github
/
DolphinScheduler
mirror of https://gitee.com/dolphinscheduler/DolphinScheduler.git
1
0
Fork 0
Code Issues Releases Wiki Activity
Browse Source

[Feature] [Permission]Data permission module added and Query class api remove verification. (#10504) 

* Data permission module added

* ut fix.

* queueController ut fix.

* queue service ut fix.

* e2e rerun
k8s/config
WangJPLeo 2 years ago committed by GitHub
parent
559f387e66
commit
20348578a2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
34 changed files with 219 additions and 305 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/constants/ApiFuncIdentificationConstant.java
  2. 197
      dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/permission/ResourcePermissionCheckServiceImpl.java
  3. 13
      dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/AccessTokenServiceImpl.java
  4. 5
      dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/AlertGroupServiceImpl.java
  5. 5
      dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/AlertPluginInstanceServiceImpl.java
  6. 6
      dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/DataAnalysisServiceImpl.java
  7. 5
      dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/DataSourceServiceImpl.java
  8. 4
      dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/DqExecuteResultServiceImpl.java
  9. 4
      dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/DqRuleServiceImpl.java
  10. 5
      dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/K8SNamespaceServiceImpl.java
  11. 16
      dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/MonitorServiceImpl.java
  12. 4
      dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ProjectServiceImpl.java
  13. 24
      dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/QueueServiceImpl.java
  14. 42
      dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ResourcesServiceImpl.java
  15. 12
      dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/TaskGroupServiceImpl.java
  16. 19
      dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/TenantServiceImpl.java
  17. 9
      dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/WorkerGroupServiceImpl.java
  18. 9
      dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/AccessTokenServiceTest.java
  19. 12
      dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/AlertGroupServiceTest.java
  20. 2
      dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/DataAnalysisServiceTest.java
  21. 2
      dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/K8SNamespaceServiceTest.java
  22. 6
      dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/MonitorServiceTest.java
  23. 25
      dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/QueueServiceTest.java
  24. 18
      dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/ResourcesServiceTest.java
  25. 2
      dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/TaskGroupServiceTest.java
  26. 12
      dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/TenantServiceTest.java
  27. 1
      dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/WorkerGroupServiceTest.java
  28. 11
      dolphinscheduler-dao/src/main/java/org/apache/dolphinscheduler/dao/mapper/TaskGroupMapper.java
  29. 8
      dolphinscheduler-dao/src/main/java/org/apache/dolphinscheduler/dao/mapper/TenantMapper.java
  30. 5
      dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/AccessTokenMapper.xml
  31. 19
      dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/TaskGroupMapper.xml
  32. 13
      dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/TenantMapper.xml
  33. 3
      dolphinscheduler-dao/src/test/java/org/apache/dolphinscheduler/dao/mapper/TaskGroupMapperTest.java
  34. 4
      dolphinscheduler-dao/src/test/java/org/apache/dolphinscheduler/dao/mapper/TenantMapperTest.java

2
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/constants/ApiFuncIdentificationConstant.java
Unescape View File

@ -155,8 +155,6 @@ public class ApiFuncIdentificationConstant {
public static final String MONITOR_DATABASES_VIEW = "monitor:databases:view";
public static final String MONITOR_STATISTICS_VIEW = "monitor:statistics:view";
public static final String MONITOR_EVENT_LIST_VIEW = "monitor:event:view";
public static final String MONITOR_ALERT_LIST_VIEW = "monitor:alert:view";
public final static Map<ExecuteType,String> map = new HashMap<ExecuteType,String>();

197
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/permission/ResourcePermissionCheckServiceImpl.java
Unescape View File

