github
/
DolphinScheduler
mirror of https://gitee.com/dolphinscheduler/DolphinScheduler.git
1
0
Fork 0
Code Issues Releases Wiki Activity
Browse Source

[Feature][Permission] Reconstruction of permissions of resource center and monitoring center. (#10307) 

* Reconstruction of permissions of resource center and monitoring center.

* clear local logs.

* resource query fix
k8s/config
WangJPLeo 2 years ago committed by GitHub
parent
53ab6f7b92
commit
a4948f58e6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
39 changed files with 907 additions and 428 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 1
      dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/ApiApplicationServer.java
  2. 42
      dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/constants/ApiFuncIdentificationConstant.java
  3. 29
      dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/controller/ResourcesController.java
  4. 5
      dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/enums/Status.java
  5. 4
      dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/python/PythonGateway.java
  6. 12
      dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/ResourcesService.java
  7. 11
      dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/UdfFuncService.java
  8. 6
      dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/BaseServiceImpl.java
  9. 26
      dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/MonitorServiceImpl.java
  10. 11
      dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ProjectServiceImpl.java
  11. 205
      dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ResourcesServiceImpl.java
  12. 8
      dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/TaskGroupQueueServiceImpl.java
  13. 47
      dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/TaskGroupServiceImpl.java
  14. 106
      dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UdfFuncServiceImpl.java
  15. 50
      dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UsersServiceImpl.java
  16. 10
      dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/controller/AbstractControllerTest.java
  17. 26
      dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/controller/ResourcesControllerTest.java
  18. 74
      dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/MonitorServiceTest.java
  19. 30
      dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/ProjectServiceTest.java
  20. 142
      dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/ResourcesServiceTest.java
  21. 34
      dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/TaskGroupServiceTest.java
  22. 86
      dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/UdfFuncServiceTest.java
  23. 81
      dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/UsersServiceTest.java
  24. 8
      dolphinscheduler-common/src/main/java/org/apache/dolphinscheduler/common/enums/AuthorizationType.java
  25. 2
      dolphinscheduler-dao/src/main/java/org/apache/dolphinscheduler/dao/entity/TaskGroup.java
  26. 2
      dolphinscheduler-dao/src/main/java/org/apache/dolphinscheduler/dao/mapper/AlertGroupMapper.java
  27. 2
      dolphinscheduler-dao/src/main/java/org/apache/dolphinscheduler/dao/mapper/ResourceMapper.java
  28. 11
      dolphinscheduler-dao/src/main/java/org/apache/dolphinscheduler/dao/mapper/UdfFuncMapper.java
  29. 2
      dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/AccessTokenMapper.xml
  30. 2
      dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/AlertGroupMapper.xml
  31. 8
      dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/AlertPluginInstanceMapper.xml
  32. 1
      dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/ProjectUserMapper.xml
  33. 17
      dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/ResourceMapper.xml
  34. 42
      dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/UdfFuncMapper.xml
  35. 11
      dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/UserMapper.xml
  36. 6
      dolphinscheduler-dao/src/test/java/org/apache/dolphinscheduler/dao/mapper/ResourceMapperTest.java
  37. 6
      dolphinscheduler-dao/src/test/java/org/apache/dolphinscheduler/dao/mapper/UdfFuncMapperTest.java
  38. 9
      dolphinscheduler-service/src/main/java/org/apache/dolphinscheduler/service/permission/ResourcePermissionCheckService.java
  39. 160
      dolphinscheduler-service/src/main/java/org/apache/dolphinscheduler/service/permission/ResourcePermissionCheckServiceImpl.java

1
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/ApiApplicationServer.java
Unescape View File

@ -18,6 +18,7 @@
package org.apache.dolphinscheduler.api;
import org.apache.dolphinscheduler.service.task.TaskPluginManager;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;

42
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/constants/ApiFuncIdentificationConstant.java
Unescape View File

@ -21,7 +21,6 @@ import org.apache.dolphinscheduler.api.enums.ExecuteType;
import java.util.HashMap;
import java.util.Map;
public class ApiFuncIdentificationConstant {
public static final String ACCESS_TOKEN_MANAGE = "security:token:view";
@ -84,8 +83,6 @@ public class ApiFuncIdentificationConstant {
public static final String VIEW_PERMISSION = "security:role:permission-view";
public static final String ASSIGN_PERMISSION = "security:role:permission-assign";
public static final String PROJECT = "project:view";
public static final String PROJECT_CREATE = "project:create";
public static final String PROJECT_UPDATE = "project:edit";
@ -141,6 +138,45 @@ public class ApiFuncIdentificationConstant {
public static final String DATASOURCE_LIST = "datasource:list";
public static final String DATASOURCE_PARAM_VIEW = "datasource:param-view";
public static final String FILE_VIEW = "resources:file:view";
public static final String FOLDER_ONLINE_CREATE = "resources:folder:online-create";
public static final String FILE_ONLINE_CREATE = "resources:file:online-create";
public static final String FILE_UPLOAD = "resources:file:upload";
public static final String FILE_UPDATE = "resources:file:update-content";
public static final String FILE_RENAME = "resources:file:rename";
public static final String FILE_DOWNLOAD = "resources:file:download";
public static final String FILE_DELETE = "resources:file:delete";
public static final String UDF_FILE_VIEW = "resources:udf:view";
public static final String UDF_FOLDER_ONLINE_CREATE = "resources:udf-folder:online-create";
public static final String UDF_UPLOAD = "resources:udf:upload";
public static final String UDF_UPDATE = "resources:udf:edit";
public static final String UDF_DOWNLOAD = "resources:udf:download";
public static final String UDF_DELETE = "resources:udf:delete";
public static final String UDF_FUNCTION_VIEW = "resources:udf-func:view";
public static final String UDF_FUNCTION_CREATE = "resources:udf-func:create";
public static final String UDF_FUNCTION_UPDATE = "resources:udf-func:update";
public static final String UDF_FUNCTION_DELETE = "resources:udf-func:delete";
public static final String TASK_GROUP_VIEW = "resources:task-group:view";
public static final String TASK_GROUP_CREATE = "resources:task-group:create";
public static final String TASK_GROUP_CLOSE = "resources:task-group:close";
public static final String TASK_GROUP_EDIT = "resources:task-group:update";
public static final String TASK_GROUP_VIEW_QUEUE = "resources:task-group:queue-view";
public static final String TASK_GROUP_QUEUE = "resources:task-group-queue:view";
public static final String TASK_GROUP_QUEUE_PRIORITY = "resources:task-group-queue:priority";
public static final String TASK_GROUP_QUEUE_START = "resources:task-group-queue:start";
public static final String MONITOR_MASTER_VIEW = "monitor:masters:view";
public static final String MONITOR_WORKER_VIEW = "monitor:workers:view";
public static final String MONITOR_DATABASES_VIEW = "monitor:databases:view";
public static final String MONITOR_STATISTICS_VIEW = "monitor:statistics:view";
public static final String MONITOR_EVENT_LIST_VIEW = "monitor:event:view";
public static final String MONITOR_ALERT_LIST_VIEW = "monitor:alert:view";
public final static Map<ExecuteType,String> map = new HashMap<ExecuteType,String>();
static{

29
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/controller/ResourcesController.java
Unescape View File

@ -316,8 +316,7 @@ public class ResourcesController extends BaseController {
@RequestParam(value = "type") ResourceType type,
@RequestParam(value = "programType", required = false) ProgramType programType
) {
Map<String, Object> result = resourceService.queryResourceByProgramType(loginUser, type, programType);
return returnDataList(result);
return resourceService.queryResourceByProgramType(loginUser, type, programType);
}
/**
@ -345,7 +344,7 @@ public class ResourcesController extends BaseController {
@RequestParam(value = "type") ResourceType type
) {
return resourceService.queryResource(fullName, id, type);
return resourceService.queryResource(loginUser, fullName, id, type);
}
/**
@ -371,7 +370,7 @@ public class ResourcesController extends BaseController {
@RequestParam(value = "skipLineNum") int skipLineNum,
@RequestParam(value = "limit") int limit
) {
return resourceService.readResource(resourceId, skipLineNum, limit);
return resourceService.readResource(loginUser, resourceId, skipLineNum, limit);
}
/**
@ -432,7 +431,7 @@ public class ResourcesController extends BaseController {
logger.error("The resource file contents are not allowed to be empty");
return error(RESOURCE_FILE_IS_EMPTY.getCode(), RESOURCE_FILE_IS_EMPTY.getMsg());
}
return resourceService.updateResourceContent(resourceId, content);
return resourceService.updateResourceContent(loginUser, resourceId, content);
}
/**
@ -452,7 +451,7 @@ public class ResourcesController extends BaseController {
@AccessLogAnnotation(ignoreRequestArgs = "loginUser")
public ResponseEntity downloadResource(@ApiIgnore @RequestAttribute(value = Constants.SESSION_USER) User loginUser,
@PathVariable(value = "id") int resourceId) throws Exception {
Resource file = resourceService.downloadResource(resourceId);
Resource file = resourceService.downloadResource(loginUser, resourceId);
if (file == null) {
return ResponseEntity.status(HttpStatus.BAD_REQUEST).body(RESOURCE_NOT_EXIST.getMsg());
}
@ -521,8 +520,7 @@ public class ResourcesController extends BaseController {
@AccessLogAnnotation(ignoreRequestArgs = "loginUser")
public Result viewUIUdfFunction(@ApiIgnore @RequestAttribute(value = Constants.SESSION_USER) User loginUser,
@PathVariable("id") int id) {
Map<String, Object> map = udfFuncService.queryUdfFuncDetail(id);
return returnDataList(map);
return udfFuncService.queryUdfFuncDetail(loginUser, id);
}
/**
@ -563,8 +561,7 @@ public class ResourcesController extends BaseController {
@RequestParam(value = "database", required = false) String database,
@RequestParam(value = "description", required = false) String description,
@PathVariable(value = "resourceId") int resourceId) {
Map<String, Object> result = udfFuncService.updateUdfFunc(udfFuncId, funcName, className, argTypes, database, description, type, resourceId);
return returnDataList(result);
return udfFuncService.updateUdfFunc(loginUser, udfFuncId, funcName, className, argTypes, database, description, type, resourceId);
}
/**
@ -595,8 +592,7 @@ public class ResourcesController extends BaseController {
if (!result.checkResult()) {
return result;
}
result = udfFuncService.queryUdfFuncListPaging(loginUser, searchVal, pageNo, pageSize);
return result;
return udfFuncService.queryUdfFuncListPaging(loginUser, searchVal, pageNo, pageSize);
}
/**
@ -616,8 +612,7 @@ public class ResourcesController extends BaseController {
@AccessLogAnnotation(ignoreRequestArgs = "loginUser")
public Result<Object> queryUdfFuncList(@ApiIgnore @RequestAttribute(value = Constants.SESSION_USER) User loginUser,
@RequestParam("type") UdfType type) {
Map<String, Object> result = udfFuncService.queryUdfFuncList(loginUser, type.ordinal());
return returnDataList(result);
return udfFuncService.queryUdfFuncList(loginUser, type.ordinal());
}
/**
@ -639,7 +634,7 @@ public class ResourcesController extends BaseController {
public Result verifyUdfFuncName(@ApiIgnore @RequestAttribute(value = Constants.SESSION_USER) User loginUser,
@RequestParam(value = "name") String name
) {
return udfFuncService.verifyUdfFuncByName(name);
return udfFuncService.verifyUdfFuncByName(loginUser, name);
}
/**
@ -660,7 +655,7 @@ public class ResourcesController extends BaseController {
public Result deleteUdfFunc(@ApiIgnore @RequestAttribute(value = Constants.SESSION_USER) User loginUser,
@PathVariable(value = "id") int udfFuncId
) {
return udfFuncService.delete(udfFuncId);
return udfFuncService.delete(loginUser, udfFuncId);
}
/**
@ -770,6 +765,6 @@ public class ResourcesController extends BaseController {
@PathVariable(value = "id", required = true) Integer id
) {
return resourceService.queryResourceById(id);
return resourceService.queryResourceById(loginUser, id);
}
}

5
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/enums/Status.java
Unescape View File

@ -404,7 +404,10 @@ public enum Status {
QUERY_CAN_USE_K8S_CLUSTER_ERROR(1300014, "login user query can used k8s cluster list error", "查询可用k8s集群错误"),
RESOURCE_FULL_NAME_TOO_LONG_ERROR(1300015, "resource's fullname is too long error", "资源文件名过长"),
TENANT_FULL_NAME_TOO_LONG_ERROR(1300016, "tenant's fullname is too long error", "租户名过长"),
FUNCTION_DISABLED(1400002, "The current feature is disabled.", "当前功能已被禁用");
NO_CURRENT_OPERATING_PERMISSION(1400001, "The current user does not have this permission.", "当前用户无此权限"),
FUNCTION_DISABLED(1400002, "The current feature is disabled.", "当前功能已被禁用"),
;
private final int code;
private final String enMsg;

4
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/python/PythonGateway.java
Unescape View File

@ -536,8 +536,8 @@ public class PythonGateway {
public Map<String, Object> getResourcesFileInfo(String programType, String fullName) {
Map<String, Object> result = new HashMap<>();
Map<String, Object> resources = resourceService.queryResourceByProgramType(dummyAdminUser, ResourceType.FILE, ProgramType.valueOf(programType));
List<ResourceComponent> resourcesComponent = (List<ResourceComponent>) resources.get(Constants.DATA_LIST);
Result<Object> resources = resourceService.queryResourceByProgramType(dummyAdminUser, ResourceType.FILE, ProgramType.valueOf(programType));
List<ResourceComponent> resourcesComponent = (List<ResourceComponent>) resources.getData();
List<ResourceComponent> namedResources = resourcesComponent.stream().filter(s -> fullName.equals(s.getFullName())).collect(Collectors.toList());
if (CollectionUtils.isEmpty(namedResources)) {
String msg = String.format("Can not find valid resource by program type %s and name %s", programType, fullName);

12
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/ResourcesService.java
Unescape View File

@ -115,7 +115,7 @@ public interface ResourcesService {
* @param type resource type
* @return resource list
*/
Map<String, Object> queryResourceByProgramType(User loginUser, ResourceType type, ProgramType programType);
Result<Object> queryResourceByProgramType(User loginUser, ResourceType type, ProgramType programType);
/**
* delete resource
@ -143,7 +143,7 @@ public interface ResourcesService {
* @param type resource type
* @return true if the resource full name or pid not exists, otherwise return false
*/
Result<Object> queryResource(String fullName,Integer id,ResourceType type);
Result<Object> queryResource(User loginUser,String fullName,Integer id,ResourceType type);
/**
* view resource file online
@ -153,7 +153,7 @@ public interface ResourcesService {
* @param limit limit
* @return resource content
*/
Result<Object> readResource(int resourceId, int skipLineNum, int limit);
Result<Object> readResource(User loginUser,int resourceId, int skipLineNum, int limit);
/**
* create resource file online
@ -175,7 +175,7 @@ public interface ResourcesService {
* @param content content
* @return update result cod
*/
Result<Object> updateResourceContent(int resourceId, String content);
Result<Object> updateResourceContent(User loginUser,int resourceId, String content);
/**
* download file
@ -184,7 +184,7 @@ public interface ResourcesService {
* @return resource content
* @throws IOException exception
*/
org.springframework.core.io.Resource downloadResource(int resourceId) throws IOException;
org.springframework.core.io.Resource downloadResource(User loginUser, int resourceId) throws IOException;
/**
* list all file
@ -236,6 +236,6 @@ public interface ResourcesService {
* @param resourceId resource id
* @return resource
*/
Result<Object> queryResourceById(Integer resourceId);
Result<Object> queryResourceById(User loginUser, Integer resourceId);
}

11
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/UdfFuncService.java
Unescape View File

@ -56,7 +56,7 @@ public interface UdfFuncService {
* @param id udf function id
* @return udf function detail
*/
Map<String, Object> queryUdfFuncDetail(int id);
Result<Object> queryUdfFuncDetail(User loginUser,int id);
/**
* updateProcessInstance udf function
@ -71,7 +71,8 @@ public interface UdfFuncService {
* @param className class name
* @return update result code
*/
Map<String, Object> updateUdfFunc(int udfFuncId,
Result<Object> updateUdfFunc(User loginUser,
int udfFuncId,
String funcName,
String className,
String argTypes,
@ -98,7 +99,7 @@ public interface UdfFuncService {
* @param type udf type
* @return udf func list
*/
Map<String, Object> queryUdfFuncList(User loginUser, Integer type);
Result<Object> queryUdfFuncList(User loginUser, Integer type);
/**
* delete udf function
@ -106,7 +107,7 @@ public interface UdfFuncService {
* @param id udf function id
* @return delete result code
*/
Result<Object> delete(int id);
Result<Object> delete(User loginUser, int id);
/**
* verify udf function by name
@ -114,6 +115,6 @@ public interface UdfFuncService {
* @param name name
* @return true if the name can user, otherwise return false
*/
Result<Object> verifyUdfFuncByName(String name);
Result<Object> verifyUdfFuncByName(User loginUser, String name);
}

6
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/BaseServiceImpl.java
Unescape View File

@ -45,7 +45,7 @@ public class BaseServiceImpl implements BaseService {
private static final Logger logger = LoggerFactory.getLogger(BaseServiceImpl.class);
@Autowired
private ResourcePermissionCheckService resourcePermissionCheckService;
protected ResourcePermissionCheckService resourcePermissionCheckService;
/**
* check admin
@ -162,8 +162,8 @@ public class BaseServiceImpl implements BaseService {
* @return boolean
*/
@Override
public boolean canOperatorPermissions(User user, Object[] ids,AuthorizationType type,String perm) {
boolean operationPermissionCheck = resourcePermissionCheckService.operationPermissionCheck(type, user.getId(), perm, logger);
public boolean canOperatorPermissions(User user, Object[] ids,AuthorizationType type,String permissionKey) {
boolean operationPermissionCheck = resourcePermissionCheckService.operationPermissionCheck(type, user.getId(), permissionKey, logger);
boolean resourcePermissionCheck = resourcePermissionCheckService.resourcePermissionCheck(type, ids, user.getUserType().equals(UserType.ADMIN_USER) ? 0 : user.getId(), logger);
return operationPermissionCheck && resourcePermissionCheck;
}

26
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/MonitorServiceImpl.java
Unescape View File

@ -17,9 +17,11 @@
package org.apache.dolphinscheduler.api.service.impl;
import org.apache.dolphinscheduler.api.constants.ApiFuncIdentificationConstant;
import org.apache.dolphinscheduler.api.enums.Status;
import org.apache.dolphinscheduler.api.service.MonitorService;
import org.apache.dolphinscheduler.common.Constants;
import org.apache.dolphinscheduler.common.enums.AuthorizationType;
import org.apache.dolphinscheduler.common.enums.NodeType;
import org.apache.dolphinscheduler.common.model.Server;
import org.apache.dolphinscheduler.common.model.WorkerServerModel;
@ -34,6 +36,8 @@ import java.util.Map;
import java.util.function.Function;
import java.util.stream.Collectors;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
@ -45,6 +49,8 @@ import com.google.common.collect.Sets;
@Service
public class MonitorServiceImpl extends BaseServiceImpl implements MonitorService {
public static final Logger logger = LoggerFactory.getLogger(MonitorServiceImpl.class);
@Autowired
private MonitorDBDao monitorDBDao;
@ -60,14 +66,14 @@ public class MonitorServiceImpl extends BaseServiceImpl implements MonitorServic
@Override
public Map<String, Object> queryDatabaseState(User loginUser) {
Map<String, Object> result = new HashMap<>();
if (!canOperatorPermissions(loginUser, null, AuthorizationType.MONITOR, ApiFuncIdentificationConstant.MONITOR_DATABASES_VIEW)) {
putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION);
return result;
}
List<MonitorRecord> monitorRecordList = monitorDBDao.queryDatabaseState();
result.put(Constants.DATA_LIST, monitorRecordList);
putMsg(result, Status.SUCCESS);
return result;
}
/**
@ -78,9 +84,11 @@ public class MonitorServiceImpl extends BaseServiceImpl implements MonitorServic
*/
@Override
public Map<String, Object> queryMaster(User loginUser) {
Map<String, Object> result = new HashMap<>();
if (!canOperatorPermissions(loginUser, null, AuthorizationType.MONITOR, ApiFuncIdentificationConstant.MONITOR_MASTER_VIEW)) {
putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION);
return result;
}
List<Server> masterServers = getServerListFromRegistry(true);
result.put(Constants.DATA_LIST, masterServers);
putMsg(result, Status.SUCCESS);
@ -98,6 +106,12 @@ public class MonitorServiceImpl extends BaseServiceImpl implements MonitorServic
public Map<String, Object> queryWorker(User loginUser) {
Map<String, Object> result = new HashMap<>();
if (!canOperatorPermissions(loginUser, null, AuthorizationType.MONITOR, ApiFuncIdentificationConstant.MONITOR_WORKER_VIEW)) {
putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION);
return result;
}
List<WorkerServerModel> workerServers = getServerListFromRegistry(false)
.stream()
.map((Server server) -> {

