[dolphinscheduler] branch dev updated: [Fix-12828][api] Add permission check when query specific datasource (#12830)

Tue, 31 Jan 2023 18:41:24 -0800 

This is an automated email from the ASF dual-hosted git repository.

chufenggao pushed a commit to branch dev
in repository https://gitbox.apache.org/repos/asf/dolphinscheduler.git


The following commit(s) were added to refs/heads/dev by this push:
     new 80da35e39c [Fix-12828][api] Add permission check when query specific 
datasource (#12830)
80da35e39c is described below

commit 80da35e39cae8edd5d228d4d189f1eb3d4013aee
Author: Rick Cheng <[email protected]>
AuthorDate: Wed Feb 1 10:41:05 2023 +0800

    [Fix-12828][api] Add permission check when query specific datasource 
(#12830)
---
 .../api/controller/DataSourceController.java             |  2 +-
 .../dolphinscheduler/api/service/DataSourceService.java  |  2 +-
 .../api/service/impl/DataSourceServiceImpl.java          | 13 +++++++++----
 .../api/service/DataSourceServiceTest.java               | 16 +++++++++++++---
 4 files changed, 24 insertions(+), 9 deletions(-)

diff --git 
a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/controller/DataSourceController.java
 
b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/controller/DataSourceController.java
index 6418995d43..475620b257 100644
--- 
a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/controller/DataSourceController.java
+++ 
b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/controller/DataSourceController.java
@@ -141,7 +141,7 @@ public class DataSourceController extends BaseController {
     public Result queryDataSource(@Parameter(hidden = true) 
@RequestAttribute(value = Constants.SESSION_USER) User loginUser,
                                   @PathVariable("id") int id) {
 
-        Map<String, Object> result = dataSourceService.queryDataSource(id);
+        Map<String, Object> result = dataSourceService.queryDataSource(id, 
loginUser);
         return returnDataList(result);
     }
 
diff --git 
a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/DataSourceService.java
 
b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/DataSourceService.java
index c1454f948b..c7f3ca0d74 100644
--- 
a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/DataSourceService.java
+++ 
b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/DataSourceService.java
@@ -55,7 +55,7 @@ public interface DataSourceService {
      * @param id datasource id
      * @return data source detail
      */
-    Map<String, Object> queryDataSource(int id);
+    Map<String, Object> queryDataSource(int id, User loginUser);
 
     /**
      * query datasource list by keyword
diff --git 
a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/DataSourceServiceImpl.java
 
b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/DataSourceServiceImpl.java
index b7cd6f1518..5a654c0504 100644
--- 
a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/DataSourceServiceImpl.java
+++ 
b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/DataSourceServiceImpl.java
@@ -234,7 +234,7 @@ public class DataSourceServiceImpl extends BaseServiceImpl 
implements DataSource
      * @return data source detail
      */
     @Override
-    public Map<String, Object> queryDataSource(int id) {
+    public Map<String, Object> queryDataSource(int id, User loginUser) {
 
         Map<String, Object> result = new HashMap<>();
         DataSource dataSource = dataSourceMapper.selectById(id);
@@ -243,6 +243,13 @@ public class DataSourceServiceImpl extends BaseServiceImpl 
implements DataSource
             putMsg(result, Status.RESOURCE_NOT_EXIST);
             return result;
         }
+
+        if (!canOperatorPermissions(loginUser, new 
Object[]{dataSource.getId()}, AuthorizationType.DATASOURCE,
+                ApiFuncIdentificationConstant.DATASOURCE)) {
+            putMsg(result, Status.USER_NO_OPERATION_PERM);
+            return result;
+        }
+
         // type
         BaseDataSourceParamDTO baseDataSourceParamDTO = 
DataSourceUtils.buildDatasourceParamDTO(
                 dataSource.getType(), dataSource.getConnectionParams());
@@ -272,8 +279,7 @@ public class DataSourceServiceImpl extends BaseServiceImpl 
implements DataSource
         Page<DataSource> dataSourcePage = new Page<>(pageNo, pageSize);
         PageInfo<DataSource> pageInfo = new PageInfo<>(pageNo, pageSize);
         if (loginUser.getUserType().equals(UserType.ADMIN_USER)) {
-            dataSourceList = dataSourceMapper.selectPaging(dataSourcePage,
-                    UserType.ADMIN_USER.equals(loginUser.getUserType()) ? 0 : 
loginUser.getId(), searchVal);
+            dataSourceList = dataSourceMapper.selectPaging(dataSourcePage, 0, 
searchVal);
         } else {
             Set<Integer> ids = resourcePermissionCheckService
                     
