fix(接口测试): 修复批量操作没有设置权限的缺陷

--bug=1033911 --user=王孝刚 【接口测试】调用接口/api/api/automation/move-gc-batch可删除无权限项目下接口场景 https://www.tapd.cn/55049933/s/1447523
This commit is contained in:
wxg0103 2023-12-22 15:27:27 +08:00 committed by 刘瑞斌
parent 67bbac5d00
commit df9cf8cfae
3 changed files with 17 additions and 0 deletions

View File

@ -138,6 +138,7 @@ public class ApiDefinitionController {
@PostMapping("/del-batch") @PostMapping("/del-batch")
@RequiresPermissions(PermissionConstants.PROJECT_API_DEFINITION_READ_DELETE_API) @RequiresPermissions(PermissionConstants.PROJECT_API_DEFINITION_READ_DELETE_API)
@MsAuditLog(module = OperLogModule.API_DEFINITION, type = OperLogConstants.BATCH_DEL, beforeEvent = "#msClass.getLogDetails(#request.ids)", msClass = ApiDefinitionService.class) @MsAuditLog(module = OperLogModule.API_DEFINITION, type = OperLogConstants.BATCH_DEL, beforeEvent = "#msClass.getLogDetails(#request.ids)", msClass = ApiDefinitionService.class)
@CheckOwner(resourceId = "#request.ids", resourceType = "api_definition")
public void deleteBatchByParams(@RequestBody ApiBatchRequest request) { public void deleteBatchByParams(@RequestBody ApiBatchRequest request) {
apiDefinitionService.deleteByParams(request); apiDefinitionService.deleteByParams(request);
} }
@ -145,6 +146,7 @@ public class ApiDefinitionController {
@PostMapping("/copy/by/version") @PostMapping("/copy/by/version")
@RequiresPermissions(PermissionConstants.PROJECT_API_DEFINITION_READ_EDIT_API) @RequiresPermissions(PermissionConstants.PROJECT_API_DEFINITION_READ_EDIT_API)
@MsAuditLog(module = OperLogModule.API_DEFINITION, type = OperLogConstants.UPDATE, beforeEvent = "#msClass.getLogDetails(#request.ids)", title = "#request.name", content = "#msClass.getLogDetails(#request.ids)", msClass = ApiDefinitionService.class) @MsAuditLog(module = OperLogModule.API_DEFINITION, type = OperLogConstants.UPDATE, beforeEvent = "#msClass.getLogDetails(#request.ids)", title = "#request.name", content = "#msClass.getLogDetails(#request.ids)", msClass = ApiDefinitionService.class)
@CheckOwner(resourceId = "#request.ids", resourceType = "api_definition")
public void copyByVersion(@RequestBody BatchDataCopyRequest request) { public void copyByVersion(@RequestBody BatchDataCopyRequest request) {
apiDefinitionService.copyCaseOrMockByVersion(request); apiDefinitionService.copyCaseOrMockByVersion(request);
} }
@ -162,6 +164,7 @@ public class ApiDefinitionController {
@RequiresPermissions(PermissionConstants.PROJECT_API_DEFINITION_READ_DELETE_API) @RequiresPermissions(PermissionConstants.PROJECT_API_DEFINITION_READ_DELETE_API)
@MsAuditLog(module = OperLogModule.API_DEFINITION, type = OperLogConstants.BATCH_GC, beforeEvent = "#msClass.getLogDetails(#request.ids)", msClass = ApiDefinitionService.class) @MsAuditLog(module = OperLogModule.API_DEFINITION, type = OperLogConstants.BATCH_GC, beforeEvent = "#msClass.getLogDetails(#request.ids)", msClass = ApiDefinitionService.class)
@SendNotice(taskType = NoticeConstants.TaskType.API_DEFINITION_TASK, event = NoticeConstants.Event.DELETE, target = "#targetClass.getBLOBs(#request.ids)", targetClass = ApiDefinitionService.class, subject = "接口定义通知") @SendNotice(taskType = NoticeConstants.TaskType.API_DEFINITION_TASK, event = NoticeConstants.Event.DELETE, target = "#targetClass.getBLOBs(#request.ids)", targetClass = ApiDefinitionService.class, subject = "接口定义通知")
@CheckOwner(resourceId = "#request.ids", resourceType = "api_definition")
public void removeToGcByParams(@RequestBody ApiBatchRequest request) { public void removeToGcByParams(@RequestBody ApiBatchRequest request) {
apiDefinitionService.removeToGcByParams(request); apiDefinitionService.removeToGcByParams(request);
} }
