refactor(接口测试): 接口管理模块增加数据权限效验

backend/framework/sdk/src/main/java/io/metersphere/sdk/constants/PermissionConstants.java

@@ -250,6 +250,7 @@ public class PermissionConstants {
     public static final String PROJECT_API_DEFINITION_ADD = "PROJECT_API_DEFINITION:READ+ADD";
     public static final String PROJECT_API_DEFINITION_UPDATE = "PROJECT_API_DEFINITION:READ+UPDATE";
     public static final String PROJECT_API_DEFINITION_DELETE = "PROJECT_API_DEFINITION:READ+DELETE";
+    public static final String PROJECT_API_DEFINITION_RECOVER = "PROJECT_API_DEFINITION:READ+RECOVER";
     public static final String PROJECT_API_DEFINITION_IMPORT = "PROJECT_API_DEFINITION:READ+IMPORT";
     public static final String PROJECT_API_DEFINITION_EXPORT = "PROJECT_API_DEFINITION:READ+EXPORT";
     public static final String PROJECT_API_DEFINITION_EXECUTE = "PROJECT_API_DEFINITION:READ+EXECUTE";

backend/services/api-test/src/main/java/io/metersphere/api/controller/definition/ApiDefinitionController.java

@@ -9,6 +9,7 @@ import io.metersphere.api.service.definition.ApiDefinitionService;
 import io.metersphere.sdk.constants.PermissionConstants;
 import io.metersphere.system.log.annotation.Log;
 import io.metersphere.system.log.constants.OperationLogType;
+import io.metersphere.system.security.CheckOwner;
 import io.metersphere.system.utils.PageUtils;
 import io.metersphere.system.utils.Pager;
 import io.metersphere.system.utils.SessionUtils;
@@ -41,6 +42,7 @@ public class ApiDefinitionController {
     @RequiresPermissions(PermissionConstants.PROJECT_API_DEFINITION_ADD)
     // 添加接口Log示例
     @Log(type = OperationLogType.ADD, expression = "#msClass.addLog(#request)", msClass = ApiDefinitionLogService.class)
+    @CheckOwner(resourceId = "#request.getProjectId()", resourceType = "project")
     public ApiDefinition add(@Validated @RequestBody ApiDefinitionAddRequest request) {
         return apiDefinitionService.create(request, SessionUtils.getUserId());
     }
@@ -50,6 +52,7 @@ public class ApiDefinitionController {
     @RequiresPermissions(PermissionConstants.PROJECT_API_DEFINITION_UPDATE)
     // 添加修改Log示例
     @Log(type = OperationLogType.UPDATE, expression = "#msClass.updateLog(#request)", msClass = ApiDefinitionLogService.class)
+    @CheckOwner(resourceId = "#request.getId()", resourceType = "api_definition")
     public ApiDefinition update(@Validated @RequestBody ApiDefinitionUpdateRequest request) {
         return apiDefinitionService.update(request, SessionUtils.getUserId());
     }
@@ -57,6 +60,7 @@ public class ApiDefinitionController {
     @PostMapping(value = "/batch-update")
     @Operation(summary = "接口测试-接口管理-批量更新接口定义")
     @RequiresPermissions(PermissionConstants.PROJECT_API_DEFINITION_UPDATE)
+    @CheckOwner(resourceId = "#request.getSelectIds()", resourceType = "api_definition")
     public void batchUpdate(@Validated @RequestBody ApiDefinitionBatchUpdateRequest request) {
         apiDefinitionService.batchUpdate(request, SessionUtils.getUserId());
     }
@@ -65,12 +69,14 @@ public class ApiDefinitionController {
     @Operation(summary = "接口测试-接口管理-删除接口定义到回收站")
     @RequiresPermissions(PermissionConstants.PROJECT_API_DEFINITION_DELETE)
     @Log(type = OperationLogType.DELETE, expression = "#msClass.delLog(#request)", msClass = ApiDefinitionLogService.class)
+    @CheckOwner(resourceId = "#request.getId()", resourceType = "api_definition")
     public void delete(@Validated @RequestBody ApiDefinitionDeleteRequest request) {
         apiDefinitionService.delete(request, SessionUtils.getUserId());
     }
     @PostMapping(value = "/batch-del")
