From 6e0f17897e0b6c20cce83aa9fa4d31004a6988d7 Mon Sep 17 00:00:00 2001 From: AgAngle <1323481023@qq.com> Date: Mon, 6 May 2024 20:25:12 +0800 Subject: [PATCH] =?UTF-8?q?fix(=E6=B5=8B=E8=AF=95=E8=B7=9F=E8=B8=AA):=20?= =?UTF-8?q?=E8=A1=A5=E5=85=85=E9=A1=B9=E7=9B=AE=E6=8E=A5=E5=8F=A3=E6=9D=83?= =?UTF-8?q?=E9=99=90=E6=A0=A1=E9=AA=8C?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --bug=1040238 --user=陈建星 测试跟踪-测试用例相关接口越权处理 https://www.tapd.cn/55049933/s/1511860 --- .../controller/BaseProjectController.java | 1 + .../service/BaseProjectService.java | 19 +++++++++++++++---- 2 files changed, 16 insertions(+), 4 deletions(-) diff --git a/framework/sdk-parent/sdk/src/main/java/io/metersphere/controller/BaseProjectController.java b/framework/sdk-parent/sdk/src/main/java/io/metersphere/controller/BaseProjectController.java index e52aa6877d..29ff4c99a8 100644 --- a/framework/sdk-parent/sdk/src/main/java/io/metersphere/controller/BaseProjectController.java +++ b/framework/sdk-parent/sdk/src/main/java/io/metersphere/controller/BaseProjectController.java @@ -46,6 +46,7 @@ public class BaseProjectController { @GetMapping("/get/{id}") @RequiresPermissions(value = {PermissionConstants.WORKSPACE_PROJECT_MANAGER_READ, PermissionConstants.PROJECT_MANAGER_READ}, logical = Logical.OR) public Project getProject(@PathVariable String id) { + baseProjectService.checkProjectOwner(id, SessionUtils.getUser().getUserGroups()); return baseProjectService.getProjectById(id); } diff --git a/framework/sdk-parent/sdk/src/main/java/io/metersphere/service/BaseProjectService.java b/framework/sdk-parent/sdk/src/main/java/io/metersphere/service/BaseProjectService.java index de55d54d7a..05dd1d8947 100644 --- a/framework/sdk-parent/sdk/src/main/java/io/metersphere/service/BaseProjectService.java +++ b/framework/sdk-parent/sdk/src/main/java/io/metersphere/service/BaseProjectService.java @@ -4,10 +4,7 @@ import io.metersphere.base.domain.*; import io.metersphere.base.mapper.ProjectMapper; import io.metersphere.base.mapper.UserGroupMapper; import io.metersphere.base.mapper.UserMapper; -import io.metersphere.base.mapper.ext.BaseProjectMapper; -import io.metersphere.base.mapper.ext.BaseProjectVersionMapper; -import io.metersphere.base.mapper.ext.BaseUserGroupMapper; -import io.metersphere.base.mapper.ext.BaseUserMapper; +import io.metersphere.base.mapper.ext.*; import io.metersphere.commons.constants.ProjectApplicationType; import io.metersphere.commons.exception.MSException; import io.metersphere.commons.utils.FileUtils; @@ -241,6 +238,20 @@ public class BaseProjectService { return project; } + public void checkProjectOwner(String projectId, List userGroups) { + boolean hasPermission = false; + for (UserGroup userGroup : userGroups) { + // 校验是否有当前项目的用户组 + if (StringUtils.equals(userGroup.getSourceId(), projectId)) { + hasPermission = true; + break; + } + } + if (!hasPermission) { + MSException.throwException(Translator.get("check_owner_case")); + } + } + public List getByCaseTemplateId(String templateId) { ProjectExample example = new ProjectExample(); example.createCriteria().andCaseTemplateIdEqualTo(templateId);