@ -35,13 +35,17 @@ package org.apache.dolphinscheduler.api.permission;
import static java.util.stream.Collectors.toSet;
import org.apache.commons.collections.CollectionUtils;
import org.apache.dolphinscheduler.common.enums.AuthorizationType;
import org.apache.dolphinscheduler.common.enums.UserType;
import org.apache.dolphinscheduler.dao.entity.AccessToken;
import org.apache.dolphinscheduler.dao.entity.AlertGroup;
import org.apache.dolphinscheduler.dao.entity.DataSource;
import org.apache.dolphinscheduler.dao.entity.Project;
import org.apache.dolphinscheduler.dao.entity.Queue;
import org.apache.dolphinscheduler.dao.entity.Resource;
import org.apache.dolphinscheduler.dao.entity.TaskGroup;
import org.apache.dolphinscheduler.dao.entity.Tenant;
import org.apache.dolphinscheduler.dao.entity.UdfFunc;
import org.apache.dolphinscheduler.dao.entity.User;
import org.apache.dolphinscheduler.dao.mapper.AccessTokenMapper;
@ -55,11 +59,14 @@ import org.apache.dolphinscheduler.dao.mapper.K8sNamespaceMapper;
import org.apache.dolphinscheduler.dao.mapper.ProjectMapper;
import org.apache.dolphinscheduler.dao.mapper.QueueMapper;
import org.apache.dolphinscheduler.dao.mapper.ResourceMapper;
import org.apache.dolphinscheduler.dao.mapper.ResourceUserMapper;
import org.apache.dolphinscheduler.dao.mapper.TaskGroupMapper;
import org.apache.dolphinscheduler.dao.mapper.TenantMapper;
import org.apache.dolphinscheduler.dao.mapper.UdfFuncMapper;
import org.apache.dolphinscheduler.dao.mapper.WorkerGroupMapper;
import org.apache.dolphinscheduler.service.process.ProcessService;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
@ -68,6 +75,7 @@ import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.stream.Collectors;
import org.slf4j.Logger;
import org.springframework.beans.BeansException;
@ -105,6 +113,14 @@ public class ResourcePermissionCheckServiceImpl implements ResourcePermissionChe
@Override
public boolean operationPermissionCheck(Object authorizationType, Integer userId, String permissionKey, Logger logger) {
User user = processService.getUserById(userId);
if (user == null) {
logger.error("user id {} doesn't exist", userId);
return false;
}
if (user.getUserType().equals(UserType.ADMIN_USER)) {
return true;
}
return RESOURCE_LIST_MAP.get(authorizationType).permissionCheck(userId, permissionKey, logger);
}
@ -130,48 +146,59 @@ public class ResourcePermissionCheckServiceImpl implements ResourcePermissionChe
}
@Component
public static class ProjectsResourcePermissionCheck implements ResourceAcquisitionAndPermissionCheck<Integer> {
public static class QueueResourcePermissionCheck implements ResourceAcquisitionAndPermissionCheck<Integer> {
private final ProjectMapper projectMapper;
private final QueueMapper queueMapper;
public ProjectsResourcePermissionCheck(ProjectMapper projectMapper) {
this.projectMapper = projectMapper;
public QueueResourcePermissionCheck(QueueMapper queueMapper) {
this.queueMapper = queueMapper;
}
@Override
public List<AuthorizationType> authorizationTypes() {
return Collections.singletonList(AuthorizationType.PROJECTS);
return Collections.singletonList(AuthorizationType.QUEUE);
}
@Override
public boolean permissionCheck(int userId, String permissionKey, Logger logger) {
// all users can create projects
return true;
// admin can create projects
return false;
}
@Override
public Set<Integer> listAuthorizedResource(int userId, Logger logger) {
return projectMapper.listAuthorizedProjects(userId, null).stream().map(Project::getId).collect(toSet());
if (userId != 0) {
return Collections.emptySet();
}
List<Queue> queues = queueMapper.selectList(null);
return queues.isEmpty() ? Collections.emptySet() : queues.stream().map(Queue::getId).collect(toSet());
}
}
@Component
public static class MonitorResourcePermissionCheck implements ResourceAcquisitionAndPermissionCheck<Integer> {
public static class ProjectsResourcePermissionCheck implements ResourceAcquisitionAndPermissionCheck<Integer> {
@Override
public List<AuthorizationType> authorizationTypes() {
return Collections.singletonList(AuthorizationType.MONITOR);
private final ProjectMapper projectMapper;
public ProjectsResourcePermissionCheck(ProjectMapper projectMapper) {
this.projectMapper = projectMapper;
}
@Override
public Set<Integer> listAuthorizedResource(int userId, Logger logger) {
return null;
public List<AuthorizationType> authorizationTypes() {
return Collections.singletonList(AuthorizationType.PROJECTS);
}
@Override
public boolean permissionCheck(int userId, String permissionKey, Logger logger) {
// all users can create projects
return true;
}
@Override
public Set<Integer> listAuthorizedResource(int userId, Logger logger) {
return projectMapper.listAuthorizedProjects(userId, null).stream().map(Project::getId).collect(toSet());
}
}
@Component
@ -179,8 +206,11 @@ public class ResourcePermissionCheckServiceImpl implements ResourcePermissionChe
private final ResourceMapper resourceMapper;
public FilePermissionCheck(ResourceMapper resourceMapper) {
private final ResourceUserMapper resourceUserMapper;
public FilePermissionCheck(ResourceMapper resourceMapper, ResourceUserMapper resourceUserMapper) {
this.resourceMapper = resourceMapper;
this.resourceUserMapper = resourceUserMapper;
}
@Override
@ -190,11 +220,17 @@ public class ResourcePermissionCheckServiceImpl implements ResourcePermissionChe
@Override
public Set<Integer> listAuthorizedResource(int userId, Logger logger) {
List<Resource> resources = resourceMapper.queryResourceList(null, userId, -1);
if (resources.isEmpty()){
return Collections.emptySet();
List<Resource> relationResources;
if (userId == 0) {
relationResources = new ArrayList<>();
} else {
// query resource relation
List<Integer> resIds = resourceUserMapper.queryResourcesIdListByUserIdAndPerm(userId, 0);
relationResources = CollectionUtils.isEmpty(resIds) ? new ArrayList<>() : resourceMapper.queryResourceListById(resIds);
}
return resources.stream().map(Resource::getId).collect(toSet());
List<Resource> ownResourceList = resourceMapper.queryResourceListAuthored(userId, -1);
relationResources.addAll(ownResourceList);
return ownResourceList.stream().map(Resource::getId).collect(toSet());
}
@Override
@ -235,6 +271,12 @@ public class ResourcePermissionCheckServiceImpl implements ResourcePermissionChe
@Component
public static class TaskGroupPermissionCheck implements ResourceAcquisitionAndPermissionCheck<Integer> {
private final TaskGroupMapper taskGroupMapper;
public TaskGroupPermissionCheck(TaskGroupMapper taskGroupMapper) {
this.taskGroupMapper = taskGroupMapper;
}
@Override
public List<AuthorizationType> authorizationTypes() {
return Collections.singletonList(AuthorizationType.TASK_GROUP);
@ -242,7 +284,11 @@ public class ResourcePermissionCheckServiceImpl implements ResourcePermissionChe
@Override
public Set<Integer> listAuthorizedResource(int userId, Logger logger) {
return null;
List<TaskGroup> taskGroupList = taskGroupMapper.listAuthorizedResource(userId);
if (taskGroupList.isEmpty()) {
return Collections.emptySet();
}
return taskGroupList.stream().map(TaskGroup::getId).collect(Collectors.toSet());
}
@Override
@ -267,7 +313,7 @@ public class ResourcePermissionCheckServiceImpl implements ResourcePermissionChe
@Override
public boolean permissionCheck(int userId, String url, Logger logger) {
return true;
return false;
}
@Override
@ -302,32 +348,6 @@ public class ResourcePermissionCheckServiceImpl implements ResourcePermissionChe
}
}
@Component
public static class QueueResourceList implements ResourceAcquisitionAndPermissionCheck<Integer> {
private final QueueMapper queueMapper;
public QueueResourceList(QueueMapper queueMapper) {
this.queueMapper = queueMapper;
}
@Override
public List<AuthorizationType> authorizationTypes() {
return Collections.singletonList(AuthorizationType.QUEUE);
}
@Override
public boolean permissionCheck(int userId, String url, Logger logger) {
return true;
}
@Override
public Set<Integer> listAuthorizedResource(int userId, Logger logger) {
return Collections.emptySet();
}
}
@Component
public static class WorkerGroupResourceList implements ResourceAcquisitionAndPermissionCheck<Integer> {
@ -344,7 +364,7 @@ public class ResourcePermissionCheckServiceImpl implements ResourcePermissionChe
@Override
public boolean permissionCheck(int userId, String url, Logger logger) {
return true;
return false;
}
@ -373,7 +393,7 @@ public class ResourcePermissionCheckServiceImpl implements ResourcePermissionChe
@Override
public boolean permissionCheck(int userId, String url, Logger logger) {
return true;
return false;
}
@ -402,7 +422,7 @@ public class ResourcePermissionCheckServiceImpl implements ResourcePermissionChe
@Override
public boolean permissionCheck(int userId, String url, Logger logger) {
return true;
return false;
}
@ -431,13 +451,17 @@ public class ResourcePermissionCheckServiceImpl implements ResourcePermissionChe
@Override
public boolean permissionCheck(int userId, String url, Logger logger) {
return true;
return false;
}
@Override
public Set<Integer> listAuthorizedResource(int userId, Logger logger) {
return Collections.emptySet();
if (userId != 0) {
return Collections.emptySet();
}
List<Tenant> tenantList = tenantMapper.queryAll();
return tenantList.stream().map(Tenant::getId).collect(Collectors.toSet());
}
}
@ -449,8 +473,6 @@ public class ResourcePermissionCheckServiceImpl implements ResourcePermissionChe
private final DataSourceMapper dataSourceMapper;
public DataSourceResourceList(DataSourceMapper dataSourceMapper) {
this.dataSourceMapper = dataSourceMapper;
}
@ -472,68 +494,6 @@ public class ResourcePermissionCheckServiceImpl implements ResourcePermissionChe
}
}
/**
* DataAnalysis Resource
*/
@Component
public static class DataAnalysisList implements ResourceAcquisitionAndPermissionCheck<Integer> {
private final CommandMapper commandMapper;
public DataAnalysisList(CommandMapper commandMapper) {
this.commandMapper = commandMapper;
}
@Override
public List<AuthorizationType> authorizationTypes() {
return Collections.singletonList(AuthorizationType.DATA_ANALYSIS);
}
@Override
public boolean permissionCheck(int userId, String url, Logger logger) {
return true;
}
@Override
public Set<Integer> listAuthorizedResource(int userId, Logger logger) {
return Collections.emptySet();
}
}
/**
* DataQuality Resource
*/
@Component
public static class DataQualityList implements ResourceAcquisitionAndPermissionCheck<Integer> {
private final DqRuleMapper dqRuleMapper;
public DataQualityList(DqRuleMapper dqRuleMapper) {
this.dqRuleMapper = dqRuleMapper;
}
@Override
public List<AuthorizationType> authorizationTypes() {
return Collections.singletonList(AuthorizationType.DATA_QUALITY);
}
@Override
public boolean permissionCheck(int userId, String url, Logger logger) {
return true;
}
@Override
public Set<Integer> listAuthorizedResource(int userId, Logger logger) {
return Collections.emptySet();
}
}
/**
* AccessToken Resource
*/
@ -542,8 +502,6 @@ public class ResourcePermissionCheckServiceImpl implements ResourcePermissionChe
private final AccessTokenMapper accessTokenMapper;
public AccessTokenList(AccessTokenMapper accessTokenMapper) {
this.accessTokenMapper = accessTokenMapper;
}
@ -555,10 +513,9 @@ public class ResourcePermissionCheckServiceImpl implements ResourcePermissionChe
@Override
public boolean permissionCheck(int userId, String url, Logger logger) {
return true;
return false;
}
@Override
public Set<Integer> listAuthorizedResource(int userId, Logger logger) {
return accessTokenMapper.listAuthorizedAccessToken(userId, null).stream().map(AccessToken::getId).collect(toSet());

