github-code-scanning[bot] commented on code in PR #12048:
URL: https://github.com/apache/dolphinscheduler/pull/12048#discussion_r996951558
##########
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/ResourcesService.java:
##########
@@ -254,8 +257,17 @@
~ * @param userId user id
~ * @return authorized result code
*/
Map<String, Object> authorizedUDFFunction(User loginUser, Integer userId);
+ /**
+ * authorized file with read permission
+ *
+ * @param loginUser login user
+ * @param userId user id
+ * @return authorized result
+ */
+ Map<String, Object> authorizedFileWithReadPerm(User loginUser, Integer
userId);
Review Comment:
## Useless parameter
The parameter 'loginUser' is never used.
[Show more
details](https://github.com/apache/dolphinscheduler/security/code-scanning/1853)
##########
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/UsersService.java:
##########
@@ -172,6 +190,17 @@
*/
Map<String, Object> revokeProject(User loginUser, int userId, long
projectCode);
+ /**
+ * grant resource with permission level
+ *
+ * @param loginUser login user
+ * @param userId user id
+ * @param readPermResourceIds resource id array with read permission
+ * @param allPermResourceIds resource id array with all permission
+ * @return grant result code
+ */
+ Map<String, Object> grantResourceWithPermLevel(User loginUser, int userId,
String readPermResourceIds, String allPermResourceIds);
Review Comment:
## Useless parameter
The parameter 'loginUser' is never used.
[Show more
details](https://github.com/apache/dolphinscheduler/security/code-scanning/1855)
##########
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UsersServiceImpl.java:
##########
@@ -553,13 +645,15 @@
return result;
}
- projectUserMapper.deleteProjectRelation(0, userId);
-
if (check(result, StringUtils.isEmpty(projectIds), Status.SUCCESS)) {
logger.warn("Parameter projectIds is empty.");
return result;
}
Arrays.stream(projectIds.split(",")).distinct().forEach(projectId -> {
+ ProjectUser projectUserOld =
projectUserMapper.queryProjectRelation(Integer.parseInt(projectId), userId);
+ if (projectUserOld != null) {
+
projectUserMapper.deleteProjectRelation(Integer.parseInt(projectId), userId);
Review Comment:
## Missing catch of NumberFormatException
Potential uncaught 'java.lang.NumberFormatException'.
[Show more
details](https://github.com/apache/dolphinscheduler/security/code-scanning/1869)
##########
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UsersServiceImpl.java:
##########
@@ -527,6 +527,98 @@
}
}
+ /**
+ * revoke the project permission for specified user by id
+ * @param loginUser Login user
+ * @param userId User id
+ * @param projectIds project id array
+ * @return
+ */
+ @Override
+ @Transactional(rollbackFor = RuntimeException.class)
+ public Map<String, Object> revokeProjectById(User loginUser, int userId,
String projectIds){
+ Map<String, Object> result = new HashMap<>();
+ result.put(Constants.STATUS, false);
+
+ if(resourcePermissionCheckService.functionDisabled()){
+ putMsg(result, Status.FUNCTION_DISABLED);
+ return result;
+ }
+ // 1. only admin can operate
+ if (this.check(result, !this.isAdmin(loginUser),
Status.USER_NO_OPERATION_PERM)) {
+ return result;
+ }
+
+ // 2. check if user is existed
+ User user = this.userMapper.selectById(userId);
+ if (user == null) {
+ this.putMsg(result, Status.USER_NOT_EXIST, userId);
+ return result;
+ }
+
+ Arrays.stream(projectIds.split(",")).distinct().forEach(projectId -> {
+ // 3. check if project is existed
+ Project project =
this.projectMapper.queryDetailById(Integer.parseInt(projectId));
Review Comment:
## Missing catch of NumberFormatException
Potential uncaught 'java.lang.NumberFormatException'.
