to feature #7180 (#7185)

Co-authored-by: ouyangyewei <yewei.oyyw@alibaba-inc.com>
3 years ago · 3361d763c4
9 changed files with 120 additions and 1 deletions
--- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/controller/UsersController.java
+++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/controller/UsersController.java
@ -17,6 +17,7 @@

 package org.apache.dolphinscheduler.api.controller;

+import static org.apache.dolphinscheduler.api.enums.Status.REVOKE_PROJECT_ERROR;
 import static org.apache.dolphinscheduler.api.enums.Status.AUTHORIZED_USER_ERROR;
 import static org.apache.dolphinscheduler.api.enums.Status.CREATE_USER_ERROR;
 import static org.apache.dolphinscheduler.api.enums.Status.DELETE_USER_BY_ID_ERROR;
@ -258,6 +259,30 @@ public class UsersController extends BaseController {
        return returnDataList(result);
    }

+    /**
+     * revoke project
+     *
+     * @param loginUser     login user
+     * @param userId        user id
+     * @param projectCode   project code
+     * @return revoke result code
+     */
+    @ApiOperation(value = "revokeProject", notes = "REVOKE_PROJECT_NOTES")
+    @ApiImplicitParams({
+        @ApiImplicitParam(name = "userId", value = "USER_ID", required = true, dataType = "Int", example = "100"),
+        @ApiImplicitParam(name = "projectCode", value = "PROJECT_CODE", required = true, type = "Long", example = "100")
+    })
+    @PostMapping(value = "/revoke-project")
+    @ResponseStatus(HttpStatus.OK)
+    @ApiException(REVOKE_PROJECT_ERROR)
+    @AccessLogAnnotation
+    public Result revokeProject(@ApiIgnore @RequestAttribute(value = Constants.SESSION_USER) User loginUser,
+            @RequestParam(value = "userId") int userId,
+            @RequestParam(value = "projectCode") long projectCode) {
+        Map<String, Object> result = this.usersService.revokeProject(loginUser, userId, projectCode);
+        return returnDataList(result);
+    }
+
    /**
     * grant resource
     *
--- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/enums/Status.java
+++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/enums/Status.java
@ -212,7 +212,7 @@ public enum Status {
    TRANSFORM_PROJECT_OWNERSHIP(10179, "Please transform project ownership [{0}]", "请先转移项目所有权[{0}]"),
    QUERY_ALERT_GROUP_ERROR(10180, "query alert group error", "查询告警组错误"),
    CURRENT_LOGIN_USER_TENANT_NOT_EXIST(10181, "the tenant of the currently login user is not specified", "未指定当前登录用户的租户"),
-
+    REVOKE_PROJECT_ERROR(10182, "revoke project error", "撤销项目授权错误"),

    UDF_FUNCTION_NOT_EXIST(20001, "UDF function not found", "UDF函数不存在"),
    UDF_FUNCTION_EXISTS(20002, "UDF function already exists", "UDF函数已存在"),
--- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/UsersService.java
+++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/UsersService.java
@ -163,6 +163,14 @@ public interface UsersService {
     */
    Map<String, Object> grantProjectByCode(User loginUser, int userId, String projectCodes);

+    /**
+     * revoke the project permission for specified user.
+     * @param loginUser     Login user
+     * @param userId        User id
+     * @param projectCode   Project Code
+     * @return
+     */
+    Map<String, Object> revokeProject(User loginUser, int userId, long projectCode);

    /**
     * grant resource
--- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UsersServiceImpl.java
+++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UsersServiceImpl.java
@ -635,6 +635,43 @@ public class UsersServiceImpl extends BaseServiceImpl implements UsersService {
        return result;
    }

