You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@kylin.apache.org by sh...@apache.org on 2017/07/21 06:25:22 UTC
kylin git commit: KYLIN-2720 Should not allow user to access to all
tables' metadata of a project
Repository: kylin
Updated Branches:
refs/heads/master 7145b6d21 -> 84ba56158
KYLIN-2720 Should not allow user to access to all tables' metadata of a project
Signed-off-by: shaofengshi <sh...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/kylin/repo
Commit: http://git-wip-us.apache.org/repos/asf/kylin/commit/84ba5615
Tree: http://git-wip-us.apache.org/repos/asf/kylin/tree/84ba5615
Diff: http://git-wip-us.apache.org/repos/asf/kylin/diff/84ba5615
Branch: refs/heads/master
Commit: 84ba5615898de99e154d0e13912a82815a0cf02f
Parents: 7145b6d
Author: qiumingming <qi...@bytedance.com>
Authored: Mon Jul 17 15:25:20 2017 +0800
Committer: shaofengshi <sh...@apache.org>
Committed: Fri Jul 21 14:16:46 2017 +0800
----------------------------------------------------------------------
.../apache/kylin/rest/service/QueryService.java | 56 +++++++++++++++++++-
1 file changed, 54 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/kylin/blob/84ba5615/server-base/src/main/java/org/apache/kylin/rest/service/QueryService.java
----------------------------------------------------------------------
diff --git a/server-base/src/main/java/org/apache/kylin/rest/service/QueryService.java b/server-base/src/main/java/org/apache/kylin/rest/service/QueryService.java
index f3402ef..f42859d 100644
--- a/server-base/src/main/java/org/apache/kylin/rest/service/QueryService.java
+++ b/server-base/src/main/java/org/apache/kylin/rest/service/QueryService.java
@@ -142,6 +142,10 @@ public class QueryService extends BasicService {
private ModelService modelService;
@Autowired
+ @Qualifier("cubeMgmtService")
+ private CubeService cubeService;
+
+ @Autowired
private AclUtil aclUtil;
public QueryService() {
@@ -508,6 +512,32 @@ public class QueryService extends BasicService {
}
protected List<TableMeta> getMetadata(CubeManager cubeMgr, String project, boolean cubedOnly) throws SQLException {
+ //list all tableMetas first
+ List<TableMeta> tableMetas = listAllMetadata(cubeMgr, project, cubedOnly);
+
+ //get cubes that current user can access to in this project, then get all tables of these cubes.
+ List<CubeInstance> cubeInstances = cubeService.listAllCubes(null, project, null, true);
+ Set<TableRef> tableRefs = new HashSet<TableRef>();
+ for (CubeInstance cube : cubeInstances) {
+ tableRefs.addAll(cube.getDescriptor().getModel().getAllTables());
+ }
+
+ //filter out tableMetas that current user should not access to
+ List<TableMeta> filterTableMetas = new ArrayList<TableMeta>();
+ for (TableMeta tableMeta : tableMetas) {
+ String fullTableName = tableMeta.getTABLE_SCHEM() + "." + tableMeta.getTABLE_NAME();
+ for (TableRef t : tableRefs) {
+ if (t.getTableIdentity().equals(fullTableName)) {
+ filterTableMetas.add(tableMeta);
+ break;
+ }
+ }
+ }
+
+ return filterTableMetas;
+ }
+
+ protected List<TableMeta> listAllMetadata(CubeManager cubeMgr, String project, boolean cubedOnly) throws SQLException {
Connection conn = null;
ResultSet columnMeta = null;
@@ -575,11 +605,33 @@ public class QueryService extends BasicService {
}
public List<TableMetaWithType> getMetadataV2(String project) throws SQLException, IOException {
- return getMetadataV2(getCubeManager(), project, true);
+ //list all tableMetas first
+ List<TableMetaWithType> tableMetas = listAllMetadataV2(getCubeManager(), project, true);
+
+ //get cubes that current user can access to in this project, then get all tables of these cubes.
+ List<CubeInstance> cubeInstances = cubeService.listAllCubes(null, project, null, true);
+ Set<TableRef> tableRefs = new HashSet<TableRef>();
+ for (CubeInstance cube : cubeInstances) {
+ tableRefs.addAll(cube.getDescriptor().getModel().getAllTables());
+ }
+
+ //filter out tableMetas that current user should not access to
+ List<TableMetaWithType> filterTableMetas = new ArrayList<TableMetaWithType>();
+ for (TableMetaWithType tableMeta : tableMetas) {
+ String fullTableName = tableMeta.getTABLE_SCHEM() + "." + tableMeta.getTABLE_NAME();
+ for (TableRef t : tableRefs) {
+ if (t.getTableIdentity().equals(fullTableName)) {
+ filterTableMetas.add(tableMeta);
+ break;
+ }
+ }
+ }
+
+ return filterTableMetas;
}
@SuppressWarnings("checkstyle:methodlength")
- protected List<TableMetaWithType> getMetadataV2(CubeManager cubeMgr, String project, boolean cubedOnly)
+ protected List<TableMetaWithType> listAllMetadataV2(CubeManager cubeMgr, String project, boolean cubedOnly)
throws SQLException, IOException {
//Message msg = MsgPicker.getMsg();