Browse Source

[Improvement-12650][Permission] Improve the check of resourcePermissionCheck() (#12652)

3.2.0-release
rickchengx 2 years ago committed by GitHub
parent
commit
44e0935f56
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 7
      dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/permission/ResourcePermissionCheckServiceImpl.java

7
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/permission/ResourcePermissionCheckServiceImpl.java

@ -113,10 +113,11 @@ public class ResourcePermissionCheckServiceImpl
if (Objects.nonNull(needChecks) && needChecks.length > 0) { if (Objects.nonNull(needChecks) && needChecks.length > 0) {
Set<?> originResSet = new HashSet<>(Arrays.asList(needChecks)); Set<?> originResSet = new HashSet<>(Arrays.asList(needChecks));
Set<?> ownResSets = RESOURCE_LIST_MAP.get(authorizationType).listAuthorizedResource(userId, logger); Set<?> ownResSets = RESOURCE_LIST_MAP.get(authorizationType).listAuthorizedResource(userId, logger);
originResSet.removeAll(ownResSets); boolean checkResult = ownResSets != null && ownResSets.containsAll(originResSet);
if (CollectionUtils.isNotEmpty(originResSet)) if (!checkResult) {
logger.warn("User does not have resource permission on associated resources, userId:{}", userId); logger.warn("User does not have resource permission on associated resources, userId:{}", userId);
return CollectionUtils.isEmpty(originResSet); }
return checkResult;
} }
return true; return true;
} }

Loading…
Cancel
Save