(incubator-streampark) branch dev-2.1.4 updated: [Improve] check member permissions improvement

benjobs Sat, 20 Apr 2024 23:02:25 -0700

This is an automated email from the ASF dual-hosted git repository.

benjobs pushed a commit to branch dev-2.1.4
in repository https://gitbox.apache.org/repos/asf/incubator-streampark.git



The following commit(s) were added to refs/heads/dev-2.1.4 by this push:
     new c6ad494d8 [Improve] check member permissions improvement
c6ad494d8 is described below

commit c6ad494d8645888a2590bb439ca36a49cdf44b6a
Author: benjobs <[email protected]>
AuthorDate: Sun Apr 21 14:02:07 2024 +0800

    [Improve] check member permissions improvement
---
 .../system/service/impl/MemberServiceImpl.java     | 17 +++++++++++++++
 .../main/resources/mapper/system/MemberMapper.xml  | 25 ++++++++++++++++------
 2 files changed, 35 insertions(+), 7 deletions(-)

diff --git 
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/service/impl/MemberServiceImpl.java
 
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/service/impl/MemberServiceImpl.java
index b007a5d14..ad0b542b3 100644
--- 
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/service/impl/MemberServiceImpl.java
+++ 
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/service/impl/MemberServiceImpl.java
@@ -21,6 +21,8 @@ import org.apache.streampark.common.util.Utils;
 import org.apache.streampark.console.base.domain.RestRequest;
 import org.apache.streampark.console.base.exception.ApiAlertException;
 import org.apache.streampark.console.base.mybatis.pager.MybatisPager;
+import org.apache.streampark.console.core.enums.UserType;
+import org.apache.streampark.console.core.service.ServiceHelper;
 import org.apache.streampark.console.system.entity.Member;
 import org.apache.streampark.console.system.entity.Team;
 import org.apache.streampark.console.system.entity.User;
@@ -54,6 +56,7 @@ public class MemberServiceImpl extends 
ServiceImpl<MemberMapper, Member> impleme
   @Autowired private RoleService roleService;
 
   @Autowired private TeamService teamService;
+  @Autowired private ServiceHelper serviceHelper;
 
   @Override
   @Transactional
@@ -153,6 +156,7 @@ public class MemberServiceImpl extends 
ServiceImpl<MemberMapper, Member> impleme
 
   @Override
   public void deleteMember(Member memberArg) {
+    checkPermission(memberArg);
     Member member =
         Optional.ofNullable(this.getById(memberArg.getId()))
             .orElseThrow(
@@ -163,8 +167,21 @@ public class MemberServiceImpl extends 
ServiceImpl<MemberMapper, Member> impleme
     userService.clearLastTeam(member.getUserId(), member.getTeamId());
   }
 
+  private void checkPermission(Member member) {
+    User user = serviceHelper.getLoginUser();
+    ApiAlertException.throwIfTrue(user == null, "Permission denied, invalid 
login");
+    if (user.getUserType() == UserType.USER) {
+      List<Team> teamList = this.findUserTeams(user.getUserId());
+      Optional<Team> team =
+          teamList.stream().filter(c -> 
c.getId().equals(member.getTeamId())).findFirst();
+      ApiAlertException.throwIfTrue(
+          !team.isPresent(), "Permission denied, The current user is not in 
the team");
+    }
+  }
+
   @Override
   public void updateMember(Member member) {
+    checkPermission(member);
     Member oldMember =
         Optional.ofNullable(this.getById(member.getId()))
             .orElseThrow(
diff --git 
a/streampark-console/streampark-console-service/src/main/resources/mapper/system/MemberMapper.xml
 
b/streampark-console/streampark-console-service/src/main/resources/mapper/system/MemberMapper.xml
index 643ebc206..a402027fb 100644
--- 
a/streampark-console/streampark-console-service/src/main/resources/mapper/system/MemberMapper.xml
+++ 
b/streampark-console/streampark-console-service/src/main/resources/mapper/system/MemberMapper.xml
@@ -71,14 +71,25 @@
     </select>
 
     <select id="findUsersNotInTeam" 
resultType="org.apache.streampark.console.system.entity.User">
-        select tu.* from t_user tu
-        where tu.user_id
+        select u.user_id,
+            u.username,
+            u.nick_name,
+            u.user_type,
+            u.login_type,
+            u.status,
+            u.email,
+            u.create_time,
+            u.modify_time,
+            u.sex,
+            u.description
+        from t_user u
+        where u.user_id
         not in (
-                    select u.user_id
-                        from t_user u join t_member m
-                        on m.team_id = #{teamId}
-                        and m.user_id = u.user_id
-                )
+            select u.user_id
+            from t_user u join t_member m
+            on m.team_id = #{teamId}
+            and m.user_id = u.user_id
+        )
     </select>
 
 </mapper>

(incubator-streampark) branch dev-2.1.4 updated: [Improve] check member permissions improvement

Reply via email to