to feature #7191 (#7194)

Co-authored-by: ouyangyewei <yewei.oyyw@alibaba-inc.com>

dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/controller/ProjectController.java

@@ -17,6 +17,7 @@
 
 package org.apache.dolphinscheduler.api.controller;
 
+import static org.apache.dolphinscheduler.api.enums.Status.QUERY_AUTHORIZED_USER;
 import static org.apache.dolphinscheduler.api.enums.Status.CREATE_PROJECT_ERROR;
 import static org.apache.dolphinscheduler.api.enums.Status.DELETE_PROJECT_ERROR;
 import static org.apache.dolphinscheduler.api.enums.Status.LOGIN_USER_QUERY_PROJECT_LIST_PAGING_ERROR;
@@ -237,6 +238,27 @@ public class ProjectController extends BaseController {
         return returnDataList(result);
     }
 
+    /**
+     * query authorized user
+     *
+     * @param loginUser     login user
+     * @param projectCode   project code
+     * @return users        who have permission for the specified project
+     */
+    @ApiOperation(value = "queryAuthorizedUser", notes = "QUERY_AUTHORIZED_USER_NOTES")
+    @ApiImplicitParams({
+        @ApiImplicitParam(name = "projectCode", value = "PROJECT_CODE", dataType = "Long", example = "100")
+    })
+    @GetMapping(value = "/authed-user")
+    @ResponseStatus(HttpStatus.OK)
+    @ApiException(QUERY_AUTHORIZED_USER)
+    @AccessLogAnnotation(ignoreRequestArgs = "loginUser")
+    public Result queryAuthorizedUser(@ApiIgnore @RequestAttribute(value = Constants.SESSION_USER) User loginUser,
+            @RequestParam("projectCode") Long projectCode) {
+        Map<String, Object> result = this.projectService.queryAuthorizedUser(loginUser, projectCode);
+        return this.returnDataList(result);
+    }
+
     /**
      * query authorized and user created project
      *

dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/enums/Status.java

@@ -213,6 +213,7 @@ public enum Status {
     QUERY_ALERT_GROUP_ERROR(10180, "query alert group error", "查询告警组错误"),
     CURRENT_LOGIN_USER_TENANT_NOT_EXIST(10181, "the tenant of the currently login user is not specified", "未指定当前登录用户的租户"),
     REVOKE_PROJECT_ERROR(10182, "revoke project error", "撤销项目授权错误"),
+    QUERY_AUTHORIZED_USER(10183, "query authorized user error", "查询拥有项目权限的用户错误"),
 
     UDF_FUNCTION_NOT_EXIST(20001, "UDF function not found", "UDF函数不存在"),
     UDF_FUNCTION_EXISTS(20002, "UDF function already exists", "UDF函数已存在"),

dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/ProjectService.java

@@ -119,6 +119,15 @@ public interface ProjectService {
      */
     Map<String, Object> queryAuthorizedProject(User loginUser, Integer userId);
 
+    /**
+     * query authorized user
+     *
+     * @param loginUser     login user
+     * @param projectCode   project code
+     * @return users        who have permission for the specified project
+     */
+    Map<String, Object> queryAuthorizedUser(User loginUser, Long projectCode);
+
     /**
      * query authorized project
      *

dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ProjectServiceImpl.java

@@ -404,6 +404,31 @@ public class ProjectServiceImpl extends BaseServiceImpl implements ProjectServic
         return result;
     }
 
+    /**
+     * query authorized user
+     *
+     * @param loginUser     login user
+     * @param projectCode   project code
+     * @return users        who have permission for the specified project
+     */
+    @Override
+    public Map<String, Object> queryAuthorizedUser(User loginUser, Long projectCode) {
+        Map<String, Object> result = new HashMap<>();
+
+        // 1. check read permission
+        Project project = this.projectMapper.queryByCode(projectCode);
+        boolean hasProjectAndPerm = this.hasProjectAndPerm(loginUser, project, result);
+        if (!hasProjectAndPerm) {
+            return result;
+        }
+
+        // 2. query authorized user list
+        List<User> users = this.userMapper.queryAuthedUserListByProjectId(project.getId());
+        result.put(Constants.DATA_LIST, users);
+        this.putMsg(result, Status.SUCCESS);
+        return result;
+    }
+
     /**
      * query authorized project
      *

dolphinscheduler-api/src/main/resources/i18n/messages.properties

@@ -140,6 +140,7 @@ DELETE_PROJECT_BY_ID_NOTES=delete project by id
 QUERY_UNAUTHORIZED_PROJECT_NOTES=query unauthorized project
 QUERY_ALL_PROJECT_LIST_NOTES=query all project list
 QUERY_AUTHORIZED_PROJECT_NOTES=query authorized project
+QUERY_AUTHORIZED_USER_NOTES=query authorized user
 TASK_RECORD_TAG=task record related operation
 QUERY_TASK_RECORD_LIST_PAGING_NOTES=query task record list paging 
 CREATE_TOKEN_NOTES=create token ，note: please login first

dolphinscheduler-api/src/main/resources/i18n/messages_en_US.properties

@@ -156,6 +156,7 @@ QUERY_ALL_PROJECT_LIST_NOTES=query all project list
 DELETE_PROJECT_BY_ID_NOTES=delete project by id 
 QUERY_UNAUTHORIZED_PROJECT_NOTES=query unauthorized project
 QUERY_AUTHORIZED_PROJECT_NOTES=query authorized project
+QUERY_AUTHORIZED_USER_NOTES=query authorized user
 TASK_RECORD_TAG=task record related operation
 QUERY_TASK_RECORD_LIST_PAGING_NOTES=query task record list paging 
 CREATE_TOKEN_NOTES=create token ，note: please login first

