fix: 修复登录用户可以查看其他工作空间的bug
This commit is contained in:
parent
a66741406f
commit
fa0841a36b
|
@ -11,6 +11,7 @@ import io.metersphere.commons.utils.PageUtils;
|
|||
import io.metersphere.commons.utils.Pager;
|
||||
import io.metersphere.commons.utils.SessionUtils;
|
||||
import io.metersphere.dto.DashboardTestDTO;
|
||||
import io.metersphere.service.CheckOwnerService;
|
||||
import org.apache.shiro.authz.annotation.Logical;
|
||||
import org.apache.shiro.authz.annotation.RequiresRoles;
|
||||
import org.springframework.web.bind.annotation.*;
|
||||
|
@ -25,6 +26,8 @@ public class APIReportController {
|
|||
|
||||
@Resource
|
||||
private APIReportService apiReportService;
|
||||
@Resource
|
||||
private CheckOwnerService checkOwnerService;
|
||||
|
||||
@GetMapping("recent/{count}")
|
||||
public List<APIReportResult> recentTest(@PathVariable int count) {
|
||||
|
@ -37,6 +40,7 @@ public class APIReportController {
|
|||
|
||||
@GetMapping("/list/{testId}")
|
||||
public List<APIReportResult> listByTestId(@PathVariable String testId) {
|
||||
checkOwnerService.checkApiTestOwner(testId);
|
||||
return apiReportService.listByTestId(testId);
|
||||
}
|
||||
|
||||
|
|
|
@ -13,6 +13,7 @@ import io.metersphere.commons.utils.Pager;
|
|||
import io.metersphere.commons.utils.SessionUtils;
|
||||
import io.metersphere.controller.request.QueryScheduleRequest;
|
||||
import io.metersphere.dto.ScheduleDao;
|
||||
import io.metersphere.service.CheckOwnerService;
|
||||
import org.apache.shiro.authz.annotation.Logical;
|
||||
import org.apache.shiro.authz.annotation.RequiresRoles;
|
||||
import org.springframework.web.bind.annotation.*;
|
||||
|
@ -27,6 +28,8 @@ import java.util.List;
|
|||
public class APITestController {
|
||||
@Resource
|
||||
private APITestService apiTestService;
|
||||
@Resource
|
||||
private CheckOwnerService checkownerService;
|
||||
|
||||
@GetMapping("recent/{count}")
|
||||
public List<APITestResult> recentTest(@PathVariable int count) {
|
||||
|
@ -51,6 +54,7 @@ public class APITestController {
|
|||
|
||||
@GetMapping("/list/{projectId}")
|
||||
public List<ApiTest> list(@PathVariable String projectId) {
|
||||
checkownerService.checkProjectOwner(projectId);
|
||||
return apiTestService.getApiTestByProjectId(projectId);
|
||||
}
|
||||
|
||||
|
@ -71,6 +75,7 @@ public class APITestController {
|
|||
|
||||
@PostMapping(value = "/update", consumes = {"multipart/form-data"})
|
||||
public void update(@RequestPart("request") SaveAPITestRequest request, @RequestPart(value = "file") MultipartFile file, @RequestPart(value = "files") List<MultipartFile> bodyFiles) {
|
||||
checkownerService.checkApiTestOwner(request.getId());
|
||||
apiTestService.update(request, file, bodyFiles);
|
||||
}
|
||||
|
||||
|
@ -81,13 +86,16 @@ public class APITestController {
|
|||
|
||||
@GetMapping("/get/{testId}")
|
||||
public APITestResult get(@PathVariable String testId) {
|
||||
checkownerService.checkApiTestOwner(testId);
|
||||
return apiTestService.get(testId);
|
||||
}
|
||||
|
||||
|
||||
@PostMapping("/delete")
|
||||
public void delete(@RequestBody DeleteAPITestRequest request) {
|
||||
apiTestService.delete(request.getId());
|
||||
String testId = request.getId();
|
||||
checkownerService.checkApiTestOwner(testId);
|
||||
apiTestService.delete(testId);
|
||||
}
|
||||
|
||||
@PostMapping(value = "/run")
|
||||
|
|
|
@ -3,6 +3,7 @@ package io.metersphere.api.controller;
|
|||
import io.metersphere.api.service.ApiTestEnvironmentService;
|
||||
import io.metersphere.base.domain.ApiTestEnvironmentWithBLOBs;
|
||||
import io.metersphere.commons.constants.RoleConstants;
|
||||
import io.metersphere.service.CheckOwnerService;
|
||||
import org.apache.shiro.authz.annotation.Logical;
|
||||
import org.apache.shiro.authz.annotation.RequiresRoles;
|
||||
import org.springframework.web.bind.annotation.*;
|
||||
|
@ -17,9 +18,12 @@ public class ApiTestEnvironmentController {
|
|||
|
||||
@Resource
|
||||
ApiTestEnvironmentService apiTestEnvironmentService;
|
||||
@Resource
|
||||
private CheckOwnerService checkOwnerService;
|
||||
|
||||
@GetMapping("/list/{projectId}")
|
||||
public List<ApiTestEnvironmentWithBLOBs> list(@PathVariable String projectId) {
|
||||
checkOwnerService.checkProjectOwner(projectId);
|
||||
return apiTestEnvironmentService.list(projectId);
|
||||
}
|
||||
|
||||
|
|
|
@ -9,6 +9,7 @@ import io.metersphere.commons.utils.Pager;
|
|||
import io.metersphere.commons.utils.SessionUtils;
|
||||
import io.metersphere.controller.request.ProjectRequest;
|
||||
import io.metersphere.dto.ProjectDTO;
|
||||
import io.metersphere.service.CheckOwnerService;
|
||||
import io.metersphere.service.ProjectService;
|
||||
import org.apache.shiro.authz.annotation.Logical;
|
||||
import org.apache.shiro.authz.annotation.RequiresRoles;
|
||||
|
@ -22,6 +23,8 @@ import java.util.List;
|
|||
public class ProjectController {
|
||||
@Resource
|
||||
private ProjectService projectService;
|
||||
@Resource
|
||||
private CheckOwnerService checkOwnerService;
|
||||
|
||||
@GetMapping("/listAll")
|
||||
public List<ProjectDTO> listAll() {
|
||||
|
@ -71,6 +74,7 @@ public class ProjectController {
|
|||
@GetMapping("/delete/{projectId}")
|
||||
@RequiresRoles(value = {RoleConstants.TEST_MANAGER, RoleConstants.TEST_USER,}, logical = Logical.OR)
|
||||
public void deleteProject(@PathVariable(value = "projectId") String projectId) {
|
||||
checkOwnerService.checkProjectOwner(projectId);
|
||||
projectService.deleteProject(projectId);
|
||||
}
|
||||
|
||||
|
|
|
@ -4,6 +4,7 @@ package io.metersphere.controller.handler;
|
|||
import io.metersphere.commons.exception.MSException;
|
||||
import io.metersphere.controller.ResultHolder;
|
||||
import org.apache.shiro.ShiroException;
|
||||
import org.apache.shiro.authz.UnauthorizedException;
|
||||
import org.springframework.http.HttpStatus;
|
||||
import org.springframework.web.bind.annotation.ExceptionHandler;
|
||||
import org.springframework.web.bind.annotation.RestControllerAdvice;
|
||||
|
@ -21,6 +22,13 @@ public class RestControllerExceptionHandler {
|
|||
return ResultHolder.error(exception.getMessage());
|
||||
}
|
||||
|
||||
/*=========== Shiro 异常拦截==============*/
|
||||
@ExceptionHandler(UnauthorizedException.class)
|
||||
public ResultHolder unauthorizedExceptionHandler(HttpServletRequest request, HttpServletResponse response, Exception exception) {
|
||||
response.setStatus(HttpStatus.FORBIDDEN.value());
|
||||
return ResultHolder.error(exception.getMessage());
|
||||
}
|
||||
|
||||
|
||||
@ExceptionHandler(MSException.class)
|
||||
public ResultHolder msExceptionHandler(HttpServletRequest request, HttpServletResponse response, MSException e) {
|
||||
|
|
|
@ -14,6 +14,7 @@ import io.metersphere.dto.DashboardTestDTO;
|
|||
import io.metersphere.dto.LoadTestDTO;
|
||||
import io.metersphere.dto.ScheduleDao;
|
||||
import io.metersphere.performance.service.PerformanceTestService;
|
||||
import io.metersphere.service.CheckOwnerService;
|
||||
import io.metersphere.service.FileService;
|
||||
import io.metersphere.track.request.testplan.*;
|
||||
import org.apache.shiro.authz.annotation.Logical;
|
||||
|
@ -35,6 +36,8 @@ public class PerformanceTestController {
|
|||
private PerformanceTestService performanceTestService;
|
||||
@Resource
|
||||
private FileService fileService;
|
||||
@Resource
|
||||
private CheckOwnerService checkOwnerService;
|
||||
|
||||
@GetMapping("recent/{count}")
|
||||
public List<LoadTestDTO> recentTestPlans(@PathVariable int count) {
|
||||
|
@ -54,12 +57,14 @@ public class PerformanceTestController {
|
|||
|
||||
@GetMapping("/list/{projectId}")
|
||||
public List<LoadTest> list(@PathVariable String projectId) {
|
||||
checkOwnerService.checkProjectOwner(projectId);
|
||||
return performanceTestService.getLoadTestByProjectId(projectId);
|
||||
}
|
||||
|
||||
|
||||
@GetMapping("/state/get/{testId}")
|
||||
public LoadTest listByTestId(@PathVariable String testId) {
|
||||
checkOwnerService.checkPerformanceTestOwner(testId);
|
||||
return performanceTestService.getLoadTestBytestId(testId);
|
||||
}
|
||||
|
||||
|
@ -76,26 +81,31 @@ public class PerformanceTestController {
|
|||
@RequestPart("request") EditTestPlanRequest request,
|
||||
@RequestPart(value = "file", required = false) List<MultipartFile> files
|
||||
) {
|
||||
checkOwnerService.checkPerformanceTestOwner(request.getId());
|
||||
return performanceTestService.edit(request, files);
|
||||
}
|
||||
|
||||
@GetMapping("/get/{testId}")
|
||||
public LoadTestDTO get(@PathVariable String testId) {
|
||||
checkOwnerService.checkPerformanceTestOwner(testId);
|
||||
return performanceTestService.get(testId);
|
||||
}
|
||||
|
||||
@GetMapping("/get-advanced-config/{testId}")
|
||||
public String getAdvancedConfiguration(@PathVariable String testId) {
|
||||
checkOwnerService.checkPerformanceTestOwner(testId);
|
||||
return performanceTestService.getAdvancedConfiguration(testId);
|
||||
}
|
||||
|
||||
@GetMapping("/get-load-config/{testId}")
|
||||
public String getLoadConfiguration(@PathVariable String testId) {
|
||||
checkOwnerService.checkPerformanceTestOwner(testId);
|
||||
return performanceTestService.getLoadConfiguration(testId);
|
||||
}
|
||||
|
||||
@PostMapping("/delete")
|
||||
public void delete(@RequestBody DeleteTestPlanRequest request) {
|
||||
checkOwnerService.checkPerformanceTestOwner(request.getId());
|
||||
performanceTestService.delete(request);
|
||||
}
|
||||
|
||||
|
@ -111,6 +121,7 @@ public class PerformanceTestController {
|
|||
|
||||
@GetMapping("/file/metadata/{testId}")
|
||||
public List<FileMetadata> getFileMetadata(@PathVariable String testId) {
|
||||
checkOwnerService.checkPerformanceTestOwner(testId);
|
||||
return fileService.getFileMetadataByTestId(testId);
|
||||
}
|
||||
|
||||
|
|
|
@ -0,0 +1,64 @@
|
|||
package io.metersphere.service;
|
||||
|
||||
import io.metersphere.api.dto.APITestResult;
|
||||
import io.metersphere.api.dto.QueryAPITestRequest;
|
||||
import io.metersphere.base.domain.Project;
|
||||
import io.metersphere.base.mapper.ProjectMapper;
|
||||
import io.metersphere.base.mapper.ext.ExtApiTestMapper;
|
||||
import io.metersphere.base.mapper.ext.ExtLoadTestMapper;
|
||||
import io.metersphere.commons.utils.SessionUtils;
|
||||
import io.metersphere.dto.LoadTestDTO;
|
||||
