You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@dolphinscheduler.apache.org by GitBox <gi...@apache.org> on 2022/10/17 11:37:06 UTC
[GitHub] [dolphinscheduler] github-code-scanning[bot] commented on a diff in pull request #12048: [Feature-12040][api][ui] Add authorization management of read and write permissions for project and resource center
github-code-scanning[bot] commented on code in PR #12048:
URL: https://github.com/apache/dolphinscheduler/pull/12048#discussion_r996951558
##########
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/ResourcesService.java:
##########
@@ -254,8 +257,17 @@
~ * @param userId user id
~ * @return authorized result code
*/
Map<String, Object> authorizedUDFFunction(User loginUser, Integer userId);
+ /**
+ * authorized file with read permission
+ *
+ * @param loginUser login user
+ * @param userId user id
+ * @return authorized result
+ */
+ Map<String, Object> authorizedFileWithReadPerm(User loginUser, Integer userId);
Review Comment:
## Useless parameter
The parameter 'loginUser' is never used.
[Show more details](https://github.com/apache/dolphinscheduler/security/code-scanning/1853)
##########
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/UsersService.java:
##########
@@ -172,6 +190,17 @@
*/
Map<String, Object> revokeProject(User loginUser, int userId, long projectCode);
+ /**
+ * grant resource with permission level
+ *
+ * @param loginUser login user
+ * @param userId user id
+ * @param readPermResourceIds resource id array with read permission
+ * @param allPermResourceIds resource id array with all permission
+ * @return grant result code
+ */
+ Map<String, Object> grantResourceWithPermLevel(User loginUser, int userId, String readPermResourceIds, String allPermResourceIds);
Review Comment:
## Useless parameter
The parameter 'loginUser' is never used.
[Show more details](https://github.com/apache/dolphinscheduler/security/code-scanning/1855)
##########
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UsersServiceImpl.java:
##########
@@ -553,13 +645,15 @@
return result;
}
- projectUserMapper.deleteProjectRelation(0, userId);
-
if (check(result, StringUtils.isEmpty(projectIds), Status.SUCCESS)) {
logger.warn("Parameter projectIds is empty.");
return result;
}
Arrays.stream(projectIds.split(",")).distinct().forEach(projectId -> {
+ ProjectUser projectUserOld = projectUserMapper.queryProjectRelation(Integer.parseInt(projectId), userId);
+ if (projectUserOld != null) {
+ projectUserMapper.deleteProjectRelation(Integer.parseInt(projectId), userId);
Review Comment:
## Missing catch of NumberFormatException
Potential uncaught 'java.lang.NumberFormatException'.
[Show more details](https://github.com/apache/dolphinscheduler/security/code-scanning/1869)
##########
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UsersServiceImpl.java:
##########
@@ -527,6 +527,98 @@
}
}
+ /**
+ * revoke the project permission for specified user by id
+ * @param loginUser Login user
+ * @param userId User id
+ * @param projectIds project id array
+ * @return
+ */
+ @Override
+ @Transactional(rollbackFor = RuntimeException.class)
+ public Map<String, Object> revokeProjectById(User loginUser, int userId, String projectIds){
+ Map<String, Object> result = new HashMap<>();
+ result.put(Constants.STATUS, false);
+
+ if(resourcePermissionCheckService.functionDisabled()){
+ putMsg(result, Status.FUNCTION_DISABLED);
+ return result;
+ }
+ // 1. only admin can operate
+ if (this.check(result, !this.isAdmin(loginUser), Status.USER_NO_OPERATION_PERM)) {
+ return result;
+ }
+
+ // 2. check if user is existed
+ User user = this.userMapper.selectById(userId);
+ if (user == null) {
+ this.putMsg(result, Status.USER_NOT_EXIST, userId);
+ return result;
+ }
+
+ Arrays.stream(projectIds.split(",")).distinct().forEach(projectId -> {
+ // 3. check if project is existed
+ Project project = this.projectMapper.queryDetailById(Integer.parseInt(projectId));
Review Comment:
## Missing catch of NumberFormatException
Potential uncaught 'java.lang.NumberFormatException'.