11
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ProjectServiceImpl.java
Unescape View File

@ -87,17 +87,15 @@ public class ProjectServiceImpl extends BaseServiceImpl implements ProjectServic
@Override
public Map<String, Object> createProject(User loginUser, String name, String desc) {
Map<String, Object> result = new HashMap<>();
Map<String, Object> descCheck = checkDesc(desc);
if (descCheck.get(Constants.STATUS) != Status.SUCCESS) {
return descCheck;
Map<String, Object> result = checkDesc(desc);
if (result.get(Constants.STATUS) != Status.SUCCESS) {
return result;
}
if (!canOperatorPermissions(loginUser, null,AuthorizationType.PROJECTS, PROJECT_CREATE)) {
putMsg(result, Status.USER_NO_OPERATION_PERM);
return result;
}
Project project = projectMapper.queryByName(name);
if (project != null) {
putMsg(result, Status.PROJECT_ALREADY_EXISTS, name);
@ -482,7 +480,6 @@ public class ProjectServiceImpl extends BaseServiceImpl implements ProjectServic
}
/**
<<<<<<< HEAD
* check whether have read permission new
* @param user
* @param id
@ -495,8 +492,6 @@ public class ProjectServiceImpl extends BaseServiceImpl implements ProjectServic
}
/**
=======
>>>>>>> f3b76b72a ([Feature][API] Modify the permissions of project management, security center, data source center and data quality module.)
* query permission id
*
* @param user user

205
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ResourcesServiceImpl.java
Unescape View File

@ -25,6 +25,7 @@ import com.google.common.io.Files;
import org.apache.commons.beanutils.BeanMap;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.dolphinscheduler.api.constants.ApiFuncIdentificationConstant;
import org.apache.dolphinscheduler.api.dto.resources.ResourceComponent;
import org.apache.dolphinscheduler.api.dto.resources.filter.ResourceFilter;
import org.apache.dolphinscheduler.api.dto.resources.visitor.ResourceTreeVisitor;
@ -36,6 +37,7 @@ import org.apache.dolphinscheduler.api.utils.PageInfo;
import org.apache.dolphinscheduler.api.utils.RegexUtils;
import org.apache.dolphinscheduler.api.utils.Result;
import org.apache.dolphinscheduler.common.Constants;
import org.apache.dolphinscheduler.common.enums.AuthorizationType;
import org.apache.dolphinscheduler.common.enums.ProgramType;
import org.apache.dolphinscheduler.common.enums.ResUploadType;
import org.apache.dolphinscheduler.common.storage.StorageOperate;
@ -54,6 +56,7 @@ import org.apache.dolphinscheduler.dao.mapper.TenantMapper;
import org.apache.dolphinscheduler.dao.mapper.UdfFuncMapper;
import org.apache.dolphinscheduler.dao.mapper.UserMapper;
import org.apache.dolphinscheduler.dao.utils.ResourceProcessDefinitionUtils;
import org.apache.dolphinscheduler.service.permission.ResourcePermissionCheckService;
import org.apache.dolphinscheduler.spi.enums.ResourceType;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@ -66,7 +69,17 @@ import org.springframework.web.multipart.MultipartFile;
import java.io.IOException;
import java.rmi.ServerException;
import java.text.MessageFormat;
import java.util.*;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.UUID;
import java.util.regex.Matcher;
import java.util.stream.Collectors;
@ -105,6 +118,9 @@ public class ResourcesServiceImpl extends BaseServiceImpl implements ResourcesSe
@Autowired(required = false)
private StorageOperate storageOperate;
@Autowired
private ResourcePermissionCheckService resourcePermissionCheckService;
/**
* create directory
@ -125,7 +141,15 @@ public class ResourcesServiceImpl extends BaseServiceImpl implements ResourcesSe
ResourceType type,
int pid,
String currentDir) {
Result<Object> result = checkResourceUploadStartupState();
Result<Object> result = new Result<>();
String funcPermissionKey = type.equals(ResourceType.FILE) ? ApiFuncIdentificationConstant.FOLDER_ONLINE_CREATE : ApiFuncIdentificationConstant.UDF_FOLDER_ONLINE_CREATE;
boolean canOperatorPermissions = canOperatorPermissions(loginUser, null, AuthorizationType.RESOURCE_FILE_ID, funcPermissionKey);
if (!canOperatorPermissions){
putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION);
return result;
}
result = checkResourceUploadStartupState();
if (!result.getCode().equals(Status.SUCCESS.getCode())) {
return result;
}
@ -197,7 +221,14 @@ public class ResourcesServiceImpl extends BaseServiceImpl implements ResourcesSe
MultipartFile file,
int pid,
String currentDir) {
Result<Object> result = checkResourceUploadStartupState();
Result<Object> result = new Result<>();
String funcPermissionKey = type.equals(ResourceType.FILE) ? ApiFuncIdentificationConstant.FILE_ONLINE_CREATE : ApiFuncIdentificationConstant.UDF_FOLDER_ONLINE_CREATE;
boolean canOperatorPermissions = canOperatorPermissions(loginUser, null, AuthorizationType.RESOURCE_FILE_ID, funcPermissionKey);
if (!canOperatorPermissions){
putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION);
return result;
}
result = checkResourceUploadStartupState();
if (!result.getCode().equals(Status.SUCCESS.getCode())) {
return result;
}
@ -311,7 +342,14 @@ public class ResourcesServiceImpl extends BaseServiceImpl implements ResourcesSe
String desc,
ResourceType type,
MultipartFile file) {
Result<Object> result = checkResourceUploadStartupState();
Result<Object> result = new Result<>();
String funcPermissionKey = type.equals(ResourceType.FILE) ? ApiFuncIdentificationConstant.FILE_UPDATE : ApiFuncIdentificationConstant.UDF_UPDATE;
boolean canOperatorPermissions = canOperatorPermissions(loginUser, new Object[]{resourceId}, AuthorizationType.RESOURCE_FILE_ID, funcPermissionKey);
if (!canOperatorPermissions){
putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION);
return result;
}
result = checkResourceUploadStartupState();
if (!result.getCode().equals(Status.SUCCESS.getCode())) {
return result;
}
@ -577,13 +615,20 @@ public class ResourcesServiceImpl extends BaseServiceImpl implements ResourcesSe
*/
@Override
public Result queryResourceListPaging(User loginUser, int directoryId, ResourceType type, String searchVal, Integer pageNo, Integer pageSize) {
Result<Object> result = new Result<>();
String funcPermissionKey = type.equals(ResourceType.FILE) ? ApiFuncIdentificationConstant.FILE_VIEW : ApiFuncIdentificationConstant.UDF_FILE_VIEW;
boolean canOperatorPermissions = canOperatorPermissions(loginUser, null, AuthorizationType.RESOURCE_FILE_ID, funcPermissionKey);
if (!canOperatorPermissions){
putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION);
return result;
}
Result result = new Result();
Page<Resource> page = new Page<>(pageNo, pageSize);
int userId = loginUser.getId();
if (isAdmin(loginUser)) {
userId = 0;
}
if (directoryId != -1) {
Resource directory = resourcesMapper.selectById(directoryId);
if (directory == null) {
@ -592,9 +637,8 @@ public class ResourcesServiceImpl extends BaseServiceImpl implements ResourcesSe
}
}
List<Integer> resourcesIds = resourceUserMapper.queryResourcesIdListByUserIdAndPerm(userId, 0);
IPage<Resource> resourceIPage = resourcesMapper.queryResourcePaging(page, userId, directoryId, type.ordinal(), searchVal, resourcesIds);
Set<Integer> resourcesIds = resourcePermissionCheckService.userOwnedResourceIdsAcquisition(AuthorizationType.RESOURCE_FILE_ID, loginUser.getId(), logger);
IPage<Resource> resourceIPage = resourcesMapper.queryResourcePaging(page, directoryId, type.ordinal(), loginUser.getId(), searchVal, new ArrayList<>(resourcesIds));
PageInfo<Resource> pageInfo = new PageInfo<>(pageNo, pageSize);
pageInfo.setTotal((int) resourceIPage.getTotal());
@ -683,6 +727,14 @@ public class ResourcesServiceImpl extends BaseServiceImpl implements ResourcesSe
@Override
public Map<String, Object> queryResourceList(User loginUser, ResourceType type) {
Map<String, Object> result = new HashMap<>();
String funcPermissionKey = type.equals(ResourceType.FILE) ? ApiFuncIdentificationConstant.FILE_VIEW : ApiFuncIdentificationConstant.UDF_FILE_VIEW;
boolean canOperatorPermissions = canOperatorPermissions(loginUser, null, AuthorizationType.RESOURCE_FILE_ID, funcPermissionKey);
if (!canOperatorPermissions){
putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION);
return result;
}
List<Resource> allResourceList = queryAuthoredResourceList(loginUser, type);
Visitor resourceTreeVisitor = new ResourceTreeVisitor(allResourceList);
result.put(Constants.DATA_LIST, resourceTreeVisitor.visit().getChildren());
@ -699,10 +751,22 @@ public class ResourcesServiceImpl extends BaseServiceImpl implements ResourcesSe
* @return resource list
*/
@Override
public Map<String, Object> queryResourceByProgramType(User loginUser, ResourceType type, ProgramType programType) {
Map<String, Object> result = new HashMap<>();
public Result<Object> queryResourceByProgramType(User loginUser, ResourceType type, ProgramType programType) {
Result<Object> result = new Result<>();
String funcPermissionKey = type.equals(ResourceType.FILE) ? ApiFuncIdentificationConstant.FILE_VIEW : ApiFuncIdentificationConstant.UDF_FILE_VIEW;
boolean canOperatorPermissions = canOperatorPermissions(loginUser, null, AuthorizationType.RESOURCE_FILE_ID, funcPermissionKey);
if (!canOperatorPermissions){
putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION);
return result;
}
List<Resource> allResourceList = queryAuthoredResourceList(loginUser, type);
Set<Integer> resourceIds = resourcePermissionCheckService.userOwnedResourceIdsAcquisition(AuthorizationType.RESOURCE_FILE_ID, loginUser.getId(), logger);
if (resourceIds.isEmpty()){
result.setData(Collections.emptyList());
putMsg(result, Status.SUCCESS);
return result;
}
List<Resource> allResourceList = resourcesMapper.selectBatchIds(resourceIds);
String suffix = ".jar";
if (programType != null) {
@ -718,9 +782,8 @@ public class ResourcesServiceImpl extends BaseServiceImpl implements ResourcesSe
}
List<Resource> resources = new ResourceFilter(suffix, new ArrayList<>(allResourceList)).filter();
Visitor resourceTreeVisitor = new ResourceTreeVisitor(resources);
result.put(Constants.DATA_LIST, resourceTreeVisitor.visit().getChildren());
result.setData(resourceTreeVisitor.visit().getChildren());
putMsg(result, Status.SUCCESS);
return result;
}
@ -735,15 +798,22 @@ public class ResourcesServiceImpl extends BaseServiceImpl implements ResourcesSe
@Override
@Transactional(rollbackFor = Exception.class)
public Result<Object> delete(User loginUser, int resourceId) throws IOException {
Result<Object> result = checkResourceUploadStartupState();
if (!result.getCode().equals(Status.SUCCESS.getCode())) {
return result;
}
// get resource by id
Result<Object> resultCheck = new Result<>();
Resource resource = resourcesMapper.selectById(resourceId);
if (resource == null) {
putMsg(result, Status.RESOURCE_NOT_EXIST);
putMsg(resultCheck, Status.RESOURCE_NOT_EXIST);
return resultCheck;
}
String funcPermissionKey = resource.getType().equals(ResourceType.FILE) ? ApiFuncIdentificationConstant.FILE_DELETE : ApiFuncIdentificationConstant.UDF_DELETE;
boolean canOperatorPermissions = canOperatorPermissions(loginUser, new Object[]{resourceId}, AuthorizationType.RESOURCE_FILE_ID, funcPermissionKey);
if (!canOperatorPermissions){
putMsg(resultCheck, Status.NO_CURRENT_OPERATING_PERMISSION);
return resultCheck;
}
Result<Object> result = checkResourceUploadStartupState();
if (!result.getCode().equals(Status.SUCCESS.getCode())) {
return result;
}
if (!canOperator(loginUser, resource.getUserId())) {
@ -818,6 +888,12 @@ public class ResourcesServiceImpl extends BaseServiceImpl implements ResourcesSe
@Override
public Result<Object> verifyResourceName(String fullName, ResourceType type, User loginUser) {
Result<Object> result = new Result<>();
String funcPermissionKey = type.equals(ResourceType.FILE) ? ApiFuncIdentificationConstant.FILE_RENAME : ApiFuncIdentificationConstant.UDF_FILE_VIEW;
boolean canOperatorPermissions = canOperatorPermissions(loginUser, null, AuthorizationType.RESOURCE_FILE_ID, funcPermissionKey);
if (!canOperatorPermissions){
putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION);
return result;
}
putMsg(result, Status.SUCCESS);
if (checkResourceExists(fullName, type.ordinal())) {
logger.error("resource type:{} name:{} has exist, can't create again.", type, RegexUtils.escapeNRT(fullName));
@ -854,34 +930,40 @@ public class ResourcesServiceImpl extends BaseServiceImpl implements ResourcesSe
* @return true if the resource full name or pid not exists, otherwise return false
*/
@Override
public Result<Object> queryResource(String fullName, Integer id, ResourceType type) {
public Result<Object> queryResource(User loginUser, String fullName, Integer id, ResourceType type) {
Result<Object> result = new Result<>();
if (StringUtils.isBlank(fullName) && id == null) {
putMsg(result, Status.REQUEST_PARAMS_NOT_VALID_ERROR);
return result;
}
Resource resource;
if (StringUtils.isNotBlank(fullName)) {
List<Resource> resourceList = resourcesMapper.queryResource(fullName, type.ordinal());
if (CollectionUtils.isEmpty(resourceList)) {
putMsg(result, Status.RESOURCE_NOT_EXIST);
return result;
}
putMsg(result, Status.SUCCESS);
result.setData(resourceList.get(0));
resource = resourceList.get(0);
} else {
Resource resource = resourcesMapper.selectById(id);
resource = resourcesMapper.selectById(id);
if (resource == null) {
putMsg(result, Status.RESOURCE_NOT_EXIST);
return result;
}
Resource parentResource = resourcesMapper.selectById(resource.getPid());
if (parentResource == null) {
resource = resourcesMapper.selectById(resource.getPid());
if (resource == null) {
putMsg(result, Status.RESOURCE_NOT_EXIST);
return result;
}
putMsg(result, Status.SUCCESS);
result.setData(parentResource);
}
String funcPermissionKey = type.equals(ResourceType.FILE) ? ApiFuncIdentificationConstant.FILE_VIEW : ApiFuncIdentificationConstant.UDF_FILE_VIEW;
boolean canOperatorPermissions = canOperatorPermissions(loginUser, new Object[]{resource.getId()}, AuthorizationType.RESOURCE_FILE_ID, funcPermissionKey);
if (!canOperatorPermissions){
putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION);
return result;
}
putMsg(result, Status.SUCCESS);
result.setData(resource);
return result;
}
@ -891,13 +973,19 @@ public class ResourcesServiceImpl extends BaseServiceImpl implements ResourcesSe
* @return resource
*/
@Override
public Result<Object> queryResourceById(Integer id) {
public Result<Object> queryResourceById(User loginUser, Integer id) {
Result<Object> result = new Result<>();
Resource resource = resourcesMapper.selectById(id);
if (resource == null) {
putMsg(result, Status.RESOURCE_NOT_EXIST);
return result;
}
String funcPermissionKey = resource.getType().equals(ResourceType.FILE) ? ApiFuncIdentificationConstant.FILE_VIEW : ApiFuncIdentificationConstant.UDF_FILE_VIEW;
boolean canOperatorPermissions = canOperatorPermissions(loginUser, new Object[]{id}, AuthorizationType.RESOURCE_FILE_ID, funcPermissionKey);
if (!canOperatorPermissions){
putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION);
return result;
}
putMsg(result, Status.SUCCESS);
result.setData(resource);
return result;
@ -912,18 +1000,23 @@ public class ResourcesServiceImpl extends BaseServiceImpl implements ResourcesSe
* @return resource content
*/
@Override
public Result<Object> readResource(int resourceId, int skipLineNum, int limit) {
public Result<Object> readResource(User loginUser, int resourceId, int skipLineNum, int limit) {
Result<Object> result = checkResourceUploadStartupState();
if (!result.getCode().equals(Status.SUCCESS.getCode())) {
return result;
}
// get resource by id
Resource resource = resourcesMapper.selectById(resourceId);
if (resource == null) {
putMsg(result, Status.RESOURCE_NOT_EXIST);
return result;
}
String funcPermissionKey = resource.getType().equals(ResourceType.FILE) ? ApiFuncIdentificationConstant.FILE_VIEW : ApiFuncIdentificationConstant.UDF_FILE_VIEW;
boolean canOperatorPermissions = canOperatorPermissions(loginUser, new Object[]{resourceId}, AuthorizationType.RESOURCE_FILE_ID, funcPermissionKey);
if (!canOperatorPermissions){
putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION);
return result;
}
//check preview or not by file suffix
String nameSuffix = Files.getFileExtension(resource.getAlias());
String resourceViewSuffixes = FileUtils.getResourceViewSuffixes();
@ -982,7 +1075,14 @@ public class ResourcesServiceImpl extends BaseServiceImpl implements ResourcesSe
@Override
@Transactional(rollbackFor = Exception.class)
public Result<Object> onlineCreateResource(User loginUser, ResourceType type, String fileName, String fileSuffix, String desc, String content, int pid, String currentDir) {
Result<Object> result = checkResourceUploadStartupState();
Result<Object> result = new Result<>();
boolean canOperatorPermissions = canOperatorPermissions(loginUser, null, AuthorizationType.RESOURCE_FILE_ID, ApiFuncIdentificationConstant.FILE_ONLINE_CREATE);
if (!canOperatorPermissions){
putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION);
return result;
}
result = checkResourceUploadStartupState();
if (!result.getCode().equals(Status.SUCCESS.getCode())) {
return result;
}
@ -1028,7 +1128,7 @@ public class ResourcesServiceImpl extends BaseServiceImpl implements ResourcesSe
String tenantCode = tenantMapper.queryById(loginUser.getTenantId()).getTenantCode();
result = uploadContentToStorage(fullName, tenantCode, content);
result = uploadContentToStorage(loginUser, fullName, tenantCode, content);
if (!result.getCode().equals(Status.SUCCESS.getCode())) {
throw new ServiceException(result.getMsg());
}
@ -1081,7 +1181,7 @@ public class ResourcesServiceImpl extends BaseServiceImpl implements ResourcesSe
*/
@Override
@Transactional(rollbackFor = Exception.class)
public Result<Object> updateResourceContent(int resourceId, String content) {
public Result<Object> updateResourceContent(User loginUser, int resourceId, String content) {
Result<Object> result = checkResourceUploadStartupState();
if (!result.getCode().equals(Status.SUCCESS.getCode())) {
return result;
@ -1093,6 +1193,12 @@ public class ResourcesServiceImpl extends BaseServiceImpl implements ResourcesSe
putMsg(result, Status.RESOURCE_NOT_EXIST);
return result;
}
String funcPermissionKey = resource.getType().equals(ResourceType.FILE) ? ApiFuncIdentificationConstant.FILE_UPDATE : ApiFuncIdentificationConstant.UDF_UPDATE;
boolean canOperatorPermissions = canOperatorPermissions(loginUser, new Object[]{resourceId}, AuthorizationType.RESOURCE_FILE_ID, funcPermissionKey);
if (!canOperatorPermissions){
putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION);
return result;
}
//check can edit by file suffix
String nameSuffix = Files.getFileExtension(resource.getAlias());
String resourceViewSuffixes = FileUtils.getResourceViewSuffixes();
@ -1114,7 +1220,7 @@ public class ResourcesServiceImpl extends BaseServiceImpl implements ResourcesSe
resource.setUpdateTime(new Date());
resourcesMapper.updateById(resource);
result = uploadContentToStorage(resource.getFullName(), tenantCode, content);
result = uploadContentToStorage(loginUser, resource.getFullName(), tenantCode, content);
updateParentResourceSize(resource, resource.getSize() - originFileSize);
if (!result.getCode().equals(Status.SUCCESS.getCode())) {
@ -1129,7 +1235,7 @@ public class ResourcesServiceImpl extends BaseServiceImpl implements ResourcesSe
* @param content content
* @return result
*/
private Result<Object> uploadContentToStorage(String resourceName, String tenantCode, String content) {
private Result<Object> uploadContentToStorage(User loginUser,String resourceName, String tenantCode, String content) {
Result<Object> result = new Result<>();
String localFilename = "";
String storageFileName = "";
@ -1176,7 +1282,7 @@ public class ResourcesServiceImpl extends BaseServiceImpl implements ResourcesSe
* @throws IOException exception
*/
@Override
public org.springframework.core.io.Resource downloadResource(int resourceId) throws IOException {
public org.springframework.core.io.Resource downloadResource(User loginUser, int resourceId) throws IOException {
// if resource upload startup
if (!PropertyUtils.getResUploadStartupState()) {
logger.error("resource upload startup state: {}", PropertyUtils.getResUploadStartupState());
@ -1188,6 +1294,13 @@ public class ResourcesServiceImpl extends BaseServiceImpl implements ResourcesSe
logger.error("download file not exist, resource id {}", resourceId);
return null;
}
String funcPermissionKey = resource.getType().equals(ResourceType.FILE) ? ApiFuncIdentificationConstant.FILE_DOWNLOAD : ApiFuncIdentificationConstant.UDF_DOWNLOAD;
boolean canOperatorPermissions = canOperatorPermissions(loginUser, new Object[]{resourceId}, AuthorizationType.RESOURCE_FILE_ID, funcPermissionKey);
if (!canOperatorPermissions){
logger.error("{}: {}", Status.NO_CURRENT_OPERATING_PERMISSION.getMsg(), PropertyUtils.getResUploadStartupState());
throw new ServiceException(Status.NO_CURRENT_OPERATING_PERMISSION.getMsg());
}
if (resource.isDirectory()) {
logger.error("resource id {} is directory,can't download it", resourceId);
throw new ServiceException("can't download directory");
@ -1234,6 +1347,10 @@ public class ResourcesServiceImpl extends BaseServiceImpl implements ResourcesSe
@Override
public Map<String, Object> authorizeResourceTree(User loginUser, Integer userId) {
Map<String, Object> result = new HashMap<>();
if (!resourcePermissionCheckService.functionDisabled()){
putMsg(result, Status.FUNCTION_DISABLED);
return result;
}
List<Resource> resourceList;
if (isAdmin(loginUser)) {
@ -1300,7 +1417,11 @@ public class ResourcesServiceImpl extends BaseServiceImpl implements ResourcesSe
@Override
public Map<String, Object> unauthorizedUDFFunction(User loginUser, Integer userId) {
Map<String, Object> result = new HashMap<>();
if (!resourcePermissionCheckService.functionDisabled()){
putMsg(result, Status.FUNCTION_DISABLED);
return result;
}
List<UdfFunc> udfFuncList;
if (isAdmin(loginUser)) {
// admin gets all udfs except userId
@ -1334,7 +1455,10 @@ public class ResourcesServiceImpl extends BaseServiceImpl implements ResourcesSe
@Override
public Map<String, Object> authorizedUDFFunction(User loginUser, Integer userId) {
Map<String, Object> result = new HashMap<>();
if (!resourcePermissionCheckService.functionDisabled()){
putMsg(result, Status.FUNCTION_DISABLED);
return result;
}
List<UdfFunc> udfFuncs = udfFunctionMapper.queryAuthedUdfFunc(userId);
result.put(Constants.DATA_LIST, udfFuncs);
putMsg(result, Status.SUCCESS);
@ -1351,6 +1475,10 @@ public class ResourcesServiceImpl extends BaseServiceImpl implements ResourcesSe
@Override
public Map<String, Object> authorizedFile(User loginUser, Integer userId) {
Map<String, Object> result = new HashMap<>();
if (!resourcePermissionCheckService.functionDisabled()){
putMsg(result, Status.FUNCTION_DISABLED);
return result;
}
List<Resource> authedResources = queryResourceList(userId, Constants.AUTHORIZE_WRITABLE_PERM);
Visitor visitor = new ResourceTreeVisitor(authedResources);
@ -1472,5 +1600,4 @@ public class ResourcesServiceImpl extends BaseServiceImpl implements ResourcesSe
List<Integer> resIds = resourceUserMapper.queryResourcesIdListByUserIdAndPerm(userId, perm);
return CollectionUtils.isEmpty(resIds) ? new ArrayList<>() : resourcesMapper.queryResourceListById(resIds);
}
}

