From e3e39cbdea879394447a51161c2e707d067103c6 Mon Sep 17 00:00:00 2001 From: WangJPLeo <103574007+WangJPLeo@users.noreply.github.com> Date: Wed, 1 Jun 2022 20:29:10 +0800 Subject: [PATCH] =?UTF-8?q?[Fix]=20Privilege=20Reconstruction=20Data=20Que?= =?UTF-8?q?ry=20Fix=20&=20Resource=20Creation=20Post=20Oper=E2=80=A6=20(#1?= =?UTF-8?q?0313)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Privilege Reconstruction Data Query Fix & Resource Creation Post Operations. * Resource Retry * e2e retry * create project log add * project list query log add * clean project log * delete delay * delete delay * remove post handle * project e2e * browser refresh * browser refresh * e2e fix * e2e browser refresh * rowk flow e2e fix * mapper deduplication * udf e2e * e2e --- .../api/controller/EnvironmentController.java | 2 +- .../api/service/BaseService.java | 10 +++++++ .../api/service/EnvironmentService.java | 2 +- .../service/impl/AlertGroupServiceImpl.java | 23 +++++++++++++--- .../api/service/impl/BaseServiceImpl.java | 11 ++++++++ .../service/impl/DataSourceServiceImpl.java | 19 +++++++++++--- .../service/impl/EnvironmentServiceImpl.java | 23 ++++++++++++---- .../api/service/impl/ProjectServiceImpl.java | 26 ++++++++++++++++--- .../service/impl/ResourcesServiceImpl.java | 16 +++++++----- .../api/service/impl/TenantServiceImpl.java | 24 +++++++++++++++-- .../api/service/impl/UdfFuncServiceImpl.java | 1 + .../api/service/impl/UsersServiceImpl.java | 16 ++++++++---- .../service/impl/WorkerGroupServiceImpl.java | 13 +++++++++- .../api/service/DataSourceServiceTest.java | 12 +++++++-- .../api/service/EnvironmentServiceTest.java | 10 +------ .../api/service/ResourcesServiceTest.java | 3 ++- .../api/service/UsersServiceTest.java | 10 +++++++ .../dao/mapper/AlertGroupMapper.java | 9 +++++++ .../dao/mapper/DataSourceMapper.java | 11 ++++++++ .../dao/mapper/EnvironmentMapper.java | 11 ++++++++ .../dao/mapper/TenantMapper.java | 11 ++++++++ .../dao/mapper/AlertGroupMapper.xml | 17 ++++++++++++ .../dao/mapper/EnvironmentMapper.xml | 17 ++++++++++++ .../dao/mapper/ResourceMapper.xml | 2 +- .../dao/mapper/TenantMapper.xml | 21 +++++++++++++++ .../e2e/cases/ProjectE2ETest.java | 1 + .../e2e/cases/UdfManageE2ETest.java | 14 +++++----- .../e2e/cases/WorkflowE2ETest.java | 17 ++++++------ .../ResourcePermissionCheckService.java | 8 ++++++ .../ResourcePermissionCheckServiceImpl.java | 5 ++++ 30 files changed, 305 insertions(+), 60 deletions(-) diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/controller/EnvironmentController.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/controller/EnvironmentController.java index 79bebb745f..6cb47c96b6 100644 --- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/controller/EnvironmentController.java +++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/controller/EnvironmentController.java @@ -173,7 +173,7 @@ public class EnvironmentController extends BaseController { return result; } searchVal = ParameterUtils.handleEscapes(searchVal); - result = environmentService.queryEnvironmentListPaging(pageNo, pageSize, searchVal); + result = environmentService.queryEnvironmentListPaging(loginUser, pageNo, pageSize, searchVal); return result; } diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/BaseService.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/BaseService.java index 3bcbc2b9b6..41c484d0e7 100644 --- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/BaseService.java +++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/BaseService.java @@ -21,7 +21,9 @@ import org.apache.dolphinscheduler.api.enums.Status; import org.apache.dolphinscheduler.api.utils.Result; import org.apache.dolphinscheduler.common.enums.AuthorizationType; import org.apache.dolphinscheduler.dao.entity.User; +import org.slf4j.Logger; +import java.util.List; import java.util.Map; /** @@ -47,6 +49,14 @@ public interface BaseService { */ boolean isNotAdmin(User loginUser, Map result); + /** + * permissionPostHandle + * @param authorizationType + * @param userId + * @param ids + * @param logger + */ + void permissionPostHandle(AuthorizationType authorizationType, Integer userId, List ids, Logger logger); /** * put message to map diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/EnvironmentService.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/EnvironmentService.java index 5702980bf5..219c02e2ba 100644 --- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/EnvironmentService.java +++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/EnvironmentService.java @@ -81,7 +81,7 @@ public interface EnvironmentService { * @param pageSize page size * @return environment list page */ - Result queryEnvironmentListPaging(Integer pageNo, Integer pageSize, String searchVal); + Result queryEnvironmentListPaging(User loginUser, Integer pageNo, Integer pageSize, String searchVal); /** * query all environment diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/AlertGroupServiceImpl.