This is an automated email from the ASF dual-hosted git repository.
zhongjiajie pushed a commit to branch dev
in repository https://gitbox.apache.org/repos/asf/dolphinscheduler.git
The following commit(s) were added to refs/heads/dev by this push:
new 7bfc6dc3cf [Bug-15215][Api] non-admin should not modify tenantId and
queue (#15254)
7bfc6dc3cf is described below
commit 7bfc6dc3cfde4acc2f2bc232b8403fd776ed52f2
Author: zhanqian <[email protected]>
AuthorDate: Mon Dec 4 10:20:34 2023 +0800
[Bug-15215][Api] non-admin should not modify tenantId and queue (#15254)
* bugfix-15215:Users are not allowed to modify the default tenant and queue
through the update API
* fix: #15215
---
.../api/service/impl/UsersServiceImpl.java | 11 ++++++++
.../api/service/UsersServiceTest.java | 31 ++++++++++++++++++++++
2 files changed, 42 insertions(+)
diff --git
a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UsersServiceImpl.java
b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UsersServiceImpl.java
index f268d791b7..3b54df1725 100644
---
a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UsersServiceImpl.java
+++
b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UsersServiceImpl.java
@@ -385,6 +385,17 @@ public class UsersServiceImpl extends BaseServiceImpl
implements UsersService {
if (user == null) {
throw new ServiceException(Status.USER_NOT_EXIST, userId);
}
+
+ // non-admin should not modify tenantId and queue
+ if (!isAdmin(loginUser)) {
+ if (tenantId != null && user.getTenantId() != tenantId) {
+ throw new ServiceException(Status.USER_NO_OPERATION_PERM);
+ }
+ if (StringUtils.isNotEmpty(queue) && !StringUtils.equals(queue,
user.getQueue())) {
+ throw new ServiceException(Status.USER_NO_OPERATION_PERM);
+ }
+ }
+
if (StringUtils.isNotEmpty(userName)) {
if (!CheckUtils.checkUserName(userName)) {
diff --git
a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/UsersServiceTest.java
b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/UsersServiceTest.java
index 557adcbab6..27ee150b50 100644
---
a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/UsersServiceTest.java
+++
b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/UsersServiceTest.java
@@ -335,6 +335,20 @@ public class UsersServiceTest {
"queue",
1,
"Asia/Shanghai"));
+
+ // non-admin should not modify tenantId and queue
+ when(userMapper.selectById(2)).thenReturn(getNonAdminUser());
+ User user = userMapper.selectById(2);
+ assertThrowsServiceException(Status.USER_NO_OPERATION_PERM, () ->
usersService.updateUser(user,
+ 2,
+ userName,
+ userPassword,
+ "[email protected]",
+ null,
+ "13457864543",
+ "offline",
+ 1,
+ "Asia/Shanghai"));
}
@Test
@@ -889,6 +903,23 @@ public class UsersServiceTest {
return user;
}
+ /**
+ * get non-admin user
+ *
+ * @return user
+ */
+ private User getNonAdminUser() {
+
+ User user = new User();
+ user.setId(2);
+ user.setUserType(UserType.GENERAL_USER);
+ user.setUserName("userTest0001");
+ user.setUserPassword("userTest0001");
+ user.setTenantId(2);
+ user.setQueue("queue");
+ return user;
+ }
+
/**
* get tenant
*