Home Explore Help
Sign In
pangqijun
/
xxl-job
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

GLUE代码越权控制

xuxueli 5 years ago
parent
98c2354955
commit
9329fb39e7
5 changed files with 49 additions and 32 deletions
Split View Show Diff Stats
  1. 1 1
      doc/XXL-JOB官方文档.md
  2. 11 1
      xxl-job-admin/src/main/java/com/xxl/job/admin/controller/JobCodeController.java
  3. 13 9
      xxl-job-admin/src/main/java/com/xxl/job/admin/controller/JobInfoController.java
  4. 5 21
      xxl-job-admin/src/main/java/com/xxl/job/admin/controller/JobLogController.java
  5. 19 0
      xxl-job-admin/src/main/java/com/xxl/job/admin/core/model/XxlJobUser.java

+ 1 - 1
doc/XXL-JOB官方文档.md
View File 

@@ -1483,7 +1483,7 @@ Tips: 历史版本(V1.3.x)目前已经Release至稳定版本, 进入维护阶段
 
     - 触发:单节点周期性触发,运行事件如delayqueue;
 
     - 调度:集群竞争,负载方式协同处理,竞争-加入时间轮-释放-竞争;
 
 - 2、用户管理:支持在线管理系统用户,存在管理员、普通用户两种角色;
 
-- 3、权限管理:执行器维度进行权限控制,管理员拥有全量权限,普通用户需要分配执行器权限后才允许相关操作;([规划中]任务、日志,执行器,均限制权限;)
 
+- 3、权限管理:执行器维度进行权限控制,管理员拥有全量权限,普通用户需要分配执行器权限后才允许相关操作;
 
 - 4、调度日志优化:支持设置日志保留天数,过期日志天维度记录报表,并清理;调度报表汇总实时数据和报表;
 
 - 5、调度线程池参数调优;
 
 - 6、升级xxl-rpc至较新版本,并清理冗余POM;

+ 11 - 1
xxl-job-admin/src/main/java/com/xxl/job/admin/controller/JobCodeController.java
View File 

@@ -1,10 +1,13 @@
 
 package com.xxl.job.admin.controller;

 

+import com.xxl.job.admin.core.exception.XxlJobException;

 import com.xxl.job.admin.core.model.XxlJobInfo;

 import com.xxl.job.admin.core.model.XxlJobLogGlue;

+import com.xxl.job.admin.core.model.XxlJobUser;

 import com.xxl.job.admin.core.util.I18nUtil;

 import com.xxl.job.admin.dao.XxlJobInfoDao;

 import com.xxl.job.admin.dao.XxlJobLogGlueDao;

+import com.xxl.job.admin.service.LoginService;

 import com.xxl.job.core.biz.model.ReturnT;

 import com.xxl.job.core.glue.GlueTypeEnum;

 import org.springframework.stereotype.Controller;

@@ -13,6 +16,7 @@ import org.springframework.web.bind.annotation.RequestMapping;
 
 import org.springframework.web.bind.annotation.ResponseBody;

 

 import javax.annotation.Resource;

+import javax.servlet.http.HttpServletRequest;

 import java.util.Date;

 import java.util.List;

 

@@ -30,7 +34,7 @@ public class JobCodeController {
 
 	private XxlJobLogGlueDao xxlJobLogGlueDao;

 

 	@RequestMapping

-	public String index(Model model, int jobId) {

+	public String index(HttpServletRequest request, Model model, int jobId) {

 		XxlJobInfo jobInfo = xxlJobInfoDao.loadById(jobId);

 		List<XxlJobLogGlue> jobLogGlues = xxlJobLogGlueDao.findByJobId(jobId);

 

@@ -41,6 +45,12 @@ public class JobCodeController {
 
 			throw new RuntimeException(I18nUtil.getString("jobinfo_glue_gluetype_unvalid"));

 		}

 

+		// valid permission

+		XxlJobUser loginUser = (XxlJobUser) request.getAttribute(LoginService.LOGIN_IDENTITY_KEY);

+		if (!loginUser.validPermission(jobInfo.getJobGroup())) {

+			throw new XxlJobException(I18nUtil.getString("system_permission_limit"));

+		}

+

 		// Glue类型-字典

 		model.addAttribute("GlueTypeEnum", GlueTypeEnum.values());

+ 13 - 9
xxl-job-admin/src/main/java/com/xxl/job/admin/controller/JobInfoController.java
View File 

@@ -16,7 +16,6 @@ import com.xxl.job.core.enums.ExecutorBlockStrategyEnum;
 
 import com.xxl.job.core.glue.GlueTypeEnum;
 
 import org.springframework.stereotype.Controller;
 
 import org.springframework.ui.Model;
 
-import org.springframework.util.StringUtils;
 
 import org.springframework.web.bind.annotation.RequestMapping;
 
 import org.springframework.web.bind.annotation.RequestParam;
 
 import org.springframework.web.bind.annotation.ResponseBody;
 
@@ -53,6 +52,18 @@ public class JobInfoController {
 
 		List<XxlJobGroup> jobGroupList_all =  xxlJobGroupDao.findAll();
 
 
 		// filter group
 
+		List<XxlJobGroup> jobGroupList = filterJobGroupByRole(request, jobGroupList_all);
 