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/AlertGroupServiceImpl.java index 4652dc2316..319913e99a 100644 --- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/AlertGroupServiceImpl.java +++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/AlertGroupServiceImpl.java @@ -23,16 +23,21 @@ import org.apache.dolphinscheduler.api.utils.PageInfo; import org.apache.dolphinscheduler.api.utils.Result; import org.apache.dolphinscheduler.common.Constants; import org.apache.dolphinscheduler.common.enums.AuthorizationType; +import org.apache.dolphinscheduler.common.enums.UserType; import org.apache.dolphinscheduler.dao.entity.AlertGroup; import org.apache.dolphinscheduler.dao.entity.User; import org.apache.dolphinscheduler.dao.mapper.AlertGroupMapper; import org.apache.commons.lang3.StringUtils; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collections; import java.util.Date; import java.util.HashMap; import java.util.List; import java.util.Map; +import java.util.Set; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -118,11 +123,20 @@ public class AlertGroupServiceImpl extends BaseServiceImpl implements AlertGroup putMsg(result,Status.USER_NO_OPERATION_PERM); return result; } - - Page page = new Page<>(pageNo, pageSize); - IPage alertGroupIPage = alertGroupMapper.queryAlertGroupPage( - page, searchVal); + IPage alertGroupIPage; PageInfo pageInfo = new PageInfo<>(pageNo, pageSize); + Page page = new Page<>(pageNo, pageSize); + if (loginUser.getUserType().equals(UserType.ADMIN_USER)) { + alertGroupIPage = alertGroupMapper.queryAlertGroupPage(page, searchVal); + } else { + Set ids = resourcePermissionCheckService.userOwnedResourceIdsAcquisition(AuthorizationType.ALERT_GROUP, loginUser.getId(), logger); + if (ids.isEmpty()) { + result.setData(pageInfo); + putMsg(result, Status.SUCCESS); + return result; + } + alertGroupIPage = alertGroupMapper.queryAlertGroupPageByIds(page, new ArrayList<>(ids), searchVal); + } pageInfo.setTotal((int) alertGroupIPage.getTotal()); pageInfo.setTotalList(alertGroupIPage.getRecords()); result.setData(pageInfo); @@ -165,6 +179,7 @@ public class AlertGroupServiceImpl extends BaseServiceImpl implements AlertGroup if (insert > 0) { result.put(Constants.DATA_LIST, alertGroup); putMsg(result, Status.SUCCESS); + permissionPostHandle(AuthorizationType.ALERT_GROUP, loginUser.getId(), Collections.singletonList(alertGroup.getId()), logger); } else { putMsg(result, Status.CREATE_ALERT_GROUP_ERROR); } diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/BaseServiceImpl.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/BaseServiceImpl.java index 9d493c6ef7..695f58f0b6 100644 --- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/BaseServiceImpl.java +++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/BaseServiceImpl.java @@ -35,6 +35,7 @@ import java.io.IOException; import java.text.MessageFormat; import java.util.Date; import java.util.HashMap; +import java.util.List; import java.util.Map; import java.util.Objects; @@ -47,6 +48,16 @@ public class BaseServiceImpl implements BaseService { @Autowired protected ResourcePermissionCheckService resourcePermissionCheckService; + @Override + public void permissionPostHandle(AuthorizationType authorizationType, Integer userId, List ids, Logger logger) { + try{ + resourcePermissionCheckService.postHandle(authorizationType, userId, ids, logger); + }catch (Exception e){ + logger.error("post handle error", e); + throw new RuntimeException("resource association user error", e); + } + } + /** * check admin * diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/DataSourceServiceImpl.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/DataSourceServiceImpl.java index 1dcfeb5beb..f5d6e8c551 100644 --- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/DataSourceServiceImpl.java +++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/DataSourceServiceImpl.java @@ -134,6 +134,7 @@ public class DataSourceServiceImpl extends BaseServiceImpl implements DataSource try { dataSourceMapper.insert(dataSource); putMsg(result, Status.SUCCESS); + permissionPostHandle(AuthorizationType.DATASOURCE, loginUser.getId(), Collections.singletonList(dataSource.getId()), logger); } catch (DuplicateKeyException ex) { logger.error("Create datasource error.", ex); putMsg(result, Status.DATASOURCE_EXIST); @@ -248,19 +249,31 @@ public class DataSourceServiceImpl extends BaseServiceImpl implements DataSource Result result = new Result(); IPage dataSourceList = null; Page dataSourcePage = new Page<>(pageNo, pageSize); + PageInfo pageInfo = new PageInfo<>(pageNo, pageSize); - if (canOperatorPermissions(loginUser,null,AuthorizationType.DATASOURCE,DATASOURCE_LIST)) { + if (!canOperatorPermissions(loginUser,null,AuthorizationType.DATASOURCE,DATASOURCE_LIST)) { + putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION); + return result; + } + if (loginUser.getUserType().equals(UserType.ADMIN_USER)) { dataSourceList = dataSourceMapper.selectPaging(dataSourcePage, UserType.ADMIN_USER.equals(loginUser.getUserType()) ? 