fix: 测试跟踪部分页面权限校验
--bug=1009131 --user=陈建星 【测试跟踪】测试跟踪权限限制没有限制住,从操作日志中可跳转进去 https://www.tapd.cn/55049933/s/10870877
This commit is contained in:
chenjianxing
BugKing
parent
92497ad475
commit
c7ee881d83
|
|
@ -7,6 +7,7 @@ import io.metersphere.base.domain.IssuesDao;
|
||||||
import io.metersphere.base.domain.IssuesWithBLOBs;
|
import io.metersphere.base.domain.IssuesWithBLOBs;
|
||||||
import io.metersphere.commons.constants.NoticeConstants;
|
import io.metersphere.commons.constants.NoticeConstants;
|
||||||
import io.metersphere.commons.constants.OperLogConstants;
|
import io.metersphere.commons.constants.OperLogConstants;
|
||||||
|
import io.metersphere.commons.constants.PermissionConstants;
|
||||||
import io.metersphere.commons.utils.PageUtils;
|
import io.metersphere.commons.utils.PageUtils;
|
||||||
import io.metersphere.commons.utils.Pager;
|
import io.metersphere.commons.utils.Pager;
|
||||||
import io.metersphere.dto.IssueTemplateDao;
|
import io.metersphere.dto.IssueTemplateDao;
|
||||||
|
|
@ -18,6 +19,7 @@ import io.metersphere.track.request.testcase.AuthUserIssueRequest;
|
||||||
import io.metersphere.track.request.testcase.IssuesRequest;
|
import io.metersphere.track.request.testcase.IssuesRequest;
|
||||||
import io.metersphere.track.request.testcase.IssuesUpdateRequest;
|
import io.metersphere.track.request.testcase.IssuesUpdateRequest;
|
||||||
import io.metersphere.track.service.IssuesService;
|
import io.metersphere.track.service.IssuesService;
|
||||||
|
import org.apache.shiro.authz.annotation.RequiresPermissions;
|
||||||
import org.springframework.web.bind.annotation.*;
|
import org.springframework.web.bind.annotation.*;
|
||||||
|
|
||||||
import javax.annotation.Resource;
|
import javax.annotation.Resource;
|
||||||
|
|
@ -31,18 +33,21 @@ public class IssuesController {
|
||||||
private IssuesService issuesService;
|
private IssuesService issuesService;
|
||||||
|
|
||||||
@PostMapping("/list/{goPage}/{pageSize}")
|
@PostMapping("/list/{goPage}/{pageSize}")
|
||||||
|
@RequiresPermissions(PermissionConstants.PROJECT_TRACK_ISSUE_READ)
|
||||||
public Pager<List<IssuesDao>> list(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody IssuesRequest request) {
|
public Pager<List<IssuesDao>> list(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody IssuesRequest request) {
|
||||||
Page<List<Issues>> page = PageHelper.startPage(goPage, pageSize, true);
|
Page<List<Issues>> page = PageHelper.startPage(goPage, pageSize, true);
|
||||||
return PageUtils.setPageInfo(page, issuesService.list(request));
|
return PageUtils.setPageInfo(page, issuesService.list(request));
|
||||||
}
|
}
|
||||||
|
|
||||||
@PostMapping("/list/relate/{goPage}/{pageSize}")
|
@PostMapping("/list/relate/{goPage}/{pageSize}")
|
||||||
|
@RequiresPermissions(PermissionConstants.PROJECT_TRACK_ISSUE_READ)
|
||||||
public Pager<List<IssuesDao>> relateList(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody IssuesRequest request) {
|
public Pager<List<IssuesDao>> relateList(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody IssuesRequest request) {
|
||||||
Page<List<Issues>> page = PageHelper.startPage(goPage, pageSize, true);
|
Page<List<Issues>> page = PageHelper.startPage(goPage, pageSize, true);
|
||||||
return PageUtils.setPageInfo(page, issuesService.relateList(request));
|
return PageUtils.setPageInfo(page, issuesService.relateList(request));
|
||||||
}
|
}
|
||||||
|
|
||||||
@PostMapping("/add")
|
@PostMapping("/add")
|
||||||
|
@RequiresPermissions(PermissionConstants.PROJECT_TRACK_ISSUE_READ_CREATE)
|
||||||
@MsAuditLog(module = "track_bug", type = OperLogConstants.CREATE, content = "#msClass.getLogDetails(#issuesRequest)", msClass = IssuesService.class)
|
