[Feature] [Permission]Data permission module added and Query class api remove verification. (#10504)

* Data permission module added

* ut fix.

* queueController ut fix.

* queue service ut fix.

* e2e rerun

dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/constants/ApiFuncIdentificationConstant.java

@@ -155,8 +155,6 @@ public class ApiFuncIdentificationConstant {
     public static final String MONITOR_DATABASES_VIEW = "monitor:databases:view";
 
     public static final String MONITOR_STATISTICS_VIEW = "monitor:statistics:view";
-    public static final String MONITOR_EVENT_LIST_VIEW = "monitor:event:view";
-    public static final String MONITOR_ALERT_LIST_VIEW = "monitor:alert:view";
 
     public final static Map<ExecuteType,String> map = new HashMap<ExecuteType,String>();
 

dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/permission/ResourcePermissionCheckServiceImpl.java

@@ -35,13 +35,17 @@ package org.apache.dolphinscheduler.api.permission;
 
 import static java.util.stream.Collectors.toSet;
 
+import org.apache.commons.collections.CollectionUtils;
 import org.apache.dolphinscheduler.common.enums.AuthorizationType;
 import org.apache.dolphinscheduler.common.enums.UserType;
 import org.apache.dolphinscheduler.dao.entity.AccessToken;
 import org.apache.dolphinscheduler.dao.entity.AlertGroup;
 import org.apache.dolphinscheduler.dao.entity.DataSource;
 import org.apache.dolphinscheduler.dao.entity.Project;
+import org.apache.dolphinscheduler.dao.entity.Queue;
 import org.apache.dolphinscheduler.dao.entity.Resource;
+import org.apache.dolphinscheduler.dao.entity.TaskGroup;
+import org.apache.dolphinscheduler.dao.entity.Tenant;
 import org.apache.dolphinscheduler.dao.entity.UdfFunc;
 import org.apache.dolphinscheduler.dao.entity.User;
 import org.apache.dolphinscheduler.dao.mapper.AccessTokenMapper;
@@ -55,11 +59,14 @@ import org.apache.dolphinscheduler.dao.mapper.K8sNamespaceMapper;
 import org.apache.dolphinscheduler.dao.mapper.ProjectMapper;
 import org.apache.dolphinscheduler.dao.mapper.QueueMapper;
 import org.apache.dolphinscheduler.dao.mapper.ResourceMapper;
+import org.apache.dolphinscheduler.dao.mapper.ResourceUserMapper;
+import org.apache.dolphinscheduler.dao.mapper.TaskGroupMapper;
 import org.apache.dolphinscheduler.dao.mapper.TenantMapper;
 import org.apache.dolphinscheduler.dao.mapper.UdfFuncMapper;
 import org.apache.dolphinscheduler.dao.mapper.WorkerGroupMapper;
 import org.apache.dolphinscheduler.service.process.ProcessService;
 
+import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.HashSet;
@@ -68,6 +75,7 @@ import java.util.Map;
 import java.util.Objects;
 import java.util.Set;
 import java.util.concurrent.ConcurrentHashMap;
+import java.util.stream.Collectors;
 
 import org.slf4j.Logger;
 import org.springframework.beans.BeansException;
@@ -105,6 +113,14 @@ public class ResourcePermissionCheckServiceImpl implements ResourcePermissionChe
 
     @Override
     public boolean operationPermissionCheck(Object authorizationType, Integer userId, String permissionKey, Logger logger) {
+        User user = processService.getUserById(userId);
+        if (user == null) {
+            logger.error("user id {} doesn't exist", userId);
+            return false;
+        }
+        if (user.getUserType().equals(UserType.ADMIN_USER)) {
+            return true;
+        }
         return RESOURCE_LIST_MAP.get(authorizationType).permissionCheck(userId, permissionKey, logger);
     }
 
@@ -130,48 +146,59 @@ public class ResourcePermissionCheckServiceImpl implements ResourcePermissionChe
     }
 
     @Component
-    public static class ProjectsResourcePermissionCheck implements ResourceAcquisitionAndPermissionCheck<Integer> {
+    public static class QueueResourcePermissionCheck implements ResourceAcquisitionAndPermissionCheck<Integer> {
 
-        private final ProjectMapper projectMapper;
+        private final QueueMapper queueMapper;
 
-        public ProjectsResourcePermissionCheck(ProjectMapper projectMapper) {
+        public QueueResourcePermissionCheck(QueueMapper queueMapper) {
-            this.projectMapper = projectMapper;
+            this.queueMapper = queueMapper;
         }
 
         @Override
         public List<AuthorizationType> authorizationTypes() {
-            return Collections.singletonList(AuthorizationType.PROJECTS);
+            return Collections.singletonList(AuthorizationType.QUEUE);
         }
 
         @Override
         public boolean permissionCheck(int userId, String permissionKey, Logger logger) {
-            // all users can create projects
+            // admin can create projects
-            return true;
+            return false;
         }
 
         @Override
         public Set<Integer> listAuthorizedResource(int userId, Logger logger) {
-            return projectMapper.listAuthorizedProjects(userId, null).stream().map(Project::getId).collect(toSet());
+            if (userId != 0) {
+                return Collections.emptySet();
+            }
+            List<Queue> queues = queueMapper.selectList(null);
+            return queues.isEmpty() ? Collections.emptySet() : queues.stream().map(Queue::getId).collect(toSet());
         }
     }
 
     @Component
-    public static class MonitorResourcePermissionCheck implements ResourceAcquisitionAndPermissionCheck<Integer> {
+    public static class ProjectsResourcePermissionCheck implements ResourceAcquisitionAndPermissionCheck<Integer> {
 
-        @Override
+        private final ProjectMapper projectMapper;
-        public List<AuthorizationType> authorizationTypes() {
+
-            return Collections.singletonList(AuthorizationType.MONITOR);
+        public ProjectsResourcePermissionCheck(ProjectMapper projectMapper) {
+            this.projectMapper = projectMapper;
         }
 
         @Override
-        public Set<Integer> listAuthorizedResource(int userId, Logger logger) {
+        public List<AuthorizationType> authorizationTypes() {
-            return null;
+            return Collections.singletonList(AuthorizationType.PROJECTS);
         }
 
         @Override
         public boolean permissionCheck(int userId, String permissionKey, Logger logger) {
+            // all users can create projects
             return true;
         }
+
+        @Override
+        public Set<Integer> listAuthorizedResource(int userId, Logger logger) {
+            return projectMapper.listAuthorizedProjects(userId, null).stream().map(Project::getId).collect(toSet());
+        }
     }
 
     @Component
@@ -179,8 +206,11 @@ public class ResourcePermissionCheckServiceImpl implements ResourcePermissionChe
 
         private final ResourceMapper resourceMapper;
 
-        public FilePermissionCheck(ResourceMapper resourceMapper) {
+        private final ResourceUserMapper resourceUserMapper;
+
+        public FilePermissionCheck(ResourceMapper resourceMapper, ResourceUserMapper resourceUserMapper) {
             this.resourceMapper = resourceMapper;
+            this.resourceUserMapper = resourceUserMapper;
         }
 
         @Override
@@ -190,11 +220,17 @@ public class ResourcePermissionCheckServiceImpl implements ResourcePermissionChe
 
         @Override
         public Set<Integer> listAuthorizedResource(int userId, Logger logger) {
-            List<Resource> resources = resourceMapper.queryResourceList(null, userId, -1);
+            List<Resource> relationResources;
-            if (resources.isEmpty()){
+            if (userId == 0) {
-                return Collections.emptySet();
+                relationResources = new ArrayList<>();
+            } else {
+                // query resource relation
+                List<Integer> resIds = resourceUserMapper.queryResourcesIdListByUserIdAndPerm(userId, 0);
+                relationResources = CollectionUtils.isEmpty(resIds) ? new ArrayList<>() : resourceMapper.queryResourceListById(resIds);
             }
-            return resources.stream().map(Resource::getId).collect(toSet());
+            List<Resource> ownResourceList = resourceMapper.queryResourceListAuthored(userId, -1);
+            relationResources.addAll(ownResourceList);
+            return ownResourceList.stream().map(Resource::getId).collect(toSet());
         }
 
