From 453c3994ae3b70b30693efa64b50523ee255b11d Mon Sep 17 00:00:00 2001
From: jsy <jsy1001de@163.com>
Date: Tue, 9 Apr 2024 17:51:33 +0800
Subject: [PATCH] fix: fix AlarmRuleLevelAuthorizationChecker (#833)

---
 .../web/security/custom/AbstractResourceChecker.java   | 10 ++++++----
 .../custom/AlarmRuleLevelAuthorizationChecker.java     |  3 ++-
 2 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/server/home/home-web/src/main/java/io/holoinsight/server/home/web/security/custom/AbstractResourceChecker.java b/server/home/home-web/src/main/java/io/holoinsight/server/home/web/security/custom/AbstractResourceChecker.java
index 3d91748cd..39e08c0c7 100644
--- a/server/home/home-web/src/main/java/io/holoinsight/server/home/web/security/custom/AbstractResourceChecker.java
+++ b/server/home/home-web/src/main/java/io/holoinsight/server/home/web/security/custom/AbstractResourceChecker.java
@@ -3,9 +3,7 @@
  */
 package io.holoinsight.server.home.web.security.custom;
 
-import io.holoinsight.server.home.web.security.LevelAuthorizationCheck;
 import io.holoinsight.server.home.web.security.LevelAuthorizationCheckResult;
-import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.util.CollectionUtils;
 
@@ -21,8 +19,12 @@
 public interface AbstractResourceChecker {
 
   default LevelAuthorizationCheckResult checkIdNotNull(List<String> parameters) {
-    if (CollectionUtils.isEmpty(parameters) || !StringUtils.isNumeric(parameters.get(0))) {
-      return failCheckResult("parameters %s is empty or is not numeric.", parameters);
+    if (CollectionUtils.isEmpty(parameters)) {
+      return failCheckResult("parameters %s is empty.", parameters);
+    }
+
+    if (!StringUtils.isNumeric(parameters.get(0))) {
+      return failCheckResult("parameters %s is not numeric.", parameters.get(0));
     }
     return successCheckResult();
   }
diff --git a/server/home/home-web/src/main/java/io/holoinsight/server/home/web/security/custom/AlarmRuleLevelAuthorizationChecker.java b/server/home/home-web/src/main/java/io/holoinsight/server/home/web/security/custom/AlarmRuleLevelAuthorizationChecker.java
index f1ace1553..bfcf23bee 100644
--- a/server/home/home-web/src/main/java/io/holoinsight/server/home/web/security/custom/AlarmRuleLevelAuthorizationChecker.java
+++ b/server/home/home-web/src/main/java/io/holoinsight/server/home/web/security/custom/AlarmRuleLevelAuthorizationChecker.java
@@ -164,7 +164,8 @@ private LevelAuthorizationCheckResult checkSelfBool(String methodName, List<Stri
 
   private LevelAuthorizationCheckResult checkIdsExists(List<String> parameters, String tenant,
       String workspace) {
-    String[] idArray = StringUtils.split(parameters.get(0), ",");
+    String st = parameters.get(0);
+    String[] idArray = StringUtils.split(st.substring(1, st.length() - 1), ",");
     for (String id : idArray) {
       LevelAuthorizationCheckResult checkResult =
           checkIdExists(Collections.singletonList(id), tenant, workspace);