From c843e3a31550c5a23c7e68624dfaa59bdd7957f8 Mon Sep 17 00:00:00 2001 From: WangJPLeo <103574007+WangJPLeo@users.noreply.github.com> Date: Sun, 12 Jun 2022 18:27:49 +0800 Subject: [PATCH] Fixed the problem of not having permission to modify the allocated resource data. (#10410) --- .../api/permission/ResourcePermissionCheckService.java | 8 ++++---- .../permission/ResourcePermissionCheckServiceImpl.java | 8 ++++---- .../api/service/impl/ResourcesServiceImpl.java | 5 ----- .../api/service/impl/UdfFuncServiceImpl.java | 2 +- .../api/service/ResourcesServiceTest.java | 4 ++-- .../dolphinscheduler/api/service/UdfFuncServiceTest.java | 5 +++-- 6 files changed, 14 insertions(+), 18 deletions(-) diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/permission/ResourcePermissionCheckService.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/permission/ResourcePermissionCheckService.java index 5831d59027..0d85e9b7db 100644 --- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/permission/ResourcePermissionCheckService.java +++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/permission/ResourcePermissionCheckService.java @@ -31,7 +31,7 @@ public interface ResourcePermissionCheckService{ * @param logger * @return */ - boolean resourcePermissionCheck(AuthorizationType authorizationType, Object[] needChecks, Integer userId, Logger logger); + boolean resourcePermissionCheck(Object authorizationType, Object[] needChecks, Integer userId, Logger logger); /** * userOwnedResourceIdsAcquisition @@ -41,7 +41,7 @@ public interface ResourcePermissionCheckService{ * @param * @return */ - Set userOwnedResourceIdsAcquisition(AuthorizationType authorizationType, Integer userId, Logger logger); + Set userOwnedResourceIdsAcquisition(Object authorizationType, Integer userId, Logger logger); /** * operationpermissionCheck @@ -51,7 +51,7 @@ public interface ResourcePermissionCheckService{ * @param logger * @return */ - boolean operationPermissionCheck(AuthorizationType authorizationType, Integer userId, String permissionKey, Logger logger); + boolean operationPermissionCheck(Object authorizationType, Integer userId, String permissionKey, Logger logger); /** * functionDisabled @@ -65,5 +65,5 @@ public interface ResourcePermissionCheckService{ * @param ids * @param logger */ - void postHandle(AuthorizationType authorizationType, Integer userId, List ids, Logger logger); + void postHandle(Object authorizationType, Integer userId, List ids, Logger logger); } diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/permission/ResourcePermissionCheckServiceImpl.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/permission/ResourcePermissionCheckServiceImpl.java index c69a8deec9..67e8da2eb8 100644 --- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/permission/ResourcePermissionCheckServiceImpl.java +++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/permission/ResourcePermissionCheckServiceImpl.java @@ -93,7 +93,7 @@ public class ResourcePermissionCheckServiceImpl implements ResourcePermissionChe } @Override - public boolean resourcePermissionCheck(AuthorizationType authorizationType, Object[] needChecks, Integer userId, Logger logger) { + public boolean resourcePermissionCheck(Object authorizationType, Object[] needChecks, Integer userId, Logger logger) { if (Objects.nonNull(needChecks) && needChecks.length > 0) { Set originResSet = new HashSet<>(Arrays.asList(needChecks)); Set ownResSets = RESOURCE_LIST_MAP.get(authorizationType).listAuthorizedResource(userId, logger); @@ -104,7 +104,7 @@ public class ResourcePermissionCheckServiceImpl implements ResourcePermissionChe } @Override - public boolean operationPermissionCheck(AuthorizationType authorizationType, Integer userId, String permissionKey, Logger logger) { + public boolean operationPermissionCheck(Object authorizationType, Integer userId, String permissionKey, Logger logger) { return RESOURCE_LIST_MAP.get(authorizationType).permissionCheck(userId, permissionKey, logger); } @@ -114,12 +114,12 @@ public class ResourcePermissionCheckServiceImpl implements ResourcePermissionChe } @Override - public void postHandle(AuthorizationType authorizationType, Integer userId, List ids, Logger logger) { + public void postHandle(Object authorizationType, Integer userId, List ids, Logger logger) { logger.debug("no post handle"); } @Override - public Set userOwnedResourceIdsAcquisition(AuthorizationType authorizationType, Integer userId, Logger logger) { + public Set userOwnedResourceIdsAcquisition(Object authorizationType, Integer userId, Logger logger) { User user = processService.getUserById(userId); if (user == null) { logger.error("user id {} doesn't exist", userId); diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ResourcesServiceImpl.