Merge remote-tracking branch 'remotes/upstream/1.3.2-release' into 1.3.2-release

docker/build/Dockerfile

@@ -27,7 +27,7 @@ ENV DEBIAN_FRONTEND noninteractive
 #If install slowly, you can replcae alpine's mirror with aliyun's mirror, Example:
 #RUN sed -i "s/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g" /etc/apk/repositories
 RUN apk update && \
-    apk add dos2unix shadow bash openrc python python3 sudo vim wget iputils net-tools openssh-server py2-pip tini && \
+    apk --update add --no-cache dos2unix shadow bash openrc python2 python3 sudo vim wget iputils net-tools openssh-server py-pip tini && \
     apk add --update procps && \
     openrc boot && \
     pip install kazoo

dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/controller/AccessTokenController.java

@@ -74,7 +74,7 @@ public class AccessTokenController extends BaseController {
         logger.info("login user {}, create token , userId : {} , token expire time : {} , token : {}", loginUser.getUserName(),
                 userId, expireTime, token);
 
-        Map<String, Object> result = accessTokenService.createToken(userId, expireTime, token);
+        Map<String, Object> result = accessTokenService.createToken(loginUser, userId, expireTime, token);
         return returnDataList(result);
     }
 
@@ -94,7 +94,7 @@ public class AccessTokenController extends BaseController {
                                 @RequestParam(value = "userId") int userId,
                                 @RequestParam(value = "expireTime") String expireTime) {
         logger.info("login user {}, generate token , userId : {} , token expire time : {}", loginUser, userId, expireTime);
-        Map<String, Object> result = accessTokenService.generateToken(userId, expireTime);
+        Map<String, Object> result = accessTokenService.generateToken(loginUser, userId, expireTime);
         return returnDataList(result);
     }
 
@@ -173,7 +173,7 @@ public class AccessTokenController extends BaseController {
         logger.info("login user {}, update token , userId : {} , token expire time : {} , token : {}", loginUser.getUserName(),
                 userId, expireTime, token);
 
-        Map<String, Object> result = accessTokenService.updateToken(id, userId, expireTime, token);
+        Map<String, Object> result = accessTokenService.updateToken(loginUser, id, userId, expireTime, token);
         return returnDataList(result);
     }
 

dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/controller/UsersController.java

@@ -161,7 +161,7 @@ public class UsersController extends BaseController {
                              @RequestParam(value = "phone", required = false) String phone) throws Exception {
         logger.info("login user {}, updateProcessInstance user, userName: {}, email: {}, tenantId: {}, userPassword: {}, phone: {}, user queue: {}",
                 loginUser.getUserName(), userName, email, tenantId, Constants.PASSWORD_DEFAULT, phone, queue);
-        Map<String, Object> result = usersService.updateUser(id, userName, userPassword, email, tenantId, phone, queue);
+        Map<String, Object> result = usersService.updateUser(loginUser, id, userName, userPassword, email, tenantId, phone, queue);
         return returnDataList(result);
     }
 

dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/AccessTokenService.java

@@ -75,13 +75,18 @@ public class AccessTokenService extends BaseService {
 
     /**
      * create token
+     *
+     * @param loginUser
      * @param userId token for user
      * @param expireTime token expire time
      * @param token token string
      * @return create result code
      */
-    public Map<String, Object> createToken(int userId, String expireTime, String token) {
+    public Map<String, Object> createToken(User loginUser, int userId, String expireTime, String token) {
         Map<String, Object> result = new HashMap<>(5);
+        if(check(result, !isAdmin(loginUser), Status.USER_NO_OPERATION_PERM)){
+            return result;
+        }
 
         if (userId <= 0) {
             throw new IllegalArgumentException("User id should not less than or equals to 0.");
@@ -107,12 +112,17 @@ public class AccessTokenService extends BaseService {
 
     /**
      * generate token
+     *
+     * @param loginUser
      * @param userId token for user
      * @param expireTime token expire time
      * @return token string
      */
-    public Map<String, Object> generateToken(int userId, String expireTime) {
+    public Map<String, Object> generateToken(User loginUser, int userId, String expireTime) {
         Map<String, Object> result = new HashMap<>(5);
+        if(check(result, !isAdmin(loginUser), Status.USER_NO_OPERATION_PERM)){
+            return result;
+        }
         String token = EncryptionUtils.getMd5(userId + expireTime + String.valueOf(System.currentTimeMillis()));
         result.put(Constants.DATA_LIST, token);
         putMsg(result, Status.SUCCESS);
@@ -128,6 +138,10 @@ public class AccessTokenService extends BaseService {
     public Map<String, Object> delAccessTokenById(User loginUser, int id) {
         Map<String, Object> result = new HashMap<>(5);
 