0 : loginUser.getId(), searchVal); + } else { + Set ids = resourcePermissionCheckService.userOwnedResourceIdsAcquisition(AuthorizationType.DATASOURCE, loginUser.getId(), logger); + if (ids.isEmpty()) { + result.setData(pageInfo); + putMsg(result, Status.SUCCESS); + return result; + } + dataSourceList = dataSourceMapper.selectPagingByIds(dataSourcePage, new ArrayList<>(ids), searchVal); } + List dataSources = dataSourceList != null ? dataSourceList.getRecords() : new ArrayList<>(); handlePasswd(dataSources); - PageInfo pageInfo = new PageInfo<>(pageNo, pageSize); pageInfo.setTotal((int) (dataSourceList != null ? dataSourceList.getTotal() : 0L)); pageInfo.setTotalList(dataSources); result.setData(pageInfo); putMsg(result, Status.SUCCESS); - return result; } diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/EnvironmentServiceImpl.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/EnvironmentServiceImpl.java index 45193827de..55196307b5 100644 --- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/EnvironmentServiceImpl.java +++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/EnvironmentServiceImpl.java @@ -24,6 +24,7 @@ import org.apache.dolphinscheduler.api.utils.PageInfo; import org.apache.dolphinscheduler.api.utils.Result; import org.apache.dolphinscheduler.common.Constants; import org.apache.dolphinscheduler.common.enums.AuthorizationType; +import org.apache.dolphinscheduler.common.enums.UserType; import org.apache.dolphinscheduler.common.utils.CodeGenerateUtils; import org.apache.dolphinscheduler.common.utils.CodeGenerateUtils.CodeGenerateException; import org.apache.dolphinscheduler.common.utils.JSONUtils; @@ -40,6 +41,7 @@ import org.apache.commons.collections4.SetUtils; import org.apache.commons.lang3.StringUtils; import java.util.ArrayList; +import java.util.Collections; import java.util.Date; import java.util.HashMap; import java.util.List; @@ -148,6 +150,7 @@ public class EnvironmentServiceImpl extends BaseServiceImpl implements Environme } result.put(Constants.DATA_LIST, env.getCode()); putMsg(result, Status.SUCCESS); + permissionPostHandle(AuthorizationType.ENVIRONMENT, loginUser.getId(), Collections.singletonList(env.getId()), logger); } else { putMsg(result, Status.CREATE_ENVIRONMENT_ERROR); } @@ -163,14 +166,24 @@ public class EnvironmentServiceImpl extends BaseServiceImpl implements Environme * @return environment list page */ @Override - public Result queryEnvironmentListPaging(Integer pageNo, Integer pageSize, String searchVal) { - Result result = new Result(); + public Result queryEnvironmentListPaging(User loginUser, Integer pageNo, Integer pageSize, String searchVal) { + Result result = new Result(); Page page = new Page<>(pageNo, pageSize); - - IPage environmentIPage = environmentMapper.queryEnvironmentListPaging(page, searchVal); - PageInfo pageInfo = new PageInfo<>(pageNo, pageSize); + IPage environmentIPage; + if (loginUser.getUserType().equals(UserType.ADMIN_USER)) { + environmentIPage = environmentMapper.queryEnvironmentListPaging(page, searchVal); + } else { + Set ids = resourcePermissionCheckService.userOwnedResourceIdsAcquisition(AuthorizationType.ENVIRONMENT, loginUser.getId(), logger); + if (ids.isEmpty()) { + result.setData(pageInfo); + putMsg(result, Status.SUCCESS); + return result; + } + environmentIPage = environmentMapper.queryEnvironmentListPagingByIds(page, new ArrayList<>(ids), searchVal); + } + pageInfo.setTotal((int) environmentIPage.getTotal()); if (CollectionUtils.isNotEmpty(environmentIPage.getRecords())) { diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ProjectServiceImpl.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ProjectServiceImpl.java index 086961a0f2..a02e2aafdf 100644 --- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ProjectServiceImpl.java +++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ProjectServiceImpl.java @@ -43,6 +43,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; import java.util.ArrayList; +import java.util.Collections; import java.util.Date; import java.util.HashMap; import java.util.HashSet; @@ -123,9 +124,11 @@ public class ProjectServiceImpl extends BaseServiceImpl implements ProjectServic if (projectMapper.insert(project) > 0) { result.put(Constants.DATA_LIST, project); putMsg(result, Status.SUCCESS); + permissionPostHandle(AuthorizationType.PROJECTS, loginUser.getId(), Collections.singletonList(project.getId()), logger); } else { putMsg(result, Status.CREATE_PROJECT_ERROR); } + logger.info("create project complete and id is :{}", project.getId()); return result; } @@ -205,7 +208,7 @@ public class ProjectServiceImpl extends BaseServiceImpl implements ProjectServic boolean checkResult = false; if (project == null) { putMsg(result, Status.PROJECT_NOT_FOUND, ""); - } else if (!canOperatorPermissions(loginUser, new Object[]{project.getId()},AuthorizationType.PROJECTS,null)) { + } else if (!canOperatorPermissions(loginUser, new Object[]{project.getId()},AuthorizationType.PROJECTS,PROJECT)) { putMsg(result, Status.USER_NO_OPERATION_PROJECT_PERM, loginUser.getUserName(), project.getName()); } else { checkResult = true; @@ -226,10 +229,17 @@ public class ProjectServiceImpl extends BaseServiceImpl implements ProjectServic public Result queryProjectListPaging(User loginUser, Integer pageSize, Integer