Moderate severityNVD Advisory· Published Nov 30, 2023· Updated Feb 13, 2025
Apache DolphinScheduler: Authenticated users could delete UDFs in resource center they were not authorized for
CVE-2023-49620
Description
In Apache DolphinScheduler before 3.1.0, authenticated users can delete UDF functions in the resource center without proper authorization (IDOR).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
In Apache DolphinScheduler before 3.1.0, authenticated users can delete UDF functions in the resource center without proper authorization (IDOR).
The vulnerability is an Insecure Direct Object Reference (IDOR) in the resource center of Apache DolphinScheduler. Before version 3.1.0, a logged-in user could delete UDF (User-Defined Function) files without proper authorization checks [1]. The resource center lacked permission validation for delete operations on UDF resources.
Exploitation requires only a valid user account. An authenticated attacker can send a direct request to the delete endpoint for UDFs they do not own or have permissions for, remotely via the web interface or API [4]. The fix involved adding authorization checks to the resource service methods, as seen in the commit that adds a loginUser parameter to various resource operations [2].
An attacker who deletes UDFs can disrupt workflows that depend on those functions, potentially causing denial of service or data processing failures. UDFs are commonly used in SQL tasks, so their deletion could impact critical data pipelines.
The issue is fixed in Apache DolphinScheduler version 3.1.0. Users should upgrade to this version or later. There are no known workarounds for earlier versions [1]. The vulnerability is rated moderate severity because it requires authentication [4].
References
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.dolphinscheduler:dolphinscheduler-apiMaven | < 3.1.0 | 3.1.0 |
org.apache.dolphinscheduler:dolphinscheduler-commonMaven | < 3.1.0 | 3.1.0 |
org.apache.dolphinscheduler:dolphinscheduler-daoMaven | < 3.1.0 | 3.1.0 |
org.apache.dolphinscheduler:dolphinscheduler-serviceMaven | < 3.1.0 | 3.1.0 |
Affected products
5- ghsa-coords4 versionspkg:maven/org.apache.dolphinscheduler/dolphinscheduler-apipkg:maven/org.apache.dolphinscheduler/dolphinscheduler-commonpkg:maven/org.apache.dolphinscheduler/dolphinscheduler-daopkg:maven/org.apache.dolphinscheduler/dolphinscheduler-service
< 3.1.0+ 3 more
- (no CPE)range: < 3.1.0
- (no CPE)range: < 3.1.0
- (no CPE)range: < 3.1.0
- (no CPE)range: < 3.1.0
- Range: 2.0.0
Patches
1a4948f58e671[Feature][Permission] Reconstruction of permissions of resource center and monitoring center. (#10307)
39 files changed · +907 −428
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/ApiApplicationServer.java+1 −0 modified@@ -18,6 +18,7 @@ package org.apache.dolphinscheduler.api; import org.apache.dolphinscheduler.service.task.TaskPluginManager; + import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication;
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/constants/ApiFuncIdentificationConstant.java+39 −3 modified@@ -21,7 +21,6 @@ import java.util.HashMap; import java.util.Map; - public class ApiFuncIdentificationConstant { public static final String ACCESS_TOKEN_MANAGE = "security:token:view"; @@ -84,8 +83,6 @@ public class ApiFuncIdentificationConstant { public static final String VIEW_PERMISSION = "security:role:permission-view"; public static final String ASSIGN_PERMISSION = "security:role:permission-assign"; - - public static final String PROJECT = "project:view"; public static final String PROJECT_CREATE = "project:create"; public static final String PROJECT_UPDATE = "project:edit"; @@ -141,6 +138,45 @@ public class ApiFuncIdentificationConstant { public static final String DATASOURCE_LIST = "datasource:list"; public static final String DATASOURCE_PARAM_VIEW = "datasource:param-view"; + public static final String FILE_VIEW = "resources:file:view"; + public static final String FOLDER_ONLINE_CREATE = "resources:folder:online-create"; + public static final String FILE_ONLINE_CREATE = "resources:file:online-create"; + public static final String FILE_UPLOAD = "resources:file:upload"; + public static final String FILE_UPDATE = "resources:file:update-content"; + public static final String FILE_RENAME = "resources:file:rename"; + public static final String FILE_DOWNLOAD = "resources:file:download"; + public static final String FILE_DELETE = "resources:file:delete"; + + public static final String UDF_FILE_VIEW = "resources:udf:view"; + public static final String UDF_FOLDER_ONLINE_CREATE = "resources:udf-folder:online-create"; + public static final String UDF_UPLOAD = "resources:udf:upload"; + public static final String UDF_UPDATE = "resources:udf:edit"; + public static final String UDF_DOWNLOAD = "resources:udf:download"; + public static final String UDF_DELETE = "resources:udf:delete"; + + public static final String UDF_FUNCTION_VIEW = "resources:udf-func:view"; + public static final String UDF_FUNCTION_CREATE = "resources:udf-func:create"; + public static final String UDF_FUNCTION_UPDATE = "resources:udf-func:update"; + public static final String UDF_FUNCTION_DELETE = "resources:udf-func:delete"; + + public static final String TASK_GROUP_VIEW = "resources:task-group:view"; + public static final String TASK_GROUP_CREATE = "resources:task-group:create"; + public static final String TASK_GROUP_CLOSE = "resources:task-group:close"; + public static final String TASK_GROUP_EDIT = "resources:task-group:update"; + public static final String TASK_GROUP_VIEW_QUEUE = "resources:task-group:queue-view"; + + public static final String TASK_GROUP_QUEUE = "resources:task-group-queue:view"; + public static final String TASK_GROUP_QUEUE_PRIORITY = "resources:task-group-queue:priority"; + public static final String TASK_GROUP_QUEUE_START = "resources:task-group-queue:start"; + + public static final String MONITOR_MASTER_VIEW = "monitor:masters:view"; + public static final String MONITOR_WORKER_VIEW = "monitor:workers:view"; + public static final String MONITOR_DATABASES_VIEW = "monitor:databases:view"; + + public static final String MONITOR_STATISTICS_VIEW = "monitor:statistics:view"; + public static final String MONITOR_EVENT_LIST_VIEW = "monitor:event:view"; + public static final String MONITOR_ALERT_LIST_VIEW = "monitor:alert:view"; + public final static Map<ExecuteType,String> map = new HashMap<ExecuteType,String>(); static{
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/controller/ResourcesController.java+12 −17 modified@@ -316,8 +316,7 @@ public Result<Object> queryResourceJarList(@ApiIgnore @RequestAttribute(value = @RequestParam(value = "type") ResourceType type, @RequestParam(value = "programType", required = false) ProgramType programType ) { - Map<String, Object> result = resourceService.queryResourceByProgramType(loginUser, type, programType); - return returnDataList(result); + return resourceService.queryResourceByProgramType(loginUser, type, programType); } /** @@ -345,7 +344,7 @@ public Result<Object> queryResource(@ApiIgnore @RequestAttribute(value = Constan @RequestParam(value = "type") ResourceType type ) { - return resourceService.queryResource(fullName, id, type); + return resourceService.queryResource(loginUser, fullName, id, type); } /** @@ -371,7 +370,7 @@ public Result viewResource(@ApiIgnore @RequestAttribute(value = Constants.SESSIO @RequestParam(value = "skipLineNum") int skipLineNum, @RequestParam(value = "limit") int limit ) { - return resourceService.readResource(resourceId, skipLineNum, limit); + return resourceService.readResource(loginUser, resourceId, skipLineNum, limit); } /** @@ -432,7 +431,7 @@ public Result updateResourceContent(@ApiIgnore @RequestAttribute(value = Constan logger.error("The resource file contents are not allowed to be empty"); return error(RESOURCE_FILE_IS_EMPTY.getCode(), RESOURCE_FILE_IS_EMPTY.getMsg()); } - return resourceService.updateResourceContent(resourceId, content); + return resourceService.updateResourceContent(loginUser, resourceId, content); } /** @@ -452,7 +451,7 @@ public Result updateResourceContent(@ApiIgnore @RequestAttribute(value = Constan @AccessLogAnnotation(ignoreRequestArgs = "loginUser") public ResponseEntity downloadResource(@ApiIgnore @RequestAttribute(value = Constants.SESSION_USER) User loginUser, @PathVariable(value = "id") int resourceId) throws Exception { - Resource file = resourceService.downloadResource(resourceId); + Resource file = resourceService.downloadResource(loginUser, resourceId); if (file == null) { return ResponseEntity.status(HttpStatus.BAD_REQUEST).body(RESOURCE_NOT_EXIST.getMsg()); } @@ -521,8 +520,7 @@ public Result createUdfFunc(@ApiIgnore @RequestAttribute(value = Constants.SESSI @AccessLogAnnotation(ignoreRequestArgs = "loginUser") public Result viewUIUdfFunction(@ApiIgnore @RequestAttribute(value = Constants.SESSION_USER) User loginUser, @PathVariable("id") int id) { - Map<String, Object> map = udfFuncService.queryUdfFuncDetail(id); - return returnDataList(map); + return udfFuncService.queryUdfFuncDetail(loginUser, id); } /** @@ -563,8 +561,7 @@ public Result updateUdfFunc(@ApiIgnore @RequestAttribute(value = Constants.SESSI @RequestParam(value = "database", required = false) String database, @RequestParam(value = "description", required = false) String description, @PathVariable(value = "resourceId") int resourceId) { - Map<String, Object> result = udfFuncService.updateUdfFunc(udfFuncId, funcName, className, argTypes, database, description, type, resourceId); - return returnDataList(result); + return udfFuncService.updateUdfFunc(loginUser, udfFuncId, funcName, className, argTypes, database, description, type, resourceId); } /** @@ -595,8 +592,7 @@ public Result<Object> queryUdfFuncListPaging(@ApiIgnore @RequestAttribute(value if (!result.checkResult()) { return result; } - result = udfFuncService.queryUdfFuncListPaging(loginUser, searchVal, pageNo, pageSize); - return result; + return udfFuncService.queryUdfFuncListPaging(loginUser, searchVal, pageNo, pageSize); } /** @@ -616,8 +612,7 @@ public Result<Object> queryUdfFuncListPaging(@ApiIgnore @RequestAttribute(value @AccessLogAnnotation(ignoreRequestArgs = "loginUser") public Result<Object> queryUdfFuncList(@ApiIgnore @RequestAttribute(value = Constants.SESSION_USER) User loginUser, @RequestParam("type") UdfType type) { - Map<String, Object> result = udfFuncService.queryUdfFuncList(loginUser, type.ordinal()); - return returnDataList(result); + return udfFuncService.queryUdfFuncList(loginUser, type.ordinal()); } /** @@ -639,7 +634,7 @@ public Result<Object> queryUdfFuncList(@ApiIgnore @RequestAttribute(value = Cons public Result verifyUdfFuncName(@ApiIgnore @RequestAttribute(value = Constants.SESSION_USER) User loginUser, @RequestParam(value = "name") String name ) { - return udfFuncService.verifyUdfFuncByName(name); + return udfFuncService.verifyUdfFuncByName(loginUser, name); } /** @@ -660,7 +655,7 @@ public Result verifyUdfFuncName(@ApiIgnore @RequestAttribute(value = Constants.S public Result deleteUdfFunc(@ApiIgnore @RequestAttribute(value = Constants.SESSION_USER) User loginUser, @PathVariable(value = "id") int udfFuncId ) { - return udfFuncService.delete(udfFuncId); + return udfFuncService.delete(loginUser, udfFuncId); } /** @@ -770,6 +765,6 @@ public Result queryResourceById(@ApiIgnore @RequestAttribute(value = Constants.S @PathVariable(value = "id", required = true) Integer id ) { - return resourceService.queryResourceById(id); + return resourceService.queryResourceById(loginUser, id); } }
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/enums/Status.java+4 −1 modified@@ -404,7 +404,10 @@ public enum Status { QUERY_CAN_USE_K8S_CLUSTER_ERROR(1300014, "login user query can used k8s cluster list error", "查询可用k8s集群错误"), RESOURCE_FULL_NAME_TOO_LONG_ERROR(1300015, "resource's fullname is too long error", "资源文件名过长"), TENANT_FULL_NAME_TOO_LONG_ERROR(1300016, "tenant's fullname is too long error", "租户名过长"), - FUNCTION_DISABLED(1400002, "The current feature is disabled.", "当前功能已被禁用"); + + NO_CURRENT_OPERATING_PERMISSION(1400001, "The current user does not have this permission.", "当前用户无此权限"), + FUNCTION_DISABLED(1400002, "The current feature is disabled.", "当前功能已被禁用"), + ; private final int code; private final String enMsg;
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/python/PythonGateway.java+2 −2 modified@@ -536,8 +536,8 @@ public Map<String, Object> getDependentInfo(String projectName, String processDe public Map<String, Object> getResourcesFileInfo(String programType, String fullName) { Map<String, Object> result = new HashMap<>(); - Map<String, Object> resources = resourceService.queryResourceByProgramType(dummyAdminUser, ResourceType.FILE, ProgramType.valueOf(programType)); - List<ResourceComponent> resourcesComponent = (List<ResourceComponent>) resources.get(Constants.DATA_LIST); + Result<Object> resources = resourceService.queryResourceByProgramType(dummyAdminUser, ResourceType.FILE, ProgramType.valueOf(programType)); + List<ResourceComponent> resourcesComponent = (List<ResourceComponent>) resources.getData(); List<ResourceComponent> namedResources = resourcesComponent.stream().filter(s -> fullName.equals(s.getFullName())).collect(Collectors.toList()); if (CollectionUtils.isEmpty(namedResources)) { String msg = String.format("Can not find valid resource by program type %s and name %s", programType, fullName);
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/BaseServiceImpl.java+3 −3 modified@@ -45,7 +45,7 @@ public class BaseServiceImpl implements BaseService { private static final Logger logger = LoggerFactory.getLogger(BaseServiceImpl.class); @Autowired - private ResourcePermissionCheckService resourcePermissionCheckService; + protected ResourcePermissionCheckService resourcePermissionCheckService; /** * check admin @@ -162,8 +162,8 @@ public boolean canOperator(User operateUser, int createUserId) { * @return boolean */ @Override - public boolean canOperatorPermissions(User user, Object[] ids,AuthorizationType type,String perm) { - boolean operationPermissionCheck = resourcePermissionCheckService.operationPermissionCheck(type, user.getId(), perm, logger); + public boolean canOperatorPermissions(User user, Object[] ids,AuthorizationType type,String permissionKey) { + boolean operationPermissionCheck = resourcePermissionCheckService.operationPermissionCheck(type, user.getId(), permissionKey, logger); boolean resourcePermissionCheck = resourcePermissionCheckService.resourcePermissionCheck(type, ids, user.getUserType().equals(UserType.ADMIN_USER) ? 0 : user.getId(), logger); return operationPermissionCheck && resourcePermissionCheck; }
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/MonitorServiceImpl.java+20 −6 modified@@ -17,9 +17,11 @@ package org.apache.dolphinscheduler.api.service.impl; +import org.apache.dolphinscheduler.api.constants.ApiFuncIdentificationConstant; import org.apache.dolphinscheduler.api.enums.Status; import org.apache.dolphinscheduler.api.service.MonitorService; import org.apache.dolphinscheduler.common.Constants; +import org.apache.dolphinscheduler.common.enums.AuthorizationType; import org.apache.dolphinscheduler.common.enums.NodeType; import org.apache.dolphinscheduler.common.model.Server; import org.apache.dolphinscheduler.common.model.WorkerServerModel; @@ -34,6 +36,8 @@ import java.util.function.Function; import java.util.stream.Collectors; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; @@ -45,6 +49,8 @@ @Service public class MonitorServiceImpl extends BaseServiceImpl implements MonitorService { + public static final Logger logger = LoggerFactory.getLogger(MonitorServiceImpl.class); + @Autowired private MonitorDBDao monitorDBDao; @@ -60,14 +66,14 @@ public class MonitorServiceImpl extends BaseServiceImpl implements MonitorServic @Override public Map<String, Object> queryDatabaseState(User loginUser) { Map<String, Object> result = new HashMap<>(); - + if (!canOperatorPermissions(loginUser, null, AuthorizationType.MONITOR, ApiFuncIdentificationConstant.MONITOR_DATABASES_VIEW)) { + putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION); + return result; + } List<MonitorRecord> monitorRecordList = monitorDBDao.queryDatabaseState(); - result.put(Constants.DATA_LIST, monitorRecordList); putMsg(result, Status.SUCCESS); - return result; - } /** @@ -78,9 +84,11 @@ public Map<String, Object> queryDatabaseState(User loginUser) { */ @Override public Map<String, Object> queryMaster(User loginUser) { - Map<String, Object> result = new HashMap<>(); - + if (!canOperatorPermissions(loginUser, null, AuthorizationType.MONITOR, ApiFuncIdentificationConstant.MONITOR_MASTER_VIEW)) { + putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION); + return result; + } List<Server> masterServers = getServerListFromRegistry(true); result.put(Constants.DATA_LIST, masterServers); putMsg(result, Status.SUCCESS); @@ -98,6 +106,12 @@ public Map<String, Object> queryMaster(User loginUser) { public Map<String, Object> queryWorker(User loginUser) { Map<String, Object> result = new HashMap<>(); + + if (!canOperatorPermissions(loginUser, null, AuthorizationType.MONITOR, ApiFuncIdentificationConstant.MONITOR_WORKER_VIEW)) { + putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION); + return result; + } + List<WorkerServerModel> workerServers = getServerListFromRegistry(false) .stream() .map((Server server) -> {
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ProjectServiceImpl.java+3 −8 modified@@ -87,17 +87,15 @@ public class ProjectServiceImpl extends BaseServiceImpl implements ProjectServic @Override public Map<String, Object> createProject(User loginUser, String name, String desc) { - Map<String, Object> result = new HashMap<>(); - Map<String, Object> descCheck = checkDesc(desc); - if (descCheck.get(Constants.STATUS) != Status.SUCCESS) { - return descCheck; + Map<String, Object> result = checkDesc(desc); + if (result.get(Constants.STATUS) != Status.SUCCESS) { + return result; } if (!canOperatorPermissions(loginUser, null,AuthorizationType.PROJECTS, PROJECT_CREATE)) { putMsg(result, Status.USER_NO_OPERATION_PERM); return result; } - Project project = projectMapper.queryByName(name); if (project != null) { putMsg(result, Status.PROJECT_ALREADY_EXISTS, name); @@ -482,7 +480,6 @@ private boolean checkReadPermission(User user, Project project) { } /** -<<<<<<< HEAD * check whether have read permission new * @param user * @param id @@ -495,8 +492,6 @@ private boolean checkReadPermissions(User user, Integer id){ } /** -======= ->>>>>>> f3b76b72a ([Feature][API] Modify the permissions of project management, security center, data source center and data quality module.) * query permission id * * @param user user
