[INLONG-7835][Manager] The permission is removed when a user is delet…

…ed (#7836)
apache · Apr 13, 2023 · 5ad8701 · 5ad8701
1 parent 1a82f43
commit 5ad8701
Show file tree

Hide file tree

Showing 6 changed files with 163 additions and 5 deletions.
diff --git a/inlong-manager/manager-dao/src/main/resources/mappers/InlongClusterTagEntityMapper.xml b/inlong-manager/manager-dao/src/main/resources/mappers/InlongClusterTagEntityMapper.xml
@@ -70,6 +70,11 @@
         from inlong_cluster_tag
         <where>
             is_deleted = 0
+            <if test="isAdminRole == false">
+                and (
+                creator = #{currentUser, jdbcType=VARCHAR} or find_in_set(#{currentUser, jdbcType=VARCHAR}, in_charges)
+                )
+            </if>
             <if test="keyword != null and keyword != ''">
                 and cluster_tag like CONCAT('%', #{keyword}, '%')
             </if>

diff --git a/...ager-pojo/src/main/java/org/apache/inlong/manager/pojo/cluster/ClusterTagPageRequest.java b/...ager-pojo/src/main/java/org/apache/inlong/manager/pojo/cluster/ClusterTagPageRequest.java
@@ -46,4 +46,7 @@ public class ClusterTagPageRequest extends PageRequest {
     @ApiModelProperty(value = "Current user", hidden = true)
     private String currentUser;
 
+    @ApiModelProperty(value = "Whether the current user is in the administrator role", hidden = true)
+    private Boolean isAdminRole;
+
 }
diff --git a/...g-manager/manager-pojo/src/main/java/org/apache/inlong/manager/pojo/user/UserRequest.java b/...g-manager/manager-pojo/src/main/java/org/apache/inlong/manager/pojo/user/UserRequest.java
@@ -24,6 +24,7 @@
 import lombok.Data;
 import lombok.EqualsAndHashCode;
 import lombok.NoArgsConstructor;
+import org.apache.inlong.manager.common.validation.UpdateValidation;
 import org.apache.inlong.manager.pojo.common.PageRequest;
 import org.apache.inlong.manager.common.enums.UserTypeEnum;
 import org.apache.inlong.manager.common.validation.InEnumInt;
@@ -61,19 +62,19 @@ public class UserRequest extends PageRequest {
     private String password;
 
     @ApiModelProperty(value = "New password, is required if needs updated")
-    @Length(min = 6, max = 64, message = "length must be between 6 and 64")
+    @Length(groups = UpdateValidation.class, min = 6, max = 64, message = "length must be between 6 and 64")
     private String newPassword;
 
     @ApiModelProperty("Secret key")
-    @Length(min = 1, max = 256, message = "length must be between 1 and 256")
+    @Length(groups = UpdateValidation.class, min = 1, max = 256, message = "length must be between 1 and 256")
     private String secretKey;
 
     @ApiModelProperty("Public key")
-    @Length(min = 1, max = 163840, message = "length must be between 1 and 163840")
+    @Length(groups = UpdateValidation.class, min = 1, max = 163840, message = "length must be between 1 and 163840")
     private String publicKey;
 
     @ApiModelProperty("Private key")
-    @Length(min = 1, max = 163840, message = "length must be between 1 and 163840")
+    @Length(groups = UpdateValidation.class, min = 1, max = 163840, message = "length must be between 1 and 163840")
     private String privateKey;
 
     @ApiModelProperty("Encryption key version")
@@ -94,7 +95,6 @@ public class UserRequest extends PageRequest {
     private Integer version;
 
     @ApiModelProperty(value = "Extension json info")
-    @Length(min = 1, max = 163840, message = "length must be between 1 and 163840")
     private String extParams;
 
