add login user check some actions in api

553af778 · lenboo · 5756d6b0 · 553af778 · 553af778 · 553af778
7 changed file
--- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/controller/AccessTokenController.java
+++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/controller/AccessTokenController.java
@@ -74,7 +74,7 @@ public class AccessTokenController extends BaseController {
        logger.info("login user {}, create token , userId : {} , token expire time : {} , token : {}", loginUser.getUserName(),
                userId, expireTime, token);

-        Map<String, Object> result = accessTokenService.createToken(userId, expireTime, token);
+        Map<String, Object> result = accessTokenService.createToken(loginUser, userId, expireTime, token);
        return returnDataList(result);
    }

@@ -94,7 +94,7 @@ public class AccessTokenController extends BaseController {
                                @RequestParam(value = "userId") int userId,
                                @RequestParam(value = "expireTime") String expireTime) {
        logger.info("login user {}, generate token , userId : {} , token expire time : {}", loginUser, userId, expireTime);
-        Map<String, Object> result = accessTokenService.generateToken(userId, expireTime);
+        Map<String, Object> result = accessTokenService.generateToken(loginUser, userId, expireTime);
        return returnDataList(result);
    }

@@ -173,7 +173,7 @@ public class AccessTokenController extends BaseController {
        logger.info("login user {}, update token , userId : {} , token expire time : {} , token : {}", loginUser.getUserName(),
                userId, expireTime, token);

-        Map<String, Object> result = accessTokenService.updateToken(id, userId, expireTime, token);
+        Map<String, Object> result = accessTokenService.updateToken(loginUser, id, userId, expireTime, token);
        return returnDataList(result);
    }


--- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/controller/UsersController.java
+++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/controller/UsersController.java
@@ -161,7 +161,7 @@ public class UsersController extends BaseController {
                             @RequestParam(value = "phone", required = false) String phone) throws Exception {
        logger.info("login user {}, updateProcessInstance user, userName: {}, email: {}, tenantId: {}, userPassword: {}, phone: {}, user queue: {}",
                loginUser.getUserName(), userName, email, tenantId, Constants.PASSWORD_DEFAULT, phone, queue);
-        Map<String, Object> result = usersService.updateUser(id, userName, userPassword, email, tenantId, phone, queue);
+        Map<String, Object> result = usersService.updateUser(loginUser, id, userName, userPassword, email, tenantId, phone, queue);
        return returnDataList(result);
    }


--- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/AccessTokenService.java
+++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/AccessTokenService.java
@@ -75,13 +75,18 @@ public class AccessTokenService extends BaseService {

    /**
     * create token
+     *
+     * @param loginUser
     * @param userId token for user
     * @param expireTime token expire time
     * @param token token string
     * @return create result code
     */
-    public Map<String, Object> createToken(int userId, String expireTime, String token) {
+    public Map<String, Object> createToken(User loginUser, int userId, String expireTime, String token) {
        Map<String, Object> result = new HashMap<>(5);
+        if(check(result, !isAdmin(loginUser), Status.USER_NO_OPERATION_PERM)){
+            return result;
+        }

        if (userId <= 0) {
            throw new IllegalArgumentException("User id should not less than or equals to 0.");
@@ -107,12 +112,17 @@ public class AccessTokenService extends BaseService {

    /**
     * generate token
+     *
+     * @param loginUser
     * @param userId token for user
     * @param expireTime token expire time
     * @return token string
     */
-    public Map<String, Object> generateToken(int userId, String expireTime) {
+    public Map<String, Object> generateToken(User loginUser, int userId, String expireTime) {
        Map<String, Object> result = new HashMap<>(5);
+        if(check(result, !isAdmin(loginUser), Status.USER_NO_OPERATION_PERM)){
+            return result;
+        }
        String token = EncryptionUtils.getMd5(userId + expireTime + String.valueOf(System.currentTimeMillis()));
        result.put(Constants.DATA_LIST, token);
        putMsg(result, Status.SUCCESS);
@@ -128,6 +138,10 @@ public class AccessTokenService extends BaseService {
    public Map<String, Object> delAccessTokenById(User loginUser, int id) {
        Map<String, Object> result = new HashMap<>(5);