     @Operation(summary = "接口测试-接口管理-批量删除接口定义到回收站")
     @RequiresPermissions(PermissionConstants.PROJECT_API_DEFINITION_DELETE)
+    @CheckOwner(resourceId = "#request.getSelectIds()", resourceType = "api_definition")
     public void batchDelete(@Validated @RequestBody ApiDefinitionBatchRequest request) {
         apiDefinitionService.batchDelete(request, SessionUtils.getUserId());
     }
@@ -79,6 +85,7 @@ public class ApiDefinitionController {
     @Operation(summary = "接口测试-接口管理-复制接口定义")
     @RequiresPermissions(PermissionConstants.PROJECT_API_DEFINITION_UPDATE)
     @Log(type = OperationLogType.UPDATE, expression = "#msClass.copyLog(#request)", msClass = ApiDefinitionLogService.class)
+    @CheckOwner(resourceId = "#request.getSelectIds()", resourceType = "api_definition")
     public ApiDefinition copy(@Validated @RequestBody ApiDefinitionCopyRequest request) {
         return apiDefinitionService.copy(request, SessionUtils.getUserId());
     }
@@ -86,6 +93,7 @@ public class ApiDefinitionController {
     @PostMapping("/batch-move")
     @Operation(summary = "接口测试-接口管理-批量移动接口定义")
     @RequiresPermissions(PermissionConstants.PROJECT_API_DEFINITION_UPDATE)
+    @CheckOwner(resourceId = "#request.getSelectIds()", resourceType = "api_definition")
     public void batchMove(@Validated @RequestBody ApiDefinitionBatchMoveRequest request) {
         apiDefinitionService.batchMove(request, SessionUtils.getUserId());
     }
@@ -93,6 +101,7 @@ public class ApiDefinitionController {
     @GetMapping("/version/{id}")
     @Operation(summary = "接口测试-接口管理-版本信息(接口是否存在多版本)")
     @RequiresPermissions(PermissionConstants.PROJECT_API_DEFINITION_READ)
+    @CheckOwner(resourceId = "#id", resourceType = "api_definition")
     public List<ApiDefinitionVersionDTO> getApiDefinitionVersion(@PathVariable @NotBlank(message = "{api_definition.id.not_blank}") String id) {
         return apiDefinitionService.getApiDefinitionVersion(id);
     }
@@ -100,6 +109,7 @@ public class ApiDefinitionController {
     @GetMapping(value = "/get-detail/{id}")
     @Operation(summary = "接口测试-接口管理-获取接口详情")
     @RequiresPermissions(PermissionConstants.PROJECT_API_DEFINITION_READ)
+    @CheckOwner(resourceId = "#id", resourceType = "api_definition")
     public ApiDefinitionDTO get(@PathVariable String id) {
         return apiDefinitionService.get(id, SessionUtils.getUserId());
     }
@@ -108,6 +118,7 @@ public class ApiDefinitionController {
     @Operation(summary = "接口测试-接口管理-关注/取消关注用例")
     @Log(type = OperationLogType.UPDATE, expression = "#msClass.followLog(#id)", msClass = ApiDefinitionLogService.class)
     @RequiresPermissions(PermissionConstants.PROJECT_API_DEFINITION_UPDATE)
+    @CheckOwner(resourceId = "#id", resourceType = "api_definition")
     public void follow(@PathVariable String id) {
         apiDefinitionService.follow(id, SessionUtils.getUserId());
     }
@@ -115,36 +126,41 @@ public class ApiDefinitionController {
     @PostMapping("/page")
     @Operation(summary = "接口测试-接口管理-接口列表(deleted 状态为 1 时为回收站数据)")
     @RequiresPermissions(PermissionConstants.PROJECT_API_DEFINITION_READ)
+    @CheckOwner(resourceId = "#request.getProjectId()", resourceType = "project")
     public Pager<List<ApiDefinitionDTO>> getPage(@Validated @RequestBody ApiDefinitionPageRequest request) {
         Page<Object> page = PageHelper.startPage(request.getCurrent(), request.getPageSize(),
                 StringUtils.isNotBlank(request.getSortString()) ? request.getSortString() : "create_time desc");
         return PageUtils.setPageInfo(page, apiDefinitionService.getApiDefinitionPage(request, SessionUtils.getUserId()));
     }
 
