PermissionConstants.PROJECT_ENVIRONMENT_READ_DELETE)
@MsAuditLog(module = OperLogModule.PROJECT_ENVIRONMENT_SETTING, type = OperLogConstants.DELETE, beforeEvent = "#msClass.getLogDetails(#id)", msClass = ApiTestEnvironmentService.class)
public void delete(@PathVariable String id) {
apiTestEnvironmentService.delete(id);

View File

@ -10,6 +10,8 @@ import io.metersphere.commons.utils.Pager;
import io.metersphere.controller.request.CustomFunctionRequest;
import io.metersphere.dto.MsExecResponseDTO;
import io.metersphere.service.CustomFunctionService;
import org.apache.shiro.authz.annotation.Logical;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.springframework.web.bind.annotation.*;
import javax.annotation.Resource;
@ -27,16 +29,19 @@ public class CustomFunctionController {
private CustomFunctionService customFunctionService;
@PostMapping("/save")
@RequiresPermissions("PROJECT_CUSTOM_CODE:READ+CREATE")
public CustomFunctionWithBLOBs save(@RequestBody CustomFunctionRequest request) {
return customFunctionService.save(request);
}
@GetMapping("/delete/{id}")
@RequiresPermissions("PROJECT_CUSTOM_CODE:READ+DELETE")
public void delete(@PathVariable String id) {
customFunctionService.delete(id);
}
@PostMapping("/update")
@RequiresPermissions("PROJECT_CUSTOM_CODE:READ+EDIT")
public void update(@RequestBody CustomFunctionRequest request) {
customFunctionService.update(request);
}
@ -48,6 +53,7 @@ public class CustomFunctionController {
}
@GetMapping("/copy/{id}")
@RequiresPermissions("PROJECT_CUSTOM_CODE:READ+COPY")
public CustomFunctionWithBLOBs copy(@PathVariable String id) {
return customFunctionService.copy(id);
}
@ -58,6 +64,7 @@ public class CustomFunctionController {
}
@PostMapping("/run")
@RequiresPermissions(value = {"PROJECT_CUSTOM_CODE:READ+CREATE", "PROJECT_CUSTOM_CODE:READ+EDIT", "PROJECT_CUSTOM_CODE:READ+COPY"}, logical = Logical.OR)
public MsExecResponseDTO run(@RequestBody RunDefinitionRequest request) {
return customFunctionService.run(request);
}

View File

@ -54,6 +54,7 @@ public class GroupController {
}
@GetMapping("/get/all")
@RequiresPermissions(value = {PermissionConstants.SYSTEM_GROUP_READ, PermissionConstants.SYSTEM_USER_READ}, logical = Logical.OR)
public List<GroupDTO> getAllGroup() {
return groupService.getAllGroup();
}
@ -161,6 +162,7 @@ public class GroupController {
}
@PostMapping("/edit/member")
@RequiresPermissions(value = {PermissionConstants.SYSTEM_GROUP_READ_EDIT, PermissionConstants.PROJECT_GROUP_READ_EDIT}, logical = Logical.OR)
public void editGroupUser(@RequestBody EditGroupUserRequest request) {
groupService.editGroupUser(request);
}

