refactor(用例管理): 增加CheckOwner

This commit is contained in:
guoyuqi 2023-12-25 15:47:43 +08:00 committed by 刘瑞斌
parent a6d3c97375
commit 29dcd4d422
10 changed files with 72 additions and 0 deletions

View File

@ -15,6 +15,7 @@ import io.metersphere.system.log.annotation.Log;
import io.metersphere.system.log.constants.OperationLogType; import io.metersphere.system.log.constants.OperationLogType;
import io.metersphere.system.notice.annotation.SendNotice; import io.metersphere.system.notice.annotation.SendNotice;
import io.metersphere.system.notice.constants.NoticeConstants; import io.metersphere.system.notice.constants.NoticeConstants;
import io.metersphere.system.security.CheckOwner;
import io.metersphere.system.utils.PageUtils; import io.metersphere.system.utils.PageUtils;
import io.metersphere.system.utils.Pager; import io.metersphere.system.utils.Pager;
import io.metersphere.system.utils.SessionUtils; import io.metersphere.system.utils.SessionUtils;
@ -42,6 +43,7 @@ public class CaseReviewController {
@PostMapping("/page") @PostMapping("/page")
@Operation(summary = "用例管理-用例评审-用例列表查询") @Operation(summary = "用例管理-用例评审-用例列表查询")
@RequiresPermissions(PermissionConstants.CASE_REVIEW_READ) @RequiresPermissions(PermissionConstants.CASE_REVIEW_READ)
@CheckOwner(resourceId = "#request.getProjectId()", resourceType = "project")
public Pager<List<CaseReviewDTO>> getFunctionalCasePage(@Validated @RequestBody CaseReviewPageRequest request) { public Pager<List<CaseReviewDTO>> getFunctionalCasePage(@Validated @RequestBody CaseReviewPageRequest request) {
Page<Object> page = PageHelper.startPage(request.getCurrent(), request.getPageSize(), Page<Object> page = PageHelper.startPage(request.getCurrent(), request.getPageSize(),
StringUtils.isNotBlank(request.getSortString()) ? request.getSortString() : "pos desc"); StringUtils.isNotBlank(request.getSortString()) ? request.getSortString() : "pos desc");
@ -51,6 +53,7 @@ public class CaseReviewController {
@PostMapping("/module/count") @PostMapping("/module/count")
@Operation(summary = "用例管理-用例评审-表格分页查询文件") @Operation(summary = "用例管理-用例评审-表格分页查询文件")
@RequiresPermissions(PermissionConstants.CASE_REVIEW_READ) @RequiresPermissions(PermissionConstants.CASE_REVIEW_READ)
@CheckOwner(resourceId = "#request.getProjectId()", resourceType = "project")
public Map<String, Long> moduleCount(@Validated @RequestBody CaseReviewPageRequest request) { public Map<String, Long> moduleCount(@Validated @RequestBody CaseReviewPageRequest request) {
return caseReviewService.moduleCount(request); return caseReviewService.moduleCount(request);
} }
@ -60,6 +63,7 @@ public class CaseReviewController {
@Log(type = OperationLogType.ADD, expression = "#msClass.addCaseReviewLog(#request)", msClass = CaseReviewLogService.class) @Log(type = OperationLogType.ADD, expression = "#msClass.addCaseReviewLog(#request)", msClass = CaseReviewLogService.class)
@SendNotice(taskType = NoticeConstants.TaskType.CASE_REVIEW_TASK, event = NoticeConstants.Event.CREATE, target = "#targetClass.getMainCaseReview(#request)", targetClass = CaseReviewNoticeService.class) @SendNotice(taskType = NoticeConstants.TaskType.CASE_REVIEW_TASK, event = NoticeConstants.Event.CREATE, target = "#targetClass.getMainCaseReview(#request)", targetClass = CaseReviewNoticeService.class)
@RequiresPermissions(PermissionConstants.CASE_REVIEW_READ_ADD) @RequiresPermissions(PermissionConstants.CASE_REVIEW_READ_ADD)
@CheckOwner(resourceId = "#request.getProjectId()", resourceType = "project")
public void addCaseReview(@Validated @RequestBody CaseReviewRequest request) { public void addCaseReview(@Validated @RequestBody CaseReviewRequest request) {
caseReviewService.addCaseReview(request, SessionUtils.getUserId()); caseReviewService.addCaseReview(request, SessionUtils.getUserId());
} }
@ -69,6 +73,7 @@ public class CaseReviewController {
@Log(type = OperationLogType.COPY, expression = "#msClass.copyCaseReviewLog(#request)", msClass = CaseReviewLogService.class) @Log(type = OperationLogType.COPY, expression = "#msClass.copyCaseReviewLog(#request)", msClass = CaseReviewLogService.class)
@SendNotice(taskType = NoticeConstants.TaskType.CASE_REVIEW_TASK, event = NoticeConstants.Event.CREATE, target = "#targetClass.getMainCaseReview(#request)", targetClass = CaseReviewNoticeService.class) @SendNotice(taskType = NoticeConstants.TaskType.CASE_REVIEW_TASK, event = NoticeConstants.Event.CREATE, target = "#targetClass.getMainCaseReview(#request)", targetClass = CaseReviewNoticeService.class)
@RequiresPermissions(PermissionConstants.CASE_REVIEW_READ_ADD) @RequiresPermissions(PermissionConstants.CASE_REVIEW_READ_ADD)
@CheckOwner(resourceId = "#request.getProjectId()", resourceType = "project")
public void copyCaseReview(@Validated @RequestBody CaseReviewRequest request) { public void copyCaseReview(@Validated @RequestBody CaseReviewRequest request) {
caseReviewService.addCaseReview(request, SessionUtils.getUserId()); caseReviewService.addCaseReview(request, SessionUtils.getUserId());
} }
@ -78,6 +83,7 @@ public class CaseReviewController {
@Log(type = OperationLogType.UPDATE, expression = "#msClass.updateCaseReviewLog(#request)", msClass = CaseReviewLogService.class) @Log(type = OperationLogType.UPDATE, expression = "#msClass.updateCaseReviewLog(#request)", msClass = CaseReviewLogService.class)
@SendNotice(taskType = NoticeConstants.TaskType.CASE_REVIEW_TASK, event = NoticeConstants.Event.UPDATE, target = "#targetClass.getMainCaseReview(#request)", targetClass = CaseReviewNoticeService.class) @SendNotice(taskType = NoticeConstants.TaskType.CASE_REVIEW_TASK, event = NoticeConstants.Event.UPDATE, target = "#targetClass.getMainCaseReview(#request)", targetClass = CaseReviewNoticeService.class)
@RequiresPermissions(PermissionConstants.CASE_REVIEW_READ_UPDATE) @RequiresPermissions(PermissionConstants.CASE_REVIEW_READ_UPDATE)
@CheckOwner(resourceId = "#request.getProjectId()", resourceType = "project")
public void editCaseReview(@Validated({Updated.class}) @RequestBody CaseReviewRequest request) { public void editCaseReview(@Validated({Updated.class}) @RequestBody CaseReviewRequest request) {
caseReviewService.editCaseReview(request, SessionUtils.getUserId()); caseReviewService.editCaseReview(request, SessionUtils.getUserId());
} }
@ -85,6 +91,7 @@ public class CaseReviewController {
@GetMapping("/user-option/{projectId}") @GetMapping("/user-option/{projectId}")
@Operation(summary = "用例管理-用例评审-获取具有评审权限的用户") @Operation(summary = "用例管理-用例评审-获取具有评审权限的用户")
@RequiresPermissions(value = {PermissionConstants.CASE_REVIEW_READ_ADD,PermissionConstants.CASE_REVIEW_READ_UPDATE}, logical = Logical.OR) @RequiresPermissions(value = {PermissionConstants.CASE_REVIEW_READ_ADD,PermissionConstants.CASE_REVIEW_READ_UPDATE}, logical = Logical.OR)
@CheckOwner(resourceId = "#projectId", resourceType = "project")
public List<User> getReviewUserList(@PathVariable String projectId, @Schema(description = "查询关键字,根据邮箱和用户名查询") public List<User> getReviewUserList(@PathVariable String projectId, @Schema(description = "查询关键字,根据邮箱和用户名查询")
@RequestParam(value = "keyword", required = false) String keyword) { @RequestParam(value = "keyword", required = false) String keyword) {
return caseReviewService.getReviewUserList(projectId, keyword); return caseReviewService.getReviewUserList(projectId, keyword);
@ -93,6 +100,7 @@ public class CaseReviewController {
@PostMapping("/edit/follower") @PostMapping("/edit/follower")
@Operation(summary = "用例管理-用例评审-关注/取消关注用例") @Operation(summary = "用例管理-用例评审-关注/取消关注用例")
@RequiresPermissions(PermissionConstants.CASE_REVIEW_READ_UPDATE) @RequiresPermissions(PermissionConstants.CASE_REVIEW_READ_UPDATE)
@CheckOwner(resourceId = "#request.getCaseReviewId()", resourceType = "case_review")
public void editFollower(@Validated @RequestBody CaseReviewFollowerRequest request) { public void editFollower(@Validated @RequestBody CaseReviewFollowerRequest request) {
caseReviewService.editFollower(request.getCaseReviewId(), SessionUtils.getUserId()); caseReviewService.editFollower(request.getCaseReviewId(), SessionUtils.getUserId());
} }
@ -101,6 +109,7 @@ public class CaseReviewController {
@Operation(summary = "用例管理-用例评审-关联用例") @Operation(summary = "用例管理-用例评审-关联用例")
@Log(type = OperationLogType.ASSOCIATE, expression = "#msClass.associateCaseLog(#request)", msClass = CaseReviewLogService.class) @Log(type = OperationLogType.ASSOCIATE, expression = "#msClass.associateCaseLog(#request)", msClass = CaseReviewLogService.class)
@RequiresPermissions(PermissionConstants.CASE_REVIEW_RELEVANCE) @RequiresPermissions(PermissionConstants.CASE_REVIEW_RELEVANCE)
@CheckOwner(resourceId = "#request.getProjectId()", resourceType = "project")
public void associateCase(@Validated @RequestBody CaseReviewAssociateRequest request) { public void associateCase(@Validated @RequestBody CaseReviewAssociateRequest request) {
caseReviewService.associateCase(request, SessionUtils.getUserId()); caseReviewService.associateCase(request, SessionUtils.getUserId());
} }
@ -109,6 +118,7 @@ public class CaseReviewController {
@Operation(summary = "用例管理-用例评审-取消关联用例") @Operation(summary = "用例管理-用例评审-取消关联用例")
@Log(type = OperationLogType.DISASSOCIATE, expression = "#msClass.disAssociateCaseLog(#reviewId, #caseId)", msClass = CaseReviewLogService.class) @Log(type = OperationLogType.DISASSOCIATE, expression = "#msClass.disAssociateCaseLog(#reviewId, #caseId)", msClass = CaseReviewLogService.class)
@RequiresPermissions(PermissionConstants.CASE_REVIEW_RELEVANCE) @RequiresPermissions(PermissionConstants.CASE_REVIEW_RELEVANCE)
@CheckOwner(resourceId = "#reviewId", resourceType = "case_review")
public void disassociate(@PathVariable String reviewId, @PathVariable String caseId) { public void disassociate(@PathVariable String reviewId, @PathVariable String caseId) {
caseReviewService.disassociate(reviewId, caseId, SessionUtils.getUserId()); caseReviewService.disassociate(reviewId, caseId, SessionUtils.getUserId());
} }
@ -116,6 +126,7 @@ public class CaseReviewController {
@PostMapping("/edit/pos") @PostMapping("/edit/pos")
@Operation(summary = "用例管理-用例评审-拖拽排序") @Operation(summary = "用例管理-用例评审-拖拽排序")
@RequiresPermissions(PermissionConstants.CASE_REVIEW_READ_UPDATE) @RequiresPermissions(PermissionConstants.CASE_REVIEW_READ_UPDATE)
@CheckOwner(resourceId = "#request.getProjectId()", resourceType = "project")
public void editPos(@Validated @RequestBody PosRequest request) { public void editPos(@Validated @RequestBody PosRequest request) {
caseReviewService.editPos(request); caseReviewService.editPos(request);
} }
@ -123,6 +134,7 @@ public class CaseReviewController {
@GetMapping("/detail/{id}") @GetMapping("/detail/{id}")
@Operation(summary = "用例管理-用例评审-查看评审详情") @Operation(summary = "用例管理-用例评审-查看评审详情")
@RequiresPermissions(PermissionConstants.CASE_REVIEW_READ) @RequiresPermissions(PermissionConstants.CASE_REVIEW_READ)
@CheckOwner(resourceId = "#reviewId", resourceType = "case_review")
public CaseReviewDTO getCaseReviewDetail(@PathVariable String id) { public CaseReviewDTO getCaseReviewDetail(@PathVariable String id) {
return caseReviewService.getCaseReviewDetail(id, SessionUtils.getUserId()); return caseReviewService.getCaseReviewDetail(id, SessionUtils.getUserId());
} }
@ -130,6 +142,7 @@ public class CaseReviewController {
@PostMapping("batch/move") @PostMapping("batch/move")
@Operation(summary = "用例管理-用例评审-批量移动用例评审") @Operation(summary = "用例管理-用例评审-批量移动用例评审")
@RequiresPermissions(PermissionConstants.CASE_REVIEW_READ_UPDATE) @RequiresPermissions(PermissionConstants.CASE_REVIEW_READ_UPDATE)
@CheckOwner(resourceId = "#request.getProjectId()", resourceType = "project")
public void batchMoveCaseReview(@Validated @RequestBody CaseReviewBatchRequest request) { public void batchMoveCaseReview(@Validated @RequestBody CaseReviewBatchRequest request) {
caseReviewService.batchMoveCaseReview(request, SessionUtils.getUserId()); caseReviewService.batchMoveCaseReview(request, SessionUtils.getUserId());
} }
@ -139,6 +152,7 @@ public class CaseReviewController {
@RequiresPermissions(PermissionConstants.CASE_REVIEW_READ_DELETE) @RequiresPermissions(PermissionConstants.CASE_REVIEW_READ_DELETE)
@SendNotice(taskType = NoticeConstants.TaskType.CASE_REVIEW_TASK, event = NoticeConstants.Event.DELETE, target = "#targetClass.getMainCaseReview(#reviewId)", targetClass = CaseReviewNoticeService.class) @SendNotice(taskType = NoticeConstants.TaskType.CASE_REVIEW_TASK, event = NoticeConstants.Event.DELETE, target = "#targetClass.getMainCaseReview(#reviewId)", targetClass = CaseReviewNoticeService.class)
@Log(type = OperationLogType.DELETE, expression = "#msClass.deleteFunctionalCaseLog(#reviewId)", msClass = CaseReviewLogService.class) @Log(type = OperationLogType.DELETE, expression = "#msClass.deleteFunctionalCaseLog(#reviewId)", msClass = CaseReviewLogService.class)
@CheckOwner(resourceId = "#projectId", resourceType = "project")
public void deleteCaseReview(@PathVariable String reviewId, @PathVariable String projectId) { public void deleteCaseReview(@PathVariable String reviewId, @PathVariable String projectId) {
caseReviewService.deleteCaseReview(reviewId, projectId); caseReviewService.deleteCaseReview(reviewId, projectId);
} }

