diff --git a/backend/framework/sdk/src/main/java/io/metersphere/sdk/constants/PermissionConstants.java b/backend/framework/sdk/src/main/java/io/metersphere/sdk/constants/PermissionConstants.java index d95c82c289..6c12634efc 100644 --- a/backend/framework/sdk/src/main/java/io/metersphere/sdk/constants/PermissionConstants.java +++ b/backend/framework/sdk/src/main/java/io/metersphere/sdk/constants/PermissionConstants.java @@ -71,6 +71,21 @@ public class PermissionConstants { public static final String SYSTEM_SETTING_READ_CREAT = "SYSTEM_SETTING:READ+CREAT"; public static final String SYSTEM_SETTING_READ_DELETE = "SYSTEM_SETTING:READ+DELETE"; public static final String SYSTEM_SETTING_READ_AUTH_MANAGE = "SYSTEM_SETTING:READ+AUTH_MANAGE"; + + /*------ start: SYSTEM_PARAMETER_SETTING ------*/ + public static final String SYSTEM_PARAMETER_SETTING_BASE_READ = "SYSTEM_PARAMETER_SETTING_BASE:READ"; + public static final String SYSTEM_PARAMETER_SETTING_BASE_READ_UPDATE = "SYSTEM_PARAMETER_SETTING_BASE:READ+UPDATE"; + public static final String SYSTEM_PARAMETER_SETTING_DISPLAY_READ = "SYSTEM_PARAMETER_SETTING_DISPLAY:READ"; + public static final String SYSTEM_PARAMETER_SETTING_DISPLAY_READ_UPDATE = "SYSTEM_PARAMETER_SETTING_DISPLAY:READ+UPDATE"; + public static final String SYSTEM_PARAMETER_SETTING_AUTH_READ = "SYSTEM_PARAMETER_SETTING_AUTH:READ"; + public static final String SYSTEM_PARAMETER_SETTING_AUTH_READ_CREAT = "SYSTEM_PARAMETER_SETTING_AUTH:READ+CREAT"; + public static final String SYSTEM_PARAMETER_SETTING_AUTH_READ_UPDATE = "SYSTEM_PARAMETER_SETTING_AUTH:READ+UPDATE"; + public static final String SYSTEM_PARAMETER_SETTING_AUTH_READ_DELETE = "SYSTEM_PARAMETER_SETTING_AUTH:READ+DELETE"; + + /*------ end: SYSTEM_PARAMETER_SETTING ------*/ + + + public static final String SYSTEM_QUOTA_READ = "SYSTEM_QUOTA:READ"; public static final String SYSTEM_QUOTA_READ_UPDATE = "SYSTEM_QUOTA:READ+UPDATE"; public static final String SYSTEM_AUTH_READ = "SYSTEM_AUTH:READ"; diff --git a/backend/framework/sdk/src/main/java/io/metersphere/sdk/service/SystemParameterService.java b/backend/framework/sdk/src/main/java/io/metersphere/sdk/service/SystemParameterService.java index 05c8f210c5..2e1230a5e6 100644 --- a/backend/framework/sdk/src/main/java/io/metersphere/sdk/service/SystemParameterService.java +++ b/backend/framework/sdk/src/main/java/io/metersphere/sdk/service/SystemParameterService.java @@ -26,6 +26,7 @@ import org.springframework.mail.javamail.MimeMessageHelper; import org.springframework.stereotype.Service; import org.springframework.transaction.annotation.Transactional; +import java.util.ArrayList; import java.util.Arrays; import java.util.HashMap; import java.util.List; @@ -211,10 +212,11 @@ public class SystemParameterService { /** * 添加接口日志 - + * * @return */ - public LogDTO addLog(List systemParameter) { + public LogDTO updateBaseLog(List systemParameter) { + List originalValue = getOriginalValue(systemParameter); LogDTO dto = new LogDTO( "system", "", @@ -222,15 +224,16 @@ public class SystemParameterService { null, OperationLogType.ADD.name(), OperationLogModule.SYSTEM_PARAMETER_SETTING, - "系统参数"); + "基础设置"); dto.setPath("/system/parameter/save/base-info"); dto.setMethod(HttpMethodConstants.POST.name()); - dto.setOriginalValue(JSON.toJSONBytes(systemParameter)); + dto.setOriginalValue(JSON.toJSONBytes(originalValue)); return dto; } public LogDTO updateLog(List systemParameter) { + List originalValue = getOriginalValue(systemParameter); LogDTO dto = new LogDTO( "system", "", @@ -238,11 +241,24 @@ public class SystemParameterService { null, OperationLogType.ADD.name(), OperationLogModule.SYSTEM_PARAMETER_SETTING, - "编辑邮件信息"); + "基础设置"); dto.setPath("/system/parameter/edit/email-info"); dto.setMethod(HttpMethodConstants.POST.name()); - dto.setOriginalValue(JSON.toJSONBytes(systemParameter)); + dto.setOriginalValue(JSON.toJSONBytes(originalValue)); return dto; } + + private List getOriginalValue(List systemParameter) { + SystemParameterExample example = new SystemParameterExample(); + List originalValue = new ArrayList<>(); + systemParameter.forEach(param -> { + String paramKey = param.getParamKey(); + example.createCriteria().andParamKeyEqualTo(paramKey); + List baseUrlParameterList = systemParameterMapper.selectByExample(example); + originalValue.addAll(baseUrlParameterList); + example.clear(); + }); + return originalValue; + } } diff --git a/backend/services/system-setting/src/main/java/io/metersphere/system/controller/AuthSourceController.java b/backend/services/system-setting/src/main/java/io/metersphere/system/controller/AuthSourceController.java index ff725a9cde..3eb8cd5e37 100644 --- a/backend/services/system-setting/src/main/java/io/metersphere/system/controller/AuthSourceController.java +++ b/backend/services/system-setting/src/main/java/io/metersphere/system/controller/AuthSourceController.java @@ -31,7 +31,7 @@ public class AuthSourceController { @PostMapping("/list") @Operation(summary = "认证设置列表查询") - @RequiresPermissions(PermissionConstants.SYSTEM_SETTING_READ) + @RequiresPermissions(PermissionConstants.SYSTEM_PARAMETER_SETTING_AUTH_READ) public Pager> list(@Validated @RequestBody BasePageRequest request) { Page page = PageHelper.startPage(request.getCurrent(), request.getPageSize(), StringUtils.isNotBlank(request.getSortString()) ? request.getSortString() : "create_time desc"); @@ -40,7 +40,7 @@ public class AuthSourceController { @PostMapping("/add") @Operation(summary = "新增认证设置") - @RequiresPermissions(PermissionConstants.SYSTEM_SETTING_READ_CREAT) + @RequiresPermissions(PermissionConstants.SYSTEM_PARAMETER_SETTING_AUTH_READ_CREAT) @Log(type = OperationLogType.ADD, expression = "#msClass.addLog(#authSource)", msClass = AuthSourceLogService.class) public void add(@Validated @RequestBody AuthSourceRequest authSource) { authSourceService.addAuthSource(authSource); @@ -48,7 +48,7 @@ public class AuthSourceController { @PostMapping("/update") @Operation(summary = "更新认证设置") - @RequiresPermissions(PermissionConstants.SYSTEM_SETTING_READ_UPDATE) + @RequiresPermissions(PermissionConstants.SYSTEM_PARAMETER_SETTING_AUTH_READ_UPDATE) @Log(type = OperationLogType.UPDATE, expression = "#msClass.updateLog(#authSource)", msClass = AuthSourceLogService.class) public void update(@Validated @RequestBody AuthSourceRequest authSource) { authSourceService.updateAuthSource(authSource); @@ -56,14 +56,14 @@ public class AuthSourceController { @GetMapping("/get/{id}") @Operation(summary = "获取认证设置详细信息") - @RequiresPermissions(PermissionConstants.SYSTEM_SETTING_READ) + @RequiresPermissions(PermissionConstants.SYSTEM_PARAMETER_SETTING_AUTH_READ) public AuthSource get(@PathVariable(value = "id") String id) { return authSourceService.getAuthSource(id); } @GetMapping("/delete/{id}") @Operation(summary = "删除认证设置") - @RequiresPermissions(PermissionConstants.SYSTEM_SETTING_READ_DELETE) + @RequiresPermissions(PermissionConstants.SYSTEM_PARAMETER_SETTING_AUTH_READ_DELETE) @Log(type = OperationLogType.DELETE, expression = "#msClass.deleteLog(#id)", msClass = AuthSourceLogService.class) public void delete(@PathVariable(value = "id") String id) { authSourceService.deleteAuthSource(id); @@ -72,7 +72,7 @@ public