From a4948f58e671ab263060da1de255af3ecd2530ac Mon Sep 17 00:00:00 2001 From: WangJPLeo <103574007+WangJPLeo@users.noreply.github.com> Date: Tue, 31 May 2022 08:14:45 +0800 Subject: [PATCH] [Feature][Permission] Reconstruction of permissions of resource center and monitoring center. (#10307) * Reconstruction of permissions of resource center and monitoring center. * clear local logs. * resource query fix --- .../api/ApiApplicationServer.java | 1 + .../ApiFuncIdentificationConstant.java | 42 +++- .../api/controller/ResourcesController.java | 29 +-- .../dolphinscheduler/api/enums/Status.java | 5 +- .../api/python/PythonGateway.java | 4 +- .../api/service/ResourcesService.java | 12 +- .../api/service/UdfFuncService.java | 11 +- .../api/service/impl/BaseServiceImpl.java | 6 +- .../api/service/impl/MonitorServiceImpl.java | 26 ++- .../api/service/impl/ProjectServiceImpl.java | 11 +- .../service/impl/ResourcesServiceImpl.java | 205 ++++++++++++++---- .../impl/TaskGroupQueueServiceImpl.java | 8 + .../service/impl/TaskGroupServiceImpl.java | 47 ++++ .../api/service/impl/UdfFuncServiceImpl.java | 106 ++++++--- .../api/service/impl/UsersServiceImpl.java | 50 ++--- .../controller/AbstractControllerTest.java | 10 + .../controller/ResourcesControllerTest.java | 26 +-- .../api/service/MonitorServiceTest.java | 74 ++++++- .../api/service/ProjectServiceTest.java | 30 +-- .../api/service/ResourcesServiceTest.java | 142 ++++++++++-- .../api/service/TaskGroupServiceTest.java | 34 ++- .../api/service/UdfFuncServiceTest.java | 86 ++++++-- .../api/service/UsersServiceTest.java | 81 +------ .../common/enums/AuthorizationType.java | 8 +- .../dao/entity/TaskGroup.java | 2 +- .../dao/mapper/AlertGroupMapper.java | 2 +- .../dao/mapper/ResourceMapper.java | 2 +- .../dao/mapper/UdfFuncMapper.java | 11 +- .../dao/mapper/AccessTokenMapper.xml | 2 +- .../dao/mapper/AlertGroupMapper.xml | 2 +- .../dao/mapper/AlertPluginInstanceMapper.xml | 8 - .../dao/mapper/ProjectUserMapper.xml | 1 - .../dao/mapper/ResourceMapper.xml | 17 +- .../dao/mapper/UdfFuncMapper.xml | 42 +++- .../dao/mapper/UserMapper.xml | 11 - .../dao/mapper/ResourceMapperTest.java | 6 +- .../dao/mapper/UdfFuncMapperTest.java | 6 +- .../ResourcePermissionCheckService.java | 9 +- .../ResourcePermissionCheckServiceImpl.java | 160 +++++++++----- 39 files changed, 907 insertions(+), 428 deletions(-) diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/ApiApplicationServer.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/ApiApplicationServer.java index 7c3532f7f3..9e6aa94530 100644 --- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/ApiApplicationServer.java +++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/ApiApplicationServer.java @@ -18,6 +18,7 @@ package org.apache.dolphinscheduler.api; import org.apache.dolphinscheduler.service.task.TaskPluginManager; + import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/constants/ApiFuncIdentificationConstant.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/constants/ApiFuncIdentificationConstant.java index 9e33980515..14d73f5198 100644 --- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/constants/ApiFuncIdentificationConstant.java +++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/constants/ApiFuncIdentificationConstant.java @@ -21,7 +21,6 @@ import org.apache.dolphinscheduler.api.enums.ExecuteType; import java.util.HashMap; import java.util.Map; - public class ApiFuncIdentificationConstant { public static final String ACCESS_TOKEN_MANAGE = "security:token:view"; @@ -84,8 +83,6 @@ public class ApiFuncIdentificationConstant { public static final String VIEW_PERMISSION = "security:role:permission-view"; public static final String ASSIGN_PERMISSION = "security:role:permission-assign"; - - public static final String PROJECT = "project:view"; public static final String PROJECT_CREATE = "project:create"; public static final String PROJECT_UPDATE = "project:edit"; @@ -141,6 +138,45 @@ public class ApiFuncIdentificationConstant { public static final String DATASOURCE_LIST = "datasource:list"; public static final String DATASOURCE_PARAM_VIEW = "datasource:param-view"; + public static final String FILE_VIEW = "resources:file:view"; + public static final String FOLDER_ONLINE_CREATE = "resources:folder:online-create"; + public static final String FILE_ONLINE_CREATE = "resources:file:online-create"; + public static final String FILE_UPLOAD = "resources:file:upload"; + public static final String FILE_UPDATE = "resources:file:update-content"; + public static final String FILE_RENAME = "resources:file:rename"; + public static final String FILE_DOWNLOAD = "resources:file:download"; + public static final String FILE_DELETE = "resources:file:delete"; + + public static final String UDF_FILE_VIEW = "resources:udf:view"; + public static final String UDF_FOLDER_ONLINE_CREATE = "resources:udf-folder:online-create"; + public static final String UDF_UPLOAD = "resources:udf:upload"; + public static final String UDF_UPDATE = "resources:udf:edit"; + public static final String UDF_DOWNLOAD = "resources:udf:download"; + public static final String UDF_DELETE = "resources:udf:delete"; + + public static final String UDF_FUNCTION_VIEW = "resources:udf-func:view"; + public static final String UDF_FUNCTION_CREATE = "resources:udf-func:create"; + public static final String UDF_FUNCTION_UPDATE = "resources:udf-func:update"; + public static final String UDF_FUNCTION_DELETE = "resources:udf-func:delete"; + + public static final String TASK_GROUP_VIEW = "resources:task-group:view"; + public static final String TASK_GROUP_CREATE = "resources:task-group:create"; + public static final String TASK_GROUP_CLOSE = "resources:task-group:close"; + public static final String TASK_GROUP_EDIT = "resources:task-group:update"; + public static final String TASK_GROUP_VIEW_QUEUE = "resources:task-group:queue-view"; + + public static final String TASK_GROUP_QUEUE = "resources:task-group-queue:view"; + public static final String TASK_GROUP_QUEUE_PRIORITY = "resources:task-group-queue:priority"; + public static final String TASK_GROUP_QUEUE_START = "resources:task-group-queue:start"; + + public static final String MONITOR_MASTER_VIEW = "monitor:masters:view"; + public static final String MONITOR_WORKER_VIEW = "monitor:workers:view"; + public static final String MONITOR_DATABASES_VIEW = "monitor:databases:view"; + + public static final String MONITOR_STATISTICS_VIEW = "monitor:statistics:view"; + public static final String MONITOR_EVENT_LIST_VIEW = "monitor:event:view"; + public static final String MONITOR_ALERT_LIST_VIEW = "monitor:alert:view"; + public final static Map map = new HashMap(); static{ diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/controller/ResourcesController.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/controller/ResourcesController.java index 11a74e2f51..afd3b60092 100644 --- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/controller/ResourcesController.java +++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/controller/ResourcesController.java @@ -316,8 +316,7 @@ public class ResourcesController extends BaseController { @RequestParam(value = "type") ResourceType type, @RequestParam(value = "programType", required = false) ProgramType programType ) { - Map result = resourceService.queryResourceByProgramType(loginUser, type, programType); - return returnDataList(result); + return resourceService.queryResourceByProgramType(loginUser, type, programType); } /** @@ -345,7 +344,7 @@ public class ResourcesController extends BaseController { @RequestParam(value = "type") ResourceType type ) { - return resourceService.queryResource(fullName, id, type); + return resourceService.queryResource(loginUser, fullName, id, type); } /** @@ -371,7 +370,7 @@ public class ResourcesController extends BaseController { @RequestParam(value = "skipLineNum") int skipLineNum, @RequestParam(value = "limit") int limit ) { - return resourceService.readResource(resourceId, skipLineNum, limit); + return resourceService.readResource(loginUser, resourceId, skipLineNum, limit); } /** @@ -432,7 +431,7 @@ public class ResourcesController extends BaseController { logger.error("The resource file contents are not allowed to be empty"); return error(RESOURCE_FILE_IS_EMPTY.getCode(), RESOURCE_FILE_IS_EMPTY.getMsg()); } - return resourceService.updateResourceContent(resourceId, content); + return resourceService.updateResourceContent(loginUser, resourceId, content); } /** @@ -452,7 +451,7 @@ public class ResourcesController extends BaseController { @AccessLogAnnotation(ignoreRequestArgs = "loginUser") public ResponseEntity downloadResource(@ApiIgnore @RequestAttribute(value = Constants.SESSION_USER) User loginUser, @PathVariable(value = "id") int resourceId) throws Exception { - Resource file = resourceService.downloadResource(resourceId); + Resource file = resourceService.downloadResource(loginUser, resourceId); if (file == null) { return ResponseEntity.status(HttpStatus.BAD_REQUEST).body(RESOURCE_NOT_EXIST.getMsg()); } @@ -521,8 +520,7 @@ public class ResourcesController extends BaseController { @AccessLogAnnotation(ignoreRequestArgs = "loginUser") public Result viewUIUdfFunction(@ApiIgnore @RequestAttribute(value = Constants.SESSION_USER) User loginUser, @PathVariable("id") int id) { - Map map = udfFuncService.queryUdfFuncDetail(id); - return returnDataList(map); + return udfFuncService.queryUdfFuncDetail(loginUser, id); } /** @@ -563,8 +561,7 @@ public class ResourcesController extends BaseController { @RequestParam(value = "database", required = false) String database, @RequestParam(value = "description", required = false) String description, @PathVariable(value = "resourceId") int resourceId) { - Map result = udfFuncService.updateUdfFunc(udfFuncId, funcName, className, argTypes, database, description, type, resourceId); - return returnDataList(result); + return udfFuncService.updateUdfFunc(loginUser, udfFuncId, funcName, className, argTypes, database, description, type, resourceId); } /** @@ -595,8 +592,7 @@ public class ResourcesController extends BaseController { if (!result.checkResult()) { return result; } - result = udfFuncService.queryUdfFuncListPaging(loginUser, searchVal, pageNo, pageSize); - return result; + return udfFuncService.queryUdfFuncListPaging(loginUser, searchVal, pageNo, pageSize); } /** @@ -616,8 +612,7 @@ public class ResourcesController extends BaseController { @AccessLogAnnotation(ignoreRequestArgs = "loginUser") public Result queryUdfFuncList(@ApiIgnore @RequestAttribute(value = Constants.SESSION_USER) User loginUser, @RequestParam("type") UdfType type) { - Map result = udfFuncService.queryUdfFuncList(loginUser, type.ordinal()); - return returnDataList(result); + return udfFuncService.queryUdfFuncList(loginUser, type.ordinal()); } /** @@ -639,7 +634,7 @@ public class ResourcesController extends BaseController { public Result verifyUdfFuncName(@ApiIgnore @RequestAttribute(value = Constants.SESSION_USER) User loginUser, @RequestParam(value = "name") String name ) { - return udfFuncService.verifyUdfFuncByName(name); + return udfFuncService.verifyUdfFuncByName(loginUser, name); } /** @@ -660,7 +655,7 @@ public class ResourcesController extends BaseController { public Result deleteUdfFunc(@ApiIgnore @RequestAttribute(value = Constants.SESSION_USER) User loginUser, @PathVariable(value = "id") int udfFuncId ) { - return udfFuncService.delete(udfFuncId); + return udfFuncService.delete(loginUser, udfFuncId); } /** @@ -770,6 +765,6 @@ public class ResourcesController extends BaseController { @PathVariable(value = "id", required = true) Integer id ) { - return resourceService.queryResourceById(id); + return resourceService.queryResourceById(loginUser, id); } } diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/enums/Status.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/enums/Status.java index c346d9577d..1b1bbbe463 100644 --- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/enums/Status.java +++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/enums/Status.java @@ -404,7 +404,10 @@ public enum Status { QUERY_CAN_USE_K8S_CLUSTER_ERROR(1300014, "login user query can used k8s cluster list error", "查询可用k8s集群错误"), RESOURCE_FULL_NAME_TOO_LONG_ERROR(1300015, "resource's fullname is too long error", "资源文件名过长"), TENANT_FULL_NAME_TOO_LONG_ERROR(1300016, "tenant's fullname is too long error", "租户名过长"), - FUNCTION_DISABLED(1400002, "The current feature is disabled.", "当前功能已被禁用"); + + NO_CURRENT_OPERATING_PERMISSION(1400001, "The current user does not have this permission.", "当前用户无此权限"), + FUNCTION_DISABLED(1400002, "The current feature is disabled.", "当前功能已被禁用"), + ; private final int code; private final String enMsg; diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/python/PythonGateway.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/python/PythonGateway.java index 817f411854..e142c421b0 100644 --- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/python/PythonGateway.java +++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/python/PythonGateway.java @@ -536,8 +536,8 @@ public class PythonGateway { public Map getResourcesFileInfo(String programType, String fullName) { Map result = new HashMap<>(); - Map resources = resourceService.queryResourceByProgramType(dummyAdminUser, ResourceType.FILE, ProgramType.valueOf(programType)); - List resourcesComponent = (List) resources.get(Constants.DATA_LIST); + Result resources = resourceService.queryResourceByProgramType(dummyAdminUser, ResourceType.FILE, ProgramType.valueOf(programType)); + List resourcesComponent = (List) resources.getData(); List namedResources = resourcesComponent.stream().filter(s -> fullName.equals(s.getFullName())).collect(Collectors.toList()); if (CollectionUtils.isEmpty(namedResources)) { String msg = String.format("Can not find valid resource by program type %s and name %s", programType, fullName); diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/ResourcesService.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/ResourcesService.java index 2433e34a08..ddecb2cd99 100644 --- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/ResourcesService.java +++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/ResourcesService.java @@ -115,7 +115,7 @@ public interface ResourcesService { * @param type resource type * @return resource list */ - Map queryResourceByProgramType(User loginUser, ResourceType type, ProgramType programType); + Result queryResourceByProgramType(User loginUser, ResourceType type, ProgramType programType); /** * delete resource @@ -143,7 +143,7 @@ public interface ResourcesService { * @param type resource type * @return true if the resource full name or pid not exists, otherwise return false */ - Result queryResource(String fullName,Integer id,ResourceType type); + Result queryResource(User loginUser,String fullName,Integer id,ResourceType type); /** * view resource file online @@ -153,7 +153,7 @@ public interface ResourcesService { * @param limit limit * @return resource content */ - Result readResource(int resourceId, int skipLineNum, int limit); + Result readResource(User loginUser,int resourceId, int skipLineNum, int limit); /** * create resource file online @@ -175,7 +175,7 @@ public interface ResourcesService { * @param content content * @return update result cod */ - Result updateResourceContent(int resourceId, String content); + Result updateResourceContent(User loginUser,int resourceId, String content); /** * download file @@ -184,7 +184,7 @@ public interface ResourcesService { * @return resource content * @throws IOException exception */ - org.springframework.core.io.Resource downloadResource(int resourceId) throws IOException; + org.springframework.core.io.Resource downloadResource(User loginUser, int resourceId) throws IOException; /** * list all file @@ -236,6 +236,6 @@ public interface ResourcesService { * @param resourceId resource id * @return resource */ - Result queryResourceById(Integer resourceId); + Result queryResourceById(User loginUser, Integer resourceId); } diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/UdfFuncService.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/UdfFuncService.java index 43e856e288..1f5d1ab339 100644 --- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/UdfFuncService.java +++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/UdfFuncService.java @@ -56,7 +56,7 @@ public interface UdfFuncService { * @param id udf function id * @return udf function detail */ - Map queryUdfFuncDetail(int id); + Result queryUdfFuncDetail(User loginUser,int id); /** * updateProcessInstance udf function @@ -71,7 +71,8 @@ public interface UdfFuncService { * @param className class name * @return update result code */ - Map updateUdfFunc(int udfFuncId, + Result updateUdfFunc(User loginUser, + int udfFuncId, String funcName, String className, String argTypes, @@ -98,7 +99,7 @@ public interface UdfFuncService { * @param type udf type * @return udf func list */ - Map queryUdfFuncList(User loginUser, Integer type); + Result queryUdfFuncList(User loginUser, Integer type); /** * delete udf function @@ -106,7 +107,7 @@ public interface UdfFuncService { * @param id udf function id * @return delete result code */ - Result delete(int id); + Result delete(User loginUser, int id); /** * verify udf function by name @@ -114,6 +115,6 @@ public interface UdfFuncService { * @param name name * @return true if the name can user, otherwise return false */ - Result verifyUdfFuncByName(String name); + Result verifyUdfFuncByName(User loginUser, String name); } \ No newline at end of file diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/BaseServiceImpl.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/BaseServiceImpl.java index 7b41c69484..ab17c87a16 100644 --- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/BaseServiceImpl.java +++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/BaseServiceImpl.java @@ -45,7 +45,7 @@ public class BaseServiceImpl implements BaseService { private static final Logger logger = LoggerFactory.getLogger(BaseServiceImpl.class); @Autowired - private ResourcePermissionCheckService resourcePermissionCheckService; + protected ResourcePermissionCheckService resourcePermissionCheckService; /** * check admin @@ -162,8 +162,8 @@ public class BaseServiceImpl implements BaseService { * @return boolean */ @Override - public boolean canOperatorPermissions(User user, Object[] ids,AuthorizationType type,String perm) { - boolean operationPermissionCheck = resourcePermissionCheckService.operationPermissionCheck(type, user.getId(), perm, logger); + public boolean canOperatorPermissions(User user, Object[] ids,AuthorizationType type,String permissionKey) { + boolean operationPermissionCheck = resourcePermissionCheckService.operationPermissionCheck(type, user.getId(), permissionKey, logger); boolean resourcePermissionCheck = resourcePermissionCheckService.resourcePermissionCheck(type, ids, user.getUserType().equals(UserType.ADMIN_USER) ? 0 : user.getId(), logger); return operationPermissionCheck && resourcePermissionCheck; } diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/MonitorServiceImpl.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/MonitorServiceImpl.java index 934aaf4464..356a015b7e 100644 --- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/MonitorServiceImpl.java +++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/MonitorServiceImpl.java @@ -17,9 +17,11 @@ package org.apache.dolphinscheduler.api.service.impl; +import org.apache.dolphinscheduler.api.constants.ApiFuncIdentificationConstant; import org.apache.dolphinscheduler.api.enums.Status; import org.apache.dolphinscheduler.api.service.MonitorService; import org.apache.dolphinscheduler.common.Constants; +import org.apache.dolphinscheduler.common.enums.AuthorizationType; import org.apache.dolphinscheduler.common.enums.NodeType; import org.apache.dolphinscheduler.common.model.Server; import org.apache.dolphinscheduler.common.model.WorkerServerModel; @@ -34,6 +36,8 @@ import java.util.Map; import java.util.function.Function; import java.util.stream.Collectors; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; @@ -45,6 +49,8 @@ import com.google.common.collect.Sets; @Service public class MonitorServiceImpl extends BaseServiceImpl implements MonitorService { + public static final Logger logger = LoggerFactory.getLogger(MonitorServiceImpl.class); + @Autowired private MonitorDBDao monitorDBDao; @@ -60,14 +66,14 @@ public class MonitorServiceImpl extends BaseServiceImpl implements MonitorServic @Override public Map queryDatabaseState(User loginUser) { Map result = new HashMap<>(); - + if (!canOperatorPermissions(loginUser, null, AuthorizationType.MONITOR, ApiFuncIdentificationConstant.MONITOR_DATABASES_VIEW)) { + putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION); + return result; + } List monitorRecordList = monitorDBDao.queryDatabaseState(); - result.put(Constants.DATA_LIST, monitorRecordList); putMsg(result, Status.SUCCESS); - return result; - } /** @@ -78,9 +84,11 @@ public class MonitorServiceImpl extends BaseServiceImpl implements MonitorServic */ @Override public Map queryMaster(User loginUser) { - Map result = new HashMap<>(); - + if (!canOperatorPermissions(loginUser, null, AuthorizationType.MONITOR, ApiFuncIdentificationConstant.MONITOR_MASTER_VIEW)) { + putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION); + return result; + } List masterServers = getServerListFromRegistry(true); result.put(Constants.DATA_LIST, masterServers); putMsg(result, Status.SUCCESS); @@ -98,6 +106,12 @@ public class MonitorServiceImpl extends BaseServiceImpl implements MonitorServic public Map queryWorker(User loginUser) { Map result = new HashMap<>(); + + if (!canOperatorPermissions(loginUser, null, AuthorizationType.MONITOR, ApiFuncIdentificationConstant.MONITOR_WORKER_VIEW)) { + putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION); + return result; + } + List workerServers = getServerListFromRegistry(false) .stream() .map((Server server) -> { diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ProjectServiceImpl.