(improvement)(headless) Add integrate test for domain, model, view auth checking (#720)

Co-authored-by: jolunoluo
2025-12-10 11:07:06 +00:00 · 2024-02-04 21:56:30 +08:00
parent e801c448be
commit 8a342eb32a
8 changed files with 168 additions and 8 deletions
--- a/auth/api/src/main/java/com/tencent/supersonic/auth/api/authentication/pojo/User.java
+++ b/auth/api/src/main/java/com/tencent/supersonic/auth/api/authentication/pojo/User.java
@@ -24,6 +24,10 @@ public class User {
        return new User(id, name, displayName, email, isAdmin);
    }

+    public static User get(Long id, String name) {
+        return new User(id, name, name, name, 0);
+    }
+
    public static User getFakeUser() {
        return new User(1L, "admin", "admin", "admin@email", 1);
    }
--- a/headless/server/src/main/java/com/tencent/supersonic/headless/server/service/ViewService.java
+++ b/headless/server/src/main/java/com/tencent/supersonic/headless/server/service/ViewService.java
@@ -18,4 +18,8 @@ public interface ViewService {
    List<ViewResp> getViewList(MetaFilter metaFilter);

    void delete(Long id, User user);
+
+    List<ViewResp> getViews(User user);
+
+    List<ViewResp> getViewsInheritAuth(User user, Long domainId);
 }
--- a/headless/server/src/main/java/com/tencent/supersonic/headless/server/service/impl/DomainServiceImpl.java
+++ b/headless/server/src/main/java/com/tencent/supersonic/headless/server/service/impl/DomainServiceImpl.java
@@ -10,10 +10,12 @@ import com.tencent.supersonic.headless.api.pojo.request.DomainReq;
 import com.tencent.supersonic.headless.api.pojo.request.DomainUpdateReq;
 import com.tencent.supersonic.headless.api.pojo.response.DomainResp;
 import com.tencent.supersonic.headless.api.pojo.response.ModelResp;
+import com.tencent.supersonic.headless.api.pojo.response.ViewResp;
 import com.tencent.supersonic.headless.server.persistence.dataobject.DomainDO;
 import com.tencent.supersonic.headless.server.persistence.repository.DomainRepository;
 import com.tencent.supersonic.headless.server.service.DomainService;
 import com.tencent.supersonic.headless.server.service.ModelService;
+import com.tencent.supersonic.headless.server.service.ViewService;
 import com.tencent.supersonic.headless.server.utils.DomainConvert;
 import lombok.extern.slf4j.Slf4j;
 import org.assertj.core.util.Sets;
@@ -41,14 +43,17 @@ public class DomainServiceImpl implements DomainService {
    private final DomainRepository domainRepository;
    private final ModelService modelService;
    private final UserService userService;
+    private final ViewService viewService;


    public DomainServiceImpl(DomainRepository domainRepository,
                             @Lazy ModelService modelService,
-                             UserService userService) {
+                             UserService userService,
+                             @Lazy ViewService viewService) {
        this.domainRepository = domainRepository;
        this.modelService = modelService;
        this.userService = userService;
+        this.viewService = viewService;
    }

    @Override
@@ -99,6 +104,11 @@ public class DomainServiceImpl implements DomainService {
            List<Long> domainIds = modelResps.stream().map(ModelResp::getDomainId).collect(Collectors.toList());
            domainWithAuthAll.addAll(getParentDomain(domainIds));
        }
+        List<ViewResp> viewResps = viewService.getViews(user);
+        if (!CollectionUtils.isEmpty(viewResps)) {
+            List<Long> domainIds = viewResps.stream().map(ViewResp::getDomainId).collect(Collectors.toList());
+            domainWithAuthAll.addAll(getParentDomain(domainIds));
+        }
        return new ArrayList<>(domainWithAuthAll).stream()
                .sorted(Comparator.comparingLong(DomainResp::getId)).collect(Collectors.toList());
    }
--- a/headless/server/src/main/java/com/tencent/supersonic/headless/server/service/impl/SchemaServiceImpl.java
+++ b/headless/server/src/main/java/com/tencent/supersonic/headless/server/service/impl/SchemaServiceImpl.java
@@ -53,7 +53,6 @@ import java.util.Collection;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
-import java.util.concurrent.ExecutionException;
 import java.util.concurrent.TimeUnit;
 import java.util.stream.Collectors;

