You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@dolphinscheduler.apache.org by ca...@apache.org on 2022/11/03 01:13:03 UTC
[dolphinscheduler] branch dev updated: [Improvement-12650][Permission] Improve the check of resourcePermissionCheck() (#12652)
This is an automated email from the ASF dual-hosted git repository.
caishunfeng pushed a commit to branch dev
in repository https://gitbox.apache.org/repos/asf/dolphinscheduler.git
The following commit(s) were added to refs/heads/dev by this push:
new 44e0935f56 [Improvement-12650][Permission] Improve the check of resourcePermissionCheck() (#12652)
44e0935f56 is described below
commit 44e0935f569d6a9dbf65ef1edaf91bd9e892c558
Author: rickchengx <38...@users.noreply.github.com>
AuthorDate: Thu Nov 3 09:12:56 2022 +0800
[Improvement-12650][Permission] Improve the check of resourcePermissionCheck() (#12652)
---
.../api/permission/ResourcePermissionCheckServiceImpl.java | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/permission/ResourcePermissionCheckServiceImpl.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/permission/ResourcePermissionCheckServiceImpl.java
index 3f4cb01f40..3ee3fb9903 100644
--- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/permission/ResourcePermissionCheckServiceImpl.java
+++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/permission/ResourcePermissionCheckServiceImpl.java
@@ -113,10 +113,11 @@ public class ResourcePermissionCheckServiceImpl
if (Objects.nonNull(needChecks) && needChecks.length > 0) {
Set<?> originResSet = new HashSet<>(Arrays.asList(needChecks));
Set<?> ownResSets = RESOURCE_LIST_MAP.get(authorizationType).listAuthorizedResource(userId, logger);
- originResSet.removeAll(ownResSets);
- if (CollectionUtils.isNotEmpty(originResSet))
+ boolean checkResult = ownResSets != null && ownResSets.containsAll(originResSet);
+ if (!checkResult) {
logger.warn("User does not have resource permission on associated resources, userId:{}", userId);
- return CollectionUtils.isEmpty(originResSet);
+ }
+ return checkResult;
}
return true;
}