feat: app support allowedBecomeAdminByPassword config

others/dev/docker-compose.yml

@@ -52,7 +52,7 @@ services:
 #      - powerjob-mongodb
     environment:
       PARAMS: "--spring.profiles.active=daily --spring.datasource.core.jdbc-url=jdbc:mysql://powerjob-mysql:3306/powerjob-daily?useUnicode=true&characterEncoding=UTF-8&serverTimezone=Asia/Shanghai --oms.storage.dfs.mysql_series.url=jdbc:mysql://powerjob-mysql:3306/powerjob-daily?useUnicode=true&characterEncoding=UTF-8&serverTimezone=Asia/Shanghai"
-      JVMOPTIONS: "-server -XX:+UseG1GC -XX:+PrintGCDetails -XX:+PrintGCDateStamps -XX:+UseGCLogFileRotation -XX:NumberOfGCLogFiles=7 -XX:GCLogFileSize=100M -Xloggc:/root/powerjob/server/gc.log -Dpowerjob.server.test.mode=true"
+      JVMOPTIONS: "-server -XX:+UseG1GC -XX:+PrintGCDetails -XX:+PrintGCDateStamps -XX:+UseGCLogFileRotation -XX:NumberOfGCLogFiles=7 -XX:GCLogFileSize=100M -Xloggc:/root/powerjob/server/gc.log -Dpowerjob.server.test.mode=true -Dpowerjob.server.test.user.accounts=powerjob"
     ports:
       - "7700:7700"
       - "10086:10086"

powerjob-common/src/main/java/tech/powerjob/common/utils/MapUtils.java

@@ -12,6 +12,37 @@ import java.util.Map;
  */
 public class MapUtils {
 
+    public static <K> Boolean getBoolean(Map<? super K, ?> map, K key, Boolean defaultValue) {
+        Boolean answer = getBoolean(map, key);
+        if (answer == null) {
+            answer = defaultValue;
+        }
+
+        return answer;
+    }
+
+    public static <K> Boolean getBoolean(Map<? super K, ?> map, K key) {
+        if (map != null) {
+            Object answer = map.get(key);
+            if (answer != null) {
+                if (answer instanceof Boolean) {
+                    return (Boolean)answer;
+                }
+
+                if (answer instanceof String) {
+                    return Boolean.valueOf((String)answer);
+                }
+
+                if (answer instanceof Number) {
+                    Number n = (Number)answer;
+                    return n.intValue() != 0 ? Boolean.TRUE : Boolean.FALSE;
+                }
+            }
+        }
+
+        return null;
+    }
+
     public static <K> String getString(Map<? super K, ?> map, K key) {
         if (map != null) {
             Object answer = map.get(key);

powerjob-server/powerjob-server-common/src/main/java/tech/powerjob/server/common/constants/ExtensionKey.java

@@ -0,0 +1,18 @@
+package tech.powerjob.server.common.constants;
+
+/**
+ * 扩展 key
+ *
+ * @author tjq
+ * @since 2024/12/8
+ */
+public interface ExtensionKey {
+
+    interface App {
+        String allowedBecomeAdminByPassword = "allowedBecomeAdminByPassword";
+    }
+
+    interface PwjbUser {
+        String allowedChangePwd = "allowedChangePwd";
+    }
+}

powerjob-server/powerjob-server-starter/src/main/java/tech/powerjob/server/initializer/SystemInitializeServiceImpl.java

@@ -18,6 +18,7 @@ import tech.powerjob.server.auth.service.login.LoginRequest;
 import tech.powerjob.server.auth.service.login.PowerJobLoginService;
 import tech.powerjob.server.auth.service.permission.PowerJobPermissionService;
 import tech.powerjob.server.common.SJ;
+import tech.powerjob.server.common.constants.ExtensionKey;
 import tech.powerjob.server.persistence.remote.model.AppInfoDO;
 import tech.powerjob.server.persistence.remote.model.NamespaceDO;
 import tech.powerjob.server.persistence.remote.model.PwjbUserInfoDO;
@@ -142,7 +143,7 @@ public class SystemInitializeServiceImpl implements SystemInitializeService {
 
             if (!allowedChangePwd) {
                 Map<String, Object> extra = Maps.newHashMap();
-                extra.put("allowedChangePwd", false);
+                extra.put(ExtensionKey.PwjbUser.allowedChangePwd, false);
                 createUser.setExtra(JsonUtils.toJSONString(extra));
             }
 
@@ -188,7 +189,7 @@ public class SystemInitializeServiceImpl implements SystemInitializeService {
 
         // 禁用靠密码成为管理员
         Map<String, Object> extra = Maps.newHashMap();
-        extra.put("allowedBecomeAdminByPassword", false);
+        extra.put(ExtensionKey.App.allowedBecomeAdminByPassword, false);
         modifyAppInfoRequest.setExtra(JsonUtils.toJSONString(extra));
 
         ComponentUserRoleInfo componentUserRoleInfo = new ComponentUserRoleInfo();

powerjob-server/powerjob-server-starter/src/main/java/tech/powerjob/server/web/controller/AppInfoController.java

