Optimize the creation and publishing workflow of WTSS projects, and o…

…ptimize permission recycling
WeBankFinTech · Jun 16, 2023 · 2c2a87e · 2c2a87e
1 parent 30f8363
commit 2c2a87e
Show file tree

Hide file tree

Showing 22 changed files with 385 additions and 35 deletions.
diff --git a/...ebank/wedatasphere/dss/appconn/schedulis/conversion/AzkabanWorkflowToRelSynchronizer.java b/...ebank/wedatasphere/dss/appconn/schedulis/conversion/AzkabanWorkflowToRelSynchronizer.java
@@ -43,7 +43,6 @@
 import java.io.FileInputStream;
 import java.io.InputStream;
 import java.util.ArrayList;
-import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 import java.util.regex.Matcher;
@@ -84,13 +83,8 @@ public void syncToRel(ConvertedRel convertedRel) {
             ProjectResponseRef responseRef = projectSearchOperation.searchProject(new RefProjectContentRequestRef.RefProjectContentRequestRefImpl()
                     .setProjectName(projectName).setWorkspace(projectToRelConversionRequestRef.getWorkspace()));
             if (responseRef.isFailed()) {
-                //接口调用返回其他错误，如网络错误
                 throw new ExternalOperationFailedException(90012, responseRef.getErrorMsg());
             }
-            if (responseRef.isSucceed() && responseRef.getRefProjectId() == null) {
-                //项目在schedulis不存在
-                throw new DSSRuntimeException(90012, "the project: " + projectName + " is not exists in schedulis.(工作流对应项目在schedulis已被删除，请在schedulis中重新创建同名项目)");
-            }
             //项目存在，则继续执行如下步骤
             String projectPath = azkabanConvertedRel.getStorePath();
             tmpSavePath = ZipHelper.zip(projectPath);

diff --git a/.../webank/wedatasphere/dss/appconn/schedulis/operation/SchedulisProjectSearchOperation.java b/.../webank/wedatasphere/dss/appconn/schedulis/operation/SchedulisProjectSearchOperation.java
@@ -1,5 +1,6 @@
 package com.webank.wedatasphere.dss.appconn.schedulis.operation;
 
+import com.google.gson.reflect.TypeToken;
 import com.webank.wedatasphere.dss.appconn.schedulis.SchedulisAppConn;
 import com.webank.wedatasphere.dss.appconn.schedulis.utils.SchedulisHttpUtils;
 import com.webank.wedatasphere.dss.common.utils.DSSCommonUtils;
@@ -28,14 +29,19 @@ public ProjectResponseRef searchProject(RefProjectContentRequestRef.RefProjectCo
         try {
             String responseBody = SchedulisHttpUtils.getHttpGetResult(queryUrl, params, ssoRequestOperation, requestRef.getWorkspace());
             logger.info("responseBody from Schedulis is: {}.", responseBody);
-            Map map = DSSCommonUtils.COMMON_GSON.fromJson(responseBody, Map.class);
+            Map<String,Object> map = DSSCommonUtils.COMMON_GSON.fromJson(responseBody, new TypeToken<Map<String,Object>>(){}.getType());
             String errorInfo = (String) map.get("error");
-            if (errorInfo != null && (errorInfo.contains("Project " + requestRef.getProjectName() + " doesn't exist")
-                    //schedulis已删除但未永久删除的项目返回这个
-                    || errorInfo.contains("Permission denied. Need READ access"))) {
-                return ProjectResponseRef.newExternalBuilder().success();
-            } else if (errorInfo != null) {
-                return ProjectResponseRef.newExternalBuilder().error(errorInfo);
+            if (errorInfo != null){
+                if (errorInfo.contains("Project " + requestRef.getProjectName() + " doesn't exist")){
+                    errorInfo += "（工作流对应项目【"+requestRef.getProjectName()+"】在schedulis不存在或已被删除，请在schedulis中重新创建同名项目）";
+                    return ProjectResponseRef.newExternalBuilder().error(errorInfo);
+                } else if (errorInfo.contains("Permission denied. Need READ access")) {
+                    errorInfo += "（用户【"+requestRef.getUserName()+"】在schedulis中没有权限操作项目【"+requestRef.getProjectName()+"】）";
+                    return ProjectResponseRef.newExternalBuilder().setRefProjectId(DSSCommonUtils.parseToLong(map.get("projectId"))).error(errorInfo);
+                } else {
+                    //接口调用返回其他错误，如网络错误
+                    return ProjectResponseRef.newExternalBuilder().error(errorInfo);
+                }
             }
             return ProjectResponseRef.newExternalBuilder().setRefProjectId(DSSCommonUtils.parseToLong(map.get("projectId"))).success();
         } catch (Exception e) {