8
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/TaskGroupQueueServiceImpl.java
Unescape View File

@ -17,11 +17,13 @@
package org.apache.dolphinscheduler.api.service.impl;
import org.apache.dolphinscheduler.api.constants.ApiFuncIdentificationConstant;
import org.apache.dolphinscheduler.api.enums.Status;
import org.apache.dolphinscheduler.api.service.ProjectService;
import org.apache.dolphinscheduler.api.service.TaskGroupQueueService;
import org.apache.dolphinscheduler.api.utils.PageInfo;
import org.apache.dolphinscheduler.common.Constants;
import org.apache.dolphinscheduler.common.enums.AuthorizationType;
import org.apache.dolphinscheduler.dao.entity.Project;
import org.apache.dolphinscheduler.dao.entity.TaskGroupQueue;
import org.apache.dolphinscheduler.dao.entity.User;
@ -31,6 +33,7 @@ import org.apache.dolphinscheduler.dao.mapper.TaskInstanceMapper;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@ -70,6 +73,11 @@ public class TaskGroupQueueServiceImpl extends BaseServiceImpl implements TaskGr
public Map<String, Object> queryTasksByGroupId(User loginUser, String taskName
, String processName, Integer status, int groupId, int pageNo, int pageSize) {
Map<String, Object> result = new HashMap<>();
boolean canOperatorPermissions = canOperatorPermissions(loginUser, null, AuthorizationType.TASK_GROUP, ApiFuncIdentificationConstant.TASK_GROUP_QUEUE);
if (!canOperatorPermissions){
result.put(Constants.STATUS, Status.NO_CURRENT_OPERATING_PERMISSION);
return result;
}
Page<TaskGroupQueue> page = new Page<>(pageNo, pageSize);
Map<String, Object> objectMap = this.projectService.queryAuthorizedProject(loginUser, loginUser.getId());
List<Project> projects = (List<Project>)objectMap.get(Constants.DATA_LIST);

47
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/TaskGroupServiceImpl.java
Unescape View File

@ -17,12 +17,14 @@
package org.apache.dolphinscheduler.api.service.impl;
import org.apache.dolphinscheduler.api.constants.ApiFuncIdentificationConstant;
import org.apache.dolphinscheduler.api.enums.Status;
import org.apache.dolphinscheduler.api.service.ExecutorService;
import org.apache.dolphinscheduler.api.service.TaskGroupQueueService;
import org.apache.dolphinscheduler.api.service.TaskGroupService;
import org.apache.dolphinscheduler.api.utils.PageInfo;
import org.apache.dolphinscheduler.common.Constants;
import org.apache.dolphinscheduler.common.enums.AuthorizationType;
import org.apache.dolphinscheduler.common.enums.Flag;
import org.apache.dolphinscheduler.dao.entity.TaskGroup;
import org.apache.dolphinscheduler.dao.entity.User;
@ -77,6 +79,12 @@ public class TaskGroupServiceImpl extends BaseServiceImpl implements TaskGroupSe
@Override
public Map<String, Object> createTaskGroup(User loginUser, Long projectCode, String name, String description, int groupSize) {
Map<String, Object> result = new HashMap<>();
boolean canOperatorPermissions = canOperatorPermissions(loginUser, null, AuthorizationType.TASK_GROUP, ApiFuncIdentificationConstant.TASK_GROUP_CREATE);
if (!canOperatorPermissions){
putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION);
return result;
}
if (name == null) {
putMsg(result, Status.NAME_NULL);
return result;
@ -117,6 +125,11 @@ public class TaskGroupServiceImpl extends BaseServiceImpl implements TaskGroupSe
@Override
public Map<String, Object> updateTaskGroup(User loginUser, int id, String name, String description, int groupSize) {
Map<String, Object> result = new HashMap<>();
boolean canOperatorPermissions = canOperatorPermissions(loginUser, null, AuthorizationType.TASK_GROUP, ApiFuncIdentificationConstant.TASK_GROUP_EDIT);
if (!canOperatorPermissions){
putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION);
return result;
}
if (name == null) {
putMsg(result, Status.NAME_NULL);
return result;
@ -202,6 +215,12 @@ public class TaskGroupServiceImpl extends BaseServiceImpl implements TaskGroupSe
public Map<String, Object> queryTaskGroupByProjectCode(User loginUser, int pageNo, int pageSize, Long projectCode) {
Map<String, Object> result = new HashMap<>();
Page<TaskGroup> page = new Page<>(pageNo, pageSize);
boolean canOperatorPermissions = canOperatorPermissions(loginUser, null, AuthorizationType.TASK_GROUP, ApiFuncIdentificationConstant.TASK_GROUP_VIEW);
if (!canOperatorPermissions){
putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION);
return result;
}
IPage<TaskGroup> taskGroupPaging = taskGroupMapper.queryTaskGroupPagingByProjectCode(page, projectCode);
return getStringObjectMap(pageNo, pageSize, result, taskGroupPaging);
@ -249,6 +268,12 @@ public class TaskGroupServiceImpl extends BaseServiceImpl implements TaskGroupSe
public Map<String, Object> doQuery(User loginUser, int pageNo, int pageSize, int userId, String name, Integer status) {
Map<String, Object> result = new HashMap<>();
Page<TaskGroup> page = new Page<>(pageNo, pageSize);
boolean canOperatorPermissions = canOperatorPermissions(loginUser, null, AuthorizationType.TASK_GROUP, ApiFuncIdentificationConstant.TASK_GROUP_VIEW);
if (!canOperatorPermissions){
putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION);
return result;
}
IPage<TaskGroup> taskGroupPaging = taskGroupMapper.queryTaskGroupPaging(page, userId, name, status);
return getStringObjectMap(pageNo, pageSize, result, taskGroupPaging);
@ -264,6 +289,12 @@ public class TaskGroupServiceImpl extends BaseServiceImpl implements TaskGroupSe
@Override
public Map<String, Object> closeTaskGroup(User loginUser, int id) {
Map<String, Object> result = new HashMap<>();
boolean canOperatorPermissions = canOperatorPermissions(loginUser, null, AuthorizationType.TASK_GROUP, ApiFuncIdentificationConstant.TASK_GROUP_CLOSE);
if (!canOperatorPermissions){
putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION);
return result;
}
TaskGroup taskGroup = taskGroupMapper.selectById(id);
if (taskGroup.getStatus() == Flag.NO.getCode()) {
putMsg(result, Status.TASK_GROUP_STATUS_CLOSED);
@ -286,6 +317,11 @@ public class TaskGroupServiceImpl extends BaseServiceImpl implements TaskGroupSe
public Map<String, Object> startTaskGroup(User loginUser, int id) {
Map<String, Object> result = new HashMap<>();
boolean canOperatorPermissions = canOperatorPermissions(loginUser, null, AuthorizationType.TASK_GROUP, ApiFuncIdentificationConstant.TASK_GROUP_CLOSE);
if (!canOperatorPermissions){
putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION);
return result;
}
TaskGroup taskGroup = taskGroupMapper.selectById(id);
if (taskGroup.getStatus() == Flag.YES.getCode()) {
putMsg(result, Status.TASK_GROUP_STATUS_OPENED);
@ -307,6 +343,12 @@ public class TaskGroupServiceImpl extends BaseServiceImpl implements TaskGroupSe
*/
@Override
public Map<String, Object> forceStartTask(User loginUser, int queueId) {
Map<String, Object> result = new HashMap<>();
boolean canOperatorPermissions = canOperatorPermissions(loginUser, null, AuthorizationType.TASK_GROUP, ApiFuncIdentificationConstant.TASK_GROUP_QUEUE_START);
if (!canOperatorPermissions){
putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION);
return result;
}
return executorService.forceStartTaskInstance(loginUser, queueId);
}
@ -314,6 +356,11 @@ public class TaskGroupServiceImpl extends BaseServiceImpl implements TaskGroupSe
public Map<String, Object> modifyPriority(User loginUser, Integer queueId, Integer priority) {
Map<String, Object> result = new HashMap<>();
boolean canOperatorPermissions = canOperatorPermissions(loginUser, null, AuthorizationType.TASK_GROUP, ApiFuncIdentificationConstant.TASK_GROUP_QUEUE_PRIORITY);
if (!canOperatorPermissions){
putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION);
return result;
}
taskGroupQueueService.modifyPriority(queueId, priority);
putMsg(result, Status.SUCCESS);
return result;

106
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UdfFuncServiceImpl.java
Unescape View File

@ -17,11 +17,12 @@
package org.apache.dolphinscheduler.api.service.impl;
import org.apache.dolphinscheduler.api.constants.ApiFuncIdentificationConstant;
import org.apache.dolphinscheduler.api.enums.Status;
import org.apache.dolphinscheduler.api.service.UdfFuncService;
import org.apache.dolphinscheduler.api.utils.PageInfo;
import org.apache.dolphinscheduler.api.utils.Result;
import org.apache.dolphinscheduler.common.Constants;
import org.apache.dolphinscheduler.common.enums.AuthorizationType;
import org.apache.dolphinscheduler.common.enums.UdfType;
import org.apache.dolphinscheduler.common.utils.PropertyUtils;
import org.apache.dolphinscheduler.dao.entity.Resource;
@ -33,10 +34,11 @@ import org.apache.dolphinscheduler.dao.mapper.UdfFuncMapper;
import org.apache.commons.lang.StringUtils;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@ -88,6 +90,11 @@ public class UdfFuncServiceImpl extends BaseServiceImpl implements UdfFuncServic
int resourceId) {
Result<Object> result = new Result<>();
boolean canOperatorPermissions = canOperatorPermissions(loginUser, null, AuthorizationType.UDF, ApiFuncIdentificationConstant.UDF_FUNCTION_CREATE);
if (!canOperatorPermissions){
putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION);
return result;
}
// if resource upload startup
if (!PropertyUtils.getResUploadStartupState()) {
logger.error("resource upload startup state: {}", PropertyUtils.getResUploadStartupState());
@ -150,14 +157,19 @@ public class UdfFuncServiceImpl extends BaseServiceImpl implements UdfFuncServic
* @return udf function detail
*/
@Override
public Map<String, Object> queryUdfFuncDetail(int id) {
Map<String, Object> result = new HashMap<>();
public Result<Object> queryUdfFuncDetail(User loginUser, int id) {
Result<Object> result = new Result<>();
boolean canOperatorPermissions = canOperatorPermissions(loginUser, new Object[]{id}, AuthorizationType.UDF, ApiFuncIdentificationConstant.UDF_FUNCTION_VIEW);
if (!canOperatorPermissions){
putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION);
return result;
}
UdfFunc udfFunc = udfFuncMapper.selectById(id);
if (udfFunc == null) {
putMsg(result, Status.RESOURCE_NOT_EXIST);
return result;
}
result.put(Constants.DATA_LIST, udfFunc);
result.setData(udfFunc);
putMsg(result, Status.SUCCESS);
return result;
}
@ -176,7 +188,8 @@ public class UdfFuncServiceImpl extends BaseServiceImpl implements UdfFuncServic
* @return update result code
*/
@Override
public Map<String, Object> updateUdfFunc(int udfFuncId,
public Result<Object> updateUdfFunc(User loginUser,
int udfFuncId,
String funcName,
String className,
String argTypes,
@ -184,13 +197,20 @@ public class UdfFuncServiceImpl extends BaseServiceImpl implements UdfFuncServic
String desc,
UdfType type,
int resourceId) {
Map<String, Object> result = new HashMap<>();
Result<Object> result = new Result<>();
boolean canOperatorPermissions = canOperatorPermissions(loginUser, new Object[]{resourceId}, AuthorizationType.UDF, ApiFuncIdentificationConstant.UDF_FUNCTION_UPDATE);
if (!canOperatorPermissions){
putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION);
return result;
}
// verify udfFunc is exist
UdfFunc udf = udfFuncMapper.selectUdfById(udfFuncId);
if (udf == null) {
result.put(Constants.STATUS, Status.UDF_FUNCTION_NOT_EXIST);
result.put(Constants.MSG, Status.UDF_FUNCTION_NOT_EXIST.getMsg());
result.setCode(Status.UDF_FUNCTION_NOT_EXIST.getCode());
result.setMsg(Status.UDF_FUNCTION_NOT_EXIST.getMsg());
return result;
}
@ -205,8 +225,8 @@ public class UdfFuncServiceImpl extends BaseServiceImpl implements UdfFuncServic
if (!funcName.equals(udf.getFuncName())) {
if (checkUdfFuncNameExists(funcName)) {
logger.error("UdfFuncRequest {} has exist, can't create again.", funcName);
result.put(Constants.STATUS, Status.UDF_FUNCTION_EXISTS);
result.put(Constants.MSG, Status.UDF_FUNCTION_EXISTS.getMsg());
result.setCode(Status.UDF_FUNCTION_EXISTS.getCode());
result.setMsg(Status.UDF_FUNCTION_EXISTS.getMsg());
return result;
}
}
@ -214,8 +234,8 @@ public class UdfFuncServiceImpl extends BaseServiceImpl implements UdfFuncServic
Resource resource = resourceMapper.selectById(resourceId);
if (resource == null) {
logger.error("resourceId {} is not exist", resourceId);
result.put(Constants.STATUS, Status.RESOURCE_NOT_EXIST);
result.put(Constants.MSG, Status.RESOURCE_NOT_EXIST.getMsg());
result.setCode(Status.RESOURCE_NOT_EXIST.getCode());
result.setMsg(Status.RESOURCE_NOT_EXIST.getMsg());
return result;
}
Date now = new Date();
@ -247,8 +267,13 @@ public class UdfFuncServiceImpl extends BaseServiceImpl implements UdfFuncServic
* @return udf function list page
*/
@Override
public Result queryUdfFuncListPaging(User loginUser, String searchVal, Integer pageNo, Integer pageSize) {
Result result = new Result();
public Result<Object> queryUdfFuncListPaging(User loginUser, String searchVal, Integer pageNo, Integer pageSize) {
Result<Object> result = new Result();
boolean canOperatorPermissions = canOperatorPermissions(loginUser, null, AuthorizationType.UDF, ApiFuncIdentificationConstant.UDF_FUNCTION_VIEW);
if (!canOperatorPermissions){
putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION);
return result;
}
PageInfo<UdfFunc> pageInfo = new PageInfo<>(pageNo, pageSize);
IPage<UdfFunc> udfFuncList = getUdfFuncsPage(loginUser, searchVal, pageSize, pageNo);
pageInfo.setTotal((int)udfFuncList.getTotal());
@ -268,12 +293,12 @@ public class UdfFuncServiceImpl extends BaseServiceImpl implements UdfFuncServic
* @return udf function list page
*/
private IPage<UdfFunc> getUdfFuncsPage(User loginUser, String searchVal, Integer pageSize, int pageNo) {
int userId = loginUser.getId();
if (isAdmin(loginUser)) {
userId = 0;
}
Set<Integer> udfFuncIds = resourcePermissionCheckService.userOwnedResourceIdsAcquisition(AuthorizationType.UDF, loginUser.getId(), logger);
Page<UdfFunc> page = new Page<>(pageNo, pageSize);
return udfFuncMapper.queryUdfFuncPaging(page, userId, searchVal);
if (udfFuncIds.isEmpty()) {
return page;
}
return udfFuncMapper.queryUdfFuncPaging(page, new ArrayList<>(udfFuncIds), searchVal);
}
/**
@ -284,15 +309,23 @@ public class UdfFuncServiceImpl extends BaseServiceImpl implements UdfFuncServic
* @return udf func list
*/
@Override
public Map<String, Object> queryUdfFuncList(User loginUser, Integer type) {
Map<String, Object> result = new HashMap<>();
int userId = loginUser.getId();
if (isAdmin(loginUser)) {
userId = 0;
public Result<Object> queryUdfFuncList(User loginUser, Integer type) {
Result<Object> result = new Result<>();
boolean canOperatorPermissions = canOperatorPermissions(loginUser, null, AuthorizationType.UDF, ApiFuncIdentificationConstant.UDF_FUNCTION_VIEW);
if (!canOperatorPermissions){
putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION);
return result;
}
List<UdfFunc> udfFuncList = udfFuncMapper.getUdfFuncByType(userId, type);
Set<Integer> udfFuncIds = resourcePermissionCheckService.userOwnedResourceIdsAcquisition(AuthorizationType.UDF, loginUser.getId(), logger);
if (udfFuncIds.isEmpty()){
result.setData(Collections.emptyList());
putMsg(result, Status.SUCCESS);
return result;
}
List<UdfFunc> udfFuncList = udfFuncMapper.getUdfFuncByType(new ArrayList<>(udfFuncIds), type);
result.put(Constants.DATA_LIST, udfFuncList);
result.setData(udfFuncList);
putMsg(result, Status.SUCCESS);
return result;
}
@ -305,8 +338,14 @@ public class UdfFuncServiceImpl extends BaseServiceImpl implements UdfFuncServic
*/
@Override
@Transactional(rollbackFor = RuntimeException.class)
public Result<Object> delete(int id) {
public Result<Object> delete(User loginUser, int id) {
Result<Object> result = new Result<>();
boolean canOperatorPermissions = canOperatorPermissions(loginUser, new Object[]{id}, AuthorizationType.UDF, ApiFuncIdentificationConstant.UDF_FUNCTION_DELETE);
if (!canOperatorPermissions){
putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION);
return result;
}
udfFuncMapper.deleteById(id);
udfUserMapper.deleteByUdfFuncId(id);
putMsg(result, Status.SUCCESS);
@ -320,8 +359,14 @@ public class UdfFuncServiceImpl extends BaseServiceImpl implements UdfFuncServic
* @return true if the name can user, otherwise return false
*/
@Override
public Result<Object> verifyUdfFuncByName(String name) {
public Result<Object> verifyUdfFuncByName(User loginUser, String name) {
Result<Object> result = new Result<>();
boolean canOperatorPermissions = canOperatorPermissions(loginUser, null, AuthorizationType.UDF, ApiFuncIdentificationConstant.UDF_FUNCTION_VIEW);
if (!canOperatorPermissions){
putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION);
return result;
}
if (checkUdfFuncNameExists(name)) {
putMsg(result, Status.UDF_FUNCTION_EXISTS);
} else {
@ -329,5 +374,4 @@ public class UdfFuncServiceImpl extends BaseServiceImpl implements UdfFuncServic
}
return result;
}
}

