You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@zeppelin.apache.org by zj...@apache.org on 2019/03/29 06:09:12 UTC
[zeppelin] branch master updated: [ZEPPELIN-3985]. Move note
permission from notebook-authorization.json to note file
This is an automated email from the ASF dual-hosted git repository.
zjffdu pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/zeppelin.git
The following commit(s) were added to refs/heads/master by this push:
new 0b8423c [ZEPPELIN-3985]. Move note permission from notebook-authorization.json to note file
0b8423c is described below
commit 0b8423c62ae52f3716d4bb63d60762fee6910788
Author: Jeff Zhang <zj...@apache.org>
AuthorDate: Sat Feb 2 17:33:05 2019 +0800
[ZEPPELIN-3985]. Move note permission from notebook-authorization.json to note file
### What is this PR for?
This PR move note permission from `notebook-authorization.json` to note json file. `AuthorizationService` is responsible for authorization operations, including setting permission and querying permissions. I keep `NoteAuthorization` and will create another PR to upgrade notes.
### What type of PR is it?
[ Improvement]
### Todos
* [ ] - Task
### What is the Jira issue?
* https://jira.apache.org/jira/browse/ZEPPELIN-3985
### How should this be tested?
* CI pass
### Screenshots (if appropriate)
### Questions:
* Does the licenses files need update? No
* Is there breaking changes for older versions? No
* Does this needs documentation? No
Author: Jeff Zhang <zj...@apache.org>
Closes #3316 from zjffdu/ZEPPELIN-3985 and squashes the following commits:
9d6ff97a9 [Jeff Zhang] [ZEPPELIN-3985]. Move note permission from notebook-authorization.json to note file
---
.../notebook/repo/NotebookRepoSyncTest.java | 53 ++---
.../org/apache/zeppelin/rest/LoginRestApi.java | 10 +-
.../org/apache/zeppelin/rest/NotebookRestApi.java | 54 ++---
.../org/apache/zeppelin/server/ZeppelinServer.java | 5 +-
.../apache/zeppelin/service/NotebookService.java | 41 ++--
.../apache/zeppelin/socket/ConnectionManager.java | 11 +-
.../org/apache/zeppelin/socket/NotebookServer.java | 27 ++-
.../apache/zeppelin/rest/ZeppelinRestApiTest.java | 6 +-
.../zeppelin/service/NotebookServiceTest.java | 13 +-
.../apache/zeppelin/socket/NotebookServerTest.java | 25 ++-
.../zeppelin/notebook/AuthorizationService.java | 249 +++++++++++++++++++++
.../java/org/apache/zeppelin/notebook/Note.java | 103 +++++++++
.../org/apache/zeppelin/notebook/Notebook.java | 28 +--
.../zeppelin/notebook/repo/NotebookRepoSync.java | 42 +---
.../repo/zeppelinhub/websocket/ZeppelinClient.java | 24 +-
.../helium/HeliumApplicationFactoryTest.java | 7 +-
.../org/apache/zeppelin/notebook/NotebookTest.java | 210 +++++++++--------
.../apache/zeppelin/search/LuceneSearchTest.java | 3 +-
18 files changed, 608 insertions(+), 303 deletions(-)
diff --git a/zeppelin-plugins/notebookrepo/git/src/test/java/org/apache/zeppelin/notebook/repo/NotebookRepoSyncTest.java b/zeppelin-plugins/notebookrepo/git/src/test/java/org/apache/zeppelin/notebook/repo/NotebookRepoSyncTest.java
index fca0c57..726fb93 100644
--- a/zeppelin-plugins/notebookrepo/git/src/test/java/org/apache/zeppelin/notebook/repo/NotebookRepoSyncTest.java
+++ b/zeppelin-plugins/notebookrepo/git/src/test/java/org/apache/zeppelin/notebook/repo/NotebookRepoSyncTest.java
@@ -36,10 +36,10 @@ import org.apache.zeppelin.helium.ApplicationEventListener;
import org.apache.zeppelin.interpreter.InterpreterFactory;
import org.apache.zeppelin.interpreter.InterpreterSettingManager;
import org.apache.zeppelin.interpreter.remote.RemoteInterpreterProcessListener;
+import org.apache.zeppelin.notebook.AuthorizationService;
import org.apache.zeppelin.notebook.Note;
import org.apache.zeppelin.notebook.NoteInfo;
import org.apache.zeppelin.notebook.Notebook;
-import org.apache.zeppelin.notebook.NotebookAuthorization;
import org.apache.zeppelin.notebook.Paragraph;
import org.apache.zeppelin.search.SearchService;
import org.apache.zeppelin.storage.ConfigStorage;
@@ -64,9 +64,9 @@ public class NotebookRepoSyncTest {
private InterpreterFactory factory;
private InterpreterSettingManager interpreterSettingManager;
private SearchService search;
- private NotebookAuthorization notebookAuthorization;
private Credentials credentials;
private AuthenticationInfo anonymous;
+ private AuthorizationService authorizationService;
private static final Logger LOG = LoggerFactory.getLogger(NotebookRepoSyncTest.class);
@Before
@@ -99,11 +99,10 @@ public class NotebookRepoSyncTest {
search = mock(SearchService.class);
notebookRepoSync = new NotebookRepoSync(conf);
- notebookAuthorization = NotebookAuthorization.init(conf);
credentials = new Credentials(conf.credentialsPersist(), conf.getCredentialsPath(), null);
- notebookSync = new Notebook(conf, notebookRepoSync, factory, interpreterSettingManager, search,
- notebookAuthorization, credentials, null);
+ notebookSync = new Notebook(conf, notebookRepoSync, factory, interpreterSettingManager, search, credentials, null);
anonymous = new AuthenticationInfo("anonymous");
+ authorizationService = new AuthorizationService(notebookSync, conf);
}
@After
@@ -241,8 +240,7 @@ public class NotebookRepoSyncTest {
System.setProperty(ConfVars.ZEPPELIN_NOTEBOOK_ONE_WAY_SYNC.getVarName(), "true");
conf = ZeppelinConfiguration.create();
notebookRepoSync = new NotebookRepoSync(conf);
- notebookSync = new Notebook(conf, notebookRepoSync, factory, interpreterSettingManager, search,
- notebookAuthorization, credentials, null);
+ notebookSync = new Notebook(conf, notebookRepoSync, factory, interpreterSettingManager, search, credentials, null);
// check that both storage repos are empty
assertTrue(notebookRepoSync.getRepoCount() > 1);
@@ -289,8 +287,7 @@ public class NotebookRepoSyncTest {
ZeppelinConfiguration vConf = ZeppelinConfiguration.create();
