From e05199f4c3eb3cd9d2f9c45fd11a01654e016ba5 Mon Sep 17 00:00:00 2001
From: fuweng11 <76141879+fuweng11@users.noreply.github.com>
Date: Sun, 9 Apr 2023 07:46:52 +0800
Subject: [PATCH] [INLONG-7798][Manager] Add user authentication when operate
 workflow (#7799)

---
 .../core/impl/ProcessServiceImpl.java         | 24 +++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/inlong-manager/manager-workflow/src/main/java/org/apache/inlong/manager/workflow/core/impl/ProcessServiceImpl.java b/inlong-manager/manager-workflow/src/main/java/org/apache/inlong/manager/workflow/core/impl/ProcessServiceImpl.java
index 2f71b962947..bb519b3780e 100644
--- a/inlong-manager/manager-workflow/src/main/java/org/apache/inlong/manager/workflow/core/impl/ProcessServiceImpl.java
+++ b/inlong-manager/manager-workflow/src/main/java/org/apache/inlong/manager/workflow/core/impl/ProcessServiceImpl.java
@@ -19,12 +19,18 @@
 
 import com.google.common.collect.Lists;
 import lombok.extern.slf4j.Slf4j;
+import org.apache.inlong.manager.common.consts.InlongConstants;
 import org.apache.inlong.manager.common.enums.ErrorCodeEnum;
 import org.apache.inlong.manager.common.enums.ProcessStatus;
 import org.apache.inlong.manager.common.enums.TaskStatus;
+import org.apache.inlong.manager.common.enums.UserTypeEnum;
 import org.apache.inlong.manager.common.util.Preconditions;
+import org.apache.inlong.manager.dao.entity.InlongGroupEntity;
+import org.apache.inlong.manager.dao.entity.UserEntity;
 import org.apache.inlong.manager.dao.entity.WorkflowProcessEntity;
 import org.apache.inlong.manager.dao.entity.WorkflowTaskEntity;
+import org.apache.inlong.manager.dao.mapper.InlongGroupEntityMapper;
+import org.apache.inlong.manager.dao.mapper.UserEntityMapper;
 import org.apache.inlong.manager.dao.mapper.WorkflowTaskEntityMapper;
 import org.apache.inlong.manager.pojo.workflow.form.process.ProcessForm;
 import org.apache.inlong.manager.workflow.WorkflowAction;
@@ -51,6 +57,10 @@ public class ProcessServiceImpl implements ProcessService {
     private WorkflowTaskEntityMapper taskEntityMapper;
     @Autowired
     private WorkflowContextBuilder workflowContextBuilder;
+    @Autowired
+    private InlongGroupEntityMapper groupMapper;
+    @Autowired
+    private UserEntityMapper userMapper;
 
     @Override
     public WorkflowContext start(String name, String applicant, ProcessForm form) {
@@ -60,6 +70,7 @@ public WorkflowContext start(String name, String applicant, ProcessForm form) {
 
         // build context
         WorkflowContext context = workflowContextBuilder.buildContextForProcess(name, applicant, form);
+        checkUser(context, applicant, "Current user does not have permission to start workflow");
         this.processorExecutor.executeStart(context.getProcess().getStartEvent(), context);
         return context;
     }
@@ -69,6 +80,7 @@ public WorkflowContext continueProcess(Integer processId, String operator, Strin
         Preconditions.expectNotBlank(operator, ErrorCodeEnum.INVALID_PARAMETER, "operator cannot be null");
         Preconditions.expectNotNull(processId, "processId cannot be null");
         WorkflowContext context = workflowContextBuilder.buildContextForProcess(processId);
+        checkUser(context, operator, "Current user does not have permission to operate workflow");
         WorkflowProcessEntity processEntity = context.getProcessEntity();
         ProcessStatus processStatus = ProcessStatus.valueOf(processEntity.getStatus());
         Preconditions.expectTrue(processStatus == ProcessStatus.PROCESSING,
@@ -96,6 +108,7 @@ public WorkflowContext cancel(Integer processId, String operator, String remark)
         Preconditions.expectNotNull(processId, "processId cannot be null");
 
         WorkflowContext context = workflowContextBuilder.buildContextForProcess(processId);
+        checkUser(context, operator, "Current user does not have permission to cancel workflow");
         List<WorkflowTaskEntity> pendingTasks = taskEntityMapper.selectByProcess(processId, TaskStatus.PENDING);
         for (WorkflowTaskEntity taskEntity : pendingTasks) {
             WorkflowTask task = context.getProcess().getTaskByName(taskEntity.getName());
@@ -111,4 +124,15 @@ public WorkflowContext cancel(Integer processId, String operator, String remark)
         return context;
     }
 
+    public void checkUser(WorkflowContext context, String user, String errMsg) {
+        String groupId = context.getProcessForm().getInlongGroupId();
+        Preconditions.expectNotBlank(groupId, ErrorCodeEnum.GROUP_ID_IS_EMPTY,
+                ErrorCodeEnum.GROUP_ID_IS_EMPTY.getMessage());
+        InlongGroupEntity groupEntity = groupMapper.selectByGroupId(groupId);
+        UserEntity userEntity = userMapper.selectByName(user);
+        boolean isInCharge = Preconditions.inSeparatedString(user, groupEntity.getInCharges(), InlongConstants.COMMA);
+        Preconditions.expectTrue(isInCharge || UserTypeEnum.ADMIN.getCode().equals(userEntity.getAccountType()),
+                errMsg);
+    }
+
 }