fix(测试跟踪): 测试跟踪权限相关问题

--bug=1027440 --user=陈建星【测试跟踪】github#25261，测试用例批量操作有权限时报服务器错误 https://www.tapd.cn/55049933/s/1387747 --bug=1027231 --user=陈建星【测试跟踪】开启权限评审用例、关联和取消关联用例权限，进入计划任意用例详情中无法进行审批 https://www.tapd.cn/55049933/s/1383921 --bug=1027224 --user=陈建星【测试跟踪】公共用例库只有查看权限进入详情页后点击复制，页面自动跳转接口403 https://www.tapd.cn/55049933/s/1383811 --bug=1027216 --user=陈建星【测试跟踪】只开启批量编辑页面403重定向 https://www.tapd.cn/55049933/s/1383807 --bug=1027245 --user=陈建星【测试跟踪】缺陷没有创建权限，但在功能用例详情中按键依然可以点击，但会跳转403 https://www.tapd.cn/55049933/s/1384217 --bug=1027244 --user=陈建星【测试跟踪】缺陷管理-没有复制权限位，只开启编辑的情况下依然可以点击按钮，但会403 https://www.tapd.cn/55049933/s/1384219 --bug=1027243 --user=陈建星【测试跟踪】建议没有导出报告权限将按键置灰 https://www.tapd.cn/55049933/s/1384223 --bug=1027242 --user=陈建星【测试跟踪】测试计划-开启批量编辑权限后功能失效 https://www.tapd.cn/55049933/s/1384224 --bug=1027237 --user=陈建星【测试跟踪】测试计划开启执行测试计划权限，测试列表中无法通过执行结果字段进行更改测试结果 https://www.tapd.cn/55049933/s/1384255 --bug=1027236 --user=陈建星【测试跟踪】测试计划没有开启复制计划权限但依然可对计划复制 https://www.tapd.cn/55049933/s/1384259 --bug=1027216 --user=陈建星【测试跟踪】只开启批量编辑页面403重定向 https://www.tapd.cn/55049933/s/1384561
2023-06-28 17:21:08 +08:00 · 2023-06-28 17:21:08 +08:00 · effd1ccb1a
parent 03af550b32
commit effd1ccb1a
7 changed files with 31 additions and 18 deletions
--- a/framework/sdk-parent/sdk/src/main/java/io/metersphere/commons/constants/PermissionConstants.java
+++ b/framework/sdk-parent/sdk/src/main/java/io/metersphere/commons/constants/PermissionConstants.java
@ -105,25 +105,31 @@ public class PermissionConstants {
    public static final String PROJECT_TRACK_CASE_READ_BATCH_DELETE = "PROJECT_TRACK_CASE:READ+BATCH_DELETE";
    public static final String PROJECT_TRACK_CASE_READ_BATCH_ADD_PUBLIC = "PROJECT_TRACK_CASE:READ+BATCH_ADD_PUBLIC";
    public static final String PROJECT_TRACK_CASE_READ_BATCH_EDIT = "PROJECT_TRACK_CASE:READ+BATCH_EDIT";
-    public static final String PROJECT_TRACK_CASE_READ_MOVE_EDIT = "PROJECT_TRACK_CASE:READ+BATCH_MOVE";
+    public static final String PROJECT_TRACK_CASE_READ_BATCH_MOVE = "PROJECT_TRACK_CASE:READ+BATCH_MOVE";
    public static final String PROJECT_TRACK_CASE_READ_BATCH_COPY = "PROJECT_TRACK_CASE:READ+BATCH_COPY";
-
+    public static final String PROJECT_TRACK_CASE_READ_RECOVER = "PROJECT_TRACK_CASE:READ+RECOVER";
+    public static final String PROJECT_TRACK_CASE_READ_BATCH_REDUCTION = "PROJECT_TRACK_CASE:READ+BATCH_REDUCTION";
+    public static final String PROJECT_TRACK_CASE_READ_MOVE_EDIT = "PROJECT_TRACK_CASE:READ+BATCH_MOVE";
    public static final String PROJECT_TRACK_REVIEW_READ = "PROJECT_TRACK_REVIEW:READ";
    public static final String PROJECT_TRACK_REVIEW_READ_CREATE = "PROJECT_TRACK_REVIEW:READ+CREATE";
    public static final String PROJECT_TRACK_REVIEW_READ_EDIT = "PROJECT_TRACK_REVIEW:READ+EDIT";
+    public static final String PROJECT_TRACK_REVIEW_READ_REVIEW = "PROJECT_TRACK_REVIEW:READ+REVIEW";
+
    public static final String PROJECT_TRACK_REVIEW_READ_DELETE = "PROJECT_TRACK_REVIEW:READ+DELETE";
    public static final String PROJECT_TRACK_REVIEW_READ_COMMENT = "PROJECT_TRACK_REVIEW:READ+COMMENT";
    public static final String PROJECT_TRACK_REVIEW_READ_RELEVANCE_OR_CANCEL = "PROJECT_TRACK_REVIEW:READ+RELEVANCE_OR_CANCEL";

