menghaining commented on code in PR #7775:
URL: https://github.com/apache/inlong/pull/7775#discussion_r1920939025
##########
inlong-manager/manager-service/src/main/java/org/apache/inlong/manager/service/source/StreamSourceServiceImpl.java:
##########
@@ -101,7 +101,8 @@ public Integer save(SourceRequest request, String operator)
{
// Check if it can be added
String groupId = request.getInlongGroupId();
InlongGroupEntity groupEntity =
groupCheckService.checkGroupStatus(groupId, operator);
-
+ // only the person in charges can query
+ userService.checkUser(groupEntity.getInCharges(), operator,
ErrorCodeEnum.GROUP_PERMISSION_DENIED.getMessage());
Review Comment:
"userService.checkUser" share the similar logic with "InlongGroupEntity
groupEntity = groupCheckService.checkGroupStatus(groupId, operator);" that
checking whether current user is in charge of the group.
My question is: why the latter code can patch the permission verification?
"userService.checkUser" can not?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscr...@inlong.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
