This is an automated email from the ASF dual-hosted git repository.
benjobs pushed a commit to branch dev-2.1.4
in repository https://gitbox.apache.org/repos/asf/incubator-streampark.git
The following commit(s) were added to refs/heads/dev-2.1.4 by this push:
new b3eecdf90 [Improve] permission check improvement
b3eecdf90 is described below
commit b3eecdf90c76d7a1eff4233d8582ff3d572e0f9a
Author: benjobs <[email protected]>
AuthorDate: Fri Apr 12 18:36:30 2024 +0800
[Improve] permission check improvement
---
...{PermissionAction.java => PermissionScope.java} | 11 ++--
.../console/core/aspect/StreamParkAspect.java | 64 +++++++++----------
.../ApplicationBuildPipelineController.java | 6 +-
.../core/controller/ApplicationController.java | 72 ++++++++--------------
.../console/core/enums/PermissionType.java | 24 --------
.../console/core/service/ApplicationService.java | 2 +-
.../core/service/impl/ApplicationServiceImpl.java | 4 +-
.../system/controller/MemberController.java | 9 ++-
.../console/system/controller/UserController.java | 9 +--
.../src/api/flink/app/app.ts | 1 -
.../src/store/modules/user.ts | 1 -
11 files changed, 79 insertions(+), 124 deletions(-)
diff --git
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/core/annotation/PermissionAction.java
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/core/annotation/PermissionScope.java
similarity index 88%
rename from
streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/core/annotation/PermissionAction.java
rename to
streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/core/annotation/PermissionScope.java
index 04d964c61..12339f0f4 100644
---
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/core/annotation/PermissionAction.java
+++
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/core/annotation/PermissionScope.java
@@ -17,8 +17,6 @@
package org.apache.streampark.console.core.annotation;
-import org.apache.streampark.console.core.enums.PermissionType;
-
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
@@ -26,8 +24,11 @@ import java.lang.annotation.Target;
@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
-public @interface PermissionAction {
- String id();
+public @interface PermissionScope {
+
+ String user() default "";
+
+ String team() default "";
- PermissionType type();
+ String app() default "";
}
diff --git
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/core/aspect/StreamParkAspect.java
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/core/aspect/StreamParkAspect.java
index c9bc1ee01..352362e66 100644
---
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/core/aspect/StreamParkAspect.java
+++
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/core/aspect/StreamParkAspect.java
@@ -20,9 +20,8 @@ package org.apache.streampark.console.core.aspect;
import org.apache.streampark.console.base.domain.RestResponse;
import org.apache.streampark.console.base.exception.ApiAlertException;
import org.apache.streampark.console.core.annotation.ApiAccess;
-import org.apache.streampark.console.core.annotation.PermissionAction;
+import org.apache.streampark.console.core.annotation.PermissionScope;
import org.apache.streampark.console.core.entity.Application;
-import org.apache.streampark.console.core.enums.PermissionType;
import org.apache.streampark.console.core.enums.UserType;
import org.apache.streampark.console.core.service.ApplicationService;
import org.apache.streampark.console.core.service.ServiceHelper;
@@ -93,14 +92,14 @@ public class StreamParkAspect {
return target;
}
-
@Pointcut("@annotation(org.apache.streampark.console.core.annotation.PermissionAction)")
+
@Pointcut("@annotation(org.apache.streampark.console.core.annotation.PermissionScope)")
public void permissionAction() {}
@Around("permissionAction()")
public RestResponse permissionAction(ProceedingJoinPoint joinPoint) throws
Throwable {
MethodSignature methodSignature = (MethodSignature)
joinPoint.getSignature();
- PermissionAction permissionAction =
- methodSignature.getMethod().getAnnotation(PermissionAction.class);