@ -275,6 +278,7 @@ public class ApiDefinitionController {
@PostMapping("/batch/edit") @PostMapping("/batch/edit")
@RequiresPermissions(PermissionConstants.PROJECT_API_DEFINITION_READ_EDIT_API) @RequiresPermissions(PermissionConstants.PROJECT_API_DEFINITION_READ_EDIT_API)
@MsRequestLog(module = OperLogModule.API_DEFINITION) @MsRequestLog(module = OperLogModule.API_DEFINITION)
@CheckOwner(resourceId = "#request.ids", resourceType = "api_definition")
public void editApiBath(@RequestBody ApiBatchRequest request) { public void editApiBath(@RequestBody ApiBatchRequest request) {
apiDefinitionService.editApiBath(request); apiDefinitionService.editApiBath(request);
} }
@ -283,6 +287,7 @@ public class ApiDefinitionController {
@RequiresPermissions(PermissionConstants.PROJECT_API_DEFINITION_READ_EDIT_API) @RequiresPermissions(PermissionConstants.PROJECT_API_DEFINITION_READ_EDIT_API)
@MsAuditLog(module = OperLogModule.API_DEFINITION, type = OperLogConstants.BATCH_UPDATE, beforeEvent = "#msClass.getLogDetails(#request)", content = "#msClass.getLogDetails(#request)", msClass = ApiDefinitionService.class) @MsAuditLog(module = OperLogModule.API_DEFINITION, type = OperLogConstants.BATCH_UPDATE, beforeEvent = "#msClass.getLogDetails(#request)", content = "#msClass.getLogDetails(#request)", msClass = ApiDefinitionService.class)
@SendNotice(taskType = NoticeConstants.TaskType.API_DEFINITION_TASK, event = NoticeConstants.Event.UPDATE, target = "#targetClass.getBLOBs(#request.ids)", targetClass = ApiDefinitionService.class, subject = "接口定义通知") @SendNotice(taskType = NoticeConstants.TaskType.API_DEFINITION_TASK, event = NoticeConstants.Event.UPDATE, target = "#targetClass.getBLOBs(#request.ids)", targetClass = ApiDefinitionService.class, subject = "接口定义通知")
@CheckOwner(resourceId = "#request.ids", resourceType = "api_definition")
public void editByParams(@RequestBody ApiBatchRequest request) { public void editByParams(@RequestBody ApiBatchRequest request) {
apiDefinitionService.editApiByParam(request); apiDefinitionService.editApiByParam(request);
} }
@ -290,6 +295,7 @@ public class ApiDefinitionController {
@PostMapping("/copy-batch") @PostMapping("/copy-batch")
@RequiresPermissions(PermissionConstants.PROJECT_API_DEFINITION_READ_COPY_API) @RequiresPermissions(PermissionConstants.PROJECT_API_DEFINITION_READ_COPY_API)
@MsAuditLog(module = OperLogModule.API_DEFINITION, type = OperLogConstants.BATCH_UPDATE, beforeEvent = "#msClass.getLogDetails(#request)", content = "#msClass.getLogDetails(#request)", msClass = ApiDefinitionService.class) @MsAuditLog(module = OperLogModule.API_DEFINITION, type = OperLogConstants.BATCH_UPDATE, beforeEvent = "#msClass.getLogDetails(#request)", content = "#msClass.getLogDetails(#request)", msClass = ApiDefinitionService.class)
@CheckOwner(resourceId = "#request.ids", resourceType = "api_definition")
public void batchCopy(@RequestBody ApiBatchRequest request) { public void batchCopy(@RequestBody ApiBatchRequest request) {
apiDefinitionService.batchCopy(request); apiDefinitionService.batchCopy(request);
} }

View File

@ -164,6 +164,7 @@ public class ApiTestCaseController {
@PostMapping("/batch/edit") @PostMapping("/batch/edit")
@RequiresPermissions(PermissionConstants.PROJECT_API_DEFINITION_READ_EDIT_CASE) @RequiresPermissions(PermissionConstants.PROJECT_API_DEFINITION_READ_EDIT_CASE)
@CheckOwner(resourceId = "#request.ids", resourceType = "api_test_case")
public void editApiBath(@RequestBody ApiCaseEditRequest request) { public void editApiBath(@RequestBody ApiCaseEditRequest request) {
apiTestCaseService.editApiBath(request); apiTestCaseService.editApiBath(request);
} }
@ -172,6 +173,7 @@ public class ApiTestCaseController {