diff --git a/.../dss-common/src/main/java/com/webank/wedatasphere/dss/common/auditlog/TargetTypeEnum.java b/.../dss-common/src/main/java/com/webank/wedatasphere/dss/common/auditlog/TargetTypeEnum.java
@@ -47,6 +47,11 @@ public enum TargetTypeEnum {
      */
     EC_KILL_STRATEGY("ec_kill_strategy"),
 
+    /**
+     * 用户部门
+     */
+    USER_DEPT("user_dept")
+
     ;
     private String name;
 

diff --git a/...min-service/src/main/java/com/webank/wedatasphere/dss/framework/admin/conf/AdminConf.java b/...min-service/src/main/java/com/webank/wedatasphere/dss/framework/admin/conf/AdminConf.java
@@ -30,4 +30,7 @@ public interface AdminConf {
 
     String[] SUPER_ADMIN_LIST = DSSCommonConf.SUPER_ADMIN_LIST;
 
+    String HPMS_USER_TOKEN = CommonVars.apply("wds.dss.workspace.hpms.user.token", "HPMS-KhFGSQkdaaCPBYfE").getValue();
+
+
 }
diff --git a/.../com/webank/wedatasphere/dss/framework/admin/restful/DssFrameworkAdminUserController.java b/.../com/webank/wedatasphere/dss/framework/admin/restful/DssFrameworkAdminUserController.java
@@ -1,6 +1,9 @@
 package com.webank.wedatasphere.dss.framework.admin.restful;
 
 
+import com.webank.wedatasphere.dss.common.auditlog.OperateTypeEnum;
+import com.webank.wedatasphere.dss.common.auditlog.TargetTypeEnum;
+import com.webank.wedatasphere.dss.common.utils.AuditLogUtils;
 import com.webank.wedatasphere.dss.framework.admin.common.constant.UserConstants;
 import com.webank.wedatasphere.dss.framework.admin.common.domain.Message;
 import com.webank.wedatasphere.dss.framework.admin.common.domain.PasswordResult;
@@ -17,6 +20,7 @@
 import com.webank.wedatasphere.dss.standard.sso.utils.SSOHelper;
 import org.apache.commons.codec.digest.DigestUtils;
 import org.apache.linkis.server.security.SecurityFilter;
+import org.apache.linkis.server.utils.ModuleUserUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -29,6 +33,8 @@
 import java.util.List;
 import java.util.Map;
 
+import static com.webank.wedatasphere.dss.framework.admin.conf.AdminConf.HPMS_USER_TOKEN;
+
 @RequestMapping(path = "/dss/framework/admin/user", produces = {"application/json"})
 @RestController
 public class DssFrameworkAdminUserController extends BaseController {
@@ -132,5 +138,26 @@ public Message edit(@Validated @RequestBody DssAdminUser user, HttpServletReques
         return Message.ok().data("修改用户成功。", dssAdminUserService.updateUser(user, getWorkspace(req)));
     }
 
