Skip to content

Commit

Permalink
[Improve] check member permissions improvement
Browse files Browse the repository at this point in the history
  • Loading branch information
benjobs committed Apr 21, 2024
1 parent b13a3f0 commit c6ad494
Show file tree
Hide file tree
Showing 2 changed files with 35 additions and 7 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,8 @@
import org.apache.streampark.console.base.domain.RestRequest;
import org.apache.streampark.console.base.exception.ApiAlertException;
import org.apache.streampark.console.base.mybatis.pager.MybatisPager;
import org.apache.streampark.console.core.enums.UserType;
import org.apache.streampark.console.core.service.ServiceHelper;
import org.apache.streampark.console.system.entity.Member;
import org.apache.streampark.console.system.entity.Team;
import org.apache.streampark.console.system.entity.User;
Expand Down Expand Up @@ -54,6 +56,7 @@ public class MemberServiceImpl extends ServiceImpl<MemberMapper, Member> impleme
@Autowired private RoleService roleService;

@Autowired private TeamService teamService;
@Autowired private ServiceHelper serviceHelper;

@Override
@Transactional
Expand Down Expand Up @@ -153,6 +156,7 @@ public void createMember(Member member) {

@Override
public void deleteMember(Member memberArg) {
checkPermission(memberArg);
Member member =
Optional.ofNullable(this.getById(memberArg.getId()))
.orElseThrow(
Expand All @@ -163,8 +167,21 @@ public void deleteMember(Member memberArg) {
userService.clearLastTeam(member.getUserId(), member.getTeamId());
}

private void checkPermission(Member member) {
User user = serviceHelper.getLoginUser();
ApiAlertException.throwIfTrue(user == null, "Permission denied, invalid login");
if (user.getUserType() == UserType.USER) {
List<Team> teamList = this.findUserTeams(user.getUserId());
Optional<Team> team =
teamList.stream().filter(c -> c.getId().equals(member.getTeamId())).findFirst();
ApiAlertException.throwIfTrue(
!team.isPresent(), "Permission denied, The current user is not in the team");
}
}

@Override
public void updateMember(Member member) {
checkPermission(member);
Member oldMember =
Optional.ofNullable(this.getById(member.getId()))
.orElseThrow(
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -71,14 +71,25 @@
</select>

<select id="findUsersNotInTeam" resultType="org.apache.streampark.console.system.entity.User">
select tu.* from t_user tu
where tu.user_id
select u.user_id,
u.username,
u.nick_name,
u.user_type,
u.login_type,
u.status,
u.email,
u.create_time,
u.modify_time,
u.sex,
u.description
from t_user u
where u.user_id
not in (
select u.user_id
from t_user u join t_member m
on m.team_id = #{teamId}
and m.user_id = u.user_id
)
select u.user_id
from t_user u join t_member m
on m.team_id = #{teamId}
and m.user_id = u.user_id
)
</select>

</mapper>

0 comments on commit c6ad494

Please sign in to comment.