peacewong opened a new issue #1868: URL: https://github.com/apache/incubator-linkis/issues/1868
### Search before asking - [X] I searched the [issues](https://github.com/apache/incubator-linkis/issues) and found no similar issues. ### Linkis Component linkis-public-enhancements ### What happened + What you expected to happen 1. The /api/rest_j/v1/udf/list interface can query other people's function list without authority. By modifying the value of the parameter treeId, you can query the function list in other people's directory without authority. /api/rest_j/v1/udf/list接口可越权查询其它人的函数列表,通过修改参数treeId的值,可越权查询其他人目录下的函数列表。 2. Create a new folder in the directory of others without authority, the interface is: /udf/tree/add 越权在他人目录下新建文件夹,接口为:/udf/tree/add 3. Rename someone else's folder without authority: /udf/tree/update 越权重命名件夹,接口为:/udf/tree/add 4. Delete other people's folders without authority: /udf/tree/delete 越权删除他人文件夹: /udf/tree/delete ### Relevent platform all ### Reproduction script no ### Anything else _No response_ ### Are you willing to submit a PR? - [ ] Yes I am willing to submit a PR! -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@linkis.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@linkis.apache.org For additional commands, e-mail: dev-h...@linkis.apache.org
