[INLONG-12075][Manager] Allow admin or in-charge delete InlongGroup (#12076)

Author: healchow

inlong-manager/manager-common/src/main/java/org/apache/inlong/manager/common/util/Preconditions.java

@@ -25,11 +25,9 @@
 
 import java.util.Arrays;
 import java.util.Collection;
-import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
 import java.util.Objects;
-import java.util.Set;
 import java.util.function.Supplier;
 
 /**
@@ -197,7 +195,9 @@ public static boolean inSeparatedString(String target, String separatedStr, Stri
         if (StringUtils.isBlank(target) || StringUtils.isBlank(separatedStr)) {
             return false;
         }
-        Set<String> set = new HashSet<>(Arrays.asList(separatedStr.split(separator)));
-        return set.contains(target);
+        // For a single lookup, using a List avoids the extra cost of building a Set;
+        // prefer Set only for repeated lookups.
+        List<String> list = Arrays.asList(separatedStr.split(separator));
+        return list.contains(target);
     }
 }

inlong-manager/manager-service/src/main/java/org/apache/inlong/manager/service/cluster/InlongClusterServiceImpl.java

@@ -34,7 +34,6 @@
 import org.apache.inlong.manager.common.enums.ErrorCodeEnum;
 import org.apache.inlong.manager.common.enums.GroupStatus;
 import org.apache.inlong.manager.common.enums.NodeStatus;
-import org.apache.inlong.manager.common.enums.TenantUserTypeEnum;
 import org.apache.inlong.manager.common.exceptions.BusinessException;
 import org.apache.inlong.manager.common.util.CommonBeanUtils;
 import org.apache.inlong.manager.common.util.Preconditions;
@@ -85,6 +84,7 @@
 import org.apache.inlong.manager.service.tenant.InlongTenantService;
 import org.apache.inlong.manager.service.user.InlongRoleService;
 import org.apache.inlong.manager.service.user.TenantRoleService;
+import org.apache.inlong.manager.service.user.UserService;
 
 import com.github.pagehelper.Page;
 import com.github.pagehelper.PageHelper;
@@ -168,6 +168,8 @@ public class InlongClusterServiceImpl implements InlongClusterService {
     @Autowired
     private TenantClusterTagEntityMapper tenantClusterTagMapper;
     @Autowired
+    private UserService userService;
+    @Autowired
     private InlongTenantService tenantService;
     @Autowired
     private InlongRoleService inlongRoleService;
@@ -283,12 +285,9 @@ public List<ClusterTagResponse> listTag(ClusterTagPageRequest request, UserInfo
         List<InlongClusterTagEntity> clusterTagEntities = clusterTagMapper.selectByCondition(request);
         if (CollectionUtils.isNotEmpty(clusterTagEntities)) {
             for (InlongClusterTagEntity tagEntity : clusterTagEntities) {
-                // only the person in charges can query
-                if (!opInfo.getAccountType().equals(TenantUserTypeEnum.TENANT_ADMIN.getCode())) {
-                    List<String> inCharges = Arrays.asList(tagEntity.getInCharges().split(InlongConstants.COMMA));
-                    if (!inCharges.contains(opInfo.getName())) {
-                        continue;
-                    }
+                // only the person is admin or in charges can query
+                if (!userService.isAdminOrInCharge(opInfo, null, tagEntity.getInCharges())) {
+                    continue;
                 }
                 filterResult.add(tagEntity);
             }
@@ -503,12 +502,9 @@ public List<ClusterInfo> list(ClusterPageRequest request, UserInfo opInfo) {
         List<InlongClusterEntity> clusterEntities = clusterMapper.selectByCondition(request);
         List<InlongClusterEntity> filterResult = new ArrayList<>();
         for (InlongClusterEntity entity : clusterEntities) {
-            // only the person in charges can query
-            if (!opInfo.getAccountType().equals(TenantUserTypeEnum.TENANT_ADMIN.getCode())) {
-                List<String> inCharges = Arrays.asList(entity.getInCharges().split(InlongConstants.COMMA));
-                if (!inCharges.contains(opInfo.getName())) {
-                    continue;
-                }
+            // only the person is admin or in charges can query
+            if (!userService.isAdminOrInCharge(opInfo, null, entity.getInCharges())) {
+                continue;
             }
             filterResult.add(entity);
         }
@@ -797,12 +793,9 @@ public List<ClusterNodeResponse> listNode(ClusterPageRequest request, UserInfo o
             List<InlongClusterEntity> clusterList =
                     clusterMapper.selectByKey(request.getClusterTag(), request.getName(), request.getType());
             for (InlongClusterEntity cluster : clusterList) {
-                // only the person in charges can query
-                if (!opInfo.getAccountType().equals(TenantUserTypeEnum.TENANT_ADMIN.getCode())) {
-                    List<String> inCharges = Arrays.asList(cluster.getInCharges().split(InlongConstants.COMMA));
-                    if (!inCharges.contains(opInfo.getName())) {
-                        continue;
-                    }
+                // only the person is admin or in charges can query
+                if (!userService.isAdminOrInCharge(opInfo, null, cluster.getInCharges())) {
+                    continue;
                 }
                 allNodeList.addAll(clusterNodeMapper.selectByParentId(cluster.getId(), null));
             }

