llvy.ltd/casdoor
1
0
Fork 0
mirror of https://github.com/casdoor/casdoor.git synced 2025-05-23 10:45:47 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix: Restrict the request permissions of providers and applications (#970)

Browse Source
This commit is contained in:
leoshine 2022-08-07 16:05:05 +08:00 committed by GitHub
parent 32b4d98c2a
commit 8e5cd18c91
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 137 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
authz/authz.go
View File

@ -83,7 +83,7 @@ p, *, *, GET, /api/get-account, *, *
p, *, *, GET, /api/userinfo, *, * p, *, *, GET, /api/userinfo, *, *
p, *, *, *, /api/login/oauth, *, * p, *, *, *, /api/login/oauth, *, *
p, *, *, GET, /api/get-application, *, * p, *, *, GET, /api/get-application, *, *
p, *, *, GET, /api/get-applications, *, * p, *, *, GET, /api/get-organization-applications, *, *
p, *, *, GET, /api/get-user, *, * p, *, *, GET, /api/get-user, *, *
p, *, *, GET, /api/get-user-application, *, * p, *, *, GET, /api/get-user-application, *, *
p, *, *, GET, /api/get-resources, *, * p, *, *, GET, /api/get-resources, *, *

23
controllers/application.go
View File

@ -94,6 +94,29 @@ func (c *ApiController) GetUserApplication() {
c.ServeJSON() c.ServeJSON()
} }
// GetOrganizationApplications
// @Title GetOrganizationApplications
// @Tag Application API
// @Description get the detail of the organization's application
// @Param organization query string true "The organization name"
// @Success 200 {array} object.Application The Response object
// @router /get-organization-applications [get]
func (c *ApiController) GetOrganizationApplications() {
userId := c.GetSessionUsername()
owner := c.Input().Get("owner")
organization := c.Input().Get("organization")
if organization == "" {
c.ResponseError("Parameter organization is missing")
return
}
var applications []*object.Application
applications = object.GetApplicationsByOrganizationName(owner, organization)
c.Data["json"] = object.GetMaskedApplications(applications, userId)
c.ServeJSON()
}
// UpdateApplication // UpdateApplication
// @Title UpdateApplication // @Title UpdateApplication
// @Tag Application API // @Tag Application API

1
routers/router.go
View File

@ -115,6 +115,7 @@ func initAPI() {
beego.Router("/api/get-applications", &controllers.ApiController{}, "GET:GetApplications") beego.Router("/api/get-applications", &controllers.ApiController{}, "GET:GetApplications")
beego.Router("/api/get-application", &controllers.ApiController{}, "GET:GetApplication") beego.Router("/api/get-application", &controllers.ApiController{}, "GET:GetApplication")
beego.Router("/api/get-user-application", &controllers.ApiController{}, "GET:GetUserApplication") beego.Router("/api/get-user-application", &controllers.ApiController{}, "GET:GetUserApplication")
beego.Router("/api/get-organization-applications", &controllers.ApiController{}, "GET:GetOrganizationApplications")
beego.Router("/api/update-application", &controllers.ApiController{}, "POST:UpdateApplication") beego.Router("/api/update-application", &controllers.ApiController{}, "POST:UpdateApplication")
beego.Router("/api/add-application", &controllers.ApiController{}, "POST:AddApplication") beego.Router("/api/add-application", &controllers.ApiController{}, "POST:AddApplication")
beego.Router("/api/delete-application", &controllers.ApiController{}, "POST:DeleteApplication") beego.Router("/api/delete-application", &controllers.ApiController{}, "POST:DeleteApplication")