NotebookRepoSync vRepoSync = new NotebookRepoSync(vConf);
- Notebook vNotebookSync = new Notebook(vConf, vRepoSync, factory, interpreterSettingManager, search,
- notebookAuthorization, credentials, null);
+ Notebook vNotebookSync = new Notebook(vConf, vRepoSync, factory, interpreterSettingManager, search, credentials, null);
// one git versioned storage initialized
assertThat(vRepoSync.getRepoCount()).isEqualTo(1);
@@ -338,14 +335,13 @@ public class NotebookRepoSyncTest {
assertEquals(1, notebookRepoSync.list(1, null).size());
/* check that user1 is the only owner */
- NotebookAuthorization authInfo = NotebookAuthorization.getInstance();
Set<String> entity = new HashSet<String>();
entity.add(user1.getUser());
- assertEquals(true, authInfo.isOwner(note.getId(), entity));
- assertEquals(1, authInfo.getOwners(note.getId()).size());
- assertEquals(0, authInfo.getReaders(note.getId()).size());
- assertEquals(0, authInfo.getRunners(note.getId()).size());
- assertEquals(0, authInfo.getWriters(note.getId()).size());
+ assertEquals(true, authorizationService.isOwner(note.getId(), entity));
+ assertEquals(1, authorizationService.getOwners(note.getId()).size());
+ assertEquals(0, authorizationService.getReaders(note.getId()).size());
+ assertEquals(0, authorizationService.getRunners(note.getId()).size());
+ assertEquals(0, authorizationService.getWriters(note.getId()).size());
/* update note and save on secondary storage */
note.setInterpreterFactory(mock(InterpreterFactory.class));
@@ -370,35 +366,26 @@ public class NotebookRepoSyncTest {
assertEquals(1, notebookRepoSync.get(0,
notebookRepoSync.list(0, null).get(0).getId(),
notebookRepoSync.list(0, null).get(0).getPath(), null).getParagraphs().size());
- assertEquals(true, authInfo.isOwner(note.getId(), entity));
- assertEquals(1, authInfo.getOwners(note.getId()).size());
- assertEquals(0, authInfo.getReaders(note.getId()).size());
- assertEquals(0, authInfo.getRunners(note.getId()).size());
- assertEquals(0, authInfo.getWriters(note.getId()).size());
+ assertEquals(true, authorizationService.isOwner(note.getId(), entity));
+ assertEquals(1, authorizationService.getOwners(note.getId()).size());
+ assertEquals(0, authorizationService.getReaders(note.getId()).size());
+ assertEquals(0, authorizationService.getRunners(note.getId()).size());
+ assertEquals(0, authorizationService.getWriters(note.getId()).size());
/* scenario 2 - note doesn't exist on main storage */
/* remove from main storage */
notebookRepoSync.remove(0, note.getId(), note.getPath(), user1);
assertEquals(0, notebookRepoSync.list(0, null).size());
assertEquals(1, notebookRepoSync.list(1, null).size());
- authInfo.removeNote(note.getId());
- assertEquals(0, authInfo.getOwners(note.getId()).size());
- assertEquals(0, authInfo.getReaders(note.getId()).size());
- assertEquals(0, authInfo.getRunners(note.getId()).size());
- assertEquals(0, authInfo.getWriters(note.getId()).size());
/* now sync - should bring note from secondary storage with added acl */
notebookRepoSync.sync(user1);
assertEquals(1, notebookRepoSync.list(0, null).size());
assertEquals(1, notebookRepoSync.list(1, null).size());
- assertEquals(1, authInfo.getOwners(note.getId()).size());
- assertEquals(1, authInfo.getReaders(note.getId()).size());
- assertEquals(1, authInfo.getRunners(note.getId()).size());
- assertEquals(1, authInfo.getWriters(note.getId()).size());
- assertEquals(true, authInfo.isOwner(note.getId(), entity));
- assertEquals(true, authInfo.isReader(note.getId(), entity));
- assertEquals(true, authInfo.isRunner(note.getId(), entity));
- assertEquals(true, authInfo.isWriter(note.getId(), entity));
+ assertEquals(1, authorizationService.getOwners(note.getId()).size());
+ assertEquals(0, authorizationService.getReaders(note.getId()).size());
+ assertEquals(0, authorizationService.getRunners(note.getId()).size());
+ assertEquals(0, authorizationService.getWriters(note.getId()).size());
}
static void delete(File file) {
diff --git a/zeppelin-server/src/main/java/org/apache/zeppelin/rest/LoginRestApi.java b/zeppelin-server/src/main/java/org/apache/zeppelin/rest/LoginRestApi.java
index c8fa859..cb5d598 100644
--- a/zeppelin-server/src/main/java/org/apache/zeppelin/rest/LoginRestApi.java
+++ b/zeppelin-server/src/main/java/org/apache/zeppelin/rest/LoginRestApi.java
@@ -44,7 +44,7 @@ import org.apache.shiro.subject.Subject;
import org.apache.zeppelin.annotation.ZeppelinApi;
import org.apache.zeppelin.conf.ZeppelinConfiguration;
import org.apache.zeppelin.notebook.Notebook;
-import org.apache.zeppelin.notebook.NotebookAuthorization;
+import org.apache.zeppelin.notebook.AuthorizationService;
import org.apache.zeppelin.realm.jwt.JWTAuthenticationToken;
import org.apache.zeppelin.realm.jwt.KnoxJwtRealm;
import org.apache.zeppelin.realm.kerberos.KerberosRealm;
@@ -65,13 +65,17 @@ public class LoginRestApi {
private static final Logger LOG = LoggerFactory.getLogger(LoginRestApi.class);
private static final Gson gson = new Gson();
private ZeppelinConfiguration zConf;
+
private AuthenticationService authenticationService;
+ private AuthorizationService authorizationService;
@Inject
public LoginRestApi(Notebook notebook,
- AuthenticationService authenticationService) {
+ AuthenticationService authenticationService,
+ AuthorizationService authorizationService) {
this.zConf = notebook.getConf();
this.authenticationService = authenticationService;
+ this.authorizationService = authorizationService;
}
@GET
@@ -199,7 +203,7 @@ public class LoginRestApi {
// if no exception, that's it, we're done!
// set roles for user in NotebookAuthorization module
- NotebookAuthorization.getInstance().setRoles(principal, roles);
+ authorizationService.setRoles(principal, roles);
} catch (AuthenticationException uae) {
// username wasn't in the system, show them an error message?
// password didn't match, try again?