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ProjectServiceImpl.java index ee4096054f..086961a0f2 100644 --- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ProjectServiceImpl.java +++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ProjectServiceImpl.java @@ -87,17 +87,15 @@ public class ProjectServiceImpl extends BaseServiceImpl implements ProjectServic @Override public Map createProject(User loginUser, String name, String desc) { - Map result = new HashMap<>(); - Map descCheck = checkDesc(desc); - if (descCheck.get(Constants.STATUS) != Status.SUCCESS) { - return descCheck; + Map result = checkDesc(desc); + if (result.get(Constants.STATUS) != Status.SUCCESS) { + return result; } if (!canOperatorPermissions(loginUser, null,AuthorizationType.PROJECTS, PROJECT_CREATE)) { putMsg(result, Status.USER_NO_OPERATION_PERM); return result; } - Project project = projectMapper.queryByName(name); if (project != null) { putMsg(result, Status.PROJECT_ALREADY_EXISTS, name); @@ -482,7 +480,6 @@ public class ProjectServiceImpl extends BaseServiceImpl implements ProjectServic } /** -<<<<<<< HEAD * check whether have read permission new * @param user * @param id @@ -495,8 +492,6 @@ public class ProjectServiceImpl extends BaseServiceImpl implements ProjectServic } /** -======= ->>>>>>> f3b76b72a ([Feature][API] Modify the permissions of project management, security center, data source center and data quality module.) * query permission id * * @param user user diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ResourcesServiceImpl.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ResourcesServiceImpl.java index 1c5804cd81..35d00d0d25 100644 --- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ResourcesServiceImpl.java +++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ResourcesServiceImpl.java @@ -25,6 +25,7 @@ import com.google.common.io.Files; import org.apache.commons.beanutils.BeanMap; import org.apache.commons.collections.CollectionUtils; import org.apache.commons.lang.StringUtils; +import org.apache.dolphinscheduler.api.constants.ApiFuncIdentificationConstant; import org.apache.dolphinscheduler.api.dto.resources.ResourceComponent; import org.apache.dolphinscheduler.api.dto.resources.filter.ResourceFilter; import org.apache.dolphinscheduler.api.dto.resources.visitor.ResourceTreeVisitor; @@ -36,6 +37,7 @@ import org.apache.dolphinscheduler.api.utils.PageInfo; import org.apache.dolphinscheduler.api.utils.RegexUtils; import org.apache.dolphinscheduler.api.utils.Result; import org.apache.dolphinscheduler.common.Constants; +import org.apache.dolphinscheduler.common.enums.AuthorizationType; import org.apache.dolphinscheduler.common.enums.ProgramType; import org.apache.dolphinscheduler.common.enums.ResUploadType; import org.apache.dolphinscheduler.common.storage.StorageOperate; @@ -54,6 +56,7 @@ import org.apache.dolphinscheduler.dao.mapper.TenantMapper; import org.apache.dolphinscheduler.dao.mapper.UdfFuncMapper; import org.apache.dolphinscheduler.dao.mapper.UserMapper; import org.apache.dolphinscheduler.dao.utils.ResourceProcessDefinitionUtils; +import org.apache.dolphinscheduler.service.permission.ResourcePermissionCheckService; import org.apache.dolphinscheduler.spi.enums.ResourceType; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -66,7 +69,17 @@ import org.springframework.web.multipart.MultipartFile; import java.io.IOException; import java.rmi.ServerException; import java.text.MessageFormat; -import java.util.*; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collections; +import java.util.Date; +import java.util.HashMap; +import java.util.HashSet; +import java.util.List; +import java.util.Map; +import java.util.Objects; +import java.util.Set; +import java.util.UUID; import java.util.regex.Matcher; import java.util.stream.Collectors; @@ -105,6 +118,9 @@ public class ResourcesServiceImpl extends BaseServiceImpl implements ResourcesSe @Autowired(required = false) private StorageOperate storageOperate; + + @Autowired + private ResourcePermissionCheckService resourcePermissionCheckService; /** * create directory @@ -125,7 +141,15 @@ public class ResourcesServiceImpl extends BaseServiceImpl implements ResourcesSe ResourceType type, int pid, String currentDir) { - Result result = checkResourceUploadStartupState(); + Result result = new Result<>(); + String funcPermissionKey = type.equals(ResourceType.FILE) ? ApiFuncIdentificationConstant.FOLDER_ONLINE_CREATE : ApiFuncIdentificationConstant.UDF_FOLDER_ONLINE_CREATE; + boolean canOperatorPermissions = canOperatorPermissions(loginUser, null, AuthorizationType.RESOURCE_FILE_ID, funcPermissionKey); + if (!canOperatorPermissions){ + putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION); + return result; + } + + result = checkResourceUploadStartupState(); if (!result.getCode().equals(Status.SUCCESS.getCode())) { return result; } @@ -197,7 +221,14 @@ public class ResourcesServiceImpl extends BaseServiceImpl implements ResourcesSe MultipartFile file, int pid, String currentDir) { - Result result = checkResourceUploadStartupState(); + Result result = new Result<>(); + String funcPermissionKey = type.equals(ResourceType.FILE) ? ApiFuncIdentificationConstant.FILE_ONLINE_CREATE : ApiFuncIdentificationConstant.UDF_FOLDER_ONLINE_CREATE; + boolean canOperatorPermissions = canOperatorPermissions(loginUser, null, AuthorizationType.RESOURCE_FILE_ID, funcPermissionKey); + if (!canOperatorPermissions){ + putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION); + return result; + } + result = checkResourceUploadStartupState(); if (!result.getCode().equals(Status.SUCCESS.getCode())) { return result; } @@ -311,7 +342,14 @@ public class ResourcesServiceImpl extends BaseServiceImpl implements ResourcesSe String desc, ResourceType type, MultipartFile file) { - Result result = checkResourceUploadStartupState(); + Result result = new Result<>(); + String funcPermissionKey = type.equals(ResourceType.FILE) ? ApiFuncIdentificationConstant.FILE_UPDATE : ApiFuncIdentificationConstant.UDF_UPDATE; + boolean canOperatorPermissions = canOperatorPermissions(loginUser, new Object[]{resourceId}, AuthorizationType.RESOURCE_FILE_ID, funcPermissionKey); + if (!canOperatorPermissions){ + putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION); + return result; + } + result = checkResourceUploadStartupState(); if (!result.getCode().equals(Status.SUCCESS.getCode())) { return result; } @@ -577,13 +615,20 @@ public class ResourcesServiceImpl extends BaseServiceImpl implements ResourcesSe */ @Override public Result queryResourceListPaging(User loginUser, int directoryId, ResourceType type, String searchVal, Integer pageNo, Integer pageSize) { + Result result = new Result<>(); + String funcPermissionKey = type.equals(ResourceType.FILE) ? ApiFuncIdentificationConstant.FILE_VIEW : ApiFuncIdentificationConstant.UDF_FILE_VIEW; + boolean canOperatorPermissions = canOperatorPermissions(loginUser, null, AuthorizationType.RESOURCE_FILE_ID, funcPermissionKey); + if (!canOperatorPermissions){ + putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION); + return result; + } - Result result = new Result(); Page page = new Page<>(pageNo, pageSize); int userId = loginUser.getId(); if (isAdmin(loginUser)) { userId = 0; } + if (directoryId != -1) { Resource directory = resourcesMapper.selectById(directoryId); if (directory == null) { @@ -592,9 +637,8 @@ public class ResourcesServiceImpl extends BaseServiceImpl implements ResourcesSe } } - List resourcesIds = resourceUserMapper.queryResourcesIdListByUserIdAndPerm(userId, 0); - - IPage resourceIPage = resourcesMapper.queryResourcePaging(page, userId, directoryId, type.ordinal(), searchVal, resourcesIds); + Set resourcesIds = resourcePermissionCheckService.userOwnedResourceIdsAcquisition(AuthorizationType.RESOURCE_FILE_ID, loginUser.getId(), logger); + IPage resourceIPage = resourcesMapper.queryResourcePaging(page, directoryId, type.ordinal(), loginUser.getId(), searchVal, new ArrayList<>(resourcesIds)); PageInfo pageInfo = new PageInfo<>(pageNo, pageSize); pageInfo.setTotal((int) resourceIPage.getTotal()); @@ -683,6 +727,14 @@ public class ResourcesServiceImpl extends BaseServiceImpl implements ResourcesSe @Override public Map queryResourceList(User loginUser, ResourceType type) { Map result = new HashMap<>(); + + String funcPermissionKey = type.equals(ResourceType.FILE) ? ApiFuncIdentificationConstant.FILE_VIEW : ApiFuncIdentificationConstant.UDF_FILE_VIEW; + boolean canOperatorPermissions = canOperatorPermissions(loginUser, null, AuthorizationType.RESOURCE_FILE_ID, funcPermissionKey); + if (!canOperatorPermissions){ + putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION); + return result; + } + List allResourceList = queryAuthoredResourceList(loginUser, type); Visitor resourceTreeVisitor = new ResourceTreeVisitor(allResourceList); result.put(Constants.DATA_LIST, resourceTreeVisitor.visit().getChildren()); @@ -699,10 +751,22 @@ public class ResourcesServiceImpl extends BaseServiceImpl implements ResourcesSe * @return resource list */ @Override - public Map queryResourceByProgramType(User loginUser, ResourceType type, ProgramType programType) { - Map result = new HashMap<>(); + public Result queryResourceByProgramType(User loginUser, ResourceType type, ProgramType programType) { + Result result = new Result<>(); + String funcPermissionKey = type.equals(ResourceType.FILE) ? ApiFuncIdentificationConstant.FILE_VIEW : ApiFuncIdentificationConstant.UDF_FILE_VIEW; + boolean canOperatorPermissions = canOperatorPermissions(loginUser, null, AuthorizationType.RESOURCE_FILE_ID, funcPermissionKey); + if (!canOperatorPermissions){ + putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION); + return result; + } - List allResourceList = queryAuthoredResourceList(loginUser, type); + Set resourceIds = resourcePermissionCheckService.userOwnedResourceIdsAcquisition(AuthorizationType.RESOURCE_FILE_ID, loginUser.getId(), logger); + if (resourceIds.isEmpty()){ + result.setData(Collections.emptyList()); + putMsg(result, Status.SUCCESS); + return result; + } + List allResourceList = resourcesMapper.selectBatchIds(resourceIds); String suffix = ".jar"; if (programType != null) { @@ -718,9 +782,8 @@ public class ResourcesServiceImpl extends BaseServiceImpl implements ResourcesSe } List resources = new ResourceFilter(suffix, new ArrayList<>(allResourceList)).filter(); Visitor resourceTreeVisitor = new ResourceTreeVisitor(resources); - result.put(Constants.DATA_LIST, resourceTreeVisitor.visit().getChildren()); + result.setData(resourceTreeVisitor.visit().getChildren()); putMsg(result, Status.SUCCESS); - return result; } @@ -735,15 +798,22 @@ public class ResourcesServiceImpl extends BaseServiceImpl implements ResourcesSe @Override @Transactional(rollbackFor = Exception.class) public Result delete(User loginUser, int resourceId) throws IOException { - Result result = checkResourceUploadStartupState(); - if (!result.getCode().equals(Status.SUCCESS.getCode())) { - return result; - } - // get resource by id + Result resultCheck = new Result<>(); Resource resource = resourcesMapper.selectById(resourceId); if (resource == null) { - putMsg(result, Status.RESOURCE_NOT_EXIST); + putMsg(resultCheck, Status.RESOURCE_NOT_EXIST); + return resultCheck; + } + String funcPermissionKey = resource.getType().equals(ResourceType.FILE) ? ApiFuncIdentificationConstant.FILE_DELETE : ApiFuncIdentificationConstant.UDF_DELETE; + boolean canOperatorPermissions = canOperatorPermissions(loginUser, new Object[]{resourceId}, AuthorizationType.RESOURCE_FILE_ID, funcPermissionKey); + if (!canOperatorPermissions){ + putMsg(resultCheck, Status.NO_CURRENT_OPERATING_PERMISSION); + return resultCheck; + } + + Result result = checkResourceUploadStartupState(); + if (!result.getCode().equals(Status.SUCCESS.getCode())) { return result; } if (!canOperator(loginUser, resource.getUserId())) { @@ -818,6 +888,12 @@ public class ResourcesServiceImpl extends BaseServiceImpl implements ResourcesSe @Override public Result verifyResourceName(String fullName, ResourceType type, User loginUser) { Result result = new Result<>(); + String funcPermissionKey = type.equals(ResourceType.FILE) ? ApiFuncIdentificationConstant.FILE_RENAME : ApiFuncIdentificationConstant.UDF_FILE_VIEW; + boolean canOperatorPermissions = canOperatorPermissions(loginUser, null, AuthorizationType.RESOURCE_FILE_ID, funcPermissionKey); + if (!canOperatorPermissions){ + putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION); + return result; + } putMsg(result, Status.SUCCESS); if (checkResourceExists(fullName, type.ordinal())) { logger.error("resource type:{} name:{} has exist, can't create again.", type, RegexUtils.escapeNRT(fullName)); @@ -854,34 +930,40 @@ public class ResourcesServiceImpl extends BaseServiceImpl implements ResourcesSe * @return true if the resource full name or pid not exists, otherwise return false */ @Override - public Result queryResource(String fullName, Integer id, ResourceType type) { + public Result queryResource(User loginUser, String fullName, Integer id, ResourceType type) { Result result = new Result<>(); if (StringUtils.isBlank(fullName) && id == null) { putMsg(result, Status.REQUEST_PARAMS_NOT_VALID_ERROR); return result; } + Resource resource; if (StringUtils.isNotBlank(fullName)) { List resourceList = resourcesMapper.queryResource(fullName, type.ordinal()); if (CollectionUtils.isEmpty(resourceList)) { putMsg(result, Status.RESOURCE_NOT_EXIST); return result; } - putMsg(result, Status.SUCCESS); - result.setData(resourceList.get(0)); + resource = resourceList.get(0); } else { - Resource resource = resourcesMapper.selectById(id); + resource = resourcesMapper.selectById(id); if (resource == null) { putMsg(result, Status.RESOURCE_NOT_EXIST); return result; } - Resource parentResource = resourcesMapper.selectById(resource.getPid()); - if (parentResource == null) { + resource = resourcesMapper.selectById(resource.getPid()); + if (resource == null) { putMsg(result, Status.RESOURCE_NOT_EXIST); return result; } - putMsg(result, Status.SUCCESS); - result.setData(parentResource); } + String funcPermissionKey = type.equals(ResourceType.FILE) ? ApiFuncIdentificationConstant.FILE_VIEW : ApiFuncIdentificationConstant.UDF_FILE_VIEW; + boolean canOperatorPermissions = canOperatorPermissions(loginUser, new Object[]{resource.getId()}, AuthorizationType.RESOURCE_FILE_ID, funcPermissionKey); + if (!canOperatorPermissions){ + putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION); + return result; + } + putMsg(result, Status.SUCCESS); + result.setData(resource); return result; } @@ -891,13 +973,19 @@ public class ResourcesServiceImpl extends BaseServiceImpl implements ResourcesSe * @return resource */ @Override - public Result queryResourceById(Integer id) { + public Result queryResourceById(User loginUser, Integer id) { Result result = new Result<>(); Resource resource = resourcesMapper.selectById(id); if (resource == null) { putMsg(result, Status.RESOURCE_NOT_EXIST); return result; } + String funcPermissionKey = resource.getType().equals(ResourceType.FILE) ? ApiFuncIdentificationConstant.FILE_VIEW : ApiFuncIdentificationConstant.UDF_FILE_VIEW; + boolean canOperatorPermissions = canOperatorPermissions(loginUser, new Object[]{id}, AuthorizationType.RESOURCE_FILE_ID, funcPermissionKey); + if (!canOperatorPermissions){ + putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION); + return result; + } putMsg(result, Status.SUCCESS); result.setData(resource); return result; @@ -912,18 +1000,23 @@ public class ResourcesServiceImpl extends BaseServiceImpl implements ResourcesSe * @return resource content */ @Override - public Result readResource(int resourceId, int skipLineNum, int limit) { + public Result readResource(User loginUser, int resourceId, int skipLineNum, int limit) { Result result = checkResourceUploadStartupState(); if (!result.getCode().equals(Status.SUCCESS.getCode())) { return result; } - // get resource by id Resource resource = resourcesMapper.selectById(resourceId); if (resource == null) { putMsg(result, Status.RESOURCE_NOT_EXIST); return result; } + String funcPermissionKey = resource.getType().equals(ResourceType.FILE) ? ApiFuncIdentificationConstant.FILE_VIEW : ApiFuncIdentificationConstant.UDF_FILE_VIEW; + boolean canOperatorPermissions = canOperatorPermissions(loginUser, new Object[]{resourceId}, AuthorizationType.RESOURCE_FILE_ID, funcPermissionKey); + if (!canOperatorPermissions){ + putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION); + return result; + } //check preview or not by file suffix String nameSuffix = Files.getFileExtension(resource.getAlias()); String resourceViewSuffixes = FileUtils.getResourceViewSuffixes(); @@ -982,7 +1075,14 @@ public class ResourcesServiceImpl extends BaseServiceImpl implements ResourcesSe @Override @Transactional(rollbackFor = Exception.class) public Result onlineCreateResource(User loginUser, ResourceType type, String fileName, String fileSuffix, String desc, String content, int pid, String currentDir) { - Result result = checkResourceUploadStartupState(); + Result result = new Result<>(); + boolean canOperatorPermissions = canOperatorPermissions(loginUser, null, AuthorizationType.RESOURCE_FILE_ID, ApiFuncIdentificationConstant.FILE_ONLINE_CREATE); + if (!canOperatorPermissions){ + putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION); + return result; + } + + result = checkResourceUploadStartupState(); if (!result.getCode().equals(Status.SUCCESS.getCode())) { return result; } @@ -1028,7 +1128,7 @@ public class ResourcesServiceImpl extends BaseServiceImpl implements ResourcesSe String tenantCode = tenantMapper.queryById(loginUser.getTenantId()).getTenantCode(); - result = uploadContentToStorage(fullName, tenantCode, content); + result = uploadContentToStorage(loginUser, fullName, tenantCode, content); if (!result.getCode().equals(Status.SUCCESS.getCode())) { throw new ServiceException(result.getMsg()); } @@ -1081,7 +1181,7 @@ public class ResourcesServiceImpl extends BaseServiceImpl implements ResourcesSe */ @Override @Transactional(rollbackFor = Exception.class) - public Result updateResourceContent(int resourceId, String content) { + public Result updateResourceContent(User loginUser, int resourceId, String content) { Result result = checkResourceUploadStartupState(); if (!result.getCode().equals(Status.SUCCESS.getCode())) { return result; @@ -1093,6 +1193,12 @@ public class ResourcesServiceImpl extends BaseServiceImpl implements ResourcesSe putMsg(result, Status.RESOURCE_NOT_EXIST); return result; } + String funcPermissionKey = resource.getType().equals(ResourceType.FILE) ? ApiFuncIdentificationConstant.FILE_UPDATE : ApiFuncIdentificationConstant.UDF_UPDATE; + boolean canOperatorPermissions = canOperatorPermissions(loginUser, new Object[]{resourceId}, AuthorizationType.RESOURCE_FILE_ID, funcPermissionKey); + if (!canOperatorPermissions){ + putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION); + return result; + } //check can edit by file suffix String nameSuffix = Files.getFileExtension(resource.getAlias()); String resourceViewSuffixes = FileUtils.getResourceViewSuffixes(); @@ -1114,7 +1220,7 @@ public class ResourcesServiceImpl extends BaseServiceImpl implements ResourcesSe resource.setUpdateTime(new Date()); resourcesMapper.updateById(resource); - result = uploadContentToStorage(resource.getFullName(), tenantCode, content); + result = uploadContentToStorage(loginUser, resource.getFullName(), tenantCode, content); updateParentResourceSize(resource, resource.getSize() - originFileSize); if (!result.getCode().equals(Status.SUCCESS.getCode())) { @@ -1129,7 +1235,7 @@ public class ResourcesServiceImpl extends BaseServiceImpl implements ResourcesSe * @param content content * @return result */ - private Result uploadContentToStorage(String resourceName, String tenantCode, String content) { + private Result uploadContentToStorage(User loginUser,String resourceName, String tenantCode, String content) { Result result = new Result<>(); String localFilename = ""; String storageFileName = ""; @@ -1176,7 +1282,7 @@ public class ResourcesServiceImpl extends BaseServiceImpl implements ResourcesSe * @throws IOException exception */ @Override - public org.springframework.core.io.Resource downloadResource(int resourceId) throws IOException { + public org.springframework.core.io.Resource downloadResource(User loginUser, int resourceId) throws IOException { // if resource upload startup if (!PropertyUtils.getResUploadStartupState()) { logger.error("resource upload startup state: {}", PropertyUtils.getResUploadStartupState()); @@ -1188,6 +1294,13 @@ public class ResourcesServiceImpl extends BaseServiceImpl implements ResourcesSe logger.error("download file not exist, resource id {}", resourceId); return null; } + + String funcPermissionKey = resource.getType().equals(ResourceType.FILE) ? ApiFuncIdentificationConstant.FILE_DOWNLOAD : ApiFuncIdentificationConstant.UDF_DOWNLOAD; + boolean canOperatorPermissions = canOperatorPermissions(loginUser, new Object[]{resourceId}, AuthorizationType.RESOURCE_FILE_ID, funcPermissionKey); + if (!canOperatorPermissions){ + logger.error("{}: {}", Status.NO_CURRENT_OPERATING_PERMISSION.getMsg(), PropertyUtils.getResUploadStartupState()); + throw new ServiceException(Status.NO_CURRENT_OPERATING_PERMISSION.getMsg()); + } if (resource.isDirectory()) { logger.error("resource id {} is directory,can't download it", resourceId); throw new ServiceException("can't download directory"); @@ -1234,6 +1347,10 @@ public class ResourcesServiceImpl extends BaseServiceImpl implements ResourcesSe @Override public Map authorizeResourceTree(User loginUser, Integer userId) { Map result = new HashMap<>(); + if (!resourcePermissionCheckService.functionDisabled()){ + putMsg(result, Status.FUNCTION_DISABLED); + return result; + } List resourceList; if (isAdmin(loginUser)) { @@ -1300,7 +1417,11 @@ public class ResourcesServiceImpl extends BaseServiceImpl implements ResourcesSe @Override public Map unauthorizedUDFFunction(User loginUser, Integer userId) { Map result = new HashMap<>(); - + if (!resourcePermissionCheckService.functionDisabled()){ + putMsg(result, Status.FUNCTION_DISABLED); + return result; + } + List udfFuncList; if (isAdmin(loginUser)) { // admin gets all udfs except userId @@ -1334,7 +1455,10 @@ public class ResourcesServiceImpl extends BaseServiceImpl implements ResourcesSe @Override public Map authorizedUDFFunction(User loginUser, Integer userId) { Map result = new HashMap<>(); - + if (!resourcePermissionCheckService.functionDisabled()){ + putMsg(result, Status.FUNCTION_DISABLED); + return result; + } List udfFuncs = udfFunctionMapper.queryAuthedUdfFunc(userId); result.put(Constants.DATA_LIST, udfFuncs); putMsg(result, Status.SUCCESS); @@ -1351,6 +1475,10 @@ public class ResourcesServiceImpl extends BaseServiceImpl implements ResourcesSe @Override public Map authorizedFile(User loginUser, Integer userId) { Map result = new HashMap<>(); + if (!resourcePermissionCheckService.functionDisabled()){ + putMsg(result, Status.FUNCTION_DISABLED); + return result; + } List authedResources = queryResourceList(userId, Constants.AUTHORIZE_WRITABLE_PERM); Visitor visitor = new ResourceTreeVisitor(authedResources); @@ -1472,5 +1600,4 @@ public class ResourcesServiceImpl extends BaseServiceImpl implements ResourcesSe List resIds = resourceUserMapper.queryResourcesIdListByUserIdAndPerm(userId, perm); return CollectionUtils.isEmpty(resIds) ? new ArrayList<>() : resourcesMapper.queryResourceListById(resIds); } - } diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/TaskGroupQueueServiceImpl.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/TaskGroupQueueServiceImpl.java index e457ad8ca4..e276ed0b30 100644 --- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/TaskGroupQueueServiceImpl.java +++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/TaskGroupQueueServiceImpl.java @@ -17,11 +17,13 @@ package org.apache.dolphinscheduler.api.service.impl; +import org.apache.dolphinscheduler.api.constants.ApiFuncIdentificationConstant; import org.apache.dolphinscheduler.api.enums.Status; import org.apache.dolphinscheduler.api.service.ProjectService; import org.apache.dolphinscheduler.api.service.TaskGroupQueueService; import org.apache.dolphinscheduler.api.utils.PageInfo; import org.apache.dolphinscheduler.common.Constants; +import org.apache.dolphinscheduler.common.enums.AuthorizationType; import org.apache.dolphinscheduler.dao.entity.Project; import org.apache.dolphinscheduler.dao.entity.TaskGroupQueue; import org.apache.dolphinscheduler.dao.entity.User; @@ -31,6 +33,7 @@ import org.apache.dolphinscheduler.dao.mapper.TaskInstanceMapper; import java.util.HashMap; import java.util.List; import java.util.Map; +import java.util.Set; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -70,6 +73,11 @@ public class TaskGroupQueueServiceImpl extends BaseServiceImpl implements TaskGr public Map queryTasksByGroupId(User loginUser, String taskName , String processName, Integer status, int groupId, int pageNo, int pageSize) { Map result = new HashMap<>(); + boolean canOperatorPermissions = canOperatorPermissions(loginUser, null, AuthorizationType.TASK_GROUP, ApiFuncIdentificationConstant.TASK_GROUP_QUEUE); + if (!canOperatorPermissions){ + result.put(Constants.STATUS, Status.NO_CURRENT_OPERATING_PERMISSION); + return result; + } Page page = new Page<>(pageNo, pageSize); Map objectMap = this.projectService.queryAuthorizedProject(loginUser, loginUser.getId()); List projects = (List)objectMap.get(Constants.DATA_LIST); diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/TaskGroupServiceImpl.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/TaskGroupServiceImpl.java index 6655455427..e0d57745e1 100644 --- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/TaskGroupServiceImpl.java +++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/TaskGroupServiceImpl.java @@ -17,12 +17,14 @@ package org.apache.dolphinscheduler.api.service.impl; +import org.apache.dolphinscheduler.api.constants.ApiFuncIdentificationConstant; import org.apache.dolphinscheduler.api.enums.Status; import org.apache.dolphinscheduler.api.service.ExecutorService; import org.apache.dolphinscheduler.api.service.TaskGroupQueueService; import org.apache.dolphinscheduler.api.service.TaskGroupService; import org.apache.dolphinscheduler.api.utils.PageInfo; import org.apache.dolphinscheduler.common.Constants; +import org.apache.dolphinscheduler.common.enums.AuthorizationType; import org.apache.dolphinscheduler.common.enums.Flag; import org.apache.dolphinscheduler.dao.entity.TaskGroup; import org.apache.dolphinscheduler.dao.entity.User; @@ -77,6 +79,12 @@ public class TaskGroupServiceImpl extends BaseServiceImpl implements TaskGroupSe @Override public Map createTaskGroup(User loginUser, Long projectCode, String name, String description, int groupSize) { Map result = new HashMap<>(); + + boolean canOperatorPermissions = canOperatorPermissions(loginUser, null, AuthorizationType.TASK_GROUP, ApiFuncIdentificationConstant.TASK_GROUP_CREATE); + if (!canOperatorPermissions){ + putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION); + return result; + } if (name == null) { putMsg(result, Status.NAME_NULL); return result; @@ -117,6 +125,11 @@ public class TaskGroupServiceImpl extends BaseServiceImpl implements TaskGroupSe @Override public Map updateTaskGroup(User loginUser, int id, String name, String description, int groupSize) { Map result = new HashMap<>(); + boolean canOperatorPermissions = canOperatorPermissions(loginUser, null, AuthorizationType.TASK_GROUP, ApiFuncIdentificationConstant.TASK_GROUP_EDIT); + if (!canOperatorPermissions){ + putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION); + return result; + } if (name == null) { putMsg(result, Status.NAME_NULL); return result; @@ -202,6 +215,12 @@ public class TaskGroupServiceImpl extends BaseServiceImpl implements TaskGroupSe public Map queryTaskGroupByProjectCode(User loginUser, int pageNo, int pageSize, Long projectCode) { Map result = new HashMap<>(); Page page = new Page<>(pageNo, pageSize); + + boolean canOperatorPermissions = canOperatorPermissions(loginUser, null, AuthorizationType.TASK_GROUP, ApiFuncIdentificationConstant.TASK_GROUP_VIEW); + if (!canOperatorPermissions){ + putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION); + return result; + } IPage taskGroupPaging = taskGroupMapper.queryTaskGroupPagingByProjectCode(page, projectCode); return getStringObjectMap(pageNo, pageSize, result, taskGroupPaging); @@ -249,6 +268,12 @@ public class TaskGroupServiceImpl extends BaseServiceImpl implements TaskGroupSe public Map doQuery(User loginUser, int pageNo, int pageSize, int userId, String name, Integer status) { Map result = new HashMap<>(); Page page = new Page<>(pageNo, pageSize); + + boolean canOperatorPermissions = canOperatorPermissions(loginUser, null, AuthorizationType.TASK_GROUP, ApiFuncIdentificationConstant.TASK_GROUP_VIEW); + if (!canOperatorPermissions){ + putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION); + return result; + } IPage taskGroupPaging = taskGroupMapper.queryTaskGroupPaging(page, userId, name, status); return getStringObjectMap(pageNo, pageSize, result, taskGroupPaging); @@ -264,6 +289,12 @@ public class TaskGroupServiceImpl extends BaseServiceImpl implements TaskGroupSe @Override public Map closeTaskGroup(User loginUser, int id) { Map result = new HashMap<>(); + + boolean canOperatorPermissions = canOperatorPermissions(loginUser, null, AuthorizationType.TASK_GROUP, ApiFuncIdentificationConstant.TASK_GROUP_CLOSE); + if (!canOperatorPermissions){ + putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION); + return result; + } TaskGroup taskGroup = taskGroupMapper.selectById(id); if (taskGroup.getStatus() == Flag.NO.getCode()) { putMsg(result, Status.TASK_GROUP_STATUS_CLOSED); @@ -286,6 +317,11 @@ public class TaskGroupServiceImpl extends BaseServiceImpl implements TaskGroupSe public Map startTaskGroup(User loginUser, int id) { Map result = new HashMap<>(); + boolean canOperatorPermissions = canOperatorPermissions(loginUser, null, AuthorizationType.TASK_GROUP, ApiFuncIdentificationConstant.TASK_GROUP_CLOSE); + if (!canOperatorPermissions){ + putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION); + return result; + } TaskGroup taskGroup = taskGroupMapper.selectById(id); if (taskGroup.getStatus() == Flag.YES.getCode()) { putMsg(result, Status.TASK_GROUP_STATUS_OPENED); @@ -307,6 +343,12 @@ public class TaskGroupServiceImpl extends BaseServiceImpl implements TaskGroupSe */ @Override public Map forceStartTask(User loginUser, int queueId) { + Map result = new HashMap<>(); + boolean canOperatorPermissions = canOperatorPermissions(loginUser, null, AuthorizationType.TASK_GROUP, ApiFuncIdentificationConstant.TASK_GROUP_QUEUE_START); + if (!canOperatorPermissions){ + putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION); + return result; + } return executorService.forceStartTaskInstance(loginUser, queueId); } @@ -314,6 +356,11 @@ public class TaskGroupServiceImpl extends BaseServiceImpl implements TaskGroupSe public Map modifyPriority(User loginUser, Integer queueId, Integer priority) { Map result = new HashMap<>(); + boolean canOperatorPermissions = canOperatorPermissions(loginUser, null, AuthorizationType.TASK_GROUP, ApiFuncIdentificationConstant.TASK_GROUP_QUEUE_PRIORITY); + if (!canOperatorPermissions){ + putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION); + return result; + } taskGroupQueueService.modifyPriority(queueId, priority); putMsg(result, Status.SUCCESS); return result; diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UdfFuncServiceImpl.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UdfFuncServiceImpl.java index f156eadeb2..04a94198fd 100644 --- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UdfFuncServiceImpl.java +++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UdfFuncServiceImpl.java @@ -17,11 +17,12 @@ package org.apache.dolphinscheduler.api.service.impl; +import org.apache.dolphinscheduler.api.constants.ApiFuncIdentificationConstant; import org.apache.dolphinscheduler.api.enums.Status; import org.apache.dolphinscheduler.api.service.UdfFuncService; import org.apache.dolphinscheduler.api.utils.PageInfo; import org.apache.dolphinscheduler.api.utils.Result; -import org.apache.dolphinscheduler.common.Constants; +import org.apache.dolphinscheduler.common.enums.AuthorizationType; import org.apache.dolphinscheduler.common.enums.UdfType; import org.apache.dolphinscheduler.common.utils.PropertyUtils; import org.apache.dolphinscheduler.dao.entity.Resource; @@ -33,10 +34,11 @@ import org.apache.dolphinscheduler.dao.mapper.UdfFuncMapper; import org.apache.commons.lang.StringUtils; +import java.util.ArrayList; +import java.util.Collections; import java.util.Date; -import java.util.HashMap; import java.util.List; -import java.util.Map; +import java.util.Set; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -88,6 +90,11 @@ public class UdfFuncServiceImpl extends BaseServiceImpl implements UdfFuncServic int resourceId) { Result result = new Result<>(); + boolean canOperatorPermissions = canOperatorPermissions(loginUser, null, AuthorizationType.UDF, ApiFuncIdentificationConstant.UDF_FUNCTION_CREATE); + if (!canOperatorPermissions){ + putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION); + return result; + } // if resource upload startup if (!PropertyUtils.getResUploadStartupState()) { logger.error("resource upload startup state: {}", PropertyUtils.getResUploadStartupState()); @@ -150,14 +157,19 @@ public class UdfFuncServiceImpl extends BaseServiceImpl implements UdfFuncServic * @return udf function detail */ @Override - public Map queryUdfFuncDetail(int id) { - Map result = new HashMap<>(); + public Result queryUdfFuncDetail(User loginUser, int id) { + Result result = new Result<>(); + boolean canOperatorPermissions = canOperatorPermissions(loginUser, new Object[]{id}, AuthorizationType.UDF, ApiFuncIdentificationConstant.UDF_FUNCTION_VIEW); + if (!canOperatorPermissions){ + putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION); + return result; + } UdfFunc udfFunc = udfFuncMapper.selectById(id); if (udfFunc == null) { putMsg(result, Status.RESOURCE_NOT_EXIST); return result; } - result.put(Constants.DATA_LIST, udfFunc); + result.setData(udfFunc); putMsg(result, Status.SUCCESS); return result; } @@ -176,7 +188,8 @@ public class UdfFuncServiceImpl extends BaseServiceImpl implements UdfFuncServic * @return update result code */ @Override - public Map updateUdfFunc(int udfFuncId, + public Result updateUdfFunc(User loginUser, + int udfFuncId, String funcName, String className, String argTypes, @@ -184,13 +197,20 @@ public class UdfFuncServiceImpl extends BaseServiceImpl implements UdfFuncServic String desc, UdfType type, int resourceId) { - Map result = new HashMap<>(); + Result result = new Result<>(); + + boolean canOperatorPermissions = canOperatorPermissions(loginUser, new Object[]{resourceId}, AuthorizationType.UDF, ApiFuncIdentificationConstant.UDF_FUNCTION_UPDATE); + if (!canOperatorPermissions){ + putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION); + return result; + } + // verify udfFunc is exist UdfFunc udf = udfFuncMapper.selectUdfById(udfFuncId); if (udf == null) { - result.put(Constants.STATUS, Status.UDF_FUNCTION_NOT_EXIST); - result.put(Constants.MSG, Status.UDF_FUNCTION_NOT_EXIST.getMsg()); + result.setCode(Status.UDF_FUNCTION_NOT_EXIST.getCode()); + result.setMsg(Status.UDF_FUNCTION_NOT_EXIST.getMsg()); return result; } @@ -205,8 +225,8 @@ public class UdfFuncServiceImpl extends BaseServiceImpl implements UdfFuncServic if (!funcName.equals(udf.getFuncName())) { if (checkUdfFuncNameExists(funcName)) { logger.error("UdfFuncRequest {} has exist, can't create again.", funcName); - result.put(Constants.STATUS, Status.UDF_FUNCTION_EXISTS); - result.put(Constants.MSG, Status.UDF_FUNCTION_EXISTS.getMsg()); + result.setCode(Status.UDF_FUNCTION_EXISTS.getCode()); + result.setMsg(Status.UDF_FUNCTION_EXISTS.getMsg()); return result; } } @@ -214,8 +234,8 @@ public class UdfFuncServiceImpl extends BaseServiceImpl implements UdfFuncServic Resource resource = resourceMapper.selectById(resourceId); if (resource == null) { logger.error("resourceId {} is not exist", resourceId); - result.put(Constants.STATUS, Status.RESOURCE_NOT_EXIST); - result.put(Constants.MSG, Status.RESOURCE_NOT_EXIST.getMsg()); + result.setCode(Status.RESOURCE_NOT_EXIST.getCode()); + result.setMsg(Status.RESOURCE_NOT_EXIST.getMsg()); return result; } Date now = new Date(); @@ -247,8 +267,13 @@ public class UdfFuncServiceImpl extends BaseServiceImpl implements UdfFuncServic * @return udf function list page */ @Override - public Result queryUdfFuncListPaging(User loginUser, String searchVal, Integer pageNo, Integer pageSize) { - Result result = new Result(); + public Result queryUdfFuncListPaging(User loginUser, String searchVal, Integer pageNo, Integer pageSize) { + Result result = new Result(); + boolean canOperatorPermissions = canOperatorPermissions(loginUser, null, AuthorizationType.UDF, ApiFuncIdentificationConstant.UDF_FUNCTION_VIEW); + if (!canOperatorPermissions){ + putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION); + return result; + } PageInfo pageInfo = new PageInfo<>(pageNo, pageSize); IPage udfFuncList = getUdfFuncsPage(loginUser, searchVal, pageSize, pageNo); pageInfo.setTotal((int)udfFuncList.getTotal()); @@ -268,12 +293,12 @@ public class UdfFuncServiceImpl extends BaseServiceImpl implements UdfFuncServic * @return udf function list page */ private IPage getUdfFuncsPage(User loginUser, String searchVal, Integer pageSize, int pageNo) { - int userId = loginUser.getId(); - if (isAdmin(loginUser)) { - userId = 0; - } + Set udfFuncIds = resourcePermissionCheckService.userOwnedResourceIdsAcquisition(AuthorizationType.UDF, loginUser.getId(), logger); Page page = new Page<>(pageNo, pageSize); - return udfFuncMapper.queryUdfFuncPaging(page, userId, searchVal); + if (udfFuncIds.isEmpty()) { + return page; + } + return udfFuncMapper.queryUdfFuncPaging(page, new ArrayList<>(udfFuncIds), searchVal); } /** @@ -284,15 +309,23 @@ public class UdfFuncServiceImpl extends BaseServiceImpl implements UdfFuncServic * @return udf func list */ @Override - public Map queryUdfFuncList(User loginUser, Integer type) { - Map result = new HashMap<>(); - int userId = loginUser.getId(); - if (isAdmin(loginUser)) { - userId = 0; + public Result queryUdfFuncList(User loginUser, Integer type) { + Result result = new Result<>(); + + boolean canOperatorPermissions = canOperatorPermissions(loginUser, null, AuthorizationType.UDF, ApiFuncIdentificationConstant.UDF_FUNCTION_VIEW); + if (!canOperatorPermissions){ + putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION); + return result; } - List udfFuncList = udfFuncMapper.getUdfFuncByType(userId, type); + Set udfFuncIds = resourcePermissionCheckService.userOwnedResourceIdsAcquisition(AuthorizationType.UDF, loginUser.getId(), logger); + if (udfFuncIds.isEmpty()){ + result.setData(Collections.emptyList()); + putMsg(result, Status.SUCCESS); + return result; + } + List udfFuncList = udfFuncMapper.getUdfFuncByType(new ArrayList<>(udfFuncIds), type); - result.put(Constants.DATA_LIST, udfFuncList); + result.setData(udfFuncList); putMsg(result, Status.SUCCESS); return result; } @@ -305,8 +338,14 @@ public class UdfFuncServiceImpl extends BaseServiceImpl implements UdfFuncServic */ @Override @Transactional(rollbackFor = RuntimeException.class) - public Result delete(int id) { + public Result delete(User loginUser, int id) { Result result = new Result<>(); + + boolean canOperatorPermissions = canOperatorPermissions(loginUser, new Object[]{id}, AuthorizationType.UDF, ApiFuncIdentificationConstant.UDF_FUNCTION_DELETE); + if (!canOperatorPermissions){ + putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION); + return result; + } udfFuncMapper.deleteById(id); udfUserMapper.deleteByUdfFuncId(id); putMsg(result, Status.SUCCESS); @@ -320,8 +359,14 @@ public class UdfFuncServiceImpl extends BaseServiceImpl implements UdfFuncServic * @return true if the name can user, otherwise return false */ @Override - public Result verifyUdfFuncByName(String name) { + public Result verifyUdfFuncByName(User loginUser, String name) { Result result = new Result<>(); + boolean canOperatorPermissions = canOperatorPermissions(loginUser, null, AuthorizationType.UDF, ApiFuncIdentificationConstant.UDF_FUNCTION_VIEW); + if (!canOperatorPermissions){ + putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION); + return result; + } + if (checkUdfFuncNameExists(name)) { putMsg(result, Status.UDF_FUNCTION_EXISTS); } else { @@ -329,5 +374,4 @@ public class UdfFuncServiceImpl extends BaseServiceImpl implements UdfFuncServic } return result; } - } diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UsersServiceImpl.