Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

#3657 Fix Admin have insecure permissions #3658

Merged
merged 3 commits into from
Jul 29, 2022
Merged

#3657 Fix Admin have insecure permissions #3658

merged 3 commits into from
Jul 29, 2022

Conversation

nuo-promise
Copy link
Contributor

@nuo-promise nuo-promise commented Jul 3, 2022
edited
Loading

Make sure that:

  • You have read the contribution guidelines.
  • You submit test cases (unit or integration tests) that back your changes.
  • Your local test passed ./mvnw clean install -Dmaven.javadoc.skip=true.

@codecov-commenter
Copy link

codecov-commenter commented Jul 3, 2022
edited
Loading

Codecov Report

Merging #3658 (b86ef5b) into master (5bee112) will decrease coverage by 0.03%.
The diff coverage is 0.00%.

@@             Coverage Diff              @@
##             master    #3658      +/-   ##
============================================
- Coverage     62.43%   62.39%   -0.04%     
+ Complexity     5924     5921       -3     
============================================
  Files           903      903              
  Lines         24952    24956       +4     
  Branches       2283     2285       +2     
============================================
- Hits          15578    15572       -6     
- Misses         7928     7937       +9     
- Partials       1446     1447       +1
Impacted Files Coverage Δ
...enyu/admin/controller/DashboardUserController.java 80.64% <0.00%> (-11.95%) ⬇️
...apache/shenyu/admin/utils/ShenyuResultMessage.java 0.00% <ø> (ø)
...controller/ShenyuClientHttpRegistryController.java 77.77% <0.00%> (-22.23%) ⬇️
...ruptor/RegisterClientServerDisruptorPublisher.java 52.94% <0.00%> (-11.77%) ⬇️
...henyu/admin/service/impl/UpstreamCheckService.java 62.66% <0.00%> (-1.34%) ⬇️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 5bee112...b86ef5b. Read the comment docs.

@yu199195 yu199195 added this to the 2.5.0 milestone Jul 4, 2022
loongs-zhang
loongs-zhang reviewed Jul 27, 2022
View reviewed changes
shenyu-admin/src/main/java/org/apache/shenyu/admin/controller/DashboardUserController.java Outdated
@@ -158,6 +161,11 @@ public ShenyuAdminResult modifyPassword(@PathVariable("id")
@Existed(provider = DashboardUserMapper.class,
message = "user is not found") final String id,
@Valid @RequestBody final DashboardUserDTO dashboardUserDTO) {
UserInfo userInfo = (UserInfo) SecurityUtils.getSubject().getPrincipal();
if (Objects.isNull(userInfo) || !userInfo.getUserId().equals(id)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Objects.isNull(userInfo) maybe need to return another error message.

@loongs-zhang loongs-zhang merged commit f9c5688 into apache:master Jul 29, 2022
@nuo-promise nuo-promise deleted the #3657 branch September 7, 2022 11:13
This pull request was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@loongs-zhang loongs-zhang loongs-zhang approved these changes

Assignees
No one assigned
Labels
admin: permission
Projects
None yet
Milestone
2.5.0
Development

Successfully merging this pull request may close these issues.
4 participants
@nuo-promise @codecov-commenter @loongs-zhang @yu199195