+ PermissionScope permissionScope =
+ methodSignature.getMethod().getAnnotation(PermissionScope.class);
User currentUser = serviceHelper.getLoginUser();
ApiAlertException.throwIfNull(currentUser, "Permission denied, please
login first.");
@@ -108,42 +107,44 @@ public class StreamParkAspect {
boolean isAdmin = currentUser.getUserType() == UserType.ADMIN;
if (!isAdmin) {
- PermissionType permissionType = permissionAction.type();
- Long paramId = getParamId(joinPoint, methodSignature,
permissionAction.id());
+ // 1) check userId
+ Long userId = getId(joinPoint, methodSignature, permissionScope.user());
+ ApiAlertException.throwIfTrue(
+ userId != null && !currentUser.getUserId().equals(userId),
+ "Permission denied, operations can only be performed with the
permissions of the currently logged-in user.");
+
+ // 2) check team
+ Long teamId = getId(joinPoint, methodSignature, permissionScope.team());
+ if (teamId != null) {
+ Member member = memberService.findByUserName(teamId,
currentUser.getUsername());
+ ApiAlertException.throwIfTrue(
+ member == null,
+ "Permission denied, only members of this team can access this
permission");
+ }
- switch (permissionType) {
- case USER:
- ApiAlertException.throwIfTrue(
- !currentUser.getUserId().equals(paramId),
- "Permission denied, only user himself can access this
permission");
- break;
- case TEAM:
- Member member = memberService.findByUserName(paramId,
currentUser.getUsername());
- ApiAlertException.throwIfTrue(
- member == null,
- "Permission denied, only user belongs to this team can access
this permission");
- break;
- case APP:
- Application app = applicationService.getById(paramId);
- ApiAlertException.throwIfTrue(app == null, "Invalid operation,
application is null");
- member = memberService.findByUserName(app.getTeamId(),
currentUser.getUsername());
+ // 3) check app
+ Long appId = getId(joinPoint, methodSignature, permissionScope.app());
+ if (appId != null) {
+ Application app = applicationService.getById(appId);
+ ApiAlertException.throwIfTrue(app == null, "Invalid operation,
application is null");
+ if (!currentUser.getUserId().equals(app.getUserId())) {
+ Member member = memberService.findByUserName(app.getTeamId(),
currentUser.getUsername());
ApiAlertException.throwIfTrue(
member == null,
- "Permission denied, only user belongs to this team can access
this permission");
- break;
- default:
- throw new IllegalArgumentException(
- String.format("Permission type %s is not supported.",
permissionType));
+ "Permission denied, this job not created by the current user,
And the job cannot be found in the current user's team.");
+ }
}
}
return (RestResponse) joinPoint.proceed();
}
- private Long getParamId(
- ProceedingJoinPoint joinPoint, MethodSignature methodSignature, String
spELString) {
+ private Long getId(ProceedingJoinPoint joinPoint, MethodSignature
methodSignature, String expr) {
+ if (StringUtils.isEmpty(expr)) {
+ return null;
+ }
SpelExpressionParser parser = new SpelExpressionParser();
- Expression expression = parser.parseExpression(spELString);
+ Expression expression = parser.parseExpression(expr);
EvaluationContext context = new StandardEvaluationContext();
Object[] args = joinPoint.getArgs();
DefaultParameterNameDiscoverer discoverer = new
DefaultParameterNameDiscoverer();
@@ -156,7 +157,6 @@ public class StreamParkAspect {
if (value == null || StringUtils.isBlank(value.toString())) {
return null;
}
-
try {
return Long.parseLong(value.toString());
} catch (NumberFormatException e) {
diff --git
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/core/controller/ApplicationBuildPipelineController.java
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/core/controller/ApplicationBuildPipelineController.java
index 154aca57d..c3f23af79 100644
---
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/core/controller/ApplicationBuildPipelineController.java
+++
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/core/controller/ApplicationBuildPipelineController.java
