This is an automated email from the ASF dual-hosted git repository.
lidongdai pushed a commit to branch dev
in repository https://gitbox.apache.org/repos/asf/dolphinscheduler.git
The following commit(s) were added to refs/heads/dev by this push:
new 5e3dc7b16f [Fix-15771] Fix normal user can grant project permission
(#15772)
5e3dc7b16f is described below
commit 5e3dc7b16ffe8bdf2e06518d4c7080bd39ba228d
Author: silentxingtian <[email protected]>
AuthorDate: Wed Mar 27 21:46:08 2024 +0800
[Fix-15771] Fix normal user can grant project permission (#15772)
* repair the bug #15771 by call the interface.
* Fix the bug by call the interface(#15771)
* Fix the grant project,datasource,udf bug (#15771)
* add Unit Test for modified (#15771)
* add Unit Test for UDF (#15771)
* [Fix] add Unit Test and grant Permission modify(#15771)
---------
Co-authored-by: liuw529 <[email protected]>
---
.../api/service/impl/UsersServiceImpl.java | 17 +++++++++++++++
.../api/service/UsersServiceTest.java | 25 ++++++++++++++++++++++
2 files changed, 42 insertions(+)
diff --git
a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UsersServiceImpl.java
b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UsersServiceImpl.java
index 0c331a4c0c..7b9746921c 100644
---
a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UsersServiceImpl.java
+++
b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UsersServiceImpl.java
@@ -556,6 +556,12 @@ public class UsersServiceImpl extends BaseServiceImpl
implements UsersService {
putMsg(result, Status.FUNCTION_DISABLED);
return result;
}
+
+ if (!isAdmin(loginUser)) {
+ putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION);
+ return result;
+ }
+
// check exist
User tempUser = userMapper.selectById(userId);
if (tempUser == null) {
@@ -603,6 +609,7 @@ public class UsersServiceImpl extends BaseServiceImpl
implements UsersService {
putMsg(result, Status.FUNCTION_DISABLED);
return result;
}
+
// check exist
User tempUser = userMapper.selectById(userId);
if (tempUser == null) {
@@ -611,6 +618,11 @@ public class UsersServiceImpl extends BaseServiceImpl
implements UsersService {
return result;
}
+ if (!isAdmin(loginUser)) {
+ putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION);
+ return result;
+ }
+
if (check(result, StringUtils.isEmpty(projectIds), Status.SUCCESS)) {
log.warn("Parameter projectIds is empty.");
return result;
@@ -763,6 +775,11 @@ public class UsersServiceImpl extends BaseServiceImpl
implements UsersService {
return result;
}
+ if (!isAdmin(loginUser)) {
+ putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION);
+ return result;
+ }
+
udfUserMapper.deleteByUserId(userId);
if (check(result, StringUtils.isEmpty(udfIds), Status.SUCCESS)) {
diff --git
a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/UsersServiceTest.java
b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/UsersServiceTest.java
index 36e3abfa3e..3cb71d97a0 100644
---
a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/UsersServiceTest.java
+++
b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/UsersServiceTest.java
@@ -397,6 +397,14 @@ public class UsersServiceTest {
result = usersService.grantProject(loginUser, userId, projectIds);
logger.info(result.toString());
Assertions.assertEquals(Status.SUCCESS, result.get(Constants.STATUS));
+
+ // ERROR: NO_CURRENT_OPERATING_PERMISSION
+ loginUser.setId(3);
+ loginUser.setUserType(UserType.GENERAL_USER);
+ when(userMapper.selectById(3)).thenReturn(loginUser);
+ result = this.usersService.grantProject(loginUser, userId, projectIds);
+ logger.info(result.toString());
+ Assertions.assertEquals(Status.NO_CURRENT_OPERATING_PERMISSION,
result.get(Constants.STATUS));
}
@Test
@@ -418,6 +426,14 @@ public class UsersServiceTest {
result = usersService.grantProjectWithReadPerm(loginUser, userId,
projectIds);
logger.info(result.toString());
Assertions.assertEquals(Status.SUCCESS, result.get(Constants.STATUS));
+
+ // ERROR: NO_CURRENT_OPERATING_PERMISSION
+ loginUser.setId(3);
+ loginUser.setUserType(UserType.GENERAL_USER);
+ when(userMapper.selectById(3)).thenReturn(loginUser);
+ result = this.usersService.grantProjectWithReadPerm(loginUser, userId,
projectIds);
+ logger.info(result.toString());
+ Assertions.assertEquals(Status.NO_CURRENT_OPERATING_PERMISSION,
result.get(Constants.STATUS));
}
@Test
@@ -527,11 +543,20 @@ public class UsersServiceTest {
Map<String, Object> result = usersService.grantUDFFunction(loginUser,
2, udfIds);
logger.info(result.toString());
Assertions.assertEquals(Status.USER_NOT_EXIST,
result.get(Constants.STATUS));
+
// success
when(udfUserMapper.deleteByUserId(1)).thenReturn(1);
result = usersService.grantUDFFunction(loginUser, 1, udfIds);
logger.info(result.toString());
Assertions.assertEquals(Status.SUCCESS, result.get(Constants.STATUS));
+
+ // ERROR: NO_CURRENT_OPERATING_PERMISSION
+ loginUser.setId(2);
+ loginUser.setUserType(UserType.GENERAL_USER);
+ when(userMapper.selectById(2)).thenReturn(loginUser);
+ result = this.usersService.grantUDFFunction(loginUser, 2, udfIds);
+ logger.info(result.toString());
+ Assertions.assertEquals(Status.NO_CURRENT_OPERATING_PERMISSION,
result.get(Constants.STATUS));
}
@Test
