refactor(权限管理): 测试跟踪权限

backend/src/main/java/io/metersphere/track/controller/TestCaseCommentController.java

@@ -5,6 +5,7 @@ import io.metersphere.log.annotation.MsAuditLog;
 import io.metersphere.track.dto.TestCaseCommentDTO;
 import io.metersphere.track.request.testreview.SaveCommentRequest;
 import io.metersphere.track.service.TestCaseCommentService;
+import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.springframework.web.bind.annotation.*;
 
 import javax.annotation.Resource;
@@ -19,6 +20,7 @@ public class TestCaseCommentController {
     private TestCaseCommentService testCaseCommentService;
 
     @PostMapping("/save")
+    @RequiresPermissions("PROJECT_TRACK_REVIEW:READ+COMMENT")
     @MsAuditLog(module = "track_test_case_review", type = OperLogConstants.CREATE, content = "#msClass.getLogDetails(#request.id)", msClass = TestCaseCommentService.class)
     public void saveComment(@RequestBody SaveCommentRequest request) {
         request.setId(UUID.randomUUID().toString());
@@ -31,12 +33,14 @@ public class TestCaseCommentController {
     }
 
     @GetMapping("/delete/{commentId}")
+    @RequiresPermissions("PROJECT_TRACK_REVIEW:READ+COMMENT")
     @MsAuditLog(module = "track_test_case_review", type = OperLogConstants.DELETE, beforeEvent = "#msClass.getLogDetails(#commentId)", msClass = TestCaseCommentService.class)
     public void deleteComment(@PathVariable String commentId) {
         testCaseCommentService.delete(commentId);
     }
 
     @PostMapping("/edit")
+    @RequiresPermissions("PROJECT_TRACK_REVIEW:READ+COMMENT")
     @MsAuditLog(module = "track_test_case_review", type = OperLogConstants.UPDATE, beforeEvent = "#msClass.getLogDetails(#request.id)", content = "#msClass.getLogDetails(#request.id)", msClass = TestCaseCommentService.class)
     public void editComment(@RequestBody SaveCommentRequest request) {
         testCaseCommentService.edit(request);

backend/src/main/java/io/metersphere/track/controller/TestCaseController.java

@@ -7,7 +7,6 @@ import io.metersphere.base.domain.Project;
 import io.metersphere.base.domain.TestCase;
 import io.metersphere.base.domain.TestCaseWithBLOBs;
 import io.metersphere.commons.constants.OperLogConstants;
-import io.metersphere.commons.constants.RoleConstants;
 import io.metersphere.commons.utils.PageUtils;
 import io.metersphere.commons.utils.Pager;
 import io.metersphere.commons.utils.SessionUtils;
@@ -22,8 +21,7 @@ import io.metersphere.track.request.testcase.TestCaseBatchRequest;
 import io.metersphere.track.request.testcase.TestCaseMinderEditRequest;
 import io.metersphere.track.request.testplan.FileOperationRequest;
 import io.metersphere.track.service.TestCaseService;
-import org.apache.shiro.authz.annotation.Logical;
+import org.apache.shiro.authz.annotation.RequiresPermissions;
-import org.apache.shiro.authz.annotation.RequiresRoles;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
@@ -38,7 +36,6 @@ import java.util.UUID;
 
 @RequestMapping("/test/case")
 @RestController
-
 public class TestCaseController {
 
     @Resource
@@ -49,12 +46,14 @@ public class TestCaseController {
     private FileService fileService;
 
     @PostMapping("/list/{goPage}/{pageSize}")
+    @RequiresPermissions("PROJECT_TRACK_CASE:READ")
     public Pager<List<TestCaseDTO>> list(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody QueryTestCaseRequest request) {
         Page<Object> page = PageHelper.startPage(goPage, pageSize, true);
         return PageUtils.setPageInfo(page, testCaseService.listTestCase(request));
     }
 
