Browse Source

when delete access token add whether login user has perm to delete (#1159)

* rename from DatasourceUserMapper to DataSourceUserMapper

* add unit test in UserMapper and WorkerGroupMapper

* change cn.escheduler to org.apache.dolphinscheduler

* add unit test in UdfFuncMapperTest

* add unit test in UdfFuncMapperTest

* remove DatabaseConfiguration

* add ConnectionFactoryTest

* cal duration in processInstancesList

* change desc to description

* change table name in mysql ddl

* change table name in mysql ddl

* change escheduler to dolphinscheduler

* change escheduler to dolphinscheduler

* change escheduler to dolphinscheduler

* remove log4j-1.2-api and modify AlertMapperTest

* remove log4j-1.2-api

* Add alertDao to spring management

* Add alertDao to spring management

* get SqlSessionFactory from MybatisSqlSessionFactoryBean

* get processDao by DaoFactory

* read druid properties in ConneciontFactory

* read druid properties in ConneciontFactory

* change get alertDao by spring to DaoFactory

* add log4j to resolve #967

* resole verify udf name error and delete udf error

* Determine if principal is empty

* Determine whether the logon user has the right to delete the project

* Fixed an issue that produced attatch file named such as ATT00002.bin

* fix too many connection in upgrade or create

* fix NEED_FAULT_TOLERANCE and WAITTING_THREAD count fail

* Added a judgment on whether the currently login user is an administrator

* fix update udf database not change and create time is changed

* add enterprise.wechat.enable to decide whether to send enterprise WeChat

* change method check

* Remove the administrator's judgment on query access token list

* only admin can create worker group

* delete alert group need delete the relation of user and alert group

* add timeout in proxy when upload large resource

* add gets scheduled times by expect fire times

* add gets scheduled times by expect fire times

* Increase the judgment of whether it is admin

* Increase the judgment of whether it is admin

* when delete access token add whether login user has perm to delete
pull/2/head
lgcareer 5 years ago committed by qiaozhanwei
parent
commit
40d9c7b0e1
  1. 11
      dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/enums/Status.java
  2. 14
      dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/AccessTokenService.java

11
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/enums/Status.java

@ -236,11 +236,12 @@ public enum Status {
CREATE_ACCESS_TOKEN_ERROR(70001,"create access token error"), CREATE_ACCESS_TOKEN_ERROR(70010,"create access token error"),
GENERATE_TOKEN_ERROR(70002,"generate token error"), GENERATE_TOKEN_ERROR(70011,"generate token error"),
QUERY_ACCESSTOKEN_LIST_PAGING_ERROR(70003,"query access token list paging error"), QUERY_ACCESSTOKEN_LIST_PAGING_ERROR(70012,"query access token list paging error"),
UPDATE_ACCESS_TOKEN_ERROR(70004,"update access token error"), UPDATE_ACCESS_TOKEN_ERROR(70013,"update access token error"),
DELETE_ACCESS_TOKEN_ERROR(70005,"delete access token error"), DELETE_ACCESS_TOKEN_ERROR(70014,"delete access token error"),
ACCESS_TOKEN_NOT_EXIST(70015, "access token not exist"),
COMMAND_STATE_COUNT_ERROR(80001,"task instance state count error"), COMMAND_STATE_COUNT_ERROR(80001,"task instance state count error"),

14
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/AccessTokenService.java

@ -145,8 +145,18 @@ public class AccessTokenService extends BaseService {
*/ */
public Map<String, Object> delAccessTokenById(User loginUser, int id) { public Map<String, Object> delAccessTokenById(User loginUser, int id) {
Map<String, Object> result = new HashMap<>(5); Map<String, Object> result = new HashMap<>(5);
//only admin can operate
if (checkAdmin(loginUser, result)) { AccessToken accessToken = accessTokenMapper.selectById(id);
if (accessToken == null) {
logger.error("access token not exist, access token id {}", id);
putMsg(result, Status.ACCESS_TOKEN_NOT_EXIST);
return result;
}
if (loginUser.getId() != accessToken.getUserId() &&
loginUser.getUserType() != UserType.ADMIN_USER) {
putMsg(result, Status.USER_NO_OPERATION_PERM);
return result; return result;
} }

Loading…
Cancel
Save