    public static final String PROJECT_TRACK_PLAN_READ = "PROJECT_TRACK_PLAN:READ";
    public static final String PROJECT_TRACK_PLAN_READ_CREATE = "PROJECT_TRACK_PLAN:READ+CREATE";
+    public static final String PROJECT_TRACK_PLAN_READ_COPY = "PROJECT_TRACK_PLAN:READ+COPY";
    public static final String PROJECT_TRACK_PLAN_READ_EDIT = "PROJECT_TRACK_PLAN:READ+EDIT";
    public static final String PROJECT_TRACK_PLAN_READ_DELETE = "PROJECT_TRACK_PLAN:READ+DELETE";
    public static final String PROJECT_TRACK_PLAN_READ_BATCH_DELETE = "PROJECT_TRACK_PLAN:READ+BATCH_DELETE";
    public static final String PROJECT_TRACK_PLAN_READ_SCHEDULE = "PROJECT_TRACK_PLAN:READ+SCHEDULE";
    public static final String PROJECT_TRACK_PLAN_READ_RELEVANCE_OR_CANCEL = "PROJECT_TRACK_PLAN:READ+RELEVANCE_OR_CANCEL";
+    public static final String PROJECT_TRACK_PLAN_READ_CASE_BATCH_DELETE = "PROJECT_TRACK_PLAN:READ+CASE_BATCH_DELETE";
    public static final String PROJECT_TRACK_PLAN_READ_RUN = "PROJECT_TRACK_PLAN:READ+RUN";
-
+    public static final String PROJECT_TRACK_PLAN_READ_CASE_BATCH_EDIT = "PROJECT_TRACK_PLAN:READ+CASE_BATCH_EDIT";
    public static final String PROJECT_TRACK_ISSUE_READ = "PROJECT_TRACK_ISSUE:READ";
    public static final String PROJECT_TRACK_ISSUE_READ_CREATE = "PROJECT_TRACK_ISSUE:READ+CREATE";
    public static final String PROJECT_TRACK_ISSUE_READ_EDIT = "PROJECT_TRACK_ISSUE:READ+EDIT";
--- a/project-management/backend/src/main/java/io/metersphere/controller/CustomFieldController.java
+++ b/project-management/backend/src/main/java/io/metersphere/controller/CustomFieldController.java
@ -11,6 +11,7 @@ import io.metersphere.commons.utils.Pager;
 import io.metersphere.log.annotation.MsAuditLog;
 import io.metersphere.request.QueryCustomFieldRequest;
 import io.metersphere.service.CustomFieldService;
+import org.apache.shiro.authz.annotation.Logical;
 import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.springframework.web.bind.annotation.*;

@ -53,7 +54,8 @@ public class CustomFieldController {
    }

    @GetMapping("/get/{id}")
-    @RequiresPermissions(PermissionConstants.PROJECT_TEMPLATE_READ_CUSTOM)
+    @RequiresPermissions(value = {PermissionConstants.PROJECT_TEMPLATE_READ_CUSTOM,
+            PermissionConstants.PROJECT_TRACK_ISSUE_READ, PermissionConstants.PROJECT_TRACK_CASE_READ, PermissionConstants.PROJECT_API_DEFINITION_READ}, logical = Logical.OR)
    public CustomField get(@PathVariable(value = "id") String id) {
        return customFieldService.get(id);
    }
--- a/project-management/backend/src/main/java/io/metersphere/controller/CustomFieldTemplateController.java
+++ b/project-management/backend/src/main/java/io/metersphere/controller/CustomFieldTemplateController.java
@ -28,7 +28,8 @@ public class CustomFieldTemplateController {
    }

