From 7a54533b110046856e534ef80eec8af369a7d6f2 Mon Sep 17 00:00:00 2001
From: "saimu.msm" <saimu.msm@antfin.com>
Date: Thu, 28 Mar 2024 16:59:24 +0800
Subject: [PATCH 1/2] fix checker

---
 .../home/biz/service/impl/AlertGroupServiceImpl.java   |  6 ++++--
 .../custom/AlarmRuleLevelAuthorizationChecker.java     | 10 +++++++---
 2 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/server/home/home-service/src/main/java/io/holoinsight/server/home/biz/service/impl/AlertGroupServiceImpl.java b/server/home/home-service/src/main/java/io/holoinsight/server/home/biz/service/impl/AlertGroupServiceImpl.java
index 1ffdbb866..d6a1f57c4 100644
--- a/server/home/home-service/src/main/java/io/holoinsight/server/home/biz/service/impl/AlertGroupServiceImpl.java
+++ b/server/home/home-service/src/main/java/io/holoinsight/server/home/biz/service/impl/AlertGroupServiceImpl.java
@@ -79,8 +79,10 @@ public MonitorPageResult<AlarmGroupDTO> getListByPage(
 
     AlarmGroup alarmGroup = alarmGroupConverter.dtoToDO(pageRequest.getTarget());
 
-    this.requestContextAdapter.queryWrapperTenantAdapt(wrapper, alarmGroup.getTenant(),
-        alarmGroup.getWorkspace());
+    wrapper.eq("tenant", alarmGroup.getTenant());
+    if (StringUtils.isNotEmpty(alarmGroup.getWorkspace())) {
+      wrapper.eq("workspace", alarmGroup.getWorkspace());
+    }
 
     if (null != alarmGroup.getId()) {
       wrapper.eq("id", alarmGroup.getId());
diff --git a/server/home/home-web/src/main/java/io/holoinsight/server/home/web/security/custom/AlarmRuleLevelAuthorizationChecker.java b/server/home/home-web/src/main/java/io/holoinsight/server/home/web/security/custom/AlarmRuleLevelAuthorizationChecker.java
index 8b1469d67..98b361f4f 100644
--- a/server/home/home-web/src/main/java/io/holoinsight/server/home/web/security/custom/AlarmRuleLevelAuthorizationChecker.java
+++ b/server/home/home-web/src/main/java/io/holoinsight/server/home/web/security/custom/AlarmRuleLevelAuthorizationChecker.java
@@ -270,11 +270,15 @@ private LevelAuthorizationCheckResult checkAlarmRuleDTO(String methodName,
     }
 
     if (StringUtils.isNotEmpty(alarmRuleDTO.getNoticeType())) {
-      return failCheckResult("noticeType %s should be empty", alarmRuleDTO.getMergeType());
+      return failCheckResult("noticeType %s should be empty", alarmRuleDTO.getNoticeType());
     }
 
     if (!CollectionUtils.isEmpty(alarmRuleDTO.getAlarmContent())) {
-      return failCheckResult("alarmContent %s should be empty", alarmRuleDTO.getMergeType());
+      for (String content : alarmRuleDTO.getAlarmContent()) {
+        if (!sqlCnNameCheck(content)) {
+          return failCheckResult("invalid content %s in alarmContent", content);
+        }
+      }
     }
 
     if (StringUtils.isNotEmpty(alarmRuleDTO.getTenant())
@@ -471,7 +475,7 @@ private LevelAuthorizationCheckResult checkCompareConfigs(List<CompareConfig> co
             config.getTriggerLevel());
       }
       if (StringUtils.isNotEmpty(config.getTriggerContent())
-          && !checkSqlName(config.getTriggerContent())) {
+          && !sqlCnNameCheck(config.getTriggerContent())) {
         return failCheckResult("fail to check triggerContent in compareConfigs %s",
             config.getTriggerContent());
       }

From ae27a6cfe9619c6d4e8b5b678ed02feed1da44da Mon Sep 17 00:00:00 2001
From: masaimu <masaimu@126.com>
Date: Thu, 28 Mar 2024 17:51:27 +0800
Subject: [PATCH 2/2] m

---
 .../security/custom/AlarmRuleLevelAuthorizationChecker.java | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/server/home/home-web/src/main/java/io/holoinsight/server/home/web/security/custom/AlarmRuleLevelAuthorizationChecker.java b/server/home/home-web/src/main/java/io/holoinsight/server/home/web/security/custom/AlarmRuleLevelAuthorizationChecker.java
index 98b361f4f..b0b7600ea 100644
--- a/server/home/home-web/src/main/java/io/holoinsight/server/home/web/security/custom/AlarmRuleLevelAuthorizationChecker.java
+++ b/server/home/home-web/src/main/java/io/holoinsight/server/home/web/security/custom/AlarmRuleLevelAuthorizationChecker.java
@@ -513,9 +513,9 @@ private LevelAuthorizationCheckResult checkExtra(AlertRuleExtra extra, String te
     if (StringUtils.isNotEmpty(extra.sourceLink)) {
       return failCheckResult("sourceLink %s should be empty", extra.sourceLink);
     }
-    if (StringUtils.isNotEmpty(extra.md5)) {
-      return failCheckResult("md5 %s should be empty", extra.md5);
-    }
+    // if (StringUtils.isNotEmpty(extra.md5)) {
+    // return failCheckResult("md5 %s should be empty", extra.md5);
+    // }
     if (!CollectionUtils.isEmpty(extra.alertTags) && !checkSqlField(extra.alertTags)) {
       return failCheckResult("fail to check sql field in alertTags %s", J.toJson(extra.alertTags));
     }