Skip to content

Commit

Permalink
[Feature][Permission] Reconstruction of permissions of resource cente…
Browse files Browse the repository at this point in the history
…r and monitoring center. (#10307)

* Reconstruction of permissions of resource center and monitoring center.

* clear local logs.

* resource query fix
  • Loading branch information
WangJPLeo committed May 31, 2022
1 parent 53ab6f7 commit a4948f5
Show file tree
Hide file tree
Showing 39 changed files with 907 additions and 428 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@
package org.apache.dolphinscheduler.api;

import org.apache.dolphinscheduler.service.task.TaskPluginManager;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,6 @@
import java.util.HashMap;
import java.util.Map;


public class ApiFuncIdentificationConstant {

public static final String ACCESS_TOKEN_MANAGE = "security:token:view";
Expand Down Expand Up @@ -84,8 +83,6 @@ public class ApiFuncIdentificationConstant {
public static final String VIEW_PERMISSION = "security:role:permission-view";
public static final String ASSIGN_PERMISSION = "security:role:permission-assign";



public static final String PROJECT = "project:view";
public static final String PROJECT_CREATE = "project:create";
public static final String PROJECT_UPDATE = "project:edit";
Expand Down Expand Up @@ -141,6 +138,45 @@ public class ApiFuncIdentificationConstant {
public static final String DATASOURCE_LIST = "datasource:list";
public static final String DATASOURCE_PARAM_VIEW = "datasource:param-view";

public static final String FILE_VIEW = "resources:file:view";
public static final String FOLDER_ONLINE_CREATE = "resources:folder:online-create";
public static final String FILE_ONLINE_CREATE = "resources:file:online-create";
public static final String FILE_UPLOAD = "resources:file:upload";
public static final String FILE_UPDATE = "resources:file:update-content";
public static final String FILE_RENAME = "resources:file:rename";
public static final String FILE_DOWNLOAD = "resources:file:download";
public static final String FILE_DELETE = "resources:file:delete";

public static final String UDF_FILE_VIEW = "resources:udf:view";
public static final String UDF_FOLDER_ONLINE_CREATE = "resources:udf-folder:online-create";
public static final String UDF_UPLOAD = "resources:udf:upload";
public static final String UDF_UPDATE = "resources:udf:edit";
public static final String UDF_DOWNLOAD = "resources:udf:download";
public static final String UDF_DELETE = "resources:udf:delete";

public static final String UDF_FUNCTION_VIEW = "resources:udf-func:view";
public static final String UDF_FUNCTION_CREATE = "resources:udf-func:create";
public static final String UDF_FUNCTION_UPDATE = "resources:udf-func:update";
public static final String UDF_FUNCTION_DELETE = "resources:udf-func:delete";

public static final String TASK_GROUP_VIEW = "resources:task-group:view";
public static final String TASK_GROUP_CREATE = "resources:task-group:create";
public static final String TASK_GROUP_CLOSE = "resources:task-group:close";
public static final String TASK_GROUP_EDIT = "resources:task-group:update";
public static final String TASK_GROUP_VIEW_QUEUE = "resources:task-group:queue-view";

public static final String TASK_GROUP_QUEUE = "resources:task-group-queue:view";
public static final String TASK_GROUP_QUEUE_PRIORITY = "resources:task-group-queue:priority";
public static final String TASK_GROUP_QUEUE_START = "resources:task-group-queue:start";

public static final String MONITOR_MASTER_VIEW = "monitor:masters:view";
public static final String MONITOR_WORKER_VIEW = "monitor:workers:view";
public static final String MONITOR_DATABASES_VIEW = "monitor:databases:view";

public static final String MONITOR_STATISTICS_VIEW = "monitor:statistics:view";
public static final String MONITOR_EVENT_LIST_VIEW = "monitor:event:view";
public static final String MONITOR_ALERT_LIST_VIEW = "monitor:alert:view";

public final static Map<ExecuteType,String> map = new HashMap<ExecuteType,String>();

static{
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -316,8 +316,7 @@ public Result<Object> queryResourceJarList(@ApiIgnore @RequestAttribute(value =
@RequestParam(value = "type") ResourceType type,
@RequestParam(value = "programType", required = false) ProgramType programType
) {
Map<String, Object> result = resourceService.queryResourceByProgramType(loginUser, type, programType);
return returnDataList(result);
return resourceService.queryResourceByProgramType(loginUser, type, programType);
}