View File

@ -14,6 +14,7 @@ import io.metersphere.functional.service.CaseReviewLogService;
import io.metersphere.sdk.constants.PermissionConstants; import io.metersphere.sdk.constants.PermissionConstants;
import io.metersphere.system.log.annotation.Log; import io.metersphere.system.log.annotation.Log;
import io.metersphere.system.log.constants.OperationLogType; import io.metersphere.system.log.constants.OperationLogType;
import io.metersphere.system.security.CheckOwner;
import io.metersphere.system.utils.PageUtils; import io.metersphere.system.utils.PageUtils;
import io.metersphere.system.utils.Pager; import io.metersphere.system.utils.Pager;
import io.metersphere.system.utils.SessionUtils; import io.metersphere.system.utils.SessionUtils;
@ -40,6 +41,7 @@ public class CaseReviewFunctionalCaseController {
@GetMapping("/get-ids/{reviewId}") @GetMapping("/get-ids/{reviewId}")
@Operation(summary = "用例管理-功能用例-评审列表-评审详情-获取已关联用例id集合(关联用例弹窗前调用)") @Operation(summary = "用例管理-功能用例-评审列表-评审详情-获取已关联用例id集合(关联用例弹窗前调用)")
@CheckOwner(resourceId = "#reviewId", resourceType = "case_review")
public List<String> getCaseIds(@PathVariable String reviewId) { public List<String> getCaseIds(@PathVariable String reviewId) {
return caseReviewFunctionalCaseService.getCaseIdsByReviewId(reviewId); return caseReviewFunctionalCaseService.getCaseIdsByReviewId(reviewId);
} }
@ -60,6 +62,7 @@ public class CaseReviewFunctionalCaseController {
@PostMapping("/batch/disassociate") @PostMapping("/batch/disassociate")
@Operation(summary = "用例管理-功能用例-评审列表-评审详情-列表-批量取消关联用例") @Operation(summary = "用例管理-功能用例-评审列表-评审详情-列表-批量取消关联用例")
@Log(type = OperationLogType.DISASSOCIATE, expression = "#msClass.batchDisassociateCaseLog(#request)", msClass = CaseReviewLogService.class) @Log(type = OperationLogType.DISASSOCIATE, expression = "#msClass.batchDisassociateCaseLog(#request)", msClass = CaseReviewLogService.class)
@CheckOwner(resourceId = "#request.getReviewId()", resourceType = "case_review")
public void batchDisassociate(@Validated @RequestBody BaseReviewCaseBatchRequest request) { public void batchDisassociate(@Validated @RequestBody BaseReviewCaseBatchRequest request) {
caseReviewFunctionalCaseService.disassociate(request, SessionUtils.getUserId()); caseReviewFunctionalCaseService.disassociate(request, SessionUtils.getUserId());
} }
@ -67,6 +70,7 @@ public class CaseReviewFunctionalCaseController {
@PostMapping("/edit/pos") @PostMapping("/edit/pos")
@Operation(summary = "用例管理-功能用例-评审列表-评审详情-列表-拖拽排序") @Operation(summary = "用例管理-功能用例-评审列表-评审详情-列表-拖拽排序")
@RequiresPermissions(PermissionConstants.CASE_REVIEW_READ_UPDATE) @RequiresPermissions(PermissionConstants.CASE_REVIEW_READ_UPDATE)
@CheckOwner(resourceId = "#request.getProjectId()", resourceType = "project")
public void editPos(@Validated @RequestBody CaseReviewFunctionalCasePosRequest request) { public void editPos(@Validated @RequestBody CaseReviewFunctionalCasePosRequest request) {
caseReviewFunctionalCaseService.editPos(request); caseReviewFunctionalCaseService.editPos(request);
} }
@ -74,6 +78,7 @@ public class CaseReviewFunctionalCaseController {
@PostMapping("/batch/review") @PostMapping("/batch/review")
@Operation(summary = "用例管理-功能用例-评审列表-评审详情-列表-批量评审") @Operation(summary = "用例管理-功能用例-评审列表-评审详情-列表-批量评审")
@RequiresPermissions(PermissionConstants.CASE_REVIEW_REVIEW) @RequiresPermissions(PermissionConstants.CASE_REVIEW_REVIEW)
@CheckOwner(resourceId = "#request.getReviewId()", resourceType = "case_review")
public void batchReview(@Validated @RequestBody BatchReviewFunctionalCaseRequest request) { public void batchReview(@Validated @RequestBody BatchReviewFunctionalCaseRequest request) {
caseReviewFunctionalCaseService.batchReview(request, SessionUtils.getUserId()); caseReviewFunctionalCaseService.batchReview(request, SessionUtils.getUserId());
} }