+        if(check(result, !isAdmin(loginUser), Status.USER_NO_OPERATION_PERM)){
+            return result;
+        }
+
         AccessToken accessToken = accessTokenMapper.selectById(id);
 
         if (accessToken == null) {
@@ -149,15 +163,20 @@ public class AccessTokenService extends BaseService {
 
     /**
      * update token by id
+     *
+     * @param loginUser
      * @param id token id
      * @param userId token for user
      * @param expireTime token expire time
      * @param token token string
      * @return update result code
      */
-    public Map<String, Object> updateToken(int id,int userId, String expireTime, String token) {
+    public Map<String, Object> updateToken(User loginUser, int id, int userId, String expireTime, String token) {
         Map<String, Object> result = new HashMap<>(5);
 
+        if(check(result, !isAdmin(loginUser), Status.USER_NO_OPERATION_PERM)){
+            return result;
+        }
         AccessToken accessToken = accessTokenMapper.selectById(id);
         if (accessToken == null) {
             logger.error("access token not exist,  access token id {}", id);

dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/BaseService.java

@@ -94,6 +94,25 @@ public class BaseService {
 
     }
 
+    /**
+     * check
+     *
+     * @param result result
+     * @param bool bool
+     * @param userNoOperationPerm status
+     * @return check result
+     */
+    protected boolean check(Map<String, Object> result, boolean bool, Status userNoOperationPerm) {
+        //only admin can operate
+        if (bool) {
+            result.put(Constants.STATUS, userNoOperationPerm);
+            result.put(Constants.MSG, userNoOperationPerm.getMsg());
+            return true;
+        }
+        return false;
+    }
+
+
     /**
      * get cookie info by name
      * @param request request

dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/UsersService.java

@@ -248,6 +248,8 @@ public class UsersService extends BaseService {
     /**
      * updateProcessInstance user
      *
+     *
+     * @param loginUser
      * @param userId user id
      * @param userName user name
      * @param userPassword user password
@@ -258,7 +260,7 @@ public class UsersService extends BaseService {
      * @return update result code
      * @throws Exception exception
      */
-    public Map<String, Object> updateUser(int userId,
+    public Map<String, Object> updateUser(User loginUser, int userId,
                                           String userName,
                                           String userPassword,
                                           String email,
@@ -268,13 +270,14 @@ public class UsersService extends BaseService {
         Map<String, Object> result = new HashMap<>(5);
         result.put(Constants.STATUS, false);
 
+        if (check(result, !hasPerm(loginUser, userId), Status.USER_NO_OPERATION_PERM)) {
+            return result;
+        }
         User user = userMapper.selectById(userId);
-
         if (user == null) {
             putMsg(result, Status.USER_NOT_EXIST, userId);
             return result;
         }
-
         if (StringUtils.isNotEmpty(userName)) {
 
             if (!CheckUtils.checkUserName(userName)){
@@ -814,24 +817,6 @@ public class UsersService extends BaseService {
         return result;
     }
 
-    /**
-     * check
-     *
-     * @param result result
-     * @param bool bool
-     * @param userNoOperationPerm status
-     * @return check result
-     */
-    private boolean check(Map<String, Object> result, boolean bool, Status userNoOperationPerm) {
-        //only admin can operate
-        if (bool) {
-            result.put(Constants.STATUS, userNoOperationPerm);
-            result.put(Constants.MSG, userNoOperationPerm.getMsg());
-            return true;
-        }
-        return false;
-    }
-
     /**
      * @param tenantId tenant id
      * @return true if tenant exists, otherwise return false

dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/AccessTokenServiceTest.java

@@ -94,7 +94,7 @@ public class AccessTokenServiceTest {
 
 
        when(accessTokenMapper.insert(any(AccessToken.class))).thenReturn(2);
-        Map<String, Object> result = accessTokenService.createToken(1,getDate(),"AccessTokenServiceTest");
+        Map<String, Object> result = accessTokenService.createToken(getLoginUser(), 1,getDate(),"AccessTokenServiceTest");
         logger.info(result.toString());
         Assert.assertEquals(Status.SUCCESS,result.get(Constants.STATUS));
     }
@@ -102,7 +102,7 @@ public class AccessTokenServiceTest {
     @Test
     public  void testGenerateToken(){
 
