refactor(项目设置): 补充模板接口权限校验

This commit is contained in:
chenjianxing 2023-06-12 15:06:13 +08:00 committed by fit2-zhao
parent 0c198d750b
commit a9b0ae3a61
4 changed files with 36 additions and 0 deletions

View File

@ -5,11 +5,13 @@ import com.github.pagehelper.PageHelper;
import io.metersphere.base.domain.CustomField; import io.metersphere.base.domain.CustomField;
import io.metersphere.commons.constants.OperLogConstants; import io.metersphere.commons.constants.OperLogConstants;
import io.metersphere.commons.constants.OperLogModule; import io.metersphere.commons.constants.OperLogModule;
import io.metersphere.commons.constants.PermissionConstants;
import io.metersphere.commons.utils.PageUtils; import io.metersphere.commons.utils.PageUtils;
import io.metersphere.commons.utils.Pager; import io.metersphere.commons.utils.Pager;
import io.metersphere.log.annotation.MsAuditLog; import io.metersphere.log.annotation.MsAuditLog;
import io.metersphere.request.QueryCustomFieldRequest; import io.metersphere.request.QueryCustomFieldRequest;
import io.metersphere.service.CustomFieldService; import io.metersphere.service.CustomFieldService;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.springframework.web.bind.annotation.*; import org.springframework.web.bind.annotation.*;
import jakarta.annotation.Resource; import jakarta.annotation.Resource;
@ -24,50 +26,59 @@ public class CustomFieldController {
private CustomFieldService customFieldService; private CustomFieldService customFieldService;
@PostMapping("/add") @PostMapping("/add")
@RequiresPermissions(PermissionConstants.PROJECT_TEMPLATE_READ_CUSTOM)
@MsAuditLog(module = OperLogModule.WORKSPACE_TEMPLATE_SETTINGS_FIELD, type = OperLogConstants.CREATE, content = "#msClass.getLogDetails(#customField.id)", msClass = CustomFieldService.class) @MsAuditLog(module = OperLogModule.WORKSPACE_TEMPLATE_SETTINGS_FIELD, type = OperLogConstants.CREATE, content = "#msClass.getLogDetails(#customField.id)", msClass = CustomFieldService.class)
public String add(@RequestBody CustomField customField) { public String add(@RequestBody CustomField customField) {
return customFieldService.add(customField); return customFieldService.add(customField);
} }
@PostMapping("/list/{goPage}/{pageSize}") @PostMapping("/list/{goPage}/{pageSize}")
@RequiresPermissions(PermissionConstants.PROJECT_TEMPLATE_READ_CUSTOM)
public Pager<List<CustomField>> list(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody QueryCustomFieldRequest request) { public Pager<List<CustomField>> list(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody QueryCustomFieldRequest request) {
Page<List<CustomField>> page = PageHelper.startPage(goPage, pageSize, true); Page<List<CustomField>> page = PageHelper.startPage(goPage, pageSize, true);
return PageUtils.setPageInfo(page, customFieldService.list(request)); return PageUtils.setPageInfo(page, customFieldService.list(request));
} }
@PostMapping("/list/relate/{goPage}/{pageSize}") @PostMapping("/list/relate/{goPage}/{pageSize}")
@RequiresPermissions(PermissionConstants.PROJECT_TEMPLATE_READ_CUSTOM)
public Pager<List<CustomField>> listRelate(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody QueryCustomFieldRequest request) { public Pager<List<CustomField>> listRelate(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody QueryCustomFieldRequest request) {
return customFieldService.listRelate(goPage, pageSize, request); return customFieldService.listRelate(goPage, pageSize, request);
} }
@GetMapping("/delete/{id}") @GetMapping("/delete/{id}")
@RequiresPermissions(PermissionConstants.PROJECT_TEMPLATE_READ_CUSTOM)
@MsAuditLog(module = OperLogModule.WORKSPACE_TEMPLATE_SETTINGS_FIELD, type = OperLogConstants.DELETE, beforeEvent = "#msClass.getLogDetails(#id)", msClass = CustomFieldService.class) @MsAuditLog(module = OperLogModule.WORKSPACE_TEMPLATE_SETTINGS_FIELD, type = OperLogConstants.DELETE, beforeEvent = "#msClass.getLogDetails(#id)", msClass = CustomFieldService.class)
public void delete(@PathVariable(value = "id") String id) { public void delete(@PathVariable(value = "id") String id) {
customFieldService.delete(id); customFieldService.delete(id);
} }
@GetMapping("/get/{id}") @GetMapping("/get/{id}")
@RequiresPermissions(PermissionConstants.PROJECT_TEMPLATE_READ_CUSTOM)
public CustomField get(@PathVariable(value = "id") String id) { public CustomField get(@PathVariable(value = "id") String id) {
return customFieldService.get(id); return customFieldService.get(id);
} }
@PostMapping("/update") @PostMapping("/update")
@RequiresPermissions(PermissionConstants.PROJECT_TEMPLATE_READ_CUSTOM)
@MsAuditLog(module = OperLogModule.WORKSPACE_TEMPLATE_SETTINGS_FIELD, type = OperLogConstants.UPDATE, beforeEvent = "#msClass.getLogDetails(#customField.id)", content = "#msClass.getLogDetails(#customField.id)", msClass = CustomFieldService.class) @MsAuditLog(module = OperLogModule.WORKSPACE_TEMPLATE_SETTINGS_FIELD, type = OperLogConstants.UPDATE, beforeEvent = "#msClass.getLogDetails(#customField.id)", content = "#msClass.getLogDetails(#customField.id)", msClass = CustomFieldService.class)
public void update(@RequestBody CustomField customField) { public void update(@RequestBody CustomField customField) {
customFieldService.update(customField); customFieldService.update(customField);
} }
@PostMapping("/list/ids") @PostMapping("/list/ids")
@RequiresPermissions(PermissionConstants.PROJECT_TEMPLATE_READ_CUSTOM)
public List<String> list(@RequestBody QueryCustomFieldRequest request) { public List<String> list(@RequestBody QueryCustomFieldRequest request) {
return customFieldService.listIds(request); return customFieldService.listIds(request);
} }
@PostMapping("/list") @PostMapping("/list")
@RequiresPermissions(PermissionConstants.PROJECT_TEMPLATE_READ_CUSTOM)
public List<CustomField> getList(@RequestBody QueryCustomFieldRequest request) { public List<CustomField> getList(@RequestBody QueryCustomFieldRequest request) {
return customFieldService.list(request); return customFieldService.list(request);
} }
@PostMapping("/default") @PostMapping("/default")
@RequiresPermissions(PermissionConstants.PROJECT_TEMPLATE_READ_CUSTOM)
public List<CustomField> getDefaultList(@RequestBody QueryCustomFieldRequest request) { public List<CustomField> getDefaultList(@RequestBody QueryCustomFieldRequest request) {
return customFieldService.getDefaultField(request); return customFieldService.getDefaultField(request);
} }

View File

@ -2,9 +2,11 @@ package io.metersphere.controller;
import io.metersphere.base.domain.CustomField; import io.metersphere.base.domain.CustomField;
import io.metersphere.base.domain.CustomFieldTemplate; import io.metersphere.base.domain.CustomFieldTemplate;
import io.metersphere.commons.constants.PermissionConstants;
import io.metersphere.dto.CustomFieldDao; import io.metersphere.dto.CustomFieldDao;
import io.metersphere.dto.CustomFieldTemplateDao; import io.metersphere.dto.CustomFieldTemplateDao;
