From 204cf6f71557019434a2fdfb9a87b1e8ab50b6fe Mon Sep 17 00:00:00 2001 From: masaimu Date: Wed, 31 Jan 2024 17:46:13 +0800 Subject: [PATCH] fix IT --- .../AlarmDingDingRobotFacadeImplChecker.java | 26 +++++++++++++------ .../AlertTemplateFacadeImplChecker.java | 14 +++++++--- 2 files changed, 28 insertions(+), 12 deletions(-) diff --git a/server/home/home-web/src/main/java/io/holoinsight/server/home/web/security/custom/AlarmDingDingRobotFacadeImplChecker.java b/server/home/home-web/src/main/java/io/holoinsight/server/home/web/security/custom/AlarmDingDingRobotFacadeImplChecker.java index 9e4daca45..3406653e3 100644 --- a/server/home/home-web/src/main/java/io/holoinsight/server/home/web/security/custom/AlarmDingDingRobotFacadeImplChecker.java +++ b/server/home/home-web/src/main/java/io/holoinsight/server/home/web/security/custom/AlarmDingDingRobotFacadeImplChecker.java @@ -64,8 +64,9 @@ private boolean checkParameters(String methodName, List parameters, Stri case "update": return checkAlarmDingDingRobotDTO(methodName, parameters, tenant, workspace); case "queryById": + return checkIdNotNull(parameters); case "deleteById": - return checkId(parameters, tenant, workspace); + return checkIdExists(parameters, tenant, workspace); case "pageQuery": return checkPageRequest(methodName, parameters, tenant, workspace); default: @@ -73,6 +74,14 @@ private boolean checkParameters(String methodName, List parameters, Stri } } + private boolean checkIdNotNull(List parameters) { + if (CollectionUtils.isEmpty(parameters) || !StringUtils.isNumeric(parameters.get(0))) { + log.error("parameters {} is empty or is not numeric.", parameters); + return false; + } + return true; + } + private boolean checkPageRequest(String methodName, List parameters, String tenant, String workspace) { if (CollectionUtils.isEmpty(parameters) || StringUtils.isBlank(parameters.get(0))) { @@ -98,13 +107,12 @@ private boolean checkPageRequest(String methodName, List parameters, Str return checkAlarmDingDingRobotDTO(methodName, target, tenant, workspace); } - private boolean checkId(List parameters, String tenant, String workspace) { - if (CollectionUtils.isEmpty(parameters) || !StringUtils.isNumeric(parameters.get(0))) { - log.error("parameters {} is empty or is not numeric.", parameters); + private boolean checkIdExists(List parameters, String tenant, String workspace) { + if (!checkIdNotNull(parameters)) { return false; } Long id = Long.parseLong(parameters.get(0)); - return checkId(id, tenant, workspace); + return checkIdExists(id, tenant, workspace); } private boolean checkAlarmDingDingRobotDTO(String methodName, List parameters, @@ -135,7 +143,7 @@ private boolean checkAlarmDingDingRobotDTO(String methodName, AlarmDingDingRobot log.error("fail to check {} for id is null", methodName); return false; } - if (!checkId(dto.getId(), tenant, workspace)) { + if (!checkIdExists(dto.getId(), tenant, workspace)) { return false; } } @@ -198,11 +206,13 @@ private boolean checkUserIds(String extra) { return true; } - private boolean checkId(Long id, String tenant, String workspace) { + private boolean checkIdExists(Long id, String tenant, String workspace) { QueryWrapper queryWrapper = new QueryWrapper<>(); queryWrapper.eq("id", id); queryWrapper.eq("tenant", tenant); - queryWrapper.eq("workspace", workspace); + if (StringUtils.isNotEmpty(workspace)) { + queryWrapper.eq("workspace", workspace); + } List exist = this.alarmDingDingRobotMapper.selectList(queryWrapper); if (CollectionUtils.isEmpty(exist)) { log.error("fail to check id for no existed {} {} {}", id, tenant, workspace); diff --git a/server/home/home-web/src/main/java/io/holoinsight/server/home/web/security/custom/AlertTemplateFacadeImplChecker.java b/server/home/home-web/src/main/java/io/holoinsight/server/home/web/security/custom/AlertTemplateFacadeImplChecker.java index 061832652..180ac4bec 100644 --- a/server/home/home-web/src/main/java/io/holoinsight/server/home/web/security/custom/AlertTemplateFacadeImplChecker.java +++ b/server/home/home-web/src/main/java/io/holoinsight/server/home/web/security/custom/AlertTemplateFacadeImplChecker.java @@ -7,6 +7,7 @@ import com.google.common.reflect.TypeToken; import io.holoinsight.server.common.J; import io.holoinsight.server.home.common.util.scope.MonitorScope; +import io.holoinsight.server.home.common.util.scope.MonitorUser; import io.holoinsight.server.home.common.util.scope.RequestContext; import io.holoinsight.server.home.dal.mapper.AlertTemplateMapper; import io.holoinsight.server.home.dal.model.AlertTemplate; @@ -178,13 +179,18 @@ private boolean checkAlertNotificationTemplateDTO(String methodName, AlertTempla return false; } - if (StringUtils.isNotEmpty(templateDTO.creator) && !checkSqlField(templateDTO.creator)) { - log.error("fail to check {} for invalid creator {}", methodName, templateDTO.creator); + MonitorUser mu = RequestContext.getContext().mu; + if (StringUtils.isNotEmpty(templateDTO.creator) + && !StringUtils.equals(templateDTO.creator, mu.getLoginName())) { + log.error("fail to check {} for invalid creator {} for login name {}", methodName, + templateDTO.creator, mu.getLoginName()); return false; } - if (StringUtils.isNotEmpty(templateDTO.modifier) && !checkSqlField(templateDTO.modifier)) { - log.error("fail to check {} for invalid modifier {}", methodName, templateDTO.modifier); + if (StringUtils.isNotEmpty(templateDTO.modifier) + && !StringUtils.equals(templateDTO.modifier, mu.getLoginName())) { + log.error("fail to check {} for invalid modifier {} for login name {}", methodName, + templateDTO.modifier, mu.getLoginName()); return false; }