inlong-manager/manager-service/src/main/java/org/apache/inlong/manager/service/group/InlongGroupProcessService.java

@@ -17,13 +17,11 @@
 
 package org.apache.inlong.manager.service.group;
 
-import org.apache.inlong.manager.common.consts.InlongConstants;
 import org.apache.inlong.manager.common.enums.ErrorCodeEnum;
 import org.apache.inlong.manager.common.enums.GroupOperateType;
 import org.apache.inlong.manager.common.enums.GroupStatus;
 import org.apache.inlong.manager.common.enums.ProcessName;
 import org.apache.inlong.manager.common.enums.TaskStatus;
-import org.apache.inlong.manager.common.enums.TenantUserTypeEnum;
 import org.apache.inlong.manager.common.exceptions.BusinessException;
 import org.apache.inlong.manager.common.exceptions.WorkflowListenerException;
 import org.apache.inlong.manager.common.threadPool.VisiableThreadPoolTaskExecutor;
@@ -54,7 +52,6 @@
 import org.springframework.stereotype.Service;
 
 import java.util.ArrayList;
-import java.util.Arrays;
 import java.util.Comparator;
 import java.util.List;
 import java.util.concurrent.ExecutorService;
@@ -274,15 +271,10 @@ public Boolean deleteProcess(String groupId, String operator) {
     public Boolean deleteProcess(String groupId, UserInfo opInfo) {
         InlongGroupEntity entity = groupMapper.selectByGroupId(groupId);
         Preconditions.expectNotNull(entity, ErrorCodeEnum.GROUP_NOT_FOUND, ErrorCodeEnum.GROUP_NOT_FOUND.getMessage());
-        // only the person in charges can delete
-        if (!opInfo.getAccountType().equals(TenantUserTypeEnum.TENANT_ADMIN.getCode())) {
-            List<String> inCharges = Arrays.asList(entity.getInCharges().split(InlongConstants.COMMA));
-            if (!inCharges.contains(opInfo.getName())) {
-                throw new BusinessException(ErrorCodeEnum.GROUP_PERMISSION_DENIED);
-            }
-        }
+
         // check can be deleted
         InlongGroupInfo groupInfo = groupService.doDeleteCheck(groupId, opInfo.getName());
+
         // start to delete group process
         GroupResourceProcessForm form = genGroupResourceProcessForm(groupInfo, GroupOperateType.DELETE);
         WorkflowResult result = workflowService.start(ProcessName.DELETE_GROUP_PROCESS, opInfo.getName(), form);

inlong-manager/manager-service/src/main/java/org/apache/inlong/manager/service/group/InlongGroupServiceImpl.java

