to feature apache#7180 (apache#7185)

Co-authored-by: ouyangyewei <[email protected]>
Lucaszlei · Dec 26, 2021 · dbc5538 · dbc5538
1 parent 58bed5a
commit dbc5538
Show file tree

Hide file tree

Showing 9 changed files with 120 additions and 1 deletion.
diff --git a/...heduler-api/src/main/java/org/apache/dolphinscheduler/api/controller/UsersController.java b/...heduler-api/src/main/java/org/apache/dolphinscheduler/api/controller/UsersController.java
@@ -17,6 +17,7 @@
 
 package org.apache.dolphinscheduler.api.controller;
 
+import static org.apache.dolphinscheduler.api.enums.Status.REVOKE_PROJECT_ERROR;
 import static org.apache.dolphinscheduler.api.enums.Status.AUTHORIZED_USER_ERROR;
 import static org.apache.dolphinscheduler.api.enums.Status.CREATE_USER_ERROR;
 import static org.apache.dolphinscheduler.api.enums.Status.DELETE_USER_BY_ID_ERROR;
@@ -258,6 +259,30 @@ public Result grantProjectByCode(@ApiIgnore @RequestAttribute(value = Constants.
         return returnDataList(result);
     }
 
+    /**
+     * revoke project
+     *
+     * @param loginUser     login user
+     * @param userId        user id
+     * @param projectCode   project code
+     * @return revoke result code
+     */
+    @ApiOperation(value = "revokeProject", notes = "REVOKE_PROJECT_NOTES")
+    @ApiImplicitParams({
+        @ApiImplicitParam(name = "userId", value = "USER_ID", required = true, dataType = "Int", example = "100"),
+        @ApiImplicitParam(name = "projectCode", value = "PROJECT_CODE", required = true, type = "Long", example = "100")
+    })
+    @PostMapping(value = "/revoke-project")
+    @ResponseStatus(HttpStatus.OK)
+    @ApiException(REVOKE_PROJECT_ERROR)
+    @AccessLogAnnotation
+    public Result revokeProject(@ApiIgnore @RequestAttribute(value = Constants.SESSION_USER) User loginUser,
+            @RequestParam(value = "userId") int userId,
+            @RequestParam(value = "projectCode") long projectCode) {
+        Map<String, Object> result = this.usersService.revokeProject(loginUser, userId, projectCode);
+        return returnDataList(result);
+    }
+
     /**
      * grant resource
      *

diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/enums/Status.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/enums/Status.java
@@ -212,7 +212,7 @@ public enum Status {
     TRANSFORM_PROJECT_OWNERSHIP(10179, "Please transform project ownership [{0}]", "请先转移项目所有权[{0}]"),
     QUERY_ALERT_GROUP_ERROR(10180, "query alert group error", "查询告警组错误"),
     CURRENT_LOGIN_USER_TENANT_NOT_EXIST(10181, "the tenant of the currently login user is not specified", "未指定当前登录用户的租户"),
-
+    REVOKE_PROJECT_ERROR(10182, "revoke project error", "撤销项目授权错误"),
 
     UDF_FUNCTION_NOT_EXIST(20001, "UDF function not found", "UDF函数不存在"),
     UDF_FUNCTION_EXISTS(20002, "UDF function already exists", "UDF函数已存在"),

diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/UsersService.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/UsersService.java
@@ -163,6 +163,14 @@ Map<String, Object> updateUser(User loginUser, int userId, String userName, Stri
      */
     Map<String, Object> grantProjectByCode(User loginUser, int userId, String projectCodes);
 
+    /**
+     * revoke the project permission for specified user.
+     * @param loginUser     Login user
+     * @param userId        User id
+     * @param projectCode   Project Code
+     * @return
+     */
+    Map<String, Object> revokeProject(User loginUser, int userId, long projectCode);
 
     /**
      * grant resource

diff --git a/...uler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UsersServiceImpl.java b/...uler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UsersServiceImpl.java
@@ -635,6 +635,43 @@ public Map<String, Object> grantProjectByCode(final User loginUser, final int us
         return result;
     }
 
+    /**
+     * revoke the project permission for specified user.
+     * @param loginUser     Login user
+     * @param userId        User id
+     * @param projectCode   Project Code
+     * @return
+     */
+    @Override
+    public Map<String, Object> revokeProject(User loginUser, int userId, long projectCode) {
+        Map<String, Object> result = new HashMap<>();
+        result.put(Constants.STATUS, false);
+
+        // 1. only admin can operate
+        if (this.check(result, !this.isAdmin(loginUser), Status.USER_NO_OPERATION_PERM)) {
+            return result;
+        }
+
+        // 2. check if user is existed
+        User user = this.userMapper.selectById(userId);
+        if (user == null) {
+            this.putMsg(result, Status.USER_NOT_EXIST, userId);
+            return result;
+        }
+
+        // 3. check if project is existed
+        Project project = this.projectMapper.queryByCode(projectCode);
+        if (project == null) {
+            this.putMsg(result, Status.PROJECT_NOT_FOUNT, projectCode);
+            return result;
+        }
+
+        // 4. delete th relationship between project and user
+        this.projectUserMapper.deleteProjectRelation(project.getId(), user.getId());
+        this.putMsg(result, Status.SUCCESS);
+        return result;
+    }
+
     /**
      * grant resource
      *