pageNo, String searchVal) { Result result = new Result(); PageInfo pageInfo = new PageInfo<>(pageNo, pageSize); - Page page = new Page<>(pageNo, pageSize); - + if (!canOperatorPermissions(loginUser, null, AuthorizationType.PROJECTS, PROJECT)) { + putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION); + return result; + } Set projectIds = resourcePermissionCheckService.userOwnedResourceIdsAcquisition(AuthorizationType.PROJECTS, loginUser.getId(), logger); + if (projectIds.isEmpty()) { + result.setData(pageInfo); + putMsg(result, Status.SUCCESS); + return result; + } IPage projectIPage = projectMapper.queryProjectListPaging(page, new ArrayList<>(projectIds), searchVal); List projectList = projectIPage.getRecords(); @@ -353,6 +363,11 @@ public class ProjectServiceImpl extends BaseServiceImpl implements ProjectServic Map result = new HashMap<>(); Set projectIds = resourcePermissionCheckService.userOwnedResourceIdsAcquisition(AuthorizationType.PROJECTS, loginUser.getId(), logger); + if (projectIds.isEmpty()) { + result.put(Constants.DATA_LIST, Collections.emptyList()); + putMsg(result, Status.SUCCESS); + return result; + } List projectList = projectMapper.listAuthorizedProjects(loginUser.getUserType().equals(UserType.ADMIN_USER) ? 0 : loginUser.getId(), new ArrayList<>(projectIds)); List resultList = new ArrayList<>(); @@ -459,6 +474,11 @@ public class ProjectServiceImpl extends BaseServiceImpl implements ProjectServic Map result = new HashMap<>(); Set projectIds = resourcePermissionCheckService.userOwnedResourceIdsAcquisition(AuthorizationType.PROJECTS, loginUser.getId(), logger); + if (projectIds.isEmpty()) { + result.put(Constants.DATA_LIST, Collections.emptyList()); + putMsg(result, Status.SUCCESS); + return result; + } List projects = projectMapper.listAuthorizedProjects(loginUser.getUserType().equals(UserType.ADMIN_USER) ? 0 : loginUser.getId(), new ArrayList<>(projectIds)); result.put(Constants.DATA_LIST, projects); diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ResourcesServiceImpl.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ResourcesServiceImpl.java index e47a8e5e18..cc9567c7b8 100644 --- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ResourcesServiceImpl.java +++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ResourcesServiceImpl.java @@ -176,6 +176,7 @@ public class ResourcesServiceImpl extends BaseServiceImpl implements ResourcesSe try { resourcesMapper.insert(resource); putMsg(result, Status.SUCCESS); + permissionPostHandle(AuthorizationType.RESOURCE_FILE_ID, loginUser.getId(), Collections.singletonList(resource.getId()), logger); Map resultMap = new HashMap<>(); for (Map.Entry entry : new BeanMap(resource).entrySet()) { if (!"class".equalsIgnoreCase(entry.getKey().toString())) { @@ -269,6 +270,7 @@ public class ResourcesServiceImpl extends BaseServiceImpl implements ResourcesSe resourcesMapper.insert(resource); updateParentResourceSize(resource, resource.getSize()); putMsg(result, Status.SUCCESS); + permissionPostHandle(AuthorizationType.RESOURCE_FILE_ID, loginUser.getId(), Collections.singletonList(resource.getId()), logger); Map resultMap = new HashMap<>(); for (Map.Entry entry : new BeanMap(resource).entrySet()) { if (!"class".equalsIgnoreCase(entry.getKey().toString())) { @@ -630,11 +632,6 @@ public class ResourcesServiceImpl extends BaseServiceImpl implements ResourcesSe } Page page = new Page<>(pageNo, pageSize); - int userId = loginUser.getId(); - if (isAdmin(loginUser)) { - userId = 0; - } - if (directoryId != -1) { Resource directory = resourcesMapper.selectById(directoryId); if (directory == null) { @@ -642,11 +639,15 @@ public class ResourcesServiceImpl extends BaseServiceImpl implements ResourcesSe return result; } } + PageInfo pageInfo = new PageInfo<>(pageNo, pageSize); Set resourcesIds = resourcePermissionCheckService.userOwnedResourceIdsAcquisition(AuthorizationType.RESOURCE_FILE_ID, loginUser.getId(), logger); + if (resourcesIds.isEmpty()) { + result.setData(pageInfo); + putMsg(result, Status.SUCCESS); + return result; + } IPage resourceIPage = resourcesMapper.queryResourcePaging(page, directoryId, type.ordinal(), loginUser.getId(), searchVal, new ArrayList<>(resourcesIds)); - - PageInfo pageInfo = new PageInfo<>(pageNo, pageSize); pageInfo.setTotal((int) resourceIPage.getTotal()); pageInfo.setTotalList(resourceIPage.getRecords()); result.setData(pageInfo); @@ -1124,6 +1125,7 @@ public class ResourcesServiceImpl extends BaseServiceImpl implements ResourcesSe updateParentResourceSize(resource, resource.getSize()); putMsg(result, Status.SUCCESS); + permissionPostHandle(AuthorizationType.RESOURCE_FILE_ID, loginUser.getId(), Collections.singletonList(resource.getId()), logger); Map resultMap = new HashMap<>(); for (Map.Entry entry : new BeanMap(resource).entrySet()) { if (!Constants.CLASS.equalsIgnoreCase(entry.getKey().toString())) { diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/TenantServiceImpl.