From 40d9c7b0e1d30b21d308b0a83dfdc93b1c029cc0 Mon Sep 17 00:00:00 2001 From: lgcareer <18610854716@163.com> Date: Tue, 5 Nov 2019 13:43:39 +0800 Subject: [PATCH] when delete access token add whether login user has perm to delete (#1159) * rename from DatasourceUserMapper to DataSourceUserMapper * add unit test in UserMapper and WorkerGroupMapper * change cn.escheduler to org.apache.dolphinscheduler * add unit test in UdfFuncMapperTest * add unit test in UdfFuncMapperTest * remove DatabaseConfiguration * add ConnectionFactoryTest * cal duration in processInstancesList * change desc to description * change table name in mysql ddl * change table name in mysql ddl * change escheduler to dolphinscheduler * change escheduler to dolphinscheduler * change escheduler to dolphinscheduler * remove log4j-1.2-api and modify AlertMapperTest * remove log4j-1.2-api * Add alertDao to spring management * Add alertDao to spring management * get SqlSessionFactory from MybatisSqlSessionFactoryBean * get processDao by DaoFactory * read druid properties in ConneciontFactory * read druid properties in ConneciontFactory * change get alertDao by spring to DaoFactory * add log4j to resolve #967 * resole verify udf name error and delete udf error * Determine if principal is empty * Determine whether the logon user has the right to delete the project * Fixed an issue that produced attatch file named such as ATT00002.bin * fix too many connection in upgrade or create * fix NEED_FAULT_TOLERANCE and WAITTING_THREAD count fail * Added a judgment on whether the currently login user is an administrator * fix update udf database not change and create time is changed * add enterprise.wechat.enable to decide whether to send enterprise WeChat * change method check * Remove the administrator's judgment on query access token list * only admin can create worker group * delete alert group need delete the relation of user and alert group * add timeout in proxy when upload large resource * add gets scheduled times by expect fire times * add gets scheduled times by expect fire times * Increase the judgment of whether it is admin * Increase the judgment of whether it is admin * when delete access token add whether login user has perm to delete --- .../apache/dolphinscheduler/api/enums/Status.java | 11 ++++++----- .../api/service/AccessTokenService.java | 14 ++++++++++++-- 2 files changed, 18 insertions(+), 7 deletions(-) diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/enums/Status.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/enums/Status.java index 78e9c772ff..da5e1409d2 100644 --- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/enums/Status.java +++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/enums/Status.java @@ -236,11 +236,12 @@ public enum Status { - CREATE_ACCESS_TOKEN_ERROR(70001,"create access token error"), - GENERATE_TOKEN_ERROR(70002,"generate token error"), - QUERY_ACCESSTOKEN_LIST_PAGING_ERROR(70003,"query access token list paging error"), - UPDATE_ACCESS_TOKEN_ERROR(70004,"update access token error"), - DELETE_ACCESS_TOKEN_ERROR(70005,"delete access token error"), + CREATE_ACCESS_TOKEN_ERROR(70010,"create access token error"), + GENERATE_TOKEN_ERROR(70011,"generate token error"), + QUERY_ACCESSTOKEN_LIST_PAGING_ERROR(70012,"query access token list paging error"), + UPDATE_ACCESS_TOKEN_ERROR(70013,"update access token error"), + DELETE_ACCESS_TOKEN_ERROR(70014,"delete access token error"), + ACCESS_TOKEN_NOT_EXIST(70015, "access token not exist"), COMMAND_STATE_COUNT_ERROR(80001,"task instance state count error"), diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/AccessTokenService.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/AccessTokenService.java index 76e097e154..e6413f8fc3 100644 --- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/AccessTokenService.java +++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/AccessTokenService.java @@ -145,8 +145,18 @@ public class AccessTokenService extends BaseService { */ public Map delAccessTokenById(User loginUser, int id) { Map result = new HashMap<>(5); - //only admin can operate - if (checkAdmin(loginUser, result)) { + + AccessToken accessToken = accessTokenMapper.selectById(id); + + if (accessToken == null) { + logger.error("access token not exist, access token id {}", id); + putMsg(result, Status.ACCESS_TOKEN_NOT_EXIST); + return result; + } + + if (loginUser.getId() != accessToken.getUserId() && + loginUser.getUserType() != UserType.ADMIN_USER) { + putMsg(result, Status.USER_NO_OPERATION_PERM); return result; }