ruanwenjun opened a new pull request, #18300: URL: https://github.com/apache/dolphinscheduler/pull/18300
<!--Thanks very much for contributing to Apache DolphinScheduler. Please review https://dolphinscheduler.apache.org/en-us/community/development/pull-request.html before opening a pull request.--> ## Purpose of the pull request Close #18299. Ensure non-admin users can only create or update access tokens for their own user id. ## Brief change log - Add a service-layer ownership check for access-token create/update target user ids. - Add regression tests for non-admin create/update attempts that target another user. ## Verify this pull request - `./mvnw -q -pl dolphinscheduler-api -am clean test -Dtest=AccessTokenServiceTest#testCreateTokenForOtherUserDeniedForGeneralUser+testUpdateTokenToOtherUserDeniedForGeneralUser -DfailIfNoTests=false -Dsurefire.failIfNoSpecifiedTests=false -Djacoco.skip=true -Dspotless.check.skip=true -Drat.skip=true -Dcheckstyle.skip=true` - `./mvnw -q -pl dolphinscheduler-api -Dtest=AccessTokenServiceTest -DfailIfNoTests=false -Dsurefire.failIfNoSpecifiedTests=false -Djacoco.skip=true -Dspotless.check.skip=true -Drat.skip=true -Dcheckstyle.skip=true test` - `./mvnw -q -pl dolphinscheduler-api -Dtest=AccessTokenServiceTest,AccessTokenControllerTest,AccessTokenResourcePermissionCheckTest -DfailIfNoTests=false -Dsurefire.failIfNoSpecifiedTests=false -Djacoco.skip=true -Dspotless.check.skip=true -Drat.skip=true -Dcheckstyle.skip=true test` - `git diff --check` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
