From 56afb0dc993f002dcfe7666dc929ae16e45cef48 Mon Sep 17 00:00:00 2001 From: WangXu10 Date: Mon, 12 Jun 2023 10:28:55 +0800 Subject: [PATCH] =?UTF-8?q?refactor(=E7=B3=BB=E7=BB=9F=E8=AE=BE=E7=BD=AE)?= =?UTF-8?q?=EF=BC=9A=E5=A2=9E=E5=8A=A0=E6=9D=83=E9=99=90=E6=A0=A1=E9=AA=8C?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../commons/constants/PermissionConstants.java | 10 ++++++++++ .../controller/SystemParameterController.java | 10 ++++++++++ .../log/controller/OperatingLogController.java | 5 +++++ .../metersphere/quota/controller/QuotaController.java | 7 +++++++ .../controller/EnvironmentGroupController.java | 8 ++++++++ .../io/metersphere/controller/PluginController.java | 6 ++++++ .../controller/TestResourcePoolController.java | 8 ++++++++ 7 files changed, 54 insertions(+) diff --git a/framework/sdk-parent/sdk/src/main/java/io/metersphere/commons/constants/PermissionConstants.java b/framework/sdk-parent/sdk/src/main/java/io/metersphere/commons/constants/PermissionConstants.java index 7d53132ea3..b9d7e70d56 100644 --- a/framework/sdk-parent/sdk/src/main/java/io/metersphere/commons/constants/PermissionConstants.java +++ b/framework/sdk-parent/sdk/src/main/java/io/metersphere/commons/constants/PermissionConstants.java @@ -213,4 +213,14 @@ public class PermissionConstants { public static final String PROJECT_TEMPLATE_READ_API_TEMPLATE = "PROJECT_TEMPLATE:READ+API_TEMPLATE"; public static final String PROJECT_TEMPLATE_READ_CUSTOM = "PROJECT_TEMPLATE:READ+CUSTOM"; public static final String PROJECT_TEMPLATE_READ_REPORT_TEMPLATE = "PROJECT_TEMPLATE:READ+REPORT_TEMPLATE"; + + + public static final String WORKSPACE_PROJECT_ENVIRONMENT_GROUP_READ = "WORKSPACE_PROJECT_ENVIRONMENT:READ+CREATE_GROUP"; + public static final String WORKSPACE_PROJECT_ENVIRONMENT_GROUP_DELETE = "WORKSPACE_PROJECT_ENVIRONMENT:READ+DELETE_GROUP"; + public static final String WORKSPACE_PROJECT_ENVIRONMENT_GROUP_EDIT = "WORKSPACE_PROJECT_ENVIRONMENT:READ+EDIT_GROUP"; + public static final String WORKSPACE_PROJECT_ENVIRONMENT_GROUP_COPY = "WORKSPACE_PROJECT_ENVIRONMENT:READ+COPY_GROU"; + + public static final String SYSTEM_PLUGIN_DEL = "SYSTEM_PLUGIN:DEL"; + public static final String SYSTEM_PLUGIN_UPLOAD = "SYSTEM_PLUGIN:UPLOAD"; + public static final String SYSTEM_PLUGIN_READ = "SYSTEM_PLUGIN:READ"; } diff --git a/framework/sdk-parent/sdk/src/main/java/io/metersphere/controller/SystemParameterController.java b/framework/sdk-parent/sdk/src/main/java/io/metersphere/controller/SystemParameterController.java index ec37ff4349..c30b38de80 100644 --- a/framework/sdk-parent/sdk/src/main/java/io/metersphere/controller/SystemParameterController.java +++ b/framework/sdk-parent/sdk/src/main/java/io/metersphere/controller/SystemParameterController.java @@ -6,6 +6,7 @@ import io.metersphere.base.domain.UserHeader; import io.metersphere.commons.constants.OperLogConstants; import io.metersphere.commons.constants.OperLogModule; import io.metersphere.commons.constants.ParamConstants; +import io.metersphere.commons.constants.PermissionConstants; import io.metersphere.request.HeaderRequest; import io.metersphere.dto.BaseSystemConfigDTO; import io.metersphere.ldap.domain.LdapInfo; @@ -13,6 +14,7 @@ import io.metersphere.log.annotation.MsAuditLog; import io.metersphere.notice.domain.MailInfo; import io.metersphere.service.BaseUserService; import io.metersphere.service.SystemParameterService; +import org.apache.shiro.authz.annotation.RequiresPermissions; import org.springframework.core.env.Environment; import org.springframework.web.bind.annotation.