diff --git a/inlong-manager/manager-dao/src/main/resources/mappers/InlongClusterTagEntityMapper.xml b/inlong-manager/manager-dao/src/main/resources/mappers/InlongClusterTagEntityMapper.xml index 70543233837..45ba9be610b 100644 --- a/inlong-manager/manager-dao/src/main/resources/mappers/InlongClusterTagEntityMapper.xml +++ b/inlong-manager/manager-dao/src/main/resources/mappers/InlongClusterTagEntityMapper.xml @@ -70,6 +70,11 @@ from inlong_cluster_tag is_deleted = 0 + + and ( + creator = #{currentUser, jdbcType=VARCHAR} or find_in_set(#{currentUser, jdbcType=VARCHAR}, in_charges) + ) + and cluster_tag like CONCAT('%', #{keyword}, '%') diff --git a/inlong-manager/manager-pojo/src/main/java/org/apache/inlong/manager/pojo/cluster/ClusterTagPageRequest.java b/inlong-manager/manager-pojo/src/main/java/org/apache/inlong/manager/pojo/cluster/ClusterTagPageRequest.java index 4bc9ec453f2..379426714d3 100644 --- a/inlong-manager/manager-pojo/src/main/java/org/apache/inlong/manager/pojo/cluster/ClusterTagPageRequest.java +++ b/inlong-manager/manager-pojo/src/main/java/org/apache/inlong/manager/pojo/cluster/ClusterTagPageRequest.java @@ -46,4 +46,7 @@ public class ClusterTagPageRequest extends PageRequest { @ApiModelProperty(value = "Current user", hidden = true) private String currentUser; + @ApiModelProperty(value = "Whether the current user is in the administrator role", hidden = true) + private Boolean isAdminRole; + } diff --git a/inlong-manager/manager-pojo/src/main/java/org/apache/inlong/manager/pojo/user/UserRequest.java b/inlong-manager/manager-pojo/src/main/java/org/apache/inlong/manager/pojo/user/UserRequest.java index 7aadfca45c0..3488f7d5f94 100644 --- a/inlong-manager/manager-pojo/src/main/java/org/apache/inlong/manager/pojo/user/UserRequest.java +++ b/inlong-manager/manager-pojo/src/main/java/org/apache/inlong/manager/pojo/user/UserRequest.java @@ -24,6 +24,7 @@ import lombok.Data; import lombok.EqualsAndHashCode; import lombok.NoArgsConstructor; +import org.apache.inlong.manager.common.validation.UpdateValidation; import org.apache.inlong.manager.pojo.common.PageRequest; import org.apache.inlong.manager.common.enums.UserTypeEnum; import org.apache.inlong.manager.common.validation.InEnumInt; @@ -61,19 +62,19 @@ public class UserRequest extends PageRequest { private String password; @ApiModelProperty(value = "New password, is required if needs updated") - @Length(min = 6, max = 64, message = "length must be between 6 and 64") + @Length(groups = UpdateValidation.class, min = 6, max = 64, message = "length must be between 6 and 64") private String newPassword; @ApiModelProperty("Secret key") - @Length(min = 1, max = 256, message = "length must be between 1 and 256") + @Length(groups = UpdateValidation.class, min = 1, max = 256, message = "length must be between 1 and 256") private String secretKey; @ApiModelProperty("Public key") - @Length(min = 1, max = 163840, message = "length must be between 1 and 163840") + @Length(groups = UpdateValidation.class, min = 1, max = 163840, message = "length must be between 1 and 163840") private String publicKey; @ApiModelProperty("Private key") - @Length(min = 1, max = 163840, message = "length must be between 1 and 163840") + @Length(groups = UpdateValidation.class, min = 1, max = 163840, message = "length must be between 1 and 163840") private String privateKey; @ApiModelProperty("Encryption key version") @@ -94,7 +95,6 @@ public class UserRequest extends PageRequest { private Integer version; @ApiModelProperty(value = "Extension json info") - @Length(min = 1, max = 163840, message = "length must be between 1 and 163840") private String extParams; } diff --git a/inlong-manager/manager-service/src/main/java/org/apache/inlong/manager/service/user/UserServiceImpl.java