Skip to content

Commit 8ebe060

Browse files
zwZjuthonghuo.zw
zwZjut
and
honghuo.zw
authored
[Feature][dolphinscheduler-api] access control of processDefinition and processInstance in project #7073 (#7080)
* to #7073 * to #7073 * to #7073 Co-authored-by: honghuo.zw <honghuo.zw@alibaba-inc.com>
1 parent d09d68e commit 8ebe060

16 files changed

Lines changed: 105 additions & 36 deletions

File tree

dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/controller/ProcessDefinitionController.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -518,7 +518,7 @@ public Result viewTree(@ApiIgnore @RequestAttribute(value = Constants.SESSION_US
518518
@ApiParam(name = "projectCode", value = "PROJECT_CODE", required = true) @PathVariable long projectCode,
519519
@PathVariable("code") long code,
520520
@RequestParam("limit") Integer limit) {
521-
Map<String, Object> result = processDefinitionService.viewTree(code, limit);
521+
Map<String, Object> result = processDefinitionService.viewTree(projectCode, code, limit);
522522
return returnDataList(result);
523523
}
524524

dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/controller/ProcessInstanceController.java

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -344,8 +344,9 @@ public Result queryParentInstanceBySubId(@ApiIgnore @RequestAttribute(value = Co
344344
@ApiException(QUERY_PROCESS_INSTANCE_ALL_VARIABLES_ERROR)
345345
@AccessLogAnnotation
346346
public Result viewVariables(@ApiIgnore @RequestAttribute(value = Constants.SESSION_USER) User loginUser,
347+
@ApiParam(name = "projectCode", value = "PROJECT_CODE", required = true) @PathVariable long projectCode,
347348
@PathVariable("id") Integer id) {
348-
Map<String, Object> result = processInstanceService.viewVariables(id);
349+
Map<String, Object> result = processInstanceService.viewVariables(projectCode, id);
349350
return returnDataList(result);
350351
}
351352

@@ -368,7 +369,7 @@ public Result viewVariables(@ApiIgnore @RequestAttribute(value = Constants.SESSI
368369
public Result viewTree(@ApiIgnore @RequestAttribute(value = Constants.SESSION_USER) User loginUser,
369370
@ApiParam(name = "projectCode", value = "PROJECT_CODE", required = true) @PathVariable long projectCode,
370371
@PathVariable("id") Integer id) throws Exception {
371-
Map<String, Object> result = processInstanceService.viewGantt(id);
372+
Map<String, Object> result = processInstanceService.viewGantt(projectCode, id);
372373
return returnDataList(result);
373374
}
374375

dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/ProcessDefinitionService.java

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -285,11 +285,12 @@ Map<String, Object> getNodeListMapByDefinitionCodes(User loginUser,
285285
/**
286286
* Encapsulates the TreeView structure
287287
*
288+
* @param projectCode project code
288289
* @param code process definition code
289290
* @param limit limit
290291
* @return tree view json data
291292
*/
292-
Map<String, Object> viewTree(long code, Integer limit);
293+
Map<String, Object> viewTree(long projectCode, long code, Integer limit);
293294

294295
/**
295296
* switch the defined process definition version

dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/ProcessInstanceService.java

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,6 @@
2121
import org.apache.dolphinscheduler.api.utils.Result;
2222
import org.apache.dolphinscheduler.common.enums.DependResult;
2323
import org.apache.dolphinscheduler.common.enums.ExecutionStatus;
24-
import org.apache.dolphinscheduler.common.enums.Flag;
2524
import org.apache.dolphinscheduler.dao.entity.ProcessInstance;
2625
import org.apache.dolphinscheduler.dao.entity.User;
2726

@@ -165,19 +164,21 @@ Map<String, Object> deleteProcessInstanceById(User loginUser,
165164
/**
166165
* view process instance variables
167166
*
167+
* @param projectCode project code
168168
* @param processInstanceId process instance id
169169
* @return variables data
170170
*/
171-
Map<String, Object> viewVariables(Integer processInstanceId);
171+
Map<String, Object> viewVariables(long projectCode, Integer processInstanceId);
172172

173173
/**
174174
* encapsulation gantt structure
175175
*
176+
* @param projectCode project code
176177
* @param processInstanceId process instance id
177178
* @return gantt tree data
178179
* @throws Exception exception when json parse
179180
*/
180-
Map<String, Object> viewGantt(Integer processInstanceId) throws Exception;
181+
Map<String, Object> viewGantt(long projectCode, Integer processInstanceId) throws Exception;
181182