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/TenantServiceImpl.java index e0fe7310cf..22964b3e98 100644 --- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/TenantServiceImpl.java +++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/TenantServiceImpl.java @@ -28,6 +28,7 @@ import org.apache.dolphinscheduler.api.utils.RegexUtils; import org.apache.dolphinscheduler.api.utils.Result; import org.apache.dolphinscheduler.common.Constants; import org.apache.dolphinscheduler.common.enums.AuthorizationType; +import org.apache.dolphinscheduler.common.enums.UserType; import org.apache.dolphinscheduler.common.storage.StorageOperate; import org.apache.dolphinscheduler.common.utils.PropertyUtils; import org.apache.dolphinscheduler.dao.entity.ProcessDefinition; @@ -38,13 +39,19 @@ import org.apache.dolphinscheduler.dao.mapper.ProcessDefinitionMapper; import org.apache.dolphinscheduler.dao.mapper.ProcessInstanceMapper; import org.apache.dolphinscheduler.dao.mapper.TenantMapper; import org.apache.dolphinscheduler.dao.mapper.UserMapper; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; import org.springframework.transaction.annotation.Transactional; + +import java.util.ArrayList; +import java.util.Collections; import java.util.Date; import java.util.HashMap; import java.util.List; import java.util.Map; +import java.util.Set; import static org.apache.dolphinscheduler.api.constants.ApiFuncIdentificationConstant.*; import static org.apache.dolphinscheduler.common.Constants.TENANT_FULL_NAME_MAX_LENGTH; @@ -55,6 +62,8 @@ import static org.apache.dolphinscheduler.common.Constants.TENANT_FULL_NAME_MAX_ @Service public class TenantServiceImpl extends BaseServiceImpl implements TenantService { + private static final Logger logger = LoggerFactory.getLogger(TenantServiceImpl.class); + @Autowired private TenantMapper tenantMapper; @@ -126,6 +135,7 @@ public class TenantServiceImpl extends BaseServiceImpl implements TenantService result.put(Constants.DATA_LIST, tenant); putMsg(result, Status.SUCCESS); + permissionPostHandle(AuthorizationType.TENANT, loginUser.getId(), Collections.singletonList(tenant.getId()),logger); return result; } @@ -147,10 +157,20 @@ public class TenantServiceImpl extends BaseServiceImpl implements TenantService putMsg(result, Status.USER_NO_OPERATION_PERM); return result; } - + IPage tenantIPage; Page page = new Page<>(pageNo, pageSize); - IPage tenantIPage = tenantMapper.queryTenantPaging(page, searchVal); PageInfo pageInfo = new PageInfo<>(pageNo, pageSize); + if (loginUser.getUserType().equals(UserType.ADMIN_USER)) { + tenantIPage = tenantMapper.queryTenantPaging(page, searchVal); + } else { + Set ids = resourcePermissionCheckService.userOwnedResourceIdsAcquisition(AuthorizationType.TENANT, loginUser.getId(), logger); + if (ids.isEmpty()) { + result.setData(pageInfo); + putMsg(result, Status.SUCCESS); + return result; + } + tenantIPage = tenantMapper.queryTenantPagingByIds(page, new ArrayList<>(ids), searchVal); + } pageInfo.setTotal((int) tenantIPage.getTotal()); pageInfo.setTotalList(tenantIPage.getRecords()); result.setData(pageInfo); diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UdfFuncServiceImpl.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UdfFuncServiceImpl.java index 6d44bdeef6..336c68049b 100644 --- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UdfFuncServiceImpl.java +++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UdfFuncServiceImpl.java @@ -137,6 +137,7 @@ public class UdfFuncServiceImpl extends BaseServiceImpl implements UdfFuncServic udfFuncMapper.insert(udf); putMsg(result, Status.SUCCESS); + permissionPostHandle(AuthorizationType.UDF, loginUser.getId(), Collections.singletonList(resource.getId()), logger); return result; } diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UsersServiceImpl.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UsersServiceImpl.java index 1844b0a632..e9f8f27e1e 100644 --- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UsersServiceImpl.java +++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UsersServiceImpl.java @@ -17,6 +17,7 @@ package org.apache.dolphinscheduler.api.service.impl; +import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper; import com.baomidou.mybatisplus.core.metadata.IPage; import com.baomidou.mybatisplus.extension.plugins.pagination.Page; import org.apache.commons.collections.CollectionUtils; @@ -29,6 +30,7 @@ import org.apache.dolphinscheduler.api.utils.CheckUtils; import org.apache.dolphinscheduler.api.utils.PageInfo; import org.apache.dolphinscheduler.api.utils.Result; import org.apache.dolphinscheduler.common.Constants; +import org.apache.dolphinscheduler.common.enums.AuthorizationType; import org.apache.dolphinscheduler.common.enums.Flag; import org.apache.dolphinscheduler.common.enums.UserType; import org.apache.dolphinscheduler.common.storage.StorageOperate; @@ -77,6 +79,8 @@ import java.util.TimeZone; import java.util.Arrays; import java.util.stream.Collectors; +import static org.apache.dolphinscheduler.api.constants.ApiFuncIdentificationConstant.USER_MANAGER; + /** * users service impl */ @@ -1023,15 +1027,17 @@ public class UsersServiceImpl extends BaseServiceImpl implements UsersService { @Override public Map queryUserList(User