Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[ISSUE #7869 #7750]fix bug in permissions management module, such as redundant 'nacos,' when change password #8189

Merged
merged 1 commit into from
Apr 22, 2022
Merged

[ISSUE #7869 #7750]fix bug in permissions management module, such as redundant 'nacos,' when change password #8189

merged 1 commit into from
Apr 22, 2022

Conversation

jefferson-chern
Copy link

Please do not create a Pull Request without creating an issue first.
fix and close #7869 and #7750

What is the purpose of the change

there are no redundant 'nacos,' string when change password, add user and so on.

Brief changelog

delete username param when request from console to backend, because the user info saved in session, see PR #7804.

Verifying this change

  • clear cookie in your browser;
  • change the password of nacos, or add user.

image

@CLAassistant
Copy link

CLAassistant commented Apr 17, 2022
edited
Loading

CLA assistant check
All committers have signed the CLA.

@chuntaojun chuntaojun added this to the 1.4.4 milestone Apr 17, 2022
KomachiSion
KomachiSion requested changes Apr 18, 2022
View reviewed changes
Copy link
Collaborator

@KomachiSion KomachiSion left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

see #6014, const may be not need remove

jefferson-chern
jefferson-chern commented Apr 18, 2022
View reviewed changes
console/src/main/java/com/alibaba/nacos/console/controller/UserController.java
@@ -161,11 +161,11 @@ private boolean hasPermission(String username, HttpServletRequest request) {
if (!authConfigs.isAuthEnabled()) {
return true;
}
if (Objects.isNull(request.getAttribute(RequestUtil.NACOS_USER_KEY))) {
if (Objects.isNull(request.getSession().getAttribute(RequestUtil.NACOS_USER_KEY))) {
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this commit is that when the authentication switch is turned on, there is no way to change the password(forbidden), because the user information has been saved in the session, but the previous code was obtained directly from reqeust.

@jefferson-chern
* remove global param username when request from console to backend,
65c2019 
…fix alibaba#7869 and alibaba#7750.

* get user info from session in UserController.
* simply some code in UserController.
@jefferson-chern
Copy link
Author

see #6014, const may be not need remove

done

@KomachiSion KomachiSion merged commit 7bfa134 into alibaba:v1.x-develop Apr 22, 2022
@fengyonghui
Copy link

where to find this build?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chuntaojun chuntaojun chuntaojun approved these changes

@KomachiSion KomachiSion KomachiSion approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
1.4.4
Development

Successfully merging this pull request may close these issues.
5 participants
@jefferson-chern @CLAassistant @fengyonghui @chuntaojun @KomachiSion