+    /**
+     * revoke the project permission for specified user.
+     * @param loginUser     Login user
+     * @param userId        User id
+     * @param projectCode   Project Code
+     * @return
+     */
+    @Override
+    public Map<String, Object> revokeProject(User loginUser, int userId, long projectCode) {
+        Map<String, Object> result = new HashMap<>();
+        result.put(Constants.STATUS, false);
+
+        // 1. only admin can operate
+        if (this.check(result, !this.isAdmin(loginUser), Status.USER_NO_OPERATION_PERM)) {
+            return result;
+        }
+
+        // 2. check if user is existed
+        User user = this.userMapper.selectById(userId);
+        if (user == null) {
+            this.putMsg(result, Status.USER_NOT_EXIST, userId);
+            return result;
+        }
+
+        // 3. check if project is existed
+        Project project = this.projectMapper.queryByCode(projectCode);
+        if (project == null) {
+            this.putMsg(result, Status.PROJECT_NOT_FOUNT, projectCode);
+            return result;
+        }
+
+        // 4. delete th relationship between project and user
+        this.projectUserMapper.deleteProjectRelation(project.getId(), user.getId());
+        this.putMsg(result, Status.SUCCESS);
+        return result;
+    }
+
    /**
     * grant resource
     *
--- a/dolphinscheduler-api/src/main/resources/i18n/messages.properties
+++ b/dolphinscheduler-api/src/main/resources/i18n/messages.properties
@ -223,6 +223,8 @@ GRANT_PROJECT_NOTES=GRANT PROJECT
 PROJECT_IDS=project ids(string format, multiple projects separated by ",")
 GRANT_PROJECT_BY_CODE_NOTES=GRANT PROJECT BY CODE
 PROJECT_CODES=project codes(string format, multiple project codes separated by ",")
+REVOKE_PROJECT_NOTES=REVOKE PROJECT FOR USER
+PROJECT_CODE=project codes
 GRANT_RESOURCE_NOTES=grant resource file
 RESOURCE_IDS=resource ids(string format, multiple resources separated by ",")
 GET_USER_INFO_NOTES=get user info 
--- a/dolphinscheduler-api/src/main/resources/i18n/messages_en_US.properties
+++ b/dolphinscheduler-api/src/main/resources/i18n/messages_en_US.properties
@ -270,6 +270,8 @@ GRANT_PROJECT_NOTES=GRANT PROJECT
 PROJECT_IDS=project ids(string format, multiple projects separated by ",")
 GRANT_PROJECT_BY_CODE_NOTES=GRANT PROJECT BY CODE
 PROJECT_CODES=project codes(string format, multiple project codes separated by ",")
+REVOKE_PROJECT_NOTES=REVOKE PROJECT FOR USER
+PROJECT_CODE=project codes
 GRANT_RESOURCE_NOTES=grant resource file
 RESOURCE_IDS=resource ids(string format, multiple resources separated by ",")
 GET_USER_INFO_NOTES=get user info 
--- a/dolphinscheduler-api/src/main/resources/i18n/messages_zh_CN.properties
+++ b/dolphinscheduler-api/src/main/resources/i18n/messages_zh_CN.properties
@ -258,6 +258,8 @@ GRANT_PROJECT_NOTES=授权项目
 PROJECT_IDS=项目IDS(字符串格式，多个项目以","分割)
 GRANT_PROJECT_BY_CODE_NOTES=授权项目
 PROJECT_CODES=项目Codes(字符串格式，多个项目Code以","分割)
+REVOKE_PROJECT_NOTES=撤销用户的项目权限
+PROJECT_CODE=项目Code
 GRANT_RESOURCE_NOTES=授权资源文件
 RESOURCE_IDS=资源ID列表(字符串格式，多个资源ID以","分割)
 GET_USER_INFO_NOTES=获取用户信息
--- a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/controller/UsersControllerTest.java
+++ b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/controller/UsersControllerTest.java
@ -125,6 +125,24 @@ public class UsersControllerTest extends AbstractControllerTest {
        logger.info(mvcResult.getResponse().getContentAsString());
    }

+    @Test
+    public void testRevokeProject() throws Exception {
+        MultiValueMap<String, String> paramsMap = new LinkedMultiValueMap<>();
+        paramsMap.add("userId", "32");
+        paramsMap.add("projectCode", "3682329499136");
+
+        MvcResult mvcResult = this.mockMvc.perform(post("/users/revoke-project")
+                .header(SESSION_ID, this.sessionId)
+                .params(paramsMap))
+                .andExpect(status().isOk())
+                .andExpect(content().contentType(MediaType.APPLICATION_JSON))
+                .andReturn();
+
+        Result result = JSONUtils.parseObject(mvcResult.getResponse().getContentAsString(), Result.class);
+        Assert.assertEquals(Status.USER_NOT_EXIST.getCode(), result.getCode().intValue());
+        logger.info(mvcResult.getResponse().getContentAsString());
+    }
+
    @Test
    public void testGrantResource() throws Exception {
        MultiValueMap<String, String> paramsMap = new LinkedMultiValueMap<>();
--- a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/UsersServiceTest.java
+++ b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/UsersServiceTest.java
@ -362,6 +362,31 @@ public class UsersServiceTest {
        Assert.assertEquals(Status.SUCCESS, result.get(Constants.STATUS));
    }

+    @Test
+    public void testRevokeProject() {
+        Mockito.when(this.userMapper.selectById(1)).thenReturn(this.getUser());
+
+        final long projectCode = 3682329499136L;
+
+        // user no permission
+        User loginUser = new User();
+        Map<String, Object> result = this.usersService.revokeProject(loginUser, 1, projectCode);
+        logger.info(result.toString());
+        Assert.assertEquals(Status.USER_NO_OPERATION_PERM, result.get(Constants.STATUS));
+
+        // user not exist
+        loginUser.setUserType(UserType.ADMIN_USER);
+        result = this.usersService.revokeProject(loginUser, 2, projectCode);
+        logger.info(result.toString());
+        Assert.assertEquals(Status.USER_NOT_EXIST, result.get(Constants.STATUS));
+
+        // success
+        Mockito.when(this.projectMapper.queryByCode(Mockito.anyLong())).thenReturn(new Project());
+        result = this.usersService.revokeProject(loginUser, 1, projectCode);
+        logger.info(result.toString());
+        Assert.assertEquals(Status.SUCCESS, result.get(Constants.STATUS));
+    }
+
    @Test
    public void testGrantResources() {
        String resourceIds = "100000,120000";