182183
/**
183184
* query process instance by processDefinitionCode and stateArray

dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ProcessDefinitionServiceImpl.java

Lines changed: 26 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -448,7 +448,7 @@ public Map<String, Object> queryProcessDefinitionByCode(User loginUser, long pro
448448
}
449449

450450
ProcessDefinition processDefinition = processDefinitionMapper.queryByCode(code);
451-
if (processDefinition == null) {
451+
if (processDefinition == null || projectCode != processDefinition.getProjectCode()) {
452452
putMsg(result, Status.PROCESS_DEFINE_NOT_EXIST, code);
453453
} else {
454454
Tenant tenant = tenantMapper.queryById(processDefinition.getTenantId());
@@ -542,7 +542,7 @@ public Map<String, Object> updateProcessDefinition(User loginUser,
542542

543543
ProcessDefinition processDefinition = processDefinitionMapper.queryByCode(code);
544544
// check process definition exists
545-
if (processDefinition == null) {
545+
if (processDefinition == null || projectCode != processDefinition.getProjectCode()) {
546546
putMsg(result, Status.PROCESS_DEFINE_NOT_EXIST, code);
547547
return result;
548548
}
@@ -645,7 +645,7 @@ public Map<String, Object> deleteProcessDefinitionByCode(User loginUser, long pr
645645
return result;
646646
}
647647
ProcessDefinition processDefinition = processDefinitionMapper.queryByCode(code);
648-
if (processDefinition == null) {
648+
if (processDefinition == null || projectCode != processDefinition.getProjectCode()) {
649649
putMsg(result, Status.PROCESS_DEFINE_NOT_EXIST, code);
650650
return result;
651651
}
@@ -723,7 +723,7 @@ public Map<String, Object> releaseProcessDefinition(User loginUser, long project
723723
}
724724

725725
ProcessDefinition processDefinition = processDefinitionMapper.queryByCode(code);
726-
if (processDefinition == null) {
726+
if (processDefinition == null || projectCode != processDefinition.getProjectCode()) {
727727
putMsg(result, Status.PROCESS_DEFINE_NOT_EXIST, code);
728728
return result;
729729
}
@@ -778,7 +778,12 @@ public void batchExportProcessDefinitionByCodes(User loginUser, long projectCode
778778
}
779779
Set<Long> defineCodeSet = Lists.newArrayList(codes.split(Constants.COMMA)).stream().map(Long::parseLong).collect(Collectors.toSet());
780780
List<ProcessDefinition> processDefinitionList = processDefinitionMapper.queryByCodes(defineCodeSet);
781-
List<DagDataSchedule> dagDataSchedules = processDefinitionList.stream().map(this::exportProcessDagData).collect(Collectors.toList());
781+
if (CollectionUtils.isEmpty(processDefinitionList)) {
782+
return;
783+
}
784+
// check processDefinition exist in project
785+
List<ProcessDefinition> processDefinitionListInProject = processDefinitionList.stream().filter(o -> projectCode == o.getProjectCode()).collect(Collectors.toList());
786+
List<DagDataSchedule> dagDataSchedules = processDefinitionListInProject.stream().map(this::exportProcessDagData).collect(Collectors.toList());
782787
if (CollectionUtils.isNotEmpty(dagDataSchedules)) {
783788
downloadProcessDefinitionFile(response, dagDataSchedules);
784789
}
@@ -1060,7 +1065,7 @@ public Map<String, Object> getTaskNodeListByDefinitionCode(User loginUser, long
10601065
return result;
10611066
}
10621067
ProcessDefinition processDefinition = processDefinitionMapper.queryByCode(code);
1063-
if (processDefinition == null) {
1068+
if (processDefinition == null || projectCode != processDefinition.getProjectCode()) {
10641069
logger.info("process define not exists");
10651070
putMsg(result, Status.PROCESS_DEFINE_NOT_EXIST, code);
10661071
return result;
@@ -1096,8 +1101,15 @@ public Map<String, Object> getNodeListMapByDefinitionCodes(User loginUser, long
10961101
putMsg(result, Status.PROCESS_DEFINE_NOT_EXIST, codes);
10971102
return result;
10981103
}
1104+
// check processDefinition exist in project
1105+
List<ProcessDefinition> processDefinitionListInProject = processDefinitionList.stream().
1106+
filter(o -> projectCode == o.getProjectCode()).collect(Collectors.toList());
1107+
if (CollectionUtils.isEmpty(processDefinitionListInProject)) {
1108+
putMsg(result, Status.PROCESS_DEFINE_NOT_EXIST, codes);
1109+
return result;
1110+
}
10991111
Map<Long, List<TaskDefinition>> taskNodeMap = new HashMap<>();
1100-
for (ProcessDefinition processDefinition : processDefinitionList) {
1112+
for (ProcessDefinition processDefinition : processDefinitionListInProject) {
11011113
DagData dagData = processService.genDagData(processDefinition);
11021114
taskNodeMap.put(processDefinition.getCode(), dagData.getTaskDefinitionList());
11031115
}
@@ -1134,15 +1146,16 @@ public Map<String, Object> queryAllProcessDefinitionByProjectCode(User loginUser
11341146
/**
11351147
* Encapsulates the TreeView structure
11361148
*
1149+
* @param projectCode project code
11371150
* @param code process definition code
11381151
* @param limit limit
11391152
* @return tree view json data
11401153
*/
11411154
@Override
1142-
public Map<String, Object> viewTree(long code, Integer limit) {
1155+
public Map<String, Object> viewTree(long projectCode, long code, Integer limit) {
11431156
Map<String, Object> result = new HashMap<>();
11441157
ProcessDefinition processDefinition = processDefinitionMapper.queryByCode(code);
1145-
if (null == processDefinition) {
1158+
if (null == processDefinition || projectCode != processDefinition.getProjectCode()) {
11461159
logger.info("process define not exists");
11471160
putMsg(result, Status.PROCESS_DEFINE_NOT_EXIST, code);
11481161
return result;
@@ -1419,7 +1432,7 @@ public Map<String, Object> switchProcessDefinitionVersion(User loginUser, long p
14191432
}
14201433

