You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@dolphinscheduler.apache.org by le...@apache.org on 2022/06/22 07:53:43 UTC
[dolphinscheduler] branch dev updated: [Feature] [Permission]Data permission module added and Query class api remove verification. (#10504)
This is an automated email from the ASF dual-hosted git repository.
leonbao pushed a commit to branch dev
in repository https://gitbox.apache.org/repos/asf/dolphinscheduler.git
The following commit(s) were added to refs/heads/dev by this push:
new 20348578a2 [Feature] [Permission]Data permission module added and Query class api remove verification. (#10504)
20348578a2 is described below
commit 20348578a236881008a29b37a187dd4826427057
Author: WangJPLeo <10...@users.noreply.github.com>
AuthorDate: Wed Jun 22 15:53:36 2022 +0800
[Feature] [Permission]Data permission module added and Query class api remove verification. (#10504)
* Data permission module added
* ut fix.
* queueController ut fix.
* queue service ut fix.
* e2e rerun
---
.../constants/ApiFuncIdentificationConstant.java | 2 -
.../ResourcePermissionCheckServiceImpl.java | 197 ++++++++-------------
.../api/service/impl/AccessTokenServiceImpl.java | 13 +-
.../api/service/impl/AlertGroupServiceImpl.java | 5 -
.../impl/AlertPluginInstanceServiceImpl.java | 5 -
.../api/service/impl/DataAnalysisServiceImpl.java | 6 -
.../api/service/impl/DataSourceServiceImpl.java | 5 -
.../service/impl/DqExecuteResultServiceImpl.java | 4 -
.../api/service/impl/DqRuleServiceImpl.java | 4 -
.../api/service/impl/K8SNamespaceServiceImpl.java | 5 -
.../api/service/impl/MonitorServiceImpl.java | 16 --
.../api/service/impl/ProjectServiceImpl.java | 4 -
.../api/service/impl/QueueServiceImpl.java | 24 +--
.../api/service/impl/ResourcesServiceImpl.java | 42 +----
.../api/service/impl/TaskGroupServiceImpl.java | 12 +-
.../api/service/impl/TenantServiceImpl.java | 19 +-
.../api/service/impl/WorkerGroupServiceImpl.java | 9 +-
.../api/service/AccessTokenServiceTest.java | 9 +-
.../api/service/AlertGroupServiceTest.java | 12 +-
.../api/service/DataAnalysisServiceTest.java | 2 -
.../api/service/K8SNamespaceServiceTest.java | 2 -
.../api/service/MonitorServiceTest.java | 6 +-
.../api/service/QueueServiceTest.java | 25 ++-
.../api/service/ResourcesServiceTest.java | 18 +-
.../api/service/TaskGroupServiceTest.java | 2 +-
.../api/service/TenantServiceTest.java | 12 +-
.../api/service/WorkerGroupServiceTest.java | 1 +
.../dao/mapper/TaskGroupMapper.java | 11 +-
.../dolphinscheduler/dao/mapper/TenantMapper.java | 8 +-
.../dao/mapper/AccessTokenMapper.xml | 5 +-
.../dao/mapper/TaskGroupMapper.xml | 19 +-
.../dolphinscheduler/dao/mapper/TenantMapper.xml | 13 ++
.../dao/mapper/TaskGroupMapperTest.java | 3 +-
.../dao/mapper/TenantMapperTest.java | 4 +-
34 files changed, 219 insertions(+), 305 deletions(-)
diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/constants/ApiFuncIdentificationConstant.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/constants/ApiFuncIdentificationConstant.java
index 7618fcd047..035d582e06 100644
--- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/constants/ApiFuncIdentificationConstant.java
+++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/constants/ApiFuncIdentificationConstant.java
@@ -155,8 +155,6 @@ public class ApiFuncIdentificationConstant {
public static final String MONITOR_DATABASES_VIEW = "monitor:databases:view";
public static final String MONITOR_STATISTICS_VIEW = "monitor:statistics:view";
- public static final String MONITOR_EVENT_LIST_VIEW = "monitor:event:view";
- public static final String MONITOR_ALERT_LIST_VIEW = "monitor:alert:view";
public final static Map<ExecuteType,String> map = new HashMap<ExecuteType,String>();
diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/permission/ResourcePermissionCheckServiceImpl.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/permission/ResourcePermissionCheckServiceImpl.java
index 67e8da2eb8..e7f8ca1449 100644
--- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/permission/ResourcePermissionCheckServiceImpl.java
+++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/permission/ResourcePermissionCheckServiceImpl.java
@@ -35,13 +35,17 @@ package org.apache.dolphinscheduler.api.permission;
import static java.util.stream.Collectors.toSet;
+import org.apache.commons.collections.CollectionUtils;
import org.apache.dolphinscheduler.common.enums.AuthorizationType;
import org.apache.dolphinscheduler.common.enums.UserType;
import org.apache.dolphinscheduler.dao.entity.AccessToken;
import org.apache.dolphinscheduler.dao.entity.AlertGroup;
import org.apache.dolphinscheduler.dao.entity.DataSource;
import org.apache.dolphinscheduler.dao.entity.Project;
+import org.apache.dolphinscheduler.dao.entity.Queue;
import org.apache.dolphinscheduler.dao.entity.Resource;
+import org.apache.dolphinscheduler.dao.entity.TaskGroup;
+import org.apache.dolphinscheduler.dao.entity.Tenant;
import org.apache.dolphinscheduler.dao.entity.UdfFunc;
import org.apache.dolphinscheduler.dao.entity.User;
import org.apache.dolphinscheduler.dao.mapper.AccessTokenMapper;
@@ -55,11 +59,14 @@ import org.apache.dolphinscheduler.dao.mapper.K8sNamespaceMapper;
import org.apache.dolphinscheduler.dao.mapper.ProjectMapper;
import org.apache.dolphinscheduler.dao.mapper.QueueMapper;
import org.apache.dolphinscheduler.dao.mapper.ResourceMapper;
+import org.apache.dolphinscheduler.dao.mapper.ResourceUserMapper;
+import org.apache.dolphinscheduler.dao.mapper.TaskGroupMapper;
import org.apache.dolphinscheduler.dao.mapper.TenantMapper;
import org.apache.dolphinscheduler.dao.mapper.UdfFuncMapper;
import org.apache.dolphinscheduler.dao.mapper.WorkerGroupMapper;
import org.apache.dolphinscheduler.service.process.ProcessService;
+import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
@@ -68,6 +75,7 @@ import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
+import java.util.stream.Collectors;
import org.slf4j.Logger;
import org.springframework.beans.BeansException;
@@ -105,6 +113,14 @@ public class ResourcePermissionCheckServiceImpl implements ResourcePermissionChe
@Override
public boolean operationPermissionCheck(Object authorizationType, Integer userId, String permissionKey, Logger logger) {
+ User user = processService.getUserById(userId);
+ if (user == null) {
+ logger.error("user id {} doesn't exist", userId);
+ return false;
+ }
+ if (user.getUserType().equals(UserType.ADMIN_USER)) {
+ return true;
+ }
return RESOURCE_LIST_MAP.get(authorizationType).permissionCheck(userId, permissionKey, logger);
}
@@ -130,48 +146,59 @@ public class ResourcePermissionCheckServiceImpl implements ResourcePermissionChe
}
@Component
- public static class ProjectsResourcePermissionCheck implements ResourceAcquisitionAndPermissionCheck<Integer> {
+ public static class QueueResourcePermissionCheck implements ResourceAcquisitionAndPermissionCheck<Integer> {
- private final ProjectMapper projectMapper;
+ private final QueueMapper queueMapper;
- public ProjectsResourcePermissionCheck(ProjectMapper projectMapper) {
- this.projectMapper = projectMapper;
+ public QueueResourcePermissionCheck(QueueMapper queueMapper) {
+ this.queueMapper = queueMapper;
}
@Override
public List<AuthorizationType> authorizationTypes() {
- return Collections.singletonList(AuthorizationType.PROJECTS);
+ return Collections.singletonList(AuthorizationType.QUEUE);
}
@Override
public boolean permissionCheck(int userId, String permissionKey, Logger logger) {
- // all users can create projects
- return true;
+ // admin can create projects
+ return false;
}
@Override
public Set<Integer> listAuthorizedResource(int userId, Logger logger) {
- return projectMapper.listAuthorizedProjects(userId, null).stream().map(Project::getId).collect(toSet());
+ if (userId != 0) {
+ return Collections.emptySet();
+ }
+ List<Queue> queues = queueMapper.selectList(null);
+ return queues.isEmpty() ? Collections.emptySet() : queues.stream().map(Queue::getId).collect(toSet());
}
}
@Component
- public static class MonitorResourcePermissionCheck implements ResourceAcquisitionAndPermissionCheck<Integer> {
+ public static class ProjectsResourcePermissionCheck implements ResourceAcquisitionAndPermissionCheck<Integer> {
- @Override
- public List<AuthorizationType> authorizationTypes() {
- return Collections.singletonList(AuthorizationType.MONITOR);
+ private final ProjectMapper projectMapper;
+
+ public ProjectsResourcePermissionCheck(ProjectMapper projectMapper) {
+ this.projectMapper = projectMapper;
}
@Override
- public Set<Integer> listAuthorizedResource(int userId, Logger logger) {
- return null;
