You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@shenyu.apache.org by GitBox <gi...@apache.org> on 2022/07/03 14:26:10 UTC
[GitHub] [incubator-shenyu] nuo-promise opened a new pull request, #3658: #3657 Fix Admin have insecure permissions
nuo-promise opened a new pull request, #3658:
URL: https://github.com/apache/incubator-shenyu/pull/3658
<!-- Describe your PR here; eg. Fixes #issueNo -->
<!--
Thank you for proposing a pull request. This template will guide you through the essential steps necessary for a pull request.
-->
Make sure that:
- [ ] You have read the [contribution guidelines](https://shenyu.apache.org/community/contributor-guide).
- [ ] You submit test cases (unit or integration tests) that back your changes.
- [ ] Your local test passed `./mvnw clean install -Dmaven.javadoc.skip=true`.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@shenyu.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [incubator-shenyu] codecov-commenter commented on pull request #3658: #3657 Fix Admin have insecure permissions
Posted by GitBox <gi...@apache.org>.
codecov-commenter commented on PR #3658:
URL: https://github.com/apache/incubator-shenyu/pull/3658#issuecomment-1173103997
# [Codecov](https://codecov.io/gh/apache/incubator-shenyu/pull/3658?src=pr&el=h1&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) Report
> Merging [#3658](https://codecov.io/gh/apache/incubator-shenyu/pull/3658?src=pr&el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) (b86ef5b) into [master](https://codecov.io/gh/apache/incubator-shenyu/commit/5bee11232b27f52e02048726126316c155fec8c8?el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) (5bee112) will **decrease** coverage by `0.38%`.
> The diff coverage is `0.00%`.
```diff
@@ Coverage Diff @@
## master #3658 +/- ##
============================================
- Coverage 62.43% 62.04% -0.39%
+ Complexity 5924 5881 -43
============================================
Files 903 903
Lines 24952 24946 -6
Branches 2283 2282 -1
============================================
- Hits 15578 15478 -100
- Misses 7928 8021 +93
- Partials 1446 1447 +1
```
| [Impacted Files](https://codecov.io/gh/apache/incubator-shenyu/pull/3658?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) | Coverage Δ | |
|---|---|---|
| [...enyu/admin/controller/DashboardUserController.java](https://codecov.io/gh/apache/incubator-shenyu/pull/3658/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c2hlbnl1LWFkbWluL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9zaGVueXUvYWRtaW4vY29udHJvbGxlci9EYXNoYm9hcmRVc2VyQ29udHJvbGxlci5qYXZh) | `80.64% <0.00%> (-11.95%)` | :arrow_down: |
| [...apache/shenyu/admin/utils/ShenyuResultMessage.java](https://codecov.io/gh/apache/incubator-shenyu/pull/3658/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c2hlbnl1LWFkbWluL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9zaGVueXUvYWRtaW4vdXRpbHMvU2hlbnl1UmVzdWx0TWVzc2FnZS5qYXZh) | `0.00% <ø> (ø)` | |
| [...henyu/plugin/logging/kafka/LoggingKafkaPlugin.java](https://codecov.io/gh/apache/incubator-shenyu/pull/3658/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c2hlbnl1LXBsdWdpbi9zaGVueXUtcGx1Z2luLWxvZ2dpbmcvc2hlbnl1LXBsdWdpbi1sb2dnaW5nLWthZmthL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9zaGVueXUvcGx1Z2luL2xvZ2dpbmcva2Fma2EvTG9nZ2luZ0thZmthUGx1Z2luLmphdmE=) | `22.72% <0.00%> (-72.73%)` | :arrow_down: |
| [...ache/shenyu/plugin/grpc/cache/GrpcClientCache.java](https://codecov.io/gh/apache/incubator-shenyu/pull/3658/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c2hlbnl1LXBsdWdpbi9zaGVueXUtcGx1Z2luLWdycGMvc3JjL21haW4vamF2YS9vcmcvYXBhY2hlL3NoZW55dS9wbHVnaW4vZ3JwYy9jYWNoZS9HcnBjQ2xpZW50Q2FjaGUuamF2YQ==) | `75.00% <0.00%> (-25.00%)` | :arrow_down: |
| [...controller/ShenyuClientHttpRegistryController.java](https://codecov.io/gh/apache/incubator-shenyu/pull/3658/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c2hlbnl1LWFkbWluL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9zaGVueXUvYWRtaW4vY29udHJvbGxlci9TaGVueXVDbGllbnRIdHRwUmVnaXN0cnlDb250cm9sbGVyLmphdmE=) | `77.77% <0.00%> (-22.23%)` | :arrow_down: |
