EricGao888 commented on code in PR #13626:
URL:
https://github.com/apache/dolphinscheduler/pull/13626#discussion_r1119632073
##########
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ProcessTaskRelationServiceImpl.java:
##########
@@ -543,6 +543,38 @@ public Map<String, Object> deleteEdge(User loginUser, long
projectCode, long pro
return result;
}
+ /**
+ * query task relation by projectCode and processDefinitionCode
+ *
+ * @param loginUser loginUser
+ * @param projectCode projectCode
+ * @param processDefinitionCode processDefinitionCode
+ * @return process task relation lis
+ */
+ @Override
+ public Map<String, Object> queryProcessTaskRelation(User loginUser, long
projectCode,
+ long processDefinitionCode) {
+
+ Map<String, Object> result = new HashMap<>();
+
+ ProcessDefinition processDefinition =
processDefinitionMapper.queryByCode(processDefinitionCode);
Review Comment:
DS usually checks both interface and resource permissions in service level
for security purpose, see:
https://github.com/apache/dolphinscheduler/blob/7586710d49ea86a22798a3f401a875e2f8669dbc/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ProcessTaskRelationServiceImpl.java#L123
Without permission check, one user could easily hack other's data.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