View File

@ -6,6 +6,7 @@ import io.metersphere.functional.service.CaseReviewModuleService;
import io.metersphere.sdk.constants.PermissionConstants; import io.metersphere.sdk.constants.PermissionConstants;
import io.metersphere.system.dto.sdk.BaseTreeNode; import io.metersphere.system.dto.sdk.BaseTreeNode;
import io.metersphere.system.dto.sdk.request.NodeMoveRequest; import io.metersphere.system.dto.sdk.request.NodeMoveRequest;
import io.metersphere.system.security.CheckOwner;
import io.metersphere.system.utils.SessionUtils; import io.metersphere.system.utils.SessionUtils;
import io.swagger.v3.oas.annotations.Operation; import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.tags.Tag; import io.swagger.v3.oas.annotations.tags.Tag;
@ -27,6 +28,7 @@ public class CaseReviewModuleController {
@GetMapping("/tree/{projectId}") @GetMapping("/tree/{projectId}")
@Operation(summary = "用例管理-用例评审-模块-获取模块树") @Operation(summary = "用例管理-用例评审-模块-获取模块树")
@RequiresPermissions(PermissionConstants.CASE_REVIEW_READ) @RequiresPermissions(PermissionConstants.CASE_REVIEW_READ)
@CheckOwner(resourceId = "#projectId", resourceType = "project")
public List<BaseTreeNode> getTree(@PathVariable String projectId) { public List<BaseTreeNode> getTree(@PathVariable String projectId) {
return caseReviewModuleService.getTree(projectId); return caseReviewModuleService.getTree(projectId);
} }
@ -34,6 +36,7 @@ public class CaseReviewModuleController {
@PostMapping("/add") @PostMapping("/add")
@Operation(summary = "用例管理-用例评审-模块-添加模块") @Operation(summary = "用例管理-用例评审-模块-添加模块")
@RequiresPermissions(PermissionConstants.CASE_REVIEW_READ_ADD) @RequiresPermissions(PermissionConstants.CASE_REVIEW_READ_ADD)
@CheckOwner(resourceId = "#request.getProjectId()", resourceType = "project")
public void add(@RequestBody @Validated CaseReviewModuleCreateRequest request) { public void add(@RequestBody @Validated CaseReviewModuleCreateRequest request) {
caseReviewModuleService.add(request, SessionUtils.getUserId()); caseReviewModuleService.add(request, SessionUtils.getUserId());
} }
@ -41,6 +44,7 @@ public class CaseReviewModuleController {
@PostMapping("/update") @PostMapping("/update")
@Operation(summary = "用例管理-用例评审-模块-修改模块") @Operation(summary = "用例管理-用例评审-模块-修改模块")
@RequiresPermissions(PermissionConstants.CASE_REVIEW_READ_UPDATE) @RequiresPermissions(PermissionConstants.CASE_REVIEW_READ_UPDATE)
@CheckOwner(resourceId = "#request.getId()", resourceType = "case_review_module")
public void list(@RequestBody @Validated CaseReviewModuleUpdateRequest request) { public void list(@RequestBody @Validated CaseReviewModuleUpdateRequest request) {
caseReviewModuleService.update(request, SessionUtils.getUserId()); caseReviewModuleService.update(request, SessionUtils.getUserId());
} }
@ -48,6 +52,7 @@ public class CaseReviewModuleController {
@PostMapping("/move") @PostMapping("/move")
@Operation(summary = "用例管理-用例评审-模块-移动模块") @Operation(summary = "用例管理-用例评审-模块-移动模块")
@RequiresPermissions(PermissionConstants.CASE_REVIEW_READ_UPDATE) @RequiresPermissions(PermissionConstants.CASE_REVIEW_READ_UPDATE)
@CheckOwner(resourceId = "#request.getDragNodeId()", resourceType = "case_review_module")
public void moveNode(@Validated @RequestBody NodeMoveRequest request) { public void moveNode(@Validated @RequestBody NodeMoveRequest request) {
caseReviewModuleService.moveNode(request, SessionUtils.getUserId()); caseReviewModuleService.moveNode(request, SessionUtils.getUserId());
} }
@ -55,6 +60,7 @@ public class CaseReviewModuleController {
@GetMapping("/delete/{moduleId}") @GetMapping("/delete/{moduleId}")
@Operation(summary = "用例管理-用例评审-模块-删除模块") @Operation(summary = "用例管理-用例评审-模块-删除模块")
@RequiresPermissions(PermissionConstants.CASE_REVIEW_READ_DELETE) @RequiresPermissions(PermissionConstants.CASE_REVIEW_READ_DELETE)
@CheckOwner(resourceId = "#moduleId", resourceType = "case_review_module")
public void deleteNode(@PathVariable String moduleId) { public void deleteNode(@PathVariable String moduleId) {
caseReviewModuleService.deleteModule(moduleId); caseReviewModuleService.deleteModule(moduleId);
} }