+ public List<AuthorizationType> authorizationTypes() {
+ return Collections.singletonList(AuthorizationType.PROJECTS);
}
@Override
public boolean permissionCheck(int userId, String permissionKey, Logger logger) {
+ // all users can create projects
return true;
}
+
+ @Override
+ public Set<Integer> listAuthorizedResource(int userId, Logger logger) {
+ return projectMapper.listAuthorizedProjects(userId, null).stream().map(Project::getId).collect(toSet());
+ }
}
@Component
@@ -179,8 +206,11 @@ public class ResourcePermissionCheckServiceImpl implements ResourcePermissionChe
private final ResourceMapper resourceMapper;
- public FilePermissionCheck(ResourceMapper resourceMapper) {
+ private final ResourceUserMapper resourceUserMapper;
+
+ public FilePermissionCheck(ResourceMapper resourceMapper, ResourceUserMapper resourceUserMapper) {
this.resourceMapper = resourceMapper;
+ this.resourceUserMapper = resourceUserMapper;
}
@Override
@@ -190,11 +220,17 @@ public class ResourcePermissionCheckServiceImpl implements ResourcePermissionChe
@Override
public Set<Integer> listAuthorizedResource(int userId, Logger logger) {
- List<Resource> resources = resourceMapper.queryResourceList(null, userId, -1);
- if (resources.isEmpty()){
- return Collections.emptySet();
+ List<Resource> relationResources;
+ if (userId == 0) {
+ relationResources = new ArrayList<>();
+ } else {
+ // query resource relation
+ List<Integer> resIds = resourceUserMapper.queryResourcesIdListByUserIdAndPerm(userId, 0);
+ relationResources = CollectionUtils.isEmpty(resIds) ? new ArrayList<>() : resourceMapper.queryResourceListById(resIds);
}
- return resources.stream().map(Resource::getId).collect(toSet());
+ List<Resource> ownResourceList = resourceMapper.queryResourceListAuthored(userId, -1);
+ relationResources.addAll(ownResourceList);
+ return ownResourceList.stream().map(Resource::getId).collect(toSet());
}
@Override
@@ -235,6 +271,12 @@ public class ResourcePermissionCheckServiceImpl implements ResourcePermissionChe
@Component
public static class TaskGroupPermissionCheck implements ResourceAcquisitionAndPermissionCheck<Integer> {
+ private final TaskGroupMapper taskGroupMapper;
+
+ public TaskGroupPermissionCheck(TaskGroupMapper taskGroupMapper) {
+ this.taskGroupMapper = taskGroupMapper;
+ }
+
@Override
public List<AuthorizationType> authorizationTypes() {
return Collections.singletonList(AuthorizationType.TASK_GROUP);
@@ -242,7 +284,11 @@ public class ResourcePermissionCheckServiceImpl implements ResourcePermissionChe
@Override
public Set<Integer> listAuthorizedResource(int userId, Logger logger) {
- return null;
+ List<TaskGroup> taskGroupList = taskGroupMapper.listAuthorizedResource(userId);
+ if (taskGroupList.isEmpty()) {
+ return Collections.emptySet();
+ }
+ return taskGroupList.stream().map(TaskGroup::getId).collect(Collectors.toSet());
}
@Override
@@ -267,7 +313,7 @@ public class ResourcePermissionCheckServiceImpl implements ResourcePermissionChe
@Override
public boolean permissionCheck(int userId, String url, Logger logger) {
- return true;
+ return false;
}
@Override
@@ -302,32 +348,6 @@ public class ResourcePermissionCheckServiceImpl implements ResourcePermissionChe
}
}
- @Component
- public static class QueueResourceList implements ResourceAcquisitionAndPermissionCheck<Integer> {
-
- private final QueueMapper queueMapper;
-
- public QueueResourceList(QueueMapper queueMapper) {
- this.queueMapper = queueMapper;
- }
-
- @Override
- public List<AuthorizationType> authorizationTypes() {
- return Collections.singletonList(AuthorizationType.QUEUE);
- }
-
- @Override
- public boolean permissionCheck(int userId, String url, Logger logger) {
- return true;
- }
-
- @Override
- public Set<Integer> listAuthorizedResource(int userId, Logger logger) {
- return Collections.emptySet();
- }
- }
-
-
@Component
public static class WorkerGroupResourceList implements ResourceAcquisitionAndPermissionCheck<Integer> {
@@ -344,7 +364,7 @@ public class ResourcePermissionCheckServiceImpl implements ResourcePermissionChe
@Override
public boolean permissionCheck(int userId, String url, Logger logger) {
- return true;
+ return false;
}
@@ -373,7 +393,7 @@ public class ResourcePermissionCheckServiceImpl implements ResourcePermissionChe
@Override
public boolean permissionCheck(int userId, String url, Logger logger) {
- return true;
+ return false;
}
@@ -402,7 +422,7 @@ public class ResourcePermissionCheckServiceImpl implements ResourcePermissionChe
@Override
public boolean permissionCheck(int userId, String url, Logger logger) {
- return true;
+ return false;
}
@@ -431,13 +451,17 @@ public class ResourcePermissionCheckServiceImpl implements ResourcePermissionChe
@Override
public boolean permissionCheck(int userId, String url, Logger logger) {
- return true;
+ return false;
}
@Override
public Set<Integer> listAuthorizedResource(int userId, Logger logger) {
- return Collections.emptySet();
+ if (userId != 0) {
+ return Collections.emptySet();
+ }
+ List<Tenant> tenantList = tenantMapper.queryAll();
+ return tenantList.stream().map(Tenant::getId).collect(Collectors.toSet());
}
}
@@ -449,8 +473,6 @@ public class ResourcePermissionCheckServiceImpl implements ResourcePermissionChe
private final DataSourceMapper dataSourceMapper;
-
-
public DataSourceResourceList(DataSourceMapper dataSourceMapper) {
this.dataSourceMapper = dataSourceMapper;
}
@@ -472,68 +494,6 @@ public class ResourcePermissionCheckServiceImpl implements ResourcePermissionChe
}
}
- /**
- * DataAnalysis Resource
- */
- @Component
- public static class DataAnalysisList implements ResourceAcquisitionAndPermissionCheck<Integer> {
-
- private final CommandMapper commandMapper;
-
-
-
- public DataAnalysisList(CommandMapper commandMapper) {
- this.commandMapper = commandMapper;
- }
-
- @Override
- public List<AuthorizationType> authorizationTypes() {
- return Collections.singletonList(AuthorizationType.DATA_ANALYSIS);
- }
-
- @Override
- public boolean permissionCheck(int userId, String url, Logger logger) {
- return true;
- }
-
-
- @Override
- public Set<Integer> listAuthorizedResource(int userId, Logger logger) {
- return Collections.emptySet();
- }
- }
-
- /**
- * DataQuality Resource
- */
- @Component
- public static class DataQualityList implements ResourceAcquisitionAndPermissionCheck<Integer> {
-
- private final DqRuleMapper dqRuleMapper;
-
-
-
- public DataQualityList(DqRuleMapper dqRuleMapper) {
- this.dqRuleMapper = dqRuleMapper;
- }
-
- @Override
- public List<AuthorizationType> authorizationTypes() {
- return Collections.singletonList(AuthorizationType.DATA_QUALITY);
- }
-
- @Override
- public boolean permissionCheck(int userId, String url, Logger logger) {
- return true;
- }
-
-
- @Override
- public Set<Integer> listAuthorizedResource(int userId, Logger logger) {
- return Collections.emptySet();
- }
- }
-
/**
* AccessToken Resource
*/
@@ -542,8 +502,6 @@ public class ResourcePermissionCheckServiceImpl implements ResourcePermissionChe
private final AccessTokenMapper accessTokenMapper;
-
-
public AccessTokenList(AccessTokenMapper accessTokenMapper) {
this.accessTokenMapper = accessTokenMapper;
}
@@ -555,10 +513,9 @@ public class ResourcePermissionCheckServiceImpl implements ResourcePermissionChe
@Override
public boolean permissionCheck(int userId, String url, Logger logger) {
- return true;
+ return false;
}
-
@Override
public Set<Integer> listAuthorizedResource(int userId, Logger logger) {
return accessTokenMapper.listAuthorizedAccessToken(userId, null).stream().map(AccessToken::getId).collect(toSet());
diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/AccessTokenServiceImpl.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/AccessTokenServiceImpl.java
index f2523faaee..1d0322677f 100644
--- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/AccessTokenServiceImpl.java
+++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/AccessTokenServiceImpl.java
@@ -70,10 +70,6 @@ public class AccessTokenServiceImpl extends BaseServiceImpl implements AccessTok
Result result = new Result();
PageInfo<AccessToken> pageInfo = new PageInfo<>(pageNo, pageSize);
Page<AccessToken> page = new Page<>(pageNo, pageSize);
- if (!canOperatorPermissions(loginUser,null,AuthorizationType.ACCESS_TOKEN,ACCESS_TOKEN_MANAGE)) {
- putMsg(result, Status.USER_NO_OPERATION_PERM);
- return result;
- }
int userId = loginUser.getId();
if (loginUser.getUserType() == UserType.ADMIN_USER) {
userId = 0;
@@ -97,13 +93,12 @@ public class AccessTokenServiceImpl extends BaseServiceImpl implements AccessTok
public Map<String, Object> queryAccessTokenByUser(User loginUser, Integer userId) {