*; @@ -33,6 +35,7 @@ public class SystemParameterController { @PostMapping("/edit/email") + @RequiresPermissions(PermissionConstants.SYSTEM_SETTING_READ_EDIT) @MsAuditLog(module = OperLogModule.SYSTEM_PARAMETER_SETTING, type = OperLogConstants.UPDATE, title = "邮件设置", beforeEvent = "#msClass.getMailLogDetails()", content = "#msClass.getMailLogDetails()", msClass = SystemParameterService.class) public void editMail(@RequestBody List systemParameter) { systemParameterService.editMail(systemParameter); @@ -59,11 +62,13 @@ public class SystemParameterController { } @GetMapping("/mail/info") + @RequiresPermissions(PermissionConstants.SYSTEM_SETTING_READ) public MailInfo mailInfo() { return systemParameterService.mailInfo(ParamConstants.Classify.MAIL.getValue()); } @GetMapping("/base/info") + @RequiresPermissions(PermissionConstants.SYSTEM_SETTING_READ) public BaseSystemConfigDTO getBaseInfo() { return systemParameterService.getBaseInfo(); } @@ -74,6 +79,7 @@ public class SystemParameterController { } @PostMapping("/save/base") + @RequiresPermissions(PermissionConstants.SYSTEM_SETTING_READ_EDIT) @MsAuditLog(module = OperLogModule.SYSTEM_PARAMETER_SETTING, type = OperLogConstants.UPDATE, beforeEvent = "#msClass.getBaseLogDetails()", content = "#msClass.getBaseLogDetails()", msClass = SystemParameterService.class) public void saveBaseInfo(@RequestBody List systemParameter) { systemParameterService.saveBaseInfo(systemParameter); @@ -85,17 +91,20 @@ public class SystemParameterController { } @PostMapping("/save/ldap") + @RequiresPermissions(PermissionConstants.SYSTEM_SETTING_READ_EDIT) @MsAuditLog(module = OperLogModule.SYSTEM_PARAMETER_SETTING, type = OperLogConstants.UPDATE, beforeEvent = "#msClass.getLogDetails()", content = "#msClass.getLogDetails()", msClass = SystemParameterService.class) public void saveLdap(@RequestBody List systemParameter) { systemParameterService.saveLdap(systemParameter); } @GetMapping("/ldap/info") + @RequiresPermissions(PermissionConstants.SYSTEM_SETTING_READ) public LdapInfo getLdapInfo() { return systemParameterService.getLdapInfo(ParamConstants.Classify.LDAP.getValue()); } @PostMapping("save/header") + @RequiresPermissions(PermissionConstants.SYSTEM_SETTING_READ_EDIT) @MsAuditLog(module = OperLogModule.SYSTEM_PARAMETER_SETTING, type = OperLogConstants.UPDATE, title = "显示设置") public void saveHeader(@RequestBody UserHeader userHeader) { systemParameterService.saveHeader(userHeader); @@ -117,6 +126,7 @@ public class SystemParameterController { } @PostMapping("/edit/info") + @RequiresPermissions(PermissionConstants.SYSTEM_SETTING_READ_EDIT) public SystemParameter editInfo(@RequestBody SystemParameter systemParameter) { systemParameterService.editInfo(systemParameter); return systemParameter; diff --git a/framework/sdk-parent/sdk/src/main/java/io/metersphere/log/controller/OperatingLogController.java b/framework/sdk-parent/sdk/src/main/java/io/metersphere/log/controller/OperatingLogController.java index 558812403d..f42e190a8c 100644 --- a/framework/sdk-parent/sdk/src/main/java/io/metersphere/log/controller/OperatingLogController.java +++ b/framework/sdk-parent/sdk/src/main/java/io/metersphere/log/controller/OperatingLogController.java @@ -3,11 +3,13 @@ package io.metersphere.log.controller; import com.github.pagehelper.Page; import com.github.pagehelper.PageHelper; import io.metersphere.base.domain.OperatingLogWithBLOBs; +import io.metersphere.commons.constants.PermissionConstants; import io.metersphere.commons.utils.PageUtils; import io.metersphere.commons.utils.Pager; import io.metersphere.log.service.OperatingLogService; import io.metersphere.log.vo.OperatingLogDTO; import io.metersphere.log.vo.OperatingLogRequest; +import org.apache.shiro.authz.annotation.RequiresPermissions; import org.springframework.web.bind.annotation.