Problem
Several Flink cluster and variable API endpoints are missing Shiro permission checks:
FlinkClusterController
page, list, alive, get, remote_url, check — no permission
start, shutdown, delete — no permission (any authenticated user can operate clusters)
VariableController
list, check/code — no permission (any authenticated user can enumerate variables by teamId)
Expected
Align with existing permission keys in t_menu (cluster:create, cluster:update, variable:view).
Proposed fix
Add @RequiresPermissions annotations using existing permission keys and Logical.OR where endpoints are shared with app workflows.
Problem
Several Flink cluster and variable API endpoints are missing Shiro permission checks:
FlinkClusterController
page,list,alive,get,remote_url,check— no permissionstart,shutdown,delete— no permission (any authenticated user can operate clusters)VariableController
list,check/code— no permission (any authenticated user can enumerate variables by teamId)Expected
Align with existing permission keys in
t_menu(cluster:create,cluster:update,variable:view).Proposed fix
Add
@RequiresPermissionsannotations using existing permission keys andLogical.ORwhere endpoints are shared with app workflows.