From 53ab6f7b92f531984037023a4808d41fe3a42fc3 Mon Sep 17 00:00:00 2001 From: hstdream <33045461+hstdream@users.noreply.github.com> Date: Mon, 30 May 2022 23:32:25 +0800 Subject: [PATCH] [Feature][API] Modify the permissions of project management, security center, data source center and data quality module. (#10289) * Resource userName is null * [Fix-10082]Resource userName is null and udf function manager add a username * [Fix-10082]Resource userName is null and udf function manager add a username * [Fix-10082]Resource userName is null and udf function manager add a username * [Feature][API] Modify the permissions of project management, security center, data source center and data quality module. * [Feature][API] Modify the permissions of project management, security center, data source center and data quality module. * [Feature][API] Modify the permissions of project management, security center, data source center and data quality module. Co-authored-by: houshitao --- .../ApiFuncIdentificationConstant.java | 172 ++++++++ .../ProcessDefinitionController.java | 2 +- .../dolphinscheduler/api/enums/Status.java | 3 +- .../api/service/BaseService.java | 6 +- .../api/service/ProcessDefinitionService.java | 2 +- .../api/service/ProjectService.java | 5 +- .../service/impl/AccessTokenServiceImpl.java | 23 +- .../service/impl/AlertGroupServiceImpl.java | 17 +- .../impl/AlertPluginInstanceServiceImpl.java | 23 +- .../api/service/impl/BaseServiceImpl.java | 9 +- .../service/impl/DataAnalysisServiceImpl.java | 15 +- .../service/impl/DataSourceServiceImpl.java | 37 +- .../impl/DqExecuteResultServiceImpl.java | 5 + .../api/service/impl/DqRuleServiceImpl.java | 5 + .../service/impl/EnvironmentServiceImpl.java | 12 +- .../api/service/impl/ExecutorServiceImpl.java | 7 +- .../service/impl/K8SNamespaceServiceImpl.java | 21 +- .../api/service/impl/LoggerServiceImpl.java | 7 +- .../impl/ProcessDefinitionServiceImpl.java | 80 ++-- .../impl/ProcessInstanceServiceImpl.java | 25 +- .../impl/ProcessTaskRelationServiceImpl.java | 14 +- .../api/service/impl/ProjectServiceImpl.java | 42 +- .../api/service/impl/QueueServiceImpl.java | 14 +- .../service/impl/SchedulerServiceImpl.java | 12 +- .../impl/TaskDefinitionServiceImpl.java | 24 +- .../service/impl/TaskInstanceServiceImpl.java | 7 +- .../api/service/impl/TenantServiceImpl.java | 18 +- .../api/service/impl/UsersServiceImpl.java | 121 +++++- .../service/impl/WorkerGroupServiceImpl.java | 11 +- .../ProcessDefinitionControllerTest.java | 5 +- .../api/service/AccessTokenServiceTest.java | 33 +- .../api/service/AlertGroupServiceTest.java | 41 +- .../AlertPluginInstanceServiceTest.java | 17 + .../api/service/DataAnalysisServiceTest.java | 39 +- .../api/service/DataSourceServiceTest.java | 25 +- .../service/DqExecuteResultServiceTest.java | 11 +- .../api/service/DqRuleServiceTest.java | 13 +- .../api/service/EnvironmentServiceTest.java | 15 + .../api/service/ExecutorServiceTest.java | 20 +- .../api/service/K8SNamespaceServiceTest.java | 23 +- .../api/service/LoggerServiceTest.java | 7 +- .../service/ProcessDefinitionServiceTest.java | 97 +++-- .../service/ProcessInstanceServiceTest.java | 33 +- .../ProcessTaskRelationServiceTest.java | 16 +- .../api/service/ProjectServiceTest.java | 163 ++++---- .../api/service/QueueServiceTest.java | 20 +- .../api/service/SchedulerServiceTest.java | 2 +- .../TaskDefinitionServiceImplTest.java | 14 +- .../api/service/TaskInstanceServiceTest.java | 18 +- .../api/service/TenantServiceTest.java | 19 +- .../api/service/UsersServiceTest.java | 85 +++- .../common/enums/AuthorizationType.java | 10 +- .../dao/mapper/AccessTokenMapper.java | 8 + .../dao/mapper/AlertGroupMapper.java | 9 + .../dao/mapper/AlertPluginInstanceMapper.java | 1 - .../dao/mapper/TenantMapper.java | 2 + .../dao/mapper/UserMapper.java | 11 + .../dao/mapper/WorkerGroupMapper.java | 1 - .../dao/mapper/AccessTokenMapper.xml | 15 + .../dao/mapper/AlertGroupMapper.xml | 16 + .../dao/mapper/AlertPluginInstanceMapper.xml | 8 + .../dao/mapper/DataSourceMapper.xml | 8 +- .../dao/mapper/ProjectUserMapper.xml | 1 + .../dao/mapper/UserMapper.xml | 11 + .../dao/mapper/K8sNamespaceMapperTest.java | 2 + .../ResourcePermissionCheckService.java | 6 + .../ResourcePermissionCheckServiceImpl.java | 373 +++++++++++++++++- 67 files changed, 1544 insertions(+), 393 deletions(-) create mode 100644 dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/constants/ApiFuncIdentificationConstant.java diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/constants/ApiFuncIdentificationConstant.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/constants/ApiFuncIdentificationConstant.java new file mode 100644 index 0000000000..9e33980515 --- /dev/null +++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/constants/ApiFuncIdentificationConstant.java @@ -0,0 +1,172 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.dolphinscheduler.api.constants; + +import org.apache.dolphinscheduler.api.enums.ExecuteType; +import java.util.HashMap; +import java.util.Map; + + +public class ApiFuncIdentificationConstant { + + public static final String ACCESS_TOKEN_MANAGE = "security:token:view"; + public static final String ACCESS_TOKEN_VIEW = "security:token:view"; + public static final String ACCESS_TOKEN_CREATE = "security:token:create"; + public static final String ACCESS_TOKEN_UPDATE = "security:token:update"; + public static final String ACCESS_TOKEN_DELETE = "security:token:delete"; + public static final String ALERT_GROUP_VIEW = "security:alert-group:view"; + public static final String ALERT_GROUP_CREATE = "security:alert-group:create"; + public static final String ALERT_GROUP_UPDATE = "security:alert-group:update"; + public static final String ALERT_GROUP_DELETE = "security:alert-group:delete"; + public static final String TENANT_MANAGER = "security:tenant:view"; + public static final String TENANT_CREATE = "security:tenant:create"; + public static final String TENANT_UPDATE = "security:tenant:update"; + public static final String TENANT_DELETE = "security:tenant:delete"; + public static final String ALART_LIST = "monitor:alert:view"; + public static final String ALART_INSTANCE_CREATE = "security:alert-plugin:create"; + public static final String ALERT_PLUGIN_UPDATE = "security:alert-plugin:update"; + public static final String ALERT_PLUGIN_DELETE = "security:alert-plugin:delete"; + public static final String WORKER_GROUP_CREATE = "security:worker-group:create"; + public static final String WORKER_GROUP_EDIT = "security:worker-group:update"; + public static final String WORKER_GROUP_DELETE = "security:worker-group:delete"; + public static final String YARN_QUEUE_MANAGE = "security:queue:view"; + public static final String YARN_QUEUE_CREATE = "security:queue:create"; + public static final String YARN_QUEUE_UPDATE = "security:queue:update"; + public static final String ENVIRONMENT_CREATE = "security:environment:create"; + public static final String ENVIRONMENT_UPDATE = "security:environment:update"; + public static final String ENVIRONMENT_DELETE = "security:environment:delete"; + public static final String ENVIRONMENT_MANAGER = "security:environment:view"; + public static final String CALENDAR_CREATE = "security:calendar:create"; + public static final String CALENDAR_EDIT = "security:calendar:update"; + public static final String CALENDAR_DELETE = "security:calendar:delete"; + public static final String CARDS_CREATE = "security:cards:create"; + public static final String CARDS_EDIT = "security:cards:update"; + public static final String CARDS_EDIT_VALUE = "security:cards:value"; + public static final String CARDS_CARDS_DELETE = "security:cards:delete"; + public static final String ALARM_GROUP_MANAGE = "security:alert-group:view"; + public static final String ALARM_INSTANCE_MANAGE = "security:alert-plugin:view"; + public static final String WORKER_GROUP_MANAGE = "security:worker-group:view"; + public static final String CALENDAR_MANAGE = "security:calendar:view"; + public static final String CARDS_MANAGER = "security:cards:view"; + public static final String USER_MANAGER = "security:user:view"; + public static final String ALL_ROLES = "security:user:roles"; + public static final String USERS_CREATE = "security:user:create"; + public static final String USERS_IMPORT = "security:user:import"; + public static final String DOWNLOAD_TEMPLATE = "security:user:template"; + public static final String USER_UPDATE = "security:user:update"; + public static final String USER_ROLE_ASSOCIATEDE = "security:user:role"; + public static final String USER_VIEW_PERMISSIONS = "security:user:permission"; + public static final String USER_RESET_PASSWORD = "security:user:reset-pwd"; + public static final String USER_DELETE = "security:user:delete"; + public static final String USER_REVOKE_PROJECT = "security:user:revoke:project"; + public static final String USER_GRANT_K8SNAMESPACE = "security:user:grant:k8snamespace"; + public static final String USER_GRANT_PROJECT = "security:user:grant:project"; + public static final String USER_BATCH_DELETION = "security:user:batch-delete"; + public static final String ROLE_MANAGER = "security:role:view"; + public static final String ROLE_CREATE = "security:role:create"; + public static final String ROLE_RENAME = "security:role:rename"; + public static final String ROLE_DELETE = "security:role:delete"; + public static final String VIEW_PERMISSION = "security:role:permission-view"; + public static final String ASSIGN_PERMISSION = "security:role:permission-assign"; + + + + public static final String PROJECT = "project:view"; + public static final String PROJECT_CREATE = "project:create"; + public static final String PROJECT_UPDATE = "project:edit"; + public static final String PROJECT_DELETE = "project:delete"; + public static final String WORKFLOW_DEFINITION = "project:definition:list"; + public static final String WORKFLOW_CREATE = "project:definition:create"; + public static final String WORKFLOW_IMPORT = "project:definition:import"; + public static final String WORKFLOW_UPDATE = "project:definition:update"; + public static final String WORKFLOW_START = "project:executors:start"; + public static final String TIMING = "project:schedules:timing"; + public static final String WORKFLOW_ONLINE_OFFLINE = "project:definition:release"; + public static final String WORKFLOW_COPY = "project:definition:copy"; + public static final String CRON_MANAGE = "project:schedules:corn"; + public static final String WORKFLOW_DELETE = "project:definition:delete"; + public static final String WORKFLOW_TREE_VIEW = "project:definition:view-tree"; + public static final String WORKFLOW_EXPORT = "project:definition:export"; + public static final String WORKFLOW_BATCH_COPY = "project:definition:batch-copy"; + public static final String WORKFLOW_DEFINITION_EXPORT = "project:definition:batch-export"; + public static final String WORKFLOW_DEFINITION_BATCH_DELETE = "project:definition:batch-delete"; + public static final String WORKFLOW_SWITCH_TO_THIS_VERSION = "project:definition:version:switch"; + public static final String WORKFLOW_DEFINITION_DELETE = "project:definition:version:delete"; + public static final String WORKFLOW_SAVE = "project:definition:verify-name"; + public static final String WORKFLOW_INSTANCE = "project:process-instance:list"; + public static final String RERUN = "project:executors:execute"; + public static final String FAILED_TO_RETRY = "project:executors:retry"; + public static final String STOP = "project:executors:stop"; + public static final String RECOVERY_SUSPEND = "project:executors:recover"; + public static final String PAUSE = "project:executors:pause"; + public static final String INSTANCE_DELETE = "project:process-instance:delete"; + public static final String INSTANCE_BATCH_DELETE = "project:process-instance:batch-delete"; + public static final String FORCED_SUCCESS = "project:task-instance:force-success"; + public static final String VIEW_LOG = "project:log:detail"; + public static final String DOWNLOAD_LOG = "project:log:download-log"; + public static final String PROJECT_OVERVIEW = "project:overview:view"; + public static final String WORKFLOW_RELATION = "project:lineages:view"; + public static final String WORKFLOW_DEFINITION_VIEW = "project:definition:view"; + public static final String WORKFLOW_INSTANCE_VIEW = "project:process-instance:view"; + public static final String TASK_INSTANCE = "project:task-instance:view"; + public static final String INSTANCE_UPDATE = "project:process-instance:update"; + public static final String VERSION_LIST = "project:version:list"; + public static final String TASK_DEFINITION = "project:task-definition:view"; + public static final String TASK_DEFINITION_CREATE = "project:task-definition:create"; + public static final String TASK_DEFINITION_UPDATE = "project:task-definition:edit"; + public static final String TASK_DEFINITION_MOVE = "project:task-definition:move"; + public static final String TASK_VERSION_VIEW = "project:task-definition:version"; + public static final String TASK_DEFINITION_DELETE = "project:task-definition:delete"; + public static final String VERSION_DELETE = "project:version:delete"; + + public static final String DATASOURCE = "datasource:view"; + public static final String DATASOURCE_CREATE_DATASOURCE = "datasource:create"; + public static final String DATASOURCE_UPDATE = "datasource:update"; + public static final String DATASOURCE_DELETE = "datasource:delete"; + public static final String DATASOURCE_LIST = "datasource:list"; + public static final String DATASOURCE_PARAM_VIEW = "datasource:param-view"; + + public final static Map map = new HashMap(); + + static{ + for(ExecuteType type : ExecuteType.values()){ + switch (type){ + case REPEAT_RUNNING: + map.put(type,RERUN); + break; + case RECOVER_SUSPENDED_PROCESS: + map.put(type,RECOVERY_SUSPEND); + break; + case START_FAILURE_TASK_PROCESS: + map.put(type,FAILED_TO_RETRY); + break; + case STOP: + map.put(type,STOP); + break; + case PAUSE: + map.put(type,PAUSE); + break; + case NONE: + map.put(type,null); + break; + default: + } + } + } + +} diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/controller/ProcessDefinitionController.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/controller/ProcessDefinitionController.java index b238044a16..ab3d4a7e2e 100644 --- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/controller/ProcessDefinitionController.java +++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/controller/ProcessDefinitionController.java @@ -503,7 +503,7 @@ public class ProcessDefinitionController extends BaseController { @ApiParam(name = "projectCode", value = "PROJECT_CODE", required = true) @PathVariable long projectCode, @PathVariable("code") long code, @RequestParam("limit") Integer limit) { - Map result = processDefinitionService.viewTree(projectCode, code, limit); + Map result = processDefinitionService.viewTree(loginUser,projectCode, code, limit); return returnDataList(result); } diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/enums/Status.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/enums/Status.java index 987b368cc1..c346d9577d 100644 --- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/enums/Status.java +++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/enums/Status.java @@ -403,7 +403,8 @@ public enum Status { QUERY_AUTHORIZED_NAMESPACE_ERROR(1300013, "query authorized namespace error", "查询授权命名空间错误"), QUERY_CAN_USE_K8S_CLUSTER_ERROR(1300014, "login user query can used k8s cluster list error", "查询可用k8s集群错误"), RESOURCE_FULL_NAME_TOO_LONG_ERROR(1300015, "resource's fullname is too long error", "资源文件名过长"), - TENANT_FULL_NAME_TOO_LONG_ERROR(1300016, "tenant's fullname is too long error", "租户名过长"); + TENANT_FULL_NAME_TOO_LONG_ERROR(1300016, "tenant's fullname is too long error", "租户名过长"), + FUNCTION_DISABLED(1400002, "The current feature is disabled.", "当前功能已被禁用"); private final int code; private final String enMsg; diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/BaseService.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/BaseService.java index fd3ae0c8bc..3bcbc2b9b6 100644 --- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/BaseService.java +++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/BaseService.java @@ -20,7 +20,6 @@ package org.apache.dolphinscheduler.api.service; import org.apache.dolphinscheduler.api.enums.Status; import org.apache.dolphinscheduler.api.utils.Result; import org.apache.dolphinscheduler.common.enums.AuthorizationType; -import org.apache.dolphinscheduler.dao.entity.Project; import org.apache.dolphinscheduler.dao.entity.User; import java.util.Map; @@ -38,6 +37,7 @@ public interface BaseService { */ boolean isAdmin(User user); + /** * isNotAdmin * @@ -47,6 +47,7 @@ public interface BaseService { */ boolean isNotAdmin(User loginUser, Map result); + /** * put message to map * @@ -90,9 +91,10 @@ public interface BaseService { * @param user operate user * @param ids Object[] * @Param type authorizationType + * @Param perm String * @return check result */ - boolean canOperatorPermissions(User user, Object[] ids, AuthorizationType type); + boolean canOperatorPermissions(User user, Object[] ids, AuthorizationType type, String perm); /** * check and parse date parameters diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/ProcessDefinitionService.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/ProcessDefinitionService.java index a03b5cdbe6..8d407b8af9 100644 --- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/ProcessDefinitionService.java +++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/ProcessDefinitionService.java @@ -321,7 +321,7 @@ public interface ProcessDefinitionService { * @param limit limit * @return tree view json data */ - Map viewTree(long projectCode, long code, Integer limit); + Map viewTree(User loginUser,long projectCode, long code, Integer limit); /** * switch the defined process definition version diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/ProjectService.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/ProjectService.java index aae441e4bc..2af43ee013 100644 --- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/ProjectService.java +++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/ProjectService.java @@ -61,11 +61,12 @@ public interface ProjectService { * @param loginUser login user * @param project project * @param projectCode project code + * @param perm String * @return true if the login user have permission to see the project */ - Map checkProjectAndAuth(User loginUser, Project project, long projectCode); + Map checkProjectAndAuth(User loginUser, Project project, long projectCode,String perm); - boolean hasProjectAndPerm(User loginUser, Project project, Map result); + boolean hasProjectAndPerm(User loginUser, Project project, Map result,String perm); boolean hasProjectAndPerm(User loginUser, Project project, Result result); diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/AccessTokenServiceImpl.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/AccessTokenServiceImpl.java index d350d2888b..be4f9d61ee 100644 --- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/AccessTokenServiceImpl.java +++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/AccessTokenServiceImpl.java @@ -25,6 +25,7 @@ import org.apache.dolphinscheduler.api.service.AccessTokenService; import org.apache.dolphinscheduler.api.utils.PageInfo; import org.apache.dolphinscheduler.api.utils.Result; import org.apache.dolphinscheduler.common.Constants; +import org.apache.dolphinscheduler.common.enums.AuthorizationType; import org.apache.dolphinscheduler.common.enums.UserType; import org.apache.dolphinscheduler.common.utils.DateUtils; import org.apache.dolphinscheduler.common.utils.EncryptionUtils; @@ -32,8 +33,6 @@ import org.apache.dolphinscheduler.dao.entity.AccessToken; import org.apache.dolphinscheduler.dao.entity.User; import org.apache.dolphinscheduler.dao.mapper.AccessTokenMapper; -import org.apache.commons.lang3.StringUtils; - import java.util.Date; import java.util.HashMap; import java.util.List; @@ -44,10 +43,7 @@ import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; -import java.util.Date; -import java.util.HashMap; -import java.util.List; -import java.util.Map; +import static org.apache.dolphinscheduler.api.constants.ApiFuncIdentificationConstant.*; /** * access token service impl @@ -74,6 +70,10 @@ public class AccessTokenServiceImpl extends BaseServiceImpl implements AccessTok Result result = new Result(); PageInfo pageInfo = new PageInfo<>(pageNo, pageSize); Page page = new Page<>(pageNo, pageSize); + if (!canOperatorPermissions(loginUser,null,AuthorizationType.ACCESS_TOKEN,ACCESS_TOKEN_MANAGE)) { + putMsg(result, Status.USER_NO_OPERATION_PERM); + return result; + } int userId = loginUser.getId(); if (loginUser.getUserType() == UserType.ADMIN_USER) { userId = 0; @@ -99,7 +99,8 @@ public class AccessTokenServiceImpl extends BaseServiceImpl implements AccessTok result.put(Constants.STATUS, false); // only admin can operate - if (isNotAdmin(loginUser, result)) { + if (!canOperatorPermissions(loginUser,null, AuthorizationType.ACCESS_TOKEN,ACCESS_TOKEN_MANAGE)) { + putMsg(result, Status.USER_NO_OPERATION_PERM); return result; } @@ -124,7 +125,7 @@ public class AccessTokenServiceImpl extends BaseServiceImpl implements AccessTok Map result = new HashMap<>(); // 1. check permission - if (!canOperator(loginUser,userId)) { + if (!(canOperatorPermissions(loginUser,null, AuthorizationType.ACCESS_TOKEN,ACCESS_TOKEN_CREATE) || loginUser.getId() == userId)) { putMsg(result, Status.USER_NO_OPERATION_PERM); return result; } @@ -169,7 +170,7 @@ public class AccessTokenServiceImpl extends BaseServiceImpl implements AccessTok @Override public Map generateToken(User loginUser, int userId, String expireTime) { Map result = new HashMap<>(); - if (!canOperator(loginUser,userId)) { + if (!(canOperatorPermissions(loginUser,null,AuthorizationType.ACCESS_TOKEN, ACCESS_TOKEN_CREATE) || loginUser.getId() == userId)) { putMsg(result, Status.USER_NO_OPERATION_PERM); return result; } @@ -197,7 +198,7 @@ public class AccessTokenServiceImpl extends BaseServiceImpl implements AccessTok putMsg(result, Status.ACCESS_TOKEN_NOT_EXIST); return result; } - if (!canOperator(loginUser,accessToken.getUserId())) { + if (!canOperatorPermissions(loginUser,new Object[]{id},AuthorizationType.ACCESS_TOKEN,ACCESS_TOKEN_DELETE)) { putMsg(result, Status.USER_NO_OPERATION_PERM); return result; } @@ -221,7 +222,7 @@ public class AccessTokenServiceImpl extends BaseServiceImpl implements AccessTok Map result = new HashMap<>(); // 1. check permission - if (!canOperator(loginUser,userId)) { + if (!canOperatorPermissions(loginUser,new Object[]{id},AuthorizationType.ACCESS_TOKEN,ACCESS_TOKEN_UPDATE)) { putMsg(result, Status.USER_NO_OPERATION_PERM); return result; } diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/AlertGroupServiceImpl.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/AlertGroupServiceImpl.java index afd0846d11..ab417ab160 100644 --- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/AlertGroupServiceImpl.java +++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/AlertGroupServiceImpl.java @@ -22,6 +22,7 @@ import org.apache.dolphinscheduler.api.service.AlertGroupService; import org.apache.dolphinscheduler.api.utils.PageInfo; import org.apache.dolphinscheduler.api.utils.Result; import org.apache.dolphinscheduler.common.Constants; +import org.apache.dolphinscheduler.common.enums.AuthorizationType; import org.apache.dolphinscheduler.dao.entity.AlertGroup; import org.apache.dolphinscheduler.dao.entity.User; import org.apache.dolphinscheduler.dao.mapper.AlertGroupMapper; @@ -43,6 +44,8 @@ import org.springframework.transaction.annotation.Transactional; import com.baomidou.mybatisplus.core.metadata.IPage; import com.baomidou.mybatisplus.extension.plugins.pagination.Page; +import static org.apache.dolphinscheduler.api.constants.ApiFuncIdentificationConstant.*; + /** * alert group service impl */ @@ -83,7 +86,8 @@ public class AlertGroupServiceImpl extends BaseServiceImpl implements AlertGroup result.put(Constants.STATUS, false); //only admin can operate - if (isNotAdmin(loginUser, result)) { + if (!canOperatorPermissions(loginUser,new Object[]{id}, AuthorizationType.ALERT_GROUP,ALERT_GROUP_VIEW)) { + putMsg(result, Status.USER_NO_OPERATION_PERM); return result; } //check if exist @@ -110,7 +114,7 @@ public class AlertGroupServiceImpl extends BaseServiceImpl implements AlertGroup public Result listPaging(User loginUser, String searchVal, Integer pageNo, Integer pageSize) { Result result = new Result(); - if (!isAdmin(loginUser)) { + if (!canOperatorPermissions(loginUser,null,AuthorizationType.ALERT_GROUP,ALERT_GROUP_VIEW)) { putMsg(result,Status.USER_NO_OPERATION_PERM); return result; } @@ -140,7 +144,8 @@ public class AlertGroupServiceImpl extends BaseServiceImpl implements AlertGroup public Map createAlertgroup(User loginUser, String groupName, String desc, String alertInstanceIds) { Map result = new HashMap<>(); //only admin can operate - if (isNotAdmin(loginUser, result)) { + if (!canOperatorPermissions(loginUser,null, AuthorizationType.ALERT_GROUP, ALERT_GROUP_CREATE)) { + putMsg(result, Status.USER_NO_OPERATION_PERM); return result; } @@ -185,7 +190,8 @@ public class AlertGroupServiceImpl extends BaseServiceImpl implements AlertGroup public Map updateAlertgroup(User loginUser, int id, String groupName, String desc, String alertInstanceIds) { Map result = new HashMap<>(); - if (isNotAdmin(loginUser, result)) { + if (!canOperatorPermissions(loginUser, new Object[]{id},AuthorizationType.ALERT_GROUP,ALERT_GROUP_UPDATE)) { + putMsg(result, Status.USER_NO_OPERATION_PERM); return result; } @@ -230,7 +236,8 @@ public class AlertGroupServiceImpl extends BaseServiceImpl implements AlertGroup result.put(Constants.STATUS, false); //only admin can operate - if (isNotAdmin(loginUser, result)) { + if (!canOperatorPermissions(loginUser,new Object[]{id}, AuthorizationType.ALERT_GROUP,ALERT_GROUP_DELETE)) { + putMsg(result, Status.USER_NO_OPERATION_PERM); return result; } diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/AlertPluginInstanceServiceImpl.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/AlertPluginInstanceServiceImpl.java index 0848968635..e9647c11ce 100644 --- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/AlertPluginInstanceServiceImpl.java +++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/AlertPluginInstanceServiceImpl.java @@ -23,6 +23,7 @@ import org.apache.dolphinscheduler.api.utils.PageInfo; import org.apache.dolphinscheduler.api.utils.Result; import org.apache.dolphinscheduler.api.vo.AlertPluginInstanceVO; import org.apache.dolphinscheduler.common.Constants; +import org.apache.dolphinscheduler.common.enums.AuthorizationType; import org.apache.dolphinscheduler.common.utils.JSONUtils; import org.apache.dolphinscheduler.dao.entity.AlertPluginInstance; import org.apache.dolphinscheduler.dao.entity.PluginDefine; @@ -51,6 +52,8 @@ import org.springframework.stereotype.Service; import com.baomidou.mybatisplus.core.metadata.IPage; import com.baomidou.mybatisplus.extension.plugins.pagination.Page; +import static org.apache.dolphinscheduler.api.constants.ApiFuncIdentificationConstant.*; + /** * alert plugin instance service impl */ @@ -84,7 +87,10 @@ public class AlertPluginInstanceServiceImpl extends BaseServiceImpl implements A alertPluginInstance.setPluginDefineId(pluginDefineId); Map result = new HashMap<>(); - + if (!canOperatorPermissions(loginUser,null, AuthorizationType.ALERT_PLUGIN_INSTANCE,ALART_INSTANCE_CREATE)) { + putMsg(result, Status.USER_NO_OPERATION_PERM); + return result; + } if (alertPluginInstanceMapper.existInstanceName(alertPluginInstance.getInstanceName()) == Boolean.TRUE) { putMsg(result, Status.PLUGIN_INSTANCE_ALREADY_EXIT); return result; @@ -115,6 +121,11 @@ public class AlertPluginInstanceServiceImpl extends BaseServiceImpl implements A AlertPluginInstance alertPluginInstance = new AlertPluginInstance(pluginInstanceId, paramsMapJson, instanceName, new Date()); Map result = new HashMap<>(); + + if (!canOperatorPermissions(loginUser,null, AuthorizationType.ALERT_PLUGIN_INSTANCE,ALERT_PLUGIN_UPDATE)) { + putMsg(result, Status.USER_NO_OPERATION_PERM); + return result; + } int i = alertPluginInstanceMapper.updateById(alertPluginInstance); if (i > 0) { @@ -141,6 +152,10 @@ public class AlertPluginInstanceServiceImpl extends BaseServiceImpl implements A putMsg(result, Status.DELETE_ALERT_PLUGIN_INSTANCE_ERROR_HAS_ALERT_GROUP_ASSOCIATED); return result; } + if (!canOperatorPermissions(loginUser,null, AuthorizationType.ALERT_PLUGIN_INSTANCE,ALERT_PLUGIN_DELETE)) { + putMsg(result, Status.USER_NO_OPERATION_PERM); + return result; + } int i = alertPluginInstanceMapper.deleteById(id); if (i > 0) { @@ -161,6 +176,10 @@ public class AlertPluginInstanceServiceImpl extends BaseServiceImpl implements A public Map get(User loginUser, int id) { Map result = new HashMap<>(); AlertPluginInstance alertPluginInstance = alertPluginInstanceMapper.selectById(id); + if (!canOperatorPermissions(loginUser,null, AuthorizationType.ALERT_PLUGIN_INSTANCE,ALART_LIST)) { + putMsg(result, Status.USER_NO_OPERATION_PERM); + return result; + } if (null != alertPluginInstance) { putMsg(result, Status.SUCCESS); @@ -191,7 +210,7 @@ public class AlertPluginInstanceServiceImpl extends BaseServiceImpl implements A public Result listPaging(User loginUser, String searchVal, int pageNo, int pageSize) { Result result = new Result(); - if (!isAdmin(loginUser)) { + if (!canOperatorPermissions(loginUser,null,AuthorizationType.ALERT_PLUGIN_INSTANCE,ALART_LIST)) { putMsg(result,Status.USER_NO_OPERATION_PERM); return result; } diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/BaseServiceImpl.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/BaseServiceImpl.java index e45d51eb79..7b41c69484 100644 --- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/BaseServiceImpl.java +++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/BaseServiceImpl.java @@ -25,7 +25,6 @@ import org.apache.dolphinscheduler.common.Constants; import org.apache.dolphinscheduler.common.enums.AuthorizationType; import org.apache.dolphinscheduler.common.enums.UserType; import org.apache.dolphinscheduler.common.utils.DateUtils; -import org.apache.dolphinscheduler.dao.entity.Project; import org.apache.dolphinscheduler.dao.entity.User; import org.apache.dolphinscheduler.service.permission.ResourcePermissionCheckService; import org.slf4j.Logger; @@ -43,7 +42,7 @@ import java.util.Objects; * base service impl */ public class BaseServiceImpl implements BaseService { - private static final Logger logger = LoggerFactory.getLogger(ProjectServiceImpl.class); + private static final Logger logger = LoggerFactory.getLogger(BaseServiceImpl.class); @Autowired private ResourcePermissionCheckService resourcePermissionCheckService; @@ -163,10 +162,10 @@ public class BaseServiceImpl implements BaseService { * @return boolean */ @Override - public boolean canOperatorPermissions(User user, Object[] ids,AuthorizationType type) { - boolean operationPermissionCheck = resourcePermissionCheckService.operationPermissionCheck(type, user.getId(), null, logger); + public boolean canOperatorPermissions(User user, Object[] ids,AuthorizationType type,String perm) { + boolean operationPermissionCheck = resourcePermissionCheckService.operationPermissionCheck(type, user.getId(), perm, logger); boolean resourcePermissionCheck = resourcePermissionCheckService.resourcePermissionCheck(type, ids, user.getUserType().equals(UserType.ADMIN_USER) ? 0 : user.getId(), logger); - return operationPermissionCheck || resourcePermissionCheck; + return operationPermissionCheck && resourcePermissionCheck; } /** diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/DataAnalysisServiceImpl.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/DataAnalysisServiceImpl.java index 88449a49f0..784e71634c 100644 --- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/DataAnalysisServiceImpl.java +++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/DataAnalysisServiceImpl.java @@ -20,11 +20,11 @@ package org.apache.dolphinscheduler.api.service.impl; import org.apache.dolphinscheduler.api.dto.CommandStateCount; import org.apache.dolphinscheduler.api.dto.DefineUserDto; import org.apache.dolphinscheduler.api.dto.TaskCountDto; -import org.apache.dolphinscheduler.api.dto.TaskStateCount; import org.apache.dolphinscheduler.api.enums.Status; import org.apache.dolphinscheduler.api.service.DataAnalysisService; import org.apache.dolphinscheduler.api.service.ProjectService; import org.apache.dolphinscheduler.common.Constants; +import org.apache.dolphinscheduler.common.enums.AuthorizationType; import org.apache.dolphinscheduler.common.enums.CommandType; import org.apache.dolphinscheduler.common.enums.UserType; import org.apache.dolphinscheduler.common.utils.DateUtils; @@ -60,6 +60,8 @@ import java.util.stream.Collectors; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; +import static org.apache.dolphinscheduler.api.constants.ApiFuncIdentificationConstant.PROJECT_OVERVIEW; + /** * data analysis service impl */ @@ -127,6 +129,7 @@ public class DataAnalysisServiceImpl extends BaseServiceImpl implements DataAnal startDate, endDate, (start, end, projectCodes) -> this.processInstanceMapper.countInstanceStateByProjectCodes(start, end, projectCodes)); + // process state count needs to remove state of forced success if (result.containsKey(Constants.STATUS) && result.get(Constants.STATUS).equals(Status.SUCCESS)) { ((TaskCountDto) result.get(Constants.DATA_LIST)).removeStateFromCountList(ExecutionStatus.FORCED_SUCCESS); @@ -145,10 +148,9 @@ public class DataAnalysisServiceImpl extends BaseServiceImpl implements DataAnal private Map countStateByProject(User loginUser, long projectCode, String startDate, String endDate , TriFunction> instanceStateCounter) { Map result = new HashMap<>(); - if (projectCode != 0) { Project project = projectMapper.queryByCode(projectCode); - result = projectService.checkProjectAndAuth(loginUser, project, projectCode); + result = projectService.checkProjectAndAuth(loginUser, project, projectCode,PROJECT_OVERVIEW); if (result.get(Constants.STATUS) != Status.SUCCESS) { return result; } @@ -194,10 +196,9 @@ public class DataAnalysisServiceImpl extends BaseServiceImpl implements DataAnal @Override public Map countDefinitionByUser(User loginUser, long projectCode) { Map result = new HashMap<>(); - if (projectCode != 0) { Project project = projectMapper.queryByCode(projectCode); - result = projectService.checkProjectAndAuth(loginUser, project, projectCode); + result = projectService.checkProjectAndAuth(loginUser, project, projectCode,PROJECT_OVERVIEW); if (result.get(Constants.STATUS) != Status.SUCCESS) { return result; } @@ -236,6 +237,10 @@ public class DataAnalysisServiceImpl extends BaseServiceImpl implements DataAnal Long[] projectCodeArray = getProjectCodesArrays(loginUser); // admin can view all + if(!canOperatorPermissions(loginUser,null, AuthorizationType.DATA_ANALYSIS, PROJECT_OVERVIEW)){ + putMsg(result, Status.USER_NO_OPERATION_PROJECT_PERM); + return result; + } int userId = loginUser.getUserType() == UserType.ADMIN_USER ? 0 : loginUser.getId(); // count normal command state diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/DataSourceServiceImpl.