@@ -21,13 +21,12 @@ import
org.apache.streampark.console.base.domain.ApiDocConstant;
import org.apache.streampark.console.base.domain.RestResponse;
import org.apache.streampark.console.base.exception.ApiAlertException;
import org.apache.streampark.console.core.annotation.ApiAccess;
-import org.apache.streampark.console.core.annotation.PermissionAction;
+import org.apache.streampark.console.core.annotation.PermissionScope;
import org.apache.streampark.console.core.bean.AppBuildDockerResolvedDetail;
import org.apache.streampark.console.core.entity.AppBuildPipeline;
import org.apache.streampark.console.core.entity.Application;
import org.apache.streampark.console.core.entity.ApplicationLog;
import org.apache.streampark.console.core.entity.FlinkEnv;
-import org.apache.streampark.console.core.enums.PermissionType;
import org.apache.streampark.console.core.service.AppBuildPipeService;
import org.apache.streampark.console.core.service.ApplicationLogService;
import org.apache.streampark.console.core.service.ApplicationService;
@@ -92,7 +91,7 @@ public class ApplicationBuildPipelineController {
schema = @Schema(defaultValue = "false", implementation =
boolean.class))
})
@ApiAccess
- @PermissionAction(id = "#appId", type = PermissionType.APP)
+ @PermissionScope(app = "#appId")
@PostMapping(value = "build")
@RequiresPermissions("app:create")
public RestResponse buildApplication(Long appId, boolean forceBuild) throws
Exception {
@@ -153,6 +152,7 @@ public class ApplicationBuildPipelineController {
@Operation(summary = "Get application release pipeline")
@ApiAccess
@PostMapping("/detail")
+ @PermissionScope(app = "#appId")
@RequiresPermissions("app:view")
public RestResponse getBuildProgressDetail(Long appId) {
Map<String, Object> details = new HashMap<>(0);
diff --git
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/core/controller/ApplicationController.java
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/core/controller/ApplicationController.java
index 672e01959..a3ad99c2e 100644
---
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/core/controller/ApplicationController.java
+++
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/core/controller/ApplicationController.java
@@ -25,13 +25,11 @@ import
org.apache.streampark.console.base.domain.RestResponse;
import org.apache.streampark.console.base.exception.InternalException;
import org.apache.streampark.console.core.annotation.ApiAccess;
import org.apache.streampark.console.core.annotation.AppUpdated;
-import org.apache.streampark.console.core.annotation.PermissionAction;
+import org.apache.streampark.console.core.annotation.PermissionScope;
import org.apache.streampark.console.core.entity.Application;
import org.apache.streampark.console.core.entity.ApplicationBackUp;
import org.apache.streampark.console.core.entity.ApplicationLog;
import org.apache.streampark.console.core.enums.AppExistsState;
-import org.apache.streampark.console.core.enums.PermissionType;
-import org.apache.streampark.console.core.service.AppBuildPipeService;
import org.apache.streampark.console.core.service.ApplicationBackUpService;
import org.apache.streampark.console.core.service.ApplicationLogService;
import org.apache.streampark.console.core.service.ApplicationService;
@@ -74,12 +72,10 @@ public class ApplicationController {
@Autowired private ApplicationLogService applicationLogService;
- @Autowired private AppBuildPipeService appBuildPipeService;
-
@Operation(summary = "Get application")
@ApiAccess
@PostMapping("get")
- @PermissionAction(id = "#app.id", type = PermissionType.APP)
+ @PermissionScope(app = "#app.id")
@RequiresPermissions("app:detail")
public RestResponse get(Application app) {
Application application = applicationService.getApp(app);
@@ -87,8 +83,7 @@ public class ApplicationController {
}
@Operation(summary = "Create application")
- @ApiAccess
- @PermissionAction(id = "#app.teamId", type = PermissionType.TEAM)
+ @PermissionScope(team = "#app.teamId")
@PostMapping("create")