*; import jakarta.annotation.Resource; @@ -21,18 +23,21 @@ public class OperatingLogController { private OperatingLogService operatingLogService; @PostMapping("/list/{goPage}/{pageSize}") + @RequiresPermissions(PermissionConstants.SYSTEM_OPERATING_LOG_READ) public Pager> list(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody OperatingLogRequest request) { Page page = PageHelper.startPage(goPage, pageSize, true); return PageUtils.setPageInfo(page, operatingLogService.list(request)); } @GetMapping("/get/{id}") + @RequiresPermissions(PermissionConstants.SYSTEM_OPERATING_LOG_READ) public OperatingLogDTO get(@PathVariable String id) { return operatingLogService.get(id); } @PostMapping("/get/source/{goPage}/{pageSize}") + @RequiresPermissions(PermissionConstants.SYSTEM_OPERATING_LOG_READ) public Pager> findBySourceId(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody OperatingLogRequest request) { Page page = PageHelper.startPage(goPage, pageSize, true); return PageUtils.setPageInfo(page, operatingLogService.findBySourceId(request)); diff --git a/framework/sdk-parent/sdk/src/main/java/io/metersphere/quota/controller/QuotaController.java b/framework/sdk-parent/sdk/src/main/java/io/metersphere/quota/controller/QuotaController.java index 8933c23f5a..bcf1426a0b 100644 --- a/framework/sdk-parent/sdk/src/main/java/io/metersphere/quota/controller/QuotaController.java +++ b/framework/sdk-parent/sdk/src/main/java/io/metersphere/quota/controller/QuotaController.java @@ -5,6 +5,7 @@ import com.github.pagehelper.PageHelper; import io.metersphere.base.domain.Quota; import io.metersphere.commons.constants.OperLogConstants; import io.metersphere.commons.constants.OperLogModule; +import io.metersphere.commons.constants.PermissionConstants; import io.metersphere.commons.utils.PageUtils; import io.metersphere.commons.utils.Pager; import io.metersphere.commons.utils.SessionUtils; @@ -13,6 +14,7 @@ import io.metersphere.quota.dto.QuotaConstants; import io.metersphere.quota.dto.QuotaResult; import io.metersphere.quota.service.QuotaManagementService; import org.apache.commons.lang3.StringUtils; +import org.apache.shiro.authz.annotation.RequiresPermissions; import org.springframework.web.bind.annotation.*; import jakarta.annotation.Resource; @@ -28,6 +30,7 @@ public class QuotaController { private QuotaManagementService quotaManagementService; @GetMapping("/default/workspace") + @RequiresPermissions(PermissionConstants.SYSTEM_QUOTA_READ) public Quota getWsDefaultQuota() { return quotaManagementService.getDefaultQuota(QuotaConstants.DefaultType.workspace); } @@ -38,6 +41,7 @@ public class QuotaController { } @PostMapping("/save/default/workspace") + @RequiresPermissions(PermissionConstants.SYSTEM_QUOTA_READ_EDIT) @MsAuditLog(module = OperLogModule.SYSTEM_QUOTA_MANAGEMENT, type = OperLogConstants.UPDATE, beforeEvent = "#msClass.getLogDetails(#quota.id)", content = "#msClass.getLogDetails(#quota.id)", msClass = QuotaManagementService.class) public void saveWsDefaultQuota(@RequestBody Quota quota) { quota.setId(QuotaConstants.DefaultType.workspace.name()); @@ -55,6 +59,7 @@ public class