View File

@ -19,6 +19,7 @@ import io.metersphere.sdk.util.FileAssociationSourceUtil;
import io.metersphere.sdk.util.Translator; import io.metersphere.sdk.util.Translator;
import io.metersphere.system.dto.sdk.BaseTreeNode; import io.metersphere.system.dto.sdk.BaseTreeNode;
import io.metersphere.system.log.constants.OperationLogModule; import io.metersphere.system.log.constants.OperationLogModule;
import io.metersphere.system.security.CheckOwner;
import io.metersphere.system.utils.Pager; import io.metersphere.system.utils.Pager;
import io.metersphere.system.utils.SessionUtils; import io.metersphere.system.utils.SessionUtils;
import io.swagger.v3.oas.annotations.Operation; import io.swagger.v3.oas.annotations.Operation;
@ -56,6 +57,7 @@ public class FunctionalCaseAttachmentController {
@PostMapping("/page") @PostMapping("/page")
@Operation(summary = "用例管理-功能用例-附件-关联文件列表分页接口") @Operation(summary = "用例管理-功能用例-附件-关联文件列表分页接口")
@RequiresPermissions(PermissionConstants.FUNCTIONAL_CASE_READ) @RequiresPermissions(PermissionConstants.FUNCTIONAL_CASE_READ)
@CheckOwner(resourceId = "#request.getProjectId()", resourceType = "project")
public Pager<List<FileInformationResponse>> page(@Validated @RequestBody FileMetadataTableRequest request) { public Pager<List<FileInformationResponse>> page(@Validated @RequestBody FileMetadataTableRequest request) {
return fileMetadataService.page(request); return fileMetadataService.page(request);
} }
@ -64,6 +66,7 @@ public class FunctionalCaseAttachmentController {
@PostMapping("/preview") @PostMapping("/preview")
@Operation(summary = "用例管理-功能用例-附件-文件预览") @Operation(summary = "用例管理-功能用例-附件-文件预览")
@RequiresPermissions(PermissionConstants.FUNCTIONAL_CASE_READ) @RequiresPermissions(PermissionConstants.FUNCTIONAL_CASE_READ)
@CheckOwner(resourceId = "#request.getProjectId()", resourceType = "project")
public ResponseEntity<byte[]> preview(@Validated @RequestBody FunctionalCaseFileRequest request) throws Exception { public ResponseEntity<byte[]> preview(@Validated @RequestBody FunctionalCaseFileRequest request) throws Exception {
if (request.getLocal()) { if (request.getLocal()) {
//本地 //本地
@ -78,6 +81,7 @@ public class FunctionalCaseAttachmentController {
@PostMapping("/download") @PostMapping("/download")
@Operation(summary = "用例管理-功能用例-附件-文件下载") @Operation(summary = "用例管理-功能用例-附件-文件下载")
@RequiresPermissions(PermissionConstants.FUNCTIONAL_CASE_READ) @RequiresPermissions(PermissionConstants.FUNCTIONAL_CASE_READ)
@CheckOwner(resourceId = "#request.getProjectId()", resourceType = "project")
public ResponseEntity<byte[]> download(@Validated @RequestBody FunctionalCaseFileRequest request) throws Exception { public ResponseEntity<byte[]> download(@Validated @RequestBody FunctionalCaseFileRequest request) throws Exception {
if (request.getLocal()) { if (request.getLocal()) {
//本地 //本地
@ -100,6 +104,7 @@ public class FunctionalCaseAttachmentController {
@GetMapping("/update/{projectId}/{id}") @GetMapping("/update/{projectId}/{id}")
@Operation(summary = "用例管理-功能用例-附件-更新文件") @Operation(summary = "用例管理-功能用例-附件-更新文件")
@RequiresPermissions(PermissionConstants.FUNCTIONAL_CASE_READ) @RequiresPermissions(PermissionConstants.FUNCTIONAL_CASE_READ)
@CheckOwner(resourceId = "#projectId", resourceType = "project")
public String update(@PathVariable String projectId, @PathVariable String id) { public String update(@PathVariable String projectId, @PathVariable String id) {
FileLogRecord fileLogRecord = FileLogRecord.builder() FileLogRecord fileLogRecord = FileLogRecord.builder()
.logModule(OperationLogModule.FUNCTIONAL_CASE) .logModule(OperationLogModule.FUNCTIONAL_CASE)
@ -113,6 +118,7 @@ public class FunctionalCaseAttachmentController {
@PostMapping("/transfer") @PostMapping("/transfer")
@Operation(summary = "用例管理-功能用例-附件-文件转存") @Operation(summary = "用例管理-功能用例-附件-文件转存")
@RequiresPermissions(PermissionConstants.FUNCTIONAL_CASE_READ) @RequiresPermissions(PermissionConstants.FUNCTIONAL_CASE_READ)
@CheckOwner(resourceId = "#request.getProjectId()", resourceType = "project")
public String transfer(@Validated @RequestBody AttachmentTransferRequest request) { public String transfer(@Validated @RequestBody AttachmentTransferRequest request) {
byte[] fileByte = functionalCaseAttachmentService.getFileByte(request); byte[] fileByte = functionalCaseAttachmentService.getFileByte(request);
FunctionalCaseAttachment attachment = functionalCaseAttachmentService.getAttachment(request); FunctionalCaseAttachment attachment = functionalCaseAttachmentService.getAttachment(request);
@ -139,6 +145,7 @@ public class FunctionalCaseAttachmentController {
@PostMapping("/upload/file") @PostMapping("/upload/file")
@Operation(summary = "用例管理-功能用例-上传文件并关联用例") @Operation(summary = "用例管理-功能用例-上传文件并关联用例")
@RequiresPermissions(PermissionConstants.FUNCTIONAL_CASE_READ_UPDATE) @RequiresPermissions(PermissionConstants.FUNCTIONAL_CASE_READ_UPDATE)
@CheckOwner(resourceId = "#request.getProjectId()", resourceType = "project")
public void uploadFile(@Validated @RequestPart("request") FunctionalCaseAssociationFileRequest request, @RequestPart(value = "file", required = false) MultipartFile file) { public void uploadFile(@Validated @RequestPart("request") FunctionalCaseAssociationFileRequest request, @RequestPart(value = "file", required = false) MultipartFile file) {
String userId = SessionUtils.getUserId(); String userId = SessionUtils.getUserId();
functionalCaseAttachmentService.uploadOrAssociationFile(request, file, userId); functionalCaseAttachmentService.uploadOrAssociationFile(request, file, userId);
@ -147,6 +154,7 @@ public class FunctionalCaseAttachmentController {
@PostMapping("/delete/file") @PostMapping("/delete/file")
@Operation(summary = "用例管理-功能用例-删除文件并取消关联用例") @Operation(summary = "用例管理-功能用例-删除文件并取消关联用例")
@RequiresPermissions(PermissionConstants.FUNCTIONAL_CASE_READ_UPDATE) @RequiresPermissions(PermissionConstants.FUNCTIONAL_CASE_READ_UPDATE)
@CheckOwner(resourceId = "#request.getProjectId()", resourceType = "project")
public void deleteFile(@Validated @RequestBody FunctionalCaseDeleteFileRequest request) { public void deleteFile(@Validated @RequestBody FunctionalCaseDeleteFileRequest request) {
String userId = SessionUtils.getUserId(); String userId = SessionUtils.getUserId();
functionalCaseAttachmentService.deleteFile(request, userId); functionalCaseAttachmentService.deleteFile(request, userId);
@ -156,6 +164,7 @@ public class FunctionalCaseAttachmentController {
@GetMapping("/options/{projectId}") @GetMapping("/options/{projectId}")
@Operation(summary = "用例管理-功能用例-附件-转存目录下拉框") @Operation(summary = "用例管理-功能用例-附件-转存目录下拉框")
@RequiresPermissions(PermissionConstants.FUNCTIONAL_CASE_READ) @RequiresPermissions(PermissionConstants.FUNCTIONAL_CASE_READ)
@CheckOwner(resourceId = "#projectId", resourceType = "project")
public List<BaseTreeNode> options(@PathVariable String projectId) { public List<BaseTreeNode> options(@PathVariable String projectId) {
return fileModuleService.getTree(projectId); return fileModuleService.getTree(projectId);
} }

View File

@ -5,6 +5,7 @@ import io.metersphere.functional.dto.FunctionalCaseCommentDTO;
import io.metersphere.functional.request.FunctionalCaseCommentRequest; import io.metersphere.functional.request.FunctionalCaseCommentRequest;
import io.metersphere.functional.service.FunctionalCaseCommentService; import io.metersphere.functional.service.FunctionalCaseCommentService;
import io.metersphere.sdk.constants.PermissionConstants; import io.metersphere.sdk.constants.PermissionConstants;
import io.metersphere.system.security.CheckOwner;
import io.metersphere.system.utils.SessionUtils; import io.metersphere.system.utils.SessionUtils;
import io.metersphere.validation.groups.Created; import io.metersphere.validation.groups.Created;
import io.metersphere.validation.groups.Updated; import io.metersphere.validation.groups.Updated;
@ -28,6 +29,7 @@ public class FunctionalCaseCommentController {
@PostMapping("/save") @PostMapping("/save")
@Operation(summary = "用例管理-功能用例-用例评论-创建评论") @Operation(summary = "用例管理-功能用例-用例评论-创建评论")
@RequiresPermissions(PermissionConstants.FUNCTIONAL_CASE_READ_COMMENT) @RequiresPermissions(PermissionConstants.FUNCTIONAL_CASE_READ_COMMENT)
@CheckOwner(resourceId = "#functionalCaseCommentRequest.getCaseId()", resourceType = "functional_case")
public FunctionalCaseComment saveComment(@Validated({Created.class}) @RequestBody FunctionalCaseCommentRequest functionalCaseCommentRequest) { public FunctionalCaseComment saveComment(@Validated({Created.class}) @RequestBody FunctionalCaseCommentRequest functionalCaseCommentRequest) {
return functionalCaseCommentService.saveComment(functionalCaseCommentRequest, SessionUtils.getUserId()); return functionalCaseCommentService.saveComment(functionalCaseCommentRequest, SessionUtils.getUserId());
} }
@ -35,6 +37,7 @@ public class FunctionalCaseCommentController {
@PostMapping("/update") @PostMapping("/update")
@Operation(summary = "用例管理-功能用例-用例评论-修改评论") @Operation(summary = "用例管理-功能用例-用例评论-修改评论")
@RequiresPermissions(PermissionConstants.FUNCTIONAL_CASE_READ_COMMENT) @RequiresPermissions(PermissionConstants.FUNCTIONAL_CASE_READ_COMMENT)
@CheckOwner(resourceId = "#functionalCaseCommentRequest.getCaseId()", resourceType = "functional_case")
public FunctionalCaseComment updateComment(@Validated({Updated.class}) @RequestBody FunctionalCaseCommentRequest functionalCaseCommentRequest) { public FunctionalCaseComment updateComment(@Validated({Updated.class}) @RequestBody FunctionalCaseCommentRequest functionalCaseCommentRequest) {
return functionalCaseCommentService.updateComment(functionalCaseCommentRequest, SessionUtils.getUserId()); return functionalCaseCommentService.updateComment(functionalCaseCommentRequest, SessionUtils.getUserId());
} }
@ -49,6 +52,7 @@ public class FunctionalCaseCommentController {
@GetMapping("/get/list/{caseId}") @GetMapping("/get/list/{caseId}")
@Operation(summary = "用例管理-功能用例-用例评论-获取用例评论") @Operation(summary = "用例管理-功能用例-用例评论-获取用例评论")
@RequiresPermissions(PermissionConstants.FUNCTIONAL_CASE_READ_COMMENT) @RequiresPermissions(PermissionConstants.FUNCTIONAL_CASE_READ_COMMENT)
@CheckOwner(resourceId = "#caseId", resourceType = "functional_case")
public List<FunctionalCaseCommentDTO> getCommentList(@PathVariable String caseId) { public List<FunctionalCaseCommentDTO> getCommentList(@PathVariable String caseId) {
return functionalCaseCommentService.getCommentList(caseId); return functionalCaseCommentService.getCommentList(caseId);
} }