Map<String, Object> result = new HashMap<>();
result.put(Constants.STATUS, false);
-
- // only admin can operate
- if (!canOperatorPermissions(loginUser,null, AuthorizationType.ACCESS_TOKEN,ACCESS_TOKEN_MANAGE)) {
+ // no permission
+ if (loginUser.getUserType().equals(UserType.GENERAL_USER) && loginUser.getId() != userId) {
putMsg(result, Status.USER_NO_OPERATION_PERM);
return result;
}
-
+ userId = loginUser.getUserType().equals(UserType.ADMIN_USER) ? 0 : userId;
// query access token for specified user
List<AccessToken> accessTokenList = this.accessTokenMapper.queryAccessTokenByUser(userId);
result.put(Constants.DATA_LIST, accessTokenList);
@@ -173,7 +168,7 @@ public class AccessTokenServiceImpl extends BaseServiceImpl implements AccessTok
@Override
public Map<String, Object> generateToken(User loginUser, int userId, String expireTime) {
Map<String, Object> result = new HashMap<>();
- if (!(canOperatorPermissions(loginUser,null,AuthorizationType.ACCESS_TOKEN, ACCESS_TOKEN_CREATE) || loginUser.getId() == userId)) {
+ if (!(canOperatorPermissions(loginUser,null, AuthorizationType.ACCESS_TOKEN, ACCESS_TOKEN_CREATE) || loginUser.getId() == userId)) {
putMsg(result, Status.USER_NO_OPERATION_PERM);
return result;
}
diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/AlertGroupServiceImpl.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/AlertGroupServiceImpl.java
index aba494633c..05a8eddd8a 100644
--- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/AlertGroupServiceImpl.java
+++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/AlertGroupServiceImpl.java
@@ -31,7 +31,6 @@ import org.apache.dolphinscheduler.dao.mapper.AlertGroupMapper;
import org.apache.commons.lang3.StringUtils;
import java.util.ArrayList;
-import java.util.Arrays;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
@@ -119,10 +118,6 @@ public class AlertGroupServiceImpl extends BaseServiceImpl implements AlertGroup
public Result listPaging(User loginUser, String searchVal, Integer pageNo, Integer pageSize) {
Result result = new Result();
- if (!canOperatorPermissions(loginUser,null,AuthorizationType.ALERT_GROUP,ALERT_GROUP_VIEW)) {
- putMsg(result,Status.USER_NO_OPERATION_PERM);
- return result;
- }
IPage<AlertGroup> alertGroupPage;
PageInfo<AlertGroup> pageInfo = new PageInfo<>(pageNo, pageSize);
Page<AlertGroup> page = new Page<>(pageNo, pageSize);
diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/AlertPluginInstanceServiceImpl.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/AlertPluginInstanceServiceImpl.java
index 438afbe677..d74f2329f0 100644
--- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/AlertPluginInstanceServiceImpl.java
+++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/AlertPluginInstanceServiceImpl.java
@@ -211,11 +211,6 @@ public class AlertPluginInstanceServiceImpl extends BaseServiceImpl implements A
public Result listPaging(User loginUser, String searchVal, int pageNo, int pageSize) {
Result result = new Result();
- if (!canOperatorPermissions(loginUser,null,AuthorizationType.ALERT_PLUGIN_INSTANCE, ApiFuncIdentificationConstant.ALARM_INSTANCE_MANAGE)) {
- putMsg(result,Status.USER_NO_OPERATION_PERM);
- return result;
- }
-
Page<AlertPluginInstance> page = new Page<>(pageNo, pageSize);
IPage<AlertPluginInstance> alertPluginInstanceIPage = alertPluginInstanceMapper.queryByInstanceNamePage(page, searchVal);
diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/DataAnalysisServiceImpl.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/DataAnalysisServiceImpl.java
index ffd8c7a8b0..f4f544bae6 100644
--- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/DataAnalysisServiceImpl.java
+++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/DataAnalysisServiceImpl.java
@@ -258,12 +258,6 @@ public class DataAnalysisServiceImpl extends BaseServiceImpl implements DataAnal
return result;
}
Long[] projectCodeArray = getProjectCodesArrays(projectIds.getLeft());
-
- // admin can view all
- if(!canOperatorPermissions(loginUser,null, AuthorizationType.DATA_ANALYSIS, ApiFuncIdentificationConstant.MONITOR_STATISTICS_VIEW)){
- putMsg(result, Status.USER_NO_OPERATION_PROJECT_PERM);
- return result;
- }
int userId = loginUser.getUserType() == UserType.ADMIN_USER ? 0 : loginUser.getId();
// count normal command state
diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/DataSourceServiceImpl.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/DataSourceServiceImpl.java
index e1a10119f7..e5dd5d65e8 100644
--- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/DataSourceServiceImpl.java
+++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/DataSourceServiceImpl.java
@@ -250,11 +250,6 @@ public class DataSourceServiceImpl extends BaseServiceImpl implements DataSource
IPage<DataSource> dataSourceList = null;
Page<DataSource> dataSourcePage = new Page<>(pageNo, pageSize);
PageInfo<DataSource> pageInfo = new PageInfo<>(pageNo, pageSize);
-
- if (!canOperatorPermissions(loginUser,null,AuthorizationType.DATASOURCE,DATASOURCE_LIST)) {
- putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION);
- return result;
- }
if (loginUser.getUserType().equals(UserType.ADMIN_USER)) {
dataSourceList = dataSourceMapper.selectPaging(dataSourcePage, UserType.ADMIN_USER.equals(loginUser.getUserType()) ? 0 : loginUser.getId(), searchVal);
} else {
diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/DqExecuteResultServiceImpl.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/DqExecuteResultServiceImpl.java
index 348af78d6d..c5ee6363a5 100644
--- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/DqExecuteResultServiceImpl.java
+++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/DqExecuteResultServiceImpl.java
@@ -71,10 +71,6 @@ public class DqExecuteResultServiceImpl extends BaseServiceImpl implements DqExe
if (StringUtils.isNotEmpty(endTime)) {
end = DateUtils.getScheduleDate(endTime);
}
- if(!canOperatorPermissions(loginUser,null, AuthorizationType.DATA_QUALITY,null)){
- putMsg(result, Status.USER_NO_OPERATION_PROJECT_PERM);
- return result;
- }
} catch (Exception e) {
putMsg(result, Status.REQUEST_PARAMS_NOT_VALID_ERROR, "startTime,endTime");
return result;
diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/DqRuleServiceImpl.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/DqRuleServiceImpl.java
index 89004645b0..a4f78ec830 100644
--- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/DqRuleServiceImpl.java
+++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/DqRuleServiceImpl.java
@@ -168,10 +168,6 @@ public class DqRuleServiceImpl extends BaseServiceImpl implements DqRuleService
if (StringUtils.isNotEmpty(endTime)) {
end = DateUtils.getScheduleDate(endTime);
}
- if(!canOperatorPermissions(loginUser,null, AuthorizationType.DATA_QUALITY,null)){
- putMsg(result, Status.USER_NO_OPERATION_PROJECT_PERM);
- return result;
- }
} catch (Exception e) {
putMsg(result, Status.REQUEST_PARAMS_NOT_VALID_ERROR, "startTime,endTime");
return result;
diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/K8SNamespaceServiceImpl.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/K8SNamespaceServiceImpl.java
index c12a25dc71..91d66b2c00 100644
--- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/K8SNamespaceServiceImpl.java
+++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/K8SNamespaceServiceImpl.java
@@ -80,11 +80,6 @@ public class K8SNamespaceServiceImpl extends BaseServiceImpl implements K8sNames
@Override
public Result queryListPaging(User loginUser, String searchVal, Integer pageNo, Integer pageSize) {
Result result = new Result();
- if (!canOperatorPermissions(loginUser,null, AuthorizationType.K8S_NAMESPACE,null)) {
- putMsg(result, Status.USER_NO_OPERATION_PERM);
- return result;
- }
-
Page<K8sNamespace> page = new Page<>(pageNo, pageSize);
IPage<K8sNamespace> k8sNamespaceList = k8sNamespaceMapper.queryK8sNamespacePaging(page, searchVal);
diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/MonitorServiceImpl.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/MonitorServiceImpl.java
index 356a015b7e..04debec555 100644
--- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/MonitorServiceImpl.java
+++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/MonitorServiceImpl.java
@@ -17,11 +17,9 @@
package org.apache.dolphinscheduler.api.service.impl;
-import org.apache.dolphinscheduler.api.constants.ApiFuncIdentificationConstant;
import org.apache.dolphinscheduler.api.enums.Status;
import org.apache.dolphinscheduler.api.service.MonitorService;
import org.apache.dolphinscheduler.common.Constants;