| [...n/logging/kafka/body/LoggingServerHttpRequest.java](https://codecov.io/gh/apache/incubator-shenyu/pull/3658/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c2hlbnl1LXBsdWdpbi9zaGVueXUtcGx1Z2luLWxvZ2dpbmcvc2hlbnl1LXBsdWdpbi1sb2dnaW5nLWthZmthL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9zaGVueXUvcGx1Z2luL2xvZ2dpbmcva2Fma2EvYm9keS9Mb2dnaW5nU2VydmVySHR0cFJlcXVlc3QuamF2YQ==) | `0.00% <0.00%> (-20.00%)` | :arrow_down: |
| [...gin/logging/kafka/kafka/KafkaLogCollectClient.java](https://codecov.io/gh/apache/incubator-shenyu/pull/3658/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c2hlbnl1LXBsdWdpbi9zaGVueXUtcGx1Z2luLWxvZ2dpbmcvc2hlbnl1LXBsdWdpbi1sb2dnaW5nLWthZmthL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9zaGVueXUvcGx1Z2luL2xvZ2dpbmcva2Fma2Eva2Fma2EvS2Fma2FMb2dDb2xsZWN0Q2xpZW50LmphdmE=) | `34.69% <0.00%> (-18.37%)` | :arrow_down: |
| [.../plugin/logging/kafka/entity/ShenyuRequestLog.java](https://codecov.io/gh/apache/incubator-shenyu/pull/3658/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c2hlbnl1LXBsdWdpbi9zaGVueXUtcGx1Z2luLWxvZ2dpbmcvc2hlbnl1LXBsdWdpbi1sb2dnaW5nLWthZmthL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9zaGVueXUvcGx1Z2luL2xvZ2dpbmcva2Fma2EvZW50aXR5L1NoZW55dVJlcXVlc3RMb2cuamF2YQ==) | `86.20% <0.00%> (-13.80%)` | :arrow_down: |
| [...ruptor/RegisterClientServerDisruptorPublisher.java](https://codecov.io/gh/apache/incubator-shenyu/pull/3658/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c2hlbnl1LWFkbWluL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9zaGVueXUvYWRtaW4vZGlzcnVwdG9yL1JlZ2lzdGVyQ2xpZW50U2VydmVyRGlzcnVwdG9yUHVibGlzaGVyLmphdmE=) | `52.94% <0.00%> (-11.77%)` | :arrow_down: |
| [...a/org/apache/shenyu/common/utils/VersionUtils.java](https://codecov.io/gh/apache/incubator-shenyu/pull/3658/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c2hlbnl1LWNvbW1vbi9zcmMvbWFpbi9qYXZhL29yZy9hcGFjaGUvc2hlbnl1L2NvbW1vbi91dGlscy9WZXJzaW9uVXRpbHMuamF2YQ==) | `67.85% <0.00%> (-10.72%)` | :arrow_down: |
| ... and [43 more](https://codecov.io/gh/apache/incubator-shenyu/pull/3658/diff?src=pr&el=tree-more&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) | |
------
[Continue to review full report at Codecov](https://codecov.io/gh/apache/incubator-shenyu/pull/3658?src=pr&el=continue&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation).
> **Legend** - [Click here to learn more](https://docs.codecov.io/docs/codecov-delta?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation)
> `Δ = absolute <relative> (impact)`, `ø = not affected`, `? = missing data`
> Powered by [Codecov](https://codecov.io/gh/apache/incubator-shenyu/pull/3658?src=pr&el=footer&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation). Last update [5bee112...b86ef5b](https://codecov.io/gh/apache/incubator-shenyu/pull/3658?src=pr&el=lastupdated&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation). Read the [comment docs](https://docs.codecov.io/docs/pull-request-comments?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation).
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@shenyu.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [shenyu] dragon-zhang commented on a diff in pull request #3658: #3657 Fix Admin have insecure permissions
Posted by GitBox <gi...@apache.org>.
dragon-zhang commented on code in PR #3658:
URL: https://github.com/apache/shenyu/pull/3658#discussion_r930927148
##########
shenyu-admin/src/main/java/org/apache/shenyu/admin/controller/DashboardUserController.java:
##########
@@ -158,6 +161,11 @@ public ShenyuAdminResult modifyPassword(@PathVariable("id")
@Existed(provider = DashboardUserMapper.class,
message = "user is not found") final String id,
@Valid @RequestBody final DashboardUserDTO dashboardUserDTO) {
+ UserInfo userInfo = (UserInfo) SecurityUtils.getSubject().getPrincipal();
+ if (Objects.isNull(userInfo) || !userInfo.getUserId().equals(id)
Review Comment:
`Objects.isNull(userInfo)` maybe need to return another error message.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@shenyu.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [shenyu] dragon-zhang merged pull request #3658: #3657 Fix Admin have insecure permissions
Posted by GitBox <gi...@apache.org>.
dragon-zhang merged PR #3658:
URL: https://github.com/apache/shenyu/pull/3658
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@shenyu.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org