diff --git a/zeppelin-server/src/main/java/org/apache/zeppelin/rest/NotebookRestApi.java b/zeppelin-server/src/main/java/org/apache/zeppelin/rest/NotebookRestApi.java
index 70f17c0..12a25a3 100644
--- a/zeppelin-server/src/main/java/org/apache/zeppelin/rest/NotebookRestApi.java
+++ b/zeppelin-server/src/main/java/org/apache/zeppelin/rest/NotebookRestApi.java
@@ -46,8 +46,8 @@ import org.apache.zeppelin.interpreter.InterpreterResult;
import org.apache.zeppelin.notebook.Note;
import org.apache.zeppelin.notebook.NoteInfo;
import org.apache.zeppelin.notebook.Notebook;
-import org.apache.zeppelin.notebook.NotebookAuthorization;
import org.apache.zeppelin.notebook.Paragraph;
+import org.apache.zeppelin.notebook.AuthorizationService;
import org.apache.zeppelin.rest.exception.BadRequestException;
import org.apache.zeppelin.rest.exception.ForbiddenException;
import org.apache.zeppelin.rest.exception.NoteNotFoundException;
@@ -84,7 +84,7 @@ public class NotebookRestApi extends AbstractRestApi {
private Notebook notebook;
private NotebookServer notebookServer;
private SearchService noteSearchService;
- private NotebookAuthorization notebookAuthorization;
+ private AuthorizationService authorizationService;
private NotebookService notebookService;
private JobManagerService jobManagerService;
private AuthenticationService authenticationService;
@@ -95,7 +95,7 @@ public class NotebookRestApi extends AbstractRestApi {
NotebookServer notebookServer,
NotebookService notebookService,
SearchService search,
- NotebookAuthorization notebookAuthorization,
+ AuthorizationService authorizationService,
ZeppelinConfiguration zConf,
AuthenticationService authenticationService,
JobManagerService jobManagerService) {
@@ -105,7 +105,7 @@ public class NotebookRestApi extends AbstractRestApi {
this.notebookService = notebookService;
this.jobManagerService = jobManagerService;
this.noteSearchService = search;
- this.notebookAuthorization = notebookAuthorization;
+ this.authorizationService = authorizationService;
this.zConf = zConf;
this.authenticationService = authenticationService;
}
@@ -121,10 +121,10 @@ public class NotebookRestApi extends AbstractRestApi {
checkIfUserCanRead(noteId,
"Insufficient privileges you cannot get the list of permissions for this note");
HashMap<String, Set<String>> permissionsMap = new HashMap<>();
- permissionsMap.put("owners", notebookAuthorization.getOwners(noteId));
- permissionsMap.put("readers", notebookAuthorization.getReaders(noteId));
- permissionsMap.put("writers", notebookAuthorization.getWriters(noteId));
- permissionsMap.put("runners", notebookAuthorization.getRunners(noteId));
+ permissionsMap.put("owners", authorizationService.getOwners(noteId));
+ permissionsMap.put("readers", authorizationService.getReaders(noteId));
+ permissionsMap.put("writers", authorizationService.getWriters(noteId));
+ permissionsMap.put("runners", authorizationService.getRunners(noteId));
return new JsonResponse<>(Status.OK, "", permissionsMap).build();
}
@@ -164,8 +164,8 @@ public class NotebookRestApi extends AbstractRestApi {
Set<String> userAndRoles = Sets.newHashSet();
userAndRoles.add(authenticationService.getPrincipal());
userAndRoles.addAll(authenticationService.getAssociatedRoles());
- if (!notebookAuthorization.isOwner(userAndRoles, noteId)) {
- throw new ForbiddenException(errorMsg);
+ if (!authorizationService.isOwner(userAndRoles, noteId)) {
+ throw new ForbiddenException(errorMsg);
}
}
@@ -176,8 +176,8 @@ public class NotebookRestApi extends AbstractRestApi {
Set<String> userAndRoles = Sets.newHashSet();
userAndRoles.add(authenticationService.getPrincipal());
userAndRoles.addAll(authenticationService.getAssociatedRoles());
- if (!notebookAuthorization.hasWriteAuthorization(userAndRoles, noteId)) {
- throw new ForbiddenException(errorMsg);
+ if (!authorizationService.hasWritePermission(userAndRoles, noteId)) {
+ throw new ForbiddenException(errorMsg);
}
}
@@ -188,7 +188,7 @@ public class NotebookRestApi extends AbstractRestApi {
Set<String> userAndRoles = Sets.newHashSet();
userAndRoles.add(authenticationService.getPrincipal());
userAndRoles.addAll(authenticationService.getAssociatedRoles());
- if (!notebookAuthorization.hasReadAuthorization(userAndRoles, noteId)) {
+ if (!authorizationService.hasReadPermission(userAndRoles, noteId)) {
throw new ForbiddenException(errorMsg);
}
}
@@ -200,8 +200,8 @@ public class NotebookRestApi extends AbstractRestApi {
Set<String> userAndRoles = Sets.newHashSet();
userAndRoles.add(authenticationService.getPrincipal());
userAndRoles.addAll(authenticationService.getAssociatedRoles());
- if (!notebookAuthorization.hasRunAuthorization(userAndRoles, noteId)) {
- throw new ForbiddenException(errorMsg);
+ if (!authorizationService.hasRunPermission(userAndRoles, noteId)) {
+ throw new ForbiddenException(errorMsg);
}
}
@@ -240,7 +240,7 @@ public class NotebookRestApi extends AbstractRestApi {
checkIfUserIsAnon(getBlockNotAuthenticatedUserErrorMsg());
checkIfUserIsOwner(noteId,
- ownerPermissionError(userAndRoles, notebookAuthorization.getOwners(noteId)));
+ ownerPermissionError(userAndRoles, authorizationService.getOwners(noteId)));
HashMap<String, HashSet<String>> permMap =
gson.fromJson(req, new TypeToken<HashMap<String, HashSet<String>>>() {
@@ -282,13 +282,13 @@ public class NotebookRestApi extends AbstractRestApi {
}
}
- notebookAuthorization.setReaders(noteId, readers);
- notebookAuthorization.setRunners(noteId, runners);
- notebookAuthorization.setWriters(noteId, writers);
- notebookAuthorization.setOwners(noteId, owners);
- LOG.debug("After set permissions {} {} {} {}", notebookAuthorization.getOwners(noteId),
- notebookAuthorization.getReaders(noteId), notebookAuthorization.getRunners(noteId),
- notebookAuthorization.getWriters(noteId));
+ authorizationService.setReaders(noteId, readers);
+ authorizationService.setRunners(noteId, runners);
+ authorizationService.setWriters(noteId, writers);
+ authorizationService.setOwners(noteId, owners);
+ LOG.debug("After set permissions {} {} {} {}", authorizationService.getOwners(noteId),
+ authorizationService.getReaders(noteId), authorizationService.getRunners(noteId),
+ authorizationService.getWriters(noteId));
AuthenticationInfo subject = new AuthenticationInfo(authenticationService.getPrincipal());
notebook.saveNote(note, subject);
notebookServer.broadcastNote(note);
@@ -1002,10 +1002,10 @@ public class NotebookRestApi extends AbstractRestApi {
for (int i = 0; i < notesFound.size(); i++) {
String[] ids = notesFound.get(i).get("id").split("/", 2);
String noteId = ids[0];
- if (!notebookAuthorization.isOwner(noteId, userAndRoles) &&
- !notebookAuthorization.isReader(noteId, userAndRoles) &&
- !notebookAuthorization.isWriter(noteId, userAndRoles) &&
- !notebookAuthorization.isRunner(noteId, userAndRoles)) {
+ if (!authorizationService.isOwner(noteId, userAndRoles) &&
+ !authorizationService.isReader(noteId, userAndRoles) &&
+ !authorizationService.isWriter(noteId, userAndRoles) &&
+ !authorizationService.isRunner(noteId, userAndRoles)) {
notesFound.remove(i);
i--;
}
diff --git a/zeppelin-server/src/main/java/org/apache/zeppelin/server/ZeppelinServer.java b/zeppelin-server/src/main/java/org/apache/zeppelin/server/ZeppelinServer.java
index 3f06916..3a02d40 100644
--- a/zeppelin-server/src/main/java/org/apache/zeppelin/server/ZeppelinServer.java
+++ b/zeppelin-server/src/main/java/org/apache/zeppelin/server/ZeppelinServer.java
@@ -44,7 +44,7 @@ import org.apache.zeppelin.interpreter.InterpreterSettingManager;
import org.apache.zeppelin.interpreter.remote.RemoteInterpreterProcessListener;
import org.apache.zeppelin.notebook.NoteEventListener;
import org.apache.zeppelin.notebook.Notebook;
-import org.apache.zeppelin.notebook.NotebookAuthorization;
+import org.apache.zeppelin.notebook.AuthorizationService;
import org.apache.zeppelin.notebook.repo.NotebookRepo;
import org.apache.zeppelin.notebook.repo.NotebookRepoSync;