/**
Expand Down Expand Up @@ -345,7 +344,7 @@ public Result<Object> queryResource(@ApiIgnore @RequestAttribute(value = Constan
@RequestParam(value = "type") ResourceType type
) {

return resourceService.queryResource(fullName, id, type);
return resourceService.queryResource(loginUser, fullName, id, type);
}

/**
Expand All @@ -371,7 +370,7 @@ public Result viewResource(@ApiIgnore @RequestAttribute(value = Constants.SESSIO
@RequestParam(value = "skipLineNum") int skipLineNum,
@RequestParam(value = "limit") int limit
) {
return resourceService.readResource(resourceId, skipLineNum, limit);
return resourceService.readResource(loginUser, resourceId, skipLineNum, limit);
}

/**
Expand Down Expand Up @@ -432,7 +431,7 @@ public Result updateResourceContent(@ApiIgnore @RequestAttribute(value = Constan
logger.error("The resource file contents are not allowed to be empty");
return error(RESOURCE_FILE_IS_EMPTY.getCode(), RESOURCE_FILE_IS_EMPTY.getMsg());
}
return resourceService.updateResourceContent(resourceId, content);
return resourceService.updateResourceContent(loginUser, resourceId, content);
}

/**
Expand All @@ -452,7 +451,7 @@ public Result updateResourceContent(@ApiIgnore @RequestAttribute(value = Constan
@AccessLogAnnotation(ignoreRequestArgs = "loginUser")
public ResponseEntity downloadResource(@ApiIgnore @RequestAttribute(value = Constants.SESSION_USER) User loginUser,
@PathVariable(value = "id") int resourceId) throws Exception {
Resource file = resourceService.downloadResource(resourceId);
Resource file = resourceService.downloadResource(loginUser, resourceId);
if (file == null) {
return ResponseEntity.status(HttpStatus.BAD_REQUEST).body(RESOURCE_NOT_EXIST.getMsg());
}
Expand Down Expand Up @@ -521,8 +520,7 @@ public Result createUdfFunc(@ApiIgnore @RequestAttribute(value = Constants.SESSI
@AccessLogAnnotation(ignoreRequestArgs = "loginUser")
public Result viewUIUdfFunction(@ApiIgnore @RequestAttribute(value = Constants.SESSION_USER) User loginUser,
@PathVariable("id") int id) {
Map<String, Object> map = udfFuncService.queryUdfFuncDetail(id);
return returnDataList(map);
return udfFuncService.queryUdfFuncDetail(loginUser, id);
}

/**
Expand Down Expand Up @@ -563,8 +561,7 @@ public Result updateUdfFunc(@ApiIgnore @RequestAttribute(value = Constants.SESSI
@RequestParam(value = "database", required = false) String database,
@RequestParam(value = "description", required = false) String description,
@PathVariable(value = "resourceId") int resourceId) {
Map<String, Object> result = udfFuncService.updateUdfFunc(udfFuncId, funcName, className, argTypes, database, description, type, resourceId);
return returnDataList(result);
return udfFuncService.updateUdfFunc(loginUser, udfFuncId, funcName, className, argTypes, database, description, type, resourceId);
}

/**
Expand Down Expand Up @@ -595,8 +592,7 @@ public Result<Object> queryUdfFuncListPaging(@ApiIgnore @RequestAttribute(value
if (!result.checkResult()) {
return result;
}
result = udfFuncService.queryUdfFuncListPaging(loginUser, searchVal, pageNo, pageSize);
return result;
return udfFuncService.queryUdfFuncListPaging(loginUser, searchVal, pageNo, pageSize);
}