[Show more
details](https://github.com/apache/dolphinscheduler/security/code-scanning/1863)
##########
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UsersServiceImpl.java:
##########
@@ -553,13 +645,15 @@
return result;
}
- projectUserMapper.deleteProjectRelation(0, userId);
-
if (check(result, StringUtils.isEmpty(projectIds), Status.SUCCESS)) {
logger.warn("Parameter projectIds is empty.");
return result;
}
Arrays.stream(projectIds.split(",")).distinct().forEach(projectId -> {
+ ProjectUser projectUserOld =
projectUserMapper.queryProjectRelation(Integer.parseInt(projectId), userId);
Review Comment:
## Missing catch of NumberFormatException
Potential uncaught 'java.lang.NumberFormatException'.
[Show more
details](https://github.com/apache/dolphinscheduler/security/code-scanning/1868)
##########
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UsersServiceImpl.java:
##########
@@ -527,6 +527,98 @@
}
}
+ /**
+ * revoke the project permission for specified user by id
+ * @param loginUser Login user
+ * @param userId User id
+ * @param projectIds project id array
+ * @return
+ */
+ @Override
+ @Transactional(rollbackFor = RuntimeException.class)
+ public Map<String, Object> revokeProjectById(User loginUser, int userId,
String projectIds){
+ Map<String, Object> result = new HashMap<>();
+ result.put(Constants.STATUS, false);
+
+ if(resourcePermissionCheckService.functionDisabled()){
+ putMsg(result, Status.FUNCTION_DISABLED);
+ return result;
+ }
+ // 1. only admin can operate
+ if (this.check(result, !this.isAdmin(loginUser),
Status.USER_NO_OPERATION_PERM)) {
+ return result;
+ }
+
+ // 2. check if user is existed
+ User user = this.userMapper.selectById(userId);
+ if (user == null) {
+ this.putMsg(result, Status.USER_NOT_EXIST, userId);
+ return result;
+ }
+
+ Arrays.stream(projectIds.split(",")).distinct().forEach(projectId -> {
+ // 3. check if project is existed
+ Project project =
this.projectMapper.queryDetailById(Integer.parseInt(projectId));
+ if (project == null) {
+ this.putMsg(result, Status.PROJECT_NOT_FOUND,
Integer.parseInt(projectId));
+ }
+ else{
+ // 4. delete the relationship between project and user
+ this.projectUserMapper.deleteProjectRelation(project.getId(),
user.getId());
+ }
+ });
+
+ this.putMsg(result, Status.SUCCESS);
+ return result;
+ }
+
+ /**
+ * grant project with read permission
+ *
+ * @param loginUser login user
+ * @param userId user id
+ * @param projectIds project id array
+ * @return grant result code
+ */
+ @Override
+ @Transactional(rollbackFor = RuntimeException.class)
+ public Map<String, Object> grantProjectWithReadPerm(User loginUser, int
userId, String projectIds) {
+ Map<String, Object> result = new HashMap<>();
+ result.put(Constants.STATUS, false);
+
+ if(resourcePermissionCheckService.functionDisabled()){
+ putMsg(result, Status.FUNCTION_DISABLED);
+ return result;
+ }
+ //check exist
+ User tempUser = userMapper.selectById(userId);
+ if (tempUser == null) {
+ putMsg(result, Status.USER_NOT_EXIST, userId);
+ return result;
+ }
+
+ if (check(result, StringUtils.isEmpty(projectIds), Status.SUCCESS)) {
+ return result;
+ }
+ Arrays.stream(projectIds.split(",")).distinct().forEach(projectId -> {
+ ProjectUser projectUserOld =
projectUserMapper.queryProjectRelation(Integer.parseInt(projectId), userId);
Review Comment:
## Missing catch of NumberFormatException
Potential uncaught 'java.lang.NumberFormatException'.
[Show more
details](https://github.com/apache/dolphinscheduler/security/code-scanning/1865)
##########
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/UsersService.java:
##########
@@ -150,8 +150,17 @@
~ * @param projectIds project id array
~ * @return grant result code
*/
Map<String, Object> grantProject(User loginUser, int userId, String
projectIds);
+ /**
+ * grant project with read permission
+ *
+ * @param loginUser login user
+ * @param userId user id
+ * @param projectIds project id array
+ * @return grant result code
+ */
+ Map<String, Object> grantProjectWithReadPerm(User loginUser, int userId,
String projectIds);
Review Comment:
## Useless parameter
The parameter 'loginUser' is never used.