13
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/AccessTokenServiceImpl.java
Unescape View File

@ -70,10 +70,6 @@ public class AccessTokenServiceImpl extends BaseServiceImpl implements AccessTok
Result result = new Result();
PageInfo<AccessToken> pageInfo = new PageInfo<>(pageNo, pageSize);
Page<AccessToken> page = new Page<>(pageNo, pageSize);
if (!canOperatorPermissions(loginUser,null,AuthorizationType.ACCESS_TOKEN,ACCESS_TOKEN_MANAGE)) {
putMsg(result, Status.USER_NO_OPERATION_PERM);
return result;
}
int userId = loginUser.getId();
if (loginUser.getUserType() == UserType.ADMIN_USER) {
userId = 0;
@ -97,13 +93,12 @@ public class AccessTokenServiceImpl extends BaseServiceImpl implements AccessTok
public Map<String, Object> queryAccessTokenByUser(User loginUser, Integer userId) {
Map<String, Object> result = new HashMap<>();
result.put(Constants.STATUS, false);
// only admin can operate
if (!canOperatorPermissions(loginUser,null, AuthorizationType.ACCESS_TOKEN,ACCESS_TOKEN_MANAGE)) {
// no permission
if (loginUser.getUserType().equals(UserType.GENERAL_USER) && loginUser.getId() != userId) {
putMsg(result, Status.USER_NO_OPERATION_PERM);
return result;
}
userId = loginUser.getUserType().equals(UserType.ADMIN_USER) ? 0 : userId;
// query access token for specified user
List<AccessToken> accessTokenList = this.accessTokenMapper.queryAccessTokenByUser(userId);
result.put(Constants.DATA_LIST, accessTokenList);
@ -173,7 +168,7 @@ public class AccessTokenServiceImpl extends BaseServiceImpl implements AccessTok
@Override
public Map<String, Object> generateToken(User loginUser, int userId, String expireTime) {
Map<String, Object> result = new HashMap<>();
if (!(canOperatorPermissions(loginUser,null,AuthorizationType.ACCESS_TOKEN, ACCESS_TOKEN_CREATE) || loginUser.getId() == userId)) {
if (!(canOperatorPermissions(loginUser,null, AuthorizationType.ACCESS_TOKEN, ACCESS_TOKEN_CREATE) || loginUser.getId() == userId)) {
putMsg(result, Status.USER_NO_OPERATION_PERM);
return result;
}

5
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/AlertGroupServiceImpl.java
Unescape View File

@ -31,7 +31,6 @@ import org.apache.dolphinscheduler.dao.mapper.AlertGroupMapper;
import org.apache.commons.lang3.StringUtils;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
@ -119,10 +118,6 @@ public class AlertGroupServiceImpl extends BaseServiceImpl implements AlertGroup
public Result listPaging(User loginUser, String searchVal, Integer pageNo, Integer pageSize) {
Result result = new Result();
if (!canOperatorPermissions(loginUser,null,AuthorizationType.ALERT_GROUP,ALERT_GROUP_VIEW)) {
putMsg(result,Status.USER_NO_OPERATION_PERM);
return result;
}
IPage<AlertGroup> alertGroupPage;
PageInfo<AlertGroup> pageInfo = new PageInfo<>(pageNo, pageSize);
Page<AlertGroup> page = new Page<>(pageNo, pageSize);

5
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/AlertPluginInstanceServiceImpl.java
Unescape View File

@ -211,11 +211,6 @@ public class AlertPluginInstanceServiceImpl extends BaseServiceImpl implements A
public Result listPaging(User loginUser, String searchVal, int pageNo, int pageSize) {
Result result = new Result();
if (!canOperatorPermissions(loginUser,null,AuthorizationType.ALERT_PLUGIN_INSTANCE, ApiFuncIdentificationConstant.ALARM_INSTANCE_MANAGE)) {
putMsg(result,Status.USER_NO_OPERATION_PERM);
return result;
}
Page<AlertPluginInstance> page = new Page<>(pageNo, pageSize);
IPage<AlertPluginInstance> alertPluginInstanceIPage = alertPluginInstanceMapper.queryByInstanceNamePage(page, searchVal);

6
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/DataAnalysisServiceImpl.java
Unescape View File

@ -258,12 +258,6 @@ public class DataAnalysisServiceImpl extends BaseServiceImpl implements DataAnal
return result;
}
Long[] projectCodeArray = getProjectCodesArrays(projectIds.getLeft());
// admin can view all
if(!canOperatorPermissions(loginUser,null, AuthorizationType.DATA_ANALYSIS, ApiFuncIdentificationConstant.MONITOR_STATISTICS_VIEW)){
putMsg(result, Status.USER_NO_OPERATION_PROJECT_PERM);
return result;
}
int userId = loginUser.getUserType() == UserType.ADMIN_USER ? 0 : loginUser.getId();
// count normal command state

5
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/DataSourceServiceImpl.java
Unescape View File

@ -250,11 +250,6 @@ public class DataSourceServiceImpl extends BaseServiceImpl implements DataSource
IPage<DataSource> dataSourceList = null;
Page<DataSource> dataSourcePage = new Page<>(pageNo, pageSize);
PageInfo<DataSource> pageInfo = new PageInfo<>(pageNo, pageSize);
if (!canOperatorPermissions(loginUser,null,AuthorizationType.DATASOURCE,DATASOURCE_LIST)) {
putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION);
return result;
}
if (loginUser.getUserType().equals(UserType.ADMIN_USER)) {
dataSourceList = dataSourceMapper.selectPaging(dataSourcePage, UserType.ADMIN_USER.equals(loginUser.getUserType()) ? 0 : loginUser.getId(), searchVal);
} else {

4
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/DqExecuteResultServiceImpl.java
Unescape View File

@ -71,10 +71,6 @@ public class DqExecuteResultServiceImpl extends BaseServiceImpl implements DqExe
if (StringUtils.isNotEmpty(endTime)) {
end = DateUtils.getScheduleDate(endTime);
}
if(!canOperatorPermissions(loginUser,null, AuthorizationType.DATA_QUALITY,null)){
putMsg(result, Status.USER_NO_OPERATION_PROJECT_PERM);
return result;
}
} catch (Exception e) {
putMsg(result, Status.REQUEST_PARAMS_NOT_VALID_ERROR, "startTime,endTime");
return result;

4
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/DqRuleServiceImpl.java
Unescape View File

@ -168,10 +168,6 @@ public class DqRuleServiceImpl extends BaseServiceImpl implements DqRuleService
if (StringUtils.isNotEmpty(endTime)) {
end = DateUtils.getScheduleDate(endTime);
}
if(!canOperatorPermissions(loginUser,null, AuthorizationType.DATA_QUALITY,null)){
putMsg(result, Status.USER_NO_OPERATION_PROJECT_PERM);
return result;
}
} catch (Exception e) {
putMsg(result, Status.REQUEST_PARAMS_NOT_VALID_ERROR, "startTime,endTime");
return result;

5
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/K8SNamespaceServiceImpl.java
Unescape View File

@ -80,11 +80,6 @@ public class K8SNamespaceServiceImpl extends BaseServiceImpl implements K8sNames
@Override
public Result queryListPaging(User loginUser, String searchVal, Integer pageNo, Integer pageSize) {
Result result = new Result();
if (!canOperatorPermissions(loginUser,null, AuthorizationType.K8S_NAMESPACE,null)) {
putMsg(result, Status.USER_NO_OPERATION_PERM);
return result;
}
Page<K8sNamespace> page = new Page<>(pageNo, pageSize);
IPage<K8sNamespace> k8sNamespaceList = k8sNamespaceMapper.queryK8sNamespacePaging(page, searchVal);

16
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/MonitorServiceImpl.java
Unescape View File