    @GetMapping("/{id}")
-    @RequiresPermissions(PermissionConstants.PROJECT_TEMPLATE_READ_CUSTOM)
+    @RequiresPermissions(value = {PermissionConstants.PROJECT_TEMPLATE_READ_CUSTOM,
+            PermissionConstants.PROJECT_TRACK_ISSUE_READ, PermissionConstants.PROJECT_TRACK_CASE_READ, PermissionConstants.PROJECT_API_DEFINITION_READ}, logical = Logical.OR)
    public CustomField get(@PathVariable String id) {
        return customFieldTemplateService.getCustomField(id);
    }
--- a/test-track/backend/src/main/java/io/metersphere/controller/TestCaseController.java
+++ b/test-track/backend/src/main/java/io/metersphere/controller/TestCaseController.java
@ -253,7 +253,7 @@ public class TestCaseController {

    @PostMapping(value = "/edit/testPlan", consumes = {"multipart/form-data"})
    @MsAuditLog(module = OperLogModule.TRACK_TEST_CASE, type = OperLogConstants.UPDATE, beforeEvent = "#msClass.getLogBeforeDetails(#request.id)", title = "#request.name", content = "#msClass.getLogDetails(#request.id)", msClass = TestCaseService.class)
-    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_CASE_READ_EDIT)
+    @RequiresPermissions(value = {PermissionConstants.PROJECT_TRACK_CASE_READ_EDIT, PermissionConstants.PROJECT_TRACK_PLAN_READ_RUN}, logical = Logical.OR)
    public String editTestCaseByTestPlan(@RequestPart("request") EditTestCaseRequest request, @RequestPart(value = "file", required = false) List<MultipartFile> files) {
        return testCaseService.editTestCase(request, files);
    }
@ -326,7 +326,8 @@ public class TestCaseController {
    }

    @PostMapping("/batch/edit")
-    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_CASE_READ_BATCH_EDIT)
+    @RequiresPermissions(value = {PermissionConstants.PROJECT_TRACK_CASE_READ_EDIT, PermissionConstants.PROJECT_TRACK_CASE_READ_BATCH_EDIT,
+            PermissionConstants.PROJECT_TRACK_CASE_READ_BATCH_ADD_PUBLIC, PermissionConstants.PROJECT_TRACK_CASE_READ_BATCH_MOVE}, logical = Logical.OR)
    @MsAuditLog(module = OperLogModule.TRACK_TEST_CASE, type = OperLogConstants.BATCH_UPDATE, beforeEvent = "#msClass.getLogDetails(#request.ids)", content = "#msClass.getLogDetails(#request.ids)", msClass = TestCaseService.class)
    @SendNotice(taskType = NoticeConstants.TaskType.TRACK_TEST_CASE_TASK, target = "#targetClass.findByBatchRequest(#request)", targetClass = TestCaseService.class,
            event = NoticeConstants.Event.UPDATE, subject = "测试用例通知")
@ -343,13 +344,14 @@ public class TestCaseController {

    @PostMapping("/batch/copy")
    @MsAuditLog(module = OperLogModule.TRACK_TEST_CASE, type = OperLogConstants.BATCH_ADD, beforeEvent = "#msClass.getLogDetails(#request.ids)", content = "#msClass.getLogDetails(#request.ids)", msClass = TestCaseService.class)
-    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_CASE_READ_BATCH_COPY)
+    @RequiresPermissions(value = {PermissionConstants.PROJECT_TRACK_CASE_READ_COPY, PermissionConstants.PROJECT_TRACK_CASE_READ_BATCH_COPY}, logical = Logical.OR)
    public void copyTestCaseBath(@RequestBody TestCaseBatchRequest request) {
        testCaseService.copyTestCaseBath(request);
    }

    @PostMapping("/batch/copy/public")
-    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_CASE_READ_BATCH_COPY)
+    @RequiresPermissions(value = {PermissionConstants.PROJECT_TRACK_CASE_READ_BATCH_COPY,
+            PermissionConstants.PROJECT_TRACK_CASE_READ_COPY, PermissionConstants.PROJECT_TRACK_CASE_READ_CREATE}, logical = Logical.OR)
    @MsAuditLog(module = OperLogModule.TRACK_TEST_CASE, type = OperLogConstants.BATCH_ADD, beforeEvent = "#msClass.getLogDetails(#request.ids)", content = "#msClass.getLogDetails(#request.ids)", msClass = TestCaseService.class)
    @SendNotice(taskType = NoticeConstants.TaskType.TRACK_TEST_CASE_TASK, target = "#targetClass.findByBatchRequest(#request)", targetClass = TestCaseService.class,
            event = NoticeConstants.Event.CREATE, subject = "测试用例通知")
@ -359,14 +361,14 @@ public class TestCaseController {


