kylin git commit: KYLIN-2720 Should not allow user to access to all tables' metadata of a project

[sh...@apache.org]

Repository: kylin
Updated Branches:
  refs/heads/master 7145b6d21 -> 84ba56158


KYLIN-2720 Should not allow user to access to all tables' metadata of a project

Signed-off-by: shaofengshi <sh...@apache.org>


Project: http://git-wip-us.apache.org/repos/asf/kylin/repo
Commit: http://git-wip-us.apache.org/repos/asf/kylin/commit/84ba5615
Tree: http://git-wip-us.apache.org/repos/asf/kylin/tree/84ba5615
Diff: http://git-wip-us.apache.org/repos/asf/kylin/diff/84ba5615

Branch: refs/heads/master
Commit: 84ba5615898de99e154d0e13912a82815a0cf02f
Parents: 7145b6d
Author: qiumingming <qi...@bytedance.com>
Authored: Mon Jul 17 15:25:20 2017 +0800
Committer: shaofengshi <sh...@apache.org>
Committed: Fri Jul 21 14:16:46 2017 +0800

----------------------------------------------------------------------
 .../apache/kylin/rest/service/QueryService.java | 56 +++++++++++++++++++-
 1 file changed, 54 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/kylin/blob/84ba5615/server-base/src/main/java/org/apache/kylin/rest/service/QueryService.java
----------------------------------------------------------------------
diff --git a/server-base/src/main/java/org/apache/kylin/rest/service/QueryService.java b/server-base/src/main/java/org/apache/kylin/rest/service/QueryService.java
index f3402ef..f42859d 100644
--- a/server-base/src/main/java/org/apache/kylin/rest/service/QueryService.java
+++ b/server-base/src/main/java/org/apache/kylin/rest/service/QueryService.java
@@ -142,6 +142,10 @@ public class QueryService extends BasicService {
     private ModelService modelService;
 
     @Autowired
+    @Qualifier("cubeMgmtService")
+    private CubeService cubeService;
+
+    @Autowired
     private AclUtil aclUtil;
 
     public QueryService() {
@@ -508,6 +512,32 @@ public class QueryService extends BasicService {
     }
 
     protected List<TableMeta> getMetadata(CubeManager cubeMgr, String project, boolean cubedOnly) throws SQLException {
+        //list all tableMetas first
+        List<TableMeta> tableMetas = listAllMetadata(cubeMgr, project, cubedOnly);
+
+        //get cubes that current user can access to in this project, then get all tables of these cubes.
+        List<CubeInstance> cubeInstances = cubeService.listAllCubes(null, project, null, true);
+        Set<TableRef> tableRefs = new HashSet<TableRef>();
+        for (CubeInstance cube : cubeInstances) {
+            tableRefs.addAll(cube.getDescriptor().getModel().getAllTables());
+        }
+
+        //filter out tableMetas that current user should not access to
+        List<TableMeta> filterTableMetas = new ArrayList<TableMeta>();
+        for (TableMeta tableMeta : tableMetas) {
+            String fullTableName = tableMeta.getTABLE_SCHEM() + "." + tableMeta.getTABLE_NAME();
+            for (TableRef t : tableRefs) {
+                if (t.getTableIdentity().equals(fullTableName)) {
+                    filterTableMetas.add(tableMeta);
+                    break;
+                }
+            }
+        }
+
+        return filterTableMetas;
+    }
+
+    protected List<TableMeta> listAllMetadata(CubeManager cubeMgr, String project, boolean cubedOnly) throws SQLException {
 
         Connection conn = null;
         ResultSet columnMeta = null;
@@ -575,11 +605,33 @@ public class QueryService extends BasicService {
     }
 
     public List<TableMetaWithType> getMetadataV2(String project) throws SQLException, IOException {
-        return getMetadataV2(getCubeManager(), project, true);
+        //list all tableMetas first
+        List<TableMetaWithType> tableMetas = listAllMetadataV2(getCubeManager(), project, true);
+
+        //get cubes that current user can access to in this project, then get all tables of these cubes.
+        List<CubeInstance> cubeInstances = cubeService.listAllCubes(null, project, null, true);
+        Set<TableRef> tableRefs = new HashSet<TableRef>();
+        for (CubeInstance cube : cubeInstances) {
+            tableRefs.addAll(cube.getDescriptor().getModel().getAllTables());
+        }
+
+        //filter out tableMetas that current user should not access to
+        List<TableMetaWithType> filterTableMetas = new ArrayList<TableMetaWithType>();
+        for (TableMetaWithType tableMeta : tableMetas) {
+            String fullTableName = tableMeta.getTABLE_SCHEM() + "." + tableMeta.getTABLE_NAME();
+            for (TableRef t : tableRefs) {
+                if (t.getTableIdentity().equals(fullTableName)) {
+                    filterTableMetas.add(tableMeta);
+                    break;
+                }
+            }
+        }
+
+        return filterTableMetas;
     }
 
     @SuppressWarnings("checkstyle:methodlength")
-    protected List<TableMetaWithType> getMetadataV2(CubeManager cubeMgr, String project, boolean cubedOnly)
+    protected List<TableMetaWithType> listAllMetadataV2(CubeManager cubeMgr, String project, boolean cubedOnly)
             throws SQLException, IOException {
         //Message msg = MsgPicker.getMsg();