         @Override
@@ -235,6 +271,12 @@ public class ResourcePermissionCheckServiceImpl implements ResourcePermissionChe
     @Component
     public static class TaskGroupPermissionCheck implements ResourceAcquisitionAndPermissionCheck<Integer> {
 
+        private final TaskGroupMapper taskGroupMapper;
+
+        public TaskGroupPermissionCheck(TaskGroupMapper taskGroupMapper) {
+            this.taskGroupMapper = taskGroupMapper;
+        }
+
         @Override
         public List<AuthorizationType> authorizationTypes() {
             return Collections.singletonList(AuthorizationType.TASK_GROUP);
@@ -242,7 +284,11 @@ public class ResourcePermissionCheckServiceImpl implements ResourcePermissionChe
 
         @Override
         public Set<Integer> listAuthorizedResource(int userId, Logger logger) {
-            return null;
+            List<TaskGroup> taskGroupList = taskGroupMapper.listAuthorizedResource(userId);
+            if (taskGroupList.isEmpty()) {
+                return Collections.emptySet();
+            }
+            return taskGroupList.stream().map(TaskGroup::getId).collect(Collectors.toSet());
         }
 
         @Override
@@ -267,7 +313,7 @@ public class ResourcePermissionCheckServiceImpl implements ResourcePermissionChe
 
         @Override
         public boolean permissionCheck(int userId, String url, Logger logger) {
-           return true;
+            return false;
         }
 
         @Override
@@ -302,32 +348,6 @@ public class ResourcePermissionCheckServiceImpl implements ResourcePermissionChe
         }
     }
 
-    @Component
-    public static class QueueResourceList implements ResourceAcquisitionAndPermissionCheck<Integer> {
-
-        private final QueueMapper queueMapper;
-
-        public QueueResourceList(QueueMapper queueMapper) {
-            this.queueMapper = queueMapper;
-        }
-
-        @Override
-        public List<AuthorizationType> authorizationTypes() {
-            return Collections.singletonList(AuthorizationType.QUEUE);
-        }
-
-        @Override
-        public boolean permissionCheck(int userId, String url, Logger logger) {
-           return true;
-        }
-
-        @Override
-        public Set<Integer> listAuthorizedResource(int userId, Logger logger) {
-            return Collections.emptySet();
-        }
-    }
-
-
     @Component
     public static class WorkerGroupResourceList implements ResourceAcquisitionAndPermissionCheck<Integer> {
 
@@ -344,7 +364,7 @@ public class ResourcePermissionCheckServiceImpl implements ResourcePermissionChe
 
         @Override
         public boolean permissionCheck(int userId, String url, Logger logger) {
-           return true;
+            return false;
         }
 
 
@@ -373,7 +393,7 @@ public class ResourcePermissionCheckServiceImpl implements ResourcePermissionChe
 
         @Override
         public boolean permissionCheck(int userId, String url, Logger logger) {
-           return true;
+            return false;
         }
 
 
@@ -402,7 +422,7 @@ public class ResourcePermissionCheckServiceImpl implements ResourcePermissionChe
 
         @Override
         public boolean permissionCheck(int userId, String url, Logger logger) {
-           return true;
+           return false;
         }
 
 
@@ -431,14 +451,18 @@ public class ResourcePermissionCheckServiceImpl implements ResourcePermissionChe
 
         @Override
         public boolean permissionCheck(int userId, String url, Logger logger) {
-           return true;
+            return false;
         }
 
 
         @Override
         public Set<Integer> listAuthorizedResource(int userId, Logger logger) {
+            if (userId != 0) {
                 return Collections.emptySet();
             }
+            List<Tenant> tenantList = tenantMapper.queryAll();
+            return tenantList.stream().map(Tenant::getId).collect(Collectors.toSet());
+        }
     }
 
     /**
@@ -449,8 +473,6 @@ public class ResourcePermissionCheckServiceImpl implements ResourcePermissionChe
 
         private final DataSourceMapper dataSourceMapper;
 
-
-
         public DataSourceResourceList(DataSourceMapper dataSourceMapper) {
             this.dataSourceMapper = dataSourceMapper;
         }
@@ -472,68 +494,6 @@ public class ResourcePermissionCheckServiceImpl implements ResourcePermissionChe
         }
     }
 
-    /**
-     * DataAnalysis Resource
-     */
-    @Component
-    public static class DataAnalysisList implements ResourceAcquisitionAndPermissionCheck<Integer> {
-
-        private final CommandMapper commandMapper;
-
-
-
-        public DataAnalysisList(CommandMapper commandMapper) {
-            this.commandMapper = commandMapper;
-        }
-
-        @Override
-        public List<AuthorizationType> authorizationTypes() {
-            return Collections.singletonList(AuthorizationType.DATA_ANALYSIS);
-        }
-
-        @Override
-        public boolean permissionCheck(int userId, String url, Logger logger) {
-            return true;
-        }
-
-
-        @Override
-        public Set<Integer> listAuthorizedResource(int userId, Logger logger) {
-            return Collections.emptySet();
-        }
-    }
-
-    /**
-     * DataQuality Resource
-     */
-    @Component
-    public static class DataQualityList implements ResourceAcquisitionAndPermissionCheck<Integer> {
-
-        private final DqRuleMapper dqRuleMapper;
-
-
-
-        public DataQualityList(DqRuleMapper dqRuleMapper) {
-            this.dqRuleMapper = dqRuleMapper;
-        }
-
-        @Override
-        public List<AuthorizationType> authorizationTypes() {
-            return Collections.singletonList(AuthorizationType.DATA_QUALITY);
-        }
-
-        @Override
-        public boolean permissionCheck(int userId, String url, Logger logger) {
-            return true;
-        }
-
-
-        @Override
-        public Set<Integer> listAuthorizedResource(int userId, Logger logger) {
-            return Collections.emptySet();
-        }
-    }
-
     /**
      * AccessToken Resource
      */
@@ -542,8 +502,6 @@ public class ResourcePermissionCheckServiceImpl implements ResourcePermissionChe
 
         private final AccessTokenMapper accessTokenMapper;
 
-
-
         public AccessTokenList(AccessTokenMapper accessTokenMapper) {
             this.accessTokenMapper = accessTokenMapper;
         }
@@ -555,10 +513,9 @@ public class ResourcePermissionCheckServiceImpl implements ResourcePermissionChe
 
         @Override
         public boolean permissionCheck(int userId, String url, Logger logger) {
-            return true;
+            return false;
         }
 
-
         @Override
         public Set<Integer> listAuthorizedResource(int userId, Logger logger) {
             return accessTokenMapper.listAuthorizedAccessToken(userId, null).stream().map(AccessToken::getId).collect(toSet());

dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/AccessTokenServiceImpl.java

@@ -70,10 +70,6 @@ public class AccessTokenServiceImpl extends BaseServiceImpl implements AccessTok
         Result result = new Result();
         PageInfo<AccessToken> pageInfo = new PageInfo<>(pageNo, pageSize);
         Page<AccessToken> page = new Page<>(pageNo, pageSize);
-        if (!canOperatorPermissions(loginUser,null,AuthorizationType.ACCESS_TOKEN,ACCESS_TOKEN_MANAGE)) {
-            putMsg(result, Status.USER_NO_OPERATION_PERM);
-            return result;
-        }
         int userId = loginUser.getId();
         if (loginUser.getUserType() == UserType.ADMIN_USER) {
             userId = 0;
@@ -97,13 +93,12 @@ public class AccessTokenServiceImpl extends BaseServiceImpl implements AccessTok
     public Map<String, Object> queryAccessTokenByUser(User loginUser, Integer userId) {
         Map<String, Object> result = new HashMap<>();
         result.put(Constants.STATUS, false);
-
+        // no permission
-        // only admin can operate
+        if (loginUser.getUserType().equals(UserType.GENERAL_USER) && loginUser.getId() != userId) {
-        if (!canOperatorPermissions(loginUser,null, AuthorizationType.ACCESS_TOKEN,ACCESS_TOKEN_MANAGE)) {
             putMsg(result, Status.USER_NO_OPERATION_PERM);
             return result;
         }
-
+        userId = loginUser.getUserType().equals(UserType.ADMIN_USER) ? 0 : userId;
         // query access token for specified user
         List<AccessToken> accessTokenList = this.accessTokenMapper.queryAccessTokenByUser(userId);
         result.put(Constants.DATA_LIST, accessTokenList);
@@ -173,7 +168,7 @@ public class AccessTokenServiceImpl extends BaseServiceImpl implements AccessTok
     @Override
     public Map<String, Object> generateToken(User loginUser, int userId, String expireTime) {
         Map<String, Object> result = new HashMap<>();
-        if (!(canOperatorPermissions(loginUser,null,AuthorizationType.ACCESS_TOKEN, ACCESS_TOKEN_CREATE) || loginUser.getId() == userId)) {
+        if (!(canOperatorPermissions(loginUser,null, AuthorizationType.ACCESS_TOKEN, ACCESS_TOKEN_CREATE) || loginUser.getId() == userId)) {
             putMsg(result, Status.USER_NO_OPERATION_PERM);
             return result;
         }

dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/AlertGroupServiceImpl.java

