You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@inlong.apache.org by he...@apache.org on 2023/04/08 23:46:59 UTC

[inlong] branch master updated: [INLONG-7798][Manager] Add user authentication when operate workflow (#7799)

This is an automated email from the ASF dual-hosted git repository.

healchow pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/inlong.git


The following commit(s) were added to refs/heads/master by this push:
     new e05199f4c [INLONG-7798][Manager] Add user authentication when operate workflow (#7799)
e05199f4c is described below

commit e05199f4c3eb3cd9d2f9c45fd11a01654e016ba5
Author: fuweng11 <76...@users.noreply.github.com>
AuthorDate: Sun Apr 9 07:46:52 2023 +0800

    [INLONG-7798][Manager] Add user authentication when operate workflow (#7799)
---
 .../workflow/core/impl/ProcessServiceImpl.java     | 24 ++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/inlong-manager/manager-workflow/src/main/java/org/apache/inlong/manager/workflow/core/impl/ProcessServiceImpl.java b/inlong-manager/manager-workflow/src/main/java/org/apache/inlong/manager/workflow/core/impl/ProcessServiceImpl.java
index 2f71b9629..bb519b378 100644
--- a/inlong-manager/manager-workflow/src/main/java/org/apache/inlong/manager/workflow/core/impl/ProcessServiceImpl.java
+++ b/inlong-manager/manager-workflow/src/main/java/org/apache/inlong/manager/workflow/core/impl/ProcessServiceImpl.java
@@ -19,12 +19,18 @@ package org.apache.inlong.manager.workflow.core.impl;
 
 import com.google.common.collect.Lists;
 import lombok.extern.slf4j.Slf4j;
+import org.apache.inlong.manager.common.consts.InlongConstants;
 import org.apache.inlong.manager.common.enums.ErrorCodeEnum;
 import org.apache.inlong.manager.common.enums.ProcessStatus;
 import org.apache.inlong.manager.common.enums.TaskStatus;
+import org.apache.inlong.manager.common.enums.UserTypeEnum;
 import org.apache.inlong.manager.common.util.Preconditions;
+import org.apache.inlong.manager.dao.entity.InlongGroupEntity;
+import org.apache.inlong.manager.dao.entity.UserEntity;
 import org.apache.inlong.manager.dao.entity.WorkflowProcessEntity;
 import org.apache.inlong.manager.dao.entity.WorkflowTaskEntity;
+import org.apache.inlong.manager.dao.mapper.InlongGroupEntityMapper;
+import org.apache.inlong.manager.dao.mapper.UserEntityMapper;
 import org.apache.inlong.manager.dao.mapper.WorkflowTaskEntityMapper;
 import org.apache.inlong.manager.pojo.workflow.form.process.ProcessForm;
 import org.apache.inlong.manager.workflow.WorkflowAction;
@@ -51,6 +57,10 @@ public class ProcessServiceImpl implements ProcessService {
     private WorkflowTaskEntityMapper taskEntityMapper;
     @Autowired
     private WorkflowContextBuilder workflowContextBuilder;
+    @Autowired
+    private InlongGroupEntityMapper groupMapper;
+    @Autowired
+    private UserEntityMapper userMapper;
 
     @Override
     public WorkflowContext start(String name, String applicant, ProcessForm form) {
@@ -60,6 +70,7 @@ public class ProcessServiceImpl implements ProcessService {
 
         // build context
         WorkflowContext context = workflowContextBuilder.buildContextForProcess(name, applicant, form);
+        checkUser(context, applicant, "Current user does not have permission to start workflow");
         this.processorExecutor.executeStart(context.getProcess().getStartEvent(), context);
         return context;
     }
@@ -69,6 +80,7 @@ public class ProcessServiceImpl implements ProcessService {
         Preconditions.expectNotBlank(operator, ErrorCodeEnum.INVALID_PARAMETER, "operator cannot be null");
         Preconditions.expectNotNull(processId, "processId cannot be null");
         WorkflowContext context = workflowContextBuilder.buildContextForProcess(processId);
+        checkUser(context, operator, "Current user does not have permission to operate workflow");
         WorkflowProcessEntity processEntity = context.getProcessEntity();
         ProcessStatus processStatus = ProcessStatus.valueOf(processEntity.getStatus());
         Preconditions.expectTrue(processStatus == ProcessStatus.PROCESSING,
@@ -96,6 +108,7 @@ public class ProcessServiceImpl implements ProcessService {
         Preconditions.expectNotNull(processId, "processId cannot be null");
 
         WorkflowContext context = workflowContextBuilder.buildContextForProcess(processId);
+        checkUser(context, operator, "Current user does not have permission to cancel workflow");
         List<WorkflowTaskEntity> pendingTasks = taskEntityMapper.selectByProcess(processId, TaskStatus.PENDING);
         for (WorkflowTaskEntity taskEntity : pendingTasks) {
             WorkflowTask task = context.getProcess().getTaskByName(taskEntity.getName());
@@ -111,4 +124,15 @@ public class ProcessServiceImpl implements ProcessService {
         return context;
     }
 
+    public void checkUser(WorkflowContext context, String user, String errMsg) {
+        String groupId = context.getProcessForm().getInlongGroupId();
+        Preconditions.expectNotBlank(groupId, ErrorCodeEnum.GROUP_ID_IS_EMPTY,
+                ErrorCodeEnum.GROUP_ID_IS_EMPTY.getMessage());
+        InlongGroupEntity groupEntity = groupMapper.selectByGroupId(groupId);
+        UserEntity userEntity = userMapper.selectByName(user);
+        boolean isInCharge = Preconditions.inSeparatedString(user, groupEntity.getInCharges(), InlongConstants.COMMA);
+        Preconditions.expectTrue(isInCharge || UserTypeEnum.ADMIN.getCode().equals(userEntity.getAccountType()),
+                errMsg);
+    }
+
 }