QuotaController { } @PostMapping("/list/workspace/{goPage}/{pageSize}") + @RequiresPermissions(PermissionConstants.SYSTEM_QUOTA_READ) public Pager> listWsQuota(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody Map param) { Page page = PageHelper.startPage(goPage, pageSize, true); return PageUtils.setPageInfo(page, quotaManagementService.listWorkspaceQuota(param.get("name"))); @@ -67,12 +72,14 @@ public class QuotaController { } @PostMapping("/save") + @RequiresPermissions(PermissionConstants.SYSTEM_QUOTA_READ_EDIT) @MsAuditLog(module = OperLogModule.SYSTEM_QUOTA_MANAGEMENT, type = OperLogConstants.UPDATE, beforeEvent = "#msClass.getLogDetails(#quota.id)", content = "#msClass.getLogDetails(#quota.id)", msClass = QuotaManagementService.class) public void saveQuota(@RequestBody Quota quota) { quotaManagementService.saveQuota(quota); } @PostMapping("/delete") + @RequiresPermissions(PermissionConstants.SYSTEM_QUOTA_READ_EDIT) @MsAuditLog(module = OperLogModule.SYSTEM_QUOTA_MANAGEMENT, type = OperLogConstants.DELETE, beforeEvent = "#msClass.getLogDetails(#quota.id)", msClass = QuotaManagementService.class) public void delete(@RequestBody Quota quota) { quotaManagementService.deleteQuota(quota.getId()); diff --git a/system-setting/backend/src/main/java/io/metersphere/controller/EnvironmentGroupController.java b/system-setting/backend/src/main/java/io/metersphere/controller/EnvironmentGroupController.java index a3ece57f05..ed627791aa 100644 --- a/system-setting/backend/src/main/java/io/metersphere/controller/EnvironmentGroupController.java +++ b/system-setting/backend/src/main/java/io/metersphere/controller/EnvironmentGroupController.java @@ -2,10 +2,12 @@ package io.metersphere.controller; import io.metersphere.base.domain.EnvironmentGroup; import io.metersphere.commons.constants.OperLogModule; +import io.metersphere.commons.constants.PermissionConstants; import io.metersphere.environment.dto.EnvironmentGroupRequest; import io.metersphere.log.annotation.MsRequestLog; import io.metersphere.service.EnvironmentGroupProjectService; import io.metersphere.service.EnvironmentGroupService; +import org.apache.shiro.authz.annotation.RequiresPermissions; import org.springframework.web.bind.annotation.*; import jakarta.annotation.Resource; @@ -22,35 +24,41 @@ public class EnvironmentGroupController { @PostMapping("/add") @MsRequestLog(module = OperLogModule.PROJECT_ENVIRONMENT_SETTING) + @RequiresPermissions(PermissionConstants.WORKSPACE_PROJECT_ENVIRONMENT_GROUP_READ) public EnvironmentGroup add(@RequestBody EnvironmentGroupRequest request) { return environmentGroupService.add(request); } @PostMapping("/batch/add") + @RequiresPermissions(PermissionConstants.WORKSPACE_PROJECT_ENVIRONMENT_READ_CREATE) public void batchAdd(@RequestBody EnvironmentGroupRequest request) { environmentGroupService.batchAdd(request); } @GetMapping("/delete/{id}") @MsRequestLog(module = OperLogModule.PROJECT_ENVIRONMENT_SETTING) + @RequiresPermissions(PermissionConstants.WORKSPACE_PROJECT_ENVIRONMENT_GROUP_DELETE) public void delete(@PathVariable String id) { environmentGroupService.delete(id); } @PostMapping("/update") @MsRequestLog(module = OperLogModule.PROJECT_ENVIRONMENT_SETTING) + @RequiresPermissions(PermissionConstants.WORKSPACE_PROJECT_ENVIRONMENT_GROUP_EDIT) public EnvironmentGroup update(@RequestBody EnvironmentGroupRequest request) { return environmentGroupService.update(request); } @PostMapping("/modify") @MsRequestLog(module = OperLogModule.PROJECT_ENVIRONMENT_SETTING) + @RequiresPermissions(PermissionConstants.WORKSPACE_PROJECT_ENVIRONMENT_GROUP_EDIT) public void modify(@RequestBody EnvironmentGroupRequest request) { environmentGroupService.modify(request); } @GetMapping("/copy/{id}") @MsRequestLog(module = OperLogModule.PROJECT_ENVIRONMENT_SETTING) + @RequiresPermissions(PermissionConstants.WORKSPACE_PROJECT_ENVIRONMENT_GROUP_COPY) public void copy(@PathVariable String id) { environmentGroupService.copy(id); } diff --git a/system-setting/backend/src/main/java/io/metersphere/controller/PluginController.java b/system-setting/backend/src/main/java/io/metersphere/controller/PluginController.java index a9c74ddc90..0c4ea62f67 100644 --- a/system-setting/backend/src/main/java/io/metersphere/controller/PluginController.java +++ b/system-setting/backend/src/main/java/io/metersphere/controller/PluginController.java @@ -3,11 +3,13 @@ package io.metersphere.controller; import io.metersphere.base.domain.Plugin; import io.metersphere.commons.constants.OperLogConstants; import io.metersphere.commons.constants.OperLogModule; +import io.metersphere.commons.constants.PermissionConstants; import io.metersphere.commons.exception.MSException; import io.metersphere.log.annotation.MsAuditLog; import io.metersphere.request.PluginDTO; import io.metersphere.request.PluginRequest; import io.metersphere.service.PluginService; +import org.apache.shiro.authz.annotation.RequiresPermissions; import org.springframework.web.bind.annotation.*; import org.springframework.web.multipart.MultipartFile; @@ -23,6 +25,7 @@ public class PluginController { private PluginService pluginService; @PostMapping("/add/{scenario}") + @RequiresPermissions(PermissionConstants.SYSTEM_PLUGIN_UPLOAD) @MsAuditLog(module = OperLogModule.PLUGIN_MANAGE, type = OperLogConstants.CREATE, title = "#file.getOriginalFilename()", msClass = PluginService.class) public void create(@RequestPart(value = "file", required = false) MultipartFile file, @PathVariable String scenario) { if (file == null) { @@ -32,16 +35,19 @@ public class PluginController { } @GetMapping("/list") + @RequiresPermissions(PermissionConstants.SYSTEM_PLUGIN_READ) public List list(String name) { return pluginService.list(name); } @GetMapping("/get/{id}") + @RequiresPermissions(PermissionConstants.SYSTEM_PLUGIN_READ) public Plugin get(@PathVariable String id) { return pluginService.get(id); } @GetMapping("/delete/{scenario}/{id}") + @RequiresPermissions(PermissionConstants.SYSTEM_PLUGIN_DEL) @MsAuditLog(module = OperLogModule.PLUGIN_MANAGE, type = OperLogConstants.DELETE, beforeEvent = "#msClass.getLogDetails(#id)", msClass = PluginService.class) public void delete(@PathVariable String scenario, @PathVariable String id) { pluginService.delete(scenario, id); diff --git a/system-setting/backend/src/main/java/io/metersphere/controller/TestResourcePoolController.java b/system-setting/backend/src/main/java/io/metersphere/controller/TestResourcePoolController.java index 77a31495b0..d53c0c8f86 100644 --- a/system-setting/backend/src/main/java/io/metersphere/controller/TestResourcePoolController.java +++ b/system-setting/backend/src/main/java/io/metersphere/controller/TestResourcePoolController.java @@ -4,6 +4,7 @@ import com.github.pagehelper.Page; import com.github.pagehelper.PageHelper; import io.metersphere.commons.constants.OperLogConstants; import io.metersphere.commons.constants.OperLogModule; +import io.metersphere.commons.constants.PermissionConstants; import io.metersphere.commons.utils.PageUtils; import io.metersphere.commons.utils.Pager; import io.metersphere.consul.CacheNode; @@ -12,6 +13,7 @@ import io.metersphere.dto.UpdatePoolDTO; import io.metersphere.log.annotation.MsAuditLog; import io.metersphere.request.resourcepool.QueryResourcePoolRequest; import io.metersphere.service.TestResourcePoolService; +import org.apache.shiro.authz.annotation.RequiresPermissions; import org.springframework.web.bind.annotation.