refactor(权限管理): 去掉requireroles 处理冲突

backend/src/main/java/io/metersphere/api/controller/APIReportController.java

@@ -21,7 +21,6 @@ import java.util.List;
 
 @RestController
 @RequestMapping(value = "/api/report")
-@RequiresRoles(value = {RoleConstants.TEST_MANAGER, RoleConstants.TEST_USER, RoleConstants.TEST_VIEWER}, logical = Logical.OR)
 public class APIReportController {
 
     @Resource
@@ -60,7 +59,6 @@ public class APIReportController {
     }
 
     @PostMapping("/delete")
-    @RequiresRoles(value = {RoleConstants.TEST_MANAGER, RoleConstants.TEST_USER}, logical = Logical.OR)
     public void delete(@RequestBody DeleteAPIReportRequest request) {
         apiReportService.delete(request);
     }
@@ -71,7 +69,6 @@ public class APIReportController {
     }
 
     @PostMapping("/batch/delete")
-    @RequiresRoles(value = {RoleConstants.TEST_MANAGER, RoleConstants.TEST_USER}, logical = Logical.OR)
     public void deleteAPIReportBatch(@RequestBody DeleteAPIReportRequest reportRequest) {
         apiReportService.deleteAPIReportBatch(reportRequest);
     }

backend/src/main/java/io/metersphere/api/controller/APIScenarioReportController.java

@@ -23,7 +23,6 @@ import java.util.List;
 
 @RestController
 @RequestMapping(value = "/api/scenario/report")
-@RequiresRoles(value = {RoleConstants.TEST_MANAGER, RoleConstants.TEST_USER, RoleConstants.TEST_VIEWER}, logical = Logical.OR)
 public class APIScenarioReportController {
 
     @Resource
@@ -42,7 +41,6 @@ public class APIScenarioReportController {
     }
 
     @PostMapping("/update")
-    @RequiresRoles(value = {RoleConstants.TEST_USER, RoleConstants.TEST_MANAGER}, logical = Logical.OR)
     public String update(@RequestBody APIScenarioReportResult node) {
         node.setExecuteType(ExecuteType.Saved.name());
         return apiReportService.update(node);

backend/src/main/java/io/metersphere/api/controller/APITestController.java

@@ -41,7 +41,6 @@ import static io.metersphere.commons.utils.JsonPathUtils.getListJson;
 
 @RestController
 @RequestMapping(value = "/api")
-@RequiresRoles(value = {RoleConstants.TEST_MANAGER, RoleConstants.TEST_USER, RoleConstants.TEST_VIEWER}, logical = Logical.OR)
 public class APITestController {
     @Resource
     private APITestService apiTestService;
@@ -159,7 +158,6 @@ public class APITestController {
     }
 
     @PostMapping(value = "/import", consumes = {"multipart/form-data"})
-    @RequiresRoles(value = {RoleConstants.TEST_USER, RoleConstants.TEST_MANAGER}, logical = Logical.OR)
     public ApiTest testCaseImport(@RequestPart(value = "file", required = false) MultipartFile file, @RequestPart("request") ApiTestImportRequest request) {
         return apiTestService.apiTestImport(file, request);
     }

backend/src/main/java/io/metersphere/api/controller/ApiDatabaseController.java

@@ -11,7 +11,7 @@ import javax.annotation.Resource;
 
 @RestController
 @RequestMapping(value = "/api/database")
-@RequiresRoles(value = {RoleConstants.TEST_MANAGER, RoleConstants.TEST_USER}, logical = Logical.OR)
+
 public class ApiDatabaseController {
 
     @Resource

backend/src/main/java/io/metersphere/api/controller/ApiModuleController.java

@@ -19,7 +19,6 @@ import java.util.List;
 
 @RequestMapping("/api/module")
 @RestController
-@RequiresRoles(value = {RoleConstants.ADMIN, RoleConstants.TEST_MANAGER, RoleConstants.TEST_USER, RoleConstants.TEST_VIEWER, RoleConstants.ORG_ADMIN}, logical = Logical.OR)
 public class ApiModuleController {
 
     @Resource
@@ -60,21 +59,18 @@ public class ApiModuleController {
     }
 
     @PostMapping("/add")
-    @RequiresRoles(value = {RoleConstants.TEST_USER, RoleConstants.TEST_MANAGER}, logical = Logical.OR)
     @MsAuditLog(module = "api_definition", type = OperLogConstants.CREATE, title = "#node.name", content = "#msClass.getLogDetails(#node)", msClass = ApiModuleService.class)
     public String addNode(@RequestBody ApiModule node) {
         return apiModuleService.addNode(node);
     }
 
     @PostMapping("/edit")
-    @RequiresRoles(value = {RoleConstants.TEST_USER, RoleConstants.TEST_MANAGER}, logical = Logical.OR)
     @MsAuditLog(module = "api_definition", type = OperLogConstants.UPDATE, beforeEvent = "#msClass.getLogDetails(#node)", title = "#node.name", content = "#msClass.getLogDetails(#node)", msClass = ApiModuleService.class)
     public int editNode(@RequestBody DragModuleRequest node) {
         return apiModuleService.editNode(node);
     }
 
     @PostMapping("/delete")
-    @RequiresRoles(value = {RoleConstants.TEST_USER, RoleConstants.TEST_MANAGER}, logical = Logical.OR)
     @MsAuditLog(module = "api_definition", type = OperLogConstants.DELETE, beforeEvent = "#msClass.getLogDetails(#nodeIds)", msClass = ApiModuleService.class)
     public int deleteNode(@RequestBody List<String> nodeIds) {
         //nodeIds 包含删除节点ID及其所有子节点ID
@@ -82,7 +78,6 @@ public class ApiModuleController {
     }
 
     @PostMapping("/drag")
-    @RequiresRoles(value = {RoleConstants.TEST_USER, RoleConstants.TEST_MANAGER}, logical = Logical.OR)
     @MsAuditLog(module = "api_definition", type = OperLogConstants.UPDATE, beforeEvent = "#msClass.getLogDetails(#node)", title = "#node.name", content = "#msClass.getLogDetails(#node)", msClass = ApiModuleService.class)
     public void dragNode(@RequestBody DragModuleRequest node) {
         apiModuleService.dragNode(node);

backend/src/main/java/io/metersphere/api/controller/ApiMonitorController.java

@@ -15,7 +15,6 @@ import java.util.List;
 
 @RestController
 @RequestMapping(value = "/api/monitor")
-@RequiresRoles(value = {RoleConstants.TEST_MANAGER, RoleConstants.TEST_USER, RoleConstants.TEST_VIEWER}, logical = Logical.OR)
 public class ApiMonitorController {
 
     @Resource

backend/src/main/java/io/metersphere/api/controller/ApiScenarioModuleController.java

@@ -17,7 +17,6 @@ import java.util.List;
 
 @RequestMapping("/api/automation/module")
 @RestController
-@RequiresRoles(value = {RoleConstants.ADMIN, RoleConstants.TEST_MANAGER, RoleConstants.TEST_USER, RoleConstants.TEST_VIEWER, RoleConstants.ORG_ADMIN}, logical = Logical.OR)
 public class ApiScenarioModuleController {
 
     @Resource
@@ -32,14 +31,12 @@ public class ApiScenarioModuleController {
     }
 
     @PostMapping("/add")
-    @RequiresRoles(value = {RoleConstants.TEST_USER, RoleConstants.TEST_MANAGER}, logical = Logical.OR)
     @MsAuditLog(module = "api_automation", type = OperLogConstants.CREATE, title = "#node.name", content = "#msClass.getLogDetails(#node)", msClass = ApiScenarioModuleService.class)
     public String addNode(@RequestBody ApiScenarioModule node) {
         return apiScenarioModuleService.addNode(node);
     }
 
     @PostMapping("/edit")
-    @RequiresRoles(value = {RoleConstants.TEST_USER, RoleConstants.TEST_MANAGER}, logical = Logical.OR)
     @MsAuditLog(module = "api_automation", type = OperLogConstants.UPDATE, beforeEvent = "#msClass.getLogDetails(#node)", title = "#node.name", content = "#msClass.getLogDetails(#node)", msClass = ApiScenarioModuleService.class)
     public int editNode(@RequestBody DragApiScenarioModuleRequest node) {
         return apiScenarioModuleService.editNode(node);
@@ -52,7 +49,6 @@ public class ApiScenarioModuleController {
     }
 
     @PostMapping("/delete")
-    @RequiresRoles(value = {RoleConstants.TEST_USER, RoleConstants.TEST_MANAGER}, logical = Logical.OR)
     @MsAuditLog(module = "api_automation", type = OperLogConstants.DELETE, beforeEvent = "#msClass.getLogDetails(#nodeIds)", msClass = ApiScenarioModuleService.class)
     public int deleteNode(@RequestBody List<String> nodeIds) {
         //nodeIds 包含删除节点ID及其所有子节点ID
@@ -60,7 +56,6 @@ public class ApiScenarioModuleController {
     }
 
     @PostMapping("/drag")
-    @RequiresRoles(value = {RoleConstants.TEST_USER, RoleConstants.TEST_MANAGER}, logical = Logical.OR)
     @MsAuditLog(module = "api_automation", type = OperLogConstants.UPDATE, beforeEvent = "#msClass.getLogDetails(#node)", title = "#node.name", content = "#msClass.getLogDetails(#node)", msClass = ApiScenarioModuleService.class)
     public void dragNode(@RequestBody DragApiScenarioModuleRequest node) {
         apiScenarioModuleService.dragNode(node);

backend/src/main/java/io/metersphere/api/controller/ApiTestCaseController.java

@@ -26,7 +26,6 @@ import java.util.Map;
 
 @RestController
 @RequestMapping(value = "/api/testcase")
-@RequiresRoles(value = {RoleConstants.TEST_MANAGER, RoleConstants.TEST_USER, RoleConstants.TEST_VIEWER}, logical = Logical.OR)
 public class ApiTestCaseController {
 
     @Resource
@@ -119,13 +118,11 @@ public class ApiTestCaseController {
     }
 
     @PostMapping("/batch/edit")
-    @RequiresRoles(value = {RoleConstants.TEST_USER, RoleConstants.TEST_MANAGER}, logical = Logical.OR)
     public void editApiBath(@RequestBody ApiCaseBatchRequest request) {
         apiTestCaseService.editApiBath(request);
     }
 
     @PostMapping("/batch/editByParam")
-    @RequiresRoles(value = {RoleConstants.TEST_USER, RoleConstants.TEST_MANAGER}, logical = Logical.OR)
     @MsAuditLog(module = "api_definition", type = OperLogConstants.BATCH_UPDATE, beforeEvent = "#msClass.getLogDetails(#request.ids)", content = "#msClass.getLogDetails(#request.ids)", msClass = ApiTestCaseService.class)
     public void editApiBathByParam(@RequestBody ApiTestBatchRequest request) {
         apiTestCaseService.editApiBathByParam(request);

backend/src/main/java/io/metersphere/api/controller/ApiTestEnvironmentController.java

