fix(测试跟踪): 只有测试计划执行的权限，无法执行功能用例

--bug=1032874 --user=陈建星有测试计划执行的权限，无法执行功能用例 https://www.tapd.cn/55049933/s/1436100
2023-11-14 11:17:47 +08:00 · 2023-11-14 11:17:47 +08:00 · 2ffb9707ff
parent 0196744ce9
commit 2ffb9707ff
6 changed files with 7 additions and 94 deletions
--- a/test-track/backend/src/main/java/io/metersphere/controller/IssuesController.java
+++ b/test-track/backend/src/main/java/io/metersphere/controller/IssuesController.java
@ -36,6 +36,7 @@ import io.metersphere.xpack.track.dto.request.IssuesUpdateRequest;
 import jakarta.annotation.Resource;
 import jakarta.servlet.http.HttpServletResponse;
 import org.apache.commons.collections.CollectionUtils;
 import org.apache.shiro.authz.annotation.Logical;
 import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.springframework.web.bind.annotation.*;
 import org.springframework.web.multipart.MultipartFile;
@ -100,7 +101,7 @@ public class IssuesController {
    }
    @GetMapping("/get/case/{refType}/{id}")
-    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_ISSUE_READ)
+    @RequiresPermissions(value = {PermissionConstants.PROJECT_TRACK_CASE_READ, PermissionConstants.PROJECT_TRACK_PLAN_READ}, logical = Logical.OR)
    public List<IssuesDao> getIssues(@PathVariable String refType, @PathVariable String id) {
        return issuesService.getIssues(id, refType);
    }
--- a/test-track/backend/src/main/java/io/metersphere/controller/TestCaseController.java
+++ b/test-track/backend/src/main/java/io/metersphere/controller/TestCaseController.java
@ -124,7 +124,7 @@ public class TestCaseController {
    }
    @GetMapping("/relationship/case/count/{id}")
-    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_CASE_READ)
+    @RequiresPermissions(value = {PermissionConstants.PROJECT_TRACK_CASE_READ, PermissionConstants.PROJECT_TRACK_PLAN_READ}, logical = Logical.OR)
    public int getRelationshipCase(@PathVariable("id") String id) {
        return testCaseService.getRelationshipCount(id);
    }
@ -160,7 +160,7 @@ public class TestCaseController {
    }
    @GetMapping("/relate/test/list/{caseId}")
-    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_CASE_READ)
+    @RequiresPermissions(value = {PermissionConstants.PROJECT_TRACK_CASE_READ, PermissionConstants.PROJECT_TRACK_PLAN_READ}, logical = Logical.OR)
    public List<TestCaseTestDao> getRelateTest(@PathVariable String caseId) {
        return testCaseService.getRelateTest(caseId);
    }
@ -254,12 +254,6 @@ public class TestCaseController {
        return testCaseService.edit(request);
    }
    @PostMapping(value = "/edit/testPlan", consumes = {"multipart/form-data"})
    @RequiresPermissions(value = {PermissionConstants.PROJECT_TRACK_CASE_READ_EDIT, PermissionConstants.PROJECT_TRACK_PLAN_READ_RUN}, logical = Logical.OR)
    public String editTestCaseByTestPlan(@RequestPart("request") EditTestCaseRequest request, @RequestPart(value = "file", required = false) List<MultipartFile> files) {
        return testCaseService.editTestCase(request, files);
    }
    @PostMapping("/delete/{testCaseId}")
    @MsAuditLog(module = OperLogModule.TRACK_TEST_CASE, type = OperLogConstants.DELETE, beforeEvent = "#msClass.getLogDetails(#testCaseId)", msClass = TestCaseService.class)
    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_CASE_READ_DELETE)
--- a/test-track/backend/src/main/java/io/metersphere/controller/TestCaseNodeController.java
+++ b/test-track/backend/src/main/java/io/metersphere/controller/TestCaseNodeController.java
@ -100,14 +100,14 @@ public class TestCaseNodeController {
    }
    @GetMapping("/list/plan/{planId}")
-    @RequiresPermissions(value = {PermissionConstants.PROJECT_TRACK_CASE_READ})
+    @RequiresPermissions(value = {PermissionConstants.PROJECT_TRACK_PLAN_READ})
    public List<TestCaseNodeDTO> getNodeByPlanId(@PathVariable String planId) {
        trackCheckPermissionService.checkTestPlanOwner(planId);
        return testCaseNodeService.getNodeByPlanId(planId);
    }
    @PostMapping("/list/plan/{planId}")
-    @RequiresPermissions(value = {PermissionConstants.PROJECT_TRACK_CASE_READ})
+    @RequiresPermissions(value = {PermissionConstants.PROJECT_TRACK_PLAN_READ})
    public List<TestCaseNodeDTO> getNodeByPlanId(@PathVariable String planId, @RequestBody(required = false) QueryTestPlanCaseRequest request) {
        trackCheckPermissionService.checkTestPlanOwner(planId);
        return testCaseNodeService.getNodeByPlanId(planId, Optional.ofNullable(request).orElse(new QueryTestPlanCaseRequest()));
--- a/test-track/backend/src/main/java/io/metersphere/controller/TestPlanController.java
+++ b/test-track/backend/src/main/java/io/metersphere/controller/TestPlanController.java
@ -162,7 +162,7 @@ public class TestPlanController {
    }
    @PostMapping("/edit/status/{planId}")
-    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_PLAN_READ_EDIT)
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_PLAN_READ)