diff --git a/dolphinscheduler-api/src/main/resources/i18n/messages.properties b/dolphinscheduler-api/src/main/resources/i18n/messages.properties
@@ -223,6 +223,8 @@ GRANT_PROJECT_NOTES=GRANT PROJECT
 PROJECT_IDS=project ids(string format, multiple projects separated by ",")
 GRANT_PROJECT_BY_CODE_NOTES=GRANT PROJECT BY CODE
 PROJECT_CODES=project codes(string format, multiple project codes separated by ",")
+REVOKE_PROJECT_NOTES=REVOKE PROJECT FOR USER
+PROJECT_CODE=project codes
 GRANT_RESOURCE_NOTES=grant resource file
 RESOURCE_IDS=resource ids(string format, multiple resources separated by ",")
 GET_USER_INFO_NOTES=get user info 

diff --git a/dolphinscheduler-api/src/main/resources/i18n/messages_en_US.properties b/dolphinscheduler-api/src/main/resources/i18n/messages_en_US.properties
@@ -270,6 +270,8 @@ GRANT_PROJECT_NOTES=GRANT PROJECT
 PROJECT_IDS=project ids(string format, multiple projects separated by ",")
 GRANT_PROJECT_BY_CODE_NOTES=GRANT PROJECT BY CODE
 PROJECT_CODES=project codes(string format, multiple project codes separated by ",")
+REVOKE_PROJECT_NOTES=REVOKE PROJECT FOR USER
+PROJECT_CODE=project codes
 GRANT_RESOURCE_NOTES=grant resource file
 RESOURCE_IDS=resource ids(string format, multiple resources separated by ",")
 GET_USER_INFO_NOTES=get user info 

diff --git a/dolphinscheduler-api/src/main/resources/i18n/messages_zh_CN.properties b/dolphinscheduler-api/src/main/resources/i18n/messages_zh_CN.properties
@@ -258,6 +258,8 @@ GRANT_PROJECT_NOTES=授权项目
 PROJECT_IDS=项目IDS(字符串格式，多个项目以","分割)
 GRANT_PROJECT_BY_CODE_NOTES=授权项目
 PROJECT_CODES=项目Codes(字符串格式，多个项目Code以","分割)
+REVOKE_PROJECT_NOTES=撤销用户的项目权限
+PROJECT_CODE=项目Code
 GRANT_RESOURCE_NOTES=授权资源文件
 RESOURCE_IDS=资源ID列表(字符串格式，多个资源ID以","分割)
 GET_USER_INFO_NOTES=获取用户信息

diff --git a/...ler-api/src/test/java/org/apache/dolphinscheduler/api/controller/UsersControllerTest.java b/...ler-api/src/test/java/org/apache/dolphinscheduler/api/controller/UsersControllerTest.java
@@ -125,6 +125,24 @@ public void testGrantProjectByCode() throws Exception {
         logger.info(mvcResult.getResponse().getContentAsString());
     }
 
+    @Test
+    public void testRevokeProject() throws Exception {
+        MultiValueMap<String, String> paramsMap = new LinkedMultiValueMap<>();
+        paramsMap.add("userId", "32");
+        paramsMap.add("projectCode", "3682329499136");
+
+        MvcResult mvcResult = this.mockMvc.perform(post("/users/revoke-project")
+                .header(SESSION_ID, this.sessionId)
+                .params(paramsMap))
+                .andExpect(status().isOk())
+                .andExpect(content().contentType(MediaType.APPLICATION_JSON))
+                .andReturn();
+
+        Result result = JSONUtils.parseObject(mvcResult.getResponse().getContentAsString(), Result.class);
+        Assert.assertEquals(Status.USER_NOT_EXIST.getCode(), result.getCode().intValue());
+        logger.info(mvcResult.getResponse().getContentAsString());
+    }
+
     @Test
     public void testGrantResource() throws Exception {
         MultiValueMap<String, String> paramsMap = new LinkedMultiValueMap<>();

diff --git a/...scheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/UsersServiceTest.java b/...scheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/UsersServiceTest.java
@@ -362,6 +362,31 @@ public void testGrantProjectByCode() {
         Assert.assertEquals(Status.SUCCESS, result.get(Constants.STATUS));
     }
 
+    @Test
+    public void testRevokeProject() {
+        Mockito.when(this.userMapper.selectById(1)).thenReturn(this.getUser());
+
+        final long projectCode = 3682329499136L;
+
+        // user no permission
+        User loginUser = new User();
+        Map<String, Object> result = this.usersService.revokeProject(loginUser, 1, projectCode);
+        logger.info(result.toString());
+        Assert.assertEquals(Status.USER_NO_OPERATION_PERM, result.get(Constants.STATUS));
+
+        // user not exist
+        loginUser.setUserType(UserType.ADMIN_USER);
+        result = this.usersService.revokeProject(loginUser, 2, projectCode);
+        logger.info(result.toString());
+        Assert.assertEquals(Status.USER_NOT_EXIST, result.get(Constants.STATUS));
+
+        // success
+        Mockito.when(this.projectMapper.queryByCode(Mockito.anyLong())).thenReturn(new Project());
+        result = this.usersService.revokeProject(loginUser, 1, projectCode);
+        logger.info(result.toString());
+        Assert.assertEquals(Status.SUCCESS, result.get(Constants.STATUS));
+    }
+
     @Test
     public void testGrantResources() {
         String resourceIds = "100000,120000";