50
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UsersServiceImpl.java
Unescape View File

@ -29,7 +29,6 @@ import org.apache.dolphinscheduler.api.utils.CheckUtils;
import org.apache.dolphinscheduler.api.utils.PageInfo;
import org.apache.dolphinscheduler.api.utils.Result;
import org.apache.dolphinscheduler.common.Constants;
import org.apache.dolphinscheduler.common.enums.AuthorizationType;
import org.apache.dolphinscheduler.common.enums.Flag;
import org.apache.dolphinscheduler.common.enums.UserType;
import org.apache.dolphinscheduler.common.storage.StorageOperate;
@ -78,8 +77,6 @@ import java.util.TimeZone;
import java.util.Arrays;
import java.util.stream.Collectors;
import static org.apache.dolphinscheduler.api.constants.ApiFuncIdentificationConstant.*;
/**
* users service impl
*/
@ -157,18 +154,18 @@ public class UsersServiceImpl extends BaseServiceImpl implements UsersService {
//check all user params
String msg = this.checkUserParams(userName, userPassword, email, phone);
if(resourcePermissionCheckService.functionDisabled()){
putMsg(result, Status.FUNCTION_DISABLED, msg);
return result;
}
if (!StringUtils.isEmpty(msg)) {
putMsg(result, Status.REQUEST_PARAMS_NOT_VALID_ERROR, msg);
if (!isAdmin(loginUser)) {
putMsg(result, Status.USER_NO_OPERATION_PERM);
return result;
}
if (!canOperatorPermissions(loginUser,null, AuthorizationType.USER,USERS_CREATE)) {
putMsg(result, Status.USER_NO_OPERATION_PERM);
if (!StringUtils.isEmpty(msg)) {
putMsg(result, Status.REQUEST_PARAMS_NOT_VALID_ERROR, msg);
return result;
}
@ -334,15 +331,14 @@ public class UsersServiceImpl extends BaseServiceImpl implements UsersService {
@Override
public Result<Object> queryUserList(User loginUser, String searchVal, Integer pageNo, Integer pageSize) {
Result<Object> result = new Result<>();
if (!canOperatorPermissions(loginUser,null,AuthorizationType.USER,USER_MANAGER)) {
putMsg(result, Status.USER_NO_OPERATION_PERM);
return result;
}
if(resourcePermissionCheckService.functionDisabled()){
putMsg(result, Status.FUNCTION_DISABLED);
return result;
}
if (!isAdmin(loginUser)) {
putMsg(result, Status.USER_NO_OPERATION_PERM);
return result;
}
Page<User> page = new Page<>(pageNo, pageSize);
@ -389,8 +385,7 @@ public class UsersServiceImpl extends BaseServiceImpl implements UsersService {
putMsg(result, Status.FUNCTION_DISABLED);
return result;
}
if (check(result, !canOperatorPermissions(loginUser,null,AuthorizationType.USER,USER_UPDATE), Status.USER_NO_OPERATION_PERM)) {
if (check(result, !canOperator(loginUser, userId), Status.USER_NO_OPERATION_PERM)) {
return result;
}
User user = userMapper.selectById(userId);
@ -527,14 +522,12 @@ public class UsersServiceImpl extends BaseServiceImpl implements UsersService {
@Transactional(rollbackFor = RuntimeException.class)
public Map<String, Object> deleteUserById(User loginUser, int id) throws IOException {
Map<String, Object> result = new HashMap<>();
if(resourcePermissionCheckService.functionDisabled()){
putMsg(result, Status.FUNCTION_DISABLED);
return result;
}
//only admin can operate
if (!canOperatorPermissions(loginUser,null,AuthorizationType.USER,USER_DELETE)) {
if (!isAdmin(loginUser)) {
putMsg(result, Status.USER_NO_OPERATION_PERM, id);
return result;
}
@ -582,7 +575,6 @@ public class UsersServiceImpl extends BaseServiceImpl implements UsersService {
putMsg(result, Status.FUNCTION_DISABLED);
return result;
}
//check exist
User tempUser = userMapper.selectById(userId);
if (tempUser == null) {
@ -643,7 +635,7 @@ public class UsersServiceImpl extends BaseServiceImpl implements UsersService {
}
// 3. only project owner can operate
if (!this.canOperatorPermissions(loginUser,new Object[]{project.getId()},AuthorizationType.USER,null)) {
if (!this.canOperator(loginUser, project.getUserId())) {
this.putMsg(result, Status.USER_NO_OPERATION_PERM);
return result;
}
@ -683,7 +675,7 @@ public class UsersServiceImpl extends BaseServiceImpl implements UsersService {
return result;
}
// 1. only admin can operate
if (this.check(result, !this.canOperatorPermissions(loginUser,null,AuthorizationType.USER,null), Status.USER_NO_OPERATION_PERM)) {
if (this.check(result, !this.isAdmin(loginUser), Status.USER_NO_OPERATION_PERM)) {
return result;
}
@ -871,7 +863,7 @@ public class UsersServiceImpl extends BaseServiceImpl implements UsersService {
return result;
}
//only admin can operate
if (check(result, !canOperatorPermissions(loginUser,null,AuthorizationType.USER, null), Status.USER_NO_OPERATION_PERM)) {
if (this.check(result, !this.isAdmin(loginUser), Status.USER_NO_OPERATION_PERM)) {
return result;
}
@ -968,7 +960,7 @@ public class UsersServiceImpl extends BaseServiceImpl implements UsersService {
return result;
}
User user = null;
if (canOperatorPermissions(loginUser,null,AuthorizationType.USER,USER_MANAGER)) {
if (loginUser.getUserType() == UserType.ADMIN_USER) {
user = loginUser;
} else {
user = userMapper.queryDetailsById(loginUser.getId());
@ -1011,7 +1003,7 @@ public class UsersServiceImpl extends BaseServiceImpl implements UsersService {
return result;
}
//only admin can operate
if (check(result, !canOperatorPermissions(loginUser,null,AuthorizationType.USER,USER_MANAGER), Status.USER_NO_OPERATION_PERM)) {
if (check(result, !isAdmin(loginUser), Status.USER_NO_OPERATION_PERM)) {
return result;
}
@ -1036,7 +1028,7 @@ public class UsersServiceImpl extends BaseServiceImpl implements UsersService {
return result;
}
//only admin can operate
if (check(result, !canOperatorPermissions(loginUser,null,AuthorizationType.USER,USER_MANAGER), Status.USER_NO_OPERATION_PERM)) {
if (check(result, !isAdmin(loginUser), Status.USER_NO_OPERATION_PERM)) {
return result;
}
@ -1083,7 +1075,7 @@ public class UsersServiceImpl extends BaseServiceImpl implements UsersService {
return result;
}
//only admin can operate
if (check(result, !canOperatorPermissions(loginUser,null,AuthorizationType.USER,null), Status.USER_NO_OPERATION_PERM)) {
if (check(result, !isAdmin(loginUser), Status.USER_NO_OPERATION_PERM)) {
return result;
}
@ -1123,7 +1115,7 @@ public class UsersServiceImpl extends BaseServiceImpl implements UsersService {
return result;
}
//only admin can operate
if (check(result, !canOperatorPermissions(loginUser,null,AuthorizationType.USER,null), Status.USER_NO_OPERATION_PERM)) {
if (check(result, !isAdmin(loginUser), Status.USER_NO_OPERATION_PERM)) {
return result;
}
List<User> userList = userMapper.queryUserListByAlertGroupId(alertGroupId);
@ -1259,7 +1251,7 @@ public class UsersServiceImpl extends BaseServiceImpl implements UsersService {
putMsg(result, Status.FUNCTION_DISABLED);
return result;
}
if (!canOperatorPermissions(loginUser,null,AuthorizationType.USER,null)) {
if (!isAdmin(loginUser)) {
putMsg(result, Status.USER_NO_OPERATION_PERM);
return result;
}
@ -1307,7 +1299,7 @@ public class UsersServiceImpl extends BaseServiceImpl implements UsersService {
putMsg(result, Status.FUNCTION_DISABLED);
return result;
}
if (!canOperatorPermissions(loginUser,null,AuthorizationType.USER,null)) {
if (!isAdmin(loginUser)) {
putMsg(result, Status.USER_NO_OPERATION_PERM);
return result;
}

10
dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/controller/AbstractControllerTest.java
Unescape View File

@ -22,6 +22,7 @@ import org.apache.dolphinscheduler.api.controller.AbstractControllerTest.Registr
import org.apache.dolphinscheduler.api.enums.Status;
import org.apache.dolphinscheduler.api.service.SessionService;
import org.apache.dolphinscheduler.api.service.UsersService;
import org.apache.dolphinscheduler.api.utils.Result;
import org.apache.dolphinscheduler.common.Constants;
import org.apache.dolphinscheduler.dao.DaoConfiguration;
import org.apache.dolphinscheduler.dao.entity.User;
@ -107,6 +108,15 @@ public abstract class AbstractControllerTest {
}
}
public void putMsg(Result<Object> result, Status status, Object... statusParams) {
result.setCode(status.getCode());
if (statusParams != null && statusParams.length > 0) {
result.setMsg(MessageFormat.format(status.getMsg(), statusParams));
} else {
result.setMsg(status.getMsg());
}
}
@Configuration
public static class RegistryServer {
@PostConstruct

26
dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/controller/ResourcesControllerTest.java
Unescape View File

@ -135,7 +135,7 @@ public class ResourcesControllerTest extends AbstractControllerTest {
public void testViewResource() throws Exception {
Result mockResult = new Result<>();
mockResult.setCode(Status.HDFS_NOT_STARTUP.getCode());
PowerMockito.when(resourcesService.readResource(Mockito.anyInt(), Mockito.anyInt(), Mockito.anyInt())).thenReturn(mockResult);
PowerMockito.when(resourcesService.readResource(Mockito.any(), Mockito.anyInt(), Mockito.anyInt(), Mockito.anyInt())).thenReturn(mockResult);
MultiValueMap<String, String> paramsMap = new LinkedMultiValueMap<>();
paramsMap.add("skipLineNum", "2");
@ -188,7 +188,7 @@ public class ResourcesControllerTest extends AbstractControllerTest {
public void testUpdateResourceContent() throws Exception {
Result mockResult = new Result<>();
mockResult.setCode(Status.TENANT_NOT_EXIST.getCode());
PowerMockito.when(resourcesService.updateResourceContent(Mockito.anyInt(), Mockito.anyString())).thenReturn(mockResult);
PowerMockito.when(resourcesService.updateResourceContent(Mockito.any(), Mockito.anyInt(), Mockito.anyString())).thenReturn(mockResult);
MultiValueMap<String, String> paramsMap = new LinkedMultiValueMap<>();
paramsMap.add("id", "1");
@ -210,7 +210,7 @@ public class ResourcesControllerTest extends AbstractControllerTest {
@Test
public void testDownloadResource() throws Exception {
PowerMockito.when(resourcesService.downloadResource(Mockito.anyInt())).thenReturn(null);
PowerMockito.when(resourcesService.downloadResource(Mockito.any(), Mockito.anyInt())).thenReturn(null);
MvcResult mvcResult = mockMvc.perform(get("/resources/{id}/download", 5)
.header(SESSION_ID, sessionId))
@ -252,10 +252,10 @@ public class ResourcesControllerTest extends AbstractControllerTest {
@Test
public void testViewUIUdfFunction() throws Exception {
Map<String, Object> mockResult = new HashMap<>();
mockResult.put(Constants.STATUS, Status.TENANT_NOT_EXIST);
Result<Object> mockResult = new Result<>();
putMsg(mockResult, Status.TENANT_NOT_EXIST);
PowerMockito.when(udfFuncService
.queryUdfFuncDetail(Mockito.anyInt()))
.queryUdfFuncDetail(Mockito.any(), Mockito.anyInt()))
.thenReturn(mockResult);
MvcResult mvcResult = mockMvc.perform(get("/resources/{id}/udf-func", "123")
@ -272,10 +272,10 @@ public class ResourcesControllerTest extends AbstractControllerTest {
@Test
public void testUpdateUdfFunc() throws Exception {
Map<String, Object> mockResult = new HashMap<>();
mockResult.put(Constants.STATUS, Status.TENANT_NOT_EXIST);
Result<Object> mockResult = new Result<>();
mockResult.setCode(Status.TENANT_NOT_EXIST.getCode());
PowerMockito.when(udfFuncService
.updateUdfFunc(Mockito.anyInt(), Mockito.anyString(), Mockito.anyString(), Mockito.anyString(), Mockito.anyString(), Mockito.anyString(), Mockito.any(), Mockito.anyInt()))
.updateUdfFunc(Mockito.any(), Mockito.anyInt(), Mockito.anyString(), Mockito.anyString(), Mockito.anyString(), Mockito.anyString(), Mockito.anyString(), Mockito.any(), Mockito.anyInt()))
.thenReturn(mockResult);
MultiValueMap<String, String> paramsMap = new LinkedMultiValueMap<>();
@ -327,8 +327,8 @@ public class ResourcesControllerTest extends AbstractControllerTest {
@Test
public void testQueryResourceList() throws Exception {
Map<String, Object> mockResult = new HashMap<>();
mockResult.put(Constants.STATUS, Status.SUCCESS);
Result<Object> mockResult = new Result<>();
mockResult.setCode(Status.SUCCESS.getCode());
PowerMockito.when(udfFuncService.queryUdfFuncList(Mockito.any(), Mockito.anyInt())).thenReturn(mockResult);
MultiValueMap<String, String> paramsMap = new LinkedMultiValueMap<>();
@ -351,7 +351,7 @@ public class ResourcesControllerTest extends AbstractControllerTest {
public void testVerifyUdfFuncName() throws Exception {
Result mockResult = new Result<>();
mockResult.setCode(Status.SUCCESS.getCode());
PowerMockito.when(udfFuncService.verifyUdfFuncByName(Mockito.anyString())).thenReturn(mockResult);
PowerMockito.when(udfFuncService.verifyUdfFuncByName(Mockito.any(), Mockito.anyString())).thenReturn(mockResult);
MultiValueMap<String, String> paramsMap = new LinkedMultiValueMap<>();
paramsMap.add("name", "test");
@ -439,7 +439,7 @@ public class ResourcesControllerTest extends AbstractControllerTest {
public void testDeleteUdfFunc() throws Exception {
Result mockResult = new Result<>();
mockResult.setCode(Status.SUCCESS.getCode());
PowerMockito.when(udfFuncService.delete(Mockito.anyInt())).thenReturn(mockResult);
PowerMockito.when(udfFuncService.delete(Mockito.any(), Mockito.anyInt())).thenReturn(mockResult);
MvcResult mvcResult = mockMvc.perform(delete("/resources/udf-func/{id}", "123")
.header(SESSION_ID, sessionId))

74
dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/MonitorServiceTest.java
Unescape View File

@ -17,21 +17,31 @@
package org.apache.dolphinscheduler.api.service;
import org.apache.dolphinscheduler.api.constants.ApiFuncIdentificationConstant;
import org.apache.dolphinscheduler.api.enums.Status;
import org.apache.dolphinscheduler.api.service.impl.BaseServiceImpl;
import org.apache.dolphinscheduler.api.service.impl.MonitorServiceImpl;
import org.apache.dolphinscheduler.common.Constants;
import org.apache.dolphinscheduler.common.enums.AuthorizationType;
import org.apache.dolphinscheduler.common.enums.NodeType;
import org.apache.dolphinscheduler.common.enums.UserType;
import org.apache.dolphinscheduler.common.model.Server;
import org.apache.dolphinscheduler.dao.MonitorDBDao;
import org.apache.dolphinscheduler.dao.entity.MonitorRecord;
import org.apache.dolphinscheduler.dao.entity.User;
import org.apache.dolphinscheduler.service.permission.ResourcePermissionCheckService;
import org.apache.dolphinscheduler.service.registry.RegistryClient;
import org.apache.dolphinscheduler.spi.enums.DbType;
import org.apache.commons.collections.CollectionUtils;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
import java.util.Map;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.InjectMocks;
@ -55,23 +65,60 @@ public class MonitorServiceTest {
@Mock
private MonitorDBDao monitorDBDao;
@Mock
private ResourcePermissionCheckService resourcePermissionCheckService;
@Mock
private RegistryClient registryClient;
private User user;
public static final Logger serviceLogger = LoggerFactory.getLogger(BaseServiceImpl.class);
@Before
public void init () {
user = new User();
user.setUserType(UserType.ADMIN_USER);
user.setId(1);
}
@Test
public void testQueryDatabaseState() {
mockPermissionCheck(ApiFuncIdentificationConstant.MONITOR_DATABASES_VIEW, true);
Mockito.when(monitorDBDao.queryDatabaseState()).thenReturn(getList());
Map<String,Object> result = monitorService.queryDatabaseState(null);
Map<String,Object> result = monitorService.queryDatabaseState(user);
logger.info(result.toString());
Assert.assertEquals(Status.SUCCESS,result.get(Constants.STATUS));
List<MonitorRecord> monitorRecordList = (List<MonitorRecord>) result.get(Constants.DATA_LIST);
Assert.assertTrue(CollectionUtils.isNotEmpty(monitorRecordList));
mockPermissionCheck(ApiFuncIdentificationConstant.MONITOR_DATABASES_VIEW, false);
Map<String,Object> noPermission = monitorService.queryDatabaseState(user);
Assert.assertEquals(Status.NO_CURRENT_OPERATING_PERMISSION,noPermission.get(Constants.STATUS));
}
@Test
public void testQueryMaster() {
//TODO need zk
/*Map<String,Object> result = monitorService.queryMaster(null);*/
/*logger.info(result.toString());*/
/*Assert.assertEquals(Status.SUCCESS,result.get(Constants.STATUS));*/
mockPermissionCheck(ApiFuncIdentificationConstant.MONITOR_MASTER_VIEW, true);
Mockito.when(registryClient.getServerList(NodeType.MASTER)).thenReturn(getServerList());
Map<String, Object> result = monitorService.queryMaster(user);
Assert.assertEquals(Status.SUCCESS,result.get(Constants.STATUS));
mockPermissionCheck(ApiFuncIdentificationConstant.MONITOR_MASTER_VIEW, false);
Map<String,Object> noPermission = monitorService.queryMaster(user);
Assert.assertEquals(Status.NO_CURRENT_OPERATING_PERMISSION,noPermission.get(Constants.STATUS));
}
@Test
public void testQueryWorker() {
mockPermissionCheck(ApiFuncIdentificationConstant.MONITOR_WORKER_VIEW, true);
Mockito.when(registryClient.getServerList(NodeType.WORKER)).thenReturn(getServerList());
Map<String, Object> result = monitorService.queryWorker(user);
Assert.assertEquals(Status.SUCCESS,result.get(Constants.STATUS));
mockPermissionCheck(ApiFuncIdentificationConstant.MONITOR_WORKER_VIEW, false);
Map<String,Object> noPermission = monitorService.queryWorker(user);
Assert.assertEquals(Status.NO_CURRENT_OPERATING_PERMISSION,noPermission.get(Constants.STATUS));
}
@Test
@ -81,6 +128,11 @@ public class MonitorServiceTest {
/*logger.info(serverList.toString());*/
}
private void mockPermissionCheck(String permissionKey, boolean result){
Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.MONITOR, 1, permissionKey, serviceLogger)).thenReturn(result);
Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.MONITOR, null, 0, serviceLogger)).thenReturn(true);
}
private List<MonitorRecord> getList() {
List<MonitorRecord> monitorRecordList = new ArrayList<>();
monitorRecordList.add(getEntity());
@ -94,8 +146,16 @@ public class MonitorServiceTest {
}
private List<Server> getServerList() {
Server server = new Server();
server.setId(1);
server.setHost("127.0.0.1");
server.setZkDirectory("ws/server");
server.setPort(123);
server.setCreateTime(new Date());
server.setLastHeartbeatTime(new Date());
List<Server> servers = new ArrayList<>();
servers.add(new Server());
servers.add(server);
return servers;
}

30
dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/ProjectServiceTest.java
Unescape View File