@@ -31,7 +31,6 @@ import org.apache.dolphinscheduler.dao.mapper.AlertGroupMapper;
 import org.apache.commons.lang3.StringUtils;
 
 import java.util.ArrayList;
-import java.util.Arrays;
 import java.util.Collections;
 import java.util.Date;
 import java.util.HashMap;
@@ -119,10 +118,6 @@ public class AlertGroupServiceImpl extends BaseServiceImpl implements AlertGroup
     public Result listPaging(User loginUser, String searchVal, Integer pageNo, Integer pageSize) {
 
         Result result = new Result();
-        if (!canOperatorPermissions(loginUser,null,AuthorizationType.ALERT_GROUP,ALERT_GROUP_VIEW)) {
-            putMsg(result,Status.USER_NO_OPERATION_PERM);
-            return result;
-        }
         IPage<AlertGroup> alertGroupPage;
         PageInfo<AlertGroup> pageInfo = new PageInfo<>(pageNo, pageSize);
         Page<AlertGroup> page = new Page<>(pageNo, pageSize);

dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/AlertPluginInstanceServiceImpl.java

@@ -211,11 +211,6 @@ public class AlertPluginInstanceServiceImpl extends BaseServiceImpl implements A
     public Result listPaging(User loginUser, String searchVal, int pageNo, int pageSize) {
 
         Result result = new Result();
-        if (!canOperatorPermissions(loginUser,null,AuthorizationType.ALERT_PLUGIN_INSTANCE, ApiFuncIdentificationConstant.ALARM_INSTANCE_MANAGE)) {
-            putMsg(result,Status.USER_NO_OPERATION_PERM);
-            return result;
-        }
-
         Page<AlertPluginInstance> page = new Page<>(pageNo, pageSize);
         IPage<AlertPluginInstance> alertPluginInstanceIPage = alertPluginInstanceMapper.queryByInstanceNamePage(page, searchVal);
 

dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/DataAnalysisServiceImpl.java

@@ -258,12 +258,6 @@ public class DataAnalysisServiceImpl extends BaseServiceImpl implements DataAnal
             return result;
         }
         Long[] projectCodeArray = getProjectCodesArrays(projectIds.getLeft());
-
-        // admin can view all
-        if(!canOperatorPermissions(loginUser,null, AuthorizationType.DATA_ANALYSIS, ApiFuncIdentificationConstant.MONITOR_STATISTICS_VIEW)){
-            putMsg(result, Status.USER_NO_OPERATION_PROJECT_PERM);
-            return result;
-        }
         int userId = loginUser.getUserType() == UserType.ADMIN_USER ? 0 : loginUser.getId();
 
         // count normal command state

dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/DataSourceServiceImpl.java

@@ -250,11 +250,6 @@ public class DataSourceServiceImpl extends BaseServiceImpl implements DataSource
         IPage<DataSource> dataSourceList = null;
         Page<DataSource> dataSourcePage = new Page<>(pageNo, pageSize);
         PageInfo<DataSource> pageInfo = new PageInfo<>(pageNo, pageSize);
-
-        if (!canOperatorPermissions(loginUser,null,AuthorizationType.DATASOURCE,DATASOURCE_LIST)) {
-            putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION);
-            return result;
-        }
         if (loginUser.getUserType().equals(UserType.ADMIN_USER)) {
             dataSourceList = dataSourceMapper.selectPaging(dataSourcePage, UserType.ADMIN_USER.equals(loginUser.getUserType()) ? 0 : loginUser.getId(), searchVal);
         } else {

dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/DqExecuteResultServiceImpl.java

@@ -71,10 +71,6 @@ public class DqExecuteResultServiceImpl extends BaseServiceImpl implements DqExe
             if (StringUtils.isNotEmpty(endTime)) {
                 end = DateUtils.getScheduleDate(endTime);
             }
-            if(!canOperatorPermissions(loginUser,null, AuthorizationType.DATA_QUALITY,null)){
-                putMsg(result, Status.USER_NO_OPERATION_PROJECT_PERM);
-                return result;
-            }
         } catch (Exception e) {
             putMsg(result, Status.REQUEST_PARAMS_NOT_VALID_ERROR, "startTime,endTime");
             return result;

dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/DqRuleServiceImpl.java

@@ -168,10 +168,6 @@ public class DqRuleServiceImpl extends BaseServiceImpl implements DqRuleService
             if (StringUtils.isNotEmpty(endTime)) {
                 end = DateUtils.getScheduleDate(endTime);
             }
-            if(!canOperatorPermissions(loginUser,null, AuthorizationType.DATA_QUALITY,null)){
-                putMsg(result, Status.USER_NO_OPERATION_PROJECT_PERM);
-                return result;
-            }
         } catch (Exception e) {
             putMsg(result, Status.REQUEST_PARAMS_NOT_VALID_ERROR, "startTime,endTime");
             return result;

dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/K8SNamespaceServiceImpl.java

@@ -80,11 +80,6 @@ public class K8SNamespaceServiceImpl extends BaseServiceImpl implements K8sNames
     @Override
     public Result queryListPaging(User loginUser, String searchVal, Integer pageNo, Integer pageSize) {
         Result result = new Result();
-        if (!canOperatorPermissions(loginUser,null, AuthorizationType.K8S_NAMESPACE,null)) {
-            putMsg(result, Status.USER_NO_OPERATION_PERM);
-            return result;
-        }
-
         Page<K8sNamespace> page = new Page<>(pageNo, pageSize);
 
         IPage<K8sNamespace> k8sNamespaceList = k8sNamespaceMapper.queryK8sNamespacePaging(page, searchVal);

dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/MonitorServiceImpl.java

@@ -17,11 +17,9 @@
 
 package org.apache.dolphinscheduler.api.service.impl;
 
-import org.apache.dolphinscheduler.api.constants.ApiFuncIdentificationConstant;
 import org.apache.dolphinscheduler.api.enums.Status;
 import org.apache.dolphinscheduler.api.service.MonitorService;
 import org.apache.dolphinscheduler.common.Constants;
-import org.apache.dolphinscheduler.common.enums.AuthorizationType;
 import org.apache.dolphinscheduler.common.enums.NodeType;
 import org.apache.dolphinscheduler.common.model.Server;
 import org.apache.dolphinscheduler.common.model.WorkerServerModel;
@@ -66,10 +64,6 @@ public class MonitorServiceImpl extends BaseServiceImpl implements MonitorServic
     @Override
     public Map<String, Object> queryDatabaseState(User loginUser) {
         Map<String, Object> result = new HashMap<>();
-        if (!canOperatorPermissions(loginUser, null, AuthorizationType.MONITOR, ApiFuncIdentificationConstant.MONITOR_DATABASES_VIEW)) {
-            putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION);
-            return result;
-        }
         List<MonitorRecord> monitorRecordList = monitorDBDao.queryDatabaseState();
         result.put(Constants.DATA_LIST, monitorRecordList);
         putMsg(result, Status.SUCCESS);
@@ -85,10 +79,6 @@ public class MonitorServiceImpl extends BaseServiceImpl implements MonitorServic
     @Override
     public Map<String, Object> queryMaster(User loginUser) {
         Map<String, Object> result = new HashMap<>();
-        if (!canOperatorPermissions(loginUser, null, AuthorizationType.MONITOR, ApiFuncIdentificationConstant.MONITOR_MASTER_VIEW)) {
-            putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION);
-            return result;
-        }
         List<Server> masterServers = getServerListFromRegistry(true);
         result.put(Constants.DATA_LIST, masterServers);
         putMsg(result, Status.SUCCESS);
@@ -106,12 +96,6 @@ public class MonitorServiceImpl extends BaseServiceImpl implements MonitorServic
     public Map<String, Object> queryWorker(User loginUser) {
 