@ -17,11 +17,9 @@
package org.apache.dolphinscheduler.api.service.impl;
import org.apache.dolphinscheduler.api.constants.ApiFuncIdentificationConstant;
import org.apache.dolphinscheduler.api.enums.Status;
import org.apache.dolphinscheduler.api.service.MonitorService;
import org.apache.dolphinscheduler.common.Constants;
import org.apache.dolphinscheduler.common.enums.AuthorizationType;
import org.apache.dolphinscheduler.common.enums.NodeType;
import org.apache.dolphinscheduler.common.model.Server;
import org.apache.dolphinscheduler.common.model.WorkerServerModel;
@ -66,10 +64,6 @@ public class MonitorServiceImpl extends BaseServiceImpl implements MonitorServic
@Override
public Map<String, Object> queryDatabaseState(User loginUser) {
Map<String, Object> result = new HashMap<>();
if (!canOperatorPermissions(loginUser, null, AuthorizationType.MONITOR, ApiFuncIdentificationConstant.MONITOR_DATABASES_VIEW)) {
putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION);
return result;
}
List<MonitorRecord> monitorRecordList = monitorDBDao.queryDatabaseState();
result.put(Constants.DATA_LIST, monitorRecordList);
putMsg(result, Status.SUCCESS);
@ -85,10 +79,6 @@ public class MonitorServiceImpl extends BaseServiceImpl implements MonitorServic
@Override
public Map<String, Object> queryMaster(User loginUser) {
Map<String, Object> result = new HashMap<>();
if (!canOperatorPermissions(loginUser, null, AuthorizationType.MONITOR, ApiFuncIdentificationConstant.MONITOR_MASTER_VIEW)) {
putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION);
return result;
}
List<Server> masterServers = getServerListFromRegistry(true);
result.put(Constants.DATA_LIST, masterServers);
putMsg(result, Status.SUCCESS);
@ -106,12 +96,6 @@ public class MonitorServiceImpl extends BaseServiceImpl implements MonitorServic
public Map<String, Object> queryWorker(User loginUser) {
Map<String, Object> result = new HashMap<>();
if (!canOperatorPermissions(loginUser, null, AuthorizationType.MONITOR, ApiFuncIdentificationConstant.MONITOR_WORKER_VIEW)) {
putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION);
return result;
}
List<WorkerServerModel> workerServers = getServerListFromRegistry(false)
.stream()
.map((Server server) -> {

4
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ProjectServiceImpl.java
Unescape View File

@ -230,10 +230,6 @@ public class ProjectServiceImpl extends BaseServiceImpl implements ProjectServic
Result result = new Result();
PageInfo<Project> pageInfo = new PageInfo<>(pageNo, pageSize);
Page<Project> page = new Page<>(pageNo, pageSize);
if (!canOperatorPermissions(loginUser, null, AuthorizationType.PROJECTS, PROJECT)) {
putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION);
return result;
}
Set<Integer> projectIds = resourcePermissionCheckService.userOwnedResourceIdsAcquisition(AuthorizationType.PROJECTS, loginUser.getId(), logger);
if (projectIds.isEmpty()) {
result.setData(pageInfo);

24
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/QueueServiceImpl.java
Unescape View File

@ -30,10 +30,12 @@ import org.apache.dolphinscheduler.dao.mapper.UserMapper;
import org.apache.commons.lang3.StringUtils;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@ -68,12 +70,13 @@ public class QueueServiceImpl extends BaseServiceImpl implements QueueService {
@Override
public Map<String, Object> queryList(User loginUser) {
Map<String, Object> result = new HashMap<>();
if (!canOperatorPermissions(loginUser,null, AuthorizationType.QUEUE, YARN_QUEUE_MANAGE)) {
putMsg(result, Status.USER_NO_OPERATION_PERM);
Set<Integer> ids = resourcePermissionCheckService.userOwnedResourceIdsAcquisition(AuthorizationType.QUEUE, loginUser.getId(), logger);
if (ids.isEmpty()) {
result.put(Constants.DATA_LIST, Collections.emptyList());
putMsg(result, Status.SUCCESS);
return result;
}
List<Queue> queueList = queueMapper.selectList(null);
List<Queue> queueList = queueMapper.selectBatchIds(ids);
result.put(Constants.DATA_LIST, queueList);
putMsg(result, Status.SUCCESS);
@ -92,17 +95,16 @@ public class QueueServiceImpl extends BaseServiceImpl implements QueueService {
@Override
public Result queryList(User loginUser, String searchVal, Integer pageNo, Integer pageSize) {
Result result = new Result();
if (!canOperatorPermissions(loginUser,null,AuthorizationType.QUEUE,YARN_QUEUE_MANAGE)) {
putMsg(result, Status.USER_NO_OPERATION_PERM);
PageInfo<Queue> pageInfo = new PageInfo<>(pageNo, pageSize);
Set<Integer> ids = resourcePermissionCheckService.userOwnedResourceIdsAcquisition(AuthorizationType.QUEUE, loginUser.getId(), logger);
if (ids.isEmpty()) {
result.setData(pageInfo);
putMsg(result, Status.SUCCESS);
return result;
}
Page<Queue> page = new Page<>(pageNo, pageSize);
IPage<Queue> queueList = queueMapper.queryQueuePaging(page, searchVal);
Integer count = (int) queueList.getTotal();
PageInfo<Queue> pageInfo = new PageInfo<>(pageNo, pageSize);
pageInfo.setTotal(count);
pageInfo.setTotalList(queueList.getRecords());
result.setData(pageInfo);
@ -174,7 +176,7 @@ public class QueueServiceImpl extends BaseServiceImpl implements QueueService {
@Override
public Map<String, Object> updateQueue(User loginUser, int id, String queue, String queueName) {
Map<String, Object> result = new HashMap<>();
if (!canOperatorPermissions(loginUser,null, AuthorizationType.QUEUE,YARN_QUEUE_UPDATE)) {
if (!canOperatorPermissions(loginUser,new Object[]{id}, AuthorizationType.QUEUE,YARN_QUEUE_UPDATE)) {
putMsg(result, Status.USER_NO_OPERATION_PERM);
return result;
}

42
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ResourcesServiceImpl.java
Unescape View File

@ -619,13 +619,6 @@ public class ResourcesServiceImpl extends BaseServiceImpl implements ResourcesSe
@Override
public Result queryResourceListPaging(User loginUser, int directoryId, ResourceType type, String searchVal, Integer pageNo, Integer pageSize) {
Result<Object> result = new Result<>();
String funcPermissionKey = type.equals(ResourceType.FILE) ? ApiFuncIdentificationConstant.FILE_VIEW : ApiFuncIdentificationConstant.UDF_FILE_VIEW;
boolean canOperatorPermissions = canOperatorPermissions(loginUser, null, AuthorizationType.RESOURCE_FILE_ID, funcPermissionKey);
if (!canOperatorPermissions){
putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION);
return result;
}
Page<Resource> page = new Page<>(pageNo, pageSize);
if (directoryId != -1) {
Resource directory = resourcesMapper.selectById(directoryId);
@ -729,13 +722,6 @@ public class ResourcesServiceImpl extends BaseServiceImpl implements ResourcesSe
public Map<String, Object> queryResourceList(User loginUser, ResourceType type) {
Map<String, Object> result = new HashMap<>();
String funcPermissionKey = type.equals(ResourceType.FILE) ? ApiFuncIdentificationConstant.FILE_VIEW : ApiFuncIdentificationConstant.UDF_FILE_VIEW;
boolean canOperatorPermissions = canOperatorPermissions(loginUser, null, AuthorizationType.RESOURCE_FILE_ID, funcPermissionKey);
if (!canOperatorPermissions){
putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION);
return result;
}
List<Resource> allResourceList = queryAuthoredResourceList(loginUser, type);
Visitor resourceTreeVisitor = new ResourceTreeVisitor(allResourceList);
result.put(Constants.DATA_LIST, resourceTreeVisitor.visit().getChildren());
@ -754,12 +740,6 @@ public class ResourcesServiceImpl extends BaseServiceImpl implements ResourcesSe
@Override
public Result<Object> queryResourceByProgramType(User loginUser, ResourceType type, ProgramType programType) {
Result<Object> result = new Result<>();
String funcPermissionKey = type.equals(ResourceType.FILE) ? ApiFuncIdentificationConstant.FILE_VIEW : ApiFuncIdentificationConstant.UDF_FILE_VIEW;
boolean canOperatorPermissions = canOperatorPermissions(loginUser, null, AuthorizationType.RESOURCE_FILE_ID, funcPermissionKey);
if (!canOperatorPermissions){
putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION);
return result;
}
Set<Integer> resourceIds = resourcePermissionCheckService.userOwnedResourceIdsAcquisition(checkResourceType(type), loginUser.getId(), logger);
if (resourceIds.isEmpty()){
@ -1575,23 +1555,13 @@ public class ResourcesServiceImpl extends BaseServiceImpl implements ResourcesSe
* @return all authored resource list
*/
private List<Resource> queryAuthoredResourceList(User loginUser, ResourceType type) {
List<Resource> relationResources;
int userId = loginUser.getId();
if (isAdmin(loginUser)) {
userId = 0;
relationResources = new ArrayList<>();
} else {
// query resource relation
relationResources = queryResourceList(userId, 0);
Set<Integer> resourceIds = resourcePermissionCheckService.userOwnedResourceIdsAcquisition(checkResourceType(type), loginUser.getId(), logger);
if (resourceIds.isEmpty()){
return Collections.emptyList();
}
// filter by resource type
List<Resource> relationTypeResources =
relationResources.stream().filter(rs -> rs.getType() == type).collect(Collectors.toList());
List<Resource> ownResourceList = resourcesMapper.queryResourceListAuthored(userId, type.ordinal());
ownResourceList.addAll(relationTypeResources);
return ownResourceList;
List<Resource> resources = resourcesMapper.selectBatchIds(resourceIds);
resources = resources.stream().filter(rs -> rs.getType() == type).collect(Collectors.toList());
return resources;
}
/**