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ResourcesServiceImpl.java+166 −39 modified@@ -25,6 +25,7 @@ import org.apache.commons.beanutils.BeanMap; import org.apache.commons.collections.CollectionUtils; import org.apache.commons.lang.StringUtils; +import org.apache.dolphinscheduler.api.constants.ApiFuncIdentificationConstant; import org.apache.dolphinscheduler.api.dto.resources.ResourceComponent; import org.apache.dolphinscheduler.api.dto.resources.filter.ResourceFilter; import org.apache.dolphinscheduler.api.dto.resources.visitor.ResourceTreeVisitor; @@ -36,6 +37,7 @@ import org.apache.dolphinscheduler.api.utils.RegexUtils; import org.apache.dolphinscheduler.api.utils.Result; import org.apache.dolphinscheduler.common.Constants; +import org.apache.dolphinscheduler.common.enums.AuthorizationType; import org.apache.dolphinscheduler.common.enums.ProgramType; import org.apache.dolphinscheduler.common.enums.ResUploadType; import org.apache.dolphinscheduler.common.storage.StorageOperate; @@ -54,6 +56,7 @@ import org.apache.dolphinscheduler.dao.mapper.UdfFuncMapper; import org.apache.dolphinscheduler.dao.mapper.UserMapper; import org.apache.dolphinscheduler.dao.utils.ResourceProcessDefinitionUtils; +import org.apache.dolphinscheduler.service.permission.ResourcePermissionCheckService; import org.apache.dolphinscheduler.spi.enums.ResourceType; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -66,7 +69,17 @@ import java.io.IOException; import java.rmi.ServerException; import java.text.MessageFormat; -import java.util.*; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collections; +import java.util.Date; +import java.util.HashMap; +import java.util.HashSet; +import java.util.List; +import java.util.Map; +import java.util.Objects; +import java.util.Set; +import java.util.UUID; import java.util.regex.Matcher; import java.util.stream.Collectors; @@ -105,6 +118,9 @@ public class ResourcesServiceImpl extends BaseServiceImpl implements ResourcesSe @Autowired(required = false) private StorageOperate storageOperate; + + @Autowired + private ResourcePermissionCheckService resourcePermissionCheckService; /** * create directory @@ -125,7 +141,15 @@ public Result<Object> createDirectory(User loginUser, ResourceType type, int pid, String currentDir) { - Result<Object> result = checkResourceUploadStartupState(); + Result<Object> result = new Result<>(); + String funcPermissionKey = type.equals(ResourceType.FILE) ? ApiFuncIdentificationConstant.FOLDER_ONLINE_CREATE : ApiFuncIdentificationConstant.UDF_FOLDER_ONLINE_CREATE; + boolean canOperatorPermissions = canOperatorPermissions(loginUser, null, AuthorizationType.RESOURCE_FILE_ID, funcPermissionKey); + if (!canOperatorPermissions){ + putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION); + return result; + } + + result = checkResourceUploadStartupState(); if (!result.getCode().equals(Status.SUCCESS.getCode())) { return result; } @@ -197,7 +221,14 @@ public Result<Object> createResource(User loginUser, MultipartFile file, int pid, String currentDir) { - Result<Object> result = checkResourceUploadStartupState(); + Result<Object> result = new Result<>(); + String funcPermissionKey = type.equals(ResourceType.FILE) ? ApiFuncIdentificationConstant.FILE_ONLINE_CREATE : ApiFuncIdentificationConstant.UDF_FOLDER_ONLINE_CREATE; + boolean canOperatorPermissions = canOperatorPermissions(loginUser, null, AuthorizationType.RESOURCE_FILE_ID, funcPermissionKey); + if (!canOperatorPermissions){ + putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION); + return result; + } + result = checkResourceUploadStartupState(); if (!result.getCode().equals(Status.SUCCESS.getCode())) { return result; } @@ -311,7 +342,14 @@ public Result<Object> updateResource(User loginUser, String desc, ResourceType type, MultipartFile file) { - Result<Object> result = checkResourceUploadStartupState(); + Result<Object> result = new Result<>(); + String funcPermissionKey = type.equals(ResourceType.FILE) ? ApiFuncIdentificationConstant.FILE_UPDATE : ApiFuncIdentificationConstant.UDF_UPDATE; + boolean canOperatorPermissions = canOperatorPermissions(loginUser, new Object[]{resourceId}, AuthorizationType.RESOURCE_FILE_ID, funcPermissionKey); + if (!canOperatorPermissions){ + putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION); + return result; + } + result = checkResourceUploadStartupState(); if (!result.getCode().equals(Status.SUCCESS.getCode())) { return result; } @@ -577,13 +615,20 @@ private Result<Object> verifyFile(String name, ResourceType type, MultipartFile */ @Override public Result queryResourceListPaging(User loginUser, int directoryId, ResourceType type, String searchVal, Integer pageNo, Integer pageSize) { + Result<Object> result = new Result<>(); + String funcPermissionKey = type.equals(ResourceType.FILE) ? ApiFuncIdentificationConstant.FILE_VIEW : ApiFuncIdentificationConstant.UDF_FILE_VIEW; + boolean canOperatorPermissions = canOperatorPermissions(loginUser, null, AuthorizationType.RESOURCE_FILE_ID, funcPermissionKey); + if (!canOperatorPermissions){ + putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION); + return result; + } - Result result = new Result(); Page<Resource> page = new Page<>(pageNo, pageSize); int userId = loginUser.getId(); if (isAdmin(loginUser)) { userId = 0; } + if (directoryId != -1) { Resource directory = resourcesMapper.selectById(directoryId); if (directory == null) { @@ -592,9 +637,8 @@ public Result queryResourceListPaging(User loginUser, int directoryId, ResourceT } } - List<Integer> resourcesIds = resourceUserMapper.queryResourcesIdListByUserIdAndPerm(userId, 0); - - IPage<Resource> resourceIPage = resourcesMapper.queryResourcePaging(page, userId, directoryId, type.ordinal(), searchVal, resourcesIds); + Set<Integer> resourcesIds = resourcePermissionCheckService.userOwnedResourceIdsAcquisition(AuthorizationType.RESOURCE_FILE_ID, loginUser.getId(), logger); + IPage<Resource> resourceIPage = resourcesMapper.queryResourcePaging(page, directoryId, type.ordinal(), loginUser.getId(), searchVal, new ArrayList<>(resourcesIds)); PageInfo<Resource> pageInfo = new PageInfo<>(pageNo, pageSize); pageInfo.setTotal((int) resourceIPage.getTotal()); @@ -683,6 +727,14 @@ private boolean upload(User loginUser, String fullName, MultipartFile file, Reso @Override public Map<String, Object> queryResourceList(User loginUser, ResourceType type) { Map<String, Object> result = new HashMap<>(); + + String funcPermissionKey = type.equals(ResourceType.FILE) ? ApiFuncIdentificationConstant.FILE_VIEW : ApiFuncIdentificationConstant.UDF_FILE_VIEW; + boolean canOperatorPermissions = canOperatorPermissions(loginUser, null, AuthorizationType.RESOURCE_FILE_ID, funcPermissionKey); + if (!canOperatorPermissions){ + putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION); + return result; + } + List<Resource> allResourceList = queryAuthoredResourceList(loginUser, type); Visitor resourceTreeVisitor = new ResourceTreeVisitor(allResourceList); result.put(Constants.DATA_LIST, resourceTreeVisitor.visit().getChildren()); @@ -699,10 +751,22 @@ public Map<String, Object> queryResourceList(User loginUser, ResourceType type) * @return resource list */ @Override - public Map<String, Object> queryResourceByProgramType(User loginUser, ResourceType type, ProgramType programType) { - Map<String, Object> result = new HashMap<>(); + public Result<Object> queryResourceByProgramType(User loginUser, ResourceType type, ProgramType programType) { + Result<Object> result = new Result<>(); + String funcPermissionKey = type.equals(ResourceType.FILE) ? ApiFuncIdentificationConstant.FILE_VIEW : ApiFuncIdentificationConstant.UDF_FILE_VIEW; + boolean canOperatorPermissions = canOperatorPermissions(loginUser, null, AuthorizationType.RESOURCE_FILE_ID, funcPermissionKey); + if (!canOperatorPermissions){ + putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION); + return result; + } - List<Resource> allResourceList = queryAuthoredResourceList(loginUser, type); + Set<Integer> resourceIds = resourcePermissionCheckService.userOwnedResourceIdsAcquisition(AuthorizationType.RESOURCE_FILE_ID, loginUser.getId(), logger); + if (resourceIds.isEmpty()){ + result.setData(Collections.emptyList()); + putMsg(result, Status.SUCCESS); + return result; + } + List<Resource> allResourceList = resourcesMapper.selectBatchIds(resourceIds); String suffix = ".jar"; if (programType != null) { @@ -718,9 +782,8 @@ public Map<String, Object> queryResourceByProgramType(User loginUser, ResourceTy } List<Resource> resources = new ResourceFilter(suffix, new ArrayList<>(allResourceList)).filter(); Visitor resourceTreeVisitor = new ResourceTreeVisitor(resources); - result.put(Constants.DATA_LIST, resourceTreeVisitor.visit().getChildren()); + result.setData(resourceTreeVisitor.visit().getChildren()); putMsg(result, Status.SUCCESS); - return result; } @@ -735,15 +798,22 @@ public Map<String, Object> queryResourceByProgramType(User loginUser, ResourceTy @Override @Transactional(rollbackFor = Exception.class) public Result<Object> delete(User loginUser, int resourceId) throws IOException { - Result<Object> result = checkResourceUploadStartupState(); - if (!result.getCode().equals(Status.SUCCESS.getCode())) { - return result; - } - // get resource by id + Result<Object> resultCheck = new Result<>(); Resource resource = resourcesMapper.selectById(resourceId); if (resource == null) { - putMsg(result, Status.RESOURCE_NOT_EXIST); + putMsg(resultCheck, Status.RESOURCE_NOT_EXIST); + return resultCheck; + } + String funcPermissionKey = resource.getType().equals(ResourceType.FILE) ? ApiFuncIdentificationConstant.FILE_DELETE : ApiFuncIdentificationConstant.UDF_DELETE; + boolean canOperatorPermissions = canOperatorPermissions(loginUser, new Object[]{resourceId}, AuthorizationType.RESOURCE_FILE_ID, funcPermissionKey); + if (!canOperatorPermissions){ + putMsg(resultCheck, Status.NO_CURRENT_OPERATING_PERMISSION); + return resultCheck; + } + + Result<Object> result = checkResourceUploadStartupState(); + if (!result.getCode().equals(Status.SUCCESS.getCode())) { return result; } if (!canOperator(loginUser, resource.getUserId())) { @@ -818,6 +888,12 @@ public Result<Object> delete(User loginUser, int resourceId) throws IOException @Override public Result<Object> verifyResourceName(String fullName, ResourceType type, User loginUser) { Result<Object> result = new Result<>(); + String funcPermissionKey = type.equals(ResourceType.FILE) ? ApiFuncIdentificationConstant.FILE_RENAME : ApiFuncIdentificationConstant.UDF_FILE_VIEW; + boolean canOperatorPermissions = canOperatorPermissions(loginUser, null, AuthorizationType.RESOURCE_FILE_ID, funcPermissionKey); + if (!canOperatorPermissions){ + putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION); + return result; + } putMsg(result, Status.SUCCESS); if (checkResourceExists(fullName, type.ordinal())) { logger.error("resource type:{} name:{} has exist, can't create again.", type, RegexUtils.escapeNRT(fullName)); @@ -854,34 +930,40 @@ public Result<Object> verifyResourceName(String fullName, ResourceType type, Use * @return true if the resource full name or pid not exists, otherwise return false */ @Override - public Result<Object> queryResource(String fullName, Integer id, ResourceType type) { + public Result<Object> queryResource(User loginUser, String fullName, Integer id, ResourceType type) { Result<Object> result = new Result<>(); if (StringUtils.isBlank(fullName) && id == null) { putMsg(result, Status.REQUEST_PARAMS_NOT_VALID_ERROR); return result; } + Resource resource; if (StringUtils.isNotBlank(fullName)) { List<Resource> resourceList = resourcesMapper.queryResource(fullName, type.ordinal()); if (CollectionUtils.isEmpty(resourceList)) { putMsg(result, Status.RESOURCE_NOT_EXIST); return result; } - putMsg(result, Status.SUCCESS); - result.setData(resourceList.get(0)); + resource = resourceList.get(0); } else { - Resource resource = resourcesMapper.selectById(id); + resource = resourcesMapper.selectById(id); if (resource == null) { putMsg(result, Status.RESOURCE_NOT_EXIST); return result; } - Resource parentResource = resourcesMapper.selectById(resource.getPid()); - if (parentResource == null) { + resource = resourcesMapper.selectById(resource.getPid()); + if (resource == null) { putMsg(result, Status.RESOURCE_NOT_EXIST); return result; } - putMsg(result, Status.SUCCESS); - result.setData(parentResource); } + String funcPermissionKey = type.equals(ResourceType.FILE) ? ApiFuncIdentificationConstant.FILE_VIEW : ApiFuncIdentificationConstant.UDF_FILE_VIEW; + boolean canOperatorPermissions = canOperatorPermissions(loginUser, new Object[]{resource.getId()}, AuthorizationType.RESOURCE_FILE_ID, funcPermissionKey); + if (!canOperatorPermissions){ + putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION); + return result; + } + putMsg(result, Status.SUCCESS); + result.setData(resource); return result; } @@ -891,13 +973,19 @@ public Result<Object> queryResource(String fullName, Integer id, ResourceType ty * @return resource */ @Override - public Result<Object> queryResourceById(Integer id) { + public Result<Object> queryResourceById(User loginUser, Integer id) { Result<Object> result = new Result<>(); Resource resource = resourcesMapper.selectById(id); if (resource == null) { putMsg(result, Status.RESOURCE_NOT_EXIST); return result; } + String funcPermissionKey = resource.getType().equals(ResourceType.FILE) ? ApiFuncIdentificationConstant.FILE_VIEW : ApiFuncIdentificationConstant.UDF_FILE_VIEW; + boolean canOperatorPermissions = canOperatorPermissions(loginUser, new Object[]{id}, AuthorizationType.RESOURCE_FILE_ID, funcPermissionKey); + if (!canOperatorPermissions){ + putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION); + return result; + } putMsg(result, Status.SUCCESS); result.setData(resource); return result; @@ -912,18 +1000,23 @@ public Result<Object> queryResourceById(Integer id) { * @return resource content */ @Override - public Result<Object> readResource(int resourceId, int skipLineNum, int limit) { + public Result<Object> readResource(User loginUser, int resourceId, int skipLineNum, int limit) { Result<Object> result = checkResourceUploadStartupState(); if (!result.getCode().equals(Status.SUCCESS.getCode())) { return result; } - // get resource by id Resource resource = resourcesMapper.selectById(resourceId); if (resource == null) { putMsg(result, Status.RESOURCE_NOT_EXIST); return result; } + String funcPermissionKey = resource.getType().equals(ResourceType.FILE) ? ApiFuncIdentificationConstant.FILE_VIEW : ApiFuncIdentificationConstant.UDF_FILE_VIEW; + boolean canOperatorPermissions = canOperatorPermissions(loginUser, new Object[]{resourceId}, AuthorizationType.RESOURCE_FILE_ID, funcPermissionKey); + if (!canOperatorPermissions){ + putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION); + return result; + } //check preview or not by file suffix String nameSuffix = Files.getFileExtension(resource.getAlias()); String resourceViewSuffixes = FileUtils.getResourceViewSuffixes(); @@ -982,7 +1075,14 @@ public Result<Object> readResource(int resourceId, int skipLineNum, int limit) { @Override @Transactional(rollbackFor = Exception.class) public Result<Object> onlineCreateResource(User loginUser, ResourceType type, String fileName, String fileSuffix, String desc, String content, int pid, String currentDir) { - Result<Object> result = checkResourceUploadStartupState(); + Result<Object> result = new Result<>(); + boolean canOperatorPermissions = canOperatorPermissions(loginUser, null, AuthorizationType.RESOURCE_FILE_ID, ApiFuncIdentificationConstant.FILE_ONLINE_CREATE); + if (!canOperatorPermissions){ + putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION); + return result; + } + + result = checkResourceUploadStartupState(); if (!result.getCode().equals(Status.SUCCESS.getCode())) { return result; } @@ -1028,7 +1128,7 @@ public Result<Object> onlineCreateResource(User loginUser, ResourceType type, St String tenantCode = tenantMapper.queryById(loginUser.getTenantId()).getTenantCode(); - result = uploadContentToStorage(fullName, tenantCode, content); + result = uploadContentToStorage(loginUser, fullName, tenantCode, content); if (!result.getCode().equals(Status.SUCCESS.getCode())) { throw new ServiceException(result.getMsg()); } @@ -1081,7 +1181,7 @@ private Result<Object> verifyPid(User loginUser, int pid) { */ @Override @Transactional(rollbackFor = Exception.class) - public Result<Object> updateResourceContent(int resourceId, String content) { + public Result<Object> updateResourceContent(User loginUser, int resourceId, String content) { Result<Object> result = checkResourceUploadStartupState(); if (!result.getCode().equals(Status.SUCCESS.getCode())) { return result; @@ -1093,6 +1193,12 @@ public Result<Object> updateResourceContent(int resourceId, String content) { putMsg(result, Status.RESOURCE_NOT_EXIST); return result; } + String funcPermissionKey = resource.getType().equals(ResourceType.FILE) ? ApiFuncIdentificationConstant.FILE_UPDATE : ApiFuncIdentificationConstant.UDF_UPDATE; + boolean canOperatorPermissions = canOperatorPermissions(loginUser, new Object[]{resourceId}, AuthorizationType.RESOURCE_FILE_ID, funcPermissionKey); + if (!canOperatorPermissions){ + putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION); + return result; + } //check can edit by file suffix String nameSuffix = Files.getFileExtension(resource.getAlias()); String resourceViewSuffixes = FileUtils.getResourceViewSuffixes(); @@ -1114,7 +1220,7 @@ public Result<Object> updateResourceContent(int resourceId, String content) { resource.setUpdateTime(new Date()); resourcesMapper.updateById(resource); - result = uploadContentToStorage(resource.getFullName(), tenantCode, content); + result = uploadContentToStorage(loginUser, resource.getFullName(), tenantCode, content); updateParentResourceSize(resource, resource.getSize() - originFileSize); if (!result.getCode().equals(Status.SUCCESS.getCode())) { @@ -1129,7 +1235,7 @@ public Result<Object> updateResourceContent(int resourceId, String content) { * @param content content * @return result */ - private Result<Object> uploadContentToStorage(String resourceName, String tenantCode, String content) { + private Result<Object> uploadContentToStorage(User loginUser,String resourceName, String tenantCode, String content) { Result<Object> result = new Result<>(); String localFilename = ""; String storageFileName = ""; @@ -1176,7 +1282,7 @@ private Result<Object> uploadContentToStorage(String resourceName, String tenant * @throws IOException exception */ @Override - public org.springframework.core.io.Resource downloadResource(int resourceId) throws IOException { + public org.springframework.core.io.Resource downloadResource(User loginUser, int resourceId) throws IOException { // if resource upload startup if (!PropertyUtils.getResUploadStartupState()) { logger.error("resource upload startup state: {}", PropertyUtils.getResUploadStartupState()); @@ -1188,6 +1294,13 @@ public org.springframework.core.io.Resource downloadResource(int resourceId) thr logger.error("download file not exist, resource id {}", resourceId); return null; } + + String funcPermissionKey = resource.getType().equals(ResourceType.FILE) ? ApiFuncIdentificationConstant.FILE_DOWNLOAD : ApiFuncIdentificationConstant.UDF_DOWNLOAD; + boolean canOperatorPermissions = canOperatorPermissions(loginUser, new Object[]{resourceId}, AuthorizationType.RESOURCE_FILE_ID, funcPermissionKey); + if (!canOperatorPermissions){ + logger.error("{}: {}", Status.NO_CURRENT_OPERATING_PERMISSION.getMsg(), PropertyUtils.getResUploadStartupState()); + throw new ServiceException(Status.NO_CURRENT_OPERATING_PERMISSION.getMsg()); + } if (resource.isDirectory()) { logger.error("resource id {} is directory,can't download it", resourceId); throw new ServiceException("can't download directory"); @@ -1234,6 +1347,10 @@ public org.springframework.core.io.Resource downloadResource(int resourceId) thr @Override public Map<String, Object> authorizeResourceTree(User loginUser, Integer userId) { Map<String, Object> result = new HashMap<>(); + if (!resourcePermissionCheckService.functionDisabled()){ + putMsg(result, Status.FUNCTION_DISABLED); + return result; + } List<Resource> resourceList; if (isAdmin(loginUser)) { @@ -1300,7 +1417,11 @@ public Map<String, Object> unauthorizedFile(User loginUser, Integer userId) { @Override public Map<String, Object> unauthorizedUDFFunction(User loginUser, Integer userId) { Map<String, Object> result = new HashMap<>(); - + if (!resourcePermissionCheckService.functionDisabled()){ + putMsg(result, Status.FUNCTION_DISABLED); + return result; + } + List<UdfFunc> udfFuncList; if (isAdmin(loginUser)) { // admin gets all udfs except userId @@ -1334,7 +1455,10 @@ public Map<String, Object> unauthorizedUDFFunction(User loginUser, Integer userI @Override public Map<String, Object> authorizedUDFFunction(User loginUser, Integer userId) { Map<String, Object> result = new HashMap<>(); - + if (!resourcePermissionCheckService.functionDisabled()){ + putMsg(result, Status.FUNCTION_DISABLED); + return result; + } List<UdfFunc> udfFuncs = udfFunctionMapper.queryAuthedUdfFunc(userId); result.put(Constants.DATA_LIST, udfFuncs); putMsg(result, Status.SUCCESS); @@ -1351,6 +1475,10 @@ public Map<String, Object> authorizedUDFFunction(User loginUser, Integer userId) @Override public Map<String, Object> authorizedFile(User loginUser, Integer userId) { Map<String, Object> result = new HashMap<>(); + if (!resourcePermissionCheckService.functionDisabled()){ + putMsg(result, Status.FUNCTION_DISABLED); + return result; + } List<Resource> authedResources = queryResourceList(userId, Constants.AUTHORIZE_WRITABLE_PERM); Visitor visitor = new ResourceTreeVisitor(authedResources); @@ -1472,5 +1600,4 @@ private List<Resource> queryResourceList(Integer userId, int perm) { List<Integer> resIds = resourceUserMapper.queryResourcesIdListByUserIdAndPerm(userId, perm); return CollectionUtils.isEmpty(resIds) ? new ArrayList<>() : resourcesMapper.queryResourceListById(resIds); } - }
