-
Notifications
You must be signed in to change notification settings - Fork 2.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
#3657 Fix Admin have insecure permissions #3658
Conversation
Codecov Report
@@ Coverage Diff @@
## master #3658 +/- ##
============================================
- Coverage 62.43% 62.39% -0.04%
+ Complexity 5924 5921 -3
============================================
Files 903 903
Lines 24952 24956 +4
Branches 2283 2285 +2
============================================
- Hits 15578 15572 -6
- Misses 7928 7937 +9
- Partials 1446 1447 +1
Continue to review full report at Codecov.
|
@@ -158,6 +161,11 @@ public ShenyuAdminResult modifyPassword(@PathVariable("id") | |||
@Existed(provider = DashboardUserMapper.class, | |||
message = "user is not found") final String id, | |||
@Valid @RequestBody final DashboardUserDTO dashboardUserDTO) { | |||
UserInfo userInfo = (UserInfo) SecurityUtils.getSubject().getPrincipal(); | |||
if (Objects.isNull(userInfo) || !userInfo.getUserId().equals(id) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Objects.isNull(userInfo)
maybe need to return another error message.
Make sure that:
./mvnw clean install -Dmaven.javadoc.skip=true
.