import io.metersphere.service.CustomFieldTemplateService; import io.metersphere.service.CustomFieldTemplateService;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.springframework.web.bind.annotation.*; import org.springframework.web.bind.annotation.*;
import jakarta.annotation.Resource; import jakarta.annotation.Resource;
@ -18,16 +20,19 @@ public class CustomFieldTemplateController {
CustomFieldTemplateService customFieldTemplateService; CustomFieldTemplateService customFieldTemplateService;
@PostMapping("/list") @PostMapping("/list")
@RequiresPermissions(PermissionConstants.PROJECT_TEMPLATE_READ_CUSTOM)
public List<CustomFieldTemplateDao> list(@RequestBody CustomFieldTemplate request) { public List<CustomFieldTemplateDao> list(@RequestBody CustomFieldTemplate request) {
return customFieldTemplateService.list(request); return customFieldTemplateService.list(request);
} }
@GetMapping("/{id}") @GetMapping("/{id}")
@RequiresPermissions(PermissionConstants.PROJECT_TEMPLATE_READ_CUSTOM)
public CustomField get(@PathVariable String id) { public CustomField get(@PathVariable String id) {
return customFieldTemplateService.getCustomField(id); return customFieldTemplateService.getCustomField(id);
} }
@GetMapping("/list/{templateId}") @GetMapping("/list/{templateId}")
@RequiresPermissions(PermissionConstants.PROJECT_TEMPLATE_READ_CUSTOM)
public List<CustomFieldDao> getCustomFieldByTemplateId(@PathVariable String templateId) { public List<CustomFieldDao> getCustomFieldByTemplateId(@PathVariable String templateId) {
return customFieldTemplateService.getCustomFieldByTemplateId(templateId); return customFieldTemplateService.getCustomFieldByTemplateId(templateId);
} }

View File

@ -5,6 +5,7 @@ import com.github.pagehelper.PageHelper;
import io.metersphere.base.domain.IssueTemplate; import io.metersphere.base.domain.IssueTemplate;
import io.metersphere.commons.constants.OperLogConstants; import io.metersphere.commons.constants.OperLogConstants;
import io.metersphere.commons.constants.OperLogModule; import io.metersphere.commons.constants.OperLogModule;
import io.metersphere.commons.constants.PermissionConstants;
import io.metersphere.commons.utils.PageUtils; import io.metersphere.commons.utils.PageUtils;
import io.metersphere.commons.utils.Pager; import io.metersphere.commons.utils.Pager;
import io.metersphere.dto.IssueTemplateCopyDTO; import io.metersphere.dto.IssueTemplateCopyDTO;
@ -16,6 +17,8 @@ import io.metersphere.request.CopyIssueTemplateRequest;
import io.metersphere.request.UpdateIssueTemplateRequest; import io.metersphere.request.UpdateIssueTemplateRequest;
import io.metersphere.service.IssueTemplateService; import io.metersphere.service.IssueTemplateService;
import org.apache.commons.collections.CollectionUtils; import org.apache.commons.collections.CollectionUtils;
import org.apache.shiro.authz.annotation.Logical;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.springframework.web.bind.annotation.*; import org.springframework.web.bind.annotation.*;
import jakarta.annotation.Resource; import jakarta.annotation.Resource;
@ -29,45 +32,53 @@ public class IssueTemplateController {
private IssueTemplateService issueTemplateService; private IssueTemplateService issueTemplateService;
@PostMapping("/add") @PostMapping("/add")
@RequiresPermissions(PermissionConstants.PROJECT_TEMPLATE_READ_ISSUE_TEMPLATE)