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/DataSourceServiceImpl.java index 0ad634210a..8703efd0f6 100644 --- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/DataSourceServiceImpl.java +++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/DataSourceServiceImpl.java @@ -22,6 +22,8 @@ import org.apache.dolphinscheduler.api.service.DataSourceService; import org.apache.dolphinscheduler.api.utils.PageInfo; import org.apache.dolphinscheduler.api.utils.Result; import org.apache.dolphinscheduler.common.Constants; +import org.apache.dolphinscheduler.common.enums.AuthorizationType; +import org.apache.dolphinscheduler.common.enums.UserType; import org.apache.dolphinscheduler.common.utils.JSONUtils; import org.apache.dolphinscheduler.dao.entity.DataSource; import org.apache.dolphinscheduler.dao.entity.User; @@ -30,6 +32,7 @@ import org.apache.dolphinscheduler.dao.mapper.DataSourceUserMapper; import org.apache.dolphinscheduler.plugin.datasource.api.datasource.BaseDataSourceParamDTO; import org.apache.dolphinscheduler.plugin.datasource.api.plugin.DataSourceClientProvider; import org.apache.dolphinscheduler.plugin.datasource.api.utils.DataSourceUtils; +import org.apache.dolphinscheduler.service.permission.ResourcePermissionCheckService; import org.apache.dolphinscheduler.spi.datasource.BaseConnectionParam; import org.apache.dolphinscheduler.spi.datasource.ConnectionParam; import org.apache.dolphinscheduler.spi.enums.DbType; @@ -63,6 +66,8 @@ import com.baomidou.mybatisplus.core.metadata.IPage; import com.baomidou.mybatisplus.extension.plugins.pagination.Page; import com.fasterxml.jackson.databind.node.ObjectNode; +import static org.apache.dolphinscheduler.api.constants.ApiFuncIdentificationConstant.*; + /** * data source service impl */ @@ -77,6 +82,9 @@ public class DataSourceServiceImpl extends BaseServiceImpl implements DataSource @Autowired private DataSourceUserMapper datasourceUserMapper; + @Autowired + private ResourcePermissionCheckService resourcePermissionCheckService; + private static final String TABLE = "TABLE"; private static final String VIEW = "VIEW"; private static final String[] TABLE_TYPES = new String[]{TABLE, VIEW}; @@ -94,6 +102,10 @@ public class DataSourceServiceImpl extends BaseServiceImpl implements DataSource public Result createDataSource(User loginUser, BaseDataSourceParamDTO datasourceParam) { DataSourceUtils.checkDatasourceParam(datasourceParam); Result result = new Result<>(); + if (!canOperatorPermissions(loginUser,null, AuthorizationType.DATASOURCE, DATASOURCE_CREATE_DATASOURCE)) { + putMsg(result, Status.USER_NO_OPERATION_PERM); + return result; + } // check name can use or not if (checkName(datasourceParam.getName())) { putMsg(result, Status.DATASOURCE_EXIST); @@ -148,7 +160,7 @@ public class DataSourceServiceImpl extends BaseServiceImpl implements DataSource return result; } - if (!canOperator(loginUser, dataSource.getUserId())) { + if (!canOperatorPermissions(loginUser,new Object[]{dataSource.getId()}, AuthorizationType.DATASOURCE, DATASOURCE_UPDATE)) { putMsg(result, Status.USER_NO_OPERATION_PERM); return result; } @@ -234,13 +246,11 @@ public class DataSourceServiceImpl extends BaseServiceImpl implements DataSource @Override public Result queryDataSourceListPaging(User loginUser, String searchVal, Integer pageNo, Integer pageSize) { Result result = new Result(); - IPage dataSourceList; + IPage dataSourceList = null; Page dataSourcePage = new Page<>(pageNo, pageSize); - if (isAdmin(loginUser)) { - dataSourceList = dataSourceMapper.selectPaging(dataSourcePage, 0, searchVal); - } else { - dataSourceList = dataSourceMapper.selectPaging(dataSourcePage, loginUser.getId(), searchVal); + if (canOperatorPermissions(loginUser,null,AuthorizationType.DATASOURCE,DATASOURCE_LIST)) { + dataSourceList = dataSourceMapper.selectPaging(dataSourcePage, UserType.ADMIN_USER.equals(loginUser.getUserType()) ? 0 : loginUser.getId(), searchVal); } List dataSources = dataSourceList != null ? dataSourceList.getRecords() : new ArrayList<>(); @@ -286,12 +296,10 @@ public class DataSourceServiceImpl extends BaseServiceImpl implements DataSource public Map queryDataSourceList(User loginUser, Integer type) { Map result = new HashMap<>(); - List datasourceList; - - if (isAdmin(loginUser)) { - datasourceList = dataSourceMapper.listAllDataSourceByType(type); - } else { - datasourceList = dataSourceMapper.queryDataSourceByType(loginUser.getId(), type); + List datasourceList = null; + + if (canOperatorPermissions(loginUser,null,AuthorizationType.DATASOURCE,DATASOURCE_UPDATE)){ + datasourceList = dataSourceMapper.queryDataSourceByType(UserType.ADMIN_USER.equals(loginUser.getUserType()) ? 0 : loginUser.getId(), type); } result.put(Constants.DATA_LIST, datasourceList); @@ -382,7 +390,7 @@ public class DataSourceServiceImpl extends BaseServiceImpl implements DataSource putMsg(result, Status.RESOURCE_NOT_EXIST); return result; } - if (!canOperator(loginUser, dataSource.getUserId())) { + if (!canOperatorPermissions(loginUser, new Object[]{dataSource.getId()},AuthorizationType.DATASOURCE,DATASOURCE_DELETE)) { putMsg(result, Status.USER_NO_OPERATION_PERM); return result; } @@ -406,9 +414,8 @@ public class DataSourceServiceImpl extends BaseServiceImpl implements DataSource @Override public Map unauthDatasource(User loginUser, Integer userId) { Map result = new HashMap<>(); - List datasourceList; - if (isAdmin(loginUser)) { + if (canOperatorPermissions(loginUser,null,AuthorizationType.DATASOURCE,null)) { // admin gets all data sources except userId datasourceList = dataSourceMapper.queryDatasourceExceptUserId(userId); } else { diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/DqExecuteResultServiceImpl.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/DqExecuteResultServiceImpl.java index 0b3178a3c6..348af78d6d 100644 --- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/DqExecuteResultServiceImpl.java +++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/DqExecuteResultServiceImpl.java @@ -21,6 +21,7 @@ import org.apache.dolphinscheduler.api.enums.Status; import org.apache.dolphinscheduler.api.service.DqExecuteResultService; import org.apache.dolphinscheduler.api.utils.PageInfo; import org.apache.dolphinscheduler.api.utils.Result; +import org.apache.dolphinscheduler.common.enums.AuthorizationType; import org.apache.dolphinscheduler.common.utils.DateUtils; import org.apache.dolphinscheduler.dao.entity.DqExecuteResult; import org.apache.dolphinscheduler.dao.entity.User; @@ -70,6 +71,10 @@ public class DqExecuteResultServiceImpl extends BaseServiceImpl implements DqExe if (StringUtils.isNotEmpty(endTime)) { end = DateUtils.getScheduleDate(endTime); } + if(!canOperatorPermissions(loginUser,null, AuthorizationType.DATA_QUALITY,null)){ + putMsg(result, Status.USER_NO_OPERATION_PROJECT_PERM); + return result; + } } catch (Exception e) { putMsg(result, Status.REQUEST_PARAMS_NOT_VALID_ERROR, "startTime,endTime"); return result; diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/DqRuleServiceImpl.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/DqRuleServiceImpl.java index 7d4e9251c6..89004645b0 100644 --- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/DqRuleServiceImpl.java +++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/DqRuleServiceImpl.java @@ -29,6 +29,7 @@ import org.apache.dolphinscheduler.api.enums.Status; import org.apache.dolphinscheduler.api.service.DqRuleService; import org.apache.dolphinscheduler.api.utils.PageInfo; import org.apache.dolphinscheduler.api.utils.Result; +import org.apache.dolphinscheduler.common.enums.AuthorizationType; import org.apache.dolphinscheduler.common.utils.DateUtils; import org.apache.dolphinscheduler.common.utils.JSONUtils; import org.apache.dolphinscheduler.dao.entity.DataSource; @@ -167,6 +168,10 @@ public class DqRuleServiceImpl extends BaseServiceImpl implements DqRuleService if (StringUtils.isNotEmpty(endTime)) { end = DateUtils.getScheduleDate(endTime); } + if(!canOperatorPermissions(loginUser,null, AuthorizationType.DATA_QUALITY,null)){ + putMsg(result, Status.USER_NO_OPERATION_PROJECT_PERM); + return result; + } } catch (Exception e) { putMsg(result, Status.REQUEST_PARAMS_NOT_VALID_ERROR, "startTime,endTime"); return result; diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/EnvironmentServiceImpl.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/EnvironmentServiceImpl.java index 9734869633..fe9482d2a2 100644 --- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/EnvironmentServiceImpl.java +++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/EnvironmentServiceImpl.java @@ -23,6 +23,7 @@ import org.apache.dolphinscheduler.api.service.EnvironmentService; import org.apache.dolphinscheduler.api.utils.PageInfo; import org.apache.dolphinscheduler.api.utils.Result; import org.apache.dolphinscheduler.common.Constants; +import org.apache.dolphinscheduler.common.enums.AuthorizationType; import org.apache.dolphinscheduler.common.utils.CodeGenerateUtils; import org.apache.dolphinscheduler.common.utils.CodeGenerateUtils.CodeGenerateException; import org.apache.dolphinscheduler.common.utils.JSONUtils; @@ -61,6 +62,8 @@ import com.baomidou.mybatisplus.core.metadata.IPage; import com.baomidou.mybatisplus.extension.plugins.pagination.Page; import com.fasterxml.jackson.core.type.TypeReference; +import static org.apache.dolphinscheduler.api.constants.ApiFuncIdentificationConstant.*; + /** * task definition service impl */ @@ -91,7 +94,8 @@ public class EnvironmentServiceImpl extends BaseServiceImpl implements Environme @Override public Map createEnvironment(User loginUser, String name, String config, String desc, String workerGroups) { Map result = new HashMap<>(); - if (isNotAdmin(loginUser, result)) { + if (!canOperatorPermissions(loginUser, null, AuthorizationType.ENVIRONMENT, ENVIRONMENT_CREATE)) { + putMsg(result, Status.USER_NO_OPERATION_PERM); return result; } @@ -284,7 +288,8 @@ public class EnvironmentServiceImpl extends BaseServiceImpl implements Environme @Override public Map deleteEnvironmentByCode(User loginUser, Long code) { Map result = new HashMap<>(); - if (isNotAdmin(loginUser, result)) { + if (!canOperatorPermissions(loginUser,null, AuthorizationType.ENVIRONMENT,ENVIRONMENT_DELETE)) { + putMsg(result, Status.USER_NO_OPERATION_PERM); return result; } @@ -322,7 +327,8 @@ public class EnvironmentServiceImpl extends BaseServiceImpl implements Environme @Override public Map updateEnvironmentByCode(User loginUser, Long code, String name, String config, String desc, String workerGroups) { Map result = new HashMap<>(); - if (isNotAdmin(loginUser, result)) { + if (!canOperatorPermissions(loginUser,null, AuthorizationType.ENVIRONMENT,ENVIRONMENT_UPDATE)) { + putMsg(result, Status.USER_NO_OPERATION_PERM); return result; } diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ExecutorServiceImpl.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ExecutorServiceImpl.java index 5f72be37ed..9d002ece7e 100644 --- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ExecutorServiceImpl.java +++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ExecutorServiceImpl.java @@ -17,6 +17,7 @@ package org.apache.dolphinscheduler.api.service.impl; +import static org.apache.dolphinscheduler.api.constants.ApiFuncIdentificationConstant.WORKFLOW_START; import static org.apache.dolphinscheduler.common.Constants.CMDPARAM_COMPLEMENT_DATA_END_DATE; import static org.apache.dolphinscheduler.common.Constants.CMDPARAM_COMPLEMENT_DATA_START_DATE; import static org.apache.dolphinscheduler.common.Constants.CMD_PARAM_RECOVER_PROCESS_ID_STRING; @@ -24,6 +25,7 @@ import static org.apache.dolphinscheduler.common.Constants.CMD_PARAM_START_NODES import static org.apache.dolphinscheduler.common.Constants.CMD_PARAM_START_PARAMS; import static org.apache.dolphinscheduler.common.Constants.MAX_TASK_TIMEOUT; +import org.apache.dolphinscheduler.api.constants.ApiFuncIdentificationConstant; import org.apache.dolphinscheduler.api.enums.ExecuteType; import org.apache.dolphinscheduler.api.enums.Status; import org.apache.dolphinscheduler.api.service.ExecutorService; @@ -161,7 +163,7 @@ public class ExecutorServiceImpl extends BaseServiceImpl implements ExecutorServ ComplementDependentMode complementDependentMode) { Project project = projectMapper.queryByCode(projectCode); //check user access for project - Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode); + Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode, WORKFLOW_START); if (result.get(Constants.STATUS) != Status.SUCCESS) { return result; } @@ -296,7 +298,8 @@ public class ExecutorServiceImpl extends BaseServiceImpl implements ExecutorServ public Map execute(User loginUser, long projectCode, Integer processInstanceId, ExecuteType executeType) { Project project = projectMapper.queryByCode(projectCode); //check user access for project - Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode); + + Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode, ApiFuncIdentificationConstant.map.get(executeType)); if (result.get(Constants.STATUS) != Status.SUCCESS) { return result; } diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/K8SNamespaceServiceImpl.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/K8SNamespaceServiceImpl.java index f6e393f6ab..4a1c05bc7a 100644 --- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/K8SNamespaceServiceImpl.java +++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/K8SNamespaceServiceImpl.java @@ -22,6 +22,7 @@ import org.apache.dolphinscheduler.api.service.K8sNamespaceService; import org.apache.dolphinscheduler.api.utils.PageInfo; import org.apache.dolphinscheduler.api.utils.Result; import org.apache.dolphinscheduler.common.Constants; +import org.apache.dolphinscheduler.common.enums.AuthorizationType; import org.apache.dolphinscheduler.dao.entity.K8sNamespace; import org.apache.dolphinscheduler.dao.entity.User; import org.apache.dolphinscheduler.dao.mapper.K8sNamespaceMapper; @@ -42,7 +43,6 @@ import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; -import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper; import com.baomidou.mybatisplus.core.metadata.IPage; import com.baomidou.mybatisplus.extension.plugins.pagination.Page; @@ -80,7 +80,7 @@ public class K8SNamespaceServiceImpl extends BaseServiceImpl implements K8sNames @Override public Result queryListPaging(User loginUser, String searchVal, Integer pageNo, Integer pageSize) { Result result = new Result(); - if (!isAdmin(loginUser)) { + if (!canOperatorPermissions(loginUser,null, AuthorizationType.K8S_NAMESPACE,null)) { putMsg(result, Status.USER_NO_OPERATION_PERM); return result; } @@ -112,7 +112,8 @@ public class K8SNamespaceServiceImpl extends BaseServiceImpl implements K8sNames @Override public Map createK8sNamespace(User loginUser, String namespace, String k8s, Double limitsCpu, Integer limitsMemory) { Map result = new HashMap<>(); - if (isNotAdmin(loginUser, result)) { + if (!canOperatorPermissions(loginUser, null,AuthorizationType.K8S_NAMESPACE,null)) { + putMsg(result, Status.USER_NO_OPERATION_PERM); return result; } @@ -185,7 +186,8 @@ public class K8SNamespaceServiceImpl extends BaseServiceImpl implements K8sNames @Override public Map updateK8sNamespace(User loginUser, int id, String userName, Double limitsCpu, Integer limitsMemory) { Map result = new HashMap<>(); - if (isNotAdmin(loginUser, result)) { + if (!canOperatorPermissions(loginUser, null,AuthorizationType.K8S_NAMESPACE,null)) { + putMsg(result, Status.USER_NO_OPERATION_PERM); return result; } @@ -266,7 +268,8 @@ public class K8SNamespaceServiceImpl extends BaseServiceImpl implements K8sNames @Override public Map deleteNamespaceById(User loginUser, int id) { Map result = new HashMap<>(); - if (isNotAdmin(loginUser, result)) { + if (!canOperatorPermissions(loginUser, null,AuthorizationType.K8S_NAMESPACE,null)) { + putMsg(result, Status.USER_NO_OPERATION_PERM); return result; } @@ -340,7 +343,8 @@ public class K8SNamespaceServiceImpl extends BaseServiceImpl implements K8sNames @Override public Map queryUnauthorizedNamespace(User loginUser, Integer userId) { Map result = new HashMap<>(); - if (loginUser.getId() != userId && isNotAdmin(loginUser, result)) { + if (loginUser.getId() != userId && !canOperatorPermissions(loginUser, null,AuthorizationType.K8S_NAMESPACE,null)) { + putMsg(result, Status.USER_NO_OPERATION_PERM); return result; } // query all namespace list,this auth does not like project @@ -368,7 +372,8 @@ public class K8SNamespaceServiceImpl extends BaseServiceImpl implements K8sNames public Map queryAuthorizedNamespace(User loginUser, Integer userId) { Map result = new HashMap<>(); - if (loginUser.getId() != userId && isNotAdmin(loginUser, result)) { + if (loginUser.getId() != userId && !canOperatorPermissions(loginUser, null,AuthorizationType.K8S_NAMESPACE,null)) { + putMsg(result, Status.USER_NO_OPERATION_PERM); return result; } @@ -387,7 +392,7 @@ public class K8SNamespaceServiceImpl extends BaseServiceImpl implements K8sNames */ @Override public List queryNamespaceAvailable(User loginUser) { - if (isAdmin(loginUser)) { + if (canOperatorPermissions(loginUser,null,AuthorizationType.K8S_NAMESPACE,null)) { return k8sNamespaceMapper.selectList(null); } else { return k8sNamespaceMapper.queryNamespaceAvailable(loginUser.getId()); diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/LoggerServiceImpl.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/LoggerServiceImpl.java index cd5d18c463..885e9eac0d 100644 --- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/LoggerServiceImpl.java +++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/LoggerServiceImpl.java @@ -49,6 +49,9 @@ import org.springframework.stereotype.Service; import com.google.common.primitives.Bytes; +import static org.apache.dolphinscheduler.api.constants.ApiFuncIdentificationConstant.DOWNLOAD_LOG; +import static org.apache.dolphinscheduler.api.constants.ApiFuncIdentificationConstant.VIEW_LOG; + /** * logger service impl */ @@ -144,7 +147,7 @@ public class LoggerServiceImpl extends BaseServiceImpl implements LoggerService public Map queryLog(User loginUser, long projectCode, int taskInstId, int skipLineNum, int limit) { Project project = projectMapper.queryByCode(projectCode); //check user access for project - Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode); + Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode, VIEW_LOG); if (result.get(Constants.STATUS) != Status.SUCCESS) { return result; } @@ -177,7 +180,7 @@ public class LoggerServiceImpl extends BaseServiceImpl implements LoggerService public byte[] getLogBytes(User loginUser, long projectCode, int taskInstId) { Project project = projectMapper.queryByCode(projectCode); //check user access for project - Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode); + Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode,DOWNLOAD_LOG); if (result.get(Constants.STATUS) != Status.SUCCESS) { throw new ServiceException("user has no permission"); } diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ProcessDefinitionServiceImpl.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ProcessDefinitionServiceImpl.java index ad05c456f5..e9cc2677ac 100644 --- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ProcessDefinitionServiceImpl.java +++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ProcessDefinitionServiceImpl.java @@ -17,6 +17,7 @@ package org.apache.dolphinscheduler.api.service.impl; +import static org.apache.dolphinscheduler.api.constants.ApiFuncIdentificationConstant.*; import static org.apache.dolphinscheduler.common.Constants.CMD_PARAM_SUB_PROCESS_DEFINE_CODE; import static org.apache.dolphinscheduler.common.Constants.DEFAULT_WORKER_GROUP; import static org.apache.dolphinscheduler.plugin.task.api.TaskConstants.COMPLEX_TASK_TYPES; @@ -37,17 +38,9 @@ import org.apache.dolphinscheduler.api.utils.FileUtils; import org.apache.dolphinscheduler.api.utils.PageInfo; import org.apache.dolphinscheduler.api.utils.Result; import org.apache.dolphinscheduler.common.Constants; -import org.apache.dolphinscheduler.common.enums.ConditionType; -import org.apache.dolphinscheduler.common.enums.FailureStrategy; -import org.apache.dolphinscheduler.common.enums.Flag; -import org.apache.dolphinscheduler.common.enums.Priority; -import org.apache.dolphinscheduler.common.enums.ProcessExecutionTypeEnum; -import org.apache.dolphinscheduler.common.enums.ReleaseState; +import org.apache.dolphinscheduler.common.enums.*; import org.apache.dolphinscheduler.dao.entity.DependentSimplifyDefinition; import org.apache.dolphinscheduler.plugin.task.api.enums.TaskTimeoutStrategy; -import org.apache.dolphinscheduler.common.enums.TimeoutFlag; -import org.apache.dolphinscheduler.common.enums.UserType; -import org.apache.dolphinscheduler.common.enums.WarningType; import org.apache.dolphinscheduler.common.graph.DAG; import org.apache.dolphinscheduler.common.model.TaskNode; import org.apache.dolphinscheduler.common.model.TaskNodeRelation; @@ -222,7 +215,7 @@ public class ProcessDefinitionServiceImpl extends BaseServiceImpl implements Pro ProcessExecutionTypeEnum executionType) { Project project = projectMapper.queryByCode(projectCode); //check user access for project - Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode); + Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode,WORKFLOW_CREATE); if (result.get(Constants.STATUS) != Status.SUCCESS) { return result; } @@ -379,7 +372,7 @@ public class ProcessDefinitionServiceImpl extends BaseServiceImpl implements Pro public Map queryProcessDefinitionList(User loginUser, long projectCode) { Project project = projectMapper.queryByCode(projectCode); //check user access for project - Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode); + Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode,WORKFLOW_DEFINITION); if (result.get(Constants.STATUS) != Status.SUCCESS) { return result; } @@ -401,7 +394,7 @@ public class ProcessDefinitionServiceImpl extends BaseServiceImpl implements Pro public Map queryProcessDefinitionSimpleList(User loginUser, long projectCode) { Project project = projectMapper.queryByCode(projectCode); //check user access for project - Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode); + Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode,WORKFLOW_DEFINITION); if (result.get(Constants.STATUS) != Status.SUCCESS) { return result; } @@ -436,7 +429,7 @@ public class ProcessDefinitionServiceImpl extends BaseServiceImpl implements Pro Result result = new Result(); Project project = projectMapper.queryByCode(projectCode); //check user access for project - Map checkResult = projectService.checkProjectAndAuth(loginUser, project, projectCode); + Map checkResult = projectService.checkProjectAndAuth(loginUser, project, projectCode,WORKFLOW_DEFINITION); Status resultStatus = (Status) checkResult.get(Constants.STATUS); if (resultStatus != Status.SUCCESS) { putMsg(result, resultStatus); @@ -475,7 +468,7 @@ public class ProcessDefinitionServiceImpl extends BaseServiceImpl implements Pro public Map queryProcessDefinitionByCode(User loginUser, long projectCode, long code) { Project project = projectMapper.queryByCode(projectCode); //check user access for project - Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode); + Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode,WORKFLOW_DEFINITION); if (result.get(Constants.STATUS) != Status.SUCCESS) { return result; } @@ -499,7 +492,7 @@ public class ProcessDefinitionServiceImpl extends BaseServiceImpl implements Pro public Map queryProcessDefinitionByName(User loginUser, long projectCode, String name) { Project project = projectMapper.queryByCode(projectCode); //check user access for project - Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode); + Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode,WORKFLOW_DEFINITION); if (result.get(Constants.STATUS) != Status.SUCCESS) { return result; } @@ -547,7 +540,7 @@ public class ProcessDefinitionServiceImpl extends BaseServiceImpl implements Pro ProcessExecutionTypeEnum executionType) { Project project = projectMapper.queryByCode(projectCode); //check user access for project - Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode); + Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode,WORKFLOW_UPDATE); if (result.get(Constants.STATUS) != Status.SUCCESS) { return result; } @@ -667,7 +660,7 @@ public class ProcessDefinitionServiceImpl extends BaseServiceImpl implements Pro public Map verifyProcessDefinitionName(User loginUser, long projectCode, String name) { Project project = projectMapper.queryByCode(projectCode); //check user access for project - Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode); + Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode,null); if (result.get(Constants.STATUS) != Status.SUCCESS) { return result; } @@ -693,7 +686,7 @@ public class ProcessDefinitionServiceImpl extends BaseServiceImpl implements Pro public Map deleteProcessDefinitionByCode(User loginUser, long projectCode, long code) { Project project = projectMapper.queryByCode(projectCode); //check user access for project - Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode); + Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode,WORKFLOW_DEFINITION_DELETE); if (result.get(Constants.STATUS) != Status.SUCCESS) { return result; } @@ -764,7 +757,7 @@ public class ProcessDefinitionServiceImpl extends BaseServiceImpl implements Pro public Map releaseProcessDefinition(User loginUser, long projectCode, long code, ReleaseState releaseState) { Project project = projectMapper.queryByCode(projectCode); //check user access for project - Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode); + Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode,WORKFLOW_ONLINE_OFFLINE); if (result.get(Constants.STATUS) != Status.SUCCESS) { return result; } @@ -825,7 +818,7 @@ public class ProcessDefinitionServiceImpl extends BaseServiceImpl implements Pro } Project project = projectMapper.queryByCode(projectCode); //check user access for project - Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode); + Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode,WORKFLOW_DEFINITION_EXPORT); if (result.get(Constants.STATUS) != Status.SUCCESS) { return; } @@ -905,6 +898,11 @@ public class ProcessDefinitionServiceImpl extends BaseServiceImpl implements Pro Map result = new HashMap<>(); String dagDataScheduleJson = FileUtils.file2String(file); List dagDataScheduleList = JSONUtils.toList(dagDataScheduleJson, DagDataSchedule.class); + Project project = projectMapper.queryByCode(projectCode); + result = projectService.checkProjectAndAuth(loginUser, project, projectCode,WORKFLOW_EXPORT); + if (result.get(Constants.STATUS) != Status.SUCCESS) { + return result; + } //check file content if (CollectionUtils.isEmpty(dagDataScheduleList)) { putMsg(result, Status.DATA_IS_NULL, "fileContent"); @@ -922,6 +920,11 @@ public class ProcessDefinitionServiceImpl extends BaseServiceImpl implements Pro @Transactional(rollbackFor = RuntimeException.class) public Map importSqlProcessDefinition(User loginUser, long projectCode, MultipartFile file) { Map result = new HashMap<>(); + Project project = projectMapper.queryByCode(projectCode); + result = projectService.checkProjectAndAuth(loginUser, project, projectCode,WORKFLOW_IMPORT); + if (result.get(Constants.STATUS) != Status.SUCCESS) { + return result; + } String processDefinitionName = file.getOriginalFilename() == null ? file.getName() : file.getOriginalFilename(); int index = processDefinitionName.lastIndexOf("."); if (index > 0) { @@ -1334,7 +1337,7 @@ public class ProcessDefinitionServiceImpl extends BaseServiceImpl implements Pro public Map getTaskNodeListByDefinitionCode(User loginUser, long projectCode, long code) { Project project = projectMapper.queryByCode(projectCode); //check user access for project - Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode); + Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode,null); if (result.get(Constants.STATUS) != Status.SUCCESS) { return result; } @@ -1363,7 +1366,7 @@ public class ProcessDefinitionServiceImpl extends BaseServiceImpl implements Pro public Map getNodeListMapByDefinitionCodes(User loginUser, long projectCode, String codes) { Project project = projectMapper.queryByCode(projectCode); //check user access for project - Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode); + Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode,null); if (result.get(Constants.STATUS) != Status.SUCCESS) { return result; } @@ -1410,7 +1413,7 @@ public class ProcessDefinitionServiceImpl extends BaseServiceImpl implements Pro public Map queryAllProcessDefinitionByProjectCode(User loginUser, long projectCode) { Project project = projectMapper.queryByCode(projectCode); //check user access for project - Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode); + Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode,WORKFLOW_DEFINITION); if (result.get(Constants.STATUS) != Status.SUCCESS) { return result; } @@ -1482,8 +1485,14 @@ public class ProcessDefinitionServiceImpl extends BaseServiceImpl implements Pro * @return tree view json data */ @Override - public Map viewTree(long projectCode, long code, Integer limit) { + public Map viewTree(User loginUser,long projectCode, long code, Integer limit) { Map result = new HashMap<>(); + Project project = projectMapper.queryByCode(projectCode); + //check user access for project + result = projectService.checkProjectAndAuth(loginUser, project, projectCode,WORKFLOW_TREE_VIEW); + if (result.get(Constants.STATUS) != Status.SUCCESS) { + return result; + } ProcessDefinition processDefinition = processDefinitionMapper.queryByCode(code); if (null == processDefinition || projectCode != processDefinition.getProjectCode()) { logger.info("process define not exists"); @@ -1631,7 +1640,7 @@ public class ProcessDefinitionServiceImpl extends BaseServiceImpl implements Pro long projectCode, String codes, long targetProjectCode) { - Map result = checkParams(loginUser, projectCode, codes, targetProjectCode); + Map result = checkParams(loginUser, projectCode, codes, targetProjectCode,WORKFLOW_BATCH_COPY); if (result.get(Constants.STATUS) != Status.SUCCESS) { return result; } @@ -1658,13 +1667,14 @@ public class ProcessDefinitionServiceImpl extends BaseServiceImpl implements Pro long projectCode, String codes, long targetProjectCode) { - Map result = checkParams(loginUser, projectCode, codes, targetProjectCode); + Map result = checkParams(loginUser, projectCode, codes, targetProjectCode,TASK_DEFINITION_MOVE); if (result.get(Constants.STATUS) != Status.SUCCESS) { return result; } if (projectCode == targetProjectCode) { return result; } + List failedProcessList = new ArrayList<>(); doBatchOperateProcessDefinition(loginUser, targetProjectCode, failedProcessList, codes, result, false); checkBatchOperateResult(projectCode, targetProjectCode, result, failedProcessList, false); @@ -1674,10 +1684,10 @@ public class ProcessDefinitionServiceImpl extends BaseServiceImpl implements Pro private Map checkParams(User loginUser, long projectCode, String processDefinitionCodes, - long targetProjectCode) { + long targetProjectCode,String perm) { Project project = projectMapper.queryByCode(projectCode); //check user access for project - Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode); + Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode,perm); if (result.get(Constants.STATUS) != Status.SUCCESS) { return result; } @@ -1690,7 +1700,7 @@ public class ProcessDefinitionServiceImpl extends BaseServiceImpl implements Pro if (projectCode != targetProjectCode) { Project targetProject = projectMapper.queryByCode(targetProjectCode); //check user access for project - Map targetResult = projectService.checkProjectAndAuth(loginUser, targetProject, targetProjectCode); + Map targetResult = projectService.checkProjectAndAuth(loginUser, targetProject, targetProjectCode,perm); if (targetResult.get(Constants.STATUS) != Status.SUCCESS) { return targetResult; } @@ -1795,7 +1805,7 @@ public class ProcessDefinitionServiceImpl extends BaseServiceImpl implements Pro public Map switchProcessDefinitionVersion(User loginUser, long projectCode, long code, int version) { Project project = projectMapper.queryByCode(projectCode); //check user access for project - Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode); + Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode,WORKFLOW_SWITCH_TO_THIS_VERSION); if (result.get(Constants.STATUS) != Status.SUCCESS) { return result; } @@ -1857,7 +1867,7 @@ public class ProcessDefinitionServiceImpl extends BaseServiceImpl implements Pro Result result = new Result(); Project project = projectMapper.queryByCode(projectCode); // check user access for project - Map checkResult = projectService.checkProjectAndAuth(loginUser, project, projectCode); + Map checkResult = projectService.checkProjectAndAuth(loginUser, project, projectCode,VERSION_LIST); Status resultStatus = (Status) checkResult.get(Constants.STATUS); if (resultStatus != Status.SUCCESS) { putMsg(result, resultStatus); @@ -1890,7 +1900,7 @@ public class ProcessDefinitionServiceImpl extends BaseServiceImpl implements Pro public Map deleteProcessDefinitionVersion(User loginUser, long projectCode, long code, int version) { Project project = projectMapper.queryByCode(projectCode); //check user access for project - Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode); + Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode,VERSION_DELETE); if (result.get(Constants.STATUS) != Status.SUCCESS) { return result; } @@ -1940,7 +1950,7 @@ public class ProcessDefinitionServiceImpl extends BaseServiceImpl implements Pro ProcessExecutionTypeEnum executionType) { Project project = projectMapper.queryByCode(projectCode); //check user access for project - Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode); + Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode,WORKFLOW_CREATE); if (result.get(Constants.STATUS) != Status.SUCCESS) { return result; } @@ -2067,7 +2077,7 @@ public class ProcessDefinitionServiceImpl extends BaseServiceImpl implements Pro ProcessExecutionTypeEnum executionType) { Project project = projectMapper.queryByCode(projectCode); //check user access for project - Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode); + Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode,WORKFLOW_UPDATE); if (result.get(Constants.STATUS) != Status.SUCCESS) { return result; } @@ -2174,7 +2184,7 @@ public class ProcessDefinitionServiceImpl extends BaseServiceImpl implements Pro public Map releaseWorkflowAndSchedule(User loginUser, long projectCode, long code, ReleaseState releaseState) { Project project = projectMapper.queryByCode(projectCode); //check user access for project - Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode); + Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode,WORKFLOW_ONLINE_OFFLINE); if (result.get(Constants.STATUS) != Status.SUCCESS) { return result; } diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ProcessInstanceServiceImpl.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ProcessInstanceServiceImpl.java index ae570bc725..725793f8f8 100644 --- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ProcessInstanceServiceImpl.java +++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ProcessInstanceServiceImpl.java @@ -17,12 +17,8 @@ package org.apache.dolphinscheduler.api.service.impl; -import static org.apache.dolphinscheduler.common.Constants.DATA_LIST; -import static org.apache.dolphinscheduler.common.Constants.DEPENDENT_SPLIT; -import static org.apache.dolphinscheduler.common.Constants.GLOBAL_PARAMS; -import static org.apache.dolphinscheduler.common.Constants.LOCAL_PARAMS; -import static org.apache.dolphinscheduler.common.Constants.PROCESS_INSTANCE_STATE; -import static org.apache.dolphinscheduler.common.Constants.TASK_LIST; +import static org.apache.dolphinscheduler.api.constants.ApiFuncIdentificationConstant.*; +import static org.apache.dolphinscheduler.common.Constants.