@@ -24,7 +24,6 @@ import java.util.List;
 
 @RestController
 @RequestMapping(value = "/api/environment")
-@RequiresRoles(value = {RoleConstants.TEST_MANAGER, RoleConstants.TEST_USER, RoleConstants.TEST_VIEWER}, logical = Logical.OR)
 public class ApiTestEnvironmentController {
 
     @Resource
@@ -65,27 +64,23 @@ public class ApiTestEnvironmentController {
 
 
     @PostMapping(value = "/get/entry")
-    @RequiresRoles(value = {RoleConstants.TEST_MANAGER, RoleConstants.TEST_USER,}, logical = Logical.OR)
     public List<KeyStoreEntry> getEntry(@RequestPart("request") String password, @RequestPart(value = "file") MultipartFile sslFiles) {
         return commandService.get(password, sslFiles);
     }
 
     @PostMapping("/add")
-    @RequiresRoles(value = {RoleConstants.TEST_MANAGER, RoleConstants.TEST_USER,}, logical = Logical.OR)
     @MsAuditLog(module = "project_environment_setting", type = OperLogConstants.CREATE, content = "#msClass.getLogDetails(#apiTestEnvironmentWithBLOBs.id)", msClass = ApiTestEnvironmentService.class)
     public String create(@RequestPart("request") ApiTestEnvironmentDTO apiTestEnvironmentWithBLOBs, @RequestPart(value = "files") List<MultipartFile> sslFiles) {
         return apiTestEnvironmentService.add(apiTestEnvironmentWithBLOBs, sslFiles);
     }
 
     @PostMapping(value = "/update")
-    @RequiresRoles(value = {RoleConstants.TEST_MANAGER, RoleConstants.TEST_USER,}, logical = Logical.OR)
     @MsAuditLog(module = "project_environment_setting", type = OperLogConstants.UPDATE, beforeEvent = "#msClass.getLogDetails(#apiTestEnvironment.id)", content = "#msClass.getLogDetails(#apiTestEnvironment.id)", msClass = ApiTestEnvironmentService.class)
     public void update(@RequestPart("request") ApiTestEnvironmentDTO apiTestEnvironment, @RequestPart(value = "files") List<MultipartFile> sslFiles) {
         apiTestEnvironmentService.update(apiTestEnvironment, sslFiles);
     }
 
     @GetMapping("/delete/{id}")
-    @RequiresRoles(value = {RoleConstants.TEST_MANAGER, RoleConstants.TEST_USER,}, logical = Logical.OR)
     @MsAuditLog(module = "project_environment_setting", type = OperLogConstants.DELETE, beforeEvent = "#msClass.getLogDetails(#id)", msClass = ApiTestEnvironmentService.class)
     public void delete(@PathVariable String id) {
         apiTestEnvironmentService.delete(id);

backend/src/main/java/io/metersphere/controller/CustomFieldController.java

@@ -19,7 +19,7 @@ import java.util.List;
 
 @RequestMapping("custom/field")
 @RestController
-@RequiresRoles(value = {RoleConstants.TEST_USER, RoleConstants.TEST_MANAGER}, logical = Logical.OR)
+
 public class CustomFieldController {
 
     @Resource

backend/src/main/java/io/metersphere/controller/CustomFieldTemplateController.java

@@ -16,7 +16,7 @@ import java.util.List;
 
 @RestController
 @RequestMapping("custom/field/template")
-@RequiresRoles(value = {RoleConstants.TEST_USER, RoleConstants.TEST_MANAGER}, logical = Logical.OR)
+
 public class CustomFieldTemplateController {
 
     @Resource

backend/src/main/java/io/metersphere/controller/IssueTemplateController.java

@@ -21,7 +21,7 @@ import java.util.List;
 
 @RequestMapping("field/template/issue")
 @RestController
-@RequiresRoles(value = {RoleConstants.TEST_USER, RoleConstants.TEST_MANAGER}, logical = Logical.OR)
+
 public class IssueTemplateController {
     @Resource
     private IssueTemplateService issueTemplateService;

backend/src/main/java/io/metersphere/controller/JarConfigController.java

@@ -19,14 +19,14 @@ import java.util.List;
 
 @RestController
 @RequestMapping(value = "/jar")
-@RequiresRoles(value = {RoleConstants.TEST_MANAGER, RoleConstants.TEST_USER, RoleConstants.TEST_VIEWER}, logical = Logical.OR)
+
 public class JarConfigController {
 
     @Resource
     JarConfigService JarConfigService;
 
     @PostMapping("list/{goPage}/{pageSize}")
-    @RequiresRoles(RoleConstants.ORG_ADMIN)
+
     public Pager<List<JarConfig>> list(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody JarConfig request) {
         Page<Object> page = PageHelper.startPage(goPage, pageSize, true);
         return PageUtils.setPageInfo(page, JarConfigService.list(request));
@@ -48,21 +48,21 @@ public class JarConfigController {
     }
 
     @PostMapping(value = "/add", consumes = {"multipart/form-data"})
-    @RequiresRoles(value = {RoleConstants.TEST_MANAGER, RoleConstants.TEST_USER,}, logical = Logical.OR)
+
     @MsAuditLog(module = "project_project_jar", type = OperLogConstants.CREATE, content = "#msClass.getLogDetails(#request.id)", msClass = JarConfigService.class)
     public String add(@RequestPart("request") JarConfig request, @RequestPart(value = "file") MultipartFile file) {
         return JarConfigService.add(request, file);
     }
 
     @PostMapping(value = "/update", consumes = {"multipart/form-data"})
-    @RequiresRoles(value = {RoleConstants.TEST_MANAGER, RoleConstants.TEST_USER,}, logical = Logical.OR)
+
     @MsAuditLog(module = "project_project_jar", type = OperLogConstants.UPDATE, beforeEvent = "#msClass.getLogDetails(#request.id)", content = "#msClass.getLogDetails(#request.id)", msClass = JarConfigService.class)
     public void update(@RequestPart("request") JarConfig request, @RequestPart(value = "file", required = false) MultipartFile file) {
         JarConfigService.update(request, file);
     }
 
     @GetMapping("/delete/{id}")
-    @RequiresRoles(value = {RoleConstants.TEST_MANAGER, RoleConstants.TEST_USER,}, logical = Logical.OR)
+
     @MsAuditLog(module = "project_project_jar", type = OperLogConstants.DELETE, beforeEvent = "#msClass.getLogDetails(#id)", msClass = JarConfigService.class)
     public void delete(@PathVariable String id) {
         JarConfigService.delete(id);

backend/src/main/java/io/metersphere/controller/OrganizationController.java

@@ -31,7 +31,7 @@ public class OrganizationController {
     private UserService userService;
 
     @PostMapping("/add")
-    @RequiresRoles(RoleConstants.ADMIN)
+
     @MsAuditLog(module = "system_organization", type = OperLogConstants.CREATE, content = "#msClass.getLogDetails(#organization.id)", msClass = OrganizationService.class)
     public Organization addOrganization(@RequestBody Organization organization) {
         organization.setId(UUID.randomUUID().toString());
@@ -39,20 +39,20 @@ public class OrganizationController {
     }
 
     @GetMapping("/list")
-    @RequiresRoles(value = {RoleConstants.ADMIN, RoleConstants.ORG_ADMIN, RoleConstants.TEST_MANAGER}, logical = Logical.OR)
+
     public List<Organization> getOrganizationList() {
         return organizationService.getOrganizationList(new OrganizationRequest());
     }
 
     @PostMapping("/list/{goPage}/{pageSize}")
-    @RequiresRoles(value = {RoleConstants.ADMIN, RoleConstants.ORG_ADMIN}, logical = Logical.OR)
+
     public Pager<List<Organization>> getOrganizationList(@RequestBody OrganizationRequest request, @PathVariable int goPage, @PathVariable int pageSize) {
         Page<Object> page = PageHelper.startPage(goPage, pageSize, true);
         return PageUtils.setPageInfo(page, organizationService.getOrganizationList(request));
     }
 
     @GetMapping("/delete/{organizationId}")
-    @RequiresRoles(RoleConstants.ADMIN)
+
     @MsAuditLog(module = "system_organization", type = OperLogConstants.DELETE, beforeEvent = "#msClass.getLogDetails(#organizationId)", msClass = OrganizationService.class)
     public void deleteOrganization(@PathVariable(value = "organizationId") String organizationId) {
         userService.refreshSessionUser("organization", organizationId);
@@ -60,7 +60,7 @@ public class OrganizationController {
     }
 
     @PostMapping("/update")
-    @RequiresRoles(value = {RoleConstants.ADMIN, RoleConstants.ORG_ADMIN}, logical = Logical.OR)
+
     @MsAuditLog(module = "system_organization", type = OperLogConstants.UPDATE, beforeEvent = "#msClass.getLogDetails(#organization.id)", content = "#msClass.getLogDetails(#organization.id)", msClass = OrganizationService.class)
     public void updateOrganization(@RequestBody Organization organization) {
         organizationService.updateOrganization(organization);
@@ -72,8 +72,8 @@ public class OrganizationController {
     }
 
     @PostMapping("/member/update")
-    @RequiresRoles(value = {RoleConstants.ADMIN, RoleConstants.ORG_ADMIN}, logical = Logical.OR)
+
-    @MsAuditLog(module = "organization_member", type = OperLogConstants.UPDATE, beforeEvent = "#msClass.getLogDetails(#memberDTO)", content = "#msClass.getLogDetails(#memberDTO)", msClass = OrganizationService.class)
+    @MsAuditLog(module = "organization_member", type = OperLogConstants.UPDATE, beforeEvent = "#msClass.getLogDetails(#memberDTO.id)", content = "#msClass.getLogDetails(#memberDTO.id)", msClass = OrganizationService.class)
     public void updateOrgMember(@RequestBody OrganizationMemberDTO memberDTO) {
         organizationService.updateOrgMember(memberDTO);
     }

backend/src/main/java/io/metersphere/controller/ProjectController.java

@@ -53,7 +53,6 @@ public class ProjectController {
     }
 
     @GetMapping("/recent/{count}")
-    @RequiresRoles(value = {RoleConstants.TEST_MANAGER, RoleConstants.TEST_USER, RoleConstants.TEST_VIEWER}, logical = Logical.OR)
     public List<Project> recentProjects(@PathVariable int count) {
         String currentWorkspaceId = SessionUtils.getCurrentWorkspaceId();
         ProjectRequest request = new ProjectRequest();
@@ -69,7 +68,6 @@ public class ProjectController {
     }
 
