You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@dolphinscheduler.apache.org by le...@apache.org on 2022/06/12 10:27:59 UTC
[dolphinscheduler] branch dev updated: Fixed the problem of not having permission to modify the allocated resource data. (#10410)
This is an automated email from the ASF dual-hosted git repository.
leonbao pushed a commit to branch dev
in repository https://gitbox.apache.org/repos/asf/dolphinscheduler.git
The following commit(s) were added to refs/heads/dev by this push:
new c843e3a315 Fixed the problem of not having permission to modify the allocated resource data. (#10410)
c843e3a315 is described below
commit c843e3a31550c5a23c7e68624dfaa59bdd7957f8
Author: WangJPLeo <10...@users.noreply.github.com>
AuthorDate: Sun Jun 12 18:27:49 2022 +0800
Fixed the problem of not having permission to modify the allocated resource data. (#10410)
---
.../api/permission/ResourcePermissionCheckService.java | 8 ++++----
.../api/permission/ResourcePermissionCheckServiceImpl.java | 8 ++++----
.../dolphinscheduler/api/service/impl/ResourcesServiceImpl.java | 5 -----
.../dolphinscheduler/api/service/impl/UdfFuncServiceImpl.java | 2 +-
.../apache/dolphinscheduler/api/service/ResourcesServiceTest.java | 4 ++--
.../apache/dolphinscheduler/api/service/UdfFuncServiceTest.java | 5 +++--
6 files changed, 14 insertions(+), 18 deletions(-)
diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/permission/ResourcePermissionCheckService.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/permission/ResourcePermissionCheckService.java
index 5831d59027..0d85e9b7db 100644
--- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/permission/ResourcePermissionCheckService.java
+++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/permission/ResourcePermissionCheckService.java
@@ -31,7 +31,7 @@ public interface ResourcePermissionCheckService<T>{
* @param logger
* @return
*/
- boolean resourcePermissionCheck(AuthorizationType authorizationType, Object[] needChecks, Integer userId, Logger logger);
+ boolean resourcePermissionCheck(Object authorizationType, Object[] needChecks, Integer userId, Logger logger);
/**
* userOwnedResourceIdsAcquisition
@@ -41,7 +41,7 @@ public interface ResourcePermissionCheckService<T>{
* @param <T>
* @return
*/
- Set<T> userOwnedResourceIdsAcquisition(AuthorizationType authorizationType, Integer userId, Logger logger);
+ Set<T> userOwnedResourceIdsAcquisition(Object authorizationType, Integer userId, Logger logger);
/**
* operationpermissionCheck
@@ -51,7 +51,7 @@ public interface ResourcePermissionCheckService<T>{
* @param logger
* @return
*/
- boolean operationPermissionCheck(AuthorizationType authorizationType, Integer userId, String permissionKey, Logger logger);
+ boolean operationPermissionCheck(Object authorizationType, Integer userId, String permissionKey, Logger logger);
/**
* functionDisabled
@@ -65,5 +65,5 @@ public interface ResourcePermissionCheckService<T>{
* @param ids
* @param logger
*/
- void postHandle(AuthorizationType authorizationType, Integer userId, List<Integer> ids, Logger logger);
+ void postHandle(Object authorizationType, Integer userId, List<Integer> ids, Logger logger);
}
diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/permission/ResourcePermissionCheckServiceImpl.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/permission/ResourcePermissionCheckServiceImpl.java
index c69a8deec9..67e8da2eb8 100644
--- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/permission/ResourcePermissionCheckServiceImpl.java
+++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/permission/ResourcePermissionCheckServiceImpl.java
@@ -93,7 +93,7 @@ public class ResourcePermissionCheckServiceImpl implements ResourcePermissionChe
}
@Override
- public boolean resourcePermissionCheck(AuthorizationType authorizationType, Object[] needChecks, Integer userId, Logger logger) {
+ public boolean resourcePermissionCheck(Object authorizationType, Object[] needChecks, Integer userId, Logger logger) {
if (Objects.nonNull(needChecks) && needChecks.length > 0) {
Set<?> originResSet = new HashSet<>(Arrays.asList(needChecks));
Set<?> ownResSets = RESOURCE_LIST_MAP.get(authorizationType).listAuthorizedResource(userId, logger);
@@ -104,7 +104,7 @@ public class ResourcePermissionCheckServiceImpl implements ResourcePermissionChe
}
@Override
- public boolean operationPermissionCheck(AuthorizationType authorizationType, Integer userId, String permissionKey, Logger logger) {
+ public boolean operationPermissionCheck(Object authorizationType, Integer userId, String permissionKey, Logger logger) {
return RESOURCE_LIST_MAP.get(authorizationType).permissionCheck(userId, permissionKey, logger);
}
@@ -114,12 +114,12 @@ public class ResourcePermissionCheckServiceImpl implements ResourcePermissionChe
}
@Override
- public void postHandle(AuthorizationType authorizationType, Integer userId, List<Integer> ids, Logger logger) {
+ public void postHandle(Object authorizationType, Integer userId, List<Integer> ids, Logger logger) {
logger.debug("no post handle");
}
@Override
- public Set<Object> userOwnedResourceIdsAcquisition(AuthorizationType authorizationType, Integer userId, Logger logger) {
+ public Set<Object> userOwnedResourceIdsAcquisition(Object authorizationType, Integer userId, Logger logger) {
