From 3361d763c4af1b387602dfc97a5a57961b5a7c43 Mon Sep 17 00:00:00 2001 From: ouyangyewei Date: Sun, 5 Dec 2021 14:13:23 +0800 Subject: [PATCH] to feature #7180 (#7185) Co-authored-by: ouyangyewei --- .../api/controller/UsersController.java | 25 +++++++++++++ .../dolphinscheduler/api/enums/Status.java | 2 +- .../api/service/UsersService.java | 8 ++++ .../api/service/impl/UsersServiceImpl.java | 37 +++++++++++++++++++ .../main/resources/i18n/messages.properties | 2 + .../resources/i18n/messages_en_US.properties | 2 + .../resources/i18n/messages_zh_CN.properties | 2 + .../api/controller/UsersControllerTest.java | 18 +++++++++ .../api/service/UsersServiceTest.java | 25 +++++++++++++ 9 files changed, 120 insertions(+), 1 deletion(-) diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/controller/UsersController.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/controller/UsersController.java index 4a12460bc8..502023a577 100644 --- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/controller/UsersController.java +++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/controller/UsersController.java @@ -17,6 +17,7 @@ package org.apache.dolphinscheduler.api.controller; +import static org.apache.dolphinscheduler.api.enums.Status.REVOKE_PROJECT_ERROR; import static org.apache.dolphinscheduler.api.enums.Status.AUTHORIZED_USER_ERROR; import static org.apache.dolphinscheduler.api.enums.Status.CREATE_USER_ERROR; import static org.apache.dolphinscheduler.api.enums.Status.DELETE_USER_BY_ID_ERROR; @@ -258,6 +259,30 @@ public class UsersController extends BaseController { return returnDataList(result); } + /** + * revoke project + * + * @param loginUser login user + * @param userId user id + * @param projectCode project code + * @return revoke result code + */ + @ApiOperation(value = "revokeProject", notes = "REVOKE_PROJECT_NOTES") + @ApiImplicitParams({ + @ApiImplicitParam(name = "userId", value = "USER_ID", required = true, dataType = "Int", example = "100"), + @ApiImplicitParam(name = "projectCode", value = "PROJECT_CODE", required = true, type = "Long", example = "100") + }) + @PostMapping(value = "/revoke-project") + @ResponseStatus(HttpStatus.OK) + @ApiException(REVOKE_PROJECT_ERROR) + @AccessLogAnnotation + public Result revokeProject(@ApiIgnore @RequestAttribute(value = Constants.SESSION_USER) User loginUser, + @RequestParam(value = "userId") int userId, + @RequestParam(value = "projectCode") long projectCode) { + Map result = this.usersService.revokeProject(loginUser, userId, projectCode); + return returnDataList(result); + } + /** * grant resource * diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/enums/Status.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/enums/Status.java index 7943c9b84c..7f72b163a7 100644 --- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/enums/Status.java +++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/enums/Status.java @@ -212,7 +212,7 @@ public enum Status { TRANSFORM_PROJECT_OWNERSHIP(10179, "Please transform project ownership [{0}]", "请先转移项目所有权[{0}]"), QUERY_ALERT_GROUP_ERROR(10180, "query alert group error", "查询告警组错误"), CURRENT_LOGIN_USER_TENANT_NOT_EXIST(10181, "the tenant of the currently login user is not specified", "未指定当前登录用户的租户"), - + REVOKE_PROJECT_ERROR(10182, "revoke project error", "撤销项目授权错误"), UDF_FUNCTION_NOT_EXIST(20001, "UDF function not found", "UDF函数不存在"), UDF_FUNCTION_EXISTS(20002, "UDF function already exists", "UDF函数已存在"), diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/UsersService.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/UsersService.java index c50a37b755..6e701a0b18 100644 --- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/UsersService.java +++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/UsersService.java @@ -163,6 +163,14 @@ public interface UsersService { */ Map grantProjectByCode(User loginUser, int userId, String projectCodes); + /** + * revoke the project permission for specified user. + * @param loginUser Login user + * @param userId User id + * @param projectCode Project Code + * @return + */ + Map revokeProject(User loginUser, int userId, long projectCode); /** * grant resource diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UsersServiceImpl.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UsersServiceImpl.java index 52a78a6162..4caf22c431 100644 --- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UsersServiceImpl.java +++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UsersServiceImpl.java @@ -635,6 +635,43 @@ public class UsersServiceImpl extends BaseServiceImpl implements UsersService { return result; } + /** + * revoke the project permission for specified user. + * @param loginUser Login user + * @param userId User id + * @param projectCode Project Code + * @return + */ + @Override + public Map revokeProject(User loginUser, int userId, long projectCode) { + Map result = new HashMap<>(); + result.put(Constants.STATUS, false); + + // 1. only admin can operate + if (this.check(result, !this.isAdmin(loginUser), Status.USER_NO_OPERATION_PERM)) { + return result; + } + + // 2. check if user is existed + User user = this.userMapper.selectById(userId); + if (user == null) { + this.putMsg(result, Status.USER_NOT_EXIST, userId); + return result; + } + + // 3. check if project is existed + Project project = this.projectMapper.queryByCode(projectCode); + if (project == null) { + this.putMsg(result, Status.PROJECT_NOT_FOUNT, projectCode); + return