Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

解决SQL工单提交人信息缺失的问题 fix #1881 #1883

Merged
merged 2 commits into from
Oct 7, 2022
Merged

解决SQL工单提交人信息缺失的问题 fix #1881 #1883

merged 2 commits into from
Oct 7, 2022

Conversation

hhyo
Copy link
Owner

@hhyo hhyo commented Sep 27, 2022
edited
Loading

SQL工单缺失提交人信息,会导致权限校验异常,已经提交的工单需要人工修正数据,更新sql_workflow表中的engineer字段为提交人username

#1668 这里实际上存在一个不兼容的修改:通过API提交工单时,指定提交人已经失效,会全部标记为当前认证用户 @nick2wang 可以看下是否需要将api版本调整为v2,还是保持现状

@codecov
Copy link

codecov bot commented Sep 27, 2022
edited
Loading

Codecov Report

Base: 75.89% // Head: 75.91% // Increases project coverage by +0.02% 🎉

Coverage data is based on head (632420f) compared to base (bf809ce).
Patch coverage: 92.59% of modified lines in pull request are covered.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #1883      +/-   ##
==========================================
+ Coverage   75.89%   75.91%   +0.02%     
==========================================
  Files          91       91              
  Lines       14161    14180      +19     
==========================================
+ Hits        10747    10765      +18     
- Misses       3414     3415       +1
Impacted Files Coverage Δ
sql_api/serializers.py 80.05% <85.71%> (+0.11%) ⬆️
sql_api/tests.py 100.00% <100.00%> (ø)
sql/views.py 63.45% <0.00%> (-0.67%) ⬇️
sql/engines/goinception.py 64.92% <0.00%> (-0.33%) ⬇️
sql/engines/mssql.py 70.05% <0.00%> (-0.16%) ⬇️
sql/engines/mongo.py 50.00% <0.00%> (+0.13%) ⬆️
sql/utils/sql_utils.py 63.51% <0.00%> (+0.42%) ⬆️

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report at Codecov.
📢 Do you have feedback about the report comment? Let us know in this issue.

@nick2wang
Copy link
Collaborator

这个影响还挺大的,之前api用户是没做权限控制,engineer字段需要手动提交,要不就维持v1版,搞个v2版慢慢把v1的api做个人权限控制后迁移到v2,后面再废弃掉v1,前端统一接入v2,不然接口一直变动使用起来很迷惑

@hhyo
Copy link
Owner Author

hhyo commented Sep 28, 2022

当前所有的api接口都没有资源权限检验,其实可以理解为就是admin账户登录,可以在方法内都实现admin检测,admin用户不做资源检验,允许指定user,其他的统一按照认证用户处理,就不单开新旧版本了,api需要尽可能考虑版本向前兼容,加上现在两套完全一样的代码,维护代价颇高

@nick2wang
Copy link
Collaborator

能兼容特权用户也可以

@hhyo hhyo merged commit cc70b96 into master Oct 7, 2022
@hhyo hhyo deleted the bugfix-1881 branch October 7, 2022 05:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@hhyo @nick2wang