yujunjun/OpenMetadata
1
0
Fork 0
mirror of https://github.com/open-metadata/OpenMetadata.git synced 2025-11-11 00:11:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fixes #14252 : Check tasks cannot be created by,assigned to,reassigned to bot users (#15587)

Browse Source 
* Check tasks cannot be created by,assigned to,reassigned to bot users

* Check tasks cannot be created by,assigned to,reassigned to bot users - updated changes

* Check tasks cannot be created by,assigned to,reassigned to bot users - updated changes

* Check tasks cannot be created by,assigned to,reassigned to bot users - updated changes
This commit is contained in:
sonika-shah 2024-03-18 18:38:55 +05:30 committed by GitHub
parent b5fb57f7c6
commit 95907f9f49
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 76 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/FeedRepository.java
View File

@ -771,6 +771,7 @@ public class FeedRepository {
if (updated.getTask() != null) { if (updated.getTask() != null) {
populateAssignees(updated); populateAssignees(updated);
updated.getTask().getAssignees().sort(compareEntityReference); updated.getTask().getAssignees().sort(compareEntityReference);
validateAssignee(updated);
} }
if (updated.getAnnouncement() != null) { if (updated.getAnnouncement() != null) {
@ -838,6 +839,13 @@ public class FeedRepository {
private void validateAssignee(Thread thread) { private void validateAssignee(Thread thread) {
if (thread != null && ThreadType.Task.equals(thread.getType())) { if (thread != null && ThreadType.Task.equals(thread.getType())) {
String createdByUserName = thread.getCreatedBy();
User createdByUser =
Entity.getEntityByName(USER, createdByUserName, TEAMS_FIELD, NON_DELETED);
if (Boolean.TRUE.equals(createdByUser.getIsBot())) {
throw new IllegalArgumentException("Task cannot be created by bot only by user or teams");
}
List<EntityReference> assignees = thread.getTask().getAssignees(); List<EntityReference> assignees = thread.getTask().getAssignees();
// Assignees can only be user or teams // Assignees can only be user or teams

68
openmetadata-service/src/test/java/org/openmetadata/service/resources/feeds/FeedResourceTest.java
View File

@ -130,6 +130,7 @@ public class FeedResourceTest extends OpenMetadataApplicationTest {
public static List<Column> COLUMNS; public static List<Column> COLUMNS;
public static User USER; public static User USER;
public static String USER_LINK; public static String USER_LINK;
public static User BOT_USER;
public static Map<String, String> USER_AUTH_HEADERS; public static Map<String, String> USER_AUTH_HEADERS;
public static User USER2; public static User USER2;
public static Map<String, String> USER2_AUTH_HEADERS; public static Map<String, String> USER2_AUTH_HEADERS;
@ -158,6 +159,8 @@ public class FeedResourceTest extends OpenMetadataApplicationTest {
userResourceTest.createEntity(userResourceTest.createRequest(test, 4), ADMIN_AUTH_HEADERS); userResourceTest.createEntity(userResourceTest.createRequest(test, 4), ADMIN_AUTH_HEADERS);
USER2_AUTH_HEADERS = authHeaders(USER2.getName()); USER2_AUTH_HEADERS = authHeaders(USER2.getName());
BOT_USER = userResourceTest.createUser("bot_user", true);
CreateTable createTable = CreateTable createTable =
TABLE_RESOURCE_TEST.createRequest(test).withOwner(TableResourceTest.USER1_REF); TABLE_RESOURCE_TEST.createRequest(test).withOwner(TableResourceTest.USER1_REF);
TABLE = TABLE_RESOURCE_TEST.createAndCheckEntity(createTable, ADMIN_AUTH_HEADERS); TABLE = TABLE_RESOURCE_TEST.createAndCheckEntity(createTable, ADMIN_AUTH_HEADERS);
@ -1447,6 +1450,71 @@ public class FeedResourceTest extends OpenMetadataApplicationTest {
entityNotFound("Post", NON_EXISTENT_ENTITY)); entityNotFound("Post", NON_EXISTENT_ENTITY));
} }
@Test
void post_createTaskByBotUser_400() {
String about = String.format("<#E::%s::%s>", Entity.TABLE, TABLE.getFullyQualifiedName());
assertResponse(
() ->
createTaskThread(
BOT_USER.getName(),
about,
USER.getEntityReference(),
"old",
"new",
RequestDescription,
ADMIN_AUTH_HEADERS),
BAD_REQUEST,
"Task cannot be created by bot only by user or teams");
}
@Test
void post_assignTaskToBotUser_400() {
String about = String.format("<#E::%s::%s>", Entity.TABLE, TABLE.getFullyQualifiedName());
assertResponse(
() ->
createTaskThread(
USER.getName(),
about,
BOT_USER.getEntityReference(),
"old",
"new",
RequestDescription,
ADMIN_AUTH_HEADERS),
BAD_REQUEST,
"Assignees can not be bot");
}
@Test
void patch_reassignTaskToBotUser_400() throws IOException {
String about =
String.format(
"<#E::%s::%s::columns::%s::description>",
Entity.TABLE, TABLE.getFullyQualifiedName(), C1);
Thread thread =
createTaskThread(
TEST_USER_NAME,
about,
USER.getEntityReference(),
"old",
"new",
RequestDescription,
ADMIN_AUTH_HEADERS);
String originalJson = JsonUtils.pojoToJson(thread);
TaskDetails upadtedAssigneeTaskDetails =
new TaskDetails().withAssignees(List.of(BOT_USER.getEntityReference()));
// update assignees or reassign task to bot user
thread.withTask(upadtedAssigneeTaskDetails);
assertResponse(
() -> patchThreadAndCheck(thread, originalJson, ADMIN_AUTH_HEADERS),
BAD_REQUEST,
"Assignees can not be bot");
}
public Thread createAndCheck(CreateThread create, Map<String, String> authHeaders) public Thread createAndCheck(CreateThread create, Map<String, String> authHeaders)
throws HttpResponseException { throws HttpResponseException {
// Validate returned thread from POST // Validate returned thread from POST