Merge pull request #3980 from lgcareer/1.3.3-release-fix3958

[Fix-#3958][api] files should not be created successfully in the directory of the authorized file
apache · Oct 23, 2020 · 292b0fc · 292b0fc
2 parents 075d163 + 01975bd
commit 292b0fc
Showing 1 changed file with 13 additions and 0 deletions.
diff --git a/...scheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/ResourcesService.java b/...scheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/ResourcesService.java
@@ -961,6 +961,19 @@ public Result onlineCreateResource(User loginUser, ResourceType type, String fil
         if (!result.getCode().equals(Status.SUCCESS.getCode())) {
             return result;
         }
+        if (pid != -1) {
+            Resource parentResource = resourcesMapper.selectById(pid);
+
+            if (parentResource == null) {
+                putMsg(result, Status.PARENT_RESOURCE_NOT_EXIST);
+                return result;
+            }
+
+            if (!hasPerm(loginUser, parentResource.getUserId())) {
+                putMsg(result, Status.USER_NO_OPERATION_PERM);
+                return result;
+            }
+        }
 
         // save data
         Date now = new Date();