-import org.apache.dolphinscheduler.common.enums.AuthorizationType;
import org.apache.dolphinscheduler.common.enums.NodeType;
import org.apache.dolphinscheduler.common.model.Server;
import org.apache.dolphinscheduler.common.model.WorkerServerModel;
@@ -66,10 +64,6 @@ public class MonitorServiceImpl extends BaseServiceImpl implements MonitorServic
@Override
public Map<String, Object> queryDatabaseState(User loginUser) {
Map<String, Object> result = new HashMap<>();
- if (!canOperatorPermissions(loginUser, null, AuthorizationType.MONITOR, ApiFuncIdentificationConstant.MONITOR_DATABASES_VIEW)) {
- putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION);
- return result;
- }
List<MonitorRecord> monitorRecordList = monitorDBDao.queryDatabaseState();
result.put(Constants.DATA_LIST, monitorRecordList);
putMsg(result, Status.SUCCESS);
@@ -85,10 +79,6 @@ public class MonitorServiceImpl extends BaseServiceImpl implements MonitorServic
@Override
public Map<String, Object> queryMaster(User loginUser) {
Map<String, Object> result = new HashMap<>();
- if (!canOperatorPermissions(loginUser, null, AuthorizationType.MONITOR, ApiFuncIdentificationConstant.MONITOR_MASTER_VIEW)) {
- putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION);
- return result;
- }
List<Server> masterServers = getServerListFromRegistry(true);
result.put(Constants.DATA_LIST, masterServers);
putMsg(result, Status.SUCCESS);
@@ -106,12 +96,6 @@ public class MonitorServiceImpl extends BaseServiceImpl implements MonitorServic
public Map<String, Object> queryWorker(User loginUser) {
Map<String, Object> result = new HashMap<>();
-
- if (!canOperatorPermissions(loginUser, null, AuthorizationType.MONITOR, ApiFuncIdentificationConstant.MONITOR_WORKER_VIEW)) {
- putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION);
- return result;
- }
-
List<WorkerServerModel> workerServers = getServerListFromRegistry(false)
.stream()
.map((Server server) -> {
diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ProjectServiceImpl.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ProjectServiceImpl.java
index 79ab107090..17575f5dab 100644
--- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ProjectServiceImpl.java
+++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ProjectServiceImpl.java
@@ -230,10 +230,6 @@ public class ProjectServiceImpl extends BaseServiceImpl implements ProjectServic
Result result = new Result();
PageInfo<Project> pageInfo = new PageInfo<>(pageNo, pageSize);
Page<Project> page = new Page<>(pageNo, pageSize);
- if (!canOperatorPermissions(loginUser, null, AuthorizationType.PROJECTS, PROJECT)) {
- putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION);
- return result;
- }
Set<Integer> projectIds = resourcePermissionCheckService.userOwnedResourceIdsAcquisition(AuthorizationType.PROJECTS, loginUser.getId(), logger);
if (projectIds.isEmpty()) {
result.setData(pageInfo);
diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/QueueServiceImpl.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/QueueServiceImpl.java
index e7a244d2b5..1301540a46 100644
--- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/QueueServiceImpl.java
+++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/QueueServiceImpl.java
@@ -30,10 +30,12 @@ import org.apache.dolphinscheduler.dao.mapper.UserMapper;
import org.apache.commons.lang3.StringUtils;
+import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
+import java.util.Set;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -68,12 +70,13 @@ public class QueueServiceImpl extends BaseServiceImpl implements QueueService {
@Override
public Map<String, Object> queryList(User loginUser) {
Map<String, Object> result = new HashMap<>();
- if (!canOperatorPermissions(loginUser,null, AuthorizationType.QUEUE, YARN_QUEUE_MANAGE)) {
- putMsg(result, Status.USER_NO_OPERATION_PERM);
+ Set<Integer> ids = resourcePermissionCheckService.userOwnedResourceIdsAcquisition(AuthorizationType.QUEUE, loginUser.getId(), logger);
+ if (ids.isEmpty()) {
+ result.put(Constants.DATA_LIST, Collections.emptyList());
+ putMsg(result, Status.SUCCESS);
return result;
}
-
- List<Queue> queueList = queueMapper.selectList(null);
+ List<Queue> queueList = queueMapper.selectBatchIds(ids);
result.put(Constants.DATA_LIST, queueList);
putMsg(result, Status.SUCCESS);
@@ -92,17 +95,16 @@ public class QueueServiceImpl extends BaseServiceImpl implements QueueService {
@Override
public Result queryList(User loginUser, String searchVal, Integer pageNo, Integer pageSize) {
Result result = new Result();
- if (!canOperatorPermissions(loginUser,null,AuthorizationType.QUEUE,YARN_QUEUE_MANAGE)) {
- putMsg(result, Status.USER_NO_OPERATION_PERM);
+ PageInfo<Queue> pageInfo = new PageInfo<>(pageNo, pageSize);
+ Set<Integer> ids = resourcePermissionCheckService.userOwnedResourceIdsAcquisition(AuthorizationType.QUEUE, loginUser.getId(), logger);
+ if (ids.isEmpty()) {
+ result.setData(pageInfo);
+ putMsg(result, Status.SUCCESS);
return result;
}
-
Page<Queue> page = new Page<>(pageNo, pageSize);
-
IPage<Queue> queueList = queueMapper.queryQueuePaging(page, searchVal);
-
Integer count = (int) queueList.getTotal();
- PageInfo<Queue> pageInfo = new PageInfo<>(pageNo, pageSize);
pageInfo.setTotal(count);
pageInfo.setTotalList(queueList.getRecords());
result.setData(pageInfo);
@@ -174,7 +176,7 @@ public class QueueServiceImpl extends BaseServiceImpl implements QueueService {
@Override
public Map<String, Object> updateQueue(User loginUser, int id, String queue, String queueName) {
Map<String, Object> result = new HashMap<>();
- if (!canOperatorPermissions(loginUser,null, AuthorizationType.QUEUE,YARN_QUEUE_UPDATE)) {
+ if (!canOperatorPermissions(loginUser,new Object[]{id}, AuthorizationType.QUEUE,YARN_QUEUE_UPDATE)) {
putMsg(result, Status.USER_NO_OPERATION_PERM);
return result;
}
diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ResourcesServiceImpl.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ResourcesServiceImpl.java
index 5224e86525..73ceda882a 100644
--- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ResourcesServiceImpl.java
+++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ResourcesServiceImpl.java
@@ -619,13 +619,6 @@ public class ResourcesServiceImpl extends BaseServiceImpl implements ResourcesSe
@Override
public Result queryResourceListPaging(User loginUser, int directoryId, ResourceType type, String searchVal, Integer pageNo, Integer pageSize) {
Result<Object> result = new Result<>();
- String funcPermissionKey = type.equals(ResourceType.FILE) ? ApiFuncIdentificationConstant.FILE_VIEW : ApiFuncIdentificationConstant.UDF_FILE_VIEW;
- boolean canOperatorPermissions = canOperatorPermissions(loginUser, null, AuthorizationType.RESOURCE_FILE_ID, funcPermissionKey);
- if (!canOperatorPermissions){
- putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION);
- return result;
- }
-
Page<Resource> page = new Page<>(pageNo, pageSize);
if (directoryId != -1) {
Resource directory = resourcesMapper.selectById(directoryId);
@@ -729,13 +722,6 @@ public class ResourcesServiceImpl extends BaseServiceImpl implements ResourcesSe
public Map<String, Object> queryResourceList(User loginUser, ResourceType type) {
Map<String, Object> result = new HashMap<>();
- String funcPermissionKey = type.equals(ResourceType.FILE) ? ApiFuncIdentificationConstant.FILE_VIEW : ApiFuncIdentificationConstant.UDF_FILE_VIEW;
- boolean canOperatorPermissions = canOperatorPermissions(loginUser, null, AuthorizationType.RESOURCE_FILE_ID, funcPermissionKey);
- if (!canOperatorPermissions){
- putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION);
- return result;
- }
-
List<Resource> allResourceList = queryAuthoredResourceList(loginUser, type);
Visitor resourceTreeVisitor = new ResourceTreeVisitor(allResourceList);
result.put(Constants.DATA_LIST, resourceTreeVisitor.visit().getChildren());
@@ -754,12 +740,6 @@ public class ResourcesServiceImpl extends BaseServiceImpl implements ResourcesSe
@Override
public Result<Object> queryResourceByProgramType(User loginUser, ResourceType type, ProgramType programType) {
Result<Object> result = new Result<>();
- String funcPermissionKey = type.equals(ResourceType.FILE) ? ApiFuncIdentificationConstant.FILE_VIEW : ApiFuncIdentificationConstant.UDF_FILE_VIEW;
- boolean canOperatorPermissions = canOperatorPermissions(loginUser, null, AuthorizationType.RESOURCE_FILE_ID, funcPermissionKey);
- if (!canOperatorPermissions){
- putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION);
- return result;
- }
Set<Integer> resourceIds = resourcePermissionCheckService.userOwnedResourceIdsAcquisition(checkResourceType(type), loginUser.getId(), logger);