+        if(check(result, !isAdmin(loginUser), Status.USER_NO_OPERATION_PERM)){
+            return result;
+        }
+
        AccessToken accessToken = accessTokenMapper.selectById(id);

        if (accessToken == null) {
@@ -149,15 +163,20 @@ public class AccessTokenService extends BaseService {

    /**
     * update token by id
+     *
+     * @param loginUser
     * @param id token id
     * @param userId token for user
     * @param expireTime token expire time
     * @param token token string
     * @return update result code
     */
-    public Map<String, Object> updateToken(int id,int userId, String expireTime, String token) {
+    public Map<String, Object> updateToken(User loginUser, int id, int userId, String expireTime, String token) {
        Map<String, Object> result = new HashMap<>(5);

+        if(check(result, !isAdmin(loginUser), Status.USER_NO_OPERATION_PERM)){
+            return result;
+        }
        AccessToken accessToken = accessTokenMapper.selectById(id);
        if (accessToken == null) {
            logger.error("access token not exist,  access token id {}", id);

--- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/BaseService.java
+++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/BaseService.java
@@ -94,6 +94,25 @@ public class BaseService {

    }

+    /**
+     * check
+     *
+     * @param result result
+     * @param bool bool
+     * @param userNoOperationPerm status
+     * @return check result
+     */
+    protected boolean check(Map<String, Object> result, boolean bool, Status userNoOperationPerm) {
+        //only admin can operate
+        if (bool) {
+            result.put(Constants.STATUS, userNoOperationPerm);
+            result.put(Constants.MSG, userNoOperationPerm.getMsg());
+            return true;
+        }
+        return false;
+    }
+
+
    /**
     * get cookie info by name
     * @param request request

--- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/UsersService.java
+++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/UsersService.java
@@ -248,6 +248,8 @@ public class UsersService extends BaseService {
    /**
     * updateProcessInstance user
     *
+     *
+     * @param loginUser
     * @param userId user id
     * @param userName user name
     * @param userPassword user password
@@ -258,7 +260,7 @@ public class UsersService extends BaseService {
     * @return update result code
     * @throws Exception exception
     */
-    public Map<String, Object> updateUser(int userId,
+    public Map<String, Object> updateUser(User loginUser, int userId,
                                          String userName,
                                          String userPassword,
                                          String email,
@@ -268,13 +270,14 @@ public class UsersService extends BaseService {
        Map<String, Object> result = new HashMap<>(5);
        result.put(Constants.STATUS, false);

+        if (check(result, !hasPerm(loginUser, userId), Status.USER_NO_OPERATION_PERM)) {
+            return result;
+        }
        User user = userMapper.selectById(userId);
-
        if (user == null) {
            putMsg(result, Status.USER_NOT_EXIST, userId);
            return result;
        }
-
        if (StringUtils.isNotEmpty(userName)) {

            if (!CheckUtils.checkUserName(userName)){
@@ -814,24 +817,6 @@ public class UsersService extends BaseService {
        return result;
    }

-    /**
-     * check
-     *
-     * @param result result
-     * @param bool bool
-     * @param userNoOperationPerm status
-     * @return check result
-     */
-    private boolean check(Map<String, Object> result, boolean bool, Status userNoOperationPerm) {
-        //only admin can operate
-        if (bool) {
-            result.put(Constants.STATUS, userNoOperationPerm);
-            result.put(Constants.MSG, userNoOperationPerm.getMsg());
-            return true;
-        }
-        return false;
-    }
-
    /**
     * @param tenantId tenant id
     * @return true if tenant exists, otherwise return false

--- a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/AccessTokenServiceTest.java
+++ b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/AccessTokenServiceTest.java
@@ -94,7 +94,7 @@ public class AccessTokenServiceTest {


       when(accessTokenMapper.insert(any(AccessToken.class))).thenReturn(2);
-        Map<String, Object> result = accessTokenService.createToken(1,getDate(),"AccessTokenServiceTest");
+        Map<String, Object> result = accessTokenService.createToken(getLoginUser(), 1,getDate(),"AccessTokenServiceTest");
        logger.info(result.toString());
        Assert.assertEquals(Status.SUCCESS,result.get(Constants.STATUS));
    }
@@ -102,7 +102,7 @@ public class AccessTokenServiceTest {
    @Test
    public  void testGenerateToken(){

-        Map<String, Object> result = accessTokenService.generateToken(Integer.MAX_VALUE,getDate());
+        Map<String, Object> result = accessTokenService.generateToken(getLoginUser(), Integer.MAX_VALUE,getDate());
        logger.info(result.toString());
        Assert.assertEquals(Status.SUCCESS,result.get(Constants.STATUS));
        String token = (String) result.get(Constants.DATA_LIST);
@@ -134,16 +134,24 @@ public class AccessTokenServiceTest {
    public  void testUpdateToken(){

        when(accessTokenMapper.selectById(1)).thenReturn(getEntity());
-        Map<String, Object> result = accessTokenService.updateToken(1,Integer.MAX_VALUE,getDate(),"token");
+        Map<String, Object> result = accessTokenService.updateToken(getLoginUser(), 1,Integer.MAX_VALUE,getDate(),"token");
        logger.info(result.toString());
        Assert.assertEquals(Status.SUCCESS,result.get(Constants.STATUS));
        // not exist
-        result = accessTokenService.updateToken(2,Integer.MAX_VALUE,getDate(),"token");
+        result = accessTokenService.updateToken(getLoginUser(), 2,Integer.MAX_VALUE,getDate(),"token");
        logger.info(result.toString());
        Assert.assertEquals(Status.ACCESS_TOKEN_NOT_EXIST,result.get(Constants.STATUS));

    }

+
+    private User getLoginUser(){
+        User loginUser = new User();
+        loginUser.setId(1);
+        loginUser.setUserType(UserType.ADMIN_USER);
+        return loginUser;
+    }
+
    /**
     * create entity
     * @return

--- a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/UsersServiceTest.java
+++ b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/UsersServiceTest.java
@@ -18,7 +18,6 @@ package org.apache.dolphinscheduler.api.service;

 import com.baomidou.mybatisplus.core.metadata.IPage;
 import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
-import org.apache.avro.generic.GenericData;
 import org.apache.dolphinscheduler.api.enums.Status;
 import org.apache.dolphinscheduler.api.utils.PageInfo;
 import org.apache.dolphinscheduler.api.utils.Result;
@@ -225,13 +224,13 @@ public class UsersServiceTest {
        String userPassword = "userTest0001";
        try {
            //user not exist
-            Map<String, Object> result = usersService.updateUser(0,userName,userPassword,"3443@qq.com",1,"13457864543","queue");
+            Map<String, Object> result = usersService.updateUser(getLoginUser(), 0,userName,userPassword,"3443@qq.com",1,"13457864543","queue");
            Assert.assertEquals(Status.USER_NOT_EXIST, result.get(Constants.STATUS));
            logger.info(result.toString());

            //success
            when(userMapper.selectById(1)).thenReturn(getUser());
-            result = usersService.updateUser(1,userName,userPassword,"32222s@qq.com",1,"13457864543","queue");
+            result = usersService.updateUser(getLoginUser(), 1,userName,userPassword,"32222s@qq.com",1,"13457864543","queue");
            logger.info(result.toString());
            Assert.assertEquals(Status.SUCCESS, result.get(Constants.STATUS));
        } catch (Exception e) {
@@ -357,6 +356,12 @@ public class UsersServiceTest {

    }

+    private User getLoginUser(){
+        User loginUser = new User();
+        loginUser.setId(1);
+        loginUser.setUserType(UserType.ADMIN_USER);
+        return loginUser;
+    }

    @Test
    public void getUserInfo(){