Skip to content

#3657 Fix Admin have insecure permissions#3658

Merged
loongs-zhang merged 3 commits intoapache:masterfrom
nuo-promise:#3657
Jul 29, 2022
Merged

#3657 Fix Admin have insecure permissions#3658
loongs-zhang merged 3 commits intoapache:masterfrom
nuo-promise:#3657

Conversation

@nuo-promise
Copy link
Copy Markdown
Contributor

@nuo-promise nuo-promise commented Jul 3, 2022
edited
Loading

Make sure that:

  • You have read the contribution guidelines.
  • You submit test cases (unit or integration tests) that back your changes.
  • Your local test passed ./mvnw clean install -Dmaven.javadoc.skip=true.

@codecov-commenter
Copy link
Copy Markdown

codecov-commenter commented Jul 3, 2022
edited
Loading

Codecov Report

Merging #3658 (b86ef5b) into master (5bee112) will decrease coverage by 0.03%.
The diff coverage is 0.00%.

@@             Coverage Diff              @@
##             master    #3658      +/-   ##
============================================
- Coverage     62.43%   62.39%   -0.04%     
+ Complexity     5924     5921       -3     
============================================
  Files           903      903              
  Lines         24952    24956       +4     
  Branches       2283     2285       +2     
============================================
- Hits          15578    15572       -6     
- Misses         7928     7937       +9     
- Partials       1446     1447       +1
Impacted Files Coverage Δ
...enyu/admin/controller/DashboardUserController.java 80.64% <0.00%> (-11.95%) ⬇️
...apache/shenyu/admin/utils/ShenyuResultMessage.java 0.00% <ø> (ø)
...controller/ShenyuClientHttpRegistryController.java 77.77% <0.00%> (-22.23%) ⬇️
...ruptor/RegisterClientServerDisruptorPublisher.java 52.94% <0.00%> (-11.77%) ⬇️
...henyu/admin/service/impl/UpstreamCheckService.java 62.66% <0.00%> (-1.34%) ⬇️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 5bee112...b86ef5b. Read the comment docs.

@yu199195 yu199195 added this to the 2.5.0 milestone Jul 4, 2022
loongs-zhang
loongs-zhang reviewed Jul 27, 2022
View reviewed changes
shenyu-admin/src/main/java/org/apache/shenyu/admin/controller/DashboardUserController.java Outdated
message = "user is not found") final String id,
@Valid @RequestBody final DashboardUserDTO dashboardUserDTO) {
UserInfo userInfo = (UserInfo) SecurityUtils.getSubject().getPrincipal();
if (Objects.isNull(userInfo) || !userInfo.getUserId().equals(id)
Copy link
Copy Markdown
Member

@loongs-zhang loongs-zhang Jul 27, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Objects.isNull(userInfo) maybe need to return another error message.

@nuo-promise nuo-promise requested a review from loongs-zhang July 29, 2022 03:27
@loongs-zhang loongs-zhang merged commit f9c5688 into apache:master Jul 29, 2022
@nuo-promise nuo-promise deleted the #3657 branch September 7, 2022 11:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@loongs-zhang loongs-zhang loongs-zhang approved these changes

Assignees

No one assigned

Labels

admin: permission

Projects

None yet

Milestone

2.5.0

Development

Successfully merging this pull request may close these issues.

4 participants

@nuo-promise @codecov-commenter @loongs-zhang @yu199195