@@ -27,7 +27,6 @@
 import org.apache.inlong.manager.common.enums.GroupStatus;
 import org.apache.inlong.manager.common.enums.OperationTarget;
 import org.apache.inlong.manager.common.enums.ProcessName;
-import org.apache.inlong.manager.common.enums.TenantUserTypeEnum;
 import org.apache.inlong.manager.common.exceptions.BusinessException;
 import org.apache.inlong.manager.common.util.CommonBeanUtils;
 import org.apache.inlong.manager.common.util.JsonUtils;
@@ -108,7 +107,6 @@
 import java.sql.Timestamp;
 import java.time.LocalDateTime;
 import java.util.ArrayList;
-import java.util.Arrays;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
@@ -463,12 +461,9 @@ public List<InlongGroupBriefInfo> listBrief(InlongGroupPageRequest request, User
         OrderFieldEnum.checkOrderField(request);
         OrderTypeEnum.checkOrderType(request);
         for (InlongGroupEntity groupEntity : groupMapper.selectByCondition(request)) {
-            // only the person in charges can query
-            if (!opInfo.getAccountType().equals(TenantUserTypeEnum.TENANT_ADMIN.getCode())) {
-                List<String> inCharges = Arrays.asList(groupEntity.getInCharges().split(InlongConstants.COMMA));
-                if (!inCharges.contains(opInfo.getName())) {
-                    continue;
-                }
+            // only the person is admin or in charges can query
+            if (!userService.isAdminOrInCharge(opInfo, null, groupEntity.getInCharges())) {
+                continue;
             }
             filterGroupEntities.add(groupEntity);
         }
@@ -635,12 +630,10 @@ public Map<String, Object> detail(String groupId) {
     @Override
     public InlongGroupInfo doDeleteCheck(String groupId, String operator) {
         InlongGroupInfo groupInfo = this.get(groupId);
-        // only the person in charges can update
-        List<String> inCharges = Arrays.asList(groupInfo.getInCharges().split(InlongConstants.COMMA));
-        if (!inCharges.contains(operator)) {
-            throw new BusinessException(ErrorCodeEnum.GROUP_PERMISSION_DENIED,
-                    String.format("user [%s] has no privilege for the inlong group", operator));
-        }
+        // only the person is admin or in charges can delete
+        userService.checkUser(groupInfo.getInCharges(), operator,
+                "Current user does not have permission to delete group info");
+
         // determine whether the current status can be deleted
         GroupStatus curState = GroupStatus.forCode(groupInfo.getStatus());
         if (GroupStatus.notAllowedTransition(curState, GroupStatus.CONFIG_DELETING)) {
@@ -762,14 +755,12 @@ private UserDefinedSortConf createUserDefinedSortConfig(Map<String, String> extM
     }
 
     private void chkUnmodifiableParams(InlongGroupEntity entity, InlongGroupRequest request) {
-        // check mqType
-        Preconditions.expectTrue(
-                Objects.equals(entity.getMqType(), request.getMqType())
-                        || Objects.equals(entity.getStatus(), GroupStatus.TO_BE_SUBMIT.getCode()),
+        // check mqType, the mqType must not null in entity
+        Preconditions.expectTrue(entity.getMqType().equals(request.getMqType())
+                || GroupStatus.TO_BE_SUBMIT.getCode().equals(entity.getStatus()),
                 "mqType not allowed modify");
         // check record version
-        Preconditions.expectEquals(entity.getVersion(), request.getVersion(),
-                ErrorCodeEnum.CONFIG_EXPIRED,
+        Preconditions.expectEquals(entity.getVersion(), request.getVersion(), ErrorCodeEnum.CONFIG_EXPIRED,
                 String.format("record has expired with record version=%d, request version=%d",
                         entity.getVersion(), request.getVersion()));
     }
@@ -783,7 +774,7 @@ public Boolean startTagSwitch(String groupId, String clusterTag) {
 
