refactor(接口测试): 优化校验权限

2024-06-05 11:44:15 +08:00 · 2024-06-05 11:44:15 +08:00 · 5f38a56ca1
parent 4c48bae74f
commit 5f38a56ca1
4 changed files with 12 additions and 13 deletions
--- a/api-test/backend/src/main/java/io/metersphere/controller/scenario/ApiScenarioController.java
+++ b/api-test/backend/src/main/java/io/metersphere/controller/scenario/ApiScenarioController.java
@ -200,7 +200,7 @@ public class ApiScenarioController {
    }

    @GetMapping("/scenario-details/{id}")
-    @RequiresPermissions(value ={PermissionConstants.PROJECT_API_SCENARIO_READ, PermissionConstants.PROJECT_API_DEFINITION_READ_EDIT_CASE}, logical = Logical.OR)
+    @RequiresPermissions(value = {PermissionConstants.PROJECT_API_SCENARIO_READ, PermissionConstants.PROJECT_API_DEFINITION_READ_EDIT_CASE}, logical = Logical.OR)
    public ApiScenarioDTO getScenarioDefinition(@PathVariable String id) {
        return apiAutomationService.getNewApiScenario(id);
    }
@ -398,7 +398,7 @@ public class ApiScenarioController {
    }

    @PostMapping(value = "/export/jmx")
-    @RequiresPermissions(value = {PermissionConstants.PROJECT_API_SCENARIO_READ_EXPORT_SCENARIO, PermissionConstants.PROJECT_API_SCENARIO_READ_CREATE_PERFORMANCE , PermissionConstants.PROJECT_API_SCENARIO_READ_CREATE_PERFORMANCE_BATCH}, logical = Logical.OR)
+    @RequiresPermissions(value = {PermissionConstants.PROJECT_API_SCENARIO_READ_EXPORT_SCENARIO, PermissionConstants.PROJECT_API_SCENARIO_READ_CREATE_PERFORMANCE, PermissionConstants.PROJECT_API_SCENARIO_READ_CREATE_PERFORMANCE_BATCH}, logical = Logical.OR)
    @MsAuditLog(module = OperLogModule.API_AUTOMATION, type = OperLogConstants.EXPORT, sourceId = "#request.id", title = "#request.name", project = "#request.projectId")
    public ScenarioToPerformanceInfoDTO exportJmx(@RequestBody ApiScenarioBatchRequest request) {
        return apiAutomationService.exportJmx(request);
@ -437,7 +437,7 @@ public class ApiScenarioController {

    @GetMapping("versions/{scenarioId}")
    public List<ApiScenarioDTO> getApiScenarioVersions(@PathVariable String scenarioId) {
-        apiAutomationService.checkOwner(scenarioId, SessionUtils.getCurrentProjectId());
+        apiAutomationService.checkOwner(scenarioId, SessionUtils.getUserId());
        return apiAutomationService.getApiScenarioVersions(scenarioId);
    }

--- a/api-test/backend/src/main/java/io/metersphere/service/scenario/ApiScenarioService.java
+++ b/api-test/backend/src/main/java/io/metersphere/service/scenario/ApiScenarioService.java
@ -19,7 +19,6 @@ import io.metersphere.api.parse.ApiImportParser;
 import io.metersphere.api.parse.scenario.ApiScenarioImportUtil;
 import io.metersphere.api.parse.scenario.ScenarioImport;
 import io.metersphere.api.parse.scenario.ScenarioImportParserFactory;
-import io.metersphere.base.domain.*;
 import io.metersphere.base.mapper.*;
 import io.metersphere.base.mapper.ext.*;
 import io.metersphere.base.mapper.plan.TestPlanApiScenarioMapper;
@ -1632,7 +1631,7 @@ public class ApiScenarioService {
    private List<ApiScenarioWithBLOBs> getExportResult(ApiScenarioBatchRequest request) {
        ServiceUtils.getSelectAllIds(request, request.getCondition(), (query) -> extApiScenarioMapper.selectIdsByQuery(query));
        List<ApiScenarioWithBLOBs> result = new ArrayList<>();
-        request.getIds().forEach( item-> {
+        request.getIds().forEach(item -> {
            result.add(this.getNewApiScenario(item));
        });
        return result;
@ -2196,12 +2195,12 @@ public class ApiScenarioService {
        return this.list(request);
    }