73
swagger/swagger.json
View File

@ -1291,6 +1291,35 @@
} }
} }
}, },
"/api/get-organization-applications": {
"get": {
"tags": [
"Application API"
],
"description": "get the detail of the organization's application",
"operationId": "ApiController.GetOrganizationApplications",
"parameters": [
{
"in": "query",
"name": "organization",
"description": "The organization name",
"required": true,
"type": "string"
}
],
"responses": {
"200": {
"description": "The Response object",
"schema": {
"type": "array",
"items": {
"$ref": "#/definitions/object.Application"
}
}
}
}
}
},
"/api/get-organizations": { "/api/get-organizations": {
"get": { "get": {
"tags": [ "tags": [
@ -1853,6 +1882,24 @@
"description": "The id of the user", "description": "The id of the user",
"required": true, "required": true,
"type": "string" "type": "string"
},
{
"in": "query",
"name": "owner",
"description": "The owner of the user",
"type": "string"
},
{
"in": "query",
"name": "email",
"description": "The email of the user",
"type": "string"
},
{
"in": "query",
"name": "phone",
"description": "The phone of the user",
"type": "string"
} }
], ],
"responses": { "responses": {
@ -3220,11 +3267,11 @@
} }
}, },
"definitions": { "definitions": {
"2127.0xc000427560.false": { "2200.0xc0003f8480.false": {
"title": "false", "title": "false",
"type": "object" "type": "object"
}, },
"2161.0xc000427590.false": { "2235.0xc0003f84b0.false": {
"title": "false", "title": "false",
"type": "object" "type": "object"
}, },
@ -3342,10 +3389,10 @@
"type": "object", "type": "object",
"properties": { "properties": {
"data": { "data": {
"$ref": "#/definitions/2127.0xc000427560.false" "$ref": "#/definitions/2200.0xc0003f8480.false"
}, },
"data2": { "data2": {
"$ref": "#/definitions/2161.0xc000427590.false" "$ref": "#/definitions/2235.0xc0003f84b0.false"
}, },
"msg": { "msg": {
"type": "string" "type": "string"
@ -3549,6 +3596,9 @@
"type": "integer", "type": "integer",
"format": "int64" "format": "int64"
}, },
"certificate": {
"type": "string"
},
"createdTime": { "createdTime": {
"type": "string" "type": "string"
}, },
@ -3571,9 +3621,6 @@
"privateKey": { "privateKey": {
"type": "string" "type": "string"
}, },
"certificate": {
"type": "string"
},
"scope": { "scope": {
"type": "string" "type": "string"
}, },
@ -4585,6 +4632,12 @@
"permanentAvatar": { "permanentAvatar": {
"type": "string" "type": "string"
}, },
"permissions": {
"type": "array",
"items": {
"$ref": "#/definitions/object.Permission"
}
},
"phone": { "phone": {
"type": "string" "type": "string"
}, },
@ -4606,6 +4659,12 @@
"region": { "region": {
"type": "string" "type": "string"
}, },
"roles": {
"type": "array",
"items": {
"$ref": "#/definitions/object.Role"
}
},
"score": { "score": {
"type": "integer", "type": "integer",
"format": "int64" "format": "int64"

51
swagger/swagger.yml
View File

@ -837,6 +837,25 @@ paths:
description: The Response object description: The Response object
schema: schema:
$ref: '#/definitions/object.Organization' $ref: '#/definitions/object.Organization'
/api/get-organization-applications:
get:
tags:
- Application API
description: get the detail of the organization's application
operationId: ApiController.GetOrganizationApplications
parameters:
- in: query
name: organization
description: The organization name
required: true
type: string
responses:
"200":
description: The Response object
schema:
type: array
items:
$ref: '#/definitions/object.Application'
/api/get-organizations: /api/get-organizations:
get: get:
tags: tags:
@ -1209,6 +1228,18 @@ paths:
description: The id of the user description: The id of the user
required: true required: true
type: string type: string
- in: query
name: owner
description: The owner of the user
type: string
- in: query
name: email
description: The email of the user
type: string
- in: query
name: phone
description: The phone of the user
type: string
responses: responses:
"200": "200":
description: The Response object description: The Response object
@ -2108,10 +2139,10 @@ paths:
schema: schema:
$ref: '#/definitions/Response' $ref: '#/definitions/Response'
definitions: definitions:
2127.0xc000427560.false: 2200.0xc0003f8480.false:
title: "false" title: "false"
type: object type: object
2161.0xc000427590.false: 2235.0xc0003f84b0.false:
title: "false" title: "false"
type: object type: object
Response: Response:
@ -2192,9 +2223,9 @@ definitions:
type: object type: object
properties: properties:
data: data:
$ref: '#/definitions/2127.0xc000427560.false' $ref: '#/definitions/2200.0xc0003f8480.false'
data2: data2:
$ref: '#/definitions/2161.0xc000427590.false' $ref: '#/definitions/2235.0xc0003f84b0.false'
msg: msg:
type: string type: string
name: name:
@ -2331,6 +2362,8 @@ definitions:
bitSize: bitSize:
type: integer type: integer
format: int64 format: int64
certificate:
type: string
createdTime: createdTime:
type: string type: string
cryptoAlgorithm: cryptoAlgorithm:
@ -2346,8 +2379,6 @@ definitions:
type: string type: string
privateKey: privateKey:
type: string type: string
certificate:
type: string
scope: scope:
type: string type: string
type: type:
@ -3027,6 +3058,10 @@ definitions:
type: string type: string
permanentAvatar: permanentAvatar:
type: string type: string
permissions:
type: array
items:
$ref: '#/definitions/object.Permission'
phone: phone:
type: string type: string
preHash: preHash:
@ -3041,6 +3076,10 @@ definitions:
format: int64 format: int64
region: region:
type: string type: string
roles:
type: array
items:
$ref: '#/definitions/object.Role'
score: score:
type: integer type: integer
format: int64 format: int64

2
web/src/backend/ApplicationBackend.js
View File

@ -22,7 +22,7 @@ export function getApplications(owner, page = "", pageSize = "", field = "", val
} }
export function getApplicationsByOrganization(owner, organization) { export function getApplicationsByOrganization(owner, organization) {
return fetch(`${Setting.ServerUrl}/api/get-applications?owner=${owner}&organization=${organization}`, { return fetch(`${Setting.ServerUrl}/api/get-organization-applications?owner=${owner}&organization=${organization}`, {
method: "GET", method: "GET",
credentials: "include", credentials: "include",
}).then(res => res.json()); }).then(res => res.json());