GLUE代码越权控制
This commit is contained in:
parent
98c2354955
commit
9329fb39e7
|
@ -1483,7 +1483,7 @@ Tips: 历史版本(V1.3.x)目前已经Release至稳定版本, 进入维护阶段
|
||||||
- 触发:单节点周期性触发,运行事件如delayqueue;
|
- 触发:单节点周期性触发,运行事件如delayqueue;
|
||||||
- 调度:集群竞争,负载方式协同处理,竞争-加入时间轮-释放-竞争;
|
- 调度:集群竞争,负载方式协同处理,竞争-加入时间轮-释放-竞争;
|
||||||
- 2、用户管理:支持在线管理系统用户,存在管理员、普通用户两种角色;
|
- 2、用户管理:支持在线管理系统用户,存在管理员、普通用户两种角色;
|
||||||
- 3、权限管理:执行器维度进行权限控制,管理员拥有全量权限,普通用户需要分配执行器权限后才允许相关操作;([规划中]任务、日志,执行器,均限制权限;)
|
- 3、权限管理:执行器维度进行权限控制,管理员拥有全量权限,普通用户需要分配执行器权限后才允许相关操作;
|
||||||
- 4、调度日志优化:支持设置日志保留天数,过期日志天维度记录报表,并清理;调度报表汇总实时数据和报表;
|
- 4、调度日志优化:支持设置日志保留天数,过期日志天维度记录报表,并清理;调度报表汇总实时数据和报表;
|
||||||
- 5、调度线程池参数调优;
|
- 5、调度线程池参数调优;
|
||||||
- 6、升级xxl-rpc至较新版本,并清理冗余POM;
|
- 6、升级xxl-rpc至较新版本,并清理冗余POM;
|
||||||
|
|
|
@ -1,10 +1,13 @@
|
||||||
package com.xxl.job.admin.controller;
|
package com.xxl.job.admin.controller;
|
||||||
|
|
||||||
|
import com.xxl.job.admin.core.exception.XxlJobException;
|
||||||
import com.xxl.job.admin.core.model.XxlJobInfo;
|
import com.xxl.job.admin.core.model.XxlJobInfo;
|
||||||
import com.xxl.job.admin.core.model.XxlJobLogGlue;
|
import com.xxl.job.admin.core.model.XxlJobLogGlue;
|
||||||
|
import com.xxl.job.admin.core.model.XxlJobUser;
|
||||||
import com.xxl.job.admin.core.util.I18nUtil;
|
import com.xxl.job.admin.core.util.I18nUtil;
|
||||||
import com.xxl.job.admin.dao.XxlJobInfoDao;
|
import com.xxl.job.admin.dao.XxlJobInfoDao;
|
||||||
import com.xxl.job.admin.dao.XxlJobLogGlueDao;
|
import com.xxl.job.admin.dao.XxlJobLogGlueDao;
|
||||||
|
import com.xxl.job.admin.service.LoginService;
|
||||||
import com.xxl.job.core.biz.model.ReturnT;
|
import com.xxl.job.core.biz.model.ReturnT;
|
||||||
import com.xxl.job.core.glue.GlueTypeEnum;
|
import com.xxl.job.core.glue.GlueTypeEnum;
|
||||||
import org.springframework.stereotype.Controller;
|
import org.springframework.stereotype.Controller;
|
||||||
|
@ -13,6 +16,7 @@ import org.springframework.web.bind.annotation.RequestMapping;
|
||||||
import org.springframework.web.bind.annotation.ResponseBody;
|
import org.springframework.web.bind.annotation.ResponseBody;
|
||||||
|
|
||||||
import javax.annotation.Resource;
|
import javax.annotation.Resource;
|
||||||
|
import javax.servlet.http.HttpServletRequest;
|
||||||
import java.util.Date;
|
import java.util.Date;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
|
||||||
|
@ -30,7 +34,7 @@ public class JobCodeController {
|
||||||
private XxlJobLogGlueDao xxlJobLogGlueDao;
|
private XxlJobLogGlueDao xxlJobLogGlueDao;
|
||||||
|
|
||||||
@RequestMapping
|
@RequestMapping
|
||||||
public String index(Model model, int jobId) {
|
public String index(HttpServletRequest request, Model model, int jobId) {
|
||||||
XxlJobInfo jobInfo = xxlJobInfoDao.loadById(jobId);
|
XxlJobInfo jobInfo = xxlJobInfoDao.loadById(jobId);
|
||||||
List<XxlJobLogGlue> jobLogGlues = xxlJobLogGlueDao.findByJobId(jobId);
|
List<XxlJobLogGlue> jobLogGlues = xxlJobLogGlueDao.findByJobId(jobId);
|
||||||
|
|
||||||
|
@ -41,6 +45,12 @@ public class JobCodeController {
|
||||||
throw new RuntimeException(I18nUtil.getString("jobinfo_glue_gluetype_unvalid"));
|
throw new RuntimeException(I18nUtil.getString("jobinfo_glue_gluetype_unvalid"));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// valid permission
|
||||||
|
XxlJobUser loginUser = (XxlJobUser) request.getAttribute(LoginService.LOGIN_IDENTITY_KEY);
|
||||||
|
if (!loginUser.validPermission(jobInfo.getJobGroup())) {
|
||||||
|
throw new XxlJobException(I18nUtil.getString("system_permission_limit"));
