fix(测试跟踪): 用例评审脑图权限校验

--bug=1018748 --user=陈建星 【系统设置】测试跟踪只有查看权限,但进入用例评审详情后切换脑图修改内容可以保存 https://www.tapd.cn/55049933/s/1274991
This commit is contained in:
chenjianxing 2022-10-24 18:59:40 +08:00 committed by jianxing
parent b90a980f85
commit fb67225bf7
3 changed files with 14 additions and 2 deletions

View File

@ -5,6 +5,7 @@ import com.github.pagehelper.PageHelper;
import io.metersphere.base.domain.TestCaseReviewTestCase; import io.metersphere.base.domain.TestCaseReviewTestCase;
import io.metersphere.commons.constants.OperLogConstants; import io.metersphere.commons.constants.OperLogConstants;
import io.metersphere.commons.constants.OperLogModule; import io.metersphere.commons.constants.OperLogModule;
import io.metersphere.commons.constants.PermissionConstants;
import io.metersphere.commons.utils.PageUtils; import io.metersphere.commons.utils.PageUtils;
import io.metersphere.commons.utils.Pager; import io.metersphere.commons.utils.Pager;
import io.metersphere.log.annotation.MsAuditLog; import io.metersphere.log.annotation.MsAuditLog;
@ -15,6 +16,7 @@ import io.metersphere.request.testreview.DeleteRelevanceRequest;
import io.metersphere.request.testreview.QueryCaseReviewRequest; import io.metersphere.request.testreview.QueryCaseReviewRequest;
import io.metersphere.request.testreview.TestCaseReviewTestCaseEditRequest; import io.metersphere.request.testreview.TestCaseReviewTestCaseEditRequest;
import io.metersphere.service.TestReviewTestCaseService; import io.metersphere.service.TestReviewTestCaseService;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.springframework.web.bind.annotation.*; import org.springframework.web.bind.annotation.*;
import javax.annotation.Resource; import javax.annotation.Resource;
@ -34,24 +36,28 @@ public class TestReviewTestCaseController {
} }
@PostMapping("/delete") @PostMapping("/delete")
@RequiresPermissions(PermissionConstants.PROJECT_TRACK_REVIEW_READ_DELETE)
@MsAuditLog(module = OperLogModule.TRACK_TEST_CASE_REVIEW, type = OperLogConstants.UN_ASSOCIATE_CASE, beforeEvent = "#msClass.getLogDetails(#request)", msClass = TestReviewTestCaseService.class) @MsAuditLog(module = OperLogModule.TRACK_TEST_CASE_REVIEW, type = OperLogConstants.UN_ASSOCIATE_CASE, beforeEvent = "#msClass.getLogDetails(#request)", msClass = TestReviewTestCaseService.class)
public int deleteTestCase(@RequestBody DeleteRelevanceRequest request) { public int deleteTestCase(@RequestBody DeleteRelevanceRequest request) {
return testReviewTestCaseService.deleteTestCase(request); return testReviewTestCaseService.deleteTestCase(request);
} }
@PostMapping("/batch/delete") @PostMapping("/batch/delete")
@RequiresPermissions(PermissionConstants.PROJECT_TRACK_REVIEW_READ_DELETE)
@MsAuditLog(module = OperLogModule.TRACK_TEST_CASE_REVIEW, type = OperLogConstants.UN_ASSOCIATE_CASE, beforeEvent = "#msClass.getLogDetails(#request)", msClass = TestReviewTestCaseService.class) @MsAuditLog(module = OperLogModule.TRACK_TEST_CASE_REVIEW, type = OperLogConstants.UN_ASSOCIATE_CASE, beforeEvent = "#msClass.getLogDetails(#request)", msClass = TestReviewTestCaseService.class)
public void deleteTestCaseBatch(@RequestBody TestReviewCaseBatchRequest request) { public void deleteTestCaseBatch(@RequestBody TestReviewCaseBatchRequest request) {
testReviewTestCaseService.deleteTestCaseBatch(request); testReviewTestCaseService.deleteTestCaseBatch(request);
} }
@PostMapping("/batch/edit/status") @PostMapping("/batch/edit/status")
@RequiresPermissions(PermissionConstants.PROJECT_TRACK_REVIEW_READ_EDIT)
@MsAuditLog(module = OperLogModule.TRACK_TEST_CASE_REVIEW, type = OperLogConstants.BATCH_UPDATE, beforeEvent = "#msClass.batchLogDetails(#request)", content = "#msClass.getLogDetails(#request)", msClass = TestReviewTestCaseService.class) @MsAuditLog(module = OperLogModule.TRACK_TEST_CASE_REVIEW, type = OperLogConstants.BATCH_UPDATE, beforeEvent = "#msClass.batchLogDetails(#request)", content = "#msClass.getLogDetails(#request)", msClass = TestReviewTestCaseService.class)
public void editTestCaseBatch(@RequestBody TestReviewCaseBatchRequest request) { public void editTestCaseBatch(@RequestBody TestReviewCaseBatchRequest request) {
testReviewTestCaseService.editTestCaseBatchStatus(request); testReviewTestCaseService.editTestCaseBatchStatus(request);
} }
@PostMapping("/minder/edit/{reviewId}") @PostMapping("/minder/edit/{reviewId}")
@RequiresPermissions(PermissionConstants.PROJECT_TRACK_REVIEW_READ_EDIT)
@MsAuditLog(module = OperLogModule.TRACK_TEST_CASE_REVIEW, type = OperLogConstants.ASSOCIATE_CASE, content = "#msClass.getLogDetails(#testCases)", msClass = TestReviewTestCaseService.class) @MsAuditLog(module = OperLogModule.TRACK_TEST_CASE_REVIEW, type = OperLogConstants.ASSOCIATE_CASE, content = "#msClass.getLogDetails(#testCases)", msClass = TestReviewTestCaseService.class)
public void editTestCaseForMinder(@PathVariable("reviewId") String reviewId, @RequestBody List<TestCaseReviewTestCase> testCases) { public void editTestCaseForMinder(@PathVariable("reviewId") String reviewId, @RequestBody List<TestCaseReviewTestCase> testCases) {
testReviewTestCaseService.editTestCaseForMinder(reviewId, testCases); testReviewTestCaseService.editTestCaseForMinder(reviewId, testCases);
@ -69,6 +75,7 @@ public class TestReviewTestCaseController {
} }
@PostMapping("/edit") @PostMapping("/edit")
@RequiresPermissions(PermissionConstants.PROJECT_TRACK_REVIEW_READ_EDIT)
@MsAuditLog(module = OperLogModule.TRACK_TEST_CASE_REVIEW, type = OperLogConstants.REVIEW, content = "#msClass.getLogDetails(#testCaseReviewTestCase)", msClass = TestReviewTestCaseService.class) @MsAuditLog(module = OperLogModule.TRACK_TEST_CASE_REVIEW, type = OperLogConstants.REVIEW, content = "#msClass.getLogDetails(#testCaseReviewTestCase)", msClass = TestReviewTestCaseService.class)
public void editTestCase(@RequestBody TestCaseReviewTestCaseEditRequest testCaseReviewTestCase) { public void editTestCase(@RequestBody TestCaseReviewTestCaseEditRequest testCaseReviewTestCase) {
testReviewTestCaseService.editTestCase(testCaseReviewTestCase); testReviewTestCaseService.editTestCase(testCaseReviewTestCase);