*; import jakarta.annotation.Resource; @@ -28,6 +30,7 @@ public class TestResourcePoolController { @PostMapping("/add") @MsAuditLog(module = OperLogModule.SYSTEM_TEST_RESOURCE, type = OperLogConstants.CREATE, content = "#msClass.getLogDetails(#testResourcePoolDTO.id)", msClass = TestResourcePoolService.class) @CacheNode // 把监控节点缓存起来 + @RequiresPermissions(PermissionConstants.SYSTEM_TEST_POOL_READ_CREATE) public TestResourcePoolDTO addTestResourcePool(@RequestBody TestResourcePoolDTO testResourcePoolDTO) { return testResourcePoolService.addTestResourcePool(testResourcePoolDTO); } @@ -35,6 +38,7 @@ public class TestResourcePoolController { @GetMapping("/delete/{testResourcePoolId}") @MsAuditLog(module = OperLogModule.SYSTEM_TEST_RESOURCE, type = OperLogConstants.DELETE, beforeEvent = "#msClass.getLogDetails(#testResourcePoolId)", msClass = TestResourcePoolService.class) @CacheNode // 把监控节点缓存起来 + @RequiresPermissions(PermissionConstants.SYSTEM_TEST_POOL_READ_DELETE) public void deleteTestResourcePool(@PathVariable(value = "testResourcePoolId") String testResourcePoolId) { testResourcePoolService.deleteTestResourcePool(testResourcePoolId); } @@ -42,6 +46,7 @@ public class TestResourcePoolController { @PostMapping("/update") @MsAuditLog(module = OperLogModule.SYSTEM_TEST_RESOURCE, type = OperLogConstants.UPDATE, beforeEvent = "#msClass.getLogDetails(#testResourcePoolDTO.id)", content = "#msClass.getLogDetails(#testResourcePoolDTO.id)", msClass = TestResourcePoolService.class) @CacheNode // 把监控节点缓存起来 + @RequiresPermissions(PermissionConstants.SYSTEM_TEST_POOL_READ_EDIT) public void updateTestResourcePool(@RequestBody TestResourcePoolDTO testResourcePoolDTO) { testResourcePoolService.updateTestResourcePool(testResourcePoolDTO); } @@ -49,6 +54,7 @@ public class TestResourcePoolController { @GetMapping("/update/{poolId}/{status}") @MsAuditLog(module = OperLogModule.SYSTEM_TEST_RESOURCE, type = OperLogConstants.UPDATE, beforeEvent = "#msClass.getLogDetails(#poolId)", content = "#msClass.getLogDetails(#poolId)", msClass = TestResourcePoolService.class) @CacheNode // 把监控节点缓存起来 + @RequiresPermissions(PermissionConstants.SYSTEM_TEST_POOL_READ_EDIT) public void updateTestResourcePoolStatus(@PathVariable String poolId, @PathVariable String status) { testResourcePoolService.updateTestResourcePoolStatus(poolId, status); } @@ -59,12 +65,14 @@ public class TestResourcePoolController { } @PostMapping("list/{goPage}/{pageSize}") + @RequiresPermissions(PermissionConstants.SYSTEM_TEST_POOL_READ) public Pager> listResourcePools(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody QueryResourcePoolRequest request) { Page page = PageHelper.startPage(goPage, pageSize, true); return PageUtils.setPageInfo(page, testResourcePoolService.listResourcePools(request)); } @GetMapping("/list/quota/ws/valid/{workspaceId}") + @RequiresPermissions(PermissionConstants.SYSTEM_TEST_POOL_READ) public List listWsValidQuotaResourcePools(@PathVariable String workspaceId) { return testResourcePoolService.listWsValidQuotaResourcePools(workspaceId); }