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UsersServiceImpl.java index 00bf637eff..d25dd1afd7 100644 --- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UsersServiceImpl.java +++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UsersServiceImpl.java @@ -29,7 +29,6 @@ import org.apache.dolphinscheduler.api.utils.CheckUtils; import org.apache.dolphinscheduler.api.utils.PageInfo; import org.apache.dolphinscheduler.api.utils.Result; import org.apache.dolphinscheduler.common.Constants; -import org.apache.dolphinscheduler.common.enums.AuthorizationType; import org.apache.dolphinscheduler.common.enums.Flag; import org.apache.dolphinscheduler.common.enums.UserType; import org.apache.dolphinscheduler.common.storage.StorageOperate; @@ -78,8 +77,6 @@ import java.util.TimeZone; import java.util.Arrays; import java.util.stream.Collectors; -import static org.apache.dolphinscheduler.api.constants.ApiFuncIdentificationConstant.*; - /** * users service impl */ @@ -157,18 +154,18 @@ public class UsersServiceImpl extends BaseServiceImpl implements UsersService { //check all user params String msg = this.checkUserParams(userName, userPassword, email, phone); - if(resourcePermissionCheckService.functionDisabled()){ putMsg(result, Status.FUNCTION_DISABLED, msg); return result; } - if (!StringUtils.isEmpty(msg)) { - putMsg(result, Status.REQUEST_PARAMS_NOT_VALID_ERROR, msg); + if (!isAdmin(loginUser)) { + putMsg(result, Status.USER_NO_OPERATION_PERM); return result; } - if (!canOperatorPermissions(loginUser,null, AuthorizationType.USER,USERS_CREATE)) { - putMsg(result, Status.USER_NO_OPERATION_PERM); + + if (!StringUtils.isEmpty(msg)) { + putMsg(result, Status.REQUEST_PARAMS_NOT_VALID_ERROR, msg); return result; } @@ -334,15 +331,14 @@ public class UsersServiceImpl extends BaseServiceImpl implements UsersService { @Override public Result queryUserList(User loginUser, String searchVal, Integer pageNo, Integer pageSize) { Result result = new Result<>(); - - if (!canOperatorPermissions(loginUser,null,AuthorizationType.USER,USER_MANAGER)) { - putMsg(result, Status.USER_NO_OPERATION_PERM); - return result; - } if(resourcePermissionCheckService.functionDisabled()){ putMsg(result, Status.FUNCTION_DISABLED); return result; } + if (!isAdmin(loginUser)) { + putMsg(result, Status.USER_NO_OPERATION_PERM); + return result; + } Page page = new Page<>(pageNo, pageSize); @@ -389,8 +385,7 @@ public class UsersServiceImpl extends BaseServiceImpl implements UsersService { putMsg(result, Status.FUNCTION_DISABLED); return result; } - - if (check(result, !canOperatorPermissions(loginUser,null,AuthorizationType.USER,USER_UPDATE), Status.USER_NO_OPERATION_PERM)) { + if (check(result, !canOperator(loginUser, userId), Status.USER_NO_OPERATION_PERM)) { return result; } User user = userMapper.selectById(userId); @@ -527,14 +522,12 @@ public class UsersServiceImpl extends BaseServiceImpl implements UsersService { @Transactional(rollbackFor = RuntimeException.class) public Map deleteUserById(User loginUser, int id) throws IOException { Map result = new HashMap<>(); - if(resourcePermissionCheckService.functionDisabled()){ putMsg(result, Status.FUNCTION_DISABLED); return result; } - //only admin can operate - if (!canOperatorPermissions(loginUser,null,AuthorizationType.USER,USER_DELETE)) { + if (!isAdmin(loginUser)) { putMsg(result, Status.USER_NO_OPERATION_PERM, id); return result; } @@ -582,7 +575,6 @@ public class UsersServiceImpl extends BaseServiceImpl implements UsersService { putMsg(result, Status.FUNCTION_DISABLED); return result; } - //check exist User tempUser = userMapper.selectById(userId); if (tempUser == null) { @@ -643,7 +635,7 @@ public class UsersServiceImpl extends BaseServiceImpl implements UsersService { } // 3. only project owner can operate - if (!this.canOperatorPermissions(loginUser,new Object[]{project.getId()},AuthorizationType.USER,null)) { + if (!this.canOperator(loginUser, project.getUserId())) { this.putMsg(result, Status.USER_NO_OPERATION_PERM); return result; } @@ -683,7 +675,7 @@ public class UsersServiceImpl extends BaseServiceImpl implements UsersService { return result; } // 1. only admin can operate - if (this.check(result, !this.canOperatorPermissions(loginUser,null,AuthorizationType.USER,null), Status.USER_NO_OPERATION_PERM)) { + if (this.check(result, !this.isAdmin(loginUser), Status.USER_NO_OPERATION_PERM)) { return result; } @@ -871,7 +863,7 @@ public class UsersServiceImpl extends BaseServiceImpl implements UsersService { return result; } //only admin can operate - if (check(result, !canOperatorPermissions(loginUser,null,AuthorizationType.USER, null), Status.USER_NO_OPERATION_PERM)) { + if (this.check(result, !this.isAdmin(loginUser), Status.USER_NO_OPERATION_PERM)) { return result; } @@ -968,7 +960,7 @@ public class UsersServiceImpl extends BaseServiceImpl implements UsersService { return result; } User user = null; - if (canOperatorPermissions(loginUser,null,AuthorizationType.USER,USER_MANAGER)) { + if (loginUser.getUserType() == UserType.ADMIN_USER) { user = loginUser; } else { user = userMapper.queryDetailsById(loginUser.getId()); @@ -1011,7 +1003,7 @@ public class UsersServiceImpl extends BaseServiceImpl implements UsersService { return result; } //only admin can operate - if (check(result, !canOperatorPermissions(loginUser,null,AuthorizationType.USER,USER_MANAGER), Status.USER_NO_OPERATION_PERM)) { + if (check(result, !isAdmin(loginUser), Status.USER_NO_OPERATION_PERM)) { return result; } @@ -1036,7 +1028,7 @@ public class UsersServiceImpl extends BaseServiceImpl implements UsersService { return result; } //only admin can operate - if (check(result, !canOperatorPermissions(loginUser,null,AuthorizationType.USER,USER_MANAGER), Status.USER_NO_OPERATION_PERM)) { + if (check(result, !isAdmin(loginUser), Status.USER_NO_OPERATION_PERM)) { return result; } @@ -1083,7 +1075,7 @@ public class UsersServiceImpl extends BaseServiceImpl implements UsersService { return result; } //only admin can operate - if (check(result, !canOperatorPermissions(loginUser,null,AuthorizationType.USER,null), Status.USER_NO_OPERATION_PERM)) { + if (check(result, !isAdmin(loginUser), Status.USER_NO_OPERATION_PERM)) { return result; } @@ -1123,7 +1115,7 @@ public class UsersServiceImpl extends BaseServiceImpl implements UsersService { return result; } //only admin can operate - if (check(result, !canOperatorPermissions(loginUser,null,AuthorizationType.USER,null), Status.USER_NO_OPERATION_PERM)) { + if (check(result, !isAdmin(loginUser), Status.USER_NO_OPERATION_PERM)) { return result; } List userList = userMapper.queryUserListByAlertGroupId(alertGroupId); @@ -1259,7 +1251,7 @@ public class UsersServiceImpl extends BaseServiceImpl implements UsersService { putMsg(result, Status.FUNCTION_DISABLED); return result; } - if (!canOperatorPermissions(loginUser,null,AuthorizationType.USER,null)) { + if (!isAdmin(loginUser)) { putMsg(result, Status.USER_NO_OPERATION_PERM); return result; } @@ -1307,7 +1299,7 @@ public class UsersServiceImpl extends BaseServiceImpl implements UsersService { putMsg(result, Status.FUNCTION_DISABLED); return result; } - if (!canOperatorPermissions(loginUser,null,AuthorizationType.USER,null)) { + if (!isAdmin(loginUser)) { putMsg(result, Status.USER_NO_OPERATION_PERM); return result; } diff --git a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/controller/AbstractControllerTest.java b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/controller/AbstractControllerTest.java index 9408ce133e..aecf5710af 100644 --- a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/controller/AbstractControllerTest.java +++ b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/controller/AbstractControllerTest.java @@ -22,6 +22,7 @@ import org.apache.dolphinscheduler.api.controller.AbstractControllerTest.Registr import org.apache.dolphinscheduler.api.enums.Status; import org.apache.dolphinscheduler.api.service.SessionService; import org.apache.dolphinscheduler.api.service.UsersService; +import org.apache.dolphinscheduler.api.utils.Result; import org.apache.dolphinscheduler.common.Constants; import org.apache.dolphinscheduler.dao.DaoConfiguration; import org.apache.dolphinscheduler.dao.entity.User; @@ -107,6 +108,15 @@ public abstract class AbstractControllerTest { } } + public void putMsg(Result result, Status status, Object... statusParams) { + result.setCode(status.getCode()); + if (statusParams != null && statusParams.length > 0) { + result.setMsg(MessageFormat.format(status.getMsg(), statusParams)); + } else { + result.setMsg(status.getMsg()); + } + } + @Configuration public static class RegistryServer { @PostConstruct diff --git a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/controller/ResourcesControllerTest.java b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/controller/ResourcesControllerTest.java index d342f296fc..3be552f878 100644 --- a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/controller/ResourcesControllerTest.java +++ b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/controller/ResourcesControllerTest.java @@ -135,7 +135,7 @@ public class ResourcesControllerTest extends AbstractControllerTest { public void testViewResource() throws Exception { Result mockResult = new Result<>(); mockResult.setCode(Status.HDFS_NOT_STARTUP.getCode()); - PowerMockito.when(resourcesService.readResource(Mockito.anyInt(), Mockito.anyInt(), Mockito.anyInt())).thenReturn(mockResult); + PowerMockito.when(resourcesService.readResource(Mockito.any(), Mockito.anyInt(), Mockito.anyInt(), Mockito.anyInt())).thenReturn(mockResult); MultiValueMap paramsMap = new LinkedMultiValueMap<>(); paramsMap.add("skipLineNum", "2"); @@ -188,7 +188,7 @@ public class ResourcesControllerTest extends AbstractControllerTest { public void testUpdateResourceContent() throws Exception { Result mockResult = new Result<>(); mockResult.setCode(Status.TENANT_NOT_EXIST.getCode()); - PowerMockito.when(resourcesService.updateResourceContent(Mockito.anyInt(), Mockito.anyString())).thenReturn(mockResult); + PowerMockito.when(resourcesService.updateResourceContent(Mockito.any(), Mockito.anyInt(), Mockito.anyString())).thenReturn(mockResult); MultiValueMap paramsMap = new LinkedMultiValueMap<>(); paramsMap.add("id", "1"); @@ -210,7 +210,7 @@ public class ResourcesControllerTest extends AbstractControllerTest { @Test public void testDownloadResource() throws Exception { - PowerMockito.when(resourcesService.downloadResource(Mockito.anyInt())).thenReturn(null); + PowerMockito.when(resourcesService.downloadResource(Mockito.any(), Mockito.anyInt())).thenReturn(null); MvcResult mvcResult = mockMvc.perform(get("/resources/{id}/download", 5) .header(SESSION_ID, sessionId)) @@ -252,10 +252,10 @@ public class ResourcesControllerTest extends AbstractControllerTest { @Test public void testViewUIUdfFunction() throws Exception { - Map mockResult = new HashMap<>(); - mockResult.put(Constants.STATUS, Status.TENANT_NOT_EXIST); + Result mockResult = new Result<>(); + putMsg(mockResult, Status.TENANT_NOT_EXIST); PowerMockito.when(udfFuncService - .queryUdfFuncDetail(Mockito.anyInt())) + .queryUdfFuncDetail(Mockito.any(), Mockito.anyInt())) .thenReturn(mockResult); MvcResult mvcResult = mockMvc.perform(get("/resources/{id}/udf-func", "123") @@ -272,10 +272,10 @@ public class ResourcesControllerTest extends AbstractControllerTest { @Test public void testUpdateUdfFunc() throws Exception { - Map mockResult = new HashMap<>(); - mockResult.put(Constants.STATUS, Status.TENANT_NOT_EXIST); + Result mockResult = new Result<>(); + mockResult.setCode(Status.TENANT_NOT_EXIST.getCode()); PowerMockito.when(udfFuncService - .updateUdfFunc(Mockito.anyInt(), Mockito.anyString(), Mockito.anyString(), Mockito.anyString(), Mockito.anyString(), Mockito.anyString(), Mockito.any(), Mockito.anyInt())) + .updateUdfFunc(Mockito.any(), Mockito.anyInt(), Mockito.anyString(), Mockito.anyString(), Mockito.anyString(), Mockito.anyString(), Mockito.anyString(), Mockito.any(), Mockito.anyInt())) .thenReturn(mockResult); MultiValueMap paramsMap = new LinkedMultiValueMap<>(); @@ -327,8 +327,8 @@ public class ResourcesControllerTest extends AbstractControllerTest { @Test public void testQueryResourceList() throws Exception { - Map mockResult = new HashMap<>(); - mockResult.put(Constants.STATUS, Status.SUCCESS); + Result mockResult = new Result<>(); + mockResult.setCode(Status.SUCCESS.getCode()); PowerMockito.when(udfFuncService.queryUdfFuncList(Mockito.any(), Mockito.anyInt())).thenReturn(mockResult); MultiValueMap paramsMap = new LinkedMultiValueMap<>(); @@ -351,7 +351,7 @@ public class ResourcesControllerTest extends AbstractControllerTest { public void testVerifyUdfFuncName() throws Exception { Result mockResult = new Result<>(); mockResult.setCode(Status.SUCCESS.getCode()); - PowerMockito.when(udfFuncService.verifyUdfFuncByName(Mockito.anyString())).thenReturn(mockResult); + PowerMockito.when(udfFuncService.verifyUdfFuncByName(Mockito.any(), Mockito.anyString())).thenReturn(mockResult); MultiValueMap paramsMap = new LinkedMultiValueMap<>(); paramsMap.add("name", "test"); @@ -439,7 +439,7 @@ public class ResourcesControllerTest extends AbstractControllerTest { public void testDeleteUdfFunc() throws Exception { Result mockResult = new Result<>(); mockResult.setCode(Status.SUCCESS.getCode()); - PowerMockito.when(udfFuncService.delete(Mockito.anyInt())).thenReturn(mockResult); + PowerMockito.when(udfFuncService.delete(Mockito.any(), Mockito.anyInt())).thenReturn(mockResult); MvcResult mvcResult = mockMvc.perform(delete("/resources/udf-func/{id}", "123") .header(SESSION_ID, sessionId)) diff --git a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/MonitorServiceTest.java b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/MonitorServiceTest.java index 61d2a9b078..cf2deb896e 100644 --- a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/MonitorServiceTest.java +++ b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/MonitorServiceTest.java @@ -17,21 +17,31 @@ package org.apache.dolphinscheduler.api.service; +import org.apache.dolphinscheduler.api.constants.ApiFuncIdentificationConstant; import org.apache.dolphinscheduler.api.enums.Status; +import org.apache.dolphinscheduler.api.service.impl.BaseServiceImpl; import org.apache.dolphinscheduler.api.service.impl.MonitorServiceImpl; import org.apache.dolphinscheduler.common.Constants; +import org.apache.dolphinscheduler.common.enums.AuthorizationType; +import org.apache.dolphinscheduler.common.enums.NodeType; +import org.apache.dolphinscheduler.common.enums.UserType; import org.apache.dolphinscheduler.common.model.Server; import org.apache.dolphinscheduler.dao.MonitorDBDao; import org.apache.dolphinscheduler.dao.entity.MonitorRecord; +import org.apache.dolphinscheduler.dao.entity.User; +import org.apache.dolphinscheduler.service.permission.ResourcePermissionCheckService; +import org.apache.dolphinscheduler.service.registry.RegistryClient; import org.apache.dolphinscheduler.spi.enums.DbType; import org.apache.commons.collections.CollectionUtils; import java.util.ArrayList; +import java.util.Date; import java.util.List; import java.util.Map; import org.junit.Assert; +import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; import org.mockito.InjectMocks; @@ -55,23 +65,60 @@ public class MonitorServiceTest { @Mock private MonitorDBDao monitorDBDao; + @Mock + private ResourcePermissionCheckService resourcePermissionCheckService; + + @Mock + private RegistryClient registryClient; + + private User user; + + public static final Logger serviceLogger = LoggerFactory.getLogger(BaseServiceImpl.class); + + @Before + public void init () { + user = new User(); + user.setUserType(UserType.ADMIN_USER); + user.setId(1); + } + @Test public void testQueryDatabaseState() { - + mockPermissionCheck(ApiFuncIdentificationConstant.MONITOR_DATABASES_VIEW, true); Mockito.when(monitorDBDao.queryDatabaseState()).thenReturn(getList()); - Map result = monitorService.queryDatabaseState(null); + Map result = monitorService.queryDatabaseState(user); logger.info(result.toString()); Assert.assertEquals(Status.SUCCESS,result.get(Constants.STATUS)); List monitorRecordList = (List) result.get(Constants.DATA_LIST); Assert.assertTrue(CollectionUtils.isNotEmpty(monitorRecordList)); + + mockPermissionCheck(ApiFuncIdentificationConstant.MONITOR_DATABASES_VIEW, false); + Map noPermission = monitorService.queryDatabaseState(user); + Assert.assertEquals(Status.NO_CURRENT_OPERATING_PERMISSION,noPermission.get(Constants.STATUS)); } @Test public void testQueryMaster() { - //TODO need zk - /*Map result = monitorService.queryMaster(null);*/ - /*logger.info(result.toString());*/ - /*Assert.assertEquals(Status.SUCCESS,result.get(Constants.STATUS));*/ + mockPermissionCheck(ApiFuncIdentificationConstant.MONITOR_MASTER_VIEW, true); + Mockito.when(registryClient.getServerList(NodeType.MASTER)).thenReturn(getServerList()); + Map result = monitorService.queryMaster(user); + Assert.assertEquals(Status.SUCCESS,result.get(Constants.STATUS)); + + mockPermissionCheck(ApiFuncIdentificationConstant.MONITOR_MASTER_VIEW, false); + Map noPermission = monitorService.queryMaster(user); + Assert.assertEquals(Status.NO_CURRENT_OPERATING_PERMISSION,noPermission.get(Constants.STATUS)); + } + + @Test + public void testQueryWorker() { + mockPermissionCheck(ApiFuncIdentificationConstant.MONITOR_WORKER_VIEW, true); + Mockito.when(registryClient.getServerList(NodeType.WORKER)).thenReturn(getServerList()); + Map result = monitorService.queryWorker(user); + Assert.assertEquals(Status.SUCCESS,result.get(Constants.STATUS)); + + mockPermissionCheck(ApiFuncIdentificationConstant.MONITOR_WORKER_VIEW, false); + Map noPermission = monitorService.queryWorker(user); + Assert.assertEquals(Status.NO_CURRENT_OPERATING_PERMISSION,noPermission.get(Constants.STATUS)); } @Test @@ -81,6 +128,11 @@ public class MonitorServiceTest { /*logger.info(serverList.toString());*/ } + private void mockPermissionCheck(String permissionKey, boolean result){ + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.MONITOR, 1, permissionKey, serviceLogger)).thenReturn(result); + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.MONITOR, null, 0, serviceLogger)).thenReturn(true); + } + private List getList() { List monitorRecordList = new ArrayList<>(); monitorRecordList.add(getEntity()); @@ -94,8 +146,16 @@ public class MonitorServiceTest { } private List getServerList() { + Server server = new Server(); + server.setId(1); + server.setHost("127.0.0.1"); + server.setZkDirectory("ws/server"); + server.setPort(123); + server.setCreateTime(new Date()); + server.setLastHeartbeatTime(new Date()); + List servers = new ArrayList<>(); - servers.add(new Server()); + servers.add(server); return servers; } diff --git a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/ProjectServiceTest.java b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/ProjectServiceTest.java index 2e2b9a16e7..4fd3858406 100644 --- a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/ProjectServiceTest.java +++ b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/ProjectServiceTest.java @@ -84,8 +84,8 @@ public class ProjectServiceTest { User loginUser = getLoginUser(); loginUser.setId(1); - Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.PROJECTS, loginUser.getId(), PROJECT_CREATE , baseServiceLogger)).thenReturn(true); - Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.PROJECTS, null, loginUser.getId(), baseServiceLogger)).thenReturn(true); + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.PROJECTS, 