@RequiresPermissions("app:create")
public RestResponse create(Application app) throws IOException {
@@ -113,8 +108,7 @@ public class ApplicationController {
example = "copy-app"),
@Parameter(name = "args", description = "new application args", in =
ParameterIn.QUERY)
})
- @ApiAccess
- @PermissionAction(id = "#app.id", type = PermissionType.APP)
+ @PermissionScope(app = "#app.id", team = "#app.teamId")
@PostMapping(value = "copy")
@RequiresPermissions("app:copy")
public RestResponse copy(@Parameter(hidden = true) Application app) throws
IOException {
@@ -128,7 +122,7 @@ public class ApplicationController {
@Operation(summary = "Update application")
@AppUpdated
- @PermissionAction(id = "#app.id", type = PermissionType.APP)
+ @PermissionScope(app = "#app.id")
@PostMapping("update")
@RequiresPermissions("app:update")
public RestResponse update(Application app) {
@@ -138,7 +132,7 @@ public class ApplicationController {
@Operation(summary = "Get applications dashboard data")
@PostMapping("dashboard")
- @PermissionAction(id = "#app.teamId", type = PermissionType.TEAM)
+ @PermissionScope(team = "#app.teamId")
public RestResponse dashboard(Application app) {
Map<String, Serializable> map =
applicationService.dashboard(app.getTeamId());
return RestResponse.success(map);
@@ -147,7 +141,7 @@ public class ApplicationController {
@Operation(summary = "List applications")
@ApiAccess
@PostMapping("list")
- @PermissionAction(id = "#app.id", type = PermissionType.APP)
+ @PermissionScope(team = "#app.teamId")
@RequiresPermissions("app:view")
public RestResponse list(Application app, RestRequest request) {
IPage<Application> applicationList = applicationService.page(app, request);
@@ -157,7 +151,7 @@ public class ApplicationController {
@Operation(summary = "Mapping application")
@AppUpdated
@PostMapping("mapping")
- @PermissionAction(id = "#app.id", type = PermissionType.APP)
+ @PermissionScope(app = "#app.id")
@RequiresPermissions("app:mapping")
public RestResponse mapping(Application app) {
boolean flag = applicationService.mapping(app);
@@ -166,7 +160,7 @@ public class ApplicationController {
@Operation(summary = "Revoke application")
@AppUpdated
- @PermissionAction(id = "#app.id", type = PermissionType.APP)
+ @PermissionScope(app = "#app.id")
@PostMapping("revoke")
@RequiresPermissions("app:release")
public RestResponse revoke(Application app) {
@@ -205,7 +199,7 @@ public class ApplicationController {
schema = @Schema(implementation = boolean.class, defaultValue =
"false"))
})
@ApiAccess
- @PermissionAction(id = "#app.id", type = PermissionType.APP)
+ @PermissionScope(app = "#app.id")
@PostMapping(value = "start")
@RequiresPermissions("app:start")
public RestResponse start(@Parameter(hidden = true) Application app) {
@@ -218,7 +212,7 @@ public class ApplicationController {
}
}
- @PermissionAction(id = "#app.id", type = PermissionType.APP)
+ @PermissionScope(app = "#app.id")
@PostMapping(value = "check_start")
@RequiresPermissions("app:start")
public RestResponse checkStart(Application app) {
@@ -258,7 +252,7 @@ public class ApplicationController {
example = "false",
schema = @Schema(implementation = boolean.class, defaultValue =
"false"))
})
- @PermissionAction(id = "#app.id", type = PermissionType.APP)
+ @PermissionScope(app = "#app.id")
@PostMapping(value = "cancel")
@RequiresPermissions("app:cancel")
public RestResponse cancel(@Parameter(hidden = true) Application app) throws
Exception {
@@ -266,20 +260,9 @@ public class ApplicationController {
return RestResponse.success();
}
- @Operation(summary = "Clean application")
- @AppUpdated
- @ApiAccess
- @PermissionAction(id = "#app.id", type = PermissionType.APP)
- @PostMapping("clean")
- @RequiresPermissions("app:clean")
- public RestResponse clean(Application app) {
- applicationService.clean(app);
- return RestResponse.success(true);
- }
-
/** force stop(stop normal start or in progress) */
@Operation(summary = "Force stop application")
- @PermissionAction(id = "#app.id", type = PermissionType.APP)
+ @PermissionScope(app = "#app.id")