@RequiresPermissions(PermissionConstants.PROJECT_API_DEFINITION_READ_EDIT_CASE) @RequiresPermissions(PermissionConstants.PROJECT_API_DEFINITION_READ_EDIT_CASE)
@MsAuditLog(module = OperLogModule.API_DEFINITION_CASE, type = OperLogConstants.BATCH_UPDATE, beforeEvent = "#msClass.getLogDetails(#request.ids)", content = "#msClass.getLogDetails(#request.ids)", msClass = ApiTestCaseService.class) @MsAuditLog(module = OperLogModule.API_DEFINITION_CASE, type = OperLogConstants.BATCH_UPDATE, beforeEvent = "#msClass.getLogDetails(#request.ids)", content = "#msClass.getLogDetails(#request.ids)", msClass = ApiTestCaseService.class)
@SendNotice(taskType = NoticeConstants.TaskType.API_DEFINITION_TASK, event = NoticeConstants.Event.CASE_UPDATE, target = "#targetClass.getApiCaseByIds(#request.ids)", targetClass = ApiTestCaseService.class, subject = "接口用例通知") @SendNotice(taskType = NoticeConstants.TaskType.API_DEFINITION_TASK, event = NoticeConstants.Event.CASE_UPDATE, target = "#targetClass.getApiCaseByIds(#request.ids)", targetClass = ApiTestCaseService.class, subject = "接口用例通知")
@CheckOwner(resourceId = "#request.ids", resourceType = "api_test_case")
public void editApiBathByParam(@RequestBody ApiTestBatchRequest request) { public void editApiBathByParam(@RequestBody ApiTestBatchRequest request) {
apiTestCaseService.editApiBathByParam(request); apiTestCaseService.editApiBathByParam(request);
} }
@ -184,6 +186,7 @@ public class ApiTestCaseController {
@PostMapping("/reduction") @PostMapping("/reduction")
@MsAuditLog(module = OperLogModule.API_DEFINITION_CASE, type = OperLogConstants.RESTORE, beforeEvent = "#msClass.getLogDetails(#request.ids)", content = "#msClass.getLogDetails(#request.ids)", msClass = ApiTestCaseService.class) @MsAuditLog(module = OperLogModule.API_DEFINITION_CASE, type = OperLogConstants.RESTORE, beforeEvent = "#msClass.getLogDetails(#request.ids)", content = "#msClass.getLogDetails(#request.ids)", msClass = ApiTestCaseService.class)
@CheckOwner(resourceId = "#request.ids", resourceType = "api_test_case")
public List<String> reduction(@RequestBody ApiTestBatchRequest request) { public List<String> reduction(@RequestBody ApiTestBatchRequest request) {
List<String> cannotReductionTestCaseApiName = apiTestCaseService.reduction(request); List<String> cannotReductionTestCaseApiName = apiTestCaseService.reduction(request);
return cannotReductionTestCaseApiName; return cannotReductionTestCaseApiName;
@ -200,6 +203,7 @@ public class ApiTestCaseController {
@PostMapping("/del-batch") @PostMapping("/del-batch")
@RequiresPermissions(PermissionConstants.PROJECT_API_DEFINITION_READ_DELETE_CASE) @RequiresPermissions(PermissionConstants.PROJECT_API_DEFINITION_READ_DELETE_CASE)
@MsAuditLog(module = OperLogModule.API_DEFINITION_CASE, type = OperLogConstants.BATCH_DEL, beforeEvent = "#msClass.getLogDetails(#request.ids)", msClass = ApiTestCaseService.class) @MsAuditLog(module = OperLogModule.API_DEFINITION_CASE, type = OperLogConstants.BATCH_DEL, beforeEvent = "#msClass.getLogDetails(#request.ids)", msClass = ApiTestCaseService.class)
@CheckOwner(resourceId = "#request.ids", resourceType = "api_test_case")
public void deleteBatchByParam(@RequestBody ApiTestBatchRequest request) { public void deleteBatchByParam(@RequestBody ApiTestBatchRequest request) {
apiTestCaseService.deleteBatchByParam(request); apiTestCaseService.deleteBatchByParam(request);
} }
@ -208,6 +212,7 @@ public class ApiTestCaseController {
@RequiresPermissions(PermissionConstants.PROJECT_API_DEFINITION_READ_DELETE_CASE) @RequiresPermissions(PermissionConstants.PROJECT_API_DEFINITION_READ_DELETE_CASE)
@MsAuditLog(module = OperLogModule.API_DEFINITION_CASE, type = OperLogConstants.BATCH_DEL, beforeEvent = "#msClass.getLogDetails(#request.ids)", msClass = ApiTestCaseService.class) @MsAuditLog(module = OperLogModule.API_DEFINITION_CASE, type = OperLogConstants.BATCH_DEL, beforeEvent = "#msClass.getLogDetails(#request.ids)", msClass = ApiTestCaseService.class)
@SendNotice(taskType = NoticeConstants.TaskType.API_DEFINITION_TASK, event = NoticeConstants.Event.CASE_DELETE, target = "#targetClass.getApiCaseByIds(#request.ids)", targetClass = ApiTestCaseService.class, subject = "接口用例通知") @SendNotice(taskType = NoticeConstants.TaskType.API_DEFINITION_TASK, event = NoticeConstants.Event.CASE_DELETE, target = "#targetClass.getApiCaseByIds(#request.ids)", targetClass = ApiTestCaseService.class, subject = "接口用例通知")
@CheckOwner(resourceId = "#request.ids", resourceType = "api_test_case")
public void deleteToGcByParam(@RequestBody ApiTestBatchRequest request) { public void deleteToGcByParam(@RequestBody ApiTestBatchRequest request) {
apiTestCaseService.deleteToGcByParam(request); apiTestCaseService.deleteToGcByParam(request);
} }

View File

@ -162,6 +162,7 @@ public class ApiScenarioController {
@PostMapping("/del-batch") @PostMapping("/del-batch")
@MsAuditLog(module = OperLogModule.API_AUTOMATION, type = OperLogConstants.BATCH_DEL, beforeEvent = "#msClass.getLogDetails(#request.ids)", msClass = ApiScenarioService.class) @MsAuditLog(module = OperLogModule.API_AUTOMATION, type = OperLogConstants.BATCH_DEL, beforeEvent = "#msClass.getLogDetails(#request.ids)", msClass = ApiScenarioService.class)
@CheckOwner(resourceId = "#request.ids", resourceType = "api_scenario")
public void deleteBatchByCondition(@RequestBody ApiScenarioBatchRequest request) { public void deleteBatchByCondition(@RequestBody ApiScenarioBatchRequest request) {
apiAutomationService.deleteBatchByCondition(request); apiAutomationService.deleteBatchByCondition(request);
} }
@ -179,6 +180,7 @@ public class ApiScenarioController {
@RequiresPermissions(PermissionConstants.PROJECT_API_SCENARIO_READ_DELETE) @RequiresPermissions(PermissionConstants.PROJECT_API_SCENARIO_READ_DELETE)
@MsAuditLog(module = OperLogModule.API_AUTOMATION, type = OperLogConstants.BATCH_GC, beforeEvent = "#msClass.getLogDetails(#request.ids)", msClass = ApiScenarioService.class) @MsAuditLog(module = OperLogModule.API_AUTOMATION, type = OperLogConstants.BATCH_GC, beforeEvent = "#msClass.getLogDetails(#request.ids)", msClass = ApiScenarioService.class)
@SendNotice(taskType = NoticeConstants.TaskType.API_AUTOMATION_TASK, target = "#targetClass.getScenarioCaseByIds(#request.ids)", targetClass = ApiScenarioService.class, event = NoticeConstants.Event.DELETE, subject = "接口自动化通知") @SendNotice(taskType = NoticeConstants.TaskType.API_AUTOMATION_TASK, target = "#targetClass.getScenarioCaseByIds(#request.ids)", targetClass = ApiScenarioService.class, event = NoticeConstants.Event.DELETE, subject = "接口自动化通知")
@CheckOwner(resourceId = "#request.ids", resourceType = "api_scenario")
public void removeToGcByBatch(@RequestBody ApiScenarioBatchRequest request) { public void removeToGcByBatch(@RequestBody ApiScenarioBatchRequest request) {
apiAutomationService.removeToGcByBatch(request); apiAutomationService.removeToGcByBatch(request);
} }
@ -191,6 +193,7 @@ public class ApiScenarioController {
@PostMapping("/reduction") @PostMapping("/reduction")
@MsAuditLog(module = OperLogModule.API_AUTOMATION, type = OperLogConstants.RESTORE, beforeEvent = "#msClass.getLogDetails(#ids)", msClass = ApiScenarioService.class) @MsAuditLog(module = OperLogModule.API_AUTOMATION, type = OperLogConstants.RESTORE, beforeEvent = "#msClass.getLogDetails(#ids)", msClass = ApiScenarioService.class)
@CheckOwner(resourceId = "#ids", resourceType = "api_scenario")
public void reduction(@RequestBody List<String> ids) { public void reduction(@RequestBody List<String> ids) {