     @PostMapping("/add")
-    @RequiresRoles(value = {RoleConstants.TEST_MANAGER, RoleConstants.TEST_USER,}, logical = Logical.OR)
     @MsAuditLog(module = "project_project_manager", type = OperLogConstants.CREATE, content = "#msClass.getLogDetails(#project.id)", msClass = ProjectService.class)
     public Project addProject(@RequestBody AddProjectRequest project, HttpServletRequest request) {
         Project returnModel = projectService.addProject(project);
@@ -93,7 +91,6 @@ public class ProjectController {
     }
 
     @GetMapping("/delete/{projectId}")
-    @RequiresRoles(value = {RoleConstants.TEST_MANAGER, RoleConstants.TEST_USER,}, logical = Logical.OR)
     @MsAuditLog(module = "project_project_manager", type = OperLogConstants.DELETE, beforeEvent = "#msClass.getLogDetails(#projectId)", msClass = ProjectService.class)
     public void deleteProject(@PathVariable(value = "projectId") String projectId) {
         checkPermissionService.checkProjectOwner(projectId);
@@ -101,7 +98,6 @@ public class ProjectController {
     }
 
     @PostMapping("/update")
-    @RequiresRoles(value = {RoleConstants.TEST_MANAGER, RoleConstants.TEST_USER,}, logical = Logical.OR)
     @MsAuditLog(module = "project_project_manager", type = OperLogConstants.UPDATE, beforeEvent = "#msClass.getLogDetails(#Project.id)", content = "#msClass.getLogDetails(#Project.id)", msClass = ProjectService.class)
     public void updateProject(@RequestBody Project Project) {
         projectService.updateProject(Project);

backend/src/main/java/io/metersphere/controller/ResourceController.java

@@ -14,13 +14,13 @@ import javax.annotation.Resource;
 
 @RestController
 @RequestMapping(value = "/resource")
-@RequiresRoles(value = {RoleConstants.TEST_MANAGER, RoleConstants.TEST_USER, RoleConstants.TEST_VIEWER}, logical = Logical.OR)
+
 public class ResourceController {
 
     @Resource
     ResourceService resourceService;
     @PostMapping(value = "/md/upload", consumes = {"multipart/form-data"})
-    @RequiresRoles(value = {RoleConstants.TEST_MANAGER, RoleConstants.TEST_USER,}, logical = Logical.OR)
+
     public void upload(@RequestPart(value = "request") MdUploadRequest request, @RequestPart(value = "file") MultipartFile file) {
         resourceService.mdUpload(request, file);
     }
@@ -31,7 +31,7 @@ public class ResourceController {
     }
 
     @GetMapping("/md/delete/{fileName}")
-    @RequiresRoles(value = {RoleConstants.TEST_MANAGER, RoleConstants.TEST_USER,}, logical = Logical.OR)
+
     public void delete(@PathVariable("fileName") String fileName) {
         resourceService.mdDelete(fileName);
     }

backend/src/main/java/io/metersphere/controller/RoleController.java

@@ -25,7 +25,7 @@ public class RoleController {
     }
 
     @GetMapping("/all")
-    @RequiresRoles(RoleConstants.ADMIN)
+
     public List<Role> getAllRole() {
         return roleService.getAllRole();
     }

backend/src/main/java/io/metersphere/controller/SystemParameterController.java

@@ -26,14 +26,12 @@ public class SystemParameterController {
     private SystemParameterService SystemParameterService;
 
     @PostMapping("/edit/email")
-    @RequiresRoles(value = {RoleConstants.ADMIN})
     @MsAuditLog(module = "system_parameter_setting", type = OperLogConstants.UPDATE, title = "邮件设置")
     public void editMail(@RequestBody List<SystemParameter> systemParameter) {
         SystemParameterService.editMail(systemParameter);
     }
 
     @PostMapping("/testConnection")
-    @RequiresRoles(value = {RoleConstants.ADMIN})
     public void testConnection(@RequestBody HashMap<String, String> hashMap) {
         SystemParameterService.testConnection(hashMap);
     }
@@ -49,7 +47,6 @@ public class SystemParameterController {
     }
 
     @GetMapping("/mail/info")
-    @RequiresRoles(value = {RoleConstants.ADMIN})
     public MailInfo mailInfo() {
         return SystemParameterService.mailInfo(ParamConstants.Classify.MAIL.getValue());
     }
@@ -65,21 +62,18 @@ public class SystemParameterController {
     }
 
     @PostMapping("/save/base")
-    @RequiresRoles(value = {RoleConstants.ADMIN})
     @MsAuditLog(module = "system_parameter_setting", type = OperLogConstants.UPDATE, title = "基本配置")
     public void saveBaseInfo(@RequestBody List<SystemParameter> systemParameter) {
         SystemParameterService.saveBaseInfo(systemParameter);
     }
 
     @PostMapping("/save/ldap")
-    @RequiresRoles(value = {RoleConstants.ADMIN})
     @MsAuditLog(module = "system_parameter_setting", type = OperLogConstants.UPDATE, title = "LDAP设置")
     public void saveLdap(@RequestBody List<SystemParameter> systemParameter) {
         SystemParameterService.saveLdap(systemParameter);
     }
 
     @GetMapping("/ldap/info")
-    @RequiresRoles(value = {RoleConstants.ADMIN})
     public LdapInfo getLdapInfo() {
         return SystemParameterService.getLdapInfo(ParamConstants.Classify.LDAP.getValue());
     }

backend/src/main/java/io/metersphere/controller/TestCaseTemplateController.java

@@ -22,7 +22,7 @@ import java.util.List;
 
 @RequestMapping("field/template/case")
 @RestController
-@RequiresRoles(value = {RoleConstants.TEST_USER, RoleConstants.TEST_MANAGER}, logical = Logical.OR)
+
 public class TestCaseTemplateController {
 
     @Resource
@@ -35,7 +35,7 @@ public class TestCaseTemplateController {
     }
 
     @PostMapping("/list/{goPage}/{pageSize}")
-    @RequiresRoles(value = {RoleConstants.TEST_USER, RoleConstants.TEST_MANAGER, RoleConstants.TEST_VIEWER}, logical = Logical.OR)
+
     public Pager<List<TestCaseTemplateWithBLOBs>> list(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody BaseQueryRequest request) {
         Page<List<TestCaseTemplateWithBLOBs>> page = PageHelper.startPage(goPage, pageSize, true);
         return PageUtils.setPageInfo(page, testCaseTemplateService.list(request));
@@ -54,13 +54,13 @@ public class TestCaseTemplateController {
     }
 
     @GetMapping("/option/{workspaceId}")
-    @RequiresRoles(value = {RoleConstants.TEST_USER, RoleConstants.TEST_MANAGER, RoleConstants.TEST_VIEWER}, logical = Logical.OR)
+
     public List<TestCaseTemplate> list(@PathVariable String workspaceId) {
         return testCaseTemplateService.getOption(workspaceId);
     }
 
     @GetMapping("/get/relate/{projectId}")
-    @RequiresRoles(value = {RoleConstants.TEST_USER, RoleConstants.TEST_MANAGER, RoleConstants.TEST_VIEWER}, logical = Logical.OR)
+
     public TestCaseTemplateDao getTemplate(@PathVariable String projectId) {
         return testCaseTemplateService.getTemplate(projectId);
     }

backend/src/main/java/io/metersphere/controller/TestResourcePoolController.java

@@ -20,7 +20,7 @@ import java.util.List;
 
 @RequestMapping("testresourcepool")
 @RestController
-@RequiresRoles(RoleConstants.ADMIN)
+
 public class TestResourcePoolController {
 
     @Resource
@@ -62,13 +62,13 @@ public class TestResourcePoolController {
     }
 
     @GetMapping("list/all/valid")
-    @RequiresRoles(value = {RoleConstants.TEST_MANAGER, RoleConstants.TEST_USER, RoleConstants.TEST_VIEWER}, logical = Logical.OR)
+
     public List<TestResourcePoolDTO> listValidResourcePools() {
         return testResourcePoolService.listValidResourcePools();
     }
 
     @GetMapping("list/quota/valid")
-    @RequiresRoles(value = {RoleConstants.TEST_MANAGER, RoleConstants.TEST_USER, RoleConstants.TEST_VIEWER}, logical = Logical.OR)
+
     public List<TestResourcePoolDTO> listValidQuotaResourcePools() {
         return testResourcePoolService.listValidQuotaResourcePools();
     }

backend/src/main/java/io/metersphere/controller/UserController.java

@@ -53,6 +53,8 @@ public class UserController {
     private CheckPermissionService checkPermissionService;
 
     @PostMapping("/special/add")
+
+    @MsAuditLog(module = "system_user", type = OperLogConstants.CREATE, content = "#msClass.getLogDetails(#user.id)", msClass = UserService.class)
     @RequiresRoles(RoleConstants.ADMIN)
     @MsAuditLog(module = "system_user", type = OperLogConstants.CREATE, content = "#msClass.getLogDetails(#user)", msClass = UserService.class)
     public UserDTO insertUser(@RequestBody UserRequest user) {
@@ -60,26 +62,26 @@ public class UserController {
     }
 
     @PostMapping("/special/list/{goPage}/{pageSize}")
-    @RequiresRoles(RoleConstants.ADMIN)
+
     public Pager<List<User>> getUserList(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody io.metersphere.controller.request.UserRequest request) {
         Page<Object> page = PageHelper.startPage(goPage, pageSize, true);
         return PageUtils.setPageInfo(page, userService.getUserListWithRequest(request));
     }
 
     @GetMapping("/special/user/role/{userId}")
-    @RequiresRoles(RoleConstants.ADMIN)
+
     public UserRoleDTO getUserRole(@PathVariable("userId") String userId) {
         return userService.getUserRole(userId);
     }
 
     @GetMapping("/special/user/group/{userId}")
-    @RequiresRoles(RoleConstants.ADMIN)
+
     public UserGroupPermissionDTO getUserGroup(@PathVariable("userId") String userId) {
         return userService.getUserGroup(userId);
     }
 
     @GetMapping("/special/delete/{userId}")
-    @RequiresRoles(RoleConstants.ADMIN)
+
     @MsAuditLog(module = "system_user", type = OperLogConstants.DELETE, beforeEvent = "#msClass.getLogDetails(#userId)", msClass = UserService.class)
     public void deleteUser(@PathVariable(value = "userId") String userId) {
         userService.deleteUser(userId);
@@ -88,69 +90,69 @@ public class UserController {
     }
 