12
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/TaskGroupServiceImpl.java
Unescape View File

@ -45,6 +45,7 @@ import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
/**
* task Group Service
@ -267,13 +268,14 @@ public class TaskGroupServiceImpl extends BaseServiceImpl implements TaskGroupSe
public Map<String, Object> doQuery(User loginUser, int pageNo, int pageSize, int userId, String name, Integer status) {
Map<String, Object> result = new HashMap<>();
Page<TaskGroup> page = new Page<>(pageNo, pageSize);
boolean canOperatorPermissions = canOperatorPermissions(loginUser, null, AuthorizationType.TASK_GROUP, ApiFuncIdentificationConstant.TASK_GROUP_VIEW);
if (!canOperatorPermissions){
putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION);
PageInfo<TaskGroup> pageInfo = new PageInfo<>(pageNo, pageSize);
Set<Integer> ids = resourcePermissionCheckService.userOwnedResourceIdsAcquisition(AuthorizationType.TASK_GROUP, userId, logger);
if (ids.isEmpty()) {
result.put(Constants.DATA_LIST, pageInfo);
putMsg(result, Status.SUCCESS);
return result;
}
IPage<TaskGroup> taskGroupPaging = taskGroupMapper.queryTaskGroupPaging(page, userId, name, status);
IPage<TaskGroup> taskGroupPaging = taskGroupMapper.queryTaskGroupPaging(page, new ArrayList<>(ids), name, status);
return getStringObjectMap(pageNo, pageSize, result, taskGroupPaging);
}

19
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/TenantServiceImpl.java
Unescape View File

@ -150,14 +150,16 @@ public class TenantServiceImpl extends BaseServiceImpl implements TenantService
public Result<Object> queryTenantList(User loginUser, String searchVal, Integer pageNo, Integer pageSize) {
Result<Object> result = new Result<>();
if (!canOperatorPermissions(loginUser,null,AuthorizationType.TENANT,TENANT_MANAGER)) {
putMsg(result, Status.USER_NO_OPERATION_PERM);
PageInfo<Tenant> pageInfo = new PageInfo<>(pageNo, pageSize);
Set<Integer> ids = resourcePermissionCheckService.userOwnedResourceIdsAcquisition(AuthorizationType.TENANT, loginUser.getId(), logger);
if (ids.isEmpty()) {
result.setData(pageInfo);
putMsg(result, Status.SUCCESS);
return result;
}
Page<Tenant> page = new Page<>(pageNo, pageSize);
IPage<Tenant> tenantPage = tenantMapper.queryTenantPaging(page, searchVal);
IPage<Tenant> tenantPage = tenantMapper.queryTenantPaging(page, new ArrayList<>(ids), searchVal);
PageInfo<Tenant> pageInfo = new PageInfo<>(pageNo, pageSize);
pageInfo.setTotal((int) tenantPage.getTotal());
pageInfo.setTotalList(tenantPage.getRecords());
result.setData(pageInfo);
@ -298,14 +300,15 @@ public class TenantServiceImpl extends BaseServiceImpl implements TenantService
public Map<String, Object> queryTenantList(User loginUser) {
Map<String, Object> result = new HashMap<>();
if (!canOperatorPermissions(loginUser,null,AuthorizationType.TENANT,TENANT_MANAGER)) {
putMsg(result, Status.USER_NO_OPERATION_PERM);
Set<Integer> ids = resourcePermissionCheckService.userOwnedResourceIdsAcquisition(AuthorizationType.TENANT, loginUser.getId(), logger);
if (ids.isEmpty()) {
result.put(Constants.DATA_LIST, Collections.emptyList());
putMsg(result, Status.SUCCESS);
return result;
}
List<Tenant> resourceList = tenantMapper.selectList(null);
List<Tenant> resourceList = tenantMapper.selectBatchIds(ids);
result.put(Constants.DATA_LIST, resourceList);
putMsg(result, Status.SUCCESS);
return result;
}

9
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/WorkerGroupServiceImpl.java
Unescape View File

@ -124,7 +124,9 @@ public class WorkerGroupServiceImpl extends BaseServiceImpl implements WorkerGro
workerGroupMapper.insert(workerGroup);
}
putMsg(result, Status.SUCCESS);
permissionPostHandle(AuthorizationType.WORKER_GROUP, loginUser.getId(), Collections.singletonList(workerGroup.getId()),logger);
if (id != 0) {
permissionPostHandle(AuthorizationType.WORKER_GROUP, loginUser.getId(), Collections.singletonList(workerGroup.getId()),logger);
}
return result;
}
@ -189,11 +191,6 @@ public class WorkerGroupServiceImpl extends BaseServiceImpl implements WorkerGro
int toIndex = (pageNo - 1) * pageSize + pageSize;
Result result = new Result();
if (!canOperatorPermissions(loginUser,null,AuthorizationType.WORKER_GROUP,WORKER_GROUP_MANAGE)) {
putMsg(result,Status.USER_NO_OPERATION_PERM);
return result;
}
List<WorkerGroup> workerGroups = new ArrayList<>();
if (loginUser.getUserType().equals(UserType.ADMIN_USER)) {
workerGroups = getWorkerGroups(true);

9
dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/AccessTokenServiceTest.java
Unescape View File