/**
Expand All @@ -616,8 +612,7 @@ public Result<Object> queryUdfFuncListPaging(@ApiIgnore @RequestAttribute(value
@AccessLogAnnotation(ignoreRequestArgs = "loginUser")
public Result<Object> queryUdfFuncList(@ApiIgnore @RequestAttribute(value = Constants.SESSION_USER) User loginUser,
@RequestParam("type") UdfType type) {
Map<String, Object> result = udfFuncService.queryUdfFuncList(loginUser, type.ordinal());
return returnDataList(result);
return udfFuncService.queryUdfFuncList(loginUser, type.ordinal());
}

/**
Expand All @@ -639,7 +634,7 @@ public Result<Object> queryUdfFuncList(@ApiIgnore @RequestAttribute(value = Cons
public Result verifyUdfFuncName(@ApiIgnore @RequestAttribute(value = Constants.SESSION_USER) User loginUser,
@RequestParam(value = "name") String name
) {
return udfFuncService.verifyUdfFuncByName(name);
return udfFuncService.verifyUdfFuncByName(loginUser, name);
}

/**
Expand All @@ -660,7 +655,7 @@ public Result verifyUdfFuncName(@ApiIgnore @RequestAttribute(value = Constants.S
public Result deleteUdfFunc(@ApiIgnore @RequestAttribute(value = Constants.SESSION_USER) User loginUser,
@PathVariable(value = "id") int udfFuncId
) {
return udfFuncService.delete(udfFuncId);
return udfFuncService.delete(loginUser, udfFuncId);
}

/**
Expand Down Expand Up @@ -770,6 +765,6 @@ public Result queryResourceById(@ApiIgnore @RequestAttribute(value = Constants.S
@PathVariable(value = "id", required = true) Integer id
) {

return resourceService.queryResourceById(id);
return resourceService.queryResourceById(loginUser, id);
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -404,7 +404,10 @@ public enum Status {
QUERY_CAN_USE_K8S_CLUSTER_ERROR(1300014, "login user query can used k8s cluster list error", "查询可用k8s集群错误"),
RESOURCE_FULL_NAME_TOO_LONG_ERROR(1300015, "resource's fullname is too long error", "资源文件名过长"),
TENANT_FULL_NAME_TOO_LONG_ERROR(1300016, "tenant's fullname is too long error", "租户名过长"),
FUNCTION_DISABLED(1400002, "The current feature is disabled.", "当前功能已被禁用");

NO_CURRENT_OPERATING_PERMISSION(1400001, "The current user does not have this permission.", "当前用户无此权限"),
FUNCTION_DISABLED(1400002, "The current feature is disabled.", "当前功能已被禁用"),
;

private final int code;
private final String enMsg;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -536,8 +536,8 @@ public Map<String, Object> getDependentInfo(String projectName, String processDe
public Map<String, Object> getResourcesFileInfo(String programType, String fullName) {
Map<String, Object> result = new HashMap<>();

Map<String, Object> resources = resourceService.queryResourceByProgramType(dummyAdminUser, ResourceType.FILE, ProgramType.valueOf(programType));
List<ResourceComponent> resourcesComponent = (List<ResourceComponent>) resources.get(Constants.DATA_LIST);
Result<Object> resources = resourceService.queryResourceByProgramType(dummyAdminUser, ResourceType.FILE, ProgramType.valueOf(programType));
List<ResourceComponent> resourcesComponent = (List<ResourceComponent>) resources.getData();
List<ResourceComponent> namedResources = resourcesComponent.stream().filter(s -> fullName.equals(s.getFullName())).collect(Collectors.toList());
if (CollectionUtils.isEmpty(namedResources)) {
String msg = String.format("Can not find valid resource by program type %s and name %s", programType, fullName);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -115,7 +115,7 @@ Result<Object> updateResource(User loginUser,
* @param type resource type
* @return resource list
*/
Map<String, Object> queryResourceByProgramType(User loginUser, ResourceType type, ProgramType programType);
Result<Object> queryResourceByProgramType(User loginUser, ResourceType type, ProgramType programType);

