From 9f8e83df8f9aeae927d100c685ea07f884950f70 Mon Sep 17 00:00:00 2001
From: owenlxu <owenlxu@tencent.com>
Date: Fri, 1 Dec 2023 22:53:03 +0800
Subject: [PATCH] =?UTF-8?q?bug:=20=E4=BF=AE=E5=A4=8D=E5=B9=B3=E5=8F=B0?=
 =?UTF-8?q?=E8=B4=A6=E5=8F=B7=E6=A0=A1=E9=AA=8C=20#1516?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../tencent/bkrepo/auth/controller/OpenResource.kt   | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/controller/OpenResource.kt b/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/controller/OpenResource.kt
index fb2c5884fe..7822e03f97 100644
--- a/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/controller/OpenResource.kt
+++ b/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/controller/OpenResource.kt
@@ -59,8 +59,8 @@ open class OpenResource(private val permissionService: PermissionService) {
     /**
      *  userId's assetUsers contain userContext or userContext be admin
      */
-    fun preCheckUserOrAssetUser(userId: String, users:List<UserInfo>) {
-        if(!users.any { userInfo -> userInfo.userId.equals(userId) }) {
+    fun preCheckUserOrAssetUser(userId: String, users: List<UserInfo>) {
+        if (!users.any { userInfo -> userInfo.userId.equals(userId) }) {
             preCheckContextUser(userId)
         }
     }
@@ -80,12 +80,18 @@ open class OpenResource(private val permissionService: PermissionService) {
      * only system scopeType account have the permission
      */
     fun preCheckPlatformPermission() {
+        val appId = SecurityUtils.getPlatformId()
+        if (appId.isNullOrEmpty()) {
+            logger.warn("appId can not be empty [$appId]")
+            throw ErrorCodeException(AuthMessageCode.AUTH_ACCOUT_FORAUTH_NOT_PERM)
+        }
         val request = CheckPermissionRequest(
             uid = SecurityUtils.getUserId(),
-            appId = SecurityUtils.getPlatformId(),
+            appId = appId,
             resourceType = ResourceType.SYSTEM.name,
             action = PermissionAction.MANAGE.name
         )
+
         if (!permissionService.checkPlatformPermission(request)) {
             logger.warn("account do not have the permission [$request]")
             throw ErrorCodeException(AuthMessageCode.AUTH_ACCOUT_FORAUTH_NOT_PERM)