loginUser) { Map result = new HashMap<>(); - if(resourcePermissionCheckService.functionDisabled()){ - putMsg(result, Status.FUNCTION_DISABLED); - return result; - } //only admin can operate - if (check(result, !isAdmin(loginUser), Status.USER_NO_OPERATION_PERM)) { + if (!canOperatorPermissions(loginUser,null, AuthorizationType.ACCESS_TOKEN, USER_MANAGER)) { + putMsg(result, Status.USER_NO_OPERATION_PERM); return result; } + QueryWrapper queryWrapper = new QueryWrapper<>(); + queryWrapper.ge("id", 0); + if (loginUser.getUserType().equals(UserType.GENERAL_USER)) { + queryWrapper.eq("id", loginUser.getId()); + } List userList = userMapper.selectList(null); result.put(Constants.DATA_LIST, userList); putMsg(result, Status.SUCCESS); diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/WorkerGroupServiceImpl.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/WorkerGroupServiceImpl.java index 6e9404e676..afa97c169a 100644 --- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/WorkerGroupServiceImpl.java +++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/WorkerGroupServiceImpl.java @@ -24,6 +24,7 @@ import org.apache.dolphinscheduler.api.utils.Result; import org.apache.dolphinscheduler.common.Constants; import org.apache.dolphinscheduler.common.enums.AuthorizationType; import org.apache.dolphinscheduler.common.enums.NodeType; +import org.apache.dolphinscheduler.common.enums.UserType; import org.apache.dolphinscheduler.dao.entity.ProcessInstance; import org.apache.dolphinscheduler.dao.entity.User; import org.apache.dolphinscheduler.dao.entity.WorkerGroup; @@ -36,6 +37,7 @@ import org.apache.commons.lang3.StringUtils; import java.util.ArrayList; import java.util.Collection; +import java.util.Collections; import java.util.Date; import java.util.HashMap; import java.util.List; @@ -122,6 +124,7 @@ public class WorkerGroupServiceImpl extends BaseServiceImpl implements WorkerGro workerGroupMapper.insert(workerGroup); } putMsg(result, Status.SUCCESS); + permissionPostHandle(AuthorizationType.WORKER_GROUP, loginUser.getId(), Collections.singletonList(workerGroup.getId()),logger); return result; } @@ -191,7 +194,15 @@ public class WorkerGroupServiceImpl extends BaseServiceImpl implements WorkerGro return result; } - List workerGroups = getWorkerGroups(true); + List workerGroups = new ArrayList<>(); + if (loginUser.getUserType().equals(UserType.ADMIN_USER)) { + workerGroups = getWorkerGroups(true); + } else { + Set ids = resourcePermissionCheckService.userOwnedResourceIdsAcquisition(AuthorizationType.WORKER_GROUP, loginUser.getId(), logger); + if (!ids.isEmpty()) { + workerGroups = workerGroupMapper.selectBatchIds(ids); + } + } List resultDataList = new ArrayList<>(); int total = 0; diff --git a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/DataSourceServiceTest.java b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/DataSourceServiceTest.java index 3dd3582ec8..928124539f 100644 --- a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/DataSourceServiceTest.java +++ b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/DataSourceServiceTest.java @@ -49,8 +49,10 @@ import java.sql.Connection; import java.util.ArrayList; import java.util.Collections; import java.util.HashMap; +import java.util.HashSet; import java.util.List; import java.util.Map; +import java.util.Set; import org.junit.Assert; import org.junit.Test; @@ -66,6 +68,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import static org.apache.dolphinscheduler.api.constants.ApiFuncIdentificationConstant.DATASOURCE_DELETE; +import static org.apache.dolphinscheduler.api.constants.ApiFuncIdentificationConstant.DATASOURCE_LIST; /** * data source service test @@ -194,12 +197,17 @@ public class DataSourceServiceTest { @Test public void queryDataSourceListPagingTest() { + Set ids = new HashSet<>(); + ids.add(1); + User loginUser = getAdminUser(); String searchVal = ""; int pageNo = 1; int pageSize = 10; - Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.DATASOURCE, loginUser.getId(), null, baseServiceLogger)).thenReturn(true); - Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.DATASOURCE, null, 0, baseServiceLogger)).thenReturn(true); + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.DATASOURCE, loginUser.getId(), DATASOURCE_LIST, baseServiceLogger)).thenReturn(true); + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.DATASOURCE, null, loginUser.getId(), baseServiceLogger)).thenReturn(true); + Mockito.when(resourcePermissionCheckService.userOwnedResourceIdsAcquisition(AuthorizationType.DATASOURCE, loginUser.getId(), baseServiceLogger)).thenReturn(ids); + Result result = dataSourceService.queryDataSourceListPaging(loginUser, searchVal, pageNo, pageSize); Assert.assertEquals(Status.SUCCESS.getCode(),(int)result.getCode()); } diff --git a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/EnvironmentServiceTest.java b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/EnvironmentServiceTest.java index f8f662cbc4..f4afe99458 100644 --- a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/EnvironmentServiceTest.java +++ b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/EnvironmentServiceTest.java @@ -89,14 +89,6 @@ public class EnvironmentServiceTest { public static final String workerGroups = "[\"default\"]"; - @Before - public void setUp(){ - } - - @After - public void after(){ - } - @Test public void testCreateEnvironment() { User loginUser = getGeneralUser(); @@ -190,7 +182,7 @@ public class EnvironmentServiceTest { page.setTotal(1L); Mockito.when(environmentMapper.queryEnvironmentListPaging(Mockito.any(Page.class), Mockito.eq(environmentName))).thenReturn(page); - Result result = environmentService.queryEnvironmentListPaging(1, 10, environmentName); + Result result = environmentService.queryEnvironmentListPaging(getAdminUser(), 1, 10, environmentName); logger.info(result.toString()); PageInfo pageInfo = (PageInfo) result.getData(); Assert.assertTrue(CollectionUtils.isNotEmpty(pageInfo.getTotalList())); diff --git a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/ResourcesServiceTest.java b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/ResourcesServiceTest.java index 285092d3ee..35edd9e5c1 100644 --- a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/ResourcesServiceTest.java +++ b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/ResourcesServiceTest.java @@ -117,6 +117,7 @@ public class ResourcesServiceTest { private static final Logger serviceLogger = LoggerFactory.getLogger(BaseServiceImpl.class); + private static final Logger resourceLogger = LoggerFactory.getLogger(ResourcesServiceImpl.class); @Before public void setUp() { @@ -349,7 +350,7 @@ public class ResourcesServiceTest { PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 1, ApiFuncIdentificationConstant.FILE_VIEW, serviceLogger)).thenReturn(true); PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, null, 0, serviceLogger)).thenReturn(true); - PowerMockito.when(resourcePermissionCheckService.userOwnedResourceIdsAcquisition(AuthorizationType.RESOURCE_FILE_ID, 1, serviceLogger)).thenReturn(getSetIds()); + PowerMockito.when(resourcePermissionCheckService.userOwnedResourceIdsAcquisition(AuthorizationType.RESOURCE_FILE_ID, 1, resourceLogger)).thenReturn(getSetIds()); Mockito.when(resourcesMapper.queryResourcePaging(Mockito.any(Page.class), eq(-1), eq(0), eq(1), eq("test"), Mockito.any())).thenReturn(resourcePage); Result result = resourcesService.queryResourceListPaging(loginUser, -1, ResourceType.FILE, "test", 1, 10); diff --git a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/UsersServiceTest.java b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/UsersServiceTest.java index 6d0b42a3dd..6596d1b400 100644 --- a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/UsersServiceTest.java +++ b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/UsersServiceTest.java @@ -27,6 +27,7 @@ import org.apache.dolphinscheduler.api.service.impl.UsersServiceImpl; import org.apache.dolphinscheduler.api.utils.PageInfo; import org.apache.dolphinscheduler.api.utils.Result; import org.apache.dolphinscheduler.common.Constants; +import org.apache.dolphinscheduler.common.enums.AuthorizationType; import org.apache.dolphinscheduler.common.enums.UserType; import org.apache.dolphinscheduler.common.storage.StorageOperate; import org.apache.dolphinscheduler.common.utils.EncryptionUtils; @@ -50,6 +51,7 @@ import java.util.ArrayList; import java.util.List; import java.util.Map; +import static org.apache.dolphinscheduler.api.constants.ApiFuncIdentificationConstant.USER_MANAGER; import static org.mockito.ArgumentMatchers.any; import static org.mockito.ArgumentMatchers.eq; import static org.mockito.Mockito.when; @@ -106,6 +108,8 @@ public class UsersServiceTest { private String queueName = "UsersServiceTestQueue"; + private static final Logger serviceLogger = LoggerFactory.getLogger(BaseServiceImpl.class); + @Before public void before() { Mockito.when(resourcePermissionCheckService.functionDisabled()).thenReturn(false); @@ -226,13 +230,19 @@ public class UsersServiceTest { @Test public void testQueryUserList() { User user = new User(); + user.setUserType(UserType.ADMIN_USER); + user.setId(1); //no operate + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.ACCESS_TOKEN,1, USER_MANAGER, serviceLogger)).thenReturn(true); + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.ACCESS_TOKEN, null, 0, serviceLogger)).thenReturn(false); Map result = usersService.queryUserList(user); logger.info(result.toString()); Assert.assertEquals(Status.USER_NO_OPERATION_PERM, result.get(Constants.STATUS)); //success + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.ACCESS_TOKEN,1, USER_MANAGER, serviceLogger)).thenReturn(true); + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.ACCESS_TOKEN, null, 0, serviceLogger)).thenReturn(true); user.setUserType(UserType.ADMIN_USER); when(userMapper.selectList(null)).thenReturn(getUserList()); result = usersService.queryUserList(user); diff --git a/dolphinscheduler-dao/src/main/java/org/apache/dolphinscheduler/dao/mapper/AlertGroupMapper.java b/dolphinscheduler-dao/src/main/java/org/apache/dolphinscheduler/dao/mapper/AlertGroupMapper.java index 