Skip to content

Commit

Permalink
Merge branch 'dev' into patch-snake-yaml-load
Browse files Browse the repository at this point in the history
  • Loading branch information
rickchengx authored Apr 3, 2024
2 parents 0545040 + 0419543 commit fd621d6
Show file tree
Hide file tree
Showing 31 changed files with 746 additions and 374 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -323,6 +323,8 @@ public enum Status {

REMOVE_TASK_INSTANCE_CACHE_ERROR(20019, "remove task instance cache error", "删除任务实例缓存错误"),

ILLEGAL_RESOURCE_PATH(20020, "Resource file [{0}] is illegal", "非法的资源路径[{0}]"),

USER_NO_OPERATION_PERM(30001, "user has no operation privilege", "当前用户没有操作权限"),
USER_NO_OPERATION_PROJECT_PERM(30002, "user {0} is not has project {1} permission", "当前用户[{0}]没有[{1}]项目的操作权限"),
USER_NO_WRITE_PROJECT_PERM(30003, "user [{0}] does not have write permission for project [{1}]",
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -194,13 +194,13 @@ Result<Object> updateResourceContent(User loginUser, String fullName, String ten
org.springframework.core.io.Resource downloadResource(User loginUser, String fullName) throws IOException;

/**
* Get resource by given resource type and full name.
* Get resource by given resource type and file name.
* Useful in Python API create task which need processDefinition information.
*
* @param userName user who query resource
* @param fullName full name of the resource
* @param fileName file name of the resource
*/
StorageEntity queryFileStatus(String userName, String fullName) throws Exception;
StorageEntity queryFileStatus(String userName, String fileName) throws Exception;

/**
* delete DATA_TRANSFER data in resource center
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -155,6 +155,8 @@ public Result updateProjectParameter(User loginUser, long projectCode, long code

projectParameter.setParamName(projectParameterName);
projectParameter.setParamValue(projectParameterValue);
projectParameter.setUpdateTime(new Date());
projectParameter.setOperator(loginUser.getId());

if (projectParameterMapper.updateById(projectParameter) > 0) {
log.info("Project parameter is updated and id is :{}", projectParameter.getId());
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -126,6 +126,7 @@ public Result<Object> createDirectory(User loginUser, String name, ResourceType
}

String tenantCode = getTenantCode(user);
checkFullName(tenantCode, currentDir);

String userResRootPath = ResourceType.UDF.equals(type) ? storageOperate.getUdfDir(tenantCode)
: storageOperate.getResDir(tenantCode);
Expand Down Expand Up @@ -171,6 +172,7 @@ public Result<Object> uploadResource(User loginUser, String name, ResourceType t
}

String tenantCode = getTenantCode(user);
checkFullName(tenantCode, currentDir);

result = verifyFile(name, type, file);
if (!result.getCode().equals(Status.SUCCESS.getCode())) {
Expand Down Expand Up @@ -257,14 +259,15 @@ public Result<Object> updateResource(User loginUser, String resourceFullName, St
}

String tenantCode = getTenantCode(user);
checkFullName(tenantCode, resourceFullName);

if (!isUserTenantValid(isAdmin(loginUser), tenantCode, resTenantCode)) {
log.error("current user does not have permission");
putMsg(result, Status.NO_CURRENT_OPERATING_PERMISSION);
return result;
}

String defaultPath = storageOperate.getResDir(tenantCode);
String defaultPath = storageOperate.getDir(type, tenantCode);

StorageEntity resource;
try {
Expand Down Expand Up @@ -949,6 +952,7 @@ public Result<Object> createResourceFile(User loginUser, ResourceType type, Stri
}

String tenantCode = getTenantCode(user);
checkFullName(tenantCode, currentDir);

if (FileUtils.directoryTraversal(fileName)) {
log.warn("File name verify failed, fileName:{}.", RegexUtils.escapeNRT(fileName));
Expand Down Expand Up @@ -1280,9 +1284,19 @@ private String getTenantCode(User user) {
}

private void checkFullName(String userTenantCode, String fullName) {
if (StringUtils.isEmpty(fullName)) {
return;
}
if (FOLDER_SEPARATOR.equalsIgnoreCase(fullName)) {
return;
}
// Avoid returning to the parent directory
if (fullName.contains("../")) {
throw new ServiceException(Status.ILLEGAL_RESOURCE_PATH, fullName);
}
String baseDir = storageOperate.getDir(ResourceType.ALL, userTenantCode);
if (StringUtils.isNotBlank(fullName) && !StringUtils.startsWith(fullName, baseDir)) {
throw new ServiceException("Resource file: " + fullName + " is illegal");
if (!StringUtils.startsWith(fullName, baseDir)) {
throw new ServiceException(Status.ILLEGAL_RESOURCE_PATH, fullName);
}
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -98,6 +98,9 @@ public void testUpdateProjectParameter() {
Mockito.when(projectParameterMapper.updateById(Mockito.any())).thenReturn(1);
result = projectParameterService.updateProjectParameter(loginUser, projectCode, 1, "key1", "value");
Assertions.assertEquals(Status.SUCCESS.getCode(), result.getCode());
ProjectParameter projectParameter = (ProjectParameter) result.getData();
Assertions.assertNotNull(projectParameter.getOperator());
Assertions.assertNotNull(projectParameter.getUpdateTime());
}

@Test
Expand Down
Loading

0 comments on commit fd621d6

Please sign in to comment.