dolphinscheduler-api/src/main/resources/i18n/messages_zh_CN.properties

@@ -145,6 +145,7 @@ QUERY_ALL_PROJECT_LIST_NOTES=查询所有项目
 DELETE_PROJECT_BY_ID_NOTES=通过ID删除项目
 QUERY_UNAUTHORIZED_PROJECT_NOTES=查询未授权的项目
 QUERY_AUTHORIZED_PROJECT_NOTES=查询授权项目
+QUERY_AUTHORIZED_USER_NOTES=查询拥有项目授权的用户
 TASK_RECORD_TAG=任务记录相关操作
 QUERY_TASK_RECORD_LIST_PAGING_NOTES=分页查询任务记录列表
 CREATE_TOKEN_NOTES=创建token，注意需要先登录

dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/controller/ProjectControllerTest.java

@@ -125,6 +125,16 @@ public class ProjectControllerTest {
         Assert.assertEquals(Status.SUCCESS.getCode(), response.getCode().intValue());
     }
 
+    @Test
+    public void testQueryAuthorizedUser() {
+        Map<String, Object> result = new HashMap<>();
+        this.putMsg(result, Status.SUCCESS);
+
+        Mockito.when(this.projectService.queryAuthorizedUser(this.user, 3682329499136L)).thenReturn(result);
+        Result response = this.projectController.queryAuthorizedUser(this.user, 3682329499136L);
+        Assert.assertEquals(Status.SUCCESS.getCode(), response.getCode().intValue());
+    }
+
     @Test
     public void testQueryAllProjectList() {
         Map<String, Object> result = new HashMap<>();

dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/ProjectServiceTest.java

@@ -276,6 +276,38 @@ public class ProjectServiceTest {
         Assert.assertTrue(CollectionUtils.isNotEmpty(projects));
     }
 
+    @Test
+    public void testQueryAuthorizedUser() {
+        final User loginUser = this.getLoginUser();
+
+        // Failure 1: PROJECT_NOT_FOUND
+        Map<String, Object> result = this.projectService.queryAuthorizedUser(loginUser, 3682329499136L);
+        logger.info("FAILURE 1: {}", result.toString());
+        Assert.assertEquals(Status.PROJECT_NOT_FOUNT, result.get(Constants.STATUS));
+
+        // Failure 2: USER_NO_OPERATION_PROJECT_PERM
+        loginUser.setId(100);
+        Mockito.when(this.projectMapper.queryByCode(Mockito.anyLong())).thenReturn(this.getProject());
+        result = this.projectService.queryAuthorizedUser(loginUser, 3682329499136L);
+        logger.info("FAILURE 2: {}", result.toString());
+        Assert.assertEquals(Status.USER_NO_OPERATION_PROJECT_PERM, result.get(Constants.STATUS));
+
+        // SUCCESS
+        loginUser.setUserType(UserType.ADMIN_USER);
+        Mockito.when(this.userMapper.queryAuthedUserListByProjectId(1)).thenReturn(this.getUserList());
+        result = this.projectService.queryAuthorizedUser(loginUser, 3682329499136L);
+        logger.info("SUCCESS 1: {}", result.toString());
+        List<User> users = (List<User>) result.get(Constants.DATA_LIST);
+        Assert.assertTrue(CollectionUtils.isNotEmpty(users));
+
+        loginUser.setId(1);
+        loginUser.setUserType(UserType.GENERAL_USER);
+        result = this.projectService.queryAuthorizedUser(loginUser, 3682329499136L);
+        logger.info("SUCCESS 2: {}", result.toString());
+        users = (List<User>) result.get(Constants.DATA_LIST);
+        Assert.assertTrue(CollectionUtils.isNotEmpty(users));
+    }
+
     @Test
     public void testQueryCreatedProject() {
 
@@ -365,6 +397,28 @@ public class ProjectServiceTest {
         return loginUser;
     }
 
+    /**
+     * Get general user
+     * @return
+     */
+    private User getGeneralUser() {
+        User user = new User();
+        user.setUserType(UserType.GENERAL_USER);
+        user.setUserName("userTest0001");
+        user.setUserPassword("userTest0001");
+        return user;
+    }
+
+    /**
+     * Get user list
+     * @return
+     */
+    private List<User> getUserList() {
+        List<User> userList = new ArrayList<>();
+        userList.add(this.getGeneralUser());
+        return userList;
+    }
+
     /**
      * get project user
      */

dolphinscheduler-dao/src/main/java/org/apache/dolphinscheduler/dao/mapper/UserMapper.java

@@ -162,4 +162,11 @@ public interface UserMapper extends BaseMapper<User> {
      * @return user list
      */
     List<User> selectByIds(@Param("ids") List<Integer> ids);
+
+    /**
+     * query authed user list by projectId
+     * @param projectId projectId
+     * @return user list
+     */
+    List<User> queryAuthedUserListByProjectId(@Param("projectId") int projectId);
 }

dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/UserMapper.xml

@@ -123,4 +123,12 @@
             #{id}
         </foreach>
     </select>
+    <select id="queryAuthedUserListByProjectId" resultType="org.apache.dolphinscheduler.dao.entity.User">
+        select
+        <include refid="baseSqlV2">
+            <property name="alias" value="u"/>
+        </include>
+        from t_ds_user u, t_ds_relation_project_user rel
+        where u.id = rel.user_id and rel.project_id = #{projectId}
+    </select>
 </mapper>