diff --git a/api-test/backend/src/main/java/io/metersphere/controller/definition/ApiTestCaseController.java b/api-test/backend/src/main/java/io/metersphere/controller/definition/ApiTestCaseController.java index e90bf48140..e1bba3f054 100644 --- a/api-test/backend/src/main/java/io/metersphere/controller/definition/ApiTestCaseController.java +++ b/api-test/backend/src/main/java/io/metersphere/controller/definition/ApiTestCaseController.java @@ -10,10 +10,7 @@ import io.metersphere.base.domain.ApiDefinitionExecResultExpand; import io.metersphere.base.domain.ApiScenario; import io.metersphere.base.domain.ApiTestCase; import io.metersphere.base.domain.ApiTestEnvironment; -import io.metersphere.commons.constants.NoticeConstants; -import io.metersphere.commons.constants.OperLogConstants; -import io.metersphere.commons.constants.OperLogModule; -import io.metersphere.commons.constants.ReportTriggerMode; +import io.metersphere.commons.constants.*; import io.metersphere.commons.utils.PageUtils; import io.metersphere.commons.utils.Pager; import io.metersphere.dto.MsExecResponseDTO; @@ -24,6 +21,7 @@ import io.metersphere.request.ResetOrderRequest; import io.metersphere.service.definition.ApiDefinitionExecResultService; import io.metersphere.service.definition.ApiTestCaseService; import io.metersphere.service.scenario.ApiScenarioService; +import org.apache.shiro.authz.annotation.RequiresPermissions; import org.springframework.web.bind.annotation.*; import org.springframework.web.multipart.MultipartFile; @@ -47,16 +45,19 @@ public class ApiTestCaseController { private ApiScenarioService apiScenarioService; @PostMapping("/list") + @RequiresPermissions(PermissionConstants.PROJECT_API_DEFINITION_READ) public List list(@RequestBody ApiTestCaseRequest request) { return apiTestCaseService.list(request); } @PostMapping("/select/by/id") + @RequiresPermissions(PermissionConstants.PROJECT_API_DEFINITION_READ) public List selectByIds(@RequestBody ApiTestCaseRequest request) { return apiTestCaseService.selectByIds(request); } @GetMapping("/get-details/{id}") + @RequiresPermissions(PermissionConstants.PROJECT_API_DEFINITION_READ) public ApiTestCaseResult single(@PathVariable String id) { ApiTestCaseRequest request = new ApiTestCaseRequest(); request.setId(id); @@ -69,6 +70,7 @@ public class ApiTestCaseController { } @PostMapping("/list/{goPage}/{pageSize}") + @RequiresPermissions(PermissionConstants.PROJECT_API_DEFINITION_READ) public Pager> listSimple(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody ApiTestCaseRequest request) { request.setSelectEnvironment(true); apiTestCaseService.initRequestBySearch(request); @@ -77,6 +79,7 @@ public class ApiTestCaseController { } @GetMapping("/list/{projectId}") + @RequiresPermissions(PermissionConstants.PROJECT_API_DEFINITION_READ) public List list(@PathVariable String projectId) { ApiTestCaseRequest request = new ApiTestCaseRequest(); request.setProjectId(projectId); @@ -84,6 +87,7 @@ public class ApiTestCaseController { } @GetMapping("/get/pass-rate/{id}") + @RequiresPermissions(PermissionConstants.PROJECT_API_DEFINITION_READ) public String getPassRate(@PathVariable String id) { return apiTestCaseService.getPassRate(id); } @@ -110,6 +114,7 @@ public class ApiTestCaseController { } @PostMapping(value = "/create", consumes = {"multipart/form-data"}) + @RequiresPermissions(PermissionConstants.PROJECT_API_DEFINITION_READ_CREATE_CASE) @MsAuditLog(module = OperLogModule.API_DEFINITION_CASE, type = OperLogConstants.CREATE, title = "#request.name", content = "#msClass.getLogDetails(#request)", msClass = ApiTestCaseService.class) @SendNotice(taskType = NoticeConstants.TaskType.API_DEFINITION_TASK, event = NoticeConstants.Event.CASE_CREATE, subject = "接口用例通知") public ApiTestCase create(@RequestPart("request") SaveApiTestCaseRequest request, @RequestPart(value = "files", required = false) List bodyFiles) { @@ -117,6 +122,7 @@ public class ApiTestCaseController { } @PostMapping(value = "/update", consumes = {"multipart/form-data"}) + @RequiresPermissions(PermissionConstants.PROJECT_API_DEFINITION_READ_EDIT_CASE) @MsAuditLog(module = OperLogModule.API_DEFINITION_CASE, type = OperLogConstants.UPDATE, beforeEvent = "#msClass.getLogDetails(#request)", title = "#request.name", content = "#msClass.getLogDetails(#request)", msClass = ApiTestCaseService.class) @SendNotice(taskType = NoticeConstants.TaskType.API_DEFINITION_TASK, event = NoticeConstants.Event.CASE_UPDATE, subject = "接口用例通知") public ApiTestCase update(@RequestPart("request") SaveApiTestCaseRequest request, @RequestPart(value = "files", required = false) List bodyFiles) { @@ -131,12 +137,14 @@ public class ApiTestCaseController { } @GetMapping("/delete/{id}") + @RequiresPermissions(PermissionConstants.PROJECT_API_DEFINITION_READ_DELETE_CASE) @MsAuditLog(module = OperLogModule.API_DEFINITION_CASE, type = OperLogConstants.DELETE, beforeEvent = "#msClass.getLogDetails(#id)", msClass = ApiTestCaseService.class) public void delete(@PathVariable String id) { apiTestCaseService.delete(id); } @GetMapping("/move-gc/{id}") + @RequiresPermissions(PermissionConstants.PROJECT_API_DEFINITION_READ_DELETE_CASE) @MsAuditLog(module = OperLogModule.API_DEFINITION_CASE, type = OperLogConstants.DELETE, beforeEvent = "#msClass.getLogDetails(#id)", msClass = ApiTestCaseService.class) @SendNotice(taskType = NoticeConstants.TaskType.API_DEFINITION_TASK, event = NoticeConstants.Event.CASE_DELETE, target = "#targetClass.get(#id)", targetClass = ApiTestCaseService.class, subject = "接口用例通知") public void deleteToGc(@PathVariable String id) { @@ -144,16 +152,19 @@ public class ApiTestCaseController { } @GetMapping("/get/{id}") + @RequiresPermissions(PermissionConstants.PROJECT_API_DEFINITION_READ) public ApiTestCaseInfo get(@PathVariable String id) { return apiTestCaseService.get(id); } @PostMapping("/batch/edit") + @RequiresPermissions(PermissionConstants.PROJECT_API_DEFINITION_READ_EDIT_CASE) public void editApiBath(@RequestBody ApiCaseEditRequest request) { apiTestCaseService.editApiBath(request); } @PostMapping("/edit-batch") + @RequiresPermissions(PermissionConstants.PROJECT_API_DEFINITION_READ_EDIT_CASE) @MsAuditLog(module = OperLogModule.API_DEFINITION_CASE, type = OperLogConstants.BATCH_UPDATE, beforeEvent = "#msClass.getLogDetails(#request.ids)", content = "#msClass.getLogDetails(#request.ids)", msClass = ApiTestCaseService.class) @SendNotice(taskType = NoticeConstants.TaskType.API_DEFINITION_TASK, event = NoticeConstants.Event.CASE_UPDATE, target = "#targetClass.getApiCaseByIds(#request.ids)", targetClass = ApiTestCaseService.class, subject = "接口用例通知") public void editApiBathByParam(@RequestBody ApiTestBatchRequest request) { @@ -174,18 +185,21 @@ public class ApiTestCaseController { } @PostMapping("/del-ids") + @RequiresPermissions(PermissionConstants.PROJECT_API_DEFINITION_READ_DELETE_CASE) @MsAuditLog(module = OperLogModule.API_DEFINITION_CASE, type = OperLogConstants.BATCH_DEL, beforeEvent = "#msClass.getLogDetails(#ids)", msClass = ApiTestCaseService.class) public void deleteBatch(@RequestBody List ids) { apiTestCaseService.deleteBatch(ids); } @PostMapping("/del-batch") + @RequiresPermissions(PermissionConstants.PROJECT_API_DEFINITION_READ_DELETE_CASE) @MsAuditLog(module = OperLogModule.API_DEFINITION_CASE, type = OperLogConstants.BATCH_DEL, beforeEvent = "#msClass.getLogDetails(#request.ids)", msClass = ApiTestCaseService.class) public void deleteBatchByParam(@RequestBody ApiTestBatchRequest request) { apiTestCaseService.deleteBatchByParam(request); } @PostMapping("/move-batch-gc") + @RequiresPermissions(PermissionConstants.PROJECT_API_DEFINITION_READ_DELETE_CASE) @MsAuditLog(module = OperLogModule.API_DEFINITION_CASE, type = OperLogConstants.BATCH_DEL, beforeEvent = "#msClass.getLogDetails(#request.ids)", msClass = ApiTestCaseService.class) @SendNotice(taskType = NoticeConstants.TaskType.API_DEFINITION_TASK, event = NoticeConstants.Event.CASE_DELETE, target = "#targetClass.getApiCaseByIds(#request.ids)", targetClass = ApiTestCaseService.class, subject = "接口用例通知") public void deleteToGcByParam(@RequestBody ApiTestBatchRequest request) { diff --git a/api-test/backend/src/main/java/io/metersphere/controller/home/ApiHomeController.java b/api-test/backend/src/main/java/io/metersphere/controller/home/ApiHomeController.java index f35adc6f0d..6aee61f537 100644 --- a/api-test/backend/src/main/java/io/metersphere/controller/home/ApiHomeController.java +++ b/api-test/backend/src/main/java/io/metersphere/controller/home/ApiHomeController.java @@ -13,6 +13,7 @@ import io.metersphere.api.dto.definition.RunDefinitionRequest; import io.metersphere.api.dto.export.ScenarioToPerformanceInfoDTO; import io.metersphere.base.domain.ApiDefinition; import io.metersphere.base.domain.Schedule; +import io.metersphere.commons.constants.PermissionConstants; import io.metersphere.commons.constants.ReportTriggerMode; import io.metersphere.commons.enums.ExecutionExecuteTypeEnum; import io.metersphere.commons.utils.*; @@ -26,6 +27,7 @@ import io.metersphere.service.scenario.ApiScenarioService; import io.metersphere.task.service.TaskService; import jakarta.annotation.Resource; import org.apache.commons.lang3.StringUtils; +import org.apache.shiro.authz.annotation.RequiresPermissions; import org.springframework.web.bind.annotation.*; import org.springframework.web.multipart.MultipartFile; @@ -229,6 +231,7 @@ public class ApiHomeController { } @PostMapping(value = "/gen/performance/xml", consumes = {"multipart/form-data"}) + @RequiresPermissions(PermissionConstants.PROJECT_API_DEFINITION_READ_CREATE_PERFORMANCE) public ScenarioToPerformanceInfoDTO genPerformanceTest(@RequestPart("request") RunDefinitionRequest runRequest, @RequestPart(value = "files", required = false) List bodyFiles) { JmxInfoDTO jmxInfoDTO = DataFormattingUtil.getJmxInfoDTO(runRequest, bodyFiles); ScenarioToPerformanceInfoDTO returnDTO = new ScenarioToPerformanceInfoDTO(); diff --git a/api-test/backend/src/main/java/io/metersphere/controller/scenario/ApiScenarioController.java b/api-test/backend/src/main/java/io/metersphere/controller/scenario/ApiScenarioController.java index 2adfc3df41..129ce85055 100644 --- a/api-test/backend/src/main/java/io/metersphere/controller/scenario/ApiScenarioController.java +++ b/api-test/backend/src/main/java/io/metersphere/controller/scenario/ApiScenarioController.java @@ -50,7 +50,7 @@ public class ApiScenarioController { private ExtApiTaskService apiTaskService; @PostMapping("/list/{goPage}/{pageSize}") - @RequiresPermissions("PROJECT_API_SCENARIO:READ") + @RequiresPermissions(PermissionConstants.PROJECT_API_SCENARIO_READ) public Pager> list(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody ApiScenarioRequest request) { Page page = PageHelper.startPage(goPage, pageSize, true); // 查询场景环境 @@ -59,18 +59,19 @@ public class ApiScenarioController { } @PostMapping("/scenario/schedule") - @RequiresPermissions("PROJECT_API_SCENARIO:READ") + @RequiresPermissions(PermissionConstants.PROJECT_API_SCENARIO_READ) public Map scenarioScheduleInfo(@RequestBody List scenarioIds) { return apiAutomationService.selectScheduleInfo(scenarioIds); } @PostMapping("/list") - @RequiresPermissions("PROJECT_API_SCENARIO:READ") + @RequiresPermissions(PermissionConstants.PROJECT_API_SCENARIO_READ) public List listAll(@RequestBody ApiScenarioRequest request) { return apiAutomationService.list(request); } @PostMapping("/select/by/id") + @RequiresPermissions(PermissionConstants.PROJECT_API_SCENARIO_READ) public List selectByIds(@RequestBody ApiScenarioRequest request) { if (CollectionUtils.isNotEmpty(request.getIds())) { return apiAutomationService.selectByIds(request.getIds()); @@ -80,37 +81,38 @@ public class ApiScenarioController { } @GetMapping("/get/{id}") - @RequiresPermissions("PROJECT_API_SCENARIO:READ") + @RequiresPermissions(PermissionConstants.PROJECT_API_SCENARIO_READ) public ApiScenarioDTO getById(@PathVariable String id) { return apiAutomationService.getDto(id); } @PostMapping("/list/all") - @RequiresPermissions("PROJECT_API_SCENARIO:READ") + @RequiresPermissions(PermissionConstants.PROJECT_API_SCENARIO_READ) public List listAll(@RequestBody ApiScenarioBatchRequest request) { return apiAutomationService.listAll(request); } @PostMapping("/list/all/trash") + @RequiresPermissions(PermissionConstants.PROJECT_API_SCENARIO_READ) public int listAllTrash(@RequestBody ApiScenarioBatchRequest request) { return apiAutomationService.listAllTrash(request); } @PostMapping("/list-blobs") - @RequiresPermissions("PROJECT_API_SCENARIO:READ") + @RequiresPermissions(PermissionConstants.PROJECT_API_SCENARIO_READ) public List listWithIds(@RequestBody ApiScenarioBatchRequest request) { return apiAutomationService.listWithIds(request); } @PostMapping("/id/all") - @RequiresPermissions("PROJECT_API_SCENARIO:READ") + @RequiresPermissions(PermissionConstants.PROJECT_API_SCENARIO_READ) public List idAll(@RequestBody ApiScenarioBatchRequest request) { return apiAutomationService.idAll(request); } @GetMapping("/list/{projectId}") - @RequiresPermissions("PROJECT_API_SCENARIO:READ") + @RequiresPermissions(PermissionConstants.PROJECT_API_SCENARIO_READ) public List list(@PathVariable String projectId) { ApiScenarioRequest request = new ApiScenarioRequest(); request.setProjectId(projectId); @@ -147,6 +149,7 @@ public class ApiScenarioController { } @PostMapping("/del-ids") + @RequiresPermissions(PermissionConstants.PROJECT_API_SCENARIO_READ_DELETE) @MsAuditLog(module = OperLogModule.API_AUTOMATION, type = OperLogConstants.BATCH_DEL, beforeEvent = "#msClass.getLogDetails(#ids)", msClass = ApiScenarioService.class) @SendNotice(taskType = NoticeConstants.TaskType.API_AUTOMATION_TASK, event = NoticeConstants.Event.DELETE, target = "#targetClass.getScenarioCaseByIds(#ids)", targetClass = ApiScenarioService.class, subject = "接口自动化通知") public void deleteBatch(@RequestBody List ids) { @@ -160,6 +163,7 @@ public class ApiScenarioController { } @PostMapping("/move-gc-ids") + @RequiresPermissions(PermissionConstants.PROJECT_API_SCENARIO_READ_DELETE) @MsAuditLog(module = OperLogModule.API_AUTOMATION, type = OperLogConstants.GC, beforeEvent = "#msClass.getLogDetails(#ids)", msClass = ApiScenarioService.class) @SendNotice(taskType = NoticeConstants.TaskType.API_AUTOMATION_TASK, target = "#targetClass.getScenarioCaseByIds(#ids)", targetClass = ApiScenarioService.class, event = NoticeConstants.Event.DELETE, subject = "接口自动化通知") public void removeToGc(@RequestBody List ids) { @@ -167,6 +171,7 @@ public class ApiScenarioController { } @PostMapping("/move-gc-batch") + @RequiresPermissions(PermissionConstants.PROJECT_API_SCENARIO_READ_DELETE) @MsAuditLog(module = OperLogModule.API_AUTOMATION, type = OperLogConstants.BATCH_GC, beforeEvent = "#msClass.getLogDetails(#request.ids)", msClass = ApiScenarioService.class) @SendNotice(taskType = NoticeConstants.TaskType.API_AUTOMATION_TASK, target = "#targetClass.getScenarioCaseByIds(#request.ids)", targetClass = ApiScenarioService.class, event = NoticeConstants.Event.DELETE, subject = "接口自动化通知") public void removeToGcByBatch(@RequestBody ApiScenarioBatchRequest request) { @@ -186,6 +191,7 @@ public class ApiScenarioController { } @GetMapping("/scenario-details/{id}") + @RequiresPermissions(PermissionConstants.PROJECT_API_SCENARIO_READ) public ApiScenarioDTO getScenarioDefinition(@PathVariable String id) { return apiAutomationService.getNewApiScenario(id); } @@ -206,6 +212,7 @@ public class ApiScenarioController { } @PostMapping("/get-scenario-list") + @RequiresPermissions(PermissionConstants.PROJECT_API_SCENARIO_READ) public List getApiScenarios(@RequestBody List ids) { return apiAutomationService.getScenarioDetail(ids); } @@ -216,6 +223,7 @@ public class ApiScenarioController { } @PostMapping(value = "/run/debug") + @RequiresPermissions(PermissionConstants.PROJECT_API_SCENARIO_READ_DEBUG) @MsAuditLog(module = OperLogModule.API_AUTOMATION, type = OperLogConstants.DEBUG, title = "#request.scenarioName", sourceId = "#request.scenarioId", project = "#request.projectId") public String runDebug(@RequestPart("request") RunDefinitionRequest request, @RequestPart(value = "bodyFiles", required = false) List bodyFiles, @RequestPart(value = "scenarioFiles", required = false) List scenarioFiles) { try { @@ -230,6 +238,7 @@ public class ApiScenarioController { } @PostMapping(value = "/run") + @RequiresPermissions(PermissionConstants.PROJECT_API_SCENARIO_READ_RUN) @MsAuditLog(module = OperLogModule.API_AUTOMATION, type = OperLogConstants.EXECUTE, content = "#msClass.getLogDetails(#request.ids)", msClass = ApiScenarioService.class) public List run(@RequestBody RunScenarioRequest request) { if (!StringUtils.equals(request.getExecuteType(), ExecuteType.Saved.name())) { @@ -256,6 +265,7 @@ public class ApiScenarioController { } @PostMapping(value = "/run/batch") + @RequiresPermissions(PermissionConstants.PROJECT_API_SCENARIO_READ_RUN) @MsAuditLog(module = OperLogModule.API_AUTOMATION, type = OperLogConstants.EXECUTE, content = "#msClass.getLogDetails(#request.ids)", msClass = ApiScenarioService.class) public List