+    @GetMapping("/getAllUsername")
+    public Message getAllUsername(){
+        return Message.ok().data("userNames", dssAdminUserService.getAllUsername());
+    }
+
+    @PostMapping("/deleteUser")
+    public Message deleteUser(HttpServletRequest httpServletRequest, @RequestParam("userName")String userName){
+        String token = ModuleUserUtils.getToken(httpServletRequest);
+        if (StringUtils.isNotBlank(token)) {
+            if(!token.equals(HPMS_USER_TOKEN)){
+                return Message.error().message("Token:" + token + " has no permission to revoke userRole.");
+            }
+        }else {
+            return Message.error().message("User:" + userName + " has no permission to revoke userRole.");
+        }
+        dssAdminUserService.deleteUser(userName);
+        AuditLogUtils.printLog(userName,null, null, TargetTypeEnum.USER_DEPT,null,
+                "deleteUser", OperateTypeEnum.DELETE,null);
+        return Message.ok();
+    }
+
 }
 
diff --git a/...rc/main/java/com/webank/wedatasphere/dss/framework/admin/service/DssAdminUserService.java b/...rc/main/java/com/webank/wedatasphere/dss/framework/admin/service/DssAdminUserService.java
@@ -26,4 +26,7 @@ public interface DssAdminUserService extends IService<DssAdminUser> {
 
     int updateUser(DssAdminUser user, Workspace workspace);
 
+    List<String> getAllUsername();
+
+    void deleteUser(String userName);
 }
diff --git a/...ava/com/webank/wedatasphere/dss/framework/admin/service/impl/DssAdminUserServiceImpl.java b/...ava/com/webank/wedatasphere/dss/framework/admin/service/impl/DssAdminUserServiceImpl.java
@@ -160,6 +160,16 @@ public int updateUser(DssAdminUser user, Workspace workspace) {
         return dssUserMapper.updateUser(user);
     }
 
+    @Override
+    public List<String> getAllUsername() {
+        return dssUserMapper.getAllUsername();
+    }
+
+    @Override
+    public void deleteUser(String userName) {
+        dssUserMapper.deleteUser(userName);
+    }
+
     private <T extends SSOUserOperation> void tryUserOperation(BiPredicate<SSOUserService, DSSUserContentRequestRef.User> filter,
                                                                Function<SSOUserService, T> operationFunction,
                                                                BiFunction<T, DSSUserContentRequestRef, ResponseRef> operationConsumer,

diff --git a/...-service/src/main/java/com/webank/wedatasphere/dss/framework/admin/xml/DssUserMapper.java b/...-service/src/main/java/com/webank/wedatasphere/dss/framework/admin/xml/DssUserMapper.java
@@ -1,9 +1,8 @@
 package com.webank.wedatasphere.dss.framework.admin.xml;
 
-import com.webank.wedatasphere.dss.framework.admin.pojo.entity.DssAdminUser;
 import com.baomidou.mybatisplus.core.mapper.BaseMapper;
+import com.webank.wedatasphere.dss.framework.admin.pojo.entity.DssAdminUser;
 import org.apache.ibatis.annotations.Mapper;
-import org.apache.ibatis.annotations.Param;
 
 import java.util.List;
 
@@ -72,6 +71,7 @@ public interface DssUserMapper extends BaseMapper<DssAdminUser> {
     DssAdminUser checkEmailUnique(String email);
 
 
+    List<String> getAllUsername();
 
-
+    void deleteUser(String userName);
 }
diff --git a/...vice/src/main/java/com/webank/wedatasphere/dss/framework/admin/xml/impl/DssUserMapper.xml b/...vice/src/main/java/com/webank/wedatasphere/dss/framework/admin/xml/impl/DssUserMapper.xml
@@ -124,4 +124,11 @@
     </insert>
 