     @PostMapping("/special/update")
-    @RequiresRoles(RoleConstants.ADMIN)
+
-    @MsAuditLog(module = "system_user", type = OperLogConstants.UPDATE, beforeEvent = "#msClass.getLogDetails(#user)", content = "#msClass.getLogDetails(#user)", msClass = UserService.class)
+    @MsAuditLog(module = "system_user", type = OperLogConstants.UPDATE, beforeEvent = "#msClass.getLogDetails(#user.id)", content = "#msClass.getLogDetails(#user.id)", msClass = UserService.class)
     public void updateUser(@RequestBody UserRequest user) {
         userService.updateUserRole(user);
     }
 
     @PostMapping("/special/update_status")
-    @RequiresRoles(RoleConstants.ADMIN)
+
     @MsAuditLog(module = "system_user", type = OperLogConstants.UPDATE, beforeEvent = "#msClass.getLogDetails(#user.id)", content = "#msClass.getLogDetails(#user.id)", msClass = UserService.class)
     public void updateStatus(@RequestBody User user) {
         userService.updateUser(user);
     }
 
     @PostMapping("/special/ws/member/list/{goPage}/{pageSize}")
-    @RequiresRoles(RoleConstants.ADMIN)
+
     public Pager<List<User>> getMemberListByAdmin(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody QueryMemberRequest request) {
         Page<Object> page = PageHelper.startPage(goPage, pageSize, true);
         return PageUtils.setPageInfo(page, userService.getMemberList(request));
     }
 
     @PostMapping("/special/ws/member/list/all")
-    @RequiresRoles(RoleConstants.ADMIN)
+
     public List<User> getMemberListByAdmin(@RequestBody QueryMemberRequest request) {
         return userService.getMemberList(request);
     }
 
     @PostMapping("/special/ws/member/add")
-    @RequiresRoles(RoleConstants.ADMIN)
+
     @MsAuditLog(module = "workspace_member", type = OperLogConstants.CREATE, content = "#msClass.getLogDetails(#request.id)", msClass = WorkspaceService.class)
     public void addMemberByAdmin(@RequestBody AddMemberRequest request) {
         userService.addMember(request);
     }
 
     @GetMapping("/special/ws/member/delete/{workspaceId}/{userId}")
-    @RequiresRoles(RoleConstants.ADMIN)
+
     @MsAuditLog(module = "workspace_member", type = OperLogConstants.DELETE, beforeEvent = "#msClass.getLogDetails(#userId)", msClass = UserService.class)
     public void deleteMemberByAdmin(@PathVariable String workspaceId, @PathVariable String userId) {
         userService.deleteMember(workspaceId, userId);
     }
 
     @PostMapping("/special/org/member/add")
-    @RequiresRoles(RoleConstants.ADMIN)
+
     @MsAuditLog(module = "organization_member", type = OperLogConstants.CREATE, content = "#msClass.getLogDetails(#request.id)", msClass = OrganizationService.class)
     public void addOrganizationMemberByAdmin(@RequestBody AddOrgMemberRequest request) {
         userService.addOrganizationMember(request);
     }
 
     @GetMapping("/special/org/member/delete/{organizationId}/{userId}")
-    @RequiresRoles(RoleConstants.ADMIN)
+
     @MsAuditLog(module = "organization_member", type = OperLogConstants.DELETE, beforeEvent = "#msClass.getLogDetails(#userId)", msClass = UserService.class)
     public void delOrganizationMemberByAdmin(@PathVariable String organizationId, @PathVariable String userId) {
         userService.delOrganizationMember(organizationId, userId);
     }
 
     @PostMapping("/special/org/member/list/{goPage}/{pageSize}")
-    @RequiresRoles(RoleConstants.ADMIN)
+
     public Pager<List<User>> getOrgMemberListByAdmin(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody QueryOrgMemberRequest request) {
         Page<Object> page = PageHelper.startPage(goPage, pageSize, true);
         return PageUtils.setPageInfo(page, userService.getOrgMemberList(request));
     }
 
     @PostMapping("/special/org/member/list/all")
-    @RequiresRoles(RoleConstants.ADMIN)
+
     public List<User> getOrgMemberListByAdmin(@RequestBody QueryOrgMemberRequest request) {
         return userService.getOrgMemberList(request);
     }
@@ -174,14 +176,12 @@ public class UserController {
     }
 
     @PostMapping("/switch/source/org/{sourceId}")
-    @RequiresRoles(value = {RoleConstants.ORG_ADMIN, RoleConstants.TEST_MANAGER, RoleConstants.TEST_VIEWER, RoleConstants.TEST_USER}, logical = Logical.OR)
     public UserDTO switchOrganization(@PathVariable(value = "sourceId") String sourceId) {
         userService.switchUserRole("organization", sourceId);
         return SessionUtils.getUser();
     }
 
     @PostMapping("/switch/source/ws/{sourceId}")
-    @RequiresRoles(value = {RoleConstants.TEST_MANAGER, RoleConstants.TEST_VIEWER, RoleConstants.TEST_USER}, logical = Logical.OR)
     public UserDTO switchWorkspace(@PathVariable(value = "sourceId") String sourceId) {
         userService.switchUserRole("workspace", sourceId);
         return SessionUtils.getUser();
@@ -205,8 +205,6 @@ public class UserController {
      * 获取工作空间成员用户
      */
     @PostMapping("/ws/member/list/{goPage}/{pageSize}")
-    @RequiresRoles(value = {RoleConstants.ORG_ADMIN, RoleConstants.TEST_MANAGER,
-            RoleConstants.TEST_USER, RoleConstants.TEST_VIEWER}, logical = Logical.OR)
     public Pager<List<User>> getMemberList(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody QueryMemberRequest request) {
         Page<Object> page = PageHelper.startPage(goPage, pageSize, true);
         return PageUtils.setPageInfo(page, userService.getMemberList(request));
@@ -222,8 +220,6 @@ public class UserController {
      * 获取工作空间成员用户 不分页
      */
     @PostMapping("/ws/member/list/all")
-    @RequiresRoles(value = {RoleConstants.ORG_ADMIN, RoleConstants.TEST_MANAGER,
-            RoleConstants.TEST_USER, RoleConstants.TEST_VIEWER}, logical = Logical.OR)
     public List<User> getMemberList(@RequestBody QueryMemberRequest request) {
         return userService.getMemberList(request);
     }
@@ -232,7 +228,6 @@ public class UserController {
      * 添加工作空间成员
      */
     @PostMapping("/ws/member/add")
-    @RequiresRoles(value = {RoleConstants.TEST_MANAGER, RoleConstants.ORG_ADMIN}, logical = Logical.OR)
     @MsAuditLog(module = "workspace_member", type = OperLogConstants.CREATE, title = "添加工作空间成员")
     public void addMember(@RequestBody AddMemberRequest request) {
         String wsId = request.getWorkspaceId();
@@ -251,7 +246,6 @@ public class UserController {
      * 删除工作空间成员
      */
     @GetMapping("/ws/member/delete/{workspaceId}/{userId}")
-    @RequiresRoles(value = {RoleConstants.TEST_MANAGER, RoleConstants.ORG_ADMIN}, logical = Logical.OR)
     @MsAuditLog(module = "workspace_member", type = OperLogConstants.DELETE, title = "删除工作空间成员")
     public void deleteMember(@PathVariable String workspaceId, @PathVariable String userId) {
 //        workspaceService.checkWorkspaceOwner(workspaceId);
@@ -277,8 +271,7 @@ public class UserController {
      * 添加组织成员
      */
     @PostMapping("/org/member/add")
-    @RequiresRoles(RoleConstants.ORG_ADMIN)
+    @MsAuditLog(module = "organization_member", type = OperLogConstants.CREATE, title = "添加组织成员")
-    @MsAuditLog(module = "organization_member", type = OperLogConstants.CREATE, title = "'添加组织成员-'+#request.userIds")
     public void addOrganizationMember(@RequestBody AddOrgMemberRequest request) {
         organizationService.checkOrgOwner(request.getOrganizationId());
         userService.addOrganizationMember(request);
@@ -288,7 +281,6 @@ public class UserController {
      * 删除组织成员
      */
     @GetMapping("/org/member/delete/{organizationId}/{userId}")
-    @RequiresRoles(RoleConstants.ORG_ADMIN)
     @MsAuditLog(module = "organization_member", type = OperLogConstants.DELETE, title = "删除组织成员")
     public void delOrganizationMember(@PathVariable String organizationId, @PathVariable String userId) {
         organizationService.checkOrgOwner(organizationId);
@@ -303,7 +295,7 @@ public class UserController {
      * 查询组织成员列表
      */
     @PostMapping("/org/member/list/{goPage}/{pageSize}")
-    @RequiresRoles(value = {RoleConstants.ORG_ADMIN, RoleConstants.TEST_MANAGER}, logical = Logical.OR)
+
     public Pager<List<User>> getOrgMemberList(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody QueryOrgMemberRequest request) {
         Page<Object> page = PageHelper.startPage(goPage, pageSize, true);
         return PageUtils.setPageInfo(page, userService.getOrgMemberList(request));
@@ -313,7 +305,7 @@ public class UserController {
      * 组织成员列表不分页
      */
     @PostMapping("/org/member/list/all")
-    @RequiresRoles(value = {RoleConstants.ORG_ADMIN, RoleConstants.TEST_MANAGER, RoleConstants.TEST_USER, RoleConstants.TEST_MANAGER}, logical = Logical.OR)
+
     public List<User> getOrgMemberList(@RequestBody QueryOrgMemberRequest request) {
         return userService.getOrgMemberList(request);
     }
@@ -343,33 +335,31 @@ public class UserController {
      * 获取工作空间成员用户 不分页
      */
     @PostMapping("/ws/member/tester/list")
-    @RequiresRoles(value = {RoleConstants.ORG_ADMIN, RoleConstants.TEST_MANAGER,
+
-            RoleConstants.TEST_USER, RoleConstants.TEST_VIEWER}, logical = Logical.OR)
     public List<User> getTestManagerAndTestUserList(@RequestBody QueryMemberRequest request) {
         return userService.getTestManagerAndTestUserList(request);
     }
 
     @GetMapping("/search/{condition}")
-    @RequiresRoles(value = {RoleConstants.ADMIN, RoleConstants.ORG_ADMIN, RoleConstants.TEST_MANAGER}, logical = Logical.OR)
+
     public List<User> searchUser(@PathVariable String condition) {
         return userService.searchUser(condition);
     }
 
     @GetMapping("/export/template")
-    @RequiresRoles(value = {RoleConstants.ADMIN, RoleConstants.ORG_ADMIN, RoleConstants.TEST_MANAGER}, logical = Logical.OR)
+
     public void testCaseTemplateExport(HttpServletResponse response) {
         userService.userTemplateExport(response);
     }
 