         // check if the group mode is data sync mode
         if (InlongConstants.DATASYNC_REALTIME_MODE.equals(groupInfo.getInlongGroupMode())) {
-            String errMSg = String.format("no need to switch sync mode group = {}", groupId);
+            String errMSg = String.format("no need to switch sync mode group = %s", groupId);
             LOGGER.error(errMSg);
             throw new BusinessException(errMSg);
         }

inlong-manager/manager-service/src/main/java/org/apache/inlong/manager/service/sink/StreamSinkServiceImpl.java

@@ -25,7 +25,6 @@
 import org.apache.inlong.manager.common.enums.OperationTarget;
 import org.apache.inlong.manager.common.enums.SinkStatus;
 import org.apache.inlong.manager.common.enums.StreamStatus;
-import org.apache.inlong.manager.common.enums.TenantUserTypeEnum;
 import org.apache.inlong.manager.common.exceptions.BusinessException;
 import org.apache.inlong.manager.common.util.CommonBeanUtils;
 import org.apache.inlong.manager.common.util.JsonUtils;
@@ -96,7 +95,6 @@
 
 import java.io.StringReader;
 import java.util.ArrayList;
-import java.util.Arrays;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.List;
@@ -435,17 +433,13 @@ public List<? extends StreamSink> listByCondition(SinkPageRequest request, UserI
             StreamSinkOperator sinkOperator = operatorFactory.getInstance(entry.getKey());
             PageResult<? extends StreamSink> pageInfo = sinkOperator.getPageInfo(entry.getValue());
             for (StreamSink streamSink : pageInfo.getList()) {
-                InlongGroupEntity groupEntity =
-                        groupMapper.selectByGroupId(streamSink.getInlongGroupId());
+                InlongGroupEntity groupEntity = groupMapper.selectByGroupId(streamSink.getInlongGroupId());
                 if (groupEntity == null) {
                     continue;
                 }
-                // only the person in charges can query
-                if (!opInfo.getAccountType().equals(TenantUserTypeEnum.TENANT_ADMIN.getCode())) {
-                    List<String> inCharges = Arrays.asList(groupEntity.getInCharges().split(InlongConstants.COMMA));
-                    if (!inCharges.contains(opInfo.getName())) {
-                        continue;
-                    }
+                // only the person is admin or in charges can query
+                if (!userService.isAdminOrInCharge(opInfo, null, groupEntity.getInCharges())) {
+                    continue;
                 }
                 filterResult.add(streamSink);
             }

inlong-manager/manager-service/src/main/java/org/apache/inlong/manager/service/source/StreamSourceServiceImpl.java

@@ -251,7 +251,7 @@ public PageResult<? extends StreamSource> listByCondition(SourcePageRequest requ
         OrderTypeEnum.checkOrderType(request);
         List<StreamSourceEntity> entityList = sourceMapper.selectByCondition(request);
         List<StreamSourceEntity> filteredEntitys = Lists.newArrayList();
-        if (opInfo.getAccountType().equals(TenantUserTypeEnum.TENANT_ADMIN.getCode())) {
+        if (TenantUserTypeEnum.TENANT_ADMIN.getCode().equals(opInfo.getAccountType())) {
             filteredEntitys.addAll(entityList);
         } else {
             Set<String> totalGroupIds = new HashSet<>();

inlong-manager/manager-service/src/main/java/org/apache/inlong/manager/service/user/UserService.java

@@ -22,6 +22,8 @@
 import org.apache.inlong.manager.pojo.user.UserLoginRequest;
 import org.apache.inlong.manager.pojo.user.UserRequest;
 
+import javax.annotation.Nullable;
+
 /**
  * User service interface
  */
@@ -91,4 +93,13 @@ public interface UserService {
      */
     void checkUser(String inCharges, String user, String errMsg);
 
+    /**
+     * Check whether the user is admin or in charge.
+     * @param userInfo user info
+     * @param username username, if it is null, will use userInfo.getName()
+     * @param inCharges in charge list, if it is null, will ignore check in charge
+     * @return true if the user is admin or in charge
+     */
+    boolean isAdminOrInCharge(UserInfo userInfo, @Nullable String username, @Nullable String inCharges);
+
 }