Fixes #14252 : Check tasks cannot be created by,assigned to,reassigned to bot users (#15587)

* Check tasks cannot be created by,assigned to,reassigned to bot users * Check tasks cannot be created by,assigned to,reassigned to bot users - updated changes * Check tasks cannot be created by,assigned to,reassigned to bot users - updated changes * Check tasks cannot be created by,assigned to,reassigned to bot users - updated changes
2025-11-03 20:19:31 +00:00 · 2024-03-18 18:38:55 +05:30 · 2024-03-18 18:38:55 +05:30 · 95907f9f49
commit 95907f9f49
parent b5fb57f7c6
2 changed files with 76 additions and 0 deletions
--- a/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/FeedRepository.java
+++ b/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/FeedRepository.java
@ -771,6 +771,7 @@ public class FeedRepository {
    if (updated.getTask() != null) {
      populateAssignees(updated);
      updated.getTask().getAssignees().sort(compareEntityReference);
+      validateAssignee(updated);
    }

    if (updated.getAnnouncement() != null) {
@ -838,6 +839,13 @@ public class FeedRepository {

  private void validateAssignee(Thread thread) {
    if (thread != null && ThreadType.Task.equals(thread.getType())) {
+      String createdByUserName = thread.getCreatedBy();
+      User createdByUser =
+          Entity.getEntityByName(USER, createdByUserName, TEAMS_FIELD, NON_DELETED);
+      if (Boolean.TRUE.equals(createdByUser.getIsBot())) {
+        throw new IllegalArgumentException("Task cannot be created by bot only by user or teams");
+      }
+
      List<EntityReference> assignees = thread.getTask().getAssignees();

      // Assignees can only be user or teams
--- a/openmetadata-service/src/test/java/org/openmetadata/service/resources/feeds/FeedResourceTest.java
+++ b/openmetadata-service/src/test/java/org/openmetadata/service/resources/feeds/FeedResourceTest.java
@ -130,6 +130,7 @@ public class FeedResourceTest extends OpenMetadataApplicationTest {
  public static List<Column> COLUMNS;
  public static User USER;
  public static String USER_LINK;
+  public static User BOT_USER;
  public static Map<String, String> USER_AUTH_HEADERS;
  public static User USER2;
  public static Map<String, String> USER2_AUTH_HEADERS;
@ -158,6 +159,8 @@ public class FeedResourceTest extends OpenMetadataApplicationTest {
        userResourceTest.createEntity(userResourceTest.createRequest(test, 4), ADMIN_AUTH_HEADERS);
    USER2_AUTH_HEADERS = authHeaders(USER2.getName());

+    BOT_USER = userResourceTest.createUser("bot_user", true);
+
    CreateTable createTable =
        TABLE_RESOURCE_TEST.createRequest(test).withOwner(TableResourceTest.USER1_REF);
    TABLE = TABLE_RESOURCE_TEST.createAndCheckEntity(createTable, ADMIN_AUTH_HEADERS);
@ -1447,6 +1450,71 @@ public class FeedResourceTest extends OpenMetadataApplicationTest {
        entityNotFound("Post", NON_EXISTENT_ENTITY));
  }

+  @Test
+  void post_createTaskByBotUser_400() {
+    String about = String.format("<#E::%s::%s>", Entity.TABLE, TABLE.getFullyQualifiedName());
+
+    assertResponse(
+        () ->
+            createTaskThread(
+                BOT_USER.getName(),
+                about,
+                USER.getEntityReference(),
+                "old",
+                "new",
+                RequestDescription,
+                ADMIN_AUTH_HEADERS),
+        BAD_REQUEST,
+        "Task cannot be created by bot only by user or teams");
+  }
+
+  @Test
+  void post_assignTaskToBotUser_400() {
+    String about = String.format("<#E::%s::%s>", Entity.TABLE, TABLE.getFullyQualifiedName());
+
+    assertResponse(
+        () ->
+            createTaskThread(
+                USER.getName(),
+                about,
+                BOT_USER.getEntityReference(),
+                "old",
+                "new",
+                RequestDescription,
+                ADMIN_AUTH_HEADERS),
+        BAD_REQUEST,
+        "Assignees can not be bot");
+  }
+
+  @Test
+  void patch_reassignTaskToBotUser_400() throws IOException {
+    String about =
+        String.format(
+            "<#E::%s::%s::columns::%s::description>",
+            Entity.TABLE, TABLE.getFullyQualifiedName(), C1);
+
+    Thread thread =
+        createTaskThread(
+            TEST_USER_NAME,
+            about,
+            USER.getEntityReference(),
+            "old",
+            "new",
+            RequestDescription,
+            ADMIN_AUTH_HEADERS);
+
+    String originalJson = JsonUtils.pojoToJson(thread);
+    TaskDetails upadtedAssigneeTaskDetails =
+        new TaskDetails().withAssignees(List.of(BOT_USER.getEntityReference()));
+
+    // update assignees or reassign task to bot user
+    thread.withTask(upadtedAssigneeTaskDetails);
+    assertResponse(
+        () -> patchThreadAndCheck(thread, originalJson, ADMIN_AUTH_HEADERS),
+        BAD_REQUEST,
+        "Assignees can not be bot");
+  }
+
  public Thread createAndCheck(CreateThread create, Map<String, String> authHeaders)
      throws HttpResponseException {
    // Validate returned thread from POST