diff --git a/backend/services/case-management/src/main/java/io/metersphere/functional/controller/CaseReviewController.java b/backend/services/case-management/src/main/java/io/metersphere/functional/controller/CaseReviewController.java index c5b27b71eb..4e02a3e885 100644 --- a/backend/services/case-management/src/main/java/io/metersphere/functional/controller/CaseReviewController.java +++ b/backend/services/case-management/src/main/java/io/metersphere/functional/controller/CaseReviewController.java @@ -84,7 +84,7 @@ public class CaseReviewController { @Log(type = OperationLogType.UPDATE, expression = "#msClass.updateCaseReviewLog(#request)", msClass = CaseReviewLogService.class) @SendNotice(taskType = NoticeConstants.TaskType.CASE_REVIEW_TASK, event = NoticeConstants.Event.UPDATE, target = "#targetClass.getMainCaseReview(#request)", targetClass = CaseReviewNoticeService.class) @RequiresPermissions(PermissionConstants.CASE_REVIEW_READ_UPDATE) - @CheckOwner(resourceId = "#request.getProjectId()", resourceType = "project") + @CheckOwner(resourceId = "#request.getId()", resourceType = "case_review") public void editCaseReview(@Validated({Updated.class}) @RequestBody CaseReviewRequest request) { caseReviewService.editCaseReview(request, SessionUtils.getUserId()); } @@ -110,7 +110,7 @@ public class CaseReviewController { @Operation(summary = "用例管理-用例评审-关联用例") @Log(type = OperationLogType.ASSOCIATE, expression = "#msClass.associateCaseLog(#request)", msClass = CaseReviewLogService.class) @RequiresPermissions(PermissionConstants.CASE_REVIEW_RELEVANCE) - @CheckOwner(resourceId = "#request.getProjectId()", resourceType = "project") + @CheckOwner(resourceId = "#request.getReviewId()", resourceType = "case_review") public void associateCase(@Validated @RequestBody CaseReviewAssociateRequest request) { caseReviewService.associateCase(request, SessionUtils.getUserId()); } @@ -135,7 +135,7 @@ public class CaseReviewController { @GetMapping("/detail/{id}") @Operation(summary = "用例管理-用例评审-查看评审详情") @RequiresPermissions(PermissionConstants.CASE_REVIEW_READ) - @CheckOwner(resourceId = "#reviewId", resourceType = "case_review") + @CheckOwner(resourceId = "#id", resourceType = "case_review") public CaseReviewDTO getCaseReviewDetail(@PathVariable String id) { return caseReviewService.getCaseReviewDetail(id, SessionUtils.getUserId()); } @@ -143,7 +143,7 @@ public class CaseReviewController { @PostMapping("/batch/move") @Operation(summary = "用例管理-用例评审-批量移动用例评审") @RequiresPermissions(PermissionConstants.CASE_REVIEW_READ_UPDATE) - @CheckOwner(resourceId = "#request.getProjectId()", resourceType = "project") + @CheckOwner(resourceId = "#request.getSelectIds()", resourceType = "case_review") public void batchMoveCaseReview(@Validated @RequestBody CaseReviewBatchRequest request) { caseReviewService.batchMoveCaseReview(request, SessionUtils.getUserId()); } @@ -153,7 +153,7 @@ public class CaseReviewController { @RequiresPermissions(PermissionConstants.CASE_REVIEW_READ_DELETE) @SendNotice(taskType = NoticeConstants.TaskType.CASE_REVIEW_TASK, event = NoticeConstants.Event.DELETE, target = "#targetClass.getMainCaseReview(#reviewId)", targetClass = CaseReviewNoticeService.class) @Log(type = OperationLogType.DELETE, expression = "#msClass.deleteFunctionalCaseLog(#reviewId)", msClass = CaseReviewLogService.class) - @CheckOwner(resourceId = "#projectId", resourceType = "project") + @CheckOwner(resourceId = "#reviewId", resourceType = "case_review") public void deleteCaseReview(@PathVariable String reviewId, @PathVariable String projectId) { caseReviewService.deleteCaseReview(reviewId, projectId); } diff --git a/backend/services/case-management/src/main/java/io/metersphere/functional/controller/CaseReviewFunctionalCaseController.java b/backend/services/case-management/src/main/java/io/metersphere/functional/controller/CaseReviewFunctionalCaseController.java index d5ab1b1404..abb9c6e564 100644 --- a/backend/services/case-management/src/main/java/io/metersphere/functional/controller/CaseReviewFunctionalCaseController.java +++ b/backend/services/case-management/src/main/java/io/metersphere/functional/controller/CaseReviewFunctionalCaseController.java @@ -83,7 +83,7 @@ public class CaseReviewFunctionalCaseController { @PostMapping("/module/count") @Operation(summary = "用例管理-用例评审-评审列表-评审详情-已关联用例统计模块数量") @RequiresPermissions(PermissionConstants.CASE_REVIEW_READ) - @CheckOwner(resourceId = "#request.getProjectId()", resourceType = "project") + @CheckOwner(resourceId = "#request.getReviewId()", resourceType = "case_review") public