Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

解决SQL工单提交人信息缺失的问题 fix #1881 #1883

Merged
merged 2 commits into from
Oct 7, 2022
Merged

解决SQL工单提交人信息缺失的问题 fix #1881 #1883

merged 2 commits into from
Oct 7, 2022

Conversation

hhyo
Copy link
Owner

@hhyo hhyo commented Sep 27, 2022
edited
Loading

SQL工单缺失提交人信息,会导致权限校验异常,已经提交的工单需要人工修正数据,更新sql_workflow表中的engineer字段为提交人username

#1668 这里实际上存在一个不兼容的修改:通过API提交工单时,指定提交人已经失效,会全部标记为当前认证用户 @nick2wang 可以看下是否需要将api版本调整为v2,还是保持现状

@codecov
Copy link

codecov bot commented Sep 27, 2022
edited
Loading

Codecov Report

Base: 75.89% // Head: 75.91% // Increases project coverage by +0.02% 🎉

Coverage data is based on head (632420f) compared to base (bf809ce).
Patch coverage: 92.59% of modified lines in pull request are covered.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #1883      +/-   ##
==========================================
+ Coverage   75.89%   75.91%   +0.02%     
==========================================
  Files          91       91              
  Lines       14161    14180      +19     
==========================================
+ Hits        10747    10765      +18     
- Misses       3414     3415       +1
Impacted Files Coverage Δ
sql_api/serializers.py 80.05% <85.71%> (+0.11%) ⬆️
sql_api/tests.py 100.00% <100.00%> (ø)
sql/views.py 63.45% <0.00%> (-0.67%) ⬇️
sql/engines/goinception.py 64.92% <0.00%> (-0.33%) ⬇️
sql/engines/mssql.py 70.05% <0.00%> (-0.16%) ⬇️
sql/engines/mongo.py 50.00% <0.00%> (+0.13%) ⬆️
sql/utils/sql_utils.py 63.51% <0.00%> (+0.42%) ⬆️

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report at Codecov.
📢 Do you have feedback about the report comment? Let us know in this issue.

@nick2wang
Copy link
Collaborator

这个影响还挺大的,之前api用户是没做权限控制,engineer字段需要手动提交,要不就维持v1版,搞个v2版慢慢把v1的api做个人权限控制后迁移到v2,后面再废弃掉v1,前端统一接入v2,不然接口一直变动使用起来很迷惑

@hhyo
Copy link
Owner Author

hhyo commented Sep 28, 2022

当前所有的api接口都没有资源权限检验,其实可以理解为就是admin账户登录,可以在方法内都实现admin检测,admin用户不做资源检验,允许指定user,其他的统一按照认证用户处理,就不单开新旧版本了,api需要尽可能考虑版本向前兼容,加上现在两套完全一样的代码,维护代价颇高

@nick2wang
Copy link
Collaborator

能兼容特权用户也可以

@hhyo hhyo merged commit cc70b96 into master Oct 7, 2022
@hhyo hhyo deleted the bugfix-1881 branch October 7, 2022 05:32
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@hhyo @nick2wang