mirror of
https://gitee.com/fit2cloud-feizhiyun/MeterSphere.git
synced 2024-12-04 21:19:52 +08:00
fix(缺陷管理): 详情评论非评论人校验问题
--bug=1036296 --user=宋昌昌 【缺陷管理】缺陷详情-评论-非评论人也删除评论 https://www.tapd.cn/55049933/s/1469424
This commit is contained in:
parent
2eca67b682
commit
eeff1a49d1
@ -90,6 +90,7 @@ bug_comment.parent_id.not_blank=缺陷评论父级ID不能为空
|
||||
bug_comment.parent.not_exist=父级评论不存在
|
||||
bug_comment.reply_user.not_blank=缺陷回复人不能为空
|
||||
bug_comment_not_exist=缺陷评论不存在
|
||||
bug_comment_not_owner=非当前评论创建人, 无法操作!
|
||||
bug_relate_case_not_found=未查询到关联的用例
|
||||
bug_relate_case_type_unknown=关联的用例类型未知, 无法查看
|
||||
bug_relate_case_permission_error=无权限查看, 请联系管理员
|
||||
|
@ -90,6 +90,7 @@ bug_comment.parent_id.not_blank=Bug comment parent-id cannot be empty
|
||||
bug_comment.parent.not_exist=Bug comment parent does not exist
|
||||
bug_comment.reply_user.not_blank=Bug comment reply-user cannot be empty
|
||||
bug_comment_not_exist=Bug comment does not exist
|
||||
bug_comment_not_owner=Not owner of the bug comment!
|
||||
bug_relate_case_not_found=Bug related case not found
|
||||
bug_relate_case_type_unknown=Bug related case type unknown
|
||||
bug_relate_case_permission_error=No permission to show the case
|
||||
|
@ -90,6 +90,7 @@ bug_comment.parent_id.not_blank=缺陷评论父级ID不能为空
|
||||
bug_comment.parent.not_exist=父级评论不存在
|
||||
bug_comment.reply_user.not_blank=缺陷回复人不能为空
|
||||
bug_comment_not_exist=缺陷评论不存在
|
||||
bug_comment_not_owner=非当前评论创建人, 无法操作!
|
||||
bug_relate_case_not_found=未查询到关联的用例
|
||||
bug_relate_case_type_unknown=关联的用例类型未知, 无法查看
|
||||
bug_relate_case_permission_error=无用例查看权限, 请联系管理员
|
||||
|
@ -90,6 +90,7 @@ bug_comment.parent_id.not_blank=缺陷評論父級ID不能為空
|
||||
bug_comment.parent.not_exist=父級評論不存在
|
||||
bug_comment.reply_user.not_blank=缺陷回復人不能為空
|
||||
bug_comment_not_exist=缺陷評論不存在
|
||||
bug_comment_not_owner=非當前評論創建人, 無法操作!