@ -84,8 +84,8 @@ public class ProjectServiceTest {
User loginUser = getLoginUser();
loginUser.setId(1);
Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.PROJECTS, loginUser.getId(), PROJECT_CREATE , baseServiceLogger)).thenReturn(true);
Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.PROJECTS, null, loginUser.getId(), baseServiceLogger)).thenReturn(true);
Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.PROJECTS, 1, PROJECT_CREATE , baseServiceLogger)).thenReturn(true);
Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.PROJECTS, null, 1, baseServiceLogger)).thenReturn(true);
Map<String, Object> result = projectService.createProject(loginUser, projectName, getDesc());
logger.info(result.toString());
Assert.assertEquals(Status.REQUEST_PARAMS_NOT_VALID_ERROR, result.get(Constants.STATUS));
@ -179,32 +179,6 @@ public class ProjectServiceTest {
Assert.assertTrue(checkResult);
}
// @Test
// public void testQueryProjectListPaging() {
// IPage<Project> page = new Page<>(1, 10);
// page.setRecords(getList());
// page.setTotal(1L);
// Set<Integer> set = new HashSet();
// set.add(1);
// Mockito.when(projectMapper.queryProjectListPaging(Mockito.any(Page.class),Mockito.anySet().toArray(), Mockito.eq(projectName))).thenReturn(page);
// User loginUser = getLoginUser();
//
// // project owner
// Mockito.when(resourcePermissionCheckService.userOwnedResourceIdsAcquisition(AuthorizationType.PROJECTS, loginUser.getId(), projectLogger)).thenReturn(set);
// Result result = projectService.queryProjectListPaging(loginUser, 10, 1, projectName);
// logger.info(result.toString());
// PageInfo<Project> pageInfo = (PageInfo<Project>) result.getData();
// Assert.assertTrue(CollectionUtils.isNotEmpty(pageInfo.getTotalList()));
//
// //admin
// Mockito.when(projectMapper.queryProjectListPaging(Mockito.any(Page.class), Mockito.anySet().toArray(), Mockito.eq(projectName))).thenReturn(page);
// loginUser.setUserType(UserType.ADMIN_USER);
// result = projectService.queryProjectListPaging(loginUser, 10, 1, projectName);
// logger.info(result.toString());
// pageInfo = (PageInfo<Project>) result.getData();
// Assert.assertTrue(CollectionUtils.isNotEmpty(pageInfo.getTotalList()));
// }
@Test
public void testDeleteProject() {
User loginUser = getLoginUser();

142
dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/ResourcesServiceTest.java
Unescape View File

@ -19,11 +19,14 @@ package org.apache.dolphinscheduler.api.service;
import static org.mockito.ArgumentMatchers.eq;
import org.apache.dolphinscheduler.api.constants.ApiFuncIdentificationConstant;
import org.apache.dolphinscheduler.api.enums.Status;
import org.apache.dolphinscheduler.api.service.impl.BaseServiceImpl;
import org.apache.dolphinscheduler.api.service.impl.ResourcesServiceImpl;
import org.apache.dolphinscheduler.api.utils.PageInfo;
import org.apache.dolphinscheduler.api.utils.Result;
import org.apache.dolphinscheduler.common.Constants;
import org.apache.dolphinscheduler.common.enums.AuthorizationType;
import org.apache.dolphinscheduler.common.enums.UserType;
import org.apache.dolphinscheduler.common.storage.StorageOperate;
import org.apache.dolphinscheduler.common.utils.FileUtils;
@ -38,6 +41,7 @@ import org.apache.dolphinscheduler.dao.mapper.ResourceUserMapper;
import org.apache.dolphinscheduler.dao.mapper.TenantMapper;
import org.apache.dolphinscheduler.dao.mapper.UdfFuncMapper;
import org.apache.dolphinscheduler.dao.mapper.UserMapper;
import org.apache.dolphinscheduler.service.permission.ResourcePermissionCheckService;
import org.apache.dolphinscheduler.spi.enums.ResourceType;
import org.apache.commons.collections.CollectionUtils;
@ -47,9 +51,11 @@ import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Random;
import java.util.Set;
import org.junit.Assert;
import org.junit.Before;
@ -106,6 +112,12 @@ public class ResourcesServiceTest {
@Mock
private ResourceUserMapper resourceUserMapper;
@Mock
private ResourcePermissionCheckService resourcePermissionCheckService;
private static final Logger serviceLogger = LoggerFactory.getLogger(BaseServiceImpl.class);
@Before
public void setUp() {
// PowerMockito.mockStatic(HadoopUtils.class);
@ -125,8 +137,13 @@ public class ResourcesServiceTest {
@Test
public void testCreateResource() {
PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 1, ApiFuncIdentificationConstant.FILE_ONLINE_CREATE, serviceLogger)).thenReturn(true);
PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, null, 1, serviceLogger)).thenReturn(true);
PowerMockito.when(PropertyUtils.getResUploadStartupState()).thenReturn(false);
User user = new User();
user.setId(1);
user.setUserType(UserType.GENERAL_USER);
//HDFS_NOT_STARTUP
Result result = resourcesService.createResource(user, "ResourcesServiceTest", "ResourcesServiceTest", ResourceType.FILE, null, -1, "/");
logger.info(result.toString());
@ -148,6 +165,9 @@ public class ResourcesServiceTest {
Assert.assertEquals(Status.RESOURCE_SUFFIX_FORBID_CHANGE.getMsg(), result.getMsg());
//UDF_RESOURCE_SUFFIX_NOT_JAR
PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 1, ApiFuncIdentificationConstant.UDF_FOLDER_ONLINE_CREATE, serviceLogger)).thenReturn(true);
PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, null, 1, serviceLogger)).thenReturn(true);
mockMultipartFile = new MockMultipartFile("ResourcesServiceTest.pdf", "ResourcesServiceTest.pdf", "pdf", "test".getBytes());
PowerMockito.when(Files.getFileExtension("ResourcesServiceTest.pdf")).thenReturn("pdf");
result = resourcesService.createResource(user, "ResourcesServiceTest.pdf", "ResourcesServiceTest", ResourceType.UDF, mockMultipartFile, -1, "/");
@ -155,6 +175,9 @@ public class ResourcesServiceTest {
Assert.assertEquals(Status.UDF_RESOURCE_SUFFIX_NOT_JAR.getMsg(), result.getMsg());
//FULL_FILE_NAME_TOO_LONG
PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 1, ApiFuncIdentificationConstant.FILE_ONLINE_CREATE, serviceLogger)).thenReturn(true);
PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, null, 1, serviceLogger)).thenReturn(true);
String tooLongFileName = getRandomStringWithLength(Constants.RESOURCE_FULL_NAME_MAX_LENGTH) + ".pdf";
mockMultipartFile = new MockMultipartFile(tooLongFileName, tooLongFileName, "pdf", "test".getBytes());
PowerMockito.when(PropertyUtils.getResUploadStartupState()).thenReturn(true);
@ -166,9 +189,13 @@ public class ResourcesServiceTest {
@Test
public void testCreateDirecotry() {
PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 1, ApiFuncIdentificationConstant.FOLDER_ONLINE_CREATE, serviceLogger)).thenReturn(true);
PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, null, 1, serviceLogger)).thenReturn(true);
PowerMockito.when(PropertyUtils.getResUploadStartupState()).thenReturn(false);
User user = new User();
user.setId(1);
user.setUserType(UserType.GENERAL_USER);
//HDFS_NOT_STARTUP
Result result = resourcesService.createDirectory(user, "directoryTest", "directory test", ResourceType.FILE, -1, "/");
logger.info(result.toString());
@ -181,6 +208,10 @@ public class ResourcesServiceTest {
Mockito.when(tenantMapper.queryById(1)).thenReturn(getTenant());
PowerMockito.when(PropertyUtils.getResUploadStartupState()).thenReturn(true);
Mockito.when(resourcesMapper.selectById(Mockito.anyInt())).thenReturn(null);
PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 1, ApiFuncIdentificationConstant.FOLDER_ONLINE_CREATE, serviceLogger)).thenReturn(true);
PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, null, 1, serviceLogger)).thenReturn(true);
PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 1, ApiFuncIdentificationConstant.FILE_RENAME, serviceLogger)).thenReturn(true);
result = resourcesService.createDirectory(user, "directoryTest", "directory test", ResourceType.FILE, 1, "/");
logger.info(result.toString());
Assert.assertEquals(Status.PARENT_RESOURCE_NOT_EXIST.getMsg(), result.getMsg());
@ -196,14 +227,21 @@ public class ResourcesServiceTest {
@Test
public void testUpdateResource() {
PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 1, ApiFuncIdentificationConstant.FILE_UPDATE, serviceLogger)).thenReturn(true);
PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, new Object[]{1}, 1, serviceLogger)).thenReturn(true);
PowerMockito.when(PropertyUtils.getResUploadStartupState()).thenReturn(false);
User user = new User();
user.setId(1);
user.setUserType(UserType.GENERAL_USER);
//HDFS_NOT_STARTUP
Result result = resourcesService.updateResource(user, 1, "ResourcesServiceTest", "ResourcesServiceTest", ResourceType.FILE, null);
logger.info(result.toString());
Assert.assertEquals(Status.STORAGE_NOT_STARTUP.getMsg(), result.getMsg());
//RESOURCE_NOT_EXIST
PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 1, ApiFuncIdentificationConstant.FILE_UPDATE, serviceLogger)).thenReturn(true);
PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, new Object[]{0}, 1, serviceLogger)).thenReturn(true);
Mockito.when(resourcesMapper.selectById(1)).thenReturn(getResource());
PowerMockito.when(PropertyUtils.getResUploadStartupState()).thenReturn(true);
result = resourcesService.updateResource(user, 0, "ResourcesServiceTest", "ResourcesServiceTest", ResourceType.FILE, null);
@ -211,6 +249,10 @@ public class ResourcesServiceTest {
Assert.assertEquals(Status.RESOURCE_NOT_EXIST.getMsg(), result.getMsg());
//USER_NO_OPERATION_PERM
user.setId(2);
user.setUserType(UserType.GENERAL_USER);
PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 2, ApiFuncIdentificationConstant.FILE_UPDATE, serviceLogger)).thenReturn(true);
PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, new Object[]{1}, 2, serviceLogger)).thenReturn(true);
result = resourcesService.updateResource(user, 1, "ResourcesServiceTest", "ResourcesServiceTest", ResourceType.FILE, null);
logger.info(result.toString());
Assert.assertEquals(Status.USER_NO_OPERATION_PERM.getMsg(), result.getMsg());
@ -221,6 +263,8 @@ public class ResourcesServiceTest {
Mockito.when(tenantMapper.queryById(1)).thenReturn(getTenant());
PowerMockito.when(storageOperate.getFileName(Mockito.any(), Mockito.any(), Mockito.anyString())).thenReturn("test1");
PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 1, ApiFuncIdentificationConstant.UDF_UPDATE, serviceLogger)).thenReturn(true);
PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, new Object[]{1}, 1, serviceLogger)).thenReturn(true);
try {
Mockito.when(storageOperate.exists(Mockito.any(), Mockito.any())).thenReturn(false);
} catch (IOException e) {
@ -239,6 +283,8 @@ public class ResourcesServiceTest {
logger.error(e.getMessage(), e);
}
PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 1, ApiFuncIdentificationConstant.FILE_UPDATE, serviceLogger)).thenReturn(true);
PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, new Object[]{1}, 1, serviceLogger)).thenReturn(true);
result = resourcesService.updateResource(user, 1, "ResourcesServiceTest.jar", "ResourcesServiceTest", ResourceType.FILE, null);
logger.info(result.toString());
Assert.assertEquals(Status.SUCCESS.getMsg(), result.getMsg());
@ -249,6 +295,8 @@ public class ResourcesServiceTest {
logger.info(result.toString());
Assert.assertEquals(Status.RESOURCE_EXIST.getMsg(), result.getMsg());
//USER_NOT_EXIST
PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 1, ApiFuncIdentificationConstant.UDF_UPDATE, serviceLogger)).thenReturn(true);
PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, new Object[]{1}, 1, serviceLogger)).thenReturn(true);
Mockito.when(userMapper.selectById(Mockito.anyInt())).thenReturn(null);
result = resourcesService.updateResource(user, 1, "ResourcesServiceTest1.jar", "ResourcesServiceTest", ResourceType.UDF, null);
logger.info(result.toString());
@ -279,13 +327,17 @@ public class ResourcesServiceTest {
@Test
public void testQueryResourceListPaging() {
User loginUser = new User();
loginUser.setId(1);
loginUser.setUserType(UserType.ADMIN_USER);
IPage<Resource> resourcePage = new Page<>(1, 10);
resourcePage.setTotal(1);
resourcePage.setRecords(getResourceList());
Mockito.when(resourcesMapper.queryResourcePaging(Mockito.any(Page.class),
eq(0), eq(-1), eq(0), eq("test"), Mockito.any())).thenReturn(resourcePage);
PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 1, ApiFuncIdentificationConstant.FILE_VIEW, serviceLogger)).thenReturn(true);
PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, null, 0, serviceLogger)).thenReturn(true);
PowerMockito.when(resourcePermissionCheckService.userOwnedResourceIdsAcquisition(AuthorizationType.RESOURCE_FILE_ID, 1, serviceLogger)).thenReturn(getSetIds());
Mockito.when(resourcesMapper.queryResourcePaging(Mockito.any(Page.class), eq(-1), eq(0), eq(1), eq("test"), Mockito.any())).thenReturn(resourcePage);
Result result = resourcesService.queryResourceListPaging(loginUser, -1, ResourceType.FILE, "test", 1, 10);
logger.info(result.toString());
Assert.assertEquals(Status.SUCCESS.getCode(), (int) result.getCode());
@ -299,6 +351,11 @@ public class ResourcesServiceTest {
User loginUser = new User();
loginUser.setId(0);
loginUser.setUserType(UserType.ADMIN_USER);
PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 0, ApiFuncIdentificationConstant.FILE_VIEW, serviceLogger)).thenReturn(true);
PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, null, 0, serviceLogger)).thenReturn(true);
PowerMockito.when(resourcePermissionCheckService.userOwnedResourceIdsAcquisition(AuthorizationType.RESOURCE_FILE_ID, 0, serviceLogger)).thenReturn(getSetIds());
Mockito.when(resourcesMapper.queryResourceListAuthored(0, 0)).thenReturn(getResourceList());
Map<String, Object> result = resourcesService.queryResourceList(loginUser, ResourceType.FILE);
logger.info(result.toString());
@ -307,6 +364,9 @@ public class ResourcesServiceTest {
Assert.assertTrue(CollectionUtils.isNotEmpty(resourceList));
// test udf
PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 0, ApiFuncIdentificationConstant.UDF_FILE_VIEW, serviceLogger)).thenReturn(true);
PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, null, 0, serviceLogger)).thenReturn(true);
PowerMockito.when(resourcePermissionCheckService.userOwnedResourceIdsAcquisition(AuthorizationType.RESOURCE_FILE_ID, 0, serviceLogger)).thenReturn(getSetIds());
loginUser.setUserType(UserType.GENERAL_USER);
Mockito.when(resourceUserMapper.queryResourcesIdListByUserIdAndPerm(0, 0))
.thenReturn(Arrays.asList(Integer.valueOf(10), Integer.valueOf(11)));
@ -325,9 +385,13 @@ public class ResourcesServiceTest {
User loginUser = new User();
loginUser.setId(0);
loginUser.setUserType(UserType.GENERAL_USER);
PowerMockito.when(PropertyUtils.getResUploadStartupState()).thenReturn(false);
Mockito.when(resourcesMapper.selectById(1)).thenReturn(getResource());
Mockito.when(tenantMapper.queryById(1)).thenReturn(getTenant());
PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 0, ApiFuncIdentificationConstant.FILE_DELETE, serviceLogger)).thenReturn(true);
PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, new Object[]{1}, 0, serviceLogger)).thenReturn(true);
try {
// HDFS_NOT_STARTUP
Result result = resourcesService.delete(loginUser, 1);
@ -337,6 +401,9 @@ public class ResourcesServiceTest {
//RESOURCE_NOT_EXIST
PowerMockito.when(PropertyUtils.getResUploadStartupState()).thenReturn(true);
Mockito.when(resourcesMapper.selectById(1)).thenReturn(getResource());
PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 0, ApiFuncIdentificationConstant.FILE_DELETE, serviceLogger)).thenReturn(true);
PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, new Object[]{2}, 0, serviceLogger)).thenReturn(true);
result = resourcesService.delete(loginUser, 2);
logger.info(result.toString());
Assert.assertEquals(Status.RESOURCE_NOT_EXIST.getMsg(), result.getMsg());
@ -350,6 +417,8 @@ public class ResourcesServiceTest {
loginUser.setUserType(UserType.ADMIN_USER);
loginUser.setTenantId(2);
Mockito.when(userMapper.selectById(Mockito.anyInt())).thenReturn(loginUser);
PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 0, ApiFuncIdentificationConstant.FILE_DELETE, serviceLogger)).thenReturn(true);
PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, new Object[]{1}, 0, serviceLogger)).thenReturn(true);
result = resourcesService.delete(loginUser, 1);
logger.info(result.toString());
Assert.assertEquals(Status.CURRENT_LOGIN_USER_TENANT_NOT_EXIST.getMsg(), result.getMsg());
@ -373,8 +442,11 @@ public class ResourcesServiceTest {
@Test
public void testVerifyResourceName() {
PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 1, ApiFuncIdentificationConstant.FILE_RENAME, serviceLogger)).thenReturn(true);
PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, null, 1, serviceLogger)).thenReturn(true);
User user = new User();
user.setId(1);
user.setUserType(UserType.GENERAL_USER);
Mockito.when(resourcesMapper.existResource("/ResourcesServiceTest.jar", 0)).thenReturn(true);
Result result = resourcesService.verifyResourceName("/ResourcesServiceTest.jar", ResourceType.FILE, user);
logger.info(result.toString());
@ -414,37 +486,43 @@ public class ResourcesServiceTest {
@Test
public void testReadResource() {
PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 1, ApiFuncIdentificationConstant.FILE_VIEW, serviceLogger)).thenReturn(true);
PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, new Object[]{1}, 1, serviceLogger)).thenReturn(true);
PowerMockito.when(PropertyUtils.getResUploadStartupState()).thenReturn(false);
//HDFS_NOT_STARTUP
Result result = resourcesService.readResource(1, 1, 10);
Result result = resourcesService.readResource(getUser(), 1, 1, 10);
logger.info(result.toString());
Assert.assertEquals(Status.STORAGE_NOT_STARTUP.getMsg(), result.getMsg());
//RESOURCE_NOT_EXIST
Mockito.when(resourcesMapper.selectById(1)).thenReturn(getResource());
PowerMockito.when(PropertyUtils.getResUploadStartupState()).thenReturn(true);
result = resourcesService.readResource(2, 1, 10);
PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 1, ApiFuncIdentificationConstant.FILE_VIEW, serviceLogger)).thenReturn(true);
PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, new Object[]{2}, 1, serviceLogger)).thenReturn(true);
result = resourcesService.readResource(getUser(), 2, 1, 10);
logger.info(result.toString());
Assert.assertEquals(Status.RESOURCE_NOT_EXIST.getMsg(), result.getMsg());
//RESOURCE_SUFFIX_NOT_SUPPORT_VIEW
PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 1, ApiFuncIdentificationConstant.FILE_VIEW, serviceLogger)).thenReturn(true);
PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, new Object[]{1}, 1, serviceLogger)).thenReturn(true);
PowerMockito.when(FileUtils.getResourceViewSuffixes()).thenReturn("class");
PowerMockito.when(PropertyUtils.getResUploadStartupState()).thenReturn(true);
result = resourcesService.readResource(1, 1, 10);
result = resourcesService.readResource(getUser(), 1, 1, 10);
logger.info(result.toString());
Assert.assertEquals(Status.RESOURCE_SUFFIX_NOT_SUPPORT_VIEW.getMsg(), result.getMsg());
//USER_NOT_EXIST
PowerMockito.when(FileUtils.getResourceViewSuffixes()).thenReturn("jar");
PowerMockito.when(Files.getFileExtension("ResourcesServiceTest.jar")).thenReturn("jar");
result = resourcesService.readResource(1, 1, 10);
result = resourcesService.readResource(getUser(), 1, 1, 10);
logger.info(result.toString());
Assert.assertEquals(Status.USER_NOT_EXIST.getCode(), (int) result.getCode());
//TENANT_NOT_EXIST
Mockito.when(userMapper.selectById(1)).thenReturn(getUser());
result = resourcesService.readResource(1, 1, 10);
result = resourcesService.readResource(getUser(), 1, 1, 10);
logger.info(result.toString());
Assert.assertEquals(Status.CURRENT_LOGIN_USER_TENANT_NOT_EXIST.getMsg(), result.getMsg());
@ -455,7 +533,7 @@ public class ResourcesServiceTest {
} catch (IOException e) {
logger.error("hadoop error", e);
}
result = resourcesService.readResource(1, 1, 10);
result = resourcesService.readResource(getUser(), 1, 1, 10);
logger.info(result.toString());
Assert.assertEquals(Status.RESOURCE_FILE_NOT_EXIST.getCode(), (int) result.getCode());
@ -467,7 +545,7 @@ public class ResourcesServiceTest {
} catch (IOException e) {
logger.error("storage error", e);
}
result = resourcesService.readResource(1, 1, 10);
result = resourcesService.readResource(getUser(), 1, 1, 10);
logger.info(result.toString());
Assert.assertEquals(Status.SUCCESS.getMsg(), result.getMsg());
@ -476,10 +554,14 @@ public class ResourcesServiceTest {
@Test
public void testOnlineCreateResource() {
PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 1, ApiFuncIdentificationConstant.FILE_ONLINE_CREATE, serviceLogger)).thenReturn(true);
PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, null, 1, serviceLogger)).thenReturn(true);
PowerMockito.when(PropertyUtils.getResUploadStartupState()).thenReturn(false);
PowerMockito.when(storageOperate.getResourceFileName(Mockito.anyString(), eq("hdfsdDir"))).thenReturn("hdfsDir");
PowerMockito.when(storageOperate.getUdfDir("udfDir")).thenReturn("udfDir");
User user = getUser();
user.setId(1);
//HDFS_NOT_STARTUP
Result result = resourcesService.onlineCreateResource(user, ResourceType.FILE, "test", "jar", "desc", "content", -1, "/");
logger.info(result.toString());
@ -503,6 +585,9 @@ public class ResourcesServiceTest {
}
//SUCCESS
PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 1, ApiFuncIdentificationConstant.FILE_RENAME, serviceLogger)).thenReturn(true);
PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, null, 1, serviceLogger)).thenReturn(true);
Mockito.when(FileUtils.getUploadFilename(Mockito.anyString(), Mockito.anyString())).thenReturn("test");
PowerMockito.when(FileUtils.writeContent2File(Mockito.anyString(), Mockito.anyString())).thenReturn(true);
result = resourcesService.onlineCreateResource(user, ResourceType.FILE, "test", "jar", "desc", "content", -1, "/");
@ -516,34 +601,41 @@ public class ResourcesServiceTest {
PowerMockito.when(PropertyUtils.getResUploadStartupState()).thenReturn(false);
// HDFS_NOT_STARTUP
Result result = resourcesService.updateResourceContent(1, "content");
PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 1, ApiFuncIdentificationConstant.FILE_UPDATE, serviceLogger)).thenReturn(true);
PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, new Object[]{1}, 1, serviceLogger)).thenReturn(true);
Result result = resourcesService.updateResourceContent(getUser(), 1, "content");
logger.info(result.toString());
Assert.assertEquals(Status.STORAGE_NOT_STARTUP.getMsg(), result.getMsg());
//RESOURCE_NOT_EXIST
PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 1, ApiFuncIdentificationConstant.FILE_UPDATE, serviceLogger)).thenReturn(true);
PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, new Object[]{2}, 1, serviceLogger)).thenReturn(true);
PowerMockito.when(PropertyUtils.getResUploadStartupState()).thenReturn(true);
Mockito.when(resourcesMapper.selectById(1)).thenReturn(getResource());
result = resourcesService.updateResourceContent(2, "content");
result = resourcesService.updateResourceContent(getUser(), 2, "content");
logger.info(result.toString());
Assert.assertEquals(Status.RESOURCE_NOT_EXIST.getMsg(), result.getMsg());
//RESOURCE_SUFFIX_NOT_SUPPORT_VIEW
PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 1, ApiFuncIdentificationConstant.FILE_UPDATE, serviceLogger)).thenReturn(true);
PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, new Object[]{1}, 1, serviceLogger)).thenReturn(true);
PowerMockito.when(PropertyUtils.getResUploadStartupState()).thenReturn(true);
PowerMockito.when(FileUtils.getResourceViewSuffixes()).thenReturn("class");
result = resourcesService.updateResourceContent(1, "content");
result = resourcesService.updateResourceContent(getUser(), 1, "content");
logger.info(result.toString());
Assert.assertEquals(Status.RESOURCE_SUFFIX_NOT_SUPPORT_VIEW.getMsg(), result.getMsg());
//USER_NOT_EXIST
PowerMockito.when(FileUtils.getResourceViewSuffixes()).thenReturn("jar");
PowerMockito.when(Files.getFileExtension("ResourcesServiceTest.jar")).thenReturn("jar");
result = resourcesService.updateResourceContent(1, "content");
result = resourcesService.updateResourceContent(getUser(), 1, "content");
logger.info(result.toString());
Assert.assertTrue(Status.USER_NOT_EXIST.getCode() == result.getCode());
//TENANT_NOT_EXIST
Mockito.when(userMapper.selectById(1)).thenReturn(getUser());
result = resourcesService.updateResourceContent(1, "content");
result = resourcesService.updateResourceContent(getUser(), 1, "content");
logger.info(result.toString());
Assert.assertTrue(Status.CURRENT_LOGIN_USER_TENANT_NOT_EXIST.getCode() == result.getCode());
@ -551,7 +643,7 @@ public class ResourcesServiceTest {
Mockito.when(tenantMapper.queryById(1)).thenReturn(getTenant());
Mockito.when(FileUtils.getUploadFilename(Mockito.anyString(), Mockito.anyString())).thenReturn("test");
PowerMockito.when(FileUtils.writeContent2File(Mockito.anyString(), Mockito.anyString())).thenReturn(true);
result = resourcesService.updateResourceContent(1, "content");
result = resourcesService.updateResourceContent(getUser(), 1, "content");
logger.info(result.toString());
Assert.assertEquals(Status.SUCCESS.getMsg(), result.getMsg());
}
@ -559,18 +651,21 @@ public class ResourcesServiceTest {
@Test
public void testDownloadResource() {
PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 1, ApiFuncIdentificationConstant.FILE_DOWNLOAD, serviceLogger)).thenReturn(true);
Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, new Object[]{1}, 1, serviceLogger)).thenReturn(true);
PowerMockito.when(PropertyUtils.getResUploadStartupState()).thenReturn(true);
Mockito.when(tenantMapper.queryById(1)).thenReturn(getTenant());
Mockito.when(userMapper.selectById(1)).thenReturn(getUser());
org.springframework.core.io.Resource resourceMock = Mockito.mock(org.springframework.core.io.Resource.class);
try {
//resource null
org.springframework.core.io.Resource resource = resourcesService.downloadResource(1);
org.springframework.core.io.Resource resource = resourcesService.downloadResource(getUser(), 1);
Assert.assertNull(resource);
Mockito.when(resourcesMapper.selectById(1)).thenReturn(getResource());
PowerMockito.when(org.apache.dolphinscheduler.api.utils.FileUtils.file2Resource(Mockito.any())).thenReturn(resourceMock);
resource = resourcesService.downloadResource(1);
resource = resourcesService.downloadResource(getUser(), 1);
Assert.assertNotNull(resource);
} catch (Exception e) {
logger.error("DownloadResource error", e);
@ -589,6 +684,7 @@ public class ResourcesServiceTest {
// test admin user
List<Integer> resIds = new ArrayList<>();
resIds.add(1);
Mockito.when(resourcePermissionCheckService.functionDisabled()).thenReturn(true);
Mockito.when(resourcesMapper.queryResourceExceptUserId(userId)).thenReturn(getResourceList());
Map<String, Object> result = resourcesService.authorizeResourceTree(user, userId);
logger.info(result.toString());
@ -617,6 +713,7 @@ public class ResourcesServiceTest {
// test admin user
List<Integer> resIds = new ArrayList<>();
resIds.add(1);
Mockito.when(resourcePermissionCheckService.functionDisabled()).thenReturn(true);
Mockito.when(resourcesMapper.queryResourceExceptUserId(userId)).thenReturn(getResourceList());
Mockito.when(resourceUserMapper.queryResourcesIdListByUserIdAndPerm(Mockito.anyInt(), Mockito.anyInt())).thenReturn(resIds);
Mockito.when(resourcesMapper.queryResourceListById(Mockito.any())).thenReturn(getSingleResourceList());
@ -645,6 +742,7 @@ public class ResourcesServiceTest {
int userId = 3;
// test admin user
Mockito.when(resourcePermissionCheckService.functionDisabled()).thenReturn(true);
Mockito.when(udfFunctionMapper.queryUdfFuncExceptUserId(userId)).thenReturn(getUdfFuncList());
Mockito.when(udfFunctionMapper.queryAuthedUdfFunc(userId)).thenReturn(getSingleUdfFuncList());
Map<String, Object> result = resourcesService.unauthorizedUDFFunction(user, userId);
@ -671,6 +769,7 @@ public class ResourcesServiceTest {
int userId = 3;
// test admin user
Mockito.when(resourcePermissionCheckService.functionDisabled()).thenReturn(true);
Mockito.when(udfFunctionMapper.queryAuthedUdfFunc(userId)).thenReturn(getUdfFuncList());
Map<String, Object> result = resourcesService.authorizedUDFFunction(user, userId);
logger.info(result.toString());
@ -699,6 +798,7 @@ public class ResourcesServiceTest {
// test admin user
List<Integer> resIds = new ArrayList<>();
resIds.add(1);
Mockito.when(resourcePermissionCheckService.functionDisabled()).thenReturn(true);
Mockito.when(resourceUserMapper.queryResourcesIdListByUserIdAndPerm(Mockito.anyInt(), Mockito.anyInt())).thenReturn(resIds);
Mockito.when(resourcesMapper.queryResourceListById(Mockito.any())).thenReturn(getResourceList());
Map<String, Object> result = resourcesService.authorizedFile(user, userId);
@ -745,6 +845,13 @@ public class ResourcesServiceTest {
return resources;
}
private Set<Integer> getSetIds() {
Set<Integer> resources = new HashSet<>();
resources.add(1);
return resources;
}
private List<Resource> getSingleResourceList() {
return Collections.singletonList(getResource(1));
}
@ -834,6 +941,7 @@ public class ResourcesServiceTest {
private User getUser() {
User user = new User();
user.setId(1);
user.setUserType(UserType.GENERAL_USER);
user.setTenantId(1);
user.setTenantCode("tenantCode");
return user;