@PostMapping("forcedStop")
@RequiresPermissions("app:cancel")
public RestResponse forcedStop(Application app) {
@@ -295,7 +278,6 @@ public class ApplicationController {
@Operation(summary = "Get application on yarn name")
@PostMapping("name")
- @PermissionAction(id = "#app.id", type = PermissionType.APP)
public RestResponse yarnName(Application app) {
String yarnName = applicationService.getYarnName(app);
return RestResponse.success(yarnName);
@@ -303,7 +285,6 @@ public class ApplicationController {
@Operation(summary = "Check the application exist status")
@PostMapping("checkName")
- @PermissionAction(id = "#app.id", type = PermissionType.APP)
public RestResponse checkName(Application app) {
AppExistsState exists = applicationService.checkExists(app);
return RestResponse.success(exists.get());
@@ -311,15 +292,14 @@ public class ApplicationController {
@Operation(summary = "Get application conf")
@PostMapping("readConf")
- @PermissionAction(id = "#app.id", type = PermissionType.APP)
- public RestResponse readConf(Application app) throws IOException {
- String config = applicationService.readConf(app);
- return RestResponse.success(config);
+ public RestResponse readConf(String config) throws IOException {
+ String content = applicationService.readConf(config);
+ return RestResponse.success(content);
}
@Operation(summary = "Get application main-class")
@PostMapping("main")
- @PermissionAction(id = "#app.id", type = PermissionType.APP)
+ @PermissionScope(app = "#app.id")
public RestResponse getMain(Application app) {
String mainClass = applicationService.getMain(app);
return RestResponse.success(mainClass);
@@ -327,7 +307,7 @@ public class ApplicationController {
@Operation(summary = "List application backups")
@PostMapping("backups")
- @PermissionAction(id = "#backUp.appId", type = PermissionType.APP)
+ @PermissionScope(app = "#backUp.appId")
public RestResponse backups(ApplicationBackUp backUp, RestRequest request) {
IPage<ApplicationBackUp> backups = backUpService.page(backUp, request);
return RestResponse.success(backups);
@@ -335,14 +315,14 @@ public class ApplicationController {
@Operation(summary = "List application operation logs")
@PostMapping("optionlog")
- @PermissionAction(id = "#backUp.appId", type = PermissionType.APP)
- public RestResponse optionlog(ApplicationLog applicationLog, RestRequest
request) {
- IPage<ApplicationLog> applicationList =
applicationLogService.page(applicationLog, request);
+ @PermissionScope(app = "#log.appId")
+ public RestResponse log(ApplicationLog log, RestRequest request) {
+ IPage<ApplicationLog> applicationList = applicationLogService.page(log,
request);
return RestResponse.success(applicationList);
}
@Operation(summary = "Delete application operation log")
- @PermissionAction(id = "#log.appId", type = PermissionType.APP)
+ @PermissionScope(app = "#log.appId")
@PostMapping("deleteOperationLog")
@RequiresPermissions("app:delete")
public RestResponse deleteOperationLog(ApplicationLog log) {
@@ -351,7 +331,7 @@ public class ApplicationController {
}
@Operation(summary = "Delete application")
- @PermissionAction(id = "#app.id", type = PermissionType.APP)
+ @PermissionScope(app = "#app.id")
@PostMapping("delete")
@RequiresPermissions("app:delete")
public RestResponse delete(Application app) throws InternalException {
@@ -360,7 +340,7 @@ public class ApplicationController {
}
@Operation(summary = "Backup application when deleted")
- @PermissionAction(id = "#backUp.appId", type = PermissionType.APP)
+ @PermissionScope(app = "#backUp.appId")
@PostMapping("deletebak")
public RestResponse deleteBak(ApplicationBackUp backUp) throws
InternalException {
Boolean deleted = backUpService.delete(backUp.getId());
@@ -412,7 +392,7 @@ public class ApplicationController {
@Operation(summary = "Check the application savepoint path")
@PostMapping("checkSavepointPath")
- @PermissionAction(id = "#app.id", type = PermissionType.APP)
+ @PermissionScope(app = "#app.id")
public RestResponse checkSavepointPath(Application app) throws Exception {