if (resourceIds.isEmpty()){
@@ -1575,23 +1555,13 @@ public class ResourcesServiceImpl extends BaseServiceImpl implements ResourcesSe
* @return all authored resource list
*/
private List<Resource> queryAuthoredResourceList(User loginUser, ResourceType type) {
- List<Resource> relationResources;
- int userId = loginUser.getId();
- if (isAdmin(loginUser)) {
- userId = 0;
- relationResources = new ArrayList<>();
- } else {
- // query resource relation
- relationResources = queryResourceList(userId, 0);
+ Set<Integer> resourceIds = resourcePermissionCheckService.userOwnedResourceIdsAcquisition(checkResourceType(type), loginUser.getId(), logger);
+ if (resourceIds.isEmpty()){
+ return Collections.emptyList();
}
- // filter by resource type
- List<Resource> relationTypeResources =
- relationResources.stream().filter(rs -> rs.getType() == type).collect(Collectors.toList());
-
- List<Resource> ownResourceList = resourcesMapper.queryResourceListAuthored(userId, type.ordinal());
- ownResourceList.addAll(relationTypeResources);
-
- return ownResourceList;
+ List<Resource> resources = resourcesMapper.selectBatchIds(resourceIds);
+ resources = resources.stream().filter(rs -> rs.getType() == type).collect(Collectors.toList());
+ return resources;
}
/**
diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/TaskGroupServiceImpl.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/TaskGroupServiceImpl.java
index 62c38ee05e..5941196ed1 100644
--- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/TaskGroupServiceImpl.java
+++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/TaskGroupServiceImpl.java
@@ -45,6 +45,7 @@ import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
+import java.util.Set;
/**
* task Group Service
@@ -267,13 +268,14 @@ public class TaskGroupServiceImpl extends BaseServiceImpl implements TaskGroupSe
public Map<String, Object> doQuery(User loginUser, int pageNo, int pageSize, int userId, String name, Integer status) {
Map<String, Object> result = new HashMap<>();
Page<TaskGroup> page = new Page<>(pageNo, pageSize);
-
- boolean canOperatorPermissions = canOperatorPermissions(loginUser, null, AuthorizationType.TASK_GROUP, ApiFuncIdentificationConstant.TASK_GROUP_VIEW);
- if (!canOperatorPermissions){
- putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION);
+ PageInfo<TaskGroup> pageInfo = new PageInfo<>(pageNo, pageSize);
+ Set<Integer> ids = resourcePermissionCheckService.userOwnedResourceIdsAcquisition(AuthorizationType.TASK_GROUP, userId, logger);
+ if (ids.isEmpty()) {
+ result.put(Constants.DATA_LIST, pageInfo);
+ putMsg(result, Status.SUCCESS);
return result;
}
- IPage<TaskGroup> taskGroupPaging = taskGroupMapper.queryTaskGroupPaging(page, userId, name, status);
+ IPage<TaskGroup> taskGroupPaging = taskGroupMapper.queryTaskGroupPaging(page, new ArrayList<>(ids), name, status);
return getStringObjectMap(pageNo, pageSize, result, taskGroupPaging);
}
diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/TenantServiceImpl.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/TenantServiceImpl.java
index e479d8645b..a3c4e30ef6 100644
--- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/TenantServiceImpl.java
+++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/TenantServiceImpl.java
@@ -150,14 +150,16 @@ public class TenantServiceImpl extends BaseServiceImpl implements TenantService
public Result<Object> queryTenantList(User loginUser, String searchVal, Integer pageNo, Integer pageSize) {
Result<Object> result = new Result<>();
- if (!canOperatorPermissions(loginUser,null,AuthorizationType.TENANT,TENANT_MANAGER)) {
- putMsg(result, Status.USER_NO_OPERATION_PERM);
+ PageInfo<Tenant> pageInfo = new PageInfo<>(pageNo, pageSize);
+ Set<Integer> ids = resourcePermissionCheckService.userOwnedResourceIdsAcquisition(AuthorizationType.TENANT, loginUser.getId(), logger);
+ if (ids.isEmpty()) {
+ result.setData(pageInfo);
+ putMsg(result, Status.SUCCESS);
return result;
}
Page<Tenant> page = new Page<>(pageNo, pageSize);
- IPage<Tenant> tenantPage = tenantMapper.queryTenantPaging(page, searchVal);
+ IPage<Tenant> tenantPage = tenantMapper.queryTenantPaging(page, new ArrayList<>(ids), searchVal);
- PageInfo<Tenant> pageInfo = new PageInfo<>(pageNo, pageSize);
pageInfo.setTotal((int) tenantPage.getTotal());
pageInfo.setTotalList(tenantPage.getRecords());
result.setData(pageInfo);
@@ -298,14 +300,15 @@ public class TenantServiceImpl extends BaseServiceImpl implements TenantService
public Map<String, Object> queryTenantList(User loginUser) {
Map<String, Object> result = new HashMap<>();
- if (!canOperatorPermissions(loginUser,null,AuthorizationType.TENANT,TENANT_MANAGER)) {
- putMsg(result, Status.USER_NO_OPERATION_PERM);
+ Set<Integer> ids = resourcePermissionCheckService.userOwnedResourceIdsAcquisition(AuthorizationType.TENANT, loginUser.getId(), logger);
+ if (ids.isEmpty()) {
+ result.put(Constants.DATA_LIST, Collections.emptyList());
+ putMsg(result, Status.SUCCESS);
return result;
}
- List<Tenant> resourceList = tenantMapper.selectList(null);
+ List<Tenant> resourceList = tenantMapper.selectBatchIds(ids);
result.put(Constants.DATA_LIST, resourceList);
putMsg(result, Status.SUCCESS);
-
return result;
}
diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/WorkerGroupServiceImpl.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/WorkerGroupServiceImpl.java
index afa97c169a..d371d32c18 100644
--- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/WorkerGroupServiceImpl.java
+++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/WorkerGroupServiceImpl.java
@@ -124,7 +124,9 @@ public class WorkerGroupServiceImpl extends BaseServiceImpl implements WorkerGro
workerGroupMapper.insert(workerGroup);
}
putMsg(result, Status.SUCCESS);
- permissionPostHandle(AuthorizationType.WORKER_GROUP, loginUser.getId(), Collections.singletonList(workerGroup.getId()),logger);
+ if (id != 0) {
+ permissionPostHandle(AuthorizationType.WORKER_GROUP, loginUser.getId(), Collections.singletonList(workerGroup.getId()),logger);
+ }
return result;
}
@@ -189,11 +191,6 @@ public class WorkerGroupServiceImpl extends BaseServiceImpl implements WorkerGro
int toIndex = (pageNo - 1) * pageSize + pageSize;
Result result = new Result();
- if (!canOperatorPermissions(loginUser,null,AuthorizationType.WORKER_GROUP,WORKER_GROUP_MANAGE)) {
- putMsg(result,Status.USER_NO_OPERATION_PERM);
- return result;
- }
-
List<WorkerGroup> workerGroups = new ArrayList<>();
if (loginUser.getUserType().equals(UserType.ADMIN_USER)) {
workerGroups = getWorkerGroups(true);
diff --git a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/AccessTokenServiceTest.java b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/AccessTokenServiceTest.java
index 29eb4578b7..46fc31b487 100644
--- a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/AccessTokenServiceTest.java
+++ b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/AccessTokenServiceTest.java
@@ -40,7 +40,6 @@ import java.util.Calendar;
import java.util.Date;
import java.util.List;
import java.util.Map;
-import java.util.Optional;
import org.apache.dolphinscheduler.api.permission.ResourcePermissionCheckService;
import org.assertj.core.util.Lists;
@@ -83,8 +82,6 @@ public class AccessTokenServiceTest {
User user = new User();
user.setId(1);
user.setUserType(UserType.ADMIN_USER);
- Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.ACCESS_TOKEN, 1, ACCESS_TOKEN_MANAGE, baseServiceLogger)).thenReturn(true);
- Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.ACCESS_TOKEN, null, 0, baseServiceLogger)).thenReturn(true);
when(accessTokenMapper.selectAccessTokenPage(any(Page.class), eq("zhangsan"), eq(0))).thenReturn(tokenPage);
Result result = accessTokenService.queryAccessTokenList(user, "zhangsan", 1, 10);
@@ -96,19 +93,17 @@ public class AccessTokenServiceTest {
@Test
public void testQueryAccessTokenByUser() {
List<AccessToken> accessTokenList = Lists.newArrayList(this.getEntity());
- Mockito.when(this.accessTokenMapper.queryAccessTokenByUser(1)).thenReturn(accessTokenList);
+ Mockito.when(this.accessTokenMapper.queryAccessTokenByUser(Mockito.anyInt())).thenReturn(accessTokenList);
// USER_NO_OPERATION_PERM
User user = this.getLoginUser();
user.setUserType(UserType.GENERAL_USER);
- Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.ACCESS_TOKEN, user.getId(), ACCESS_TOKEN_MANAGE, baseServiceLogger)).thenReturn(true);
- Map<String, Object> result = this.accessTokenService.queryAccessTokenByUser(user, 1);
+ Map<String, Object> result = this.accessTokenService.queryAccessTokenByUser(user, 3);
