Skip to content

[Console] Add missing RBAC on SettingController get and checkHadoop #4392

Description

@shangeyao

Problem

SettingController.get and SettingController.checkHadoop lack @RequiresPermissions, allowing any authenticated user to read arbitrary settings keys or probe Hadoop connectivity.

Proposed solution

Add @RequiresPermissions("setting:view") to both endpoints, consistent with other setting read operations.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type
    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions