llvy.ltd/casdoor
1
0
Fork 0
mirror of https://github.com/casdoor/casdoor.git synced 2025-07-03 04:10:20 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix(secure): remove user list from roles and permissions field to avoid leaking userlist (#1614)

Browse Source 
* fix(secure): remove user list from roles and permissions field to avoid leaking userlist

Signed-off-by: fengxsong <fengxsong@outlook.com>

* Update permission.go

* Update role.go

---------

Signed-off-by: fengxsong <fengxsong@outlook.com>
Co-authored-by: hsluoyz <hsluoyz@qq.com>
This commit is contained in:
fengxsong
2023-03-03 18:18:41 +08:00
committed by GitHub
parent 59c95ca8a0
commit 1ae6adff8e
2 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
object/permission.go
View File

@ -245,6 +245,10 @@ func GetPermissionsByUser(userId string) []*Permission {
panic(err)
}
for i := range permissions {
permissions[i].Users = nil
}
return permissions
}

4
object/role.go
View File

@ -159,6 +159,10 @@ func GetRolesByUser(userId string) []*Role {
panic(err)
}
for i := range roles {
roles[i].Users = nil
}
return roles
}