-    public void checkOwner(String scenarioId, String projectId) {
+    public void checkOwner(String scenarioId, String userId) {
        ApiScenarioWithBLOBs scenario = apiScenarioMapper.selectByPrimaryKey(scenarioId);
        if (scenario == null) {
            return;
        }
-        if (!extCheckOwnerMapper.checkoutOwner("api_scenario", projectId, List.of(scenarioId))) {
+        if (!extCheckOwnerMapper.checkoutOwner("api_scenario", userId, List.of(scenarioId))) {
            MSException.throwException(Translator.get("check_owner_case"));
        }

--- a/test-track/backend/src/main/java/io/metersphere/controller/TestPlanTestCaseController.java
+++ b/test-track/backend/src/main/java/io/metersphere/controller/TestPlanTestCaseController.java
@ -102,7 +102,7 @@ public class TestPlanTestCaseController {
    @GetMapping("/get/{caseId}")
    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_PLAN_READ)
    public TestPlanCaseDTO getTestPlanCases(@PathVariable String caseId) {
-        return testPlanTestCaseService.get(caseId, SessionUtils.getCurrentProjectId());
+        return testPlanTestCaseService.get(caseId, SessionUtils.getUserId());
    }

    @PostMapping("recent/{count}")
--- a/test-track/backend/src/main/java/io/metersphere/plan/service/TestPlanTestCaseService.java
+++ b/test-track/backend/src/main/java/io/metersphere/plan/service/TestPlanTestCaseService.java
@ -1,7 +1,6 @@
 package io.metersphere.plan.service;

 import com.github.pagehelper.PageHelper;
-import io.metersphere.base.domain.*;
 import io.metersphere.base.mapper.TestCaseMapper;
 import io.metersphere.base.mapper.TestCaseTestMapper;
 import io.metersphere.base.mapper.TestPlanMapper;
@ -44,6 +43,7 @@ import org.apache.commons.collections.CollectionUtils;
 import org.apache.commons.lang3.BooleanUtils;
 import org.apache.commons.lang3.ObjectUtils;
 import org.apache.commons.lang3.StringUtils;
+import org.apache.jmeter.testelement.TestPlan;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;

@ -309,9 +309,9 @@ public class TestPlanTestCaseService {
        request.setExecutor(user.getId());
    }

-    public TestPlanCaseDTO get(String id, String currentProjectId) {
+    public TestPlanCaseDTO get(String id, String userId) {
        TestPlanCaseDTO testPlanCaseDTO = extTestPlanTestCaseMapper.get(id);
-        checkPlanCaseOwner(testPlanCaseDTO.getCaseId(), currentProjectId);
+        checkPlanCaseOwner(testPlanCaseDTO.getCaseId(), userId);
        ServiceUtils.buildCustomNumInfo(testPlanCaseDTO);
        List<TestCaseTestDTO> testCaseTestDTOS = extTestPlanTestCaseMapper.listTestCaseTest(testPlanCaseDTO.getCaseId());
        testCaseTestDTOS.forEach(this::setTestName);
@ -668,8 +668,8 @@ public class TestPlanTestCaseService {
        return updateIsDel(caseIds, false);
    }

-    private void checkPlanCaseOwner(String caseId, String currentProjectId) {
-        boolean hasPermission = extCheckOwnerMapper.checkoutOwner("test_case", currentProjectId, List.of(caseId));
+    private void checkPlanCaseOwner(String caseId, String userId) {
+        boolean hasPermission = extCheckOwnerMapper.checkoutOwner("test_case", userId, List.of(caseId));
        if (!hasPermission) {
            MSException.throwException(Translator.get("check_owner_case"));
        }