Fix can modify file which is not under resource path (#15652)

dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/ResourcesService.java

@@ -61,7 +61,7 @@ Result<Object> createDirectory(User loginUser,
      * @param currentDir current directory
      * @return create result code
      */
-    Result<Object> createResource(User loginUser,
+    Result<Object> uploadResource(User loginUser,
                                   String name,
                                   ResourceType type,
                                   MultipartFile file,
@@ -160,8 +160,8 @@ Result<PageInfo<StorageEntity>> queryResourceListPaging(User loginUser, String f
      * @param content content
      * @return create result code
      */
-    Result<Object> onlineCreateResource(User loginUser, ResourceType type, String fileName, String fileSuffix,
-                                        String content, String currentDirectory);
+    Result<Object> createResourceFile(User loginUser, ResourceType type, String fileName, String fileSuffix,
+                                      String content, String currentDirectory);
 
     /**
      * create or update resource.
@@ -210,33 +210,6 @@ Result<Object> updateResourceContent(User loginUser, String fullName, String ten
      */
     DeleteDataTransferResponse deleteDataTransferData(User loginUser, Integer days);
 
-    /**
-     * unauthorized udf function
-     *
-     * @param loginUser login user
-     * @param userId user id
-     * @return unauthorized result code
-     */
-    Map<String, Object> unauthorizedUDFFunction(User loginUser, Integer userId);
-
-    /**
-     * authorized udf function
-     *
-     * @param loginUser login user
-     * @param userId user id
-     * @return authorized result code
-     */
-    Map<String, Object> authorizedUDFFunction(User loginUser, Integer userId);
-
-    /**
-     * get resource by id
-     * @param fullName resource full name
-     * @param tenantCode owner's tenant code of resource
-     * @return resource
-     */
-    Result<Object> queryResourceByFullName(User loginUser, String fullName, String tenantCode,
-                                           ResourceType type) throws IOException;
-
     /**
      * get resource base dir
      *

dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/controller/ResourcesControllerTest.java

@@ -167,12 +167,11 @@ public void testViewResource() throws Exception {
     }
 
     @Test
-    public void testOnlineCreateResource() throws Exception {
+    public void testCreateResourceFile() throws Exception {
         Result mockResult = new Result<>();
         mockResult.setCode(Status.TENANT_NOT_EXIST.getCode());
-        Mockito.when(resourcesService
-                .onlineCreateResource(Mockito.any(), Mockito.any(), Mockito.anyString(),
-                        Mockito.anyString(), Mockito.anyString(), Mockito.anyString()))
+        Mockito.when(resourcesService.createResourceFile(Mockito.any(), Mockito.any(), Mockito.anyString(),
+                Mockito.anyString(), Mockito.anyString(), Mockito.anyString()))
                 .thenReturn(mockResult);
 
         MultiValueMap<String, String> paramsMap = new LinkedMultiValueMap<>();
@@ -397,50 +396,6 @@ public void testVerifyUdfFuncName() throws Exception {
         logger.info(mvcResult.getResponse().getContentAsString());
     }
 
-    @Test
-    public void testAuthorizedUDFFunction() throws Exception {
-        Map<String, Object> mockResult = new HashMap<>();
-        mockResult.put(Constants.STATUS, Status.SUCCESS);
-        Mockito.when(resourcesService.authorizedUDFFunction(Mockito.any(), Mockito.anyInt())).thenReturn(mockResult);
-
-        MultiValueMap<String, String> paramsMap = new LinkedMultiValueMap<>();
-        paramsMap.add("userId", "2");
-
-        MvcResult mvcResult = mockMvc.perform(get("/resources/authed-udf-func")
-                .header(SESSION_ID, sessionId)
-                .params(paramsMap))
-                .andExpect(status().isCreated())
-                .andExpect(content().contentType(MediaType.APPLICATION_JSON))
-                .andReturn();
-
-        Result result = JSONUtils.parseObject(mvcResult.getResponse().getContentAsString(), Result.class);
-
-        Assertions.assertEquals(Status.SUCCESS.getCode(), result.getCode().intValue());
-        logger.info(mvcResult.getResponse().getContentAsString());
-    }
-
-    @Test
-    public void testUnauthUDFFunc() throws Exception {
-        Map<String, Object> mockResult = new HashMap<>();
-        mockResult.put(Constants.STATUS, Status.SUCCESS);
-        Mockito.when(resourcesService.unauthorizedUDFFunction(Mockito.any(), Mockito.anyInt())).thenReturn(mockResult);
-
-        MultiValueMap<String, String> paramsMap = new LinkedMultiValueMap<>();
-        paramsMap.add("userId", "2");
-
-        MvcResult mvcResult = mockMvc.perform(get("/resources/unauth-udf-func")
-                .header(SESSION_ID, sessionId)
-                .params(paramsMap))
-                .andExpect(status().isCreated())
-                .andExpect(content().contentType(MediaType.APPLICATION_JSON))
-                .andReturn();
-
-        Result result = JSONUtils.parseObject(mvcResult.getResponse().getContentAsString(), Result.class);
-
-        Assertions.assertEquals(Status.SUCCESS.getCode(), result.getCode().intValue());
-        logger.info(mvcResult.getResponse().getContentAsString());
-    }
-
     @Test
     public void testDeleteUdfFunc() throws Exception {
         Result mockResult = new Result<>();