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/TaskGroupQueueServiceImpl.java+8 −0 modified@@ -17,11 +17,13 @@ package org.apache.dolphinscheduler.api.service.impl; +import org.apache.dolphinscheduler.api.constants.ApiFuncIdentificationConstant; import org.apache.dolphinscheduler.api.enums.Status; import org.apache.dolphinscheduler.api.service.ProjectService; import org.apache.dolphinscheduler.api.service.TaskGroupQueueService; import org.apache.dolphinscheduler.api.utils.PageInfo; import org.apache.dolphinscheduler.common.Constants; +import org.apache.dolphinscheduler.common.enums.AuthorizationType; import org.apache.dolphinscheduler.dao.entity.Project; import org.apache.dolphinscheduler.dao.entity.TaskGroupQueue; import org.apache.dolphinscheduler.dao.entity.User; @@ -31,6 +33,7 @@ import java.util.HashMap; import java.util.List; import java.util.Map; +import java.util.Set; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -70,6 +73,11 @@ public class TaskGroupQueueServiceImpl extends BaseServiceImpl implements TaskGr public Map<String, Object> queryTasksByGroupId(User loginUser, String taskName , String processName, Integer status, int groupId, int pageNo, int pageSize) { Map<String, Object> result = new HashMap<>(); + boolean canOperatorPermissions = canOperatorPermissions(loginUser, null, AuthorizationType.TASK_GROUP, ApiFuncIdentificationConstant.TASK_GROUP_QUEUE); + if (!canOperatorPermissions){ + result.put(Constants.STATUS, Status.NO_CURRENT_OPERATING_PERMISSION); + return result; + } Page<TaskGroupQueue> page = new Page<>(pageNo, pageSize); Map<String, Object> objectMap = this.projectService.queryAuthorizedProject(loginUser, loginUser.getId()); List<Project> projects = (List<Project>)objectMap.get(Constants.DATA_LIST);
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/TaskGroupServiceImpl.java+47 −0 modified@@ -17,12 +17,14 @@ package org.apache.dolphinscheduler.api.service.impl; +import org.apache.dolphinscheduler.api.constants.ApiFuncIdentificationConstant; import org.apache.dolphinscheduler.api.enums.Status; import org.apache.dolphinscheduler.api.service.ExecutorService; import org.apache.dolphinscheduler.api.service.TaskGroupQueueService; import org.apache.dolphinscheduler.api.service.TaskGroupService; import org.apache.dolphinscheduler.api.utils.PageInfo; import org.apache.dolphinscheduler.common.Constants; +import org.apache.dolphinscheduler.common.enums.AuthorizationType; import org.apache.dolphinscheduler.common.enums.Flag; import org.apache.dolphinscheduler.dao.entity.TaskGroup; import org.apache.dolphinscheduler.dao.entity.User; @@ -77,6 +79,12 @@ public class TaskGroupServiceImpl extends BaseServiceImpl implements TaskGroupSe @Override public Map<String, Object> createTaskGroup(User loginUser, Long projectCode, String name, String description, int groupSize) { Map<String, Object> result = new HashMap<>(); + + boolean canOperatorPermissions = canOperatorPermissions(loginUser, null, AuthorizationType.TASK_GROUP, ApiFuncIdentificationConstant.TASK_GROUP_CREATE); + if (!canOperatorPermissions){ + putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION); + return result; + } if (name == null) { putMsg(result, Status.NAME_NULL); return result; @@ -117,6 +125,11 @@ public Map<String, Object> createTaskGroup(User loginUser, Long projectCode, Str @Override public Map<String, Object> updateTaskGroup(User loginUser, int id, String name, String description, int groupSize) { Map<String, Object> result = new HashMap<>(); + boolean canOperatorPermissions = canOperatorPermissions(loginUser, null, AuthorizationType.TASK_GROUP, ApiFuncIdentificationConstant.TASK_GROUP_EDIT); + if (!canOperatorPermissions){ + putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION); + return result; + } if (name == null) { putMsg(result, Status.NAME_NULL); return result; @@ -202,6 +215,12 @@ public Map<String, Object> queryTaskGroupByStatus(User loginUser, int pageNo, in public Map<String, Object> queryTaskGroupByProjectCode(User loginUser, int pageNo, int pageSize, Long projectCode) { Map<String, Object> result = new HashMap<>(); Page<TaskGroup> page = new Page<>(pageNo, pageSize); + + boolean canOperatorPermissions = canOperatorPermissions(loginUser, null, AuthorizationType.TASK_GROUP, ApiFuncIdentificationConstant.TASK_GROUP_VIEW); + if (!canOperatorPermissions){ + putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION); + return result; + } IPage<TaskGroup> taskGroupPaging = taskGroupMapper.queryTaskGroupPagingByProjectCode(page, projectCode); return getStringObjectMap(pageNo, pageSize, result, taskGroupPaging); @@ -249,6 +268,12 @@ public Map<String, Object> queryTaskGroupById(User loginUser, int id) { public Map<String, Object> doQuery(User loginUser, int pageNo, int pageSize, int userId, String name, Integer status) { Map<String, Object> result = new HashMap<>(); Page<TaskGroup> page = new Page<>(pageNo, pageSize); + + boolean canOperatorPermissions = canOperatorPermissions(loginUser, null, AuthorizationType.TASK_GROUP, ApiFuncIdentificationConstant.TASK_GROUP_VIEW); + if (!canOperatorPermissions){ + putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION); + return result; + } IPage<TaskGroup> taskGroupPaging = taskGroupMapper.queryTaskGroupPaging(page, userId, name, status); return getStringObjectMap(pageNo, pageSize, result, taskGroupPaging); @@ -264,6 +289,12 @@ public Map<String, Object> doQuery(User loginUser, int pageNo, int pageSize, int @Override public Map<String, Object> closeTaskGroup(User loginUser, int id) { Map<String, Object> result = new HashMap<>(); + + boolean canOperatorPermissions = canOperatorPermissions(loginUser, null, AuthorizationType.TASK_GROUP, ApiFuncIdentificationConstant.TASK_GROUP_CLOSE); + if (!canOperatorPermissions){ + putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION); + return result; + } TaskGroup taskGroup = taskGroupMapper.selectById(id); if (taskGroup.getStatus() == Flag.NO.getCode()) { putMsg(result, Status.TASK_GROUP_STATUS_CLOSED); @@ -286,6 +317,11 @@ public Map<String, Object> closeTaskGroup(User loginUser, int id) { public Map<String, Object> startTaskGroup(User loginUser, int id) { Map<String, Object> result = new HashMap<>(); + boolean canOperatorPermissions = canOperatorPermissions(loginUser, null, AuthorizationType.TASK_GROUP, ApiFuncIdentificationConstant.TASK_GROUP_CLOSE); + if (!canOperatorPermissions){ + putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION); + return result; + } TaskGroup taskGroup = taskGroupMapper.selectById(id); if (taskGroup.getStatus() == Flag.YES.getCode()) { putMsg(result, Status.TASK_GROUP_STATUS_OPENED); @@ -307,13 +343,24 @@ public Map<String, Object> startTaskGroup(User loginUser, int id) { */ @Override public Map<String, Object> forceStartTask(User loginUser, int queueId) { + Map<String, Object> result = new HashMap<>(); + boolean canOperatorPermissions = canOperatorPermissions(loginUser, null, AuthorizationType.TASK_GROUP, ApiFuncIdentificationConstant.TASK_GROUP_QUEUE_START); + if (!canOperatorPermissions){ + putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION); + return result; + } return executorService.forceStartTaskInstance(loginUser, queueId); } @Override public Map<String, Object> modifyPriority(User loginUser, Integer queueId, Integer priority) { Map<String, Object> result = new HashMap<>(); + boolean canOperatorPermissions = canOperatorPermissions(loginUser, null, AuthorizationType.TASK_GROUP, ApiFuncIdentificationConstant.TASK_GROUP_QUEUE_PRIORITY); + if (!canOperatorPermissions){ + putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION); + return result; + } taskGroupQueueService.modifyPriority(queueId, priority); putMsg(result, Status.SUCCESS); return result;
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UdfFuncServiceImpl.java+75 −31 modified@@ -17,11 +17,12 @@ package org.apache.dolphinscheduler.api.service.impl; +import org.apache.dolphinscheduler.api.constants.ApiFuncIdentificationConstant; import org.apache.dolphinscheduler.api.enums.Status; import org.apache.dolphinscheduler.api.service.UdfFuncService; import org.apache.dolphinscheduler.api.utils.PageInfo; import org.apache.dolphinscheduler.api.utils.Result; -import org.apache.dolphinscheduler.common.Constants; +import org.apache.dolphinscheduler.common.enums.AuthorizationType; import org.apache.dolphinscheduler.common.enums.UdfType; import org.apache.dolphinscheduler.common.utils.PropertyUtils; import org.apache.dolphinscheduler.dao.entity.Resource; @@ -33,10 +34,11 @@ import org.apache.commons.lang.StringUtils; +import java.util.ArrayList; +import java.util.Collections; import java.util.Date; -import java.util.HashMap; import java.util.List; -import java.util.Map; +import java.util.Set; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -88,6 +90,11 @@ public Result<Object> createUdfFunction(User loginUser, int resourceId) { Result<Object> result = new Result<>(); + boolean canOperatorPermissions = canOperatorPermissions(loginUser, null, AuthorizationType.UDF, ApiFuncIdentificationConstant.UDF_FUNCTION_CREATE); + if (!canOperatorPermissions){ + putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION); + return result; + } // if resource upload startup if (!PropertyUtils.getResUploadStartupState()) { logger.error("resource upload startup state: {}", PropertyUtils.getResUploadStartupState()); @@ -150,14 +157,19 @@ private boolean checkUdfFuncNameExists(String name) { * @return udf function detail */ @Override - public Map<String, Object> queryUdfFuncDetail(int id) { - Map<String, Object> result = new HashMap<>(); + public Result<Object> queryUdfFuncDetail(User loginUser, int id) { + Result<Object> result = new Result<>(); + boolean canOperatorPermissions = canOperatorPermissions(loginUser, new Object[]{id}, AuthorizationType.UDF, ApiFuncIdentificationConstant.UDF_FUNCTION_VIEW); + if (!canOperatorPermissions){ + putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION); + return result; + } UdfFunc udfFunc = udfFuncMapper.selectById(id); if (udfFunc == null) { putMsg(result, Status.RESOURCE_NOT_EXIST); return result; } - result.put(Constants.DATA_LIST, udfFunc); + result.setData(udfFunc); putMsg(result, Status.SUCCESS); return result; } @@ -176,21 +188,29 @@ public Map<String, Object> queryUdfFuncDetail(int id) { * @return update result code */ @Override - public Map<String, Object> updateUdfFunc(int udfFuncId, + public Result<Object> updateUdfFunc(User loginUser, + int udfFuncId, String funcName, String className, String argTypes, String database, String desc, UdfType type, int resourceId) { - Map<String, Object> result = new HashMap<>(); + Result<Object> result = new Result<>(); + + boolean canOperatorPermissions = canOperatorPermissions(loginUser, new Object[]{resourceId}, AuthorizationType.UDF, ApiFuncIdentificationConstant.UDF_FUNCTION_UPDATE); + if (!canOperatorPermissions){ + putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION); + return result; + } + // verify udfFunc is exist UdfFunc udf = udfFuncMapper.selectUdfById(udfFuncId); if (udf == null) { - result.put(Constants.STATUS, Status.UDF_FUNCTION_NOT_EXIST); - result.put(Constants.MSG, Status.UDF_FUNCTION_NOT_EXIST.getMsg()); + result.setCode(Status.UDF_FUNCTION_NOT_EXIST.getCode()); + result.setMsg(Status.UDF_FUNCTION_NOT_EXIST.getMsg()); return result; } @@ -205,17 +225,17 @@ public Map<String, Object> updateUdfFunc(int udfFuncId, if (!funcName.equals(udf.getFuncName())) { if (checkUdfFuncNameExists(funcName)) { logger.error("UdfFuncRequest {} has exist, can't create again.", funcName); - result.put(Constants.STATUS, Status.UDF_FUNCTION_EXISTS); - result.put(Constants.MSG, Status.UDF_FUNCTION_EXISTS.getMsg()); + result.setCode(Status.UDF_FUNCTION_EXISTS.getCode()); + result.setMsg(Status.UDF_FUNCTION_EXISTS.getMsg()); return result; } } Resource resource = resourceMapper.selectById(resourceId); if (resource == null) { logger.error("resourceId {} is not exist", resourceId); - result.put(Constants.STATUS, Status.RESOURCE_NOT_EXIST); - result.put(Constants.MSG, Status.RESOURCE_NOT_EXIST.getMsg()); + result.setCode(Status.RESOURCE_NOT_EXIST.getCode()); + result.setMsg(Status.RESOURCE_NOT_EXIST.getMsg()); return result; } Date now = new Date(); @@ -247,8 +267,13 @@ public Map<String, Object> updateUdfFunc(int udfFuncId, * @return udf function list page */ @Override - public Result queryUdfFuncListPaging(User loginUser, String searchVal, Integer pageNo, Integer pageSize) { - Result result = new Result(); + public Result<Object> queryUdfFuncListPaging(User loginUser, String searchVal, Integer pageNo, Integer pageSize) { + Result<Object> result = new Result(); + boolean canOperatorPermissions = canOperatorPermissions(loginUser, null, AuthorizationType.UDF, ApiFuncIdentificationConstant.UDF_FUNCTION_VIEW); + if (!canOperatorPermissions){ + putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION); + return result; + } PageInfo<UdfFunc> pageInfo = new PageInfo<>(pageNo, pageSize); IPage<UdfFunc> udfFuncList = getUdfFuncsPage(loginUser, searchVal, pageSize, pageNo); pageInfo.setTotal((int)udfFuncList.getTotal()); @@ -268,12 +293,12 @@ public Result queryUdfFuncListPaging(User loginUser, String searchVal, Integer p * @return udf function list page */ private IPage<UdfFunc> getUdfFuncsPage(User loginUser, String searchVal, Integer pageSize, int pageNo) { - int userId = loginUser.getId(); - if (isAdmin(loginUser)) { - userId = 0; - } + Set<Integer> udfFuncIds = resourcePermissionCheckService.userOwnedResourceIdsAcquisition(AuthorizationType.UDF, loginUser.getId(), logger); Page<UdfFunc> page = new Page<>(pageNo, pageSize); - return udfFuncMapper.queryUdfFuncPaging(page, userId, searchVal); + if (udfFuncIds.isEmpty()) { + return page; + } + return udfFuncMapper.queryUdfFuncPaging(page, new ArrayList<>(udfFuncIds), searchVal); } /** @@ -284,15 +309,23 @@ private IPage<UdfFunc> getUdfFuncsPage(User loginUser, String searchVal, Integer * @return udf func list */ @Override - public Map<String, Object> queryUdfFuncList(User loginUser, Integer type) { - Map<String, Object> result = new HashMap<>(); - int userId = loginUser.getId(); - if (isAdmin(loginUser)) { - userId = 0; + public Result<Object> queryUdfFuncList(User loginUser, Integer type) { + Result<Object> result = new Result<>(); + + boolean canOperatorPermissions = canOperatorPermissions(loginUser, null, AuthorizationType.UDF, ApiFuncIdentificationConstant.UDF_FUNCTION_VIEW); + if (!canOperatorPermissions){ + putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION); + return result; } - List<UdfFunc> udfFuncList = udfFuncMapper.getUdfFuncByType(userId, type); + Set<Integer> udfFuncIds = resourcePermissionCheckService.userOwnedResourceIdsAcquisition(AuthorizationType.UDF, loginUser.getId(), logger); + if (udfFuncIds.isEmpty()){ + result.setData(Collections.emptyList()); + putMsg(result, Status.SUCCESS); + return result; + } + List<UdfFunc> udfFuncList = udfFuncMapper.getUdfFuncByType(new ArrayList<>(udfFuncIds), type); - result.put(Constants.DATA_LIST, udfFuncList); + result.setData(udfFuncList); putMsg(result, Status.SUCCESS); return result; } @@ -305,8 +338,14 @@ public Map<String, Object> queryUdfFuncList(User loginUser, Integer type) { */ @Override @Transactional(rollbackFor = RuntimeException.class) - public Result<Object> delete(int id) { + public Result<Object> delete(User loginUser, int id) { Result<Object> result = new Result<>(); + + boolean canOperatorPermissions = canOperatorPermissions(loginUser, new Object[]{id}, AuthorizationType.UDF, ApiFuncIdentificationConstant.UDF_FUNCTION_DELETE); + if (!canOperatorPermissions){ + putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION); + return result; + } udfFuncMapper.deleteById(id); udfUserMapper.deleteByUdfFuncId(id); putMsg(result, Status.SUCCESS); @@ -320,14 +359,19 @@ public Result<Object> delete(int id) { * @return true if the name can user, otherwise return false */ @Override - public Result<Object> verifyUdfFuncByName(String name) { + public Result<Object> verifyUdfFuncByName(User loginUser, String name) { Result<Object> result = new Result<>(); + boolean canOperatorPermissions = canOperatorPermissions(loginUser, null, AuthorizationType.UDF, ApiFuncIdentificationConstant.UDF_FUNCTION_VIEW); + if (!canOperatorPermissions){ + putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION); + return result; + } + if (checkUdfFuncNameExists(name)) { putMsg(result, Status.UDF_FUNCTION_EXISTS); } else { putMsg(result, Status.SUCCESS); } return result; } - }
