fix potential data inconsistency issue

apollo-adminservice/src/main/java/com/ctrip/framework/apollo/adminservice/controller/ItemController.java

@@ -84,6 +84,12 @@ public ItemDTO update(@PathVariable("appId") String appId,
       throw new NotFoundException("item not found for itemId " + itemId);
     }
 
+    Namespace namespace = namespaceService.findOne(appId, clusterName, namespaceName);
+    // In case someone constructs an attack scenario
+    if (namespace == null || namespace.getId() != managedEntity.getNamespaceId()) {
+      throw new BadRequestException("Invalid request, item and namespace do not match!");
+    }
+
     Item entity = BeanUtils.transform(Item.class, itemDTO);
 
     ConfigChangeContentBuilder builder = new ConfigChangeContentBuilder();

apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/controller/ItemController.java

@@ -113,7 +113,7 @@ public void deleteItem(@PathVariable String appId, @PathVariable String env,
     NamespaceDTO namespace = namespaceService.loadNamespaceBaseInfo(appId, Env.valueOf(env), clusterName, namespaceName);
 
     // In case someone constructs an attack scenario
-    if (item.getNamespaceId() != namespace.getId()) {
+    if (namespace == null || item.getNamespaceId() != namespace.getId()) {
       throw new BadRequestException("Invalid request, item and namespace do not match!");
     }