import org.apache.zeppelin.rest.exception.WebApplicationExceptionMapper;
@@ -118,7 +118,6 @@ public class ZeppelinServer extends ResourceConfig {
new AbstractBinder() {
@Override
protected void configure() {
- NotebookAuthorization notebookAuthorization = NotebookAuthorization.getInstance();
Credentials credentials =
new Credentials(
conf.credentialsPersist(),
@@ -136,7 +135,7 @@ public class ZeppelinServer extends ResourceConfig {
bindAsContract(GsonProvider.class).in(Singleton.class);
bindAsContract(WebApplicationExceptionMapper.class).in(Singleton.class);
bindAsContract(AdminService.class).in(Singleton.class);
- bind(notebookAuthorization).to(NotebookAuthorization.class);
+ bindAsContract(AuthorizationService.class).to(Singleton.class);
// TODO(jl): Will make it more beautiful
if (!StringUtils.isBlank(conf.getShiroPath())) {
bind(ShiroAuthenticationService.class).to(AuthenticationService.class).in(Singleton.class);
diff --git a/zeppelin-server/src/main/java/org/apache/zeppelin/service/NotebookService.java b/zeppelin-server/src/main/java/org/apache/zeppelin/service/NotebookService.java
index 36eaa15..3b4931b 100644
--- a/zeppelin-server/src/main/java/org/apache/zeppelin/service/NotebookService.java
+++ b/zeppelin-server/src/main/java/org/apache/zeppelin/service/NotebookService.java
@@ -29,7 +29,6 @@ import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;
-import java.util.concurrent.CountDownLatch;
import javax.inject.Inject;
import org.apache.commons.lang.StringUtils;
import org.apache.zeppelin.conf.ZeppelinConfiguration;
@@ -44,8 +43,8 @@ import org.apache.zeppelin.notebook.Note;
import org.apache.zeppelin.notebook.NoteInfo;
import org.apache.zeppelin.notebook.NoteManager;
import org.apache.zeppelin.notebook.Notebook;
-import org.apache.zeppelin.notebook.NotebookAuthorization;
import org.apache.zeppelin.notebook.Paragraph;
+import org.apache.zeppelin.notebook.AuthorizationService;
import org.apache.zeppelin.notebook.repo.NotebookRepoWithVersionControl;
import org.apache.zeppelin.notebook.socket.Message;
import org.apache.zeppelin.rest.exception.BadRequestException;
@@ -53,7 +52,6 @@ import org.apache.zeppelin.rest.exception.ForbiddenException;
import org.apache.zeppelin.rest.exception.NoteNotFoundException;
import org.apache.zeppelin.rest.exception.ParagraphNotFoundException;
import org.apache.zeppelin.scheduler.Job;
-import org.apache.zeppelin.socket.NotebookServer;
import org.apache.zeppelin.user.AuthenticationInfo;
import org.bitbucket.cowwoc.diffmatchpatch.DiffMatchPatch;
import org.joda.time.DateTime;
@@ -80,15 +78,15 @@ public class NotebookService {
private ZeppelinConfiguration zConf;
private Notebook notebook;
- private NotebookAuthorization notebookAuthorization;
+ private AuthorizationService authorizationService;
@Inject
public NotebookService(
Notebook notebook,
- NotebookAuthorization notebookAuthorization,
+ AuthorizationService authorizationService,
ZeppelinConfiguration zeppelinConfiguration) {
this.notebook = notebook;
- this.notebookAuthorization = notebookAuthorization;
+ this.authorizationService = authorizationService;
this.zConf = zeppelinConfiguration;
}
@@ -177,10 +175,10 @@ public class NotebookService {
public void removeNote(String noteId,
ServiceContext context,
ServiceCallback<String> callback) throws IOException {
- if (!checkPermission(noteId, Permission.OWNER, Message.OP.DEL_NOTE, context, callback)) {
- return;
- }
if (notebook.getNote(noteId) != null) {
+ if (!checkPermission(noteId, Permission.OWNER, Message.OP.DEL_NOTE, context, callback)) {
+ return;
+ }
notebook.removeNote(noteId, context.getAutheInfo());
callback.onSuccess("Delete note successfully", context);
} else {
@@ -199,7 +197,8 @@ public class NotebookService {
LOGGER.error("Fail to reload notes from repository", e);
}
}
- List<NoteInfo> notesInfo = notebook.getNotesInfo(context.getUserAndRoles());
+ List<NoteInfo> notesInfo = notebook.getNotesInfo(
+ noteId -> authorizationService.isReader(noteId, context.getUserAndRoles()));
callback.onSuccess(notesInfo, context);
return notesInfo;
}
@@ -929,7 +928,8 @@ public class NotebookService {
ServiceCallback<List<NoteInfo>> callback) throws IOException {
try {
notebook.removeFolder(folderPath, context.getAutheInfo());
- List<NoteInfo> notesInfo = notebook.getNotesInfo(context.getUserAndRoles());
+ List<NoteInfo> notesInfo = notebook.getNotesInfo(
+ noteId -> authorizationService.isReader(noteId, context.getUserAndRoles()));
callback.onSuccess(notesInfo, context);
return notesInfo;
} catch (IOException e) {
@@ -946,7 +946,8 @@ public class NotebookService {
try {
notebook.moveFolder(folderPath, newFolderPath, context.getAutheInfo());
- List<NoteInfo> notesInfo = notebook.getNotesInfo(context.getUserAndRoles());
+ List<NoteInfo> notesInfo = notebook.getNotesInfo(
+ noteId -> authorizationService.isReader(noteId, context.getUserAndRoles()));
callback.onSuccess(notesInfo, context);
return notesInfo;
} catch (IOException e) {
@@ -1166,20 +1167,20 @@ public class NotebookService {
Set<String> allowed = null;
switch (permission) {
case READER:
- isAllowed = notebookAuthorization.isReader(noteId, context.getUserAndRoles());
- allowed = notebookAuthorization.getReaders(noteId);
+ isAllowed = authorizationService.isReader(noteId, context.getUserAndRoles());
+ allowed = authorizationService.getReaders(noteId);
break;
case WRITER:
- isAllowed = notebookAuthorization.isWriter(noteId, context.getUserAndRoles());
- allowed = notebookAuthorization.getWriters(noteId);
+ isAllowed = authorizationService.isWriter(noteId, context.getUserAndRoles());
+ allowed = authorizationService.getWriters(noteId);
break;
case RUNNER:
- isAllowed = notebookAuthorization.isRunner(noteId, context.getUserAndRoles());
- allowed = notebookAuthorization.getRunners(noteId);
+ isAllowed = authorizationService.isRunner(noteId, context.getUserAndRoles());
+ allowed = authorizationService.getRunners(noteId);
break;
case OWNER:
- isAllowed = notebookAuthorization.isOwner(noteId, context.getUserAndRoles());
- allowed = notebookAuthorization.getOwners(noteId);
+ isAllowed = authorizationService.isOwner(noteId, context.getUserAndRoles());
+ allowed = authorizationService.getOwners(noteId);
break;
}
if (isAllowed) {
diff --git a/zeppelin-server/src/main/java/org/apache/zeppelin/socket/ConnectionManager.java b/zeppelin-server/src/main/java/org/apache/zeppelin/socket/ConnectionManager.java
index e2b3b38..0df4db4 100644
--- a/zeppelin-server/src/main/java/org/apache/zeppelin/socket/ConnectionManager.java
+++ b/zeppelin-server/src/main/java/org/apache/zeppelin/socket/ConnectionManager.java
@@ -31,6 +31,7 @@ import org.apache.zeppelin.notebook.NoteInfo;
import org.apache.zeppelin.notebook.NotebookAuthorization;
import org.apache.zeppelin.notebook.NotebookImportDeserializer;
import org.apache.zeppelin.notebook.Paragraph;
+import org.apache.zeppelin.notebook.AuthorizationService;
import org.apache.zeppelin.notebook.socket.Message;
import org.apache.zeppelin.notebook.socket.WatcherMessage;
import org.apache.zeppelin.user.AuthenticationInfo;
@@ -84,6 +85,13 @@ public class ConnectionManager {
.isZeppelinNotebookCollaborativeModeEnable();
+ private AuthorizationService authorizationService;
+
+ public void setAuthorizationService(
+ AuthorizationService authorizationService) {
+ this.authorizationService = authorizationService;
+ }
+
public void addConnection(NotebookSocket conn) {
connectedSockets.add(conn);
}
@@ -354,13 +362,12 @@ public class ConnectionManager {
public void broadcastNoteListExcept(List<NoteInfo> notesInfo,
AuthenticationInfo subject) {
Set<String> userAndRoles;
- NotebookAuthorization authInfo = NotebookAuthorization.getInstance();
for (String user : userSocketMap.keySet()) {
if (subject.getUser().equals(user)) {
continue;
}
//reloaded already above; parameter - false
- userAndRoles = authInfo.getRoles(user);
+ userAndRoles = authorizationService.getRoles(user);
userAndRoles.add(user);
// TODO(zjffdu) is it ok for comment the following line ?