-    @PostMapping(value = "/restore")
+    @PostMapping(value = "/recover")
     @Operation(summary = "接口测试-接口管理-恢复回收站接口定义")
-    @RequiresPermissions(PermissionConstants.PROJECT_API_DEFINITION_UPDATE)
+    @RequiresPermissions(PermissionConstants.PROJECT_API_DEFINITION_RECOVER)
-    @Log(type = OperationLogType.UPDATE, expression = "#msClass.restoreLog(#request)", msClass = ApiDefinitionLogService.class)
+    @Log(type = OperationLogType.RECOVER, expression = "#msClass.recoverLog(#request)", msClass = ApiDefinitionLogService.class)
-    public void restore(@Validated @RequestBody ApiDefinitionDeleteRequest request) {
+    @CheckOwner(resourceId = "#request.getId()", resourceType = "api_definition")
-        apiDefinitionService.restore(request, SessionUtils.getUserId());
+    public void recover(@Validated @RequestBody ApiDefinitionDeleteRequest request) {
+        apiDefinitionService.recover(request, SessionUtils.getUserId());
     }
     @PostMapping(value = "/trash-del")
     @Operation(summary = "接口测试-接口管理-删除回收站接口定义")
     @RequiresPermissions(PermissionConstants.PROJECT_API_DEFINITION_DELETE)
     @Log(type = OperationLogType.DELETE, expression = "#msClass.trashDelLog(#request)", msClass = ApiDefinitionLogService.class)
+    @CheckOwner(resourceId = "#request.getId()", resourceType = "api_definition")
     public void trashDel(@Validated @RequestBody ApiDefinitionDeleteRequest request) {
         apiDefinitionService.trashDel(request, SessionUtils.getUserId());
     }
-    @PostMapping(value = "/batch-restore")
+    @PostMapping(value = "/batch-recover")
     @Operation(summary = "接口测试-接口管理-批量从回收站恢复接口定义")
-    @RequiresPermissions(PermissionConstants.PROJECT_API_DEFINITION_UPDATE)
+    @RequiresPermissions(PermissionConstants.PROJECT_API_DEFINITION_RECOVER)
-    public void batchRestore(@Validated @RequestBody ApiDefinitionBatchRequest request) {
+    @CheckOwner(resourceId = "#request.getSelectIds()", resourceType = "api_definition")
-        apiDefinitionService.batchRestore(request, SessionUtils.getUserId());
+    public void batchRecover(@Validated @RequestBody ApiDefinitionBatchRequest request) {
+        apiDefinitionService.batchRecover(request, SessionUtils.getUserId());
     }
 