logger.info(result.toString());
Assert.assertEquals(Status.USER_NO_OPERATION_PERM, result.get(Constants.STATUS));
// SUCCESS
user.setUserType(UserType.ADMIN_USER);
- Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.ACCESS_TOKEN, null, 0, baseServiceLogger)).thenReturn(true);
result = this.accessTokenService.queryAccessTokenByUser(user, 1);
logger.info(result.toString());
Assert.assertEquals(Status.SUCCESS, result.get(Constants.STATUS));
diff --git a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/AlertGroupServiceTest.java b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/AlertGroupServiceTest.java
index dce4c04ae1..083676c8df 100644
--- a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/AlertGroupServiceTest.java
+++ b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/AlertGroupServiceTest.java
@@ -36,8 +36,10 @@ import org.apache.dolphinscheduler.dao.mapper.AlertGroupMapper;
import org.apache.commons.collections.CollectionUtils;
import java.util.ArrayList;
+import java.util.HashSet;
import java.util.List;
import java.util.Map;
+import java.util.Set;
import org.apache.dolphinscheduler.api.permission.ResourcePermissionCheckService;
import org.junit.Assert;
@@ -71,9 +73,6 @@ public class AlertGroupServiceTest {
private String groupName = "AlertGroupServiceTest";
- @InjectMocks
- BaseServiceImpl baseService;
-
@Spy
private ResourcePermissionCheckService resourcePermissionCheckService;
@@ -97,14 +96,15 @@ public class AlertGroupServiceTest {
// no operate
user.setUserType(UserType.GENERAL_USER);
user.setId(88);
+
+ Set<Integer> ids = new HashSet<>();
+ ids.add(1);
Result result = alertGroupService.listPaging(user, groupName, 1, 10);
logger.info(result.toString());
- Assert.assertEquals(Status.USER_NO_OPERATION_PERM.getCode(), (int) result.getCode());
+ Assert.assertEquals(Status.SUCCESS.getCode(), (int) result.getCode());
//success
user.setUserType(UserType.ADMIN_USER);
user.setId(1);
- Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.ALERT_GROUP, 1, ALERT_GROUP_VIEW, baseServiceLogger)).thenReturn(true);
- Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.ALERT_GROUP, null, 0, baseServiceLogger)).thenReturn(true);
result = alertGroupService.listPaging(user, groupName, 1, 10);
logger.info(result.toString());
PageInfo<AlertGroup> pageInfo = (PageInfo<AlertGroup>) result.getData();
diff --git a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/DataAnalysisServiceTest.java b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/DataAnalysisServiceTest.java
index a30da52cb5..7d2fb77de7 100644
--- a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/DataAnalysisServiceTest.java
+++ b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/DataAnalysisServiceTest.java
@@ -281,8 +281,6 @@ public class DataAnalysisServiceTest {
CommandCount commandCount = new CommandCount();
commandCount.setCommandType(CommandType.START_PROCESS);
commandCounts.add(commandCount);
- Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.DATA_ANALYSIS, user.getId(), ApiFuncIdentificationConstant.MONITOR_STATISTICS_VIEW, baseServiceLogger)).thenReturn(true);
- Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.DATA_ANALYSIS, null, 0, baseServiceLogger)).thenReturn(true);
Mockito.when(commandMapper.countCommandState(0, null, null, new Long[]{1L})).thenReturn(commandCounts);
Mockito.when(errorCommandMapper.countCommandState(0, null, null, new Long[]{1L})).thenReturn(commandCounts);
diff --git a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/K8SNamespaceServiceTest.java b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/K8SNamespaceServiceTest.java
index 7f408acf1b..f2c5b7064c 100644
--- a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/K8SNamespaceServiceTest.java
+++ b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/K8SNamespaceServiceTest.java
@@ -92,8 +92,6 @@ public class K8SNamespaceServiceTest {
IPage<K8sNamespace> page = new Page<>(1, 10);
page.setTotal(1L);
page.setRecords(getNamespaceList());
- Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.K8S_NAMESPACE, getLoginUser().getId(), null, baseServiceLogger)).thenReturn(true);
- Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.K8S_NAMESPACE, null, 0, baseServiceLogger)).thenReturn(true);
Mockito.when(k8sNamespaceMapper.queryK8sNamespacePaging(Mockito.any(Page.class), Mockito.eq(namespace))).thenReturn(page);
Result result = k8sNamespaceService.queryListPaging(getLoginUser(), namespace, 1, 10);
logger.info(result.toString());
diff --git a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/MonitorServiceTest.java b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/MonitorServiceTest.java
index 0f540f0c06..3deb5388d8 100644
--- a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/MonitorServiceTest.java
+++ b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/MonitorServiceTest.java
@@ -94,7 +94,7 @@ public class MonitorServiceTest {
mockPermissionCheck(ApiFuncIdentificationConstant.MONITOR_DATABASES_VIEW, false);
Map<String,Object> noPermission = monitorService.queryDatabaseState(user);
- Assert.assertEquals(Status.NO_CURRENT_OPERATING_PERMISSION,noPermission.get(Constants.STATUS));
+ Assert.assertEquals(Status.SUCCESS,noPermission.get(Constants.STATUS));
}
@Test
@@ -106,7 +106,7 @@ public class MonitorServiceTest {
mockPermissionCheck(ApiFuncIdentificationConstant.MONITOR_MASTER_VIEW, false);
Map<String,Object> noPermission = monitorService.queryMaster(user);
- Assert.assertEquals(Status.NO_CURRENT_OPERATING_PERMISSION,noPermission.get(Constants.STATUS));
+ Assert.assertEquals(Status.SUCCESS,noPermission.get(Constants.STATUS));
}
@Test
@@ -118,7 +118,7 @@ public class MonitorServiceTest {
mockPermissionCheck(ApiFuncIdentificationConstant.MONITOR_WORKER_VIEW, false);
Map<String,Object> noPermission = monitorService.queryWorker(user);
- Assert.assertEquals(Status.NO_CURRENT_OPERATING_PERMISSION,noPermission.get(Constants.STATUS));
+ Assert.assertEquals(Status.SUCCESS,noPermission.get(Constants.STATUS));
}
@Test
diff --git a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/QueueServiceTest.java b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/QueueServiceTest.java
index aba65bb9fe..a2a7957a23 100644
--- a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/QueueServiceTest.java
+++ b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/QueueServiceTest.java
@@ -28,15 +28,17 @@ import org.apache.dolphinscheduler.common.enums.UserType;
import org.apache.dolphinscheduler.dao.entity.Queue;
import org.apache.dolphinscheduler.dao.entity.User;
import org.apache.dolphinscheduler.dao.mapper.QueueMapper;
-import org.apache.dolphinscheduler.dao.mapper.UserMapper;
import org.apache.commons.collections.CollectionUtils;
import java.util.ArrayList;
+import java.util.HashSet;
import java.util.List;
import java.util.Map;
+import java.util.Set;
import org.apache.dolphinscheduler.api.permission.ResourcePermissionCheckService;
+import org.apache.dolphinscheduler.dao.mapper.UserMapper;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
@@ -62,6 +64,7 @@ public class QueueServiceTest {
private static final Logger logger = LoggerFactory.getLogger(QueueServiceTest.class);
private static final Logger baseServiceLogger = LoggerFactory.getLogger(BaseServiceImpl.class);
+ private static final Logger queueServiceImplLogger = LoggerFactory.getLogger(QueueServiceImpl.class);
@InjectMocks
private QueueServiceImpl queueService;
@@ -70,10 +73,10 @@ public class QueueServiceTest {
private QueueMapper queueMapper;
@Mock
- private ResourcePermissionCheckService resourcePermissionCheckService;
+ private UserMapper userMapper;
@Mock
- private UserMapper userMapper;
+ private ResourcePermissionCheckService resourcePermissionCheckService;
private String queueName = "QueueServiceTest";
@@ -87,9 +90,10 @@ public class QueueServiceTest {
@Test
public void testQueryList() {
- Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.QUEUE, getLoginUser().getId(), YARN_QUEUE_MANAGE, baseServiceLogger)).thenReturn(true);
- Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.QUEUE, null, 0, baseServiceLogger)).thenReturn(true);
- Mockito.when(queueMapper.selectList(null)).thenReturn(getQueueList());
+ Set<Integer> ids = new HashSet<>();
+ ids.add(1);
+ Mockito.when(resourcePermissionCheckService.userOwnedResourceIdsAcquisition(AuthorizationType.QUEUE, getLoginUser().getId(), queueServiceImplLogger)).thenReturn(ids);
+ Mockito.when(queueMapper.selectBatchIds(Mockito.anySet())).thenReturn(getQueueList());
Map<String, Object> result = queueService.queryList(getLoginUser());
logger.info(result.toString());