runBatch(@RequestBody RunScenarioRequest request) { request.setExecuteType(ExecuteType.Saved.name()); @@ -292,24 +302,28 @@ public class ApiScenarioController { } @PostMapping(value = "/schedule/update") + @RequiresPermissions(PermissionConstants.PROJECT_API_SCENARIO_READ_SCHEDULE) @MsAuditLog(module = OperLogModule.API_AUTOMATION_SCHEDULE, type = OperLogConstants.UPDATE, title = "#request.name", beforeEvent = "#msClass.getLogDetails(#request.id)", content = "#msClass.getLogDetails(#request.id)", msClass = ApiScenarioService.class) public void updateSchedule(@RequestBody Schedule request) { apiAutomationService.updateSchedule(request); } @PostMapping(value = "/schedule/create") + @RequiresPermissions(PermissionConstants.PROJECT_API_SCENARIO_READ_SCHEDULE) @MsAuditLog(module = OperLogModule.API_AUTOMATION_SCHEDULE, type = OperLogConstants.CREATE, title = "#request.name", content = "#msClass.getLogDetails(#request)", msClass = ApiScenarioService.class) public void createSchedule(@RequestBody ScheduleRequest request) { apiAutomationService.createSchedule(request); } @PostMapping(value = "/gen-jmx") + @RequiresPermissions(PermissionConstants.PROJECT_API_SCENARIO_READ_CREATE_PERFORMANCE) public ScenarioToPerformanceInfoDTO genPerformanceTestJmx(@RequestBody GenScenarioRequest runRequest) throws Exception { runRequest.setExecuteType(ExecuteType.Completed.name()); return apiAutomationService.genPerformanceTestJmx(runRequest); } @PostMapping("/gen-jmx-batch") + @RequiresPermissions(PermissionConstants.PROJECT_API_SCENARIO_READ_CREATE_PERFORMANCE_BATCH) public ScenarioToPerformanceInfoDTO batchGenPerformanceTestJmx(@RequestBody ApiScenarioBatchRequest request) { return apiAutomationService.batchGenPerformanceTestJmx(request); } @@ -445,7 +459,7 @@ public class ApiScenarioController { } @GetMapping("/get-base-case/{projectId}") - @RequiresPermissions("PROJECT_API_SCENARIO:READ") + @RequiresPermissions(PermissionConstants.PROJECT_API_SCENARIO_READ) public List getBaseCaseByProjectId(@PathVariable String projectId) { return apiAutomationService.getBaseCaseByProjectId(projectId); } diff --git a/api-test/backend/src/main/java/io/metersphere/controller/scenario/ApiScenarioReportController.java b/api-test/backend/src/main/java/io/metersphere/controller/scenario/ApiScenarioReportController.java index 2c6ce6f37a..00a1f9475c 100644 --- a/api-test/backend/src/main/java/io/metersphere/controller/scenario/ApiScenarioReportController.java +++ b/api-test/backend/src/main/java/io/metersphere/controller/scenario/ApiScenarioReportController.java @@ -11,6 +11,7 @@ import io.metersphere.base.domain.ApiScenarioReport; import io.metersphere.commons.constants.NoticeConstants; import io.metersphere.commons.constants.OperLogConstants; import io.metersphere.commons.constants.OperLogModule; +import io.metersphere.commons.constants.PermissionConstants; import io.metersphere.commons.utils.PageUtils; import io.metersphere.commons.utils.Pager; import io.metersphere.dto.PlanReportCaseDTO; @@ -20,6 +21,7 @@ import io.metersphere.notice.annotation.SendNotice; import io.metersphere.service.ShareInfoService; import io.metersphere.service.scenario.ApiScenarioReportService; import jakarta.annotation.Resource; +import org.apache.shiro.authz.annotation.RequiresPermissions; import org.springframework.web.bind.annotation.