         Map<String, Object> result = new HashMap<>();
-
-        if (!canOperatorPermissions(loginUser, null, AuthorizationType.MONITOR, ApiFuncIdentificationConstant.MONITOR_WORKER_VIEW)) {
-            putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION);
-            return result;
-        }
-
         List<WorkerServerModel> workerServers = getServerListFromRegistry(false)
             .stream()
             .map((Server server) -> {

dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ProjectServiceImpl.java

@@ -230,10 +230,6 @@ public class ProjectServiceImpl extends BaseServiceImpl implements ProjectServic
         Result result = new Result();
         PageInfo<Project> pageInfo = new PageInfo<>(pageNo, pageSize);
         Page<Project> page = new Page<>(pageNo, pageSize);
-        if (!canOperatorPermissions(loginUser, null, AuthorizationType.PROJECTS, PROJECT)) {
-            putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION);
-            return result;
-        }
         Set<Integer> projectIds = resourcePermissionCheckService.userOwnedResourceIdsAcquisition(AuthorizationType.PROJECTS, loginUser.getId(), logger);
         if (projectIds.isEmpty()) {
             result.setData(pageInfo);

dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/QueueServiceImpl.java

@@ -30,10 +30,12 @@ import org.apache.dolphinscheduler.dao.mapper.UserMapper;
 
 import org.apache.commons.lang3.StringUtils;
 
+import java.util.Collections;
 import java.util.Date;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
+import java.util.Set;
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -68,12 +70,13 @@ public class QueueServiceImpl extends BaseServiceImpl implements QueueService {
     @Override
     public Map<String, Object> queryList(User loginUser) {
         Map<String, Object> result = new HashMap<>();
-        if (!canOperatorPermissions(loginUser,null, AuthorizationType.QUEUE, YARN_QUEUE_MANAGE)) {
+        Set<Integer> ids = resourcePermissionCheckService.userOwnedResourceIdsAcquisition(AuthorizationType.QUEUE, loginUser.getId(), logger);
-            putMsg(result, Status.USER_NO_OPERATION_PERM);
+        if (ids.isEmpty()) {
+            result.put(Constants.DATA_LIST, Collections.emptyList());
+            putMsg(result, Status.SUCCESS);
             return result;
         }
-
+        List<Queue> queueList = queueMapper.selectBatchIds(ids);
-        List<Queue> queueList = queueMapper.selectList(null);
         result.put(Constants.DATA_LIST, queueList);
         putMsg(result, Status.SUCCESS);
 
@@ -92,17 +95,16 @@ public class QueueServiceImpl extends BaseServiceImpl implements QueueService {
     @Override
     public Result queryList(User loginUser, String searchVal, Integer pageNo, Integer pageSize) {
         Result result = new Result();
-        if (!canOperatorPermissions(loginUser,null,AuthorizationType.QUEUE,YARN_QUEUE_MANAGE)) {
+        PageInfo<Queue> pageInfo = new PageInfo<>(pageNo, pageSize);
-            putMsg(result, Status.USER_NO_OPERATION_PERM);
+        Set<Integer> ids = resourcePermissionCheckService.userOwnedResourceIdsAcquisition(AuthorizationType.QUEUE, loginUser.getId(), logger);
+        if (ids.isEmpty()) {
+            result.setData(pageInfo);
+            putMsg(result, Status.SUCCESS);
             return result;
         }
-
         Page<Queue> page = new Page<>(pageNo, pageSize);
-
         IPage<Queue> queueList = queueMapper.queryQueuePaging(page, searchVal);
-
         Integer count = (int) queueList.getTotal();
-        PageInfo<Queue> pageInfo = new PageInfo<>(pageNo, pageSize);
         pageInfo.setTotal(count);
         pageInfo.setTotalList(queueList.getRecords());
         result.setData(pageInfo);
@@ -174,7 +176,7 @@ public class QueueServiceImpl extends BaseServiceImpl implements QueueService {
     @Override
     public Map<String, Object> updateQueue(User loginUser, int id, String queue, String queueName) {
         Map<String, Object> result = new HashMap<>();
-        if (!canOperatorPermissions(loginUser,null, AuthorizationType.QUEUE,YARN_QUEUE_UPDATE)) {
+        if (!canOperatorPermissions(loginUser,new Object[]{id}, AuthorizationType.QUEUE,YARN_QUEUE_UPDATE)) {
             putMsg(result, Status.USER_NO_OPERATION_PERM);
             return result;
         }

dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ResourcesServiceImpl.java

@@ -619,13 +619,6 @@ public class ResourcesServiceImpl extends BaseServiceImpl implements ResourcesSe
     @Override
     public Result queryResourceListPaging(User loginUser, int directoryId, ResourceType type, String searchVal, Integer pageNo, Integer pageSize) {
         Result<Object> result = new Result<>();
-        String funcPermissionKey = type.equals(ResourceType.FILE) ? ApiFuncIdentificationConstant.FILE_VIEW : ApiFuncIdentificationConstant.UDF_FILE_VIEW;
-        boolean canOperatorPermissions = canOperatorPermissions(loginUser, null, AuthorizationType.RESOURCE_FILE_ID, funcPermissionKey);
-        if (!canOperatorPermissions){
-            putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION);
-            return result;
-        }
-
         Page<Resource> page = new Page<>(pageNo, pageSize);
         if (directoryId != -1) {
             Resource directory = resourcesMapper.selectById(directoryId);
@@ -729,13 +722,6 @@ public class ResourcesServiceImpl extends BaseServiceImpl implements ResourcesSe
     public Map<String, Object> queryResourceList(User loginUser, ResourceType type) {
         Map<String, Object> result = new HashMap<>();
 
-        String funcPermissionKey = type.equals(ResourceType.FILE) ? ApiFuncIdentificationConstant.FILE_VIEW : ApiFuncIdentificationConstant.UDF_FILE_VIEW;
-        boolean canOperatorPermissions = canOperatorPermissions(loginUser, null, AuthorizationType.RESOURCE_FILE_ID, funcPermissionKey);
-        if (!canOperatorPermissions){
-            putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION);
-            return result;
-        }
-
         List<Resource> allResourceList = queryAuthoredResourceList(loginUser, type);
         Visitor resourceTreeVisitor = new ResourceTreeVisitor(allResourceList);
         result.put(Constants.DATA_LIST, resourceTreeVisitor.visit().getChildren());
@@ -754,12 +740,6 @@ public class ResourcesServiceImpl extends BaseServiceImpl implements ResourcesSe
     @Override
     public Result<Object> queryResourceByProgramType(User loginUser, ResourceType type, ProgramType programType) {
         Result<Object> result = new Result<>();
-        String funcPermissionKey = type.equals(ResourceType.FILE) ? ApiFuncIdentificationConstant.FILE_VIEW : ApiFuncIdentificationConstant.UDF_FILE_VIEW;
-        boolean canOperatorPermissions = canOperatorPermissions(loginUser, null, AuthorizationType.RESOURCE_FILE_ID, funcPermissionKey);
-        if (!canOperatorPermissions){
-            putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION);
-            return result;
-        }
 