|
||||
bug_relate_case_not_found=未查詢到關聯的用例
|
||||
bug_relate_case_type_unknown=關聯的用例類型未知, 無法查看
|
||||
bug_relate_case_permission_error=無權限查看, 請聯繫管理員
|
||||
|
@ -51,6 +51,6 @@ public class BugCommentController {
|
||||
@Operation(summary = "缺陷管理-评论-删除评论")
|
||||
@RequiresPermissions(PermissionConstants.PROJECT_BUG_READ)
|
||||
public void delete(@PathVariable String commentId) {
|
||||
bugCommentService.deleteComment(commentId);
|
||||
bugCommentService.deleteComment(commentId, SessionUtils.getUserId());
|
||||
}
|
||||
}
|
||||
|
@ -128,7 +128,7 @@ public class BugCommentService {
|
||||
* @return 缺陷评论
|
||||
*/
|
||||
public BugComment updateComment(BugCommentEditRequest request, String currentUser) {
|
||||
checkComment(request.getId());
|
||||
checkComment(request.getId(), currentUser);
|
||||
BugComment bugComment = getBugComment(request, currentUser, true);
|
||||
return updateBugCommentAndNotice(request, bugComment, currentUser);
|
||||
}
|
||||
@ -137,8 +137,8 @@ public class BugCommentService {
|
||||
* 删除评论
|
||||
* @param commentId 评论ID
|
||||
*/
|
||||
public void deleteComment(String commentId) {
|
||||
checkComment(commentId);
|
||||
public void deleteComment(String commentId, String currentUser) {
|
||||
checkComment(commentId, currentUser);
|
||||
BugComment bugComment = bugCommentMapper.selectByPrimaryKey(commentId);
|
||||
if (StringUtils.isEmpty(bugComment.getParentId())) {
|
||||
// 如果是父评论, 先删除子评论
|
||||
@ -270,14 +270,17 @@ public class BugCommentService {
|
||||
}
|
||||
|
||||
/**
|
||||
* 校验评论是否存在
|
||||
* 校验评论是否存在, 评论创建人是否当前用户
|
||||
* @param commentId 评论ID
|
||||
*/
|
||||
private void checkComment(String commentId) {
|
||||
private void checkComment(String commentId, String currentUser) {
|
||||
BugComment bugComment = bugCommentMapper.selectByPrimaryKey(commentId);
|
||||
if (bugComment == null) {
|
||||
throw new IllegalArgumentException(Translator.get("bug_comment_not_exist"));
|
||||
}
|
||||
if (!StringUtils.equals(bugComment.getCreateUser(), currentUser)) {
|
||||
throw new IllegalArgumentException(Translator.get("bug_comment_not_owner"));
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -210,6 +210,10 @@ public class BugCommentControllerTests extends BaseTest {
|
||||
this.requestGet(BUG_COMMENT_DELETE + "/default-bug-comment-id-4");
|
||||
BugComment comment1 = bugCommentMapper.selectByPrimaryKey("default-bug-comment-id-4");
|
||||
Assertions.assertNull(comment1);
|
||||
// 删除非当前评论人的评论
|
||||
this.requestGet(BUG_COMMENT_DELETE + "/default-bug-comment-id-5");
|
||||
BugComment comment2 = bugCommentMapper.selectByPrimaryKey("default-bug-comment-id-5");
|
||||
Assertions.assertTrue(StringUtils.equals(comment2.getId(), "default-bug-comment-id-5"));
|
||||
}
|
||||
|
||||
@Test
|
||||
|
@ -15,9 +15,10 @@ INSERT INTO bug (id, num, title, handle_users, handle_user, create_user, create_
|
||||
|
||||
INSERT INTO bug_comment (id, bug_id, reply_user, notifier, parent_id, content, create_user, create_time, update_user, update_time) VALUES
|
||||
('default-bug-comment-id-1', 'default-bug-id-for-comment', null, null, null, 'This is a test comment!', 'admin', UNIX_TIMESTAMP() * 1000, 'admin', UNIX_TIMESTAMP() * 1000),
|
||||
('default-bug-comment-id-2', 'default-bug-id-for-comment', 'admin', 'oasis-user-id1;oasis-user-id2', 'default-bug-comment-id-1', 'This is a test comment!', 'oasis-user-id', UNIX_TIMESTAMP() * 1000, 'admin', UNIX_TIMESTAMP() * 1000),
