This is an automated email from the ASF dual-hosted git repository.
leonbao pushed a commit to branch 1.3.2-release
in repository https://gitbox.apache.org/repos/asf/incubator-dolphinscheduler.git
The following commit(s) were added to refs/heads/1.3.2-release by this push:
new 553af77 add login user check some actions in api
new 0a0515e Merge remote-tracking branch 'upstream/1.3.2-release' into
132-checkadmin
553af77 is described below
commit 553af77803a5fdb787c3a0b94ac61ab8f4213b3c
Author: lenboo <[email protected]>
AuthorDate: Sat Aug 15 08:31:02 2020 +0800
add login user check some actions in api
---
.../api/controller/AccessTokenController.java | 6 ++---
.../api/controller/UsersController.java | 2 +-
.../api/service/AccessTokenService.java | 25 +++++++++++++++++---
.../dolphinscheduler/api/service/BaseService.java | 19 +++++++++++++++
.../dolphinscheduler/api/service/UsersService.java | 27 +++++-----------------
.../api/service/AccessTokenServiceTest.java | 16 +++++++++----
.../api/service/UsersServiceTest.java | 11 ++++++---
7 files changed, 71 insertions(+), 35 deletions(-)
diff --git
a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/controller/AccessTokenController.java
b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/controller/AccessTokenController.java
index 8731b26..a9782ab 100644
---
a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/controller/AccessTokenController.java
+++
b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/controller/AccessTokenController.java
@@ -74,7 +74,7 @@ public class AccessTokenController extends BaseController {
logger.info("login user {}, create token , userId : {} , token expire
time : {} , token : {}", loginUser.getUserName(),
userId, expireTime, token);
- Map<String, Object> result = accessTokenService.createToken(userId,
expireTime, token);
+ Map<String, Object> result = accessTokenService.createToken(loginUser,
userId, expireTime, token);
return returnDataList(result);
}
@@ -94,7 +94,7 @@ public class AccessTokenController extends BaseController {
@RequestParam(value = "userId") int userId,
@RequestParam(value = "expireTime") String
expireTime) {
logger.info("login user {}, generate token , userId : {} , token
expire time : {}", loginUser, userId, expireTime);
- Map<String, Object> result = accessTokenService.generateToken(userId,
expireTime);
+ Map<String, Object> result =
accessTokenService.generateToken(loginUser, userId, expireTime);
return returnDataList(result);
}
@@ -173,7 +173,7 @@ public class AccessTokenController extends BaseController {
logger.info("login user {}, update token , userId : {} , token expire
time : {} , token : {}", loginUser.getUserName(),
userId, expireTime, token);
- Map<String, Object> result = accessTokenService.updateToken(id,
userId, expireTime, token);
+ Map<String, Object> result = accessTokenService.updateToken(loginUser,
id, userId, expireTime, token);
return returnDataList(result);
}
diff --git
a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/controller/UsersController.java
b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/controller/UsersController.java
index 08d862e..fb237e6 100644
---
a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/controller/UsersController.java
+++
b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/controller/UsersController.java
@@ -161,7 +161,7 @@ public class UsersController extends BaseController {
@RequestParam(value = "phone", required = false)
String phone) throws Exception {
logger.info("login user {}, updateProcessInstance user, userName: {},
email: {}, tenantId: {}, userPassword: {}, phone: {}, user queue: {}",
loginUser.getUserName(), userName, email, tenantId,
Constants.PASSWORD_DEFAULT, phone, queue);
- Map<String, Object> result = usersService.updateUser(id, userName,
userPassword, email, tenantId, phone, queue);
+ Map<String, Object> result = usersService.updateUser(loginUser, id,
userName, userPassword, email, tenantId, phone, queue);
return returnDataList(result);
}
diff --git
a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/AccessTokenService.java
b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/AccessTokenService.java
index 5d17696..8b40a25 100644
---
a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/AccessTokenService.java
+++
b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/AccessTokenService.java
@@ -75,13 +75,18 @@ public class AccessTokenService extends BaseService {
/**
* create token
+ *
+ * @param loginUser
* @param userId token for user
* @param expireTime token expire time
* @param token token string
* @return create result code
*/