String error = applicationService.checkSavepointPath(app);
if (error == null) {
@@ -443,7 +423,7 @@ public class ApplicationController {
example = "100",
schema = @Schema(implementation = int.class)),
})
- @PermissionAction(id = "#id", type = PermissionType.APP)
+ @PermissionScope(app = "#id")
@PostMapping(value = "k8sStartLog")
public RestResponse k8sStartLog(Long id, Integer offset, Integer limit)
throws Exception {
String resp = applicationService.k8sStartLog(id, offset, limit);
diff --git
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/core/enums/PermissionType.java
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/core/enums/PermissionType.java
deleted file mode 100644
index 8df8ab907..000000000
---
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/core/enums/PermissionType.java
+++ /dev/null
@@ -1,24 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.streampark.console.core.enums;
-
-public enum PermissionType {
- USER,
- TEAM,
- APP;
-}
diff --git
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/core/service/ApplicationService.java
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/core/service/ApplicationService.java
index 42d30fec5..db347edf9 100644
---
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/core/service/ApplicationService.java
+++
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/core/service/ApplicationService.java
@@ -65,7 +65,7 @@ public interface ApplicationService extends
IService<Application> {
void clean(Application app);
- String readConf(Application app) throws IOException;
+ String readConf(String config) throws IOException;
Application getApp(Application app);
diff --git
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/core/service/impl/ApplicationServiceImpl.java
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/core/service/impl/ApplicationServiceImpl.java
index 8c30049b4..9be5f05d4 100644
---
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/core/service/impl/ApplicationServiceImpl.java
+++
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/core/service/impl/ApplicationServiceImpl.java
@@ -1221,8 +1221,8 @@ public class ApplicationServiceImpl extends
ServiceImpl<ApplicationMapper, Appli
}
@Override
- public String readConf(Application appParam) throws IOException {
- File file = new File(appParam.getConfig());
+ public String readConf(String config) throws IOException {
+ File file = new File(config);
String conf = FileUtils.readFileToString(file, StandardCharsets.UTF_8);
return Base64.getEncoder().encodeToString(conf.getBytes());
}
diff --git
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/controller/MemberController.java
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/controller/MemberController.java
index 38c584b47..00a427c39 100644
---
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/controller/MemberController.java
+++
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/controller/MemberController.java
@@ -19,8 +19,7 @@ package org.apache.streampark.console.system.controller;
import org.apache.streampark.console.base.domain.RestRequest;
import org.apache.streampark.console.base.domain.RestResponse;
-import org.apache.streampark.console.core.annotation.PermissionAction;
-import org.apache.streampark.console.core.enums.PermissionType;
+import org.apache.streampark.console.core.annotation.PermissionScope;
import org.apache.streampark.console.system.entity.Member;
import org.apache.streampark.console.system.entity.Team;
import org.apache.streampark.console.system.entity.User;
@@ -85,7 +84,7 @@ public class MemberController {
}
@Operation(summary = "Create member")
- @PermissionAction(id = "#member.teamId", type = PermissionType.TEAM)
+ @PermissionScope(team = "#member.teamId")
@PostMapping("post")
@RequiresPermissions("member:add")
public RestResponse create(@Valid Member member) {
@@ -94,7 +93,7 @@ public class MemberController {
}
@Operation(summary = "Delete member")
- @PermissionAction(id = "#member.teamId", type = PermissionType.TEAM)
