Problem
SettingController.get and SettingController.checkHadoop lack @RequiresPermissions, allowing any authenticated user to read arbitrary settings keys or probe Hadoop connectivity.
Proposed solution
Add @RequiresPermissions("setting:view") to both endpoints, consistent with other setting read operations.
Problem
SettingController.getandSettingController.checkHadooplack@RequiresPermissions, allowing any authenticated user to read arbitrary settings keys or probe Hadoop connectivity.Proposed solution
Add
@RequiresPermissions("setting:view")to both endpoints, consistent with other setting read operations.