@MsAuditLog(module = OperLogModule.WORKSPACE_TEMPLATE_SETTINGS_ISSUE, type = OperLogConstants.CREATE, content = "#msClass.getLogDetails(#request)", msClass = IssueTemplateService.class) @MsAuditLog(module = OperLogModule.WORKSPACE_TEMPLATE_SETTINGS_ISSUE, type = OperLogConstants.CREATE, content = "#msClass.getLogDetails(#request)", msClass = IssueTemplateService.class)
public void add(@RequestBody UpdateIssueTemplateRequest request) { public void add(@RequestBody UpdateIssueTemplateRequest request) {
issueTemplateService.add(request); issueTemplateService.add(request);
} }
@PostMapping("/list/{goPage}/{pageSize}") @PostMapping("/list/{goPage}/{pageSize}")
@RequiresPermissions(PermissionConstants.PROJECT_TEMPLATE_READ_ISSUE_TEMPLATE)
public Pager<List<IssueTemplate>> list(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody BaseQueryRequest request) { public Pager<List<IssueTemplate>> list(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody BaseQueryRequest request) {
Page<List<IssueTemplate>> page = PageHelper.startPage(goPage, pageSize, true); Page<List<IssueTemplate>> page = PageHelper.startPage(goPage, pageSize, true);
return PageUtils.setPageInfo(page, issueTemplateService.list(request)); return PageUtils.setPageInfo(page, issueTemplateService.list(request));
} }
@GetMapping("/delete/{id}") @GetMapping("/delete/{id}")
@RequiresPermissions(PermissionConstants.PROJECT_TEMPLATE_READ_ISSUE_TEMPLATE)
@MsAuditLog(module = OperLogModule.PROJECT_TEMPLATE_MANAGEMENT, type = OperLogConstants.DELETE, beforeEvent = "#msClass.getLogDetails(#id)", msClass = IssueTemplateService.class) @MsAuditLog(module = OperLogModule.PROJECT_TEMPLATE_MANAGEMENT, type = OperLogConstants.DELETE, beforeEvent = "#msClass.getLogDetails(#id)", msClass = IssueTemplateService.class)
public void delete(@PathVariable(value = "id") String id) { public void delete(@PathVariable(value = "id") String id) {
issueTemplateService.delete(id); issueTemplateService.delete(id);
} }
@PostMapping("/update") @PostMapping("/update")
@RequiresPermissions(PermissionConstants.PROJECT_TEMPLATE_READ_ISSUE_TEMPLATE)
@MsAuditLog(module = OperLogModule.PROJECT_TEMPLATE_MANAGEMENT, type = OperLogConstants.UPDATE, beforeEvent = "#msClass.getLogDetails(#request.id, #request.customFields)", content = "#msClass.getLogDetails(#request)", msClass = IssueTemplateService.class) @MsAuditLog(module = OperLogModule.PROJECT_TEMPLATE_MANAGEMENT, type = OperLogConstants.UPDATE, beforeEvent = "#msClass.getLogDetails(#request.id, #request.customFields)", content = "#msClass.getLogDetails(#request)", msClass = IssueTemplateService.class)
public void update(@RequestBody UpdateIssueTemplateRequest request) { public void update(@RequestBody UpdateIssueTemplateRequest request) {
issueTemplateService.update(request); issueTemplateService.update(request);
} }
@GetMapping({"/option/{projectId}", "/option"}) @GetMapping({"/option/{projectId}", "/option"})
@RequiresPermissions(PermissionConstants.PROJECT_TEMPLATE_READ_ISSUE_TEMPLATE)
public List<IssueTemplate> list(@PathVariable(required = false) String projectId) { public List<IssueTemplate> list(@PathVariable(required = false) String projectId) {
return issueTemplateService.getOption(projectId); return issueTemplateService.getOption(projectId);
} }
@GetMapping("/get/relate/{projectId}") @GetMapping("/get/relate/{projectId}")
@RequiresPermissions(value = {PermissionConstants.PROJECT_TEMPLATE_READ_ISSUE_TEMPLATE, PermissionConstants.PROJECT_TRACK_ISSUE_READ}, logical = Logical.OR)
