feat: restrict the model of application type resource permission (#2394)

2025-07-02 19:40:19 +08:00 · 2023-10-12 00:05:53 +08:00
parent 4de716fef3
commit e4208d7fd9
3 changed files with 31 additions and 8 deletions
--- a/object/permission.go
+++ b/object/permission.go
@ -150,6 +150,21 @@ func UpdatePermission(id string, permission *Permission) (bool, error) {
 		return false, nil
 	}

+	if permission.ResourceType == "Application" {
+		model, err := GetModel(util.GetId(owner, permission.Model))
+		if err != nil {
+			return false, err
+		}
+		modelCfg, err := getModelCfg(model)
+		if err != nil {
+			return false, err
+		}
+
+		if len(strings.Split(modelCfg["p"], ",")) != 3 {
+			return false, fmt.Errorf("the model: %s for permission: %s is not valid, application type resources need 3 size [policy_defination] model", permission.Model, permission.GetId())
+		}
+	}
+
 	affected, err := ormer.Engine.ID(core.PK{owner, name}).AllCols().Update(permission)
 	if err != nil {
 		return false, err