test-version22
/
MeterSphere
mirror of https://gitee.com/fit2cloud-feizhiyun/MeterSphere.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

fix: 场景创建权限相关#1005370 

--bug=1005370 --user=lyh 【github#4887】接口场景-越权问题
https://www.tapd.cn/55049933/s/1052754
This commit is contained in:
shiziyuan9527 2021-09-28 15:39:34 +08:00 committed by shiziyuan9527
parent 7c63b60b97
commit 391e4224a8
3 changed files with 7 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
backend/src/main/java/io/metersphere/api/controller/ApiAutomationController.java
View File

@ -22,6 +22,7 @@ import io.metersphere.task.service.TaskService;
import io.metersphere.track.request.testcase.ApiCaseRelevanceRequest; import io.metersphere.track.request.testcase.ApiCaseRelevanceRequest;
import io.metersphere.track.request.testplan.FileOperationRequest; import io.metersphere.track.request.testplan.FileOperationRequest;
import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.authz.annotation.Logical;
import org.apache.shiro.authz.annotation.RequiresPermissions; import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.springframework.http.HttpHeaders; import org.springframework.http.HttpHeaders;
import org.springframework.http.MediaType; import org.springframework.http.MediaType;
@ -96,7 +97,7 @@ public class ApiAutomationController {
@PostMapping(value = "/create") @PostMapping(value = "/create")
@MsAuditLog(module = "api_automation", type = OperLogConstants.CREATE, title = "#request.name", content = "#msClass.getLogDetails(#request.id)", msClass = ApiAutomationService.class) @MsAuditLog(module = "api_automation", type = OperLogConstants.CREATE, title = "#request.name", content = "#msClass.getLogDetails(#request.id)", msClass = ApiAutomationService.class)
@RequiresPermissions(PermissionConstants.PROJECT_API_SCENARIO_READ_CREATE) @RequiresPermissions(value={PermissionConstants.PROJECT_API_SCENARIO_READ_CREATE, PermissionConstants.PROJECT_API_SCENARIO_READ_COPY}, logical = Logical.OR)
@SendNotice(taskType = NoticeConstants.TaskType.API_AUTOMATION_TASK, event = NoticeConstants.Event.CREATE, mailTemplate = "api/AutomationCreate", subject = "接口自动化通知") @SendNotice(taskType = NoticeConstants.TaskType.API_AUTOMATION_TASK, event = NoticeConstants.Event.CREATE, mailTemplate = "api/AutomationCreate", subject = "接口自动化通知")
public ApiScenario create(@RequestPart("request") SaveApiScenarioRequest request, @RequestPart(value = "bodyFiles", required = false) List<MultipartFile> bodyFiles, public ApiScenario create(@RequestPart("request") SaveApiScenarioRequest request, @RequestPart(value = "bodyFiles", required = false) List<MultipartFile> bodyFiles,
@RequestPart(value = "scenarioFiles", required = false) List<MultipartFile> scenarioFiles) { @RequestPart(value = "scenarioFiles", required = false) List<MultipartFile> scenarioFiles) {
@ -105,7 +106,7 @@ public class ApiAutomationController {
@PostMapping(value = "/update") @PostMapping(value = "/update")
@MsAuditLog(module = "api_automation", type = OperLogConstants.UPDATE, beforeEvent = "#msClass.getLogDetails(#request.id)", title = "#request.name", content = "#msClass.getLogDetails(#request.id)", msClass = ApiAutomationService.class) @MsAuditLog(module = "api_automation", type = OperLogConstants.UPDATE, beforeEvent = "#msClass.getLogDetails(#request.id)", title = "#request.name", content = "#msClass.getLogDetails(#request.id)", msClass = ApiAutomationService.class)
@RequiresPermissions(PermissionConstants.PROJECT_API_SCENARIO_READ_EDIT) @RequiresPermissions(value={PermissionConstants.PROJECT_API_SCENARIO_READ_EDIT, PermissionConstants.PROJECT_API_SCENARIO_READ_COPY}, logical = Logical.OR)
@SendNotice(taskType = NoticeConstants.TaskType.API_AUTOMATION_TASK, event = NoticeConstants.Event.UPDATE, mailTemplate = "api/AutomationUpdate", subject = "接口自动化通知") @SendNotice(taskType = NoticeConstants.TaskType.API_AUTOMATION_TASK, event = NoticeConstants.Event.UPDATE, mailTemplate = "api/AutomationUpdate", subject = "接口自动化通知")
public ApiScenario update(@RequestPart("request") SaveApiScenarioRequest request, @RequestPart(value = "bodyFiles", required = false) List<MultipartFile> bodyFiles, public ApiScenario update(@RequestPart("request") SaveApiScenarioRequest request, @RequestPart(value = "bodyFiles", required = false) List<MultipartFile> bodyFiles,
@RequestPart(value = "scenarioFiles", required = false) List<MultipartFile> scenarioFiles) { @RequestPart(value = "scenarioFiles", required = false) List<MultipartFile> scenarioFiles) {