@MsAuditLog(module = "track_bug", type = OperLogConstants.CREATE, content = "#msClass.getLogDetails(#issuesRequest)", msClass = IssuesService.class)
|
||||||
@SendNotice(taskType = NoticeConstants.TaskType.DEFECT_TASK, target = "#issuesRequest",
|
@SendNotice(taskType = NoticeConstants.TaskType.DEFECT_TASK, target = "#issuesRequest",
|
||||||
event = NoticeConstants.Event.CREATE, mailTemplate = "track/IssuesCreate", subject = "缺陷通知")
|
event = NoticeConstants.Event.CREATE, mailTemplate = "track/IssuesCreate", subject = "缺陷通知")
|
||||||
|
|
@ -51,6 +56,7 @@ public class IssuesController {
|
||||||
}
|
}
|
||||||
|
|
||||||
@PostMapping("/update")
|
@PostMapping("/update")
|
||||||
|
@RequiresPermissions(PermissionConstants.PROJECT_TRACK_ISSUE_READ_EDIT)
|
||||||
@MsAuditLog(module = "track_bug", type = OperLogConstants.UPDATE, beforeEvent = "#msClass.getLogDetails(#issuesRequest.id)", content = "#msClass.getLogDetails(#issuesRequest.id)", msClass = IssuesService.class)
|
@MsAuditLog(module = "track_bug", type = OperLogConstants.UPDATE, beforeEvent = "#msClass.getLogDetails(#issuesRequest.id)", content = "#msClass.getLogDetails(#issuesRequest.id)", msClass = IssuesService.class)
|
||||||
@SendNotice(taskType = NoticeConstants.TaskType.DEFECT_TASK, target = "#issuesRequest",
|
@SendNotice(taskType = NoticeConstants.TaskType.DEFECT_TASK, target = "#issuesRequest",
|
||||||
event = NoticeConstants.Event.UPDATE, mailTemplate = "track/IssuesUpdate", subject = "缺陷通知")
|
event = NoticeConstants.Event.UPDATE, mailTemplate = "track/IssuesUpdate", subject = "缺陷通知")
|
||||||
|
|
@ -59,17 +65,20 @@ public class IssuesController {
|
||||||
}
|
}
|
||||||
|
|
||||||
@GetMapping("/get/case/{id}")
|
@GetMapping("/get/case/{id}")
|
||||||
|
@RequiresPermissions(PermissionConstants.PROJECT_TRACK_ISSUE_READ)
|
||||||
public List<IssuesDao> getIssues(@PathVariable String id) {
|
public List<IssuesDao> getIssues(@PathVariable String id) {
|
||||||
return issuesService.getIssues(id);
|
return issuesService.getIssues(id);
|
||||||
}
|
}
|
||||||
|
|
||||||
@GetMapping("/get/{id}")
|
@GetMapping("/get/{id}")
|
||||||
|
@RequiresPermissions(PermissionConstants.PROJECT_TRACK_ISSUE_READ)
|
||||||
public IssuesWithBLOBs getIssue(@PathVariable String id) {
|
public IssuesWithBLOBs getIssue(@PathVariable String id) {
|
||||||
return issuesService.getIssue(id);
|
return issuesService.getIssue(id);
|
||||||
}
|
}
|
||||||
|
|
||||||
@GetMapping("/plan/get/{planId}")
|
@GetMapping("/plan/get/{planId}")
|
||||||
public List<IssuesDao> getIssuesByPlanoId(@PathVariable String planId) {
|
@RequiresPermissions(PermissionConstants.PROJECT_TRACK_ISSUE_READ)
|
||||||
|
public List<IssuesDao> getIssuesByPlanId(@PathVariable String planId) {
|
||||||
return issuesService.getIssuesByPlanoId(planId);
|
return issuesService.getIssuesByPlanoId(planId);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -89,6 +98,7 @@ public class IssuesController {
|
||||||
}
|
}
|
||||||
|
|
||||||
@PostMapping("/delete")
|
@PostMapping("/delete")
|
||||||
|
@RequiresPermissions(PermissionConstants.PROJECT_TRACK_ISSUE_READ_DELETE)
|
||||||
@MsAuditLog(module = "track_bug", type = OperLogConstants.DELETE, beforeEvent = "#msClass.getLogDetails(#request.id)", msClass = IssuesService.class)
|
@MsAuditLog(module = "track_bug", type = OperLogConstants.DELETE, beforeEvent = "#msClass.getLogDetails(#request.id)", msClass = IssuesService.class)
|
||||||
public void deleteIssue(@RequestBody IssuesRequest request) {
|
public void deleteIssue(@RequestBody IssuesRequest request) {
|
||||||
issuesService.deleteIssue(request);
|
issuesService.deleteIssue(request);
|
||||||
|
|
|
||||||
|
|
@ -44,6 +44,7 @@ public class TestCaseReviewController {
|