View File

@ -86,7 +86,7 @@ export default {
workspaceId() { workspaceId() {
return getCurrentWorkspaceId(); return getCurrentWorkspaceId();
}, },
disableMinder() { disableMinder() {
if (this.planStatus === 'Archived') { if (this.planStatus === 'Archived') {
return true return true
} else { } else {

View File

@ -1,11 +1,12 @@
<template> <template>
<ms-module-minder <ms-module-minder
v-loading="result.loading" v-loading="result.loading"
minder-key="REVIEW_CASE"
:tree-nodes="treeNodes" :tree-nodes="treeNodes"
:data-map="dataMap" :data-map="dataMap"
:tags="tags" :tags="tags"
:tag-enable="true" :tag-enable="true"
minder-key="REVIEW_CASE" :disabled="disable"
:select-node="selectNode" :select-node="selectNode"
:distinct-tags="[...tags, $t('test_track.plan.plan_status_prepare')]" :distinct-tags="[...tags, $t('test_track.plan.plan_status_prepare')]"
:ignore-num="true" :ignore-num="true"
@ -29,6 +30,7 @@ import MsModuleMinder from "@/business/common/minder/MsModuleMinder";
import {useStore} from "@/store"; import {useStore} from "@/store";
import {mapState} from "pinia"; import {mapState} from "pinia";
import {testReviewCaseMinderEdit} from "@/api/remote/plan/test-review-case"; import {testReviewCaseMinderEdit} from "@/api/remote/plan/test-review-case";
import {hasPermission} from "@/business/utils/sdk-utils";
export default { export default {
name: "TestReviewMinder", name: "TestReviewMinder",
@ -78,6 +80,9 @@ export default {
selectNodeIds: 'testReviewSelectNodeIds', selectNodeIds: 'testReviewSelectNodeIds',
selectNode: 'testReviewSelectNode' selectNode: 'testReviewSelectNode'
}), }),
disable() {
return !hasPermission('PROJECT_TRACK_REVIEW:READ+EDIT');
}
}, },
methods: { methods: {
handleAfterMount() { handleAfterMount() {