         Set<Integer> resourceIds = resourcePermissionCheckService.userOwnedResourceIdsAcquisition(checkResourceType(type), loginUser.getId(), logger);
         if (resourceIds.isEmpty()){
@@ -1575,23 +1555,13 @@ public class ResourcesServiceImpl extends BaseServiceImpl implements ResourcesSe
      * @return all authored resource list
      */
     private List<Resource> queryAuthoredResourceList(User loginUser, ResourceType type) {
-        List<Resource> relationResources;
+        Set<Integer> resourceIds = resourcePermissionCheckService.userOwnedResourceIdsAcquisition(checkResourceType(type), loginUser.getId(), logger);
-        int userId = loginUser.getId();
+        if (resourceIds.isEmpty()){
-        if (isAdmin(loginUser)) {
+            return Collections.emptyList();
-            userId = 0;
-            relationResources = new ArrayList<>();
-        } else {
-            // query resource relation
-            relationResources = queryResourceList(userId, 0);
         }
-        // filter by resource type
+        List<Resource> resources = resourcesMapper.selectBatchIds(resourceIds);
-        List<Resource> relationTypeResources =
+        resources = resources.stream().filter(rs -> rs.getType() == type).collect(Collectors.toList());
-                relationResources.stream().filter(rs -> rs.getType() == type).collect(Collectors.toList());
+        return resources;
-
-        List<Resource> ownResourceList = resourcesMapper.queryResourceListAuthored(userId, type.ordinal());
-        ownResourceList.addAll(relationTypeResources);
-
-        return ownResourceList;
     }
 
     /**

dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/TaskGroupServiceImpl.java

@@ -45,6 +45,7 @@ import java.util.Date;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
+import java.util.Set;
 
 /**
  * task Group Service
@@ -267,13 +268,14 @@ public class TaskGroupServiceImpl extends BaseServiceImpl implements TaskGroupSe
     public Map<String, Object> doQuery(User loginUser, int pageNo, int pageSize, int userId, String name, Integer status) {
         Map<String, Object> result = new HashMap<>();
         Page<TaskGroup> page = new Page<>(pageNo, pageSize);
-
+        PageInfo<TaskGroup> pageInfo = new PageInfo<>(pageNo, pageSize);
-        boolean canOperatorPermissions = canOperatorPermissions(loginUser, null, AuthorizationType.TASK_GROUP, ApiFuncIdentificationConstant.TASK_GROUP_VIEW);
+        Set<Integer> ids = resourcePermissionCheckService.userOwnedResourceIdsAcquisition(AuthorizationType.TASK_GROUP, userId, logger);
-        if (!canOperatorPermissions){
+        if (ids.isEmpty()) {
-            putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION);
+            result.put(Constants.DATA_LIST, pageInfo);
+            putMsg(result, Status.SUCCESS);
             return result;
         }
-        IPage<TaskGroup> taskGroupPaging = taskGroupMapper.queryTaskGroupPaging(page, userId, name, status);
+        IPage<TaskGroup> taskGroupPaging = taskGroupMapper.queryTaskGroupPaging(page, new ArrayList<>(ids), name, status);
 
         return getStringObjectMap(pageNo, pageSize, result, taskGroupPaging);
     }

dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/TenantServiceImpl.java

@@ -150,14 +150,16 @@ public class TenantServiceImpl extends BaseServiceImpl implements TenantService
     public Result<Object> queryTenantList(User loginUser, String searchVal, Integer pageNo, Integer pageSize) {
 
         Result<Object> result = new Result<>();
-        if (!canOperatorPermissions(loginUser,null,AuthorizationType.TENANT,TENANT_MANAGER)) {
+        PageInfo<Tenant> pageInfo = new PageInfo<>(pageNo, pageSize);
-            putMsg(result, Status.USER_NO_OPERATION_PERM);
+        Set<Integer> ids = resourcePermissionCheckService.userOwnedResourceIdsAcquisition(AuthorizationType.TENANT, loginUser.getId(), logger);
+        if (ids.isEmpty()) {
+            result.setData(pageInfo);
+            putMsg(result, Status.SUCCESS);
             return result;
         }
         Page<Tenant> page = new Page<>(pageNo, pageSize);
-        IPage<Tenant> tenantPage = tenantMapper.queryTenantPaging(page, searchVal);
+        IPage<Tenant> tenantPage = tenantMapper.queryTenantPaging(page, new ArrayList<>(ids), searchVal);
 
-        PageInfo<Tenant> pageInfo = new PageInfo<>(pageNo, pageSize);
         pageInfo.setTotal((int) tenantPage.getTotal());
         pageInfo.setTotalList(tenantPage.getRecords());
         result.setData(pageInfo);
@@ -298,14 +300,15 @@ public class TenantServiceImpl extends BaseServiceImpl implements TenantService
     public Map<String, Object> queryTenantList(User loginUser) {
 
         Map<String, Object> result = new HashMap<>();
-        if (!canOperatorPermissions(loginUser,null,AuthorizationType.TENANT,TENANT_MANAGER)) {
+        Set<Integer> ids = resourcePermissionCheckService.userOwnedResourceIdsAcquisition(AuthorizationType.TENANT, loginUser.getId(), logger);
-            putMsg(result, Status.USER_NO_OPERATION_PERM);
+        if (ids.isEmpty()) {
+            result.put(Constants.DATA_LIST, Collections.emptyList());
+            putMsg(result, Status.SUCCESS);
             return result;
         }
-        List<Tenant> resourceList = tenantMapper.selectList(null);
+        List<Tenant> resourceList = tenantMapper.selectBatchIds(ids);
         result.put(Constants.DATA_LIST, resourceList);
         putMsg(result, Status.SUCCESS);
-
         return result;
     }
 

dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/WorkerGroupServiceImpl.java

@@ -124,7 +124,9 @@ public class WorkerGroupServiceImpl extends BaseServiceImpl implements WorkerGro
             workerGroupMapper.insert(workerGroup);
         }
         putMsg(result, Status.SUCCESS);
+        if (id != 0) {
             permissionPostHandle(AuthorizationType.WORKER_GROUP, loginUser.getId(), Collections.singletonList(workerGroup.getId()),logger);
+        }
         return result;
     }
 
@@ -189,11 +191,6 @@ public class WorkerGroupServiceImpl extends BaseServiceImpl implements WorkerGro
         int toIndex = (pageNo - 1) * pageSize + pageSize;
 
         Result result = new Result();
-        if (!canOperatorPermissions(loginUser,null,AuthorizationType.WORKER_GROUP,WORKER_GROUP_MANAGE)) {
-            putMsg(result,Status.USER_NO_OPERATION_PERM);
-            return result;
-        }
-
         List<WorkerGroup> workerGroups = new ArrayList<>();
         if (loginUser.getUserType().equals(UserType.ADMIN_USER)) {
             workerGroups = getWorkerGroups(true);

dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/AccessTokenServiceTest.java

@@ -40,7 +40,6 @@ import java.util.Calendar;
 import java.util.Date;
 import java.util.List;
 import java.util.Map;
-import java.util.Optional;
 
 import org.apache.dolphinscheduler.api.permission.ResourcePermissionCheckService;
 import org.assertj.core.util.Lists;
@@ -83,8 +82,6 @@ public class AccessTokenServiceTest {
         User user = new User();
         user.setId(1);
         user.setUserType(UserType.ADMIN_USER);
-        Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.ACCESS_TOKEN, 1, ACCESS_TOKEN_MANAGE, baseServiceLogger)).thenReturn(true);
-        Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.ACCESS_TOKEN, null, 0, baseServiceLogger)).thenReturn(true);
         when(accessTokenMapper.selectAccessTokenPage(any(Page.class), eq("zhangsan"), eq(0))).thenReturn(tokenPage);
 
         Result result = accessTokenService.queryAccessTokenList(user, "zhangsan", 1, 10);
@@ -96,19 +93,17 @@ public class AccessTokenServiceTest {
     @Test
     public void testQueryAccessTokenByUser() {
         List<AccessToken> accessTokenList = Lists.newArrayList(this.getEntity());
-        Mockito.when(this.accessTokenMapper.queryAccessTokenByUser(1)).thenReturn(accessTokenList);
+        Mockito.when(this.accessTokenMapper.queryAccessTokenByUser(Mockito.anyInt())).thenReturn(accessTokenList);
 