View File

@ -21,6 +21,7 @@ import io.metersphere.system.log.annotation.Log;
import io.metersphere.system.log.constants.OperationLogType; import io.metersphere.system.log.constants.OperationLogType;
import io.metersphere.system.notice.annotation.SendNotice; import io.metersphere.system.notice.annotation.SendNotice;
import io.metersphere.system.notice.constants.NoticeConstants; import io.metersphere.system.notice.constants.NoticeConstants;
import io.metersphere.system.security.CheckOwner;
import io.metersphere.system.utils.PageUtils; import io.metersphere.system.utils.PageUtils;
import io.metersphere.system.utils.Pager; import io.metersphere.system.utils.Pager;
import io.metersphere.system.utils.SessionUtils; import io.metersphere.system.utils.SessionUtils;
@ -56,6 +57,7 @@ public class FunctionalCaseController {
@GetMapping("/default/template/field/{projectId}") @GetMapping("/default/template/field/{projectId}")
@Operation(summary = "用例管理-功能用例-获取默认模板自定义字段") @Operation(summary = "用例管理-功能用例-获取默认模板自定义字段")
@RequiresPermissions(PermissionConstants.FUNCTIONAL_CASE_READ_ADD) @RequiresPermissions(PermissionConstants.FUNCTIONAL_CASE_READ_ADD)
@CheckOwner(resourceId = "#projectId", resourceType = "project")
public TemplateDTO getDefaultTemplateField(@PathVariable String projectId) { public TemplateDTO getDefaultTemplateField(@PathVariable String projectId) {
TemplateDTO defaultTemplateDTO = projectTemplateService.getDefaultTemplateDTO(projectId, TemplateScene.FUNCTIONAL.name()); TemplateDTO defaultTemplateDTO = projectTemplateService.getDefaultTemplateDTO(projectId, TemplateScene.FUNCTIONAL.name());
return defaultTemplateDTO; return defaultTemplateDTO;
@ -67,6 +69,7 @@ public class FunctionalCaseController {
@RequiresPermissions(PermissionConstants.FUNCTIONAL_CASE_READ_ADD) @RequiresPermissions(PermissionConstants.FUNCTIONAL_CASE_READ_ADD)
@Log(type = OperationLogType.ADD, expression = "#msClass.addFunctionalCaseLog(#request, #files)", msClass = FunctionalCaseLogService.class) @Log(type = OperationLogType.ADD, expression = "#msClass.addFunctionalCaseLog(#request, #files)", msClass = FunctionalCaseLogService.class)
@SendNotice(taskType = NoticeConstants.TaskType.FUNCTIONAL_CASE_TASK, event = NoticeConstants.Event.CREATE, target = "#targetClass.getMainFunctionalCaseDTO(#request.name, #request.caseEditType, #request.projectId, #request.customFields)", targetClass = FunctionalCaseNoticeService.class) @SendNotice(taskType = NoticeConstants.TaskType.FUNCTIONAL_CASE_TASK, event = NoticeConstants.Event.CREATE, target = "#targetClass.getMainFunctionalCaseDTO(#request.name, #request.caseEditType, #request.projectId, #request.customFields)", targetClass = FunctionalCaseNoticeService.class)
@CheckOwner(resourceId = "#request.getProjectId()", resourceType = "project")
public FunctionalCase addFunctionalCase(@Validated @RequestPart("request") FunctionalCaseAddRequest request, @RequestPart(value = "files", required = false) List<MultipartFile> files) { public FunctionalCase addFunctionalCase(@Validated @RequestPart("request") FunctionalCaseAddRequest request, @RequestPart(value = "files", required = false) List<MultipartFile> files) {
String userId = SessionUtils.getUserId(); String userId = SessionUtils.getUserId();
return functionalCaseService.addFunctionalCase(request, files, userId); return functionalCaseService.addFunctionalCase(request, files, userId);
@ -76,6 +79,7 @@ public class FunctionalCaseController {
@GetMapping("/detail/{id}") @GetMapping("/detail/{id}")
@Operation(summary = "用例管理-功能用例-查看用例详情") @Operation(summary = "用例管理-功能用例-查看用例详情")
@RequiresPermissions(PermissionConstants.FUNCTIONAL_CASE_READ) @RequiresPermissions(PermissionConstants.FUNCTIONAL_CASE_READ)
@CheckOwner(resourceId = "#id", resourceType = "functional_case")
public FunctionalCaseDetailDTO getFunctionalCaseDetail(@PathVariable String id) { public FunctionalCaseDetailDTO getFunctionalCaseDetail(@PathVariable String id) {
String userId = SessionUtils.getUserId(); String userId = SessionUtils.getUserId();
return functionalCaseService.getFunctionalCaseDetail(id, userId); return functionalCaseService.getFunctionalCaseDetail(id, userId);
@ -87,6 +91,7 @@ public class FunctionalCaseController {
@RequiresPermissions(PermissionConstants.FUNCTIONAL_CASE_READ_UPDATE) @RequiresPermissions(PermissionConstants.FUNCTIONAL_CASE_READ_UPDATE)
@Log(type = OperationLogType.UPDATE, expression = "#msClass.updateFunctionalCaseLog(#request, #files)", msClass = FunctionalCaseLogService.class) @Log(type = OperationLogType.UPDATE, expression = "#msClass.updateFunctionalCaseLog(#request, #files)", msClass = FunctionalCaseLogService.class)
@SendNotice(taskType = NoticeConstants.TaskType.FUNCTIONAL_CASE_TASK, event = NoticeConstants.Event.UPDATE, target = "#targetClass.getMainFunctionalCaseDTO(#request.name, #request.caseEditType, #request.projectId, #request.customFields)", targetClass = FunctionalCaseNoticeService.class) @SendNotice(taskType = NoticeConstants.TaskType.FUNCTIONAL_CASE_TASK, event = NoticeConstants.Event.UPDATE, target = "#targetClass.getMainFunctionalCaseDTO(#request.name, #request.caseEditType, #request.projectId, #request.customFields)", targetClass = FunctionalCaseNoticeService.class)
@CheckOwner(resourceId = "#request.getProjectId()", resourceType = "project")
public FunctionalCase updateFunctionalCase(@Validated @RequestPart("request") FunctionalCaseEditRequest request, @RequestPart(value = "files", required = false) List<MultipartFile> files) { public FunctionalCase updateFunctionalCase(@Validated @RequestPart("request") FunctionalCaseEditRequest request, @RequestPart(value = "files", required = false) List<MultipartFile> files) {
String userId = SessionUtils.getUserId(); String userId = SessionUtils.getUserId();
return functionalCaseService.updateFunctionalCase(request, files, userId); return functionalCaseService.updateFunctionalCase(request, files, userId);
@ -105,6 +110,7 @@ public class FunctionalCaseController {
@GetMapping("/version/{id}") @GetMapping("/version/{id}")
@Operation(summary = "用例管理-功能用例-版本信息(用例是否存在多版本)") @Operation(summary = "用例管理-功能用例-版本信息(用例是否存在多版本)")
@RequiresPermissions(PermissionConstants.FUNCTIONAL_CASE_READ) @RequiresPermissions(PermissionConstants.FUNCTIONAL_CASE_READ)
@CheckOwner(resourceId = "#id", resourceType = "functional_case")
public List<FunctionalCaseVersionDTO> getVersion(@PathVariable @NotBlank(message = "{functional_case.id.not_blank}") String id) { public List<FunctionalCaseVersionDTO> getVersion(@PathVariable @NotBlank(message = "{functional_case.id.not_blank}") String id) {
return functionalCaseService.getFunctionalCaseVersion(id); return functionalCaseService.getFunctionalCaseVersion(id);
} }
@ -115,6 +121,7 @@ public class FunctionalCaseController {
@RequiresPermissions(PermissionConstants.FUNCTIONAL_CASE_READ_DELETE) @RequiresPermissions(PermissionConstants.FUNCTIONAL_CASE_READ_DELETE)
@Log(type = OperationLogType.DELETE, expression = "#msClass.deleteFunctionalCaseLog(#request)", msClass = FunctionalCaseLogService.class) @Log(type = OperationLogType.DELETE, expression = "#msClass.deleteFunctionalCaseLog(#request)", msClass = FunctionalCaseLogService.class)
@SendNotice(taskType = NoticeConstants.TaskType.FUNCTIONAL_CASE_TASK, event = NoticeConstants.Event.DELETE, target = "#targetClass.getDeleteFunctionalCaseDTO(#request.id)", targetClass = FunctionalCaseNoticeService.class) @SendNotice(taskType = NoticeConstants.TaskType.FUNCTIONAL_CASE_TASK, event = NoticeConstants.Event.DELETE, target = "#targetClass.getDeleteFunctionalCaseDTO(#request.id)", targetClass = FunctionalCaseNoticeService.class)
@CheckOwner(resourceId = "#request.getProjectId()", resourceType = "project")
public void deleteFunctionalCase(@Validated @RequestBody FunctionalCaseDeleteRequest request) { public void deleteFunctionalCase(@Validated @RequestBody FunctionalCaseDeleteRequest request) {