|
||||
('default-bug-comment-id-3', 'default-bug-id-for-comment', null, null, null, 'This is a test comment!', 'oasis-user-id1', UNIX_TIMESTAMP() * 1000 + 1000, 'admin', UNIX_TIMESTAMP() * 1000),
|
||||
('default-bug-comment-id-4', 'default-bug-id-for-comment', 'oasis-user-id1', null, 'default-bug-comment-id-3', 'This is a test comment!', 'oasis-user-id2', UNIX_TIMESTAMP() * 1000 + 1000, 'admin', UNIX_TIMESTAMP() * 1000);
|
||||
('default-bug-comment-id-2', 'default-bug-id-for-comment', 'admin', 'oasis-user-id1;oasis-user-id2', 'default-bug-comment-id-1', 'This is a test comment!', 'admin', UNIX_TIMESTAMP() * 1000, 'admin', UNIX_TIMESTAMP() * 1000),
|
||||
('default-bug-comment-id-3', 'default-bug-id-for-comment', null, null, null, 'This is a test comment!', 'admin', UNIX_TIMESTAMP() * 1000 + 1000, 'admin', UNIX_TIMESTAMP() * 1000),
|
||||
('default-bug-comment-id-4', 'default-bug-id-for-comment', 'oasis-user-id1', null, 'default-bug-comment-id-3', 'This is a test comment!', 'admin', UNIX_TIMESTAMP() * 1000 + 1000, 'admin', UNIX_TIMESTAMP() * 1000),
|
||||
('default-bug-comment-id-5', 'default-bug-id-for-comment', 'oasis-user-id1', null, null, 'This is a test comment!', 'oasis', UNIX_TIMESTAMP() * 1000 - 1000, 'admin', UNIX_TIMESTAMP() * 1000);
|
||||
|
||||
INSERT INTO bug_custom_field (bug_id, field_id, value) VALUE ('default-bug-id-for-comment1', 'comment_test_field', '["default", "default-1"]');
|
||||
|
||||
|
@ -1,8 +1,8 @@
|
||||
<template>
|
||||
<div class="flex flex-row gap-[8px]">
|
||||
<div class="p-1"> <MsAvatar :avatar="props.element.commentUserInfos[0].avatar" /></div>
|
||||
<div class="p-1"> <MsAvatar :avatar="creatorInfo.avatar" /></div>
|
||||
<div class="flex w-full flex-col">
|
||||
<div class="font-medium text-[var(--color-text-1)]">{{ props.element.commentUserInfos[0].name }}</div>
|
||||
<div class="font-medium text-[var(--color-text-1)]">{{ creatorInfo.name }}</div>
|
||||
<div v-dompurify-html="props.element.content" class="markdown-body mt-[4px]"></div>
|
||||
|
||||
<div class="mb-4 mt-[16px] flex flex-row items-center">
|
||||
@ -28,7 +28,7 @@
|
||||
<span>{{ t('ms.comment.reply') }}</span>
|
||||
</div>
|
||||
<div
|
||||
v-if="hasEditAuth"
|
||||
v-if="hasAuth"
|
||||
class="comment-btn hover:bg-[var(--color-bg-3)]"
|
||||
:class="{ 'bg-[var(--color-text-n8)]': status === 'edit' }"
|
||||
@click="editClick"
|
||||
@ -37,6 +37,7 @@
|
||||
<span>{{ t('ms.comment.edit') }}</span>
|
||||
</div>
|
||||
<div
|
||||
v-if="hasAuth"
|
||||
class="comment-btn hover:bg-[rgb(var(--danger-1))]"
|
||||
:class="{ 'bg-[rgb(var(--danger-2))]': status === 'delete' }"
|
||||
@click="deleteClick"
|
||||
@ -76,7 +77,7 @@
|
||||
}>();
|
||||
|
||||
// 是否拥有编辑|删除权限
|
||||
const hasEditAuth = computed(() => {
|
||||
const hasAuth = computed(() => {
|
||||
return props.element.createUser === userStore.id;
|
||||
});
|
||||
|
||||
@ -109,6 +110,10 @@
|
||||
emit('delete');
|
||||
status.value = 'delete';
|
||||
};
|
||||
|
||||
const creatorInfo = computed(() => {
|
||||
return props.element.commentUserInfos.filter((item) => item.id === props.element.createUser)[0];
|
||||
});
|
||||
</script>
|
||||
|
||||
<style lang="less" scoped>
|
||||
|
Loading…
Reference in New Issue
Block a user