     @PostMapping("/import/{userId}")
-    @RequiresRoles(value = {RoleConstants.TEST_USER, RoleConstants.TEST_MANAGER}, logical = Logical.OR)
+
-    @MsAuditLog(module = "system_user", type = OperLogConstants.IMPORT)
+    public ExcelResponse testCaseImport(MultipartFile file, @PathVariable String userId) {
-    public ExcelResponse testCaseImport(MultipartFile file, @PathVariable String userId, HttpServletRequest request) {
+        return userService.userImport(file, userId);
-        return userService.userImport(file, userId,request);
     }
 
     @PostMapping("/special/batchProcessUserInfo")
-    @RequiresRoles(value = {RoleConstants.ADMIN, RoleConstants.ORG_ADMIN, RoleConstants.TEST_MANAGER})
+
     @MsAuditLog(module = "system_user", type = OperLogConstants.BATCH_UPDATE, beforeEvent = "#msClass.getLogDetails(#request)", content = "#msClass.getLogDetails(#request)", msClass = UserService.class)
     public String batchProcessUserInfo(@RequestBody UserBatchProcessRequest request) {
         String returnString = "success";

backend/src/main/java/io/metersphere/controller/UserKeysController.java

@@ -21,7 +21,7 @@ import java.util.List;
 
 @RestController
 @RequestMapping("user/key")
-@RequiresRoles(value = {RoleConstants.ADMIN, RoleConstants.TEST_MANAGER, RoleConstants.TEST_USER, RoleConstants.TEST_VIEWER, RoleConstants.ORG_ADMIN}, logical = Logical.OR)
+
 public class UserKeysController {
 
     @Resource

backend/src/main/java/io/metersphere/controller/UserRoleController.java

@@ -22,19 +22,19 @@ public class UserRoleController {
     private UserRoleService userRoleService;
 
     @GetMapping("/list/org/{orgId}/{userId}")
-    @RequiresRoles(value = {RoleConstants.ADMIN, RoleConstants.ORG_ADMIN}, logical = Logical.OR)
+
     public List<Role> getOrganizationMemberRoles(@PathVariable String orgId, @PathVariable String userId) {
         return userRoleService.getOrganizationMemberRoles(orgId, userId);
     }
 
     @GetMapping("/list/ws/{workspaceId}/{userId}")
-    @RequiresRoles(value = {RoleConstants.ADMIN, RoleConstants.ORG_ADMIN, RoleConstants.TEST_MANAGER}, logical = Logical.OR)
+
     public List<Role> getWorkspaceMemberRoles(@PathVariable String workspaceId, @PathVariable String userId) {
         return userRoleService.getWorkspaceMemberRoles(workspaceId, userId);
     }
 
     @GetMapping("/all/{userId}")
-    @RequiresRoles(RoleConstants.ADMIN)
+
     public List<Map<String, Object>> getUserRole(@PathVariable("userId") String userId) {
         return userRoleService.getUserRole(userId);
     }

backend/src/main/java/io/metersphere/controller/WorkspaceController.java

@@ -33,7 +33,7 @@ public class WorkspaceController {
     private UserService userService;
 
     @PostMapping("add")
-    @RequiresRoles(RoleConstants.ORG_ADMIN)
+
     @MsAuditLog(module = "system_workspace", type = OperLogConstants.CREATE, content = "#msClass.getLogDetails(#workspace.id)", msClass = WorkspaceService.class)
     public Workspace addWorkspace(@RequestBody Workspace workspace) {
         String currentOrganizationId = SessionUtils.getCurrentOrganizationId();
@@ -47,14 +47,14 @@ public class WorkspaceController {
     }
 
     @PostMapping("special/add")
-    @RequiresRoles(RoleConstants.ADMIN)
+
     @MsAuditLog(module = "system_workspace", type = OperLogConstants.CREATE, content = "#msClass.getLogDetails(#workspace.id)", msClass = WorkspaceService.class)
     public Workspace addWorkspaceByAdmin(@RequestBody Workspace workspace) {
         return workspaceService.addWorkspaceByAdmin(workspace);
     }
 
     @PostMapping("update")
-    @RequiresRoles(RoleConstants.ORG_ADMIN)
+
     @MsAuditLog(module = "system_workspace", type = OperLogConstants.UPDATE, beforeEvent = "#msClass.getLogDetails(#workspace.id)", content = "#msClass.getLogDetails(#workspace.id)", msClass = WorkspaceService.class)
     public Workspace updateWorkspace(@RequestBody Workspace workspace) {
 //        workspaceService.checkWorkspaceOwnerByOrgAdmin(workspace.getId());
@@ -62,14 +62,14 @@ public class WorkspaceController {
     }
 
     @PostMapping("special/update")
-    @RequiresRoles(RoleConstants.ADMIN)
+
     @MsAuditLog(module = "system_workspace", type = OperLogConstants.UPDATE, beforeEvent = "#msClass.getLogDetails(#workspace.id)", content = "#msClass.getLogDetails(#workspace.id)", msClass = WorkspaceService.class)
     public void updateWorkspaceByAdmin(@RequestBody Workspace workspace) {
         workspaceService.updateWorkspaceByAdmin(workspace);
     }
 
     @GetMapping("special/delete/{workspaceId}")
-    @RequiresRoles(RoleConstants.ADMIN)
+
     @MsAuditLog(module = "system_workspace", type = OperLogConstants.DELETE, beforeEvent = "#msClass.getLogDetails(#workspaceId)",  msClass = WorkspaceService.class)
     public void deleteWorkspaceByAdmin(@PathVariable String workspaceId) {
         userService.refreshSessionUser("workspace", workspaceId);
@@ -77,7 +77,7 @@ public class WorkspaceController {
     }
 
     @GetMapping("delete/{workspaceId}")
-    @RequiresRoles(RoleConstants.ORG_ADMIN)
+
     @MsAuditLog(module = "system_workspace", type = OperLogConstants.DELETE, beforeEvent = "#msClass.getLogDetails(#workspaceId)", msClass = WorkspaceService.class)
     public void deleteWorkspace(@PathVariable String workspaceId) {
 //        workspaceService.checkWorkspaceOwnerByOrgAdmin(workspaceId);
@@ -86,7 +86,7 @@ public class WorkspaceController {
     }
 
     @PostMapping("list/{goPage}/{pageSize}")
-    @RequiresRoles(RoleConstants.ORG_ADMIN)
+
     public Pager<List<Workspace>> getWorkspaceList(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody WorkspaceRequest request) {
         request.setOrganizationId(SessionUtils.getCurrentOrganizationId());
         Page<Object> page = PageHelper.startPage(goPage, pageSize, true);
@@ -94,7 +94,7 @@ public class WorkspaceController {
     }
 
     @PostMapping("list/all/{goPage}/{pageSize}")
-    @RequiresRoles(RoleConstants.ADMIN)
+
     public Pager<List<WorkspaceDTO>> getAllWorkspaceList(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody WorkspaceRequest request) {
         Page<Object> page = PageHelper.startPage(goPage, pageSize, true);
         return PageUtils.setPageInfo(page, workspaceService.getAllWorkspaceList(request));
@@ -112,8 +112,8 @@ public class WorkspaceController {
     }
 
     @PostMapping("/member/update")
-    @RequiresRoles(value = {RoleConstants.ADMIN, RoleConstants.ORG_ADMIN, RoleConstants.TEST_MANAGER}, logical = Logical.OR)
+
-    @MsAuditLog(module = "workspace_member", type = OperLogConstants.UPDATE, beforeEvent = "#msClass.getLogDetails(#memberDTO)", content = "#msClass.getLogDetails(#memberDTO)", msClass = WorkspaceService.class)
+    @MsAuditLog(module = "workspace_member", type = OperLogConstants.UPDATE, title = "#memberDTO.name")
     public void updateOrgMember(@RequestBody WorkspaceMemberDTO memberDTO) {
         workspaceService.updateWorkspaceMember(memberDTO);
     }

backend/src/main/java/io/metersphere/log/controller/OperatingLogController.java

@@ -18,7 +18,7 @@ import java.util.List;
 
 @RestController
 @RequestMapping(value = "/operating/log")
-@RequiresRoles(value = {RoleConstants.TEST_MANAGER, RoleConstants.TEST_USER, RoleConstants.TEST_VIEWER}, logical = Logical.OR)
+
 public class OperatingLogController {
     @Resource
     private OperatingLogService operatingLogService;

backend/src/main/java/io/metersphere/track/controller/TestCaseCommentController.java

@@ -1,13 +1,10 @@
 package io.metersphere.track.controller;
 
 import io.metersphere.commons.constants.OperLogConstants;
-import io.metersphere.commons.constants.RoleConstants;
 import io.metersphere.log.annotation.MsAuditLog;
 import io.metersphere.track.dto.TestCaseCommentDTO;
 import io.metersphere.track.request.testreview.SaveCommentRequest;
 import io.metersphere.track.service.TestCaseCommentService;
-import org.apache.shiro.authz.annotation.Logical;
-import org.apache.shiro.authz.annotation.RequiresRoles;
 import org.springframework.web.bind.annotation.*;
 
 import javax.annotation.Resource;
@@ -34,7 +31,6 @@ public class TestCaseCommentController {
     }
 
     @GetMapping("/delete/{commentId}")
-    @RequiresRoles(value = {RoleConstants.TEST_USER, RoleConstants.TEST_MANAGER}, logical = Logical.OR)
     @MsAuditLog(module = "track_test_case_review", type = OperLogConstants.DELETE, beforeEvent = "#msClass.getLogDetails(#commentId)", msClass = TestCaseCommentService.class)
     public void deleteComment(@PathVariable String commentId) {
         testCaseCommentService.delete(commentId);

backend/src/main/java/io/metersphere/track/controller/TestCaseController.java

@@ -38,7 +38,7 @@ import java.util.UUID;
 
 @RequestMapping("/test/case")
 @RestController
-@RequiresRoles(value = {RoleConstants.ADMIN, RoleConstants.TEST_MANAGER, RoleConstants.TEST_USER, RoleConstants.TEST_VIEWER, RoleConstants.ORG_ADMIN}, logical = Logical.OR)
+
 public class TestCaseController {
 
     @Resource
@@ -127,7 +127,7 @@ public class TestCaseController {
     }
 
     @PostMapping(value = "/add", consumes = {"multipart/form-data"})
-    @RequiresRoles(value = {RoleConstants.TEST_USER, RoleConstants.TEST_MANAGER}, logical = Logical.OR)
+
     @MsAuditLog(module = "track_test_case", type = OperLogConstants.CREATE, title = "#request.name", content = "#msClass.getLogDetails(#request.id)", msClass = TestCaseService.class)
     public String addTestCase(@RequestPart("request") EditTestCaseRequest request, @RequestPart(value = "file") List<MultipartFile> files) {
         request.setId(UUID.randomUUID().toString());
@@ -135,21 +135,21 @@ public class TestCaseController {
     }
 