4ad4fe86ab..ceabc5b49b 100644 --- a/dolphinscheduler-dao/src/main/java/org/apache/dolphinscheduler/dao/mapper/AlertGroupMapper.java +++ b/dolphinscheduler-dao/src/main/java/org/apache/dolphinscheduler/dao/mapper/AlertGroupMapper.java @@ -22,6 +22,7 @@ import org.apache.dolphinscheduler.dao.entity.AlertGroup; import org.apache.dolphinscheduler.dao.entity.User; import org.apache.ibatis.annotations.Param; +import java.util.ArrayList; import java.util.List; import com.baomidou.mybatisplus.core.mapper.BaseMapper; @@ -92,4 +93,12 @@ public interface AlertGroupMapper extends BaseMapper { */ List listAuthorizedAlertGroupList (@Param("userId") int userId, @Param("alertGroupsIds")List alertGroupsIds); + /** + * queryAlertGroupPageByIds + * @param page + * @param ids + * @param searchVal + * @return + */ + IPage queryAlertGroupPageByIds(Page page, @Param("ids") List ids, @Param("searchVal") String searchVal); } diff --git a/dolphinscheduler-dao/src/main/java/org/apache/dolphinscheduler/dao/mapper/DataSourceMapper.java b/dolphinscheduler-dao/src/main/java/org/apache/dolphinscheduler/dao/mapper/DataSourceMapper.java index 15b5a3db0f..fa9c205ec2 100644 --- a/dolphinscheduler-dao/src/main/java/org/apache/dolphinscheduler/dao/mapper/DataSourceMapper.java +++ b/dolphinscheduler-dao/src/main/java/org/apache/dolphinscheduler/dao/mapper/DataSourceMapper.java @@ -17,10 +17,12 @@ package org.apache.dolphinscheduler.dao.mapper; +import com.baomidou.mybatisplus.extension.plugins.pagination.Page; import org.apache.dolphinscheduler.dao.entity.DataSource; import org.apache.ibatis.annotations.Param; +import java.util.ArrayList; import java.util.List; import com.baomidou.mybatisplus.core.mapper.BaseMapper; @@ -98,4 +100,13 @@ public interface DataSourceMapper extends BaseMapper { * @return If the name does not exist or the user does not have permission, it will return null */ DataSource queryDataSourceByNameAndUserId(@Param("userId") int userId, @Param("name") String name); + + /** + * selectPagingByIds + * @param dataSourcePage + * @param ids + * @param searchVal + * @return + */ + IPage selectPagingByIds(Page dataSourcePage, @Param("ids")List ids, @Param("searchVal")String searchVal); } diff --git a/dolphinscheduler-dao/src/main/java/org/apache/dolphinscheduler/dao/mapper/EnvironmentMapper.java b/dolphinscheduler-dao/src/main/java/org/apache/dolphinscheduler/dao/mapper/EnvironmentMapper.java index 5bde2a3443..fbc1cb7a9a 100644 --- a/dolphinscheduler-dao/src/main/java/org/apache/dolphinscheduler/dao/mapper/EnvironmentMapper.java +++ b/dolphinscheduler-dao/src/main/java/org/apache/dolphinscheduler/dao/mapper/EnvironmentMapper.java @@ -17,11 +17,13 @@ package org.apache.dolphinscheduler.dao.mapper; +import com.baomidou.mybatisplus.extension.plugins.pagination.Page; import org.apache.dolphinscheduler.dao.entity.Environment; import org.apache.ibatis.annotations.Param; import java.util.List; +import java.util.Set; import com.baomidou.mybatisplus.core.mapper.BaseMapper; import com.baomidou.mybatisplus.core.metadata.IPage; @@ -68,4 +70,13 @@ public interface EnvironmentMapper extends BaseMapper { * @return int */ int deleteByCode(@Param("code") Long code); + + /** + * queryEnvironmentListPagingByIds + * @param page + * @param ids + * @param searchVal + * @return + */ + IPage queryEnvironmentListPagingByIds(Page page, @Param("ids")List ids, @Param("searchName")String searchVal); } diff --git a/dolphinscheduler-dao/src/main/java/org/apache/dolphinscheduler/dao/mapper/TenantMapper.java b/dolphinscheduler-dao/src/main/java/org/apache/dolphinscheduler/dao/mapper/TenantMapper.java index 38350f5b2d..b25a2fd686 100644 --- a/dolphinscheduler-dao/src/main/java/org/apache/dolphinscheduler/dao/mapper/TenantMapper.java +++ b/dolphinscheduler-dao/src/main/java/org/apache/dolphinscheduler/dao/mapper/TenantMapper.java @@ -17,6 +17,7 @@ package org.apache.dolphinscheduler.dao.mapper; +import com.baomidou.mybatisplus.extension.plugins.pagination.Page; import org.apache.dolphinscheduler.dao.entity.Tenant; import org.apache.ibatis.annotations.Param; @@ -28,6 +29,7 @@ import org.springframework.cache.annotation.Cacheable; import com.baomidou.mybatisplus.core.mapper.BaseMapper; import com.baomidou.mybatisplus.core.metadata.IPage; +import java.util.ArrayList; import java.util.List; /** @@ -82,4 +84,13 @@ public interface TenantMapper extends BaseMapper { * @return true if exist else return null */ Boolean existTenant(@Param("tenantCode") String tenantCode); + + /** + * queryTenantPagingByIds + * @param page + * @param ids + * @param searchVal + * @return + */ + IPage queryTenantPagingByIds(Page page, @Param("ids")List ids, @Param("searchVal")String searchVal); } diff --git a/dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/AlertGroupMapper.xml b/dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/AlertGroupMapper.xml index 991fbead2c..e8375b3a1b 100644 --- a/dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/AlertGroupMapper.xml +++ b/dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/AlertGroupMapper.xml @@ -33,6 +33,23 @@ order by update_time desc + + + + + + +