     @GetMapping("/list/{projectId}")
+    @RequiresPermissions("PROJECT_TRACK_CASE:READ")
     public List<TestCaseDTO> list(@PathVariable String projectId) {
         checkPermissionService.checkProjectOwner(projectId);
         QueryTestCaseRequest request = new QueryTestCaseRequest();
@@ -127,7 +126,7 @@ public class TestCaseController {
     }
 
     @PostMapping(value = "/add", consumes = {"multipart/form-data"})
-
+    @RequiresPermissions("PROJECT_TRACK_CASE:READ+CREATE")
     @MsAuditLog(module = "track_test_case", type = OperLogConstants.CREATE, title = "#request.name", content = "#msClass.getLogDetails(#request.id)", msClass = TestCaseService.class)
     public String addTestCase(@RequestPart("request") EditTestCaseRequest request, @RequestPart(value = "file") List<MultipartFile> files) {
         request.setId(UUID.randomUUID().toString());
@@ -165,7 +164,7 @@ public class TestCaseController {
     }
 
     @PostMapping("/importIgnoreError/{projectId}/{userId}")
-
+    @RequiresPermissions("PROJECT_TRACK_CASE:READ+IMPORT")
     @MsAuditLog(module = "track_test_case", type = OperLogConstants.IMPORT, project = "#projectId")
     public ExcelResponse testCaseImportIgnoreError(MultipartFile file, @PathVariable String projectId, @PathVariable String userId, HttpServletRequest request) {
         checkPermissionService.checkProjectOwner(projectId);
@@ -173,33 +172,33 @@ public class TestCaseController {
     }
 
     @GetMapping("/export/template")
-
+    @RequiresPermissions("PROJECT_TRACK_CASE:READ+EXPORT")
     public void testCaseTemplateExport(HttpServletResponse response) {
         testCaseService.testCaseTemplateExport(response);
     }
 
     @GetMapping("/export/xmindTemplate")
-
+    @RequiresPermissions("PROJECT_TRACK_CASE:READ+EXPORT")
     public void xmindTemplate(HttpServletResponse response) {
         testCaseService.testCaseXmindTemplateExport(response);
     }
 
     @PostMapping("/export/testcase")
-
+    @RequiresPermissions("PROJECT_TRACK_CASE:READ+EXPORT")
     @MsAuditLog(module = "track_test_case", type = OperLogConstants.EXPORT, sourceId = "#request.id", title = "#request.name", project = "#request.projectId")
     public void testCaseExport(HttpServletResponse response, @RequestBody TestCaseBatchRequest request) {
         testCaseService.testCaseExport(response, request);
     }
 
     @PostMapping("/batch/edit")
-
+    @RequiresPermissions("PROJECT_TRACK_CASE:READ+EDIT")
     @MsAuditLog(module = "track_test_case", type = OperLogConstants.BATCH_UPDATE, beforeEvent = "#msClass.getLogDetails(#request.ids)", content = "#msClass.getLogDetails(#request.ids)", msClass = TestCaseService.class)
     public void editTestCaseBath(@RequestBody TestCaseBatchRequest request) {
         testCaseService.editTestCaseBath(request);
     }
 
     @PostMapping("/batch/delete")
-
+    @RequiresPermissions("PROJECT_TRACK_CASE:READ+DELETE")
     @MsAuditLog(module = "track_test_case", type = OperLogConstants.BATCH_DEL, beforeEvent = "#msClass.getLogDetails(#request.ids)", msClass = TestCaseService.class)
     public void deleteTestCaseBath(@RequestBody TestCaseBatchRequest request) {
         testCaseService.deleteTestCaseBath(request);
@@ -236,7 +235,7 @@ public class TestCaseController {
     }
 
     @PostMapping("/minder/edit")
-
+    @RequiresPermissions("PROJECT_TRACK_CASE:READ+EDIT")
     @MsAuditLog(module = "track_test_case", type = OperLogConstants.BATCH_UPDATE, project = "#request.projectId", beforeEvent = "#msClass.getLogDetails(#request.ids)", content = "#msClass.getLogDetails(#request.ids)", msClass = TestCaseService.class)
     public void minderEdit(@RequestBody TestCaseMinderEditRequest request) {
         testCaseService.minderEdit(request);

backend/src/main/java/io/metersphere/track/controller/TestCaseReportController.java

