[GitHub] [dolphinscheduler] WangJPLeo commented on a diff in pull request #11886: [Fix-11866] [API] When a user accesses an interface without project permission, the returned information is not formatted

[GitBox]

WangJPLeo commented on code in PR #11886:
URL: https://github.com/apache/dolphinscheduler/pull/11886#discussion_r974858104


##########
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ProcessTaskRelationServiceImpl.java:
##########
@@ -206,18 +203,17 @@ private void updateProcessDefiniteVersion(User loginUser, 
Map<String, Object> re
     @Override
     public Map<String, Object> deleteTaskProcessRelation(User loginUser, long 
projectCode, long processDefinitionCode,
                                                          long taskCode) {
-        Project project = projectMapper.queryByCode(projectCode);
-        // check user access for project
-        Map<String, Object> result = 
projectService.checkProjectAndAuth(loginUser, project, projectCode, null);
-        if (result.get(Constants.STATUS) != Status.SUCCESS) {
-            return result;
-        }
+
+        Map<String, Object> result = new HashMap<>();
         if (taskCode == 0) {
             logger.error("Delete task process relation error due to parameter 
taskCode is 0, projectCode:{}, processDefinitionCode:{}.",
                     projectCode, processDefinitionCode);
             putMsg(result, Status.DELETE_TASK_PROCESS_RELATION_ERROR);
             return result;
         }
+        // check user access for project
+        projectService.hasProjectAndPerm(loginUser, projectCode, null);

Review Comment:
   The current deletion operation and item data permission should be verified 
here and I'll improve this later.



##########
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/SchedulerServiceImpl.java:
##########
@@ -143,10 +146,7 @@ public Map<String, Object> insertSchedule(User loginUser,
         Project project = projectMapper.queryByCode(projectCode);
 
         // check project auth
-        boolean hasProjectAndPerm = 
projectService.hasProjectAndPerm(loginUser, project, result, null);
-        if (!hasProjectAndPerm) {
-            return result;
-        }
+        projectService.hasProjectAndPerm(loginUser, project, null);

Review Comment:
   Permission key should not be null, also fix them in next pr.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@dolphinscheduler.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org