github
/
DolphinScheduler
mirror of https://gitee.com/dolphinscheduler/DolphinScheduler.git
1
0
Fork 0
Code Issues Releases Wiki Activity
Browse Source

Fixed the problem of not having permission to modify the allocated resource data. (#10410)

3.1.0-release
WangJPLeo 2 years ago committed by GitHub
parent
f4dad689d4
commit
c843e3a315
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 14 additions and 18 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 8
      dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/permission/ResourcePermissionCheckService.java
  2. 8
      dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/permission/ResourcePermissionCheckServiceImpl.java
  3. 5
      dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ResourcesServiceImpl.java
  4. 2
      dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UdfFuncServiceImpl.java
  5. 4
      dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/ResourcesServiceTest.java
  6. 5
      dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/UdfFuncServiceTest.java

8
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/permission/ResourcePermissionCheckService.java
Unescape View File

@ -31,7 +31,7 @@ public interface ResourcePermissionCheckService<T>{
* @param logger * @param logger
* @return * @return
*/ */
boolean resourcePermissionCheck(AuthorizationType authorizationType, Object[] needChecks, Integer userId, Logger logger); boolean resourcePermissionCheck(Object authorizationType, Object[] needChecks, Integer userId, Logger logger);
/** /**
* userOwnedResourceIdsAcquisition * userOwnedResourceIdsAcquisition
@ -41,7 +41,7 @@ public interface ResourcePermissionCheckService<T>{
* @param <T> * @param <T>
* @return * @return
*/ */
Set<T> userOwnedResourceIdsAcquisition(AuthorizationType authorizationType, Integer userId, Logger logger); Set<T> userOwnedResourceIdsAcquisition(Object authorizationType, Integer userId, Logger logger);
/** /**
* operationpermissionCheck * operationpermissionCheck
@ -51,7 +51,7 @@ public interface ResourcePermissionCheckService<T>{
* @param logger * @param logger
* @return * @return
*/ */
boolean operationPermissionCheck(AuthorizationType authorizationType, Integer userId, String permissionKey, Logger logger); boolean operationPermissionCheck(Object authorizationType, Integer userId, String permissionKey, Logger logger);
/** /**
* functionDisabled * functionDisabled
@ -65,5 +65,5 @@ public interface ResourcePermissionCheckService<T>{
* @param ids * @param ids
* @param logger * @param logger
*/ */
void postHandle(AuthorizationType authorizationType, Integer userId, List<Integer> ids, Logger logger); void postHandle(Object authorizationType, Integer userId, List<Integer> ids, Logger logger);
} }

8
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/permission/ResourcePermissionCheckServiceImpl.java
Unescape View File

@ -93,7 +93,7 @@ public class ResourcePermissionCheckServiceImpl implements ResourcePermissionChe
} }
@Override @Override
public boolean resourcePermissionCheck(AuthorizationType authorizationType, Object[] needChecks, Integer userId, Logger logger) { public boolean resourcePermissionCheck(Object authorizationType, Object[] needChecks, Integer userId, Logger logger) {
if (Objects.nonNull(needChecks) && needChecks.length > 0) { if (Objects.nonNull(needChecks) && needChecks.length > 0) {
Set<?> originResSet = new HashSet<>(Arrays.asList(needChecks)); Set<?> originResSet = new HashSet<>(Arrays.asList(needChecks));
Set<?> ownResSets = RESOURCE_LIST_MAP.get(authorizationType).listAuthorizedResource(userId, logger); Set<?> ownResSets = RESOURCE_LIST_MAP.get(authorizationType).listAuthorizedResource(userId, logger);
@ -104,7 +104,7 @@ public class ResourcePermissionCheckServiceImpl implements ResourcePermissionChe
} }
@Override @Override
public boolean operationPermissionCheck(AuthorizationType authorizationType, Integer userId, String permissionKey, Logger logger) { public boolean operationPermissionCheck(Object authorizationType, Integer userId, String permissionKey, Logger logger) {
return RESOURCE_LIST_MAP.get(authorizationType).permissionCheck(userId, permissionKey, logger); return RESOURCE_LIST_MAP.get(authorizationType).permissionCheck(userId, permissionKey, logger);
} }
@ -114,12 +114,12 @@ public class ResourcePermissionCheckServiceImpl implements ResourcePermissionChe
} }
@Override @Override
public void postHandle(AuthorizationType authorizationType, Integer userId, List<Integer> ids, Logger logger) { public void postHandle(Object authorizationType, Integer userId, List<Integer> ids, Logger logger) {
logger.debug("no post handle"); logger.debug("no post handle");
} }
@Override @Override
public Set<Object> userOwnedResourceIdsAcquisition(AuthorizationType authorizationType, Integer userId, Logger logger) { public Set<Object> userOwnedResourceIdsAcquisition(Object authorizationType, Integer userId, Logger logger) {
User user = processService.getUserById(userId); User user = processService.getUserById(userId);
if (user == null) { if (user == null) {
logger.error("user id {} doesn't exist", userId); logger.error("user id {} doesn't exist", userId);

