You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@dolphinscheduler.apache.org by ca...@apache.org on 2022/11/03 01:13:03 UTC

[dolphinscheduler] branch dev updated: [Improvement-12650][Permission] Improve the check of resourcePermissionCheck() (#12652)

This is an automated email from the ASF dual-hosted git repository.

caishunfeng pushed a commit to branch dev
in repository https://gitbox.apache.org/repos/asf/dolphinscheduler.git


The following commit(s) were added to refs/heads/dev by this push:
     new 44e0935f56 [Improvement-12650][Permission] Improve the check of resourcePermissionCheck() (#12652)
44e0935f56 is described below

commit 44e0935f569d6a9dbf65ef1edaf91bd9e892c558
Author: rickchengx <38...@users.noreply.github.com>
AuthorDate: Thu Nov 3 09:12:56 2022 +0800

    [Improvement-12650][Permission] Improve the check of resourcePermissionCheck() (#12652)
---
 .../api/permission/ResourcePermissionCheckServiceImpl.java         | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/permission/ResourcePermissionCheckServiceImpl.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/permission/ResourcePermissionCheckServiceImpl.java
index 3f4cb01f40..3ee3fb9903 100644
--- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/permission/ResourcePermissionCheckServiceImpl.java
+++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/permission/ResourcePermissionCheckServiceImpl.java
@@ -113,10 +113,11 @@ public class ResourcePermissionCheckServiceImpl
         if (Objects.nonNull(needChecks) && needChecks.length > 0) {
             Set<?> originResSet = new HashSet<>(Arrays.asList(needChecks));
             Set<?> ownResSets = RESOURCE_LIST_MAP.get(authorizationType).listAuthorizedResource(userId, logger);
-            originResSet.removeAll(ownResSets);
-            if (CollectionUtils.isNotEmpty(originResSet))
+            boolean checkResult = ownResSets != null && ownResSets.containsAll(originResSet);
+            if (!checkResult) {
                 logger.warn("User does not have resource permission on associated resources, userId:{}", userId);
-            return CollectionUtils.isEmpty(originResSet);
+            }
+            return checkResult;
         }
         return true;
     }