This is an automated email from the ASF dual-hosted git repository.
chenxingchun pushed a commit to branch 1.3.3-release
in repository https://gitbox.apache.org/repos/asf/incubator-dolphinscheduler.git
The following commit(s) were added to refs/heads/1.3.3-release by this push:
new 01975bd [Fix-#3958][api] files should not be created successfully in
the directory of the authorized file
new 292b0fc Merge pull request #3980 from lgcareer/1.3.3-release-fix3958
01975bd is described below
commit 01975bd545cb411b13a016fcfbc5703105cab660
Author: lgcareer <[email protected]>
AuthorDate: Fri Oct 23 14:03:51 2020 +0800
[Fix-#3958][api] files should not be created successfully in the directory
of the authorized file
---
.../dolphinscheduler/api/service/ResourcesService.java | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git
a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/ResourcesService.java
b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/ResourcesService.java
index d4c10ef..28fe64e 100644
---
a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/ResourcesService.java
+++
b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/ResourcesService.java
@@ -961,6 +961,19 @@ public class ResourcesService extends BaseService {
if (!result.getCode().equals(Status.SUCCESS.getCode())) {
return result;
}
+ if (pid != -1) {
+ Resource parentResource = resourcesMapper.selectById(pid);
+
+ if (parentResource == null) {
+ putMsg(result, Status.PARENT_RESOURCE_NOT_EXIST);
+ return result;
+ }
+
+ if (!hasPerm(loginUser, parentResource.getUserId())) {
+ putMsg(result, Status.USER_NO_OPERATION_PERM);
+ return result;
+ }
+ }
// save data
Date now = new Date();