5
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ResourcesServiceImpl.java
Unescape View File

@ -379,11 +379,6 @@ public class ResourcesServiceImpl extends BaseServiceImpl implements ResourcesSe
return result; return result;
} }
if (!canOperator(loginUser, resource.getUserId())) {
putMsg(result, Status.USER_NO_OPERATION_PERM);
return result;
}
if (file == null && name.equals(resource.getAlias()) && desc.equals(resource.getDescription())) { if (file == null && name.equals(resource.getAlias()) && desc.equals(resource.getDescription())) {
putMsg(result, Status.SUCCESS); putMsg(result, Status.SUCCESS);
return result; return result;

2
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UdfFuncServiceImpl.java
Unescape View File

@ -197,7 +197,7 @@ public class UdfFuncServiceImpl extends BaseServiceImpl implements UdfFuncServic
int resourceId) { int resourceId) {
Result<Object> result = new Result<>(); Result<Object> result = new Result<>();
boolean canOperatorPermissions = canOperatorPermissions(loginUser, new Object[]{resourceId}, AuthorizationType.UDF, ApiFuncIdentificationConstant.UDF_FUNCTION_UPDATE); boolean canOperatorPermissions = canOperatorPermissions(loginUser, new Object[]{udfFuncId}, AuthorizationType.UDF, ApiFuncIdentificationConstant.UDF_FUNCTION_UPDATE);
if (!canOperatorPermissions){ if (!canOperatorPermissions){
putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION); putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION);
return result; return result;

4
dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/ResourcesServiceTest.java
Unescape View File

@ -267,10 +267,10 @@ public class ResourcesServiceTest {
user.setId(2); user.setId(2);
user.setUserType(UserType.GENERAL_USER); user.setUserType(UserType.GENERAL_USER);
PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 2, ApiFuncIdentificationConstant.FILE_UPDATE, serviceLogger)).thenReturn(true); PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 2, ApiFuncIdentificationConstant.FILE_UPDATE, serviceLogger)).thenReturn(true);
PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, new Object[]{1}, 2, serviceLogger)).thenReturn(true); PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, new Object[]{1}, 2, serviceLogger)).thenReturn(false);
result = resourcesService.updateResource(user, 1, "ResourcesServiceTest", "ResourcesServiceTest", ResourceType.FILE, null); result = resourcesService.updateResource(user, 1, "ResourcesServiceTest", "ResourcesServiceTest", ResourceType.FILE, null);
logger.info(result.toString()); logger.info(result.toString());
Assert.assertEquals(Status.USER_NO_OPERATION_PERM.getMsg(), result.getMsg()); Assert.assertEquals(Status.NO_CURRENT_OPERATING_PERMISSION.getMsg(), result.getMsg());
//RESOURCE_NOT_EXIST //RESOURCE_NOT_EXIST
user.setId(1); user.setId(1);

