From dd4e3a788624c394385cf52ed833a2b1dc8a5fbc Mon Sep 17 00:00:00 2001
From: Jason Song <nobodyiam@gmail.com>
Date: Sat, 25 May 2024 21:25:46 +0800
Subject: [PATCH] Fix the role permission deletion issue when appid contains
 '_'

---
 CHANGES.md                                             |  1 +
 .../apollo/portal/repository/PermissionRepository.java |  5 +++--
 .../apollo/portal/repository/RoleRepository.java       | 10 ++++++----
 .../spi/defaultimpl/DefaultRolePermissionService.java  |  3 +++
 4 files changed, 13 insertions(+), 6 deletions(-)

diff --git a/CHANGES.md b/CHANGES.md
index 0ee49d99330..b96ea1f00b3 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -11,6 +11,7 @@ Apollo 2.3.0
 * [apollo assembly optimization](https://github.com/apolloconfig/apollo/pull/5035)
 * [update the config item table column width](https://github.com/apolloconfig/apollo/pull/5131)
 * [sync apollo portal server config to apollo quick start server](https://github.com/apolloconfig/apollo/pull/5134)
+* [Fix the role permission deletion issue when appid contains '_'](https://github.com/apolloconfig/apollo/pull/5150)
 
 ------------------
 All issues and pull requests are [here](https://github.com/apolloconfig/apollo/milestone/14?closed=1)
diff --git a/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/repository/PermissionRepository.java b/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/repository/PermissionRepository.java
index 5655317108e..809b8e90bd8 100644
--- a/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/repository/PermissionRepository.java
+++ b/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/repository/PermissionRepository.java
@@ -40,10 +40,11 @@ public interface PermissionRepository extends PagingAndSortingRepository<Permiss
   List<Permission> findByPermissionTypeInAndTargetId(Collection<String> permissionTypes,
                                                      String targetId);
 
-  @Query("SELECT p.id from Permission p where p.targetId = ?1 or p.targetId like CONCAT(?1, '+%')")
+  @Query("SELECT p.id from Permission p where p.targetId like ?1 or p.targetId like CONCAT(?1, '+%')")
   List<Long> findPermissionIdsByAppId(String appId);
 
-  @Query("SELECT p.id from Permission p where p.targetId = CONCAT(?1, '+', ?2)")
+  @Query("SELECT p.id from Permission p where p.targetId like CONCAT(?1, '+', ?2) "
+      + "OR p.targetId like CONCAT(?1, '+', ?2, '+%')")
   List<Long> findPermissionIdsByAppIdAndNamespace(String appId, String namespaceName);
 
   @Modifying
diff --git a/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/repository/RoleRepository.java b/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/repository/RoleRepository.java
index e870b933297..78c4c72cbc0 100644
--- a/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/repository/RoleRepository.java
+++ b/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/repository/RoleRepository.java
@@ -32,14 +32,16 @@ public interface RoleRepository extends PagingAndSortingRepository<Role, Long> {
    */
   Role findTopByRoleName(String roleName);
 
-  @Query("SELECT r.id from Role r where (r.roleName = CONCAT('Master+', ?1) "
+  @Query("SELECT r.id from Role r where r.roleName like CONCAT('Master+', ?1) "
       + "OR r.roleName like CONCAT('ModifyNamespace+', ?1, '+%') "
       + "OR r.roleName like CONCAT('ReleaseNamespace+', ?1, '+%')  "
-      + "OR r.roleName = CONCAT('ManageAppMaster+', ?1))")
+      + "OR r.roleName like CONCAT('ManageAppMaster+', ?1)")
   List<Long> findRoleIdsByAppId(String appId);
 
-  @Query("SELECT r.id from Role r where (r.roleName = CONCAT('ModifyNamespace+', ?1, '+', ?2) "
-      + "OR r.roleName = CONCAT('ReleaseNamespace+', ?1, '+', ?2))")
+  @Query("SELECT r.id from Role r where r.roleName like CONCAT('ModifyNamespace+', ?1, '+', ?2) "
+      + "OR r.roleName like CONCAT('ModifyNamespace+', ?1, '+', ?2, '+%') "
+      + "OR r.roleName like CONCAT('ReleaseNamespace+', ?1, '+', ?2) "
+      + "OR r.roleName like CONCAT('ReleaseNamespace+', ?1, '+', ?2, '+%')")
   List<Long> findRoleIdsByAppIdAndNamespace(String appId, String namespaceName);
 
   @Modifying
diff --git a/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/spi/defaultimpl/DefaultRolePermissionService.java b/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/spi/defaultimpl/DefaultRolePermissionService.java
index 61fa627b42f..fc10aacfaa8 100644
--- a/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/spi/defaultimpl/DefaultRolePermissionService.java
+++ b/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/spi/defaultimpl/DefaultRolePermissionService.java
@@ -41,6 +41,7 @@
 import com.google.common.collect.Sets;
 import java.util.Comparator;
 import java.util.LinkedHashSet;
+import org.springframework.data.jpa.repository.query.EscapeCharacter;
 import org.springframework.transaction.annotation.Transactional;
 import org.springframework.util.CollectionUtils;
 
@@ -286,6 +287,7 @@ public Set<Permission> createPermissions(Set<Permission> permissions) {
     @Transactional
     @Override
     public void deleteRolePermissionsByAppId(String appId, String operator) {
+        appId = EscapeCharacter.DEFAULT.escape(appId);
         List<Long> permissionIds = permissionRepository.findPermissionIdsByAppId(appId);
 
         if (!permissionIds.isEmpty()) {
@@ -313,6 +315,7 @@ public void deleteRolePermissionsByAppId(String appId, String operator) {
     @Transactional
     @Override
     public void deleteRolePermissionsByAppIdAndNamespace(String appId, String namespaceName, String operator) {
+        appId = EscapeCharacter.DEFAULT.escape(appId);
         List<Long> permissionIds = permissionRepository.findPermissionIdsByAppIdAndNamespace(appId, namespaceName);
 
         if (!permissionIds.isEmpty()) {