ci: 增加check owner注解

2023-12-13 14:43:02 +08:00 · 2023-12-13 14:43:02 +08:00 · b334bdd72d
parent d9f2193977
commit b334bdd72d
3 changed files with 46 additions and 39 deletions
--- a/framework/sdk-parent/sdk/src/main/java/io/metersphere/base/mapper/ext/ExtCheckOwnerMapper.java
+++ b/framework/sdk-parent/sdk/src/main/java/io/metersphere/base/mapper/ext/ExtCheckOwnerMapper.java
@ -2,6 +2,8 @@ package io.metersphere.base.mapper.ext;
 import org.apache.ibatis.annotations.Param;
 import java.util.List;
 public interface ExtCheckOwnerMapper {
-    boolean checkoutOwner(@Param("table") String resourceType, @Param("projectId") String projectId, @Param("id") String id);
+    boolean checkoutOwner(@Param("table") String resourceType, @Param("projectId") String projectId, @Param("ids") List ids);
 }
--- a/framework/sdk-parent/sdk/src/main/java/io/metersphere/base/mapper/ext/ExtCheckOwnerMapper.xml
+++ b/framework/sdk-parent/sdk/src/main/java/io/metersphere/base/mapper/ext/ExtCheckOwnerMapper.xml
@ -2,9 +2,12 @@
 <!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
 <mapper namespace="io.metersphere.base.mapper.ext.ExtCheckOwnerMapper">
    <select id="checkoutOwner" resultType="boolean">
-        SELECT 1
+        SELECT count(id) = #{ids.size()}
        FROM ${table}
-        WHERE id = #{id}
+        WHERE project_id = #{projectId}
-          AND project_id = #{projectId}
+        and id in
        <foreach collection="ids" item="id" separator="," open="(" close=")">
            #{id}
        </foreach>
    </select>
 </mapper>
--- a/framework/sdk-parent/sdk/src/main/java/io/metersphere/security/CheckOwnerAspect.java
+++ b/framework/sdk-parent/sdk/src/main/java/io/metersphere/security/CheckOwnerAspect.java
@ -4,7 +4,6 @@ package io.metersphere.security;
 import io.metersphere.base.mapper.ext.ExtCheckOwnerMapper;
 import io.metersphere.commons.constants.UserGroupConstants;
 import io.metersphere.commons.exception.MSException;
 import io.metersphere.commons.utils.LogUtil;
 import io.metersphere.commons.utils.SessionUtils;
 import io.metersphere.i18n.Translator;
 import jakarta.annotation.Resource;
@ -23,6 +22,8 @@ import org.springframework.expression.spel.support.StandardEvaluationContext;
 import org.springframework.stereotype.Component;
 import java.lang.reflect.Method;
 import java.util.Arrays;
 import java.util.List;
@Aspect
@ -41,44 +42,45 @@ public class CheckOwnerAspect {
    @Before("pointcut()")
    public void before(JoinPoint joinPoint) {
        try {
            //从切面织入点处通过反射机制获取织入点处的方法
            MethodSignature signature = (MethodSignature) joinPoint.getSignature();
            //获取切入点所在的方法
            Method method = signature.getMethod();
            //获取参数对象数组
            Object[] args = joinPoint.getArgs();
            CheckOwner checkOwner = method.getAnnotation(CheckOwner.class);
            long count = SessionUtils.getUser().getGroups()
                    .stream()
                    .filter(g -> StringUtils.equals(g.getId(), UserGroupConstants.SUPER_GROUP))
                    .count();
-            if (count > 0) {
+        //从切面织入点处通过反射机制获取织入点处的方法
-                return;
+        MethodSignature signature = (MethodSignature) joinPoint.getSignature();
-            }
+        //获取切入点所在的方法
        Method method = signature.getMethod();
        //获取参数对象数组
        Object[] args = joinPoint.getArgs();
        CheckOwner checkOwner = method.getAnnotation(CheckOwner.class);
        long count = SessionUtils.getUser().getGroups()
                .stream()
                .filter(g -> StringUtils.equals(g.getId(), UserGroupConstants.SUPER_GROUP))
                .count();
-            // 操作内容
+        if (count > 0) {
-            //获取方法参数名
+            return;
-            String[] params = discoverer.getParameterNames(method);
+        }
            //将参数纳入Spring管理
            EvaluationContext context = new StandardEvaluationContext();
            for (int len = 0; len < params.length; len++) {
                context.setVariable(params[len], args[len]);
            }
-            String resourceId = checkOwner.resourceId();
+        // 操作内容
-            String resourceType = checkOwner.resourceType();
+        //获取方法参数名
-            Expression titleExp = parser.parseExpression(resourceId);
+        String[] params = discoverer.getParameterNames(method);
-            Object v = titleExp.getValue(context, Object.class);
+        //将参数纳入Spring管理
-            if (v instanceof String id) {
+        EvaluationContext context = new StandardEvaluationContext();
-                if (!extCheckOwnerMapper.checkoutOwner(resourceType, SessionUtils.getCurrentProjectId(), id)) {
+        for (int len = 0; len < params.length; len++) {
-                    MSException.throwException(Translator.get("check_owner_case"));
+            context.setVariable(params[len], args[len]);
-                }
+        }
        String resourceId = checkOwner.resourceId();
        String resourceType = checkOwner.resourceType();
        Expression titleExp = parser.parseExpression(resourceId);
        Object v = titleExp.getValue(context, Object.class);
        if (v instanceof String id) {
            if (!extCheckOwnerMapper.checkoutOwner(resourceType, SessionUtils.getCurrentProjectId(), List.of(id))) {
                MSException.throwException(Translator.get("check_owner_case"));
            }
        }
        if (v instanceof List ids) {
            if (!extCheckOwnerMapper.checkoutOwner(resourceType, SessionUtils.getCurrentProjectId(), ids)) {
                MSException.throwException(Translator.get("check_owner_case"));
            }
        } catch (Exception e) {
            LogUtil.error(e.getMessage(), e);
        }
    }
 }