result; + } + + // 4. delete th relationship between project and user + this.projectUserMapper.deleteProjectRelation(project.getId(), user.getId()); + this.putMsg(result, Status.SUCCESS); + return result; + } + /** * grant resource * diff --git a/dolphinscheduler-api/src/main/resources/i18n/messages.properties b/dolphinscheduler-api/src/main/resources/i18n/messages.properties index ab1cbe6d12..7f43ce6910 100644 --- a/dolphinscheduler-api/src/main/resources/i18n/messages.properties +++ b/dolphinscheduler-api/src/main/resources/i18n/messages.properties @@ -223,6 +223,8 @@ GRANT_PROJECT_NOTES=GRANT PROJECT PROJECT_IDS=project ids(string format, multiple projects separated by ",") GRANT_PROJECT_BY_CODE_NOTES=GRANT PROJECT BY CODE PROJECT_CODES=project codes(string format, multiple project codes separated by ",") +REVOKE_PROJECT_NOTES=REVOKE PROJECT FOR USER +PROJECT_CODE=project codes GRANT_RESOURCE_NOTES=grant resource file RESOURCE_IDS=resource ids(string format, multiple resources separated by ",") GET_USER_INFO_NOTES=get user info diff --git a/dolphinscheduler-api/src/main/resources/i18n/messages_en_US.properties b/dolphinscheduler-api/src/main/resources/i18n/messages_en_US.properties index 074aa94f8b..8c03137fe5 100644 --- a/dolphinscheduler-api/src/main/resources/i18n/messages_en_US.properties +++ b/dolphinscheduler-api/src/main/resources/i18n/messages_en_US.properties @@ -270,6 +270,8 @@ GRANT_PROJECT_NOTES=GRANT PROJECT PROJECT_IDS=project ids(string format, multiple projects separated by ",") GRANT_PROJECT_BY_CODE_NOTES=GRANT PROJECT BY CODE PROJECT_CODES=project codes(string format, multiple project codes separated by ",") +REVOKE_PROJECT_NOTES=REVOKE PROJECT FOR USER +PROJECT_CODE=project codes GRANT_RESOURCE_NOTES=grant resource file RESOURCE_IDS=resource ids(string format, multiple resources separated by ",") GET_USER_INFO_NOTES=get user info diff --git a/dolphinscheduler-api/src/main/resources/i18n/messages_zh_CN.properties b/dolphinscheduler-api/src/main/resources/i18n/messages_zh_CN.properties index 2cd80ca551..fc83ae6635 100644 --- a/dolphinscheduler-api/src/main/resources/i18n/messages_zh_CN.properties +++ b/dolphinscheduler-api/src/main/resources/i18n/messages_zh_CN.properties @@ -258,6 +258,8 @@ GRANT_PROJECT_NOTES=授权项目 PROJECT_IDS=项目IDS(字符串格式,多个项目以","分割) GRANT_PROJECT_BY_CODE_NOTES=授权项目 PROJECT_CODES=项目Codes(字符串格式,多个项目Code以","分割) +REVOKE_PROJECT_NOTES=撤销用户的项目权限 +PROJECT_CODE=项目Code GRANT_RESOURCE_NOTES=授权资源文件 RESOURCE_IDS=资源ID列表(字符串格式,多个资源ID以","分割) GET_USER_INFO_NOTES=获取用户信息 diff --git a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/controller/UsersControllerTest.java b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/controller/UsersControllerTest.java index d6a426f730..5b696141c9 100644 --- a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/controller/UsersControllerTest.java +++ b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/controller/UsersControllerTest.java @@ -125,6 +125,24 @@ public class UsersControllerTest extends AbstractControllerTest { logger.info(mvcResult.getResponse().getContentAsString()); } + @Test + public void testRevokeProject() throws Exception { + MultiValueMap paramsMap = new LinkedMultiValueMap<>(); + paramsMap.add("userId", "32"); + paramsMap.add("projectCode", "3682329499136"); + + MvcResult mvcResult = this.mockMvc.perform(post("/users/revoke-project") + .header(SESSION_ID, this.sessionId) + .params(paramsMap)) + .andExpect(status().isOk()) + .andExpect(content().contentType(MediaType.APPLICATION_JSON)) + .andReturn(); + + Result result = JSONUtils.parseObject(mvcResult.getResponse().getContentAsString(), Result.class); + Assert.assertEquals(Status.USER_NOT_EXIST.getCode(), result.getCode().intValue()); + logger.info(mvcResult.getResponse().getContentAsString()); + } + @Test public void testGrantResource() throws Exception { MultiValueMap paramsMap = new LinkedMultiValueMap<>(); diff --git a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/UsersServiceTest.java b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/UsersServiceTest.java index 2bb8dec8af..acfe2204be 100644 --- a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/UsersServiceTest.java +++ b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/UsersServiceTest.java @@ -362,6 +362,31 @@ public class UsersServiceTest { Assert.assertEquals(Status.SUCCESS, result.get(Constants.STATUS)); } + @Test + public void testRevokeProject() { + Mockito.when(this.userMapper.selectById(1)).thenReturn(this.getUser()); + + final long projectCode = 3682329499136L; + + // user no permission + User loginUser = new User(); + Map result = this.usersService.revokeProject(loginUser, 1, projectCode); + logger.info(result.toString()); + Assert.assertEquals(Status.USER_NO_OPERATION_PERM, result.get(Constants.STATUS)); + + // user not exist + loginUser.setUserType(UserType.ADMIN_USER); + result = this.usersService.revokeProject(loginUser, 2, projectCode); + logger.info(result.toString()); + Assert.assertEquals(Status.USER_NOT_EXIST, result.get(Constants.STATUS)); + + // success + Mockito.when(this.projectMapper.queryByCode(Mockito.anyLong())).thenReturn(new Project()); + result = this.usersService.revokeProject(loginUser, 1, projectCode); + logger.info(result.toString()); + Assert.assertEquals(Status.SUCCESS, result.get(Constants.STATUS)); + } + @Test public void testGrantResources() { String resourceIds = "100000,120000";