*; import java.util.List; @@ -35,22 +37,26 @@ public class ApiScenarioReportController { private ShareInfoService shareInfoService; @GetMapping("/get/{reportId}") + @RequiresPermissions(PermissionConstants.PROJECT_API_REPORT_READ) public ApiScenarioReportResult get(@PathVariable String reportId) { return apiReportService.get(reportId, false); } @GetMapping("/get/{shareId}/{reportId}") + @RequiresPermissions(PermissionConstants.PROJECT_API_REPORT_READ) public ApiScenarioReportResult get(@PathVariable String shareId, @PathVariable String reportId) { shareInfoService.validateExpired(shareId); return apiReportService.get(reportId, false); } @GetMapping("/get/detail/{reportId}") + @RequiresPermissions(PermissionConstants.PROJECT_API_REPORT_READ) public ApiScenarioReportResult getAll(@PathVariable String reportId) { return apiReportService.get(reportId, true); } @PostMapping("/list/{goPage}/{pageSize}") + @RequiresPermissions(PermissionConstants.PROJECT_API_REPORT_READ) public Pager> list(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody QueryAPIReportRequest request) { Page page = PageHelper.startPage(goPage, pageSize, true); return PageUtils.setPageInfo(page, apiReportService.list(request)); @@ -68,6 +74,7 @@ public class ApiScenarioReportController { } @PostMapping("/delete") + @RequiresPermissions(PermissionConstants.PROJECT_API_REPORT_READ_DELETE) @MsAuditLog(module = OperLogModule.API_AUTOMATION_REPORT, type = OperLogConstants.DELETE, beforeEvent = "#msClass.getLogDetails(#request.id)", msClass = ApiScenarioReportService.class) @SendNotice(taskType = NoticeConstants.TaskType.API_REPORT_TASK, event = NoticeConstants.Event.DELETE, target = "#targetClass.get(#request.id, false)", targetClass = ApiScenarioReportService.class, subject = "接口报告通知") @@ -76,6 +83,7 @@ public class ApiScenarioReportController { } @PostMapping("/batch/delete") + @RequiresPermissions(PermissionConstants.PROJECT_API_REPORT_READ_DELETE) @MsAuditLog(module = OperLogModule.API_AUTOMATION_REPORT, type = OperLogConstants.BATCH_DEL, beforeEvent = "#msClass.getLogDetails(#request.ids)", msClass = ApiScenarioReportService.class) @SendNotice(taskType = NoticeConstants.TaskType.API_REPORT_TASK, event = NoticeConstants.Event.DELETE, target = "#targetClass.getByIds(#request.ids)", targetClass = ApiScenarioReportService.class, subject = "接口报告通知") diff --git a/framework/sdk-parent/sdk/src/main/java/io/metersphere/commons/constants/PermissionConstants.java b/framework/sdk-parent/sdk/src/main/java/io/metersphere/commons/constants/PermissionConstants.java index 98b586a4a8..7d53132ea3 100644 --- a/framework/sdk-parent/sdk/src/main/java/io/metersphere/commons/constants/PermissionConstants.java +++ b/framework/sdk-parent/sdk/src/main/java/io/metersphere/commons/constants/PermissionConstants.java @@ -153,6 +153,7 @@ public class PermissionConstants { public static final String PROJECT_API_SCENARIO_READ_EXPORT_SCENARIO = "PROJECT_API_SCENARIO:READ+EXPORT_SCENARIO"; public static final String PROJECT_API_SCENARIO_READ_MOVE_BATCH = "PROJECT_API_SCENARIO:READ+MOVE_BATCH"; public static final String PROJECT_API_SCENARIO_READ_CREATE_PERFORMANCE = "PROJECT_API_SCENARIO:READ+CREATE_PERFORMANCE"; + public static final String PROJECT_API_SCENARIO_READ_CREATE_PERFORMANCE_BATCH = "PROJECT_API_SCENARIO:READ+CREATE_PERFORMANCE_BATCH"; public static final String PROJECT_UI_SCENARIO_READ = "PROJECT_UI_SCENARIO:READ"; public static final String PROJECT_UI_SCENARIO_READ_CREATE = "PROJECT_UI_SCENARIO:READ+CREATE";