import io.metersphere.i18n.Translator;
|
||||
import io.metersphere.track.request.testplan.QueryTestPlanRequest;
|
||||
import org.apache.commons.collections.CollectionUtils;
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
import org.apache.shiro.authz.UnauthorizedException;
|
||||
import org.springframework.stereotype.Service;
|
||||
|
||||
import javax.annotation.Resource;
|
||||
import java.util.List;
|
||||
|
||||
@Service
|
||||
public class CheckOwnerService {
|
||||
@Resource
|
||||
private ProjectMapper projectMapper;
|
||||
@Resource
|
||||
private ExtApiTestMapper extApiTestMapper;
|
||||
@Resource
|
||||
private ExtLoadTestMapper extLoadTestMapper;
|
||||
|
||||
public void checkProjectOwner(String projectId) {
|
||||
String workspaceId = SessionUtils.getCurrentWorkspaceId();
|
||||
Project project = projectMapper.selectByPrimaryKey(projectId);
|
||||
if (project == null) {
|
||||
return;
|
||||
}
|
||||
if (!StringUtils.equals(workspaceId, project.getWorkspaceId())) {
|
||||
throw new UnauthorizedException(Translator.get("check_owner_project"));
|
||||
}
|
||||
}
|
||||
|
||||
public void checkApiTestOwner(String testId) {
|
||||
String workspaceId = SessionUtils.getCurrentWorkspaceId();
|
||||
QueryAPITestRequest request = new QueryAPITestRequest();
|
||||
request.setWorkspaceId(workspaceId);
|
||||
request.setId(testId);
|
||||
List<APITestResult> apiTestResults = extApiTestMapper.list(request);
|
||||
|
||||
if (CollectionUtils.size(apiTestResults) != 1) {
|
||||
throw new UnauthorizedException(Translator.get("check_owner_test"));
|
||||
}
|
||||
}
|
||||
|
||||
public void checkPerformanceTestOwner(String testId) {
|
||||
String workspaceId = SessionUtils.getCurrentWorkspaceId();
|
||||
QueryTestPlanRequest request = new QueryTestPlanRequest();
|
||||
request.setWorkspaceId(workspaceId);
|
||||
request.setId(testId);
|
||||
List<LoadTestDTO> loadTestDTOS = extLoadTestMapper.list(request);
|
||||
|
||||
if (CollectionUtils.size(loadTestDTOS) != 1) {
|
||||
throw new UnauthorizedException(Translator.get("check_owner_test"));
|
||||
}
|
||||
}
|
||||
}
|
|
@ -10,6 +10,7 @@ import io.metersphere.commons.utils.PageUtils;
|
|||
import io.metersphere.commons.utils.Pager;
|
||||
import io.metersphere.commons.utils.SessionUtils;
|
||||
import io.metersphere.excel.domain.ExcelResponse;
|
||||
import io.metersphere.service.CheckOwnerService;
|
||||
import io.metersphere.track.dto.TestCaseDTO;
|
||||
import io.metersphere.track.request.testcase.QueryTestCaseRequest;
|
||||
import io.metersphere.track.request.testcase.TestCaseBatchRequest;
|
||||
|
@ -30,6 +31,8 @@ public class TestCaseController {
|
|||
|
||||
@Resource
|
||||
TestCaseService testCaseService;
|
||||
@Resource
|
||||
private CheckOwnerService checkOwnerService;
|
||||
|
||||
@PostMapping("/list/{goPage}/{pageSize}")
|
||||
public Pager<List<TestCaseDTO>> list(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody QueryTestCaseRequest request) {
|
||||
|
@ -39,6 +42,7 @@ public class TestCaseController {
|
|||
|
||||
@GetMapping("/list/{projectId}")
|
||||
public List<TestCaseDTO> list(@PathVariable String projectId) {
|
||||
checkOwnerService.checkProjectOwner(projectId);
|
||||
QueryTestCaseRequest request = new QueryTestCaseRequest();
|
||||
request.setProjectId(projectId);
|
||||
return testCaseService.listTestCase(request);
|
||||
|
@ -47,6 +51,7 @@ public class TestCaseController {
|
|||
|
||||