@ -40,7 +40,6 @@ import java.util.Calendar;
import java.util.Date;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import org.apache.dolphinscheduler.api.permission.ResourcePermissionCheckService;
import org.assertj.core.util.Lists;
@ -83,8 +82,6 @@ public class AccessTokenServiceTest {
User user = new User();
user.setId(1);
user.setUserType(UserType.ADMIN_USER);
Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.ACCESS_TOKEN, 1, ACCESS_TOKEN_MANAGE, baseServiceLogger)).thenReturn(true);
Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.ACCESS_TOKEN, null, 0, baseServiceLogger)).thenReturn(true);
when(accessTokenMapper.selectAccessTokenPage(any(Page.class), eq("zhangsan"), eq(0))).thenReturn(tokenPage);
Result result = accessTokenService.queryAccessTokenList(user, "zhangsan", 1, 10);
@ -96,19 +93,17 @@ public class AccessTokenServiceTest {
@Test
public void testQueryAccessTokenByUser() {
List<AccessToken> accessTokenList = Lists.newArrayList(this.getEntity());
Mockito.when(this.accessTokenMapper.queryAccessTokenByUser(1)).thenReturn(accessTokenList);
Mockito.when(this.accessTokenMapper.queryAccessTokenByUser(Mockito.anyInt())).thenReturn(accessTokenList);
// USER_NO_OPERATION_PERM
User user = this.getLoginUser();
user.setUserType(UserType.GENERAL_USER);
Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.ACCESS_TOKEN, user.getId(), ACCESS_TOKEN_MANAGE, baseServiceLogger)).thenReturn(true);
Map<String, Object> result = this.accessTokenService.queryAccessTokenByUser(user, 1);
Map<String, Object> result = this.accessTokenService.queryAccessTokenByUser(user, 3);
logger.info(result.toString());
Assert.assertEquals(Status.USER_NO_OPERATION_PERM, result.get(Constants.STATUS));
// SUCCESS
user.setUserType(UserType.ADMIN_USER);
Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.ACCESS_TOKEN, null, 0, baseServiceLogger)).thenReturn(true);
result = this.accessTokenService.queryAccessTokenByUser(user, 1);
logger.info(result.toString());
Assert.assertEquals(Status.SUCCESS, result.get(Constants.STATUS));

12
dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/AlertGroupServiceTest.java
Unescape View File

@ -36,8 +36,10 @@ import org.apache.dolphinscheduler.dao.mapper.AlertGroupMapper;
import org.apache.commons.collections.CollectionUtils;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.apache.dolphinscheduler.api.permission.ResourcePermissionCheckService;
import org.junit.Assert;
@ -71,9 +73,6 @@ public class AlertGroupServiceTest {
private String groupName = "AlertGroupServiceTest";
@InjectMocks
BaseServiceImpl baseService;
@Spy
private ResourcePermissionCheckService resourcePermissionCheckService;
@ -97,14 +96,15 @@ public class AlertGroupServiceTest {
// no operate
user.setUserType(UserType.GENERAL_USER);
user.setId(88);
Set<Integer> ids = new HashSet<>();
ids.add(1);
Result result = alertGroupService.listPaging(user, groupName, 1, 10);
logger.info(result.toString());
Assert.assertEquals(Status.USER_NO_OPERATION_PERM.getCode(), (int) result.getCode());
Assert.assertEquals(Status.SUCCESS.getCode(), (int) result.getCode());
//success
user.setUserType(UserType.ADMIN_USER);
user.setId(1);
Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.ALERT_GROUP, 1, ALERT_GROUP_VIEW, baseServiceLogger)).thenReturn(true);
Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.ALERT_GROUP, null, 0, baseServiceLogger)).thenReturn(true);
result = alertGroupService.listPaging(user, groupName, 1, 10);
logger.info(result.toString());
PageInfo<AlertGroup> pageInfo = (PageInfo<AlertGroup>) result.getData();

2
dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/DataAnalysisServiceTest.java
Unescape View File

@ -281,8 +281,6 @@ public class DataAnalysisServiceTest {
CommandCount commandCount = new CommandCount();
commandCount.setCommandType(CommandType.START_PROCESS);
commandCounts.add(commandCount);
Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.DATA_ANALYSIS, user.getId(), ApiFuncIdentificationConstant.MONITOR_STATISTICS_VIEW, baseServiceLogger)).thenReturn(true);
Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.DATA_ANALYSIS, null, 0, baseServiceLogger)).thenReturn(true);
Mockito.when(commandMapper.countCommandState(0, null, null, new Long[]{1L})).thenReturn(commandCounts);
Mockito.when(errorCommandMapper.countCommandState(0, null, null, new Long[]{1L})).thenReturn(commandCounts);

2
dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/K8SNamespaceServiceTest.java
Unescape View File

@ -92,8 +92,6 @@ public class K8SNamespaceServiceTest {
IPage<K8sNamespace> page = new Page<>(1, 10);
page.setTotal(1L);
page.setRecords(getNamespaceList());
Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.K8S_NAMESPACE, getLoginUser().getId(), null, baseServiceLogger)).thenReturn(true);
Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.K8S_NAMESPACE, null, 0, baseServiceLogger)).thenReturn(true);
Mockito.when(k8sNamespaceMapper.queryK8sNamespacePaging(Mockito.any(Page.class), Mockito.eq(namespace))).thenReturn(page);
Result result = k8sNamespaceService.queryListPaging(getLoginUser(), namespace, 1, 10);
logger.info(result.toString());

6
dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/MonitorServiceTest.java
Unescape View File

@ -94,7 +94,7 @@ public class MonitorServiceTest {
mockPermissionCheck(ApiFuncIdentificationConstant.MONITOR_DATABASES_VIEW, false);
Map<String,Object> noPermission = monitorService.queryDatabaseState(user);
Assert.assertEquals(Status.NO_CURRENT_OPERATING_PERMISSION,noPermission.get(Constants.STATUS));
Assert.assertEquals(Status.SUCCESS,noPermission.get(Constants.STATUS));
}
@Test
@ -106,7 +106,7 @@ public class MonitorServiceTest {
mockPermissionCheck(ApiFuncIdentificationConstant.MONITOR_MASTER_VIEW, false);
Map<String,Object> noPermission = monitorService.queryMaster(user);
Assert.assertEquals(Status.NO_CURRENT_OPERATING_PERMISSION,noPermission.get(Constants.STATUS));
Assert.assertEquals(Status.SUCCESS,noPermission.get(Constants.STATUS));
}
@Test
@ -118,7 +118,7 @@ public class MonitorServiceTest {
mockPermissionCheck(ApiFuncIdentificationConstant.MONITOR_WORKER_VIEW, false);
Map<String,Object> noPermission = monitorService.queryWorker(user);
Assert.assertEquals(Status.NO_CURRENT_OPERATING_PERMISSION,noPermission.get(Constants.STATUS));
Assert.assertEquals(Status.SUCCESS,noPermission.get(Constants.STATUS));
}
@Test

25
dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/QueueServiceTest.java
Unescape View File

