[Fix-15771] Fix normal user can grant project permission (#15772)

* repair the bug #15771 by call the interface. * Fix the bug by call the interface(#15771) * Fix the grant project,datasource,udf bug (#15771) * add Unit Test for modified (#15771) * add Unit Test for UDF (#15771) * [Fix] add Unit Test and grant Permission modify(#15771) --------- Co-authored-by: liuw529 <liuw529@chinaunicom.cn>
1 month ago · 5e3dc7b16f
2 changed files with 42 additions and 0 deletions
--- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UsersServiceImpl.java
+++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UsersServiceImpl.java
@ -556,6 +556,12 @@ public class UsersServiceImpl extends BaseServiceImpl implements UsersService {
            putMsg(result, Status.FUNCTION_DISABLED);
            return result;
        }
+
+        if (!isAdmin(loginUser)) {
+            putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION);
+            return result;
+        }
+
        // check exist
        User tempUser = userMapper.selectById(userId);
        if (tempUser == null) {
@ -603,6 +609,7 @@ public class UsersServiceImpl extends BaseServiceImpl implements UsersService {
            putMsg(result, Status.FUNCTION_DISABLED);
            return result;
        }
+
        // check exist
        User tempUser = userMapper.selectById(userId);
        if (tempUser == null) {
@ -611,6 +618,11 @@ public class UsersServiceImpl extends BaseServiceImpl implements UsersService {
            return result;
        }

+        if (!isAdmin(loginUser)) {
+            putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION);
+            return result;
+        }
+
        if (check(result, StringUtils.isEmpty(projectIds), Status.SUCCESS)) {
            log.warn("Parameter projectIds is empty.");
            return result;
@ -763,6 +775,11 @@ public class UsersServiceImpl extends BaseServiceImpl implements UsersService {
            return result;
        }

+        if (!isAdmin(loginUser)) {
+            putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION);
+            return result;
+        }
+
        udfUserMapper.deleteByUserId(userId);

        if (check(result, StringUtils.isEmpty(udfIds), Status.SUCCESS)) {
--- a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/UsersServiceTest.java
+++ b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/UsersServiceTest.java
@ -397,6 +397,14 @@ public class UsersServiceTest {
        result = usersService.grantProject(loginUser, userId, projectIds);
        logger.info(result.toString());
        Assertions.assertEquals(Status.SUCCESS, result.get(Constants.STATUS));
+
+        // ERROR: NO_CURRENT_OPERATING_PERMISSION
+        loginUser.setId(3);
+        loginUser.setUserType(UserType.GENERAL_USER);
+        when(userMapper.selectById(3)).thenReturn(loginUser);
+        result = this.usersService.grantProject(loginUser, userId, projectIds);
+        logger.info(result.toString());
+        Assertions.assertEquals(Status.NO_CURRENT_OPERATING_PERMISSION, result.get(Constants.STATUS));
    }

    @Test
@ -418,6 +426,14 @@ public class UsersServiceTest {
        result = usersService.grantProjectWithReadPerm(loginUser, userId, projectIds);
        logger.info(result.toString());
        Assertions.assertEquals(Status.SUCCESS, result.get(Constants.STATUS));
+
+        // ERROR: NO_CURRENT_OPERATING_PERMISSION
+        loginUser.setId(3);
+        loginUser.setUserType(UserType.GENERAL_USER);
+        when(userMapper.selectById(3)).thenReturn(loginUser);
+        result = this.usersService.grantProjectWithReadPerm(loginUser, userId, projectIds);
+        logger.info(result.toString());
+        Assertions.assertEquals(Status.NO_CURRENT_OPERATING_PERMISSION, result.get(Constants.STATUS));
    }

    @Test
@ -527,11 +543,20 @@ public class UsersServiceTest {
        Map<String, Object> result = usersService.grantUDFFunction(loginUser, 2, udfIds);
        logger.info(result.toString());
        Assertions.assertEquals(Status.USER_NOT_EXIST, result.get(Constants.STATUS));
+
        // success
        when(udfUserMapper.deleteByUserId(1)).thenReturn(1);
        result = usersService.grantUDFFunction(loginUser, 1, udfIds);
        logger.info(result.toString());
        Assertions.assertEquals(Status.SUCCESS, result.get(Constants.STATUS));
+
+        // ERROR: NO_CURRENT_OPERATING_PERMISSION
+        loginUser.setId(2);
+        loginUser.setUserType(UserType.GENERAL_USER);
+        when(userMapper.selectById(2)).thenReturn(loginUser);
+        result = this.usersService.grantUDFFunction(loginUser, 2, udfIds);
+        logger.info(result.toString());
+        Assertions.assertEquals(Status.NO_CURRENT_OPERATING_PERMISSION, result.get(Constants.STATUS));
    }

    @Test