2
frontend/src/business/components/api/automation/scenario/ApiScenarioList.vue
View File

@ -391,7 +391,7 @@ export default {
tip: this.$t('api_test.automation.copy'), tip: this.$t('api_test.automation.copy'),
icon: "el-icon-document-copy", icon: "el-icon-document-copy",
exec: this.copy, exec: this.copy,
permissions: ['PROJECT_API_SCENARIO:READ+EDIT'] permissions: ['PROJECT_API_SCENARIO:READ+COPY']
}, },
{ {
tip: this.$t('commons.delete'), tip: this.$t('commons.delete'),

6
frontend/src/business/components/api/automation/scenario/EditApiScenario.vue
View File

@ -8,7 +8,7 @@
<el-link type="primary" style="margin-right: 20px" @click="openHis" v-if="path === '/api/automation/update'">{{ $t('operating_log.change_history') }}</el-link> <el-link type="primary" style="margin-right: 20px" @click="openHis" v-if="path === '/api/automation/update'">{{ $t('operating_log.change_history') }}</el-link>
<el-button id="inputDelay" type="primary" size="small" v-prevent-re-click @click="editScenario" <el-button id="inputDelay" type="primary" size="small" v-prevent-re-click @click="editScenario"
title="ctrl + s" v-permission="['PROJECT_API_SCENARIO:READ+EDIT']"> title="ctrl + s" v-permission="['PROJECT_API_SCENARIO:READ+EDIT', 'PROJECT_API_SCENARIO:READ+CREATE', 'PROJECT_API_SCENARIO:READ+COPY']">
{{ $t('commons.save') }} {{ $t('commons.save') }}
</el-button> </el-button>
</div> </div>
@ -146,7 +146,7 @@
:isReadOnly="scenarioDefinition.length < 1" @showPopover="showPopover" :isReadOnly="scenarioDefinition.length < 1" @showPopover="showPopover"
:project-list="projectList" ref="envPopover" class="ms-message-right"/> :project-list="projectList" ref="envPopover" class="ms-message-right"/>
<el-tooltip v-if="!debugLoading" content="Ctrl + R" placement="top"> <el-tooltip v-if="!debugLoading" content="Ctrl + R" placement="top">
<el-dropdown split-button type="primary" @click="runDebug" class="ms-message-right" size="mini" @command="handleCommand"> <el-dropdown split-button type="primary" @click="runDebug" class="ms-message-right" size="mini" @command="handleCommand" v-permission="['PROJECT_API_SCENARIO:READ+EDIT', 'PROJECT_API_SCENARIO:READ+CREATE']">
{{ $t('api_test.request.debug') }} {{ $t('api_test.request.debug') }}
<el-dropdown-menu slot="dropdown"> <el-dropdown-menu slot="dropdown">
<el-dropdown-item>{{ $t('api_test.automation.generate_report') }}</el-dropdown-item> <el-dropdown-item>{{ $t('api_test.automation.generate_report') }}</el-dropdown-item>
@ -223,7 +223,7 @@
</el-col> </el-col>
<!-- 按钮列表 --> <!-- 按钮列表 -->
<el-col :span="3"> <el-col :span="3">
<div @click="fabClick"> <div @click="fabClick" v-permission="['PROJECT_API_SCENARIO:READ+EDIT', 'PROJECT_API_SCENARIO:READ+CREATE']">
<vue-fab id="fab" mainBtnColor="#783887" size="small" :global-options="globalOptions" <vue-fab id="fab" mainBtnColor="#783887" size="small" :global-options="globalOptions"
:click-auto-close="false" v-outside-click="outsideClick" ref="refFab"> :click-auto-close="false" v-outside-click="outsideClick" ref="refFab">
<fab-item <fab-item