         // USER_NO_OPERATION_PERM
         User user = this.getLoginUser();
         user.setUserType(UserType.GENERAL_USER);
-        Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.ACCESS_TOKEN, user.getId(), ACCESS_TOKEN_MANAGE, baseServiceLogger)).thenReturn(true);
+        Map<String, Object> result = this.accessTokenService.queryAccessTokenByUser(user, 3);
-        Map<String, Object> result = this.accessTokenService.queryAccessTokenByUser(user, 1);
         logger.info(result.toString());
         Assert.assertEquals(Status.USER_NO_OPERATION_PERM, result.get(Constants.STATUS));
 
         // SUCCESS
         user.setUserType(UserType.ADMIN_USER);
-        Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.ACCESS_TOKEN, null, 0, baseServiceLogger)).thenReturn(true);
         result = this.accessTokenService.queryAccessTokenByUser(user, 1);
         logger.info(result.toString());
         Assert.assertEquals(Status.SUCCESS, result.get(Constants.STATUS));

dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/AlertGroupServiceTest.java

@@ -36,8 +36,10 @@ import org.apache.dolphinscheduler.dao.mapper.AlertGroupMapper;
 import org.apache.commons.collections.CollectionUtils;
 
 import java.util.ArrayList;
+import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
+import java.util.Set;
 
 import org.apache.dolphinscheduler.api.permission.ResourcePermissionCheckService;
 import org.junit.Assert;
@@ -71,9 +73,6 @@ public class AlertGroupServiceTest {
 
     private String groupName = "AlertGroupServiceTest";
 
-    @InjectMocks
-    BaseServiceImpl baseService;
-
     @Spy
     private ResourcePermissionCheckService resourcePermissionCheckService;
 
@@ -97,14 +96,15 @@ public class AlertGroupServiceTest {
         // no operate
         user.setUserType(UserType.GENERAL_USER);
         user.setId(88);
+
+        Set<Integer> ids = new HashSet<>();
+        ids.add(1);
         Result result = alertGroupService.listPaging(user, groupName, 1, 10);
         logger.info(result.toString());
-        Assert.assertEquals(Status.USER_NO_OPERATION_PERM.getCode(), (int) result.getCode());
+        Assert.assertEquals(Status.SUCCESS.getCode(), (int) result.getCode());
         //success
         user.setUserType(UserType.ADMIN_USER);
         user.setId(1);
-        Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.ALERT_GROUP, 1, ALERT_GROUP_VIEW, baseServiceLogger)).thenReturn(true);
-        Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.ALERT_GROUP, null, 0, baseServiceLogger)).thenReturn(true);
         result = alertGroupService.listPaging(user, groupName, 1, 10);
         logger.info(result.toString());
         PageInfo<AlertGroup> pageInfo = (PageInfo<AlertGroup>) result.getData();

dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/DataAnalysisServiceTest.java

@@ -281,8 +281,6 @@ public class DataAnalysisServiceTest {
         CommandCount commandCount = new CommandCount();
         commandCount.setCommandType(CommandType.START_PROCESS);
         commandCounts.add(commandCount);
-        Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.DATA_ANALYSIS, user.getId(), ApiFuncIdentificationConstant.MONITOR_STATISTICS_VIEW, baseServiceLogger)).thenReturn(true);
-        Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.DATA_ANALYSIS, null, 0, baseServiceLogger)).thenReturn(true);
         Mockito.when(commandMapper.countCommandState(0, null, null, new Long[]{1L})).thenReturn(commandCounts);
         Mockito.when(errorCommandMapper.countCommandState(0, null, null, new Long[]{1L})).thenReturn(commandCounts);
 

dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/K8SNamespaceServiceTest.java

@@ -92,8 +92,6 @@ public class K8SNamespaceServiceTest {
         IPage<K8sNamespace> page = new Page<>(1, 10);
         page.setTotal(1L);
         page.setRecords(getNamespaceList());
-        Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.K8S_NAMESPACE, getLoginUser().getId(), null, baseServiceLogger)).thenReturn(true);
-        Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.K8S_NAMESPACE, null, 0, baseServiceLogger)).thenReturn(true);
         Mockito.when(k8sNamespaceMapper.queryK8sNamespacePaging(Mockito.any(Page.class), Mockito.eq(namespace))).thenReturn(page);
         Result result = k8sNamespaceService.queryListPaging(getLoginUser(), namespace, 1, 10);
         logger.info(result.toString());

dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/MonitorServiceTest.java

@@ -94,7 +94,7 @@ public class MonitorServiceTest {
 
         mockPermissionCheck(ApiFuncIdentificationConstant.MONITOR_DATABASES_VIEW, false);
         Map<String,Object> noPermission = monitorService.queryDatabaseState(user);
-        Assert.assertEquals(Status.NO_CURRENT_OPERATING_PERMISSION,noPermission.get(Constants.STATUS));
+        Assert.assertEquals(Status.SUCCESS,noPermission.get(Constants.STATUS));
     }
 
     @Test
@@ -106,7 +106,7 @@ public class MonitorServiceTest {
 
         mockPermissionCheck(ApiFuncIdentificationConstant.MONITOR_MASTER_VIEW, false);
         Map<String,Object> noPermission = monitorService.queryMaster(user);
-        Assert.assertEquals(Status.NO_CURRENT_OPERATING_PERMISSION,noPermission.get(Constants.STATUS));
+        Assert.assertEquals(Status.SUCCESS,noPermission.get(Constants.STATUS));
     }
 
     @Test
@@ -118,7 +118,7 @@ public class MonitorServiceTest {
 
         mockPermissionCheck(ApiFuncIdentificationConstant.MONITOR_WORKER_VIEW, false);
         Map<String,Object> noPermission = monitorService.queryWorker(user);
-        Assert.assertEquals(Status.NO_CURRENT_OPERATING_PERMISSION,noPermission.get(Constants.STATUS));
+        Assert.assertEquals(Status.SUCCESS,noPermission.get(Constants.STATUS));
     }
 
     @Test

dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/QueueServiceTest.java

@@ -28,15 +28,17 @@ import org.apache.dolphinscheduler.common.enums.UserType;
 import org.apache.dolphinscheduler.dao.entity.Queue;
 import org.apache.dolphinscheduler.dao.entity.User;
 import org.apache.dolphinscheduler.dao.mapper.QueueMapper;
-import org.apache.dolphinscheduler.dao.mapper.UserMapper;
 
 import org.apache.commons.collections.CollectionUtils;
 
 import java.util.ArrayList;
+import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
+import java.util.Set;
 
 import org.apache.dolphinscheduler.api.permission.ResourcePermissionCheckService;
+import org.apache.dolphinscheduler.dao.mapper.UserMapper;
 import org.junit.After;
 import org.junit.Assert;
 import org.junit.Before;
@@ -62,6 +64,7 @@ public class QueueServiceTest {
 
     private static final Logger logger = LoggerFactory.getLogger(QueueServiceTest.class);
     private static final Logger baseServiceLogger = LoggerFactory.getLogger(BaseServiceImpl.class);
+    private static final Logger queueServiceImplLogger = LoggerFactory.getLogger(QueueServiceImpl.class);
 
     @InjectMocks
     private QueueServiceImpl queueService;
@@ -70,10 +73,10 @@ public class QueueServiceTest {
     private QueueMapper queueMapper;
 
     @Mock
-    private ResourcePermissionCheckService resourcePermissionCheckService;
+    private UserMapper userMapper;
 
     @Mock
-    private UserMapper userMapper;
+    private ResourcePermissionCheckService resourcePermissionCheckService;
 
     private String queueName = "QueueServiceTest";
 