     @PostMapping(value = "/batch-trash-del")
     @Operation(summary = "接口测试-接口管理-批量从回收站删除接口定义")
     @RequiresPermissions(PermissionConstants.PROJECT_API_DEFINITION_DELETE)
+    @CheckOwner(resourceId = "#request.getSelectIds()", resourceType = "api_definition")
     public void batchTrashDel(@Validated @RequestBody ApiDefinitionBatchRequest request) {
         apiDefinitionService.batchTrashDel(request, SessionUtils.getUserId());
     }
@@ -152,6 +168,7 @@ public class ApiDefinitionController {
     @PostMapping("/page-doc")
     @Operation(summary = "接口测试-接口管理-接口文档列表")
     @RequiresPermissions(PermissionConstants.PROJECT_API_DEFINITION_READ)
+    @CheckOwner(resourceId = "#request.getProjectId()", resourceType = "project")
     public Pager<List<ApiDefinitionDTO>> getDocPage(@Validated @RequestBody ApiDefinitionPageRequest request) {
         Page<Object> page = PageHelper.startPage(request.getCurrent(), request.getPageSize(),
                 StringUtils.isNotBlank(request.getSortString()) ? request.getSortString() : "create_time desc");
@@ -168,6 +185,7 @@ public class ApiDefinitionController {
     @PostMapping("/doc")
     @Operation(summary = "接口测试-接口管理-接口文档列表")
     @RequiresPermissions(PermissionConstants.PROJECT_API_DEFINITION_READ)
+    @CheckOwner(resourceId = "#request.getProjectId()", resourceType = "project")
     public ApiDefinitionDocDTO getDocInfo(@Validated @RequestBody ApiDefinitionDocRequest request) {
         return apiDefinitionService.getDocInfo(request, SessionUtils.getUserId());
     }

backend/services/api-test/src/main/java/io/metersphere/api/controller/definition/ApiDefinitionMockController.java

@@ -10,6 +10,7 @@ import io.metersphere.api.service.definition.ApiDefinitionMockService;
 import io.metersphere.sdk.constants.PermissionConstants;
 import io.metersphere.system.log.annotation.Log;
 import io.metersphere.system.log.constants.OperationLogType;
+import io.metersphere.system.security.CheckOwner;
 import io.metersphere.system.utils.PageUtils;
 import io.metersphere.system.utils.Pager;
 import io.metersphere.system.utils.SessionUtils;
@@ -40,6 +41,7 @@ public class ApiDefinitionMockController {
     @PostMapping("/page")
     @Operation(summary = "接口测试-接口管理-接口 Mock")
     @RequiresPermissions(PermissionConstants.PROJECT_API_DEFINITION_MOCK_READ)
+    @CheckOwner(resourceId = "#request.getProjectId()", resourceType = "project")
     public Pager<List<ApiDefinitionMockDTO>> getPage(@Validated @RequestBody ApiDefinitionMockPageRequest request) {
         Page<Object> page = PageMethod.startPage(request.getCurrent(), request.getPageSize(),
                 StringUtils.isNotBlank(request.getSortString()) ? request.getSortString() : "create_time desc");
@@ -49,6 +51,7 @@ public class ApiDefinitionMockController {
     @PostMapping(value = "/detail")
     @Operation(summary = "接口测试-接口管理-获取 Mock 详情")
     @RequiresPermissions(PermissionConstants.PROJECT_API_DEFINITION_MOCK_READ)
+    @CheckOwner(resourceId = "#request.getId()", resourceType = "api_definition_mock")
