You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@inlong.apache.org by do...@apache.org on 2023/04/13 02:45:51 UTC
[inlong] branch master updated: [INLONG-7835][Manager] The permission is removed when a user is deleted (#7836)
This is an automated email from the ASF dual-hosted git repository.
dockerzhang pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/inlong.git
The following commit(s) were added to refs/heads/master by this push:
new 5ad8701e9 [INLONG-7835][Manager] The permission is removed when a user is deleted (#7836)
5ad8701e9 is described below
commit 5ad8701e94e104f86df0b51be9da6c3300de911a
Author: fuweng11 <76...@users.noreply.github.com>
AuthorDate: Thu Apr 13 10:45:44 2023 +0800
[INLONG-7835][Manager] The permission is removed when a user is deleted (#7836)
---
.../mappers/InlongClusterTagEntityMapper.xml | 5 +
.../pojo/cluster/ClusterTagPageRequest.java | 3 +
.../inlong/manager/pojo/user/UserRequest.java | 10 +-
.../manager/service/user/UserServiceImpl.java | 146 +++++++++++++++++++++
.../manager/web/controller/AnnoController.java | 3 +
.../web/controller/InlongClusterController.java | 1 +
6 files changed, 163 insertions(+), 5 deletions(-)
diff --git a/inlong-manager/manager-dao/src/main/resources/mappers/InlongClusterTagEntityMapper.xml b/inlong-manager/manager-dao/src/main/resources/mappers/InlongClusterTagEntityMapper.xml
index 705432338..45ba9be61 100644
--- a/inlong-manager/manager-dao/src/main/resources/mappers/InlongClusterTagEntityMapper.xml
+++ b/inlong-manager/manager-dao/src/main/resources/mappers/InlongClusterTagEntityMapper.xml
@@ -70,6 +70,11 @@
from inlong_cluster_tag
<where>
is_deleted = 0
+ <if test="isAdminRole == false">
+ and (
+ creator = #{currentUser, jdbcType=VARCHAR} or find_in_set(#{currentUser, jdbcType=VARCHAR}, in_charges)
+ )
+ </if>
<if test="keyword != null and keyword != ''">
and cluster_tag like CONCAT('%', #{keyword}, '%')
</if>
diff --git a/inlong-manager/manager-pojo/src/main/java/org/apache/inlong/manager/pojo/cluster/ClusterTagPageRequest.java b/inlong-manager/manager-pojo/src/main/java/org/apache/inlong/manager/pojo/cluster/ClusterTagPageRequest.java
index 4bc9ec453..379426714 100644
--- a/inlong-manager/manager-pojo/src/main/java/org/apache/inlong/manager/pojo/cluster/ClusterTagPageRequest.java
+++ b/inlong-manager/manager-pojo/src/main/java/org/apache/inlong/manager/pojo/cluster/ClusterTagPageRequest.java
@@ -46,4 +46,7 @@ public class ClusterTagPageRequest extends PageRequest {
@ApiModelProperty(value = "Current user", hidden = true)
private String currentUser;
+ @ApiModelProperty(value = "Whether the current user is in the administrator role", hidden = true)
+ private Boolean isAdminRole;
+
}
diff --git a/inlong-manager/manager-pojo/src/main/java/org/apache/inlong/manager/pojo/user/UserRequest.java b/inlong-manager/manager-pojo/src/main/java/org/apache/inlong/manager/pojo/user/UserRequest.java
index 7aadfca45..3488f7d5f 100644
--- a/inlong-manager/manager-pojo/src/main/java/org/apache/inlong/manager/pojo/user/UserRequest.java
+++ b/inlong-manager/manager-pojo/src/main/java/org/apache/inlong/manager/pojo/user/UserRequest.java
@@ -24,6 +24,7 @@ import lombok.Builder;
import lombok.Data;
import lombok.EqualsAndHashCode;
import lombok.NoArgsConstructor;
+import org.apache.inlong.manager.common.validation.UpdateValidation;
import org.apache.inlong.manager.pojo.common.PageRequest;
import org.apache.inlong.manager.common.enums.UserTypeEnum;
import org.apache.inlong.manager.common.validation.InEnumInt;
@@ -61,19 +62,19 @@ public class UserRequest extends PageRequest {
private String password;
@ApiModelProperty(value = "New password, is required if needs updated")
- @Length(min = 6, max = 64, message = "length must be between 6 and 64")
+ @Length(groups = UpdateValidation.class, min = 6, max = 64, message = "length must be between 6 and 64")
private String newPassword;
@ApiModelProperty("Secret key")
- @Length(min = 1, max = 256, message = "length must be between 1 and 256")
+ @Length(groups = UpdateValidation.class, min = 1, max = 256, message = "length must be between 1 and 256")