|
||||||
|
}
|
||||||
|
|
||||||
// Glue类型-字典
|
// Glue类型-字典
|
||||||
model.addAttribute("GlueTypeEnum", GlueTypeEnum.values());
|
model.addAttribute("GlueTypeEnum", GlueTypeEnum.values());
|
||||||
|
|
||||||
|
|
|
@ -16,7 +16,6 @@ import com.xxl.job.core.enums.ExecutorBlockStrategyEnum;
|
||||||
import com.xxl.job.core.glue.GlueTypeEnum;
|
import com.xxl.job.core.glue.GlueTypeEnum;
|
||||||
import org.springframework.stereotype.Controller;
|
import org.springframework.stereotype.Controller;
|
||||||
import org.springframework.ui.Model;
|
import org.springframework.ui.Model;
|
||||||
import org.springframework.util.StringUtils;
|
|
||||||
import org.springframework.web.bind.annotation.RequestMapping;
|
import org.springframework.web.bind.annotation.RequestMapping;
|
||||||
import org.springframework.web.bind.annotation.RequestParam;
|
import org.springframework.web.bind.annotation.RequestParam;
|
||||||
import org.springframework.web.bind.annotation.ResponseBody;
|
import org.springframework.web.bind.annotation.ResponseBody;
|
||||||
|
@ -53,6 +52,18 @@ public class JobInfoController {
|
||||||
List<XxlJobGroup> jobGroupList_all = xxlJobGroupDao.findAll();
|
List<XxlJobGroup> jobGroupList_all = xxlJobGroupDao.findAll();
|
||||||
|
|
||||||
// filter group
|
// filter group
|
||||||
|
List<XxlJobGroup> jobGroupList = filterJobGroupByRole(request, jobGroupList_all);
|
||||||
|
if (jobGroupList==null || jobGroupList.size()==0) {
|
||||||
|
throw new XxlJobException(I18nUtil.getString("jobgroup_empty"));
|
||||||
|
}
|
||||||
|
|
||||||
|
model.addAttribute("JobGroupList", jobGroupList);
|
||||||
|
model.addAttribute("jobGroup", jobGroup);
|
||||||
|
|
||||||
|
return "jobinfo/jobinfo.index";
|
||||||
|
}
|
||||||
|
|
||||||
|
public static List<XxlJobGroup> filterJobGroupByRole(HttpServletRequest request, List<XxlJobGroup> jobGroupList_all){
|
||||||
List<XxlJobGroup> jobGroupList = new ArrayList<>();
|
List<XxlJobGroup> jobGroupList = new ArrayList<>();
|
||||||
if (jobGroupList_all!=null && jobGroupList_all.size()>0) {
|
if (jobGroupList_all!=null && jobGroupList_all.size()>0) {
|
||||||
XxlJobUser loginUser = (XxlJobUser) request.getAttribute(LoginService.LOGIN_IDENTITY_KEY);
|
XxlJobUser loginUser = (XxlJobUser) request.getAttribute(LoginService.LOGIN_IDENTITY_KEY);
|
||||||
|
@ -70,14 +81,7 @@ public class JobInfoController {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (jobGroupList==null || jobGroupList.size()==0) {
|
return jobGroupList;
|
||||||
throw new XxlJobException(I18nUtil.getString("jobgroup_empty"));
|
|
||||||
}
|
|
||||||
|
|
||||||
model.addAttribute("JobGroupList", jobGroupList);
|
|
||||||
model.addAttribute("jobGroup", jobGroup);
|
|
||||||
|
|
||||||
return "jobinfo/jobinfo.index";
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@RequestMapping("/pageList")
|
@RequestMapping("/pageList")
|
||||||
|
|
|
@ -4,13 +4,11 @@ import com.xxl.job.admin.core.exception.XxlJobException;
|
||||||
import com.xxl.job.admin.core.model.XxlJobGroup;
|
import com.xxl.job.admin.core.model.XxlJobGroup;
|
||||||
import com.xxl.job.admin.core.model.XxlJobInfo;
|
import com.xxl.job.admin.core.model.XxlJobInfo;
|
||||||
import com.xxl.job.admin.core.model.XxlJobLog;
|
import com.xxl.job.admin.core.model.XxlJobLog;
|
||||||
import com.xxl.job.admin.core.model.XxlJobUser;
|
|
||||||
import com.xxl.job.admin.core.schedule.XxlJobDynamicScheduler;
|
import com.xxl.job.admin.core.schedule.XxlJobDynamicScheduler;
|
||||||
import com.xxl.job.admin.core.util.I18nUtil;
|