34
dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/TaskGroupServiceTest.java
Unescape View File

@ -17,10 +17,13 @@
package org.apache.dolphinscheduler.api.service;
import org.apache.dolphinscheduler.api.constants.ApiFuncIdentificationConstant;
import org.apache.dolphinscheduler.api.enums.Status;
import org.apache.dolphinscheduler.api.service.impl.BaseServiceImpl;
import org.apache.dolphinscheduler.api.service.impl.TaskGroupServiceImpl;
import org.apache.dolphinscheduler.api.utils.PageInfo;
import org.apache.dolphinscheduler.common.Constants;
import org.apache.dolphinscheduler.common.enums.AuthorizationType;
import org.apache.dolphinscheduler.common.enums.Flag;
import org.apache.dolphinscheduler.common.enums.UserType;
import org.apache.dolphinscheduler.dao.entity.TaskGroup;
@ -28,12 +31,12 @@ import org.apache.dolphinscheduler.dao.entity.User;
import org.apache.dolphinscheduler.dao.mapper.TaskGroupMapper;
import org.apache.dolphinscheduler.dao.mapper.TaskGroupQueueMapper;
import org.apache.dolphinscheduler.dao.mapper.UserMapper;
import org.apache.dolphinscheduler.service.permission.ResourcePermissionCheckService;
import org.apache.dolphinscheduler.service.process.ProcessService;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.TreeMap;
import org.junit.Assert;
import org.junit.Test;
@ -80,6 +83,11 @@ public class TaskGroupServiceTest {
private String userName = "taskGroupServiceTest";
@Mock
private ResourcePermissionCheckService resourcePermissionCheckService;
private static final Logger serviceLogger = LoggerFactory.getLogger(BaseServiceImpl.class);
/**
* create admin user
*/
@ -103,10 +111,27 @@ public class TaskGroupServiceTest {
return list;
}
@Test
public void forceStartTask() {
User loginUser = getLoginUser();
Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.TASK_GROUP, loginUser.getId(), ApiFuncIdentificationConstant.TASK_GROUP_QUEUE_START, serviceLogger)).thenReturn(false);
Map<String, Object> objectMap = taskGroupService.forceStartTask(loginUser, 1);
Assert.assertEquals(Status.NO_CURRENT_OPERATING_PERMISSION, objectMap.get(Constants.STATUS));
}
@Test
public void modifyPriority() {
User loginUser = getLoginUser();
Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.TASK_GROUP, loginUser.getId(), ApiFuncIdentificationConstant.TASK_GROUP_QUEUE_PRIORITY, serviceLogger)).thenReturn(false);
Map<String, Object> objectMap = taskGroupService.modifyPriority(loginUser, 1, 1);
Assert.assertEquals(Status.NO_CURRENT_OPERATING_PERMISSION, objectMap.get(Constants.STATUS));
}
@Test
public void testCreate() {
User loginUser = getLoginUser();
TaskGroup taskGroup = getTaskGroup();
Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.TASK_GROUP, loginUser.getId(), ApiFuncIdentificationConstant.TASK_GROUP_CREATE, serviceLogger)).thenReturn(true);
Mockito.when(taskGroupMapper.insert(taskGroup)).thenReturn(1);
Mockito.when(taskGroupMapper.queryByName(loginUser.getId(), taskGroupName)).thenReturn(null);
Map<String, Object> result = taskGroupService.createTaskGroup(loginUser,0L, taskGroupName, taskGroupDesc, 100);
@ -129,6 +154,8 @@ public class TaskGroupServiceTest {
IPage<TaskGroup> page = new Page<>(1, 10);
page.setRecords(getList());
User loginUser = getLoginUser();
Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.TASK_GROUP, loginUser.getId(), ApiFuncIdentificationConstant.TASK_GROUP_VIEW, serviceLogger)).thenReturn(true);
Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.TASK_GROUP, null, 0, serviceLogger)).thenReturn(true);
Mockito.when(taskGroupMapper.queryTaskGroupPaging(Mockito.any(Page.class), Mockito.eq(10),
Mockito.eq(null), Mockito.eq(0))).thenReturn(page);
@ -145,6 +172,9 @@ public class TaskGroupServiceTest {
TaskGroup taskGroup = getTaskGroup();
taskGroup.setStatus(Flag.YES.getCode());
// Task group status error
Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.TASK_GROUP, loginUser.getId(), ApiFuncIdentificationConstant.TASK_GROUP_EDIT, serviceLogger)).thenReturn(true);
Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.TASK_GROUP, null, 0, serviceLogger)).thenReturn(true);
Mockito.when(taskGroupMapper.selectById(1)).thenReturn(taskGroup);
Map<String, Object> result = taskGroupService.updateTaskGroup(loginUser, 1, "newName", "desc", 100);
logger.info(result.toString());
@ -161,6 +191,8 @@ public class TaskGroupServiceTest {
Mockito.when(taskGroupMapper.selectById(1)).thenReturn(taskGroup);
//close failed
Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.TASK_GROUP, loginUser.getId(), ApiFuncIdentificationConstant.TASK_GROUP_CLOSE, serviceLogger)).thenReturn(true);
Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.TASK_GROUP, null, 0, serviceLogger)).thenReturn(true);
Map<String, Object> result = taskGroupService.closeTaskGroup(loginUser, 1);
Assert.assertEquals(Status.SUCCESS, result.get(Constants.STATUS));

86
dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/UdfFuncServiceTest.java
Unescape View File