String userId = SessionUtils.getUserId(); String userId = SessionUtils.getUserId();
functionalCaseService.deleteFunctionalCase(request, userId); functionalCaseService.deleteFunctionalCase(request, userId);
@ -124,6 +131,7 @@ public class FunctionalCaseController {
@PostMapping("/page") @PostMapping("/page")
@Operation(summary = "用例管理-功能用例-用例列表查询") @Operation(summary = "用例管理-功能用例-用例列表查询")
@RequiresPermissions(PermissionConstants.FUNCTIONAL_CASE_READ) @RequiresPermissions(PermissionConstants.FUNCTIONAL_CASE_READ)
@CheckOwner(resourceId = "#request.getProjectId()", resourceType = "project")
public Pager<List<FunctionalCasePageDTO>> getFunctionalCasePage(@Validated @RequestBody FunctionalCasePageRequest request) { public Pager<List<FunctionalCasePageDTO>> getFunctionalCasePage(@Validated @RequestBody FunctionalCasePageRequest request) {
Page<Object> page = PageHelper.startPage(request.getCurrent(), request.getPageSize(), Page<Object> page = PageHelper.startPage(request.getCurrent(), request.getPageSize(),
StringUtils.isNotBlank(request.getSortString()) ? request.getSortString() : "pos desc"); StringUtils.isNotBlank(request.getSortString()) ? request.getSortString() : "pos desc");
@ -133,6 +141,7 @@ public class FunctionalCaseController {
@PostMapping("/module/count") @PostMapping("/module/count")
@Operation(summary = "用例管理-功能用例-表格分页查询文件") @Operation(summary = "用例管理-功能用例-表格分页查询文件")
@RequiresPermissions(PermissionConstants.FUNCTIONAL_CASE_READ) @RequiresPermissions(PermissionConstants.FUNCTIONAL_CASE_READ)
@CheckOwner(resourceId = "#request.getProjectId()", resourceType = "project")
public Map<String, Long> moduleCount(@Validated @RequestBody FunctionalCasePageRequest request) { public Map<String, Long> moduleCount(@Validated @RequestBody FunctionalCasePageRequest request) {
return functionalCaseService.moduleCount(request, false); return functionalCaseService.moduleCount(request, false);
} }
@ -142,6 +151,7 @@ public class FunctionalCaseController {
@RequiresPermissions(PermissionConstants.FUNCTIONAL_CASE_READ_DELETE) @RequiresPermissions(PermissionConstants.FUNCTIONAL_CASE_READ_DELETE)
@Log(type = OperationLogType.DELETE, expression = "#msClass.batchDeleteFunctionalCaseLog(#request)", msClass = FunctionalCaseLogService.class) @Log(type = OperationLogType.DELETE, expression = "#msClass.batchDeleteFunctionalCaseLog(#request)", msClass = FunctionalCaseLogService.class)
@SendNotice(taskType = NoticeConstants.TaskType.FUNCTIONAL_CASE_TASK, event = NoticeConstants.Event.DELETE, target = "#targetClass.getBatchDeleteFunctionalCaseDTO(#request)", targetClass = FunctionalCaseNoticeService.class) @SendNotice(taskType = NoticeConstants.TaskType.FUNCTIONAL_CASE_TASK, event = NoticeConstants.Event.DELETE, target = "#targetClass.getBatchDeleteFunctionalCaseDTO(#request)", targetClass = FunctionalCaseNoticeService.class)
@CheckOwner(resourceId = "#request.getProjectId()", resourceType = "project")
public void batchDeleteFunctionalCaseToGc(@Validated @RequestBody FunctionalCaseBatchRequest request) { public void batchDeleteFunctionalCaseToGc(@Validated @RequestBody FunctionalCaseBatchRequest request) {
String userId = SessionUtils.getUserId(); String userId = SessionUtils.getUserId();
functionalCaseService.batchDeleteFunctionalCaseToGc(request, userId); functionalCaseService.batchDeleteFunctionalCaseToGc(request, userId);
@ -150,6 +160,7 @@ public class FunctionalCaseController {
@GetMapping("/custom/field/{projectId}") @GetMapping("/custom/field/{projectId}")
@Operation(summary = "用例管理-功能用例-获取表头自定义字段(高级搜索中的自定义字段)") @Operation(summary = "用例管理-功能用例-获取表头自定义字段(高级搜索中的自定义字段)")
@RequiresPermissions(PermissionConstants.FUNCTIONAL_CASE_READ) @RequiresPermissions(PermissionConstants.FUNCTIONAL_CASE_READ)
@CheckOwner(resourceId = "#projectId", resourceType = "project")
public List<CustomFieldOptions> getTableCustomField(@PathVariable String projectId) { public List<CustomFieldOptions> getTableCustomField(@PathVariable String projectId) {
return projectTemplateService.getTableCustomField(projectId, TemplateScene.FUNCTIONAL.name()); return projectTemplateService.getTableCustomField(projectId, TemplateScene.FUNCTIONAL.name());
} }
@ -157,6 +168,7 @@ public class FunctionalCaseController {
@PostMapping("/batch/move") @PostMapping("/batch/move")
@Operation(summary = "用例管理-功能用例-批量移动用例") @Operation(summary = "用例管理-功能用例-批量移动用例")
@RequiresPermissions(PermissionConstants.FUNCTIONAL_CASE_READ_UPDATE) @RequiresPermissions(PermissionConstants.FUNCTIONAL_CASE_READ_UPDATE)
@CheckOwner(resourceId = "#request.getProjectId()", resourceType = "project")
public void batchMoveFunctionalCase(@Validated @RequestBody FunctionalCaseBatchMoveRequest request) { public void batchMoveFunctionalCase(@Validated @RequestBody FunctionalCaseBatchMoveRequest request) {
String userId = SessionUtils.getUserId(); String userId = SessionUtils.getUserId();
functionalCaseService.batchMoveFunctionalCase(request, userId); functionalCaseService.batchMoveFunctionalCase(request, userId);
@ -166,6 +178,7 @@ public class FunctionalCaseController {
@PostMapping("/batch/copy") @PostMapping("/batch/copy")
@Operation(summary = "用例管理-功能用例-批量复制用例") @Operation(summary = "用例管理-功能用例-批量复制用例")
@RequiresPermissions(PermissionConstants.FUNCTIONAL_CASE_READ_UPDATE) @RequiresPermissions(PermissionConstants.FUNCTIONAL_CASE_READ_UPDATE)
@CheckOwner(resourceId = "#request.getProjectId()", resourceType = "project")
public void batchCopyFunctionalCase(@Validated @RequestBody FunctionalCaseBatchMoveRequest request) { public void batchCopyFunctionalCase(@Validated @RequestBody FunctionalCaseBatchMoveRequest request) {
String userId = SessionUtils.getUserId(); String userId = SessionUtils.getUserId();
functionalCaseService.batchCopyFunctionalCase(request, userId); functionalCaseService.batchCopyFunctionalCase(request, userId);
@ -177,6 +190,7 @@ public class FunctionalCaseController {
@RequiresPermissions(PermissionConstants.FUNCTIONAL_CASE_READ_UPDATE) @RequiresPermissions(PermissionConstants.FUNCTIONAL_CASE_READ_UPDATE)
@Log(type = OperationLogType.UPDATE, expression = "#msClass.batchEditFunctionalCaseLog(#request)", msClass = FunctionalCaseLogService.class) @Log(type = OperationLogType.UPDATE, expression = "#msClass.batchEditFunctionalCaseLog(#request)", msClass = FunctionalCaseLogService.class)
@SendNotice(taskType = NoticeConstants.TaskType.FUNCTIONAL_CASE_TASK, event = NoticeConstants.Event.UPDATE, target = "#targetClass.getBatchEditFunctionalCaseDTO(#request)", targetClass = FunctionalCaseNoticeService.class) @SendNotice(taskType = NoticeConstants.TaskType.FUNCTIONAL_CASE_TASK, event = NoticeConstants.Event.UPDATE, target = "#targetClass.getBatchEditFunctionalCaseDTO(#request)", targetClass = FunctionalCaseNoticeService.class)
@CheckOwner(resourceId = "#request.getProjectId()", resourceType = "project")
public void batchEditFunctionalCase(@Validated @RequestBody FunctionalCaseBatchEditRequest request) { public void batchEditFunctionalCase(@Validated @RequestBody FunctionalCaseBatchEditRequest request) {
String userId = SessionUtils.getUserId(); String userId = SessionUtils.getUserId();
functionalCaseService.batchEditFunctionalCase(request, userId); functionalCaseService.batchEditFunctionalCase(request, userId);
@ -186,6 +200,7 @@ public class FunctionalCaseController {
@PostMapping("edit/pos") @PostMapping("edit/pos")
@Operation(summary = "用例管理-功能用例-拖拽排序") @Operation(summary = "用例管理-功能用例-拖拽排序")
@RequiresPermissions(PermissionConstants.FUNCTIONAL_CASE_READ_UPDATE) @RequiresPermissions(PermissionConstants.FUNCTIONAL_CASE_READ_UPDATE)
@CheckOwner(resourceId = "#request.getProjectId()", resourceType = "project")
public void editPos(@Validated @RequestBody PosRequest request) { public void editPos(@Validated @RequestBody PosRequest request) {
functionalCaseService.editPos(request); functionalCaseService.editPos(request);
} }