@@ -5,15 +5,19 @@ import com.google.common.collect.Maps;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.collections4.CollectionUtils;
+import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.BeanUtils;
 import org.springframework.data.domain.Page;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
+import tech.powerjob.common.enums.ErrorCodes;
+import tech.powerjob.common.exception.PowerJobException;
 import tech.powerjob.common.response.ResultDTO;
 import tech.powerjob.common.serialize.JsonUtils;
 import tech.powerjob.common.utils.CommonUtils;
+import tech.powerjob.common.utils.MapUtils;
 import tech.powerjob.server.auth.Permission;
 import tech.powerjob.server.auth.Role;
 import tech.powerjob.server.auth.RoleScope;
@@ -22,6 +26,7 @@ import tech.powerjob.server.auth.interceptor.ApiPermission;
 import tech.powerjob.server.auth.plugin.ModifyOrCreateDynamicPermission;
 import tech.powerjob.server.auth.plugin.SaveAppGrantPermissionPlugin;
 import tech.powerjob.server.auth.service.WebAuthService;
+import tech.powerjob.server.common.constants.ExtensionKey;
 import tech.powerjob.server.core.service.AppInfoService;
 import tech.powerjob.server.persistence.PageResult;
 import tech.powerjob.server.persistence.remote.model.AppInfoDO;
@@ -101,6 +106,20 @@ public class AppInfoController {
     public ResultDTO<Void> becomeAdminByAppNameAndPassword(@RequestBody AppAssertRequest appAssertRequest) {
         String appName = appAssertRequest.getAppName();
 
+        Optional<AppInfoDO> appOpt = appWebService.findByAppName(appName);
+        if (!appOpt.isPresent()) {
+            throw new PowerJobException(ErrorCodes.ILLEGAL_ARGS_ERROR, "can't find appInfo by appName: " + appName);
+        }
+
+        String appExtra = appOpt.get().getExtra();
+        if (StringUtils.isNotBlank(appExtra)) {
+            Map<String, Object> appExtraMap = JsonUtils.parseMap(appExtra);
+            Boolean allowedBecomeAdminByPassword = MapUtils.getBoolean(appExtraMap, ExtensionKey.App.allowedBecomeAdminByPassword, true);
+            if (!allowedBecomeAdminByPassword) {
+                throw new PowerJobException(ErrorCodes.OPERATION_NOT_PERMITTED, "allowedBecomeAdminByPassword=false");
+            }
+        }
+
         Long appId = appInfoService.assertApp(appName, appAssertRequest.getPassword(), appAssertRequest.getEncryptType());
 
         Map<String, Object> extra = Maps.newHashMap();

powerjob-server/powerjob-server-starter/src/main/java/tech/powerjob/server/web/service/impl/PwjbUserWebServiceImplImpl.java

@@ -7,11 +7,14 @@ import org.apache.commons.lang3.StringUtils;
 import org.springframework.stereotype.Service;
 import tech.powerjob.common.PowerJobDKey;
 import tech.powerjob.common.enums.ErrorCodes;
+import tech.powerjob.common.exception.PowerJobException;
 import tech.powerjob.common.serialize.JsonUtils;
 import tech.powerjob.common.utils.CommonUtils;
 import tech.powerjob.common.utils.DigestUtils;
+import tech.powerjob.common.utils.MapUtils;
 import tech.powerjob.server.auth.common.PowerJobAuthException;
 import tech.powerjob.server.common.SJ;
+import tech.powerjob.server.common.constants.ExtensionKey;
 import tech.powerjob.server.persistence.remote.model.PwjbUserInfoDO;
 import tech.powerjob.server.persistence.remote.repository.PwjbUserInfoRepository;
 import tech.powerjob.server.web.request.ChangePasswordRequest;
@@ -20,6 +23,7 @@ import tech.powerjob.server.web.service.PwjbUserWebService;
 
 import javax.annotation.Resource;
 import java.util.Date;
+import java.util.Map;
 import java.util.Optional;
 import java.util.Set;
 
@@ -95,6 +99,16 @@ public class PwjbUserWebServiceImplImpl implements PwjbUserWebService {
             throw new PowerJobAuthException(ErrorCodes.INCORRECT_PASSWORD);
         }
 
+        // 不允许修改密码判定
+        String extra = dbUser.getExtra();
+        if (StringUtils.isNotEmpty(extra)) {
+            Map<String, Object> extraMap = JsonUtils.parseMap(extra);
+            Boolean allowedChangePwd = MapUtils.getBoolean(extraMap, ExtensionKey.PwjbUser.allowedChangePwd, true);
+            if (!allowedChangePwd) {
+                throw new PowerJobException(ErrorCodes.OPERATION_NOT_PERMITTED, "notAllowedChangePassword");
+            }
+        }
+
         // 测试账号特殊处理
         Set<String> testAccounts = Sets.newHashSet(NOT_ALLOWED_CHANGE_PASSWORD_ACCOUNTS);
         String testAccountsStr = System.getProperty(PowerJobDKey.SERVER_TEST_ACCOUNT_USERNAME);
@@ -102,7 +116,7 @@ public class PwjbUserWebServiceImplImpl implements PwjbUserWebService {
             testAccounts.addAll(Lists.newArrayList(SJ.COMMA_SPLITTER.split(testAccountsStr)));
         }
         if (testAccounts.contains(username)) {
-            throw new IllegalArgumentException("this account not allowed change the password");
+            throw new PowerJobException(ErrorCodes.OPERATION_NOT_PERMITTED, "notAllowedChangePassword");
         }
 
         dbUser.setPassword(DigestUtils.rePassword(changePasswordRequest.getNewPassword(), dbUser.getUsername()));