- public Map<String, Object> createToken(int userId, String expireTime,
String token) {
+ public Map<String, Object> createToken(User loginUser, int userId, String
expireTime, String token) {
Map<String, Object> result = new HashMap<>(5);
+ if(check(result, !isAdmin(loginUser), Status.USER_NO_OPERATION_PERM)){
+ return result;
+ }
if (userId <= 0) {
throw new IllegalArgumentException("User id should not less than
or equals to 0.");
@@ -107,12 +112,17 @@ public class AccessTokenService extends BaseService {
/**
* generate token
+ *
+ * @param loginUser
* @param userId token for user
* @param expireTime token expire time
* @return token string
*/
- public Map<String, Object> generateToken(int userId, String expireTime) {
+ public Map<String, Object> generateToken(User loginUser, int userId,
String expireTime) {
Map<String, Object> result = new HashMap<>(5);
+ if(check(result, !isAdmin(loginUser), Status.USER_NO_OPERATION_PERM)){
+ return result;
+ }
String token = EncryptionUtils.getMd5(userId + expireTime +
String.valueOf(System.currentTimeMillis()));
result.put(Constants.DATA_LIST, token);
putMsg(result, Status.SUCCESS);
@@ -128,6 +138,10 @@ public class AccessTokenService extends BaseService {
public Map<String, Object> delAccessTokenById(User loginUser, int id) {
Map<String, Object> result = new HashMap<>(5);
+ if(check(result, !isAdmin(loginUser), Status.USER_NO_OPERATION_PERM)){
+ return result;
+ }
+
AccessToken accessToken = accessTokenMapper.selectById(id);
if (accessToken == null) {
@@ -149,15 +163,20 @@ public class AccessTokenService extends BaseService {
/**
* update token by id
+ *
+ * @param loginUser
* @param id token id
* @param userId token for user
* @param expireTime token expire time
* @param token token string
* @return update result code
*/
- public Map<String, Object> updateToken(int id,int userId, String
expireTime, String token) {
+ public Map<String, Object> updateToken(User loginUser, int id, int userId,
String expireTime, String token) {
Map<String, Object> result = new HashMap<>(5);
+ if(check(result, !isAdmin(loginUser), Status.USER_NO_OPERATION_PERM)){
+ return result;
+ }
AccessToken accessToken = accessTokenMapper.selectById(id);
if (accessToken == null) {
logger.error("access token not exist, access token id {}", id);
diff --git
a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/BaseService.java
b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/BaseService.java
index 646a67a..e0617f3 100644
---
a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/BaseService.java
+++
b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/BaseService.java
@@ -95,6 +95,25 @@ public class BaseService {
}
/**
+ * check
+ *
+ * @param result result
+ * @param bool bool
+ * @param userNoOperationPerm status
+ * @return check result
+ */
+ protected boolean check(Map<String, Object> result, boolean bool, Status
userNoOperationPerm) {
+ //only admin can operate
+ if (bool) {
+ result.put(Constants.STATUS, userNoOperationPerm);
+ result.put(Constants.MSG, userNoOperationPerm.getMsg());
+ return true;
+ }
+ return false;
+ }
+
+
+ /**
* get cookie info by name
* @param request request
* @param name 'sessionId'
diff --git
a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/UsersService.java
b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/UsersService.java
index 8d79c8e..1ceb0f7 100644
---
a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/UsersService.java
+++
b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/UsersService.java
@@ -248,6 +248,8 @@ public class UsersService extends BaseService {
/**
* updateProcessInstance user
*
+ *
+ * @param loginUser
* @param userId user id
* @param userName user name
* @param userPassword user password
@@ -258,7 +260,7 @@ public class UsersService extends BaseService {
* @return update result code
* @throws Exception exception
*/
- public Map<String, Object> updateUser(int userId,
+ public Map<String, Object> updateUser(User loginUser, int userId,
String userName,
String userPassword,
String email,
@@ -268,13 +270,14 @@ public class UsersService extends BaseService {
Map<String, Object> result = new HashMap<>(5);
result.put(Constants.STATUS, false);
+ if (check(result, !hasPerm(loginUser, userId),
Status.USER_NO_OPERATION_PERM)) {
+ return result;
+ }
User user = userMapper.selectById(userId);
-
if (user == null) {
putMsg(result, Status.USER_NOT_EXIST, userId);
return result;
}
-
if (StringUtils.isNotEmpty(userName)) {
if (!CheckUtils.checkUserName(userName)){
@@ -815,24 +818,6 @@ public class UsersService extends BaseService {
}
/**
- * check
- *
- * @param result result