1, PROJECT_CREATE , baseServiceLogger)).thenReturn(true); + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.PROJECTS, null, 1, baseServiceLogger)).thenReturn(true); Map result = projectService.createProject(loginUser, projectName, getDesc()); logger.info(result.toString()); Assert.assertEquals(Status.REQUEST_PARAMS_NOT_VALID_ERROR, result.get(Constants.STATUS)); @@ -179,32 +179,6 @@ public class ProjectServiceTest { Assert.assertTrue(checkResult); } -// @Test -// public void testQueryProjectListPaging() { -// IPage page = new Page<>(1, 10); -// page.setRecords(getList()); -// page.setTotal(1L); -// Set set = new HashSet(); -// set.add(1); -// Mockito.when(projectMapper.queryProjectListPaging(Mockito.any(Page.class),Mockito.anySet().toArray(), Mockito.eq(projectName))).thenReturn(page); -// User loginUser = getLoginUser(); -// -// // project owner -// Mockito.when(resourcePermissionCheckService.userOwnedResourceIdsAcquisition(AuthorizationType.PROJECTS, loginUser.getId(), projectLogger)).thenReturn(set); -// Result result = projectService.queryProjectListPaging(loginUser, 10, 1, projectName); -// logger.info(result.toString()); -// PageInfo pageInfo = (PageInfo) result.getData(); -// Assert.assertTrue(CollectionUtils.isNotEmpty(pageInfo.getTotalList())); -// -// //admin -// Mockito.when(projectMapper.queryProjectListPaging(Mockito.any(Page.class), Mockito.anySet().toArray(), Mockito.eq(projectName))).thenReturn(page); -// loginUser.setUserType(UserType.ADMIN_USER); -// result = projectService.queryProjectListPaging(loginUser, 10, 1, projectName); -// logger.info(result.toString()); -// pageInfo = (PageInfo) result.getData(); -// Assert.assertTrue(CollectionUtils.isNotEmpty(pageInfo.getTotalList())); -// } - @Test public void testDeleteProject() { User loginUser = getLoginUser(); diff --git a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/ResourcesServiceTest.java b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/ResourcesServiceTest.java index 939e439f7d..5541e12303 100644 --- a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/ResourcesServiceTest.java +++ b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/ResourcesServiceTest.java @@ -19,11 +19,14 @@ package org.apache.dolphinscheduler.api.service; import static org.mockito.ArgumentMatchers.eq; +import org.apache.dolphinscheduler.api.constants.ApiFuncIdentificationConstant; import org.apache.dolphinscheduler.api.enums.Status; +import org.apache.dolphinscheduler.api.service.impl.BaseServiceImpl; import org.apache.dolphinscheduler.api.service.impl.ResourcesServiceImpl; import org.apache.dolphinscheduler.api.utils.PageInfo; import org.apache.dolphinscheduler.api.utils.Result; import org.apache.dolphinscheduler.common.Constants; +import org.apache.dolphinscheduler.common.enums.AuthorizationType; import org.apache.dolphinscheduler.common.enums.UserType; import org.apache.dolphinscheduler.common.storage.StorageOperate; import org.apache.dolphinscheduler.common.utils.FileUtils; @@ -38,6 +41,7 @@ import org.apache.dolphinscheduler.dao.mapper.ResourceUserMapper; import org.apache.dolphinscheduler.dao.mapper.TenantMapper; import org.apache.dolphinscheduler.dao.mapper.UdfFuncMapper; import org.apache.dolphinscheduler.dao.mapper.UserMapper; +import org.apache.dolphinscheduler.service.permission.ResourcePermissionCheckService; import org.apache.dolphinscheduler.spi.enums.ResourceType; import org.apache.commons.collections.CollectionUtils; @@ -47,9 +51,11 @@ import java.util.ArrayList; import java.util.Arrays; import java.util.Collections; import java.util.HashMap; +import java.util.HashSet; import java.util.List; import java.util.Map; import java.util.Random; +import java.util.Set; import org.junit.Assert; import org.junit.Before; @@ -106,6 +112,12 @@ public class ResourcesServiceTest { @Mock private ResourceUserMapper resourceUserMapper; + @Mock + private ResourcePermissionCheckService resourcePermissionCheckService; + + private static final Logger serviceLogger = LoggerFactory.getLogger(BaseServiceImpl.class); + + @Before public void setUp() { // PowerMockito.mockStatic(HadoopUtils.class); @@ -125,8 +137,13 @@ public class ResourcesServiceTest { @Test public void testCreateResource() { + PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 1, ApiFuncIdentificationConstant.FILE_ONLINE_CREATE, serviceLogger)).thenReturn(true); + PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, null, 1, serviceLogger)).thenReturn(true); + PowerMockito.when(PropertyUtils.getResUploadStartupState()).thenReturn(false); User user = new User(); + user.setId(1); + user.setUserType(UserType.GENERAL_USER); //HDFS_NOT_STARTUP Result result = resourcesService.createResource(user, "ResourcesServiceTest", "ResourcesServiceTest", ResourceType.FILE, null, -1, "/"); logger.info(result.toString()); @@ -148,6 +165,9 @@ public class ResourcesServiceTest { Assert.assertEquals(Status.RESOURCE_SUFFIX_FORBID_CHANGE.getMsg(), result.getMsg()); //UDF_RESOURCE_SUFFIX_NOT_JAR + PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 1, ApiFuncIdentificationConstant.UDF_FOLDER_ONLINE_CREATE, serviceLogger)).thenReturn(true); + PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, null, 1, serviceLogger)).thenReturn(true); + mockMultipartFile = new MockMultipartFile("ResourcesServiceTest.pdf", "ResourcesServiceTest.pdf", "pdf", "test".getBytes()); PowerMockito.when(Files.getFileExtension("ResourcesServiceTest.pdf")).thenReturn("pdf"); result = resourcesService.createResource(user, "ResourcesServiceTest.pdf", "ResourcesServiceTest", ResourceType.UDF, mockMultipartFile, -1, "/"); @@ -155,6 +175,9 @@ public class ResourcesServiceTest { Assert.assertEquals(Status.UDF_RESOURCE_SUFFIX_NOT_JAR.getMsg(), result.getMsg()); //FULL_FILE_NAME_TOO_LONG + PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 1, ApiFuncIdentificationConstant.FILE_ONLINE_CREATE, serviceLogger)).thenReturn(true); + PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, null, 1, serviceLogger)).thenReturn(true); + String tooLongFileName = getRandomStringWithLength(Constants.RESOURCE_FULL_NAME_MAX_LENGTH) + ".pdf"; mockMultipartFile = new MockMultipartFile(tooLongFileName, tooLongFileName, "pdf", "test".getBytes()); PowerMockito.when(PropertyUtils.getResUploadStartupState()).thenReturn(true); @@ -166,9 +189,13 @@ public class ResourcesServiceTest { @Test public void testCreateDirecotry() { + PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 1, ApiFuncIdentificationConstant.FOLDER_ONLINE_CREATE, serviceLogger)).thenReturn(true); + PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, null, 1, serviceLogger)).thenReturn(true); PowerMockito.when(PropertyUtils.getResUploadStartupState()).thenReturn(false); User user = new User(); + user.setId(1); + user.setUserType(UserType.GENERAL_USER); //HDFS_NOT_STARTUP Result result = resourcesService.createDirectory(user, "directoryTest", "directory test", ResourceType.FILE, -1, "/"); logger.info(result.toString()); @@ -181,6 +208,10 @@ public class ResourcesServiceTest { Mockito.when(tenantMapper.queryById(1)).thenReturn(getTenant()); PowerMockito.when(PropertyUtils.getResUploadStartupState()).thenReturn(true); Mockito.when(resourcesMapper.selectById(Mockito.anyInt())).thenReturn(null); + PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 1, ApiFuncIdentificationConstant.FOLDER_ONLINE_CREATE, serviceLogger)).thenReturn(true); + PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, null, 1, serviceLogger)).thenReturn(true); + PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 1, ApiFuncIdentificationConstant.FILE_RENAME, serviceLogger)).thenReturn(true); + result = resourcesService.createDirectory(user, "directoryTest", "directory test", ResourceType.FILE, 1, "/"); logger.info(result.toString()); Assert.assertEquals(Status.PARENT_RESOURCE_NOT_EXIST.getMsg(), result.getMsg()); @@ -196,14 +227,21 @@ public class ResourcesServiceTest { @Test public void testUpdateResource() { + PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 1, ApiFuncIdentificationConstant.FILE_UPDATE, serviceLogger)).thenReturn(true); + PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, new Object[]{1}, 1, serviceLogger)).thenReturn(true); + PowerMockito.when(PropertyUtils.getResUploadStartupState()).thenReturn(false); User user = new User(); + user.setId(1); + user.setUserType(UserType.GENERAL_USER); //HDFS_NOT_STARTUP Result result = resourcesService.updateResource(user, 1, "ResourcesServiceTest", "ResourcesServiceTest", ResourceType.FILE, null); logger.info(result.toString()); Assert.assertEquals(Status.STORAGE_NOT_STARTUP.getMsg(), result.getMsg()); //RESOURCE_NOT_EXIST + PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 1, ApiFuncIdentificationConstant.FILE_UPDATE, serviceLogger)).thenReturn(true); + PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, new Object[]{0}, 1, serviceLogger)).thenReturn(true); Mockito.when(resourcesMapper.selectById(1)).thenReturn(getResource()); PowerMockito.when(PropertyUtils.getResUploadStartupState()).thenReturn(true); result = resourcesService.updateResource(user, 0, "ResourcesServiceTest", "ResourcesServiceTest", ResourceType.FILE, null); @@ -211,6 +249,10 @@ public class ResourcesServiceTest { Assert.assertEquals(Status.RESOURCE_NOT_EXIST.getMsg(), result.getMsg()); //USER_NO_OPERATION_PERM + user.setId(2); + user.setUserType(UserType.GENERAL_USER); + PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 2, ApiFuncIdentificationConstant.FILE_UPDATE, serviceLogger)).thenReturn(true); + PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, new Object[]{1}, 2, serviceLogger)).thenReturn(true); result = resourcesService.updateResource(user, 1, "ResourcesServiceTest", "ResourcesServiceTest", ResourceType.FILE, null); logger.info(result.toString()); Assert.assertEquals(Status.USER_NO_OPERATION_PERM.getMsg(), result.getMsg()); @@ -221,6 +263,8 @@ public class ResourcesServiceTest { Mockito.when(tenantMapper.queryById(1)).thenReturn(getTenant()); PowerMockito.when(storageOperate.getFileName(Mockito.any(), Mockito.any(), Mockito.anyString())).thenReturn("test1"); + PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 1, ApiFuncIdentificationConstant.UDF_UPDATE, serviceLogger)).thenReturn(true); + PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, new Object[]{1}, 1, serviceLogger)).thenReturn(true); try { Mockito.when(storageOperate.exists(Mockito.any(), Mockito.any())).thenReturn(false); } catch (IOException e) { @@ -239,6 +283,8 @@ public class ResourcesServiceTest { logger.error(e.getMessage(), e); } + PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 1, ApiFuncIdentificationConstant.FILE_UPDATE, serviceLogger)).thenReturn(true); + PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, new Object[]{1}, 1, serviceLogger)).thenReturn(true); result = resourcesService.updateResource(user, 1, "ResourcesServiceTest.jar", "ResourcesServiceTest", ResourceType.FILE, null); logger.info(result.toString()); Assert.assertEquals(Status.SUCCESS.getMsg(), result.getMsg()); @@ -249,6 +295,8 @@ public class ResourcesServiceTest { logger.info(result.toString()); Assert.assertEquals(Status.RESOURCE_EXIST.getMsg(), result.getMsg()); //USER_NOT_EXIST + PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 1, ApiFuncIdentificationConstant.UDF_UPDATE, serviceLogger)).thenReturn(true); + PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, new Object[]{1}, 1, serviceLogger)).thenReturn(true); Mockito.when(userMapper.selectById(Mockito.anyInt())).thenReturn(null); result = resourcesService.updateResource(user, 1, "ResourcesServiceTest1.jar", "ResourcesServiceTest", ResourceType.UDF, null); logger.info(result.toString()); @@ -279,13 +327,17 @@ public class ResourcesServiceTest { @Test public void testQueryResourceListPaging() { User loginUser = new User(); + loginUser.setId(1); loginUser.setUserType(UserType.ADMIN_USER); IPage resourcePage = new Page<>(1, 10); resourcePage.setTotal(1); resourcePage.setRecords(getResourceList()); - Mockito.when(resourcesMapper.queryResourcePaging(Mockito.any(Page.class), - eq(0), eq(-1), eq(0), eq("test"), Mockito.any())).thenReturn(resourcePage); + PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 1, ApiFuncIdentificationConstant.FILE_VIEW, serviceLogger)).thenReturn(true); + PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, null, 0, serviceLogger)).thenReturn(true); + PowerMockito.when(resourcePermissionCheckService.userOwnedResourceIdsAcquisition(AuthorizationType.RESOURCE_FILE_ID, 1, serviceLogger)).thenReturn(getSetIds()); + + Mockito.when(resourcesMapper.queryResourcePaging(Mockito.any(Page.class), eq(-1), eq(0), eq(1), eq("test"), Mockito.any())).thenReturn(resourcePage); Result result = resourcesService.queryResourceListPaging(loginUser, -1, ResourceType.FILE, "test", 1, 10); logger.info(result.toString()); Assert.assertEquals(Status.SUCCESS.getCode(), (int) result.getCode()); @@ -299,6 +351,11 @@ public class ResourcesServiceTest { User loginUser = new User(); loginUser.setId(0); loginUser.setUserType(UserType.ADMIN_USER); + + PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 0, ApiFuncIdentificationConstant.FILE_VIEW, serviceLogger)).thenReturn(true); + PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, null, 0, serviceLogger)).thenReturn(true); + PowerMockito.when(resourcePermissionCheckService.userOwnedResourceIdsAcquisition(AuthorizationType.RESOURCE_FILE_ID, 0, serviceLogger)).thenReturn(getSetIds()); + Mockito.when(resourcesMapper.queryResourceListAuthored(0, 0)).thenReturn(getResourceList()); Map result = resourcesService.queryResourceList(loginUser, ResourceType.FILE); logger.info(result.toString()); @@ -307,6 +364,9 @@ public class ResourcesServiceTest { Assert.assertTrue(CollectionUtils.isNotEmpty(resourceList)); // test udf + PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 0, ApiFuncIdentificationConstant.UDF_FILE_VIEW, serviceLogger)).thenReturn(true); + PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, null, 0, serviceLogger)).thenReturn(true); + PowerMockito.when(resourcePermissionCheckService.userOwnedResourceIdsAcquisition(AuthorizationType.RESOURCE_FILE_ID, 0, serviceLogger)).thenReturn(getSetIds()); loginUser.setUserType(UserType.GENERAL_USER); Mockito.when(resourceUserMapper.queryResourcesIdListByUserIdAndPerm(0, 0)) .thenReturn(Arrays.asList(Integer.valueOf(10), Integer.valueOf(11))); @@ -325,9 +385,13 @@ public class ResourcesServiceTest { User loginUser = new User(); loginUser.setId(0); + loginUser.setUserType(UserType.GENERAL_USER); PowerMockito.when(PropertyUtils.getResUploadStartupState()).thenReturn(false); + Mockito.when(resourcesMapper.selectById(1)).thenReturn(getResource()); Mockito.when(tenantMapper.queryById(1)).thenReturn(getTenant()); + PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 0, ApiFuncIdentificationConstant.FILE_DELETE, serviceLogger)).thenReturn(true); + PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, new Object[]{1}, 0, serviceLogger)).thenReturn(true); try { // HDFS_NOT_STARTUP Result result = resourcesService.delete(loginUser, 1); @@ -337,6 +401,9 @@ public class ResourcesServiceTest { //RESOURCE_NOT_EXIST PowerMockito.when(PropertyUtils.getResUploadStartupState()).thenReturn(true); Mockito.when(resourcesMapper.selectById(1)).thenReturn(getResource()); + + PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 0, ApiFuncIdentificationConstant.FILE_DELETE, serviceLogger)).thenReturn(true); + PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, new Object[]{2}, 0, serviceLogger)).thenReturn(true); result = resourcesService.delete(loginUser, 2); logger.info(result.toString()); Assert.assertEquals(Status.RESOURCE_NOT_EXIST.getMsg(), result.getMsg()); @@ -350,6 +417,8 @@ public class ResourcesServiceTest { loginUser.setUserType(UserType.ADMIN_USER); loginUser.setTenantId(2); Mockito.when(userMapper.selectById(Mockito.anyInt())).thenReturn(loginUser); + PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 0, ApiFuncIdentificationConstant.FILE_DELETE, serviceLogger)).thenReturn(true); + PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, new Object[]{1}, 0, serviceLogger)).thenReturn(true); result = resourcesService.delete(loginUser, 1); logger.info(result.toString()); Assert.assertEquals(Status.CURRENT_LOGIN_USER_TENANT_NOT_EXIST.getMsg(), result.getMsg()); @@ -373,8 +442,11 @@ public class ResourcesServiceTest { @Test public void testVerifyResourceName() { + PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 1, ApiFuncIdentificationConstant.FILE_RENAME, serviceLogger)).thenReturn(true); + PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, null, 1, serviceLogger)).thenReturn(true); User user = new User(); user.setId(1); + user.setUserType(UserType.GENERAL_USER); Mockito.when(resourcesMapper.existResource("/ResourcesServiceTest.jar", 0)).thenReturn(true); Result result = resourcesService.verifyResourceName("/ResourcesServiceTest.jar", ResourceType.FILE, user); logger.info(result.toString()); @@ -414,37 +486,43 @@ public class ResourcesServiceTest { @Test public void testReadResource() { + PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 1, ApiFuncIdentificationConstant.FILE_VIEW, serviceLogger)).thenReturn(true); + PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, new Object[]{1}, 1, serviceLogger)).thenReturn(true); PowerMockito.when(PropertyUtils.getResUploadStartupState()).thenReturn(false); //HDFS_NOT_STARTUP - Result result = resourcesService.readResource(1, 1, 10); + Result result = resourcesService.readResource(getUser(), 1, 1, 10); logger.info(result.toString()); Assert.assertEquals(Status.STORAGE_NOT_STARTUP.getMsg(), result.getMsg()); //RESOURCE_NOT_EXIST Mockito.when(resourcesMapper.selectById(1)).thenReturn(getResource()); PowerMockito.when(PropertyUtils.getResUploadStartupState()).thenReturn(true); - result = resourcesService.readResource(2, 1, 10); + PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 1, ApiFuncIdentificationConstant.FILE_VIEW, serviceLogger)).thenReturn(true); + PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, new Object[]{2}, 1, serviceLogger)).thenReturn(true); + result = resourcesService.readResource(getUser(), 2, 1, 10); logger.info(result.toString()); Assert.assertEquals(Status.RESOURCE_NOT_EXIST.getMsg(), result.getMsg()); //RESOURCE_SUFFIX_NOT_SUPPORT_VIEW + PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 1, ApiFuncIdentificationConstant.FILE_VIEW, serviceLogger)).thenReturn(true); + PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, new Object[]{1}, 1, serviceLogger)).thenReturn(true); PowerMockito.when(FileUtils.getResourceViewSuffixes()).thenReturn("class"); PowerMockito.when(PropertyUtils.getResUploadStartupState()).thenReturn(true); - result = resourcesService.readResource(1, 1, 10); + result = resourcesService.readResource(getUser(), 1, 1, 10); logger.info(result.toString()); Assert.assertEquals(Status.RESOURCE_SUFFIX_NOT_SUPPORT_VIEW.getMsg(), result.getMsg()); //USER_NOT_EXIST PowerMockito.when(FileUtils.getResourceViewSuffixes()).thenReturn("jar"); PowerMockito.when(Files.getFileExtension("ResourcesServiceTest.jar")).thenReturn("jar"); - result = resourcesService.readResource(1, 1, 10); + result = resourcesService.readResource(getUser(), 1, 1, 10); logger.info(result.toString()); Assert.assertEquals(Status.USER_NOT_EXIST.getCode(), (int) result.getCode()); //TENANT_NOT_EXIST Mockito.when(userMapper.selectById(1)).thenReturn(getUser()); - result = resourcesService.readResource(1, 1, 10); + result = resourcesService.readResource(getUser(), 1, 1, 10); logger.info(result.toString()); Assert.assertEquals(Status.CURRENT_LOGIN_USER_TENANT_NOT_EXIST.getMsg(), result.getMsg()); @@ -455,7 +533,7 @@ public class ResourcesServiceTest { } catch (IOException e) { logger.error("hadoop error", e); } - result = resourcesService.readResource(1, 1, 10); + result = resourcesService.readResource(getUser(), 1, 1, 10); logger.info(result.toString()); Assert.assertEquals(Status.RESOURCE_FILE_NOT_EXIST.getCode(), (int) result.getCode()); @@ -467,7 +545,7 @@ public class ResourcesServiceTest { } catch (IOException e) { logger.error("storage error", e); } - result = resourcesService.readResource(1, 1, 10); + result = resourcesService.readResource(getUser(), 1, 1, 10); logger.info(result.toString()); Assert.assertEquals(Status.SUCCESS.getMsg(), result.getMsg()); @@ -476,10 +554,14 @@ public class ResourcesServiceTest { @Test public void testOnlineCreateResource() { + PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 