mirror of
https://github.com/goharbor/harbor.git
synced 2024-11-27 04:35:16 +01:00
Merge pull request #804 from reasonerjt/dev
fix #801, add permission check before filtering access log of a project.
This commit is contained in:
commit
1c216d902a
@ -338,6 +338,11 @@ func (p *ProjectAPI) FilterAccessLog() {
|
|||||||
var query models.AccessLog
|
var query models.AccessLog
|
||||||
p.DecodeJSONReq(&query)
|
p.DecodeJSONReq(&query)
|
||||||
|
|
||||||
|
if !checkProjectPermission(p.userID, p.projectID) {
|
||||||
|
log.Warningf("Current user, user id: %d does not have permission to read accesslog of project, id: %d", p.userID, p.projectID)
|
||||||
|
p.RenderError(http.StatusForbidden, "")
|
||||||
|
return
|
||||||
|
}
|
||||||
query.ProjectID = p.projectID
|
query.ProjectID = p.projectID
|
||||||
query.BeginTime = time.Unix(query.BeginTimestamp, 0)
|
query.BeginTime = time.Unix(query.BeginTimestamp, 0)
|
||||||
query.EndTime = time.Unix(query.EndTimestamp, 0)
|
query.EndTime = time.Unix(query.EndTimestamp, 0)
|
||||||
|
Loading…
Reference in New Issue
Block a user