// notesInfo = generateNotesInfo(false, new AuthenticationInfo(user), userAndRoles);
diff --git a/zeppelin-server/src/main/java/org/apache/zeppelin/socket/NotebookServer.java b/zeppelin-server/src/main/java/org/apache/zeppelin/socket/NotebookServer.java
index f8fc2f0..266cd97 100644
--- a/zeppelin-server/src/main/java/org/apache/zeppelin/socket/NotebookServer.java
+++ b/zeppelin-server/src/main/java/org/apache/zeppelin/socket/NotebookServer.java
@@ -63,16 +63,15 @@ import org.apache.zeppelin.notebook.Note;
import org.apache.zeppelin.notebook.NoteEventListener;
import org.apache.zeppelin.notebook.NoteInfo;
import org.apache.zeppelin.notebook.Notebook;
-import org.apache.zeppelin.notebook.NotebookAuthorization;
import org.apache.zeppelin.notebook.NotebookImportDeserializer;
import org.apache.zeppelin.notebook.Paragraph;
import org.apache.zeppelin.notebook.ParagraphJobListener;
import org.apache.zeppelin.notebook.ParagraphWithRuntimeInfo;
+import org.apache.zeppelin.notebook.AuthorizationService;
import org.apache.zeppelin.notebook.repo.NotebookRepoWithVersionControl.Revision;
import org.apache.zeppelin.notebook.socket.Message;
import org.apache.zeppelin.notebook.socket.Message.OP;
import org.apache.zeppelin.rest.exception.ForbiddenException;
-import org.apache.zeppelin.rest.exception.NoteNotFoundException;
import org.apache.zeppelin.scheduler.Job.Status;
import org.apache.zeppelin.service.ConfigurationService;
import org.apache.zeppelin.service.JobManagerService;
@@ -141,6 +140,7 @@ public class NotebookServer extends WebSocketServlet
private Provider<Notebook> notebookProvider;
private Provider<NotebookService> notebookServiceProvider;
+ private Provider<AuthorizationService> authorizationServiceProvider;
private Provider<ConfigurationService> configurationServiceProvider;
private Provider<JobManagerService> jobManagerServiceProvider;
@@ -169,6 +169,13 @@ public class NotebookServer extends WebSocketServlet
}
@Inject
+ public void setAuthorizationServiceProvider(Provider<AuthorizationService>
+ authorizationServiceProvider) {
+ this.authorizationServiceProvider = authorizationServiceProvider;
+ LOG.info("Injected NotebookAuthorizationServiceProvider");
+ }
+
+ @Inject
public void setConfigurationService(
Provider<ConfigurationService> configurationServiceProvider) {
this.configurationServiceProvider = configurationServiceProvider;
@@ -200,6 +207,10 @@ public class NotebookServer extends WebSocketServlet
return jobManagerServiceProvider.get();
}
+ public AuthorizationService getNotebookAuthorizationService() {
+ return authorizationServiceProvider.get();
+ }
+
@Override
public void configure(WebSocketServletFactory factory) {
factory.setCreator(new NotebookWebSocketCreator(this));
@@ -550,7 +561,8 @@ public class NotebookServer extends WebSocketServlet
subject = new AuthenticationInfo(StringUtils.EMPTY);
}
//send first to requesting user
- List<NoteInfo> notesInfo = getNotebook().getNotesInfo(userAndRoles);
+ List<NoteInfo> notesInfo = getNotebook().getNotesInfo(
+ noteId -> getNotebookAuthorizationService().isReader(noteId, userAndRoles));
connectionManager.multicastToUser(subject.getUser(),
new Message(OP.NOTES_INFO).put("notes", notesInfo));
//to others afterwards
@@ -603,10 +615,11 @@ public class NotebookServer extends WebSocketServlet
String noteId, Set<String> userAndRoles,
String principal, String op)
throws IOException {
- NotebookAuthorization notebookAuthorization = notebook.getNotebookAuthorization();
- if (!notebookAuthorization.isWriter(noteId, userAndRoles)) {
+ AuthorizationService authorizationService =
+ getNotebookAuthorizationService();
+ if (!authorizationService.isWriter(noteId, userAndRoles)) {
permissionError(conn, op, principal, userAndRoles,
- notebookAuthorization.getOwners(noteId));
+ authorizationService.getOwners(noteId));
return false;
}
@@ -1861,7 +1874,7 @@ public class NotebookServer extends WebSocketServlet
// Check READER permission
Set<String> userAndRoles = new HashSet<>();
userAndRoles.add(user);
- NotebookAuthorization notebookAuthorization = notebook.getNotebookAuthorization();
+ AuthorizationService notebookAuthorization = getNotebookAuthorizationService();
boolean isAllowed = notebookAuthorization.isReader(noteId, userAndRoles);
Set<String> allowed = notebookAuthorization.getReaders(noteId);
if (false == isAllowed) {
diff --git a/zeppelin-server/src/test/java/org/apache/zeppelin/rest/ZeppelinRestApiTest.java b/zeppelin-server/src/test/java/org/apache/zeppelin/rest/ZeppelinRestApiTest.java
index 8121d67..99d97cf 100644
--- a/zeppelin-server/src/test/java/org/apache/zeppelin/rest/ZeppelinRestApiTest.java
+++ b/zeppelin-server/src/test/java/org/apache/zeppelin/rest/ZeppelinRestApiTest.java
@@ -32,7 +32,9 @@ import org.apache.commons.httpclient.methods.GetMethod;
import org.apache.commons.httpclient.methods.PostMethod;
import org.apache.commons.httpclient.methods.PutMethod;
import org.apache.commons.lang3.StringUtils;
+import org.apache.zeppelin.notebook.AuthorizationService;
import org.apache.zeppelin.notebook.Notebook;
+import org.apache.zeppelin.service.AuthenticationService;
import org.apache.zeppelin.utils.TestUtils;
import org.junit.AfterClass;
import org.junit.Before;
@@ -419,7 +421,9 @@ public class ZeppelinRestApiTest extends AbstractTestRestApi {
List<Map<String, String>> body = (List<Map<String, String>>) resp.get("body");
//TODO(khalid): anonymous or specific user notes?