/**
* delete resource
Expand Down Expand Up @@ -143,7 +143,7 @@ Result<Object> updateResource(User loginUser,
* @param type resource type
* @return true if the resource full name or pid not exists, otherwise return false
*/
Result<Object> queryResource(String fullName,Integer id,ResourceType type);
Result<Object> queryResource(User loginUser,String fullName,Integer id,ResourceType type);

/**
* view resource file online
Expand All @@ -153,7 +153,7 @@ Result<Object> updateResource(User loginUser,
* @param limit limit
* @return resource content
*/
Result<Object> readResource(int resourceId, int skipLineNum, int limit);
Result<Object> readResource(User loginUser,int resourceId, int skipLineNum, int limit);

/**
* create resource file online
Expand All @@ -175,7 +175,7 @@ Result<Object> updateResource(User loginUser,
* @param content content
* @return update result cod
*/
Result<Object> updateResourceContent(int resourceId, String content);
Result<Object> updateResourceContent(User loginUser,int resourceId, String content);

/**
* download file
Expand All @@ -184,7 +184,7 @@ Result<Object> updateResource(User loginUser,
* @return resource content
* @throws IOException exception
*/
org.springframework.core.io.Resource downloadResource(int resourceId) throws IOException;
org.springframework.core.io.Resource downloadResource(User loginUser, int resourceId) throws IOException;

/**
* list all file
Expand Down Expand Up @@ -236,6 +236,6 @@ Result<Object> updateResource(User loginUser,
* @param resourceId resource id
* @return resource
*/
Result<Object> queryResourceById(Integer resourceId);
Result<Object> queryResourceById(User loginUser, Integer resourceId);

}
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@ Result<Object> createUdfFunction(User loginUser,
* @param id udf function id
* @return udf function detail
*/
Map<String, Object> queryUdfFuncDetail(int id);
Result<Object> queryUdfFuncDetail(User loginUser,int id);

/**
* updateProcessInstance udf function
Expand All @@ -71,7 +71,8 @@ Result<Object> createUdfFunction(User loginUser,
* @param className class name
* @return update result code
*/
Map<String, Object> updateUdfFunc(int udfFuncId,
Result<Object> updateUdfFunc(User loginUser,
int udfFuncId,
String funcName,
String className,
String argTypes,
Expand All @@ -98,22 +99,22 @@ Map<String, Object> updateUdfFunc(int udfFuncId,
* @param type udf type
* @return udf func list
*/
Map<String, Object> queryUdfFuncList(User loginUser, Integer type);
Result<Object> queryUdfFuncList(User loginUser, Integer type);

/**
* delete udf function
*
* @param id udf function id
* @return delete result code
*/
Result<Object> delete(int id);
Result<Object> delete(User loginUser, int id);

/**
* verify udf function by name
*
* @param name name
* @return true if the name can user, otherwise return false
*/
Result<Object> verifyUdfFuncByName(String name);
Result<Object> verifyUdfFuncByName(User loginUser, String name);

}
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ public class BaseServiceImpl implements BaseService {
private static final Logger logger = LoggerFactory.getLogger(BaseServiceImpl.class);

@Autowired
private ResourcePermissionCheckService resourcePermissionCheckService;
protected ResourcePermissionCheckService resourcePermissionCheckService;

/**
* check admin
Expand Down Expand Up @@ -162,8 +162,8 @@ public boolean canOperator(User operateUser, int createUserId) {
* @return boolean
*/
@Override
public boolean canOperatorPermissions(User user, Object[] ids,AuthorizationType type,String perm) {
boolean operationPermissionCheck = resourcePermissionCheckService.operationPermissionCheck(type, user.getId(), perm, logger);
public boolean canOperatorPermissions(User user, Object[] ids,AuthorizationType type,String permissionKey) {
boolean operationPermissionCheck = resourcePermissionCheckService.operationPermissionCheck(type, user.getId(), permissionKey, logger);
boolean resourcePermissionCheck = resourcePermissionCheckService.resourcePermissionCheck(type, ids, user.getUserType().equals(UserType.ADMIN_USER) ? 0 : user.getId(), logger);
return operationPermissionCheck && resourcePermissionCheck;
}
Expand Down
Loading

0 comments on commit a4948f5

Please sign in to comment.