     public ApiDefinitionMockDTO detail(@Validated @RequestBody ApiDefinitionMockRequest request) {
         return apiDefinitionMockService.detail(request);
     }
@@ -57,6 +60,7 @@ public class ApiDefinitionMockController {
     @Operation(summary = "接口测试-接口管理-添加 Mock")
     @RequiresPermissions(PermissionConstants.PROJECT_API_DEFINITION_MOCK_ADD)
     @Log(type = OperationLogType.ADD, expression = "#msClass.addLog(#request)", msClass = ApiDefinitionMockLogService.class)
+    @CheckOwner(resourceId = "#request.getProjectId()", resourceType = "project")
     public ApiDefinitionMock add(@Validated @RequestBody ApiDefinitionMockAddRequest request) {
         return apiDefinitionMockService.create(request, SessionUtils.getUserId());
     }
@@ -65,6 +69,7 @@ public class ApiDefinitionMockController {
     @Operation(summary = "接口测试-接口管理-更新 Mock")
     @RequiresPermissions(PermissionConstants.PROJECT_API_DEFINITION_MOCK_UPDATE)
     @Log(type = OperationLogType.UPDATE, expression = "#msClass.updateLog(#request)", msClass = ApiDefinitionMockLogService.class)
+    @CheckOwner(resourceId = "#request.getId()", resourceType = "api_definition_mock")
     public ApiDefinitionMock update(@Validated @RequestBody ApiDefinitionMockUpdateRequest request) {
         return apiDefinitionMockService.update(request, SessionUtils.getUserId());
     }
@@ -73,6 +78,7 @@ public class ApiDefinitionMockController {
     @Operation(summary = "接口测试-接口管理-更新 Mock-更新状态")
     @RequiresPermissions(PermissionConstants.PROJECT_API_DEFINITION_MOCK_UPDATE)
     @Log(type = OperationLogType.UPDATE, expression = "#msClass.updateEnableLog(#id)", msClass = ApiDefinitionMockLogService.class)
+    @CheckOwner(resourceId = "#id", resourceType = "api_definition_mock")
     public void updateEnable(@PathVariable String id) {
         apiDefinitionMockService.updateEnable(id);
     }
@@ -81,6 +87,7 @@ public class ApiDefinitionMockController {
     @Operation(summary = "接口测试-接口管理-删除 Mock")
     @RequiresPermissions(PermissionConstants.PROJECT_API_DEFINITION_MOCK_DELETE)
     @Log(type = OperationLogType.DELETE, expression = "#msClass.delLog(#request)", msClass = ApiDefinitionMockLogService.class)
+    @CheckOwner(resourceId = "#request.getId()", resourceType = "api_definition_mock")
     public void delete(@Validated @RequestBody ApiDefinitionMockRequest request) {
         apiDefinitionMockService.delete(request, SessionUtils.getUserId());
     }
@@ -89,6 +96,7 @@ public class ApiDefinitionMockController {
     @Operation(summary = "接口测试-接口管理-复制 Mock")
     @RequiresPermissions(PermissionConstants.PROJECT_API_DEFINITION_MOCK_UPDATE)
     @Log(type = OperationLogType.UPDATE, expression = "#msClass.copyLog(#request)", msClass = ApiDefinitionMockLogService.class)
+    @CheckOwner(resourceId = "#request.getId()", resourceType = "api_definition_mock")
     public ApiDefinitionMock copy(@Validated @RequestBody ApiDefinitionMockRequest request) {
         return apiDefinitionMockService.copy(request, SessionUtils.getUserId());
     }