14211434
ProcessDefinition processDefinition = processDefinitionMapper.queryByCode(code);
1422-
if (Objects.isNull(processDefinition)) {
1435+
if (Objects.isNull(processDefinition) || projectCode != processDefinition.getProjectCode()) {
14231436
putMsg(result, Status.SWITCH_PROCESS_DEFINITION_VERSION_NOT_EXIST_PROCESS_DEFINITION_ERROR, code);
14241437
return result;
14251438
}
@@ -1483,7 +1496,7 @@ public Result queryProcessDefinitionVersions(User loginUser, long projectCode, i
14831496
}
14841497
PageInfo<ProcessDefinitionLog> pageInfo = new PageInfo<>(pageNo, pageSize);
14851498
Page<ProcessDefinitionLog> page = new Page<>(pageNo, pageSize);
1486-
IPage<ProcessDefinitionLog> processDefinitionVersionsPaging = processDefinitionLogMapper.queryProcessDefinitionVersionsPaging(page, code);
1499+
IPage<ProcessDefinitionLog> processDefinitionVersionsPaging = processDefinitionLogMapper.queryProcessDefinitionVersionsPaging(page, code, projectCode);
14871500
List<ProcessDefinitionLog> processDefinitionLogs = processDefinitionVersionsPaging.getRecords();
14881501

14891502
pageInfo.setTotalList(processDefinitionLogs);
@@ -1514,7 +1527,7 @@ public Map<String, Object> deleteProcessDefinitionVersion(User loginUser, long p
15141527
}
15151528
ProcessDefinition processDefinition = processDefinitionMapper.queryByCode(code);
15161529

1517-
if (processDefinition == null) {
1530+
if (processDefinition == null || projectCode != processDefinition.getProjectCode()) {
15181531
putMsg(result, Status.PROCESS_DEFINE_NOT_EXIST, code);
15191532
} else {
15201533
if (processDefinition.getVersion() == version) {
@@ -1702,7 +1715,7 @@ public Map<String, Object> updateProcessDefinitionBasicInfo(User loginUser,
17021715

17031716
ProcessDefinition processDefinition = processDefinitionMapper.queryByCode(code);
17041717
// check process definition exists
1705-
if (processDefinition == null) {
1718+
if (processDefinition == null || projectCode != processDefinition.getProjectCode()) {
17061719
putMsg(result, Status.PROCESS_DEFINE_NOT_EXIST, code);
17071720
return result;
17081721
}

dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ProcessInstanceServiceImpl.java

