邮件大小写导致的权限问题
Opened this issue · 0 comments
Gotric commented
insight/srcpm/app/src/views.py 漏洞列表、漏洞详细、漏洞操作的权限校验部分,由于email_dict['owner']做了小写处理,当注册用户邮件填写的是大写时,会触发弹403界面。
if (current_user.email not in email_dict['owner']) and (current_user.email !=
email_dict['department_manager']):
abort(403)
请改为将current_user.email做小写处理,
if (current_user.email.lower() not in email_dict['owner']) and (current_user.email !=
email_dict['department_manager']):
abort(403)