@@ -336,7 +335,7 @@ public class SchemaServiceImpl implements SchemaService {
                .collect(Collectors.toList());
    }

-    private void fillStaticInfo(List<ViewSchemaResp> viewSchemaResps) throws ExecutionException {
+    private void fillStaticInfo(List<ViewSchemaResp> viewSchemaResps) {
        List<Long> viewIds = viewSchemaResps.stream()
                .map(ViewSchemaResp::getId).collect(Collectors.toList());
        ItemUseReq itemUseReq = new ItemUseReq();
--- a/headless/server/src/main/java/com/tencent/supersonic/headless/server/service/impl/ViewServiceImpl.java
+++ b/headless/server/src/main/java/com/tencent/supersonic/headless/server/service/impl/ViewServiceImpl.java
@@ -5,12 +5,14 @@ import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
 import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
 import com.google.common.collect.Lists;
 import com.tencent.supersonic.auth.api.authentication.pojo.User;
+import com.tencent.supersonic.common.pojo.enums.AuthType;
 import com.tencent.supersonic.common.pojo.enums.StatusEnum;
 import com.tencent.supersonic.common.pojo.enums.TypeEnums;
 import com.tencent.supersonic.common.util.BeanMapper;
 import com.tencent.supersonic.headless.api.pojo.QueryConfig;
 import com.tencent.supersonic.headless.api.pojo.ViewDetail;
 import com.tencent.supersonic.headless.api.pojo.request.ViewReq;
+import com.tencent.supersonic.headless.api.pojo.response.DomainResp;
 import com.tencent.supersonic.headless.api.pojo.response.ViewResp;
 import com.tencent.supersonic.headless.server.persistence.dataobject.ViewDO;
 import com.tencent.supersonic.headless.server.persistence.mapper.ViewDOMapper;
@@ -23,8 +25,11 @@ import org.springframework.stereotype.Service;
 import org.springframework.util.CollectionUtils;

 import java.util.Arrays;
+import java.util.Comparator;
 import java.util.Date;
+import java.util.HashSet;
 import java.util.List;
+import java.util.Set;
 import java.util.stream.Collectors;

@Service
@@ -79,6 +84,43 @@ public class ViewServiceImpl
        updateById(viewDO);
    }

+    @Override
+    public List<ViewResp> getViews(User user) {
+        List<ViewResp> viewResps = getViewList(new MetaFilter());
+        return getViewFilterByAuth(viewResps, user);
+    }
+
+    @Override
+    public List<ViewResp> getViewsInheritAuth(User user, Long domainId) {
+        List<ViewResp> viewResps = getViewList(new MetaFilter());
+        List<ViewResp> inheritAuthFormDomain = getViewFilterByDomainAuth(viewResps, user);
+        Set<ViewResp> viewRespSet = new HashSet<>(inheritAuthFormDomain);
+        List<ViewResp> viewFilterByAuth = getViewFilterByAuth(viewResps, user);
+        viewRespSet.addAll(viewFilterByAuth);
+        if (domainId != null && domainId > 0) {
+            viewRespSet = viewRespSet.stream().filter(modelResp ->
+                    modelResp.getDomainId().equals(domainId)).collect(Collectors.toSet());
+        }
+        return viewRespSet.stream().sorted(Comparator.comparingLong(ViewResp::getId))
+                .collect(Collectors.toList());
+    }
+
+    private List<ViewResp> getViewFilterByAuth(List<ViewResp> viewResps, User user) {
+        return viewResps.stream()
+                .filter(viewResp -> checkAdminPermission(user, viewResp))
+                .collect(Collectors.toList());
+    }
+
+    private List<ViewResp> getViewFilterByDomainAuth(List<ViewResp> viewResps, User user) {
+        Set<DomainResp> domainResps = domainService.getDomainAuthSet(user, AuthType.ADMIN);
+        if (CollectionUtils.isEmpty(domainResps)) {
+            return Lists.newArrayList();
+        }
+        Set<Long> domainIds = domainResps.stream().map(DomainResp::getId).collect(Collectors.toSet());
+        return viewResps.stream().filter(viewResp ->
+                domainIds.contains(viewResp.getDomainId())).collect(Collectors.toList());
+    }
+
    private ViewResp convert(ViewDO viewDO) {
        ViewResp viewResp = new ViewResp();
        BeanMapper.mapper(viewDO, viewResp);
@@ -102,4 +144,13 @@ public class ViewServiceImpl
        return viewDO;
    }

