center/dataease-dm
center/dataease-dm
13
0
Fork 0
forked from github/dataease
Code Pull Requests Activity

Merge pull request #5342 from dataease/pr@dev@fix_panel_share_remove

Browse Source 
feat(仪表板): 删除分享IDOR漏洞
This commit is contained in:
fit2cloudrd 2023-05-29 10:23:59 +08:00 committed by GitHub
commit 25d85a3fc5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
backend/src/main/java/io/dataease/service/panel/ShareService.java
View File

@ -4,12 +4,11 @@ import com.google.gson.Gson;
import io.dataease.auth.api.dto.CurrentRoleDto; import io.dataease.auth.api.dto.CurrentRoleDto;
import io.dataease.auth.api.dto.CurrentUserDto; import io.dataease.auth.api.dto.CurrentUserDto;
import io.dataease.commons.constants.SysLogConstants; import io.dataease.commons.constants.SysLogConstants;
import io.dataease.commons.utils.DeLogUtils;
import io.dataease.ext.ExtPanelShareMapper;
import io.dataease.commons.model.AuthURD; import io.dataease.commons.model.AuthURD;
import io.dataease.commons.utils.AuthUtils; import io.dataease.commons.utils.AuthUtils;
import io.dataease.commons.utils.BeanUtils; import io.dataease.commons.utils.BeanUtils;
import io.dataease.commons.utils.CommonBeanFactory; import io.dataease.commons.utils.CommonBeanFactory;
import io.dataease.commons.utils.DeLogUtils;
import io.dataease.controller.request.panel.PanelShareFineDto; import io.dataease.controller.request.panel.PanelShareFineDto;
import io.dataease.controller.request.panel.PanelShareRemoveRequest; import io.dataease.controller.request.panel.PanelShareRemoveRequest;
import io.dataease.controller.request.panel.PanelShareRequest; import io.dataease.controller.request.panel.PanelShareRequest;
@ -18,6 +17,7 @@ import io.dataease.controller.sys.base.BaseGridRequest;
import io.dataease.dto.panel.PanelShareDto; import io.dataease.dto.panel.PanelShareDto;
import io.dataease.dto.panel.PanelShareOutDTO; import io.dataease.dto.panel.PanelShareOutDTO;
import io.dataease.dto.panel.PanelSharePo; import io.dataease.dto.panel.PanelSharePo;
import io.dataease.ext.ExtPanelShareMapper;
import io.dataease.plugins.common.base.domain.PanelGroup; import io.dataease.plugins.common.base.domain.PanelGroup;
import io.dataease.plugins.common.base.domain.PanelShare; import io.dataease.plugins.common.base.domain.PanelShare;
import io.dataease.plugins.common.base.domain.PanelShareExample; import io.dataease.plugins.common.base.domain.PanelShareExample;
@ -390,8 +390,11 @@ public class ShareService {
PanelShareRemoveRequest request = new PanelShareRemoveRequest(); PanelShareRemoveRequest request = new PanelShareRemoveRequest();
request.setPanelId(panelId); request.setPanelId(panelId);
List<PanelShareOutDTO> panelShareOutDTOS = queryTargets(panelId); List<PanelShareOutDTO> panelShareOutDTOS = queryTargets(panelId);
if (CollectionUtils.isEmpty(panelShareOutDTOS) || ObjectUtils.isEmpty(panelGroup)) {
return;
}
extPanelShareMapper.removeShares(request); extPanelShareMapper.removeShares(request);
if (CollectionUtils.isEmpty(panelShareOutDTOS) || ObjectUtils.isEmpty(panelGroup) || StringUtils.isBlank(panelGroup.getName())) { if (StringUtils.isBlank(panelGroup.getName())) {
return; return;
} }
panelShareOutDTOS.forEach(shareOut -> { panelShareOutDTOS.forEach(shareOut -> {