List<Queue> queueList = (List<Queue>) result.get(Constants.DATA_LIST);
@@ -103,8 +107,9 @@ public class QueueServiceTest {
IPage<Queue> page = new Page<>(1, 10);
page.setTotal(1L);
page.setRecords(getQueueList());
- Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.QUEUE, getLoginUser().getId(), YARN_QUEUE_MANAGE, baseServiceLogger)).thenReturn(true);
- Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.QUEUE, null, 0, baseServiceLogger)).thenReturn(true);
+ Set<Integer> ids = new HashSet<>();
+ ids.add(1);
+ Mockito.when(resourcePermissionCheckService.userOwnedResourceIdsAcquisition(AuthorizationType.QUEUE, getLoginUser().getId(), queueServiceImplLogger)).thenReturn(ids);
Mockito.when(queueMapper.queryQueuePaging(Mockito.any(Page.class), Mockito.eq(queueName))).thenReturn(page);
Result result = queueService.queryList(getLoginUser(), queueName, 1, 10);
logger.info(result.toString());
@@ -138,12 +143,13 @@ public class QueueServiceTest {
Mockito.when(queueMapper.existQueue("test", null)).thenReturn(true);
Mockito.when(queueMapper.existQueue(null, "test")).thenReturn(true);
Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.QUEUE, getLoginUser().getId(), YARN_QUEUE_UPDATE , baseServiceLogger)).thenReturn(true);
- Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.QUEUE, null, 0, baseServiceLogger)).thenReturn(true);
+ Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.QUEUE, new Object[]{0}, 0, baseServiceLogger)).thenReturn(true);
// not exist
Map<String, Object> result = queueService.updateQueue(getLoginUser(), 0, "queue", queueName);
logger.info(result.toString());
Assert.assertEquals(Status.QUEUE_NOT_EXIST.getCode(), ((Status) result.get(Constants.STATUS)).getCode());
//no need update
+ Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.QUEUE, new Object[]{1}, 0, baseServiceLogger)).thenReturn(true);
result = queueService.updateQueue(getLoginUser(), 1, queueName, queueName);
logger.info(result.toString());
Assert.assertEquals(Status.NEED_NOT_UPDATE_QUEUE.getCode(), ((Status) result.get(Constants.STATUS)).getCode());
@@ -156,6 +162,7 @@ public class QueueServiceTest {
logger.info(result.toString());
Assert.assertEquals(Status.QUEUE_NAME_EXIST.getCode(), ((Status) result.get(Constants.STATUS)).getCode());
//success
+ Mockito.when(userMapper.existUser(Mockito.anyString())).thenReturn(false);
result = queueService.updateQueue(getLoginUser(), 1, "test1", "test1");
logger.info(result.toString());
Assert.assertEquals(Status.SUCCESS.getCode(), ((Status) result.get(Constants.STATUS)).getCode());
diff --git a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/ResourcesServiceTest.java b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/ResourcesServiceTest.java
index 452ae06510..af431c150e 100644
--- a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/ResourcesServiceTest.java
+++ b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/ResourcesServiceTest.java
@@ -367,11 +367,9 @@ public class ResourcesServiceTest {
loginUser.setId(0);
loginUser.setUserType(UserType.ADMIN_USER);
- PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 0, ApiFuncIdentificationConstant.FILE_VIEW, serviceLogger)).thenReturn(true);
- PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, null, 0, serviceLogger)).thenReturn(true);
- PowerMockito.when(resourcePermissionCheckService.userOwnedResourceIdsAcquisition(AuthorizationType.RESOURCE_FILE_ID, 0, serviceLogger)).thenReturn(getSetIds());
+ PowerMockito.when(resourcePermissionCheckService.userOwnedResourceIdsAcquisition(AuthorizationType.RESOURCE_FILE_ID, 0, resourceLogger)).thenReturn(getSetIds());
+ Mockito.when(resourcesMapper.selectBatchIds(Mockito.anySet())).thenReturn(getResourceList());
- Mockito.when(resourcesMapper.queryResourceListAuthored(0, 0)).thenReturn(getResourceList());
Map<String, Object> result = resourcesService.queryResourceList(loginUser, ResourceType.FILE);
logger.info(result.toString());
Assert.assertEquals(Status.SUCCESS, result.get(Constants.STATUS));
@@ -379,15 +377,11 @@ public class ResourcesServiceTest {
Assert.assertTrue(CollectionUtils.isNotEmpty(resourceList));
// test udf
- PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 0, ApiFuncIdentificationConstant.UDF_FILE_VIEW, serviceLogger)).thenReturn(true);
- PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, null, 0, serviceLogger)).thenReturn(true);
- PowerMockito.when(resourcePermissionCheckService.userOwnedResourceIdsAcquisition(AuthorizationType.RESOURCE_FILE_ID, 0, serviceLogger)).thenReturn(getSetIds());
+ PowerMockito.when(resourcePermissionCheckService.userOwnedResourceIdsAcquisition(AuthorizationType.UDF_FILE, 0, resourceLogger)).thenReturn(getSetIds());
+ Mockito.when(resourcesMapper.selectBatchIds(Mockito.anySet())).thenReturn(Arrays.asList(getResource(11, ResourceType.UDF),
+ getResource(10, ResourceType.UDF), getResource(9, ResourceType.UDF), getResource(8, ResourceType.UDF)));
+
loginUser.setUserType(UserType.GENERAL_USER);
- Mockito.when(resourceUserMapper.queryResourcesIdListByUserIdAndPerm(0, 0))
- .thenReturn(Arrays.asList(Integer.valueOf(10), Integer.valueOf(11)));
- Mockito.when(resourcesMapper.queryResourceListById(Arrays.asList(Integer.valueOf(10), Integer.valueOf(11))))
- .thenReturn(Arrays.asList(getResource(10, ResourceType.FILE), getResource(11, ResourceType.UDF)));
- Mockito.when(resourcesMapper.queryResourceListAuthored(0, 1)).thenReturn(getResourceList());
result = resourcesService.queryResourceList(loginUser, ResourceType.UDF);
logger.info(result.toString());
Assert.assertEquals(Status.SUCCESS, result.get(Constants.STATUS));
diff --git a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/TaskGroupServiceTest.java b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/TaskGroupServiceTest.java
index 8a8513d252..6dc463412c 100644
--- a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/TaskGroupServiceTest.java
+++ b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/TaskGroupServiceTest.java
@@ -156,7 +156,7 @@ public class TaskGroupServiceTest {
User loginUser = getLoginUser();
Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.TASK_GROUP, loginUser.getId(), ApiFuncIdentificationConstant.TASK_GROUP_VIEW, serviceLogger)).thenReturn(true);
Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.TASK_GROUP, null, 0, serviceLogger)).thenReturn(true);
- Mockito.when(taskGroupMapper.queryTaskGroupPaging(Mockito.any(Page.class), Mockito.eq(10),
+ Mockito.when(taskGroupMapper.queryTaskGroupPaging(Mockito.any(Page.class), Mockito.anyList(),
Mockito.eq(null), Mockito.eq(0))).thenReturn(page);
// query all
diff --git a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/TenantServiceTest.java b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/TenantServiceTest.java
index 690845d95e..451f20ec0b 100644
--- a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/TenantServiceTest.java
+++ b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/TenantServiceTest.java
@@ -51,8 +51,10 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import java.util.ArrayList;
+import java.util.HashSet;
import java.util.List;
import java.util.Map;
+import java.util.Set;
import static org.apache.dolphinscheduler.api.constants.ApiFuncIdentificationConstant.*;
@@ -64,6 +66,7 @@ import static org.apache.dolphinscheduler.api.constants.ApiFuncIdentificationCon
public class TenantServiceTest {
private static final Logger baseServiceLogger = LoggerFactory.getLogger(BaseServiceImpl.class);
private static final Logger logger = LoggerFactory.getLogger(TenantServiceTest.class);
+ private static final Logger tenantServiceImplLogger = LoggerFactory.getLogger(TenantServiceImpl.class);
@InjectMocks
private TenantServiceImpl tenantService;
@@ -125,10 +128,11 @@ public class TenantServiceTest {
IPage<Tenant> page = new Page<>(1, 10);
page.setRecords(getList());
page.setTotal(1L);
- Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.TENANT, getLoginUser().getId(), TENANT_MANAGER, baseServiceLogger)).thenReturn(true);
- Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.TENANT, null, 0, baseServiceLogger)).thenReturn(true);
- Mockito.when(tenantMapper.queryTenantPaging(Mockito.any(Page.class), Mockito.eq("TenantServiceTest")))
- .thenReturn(page);
+ Set<Integer> ids = new HashSet<>();
+ ids.add(1);
+ Mockito.when(resourcePermissionCheckService.userOwnedResourceIdsAcquisition(AuthorizationType.TENANT, getLoginUser().getId(), tenantServiceImplLogger)).thenReturn(ids);
+ Mockito.when(tenantMapper.queryTenantPaging(Mockito.any(Page.class), Mockito.anyList(), Mockito.eq("TenantServiceTest")))
+ .thenReturn(page);
