From 039d517c1358c197629d54c580ba6e1b356d551d Mon Sep 17 00:00:00 2001 From: wenjun <861923274@qq.com> Date: Sun, 11 Apr 2021 14:44:20 +0800 Subject: [PATCH] [Improvement][API] the QueryAuthorizedProject interface adds permission judgment (#5170) (#5184) --- .../api/service/impl/ProjectServiceImpl.java | 8 ++------ .../api/service/ProjectServiceTest.java | 10 +++++----- 2 files changed, 7 insertions(+), 11 deletions(-) diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ProjectServiceImpl.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ProjectServiceImpl.java index 6b25993098..3365b940f5 100644 --- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ProjectServiceImpl.java +++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ProjectServiceImpl.java @@ -301,7 +301,7 @@ public class ProjectServiceImpl extends BaseServiceImpl implements ProjectServic @Override public Map queryUnauthorizedProject(User loginUser, Integer userId) { Map result = new HashMap<>(); - if (isNotAdmin(loginUser, result)) { + if (loginUser.getId() != userId && isNotAdmin(loginUser, result)) { return result; } /** @@ -353,7 +353,7 @@ public class ProjectServiceImpl extends BaseServiceImpl implements ProjectServic public Map queryAuthorizedProject(User loginUser, Integer userId) { Map result = new HashMap<>(); - if (isNotAdmin(loginUser, result)) { + if (loginUser.getId() != userId && isNotAdmin(loginUser, result)) { return result; } @@ -374,10 +374,6 @@ public class ProjectServiceImpl extends BaseServiceImpl implements ProjectServic public Map queryProjectCreatedByUser(User loginUser) { Map result = new HashMap<>(); - if (isNotAdmin(loginUser, result)) { - return result; - } - List projects = projectMapper.queryProjectCreatedByUser(loginUser.getId()); result.put(Constants.DATA_LIST, projects); putMsg(result, Status.SUCCESS); diff --git a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/ProjectServiceTest.java b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/ProjectServiceTest.java index 7b70206df8..ebb6026f63 100644 --- a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/ProjectServiceTest.java +++ b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/ProjectServiceTest.java @@ -276,6 +276,10 @@ public class ProjectServiceTest { List projects = (List) result.get(Constants.DATA_LIST); Assert.assertTrue(CollectionUtils.isNotEmpty(projects)); + loginUser.setUserType(UserType.GENERAL_USER); + result = projectService.queryAuthorizedProject(loginUser, loginUser.getId()); + projects = (List) result.get(Constants.DATA_LIST); + Assert.assertTrue(CollectionUtils.isNotEmpty(projects)); } @Test @@ -284,14 +288,10 @@ public class ProjectServiceTest { User loginUser = getLoginUser(); Mockito.when(projectMapper.queryProjectCreatedByUser(1)).thenReturn(getList()); - //USER_NO_OPERATION_PERM - Map result = projectService.queryProjectCreatedByUser(loginUser); - logger.info(result.toString()); - Assert.assertEquals(Status.USER_NO_OPERATION_PERM, result.get(Constants.STATUS)); //success loginUser.setUserType(UserType.ADMIN_USER); - result = projectService.queryProjectCreatedByUser(loginUser); + Map result = projectService.queryProjectCreatedByUser(loginUser); logger.info(result.toString()); List projects = (List) result.get(Constants.DATA_LIST); Assert.assertTrue(CollectionUtils.isNotEmpty(projects));