    @PostMapping("/batch/delete")
-    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_CASE_READ_BATCH_DELETE)
+    @RequiresPermissions(value = {PermissionConstants.PROJECT_TRACK_CASE_READ_DELETE, PermissionConstants.PROJECT_TRACK_CASE_READ_BATCH_DELETE}, logical = Logical.OR)
    @MsAuditLog(module = OperLogModule.TRACK_TEST_CASE, type = OperLogConstants.BATCH_DEL, beforeEvent = "#msClass.getLogDetails(#request.ids)", msClass = TestCaseService.class)
    public void deleteTestCaseBath(@RequestBody TestCaseBatchRequest request) {
        testCaseService.deleteTestCaseBath(request);
    }

    @PostMapping("/batch/deleteToGc")
-    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_CASE_READ_DELETE)
+    @RequiresPermissions(value = {PermissionConstants.PROJECT_TRACK_CASE_READ_DELETE, PermissionConstants.PROJECT_TRACK_CASE_READ_BATCH_DELETE}, logical = Logical.OR)
    @MsAuditLog(module = OperLogModule.TRACK_TEST_CASE, type = OperLogConstants.BATCH_DEL, beforeEvent = "#msClass.getLogDetails(#request.ids)", msClass = TestCaseService.class)
    @SendNotice(taskType = NoticeConstants.TaskType.TRACK_TEST_CASE_TASK, target = "#targetClass.findByBatchRequest(#request)", targetClass = TestCaseService.class,
            event = NoticeConstants.Event.DELETE, subject = "测试用例通知")
@ -385,7 +387,7 @@ public class TestCaseController {

    @PostMapping("/reduction")
    @MsAuditLog(module = OperLogModule.TRACK_TEST_CASE, type = OperLogConstants.RESTORE, beforeEvent = "#msClass.getLogDetails(#request.ids)", msClass = TestCaseService.class)
-    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_CASE_READ_DELETE)
+    @RequiresPermissions(value = {PermissionConstants.PROJECT_TRACK_CASE_READ_RECOVER, PermissionConstants.PROJECT_TRACK_CASE_READ_BATCH_REDUCTION}, logical = Logical.OR)
    public void reduction(@RequestBody TestCaseBatchRequest request) {
        testCaseService.reduction(request);
    }
--- a/test-track/backend/src/main/java/io/metersphere/controller/TestPlanController.java
+++ b/test-track/backend/src/main/java/io/metersphere/controller/TestPlanController.java
@ -32,6 +32,7 @@ import io.metersphere.service.BaseUserService;
 import io.metersphere.service.wapper.CheckPermissionService;
 import jakarta.annotation.Resource;
 import jakarta.servlet.http.HttpServletResponse;
+import org.apache.shiro.authz.annotation.Logical;
 import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.springframework.web.bind.annotation.*;

@ -223,7 +224,7 @@ public class TestPlanController {
    }

    @PostMapping("/copy/{id}")
-    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_PLAN_READ_CREATE)
+    @RequiresPermissions(value = {PermissionConstants.PROJECT_TRACK_PLAN_READ_CREATE, PermissionConstants.PROJECT_TRACK_PLAN_READ_COPY}, logical = Logical.OR)
    @MsAuditLog(module = OperLogModule.TRACK_TEST_PLAN, type = OperLogConstants.COPY, content = "#msClass.getLogDetails(#id)", msClass = TestPlanService.class)
    @SendNotice(taskType = NoticeConstants.TaskType.TEST_PLAN_TASK, event = NoticeConstants.Event.CREATE, subject = "测试计划通知")
    public TestPlan copy(@PathVariable String id) {
--- a/test-track/backend/src/main/java/io/metersphere/controller/TestPlanTestCaseController.java
+++ b/test-track/backend/src/main/java/io/metersphere/controller/TestPlanTestCaseController.java
@ -18,6 +18,7 @@ import io.metersphere.plan.request.function.TestPlanFuncCaseEditRequest;
 import io.metersphere.plan.service.TestPlanTestCaseService;
 import io.metersphere.request.ResetOrderRequest;
 import org.apache.commons.lang3.StringUtils;
+import org.apache.shiro.authz.annotation.Logical;
 import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.springframework.web.bind.annotation.*;