Lines changed: 45 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -54,6 +54,7 @@
5454
import org.apache.dolphinscheduler.dao.entity.ProcessInstance;
5555
import org.apache.dolphinscheduler.dao.entity.ProcessTaskRelationLog;
5656
import org.apache.dolphinscheduler.dao.entity.Project;
57+
import org.apache.dolphinscheduler.dao.entity.TaskDefinition;
5758
import org.apache.dolphinscheduler.dao.entity.TaskDefinitionLog;
5859
import org.apache.dolphinscheduler.dao.entity.TaskInstance;
5960
import org.apache.dolphinscheduler.dao.entity.Tenant;
@@ -63,6 +64,7 @@
6364
import org.apache.dolphinscheduler.dao.mapper.ProcessInstanceMapper;
6465
import org.apache.dolphinscheduler.dao.mapper.ProjectMapper;
6566
import org.apache.dolphinscheduler.dao.mapper.TaskDefinitionLogMapper;
67+
import org.apache.dolphinscheduler.dao.mapper.TaskDefinitionMapper;
6668
import org.apache.dolphinscheduler.dao.mapper.TaskInstanceMapper;
6769
import org.apache.dolphinscheduler.dao.mapper.TenantMapper;
6870
import org.apache.dolphinscheduler.service.process.ProcessService;
@@ -140,6 +142,9 @@ public class ProcessInstanceServiceImpl extends BaseServiceImpl implements Proce
140142
@Autowired
141143
private TenantMapper tenantMapper;
142144

145+
@Autowired
146+
TaskDefinitionMapper taskDefinitionMapper;
147+
143148
/**
144149
* return top n SUCCESS process instance order by running time which started between startTime and endTime
145150
*/
@@ -175,7 +180,7 @@ public Map<String, Object> queryTopNLongestRunningProcessInstance(User loginUser
175180
return result;
176181
}
177182

178-
List<ProcessInstance> processInstances = processInstanceMapper.queryTopNProcessInstance(size, start, end, ExecutionStatus.SUCCESS);
183+
List<ProcessInstance> processInstances = processInstanceMapper.queryTopNProcessInstance(size, start, end, ExecutionStatus.SUCCESS, projectCode);
179184
result.put(DATA_LIST, processInstances);
180185
putMsg(result, Status.SUCCESS);
181186
return result;
@@ -202,7 +207,7 @@ public Map<String, Object> queryProcessInstanceById(User loginUser, long project
202207
ProcessDefinition processDefinition = processService.findProcessDefinition(processInstance.getProcessDefinitionCode(),
203208
processInstance.getProcessDefinitionVersion());
204209

205-
if (processDefinition == null) {
210+
if (processDefinition == null || projectCode != processDefinition.getProjectCode()) {
206211
putMsg(result, Status.PROCESS_DEFINE_NOT_EXIST, processId);
207212
} else {
208213
processInstance.setWarningGroupId(processDefinition.getWarningGroupId());
@@ -310,6 +315,11 @@ public Map<String, Object> queryTaskListByProcessId(User loginUser, long project
310315
return result;
311316
}
312317
ProcessInstance processInstance = processService.findProcessInstanceDetailById(processId);
318+
ProcessDefinition processDefinition = processDefineMapper.queryByCode(processInstance.getProcessDefinitionCode());
319+
if (processDefinition != null && projectCode != processDefinition.getProjectCode()) {
320+
putMsg(result, Status.PROCESS_INSTANCE_NOT_EXIST, processId);
321+
return result;
322+
}
313323
List<TaskInstance> taskInstanceList = processService.findValidTaskListByProcessId(processId);
314324
addDependResultForTaskList(taskInstanceList);
315325
Map<String, Object> resultMap = new HashMap<>();
@@ -389,6 +399,13 @@ public Map<String, Object> querySubProcessInstanceByTaskId(User loginUser, long
389399
putMsg(result, Status.TASK_INSTANCE_NOT_EXISTS, taskId);
390400
return result;
391401
}
402+
403+
TaskDefinition taskDefinition = taskDefinitionMapper.queryByCode(taskInstance.getTaskCode());
404+
if (taskDefinition != null && projectCode != taskDefinition.getProjectCode()) {
405+
putMsg(result, Status.TASK_INSTANCE_NOT_EXISTS, taskId);
406+
return result;
407+
}
408+
392409
if (!taskInstance.isSubProcess()) {
393410
putMsg(result, Status.TASK_INSTANCE_NOT_SUB_WORKFLOW_INSTANCE, taskInstance.getName());
394411
return result;
@@ -440,6 +457,12 @@ public Map<String, Object> updateProcessInstance(User loginUser, long projectCod
440457
putMsg(result, Status.PROCESS_INSTANCE_NOT_EXIST, processInstanceId);
441458
return result;
442459
}
460+
//check process instance exists in project
461+
ProcessDefinition processDefinition0 = processDefineMapper.queryByCode(processInstance.getProcessDefinitionCode());
462+
if (processDefinition0 != null && projectCode != processDefinition0.getProjectCode()) {
463+
putMsg(result, Status.PROCESS_INSTANCE_NOT_EXIST, processInstanceId);
464+
return result;
465+
}
443466
//check process instance status
444467
if (!processInstance.getState().typeIsFinished()) {
445468
putMsg(result, Status.PROCESS_INSTANCE_STATE_OPERATION_ERROR,
@@ -593,6 +616,12 @@ public Map<String, Object> deleteProcessInstanceById(User loginUser, long projec
593616
return result;
594617
}
595618

