From b5a2e3bbd201cbe439c5d07df146429be32d8e87 Mon Sep 17 00:00:00 2001
From: ligang <ligang@analysys.com.cn>
Date: Tue, 14 May 2019 11:18:04 +0800
Subject: [PATCH] add Determine if the login user is the owner of the schedule

---
 .../java/cn/escheduler/api/service/SchedulerService.java   | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/escheduler-api/src/main/java/cn/escheduler/api/service/SchedulerService.java b/escheduler-api/src/main/java/cn/escheduler/api/service/SchedulerService.java
index f2cf8e190..5ea5faf83 100644
--- a/escheduler-api/src/main/java/cn/escheduler/api/service/SchedulerService.java
+++ b/escheduler-api/src/main/java/cn/escheduler/api/service/SchedulerService.java
@@ -514,6 +514,13 @@ public class SchedulerService extends BaseService {
             putMsg(result, Status.SCHEDULE_CRON_NOT_EXISTS, scheduleId);
             return result;
         }
+
+        // Determine if the login user is the owner of the schedule
+        if (loginUser.getId() != schedule.getUserId()) {
+            putMsg(result, Status.USER_NO_OPERATION_PERM);
+            return result;
+        }
+
         // check schedule is already online
         if(schedule.getReleaseState() == ReleaseState.ONLINE){
             putMsg(result, Status.SCHEDULE_CRON_STATE_ONLINE,schedule.getId());
-- 
GitLab