+    public static boolean checkAdminPermission(User user, ViewResp viewResp) {
+        List<String> admins = viewResp.getAdmins();
+        if (user.isSuperAdmin()) {
+            return true;
+        }
+        String userName = user.getName();
+        return admins.contains(userName) || viewResp.getCreatedBy().equals(userName);
+    }
+
 }
--- a/launchers/standalone/src/main/java/com/tencent/supersonic/ModelDemoDataLoader.java
+++ b/launchers/standalone/src/main/java/com/tencent/supersonic/ModelDemoDataLoader.java
@@ -138,9 +138,9 @@ public class ModelDemoDataLoader {
        domainReq.setBizName("supersonic");
        domainReq.setParentId(0L);
        domainReq.setStatus(StatusEnum.ONLINE.getCode());
-        domainReq.setViewers(Arrays.asList("admin", "tom", "jack"));
+        domainReq.setViewers(Arrays.asList("admin", "tom"));
        domainReq.setViewOrgs(Collections.singletonList("1"));
-        domainReq.setAdmins(Collections.singletonList("admin"));
+        domainReq.setAdmins(Arrays.asList("admin", "jack"));
        domainReq.setAdminOrgs(Collections.emptyList());
        domainService.createDomain(domainReq, user);
    }
@@ -154,7 +154,7 @@ public class ModelDemoDataLoader {
        modelReq.setDomainId(1L);
        modelReq.setViewers(Arrays.asList("admin", "tom", "jack"));
        modelReq.setViewOrgs(Collections.singletonList("1"));
-        modelReq.setAdmins(Collections.singletonList("admin"));
+        modelReq.setAdmins(Arrays.asList("admin", "alice"));
        modelReq.setAdminOrgs(Collections.emptyList());
        ModelDetail modelDetail = new ModelDetail();
        List<Identify> identifiers = new ArrayList<>();
@@ -294,7 +294,7 @@ public class ModelDemoDataLoader {
        domainReq.setStatus(StatusEnum.ONLINE.getCode());
        domainReq.setViewers(Arrays.asList("admin", "tom", "jack"));
        domainReq.setViewOrgs(Collections.singletonList("1"));
-        domainReq.setAdmins(Collections.singletonList("admin"));
+        domainReq.setAdmins(Arrays.asList("admin", "alice"));
        domainReq.setAdminOrgs(Collections.emptyList());
        domainService.createDomain(domainReq, user);
    }
@@ -478,7 +478,7 @@ public class ModelDemoDataLoader {
        viewReq.setBizName("singer");
        viewReq.setDomainId(2L);
        viewReq.setDescription("包含艺人相关标签和指标信息");
-        viewReq.setAdmins(Lists.newArrayList("admin"));
+        viewReq.setAdmins(Lists.newArrayList("admin", "jack"));
        List<ViewModelConfig> viewModelConfigs = Lists.newArrayList(
                new ViewModelConfig(4L, Lists.newArrayList(4L, 5L, 6L, 7L),
                        Lists.newArrayList(5L, 6L, 7L))
--- a/launchers/standalone/src/test/java/com/tencent/supersonic/headless/SchemaAuthTest.java
+++ b/launchers/standalone/src/test/java/com/tencent/supersonic/headless/SchemaAuthTest.java
@@ -0,0 +1,84 @@
+package com.tencent.supersonic.headless;
+
+import com.google.common.collect.Lists;
+import com.tencent.supersonic.auth.api.authentication.pojo.User;
+import com.tencent.supersonic.common.pojo.enums.AuthType;
+import com.tencent.supersonic.headless.api.pojo.response.DomainResp;
+import com.tencent.supersonic.headless.api.pojo.response.ModelResp;
+import com.tencent.supersonic.headless.api.pojo.response.ViewResp;
+import com.tencent.supersonic.headless.server.service.DomainService;
+import com.tencent.supersonic.headless.server.service.ModelService;
+import com.tencent.supersonic.headless.server.service.ViewService;