HashSet<String> anonymous = Sets.newHashSet("anonymous");
- assertEquals("List notes are equal", TestUtils.getInstance(Notebook.class).getAllNotes(anonymous)
+ AuthorizationService authorizationService = TestUtils.getInstance(AuthorizationService.class);
+ assertEquals("List notes are equal", TestUtils.getInstance(Notebook.class)
+ .getAllNotes(note -> authorizationService.isReader(note.getId(), anonymous))
.size(), body.size());
get.releaseConnection();
}
diff --git a/zeppelin-server/src/test/java/org/apache/zeppelin/service/NotebookServiceTest.java b/zeppelin-server/src/test/java/org/apache/zeppelin/service/NotebookServiceTest.java
index cdeab6a..f309cca 100644
--- a/zeppelin-server/src/test/java/org/apache/zeppelin/service/NotebookServiceTest.java
+++ b/zeppelin-server/src/test/java/org/apache/zeppelin/service/NotebookServiceTest.java
@@ -51,11 +51,8 @@ import org.apache.zeppelin.interpreter.InterpreterResult.Code;
import org.apache.zeppelin.interpreter.InterpreterSetting;
import org.apache.zeppelin.interpreter.InterpreterSettingManager;
import org.apache.zeppelin.interpreter.ManagedInterpreterGroup;
-import org.apache.zeppelin.notebook.Note;
-import org.apache.zeppelin.notebook.NoteInfo;
-import org.apache.zeppelin.notebook.Notebook;
-import org.apache.zeppelin.notebook.NotebookAuthorization;
-import org.apache.zeppelin.notebook.Paragraph;
+import org.apache.zeppelin.notebook.*;
+import org.apache.zeppelin.notebook.AuthorizationService;
import org.apache.zeppelin.notebook.repo.InMemoryNotebookRepo;
import org.apache.zeppelin.notebook.repo.NotebookRepo;
import org.apache.zeppelin.search.LuceneSearch;
@@ -97,7 +94,7 @@ public class NotebookServiceTest {
when(mockInterpreterSetting.isUserAuthorized(any())).thenReturn(true);
when(mockInterpreterGroup.getInterpreterSetting()).thenReturn(mockInterpreterSetting);
SearchService searchService = new LuceneSearch(zeppelinConfiguration);
- NotebookAuthorization notebookAuthorization = NotebookAuthorization.getInstance();
+
Credentials credentials = new Credentials(false, null, null);
Notebook notebook =
new Notebook(
@@ -106,10 +103,10 @@ public class NotebookServiceTest {
mockInterpreterFactory,
mockInterpreterSettingManager,
searchService,
- notebookAuthorization,
credentials,
null);
- notebookService = new NotebookService(notebook, notebookAuthorization, zeppelinConfiguration);
+ AuthorizationService authorizationService = new AuthorizationService(notebook, notebook.getConf());
+ notebookService = new NotebookService(notebook, authorizationService, zeppelinConfiguration);
String interpreterName = "test";
when(mockInterpreterSetting.getName()).thenReturn(interpreterName);
diff --git a/zeppelin-server/src/test/java/org/apache/zeppelin/socket/NotebookServerTest.java b/zeppelin-server/src/test/java/org/apache/zeppelin/socket/NotebookServerTest.java
index e39f997..e0930b5 100644
--- a/zeppelin-server/src/test/java/org/apache/zeppelin/socket/NotebookServerTest.java
+++ b/zeppelin-server/src/test/java/org/apache/zeppelin/socket/NotebookServerTest.java
@@ -51,9 +51,9 @@ import org.apache.zeppelin.interpreter.InterpreterSetting;
import org.apache.zeppelin.interpreter.remote.RemoteAngularObjectRegistry;
import org.apache.zeppelin.interpreter.thrift.ParagraphInfo;
import org.apache.zeppelin.interpreter.thrift.ServiceException;
+import org.apache.zeppelin.notebook.AuthorizationService;
import org.apache.zeppelin.notebook.Note;
import org.apache.zeppelin.notebook.Notebook;
-import org.apache.zeppelin.notebook.NotebookAuthorization;
import org.apache.zeppelin.notebook.Paragraph;
import org.apache.zeppelin.notebook.repo.NotebookRepoWithVersionControl;
import org.apache.zeppelin.notebook.repo.zeppelinhub.security.Authentication;
@@ -76,6 +76,7 @@ public class NotebookServerTest extends AbstractTestRestApi {
private static Notebook notebook;
private static NotebookServer notebookServer;
private static NotebookService notebookService;
+ private static AuthorizationService authorizationService;
private HttpServletRequest mockRequest;
private AuthenticationInfo anonymous;
@@ -83,10 +84,12 @@ public class NotebookServerTest extends AbstractTestRestApi {
public static void init() throws Exception {
AbstractTestRestApi.startUp(NotebookServerTest.class.getSimpleName());
notebook = TestUtils.getInstance(Notebook.class);
+ authorizationService = new AuthorizationService(notebook, notebook.getConf());
notebookServer = spy(NotebookServer.getInstance());
notebookService =
new NotebookService(
- notebook, NotebookAuthorization.getInstance(), ZeppelinConfiguration.create());
+ notebook, authorizationService, ZeppelinConfiguration.create());
+
ConfigurationService configurationService = new ConfigurationService(notebook.getConf());
when(notebookServer.getNotebookService()).thenReturn(notebookService);
when(notebookServer.getConfigurationService()).thenReturn(configurationService);
@@ -650,8 +653,6 @@ public class NotebookServerTest extends AbstractTestRestApi {
String noteId = note.getId();
String user1Id = "user1", user2Id = "user2";
- NotebookAuthorization notebookAuthorization = NotebookAuthorization.getInstance();
-
// test user1 can get anonymous's note
List<ParagraphInfo> paragraphList0 = null;
try {
@@ -664,10 +665,10 @@ public class NotebookServerTest extends AbstractTestRestApi {
assertNotNull(user1Id + " can get anonymous's note", paragraphList0);
// test user1 cannot get user2's note
- notebookAuthorization.setOwners(noteId, new HashSet<>(Arrays.asList(user2Id)));
- notebookAuthorization.setReaders(noteId, new HashSet<>(Arrays.asList(user2Id)));
- notebookAuthorization.setRunners(noteId, new HashSet<>(Arrays.asList(user2Id)));
- notebookAuthorization.setWriters(noteId, new HashSet<>(Arrays.asList(user2Id)));
+ authorizationService.setOwners(noteId, new HashSet<>(Arrays.asList(user2Id)));
+ authorizationService.setReaders(noteId, new HashSet<>(Arrays.asList(user2Id)));
+ authorizationService.setRunners(noteId, new HashSet<>(Arrays.asList(user2Id)));
+ authorizationService.setWriters(noteId, new HashSet<>(Arrays.asList(user2Id)));
List<ParagraphInfo> paragraphList1 = null;
try {
paragraphList1 = notebookServer.getParagraphList(user1Id, noteId);
@@ -679,10 +680,10 @@ public class NotebookServerTest extends AbstractTestRestApi {
assertNull(user1Id + " cannot get " + user2Id + "'s note", paragraphList1);
// test user1 can get user2's shared note
- notebookAuthorization.setOwners(noteId, new HashSet<>(Arrays.asList(user2Id)));
- notebookAuthorization.setReaders(noteId, new HashSet<>(Arrays.asList(user1Id, user2Id)));
- notebookAuthorization.setRunners(noteId, new HashSet<>(Arrays.asList(user2Id)));
- notebookAuthorization.setWriters(noteId, new HashSet<>(Arrays.asList(user2Id)));
+ authorizationService.setOwners(noteId, new HashSet<>(Arrays.asList(user2Id)));
+ authorizationService.setReaders(noteId, new HashSet<>(Arrays.asList(user1Id, user2Id)));
+ authorizationService.setRunners(noteId, new HashSet<>(Arrays.asList(user2Id)));
+ authorizationService.setWriters(noteId, new HashSet<>(Arrays.asList(user2Id)));
List<ParagraphInfo> paragraphList2 = null;
try {
paragraphList2 = notebookServer.getParagraphList(user1Id, noteId);
diff --git a/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/AuthorizationService.java b/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/AuthorizationService.java
new file mode 100644
index 0000000..7a2cde7
--- /dev/null
+++ b/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/AuthorizationService.java
@@ -0,0 +1,249 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.zeppelin.notebook;
+
+import com.google.common.base.Predicate;
+import com.google.common.collect.FluentIterable;
+import com.google.common.collect.Sets;
+import org.apache.commons.lang.StringUtils;
+import org.apache.zeppelin.conf.ZeppelinConfiguration;
+import org.apache.zeppelin.user.AuthenticationInfo;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.inject.Inject;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+/**
+ * This class is responsible for maintain notes authorization info. And provide api for
+ * setting and querying note authorization info.
