[Fix-16578] Fix environment resource permission (#16579)

apache · Sep 29, 2024 · d2df861 · d2df861
1 parent 9024dca
commit d2df861
Show file tree

Hide file tree

Showing 2 changed files with 33 additions and 5 deletions.
diff --git a/...n/java/org/apache/dolphinscheduler/api/permission/ResourcePermissionCheckServiceImpl.java b/...n/java/org/apache/dolphinscheduler/api/permission/ResourcePermissionCheckServiceImpl.java
@@ -43,6 +43,7 @@
 import org.apache.dolphinscheduler.dao.mapper.TaskGroupMapper;
 import org.apache.dolphinscheduler.dao.mapper.TenantMapper;
 import org.apache.dolphinscheduler.dao.mapper.WorkerGroupMapper;
+import org.apache.dolphinscheduler.dao.repository.UserDao;
 import org.apache.dolphinscheduler.service.process.ProcessService;
 
 import java.util.Arrays;
@@ -240,8 +241,11 @@ public static class EnvironmentResourcePermissionCheck implements ResourceAcquis
 
         private final EnvironmentMapper environmentMapper;
 
-        public EnvironmentResourcePermissionCheck(EnvironmentMapper environmentMapper) {
+        private final UserDao userDao;
+
+        public EnvironmentResourcePermissionCheck(EnvironmentMapper environmentMapper, UserDao userDao) {
             this.environmentMapper = environmentMapper;
+            this.userDao = userDao;
         }
 
         @Override
@@ -251,7 +255,12 @@ public List<AuthorizationType> authorizationTypes() {
 
         @Override
         public boolean permissionCheck(int userId, String url, Logger logger) {
-            return true;
+            User user = userDao.queryById(userId);
+            if (user == null) {
+                logger.error("User does not exist, userId:{}.", userId);
+                return false;
+            }
+            return user.getUserType() == UserType.ADMIN_USER;
         }
 
         @Override

diff --git a/...va/org/apache/dolphinscheduler/api/permission/EnvironmentResourcePermissionCheckTest.java b/...va/org/apache/dolphinscheduler/api/permission/EnvironmentResourcePermissionCheckTest.java
@@ -17,11 +17,14 @@
 
 package org.apache.dolphinscheduler.api.permission;
 
+import static org.mockito.Mockito.when;
+
 import org.apache.dolphinscheduler.common.enums.AuthorizationType;
 import org.apache.dolphinscheduler.common.enums.UserType;
 import org.apache.dolphinscheduler.dao.entity.Environment;
 import org.apache.dolphinscheduler.dao.entity.User;
 import org.apache.dolphinscheduler.dao.mapper.EnvironmentMapper;
+import org.apache.dolphinscheduler.dao.repository.UserDao;
 
 import java.util.Arrays;
 import java.util.Collections;
@@ -34,7 +37,6 @@
 import org.junit.jupiter.api.extension.ExtendWith;
 import org.mockito.InjectMocks;
 import org.mockito.Mock;
-import org.mockito.Mockito;
 import org.mockito.junit.jupiter.MockitoExtension;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -46,14 +48,24 @@ public class EnvironmentResourcePermissionCheckTest {
     @InjectMocks
     private ResourcePermissionCheckServiceImpl.EnvironmentResourcePermissionCheck environmentResourcePermissionCheck;
 
+    @Mock
+    private UserDao userDao;
+
     @Mock
     private EnvironmentMapper environmentMapper;
 
     @Test
     public void testPermissionCheck() {
-        User user = getLoginUser();
+        User user = getLoginAdminUser();
+        when(userDao.queryById(user.getId())).thenReturn(user);
         Assertions.assertTrue(environmentResourcePermissionCheck.permissionCheck(user.getId(), null, logger));
     }
+    @Test
+    public void testPermissionCheckFail() {
+        User user = getLoginAdminUser();
+        when(userDao.queryById(user.getId())).thenReturn(null);
+        Assertions.assertFalse(environmentResourcePermissionCheck.permissionCheck(user.getId(), null, logger));
+    }
 
     @Test
     public void testAuthorizationTypes() {
@@ -69,7 +81,7 @@ public void testListAuthorizedResourceIds() {
         ids.add(environment.getId());
         List<Environment> environments = Arrays.asList(environment);
 
-        Mockito.when(environmentMapper.queryAllEnvironmentList()).thenReturn(environments);
+        when(environmentMapper.queryAllEnvironmentList()).thenReturn(environments);
 
         Assertions.assertEquals(ids,
                 environmentResourcePermissionCheck.listAuthorizedResourceIds(user.getId(), logger));
@@ -82,4 +94,11 @@ private User getLoginUser() {
         loginUser.setId(1);
         return loginUser;
     }
+    private User getLoginAdminUser() {
+        User loginUser = new User();
+        loginUser.setUserType(UserType.ADMIN_USER);
+        loginUser.setUserName("test");
+        loginUser.setId(1);
+        return loginUser;
+    }
 }