Map moduleCount(@Validated @RequestBody ReviewFunctionalCasePageRequest request) { String userId = StringUtils.EMPTY; if (request.isViewFlag()) { @@ -105,7 +105,7 @@ public class CaseReviewFunctionalCaseController { @PostMapping("/edit/pos") @Operation(summary = "用例管理-用例评审-评审列表-评审详情-列表-拖拽排序") @RequiresPermissions(PermissionConstants.CASE_REVIEW_READ_UPDATE) - @CheckOwner(resourceId = "#request.getProjectId()", resourceType = "project") + @CheckOwner(resourceId = "#request.getReviewId()", resourceType = "case_review") public void editPos(@Validated @RequestBody CaseReviewFunctionalCasePosRequest request) { caseReviewFunctionalCaseService.editPos(request); } diff --git a/backend/services/case-management/src/main/java/io/metersphere/functional/controller/FunctionalCaseController.java b/backend/services/case-management/src/main/java/io/metersphere/functional/controller/FunctionalCaseController.java index 79bbad2e95..e289b78f20 100644 --- a/backend/services/case-management/src/main/java/io/metersphere/functional/controller/FunctionalCaseController.java +++ b/backend/services/case-management/src/main/java/io/metersphere/functional/controller/FunctionalCaseController.java @@ -99,7 +99,7 @@ public class FunctionalCaseController { @RequiresPermissions(PermissionConstants.FUNCTIONAL_CASE_READ_UPDATE) @Log(type = OperationLogType.UPDATE, expression = "#msClass.updateFunctionalCaseLog(#request, #files)", msClass = FunctionalCaseLogService.class) @SendNotice(taskType = NoticeConstants.TaskType.FUNCTIONAL_CASE_TASK, event = NoticeConstants.Event.UPDATE, target = "#targetClass.getMainFunctionalCaseDTO(#request, #request.customFields)", targetClass = FunctionalCaseNoticeService.class) - @CheckOwner(resourceId = "#request.getProjectId()", resourceType = "project") + @CheckOwner(resourceId = "#request.getId()", resourceType = "functional_case") public FunctionalCase updateFunctionalCase(@Validated @RequestPart("request") FunctionalCaseEditRequest request, @RequestPart(value = "files", required = false) List files) { String userId = SessionUtils.getUserId(); return functionalCaseService.updateFunctionalCase(request, files, userId); @@ -109,6 +109,7 @@ public class FunctionalCaseController { @PostMapping("/edit/follower") @Operation(summary = "用例管理-功能用例-关注/取消关注用例") @RequiresPermissions(PermissionConstants.FUNCTIONAL_CASE_READ_UPDATE) + @CheckOwner(resourceId = "#request.getFunctionalCaseId()", resourceType = "functional_case") public void editFollower(@Validated @RequestBody FunctionalCaseFollowerRequest request) { String userId = SessionUtils.getUserId(); functionalCaseService.editFollower(request.getFunctionalCaseId(), userId); @@ -129,7 +130,7 @@ public class FunctionalCaseController { @RequiresPermissions(PermissionConstants.FUNCTIONAL_CASE_READ_DELETE) @Log(type = OperationLogType.DELETE, expression = "#msClass.deleteFunctionalCaseLog(#request)", msClass = FunctionalCaseLogService.class) @SendNotice(taskType = NoticeConstants.TaskType.FUNCTIONAL_CASE_TASK, event = NoticeConstants.Event.DELETE, target = "#targetClass.getDeleteFunctionalCaseDTO(#request.id)", targetClass = FunctionalCaseNoticeService.class) - @CheckOwner(resourceId = "#request.getProjectId()", resourceType = "project") + @CheckOwner(resourceId = "#request.getId()", resourceType = "functional_case") public void deleteFunctionalCase(@Validated @RequestBody FunctionalCaseDeleteRequest request) { String userId = SessionUtils.getUserId(); functionalCaseService.deleteFunctionalCase(request, userId); @@ -207,7 +208,7 @@ public class FunctionalCaseController { @PostMapping("edit/pos") @Operation(summary = "用例管理-功能用例-拖拽排序") @RequiresPermissions(PermissionConstants.FUNCTIONAL_CASE_READ_UPDATE) - @CheckOwner(resourceId = "#request.getProjectId()", resourceType = "project") + @CheckOwner(resourceId = "#request.getTargetId()", resourceType = "functional_case") public void editPos(@Validated @RequestBody PosRequest request) { functionalCaseService.editPos(request); } @@ -233,6 +234,7 @@ public class FunctionalCaseController { @PostMapping("/import/excel") @Operation(summary = "用例管理-功能用例-excel导入") @RequiresPermissions(PermissionConstants.FUNCTIONAL_CASE_READ_UPDATE) + @CheckOwner(resourceId = "#request.getProjectId()", resourceType = "project") public FunctionalCaseImportResponse importExcel(@RequestPart("request") FunctionalCaseImportRequest request, @RequestPart(value = "file", required = false) MultipartFile file) { SessionUser user = SessionUtils.getUser(); return functionalCaseFileService.importExcel(request, user, file);