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ResourcesServiceImpl.java index 62d27a6ea3..5224e86525 100644 --- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ResourcesServiceImpl.java +++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ResourcesServiceImpl.java @@ -379,11 +379,6 @@ public class ResourcesServiceImpl extends BaseServiceImpl implements ResourcesSe return result; } - if (!canOperator(loginUser, resource.getUserId())) { - putMsg(result, Status.USER_NO_OPERATION_PERM); - return result; - } - if (file == null && name.equals(resource.getAlias()) && desc.equals(resource.getDescription())) { putMsg(result, Status.SUCCESS); return result; diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UdfFuncServiceImpl.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UdfFuncServiceImpl.java index 4823ebd352..010629756e 100644 --- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UdfFuncServiceImpl.java +++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UdfFuncServiceImpl.java @@ -197,7 +197,7 @@ public class UdfFuncServiceImpl extends BaseServiceImpl implements UdfFuncServic int resourceId) { Result result = new Result<>(); - boolean canOperatorPermissions = canOperatorPermissions(loginUser, new Object[]{resourceId}, AuthorizationType.UDF, ApiFuncIdentificationConstant.UDF_FUNCTION_UPDATE); + boolean canOperatorPermissions = canOperatorPermissions(loginUser, new Object[]{udfFuncId}, AuthorizationType.UDF, ApiFuncIdentificationConstant.UDF_FUNCTION_UPDATE); if (!canOperatorPermissions){ putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION); return result; diff --git a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/ResourcesServiceTest.java b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/ResourcesServiceTest.java index 3d0d13c7b6..452ae06510 100644 --- a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/ResourcesServiceTest.java +++ b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/ResourcesServiceTest.java @@ -267,10 +267,10 @@ public class ResourcesServiceTest { user.setId(2); user.setUserType(UserType.GENERAL_USER); PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 2, ApiFuncIdentificationConstant.FILE_UPDATE, serviceLogger)).thenReturn(true); - PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, new Object[]{1}, 2, serviceLogger)).thenReturn(true); + PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, new Object[]{1}, 2, serviceLogger)).thenReturn(false); result = resourcesService.updateResource(user, 1, "ResourcesServiceTest", "ResourcesServiceTest", ResourceType.FILE, null); logger.info(result.toString()); - Assert.assertEquals(Status.USER_NO_OPERATION_PERM.getMsg(), result.getMsg()); + Assert.assertEquals(Status.NO_CURRENT_OPERATING_PERMISSION.getMsg(), result.getMsg()); //RESOURCE_NOT_EXIST user.setId(1); diff --git a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/UdfFuncServiceTest.java b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/UdfFuncServiceTest.java index e9b7877bc8..6244b35c06 100644 --- a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/UdfFuncServiceTest.java +++ b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/UdfFuncServiceTest.java @@ -144,13 +144,14 @@ public class UdfFuncServiceTest { //UDF_FUNCTION_NOT_EXIST PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.UDF, 1, ApiFuncIdentificationConstant.UDF_FUNCTION_UPDATE, serviceLogger)).thenReturn(true); - PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.UDF, new Object[]{1}, 0, serviceLogger)).thenReturn(true); + PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.UDF, new Object[]{12}, 0, serviceLogger)).thenReturn(true); Result result = udfFuncService.updateUdfFunc(getLoginUser(), 12, "UdfFuncServiceTest", "org.apache.dolphinscheduler.api.service.UdfFuncServiceTest", "String", "UdfFuncServiceTest", "UdfFuncServiceTest", UdfType.HIVE, 1); logger.info(result.toString()); Assert.assertTrue(Status.UDF_FUNCTION_NOT_EXIST.getCode() == result.getCode()); //HDFS_NOT_STARTUP + PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.UDF, new Object[]{1}, 0, serviceLogger)).thenReturn(true); result = udfFuncService.updateUdfFunc(getLoginUser(), 1, "UdfFuncServiceTest", "org.apache.dolphinscheduler.api.service.UdfFuncServiceTest", "String", "UdfFuncServiceTest", "UdfFuncServiceTest", UdfType.HIVE, 1); logger.info(result.toString()); @@ -158,7 +159,7 @@ public class UdfFuncServiceTest { //RESOURCE_NOT_EXIST PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.UDF, 1, ApiFuncIdentificationConstant.UDF_FUNCTION_UPDATE, serviceLogger)).thenReturn(true); - PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.UDF, new Object[]{12}, 0, serviceLogger)).thenReturn(true); + PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.UDF, new Object[]{11}, 0, serviceLogger)).thenReturn(true); PowerMockito.when(udfFuncMapper.selectUdfById(11)).thenReturn(getUdfFunc()); PowerMockito.when(PropertyUtils.getResUploadStartupState()).thenReturn(true); result = udfFuncService.updateUdfFunc(getLoginUser(), 11, "UdfFuncServiceTest", "org.apache.dolphinscheduler.api.service.UdfFuncServiceTest", "String",