You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@kylin.apache.org by li...@apache.org on 2017/07/25 09:45:06 UTC
[19/24] kylin git commit: Do not allow user "ADMIN" be deleted
Do not allow user "ADMIN" be deleted
Project: http://git-wip-us.apache.org/repos/asf/kylin/repo
Commit: http://git-wip-us.apache.org/repos/asf/kylin/commit/6214ab9f
Tree: http://git-wip-us.apache.org/repos/asf/kylin/tree/6214ab9f
Diff: http://git-wip-us.apache.org/repos/asf/kylin/diff/6214ab9f
Branch: refs/heads/2.1.x
Commit: 6214ab9ffa228601248c50bd91423a0abc42028f
Parents: 5cb6aba
Author: nichunen <ch...@kyligence.io>
Authored: Mon Jul 24 21:50:13 2017 +0800
Committer: nichunen <ch...@kyligence.io>
Committed: Mon Jul 24 21:50:13 2017 +0800
----------------------------------------------------------------------
.../apache/kylin/rest/service/UserService.java | 7 +++++-
.../kylin/rest/service/UserServiceTest.java | 24 +++++++++++++++-----
2 files changed, 24 insertions(+), 7 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/kylin/blob/6214ab9f/server-base/src/main/java/org/apache/kylin/rest/service/UserService.java
----------------------------------------------------------------------
diff --git a/server-base/src/main/java/org/apache/kylin/rest/service/UserService.java b/server-base/src/main/java/org/apache/kylin/rest/service/UserService.java
index 16fafa3..24e2e30 100644
--- a/server-base/src/main/java/org/apache/kylin/rest/service/UserService.java
+++ b/server-base/src/main/java/org/apache/kylin/rest/service/UserService.java
@@ -51,10 +51,12 @@ public class UserService implements UserDetailsManager {
public static final String DIR_PREFIX = "/user/";
+ public static final String SUPER_ADMIN = "ADMIN";
+
public static final Serializer<ManagedUser> SERIALIZER = new JsonSerializer<>(ManagedUser.class);
protected ResourceStore aclStore;
-
+
private boolean evictCacheFlag = false;
public boolean isEvictCacheFlag() {
@@ -92,6 +94,9 @@ public class UserService implements UserDetailsManager {
@Override
public void deleteUser(String userName) {
+ if (userName.equals(SUPER_ADMIN))
+ throw new InternalErrorException("User " + userName + " is not allowed to be deleted.");
+
try {
String id = getId(userName);
aclStore.deleteResource(id);
http://git-wip-us.apache.org/repos/asf/kylin/blob/6214ab9f/server/src/test/java/org/apache/kylin/rest/service/UserServiceTest.java
----------------------------------------------------------------------
diff --git a/server/src/test/java/org/apache/kylin/rest/service/UserServiceTest.java b/server/src/test/java/org/apache/kylin/rest/service/UserServiceTest.java
index c49b552..736f9a1 100644
--- a/server/src/test/java/org/apache/kylin/rest/service/UserServiceTest.java
+++ b/server/src/test/java/org/apache/kylin/rest/service/UserServiceTest.java
@@ -23,6 +23,7 @@ import java.util.ArrayList;
import java.util.List;
import org.apache.kylin.rest.constant.Constant;
+import org.apache.kylin.rest.exception.InternalErrorException;
import org.apache.kylin.rest.security.ManagedUser;
import org.junit.Assert;
import org.junit.Test;
@@ -43,19 +44,19 @@ public class UserServiceTest extends ServiceTestBase {
@Test
public void testBasics() throws IOException {
- userService.deleteUser("ADMIN");
+ userService.deleteUser("MODELER");
- Assert.assertTrue(!userService.userExists("ADMIN"));
+ Assert.assertTrue(!userService.userExists("MODELER"));
List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
authorities.add(new SimpleGrantedAuthority(Constant.ROLE_ADMIN));
- ManagedUser user = new ManagedUser("ADMIN", "PWD", false, authorities);
+ ManagedUser user = new ManagedUser("MODELER", "PWD", false, authorities);
userService.createUser(user);
- Assert.assertTrue(userService.userExists("ADMIN"));
+ Assert.assertTrue(userService.userExists("MODELER"));
- UserDetails ud = userService.loadUserByUsername("ADMIN");
- Assert.assertEquals("ADMIN", ud.getUsername());
+ UserDetails ud = userService.loadUserByUsername("MODELER");
+ Assert.assertEquals("MODELER", ud.getUsername());
Assert.assertEquals("PWD", ud.getPassword());
Assert.assertEquals(Constant.ROLE_ADMIN, ud.getAuthorities().iterator().next().getAuthority());
Assert.assertEquals(1, ud.getAuthorities().size());
@@ -64,4 +65,15 @@ public class UserServiceTest extends ServiceTestBase {
Assert.assertTrue(strings.contains(Constant.ROLE_ADMIN));
}
+
+ @Test
+ public void testDeleteAdmin() throws IOException {
+ try {
+ userService.deleteUser("ADMIN");
+ throw new InternalErrorException();
+ } catch (InternalErrorException e) {
+ Assert.assertEquals(e.getMessage(), "User ADMIN is not allowed to be deleted.");
+ }
+
+ }
}