From be230c611fdb9f37c55aac7063a340356bc22cfe Mon Sep 17 00:00:00 2001
From: ligang <ligang@analysys.com.cn>
Date: Tue, 14 May 2019 11:06:10 +0800
Subject: [PATCH] add Determine if the login user is the owner of the process
 definition

---
 .../escheduler/api/service/ProcessDefinitionService.java  | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/escheduler-api/src/main/java/cn/escheduler/api/service/ProcessDefinitionService.java b/escheduler-api/src/main/java/cn/escheduler/api/service/ProcessDefinitionService.java
index d9bdc3caab..7b20f516db 100644
--- a/escheduler-api/src/main/java/cn/escheduler/api/service/ProcessDefinitionService.java
+++ b/escheduler-api/src/main/java/cn/escheduler/api/service/ProcessDefinitionService.java
@@ -357,13 +357,19 @@ public class ProcessDefinitionService extends BaseDAGService {
             return checkResult;
         }
 
-
         ProcessDefinition processDefinition = processDefineMapper.queryByDefineId(processDefinitionId);
 
         if (processDefinition == null) {
             putMsg(result, Status.PROCESS_DEFINE_NOT_EXIST, processDefinitionId);
             return result;
         }
+
+        // Determine if the login user is the owner of the process definition
+        if (loginUser.getId() != processDefinition.getUserId()) {
+            putMsg(result, Status.USER_NO_OPERATION_PERM);
+            return result;
+        }
+
         // check process definition is already online
         if (processDefinition.getReleaseState() == ReleaseState.ONLINE) {
             putMsg(result, Status.PROCESS_DEFINE_STATE_ONLINE,processDefinitionId);