     @PostMapping(value = "/edit", consumes = {"multipart/form-data"})
-    @RequiresRoles(value = {RoleConstants.TEST_USER, RoleConstants.TEST_MANAGER}, logical = Logical.OR)
+
     @MsAuditLog(module = "track_test_case", type = OperLogConstants.UPDATE, beforeEvent = "#msClass.getLogDetails(#request.id)", title = "#request.name", content = "#msClass.getLogDetails(#request.id)", msClass = TestCaseService.class)
     public String editTestCase(@RequestPart("request") EditTestCaseRequest request, @RequestPart(value = "file") List<MultipartFile> files) {
         return testCaseService.edit(request, files);
     }
 
     @PostMapping(value = "/edit/testPlan", consumes = {"multipart/form-data"})
-    @RequiresRoles(value = {RoleConstants.TEST_USER, RoleConstants.TEST_MANAGER}, logical = Logical.OR)
+
     @MsAuditLog(module = "track_test_case", type = OperLogConstants.UPDATE, beforeEvent = "#msClass.getLogBeforeDetails(#request.id)", title = "#request.name", content = "#msClass.getLogDetails(#request.id)", msClass = TestCaseService.class)
     public String editTestCaseByTestPlan(@RequestPart("request") EditTestCaseRequest request, @RequestPart(value = "file") List<MultipartFile> files) {
         return testCaseService.editTestCase(request, files);
     }
 
     @PostMapping("/delete/{testCaseId}")
-    @RequiresRoles(value = {RoleConstants.TEST_USER, RoleConstants.TEST_MANAGER}, logical = Logical.OR)
+
     @MsAuditLog(module = "track_test_case", type = OperLogConstants.DELETE, beforeEvent = "#msClass.getLogDetails(#testCaseId)", msClass = TestCaseService.class)
     public int deleteTestCase(@PathVariable String testCaseId) {
         checkPermissionService.checkTestCaseOwner(testCaseId);
@@ -157,7 +157,7 @@ public class TestCaseController {
     }
 
     @PostMapping("/import/{projectId}/{userId}")
-    @RequiresRoles(value = {RoleConstants.TEST_USER, RoleConstants.TEST_MANAGER}, logical = Logical.OR)
+
     @MsAuditLog(module = "track_test_case", type = OperLogConstants.IMPORT, project = "#projectId")
     public ExcelResponse testCaseImport(MultipartFile file, @PathVariable String projectId, @PathVariable String userId, HttpServletRequest request) {
         checkPermissionService.checkProjectOwner(projectId);
@@ -165,7 +165,7 @@ public class TestCaseController {
     }
 
     @PostMapping("/importIgnoreError/{projectId}/{userId}")
-    @RequiresRoles(value = {RoleConstants.TEST_USER, RoleConstants.TEST_MANAGER}, logical = Logical.OR)
+
     @MsAuditLog(module = "track_test_case", type = OperLogConstants.IMPORT, project = "#projectId")
     public ExcelResponse testCaseImportIgnoreError(MultipartFile file, @PathVariable String projectId, @PathVariable String userId, HttpServletRequest request) {
         checkPermissionService.checkProjectOwner(projectId);
@@ -173,33 +173,33 @@ public class TestCaseController {
     }
 
     @GetMapping("/export/template")
-    @RequiresRoles(value = {RoleConstants.TEST_USER, RoleConstants.TEST_MANAGER}, logical = Logical.OR)
+
     public void testCaseTemplateExport(HttpServletResponse response) {
         testCaseService.testCaseTemplateExport(response);
     }
 
     @GetMapping("/export/xmindTemplate")
-    @RequiresRoles(value = {RoleConstants.TEST_USER, RoleConstants.TEST_MANAGER}, logical = Logical.OR)
+
     public void xmindTemplate(HttpServletResponse response) {
         testCaseService.testCaseXmindTemplateExport(response);
     }
 
     @PostMapping("/export/testcase")
-    @RequiresRoles(value = {RoleConstants.TEST_USER, RoleConstants.TEST_MANAGER}, logical = Logical.OR)
+
     @MsAuditLog(module = "track_test_case", type = OperLogConstants.EXPORT, sourceId = "#request.id", title = "#request.name", project = "#request.projectId")
     public void testCaseExport(HttpServletResponse response, @RequestBody TestCaseBatchRequest request) {
         testCaseService.testCaseExport(response, request);
     }
 
     @PostMapping("/batch/edit")
-    @RequiresRoles(value = {RoleConstants.TEST_USER, RoleConstants.TEST_MANAGER}, logical = Logical.OR)
+
     @MsAuditLog(module = "track_test_case", type = OperLogConstants.BATCH_UPDATE, beforeEvent = "#msClass.getLogDetails(#request.ids)", content = "#msClass.getLogDetails(#request.ids)", msClass = TestCaseService.class)
     public void editTestCaseBath(@RequestBody TestCaseBatchRequest request) {
         testCaseService.editTestCaseBath(request);
     }
 
     @PostMapping("/batch/delete")
-    @RequiresRoles(value = {RoleConstants.TEST_USER, RoleConstants.TEST_MANAGER}, logical = Logical.OR)
+
     @MsAuditLog(module = "track_test_case", type = OperLogConstants.BATCH_DEL, beforeEvent = "#msClass.getLogDetails(#request.ids)", msClass = TestCaseService.class)
     public void deleteTestCaseBath(@RequestBody TestCaseBatchRequest request) {
         testCaseService.deleteTestCaseBath(request);
@@ -236,7 +236,7 @@ public class TestCaseController {
     }
 
     @PostMapping("/minder/edit")
-    @RequiresRoles(value = {RoleConstants.TEST_USER, RoleConstants.TEST_MANAGER}, logical = Logical.OR)
+
     @MsAuditLog(module = "track_test_case", type = OperLogConstants.BATCH_UPDATE, project = "#request.projectId", beforeEvent = "#msClass.getLogDetails(#request.ids)", content = "#msClass.getLogDetails(#request.ids)", msClass = TestCaseService.class)
     public void minderEdit(@RequestBody TestCaseMinderEditRequest request) {
         testCaseService.minderEdit(request);

backend/src/main/java/io/metersphere/track/controller/TestCaseNodeController.java

@@ -19,7 +19,6 @@ import java.util.List;
 
 @RequestMapping("/case/node")
 @RestController
-@RequiresRoles(value = {RoleConstants.ADMIN, RoleConstants.TEST_MANAGER, RoleConstants.TEST_USER, RoleConstants.TEST_VIEWER, RoleConstants.ORG_ADMIN}, logical = Logical.OR)
 public class TestCaseNodeController {
 
     @Resource
@@ -72,21 +71,18 @@ public class TestCaseNodeController {
     }
 
     @PostMapping("/add")
-    @RequiresRoles(value = {RoleConstants.TEST_USER, RoleConstants.TEST_MANAGER}, logical = Logical.OR)
     @MsAuditLog(module = "track_test_case", type = OperLogConstants.CREATE, title = "#node.name", content = "#msClass.getLogDetails(#node)", msClass = TestCaseNodeService.class)
     public String addNode(@RequestBody TestCaseNode node) {
         return testCaseNodeService.addNode(node);
     }
 
     @PostMapping("/edit")
-    @RequiresRoles(value = {RoleConstants.TEST_USER, RoleConstants.TEST_MANAGER}, logical = Logical.OR)
     @MsAuditLog(module = "track_test_case", type = OperLogConstants.UPDATE, beforeEvent = "#msClass.getLogDetails(#node)", title = "#node.name", content = "#msClass.getLogDetails(#node)", msClass = TestCaseNodeService.class)
     public int editNode(@RequestBody DragNodeRequest node) {
         return testCaseNodeService.editNode(node);
     }
 
     @PostMapping("/delete")
-    @RequiresRoles(value = {RoleConstants.TEST_USER, RoleConstants.TEST_MANAGER}, logical = Logical.OR)
     @MsAuditLog(module = "track_test_case", type = OperLogConstants.DELETE, beforeEvent = "#msClass.getLogDetails(#nodeIds)", msClass = TestCaseNodeService.class)
     public int deleteNode(@RequestBody List<String> nodeIds) {
         //nodeIds 包含删除节点ID及其所有子节点ID
@@ -94,7 +90,6 @@ public class TestCaseNodeController {
     }
 
     @PostMapping("/drag")
-    @RequiresRoles(value = {RoleConstants.TEST_USER, RoleConstants.TEST_MANAGER}, logical = Logical.OR)
     @MsAuditLog(module = "track_test_case", type = OperLogConstants.UPDATE, beforeEvent = "#msClass.getLogDetails(#node)", title = "#node.name", content = "#msClass.getLogDetails(#node)", msClass = TestCaseNodeService.class)
     public void dragNode(@RequestBody DragNodeRequest node) {
         testCaseNodeService.dragNode(node);

backend/src/main/java/io/metersphere/track/controller/TestCaseReportController.java

@@ -32,7 +32,7 @@ public class TestCaseReportController {
     }
 
     @PostMapping("/add")
-    @RequiresRoles(value = {RoleConstants.TEST_USER, RoleConstants.TEST_MANAGER}, logical = Logical.OR)
+
     @MsAuditLog(module = "track_test_plan", type = OperLogConstants.CREATE, content = "#msClass.getLogDetails(#request.id)", msClass = TestCaseReportService.class)
     public String addByTemplateId(@RequestBody CreateReportRequest request) {
         request.setId(UUID.randomUUID().toString());
@@ -40,14 +40,14 @@ public class TestCaseReportController {
     }
 
     @PostMapping("/edit")
-    @RequiresRoles(value = {RoleConstants.TEST_USER, RoleConstants.TEST_MANAGER}, logical = Logical.OR)
+
     @MsAuditLog(module = "track_test_case_review", type = OperLogConstants.UPDATE, beforeEvent = "#msClass.getLogDetails(#TestCaseReport.id)", content = "#msClass.getLogDetails(#TestCaseReport.id)", msClass = TestCaseReportService.class)
     public void edit(@RequestBody TestCaseReport TestCaseReport) {
         testCaseReportService.editTestCaseReport(TestCaseReport);
     }
 
     @PostMapping("/delete/{id}")
-    @RequiresRoles(value = {RoleConstants.TEST_USER, RoleConstants.TEST_MANAGER}, logical = Logical.OR)
+
     @MsAuditLog(module = "track_test_plan", type = OperLogConstants.DELETE, beforeEvent = "#msClass.getLogDetails(#id)", msClass = TestCaseReportService.class)
     public int delete(@PathVariable String id) {
         return testCaseReportService.deleteTestCaseReport(id);

backend/src/main/java/io/metersphere/track/controller/TestCaseReportTemplateController.java

