From 80da35e39cae8edd5d228d4d189f1eb3d4013aee Mon Sep 17 00:00:00 2001 From: Rick Cheng <38122586+rickchengx@users.noreply.github.com> Date: Wed, 1 Feb 2023 10:41:05 +0800 Subject: [PATCH] [Fix-12828][api] Add permission check when query specific datasource (#12830) --- .../api/controller/DataSourceController.java | 2 +- .../api/service/DataSourceService.java | 2 +- .../api/service/impl/DataSourceServiceImpl.java | 13 +++++++++---- .../api/service/DataSourceServiceTest.java | 16 +++++++++++++--- 4 files changed, 24 insertions(+), 9 deletions(-) diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/controller/DataSourceController.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/controller/DataSourceController.java index 6418995d43..475620b257 100644 --- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/controller/DataSourceController.java +++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/controller/DataSourceController.java @@ -141,7 +141,7 @@ public class DataSourceController extends BaseController { public Result queryDataSource(@Parameter(hidden = true) @RequestAttribute(value = Constants.SESSION_USER) User loginUser, @PathVariable("id") int id) { - Map result = dataSourceService.queryDataSource(id); + Map result = dataSourceService.queryDataSource(id, loginUser); return returnDataList(result); } diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/DataSourceService.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/DataSourceService.java index c1454f948b..c7f3ca0d74 100644 --- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/DataSourceService.java +++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/DataSourceService.java @@ -55,7 +55,7 @@ public interface DataSourceService { * @param id datasource id * @return data source detail */ - Map queryDataSource(int id); + Map queryDataSource(int id, User loginUser); /** * query datasource list by keyword diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/DataSourceServiceImpl.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/DataSourceServiceImpl.java index b7cd6f1518..5a654c0504 100644 --- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/DataSourceServiceImpl.java +++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/DataSourceServiceImpl.java @@ -234,7 +234,7 @@ public class DataSourceServiceImpl extends BaseServiceImpl implements DataSource * @return data source detail */ @Override - public Map queryDataSource(int id) { + public Map queryDataSource(int id, User loginUser) { Map result = new HashMap<>(); DataSource dataSource = dataSourceMapper.selectById(id); @@ -243,6 +243,13 @@ public class DataSourceServiceImpl extends BaseServiceImpl implements DataSource putMsg(result, Status.RESOURCE_NOT_EXIST); return result; } + + if (!canOperatorPermissions(loginUser, new Object[]{dataSource.getId()}, AuthorizationType.DATASOURCE, + ApiFuncIdentificationConstant.DATASOURCE)) { + putMsg(result, Status.USER_NO_OPERATION_PERM); + return result; + } + // type BaseDataSourceParamDTO baseDataSourceParamDTO = DataSourceUtils.buildDatasourceParamDTO( dataSource.getType(), dataSource.getConnectionParams()); @@ -272,8 +279,7 @@ public class DataSourceServiceImpl extends BaseServiceImpl implements DataSource Page dataSourcePage = new Page<>(pageNo, pageSize); PageInfo pageInfo = new PageInfo<>(pageNo, pageSize); if (loginUser.getUserType().equals(UserType.ADMIN_USER)) { - dataSourceList = dataSourceMapper.selectPaging(dataSourcePage, - UserType.ADMIN_USER.equals(loginUser.getUserType()) ? 0 : loginUser.getId(), searchVal); + dataSourceList = dataSourceMapper.selectPaging(dataSourcePage, 0, searchVal); } else { Set ids = resourcePermissionCheckService .userOwnedResourceIdsAcquisition(AuthorizationType.DATASOURCE, loginUser.getId(), logger); @@ -340,7 +346,6 @@ public class DataSourceServiceImpl extends BaseServiceImpl implements DataSource datasourceList = dataSourceMapper.selectBatchIds(ids).stream() .filter(dataSource -> dataSource.getType().getCode() == type) .filter(dataSource -> dataSource.getTestFlag() == testFlag).collect(Collectors.toList()); - } result.put(Constants.DATA_LIST, datasourceList); putMsg(result, Status.SUCCESS); diff --git a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/DataSourceServiceTest.java b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/DataSourceServiceTest.java index 7b435d5fea..68290de26e 100644 --- a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/DataSourceServiceTest.java +++ b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/DataSourceServiceTest.java @@ -17,6 +17,8 @@ package org.apache.dolphinscheduler.api.service; +import static org.apache.dolphinscheduler.api.constants.ApiFuncIdentificationConstant.DATASOURCE; + import org.apache.dolphinscheduler.api.enums.Status; import org.apache.dolphinscheduler.api.permission.ResourcePermissionCheckService; import org.apache.dolphinscheduler.api.service.impl.BaseServiceImpl; @@ -334,11 +336,19 @@ public class DataSourceServiceTest { @Test public void queryDataSourceTest() { Mockito.when(dataSourceMapper.selectById(Mockito.anyInt())).thenReturn(null); - Map result = dataSourceService.queryDataSource(Mockito.anyInt()); + User loginUser = new User(); + loginUser.setUserType(UserType.GENERAL_USER); + loginUser.setId(2); + Map result = dataSourceService.queryDataSource(Mockito.anyInt(), loginUser); Assertions.assertEquals(((Status) result.get(Constants.STATUS)).getCode(), Status.RESOURCE_NOT_EXIST.getCode()); - Mockito.when(dataSourceMapper.selectById(Mockito.anyInt())).thenReturn(getOracleDataSource()); - result = dataSourceService.queryDataSource(Mockito.anyInt()); + DataSource dataSource = getOracleDataSource(1); + Mockito.when(dataSourceMapper.selectById(Mockito.anyInt())).thenReturn(dataSource); + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.DATASOURCE, + loginUser.getId(), DATASOURCE, baseServiceLogger)).thenReturn(true); + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.DATASOURCE, + new Object[]{dataSource.getId()}, loginUser.getId(), baseServiceLogger)).thenReturn(true); + result = dataSourceService.queryDataSource(dataSource.getId(), loginUser); Assertions.assertEquals(((Status) result.get(Constants.STATUS)).getCode(), Status.SUCCESS.getCode()); }