refactor(接口测试): 接口增加权限

2023-06-09 16:12:38 +08:00 · 2023-06-09 16:12:38 +08:00 · 46a1377467
parent 14326dcbf5
commit 46a1377467
3 changed files with 12 additions and 7 deletions
--- a/api-test/backend/src/main/java/io/metersphere/controller/definition/ApiDefinitionController.java
+++ b/api-test/backend/src/main/java/io/metersphere/controller/definition/ApiDefinitionController.java
@ -59,7 +59,7 @@ public class ApiDefinitionController {
    private FunctionRunService functionRunService;

    @PostMapping("/list/{goPage}/{pageSize}")
-    @RequiresPermissions("PROJECT_API_DEFINITION:READ")
+    @RequiresPermissions(PermissionConstants.PROJECT_API_DEFINITION_READ)
    public Pager<List<ApiDefinitionResult>> list(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody ApiDefinitionRequest request) {
        apiDefinitionService.checkFilterHasCoverage(request);
        apiDefinitionService.getApplicationUpdateRule(request);
@ -68,6 +68,7 @@ public class ApiDefinitionController {
    }

    @PostMapping("/list/week/{projectId}/{versionId}/{goPage}/{pageSize}")
+    @RequiresPermissions(PermissionConstants.PROJECT_API_DEFINITION_READ)
    public Pager<List<ApiDefinitionResult>> weekList(@PathVariable String projectId, @PathVariable String versionId, @PathVariable int goPage, @PathVariable int pageSize) {
        if (StringUtils.equalsIgnoreCase(versionId, "default")) {
            versionId = null;
@ -94,7 +95,7 @@ public class ApiDefinitionController {
    }

    @PostMapping("/list/all")
-    @RequiresPermissions("PROJECT_API_DEFINITION:READ")
+    @RequiresPermissions(PermissionConstants.PROJECT_API_DEFINITION_READ)
    public List<ApiDefinitionResult> list(@RequestBody ApiDefinitionRequest request) {
        return apiDefinitionService.list(request);
    }
@ -136,6 +137,7 @@ public class ApiDefinitionController {
    }

    @PostMapping("/del-batch")
+    @RequiresPermissions(PermissionConstants.PROJECT_API_DEFINITION_READ_DELETE_API)
    @MsAuditLog(module = OperLogModule.API_DEFINITION, type = OperLogConstants.BATCH_DEL, beforeEvent = "#msClass.getLogDetails(#request.ids)", msClass = ApiDefinitionService.class)
    public void deleteBatchByParams(@RequestBody ApiBatchRequest request) {
        apiDefinitionService.deleteByParams(request);
@ -171,18 +173,20 @@ public class ApiDefinitionController {
    }

    @GetMapping("/get/{id}")
-    @RequiresPermissions("PROJECT_API_DEFINITION:READ")
+    @RequiresPermissions(PermissionConstants.PROJECT_API_DEFINITION_READ)
    public ApiDefinitionResult getApiDefinitionResult(@PathVariable String id) {
        return apiDefinitionService.getById(id);
    }

    @PostMapping(value = "/run/debug", consumes = {"multipart/form-data"})
+    @RequiresPermissions(PermissionConstants.PROJECT_API_DEFINITION_READ_DEBUG)
    @MsAuditLog(module = OperLogModule.API_DEFINITION, type = OperLogConstants.DEBUG, title = "#request.name", project = "#request.projectId")
    public MsExecResponseDTO runDebug(@RequestPart("request") RunDefinitionRequest request, @RequestPart(value = "files", required = false) List<MultipartFile> bodyFiles) {
        return apiDefinitionService.run(request, bodyFiles);
    }

    @PostMapping(value = "/run", consumes = {"multipart/form-data"})
+    @RequiresPermissions(PermissionConstants.PROJECT_API_DEFINITION_READ_RUN)
    @MsAuditLog(module = OperLogModule.API_DEFINITION, type = OperLogConstants.EXECUTE, sourceId = "#request.id", title = "#request.name", project = "#request.projectId")
    public MsExecResponseDTO run(@RequestPart("request") RunDefinitionRequest request, @RequestPart(value = "files", required = false) List<MultipartFile> bodyFiles) {
        request.setReportId(null);
--- a/api-test/backend/src/main/java/io/metersphere/controller/definition/ApiTestCaseController.java
+++ b/api-test/backend/src/main/java/io/metersphere/controller/definition/ApiTestCaseController.java
@ -21,11 +21,12 @@ import io.metersphere.request.ResetOrderRequest;
 import io.metersphere.service.definition.ApiDefinitionExecResultService;
 import io.metersphere.service.definition.ApiTestCaseService;
 import io.metersphere.service.scenario.ApiScenarioService;
+import jakarta.annotation.Resource;
+import org.apache.shiro.authz.annotation.Logical;
 import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.springframework.web.bind.annotation.*;
 import org.springframework.web.multipart.MultipartFile;

-import jakarta.annotation.Resource;
 import java.util.List;
 import java.util.Map;

@ -51,13 +52,13 @@ public class ApiTestCaseController {
    }

    @PostMapping("/select/by/id")
-    @RequiresPermissions(PermissionConstants.PROJECT_API_DEFINITION_READ)
+    @RequiresPermissions(value = {PermissionConstants.PROJECT_API_DEFINITION_READ , PermissionConstants.PROJECT_API_DEFINITION_READ_EDIT_CASE}, logical = Logical.OR)
    public List<ApiTestCase> selectByIds(@RequestBody ApiTestCaseRequest request) {
        return apiTestCaseService.selectByIds(request);
    }

    @GetMapping("/get-details/{id}")
-    @RequiresPermissions(PermissionConstants.PROJECT_API_DEFINITION_READ)
+    @RequiresPermissions(value = {PermissionConstants.PROJECT_API_DEFINITION_READ , PermissionConstants.PROJECT_API_DEFINITION_READ_EDIT_CASE}, logical = Logical.OR)
    public ApiTestCaseResult single(@PathVariable String id) {
        ApiTestCaseRequest request = new ApiTestCaseRequest();
        request.setId(id);
--- a/api-test/backend/src/main/java/io/metersphere/controller/scenario/ApiScenarioController.java
+++ b/api-test/backend/src/main/java/io/metersphere/controller/scenario/ApiScenarioController.java
@ -191,7 +191,7 @@ public class ApiScenarioController {
    }

    @GetMapping("/scenario-details/{id}")
-    @RequiresPermissions(PermissionConstants.PROJECT_API_SCENARIO_READ)
+    @RequiresPermissions(value ={PermissionConstants.PROJECT_API_SCENARIO_READ, PermissionConstants.PROJECT_API_DEFINITION_READ_EDIT_CASE}, logical = Logical.OR)
    public ApiScenarioDTO getScenarioDefinition(@PathVariable String id) {
        return apiAutomationService.getNewApiScenario(id);
    }