@@ -2,12 +2,9 @@ package io.metersphere.track.controller;
 
 import io.metersphere.base.domain.TestCaseReport;
 import io.metersphere.commons.constants.OperLogConstants;
-import io.metersphere.commons.constants.RoleConstants;
 import io.metersphere.log.annotation.MsAuditLog;
 import io.metersphere.track.request.testCaseReport.CreateReportRequest;
 import io.metersphere.track.service.TestCaseReportService;
-import org.apache.shiro.authz.annotation.Logical;
-import org.apache.shiro.authz.annotation.RequiresRoles;
 import org.springframework.web.bind.annotation.*;
 
 import javax.annotation.Resource;
@@ -32,7 +29,6 @@ public class TestCaseReportController {
     }
 
     @PostMapping("/add")
-
     @MsAuditLog(module = "track_test_plan", type = OperLogConstants.CREATE, content = "#msClass.getLogDetails(#request.id)", msClass = TestCaseReportService.class)
     public String addByTemplateId(@RequestBody CreateReportRequest request) {
         request.setId(UUID.randomUUID().toString());
@@ -40,14 +36,12 @@ public class TestCaseReportController {
     }
 
     @PostMapping("/edit")
-
     @MsAuditLog(module = "track_test_case_review", type = OperLogConstants.UPDATE, beforeEvent = "#msClass.getLogDetails(#TestCaseReport.id)", content = "#msClass.getLogDetails(#TestCaseReport.id)", msClass = TestCaseReportService.class)
     public void edit(@RequestBody TestCaseReport TestCaseReport) {
         testCaseReportService.editTestCaseReport(TestCaseReport);
     }
 
     @PostMapping("/delete/{id}")
-
     @MsAuditLog(module = "track_test_plan", type = OperLogConstants.DELETE, beforeEvent = "#msClass.getLogDetails(#id)", msClass = TestCaseReportService.class)
     public int delete(@PathVariable String id) {
         return testCaseReportService.deleteTestCaseReport(id);

backend/src/main/java/io/metersphere/track/controller/TestCaseReviewApiCaseController.java

@@ -5,15 +5,13 @@ import com.github.pagehelper.PageHelper;
 import io.metersphere.api.dto.definition.ApiTestCaseDTO;
 import io.metersphere.api.dto.definition.ApiTestCaseRequest;
 import io.metersphere.api.dto.definition.TestPlanApiCaseDTO;
-import io.metersphere.commons.constants.RoleConstants;
 import io.metersphere.commons.utils.PageUtils;
 import io.metersphere.commons.utils.Pager;
 import io.metersphere.commons.utils.SessionUtils;
 import io.metersphere.track.request.testcase.TestPlanApiCaseBatchRequest;
 import io.metersphere.track.request.testreview.TestReviewApiCaseBatchRequest;
 import io.metersphere.track.service.TestCaseReviewApiCaseService;
-import org.apache.shiro.authz.annotation.Logical;
+import org.apache.shiro.authz.annotation.RequiresPermissions;
-import org.apache.shiro.authz.annotation.RequiresRoles;
 import org.springframework.web.bind.annotation.*;
 
 import javax.annotation.Resource;
@@ -24,12 +22,15 @@ import java.util.List;
 public class TestCaseReviewApiCaseController {
     @Resource
     private TestCaseReviewApiCaseService testCaseReviewApiCaseService;
+
     @PostMapping("/list/{goPage}/{pageSize}")
     public Pager<List<TestPlanApiCaseDTO>> list(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody ApiTestCaseRequest request) {
         Page<Object> page = PageHelper.startPage(goPage, pageSize, true);
         return PageUtils.setPageInfo(page, testCaseReviewApiCaseService.list(request));
     }
+
     @PostMapping("/relevance/list/{goPage}/{pageSize}")
+    @RequiresPermissions("PROJECT_TRACK_REVIEW:READ+RELEVANCE_OR_CANCEL")
     public Pager<List<ApiTestCaseDTO>> relevanceList(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody ApiTestCaseRequest request) {
         Page<Object> page = PageHelper.startPage(goPage, pageSize, true);
         request.setWorkspaceId(SessionUtils.getCurrentWorkspaceId());
@@ -37,19 +38,19 @@ public class TestCaseReviewApiCaseController {
     }
 
