From 5e3dc7b16ffe8bdf2e06518d4c7080bd39ba228d Mon Sep 17 00:00:00 2001
From: silentxingtian <51012941+silentxingtian@users.noreply.github.com>
Date: Wed, 27 Mar 2024 21:46:08 +0800
Subject: [PATCH] [Fix-15771] Fix normal user can grant project permission
 (#15772)

* repair the bug #15771 by call the interface.

* Fix the bug by call the interface(#15771)

* Fix the grant project,datasource,udf bug (#15771)

* add Unit Test for modified (#15771)

* add Unit Test for UDF (#15771)

* [Fix] add Unit Test and grant Permission modify(#15771)

---------

Co-authored-by: liuw529 <liuw529@chinaunicom.cn>
---
 .../api/service/impl/UsersServiceImpl.java    | 17 +++++++++++++
 .../api/service/UsersServiceTest.java         | 25 +++++++++++++++++++
 2 files changed, 42 insertions(+)

diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UsersServiceImpl.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UsersServiceImpl.java
index 0c331a4c0c..7b9746921c 100644
--- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UsersServiceImpl.java
+++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UsersServiceImpl.java
@@ -556,6 +556,12 @@ public class UsersServiceImpl extends BaseServiceImpl implements UsersService {
             putMsg(result, Status.FUNCTION_DISABLED);
             return result;
         }
+
+        if (!isAdmin(loginUser)) {
+            putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION);
+            return result;
+        }
+
         // check exist
         User tempUser = userMapper.selectById(userId);
         if (tempUser == null) {
@@ -603,6 +609,7 @@ public class UsersServiceImpl extends BaseServiceImpl implements UsersService {
             putMsg(result, Status.FUNCTION_DISABLED);
             return result;
         }
+
         // check exist
         User tempUser = userMapper.selectById(userId);
         if (tempUser == null) {
@@ -611,6 +618,11 @@ public class UsersServiceImpl extends BaseServiceImpl implements UsersService {
             return result;
         }
 
+        if (!isAdmin(loginUser)) {
+            putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION);
+            return result;
+        }
+
         if (check(result, StringUtils.isEmpty(projectIds), Status.SUCCESS)) {
             log.warn("Parameter projectIds is empty.");
             return result;
@@ -763,6 +775,11 @@ public class UsersServiceImpl extends BaseServiceImpl implements UsersService {
             return result;
         }
 
+        if (!isAdmin(loginUser)) {
+            putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION);
+            return result;
+        }
+
         udfUserMapper.deleteByUserId(userId);
 
         if (check(result, StringUtils.isEmpty(udfIds), Status.SUCCESS)) {
diff --git a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/UsersServiceTest.java b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/UsersServiceTest.java
index 36e3abfa3e..3cb71d97a0 100644
--- a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/UsersServiceTest.java
+++ b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/UsersServiceTest.java
@@ -397,6 +397,14 @@ public class UsersServiceTest {
         result = usersService.grantProject(loginUser, userId, projectIds);
         logger.info(result.toString());
         Assertions.assertEquals(Status.SUCCESS, result.get(Constants.STATUS));
+
+        // ERROR: NO_CURRENT_OPERATING_PERMISSION
+        loginUser.setId(3);
+        loginUser.setUserType(UserType.GENERAL_USER);
+        when(userMapper.selectById(3)).thenReturn(loginUser);
+        result = this.usersService.grantProject(loginUser, userId, projectIds);
+        logger.info(result.toString());
+        Assertions.assertEquals(Status.NO_CURRENT_OPERATING_PERMISSION, result.get(Constants.STATUS));
     }
 
     @Test
@@ -418,6 +426,14 @@ public class UsersServiceTest {
         result = usersService.grantProjectWithReadPerm(loginUser, userId, projectIds);
         logger.info(result.toString());
         Assertions.assertEquals(Status.SUCCESS, result.get(Constants.STATUS));
+
+        // ERROR: NO_CURRENT_OPERATING_PERMISSION
+        loginUser.setId(3);
+        loginUser.setUserType(UserType.GENERAL_USER);
+        when(userMapper.selectById(3)).thenReturn(loginUser);
+        result = this.usersService.grantProjectWithReadPerm(loginUser, userId, projectIds);
+        logger.info(result.toString());
+        Assertions.assertEquals(Status.NO_CURRENT_OPERATING_PERMISSION, result.get(Constants.STATUS));
     }
 
     @Test
@@ -527,11 +543,20 @@ public class UsersServiceTest {
         Map<String, Object> result = usersService.grantUDFFunction(loginUser, 2, udfIds);
         logger.info(result.toString());
         Assertions.assertEquals(Status.USER_NOT_EXIST, result.get(Constants.STATUS));
+
         // success
         when(udfUserMapper.deleteByUserId(1)).thenReturn(1);
         result = usersService.grantUDFFunction(loginUser, 1, udfIds);
         logger.info(result.toString());
         Assertions.assertEquals(Status.SUCCESS, result.get(Constants.STATUS));
+
+        // ERROR: NO_CURRENT_OPERATING_PERMISSION
+        loginUser.setId(2);
+        loginUser.setUserType(UserType.GENERAL_USER);
+        when(userMapper.selectById(2)).thenReturn(loginUser);
+        result = this.usersService.grantUDFFunction(loginUser, 2, udfIds);
+        logger.info(result.toString());
+        Assertions.assertEquals(Status.NO_CURRENT_OPERATING_PERMISSION, result.get(Constants.STATUS));
     }
 
     @Test