From 44e0935f569d6a9dbf65ef1edaf91bd9e892c558 Mon Sep 17 00:00:00 2001
From: rickchengx <38122586+rickchengx@users.noreply.github.com>
Date: Thu, 3 Nov 2022 09:12:56 +0800
Subject: [PATCH] [Improvement-12650][Permission] Improve the check of
 resourcePermissionCheck() (#12652)

---
 .../api/permission/ResourcePermissionCheckServiceImpl.java | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/permission/ResourcePermissionCheckServiceImpl.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/permission/ResourcePermissionCheckServiceImpl.java
index 3f4cb01f40..3ee3fb9903 100644
--- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/permission/ResourcePermissionCheckServiceImpl.java
+++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/permission/ResourcePermissionCheckServiceImpl.java
@@ -113,10 +113,11 @@ public class ResourcePermissionCheckServiceImpl
         if (Objects.nonNull(needChecks) && needChecks.length > 0) {
             Set<?> originResSet = new HashSet<>(Arrays.asList(needChecks));
             Set<?> ownResSets = RESOURCE_LIST_MAP.get(authorizationType).listAuthorizedResource(userId, logger);
-            originResSet.removeAll(ownResSets);
-            if (CollectionUtils.isNotEmpty(originResSet))
+            boolean checkResult = ownResSets != null && ownResSets.containsAll(originResSet);
+            if (!checkResult) {
                 logger.warn("User does not have resource permission on associated resources, userId:{}", userId);
-            return CollectionUtils.isEmpty(originResSet);
+            }
+            return checkResult;
         }
         return true;
     }