@GetMapping("/list/method/{projectId}")
|
||||
public List<TestCaseDTO> listByMethod(@PathVariable String projectId) {
|
||||
checkOwnerService.checkProjectOwner(projectId);
|
||||
QueryTestCaseRequest request = new QueryTestCaseRequest();
|
||||
request.setProjectId(projectId);
|
||||
return testCaseService.listTestCaseMthod(request);
|
||||
|
@ -106,7 +111,8 @@ public class TestCaseController {
|
|||
|
||||
@PostMapping("/import/{projectId}/{userId}")
|
||||
@RequiresRoles(value = {RoleConstants.TEST_USER, RoleConstants.TEST_MANAGER}, logical = Logical.OR)
|
||||
public ExcelResponse testCaseImport(MultipartFile file, @PathVariable String projectId,@PathVariable String userId) throws NoSuchFieldException {
|
||||
public ExcelResponse testCaseImport(MultipartFile file, @PathVariable String projectId, @PathVariable String userId) {
|
||||
checkOwnerService.checkProjectOwner(projectId);
|
||||
return testCaseService.testCaseImport(file, projectId, userId);
|
||||
}
|
||||
|
||||
|
@ -115,6 +121,7 @@ public class TestCaseController {
|
|||
public void testCaseTemplateExport(HttpServletResponse response) {
|
||||
testCaseService.testCaseTemplateExport(response);
|
||||
}
|
||||
|
||||
@GetMapping("/export/xmindTemplate")
|
||||
@RequiresRoles(value = {RoleConstants.TEST_USER, RoleConstants.TEST_MANAGER}, logical = Logical.OR)
|
||||
public void xmindTemplate(HttpServletResponse response) {
|
||||
|
|
|
@ -2,6 +2,7 @@ package io.metersphere.track.controller;
|
|||
|
||||
import io.metersphere.base.domain.TestCaseNode;
|
||||
import io.metersphere.commons.constants.RoleConstants;
|
||||
import io.metersphere.service.CheckOwnerService;
|
||||
import io.metersphere.track.dto.TestCaseNodeDTO;
|
||||
import io.metersphere.track.request.testcase.DragNodeRequest;
|
||||
import io.metersphere.track.request.testcase.QueryNodeRequest;
|
||||
|
@ -20,9 +21,12 @@ public class TestCaseNodeController {
|
|||
|
||||
@Resource
|
||||
TestCaseNodeService testCaseNodeService;
|
||||
@Resource
|
||||
private CheckOwnerService checkOwnerService;
|
||||
|
||||
@GetMapping("/list/{projectId}")
|
||||
public List<TestCaseNodeDTO> getNodeByProjectId(@PathVariable String projectId) {
|
||||
checkOwnerService.checkProjectOwner(projectId);
|
||||
return testCaseNodeService.getNodeTreeByProjectId(projectId);
|
||||
}
|
||||
|
||||
|
|
|
@ -158,3 +158,6 @@ license_valid_license_error=Authorization authentication failed
|
|||
timing_task_result_notification=Timing task result notification
|
||||
test_review_task_notice=Test review task notice
|
||||
test_track.length_less_than=The title is too long, the length must be less than
|
||||
# check owner
|
||||
check_owner_project=The current user does not have permission to operate this project
|
||||
check_owner_test=The current user does not have permission to operate this test
|
|
@ -158,4 +158,6 @@ import_xmind_not_found=未找到测试用例
|
|||
timing_task_result_notification=定时任务结果通知
|
||||
test_review_task_notice=测试评审任务通知
|
||||
test_track.length_less_than=标题过长,字数必须小于
|
||||
|
||||
# check owner
|
||||
check_owner_project=当前用户没有操作此项目的权限
|
||||
check_owner_test=当前用户没有操作此测试的权限
|
|
@ -159,3 +159,6 @@ import_xmind_not_found=未找到测试用例
|
|||
timing_task_result_notification=定時任務結果通知
|
||||
test_review_task_notice=測試評審任務通知
|
||||
test_track.length_less_than=標題過長,字數必須小於
|
||||
# check owner
|
||||
check_owner_project=當前用戶沒有操作此項目的權限
|
||||
check_owner_test=當前用戶沒有操作此測試的權限
|
Loading…
Reference in New Issue