User user = processService.getUserById(userId);
if (user == null) {
logger.error("user id {} doesn't exist", userId);
diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ResourcesServiceImpl.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ResourcesServiceImpl.java
index 62d27a6ea3..5224e86525 100644
--- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ResourcesServiceImpl.java
+++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ResourcesServiceImpl.java
@@ -379,11 +379,6 @@ public class ResourcesServiceImpl extends BaseServiceImpl implements ResourcesSe
return result;
}
- if (!canOperator(loginUser, resource.getUserId())) {
- putMsg(result, Status.USER_NO_OPERATION_PERM);
- return result;
- }
-
if (file == null && name.equals(resource.getAlias()) && desc.equals(resource.getDescription())) {
putMsg(result, Status.SUCCESS);
return result;
diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UdfFuncServiceImpl.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UdfFuncServiceImpl.java
index 4823ebd352..010629756e 100644
--- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UdfFuncServiceImpl.java
+++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UdfFuncServiceImpl.java
@@ -197,7 +197,7 @@ public class UdfFuncServiceImpl extends BaseServiceImpl implements UdfFuncServic
int resourceId) {
Result<Object> result = new Result<>();
- boolean canOperatorPermissions = canOperatorPermissions(loginUser, new Object[]{resourceId}, AuthorizationType.UDF, ApiFuncIdentificationConstant.UDF_FUNCTION_UPDATE);
+ boolean canOperatorPermissions = canOperatorPermissions(loginUser, new Object[]{udfFuncId}, AuthorizationType.UDF, ApiFuncIdentificationConstant.UDF_FUNCTION_UPDATE);
if (!canOperatorPermissions){
putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION);
return result;
diff --git a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/ResourcesServiceTest.java b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/ResourcesServiceTest.java
index 3d0d13c7b6..452ae06510 100644
--- a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/ResourcesServiceTest.java
+++ b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/ResourcesServiceTest.java
@@ -267,10 +267,10 @@ public class ResourcesServiceTest {
user.setId(2);
user.setUserType(UserType.GENERAL_USER);
PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 2, ApiFuncIdentificationConstant.FILE_UPDATE, serviceLogger)).thenReturn(true);
- PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, new Object[]{1}, 2, serviceLogger)).thenReturn(true);
+ PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, new Object[]{1}, 2, serviceLogger)).thenReturn(false);
result = resourcesService.updateResource(user, 1, "ResourcesServiceTest", "ResourcesServiceTest", ResourceType.FILE, null);
logger.info(result.toString());
- Assert.assertEquals(Status.USER_NO_OPERATION_PERM.getMsg(), result.getMsg());
+ Assert.assertEquals(Status.NO_CURRENT_OPERATING_PERMISSION.getMsg(), result.getMsg());
//RESOURCE_NOT_EXIST
user.setId(1);
diff --git a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/UdfFuncServiceTest.java b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/UdfFuncServiceTest.java
index e9b7877bc8..6244b35c06 100644
--- a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/UdfFuncServiceTest.java
+++ b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/UdfFuncServiceTest.java
@@ -144,13 +144,14 @@ public class UdfFuncServiceTest {
//UDF_FUNCTION_NOT_EXIST
PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.UDF, 1, ApiFuncIdentificationConstant.UDF_FUNCTION_UPDATE, serviceLogger)).thenReturn(true);
- PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.UDF, new Object[]{1}, 0, serviceLogger)).thenReturn(true);
+ PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.UDF, new Object[]{12}, 0, serviceLogger)).thenReturn(true);
Result<Object> result = udfFuncService.updateUdfFunc(getLoginUser(), 12, "UdfFuncServiceTest", "org.apache.dolphinscheduler.api.service.UdfFuncServiceTest", "String",
"UdfFuncServiceTest", "UdfFuncServiceTest", UdfType.HIVE, 1);
logger.info(result.toString());
Assert.assertTrue(Status.UDF_FUNCTION_NOT_EXIST.getCode() == result.getCode());
//HDFS_NOT_STARTUP
+ PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.UDF, new Object[]{1}, 0, serviceLogger)).thenReturn(true);
result = udfFuncService.updateUdfFunc(getLoginUser(), 1, "UdfFuncServiceTest", "org.apache.dolphinscheduler.api.service.UdfFuncServiceTest", "String",
"UdfFuncServiceTest", "UdfFuncServiceTest", UdfType.HIVE, 1);
logger.info(result.toString());
@@ -158,7 +159,7 @@ public class UdfFuncServiceTest {
//RESOURCE_NOT_EXIST
PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.UDF, 1, ApiFuncIdentificationConstant.UDF_FUNCTION_UPDATE, serviceLogger)).thenReturn(true);
- PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.UDF, new Object[]{12}, 0, serviceLogger)).thenReturn(true);
+ PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.UDF, new Object[]{11}, 0, serviceLogger)).thenReturn(true);
PowerMockito.when(udfFuncMapper.selectUdfById(11)).thenReturn(getUdfFunc());
PowerMockito.when(PropertyUtils.getResUploadStartupState()).thenReturn(true);
result = udfFuncService.updateUdfFunc(getLoginUser(), 11, "UdfFuncServiceTest", "org.apache.dolphinscheduler.api.service.UdfFuncServiceTest", "String",