From c95b984cf206287f3c446a3f971319f42da89124 Mon Sep 17 00:00:00 2001
From: MarkLee131 <kaixuan.li@ntu.edu.sg>
Date: Thu, 19 Mar 2026 20:30:29 +0800
Subject: [PATCH] fix: add missing @RequiresPermissions to testConnection
 endpoint

The testConnection endpoint at /system/dbconfig/testConnection is
missing @RequiresPermissions annotation, while all other endpoints
in the same controller (list, add, edit, remove, export) have
proper permission checks.

This allows any authenticated user to test database connections
regardless of their assigned role, bypassing the intended access
control for database configuration management.

Add @RequiresPermissions("system:dbconfig:edit") to testConnection
to enforce the same permission level as editing data sources.
---
 .../project/system/dbconfig/controller/DbConfigController.java   | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/main/java/com/vince/xq/project/system/dbconfig/controller/DbConfigController.java b/src/main/java/com/vince/xq/project/system/dbconfig/controller/DbConfigController.java
index 8fe8eb6..707a892 100644
--- a/src/main/java/com/vince/xq/project/system/dbconfig/controller/DbConfigController.java
+++ b/src/main/java/com/vince/xq/project/system/dbconfig/controller/DbConfigController.java
@@ -128,6 +128,7 @@ public String checkConnectNameUnique(Dbconfig dbconfig) {
     }
 
 
+    @RequiresPermissions("system:dbconfig:edit")
     @RequestMapping(value = "/testConnection", method = RequestMethod.POST)
     @ResponseBody
     public AjaxResult testConnection(Dbconfig dbconfig) {