[Show more details](https://github.com/apache/dolphinscheduler/security/code-scanning/1863)
##########
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UsersServiceImpl.java:
##########
@@ -553,13 +645,15 @@
return result;
}
- projectUserMapper.deleteProjectRelation(0, userId);
-
if (check(result, StringUtils.isEmpty(projectIds), Status.SUCCESS)) {
logger.warn("Parameter projectIds is empty.");
return result;
}
Arrays.stream(projectIds.split(",")).distinct().forEach(projectId -> {
+ ProjectUser projectUserOld = projectUserMapper.queryProjectRelation(Integer.parseInt(projectId), userId);
Review Comment:
## Missing catch of NumberFormatException
Potential uncaught 'java.lang.NumberFormatException'.
[Show more details](https://github.com/apache/dolphinscheduler/security/code-scanning/1868)
##########
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UsersServiceImpl.java:
##########
@@ -527,6 +527,98 @@
}
}
+ /**
+ * revoke the project permission for specified user by id
+ * @param loginUser Login user
+ * @param userId User id
+ * @param projectIds project id array
+ * @return
+ */
+ @Override
+ @Transactional(rollbackFor = RuntimeException.class)
+ public Map<String, Object> revokeProjectById(User loginUser, int userId, String projectIds){
+ Map<String, Object> result = new HashMap<>();
+ result.put(Constants.STATUS, false);
+
+ if(resourcePermissionCheckService.functionDisabled()){
+ putMsg(result, Status.FUNCTION_DISABLED);
+ return result;
+ }
+ // 1. only admin can operate
+ if (this.check(result, !this.isAdmin(loginUser), Status.USER_NO_OPERATION_PERM)) {
+ return result;
+ }
+
+ // 2. check if user is existed
+ User user = this.userMapper.selectById(userId);
+ if (user == null) {
+ this.putMsg(result, Status.USER_NOT_EXIST, userId);
+ return result;
+ }
+
+ Arrays.stream(projectIds.split(",")).distinct().forEach(projectId -> {
+ // 3. check if project is existed
+ Project project = this.projectMapper.queryDetailById(Integer.parseInt(projectId));
+ if (project == null) {
+ this.putMsg(result, Status.PROJECT_NOT_FOUND, Integer.parseInt(projectId));
+ }
+ else{
+ // 4. delete the relationship between project and user
+ this.projectUserMapper.deleteProjectRelation(project.getId(), user.getId());
+ }
+ });
+
+ this.putMsg(result, Status.SUCCESS);
+ return result;
+ }
+
+ /**
+ * grant project with read permission
+ *
+ * @param loginUser login user
+ * @param userId user id
+ * @param projectIds project id array
+ * @return grant result code
+ */
+ @Override
+ @Transactional(rollbackFor = RuntimeException.class)
+ public Map<String, Object> grantProjectWithReadPerm(User loginUser, int userId, String projectIds) {
+ Map<String, Object> result = new HashMap<>();
+ result.put(Constants.STATUS, false);
+
+ if(resourcePermissionCheckService.functionDisabled()){
+ putMsg(result, Status.FUNCTION_DISABLED);
+ return result;
+ }
+ //check exist
+ User tempUser = userMapper.selectById(userId);
+ if (tempUser == null) {
+ putMsg(result, Status.USER_NOT_EXIST, userId);
+ return result;
+ }
+
+ if (check(result, StringUtils.isEmpty(projectIds), Status.SUCCESS)) {
+ return result;
+ }
+ Arrays.stream(projectIds.split(",")).distinct().forEach(projectId -> {
+ ProjectUser projectUserOld = projectUserMapper.queryProjectRelation(Integer.parseInt(projectId), userId);
Review Comment:
## Missing catch of NumberFormatException
Potential uncaught 'java.lang.NumberFormatException'.
[Show more details](https://github.com/apache/dolphinscheduler/security/code-scanning/1865)
##########
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/UsersService.java:
##########
@@ -150,8 +150,17 @@
~ * @param projectIds project id array
~ * @return grant result code
*/
Map<String, Object> grantProject(User loginUser, int userId, String projectIds);
+ /**
+ * grant project with read permission
+ *
+ * @param loginUser login user
+ * @param userId user id
+ * @param projectIds project id array
+ * @return grant result code
+ */
+ Map<String, Object> grantProjectWithReadPerm(User loginUser, int userId, String projectIds);
Review Comment:
## Useless parameter
The parameter 'loginUser' is never used.