 }
diff --git a/...manager-service/src/main/java/org/apache/inlong/manager/service/user/UserServiceImpl.java b/...manager-service/src/main/java/org/apache/inlong/manager/service/user/UserServiceImpl.java
@@ -19,6 +19,8 @@
 
 import com.github.pagehelper.Page;
 import com.github.pagehelper.PageHelper;
+import com.google.common.base.Joiner;
+import com.google.common.collect.Sets;
 import org.apache.commons.lang3.RandomStringUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.inlong.manager.common.consts.InlongConstants;
@@ -31,9 +33,24 @@
 import org.apache.inlong.manager.common.util.Preconditions;
 import org.apache.inlong.manager.common.util.RSAUtils;
 import org.apache.inlong.manager.common.util.SHAUtils;
+import org.apache.inlong.manager.dao.entity.DataNodeEntity;
+import org.apache.inlong.manager.dao.entity.InlongClusterEntity;
+import org.apache.inlong.manager.dao.entity.InlongClusterTagEntity;
+import org.apache.inlong.manager.dao.entity.InlongConsumeEntity;
+import org.apache.inlong.manager.dao.entity.InlongGroupEntity;
 import org.apache.inlong.manager.dao.entity.UserEntity;
+import org.apache.inlong.manager.dao.mapper.DataNodeEntityMapper;
+import org.apache.inlong.manager.dao.mapper.InlongClusterEntityMapper;
+import org.apache.inlong.manager.dao.mapper.InlongClusterTagEntityMapper;
+import org.apache.inlong.manager.dao.mapper.InlongConsumeEntityMapper;
+import org.apache.inlong.manager.dao.mapper.InlongGroupEntityMapper;
 import org.apache.inlong.manager.dao.mapper.UserEntityMapper;
+import org.apache.inlong.manager.pojo.cluster.ClusterPageRequest;
+import org.apache.inlong.manager.pojo.cluster.ClusterTagPageRequest;
 import org.apache.inlong.manager.pojo.common.PageResult;
+import org.apache.inlong.manager.pojo.consume.InlongConsumePageRequest;
+import org.apache.inlong.manager.pojo.group.InlongGroupPageRequest;
+import org.apache.inlong.manager.pojo.node.DataNodePageRequest;
 import org.apache.inlong.manager.pojo.user.UserInfo;
 import org.apache.inlong.manager.pojo.user.UserLoginLockStatus;
 import org.apache.inlong.manager.pojo.user.UserLoginRequest;
@@ -54,6 +71,7 @@
 import java.util.List;
 import java.util.Map;
 import java.util.Objects;
+import java.util.Set;
 import java.util.concurrent.ConcurrentHashMap;
 
 /**
@@ -76,6 +94,16 @@ public class UserServiceImpl implements UserService {
 
     @Autowired
     private UserEntityMapper userMapper;
+    @Autowired
+    private InlongGroupEntityMapper groupMapper;
+    @Autowired
+    private InlongClusterEntityMapper clusterMapper;
+    @Autowired
+    private InlongClusterTagEntityMapper clusterTagMapper;
+    @Autowired
+    private DataNodeEntityMapper dataNodeMapper;
+    @Autowired
+    private InlongConsumeEntityMapper consumeMapper;
 
     @Override
     public Integer save(UserRequest request, String currentUser) {
@@ -256,6 +284,12 @@ public Boolean delete(Integer userId, String currentUser) {
                 "Current user is not a manager and does not have permission to delete users");
         Preconditions.expectTrue(!Objects.equals(entity.getName(), currentUser),
                 "Current user does not have permission to delete himself");
+        String userName = entity.getName();
+        removeInChargeForGroup(userName, currentUser);
+        removeInChargeForCluster(userName, currentUser);
+        removeInChargeForClusterTag(userName, currentUser);
+        removeInChargeForDataNode(userName, currentUser);
+        removeInChargeForConsume(userName, currentUser);
         userMapper.deleteById(userId);
 
         LOGGER.debug("success to delete user by id={}, current user={}", userId, currentUser);
@@ -314,4 +348,116 @@ public void checkUser(String inCharges, String user, String errMsg) {
                 errMsg);
     }
 