@@ -31,21 +31,21 @@ public class TestCaseReportTemplateController {
     }
 
     @PostMapping("/add")
-    @RequiresRoles(value = {RoleConstants.TEST_USER, RoleConstants.TEST_MANAGER}, logical = Logical.OR)
+
     @MsAuditLog(module = "workspace_template_settings", type = OperLogConstants.CREATE, title = "#testCaseReportTemplate.name",sourceId = "#testCaseReportTemplate.id")
     public void add(@RequestBody TestCaseReportTemplate testCaseReportTemplate) {
         testCaseReportTemplateService.addTestCaseReportTemplate(testCaseReportTemplate);
     }
 
     @PostMapping("/edit")
-    @RequiresRoles(value = {RoleConstants.TEST_USER, RoleConstants.TEST_MANAGER}, logical = Logical.OR)
+
     @MsAuditLog(module = "workspace_template_settings", type = OperLogConstants.UPDATE, title = "#testCaseReportTemplate.name",sourceId = "#testCaseReportTemplate.id")
     public void edit(@RequestBody TestCaseReportTemplate testCaseReportTemplate) {
         testCaseReportTemplateService.editTestCaseReportTemplate(testCaseReportTemplate);
     }
 
     @PostMapping("/delete/{id}")
-    @RequiresRoles(value = {RoleConstants.TEST_USER, RoleConstants.TEST_MANAGER}, logical = Logical.OR)
+
     @MsAuditLog(module = "workspace_template_settings", type = OperLogConstants.DELETE, beforeEvent = "#msClass.getLogDetails(#id)", msClass = TestCaseReportTemplateService.class)
     public int delete(@PathVariable String id) {
         return testCaseReportTemplateService.deleteTestCaseReportTemplate(id);

backend/src/main/java/io/metersphere/track/controller/TestCaseReviewApiCaseController.java

@@ -37,19 +37,19 @@ public class TestCaseReviewApiCaseController {
     }
 
     @GetMapping("/delete/{id}")
-    @RequiresRoles(value = {RoleConstants.TEST_USER, RoleConstants.TEST_MANAGER}, logical = Logical.OR)
+
     public int deleteTestCase(@PathVariable String id) {
         return testCaseReviewApiCaseService.delete(id);
     }
 
     @PostMapping("/batch/delete")
-    @RequiresRoles(value = {RoleConstants.TEST_USER, RoleConstants.TEST_MANAGER}, logical = Logical.OR)
+
     public void deleteApiCaseBath(@RequestBody TestReviewApiCaseBatchRequest request) {
         testCaseReviewApiCaseService.deleteApiCaseBath(request);
     }
 
     @PostMapping("/batch/update/env")
-    @RequiresRoles(value = {RoleConstants.TEST_USER, RoleConstants.TEST_MANAGER}, logical = Logical.OR)
+
     public void batchUpdateEnv(@RequestBody TestPlanApiCaseBatchRequest request) {
         testCaseReviewApiCaseService.batchUpdateEnv(request);
     }

backend/src/main/java/io/metersphere/track/controller/TestCaseReviewController.java

@@ -30,7 +30,7 @@ import java.util.UUID;
 
 @RequestMapping("/test/case/review")
 @RestController
-@RequiresRoles(value = {RoleConstants.TEST_MANAGER, RoleConstants.TEST_USER, RoleConstants.TEST_VIEWER}, logical = Logical.OR)
+
 public class TestCaseReviewController {
 
     @Resource
@@ -47,7 +47,7 @@ public class TestCaseReviewController {
     }
 
     @PostMapping("/save")
-    @RequiresRoles(value = {RoleConstants.TEST_USER, RoleConstants.TEST_MANAGER}, logical = Logical.OR)
+
     @MsAuditLog(module = "track_test_case_review", type = OperLogConstants.CREATE, title = "#reviewRequest.name", content = "#msClass.getLogDetails(#reviewRequest.id)", msClass = TestCaseReviewService.class)
     public String saveCaseReview(@RequestBody SaveTestCaseReviewRequest reviewRequest) {
         reviewRequest.setId(UUID.randomUUID().toString());
@@ -72,14 +72,14 @@ public class TestCaseReviewController {
     }
 
     @PostMapping("/edit")
-    @RequiresRoles(value = {RoleConstants.TEST_USER, RoleConstants.TEST_MANAGER}, logical = Logical.OR)
+
     @MsAuditLog(module = "track_test_case_review", type = OperLogConstants.UPDATE, beforeEvent = "#msClass.getLogDetails(#testCaseReview.id)", title = "#testCaseReview.name", content = "#msClass.getLogDetails(#testCaseReview.id)", msClass = TestCaseReviewService.class)
     public String editCaseReview(@RequestBody SaveTestCaseReviewRequest testCaseReview) {
         return testCaseReviewService.editCaseReview(testCaseReview);
     }
 
     @GetMapping("/delete/{reviewId}")
-    @RequiresRoles(value = {RoleConstants.TEST_USER, RoleConstants.TEST_MANAGER}, logical = Logical.OR)
+
     @MsAuditLog(module = "track_test_case_review", type = OperLogConstants.DELETE, beforeEvent = "#msClass.getLogDetails(#reviewId)", msClass = TestCaseReviewService.class)
     public void deleteCaseReview(@PathVariable String reviewId) {
         checkPermissionService.checkTestReviewOwner(reviewId);
@@ -120,7 +120,7 @@ public class TestCaseReviewController {
     }
 
     @PostMapping("/edit/status/{reviewId}")
-    @RequiresRoles(value = {RoleConstants.TEST_USER, RoleConstants.TEST_MANAGER}, logical = Logical.OR)
+
     public void editTestPlanStatus(@PathVariable String reviewId) {
         checkPermissionService.checkTestReviewOwner(reviewId);
         testCaseReviewService.editTestReviewStatus(reviewId);

backend/src/main/java/io/metersphere/track/controller/TestCaseReviewScenarioCaseController.java

@@ -38,13 +38,13 @@ public class TestCaseReviewScenarioCaseController {
     }
 
     @GetMapping("/delete/{id}")
-    @RequiresRoles(value = {RoleConstants.TEST_USER, RoleConstants.TEST_MANAGER}, logical = Logical.OR)
+
     public int deleteTestCase(@PathVariable String id) {
         return testCaseReviewScenarioCaseService.delete(id);
     }
 
     @PostMapping("/batch/delete")
-    @RequiresRoles(value = {RoleConstants.TEST_USER, RoleConstants.TEST_MANAGER}, logical = Logical.OR)
+
     public void deleteApiCaseBath(@RequestBody TestPlanApiCaseBatchRequest request) {
         testCaseReviewScenarioCaseService.deleteApiCaseBath(request);
     }
@@ -56,7 +56,7 @@ public class TestCaseReviewScenarioCaseController {
     }
 
     @PostMapping("/batch/update/env")
-    @RequiresRoles(value = {RoleConstants.TEST_USER, RoleConstants.TEST_MANAGER}, logical = Logical.OR)
+
     public void batchUpdateEnv(@RequestBody RelevanceScenarioRequest request) {
         testCaseReviewScenarioCaseService.batchUpdateEnv(request);
     }

backend/src/main/java/io/metersphere/track/controller/TestPlanApiCaseController.java

@@ -44,21 +44,21 @@ public class TestPlanApiCaseController {
     }
 
     @GetMapping("/delete/{id}")
-    @RequiresRoles(value = {RoleConstants.TEST_USER, RoleConstants.TEST_MANAGER}, logical = Logical.OR)
+
     @MsAuditLog(module = "track_test_case_review", type = OperLogConstants.UN_ASSOCIATE_CASE, beforeEvent = "#msClass.getLogDetails(#id)", msClass = TestPlanApiCaseService.class)
     public int deleteTestCase(@PathVariable String id) {
         return testPlanApiCaseService.delete(id);
     }
 
     @PostMapping("/batch/delete")
-    @RequiresRoles(value = {RoleConstants.TEST_USER, RoleConstants.TEST_MANAGER}, logical = Logical.OR)
+
     @MsAuditLog(module = "track_test_plan", type = OperLogConstants.UN_ASSOCIATE_CASE, beforeEvent = "#msClass.getLogDetails(#request.ids)", msClass = TestPlanApiCaseService.class)
     public void deleteApiCaseBath(@RequestBody TestPlanApiCaseBatchRequest request) {
         testPlanApiCaseService.deleteApiCaseBath(request);
     }
 
     @PostMapping("/batch/update/env")
-    @RequiresRoles(value = {RoleConstants.TEST_USER, RoleConstants.TEST_MANAGER}, logical = Logical.OR)
+
     @MsAuditLog(module = "track_test_plan", type = OperLogConstants.BATCH_UPDATE, beforeEvent = "#msClass.batchLogDetails(#request.ids)", content = "#msClass.getLogDetails(#request.ids)", msClass = TestPlanApiCaseService.class)
     public void batchUpdateEnv(@RequestBody TestPlanApiCaseBatchRequest request) {
         testPlanApiCaseService.batchUpdateEnv(request);

backend/src/main/java/io/metersphere/track/controller/TestPlanController.java

@@ -86,7 +86,7 @@ public class TestPlanController {
     }
 
     @PostMapping("/add")
-    @RequiresRoles(value = {RoleConstants.TEST_USER, RoleConstants.TEST_MANAGER}, logical = Logical.OR)
+
     @MsAuditLog(module = "track_test_plan", type = OperLogConstants.CREATE, title = "#testPlan.name", content = "#msClass.getLogDetails(#testPlan.id)", msClass = TestPlanService.class)
     public String addTestPlan(@RequestBody AddTestPlanRequest testPlan) {
         testPlan.setId(UUID.randomUUID().toString());
@@ -95,14 +95,14 @@ public class TestPlanController {
     }
 
     @PostMapping("/edit")
-    @RequiresRoles(value = {RoleConstants.TEST_USER, RoleConstants.TEST_MANAGER}, logical = Logical.OR)
+
     @MsAuditLog(module = "track_test_plan", type = OperLogConstants.UPDATE, beforeEvent = "#msClass.getLogDetails(#testPlanDTO.id)", content = "#msClass.getLogDetails(#testPlanDTO.id)", msClass = TestPlanService.class)
     public String editTestPlan(@RequestBody TestPlanDTO testPlanDTO) {
         return testPlanService.editTestPlan(testPlanDTO, true);
     }
 