b/inlong-manager/manager-service/src/main/java/org/apache/inlong/manager/service/user/UserServiceImpl.java index 152073d7da1..43899750d04 100644 --- a/inlong-manager/manager-service/src/main/java/org/apache/inlong/manager/service/user/UserServiceImpl.java +++ b/inlong-manager/manager-service/src/main/java/org/apache/inlong/manager/service/user/UserServiceImpl.java @@ -19,6 +19,8 @@ import com.github.pagehelper.Page; import com.github.pagehelper.PageHelper; +import com.google.common.base.Joiner; +import com.google.common.collect.Sets; import org.apache.commons.lang3.RandomStringUtils; import org.apache.commons.lang3.StringUtils; import org.apache.inlong.manager.common.consts.InlongConstants; @@ -31,9 +33,24 @@ import org.apache.inlong.manager.common.util.Preconditions; import org.apache.inlong.manager.common.util.RSAUtils; import org.apache.inlong.manager.common.util.SHAUtils; +import org.apache.inlong.manager.dao.entity.DataNodeEntity; +import org.apache.inlong.manager.dao.entity.InlongClusterEntity; +import org.apache.inlong.manager.dao.entity.InlongClusterTagEntity; +import org.apache.inlong.manager.dao.entity.InlongConsumeEntity; +import org.apache.inlong.manager.dao.entity.InlongGroupEntity; import org.apache.inlong.manager.dao.entity.UserEntity; +import org.apache.inlong.manager.dao.mapper.DataNodeEntityMapper; +import org.apache.inlong.manager.dao.mapper.InlongClusterEntityMapper; +import org.apache.inlong.manager.dao.mapper.InlongClusterTagEntityMapper; +import org.apache.inlong.manager.dao.mapper.InlongConsumeEntityMapper; +import org.apache.inlong.manager.dao.mapper.InlongGroupEntityMapper; import org.apache.inlong.manager.dao.mapper.UserEntityMapper; +import org.apache.inlong.manager.pojo.cluster.ClusterPageRequest; +import org.apache.inlong.manager.pojo.cluster.ClusterTagPageRequest; import org.apache.inlong.manager.pojo.common.PageResult; +import org.apache.inlong.manager.pojo.consume.InlongConsumePageRequest; +import org.apache.inlong.manager.pojo.group.InlongGroupPageRequest; +import org.apache.inlong.manager.pojo.node.DataNodePageRequest; import org.apache.inlong.manager.pojo.user.UserInfo; import org.apache.inlong.manager.pojo.user.UserLoginLockStatus; import org.apache.inlong.manager.pojo.user.UserLoginRequest; @@ -54,6 +71,7 @@ import java.util.List; import java.util.Map; import java.util.Objects; +import java.util.Set; import java.util.concurrent.ConcurrentHashMap; /** @@ -76,6 +94,16 @@ public class UserServiceImpl implements UserService { @Autowired private UserEntityMapper userMapper; + @Autowired + private InlongGroupEntityMapper groupMapper; + @Autowired + private InlongClusterEntityMapper clusterMapper; + @Autowired + private InlongClusterTagEntityMapper clusterTagMapper; + @Autowired + private DataNodeEntityMapper dataNodeMapper; + @Autowired + private InlongConsumeEntityMapper consumeMapper; @Override public Integer save(UserRequest request, String currentUser) { @@ -256,6 +284,12 @@ public Boolean delete(Integer userId, String currentUser) { "Current user is not a manager and does not have permission to delete users"); Preconditions.expectTrue(!Objects.equals(entity.getName(), currentUser), "Current user does not have permission to delete himself"); + String userName = entity.getName(); + removeInChargeForGroup(userName, currentUser); + removeInChargeForCluster(userName, currentUser); + removeInChargeForClusterTag(userName, currentUser); + removeInChargeForDataNode(userName, currentUser); + removeInChargeForConsume(userName, currentUser); userMapper.deleteById(userId); LOGGER.debug("success to delete user by id={}, current user={}", userId, currentUser); @@ -314,4 +348,116 @@ public void checkUser(String inCharges, String user, String