Browse Source

[Fix-16428] only admin user can grant datasource (#16429)

* only admin user can grant datasource

* fix ut

---------

Co-authored-by: wangxj959 <wangxj959@chinaunicom.cn>
dev
wangxj3 5 months ago committed by GitHub
parent
commit
c97e82fae4
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
  1. 5
      dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UsersServiceImpl.java
  2. 2
      dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/UsersServiceTest.java

5
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UsersServiceImpl.java

@ -814,6 +814,11 @@ public class UsersServiceImpl extends BaseServiceImpl implements UsersService {
putMsg(result, Status.FUNCTION_DISABLED);
return result;
}
// only admin can operate
if (this.check(result, !this.isAdmin(loginUser), Status.USER_NO_OPERATION_PERM)) {
log.warn("Only admin can grant datasource.");
return result;
}
User user = userMapper.selectById(userId);
if (user == null) {
putMsg(result, Status.USER_NOT_EXIST, userId);

2
dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/UsersServiceTest.java

@ -572,7 +572,7 @@ public class UsersServiceTest {
loginUser.setUserType(UserType.GENERAL_USER);
result = usersService.grantDataSource(loginUser, userId, datasourceIds);
logger.info(result.toString());
Assertions.assertEquals(Status.SUCCESS, result.get(Constants.STATUS));
Assertions.assertEquals(Status.USER_NO_OPERATION_PERM, result.get(Constants.STATUS));
}

Loading…
Cancel
Save