5
dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/UdfFuncServiceTest.java
Unescape View File

@ -144,13 +144,14 @@ public class UdfFuncServiceTest {
//UDF_FUNCTION_NOT_EXIST //UDF_FUNCTION_NOT_EXIST
PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.UDF, 1, ApiFuncIdentificationConstant.UDF_FUNCTION_UPDATE, serviceLogger)).thenReturn(true); PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.UDF, 1, ApiFuncIdentificationConstant.UDF_FUNCTION_UPDATE, serviceLogger)).thenReturn(true);
PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.UDF, new Object[]{1}, 0, serviceLogger)).thenReturn(true); PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.UDF, new Object[]{12}, 0, serviceLogger)).thenReturn(true);
Result<Object> result = udfFuncService.updateUdfFunc(getLoginUser(), 12, "UdfFuncServiceTest", "org.apache.dolphinscheduler.api.service.UdfFuncServiceTest", "String", Result<Object> result = udfFuncService.updateUdfFunc(getLoginUser(), 12, "UdfFuncServiceTest", "org.apache.dolphinscheduler.api.service.UdfFuncServiceTest", "String",
"UdfFuncServiceTest", "UdfFuncServiceTest", UdfType.HIVE, 1); "UdfFuncServiceTest", "UdfFuncServiceTest", UdfType.HIVE, 1);
logger.info(result.toString()); logger.info(result.toString());
Assert.assertTrue(Status.UDF_FUNCTION_NOT_EXIST.getCode() == result.getCode()); Assert.assertTrue(Status.UDF_FUNCTION_NOT_EXIST.getCode() == result.getCode());
//HDFS_NOT_STARTUP //HDFS_NOT_STARTUP
PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.UDF, new Object[]{1}, 0, serviceLogger)).thenReturn(true);
result = udfFuncService.updateUdfFunc(getLoginUser(), 1, "UdfFuncServiceTest", "org.apache.dolphinscheduler.api.service.UdfFuncServiceTest", "String", result = udfFuncService.updateUdfFunc(getLoginUser(), 1, "UdfFuncServiceTest", "org.apache.dolphinscheduler.api.service.UdfFuncServiceTest", "String",
"UdfFuncServiceTest", "UdfFuncServiceTest", UdfType.HIVE, 1); "UdfFuncServiceTest", "UdfFuncServiceTest", UdfType.HIVE, 1);
logger.info(result.toString()); logger.info(result.toString());
@ -158,7 +159,7 @@ public class UdfFuncServiceTest {
//RESOURCE_NOT_EXIST //RESOURCE_NOT_EXIST
PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.UDF, 1, ApiFuncIdentificationConstant.UDF_FUNCTION_UPDATE, serviceLogger)).thenReturn(true); PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.UDF, 1, ApiFuncIdentificationConstant.UDF_FUNCTION_UPDATE, serviceLogger)).thenReturn(true);
PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.UDF, new Object[]{12}, 0, serviceLogger)).thenReturn(true); PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.UDF, new Object[]{11}, 0, serviceLogger)).thenReturn(true);
PowerMockito.when(udfFuncMapper.selectUdfById(11)).thenReturn(getUdfFunc()); PowerMockito.when(udfFuncMapper.selectUdfById(11)).thenReturn(getUdfFunc());
PowerMockito.when(PropertyUtils.getResUploadStartupState()).thenReturn(true); PowerMockito.when(PropertyUtils.getResUploadStartupState()).thenReturn(true);
result = udfFuncService.updateUdfFunc(getLoginUser(), 11, "UdfFuncServiceTest", "org.apache.dolphinscheduler.api.service.UdfFuncServiceTest", "String", result = udfFuncService.updateUdfFunc(getLoginUser(), 11, "UdfFuncServiceTest", "org.apache.dolphinscheduler.api.service.UdfFuncServiceTest", "String",

Write Preview
Loading…
Cancel
Save