     @GetMapping("/delete/{id}")
-
+    @RequiresPermissions("PROJECT_TRACK_REVIEW:READ+RELEVANCE_OR_CANCEL")
     public int deleteTestCase(@PathVariable String id) {
         return testCaseReviewApiCaseService.delete(id);
     }
 
     @PostMapping("/batch/delete")
-
+    @RequiresPermissions("PROJECT_TRACK_REVIEW:READ+RELEVANCE_OR_CANCEL")
     public void deleteApiCaseBath(@RequestBody TestReviewApiCaseBatchRequest request) {
         testCaseReviewApiCaseService.deleteApiCaseBath(request);
     }
 
     @PostMapping("/batch/update/env")
-
+    @RequiresPermissions("PROJECT_TRACK_REVIEW:READ+RELEVANCE_OR_CANCEL")
     public void batchUpdateEnv(@RequestBody TestPlanApiCaseBatchRequest request) {
         testCaseReviewApiCaseService.batchUpdateEnv(request);
     }

backend/src/main/java/io/metersphere/track/controller/TestCaseReviewController.java

@@ -21,6 +21,7 @@ import io.metersphere.track.request.testreview.TestReviewRelevanceRequest;
 import io.metersphere.track.service.TestCaseReviewService;
 import io.metersphere.track.service.TestReviewProjectService;
 import org.apache.shiro.authz.annotation.Logical;
+import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.apache.shiro.authz.annotation.RequiresRoles;
 import org.springframework.web.bind.annotation.*;
 
@@ -47,7 +48,7 @@ public class TestCaseReviewController {
     }
 
     @PostMapping("/save")
-
+    @RequiresPermissions("PROJECT_TRACK_REVIEW:READ+CREATE")
     @MsAuditLog(module = "track_test_case_review", type = OperLogConstants.CREATE, title = "#reviewRequest.name", content = "#msClass.getLogDetails(#reviewRequest.id)", msClass = TestCaseReviewService.class)
     public String saveCaseReview(@RequestBody SaveTestCaseReviewRequest reviewRequest) {
         reviewRequest.setId(UUID.randomUUID().toString());
@@ -72,14 +73,14 @@ public class TestCaseReviewController {
     }
 
     @PostMapping("/edit")
-
+    @RequiresPermissions("PROJECT_TRACK_REVIEW:READ+EDIT")
     @MsAuditLog(module = "track_test_case_review", type = OperLogConstants.UPDATE, beforeEvent = "#msClass.getLogDetails(#testCaseReview.id)", title = "#testCaseReview.name", content = "#msClass.getLogDetails(#testCaseReview.id)", msClass = TestCaseReviewService.class)
     public String editCaseReview(@RequestBody SaveTestCaseReviewRequest testCaseReview) {
         return testCaseReviewService.editCaseReview(testCaseReview);
     }
 
     @GetMapping("/delete/{reviewId}")
-
+    @RequiresPermissions("PROJECT_TRACK_REVIEW:READ+DELETE")
     @MsAuditLog(module = "track_test_case_review", type = OperLogConstants.DELETE, beforeEvent = "#msClass.getLogDetails(#reviewId)", msClass = TestCaseReviewService.class)
     public void deleteCaseReview(@PathVariable String reviewId) {
         checkPermissionService.checkTestReviewOwner(reviewId);
@@ -120,7 +121,7 @@ public class TestCaseReviewController {
     }
 