 
+    <select id="getAllUsername" resultType="java.lang.String">
+        SELECT username FROM dss_user
+    </select>
+    <delete id="deleteUser">
+        DELETE FROM dss_user where username = #{userName}
+    </delete>
+
 </mapper>
diff --git a/dss-framework/dss-framework-workspace-server/pom.xml b/dss-framework/dss-framework-workspace-server/pom.xml
@@ -92,6 +92,24 @@
             <version>${dss.version}</version>
             <scope>provided</scope>
         </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-test</artifactId>
+            <version>${spring.boot.version}</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.mybatis.spring.boot</groupId>
+            <artifactId>mybatis-spring-boot-starter</artifactId>
+            <version>2.3.0</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>com.h2database</groupId>
+            <artifactId>h2</artifactId>
+            <version>2.1.210</version>
+            <scope>test</scope>
+        </dependency>
     </dependencies>
 
 

diff --git a/.../src/main/java/com/webank/wedatasphere/dss/framework/workspace/bean/DSSWorkspaceUser.java b/.../src/main/java/com/webank/wedatasphere/dss/framework/workspace/bean/DSSWorkspaceUser.java
@@ -27,6 +27,8 @@ public class DSSWorkspaceUser {
 
     private int workspaceId;
 
+    private String workspaceName;
+
     private String creator;
 
     private Date joinTime;
@@ -85,6 +87,14 @@ public void setWorkspaceId(int workspaceId) {
         this.workspaceId = workspaceId;
     }
 
+    public String getWorkspaceName() {
+        return workspaceName;
+    }
+
+    public void setWorkspaceName(String workspaceName) {
+        this.workspaceName = workspaceName;
+    }
+
     public String getCreator() {
         return creator;
     }

diff --git a/...ain/java/com/webank/wedatasphere/dss/framework/workspace/bean/request/RevokeUserRole.java b/...ain/java/com/webank/wedatasphere/dss/framework/workspace/bean/request/RevokeUserRole.java
@@ -0,0 +1,54 @@
+package com.webank.wedatasphere.dss.framework.workspace.bean.request;
+
+import javax.validation.constraints.NotBlank;
+import java.util.Arrays;
+import java.util.Objects;
+
+public class RevokeUserRole {
+    @NotBlank(message = "Required String parameter 'userName' is not present")
+    private String userName;
+
+    private Integer[] workspaceIds;
+
+    private Integer[] roleIds;
+
+    public String getUserName() {
+        return userName;
+    }
+
+    public void setUserName(String userName) {
+        this.userName = userName;
+    }
+
+    public Integer[] getWorkspaceIds() {
+        return workspaceIds;
+    }
+
+    public void setWorkspaceIds(Integer[] workspaceIds) {
+        this.workspaceIds = workspaceIds;
+    }
+
+    public Integer[] getRoleIds() {
+        return roleIds;
+    }
+
+    public void setRoleIds(Integer[] roleIds) {
+        this.roleIds = roleIds;
+    }
+
+    @Override
+    public boolean equals(Object o) {
+        if (this == o) return true;
+        if (o == null || getClass() != o.getClass()) return false;
+        RevokeUserRole that = (RevokeUserRole) o;
+        return Objects.equals(userName, that.userName) && Arrays.equals(workspaceIds, that.workspaceIds) && Arrays.equals(roleIds, that.roleIds);
+    }
+
+    @Override
+    public int hashCode() {
+        int result = Objects.hash(userName);
+        result = 31 * result + Arrays.hashCode(workspaceIds);
+        result = 31 * result + Arrays.hashCode(roleIds);
+        return result;
+    }
+}
diff --git a/...main/java/com/webank/wedatasphere/dss/framework/workspace/dao/DSSWorkspaceUserMapper.java b/...main/java/com/webank/wedatasphere/dss/framework/workspace/dao/DSSWorkspaceUserMapper.java
@@ -84,8 +84,8 @@ void insertUserRoleInWorkspace(@Param("workspaceId") int workspaceId, @Param("ro
     @Select("select count(1) from dss_workspace_user_role where workspace_id = #{workspaceId} and username = #{username}")
     Long getCountByUsername(@Param("username") String username, @Param("workspaceId") int workspaceId);
 