+ */
+public class AuthorizationService {
+
+ private static final Logger LOGGER = LoggerFactory.getLogger(AuthorizationService.class);
+ private static final Set<String> EMPTY_SET = new HashSet<>();
+
+ private ZeppelinConfiguration conf;
+ private Notebook notebook;
+ /*
+ * contains roles for each user
+ */
+ private Map<String, Set<String>> userRoles = new HashMap<>();
+
+ @Inject
+ public AuthorizationService(Notebook notebook, ZeppelinConfiguration conf) {
+ this.notebook = notebook;
+ this.conf = conf;
+ }
+
+ private Set<String> validateUser(Set<String> users) {
+ Set<String> returnUser = new HashSet<>();
+ for (String user : users) {
+ if (!user.trim().isEmpty()) {
+ returnUser.add(user.trim());
+ }
+ }
+ return returnUser;
+ }
+
+ public void setOwners(String noteId, Set<String> entities) {
+ entities = validateUser(entities);
+ notebook.getNote(noteId).setOwners(entities);
+ }
+
+ public void setReaders(String noteId, Set<String> entities) {
+ entities = validateUser(entities);
+ notebook.getNote(noteId).setReaders(entities);
+ }
+
+ public void setRunners(String noteId, Set<String> entities) {
+ entities = validateUser(entities);
+ notebook.getNote(noteId).setRunners(entities);
+ }
+
+ public void setWriters(String noteId, Set<String> entities) {
+ entities = validateUser(entities);
+ notebook.getNote(noteId).setWriters(entities);
+ }
+
+ public Set<String> getOwners(String noteId) {
+ Set<String> entities = notebook.getNote(noteId).getOwners();
+ if (entities != null) {
+ return entities;
+ } else {
+ return EMPTY_SET ;
+ }
+ }
+
+ public Set<String> getReaders(String noteId) {
+ Set<String> entities = notebook.getNote(noteId).getReaders();
+ if (entities != null) {
+ return entities;
+ } else {
+ return EMPTY_SET ;
+ }
+ }
+
+ public Set<String> getRunners(String noteId) {
+ Set<String> entities = notebook.getNote(noteId).getRunners();
+ if (entities != null) {
+ return entities;
+ } else {
+ return EMPTY_SET ;
+ }
+ }
+
+ public Set<String> getWriters(String noteId) {
+ Set<String> entities = notebook.getNote(noteId).getWriters();
+ if (entities != null) {
+ return entities;
+ } else {
+ return EMPTY_SET ;
+ }
+ }
+
+ public boolean isOwner(String noteId, Set<String> entities) {
+ return isMember(entities, notebook.getNote(noteId).getOwners()) || isAdmin(entities);
+ }
+
+ public boolean isWriter(String noteId, Set<String> entities) {
+ return isMember(entities, notebook.getNote(noteId).getWriters()) ||
+ isMember(entities, notebook.getNote(noteId).getOwners()) ||
+ isAdmin(entities);
+ }
+
+ public boolean isReader(String noteId, Set<String> entities) {
+ return isMember(entities, notebook.getNote(noteId).getReaders()) ||
+ isMember(entities, notebook.getNote(noteId).getOwners()) ||
+ isMember(entities, notebook.getNote(noteId).getWriters()) ||
+ isMember(entities, notebook.getNote(noteId).getRunners()) ||
+ isAdmin(entities);
+ }
+
+ public boolean isRunner(String noteId, Set<String> entities) {
+ return isMember(entities, notebook.getNote(noteId).getRunners()) ||
+ isMember(entities, notebook.getNote(noteId).getWriters()) ||
+ isMember(entities, notebook.getNote(noteId).getOwners()) ||
+ isAdmin(entities);
+ }
+
+ private boolean isAdmin(Set<String> entities) {
+ String adminRole = conf.getString(ZeppelinConfiguration.ConfVars.ZEPPELIN_OWNER_ROLE);
+ if (StringUtils.isBlank(adminRole)) {
+ return false;
+ }
+ return entities.contains(adminRole);
+ }
+
+ // return true if b is empty or if (a intersection b) is non-empty
+ private boolean isMember(Set<String> a, Set<String> b) {
+ Set<String> intersection = new HashSet<>(b);
+ intersection.retainAll(a);
+ return (b.isEmpty() || (intersection.size() > 0));
+ }
+
+ public boolean isOwner(Set<String> userAndRoles, String noteId) {
+ if (conf.isAnonymousAllowed()) {
+ LOGGER.debug("Zeppelin runs in anonymous mode, everybody is owner");
+ return true;
+ }
+ if (userAndRoles == null) {
+ return false;
+ }
+ return isOwner(noteId, userAndRoles);
+ }
+
+ //TODO(zjffdu) merge this hasWritePermission with isWriter ?
+ public boolean hasWritePermission(Set<String> userAndRoles, String noteId) {
+ if (conf.isAnonymousAllowed()) {
+ LOGGER.debug("Zeppelin runs in anonymous mode, everybody is writer");
+ return true;
+ }
+ if (userAndRoles == null) {
+ return false;
+ }
+ return isWriter(noteId, userAndRoles);
+ }
+
+ public boolean hasReadPermission(Set<String> userAndRoles, String noteId) {
+ if (conf.isAnonymousAllowed()) {
+ LOGGER.debug("Zeppelin runs in anonymous mode, everybody is reader");
+ return true;
+ }
+ if (userAndRoles == null) {
+ return false;
+ }
+ return isReader(noteId, userAndRoles);
+ }
+
+ public boolean hasRunPermission(Set<String> userAndRoles, String noteId) {
+ if (conf.isAnonymousAllowed()) {
+ LOGGER.debug("Zeppelin runs in anonymous mode, everybody is reader");
+ return true;
+ }
+ if (userAndRoles == null) {
+ return false;
+ }
+ return isReader(noteId, userAndRoles);
+ }
+
+ public boolean isPublic() {
+ return conf.isNotebookPublic();
+ }
+
+ public void setRoles(String user, Set<String> roles) {
+ if (StringUtils.isBlank(user)) {
+ LOGGER.warn("Setting roles for empty user");
+ return;
+ }
+ roles = validateUser(roles);
+ userRoles.put(user, roles);
+ }
+
+ public Set<String> getRoles(String user) {
+ Set<String> roles = Sets.newHashSet();
+ if (userRoles.containsKey(user)) {
+ roles.addAll(userRoles.get(user));
+ }
+ return roles;
+ }
+
+ public List<NoteInfo> filterByUser(List<NoteInfo> notes, AuthenticationInfo subject) {
+ final Set<String> entities = Sets.newHashSet();
+ if (subject != null) {
+ entities.add(subject.getUser());
+ }
+ return FluentIterable.from(notes).filter(new Predicate<NoteInfo>() {
+ @Override
+ public boolean apply(NoteInfo input) {
+ return input != null && isReader(input.getId(), entities);
+ }
+ }).toList();
+ }
+
+ public void clearPermission(String noteId) {
+ notebook.getNote(noteId).setReaders(Sets.newHashSet());
+ notebook.getNote(noteId).setRunners(Sets.newHashSet());
+ notebook.getNote(noteId).setWriters(Sets.newHashSet());
+ notebook.getNote(noteId).setOwners(Sets.newHashSet());
+ }
+}
diff --git a/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/Note.java b/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/Note.java
index afc5061..017fc7a 100644
--- a/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/Note.java
+++ b/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/Note.java
@@ -46,11 +46,14 @@ import java.io.IOException;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
+import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashMap;
+import java.util.LinkedHashSet;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
+import java.util.Set;
/**
* Represent the note of Zeppelin. All the note and its paragraph operations are done
@@ -71,6 +74,9 @@ public class Note implements JsonSerializable {
