[Fix-18211][API] Add missing project authorization on view-gantt/view-variables and trigger workflow APIs#18212
Merged
ruanwenjun merged 1 commit intoMay 3, 2026
Conversation
ruanwenjun
force-pushed
the
dev_wenjun_fixCvePermissionCheck
branch
from
c2be493 to
82d7573
Compare
ruanwenjun
force-pushed
the
dev_wenjun_fixCvePermissionCheck
branch
3 times, most recently
from
7a2d271 to
ab04b45
Compare
…bles and trigger workflow APIs The view-gantt / view-variables endpoints on WorkflowInstanceController and the start-workflow-instance / batch-start-workflow-instance endpoints on ExecutorController did not verify that the login user had permission on the URL projectCode, allowing any authenticated user to read another project's workflow instance details or trigger another project's online workflows. * WorkflowInstanceServiceImpl#viewVariables/viewGantt now require loginUser and call projectService.checkProjectAndAuthThrowException with WORKFLOW_INSTANCE before reading the instance. * WorkflowTriggerRequest / WorkflowBackFillRequest carry the URL projectCode. ExecutorServiceImpl#triggerWorkflowDefinition / backfillWorkflowDefinition gate the call with checkProjectAndAuthThrowException(RERUN) and reject when the resolved workflowDefinition does not belong to that projectCode. * ExecutorController and PythonGateway propagate projectCode into the request builders. batchTriggerWorkflowDefinitions also accepts the path variable so the inner per-code call inherits it. * Both ProjectService#checkProjectAndAuth overloads are marked @deprecated; new code should use checkProjectAndAuthThrowException. * New ExecutorServiceTest covers the unauthorized and cross-project trigger/backfill paths; existing WorkflowInstance tests are updated to the new viewVariables/viewGantt signatures.
ruanwenjun
force-pushed
the
dev_wenjun_fixCvePermissionCheck
branch
from
ab04b45 to
f628bf8
Compare
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Was this PR generated or assisted by AI?
YES, ops 4.7
Purpose of the pull request
close #18211
The view-gantt / view-variables endpoints on WorkflowInstanceController and the start-workflow-instance / batch-start-workflow-instance endpoints on ExecutorController did not verify that the login user had permission on the URL projectCode, allowing any authenticated user to read another project's workflow instance details or trigger another project's online workflows.
Brief change log
Verify this pull request
This pull request is code cleanup without any test coverage.
(or)
This pull request is already covered by existing tests, such as (please describe tests).
(or)
This change added tests and can be verified as follows:
(or)
Pull Request Notice
Pull Request Notice
If your pull request contains incompatible change, you should also add it to
docs/docs/en/guide/upgrade/incompatible.md