+ @PermissionScope(team = "#member.teamId")
@DeleteMapping("delete")
@RequiresPermissions("member:delete")
public RestResponse delete(Member member) {
@@ -103,7 +102,7 @@ public class MemberController {
}
@Operation(summary = "Update member")
- @PermissionAction(id = "#member.teamId", type = PermissionType.TEAM)
+ @PermissionScope(team = "#member.teamId")
@PutMapping("update")
@RequiresPermissions("member:update")
public RestResponse update(Member member) {
diff --git
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/controller/UserController.java
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/controller/UserController.java
index 618db67cb..f51c2e4a3 100644
---
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/controller/UserController.java
+++
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/controller/UserController.java
@@ -21,9 +21,8 @@ import org.apache.streampark.console.base.domain.ResponseCode;
import org.apache.streampark.console.base.domain.RestRequest;
import org.apache.streampark.console.base.domain.RestResponse;
import org.apache.streampark.console.base.exception.ApiAlertException;
-import org.apache.streampark.console.core.annotation.PermissionAction;
+import org.apache.streampark.console.core.annotation.PermissionScope;
import org.apache.streampark.console.core.enums.LoginType;
-import org.apache.streampark.console.core.enums.PermissionType;
import org.apache.streampark.console.core.service.ServiceHelper;
import org.apache.streampark.console.system.entity.Team;
import org.apache.streampark.console.system.entity.User;
@@ -82,6 +81,7 @@ public class UserController {
@Operation(summary = "Update user")
@PutMapping("update")
+ @PermissionScope(user = "#user.id")
@RequiresPermissions("user:update")
public RestResponse updateUser(@Valid User user) throws Exception {
this.userService.updateUser(user);
@@ -90,6 +90,7 @@ public class UserController {
@Operation(summary = "Delete user")
@DeleteMapping("delete")
+ @PermissionScope(user = "#userId")
@RequiresPermissions("user:delete")
public RestResponse deleteUser(Long userId) throws Exception {
this.userService.deleteUser(userId);
@@ -97,7 +98,7 @@ public class UserController {
}
@Operation(summary = "List without token users")
- @PostMapping("getNoTokenUser")
+ @PermissionScope(user = "#userId")
@RequiresPermissions("token:add")
public RestResponse getNoTokenUser() {
List<User> userList = this.userService.getNoTokenUser();
@@ -112,7 +113,7 @@ public class UserController {
}
@Operation(summary = "Update password")
- @PermissionAction(id = "#user.userId", type = PermissionType.USER)
+ @PermissionScope(user = "#user.id")
@PutMapping("password")
public RestResponse updatePassword(User user) throws Exception {
userService.updatePassword(user);
diff --git
a/streampark-console/streampark-console-webapp/src/api/flink/app/app.ts
b/streampark-console/streampark-console-webapp/src/api/flink/app/app.ts
index d094fdd23..1633c03ba 100644
--- a/streampark-console/streampark-console-webapp/src/api/flink/app/app.ts
+++ b/streampark-console/streampark-console-webapp/src/api/flink/app/app.ts
@@ -42,7 +42,6 @@ enum APP_API {
CREATE = '/flink/app/create',
CHECK_START = '/flink/app/check_start',
START = '/flink/app/start',
- CLEAN = '/flink/app/clean',
BACKUPS = '/flink/app/backups',
ROLLBACK = '/flink/app/rollback',
REVOKE = '/flink/app/revoke',
diff --git
a/streampark-console/streampark-console-webapp/src/store/modules/user.ts
b/streampark-console/streampark-console-webapp/src/store/modules/user.ts
index bcc0fed1d..ece86f9f4 100644
--- a/streampark-console/streampark-console-webapp/src/store/modules/user.ts
+++ b/streampark-console/streampark-console-webapp/src/store/modules/user.ts
@@ -140,7 +140,6 @@ export const useUserStore = defineStore({
await fetchInitUserTeam(data as { teamId: string; userId: string });
} else {
const resp = await fetchSetUserTeam(data);
-
const { permissions, roles = [], user } = resp;
this.setUserInfo(user);
this.setRoleList(roles as RoleEnum[]);
