You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@kylin.apache.org by li...@apache.org on 2017/07/25 09:45:06 UTC

[19/24] kylin git commit: Do not allow user "ADMIN" be deleted

Do not allow user "ADMIN" be deleted


Project: http://git-wip-us.apache.org/repos/asf/kylin/repo
Commit: http://git-wip-us.apache.org/repos/asf/kylin/commit/6214ab9f
Tree: http://git-wip-us.apache.org/repos/asf/kylin/tree/6214ab9f
Diff: http://git-wip-us.apache.org/repos/asf/kylin/diff/6214ab9f

Branch: refs/heads/2.1.x
Commit: 6214ab9ffa228601248c50bd91423a0abc42028f
Parents: 5cb6aba
Author: nichunen <ch...@kyligence.io>
Authored: Mon Jul 24 21:50:13 2017 +0800
Committer: nichunen <ch...@kyligence.io>
Committed: Mon Jul 24 21:50:13 2017 +0800

----------------------------------------------------------------------
 .../apache/kylin/rest/service/UserService.java  |  7 +++++-
 .../kylin/rest/service/UserServiceTest.java     | 24 +++++++++++++++-----
 2 files changed, 24 insertions(+), 7 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/kylin/blob/6214ab9f/server-base/src/main/java/org/apache/kylin/rest/service/UserService.java
----------------------------------------------------------------------
diff --git a/server-base/src/main/java/org/apache/kylin/rest/service/UserService.java b/server-base/src/main/java/org/apache/kylin/rest/service/UserService.java
index 16fafa3..24e2e30 100644
--- a/server-base/src/main/java/org/apache/kylin/rest/service/UserService.java
+++ b/server-base/src/main/java/org/apache/kylin/rest/service/UserService.java
@@ -51,10 +51,12 @@ public class UserService implements UserDetailsManager {
 
     public static final String DIR_PREFIX = "/user/";
 
+    public static final String SUPER_ADMIN = "ADMIN";
+
     public static final Serializer<ManagedUser> SERIALIZER = new JsonSerializer<>(ManagedUser.class);
 
     protected ResourceStore aclStore;
-    
+
     private boolean evictCacheFlag = false;
 
     public boolean isEvictCacheFlag() {
@@ -92,6 +94,9 @@ public class UserService implements UserDetailsManager {
 
     @Override
     public void deleteUser(String userName) {
+        if (userName.equals(SUPER_ADMIN))
+            throw new InternalErrorException("User " + userName + " is not allowed to be deleted.");
+
         try {
             String id = getId(userName);
             aclStore.deleteResource(id);

http://git-wip-us.apache.org/repos/asf/kylin/blob/6214ab9f/server/src/test/java/org/apache/kylin/rest/service/UserServiceTest.java
----------------------------------------------------------------------
diff --git a/server/src/test/java/org/apache/kylin/rest/service/UserServiceTest.java b/server/src/test/java/org/apache/kylin/rest/service/UserServiceTest.java
index c49b552..736f9a1 100644
--- a/server/src/test/java/org/apache/kylin/rest/service/UserServiceTest.java
+++ b/server/src/test/java/org/apache/kylin/rest/service/UserServiceTest.java
@@ -23,6 +23,7 @@ import java.util.ArrayList;
 import java.util.List;
 
 import org.apache.kylin.rest.constant.Constant;
+import org.apache.kylin.rest.exception.InternalErrorException;
 import org.apache.kylin.rest.security.ManagedUser;
 import org.junit.Assert;
 import org.junit.Test;
@@ -43,19 +44,19 @@ public class UserServiceTest extends ServiceTestBase {
 
     @Test
     public void testBasics() throws IOException {
-        userService.deleteUser("ADMIN");
+        userService.deleteUser("MODELER");
 
-        Assert.assertTrue(!userService.userExists("ADMIN"));
+        Assert.assertTrue(!userService.userExists("MODELER"));
 
         List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
         authorities.add(new SimpleGrantedAuthority(Constant.ROLE_ADMIN));
-        ManagedUser user = new ManagedUser("ADMIN", "PWD", false, authorities);
+        ManagedUser user = new ManagedUser("MODELER", "PWD", false, authorities);
         userService.createUser(user);
 
-        Assert.assertTrue(userService.userExists("ADMIN"));
+        Assert.assertTrue(userService.userExists("MODELER"));
 
-        UserDetails ud = userService.loadUserByUsername("ADMIN");
-        Assert.assertEquals("ADMIN", ud.getUsername());
+        UserDetails ud = userService.loadUserByUsername("MODELER");
+        Assert.assertEquals("MODELER", ud.getUsername());
         Assert.assertEquals("PWD", ud.getPassword());
         Assert.assertEquals(Constant.ROLE_ADMIN, ud.getAuthorities().iterator().next().getAuthority());
         Assert.assertEquals(1, ud.getAuthorities().size());
@@ -64,4 +65,15 @@ public class UserServiceTest extends ServiceTestBase {
         Assert.assertTrue(strings.contains(Constant.ROLE_ADMIN));
     }
 
+
+    @Test
+    public void testDeleteAdmin() throws IOException {
+        try {
+            userService.deleteUser("ADMIN");
+            throw new InternalErrorException();
+        } catch (InternalErrorException e) {
+            Assert.assertEquals(e.getMessage(), "User ADMIN is not allowed to be deleted.");
+        }
+
+    }
 }