+    public void removeInChargeForGroup(String user, String operator) {
+        InlongGroupPageRequest pageRequest = new InlongGroupPageRequest();
+        pageRequest.setCurrentUser(user);
+        pageRequest.setIsAdminRole(false);
+        for (InlongGroupEntity groupEntity : groupMapper.selectByCondition(pageRequest)) {
+            if (Objects.equals(groupEntity.getCreator(), user)) {
+                groupEntity.setCreator("admin");
+            }
+            Set<String> inChargeSet = Sets.newHashSet(groupEntity.getInCharges().split(InlongConstants.COMMA));
+            inChargeSet.remove(user);
+            String updateInCharge = Joiner.on(",").join(inChargeSet);
+            groupEntity.setInCharges(updateInCharge);
+            groupEntity.setModifier(operator);
+            int rowCount = groupMapper.updateByIdentifierSelective(groupEntity);
+            if (rowCount != InlongConstants.AFFECTED_ONE_ROW) {
+                throw new BusinessException(ErrorCodeEnum.CONFIG_EXPIRED,
+                        String.format("record has already updated with group id=%s, curVersion=%d",
+                                groupEntity.getInlongGroupId(), groupEntity.getVersion()));
+            }
+        }
+    }
+
+    public void removeInChargeForCluster(String user, String operator) {
+        ClusterPageRequest pageRequest = new ClusterPageRequest();
+        pageRequest.setCurrentUser(user);
+        pageRequest.setIsAdminRole(false);
+        for (InlongClusterEntity clusterEntity : clusterMapper.selectByCondition(pageRequest)) {
+            if (Objects.equals(clusterEntity.getCreator(), user)) {
+                clusterEntity.setCreator("admin");
+            }
+            Set<String> inChargeSet = Sets.newHashSet(clusterEntity.getInCharges().split(InlongConstants.COMMA));
+            inChargeSet.remove(user);
+            String updateInCharge = Joiner.on(",").join(inChargeSet);
+            clusterEntity.setInCharges(updateInCharge);
+            clusterEntity.setModifier(operator);
+            int rowCount = clusterMapper.updateByIdSelective(clusterEntity);
+            if (rowCount != InlongConstants.AFFECTED_ONE_ROW) {
+                throw new BusinessException(ErrorCodeEnum.CONFIG_EXPIRED,
+                        String.format("cluster has already updated with name=%s, type=%s, curVersion=%d",
+                                clusterEntity.getName(), clusterEntity.getType(), clusterEntity.getVersion()));
+            }
+        }
+    }
+
+    public void removeInChargeForClusterTag(String user, String operator) {
+        ClusterTagPageRequest pageRequest = new ClusterTagPageRequest();
+        pageRequest.setCurrentUser(user);
+        pageRequest.setIsAdminRole(false);
+        for (InlongClusterTagEntity clusterTagEntity : clusterTagMapper.selectByCondition(pageRequest)) {
+            if (Objects.equals(clusterTagEntity.getCreator(), user)) {
+                clusterTagEntity.setCreator("admin");
+            }
+            Set<String> inChargeSet = Sets.newHashSet(clusterTagEntity.getInCharges().split(InlongConstants.COMMA));
+            inChargeSet.remove(user);
+            String updateInCharge = Joiner.on(",").join(inChargeSet);
+            clusterTagEntity.setInCharges(updateInCharge);
+            clusterTagEntity.setModifier(operator);
+            int rowCount = clusterTagMapper.updateByIdSelective(clusterTagEntity);
+            if (rowCount != InlongConstants.AFFECTED_ONE_ROW) {
+                throw new BusinessException(ErrorCodeEnum.CONFIG_EXPIRED,
+                        String.format("cluster tag has already updated with name=%s, curVersion=%s",
+                                clusterTagEntity.getClusterTag(), clusterTagEntity.getVersion()));
+            }
+        }
+    }
+
+    public void removeInChargeForDataNode(String user, String operator) {
+        DataNodePageRequest pageRequest = new DataNodePageRequest();
+        pageRequest.setCurrentUser(user);
+        pageRequest.setIsAdminRole(false);
+        for (DataNodeEntity dataNodeEntity : dataNodeMapper.selectByCondition(pageRequest)) {