*; import static org.apache.dolphinscheduler.plugin.task.api.TaskConstants.TASK_TYPE_DEPENDENT; import org.apache.dolphinscheduler.api.dto.gantt.GanttDto; @@ -160,7 +156,7 @@ public class ProcessInstanceServiceImpl extends BaseServiceImpl implements Proce public Map queryTopNLongestRunningProcessInstance(User loginUser, long projectCode, int size, String startTime, String endTime) { Project project = projectMapper.queryByCode(projectCode); //check user access for project - Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode); + Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode,WORKFLOW_INSTANCE); if (result.get(Constants.STATUS) != Status.SUCCESS) { return result; } @@ -206,7 +202,7 @@ public class ProcessInstanceServiceImpl extends BaseServiceImpl implements Proce public Map queryProcessInstanceById(User loginUser, long projectCode, Integer processId) { Project project = projectMapper.queryByCode(projectCode); //check user access for project - Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode); + Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode,WORKFLOW_INSTANCE); if (result.get(Constants.STATUS) != Status.SUCCESS) { return result; } @@ -249,7 +245,7 @@ public class ProcessInstanceServiceImpl extends BaseServiceImpl implements Proce Result result = new Result(); Project project = projectMapper.queryByCode(projectCode); //check user access for project - Map checkResult = projectService.checkProjectAndAuth(loginUser, project, projectCode); + Map checkResult = projectService.checkProjectAndAuth(loginUser, project, projectCode, WORKFLOW_INSTANCE); Status resultEnum = (Status) checkResult.get(Constants.STATUS); if (resultEnum != Status.SUCCESS) { putMsg(result,resultEnum); @@ -317,7 +313,7 @@ public class ProcessInstanceServiceImpl extends BaseServiceImpl implements Proce public Map queryTaskListByProcessId(User loginUser, long projectCode, Integer processId) throws IOException { Project project = projectMapper.queryByCode(projectCode); //check user access for project - Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode); + Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode,WORKFLOW_INSTANCE); if (result.get(Constants.STATUS) != Status.SUCCESS) { return result; } @@ -396,7 +392,7 @@ public class ProcessInstanceServiceImpl extends BaseServiceImpl implements Proce public Map querySubProcessInstanceByTaskId(User loginUser, long projectCode, Integer taskId) { Project project = projectMapper.queryByCode(projectCode); //check user access for project - Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode); + Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode,WORKFLOW_INSTANCE); if (result.get(Constants.STATUS) != Status.SUCCESS) { return result; } @@ -454,7 +450,7 @@ public class ProcessInstanceServiceImpl extends BaseServiceImpl implements Proce String locations, int timeout, String tenantCode) { Project project = projectMapper.queryByCode(projectCode); //check user access for project - Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode); + Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode,INSTANCE_UPDATE ); if (result.get(Constants.STATUS) != Status.SUCCESS) { return result; } @@ -578,7 +574,7 @@ public class ProcessInstanceServiceImpl extends BaseServiceImpl implements Proce public Map queryParentInstanceBySubId(User loginUser, long projectCode, Integer subId) { Project project = projectMapper.queryByCode(projectCode); //check user access for project - Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode); + Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode,WORKFLOW_INSTANCE); if (result.get(Constants.STATUS) != Status.SUCCESS) { return result; } @@ -618,7 +614,7 @@ public class ProcessInstanceServiceImpl extends BaseServiceImpl implements Proce public Map deleteProcessInstanceById(User loginUser, long projectCode, Integer processInstanceId) { Project project = projectMapper.queryByCode(projectCode); //check user access for project - Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode); + Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode,INSTANCE_DELETE); if (result.get(Constants.STATUS) != Status.SUCCESS) { return result; } @@ -758,7 +754,6 @@ public class ProcessInstanceServiceImpl extends BaseServiceImpl implements Proce @Override public Map viewGantt(long projectCode, Integer processInstanceId) throws Exception { Map result = new HashMap<>(); - ProcessInstance processInstance = processInstanceMapper.queryDetailById(processInstanceId); if (processInstance == null) { diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ProcessTaskRelationServiceImpl.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ProcessTaskRelationServiceImpl.java index 26a1e88a05..999459628f 100644 --- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ProcessTaskRelationServiceImpl.java +++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ProcessTaskRelationServiceImpl.java @@ -101,7 +101,7 @@ public class ProcessTaskRelationServiceImpl extends BaseServiceImpl implements P public Map createProcessTaskRelation(User loginUser, long projectCode, long processDefinitionCode, long preTaskCode, long postTaskCode) { Project project = projectMapper.queryByCode(projectCode); //check user access for project - Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode); + Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode,null); if (result.get(Constants.STATUS) != Status.SUCCESS) { return result; } @@ -192,7 +192,7 @@ public class ProcessTaskRelationServiceImpl extends BaseServiceImpl implements P public Map deleteTaskProcessRelation(User loginUser, long projectCode, long processDefinitionCode, long taskCode) { Project project = projectMapper.queryByCode(projectCode); //check user access for project - Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode); + Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode,null); if (result.get(Constants.STATUS) != Status.SUCCESS) { return result; } @@ -272,7 +272,7 @@ public class ProcessTaskRelationServiceImpl extends BaseServiceImpl implements P public Map deleteUpstreamRelation(User loginUser, long projectCode, String preTaskCodes, long taskCode) { Project project = projectMapper.queryByCode(projectCode); //check user access for project - Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode); + Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode,null); if (result.get(Constants.STATUS) != Status.SUCCESS) { return result; } @@ -344,7 +344,7 @@ public class ProcessTaskRelationServiceImpl extends BaseServiceImpl implements P public Map deleteDownstreamRelation(User loginUser, long projectCode, String postTaskCodes, long taskCode) { Project project = projectMapper.queryByCode(projectCode); //check user access for project - Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode); + Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode,null); if (result.get(Constants.STATUS) != Status.SUCCESS) { return result; } @@ -387,7 +387,7 @@ public class ProcessTaskRelationServiceImpl extends BaseServiceImpl implements P public Map queryUpstreamRelation(User loginUser, long projectCode, long taskCode) { Project project = projectMapper.queryByCode(projectCode); //check user access for project - Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode); + Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode,null); if (result.get(Constants.STATUS) != Status.SUCCESS) { return result; } @@ -423,7 +423,7 @@ public class ProcessTaskRelationServiceImpl extends BaseServiceImpl implements P public Map queryDownstreamRelation(User loginUser, long projectCode, long taskCode) { Project project = projectMapper.queryByCode(projectCode); //check user access for project - Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode); + Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode,null); if (result.get(Constants.STATUS) != Status.SUCCESS) { return result; } @@ -462,7 +462,7 @@ public class ProcessTaskRelationServiceImpl extends BaseServiceImpl implements P public Map deleteEdge(User loginUser, long projectCode, long processDefinitionCode, long preTaskCode, long postTaskCode) { Project project = projectMapper.queryByCode(projectCode); //check user access for project - Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode); + Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode,null); if (result.get(Constants.STATUS) != Status.SUCCESS) { return result; } diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ProjectServiceImpl.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ProjectServiceImpl.java index d24637134f..ee4096054f 100644 --- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ProjectServiceImpl.java +++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ProjectServiceImpl.java @@ -43,7 +43,6 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; import java.util.ArrayList; -import java.util.Arrays; import java.util.Date; import java.util.HashMap; import java.util.HashSet; @@ -51,13 +50,14 @@ import java.util.List; import java.util.Map; import java.util.Set; +import static org.apache.dolphinscheduler.api.constants.ApiFuncIdentificationConstant.*; import static org.apache.dolphinscheduler.api.utils.CheckUtils.checkDesc; /** * project service impl **/ @Service -public class ProjectServiceImpl extends BaseServiceImpl implements ProjectService { +public class ProjectServiceImpl extends BaseServiceImpl implements ProjectService{ private static final Logger logger = LoggerFactory.getLogger(ProjectServiceImpl.class); @@ -92,6 +92,11 @@ public class ProjectServiceImpl extends BaseServiceImpl implements ProjectServic if (descCheck.get(Constants.STATUS) != Status.SUCCESS) { return descCheck; } + if (!canOperatorPermissions(loginUser, null,AuthorizationType.PROJECTS, PROJECT_CREATE)) { + putMsg(result, Status.USER_NO_OPERATION_PERM); + return result; + } + Project project = projectMapper.queryByName(name); if (project != null) { @@ -136,7 +141,7 @@ public class ProjectServiceImpl extends BaseServiceImpl implements ProjectServic public Map queryByCode(User loginUser, long projectCode) { Map result = new HashMap<>(); Project project = projectMapper.queryByCode(projectCode); - boolean hasProjectAndPerm = hasProjectAndPerm(loginUser, project, result); + boolean hasProjectAndPerm = hasProjectAndPerm(loginUser, project, result,PROJECT); if (!hasProjectAndPerm) { return result; } @@ -151,7 +156,7 @@ public class ProjectServiceImpl extends BaseServiceImpl implements ProjectServic public Map queryByName(User loginUser, String projectName) { Map result = new HashMap<>(); Project project = projectMapper.queryByName(projectName); - boolean hasProjectAndPerm = hasProjectAndPerm(loginUser, project, result); + boolean hasProjectAndPerm = hasProjectAndPerm(loginUser, project, result,PROJECT); if (!hasProjectAndPerm) { return result; } @@ -171,11 +176,11 @@ public class ProjectServiceImpl extends BaseServiceImpl implements ProjectServic * @return true if the login user have permission to see the project */ @Override - public Map checkProjectAndAuth(User loginUser, Project project, long projectCode) { + public Map checkProjectAndAuth(User loginUser, Project project, long projectCode,String perm) { Map result = new HashMap<>(); if (project == null) { putMsg(result, Status.PROJECT_NOT_EXIST); - } else if (!checkReadPermissions(loginUser, project.getId())) { + } else if (!canOperatorPermissions(loginUser, new Object[]{project.getId()},AuthorizationType.PROJECTS,perm)) { // check read permission putMsg(result, Status.USER_NO_OPERATION_PROJECT_PERM, loginUser.getUserName(), projectCode); } else { @@ -185,11 +190,11 @@ public class ProjectServiceImpl extends BaseServiceImpl implements ProjectServic } @Override - public boolean hasProjectAndPerm(User loginUser, Project project, Map result) { + public boolean hasProjectAndPerm(User loginUser, Project project, Map result,String perm) { boolean checkResult = false; if (project == null) { putMsg(result, Status.PROJECT_NOT_FOUND, ""); - } else if (!checkReadPermissions(loginUser, project.getId())) { + } else if (!canOperatorPermissions(loginUser, new Object[]{project.getId()},AuthorizationType.PROJECTS,perm)) { putMsg(result, Status.USER_NO_OPERATION_PROJECT_PERM, loginUser.getUserName(), project.getCode()); } else { checkResult = true; @@ -202,7 +207,7 @@ public class ProjectServiceImpl extends BaseServiceImpl implements ProjectServic boolean checkResult = false; if (project == null) { putMsg(result, Status.PROJECT_NOT_FOUND, ""); - } else if (!checkReadPermissions(loginUser, project.getId())) { + } else if (!canOperatorPermissions(loginUser, new Object[]{project.getId()},AuthorizationType.PROJECTS,null)) { putMsg(result, Status.USER_NO_OPERATION_PROJECT_PERM, loginUser.getUserName(), project.getName()); } else { checkResult = true; @@ -253,16 +258,12 @@ public class ProjectServiceImpl extends BaseServiceImpl implements ProjectServic public Map deleteProject(User loginUser, Long projectCode) { Map result = new HashMap<>(); Project project = projectMapper.queryByCode(projectCode); - Map checkResult = getCheckResult(loginUser, project); + + Map checkResult = getCheckResult(loginUser, project,PROJECT_DELETE); if (checkResult != null) { return checkResult; } - if (!canOperatorPermissions(loginUser, new Object[]{project.getId()}, AuthorizationType.PROJECTS)) { - putMsg(result, Status.USER_NO_OPERATION_PERM); - return result; - } - List processDefinitionList = processDefinitionMapper.queryAllDefinitionList(project.getCode()); if (!processDefinitionList.isEmpty()) { @@ -285,8 +286,8 @@ public class ProjectServiceImpl extends BaseServiceImpl implements ProjectServic * @param project project * @return check result */ - private Map getCheckResult(User loginUser, Project project) { - Map checkResult = checkProjectAndAuth(loginUser, project, project == null ? 0L : project.getCode()); + private Map getCheckResult(User loginUser, Project project,String perm) { + Map checkResult = checkProjectAndAuth(loginUser, project, project == null ? 0L : project.getCode(),perm); Status status = (Status) checkResult.get(Constants.STATUS); if (status != Status.SUCCESS) { return checkResult; @@ -314,7 +315,7 @@ public class ProjectServiceImpl extends BaseServiceImpl implements ProjectServic } Project project = projectMapper.queryByCode(projectCode); - boolean hasProjectAndPerm = hasProjectAndPerm(loginUser, project, result); + boolean hasProjectAndPerm = hasProjectAndPerm(loginUser, project, result,PROJECT_UPDATE); if (!hasProjectAndPerm) { return result; } @@ -420,7 +421,7 @@ public class ProjectServiceImpl extends BaseServiceImpl implements ProjectServic // 1. check read permission Project project = this.projectMapper.queryByCode(projectCode); - boolean hasProjectAndPerm = this.hasProjectAndPerm(loginUser, project, result); + boolean hasProjectAndPerm = this.hasProjectAndPerm(loginUser, project, result,PROJECT); if (!hasProjectAndPerm) { return result; } @@ -481,6 +482,7 @@ public class ProjectServiceImpl extends BaseServiceImpl implements ProjectServic } /** +<<<<<<< HEAD * check whether have read permission new * @param user * @param id @@ -493,6 +495,8 @@ public class ProjectServiceImpl extends BaseServiceImpl implements ProjectServic } /** +======= +>>>>>>> f3b76b72a ([Feature][API] Modify the permissions of project management, security center, data source center and data quality module.) * query permission id * * @param user user diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/QueueServiceImpl.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/QueueServiceImpl.java index 2da89df000..c01ff2e0e6 100644 --- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/QueueServiceImpl.java +++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/QueueServiceImpl.java @@ -22,6 +22,7 @@ import org.apache.dolphinscheduler.api.service.QueueService; import org.apache.dolphinscheduler.api.utils.PageInfo; import org.apache.dolphinscheduler.api.utils.Result; import org.apache.dolphinscheduler.common.Constants; +import org.apache.dolphinscheduler.common.enums.AuthorizationType; import org.apache.dolphinscheduler.dao.entity.Queue; import org.apache.dolphinscheduler.dao.entity.User; import org.apache.dolphinscheduler.dao.mapper.QueueMapper; @@ -42,6 +43,8 @@ import org.springframework.stereotype.Service; import com.baomidou.mybatisplus.core.metadata.IPage; import com.baomidou.mybatisplus.extension.plugins.pagination.Page; +import static org.apache.dolphinscheduler.api.constants.ApiFuncIdentificationConstant.*; + /** * queue service impl */ @@ -65,7 +68,8 @@ public class QueueServiceImpl extends BaseServiceImpl implements QueueService { @Override public Map queryList(User loginUser) { Map result = new HashMap<>(); - if (isNotAdmin(loginUser, result)) { + if (!canOperatorPermissions(loginUser,null, AuthorizationType.QUEUE, YARN_QUEUE_MANAGE)) { + putMsg(result, Status.USER_NO_OPERATION_PERM); return result; } @@ -88,7 +92,7 @@ public class QueueServiceImpl extends BaseServiceImpl implements QueueService { @Override public Result queryList(User loginUser, String searchVal, Integer pageNo, Integer pageSize) { Result result = new Result(); - if (!isAdmin(loginUser)) { + if (!canOperatorPermissions(loginUser,null,AuthorizationType.QUEUE,YARN_QUEUE_MANAGE)) { putMsg(result, Status.USER_NO_OPERATION_PERM); return result; } @@ -118,7 +122,8 @@ public class QueueServiceImpl extends BaseServiceImpl implements QueueService { @Override public Map createQueue(User loginUser, String queue, String queueName) { Map result = new HashMap<>(); - if (isNotAdmin(loginUser, result)) { + if (!canOperatorPermissions(loginUser,null, AuthorizationType.QUEUE,YARN_QUEUE_CREATE)) { + putMsg(result, Status.USER_NO_OPERATION_PERM); return result; } @@ -169,7 +174,8 @@ public class QueueServiceImpl extends BaseServiceImpl implements QueueService { @Override public Map updateQueue(User loginUser, int id, String queue, String queueName) { Map result = new HashMap<>(); - if (isNotAdmin(loginUser, result)) { + if (!canOperatorPermissions(loginUser,null, AuthorizationType.QUEUE,YARN_QUEUE_UPDATE)) { + putMsg(result, Status.USER_NO_OPERATION_PERM); return result; } diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/SchedulerServiceImpl.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/SchedulerServiceImpl.java index 0909d3e582..2f4d6648f3 100644 --- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/SchedulerServiceImpl.java +++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/SchedulerServiceImpl.java @@ -143,7 +143,7 @@ public class SchedulerServiceImpl extends BaseServiceImpl implements SchedulerSe Project project = projectMapper.queryByCode(projectCode); // check project auth - boolean hasProjectAndPerm = projectService.hasProjectAndPerm(loginUser, project, result); + boolean hasProjectAndPerm = projectService.hasProjectAndPerm(loginUser, project, result,null); if (!hasProjectAndPerm) { return result; } @@ -243,7 +243,7 @@ public class SchedulerServiceImpl extends BaseServiceImpl implements SchedulerSe Project project = projectMapper.queryByCode(projectCode); // check project auth - boolean hasProjectAndPerm = projectService.hasProjectAndPerm(loginUser, project, result); + boolean hasProjectAndPerm = projectService.hasProjectAndPerm(loginUser, project, result,null); if (!hasProjectAndPerm) { return result; } @@ -286,7 +286,7 @@ public class SchedulerServiceImpl extends BaseServiceImpl implements SchedulerSe Project project = projectMapper.queryByCode(projectCode); // check project auth - boolean hasProjectAndPerm = projectService.hasProjectAndPerm(loginUser, project, result); + boolean hasProjectAndPerm = projectService.hasProjectAndPerm(loginUser, project, result,null); if (!hasProjectAndPerm) { return result; } @@ -441,7 +441,7 @@ public class SchedulerServiceImpl extends BaseServiceImpl implements SchedulerSe Project project = projectMapper.queryByCode(projectCode); // check project auth - boolean hasProjectAndPerm = projectService.hasProjectAndPerm(loginUser, project, result); + boolean hasProjectAndPerm = projectService.hasProjectAndPerm(loginUser, project, result,null); if (!hasProjectAndPerm) { return result; } @@ -521,7 +521,7 @@ public class SchedulerServiceImpl extends BaseServiceImpl implements SchedulerSe Map result = new HashMap<>(); Project project = projectMapper.queryByCode(projectCode); - Map checkResult = projectService.checkProjectAndAuth(loginUser, project, projectCode); + Map checkResult = projectService.checkProjectAndAuth(loginUser, project, projectCode,null); Status resultEnum = (Status) checkResult.get(Constants.STATUS); if (resultEnum != Status.SUCCESS) { return checkResult; @@ -617,7 +617,7 @@ public class SchedulerServiceImpl extends BaseServiceImpl implements SchedulerSe long environmentCode) { Project project = projectMapper.queryByCode(projectCode); //check user access for project - Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode); + Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode,null); if (result.get(Constants.STATUS) != Status.SUCCESS) { return result; } diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/TaskDefinitionServiceImpl.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/TaskDefinitionServiceImpl.java index cd617958e0..0794030f22 100644 --- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/TaskDefinitionServiceImpl.java +++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/TaskDefinitionServiceImpl.java @@ -72,6 +72,8 @@ import com.baomidou.mybatisplus.core.metadata.IPage; import com.baomidou.mybatisplus.extension.plugins.pagination.Page; import com.google.common.collect.Lists; +import static org.apache.dolphinscheduler.api.constants.ApiFuncIdentificationConstant.*; + /** * task definition service impl */ @@ -120,7 +122,7 @@ public class TaskDefinitionServiceImpl extends BaseServiceImpl implements TaskDe String taskDefinitionJson) { Project project = projectMapper.queryByCode(projectCode); //check user access for project - Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode); + Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode, TASK_DEFINITION_CREATE); if (result.get(Constants.STATUS) != Status.SUCCESS) { return result; } @@ -174,7 +176,7 @@ public class TaskDefinitionServiceImpl extends BaseServiceImpl implements TaskDe String upstreamCodes) { Project project = projectMapper.queryByCode(projectCode); //check user access for project - Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode); + Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode,TASK_DEFINITION_CREATE); if (result.get(Constants.STATUS) != Status.SUCCESS) { return result; } @@ -276,7 +278,7 @@ public class TaskDefinitionServiceImpl extends BaseServiceImpl implements TaskDe public Map queryTaskDefinitionByName(User loginUser, long projectCode, String taskName) { Project project = projectMapper.queryByCode(projectCode); //check user access for project - Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode); + Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode,TASK_DEFINITION); if (result.get(Constants.STATUS) != Status.SUCCESS) { return result; } @@ -304,7 +306,7 @@ public class TaskDefinitionServiceImpl extends BaseServiceImpl implements TaskDe public Map deleteTaskDefinitionByCode(User loginUser, long projectCode, long taskCode) { Project project = projectMapper.queryByCode(projectCode); //check user access for project - Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode); + Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode,TASK_DEFINITION_DELETE); if (result.get(Constants.STATUS) != Status.SUCCESS) { return result; } @@ -400,7 +402,7 @@ public class TaskDefinitionServiceImpl extends BaseServiceImpl implements TaskDe private TaskDefinitionLog updateTask(User loginUser, long projectCode, long taskCode, String taskDefinitionJsonObj, Map result) { Project project = projectMapper.queryByCode(projectCode); //check user access for project - result.putAll(projectService.checkProjectAndAuth(loginUser, project, projectCode)); + result.putAll(projectService.checkProjectAndAuth(loginUser, project, projectCode,TASK_DEFINITION_UPDATE)); if (result.get(Constants.STATUS) != Status.SUCCESS) { return null; } @@ -547,7 +549,7 @@ public class TaskDefinitionServiceImpl extends BaseServiceImpl implements TaskDe public Map switchVersion(User loginUser, long projectCode, long taskCode, int version) { Project project = projectMapper.queryByCode(projectCode); //check user access for project - Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode); + Map result = projectService.checkProjectAndAuth(loginUser, project,projectCode,WORKFLOW_SWITCH_TO_THIS_VERSION); if (result.get(Constants.STATUS) != Status.SUCCESS) { return result; } @@ -589,7 +591,7 @@ public class TaskDefinitionServiceImpl extends BaseServiceImpl implements TaskDe Result result = new Result(); Project project = projectMapper.queryByCode(projectCode); // check user access for project - Map checkResult = projectService.checkProjectAndAuth(loginUser, project, projectCode); + Map checkResult = projectService.checkProjectAndAuth(loginUser, project, projectCode,TASK_VERSION_VIEW); Status resultStatus = (Status) checkResult.get(Constants.STATUS); if (resultStatus != Status.SUCCESS) { putMsg(result, resultStatus); @@ -611,7 +613,7 @@ public class TaskDefinitionServiceImpl extends BaseServiceImpl implements TaskDe public Map deleteByCodeAndVersion(User loginUser, long projectCode, long taskCode, int version) { Project project = projectMapper.queryByCode(projectCode); //check user access for project - Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode); + Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode,TASK_DEFINITION_DELETE); if (result.get(Constants.STATUS) != Status.SUCCESS) { return result; } @@ -638,7 +640,7 @@ public class TaskDefinitionServiceImpl extends BaseServiceImpl implements TaskDe public Map queryTaskDefinitionDetail(User loginUser, long projectCode, long taskCode) { Project project = projectMapper.queryByCode(projectCode); //check user access for project - Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode); + Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode,TASK_DEFINITION); if (result.get(Constants.STATUS) != Status.SUCCESS) { return result; } @@ -664,7 +666,7 @@ public class TaskDefinitionServiceImpl extends BaseServiceImpl implements TaskDe Result result = new Result(); Project project = projectMapper.queryByCode(projectCode); //check user access for project - Map checkResult = projectService.checkProjectAndAuth(loginUser, project, projectCode); + Map checkResult = projectService.checkProjectAndAuth(loginUser, project, projectCode,TASK_DEFINITION); Status resultStatus = (Status) checkResult.get(Constants.STATUS); if (resultStatus != Status.SUCCESS) { putMsg(result, resultStatus); @@ -741,7 +743,7 @@ public class TaskDefinitionServiceImpl extends BaseServiceImpl implements TaskDe public Map releaseTaskDefinition(User loginUser, long projectCode, long code, ReleaseState releaseState) { Project project = projectMapper.queryByCode(projectCode); //check user access for project - Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode); + Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode,null); Status resultStatus = (Status) result.get(Constants.STATUS); if (resultStatus != Status.SUCCESS) { return result; diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/TaskInstanceServiceImpl.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/TaskInstanceServiceImpl.java index cfcd95d88c..103612f3d7 100644 --- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/TaskInstanceServiceImpl.java +++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/TaskInstanceServiceImpl.java @@ -50,6 +50,9 @@ import org.springframework.stereotype.Service; import com.baomidou.mybatisplus.core.metadata.IPage; import com.baomidou.mybatisplus.extension.plugins.pagination.Page; +import static org.apache.dolphinscheduler.api.constants.ApiFuncIdentificationConstant.FORCED_SUCCESS; +import static org.apache.dolphinscheduler.api.constants.ApiFuncIdentificationConstant.TASK_INSTANCE; + /** * task instance service impl */ @@ -110,7 +113,7 @@ public class TaskInstanceServiceImpl extends BaseServiceImpl implements TaskInst Result result = new Result(); Project project = projectMapper.queryByCode(projectCode); //check user access for project - Map checkResult = projectService.checkProjectAndAuth(loginUser, project, projectCode); + Map checkResult = projectService.checkProjectAndAuth(loginUser, project, projectCode, TASK_INSTANCE); Status status = (Status) checkResult.get(Constants.STATUS); if (status != Status.SUCCESS) { putMsg(result,status); @@ -167,7 +170,7 @@ public class TaskInstanceServiceImpl extends BaseServiceImpl implements TaskInst public Map forceTaskSuccess(User loginUser, long projectCode, Integer taskInstanceId) { Project project = projectMapper.queryByCode(projectCode); //check user access for project - Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode); + Map result = projectService.checkProjectAndAuth(loginUser, project, projectCode,FORCED_SUCCESS); if (result.get(Constants.STATUS) != Status.SUCCESS) { return result; } diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/TenantServiceImpl.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/TenantServiceImpl.java index 6bb2870452..1c22b8afe7 100644 --- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/TenantServiceImpl.java +++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/TenantServiceImpl.java @@ -27,6 +27,7 @@ import org.apache.dolphinscheduler.api.utils.PageInfo; import org.apache.dolphinscheduler.api.utils.RegexUtils; import org.apache.dolphinscheduler.api.utils.Result; import org.apache.dolphinscheduler.common.Constants; +import org.apache.dolphinscheduler.common.enums.AuthorizationType; import org.apache.dolphinscheduler.common.storage.StorageOperate; import org.apache.dolphinscheduler.common.utils.PropertyUtils; import org.apache.dolphinscheduler.dao.entity.ProcessDefinition; @@ -45,6 +46,7 @@ import java.util.HashMap; import java.util.List; import java.util.Map; +import static org.apache.dolphinscheduler.api.constants.ApiFuncIdentificationConstant.*; import static org.apache.dolphinscheduler.common.Constants.TENANT_FULL_NAME_MAX_LENGTH; /** @@ -86,7 +88,8 @@ public class TenantServiceImpl extends BaseServiceImpl implements TenantService String desc) throws Exception { Map result = new HashMap<>(); result.put(Constants.STATUS, false); - if (isNotAdmin(loginUser, result)) { + if (!canOperatorPermissions(loginUser,null, AuthorizationType.TENANT, TENANT_CREATE)) { + putMsg(result, Status.USER_NO_OPERATION_PERM); return result; } @@ -140,7 +143,7 @@ public class TenantServiceImpl extends BaseServiceImpl implements TenantService public Result queryTenantList(User loginUser, String searchVal, Integer pageNo, Integer pageSize) { Result result = new Result<>(); - if (!isAdmin(loginUser)) { + if (!canOperatorPermissions(loginUser,null,AuthorizationType.TENANT,TENANT_MANAGER)) { putMsg(result, Status.USER_NO_OPERATION_PERM); return result; } @@ -173,7 +176,8 @@ public class TenantServiceImpl extends BaseServiceImpl implements TenantService Map result = new HashMap<>(); result.put(Constants.STATUS, false); - if (isNotAdmin(loginUser, result)) { + if (!canOperatorPermissions(loginUser,null, AuthorizationType.TENANT,TENANT_UPDATE)) { + putMsg(result, Status.USER_NO_OPERATION_PERM); return result; } @@ -231,7 +235,8 @@ public class TenantServiceImpl extends BaseServiceImpl implements TenantService public Map deleteTenantById(User loginUser, int id) throws Exception { Map result = new HashMap<>(); - if (isNotAdmin(loginUser, result)) { + if (!canOperatorPermissions(loginUser,null, AuthorizationType.TENANT,TENANT_DELETE)) { + putMsg(result, Status.USER_NO_OPERATION_PERM); return result; } @@ -286,7 +291,10 @@ public class TenantServiceImpl extends BaseServiceImpl implements TenantService public Map queryTenantList(User loginUser) { Map result = new HashMap<>(); - + if (!canOperatorPermissions(loginUser,null,AuthorizationType.TENANT,TENANT_MANAGER)) { + putMsg(result, Status.USER_NO_OPERATION_PERM); + return result; + } List resourceList = tenantMapper.selectList(null); result.put(Constants.DATA_LIST, resourceList); putMsg(result, Status.SUCCESS); diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UsersServiceImpl.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UsersServiceImpl.java index cfe6fb4e9f..00bf637eff 100644 --- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UsersServiceImpl.java +++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UsersServiceImpl.java @@ -29,6 +29,7 @@ import org.apache.dolphinscheduler.api.utils.CheckUtils; import org.apache.dolphinscheduler.api.utils.PageInfo; import org.apache.dolphinscheduler.api.utils.Result; import org.apache.dolphinscheduler.common.Constants; +import org.apache.dolphinscheduler.common.enums.AuthorizationType; import org.apache.dolphinscheduler.common.enums.Flag; import org.apache.dolphinscheduler.common.enums.UserType; import org.apache.dolphinscheduler.common.storage.StorageOperate; @@ -57,6 +58,7 @@ import org.apache.dolphinscheduler.dao.mapper.TenantMapper; import org.apache.dolphinscheduler.dao.mapper.UDFUserMapper; import org.apache.dolphinscheduler.dao.mapper.UserMapper; import org.apache.dolphinscheduler.dao.utils.ResourceProcessDefinitionUtils; +import org.apache.dolphinscheduler.service.permission.ResourcePermissionCheckService; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; @@ -76,6 +78,8 @@ import java.util.TimeZone; import java.util.Arrays; import java.util.stream.Collectors; +import static org.apache.dolphinscheduler.api.constants.ApiFuncIdentificationConstant.