     @PostMapping("/edit/status/{reviewId}")
-
+    @RequiresPermissions("PROJECT_TRACK_REVIEW:READ+EDIT")
     public void editTestPlanStatus(@PathVariable String reviewId) {
         checkPermissionService.checkTestReviewOwner(reviewId);
         testCaseReviewService.editTestReviewStatus(reviewId);

backend/src/main/java/io/metersphere/track/controller/TestPlanApiCaseController.java

@@ -13,6 +13,7 @@ import io.metersphere.log.annotation.MsAuditLog;
 import io.metersphere.track.request.testcase.TestPlanApiCaseBatchRequest;
 import io.metersphere.track.service.TestPlanApiCaseService;
 import org.apache.shiro.authz.annotation.Logical;
+import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.apache.shiro.authz.annotation.RequiresRoles;
 import org.springframework.web.bind.annotation.*;
 
@@ -44,21 +45,21 @@ public class TestPlanApiCaseController {
     }
 
     @GetMapping("/delete/{id}")
-
+    @RequiresPermissions("PROJECT_TRACK_PLAN:READ+RELEVANCE_OR_CANCEL")
     @MsAuditLog(module = "track_test_case_review", type = OperLogConstants.UN_ASSOCIATE_CASE, beforeEvent = "#msClass.getLogDetails(#id)", msClass = TestPlanApiCaseService.class)
     public int deleteTestCase(@PathVariable String id) {
         return testPlanApiCaseService.delete(id);
     }
 
     @PostMapping("/batch/delete")
-
+    @RequiresPermissions("PROJECT_TRACK_PLAN:READ+RELEVANCE_OR_CANCEL")
     @MsAuditLog(module = "track_test_plan", type = OperLogConstants.UN_ASSOCIATE_CASE, beforeEvent = "#msClass.getLogDetails(#request.ids)", msClass = TestPlanApiCaseService.class)
     public void deleteApiCaseBath(@RequestBody TestPlanApiCaseBatchRequest request) {
         testPlanApiCaseService.deleteApiCaseBath(request);
     }
 
     @PostMapping("/batch/update/env")
-
+    @RequiresPermissions("PROJECT_TRACK_PLAN:READ+RELEVANCE_OR_CANCEL")
     @MsAuditLog(module = "track_test_plan", type = OperLogConstants.BATCH_UPDATE, beforeEvent = "#msClass.batchLogDetails(#request.ids)", content = "#msClass.getLogDetails(#request.ids)", msClass = TestPlanApiCaseService.class)
     public void batchUpdateEnv(@RequestBody TestPlanApiCaseBatchRequest request) {
         testPlanApiCaseService.batchUpdateEnv(request);

backend/src/main/java/io/metersphere/track/controller/TestPlanController.java

@@ -22,6 +22,7 @@ import io.metersphere.track.request.testplancase.TestCaseRelevanceRequest;
 import io.metersphere.track.service.TestPlanProjectService;
 import io.metersphere.track.service.TestPlanService;
 import org.apache.shiro.authz.annotation.Logical;
+import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.apache.shiro.authz.annotation.RequiresRoles;
 import org.springframework.web.bind.annotation.*;
 
@@ -46,6 +47,7 @@ public class TestPlanController {
     }
 
     @PostMapping("/list/{goPage}/{pageSize}")
+    @RequiresPermissions("PROJECT_TRACK_PLAN:READ")
     public Pager<List<TestPlanDTOWithMetric>> list(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody QueryTestPlanRequest request) {
         String currentWorkspaceId = SessionUtils.getCurrentWorkspaceId();
         request.setWorkspaceId(currentWorkspaceId);
@@ -86,7 +88,7 @@ public class TestPlanController {
     }
 
