Skip to content

[Improvement-13824][Resource Center] User can only visit resources under tenant defaultPath #13848

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
SbloodyS merged 4 commits into from
Apr 17, 2023
Merged

[Improvement-13824][Resource Center] User can only visit resources under tenant defaultPath #13848

SbloodyS merged 4 commits into from
Apr 17, 2023

Conversation

@Radeity
Copy link
Member

@Radeity Radeity commented Mar 31, 2023
edited
Loading

Purpose of the pull request

Brief change log

  • Add new api /resource/base-dir for querying base resource dir which add constraint that breadcrumb navigation can only visit resources or files under tenant's resource paths.

Verify this pull request

  • Add some UT.

@Radeity Radeity marked this pull request as draft March 31, 2023 17:06
@github-actions github-actions bot added the UI ui and front end related label Apr 1, 2023
@Radeity Radeity marked this pull request as ready for review April 1, 2023 03:36
@Radeity Radeity requested a review from songjianet as a code owner April 1, 2023 03:36
@SbloodyS SbloodyS added feature new feature 3.2.0 for 3.2.0 version labels Apr 4, 2023
@SbloodyS SbloodyS added this to the 3.2.0 milestone Apr 4, 2023
songjianet
songjianet requested changes Apr 13, 2023
View reviewed changes
@Radeity Radeity force-pushed the Improvement-13824 branch from 6d8d364 to 575aea4 Compare April 13, 2023 13:51
@Radeity
Copy link
Member Author

Radeity commented Apr 13, 2023

Hi, @songjianet , thanks for your comments, i've removed all semi-colons and modified the logic that only query base-dir after login and save it in userStore.

@codecov-commenter
Copy link

codecov-commenter commented Apr 14, 2023
edited
Loading

Codecov Report

Merging #13848 (508447d) into dev (ad7ce2d) will decrease coverage by 0.24%.
The diff coverage is 27.47%.

❗ Current head 508447d differs from pull request most recent head 6838cb6. Consider uploading reports for the commit 6838cb6 to get more accurate results

@@             Coverage Diff              @@
##                dev   #13848      +/-   ##
============================================
- Coverage     39.09%   38.86%   -0.24%     
- Complexity     4435     4455      +20     
============================================
  Files          1142     1158      +16     
  Lines         42014    42441     +427     
  Branches       4740     4780      +40     
============================================
+ Hits          16424    16493      +69     
- Misses        23790    24128     +338     
- Partials       1800     1820      +20
Impacted Files Coverage Δ
...org/apache/dolphinscheduler/alert/AlertServer.java 0.00% <0.00%> (ø)
...hinscheduler/alert/metrics/AlertServerMetrics.java 0.00% <ø> (ø)
...phinscheduler/alert/plugin/AlertPluginManager.java 2.43% <0.00%> (ø)
...inscheduler/alert/registry/AlertHeartbeatTask.java 0.00% <0.00%> (ø)
...nscheduler/alert/registry/AlertRegistryClient.java 0.00% <0.00%> (ø)
...phinscheduler/alert/rpc/AlertRequestProcessor.java 0.00% <0.00%> (ø)
...che/dolphinscheduler/alert/rpc/AlertRpcServer.java 0.00% <0.00%> (ø)
...nscheduler/api/controller/ResourcesController.java 53.70% <0.00%> (-1.02%) ⬇️
...er/api/service/impl/MetricsCleanUpServiceImpl.java 14.28% <0.00%> (ø)
...api/service/impl/ProcessDefinitionServiceImpl.java 35.07% <0.00%> (-0.03%) ⬇️
... and 75 more

... and 1 file with indirect coverage changes

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

@songjianet
Copy link
Member

songjianet commented Apr 14, 2023

Hi, @songjianet , thanks for your comments, i've removed all semi-colons and modified the logic that only query base-dir after login and save it in userStore.

image

@Radeity
Copy link
Member Author

Radeity commented Apr 14, 2023

Hi, @songjianet , thanks for your comments, i've removed all semi-colons and modified the logic that only query base-dir after login and save it in userStore.

image

Done.

@sonarqubecloud
Copy link

sonarqubecloud bot commented Apr 14, 2023

SonarCloud Quality Gate failed.    Quality Gate failed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 1 Code Smell

46.9% 46.9% Coverage
9.0% 9.0% Duplication

@Radeity
Copy link
Member Author

Radeity commented Apr 14, 2023

Hi, @SbloodyS @caishunfeng , would you like to help review back-end part when you're available :D

SbloodyS
SbloodyS approved these changes Apr 17, 2023
View reviewed changes
Copy link
Member

@SbloodyS SbloodyS left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1

@SbloodyS SbloodyS merged commit 4bf097e into apache:dev Apr 17, 2023
@Radeity Radeity deleted the Improvement-13824 branch April 24, 2023 01:53
@caishunfeng caishunfeng modified the milestones: 3.2.0, 3.1.9 Nov 24, 2023
@caishunfeng caishunfeng modified the milestones: 3.2.0, 3.1.9 Nov 24, 2023
@caishunfeng caishunfeng added priority:high 3.1.x for 3.1.x version labels Nov 24, 2023
@caishunfeng
Copy link
Contributor

caishunfeng commented Nov 24, 2023
edited
Loading

This pr fix the security problem, and I think we should cherry-pick to the next 3.1.x version, so I add the 3.1.x label @zhongjiajie

@caishunfeng caishunfeng modified the milestones: 3.2.0, 3.1.9 Nov 24, 2023
@zhongjiajie
Copy link
Member

zhongjiajie commented Nov 25, 2023

This pr fix the security problem, and I think we should cherry-pick to the next 3.1.x version, so I add the 3.1.x label @zhongjiajie

cc @zhuangchong

@zhuangchong
Copy link
Contributor

zhuangchong commented Dec 6, 2023

@Radeity The part code in the dev branch and the 3.1.9 branch has been greatly changed in the resource center. Can you submit a PR to the 3.1.9-prepare branch?

@zhongjiajie
Copy link
Member

zhongjiajie commented Dec 9, 2023

@Radeity The part code in the dev branch and the 3.1.9 branch has been greatly changed in the resource center. Can you submit a PR to the 3.1.9-prepare branch?

Or maybe we can tell to security or reporter we could fix it in 3.2.1? @caishunfeng

@Radeity
Copy link
Member Author

Radeity commented Dec 11, 2023

@Radeity The part code in the dev branch and the 3.1.9 branch has been greatly changed in the resource center. Can you submit a PR to the 3.1.9-prepare branch?

Sorry for the late reply, currently, I'm busy with my thesis, do not have much time on this, can we consider @z
's opinion?

@zhuangchong zhuangchong modified the milestones: 3.1.9, 3.2.1 Dec 18, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@SbloodyS SbloodyS SbloodyS approved these changes

@songjianet songjianet songjianet approved these changes

@caishunfeng caishunfeng Awaiting requested review from caishunfeng caishunfeng is a code owner

Assignees

@Radeity Radeity

Labels

3.1.x for 3.1.x version 3.2.0 for 3.2.0 version backend feature new feature priority:high UI ui and front end related

Projects

None yet

Milestone

3.2.1

Development

Successfully merging this pull request may close these issues.

[Improvement][Resource Center] Deny requests to visit other tenants' resources

7 participants

@Radeity @codecov-commenter @songjianet @caishunfeng @zhongjiajie @zhuangchong @SbloodyS