@@ -87,9 +90,10 @@ public class QueueServiceTest {
 
     @Test
     public void testQueryList() {
-        Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.QUEUE, getLoginUser().getId(), YARN_QUEUE_MANAGE, baseServiceLogger)).thenReturn(true);
+        Set<Integer> ids = new HashSet<>();
-        Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.QUEUE, null, 0, baseServiceLogger)).thenReturn(true);
+        ids.add(1);
-        Mockito.when(queueMapper.selectList(null)).thenReturn(getQueueList());
+        Mockito.when(resourcePermissionCheckService.userOwnedResourceIdsAcquisition(AuthorizationType.QUEUE, getLoginUser().getId(), queueServiceImplLogger)).thenReturn(ids);
+        Mockito.when(queueMapper.selectBatchIds(Mockito.anySet())).thenReturn(getQueueList());
         Map<String, Object> result = queueService.queryList(getLoginUser());
         logger.info(result.toString());
         List<Queue> queueList = (List<Queue>) result.get(Constants.DATA_LIST);
@@ -103,8 +107,9 @@ public class QueueServiceTest {
         IPage<Queue> page = new Page<>(1, 10);
         page.setTotal(1L);
         page.setRecords(getQueueList());
-        Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.QUEUE, getLoginUser().getId(), YARN_QUEUE_MANAGE, baseServiceLogger)).thenReturn(true);
+        Set<Integer> ids = new HashSet<>();
-        Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.QUEUE, null, 0, baseServiceLogger)).thenReturn(true);
+        ids.add(1);
+        Mockito.when(resourcePermissionCheckService.userOwnedResourceIdsAcquisition(AuthorizationType.QUEUE, getLoginUser().getId(), queueServiceImplLogger)).thenReturn(ids);
         Mockito.when(queueMapper.queryQueuePaging(Mockito.any(Page.class), Mockito.eq(queueName))).thenReturn(page);
         Result result = queueService.queryList(getLoginUser(), queueName, 1, 10);
         logger.info(result.toString());
@@ -138,12 +143,13 @@ public class QueueServiceTest {
         Mockito.when(queueMapper.existQueue("test", null)).thenReturn(true);
         Mockito.when(queueMapper.existQueue(null, "test")).thenReturn(true);
         Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.QUEUE, getLoginUser().getId(), YARN_QUEUE_UPDATE , baseServiceLogger)).thenReturn(true);
-        Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.QUEUE, null, 0, baseServiceLogger)).thenReturn(true);
+        Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.QUEUE, new Object[]{0}, 0, baseServiceLogger)).thenReturn(true);
         // not exist
         Map<String, Object> result = queueService.updateQueue(getLoginUser(), 0, "queue", queueName);
         logger.info(result.toString());
         Assert.assertEquals(Status.QUEUE_NOT_EXIST.getCode(), ((Status) result.get(Constants.STATUS)).getCode());
         //no need update
+        Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.QUEUE, new Object[]{1}, 0, baseServiceLogger)).thenReturn(true);
         result = queueService.updateQueue(getLoginUser(), 1, queueName, queueName);
         logger.info(result.toString());
         Assert.assertEquals(Status.NEED_NOT_UPDATE_QUEUE.getCode(), ((Status) result.get(Constants.STATUS)).getCode());
@@ -156,6 +162,7 @@ public class QueueServiceTest {
         logger.info(result.toString());
         Assert.assertEquals(Status.QUEUE_NAME_EXIST.getCode(), ((Status) result.get(Constants.STATUS)).getCode());
         //success
+        Mockito.when(userMapper.existUser(Mockito.anyString())).thenReturn(false);
         result = queueService.updateQueue(getLoginUser(), 1, "test1", "test1");
         logger.info(result.toString());
         Assert.assertEquals(Status.SUCCESS.getCode(), ((Status) result.get(Constants.STATUS)).getCode());

dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/ResourcesServiceTest.java

@@ -367,11 +367,9 @@ public class ResourcesServiceTest {
         loginUser.setId(0);
         loginUser.setUserType(UserType.ADMIN_USER);
 
-        PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 0, ApiFuncIdentificationConstant.FILE_VIEW, serviceLogger)).thenReturn(true);
+        PowerMockito.when(resourcePermissionCheckService.userOwnedResourceIdsAcquisition(AuthorizationType.RESOURCE_FILE_ID, 0, resourceLogger)).thenReturn(getSetIds());
-        PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, null, 0, serviceLogger)).thenReturn(true);
+        Mockito.when(resourcesMapper.selectBatchIds(Mockito.anySet())).thenReturn(getResourceList());
-        PowerMockito.when(resourcePermissionCheckService.userOwnedResourceIdsAcquisition(AuthorizationType.RESOURCE_FILE_ID, 0, serviceLogger)).thenReturn(getSetIds());
 
-        Mockito.when(resourcesMapper.queryResourceListAuthored(0, 0)).thenReturn(getResourceList());
         Map<String, Object> result = resourcesService.queryResourceList(loginUser, ResourceType.FILE);
         logger.info(result.toString());
         Assert.assertEquals(Status.SUCCESS, result.get(Constants.STATUS));
@@ -379,15 +377,11 @@ public class ResourcesServiceTest {
         Assert.assertTrue(CollectionUtils.isNotEmpty(resourceList));
 
         // test udf
-        PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 0, ApiFuncIdentificationConstant.UDF_FILE_VIEW, serviceLogger)).thenReturn(true);
+        PowerMockito.when(resourcePermissionCheckService.userOwnedResourceIdsAcquisition(AuthorizationType.UDF_FILE, 0, resourceLogger)).thenReturn(getSetIds());
-        PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, null, 0, serviceLogger)).thenReturn(true);
+        Mockito.when(resourcesMapper.selectBatchIds(Mockito.anySet())).thenReturn(Arrays.asList(getResource(11, ResourceType.UDF),
-        PowerMockito.when(resourcePermissionCheckService.userOwnedResourceIdsAcquisition(AuthorizationType.RESOURCE_FILE_ID, 0, serviceLogger)).thenReturn(getSetIds());
+                getResource(10, ResourceType.UDF), getResource(9, ResourceType.UDF), getResource(8, ResourceType.UDF)));
+
         loginUser.setUserType(UserType.GENERAL_USER);
-        Mockito.when(resourceUserMapper.queryResourcesIdListByUserIdAndPerm(0, 0))
-                .thenReturn(Arrays.asList(Integer.valueOf(10), Integer.valueOf(11)));
-        Mockito.when(resourcesMapper.queryResourceListById(Arrays.asList(Integer.valueOf(10), Integer.valueOf(11))))
-                .thenReturn(Arrays.asList(getResource(10, ResourceType.FILE), getResource(11, ResourceType.UDF)));
-        Mockito.when(resourcesMapper.queryResourceListAuthored(0, 1)).thenReturn(getResourceList());
         result = resourcesService.queryResourceList(loginUser, ResourceType.UDF);
         logger.info(result.toString());
         Assert.assertEquals(Status.SUCCESS, result.get(Constants.STATUS));

dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/TaskGroupServiceTest.java

@@ -156,7 +156,7 @@ public class TaskGroupServiceTest {
         User loginUser = getLoginUser();
         Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.TASK_GROUP, loginUser.getId(), ApiFuncIdentificationConstant.TASK_GROUP_VIEW, serviceLogger)).thenReturn(true);
         Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.TASK_GROUP, null, 0, serviceLogger)).thenReturn(true);
-        Mockito.when(taskGroupMapper.queryTaskGroupPaging(Mockito.any(Page.class), Mockito.eq(10),
+        Mockito.when(taskGroupMapper.queryTaskGroupPaging(Mockito.any(Page.class), Mockito.anyList(),
             Mockito.eq(null), Mockito.eq(0))).thenReturn(page);
 
         // query all

dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/TenantServiceTest.java

@@ -51,8 +51,10 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 import java.util.ArrayList;
+import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
+import java.util.Set;
 
 import static org.apache.dolphinscheduler.api.constants.ApiFuncIdentificationConstant.*;
 
@@ -64,6 +66,7 @@ import static org.apache.dolphinscheduler.api.constants.ApiFuncIdentificationCon
 public class TenantServiceTest {
     private static final Logger baseServiceLogger = LoggerFactory.getLogger(BaseServiceImpl.class);
     private static final Logger logger = LoggerFactory.getLogger(TenantServiceTest.class);
+    private static final Logger tenantServiceImplLogger = LoggerFactory.getLogger(TenantServiceImpl.class);
 
