Skip to content

Commit

Permalink
Merge pull request #1517 from owenlxu/issue_1516
Browse files Browse the repository at this point in the history 
bug: 修复平台账号校验 #1516
  • Loading branch information
@owenlxu
owenlxu authored Dec 4, 2023
2 parents 88842da + 9f8e83d commit 6412712
Showing 1 changed file with 9 additions and 3 deletions.
12 changes: 9 additions & 3 deletions src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/controller/OpenResource.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,8 +59,8 @@ open class OpenResource(private val permissionService: PermissionService) {
/**
* userId's assetUsers contain userContext or userContext be admin
*/
fun preCheckUserOrAssetUser(userId: String, users:List<UserInfo>) {
if(!users.any { userInfo -> userInfo.userId.equals(userId) }) {
fun preCheckUserOrAssetUser(userId: String, users: List<UserInfo>) {
if (!users.any { userInfo -> userInfo.userId.equals(userId) }) {
preCheckContextUser(userId)
}
}
Expand All @@ -80,12 +80,18 @@ open class OpenResource(private val permissionService: PermissionService) {
* only system scopeType account have the permission
*/
fun preCheckPlatformPermission() {
val appId = SecurityUtils.getPlatformId()
if (appId.isNullOrEmpty()) {
logger.warn("appId can not be empty [$appId]")
throw ErrorCodeException(AuthMessageCode.AUTH_ACCOUT_FORAUTH_NOT_PERM)
}
val request = CheckPermissionRequest(
uid = SecurityUtils.getUserId(),
appId = SecurityUtils.getPlatformId(),
appId = appId,
resourceType = ResourceType.SYSTEM.name,
action = PermissionAction.MANAGE.name
)

if (!permissionService.checkPlatformPermission(request)) {
logger.warn("account do not have the permission [$request]")
throw ErrorCodeException(AuthMessageCode.AUTH_ACCOUT_FORAUTH_NOT_PERM)
Expand Down

0 comments on commit 6412712

Please sign in to comment.