errMsg) { errMsg); } + public void removeInChargeForGroup(String user, String operator) { + InlongGroupPageRequest pageRequest = new InlongGroupPageRequest(); + pageRequest.setCurrentUser(user); + pageRequest.setIsAdminRole(false); + for (InlongGroupEntity groupEntity : groupMapper.selectByCondition(pageRequest)) { + if (Objects.equals(groupEntity.getCreator(), user)) { + groupEntity.setCreator("admin"); + } + Set inChargeSet = Sets.newHashSet(groupEntity.getInCharges().split(InlongConstants.COMMA)); + inChargeSet.remove(user); + String updateInCharge = Joiner.on(",").join(inChargeSet); + groupEntity.setInCharges(updateInCharge); + groupEntity.setModifier(operator); + int rowCount = groupMapper.updateByIdentifierSelective(groupEntity); + if (rowCount != InlongConstants.AFFECTED_ONE_ROW) { + throw new BusinessException(ErrorCodeEnum.CONFIG_EXPIRED, + String.format("record has already updated with group id=%s, curVersion=%d", + groupEntity.getInlongGroupId(), groupEntity.getVersion())); + } + } + } + + public void removeInChargeForCluster(String user, String operator) { + ClusterPageRequest pageRequest = new ClusterPageRequest(); + pageRequest.setCurrentUser(user); + pageRequest.setIsAdminRole(false); + for (InlongClusterEntity clusterEntity : clusterMapper.selectByCondition(pageRequest)) { + if (Objects.equals(clusterEntity.getCreator(), user)) { + clusterEntity.setCreator("admin"); + } + Set inChargeSet = Sets.newHashSet(clusterEntity.getInCharges().split(InlongConstants.COMMA)); + inChargeSet.remove(user); + String updateInCharge = Joiner.on(",").join(inChargeSet); + clusterEntity.setInCharges(updateInCharge); + clusterEntity.setModifier(operator); + int rowCount = clusterMapper.updateByIdSelective(clusterEntity); + if (rowCount != InlongConstants.AFFECTED_ONE_ROW) { + throw new BusinessException(ErrorCodeEnum.CONFIG_EXPIRED, + String.format("cluster has already updated with name=%s, type=%s, curVersion=%d", + clusterEntity.getName(), clusterEntity.getType(), clusterEntity.getVersion())); + } + } + } + + public void removeInChargeForClusterTag(String user, String operator) { + ClusterTagPageRequest pageRequest = new ClusterTagPageRequest(); + pageRequest.setCurrentUser(user); + pageRequest.setIsAdminRole(false); + for (InlongClusterTagEntity clusterTagEntity : clusterTagMapper.selectByCondition(pageRequest)) { + if (Objects.equals(clusterTagEntity.getCreator(), user)) { + clusterTagEntity.setCreator("admin"); + } + Set inChargeSet = Sets.newHashSet(clusterTagEntity.getInCharges().split(InlongConstants.COMMA)); + inChargeSet.remove(user); + String updateInCharge = Joiner.on(",").join(inChargeSet); + clusterTagEntity.setInCharges(updateInCharge); + clusterTagEntity.setModifier(operator); + int rowCount = clusterTagMapper.updateByIdSelective(clusterTagEntity); + if (rowCount != InlongConstants.AFFECTED_ONE_ROW) { + throw new BusinessException(ErrorCodeEnum.CONFIG_EXPIRED, + String.format("cluster tag has already updated with name=%s, curVersion=%s", + clusterTagEntity.getClusterTag(), clusterTagEntity.getVersion())); + } + } + } + + public void removeInChargeForDataNode(String user, String operator) { + DataNodePageRequest pageRequest = new DataNodePageRequest(); + pageRequest.setCurrentUser(user); + pageRequest.setIsAdminRole(false); + for (DataNodeEntity dataNodeEntity : dataNodeMapper.selectByCondition(pageRequest)) { + if (Objects.equals(dataNodeEntity.getCreator(), user)) { + dataNodeEntity.setCreator("admin"); + } + Set inChargeSet = Sets.newHashSet(dataNodeEntity.getInCharges().split(InlongConstants.COMMA)); + inChargeSet.remove(user); + String updateInCharge = Joiner.on(",").join(inChargeSet); + dataNodeEntity.setInCharges(updateInCharge); + dataNodeEntity.setModifier(operator); + int rowCount = dataNodeMapper.updateByIdSelective(dataNodeEntity); + if (rowCount != InlongConstants.AFFECTED_ONE_ROW) { + throw new BusinessException(ErrorCodeEnum.CONFIG_EXPIRED, + String.format( + "failure to update data node with name=%s, type=%s, request version=%d, updated row=%d", + dataNodeEntity.getName(), dataNodeEntity.getType(), dataNodeEntity.getVersion(), + rowCount)); + } + } + } + + public void removeInChargeForConsume(String user, String operator) { + InlongConsumePageRequest pageRequest = new InlongConsumePageRequest(); + pageRequest.setCurrentUser(user); + pageRequest.setIsAdminRole(false); + for (InlongConsumeEntity consumeEntity : consumeMapper.selectByCondition(pageRequest)) { + if (Objects.equals(consumeEntity.getCreator(), user)) { + consumeEntity.setCreator("admin"); + } + Set inChargeSet = Sets.newHashSet(consumeEntity.getInCharges().split(InlongConstants.COMMA)); + inChargeSet.remove(user); + String updateInCharge = Joiner.on(",").join(inChargeSet); + consumeEntity.setInCharges(updateInCharge); + consumeEntity.setModifier(operator); + int rowCount = consumeMapper.updateByIdSelective(consumeEntity); + if (rowCount != InlongConstants.AFFECTED_ONE_ROW) { + LOGGER.error("inlong consume has already updated, id={}, curVersion={}", + consumeEntity.getId(), consumeEntity.getVersion()); + throw new BusinessException(ErrorCodeEnum.CONFIG_EXPIRED); + } + } + } + } diff --git a/inlong-manager/manager-web/src/main/java/org/apache/inlong/manager/web/controller/AnnoController.java b/inlong-manager/manager-web/src/main/java/org/apache/inlong/manager/web/controller/AnnoController.java index cf0e8c074b4..0a746944358 100644 --- a/inlong-manager/manager-web/src/main/java/org/apache/inlong/manager/web/controller/AnnoController.java +++ b/inlong-manager/manager-web/src/main/java/org/apache/inlong/manager/web/controller/AnnoController.java @@ -22,9 +22,11 @@ import org.apache.inlong.manager.pojo.common.Response; import org.apache.inlong.manager.pojo.user.UserLoginRequest; import org.apache.inlong.manager.pojo.user.UserRequest; +import org.apache.inlong.manager.pojo.user.UserRoleCode; import org.apache.inlong.manager.service.user.LoginUserUtils; import org.apache.inlong.manager.service.user.UserService; import org.apache.shiro.SecurityUtils; +import org.apache.shiro.authz.annotation.RequiresRoles; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.validation.annotation.Validated; import org.springframework.web.bind.annotation.GetMapping; @@ -52,6 +54,7 @@ public Response login(@Validated @RequestBody UserLoginRequest loginReq } @PostMapping("/anno/register") + @RequiresRoles(value = UserRoleCode.ADMIN) public Response register(@Validated @RequestBody UserRequest request) { String currentUser = LoginUserUtils.getLoginUser().getName(); return Response.success(userService.save(request, currentUser)); diff --git a/inlong-manager/manager-web/src/main/java/org/apache/inlong/manager/web/controller/InlongClusterController.java b/inlong-manager/manager-web/src/main/java/org/apache/inlong/manager/web/controller/InlongClusterController.java index 3679657c215..8d39fb19d35 100644 --- a/inlong-manager/manager-web/src/main/java/org/apache/inlong/manager/web/controller/InlongClusterController.java +++ b/inlong-manager/manager-web/src/main/java/org/apache/inlong/manager/web/controller/InlongClusterController.java @@ -90,6 +90,7 @@ public Response getTag(@PathVariable Integer id) { @ApiOperation(value = "List cluster tags") public Response> listTag(@RequestBody ClusterTagPageRequest request) { request.setCurrentUser(LoginUserUtils.getLoginUser().getName()); + request.setIsAdminRole(LoginUserUtils.getLoginUser().getRoles().contains(UserTypeEnum.ADMIN.name())); return Response.success(clusterService.listTag(request)); }