+            if (Objects.equals(dataNodeEntity.getCreator(), user)) {
+                dataNodeEntity.setCreator("admin");
+            }
+            Set<String> inChargeSet = Sets.newHashSet(dataNodeEntity.getInCharges().split(InlongConstants.COMMA));
+            inChargeSet.remove(user);
+            String updateInCharge = Joiner.on(",").join(inChargeSet);
+            dataNodeEntity.setInCharges(updateInCharge);
+            dataNodeEntity.setModifier(operator);
+            int rowCount = dataNodeMapper.updateByIdSelective(dataNodeEntity);
+            if (rowCount != InlongConstants.AFFECTED_ONE_ROW) {
+                throw new BusinessException(ErrorCodeEnum.CONFIG_EXPIRED,
+                        String.format(
+                                "failure to update data node with name=%s, type=%s, request version=%d, updated row=%d",
+                                dataNodeEntity.getName(), dataNodeEntity.getType(), dataNodeEntity.getVersion(),
+                                rowCount));
+            }
+        }
+    }
+
+    public void removeInChargeForConsume(String user, String operator) {
+        InlongConsumePageRequest pageRequest = new InlongConsumePageRequest();
+        pageRequest.setCurrentUser(user);
+        pageRequest.setIsAdminRole(false);
+        for (InlongConsumeEntity consumeEntity : consumeMapper.selectByCondition(pageRequest)) {
+            if (Objects.equals(consumeEntity.getCreator(), user)) {
+                consumeEntity.setCreator("admin");
+            }
+            Set<String> inChargeSet = Sets.newHashSet(consumeEntity.getInCharges().split(InlongConstants.COMMA));
+            inChargeSet.remove(user);
+            String updateInCharge = Joiner.on(",").join(inChargeSet);
+            consumeEntity.setInCharges(updateInCharge);
+            consumeEntity.setModifier(operator);
+            int rowCount = consumeMapper.updateByIdSelective(consumeEntity);
+            if (rowCount != InlongConstants.AFFECTED_ONE_ROW) {
+                LOGGER.error("inlong consume has already updated, id={}, curVersion={}",
+                        consumeEntity.getId(), consumeEntity.getVersion());
+                throw new BusinessException(ErrorCodeEnum.CONFIG_EXPIRED);
+            }
+        }
+    }
+
 }
diff --git a/...er/manager-web/src/main/java/org/apache/inlong/manager/web/controller/AnnoController.java b/...er/manager-web/src/main/java/org/apache/inlong/manager/web/controller/AnnoController.java
@@ -22,9 +22,11 @@
 import org.apache.inlong.manager.pojo.common.Response;
 import org.apache.inlong.manager.pojo.user.UserLoginRequest;
 import org.apache.inlong.manager.pojo.user.UserRequest;
+import org.apache.inlong.manager.pojo.user.UserRoleCode;
 import org.apache.inlong.manager.service.user.LoginUserUtils;
 import org.apache.inlong.manager.service.user.UserService;
 import org.apache.shiro.SecurityUtils;
+import org.apache.shiro.authz.annotation.RequiresRoles;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.GetMapping;
@@ -52,6 +54,7 @@ public Response<Boolean> login(@Validated @RequestBody UserLoginRequest loginReq
     }
 
     @PostMapping("/anno/register")
+    @RequiresRoles(value = UserRoleCode.ADMIN)
     public Response<Integer> register(@Validated @RequestBody UserRequest request) {
         String currentUser = LoginUserUtils.getLoginUser().getName();
         return Response.success(userService.save(request, currentUser));

diff --git a/...r-web/src/main/java/org/apache/inlong/manager/web/controller/InlongClusterController.java b/...r-web/src/main/java/org/apache/inlong/manager/web/controller/InlongClusterController.java
@@ -90,6 +90,7 @@ public Response<ClusterTagResponse> getTag(@PathVariable Integer id) {
     @ApiOperation(value = "List cluster tags")
     public Response<PageResult<ClusterTagResponse>> listTag(@RequestBody ClusterTagPageRequest request) {
         request.setCurrentUser(LoginUserUtils.getLoginUser().getName());
+        request.setIsAdminRole(LoginUserUtils.getLoginUser().getRoles().contains(UserTypeEnum.ADMIN.name()));
         return Response.success(clusterService.listTag(request));
     }