@ -17,11 +17,13 @@
package org.apache.dolphinscheduler.api.service;
import org.apache.dolphinscheduler.api.constants.ApiFuncIdentificationConstant;
import org.apache.dolphinscheduler.api.enums.Status;
import org.apache.dolphinscheduler.api.service.impl.BaseServiceImpl;
import org.apache.dolphinscheduler.api.service.impl.UdfFuncServiceImpl;
import org.apache.dolphinscheduler.api.utils.PageInfo;
import org.apache.dolphinscheduler.api.utils.Result;
import org.apache.dolphinscheduler.common.Constants;
import org.apache.dolphinscheduler.common.enums.AuthorizationType;
import org.apache.dolphinscheduler.common.enums.UdfType;
import org.apache.dolphinscheduler.common.enums.UserType;
import org.apache.dolphinscheduler.common.utils.PropertyUtils;
@ -35,10 +37,13 @@ import org.apache.dolphinscheduler.dao.mapper.UdfFuncMapper;
import org.apache.commons.collections.CollectionUtils;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.apache.dolphinscheduler.service.permission.ResourcePermissionCheckService;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
@ -81,9 +86,17 @@ public class UdfFuncServiceTest {
PowerMockito.mockStatic(PropertyUtils.class);
}
@Mock
private ResourcePermissionCheckService resourcePermissionCheckService;
private static final Logger serviceLogger = LoggerFactory.getLogger(BaseServiceImpl.class);
private static final Logger udfLogger = LoggerFactory.getLogger(UdfFuncServiceImpl.class);
@Test
public void testCreateUdfFunction() {
PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.UDF, 1, ApiFuncIdentificationConstant.UDF_FUNCTION_CREATE, serviceLogger)).thenReturn(true);
PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.UDF, null, 0, serviceLogger)).thenReturn(true);
PowerMockito.when(PropertyUtils.getResUploadStartupState()).thenReturn(false);
//hdfs not start
Result result = udfFuncService.createUdfFunction(getLoginUser(), "UdfFuncServiceTest", "org.apache.dolphinscheduler.api.service.UdfFuncServiceTest", "String",
@ -107,15 +120,19 @@ public class UdfFuncServiceTest {
@Test
public void testQueryUdfFuncDetail() {
PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.UDF, 1, ApiFuncIdentificationConstant.UDF_FUNCTION_VIEW, serviceLogger)).thenReturn(true);
PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.UDF, new Object[]{2}, 0, serviceLogger)).thenReturn(true);
PowerMockito.when(udfFuncMapper.selectById(1)).thenReturn(getUdfFunc());
//resource not exist
Map<String, Object> result = udfFuncService.queryUdfFuncDetail(2);
Result<Object> result = udfFuncService.queryUdfFuncDetail(getLoginUser(), 2);
logger.info(result.toString());
Assert.assertEquals(Status.RESOURCE_NOT_EXIST,result.get(Constants.STATUS));
Assert.assertTrue(Status.RESOURCE_NOT_EXIST.getCode() == result.getCode());
// success
result = udfFuncService.queryUdfFuncDetail(1);
PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.UDF, 1, ApiFuncIdentificationConstant.UDF_FUNCTION_VIEW, serviceLogger)).thenReturn(true);
PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.UDF, new Object[]{1}, 0, serviceLogger)).thenReturn(true);
result = udfFuncService.queryUdfFuncDetail(getLoginUser(), 1);
logger.info(result.toString());
Assert.assertEquals(Status.SUCCESS,result.get(Constants.STATUS));
Assert.assertTrue(Status.SUCCESS.getCode() == result.getCode());
}
@Test
@ -126,40 +143,49 @@ public class UdfFuncServiceTest {
PowerMockito.when(resourceMapper.selectById(1)).thenReturn(getResource());
//UDF_FUNCTION_NOT_EXIST
Map<String, Object> result = udfFuncService.updateUdfFunc(12, "UdfFuncServiceTest", "org.apache.dolphinscheduler.api.service.UdfFuncServiceTest", "String",
PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.UDF, 1, ApiFuncIdentificationConstant.UDF_FUNCTION_UPDATE, serviceLogger)).thenReturn(true);
PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.UDF, new Object[]{1}, 0, serviceLogger)).thenReturn(true);
Result<Object> result = udfFuncService.updateUdfFunc(getLoginUser(), 12, "UdfFuncServiceTest", "org.apache.dolphinscheduler.api.service.UdfFuncServiceTest", "String",
"UdfFuncServiceTest", "UdfFuncServiceTest", UdfType.HIVE, 1);
logger.info(result.toString());
Assert.assertEquals(Status.UDF_FUNCTION_NOT_EXIST,result.get(Constants.STATUS));
Assert.assertTrue(Status.UDF_FUNCTION_NOT_EXIST.getCode() == result.getCode());
//HDFS_NOT_STARTUP
result = udfFuncService.updateUdfFunc(1, "UdfFuncServiceTest", "org.apache.dolphinscheduler.api.service.UdfFuncServiceTest", "String",
result = udfFuncService.updateUdfFunc(getLoginUser(), 1, "UdfFuncServiceTest", "org.apache.dolphinscheduler.api.service.UdfFuncServiceTest", "String",
"UdfFuncServiceTest", "UdfFuncServiceTest", UdfType.HIVE, 1);
logger.info(result.toString());
Assert.assertEquals(Status.HDFS_NOT_STARTUP,result.get(Constants.STATUS));
Assert.assertTrue(Status.HDFS_NOT_STARTUP.getCode() == result.getCode());
//RESOURCE_NOT_EXIST
PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.UDF, 1, ApiFuncIdentificationConstant.UDF_FUNCTION_UPDATE, serviceLogger)).thenReturn(true);
PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.UDF, new Object[]{12}, 0, serviceLogger)).thenReturn(true);
PowerMockito.when(udfFuncMapper.selectUdfById(11)).thenReturn(getUdfFunc());
PowerMockito.when(PropertyUtils.getResUploadStartupState()).thenReturn(true);
result = udfFuncService.updateUdfFunc(11, "UdfFuncServiceTest", "org.apache.dolphinscheduler.api.service.UdfFuncServiceTest", "String",
result = udfFuncService.updateUdfFunc(getLoginUser(), 11, "UdfFuncServiceTest", "org.apache.dolphinscheduler.api.service.UdfFuncServiceTest", "String",
"UdfFuncServiceTest", "UdfFuncServiceTest", UdfType.HIVE, 12);
logger.info(result.toString());
Assert.assertEquals(Status.RESOURCE_NOT_EXIST,result.get(Constants.STATUS));
Assert.assertTrue(Status.RESOURCE_NOT_EXIST.getCode() == result.getCode());
//success
result = udfFuncService.updateUdfFunc(11, "UdfFuncServiceTest", "org.apache.dolphinscheduler.api.service.UdfFuncServiceTest", "String",
PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.UDF, 1, ApiFuncIdentificationConstant.UDF_FUNCTION_UPDATE, serviceLogger)).thenReturn(true);
PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.UDF, new Object[]{1}, 0, serviceLogger)).thenReturn(true);
result = udfFuncService.updateUdfFunc(getLoginUser(), 11, "UdfFuncServiceTest", "org.apache.dolphinscheduler.api.service.UdfFuncServiceTest", "String",
"UdfFuncServiceTest", "UdfFuncServiceTest", UdfType.HIVE, 1);
logger.info(result.toString());
Assert.assertEquals(Status.SUCCESS,result.get(Constants.STATUS));
Assert.assertTrue(Status.SUCCESS.getCode() == result.getCode());
}
@Test
public void testQueryUdfFuncListPaging() {
PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.UDF, 1, ApiFuncIdentificationConstant.UDF_FUNCTION_VIEW, serviceLogger)).thenReturn(true);
PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.UDF, null, 0, serviceLogger)).thenReturn(true);
PowerMockito.when(resourcePermissionCheckService.userOwnedResourceIdsAcquisition(AuthorizationType.UDF, 1, udfLogger)).thenReturn(getSetIds());
IPage<UdfFunc> page = new Page<>(1,10);
page.setTotal(1L);
page.setRecords(getList());
Mockito.when(udfFuncMapper.queryUdfFuncPaging(Mockito.any(Page.class), Mockito.eq(0),Mockito.eq("test"))).thenReturn(page);
Mockito.when(udfFuncMapper.queryUdfFuncPaging(Mockito.any(Page.class), Mockito.anyList(),Mockito.eq("test"))).thenReturn(page);
Result result = udfFuncService.queryUdfFuncListPaging(getLoginUser(),"test",1,10);
logger.info(result.toString());
PageInfo pageInfo = (PageInfo) result.getData();
@ -168,21 +194,29 @@ public class UdfFuncServiceTest {
@Test
public void testQueryUdfFuncList() {
PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.UDF, 1, ApiFuncIdentificationConstant.UDF_FUNCTION_VIEW, serviceLogger)).thenReturn(true);
PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.UDF, null, 1, serviceLogger)).thenReturn(true);
PowerMockito.when(resourcePermissionCheckService.userOwnedResourceIdsAcquisition(AuthorizationType.UDF, 1, udfLogger)).thenReturn(getSetIds());
User user = getLoginUser();
user.setUserType(UserType.GENERAL_USER);
Mockito.when(udfFuncMapper.getUdfFuncByType(user.getId(), UdfType.HIVE.ordinal())).thenReturn(getList());
Map<String, Object> result = udfFuncService.queryUdfFuncList(user,UdfType.HIVE.ordinal());
user.setId(1);
Mockito.when(udfFuncMapper.getUdfFuncByType(Collections.singletonList(1), UdfType.HIVE.ordinal())).thenReturn(getList());
Result<Object> result = udfFuncService.queryUdfFuncList(user,UdfType.HIVE.ordinal());
logger.info(result.toString());
Assert.assertEquals(Status.SUCCESS,result.get(Constants.STATUS));
List<UdfFunc> udfFuncList = (List<UdfFunc>) result.get(Constants.DATA_LIST);
Assert.assertTrue(Status.SUCCESS.getCode() == result.getCode());
List<UdfFunc> udfFuncList = (List<UdfFunc>) result.getData();
Assert.assertTrue(CollectionUtils.isNotEmpty(udfFuncList));
}
@Test
public void testDelete() {
PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.UDF, 1, ApiFuncIdentificationConstant.UDF_FUNCTION_DELETE, serviceLogger)).thenReturn(true);
PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.UDF, new Object[]{122}, 0, serviceLogger)).thenReturn(true);
Mockito.when(udfFuncMapper.deleteById(Mockito.anyInt())).thenReturn(1);
Mockito.when(udfUserMapper.deleteByUdfFuncId(Mockito.anyInt())).thenReturn(1);
Result result = udfFuncService.delete(122);
Result result = udfFuncService.delete(getLoginUser(), 122);
logger.info(result.toString());
Assert.assertEquals(Status.SUCCESS.getMsg(),result.getMsg());
}
@ -190,17 +224,25 @@ public class UdfFuncServiceTest {
@Test
public void testVerifyUdfFuncByName() {
PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.UDF, 1, ApiFuncIdentificationConstant.UDF_FUNCTION_VIEW, serviceLogger)).thenReturn(true);
PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.UDF, null, 0, serviceLogger)).thenReturn(true);
//success
Mockito.when(udfFuncMapper.queryUdfByIdStr(null, "UdfFuncServiceTest")).thenReturn(getList());
Result result = udfFuncService.verifyUdfFuncByName("test");
Result result = udfFuncService.verifyUdfFuncByName(getLoginUser(), "test");
logger.info(result.toString());
Assert.assertEquals(Status.SUCCESS.getMsg(),result.getMsg());
//exist
result = udfFuncService.verifyUdfFuncByName("UdfFuncServiceTest");
result = udfFuncService.verifyUdfFuncByName(getLoginUser(), "UdfFuncServiceTest");
logger.info(result.toString());
Assert.assertEquals(Status.UDF_FUNCTION_EXISTS.getMsg(),result.getMsg());
}
private Set<Integer> getSetIds(){
Set<Integer> set = new HashSet();
set.add(1);
return set;
}
/**
* create admin user
* @return

81
dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/UsersServiceTest.java
Unescape View File

@ -27,7 +27,6 @@ import org.apache.dolphinscheduler.api.service.impl.UsersServiceImpl;
import org.apache.dolphinscheduler.api.utils.PageInfo;
import org.apache.dolphinscheduler.api.utils.Result;
import org.apache.dolphinscheduler.common.Constants;
import org.apache.dolphinscheduler.common.enums.AuthorizationType;
import org.apache.dolphinscheduler.common.enums.UserType;
import org.apache.dolphinscheduler.common.storage.StorageOperate;
import org.apache.dolphinscheduler.common.utils.EncryptionUtils;
@ -44,7 +43,6 @@ import org.mockito.InjectMocks;
import org.mockito.Mock;
import org.mockito.Mockito;
import org.mockito.junit.MockitoJUnitRunner;
import org.powermock.api.mockito.PowerMockito;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@ -52,7 +50,6 @@ import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import static org.apache.dolphinscheduler.api.constants.ApiFuncIdentificationConstant.*;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.ArgumentMatchers.eq;
import static org.mockito.Mockito.when;
@ -62,7 +59,7 @@ import static org.mockito.Mockito.when;
*/
@RunWith(MockitoJUnitRunner.Silent.class)
public class UsersServiceTest {
private static final Logger baseServiceLogger = LoggerFactory.getLogger(BaseServiceImpl.class);
private static final Logger logger = LoggerFactory.getLogger(UsersServiceTest.class);
@InjectMocks
@ -111,6 +108,7 @@ public class UsersServiceTest {
@Before
public void before() {
Mockito.when(resourcePermissionCheckService.functionDisabled()).thenReturn(false);
}
@After
@ -138,8 +136,6 @@ public class UsersServiceTest {
int state = 1;
try {
//userName error
Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, user.getId(), USERS_CREATE , baseServiceLogger)).thenReturn(true);
Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null ,0, baseServiceLogger)).thenReturn(true);
Map<String, Object> result = usersService.createUser(user, userName, userPassword, email, tenantId, phone, queueName, state);
logger.info(result.toString());
Assert.assertEquals(Status.REQUEST_PARAMS_NOT_VALID_ERROR, result.get(Constants.STATUS));
@ -230,20 +226,14 @@ public class UsersServiceTest {
@Test
public void testQueryUserList() {
User user = new User();
user.setUserType(UserType.GENERAL_USER);
user.setId(999);
//no operate
Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, user.getId(), null, baseServiceLogger)).thenReturn(true);
Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null, 1, baseServiceLogger)).thenReturn(true);
Map<String, Object> result = usersService.queryUserList(user);
logger.info(result.toString());
Assert.assertEquals(Status.USER_NO_OPERATION_PERM, result.get(Constants.STATUS));
//success
user.setUserType(UserType.ADMIN_USER);
user.setId(1);
Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, user.getId(), USER_MANAGER, baseServiceLogger)).thenReturn(true);
Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null, 0, baseServiceLogger)).thenReturn(true);
when(userMapper.selectList(null)).thenReturn(getUserList());
result = usersService.queryUserList(user);
List<User> userList = (List<User>) result.get(Constants.DATA_LIST);
@ -258,17 +248,12 @@ public class UsersServiceTest {
when(userMapper.queryUserPaging(any(Page.class), eq("userTest"))).thenReturn(page);
//no operate
user.setUserType(UserType.GENERAL_USER);
Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, 99, USER_MANAGER, baseServiceLogger)).thenReturn(true);
Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null ,99, baseServiceLogger)).thenReturn(true);
Result result = usersService.queryUserList(user, "userTest", 1, 10);
logger.info(result.toString());
Assert.assertEquals(Status.USER_NO_OPERATION_PERM.getCode(), (int) result.getCode());
//success
user.setUserType(UserType.ADMIN_USER);
Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, user.getId(), USER_MANAGER, baseServiceLogger)).thenReturn(true);
Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null ,0, baseServiceLogger)).thenReturn(true);
result = usersService.queryUserList(user, "userTest", 1, 10);
Assert.assertEquals(Status.SUCCESS.getCode(), (int) result.getCode());
PageInfo<User> pageInfo = (PageInfo<User>) result.getData();
@ -281,11 +266,6 @@ public class UsersServiceTest {
String userPassword = "userTest0001";
try {
//user not exist
User user = new User();
user.setUserType(UserType.ADMIN_USER);
user.setId(1);
Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, user.getId(),USER_UPDATE, baseServiceLogger)).thenReturn(true);
Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null ,0, baseServiceLogger)).thenReturn(true);
Map<String, Object> result = usersService.updateUser(getLoginUser(), 0, userName, userPassword, "3443@qq.com", 1, "13457864543", "queue", 1, "Asia/Shanghai");
Assert.assertEquals(Status.USER_NOT_EXIST, result.get(Constants.STATUS));
logger.info(result.toString());
@ -309,18 +289,12 @@ public class UsersServiceTest {
when(userMapper.selectById(1)).thenReturn(getUser());
when(accessTokenMapper.deleteAccessTokenByUserId(1)).thenReturn(0);
//no operate
loginUser.setUserType(UserType.GENERAL_USER);
Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, 990, USER_DELETE, baseServiceLogger)).thenReturn(true);
Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null ,990, baseServiceLogger)).thenReturn(true);
Map<String, Object> result = usersService.deleteUserById(loginUser, 3);
logger.info(result.toString());
Assert.assertEquals(Status.USER_NO_OPERATION_PERM, result.get(Constants.STATUS));
// user not exist
loginUser.setUserType(UserType.ADMIN_USER);
loginUser.setId(1);
Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, 1, USER_DELETE,baseServiceLogger)).thenReturn(true);
Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null ,0, baseServiceLogger)).thenReturn(true);
result = usersService.deleteUserById(loginUser, 3);
logger.info(result.toString());
Assert.assertEquals(Status.USER_NOT_EXIST, result.get(Constants.STATUS));
@ -372,8 +346,7 @@ public class UsersServiceTest {
Mockito.when(this.userMapper.selectById(authorizer)).thenReturn(this.getUser());
Mockito.when(this.userMapper.selectById(projectCreator)).thenReturn(this.getUser());
Mockito.when(this.projectMapper.queryByCode(projectCode)).thenReturn(this.getProject());
Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, 999, null, baseServiceLogger)).thenReturn(true);
Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null, 1, baseServiceLogger)).thenReturn(true);
// ERROR: USER_NOT_EXIST
User loginUser = new User();
Map<String, Object> result = this.usersService.grantProjectByCode(loginUser, 999, projectCode);
@ -395,8 +368,6 @@ public class UsersServiceTest {
// SUCCESS: USER IS PROJECT OWNER
loginUser.setId(projectCreator);
loginUser.setUserType(UserType.GENERAL_USER);
Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, loginUser.getId(), null, baseServiceLogger)).thenReturn(true);
Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, new Object[]{1}, loginUser.getId(), baseServiceLogger)).thenReturn(true);
result = this.usersService.grantProjectByCode(loginUser, authorizer, projectCode);
logger.info(result.toString());
Assert.assertEquals(Status.SUCCESS, result.get(Constants.STATUS));
@ -404,8 +375,6 @@ public class UsersServiceTest {
// SUCCESS: USER IS ADMINISTRATOR
loginUser.setId(999);
loginUser.setUserType(UserType.ADMIN_USER);
Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, loginUser.getId(), null, baseServiceLogger)).thenReturn(true);
Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, new Object[]{1}, 0, baseServiceLogger)).thenReturn(true);
result = this.usersService.grantProjectByCode(loginUser, authorizer, projectCode);
logger.info(result.toString());
Assert.assertEquals(Status.SUCCESS, result.get(Constants.STATUS));
@ -419,19 +388,12 @@ public class UsersServiceTest {
// user no permission
User loginUser = new User();
loginUser.setId(999);
loginUser.setUserType(UserType.GENERAL_USER);
PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, 999,null, baseServiceLogger)).thenReturn(true);
PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null, 2, baseServiceLogger)).thenReturn(true);
Map<String, Object> result = this.usersService.revokeProject(loginUser, 1, projectCode);
logger.info(result.toString());
Assert.assertEquals(Status.USER_NO_OPERATION_PERM, result.get(Constants.STATUS));
// user not exist
loginUser.setUserType(UserType.ADMIN_USER);
loginUser.setId(1);
PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, loginUser.getId(),null, baseServiceLogger)).thenReturn(true);
PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null, 0, baseServiceLogger)).thenReturn(true);
result = this.usersService.revokeProject(loginUser, 2, projectCode);
logger.info(result.toString());
Assert.assertEquals(Status.USER_NOT_EXIST, result.get(Constants.STATUS));
@ -489,8 +451,6 @@ public class UsersServiceTest {
//user not exist
loginUser.setUserType(UserType.ADMIN_USER);
Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, loginUser.getId(), null, baseServiceLogger)).thenReturn(true);
Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null ,0, baseServiceLogger)).thenReturn(true);
Map<String, Object> result = usersService.grantNamespaces(loginUser, 2, namespaceIds);
logger.info(result.toString());
Assert.assertEquals(Status.USER_NOT_EXIST, result.get(Constants.STATUS));
@ -544,8 +504,6 @@ public class UsersServiceTest {
loginUser.setUserName("admin");
loginUser.setUserType(UserType.ADMIN_USER);
// get admin user
Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, loginUser.getId(), USER_MANAGER, baseServiceLogger)).thenReturn(true);
Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null ,0, baseServiceLogger)).thenReturn(true);
Map<String, Object> result = usersService.getUserInfo(loginUser);
logger.info(result.toString());
Assert.assertEquals(Status.SUCCESS, result.get(Constants.STATUS));
@ -554,10 +512,8 @@ public class UsersServiceTest {
Assert.assertEquals("admin", tempUser.getUserName());
//get general user
loginUser.setUserType(UserType.GENERAL_USER);
loginUser.setUserType(null);
loginUser.setId(1);
Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, 1, null, baseServiceLogger)).thenReturn(true);
Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null ,0, baseServiceLogger)).thenReturn(true);
when(userMapper.queryDetailsById(1)).thenReturn(getGeneralUser());
when(alertGroupMapper.queryByUserId(1)).thenReturn(getAlertGroups());
result = usersService.getUserInfo(loginUser);
@ -572,16 +528,11 @@ public class UsersServiceTest {
public void testQueryAllGeneralUsers() {
User loginUser = new User();
//no operate
loginUser.setUserType(UserType.GENERAL_USER);
Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, 99, USER_MANAGER, baseServiceLogger)).thenReturn(true);
Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null ,99, baseServiceLogger)).thenReturn(true);
Map<String, Object> result = usersService.queryAllGeneralUsers(loginUser);
logger.info(result.toString());
Assert.assertEquals(Status.USER_NO_OPERATION_PERM, result.get(Constants.STATUS));
//success
loginUser.setUserType(UserType.ADMIN_USER);
Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, loginUser.getId(), USER_MANAGER, baseServiceLogger)).thenReturn(true);
Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null ,0, baseServiceLogger)).thenReturn(true);
when(userMapper.queryAllGeneralUser()).thenReturn(getUserList());
result = usersService.queryAllGeneralUsers(loginUser);
logger.info(result.toString());
@ -592,9 +543,6 @@ public class UsersServiceTest {
@Test
public void testVerifyUserName() {
User user = new User();
Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, user.getId(), null, baseServiceLogger)).thenReturn(true);
Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null ,0, baseServiceLogger)).thenReturn(true);
//not exist user
Result result = usersService.verifyUserName("admin89899");
logger.info(result.toString());
@ -612,14 +560,9 @@ public class UsersServiceTest {
when(userMapper.selectList(null)).thenReturn(getUserList());
when(userMapper.queryUserListByAlertGroupId(2)).thenReturn(getUserList());
//no operate
loginUser.setUserType(UserType.GENERAL_USER);
Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, 99, null, baseServiceLogger)).thenReturn(true);
Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null ,99, baseServiceLogger)).thenReturn(true);
Map<String, Object> result = usersService.unauthorizedUser(loginUser, 2);
logger.info(result.toString());
loginUser.setUserType(UserType.ADMIN_USER);
Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, loginUser.getId(), null, baseServiceLogger)).thenReturn(true);
Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null ,0, baseServiceLogger)).thenReturn(true);
Assert.assertEquals(Status.USER_NO_OPERATION_PERM, result.get(Constants.STATUS));
//success
result = usersService.unauthorizedUser(loginUser, 2);
@ -630,18 +573,13 @@ public class UsersServiceTest {
@Test
public void testAuthorizedUser() {
User loginUser = new User();
loginUser.setUserType(UserType.GENERAL_USER);
when(userMapper.queryUserListByAlertGroupId(2)).thenReturn(getUserList());
//no operate
Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, loginUser.getId(), null, baseServiceLogger)).thenReturn(true);
Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null ,2, baseServiceLogger)).thenReturn(true);
Map<String, Object> result = usersService.authorizedUser(loginUser, 2);
logger.info(result.toString());
Assert.assertEquals(Status.USER_NO_OPERATION_PERM, result.get(Constants.STATUS));
//success
loginUser.setUserType(UserType.ADMIN_USER);
Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, loginUser.getId(), null, baseServiceLogger)).thenReturn(true);
Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null ,0, baseServiceLogger)).thenReturn(true);
result = usersService.authorizedUser(loginUser, 2);
Assert.assertEquals(Status.SUCCESS, result.get(Constants.STATUS));
List<User> userList = (List<User>) result.get(Constants.DATA_LIST);
@ -695,15 +633,11 @@ public class UsersServiceTest {
String userName = "userTest0002~";
try {
//not admin
Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, 99, null, baseServiceLogger)).thenReturn(true);
Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null ,99, baseServiceLogger)).thenReturn(true);
Map<String, Object> result = usersService.activateUser(user, userName);
Assert.assertEquals(Status.USER_NO_OPERATION_PERM, result.get(Constants.STATUS));
//userName error
user.setUserType(UserType.ADMIN_USER);
Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, user.getId(), null, baseServiceLogger)).thenReturn(true);
Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null ,0, baseServiceLogger)).thenReturn(true);
result = usersService.activateUser(user, userName);
Assert.assertEquals(Status.REQUEST_PARAMS_NOT_VALID_ERROR, result.get(Constants.STATUS));
@ -739,16 +673,11 @@ public class UsersServiceTest {
try {
//not admin
Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, user.getId(), null, baseServiceLogger)).thenReturn(true);
Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null ,2, baseServiceLogger)).thenReturn(true);
Map<String, Object> result = usersService.batchActivateUser(user, userNames);
Assert.assertEquals(Status.USER_NO_OPERATION_PERM, result.get(Constants.STATUS));
//batch activate user names
user.setUserType(UserType.ADMIN_USER);
user.setId(1);
Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, user.getId(), null, baseServiceLogger)).thenReturn(true);
Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null ,0, baseServiceLogger)).thenReturn(true);
when(userMapper.queryByUserNameAccurately("userTest0001")).thenReturn(getUser());
when(userMapper.queryByUserNameAccurately("userTest0002")).thenReturn(getDisabledUser());
result = usersService.batchActivateUser(user, userNames);

8
dolphinscheduler-common/src/main/java/org/apache/dolphinscheduler/common/enums/AuthorizationType.java
Unescape View File