[Show more details](https://github.com/apache/dolphinscheduler/security/code-scanning/1856)
##########
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UsersServiceImpl.java:
##########
@@ -527,6 +527,98 @@
}
}
+ /**
+ * revoke the project permission for specified user by id
+ * @param loginUser Login user
+ * @param userId User id
+ * @param projectIds project id array
+ * @return
+ */
+ @Override
+ @Transactional(rollbackFor = RuntimeException.class)
+ public Map<String, Object> revokeProjectById(User loginUser, int userId, String projectIds){
+ Map<String, Object> result = new HashMap<>();
+ result.put(Constants.STATUS, false);
+
+ if(resourcePermissionCheckService.functionDisabled()){
+ putMsg(result, Status.FUNCTION_DISABLED);
+ return result;
+ }
+ // 1. only admin can operate
+ if (this.check(result, !this.isAdmin(loginUser), Status.USER_NO_OPERATION_PERM)) {
+ return result;
+ }
+
+ // 2. check if user is existed
+ User user = this.userMapper.selectById(userId);
+ if (user == null) {
+ this.putMsg(result, Status.USER_NOT_EXIST, userId);
+ return result;
+ }
+
+ Arrays.stream(projectIds.split(",")).distinct().forEach(projectId -> {
+ // 3. check if project is existed
+ Project project = this.projectMapper.queryDetailById(Integer.parseInt(projectId));
+ if (project == null) {
+ this.putMsg(result, Status.PROJECT_NOT_FOUND, Integer.parseInt(projectId));
Review Comment:
## Missing catch of NumberFormatException
Potential uncaught 'java.lang.NumberFormatException'.
[Show more details](https://github.com/apache/dolphinscheduler/security/code-scanning/1864)
##########
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UsersServiceImpl.java:
##########
@@ -527,6 +527,98 @@
}
}
+ /**
+ * revoke the project permission for specified user by id
+ * @param loginUser Login user
+ * @param userId User id
+ * @param projectIds project id array
+ * @return
+ */
+ @Override
+ @Transactional(rollbackFor = RuntimeException.class)
+ public Map<String, Object> revokeProjectById(User loginUser, int userId, String projectIds){
+ Map<String, Object> result = new HashMap<>();
+ result.put(Constants.STATUS, false);
+
+ if(resourcePermissionCheckService.functionDisabled()){
+ putMsg(result, Status.FUNCTION_DISABLED);
+ return result;
+ }
+ // 1. only admin can operate
+ if (this.check(result, !this.isAdmin(loginUser), Status.USER_NO_OPERATION_PERM)) {
+ return result;
+ }
+
+ // 2. check if user is existed
+ User user = this.userMapper.selectById(userId);
+ if (user == null) {
+ this.putMsg(result, Status.USER_NOT_EXIST, userId);
+ return result;
+ }
+
+ Arrays.stream(projectIds.split(",")).distinct().forEach(projectId -> {
+ // 3. check if project is existed
+ Project project = this.projectMapper.queryDetailById(Integer.parseInt(projectId));
+ if (project == null) {
+ this.putMsg(result, Status.PROJECT_NOT_FOUND, Integer.parseInt(projectId));
+ }
+ else{
+ // 4. delete the relationship between project and user
+ this.projectUserMapper.deleteProjectRelation(project.getId(), user.getId());
+ }
+ });
+
+ this.putMsg(result, Status.SUCCESS);
+ return result;
+ }
+
+ /**
+ * grant project with read permission
+ *
+ * @param loginUser login user
+ * @param userId user id
+ * @param projectIds project id array
+ * @return grant result code
+ */
+ @Override
+ @Transactional(rollbackFor = RuntimeException.class)
+ public Map<String, Object> grantProjectWithReadPerm(User loginUser, int userId, String projectIds) {
+ Map<String, Object> result = new HashMap<>();
+ result.put(Constants.STATUS, false);
+
+ if(resourcePermissionCheckService.functionDisabled()){
+ putMsg(result, Status.FUNCTION_DISABLED);
+ return result;
+ }
+ //check exist
+ User tempUser = userMapper.selectById(userId);
+ if (tempUser == null) {
+ putMsg(result, Status.USER_NOT_EXIST, userId);
+ return result;
+ }
+
+ if (check(result, StringUtils.isEmpty(projectIds), Status.SUCCESS)) {
+ return result;
+ }
+ Arrays.stream(projectIds.split(",")).distinct().forEach(projectId -> {
+ ProjectUser projectUserOld = projectUserMapper.queryProjectRelation(Integer.parseInt(projectId), userId);
+ if (projectUserOld != null) {
+ projectUserMapper.deleteProjectRelation(Integer.parseInt(projectId), userId);
+ }
+ Date now = new Date();
+ ProjectUser projectUser = new ProjectUser();
+ projectUser.setUserId(userId);
+ projectUser.setProjectId(Integer.parseInt(projectId));
Review Comment:
## Missing catch of NumberFormatException
Potential uncaught 'java.lang.NumberFormatException'.