@ -135,14 +136,14 @@ public class TestPlanTestCaseController {
    }

    @PostMapping("/batch/edit")
-    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_PLAN_READ_RUN)
+    @RequiresPermissions(value = {PermissionConstants.PROJECT_TRACK_PLAN_READ_RUN, PermissionConstants.PROJECT_TRACK_PLAN_READ_CASE_BATCH_EDIT}, logical = Logical.OR)
    @MsAuditLog(module = OperLogModule.TRACK_TEST_PLAN, type = OperLogConstants.BATCH_UPDATE, beforeEvent = "#msClass.batchLogDetails(#request.ids)", content = "#msClass.getLogDetails(#request.ids)", msClass = TestPlanTestCaseService.class)
    public void editTestCaseBath(@RequestBody TestPlanCaseBatchRequest request) {
        testPlanTestCaseService.editTestCaseBath(request);
    }

    @PostMapping("/batch/delete")
-    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_PLAN_READ_RELEVANCE_OR_CANCEL)
+    @RequiresPermissions(value = {PermissionConstants.PROJECT_TRACK_PLAN_READ_RELEVANCE_OR_CANCEL, PermissionConstants.PROJECT_TRACK_PLAN_READ_CASE_BATCH_DELETE}, logical = Logical.OR)
    @MsAuditLog(module = OperLogModule.TRACK_TEST_PLAN, type = OperLogConstants.UN_ASSOCIATE_CASE, beforeEvent = "#msClass.getLogDetails(#request.ids)", msClass = TestPlanTestCaseService.class)
    public void deleteTestCaseBath(@RequestBody TestPlanCaseBatchRequest request) {
        testPlanTestCaseService.deleteTestCaseBath(request);
--- a/test-track/backend/src/main/java/io/metersphere/controller/TestReviewTestCaseController.java
+++ b/test-track/backend/src/main/java/io/metersphere/controller/TestReviewTestCaseController.java
@ -53,14 +53,14 @@ public class TestReviewTestCaseController {
    }

    @PostMapping("/batch/edit/status")
-    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_REVIEW_READ_EDIT)
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_REVIEW_READ_REVIEW)
    @MsAuditLog(module = OperLogModule.TRACK_TEST_CASE_REVIEW, type = OperLogConstants.BATCH_UPDATE, beforeEvent = "#msClass.batchLogDetails(#request)", content = "#msClass.getLogDetails(#request)", msClass = TestReviewTestCaseService.class)
    public void editTestCaseBatch(@RequestBody TestReviewCaseBatchRequest request) {
        testReviewTestCaseService.editTestCaseBatchStatus(request);
    }

    @PostMapping("/batch/edit/reviewer")
-    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_REVIEW_READ_EDIT)
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_REVIEW_READ_REVIEW)
    @MsAuditLog(module = OperLogModule.TRACK_TEST_CASE_REVIEW, type = OperLogConstants.BATCH_UPDATE, beforeEvent = "#msClass.batchLogDetails(#request)", content = "#msClass.getLogDetails(#request)", msClass = TestReviewTestCaseService.class)
    public void editTestCaseReviewerBatch(@RequestBody TestReviewCaseBatchRequest request) {
        testReviewTestCaseService.editTestCaseBatchReviewer(request);
@ -87,7 +87,7 @@ public class TestReviewTestCaseController {
    }

    @PostMapping("/edit")
-    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_REVIEW_READ_EDIT)
+    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_REVIEW_READ_REVIEW)
    @MsAuditLog(module = OperLogModule.TRACK_TEST_CASE_REVIEW, type = OperLogConstants.REVIEW, content = "#msClass.getLogDetails(#testCaseReviewTestCase)", msClass = TestReviewTestCaseService.class)
    public String editTestCase(@RequestBody TestCaseReviewTestCaseEditRequest testCaseReviewTestCase) {
        return testReviewTestCaseService.editTestCase(testCaseReviewTestCase);