private String secretKey;
@ApiModelProperty("Public key")
- @Length(min = 1, max = 163840, message = "length must be between 1 and 163840")
+ @Length(groups = UpdateValidation.class, min = 1, max = 163840, message = "length must be between 1 and 163840")
private String publicKey;
@ApiModelProperty("Private key")
- @Length(min = 1, max = 163840, message = "length must be between 1 and 163840")
+ @Length(groups = UpdateValidation.class, min = 1, max = 163840, message = "length must be between 1 and 163840")
private String privateKey;
@ApiModelProperty("Encryption key version")
@@ -94,7 +95,6 @@ public class UserRequest extends PageRequest {
private Integer version;
@ApiModelProperty(value = "Extension json info")
- @Length(min = 1, max = 163840, message = "length must be between 1 and 163840")
private String extParams;
}
diff --git a/inlong-manager/manager-service/src/main/java/org/apache/inlong/manager/service/user/UserServiceImpl.java b/inlong-manager/manager-service/src/main/java/org/apache/inlong/manager/service/user/UserServiceImpl.java
index 152073d7d..43899750d 100644
--- a/inlong-manager/manager-service/src/main/java/org/apache/inlong/manager/service/user/UserServiceImpl.java
+++ b/inlong-manager/manager-service/src/main/java/org/apache/inlong/manager/service/user/UserServiceImpl.java
@@ -19,6 +19,8 @@ package org.apache.inlong.manager.service.user;
import com.github.pagehelper.Page;
import com.github.pagehelper.PageHelper;
+import com.google.common.base.Joiner;
+import com.google.common.collect.Sets;
import org.apache.commons.lang3.RandomStringUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.inlong.manager.common.consts.InlongConstants;
@@ -31,9 +33,24 @@ import org.apache.inlong.manager.common.util.DateUtils;
import org.apache.inlong.manager.common.util.Preconditions;
import org.apache.inlong.manager.common.util.RSAUtils;
import org.apache.inlong.manager.common.util.SHAUtils;
+import org.apache.inlong.manager.dao.entity.DataNodeEntity;
+import org.apache.inlong.manager.dao.entity.InlongClusterEntity;
+import org.apache.inlong.manager.dao.entity.InlongClusterTagEntity;
+import org.apache.inlong.manager.dao.entity.InlongConsumeEntity;
+import org.apache.inlong.manager.dao.entity.InlongGroupEntity;
import org.apache.inlong.manager.dao.entity.UserEntity;
+import org.apache.inlong.manager.dao.mapper.DataNodeEntityMapper;
+import org.apache.inlong.manager.dao.mapper.InlongClusterEntityMapper;
+import org.apache.inlong.manager.dao.mapper.InlongClusterTagEntityMapper;
+import org.apache.inlong.manager.dao.mapper.InlongConsumeEntityMapper;
+import org.apache.inlong.manager.dao.mapper.InlongGroupEntityMapper;
import org.apache.inlong.manager.dao.mapper.UserEntityMapper;
+import org.apache.inlong.manager.pojo.cluster.ClusterPageRequest;
+import org.apache.inlong.manager.pojo.cluster.ClusterTagPageRequest;
import org.apache.inlong.manager.pojo.common.PageResult;
+import org.apache.inlong.manager.pojo.consume.InlongConsumePageRequest;
+import org.apache.inlong.manager.pojo.group.InlongGroupPageRequest;
+import org.apache.inlong.manager.pojo.node.DataNodePageRequest;
import org.apache.inlong.manager.pojo.user.UserInfo;
import org.apache.inlong.manager.pojo.user.UserLoginLockStatus;
import org.apache.inlong.manager.pojo.user.UserLoginRequest;
@@ -54,6 +71,7 @@ import java.util.Date;
import java.util.List;
import java.util.Map;
import java.util.Objects;
+import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
/**
@@ -76,6 +94,16 @@ public class UserServiceImpl implements UserService {
@Autowired
private UserEntityMapper userMapper;
+ @Autowired
+ private InlongGroupEntityMapper groupMapper;
+ @Autowired
+ private InlongClusterEntityMapper clusterMapper;
+ @Autowired
+ private InlongClusterTagEntityMapper clusterTagMapper;
+ @Autowired
+ private DataNodeEntityMapper dataNodeMapper;
+ @Autowired
+ private InlongConsumeEntityMapper consumeMapper;
@Override
public Integer save(UserRequest request, String currentUser) {
@@ -256,6 +284,12 @@ public class UserServiceImpl implements UserService {
"Current user is not a manager and does not have permission to delete users");