||||||
private TestCaseCommentService testCaseCommentService;
|
private TestCaseCommentService testCaseCommentService;
|
||||||
|
|
||||||
@PostMapping("/list/{goPage}/{pageSize}")
|
@PostMapping("/list/{goPage}/{pageSize}")
|
||||||
|
@RequiresPermissions(PermissionConstants.PROJECT_TRACK_REVIEW_READ)
|
||||||
public Pager<List<TestCaseReviewDTO>> list(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody QueryCaseReviewRequest request) {
|
public Pager<List<TestCaseReviewDTO>> list(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody QueryCaseReviewRequest request) {
|
||||||
Page<Object> page = PageHelper.startPage(goPage, pageSize, true);
|
Page<Object> page = PageHelper.startPage(goPage, pageSize, true);
|
||||||
return PageUtils.setPageInfo(page, testCaseReviewService.listCaseReview(request));
|
return PageUtils.setPageInfo(page, testCaseReviewService.listCaseReview(request));
|
||||||
|
|
@ -59,6 +60,7 @@ public class TestCaseReviewController {
|
||||||
}
|
}
|
||||||
|
|
||||||
@PostMapping("/project")
|
@PostMapping("/project")
|
||||||
|
@RequiresPermissions(PermissionConstants.PROJECT_TRACK_REVIEW_READ)
|
||||||
public List<Project> getProjectByReviewId(@RequestBody TestCaseReview request) {
|
public List<Project> getProjectByReviewId(@RequestBody TestCaseReview request) {
|
||||||
return testCaseReviewService.getProjectByReviewId(request);
|
return testCaseReviewService.getProjectByReviewId(request);
|
||||||
}
|
}
|
||||||
|
|
@ -99,6 +101,7 @@ public class TestCaseReviewController {
|
||||||
}
|
}
|
||||||
|
|
||||||
@PostMapping("/list/all")
|
@PostMapping("/list/all")
|
||||||
|
@RequiresPermissions(PermissionConstants.PROJECT_TRACK_REVIEW_READ)
|
||||||
public List<TestCaseReview> listAll() {
|
public List<TestCaseReview> listAll() {
|
||||||
return testCaseReviewService.listCaseReviewAll();
|
return testCaseReviewService.listCaseReviewAll();
|
||||||
}
|
}
|
||||||
|
|
@ -126,6 +129,7 @@ public class TestCaseReviewController {
|
||||||
|
|
||||||
|
|
||||||
@GetMapping("/get/{reviewId}")
|
@GetMapping("/get/{reviewId}")
|
||||||
|
@RequiresPermissions(PermissionConstants.PROJECT_TRACK_REVIEW_READ)
|
||||||
public TestCaseReview getTestReview(@PathVariable String reviewId) {
|
public TestCaseReview getTestReview(@PathVariable String reviewId) {
|
||||||
checkPermissionService.checkTestReviewOwner(reviewId);
|
checkPermissionService.checkTestReviewOwner(reviewId);
|
||||||
return testCaseReviewService.getTestReview(reviewId);
|
return testCaseReviewService.getTestReview(reviewId);
|
||||||
|
|
|
||||||
|
|
@ -71,6 +71,7 @@ public class TestPlanController {
|
||||||
}
|
}
|
||||||
|
|
||||||
@PostMapping("/list/all")
|
@PostMapping("/list/all")
|
||||||
|
@RequiresPermissions(PermissionConstants.PROJECT_TRACK_PLAN_READ)
|
||||||
public List<TestPlan> listAll(@RequestBody QueryTestPlanRequest request) {
|
public List<TestPlan> listAll(@RequestBody QueryTestPlanRequest request) {
|
||||||
return testPlanService.listTestAllPlan(request);
|
return testPlanService.listTestAllPlan(request);
|
||||||
}
|
}
|
||||||
|
|
@ -87,6 +88,7 @@ public class TestPlanController {
|
||||||
}
|
}
|
||||||
|
|
||||||
@PostMapping("/get/{testPlanId}")
|
@PostMapping("/get/{testPlanId}")
|
||||||
|
@RequiresPermissions(PermissionConstants.PROJECT_TRACK_PLAN_READ)
|
||||||
public TestPlan getTestPlan(@PathVariable String testPlanId) {
|
public TestPlan getTestPlan(@PathVariable String testPlanId) {
|
||||||
checkPermissionService.checkTestPlanOwner(testPlanId);
|
checkPermissionService.checkTestPlanOwner(testPlanId);
|
||||||
return testPlanService.getTestPlan(testPlanId);
|
return testPlanService.getTestPlan(testPlanId);
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue