You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@dolphinscheduler.apache.org by GitBox <gi...@apache.org> on 2022/09/20 03:57:42 UTC

[GitHub] [dolphinscheduler] WangJPLeo commented on a diff in pull request #11886: [Fix-11866] [API] When a user accesses an interface without project permission, the returned information is not formatted

WangJPLeo commented on code in PR #11886:
URL: https://github.com/apache/dolphinscheduler/pull/11886#discussion_r974858104


##########
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ProcessTaskRelationServiceImpl.java:
##########
@@ -206,18 +203,17 @@ private void updateProcessDefiniteVersion(User loginUser, Map<String, Object> re
     @Override
     public Map<String, Object> deleteTaskProcessRelation(User loginUser, long projectCode, long processDefinitionCode,
                                                          long taskCode) {
-        Project project = projectMapper.queryByCode(projectCode);
-        // check user access for project
-        Map<String, Object> result = projectService.checkProjectAndAuth(loginUser, project, projectCode, null);
-        if (result.get(Constants.STATUS) != Status.SUCCESS) {
-            return result;
-        }
+
+        Map<String, Object> result = new HashMap<>();
         if (taskCode == 0) {
             logger.error("Delete task process relation error due to parameter taskCode is 0, projectCode:{}, processDefinitionCode:{}.",
                     projectCode, processDefinitionCode);
             putMsg(result, Status.DELETE_TASK_PROCESS_RELATION_ERROR);
             return result;
         }
+        // check user access for project
+        projectService.hasProjectAndPerm(loginUser, projectCode, null);

Review Comment:
   The current deletion operation and item data permission should be verified here and I'll improve this later.



##########
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/SchedulerServiceImpl.java:
##########
@@ -143,10 +146,7 @@ public Map<String, Object> insertSchedule(User loginUser,
         Project project = projectMapper.queryByCode(projectCode);
 
         // check project auth
-        boolean hasProjectAndPerm = projectService.hasProjectAndPerm(loginUser, project, result, null);
-        if (!hasProjectAndPerm) {
-            return result;
-        }
+        projectService.hasProjectAndPerm(loginUser, project, null);

Review Comment:
   Permission key should not be null, also fix them in next pr.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@dolphinscheduler.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org