@ -28,15 +28,17 @@ import org.apache.dolphinscheduler.common.enums.UserType;
import org.apache.dolphinscheduler.dao.entity.Queue;
import org.apache.dolphinscheduler.dao.entity.User;
import org.apache.dolphinscheduler.dao.mapper.QueueMapper;
import org.apache.dolphinscheduler.dao.mapper.UserMapper;
import org.apache.commons.collections.CollectionUtils;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.apache.dolphinscheduler.api.permission.ResourcePermissionCheckService;
import org.apache.dolphinscheduler.dao.mapper.UserMapper;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
@ -62,6 +64,7 @@ public class QueueServiceTest {
private static final Logger logger = LoggerFactory.getLogger(QueueServiceTest.class);
private static final Logger baseServiceLogger = LoggerFactory.getLogger(BaseServiceImpl.class);
private static final Logger queueServiceImplLogger = LoggerFactory.getLogger(QueueServiceImpl.class);
@InjectMocks
private QueueServiceImpl queueService;
@ -70,10 +73,10 @@ public class QueueServiceTest {
private QueueMapper queueMapper;
@Mock
private ResourcePermissionCheckService resourcePermissionCheckService;
private UserMapper userMapper;
@Mock
private UserMapper userMapper;
private ResourcePermissionCheckService resourcePermissionCheckService;
private String queueName = "QueueServiceTest";
@ -87,9 +90,10 @@ public class QueueServiceTest {
@Test
public void testQueryList() {
Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.QUEUE, getLoginUser().getId(), YARN_QUEUE_MANAGE, baseServiceLogger)).thenReturn(true);
Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.QUEUE, null, 0, baseServiceLogger)).thenReturn(true);
Mockito.when(queueMapper.selectList(null)).thenReturn(getQueueList());
Set<Integer> ids = new HashSet<>();
ids.add(1);
Mockito.when(resourcePermissionCheckService.userOwnedResourceIdsAcquisition(AuthorizationType.QUEUE, getLoginUser().getId(), queueServiceImplLogger)).thenReturn(ids);
Mockito.when(queueMapper.selectBatchIds(Mockito.anySet())).thenReturn(getQueueList());
Map<String, Object> result = queueService.queryList(getLoginUser());
logger.info(result.toString());
List<Queue> queueList = (List<Queue>) result.get(Constants.DATA_LIST);
@ -103,8 +107,9 @@ public class QueueServiceTest {
IPage<Queue> page = new Page<>(1, 10);
page.setTotal(1L);
page.setRecords(getQueueList());
Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.QUEUE, getLoginUser().getId(), YARN_QUEUE_MANAGE, baseServiceLogger)).thenReturn(true);
Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.QUEUE, null, 0, baseServiceLogger)).thenReturn(true);
Set<Integer> ids = new HashSet<>();
ids.add(1);
Mockito.when(resourcePermissionCheckService.userOwnedResourceIdsAcquisition(AuthorizationType.QUEUE, getLoginUser().getId(), queueServiceImplLogger)).thenReturn(ids);
Mockito.when(queueMapper.queryQueuePaging(Mockito.any(Page.class), Mockito.eq(queueName))).thenReturn(page);
Result result = queueService.queryList(getLoginUser(), queueName, 1, 10);
logger.info(result.toString());
@ -138,12 +143,13 @@ public class QueueServiceTest {
Mockito.when(queueMapper.existQueue("test", null)).thenReturn(true);
Mockito.when(queueMapper.existQueue(null, "test")).thenReturn(true);
Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.QUEUE, getLoginUser().getId(), YARN_QUEUE_UPDATE , baseServiceLogger)).thenReturn(true);
Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.QUEUE, null, 0, baseServiceLogger)).thenReturn(true);
Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.QUEUE, new Object[]{0}, 0, baseServiceLogger)).thenReturn(true);
// not exist
Map<String, Object> result = queueService.updateQueue(getLoginUser(), 0, "queue", queueName);
logger.info(result.toString());
Assert.assertEquals(Status.QUEUE_NOT_EXIST.getCode(), ((Status) result.get(Constants.STATUS)).getCode());
//no need update
Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.QUEUE, new Object[]{1}, 0, baseServiceLogger)).thenReturn(true);
result = queueService.updateQueue(getLoginUser(), 1, queueName, queueName);
logger.info(result.toString());
Assert.assertEquals(Status.NEED_NOT_UPDATE_QUEUE.getCode(), ((Status) result.get(Constants.STATUS)).getCode());
@ -156,6 +162,7 @@ public class QueueServiceTest {
logger.info(result.toString());
Assert.assertEquals(Status.QUEUE_NAME_EXIST.getCode(), ((Status) result.get(Constants.STATUS)).getCode());
//success
Mockito.when(userMapper.existUser(Mockito.anyString())).thenReturn(false);
result = queueService.updateQueue(getLoginUser(), 1, "test1", "test1");
logger.info(result.toString());
Assert.assertEquals(Status.SUCCESS.getCode(), ((Status) result.get(Constants.STATUS)).getCode());

18
dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/ResourcesServiceTest.java
Unescape View File

@ -367,11 +367,9 @@ public class ResourcesServiceTest {
loginUser.setId(0);
loginUser.setUserType(UserType.ADMIN_USER);
PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 0, ApiFuncIdentificationConstant.FILE_VIEW, serviceLogger)).thenReturn(true);
PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, null, 0, serviceLogger)).thenReturn(true);
PowerMockito.when(resourcePermissionCheckService.userOwnedResourceIdsAcquisition(AuthorizationType.RESOURCE_FILE_ID, 0, serviceLogger)).thenReturn(getSetIds());
PowerMockito.when(resourcePermissionCheckService.userOwnedResourceIdsAcquisition(AuthorizationType.RESOURCE_FILE_ID, 0, resourceLogger)).thenReturn(getSetIds());
Mockito.when(resourcesMapper.selectBatchIds(Mockito.anySet())).thenReturn(getResourceList());
Mockito.when(resourcesMapper.queryResourceListAuthored(0, 0)).thenReturn(getResourceList());
Map<String, Object> result = resourcesService.queryResourceList(loginUser, ResourceType.FILE);
logger.info(result.toString());
Assert.assertEquals(Status.SUCCESS, result.get(Constants.STATUS));
@ -379,15 +377,11 @@ public class ResourcesServiceTest {
Assert.assertTrue(CollectionUtils.isNotEmpty(resourceList));
// test udf
PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 0, ApiFuncIdentificationConstant.UDF_FILE_VIEW, serviceLogger)).thenReturn(true);
PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, null, 0, serviceLogger)).thenReturn(true);
PowerMockito.when(resourcePermissionCheckService.userOwnedResourceIdsAcquisition(AuthorizationType.RESOURCE_FILE_ID, 0, serviceLogger)).thenReturn(getSetIds());
PowerMockito.when(resourcePermissionCheckService.userOwnedResourceIdsAcquisition(AuthorizationType.UDF_FILE, 0, resourceLogger)).thenReturn(getSetIds());
Mockito.when(resourcesMapper.selectBatchIds(Mockito.anySet())).thenReturn(Arrays.asList(getResource(11, ResourceType.UDF),
getResource(10, ResourceType.UDF), getResource(9, ResourceType.UDF), getResource(8, ResourceType.UDF)));
loginUser.setUserType(UserType.GENERAL_USER);
Mockito.when(resourceUserMapper.queryResourcesIdListByUserIdAndPerm(0, 0))
.thenReturn(Arrays.asList(Integer.valueOf(10), Integer.valueOf(11)));
Mockito.when(resourcesMapper.queryResourceListById(Arrays.asList(Integer.valueOf(10), Integer.valueOf(11))))
.thenReturn(Arrays.asList(getResource(10, ResourceType.FILE), getResource(11, ResourceType.UDF)));
Mockito.when(resourcesMapper.queryResourceListAuthored(0, 1)).thenReturn(getResourceList());
result = resourcesService.queryResourceList(loginUser, ResourceType.UDF);
logger.info(result.toString());
Assert.assertEquals(Status.SUCCESS, result.get(Constants.STATUS));

2
dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/TaskGroupServiceTest.java
Unescape View File

@ -156,7 +156,7 @@ public class TaskGroupServiceTest {
User loginUser = getLoginUser();
Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.TASK_GROUP, loginUser.getId(), ApiFuncIdentificationConstant.TASK_GROUP_VIEW, serviceLogger)).thenReturn(true);
Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.TASK_GROUP, null, 0, serviceLogger)).thenReturn(true);
Mockito.when(taskGroupMapper.queryTaskGroupPaging(Mockito.any(Page.class), Mockito.eq(10),
Mockito.when(taskGroupMapper.queryTaskGroupPaging(Mockito.any(Page.class), Mockito.anyList(),
Mockito.eq(null), Mockito.eq(0))).thenReturn(page);
// query all

12
dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/TenantServiceTest.java
Unescape View File

