Wangyizhi1 opened a new pull request #6238:
URL: https://github.com/apache/dolphinscheduler/pull/6238
#6236
The reason for this problem is that the front end should obtain actionable
projects through `GET projects/created-and-authed` instead of `GET
projects/list`. The `projects/list` interface will return all projects,
including those for which the current user does not have permission. When an
unauthorized projectCode is passed in, it is reasonable for the backend to
throw an error on the `GET projects/{projectCode}/process-definition/all`
interface.
In the old version, there may be ultra vires.
=====
这个问题的原因在于,前端应该通过 `GET projects/created-and-authed` 而不是 `GET projects/list`
来获取可以操作的projects。GET projects/list 接口会返回所有的项目,包括当前用户没有权限的。
当传入未授权的projectCode时,后端在 `GET projects/{projectCode}/process-definition/all`
接口抛出错误是合理的。
老版本中这里可能存在越权问题。
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