public IssueTemplateDao getTemplate(@PathVariable String projectId) { public IssueTemplateDao getTemplate(@PathVariable String projectId) {
return issueTemplateService.getTemplate(projectId); return issueTemplateService.getTemplate(projectId);
} }
@GetMapping("/get/copy/project/{userId}/{workspaceId}") @GetMapping("/get/copy/project/{userId}/{workspaceId}")
@RequiresPermissions(PermissionConstants.PROJECT_TEMPLATE_READ_ISSUE_TEMPLATE)
public IssueTemplateCopyDTO getCopyProject(@PathVariable String userId, @PathVariable String workspaceId) { public IssueTemplateCopyDTO getCopyProject(@PathVariable String userId, @PathVariable String workspaceId) {
return issueTemplateService.getCopyProject(userId, workspaceId); return issueTemplateService.getCopyProject(userId, workspaceId);
} }
@PostMapping("/copy") @PostMapping("/copy")
@RequiresPermissions(PermissionConstants.PROJECT_TEMPLATE_READ_ISSUE_TEMPLATE)
@MsRequestLog(module = OperLogModule.PROJECT_TEMPLATE_MANAGEMENT) @MsRequestLog(module = OperLogModule.PROJECT_TEMPLATE_MANAGEMENT)
public void copy(@RequestBody CopyIssueTemplateRequest request) { public void copy(@RequestBody CopyIssueTemplateRequest request) {
List<IssueTemplate> copyRecords = issueTemplateService.copy(request); List<IssueTemplate> copyRecords = issueTemplateService.copy(request);

View File

@ -6,6 +6,7 @@ import io.metersphere.base.domain.TestCaseTemplate;
import io.metersphere.base.domain.TestCaseTemplateWithBLOBs; import io.metersphere.base.domain.TestCaseTemplateWithBLOBs;
import io.metersphere.commons.constants.OperLogConstants; import io.metersphere.commons.constants.OperLogConstants;
import io.metersphere.commons.constants.OperLogModule; import io.metersphere.commons.constants.OperLogModule;
import io.metersphere.commons.constants.PermissionConstants;
import io.metersphere.commons.utils.PageUtils; import io.metersphere.commons.utils.PageUtils;
import io.metersphere.commons.utils.Pager; import io.metersphere.commons.utils.Pager;
import io.metersphere.dto.TestCaseTemplateDao; import io.metersphere.dto.TestCaseTemplateDao;
@ -13,6 +14,8 @@ import io.metersphere.log.annotation.MsAuditLog;
import io.metersphere.request.BaseQueryRequest; import io.metersphere.request.BaseQueryRequest;
import io.metersphere.request.UpdateCaseFieldTemplateRequest; import io.metersphere.request.UpdateCaseFieldTemplateRequest;
import io.metersphere.service.TestCaseTemplateService; import io.metersphere.service.TestCaseTemplateService;
import org.apache.shiro.authz.annotation.Logical;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.springframework.web.bind.annotation.*; import org.springframework.web.bind.annotation.*;
import jakarta.annotation.Resource; import jakarta.annotation.Resource;
@ -27,35 +30,41 @@ public class TestCaseTemplateController {
private TestCaseTemplateService testCaseTemplateService; private TestCaseTemplateService testCaseTemplateService;
@PostMapping("/add") @PostMapping("/add")
@RequiresPermissions(PermissionConstants.PROJECT_TEMPLATE_READ_CASE_TEMPLATE)
@MsAuditLog(module = OperLogModule.WORKSPACE_TEMPLATE_SETTINGS_CASE, type = OperLogConstants.CREATE, content = "#msClass.getLogDetails(#request.id)", msClass = TestCaseTemplateService.class) @MsAuditLog(module = OperLogModule.WORKSPACE_TEMPLATE_SETTINGS_CASE, type = OperLogConstants.CREATE, content = "#msClass.getLogDetails(#request.id)", msClass = TestCaseTemplateService.class)