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UsersServiceImpl.java+21 −29 modified@@ -29,7 +29,6 @@ import org.apache.dolphinscheduler.api.utils.PageInfo; import org.apache.dolphinscheduler.api.utils.Result; import org.apache.dolphinscheduler.common.Constants; -import org.apache.dolphinscheduler.common.enums.AuthorizationType; import org.apache.dolphinscheduler.common.enums.Flag; import org.apache.dolphinscheduler.common.enums.UserType; import org.apache.dolphinscheduler.common.storage.StorageOperate; @@ -78,8 +77,6 @@ import java.util.Arrays; import java.util.stream.Collectors; -import static org.apache.dolphinscheduler.api.constants.ApiFuncIdentificationConstant.*; - /** * users service impl */ @@ -157,18 +154,18 @@ public Map<String, Object> createUser(User loginUser, //check all user params String msg = this.checkUserParams(userName, userPassword, email, phone); - if(resourcePermissionCheckService.functionDisabled()){ putMsg(result, Status.FUNCTION_DISABLED, msg); return result; } - if (!StringUtils.isEmpty(msg)) { - putMsg(result, Status.REQUEST_PARAMS_NOT_VALID_ERROR, msg); + if (!isAdmin(loginUser)) { + putMsg(result, Status.USER_NO_OPERATION_PERM); return result; } - if (!canOperatorPermissions(loginUser,null, AuthorizationType.USER,USERS_CREATE)) { - putMsg(result, Status.USER_NO_OPERATION_PERM); + + if (!StringUtils.isEmpty(msg)) { + putMsg(result, Status.REQUEST_PARAMS_NOT_VALID_ERROR, msg); return result; } @@ -334,15 +331,14 @@ public int getUserIdByName(String name) { @Override public Result<Object> queryUserList(User loginUser, String searchVal, Integer pageNo, Integer pageSize) { Result<Object> result = new Result<>(); - - if (!canOperatorPermissions(loginUser,null,AuthorizationType.USER,USER_MANAGER)) { - putMsg(result, Status.USER_NO_OPERATION_PERM); - return result; - } if(resourcePermissionCheckService.functionDisabled()){ putMsg(result, Status.FUNCTION_DISABLED); return result; } + if (!isAdmin(loginUser)) { + putMsg(result, Status.USER_NO_OPERATION_PERM); + return result; + } Page<User> page = new Page<>(pageNo, pageSize); @@ -389,8 +385,7 @@ public Map<String, Object> updateUser(User loginUser, int userId, putMsg(result, Status.FUNCTION_DISABLED); return result; } - - if (check(result, !canOperatorPermissions(loginUser,null,AuthorizationType.USER,USER_UPDATE), Status.USER_NO_OPERATION_PERM)) { + if (check(result, !canOperator(loginUser, userId), Status.USER_NO_OPERATION_PERM)) { return result; } User user = userMapper.selectById(userId); @@ -527,14 +522,12 @@ public Map<String, Object> updateUser(User loginUser, int userId, @Transactional(rollbackFor = RuntimeException.class) public Map<String, Object> deleteUserById(User loginUser, int id) throws IOException { Map<String, Object> result = new HashMap<>(); - if(resourcePermissionCheckService.functionDisabled()){ putMsg(result, Status.FUNCTION_DISABLED); return result; } - //only admin can operate - if (!canOperatorPermissions(loginUser,null,AuthorizationType.USER,USER_DELETE)) { + if (!isAdmin(loginUser)) { putMsg(result, Status.USER_NO_OPERATION_PERM, id); return result; } @@ -582,7 +575,6 @@ public Map<String, Object> grantProject(User loginUser, int userId, String proje putMsg(result, Status.FUNCTION_DISABLED); return result; } - //check exist User tempUser = userMapper.selectById(userId); if (tempUser == null) { @@ -643,7 +635,7 @@ public Map<String, Object> grantProjectByCode(final User loginUser, final int us } // 3. only project owner can operate - if (!this.canOperatorPermissions(loginUser,new Object[]{project.getId()},AuthorizationType.USER,null)) { + if (!this.canOperator(loginUser, project.getUserId())) { this.putMsg(result, Status.USER_NO_OPERATION_PERM); return result; } @@ -683,7 +675,7 @@ public Map<String, Object> revokeProject(User loginUser, int userId, long projec return result; } // 1. only admin can operate - if (this.check(result, !this.canOperatorPermissions(loginUser,null,AuthorizationType.USER,null), Status.USER_NO_OPERATION_PERM)) { + if (this.check(result, !this.isAdmin(loginUser), Status.USER_NO_OPERATION_PERM)) { return result; } @@ -871,7 +863,7 @@ public Map<String, Object> grantNamespaces(User loginUser, int userId, String na return result; } //only admin can operate - if (check(result, !canOperatorPermissions(loginUser,null,AuthorizationType.USER, null), Status.USER_NO_OPERATION_PERM)) { + if (this.check(result, !this.isAdmin(loginUser), Status.USER_NO_OPERATION_PERM)) { return result; } @@ -968,7 +960,7 @@ public Map<String, Object> getUserInfo(User loginUser) { return result; } User user = null; - if (canOperatorPermissions(loginUser,null,AuthorizationType.USER,USER_MANAGER)) { + if (loginUser.getUserType() == UserType.ADMIN_USER) { user = loginUser; } else { user = userMapper.queryDetailsById(loginUser.getId()); @@ -1011,7 +1003,7 @@ public Map<String, Object> queryAllGeneralUsers(User loginUser) { return result; } //only admin can operate - if (check(result, !canOperatorPermissions(loginUser,null,AuthorizationType.USER,USER_MANAGER), Status.USER_NO_OPERATION_PERM)) { + if (check(result, !isAdmin(loginUser), Status.USER_NO_OPERATION_PERM)) { return result; } @@ -1036,7 +1028,7 @@ public Map<String, Object> queryUserList(User loginUser) { return result; } //only admin can operate - if (check(result, !canOperatorPermissions(loginUser,null,AuthorizationType.USER,USER_MANAGER), Status.USER_NO_OPERATION_PERM)) { + if (check(result, !isAdmin(loginUser), Status.USER_NO_OPERATION_PERM)) { return result; } @@ -1083,7 +1075,7 @@ public Map<String, Object> unauthorizedUser(User loginUser, Integer alertgroupId return result; } //only admin can operate - if (check(result, !canOperatorPermissions(loginUser,null,AuthorizationType.USER,null), Status.USER_NO_OPERATION_PERM)) { + if (check(result, !isAdmin(loginUser), Status.USER_NO_OPERATION_PERM)) { return result; } @@ -1123,7 +1115,7 @@ public Map<String, Object> authorizedUser(User loginUser, Integer alertGroupId) return result; } //only admin can operate - if (check(result, !canOperatorPermissions(loginUser,null,AuthorizationType.USER,null), Status.USER_NO_OPERATION_PERM)) { + if (check(result, !isAdmin(loginUser), Status.USER_NO_OPERATION_PERM)) { return result; } List<User> userList = userMapper.queryUserListByAlertGroupId(alertGroupId); @@ -1259,7 +1251,7 @@ public Map<String, Object> activateUser(User loginUser, String userName) { putMsg(result, Status.FUNCTION_DISABLED); return result; } - if (!canOperatorPermissions(loginUser,null,AuthorizationType.USER,null)) { + if (!isAdmin(loginUser)) { putMsg(result, Status.USER_NO_OPERATION_PERM); return result; } @@ -1307,7 +1299,7 @@ public Map<String, Object> batchActivateUser(User loginUser, List<String> userNa putMsg(result, Status.FUNCTION_DISABLED); return result; } - if (!canOperatorPermissions(loginUser,null,AuthorizationType.USER,null)) { + if (!isAdmin(loginUser)) { putMsg(result, Status.USER_NO_OPERATION_PERM); return result; }
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/ResourcesService.java+6 −6 modified@@ -115,7 +115,7 @@ Result<Object> updateResource(User loginUser, * @param type resource type * @return resource list */ - Map<String, Object> queryResourceByProgramType(User loginUser, ResourceType type, ProgramType programType); + Result<Object> queryResourceByProgramType(User loginUser, ResourceType type, ProgramType programType); /** * delete resource @@ -143,7 +143,7 @@ Result<Object> updateResource(User loginUser, * @param type resource type * @return true if the resource full name or pid not exists, otherwise return false */ - Result<Object> queryResource(String fullName,Integer id,ResourceType type); + Result<Object> queryResource(User loginUser,String fullName,Integer id,ResourceType type); /** * view resource file online @@ -153,7 +153,7 @@ Result<Object> updateResource(User loginUser, * @param limit limit * @return resource content */ - Result<Object> readResource(int resourceId, int skipLineNum, int limit); + Result<Object> readResource(User loginUser,int resourceId, int skipLineNum, int limit); /** * create resource file online @@ -175,7 +175,7 @@ Result<Object> updateResource(User loginUser, * @param content content * @return update result cod */ - Result<Object> updateResourceContent(int resourceId, String content); + Result<Object> updateResourceContent(User loginUser,int resourceId, String content); /** * download file @@ -184,7 +184,7 @@ Result<Object> updateResource(User loginUser, * @return resource content * @throws IOException exception */ - org.springframework.core.io.Resource downloadResource(int resourceId) throws IOException; + org.springframework.core.io.Resource downloadResource(User loginUser, int resourceId) throws IOException; /** * list all file @@ -236,6 +236,6 @@ Result<Object> updateResource(User loginUser, * @param resourceId resource id * @return resource */ - Result<Object> queryResourceById(Integer resourceId); + Result<Object> queryResourceById(User loginUser, Integer resourceId); }
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/UdfFuncService.java+6 −5 modified@@ -56,7 +56,7 @@ Result<Object> createUdfFunction(User loginUser, * @param id udf function id * @return udf function detail */ - Map<String, Object> queryUdfFuncDetail(int id); + Result<Object> queryUdfFuncDetail(User loginUser,int id); /** * updateProcessInstance udf function @@ -71,7 +71,8 @@ Result<Object> createUdfFunction(User loginUser, * @param className class name * @return update result code */ - Map<String, Object> updateUdfFunc(int udfFuncId, + Result<Object> updateUdfFunc(User loginUser, + int udfFuncId, String funcName, String className, String argTypes, @@ -98,22 +99,22 @@ Map<String, Object> updateUdfFunc(int udfFuncId, * @param type udf type * @return udf func list */ - Map<String, Object> queryUdfFuncList(User loginUser, Integer type); + Result<Object> queryUdfFuncList(User loginUser, Integer type); /** * delete udf function * * @param id udf function id * @return delete result code */ - Result<Object> delete(int id); + Result<Object> delete(User loginUser, int id); /** * verify udf function by name * * @param name name * @return true if the name can user, otherwise return false */ - Result<Object> verifyUdfFuncByName(String name); + Result<Object> verifyUdfFuncByName(User loginUser, String name); } \ No newline at end of file
dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/controller/AbstractControllerTest.java+10 −0 modified@@ -22,6 +22,7 @@ import org.apache.dolphinscheduler.api.enums.Status; import org.apache.dolphinscheduler.api.service.SessionService; import org.apache.dolphinscheduler.api.service.UsersService; +import org.apache.dolphinscheduler.api.utils.Result; import org.apache.dolphinscheduler.common.Constants; import org.apache.dolphinscheduler.dao.DaoConfiguration; import org.apache.dolphinscheduler.dao.entity.User; @@ -107,6 +108,15 @@ public void putMsg(Map<String, Object> result, Status status, Object... statusPa } } + public void putMsg(Result<Object> result, Status status, Object... statusParams) { + result.setCode(status.getCode()); + if (statusParams != null && statusParams.length > 0) { + result.setMsg(MessageFormat.format(status.getMsg(), statusParams)); + } else { + result.setMsg(status.getMsg()); + } + } + @Configuration public static class RegistryServer { @PostConstruct
dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/controller/ResourcesControllerTest.java+13 −13 modified@@ -135,7 +135,7 @@ public void testVerifyResourceName() throws Exception { public void testViewResource() throws Exception { Result mockResult = new Result<>(); mockResult.setCode(Status.HDFS_NOT_STARTUP.getCode()); - PowerMockito.when(resourcesService.readResource(Mockito.anyInt(), Mockito.anyInt(), Mockito.anyInt())).thenReturn(mockResult); + PowerMockito.when(resourcesService.readResource(Mockito.any(), Mockito.anyInt(), Mockito.anyInt(), Mockito.anyInt())).thenReturn(mockResult); MultiValueMap<String, String> paramsMap = new LinkedMultiValueMap<>(); paramsMap.add("skipLineNum", "2"); @@ -188,7 +188,7 @@ public void testOnlineCreateResource() throws Exception { public void testUpdateResourceContent() throws Exception { Result mockResult = new Result<>(); mockResult.setCode(Status.TENANT_NOT_EXIST.getCode()); - PowerMockito.when(resourcesService.updateResourceContent(Mockito.anyInt(), Mockito.anyString())).thenReturn(mockResult); + PowerMockito.when(resourcesService.updateResourceContent(Mockito.any(), Mockito.anyInt(), Mockito.anyString())).thenReturn(mockResult); MultiValueMap<String, String> paramsMap = new LinkedMultiValueMap<>(); paramsMap.add("id", "1"); @@ -210,7 +210,7 @@ public void testUpdateResourceContent() throws Exception { @Test public void testDownloadResource() throws Exception { - PowerMockito.when(resourcesService.downloadResource(Mockito.anyInt())).thenReturn(null); + PowerMockito.when(resourcesService.downloadResource(Mockito.any(), Mockito.anyInt())).thenReturn(null); MvcResult mvcResult = mockMvc.perform(get("/resources/{id}/download", 5) .header(SESSION_ID, sessionId)) @@ -252,10 +252,10 @@ public void testCreateUdfFunc() throws Exception { @Test public void testViewUIUdfFunction() throws Exception { - Map<String, Object> mockResult = new HashMap<>(); - mockResult.put(Constants.STATUS, Status.TENANT_NOT_EXIST); + Result<Object> mockResult = new Result<>(); + putMsg(mockResult, Status.TENANT_NOT_EXIST); PowerMockito.when(udfFuncService - .queryUdfFuncDetail(Mockito.anyInt())) + .queryUdfFuncDetail(Mockito.any(), Mockito.anyInt())) .thenReturn(mockResult); MvcResult mvcResult = mockMvc.perform(get("/resources/{id}/udf-func", "123") @@ -272,10 +272,10 @@ public void testViewUIUdfFunction() throws Exception { @Test public void testUpdateUdfFunc() throws Exception { - Map<String, Object> mockResult = new HashMap<>(); - mockResult.put(Constants.STATUS, Status.TENANT_NOT_EXIST); + Result<Object> mockResult = new Result<>(); + mockResult.setCode(Status.TENANT_NOT_EXIST.getCode()); PowerMockito.when(udfFuncService - .updateUdfFunc(Mockito.anyInt(), Mockito.anyString(), Mockito.anyString(), Mockito.anyString(), Mockito.anyString(), Mockito.anyString(), Mockito.any(), Mockito.anyInt())) + .updateUdfFunc(Mockito.any(), Mockito.anyInt(), Mockito.anyString(), Mockito.anyString(), Mockito.anyString(), Mockito.anyString(), Mockito.anyString(), Mockito.any(), Mockito.anyInt())) .thenReturn(mockResult); MultiValueMap<String, String> paramsMap = new LinkedMultiValueMap<>(); @@ -327,8 +327,8 @@ public void testQueryUdfFuncList() throws Exception { @Test public void testQueryResourceList() throws Exception { - Map<String, Object> mockResult = new HashMap<>(); - mockResult.put(Constants.STATUS, Status.SUCCESS); + Result<Object> mockResult = new Result<>(); + mockResult.setCode(Status.SUCCESS.getCode()); PowerMockito.when(udfFuncService.queryUdfFuncList(Mockito.any(), Mockito.anyInt())).thenReturn(mockResult); MultiValueMap<String, String> paramsMap = new LinkedMultiValueMap<>(); @@ -351,7 +351,7 @@ public void testQueryResourceList() throws Exception { public void testVerifyUdfFuncName() throws Exception { Result mockResult = new Result<>(); mockResult.setCode(Status.SUCCESS.getCode()); - PowerMockito.when(udfFuncService.verifyUdfFuncByName(Mockito.anyString())).thenReturn(mockResult); + PowerMockito.when(udfFuncService.verifyUdfFuncByName(Mockito.any(), Mockito.anyString())).thenReturn(mockResult); MultiValueMap<String, String> paramsMap = new LinkedMultiValueMap<>(); paramsMap.add("name", "test"); @@ -439,7 +439,7 @@ public void testUnauthUDFFunc() throws Exception { public void testDeleteUdfFunc() throws Exception { Result mockResult = new Result<>(); mockResult.setCode(Status.SUCCESS.getCode()); - PowerMockito.when(udfFuncService.delete(Mockito.anyInt())).thenReturn(mockResult); + PowerMockito.when(udfFuncService.delete(Mockito.any(), Mockito.anyInt())).thenReturn(mockResult); MvcResult mvcResult = mockMvc.perform(delete("/resources/udf-func/{id}", "123") .header(SESSION_ID, sessionId))
dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/MonitorServiceTest.java+67 −7 modified@@ -17,21 +17,31 @@ package org.apache.dolphinscheduler.api.service; +import org.apache.dolphinscheduler.api.constants.ApiFuncIdentificationConstant; import org.apache.dolphinscheduler.api.enums.Status; +import org.apache.dolphinscheduler.api.service.impl.BaseServiceImpl; import org.apache.dolphinscheduler.api.service.impl.MonitorServiceImpl; import org.apache.dolphinscheduler.common.Constants; +import org.apache.dolphinscheduler.common.enums.AuthorizationType; +import org.apache.dolphinscheduler.common.enums.NodeType; +import org.apache.dolphinscheduler.common.enums.UserType; import org.apache.dolphinscheduler.common.model.Server; import org.apache.dolphinscheduler.dao.MonitorDBDao; import org.apache.dolphinscheduler.dao.entity.MonitorRecord; +import org.apache.dolphinscheduler.dao.entity.User; +import org.apache.dolphinscheduler.service.permission.ResourcePermissionCheckService; +import org.apache.dolphinscheduler.service.registry.RegistryClient; import org.apache.dolphinscheduler.spi.enums.DbType; import org.apache.commons.collections.CollectionUtils; import java.util.ArrayList; +import java.util.Date; import java.util.List; import java.util.Map; import org.junit.Assert; +import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; import org.mockito.InjectMocks; @@ -55,23 +65,60 @@ public class MonitorServiceTest { @Mock private MonitorDBDao monitorDBDao; + @Mock + private ResourcePermissionCheckService resourcePermissionCheckService; + + @Mock + private RegistryClient registryClient; + + private User user; + + public static final Logger serviceLogger = LoggerFactory.getLogger(BaseServiceImpl.class); + + @Before + public void init () { + user = new User(); + user.setUserType(UserType.ADMIN_USER); + user.setId(1); + } + @Test public void testQueryDatabaseState() { - + mockPermissionCheck(ApiFuncIdentificationConstant.MONITOR_DATABASES_VIEW, true); Mockito.when(monitorDBDao.queryDatabaseState()).thenReturn(getList()); - Map<String,Object> result = monitorService.queryDatabaseState(null); + Map<String,Object> result = monitorService.queryDatabaseState(user); logger.info(result.toString()); Assert.assertEquals(Status.SUCCESS,result.get(Constants.STATUS)); List<MonitorRecord> monitorRecordList = (List<MonitorRecord>) result.get(Constants.DATA_LIST); Assert.assertTrue(CollectionUtils.isNotEmpty(monitorRecordList)); + + mockPermissionCheck(ApiFuncIdentificationConstant.MONITOR_DATABASES_VIEW, false); + Map<String,Object> noPermission = monitorService.queryDatabaseState(user); + Assert.assertEquals(Status.NO_CURRENT_OPERATING_PERMISSION,noPermission.get(Constants.STATUS)); } @Test public void testQueryMaster() { - //TODO need zk - /*Map<String,Object> result = monitorService.queryMaster(null);*/ - /*logger.info(result.toString());*/ - /*Assert.assertEquals(Status.SUCCESS,result.get(Constants.STATUS));*/ + mockPermissionCheck(ApiFuncIdentificationConstant.MONITOR_MASTER_VIEW, true); + Mockito.when(registryClient.getServerList(NodeType.MASTER)).thenReturn(getServerList()); + Map<String, Object> result = monitorService.queryMaster(user); + Assert.assertEquals(Status.SUCCESS,result.get(Constants.STATUS)); + + mockPermissionCheck(ApiFuncIdentificationConstant.MONITOR_MASTER_VIEW, false); + Map<String,Object> noPermission = monitorService.queryMaster(user); + Assert.assertEquals(Status.NO_CURRENT_OPERATING_PERMISSION,noPermission.get(Constants.STATUS)); + } + + @Test + public void testQueryWorker() { + mockPermissionCheck(ApiFuncIdentificationConstant.MONITOR_WORKER_VIEW, true); + Mockito.when(registryClient.getServerList(NodeType.WORKER)).thenReturn(getServerList()); + Map<String, Object> result = monitorService.queryWorker(user); + Assert.assertEquals(Status.SUCCESS,result.get(Constants.STATUS)); + + mockPermissionCheck(ApiFuncIdentificationConstant.MONITOR_WORKER_VIEW, false); + Map<String,Object> noPermission = monitorService.queryWorker(user); + Assert.assertEquals(Status.NO_CURRENT_OPERATING_PERMISSION,noPermission.get(Constants.STATUS)); } @Test @@ -81,6 +128,11 @@ public void testGetServerListFromZK() { /*logger.info(serverList.toString());*/ } + private void mockPermissionCheck(String permissionKey, boolean result){ + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.MONITOR, 1, permissionKey, serviceLogger)).thenReturn(result); + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.MONITOR, null, 0, serviceLogger)).thenReturn(true); + } + private List<MonitorRecord> getList() { List<MonitorRecord> monitorRecordList = new ArrayList<>(); monitorRecordList.add(getEntity()); @@ -94,8 +146,16 @@ private MonitorRecord getEntity() { } private List<Server> getServerList() { + Server server = new Server(); + server.setId(1); + server.setHost("127.0.0.1"); + server.setZkDirectory("ws/server"); + server.setPort(123); + server.setCreateTime(new Date()); + server.setLastHeartbeatTime(new Date()); + List<Server> servers = new ArrayList<>(); - servers.add(new Server()); + servers.add(server); return servers; }
dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/ProjectServiceTest.java+2 −28 modified@@ -84,8 +84,8 @@ public void testCreateProject() { User loginUser = getLoginUser(); loginUser.setId(1); - Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.PROJECTS, loginUser.getId(), PROJECT_CREATE , baseServiceLogger)).thenReturn(true); - Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.PROJECTS, null, loginUser.getId(), baseServiceLogger)).thenReturn(true); + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.PROJECTS, 1, PROJECT_CREATE , baseServiceLogger)).thenReturn(true); + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.PROJECTS, null, 1, baseServiceLogger)).thenReturn(true); Map<String, Object> result = projectService.createProject(loginUser, projectName, getDesc()); logger.info(result.toString()); Assert.assertEquals(Status.REQUEST_PARAMS_NOT_VALID_ERROR, result.get(Constants.STATUS)); @@ -179,32 +179,6 @@ public void testHasProjectAndPerm() { Assert.assertTrue(checkResult); } -// @Test -// public void testQueryProjectListPaging() { -// IPage<Project> page = new Page<>(1, 10); -// page.setRecords(getList()); -// page.setTotal(1L); -// Set<Integer> set = new HashSet(); -// set.add(1); -// Mockito.when(projectMapper.queryProjectListPaging(Mockito.any(Page.class),Mockito.anySet().toArray(), Mockito.eq(projectName))).thenReturn(page); -// User loginUser = getLoginUser(); -// -// // project owner -// Mockito.when(resourcePermissionCheckService.userOwnedResourceIdsAcquisition(AuthorizationType.PROJECTS, loginUser.getId(), projectLogger)).thenReturn(set); -// Result result = projectService.queryProjectListPaging(loginUser, 10, 1, projectName); -// logger.info(result.toString()); -// PageInfo<Project> pageInfo = (PageInfo<Project>) result.getData(); -// Assert.assertTrue(CollectionUtils.isNotEmpty(pageInfo.getTotalList())); -// -// //admin -// Mockito.when(projectMapper.queryProjectListPaging(Mockito.any(Page.class), Mockito.anySet().toArray(), Mockito.eq(projectName))).thenReturn(page); -// loginUser.setUserType(UserType.ADMIN_USER); -// result = projectService.queryProjectListPaging(loginUser, 10, 1, projectName); -// logger.info(result.toString()); -// pageInfo = (PageInfo<Project>) result.getData(); -// Assert.assertTrue(CollectionUtils.isNotEmpty(pageInfo.getTotalList())); -// } - @Test public void testDeleteProject() { User loginUser = getLoginUser();
dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/ResourcesServiceTest.java+125 −17 modified@@ -19,11 +19,14 @@ import static org.mockito.ArgumentMatchers.eq; +import org.apache.dolphinscheduler.api.constants.ApiFuncIdentificationConstant; import org.apache.dolphinscheduler.api.enums.Status; +import org.apache.dolphinscheduler.api.service.impl.BaseServiceImpl; import org.apache.dolphinscheduler.api.service.impl.ResourcesServiceImpl; import org.apache.dolphinscheduler.api.utils.PageInfo; import org.apache.dolphinscheduler.api.utils.Result; import org.apache.dolphinscheduler.common.Constants; +import org.apache.dolphinscheduler.common.enums.AuthorizationType; import org.apache.dolphinscheduler.common.enums.UserType; import org.apache.dolphinscheduler.common.storage.StorageOperate; import org.apache.dolphinscheduler.common.utils.FileUtils; @@ -38,6 +41,7 @@ import org.apache.dolphinscheduler.dao.mapper.TenantMapper; import org.apache.dolphinscheduler.dao.mapper.UdfFuncMapper; import org.apache.dolphinscheduler.dao.mapper.UserMapper; +import org.apache.dolphinscheduler.service.permission.ResourcePermissionCheckService; import org.apache.dolphinscheduler.spi.enums.ResourceType; import org.apache.commons.collections.CollectionUtils; @@ -47,9 +51,11 @@ import java.util.Arrays; import java.util.Collections; import java.util.HashMap; +import java.util.HashSet; import java.util.List; import java.util.Map; import java.util.Random; +import java.util.Set; import org.junit.Assert; import org.junit.Before; @@ -106,6 +112,12 @@ public class ResourcesServiceTest { @Mock private ResourceUserMapper resourceUserMapper; + @Mock + private ResourcePermissionCheckService resourcePermissionCheckService; + + private static final Logger serviceLogger = LoggerFactory.getLogger(BaseServiceImpl.class); + + @Before public void setUp() { // PowerMockito.mockStatic(HadoopUtils.class); @@ -125,8 +137,13 @@ public void setUp() { @Test public void testCreateResource() { + PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 1, ApiFuncIdentificationConstant.FILE_ONLINE_CREATE, serviceLogger)).thenReturn(true); + PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, null, 1, serviceLogger)).thenReturn(true); + PowerMockito.when(PropertyUtils.getResUploadStartupState()).thenReturn(false); User user = new User(); + user.setId(1); + user.setUserType(UserType.GENERAL_USER); //HDFS_NOT_STARTUP Result result = resourcesService.createResource(user, "ResourcesServiceTest", "ResourcesServiceTest", ResourceType.FILE, null, -1, "/"); logger.info(result.toString()); @@ -148,13 +165,19 @@ public void testCreateResource() { Assert.assertEquals(Status.RESOURCE_SUFFIX_FORBID_CHANGE.getMsg(), result.getMsg()); //UDF_RESOURCE_SUFFIX_NOT_JAR + PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 1, ApiFuncIdentificationConstant.UDF_FOLDER_ONLINE_CREATE, serviceLogger)).thenReturn(true); + PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, null, 1, serviceLogger)).thenReturn(true); + mockMultipartFile = new MockMultipartFile("ResourcesServiceTest.pdf", "ResourcesServiceTest.pdf", "pdf", "test".getBytes()); PowerMockito.when(Files.getFileExtension("ResourcesServiceTest.pdf")).thenReturn("pdf"); result = resourcesService.createResource(user, "ResourcesServiceTest.pdf", "ResourcesServiceTest", ResourceType.UDF, mockMultipartFile, -1, "/"); logger.info(result.toString()); Assert.assertEquals(Status.UDF_RESOURCE_SUFFIX_NOT_JAR.getMsg(), result.getMsg()); //FULL_FILE_NAME_TOO_LONG + PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 1, ApiFuncIdentificationConstant.FILE_ONLINE_CREATE, serviceLogger)).thenReturn(true); + PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, null, 1, serviceLogger)).thenReturn(true); + String tooLongFileName = getRandomStringWithLength(Constants.RESOURCE_FULL_NAME_MAX_LENGTH) + ".pdf"; mockMultipartFile = new MockMultipartFile(tooLongFileName, tooLongFileName, "pdf", "test".getBytes()); PowerMockito.when(PropertyUtils.getResUploadStartupState()).thenReturn(true); @@ -166,9 +189,13 @@ public void testCreateResource() { @Test public void testCreateDirecotry() { + PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 1, ApiFuncIdentificationConstant.FOLDER_ONLINE_CREATE, serviceLogger)).thenReturn(true); + PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, null, 1, serviceLogger)).thenReturn(true); PowerMockito.when(PropertyUtils.getResUploadStartupState()).thenReturn(false); User user = new User(); + user.setId(1); + user.setUserType(UserType.GENERAL_USER); //HDFS_NOT_STARTUP Result result = resourcesService.createDirectory(user, "directoryTest", "directory test", ResourceType.FILE, -1, "/"); logger.info(result.toString()); @@ -181,6 +208,10 @@ public void testCreateDirecotry() { Mockito.when(tenantMapper.queryById(1)).thenReturn(getTenant()); PowerMockito.when(PropertyUtils.getResUploadStartupState()).thenReturn(true); Mockito.when(resourcesMapper.selectById(Mockito.anyInt())).thenReturn(null); + PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 1, ApiFuncIdentificationConstant.FOLDER_ONLINE_CREATE, serviceLogger)).thenReturn(true); + PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, null, 1, serviceLogger)).thenReturn(true); + PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 1, ApiFuncIdentificationConstant.FILE_RENAME, serviceLogger)).thenReturn(true); + result = resourcesService.createDirectory(user, "directoryTest", "directory test", ResourceType.FILE, 1, "/"); logger.info(result.toString()); Assert.assertEquals(Status.PARENT_RESOURCE_NOT_EXIST.getMsg(), result.getMsg()); @@ -196,21 +227,32 @@ public void testCreateDirecotry() { @Test public void testUpdateResource() { + PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 1, ApiFuncIdentificationConstant.FILE_UPDATE, serviceLogger)).thenReturn(true); + PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, new Object[]{1}, 1, serviceLogger)).thenReturn(true); + PowerMockito.when(PropertyUtils.getResUploadStartupState()).thenReturn(false); User user = new User(); + user.setId(1); + user.setUserType(UserType.GENERAL_USER); //HDFS_NOT_STARTUP Result result = resourcesService.updateResource(user, 1, "ResourcesServiceTest", "ResourcesServiceTest", ResourceType.FILE, null); logger.info(result.toString()); Assert.assertEquals(Status.STORAGE_NOT_STARTUP.getMsg(), result.getMsg()); //RESOURCE_NOT_EXIST + PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 1, ApiFuncIdentificationConstant.FILE_UPDATE, serviceLogger)).thenReturn(true); + PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, new Object[]{0}, 1, serviceLogger)).thenReturn(true); Mockito.when(resourcesMapper.selectById(1)).thenReturn(getResource()); PowerMockito.when(PropertyUtils.getResUploadStartupState()).thenReturn(true); result = resourcesService.updateResource(user, 0, "ResourcesServiceTest", "ResourcesServiceTest", ResourceType.FILE, null); logger.info(result.toString()); Assert.assertEquals(Status.RESOURCE_NOT_EXIST.getMsg(), result.getMsg()); //USER_NO_OPERATION_PERM + user.setId(2); + user.setUserType(UserType.GENERAL_USER); + PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 2, ApiFuncIdentificationConstant.FILE_UPDATE, serviceLogger)).thenReturn(true); + PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, new Object[]{1}, 2, serviceLogger)).thenReturn(true); result = resourcesService.updateResource(user, 1, "ResourcesServiceTest", "ResourcesServiceTest", ResourceType.FILE, null); logger.info(result.toString()); Assert.assertEquals(Status.USER_NO_OPERATION_PERM.getMsg(), result.getMsg()); @@ -221,6 +263,8 @@ public void testUpdateResource() { Mockito.when(tenantMapper.queryById(1)).thenReturn(getTenant()); PowerMockito.when(storageOperate.getFileName(Mockito.any(), Mockito.any(), Mockito.anyString())).thenReturn("test1"); + PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 1, ApiFuncIdentificationConstant.UDF_UPDATE, serviceLogger)).thenReturn(true); + PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, new Object[]{1}, 1, serviceLogger)).thenReturn(true); try { Mockito.when(storageOperate.exists(Mockito.any(), Mockito.any())).thenReturn(false); } catch (IOException e) { @@ -239,6 +283,8 @@ public void testUpdateResource() { logger.error(e.getMessage(), e); } + PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 1, ApiFuncIdentificationConstant.FILE_UPDATE, serviceLogger)).thenReturn(true); + PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, new Object[]{1}, 1, serviceLogger)).thenReturn(true); result = resourcesService.updateResource(user, 1, "ResourcesServiceTest.jar", "ResourcesServiceTest", ResourceType.FILE, null); logger.info(result.toString()); Assert.assertEquals(Status.SUCCESS.getMsg(), result.getMsg()); @@ -249,6 +295,8 @@ public void testUpdateResource() { logger.info(result.toString()); Assert.assertEquals(Status.RESOURCE_EXIST.getMsg(), result.getMsg()); //USER_NOT_EXIST + PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 1, ApiFuncIdentificationConstant.UDF_UPDATE, serviceLogger)).thenReturn(true); + PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, new Object[]{1}, 1, serviceLogger)).thenReturn(true); Mockito.when(userMapper.selectById(Mockito.anyInt())).thenReturn(null); result = resourcesService.updateResource(user, 1, "ResourcesServiceTest1.jar", "ResourcesServiceTest", ResourceType.UDF, null); logger.info(result.toString()); @@ -279,13 +327,17 @@ public void testUpdateResource() { @Test public void testQueryResourceListPaging() { User loginUser = new User(); + loginUser.setId(1); loginUser.setUserType(UserType.ADMIN_USER); IPage<Resource> resourcePage = new Page<>(1, 10); resourcePage.setTotal(1); resourcePage.setRecords(getResourceList()); - Mockito.when(resourcesMapper.queryResourcePaging(Mockito.any(Page.class), - eq(0), eq(-1), eq(0), eq("test"), Mockito.any())).thenReturn(resourcePage); + PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 1, ApiFuncIdentificationConstant.FILE_VIEW, serviceLogger)).thenReturn(true); + PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, null, 0, serviceLogger)).thenReturn(true); + PowerMockito.when(resourcePermissionCheckService.userOwnedResourceIdsAcquisition(AuthorizationType.RESOURCE_FILE_ID, 1, serviceLogger)).thenReturn(getSetIds()); + + Mockito.when(resourcesMapper.queryResourcePaging(Mockito.any(Page.class), eq(-1), eq(0), eq(1), eq("test"), Mockito.any())).thenReturn(resourcePage); Result result = resourcesService.queryResourceListPaging(loginUser, -1, ResourceType.FILE, "test", 1, 10); logger.info(result.toString()); Assert.assertEquals(Status.SUCCESS.getCode(), (int) result.getCode()); @@ -299,6 +351,11 @@ public void testQueryResourceList() { User loginUser = new User(); loginUser.setId(0); loginUser.setUserType(UserType.ADMIN_USER); + + PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 0, ApiFuncIdentificationConstant.FILE_VIEW, serviceLogger)).thenReturn(true); + PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, null, 0, serviceLogger)).thenReturn(true); + PowerMockito.when(resourcePermissionCheckService.userOwnedResourceIdsAcquisition(AuthorizationType.RESOURCE_FILE_ID, 0, serviceLogger)).thenReturn(getSetIds()); + Mockito.when(resourcesMapper.queryResourceListAuthored(0, 0)).thenReturn(getResourceList()); Map<String, Object> result = resourcesService.queryResourceList(loginUser, ResourceType.FILE); logger.info(result.toString()); @@ -307,6 +364,9 @@ public void testQueryResourceList() { Assert.assertTrue(CollectionUtils.isNotEmpty(resourceList)); // test udf + PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 0, ApiFuncIdentificationConstant.UDF_FILE_VIEW, serviceLogger)).thenReturn(true); + PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, null, 0, serviceLogger)).thenReturn(true); + PowerMockito.when(resourcePermissionCheckService.userOwnedResourceIdsAcquisition(AuthorizationType.RESOURCE_FILE_ID, 0, serviceLogger)).thenReturn(getSetIds()); loginUser.setUserType(UserType.GENERAL_USER); Mockito.when(resourceUserMapper.queryResourcesIdListByUserIdAndPerm(0, 0)) .thenReturn(Arrays.asList(Integer.valueOf(10), Integer.valueOf(11))); @@ -325,9 +385,13 @@ public void testDelete() { User loginUser = new User(); loginUser.setId(0); + loginUser.setUserType(UserType.GENERAL_USER); PowerMockito.when(PropertyUtils.getResUploadStartupState()).thenReturn(false); + Mockito.when(resourcesMapper.selectById(1)).thenReturn(getResource()); Mockito.when(tenantMapper.queryById(1)).thenReturn(getTenant()); + PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 0, ApiFuncIdentificationConstant.FILE_DELETE, serviceLogger)).thenReturn(true); + PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, new Object[]{1}, 0, serviceLogger)).thenReturn(true); try { // HDFS_NOT_STARTUP Result result = resourcesService.delete(loginUser, 1); @@ -337,6 +401,9 @@ public void testDelete() { //RESOURCE_NOT_EXIST PowerMockito.when(PropertyUtils.getResUploadStartupState()).thenReturn(true); Mockito.when(resourcesMapper.selectById(1)).thenReturn(getResource()); + + PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 0, ApiFuncIdentificationConstant.FILE_DELETE, serviceLogger)).thenReturn(true); + PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, new Object[]{2}, 0, serviceLogger)).thenReturn(true); result = resourcesService.delete(loginUser, 2); logger.info(result.toString()); Assert.assertEquals(Status.RESOURCE_NOT_EXIST.getMsg(), result.getMsg()); @@ -350,6 +417,8 @@ public void testDelete() { loginUser.setUserType(UserType.ADMIN_USER); loginUser.setTenantId(2); Mockito.when(userMapper.selectById(Mockito.anyInt())).thenReturn(loginUser); + PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 0, ApiFuncIdentificationConstant.FILE_DELETE, serviceLogger)).thenReturn(true); + PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, new Object[]{1}, 0, serviceLogger)).thenReturn(true); result = resourcesService.delete(loginUser, 1); logger.info(result.toString()); Assert.assertEquals(Status.CURRENT_LOGIN_USER_TENANT_NOT_EXIST.getMsg(), result.getMsg()); @@ -373,8 +442,11 @@ public void testDelete() { @Test public void testVerifyResourceName() { + PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 1, ApiFuncIdentificationConstant.FILE_RENAME, serviceLogger)).thenReturn(true); + PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, null, 1, serviceLogger)).thenReturn(true); User user = new User(); user.setId(1); + user.setUserType(UserType.GENERAL_USER); Mockito.when(resourcesMapper.existResource("/ResourcesServiceTest.jar", 0)).thenReturn(true); Result result = resourcesService.verifyResourceName("/ResourcesServiceTest.jar", ResourceType.FILE, user); logger.info(result.toString()); @@ -414,37 +486,43 @@ public void testVerifyResourceName() { @Test public void testReadResource() { + PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 1, ApiFuncIdentificationConstant.FILE_VIEW, serviceLogger)).thenReturn(true); + PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, new Object[]{1}, 1, serviceLogger)).thenReturn(true); PowerMockito.when(PropertyUtils.getResUploadStartupState()).thenReturn(false); //HDFS_NOT_STARTUP - Result result = resourcesService.readResource(1, 1, 10); + Result result = resourcesService.readResource(getUser(), 1, 1, 10); logger.info(result.toString()); Assert.assertEquals(Status.STORAGE_NOT_STARTUP.getMsg(), result.getMsg()); //RESOURCE_NOT_EXIST Mockito.when(resourcesMapper.selectById(1)).thenReturn(getResource()); PowerMockito.when(PropertyUtils.getResUploadStartupState()).thenReturn(true); - result = resourcesService.readResource(2, 1, 10); + PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 1, ApiFuncIdentificationConstant.FILE_VIEW, serviceLogger)).thenReturn(true); + PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, new Object[]{2}, 1, serviceLogger)).thenReturn(true); + result = resourcesService.readResource(getUser(), 2, 1, 10); logger.info(result.toString()); Assert.assertEquals(Status.RESOURCE_NOT_EXIST.getMsg(), result.getMsg()); //RESOURCE_SUFFIX_NOT_SUPPORT_VIEW + PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 1, ApiFuncIdentificationConstant.FILE_VIEW, serviceLogger)).thenReturn(true); + PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, new Object[]{1}, 1, serviceLogger)).thenReturn(true); PowerMockito.when(FileUtils.getResourceViewSuffixes()).thenReturn("class"); PowerMockito.when(PropertyUtils.getResUploadStartupState()).thenReturn(true); - result = resourcesService.readResource(1, 1, 10); + result = resourcesService.readResource(getUser(), 1, 1, 10); logger.info(result.toString()); Assert.assertEquals(Status.RESOURCE_SUFFIX_NOT_SUPPORT_VIEW.getMsg(), result.getMsg()); //USER_NOT_EXIST PowerMockito.when(FileUtils.getResourceViewSuffixes()).thenReturn("jar"); PowerMockito.when(Files.getFileExtension("ResourcesServiceTest.jar")).thenReturn("jar"); - result = resourcesService.readResource(1, 1, 10); + result = resourcesService.readResource(getUser(), 1, 1, 10); logger.info(result.toString()); Assert.assertEquals(Status.USER_NOT_EXIST.getCode(), (int) result.getCode()); //TENANT_NOT_EXIST Mockito.when(userMapper.selectById(1)).thenReturn(getUser()); - result = resourcesService.readResource(1, 1, 10); + result = resourcesService.readResource(getUser(), 1, 1, 10); logger.info(result.toString()); Assert.assertEquals(Status.CURRENT_LOGIN_USER_TENANT_NOT_EXIST.getMsg(), result.getMsg()); @@ -455,7 +533,7 @@ public void testReadResource() { } catch (IOException e) { logger.error("hadoop error", e); } - result = resourcesService.readResource(1, 1, 10); + result = resourcesService.readResource(getUser(), 1, 1, 10); logger.info(result.toString()); Assert.assertEquals(Status.RESOURCE_FILE_NOT_EXIST.getCode(), (int) result.getCode()); @@ -467,7 +545,7 @@ public void testReadResource() { } catch (IOException e) { logger.error("storage error", e); } - result = resourcesService.readResource(1, 1, 10); + result = resourcesService.readResource(getUser(), 1, 1, 10); logger.info(result.toString()); Assert.assertEquals(Status.SUCCESS.getMsg(), result.getMsg()); @@ -476,10 +554,14 @@ public void testReadResource() { @Test public void testOnlineCreateResource() { + PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 1, ApiFuncIdentificationConstant.FILE_ONLINE_CREATE, serviceLogger)).thenReturn(true); + PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, null, 1, serviceLogger)).thenReturn(true); + PowerMockito.when(PropertyUtils.getResUploadStartupState()).thenReturn(false); PowerMockito.when(storageOperate.getResourceFileName(Mockito.anyString(), eq("hdfsdDir"))).thenReturn("hdfsDir"); PowerMockito.when(storageOperate.getUdfDir("udfDir")).thenReturn("udfDir"); User user = getUser(); + user.setId(1); //HDFS_NOT_STARTUP Result result = resourcesService.onlineCreateResource(user, ResourceType.FILE, "test", "jar", "desc", "content", -1, "/"); logger.info(result.toString()); @@ -503,6 +585,9 @@ public void testOnlineCreateResource() { } //SUCCESS + PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 1, ApiFuncIdentificationConstant.FILE_RENAME, serviceLogger)).thenReturn(true); + PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, null, 1, serviceLogger)).thenReturn(true); + Mockito.when(FileUtils.getUploadFilename(Mockito.anyString(), Mockito.anyString())).thenReturn("test"); PowerMockito.when(FileUtils.writeContent2File(Mockito.anyString(), Mockito.anyString())).thenReturn(true); result = resourcesService.onlineCreateResource(user, ResourceType.FILE, "test", "jar", "desc", "content", -1, "/"); @@ -516,61 +601,71 @@ public void testUpdateResourceContent() { PowerMockito.when(PropertyUtils.getResUploadStartupState()).thenReturn(false); // HDFS_NOT_STARTUP - Result result = resourcesService.updateResourceContent(1, "content"); + PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 1, ApiFuncIdentificationConstant.FILE_UPDATE, serviceLogger)).thenReturn(true); + PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, new Object[]{1}, 1, serviceLogger)).thenReturn(true); + + Result result = resourcesService.updateResourceContent(getUser(), 1, "content"); logger.info(result.toString()); Assert.assertEquals(Status.STORAGE_NOT_STARTUP.getMsg(), result.getMsg()); //RESOURCE_NOT_EXIST + PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 1, ApiFuncIdentificationConstant.FILE_UPDATE, serviceLogger)).thenReturn(true); + PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, new Object[]{2}, 1, serviceLogger)).thenReturn(true); PowerMockito.when(PropertyUtils.getResUploadStartupState()).thenReturn(true); Mockito.when(resourcesMapper.selectById(1)).thenReturn(getResource()); - result = resourcesService.updateResourceContent(2, "content"); + result = resourcesService.updateResourceContent(getUser(), 2, "content"); logger.info(result.toString()); Assert.assertEquals(Status.RESOURCE_NOT_EXIST.getMsg(), result.getMsg()); //RESOURCE_SUFFIX_NOT_SUPPORT_VIEW + PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 1, ApiFuncIdentificationConstant.FILE_UPDATE, serviceLogger)).thenReturn(true); + PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, new Object[]{1}, 1, serviceLogger)).thenReturn(true); PowerMockito.when(PropertyUtils.getResUploadStartupState()).thenReturn(true); PowerMockito.when(FileUtils.getResourceViewSuffixes()).thenReturn("class"); - result = resourcesService.updateResourceContent(1, "content"); + result = resourcesService.updateResourceContent(getUser(), 1, "content"); logger.info(result.toString()); Assert.assertEquals(Status.RESOURCE_SUFFIX_NOT_SUPPORT_VIEW.getMsg(), result.getMsg()); //USER_NOT_EXIST PowerMockito.when(FileUtils.getResourceViewSuffixes()).thenReturn("jar"); PowerMockito.when(Files.getFileExtension("ResourcesServiceTest.jar")).thenReturn("jar"); - result = resourcesService.updateResourceContent(1, "content"); + result = resourcesService.updateResourceContent(getUser(), 1, "content"); logger.info(result.toString()); Assert.assertTrue(Status.USER_NOT_EXIST.getCode() == result.getCode()); //TENANT_NOT_EXIST Mockito.when(userMapper.selectById(1)).thenReturn(getUser()); - result = resourcesService.updateResourceContent(1, "content"); + result = resourcesService.updateResourceContent(getUser(), 1, "content"); logger.info(result.toString()); Assert.assertTrue(Status.CURRENT_LOGIN_USER_TENANT_NOT_EXIST.getCode() == result.getCode()); //SUCCESS Mockito.when(tenantMapper.queryById(1)).thenReturn(getTenant()); Mockito.when(FileUtils.getUploadFilename(Mockito.anyString(), Mockito.anyString())).thenReturn("test"); PowerMockito.when(FileUtils.writeContent2File(Mockito.anyString(), Mockito.anyString())).thenReturn(true); - result = resourcesService.updateResourceContent(1, "content"); + result = resourcesService.updateResourceContent(getUser(), 1, "content"); logger.info(result.toString()); Assert.assertEquals(Status.SUCCESS.getMsg(), result.getMsg()); } @Test public void testDownloadResource() { + PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.RESOURCE_FILE_ID, 1, ApiFuncIdentificationConstant.FILE_DOWNLOAD, serviceLogger)).thenReturn(true); + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.RESOURCE_FILE_ID, new Object[]{1}, 1, serviceLogger)).thenReturn(true); + PowerMockito.when(PropertyUtils.getResUploadStartupState()).thenReturn(true); Mockito.when(tenantMapper.queryById(1)).thenReturn(getTenant()); Mockito.when(userMapper.selectById(1)).thenReturn(getUser()); org.springframework.core.io.Resource resourceMock = Mockito.mock(org.springframework.core.io.Resource.class); try { //resource null - org.springframework.core.io.Resource resource = resourcesService.downloadResource(1); + org.springframework.core.io.Resource resource = resourcesService.downloadResource(getUser(), 1); Assert.assertNull(resource); Mockito.when(resourcesMapper.selectById(1)).thenReturn(getResource()); PowerMockito.when(org.apache.dolphinscheduler.api.utils.FileUtils.file2Resource(Mockito.any())).thenReturn(resourceMock); - resource = resourcesService.downloadResource(1); + resource = resourcesService.downloadResource(getUser(), 1); Assert.assertNotNull(resource); } catch (Exception e) { logger.error("DownloadResource error", e); @@ -589,6 +684,7 @@ public void testAuthorizeResourceTree() { // test admin user List<Integer> resIds = new ArrayList<>(); resIds.add(1); + Mockito.when(resourcePermissionCheckService.functionDisabled()).thenReturn(true); Mockito.when(resourcesMapper.queryResourceExceptUserId(userId)).thenReturn(getResourceList()); Map<String, Object> result = resourcesService.authorizeResourceTree(user, userId); logger.info(result.toString()); @@ -617,6 +713,7 @@ public void testUnauthorizedFile() { // test admin user List<Integer> resIds = new ArrayList<>(); resIds.add(1); + Mockito.when(resourcePermissionCheckService.functionDisabled()).thenReturn(true); Mockito.when(resourcesMapper.queryResourceExceptUserId(userId)).thenReturn(getResourceList()); Mockito.when(resourceUserMapper.queryResourcesIdListByUserIdAndPerm(Mockito.anyInt(), Mockito.anyInt())).thenReturn(resIds); Mockito.when(resourcesMapper.queryResourceListById(Mockito.any())).thenReturn(getSingleResourceList()); @@ -645,6 +742,7 @@ public void testUnauthorizedUDFFunction() { int userId = 3; // test admin user + Mockito.when(resourcePermissionCheckService.functionDisabled()).thenReturn(true); Mockito.when(udfFunctionMapper.queryUdfFuncExceptUserId(userId)).thenReturn(getUdfFuncList()); Mockito.when(udfFunctionMapper.queryAuthedUdfFunc(userId)).thenReturn(getSingleUdfFuncList()); Map<String, Object> result = resourcesService.unauthorizedUDFFunction(user, userId); @@ -671,6 +769,7 @@ public void testAuthorizedUDFFunction() { int userId = 3; // test admin user + Mockito.when(resourcePermissionCheckService.functionDisabled()).thenReturn(true); Mockito.when(udfFunctionMapper.queryAuthedUdfFunc(userId)).thenReturn(getUdfFuncList()); Map<String, Object> result = resourcesService.authorizedUDFFunction(user, userId); logger.info(result.toString()); @@ -699,6 +798,7 @@ public void testAuthorizedFile() { // test admin user List<Integer> resIds = new ArrayList<>(); resIds.add(1); + Mockito.when(resourcePermissionCheckService.functionDisabled()).thenReturn(true); Mockito.when(resourceUserMapper.queryResourcesIdListByUserIdAndPerm(Mockito.anyInt(), Mockito.anyInt())).thenReturn(resIds); Mockito.when(resourcesMapper.queryResourceListById(Mockito.any())).thenReturn(getResourceList()); Map<String, Object> result = resourcesService.authorizedFile(user, userId); @@ -745,6 +845,13 @@ private List<Resource> getResourceList() { return resources; } + private Set<Integer> getSetIds() { + + Set<Integer> resources = new HashSet<>(); + resources.add(1); + return resources; + } + private List<Resource> getSingleResourceList() { return Collections.singletonList(getResource(1)); } @@ -834,6 +941,7 @@ private List<UdfFunc> getSingleUdfFuncList() { private User getUser() { User user = new User(); user.setId(1); + user.setUserType(UserType.GENERAL_USER); user.setTenantId(1); user.setTenantCode("tenantCode"); return user;
dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/TaskGroupServiceTest.java+33 −1 modified@@ -17,23 +17,26 @@ package org.apache.dolphinscheduler.api.service; +import org.apache.dolphinscheduler.api.constants.ApiFuncIdentificationConstant; import org.apache.dolphinscheduler.api.enums.Status; +import org.apache.dolphinscheduler.api.service.impl.BaseServiceImpl; import org.apache.dolphinscheduler.api.service.impl.TaskGroupServiceImpl; import org.apache.dolphinscheduler.api.utils.PageInfo; import org.apache.dolphinscheduler.common.Constants; +import org.apache.dolphinscheduler.common.enums.AuthorizationType; import org.apache.dolphinscheduler.common.enums.Flag; import org.apache.dolphinscheduler.common.enums.UserType; import org.apache.dolphinscheduler.dao.entity.TaskGroup; import org.apache.dolphinscheduler.dao.entity.User; import org.apache.dolphinscheduler.dao.mapper.TaskGroupMapper; import org.apache.dolphinscheduler.dao.mapper.TaskGroupQueueMapper; import org.apache.dolphinscheduler.dao.mapper.UserMapper; +import org.apache.dolphinscheduler.service.permission.ResourcePermissionCheckService; import org.apache.dolphinscheduler.service.process.ProcessService; import java.util.ArrayList; import java.util.List; import java.util.Map; -import java.util.TreeMap; import org.junit.Assert; import org.junit.Test; @@ -80,6 +83,11 @@ public class TaskGroupServiceTest { private String userName = "taskGroupServiceTest"; + @Mock + private ResourcePermissionCheckService resourcePermissionCheckService; + + private static final Logger serviceLogger = LoggerFactory.getLogger(BaseServiceImpl.class); + /** * create admin user */ @@ -103,10 +111,27 @@ private List<TaskGroup> getList() { return list; } + @Test + public void forceStartTask() { + User loginUser = getLoginUser(); + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.TASK_GROUP, loginUser.getId(), ApiFuncIdentificationConstant.TASK_GROUP_QUEUE_START, serviceLogger)).thenReturn(false); + Map<String, Object> objectMap = taskGroupService.forceStartTask(loginUser, 1); + Assert.assertEquals(Status.NO_CURRENT_OPERATING_PERMISSION, objectMap.get(Constants.STATUS)); + } + + @Test + public void modifyPriority() { + User loginUser = getLoginUser(); + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.TASK_GROUP, loginUser.getId(), ApiFuncIdentificationConstant.TASK_GROUP_QUEUE_PRIORITY, serviceLogger)).thenReturn(false); + Map<String, Object> objectMap = taskGroupService.modifyPriority(loginUser, 1, 1); + Assert.assertEquals(Status.NO_CURRENT_OPERATING_PERMISSION, objectMap.get(Constants.STATUS)); + } + @Test public void testCreate() { User loginUser = getLoginUser(); TaskGroup taskGroup = getTaskGroup(); + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.TASK_GROUP, loginUser.getId(), ApiFuncIdentificationConstant.TASK_GROUP_CREATE, serviceLogger)).thenReturn(true); Mockito.when(taskGroupMapper.insert(taskGroup)).thenReturn(1); Mockito.when(taskGroupMapper.queryByName(loginUser.getId(), taskGroupName)).thenReturn(null); Map<String, Object> result = taskGroupService.createTaskGroup(loginUser,0L, taskGroupName, taskGroupDesc, 100); @@ -129,6 +154,8 @@ public void testQueryProjectListPaging() { IPage<TaskGroup> page = new Page<>(1, 10); page.setRecords(getList()); User loginUser = getLoginUser(); + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.TASK_GROUP, loginUser.getId(), ApiFuncIdentificationConstant.TASK_GROUP_VIEW, serviceLogger)).thenReturn(true); + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.TASK_GROUP, null, 0, serviceLogger)).thenReturn(true); Mockito.when(taskGroupMapper.queryTaskGroupPaging(Mockito.any(Page.class), Mockito.eq(10), Mockito.eq(null), Mockito.eq(0))).thenReturn(page); @@ -145,6 +172,9 @@ public void testUpdate() { TaskGroup taskGroup = getTaskGroup(); taskGroup.setStatus(Flag.YES.getCode()); // Task group status error + + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.TASK_GROUP, loginUser.getId(), ApiFuncIdentificationConstant.TASK_GROUP_EDIT, serviceLogger)).thenReturn(true); + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.TASK_GROUP, null, 0, serviceLogger)).thenReturn(true); Mockito.when(taskGroupMapper.selectById(1)).thenReturn(taskGroup); Map<String, Object> result = taskGroupService.updateTaskGroup(loginUser, 1, "newName", "desc", 100); logger.info(result.toString()); @@ -161,6 +191,8 @@ public void testCloseAndStart() { Mockito.when(taskGroupMapper.selectById(1)).thenReturn(taskGroup); //close failed + Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.TASK_GROUP, loginUser.getId(), ApiFuncIdentificationConstant.TASK_GROUP_CLOSE, serviceLogger)).thenReturn(true); + Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.TASK_GROUP, null, 0, serviceLogger)).thenReturn(true); Map<String, Object> result = taskGroupService.closeTaskGroup(loginUser, 1); Assert.assertEquals(Status.SUCCESS, result.get(Constants.STATUS));
dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/UdfFuncServiceTest.java+64 −22 modified@@ -17,11 +17,13 @@ package org.apache.dolphinscheduler.api.service; +import org.apache.dolphinscheduler.api.constants.ApiFuncIdentificationConstant; import org.apache.dolphinscheduler.api.enums.Status; +import org.apache.dolphinscheduler.api.service.impl.BaseServiceImpl; import org.apache.dolphinscheduler.api.service.impl.UdfFuncServiceImpl; import org.apache.dolphinscheduler.api.utils.PageInfo; import org.apache.dolphinscheduler.api.utils.Result; -import org.apache.dolphinscheduler.common.Constants; +import org.apache.dolphinscheduler.common.enums.AuthorizationType; import org.apache.dolphinscheduler.common.enums.UdfType; import org.apache.dolphinscheduler.common.enums.UserType; import org.apache.dolphinscheduler.common.utils.PropertyUtils; @@ -35,10 +37,13 @@ import org.apache.commons.collections.CollectionUtils; import java.util.ArrayList; +import java.util.Collections; import java.util.Date; +import java.util.HashSet; import java.util.List; -import java.util.Map; +import java.util.Set; +import org.apache.dolphinscheduler.service.permission.ResourcePermissionCheckService; import org.junit.Assert; import org.junit.Before; import org.junit.Test; @@ -81,9 +86,17 @@ public void setUp() { PowerMockito.mockStatic(PropertyUtils.class); } + @Mock + private ResourcePermissionCheckService resourcePermissionCheckService; + + private static final Logger serviceLogger = LoggerFactory.getLogger(BaseServiceImpl.class); + private static final Logger udfLogger = LoggerFactory.getLogger(UdfFuncServiceImpl.class); + @Test public void testCreateUdfFunction() { + PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.UDF, 1, ApiFuncIdentificationConstant.UDF_FUNCTION_CREATE, serviceLogger)).thenReturn(true); + PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.UDF, null, 0, serviceLogger)).thenReturn(true); PowerMockito.when(PropertyUtils.getResUploadStartupState()).thenReturn(false); //hdfs not start Result result = udfFuncService.createUdfFunction(getLoginUser(), "UdfFuncServiceTest", "org.apache.dolphinscheduler.api.service.UdfFuncServiceTest", "String", @@ -107,15 +120,19 @@ public void testCreateUdfFunction() { @Test public void testQueryUdfFuncDetail() { + PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.UDF, 1, ApiFuncIdentificationConstant.UDF_FUNCTION_VIEW, serviceLogger)).thenReturn(true); + PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.UDF, new Object[]{2}, 0, serviceLogger)).thenReturn(true); PowerMockito.when(udfFuncMapper.selectById(1)).thenReturn(getUdfFunc()); //resource not exist - Map<String, Object> result = udfFuncService.queryUdfFuncDetail(2); + Result<Object> result = udfFuncService.queryUdfFuncDetail(getLoginUser(), 2); logger.info(result.toString()); - Assert.assertEquals(Status.RESOURCE_NOT_EXIST,result.get(Constants.STATUS)); + Assert.assertTrue(Status.RESOURCE_NOT_EXIST.getCode() == result.getCode()); // success - result = udfFuncService.queryUdfFuncDetail(1); + PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.UDF, 1, ApiFuncIdentificationConstant.UDF_FUNCTION_VIEW, serviceLogger)).thenReturn(true); + PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.UDF, new Object[]{1}, 0, serviceLogger)).thenReturn(true); + result = udfFuncService.queryUdfFuncDetail(getLoginUser(), 1); logger.info(result.toString()); - Assert.assertEquals(Status.SUCCESS,result.get(Constants.STATUS)); + Assert.assertTrue(Status.SUCCESS.getCode() == result.getCode()); } @Test @@ -126,40 +143,49 @@ public void testUpdateUdfFunc() { PowerMockito.when(resourceMapper.selectById(1)).thenReturn(getResource()); //UDF_FUNCTION_NOT_EXIST - Map<String, Object> result = udfFuncService.updateUdfFunc(12, "UdfFuncServiceTest", "org.apache.dolphinscheduler.api.service.UdfFuncServiceTest", "String", + PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.UDF, 1, ApiFuncIdentificationConstant.UDF_FUNCTION_UPDATE, serviceLogger)).thenReturn(true); + PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.UDF, new Object[]{1}, 0, serviceLogger)).thenReturn(true); + Result<Object> result = udfFuncService.updateUdfFunc(getLoginUser(), 12, "UdfFuncServiceTest", "org.apache.dolphinscheduler.api.service.UdfFuncServiceTest", "String", "UdfFuncServiceTest", "UdfFuncServiceTest", UdfType.HIVE, 1); logger.info(result.toString()); - Assert.assertEquals(Status.UDF_FUNCTION_NOT_EXIST,result.get(Constants.STATUS)); + Assert.assertTrue(Status.UDF_FUNCTION_NOT_EXIST.getCode() == result.getCode()); //HDFS_NOT_STARTUP - result = udfFuncService.updateUdfFunc(1, "UdfFuncServiceTest", "org.apache.dolphinscheduler.api.service.UdfFuncServiceTest", "String", + result = udfFuncService.updateUdfFunc(getLoginUser(), 1, "UdfFuncServiceTest", "org.apache.dolphinscheduler.api.service.UdfFuncServiceTest", "String", "UdfFuncServiceTest", "UdfFuncServiceTest", UdfType.HIVE, 1); logger.info(result.toString()); - Assert.assertEquals(Status.HDFS_NOT_STARTUP,result.get(Constants.STATUS)); + Assert.assertTrue(Status.HDFS_NOT_STARTUP.getCode() == result.getCode()); //RESOURCE_NOT_EXIST + PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.UDF, 1, ApiFuncIdentificationConstant.UDF_FUNCTION_UPDATE, serviceLogger)).thenReturn(true); + PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.UDF, new Object[]{12}, 0, serviceLogger)).thenReturn(true); PowerMockito.when(udfFuncMapper.selectUdfById(11)).thenReturn(getUdfFunc()); PowerMockito.when(PropertyUtils.getResUploadStartupState()).thenReturn(true); - result = udfFuncService.updateUdfFunc(11, "UdfFuncServiceTest", "org.apache.dolphinscheduler.api.service.UdfFuncServiceTest", "String", + result = udfFuncService.updateUdfFunc(getLoginUser(), 11, "UdfFuncServiceTest", "org.apache.dolphinscheduler.api.service.UdfFuncServiceTest", "String", "UdfFuncServiceTest", "UdfFuncServiceTest", UdfType.HIVE, 12); logger.info(result.toString()); - Assert.assertEquals(Status.RESOURCE_NOT_EXIST,result.get(Constants.STATUS)); + Assert.assertTrue(Status.RESOURCE_NOT_EXIST.getCode() == result.getCode()); //success - result = udfFuncService.updateUdfFunc(11, "UdfFuncServiceTest", "org.apache.dolphinscheduler.api.service.UdfFuncServiceTest", "String", + PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.UDF, 1, ApiFuncIdentificationConstant.UDF_FUNCTION_UPDATE, serviceLogger)).thenReturn(true); + PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.UDF, new Object[]{1}, 0, serviceLogger)).thenReturn(true); + result = udfFuncService.updateUdfFunc(getLoginUser(), 11, "UdfFuncServiceTest", "org.apache.dolphinscheduler.api.service.UdfFuncServiceTest", "String", "UdfFuncServiceTest", "UdfFuncServiceTest", UdfType.HIVE, 1); logger.info(result.toString()); - Assert.assertEquals(Status.SUCCESS,result.get(Constants.STATUS)); + Assert.assertTrue(Status.SUCCESS.getCode() == result.getCode()); } @Test public void testQueryUdfFuncListPaging() { + PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.UDF, 1, ApiFuncIdentificationConstant.UDF_FUNCTION_VIEW, serviceLogger)).thenReturn(true); + PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.UDF, null, 0, serviceLogger)).thenReturn(true); + PowerMockito.when(resourcePermissionCheckService.userOwnedResourceIdsAcquisition(AuthorizationType.UDF, 1, udfLogger)).thenReturn(getSetIds()); IPage<UdfFunc> page = new Page<>(1,10); page.setTotal(1L); page.setRecords(getList()); - Mockito.when(udfFuncMapper.queryUdfFuncPaging(Mockito.any(Page.class), Mockito.eq(0),Mockito.eq("test"))).thenReturn(page); + Mockito.when(udfFuncMapper.queryUdfFuncPaging(Mockito.any(Page.class), Mockito.anyList(),Mockito.eq("test"))).thenReturn(page); Result result = udfFuncService.queryUdfFuncListPaging(getLoginUser(),"test",1,10); logger.info(result.toString()); PageInfo pageInfo = (PageInfo) result.getData(); @@ -168,39 +194,55 @@ public void testQueryUdfFuncListPaging() { @Test public void testQueryUdfFuncList() { + PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.UDF, 1, ApiFuncIdentificationConstant.UDF_FUNCTION_VIEW, serviceLogger)).thenReturn(true); + PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.UDF, null, 1, serviceLogger)).thenReturn(true); + PowerMockito.when(resourcePermissionCheckService.userOwnedResourceIdsAcquisition(AuthorizationType.UDF, 1, udfLogger)).thenReturn(getSetIds()); + User user = getLoginUser(); user.setUserType(UserType.GENERAL_USER); - Mockito.when(udfFuncMapper.getUdfFuncByType(user.getId(), UdfType.HIVE.ordinal())).thenReturn(getList()); - Map<String, Object> result = udfFuncService.queryUdfFuncList(user,UdfType.HIVE.ordinal()); + user.setId(1); + Mockito.when(udfFuncMapper.getUdfFuncByType(Collections.singletonList(1), UdfType.HIVE.ordinal())).thenReturn(getList()); + Result<Object> result = udfFuncService.queryUdfFuncList(user,UdfType.HIVE.ordinal()); logger.info(result.toString()); - Assert.assertEquals(Status.SUCCESS,result.get(Constants.STATUS)); - List<UdfFunc> udfFuncList = (List<UdfFunc>) result.get(Constants.DATA_LIST); + Assert.assertTrue(Status.SUCCESS.getCode() == result.getCode()); + List<UdfFunc> udfFuncList = (List<UdfFunc>) result.getData(); Assert.assertTrue(CollectionUtils.isNotEmpty(udfFuncList)); } @Test public void testDelete() { + PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.UDF, 1, ApiFuncIdentificationConstant.UDF_FUNCTION_DELETE, serviceLogger)).thenReturn(true); + PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.UDF, new Object[]{122}, 0, serviceLogger)).thenReturn(true); + Mockito.when(udfFuncMapper.deleteById(Mockito.anyInt())).thenReturn(1); Mockito.when(udfUserMapper.deleteByUdfFuncId(Mockito.anyInt())).thenReturn(1); - Result result = udfFuncService.delete(122); + Result result = udfFuncService.delete(getLoginUser(), 122); logger.info(result.toString()); Assert.assertEquals(Status.SUCCESS.getMsg(),result.getMsg()); } @Test public void testVerifyUdfFuncByName() { + PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.UDF, 1, ApiFuncIdentificationConstant.UDF_FUNCTION_VIEW, serviceLogger)).thenReturn(true); + PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.UDF, null, 0, serviceLogger)).thenReturn(true); //success Mockito.when(udfFuncMapper.queryUdfByIdStr(null, "UdfFuncServiceTest")).thenReturn(getList()); - Result result = udfFuncService.verifyUdfFuncByName("test"); + Result result = udfFuncService.verifyUdfFuncByName(getLoginUser(), "test"); logger.info(result.toString()); Assert.assertEquals(Status.SUCCESS.getMsg(),result.getMsg()); //exist - result = udfFuncService.verifyUdfFuncByName("UdfFuncServiceTest"); + result = udfFuncService.verifyUdfFuncByName(getLoginUser(), "UdfFuncServiceTest"); logger.info(result.toString()); Assert.assertEquals(Status.UDF_FUNCTION_EXISTS.getMsg(),result.getMsg()); } + private Set<Integer> getSetIds(){ + Set<Integer> set = new HashSet(); + set.add(1); + return set; + } + /** * create admin user * @return
dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/UsersServiceTest.java+5 −76 modified@@ -27,7 +27,6 @@ import org.apache.dolphinscheduler.api.utils.PageInfo; import org.apache.dolphinscheduler.api.utils.Result; import org.apache.dolphinscheduler.common.Constants; -import org.apache.dolphinscheduler.common.enums.AuthorizationType; import org.apache.dolphinscheduler.common.enums.UserType; import org.apache.dolphinscheduler.common.storage.StorageOperate; import org.apache.dolphinscheduler.common.utils.EncryptionUtils; @@ -44,15 +43,13 @@ import org.mockito.Mock; import org.mockito.Mockito; import org.mockito.junit.MockitoJUnitRunner; -import org.powermock.api.mockito.PowerMockito; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import java.util.ArrayList; import java.util.List; import java.util.Map; -import static org.apache.dolphinscheduler.api.constants.ApiFuncIdentificationConstant.*; import static org.mockito.ArgumentMatchers.any; import static org.mockito.ArgumentMatchers.eq; import static org.mockito.Mockito.when; @@ -62,7 +59,7 @@ */ @RunWith(MockitoJUnitRunner.Silent.class) public class UsersServiceTest { - private static final Logger baseServiceLogger = LoggerFactory.getLogger(BaseServiceImpl.class); + private static final Logger logger = LoggerFactory.getLogger(UsersServiceTest.class); @InjectMocks @@ -111,6 +108,7 @@ public class UsersServiceTest { @Before public void before() { + Mockito.when(resourcePermissionCheckService.functionDisabled()).thenReturn(false); } @After @@ -138,8 +136,6 @@ public void testCreateUser() { int state = 1; try { //userName error - Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, user.getId(), USERS_CREATE , baseServiceLogger)).thenReturn(true); - Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null ,0, baseServiceLogger)).thenReturn(true); Map<String, Object> result = usersService.createUser(user, userName, userPassword, email, tenantId, phone, queueName, state); logger.info(result.toString()); Assert.assertEquals(Status.REQUEST_PARAMS_NOT_VALID_ERROR, result.get(Constants.STATUS)); @@ -230,20 +226,14 @@ public void testGetUserIdByName() { @Test public void testQueryUserList() { User user = new User(); - user.setUserType(UserType.GENERAL_USER); - user.setId(999); + //no operate - Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, user.getId(), null, baseServiceLogger)).thenReturn(true); - Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null, 1, baseServiceLogger)).thenReturn(true); Map<String, Object> result = usersService.queryUserList(user); logger.info(result.toString()); Assert.assertEquals(Status.USER_NO_OPERATION_PERM, result.get(Constants.STATUS)); //success user.setUserType(UserType.ADMIN_USER); - user.setId(1); - Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, user.getId(), USER_MANAGER, baseServiceLogger)).thenReturn(true); - Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null, 0, baseServiceLogger)).thenReturn(true); when(userMapper.selectList(null)).thenReturn(getUserList()); result = usersService.queryUserList(user); List<User> userList = (List<User>) result.get(Constants.DATA_LIST); @@ -258,17 +248,12 @@ public void testQueryUserListPage() { when(userMapper.queryUserPaging(any(Page.class), eq("userTest"))).thenReturn(page); //no operate - user.setUserType(UserType.GENERAL_USER); - Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, 99, USER_MANAGER, baseServiceLogger)).thenReturn(true); - Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null ,99, baseServiceLogger)).thenReturn(true); Result result = usersService.queryUserList(user, "userTest", 1, 10); logger.info(result.toString()); Assert.assertEquals(Status.USER_NO_OPERATION_PERM.getCode(), (int) result.getCode()); //success user.setUserType(UserType.ADMIN_USER); - Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, user.getId(), USER_MANAGER, baseServiceLogger)).thenReturn(true); - Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null ,0, baseServiceLogger)).thenReturn(true); result = usersService.queryUserList(user, "userTest", 1, 10); Assert.assertEquals(Status.SUCCESS.getCode(), (int) result.getCode()); PageInfo<User> pageInfo = (PageInfo<User>) result.getData(); @@ -281,11 +266,6 @@ public void testUpdateUser() { String userPassword = "userTest0001"; try { //user not exist - User user = new User(); - user.setUserType(UserType.ADMIN_USER); - user.setId(1); - Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, user.getId(),USER_UPDATE, baseServiceLogger)).thenReturn(true); - Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null ,0, baseServiceLogger)).thenReturn(true); Map<String, Object> result = usersService.updateUser(getLoginUser(), 0, userName, userPassword, "3443@qq.com", 1, "13457864543", "queue", 1, "Asia/Shanghai"); Assert.assertEquals(Status.USER_NOT_EXIST, result.get(Constants.STATUS)); logger.info(result.toString()); @@ -309,18 +289,12 @@ public void testDeleteUserById() { when(userMapper.selectById(1)).thenReturn(getUser()); when(accessTokenMapper.deleteAccessTokenByUserId(1)).thenReturn(0); //no operate - loginUser.setUserType(UserType.GENERAL_USER); - Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, 990, USER_DELETE, baseServiceLogger)).thenReturn(true); - Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null ,990, baseServiceLogger)).thenReturn(true); Map<String, Object> result = usersService.deleteUserById(loginUser, 3); logger.info(result.toString()); Assert.assertEquals(Status.USER_NO_OPERATION_PERM, result.get(Constants.STATUS)); // user not exist loginUser.setUserType(UserType.ADMIN_USER); - loginUser.setId(1); - Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, 1, USER_DELETE,baseServiceLogger)).thenReturn(true); - Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null ,0, baseServiceLogger)).thenReturn(true); result = usersService.deleteUserById(loginUser, 3); logger.info(result.toString()); Assert.assertEquals(Status.USER_NOT_EXIST, result.get(Constants.STATUS)); @@ -372,8 +346,7 @@ public void testGrantProjectByCode() { Mockito.when(this.userMapper.selectById(authorizer)).thenReturn(this.getUser()); Mockito.when(this.userMapper.selectById(projectCreator)).thenReturn(this.getUser()); Mockito.when(this.projectMapper.queryByCode(projectCode)).thenReturn(this.getProject()); - Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, 999, null, baseServiceLogger)).thenReturn(true); - Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null, 1, baseServiceLogger)).thenReturn(true); + // ERROR: USER_NOT_EXIST User loginUser = new User(); Map<String, Object> result = this.usersService.grantProjectByCode(loginUser, 999, projectCode); @@ -395,17 +368,13 @@ public void testGrantProjectByCode() { // SUCCESS: USER IS PROJECT OWNER loginUser.setId(projectCreator); loginUser.setUserType(UserType.GENERAL_USER); - Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, loginUser.getId(), null, baseServiceLogger)).thenReturn(true); - Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, new Object[]{1}, loginUser.getId(), baseServiceLogger)).thenReturn(true); result = this.usersService.grantProjectByCode(loginUser, authorizer, projectCode); logger.info(result.toString()); Assert.assertEquals(Status.SUCCESS, result.get(Constants.STATUS)); // SUCCESS: USER IS ADMINISTRATOR loginUser.setId(999); loginUser.setUserType(UserType.ADMIN_USER); - Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, loginUser.getId(), null, baseServiceLogger)).thenReturn(true); - Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, new Object[]{1}, 0, baseServiceLogger)).thenReturn(true); result = this.usersService.grantProjectByCode(loginUser, authorizer, projectCode); logger.info(result.toString()); Assert.assertEquals(Status.SUCCESS, result.get(Constants.STATUS)); @@ -419,19 +388,12 @@ public void testRevokeProject() { // user no permission User loginUser = new User(); - loginUser.setId(999); - loginUser.setUserType(UserType.GENERAL_USER); - PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, 999,null, baseServiceLogger)).thenReturn(true); - PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null, 2, baseServiceLogger)).thenReturn(true); Map<String, Object> result = this.usersService.revokeProject(loginUser, 1, projectCode); logger.info(result.toString()); Assert.assertEquals(Status.USER_NO_OPERATION_PERM, result.get(Constants.STATUS)); // user not exist loginUser.setUserType(UserType.ADMIN_USER); - loginUser.setId(1); - PowerMockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, loginUser.getId(),null, baseServiceLogger)).thenReturn(true); - PowerMockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null, 0, baseServiceLogger)).thenReturn(true); result = this.usersService.revokeProject(loginUser, 2, projectCode); logger.info(result.toString()); Assert.assertEquals(Status.USER_NOT_EXIST, result.get(Constants.STATUS)); @@ -489,8 +451,6 @@ public void testGrantNamespaces() { //user not exist loginUser.setUserType(UserType.ADMIN_USER); - Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, loginUser.getId(), null, baseServiceLogger)).thenReturn(true); - Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null ,0, baseServiceLogger)).thenReturn(true); Map<String, Object> result = usersService.grantNamespaces(loginUser, 2, namespaceIds); logger.info(result.toString()); Assert.assertEquals(Status.USER_NOT_EXIST, result.get(Constants.STATUS)); @@ -544,8 +504,6 @@ public void getUserInfo() { loginUser.setUserName("admin"); loginUser.setUserType(UserType.ADMIN_USER); // get admin user - Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, loginUser.getId(), USER_MANAGER, baseServiceLogger)).thenReturn(true); - Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null ,0, baseServiceLogger)).thenReturn(true); Map<String, Object> result = usersService.getUserInfo(loginUser); logger.info(result.toString()); Assert.assertEquals(Status.SUCCESS, result.get(Constants.STATUS)); @@ -554,10 +512,8 @@ public void getUserInfo() { Assert.assertEquals("admin", tempUser.getUserName()); //get general user - loginUser.setUserType(UserType.GENERAL_USER); + loginUser.setUserType(null); loginUser.setId(1); - Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, 1, null, baseServiceLogger)).thenReturn(true); - Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null ,0, baseServiceLogger)).thenReturn(true); when(userMapper.queryDetailsById(1)).thenReturn(getGeneralUser()); when(alertGroupMapper.queryByUserId(1)).thenReturn(getAlertGroups()); result = usersService.getUserInfo(loginUser); @@ -572,16 +528,11 @@ public void getUserInfo() { public void testQueryAllGeneralUsers() { User loginUser = new User(); //no operate - loginUser.setUserType(UserType.GENERAL_USER); - Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, 99, USER_MANAGER, baseServiceLogger)).thenReturn(true); - Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null ,99, baseServiceLogger)).thenReturn(true); Map<String, Object> result = usersService.queryAllGeneralUsers(loginUser); logger.info(result.toString()); Assert.assertEquals(Status.USER_NO_OPERATION_PERM, result.get(Constants.STATUS)); //success loginUser.setUserType(UserType.ADMIN_USER); - Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, loginUser.getId(), USER_MANAGER, baseServiceLogger)).thenReturn(true); - Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null ,0, baseServiceLogger)).thenReturn(true); when(userMapper.queryAllGeneralUser()).thenReturn(getUserList()); result = usersService.queryAllGeneralUsers(loginUser); logger.info(result.toString()); @@ -592,9 +543,6 @@ public void testQueryAllGeneralUsers() { @Test public void testVerifyUserName() { - User user = new User(); - Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, user.getId(), null, baseServiceLogger)).thenReturn(true); - Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null ,0, baseServiceLogger)).thenReturn(true); //not exist user Result result = usersService.verifyUserName("admin89899"); logger.info(result.toString()); @@ -612,14 +560,9 @@ public void testUnauthorizedUser() { when(userMapper.selectList(null)).thenReturn(getUserList()); when(userMapper.queryUserListByAlertGroupId(2)).thenReturn(getUserList()); //no operate - loginUser.setUserType(UserType.GENERAL_USER); - Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, 99, null, baseServiceLogger)).thenReturn(true); - Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null ,99, baseServiceLogger)).thenReturn(true); Map<String, Object> result = usersService.unauthorizedUser(loginUser, 2); logger.info(result.toString()); loginUser.setUserType(UserType.ADMIN_USER); - Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, loginUser.getId(), null, baseServiceLogger)).thenReturn(true); - Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null ,0, baseServiceLogger)).thenReturn(true); Assert.assertEquals(Status.USER_NO_OPERATION_PERM, result.get(Constants.STATUS)); //success result = usersService.unauthorizedUser(loginUser, 2); @@ -630,18 +573,13 @@ public void testUnauthorizedUser() { @Test public void testAuthorizedUser() { User loginUser = new User(); - loginUser.setUserType(UserType.GENERAL_USER); when(userMapper.queryUserListByAlertGroupId(2)).thenReturn(getUserList()); //no operate - Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, loginUser.getId(), null, baseServiceLogger)).thenReturn(true); - Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null ,2, baseServiceLogger)).thenReturn(true); Map<String, Object> result = usersService.authorizedUser(loginUser, 2); logger.info(result.toString()); Assert.assertEquals(Status.USER_NO_OPERATION_PERM, result.get(Constants.STATUS)); //success loginUser.setUserType(UserType.ADMIN_USER); - Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, loginUser.getId(), null, baseServiceLogger)).thenReturn(true); - Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null ,0, baseServiceLogger)).thenReturn(true); result = usersService.authorizedUser(loginUser, 2); Assert.assertEquals(Status.SUCCESS, result.get(Constants.STATUS)); List<User> userList = (List<User>) result.get(Constants.DATA_LIST); @@ -695,15 +633,11 @@ public void testActivateUser() { String userName = "userTest0002~"; try { //not admin - Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, 99, null, baseServiceLogger)).thenReturn(true); - Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null ,99, baseServiceLogger)).thenReturn(true); Map<String, Object> result = usersService.activateUser(user, userName); Assert.assertEquals(Status.USER_NO_OPERATION_PERM, result.get(Constants.STATUS)); //userName error user.setUserType(UserType.ADMIN_USER); - Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, user.getId(), null, baseServiceLogger)).thenReturn(true); - Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null ,0, baseServiceLogger)).thenReturn(true); result = usersService.activateUser(user, userName); Assert.assertEquals(Status.REQUEST_PARAMS_NOT_VALID_ERROR, result.get(Constants.STATUS)); @@ -739,16 +673,11 @@ public void testBatchActivateUser() { try { //not admin - Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, user.getId(), null, baseServiceLogger)).thenReturn(true); - Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null ,2, baseServiceLogger)).thenReturn(true); Map<String, Object> result = usersService.batchActivateUser(user, userNames); Assert.assertEquals(Status.USER_NO_OPERATION_PERM, result.get(Constants.STATUS)); //batch activate user names user.setUserType(UserType.ADMIN_USER); - user.setId(1); - Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.USER, user.getId(), null, baseServiceLogger)).thenReturn(true); - Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.USER, null ,0, baseServiceLogger)).thenReturn(true); when(userMapper.queryByUserNameAccurately("userTest0001")).thenReturn(getUser()); when(userMapper.queryByUserNameAccurately("userTest0002")).thenReturn(getDisabledUser()); result = usersService.batchActivateUser(user, userNames);