[Show more
details](https://github.com/apache/dolphinscheduler/security/code-scanning/1856)
##########
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UsersServiceImpl.java:
##########
@@ -527,6 +527,98 @@
}
}
+ /**
+ * revoke the project permission for specified user by id
+ * @param loginUser Login user
+ * @param userId User id
+ * @param projectIds project id array
+ * @return
+ */
+ @Override
+ @Transactional(rollbackFor = RuntimeException.class)
+ public Map<String, Object> revokeProjectById(User loginUser, int userId,
String projectIds){
+ Map<String, Object> result = new HashMap<>();
+ result.put(Constants.STATUS, false);
+
+ if(resourcePermissionCheckService.functionDisabled()){
+ putMsg(result, Status.FUNCTION_DISABLED);
+ return result;
+ }
+ // 1. only admin can operate
+ if (this.check(result, !this.isAdmin(loginUser),
Status.USER_NO_OPERATION_PERM)) {
+ return result;
+ }
+
+ // 2. check if user is existed
+ User user = this.userMapper.selectById(userId);
+ if (user == null) {
+ this.putMsg(result, Status.USER_NOT_EXIST, userId);
+ return result;
+ }
+
+ Arrays.stream(projectIds.split(",")).distinct().forEach(projectId -> {
+ // 3. check if project is existed
+ Project project =
this.projectMapper.queryDetailById(Integer.parseInt(projectId));
+ if (project == null) {
+ this.putMsg(result, Status.PROJECT_NOT_FOUND,
Integer.parseInt(projectId));
Review Comment:
## Missing catch of NumberFormatException
Potential uncaught 'java.lang.NumberFormatException'.
[Show more
details](https://github.com/apache/dolphinscheduler/security/code-scanning/1864)
##########
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UsersServiceImpl.java:
##########
@@ -527,6 +527,98 @@
}
}
+ /**
+ * revoke the project permission for specified user by id
+ * @param loginUser Login user
+ * @param userId User id
+ * @param projectIds project id array
+ * @return
+ */
+ @Override
+ @Transactional(rollbackFor = RuntimeException.class)
+ public Map<String, Object> revokeProjectById(User loginUser, int userId,
String projectIds){
+ Map<String, Object> result = new HashMap<>();
+ result.put(Constants.STATUS, false);
+
+ if(resourcePermissionCheckService.functionDisabled()){
+ putMsg(result, Status.FUNCTION_DISABLED);
+ return result;
+ }
+ // 1. only admin can operate
+ if (this.check(result, !this.isAdmin(loginUser),
Status.USER_NO_OPERATION_PERM)) {
+ return result;
+ }
+
+ // 2. check if user is existed
+ User user = this.userMapper.selectById(userId);
+ if (user == null) {
+ this.putMsg(result, Status.USER_NOT_EXIST, userId);
+ return result;
+ }
+
+ Arrays.stream(projectIds.split(",")).distinct().forEach(projectId -> {
+ // 3. check if project is existed
+ Project project =
this.projectMapper.queryDetailById(Integer.parseInt(projectId));
+ if (project == null) {
+ this.putMsg(result, Status.PROJECT_NOT_FOUND,
Integer.parseInt(projectId));
+ }
+ else{
+ // 4. delete the relationship between project and user
+ this.projectUserMapper.deleteProjectRelation(project.getId(),
user.getId());
+ }
+ });
+
+ this.putMsg(result, Status.SUCCESS);
+ return result;
+ }
+
+ /**
+ * grant project with read permission
+ *
+ * @param loginUser login user
+ * @param userId user id
+ * @param projectIds project id array
+ * @return grant result code
+ */
+ @Override
+ @Transactional(rollbackFor = RuntimeException.class)
+ public Map<String, Object> grantProjectWithReadPerm(User loginUser, int
userId, String projectIds) {
+ Map<String, Object> result = new HashMap<>();
+ result.put(Constants.STATUS, false);
+
+ if(resourcePermissionCheckService.functionDisabled()){
+ putMsg(result, Status.FUNCTION_DISABLED);
+ return result;
+ }
+ //check exist
+ User tempUser = userMapper.selectById(userId);
+ if (tempUser == null) {
+ putMsg(result, Status.USER_NOT_EXIST, userId);
+ return result;
+ }
+
+ if (check(result, StringUtils.isEmpty(projectIds), Status.SUCCESS)) {
+ return result;
+ }
+ Arrays.stream(projectIds.split(",")).distinct().forEach(projectId -> {
+ ProjectUser projectUserOld =
projectUserMapper.queryProjectRelation(Integer.parseInt(projectId), userId);
+ if (projectUserOld != null) {
+
projectUserMapper.deleteProjectRelation(Integer.parseInt(projectId), userId);
+ }
+ Date now = new Date();
+ ProjectUser projectUser = new ProjectUser();
+ projectUser.setUserId(userId);
+ projectUser.setProjectId(Integer.parseInt(projectId));
Review Comment:
## Missing catch of NumberFormatException
Potential uncaught 'java.lang.NumberFormatException'.