- * @param bool bool
- * @param userNoOperationPerm status
- * @return check result
- */
- private boolean check(Map<String, Object> result, boolean bool, Status
userNoOperationPerm) {
- //only admin can operate
- if (bool) {
- result.put(Constants.STATUS, userNoOperationPerm);
- result.put(Constants.MSG, userNoOperationPerm.getMsg());
- return true;
- }
- return false;
- }
-
- /**
* @param tenantId tenant id
* @return true if tenant exists, otherwise return false
*/
diff --git
a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/AccessTokenServiceTest.java
b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/AccessTokenServiceTest.java
index f388445..258d441 100644
---
a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/AccessTokenServiceTest.java
+++
b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/AccessTokenServiceTest.java
@@ -94,7 +94,7 @@ public class AccessTokenServiceTest {
when(accessTokenMapper.insert(any(AccessToken.class))).thenReturn(2);
- Map<String, Object> result =
accessTokenService.createToken(1,getDate(),"AccessTokenServiceTest");
+ Map<String, Object> result =
accessTokenService.createToken(getLoginUser(),
1,getDate(),"AccessTokenServiceTest");
logger.info(result.toString());
Assert.assertEquals(Status.SUCCESS,result.get(Constants.STATUS));
}
@@ -102,7 +102,7 @@ public class AccessTokenServiceTest {
@Test
public void testGenerateToken(){
- Map<String, Object> result =
accessTokenService.generateToken(Integer.MAX_VALUE,getDate());
+ Map<String, Object> result =
accessTokenService.generateToken(getLoginUser(), Integer.MAX_VALUE,getDate());
logger.info(result.toString());
Assert.assertEquals(Status.SUCCESS,result.get(Constants.STATUS));
String token = (String) result.get(Constants.DATA_LIST);
@@ -134,16 +134,24 @@ public class AccessTokenServiceTest {
public void testUpdateToken(){
when(accessTokenMapper.selectById(1)).thenReturn(getEntity());
- Map<String, Object> result =
accessTokenService.updateToken(1,Integer.MAX_VALUE,getDate(),"token");
+ Map<String, Object> result =
accessTokenService.updateToken(getLoginUser(),
1,Integer.MAX_VALUE,getDate(),"token");
logger.info(result.toString());
Assert.assertEquals(Status.SUCCESS,result.get(Constants.STATUS));
// not exist
- result =
accessTokenService.updateToken(2,Integer.MAX_VALUE,getDate(),"token");
+ result = accessTokenService.updateToken(getLoginUser(),
2,Integer.MAX_VALUE,getDate(),"token");
logger.info(result.toString());
Assert.assertEquals(Status.ACCESS_TOKEN_NOT_EXIST,result.get(Constants.STATUS));
}
+
+ private User getLoginUser(){
+ User loginUser = new User();
+ loginUser.setId(1);
+ loginUser.setUserType(UserType.ADMIN_USER);
+ return loginUser;
+ }
+
/**
* create entity
* @return
diff --git
a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/UsersServiceTest.java
b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/UsersServiceTest.java
index 58ee6fd..6162860 100644
---
a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/UsersServiceTest.java
+++
b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/UsersServiceTest.java
@@ -18,7 +18,6 @@ package org.apache.dolphinscheduler.api.service;
import com.baomidou.mybatisplus.core.metadata.IPage;
import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
-import org.apache.avro.generic.GenericData;
import org.apache.dolphinscheduler.api.enums.Status;
import org.apache.dolphinscheduler.api.utils.PageInfo;
import org.apache.dolphinscheduler.api.utils.Result;
@@ -225,13 +224,13 @@ public class UsersServiceTest {
String userPassword = "userTest0001";
try {
//user not exist
- Map<String, Object> result =
usersService.updateUser(0,userName,userPassword,"[email protected]",1,"13457864543","queue");
+ Map<String, Object> result =
usersService.updateUser(getLoginUser(),
0,userName,userPassword,"[email protected]",1,"13457864543","queue");
Assert.assertEquals(Status.USER_NOT_EXIST,
result.get(Constants.STATUS));
logger.info(result.toString());
//success
when(userMapper.selectById(1)).thenReturn(getUser());
- result =
usersService.updateUser(1,userName,userPassword,"[email protected]",1,"13457864543","queue");
+ result = usersService.updateUser(getLoginUser(),
1,userName,userPassword,"[email protected]",1,"13457864543","queue");
logger.info(result.toString());
Assert.assertEquals(Status.SUCCESS, result.get(Constants.STATUS));
} catch (Exception e) {
@@ -357,6 +356,12 @@ public class UsersServiceTest {
}
+ private User getLoginUser(){
+ User loginUser = new User();
+ loginUser.setId(1);
+ loginUser.setUserType(UserType.ADMIN_USER);
+ return loginUser;
+ }
@Test
public void getUserInfo(){