     @InjectMocks
     private TenantServiceImpl tenantService;
@@ -125,9 +128,10 @@ public class TenantServiceTest {
         IPage<Tenant> page = new Page<>(1, 10);
         page.setRecords(getList());
         page.setTotal(1L);
-        Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.TENANT, getLoginUser().getId(), TENANT_MANAGER, baseServiceLogger)).thenReturn(true);
+        Set<Integer> ids = new HashSet<>();
-        Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.TENANT, null, 0, baseServiceLogger)).thenReturn(true);
+        ids.add(1);
-        Mockito.when(tenantMapper.queryTenantPaging(Mockito.any(Page.class), Mockito.eq("TenantServiceTest")))
+        Mockito.when(resourcePermissionCheckService.userOwnedResourceIdsAcquisition(AuthorizationType.TENANT, getLoginUser().getId(), tenantServiceImplLogger)).thenReturn(ids);
+        Mockito.when(tenantMapper.queryTenantPaging(Mockito.any(Page.class), Mockito.anyList(), Mockito.eq("TenantServiceTest")))
         .thenReturn(page);
         Result result = tenantService.queryTenantList(getLoginUser(), "TenantServiceTest", 1, 10);
         logger.info(result.toString());

dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/WorkerGroupServiceTest.java

@@ -76,6 +76,7 @@ public class WorkerGroupServiceTest {
     @Test
     public void testDeleteWorkerGroupById() {
         User user = new User();
+        user.setId(1);
         user.setUserType(UserType.ADMIN_USER);
         WorkerGroup wg2 = getWorkerGroup(2);
         Mockito.when(workerGroupMapper.selectById(2)).thenReturn(wg2);

dolphinscheduler-dao/src/main/java/org/apache/dolphinscheduler/dao/mapper/TaskGroupMapper.java

@@ -25,6 +25,8 @@ import com.baomidou.mybatisplus.core.mapper.BaseMapper;
 import com.baomidou.mybatisplus.core.metadata.IPage;
 import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
 
+import java.util.List;
+
 /**
  * the Dao interfaces of task group
  *
@@ -60,7 +62,7 @@ public interface TaskGroupMapper extends BaseMapper<TaskGroup> {
      * @param status status
      * @return result page
      */
-    IPage<TaskGroup> queryTaskGroupPaging(IPage<TaskGroup> page, @Param("userId") int userId,
+    IPage<TaskGroup> queryTaskGroupPaging(IPage<TaskGroup> page, @Param("ids") List<Integer> ids,
                                           @Param("name") String name, @Param("status") Integer status);
 
     /**
@@ -77,4 +79,11 @@ public interface TaskGroupMapper extends BaseMapper<TaskGroup> {
     int selectCountByIdStatus(@Param("id") int id,@Param("status") int status);
 
     IPage<TaskGroup> queryTaskGroupPagingByProjectCode(Page<TaskGroup> page, @Param("projectCode") Long projectCode);
+
+    /**
+     * listAuthorizedResource
+     * @param userId
+     * @return
+     */
+    List<TaskGroup> listAuthorizedResource(@Param("userId") int userId);
 }

dolphinscheduler-dao/src/main/java/org/apache/dolphinscheduler/dao/mapper/TenantMapper.java

@@ -74,7 +74,7 @@ public interface TenantMapper extends BaseMapper<Tenant> {
      * @param searchVal searchVal
      * @return tenant IPage
      */
-    IPage<Tenant> queryTenantPaging(IPage<Tenant> page,
+    IPage<Tenant> queryTenantPaging(IPage<Tenant> page,@Param("ids") List<Integer> ids,
                                     @Param("searchVal") String searchVal);
 
     /**
@@ -93,4 +93,10 @@ public interface TenantMapper extends BaseMapper<Tenant> {
      * @return
      */
     IPage<Tenant> queryTenantPagingByIds(Page<Tenant> page, @Param("ids")List<Integer> ids, @Param("searchVal")String searchVal);
+
+    /**
+     * queryAll
+     * @return
+     */
+    List<Tenant> queryAll();
 }

dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/AccessTokenMapper.xml

@@ -35,7 +35,10 @@
     <select id="queryAccessTokenByUser" resultType="org.apache.dolphinscheduler.dao.entity.AccessToken">
         select id, user_id, token, expire_time, create_time, update_time
         from t_ds_access_token
-        where user_id = #{userId}
+        where 1 = 1
+        <if test="userId != 0">
+            and user_id = #{userId}
+        </if>
     </select>
 
     <delete id="deleteAccessTokenByUserId">

dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/TaskGroupMapper.xml

@@ -32,7 +32,7 @@
     </resultMap>
 
     <sql id = "baseSql">
-        id,name,description,project_code,group_size,use_size,status,create_time,update_time
+        id,name,description,user_id,project_code,group_size,use_size,status,create_time,update_time
     </sql>
 
     <select id="queryTaskGroupPaging" resultType="org.apache.dolphinscheduler.dao.entity.TaskGroup">
@@ -41,8 +41,11 @@
         </include>
         from t_ds_task_group
         <where>
-            <if test="userId != 0">
+            <if test="ids != null and ids.size() > 0">
-                and user_id = #{userId}
+                and id in
+                <foreach collection="ids" item="i" open="(" close=")" separator=",">
+                    #{i}
+                </foreach>
             </if>
             <if test="status != null">
                 and status = #{status}
@@ -103,4 +106,14 @@
         id = #{id} and status = #{status}
     </select>
 
+    <select id="listAuthorizedResource" resultType="org.apache.dolphinscheduler.dao.entity.TaskGroup">
+        select
+        <include refid="baseSql" />
+        from t_ds_task_group
+        where 1=1
+        <if test="userId != 0">
+            and user_id = #{userId}
+        </if>
+    </select>
+
 </mapper>

dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/TenantMapper.xml

@@ -41,6 +41,13 @@
         from t_ds_tenant
         where tenant_code = #{tenantCode}
     </select>
+
+    <select id="queryAll" resultType="org.apache.dolphinscheduler.dao.entity.Tenant">
+        select
+        <include refid="baseSql"/>
+        from t_ds_tenant
+    </select>
+
     <select id="queryTenantPaging" resultType="org.apache.dolphinscheduler.dao.entity.Tenant">
         SELECT
         <include refid="baseSqlV2">
@@ -52,6 +59,12 @@
         <if test="searchVal != null and searchVal != ''">
             and t.tenant_code like concat('%', #{searchVal}, '%')
         </if>
+        <if test="ids != null and ids.size() > 0">
+            and t.id in
+            <foreach collection="ids" item="i" open="(" close=")" separator=",">
+                #{i}
+            </foreach>
+        </if>
         order by t.update_time desc
     </select>
 

dolphinscheduler-dao/src/test/java/org/apache/dolphinscheduler/dao/mapper/TaskGroupMapperTest.java

@@ -24,6 +24,7 @@ import java.util.Date;
 
 import org.junit.Assert;
 import org.junit.Test;
+import org.mockito.Mockito;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -88,7 +89,7 @@ public class TaskGroupMapperTest extends BaseDaoTest {
         Page<TaskGroup> page = new Page(1, 3);
         IPage<TaskGroup> taskGroupIPage = taskGroupMapper.queryTaskGroupPaging(
                 page,
-                taskGroup.getUserId(),
+                Mockito.anyList(),
                 taskGroup.getName(), taskGroup.getStatus());
 
         Assert.assertEquals(taskGroupIPage.getTotal(), 1);

dolphinscheduler-dao/src/test/java/org/apache/dolphinscheduler/dao/mapper/TenantMapperTest.java

@@ -20,6 +20,8 @@ import org.apache.dolphinscheduler.dao.BaseDaoTest;
 import org.apache.dolphinscheduler.dao.entity.Queue;
 import org.apache.dolphinscheduler.dao.entity.Tenant;
 
+import java.util.Arrays;
+import java.util.Collections;
 import java.util.Date;
 import java.util.List;
 
@@ -136,7 +138,7 @@ public class TenantMapperTest extends BaseDaoTest {
         Page<Tenant> page = new Page(1, 3);
 
         //tenant.getTenantCode() used instead of tenant.getTenantName()
-        IPage<Tenant> tenantIPage = tenantMapper.queryTenantPaging(page, tenant.getTenantCode());
+        IPage<Tenant> tenantIPage = tenantMapper.queryTenantPaging(page, Collections.singletonList(tenant.getId()), tenant.getTenantCode());
 
         Assert.assertNotEquals(tenantIPage.getTotal(), 0);
     }