*; + /** * users service impl */ @@ -123,6 +127,9 @@ public class UsersServiceImpl extends BaseServiceImpl implements UsersService { @Autowired private K8sNamespaceUserMapper k8sNamespaceUserMapper; + @Autowired + private ResourcePermissionCheckService resourcePermissionCheckService; + /** * create user, only system admin have permission * @@ -151,11 +158,16 @@ public class UsersServiceImpl extends BaseServiceImpl implements UsersService { //check all user params String msg = this.checkUserParams(userName, userPassword, email, phone); + if(resourcePermissionCheckService.functionDisabled()){ + putMsg(result, Status.FUNCTION_DISABLED, msg); + return result; + } + if (!StringUtils.isEmpty(msg)) { putMsg(result, Status.REQUEST_PARAMS_NOT_VALID_ERROR, msg); return result; } - if (!isAdmin(loginUser)) { + if (!canOperatorPermissions(loginUser,null, AuthorizationType.USER,USERS_CREATE)) { putMsg(result, Status.USER_NO_OPERATION_PERM); return result; } @@ -322,10 +334,15 @@ public class UsersServiceImpl extends BaseServiceImpl implements UsersService { @Override public Result queryUserList(User loginUser, String searchVal, Integer pageNo, Integer pageSize) { Result result = new Result<>(); - if (!isAdmin(loginUser)) { + + if (!canOperatorPermissions(loginUser,null,AuthorizationType.USER,USER_MANAGER)) { putMsg(result, Status.USER_NO_OPERATION_PERM); return result; } + if(resourcePermissionCheckService.functionDisabled()){ + putMsg(result, Status.FUNCTION_DISABLED); + return result; + } Page page = new Page<>(pageNo, pageSize); @@ -368,7 +385,12 @@ public class UsersServiceImpl extends BaseServiceImpl implements UsersService { Map result = new HashMap<>(); result.put(Constants.STATUS, false); - if (check(result, !canOperator(loginUser, userId), Status.USER_NO_OPERATION_PERM)) { + if(resourcePermissionCheckService.functionDisabled()){ + putMsg(result, Status.FUNCTION_DISABLED); + return result; + } + + if (check(result, !canOperatorPermissions(loginUser,null,AuthorizationType.USER,USER_UPDATE), Status.USER_NO_OPERATION_PERM)) { return result; } User user = userMapper.selectById(userId); @@ -505,8 +527,14 @@ public class UsersServiceImpl extends BaseServiceImpl implements UsersService { @Transactional(rollbackFor = RuntimeException.class) public Map deleteUserById(User loginUser, int id) throws IOException { Map result = new HashMap<>(); + + if(resourcePermissionCheckService.functionDisabled()){ + putMsg(result, Status.FUNCTION_DISABLED); + return result; + } + //only admin can operate - if (!isAdmin(loginUser)) { + if (!canOperatorPermissions(loginUser,null,AuthorizationType.USER,USER_DELETE)) { putMsg(result, Status.USER_NO_OPERATION_PERM, id); return result; } @@ -550,6 +578,11 @@ public class UsersServiceImpl extends BaseServiceImpl implements UsersService { Map result = new HashMap<>(); result.put(Constants.STATUS, false); + if(resourcePermissionCheckService.functionDisabled()){ + putMsg(result, Status.FUNCTION_DISABLED); + return result; + } + //check exist User tempUser = userMapper.selectById(userId); if (tempUser == null) { @@ -590,6 +623,11 @@ public class UsersServiceImpl extends BaseServiceImpl implements UsersService { Map result = new HashMap<>(); result.put(Constants.STATUS, false); + if(resourcePermissionCheckService.functionDisabled()){ + putMsg(result, Status.FUNCTION_DISABLED); + return result; + } + // 1. check if user is existed User tempUser = this.userMapper.selectById(userId); if (tempUser == null) { @@ -605,7 +643,7 @@ public class UsersServiceImpl extends BaseServiceImpl implements UsersService { } // 3. only project owner can operate - if (!this.canOperator(loginUser, project.getUserId())) { + if (!this.canOperatorPermissions(loginUser,new Object[]{project.getId()},AuthorizationType.USER,null)) { this.putMsg(result, Status.USER_NO_OPERATION_PERM); return result; } @@ -640,8 +678,12 @@ public class UsersServiceImpl extends BaseServiceImpl implements UsersService { Map result = new HashMap<>(); result.put(Constants.STATUS, false); + if(resourcePermissionCheckService.functionDisabled()){ + putMsg(result, Status.FUNCTION_DISABLED); + return result; + } // 1. only admin can operate - if (this.check(result, !this.isAdmin(loginUser), Status.USER_NO_OPERATION_PERM)) { + if (this.check(result, !this.canOperatorPermissions(loginUser,null,AuthorizationType.USER,null), Status.USER_NO_OPERATION_PERM)) { return result; } @@ -678,6 +720,10 @@ public class UsersServiceImpl extends BaseServiceImpl implements UsersService { public Map grantResources(User loginUser, int userId, String resourceIds) { Map result = new HashMap<>(); + if(resourcePermissionCheckService.functionDisabled()){ + putMsg(result, Status.FUNCTION_DISABLED); + return result; + } User user = userMapper.selectById(userId); if (user == null) { putMsg(result, Status.USER_NOT_EXIST, userId); @@ -772,6 +818,10 @@ public class UsersServiceImpl extends BaseServiceImpl implements UsersService { public Map grantUDFFunction(User loginUser, int userId, String udfIds) { Map result = new HashMap<>(); + if(resourcePermissionCheckService.functionDisabled()){ + putMsg(result, Status.FUNCTION_DISABLED); + return result; + } User user = userMapper.selectById(userId); if (user == null) { putMsg(result, Status.USER_NOT_EXIST, userId); @@ -816,9 +866,12 @@ public class UsersServiceImpl extends BaseServiceImpl implements UsersService { public Map grantNamespaces(User loginUser, int userId, String namespaceIds) { Map result = new HashMap<>(); result.put(Constants.STATUS, false); - + if(resourcePermissionCheckService.functionDisabled()){ + putMsg(result, Status.FUNCTION_DISABLED); + return result; + } //only admin can operate - if (check(result, !isAdmin(loginUser), Status.USER_NO_OPERATION_PERM)) { + if (check(result, !canOperatorPermissions(loginUser,null,AuthorizationType.USER, null), Status.USER_NO_OPERATION_PERM)) { return result; } @@ -864,6 +917,10 @@ public class UsersServiceImpl extends BaseServiceImpl implements UsersService { Map result = new HashMap<>(); result.put(Constants.STATUS, false); + if(resourcePermissionCheckService.functionDisabled()){ + putMsg(result, Status.FUNCTION_DISABLED); + return result; + } User user = userMapper.selectById(userId); if (user == null) { putMsg(result, Status.USER_NOT_EXIST, userId); @@ -906,8 +963,12 @@ public class UsersServiceImpl extends BaseServiceImpl implements UsersService { Map result = new HashMap<>(); + if(resourcePermissionCheckService.functionDisabled()){ + putMsg(result, Status.FUNCTION_DISABLED); + return result; + } User user = null; - if (loginUser.getUserType() == UserType.ADMIN_USER) { + if (canOperatorPermissions(loginUser,null,AuthorizationType.USER,USER_MANAGER)) { user = loginUser; } else { user = userMapper.queryDetailsById(loginUser.getId()); @@ -945,8 +1006,12 @@ public class UsersServiceImpl extends BaseServiceImpl implements UsersService { @Override public Map queryAllGeneralUsers(User loginUser) { Map result = new HashMap<>(); + if(resourcePermissionCheckService.functionDisabled()){ + putMsg(result, Status.FUNCTION_DISABLED); + return result; + } //only admin can operate - if (check(result, !isAdmin(loginUser), Status.USER_NO_OPERATION_PERM)) { + if (check(result, !canOperatorPermissions(loginUser,null,AuthorizationType.USER,USER_MANAGER), Status.USER_NO_OPERATION_PERM)) { return result; } @@ -966,8 +1031,12 @@ public class UsersServiceImpl extends BaseServiceImpl implements UsersService { @Override public Map queryUserList(User loginUser) { Map result = new HashMap<>(); + if(resourcePermissionCheckService.functionDisabled()){ + putMsg(result, Status.FUNCTION_DISABLED); + return result; + } //only admin can operate - if (check(result, !isAdmin(loginUser), Status.USER_NO_OPERATION_PERM)) { + if (check(result, !canOperatorPermissions(loginUser,null,AuthorizationType.USER,USER_MANAGER), Status.USER_NO_OPERATION_PERM)) { return result; } @@ -1009,8 +1078,12 @@ public class UsersServiceImpl extends BaseServiceImpl implements UsersService { public Map unauthorizedUser(User loginUser, Integer alertgroupId) { Map result = new HashMap<>(); + if(resourcePermissionCheckService.functionDisabled()){ + putMsg(result, Status.FUNCTION_DISABLED); + return result; + } //only admin can operate - if (check(result, !isAdmin(loginUser), Status.USER_NO_OPERATION_PERM)) { + if (check(result, !canOperatorPermissions(loginUser,null,AuthorizationType.USER,null), Status.USER_NO_OPERATION_PERM)) { return result; } @@ -1045,8 +1118,12 @@ public class UsersServiceImpl extends BaseServiceImpl implements UsersService { @Override public Map authorizedUser(User loginUser, Integer alertGroupId) { Map result = new HashMap<>(); + if(resourcePermissionCheckService.functionDisabled()){ + putMsg(result, Status.FUNCTION_DISABLED); + return result; + } //only admin can operate - if (check(result, !isAdmin(loginUser), Status.USER_NO_OPERATION_PERM)) { + if (check(result, !canOperatorPermissions(loginUser,null,AuthorizationType.USER,null), Status.USER_NO_OPERATION_PERM)) { return result; } List userList = userMapper.queryUserListByAlertGroupId(alertGroupId); @@ -1148,7 +1225,10 @@ public class UsersServiceImpl extends BaseServiceImpl implements UsersService { //check user params String msg = this.checkUserParams(userName, userPassword, email, ""); - + if(resourcePermissionCheckService.functionDisabled()){ + putMsg(result, Status.FUNCTION_DISABLED); + return result; + } if (!StringUtils.isEmpty(msg)) { putMsg(result, Status.REQUEST_PARAMS_NOT_VALID_ERROR, msg); return result; @@ -1175,8 +1255,11 @@ public class UsersServiceImpl extends BaseServiceImpl implements UsersService { public Map activateUser(User loginUser, String userName) { Map result = new HashMap<>(); result.put(Constants.STATUS, false); - - if (!isAdmin(loginUser)) { + if(resourcePermissionCheckService.functionDisabled()){ + putMsg(result, Status.FUNCTION_DISABLED); + return result; + } + if (!canOperatorPermissions(loginUser,null,AuthorizationType.USER,null)) { putMsg(result, Status.USER_NO_OPERATION_PERM); return result; } @@ -1220,7 +1303,11 @@ public class UsersServiceImpl extends BaseServiceImpl implements UsersService { public Map batchActivateUser(User loginUser, List userNames) { Map result = new HashMap<>(); - if (!isAdmin(loginUser)) { + if(resourcePermissionCheckService.functionDisabled()){ + putMsg(result, Status.FUNCTION_DISABLED); + return result; + } + if (!canOperatorPermissions(loginUser,null,AuthorizationType.USER,null)) { putMsg(result, Status.USER_NO_OPERATION_PERM); return result; } diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/WorkerGroupServiceImpl.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/WorkerGroupServiceImpl.java index 540ec1b2ca..32c4d81ed9 100644 --- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/WorkerGroupServiceImpl.java +++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/WorkerGroupServiceImpl.java @@ -22,6 +22,7 @@ import org.apache.dolphinscheduler.api.service.WorkerGroupService; import org.apache.dolphinscheduler.api.utils.PageInfo; import org.apache.dolphinscheduler.api.utils.Result; import org.apache.dolphinscheduler.common.Constants; +import org.apache.dolphinscheduler.common.enums.AuthorizationType; import org.apache.dolphinscheduler.common.enums.NodeType; import org.apache.dolphinscheduler.dao.entity.ProcessInstance; import org.apache.dolphinscheduler.dao.entity.User; @@ -50,6 +51,8 @@ import org.springframework.transaction.annotation.Transactional; import com.facebook.presto.jdbc.internal.guava.base.Strings; +import static org.apache.dolphinscheduler.api.constants.ApiFuncIdentificationConstant.*; + /** * worker group service impl */ @@ -79,7 +82,8 @@ public class WorkerGroupServiceImpl extends BaseServiceImpl implements WorkerGro @Override public Map saveWorkerGroup(User loginUser, int id, String name, String addrList) { Map result = new HashMap<>(); - if (isNotAdmin(loginUser, result)) { + if (!canOperatorPermissions(loginUser,null, AuthorizationType.WORKER_GROUP, WORKER_GROUP_CREATE)) { + putMsg(result, Status.USER_NO_OPERATION_PERM); return result; } if (StringUtils.isEmpty(name)) { @@ -182,7 +186,7 @@ public class WorkerGroupServiceImpl extends BaseServiceImpl implements WorkerGro int toIndex = (pageNo - 1) * pageSize + pageSize; Result result = new Result(); - if (!isAdmin(loginUser)) { + if (!canOperatorPermissions(loginUser,null,AuthorizationType.WORKER_GROUP,WORKER_GROUP_MANAGE)) { putMsg(result,Status.USER_NO_OPERATION_PERM); return result; } @@ -306,7 +310,8 @@ public class WorkerGroupServiceImpl extends BaseServiceImpl implements WorkerGro @Transactional(rollbackFor = Exception.class) public Map deleteWorkerGroupById(User loginUser, Integer id) { Map result = new HashMap<>(); - if (isNotAdmin(loginUser, result)) { + if (!canOperatorPermissions(loginUser,null, AuthorizationType.WORKER_GROUP,WORKER_GROUP_DELETE)) { + putMsg(result, Status.USER_NO_OPERATION_PERM); return result; } WorkerGroup workerGroup = workerGroupMapper.selectById(id); diff --git a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/controller/ProcessDefinitionControllerTest.java b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/controller/ProcessDefinitionControllerTest.java index 398111fa8d..8ef3cd9740 100644 --- a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/controller/ProcessDefinitionControllerTest.java +++ b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/controller/ProcessDefinitionControllerTest.java @@ -48,6 +48,8 @@ import org.mockito.Mockito; import org.mockito.junit.MockitoJUnitRunner; import org.springframework.mock.web.MockHttpServletResponse; +import static org.apache.dolphinscheduler.api.constants.ApiFuncIdentificationConstant.WORKFLOW_TREE_VIEW; + /** * process definition controller test */ @@ -337,10 +339,11 @@ public class ProcessDefinitionControllerTest { long projectCode = 1L; int processId = 1; int limit = 2; + User user = new User(); Map result = new HashMap<>(); putMsg(result, Status.SUCCESS); - Mockito.when(processDefinitionService.viewTree(projectCode, processId, limit)).thenReturn(result); + Mockito.when(processDefinitionService.viewTree(user,projectCode, processId, limit)).thenReturn(result); Result response = processDefinitionController.viewTree(user, projectCode, processId, limit); Assert.assertTrue(response != null && response.isSuccess()); diff --git a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/AccessTokenServiceTest.java b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/AccessTokenServiceTest.java index a9276a5f40..3d795c5823 100644 --- a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/AccessTokenServiceTest.java +++ b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/AccessTokenServiceTest.java @@ -17,15 +17,18 @@ package org.apache.dolphinscheduler.api.service; +import static org.apache.dolphinscheduler.api.constants.ApiFuncIdentificationConstant.*; import static org.mockito.ArgumentMatchers.any; import static org.mockito.ArgumentMatchers.eq; import static org.mockito.Mockito.when; import org.apache.dolphinscheduler.api.enums.Status; import org.apache.dolphinscheduler.api.service.impl.AccessTokenServiceImpl; +import org.apache.dolphinscheduler.api.service.impl.BaseServiceImpl; import org.apache.dolphinscheduler.api.utils.PageInfo; import org.apache.dolphinscheduler.api.utils.Result; import org.apache.dolphinscheduler.common.Constants; +import org.apache.dolphinscheduler.common.enums.AuthorizationType; import org.apache.dolphinscheduler.common.enums.UserType; import org.apache.dolphinscheduler.common.utils.DateUtils; import org.apache.dolphinscheduler.dao.entity.AccessToken; @@ -38,6 +41,7 @@ import java.util.Date; import java.util.List; import java.util.Map; +import org.apache.dolphinscheduler.service.permission.ResourcePermissionCheckService; import org.assertj.core.util.Lists; import org.junit.Assert; import org.junit.Test; @@ -57,7 +61,7 @@ import com.baomidou.mybatisplus.extension.plugins.pagination.Page; */ @RunWith(MockitoJUnitRunner.class) public class AccessTokenServiceTest { - + private static final Logger baseServiceLogger = LoggerFactory.getLogger(BaseServiceImpl.class); private static final Logger logger = LoggerFactory.getLogger(AccessTokenServiceTest.class); @InjectMocks @@ -66,15 +70,22 @@ public class AccessTokenServiceTest { @Mock private AccessTokenMapper accessTokenMapper; + @Mock + private ResourcePermissionCheckService resourcePermissionCheckService; + @Test @SuppressWarnings("unchecked") public void testQueryAccessTokenList() { IPage tokenPage = new Page<>(); tokenPage.setRecords(getList()); tokenPage.setTotal(1L); + User user = new User(); + user.setId(1); + user.setUserType(UserType.ADMIN_USER); + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.ACCESS_TOKEN, 1, ACCESS_TOKEN_MANAGE, baseServiceLogger)).thenReturn(true); + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.ACCESS_TOKEN, null, 0, baseServiceLogger)).thenReturn(true); when(accessTokenMapper.selectAccessTokenPage(any(Page.class), eq("zhangsan"), eq(0))).thenReturn(tokenPage); - User user = new User(); Result result = accessTokenService.queryAccessTokenList(user, "zhangsan", 1, 10); PageInfo pageInfo = (PageInfo) result.getData(); logger.info(result.toString()); @@ -89,12 +100,14 @@ public class AccessTokenServiceTest { // USER_NO_OPERATION_PERM User user = this.getLoginUser(); user.setUserType(UserType.GENERAL_USER); + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.ACCESS_TOKEN, user.getId(), ACCESS_TOKEN_MANAGE, baseServiceLogger)).thenReturn(true); Map result = this.accessTokenService.queryAccessTokenByUser(user, 1); logger.info(result.toString()); Assert.assertEquals(Status.USER_NO_OPERATION_PERM, result.get(Constants.STATUS)); // SUCCESS user.setUserType(UserType.ADMIN_USER); + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.ACCESS_TOKEN, null, 0, baseServiceLogger)).thenReturn(true); result = this.accessTokenService.queryAccessTokenByUser(user, 1); logger.info(result.toString()); Assert.assertEquals(Status.SUCCESS, result.get(Constants.STATUS)); @@ -116,7 +129,11 @@ public class AccessTokenServiceTest { @Test public void testGenerateToken() { - + User user = new User(); + user.setId(1); + user.setUserType(UserType.ADMIN_USER); + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.ACCESS_TOKEN, 1, ACCESS_TOKEN_CREATE, baseServiceLogger)).thenReturn(true); + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.ACCESS_TOKEN, null, 0, baseServiceLogger)).thenReturn(true); Map result = accessTokenService.generateToken(getLoginUser(), Integer.MAX_VALUE,getDate()); logger.info(result.toString()); Assert.assertEquals(Status.SUCCESS, result.get(Constants.STATUS)); @@ -129,6 +146,9 @@ public class AccessTokenServiceTest { when(accessTokenMapper.selectById(1)).thenReturn(getEntity()); User userLogin = new User(); + userLogin.setId(1); + userLogin.setUserType(UserType.ADMIN_USER); + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.ACCESS_TOKEN, 1, ACCESS_TOKEN_DELETE, baseServiceLogger)).thenReturn(true); // not exist Map result = accessTokenService.delAccessTokenById(userLogin, 0); logger.info(result.toString()); @@ -140,6 +160,7 @@ public class AccessTokenServiceTest { //success userLogin.setId(1); userLogin.setUserType(UserType.ADMIN_USER); + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.ACCESS_TOKEN, new Object[]{1}, 0, baseServiceLogger)).thenReturn(true); result = accessTokenService.delAccessTokenById(userLogin, 1); logger.info(result.toString()); Assert.assertEquals(Status.SUCCESS, result.get(Constants.STATUS)); @@ -147,6 +168,11 @@ public class AccessTokenServiceTest { @Test public void testUpdateToken() { + User user = new User(); + user.setId(1); + user.setUserType(UserType.ADMIN_USER); + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.ACCESS_TOKEN, 1, ACCESS_TOKEN_UPDATE, baseServiceLogger)).thenReturn(true); + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.ACCESS_TOKEN, new Object[]{1}, 0, baseServiceLogger)).thenReturn(true); // Given Token when(accessTokenMapper.selectById(1)).thenReturn(getEntity()); Map result = accessTokenService.updateToken(getLoginUser(), 1,Integer.MAX_VALUE,getDate(),"token"); @@ -161,6 +187,7 @@ public class AccessTokenServiceTest { Assert.assertNotNull(result.get(Constants.DATA_LIST)); // ACCESS_TOKEN_NOT_EXIST + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.ACCESS_TOKEN, new Object[]{2}, 0, baseServiceLogger)).thenReturn(true); result = accessTokenService.updateToken(getLoginUser(), 2,Integer.MAX_VALUE,getDate(),"token"); logger.info(result.toString()); Assert.assertEquals(Status.ACCESS_TOKEN_NOT_EXIST, result.get(Constants.STATUS)); diff --git a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/AlertGroupServiceTest.java b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/AlertGroupServiceTest.java index b78e32995c..bf40774e2f 100644 --- a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/AlertGroupServiceTest.java +++ b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/AlertGroupServiceTest.java @@ -17,14 +17,17 @@ package org.apache.dolphinscheduler.api.service; +import static org.apache.dolphinscheduler.api.constants.ApiFuncIdentificationConstant.*; import static org.mockito.ArgumentMatchers.any; import static org.mockito.ArgumentMatchers.eq; import org.apache.dolphinscheduler.api.enums.Status; import org.apache.dolphinscheduler.api.service.impl.AlertGroupServiceImpl; +import org.apache.dolphinscheduler.api.service.impl.BaseServiceImpl; import org.apache.dolphinscheduler.api.utils.PageInfo; import org.apache.dolphinscheduler.api.utils.Result; import org.apache.dolphinscheduler.common.Constants; +import org.apache.dolphinscheduler.common.enums.AuthorizationType; import org.apache.dolphinscheduler.common.enums.UserType; import org.apache.dolphinscheduler.dao.entity.AlertGroup; import org.apache.dolphinscheduler.dao.entity.User; @@ -36,12 +39,14 @@ import java.util.ArrayList; import java.util.List; import java.util.Map; +import org.apache.dolphinscheduler.service.permission.ResourcePermissionCheckService; import org.junit.Assert; import org.junit.Test; import org.junit.runner.RunWith; import org.mockito.InjectMocks; import org.mockito.Mock; import org.mockito.Mockito; +import org.mockito.Spy; import org.mockito.junit.MockitoJUnitRunner; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -55,7 +60,7 @@ import com.baomidou.mybatisplus.extension.plugins.pagination.Page; */ @RunWith(MockitoJUnitRunner.class) public class AlertGroupServiceTest { - + private static final Logger baseServiceLogger = LoggerFactory.getLogger(BaseServiceImpl.class); private static final Logger logger = LoggerFactory.getLogger(AlertGroupServiceTest.class); @InjectMocks @@ -66,6 +71,12 @@ public class AlertGroupServiceTest { private String groupName = "AlertGroupServiceTest"; + @InjectMocks + BaseServiceImpl baseService; + + @Spy + private ResourcePermissionCheckService resourcePermissionCheckService; + @Test public void testQueryAlertGroup() { @@ -84,11 +95,16 @@ public class AlertGroupServiceTest { Mockito.when(alertGroupMapper.queryAlertGroupPage(any(Page.class), eq(groupName))).thenReturn(page); User user = new User(); // no operate + user.setUserType(UserType.GENERAL_USER); + user.setId(88); Result result = alertGroupService.listPaging(user, groupName, 1, 10); logger.info(result.toString()); Assert.assertEquals(Status.USER_NO_OPERATION_PERM.getCode(), (int) result.getCode()); //success user.setUserType(UserType.ADMIN_USER); + user.setId(1); + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.ALERT_GROUP, 1, ALERT_GROUP_VIEW, baseServiceLogger)).thenReturn(true); + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.ALERT_GROUP, null, 0, baseServiceLogger)).thenReturn(true); result = alertGroupService.listPaging(user, groupName, 1, 10); logger.info(result.toString()); PageInfo pageInfo = (PageInfo) result.getData(); @@ -102,11 +118,15 @@ public class AlertGroupServiceTest { Mockito.when(alertGroupMapper.insert(any(AlertGroup.class))).thenReturn(2); User user = new User(); //no operate + user.setUserType(UserType.GENERAL_USER); Map result = alertGroupService.createAlertgroup(user, groupName, groupName, null); logger.info(result.toString()); Assert.assertEquals(Status.USER_NO_OPERATION_PERM, result.get(Constants.STATUS)); user.setUserType(UserType.ADMIN_USER); + user.setId(1); //success + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.ALERT_GROUP, 1, ALERT_GROUP_CREATE, baseServiceLogger)).thenReturn(true); + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.ALERT_GROUP, null, 0, baseServiceLogger)).thenReturn(true); result = alertGroupService.createAlertgroup(user, groupName, groupName, null); logger.info(result.toString()); Assert.assertEquals(Status.SUCCESS, result.get(Constants.STATUS)); @@ -119,6 +139,9 @@ public class AlertGroupServiceTest { Mockito.when(alertGroupMapper.insert(any(AlertGroup.class))).thenThrow(new DuplicateKeyException("group name exist")); User user = new User(); user.setUserType(UserType.ADMIN_USER); + user.setId(1); + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.ALERT_GROUP, 1, ALERT_GROUP_CREATE, baseServiceLogger)).thenReturn(true); + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.ALERT_GROUP, null, 0, baseServiceLogger)).thenReturn(true); Map result = alertGroupService.createAlertgroup(user, groupName, groupName, null); logger.info(result.toString()); Assert.assertEquals(Status.ALERT_GROUP_EXIST, result.get(Constants.STATUS)); @@ -129,15 +152,20 @@ public class AlertGroupServiceTest { User user = new User(); // no operate + user.setUserType(UserType.GENERAL_USER); Map result = alertGroupService.updateAlertgroup(user, 1, groupName, groupName, null); logger.info(result.toString()); Assert.assertEquals(Status.USER_NO_OPERATION_PERM, result.get(Constants.STATUS)); user.setUserType(UserType.ADMIN_USER); // not exist + user.setUserType(UserType.ADMIN_USER); + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.ALERT_GROUP, user.getId(), ALERT_GROUP_UPDATE, baseServiceLogger)).thenReturn(true); + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.ALERT_GROUP, new Object[]{1}, 0, baseServiceLogger)).thenReturn(true); result = alertGroupService.updateAlertgroup(user, 1, groupName, groupName, null); logger.info(result.toString()); Assert.assertEquals(Status.ALERT_GROUP_NOT_EXIST, result.get(Constants.STATUS)); //success + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.ALERT_GROUP, new Object[]{2}, user.getId(), baseServiceLogger)).thenReturn(true); Mockito.when(alertGroupMapper.selectById(2)).thenReturn(getEntity()); result = alertGroupService.updateAlertgroup(user, 2, groupName, groupName, null); logger.info(result.toString()); @@ -149,6 +177,8 @@ public class AlertGroupServiceTest { public void testUpdateAlertgroupDuplicate() { User user = new User(); user.setUserType(UserType.ADMIN_USER); + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.ALERT_GROUP, user.getId(), ALERT_GROUP_UPDATE, baseServiceLogger)).thenReturn(true); + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.ALERT_GROUP, new Object[]{2}, user.getId(), baseServiceLogger)).thenReturn(true); Mockito.when(alertGroupMapper.selectById(2)).thenReturn(getEntity()); Mockito.when(alertGroupMapper.updateById(Mockito.any())).thenThrow(new DuplicateKeyException("group name exist")); Map result = alertGroupService.updateAlertgroup(user, 2, groupName, groupName, null); @@ -160,15 +190,22 @@ public class AlertGroupServiceTest { User user = new User(); // no operate + user.setUserType(UserType.GENERAL_USER); + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.ALERT_GROUP, user.getId(),ALERT_GROUP_DELETE, baseServiceLogger)).thenReturn(true); Map result = alertGroupService.delAlertgroupById(user, 1); logger.info(result.toString()); Assert.assertEquals(Status.USER_NO_OPERATION_PERM, result.get(Constants.STATUS)); - user.setUserType(UserType.ADMIN_USER); + // not exist + user.setUserType(UserType.ADMIN_USER); + user.setId(1); + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.ALERT_GROUP, user.getId(), ALERT_GROUP_DELETE, baseServiceLogger)).thenReturn(true); + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.ALERT_GROUP, new Object[]{2}, 0, baseServiceLogger)).thenReturn(true); result = alertGroupService.delAlertgroupById(user, 2); logger.info(result.toString()); Assert.assertEquals(Status.ALERT_GROUP_NOT_EXIST, result.get(Constants.STATUS)); //success + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.ALERT_GROUP, new Object[]{2}, 0, baseServiceLogger)).thenReturn(true); Mockito.when(alertGroupMapper.selectById(2)).thenReturn(getEntity()); result = alertGroupService.delAlertgroupById(user, 2); logger.info(result.toString()); diff --git a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/AlertPluginInstanceServiceTest.java b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/AlertPluginInstanceServiceTest.java index bb36487a85..3366a4b59f 100644 --- a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/AlertPluginInstanceServiceTest.java +++ b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/AlertPluginInstanceServiceTest.java @@ -19,7 +19,9 @@ package org.apache.dolphinscheduler.api.service; import org.apache.dolphinscheduler.api.enums.Status; import org.apache.dolphinscheduler.api.service.impl.AlertPluginInstanceServiceImpl; +import org.apache.dolphinscheduler.api.service.impl.BaseServiceImpl; import org.apache.dolphinscheduler.common.Constants; +import org.apache.dolphinscheduler.common.enums.AuthorizationType; import org.apache.dolphinscheduler.common.enums.UserType; import org.apache.dolphinscheduler.dao.entity.AlertPluginInstance; import org.apache.dolphinscheduler.dao.entity.PluginDefine; @@ -34,6 +36,7 @@ import java.util.Collections; import java.util.List; import java.util.Map; +import org.apache.dolphinscheduler.service.permission.ResourcePermissionCheckService; import org.junit.Assert; import org.junit.Before; import org.junit.Test; @@ -42,16 +45,24 @@ import org.mockito.InjectMocks; import org.mockito.Mock; import org.mockito.Mockito; import org.mockito.junit.MockitoJUnitRunner; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import static org.apache.dolphinscheduler.api.constants.ApiFuncIdentificationConstant.*; /** * alert plugin instance service test */ @RunWith(MockitoJUnitRunner.class) public class AlertPluginInstanceServiceTest { + private static final Logger baseServiceLogger = LoggerFactory.getLogger(BaseServiceImpl.class); @InjectMocks AlertPluginInstanceServiceImpl alertPluginInstanceService; + @Mock + private ResourcePermissionCheckService resourcePermissionCheckService; + @Mock private AlertPluginInstanceMapper alertPluginInstanceMapper; @@ -158,6 +169,8 @@ public class AlertPluginInstanceServiceTest { @Test public void testCreate() { Mockito.when(alertPluginInstanceMapper.existInstanceName("test")).thenReturn(true); + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.ALERT_PLUGIN_INSTANCE, 1, ALART_INSTANCE_CREATE, baseServiceLogger)).thenReturn(true); + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.ALERT_PLUGIN_INSTANCE, null, 0, baseServiceLogger)).thenReturn(true); Map result = alertPluginInstanceService.create(user, 1, "test", uiParams); Assert.assertEquals(Status.PLUGIN_INSTANCE_ALREADY_EXIT, result.get(Constants.STATUS)); Mockito.when(alertPluginInstanceMapper.insert(Mockito.any())).thenReturn(1); @@ -170,6 +183,8 @@ public class AlertPluginInstanceServiceTest { public void testDelete() { List ids = Arrays.asList("11,2,3", null, "98,1"); Mockito.when(alertGroupMapper.queryInstanceIdsList()).thenReturn(ids); + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.ALERT_PLUGIN_INSTANCE, 1, ALERT_PLUGIN_DELETE, baseServiceLogger)).thenReturn(true); + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.ALERT_PLUGIN_INSTANCE, null, 0, baseServiceLogger)).thenReturn(true); Map result = alertPluginInstanceService.delete(user, 1); Assert.assertEquals(Status.DELETE_ALERT_PLUGIN_INSTANCE_ERROR_HAS_ALERT_GROUP_ASSOCIATED, result.get(Constants.STATUS)); Mockito.when(alertPluginInstanceMapper.deleteById(9)).thenReturn(1); @@ -181,6 +196,8 @@ public class AlertPluginInstanceServiceTest { @Test public void testUpdate() { Mockito.when(alertPluginInstanceMapper.updateById(Mockito.any())).thenReturn(0); + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.ALERT_PLUGIN_INSTANCE, 1, ALERT_PLUGIN_UPDATE, baseServiceLogger)).thenReturn(true); + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.ALERT_PLUGIN_INSTANCE, null, 0, baseServiceLogger)).thenReturn(true); Map result = alertPluginInstanceService.update(user, 1, "testUpdate", uiParams); Assert.assertEquals(Status.SAVE_ERROR, result.get(Constants.STATUS)); Mockito.when(alertPluginInstanceMapper.updateById(Mockito.any())).thenReturn(1); diff --git a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/DataAnalysisServiceTest.java b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/DataAnalysisServiceTest.java index bb6994f800..b189adb7d7 100644 --- a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/DataAnalysisServiceTest.java +++ b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/DataAnalysisServiceTest.java @@ -17,6 +17,7 @@ package org.apache.dolphinscheduler.api.service; +import static org.apache.dolphinscheduler.api.constants.ApiFuncIdentificationConstant.PROJECT_OVERVIEW; import static org.assertj.core.api.Assertions.assertThat; import static org.mockito.ArgumentMatchers.any; import static org.mockito.ArgumentMatchers.anyInt; @@ -24,8 +25,10 @@ import static org.mockito.ArgumentMatchers.anyLong; import org.apache.dolphinscheduler.api.dto.CommandStateCount; import org.apache.dolphinscheduler.api.enums.Status; +import org.apache.dolphinscheduler.api.service.impl.BaseServiceImpl; import org.apache.dolphinscheduler.api.service.impl.DataAnalysisServiceImpl; import org.apache.dolphinscheduler.common.Constants; +import org.apache.dolphinscheduler.common.enums.AuthorizationType; import org.apache.dolphinscheduler.common.enums.CommandType; import org.apache.dolphinscheduler.common.enums.UserType; import org.apache.dolphinscheduler.common.utils.DateUtils; @@ -41,6 +44,7 @@ import org.apache.dolphinscheduler.dao.mapper.ProcessInstanceMapper; import org.apache.dolphinscheduler.dao.mapper.ProjectMapper; import org.apache.dolphinscheduler.dao.mapper.TaskInstanceMapper; import org.apache.dolphinscheduler.plugin.task.api.enums.ExecutionStatus; +import org.apache.dolphinscheduler.service.permission.ResourcePermissionCheckService; import org.apache.dolphinscheduler.service.process.ProcessService; import java.text.MessageFormat; @@ -60,6 +64,8 @@ import org.mockito.Mock; import org.mockito.Mockito; import org.powermock.api.mockito.PowerMockito; import org.powermock.modules.junit4.PowerMockRunner; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; /** * data analysis service test @@ -67,6 +73,8 @@ import org.powermock.modules.junit4.PowerMockRunner; @RunWith(PowerMockRunner.class) public class DataAnalysisServiceTest { + private static final Logger baseServiceLogger = LoggerFactory.getLogger(BaseServiceImpl.class); + @InjectMocks private DataAnalysisServiceImpl dataAnalysisServiceImpl; @@ -94,6 +102,9 @@ public class DataAnalysisServiceTest { @Mock ProcessService processService; + @Mock + private ResourcePermissionCheckService resourcePermissionCheckService; + private Map resultMap; private User user; @@ -107,7 +118,7 @@ public class DataAnalysisServiceTest { project.setName("test"); resultMap = new HashMap<>(); Mockito.when(projectMapper.selectById(1)).thenReturn(project); - Mockito.when(projectService.hasProjectAndPerm(user, project, resultMap)).thenReturn(true); + Mockito.when(projectService.hasProjectAndPerm(user, project, resultMap,PROJECT_OVERVIEW)).thenReturn(true); Mockito.when(projectMapper.queryByCode(1L)).thenReturn(project); } @@ -126,14 +137,14 @@ public class DataAnalysisServiceTest { Map result = new HashMap<>(); putMsg(result, Status.SUCCESS, null); - Mockito.when(projectService.checkProjectAndAuth(any(), any(), anyLong())).thenReturn(result); + Mockito.when(projectService.checkProjectAndAuth(any(), any(), anyLong(), any())).thenReturn(result); Mockito.when(projectMapper.queryByCode(1L)).thenReturn(getProject("test")); //SUCCESS Mockito.when(taskInstanceMapper.countTaskInstanceStateByProjectCodes(DateUtils.getScheduleDate(startDate), DateUtils.getScheduleDate(endDate), new Long[]{1L})).thenReturn(getTaskInstanceStateCounts()); Mockito.when(projectMapper.selectById(Mockito.any())).thenReturn(getProject("test")); - Mockito.when(projectService.hasProjectAndPerm(Mockito.any(), Mockito.any(), (Map)Mockito.any())).thenReturn(true); + Mockito.when(projectService.hasProjectAndPerm(Mockito.any(), Mockito.any(), (Map)Mockito.any(),Mockito.any())).thenReturn(true); result = dataAnalysisServiceImpl.countTaskStateByProject(user, 1, startDate, endDate); Assert.assertEquals(Status.SUCCESS, result.get(Constants.STATUS)); @@ -147,7 +158,7 @@ public class DataAnalysisServiceTest { // checkProject false Map failResult = new HashMap<>(); putMsg(failResult, Status.PROJECT_NOT_FOUND, 1); - Mockito.when(projectService.checkProjectAndAuth(any(), any(), anyLong())).thenReturn(failResult); + Mockito.when(projectService.checkProjectAndAuth(any(), any(), anyLong(),any())).thenReturn(failResult); failResult = dataAnalysisServiceImpl.countTaskStateByProject(user, 1, startDate, endDate); Assert.assertEquals(Status.PROJECT_NOT_FOUND, failResult.get(Constants.STATUS)); } @@ -156,7 +167,7 @@ public class DataAnalysisServiceTest { public void testCountTaskStateByProject_paramValid() { Map result = new HashMap<>(); putMsg(result, Status.SUCCESS, null); - Mockito.when(projectService.checkProjectAndAuth(any(), any(), anyLong())).thenReturn(result); + Mockito.when(projectService.checkProjectAndAuth(any(), any(), anyLong(),any())).thenReturn(result); Mockito.when(projectMapper.queryByCode(1L)).thenReturn(getProject("test")); // when date in illegal format then return error message @@ -182,7 +193,7 @@ public class DataAnalysisServiceTest { public void testCountTaskStateByProject_allCountZero() { Map result = new HashMap<>(); putMsg(result, Status.SUCCESS, null); - Mockito.when(projectService.checkProjectAndAuth(any(), any(), anyLong())).thenReturn(result); + Mockito.when(projectService.checkProjectAndAuth(any(), any(), anyLong(),any())).thenReturn(result); Mockito.when(projectMapper.queryByCode(1L)).thenReturn(getProject("test")); // when general user doesn't have any task then return all count are 0 @@ -201,7 +212,7 @@ public class DataAnalysisServiceTest { public void testCountTaskStateByProject_noData() { Map result = new HashMap<>(); putMsg(result, Status.SUCCESS, null); - Mockito.when(projectService.checkProjectAndAuth(any(), any(), anyLong())).thenReturn(result); + Mockito.when(projectService.checkProjectAndAuth(any(), any(), anyLong(),any())).thenReturn(result); Mockito.when(projectMapper.queryByCode(1L)).thenReturn(getProject("test")); // when instanceStateCounter return null, then return nothing @@ -221,18 +232,18 @@ public class DataAnalysisServiceTest { //checkProject false Map failResult = new HashMap<>(); putMsg(failResult, Status.PROJECT_NOT_FOUND, 1); - Mockito.when(projectService.checkProjectAndAuth(any(), any(), anyLong())).thenReturn(failResult); + Mockito.when(projectService.checkProjectAndAuth(any(), any(), anyLong(),any())).thenReturn(failResult); failResult = dataAnalysisServiceImpl.countProcessInstanceStateByProject(user, 1, startDate, endDate); Assert.assertEquals(Status.PROJECT_NOT_FOUND, failResult.get(Constants.STATUS)); Map result = new HashMap<>(); putMsg(result, Status.SUCCESS, null); - Mockito.when(projectService.checkProjectAndAuth(any(), any(), anyLong())).thenReturn(result); + Mockito.when(projectService.checkProjectAndAuth(any(), any(), anyLong(),any())).thenReturn(result); //SUCCESS Mockito.when(processInstanceMapper.countInstanceStateByProjectCodes(DateUtils.getScheduleDate(startDate), DateUtils.getScheduleDate(endDate), new Long[]{1L})).thenReturn(getTaskInstanceStateCounts()); - Mockito.when(projectService.hasProjectAndPerm(Mockito.any(), Mockito.any(), (Map)Mockito.any())).thenReturn(true); + Mockito.when(projectService.hasProjectAndPerm(Mockito.any(), Mockito.any(), (Map)Mockito.any(),Mockito.any())).thenReturn(true); result = dataAnalysisServiceImpl.countProcessInstanceStateByProject(user, 1, startDate, endDate); Assert.assertEquals(Status.SUCCESS, result.get(Constants.STATUS)); @@ -244,7 +255,7 @@ public class DataAnalysisServiceTest { Map result = new HashMap<>(); putMsg(result, Status.SUCCESS, null); - Mockito.when(projectService.checkProjectAndAuth(any(), any(), anyLong())).thenReturn(result); + Mockito.when(projectService.checkProjectAndAuth(any(), any(), anyLong(),any())).thenReturn(result); Mockito.when(processDefinitionMapper.countDefinitionByProjectCodes( Mockito.any(Long[].class))).thenReturn(new ArrayList()); @@ -254,11 +265,15 @@ public class DataAnalysisServiceTest { @Test public void testCountCommandState() { + User user = new User(); + user.setUserType(UserType.ADMIN_USER); + user.setId(1); List commandCounts = new ArrayList<>(1); CommandCount commandCount = new CommandCount(); commandCount.setCommandType(CommandType.START_PROCESS); commandCounts.add(commandCount); - + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.DATA_ANALYSIS, user.getId(), PROJECT_OVERVIEW, baseServiceLogger)).thenReturn(true); + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.DATA_ANALYSIS, null, 0, baseServiceLogger)).thenReturn(true); Mockito.when(commandMapper.countCommandState(0, null, null, new Long[]{1L})).thenReturn(commandCounts); Mockito.when(errorCommandMapper.countCommandState(0, null, null, new Long[]{1L})).thenReturn(commandCounts); diff --git a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/DataSourceServiceTest.java b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/DataSourceServiceTest.java index a3b07fa2d0..3dd3582ec8 100644 --- a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/DataSourceServiceTest.java +++ b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/DataSourceServiceTest.java @@ -18,9 +18,11 @@ package org.apache.dolphinscheduler.api.service; import org.apache.dolphinscheduler.api.enums.Status; +import org.apache.dolphinscheduler.api.service.impl.BaseServiceImpl; import org.apache.dolphinscheduler.api.service.impl.DataSourceServiceImpl; import org.apache.dolphinscheduler.api.utils.Result; import org.apache.dolphinscheduler.common.Constants; +import org.apache.dolphinscheduler.common.enums.AuthorizationType; import org.apache.dolphinscheduler.common.enums.UserType; import org.apache.dolphinscheduler.common.utils.JSONUtils; import org.apache.dolphinscheduler.dao.entity.DataSource; @@ -35,6 +37,7 @@ import org.apache.dolphinscheduler.plugin.datasource.api.plugin.DataSourceClient import org.apache.dolphinscheduler.plugin.datasource.api.utils.CommonUtils; import org.apache.dolphinscheduler.plugin.datasource.api.utils.DataSourceUtils; import org.apache.dolphinscheduler.plugin.datasource.api.utils.PasswordUtils; +import org.apache.dolphinscheduler.service.permission.ResourcePermissionCheckService; import org.apache.dolphinscheduler.spi.datasource.ConnectionParam; import org.apache.dolphinscheduler.spi.enums.DbConnectType; import org.apache.dolphinscheduler.spi.enums.DbType; @@ -62,6 +65,8 @@ import org.powermock.modules.junit4.PowerMockRunner; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import static org.apache.dolphinscheduler.api.constants.ApiFuncIdentificationConstant.DATASOURCE_DELETE; + /** * data source service test */ @@ -69,7 +74,7 @@ import org.slf4j.LoggerFactory; @PowerMockIgnore({"sun.security.