    @MsAuditLog(module = OperLogModule.TRACK_TEST_PLAN, type = OperLogConstants.UPDATE, beforeEvent = "#msClass.getLogDetails(#planId)", content = "#msClass.getLogDetails(#planId)", msClass = TestPlanService.class)
    public void editTestPlanStatus(@PathVariable String planId) {
        checkPermissionService.checkTestPlanOwner(planId);
--- a/test-track/backend/src/main/java/io/metersphere/service/TestCaseService.java
+++ b/test-track/backend/src/main/java/io/metersphere/service/TestCaseService.java
@ -2444,47 +2444,6 @@ public class TestCaseService {
        return editTestCase(request);
    }
    public String editTestCase(EditTestCaseRequest request, List<MultipartFile> files) {
        String testCaseId = testPlanTestCaseMapper.selectByPrimaryKey(request.getId()).getCaseId();
        request.setId(testCaseId);
        TestCaseWithBLOBs testCaseWithBLOBs = testCaseMapper.selectByPrimaryKey(testCaseId);
        if (testCaseWithBLOBs == null) {
            MSException.throwException(Translator.get("edit_load_test_not_found") + request.getId());
        }
        testCaseWithBLOBs.setRemark(request.getRemark());
        // 新选择了一个文件，删除原来的文件
        List<FileMetadata> updatedFiles = request.getUpdatedFileList();
        List<FileMetadata> originFiles = attachmentService.getFileMetadataByCaseId(testCaseId);
        List<String> updatedFileIds = updatedFiles.stream().map(FileMetadata::getId).collect(Collectors.toList());
        List<String> originFileIds = originFiles.stream().map(FileMetadata::getId).collect(Collectors.toList());
        // 相减
        List<String> deleteFileIds = ListUtils.subtract(originFileIds, updatedFileIds);
        fileService.deleteFileRelatedByIds(deleteFileIds);
        if (!CollectionUtils.isEmpty(deleteFileIds)) {
            TestCaseFileExample testCaseFileExample = new TestCaseFileExample();
            testCaseFileExample.createCriteria().andFileIdIn(deleteFileIds);
            testCaseFileMapper.deleteByExample(testCaseFileExample);
        }
        if (files != null) {
            files.forEach(file -> {
                final FileMetadata fileMetadata = fileService.saveFile(file, testCaseWithBLOBs.getProjectId());
                TestCaseFile testCaseFile = new TestCaseFile();
                testCaseFile.setFileId(fileMetadata.getId());
                testCaseFile.setCaseId(testCaseId);
                testCaseFileMapper.insert(testCaseFile);
            });
        }
        setNode(request);
        request.setStatus(null); // 不更新状态
        request.setRefId(testCaseWithBLOBs.getRefId());
        request.setVersionId(testCaseWithBLOBs.getVersionId());
        editTestCase(request);
        return request.getId();
    }
    public void minderEdit(TestCaseMinderEditRequest request) {
        deleteToGcBatch(request.getIds(), request.getProjectId());
        testCaseNodeService.minderEdit(request);
--- a/test-track/frontend/src/business/plan/view/comonents/functional/FunctionalTestCaseEdit.vue
+++ b/test-track/frontend/src/business/plan/view/comonents/functional/FunctionalTestCaseEdit.vue
@ -304,44 +304,6 @@ export default {
      this.handleClose();
      this.$emit("refresh");
    },
    getOption(param) {
      let formData = new FormData();
      let url = "/test/case/edit/testPlan";
      if (this.$refs.otherInfo && this.$refs.otherInfo.uploadList) {
        this.$refs.otherInfo.uploadList.forEach((f) => {
          formData.append("file", f);
        });
      }
      if (this.$refs.otherInfo && this.$refs.otherInfo.fileList) {
        param.updatedFileList = this.$refs.otherInfo.fileList;
      } else {
        param.fileIds = [];
        param.updatedFileList = [];
      }
      // param.updatedFileList = this.fileList;
      let requestJson = JSON.stringify(param, function (key, value) {
        return key === "file" ? undefined : value;
      });
      formData.append(
        "request",
        new Blob([requestJson], {
          type: "application/json ",
        })
      );
      return {
        method: "POST",
        url: url,
        data: formData,
        headers: {
          "Content-Type": undefined,
        },
      };
    },
    saveCase(command) {
      let param = {};
      param.id = this.testCase.id;
@ -354,7 +316,6 @@ export default {
      param.demandId = this.testCase.demandId;
      param.name = this.testCase.name;
      param.comment = this.testCase.comment;
      let option = this.getOption(param);
      for (let i = 0; i < this.testCase.steptResults.length; i++) {
        let result = {};
        result.actualResult = this.testCase.steptResults[i].actualResult;
@ -380,8 +341,6 @@ export default {
      param.results = JSON.stringify(param.results);
      param.actualResult = this.testCase.actualResult;
      testPlanTestCaseEdit(param).then((response) => {
        this.$request(option);
        this.$success(this.$t("commons.save_success"));
        this.updateTestCases(param);
        this.setPlanStatus(this.testCase.planId);