From 216b9b49d8a3d3b01455da2b92994d68878aecc8 Mon Sep 17 00:00:00 2001 From: fuweng11 <76141879+fuweng11@users.noreply.github.com> Date: Mon, 1 May 2023 15:14:14 +0800 Subject: [PATCH] [INLONG-7946][Manager] Add user authentication when bind clusterTag (#7947) --- .../service/cluster/InlongClusterServiceImpl.java | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/inlong-manager/manager-service/src/main/java/org/apache/inlong/manager/service/cluster/InlongClusterServiceImpl.java b/inlong-manager/manager-service/src/main/java/org/apache/inlong/manager/service/cluster/InlongClusterServiceImpl.java index c1b06627af7..be32bed286e 100644 --- a/inlong-manager/manager-service/src/main/java/org/apache/inlong/manager/service/cluster/InlongClusterServiceImpl.java +++ b/inlong-manager/manager-service/src/main/java/org/apache/inlong/manager/service/cluster/InlongClusterServiceImpl.java @@ -664,6 +664,8 @@ public Boolean bindTag(BindTagRequest request, String operator) { if (CollectionUtils.isNotEmpty(request.getBindClusters())) { request.getBindClusters().forEach(id -> { InlongClusterEntity entity = clusterMapper.selectById(id); + userService.checkUser(entity.getInCharges(), operator, + "Current user does not have permission to bind or unbind cluster tag"); Set tagSet = Sets.newHashSet(entity.getClusterTags().split(InlongConstants.COMMA)); tagSet.add(clusterTag); String updateTags = Joiner.on(",").join(tagSet); @@ -681,6 +683,10 @@ public Boolean bindTag(BindTagRequest request, String operator) { if (CollectionUtils.isNotEmpty(request.getUnbindClusters())) { request.getUnbindClusters().forEach(id -> { InlongClusterEntity entity = clusterMapper.selectById(id); + String errMsg = String.format( + "Current user does not have permission to bind or unbind cluster tag for cluster by id=%s, name=%s", + entity.getId(), entity.getName()); + userService.checkUser(entity.getInCharges(), operator, errMsg); this.removeClusterTag(entity, clusterTag, operator); }); } @@ -697,6 +703,10 @@ public Boolean bindTag(BindTagRequest request, UserInfo opInfo) { if (CollectionUtils.isNotEmpty(request.getBindClusters())) { request.getBindClusters().forEach(id -> { InlongClusterEntity entity = clusterMapper.selectById(id); + String errMsg = String.format( + "Current user does not have permission to bind or unbind cluster tag for cluster by id=%s, name=%s", + entity.getId(), entity.getName()); + userService.checkUser(entity.getInCharges(), opInfo.getName(), errMsg); Set tagSet = Sets.newHashSet(entity.getClusterTags().split(InlongConstants.COMMA)); tagSet.add(request.getClusterTag()); String updateTags = Joiner.on(",").join(tagSet); @@ -713,6 +723,10 @@ public Boolean bindTag(BindTagRequest request, UserInfo opInfo) { if (CollectionUtils.isNotEmpty(request.getUnbindClusters())) { request.getUnbindClusters().forEach(id -> { InlongClusterEntity entity = clusterMapper.selectById(id); + String errMsg = String.format( + "Current user does not have permission to bind or unbind cluster tag for cluster by id=%s, name=%s", + entity.getId(), entity.getName()); + userService.checkUser(entity.getInCharges(), opInfo.getName(), errMsg); Set tagSet = Sets.newHashSet(entity.getClusterTags().split(InlongConstants.COMMA)); tagSet.remove(request.getClusterTag()); String updateTags = Joiner.on(",").join(tagSet);