You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@kylin.apache.org by li...@apache.org on 2016/09/03 12:46:09 UTC
[15/50] [abbrv] kylin git commit: KYLIN-1972 code review
KYLIN-1972 code review
Project: http://git-wip-us.apache.org/repos/asf/kylin/repo
Commit: http://git-wip-us.apache.org/repos/asf/kylin/commit/1d046421
Tree: http://git-wip-us.apache.org/repos/asf/kylin/tree/1d046421
Diff: http://git-wip-us.apache.org/repos/asf/kylin/diff/1d046421
Branch: refs/heads/1.5.x-CDH5.7
Commit: 1d046421feb2c4845f4a833d6a2a7f3d07a5730b
Parents: 1ea79dd
Author: Yang Li <li...@apache.org>
Authored: Sat Aug 27 22:30:33 2016 +0800
Committer: Yang Li <li...@apache.org>
Committed: Sat Aug 27 22:30:33 2016 +0800
----------------------------------------------------------------------
.../kylin/rest/controller/QueryController.java | 42 +-------------------
.../apache/kylin/rest/service/QueryService.java | 31 ++++++++++++++-
2 files changed, 31 insertions(+), 42 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/kylin/blob/1d046421/server-base/src/main/java/org/apache/kylin/rest/controller/QueryController.java
----------------------------------------------------------------------
diff --git a/server-base/src/main/java/org/apache/kylin/rest/controller/QueryController.java b/server-base/src/main/java/org/apache/kylin/rest/controller/QueryController.java
index a45f82e..5cf6492 100644
--- a/server-base/src/main/java/org/apache/kylin/rest/controller/QueryController.java
+++ b/server-base/src/main/java/org/apache/kylin/rest/controller/QueryController.java
@@ -29,9 +29,6 @@ import javax.servlet.http.HttpServletResponse;
import org.apache.commons.io.IOUtils;
import org.apache.kylin.common.KylinConfig;
import org.apache.kylin.common.debug.BackdoorToggles;
-import org.apache.kylin.cube.CubeInstance;
-import org.apache.kylin.metadata.project.RealizationEntry;
-import org.apache.kylin.metadata.realization.RealizationType;
import org.apache.kylin.rest.constant.Constant;
import org.apache.kylin.rest.exception.InternalErrorException;
import org.apache.kylin.rest.metrics.QueryMetricsFacade;
@@ -46,7 +43,6 @@ import org.apache.kylin.rest.response.SQLResponse;
import org.apache.kylin.rest.service.QueryService;
import org.apache.kylin.rest.util.QueryUtil;
import org.apache.kylin.storage.exception.ScanOutOfLimitException;
-import org.apache.kylin.storage.hybrid.HybridInstance;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
@@ -259,46 +255,10 @@ public class QueryController extends BasicController {
private void checkQueryAuth(SQLResponse sqlResponse) throws AccessDeniedException {
if (!sqlResponse.getIsException() && KylinConfig.getInstanceFromEnv().isQuerySecureEnabled()) {
- HybridInstance hybridInstance = this.queryService.getHybridManager().getHybridInstance(sqlResponse.getCube());
- if (hybridInstance != null) {
- if (checkHybridAuthorization(hybridInstance)) {
- logger.info(hybridInstance.getName() + " ACL validation success.");
- } else {
- throw new AccessDeniedException("Access is denied");
- }
- } else {
- CubeInstance cubeInstance = this.queryService.getCubeManager().getCube(sqlResponse.getCube());
- queryService.checkAuthorization(cubeInstance);
- }
+ queryService.checkAuthorization(sqlResponse.getCube());
}
}
- private boolean checkHybridAuthorization(HybridInstance hybridInstance) {
- boolean access = false;
- List<RealizationEntry> realizationEntries = hybridInstance.getRealizationEntries();
- for (RealizationEntry realizationEntry : realizationEntries) {
- String reName = realizationEntry.getRealization();
- logger.debug("[realizationEntry] realizationEntry name: " + reName + " realizationEntry type: " + realizationEntry.getType().name());
- if (RealizationType.CUBE == realizationEntry.getType()) {