class AuthSourceController { @GetMapping("/update/{authId}/status/{status}") @Operation(summary = "更新状态") - @RequiresPermissions(PermissionConstants.SYSTEM_SETTING_READ_UPDATE) + @RequiresPermissions(PermissionConstants.SYSTEM_PARAMETER_SETTING_AUTH_READ_UPDATE) @Log(type = OperationLogType.UPDATE, expression = "#msClass.updateLog(#authId)", msClass = AuthSourceLogService.class) public void updateStatus(@PathVariable(value = "authId") String authId, @PathVariable("status") String status) { authSourceService.updateStatus(authId, status); diff --git a/backend/services/system-setting/src/main/java/io/metersphere/system/controller/OperationLogController.java b/backend/services/system-setting/src/main/java/io/metersphere/system/controller/OperationLogController.java index cdfcfcb1ef..8113bd7413 100644 --- a/backend/services/system-setting/src/main/java/io/metersphere/system/controller/OperationLogController.java +++ b/backend/services/system-setting/src/main/java/io/metersphere/system/controller/OperationLogController.java @@ -48,7 +48,7 @@ public class OperationLogController { //获取全部组织 List organizationList = organizationService.getOrganizationOptions(); //获取全部项目 - List projectList = systemProjectService.getprojectOptions(); + List projectList = systemProjectService.getProjectOptions(); OrganizationProjectOptionsResponse optionsResponse = new OrganizationProjectOptionsResponse(); optionsResponse.setOrganizationList(organizationList); diff --git a/backend/services/system-setting/src/main/java/io/metersphere/system/controller/SystemParameterController.java b/backend/services/system-setting/src/main/java/io/metersphere/system/controller/SystemParameterController.java index 30fab6dddd..14b3c4b6e2 100644 --- a/backend/services/system-setting/src/main/java/io/metersphere/system/controller/SystemParameterController.java +++ b/backend/services/system-setting/src/main/java/io/metersphere/system/controller/SystemParameterController.java @@ -11,7 +11,6 @@ import io.metersphere.system.domain.SystemParameter; import io.swagger.v3.oas.annotations.Operation; import io.swagger.v3.oas.annotations.tags.Tag; import jakarta.annotation.Resource; -import org.apache.shiro.authz.annotation.Logical; import org.apache.shiro.authz.annotation.RequiresPermissions; import org.springframework.validation.annotation.Validated; import org.springframework.web.bind.annotation.*; @@ -30,8 +29,8 @@ public class SystemParameterController { @PostMapping("/save/base-info") @Operation(summary = "保存基本信息") - @RequiresPermissions(value= {PermissionConstants.SYSTEM_SETTING_READ_UPDATE, PermissionConstants.SYSTEM_SETTING_READ_CREAT}, logical = Logical.OR) - @Log(type = OperationLogType.ADD, expression = "#msClass.addLog(#systemParameter)", msClass = SystemParameterService.class) + @RequiresPermissions(PermissionConstants.SYSTEM_PARAMETER_SETTING_BASE_READ_UPDATE) + @Log(type = OperationLogType.UPDATE, expression = "#msClass.updateBaseLog(#systemParameter)", msClass = SystemParameterService.class) public void saveBaseParameter(@Validated @RequestBody List systemParameter) { systemParameterService.saveBaseInfo(systemParameter); } @@ -39,7 +38,7 @@ public class SystemParameterController { @GetMapping("/get/base-info") @Operation(summary = "获取基本信息") - @RequiresPermissions(PermissionConstants.SYSTEM_SETTING_READ) + @RequiresPermissions(PermissionConstants.SYSTEM_PARAMETER_SETTING_BASE_READ) public BaseSystemConfigDTO getBaseInfo() { return systemParameterService.getBaseInfo(); } @@ -47,7 +46,7 @@ public class SystemParameterController { @GetMapping("/get/email-info") @Operation(summary = "获取邮件信息") - @RequiresPermissions(PermissionConstants.SYSTEM_SETTING_READ) + @RequiresPermissions(PermissionConstants.SYSTEM_PARAMETER_SETTING_BASE_READ) public EMailInfoDto getEmailInfo() { return systemParameterService.getEmailInfo(); } @@ -55,7 +54,7 @@ public class SystemParameterController { @PostMapping("/edit/email-info") @Operation(summary = "保存邮件信息") - @RequiresPermissions(value= {PermissionConstants.SYSTEM_SETTING_READ_UPDATE, PermissionConstants.SYSTEM_SETTING_READ_CREAT}, logical = Logical.OR) + @RequiresPermissions(PermissionConstants.SYSTEM_PARAMETER_SETTING_BASE_READ_UPDATE) @Log(type = OperationLogType.UPDATE, expression = "#msClass.updateLog(#systemParameter)", msClass = SystemParameterService.class) public void editEMailInfo(@Validated @RequestBody List systemParameter) { systemParameterService.editEMailInfo(systemParameter); @@ -64,7 +63,7 @@ public class SystemParameterController { @PostMapping("/test/email") @Operation(summary = "测试连接") - @RequiresPermissions(PermissionConstants.SYSTEM_SETTING_READ) + @RequiresPermissions(PermissionConstants.SYSTEM_PARAMETER_SETTING_BASE_READ) public void testEmailConnection(@RequestBody HashMap hashMap) { systemParameterService.testEmailConnection(hashMap); } diff --git a/backend/services/system-setting/src/main/java/io/metersphere/system/service/AuthSourceLogService.java b/backend/services/system-setting/src/main/java/io/metersphere/system/service/AuthSourceLogService.java index f349c15896..e337f0a3d3 100644 --- a/backend/services/system-setting/src/main/java/io/metersphere/system/service/AuthSourceLogService.java +++ b/backend/services/system-setting/src/main/java/io/metersphere/system/service/AuthSourceLogService.java @@ -39,7 +39,7 @@ public class AuthSourceLogService { dto.setPath(PRE_URI + "/add"); dto.setMethod(HttpMethodConstants.POST.name()); - dto.setOriginalValue(JSON.toJSONBytes(request)); + dto.setModifiedValue(JSON.toJSONBytes(request)); return dto; } diff --git a/backend/services/system-setting/src/main/java/io/metersphere/system/service/SystemProjectService.java b/backend/services/system-setting/src/main/java/io/metersphere/system/service/SystemProjectService.java index 4258d17dba..cd5e6dc7d4 100644 --- a/backend/services/system-setting/src/main/java/io/metersphere/system/service/SystemProjectService.java +++ b/backend/services/system-setting/src/main/java/io/metersphere/system/service/SystemProjectService.java @@ -239,7 +239,7 @@ public class SystemProjectService { userRoleRelationMapper.deleteByExample(userGroupExample); } - public List getprojectOptions() { + public List getProjectOptions() { return extSystemProjectMapper.selectProjectOptions(); } } diff --git a/backend/services/system-setting/src/main/resources/permission.json b/backend/services/system-setting/src/main/resources/permission.json index b3b18ae9ef..1ccb796df7 100644 --- a/backend/services/system-setting/src/main/resources/permission.json +++ b/backend/services/system-setting/src/main/resources/permission.json @@ -93,6 +93,44 @@ "id": "SYSTEM_PLUGIN:READ+DELETE", "name": "permission.system_plugin.delete", "resourceId": "SYSTEM_PLUGIN" + }, + { + "id": "SYSTEM_PARAMETER_SETTING", + "name": "permission.system_parameter_setting.name", + "permissions": [ + { + "id": "SYSTEM_PARAMETER_SETTING_BASE:READ", + "name": "permission.system_parameter_setting_base.read" + }, + { + "id": "SYSTEM_PARAMETER_SETTING_BASE:READ+UPDATE", + "name": "permission.system_parameter_setting_base.update" + }, + { + "id": "SYSTEM_PARAMETER_SETTING_DISPLAY:READ", + "name": "permission.system_parameter_setting_display.read" + }, + { + "id": "SYSTEM_PARAMETER_SETTING_DISPLAY:READ+UPDATE", + "name": "permission.system_parameter_setting_display.update" + }, + { + "id": "SYSTEM_PARAMETER_SETTING_AUTH:READ", + "name": "permission.system_parameter_setting_auth.read" + }, + { + "id": "SYSTEM_PARAMETER_SETTING_AUTH:READ+CREAT", + "name": "permission.system_parameter_setting_auth.creat" + }, + { + "id": "SYSTEM_PARAMETER_SETTING_AUTH:READ+UPDATE", + "name": "permission.system_parameter_setting_auth.update" + }, + { + "id": "SYSTEM_PARAMETER_SETTING_AUTH:READ+DELETE", + "name": "permission.system_parameter_setting_auth.delete" + } + ] } ] }, diff --git a/backend/services/system-setting/src/test/java/io/metersphere/system/controller/AuthSourceControllerTests.java b/backend/services/system-setting/src/test/java/io/metersphere/system/controller/AuthSourceControllerTests.java index 534d13e6b3..c6b05d89c3 100644 --- a/backend/services/system-setting/src/test/java/io/metersphere/system/controller/AuthSourceControllerTests.java +++ b/backend/services/system-setting/src/test/java/io/metersphere/system/controller/AuthSourceControllerTests.java @@ -55,7 +55,7 @@ public class AuthSourceControllerTests extends BaseTest { this.requestPost(AUTH_SOURCE_ADD, authSource); // @@校验权限 - requestPostPermissionTest(PermissionConstants.SYSTEM_SETTING_READ_CREAT, AUTH_SOURCE_ADD, authSource); + requestPostPermissionTest(PermissionConstants.SYSTEM_PARAMETER_SETTING_AUTH_READ_CREAT, AUTH_SOURCE_ADD, authSource); } @Test @@ -66,7 +66,7 @@ public class AuthSourceControllerTests extends BaseTest { basePageRequest.setPageSize(10); this.requestPost(AUTH_SOURCE_LIST, basePageRequest); - requestPostPermissionTest(PermissionConstants.SYSTEM_SETTING_READ, AUTH_SOURCE_LIST, basePageRequest); + requestPostPermissionTest(PermissionConstants.SYSTEM_PARAMETER_SETTING_AUTH_READ, AUTH_SOURCE_LIST, basePageRequest); } @@ -81,7 +81,7 @@ public class AuthSourceControllerTests extends BaseTest { authSource.setType("CAS"); this.requestPost(AUTH_SOURCE_UPDATE, authSource); - requestPostPermissionTest(PermissionConstants.SYSTEM_SETTING_READ_UPDATE, AUTH_SOURCE_UPDATE, authSource); + requestPostPermissionTest(PermissionConstants.SYSTEM_PARAMETER_SETTING_AUTH_READ_UPDATE, AUTH_SOURCE_UPDATE, authSource); } @Test @@ -91,7 +91,7 @@ public class AuthSourceControllerTests extends BaseTest { String url = AUTH_SOURCE_UPDATE + "/" + authSourceList.get(0).getId() + "/status/false"; this.requestGet(url); - requestGetPermissionTest(PermissionConstants.SYSTEM_SETTING_READ_UPDATE, url); + requestGetPermissionTest(PermissionConstants.SYSTEM_PARAMETER_SETTING_AUTH_READ_UPDATE, url); } @@ -102,7 +102,7 @@ public class AuthSourceControllerTests extends BaseTest { String url = AUTH_SOURCE_GET + authSourceList.get(0).getId(); this.requestGet(url); - requestGetPermissionTest(PermissionConstants.SYSTEM_SETTING_READ, url); + requestGetPermissionTest(PermissionConstants.SYSTEM_PARAMETER_SETTING_AUTH_READ, url); } @@ -113,7 +113,7 @@ public class AuthSourceControllerTests extends BaseTest { String url = AUTH_SOURCE_DELETE + authSourceList.get(0).getId(); this.requestGet(url); - requestGetPermissionTest(PermissionConstants.SYSTEM_SETTING_READ_DELETE, url); + requestGetPermissionTest(PermissionConstants.SYSTEM_PARAMETER_SETTING_AUTH_READ_DELETE, url); } diff --git a/backend/services/system-setting/src/test/java/io/metersphere/system/controller/SystemParameterControllerTests.java b/backend/services/system-setting/src/test/java/io/metersphere/system/controller/SystemParameterControllerTests.java index 349368368f..c3a139fe71 100644 --- a/backend/services/system-setting/src/test/java/io/metersphere/system/controller/SystemParameterControllerTests.java +++ b/backend/services/system-setting/src/test/java/io/metersphere/system/controller/SystemParameterControllerTests.java @@ -1,15 +1,17 @@ package io.metersphere.system.controller; -import com.jayway.jsonpath.JsonPath; +import base.BaseTest; +import io.metersphere.sdk.constants.PermissionConstants; import io.metersphere.sdk.constants.SessionConstants; import io.metersphere.sdk.util.JSON; import io.metersphere.system.domain.SystemParameter; -import jakarta.annotation.Resource; -import org.junit.jupiter.api.*; +import org.junit.jupiter.api.MethodOrderer; +import org.junit.jupiter.api.Order; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.TestMethodOrder; import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc; import org.springframework.boot.test.context.SpringBootTest; import org.springframework.http.MediaType; -import org.springframework.test.web.servlet.MockMvc; import org.springframework.test.web.servlet.MvcResult; import org.springframework.test.web.servlet.ResultMatcher; import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; @@ -25,13 +27,8 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers. @SpringBootTest @AutoConfigureMockMvc @TestMethodOrder(MethodOrderer.OrderAnnotation.class) -public class SystemParameterControllerTests { +public class SystemParameterControllerTests extends BaseTest { - @Resource - private MockMvc mockMvc; - - private static String sessionId; - private static String csrfToken; public static final String BASE_INFO_SAVE_URL = "/system/parameter/save/base-info"; @@ -46,17 +43,6 @@ public class SystemParameterControllerTests { private static final ResultMatcher ERROR_REQUEST_MATCHER = status().is5xxServerError(); - @BeforeEach - public void login() throws Exception { - MvcResult mvcResult = mockMvc.perform(MockMvcRequestBuilders.post("/login") - .content("{\"username\":\"admin\",\"password\":\"metersphere\"}") - .contentType(MediaType.APPLICATION_JSON)) - .andExpect(status().isOk()) - .andExpect(content().contentType(MediaType.APPLICATION_JSON)) - .andReturn(); - sessionId = JsonPath.read(mvcResult.getResponse().getContentAsString(), "$.data.sessionId"); - csrfToken = JsonPath.read(mvcResult.getResponse().getContentAsString(), "$.data.csrfToken"); - } @Test @Order(1) @@ -76,7 +62,7 @@ public class SystemParameterControllerTests { }}; this.requestPost(BASE_INFO_SAVE_URL, systemParameters); - + requestPostPermissionTest(PermissionConstants.SYSTEM_PARAMETER_SETTING_BASE_READ_UPDATE, BASE_INFO_SAVE_URL, systemParameters); } @@ -84,12 +70,14 @@ public class SystemParameterControllerTests { @Order(2) public void testGetBaseInfo() throws Exception { this.requestGet(BASE_INFO_URL); + requestGetPermissionTest(PermissionConstants.SYSTEM_PARAMETER_SETTING_BASE_READ, BASE_INFO_URL); } @Test @Order(3) public void testGetEmailInfo() throws Exception { this.requestGet(EMAIL_INFO_URL); + requestGetPermissionTest(PermissionConstants.SYSTEM_PARAMETER_SETTING_BASE_READ, EMAIL_INFO_URL); } @@ -120,6 +108,7 @@ public class SystemParameterControllerTests { }}); }}; this.requestPost(EMAIL_INFO_SAVE_URL, systemParameters); + requestPostPermissionTest(PermissionConstants.SYSTEM_PARAMETER_SETTING_BASE_READ_UPDATE, EMAIL_INFO_SAVE_URL, systemParameters); } @Test @@ -154,7 +143,7 @@ public class SystemParameterControllerTests { }}); }}; this.requestPost(BASE_INFO_SAVE_URL, systemParameters); - + requestPostPermissionTest(PermissionConstants.SYSTEM_PARAMETER_SETTING_BASE_READ_UPDATE, BASE_INFO_SAVE_URL, systemParameters); }