apiAutomationService.reduction(ids); apiAutomationService.reduction(ids);
} }
@ -283,6 +286,7 @@ public class ApiScenarioController {
@RequiresPermissions(PermissionConstants.PROJECT_API_SCENARIO_READ_EDIT) @RequiresPermissions(PermissionConstants.PROJECT_API_SCENARIO_READ_EDIT)
@MsAuditLog(module = OperLogModule.API_AUTOMATION, type = OperLogConstants.BATCH_UPDATE, beforeEvent = "#msClass.getLogDetails(#request.ids)", content = "#msClass.getLogDetails(#request.ids)", msClass = ApiScenarioService.class) @MsAuditLog(module = OperLogModule.API_AUTOMATION, type = OperLogConstants.BATCH_UPDATE, beforeEvent = "#msClass.getLogDetails(#request.ids)", content = "#msClass.getLogDetails(#request.ids)", msClass = ApiScenarioService.class)
@SendNotice(taskType = NoticeConstants.TaskType.API_AUTOMATION_TASK, event = NoticeConstants.Event.UPDATE, target = "#targetClass.getScenarioCaseByIds(#request.ids)", targetClass = ApiScenarioService.class, subject = "接口自动化通知") @SendNotice(taskType = NoticeConstants.TaskType.API_AUTOMATION_TASK, event = NoticeConstants.Event.UPDATE, target = "#targetClass.getScenarioCaseByIds(#request.ids)", targetClass = ApiScenarioService.class, subject = "接口自动化通知")
@CheckOwner(resourceId = "#request.ids", resourceType = "api_scenario")
public void bathEdit(@RequestBody ApiScenarioBatchRequest request) { public void bathEdit(@RequestBody ApiScenarioBatchRequest request) {
apiAutomationService.bathEdit(request); apiAutomationService.bathEdit(request);
} }
@ -290,6 +294,7 @@ public class ApiScenarioController {
@PostMapping("/batch/copy") @PostMapping("/batch/copy")
@RequiresPermissions(value = {PermissionConstants.PROJECT_API_SCENARIO_READ_CREATE, PermissionConstants.PROJECT_API_SCENARIO_READ_BATCH_COPY}, logical = Logical.OR) @RequiresPermissions(value = {PermissionConstants.PROJECT_API_SCENARIO_READ_CREATE, PermissionConstants.PROJECT_API_SCENARIO_READ_BATCH_COPY}, logical = Logical.OR)
@MsAuditLog(module = OperLogModule.API_AUTOMATION, type = OperLogConstants.BATCH_ADD, beforeEvent = "#msClass.getLogDetails(#request.ids)", content = "#msClass.getLogDetails(#request.ids)", msClass = ApiScenarioService.class) @MsAuditLog(module = OperLogModule.API_AUTOMATION, type = OperLogConstants.BATCH_ADD, beforeEvent = "#msClass.getLogDetails(#request.ids)", content = "#msClass.getLogDetails(#request.ids)", msClass = ApiScenarioService.class)
@CheckOwner(resourceId = "#request.ids", resourceType = "api_scenario")
public void batchCopy(@RequestBody ApiScenarioBatchRequest request) { public void batchCopy(@RequestBody ApiScenarioBatchRequest request) {
apiAutomationService.batchCopy(request); apiAutomationService.batchCopy(request);
} }
@ -297,6 +302,7 @@ public class ApiScenarioController {
@PostMapping("/batch/update/env") @PostMapping("/batch/update/env")
@RequiresPermissions(PermissionConstants.PROJECT_API_SCENARIO_READ_EDIT) @RequiresPermissions(PermissionConstants.PROJECT_API_SCENARIO_READ_EDIT)
@MsAuditLog(module = OperLogModule.API_AUTOMATION, type = OperLogConstants.BATCH_UPDATE, beforeEvent = "#msClass.getLogDetails(#request.ids)", content = "#msClass.getLogDetails(#request.ids)", msClass = ApiScenarioService.class) @MsAuditLog(module = OperLogModule.API_AUTOMATION, type = OperLogConstants.BATCH_UPDATE, beforeEvent = "#msClass.getLogDetails(#request.ids)", content = "#msClass.getLogDetails(#request.ids)", msClass = ApiScenarioService.class)
@CheckOwner(resourceId = "#request.ids", resourceType = "api_scenario")
public void batchUpdateEnv(@RequestBody ApiScenarioBatchRequest request) { public void batchUpdateEnv(@RequestBody ApiScenarioBatchRequest request) {
apiAutomationService.batchUpdateEnv(request); apiAutomationService.batchUpdateEnv(request);
} }