- CubeInstance cubeInstance = queryService.getCubeManager().getCube(reName);
- try {
- queryService.checkAuthorization(cubeInstance);
- logger.info(hybridInstance.getName() + " ACL validation cube: " + cubeInstance.getName() + " success.");
- logger.info(hybridInstance.getName() + " ACL validation success.");
- return true;
- } catch (AccessDeniedException e) {
- logger.info(hybridInstance.getName() + " ACL validation cube: " + cubeInstance.getName() + " failed.");
- }
- } else if (RealizationType.HYBRID == realizationEntry.getType()) {
- HybridInstance innerHybridInstance = queryService.getHybridManager().getHybridInstance(reName);
- if (checkHybridAuthorization(innerHybridInstance)) {
- return true;
- }
- }
- }
- return access;
- }
-
public void setQueryService(QueryService queryService) {
this.queryService = queryService;
}
http://git-wip-us.apache.org/repos/asf/kylin/blob/1d046421/server-base/src/main/java/org/apache/kylin/rest/service/QueryService.java
----------------------------------------------------------------------
diff --git a/server-base/src/main/java/org/apache/kylin/rest/service/QueryService.java b/server-base/src/main/java/org/apache/kylin/rest/service/QueryService.java
index 6d778d0..3acaeb8 100644
--- a/server-base/src/main/java/org/apache/kylin/rest/service/QueryService.java
+++ b/server-base/src/main/java/org/apache/kylin/rest/service/QueryService.java
@@ -55,6 +55,8 @@ import org.apache.kylin.common.util.Bytes;
import org.apache.kylin.cube.CubeInstance;
import org.apache.kylin.cube.CubeManager;
import org.apache.kylin.cube.cuboid.Cuboid;
+import org.apache.kylin.metadata.project.RealizationEntry;
+import org.apache.kylin.metadata.realization.RealizationType;
import org.apache.kylin.query.relnode.OLAPContext;
import org.apache.kylin.rest.constant.Constant;
import org.apache.kylin.rest.model.ColumnMeta;
@@ -67,6 +69,7 @@ import org.apache.kylin.rest.response.SQLResponse;
import org.apache.kylin.rest.util.QueryUtil;
import org.apache.kylin.rest.util.Serializer;
import org.apache.kylin.storage.hbase.HBaseConnection;
+import org.apache.kylin.storage.hybrid.HybridInstance;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
@@ -258,8 +261,34 @@ public class QueryService extends BasicService {
logger.info(stringBuilder.toString());
}
+ public void checkAuthorization(String cubeName) throws AccessDeniedException {
+ // special care for hybrid
+ HybridInstance hybridInstance = getHybridManager().getHybridInstance(cubeName);
+ if (hybridInstance != null) {
+ checkHybridAuthorization(hybridInstance);
+ return;
+ }
+
+ CubeInstance cubeInstance = getCubeManager().getCube(cubeName);
+ checkCubeAuthorization(cubeInstance);
+ }
+
@PreAuthorize(Constant.ACCESS_HAS_ROLE_ADMIN + " or hasPermission(#cube, 'ADMINISTRATION') or hasPermission(#cube, 'MANAGEMENT')" + " or hasPermission(#cube, 'OPERATION') or hasPermission(#cube, 'READ')")
- public void checkAuthorization(CubeInstance cube) throws AccessDeniedException {
+ private void checkCubeAuthorization(CubeInstance cube) throws AccessDeniedException {
+ }
+
+ private void checkHybridAuthorization(HybridInstance hybridInstance) throws AccessDeniedException {
+ List<RealizationEntry> realizationEntries = hybridInstance.getRealizationEntries();
+ for (RealizationEntry realizationEntry : realizationEntries) {
+ String reName = realizationEntry.getRealization();
+ if (RealizationType.CUBE == realizationEntry.getType()) {
+ CubeInstance cubeInstance = getCubeManager().getCube(reName);
+ checkCubeAuthorization(cubeInstance);
+ } else if (RealizationType.HYBRID == realizationEntry.getType()) {
+ HybridInstance innerHybridInstance = getHybridManager().getHybridInstance(reName);
+ checkHybridAuthorization(innerHybridInstance);
+ }
+ }
}
private SQLResponse queryWithSqlMassage(SQLRequest sqlRequest) throws Exception {