fix IT

traas-stack · Jan 31, 2024 · 204cf6f · 204cf6f
1 parent d5f4186
commit 204cf6f
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 12 deletions.
diff --git a/...a/io/holoinsight/server/home/web/security/custom/AlarmDingDingRobotFacadeImplChecker.java b/...a/io/holoinsight/server/home/web/security/custom/AlarmDingDingRobotFacadeImplChecker.java
@@ -64,15 +64,24 @@ private boolean checkParameters(String methodName, List<String> parameters, Stri
       case "update":
         return checkAlarmDingDingRobotDTO(methodName, parameters, tenant, workspace);
       case "queryById":
+        return checkIdNotNull(parameters);
       case "deleteById":
-        return checkId(parameters, tenant, workspace);
+        return checkIdExists(parameters, tenant, workspace);
       case "pageQuery":
         return checkPageRequest(methodName, parameters, tenant, workspace);
       default:
         return true;
     }
   }
 
+  private boolean checkIdNotNull(List<String> parameters) {
+    if (CollectionUtils.isEmpty(parameters) || !StringUtils.isNumeric(parameters.get(0))) {
+      log.error("parameters {} is empty or is not numeric.", parameters);
+      return false;
+    }
+    return true;
+  }
+
   private boolean checkPageRequest(String methodName, List<String> parameters, String tenant,
       String workspace) {
     if (CollectionUtils.isEmpty(parameters) || StringUtils.isBlank(parameters.get(0))) {
@@ -98,13 +107,12 @@ private boolean checkPageRequest(String methodName, List<String> parameters, Str
     return checkAlarmDingDingRobotDTO(methodName, target, tenant, workspace);
   }
 
-  private boolean checkId(List<String> parameters, String tenant, String workspace) {
-    if (CollectionUtils.isEmpty(parameters) || !StringUtils.isNumeric(parameters.get(0))) {
-      log.error("parameters {} is empty or is not numeric.", parameters);
+  private boolean checkIdExists(List<String> parameters, String tenant, String workspace) {
+    if (!checkIdNotNull(parameters)) {
       return false;
     }
     Long id = Long.parseLong(parameters.get(0));
-    return checkId(id, tenant, workspace);
+    return checkIdExists(id, tenant, workspace);
   }
 
   private boolean checkAlarmDingDingRobotDTO(String methodName, List<String> parameters,
@@ -135,7 +143,7 @@ private boolean checkAlarmDingDingRobotDTO(String methodName, AlarmDingDingRobot
         log.error("fail to check {} for id is null", methodName);
         return false;
       }
-      if (!checkId(dto.getId(), tenant, workspace)) {
+      if (!checkIdExists(dto.getId(), tenant, workspace)) {
         return false;
       }
     }
@@ -198,11 +206,13 @@ private boolean checkUserIds(String extra) {
     return true;
   }
 
-  private boolean checkId(Long id, String tenant, String workspace) {
+  private boolean checkIdExists(Long id, String tenant, String workspace) {
     QueryWrapper<AlarmDingDingRobot> queryWrapper = new QueryWrapper<>();
     queryWrapper.eq("id", id);
     queryWrapper.eq("tenant", tenant);
-    queryWrapper.eq("workspace", workspace);
+    if (StringUtils.isNotEmpty(workspace)) {
+      queryWrapper.eq("workspace", workspace);
+    }
     List<AlarmDingDingRobot> exist = this.alarmDingDingRobotMapper.selectList(queryWrapper);
     if (CollectionUtils.isEmpty(exist)) {
       log.error("fail to check id for no existed {} {} {}", id, tenant, workspace);

diff --git a/...n/java/io/holoinsight/server/home/web/security/custom/AlertTemplateFacadeImplChecker.java b/...n/java/io/holoinsight/server/home/web/security/custom/AlertTemplateFacadeImplChecker.java
@@ -7,6 +7,7 @@
 import com.google.common.reflect.TypeToken;
 import io.holoinsight.server.common.J;
 import io.holoinsight.server.home.common.util.scope.MonitorScope;
+import io.holoinsight.server.home.common.util.scope.MonitorUser;
 import io.holoinsight.server.home.common.util.scope.RequestContext;
 import io.holoinsight.server.home.dal.mapper.AlertTemplateMapper;
 import io.holoinsight.server.home.dal.model.AlertTemplate;
@@ -178,13 +179,18 @@ private boolean checkAlertNotificationTemplateDTO(String methodName, AlertTempla
       return false;
     }
 
-    if (StringUtils.isNotEmpty(templateDTO.creator) && !checkSqlField(templateDTO.creator)) {
-      log.error("fail to check {} for invalid creator {}", methodName, templateDTO.creator);
+    MonitorUser mu = RequestContext.getContext().mu;
+    if (StringUtils.isNotEmpty(templateDTO.creator)
+        && !StringUtils.equals(templateDTO.creator, mu.getLoginName())) {
+      log.error("fail to check {} for invalid creator {} for login name {}", methodName,
+          templateDTO.creator, mu.getLoginName());
       return false;
     }
 
-    if (StringUtils.isNotEmpty(templateDTO.modifier) && !checkSqlField(templateDTO.modifier)) {
-      log.error("fail to check {} for invalid modifier {}", methodName, templateDTO.modifier);
+    if (StringUtils.isNotEmpty(templateDTO.modifier)
+        && !StringUtils.equals(templateDTO.modifier, mu.getLoginName())) {
+      log.error("fail to check {} for invalid modifier {} for login name {}", methodName,
+          templateDTO.modifier, mu.getLoginName());
       return false;
     }