     @PostMapping("/edit/status/{planId}")
-    @RequiresRoles(value = {RoleConstants.TEST_USER, RoleConstants.TEST_MANAGER}, logical = Logical.OR)
+
     @MsAuditLog(module = "track_test_plan", type = OperLogConstants.UPDATE, beforeEvent = "#msClass.getLogDetails(#planId)", content = "#msClass.getLogDetails(#planId)", msClass = TestPlanService.class)
     public void editTestPlanStatus(@PathVariable String planId) {
         checkPermissionService.checkTestPlanOwner(planId);
@@ -110,7 +110,7 @@ public class TestPlanController {
     }
 
     @PostMapping("/delete/{testPlanId}")
-    @RequiresRoles(value = {RoleConstants.TEST_USER, RoleConstants.TEST_MANAGER}, logical = Logical.OR)
+
     @MsAuditLog(module = "track_test_plan", type = OperLogConstants.DELETE, beforeEvent = "#msClass.getLogDetails(#testPlanId)", msClass = TestPlanService.class)
     public int deleteTestPlan(@PathVariable String testPlanId) {
         checkPermissionService.checkTestPlanOwner(testPlanId);

backend/src/main/java/io/metersphere/track/controller/TestPlanScenarioCaseController.java

@@ -46,14 +46,14 @@ public class TestPlanScenarioCaseController {
     }
 
     @GetMapping("/delete/{id}")
-    @RequiresRoles(value = {RoleConstants.TEST_USER, RoleConstants.TEST_MANAGER}, logical = Logical.OR)
+
     @MsAuditLog(module = "track_test_case_review", type = OperLogConstants.UN_ASSOCIATE_CASE, beforeEvent = "#msClass.getLogDetails(#id)", msClass = TestPlanScenarioCaseService.class)
     public int deleteTestCase(@PathVariable String id) {
         return testPlanScenarioCaseService.delete(id);
     }
 
     @PostMapping("/batch/delete")
-    @RequiresRoles(value = {RoleConstants.TEST_USER, RoleConstants.TEST_MANAGER}, logical = Logical.OR)
+
     @MsAuditLog(module = "track_test_plan", type = OperLogConstants.UN_ASSOCIATE_CASE, beforeEvent = "#msClass.getLogDetails(#request.ids)", msClass = TestPlanScenarioCaseService.class)
     public void deleteApiCaseBath(@RequestBody TestPlanScenarioCaseBatchRequest request) {
         testPlanScenarioCaseService.deleteApiCaseBath(request);
@@ -76,7 +76,7 @@ public class TestPlanScenarioCaseController {
     }
 
     @PostMapping("/batch/update/env")
-    @RequiresRoles(value = {RoleConstants.TEST_USER, RoleConstants.TEST_MANAGER}, logical = Logical.OR)
+
     @MsAuditLog(module = "track_test_plan", type = OperLogConstants.BATCH_UPDATE, beforeEvent = "#msClass.batchLogDetails(#request.ids)", content = "#msClass.getLogDetails(#request.ids)", msClass = TestPlanScenarioCaseService.class)
     public void batchUpdateEnv(@RequestBody RelevanceScenarioRequest request) {
         testPlanScenarioCaseService.batchUpdateEnv(request);

backend/src/main/java/io/metersphere/track/controller/TestPlanTestCaseController.java

@@ -106,35 +106,35 @@ public class TestPlanTestCaseController {
     }
 
     @PostMapping("/edit")
-    @RequiresRoles(value = {RoleConstants.TEST_USER, RoleConstants.TEST_MANAGER}, logical = Logical.OR)
+
     @MsAuditLog(module = "track_test_case_review", type = OperLogConstants.UPDATE, content = "#msClass.getLogDetails(#testPlanTestCase.id)", msClass = TestPlanTestCaseService.class)
     public void editTestCase(@RequestBody TestPlanTestCaseWithBLOBs testPlanTestCase) {
         testPlanTestCaseService.editTestCase(testPlanTestCase);
     }
 
     @PostMapping("/minder/edit")
-    @RequiresRoles(value = {RoleConstants.TEST_USER, RoleConstants.TEST_MANAGER}, logical = Logical.OR)
+
     @MsAuditLog(module = "track_test_plan", type = OperLogConstants.ASSOCIATE_CASE, content = "#msClass.getCaseLogDetails(#testPlanTestCases)", msClass = TestPlanTestCaseService.class)
     public void editTestCaseForMinder(@RequestBody List<TestPlanTestCaseWithBLOBs> testPlanTestCases) {
         testPlanTestCaseService.editTestCaseForMinder(testPlanTestCases);
     }
 
     @PostMapping("/batch/edit")
-    @RequiresRoles(value = {RoleConstants.TEST_USER, RoleConstants.TEST_MANAGER}, logical = Logical.OR)
+
     @MsAuditLog(module = "track_test_plan", type = OperLogConstants.BATCH_UPDATE, beforeEvent = "#msClass.batchLogDetails(#request.ids)", content = "#msClass.getLogDetails(#request.ids)", msClass = TestPlanTestCaseService.class)
     public void editTestCaseBath(@RequestBody TestPlanCaseBatchRequest request) {
         testPlanTestCaseService.editTestCaseBath(request);
     }
 
     @PostMapping("/batch/delete")
-    @RequiresRoles(value = {RoleConstants.TEST_USER, RoleConstants.TEST_MANAGER}, logical = Logical.OR)
+
     @MsAuditLog(module = "track_test_plan", type = OperLogConstants.UN_ASSOCIATE_CASE, beforeEvent = "#msClass.getLogDetails(#request.ids)", msClass = TestPlanTestCaseService.class)
     public void deleteTestCaseBath(@RequestBody TestPlanCaseBatchRequest request) {
         testPlanTestCaseService.deleteTestCaseBath(request);
     }
 
     @PostMapping("/delete/{id}")
-    @RequiresRoles(value = {RoleConstants.TEST_USER, RoleConstants.TEST_MANAGER}, logical = Logical.OR)
+
     @MsAuditLog(module = "track_test_plan", type = OperLogConstants.UN_ASSOCIATE_CASE, beforeEvent = "#msClass.getLogDetails(#id)", msClass = TestPlanTestCaseService.class)
     public int deleteTestCase(@PathVariable String id) {
         return testPlanTestCaseService.deleteTestCase(id);

backend/src/main/java/io/metersphere/track/controller/TestReviewTestCaseController.java

@@ -34,28 +34,28 @@ public class TestReviewTestCaseController {
     }
 
     @PostMapping("/delete")
-    @RequiresRoles(value = {RoleConstants.TEST_USER, RoleConstants.TEST_MANAGER}, logical = Logical.OR)
+
     @MsAuditLog(module = "track_test_case_review", type = OperLogConstants.UN_ASSOCIATE_CASE, beforeEvent = "#msClass.getLogDetails(#request)", msClass = TestReviewTestCaseService.class)
     public int deleteTestCase(@RequestBody DeleteRelevanceRequest request) {
         return testReviewTestCaseService.deleteTestCase(request);
     }
 
     @PostMapping("/batch/delete")
-    @RequiresRoles(value = {RoleConstants.TEST_USER, RoleConstants.TEST_MANAGER}, logical = Logical.OR)
+
     @MsAuditLog(module = "track_test_case_review", type = OperLogConstants.UN_ASSOCIATE_CASE, beforeEvent = "#msClass.getLogDetails(#request)", msClass = TestReviewTestCaseService.class)
     public void deleteTestCaseBatch(@RequestBody TestReviewCaseBatchRequest request) {
         testReviewTestCaseService.deleteTestCaseBatch(request);
     }
 
     @PostMapping("/batch/edit/status")
-    @RequiresRoles(value = {RoleConstants.TEST_USER, RoleConstants.TEST_MANAGER}, logical = Logical.OR)
+
     @MsAuditLog(module = "track_test_case_review", type = OperLogConstants.BATCH_UPDATE, beforeEvent = "#msClass.batchLogDetails(#request)", content = "#msClass.getLogDetails(#request)", msClass = TestReviewTestCaseService.class)
     public void editTestCaseBatch(@RequestBody TestReviewCaseBatchRequest request) {
         testReviewTestCaseService.editTestCaseBatchStatus(request);
     }
 
     @PostMapping("/minder/edit")
-    @RequiresRoles(value = {RoleConstants.TEST_USER, RoleConstants.TEST_MANAGER}, logical = Logical.OR)
+
     @MsAuditLog(module = "track_test_case_review", type = OperLogConstants.ASSOCIATE_CASE, content = "#msClass.getLogDetails(#testCases)", msClass = TestReviewTestCaseService.class)
     public void editTestCaseForMinder(@RequestBody List<TestCaseReviewTestCase> testCases) {
         testReviewTestCaseService.editTestCaseForMinder(testCases);
@@ -67,20 +67,20 @@ public class TestReviewTestCaseController {
     }
 
     @PostMapping("/edit")
-    @RequiresRoles(value = {RoleConstants.TEST_USER, RoleConstants.TEST_MANAGER}, logical = Logical.OR)
+
     @MsAuditLog(module = "track_test_case_review", type = OperLogConstants.REVIEW, content = "#msClass.getLogDetails(#testCaseReviewTestCase)", msClass = TestReviewTestCaseService.class)
     public void editTestCase(@RequestBody TestCaseReviewTestCase testCaseReviewTestCase) {
         testReviewTestCaseService.editTestCase(testCaseReviewTestCase);
     }
 
     @GetMapping("/get/{reviewId}")
-    @RequiresRoles(value = {RoleConstants.TEST_USER, RoleConstants.TEST_MANAGER, RoleConstants.TEST_VIEWER}, logical = Logical.OR)
+
     public TestReviewCaseDTO get(@PathVariable String reviewId) {
         return testReviewTestCaseService.get(reviewId);
     }
 
     @PostMapping("/list/ids")
-    @RequiresRoles(value = {RoleConstants.TEST_USER, RoleConstants.TEST_MANAGER, RoleConstants.TEST_VIEWER}, logical = Logical.OR)
+
     public List<TestReviewCaseDTO> getTestReviewCaseList(@RequestBody QueryCaseReviewRequest request) {
         return testReviewTestCaseService.getTestCaseReviewDTOList(request);
     }

backend/src/main/java/io/metersphere/track/controller/TrackController.java

@@ -22,7 +22,7 @@ import java.util.List;
 
 @RestController
 @RequestMapping("/track")
-@RequiresRoles(value = {RoleConstants.ADMIN, RoleConstants.TEST_MANAGER, RoleConstants.TEST_USER, RoleConstants.TEST_VIEWER, RoleConstants.ORG_ADMIN}, logical = Logical.OR)
+
 public class TrackController {
 
     @Resource

backend/src/main/java/io/metersphere/xpack

@@ -1 +1 @@
-Subproject commit 2cd34f2f9588672a8c3a3f6c4a74bcbdcad49ac8
+Subproject commit 9925f59ecdaed93a4365d83f8473d6788a233c4b