*", "javax.net.*"}) @PrepareForTest({DataSourceUtils.class, CommonUtils.class, DataSourceClientProvider.class, PasswordUtils.class}) public class DataSourceServiceTest { - + private static final Logger baseServiceLogger = LoggerFactory.getLogger(BaseServiceImpl.class); private static final Logger logger = LoggerFactory.getLogger(DataSourceServiceTest.class); @InjectMocks @@ -81,6 +86,9 @@ public class DataSourceServiceTest { @Mock private DataSourceUserMapper datasourceUserMapper; + @Mock + private ResourcePermissionCheckService resourcePermissionCheckService; + public void createDataSourceTest() { User loginUser = getAdminUser(); String dataSourceName = "dataSource01"; @@ -190,6 +198,8 @@ public class DataSourceServiceTest { String searchVal = ""; int pageNo = 1; int pageSize = 10; + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.DATASOURCE, loginUser.getId(), null, baseServiceLogger)).thenReturn(true); + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.DATASOURCE, null, 0, baseServiceLogger)).thenReturn(true); Result result = dataSourceService.queryDataSourceListPaging(loginUser, searchVal, pageNo, pageSize); Assert.assertEquals(Status.SUCCESS.getCode(),(int)result.getCode()); } @@ -207,7 +217,8 @@ public class DataSourceServiceTest { User loginUser = getAdminUser(); int dataSourceId = 1; Result result = new Result(); - + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.DATASOURCE, loginUser.getId(), null, baseServiceLogger)).thenReturn(true); + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.DATASOURCE, new Object[]{dataSourceId}, -1, baseServiceLogger)).thenReturn(true); //resource not exist dataSourceService.putMsg(result, Status.RESOURCE_NOT_EXIST); PowerMockito.when(dataSourceMapper.selectById(dataSourceId)).thenReturn(null); @@ -223,6 +234,11 @@ public class DataSourceServiceTest { // success dataSourceService.putMsg(result, Status.SUCCESS); dataSource.setUserId(-1); + loginUser.setUserType(UserType.ADMIN_USER); + loginUser.setId(1); + dataSource.setId(22); + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.DATASOURCE, loginUser.getId(), DATASOURCE_DELETE, baseServiceLogger)).thenReturn(true); + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.DATASOURCE,new Object[]{dataSource.getId()} , 0, baseServiceLogger)).thenReturn(true); PowerMockito.when(dataSourceMapper.selectById(dataSourceId)).thenReturn(dataSource); Assert.assertEquals(result.getCode(), dataSourceService.delete(loginUser, dataSourceId).getCode()); @@ -234,7 +250,8 @@ public class DataSourceServiceTest { loginUser.setId(1); loginUser.setUserType(UserType.ADMIN_USER); int userId = 3; - + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.DATASOURCE, loginUser.getId(), null, baseServiceLogger)).thenReturn(true); + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.DATASOURCE, null, 0, baseServiceLogger)).thenReturn(true); // test admin user Mockito.when(dataSourceMapper.queryAuthedDatasource(userId)).thenReturn(getSingleDataSourceList()); Mockito.when(dataSourceMapper.queryDatasourceExceptUserId(userId)).thenReturn(getDataSourceList()); @@ -279,6 +296,8 @@ public class DataSourceServiceTest { public void queryDataSourceListTest() { User loginUser = new User(); loginUser.setUserType(UserType.GENERAL_USER); + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.DATASOURCE, loginUser.getId(), null, baseServiceLogger)).thenReturn(true); + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.DATASOURCE, null, 0, baseServiceLogger)).thenReturn(true); Map map = dataSourceService.queryDataSourceList(loginUser, DbType.MYSQL.ordinal()); Assert.assertEquals(Status.SUCCESS, map.get(Constants.STATUS)); } diff --git a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/DqExecuteResultServiceTest.java b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/DqExecuteResultServiceTest.java index 8417ae09ce..fdbc133b24 100644 --- a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/DqExecuteResultServiceTest.java +++ b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/DqExecuteResultServiceTest.java @@ -23,8 +23,10 @@ import static org.mockito.Mockito.when; import org.apache.dolphinscheduler.api.ApiApplicationServer; import org.apache.dolphinscheduler.api.enums.Status; +import org.apache.dolphinscheduler.api.service.impl.BaseServiceImpl; import org.apache.dolphinscheduler.api.service.impl.DqExecuteResultServiceImpl; import org.apache.dolphinscheduler.api.utils.Result; +import org.apache.dolphinscheduler.common.enums.AuthorizationType; import org.apache.dolphinscheduler.common.enums.UserType; import org.apache.dolphinscheduler.common.utils.DateUtils; import org.apache.dolphinscheduler.dao.entity.DqExecuteResult; @@ -36,11 +38,13 @@ import java.util.ArrayList; import java.util.Date; import java.util.List; +import org.apache.dolphinscheduler.service.permission.ResourcePermissionCheckService; import org.junit.Assert; import org.junit.Test; import org.junit.runner.RunWith; import org.mockito.InjectMocks; import org.mockito.Mock; +import org.mockito.Mockito; import org.mockito.junit.MockitoJUnitRunner; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -53,6 +57,7 @@ import com.baomidou.mybatisplus.extension.plugins.pagination.Page; @SpringBootTest(classes = ApiApplicationServer.class) public class DqExecuteResultServiceTest { private static final Logger logger = LoggerFactory.getLogger(DqExecuteResultServiceTest.class); + private static final Logger baseServiceLogger = LoggerFactory.getLogger(BaseServiceImpl.class); @InjectMocks private DqExecuteResultServiceImpl dqExecuteResultService; @@ -60,6 +65,9 @@ public class DqExecuteResultServiceTest { @Mock DqExecuteResultMapper dqExecuteResultMapper; + @Mock + private ResourcePermissionCheckService resourcePermissionCheckService; + @Test public void testQueryResultListPaging() { @@ -71,7 +79,8 @@ public class DqExecuteResultServiceTest { User loginUser = new User(); loginUser.setId(1); loginUser.setUserType(UserType.ADMIN_USER); - + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.DATA_QUALITY, loginUser.getId(), null, baseServiceLogger)).thenReturn(true); + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.DATA_QUALITY, null, 0, baseServiceLogger)).thenReturn(true); Page page = new Page<>(1, 10); page.setTotal(1); page.setRecords(getExecuteResultList()); diff --git a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/DqRuleServiceTest.java b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/DqRuleServiceTest.java index 0162262f20..8aa5e698c0 100644 --- a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/DqRuleServiceTest.java +++ b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/DqRuleServiceTest.java @@ -23,9 +23,11 @@ import static org.mockito.Mockito.when; import org.apache.dolphinscheduler.api.ApiApplicationServer; import org.apache.dolphinscheduler.api.enums.Status; +import org.apache.dolphinscheduler.api.service.impl.BaseServiceImpl; import org.apache.dolphinscheduler.api.service.impl.DqRuleServiceImpl; import org.apache.dolphinscheduler.api.utils.Result; import org.apache.dolphinscheduler.common.Constants; +import org.apache.dolphinscheduler.common.enums.AuthorizationType; import org.apache.dolphinscheduler.common.enums.UserType; import org.apache.dolphinscheduler.common.utils.DateUtils; import org.apache.dolphinscheduler.dao.entity.DataSource; @@ -42,6 +44,7 @@ import org.apache.dolphinscheduler.plugin.task.api.enums.dp.InputType; import org.apache.dolphinscheduler.plugin.task.api.enums.dp.OptionSourceType; import org.apache.dolphinscheduler.plugin.task.api.enums.dp.RuleType; import org.apache.dolphinscheduler.plugin.task.api.enums.dp.ValueType; +import org.apache.dolphinscheduler.service.permission.ResourcePermissionCheckService; import org.apache.dolphinscheduler.spi.enums.DbType; import org.apache.dolphinscheduler.spi.params.base.FormType; @@ -55,7 +58,10 @@ import org.junit.Test; import org.junit.runner.RunWith; import org.mockito.InjectMocks; import org.mockito.Mock; +import org.mockito.Mockito; import org.mockito.junit.MockitoJUnitRunner; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import org.springframework.boot.test.context.SpringBootTest; import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper; @@ -65,6 +71,7 @@ import com.baomidou.mybatisplus.extension.plugins.pagination.Page; @RunWith(MockitoJUnitRunner.Silent.class) @SpringBootTest(classes = ApiApplicationServer.class) public class DqRuleServiceTest { + private static final Logger baseServiceLogger = LoggerFactory.getLogger(BaseServiceImpl.class); @InjectMocks private DqRuleServiceImpl dqRuleService; @@ -81,6 +88,9 @@ public class DqRuleServiceTest { @Mock DataSourceMapper dataSourceMapper; + @Mock + private ResourcePermissionCheckService resourcePermissionCheckService; + @Test public void testGetRuleFormCreateJsonById() { String json = "[{\"field\":\"src_connector_type\",\"name\":\"源数据类型\",\"props\":{\"placeholder\":" @@ -124,7 +134,8 @@ public class DqRuleServiceTest { User loginUser = new User(); loginUser.setId(1); loginUser.setUserType(UserType.ADMIN_USER); - + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.DATA_QUALITY, loginUser.getId(), null, baseServiceLogger)).thenReturn(true); + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.DATA_QUALITY, null, 0, baseServiceLogger)).thenReturn(true); Page page = new Page<>(1, 10); page.setTotal(1); page.setRecords(getRuleList()); diff --git a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/EnvironmentServiceTest.java b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/EnvironmentServiceTest.java index 81ba83476d..f8f662cbc4 100644 --- a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/EnvironmentServiceTest.java +++ b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/EnvironmentServiceTest.java @@ -18,10 +18,12 @@ package org.apache.dolphinscheduler.api.service; import org.apache.dolphinscheduler.api.enums.Status; +import org.apache.dolphinscheduler.api.service.impl.BaseServiceImpl; import org.apache.dolphinscheduler.api.service.impl.EnvironmentServiceImpl; import org.apache.dolphinscheduler.api.utils.PageInfo; import org.apache.dolphinscheduler.api.utils.Result; import org.apache.dolphinscheduler.common.Constants; +import org.apache.dolphinscheduler.common.enums.AuthorizationType; import org.apache.dolphinscheduler.common.enums.UserType; import org.apache.dolphinscheduler.dao.entity.Environment; import org.apache.dolphinscheduler.dao.entity.EnvironmentWorkerGroupRelation; @@ -36,6 +38,7 @@ import java.util.ArrayList; import java.util.List; import java.util.Map; +import org.apache.dolphinscheduler.service.permission.ResourcePermissionCheckService; import org.assertj.core.util.Lists; import org.junit.After; import org.junit.Assert; @@ -54,6 +57,8 @@ import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper; import com.baomidou.mybatisplus.core.metadata.IPage; import com.baomidou.mybatisplus.extension.plugins.pagination.Page; +import static org.apache.dolphinscheduler.api.constants.ApiFuncIdentificationConstant.*; + /** * environment service test */ @@ -61,6 +66,7 @@ import com.baomidou.mybatisplus.extension.plugins.pagination.Page; public class EnvironmentServiceTest { public static final Logger logger = LoggerFactory.getLogger(EnvironmentServiceTest.class); + private static final Logger baseServiceLogger = LoggerFactory.getLogger(BaseServiceImpl.class); @InjectMocks private EnvironmentServiceImpl environmentService; @@ -74,6 +80,9 @@ public class EnvironmentServiceTest { @Mock private TaskDefinitionMapper taskDefinitionMapper; + @Mock + private ResourcePermissionCheckService resourcePermissionCheckService; + public static final String testUserName = "environmentServerTest"; public static final String environmentName = "Env1"; @@ -91,6 +100,8 @@ public class EnvironmentServiceTest { @Test public void testCreateEnvironment() { User loginUser = getGeneralUser(); + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.ENVIRONMENT, loginUser.getId(),ENVIRONMENT_CREATE, baseServiceLogger)).thenReturn(true); + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.ENVIRONMENT, null, 0, baseServiceLogger)).thenReturn(true); Map result = environmentService.createEnvironment(loginUser,environmentName,getConfig(),getDesc(),workerGroups); logger.info(result.toString()); Assert.assertEquals(Status.USER_NO_OPERATION_PERM, result.get(Constants.STATUS)); @@ -130,6 +141,8 @@ public class EnvironmentServiceTest { @Test public void testUpdateEnvironmentByCode() { User loginUser = getGeneralUser(); + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.ENVIRONMENT, loginUser.getId(),ENVIRONMENT_UPDATE , baseServiceLogger)).thenReturn(true); + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.ENVIRONMENT, null, 0, baseServiceLogger)).thenReturn(true); Map result = environmentService.updateEnvironmentByCode(loginUser,1L,environmentName,getConfig(),getDesc(),workerGroups); logger.info(result.toString()); Assert.assertEquals(Status.USER_NO_OPERATION_PERM, result.get(Constants.STATUS)); @@ -212,6 +225,8 @@ public class EnvironmentServiceTest { @Test public void testDeleteEnvironmentByCode() { User loginUser = getGeneralUser(); + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.ENVIRONMENT, loginUser.getId(), ENVIRONMENT_DELETE, baseServiceLogger)).thenReturn(true); + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.ENVIRONMENT, null, 0, baseServiceLogger)).thenReturn(true); Map result = environmentService.deleteEnvironmentByCode(loginUser,1L); logger.info(result.toString()); Assert.assertEquals(Status.USER_NO_OPERATION_PERM, result.get(Constants.STATUS)); diff --git a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/ExecutorServiceTest.java b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/ExecutorServiceTest.java index 9c0c1c3231..0d2dd813e4 100644 --- a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/ExecutorServiceTest.java +++ b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/ExecutorServiceTest.java @@ -17,21 +17,19 @@ package org.apache.dolphinscheduler.api.service; +import static org.apache.dolphinscheduler.api.constants.ApiFuncIdentificationConstant.RERUN; +import static org.apache.dolphinscheduler.api.constants.ApiFuncIdentificationConstant.WORKFLOW_START; import static org.mockito.ArgumentMatchers.any; import static org.mockito.Mockito.times; import static org.mockito.Mockito.verify; import org.apache.dolphinscheduler.api.enums.ExecuteType; import org.apache.dolphinscheduler.api.enums.Status; +import org.apache.dolphinscheduler.api.service.impl.BaseServiceImpl; import org.apache.dolphinscheduler.api.service.impl.ExecutorServiceImpl; import org.apache.dolphinscheduler.api.service.impl.ProjectServiceImpl; import org.apache.dolphinscheduler.common.Constants; -import org.apache.dolphinscheduler.common.enums.CommandType; -import org.apache.dolphinscheduler.common.enums.ComplementDependentMode; -import org.apache.dolphinscheduler.common.enums.Priority; -import org.apache.dolphinscheduler.common.enums.ReleaseState; -import org.apache.dolphinscheduler.common.enums.RunMode; -import org.apache.dolphinscheduler.common.enums.TaskGroupQueueStatus; +import org.apache.dolphinscheduler.common.enums.*; import org.apache.dolphinscheduler.common.model.Server; import org.apache.dolphinscheduler.dao.entity.Command; import org.apache.dolphinscheduler.dao.entity.ProcessDefinition; @@ -48,6 +46,7 @@ import org.apache.dolphinscheduler.dao.mapper.ProjectMapper; import org.apache.dolphinscheduler.dao.mapper.TaskDefinitionMapper; import org.apache.dolphinscheduler.dao.mapper.TaskGroupQueueMapper; import org.apache.dolphinscheduler.plugin.task.api.enums.ExecutionStatus; +import org.apache.dolphinscheduler.service.permission.ResourcePermissionCheckService; import org.apache.dolphinscheduler.service.process.ProcessService; import java.util.ArrayList; @@ -75,6 +74,11 @@ import org.slf4j.LoggerFactory; public class ExecutorServiceTest { private static final Logger logger = LoggerFactory.getLogger(ExecutorServiceTest.class); + private static final Logger baseServiceLogger = LoggerFactory.getLogger(BaseServiceImpl.class); + + @Mock + private ResourcePermissionCheckService resourcePermissionCheckService; + @InjectMocks private ExecutorServiceImpl executorService; @@ -169,7 +173,7 @@ public class ExecutorServiceTest { // mock Mockito.when(projectMapper.queryByCode(projectCode)).thenReturn(project); - Mockito.when(projectService.checkProjectAndAuth(loginUser, project, projectCode)).thenReturn(checkProjectAndAuth()); + Mockito.when(projectService.checkProjectAndAuth(loginUser, project, projectCode, WORKFLOW_START)).thenReturn(checkProjectAndAuth()); Mockito.when(processDefinitionMapper.queryByCode(processDefinitionCode)).thenReturn(processDefinition); Mockito.when(processService.getTenantForProcess(tenantId, userId)).thenReturn(new Tenant()); Mockito.when(processService.createCommand(any(Command.class))).thenReturn(1); @@ -317,7 +321,7 @@ public class ExecutorServiceTest { @Test public void testExecuteRepeatRunning() { Mockito.when(processService.verifyIsNeedCreateCommand(any(Command.class))).thenReturn(true); - + Mockito.when(projectService.checkProjectAndAuth(loginUser, project, projectCode, RERUN )).thenReturn(checkProjectAndAuth()); Map result = executorService.execute(loginUser, projectCode, processInstanceId, ExecuteType.REPEAT_RUNNING); Assert.assertEquals(Status.SUCCESS, result.get(Constants.STATUS)); } diff --git a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/K8SNamespaceServiceTest.java b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/K8SNamespaceServiceTest.java index 3ab626c5a0..b97e32df86 100644 --- a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/K8SNamespaceServiceTest.java +++ b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/K8SNamespaceServiceTest.java @@ -18,10 +18,12 @@ package org.apache.dolphinscheduler.api.service; import org.apache.dolphinscheduler.api.enums.Status; +import org.apache.dolphinscheduler.api.service.impl.BaseServiceImpl; import org.apache.dolphinscheduler.api.service.impl.K8SNamespaceServiceImpl; import org.apache.dolphinscheduler.api.utils.PageInfo; import org.apache.dolphinscheduler.api.utils.Result; import org.apache.dolphinscheduler.common.Constants; +import org.apache.dolphinscheduler.common.enums.AuthorizationType; import org.apache.dolphinscheduler.common.enums.UserType; import org.apache.dolphinscheduler.dao.entity.K8sNamespace; import org.apache.dolphinscheduler.dao.entity.User; @@ -35,6 +37,7 @@ import java.util.ArrayList; import java.util.List; import java.util.Map; +import org.apache.dolphinscheduler.service.permission.ResourcePermissionCheckService; import org.junit.After; import org.junit.Assert; import org.junit.Before; @@ -54,6 +57,7 @@ import com.baomidou.mybatisplus.extension.plugins.pagination.Page; public class K8SNamespaceServiceTest { private static final Logger logger = LoggerFactory.getLogger(K8SNamespaceServiceTest.class); + private static final Logger baseServiceLogger = LoggerFactory.getLogger(BaseServiceImpl.class); @InjectMocks private K8SNamespaceServiceImpl k8sNamespaceService; @@ -64,6 +68,9 @@ public class K8SNamespaceServiceTest { @Mock private K8sClientService k8sClientService; + @Mock + private ResourcePermissionCheckService resourcePermissionCheckService; + @Mock private UserMapper userMapper; @@ -85,6 +92,8 @@ public class K8SNamespaceServiceTest { IPage page = new Page<>(1, 10); page.setTotal(1L); page.setRecords(getNamespaceList()); + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.K8S_NAMESPACE, getLoginUser().getId(), null, baseServiceLogger)).thenReturn(true); + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.K8S_NAMESPACE, null, 0, baseServiceLogger)).thenReturn(true); Mockito.when(k8sNamespaceMapper.queryK8sNamespacePaging(Mockito.any(Page.class), Mockito.eq(namespace))).thenReturn(page); Result result = k8sNamespaceService.queryListPaging(getLoginUser(), namespace, 1, 10); logger.info(result.toString()); @@ -94,6 +103,8 @@ public class K8SNamespaceServiceTest { @Test public void createK8sNamespace() { + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.K8S_NAMESPACE, getLoginUser().getId(), null, baseServiceLogger)).thenReturn(true); + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.K8S_NAMESPACE, null, 0, baseServiceLogger)).thenReturn(true); // namespace is null Map result = k8sNamespaceService.createK8sNamespace(getLoginUser(), null, k8s, 10.0, 100); logger.info(result.toString()); @@ -115,7 +126,8 @@ public class K8SNamespaceServiceTest { @Test public void updateK8sNamespace() { Mockito.when(k8sNamespaceMapper.selectById(1)).thenReturn(getNamespace()); - + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.K8S_NAMESPACE, getLoginUser().getId(), null, baseServiceLogger)).thenReturn(true); + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.K8S_NAMESPACE, null, 0, baseServiceLogger)).thenReturn(true); Map result = k8sNamespaceService.updateK8sNamespace(getLoginUser(), 1, null, null, null); logger.info(result.toString()); Assert.assertEquals(Status.SUCCESS, result.get(Constants.STATUS)); @@ -159,7 +171,8 @@ public class K8SNamespaceServiceTest { public void deleteNamespaceById() { Mockito.when(k8sNamespaceMapper.deleteById(Mockito.any())).thenReturn(1); Mockito.when(k8sNamespaceMapper.selectById(1)).thenReturn(getNamespace()); - + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.K8S_NAMESPACE, getLoginUser().getId(), null, baseServiceLogger)).thenReturn(true); + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.K8S_NAMESPACE, null, 0, baseServiceLogger)).thenReturn(true); Map result = k8sNamespaceService.deleteNamespaceById(getLoginUser(), 1); logger.info(result.toString()); Assert.assertEquals(Status.SUCCESS, result.get(Constants.STATUS)); @@ -168,7 +181,8 @@ public class K8SNamespaceServiceTest { @Test public void testQueryAuthorizedNamespace() { Mockito.when(k8sNamespaceMapper.queryAuthedNamespaceListByUserId(2)).thenReturn(getNamespaceList()); - + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.K8S_NAMESPACE, getLoginUser().getId(), null, baseServiceLogger)).thenReturn(true); + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.K8S_NAMESPACE, null, 0, baseServiceLogger)).thenReturn(true); User loginUser = getLoginUser(); // test admin user @@ -191,7 +205,8 @@ public class K8SNamespaceServiceTest { public void testQueryUnAuthorizedNamespace() { Mockito.when(k8sNamespaceMapper.queryAuthedNamespaceListByUserId(2)).thenReturn(new ArrayList<>()); Mockito.when(k8sNamespaceMapper.selectList(Mockito.any())).thenReturn(getNamespaceList()); - + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.K8S_NAMESPACE, 0, null, baseServiceLogger)).thenReturn(true); + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.K8S_NAMESPACE, null, 0, baseServiceLogger)).thenReturn(true); // test admin user User loginUser = new User(); loginUser.setUserType(UserType.ADMIN_USER); diff --git a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/LoggerServiceTest.java b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/LoggerServiceTest.java index b63e7d2463..4be8e246fc 100644 --- a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/LoggerServiceTest.java +++ b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/LoggerServiceTest.java @@ -47,6 +47,9 @@ import org.powermock.core.classloader.annotations.PrepareForTest; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import static org.apache.dolphinscheduler.api.constants.ApiFuncIdentificationConstant.DOWNLOAD_LOG; +import static org.apache.dolphinscheduler.api.constants.ApiFuncIdentificationConstant.VIEW_LOG; + /** * logger service test */ @@ -154,7 +157,7 @@ public class LoggerServiceTest { taskInstance.setId(1); taskInstance.setHost("127.0.0.1:8080"); taskInstance.setLogPath("/temp/log"); - Mockito.when(projectService.checkProjectAndAuth(loginUser, project, projectCode)).thenReturn(result); + Mockito.when(projectService.checkProjectAndAuth(loginUser, project, projectCode,VIEW_LOG)).thenReturn(result); Mockito.when(processService.findTaskInstanceById(1)).thenReturn(taskInstance); Mockito.when(taskDefinitionMapper.queryByCode(taskInstance.getTaskCode())).thenReturn(taskDefinition); result = loggerService.queryLog(loginUser, projectCode, 1, 1, 1); @@ -181,7 +184,7 @@ public class LoggerServiceTest { taskInstance.setId(1); taskInstance.setHost("127.0.0.1:8080"); taskInstance.setLogPath("/temp/log"); - Mockito.when(projectService.checkProjectAndAuth(loginUser, project, projectCode)).thenReturn(result); + Mockito.when(projectService.checkProjectAndAuth(loginUser, project, projectCode,DOWNLOAD_LOG )).thenReturn(result); Mockito.when(processService.findTaskInstanceById(1)).thenReturn(taskInstance); Mockito.when(taskDefinitionMapper.queryByCode(taskInstance.getTaskCode())).thenReturn(taskDefinition); loggerService.getLogBytes(loginUser, projectCode, 1); diff --git a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/ProcessDefinitionServiceTest.java b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/ProcessDefinitionServiceTest.java index 7d14d1e1b7..3e32c4f6db 100644 --- a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/ProcessDefinitionServiceTest.java +++ b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/ProcessDefinitionServiceTest.java @@ -17,6 +17,7 @@ package org.apache.dolphinscheduler.api.service; +import static org.apache.dolphinscheduler.api.constants.ApiFuncIdentificationConstant.*; import static org.powermock.api.mockito.PowerMockito.mock; import org.apache.dolphinscheduler.api.enums.Status; @@ -147,13 +148,13 @@ public class ProcessDefinitionServiceTest { putMsg(result, Status.PROJECT_NOT_FOUND, projectCode); //project not found - Mockito.when(projectService.checkProjectAndAuth(loginUser, project, projectCode)).thenReturn(result); + Mockito.when(projectService.checkProjectAndAuth(loginUser, project, projectCode,WORKFLOW_DEFINITION)).thenReturn(result); Map map = processDefinitionService.queryProcessDefinitionList(loginUser, projectCode); Assert.assertEquals(Status.PROJECT_NOT_FOUND, map.get(Constants.STATUS)); //project check auth success putMsg(result, Status.SUCCESS, projectCode); - Mockito.when(projectService.checkProjectAndAuth(loginUser, project, projectCode)).thenReturn(result); + Mockito.when(projectService.checkProjectAndAuth(loginUser, project, projectCode,WORKFLOW_DEFINITION)).thenReturn(result); List resourceList = new ArrayList<>(); resourceList.add(getProcessDefinition()); Mockito.when(processDefineMapper.queryAllDefinitionList(project.getCode())).thenReturn(resourceList); @@ -177,13 +178,13 @@ public class ProcessDefinitionServiceTest { putMsg(result, Status.PROJECT_NOT_FOUND, projectCode); //project not found - Mockito.when(projectService.checkProjectAndAuth(loginUser, project, projectCode)).thenReturn(result); + Mockito.when(projectService.checkProjectAndAuth(loginUser, project, projectCode,WORKFLOW_DEFINITION)).thenReturn(result); Result map = processDefinitionService.queryProcessDefinitionListPaging(loginUser, projectCode, "", 1, 5, 0); Assert.assertEquals(Status.PROJECT_NOT_FOUND.getCode(), (int) map.getCode()); putMsg(result, Status.SUCCESS, projectCode); loginUser.setId(1); - Mockito.when(projectService.checkProjectAndAuth(loginUser, project, projectCode)).thenReturn(result); + Mockito.when(projectService.checkProjectAndAuth(loginUser, project, projectCode,WORKFLOW_DEFINITION)).thenReturn(result); Page page = new Page<>(1, 10); page.setTotal(30); Mockito.when(processDefineMapper.queryDefineListPaging( @@ -216,13 +217,13 @@ public class ProcessDefinitionServiceTest { putMsg(result, Status.PROJECT_NOT_FOUND, projectCode); //project check auth fail - Mockito.when(projectService.checkProjectAndAuth(loginUser, project, projectCode)).thenReturn(result); + Mockito.when(projectService.checkProjectAndAuth(loginUser, project, projectCode,WORKFLOW_DEFINITION)).thenReturn(result); Map map = processDefinitionService.queryProcessDefinitionByCode(loginUser, 1L, 1L); Assert.assertEquals(Status.PROJECT_NOT_FOUND, map.get(Constants.STATUS)); //project check auth success, instance not exist putMsg(result, Status.SUCCESS, projectCode); - Mockito.when(projectService.checkProjectAndAuth(loginUser, project, projectCode)).thenReturn(result); + Mockito.when(projectService.checkProjectAndAuth(loginUser, project, projectCode,WORKFLOW_DEFINITION)).thenReturn(result); DagData dagData = new DagData(getProcessDefinition(), null, null); Mockito.when(processService.genDagData(Mockito.any())).thenReturn(dagData); @@ -232,7 +233,7 @@ public class ProcessDefinitionServiceTest { //instance exit Mockito.when(processDefineMapper.queryByCode(46L)).thenReturn(getProcessDefinition()); putMsg(result, Status.SUCCESS, projectCode); - Mockito.when(projectService.checkProjectAndAuth(loginUser, project, projectCode)).thenReturn(result); + Mockito.when(projectService.checkProjectAndAuth(loginUser, project, projectCode,WORKFLOW_DEFINITION)).thenReturn(result); Mockito.when(tenantMapper.queryById(1)).thenReturn(tenant); Map successRes = processDefinitionService.queryProcessDefinitionByCode(loginUser, projectCode, 46L); Assert.assertEquals(Status.SUCCESS, successRes.get(Constants.STATUS)); @@ -253,13 +254,13 @@ public class ProcessDefinitionServiceTest { putMsg(result, Status.PROJECT_NOT_FOUND, projectCode); //project check auth fail - Mockito.when(projectService.checkProjectAndAuth(loginUser, project, projectCode)).thenReturn(result); + Mockito.when(projectService.checkProjectAndAuth(loginUser, project, projectCode,WORKFLOW_DEFINITION)).thenReturn(result); Map map = processDefinitionService.queryProcessDefinitionByName(loginUser, projectCode, "test_def"); Assert.assertEquals(Status.PROJECT_NOT_FOUND, map.get(Constants.STATUS)); //project check auth success, instance not exist putMsg(result, Status.SUCCESS, projectCode); - Mockito.when(projectService.checkProjectAndAuth(loginUser, project, projectCode)).thenReturn(result); + Mockito.when(projectService.checkProjectAndAuth(loginUser, project, projectCode,WORKFLOW_DEFINITION)).thenReturn(result); Mockito.when(processDefineMapper.queryByDefineName(project.getCode(), "test_def")).thenReturn(null); Map instanceNotExitRes = processDefinitionService.queryProcessDefinitionByName(loginUser, projectCode, "test_def"); @@ -268,7 +269,7 @@ public class ProcessDefinitionServiceTest { //instance exit Mockito.when(processDefineMapper.queryByDefineName(project.getCode(), "test")).thenReturn(getProcessDefinition()); putMsg(result, Status.SUCCESS, projectCode); - Mockito.when(projectService.checkProjectAndAuth(loginUser, project, projectCode)).thenReturn(result); + Mockito.when(projectService.checkProjectAndAuth(loginUser, project, projectCode,WORKFLOW_DEFINITION)).thenReturn(result); Map successRes = processDefinitionService.queryProcessDefinitionByName(loginUser, projectCode, "test"); Assert.assertEquals(Status.SUCCESS, successRes.get(Constants.STATUS)); } @@ -283,7 +284,7 @@ public class ProcessDefinitionServiceTest { Mockito.when(projectMapper.queryByCode(projectCode)).thenReturn(getProject(projectCode)); Map result = new HashMap<>(); putMsg(result, Status.SUCCESS, projectCode); - Mockito.when(projectService.checkProjectAndAuth(loginUser, project, projectCode)).thenReturn(result); + Mockito.when(projectService.checkProjectAndAuth(loginUser, project, projectCode,WORKFLOW_BATCH_COPY)).thenReturn(result); // copy project definition ids empty test Map map = processDefinitionService.batchCopyProcessDefinition(loginUser, projectCode, StringUtils.EMPTY, 2L); @@ -291,7 +292,7 @@ public class ProcessDefinitionServiceTest { // project check auth fail putMsg(result, Status.PROJECT_NOT_FOUND, projectCode); - Mockito.when(projectService.checkProjectAndAuth(loginUser, project, projectCode)).thenReturn(result); + Mockito.when(projectService.checkProjectAndAuth(loginUser, project, projectCode,WORKFLOW_BATCH_COPY)).thenReturn(result); Map map1 = processDefinitionService.batchCopyProcessDefinition( loginUser, projectCode, String.valueOf(project.getId()), 2L); Assert.assertEquals(Status.PROJECT_NOT_FOUND, map1.get(Constants.STATUS)); @@ -300,7 +301,7 @@ public class ProcessDefinitionServiceTest { projectCode = 2L; Project project1 = getProject(projectCode); Mockito.when(projectMapper.queryByCode(projectCode)).thenReturn(project1); - Mockito.when(projectService.checkProjectAndAuth(loginUser, project, projectCode)).thenReturn(result); + Mockito.when(projectService.checkProjectAndAuth(loginUser, project, projectCode,WORKFLOW_BATCH_COPY)).thenReturn(result); putMsg(result, Status.SUCCESS, projectCode); ProcessDefinition definition = getProcessDefinition(); @@ -331,8 +332,8 @@ public class ProcessDefinitionServiceTest { Map result = new HashMap<>(); putMsg(result, Status.SUCCESS, projectCode); - Mockito.when(projectService.checkProjectAndAuth(loginUser, project1, projectCode)).thenReturn(result); - Mockito.when(projectService.checkProjectAndAuth(loginUser, project2, projectCode2)).thenReturn(result); + Mockito.when(projectService.checkProjectAndAuth(loginUser, project1, projectCode, TASK_DEFINITION_MOVE)).thenReturn(result); + Mockito.when(projectService.checkProjectAndAuth(loginUser, project2, projectCode2, TASK_DEFINITION_MOVE)).thenReturn(result); ProcessDefinition definition = getProcessDefinition(); definition.setVersion(1); @@ -362,20 +363,20 @@ public class ProcessDefinitionServiceTest { //project check auth fail Map result = new HashMap<>(); putMsg(result, Status.PROJECT_NOT_FOUND, projectCode); - Mockito.when(projectService.checkProjectAndAuth(loginUser, project, projectCode)).thenReturn(result); + Mockito.when(projectService.checkProjectAndAuth(loginUser, project, projectCode, WORKFLOW_DEFINITION_DELETE)).thenReturn(result); Map map = processDefinitionService.deleteProcessDefinitionByCode(loginUser, projectCode, 6L); Assert.assertEquals(Status.PROJECT_NOT_FOUND, map.get(Constants.STATUS)); //project check auth success, instance not exist putMsg(result, Status.SUCCESS, projectCode); - Mockito.when(projectService.checkProjectAndAuth(loginUser, project, projectCode)).thenReturn(result); + Mockito.when(projectService.checkProjectAndAuth(loginUser, project, projectCode, WORKFLOW_DEFINITION_DELETE)).thenReturn(result); Mockito.when(processDefineMapper.queryByCode(1L)).thenReturn(null); Map instanceNotExitRes = processDefinitionService.deleteProcessDefinitionByCode(loginUser, projectCode, 1L); Assert.assertEquals(Status.PROCESS_DEFINE_NOT_EXIST, instanceNotExitRes.get(Constants.STATUS)); ProcessDefinition processDefinition = getProcessDefinition(); putMsg(result, Status.SUCCESS, projectCode); - Mockito.when(projectService.checkProjectAndAuth(loginUser, project, projectCode)).thenReturn(result); + Mockito.when(projectService.checkProjectAndAuth(loginUser, project, projectCode, WORKFLOW_DEFINITION_DELETE)).thenReturn(result); //user no auth loginUser.setUserType(UserType.GENERAL_USER); Mockito.when(processDefineMapper.queryByCode(46L)).thenReturn(processDefinition); @@ -385,7 +386,6 @@ public class ProcessDefinitionServiceTest { //process definition online loginUser.setUserType(UserType.ADMIN_USER); putMsg(result, Status.SUCCESS, projectCode); - Mockito.when(projectService.checkProjectAndAuth(loginUser, project, projectCode)).thenReturn(result); processDefinition.setReleaseState(ReleaseState.ONLINE); Mockito.when(processDefineMapper.queryByCode(46L)).thenReturn(processDefinition); Map dfOnlineRes = processDefinitionService.deleteProcessDefinitionByCode(loginUser, projectCode, 46L); @@ -395,7 +395,6 @@ public class ProcessDefinitionServiceTest { processDefinition.setReleaseState(ReleaseState.OFFLINE); Mockito.when(processDefineMapper.queryByCode(46L)).thenReturn(processDefinition); putMsg(result, Status.SUCCESS, projectCode); - Mockito.when(projectService.checkProjectAndAuth(loginUser, project, projectCode)).thenReturn(result); Mockito.when(scheduleMapper.queryByProcessDefinitionCode(46L)).thenReturn(getSchedule()); Mockito.when(scheduleMapper.deleteById(46)).thenReturn(1); Mockito.when(processDefineMapper.deleteById(processDefinition.getId())).thenReturn(1); @@ -407,7 +406,6 @@ public class ProcessDefinitionServiceTest { Schedule schedule = getSchedule(); schedule.setReleaseState(ReleaseState.ONLINE); putMsg(result, Status.SUCCESS, projectCode); - Mockito.when(projectService.checkProjectAndAuth(loginUser, project, projectCode)).thenReturn(result); Mockito.when(scheduleMapper.queryByProcessDefinitionCode(46L)).thenReturn(schedule); Map schedulerOnlineRes = processDefinitionService.deleteProcessDefinitionByCode(loginUser, projectCode, 46L); Assert.assertEquals(Status.SCHEDULE_CRON_STATE_ONLINE, schedulerOnlineRes.get(Constants.STATUS)); @@ -419,7 +417,6 @@ public class ProcessDefinitionServiceTest { Mockito.when(processTaskRelationMapper.deleteByCode(project.getCode(), processDefinition.getCode())).thenReturn(1); Mockito.when(scheduleMapper.queryByProcessDefinitionCode(46L)).thenReturn(getSchedule()); putMsg(result, Status.SUCCESS, projectCode); - Mockito.when(projectService.checkProjectAndAuth(loginUser, project, projectCode)).thenReturn(result); Map deleteSuccess = processDefinitionService.deleteProcessDefinitionByCode(loginUser, projectCode, 46L); Assert.assertEquals(Status.SUCCESS, deleteSuccess.get(Constants.STATUS)); } @@ -438,7 +435,7 @@ public class ProcessDefinitionServiceTest { //project check auth fail Map result = new HashMap<>(); putMsg(result, Status.PROJECT_NOT_FOUND, projectCode); - Mockito.when(projectService.checkProjectAndAuth(loginUser, project, projectCode)).thenReturn(result); + Mockito.when(projectService.checkProjectAndAuth(loginUser, project, projectCode,null)).thenReturn(result); Map map = processDefinitionService.releaseProcessDefinition(loginUser, projectCode, 6, ReleaseState.OFFLINE); Assert.assertEquals(Status.PROJECT_NOT_FOUND, map.get(Constants.STATUS)); @@ -482,7 +479,7 @@ public class ProcessDefinitionServiceTest { //project check auth fail Map result = new HashMap<>(); putMsg(result, Status.PROJECT_NOT_FOUND, projectCode); - Mockito.when(projectService.checkProjectAndAuth(loginUser, project, projectCode)).thenReturn(result); + Mockito.when(projectService.checkProjectAndAuth(loginUser, project, projectCode,null)).thenReturn(result); Map map = processDefinitionService.verifyProcessDefinitionName(loginUser, projectCode, "test_pdf"); Assert.assertEquals(Status.PROJECT_NOT_FOUND, map.get(Constants.STATUS)); @@ -525,7 +522,7 @@ public class ProcessDefinitionServiceTest { //project check auth fail Map result = new HashMap<>(); putMsg(result, Status.SUCCESS, projectCode); - Mockito.when(projectService.checkProjectAndAuth(loginUser, project, projectCode)).thenReturn(result); + Mockito.when(projectService.checkProjectAndAuth(loginUser, project, projectCode,null)).thenReturn(result); //process definition not exist Mockito.when(processDefineMapper.queryByCode(46L)).thenReturn(null); Map processDefinitionNullRes = processDefinitionService.getTaskNodeListByDefinitionCode(loginUser, projectCode, 46L); @@ -553,7 +550,7 @@ public class ProcessDefinitionServiceTest { //project check auth fail Map result = new HashMap<>(); putMsg(result, Status.SUCCESS, projectCode); - Mockito.when(projectService.checkProjectAndAuth(loginUser, project, projectCode)).thenReturn(result); + Mockito.when(projectService.checkProjectAndAuth(loginUser, project, projectCode,null)).thenReturn(result); //process definition not exist String defineCodes = "46"; Set defineCodeSet = Lists.newArrayList(defineCodes.split(Constants.COMMA)).stream().map(Long::parseLong).collect(Collectors.toSet()); @@ -587,7 +584,7 @@ public class ProcessDefinitionServiceTest { Project project = getProject(projectCode); Mockito.when(projectMapper.queryByCode(projectCode)).thenReturn(project); putMsg(result, Status.SUCCESS, projectCode); - Mockito.when(projectService.checkProjectAndAuth(loginUser, project, projectCode)).thenReturn(result); + Mockito.when(projectService.checkProjectAndAuth(loginUser, project, projectCode,WORKFLOW_DEFINITION)).thenReturn(result); ProcessDefinition processDefinition = getProcessDefinition(); List processDefinitionList = new ArrayList<>(); processDefinitionList.add(processDefinition); @@ -598,28 +595,51 @@ public class ProcessDefinitionServiceTest { @Test public void testViewTree() { + User loginUser = new User(); + loginUser.setId(1); + loginUser.setTenantId(1); + loginUser.setUserType(UserType.ADMIN_USER); + long projectCode = 1; + Project project1 = getProject(projectCode); + Map result = new HashMap<>(); + putMsg(result, Status.SUCCESS, projectCode); + Mockito.when(projectMapper.queryByCode(1)).thenReturn(project1); + Mockito.when(projectService.checkProjectAndAuth(loginUser, project1, projectCode, WORKFLOW_TREE_VIEW)).thenReturn(result); //process definition not exist ProcessDefinition processDefinition = getProcessDefinition(); - Map processDefinitionNullRes = processDefinitionService.viewTree(processDefinition.getProjectCode(),46, 10); + Map processDefinitionNullRes = processDefinitionService.viewTree(loginUser,processDefinition.getProjectCode(),46, 10); Assert.assertEquals(Status.PROCESS_DEFINE_NOT_EXIST, processDefinitionNullRes.get(Constants.STATUS)); - //task instance not exist + //task instance not existproject + putMsg(result, Status.SUCCESS, projectCode); + Mockito.when(projectMapper.queryByCode(1)).thenReturn(project1); + Mockito.when(projectService.checkProjectAndAuth(loginUser, project1, 1, WORKFLOW_TREE_VIEW)).thenReturn(result); Mockito.when(processDefineMapper.queryByCode(46L)).thenReturn(processDefinition); Mockito.when(processService.genDagGraph(processDefinition)).thenReturn(new DAG<>()); - Map taskNullRes = processDefinitionService.viewTree(processDefinition.getProjectCode(),46, 10); + Map taskNullRes = processDefinitionService.viewTree(loginUser,processDefinition.getProjectCode(),46, 10); Assert.assertEquals(Status.SUCCESS, taskNullRes.get(Constants.STATUS)); //task instance exist - Map taskNotNuLLRes = processDefinitionService.viewTree(processDefinition.getProjectCode(),46, 10); + Map taskNotNuLLRes = processDefinitionService.viewTree(loginUser,processDefinition.getProjectCode(),46, 10); Assert.assertEquals(Status.SUCCESS, taskNotNuLLRes.get(Constants.STATUS)); } @Test public void testSubProcessViewTree() { + User loginUser = new User(); + loginUser.setId(1); + loginUser.setUserType(UserType.ADMIN_USER); ProcessDefinition processDefinition = getProcessDefinition(); Mockito.when(processDefineMapper.queryByCode(46L)).thenReturn(processDefinition); + + Project project1 = getProject(1); + Map result = new HashMap<>(); + result.put(Constants.STATUS, Status.SUCCESS); + Mockito.when(projectMapper.queryByCode(1)).thenReturn(project1); + Mockito.when(projectService.checkProjectAndAuth(loginUser, project1, 1, WORKFLOW_TREE_VIEW)).thenReturn(result); + Mockito.when(processService.genDagGraph(processDefinition)).thenReturn(new DAG<>()); - Map taskNotNuLLRes = processDefinitionService.viewTree(processDefinition.getProjectCode(), 46, 10); + Map taskNotNuLLRes = processDefinitionService.viewTree(loginUser,processDefinition.getProjectCode(), 46, 10); Assert.assertEquals(Status.SUCCESS, taskNotNuLLRes.get(Constants.STATUS)); } @@ -635,7 +655,7 @@ public class ProcessDefinitionServiceTest { long projectCode = 1L; Project project = getProject(projectCode); Mockito.when(projectMapper.queryByCode(projectCode)).thenReturn(getProject(projectCode)); - Mockito.when(projectService.checkProjectAndAuth(loginUser, project, projectCode)).thenReturn(result); + Mockito.when(projectService.checkProjectAndAuth(loginUser, project, projectCode, WORKFLOW_UPDATE)).thenReturn(result); Map updateResult = processDefinitionService.updateProcessDefinition(loginUser, projectCode, "test", 1, "", "", "", 0, "root", null, null, ProcessExecutionTypeEnum.PARALLEL); @@ -656,8 +676,6 @@ public class ProcessDefinitionServiceTest { Map result = new HashMap<>(); putMsg(result, Status.PROJECT_NOT_FOUND); Mockito.when(projectMapper.queryByCode(projectCode)).thenReturn(getProject(projectCode)); - Mockito.when(projectService.checkProjectAndAuth(loginUser, project, projectCode)).thenReturn(result); - processDefinitionService.batchExportProcessDefinitionByCodes( loginUser, projectCode, "1", null); @@ -666,7 +684,6 @@ public class ProcessDefinitionServiceTest { Map checkResult = new HashMap<>(); checkResult.put(Constants.STATUS, Status.SUCCESS); Mockito.when(projectMapper.queryByCode(projectCode)).thenReturn(project); - Mockito.when(projectService.checkProjectAndAuth(loginUser, project, projectCode)).thenReturn(checkResult); HttpServletResponse response = mock(HttpServletResponse.class); DagData dagData = new DagData(getProcessDefinition(), null, null); @@ -704,12 +721,16 @@ public class ProcessDefinitionServiceTest { Mockito.when(dataSourceMapper.queryDataSourceByNameAndUserId(userId, "mysql_1")).thenReturn(dataSource); long projectCode = 1001; + Project project1 = getProject(projectCode); + Map result = new HashMap<>(); + result.put(Constants.STATUS, Status.SUCCESS); + Mockito.when(projectMapper.queryByCode(projectCode)).thenReturn(getProject(projectCode)); + Mockito.when(projectService.checkProjectAndAuth(loginUser, project1, projectCode, WORKFLOW_IMPORT)).thenReturn(result); Mockito.when(processService.saveTaskDefine(Mockito.same(loginUser), Mockito.eq(projectCode), Mockito.notNull(), Mockito.anyBoolean())).thenReturn(2); Mockito.when(processService.saveProcessDefine(Mockito.same(loginUser), Mockito.notNull(), Mockito.notNull(), Mockito.anyBoolean())).thenReturn(1); Mockito.when(processService.saveTaskRelation(Mockito.same(loginUser), Mockito.eq(projectCode), Mockito.anyLong(), Mockito.eq(1), Mockito.notNull(), Mockito.notNull(), Mockito.anyBoolean())).thenReturn(0); - - Map result = processDefinitionService.importSqlProcessDefinition(loginUser, projectCode, mockMultipartFile); + result = processDefinitionService.importSqlProcessDefinition(loginUser, projectCode, mockMultipartFile); Assert.assertEquals(result.get(Constants.STATUS), Status.SUCCESS); } diff --git a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/ProcessInstanceServiceTest.java b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/ProcessInstanceServiceTest.java index eb7977d860..1f938d200f 100644 --- a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/ProcessInstanceServiceTest.java +++ b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/ProcessInstanceServiceTest.java @@ -17,6 +17,7 @@ package org.apache.dolphinscheduler.api.service; +import static org.apache.dolphinscheduler.api.constants.ApiFuncIdentificationConstant.*; import static org.mockito.ArgumentMatchers.eq; import static org.mockito.Mockito.when; @@ -159,7 +160,7 @@ public class ProcessInstanceServiceTest { //project auth fail when(projectMapper.queryByCode(projectCode)).thenReturn(project); - when(projectService.checkProjectAndAuth(loginUser, project, projectCode)).thenReturn(result); + when(projectService.checkProjectAndAuth(loginUser, project, projectCode, WORKFLOW_INSTANCE)).thenReturn(result); Result proejctAuthFailRes = processInstanceService.queryProcessInstanceList(loginUser, projectCode, 46, "2020-01-01 00:00:00", "2020-01-02 00:00:00", "", "test_user", ExecutionStatus.SUBMITTED_SUCCESS, "192.168.xx.xx", 1, 10); @@ -176,7 +177,7 @@ public class ProcessInstanceServiceTest { // data parameter check putMsg(result, Status.SUCCESS, projectCode); when(projectMapper.queryByCode(projectCode)).thenReturn(project); - when(projectService.checkProjectAndAuth(loginUser, project, projectCode)).thenReturn(result); + when(projectService.checkProjectAndAuth(loginUser, project, projectCode,WORKFLOW_INSTANCE)).thenReturn(result); when(processDefineMapper.selectById(Mockito.anyInt())).thenReturn(getProcessDefinition()); when(processInstanceMapper.queryProcessInstanceListPaging(Mockito.any(Page.class) , Mockito.any(), Mockito.any(), Mockito.any(), Mockito.any(), Mockito.any(), @@ -191,7 +192,7 @@ public class ProcessInstanceServiceTest { putMsg(result, Status.SUCCESS, projectCode); when(projectMapper.queryByCode(projectCode)).thenReturn(project); - when(projectService.checkProjectAndAuth(loginUser, project, projectCode)).thenReturn(result); + when(projectService.checkProjectAndAuth(loginUser, project, projectCode,WORKFLOW_INSTANCE)).thenReturn(result); when(usersService.queryUser(loginUser.getId())).thenReturn(loginUser); when(usersService.getUserIdByName(loginUser.getUserName())).thenReturn(loginUser.getId()); when(processInstanceMapper.queryProcessInstanceListPaging(Mockito.any(Page.class), eq(project.getCode()), eq(1L), eq(""), eq(-1), Mockito.any(), @@ -245,7 +246,7 @@ public class ProcessInstanceServiceTest { //project auth fail when(projectMapper.queryByCode(projectCode)).thenReturn(project); - when(projectService.checkProjectAndAuth(loginUser, project, projectCode)).thenReturn(result); + when(projectService.checkProjectAndAuth(loginUser, project, projectCode,WORKFLOW_INSTANCE)).thenReturn(result); Map proejctAuthFailRes = processInstanceService.queryTopNLongestRunningProcessInstance(loginUser, projectCode, size, startTime, endTime); Assert.assertEquals(Status.PROJECT_NOT_FOUND, proejctAuthFailRes.get(Constants.STATUS)); @@ -253,7 +254,7 @@ public class ProcessInstanceServiceTest { putMsg(result, Status.SUCCESS, projectCode); ProcessInstance processInstance = getProcessInstance(); when(projectMapper.queryByCode(projectCode)).thenReturn(project); - when(projectService.checkProjectAndAuth(loginUser, project, projectCode)).thenReturn(result); + when(projectService.checkProjectAndAuth(loginUser, project, projectCode,WORKFLOW_INSTANCE)).thenReturn(result); when(usersService.queryUser(loginUser.getId())).thenReturn(loginUser); when(usersService.getUserIdByName(loginUser.getUserName())).thenReturn(loginUser.getId()); when(usersService.queryUser(processInstance.getExecutorId())).thenReturn(loginUser); @@ -272,7 +273,7 @@ public class ProcessInstanceServiceTest { //project auth fail when(projectMapper.queryByCode(projectCode)).thenReturn(project); - when(projectService.checkProjectAndAuth(loginUser, project, projectCode)).thenReturn(result); + when(projectService.checkProjectAndAuth(loginUser, project, projectCode,WORKFLOW_INSTANCE)).thenReturn(result); Map proejctAuthFailRes = processInstanceService.queryProcessInstanceById(loginUser, projectCode, 1); Assert.assertEquals(Status.PROJECT_NOT_FOUND, proejctAuthFailRes.get(Constants.STATUS)); @@ -282,7 +283,7 @@ public class ProcessInstanceServiceTest { ProcessDefinition processDefinition = getProcessDefinition(); processDefinition.setProjectCode(projectCode); when(projectMapper.queryByCode(projectCode)).thenReturn(project); - when(projectService.checkProjectAndAuth(loginUser, project, projectCode)).thenReturn(result); + when(projectService.checkProjectAndAuth(loginUser, project, projectCode,WORKFLOW_INSTANCE)).thenReturn(result); when(processService.findProcessInstanceDetailById(processInstance.getId())).thenReturn(processInstance); when(processService.findProcessDefinition(processInstance.getProcessDefinitionCode(), processInstance.getProcessDefinitionVersion())).thenReturn(processDefinition); @@ -309,7 +310,7 @@ public class ProcessInstanceServiceTest { //project auth fail when(projectMapper.queryByCode(projectCode)).thenReturn(project); - when(projectService.checkProjectAndAuth(loginUser, project, projectCode)).thenReturn(result); + when(projectService.checkProjectAndAuth(loginUser, project, projectCode,WORKFLOW_INSTANCE)).thenReturn(result); Map proejctAuthFailRes = processInstanceService.queryTaskListByProcessId(loginUser, projectCode, 1); Assert.assertEquals(Status.PROJECT_NOT_FOUND, proejctAuthFailRes.get(Constants.STATUS)); @@ -325,7 +326,7 @@ public class ProcessInstanceServiceTest { res.setCode(Status.SUCCESS.ordinal()); res.setData("xxx"); when(projectMapper.queryByCode(projectCode)).thenReturn(project); - when(projectService.checkProjectAndAuth(loginUser, project, projectCode)).thenReturn(result); + when(projectService.checkProjectAndAuth(loginUser, project, projectCode,WORKFLOW_INSTANCE)).thenReturn(result); when(processService.findProcessInstanceDetailById(processInstance.getId())).thenReturn(processInstance); when(processService.findValidTaskListByProcessId(processInstance.getId())).thenReturn(taskInstanceList); when(loggerService.queryLog(taskInstance.getId(), 0, 4098)).thenReturn(res); @@ -355,14 +356,14 @@ public class ProcessInstanceServiceTest { //project auth fail when(projectMapper.queryByCode(projectCode)).thenReturn(project); - when(projectService.checkProjectAndAuth(loginUser, project, projectCode)).thenReturn(result); + when(projectService.checkProjectAndAuth(loginUser, project, projectCode,WORKFLOW_INSTANCE)).thenReturn(result); Map proejctAuthFailRes = processInstanceService.querySubProcessInstanceByTaskId(loginUser, projectCode, 1); Assert.assertEquals(Status.PROJECT_NOT_FOUND, proejctAuthFailRes.get(Constants.STATUS)); //task null putMsg(result, Status.SUCCESS, projectCode); when(projectMapper.queryByCode(projectCode)).thenReturn(project); - when(projectService.checkProjectAndAuth(loginUser, project, projectCode)).thenReturn(result); + when(projectService.checkProjectAndAuth(loginUser, project, projectCode,WORKFLOW_INSTANCE)).thenReturn(result); when(processService.findTaskInstanceById(1)).thenReturn(null); Map taskNullRes = processInstanceService.querySubProcessInstanceByTaskId(loginUser, projectCode, 1); Assert.assertEquals(Status.TASK_INSTANCE_NOT_EXISTS, taskNullRes.get(Constants.STATUS)); @@ -407,7 +408,7 @@ public class ProcessInstanceServiceTest { //project auth fail when(projectMapper.queryByCode(projectCode)).thenReturn(project); - when(projectService.checkProjectAndAuth(loginUser, project, projectCode)).thenReturn(result); + when(projectService.checkProjectAndAuth(loginUser, project, projectCode,INSTANCE_UPDATE )).thenReturn(result); Map proejctAuthFailRes = processInstanceService.updateProcessInstance(loginUser, projectCode, 1, shellJson, taskJson, "2020-02-21 00:00:00", true, "", "", 0, ""); Assert.assertEquals(Status.PROJECT_NOT_FOUND, proejctAuthFailRes.get(Constants.STATUS)); @@ -416,7 +417,7 @@ public class ProcessInstanceServiceTest { putMsg(result, Status.SUCCESS, projectCode); ProcessInstance processInstance = getProcessInstance(); when(projectMapper.queryByCode(projectCode)).thenReturn(project); - when(projectService.checkProjectAndAuth(loginUser, project, projectCode)).thenReturn(result); + when(projectService.checkProjectAndAuth(loginUser, project, projectCode,INSTANCE_UPDATE )).thenReturn(result); when(processService.findProcessInstanceDetailById(1)).thenReturn(null); Map processInstanceNullRes = processInstanceService.updateProcessInstance(loginUser, projectCode, 1, shellJson, taskJson,"2020-02-21 00:00:00", true, "", "", 0, ""); @@ -475,14 +476,14 @@ public class ProcessInstanceServiceTest { //project auth fail when(projectMapper.queryByCode(projectCode)).thenReturn(project); - when(projectService.checkProjectAndAuth(loginUser, project, projectCode)).thenReturn(result); + when(projectService.checkProjectAndAuth(loginUser, project, projectCode,WORKFLOW_INSTANCE)).thenReturn(result); Map proejctAuthFailRes = processInstanceService.queryParentInstanceBySubId(loginUser, projectCode, 1); Assert.assertEquals(Status.PROJECT_NOT_FOUND, proejctAuthFailRes.get(Constants.STATUS)); //process instance null putMsg(result, Status.SUCCESS, projectCode); when(projectMapper.queryByCode(projectCode)).thenReturn(project); - when(projectService.checkProjectAndAuth(loginUser, project, projectCode)).thenReturn(result); + when(projectService.checkProjectAndAuth(loginUser, project, projectCode,WORKFLOW_INSTANCE)).thenReturn(result); when(processService.findProcessInstanceDetailById(1)).thenReturn(null); Map processInstanceNullRes = processInstanceService.queryParentInstanceBySubId(loginUser, projectCode, 1); Assert.assertEquals(Status.PROCESS_INSTANCE_NOT_EXIST, processInstanceNullRes.get(Constants.STATUS)); @@ -519,7 +520,7 @@ public class ProcessInstanceServiceTest { //process instance null putMsg(result, Status.SUCCESS, projectCode); when(projectMapper.queryByCode(projectCode)).thenReturn(project); - when(projectService.checkProjectAndAuth(loginUser, project, projectCode)).thenReturn(result); + when(projectService.checkProjectAndAuth(loginUser, project, projectCode,INSTANCE_DELETE)).thenReturn(result); when(processService.findProcessInstanceDetailById(1)).thenReturn(null); } diff --git a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/ProcessTaskRelationServiceTest.java b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/ProcessTaskRelationServiceTest.java index dca48d99b9..d92bc876c5 100644 --- a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/ProcessTaskRelationServiceTest.java +++ b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/ProcessTaskRelationServiceTest.java @@ -270,7 +270,7 @@ public class ProcessTaskRelationServiceTest { Map result = new HashMap<>(); putMsg(result, Status.SUCCESS, projectCode); - Mockito.when(projectService.checkProjectAndAuth(loginUser, project, projectCode)).thenReturn(result); + Mockito.when(projectService.checkProjectAndAuth(loginUser, project, projectCode,null)).thenReturn(result); Mockito.when(processDefinitionMapper.queryByCode(processDefinitionCode)).thenReturn(getProcessDefinition()); Mockito.when(processTaskRelationMapper.queryByCode(projectCode, processDefinitionCode, preTaskCode, postTaskCode)).thenReturn(Lists.newArrayList()); Mockito.when(taskDefinitionMapper.queryByCode(postTaskCode)).thenReturn(getTaskDefinition()); @@ -302,7 +302,7 @@ public class ProcessTaskRelationServiceTest { Map result = new HashMap<>(); putMsg(result, Status.SUCCESS, projectCode); - Mockito.when(projectService.checkProjectAndAuth(loginUser, project, projectCode)).thenReturn(result); + Mockito.when(projectService.checkProjectAndAuth(loginUser, project, projectCode,null)).thenReturn(result); List processTaskRelationList = getProcessTaskDownstreamRelationList(projectCode,taskCode); @@ -356,7 +356,7 @@ public class ProcessTaskRelationServiceTest { Map result = new HashMap<>(); putMsg(result, Status.SUCCESS, projectCode); - Mockito.when(projectService.checkProjectAndAuth(loginUser, project, projectCode)).thenReturn(result); + Mockito.when(projectService.checkProjectAndAuth(loginUser, project, projectCode,null)).thenReturn(result); List processTaskRelationList = getProcessTaskUpstreamRelationList(projectCode,taskCode); Mockito.when(processTaskRelationMapper.queryUpstreamByCode(projectCode, taskCode)).thenReturn(processTaskRelationList); @@ -405,7 +405,7 @@ public class ProcessTaskRelationServiceTest { loginUser.setUserType(UserType.GENERAL_USER); Map result = new HashMap<>(); putMsg(result, Status.SUCCESS, projectCode); - Mockito.when(projectService.checkProjectAndAuth(loginUser, project, projectCode)).thenReturn(result); + Mockito.when(projectService.checkProjectAndAuth(loginUser, project, projectCode,null)).thenReturn(result); List processTaskRelationList = new ArrayList<>(); ProcessTaskRelation processTaskRelation = new ProcessTaskRelation(); processTaskRelation.setProjectCode(projectCode); @@ -445,7 +445,7 @@ public class ProcessTaskRelationServiceTest { processTaskRelation.setPostTaskCode(taskCode); processTaskRelation.setPostTaskVersion(1); processTaskRelationList.add(processTaskRelation); - Mockito.when(projectService.checkProjectAndAuth(loginUser, project, projectCode)).thenReturn(result); + Mockito.when(projectService.checkProjectAndAuth(loginUser, project, projectCode,null)).thenReturn(result); Mockito.when(processTaskRelationMapper.queryUpstreamByCode(projectCode, taskCode)).thenReturn(processTaskRelationList); Mockito.when(processDefinitionMapper.queryByCode(1L)).thenReturn(getProcessDefinition()); Mockito.when(processTaskRelationMapper.queryByProcessCode(projectCode, 1L)).thenReturn(processTaskRelationList); @@ -470,7 +470,7 @@ public class ProcessTaskRelationServiceTest { loginUser.setUserType(UserType.GENERAL_USER); Map result = new HashMap<>(); putMsg(result, Status.SUCCESS, projectCode); - Mockito.when(projectService.checkProjectAndAuth(loginUser, project, projectCode)).thenReturn(result); + Mockito.when(projectService.checkProjectAndAuth(loginUser, project, projectCode,null)).thenReturn(result); Mockito.when(processTaskRelationMapper.queryByCode(projectCode, processDefinitionCode, preTaskCode, postTaskCode)).thenReturn(Lists.newArrayList()); Mockito.when(processDefinitionMapper.queryByCode(processDefinitionCode)).thenReturn(getProcessDefinition()); Mockito.when(taskDefinitionMapper.queryByCode(taskCode)).thenReturn(getTaskDefinition()); @@ -507,7 +507,7 @@ public class ProcessTaskRelationServiceTest { loginUser.setUserType(UserType.GENERAL_USER); Map result = new HashMap<>(); putMsg(result, Status.SUCCESS, projectCode); - Mockito.when(projectService.checkProjectAndAuth(loginUser, project, projectCode)).thenReturn(result); + Mockito.when(projectService.checkProjectAndAuth(loginUser, project, projectCode,null)).thenReturn(result); ProcessTaskRelation processTaskRelation = new ProcessTaskRelation(); processTaskRelation.setProjectCode(projectCode); processTaskRelation.setProcessDefinitionCode(processDefinitionCode); @@ -518,7 +518,7 @@ public class ProcessTaskRelationServiceTest { processTaskRelationLog.setOperator(loginUser.getId()); List processTaskRelationList = new ArrayList<>(); processTaskRelationList.add(processTaskRelation); - Mockito.when(projectService.checkProjectAndAuth(loginUser, project, projectCode)).thenReturn(result); + Mockito.when(projectService.checkProjectAndAuth(loginUser, project, projectCode,null)).thenReturn(result); Mockito.when(processTaskRelationMapper.queryByProcessCode(projectCode, 1L)).thenReturn(processTaskRelationList); List relationLogs = processTaskRelationList.stream().map(ProcessTaskRelationLog::new).collect(Collectors.toList()); Mockito.when(processService.saveTaskRelation(loginUser, 1L, 1L, diff --git a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/ProjectServiceTest.java b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/ProjectServiceTest.java index 065b2c273b..2e2b9a16e7 100644 --- a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/ProjectServiceTest.java +++ b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/ProjectServiceTest.java @@ -1,3 +1,4 @@ + /* * Licensed to the Apache Software Foundation (ASF) under one or more * contributor license agreements. See the NOTICE file distributed with @@ -14,10 +15,11 @@ * See the License for the specific language governing permissions and * limitations under the License. */ - package org.apache.dolphinscheduler.api.service; +import java.util.*; import org.apache.dolphinscheduler.api.enums.Status; +import org.apache.dolphinscheduler.api.service.impl.BaseServiceImpl; import org.apache.dolphinscheduler.api.service.impl.ProjectServiceImpl; import org.apache.dolphinscheduler.common.Constants; import org.apache.dolphinscheduler.common.enums.AuthorizationType; @@ -33,8 +35,6 @@ import org.apache.dolphinscheduler.dao.mapper.UserMapper; import org.apache.commons.collections.CollectionUtils; -import java.util.*; - import org.apache.dolphinscheduler.service.permission.ResourcePermissionCheckService; import org.junit.Assert; import org.junit.Test; @@ -46,6 +46,8 @@ import org.mockito.junit.MockitoJUnitRunner; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import static org.apache.dolphinscheduler.api.constants.ApiFuncIdentificationConstant.