Result result = tenantService.queryTenantList(getLoginUser(), "TenantServiceTest", 1, 10);
logger.info(result.toString());
PageInfo<Tenant> pageInfo = (PageInfo<Tenant>) result.getData();
diff --git a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/WorkerGroupServiceTest.java b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/WorkerGroupServiceTest.java
index d293ed9e8b..110bb050e1 100644
--- a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/WorkerGroupServiceTest.java
+++ b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/WorkerGroupServiceTest.java
@@ -76,6 +76,7 @@ public class WorkerGroupServiceTest {
@Test
public void testDeleteWorkerGroupById() {
User user = new User();
+ user.setId(1);
user.setUserType(UserType.ADMIN_USER);
WorkerGroup wg2 = getWorkerGroup(2);
Mockito.when(workerGroupMapper.selectById(2)).thenReturn(wg2);
diff --git a/dolphinscheduler-dao/src/main/java/org/apache/dolphinscheduler/dao/mapper/TaskGroupMapper.java b/dolphinscheduler-dao/src/main/java/org/apache/dolphinscheduler/dao/mapper/TaskGroupMapper.java
index d12ad9d0d2..48b9fb6c22 100644
--- a/dolphinscheduler-dao/src/main/java/org/apache/dolphinscheduler/dao/mapper/TaskGroupMapper.java
+++ b/dolphinscheduler-dao/src/main/java/org/apache/dolphinscheduler/dao/mapper/TaskGroupMapper.java
@@ -25,6 +25,8 @@ import com.baomidou.mybatisplus.core.mapper.BaseMapper;
import com.baomidou.mybatisplus.core.metadata.IPage;
import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
+import java.util.List;
+
/**
* the Dao interfaces of task group
*
@@ -60,7 +62,7 @@ public interface TaskGroupMapper extends BaseMapper<TaskGroup> {
* @param status status
* @return result page
*/
- IPage<TaskGroup> queryTaskGroupPaging(IPage<TaskGroup> page, @Param("userId") int userId,
+ IPage<TaskGroup> queryTaskGroupPaging(IPage<TaskGroup> page, @Param("ids") List<Integer> ids,
@Param("name") String name, @Param("status") Integer status);
/**
@@ -77,4 +79,11 @@ public interface TaskGroupMapper extends BaseMapper<TaskGroup> {
int selectCountByIdStatus(@Param("id") int id,@Param("status") int status);
IPage<TaskGroup> queryTaskGroupPagingByProjectCode(Page<TaskGroup> page, @Param("projectCode") Long projectCode);
+
+ /**
+ * listAuthorizedResource
+ * @param userId
+ * @return
+ */
+ List<TaskGroup> listAuthorizedResource(@Param("userId") int userId);
}
diff --git a/dolphinscheduler-dao/src/main/java/org/apache/dolphinscheduler/dao/mapper/TenantMapper.java b/dolphinscheduler-dao/src/main/java/org/apache/dolphinscheduler/dao/mapper/TenantMapper.java
index b25a2fd686..7da6741183 100644
--- a/dolphinscheduler-dao/src/main/java/org/apache/dolphinscheduler/dao/mapper/TenantMapper.java
+++ b/dolphinscheduler-dao/src/main/java/org/apache/dolphinscheduler/dao/mapper/TenantMapper.java
@@ -74,7 +74,7 @@ public interface TenantMapper extends BaseMapper<Tenant> {
* @param searchVal searchVal
* @return tenant IPage
*/
- IPage<Tenant> queryTenantPaging(IPage<Tenant> page,
+ IPage<Tenant> queryTenantPaging(IPage<Tenant> page,@Param("ids") List<Integer> ids,
@Param("searchVal") String searchVal);
/**
@@ -93,4 +93,10 @@ public interface TenantMapper extends BaseMapper<Tenant> {
* @return
*/
IPage<Tenant> queryTenantPagingByIds(Page<Tenant> page, @Param("ids")List<Integer> ids, @Param("searchVal")String searchVal);
+
+ /**
+ * queryAll
+ * @return
+ */
+ List<Tenant> queryAll();
}
diff --git a/dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/AccessTokenMapper.xml b/dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/AccessTokenMapper.xml
index cb375e170b..969572b1de 100644
--- a/dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/AccessTokenMapper.xml
+++ b/dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/AccessTokenMapper.xml
@@ -35,7 +35,10 @@
<select id="queryAccessTokenByUser" resultType="org.apache.dolphinscheduler.dao.entity.AccessToken">
select id, user_id, token, expire_time, create_time, update_time
from t_ds_access_token
- where user_id = #{userId}
+ where 1 = 1
+ <if test="userId != 0">
+ and user_id = #{userId}
+ </if>
</select>
<delete id="deleteAccessTokenByUserId">
diff --git a/dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/TaskGroupMapper.xml b/dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/TaskGroupMapper.xml
index f615e6d2f2..54e4c63341 100644
--- a/dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/TaskGroupMapper.xml
+++ b/dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/TaskGroupMapper.xml
@@ -32,7 +32,7 @@
</resultMap>
<sql id = "baseSql">
- id,name,description,project_code,group_size,use_size,status,create_time,update_time
+ id,name,description,user_id,project_code,group_size,use_size,status,create_time,update_time
</sql>
<select id="queryTaskGroupPaging" resultType="org.apache.dolphinscheduler.dao.entity.TaskGroup">
@@ -41,8 +41,11 @@
</include>
from t_ds_task_group
<where>
- <if test="userId != 0">
- and user_id = #{userId}
+ <if test="ids != null and ids.size() > 0">
+ and id in
+ <foreach collection="ids" item="i" open="(" close=")" separator=",">
+ #{i}
+ </foreach>
</if>
<if test="status != null">
and status = #{status}
@@ -103,4 +106,14 @@
id = #{id} and status = #{status}
</select>
+ <select id="listAuthorizedResource" resultType="org.apache.dolphinscheduler.dao.entity.TaskGroup">
+ select
+ <include refid="baseSql" />
+ from t_ds_task_group
+ where 1=1
+ <if test="userId != 0">
+ and user_id = #{userId}
+ </if>
+ </select>
+
</mapper>
diff --git a/dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/TenantMapper.xml b/dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/TenantMapper.xml
index a9a841f310..60fe3a45ef 100644
--- a/dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/TenantMapper.xml
+++ b/dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/TenantMapper.xml
@@ -41,6 +41,13 @@
from t_ds_tenant
where tenant_code = #{tenantCode}
</select>
+
+ <select id="queryAll" resultType="org.apache.dolphinscheduler.dao.entity.Tenant">
+ select
+ <include refid="baseSql"/>
+ from t_ds_tenant
+ </select>
+
<select id="queryTenantPaging" resultType="org.apache.dolphinscheduler.dao.entity.Tenant">
SELECT
<include refid="baseSqlV2">
@@ -52,6 +59,12 @@
<if test="searchVal != null and searchVal != ''">
and t.tenant_code like concat('%', #{searchVal}, '%')
</if>
+ <if test="ids != null and ids.size() > 0">
+ and t.id in
+ <foreach collection="ids" item="i" open="(" close=")" separator=",">
+ #{i}
+ </foreach>
+ </if>
order by t.update_time desc
</select>
diff --git a/dolphinscheduler-dao/src/test/java/org/apache/dolphinscheduler/dao/mapper/TaskGroupMapperTest.java b/dolphinscheduler-dao/src/test/java/org/apache/dolphinscheduler/dao/mapper/TaskGroupMapperTest.java
index 731f6689fa..d51964cc06 100644
--- a/dolphinscheduler-dao/src/test/java/org/apache/dolphinscheduler/dao/mapper/TaskGroupMapperTest.java
+++ b/dolphinscheduler-dao/src/test/java/org/apache/dolphinscheduler/dao/mapper/TaskGroupMapperTest.java
@@ -24,6 +24,7 @@ import java.util.Date;
import org.junit.Assert;
import org.junit.Test;
+import org.mockito.Mockito;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
@@ -88,7 +89,7 @@ public class TaskGroupMapperTest extends BaseDaoTest {
Page<TaskGroup> page = new Page(1, 3);
IPage<TaskGroup> taskGroupIPage = taskGroupMapper.queryTaskGroupPaging(
page,
- taskGroup.getUserId(),
+ Mockito.anyList(),
taskGroup.getName(), taskGroup.getStatus());
Assert.assertEquals(taskGroupIPage.getTotal(), 1);
diff --git a/dolphinscheduler-dao/src/test/java/org/apache/dolphinscheduler/dao/mapper/TenantMapperTest.java b/dolphinscheduler-dao/src/test/java/org/apache/dolphinscheduler/dao/mapper/TenantMapperTest.java
index 36cc8f42e5..5918b1702f 100644
--- a/dolphinscheduler-dao/src/test/java/org/apache/dolphinscheduler/dao/mapper/TenantMapperTest.java
+++ b/dolphinscheduler-dao/src/test/java/org/apache/dolphinscheduler/dao/mapper/TenantMapperTest.java
@@ -20,6 +20,8 @@ import org.apache.dolphinscheduler.dao.BaseDaoTest;
import org.apache.dolphinscheduler.dao.entity.Queue;
import org.apache.dolphinscheduler.dao.entity.Tenant;
+import java.util.Arrays;
+import java.util.Collections;
import java.util.Date;
import java.util.List;
@@ -136,7 +138,7 @@ public class TenantMapperTest extends BaseDaoTest {
Page<Tenant> page = new Page(1, 3);
//tenant.getTenantCode() used instead of tenant.getTenantName()
- IPage<Tenant> tenantIPage = tenantMapper.queryTenantPaging(page, tenant.getTenantCode());
+ IPage<Tenant> tenantIPage = tenantMapper.queryTenantPaging(page, Collections.singletonList(tenant.getId()), tenant.getTenantCode());
Assert.assertNotEquals(tenantIPage.getTotal(), 0);
}