[Show more
details](https://github.com/apache/dolphinscheduler/security/code-scanning/1867)
##########
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UsersServiceImpl.java:
##########
@@ -527,6 +527,98 @@
}
}
+ /**
+ * revoke the project permission for specified user by id
+ * @param loginUser Login user
+ * @param userId User id
+ * @param projectIds project id array
+ * @return
+ */
+ @Override
+ @Transactional(rollbackFor = RuntimeException.class)
+ public Map<String, Object> revokeProjectById(User loginUser, int userId,
String projectIds){
+ Map<String, Object> result = new HashMap<>();
+ result.put(Constants.STATUS, false);
+
+ if(resourcePermissionCheckService.functionDisabled()){
+ putMsg(result, Status.FUNCTION_DISABLED);
+ return result;
+ }
+ // 1. only admin can operate
+ if (this.check(result, !this.isAdmin(loginUser),
Status.USER_NO_OPERATION_PERM)) {
+ return result;
+ }
+
+ // 2. check if user is existed
+ User user = this.userMapper.selectById(userId);
+ if (user == null) {
+ this.putMsg(result, Status.USER_NOT_EXIST, userId);
+ return result;
+ }
+
+ Arrays.stream(projectIds.split(",")).distinct().forEach(projectId -> {
+ // 3. check if project is existed
+ Project project =
this.projectMapper.queryDetailById(Integer.parseInt(projectId));
+ if (project == null) {
+ this.putMsg(result, Status.PROJECT_NOT_FOUND,
Integer.parseInt(projectId));
+ }
+ else{
+ // 4. delete the relationship between project and user
+ this.projectUserMapper.deleteProjectRelation(project.getId(),
user.getId());
+ }
+ });
+
+ this.putMsg(result, Status.SUCCESS);
+ return result;
+ }
+
+ /**
+ * grant project with read permission
+ *
+ * @param loginUser login user
+ * @param userId user id
+ * @param projectIds project id array
+ * @return grant result code
+ */
+ @Override
+ @Transactional(rollbackFor = RuntimeException.class)
+ public Map<String, Object> grantProjectWithReadPerm(User loginUser, int
userId, String projectIds) {
+ Map<String, Object> result = new HashMap<>();
+ result.put(Constants.STATUS, false);
+
+ if(resourcePermissionCheckService.functionDisabled()){
+ putMsg(result, Status.FUNCTION_DISABLED);
+ return result;
+ }
+ //check exist
+ User tempUser = userMapper.selectById(userId);
+ if (tempUser == null) {
+ putMsg(result, Status.USER_NOT_EXIST, userId);
+ return result;
+ }
+
+ if (check(result, StringUtils.isEmpty(projectIds), Status.SUCCESS)) {
+ return result;
+ }
+ Arrays.stream(projectIds.split(",")).distinct().forEach(projectId -> {
+ ProjectUser projectUserOld =
projectUserMapper.queryProjectRelation(Integer.parseInt(projectId), userId);
+ if (projectUserOld != null) {
+
projectUserMapper.deleteProjectRelation(Integer.parseInt(projectId), userId);
Review Comment:
## Missing catch of NumberFormatException
Potential uncaught 'java.lang.NumberFormatException'.
[Show more
details](https://github.com/apache/dolphinscheduler/security/code-scanning/1866)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
