Skip to content

Commit

Permalink
Merge pull request #1426 from benero/fix_schema
Browse files Browse the repository at this point in the history
fix: 修复触发器 schema 越权问题 --story=119850966
  • Loading branch information
benero authored Oct 8, 2024
2 parents 047b146 + 33ce61f commit 24fb97b
Showing 1 changed file with 10 additions and 0 deletions.
10 changes: 10 additions & 0 deletions itsm/trigger/views.py
Original file line number Diff line number Diff line change
Expand Up @@ -232,11 +232,21 @@ def _single_update(action_data, instance):

return serializer.data

trigger = self.get_object()
rules = TriggerRule.objects.filter(trigger_id=trigger.id)
actions_schemas = []
for rule in rules:
if not rule.action_schemas:
continue
actions_schemas.extend(rule.action_schemas)

schemas = []
with transaction.atomic():
for _data in request.data:
try:
instance = ActionSchema.objects.get(id=_data.get("id", 0))
if instance.id not in actions_schemas:
raise ValidationError(_("Schema ID 异常"))
schema = _single_update(_data, instance)
except ActionSchema.DoesNotExist:
schema = _single_create(_data)
Expand Down

0 comments on commit 24fb97b

Please sign in to comment.