-    @Select("select distinct workspace_id, role_id as roleIds " +
-            "from dss_workspace_user_role where username = #{username} ")
+    @Select("SELECT DISTINCT dwur.workspace_id, dwur.role_id AS roleIds, dw.name AS workspaceName " +
+            "FROM dss_workspace_user_role dwur,dss_workspace dw  WHERE dwur.workspace_id =dw.id AND username = #{username} ")
     List<DSSWorkspaceUser> getWorkspaceRoleByUsername(@Param("username") String username);
 
     @Delete("delete from dss_workspace_user_role where username = #{username} ")
@@ -96,4 +96,20 @@ void insertUserRoleInWorkspace(@Param("workspaceId") int workspaceId, @Param("ro
 
     @Delete("delete from dss_proxy_user where username = #{username} ")
     void deleteProxyUserByUserName(@Param("username") String username);
+
+    @Delete({
+            "<script>",
+            "DELETE FROM dss_workspace_user_role " +
+            "WHERE username = #{username}" ,
+            "<if test='workspaceIds != null and workspaceIds.length>0' >" ,
+                "AND workspace_id in ",
+                "<foreach collection='workspaceIds' open='(' close=')' separator=',' item='workspaceId'> #{workspaceId} </foreach>" ,
+            "</if>" ,
+            "<if test='roleIds != null and roleIds.length>0' >" ,
+                "AND role_id in ",
+                "<foreach collection='roleIds' open='(' close=')' separator=',' item='roleId'> #{roleId} </foreach>" ,
+            "</if>" ,
+            "</script>"
+    })
+    void deleteUserRoles(@Param("username") String username, @Param("workspaceIds") Integer[] workspaceIds, @Param("roleIds") Integer[] roleIds);
 }
diff --git a/...ain/java/com/webank/wedatasphere/dss/framework/workspace/restful/DSSWorkspaceRestful.java b/...ain/java/com/webank/wedatasphere/dss/framework/workspace/restful/DSSWorkspaceRestful.java
@@ -22,7 +22,6 @@
 import com.webank.wedatasphere.dss.common.utils.AuditLogUtils;
 import com.webank.wedatasphere.dss.common.utils.DSSCommonUtils;
 import com.webank.wedatasphere.dss.framework.admin.service.DssAdminUserService;
-import com.webank.wedatasphere.dss.framework.common.exception.DSSFrameworkErrorException;
 import com.webank.wedatasphere.dss.framework.workspace.bean.DSSWorkspace;
 import com.webank.wedatasphere.dss.framework.workspace.bean.dto.response.WorkspaceFavoriteVo;
 import com.webank.wedatasphere.dss.framework.workspace.bean.dto.response.WorkspaceMenuVo;
@@ -154,6 +153,9 @@ public Message getWorkspaces() {
     public Message getWorkspaceHomePage(@RequestParam(required = false, name = "micro_module") String moduleName) throws Exception {
         //如果用户的工作空间大于两个，那么就直接返回/workspace页面
         String username = SecurityFilter.getLoginUsername(httpServletRequest);
+        if (username != null && username.toLowerCase().startsWith("hduser")) {
+            LOGGER.error("Do not allow hduser* accounts to log in DSS system.");
+        }
         Workspace workspace = new Workspace();
         try {
             LOGGER.info("Put gateway url and cookies into workspace.");
Original file line number	Diff line number	Diff line change
Expand Up		@@ -30,4 +30,7 @@ public interface AdminConf {

		String[] SUPER_ADMIN_LIST = DSSCommonConf.SUPER_ADMIN_LIST;

		String HPMS_USER_TOKEN = CommonVars.apply("wds.dss.workspace.hpms.user.token", "HPMS-KhFGSQkdaaCPBYfE").getValue();


		}