619+
ProcessDefinition processDefinition = processDefineMapper.queryByCode(processInstance.getProcessDefinitionCode());
620+
if (processDefinition != null && projectCode != processDefinition.getProjectCode()) {
621+
putMsg(result, Status.PROCESS_INSTANCE_NOT_EXIST, processInstanceId);
622+
return result;
623+
}
624+
596625
try {
597626
processService.removeTaskLogFile(processInstanceId);
598627
} catch (Exception e) {
@@ -617,11 +646,12 @@ public Map<String, Object> deleteProcessInstanceById(User loginUser, long projec
617646
/**
618647
* view process instance variables
619648
*
649+
* @param projectCode project code
620650
* @param processInstanceId process instance id
621651
* @return variables data
622652
*/
623653
@Override
624-
public Map<String, Object> viewVariables(Integer processInstanceId) {
654+
public Map<String, Object> viewVariables(long projectCode, Integer processInstanceId) {
625655
Map<String, Object> result = new HashMap<>();
626656

627657
ProcessInstance processInstance = processInstanceMapper.queryDetailById(processInstanceId);
@@ -630,6 +660,12 @@ public Map<String, Object> viewVariables(Integer processInstanceId) {
630660
throw new RuntimeException("workflow instance is null");
631661
}
632662

663+
ProcessDefinition processDefinition = processDefineMapper.queryByCode(processInstance.getProcessDefinitionCode());
664+
if (processDefinition != null && projectCode != processDefinition.getProjectCode()) {
665+
putMsg(result, Status.PROCESS_INSTANCE_NOT_EXIST, processInstanceId);
666+
return result;
667+
}
668+
633669
Map<String, String> timeParams = BusinessTimeUtils
634670
.getBusinessTime(processInstance.getCmdTypeIfComplement(),
635671
processInstance.getScheduleTime());
@@ -689,12 +725,13 @@ private Map<String, Map<String, Object>> getLocalParams(ProcessInstance processI
689725
/**
690726
* encapsulation gantt structure
691727
*
728+
* @param projectCode project code
692729
* @param processInstanceId process instance id
693730
* @return gantt tree data
694731
* @throws Exception exception when json parse
695732
*/
696733
@Override
697-
public Map<String, Object> viewGantt(Integer processInstanceId) throws Exception {
734+
public Map<String, Object> viewGantt(long projectCode, Integer processInstanceId) throws Exception {
698735
Map<String, Object> result = new HashMap<>();
699736

700737
ProcessInstance processInstance = processInstanceMapper.queryDetailById(processInstanceId);
@@ -707,6 +744,10 @@ public Map<String, Object> viewGantt(Integer processInstanceId) throws Exception
707744
processInstance.getProcessDefinitionCode(),
708745
processInstance.getProcessDefinitionVersion()
709746
);
747+
if (processDefinition != null && projectCode != processDefinition.getProjectCode()) {
748+
putMsg(result, Status.PROCESS_INSTANCE_NOT_EXIST, processInstanceId);
749+
return result;
750+
}
710751
GanttDto ganttDto = new GanttDto();
711752
DAG<String, TaskNode, TaskNodeRelation> dag = processService.genDagGraph(processDefinition);
712753
//topological sort

dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/controller/ProcessDefinitionControllerTest.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -340,7 +340,7 @@ public void testViewTree() throws Exception {
340340
Map<String, Object> result = new HashMap<>();
341341
putMsg(result, Status.SUCCESS);
342342

343-
Mockito.when(processDefinitionService.viewTree(processId, limit)).thenReturn(result);
343+
Mockito.when(processDefinitionService.viewTree(projectCode, processId, limit)).thenReturn(result);
344344
Result response = processDefinitionController.viewTree(user, projectCode, processId, limit);
345345

346346
Assert.assertTrue(response != null && response.isSuccess());

0 commit comments

Comments
 (0)