View File

@ -6,6 +6,7 @@ import io.metersphere.functional.service.FunctionalCaseModuleService;
import io.metersphere.sdk.constants.PermissionConstants; import io.metersphere.sdk.constants.PermissionConstants;
import io.metersphere.system.dto.sdk.BaseTreeNode; import io.metersphere.system.dto.sdk.BaseTreeNode;
import io.metersphere.system.dto.sdk.request.NodeMoveRequest; import io.metersphere.system.dto.sdk.request.NodeMoveRequest;
import io.metersphere.system.security.CheckOwner;
import io.metersphere.system.utils.SessionUtils; import io.metersphere.system.utils.SessionUtils;
import io.swagger.v3.oas.annotations.Operation; import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.tags.Tag; import io.swagger.v3.oas.annotations.tags.Tag;
@ -27,6 +28,7 @@ public class FunctionalCaseModuleController {
@GetMapping("/tree/{projectId}") @GetMapping("/tree/{projectId}")
@Operation(summary = "用例管理-功能用例-模块-获取模块树") @Operation(summary = "用例管理-功能用例-模块-获取模块树")
@RequiresPermissions(PermissionConstants.FUNCTIONAL_CASE_READ) @RequiresPermissions(PermissionConstants.FUNCTIONAL_CASE_READ)
@CheckOwner(resourceId = "#projectId", resourceType = "project")
public List<BaseTreeNode> getTree(@PathVariable String projectId) { public List<BaseTreeNode> getTree(@PathVariable String projectId) {
return functionalCaseModuleService.getTree(projectId); return functionalCaseModuleService.getTree(projectId);
} }
@ -34,6 +36,7 @@ public class FunctionalCaseModuleController {
@PostMapping("/add") @PostMapping("/add")
@Operation(summary = "用例管理-功能用例-模块-添加模块") @Operation(summary = "用例管理-功能用例-模块-添加模块")
@RequiresPermissions(PermissionConstants.FUNCTIONAL_CASE_READ_ADD) @RequiresPermissions(PermissionConstants.FUNCTIONAL_CASE_READ_ADD)
@CheckOwner(resourceId = "#request.getProjectId()", resourceType = "project")
public void add(@RequestBody @Validated FunctionalCaseModuleCreateRequest request) { public void add(@RequestBody @Validated FunctionalCaseModuleCreateRequest request) {
functionalCaseModuleService.add(request, SessionUtils.getUserId()); functionalCaseModuleService.add(request, SessionUtils.getUserId());
} }
@ -41,6 +44,7 @@ public class FunctionalCaseModuleController {
@PostMapping("/update") @PostMapping("/update")
@Operation(summary = "用例管理-功能用例-模块-修改模块") @Operation(summary = "用例管理-功能用例-模块-修改模块")
@RequiresPermissions(PermissionConstants.FUNCTIONAL_CASE_READ_UPDATE) @RequiresPermissions(PermissionConstants.FUNCTIONAL_CASE_READ_UPDATE)
@CheckOwner(resourceId = "#request.getId()", resourceType = "functional_case_module")
public void list(@RequestBody @Validated FunctionalCaseModuleUpdateRequest request) { public void list(@RequestBody @Validated FunctionalCaseModuleUpdateRequest request) {
functionalCaseModuleService.update(request, SessionUtils.getUserId()); functionalCaseModuleService.update(request, SessionUtils.getUserId());
} }
@ -48,6 +52,7 @@ public class FunctionalCaseModuleController {
@PostMapping("/move") @PostMapping("/move")
@Operation(summary = "用例管理-功能用例-模块-移动模块") @Operation(summary = "用例管理-功能用例-模块-移动模块")
@RequiresPermissions(PermissionConstants.FUNCTIONAL_CASE_READ_UPDATE) @RequiresPermissions(PermissionConstants.FUNCTIONAL_CASE_READ_UPDATE)
@CheckOwner(resourceId = "#request.getDragNodeId()", resourceType = "functional_case_module")
public void moveNode(@Validated @RequestBody NodeMoveRequest request) { public void moveNode(@Validated @RequestBody NodeMoveRequest request) {
functionalCaseModuleService.moveNode(request, SessionUtils.getUserId()); functionalCaseModuleService.moveNode(request, SessionUtils.getUserId());
} }
@ -55,6 +60,7 @@ public class FunctionalCaseModuleController {
@GetMapping("/delete/{moduleId}") @GetMapping("/delete/{moduleId}")
@Operation(summary = "用例管理-功能用例-模块-删除模块") @Operation(summary = "用例管理-功能用例-模块-删除模块")
@RequiresPermissions(PermissionConstants.FUNCTIONAL_CASE_READ_DELETE) @RequiresPermissions(PermissionConstants.FUNCTIONAL_CASE_READ_DELETE)
@CheckOwner(resourceId = "#moduleId", resourceType = "functional_case_module")
public void deleteNode(@PathVariable String moduleId) { public void deleteNode(@PathVariable String moduleId) {
functionalCaseModuleService.deleteModule(moduleId); functionalCaseModuleService.deleteModule(moduleId);
} }
@ -62,6 +68,7 @@ public class FunctionalCaseModuleController {
@GetMapping("/trash/tree/{projectId}") @GetMapping("/trash/tree/{projectId}")
@Operation(summary = "用例管理-功能用例-回收站-模块-获取模块树") @Operation(summary = "用例管理-功能用例-回收站-模块-获取模块树")
@RequiresPermissions(PermissionConstants.FUNCTIONAL_CASE_READ) @RequiresPermissions(PermissionConstants.FUNCTIONAL_CASE_READ)
@CheckOwner(resourceId = "#projectId", resourceType = "project")
public List<BaseTreeNode> getTrashTree(@PathVariable String projectId) { public List<BaseTreeNode> getTrashTree(@PathVariable String projectId) {
return functionalCaseModuleService.getTrashTree(projectId); return functionalCaseModuleService.getTrashTree(projectId);
} }

View File

@ -7,6 +7,7 @@ import io.metersphere.functional.dto.FunctionalCaseReviewDTO;
import io.metersphere.functional.request.FunctionalCaseReviewListRequest; import io.metersphere.functional.request.FunctionalCaseReviewListRequest;
import io.metersphere.functional.service.FunctionalCaseReviewService; import io.metersphere.functional.service.FunctionalCaseReviewService;
import io.metersphere.sdk.constants.PermissionConstants; import io.metersphere.sdk.constants.PermissionConstants;
import io.metersphere.system.security.CheckOwner;
import io.metersphere.system.utils.PageUtils; import io.metersphere.system.utils.PageUtils;
import io.metersphere.system.utils.Pager; import io.metersphere.system.utils.Pager;
import io.swagger.v3.oas.annotations.Operation; import io.swagger.v3.oas.annotations.Operation;
@ -29,6 +30,7 @@ public class FunctionalCaseReviewController {
@PostMapping("/page") @PostMapping("/page")
@Operation(summary = "用例管理-功能用例-评审-列表") @Operation(summary = "用例管理-功能用例-评审-列表")
@RequiresPermissions(PermissionConstants.FUNCTIONAL_CASE_READ) @RequiresPermissions(PermissionConstants.FUNCTIONAL_CASE_READ)
@CheckOwner(resourceId = "#request.getCaseId()", resourceType = "functional_case")
public Pager<List<FunctionalCaseReviewDTO>> getFunctionalCasePage(@Validated @RequestBody FunctionalCaseReviewListRequest request) { public Pager<List<FunctionalCaseReviewDTO>> getFunctionalCasePage(@Validated @RequestBody FunctionalCaseReviewListRequest request) {
Page<Object> page = PageHelper.startPage(request.getCurrent(), request.getPageSize(), "update_time desc"); Page<Object> page = PageHelper.startPage(request.getCurrent(), request.getPageSize(), "update_time desc");
return PageUtils.setPageInfo(page, functionalCaseReviewService.getFunctionalCaseReviewPage(request)); return PageUtils.setPageInfo(page, functionalCaseReviewService.getFunctionalCaseReviewPage(request));
@ -37,6 +39,7 @@ public class FunctionalCaseReviewController {
@GetMapping("/comment/{caseId}") @GetMapping("/comment/{caseId}")
@Operation(summary = "用例管理-功能用例-评审-评论") @Operation(summary = "用例管理-功能用例-评审-评论")
@RequiresPermissions(PermissionConstants.FUNCTIONAL_CASE_READ) @RequiresPermissions(PermissionConstants.FUNCTIONAL_CASE_READ)
@CheckOwner(resourceId = "#caseId", resourceType = "functional_case")
public List<CaseReviewHistoryDTO> getCaseReviewHistory(@PathVariable String caseId) { public List<CaseReviewHistoryDTO> getCaseReviewHistory(@PathVariable String caseId) {
return functionalCaseReviewService.getCaseReviewHistory(caseId); return functionalCaseReviewService.getCaseReviewHistory(caseId);
} }