Preconditions.expectTrue(!Objects.equals(entity.getName(), currentUser),
"Current user does not have permission to delete himself");
+ String userName = entity.getName();
+ removeInChargeForGroup(userName, currentUser);
+ removeInChargeForCluster(userName, currentUser);
+ removeInChargeForClusterTag(userName, currentUser);
+ removeInChargeForDataNode(userName, currentUser);
+ removeInChargeForConsume(userName, currentUser);
userMapper.deleteById(userId);
LOGGER.debug("success to delete user by id={}, current user={}", userId, currentUser);
@@ -314,4 +348,116 @@ public class UserServiceImpl implements UserService {
errMsg);
}
+ public void removeInChargeForGroup(String user, String operator) {
+ InlongGroupPageRequest pageRequest = new InlongGroupPageRequest();
+ pageRequest.setCurrentUser(user);
+ pageRequest.setIsAdminRole(false);
+ for (InlongGroupEntity groupEntity : groupMapper.selectByCondition(pageRequest)) {
+ if (Objects.equals(groupEntity.getCreator(), user)) {
+ groupEntity.setCreator("admin");
+ }
+ Set<String> inChargeSet = Sets.newHashSet(groupEntity.getInCharges().split(InlongConstants.COMMA));
+ inChargeSet.remove(user);
+ String updateInCharge = Joiner.on(",").join(inChargeSet);
+ groupEntity.setInCharges(updateInCharge);
+ groupEntity.setModifier(operator);
+ int rowCount = groupMapper.updateByIdentifierSelective(groupEntity);
+ if (rowCount != InlongConstants.AFFECTED_ONE_ROW) {
+ throw new BusinessException(ErrorCodeEnum.CONFIG_EXPIRED,
+ String.format("record has already updated with group id=%s, curVersion=%d",
+ groupEntity.getInlongGroupId(), groupEntity.getVersion()));
+ }
+ }
+ }
+
+ public void removeInChargeForCluster(String user, String operator) {
+ ClusterPageRequest pageRequest = new ClusterPageRequest();
+ pageRequest.setCurrentUser(user);
+ pageRequest.setIsAdminRole(false);
+ for (InlongClusterEntity clusterEntity : clusterMapper.selectByCondition(pageRequest)) {
+ if (Objects.equals(clusterEntity.getCreator(), user)) {
+ clusterEntity.setCreator("admin");
+ }
+ Set<String> inChargeSet = Sets.newHashSet(clusterEntity.getInCharges().split(InlongConstants.COMMA));
+ inChargeSet.remove(user);
+ String updateInCharge = Joiner.on(",").join(inChargeSet);
+ clusterEntity.setInCharges(updateInCharge);
+ clusterEntity.setModifier(operator);
+ int rowCount = clusterMapper.updateByIdSelective(clusterEntity);
+ if (rowCount != InlongConstants.AFFECTED_ONE_ROW) {
+ throw new BusinessException(ErrorCodeEnum.CONFIG_EXPIRED,
+ String.format("cluster has already updated with name=%s, type=%s, curVersion=%d",
+ clusterEntity.getName(), clusterEntity.getType(), clusterEntity.getVersion()));
+ }
+ }
+ }
+
+ public void removeInChargeForClusterTag(String user, String operator) {
+ ClusterTagPageRequest pageRequest = new ClusterTagPageRequest();
+ pageRequest.setCurrentUser(user);
+ pageRequest.setIsAdminRole(false);
+ for (InlongClusterTagEntity clusterTagEntity : clusterTagMapper.selectByCondition(pageRequest)) {
+ if (Objects.equals(clusterTagEntity.getCreator(), user)) {
+ clusterTagEntity.setCreator("admin");
+ }
+ Set<String> inChargeSet = Sets.newHashSet(clusterTagEntity.getInCharges().split(InlongConstants.COMMA));
+ inChargeSet.remove(user);
+ String updateInCharge = Joiner.on(",").join(inChargeSet);
+ clusterTagEntity.setInCharges(updateInCharge);
+ clusterTagEntity.setModifier(operator);
+ int rowCount = clusterTagMapper.updateByIdSelective(clusterTagEntity);
+ if (rowCount != InlongConstants.AFFECTED_ONE_ROW) {
+ throw new BusinessException(ErrorCodeEnum.CONFIG_EXPIRED,
+ String.format("cluster tag has already updated with name=%s, curVersion=%s",
+ clusterTagEntity.getClusterTag(), clusterTagEntity.getVersion()));
+ }
+ }
+ }
+
+ public void removeInChargeForDataNode(String user, String operator) {
+ DataNodePageRequest pageRequest = new DataNodePageRequest();
+ pageRequest.setCurrentUser(user);
+ pageRequest.setIsAdminRole(false);
+ for (DataNodeEntity dataNodeEntity : dataNodeMapper.selectByCondition(pageRequest)) {
+ if (Objects.equals(dataNodeEntity.getCreator(), user)) {