import com.xxl.job.admin.core.util.I18nUtil;
|
||||||
import com.xxl.job.admin.dao.XxlJobGroupDao;
|
import com.xxl.job.admin.dao.XxlJobGroupDao;
|
||||||
import com.xxl.job.admin.dao.XxlJobInfoDao;
|
import com.xxl.job.admin.dao.XxlJobInfoDao;
|
||||||
import com.xxl.job.admin.dao.XxlJobLogDao;
|
import com.xxl.job.admin.dao.XxlJobLogDao;
|
||||||
import com.xxl.job.admin.service.LoginService;
|
|
||||||
import com.xxl.job.core.biz.ExecutorBiz;
|
import com.xxl.job.core.biz.ExecutorBiz;
|
||||||
import com.xxl.job.core.biz.model.LogResult;
|
import com.xxl.job.core.biz.model.LogResult;
|
||||||
import com.xxl.job.core.biz.model.ReturnT;
|
import com.xxl.job.core.biz.model.ReturnT;
|
||||||
|
@ -25,8 +23,10 @@ import org.springframework.web.bind.annotation.ResponseBody;
|
||||||
|
|
||||||
import javax.annotation.Resource;
|
import javax.annotation.Resource;
|
||||||
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletRequest;
|
||||||
import java.text.ParseException;
|
import java.util.Date;
|
||||||
import java.util.*;
|
import java.util.HashMap;
|
||||||
|
import java.util.List;
|
||||||
|
import java.util.Map;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* index controller
|
* index controller
|
||||||
|
@ -51,23 +51,7 @@ public class JobLogController {
|
||||||
List<XxlJobGroup> jobGroupList_all = xxlJobGroupDao.findAll();
|
List<XxlJobGroup> jobGroupList_all = xxlJobGroupDao.findAll();
|
||||||
|
|
||||||
// filter group
|
// filter group
|
||||||
List<XxlJobGroup> jobGroupList = new ArrayList<>();
|
List<XxlJobGroup> jobGroupList = JobInfoController.filterJobGroupByRole(request, jobGroupList_all);
|
||||||
if (jobGroupList_all!=null && jobGroupList_all.size()>0) {
|
|
||||||
XxlJobUser loginUser = (XxlJobUser) request.getAttribute(LoginService.LOGIN_IDENTITY_KEY);
|
|
||||||
if (loginUser.getRole() == 1) {
|
|
||||||
jobGroupList = jobGroupList_all;
|
|
||||||
} else {
|
|
||||||
List<String> groupIdStrs = new ArrayList<>();
|
|
||||||
if (loginUser.getPermission()!=null && loginUser.getPermission().trim().length()>0) {
|
|
||||||
groupIdStrs = Arrays.asList(loginUser.getPermission().trim().split(","));
|
|
||||||
}
|
|
||||||
for (XxlJobGroup groupItem:jobGroupList_all) {
|
|
||||||
if (groupIdStrs.contains(String.valueOf(groupItem.getId()))) {
|
|
||||||
jobGroupList.add(groupItem);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if (jobGroupList==null || jobGroupList.size()==0) {
|
if (jobGroupList==null || jobGroupList.size()==0) {
|
||||||
throw new XxlJobException(I18nUtil.getString("jobgroup_empty"));
|
throw new XxlJobException(I18nUtil.getString("jobgroup_empty"));
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,5 +1,7 @@
|
||||||
package com.xxl.job.admin.core.model;
|
package com.xxl.job.admin.core.model;
|
||||||
|
|
||||||
|
import org.springframework.util.StringUtils;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @author xuxueli 2019-05-04 16:43:12
|
* @author xuxueli 2019-05-04 16:43:12
|
||||||
*/
|
*/
|
||||||
|
@ -51,4 +53,21 @@ public class XxlJobUser {
|
||||||
this.permission = permission;
|
this.permission = permission;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// plugin
|
||||||
|
public boolean validPermission(int jobGroup){
|
||||||
|
if (this.role == 1) {
|
||||||
|
return true;
|
||||||
|
} else {
|
||||||
|
if (StringUtils.hasText(this.permission)) {
|
||||||
|
for (String permissionItem : this.permission.split(",")) {
|
||||||
|
if (String.valueOf(jobGroup).equals(permissionItem)) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue