(dolphinscheduler) 03/03: cherry-pick [Bug-15215][Api] non-admin should not modify tenantId and queue #15254

Wed, 06 Dec 2023 00:18:30 -0800 

This is an automated email from the ASF dual-hosted git repository.

kerwin pushed a commit to branch 3.1.9-prepare
in repository https://gitbox.apache.org/repos/asf/dolphinscheduler.git

commit dade149f081fbcc094343fd87bae85ad65e147c7
Author: zhanqian <[email protected]>
AuthorDate: Mon Dec 4 10:20:34 2023 +0800

    cherry-pick [Bug-15215][Api] non-admin should not modify tenantId and queue
    #15254
---
 .../api/service/impl/UsersServiceImpl.java              | 11 +++++++++++
 .../dolphinscheduler/api/service/UsersServiceTest.java  | 17 +++++++++++++++++
 2 files changed, 28 insertions(+)

diff --git 
a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UsersServiceImpl.java
 
b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UsersServiceImpl.java
index 51d7196901..b30ea1d4cd 100644
--- 
a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UsersServiceImpl.java
+++ 
b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UsersServiceImpl.java
@@ -395,6 +395,17 @@ public class UsersServiceImpl extends BaseServiceImpl 
implements UsersService {
             putMsg(result, Status.USER_NOT_EXIST, userId);
             return result;
         }
+
+        // non-admin should not modify tenantId and queue
+        if (!isAdmin(loginUser)) {
+            if (tenantId != null && user.getTenantId() != tenantId) {
+                throw new ServiceException(Status.USER_NO_OPERATION_PERM);
+            }
+            if (StringUtils.isNotEmpty(queue) && !StringUtils.equals(queue, 
user.getQueue())) {
+                throw new ServiceException(Status.USER_NO_OPERATION_PERM);
+            }
+        }
+
         if (StringUtils.isNotEmpty(userName)) {
 
             if (!CheckUtils.checkUserName(userName)) {
diff --git 
a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/UsersServiceTest.java
 
b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/UsersServiceTest.java
index 9ad170d7eb..1f164fb876 100644
--- 
a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/UsersServiceTest.java
+++ 
b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/UsersServiceTest.java
@@ -814,6 +814,23 @@ public class UsersServiceTest {
         return user;
     }
 
+    /**
+     * get non-admin user
+     *
+     * @return user
+     */
+    private User getNonAdminUser() {
+
+        User user = new User();
+        user.setId(2);
+        user.setUserType(UserType.GENERAL_USER);
+        user.setUserName("userTest0001");
+        user.setUserPassword("userTest0001");
+        user.setTenantId(2);
+        user.setQueue("queue");
+        return user;
+    }
+
     /**
      * get tenant
      *

Reply via email to