1, ApiFuncIdentificationConstant.FILE_ONLINE_CREATE, serviceLogger)).thenReturn(true); + PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, null, 1, serviceLogger)).thenReturn(true); + PowerMockito.when(PropertyUtils.getResUploadStartupState()).thenReturn(false); PowerMockito.when(storageOperate.getResourceFileName(Mockito.anyString(), eq("hdfsdDir"))).thenReturn("hdfsDir"); PowerMockito.when(storageOperate.getUdfDir("udfDir")).thenReturn("udfDir"); User user = getUser(); + user.setId(1); //HDFS_NOT_STARTUP Result result = resourcesService.onlineCreateResource(user, ResourceType.FILE, "test", "jar", "desc", "content", -1, "/"); logger.info(result.toString()); @@ -503,6 +585,9 @@ public class ResourcesServiceTest { } //SUCCESS + PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 1, ApiFuncIdentificationConstant.FILE_RENAME, serviceLogger)).thenReturn(true); + PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, null, 1, serviceLogger)).thenReturn(true); + Mockito.when(FileUtils.getUploadFilename(Mockito.anyString(), Mockito.anyString())).thenReturn("test"); PowerMockito.when(FileUtils.writeContent2File(Mockito.anyString(), Mockito.anyString())).thenReturn(true); result = resourcesService.onlineCreateResource(user, ResourceType.FILE, "test", "jar", "desc", "content", -1, "/"); @@ -516,34 +601,41 @@ public class ResourcesServiceTest { PowerMockito.when(PropertyUtils.getResUploadStartupState()).thenReturn(false); // HDFS_NOT_STARTUP - Result result = resourcesService.updateResourceContent(1, "content"); + PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 1, ApiFuncIdentificationConstant.FILE_UPDATE, serviceLogger)).thenReturn(true); + PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, new Object[]{1}, 1, serviceLogger)).thenReturn(true); + + Result result = resourcesService.updateResourceContent(getUser(), 1, "content"); logger.info(result.toString()); Assert.assertEquals(Status.STORAGE_NOT_STARTUP.getMsg(), result.getMsg()); //RESOURCE_NOT_EXIST + PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 1, ApiFuncIdentificationConstant.FILE_UPDATE, serviceLogger)).thenReturn(true); + PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, new Object[]{2}, 1, serviceLogger)).thenReturn(true); PowerMockito.when(PropertyUtils.getResUploadStartupState()).thenReturn(true); Mockito.when(resourcesMapper.selectById(1)).thenReturn(getResource()); - result = resourcesService.updateResourceContent(2, "content"); + result = resourcesService.updateResourceContent(getUser(), 2, "content"); logger.info(result.toString()); Assert.assertEquals(Status.RESOURCE_NOT_EXIST.getMsg(), result.getMsg()); //RESOURCE_SUFFIX_NOT_SUPPORT_VIEW + PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 1, ApiFuncIdentificationConstant.FILE_UPDATE, serviceLogger)).thenReturn(true); + PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, new Object[]{1}, 1, serviceLogger)).thenReturn(true); PowerMockito.when(PropertyUtils.getResUploadStartupState()).thenReturn(true); PowerMockito.when(FileUtils.getResourceViewSuffixes()).thenReturn("class"); - result = resourcesService.updateResourceContent(1, "content"); + result = resourcesService.updateResourceContent(getUser(), 1, "content"); logger.info(result.toString()); Assert.assertEquals(Status.RESOURCE_SUFFIX_NOT_SUPPORT_VIEW.getMsg(), result.getMsg()); //USER_NOT_EXIST PowerMockito.when(FileUtils.getResourceViewSuffixes()).thenReturn("jar"); PowerMockito.when(Files.getFileExtension("ResourcesServiceTest.jar")).thenReturn("jar"); - result = resourcesService.updateResourceContent(1, "content"); + result = resourcesService.updateResourceContent(getUser(), 1, "content"); logger.info(result.toString()); Assert.assertTrue(Status.USER_NOT_EXIST.getCode() == result.getCode()); //TENANT_NOT_EXIST Mockito.when(userMapper.selectById(1)).thenReturn(getUser()); - result = resourcesService.updateResourceContent(1, "content"); + result = resourcesService.updateResourceContent(getUser(), 1, "content"); logger.info(result.toString()); Assert.assertTrue(Status.CURRENT_LOGIN_USER_TENANT_NOT_EXIST.getCode() == result.getCode()); @@ -551,7 +643,7 @@ public class ResourcesServiceTest { Mockito.when(tenantMapper.queryById(1)).thenReturn(getTenant()); Mockito.when(FileUtils.getUploadFilename(Mockito.anyString(), Mockito.anyString())).thenReturn("test"); PowerMockito.when(FileUtils.writeContent2File(Mockito.anyString(), Mockito.anyString())).thenReturn(true); - result = resourcesService.updateResourceContent(1, "content"); + result = resourcesService.updateResourceContent(getUser(), 1, "content"); logger.info(result.toString()); Assert.assertEquals(Status.SUCCESS.getMsg(), result.getMsg()); } @@ -559,18 +651,21 @@ public class ResourcesServiceTest { @Test public void testDownloadResource() { + PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 1, ApiFuncIdentificationConstant.FILE_DOWNLOAD, serviceLogger)).thenReturn(true); + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, new Object[]{1}, 1, serviceLogger)).thenReturn(true); + PowerMockito.when(PropertyUtils.getResUploadStartupState()).thenReturn(true); Mockito.when(tenantMapper.queryById(1)).thenReturn(getTenant()); Mockito.when(userMapper.selectById(1)).thenReturn(getUser()); org.springframework.core.io.Resource resourceMock = Mockito.mock(org.springframework.core.io.Resource.class); try { //resource null - org.springframework.core.io.Resource resource = resourcesService.downloadResource(1); + org.springframework.core.io.Resource resource = resourcesService.downloadResource(getUser(), 1); Assert.assertNull(resource); Mockito.when(resourcesMapper.selectById(1)).thenReturn(getResource()); PowerMockito.when(org.apache.dolphinscheduler.api.utils.FileUtils.file2Resource(Mockito.any())).thenReturn(resourceMock); - resource = resourcesService.downloadResource(1); + resource = resourcesService.downloadResource(getUser(), 1); Assert.assertNotNull(resource); } catch (Exception e) { logger.error("DownloadResource error", e); @@ -589,6 +684,7 @@ public class ResourcesServiceTest { // test admin user List resIds = new ArrayList<>(); resIds.add(1); + Mockito.when(resourcePermissionCheckService.functionDisabled()).thenReturn(true); Mockito.when(resourcesMapper.queryResourceExceptUserId(userId)).thenReturn(getResourceList()); Map result = resourcesService.authorizeResourceTree(user, userId); logger.info(result.toString()); @@ -617,6 +713,7 @@ public class ResourcesServiceTest { // test admin user List resIds = new ArrayList<>(); resIds.add(1); + Mockito.when(resourcePermissionCheckService.functionDisabled()).thenReturn(true); Mockito.when(resourcesMapper.queryResourceExceptUserId(userId)).thenReturn(getResourceList()); Mockito.when(resourceUserMapper.queryResourcesIdListByUserIdAndPerm(Mockito.anyInt(), Mockito.anyInt())).thenReturn(resIds); Mockito.when(resourcesMapper.queryResourceListById(Mockito.any())).thenReturn(getSingleResourceList()); @@ -645,6 +742,7 @@ public class ResourcesServiceTest { int userId = 3; // test admin user + Mockito.when(resourcePermissionCheckService.functionDisabled()).thenReturn(true); Mockito.when(udfFunctionMapper.queryUdfFuncExceptUserId(userId)).thenReturn(getUdfFuncList()); Mockito.when(udfFunctionMapper.queryAuthedUdfFunc(userId)).thenReturn(getSingleUdfFuncList()); Map result = resourcesService.unauthorizedUDFFunction(user, userId); @@ -671,6 +769,7 @@ public class ResourcesServiceTest { int userId = 3; // test admin user + Mockito.when(resourcePermissionCheckService.functionDisabled()).thenReturn(true); Mockito.when(udfFunctionMapper.queryAuthedUdfFunc(userId)).thenReturn(getUdfFuncList()); Map result = resourcesService.authorizedUDFFunction(user, userId); logger.info(result.toString()); @@ -699,6 +798,7 @@ public class ResourcesServiceTest { // test admin user List resIds = new ArrayList<>(); resIds.add(1); + Mockito.when(resourcePermissionCheckService.functionDisabled()).thenReturn(true); Mockito.when(resourceUserMapper.queryResourcesIdListByUserIdAndPerm(Mockito.anyInt(), Mockito.anyInt())).thenReturn(resIds); Mockito.when(resourcesMapper.queryResourceListById(Mockito.any())).thenReturn(getResourceList()); Map result = resourcesService.authorizedFile(user, userId); @@ -745,6 +845,13 @@ public class ResourcesServiceTest { return resources; } + private Set getSetIds() { + + Set resources = new HashSet<>(); + resources.add(1); + return resources; + } + private List getSingleResourceList() { return Collections.singletonList(getResource(1)); } @@ -834,6 +941,7 @@ public class ResourcesServiceTest { private User getUser() { User user = new User(); user.setId(1); + user.setUserType(UserType.GENERAL_USER); user.setTenantId(1); user.setTenantCode("tenantCode"); return user; diff --git a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/TaskGroupServiceTest.java b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/TaskGroupServiceTest.java index ddce9a310d..b0f6112171 100644 --- a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/TaskGroupServiceTest.java +++ b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/TaskGroupServiceTest.java @@ -17,10 +17,13 @@ package org.apache.dolphinscheduler.api.service; +import org.apache.dolphinscheduler.api.constants.ApiFuncIdentificationConstant; import org.apache.dolphinscheduler.api.enums.Status; +import org.apache.dolphinscheduler.api.service.impl.BaseServiceImpl; import org.apache.dolphinscheduler.api.service.impl.TaskGroupServiceImpl; import org.apache.dolphinscheduler.api.utils.PageInfo; import org.apache.dolphinscheduler.common.Constants; +import org.apache.dolphinscheduler.common.enums.AuthorizationType; import org.apache.dolphinscheduler.common.enums.Flag; import org.apache.dolphinscheduler.common.enums.UserType; import org.apache.dolphinscheduler.dao.entity.TaskGroup; @@ -28,12 +31,12 @@ import org.apache.dolphinscheduler.dao.entity.User; import org.apache.dolphinscheduler.dao.mapper.TaskGroupMapper; import org.apache.dolphinscheduler.dao.mapper.TaskGroupQueueMapper; import org.apache.dolphinscheduler.dao.mapper.UserMapper; +import org.apache.dolphinscheduler.service.permission.ResourcePermissionCheckService; import org.apache.dolphinscheduler.service.process.ProcessService; import java.util.ArrayList; import java.util.List; import java.util.Map; -import java.util.TreeMap; import org.junit.Assert; import org.junit.Test; @@ -80,6 +83,11 @@ public class TaskGroupServiceTest { private String userName = "taskGroupServiceTest"; + @Mock + private ResourcePermissionCheckService resourcePermissionCheckService; + + private static final Logger serviceLogger = LoggerFactory.getLogger(BaseServiceImpl.class); + /** * create admin user */ @@ -103,10 +111,27 @@ public class TaskGroupServiceTest { return list; } + @Test + public void forceStartTask() { + User loginUser = getLoginUser(); + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.TASK_GROUP, loginUser.getId(), ApiFuncIdentificationConstant.TASK_GROUP_QUEUE_START, serviceLogger)).thenReturn(false); + Map objectMap = taskGroupService.forceStartTask(loginUser, 1); + Assert.assertEquals(Status.NO_CURRENT_OPERATING_PERMISSION, objectMap.get(Constants.STATUS)); + } + + @Test + public void modifyPriority() { + User loginUser = getLoginUser(); + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.TASK_GROUP, loginUser.getId(), ApiFuncIdentificationConstant.TASK_GROUP_QUEUE_PRIORITY, serviceLogger)).thenReturn(false); + Map objectMap = taskGroupService.modifyPriority(loginUser, 1, 1); + Assert.assertEquals(Status.NO_CURRENT_OPERATING_PERMISSION, objectMap.get(Constants.STATUS)); + } + @Test public void testCreate() { User loginUser = getLoginUser(); TaskGroup taskGroup = getTaskGroup(); + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.TASK_GROUP, loginUser.getId(), ApiFuncIdentificationConstant.TASK_GROUP_CREATE, serviceLogger)).thenReturn(true); Mockito.when(taskGroupMapper.insert(taskGroup)).thenReturn(1); Mockito.when(taskGroupMapper.queryByName(loginUser.getId(), taskGroupName)).thenReturn(null); Map result = taskGroupService.createTaskGroup(loginUser,0L, taskGroupName, taskGroupDesc, 100); @@ -129,6 +154,8 @@ public class TaskGroupServiceTest { IPage page = new Page<>(1, 10); page.setRecords(getList()); User loginUser = getLoginUser(); + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.TASK_GROUP, loginUser.getId(), ApiFuncIdentificationConstant.TASK_GROUP_VIEW, serviceLogger)).thenReturn(true); + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.TASK_GROUP, null, 0, serviceLogger)).thenReturn(true); Mockito.when(taskGroupMapper.queryTaskGroupPaging(Mockito.any(Page.class), Mockito.eq(10), Mockito.eq(null), Mockito.eq(0))).thenReturn(page); @@ -145,6 +172,9 @@ public class TaskGroupServiceTest { TaskGroup taskGroup = getTaskGroup(); taskGroup.setStatus(Flag.YES.getCode()); // Task group status error + + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.TASK_GROUP, loginUser.getId(), ApiFuncIdentificationConstant.TASK_GROUP_EDIT, serviceLogger)).thenReturn(true); + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.TASK_GROUP, null, 0, serviceLogger)).thenReturn(true); Mockito.when(taskGroupMapper.selectById(1)).thenReturn(taskGroup); Map result = taskGroupService.updateTaskGroup(loginUser, 1, "newName", "desc", 100); logger.info(result.toString()); @@ -161,6 +191,8 @@ public class TaskGroupServiceTest { Mockito.when(taskGroupMapper.selectById(1)).thenReturn(taskGroup); //close failed + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.TASK_GROUP, loginUser.getId(), ApiFuncIdentificationConstant.TASK_GROUP_CLOSE, serviceLogger)).thenReturn(true); + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.TASK_GROUP, null, 0, serviceLogger)).thenReturn(true); Map result = taskGroupService.closeTaskGroup(loginUser, 1); Assert.assertEquals(Status.SUCCESS, result.get(Constants.STATUS)); diff --git a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/UdfFuncServiceTest.java b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/UdfFuncServiceTest.java index 632c7a7bed..521ba6ec0d 100644 --- a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/UdfFuncServiceTest.java +++ b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/UdfFuncServiceTest.java @@ -17,11 +17,13 @@ package org.apache.dolphinscheduler.api.service; +import org.apache.dolphinscheduler.api.constants.ApiFuncIdentificationConstant; import org.apache.dolphinscheduler.api.enums.Status; +import org.apache.dolphinscheduler.api.service.impl.BaseServiceImpl; import org.apache.dolphinscheduler.api.service.impl.UdfFuncServiceImpl; import org.apache.dolphinscheduler.api.utils.PageInfo; import org.apache.dolphinscheduler.api.utils.Result; -import org.apache.dolphinscheduler.common.Constants; +import org.apache.dolphinscheduler.common.enums.AuthorizationType; import org.apache.dolphinscheduler.common.enums.UdfType; import org.apache.dolphinscheduler.common.enums.UserType; import org.apache.dolphinscheduler.common.utils.PropertyUtils; @@ -35,10 +37,13 @@ import org.apache.dolphinscheduler.dao.mapper.UdfFuncMapper; import org.apache.commons.collections.CollectionUtils; import java.util.ArrayList; +import java.util.Collections; import java.util.Date; +import java.util.HashSet; import java.util.List; -import java.util.Map; +import java.util.Set; +import org.apache.dolphinscheduler.service.permission.ResourcePermissionCheckService; import org.junit.Assert; import org.junit.Before; import org.junit.Test; @@ -81,9 +86,17 @@ public class UdfFuncServiceTest { PowerMockito.mockStatic(PropertyUtils.class); } + @Mock + private ResourcePermissionCheckService resourcePermissionCheckService; + + private static final Logger serviceLogger = LoggerFactory.getLogger(BaseServiceImpl.class); + private static final Logger udfLogger = LoggerFactory.getLogger(UdfFuncServiceImpl.class); + @Test public void testCreateUdfFunction() { + PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.UDF, 1, ApiFuncIdentificationConstant.UDF_FUNCTION_CREATE, serviceLogger)).thenReturn(true); + PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.UDF, null, 0, serviceLogger)).thenReturn(true); PowerMockito.when(PropertyUtils.getResUploadStartupState()).thenReturn(false); //hdfs not start Result result = udfFuncService.createUdfFunction(getLoginUser(), "UdfFuncServiceTest", "org.apache.dolphinscheduler.api.service.UdfFuncServiceTest", "String", @@ -107,15 +120,19 @@ public class UdfFuncServiceTest { @Test public void testQueryUdfFuncDetail() { + PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.UDF, 1, ApiFuncIdentificationConstant.UDF_FUNCTION_VIEW, serviceLogger)).thenReturn(true); + PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.UDF, new Object[]{2}, 0, serviceLogger)).thenReturn(true); PowerMockito.when(udfFuncMapper.selectById(1)).thenReturn(getUdfFunc()); //resource not exist - Map result = udfFuncService.queryUdfFuncDetail(2); + Result result = udfFuncService.queryUdfFuncDetail(getLoginUser(), 2); logger.info(result.toString()); - Assert.assertEquals(Status.RESOURCE_NOT_EXIST,result.get(Constants.STATUS)); + Assert.assertTrue(Status.RESOURCE_NOT_EXIST.getCode() == result.getCode()); // success - result = udfFuncService.queryUdfFuncDetail(1); + PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.UDF, 1, ApiFuncIdentificationConstant.UDF_FUNCTION_VIEW, serviceLogger)).thenReturn(true); + PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.UDF, new Object[]{1}, 0, serviceLogger)).thenReturn(true); + result = udfFuncService.queryUdfFuncDetail(getLoginUser(), 1); logger.info(result.toString()); - Assert.assertEquals(Status.SUCCESS,result.get(Constants.STATUS)); + Assert.assertTrue(Status.SUCCESS.getCode() == result.getCode()); } @Test @@ -126,40 +143,49 @@ public class UdfFuncServiceTest { PowerMockito.when(resourceMapper.selectById(1)).thenReturn(getResource()); //UDF_FUNCTION_NOT_EXIST - Map result = udfFuncService.updateUdfFunc(12, "UdfFuncServiceTest", "org.apache.dolphinscheduler.api.service.UdfFuncServiceTest", "String", + PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.UDF, 1, ApiFuncIdentificationConstant.UDF_FUNCTION_UPDATE, serviceLogger)).thenReturn(true); + PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.UDF, new Object[]{1}, 0, serviceLogger)).thenReturn(true); + Result result = udfFuncService.updateUdfFunc(getLoginUser(), 12, "UdfFuncServiceTest", "org.apache.dolphinscheduler.api.service.UdfFuncServiceTest", "String", "UdfFuncServiceTest", "UdfFuncServiceTest", UdfType.HIVE, 1); logger.info(result.toString()); - Assert.assertEquals(Status.UDF_FUNCTION_NOT_EXIST,result.get(Constants.STATUS)); + Assert.assertTrue(Status.UDF_FUNCTION_NOT_EXIST.getCode() == result.getCode()); //HDFS_NOT_STARTUP - result = udfFuncService.updateUdfFunc(1, "UdfFuncServiceTest", "org.apache.dolphinscheduler.api.service.UdfFuncServiceTest", "String", + result = udfFuncService.updateUdfFunc(getLoginUser(), 1, "UdfFuncServiceTest", "org.apache.dolphinscheduler.api.service.UdfFuncServiceTest", "String", "UdfFuncServiceTest", "UdfFuncServiceTest", UdfType.HIVE, 1); logger.info(result.toString()); - Assert.assertEquals(Status.HDFS_NOT_STARTUP,result.get(Constants.STATUS)); + Assert.assertTrue(Status.HDFS_NOT_STARTUP.getCode() == result.getCode()); //RESOURCE_NOT_EXIST + PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.UDF, 1, ApiFuncIdentificationConstant.UDF_FUNCTION_UPDATE, serviceLogger)).thenReturn(true); + PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.UDF, new Object[]{12}, 0, serviceLogger)).thenReturn(true); PowerMockito.when(udfFuncMapper.selectUdfById(11)).thenReturn(getUdfFunc()); PowerMockito.when(PropertyUtils.getResUploadStartupState()).thenReturn(true); - result = udfFuncService.updateUdfFunc(11, "UdfFuncServiceTest", "org.apache.dolphinscheduler.api.service.UdfFuncServiceTest", "String", + result = udfFuncService.updateUdfFunc(getLoginUser(), 11, "UdfFuncServiceTest", "org.apache.dolphinscheduler.api.service.UdfFuncServiceTest", "String", "UdfFuncServiceTest", "UdfFuncServiceTest", UdfType.HIVE, 12); logger.info(result.toString()); - Assert.assertEquals(Status.RESOURCE_NOT_EXIST,result.get(Constants.STATUS)); + Assert.assertTrue(Status.RESOURCE_NOT_EXIST.getCode() == result.getCode()); //success - result = udfFuncService.updateUdfFunc(11, "UdfFuncServiceTest", "org.apache.dolphinscheduler.api.service.UdfFuncServiceTest", "String", + PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.UDF, 1, ApiFuncIdentificationConstant.UDF_FUNCTION_UPDATE, serviceLogger)).thenReturn(true); + PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.UDF, new Object[]{1}, 0, serviceLogger)).thenReturn(true); + result = udfFuncService.updateUdfFunc(getLoginUser(), 