Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix bugs that user could use invalid token to get user owned resource #453

Merged
merged 1 commit into from
Jun 14, 2023
Merged

fix bugs that user could use invalid token to get user owned resource #453

merged 1 commit into from
Jun 14, 2023

Conversation

chengjingtao
Copy link
Contributor

@chengjingtao chengjingtao commented Jun 6, 2023
edited
Loading

Changes

fix bugs that user could use invalid token (unauthorized) to get user owned resource

If user provide a valid jwt token but unauthorized, the UserOwnedResourcePermissionFilter cannot reject it with 401.
So, change SubjectAccessReview to SelfSubjectAccessReview to deal with unauthorized token.

Submitter Checklist

As the author of this PR, please check off the items in this checklist:

  • spec PR link included
  • Follows the commit message standard
  • Meets the contributing guidelines (including
    functionality, content, code)
  • Test cases with documentation and functionality works as expected using current and related github repos (MUST deploy and check)
  • Release notes block below has been filled in or deleted (only if no user facing changes)

Release Notes

bug fixes:  fix bugs that user could use invalid token to get user owned resource

@chengjingtao chengjingtao force-pushed the fix/resource-owned-error branch 3 times, most recently from dab4860 to 2cd8c24 Compare June 6, 2023 03:06
@chengjingtao chengjingtao force-pushed the fix/resource-owned-error branch from 2cd8c24 to 6ff08f3 Compare June 8, 2023 07:32
@chengjingtao chengjingtao merged commit 7d77033 into main Jun 14, 2023
@chengjingtao chengjingtao deleted the fix/resource-owned-error branch June 14, 2023 03:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@danielfbm danielfbm danielfbm approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@chengjingtao @danielfbm