-        Map<String, Object> result = accessTokenService.generateToken(Integer.MAX_VALUE,getDate());
+        Map<String, Object> result = accessTokenService.generateToken(getLoginUser(), Integer.MAX_VALUE,getDate());
         logger.info(result.toString());
         Assert.assertEquals(Status.SUCCESS,result.get(Constants.STATUS));
         String token = (String) result.get(Constants.DATA_LIST);
@@ -134,16 +134,24 @@ public class AccessTokenServiceTest {
     public  void testUpdateToken(){
 
         when(accessTokenMapper.selectById(1)).thenReturn(getEntity());
-        Map<String, Object> result = accessTokenService.updateToken(1,Integer.MAX_VALUE,getDate(),"token");
+        Map<String, Object> result = accessTokenService.updateToken(getLoginUser(), 1,Integer.MAX_VALUE,getDate(),"token");
         logger.info(result.toString());
         Assert.assertEquals(Status.SUCCESS,result.get(Constants.STATUS));
         // not exist
-        result = accessTokenService.updateToken(2,Integer.MAX_VALUE,getDate(),"token");
+        result = accessTokenService.updateToken(getLoginUser(), 2,Integer.MAX_VALUE,getDate(),"token");
         logger.info(result.toString());
         Assert.assertEquals(Status.ACCESS_TOKEN_NOT_EXIST,result.get(Constants.STATUS));
 
     }
 
+
+    private User getLoginUser(){
+        User loginUser = new User();
+        loginUser.setId(1);
+        loginUser.setUserType(UserType.ADMIN_USER);
+        return loginUser;
+    }
+
     /**
      * create entity
      * @return

dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/UsersServiceTest.java

@@ -18,7 +18,6 @@ package org.apache.dolphinscheduler.api.service;
 
 import com.baomidou.mybatisplus.core.metadata.IPage;
 import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
-import org.apache.avro.generic.GenericData;
 import org.apache.dolphinscheduler.api.enums.Status;
 import org.apache.dolphinscheduler.api.utils.PageInfo;
 import org.apache.dolphinscheduler.api.utils.Result;
@@ -225,13 +224,13 @@ public class UsersServiceTest {
         String userPassword = "userTest0001";
         try {
             //user not exist
-            Map<String, Object> result = usersService.updateUser(0,userName,userPassword,"3443@qq.com",1,"13457864543","queue");
+            Map<String, Object> result = usersService.updateUser(getLoginUser(), 0,userName,userPassword,"3443@qq.com",1,"13457864543","queue");
             Assert.assertEquals(Status.USER_NOT_EXIST, result.get(Constants.STATUS));
             logger.info(result.toString());
 
             //success
             when(userMapper.selectById(1)).thenReturn(getUser());
-            result = usersService.updateUser(1,userName,userPassword,"32222s@qq.com",1,"13457864543","queue");
+            result = usersService.updateUser(getLoginUser(), 1,userName,userPassword,"32222s@qq.com",1,"13457864543","queue");
             logger.info(result.toString());
             Assert.assertEquals(Status.SUCCESS, result.get(Constants.STATUS));
         } catch (Exception e) {
@@ -357,6 +356,12 @@ public class UsersServiceTest {
 
     }
 
+    private User getLoginUser(){
+        User loginUser = new User();
+        loginUser.setId(1);
+        loginUser.setUserType(UserType.ADMIN_USER);
+        return loginUser;
+    }
 
     @Test
     public void getUserInfo(){

dolphinscheduler-server/src/main/java/org/apache/dolphinscheduler/server/registry/ZookeeperNodeManager.java

@@ -155,10 +155,10 @@ public class ZookeeperNodeManager implements InitializingBean {
 
         private String parseGroup(String path){
             String[] parts = path.split("\\/");
-            if(parts.length != 6){
+            if(parts.length < 6){
                 throw new IllegalArgumentException(String.format("worker group path : %s is not valid, ignore", path));
             }
-            String group = parts[4];
+            String group = parts[parts.length - 2];
             return group;
         }
     }