11, "UdfFuncServiceTest", "org.apache.dolphinscheduler.api.service.UdfFuncServiceTest", "String", "UdfFuncServiceTest", "UdfFuncServiceTest", UdfType.HIVE, 1); logger.info(result.toString()); - Assert.assertEquals(Status.SUCCESS,result.get(Constants.STATUS)); + Assert.assertTrue(Status.SUCCESS.getCode() == result.getCode()); } @Test public void testQueryUdfFuncListPaging() { + PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.UDF, 1, ApiFuncIdentificationConstant.UDF_FUNCTION_VIEW, serviceLogger)).thenReturn(true); + PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.UDF, null, 0, serviceLogger)).thenReturn(true); + PowerMockito.when(resourcePermissionCheckService.userOwnedResourceIdsAcquisition(AuthorizationType.UDF, 1, udfLogger)).thenReturn(getSetIds()); IPage page = new Page<>(1,10); page.setTotal(1L); page.setRecords(getList()); - Mockito.when(udfFuncMapper.queryUdfFuncPaging(Mockito.any(Page.class), Mockito.eq(0),Mockito.eq("test"))).thenReturn(page); + Mockito.when(udfFuncMapper.queryUdfFuncPaging(Mockito.any(Page.class), Mockito.anyList(),Mockito.eq("test"))).thenReturn(page); Result result = udfFuncService.queryUdfFuncListPaging(getLoginUser(),"test",1,10); logger.info(result.toString()); PageInfo pageInfo = (PageInfo) result.getData(); @@ -168,21 +194,29 @@ public class UdfFuncServiceTest { @Test public void testQueryUdfFuncList() { + PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.UDF, 1, ApiFuncIdentificationConstant.UDF_FUNCTION_VIEW, serviceLogger)).thenReturn(true); + PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.UDF, null, 1, serviceLogger)).thenReturn(true); + PowerMockito.when(resourcePermissionCheckService.userOwnedResourceIdsAcquisition(AuthorizationType.UDF, 1, udfLogger)).thenReturn(getSetIds()); + User user = getLoginUser(); user.setUserType(UserType.GENERAL_USER); - Mockito.when(udfFuncMapper.getUdfFuncByType(user.getId(), UdfType.HIVE.ordinal())).thenReturn(getList()); - Map result = udfFuncService.queryUdfFuncList(user,UdfType.HIVE.ordinal()); + user.setId(1); + Mockito.when(udfFuncMapper.getUdfFuncByType(Collections.singletonList(1), UdfType.HIVE.ordinal())).thenReturn(getList()); + Result result = udfFuncService.queryUdfFuncList(user,UdfType.HIVE.ordinal()); logger.info(result.toString()); - Assert.assertEquals(Status.SUCCESS,result.get(Constants.STATUS)); - List udfFuncList = (List) result.get(Constants.DATA_LIST); + Assert.assertTrue(Status.SUCCESS.getCode() == result.getCode()); + List udfFuncList = (List) result.getData(); Assert.assertTrue(CollectionUtils.isNotEmpty(udfFuncList)); } @Test public void testDelete() { + PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.UDF, 1, ApiFuncIdentificationConstant.UDF_FUNCTION_DELETE, serviceLogger)).thenReturn(true); + PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.UDF, new Object[]{122}, 0, serviceLogger)).thenReturn(true); + Mockito.when(udfFuncMapper.deleteById(Mockito.anyInt())).thenReturn(1); Mockito.when(udfUserMapper.deleteByUdfFuncId(Mockito.anyInt())).thenReturn(1); - Result result = udfFuncService.delete(122); + Result result = udfFuncService.delete(getLoginUser(), 122); logger.info(result.toString()); Assert.assertEquals(Status.SUCCESS.getMsg(),result.getMsg()); } @@ -190,17 +224,25 @@ public class UdfFuncServiceTest { @Test public void testVerifyUdfFuncByName() { + PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.UDF, 1, ApiFuncIdentificationConstant.UDF_FUNCTION_VIEW, serviceLogger)).thenReturn(true); + PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.UDF, null, 0, serviceLogger)).thenReturn(true); //success Mockito.when(udfFuncMapper.queryUdfByIdStr(null, "UdfFuncServiceTest")).thenReturn(getList()); - Result result = udfFuncService.verifyUdfFuncByName("test"); + Result result = udfFuncService.verifyUdfFuncByName(getLoginUser(), "test"); logger.info(result.toString()); Assert.assertEquals(Status.SUCCESS.getMsg(),result.getMsg()); //exist - result = udfFuncService.verifyUdfFuncByName("UdfFuncServiceTest"); + result = udfFuncService.verifyUdfFuncByName(getLoginUser(), "UdfFuncServiceTest"); logger.info(result.toString()); Assert.assertEquals(Status.UDF_FUNCTION_EXISTS.getMsg(),result.getMsg()); } + private Set getSetIds(){ + Set set = new HashSet(); + set.add(1); + return set; + } + /** * create admin user * @return diff --git a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/UsersServiceTest.java b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/UsersServiceTest.java index 3d7f7d4ff7..6d0b42a3dd 100644 --- a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/UsersServiceTest.java +++ b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/UsersServiceTest.java @@ -27,7 +27,6 @@ import org.apache.dolphinscheduler.api.service.impl.UsersServiceImpl; import org.apache.dolphinscheduler.api.utils.PageInfo; import org.apache.dolphinscheduler.api.utils.Result; import org.apache.dolphinscheduler.common.Constants; -import org.apache.dolphinscheduler.common.enums.AuthorizationType; import org.apache.dolphinscheduler.common.enums.UserType; import org.apache.dolphinscheduler.common.storage.StorageOperate; import org.apache.dolphinscheduler.common.utils.EncryptionUtils; @@ -44,7 +43,6 @@ import org.mockito.InjectMocks; import org.mockito.Mock; import org.mockito.Mockito; import org.mockito.junit.MockitoJUnitRunner; -import org.powermock.api.mockito.PowerMockito; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -52,7 +50,6 @@ import java.util.ArrayList; import java.util.List; import java.util.Map; -import static org.apache.dolphinscheduler.api.constants.ApiFuncIdentificationConstant.*; import static org.mockito.ArgumentMatchers.any; import static org.mockito.ArgumentMatchers.eq; import static org.mockito.Mockito.when; @@ -62,7 +59,7 @@ import static org.mockito.Mockito.when; */ @RunWith(MockitoJUnitRunner.Silent.class) public class UsersServiceTest { - private static final Logger baseServiceLogger = LoggerFactory.getLogger(BaseServiceImpl.class); + private static final Logger logger = LoggerFactory.getLogger(UsersServiceTest.class); @InjectMocks @@ -111,6 +108,7 @@ public class UsersServiceTest { @Before public void before() { + Mockito.when(resourcePermissionCheckService.functionDisabled()).thenReturn(false); } @After @@ -138,8 +136,6 @@ public class UsersServiceTest { int state = 1; try { //userName error - Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, user.getId(), USERS_CREATE , baseServiceLogger)).thenReturn(true); - Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null ,0, baseServiceLogger)).thenReturn(true); Map result = usersService.createUser(user, userName, userPassword, email, tenantId, phone, queueName, state); logger.info(result.toString()); Assert.assertEquals(Status.REQUEST_PARAMS_NOT_VALID_ERROR, result.get(Constants.STATUS)); @@ -230,20 +226,14 @@ public class UsersServiceTest { @Test public void testQueryUserList() { User user = new User(); - user.setUserType(UserType.GENERAL_USER); - user.setId(999); + //no operate - Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, user.getId(), null, baseServiceLogger)).thenReturn(true); - Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null, 1, baseServiceLogger)).thenReturn(true); Map result = usersService.queryUserList(user); logger.info(result.toString()); Assert.assertEquals(Status.USER_NO_OPERATION_PERM, result.get(Constants.STATUS)); //success user.setUserType(UserType.ADMIN_USER); - user.setId(1); - Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, user.getId(), USER_MANAGER, baseServiceLogger)).thenReturn(true); - Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null, 0, baseServiceLogger)).thenReturn(true); when(userMapper.selectList(null)).thenReturn(getUserList()); result = usersService.queryUserList(user); List userList = (List) result.get(Constants.DATA_LIST); @@ -258,17 +248,12 @@ public class UsersServiceTest { when(userMapper.queryUserPaging(any(Page.class), eq("userTest"))).thenReturn(page); //no operate - user.setUserType(UserType.GENERAL_USER); - Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, 99, USER_MANAGER, baseServiceLogger)).thenReturn(true); - Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null ,99, baseServiceLogger)).thenReturn(true); Result result = usersService.queryUserList(user, "userTest", 1, 10); logger.info(result.toString()); Assert.assertEquals(Status.USER_NO_OPERATION_PERM.getCode(), (int) result.getCode()); //success user.setUserType(UserType.ADMIN_USER); - Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, user.getId(), USER_MANAGER, baseServiceLogger)).thenReturn(true); - Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null ,0, baseServiceLogger)).thenReturn(true); result = usersService.queryUserList(user, "userTest", 1, 10); Assert.assertEquals(Status.SUCCESS.getCode(), (int) result.getCode()); PageInfo pageInfo = (PageInfo) result.getData(); @@ -281,11 +266,6 @@ public class UsersServiceTest { String userPassword = "userTest0001"; try { //user not exist - User user = new User(); - user.setUserType(UserType.ADMIN_USER); - user.setId(1); - Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, user.getId(),USER_UPDATE, baseServiceLogger)).thenReturn(true); - Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null ,0, baseServiceLogger)).thenReturn(true); Map result = usersService.updateUser(getLoginUser(), 0, userName, userPassword, "3443@qq.com", 1, "13457864543", "queue", 1, "Asia/Shanghai"); Assert.assertEquals(Status.USER_NOT_EXIST, result.get(Constants.STATUS)); logger.info(result.toString()); @@ -309,18 +289,12 @@ public class UsersServiceTest { when(userMapper.selectById(1)).thenReturn(getUser()); when(accessTokenMapper.deleteAccessTokenByUserId(1)).thenReturn(0); //no operate - loginUser.setUserType(UserType.GENERAL_USER); - Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, 990, USER_DELETE, baseServiceLogger)).thenReturn(true); - Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null ,990, baseServiceLogger)).thenReturn(true); Map result = usersService.deleteUserById(loginUser, 3); logger.info(result.toString()); Assert.assertEquals(Status.USER_NO_OPERATION_PERM, result.get(Constants.STATUS)); // user not exist loginUser.setUserType(UserType.ADMIN_USER); - loginUser.setId(1); - Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, 1, USER_DELETE,baseServiceLogger)).thenReturn(true); - Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null ,0, baseServiceLogger)).thenReturn(true); result = usersService.deleteUserById(loginUser, 3); logger.info(result.toString()); Assert.assertEquals(Status.USER_NOT_EXIST, result.get(Constants.STATUS)); @@ -372,8 +346,7 @@ public class UsersServiceTest { Mockito.when(this.userMapper.selectById(authorizer)).thenReturn(this.getUser()); Mockito.when(this.userMapper.selectById(projectCreator)).thenReturn(this.getUser()); Mockito.when(this.projectMapper.queryByCode(projectCode)).thenReturn(this.getProject()); - Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, 999, null, baseServiceLogger)).thenReturn(true); - Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null, 1, baseServiceLogger)).thenReturn(true); + // ERROR: USER_NOT_EXIST User loginUser = new User(); Map result = this.usersService.grantProjectByCode(loginUser, 999, projectCode); @@ -395,8 +368,6 @@ public class UsersServiceTest { // SUCCESS: USER IS PROJECT OWNER loginUser.setId(projectCreator); loginUser.setUserType(UserType.GENERAL_USER); - Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, loginUser.getId(), null, baseServiceLogger)).thenReturn(true); - Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, new Object[]{1}, loginUser.getId(), baseServiceLogger)).thenReturn(true); result = this.usersService.grantProjectByCode(loginUser, authorizer, projectCode); logger.info(result.toString()); Assert.assertEquals(Status.SUCCESS, result.get(Constants.STATUS)); @@ -404,8 +375,6 @@ public class UsersServiceTest { // SUCCESS: USER IS ADMINISTRATOR loginUser.setId(999); loginUser.setUserType(UserType.ADMIN_USER); - Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, loginUser.getId(), null, baseServiceLogger)).thenReturn(true); - Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, new Object[]{1}, 0, baseServiceLogger)).thenReturn(true); result = this.usersService.grantProjectByCode(loginUser, authorizer, projectCode); logger.info(result.toString()); Assert.assertEquals(Status.SUCCESS, result.get(Constants.STATUS)); @@ -419,19 +388,12 @@ public class UsersServiceTest { // user no permission User loginUser = new User(); - loginUser.setId(999); - loginUser.setUserType(UserType.GENERAL_USER); - PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, 999,null, baseServiceLogger)).thenReturn(true); - PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null, 2, baseServiceLogger)).thenReturn(true); Map result = this.usersService.revokeProject(loginUser, 1, projectCode); logger.info(result.toString()); Assert.assertEquals(Status.USER_NO_OPERATION_PERM, result.get(Constants.STATUS)); // user not exist loginUser.setUserType(UserType.ADMIN_USER); - loginUser.setId(1); - PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, loginUser.getId(),null, baseServiceLogger)).thenReturn(true); - PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null, 0, baseServiceLogger)).thenReturn(true); result = this.usersService.revokeProject(loginUser, 2, projectCode); logger.info(result.toString()); Assert.assertEquals(Status.USER_NOT_EXIST, result.get(Constants.STATUS)); @@ -489,8 +451,6 @@ public class UsersServiceTest { //user not exist loginUser.setUserType(UserType.ADMIN_USER); - Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, loginUser.getId(), null, baseServiceLogger)).thenReturn(true); - Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null ,0, baseServiceLogger)).thenReturn(true); Map result = usersService.grantNamespaces(loginUser, 2, namespaceIds); logger.info(result.toString()); Assert.assertEquals(Status.USER_NOT_EXIST, result.get(Constants.STATUS)); @@ -544,8 +504,6 @@ public class UsersServiceTest { loginUser.setUserName("admin"); loginUser.setUserType(UserType.ADMIN_USER); // get admin user - Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, loginUser.getId(), USER_MANAGER, baseServiceLogger)).thenReturn(true); - Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null ,0, baseServiceLogger)).thenReturn(true); Map result = usersService.getUserInfo(loginUser); logger.info(result.toString()); Assert.assertEquals(Status.SUCCESS, result.get(Constants.STATUS)); @@ -554,10 +512,8 @@ public class UsersServiceTest { Assert.assertEquals("admin", tempUser.getUserName()); //get general user - loginUser.setUserType(UserType.GENERAL_USER); + loginUser.setUserType(null); loginUser.setId(1); - Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, 1, null, baseServiceLogger)).thenReturn(true); - Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null ,0, baseServiceLogger)).thenReturn(true); when(userMapper.queryDetailsById(1)).thenReturn(getGeneralUser()); when(alertGroupMapper.queryByUserId(1)).thenReturn(getAlertGroups()); result = usersService.getUserInfo(loginUser); @@ -572,16 +528,11 @@ public class UsersServiceTest { public void testQueryAllGeneralUsers() { User loginUser = new User(); //no operate - loginUser.setUserType(UserType.GENERAL_USER); - Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, 99, USER_MANAGER, baseServiceLogger)).thenReturn(true); - Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null ,99, baseServiceLogger)).thenReturn(true); Map result = usersService.queryAllGeneralUsers(loginUser); logger.info(result.toString()); Assert.assertEquals(Status.USER_NO_OPERATION_PERM, result.get(Constants.STATUS)); //success loginUser.setUserType(UserType.ADMIN_USER); - Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, loginUser.getId(), USER_MANAGER, baseServiceLogger)).thenReturn(true); - Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null ,0, baseServiceLogger)).thenReturn(true); when(userMapper.queryAllGeneralUser()).thenReturn(getUserList()); result = usersService.queryAllGeneralUsers(loginUser); logger.info(result.toString()); @@ -592,9 +543,6 @@ public class UsersServiceTest { @Test public void testVerifyUserName() { - User user = new User(); - Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, user.getId(), null, baseServiceLogger)).thenReturn(true); - Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null ,0, baseServiceLogger)).thenReturn(true); //not exist user Result result = usersService.verifyUserName("admin89899"); logger.info(result.toString()); @@ -612,14 +560,9 @@ public class UsersServiceTest { when(userMapper.selectList(null)).thenReturn(getUserList()); when(userMapper.queryUserListByAlertGroupId(2)).thenReturn(getUserList()); //no operate - loginUser.setUserType(UserType.GENERAL_USER); - Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, 99, null, baseServiceLogger)).thenReturn(true); - Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null ,99, baseServiceLogger)).thenReturn(true); Map result = usersService.unauthorizedUser(loginUser, 2); logger.info(result.toString()); loginUser.setUserType(UserType.ADMIN_USER); - Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, loginUser.getId(), null, baseServiceLogger)).thenReturn(true); - Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null ,0, baseServiceLogger)).thenReturn(true); Assert.assertEquals(Status.USER_NO_OPERATION_PERM, result.get(Constants.STATUS)); //success result = usersService.unauthorizedUser(loginUser, 2); @@ -630,18 +573,13 @@ public class UsersServiceTest { @Test public void testAuthorizedUser() { User loginUser = new User(); - loginUser.setUserType(UserType.GENERAL_USER); when(userMapper.queryUserListByAlertGroupId(2)).thenReturn(getUserList()); //no operate - Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, loginUser.getId(), null, baseServiceLogger)).thenReturn(true); - Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null ,2, baseServiceLogger)).thenReturn(true); Map result = usersService.authorizedUser(loginUser, 2); logger.info(result.toString()); Assert.assertEquals(Status.USER_NO_OPERATION_PERM, result.get(Constants.STATUS)); //success loginUser.setUserType(UserType.ADMIN_USER); - Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, loginUser.getId(), null, baseServiceLogger)).thenReturn(true); - Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null ,0, baseServiceLogger)).thenReturn(true); result = usersService.authorizedUser(loginUser, 2); Assert.assertEquals(Status.SUCCESS, result.get(Constants.STATUS)); List userList = (List) result.get(Constants.DATA_LIST); @@ -695,15 +633,11 @@ public class UsersServiceTest { String userName = "userTest0002~"; try { //not admin - Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, 99, null, baseServiceLogger)).thenReturn(true); - Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null ,99, baseServiceLogger)).thenReturn(true); Map result = usersService.activateUser(user, userName); Assert.assertEquals(Status.USER_NO_OPERATION_PERM, result.get(Constants.STATUS)); //userName error user.setUserType(UserType.ADMIN_USER); - Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, user.getId(), null, baseServiceLogger)).thenReturn(true); - Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null ,0, baseServiceLogger)).thenReturn(true); result = usersService.activateUser(user, userName); Assert.assertEquals(Status.REQUEST_PARAMS_NOT_VALID_ERROR, result.get(Constants.STATUS)); @@ -739,16 +673,11 @@ public class UsersServiceTest { try { //not admin - Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, user.getId(), null, baseServiceLogger)).thenReturn(true); - Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null ,2, baseServiceLogger)).thenReturn(true); Map result = usersService.batchActivateUser(user, userNames); Assert.assertEquals(Status.USER_NO_OPERATION_PERM, result.get(Constants.STATUS)); //batch activate user names user.setUserType(UserType.ADMIN_USER); - user.setId(1); - Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, user.getId(), null, baseServiceLogger)).thenReturn(true); - Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null ,0, baseServiceLogger)).thenReturn(true); when(userMapper.queryByUserNameAccurately("userTest0001")).thenReturn(getUser()); when(userMapper.queryByUserNameAccurately("userTest0002")).thenReturn(getDisabledUser()); result = usersService.batchActivateUser(user, userNames); diff --git a/dolphinscheduler-common/src/main/java/org/apache/dolphinscheduler/common/enums/AuthorizationType.java b/dolphinscheduler-common/src/main/java/org/apache/dolphinscheduler/common/enums/AuthorizationType.java index bcfd44ccf4..f8654f4d1a 100644 --- a/dolphinscheduler-common/src/main/java/org/apache/dolphinscheduler/common/enums/AuthorizationType.java +++ b/dolphinscheduler-common/src/main/java/org/apache/dolphinscheduler/common/enums/AuthorizationType.java @@ -56,11 +56,13 @@ public enum AuthorizationType { QUEUE(10,"queue"), DATA_ANALYSIS(11,"data analysis"), K8S_NAMESPACE(12,"k8s namespace"), - MONITOR(13,"montitor"), + MONITOR(13,"monitor"), ALERT_PLUGIN_INSTANCE(14,"alert plugin instance"), TENANT(15,"tenant"), - USER(16,"user"), - DATA_QUALITY(17,"data quality"); + DATA_QUALITY(16,"data quality"), + TASK_GROUP(17,"task group"), + ; + AuthorizationType(int code, String descp) { this.code = code; this.descp = descp; diff --git a/dolphinscheduler-dao/src/main/java/org/apache/dolphinscheduler/dao/entity/TaskGroup.java b/dolphinscheduler-dao/src/main/java/org/apache/dolphinscheduler/dao/entity/TaskGroup.java index 2ec6d3bb4f..cbb3b3008c 100644 --- a/dolphinscheduler-dao/src/main/java/org/apache/dolphinscheduler/dao/entity/TaskGroup.java +++ b/dolphinscheduler-dao/src/main/java/org/apache/dolphinscheduler/dao/entity/TaskGroup.java @@ -33,7 +33,7 @@ public class TaskGroup implements Serializable { * key */ @TableId(value = "id", type = IdType.AUTO) - private int id; + private Integer id; /** * task_group name */ diff --git a/dolphinscheduler-dao/src/main/java/org/apache/dolphinscheduler/dao/mapper/AlertGroupMapper.java b/dolphinscheduler-dao/src/main/java/org/apache/dolphinscheduler/dao/mapper/AlertGroupMapper.java index 429548da3a..4ad4fe86ab 100644 --- a/dolphinscheduler-dao/src/main/java/org/apache/dolphinscheduler/dao/mapper/AlertGroupMapper.java +++ b/dolphinscheduler-dao/src/main/java/org/apache/dolphinscheduler/dao/mapper/AlertGroupMapper.java @@ -90,6 +90,6 @@ public interface AlertGroupMapper extends BaseMapper { * @param alertGroupsIds * @return */ - List listAuthorizedAlertGroupList (@Param("userId") int userId, @Param("alertGroupsIds")T[] alertGroupsIds); + List listAuthorizedAlertGroupList (@Param("userId") int userId, @Param("alertGroupsIds")List alertGroupsIds); } diff --git a/dolphinscheduler-dao/src/main/java/org/apache/dolphinscheduler/dao/mapper/ResourceMapper.java b/dolphinscheduler-dao/src/main/java/org/apache/dolphinscheduler/dao/mapper/ResourceMapper.java index 7b3c1c905a..4b8013d91a 100644 --- a/dolphinscheduler-dao/src/main/java/org/apache/dolphinscheduler/dao/mapper/ResourceMapper.java +++ b/dolphinscheduler-dao/src/main/java/org/apache/dolphinscheduler/dao/mapper/ResourceMapper.java @@ -62,9 +62,9 @@ public interface ResourceMapper extends BaseMapper { * @return resource page */ IPage queryResourcePaging(IPage page, - @Param("userId") int userId, @Param("id") int id, @Param("type") int type, + @Param("userId") int userId, @Param("searchVal") String searchVal, @Param("resIds") List resIds); diff --git a/dolphinscheduler-dao/src/main/java/org/apache/dolphinscheduler/dao/mapper/UdfFuncMapper.java b/dolphinscheduler-dao/src/main/java/org/apache/dolphinscheduler/dao/mapper/UdfFuncMapper.java index 85cf4833ae..340c3e9ce1 100644 --- a/dolphinscheduler-dao/src/main/java/org/apache/dolphinscheduler/dao/mapper/UdfFuncMapper.java +++ b/dolphinscheduler-dao/src/main/java/org/apache/dolphinscheduler/dao/mapper/UdfFuncMapper.java @@ -52,7 +52,7 @@ public interface UdfFuncMapper extends BaseMapper { * @return udf function IPage */ IPage queryUdfFuncPaging(IPage page, - @Param("userId") int userId, + @Param("ids") List ids, @Param("searchVal") String searchVal); /** @@ -61,7 +61,7 @@ public interface UdfFuncMapper extends BaseMapper { * @param type type * @return udf function list */ - List getUdfFuncByType(@Param("userId") int userId, + List getUdfFuncByType(@Param("ids") List ids, @Param("type") Integer type); /** @@ -107,5 +107,10 @@ public interface UdfFuncMapper extends BaseMapper { */ int batchUpdateUdfFunc(@Param("udfFuncList") List udfFuncList); - + /** + * listAuthorizedUdfByUserId + * @param userId + * @return + */ + List listAuthorizedUdfByUserId(@Param("userId") int userId); } diff --git a/dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/AccessTokenMapper.xml b/dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/AccessTokenMapper.xml index 315ca3fb97..cb375e170b 100644 --- a/dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/AccessTokenMapper.xml +++ b/dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/AccessTokenMapper.xml @@ -50,7 +50,7 @@ and t.user_id = #{userId} - + and t.id in #{id} diff --git a/dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/AlertGroupMapper.xml b/dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/AlertGroupMapper.xml index 4d45fc3c8f..991fbead2c 100644 --- a/dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/AlertGroupMapper.xml +++ b/dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/AlertGroupMapper.xml @@ -80,7 +80,7 @@ and ag.create_user_id = #{userId} - + and ag.id in #{id} diff --git a/dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/AlertPluginInstanceMapper.xml b/dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/AlertPluginInstanceMapper.xml index 80d247004d..fe25d8d1a3 100644 --- a/dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/AlertPluginInstanceMapper.xml +++ b/dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/AlertPluginInstanceMapper.xml @@ -59,12 +59,4 @@ where instance_name = #{instanceName} limit 1 - - - diff --git a/dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/ProjectUserMapper.xml b/dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/ProjectUserMapper.xml index cee724c91a..de74d6480c 100644 --- a/dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/ProjectUserMapper.xml +++ b/dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/ProjectUserMapper.xml @@ -37,5 +37,4 @@ and user_id = #{userId} limit 1 - diff --git a/dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/ResourceMapper.xml b/dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/ResourceMapper.xml index 95620abb72..c46697a033 100644 --- a/dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/ResourceMapper.xml +++ b/dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/ResourceMapper.xml @@ -60,17 +60,12 @@ ,u.user_name from t_ds_resources d,t_ds_user u - where d.type=#{type} and d.pid=#{id} and d.user_id=u.id - - and ( - d.user_id=#{userId} - - or d.id in - - #{i} - - - ) + where d.type=#{type} and d.pid=#{id} and u.id = #{userId} + + and d.id in + + #{i} + and d.alias like concat('%', #{searchVal}, '%') diff --git a/dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/UdfFuncMapper.xml b/dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/UdfFuncMapper.xml index 1f9e09e4d0..a981b3026b 100644 --- a/dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/UdfFuncMapper.xml +++ b/dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/UdfFuncMapper.xml @@ -62,11 +62,17 @@ and udf.func_name like concat('%', #{searchVal}, '%') - - and udf.id in ( - select udf_id from t_ds_relation_udfs_user where user_id=#{userId} - union select id as udf_id from t_ds_udfs where user_id=#{userId}) + + and udf.id in + + #{i} + + + + + + order by udf.create_time desc + select + + + + from t_ds_udfs udf + where 1=1 + + and udf.id in ( + select udf_id from t_ds_relation_udfs_user where user_id=#{userId} + union select id as udf_id from t_ds_udfs where user_id=#{userId}) + + diff --git a/dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/UserMapper.xml b/dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/UserMapper.xml index 36ae4dfb52..e38688939c 100644 --- a/dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/UserMapper.xml +++ b/dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/UserMapper.xml @@ -131,15 +131,4 @@ from t_ds_user u, t_ds_relation_project_user rel where u.id = rel.user_id and rel.project_id = #{projectId} - - diff --git a/dolphinscheduler-dao/src/test/java/org/apache/dolphinscheduler/dao/mapper/ResourceMapperTest.java b/dolphinscheduler-dao/src/test/java/org/apache/dolphinscheduler/dao/mapper/ResourceMapperTest.java index 46c4c8ab22..71cc52fb14 100644 --- a/dolphinscheduler-dao/src/test/java/org/apache/dolphinscheduler/dao/mapper/ResourceMapperTest.java +++ b/dolphinscheduler-dao/src/test/java/org/apache/dolphinscheduler/dao/mapper/ResourceMapperTest.java @@ -231,17 +231,17 @@ public class ResourceMapperTest extends BaseDaoTest { IPage resourceIPage = resourceMapper.queryResourcePaging( page, - 0, -1, resource.getType().ordinal(), + 1110, "", - new ArrayList<>() + new ArrayList<>(resource.getId()) ); IPage resourceIPage1 = resourceMapper.queryResourcePaging( page, - 1110, -1, resource.getType().ordinal(), + 1110, "", null ); diff --git a/dolphinscheduler-dao/src/test/java/org/apache/dolphinscheduler/dao/mapper/UdfFuncMapperTest.java b/dolphinscheduler-dao/src/test/java/org/apache/dolphinscheduler/dao/mapper/UdfFuncMapperTest.java index 474d5319a1..704bf0e131 100644 --- a/dolphinscheduler-dao/src/test/java/org/apache/dolphinscheduler/dao/mapper/UdfFuncMapperTest.java +++ b/dolphinscheduler-dao/src/test/java/org/apache/dolphinscheduler/dao/mapper/UdfFuncMapperTest.java @@ -27,6 +27,7 @@ import org.apache.dolphinscheduler.dao.entity.User; import java.util.ArrayList; import java.util.Arrays; +import java.util.Collections; import java.util.Date; import java.util.List; @@ -212,7 +213,8 @@ public class UdfFuncMapperTest extends BaseDaoTest { UdfFunc udfFunc = insertOne(user); //queryUdfFuncPaging Page page = new Page(1, 3); - IPage udfFuncIPage = udfFuncMapper.queryUdfFuncPaging(page, user.getId(), ""); + + IPage udfFuncIPage = udfFuncMapper.queryUdfFuncPaging(page, Collections.singletonList(udfFunc.getId()), ""); Assert.assertNotEquals(udfFuncIPage.getTotal(), 0); } @@ -227,7 +229,7 @@ public class UdfFuncMapperTest extends BaseDaoTest { //insertOne UdfFunc udfFunc = insertOne(user); //getUdfFuncByType - List udfFuncList = udfFuncMapper.getUdfFuncByType(user.getId(), udfFunc.getType().ordinal()); + List udfFuncList = udfFuncMapper.getUdfFuncByType(Collections.singletonList(udfFunc.getId()), udfFunc.getType().ordinal()); Assert.assertNotEquals(udfFuncList.size(), 0); } diff --git a/dolphinscheduler-service/src/main/java/org/apache/dolphinscheduler/service/permission/ResourcePermissionCheckService.java b/dolphinscheduler-service/src/main/java/org/apache/dolphinscheduler/service/permission/ResourcePermissionCheckService.java index c32a6fd381..5fe40d40d8 100644 --- a/dolphinscheduler-service/src/main/java/org/apache/dolphinscheduler/service/permission/ResourcePermissionCheckService.java +++ b/dolphinscheduler-service/src/main/java/org/apache/dolphinscheduler/service/permission/ResourcePermissionCheckService.java @@ -19,6 +19,7 @@ package org.apache.dolphinscheduler.service.permission; import org.apache.dolphinscheduler.common.enums.AuthorizationType; import org.slf4j.Logger; +import java.util.List; import java.util.Set; public interface ResourcePermissionCheckService{ @@ -30,7 +31,7 @@ public interface ResourcePermissionCheckService{ * @param logger * @return */ - boolean resourcePermissionCheck(AuthorizationType authorizationType, T[] needChecks, int userId, Logger logger); + boolean resourcePermissionCheck(AuthorizationType authorizationType, Object[] needChecks, Integer userId, Logger logger); /** * userOwnedResourceIdsAcquisition @@ -40,17 +41,17 @@ public interface ResourcePermissionCheckService{ * @param * @return */ - Set userOwnedResourceIdsAcquisition(AuthorizationType authorizationType, int userId, Logger logger); + Set userOwnedResourceIdsAcquisition(AuthorizationType authorizationType, Integer userId, Logger logger); /** * operationpermissionCheck * @param authorizationType * @param userId - * @param sourceUrl + * @param permissionKey * @param logger * @return */ - boolean operationPermissionCheck(AuthorizationType authorizationType, int userId, String sourceUrl, Logger logger); + boolean operationPermissionCheck(AuthorizationType authorizationType, Integer userId, String permissionKey, Logger logger); /** * functionDisabled diff --git a/dolphinscheduler-service/src/main/java/org/apache/dolphinscheduler/service/permission/ResourcePermissionCheckServiceImpl.java b/dolphinscheduler-service/src/main/java/org/apache/dolphinscheduler/service/permission/ResourcePermissionCheckServiceImpl.java index 2b111575b9..28986f8686 100644 --- a/dolphinscheduler-service/src/main/java/org/apache/dolphinscheduler/service/permission/ResourcePermissionCheckServiceImpl.java +++ b/dolphinscheduler-service/src/main/java/org/apache/dolphinscheduler/service/permission/ResourcePermissionCheckServiceImpl.java @@ -68,7 +68,7 @@ public class ResourcePermissionCheckServiceImpl implements ResourcePermissionChe } @Override - public boolean resourcePermissionCheck(AuthorizationType authorizationType, Object[] needChecks, int userId, Logger logger) { + public boolean resourcePermissionCheck(AuthorizationType authorizationType, Object[] needChecks, Integer userId, Logger logger) { if (Objects.nonNull(needChecks) && needChecks.length > 0){ Set originResSet = new HashSet<>(Arrays.asList(needChecks)); Set ownResSets = RESOURCE_LIST_MAP.get(authorizationType).listAuthorizedResource(userId, logger); @@ -79,8 +79,8 @@ public class ResourcePermissionCheckServiceImpl implements ResourcePermissionChe } @Override - public boolean operationPermissionCheck(AuthorizationType authorizationType, int userId, String sourceUrl, Logger logger) { - return RESOURCE_LIST_MAP.get(authorizationType).permissionCheck(userId, sourceUrl, logger); + public boolean operationPermissionCheck(AuthorizationType authorizationType, Integer userId, String permissionKey, Logger logger) { + return RESOURCE_LIST_MAP.get(authorizationType).permissionCheck(userId, permissionKey, logger); } @Override @@ -89,7 +89,7 @@ public class ResourcePermissionCheckServiceImpl implements ResourcePermissionChe } @Override - public Set userOwnedResourceIdsAcquisition(AuthorizationType authorizationType, int userId, Logger logger) { + public Set userOwnedResourceIdsAcquisition(AuthorizationType authorizationType, Integer userId, Logger logger) { User user = processService.getUserById(userId); if (user == null){ logger.error("user id {} doesn't exist", userId); @@ -99,13 +99,11 @@ public class ResourcePermissionCheckServiceImpl implements ResourcePermissionChe } @Component - public static class ProjectsResourceList implements ResourceAcquisitionAndPermissionCheck { + public static class ProjectsResourcePermissionCheck implements ResourceAcquisitionAndPermissionCheck { private final ProjectMapper projectMapper; - - - public ProjectsResourceList(ProjectMapper projectMapper) { + public ProjectsResourcePermissionCheck(ProjectMapper projectMapper) { this.projectMapper = projectMapper; } @@ -115,23 +113,118 @@ public class ResourcePermissionCheckServiceImpl implements ResourcePermissionChe } @Override - public boolean permissionCheck(int userId, String url, Logger logger) { + public boolean permissionCheck(int userId, String permissionKey, Logger logger) { + // all users can create projects return true; } + @Override public Set listAuthorizedResource(int userId, Logger logger) { return projectMapper.listAuthorizedProjects(userId, null).stream().map(Project::getId).collect(toSet()); } } + @Component + public static class MonitorResourcePermissionCheck implements ResourceAcquisitionAndPermissionCheck { + + @Override + public List authorizationTypes() { + return Collections.singletonList(AuthorizationType.MONITOR); + } + + @Override + public Set listAuthorizedResource(int userId, Logger logger) { + return null; + } + + @Override + public boolean permissionCheck(int userId, String permissionKey, Logger logger) { + return true; + } + } + + @Component + public static class FilePermissionCheck implements ResourceAcquisitionAndPermissionCheck { + + private final ResourceMapper resourceMapper; + + public FilePermissionCheck(ResourceMapper resourceMapper) { + this.resourceMapper = resourceMapper; + } + + @Override + public List authorizationTypes() { + return Arrays.asList(AuthorizationType.RESOURCE_FILE_ID, AuthorizationType.UDF_FILE); + } + + @Override + public Set listAuthorizedResource(int userId, Logger logger) { + List resources = resourceMapper.queryResourceList(null, userId, -1); + if (resources.isEmpty()){ + return Collections.emptySet(); + } + return resources.stream().map(Resource::getId).collect(toSet()); + } + + @Override + public boolean permissionCheck(int userId, String permissionKey, Logger logger) { + return true; + } + } + + @Component + public static class UdfFuncPermissionCheck implements ResourceAcquisitionAndPermissionCheck { + + private final UdfFuncMapper udfFuncMapper; + + public UdfFuncPermissionCheck(UdfFuncMapper udfFuncMapper) { + this.udfFuncMapper = udfFuncMapper; + } + + @Override + public List authorizationTypes() { + return Collections.singletonList(AuthorizationType.UDF); + } + + @Override + public Set listAuthorizedResource(int userId, Logger logger) { + List udfFuncList = udfFuncMapper.listAuthorizedUdfByUserId(userId); + if (udfFuncList.isEmpty()){ + return Collections.emptySet(); + } + return udfFuncList.stream().map(UdfFunc::getId).collect(toSet()); + } + + @Override + public boolean permissionCheck(int userId, String permissionKey, Logger logger) { + return true; + } + } + + @Component + public static class TaskGroupPermissionCheck implements ResourceAcquisitionAndPermissionCheck { + + @Override + public List authorizationTypes() { + return Collections.singletonList(AuthorizationType.TASK_GROUP); + } + + @Override + public Set listAuthorizedResource(int userId, Logger logger) { + return null; + } + + @Override + public boolean permissionCheck(int userId, String permissionKey, Logger logger) { + return true; + } + } @Component public static class K8sNamespaceResourceList implements ResourceAcquisitionAndPermissionCheck { private final K8sNamespaceMapper k8sNamespaceMapper; - - public K8sNamespaceResourceList(K8sNamespaceMapper k8sNamespaceMapper) { this.k8sNamespaceMapper = k8sNamespaceMapper; } @@ -158,8 +251,6 @@ public class ResourcePermissionCheckServiceImpl implements ResourcePermissionChe private final EnvironmentMapper environmentMapper; - - public EnvironmentResourceList(EnvironmentMapper environmentMapper) { this.environmentMapper = environmentMapper; } @@ -185,8 +276,6 @@ public class ResourcePermissionCheckServiceImpl implements ResourcePermissionChe private final QueueMapper queueMapper; - - public QueueResourceList(QueueMapper queueMapper) { this.queueMapper = queueMapper; } @@ -213,8 +302,6 @@ public class ResourcePermissionCheckServiceImpl implements ResourcePermissionChe private final WorkerGroupMapper workerGroupMapper; - - public WorkerGroupResourceList(WorkerGroupMapper workerGroupMapper) { this.workerGroupMapper = workerGroupMapper; } @@ -244,8 +331,6 @@ public class ResourcePermissionCheckServiceImpl implements ResourcePermissionChe private final AlertPluginInstanceMapper alertPluginInstanceMapper; - - public AlertPluginInstanceResourceList(AlertPluginInstanceMapper alertPluginInstanceMapper) { this.alertPluginInstanceMapper = alertPluginInstanceMapper; } @@ -275,8 +360,6 @@ public class ResourcePermissionCheckServiceImpl implements ResourcePermissionChe private final AlertGroupMapper alertGroupMapper; - - public AlertGroupResourceList(AlertGroupMapper alertGroupMapper) { this.alertGroupMapper = alertGroupMapper; } @@ -306,8 +389,6 @@ public class ResourcePermissionCheckServiceImpl implements ResourcePermissionChe private final TenantMapper tenantMapper; - - public TenantResourceList(TenantMapper tenantMapper) { this.tenantMapper = tenantMapper; } @@ -329,37 +410,6 @@ public class ResourcePermissionCheckServiceImpl implements ResourcePermissionChe } } - /** - * User Resource - */ - @Component - public static class UsersResourceList implements ResourceAcquisitionAndPermissionCheck { - - private final UserMapper userMapper; - - - - public UsersResourceList(UserMapper userMapper) { - this.userMapper = userMapper; - } - - @Override - public List authorizationTypes() { - return Collections.singletonList(AuthorizationType.USER); - } - - @Override - public boolean permissionCheck(int userId, String url, Logger logger) { - return true; - } - - - @Override - public Set listAuthorizedResource(int userId, Logger logger) { - return userMapper.listAuthorizedUsersList(userId, null).stream().map(User::getId).collect(toSet()); - } - } - /** * DataSource Resource */ @@ -506,7 +556,7 @@ public class ResourcePermissionCheckServiceImpl implements ResourcePermissionChe * @param userId * @return */ - boolean permissionCheck(int userId, String url, Logger logger); + boolean permissionCheck(int userId, String permissionKey, Logger logger); } }