View File

@ -12,6 +12,7 @@ import io.metersphere.functional.service.FunctionalCaseTrashService;
import io.metersphere.sdk.constants.PermissionConstants; import io.metersphere.sdk.constants.PermissionConstants;
import io.metersphere.system.log.annotation.Log; import io.metersphere.system.log.annotation.Log;
import io.metersphere.system.log.constants.OperationLogType; import io.metersphere.system.log.constants.OperationLogType;
import io.metersphere.system.security.CheckOwner;
import io.metersphere.system.utils.PageUtils; import io.metersphere.system.utils.PageUtils;
import io.metersphere.system.utils.Pager; import io.metersphere.system.utils.Pager;
import io.metersphere.system.utils.SessionUtils; import io.metersphere.system.utils.SessionUtils;
@ -38,6 +39,7 @@ public class FunctionalCaseTrashController {
@PostMapping("/page") @PostMapping("/page")
@Operation(summary = "用例管理-功能用例-回收站-用例列表查询") @Operation(summary = "用例管理-功能用例-回收站-用例列表查询")
@RequiresPermissions(PermissionConstants.FUNCTIONAL_CASE_READ) @RequiresPermissions(PermissionConstants.FUNCTIONAL_CASE_READ)
@CheckOwner(resourceId = "#request.getProjectId()", resourceType = "project")
public Pager<List<FunctionalCasePageDTO>> getFunctionalCasePage(@Validated @RequestBody FunctionalCasePageRequest request) { public Pager<List<FunctionalCasePageDTO>> getFunctionalCasePage(@Validated @RequestBody FunctionalCasePageRequest request) {
Page<Object> page = PageHelper.startPage(request.getCurrent(), request.getPageSize(), Page<Object> page = PageHelper.startPage(request.getCurrent(), request.getPageSize(),
StringUtils.isNotBlank(request.getSortString()) ? request.getSortString() : "create_time desc"); StringUtils.isNotBlank(request.getSortString()) ? request.getSortString() : "create_time desc");
@ -47,6 +49,7 @@ public class FunctionalCaseTrashController {
@PostMapping("/module/count") @PostMapping("/module/count")
@Operation(summary = "用例管理-功能用例-回收站-表格分页查询文件") @Operation(summary = "用例管理-功能用例-回收站-表格分页查询文件")
@RequiresPermissions(PermissionConstants.FUNCTIONAL_CASE_READ) @RequiresPermissions(PermissionConstants.FUNCTIONAL_CASE_READ)
@CheckOwner(resourceId = "#request.getProjectId()", resourceType = "project")
public Map<String, Long> moduleCount(@Validated @RequestBody FunctionalCasePageRequest request) { public Map<String, Long> moduleCount(@Validated @RequestBody FunctionalCasePageRequest request) {
return functionalCaseService.moduleCount(request, true); return functionalCaseService.moduleCount(request, true);
} }
@ -55,6 +58,7 @@ public class FunctionalCaseTrashController {
@Operation(summary = "用例管理-功能用例-回收站-恢复用例") @Operation(summary = "用例管理-功能用例-回收站-恢复用例")
@RequiresPermissions(PermissionConstants.FUNCTIONAL_CASE_READ_DELETE) @RequiresPermissions(PermissionConstants.FUNCTIONAL_CASE_READ_DELETE)
@Log(type = OperationLogType.RECOVER, expression = "#msClass.recoverLog(#id)", msClass = FunctionalCaseLogService.class) @Log(type = OperationLogType.RECOVER, expression = "#msClass.recoverLog(#id)", msClass = FunctionalCaseLogService.class)
@CheckOwner(resourceId = "#id", resourceType = "functional_case")
public void recoverCase(@PathVariable String id) { public void recoverCase(@PathVariable String id) {
functionalCaseTrashService.recoverCase(id, SessionUtils.getUserId()); functionalCaseTrashService.recoverCase(id, SessionUtils.getUserId());
} }
@ -62,6 +66,7 @@ public class FunctionalCaseTrashController {
@PostMapping("/batch/recover") @PostMapping("/batch/recover")
@Operation(summary = "用例管理-功能用例-回收站-批量恢复用例") @Operation(summary = "用例管理-功能用例-回收站-批量恢复用例")
@RequiresPermissions(PermissionConstants.FUNCTIONAL_CASE_READ_DELETE) @RequiresPermissions(PermissionConstants.FUNCTIONAL_CASE_READ_DELETE)
@CheckOwner(resourceId = "#request.getProjectId()", resourceType = "project")
@Log(type = OperationLogType.RECOVER, expression = "#msClass.batchRecoverLog(#request)", msClass = FunctionalCaseLogService.class) @Log(type = OperationLogType.RECOVER, expression = "#msClass.batchRecoverLog(#request)", msClass = FunctionalCaseLogService.class)
public void batchRecoverCase(@Validated @RequestBody FunctionalCaseBatchRequest request) { public void batchRecoverCase(@Validated @RequestBody FunctionalCaseBatchRequest request) {
functionalCaseTrashService.batchRecoverCase(request, SessionUtils.getUserId()); functionalCaseTrashService.batchRecoverCase(request, SessionUtils.getUserId());
@ -71,6 +76,7 @@ public class FunctionalCaseTrashController {
@Operation(summary = "用例管理-功能用例-回收站-彻底删除用例") @Operation(summary = "用例管理-功能用例-回收站-彻底删除用例")
@RequiresPermissions(PermissionConstants.FUNCTIONAL_CASE_READ_DELETE) @RequiresPermissions(PermissionConstants.FUNCTIONAL_CASE_READ_DELETE)
@Log(type = OperationLogType.DELETE, expression = "#msClass.deleteTrashCaseLog(#id)", msClass = FunctionalCaseLogService.class) @Log(type = OperationLogType.DELETE, expression = "#msClass.deleteTrashCaseLog(#id)", msClass = FunctionalCaseLogService.class)
@CheckOwner(resourceId = "#id", resourceType = "functional_case")
public void deleteCase(@PathVariable String id) { public void deleteCase(@PathVariable String id) {
functionalCaseTrashService.deleteCase(id, SessionUtils.getUserId()); functionalCaseTrashService.deleteCase(id, SessionUtils.getUserId());
} }
@ -78,6 +84,7 @@ public class FunctionalCaseTrashController {
@PostMapping("/batch/delete") @PostMapping("/batch/delete")
@Operation(summary = "用例管理-功能用例-回收站-批量彻底删除用例") @Operation(summary = "用例管理-功能用例-回收站-批量彻底删除用例")
@RequiresPermissions(PermissionConstants.FUNCTIONAL_CASE_READ_DELETE) @RequiresPermissions(PermissionConstants.FUNCTIONAL_CASE_READ_DELETE)
@CheckOwner(resourceId = "#request.getProjectId()", resourceType = "project")
@Log(type = OperationLogType.DELETE, expression = "#msClass.batchDeleteTrashCaseLog(#request)", msClass = FunctionalCaseLogService.class) @Log(type = OperationLogType.DELETE, expression = "#msClass.batchDeleteTrashCaseLog(#request)", msClass = FunctionalCaseLogService.class)
public void batchDeleteCase(@Validated @RequestBody FunctionalCaseBatchRequest request) { public void batchDeleteCase(@Validated @RequestBody FunctionalCaseBatchRequest request) {
functionalCaseTrashService.batchDeleteCase(request, SessionUtils.getUserId()); functionalCaseTrashService.batchDeleteCase(request, SessionUtils.getUserId());

View File

@ -4,6 +4,7 @@ import io.metersphere.functional.dto.CaseReviewHistoryDTO;
import io.metersphere.functional.request.ReviewFunctionalCaseRequest; import io.metersphere.functional.request.ReviewFunctionalCaseRequest;
import io.metersphere.functional.service.ReviewFunctionalCaseService; import io.metersphere.functional.service.ReviewFunctionalCaseService;
import io.metersphere.sdk.constants.PermissionConstants; import io.metersphere.sdk.constants.PermissionConstants;
import io.metersphere.system.security.CheckOwner;
import io.metersphere.system.utils.SessionUtils; import io.metersphere.system.utils.SessionUtils;
import io.swagger.v3.oas.annotations.Operation; import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.tags.Tag; import io.swagger.v3.oas.annotations.tags.Tag;
@ -25,6 +26,7 @@ public class ReviewFunctionalCaseController {
@PostMapping("/save") @PostMapping("/save")
@Operation(summary = "用例管理-用例评审-评审功能用例-提交评审") @Operation(summary = "用例管理-用例评审-评审功能用例-提交评审")
@RequiresPermissions(PermissionConstants.CASE_REVIEW_REVIEW) @RequiresPermissions(PermissionConstants.CASE_REVIEW_REVIEW)
@CheckOwner(resourceId = "#request.getProjectId()", resourceType = "project")
public void saveReview(@Validated @RequestBody ReviewFunctionalCaseRequest request) { public void saveReview(@Validated @RequestBody ReviewFunctionalCaseRequest request) {
reviewFunctionalCaseService.saveReview(request, SessionUtils.getUserId()); reviewFunctionalCaseService.saveReview(request, SessionUtils.getUserId());
} }