fix potential access issue

nobodyiam · nobodyiam · commit 362735ded4f1 · 2025-04-11T19:24:56.000+08:00
diff --git a/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/controller/ReleaseController.java b/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/controller/ReleaseController.java
@@ -136,6 +136,10 @@ public ReleaseDTO get(@PathVariable String env,
     if (release == null) {
       throw NotFoundException.releaseNotFound(releaseId);
     }
+    if (userPermissionValidator.shouldHideConfigToCurrentUser(release.getAppId(), env,
+        release.getClusterName(), release.getNamespaceName())) {
+      throw new AccessDeniedException("Access is denied");
+    }
     return release;
   }
 

Original file line number	Diff line number	Diff line change
`@@ -136,6 +136,10 @@ public ReleaseDTO get(@PathVariable String env,`
`136`	`136`	`if (release == null) {`
`137`	`137`	`throw NotFoundException.releaseNotFound(releaseId);`
`138`	`138`	`}`
	`139`	`+ if (userPermissionValidator.shouldHideConfigToCurrentUser(release.getAppId(), env,`
	`140`	`+ release.getClusterName(), release.getNamespaceName())) {`
	`141`	`+ throw new AccessDeniedException("Access is denied");`
	`142`	`+ }`
`139`	`143`	`return release;`
`140`	`144`	`}`
`141`	`145`