*; + /** * project service test **/ @@ -53,7 +55,8 @@ import org.slf4j.LoggerFactory; public class ProjectServiceTest { private static final Logger logger = LoggerFactory.getLogger(ProjectServiceTest.class); - + private static final Logger baseServiceLogger = LoggerFactory.getLogger(BaseServiceImpl.class); + private static final Logger projectLogger = LoggerFactory.getLogger(ProjectServiceImpl.class); @InjectMocks private ProjectServiceImpl projectService; @@ -61,26 +64,28 @@ public class ProjectServiceTest { private ProjectMapper projectMapper; @Mock - private ProcessDefinitionMapper processDefinitionMapper; + private ProjectUserMapper projectUserMapper; @Mock - private ResourcePermissionCheckService resourcePermissionCheckService; - + private ProcessDefinitionMapper processDefinitionMapper; @Mock private UserMapper userMapper; + @Mock + private ResourcePermissionCheckService resourcePermissionCheckService; + private String projectName = "ProjectServiceTest"; private String userName = "ProjectServiceTest"; - private static final Logger projectServiceLogger = LoggerFactory.getLogger(ProjectServiceImpl.class); - @Test public void testCreateProject() { User loginUser = getLoginUser(); loginUser.setId(1); + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.PROJECTS, loginUser.getId(), PROJECT_CREATE , baseServiceLogger)).thenReturn(true); + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.PROJECTS, null, loginUser.getId(), baseServiceLogger)).thenReturn(true); Map result = projectService.createProject(loginUser, projectName, getDesc()); logger.info(result.toString()); Assert.assertEquals(Status.REQUEST_PARAMS_NOT_VALID_ERROR, result.get(Constants.STATUS)); @@ -102,11 +107,11 @@ public class ProjectServiceTest { @Test public void testCheckProjectAndAuth() { - // no admin user long projectCode = 1L; +// Mockito.when(projectUserMapper.queryProjectRelation(1, 1)).thenReturn(getProjectUser()); User loginUser = getLoginUser(); - Map result = projectService.checkProjectAndAuth(loginUser, null, projectCode); + Map result = projectService.checkProjectAndAuth(loginUser, null, projectCode, PROJECT); logger.info(result.toString()); Status status = (Status) result.get(Constants.STATUS); Assert.assertEquals(Status.PROJECT_NOT_EXIST, result.get(Constants.STATUS)); @@ -114,42 +119,36 @@ public class ProjectServiceTest { Project project = getProject(); //USER_NO_OPERATION_PROJECT_PERM project.setUserId(2); - Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.PROJECTS, 1, null, projectServiceLogger)).thenReturn(true); - Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.PROJECTS, new Object[]{1}, 1, projectServiceLogger)).thenReturn(false); - result = projectService.checkProjectAndAuth(loginUser, project, projectCode); + result = projectService.checkProjectAndAuth(loginUser, project, projectCode,PROJECT); logger.info(result.toString()); Assert.assertEquals(Status.USER_NO_OPERATION_PROJECT_PERM, result.get(Constants.STATUS)); //success project.setUserId(1); - Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.PROJECTS, 1, null, projectServiceLogger)).thenReturn(true); - Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.PROJECTS, new Object[]{1}, 1, projectServiceLogger)).thenReturn(true); - result = projectService.checkProjectAndAuth(loginUser, project, projectCode); + loginUser.setUserType(UserType.ADMIN_USER); + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.PROJECTS, project.getUserId(), PROJECT, baseServiceLogger)).thenReturn(true); + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.PROJECTS, new Object[]{project.getId()}, 0, baseServiceLogger)).thenReturn(true); + result = projectService.checkProjectAndAuth(loginUser, project, projectCode,PROJECT); logger.info(result.toString()); Assert.assertEquals(Status.SUCCESS, result.get(Constants.STATUS)); - // admin user Map result2 = new HashMap<>(); - loginUser = geAdminUser(); - result2 = projectService.checkProjectAndAuth(loginUser, null, projectCode); + result2 = projectService.checkProjectAndAuth(loginUser, null, projectCode,PROJECT); Assert.assertEquals(Status.PROJECT_NOT_EXIST, result2.get(Constants.STATUS)); Project project1 = getProject(); // USER_NO_OPERATION_PROJECT_PERM project1.setUserId(2); - Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.PROJECTS, 11, null, projectServiceLogger)).thenReturn(true); - Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.PROJECTS, new Object[]{1}, 0, projectServiceLogger)).thenReturn(true); - result2 = projectService.checkProjectAndAuth(loginUser, project1, projectCode); - Assert.assertEquals(Status.SUCCESS, result2.get(Constants.STATUS)); + loginUser.setUserType(UserType.GENERAL_USER); + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.PROJECTS, loginUser.getId(), PROJECT, baseServiceLogger)).thenReturn(true); +// Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.PROJECTS, new Object[]{project.getId()}, 0, baseServiceLogger)).thenReturn(true); + result2 = projectService.checkProjectAndAuth(loginUser, project1, projectCode,PROJECT); + Assert.assertEquals(Status.USER_NO_OPERATION_PROJECT_PERM, result2.get(Constants.STATUS)); //success project1.setUserId(1); - Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.PROJECTS, 11, null, projectServiceLogger)).thenReturn(true); - Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.PROJECTS, new Object[]{1}, 0, projectServiceLogger)).thenReturn(true); - result2 = projectService.checkProjectAndAuth(loginUser, project1, projectCode); - Assert.assertEquals(Status.SUCCESS, result2.get(Constants.STATUS)); - + projectService.checkProjectAndAuth(loginUser, project1, projectCode,PROJECT); } @@ -164,49 +163,74 @@ public class ProjectServiceTest { User tempUser = new User(); tempUser.setId(Integer.MAX_VALUE); tempUser.setUserType(UserType.GENERAL_USER); - boolean checkResult = projectService.hasProjectAndPerm(tempUser, project, result); + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.PROJECTS, tempUser.getId(), null, baseServiceLogger)).thenReturn(true); + boolean checkResult = projectService.hasProjectAndPerm(tempUser, project, result,null); logger.info(result.toString()); Assert.assertFalse(checkResult); //success result = new HashMap<>(); project.setUserId(1); - Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.PROJECTS, 1, null, projectServiceLogger)).thenReturn(true); - Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.PROJECTS, new Object[]{1}, 1, projectServiceLogger)).thenReturn(true); - checkResult = projectService.hasProjectAndPerm(loginUser, project, result); + loginUser.setUserType(UserType.ADMIN_USER); + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.PROJECTS, loginUser.getId(), null, baseServiceLogger)).thenReturn(true); + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.PROJECTS, new Object[]{project.getId()}, 0, baseServiceLogger)).thenReturn(true); + checkResult = projectService.hasProjectAndPerm(loginUser, project, result,null); logger.info(result.toString()); Assert.assertTrue(checkResult); } +// @Test +// public void testQueryProjectListPaging() { +// IPage page = new Page<>(1, 10); +// page.setRecords(getList()); +// page.setTotal(1L); +// Set set = new HashSet(); +// set.add(1); +// Mockito.when(projectMapper.queryProjectListPaging(Mockito.any(Page.class),Mockito.anySet().toArray(), Mockito.eq(projectName))).thenReturn(page); +// User loginUser = getLoginUser(); +// +// // project owner +// Mockito.when(resourcePermissionCheckService.userOwnedResourceIdsAcquisition(AuthorizationType.PROJECTS, loginUser.getId(), projectLogger)).thenReturn(set); +// Result result = projectService.queryProjectListPaging(loginUser, 10, 1, projectName); +// logger.info(result.toString()); +// PageInfo pageInfo = (PageInfo) result.getData(); +// Assert.assertTrue(CollectionUtils.isNotEmpty(pageInfo.getTotalList())); +// +// //admin +// Mockito.when(projectMapper.queryProjectListPaging(Mockito.any(Page.class), Mockito.anySet().toArray(), Mockito.eq(projectName))).thenReturn(page); +// loginUser.setUserType(UserType.ADMIN_USER); +// result = projectService.queryProjectListPaging(loginUser, 10, 1, projectName); +// logger.info(result.toString()); +// pageInfo = (PageInfo) result.getData(); +// Assert.assertTrue(CollectionUtils.isNotEmpty(pageInfo.getTotalList())); +// } + @Test public void testDeleteProject() { User loginUser = getLoginUser(); Mockito.when(projectMapper.queryByCode(1L)).thenReturn(getProject()); + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.PROJECTS, loginUser.getId(), PROJECT_DELETE, baseServiceLogger)).thenReturn(true); //PROJECT_NOT_FOUNT Map result = projectService.deleteProject(loginUser, 11L); logger.info(result.toString()); Assert.assertEquals(Status.PROJECT_NOT_EXIST, result.get(Constants.STATUS)); - loginUser.setId(2); - Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.PROJECTS, 2, null, projectServiceLogger)).thenReturn(true); - Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.PROJECTS, new Object[]{1}, 2, projectServiceLogger)).thenReturn(false); //USER_NO_OPERATION_PROJECT_PERM + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.PROJECTS, new Object[]{1},loginUser.getId() , baseServiceLogger)).thenReturn(true); result = projectService.deleteProject(loginUser, 1L); logger.info(result.toString()); Assert.assertEquals(Status.USER_NO_OPERATION_PROJECT_PERM, result.get(Constants.STATUS)); - Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.PROJECTS, 2, null, projectServiceLogger)).thenReturn(true); - Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.PROJECTS, new Object[]{1}, 0, projectServiceLogger)).thenReturn(true); //DELETE_PROJECT_ERROR_DEFINES_NOT_NULL Mockito.when(processDefinitionMapper.queryAllDefinitionList(1L)).thenReturn(getProcessDefinitions()); loginUser.setUserType(UserType.ADMIN_USER); + loginUser.setId(1); + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.PROJECTS, new Object[]{1},0 , baseServiceLogger)).thenReturn(true); result = projectService.deleteProject(loginUser, 1L); logger.info(result.toString()); Assert.assertEquals(Status.DELETE_PROJECT_ERROR_DEFINES_NOT_NULL, result.get(Constants.STATUS)); //success - Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.PROJECTS, 2, null, projectServiceLogger)).thenReturn(true); - Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.PROJECTS, new Object[]{1}, 0, projectServiceLogger)).thenReturn(true); Mockito.when(projectMapper.deleteById(1)).thenReturn(1); Mockito.when(processDefinitionMapper.queryAllDefinitionList(1L)).thenReturn(new ArrayList<>()); result = projectService.deleteProject(loginUser, 1L); @@ -220,6 +244,8 @@ public class ProjectServiceTest { User loginUser = getLoginUser(); Project project = getProject(); project.setCode(2L); + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.PROJECTS, loginUser.getId(), PROJECT_UPDATE , baseServiceLogger)).thenReturn(true); + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.PROJECTS, new Object[]{1},loginUser.getId() , baseServiceLogger)).thenReturn(true); Mockito.when(projectMapper.queryByName(projectName)).thenReturn(project); Mockito.when(projectMapper.queryByCode(2L)).thenReturn(getProject()); // PROJECT_NOT_FOUNT @@ -228,21 +254,15 @@ public class ProjectServiceTest { Assert.assertEquals(Status.PROJECT_NOT_FOUND, result.get(Constants.STATUS)); //PROJECT_ALREADY_EXISTS - Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.PROJECTS, 1, null, projectServiceLogger)).thenReturn(true); - Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.PROJECTS, new Object[]{1}, 1, projectServiceLogger)).thenReturn(true); result = projectService.update(loginUser, 2L, projectName, "desc", userName); logger.info(result.toString()); Assert.assertEquals(Status.PROJECT_ALREADY_EXISTS, result.get(Constants.STATUS)); - Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.PROJECTS, 1, null, projectServiceLogger)).thenReturn(true); - Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.PROJECTS, new Object[]{1}, 1, projectServiceLogger)).thenReturn(true); Mockito.when(userMapper.queryByUserNameAccurately(Mockito.any())).thenReturn(null); result = projectService.update(loginUser, 2L, "test", "desc", "testuser"); Assert.assertEquals(Status.USER_NOT_EXIST, result.get(Constants.STATUS)); //success - Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.PROJECTS, 1, null, projectServiceLogger)).thenReturn(true); - Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.PROJECTS, new Object[]{1}, 1, projectServiceLogger)).thenReturn(true); Mockito.when(userMapper.queryByUserNameAccurately(Mockito.any())).thenReturn(new User()); project.setUserId(1); Mockito.when(projectMapper.updateById(Mockito.any(Project.class))).thenReturn(1); @@ -284,8 +304,6 @@ public class ProjectServiceTest { // Failure 2: USER_NO_OPERATION_PROJECT_PERM loginUser.setId(100); - Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.PROJECTS, 100, null, projectServiceLogger)).thenReturn(true); - Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.PROJECTS, new Object[]{1}, 100, projectServiceLogger)).thenReturn(false); Mockito.when(this.projectMapper.queryByCode(Mockito.anyLong())).thenReturn(this.getProject()); result = this.projectService.queryAuthorizedUser(loginUser, 3682329499136L); logger.info("FAILURE 2: {}", result.toString()); @@ -293,8 +311,8 @@ public class ProjectServiceTest { // SUCCESS loginUser.setUserType(UserType.ADMIN_USER); - Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.PROJECTS, 100, null, projectServiceLogger)).thenReturn(true); - Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.PROJECTS, new Object[]{1}, 0, projectServiceLogger)).thenReturn(true); + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.PROJECTS, loginUser.getId(), PROJECT, baseServiceLogger)).thenReturn(true); + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.PROJECTS, new Object[]{1}, 0, baseServiceLogger)).thenReturn(true); Mockito.when(this.userMapper.queryAuthedUserListByProjectId(1)).thenReturn(this.getUserList()); result = this.projectService.queryAuthorizedUser(loginUser, 3682329499136L); logger.info("SUCCESS 1: {}", result.toString()); @@ -303,8 +321,8 @@ public class ProjectServiceTest { loginUser.setId(1); loginUser.setUserType(UserType.GENERAL_USER); - Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.PROJECTS, 1, null, projectServiceLogger)).thenReturn(true); - Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.PROJECTS, new Object[]{1}, 1, projectServiceLogger)).thenReturn(true); + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.PROJECTS, loginUser.getId(), PROJECT, baseServiceLogger)).thenReturn(true); + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.PROJECTS, new Object[]{1}, 1, baseServiceLogger)).thenReturn(true); result = this.projectService.queryAuthorizedUser(loginUser, 3682329499136L); logger.info("SUCCESS 2: {}", result.toString()); users = (List) result.get(Constants.DATA_LIST); @@ -332,17 +350,23 @@ public class ProjectServiceTest { Map result = null; User loginUser = getLoginUser(); - + Set set = new HashSet(); + set.add(1); + List list = new ArrayList<>(1); + list.add(1); // not admin user - Set projectIds = new HashSet<>(); - Mockito.when(projectMapper.listAuthorizedProjects(1, new ArrayList<>(projectIds))).thenReturn(getList()); + // Mockito.when(projectMapper.queryProjectCreatedAndAuthorizedByUserId(1)).thenReturn(getList()); + Mockito.when(resourcePermissionCheckService.userOwnedResourceIdsAcquisition(AuthorizationType.PROJECTS, loginUser.getId(), projectLogger)).thenReturn(set); + Mockito.when(projectMapper.listAuthorizedProjects(loginUser.getUserType().equals(UserType.ADMIN_USER) ? 0 : loginUser.getId(),list)).thenReturn(getList()); result = projectService.queryProjectCreatedAndAuthorizedByUser(loginUser); List notAdminUserResult = (List) result.get(Constants.DATA_LIST); Assert.assertTrue(CollectionUtils.isNotEmpty(notAdminUserResult)); //admin user loginUser.setUserType(UserType.ADMIN_USER); - Mockito.when(projectMapper.listAuthorizedProjects(0, new ArrayList<>(projectIds))).thenReturn(getList()); + Mockito.when(resourcePermissionCheckService.userOwnedResourceIdsAcquisition(AuthorizationType.PROJECTS, loginUser.getId(), projectLogger)).thenReturn(set); + Mockito.when(projectMapper.listAuthorizedProjects(loginUser.getUserType().equals(UserType.ADMIN_USER) ? 0 : loginUser.getId(),list)).thenReturn(getList()); +// Mockito.when(projectMapper.selectList(null)).thenReturn(getList()); result = projectService.queryProjectCreatedAndAuthorizedByUser(loginUser); List projects = (List) result.get(Constants.DATA_LIST); @@ -365,22 +389,29 @@ public class ProjectServiceTest { @Test public void testQueryUnauthorizedProject() { - +// Mockito.when(projectMapper.queryProjectExceptUserId(2)).thenReturn(getList()); + // Mockito.when(projectMapper.queryProjectCreatedByUser(2)).thenReturn(getList()); +// Mockito.when(projectMapper.queryAuthedProjectListByUserId(2)).thenReturn(getSingleList()); + Set set = new HashSet(); + set.add(1); // test admin user - Set projectIds = new HashSet<>(); - Mockito.when(projectMapper.listAuthorizedProjects(0, new ArrayList<>(projectIds))).thenReturn(getList()); - User loginUser = new User(); loginUser.setUserType(UserType.ADMIN_USER); + loginUser.setId(1); + List list = new ArrayList<>(1); + list.add(1); + Mockito.when(resourcePermissionCheckService.userOwnedResourceIdsAcquisition(AuthorizationType.PROJECTS, loginUser.getId(), projectLogger)).thenReturn(set); + Mockito.when(projectMapper.listAuthorizedProjects(loginUser.getUserType().equals(UserType.ADMIN_USER) ? 0 : loginUser.getId(),list)).thenReturn(getList()); Map result = projectService.queryUnauthorizedProject(loginUser, 2); logger.info(result.toString()); List projects = (List) result.get(Constants.DATA_LIST); Assert.assertTrue(CollectionUtils.isNotEmpty(projects)); // test non-admin user - Mockito.when(projectMapper.listAuthorizedProjects(2, new ArrayList<>(projectIds))).thenReturn(getList()); loginUser.setId(2); loginUser.setUserType(UserType.GENERAL_USER); + Mockito.when(resourcePermissionCheckService.userOwnedResourceIdsAcquisition(AuthorizationType.PROJECTS, loginUser.getId(), projectLogger)).thenReturn(set); + Mockito.when(projectMapper.listAuthorizedProjects(loginUser.getUserType().equals(UserType.ADMIN_USER) ? 0 : loginUser.getId(),list)).thenReturn(getList()); result = projectService.queryUnauthorizedProject(loginUser, 3); logger.info(result.toString()); projects = (List) result.get(Constants.DATA_LIST); @@ -428,14 +459,6 @@ public class ProjectServiceTest { return loginUser; } - private User geAdminUser() { - User loginUser = new User(); - loginUser.setUserType(UserType.ADMIN_USER); - loginUser.setUserName(userName); - loginUser.setId(11); - return loginUser; - } - /** * Get general user * @return @@ -487,4 +510,4 @@ public class ProjectServiceTest { + ".deleteProjectRelation(projectId,userId)projectUserMapper.deleteProjectRelation(projectId,userId)"; } -} +} \ No newline at end of file diff --git a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/QueueServiceTest.java b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/QueueServiceTest.java index f3167a560a..ed300e1a8a 100644 --- a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/QueueServiceTest.java +++ b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/QueueServiceTest.java @@ -18,10 +18,12 @@ package org.apache.dolphinscheduler.api.service; import org.apache.dolphinscheduler.api.enums.Status; +import org.apache.dolphinscheduler.api.service.impl.BaseServiceImpl; import org.apache.dolphinscheduler.api.service.impl.QueueServiceImpl; import org.apache.dolphinscheduler.api.utils.PageInfo; import org.apache.dolphinscheduler.api.utils.Result; import org.apache.dolphinscheduler.common.Constants; +import org.apache.dolphinscheduler.common.enums.AuthorizationType; import org.apache.dolphinscheduler.common.enums.UserType; import org.apache.dolphinscheduler.dao.entity.Queue; import org.apache.dolphinscheduler.dao.entity.User; @@ -34,6 +36,7 @@ import java.util.ArrayList; import java.util.List; import java.util.Map; +import org.apache.dolphinscheduler.service.permission.ResourcePermissionCheckService; import org.junit.After; import org.junit.Assert; import org.junit.Before; @@ -49,6 +52,8 @@ import org.slf4j.LoggerFactory; import com.baomidou.mybatisplus.core.metadata.IPage; import com.baomidou.mybatisplus.extension.plugins.pagination.Page; +import static org.apache.dolphinscheduler.api.constants.ApiFuncIdentificationConstant.*; + /** * queue service test */ @@ -56,6 +61,7 @@ import com.baomidou.mybatisplus.extension.plugins.pagination.Page; public class QueueServiceTest { private static final Logger logger = LoggerFactory.getLogger(QueueServiceTest.class); + private static final Logger baseServiceLogger = LoggerFactory.getLogger(BaseServiceImpl.class); @InjectMocks private QueueServiceImpl queueService; @@ -63,6 +69,9 @@ public class QueueServiceTest { @Mock private QueueMapper queueMapper; + @Mock + private ResourcePermissionCheckService resourcePermissionCheckService; + @Mock private UserMapper userMapper; @@ -78,7 +87,8 @@ public class QueueServiceTest { @Test public void testQueryList() { - + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.QUEUE, getLoginUser().getId(), YARN_QUEUE_MANAGE, baseServiceLogger)).thenReturn(true); + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.QUEUE, null, 0, baseServiceLogger)).thenReturn(true); Mockito.when(queueMapper.selectList(null)).thenReturn(getQueueList()); Map result = queueService.queryList(getLoginUser()); logger.info(result.toString()); @@ -93,6 +103,8 @@ public class QueueServiceTest { IPage page = new Page<>(1, 10); page.setTotal(1L); page.setRecords(getQueueList()); + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.QUEUE, getLoginUser().getId(), YARN_QUEUE_MANAGE, baseServiceLogger)).thenReturn(true); + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.QUEUE, null, 0, baseServiceLogger)).thenReturn(true); Mockito.when(queueMapper.queryQueuePaging(Mockito.any(Page.class), Mockito.eq(queueName))).thenReturn(page); Result result = queueService.queryList(getLoginUser(), queueName, 1, 10); logger.info(result.toString()); @@ -102,7 +114,8 @@ public class QueueServiceTest { @Test public void testCreateQueue() { - + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.QUEUE, getLoginUser().getId(),YARN_QUEUE_CREATE , baseServiceLogger)).thenReturn(true); + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.QUEUE, null, 0, baseServiceLogger)).thenReturn(true); // queue is null Map result = queueService.createQueue(getLoginUser(), null, queueName); logger.info(result.toString()); @@ -124,7 +137,8 @@ public class QueueServiceTest { Mockito.when(queueMapper.selectById(1)).thenReturn(getQueue()); Mockito.when(queueMapper.existQueue("test", null)).thenReturn(true); Mockito.when(queueMapper.existQueue(null, "test")).thenReturn(true); - + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.QUEUE, getLoginUser().getId(), YARN_QUEUE_UPDATE , baseServiceLogger)).thenReturn(true); + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.QUEUE, null, 0, baseServiceLogger)).thenReturn(true); // not exist Map result = queueService.updateQueue(getLoginUser(), 0, "queue", queueName); logger.info(result.toString()); diff --git a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/SchedulerServiceTest.java b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/SchedulerServiceTest.java index 6ac83e795d..888b5b23eb 100644 --- a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/SchedulerServiceTest.java +++ b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/SchedulerServiceTest.java @@ -118,7 +118,7 @@ public class SchedulerServiceTest { //hash no auth result = schedulerService.setScheduleState(loginUser, project.getCode(), 1, ReleaseState.ONLINE); - Mockito.when(projectService.hasProjectAndPerm(loginUser, project, result)).thenReturn(true); + Mockito.when(projectService.hasProjectAndPerm(loginUser, project, result,null)).thenReturn(true); //schedule not exists result = schedulerService.setScheduleState(loginUser, project.getCode(), 2, ReleaseState.ONLINE); Assert.assertEquals(Status.SCHEDULE_CRON_NOT_EXISTS, result.get(Constants.STATUS)); diff --git a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/TaskDefinitionServiceImplTest.java b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/TaskDefinitionServiceImplTest.java index 9aade5555c..ec80a4aa1d 100644 --- a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/TaskDefinitionServiceImplTest.java +++ b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/TaskDefinitionServiceImplTest.java @@ -50,6 +50,8 @@ import org.mockito.Mock; import org.mockito.Mockito; import org.mockito.junit.MockitoJUnitRunner; +import static org.apache.dolphinscheduler.api.constants.ApiFuncIdentificationConstant.*; + @RunWith(MockitoJUnitRunner.class) public class TaskDefinitionServiceImplTest { @@ -90,7 +92,7 @@ public class TaskDefinitionServiceImplTest { Map result = new HashMap<>(); putMsg(result, Status.SUCCESS, projectCode); - Mockito.when(projectService.checkProjectAndAuth(loginUser, project, projectCode)).thenReturn(result); + Mockito.when(projectService.checkProjectAndAuth(loginUser, project, projectCode, TASK_DEFINITION_CREATE)).thenReturn(result); String createTaskDefinitionJson = "[{\"name\":\"detail_up\",\"description\":\"\",\"taskType\":\"SHELL\",\"taskParams\":" + "\"{\\\"resourceList\\\":[],\\\"localParams\\\":[{\\\"prop\\\":\\\"datetime\\\",\\\"direct\\\":\\\"IN\\\"," @@ -129,7 +131,7 @@ public class TaskDefinitionServiceImplTest { Map result = new HashMap<>(); putMsg(result, Status.SUCCESS, projectCode); - Mockito.when(projectService.checkProjectAndAuth(loginUser, project, projectCode)).thenReturn(result); + Mockito.when(projectService.checkProjectAndAuth(loginUser, project, projectCode,TASK_DEFINITION_UPDATE)).thenReturn(result); Mockito.when(processService.isTaskOnline(taskCode)).thenReturn(Boolean.FALSE); Mockito.when(taskDefinitionMapper.queryByCode(taskCode)).thenReturn(new TaskDefinition()); @@ -155,7 +157,7 @@ public class TaskDefinitionServiceImplTest { Map result = new HashMap<>(); putMsg(result, Status.SUCCESS, projectCode); - Mockito.when(projectService.checkProjectAndAuth(loginUser, project, projectCode)).thenReturn(result); + Mockito.when(projectService.checkProjectAndAuth(loginUser, project, projectCode,TASK_DEFINITION )).thenReturn(result); Mockito.when(taskDefinitionMapper.queryByName(project.getCode(), taskName)) .thenReturn(new TaskDefinition()); @@ -180,7 +182,7 @@ public class TaskDefinitionServiceImplTest { Map result = new HashMap<>(); putMsg(result, Status.SUCCESS, projectCode); - Mockito.when(projectService.checkProjectAndAuth(loginUser, project, projectCode)).thenReturn(result); + Mockito.when(projectService.checkProjectAndAuth(loginUser, project, projectCode,TASK_DEFINITION_DELETE )).thenReturn(result); Mockito.when(taskDefinitionMapper.queryByCode(taskCode)).thenReturn(getTaskDefinition()); Mockito.when(processTaskRelationMapper.queryDownstreamByTaskCode(taskCode)) .thenReturn(new ArrayList<>()); @@ -208,7 +210,7 @@ public class TaskDefinitionServiceImplTest { Map result = new HashMap<>(); putMsg(result, Status.SUCCESS, projectCode); - Mockito.when(projectService.checkProjectAndAuth(loginUser, project, projectCode)).thenReturn(result); + Mockito.when(projectService.checkProjectAndAuth(loginUser, project, projectCode,WORKFLOW_SWITCH_TO_THIS_VERSION)).thenReturn(result); Mockito.when(taskDefinitionLogMapper.queryByDefinitionCodeAndVersion(taskCode, version)) .thenReturn(new TaskDefinitionLog()); @@ -306,7 +308,7 @@ public class TaskDefinitionServiceImplTest { // check task dose not exist Map result = new HashMap<>(); putMsg(result, Status.TASK_DEFINE_NOT_EXIST, taskCode); - Mockito.when(projectService.checkProjectAndAuth(loginUser, project, projectCode)).thenReturn(result); + Mockito.when(projectService.checkProjectAndAuth(loginUser, project, projectCode,null)).thenReturn(result); Map map = taskDefinitionService.releaseTaskDefinition(loginUser, projectCode, taskCode, ReleaseState.OFFLINE); Assert.assertEquals(Status.TASK_DEFINE_NOT_EXIST, map.get(Constants.STATUS)); diff --git a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/TaskInstanceServiceTest.java b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/TaskInstanceServiceTest.java index 106e9918c9..a2f1c539eb 100644 --- a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/TaskInstanceServiceTest.java +++ b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/TaskInstanceServiceTest.java @@ -17,6 +17,8 @@ package org.apache.dolphinscheduler.api.service; +import static org.apache.dolphinscheduler.api.constants.ApiFuncIdentificationConstant.FORCED_SUCCESS; +import static org.apache.dolphinscheduler.api.constants.ApiFuncIdentificationConstant.TASK_INSTANCE; import static org.mockito.ArgumentMatchers.any; import static org.mockito.ArgumentMatchers.eq; import static org.mockito.Mockito.when; @@ -96,7 +98,7 @@ public class TaskInstanceServiceTest { //project auth fail when(projectMapper.queryByCode(projectCode)).thenReturn(project); - when(projectService.checkProjectAndAuth(loginUser, project, projectCode)).thenReturn(result); + when(projectService.checkProjectAndAuth(loginUser, project, projectCode, TASK_INSTANCE)).thenReturn(result); Result projectAuthFailRes = taskInstanceService.queryTaskListPaging(loginUser, projectCode, 0, "", "", "test_user", "2019-02-26 19:48:00", "2019-02-26 19:48:22", "", null, "", 1, 20); Assert.assertEquals(Status.PROJECT_NOT_FOUND.getCode(), (int)projectAuthFailRes.getCode()); @@ -104,7 +106,7 @@ public class TaskInstanceServiceTest { // data parameter check putMsg(result, Status.SUCCESS, projectCode); when(projectMapper.queryByCode(projectCode)).thenReturn(project); - when(projectService.checkProjectAndAuth(loginUser, project, projectCode)).thenReturn(result); + when(projectService.checkProjectAndAuth(loginUser, project, projectCode,TASK_INSTANCE)).thenReturn(result); Result dataParameterRes = taskInstanceService.queryTaskListPaging(loginUser, projectCode, 1, "", "", "test_user", "20200101 00:00:00", "2020-01-02 00:00:00", "", ExecutionStatus.SUCCESS, "192.168.xx.xx", 1, 20); Assert.assertEquals(Status.REQUEST_PARAMS_NOT_VALID_ERROR.getCode(), (int)dataParameterRes.getCode()); @@ -120,7 +122,7 @@ public class TaskInstanceServiceTest { taskInstanceList.add(taskInstance); pageReturn.setRecords(taskInstanceList); when(projectMapper.queryByCode(projectCode)).thenReturn(project); - when(projectService.checkProjectAndAuth(loginUser, project, projectCode)).thenReturn(result); + when(projectService.checkProjectAndAuth(loginUser, project, projectCode,TASK_INSTANCE)).thenReturn(result); when(usersService.queryUser(loginUser.getId())).thenReturn(loginUser); when(usersService.getUserIdByName(loginUser.getUserName())).thenReturn(loginUser.getId()); when(taskInstanceMapper.queryTaskInstanceListPaging(Mockito.any(Page.class), eq(project.getCode()), eq(1), eq(""), eq(""), eq(""), @@ -247,12 +249,12 @@ public class TaskInstanceServiceTest { // user auth failed Map mockFailure = new HashMap<>(5); putMsg(mockFailure, Status.USER_NO_OPERATION_PROJECT_PERM, user.getUserName(), projectCode); - when(projectService.checkProjectAndAuth(user, project, projectCode)).thenReturn(mockFailure); + when(projectService.checkProjectAndAuth(user, project, projectCode,FORCED_SUCCESS)).thenReturn(mockFailure); Map authFailRes = taskInstanceService.forceTaskSuccess(user, projectCode, taskId); Assert.assertNotSame(Status.SUCCESS, authFailRes.get(Constants.STATUS)); // test task not found - when(projectService.checkProjectAndAuth(user, project, projectCode)).thenReturn(mockSuccess); + when(projectService.checkProjectAndAuth(user, project, projectCode,FORCED_SUCCESS)).thenReturn(mockSuccess); when(taskInstanceMapper.selectById(Mockito.anyInt())).thenReturn(null); TaskDefinition taskDefinition = new TaskDefinition(); taskDefinition.setProjectCode(projectCode); @@ -266,7 +268,7 @@ public class TaskInstanceServiceTest { Map result = new HashMap<>(); putMsg(result, Status.SUCCESS, projectCode); when(projectMapper.queryByCode(projectCode)).thenReturn(project); - when(projectService.checkProjectAndAuth(user, project, projectCode)).thenReturn(result); + when(projectService.checkProjectAndAuth(user, project, projectCode,FORCED_SUCCESS)).thenReturn(result); Map taskStateErrorRes = taskInstanceService.forceTaskSuccess(user, projectCode, taskId); Assert.assertEquals(Status.TASK_INSTANCE_STATE_OPERATION_ERROR, taskStateErrorRes.get(Constants.STATUS)); @@ -275,7 +277,7 @@ public class TaskInstanceServiceTest { when(taskInstanceMapper.updateById(task)).thenReturn(0); putMsg(result, Status.SUCCESS, projectCode); when(projectMapper.queryByCode(projectCode)).thenReturn(project); - when(projectService.checkProjectAndAuth(user, project, projectCode)).thenReturn(result); + when(projectService.checkProjectAndAuth(user, project, projectCode,FORCED_SUCCESS)).thenReturn(result); Map errorRes = taskInstanceService.forceTaskSuccess(user, projectCode, taskId); Assert.assertEquals(Status.FORCE_TASK_SUCCESS_ERROR, errorRes.get(Constants.STATUS)); @@ -284,7 +286,7 @@ public class TaskInstanceServiceTest { when(taskInstanceMapper.updateById(task)).thenReturn(1); putMsg(result, Status.SUCCESS, projectCode); when(projectMapper.queryByCode(projectCode)).thenReturn(project); - when(projectService.checkProjectAndAuth(user, project, projectCode)).thenReturn(result); + when(projectService.checkProjectAndAuth(user, project, projectCode,FORCED_SUCCESS)).thenReturn(result); Map successRes = taskInstanceService.forceTaskSuccess(user, projectCode, taskId); Assert.assertEquals(Status.SUCCESS, successRes.get(Constants.STATUS)); } diff --git a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/TenantServiceTest.java b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/TenantServiceTest.java index 5555afc7e5..11331316d3 100644 --- a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/TenantServiceTest.java +++ b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/TenantServiceTest.java @@ -21,10 +21,12 @@ import com.baomidou.mybatisplus.core.metadata.IPage; import com.baomidou.mybatisplus.extension.plugins.pagination.Page; import org.apache.commons.collections.CollectionUtils; import org.apache.dolphinscheduler.api.enums.Status; +import org.apache.dolphinscheduler.api.service.impl.BaseServiceImpl; import org.apache.dolphinscheduler.api.service.impl.TenantServiceImpl; import org.apache.dolphinscheduler.api.utils.PageInfo; import org.apache.dolphinscheduler.api.utils.Result; import org.apache.dolphinscheduler.common.Constants; +import org.apache.dolphinscheduler.common.enums.AuthorizationType; import org.apache.dolphinscheduler.common.enums.UserType; import org.apache.dolphinscheduler.common.storage.StorageOperate; import org.apache.dolphinscheduler.common.utils.PropertyUtils; @@ -36,6 +38,7 @@ import org.apache.dolphinscheduler.dao.mapper.ProcessDefinitionMapper; import org.apache.dolphinscheduler.dao.mapper.ProcessInstanceMapper; import org.apache.dolphinscheduler.dao.mapper.TenantMapper; import org.apache.dolphinscheduler.dao.mapper.UserMapper; +import org.apache.dolphinscheduler.service.permission.ResourcePermissionCheckService; import org.junit.Assert; import org.junit.Test; import org.junit.runner.RunWith; @@ -51,13 +54,15 @@ import java.util.ArrayList; import java.util.List; import java.util.Map; +import static org.apache.dolphinscheduler.api.constants.ApiFuncIdentificationConstant.*; + /** * tenant service test */ @RunWith(MockitoJUnitRunner.class) @PrepareForTest({PropertyUtils.class}) public class TenantServiceTest { - + private static final Logger baseServiceLogger = LoggerFactory.getLogger(BaseServiceImpl.class); private static final Logger logger = LoggerFactory.getLogger(TenantServiceTest.class); @InjectMocks @@ -78,6 +83,9 @@ public class TenantServiceTest { @Mock private StorageOperate storageOperate; + @Mock + private ResourcePermissionCheckService resourcePermissionCheckService; + private static final String tenantCode = "hayden"; @Test @@ -85,6 +93,8 @@ public class TenantServiceTest { User loginUser = getLoginUser(); Mockito.when(tenantMapper.existTenant(tenantCode)).thenReturn(true); + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.TENANT, loginUser.getId(), TENANT_CREATE , baseServiceLogger)).thenReturn(true); + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.TENANT, null, 0, baseServiceLogger)).thenReturn(true); try { //check tenantCode Map result = @@ -115,6 +125,8 @@ public class TenantServiceTest { IPage page = new Page<>(1, 10); page.setRecords(getList()); page.setTotal(1L); + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.TENANT, getLoginUser().getId(), TENANT_MANAGER, baseServiceLogger)).thenReturn(true); + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.TENANT, null, 0, baseServiceLogger)).thenReturn(true); Mockito.when(tenantMapper.queryTenantPaging(Mockito.any(Page.class), Mockito.eq("TenantServiceTest"))) .thenReturn(page); Result result = tenantService.queryTenantList(getLoginUser(), "TenantServiceTest", 1, 10); @@ -128,6 +140,8 @@ public class TenantServiceTest { public void testUpdateTenant() { Mockito.when(tenantMapper.queryById(1)).thenReturn(getTenant()); + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.TENANT, getLoginUser().getId(), TENANT_UPDATE , baseServiceLogger)).thenReturn(true); + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.TENANT, null, 0, baseServiceLogger)).thenReturn(true); try { // id not exist Map result = @@ -147,7 +161,8 @@ public class TenantServiceTest { @Test public void testDeleteTenantById() { - + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.TENANT, getLoginUser().getId(), TENANT_DELETE , baseServiceLogger)).thenReturn(true); + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.TENANT, null, 0, baseServiceLogger)).thenReturn(true); Mockito.when(tenantMapper.queryById(1)).thenReturn(getTenant()); Mockito.when(processInstanceMapper.queryByTenantIdAndStatus(1, Constants.NOT_TERMINATED_STATES)) .thenReturn(getInstanceList()); diff --git a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/UsersServiceTest.java b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/UsersServiceTest.java index 8eaba04c60..3d7f7d4ff7 100644 --- a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/UsersServiceTest.java +++ b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/UsersServiceTest.java @@ -22,15 +22,18 @@ import com.baomidou.mybatisplus.extension.plugins.pagination.Page; import com.google.common.collect.Lists; import org.apache.commons.collections.CollectionUtils; import org.apache.dolphinscheduler.api.enums.Status; +import org.apache.dolphinscheduler.api.service.impl.BaseServiceImpl; import org.apache.dolphinscheduler.api.service.impl.UsersServiceImpl; import org.apache.dolphinscheduler.api.utils.PageInfo; import org.apache.dolphinscheduler.api.utils.Result; import org.apache.dolphinscheduler.common.Constants; +import org.apache.dolphinscheduler.common.enums.AuthorizationType; import org.apache.dolphinscheduler.common.enums.UserType; import org.apache.dolphinscheduler.common.storage.StorageOperate; import org.apache.dolphinscheduler.common.utils.EncryptionUtils; import org.apache.dolphinscheduler.dao.entity.*; import org.apache.dolphinscheduler.dao.mapper.*; +import org.apache.dolphinscheduler.service.permission.ResourcePermissionCheckService; import org.apache.dolphinscheduler.spi.enums.ResourceType; import org.junit.After; import org.junit.Assert; @@ -41,6 +44,7 @@ import org.mockito.InjectMocks; import org.mockito.Mock; import org.mockito.Mockito; import org.mockito.junit.MockitoJUnitRunner; +import org.powermock.api.mockito.PowerMockito; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -48,6 +52,7 @@ import java.util.ArrayList; import java.util.List; import java.util.Map; +import static org.apache.dolphinscheduler.api.constants.ApiFuncIdentificationConstant.*; import static org.mockito.ArgumentMatchers.any; import static org.mockito.ArgumentMatchers.eq; import static org.mockito.Mockito.when; @@ -57,7 +62,7 @@ import static org.mockito.Mockito.when; */ @RunWith(MockitoJUnitRunner.Silent.class) public class UsersServiceTest { - + private static final Logger baseServiceLogger = LoggerFactory.getLogger(BaseServiceImpl.class); private static final Logger logger = LoggerFactory.getLogger(UsersServiceTest.class); @InjectMocks @@ -99,6 +104,9 @@ public class UsersServiceTest { @Mock private StorageOperate storageOperate; + @Mock + private ResourcePermissionCheckService resourcePermissionCheckService; + private String queueName = "UsersServiceTestQueue"; @Before @@ -130,6 +138,8 @@ public class UsersServiceTest { int state = 1; try { //userName error + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, user.getId(), USERS_CREATE , baseServiceLogger)).thenReturn(true); + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null ,0, baseServiceLogger)).thenReturn(true); Map result = usersService.createUser(user, userName, userPassword, email, tenantId, phone, queueName, state); logger.info(result.toString()); Assert.assertEquals(Status.REQUEST_PARAMS_NOT_VALID_ERROR, result.get(Constants.STATUS)); @@ -220,14 +230,20 @@ public class UsersServiceTest { @Test public void testQueryUserList() { User user = new User(); - + user.setUserType(UserType.GENERAL_USER); + user.setId(999); //no operate + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, user.getId(), null, baseServiceLogger)).thenReturn(true); + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null, 1, baseServiceLogger)).thenReturn(true); Map result = usersService.queryUserList(user); logger.info(result.toString()); Assert.assertEquals(Status.USER_NO_OPERATION_PERM, result.get(Constants.STATUS)); //success user.setUserType(UserType.ADMIN_USER); + user.setId(1); + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, user.getId(), USER_MANAGER, baseServiceLogger)).thenReturn(true); + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null, 0, baseServiceLogger)).thenReturn(true); when(userMapper.selectList(null)).thenReturn(getUserList()); result = usersService.queryUserList(user); List userList = (List) result.get(Constants.DATA_LIST); @@ -242,12 +258,17 @@ public class UsersServiceTest { when(userMapper.queryUserPaging(any(Page.class), eq("userTest"))).thenReturn(page); //no operate + user.setUserType(UserType.GENERAL_USER); + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, 99, USER_MANAGER, baseServiceLogger)).thenReturn(true); + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null ,99, baseServiceLogger)).thenReturn(true); Result result = usersService.queryUserList(user, "userTest", 1, 10); logger.info(result.toString()); Assert.assertEquals(Status.USER_NO_OPERATION_PERM.getCode(), (int) result.getCode()); //success user.setUserType(UserType.ADMIN_USER); + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, user.getId(), USER_MANAGER, baseServiceLogger)).thenReturn(true); + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null ,0, baseServiceLogger)).thenReturn(true); result = usersService.queryUserList(user, "userTest", 1, 10); Assert.assertEquals(Status.SUCCESS.getCode(), (int) result.getCode()); PageInfo pageInfo = (PageInfo) result.getData(); @@ -260,6 +281,11 @@ public class UsersServiceTest { String userPassword = "userTest0001"; try { //user not exist + User user = new User(); + user.setUserType(UserType.ADMIN_USER); + user.setId(1); + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, user.getId(),USER_UPDATE, baseServiceLogger)).thenReturn(true); + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null ,0, baseServiceLogger)).thenReturn(true); Map result = usersService.updateUser(getLoginUser(), 0, userName, userPassword, "3443@qq.com", 1, "13457864543", "queue", 1, "Asia/Shanghai"); Assert.assertEquals(Status.USER_NOT_EXIST, result.get(Constants.STATUS)); logger.info(result.toString()); @@ -283,12 +309,18 @@ public class UsersServiceTest { when(userMapper.selectById(1)).thenReturn(getUser()); when(accessTokenMapper.deleteAccessTokenByUserId(1)).thenReturn(0); //no operate + loginUser.setUserType(UserType.GENERAL_USER); + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, 990, USER_DELETE, baseServiceLogger)).thenReturn(true); + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null ,990, baseServiceLogger)).thenReturn(true); Map result = usersService.deleteUserById(loginUser, 3); logger.info(result.toString()); Assert.assertEquals(Status.USER_NO_OPERATION_PERM, result.get(Constants.STATUS)); // user not exist loginUser.setUserType(UserType.ADMIN_USER); + loginUser.setId(1); + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, 1, USER_DELETE,baseServiceLogger)).thenReturn(true); + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null ,0, baseServiceLogger)).thenReturn(true); result = usersService.deleteUserById(loginUser, 3); logger.info(result.toString()); Assert.assertEquals(Status.USER_NOT_EXIST, result.get(Constants.STATUS)); @@ -340,7 +372,8 @@ public class UsersServiceTest { Mockito.when(this.userMapper.selectById(authorizer)).thenReturn(this.getUser()); Mockito.when(this.userMapper.selectById(projectCreator)).thenReturn(this.getUser()); Mockito.when(this.projectMapper.queryByCode(projectCode)).thenReturn(this.getProject()); - + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, 999, null, baseServiceLogger)).thenReturn(true); + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null, 1, baseServiceLogger)).thenReturn(true); // ERROR: USER_NOT_EXIST User loginUser = new User(); Map result = this.usersService.grantProjectByCode(loginUser, 999, projectCode); @@ -362,6 +395,8 @@ public class UsersServiceTest { // SUCCESS: USER IS PROJECT OWNER loginUser.setId(projectCreator); loginUser.setUserType(UserType.GENERAL_USER); + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, loginUser.getId(), null, baseServiceLogger)).thenReturn(true); + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, new Object[]{1}, loginUser.getId(), baseServiceLogger)).thenReturn(true); result = this.usersService.grantProjectByCode(loginUser, authorizer, projectCode); logger.info(result.toString()); Assert.assertEquals(Status.SUCCESS, result.get(Constants.STATUS)); @@ -369,6 +404,8 @@ public class UsersServiceTest { // SUCCESS: USER IS ADMINISTRATOR loginUser.setId(999); loginUser.setUserType(UserType.ADMIN_USER); + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, loginUser.getId(), null, baseServiceLogger)).thenReturn(true); + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, new Object[]{1}, 0, baseServiceLogger)).thenReturn(true); result = this.usersService.grantProjectByCode(loginUser, authorizer, projectCode); logger.info(result.toString()); Assert.assertEquals(Status.SUCCESS, result.get(Constants.STATUS)); @@ -382,12 +419,19 @@ public class UsersServiceTest { // user no permission User loginUser = new User(); + loginUser.setId(999); + loginUser.setUserType(UserType.GENERAL_USER); + PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, 999,null, baseServiceLogger)).thenReturn(true); + PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null, 2, baseServiceLogger)).thenReturn(true); Map result = this.usersService.revokeProject(loginUser, 1, projectCode); logger.info(result.toString()); Assert.assertEquals(Status.USER_NO_OPERATION_PERM, result.get(Constants.STATUS)); // user not exist loginUser.setUserType(UserType.ADMIN_USER); + loginUser.setId(1); + PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, loginUser.getId(),null, baseServiceLogger)).thenReturn(true); + PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null, 0, baseServiceLogger)).thenReturn(true); result = this.usersService.revokeProject(loginUser, 2, projectCode); logger.info(result.toString()); Assert.assertEquals(Status.USER_NOT_EXIST, result.get(Constants.STATUS)); @@ -445,6 +489,8 @@ public class UsersServiceTest { //user not exist loginUser.setUserType(UserType.ADMIN_USER); + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, loginUser.getId(), null, baseServiceLogger)).thenReturn(true); + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null ,0, baseServiceLogger)).thenReturn(true); Map result = usersService.grantNamespaces(loginUser, 2, namespaceIds); logger.info(result.toString()); Assert.assertEquals(Status.USER_NOT_EXIST, result.get(Constants.STATUS)); @@ -498,6 +544,8 @@ public class UsersServiceTest { loginUser.setUserName("admin"); loginUser.setUserType(UserType.ADMIN_USER); // get admin user + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, loginUser.getId(), USER_MANAGER, baseServiceLogger)).thenReturn(true); + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null ,0, baseServiceLogger)).thenReturn(true); Map result = usersService.getUserInfo(loginUser); logger.info(result.toString()); Assert.assertEquals(Status.SUCCESS, result.get(Constants.STATUS)); @@ -506,8 +554,10 @@ public class UsersServiceTest { Assert.assertEquals("admin", tempUser.getUserName()); //get general user - loginUser.setUserType(null); + loginUser.setUserType(UserType.GENERAL_USER); loginUser.setId(1); + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, 1, null, baseServiceLogger)).thenReturn(true); + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null ,0, baseServiceLogger)).thenReturn(true); when(userMapper.queryDetailsById(1)).thenReturn(getGeneralUser()); when(alertGroupMapper.queryByUserId(1)).thenReturn(getAlertGroups()); result = usersService.getUserInfo(loginUser); @@ -522,11 +572,16 @@ public class UsersServiceTest { public void testQueryAllGeneralUsers() { User loginUser = new User(); //no operate + loginUser.setUserType(UserType.GENERAL_USER); + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, 99, USER_MANAGER, baseServiceLogger)).thenReturn(true); + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null ,99, baseServiceLogger)).thenReturn(true); Map result = usersService.queryAllGeneralUsers(loginUser); logger.info(result.toString()); Assert.assertEquals(Status.USER_NO_OPERATION_PERM, result.get(Constants.STATUS)); //success loginUser.setUserType(UserType.ADMIN_USER); + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, loginUser.getId(), USER_MANAGER, baseServiceLogger)).thenReturn(true); + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null ,0, baseServiceLogger)).thenReturn(true); when(userMapper.queryAllGeneralUser()).thenReturn(getUserList()); result = usersService.queryAllGeneralUsers(loginUser); logger.info(result.toString()); @@ -537,6 +592,9 @@ public class UsersServiceTest { @Test public void testVerifyUserName() { + User user = new User(); + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, user.getId(), null, baseServiceLogger)).thenReturn(true); + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null ,0, baseServiceLogger)).thenReturn(true); //not exist user Result result = usersService.verifyUserName("admin89899"); logger.info(result.toString()); @@ -554,9 +612,14 @@ public class UsersServiceTest { when(userMapper.selectList(null)).thenReturn(getUserList()); when(userMapper.queryUserListByAlertGroupId(2)).thenReturn(getUserList()); //no operate + loginUser.setUserType(UserType.GENERAL_USER); + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, 99, null, baseServiceLogger)).thenReturn(true); + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null ,99, baseServiceLogger)).thenReturn(true); Map result = usersService.unauthorizedUser(loginUser, 2); logger.info(result.toString()); loginUser.setUserType(UserType.ADMIN_USER); + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, loginUser.getId(), null, baseServiceLogger)).thenReturn(true); + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null ,0, baseServiceLogger)).thenReturn(true); Assert.assertEquals(Status.USER_NO_OPERATION_PERM, result.get(Constants.STATUS)); //success result = usersService.unauthorizedUser(loginUser, 2); @@ -567,13 +630,18 @@ public class UsersServiceTest { @Test public void testAuthorizedUser() { User loginUser = new User(); + loginUser.setUserType(UserType.GENERAL_USER); when(userMapper.queryUserListByAlertGroupId(2)).thenReturn(getUserList()); //no operate + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, loginUser.getId(), null, baseServiceLogger)).thenReturn(true); + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null ,2, baseServiceLogger)).thenReturn(true); Map result = usersService.authorizedUser(loginUser, 2); logger.info(result.toString()); Assert.assertEquals(Status.USER_NO_OPERATION_PERM, result.get(Constants.STATUS)); //success loginUser.setUserType(UserType.ADMIN_USER); + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, loginUser.getId(), null, baseServiceLogger)).thenReturn(true); + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null ,0, baseServiceLogger)).thenReturn(true); result = usersService.authorizedUser(loginUser, 2); Assert.assertEquals(Status.SUCCESS, result.get(Constants.STATUS)); List userList = (List) result.get(Constants.DATA_LIST); @@ -627,11 +695,15 @@ public class UsersServiceTest { String userName = "userTest0002~"; try { //not admin + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, 99, null, baseServiceLogger)).thenReturn(true); + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null ,99, baseServiceLogger)).thenReturn(true); Map result = usersService.activateUser(user, userName); Assert.assertEquals(Status.USER_NO_OPERATION_PERM, result.get(Constants.STATUS)); //userName error user.setUserType(UserType.ADMIN_USER); + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, user.getId(), null, baseServiceLogger)).thenReturn(true); + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null ,0, baseServiceLogger)).thenReturn(true); result = usersService.activateUser(user, userName); Assert.assertEquals(Status.REQUEST_PARAMS_NOT_VALID_ERROR, result.get(Constants.STATUS)); @@ -667,11 +739,16 @@ public class UsersServiceTest { try { //not admin + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, user.getId(), null, baseServiceLogger)).thenReturn(true); + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null ,2, baseServiceLogger)).thenReturn(true); Map result = usersService.batchActivateUser(user, userNames); Assert.assertEquals(Status.USER_NO_OPERATION_PERM, result.get(Constants.STATUS)); //batch activate user names user.setUserType(UserType.ADMIN_USER); + user.setId(1); + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, user.getId(), null, baseServiceLogger)).thenReturn(true); + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null ,0, baseServiceLogger)).thenReturn(true); when(userMapper.queryByUserNameAccurately("userTest0001")).thenReturn(getUser()); when(userMapper.queryByUserNameAccurately("userTest0002")).thenReturn(getDisabledUser()); result = usersService.batchActivateUser(user, userNames); diff --git a/dolphinscheduler-common/src/main/java/org/apache/dolphinscheduler/common/enums/AuthorizationType.java b/dolphinscheduler-common/src/main/java/org/apache/dolphinscheduler/common/enums/AuthorizationType.java index 6fa45ba724..bcfd44ccf4 100644 --- a/dolphinscheduler-common/src/main/java/org/apache/dolphinscheduler/common/enums/AuthorizationType.java +++ b/dolphinscheduler-common/src/main/java/org/apache/dolphinscheduler/common/enums/AuthorizationType.java @@ -38,6 +38,10 @@ public enum AuthorizationType { * 11 DATA_ANALYSIS; * 12 K8S_NAMESPACE; * 13 MONITOR; + * 14 ALERT_PLUGIN_INSTANCE; + * 15 TENANT; + * 16 USER; + * 17 Data_Quality; */ RESOURCE_FILE_ID(0, "resource file id"), RESOURCE_FILE_NAME(1, "resource file name"), @@ -52,7 +56,11 @@ public enum AuthorizationType { QUEUE(10,"queue"), DATA_ANALYSIS(11,"data analysis"), K8S_NAMESPACE(12,"k8s namespace"), - MONITOR(13,"montitor"); + MONITOR(13,"montitor"), + ALERT_PLUGIN_INSTANCE(14,"alert plugin instance"), + TENANT(15,"tenant"), + USER(16,"user"), + DATA_QUALITY(17,"data quality"); AuthorizationType(int code, String descp) { this.code = code; this.descp = descp; diff --git a/dolphinscheduler-dao/src/main/java/org/apache/dolphinscheduler/dao/mapper/AccessTokenMapper.java b/dolphinscheduler-dao/src/main/java/org/apache/dolphinscheduler/dao/mapper/AccessTokenMapper.java index 602af602d5..55a6795f02 100644 --- a/dolphinscheduler-dao/src/main/java/org/apache/dolphinscheduler/dao/mapper/AccessTokenMapper.java +++ b/dolphinscheduler-dao/src/main/java/org/apache/dolphinscheduler/dao/mapper/AccessTokenMapper.java @@ -61,4 +61,12 @@ public interface AccessTokenMapper extends BaseMapper { * @return delete result */ int deleteAccessTokenByUserId(@Param("userId") int userId); + + /** + * list authorized Projects + * @param userId + * @param accessTokensIds + * @return access token for specified user + */ + List listAuthorizedAccessToken(@Param("userId") int userId, @Param("accessTokensIds")List accessTokensIds); } diff --git a/dolphinscheduler-dao/src/main/java/org/apache/dolphinscheduler/dao/mapper/AlertGroupMapper.java b/dolphinscheduler-dao/src/main/java/org/apache/dolphinscheduler/dao/mapper/AlertGroupMapper.java index 0e090f43e0..429548da3a 100644 --- a/dolphinscheduler-dao/src/main/java/org/apache/dolphinscheduler/dao/mapper/AlertGroupMapper.java +++ b/dolphinscheduler-dao/src/main/java/org/apache/dolphinscheduler/dao/mapper/AlertGroupMapper.java @@ -19,6 +19,7 @@ package org.apache.dolphinscheduler.dao.mapper; import org.apache.dolphinscheduler.dao.entity.AlertGroup; +import org.apache.dolphinscheduler.dao.entity.User; import org.apache.ibatis.annotations.Param; import java.util.List; @@ -83,4 +84,12 @@ public interface AlertGroupMapper extends BaseMapper { */ String queryAlertGroupInstanceIdsById(@Param("alertGroupId") int alertGroupId); + /** + * list authorized AlertGroup + * @param userId + * @param alertGroupsIds + * @return + */ + List listAuthorizedAlertGroupList (@Param("userId") int userId, @Param("alertGroupsIds")T[] alertGroupsIds); + } diff --git a/dolphinscheduler-dao/src/main/java/org/apache/dolphinscheduler/dao/mapper/AlertPluginInstanceMapper.java b/dolphinscheduler-dao/src/main/java/org/apache/dolphinscheduler/dao/mapper/AlertPluginInstanceMapper.java index 1fe32d320d..d857ac6845 100644 --- a/dolphinscheduler-dao/src/main/java/org/apache/dolphinscheduler/dao/mapper/AlertPluginInstanceMapper.java +++ b/dolphinscheduler-dao/src/main/java/org/apache/dolphinscheduler/dao/mapper/AlertPluginInstanceMapper.java @@ -58,5 +58,4 @@ public interface AlertPluginInstanceMapper extends BaseMapper { * @return user list */ List queryAuthedUserListByProjectId(@Param("projectId") int projectId); + + /** + * list authorized User + * @param userId + * @param resourcesIds + * @param + * @return + */ + List listAuthorizedUsersList (@Param("userId") int userId, @Param("resourcesIds")T[] resourcesIds); + + } diff --git a/dolphinscheduler-dao/src/main/java/org/apache/dolphinscheduler/dao/mapper/WorkerGroupMapper.java b/dolphinscheduler-dao/src/main/java/org/apache/dolphinscheduler/dao/mapper/WorkerGroupMapper.java index fcff987d02..36a57537b5 100644 --- a/dolphinscheduler-dao/src/main/java/org/apache/dolphinscheduler/dao/mapper/WorkerGroupMapper.java +++ b/dolphinscheduler-dao/src/main/java/org/apache/dolphinscheduler/dao/mapper/WorkerGroupMapper.java @@ -61,5 +61,4 @@ public interface WorkerGroupMapper extends BaseMapper { * @return worker group list */ List queryWorkerGroupByName(@Param("name") String name); - } diff --git a/dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/AccessTokenMapper.xml b/dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/AccessTokenMapper.xml index f8c8ad4ba2..315ca3fb97 100644 --- a/dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/AccessTokenMapper.xml +++ b/dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/AccessTokenMapper.xml @@ -42,4 +42,19 @@ delete from t_ds_access_token where user_id = #{userId} + + diff --git a/dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/AlertGroupMapper.xml b/dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/AlertGroupMapper.xml index 521fdce41d..4d45fc3c8f 100644 --- a/dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/AlertGroupMapper.xml +++ b/dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/AlertGroupMapper.xml @@ -71,4 +71,20 @@ select alert_instance_ids from t_ds_alertgroup where id = #{alertGroupId} + + diff --git a/dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/AlertPluginInstanceMapper.xml b/dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/AlertPluginInstanceMapper.xml index fe25d8d1a3..80d247004d 100644 --- a/dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/AlertPluginInstanceMapper.xml +++ b/dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/AlertPluginInstanceMapper.xml @@ -59,4 +59,12 @@ where instance_name = #{instanceName} limit 1 + + + diff --git a/dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/DataSourceMapper.xml b/dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/DataSourceMapper.xml index 2241608cbe..8e6b767b04 100644 --- a/dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/DataSourceMapper.xml +++ b/dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/DataSourceMapper.xml @@ -88,9 +88,11 @@ select from t_ds_datasource - where - id in (select datasource_id from t_ds_relation_datasource_user where user_id=#{userId} - union select id as datasource_id from t_ds_datasource where user_id=#{userId}) + where 1=1 + + and id in (select datasource_id from t_ds_relation_datasource_user where user_id=#{userId} + union select id as datasource_id from t_ds_datasource where user_id=#{userId}) + and id in diff --git a/dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/ProjectUserMapper.xml b/dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/ProjectUserMapper.xml index de74d6480c..cee724c91a 100644 --- a/dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/ProjectUserMapper.xml +++ b/dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/ProjectUserMapper.xml @@ -37,4 +37,5 @@ and user_id = #{userId} limit 1 + diff --git a/dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/UserMapper.xml b/dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/UserMapper.xml index e38688939c..36ae4dfb52 100644 --- a/dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/UserMapper.xml +++ b/dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/UserMapper.xml @@ -131,4 +131,15 @@ from t_ds_user u, t_ds_relation_project_user rel where u.id = rel.user_id and rel.project_id = #{projectId} + + diff --git a/dolphinscheduler-dao/src/test/java/org/apache/dolphinscheduler/dao/mapper/K8sNamespaceMapperTest.java b/dolphinscheduler-dao/src/test/java/org/apache/dolphinscheduler/dao/mapper/K8sNamespaceMapperTest.java index 6ce3755a73..75946f8aee 100644 --- a/dolphinscheduler-dao/src/test/java/org/apache/dolphinscheduler/dao/mapper/K8sNamespaceMapperTest.java +++ b/dolphinscheduler-dao/src/test/java/org/apache/dolphinscheduler/dao/mapper/K8sNamespaceMapperTest.java @@ -23,6 +23,7 @@ import org.apache.dolphinscheduler.dao.entity.K8sNamespace; import java.util.Date; import java.util.List; +import org.apache.dolphinscheduler.dao.entity.User; import org.junit.After; import org.junit.Assert; import org.junit.Before; @@ -51,6 +52,7 @@ public class K8sNamespaceMapperTest extends BaseDaoTest { k8sNamespace.setLimitsMemory(100); k8sNamespace.setCreateTime(new Date()); k8sNamespace.setUpdateTime(new Date()); + k8sNamespace.setId(1); k8sNamespaceMapper.insert(k8sNamespace); return k8sNamespace; } diff --git a/dolphinscheduler-service/src/main/java/org/apache/dolphinscheduler/service/permission/ResourcePermissionCheckService.java b/dolphinscheduler-service/src/main/java/org/apache/dolphinscheduler/service/permission/ResourcePermissionCheckService.java index a1f9b10a90..c32a6fd381 100644 --- a/dolphinscheduler-service/src/main/java/org/apache/dolphinscheduler/service/permission/ResourcePermissionCheckService.java +++ b/dolphinscheduler-service/src/main/java/org/apache/dolphinscheduler/service/permission/ResourcePermissionCheckService.java @@ -51,4 +51,10 @@ public interface ResourcePermissionCheckService{ * @return */ boolean operationPermissionCheck(AuthorizationType authorizationType, int userId, String sourceUrl, Logger logger); + + /** + * functionDisabled + * @return + */ + boolean functionDisabled(); } diff --git a/dolphinscheduler-service/src/main/java/org/apache/dolphinscheduler/service/permission/ResourcePermissionCheckServiceImpl.java b/dolphinscheduler-service/src/main/java/org/apache/dolphinscheduler/service/permission/ResourcePermissionCheckServiceImpl.java index 18ecd908b5..2b111575b9 100644 --- a/dolphinscheduler-service/src/main/java/org/apache/dolphinscheduler/service/permission/ResourcePermissionCheckServiceImpl.java +++ b/dolphinscheduler-service/src/main/java/org/apache/dolphinscheduler/service/permission/ResourcePermissionCheckServiceImpl.java @@ -36,6 +36,7 @@ package org.apache.dolphinscheduler.service.permission; import org.apache.dolphinscheduler.common.enums.AuthorizationType; import org.apache.dolphinscheduler.common.enums.UserType; import org.apache.dolphinscheduler.dao.entity.*; +import org.apache.dolphinscheduler.dao.entity.Queue; import org.apache.dolphinscheduler.dao.mapper.*; import org.apache.dolphinscheduler.service.process.ProcessService; import org.slf4j.Logger; @@ -64,7 +65,7 @@ public class ResourcePermissionCheckServiceImpl implements ResourcePermissionChe List authorizationTypes = authorizedResourceList.authorizationTypes(); authorizationTypes.forEach(auth -> RESOURCE_LIST_MAP.put(auth, authorizedResourceList)); } - } + } @Override public boolean resourcePermissionCheck(AuthorizationType authorizationType, Object[] needChecks, int userId, Logger logger) { @@ -82,6 +83,11 @@ public class ResourcePermissionCheckServiceImpl implements ResourcePermissionChe return RESOURCE_LIST_MAP.get(authorizationType).permissionCheck(userId, sourceUrl, logger); } + @Override + public boolean functionDisabled() { + return false; + } + @Override public Set userOwnedResourceIdsAcquisition(AuthorizationType authorizationType, int userId, Logger logger) { User user = processService.getUserById(userId); @@ -97,8 +103,7 @@ public class ResourcePermissionCheckServiceImpl implements ResourcePermissionChe private final ProjectMapper projectMapper; - @Autowired - private ProcessService processService; + public ProjectsResourceList(ProjectMapper projectMapper) { this.projectMapper = projectMapper; @@ -111,10 +116,8 @@ public class ResourcePermissionCheckServiceImpl implements ResourcePermissionChe @Override public boolean permissionCheck(int userId, String url, Logger logger) { - // all users can create projects return true; } - @Override public Set listAuthorizedResource(int userId, Logger logger) { return projectMapper.listAuthorizedProjects(userId, null).stream().map(Project::getId).collect(toSet()); @@ -122,6 +125,366 @@ public class ResourcePermissionCheckServiceImpl implements ResourcePermissionChe } + @Component + public static class K8sNamespaceResourceList implements ResourceAcquisitionAndPermissionCheck { + + private final K8sNamespaceMapper k8sNamespaceMapper; + + + + public K8sNamespaceResourceList(K8sNamespaceMapper k8sNamespaceMapper) { + this.k8sNamespaceMapper = k8sNamespaceMapper; + } + + @Override + public List authorizationTypes() { + return Collections.singletonList(AuthorizationType.K8S_NAMESPACE); + } + + @Override + public boolean permissionCheck(int userId, String url, Logger logger) { + return true; + } + + @Override + public Set listAuthorizedResource(int userId, Logger logger) { + return Collections.emptySet(); + } + } + + + @Component + public static class EnvironmentResourceList implements ResourceAcquisitionAndPermissionCheck { + + private final EnvironmentMapper environmentMapper; + + + + public EnvironmentResourceList(EnvironmentMapper environmentMapper) { + this.environmentMapper = environmentMapper; + } + + @Override + public List authorizationTypes() { + return Collections.singletonList(AuthorizationType.ENVIRONMENT); + } + + @Override + public boolean permissionCheck(int userId, String url, Logger logger) { + return true; + } + + @Override + public Set listAuthorizedResource(int userId, Logger logger) { + return Collections.emptySet(); + } + } + + @Component + public static class QueueResourceList implements ResourceAcquisitionAndPermissionCheck { + + private final QueueMapper queueMapper; + + + + public QueueResourceList(QueueMapper queueMapper) { + this.queueMapper = queueMapper; + } + + @Override + public List authorizationTypes() { + return Collections.singletonList(AuthorizationType.QUEUE); + } + + @Override + public boolean permissionCheck(int userId, String url, Logger logger) { + return true; + } + + @Override + public Set listAuthorizedResource(int userId, Logger logger) { + return Collections.emptySet(); + } + } + + + @Component + public static class WorkerGroupResourceList implements ResourceAcquisitionAndPermissionCheck { + + private final WorkerGroupMapper workerGroupMapper; + + + + public WorkerGroupResourceList(WorkerGroupMapper workerGroupMapper) { + this.workerGroupMapper = workerGroupMapper; + } + + @Override + public List authorizationTypes() { + return Collections.singletonList(AuthorizationType.WORKER_GROUP); + } + + @Override + public boolean permissionCheck(int userId, String url, Logger logger) { + return true; + } + + + @Override + public Set listAuthorizedResource(int userId, Logger logger) { + return Collections.emptySet(); + } + } + + /** + * AlertPluginInstance Resource + */ + @Component + public static class AlertPluginInstanceResourceList implements ResourceAcquisitionAndPermissionCheck { + + private final AlertPluginInstanceMapper alertPluginInstanceMapper; + + + + public AlertPluginInstanceResourceList(AlertPluginInstanceMapper alertPluginInstanceMapper) { + this.alertPluginInstanceMapper = alertPluginInstanceMapper; + } + + @Override + public List authorizationTypes() { + return Collections.singletonList(AuthorizationType.ALERT_PLUGIN_INSTANCE); + } + + @Override + public boolean permissionCheck(int userId, String url, Logger logger) { + return true; + } + + + @Override + public Set listAuthorizedResource(int userId, Logger logger) { + return Collections.emptySet(); + } + } + + /** + * AlertPluginInstance Resource + */ + @Component + public static class AlertGroupResourceList implements ResourceAcquisitionAndPermissionCheck { + + private final AlertGroupMapper alertGroupMapper; + + + + public AlertGroupResourceList(AlertGroupMapper alertGroupMapper) { + this.alertGroupMapper = alertGroupMapper; + } + + @Override + public List authorizationTypes() { + return Collections.singletonList(AuthorizationType.ALERT_GROUP); + } + + @Override + public boolean permissionCheck(int userId, String url, Logger logger) { + return true; + } + + + @Override + public Set listAuthorizedResource(int userId, Logger logger) { + return alertGroupMapper.listAuthorizedAlertGroupList(userId, null).stream().map(AlertGroup::getId).collect(toSet()); + } + } + + /** + * Tenant Resource + */ + @Component + public static class TenantResourceList implements ResourceAcquisitionAndPermissionCheck { + + private final TenantMapper tenantMapper; + + + + public TenantResourceList(TenantMapper tenantMapper) { + this.tenantMapper = tenantMapper; + } + + @Override + public List authorizationTypes() { + return Collections.singletonList(AuthorizationType.TENANT); + } + + @Override + public boolean permissionCheck(int userId, String url, Logger logger) { + return true; + } + + + @Override + public Set listAuthorizedResource(int userId, Logger logger) { + return Collections.emptySet(); + } + } + + /** + * User Resource + */ + @Component + public static class UsersResourceList implements ResourceAcquisitionAndPermissionCheck { + + private final UserMapper userMapper; + + + + public UsersResourceList(UserMapper userMapper) { + this.userMapper = userMapper; + } + + @Override + public List authorizationTypes() { + return Collections.singletonList(AuthorizationType.USER); + } + + @Override + public boolean permissionCheck(int userId, String url, Logger logger) { + return true; + } + + + @Override + public Set listAuthorizedResource(int userId, Logger logger) { + return userMapper.listAuthorizedUsersList(userId, null).stream().map(User::getId).collect(toSet()); + } + } + + /** + * DataSource Resource + */ + @Component + public static class DataSourceResourceList implements ResourceAcquisitionAndPermissionCheck { + + private final DataSourceMapper dataSourceMapper; + + + + public DataSourceResourceList(DataSourceMapper dataSourceMapper) { + this.dataSourceMapper = dataSourceMapper; + } + + @Override + public List authorizationTypes() { + return Collections.singletonList(AuthorizationType.DATASOURCE); + } + + @Override + public boolean permissionCheck(int userId, String url, Logger logger) { + return true; + } + + + @Override + public Set listAuthorizedResource(int userId, Logger logger) { + return dataSourceMapper.listAuthorizedDataSource(userId, null).stream().map(DataSource::getId).collect(toSet()); + } + } + + /** + * DataAnalysis Resource + */ + @Component + public static class DataAnalysisList implements ResourceAcquisitionAndPermissionCheck { + + private final CommandMapper commandMapper; + + + + public DataAnalysisList(CommandMapper commandMapper) { + this.commandMapper = commandMapper; + } + + @Override + public List authorizationTypes() { + return Collections.singletonList(AuthorizationType.DATA_ANALYSIS); + } + + @Override + public boolean permissionCheck(int userId, String url, Logger logger) { + return true; + } + + + @Override + public Set listAuthorizedResource(int userId, Logger logger) { + return Collections.emptySet(); + } + } + + /** + * DataQuality Resource + */ + @Component + public static class DataQualityList implements ResourceAcquisitionAndPermissionCheck { + + private final DqRuleMapper dqRuleMapper; + + + + public DataQualityList(DqRuleMapper dqRuleMapper) { + this.dqRuleMapper = dqRuleMapper; + } + + @Override + public List authorizationTypes() { + return Collections.singletonList(AuthorizationType.DATA_QUALITY); + } + + @Override + public boolean permissionCheck(int userId, String url, Logger logger) { + return true; + } + + + @Override + public Set listAuthorizedResource(int userId, Logger logger) { + return Collections.emptySet(); + } + } + + /** + * AccessToken Resource + */ + @Component + public static class AccessTokenList implements ResourceAcquisitionAndPermissionCheck { + + private final AccessTokenMapper accessTokenMapper; + + + + public AccessTokenList(AccessTokenMapper accessTokenMapper) { + this.accessTokenMapper = accessTokenMapper; + } + + @Override + public List authorizationTypes() { + return Collections.singletonList(AuthorizationType.ACCESS_TOKEN); + } + + @Override + public boolean permissionCheck(int userId, String url, Logger logger) { + return true; + } + + + @Override + public Set listAuthorizedResource(int userId, Logger logger) { + return accessTokenMapper.listAuthorizedAccessToken(userId, null).stream().map(AccessToken::getId).collect(toSet()); + } + } + + interface ResourceAcquisitionAndPermissionCheck { /**