+		if (jobGroupList==null || jobGroupList.size()==0) {
 
+			throw new XxlJobException(I18nUtil.getString("jobgroup_empty"));
 
+		}
 
+
 
+		model.addAttribute("JobGroupList", jobGroupList);
 
+		model.addAttribute("jobGroup", jobGroup);
 
+
 
+		return "jobinfo/jobinfo.index";
 
+	}
 
+
 
+	public static List<XxlJobGroup> filterJobGroupByRole(HttpServletRequest request, List<XxlJobGroup> jobGroupList_all){
 
 		List<XxlJobGroup> jobGroupList = new ArrayList<>();
 
 		if (jobGroupList_all!=null && jobGroupList_all.size()>0) {
 
 			XxlJobUser loginUser = (XxlJobUser) request.getAttribute(LoginService.LOGIN_IDENTITY_KEY);
 
@@ -70,14 +81,7 @@ public class JobInfoController {
 
 				}
 
 			}
 
 		}
 
-		if (jobGroupList==null || jobGroupList.size()==0) {
 
-			throw new XxlJobException(I18nUtil.getString("jobgroup_empty"));
 
-		}
 
-
 
-		model.addAttribute("JobGroupList", jobGroupList);
 
-		model.addAttribute("jobGroup", jobGroup);
 
-
 
-		return "jobinfo/jobinfo.index";
 
+		return jobGroupList;
 
 	}
 
 	
 	@RequestMapping("/pageList")

+ 5 - 21
xxl-job-admin/src/main/java/com/xxl/job/admin/controller/JobLogController.java
View File 

@@ -4,13 +4,11 @@ import com.xxl.job.admin.core.exception.XxlJobException;
 
 import com.xxl.job.admin.core.model.XxlJobGroup;

 import com.xxl.job.admin.core.model.XxlJobInfo;

 import com.xxl.job.admin.core.model.XxlJobLog;

-import com.xxl.job.admin.core.model.XxlJobUser;

 import com.xxl.job.admin.core.schedule.XxlJobDynamicScheduler;

 import com.xxl.job.admin.core.util.I18nUtil;

 import com.xxl.job.admin.dao.XxlJobGroupDao;

 import com.xxl.job.admin.dao.XxlJobInfoDao;

 import com.xxl.job.admin.dao.XxlJobLogDao;

-import com.xxl.job.admin.service.LoginService;

 import com.xxl.job.core.biz.ExecutorBiz;

 import com.xxl.job.core.biz.model.LogResult;

 import com.xxl.job.core.biz.model.ReturnT;

@@ -25,8 +23,10 @@ import org.springframework.web.bind.annotation.ResponseBody;
 
 

 import javax.annotation.Resource;

 import javax.servlet.http.HttpServletRequest;

-import java.text.ParseException;

-import java.util.*;

+import java.util.Date;

+import java.util.HashMap;

+import java.util.List;

+import java.util.Map;

 

 /**

  * index controller

@@ -51,23 +51,7 @@ public class JobLogController {
 
 		List<XxlJobGroup> jobGroupList_all =  xxlJobGroupDao.findAll();

 

 		// filter group

-		List<XxlJobGroup> jobGroupList = new ArrayList<>();

-		if (jobGroupList_all!=null && jobGroupList_all.size()>0) {

-			XxlJobUser loginUser = (XxlJobUser) request.getAttribute(LoginService.LOGIN_IDENTITY_KEY);

-			if (loginUser.getRole() == 1) {

-				jobGroupList = jobGroupList_all;

-			} else {

-				List<String> groupIdStrs = new ArrayList<>();

-				if (loginUser.getPermission()!=null && loginUser.getPermission().trim().length()>0) {

-					groupIdStrs = Arrays.asList(loginUser.getPermission().trim().split(","));

-				}

-				for (XxlJobGroup groupItem:jobGroupList_all) {

-					if (groupIdStrs.contains(String.valueOf(groupItem.getId()))) {

-						jobGroupList.add(groupItem);

-					}

-				}

-			}

-		}

+		List<XxlJobGroup> jobGroupList = JobInfoController.filterJobGroupByRole(request, jobGroupList_all);

 		if (jobGroupList==null || jobGroupList.size()==0) {

 			throw new XxlJobException(I18nUtil.getString("jobgroup_empty"));

 		}

+ 19 - 0
xxl-job-admin/src/main/java/com/xxl/job/admin/core/model/XxlJobUser.java
View File 

@@ -1,5 +1,7 @@
 
 package com.xxl.job.admin.core.model;
 
 
+import org.springframework.util.StringUtils;
 
+
 
 /**
 
  * @author xuxueli 2019-05-04 16:43:12
 
  */
 
@@ -51,4 +53,21 @@ public class XxlJobUser {
 
 		this.permission = permission;
 
 	}
 
 
+	// plugin
 
+	public boolean validPermission(int jobGroup){
 
+		if (this.role == 1) {
 
+			return true;
 
+		} else {
 
+			if (StringUtils.hasText(this.permission)) {
 
+				for (String permissionItem : this.permission.split(",")) {
 
+					if (String.valueOf(jobGroup).equals(permissionItem)) {
 
+						return true;
 
+					}
 
+				}
 
+			}
 
+			return false;
 
+		}
 
+
 
+	}
 
+
 
 }