backend/services/api-test/src/main/java/io/metersphere/api/mapper/ExtApiDefinitionMapper.java

@@ -35,7 +35,7 @@ public interface ExtApiDefinitionMapper {
 
     void batchDeleteById(@Param("ids") List<String> ids, @Param("userId") String userId, @Param("projectId") String projectId);
 
-    void batchRestoreById(@Param("ids") List<String> ids, @Param("userId") String userId, @Param("projectId") String projectId);
+    void batchRecoverById(@Param("ids") List<String> ids, @Param("userId") String userId, @Param("projectId") String projectId);
 
     void clearLatestVersion(@Param("refId") String refId, @Param("projectId") String projectId);
 

backend/services/api-test/src/main/java/io/metersphere/api/mapper/ExtApiDefinitionMapper.xml

@@ -172,7 +172,7 @@
         and deleted = false and project_id = #{projectId}
     </update>
 
-    <update id="batchRestoreById">
+    <update id="batchRecoverById">
         update api_definition
         set deleted = 0,
         delete_user = null,

backend/services/api-test/src/main/java/io/metersphere/api/service/definition/ApiDefinitionLogService.java

@@ -188,7 +188,7 @@ public class ApiDefinitionLogService {
      * @param request
      * @return
      */
-    public LogDTO restoreLog(ApiDefinitionDeleteRequest request) {
+    public LogDTO recoverLog(ApiDefinitionDeleteRequest request) {
         ApiDefinitionDTO apiDefinition = getOriginalValue(request.getId());
         if(apiDefinition.getId() != null){
             LogDTO dto = new LogDTO(
@@ -196,11 +196,11 @@ public class ApiDefinitionLogService {
                     null,
                     request.getId(),
                     null,
-                    OperationLogType.UPDATE.name(),
+                    OperationLogType.RECOVER.name(),
                     OperationLogModule.API_DEFINITION,
                     apiDefinition.getName());
             dto.setHistory(true);
-            dto.setPath("/api/definition/restore");
+            dto.setPath("/api/definition/recover");
             dto.setMethod(HttpMethodConstants.POST.name());
             dto.setOriginalValue(JSON.toJSONBytes(apiDefinition));
             return dto;
@@ -215,8 +215,8 @@ public class ApiDefinitionLogService {
      *
      * @return
      */
-    public void batchRestoreLog(List<String> ids, String userId, String projectId) {
+    public void batchRecoverLog(List<String> ids, String userId, String projectId) {
-        saveBatchLog(projectId, ids, "/api/definition/batch-restore", userId, OperationLogType.UPDATE.name(), true);
+        saveBatchLog(projectId, ids, "/api/definition/batch-recover", userId, OperationLogType.RECOVER.name(), true);
     }
 
 

backend/services/api-test/src/main/java/io/metersphere/api/service/definition/ApiDefinitionService.java

@@ -648,22 +648,22 @@ public class ApiDefinitionService {
         apiDefinitionFollowerMapper.deleteByPrimaryKey(apiId, userId);
     }
 
-    public void restore(ApiDefinitionDeleteRequest request, String userId) {
+    public void recover(ApiDefinitionDeleteRequest request, String userId) {
         // 恢复接口到接口列表
-        handleRestoreApiDefinition(Collections.singletonList(request.getId()), userId, request.getProjectId(), false);
+        handleRecoverApiDefinition(Collections.singletonList(request.getId()), userId, request.getProjectId(), false);
     }
-    public void handleRestoreApiDefinition(List<String> ids, String userId, String projectId, boolean isBatch){
+    public void handleRecoverApiDefinition(List<String> ids, String userId, String projectId, boolean isBatch){
         if (CollectionUtils.isNotEmpty(ids)) {
-            SubListUtils.dealForSubList(ids, 2000, subList -> doRestore(subList, userId, projectId, isBatch));
+            SubListUtils.dealForSubList(ids, 2000, subList -> doRecover(subList, userId, projectId, isBatch));
         }
     }
 
-    private void doRestore(List<String> apiIds, String userId, String projectId, boolean isBatch) {
+    private void doRecover(List<String> apiIds, String userId, String projectId, boolean isBatch) {
         // 记录恢复数据之前的原数据日志，单条通过注解记录日志
         if(isBatch){
-            apiDefinitionLogService.batchRestoreLog(apiIds, userId, projectId);
+            apiDefinitionLogService.batchRecoverLog(apiIds, userId, projectId);
         }
-        extApiDefinitionMapper.batchRestoreById(apiIds, userId, projectId);
+        extApiDefinitionMapper.batchRecoverById(apiIds, userId, projectId);
 
         List<String> updateApiIds = new ArrayList<>();
         apiIds.forEach(id -> {
@@ -723,10 +723,10 @@ public class ApiDefinitionService {
         handleTrashDelApiDefinition(Collections.singletonList(request.getId()), userId, request.getProjectId(), false);
     }
 
-    public void batchRestore(ApiDefinitionBatchRequest request, String userId) {
+    public void batchRecover(ApiDefinitionBatchRequest request, String userId) {
         List<String> ids = getBatchApiIds(request, request.getProjectId(), request.getProtocol(), true, userId);
         if (CollectionUtils.isNotEmpty(ids)) {
-            handleRestoreApiDefinition(ids, userId, request.getProjectId(), true);
+            handleRecoverApiDefinition(ids, userId, request.getProjectId(), true);
         }
     }
 

backend/services/api-test/src/main/java/io/metersphere/api/service/definition/ApiTestCaseRecoverService.java

@@ -37,7 +37,7 @@ public class ApiTestCaseRecoverService {
         List<String> definitionIds = extApiTestCaseMapper.selectIdsByCaseIds(ids);
         if (CollectionUtils.isNotEmpty(definitionIds)) {
             List<String> apiIds = extApiDefinitionMapper.selectIdsByIdsAndDeleted(definitionIds, true);
-            apiDefinitionService.handleRestoreApiDefinition(apiIds, userId, request.getProjectId(), true);
+            apiDefinitionService.handleRecoverApiDefinition(apiIds, userId, request.getProjectId(), true);
             definitionIds.removeAll(apiIds);
             if (CollectionUtils.isNotEmpty(definitionIds)) {
                 //接口被删的用例

backend/services/api-test/src/test/java/io/metersphere/api/controller/ApiDefinitionControllerTests.java

@@ -58,8 +58,8 @@ public class ApiDefinitionControllerTests extends BaseTest {
     private final static String COPY = BASE_PATH + "copy";
     private final static String BATCH_MOVE = BASE_PATH + "batch-move";
 
-    private final static String RESTORE = BASE_PATH + "restore";
+    private final static String RESTORE = BASE_PATH + "recover";
-    private final static String BATCH_RESTORE = BASE_PATH + "batch-restore";
+    private final static String BATCH_RESTORE = BASE_PATH + "batch-recover";
 
     private final static String TRASH_DEL = BASE_PATH + "trash-del";
     private final static String BATCH_TRASH_DEL = BASE_PATH + "batch-trash-del";
@@ -361,6 +361,7 @@ public class ApiDefinitionControllerTests extends BaseTest {
         // @@异常参数校验
         createdGroupParamValidateTest(ApiDefinitionUpdateRequest.class, UPDATE);
         // @@校验权限
+        request.setId(apiDefinition.getId());
         request.setProjectId(DEFAULT_PROJECT_ID);
         request.setName("permission-st-6");
         request.setModuleId("module-st-6");
@@ -695,7 +696,7 @@ public class ApiDefinitionControllerTests extends BaseTest {
 
     private void configureFilterSearch(ApiDefinitionPageRequest request) {
         Map<String, List<String>> filters = new HashMap<>();
-        request.setSort(Map.of("updateTime", "asc"));
+        request.setSort(Map.of());
         filters.put("status", Arrays.asList("Underway", "Completed"));
         filters.put("method", List.of("GET"));
         filters.put("version_id", List.of("1005704995741369851"));
@@ -944,6 +945,7 @@ public class ApiDefinitionControllerTests extends BaseTest {
         apiDefinitionDeleteRequest.setDeleteAll(false);
         assertErrorCode(this.requestPost(DELETE, apiDefinitionDeleteRequest), ApiResultCode.API_DEFINITION_NOT_EXIST);
         // @@校验权限
+        apiDefinitionDeleteRequest.setId(apiDefinition.getId());
         requestPostPermissionTest(PermissionConstants.PROJECT_API_DEFINITION_DELETE, DELETE, apiDefinitionDeleteRequest);
     }
 
@@ -983,8 +985,8 @@ public class ApiDefinitionControllerTests extends BaseTest {
 
     @Test
     @Order(14)
-    public void testRestore() throws Exception {
+    public void testRecover() throws Exception {
-        LogUtils.info("restore api test");
+        LogUtils.info("recover api test");
         apiDefinition = apiDefinitionMapper.selectByPrimaryKey("1001");
         // @恢复一条数据
         ApiDefinitionDeleteRequest apiDefinitionDeleteRequest = new ApiDefinitionDeleteRequest();
@@ -992,7 +994,7 @@ public class ApiDefinitionControllerTests extends BaseTest {
         apiDefinitionDeleteRequest.setProjectId(DEFAULT_PROJECT_ID);
         // @@请求成功
         this.requestPostWithOkAndReturn(RESTORE, apiDefinitionDeleteRequest);
-        checkLogModelList.add(new CheckLogModel(apiDefinition.getId(), OperationLogType.UPDATE, RESTORE));
+        checkLogModelList.add(new CheckLogModel(apiDefinition.getId(), OperationLogType.RECOVER, RESTORE));
         ApiDefinition apiDefinitionInfo = apiDefinitionMapper.selectByPrimaryKey(apiDefinition.getId());
         Assertions.assertFalse(apiDefinitionInfo.getDeleted());
         Assertions.assertNull(apiDefinitionInfo.getDeleteUser());
@@ -1022,13 +1024,14 @@ public class ApiDefinitionControllerTests extends BaseTest {
         assertErrorCode(this.requestPost(RESTORE, apiDefinitionDeleteRequest), ApiResultCode.API_DEFINITION_NOT_EXIST);
 