     @PostMapping("/add")
-
+    @RequiresPermissions("PROJECT_TRACK_PLAN:READ+CREATE")
     @MsAuditLog(module = "track_test_plan", type = OperLogConstants.CREATE, title = "#testPlan.name", content = "#msClass.getLogDetails(#testPlan.id)", msClass = TestPlanService.class)
     public String addTestPlan(@RequestBody AddTestPlanRequest testPlan) {
         testPlan.setId(UUID.randomUUID().toString());
@@ -95,14 +97,14 @@ public class TestPlanController {
     }
 
     @PostMapping("/edit")
-
+    @RequiresPermissions("PROJECT_TRACK_PLAN:READ+EDIT")
     @MsAuditLog(module = "track_test_plan", type = OperLogConstants.UPDATE, beforeEvent = "#msClass.getLogDetails(#testPlanDTO.id)", content = "#msClass.getLogDetails(#testPlanDTO.id)", msClass = TestPlanService.class)
     public String editTestPlan(@RequestBody TestPlanDTO testPlanDTO) {
         return testPlanService.editTestPlan(testPlanDTO, true);
     }
 
     @PostMapping("/edit/status/{planId}")
-
+    @RequiresPermissions("PROJECT_TRACK_PLAN:READ+EDIT")
     @MsAuditLog(module = "track_test_plan", type = OperLogConstants.UPDATE, beforeEvent = "#msClass.getLogDetails(#planId)", content = "#msClass.getLogDetails(#planId)", msClass = TestPlanService.class)
     public void editTestPlanStatus(@PathVariable String planId) {
         checkPermissionService.checkTestPlanOwner(planId);
@@ -110,7 +112,7 @@ public class TestPlanController {
     }
 
     @PostMapping("/delete/{testPlanId}")
-
+    @RequiresPermissions("PROJECT_TRACK_PLAN:READ+DELETE")
     @MsAuditLog(module = "track_test_plan", type = OperLogConstants.DELETE, beforeEvent = "#msClass.getLogDetails(#testPlanId)", msClass = TestPlanService.class)
     public int deleteTestPlan(@PathVariable String testPlanId) {
         checkPermissionService.checkTestPlanOwner(testPlanId);

frontend/src/business/components/track/review/commom/ReviewComment.vue

@@ -16,19 +16,21 @@
     </div>
     <div>
       <el-input
-          ref="test"
+        ref="test"
-          type="textarea"
+        type="textarea"
-          :placeholder="$t('test_track.comment.send_comment')"
+        :placeholder="$t('test_track.comment.send_comment')"
-          v-model.trim="textarea"
+        v-model.trim="textarea"
-          maxlength="180"
+        maxlength="180"
-          show-word-limt
+        show-word-limt
-          resize="none"
+        resize="none"
-          :autosize="{ minRows: 4, maxRows: 4}"
+        :autosize="{ minRows: 4, maxRows: 4}"
-          @keyup.ctrl.enter.native="sendComment"
+        @keyup.ctrl.enter.native="sendComment"
-          :disabled="isReadOnly"
+        :disabled="isReadOnly"
       >
       </el-input>
-      <el-button type="primary" size="mini" class="send-btn" @click="sendComment" :disabled="isReadOnly">
+      <el-button type="primary" size="mini" class="send-btn"
+                 v-permission="['PROJECT_TRACK_REVIEW:READ+COMMENT']"
+                 @click="sendComment" :disabled="isReadOnly">
         {{ $t('test_track.comment.send') }}
       </el-button>
     </div>
@@ -53,7 +55,7 @@ export default {
       result: {},
       textarea: '',
       isReadOnly: false
-    }
+    };
   },
   created() {
     this.isReadOnly = !checkoutTestManagerOrTestUser();
@@ -63,7 +65,7 @@ export default {
       let comment = {};
       comment.caseId = this.caseId;
       comment.description = this.textarea;
-      comment.reviewId=this.reviewId;
+      comment.reviewId = this.reviewId;
       if (!this.textarea) {
         this.$warning(this.$t('test_track.comment.description_is_null'));
         return;
@@ -81,7 +83,7 @@ export default {
       this.$emit('getComments');
     },
   }
-}
+};
 </script>
 
 <style scoped>