@ -56,11 +56,13 @@ public enum AuthorizationType {
QUEUE(10,"queue"),
DATA_ANALYSIS(11,"data analysis"),
K8S_NAMESPACE(12,"k8s namespace"),
MONITOR(13,"montitor"),
MONITOR(13,"monitor"),
ALERT_PLUGIN_INSTANCE(14,"alert plugin instance"),
TENANT(15,"tenant"),
USER(16,"user"),
DATA_QUALITY(17,"data quality");
DATA_QUALITY(16,"data quality"),
TASK_GROUP(17,"task group"),
;
AuthorizationType(int code, String descp) {
this.code = code;
this.descp = descp;

2
dolphinscheduler-dao/src/main/java/org/apache/dolphinscheduler/dao/entity/TaskGroup.java
Unescape View File

@ -33,7 +33,7 @@ public class TaskGroup implements Serializable {
* key
*/
@TableId(value = "id", type = IdType.AUTO)
private int id;
private Integer id;
/**
* task_group name
*/

2
dolphinscheduler-dao/src/main/java/org/apache/dolphinscheduler/dao/mapper/AlertGroupMapper.java
Unescape View File

@ -90,6 +90,6 @@ public interface AlertGroupMapper extends BaseMapper<AlertGroup> {
* @param alertGroupsIds
* @return
*/
<T> List<AlertGroup> listAuthorizedAlertGroupList (@Param("userId") int userId, @Param("alertGroupsIds")T[] alertGroupsIds);
<T> List<AlertGroup> listAuthorizedAlertGroupList (@Param("userId") int userId, @Param("alertGroupsIds")List<Integer> alertGroupsIds);
}

2
dolphinscheduler-dao/src/main/java/org/apache/dolphinscheduler/dao/mapper/ResourceMapper.java
Unescape View File

@ -62,9 +62,9 @@ public interface ResourceMapper extends BaseMapper<Resource> {
* @return resource page
*/
IPage<Resource> queryResourcePaging(IPage<Resource> page,
@Param("userId") int userId,
@Param("id") int id,
@Param("type") int type,
@Param("userId") int userId,
@Param("searchVal") String searchVal,
@Param("resIds") List<Integer> resIds);

11
dolphinscheduler-dao/src/main/java/org/apache/dolphinscheduler/dao/mapper/UdfFuncMapper.java
Unescape View File

@ -52,7 +52,7 @@ public interface UdfFuncMapper extends BaseMapper<UdfFunc> {
* @return udf function IPage
*/
IPage<UdfFunc> queryUdfFuncPaging(IPage<UdfFunc> page,
@Param("userId") int userId,
@Param("ids") List<Integer> ids,
@Param("searchVal") String searchVal);
/**
@ -61,7 +61,7 @@ public interface UdfFuncMapper extends BaseMapper<UdfFunc> {
* @param type type
* @return udf function list
*/
List<UdfFunc> getUdfFuncByType(@Param("userId") int userId,
List<UdfFunc> getUdfFuncByType(@Param("ids") List<Integer> ids,
@Param("type") Integer type);
/**
@ -107,5 +107,10 @@ public interface UdfFuncMapper extends BaseMapper<UdfFunc> {
*/
int batchUpdateUdfFunc(@Param("udfFuncList") List<UdfFunc> udfFuncList);
/**
* listAuthorizedUdfByUserId
* @param userId
* @return
*/
List<UdfFunc> listAuthorizedUdfByUserId(@Param("userId") int userId);
}

2
dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/AccessTokenMapper.xml
Unescape View File

@ -50,7 +50,7 @@
<if test="userId != 0">
and t.user_id = #{userId}
</if>
<if test="accessTokensIds != null and accessTokensIds.length > 0">
<if test="accessTokensIds != null and accessTokensIds.size() > 0">
and t.id in
<foreach item="id" index="index" collection="accessTokensIds" open="(" separator="," close=")">
#{id}

2
dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/AlertGroupMapper.xml
Unescape View File

@ -80,7 +80,7 @@
<if test="userId != 0">
and ag.create_user_id = #{userId}
</if>
<if test="alertGroupsIds != null and alertGroupsIds.length > 0">
<if test="alertGroupsIds != null and alertGroupsIds.size() > 0">
and ag.id in
<foreach item="id" index="index" collection="alertGroupsIds" open="(" separator="," close=")">
#{id}

8
dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/AlertPluginInstanceMapper.xml
Unescape View File

@ -59,12 +59,4 @@
where instance_name = #{instanceName} limit 1
</select>
<select id="queryAllAlertPluginInstanceList"
resultType="org.apache.dolphinscheduler.dao.entity.AlertPluginInstance">
select
<include refid="baseSql"/>
from t_ds_alert_plugin_instance
</select>
</mapper>

1
dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/ProjectUserMapper.xml
Unescape View File

@ -37,5 +37,4 @@
and user_id = #{userId}
limit 1
</select>
</mapper>

17
dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/ResourceMapper.xml
Unescape View File

@ -60,17 +60,12 @@
</include>
,u.user_name
from t_ds_resources d,t_ds_user u
where d.type=#{type} and d.pid=#{id} and d.user_id=u.id
<if test="userId != 0">
and (
d.user_id=#{userId}
<if test="resIds != null and resIds.size() > 0">
or d.id in
<foreach collection="resIds" item="i" open="(" close=")" separator=",">
#{i}
</foreach>
</if>
)
where d.type=#{type} and d.pid=#{id} and u.id = #{userId}
<if test="resIds != null and resIds.size() > 0">
and d.id in
<foreach collection="resIds" item="i" open="(" close=")" separator=",">
#{i}
</foreach>
</if>
<if test="searchVal != null and searchVal != ''">
and d.alias like concat('%', #{searchVal}, '%')

42
dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/UdfFuncMapper.xml
Unescape View File

@ -62,11 +62,17 @@
<if test="searchVal!= null and searchVal != ''">
and udf.func_name like concat('%', #{searchVal}, '%')
</if>
<if test="userId != 0">
and udf.id in (
select udf_id from t_ds_relation_udfs_user where user_id=#{userId}
union select id as udf_id from t_ds_udfs where user_id=#{userId})
<if test="ids != null and ids.size() > 0">
and udf.id in
<foreach collection="ids" item="i" open="(" close=")" separator=",">
#{i}
</foreach>
</if>
<!-- <if test="userId != 0">-->
<!-- and udf.id in (-->
<!-- select udf_id from t_ds_relation_udfs_user where user_id=#{userId}-->
<!-- union select id as udf_id from t_ds_udfs where user_id=#{userId})-->
<!-- </if>-->
order by udf.create_time desc
</select>
<select id="getUdfFuncByType" resultType="org.apache.dolphinscheduler.dao.entity.UdfFunc">
@ -76,11 +82,17 @@
</include>
from t_ds_udfs udf
where udf.type=#{type}
<if test="userId != 0">
and udf.id in (
select udf_id from t_ds_relation_udfs_user where user_id=#{userId}
union select id as udf_id from t_ds_udfs where user_id=#{userId})
<if test="ids != null and ids.size() > 0">
and udf.id in
<foreach collection="ids" item="i" open="(" close=")" separator=",">
#{i}
</foreach>
</if>
<!-- <if test="userId != 0">-->
<!-- and udf.id in (-->
<!-- select udf_id from t_ds_relation_udfs_user where user_id=#{userId}-->
<!-- union select id as udf_id from t_ds_udfs where user_id=#{userId})-->
<!-- </if>-->
</select>
<select id="queryUdfFuncExceptUserId" resultType="org.apache.dolphinscheduler.dao.entity.UdfFunc">
select
@ -157,5 +169,19 @@
</where>
</foreach>
</update>
<select id="listAuthorizedUdfByUserId" resultType="org.apache.dolphinscheduler.dao.entity.UdfFunc">
select
<include refid="baseSql">
<property name="alias" value="udf"/>
</include>
from t_ds_udfs udf
where 1=1
<if test="userId != 0">
and udf.id in (
select udf_id from t_ds_relation_udfs_user where user_id=#{userId}
union select id as udf_id from t_ds_udfs where user_id=#{userId})
</if>
</select>
</mapper>

11
dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/UserMapper.xml
Unescape View File

@ -131,15 +131,4 @@
from t_ds_user u, t_ds_relation_project_user rel
where u.id = rel.user_id and rel.project_id = #{projectId}
</select>
<select id="listAuthorizedUsersList" resultType="org.apache.dolphinscheduler.dao.entity.Project">
select
*
from t_ds_project dp
where 1=1
<if test="userId != 0">
and dp.id in (select project_id from t_ds_relation_project_user where user_id=#{userId}
union select id as project_id from t_ds_project where user_id=#{userId})
</if>
</select>
</mapper>

6
dolphinscheduler-dao/src/test/java/org/apache/dolphinscheduler/dao/mapper/ResourceMapperTest.java
Unescape View File

@ -231,17 +231,17 @@ public class ResourceMapperTest extends BaseDaoTest {
IPage<Resource> resourceIPage = resourceMapper.queryResourcePaging(
page,
0,
-1,
resource.getType().ordinal(),
1110,
"",
new ArrayList<>()
new ArrayList<>(resource.getId())
);
IPage<Resource> resourceIPage1 = resourceMapper.queryResourcePaging(
page,
1110,
-1,
resource.getType().ordinal(),
1110,
"",
null
);

6
dolphinscheduler-dao/src/test/java/org/apache/dolphinscheduler/dao/mapper/UdfFuncMapperTest.java
Unescape View File

@ -27,6 +27,7 @@ import org.apache.dolphinscheduler.dao.entity.User;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Date;
import java.util.List;
@ -212,7 +213,8 @@ public class UdfFuncMapperTest extends BaseDaoTest {
UdfFunc udfFunc = insertOne(user);
//queryUdfFuncPaging
Page<UdfFunc> page = new Page(1, 3);
IPage<UdfFunc> udfFuncIPage = udfFuncMapper.queryUdfFuncPaging(page, user.getId(), "");
IPage<UdfFunc> udfFuncIPage = udfFuncMapper.queryUdfFuncPaging(page, Collections.singletonList(udfFunc.getId()), "");
Assert.assertNotEquals(udfFuncIPage.getTotal(), 0);
}
@ -227,7 +229,7 @@ public class UdfFuncMapperTest extends BaseDaoTest {
//insertOne
UdfFunc udfFunc = insertOne(user);
//getUdfFuncByType
List<UdfFunc> udfFuncList = udfFuncMapper.getUdfFuncByType(user.getId(), udfFunc.getType().ordinal());
List<UdfFunc> udfFuncList = udfFuncMapper.getUdfFuncByType(Collections.singletonList(udfFunc.getId()), udfFunc.getType().ordinal());
Assert.assertNotEquals(udfFuncList.size(), 0);
}

9
dolphinscheduler-service/src/main/java/org/apache/dolphinscheduler/service/permission/ResourcePermissionCheckService.java
Unescape View File

@ -19,6 +19,7 @@ package org.apache.dolphinscheduler.service.permission;
import org.apache.dolphinscheduler.common.enums.AuthorizationType;
import org.slf4j.Logger;
import java.util.List;
import java.util.Set;
public interface ResourcePermissionCheckService<T>{
@ -30,7 +31,7 @@ public interface ResourcePermissionCheckService<T>{
* @param logger
* @return
*/
boolean resourcePermissionCheck(AuthorizationType authorizationType, T[] needChecks, int userId, Logger logger);
boolean resourcePermissionCheck(AuthorizationType authorizationType, Object[] needChecks, Integer userId, Logger logger);
/**
* userOwnedResourceIdsAcquisition
@ -40,17 +41,17 @@ public interface ResourcePermissionCheckService<T>{
* @param <T>
* @return
*/
<T> Set<T> userOwnedResourceIdsAcquisition(AuthorizationType authorizationType, int userId, Logger logger);
<T> Set<T> userOwnedResourceIdsAcquisition(AuthorizationType authorizationType, Integer userId, Logger logger);
/**
* operationpermissionCheck
* @param authorizationType
* @param userId
* @param sourceUrl
* @param permissionKey
* @param logger
* @return
*/
boolean operationPermissionCheck(AuthorizationType authorizationType, int userId, String sourceUrl, Logger logger);
boolean operationPermissionCheck(AuthorizationType authorizationType, Integer userId, String permissionKey, Logger logger);
/**
* functionDisabled

160
dolphinscheduler-service/src/main/java/org/apache/dolphinscheduler/service/permission/ResourcePermissionCheckServiceImpl.java
Unescape View File

@ -68,7 +68,7 @@ public class ResourcePermissionCheckServiceImpl implements ResourcePermissionChe
}
@Override
public boolean resourcePermissionCheck(AuthorizationType authorizationType, Object[] needChecks, int userId, Logger logger) {
public boolean resourcePermissionCheck(AuthorizationType authorizationType, Object[] needChecks, Integer userId, Logger logger) {
if (Objects.nonNull(needChecks) && needChecks.length > 0){
Set<Object> originResSet = new HashSet<>(Arrays.asList(needChecks));
Set<Object> ownResSets = RESOURCE_LIST_MAP.get(authorizationType).listAuthorizedResource(userId, logger);
@ -79,8 +79,8 @@ public class ResourcePermissionCheckServiceImpl implements ResourcePermissionChe
}
@Override
public boolean operationPermissionCheck(AuthorizationType authorizationType, int userId, String sourceUrl, Logger logger) {
return RESOURCE_LIST_MAP.get(authorizationType).permissionCheck(userId, sourceUrl, logger);
public boolean operationPermissionCheck(AuthorizationType authorizationType, Integer userId, String permissionKey, Logger logger) {
return RESOURCE_LIST_MAP.get(authorizationType).permissionCheck(userId, permissionKey, logger);
}
@Override
@ -89,7 +89,7 @@ public class ResourcePermissionCheckServiceImpl implements ResourcePermissionChe
}
@Override
public <T> Set<T> userOwnedResourceIdsAcquisition(AuthorizationType authorizationType, int userId, Logger logger) {
public <T> Set<T> userOwnedResourceIdsAcquisition(AuthorizationType authorizationType, Integer userId, Logger logger) {
User user = processService.getUserById(userId);
if (user == null){
logger.error("user id {} doesn't exist", userId);
@ -99,13 +99,11 @@ public class ResourcePermissionCheckServiceImpl implements ResourcePermissionChe
}
@Component
public static class ProjectsResourceList implements ResourceAcquisitionAndPermissionCheck<Integer> {
public static class ProjectsResourcePermissionCheck implements ResourceAcquisitionAndPermissionCheck<Integer> {
private final ProjectMapper projectMapper;
public ProjectsResourceList(ProjectMapper projectMapper) {
public ProjectsResourcePermissionCheck(ProjectMapper projectMapper) {
this.projectMapper = projectMapper;
}
@ -115,23 +113,118 @@ public class ResourcePermissionCheckServiceImpl implements ResourcePermissionChe
}
@Override
public boolean permissionCheck(int userId, String url, Logger logger) {
public boolean permissionCheck(int userId, String permissionKey, Logger logger) {
// all users can create projects
return true;
}
@Override
public Set<Integer> listAuthorizedResource(int userId, Logger logger) {
return projectMapper.listAuthorizedProjects(userId, null).stream().map(Project::getId).collect(toSet());
}
}
@Component
public static class MonitorResourcePermissionCheck implements ResourceAcquisitionAndPermissionCheck<Integer> {
@Override
public List<AuthorizationType> authorizationTypes() {
return Collections.singletonList(AuthorizationType.MONITOR);
}
@Override
public <T> Set<T> listAuthorizedResource(int userId, Logger logger) {
return null;
}
@Override
public boolean permissionCheck(int userId, String permissionKey, Logger logger) {
return true;
}
}
@Component
public static class FilePermissionCheck implements ResourceAcquisitionAndPermissionCheck<Integer> {
private final ResourceMapper resourceMapper;
public FilePermissionCheck(ResourceMapper resourceMapper) {
this.resourceMapper = resourceMapper;
}
@Override
public List<AuthorizationType> authorizationTypes() {
return Arrays.asList(AuthorizationType.RESOURCE_FILE_ID, AuthorizationType.UDF_FILE);
}
@Override
public Set<Integer> listAuthorizedResource(int userId, Logger logger) {
List<Resource> resources = resourceMapper.queryResourceList(null, userId, -1);
if (resources.isEmpty()){
return Collections.emptySet();
}
return resources.stream().map(Resource::getId).collect(toSet());
}
@Override
public boolean permissionCheck(int userId, String permissionKey, Logger logger) {
return true;
}
}
@Component
public static class UdfFuncPermissionCheck implements ResourceAcquisitionAndPermissionCheck<Integer> {
private final UdfFuncMapper udfFuncMapper;
public UdfFuncPermissionCheck(UdfFuncMapper udfFuncMapper) {
this.udfFuncMapper = udfFuncMapper;
}
@Override
public List<AuthorizationType> authorizationTypes() {
return Collections.singletonList(AuthorizationType.UDF);
}
@Override
public Set<Integer> listAuthorizedResource(int userId, Logger logger) {
List<UdfFunc> udfFuncList = udfFuncMapper.listAuthorizedUdfByUserId(userId);
if (udfFuncList.isEmpty()){
return Collections.emptySet();
}
return udfFuncList.stream().map(UdfFunc::getId).collect(toSet());
}
@Override
public boolean permissionCheck(int userId, String permissionKey, Logger logger) {
return true;
}
}
@Component
public static class TaskGroupPermissionCheck implements ResourceAcquisitionAndPermissionCheck<Integer> {
@Override
public List<AuthorizationType> authorizationTypes() {
return Collections.singletonList(AuthorizationType.TASK_GROUP);
}
@Override
public Set<Integer> listAuthorizedResource(int userId, Logger logger) {
return null;
}
@Override
public boolean permissionCheck(int userId, String permissionKey, Logger logger) {
return true;
}
}
@Component
public static class K8sNamespaceResourceList implements ResourceAcquisitionAndPermissionCheck<Integer> {
private final K8sNamespaceMapper k8sNamespaceMapper;
public K8sNamespaceResourceList(K8sNamespaceMapper k8sNamespaceMapper) {
this.k8sNamespaceMapper = k8sNamespaceMapper;
}
@ -158,8 +251,6 @@ public class ResourcePermissionCheckServiceImpl implements ResourcePermissionChe
private final EnvironmentMapper environmentMapper;
public EnvironmentResourceList(EnvironmentMapper environmentMapper) {
this.environmentMapper = environmentMapper;
}
@ -185,8 +276,6 @@ public class ResourcePermissionCheckServiceImpl implements ResourcePermissionChe
private final QueueMapper queueMapper;
public QueueResourceList(QueueMapper queueMapper) {
this.queueMapper = queueMapper;
}
@ -213,8 +302,6 @@ public class ResourcePermissionCheckServiceImpl implements ResourcePermissionChe
private final WorkerGroupMapper workerGroupMapper;
public WorkerGroupResourceList(WorkerGroupMapper workerGroupMapper) {
this.workerGroupMapper = workerGroupMapper;
}
@ -244,8 +331,6 @@ public class ResourcePermissionCheckServiceImpl implements ResourcePermissionChe
private final AlertPluginInstanceMapper alertPluginInstanceMapper;
public AlertPluginInstanceResourceList(AlertPluginInstanceMapper alertPluginInstanceMapper) {
this.alertPluginInstanceMapper = alertPluginInstanceMapper;
}
@ -275,8 +360,6 @@ public class ResourcePermissionCheckServiceImpl implements ResourcePermissionChe
private final AlertGroupMapper alertGroupMapper;
public AlertGroupResourceList(AlertGroupMapper alertGroupMapper) {
this.alertGroupMapper = alertGroupMapper;
}
@ -306,8 +389,6 @@ public class ResourcePermissionCheckServiceImpl implements ResourcePermissionChe
private final TenantMapper tenantMapper;
public TenantResourceList(TenantMapper tenantMapper) {
this.tenantMapper = tenantMapper;
}
@ -329,37 +410,6 @@ public class ResourcePermissionCheckServiceImpl implements ResourcePermissionChe
}
}
/**
* User Resource
*/
@Component
public static class UsersResourceList implements ResourceAcquisitionAndPermissionCheck<Integer> {
private final UserMapper userMapper;
public UsersResourceList(UserMapper userMapper) {
this.userMapper = userMapper;
}
@Override
public List<AuthorizationType> authorizationTypes() {
return Collections.singletonList(AuthorizationType.USER);
}
@Override
public boolean permissionCheck(int userId, String url, Logger logger) {
return true;
}
@Override
public Set<Integer> listAuthorizedResource(int userId, Logger logger) {
return userMapper.listAuthorizedUsersList(userId, null).stream().map(User::getId).collect(toSet());
}
}
/**
* DataSource Resource
*/
@ -506,7 +556,7 @@ public class ResourcePermissionCheckServiceImpl implements ResourcePermissionChe
* @param userId
* @return
*/
boolean permissionCheck(int userId, String url, Logger logger);
boolean permissionCheck(int userId, String permissionKey, Logger logger);
}
}

Write Preview
Loading…
Cancel
Save