.userOwnedResourceIdsAcquisition(AuthorizationType.DATASOURCE, 
loginUser.getId(), logger);
@@ -340,7 +346,6 @@ public class DataSourceServiceImpl extends BaseServiceImpl 
implements DataSource
             datasourceList = dataSourceMapper.selectBatchIds(ids).stream()
                     .filter(dataSource -> dataSource.getType().getCode() == 
type)
                     .filter(dataSource -> dataSource.getTestFlag() == 
testFlag).collect(Collectors.toList());
-
         }
         result.put(Constants.DATA_LIST, datasourceList);
         putMsg(result, Status.SUCCESS);
diff --git 
a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/DataSourceServiceTest.java
 
b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/DataSourceServiceTest.java
index 7b435d5fea..68290de26e 100644
--- 
a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/DataSourceServiceTest.java
+++ 
b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/DataSourceServiceTest.java
@@ -17,6 +17,8 @@
 
 package org.apache.dolphinscheduler.api.service;
 
+import static 
org.apache.dolphinscheduler.api.constants.ApiFuncIdentificationConstant.DATASOURCE;
+
 import org.apache.dolphinscheduler.api.enums.Status;
 import 
org.apache.dolphinscheduler.api.permission.ResourcePermissionCheckService;
 import org.apache.dolphinscheduler.api.service.impl.BaseServiceImpl;
@@ -334,11 +336,19 @@ public class DataSourceServiceTest {
     @Test
     public void queryDataSourceTest() {
         
Mockito.when(dataSourceMapper.selectById(Mockito.anyInt())).thenReturn(null);
-        Map<String, Object> result = 
dataSourceService.queryDataSource(Mockito.anyInt());
+        User loginUser = new User();
+        loginUser.setUserType(UserType.GENERAL_USER);
+        loginUser.setId(2);
+        Map<String, Object> result = 
dataSourceService.queryDataSource(Mockito.anyInt(), loginUser);
         Assertions.assertEquals(((Status) 
result.get(Constants.STATUS)).getCode(), Status.RESOURCE_NOT_EXIST.getCode());
 
-        
Mockito.when(dataSourceMapper.selectById(Mockito.anyInt())).thenReturn(getOracleDataSource());
-        result = dataSourceService.queryDataSource(Mockito.anyInt());
+        DataSource dataSource = getOracleDataSource(1);
+        
Mockito.when(dataSourceMapper.selectById(Mockito.anyInt())).thenReturn(dataSource);
+        
Mockito.when(resourcePermissionCheckService.operationPermissionCheck(AuthorizationType.DATASOURCE,
+                loginUser.getId(), DATASOURCE, 
baseServiceLogger)).thenReturn(true);
+        
Mockito.when(resourcePermissionCheckService.resourcePermissionCheck(AuthorizationType.DATASOURCE,
+                new Object[]{dataSource.getId()}, loginUser.getId(), 
baseServiceLogger)).thenReturn(true);
+        result = dataSourceService.queryDataSource(dataSource.getId(), 
loginUser);
         Assertions.assertEquals(((Status) 
result.get(Constants.STATUS)).getCode(), Status.SUCCESS.getCode());
     }

Reply via email to