+ dataNodeEntity.setCreator("admin");
+ }
+ Set<String> inChargeSet = Sets.newHashSet(dataNodeEntity.getInCharges().split(InlongConstants.COMMA));
+ inChargeSet.remove(user);
+ String updateInCharge = Joiner.on(",").join(inChargeSet);
+ dataNodeEntity.setInCharges(updateInCharge);
+ dataNodeEntity.setModifier(operator);
+ int rowCount = dataNodeMapper.updateByIdSelective(dataNodeEntity);
+ if (rowCount != InlongConstants.AFFECTED_ONE_ROW) {
+ throw new BusinessException(ErrorCodeEnum.CONFIG_EXPIRED,
+ String.format(
+ "failure to update data node with name=%s, type=%s, request version=%d, updated row=%d",
+ dataNodeEntity.getName(), dataNodeEntity.getType(), dataNodeEntity.getVersion(),
+ rowCount));
+ }
+ }
+ }
+
+ public void removeInChargeForConsume(String user, String operator) {
+ InlongConsumePageRequest pageRequest = new InlongConsumePageRequest();
+ pageRequest.setCurrentUser(user);
+ pageRequest.setIsAdminRole(false);
+ for (InlongConsumeEntity consumeEntity : consumeMapper.selectByCondition(pageRequest)) {
+ if (Objects.equals(consumeEntity.getCreator(), user)) {
+ consumeEntity.setCreator("admin");
+ }
+ Set<String> inChargeSet = Sets.newHashSet(consumeEntity.getInCharges().split(InlongConstants.COMMA));
+ inChargeSet.remove(user);
+ String updateInCharge = Joiner.on(",").join(inChargeSet);
+ consumeEntity.setInCharges(updateInCharge);
+ consumeEntity.setModifier(operator);
+ int rowCount = consumeMapper.updateByIdSelective(consumeEntity);
+ if (rowCount != InlongConstants.AFFECTED_ONE_ROW) {
+ LOGGER.error("inlong consume has already updated, id={}, curVersion={}",
+ consumeEntity.getId(), consumeEntity.getVersion());
+ throw new BusinessException(ErrorCodeEnum.CONFIG_EXPIRED);
+ }
+ }
+ }
+
}
diff --git a/inlong-manager/manager-web/src/main/java/org/apache/inlong/manager/web/controller/AnnoController.java b/inlong-manager/manager-web/src/main/java/org/apache/inlong/manager/web/controller/AnnoController.java
index cf0e8c074..0a7469443 100644
--- a/inlong-manager/manager-web/src/main/java/org/apache/inlong/manager/web/controller/AnnoController.java
+++ b/inlong-manager/manager-web/src/main/java/org/apache/inlong/manager/web/controller/AnnoController.java
@@ -22,9 +22,11 @@ import lombok.extern.slf4j.Slf4j;
import org.apache.inlong.manager.pojo.common.Response;
import org.apache.inlong.manager.pojo.user.UserLoginRequest;
import org.apache.inlong.manager.pojo.user.UserRequest;
+import org.apache.inlong.manager.pojo.user.UserRoleCode;
import org.apache.inlong.manager.service.user.LoginUserUtils;
import org.apache.inlong.manager.service.user.UserService;
import org.apache.shiro.SecurityUtils;
+import org.apache.shiro.authz.annotation.RequiresRoles;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.validation.annotation.Validated;
import org.springframework.web.bind.annotation.GetMapping;
@@ -52,6 +54,7 @@ public class AnnoController {
}
@PostMapping("/anno/register")
+ @RequiresRoles(value = UserRoleCode.ADMIN)
public Response<Integer> register(@Validated @RequestBody UserRequest request) {
String currentUser = LoginUserUtils.getLoginUser().getName();
return Response.success(userService.save(request, currentUser));
diff --git a/inlong-manager/manager-web/src/main/java/org/apache/inlong/manager/web/controller/InlongClusterController.java b/inlong-manager/manager-web/src/main/java/org/apache/inlong/manager/web/controller/InlongClusterController.java
index 3679657c2..8d39fb19d 100644
--- a/inlong-manager/manager-web/src/main/java/org/apache/inlong/manager/web/controller/InlongClusterController.java
+++ b/inlong-manager/manager-web/src/main/java/org/apache/inlong/manager/web/controller/InlongClusterController.java
@@ -90,6 +90,7 @@ public class InlongClusterController {
@ApiOperation(value = "List cluster tags")
public Response<PageResult<ClusterTagResponse>> listTag(@RequestBody ClusterTagPageRequest request) {
request.setCurrentUser(LoginUserUtils.getLoginUser().getName());
+ request.setIsAdminRole(LoginUserUtils.getLoginUser().getRoles().contains(UserTypeEnum.ADMIN.name()));
return Response.success(clusterService.listTag(request));
}