[Show more details](https://github.com/apache/dolphinscheduler/security/code-scanning/1867)
##########
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UsersServiceImpl.java:
##########
@@ -527,6 +527,98 @@
}
}
+ /**
+ * revoke the project permission for specified user by id
+ * @param loginUser Login user
+ * @param userId User id
+ * @param projectIds project id array
+ * @return
+ */
+ @Override
+ @Transactional(rollbackFor = RuntimeException.class)
+ public Map<String, Object> revokeProjectById(User loginUser, int userId, String projectIds){
+ Map<String, Object> result = new HashMap<>();
+ result.put(Constants.STATUS, false);
+
+ if(resourcePermissionCheckService.functionDisabled()){
+ putMsg(result, Status.FUNCTION_DISABLED);
+ return result;
+ }
+ // 1. only admin can operate
+ if (this.check(result, !this.isAdmin(loginUser), Status.USER_NO_OPERATION_PERM)) {
+ return result;
+ }
+
+ // 2. check if user is existed
+ User user = this.userMapper.selectById(userId);
+ if (user == null) {
+ this.putMsg(result, Status.USER_NOT_EXIST, userId);
+ return result;
+ }
+
+ Arrays.stream(projectIds.split(",")).distinct().forEach(projectId -> {
+ // 3. check if project is existed
+ Project project = this.projectMapper.queryDetailById(Integer.parseInt(projectId));
+ if (project == null) {
+ this.putMsg(result, Status.PROJECT_NOT_FOUND, Integer.parseInt(projectId));
+ }
+ else{
+ // 4. delete the relationship between project and user
+ this.projectUserMapper.deleteProjectRelation(project.getId(), user.getId());
+ }
+ });
+
+ this.putMsg(result, Status.SUCCESS);
+ return result;
+ }
+
+ /**
+ * grant project with read permission
+ *
+ * @param loginUser login user
+ * @param userId user id
+ * @param projectIds project id array
+ * @return grant result code
+ */
+ @Override
+ @Transactional(rollbackFor = RuntimeException.class)
+ public Map<String, Object> grantProjectWithReadPerm(User loginUser, int userId, String projectIds) {
+ Map<String, Object> result = new HashMap<>();
+ result.put(Constants.STATUS, false);
+
+ if(resourcePermissionCheckService.functionDisabled()){
+ putMsg(result, Status.FUNCTION_DISABLED);
+ return result;
+ }
+ //check exist
+ User tempUser = userMapper.selectById(userId);
+ if (tempUser == null) {
+ putMsg(result, Status.USER_NOT_EXIST, userId);
+ return result;
+ }
+
+ if (check(result, StringUtils.isEmpty(projectIds), Status.SUCCESS)) {
+ return result;
+ }
+ Arrays.stream(projectIds.split(",")).distinct().forEach(projectId -> {
+ ProjectUser projectUserOld = projectUserMapper.queryProjectRelation(Integer.parseInt(projectId), userId);
+ if (projectUserOld != null) {
+ projectUserMapper.deleteProjectRelation(Integer.parseInt(projectId), userId);
Review Comment:
## Missing catch of NumberFormatException
Potential uncaught 'java.lang.NumberFormatException'.
[Show more details](https://github.com/apache/dolphinscheduler/security/code-scanning/1866)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@dolphinscheduler.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org