View File

@ -7,6 +7,8 @@ import io.metersphere.commons.utils.Pager;
import io.metersphere.controller.request.JarConfigRequest;
import io.metersphere.log.annotation.MsAuditLog;
import io.metersphere.service.JarConfigService;
import org.apache.shiro.authz.annotation.Logical;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.springframework.web.bind.annotation.*;
import org.springframework.web.multipart.MultipartFile;
@ -21,33 +23,39 @@ public class JarConfigController {
JarConfigService JarConfigService;
@PostMapping("list/{goPage}/{pageSize}")
@RequiresPermissions(value = {"PROJECT_FILE:READ+JAR", "PROJECT_FILE:READ+FILE"}, logical = Logical.OR)
public Pager<List<JarConfig>> list(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody JarConfigRequest request) {
return JarConfigService.list(request, goPage, pageSize);
}
@GetMapping("list/all")
@RequiresPermissions(value = {"PROJECT_FILE:READ+JAR", "PROJECT_FILE:READ+FILE"}, logical = Logical.OR)
public List<JarConfig> listAll() {
return JarConfigService.list();
}
@GetMapping("/get/{id}")
@RequiresPermissions(value = {"PROJECT_FILE:READ+JAR", "PROJECT_FILE:READ+FILE"}, logical = Logical.OR)
public JarConfig get(@PathVariable String id) {
return JarConfigService.get(id);
}
@PostMapping(value = "/add", consumes = {"multipart/form-data"})
@RequiresPermissions(value = {"PROJECT_FILE:READ+UPLOAD+JAR", "PROJECT_FILE:READ+UPLOAD+FILE"}, logical = Logical.OR)
@MsAuditLog(module = OperLogModule.PROJECT_PROJECT_JAR, type = OperLogConstants.CREATE, content = "#msClass.getLogDetails(#request.id)", msClass = JarConfigService.class)
public String add(@RequestPart("request") JarConfig request, @RequestPart(value = "file", required = false) MultipartFile file) {
return JarConfigService.add(request, file);
}
@PostMapping(value = "/update", consumes = {"multipart/form-data"})
@RequiresPermissions(value = {"PROJECT_FILE:READ+UPLOAD+JAR", "PROJECT_FILE:READ+UPLOAD+FILE"}, logical = Logical.OR)
@MsAuditLog(module = OperLogModule.PROJECT_PROJECT_JAR, type = OperLogConstants.UPDATE, beforeEvent = "#msClass.getLogDetails(#request.id)", content = "#msClass.getLogDetails(#request.id)", msClass = JarConfigService.class)
public void update(@RequestPart("request") JarConfig request, @RequestPart(value = "file", required = false) MultipartFile file) {
JarConfigService.update(request, file);
}
@GetMapping("/delete/{id}")
@RequiresPermissions(value = {"PROJECT_FILE:READ+DELETE+JAR", "PROJECT_FILE:READ+DELETE+FILE"}, logical = Logical.OR)
@MsAuditLog(module = OperLogModule.PROJECT_PROJECT_JAR, type = OperLogConstants.DELETE, beforeEvent = "#msClass.getLogDetails(#id)", msClass = JarConfigService.class)
public void delete(@PathVariable String id) {
JarConfigService.delete(id);

View File

@ -135,6 +135,7 @@ public class ProjectController {
}
@PostMapping("/member/update")
@RequiresPermissions("PROJECT_USER:READ+EDIT")
@MsAuditLog(module = OperLogModule.PROJECT_PROJECT_MEMBER, type = OperLogConstants.UPDATE, beforeEvent = "#msClass.getLogDetails(#memberDTO)", content = "#msClass.getLogDetails(#memberDTO)", msClass = ProjectService.class)
public void updateMember(@RequestBody WorkspaceMemberDTO memberDTO) {
projectService.updateMember(memberDTO);

View File

@ -2,10 +2,12 @@ package io.metersphere.notice.controller;
import io.metersphere.commons.constants.OperLogConstants;
import io.metersphere.commons.constants.OperLogModule;
import io.metersphere.commons.constants.PermissionConstants;
import io.metersphere.commons.utils.SessionUtils;
import io.metersphere.log.annotation.MsAuditLog;
import io.metersphere.notice.domain.MessageDetail;
import io.metersphere.notice.service.NoticeService;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.springframework.web.bind.annotation.*;
import javax.annotation.Resource;
@ -18,6 +20,7 @@ public class NoticeController {
private NoticeService noticeService;
@PostMapping("save/message/task")
@RequiresPermissions(PermissionConstants.PROJECT_MESSAGE_READ_EDIT)
@MsAuditLog(module = OperLogModule.WORKSPACE_MESSAGE_SETTINGS, type = OperLogConstants.UPDATE, beforeEvent = "#msClass.getLogDetails(#messageDetail.id)", content = "#msClass.getLogDetails(#messageDetail.id)", msClass = NoticeService.class)
public void saveMessage(@RequestBody MessageDetail messageDetail) {
noticeService.saveMessageTask(messageDetail);
@ -35,6 +38,7 @@ public class NoticeController {
}
@GetMapping("/delete/message/{identification}")
@RequiresPermissions(PermissionConstants.PROJECT_MESSAGE_READ_EDIT)
@MsAuditLog(module = OperLogModule.WORKSPACE_MESSAGE_SETTINGS, type = OperLogConstants.DELETE, beforeEvent = "#msClass.getLogDetails(#identification)", msClass = NoticeService.class)
public int deleteMessage(@PathVariable String identification) {
return noticeService.delMessage(identification);