fix user update permission (#11603)

2024-01-11 17:16:00 +08:00 · 2024-01-11 17:16:00 +08:00 · a7d1c35f85
commit a7d1c35f85
parent 207505735c
1 changed files with 10 additions and 4 deletions
--- a/plugin-default-impl/nacos-default-auth-plugin/src/main/java/com/alibaba/nacos/plugin/auth/impl/controller/UserController.java
+++ b/plugin-default-impl/nacos-default-auth-plugin/src/main/java/com/alibaba/nacos/plugin/auth/impl/controller/UserController.java
@ -176,12 +176,18 @@ public class UserController {
        }
        IdentityContext identityContext = (IdentityContext) request.getSession()
                .getAttribute(com.alibaba.nacos.plugin.auth.constant.Constants.Identity.IDENTITY_CONTEXT);
-        NacosUser user;
-        if (identityContext == null
-                || (user = (NacosUser) identityContext.getParameter(AuthConstants.NACOS_USER_KEY)) == null
-                || (user = iAuthenticationManager.authenticate(request)) == null) {
+        if (identityContext == null) {
            throw new HttpSessionRequiredException("session expired!");
        }
+        NacosUser user = (NacosUser) identityContext.getParameter(AuthConstants.NACOS_USER_KEY);
+        if (user == null) {
+            user = iAuthenticationManager.authenticate(request);
+            if (user == null) {
+                throw new HttpSessionRequiredException("session expired!");
+            }
+            //get user form jwt need check permission
+            iAuthenticationManager.hasGlobalAdminRole(user);
+        }
        // admin
        if (user.isGlobalAdmin()) {
            return true;