+import com.tencent.supersonic.util.DataUtils;
+import org.junit.jupiter.api.Assertions;
+import org.junit.jupiter.api.Test;
+import org.springframework.beans.factory.annotation.Autowired;
+import java.util.List;
+import java.util.stream.Collectors;
+
+public class SchemaAuthTest extends BaseTest {
+
+    @Autowired
+    private DomainService domainService;
+
+    @Autowired
+    private ViewService viewService;
+
+    @Autowired
+    private ModelService modelService;
+
+    @Test
+    public void test_getDomainList_alice() {
+        User user = DataUtils.getUserAlice();
+        List<DomainResp> domainResps = domainService.getDomainListWithAdminAuth(user);
+        List<Long> expectedDomainIds = Lists.newArrayList(1L, 2L);
+        Assertions.assertEquals(expectedDomainIds,
+                domainResps.stream().map(DomainResp::getId).collect(Collectors.toList()));
+    }
+
+    @Test
+    public void test_getModelList_alice() {
+        User user = DataUtils.getUserAlice();
+        List<ModelResp> modelResps = modelService.getModelListWithAuth(user, 0L, AuthType.ADMIN);
+        List<Long> expectedModelIds = Lists.newArrayList(1L, 4L);
+        Assertions.assertEquals(expectedModelIds,
+                modelResps.stream().map(ModelResp::getId).collect(Collectors.toList()));
+    }
+
+    @Test
+    public void test_getViewList_alice() {
+        User user = DataUtils.getUserAlice();
+        List<ViewResp> modelResps = viewService.getViewsInheritAuth(user, 0L);
+        List<Long> expectedViewIds = Lists.newArrayList(2L);
+        Assertions.assertEquals(expectedViewIds,
+                modelResps.stream().map(ViewResp::getId).collect(Collectors.toList()));
+    }
+
+    @Test
+    public void test_getDomainList_jack() {
+        User user = DataUtils.getUserJack();
+        List<DomainResp> domainResps = domainService.getDomainListWithAdminAuth(user);
+        List<Long> expectedDomainIds = Lists.newArrayList(1L, 2L);
+        Assertions.assertEquals(expectedDomainIds,
+                domainResps.stream().map(DomainResp::getId).collect(Collectors.toList()));
+    }
+
+    @Test
+    public void test_getModelList_jack() {
+        User user = DataUtils.getUserJack();
+        List<ModelResp> modelResps = modelService.getModelListWithAuth(user, 0L, AuthType.ADMIN);
+        List<Long> expectedModelIds = Lists.newArrayList(1L, 2L, 3L);
+        Assertions.assertEquals(expectedModelIds,
+                modelResps.stream().map(ModelResp::getId).collect(Collectors.toList()));
+    }
+
+    @Test
+    public void test_getViewList_jack() {
+        User user = DataUtils.getUserJack();
+        List<ViewResp> modelResps = viewService.getViewsInheritAuth(user, 0L);
+        List<Long> expectedViewIds = Lists.newArrayList(1L, 2L);
+        Assertions.assertEquals(expectedViewIds,
+                modelResps.stream().map(ViewResp::getId).collect(Collectors.toList()));
+    }
+
+}
--- a/launchers/standalone/src/test/java/com/tencent/supersonic/util/DataUtils.java
+++ b/launchers/standalone/src/test/java/com/tencent/supersonic/util/DataUtils.java
@@ -29,6 +29,14 @@ public class DataUtils {
        return user_test;
    }

+    public static User getUserAlice() {
+        return User.get(5L, "alice");
+    }
+
+    public static User getUserJack() {
+        return User.get(2L, "jack");
+    }
+
    public static QueryReq getQueryContextReq(Integer id, String query) {
        QueryReq queryContextReq = new QueryReq();
        queryContextReq.setQueryText(query);