         // @@校验权限
-        requestPostPermissionTest(PermissionConstants.PROJECT_API_DEFINITION_UPDATE, RESTORE, apiDefinitionDeleteRequest);
+        apiDefinitionDeleteRequest.setId(apiDefinition.getId());
+        requestPostPermissionTest(PermissionConstants.PROJECT_API_DEFINITION_RECOVER, RESTORE, apiDefinitionDeleteRequest);
     }
 
     @Test
     @Order(15)
-    public void testBatchRestore() throws Exception {
+    public void testBatchRecover() throws Exception {
-        LogUtils.info("batch restore api test");
+        LogUtils.info("batch recover api test");
         ApiDefinitionBatchRequest request = new ApiDefinitionBatchRequest();
         request.setProjectId(DEFAULT_PROJECT_ID);
         // 恢复选中
@@ -1067,10 +1070,10 @@ public class ApiDefinitionControllerTests extends BaseTest {
         // @@校验日志
         String[] ids = {"1002", "1004", "1006"};
         for (String id : ids) {
-            checkLogModelList.add(new CheckLogModel(id, OperationLogType.UPDATE, BATCH_RESTORE));
+            checkLogModelList.add(new CheckLogModel(id, OperationLogType.RECOVER, BATCH_RESTORE));
         }
         // @@校验权限
-        requestPostPermissionTest(PermissionConstants.PROJECT_API_DEFINITION_UPDATE, BATCH_RESTORE, request);
+        requestPostPermissionTest(PermissionConstants.PROJECT_API_DEFINITION_RECOVER, BATCH_RESTORE, request);
     }
 
     @Test

backend/services/api-test/src/test/java/io/metersphere/api/controller/ApiDefinitionMockControllerTests.java

@@ -280,6 +280,7 @@ public class ApiDefinitionMockControllerTests extends BaseTest {
         assertErrorCode(this.requestPost(DETAIL, apiDefinitionMockRequest), MsHttpResultCode.NOT_FOUND);
 
         // @@校验权限
+        apiDefinitionMockRequest.setId(apiDefinitionMock.getId());
         requestPostPermissionTest(PermissionConstants.PROJECT_API_DEFINITION_MOCK_READ, DETAIL, apiDefinitionMockRequest);
     }
 
@@ -375,6 +376,7 @@ public class ApiDefinitionMockControllerTests extends BaseTest {
         // @@异常参数校验
         createdGroupParamValidateTest(ApiDefinitionMockUpdateRequest.class, UPDATE);
         // @@校验权限
+        request.setId(apiDefinitionMock.getId());
         request.setProjectId(DEFAULT_PROJECT_ID);
         request.setName("permission-st-6");
         requestPostPermissionTest(PermissionConstants.PROJECT_API_DEFINITION_MOCK_UPDATE, UPDATE, request);
@@ -449,6 +451,7 @@ public class ApiDefinitionMockControllerTests extends BaseTest {
         request.setId("121");
         assertErrorCode(this.requestPost(COPY, request),  MsHttpResultCode.NOT_FOUND);
         // @@校验权限
+        request.setId(apiDefinitionMock.getId());
         requestPostPermissionTest(PermissionConstants.PROJECT_API_DEFINITION_MOCK_UPDATE, COPY, request);
     }