邮件大小写导致的权限问题 - Githubissues

creditease-sec / insight

洞察-宜信集应用系统资产管理、漏洞全生命周期管理、安全知识库管理三位一体的平台。

GNU General Public License v3.0

1.17k stars 442 forks source link

邮件大小写导致的权限问题 #40

Open Gotric opened 5 years ago

Gotric commented 5 years ago

insight/srcpm/app/src/views.py 漏洞列表、漏洞详细、漏洞操作的权限校验部分，由于email_dict['owner']做了小写处理，当注册用户邮件填写的是大写时，会触发弹403界面。

    if (current_user.email not in email_dict['owner']) and (current_user.email != 
   email_dict['department_manager']):
                        abort(403)

请改为将current_user.email做小写处理，

    if (current_user.email.lower() not in email_dict['owner']) and (current_user.email != 
   email_dict['department_manager']):
                        abort(403)