@ -51,8 +51,10 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import static org.apache.dolphinscheduler.api.constants.ApiFuncIdentificationConstant.*;
@ -64,6 +66,7 @@ import static org.apache.dolphinscheduler.api.constants.ApiFuncIdentificationCon
public class TenantServiceTest {
private static final Logger baseServiceLogger = LoggerFactory.getLogger(BaseServiceImpl.class);
private static final Logger logger = LoggerFactory.getLogger(TenantServiceTest.class);
private static final Logger tenantServiceImplLogger = LoggerFactory.getLogger(TenantServiceImpl.class);
@InjectMocks
private TenantServiceImpl tenantService;
@ -125,10 +128,11 @@ public class TenantServiceTest {
IPage<Tenant> page = new Page<>(1, 10);
page.setRecords(getList());
page.setTotal(1L);
Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.TENANT, getLoginUser().getId(), TENANT_MANAGER, baseServiceLogger)).thenReturn(true);
Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.TENANT, null, 0, baseServiceLogger)).thenReturn(true);
Mockito.when(tenantMapper.queryTenantPaging(Mockito.any(Page.class), Mockito.eq("TenantServiceTest")))
.thenReturn(page);
Set<Integer> ids = new HashSet<>();
ids.add(1);
Mockito.when(resourcePermissionCheckService.userOwnedResourceIdsAcquisition(AuthorizationType.TENANT, getLoginUser().getId(), tenantServiceImplLogger)).thenReturn(ids);
Mockito.when(tenantMapper.queryTenantPaging(Mockito.any(Page.class), Mockito.anyList(), Mockito.eq("TenantServiceTest")))
.thenReturn(page);
Result result = tenantService.queryTenantList(getLoginUser(), "TenantServiceTest", 1, 10);
logger.info(result.toString());
PageInfo<Tenant> pageInfo = (PageInfo<Tenant>) result.getData();

1
dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/WorkerGroupServiceTest.java
Unescape View File

@ -76,6 +76,7 @@ public class WorkerGroupServiceTest {
@Test
public void testDeleteWorkerGroupById() {
User user = new User();
user.setId(1);
user.setUserType(UserType.ADMIN_USER);
WorkerGroup wg2 = getWorkerGroup(2);
Mockito.when(workerGroupMapper.selectById(2)).thenReturn(wg2);

11
dolphinscheduler-dao/src/main/java/org/apache/dolphinscheduler/dao/mapper/TaskGroupMapper.java
Unescape View File

@ -25,6 +25,8 @@ import com.baomidou.mybatisplus.core.mapper.BaseMapper;
import com.baomidou.mybatisplus.core.metadata.IPage;
import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
import java.util.List;
/**
* the Dao interfaces of task group
*
@ -60,7 +62,7 @@ public interface TaskGroupMapper extends BaseMapper<TaskGroup> {
* @param status status
* @return result page
*/
IPage<TaskGroup> queryTaskGroupPaging(IPage<TaskGroup> page, @Param("userId") int userId,
IPage<TaskGroup> queryTaskGroupPaging(IPage<TaskGroup> page, @Param("ids") List<Integer> ids,
@Param("name") String name, @Param("status") Integer status);
/**
@ -77,4 +79,11 @@ public interface TaskGroupMapper extends BaseMapper<TaskGroup> {
int selectCountByIdStatus(@Param("id") int id,@Param("status") int status);
IPage<TaskGroup> queryTaskGroupPagingByProjectCode(Page<TaskGroup> page, @Param("projectCode") Long projectCode);
/**
* listAuthorizedResource
* @param userId
* @return
*/
List<TaskGroup> listAuthorizedResource(@Param("userId") int userId);
}

8
dolphinscheduler-dao/src/main/java/org/apache/dolphinscheduler/dao/mapper/TenantMapper.java
Unescape View File

@ -74,7 +74,7 @@ public interface TenantMapper extends BaseMapper<Tenant> {
* @param searchVal searchVal
* @return tenant IPage
*/
IPage<Tenant> queryTenantPaging(IPage<Tenant> page,
IPage<Tenant> queryTenantPaging(IPage<Tenant> page,@Param("ids") List<Integer> ids,
@Param("searchVal") String searchVal);
/**
@ -93,4 +93,10 @@ public interface TenantMapper extends BaseMapper<Tenant> {
* @return
*/
IPage<Tenant> queryTenantPagingByIds(Page<Tenant> page, @Param("ids")List<Integer> ids, @Param("searchVal")String searchVal);
/**
* queryAll
* @return
*/
List<Tenant> queryAll();
}

5
dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/AccessTokenMapper.xml
Unescape View File

@ -35,7 +35,10 @@
<select id="queryAccessTokenByUser" resultType="org.apache.dolphinscheduler.dao.entity.AccessToken">
select id, user_id, token, expire_time, create_time, update_time
from t_ds_access_token
where user_id = #{userId}
where 1 = 1
<if test="userId != 0">
and user_id = #{userId}
</if>
</select>
<delete id="deleteAccessTokenByUserId">

19
dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/TaskGroupMapper.xml
Unescape View File

@ -32,7 +32,7 @@
</resultMap>
<sql id = "baseSql">
id,name,description,project_code,group_size,use_size,status,create_time,update_time
id,name,description,user_id,project_code,group_size,use_size,status,create_time,update_time
</sql>
<select id="queryTaskGroupPaging" resultType="org.apache.dolphinscheduler.dao.entity.TaskGroup">
@ -41,8 +41,11 @@
</include>
from t_ds_task_group
<where>
<if test="userId != 0">
and user_id = #{userId}
<if test="ids != null and ids.size() > 0">
and id in
<foreach collection="ids" item="i" open="(" close=")" separator=",">
#{i}
</foreach>
</if>
<if test="status != null">
and status = #{status}
@ -103,4 +106,14 @@
id = #{id} and status = #{status}
</select>
<select id="listAuthorizedResource" resultType="org.apache.dolphinscheduler.dao.entity.TaskGroup">
select
<include refid="baseSql" />
from t_ds_task_group
where 1=1
<if test="userId != 0">
and user_id = #{userId}
</if>
</select>
</mapper>

13
dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/TenantMapper.xml
Unescape View File

@ -41,6 +41,13 @@
from t_ds_tenant
where tenant_code = #{tenantCode}
</select>
<select id="queryAll" resultType="org.apache.dolphinscheduler.dao.entity.Tenant">
select
<include refid="baseSql"/>
from t_ds_tenant
</select>
<select id="queryTenantPaging" resultType="org.apache.dolphinscheduler.dao.entity.Tenant">
SELECT
<include refid="baseSqlV2">
@ -52,6 +59,12 @@
<if test="searchVal != null and searchVal != ''">
and t.tenant_code like concat('%', #{searchVal}, '%')
</if>
<if test="ids != null and ids.size() > 0">
and t.id in
<foreach collection="ids" item="i" open="(" close=")" separator=",">
#{i}
</foreach>
</if>
order by t.update_time desc
</select>

3
dolphinscheduler-dao/src/test/java/org/apache/dolphinscheduler/dao/mapper/TaskGroupMapperTest.java
Unescape View File

@ -24,6 +24,7 @@ import java.util.Date;
import org.junit.Assert;
import org.junit.Test;
import org.mockito.Mockito;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
@ -88,7 +89,7 @@ public class TaskGroupMapperTest extends BaseDaoTest {
Page<TaskGroup> page = new Page(1, 3);
IPage<TaskGroup> taskGroupIPage = taskGroupMapper.queryTaskGroupPaging(
page,
taskGroup.getUserId(),
Mockito.anyList(),
taskGroup.getName(), taskGroup.getStatus());
Assert.assertEquals(taskGroupIPage.getTotal(), 1);

4
dolphinscheduler-dao/src/test/java/org/apache/dolphinscheduler/dao/mapper/TenantMapperTest.java
Unescape View File

@ -20,6 +20,8 @@ import org.apache.dolphinscheduler.dao.BaseDaoTest;
import org.apache.dolphinscheduler.dao.entity.Queue;
import org.apache.dolphinscheduler.dao.entity.Tenant;
import java.util.Arrays;
import java.util.Collections;
import java.util.Date;
import java.util.List;
@ -136,7 +138,7 @@ public class TenantMapperTest extends BaseDaoTest {
Page<Tenant> page = new Page(1, 3);
//tenant.getTenantCode() used instead of tenant.getTenantName()
IPage<Tenant> tenantIPage = tenantMapper.queryTenantPaging(page, tenant.getTenantCode());
IPage<Tenant> tenantIPage = tenantMapper.queryTenantPaging(page, Collections.singletonList(tenant.getId()), tenant.getTenantCode());
Assert.assertNotEquals(tenantIPage.getTotal(), 0);
}

Write Preview
Loading…
Cancel
Save