public void add(@RequestBody UpdateCaseFieldTemplateRequest request) { public void add(@RequestBody UpdateCaseFieldTemplateRequest request) {
testCaseTemplateService.add(request); testCaseTemplateService.add(request);
} }
@PostMapping("/list/{goPage}/{pageSize}") @PostMapping("/list/{goPage}/{pageSize}")
@RequiresPermissions(PermissionConstants.PROJECT_TEMPLATE_READ_CASE_TEMPLATE)
public Pager<List<TestCaseTemplateWithBLOBs>> list(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody BaseQueryRequest request) { public Pager<List<TestCaseTemplateWithBLOBs>> list(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody BaseQueryRequest request) {
Page<List<TestCaseTemplateWithBLOBs>> page = PageHelper.startPage(goPage, pageSize, true); Page<List<TestCaseTemplateWithBLOBs>> page = PageHelper.startPage(goPage, pageSize, true);
return PageUtils.setPageInfo(page, testCaseTemplateService.list(request)); return PageUtils.setPageInfo(page, testCaseTemplateService.list(request));
} }
@GetMapping("/delete/{id}") @GetMapping("/delete/{id}")
@RequiresPermissions(PermissionConstants.PROJECT_TEMPLATE_READ_CASE_TEMPLATE)
@MsAuditLog(module = OperLogModule.WORKSPACE_TEMPLATE_SETTINGS_CASE, type = OperLogConstants.DELETE, beforeEvent = "#msClass.getLogDetails(#id)", msClass = TestCaseTemplateService.class) @MsAuditLog(module = OperLogModule.WORKSPACE_TEMPLATE_SETTINGS_CASE, type = OperLogConstants.DELETE, beforeEvent = "#msClass.getLogDetails(#id)", msClass = TestCaseTemplateService.class)
public void delete(@PathVariable(value = "id") String id) { public void delete(@PathVariable(value = "id") String id) {
testCaseTemplateService.delete(id); testCaseTemplateService.delete(id);
} }
@PostMapping("/update") @PostMapping("/update")
@RequiresPermissions(PermissionConstants.PROJECT_TEMPLATE_READ_CASE_TEMPLATE)
@MsAuditLog(module = OperLogModule.WORKSPACE_TEMPLATE_SETTINGS_CASE, type = OperLogConstants.UPDATE, beforeEvent = "#msClass.getLogDetails(#request.id)", content = "#msClass.getLogDetails(#request.id)", msClass = TestCaseTemplateService.class) @MsAuditLog(module = OperLogModule.WORKSPACE_TEMPLATE_SETTINGS_CASE, type = OperLogConstants.UPDATE, beforeEvent = "#msClass.getLogDetails(#request.id)", content = "#msClass.getLogDetails(#request.id)", msClass = TestCaseTemplateService.class)
public void update(@RequestBody UpdateCaseFieldTemplateRequest request) { public void update(@RequestBody UpdateCaseFieldTemplateRequest request) {
testCaseTemplateService.update(request); testCaseTemplateService.update(request);
} }
@GetMapping({"/option/{projectId}", "/option"}) @GetMapping({"/option/{projectId}", "/option"})
@RequiresPermissions(PermissionConstants.PROJECT_TEMPLATE_READ_CASE_TEMPLATE)
public List<TestCaseTemplate> list(@PathVariable(required = false) String projectId) { public List<TestCaseTemplate> list(@PathVariable(required = false) String projectId) {
return testCaseTemplateService.getOption(projectId); return testCaseTemplateService.getOption(projectId);
} }
@GetMapping("/get/relate/{projectId}") @GetMapping("/get/relate/{projectId}")
@RequiresPermissions(value = {PermissionConstants.PROJECT_TEMPLATE_READ_CASE_TEMPLATE, PermissionConstants.PROJECT_TRACK_CASE_READ}, logical = Logical.OR)
public TestCaseTemplateDao getTemplate(@PathVariable String projectId) { public TestCaseTemplateDao getTemplate(@PathVariable String projectId) {
return testCaseTemplateService.getTemplate(projectId); return testCaseTemplateService.getTemplate(projectId);
} }