dolphinscheduler-common/src/main/java/org/apache/dolphinscheduler/common/enums/AuthorizationType.java+5 −3 modified@@ -56,11 +56,13 @@ public enum AuthorizationType { QUEUE(10,"queue"), DATA_ANALYSIS(11,"data analysis"), K8S_NAMESPACE(12,"k8s namespace"), - MONITOR(13,"montitor"), + MONITOR(13,"monitor"), ALERT_PLUGIN_INSTANCE(14,"alert plugin instance"), TENANT(15,"tenant"), - USER(16,"user"), - DATA_QUALITY(17,"data quality"); + DATA_QUALITY(16,"data quality"), + TASK_GROUP(17,"task group"), + ; + AuthorizationType(int code, String descp) { this.code = code; this.descp = descp;
dolphinscheduler-dao/src/main/java/org/apache/dolphinscheduler/dao/entity/TaskGroup.java+1 −1 modified@@ -33,7 +33,7 @@ public class TaskGroup implements Serializable { * key */ @TableId(value = "id", type = IdType.AUTO) - private int id; + private Integer id; /** * task_group name */
dolphinscheduler-dao/src/main/java/org/apache/dolphinscheduler/dao/mapper/AlertGroupMapper.java+1 −1 modified@@ -90,6 +90,6 @@ IPage<AlertGroup> queryAlertGroupPage(Page page, * @param alertGroupsIds * @return */ - <T> List<AlertGroup> listAuthorizedAlertGroupList (@Param("userId") int userId, @Param("alertGroupsIds")T[] alertGroupsIds); + <T> List<AlertGroup> listAuthorizedAlertGroupList (@Param("userId") int userId, @Param("alertGroupsIds")List<Integer> alertGroupsIds); }
dolphinscheduler-dao/src/main/java/org/apache/dolphinscheduler/dao/mapper/ResourceMapper.java+1 −1 modified@@ -62,9 +62,9 @@ List<Resource> queryResourceListAuthored(@Param("userId") int userId, * @return resource page */ IPage<Resource> queryResourcePaging(IPage<Resource> page, - @Param("userId") int userId, @Param("id") int id, @Param("type") int type, + @Param("userId") int userId, @Param("searchVal") String searchVal, @Param("resIds") List<Integer> resIds);
dolphinscheduler-dao/src/main/java/org/apache/dolphinscheduler/dao/mapper/UdfFuncMapper.java+8 −3 modified@@ -52,7 +52,7 @@ List<UdfFunc> queryUdfByIdStr(@Param("ids") Integer[] ids, * @return udf function IPage */ IPage<UdfFunc> queryUdfFuncPaging(IPage<UdfFunc> page, - @Param("userId") int userId, + @Param("ids") List<Integer> ids, @Param("searchVal") String searchVal); /** @@ -61,7 +61,7 @@ IPage<UdfFunc> queryUdfFuncPaging(IPage<UdfFunc> page, * @param type type * @return udf function list */ - List<UdfFunc> getUdfFuncByType(@Param("userId") int userId, + List<UdfFunc> getUdfFuncByType(@Param("ids") List<Integer> ids, @Param("type") Integer type); /** @@ -107,5 +107,10 @@ List<UdfFunc> getUdfFuncByType(@Param("userId") int userId, */ int batchUpdateUdfFunc(@Param("udfFuncList") List<UdfFunc> udfFuncList); - + /** + * listAuthorizedUdfByUserId + * @param userId + * @return + */ + List<UdfFunc> listAuthorizedUdfByUserId(@Param("userId") int userId); }
dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/AccessTokenMapper.xml+1 −1 modified@@ -50,7 +50,7 @@ <if test="userId != 0"> and t.user_id = #{userId} </if> - <if test="accessTokensIds != null and accessTokensIds.length > 0"> + <if test="accessTokensIds != null and accessTokensIds.size() > 0"> and t.id in <foreach item="id" index="index" collection="accessTokensIds" open="(" separator="," close=")"> #{id}
dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/AlertGroupMapper.xml+1 −1 modified@@ -80,7 +80,7 @@ <if test="userId != 0"> and ag.create_user_id = #{userId} </if> - <if test="alertGroupsIds != null and alertGroupsIds.length > 0"> + <if test="alertGroupsIds != null and alertGroupsIds.size() > 0"> and ag.id in <foreach item="id" index="index" collection="alertGroupsIds" open="(" separator="," close=")"> #{id}
dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/AlertPluginInstanceMapper.xml+0 −8 modified@@ -59,12 +59,4 @@ where instance_name = #{instanceName} limit 1 </select> - <select id="queryAllAlertPluginInstanceList" - resultType="org.apache.dolphinscheduler.dao.entity.AlertPluginInstance"> - select - <include refid="baseSql"/> - from t_ds_alert_plugin_instance - </select> - - </mapper>
dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/ProjectUserMapper.xml+0 −1 modified@@ -37,5 +37,4 @@ and user_id = #{userId} limit 1 </select> - </mapper>
dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/ResourceMapper.xml+6 −11 modified@@ -60,17 +60,12 @@ </include> ,u.user_name from t_ds_resources d,t_ds_user u - where d.type=#{type} and d.pid=#{id} and d.user_id=u.id - <if test="userId != 0"> - and ( - d.user_id=#{userId} - <if test="resIds != null and resIds.size() > 0"> - or d.id in - <foreach collection="resIds" item="i" open="(" close=")" separator=","> - #{i} - </foreach> - </if> - ) + where d.type=#{type} and d.pid=#{id} and u.id = #{userId} + <if test="resIds != null and resIds.size() > 0"> + and d.id in + <foreach collection="resIds" item="i" open="(" close=")" separator=","> + #{i} + </foreach> </if> <if test="searchVal != null and searchVal != ''"> and d.alias like concat('%', #{searchVal}, '%')
dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/UdfFuncMapper.xml+34 −8 modified@@ -62,11 +62,17 @@ <if test="searchVal!= null and searchVal != ''"> and udf.func_name like concat('%', #{searchVal}, '%') </if> - <if test="userId != 0"> - and udf.id in ( - select udf_id from t_ds_relation_udfs_user where user_id=#{userId} - union select id as udf_id from t_ds_udfs where user_id=#{userId}) + <if test="ids != null and ids.size() > 0"> + and udf.id in + <foreach collection="ids" item="i" open="(" close=")" separator=","> + #{i} + </foreach> </if> +<!-- <if test="userId != 0">--> +<!-- and udf.id in (--> +<!-- select udf_id from t_ds_relation_udfs_user where user_id=#{userId}--> +<!-- union select id as udf_id from t_ds_udfs where user_id=#{userId})--> +<!-- </if>--> order by udf.create_time desc </select> <select id="getUdfFuncByType" resultType="org.apache.dolphinscheduler.dao.entity.UdfFunc"> @@ -76,11 +82,17 @@ </include> from t_ds_udfs udf where udf.type=#{type} - <if test="userId != 0"> - and udf.id in ( - select udf_id from t_ds_relation_udfs_user where user_id=#{userId} - union select id as udf_id from t_ds_udfs where user_id=#{userId}) + <if test="ids != null and ids.size() > 0"> + and udf.id in + <foreach collection="ids" item="i" open="(" close=")" separator=","> + #{i} + </foreach> </if> +<!-- <if test="userId != 0">--> +<!-- and udf.id in (--> +<!-- select udf_id from t_ds_relation_udfs_user where user_id=#{userId}--> +<!-- union select id as udf_id from t_ds_udfs where user_id=#{userId})--> +<!-- </if>--> </select> <select id="queryUdfFuncExceptUserId" resultType="org.apache.dolphinscheduler.dao.entity.UdfFunc"> select @@ -157,5 +169,19 @@ </where> </foreach> </update> + + <select id="listAuthorizedUdfByUserId" resultType="org.apache.dolphinscheduler.dao.entity.UdfFunc"> + select + <include refid="baseSql"> + <property name="alias" value="udf"/> + </include> + from t_ds_udfs udf + where 1=1 + <if test="userId != 0"> + and udf.id in ( + select udf_id from t_ds_relation_udfs_user where user_id=#{userId} + union select id as udf_id from t_ds_udfs where user_id=#{userId}) + </if> + </select> </mapper>
dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/UserMapper.xml+0 −11 modified@@ -131,15 +131,4 @@ from t_ds_user u, t_ds_relation_project_user rel where u.id = rel.user_id and rel.project_id = #{projectId} </select> - - <select id="listAuthorizedUsersList" resultType="org.apache.dolphinscheduler.dao.entity.Project"> - select - * - from t_ds_project dp - where 1=1 - <if test="userId != 0"> - and dp.id in (select project_id from t_ds_relation_project_user where user_id=#{userId} - union select id as project_id from t_ds_project where user_id=#{userId}) - </if> - </select> </mapper>
dolphinscheduler-dao/src/test/java/org/apache/dolphinscheduler/dao/mapper/ResourceMapperTest.java+3 −3 modified@@ -231,17 +231,17 @@ public void testQueryResourcePaging() { IPage<Resource> resourceIPage = resourceMapper.queryResourcePaging( page, - 0, -1, resource.getType().ordinal(), + 1110, "", - new ArrayList<>() + new ArrayList<>(resource.getId()) ); IPage<Resource> resourceIPage1 = resourceMapper.queryResourcePaging( page, - 1110, -1, resource.getType().ordinal(), + 1110, "", null );
dolphinscheduler-dao/src/test/java/org/apache/dolphinscheduler/dao/mapper/UdfFuncMapperTest.java+4 −2 modified@@ -27,6 +27,7 @@ import java.util.ArrayList; import java.util.Arrays; +import java.util.Collections; import java.util.Date; import java.util.List; @@ -212,7 +213,8 @@ public void testQueryUdfFuncPaging() { UdfFunc udfFunc = insertOne(user); //queryUdfFuncPaging Page<UdfFunc> page = new Page(1, 3); - IPage<UdfFunc> udfFuncIPage = udfFuncMapper.queryUdfFuncPaging(page, user.getId(), ""); + + IPage<UdfFunc> udfFuncIPage = udfFuncMapper.queryUdfFuncPaging(page, Collections.singletonList(udfFunc.getId()), ""); Assert.assertNotEquals(udfFuncIPage.getTotal(), 0); } @@ -227,7 +229,7 @@ public void testGetUdfFuncByType() { //insertOne UdfFunc udfFunc = insertOne(user); //getUdfFuncByType - List<UdfFunc> udfFuncList = udfFuncMapper.getUdfFuncByType(user.getId(), udfFunc.getType().ordinal()); + List<UdfFunc> udfFuncList = udfFuncMapper.getUdfFuncByType(Collections.singletonList(udfFunc.getId()), udfFunc.getType().ordinal()); Assert.assertNotEquals(udfFuncList.size(), 0); }
dolphinscheduler-service/src/main/java/org/apache/dolphinscheduler/service/permission/ResourcePermissionCheckServiceImpl.java+105 −55 modified@@ -68,7 +68,7 @@ public void setApplicationContext(ApplicationContext applicationContext) throws } @Override - public boolean resourcePermissionCheck(AuthorizationType authorizationType, Object[] needChecks, int userId, Logger logger) { + public boolean resourcePermissionCheck(AuthorizationType authorizationType, Object[] needChecks, Integer userId, Logger logger) { if (Objects.nonNull(needChecks) && needChecks.length > 0){ Set<Object> originResSet = new HashSet<>(Arrays.asList(needChecks)); Set<Object> ownResSets = RESOURCE_LIST_MAP.get(authorizationType).listAuthorizedResource(userId, logger); @@ -79,8 +79,8 @@ public boolean resourcePermissionCheck(AuthorizationType authorizationType, Obje } @Override - public boolean operationPermissionCheck(AuthorizationType authorizationType, int userId, String sourceUrl, Logger logger) { - return RESOURCE_LIST_MAP.get(authorizationType).permissionCheck(userId, sourceUrl, logger); + public boolean operationPermissionCheck(AuthorizationType authorizationType, Integer userId, String permissionKey, Logger logger) { + return RESOURCE_LIST_MAP.get(authorizationType).permissionCheck(userId, permissionKey, logger); } @Override @@ -89,7 +89,7 @@ public boolean functionDisabled() { } @Override - public <T> Set<T> userOwnedResourceIdsAcquisition(AuthorizationType authorizationType, int userId, Logger logger) { + public <T> Set<T> userOwnedResourceIdsAcquisition(AuthorizationType authorizationType, Integer userId, Logger logger) { User user = processService.getUserById(userId); if (user == null){ logger.error("user id {} doesn't exist", userId); @@ -99,13 +99,11 @@ public <T> Set<T> userOwnedResourceIdsAcquisition(AuthorizationType authorizatio } @Component - public static class ProjectsResourceList implements ResourceAcquisitionAndPermissionCheck<Integer> { + public static class ProjectsResourcePermissionCheck implements ResourceAcquisitionAndPermissionCheck<Integer> { private final ProjectMapper projectMapper; - - - public ProjectsResourceList(ProjectMapper projectMapper) { + public ProjectsResourcePermissionCheck(ProjectMapper projectMapper) { this.projectMapper = projectMapper; } @@ -115,23 +113,118 @@ public List<AuthorizationType> authorizationTypes() { } @Override - public boolean permissionCheck(int userId, String url, Logger logger) { + public boolean permissionCheck(int userId, String permissionKey, Logger logger) { + // all users can create projects return true; } + @Override public Set<Integer> listAuthorizedResource(int userId, Logger logger) { return projectMapper.listAuthorizedProjects(userId, null).stream().map(Project::getId).collect(toSet()); } } + @Component + public static class MonitorResourcePermissionCheck implements ResourceAcquisitionAndPermissionCheck<Integer> { + + @Override + public List<AuthorizationType> authorizationTypes() { + return Collections.singletonList(AuthorizationType.MONITOR); + } + + @Override + public <T> Set<T> listAuthorizedResource(int userId, Logger logger) { + return null; + } + + @Override + public boolean permissionCheck(int userId, String permissionKey, Logger logger) { + return true; + } + } + + @Component + public static class FilePermissionCheck implements ResourceAcquisitionAndPermissionCheck<Integer> { + + private final ResourceMapper resourceMapper; + + public FilePermissionCheck(ResourceMapper resourceMapper) { + this.resourceMapper = resourceMapper; + } + + @Override + public List<AuthorizationType> authorizationTypes() { + return Arrays.asList(AuthorizationType.RESOURCE_FILE_ID, AuthorizationType.UDF_FILE); + } + + @Override + public Set<Integer> listAuthorizedResource(int userId, Logger logger) { + List<Resource> resources = resourceMapper.queryResourceList(null, userId, -1); + if (resources.isEmpty()){ + return Collections.emptySet(); + } + return resources.stream().map(Resource::getId).collect(toSet()); + } + + @Override + public boolean permissionCheck(int userId, String permissionKey, Logger logger) { + return true; + } + } + + @Component + public static class UdfFuncPermissionCheck implements ResourceAcquisitionAndPermissionCheck<Integer> { + + private final UdfFuncMapper udfFuncMapper; + + public UdfFuncPermissionCheck(UdfFuncMapper udfFuncMapper) { + this.udfFuncMapper = udfFuncMapper; + } + + @Override + public List<AuthorizationType> authorizationTypes() { + return Collections.singletonList(AuthorizationType.UDF); + } + + @Override + public Set<Integer> listAuthorizedResource(int userId, Logger logger) { + List<UdfFunc> udfFuncList = udfFuncMapper.listAuthorizedUdfByUserId(userId); + if (udfFuncList.isEmpty()){ + return Collections.emptySet(); + } + return udfFuncList.stream().map(UdfFunc::getId).collect(toSet()); + } + + @Override + public boolean permissionCheck(int userId, String permissionKey, Logger logger) { + return true; + } + } + + @Component + public static class TaskGroupPermissionCheck implements ResourceAcquisitionAndPermissionCheck<Integer> { + + @Override + public List<AuthorizationType> authorizationTypes() { + return Collections.singletonList(AuthorizationType.TASK_GROUP); + } + + @Override + public Set<Integer> listAuthorizedResource(int userId, Logger logger) { + return null; + } + + @Override + public boolean permissionCheck(int userId, String permissionKey, Logger logger) { + return true; + } + } @Component public static class K8sNamespaceResourceList implements ResourceAcquisitionAndPermissionCheck<Integer> { private final K8sNamespaceMapper k8sNamespaceMapper; - - public K8sNamespaceResourceList(K8sNamespaceMapper k8sNamespaceMapper) { this.k8sNamespaceMapper = k8sNamespaceMapper; } @@ -158,8 +251,6 @@ public static class EnvironmentResourceList implements ResourceAcquisitionAndPer private final EnvironmentMapper environmentMapper; - - public EnvironmentResourceList(EnvironmentMapper environmentMapper) { this.environmentMapper = environmentMapper; } @@ -185,8 +276,6 @@ public static class QueueResourceList implements ResourceAcquisitionAndPermissio private final QueueMapper queueMapper; - - public QueueResourceList(QueueMapper queueMapper) { this.queueMapper = queueMapper; } @@ -213,8 +302,6 @@ public static class WorkerGroupResourceList implements ResourceAcquisitionAndPer private final WorkerGroupMapper workerGroupMapper; - - public WorkerGroupResourceList(WorkerGroupMapper workerGroupMapper) { this.workerGroupMapper = workerGroupMapper; } @@ -244,8 +331,6 @@ public static class AlertPluginInstanceResourceList implements ResourceAcquisiti private final AlertPluginInstanceMapper alertPluginInstanceMapper; - - public AlertPluginInstanceResourceList(AlertPluginInstanceMapper alertPluginInstanceMapper) { this.alertPluginInstanceMapper = alertPluginInstanceMapper; } @@ -275,8 +360,6 @@ public static class AlertGroupResourceList implements ResourceAcquisitionAndPerm private final AlertGroupMapper alertGroupMapper; - - public AlertGroupResourceList(AlertGroupMapper alertGroupMapper) { this.alertGroupMapper = alertGroupMapper; } @@ -306,8 +389,6 @@ public static class TenantResourceList implements ResourceAcquisitionAndPermissi private final TenantMapper tenantMapper; - - public TenantResourceList(TenantMapper tenantMapper) { this.tenantMapper = tenantMapper; } @@ -329,37 +410,6 @@ public Set<Integer> listAuthorizedResource(int userId, Logger logger) { } } - /** - * User Resource - */ - @Component - public static class UsersResourceList implements ResourceAcquisitionAndPermissionCheck<Integer> { - - private final UserMapper userMapper; - - - - public UsersResourceList(UserMapper userMapper) { - this.userMapper = userMapper; - } - - @Override - public List<AuthorizationType> authorizationTypes() { - return Collections.singletonList(AuthorizationType.USER); - } - - @Override - public boolean permissionCheck(int userId, String url, Logger logger) { - return true; - } - - - @Override - public Set<Integer> listAuthorizedResource(int userId, Logger logger) { - return userMapper.listAuthorizedUsersList(userId, null).stream().map(User::getId).collect(toSet()); - } - } - /** * DataSource Resource */ @@ -506,7 +556,7 @@ interface ResourceAcquisitionAndPermissionCheck<T> { * @param userId * @return */ - boolean permissionCheck(int userId, String url, Logger logger); + boolean permissionCheck(int userId, String permissionKey, Logger logger); } }
dolphinscheduler-service/src/main/java/org/apache/dolphinscheduler/service/permission/ResourcePermissionCheckService.java+5 −4 modified@@ -19,6 +19,7 @@ import org.apache.dolphinscheduler.common.enums.AuthorizationType; import org.slf4j.Logger; +import java.util.List; import java.util.Set; public interface ResourcePermissionCheckService<T>{ @@ -30,7 +31,7 @@ public interface ResourcePermissionCheckService<T>{ * @param logger * @return */ - boolean resourcePermissionCheck(AuthorizationType authorizationType, T[] needChecks, int userId, Logger logger); + boolean resourcePermissionCheck(AuthorizationType authorizationType, Object[] needChecks, Integer userId, Logger logger); /** * userOwnedResourceIdsAcquisition @@ -40,17 +41,17 @@ public interface ResourcePermissionCheckService<T>{ * @param <T> * @return */ - <T> Set<T> userOwnedResourceIdsAcquisition(AuthorizationType authorizationType, int userId, Logger logger); + <T> Set<T> userOwnedResourceIdsAcquisition(AuthorizationType authorizationType, Integer userId, Logger logger); /** * operationpermissionCheck * @param authorizationType * @param userId - * @param sourceUrl + * @param permissionKey * @param logger * @return */ - boolean operationPermissionCheck(AuthorizationType authorizationType, int userId, String sourceUrl, Logger logger); + boolean operationPermissionCheck(AuthorizationType authorizationType, Integer userId, String permissionKey, Logger logger); /** * functionDisabled
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
6- github.com/apache/dolphinscheduler/pull/10307ghsapatchWEB
- github.com/advisories/GHSA-r44q-98gx-pmh2ghsaADVISORY
- lists.apache.org/thread/zm4t1ykj4cro1c8183q7y32z0yzfz8yjghsavendor-advisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2023-49620ghsaADVISORY
- www.openwall.com/lists/oss-security/2023/11/30/4ghsaWEB
- github.com/apache/dolphinscheduler/commit/a4948f58e671ab263060da1de255af3ecd2530acghsaWEB
News mentions
0No linked articles in our index yet.