You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@inlong.apache.org by he...@apache.org on 2023/04/08 23:46:59 UTC
[inlong] branch master updated: [INLONG-7798][Manager] Add user authentication when operate workflow (#7799)
This is an automated email from the ASF dual-hosted git repository.
healchow pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/inlong.git
The following commit(s) were added to refs/heads/master by this push:
new e05199f4c [INLONG-7798][Manager] Add user authentication when operate workflow (#7799)
e05199f4c is described below
commit e05199f4c3eb3cd9d2f9c45fd11a01654e016ba5
Author: fuweng11 <76...@users.noreply.github.com>
AuthorDate: Sun Apr 9 07:46:52 2023 +0800
[INLONG-7798][Manager] Add user authentication when operate workflow (#7799)
---
.../workflow/core/impl/ProcessServiceImpl.java | 24 ++++++++++++++++++++++
1 file changed, 24 insertions(+)
diff --git a/inlong-manager/manager-workflow/src/main/java/org/apache/inlong/manager/workflow/core/impl/ProcessServiceImpl.java b/inlong-manager/manager-workflow/src/main/java/org/apache/inlong/manager/workflow/core/impl/ProcessServiceImpl.java
index 2f71b9629..bb519b378 100644
--- a/inlong-manager/manager-workflow/src/main/java/org/apache/inlong/manager/workflow/core/impl/ProcessServiceImpl.java
+++ b/inlong-manager/manager-workflow/src/main/java/org/apache/inlong/manager/workflow/core/impl/ProcessServiceImpl.java
@@ -19,12 +19,18 @@ package org.apache.inlong.manager.workflow.core.impl;
import com.google.common.collect.Lists;
import lombok.extern.slf4j.Slf4j;
+import org.apache.inlong.manager.common.consts.InlongConstants;
import org.apache.inlong.manager.common.enums.ErrorCodeEnum;
import org.apache.inlong.manager.common.enums.ProcessStatus;
import org.apache.inlong.manager.common.enums.TaskStatus;
+import org.apache.inlong.manager.common.enums.UserTypeEnum;
import org.apache.inlong.manager.common.util.Preconditions;
+import org.apache.inlong.manager.dao.entity.InlongGroupEntity;
+import org.apache.inlong.manager.dao.entity.UserEntity;
import org.apache.inlong.manager.dao.entity.WorkflowProcessEntity;
import org.apache.inlong.manager.dao.entity.WorkflowTaskEntity;
+import org.apache.inlong.manager.dao.mapper.InlongGroupEntityMapper;
+import org.apache.inlong.manager.dao.mapper.UserEntityMapper;
import org.apache.inlong.manager.dao.mapper.WorkflowTaskEntityMapper;
import org.apache.inlong.manager.pojo.workflow.form.process.ProcessForm;
import org.apache.inlong.manager.workflow.WorkflowAction;
@@ -51,6 +57,10 @@ public class ProcessServiceImpl implements ProcessService {
private WorkflowTaskEntityMapper taskEntityMapper;
@Autowired
private WorkflowContextBuilder workflowContextBuilder;
+ @Autowired
+ private InlongGroupEntityMapper groupMapper;
+ @Autowired
+ private UserEntityMapper userMapper;
@Override
public WorkflowContext start(String name, String applicant, ProcessForm form) {
@@ -60,6 +70,7 @@ public class ProcessServiceImpl implements ProcessService {
// build context
WorkflowContext context = workflowContextBuilder.buildContextForProcess(name, applicant, form);
+ checkUser(context, applicant, "Current user does not have permission to start workflow");
this.processorExecutor.executeStart(context.getProcess().getStartEvent(), context);
return context;
}
@@ -69,6 +80,7 @@ public class ProcessServiceImpl implements ProcessService {
Preconditions.expectNotBlank(operator, ErrorCodeEnum.INVALID_PARAMETER, "operator cannot be null");
Preconditions.expectNotNull(processId, "processId cannot be null");
WorkflowContext context = workflowContextBuilder.buildContextForProcess(processId);
+ checkUser(context, operator, "Current user does not have permission to operate workflow");
WorkflowProcessEntity processEntity = context.getProcessEntity();
ProcessStatus processStatus = ProcessStatus.valueOf(processEntity.getStatus());
Preconditions.expectTrue(processStatus == ProcessStatus.PROCESSING,
@@ -96,6 +108,7 @@ public class ProcessServiceImpl implements ProcessService {
Preconditions.expectNotNull(processId, "processId cannot be null");
WorkflowContext context = workflowContextBuilder.buildContextForProcess(processId);
+ checkUser(context, operator, "Current user does not have permission to cancel workflow");
List<WorkflowTaskEntity> pendingTasks = taskEntityMapper.selectByProcess(processId, TaskStatus.PENDING);
for (WorkflowTaskEntity taskEntity : pendingTasks) {
WorkflowTask task = context.getProcess().getTaskByName(taskEntity.getName());
@@ -111,4 +124,15 @@ public class ProcessServiceImpl implements ProcessService {
return context;
}
+ public void checkUser(WorkflowContext context, String user, String errMsg) {
+ String groupId = context.getProcessForm().getInlongGroupId();
+ Preconditions.expectNotBlank(groupId, ErrorCodeEnum.GROUP_ID_IS_EMPTY,
+ ErrorCodeEnum.GROUP_ID_IS_EMPTY.getMessage());
+ InlongGroupEntity groupEntity = groupMapper.selectByGroupId(groupId);
+ UserEntity userEntity = userMapper.selectByName(user);
+ boolean isInCharge = Preconditions.inSeparatedString(user, groupEntity.getInCharges(), InlongConstants.COMMA);
+ Preconditions.expectTrue(isInCharge || UserTypeEnum.ADMIN.getCode().equals(userEntity.getAccountType()),
+ errMsg);
+ }
+
}