test-version22
/
MeterSphere
mirror of https://gitee.com/fit2cloud-feizhiyun/MeterSphere.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

fix: 检查权限取消readonly的限制,改用checkowner

This commit is contained in:
Captain.B 2020-12-24 10:22:48 +08:00
parent 0b68685e0d
commit 7f80dfa3ec
2 changed files with 3 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
backend/src/main/java/io/metersphere/api/controller/ApiDefinitionController.java
View File

@ -44,21 +44,20 @@ public class ApiDefinitionController {
@PostMapping(value = "/create", consumes = {"multipart/form-data"}) @PostMapping(value = "/create", consumes = {"multipart/form-data"})
@RequiresRoles(value = {RoleConstants.TEST_MANAGER, RoleConstants.TEST_USER}, logical = Logical.OR) @RequiresRoles(value = {RoleConstants.TEST_MANAGER, RoleConstants.TEST_USER}, logical = Logical.OR)
public void create(@RequestPart("request") SaveApiDefinitionRequest request, @RequestPart(value = "files") List<MultipartFile> bodyFiles) { public void create(@RequestPart("request") SaveApiDefinitionRequest request, @RequestPart(value = "files") List<MultipartFile> bodyFiles) {
checkPermissionService.checkReadOnlyUser(); checkPermissionService.checkProjectOwner(request.getProjectId());
apiDefinitionService.create(request, bodyFiles); apiDefinitionService.create(request, bodyFiles);
} }
@PostMapping(value = "/update", consumes = {"multipart/form-data"}) @PostMapping(value = "/update", consumes = {"multipart/form-data"})
@RequiresRoles(value = {RoleConstants.TEST_MANAGER, RoleConstants.TEST_USER}, logical = Logical.OR) @RequiresRoles(value = {RoleConstants.TEST_MANAGER, RoleConstants.TEST_USER}, logical = Logical.OR)
public void update(@RequestPart("request") SaveApiDefinitionRequest request, @RequestPart(value = "files") List<MultipartFile> bodyFiles) { public void update(@RequestPart("request") SaveApiDefinitionRequest request, @RequestPart(value = "files") List<MultipartFile> bodyFiles) {
checkPermissionService.checkReadOnlyUser(); checkPermissionService.checkProjectOwner(request.getProjectId());
apiDefinitionService.update(request, bodyFiles); apiDefinitionService.update(request, bodyFiles);
} }
@GetMapping("/delete/{id}") @GetMapping("/delete/{id}")
@RequiresRoles(value = {RoleConstants.TEST_MANAGER, RoleConstants.TEST_USER}, logical = Logical.OR) @RequiresRoles(value = {RoleConstants.TEST_MANAGER, RoleConstants.TEST_USER}, logical = Logical.OR)
public void delete(@PathVariable String id) { public void delete(@PathVariable String id) {
checkPermissionService.checkReadOnlyUser();
apiDefinitionService.delete(id); apiDefinitionService.delete(id);
} }

4
backend/src/main/java/io/metersphere/performance/controller/PerformanceTestController.java
View File

@ -75,7 +75,7 @@ public class PerformanceTestController {
@RequestPart("request") SaveTestPlanRequest request, @RequestPart("request") SaveTestPlanRequest request,
@RequestPart(value = "file") List<MultipartFile> files @RequestPart(value = "file") List<MultipartFile> files
) { ) {
checkPermissionService.checkReadOnlyUser(); checkPermissionService.checkProjectOwner(request.getProjectId());
return performanceTestService.save(request, files); return performanceTestService.save(request, files);
} }
@ -84,7 +84,6 @@ public class PerformanceTestController {
@RequestPart("request") EditTestPlanRequest request, @RequestPart("request") EditTestPlanRequest request,
@RequestPart(value = "file", required = false) List<MultipartFile> files @RequestPart(value = "file", required = false) List<MultipartFile> files
) { ) {
checkPermissionService.checkReadOnlyUser();
checkPermissionService.checkPerformanceTestOwner(request.getId()); checkPermissionService.checkPerformanceTestOwner(request.getId());
return performanceTestService.edit(request, files); return performanceTestService.edit(request, files);
} }
@ -115,7 +114,6 @@ public class PerformanceTestController {
@PostMapping("/delete") @PostMapping("/delete")
public void delete(@RequestBody DeleteTestPlanRequest request) { public void delete(@RequestBody DeleteTestPlanRequest request) {
checkPermissionService.checkReadOnlyUser();
checkPermissionService.checkPerformanceTestOwner(request.getId()); checkPermissionService.checkPerformanceTestOwner(request.getId());
performanceTestService.delete(request); performanceTestService.delete(request);
} }