加密文章更新后没有删除访问权限 #1518

1379 · 2021-11-04T03:38:32Z

What is version of Halo has the issue?

latest

What database are you using?

MySQL 8.x

What is your deployment method?

Fat Jar

Your site address.

no

What happened?

代码在这里：

halo/src/main/java/run/halo/app/service/impl/PostServiceImpl.java

Line 897 in c3536cb

authorizationService.deletePostAuthorization(post.getId());

这里似乎删除了个寂寞。文章更新后，只删除了当前更新文章的人的权限，也就是说删除了管理员的权限。期望的行为应该是删除所有人对这篇文章的权限吧

Relevant log output

No response

Additional information

No response

ruibaby · 2021-11-04T03:45:23Z

欢迎提交 pr。

1379 · 2021-11-04T03:47:55Z

@ruibaby 首先我要确定下，这是一个bug吗？我的判断是正确的吗

ruibaby · 2021-11-04T03:48:33Z

已确认可以复现。

JohnNiang · 2021-11-04T03:48:40Z

@1379 建议提供一个复现步骤，我们好确定问题是一样的。

1379 · 2021-11-04T03:51:07Z

@JohnNiang 打开两个浏览器。其中一个访问加密文章，输入密码，可以访问。在另一个浏览器里使用管理员登录，修改加密文章的密码，然后回到刚才的浏览器，访问加密文章，不需要输入密码就可以访问。

1379 · 2021-11-04T03:51:24Z

这是我在看源码时发现的问题

1379 · 2021-11-04T04:01:53Z

有人正在修复这个问题吗，我可以提个pr

ruibaby · 2021-11-04T04:03:24Z

有人正在修复这个问题吗，我可以提个pr

没有

1379 · 2021-11-04T04:08:49Z

你们有开发者交流群组吗，我可以加入吗。最近看源码有一些自己的思考想交流下

ruibaby · 2021-11-04T04:09:52Z

你们有开发者交流群组吗，我可以加入吗。最近看源码有一些自己的思考想交流下

在 issue 交流即可。

JohnNiang · 2021-11-04T04:40:12Z

你们有开发者交流群组吗，我可以加入吗。最近看源码有一些自己的思考想交流下

建议公开交流，这样也能留下讨论记录，更多人能够看到你的想法，有机会和你探讨。

建议在留言的时候把观点或者问题描述清楚，给对方足够多的信息，这样能避免一些反复来回沟通。

1379 · 2021-11-04T07:32:23Z

我发现这个问题有些麻烦

诉求是在更新加密文章时删除所有人对这篇文章的权限。
现在权限是存储在缓存里的 key:sessionID -> value:postID 。
如果想删除所有人对这篇文章的权限，需要根据postID 查到所有的sessionID。
那怎么根据postID 来反查 sessionID 呢？
如果把postID 作为key，value是HashSet，set里面存储sessionID，这样确实可以根据postID 反查到 sessionID，但是也引来了新的问题，因为不能对HashSet里的子项设置过期时间，这个HashSet可能会越来越大。。
有人有好的解决办法吗

ruibaby · 2021-11-08T03:49:06Z

cc @zhixiangyuan

ruibaby · 2021-11-18T08:34:27Z

/assign @guqing

1379 added the kind/bug Categorizes issue or PR as related to a bug. label Nov 4, 2021

ruibaby added the pr welcome label Nov 4, 2021

ruibaby assigned 1379 Nov 4, 2021

ruibaby added this to the 1.4.x milestone Nov 18, 2021

halo-dev-bot assigned guqing Nov 18, 2021

guqing mentioned this issue Nov 19, 2021

Fixed a bug that did not clear access rights when the password of private posts or categories was changed #1540

Merged

guqing linked a pull request Nov 19, 2021 that will close this issue

Fixed a bug that did not clear access rights when the password of private posts or categories was changed #1540

Merged

ruibaby closed this as completed in #1540 Nov 22, 2021

1379 mentioned this issue Feb 23, 2022

更新分类(Category)的实现有问题 #1673

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

加密文章更新后没有删除访问权限 #1518

加密文章更新后没有删除访问权限 #1518

1379 commented Nov 4, 2021

ruibaby commented Nov 4, 2021

1379 commented Nov 4, 2021

ruibaby commented Nov 4, 2021

JohnNiang commented Nov 4, 2021

1379 commented Nov 4, 2021 •

edited

Loading

1379 commented Nov 4, 2021

1379 commented Nov 4, 2021

ruibaby commented Nov 4, 2021

1379 commented Nov 4, 2021

ruibaby commented Nov 4, 2021

JohnNiang commented Nov 4, 2021

1379 commented Nov 4, 2021 •

edited

Loading

ruibaby commented Nov 8, 2021

ruibaby commented Nov 18, 2021

加密文章更新后没有删除访问权限 #1518

加密文章更新后没有删除访问权限 #1518

Comments

1379 commented Nov 4, 2021

What is version of Halo has the issue?

What database are you using?

What is your deployment method?

Your site address.

What happened?

Relevant log output

Additional information

ruibaby commented Nov 4, 2021

1379 commented Nov 4, 2021

ruibaby commented Nov 4, 2021

JohnNiang commented Nov 4, 2021

1379 commented Nov 4, 2021 • edited Loading

1379 commented Nov 4, 2021

1379 commented Nov 4, 2021

ruibaby commented Nov 4, 2021

1379 commented Nov 4, 2021

ruibaby commented Nov 4, 2021

JohnNiang commented Nov 4, 2021

1379 commented Nov 4, 2021 • edited Loading

ruibaby commented Nov 8, 2021

ruibaby commented Nov 18, 2021

1379 commented Nov 4, 2021 •

edited

Loading

1379 commented Nov 4, 2021 •

edited

Loading