private String id;
private String defaultInterpreterGroup;
private String version;
+ // permissions -> users
+ // e.g. "owners" -> {"u1"}, "readers" -> {"u1", "u2"}
+ private Map<String, Set<String>> permissions = new HashMap<>();
private Map<String, Object> noteParams = new LinkedHashMap<>();
private Map<String, Input> noteForms = new LinkedHashMap<>();
private Map<String, List<AngularObject>> angularObjects = new HashMap<>();
@@ -214,6 +220,103 @@ public class Note implements JsonSerializable {
this.defaultInterpreterGroup = defaultInterpreterGroup;
}
+ // used when creating new note
+ public void initPermissions(AuthenticationInfo subject) {
+ if (!AuthenticationInfo.isAnonymous(subject)) {
+ if (ZeppelinConfiguration.create().isNotebookPublic()) {
+ // add current user to owners - can be public
+ Set<String> owners = getOwners();
+ owners.add(subject.getUser());
+ setOwners(owners);
+ } else {
+ // add current user to owners, readers, runners, writers - private note
+ Set<String> entities = getOwners();
+ entities.add(subject.getUser());
+ setOwners(entities);
+ entities = getReaders();
+ entities.add(subject.getUser());
+ setReaders(entities);
+ entities = getRunners();
+ entities.add(subject.getUser());
+ setRunners(entities);
+ entities = getWriters();
+ entities.add(subject.getUser());
+ setWriters(entities);
+ }
+ }
+ }
+
+ public void setOwners(Set<String> entities) {
+ permissions.put("owners", entities);
+ }
+
+ public Set<String> getOwners() {
+ Set<String> owners = permissions.get("owners");
+ if (owners == null) {
+ owners = new HashSet<>();
+ } else {
+ owners = checkCaseAndConvert(owners);
+ }
+ return owners;
+ }
+
+ public Set<String> getReaders() {
+ Set<String> readers = permissions.get("readers");
+ if (readers == null) {
+ readers = new HashSet<>();
+ } else {
+ readers = checkCaseAndConvert(readers);
+ }
+ return readers;
+ }
+
+ public void setReaders(Set<String> entities) {
+ permissions.put("readers", entities);
+ }
+
+ public Set<String> getRunners() {
+ Set<String> runners = permissions.get("runners");
+ if (runners == null) {
+ runners = new HashSet<>();
+ } else {
+ runners = checkCaseAndConvert(runners);
+ }
+ return runners;
+ }
+
+ public void setRunners(Set<String> entities) {
+ permissions.put("runners", entities);
+ }
+
+ public Set<String> getWriters() {
+ Set<String> writers = permissions.get("writers");
+ if (writers == null) {
+ writers = new HashSet<>();
+ } else {
+ writers = checkCaseAndConvert(writers);
+ }
+ return writers;
+ }
+
+ public void setWriters(Set<String> entities) {
+ permissions.put("writers", entities);
+ }
+
+ /*
+ * If case conversion is enforced, then change entity names to lower case
+ */
+ private Set<String> checkCaseAndConvert(Set<String> entities) {
+ if (ZeppelinConfiguration.create().isUsernameForceLowerCase()) {
+ Set<String> set2 = new HashSet<String>();
+ for (String name : entities) {
+ set2.add(name.toLowerCase());
+ }
+ return set2;
+ } else {
+ return entities;
+ }
+ }
+
public Map<String, Object> getNoteParams() {
return noteParams;
}
diff --git a/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/Notebook.java b/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/Notebook.java
index 9f68232..b542cdc 100644
--- a/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/Notebook.java
+++ b/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/Notebook.java
@@ -29,6 +29,7 @@ import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;
+import java.util.function.Function;
import java.util.stream.Collectors;
import javax.inject.Inject;
import org.apache.commons.lang.StringUtils;
@@ -83,7 +84,6 @@ public class Notebook {
private ParagraphJobListener paragraphJobListener;
private NotebookRepo notebookRepo;
private SearchService noteSearchService;
- private NotebookAuthorization notebookAuthorization;
private List<NoteEventListener> noteEventListeners = new ArrayList<>();
private Credentials credentials;
@@ -99,7 +99,6 @@ public class Notebook {
InterpreterFactory replFactory,
InterpreterSettingManager interpreterSettingManager,
SearchService noteSearchService,
- NotebookAuthorization notebookAuthorization,
Credentials credentials)
throws IOException, SchedulerException {
this.noteManager = new NoteManager(notebookRepo);
@@ -108,7 +107,6 @@ public class Notebook {
this.replFactory = replFactory;
this.interpreterSettingManager = interpreterSettingManager;
this.noteSearchService = noteSearchService;
- this.notebookAuthorization = notebookAuthorization;
this.credentials = credentials;
quertzSchedFact = new org.quartz.impl.StdSchedulerFactory();
quartzSched = quertzSchedFact.getScheduler();
@@ -116,7 +114,6 @@ public class Notebook {
CronJob.notebook = this;
this.noteEventListeners.add(this.noteSearchService);
- this.noteEventListeners.add(this.notebookAuthorization);
this.noteEventListeners.add(this.interpreterSettingManager);
}
@@ -127,7 +124,6 @@ public class Notebook {
InterpreterFactory replFactory,
InterpreterSettingManager interpreterSettingManager,
SearchService noteSearchService,
- NotebookAuthorization notebookAuthorization,
Credentials credentials,
NoteEventListener noteEventListener)
throws IOException, SchedulerException {
@@ -137,7 +133,6 @@ public class Notebook {
replFactory,
interpreterSettingManager,
noteSearchService,
- notebookAuthorization,
credentials);
if (null != noteEventListener) {
this.noteEventListeners.add(noteEventListener);
@@ -183,6 +178,7 @@ public class Notebook {
Note note =
new Note(notePath, defaultInterpreterGroup, replFactory, interpreterSettingManager,
paragraphJobListener, credentials, noteEventListeners);
+ note.initPermissions(subject);
noteManager.addNote(note, subject);
fireNoteCreateEvent(note, subject);
return note;
@@ -499,28 +495,20 @@ public class Notebook {
return noteList;
}
- public List<Note> getAllNotes(Set<String> userAndRoles) {
- final Set<String> entities = Sets.newHashSet();
- if (userAndRoles != null) {
- entities.addAll(userAndRoles);
- }
+ public List<Note> getAllNotes(Function<Note, Boolean> func){
return getAllNotes().stream()
- .filter(note -> notebookAuthorization.isReader(note.getId(), entities))
+ .filter(note -> func.apply(note))
.collect(Collectors.toList());
}
- public List<NoteInfo> getNotesInfo(Set<String> userAndRoles) {
- final Set<String> entities = Sets.newHashSet();
- if (userAndRoles != null) {
- entities.addAll(userAndRoles);
- }
+ public List<NoteInfo> getNotesInfo(Function<String, Boolean> func) {
String homescreenNoteId = conf.getString(ConfVars.ZEPPELIN_NOTEBOOK_HOMESCREEN);
boolean hideHomeScreenNotebookFromList =
conf.getBoolean(ConfVars.ZEPPELIN_NOTEBOOK_HOMESCREEN_HIDE);
synchronized (noteManager.getNotesInfo()) {
List<NoteInfo> notesInfo = noteManager.getNotesInfo().entrySet().stream().filter(entry ->
- notebookAuthorization.isReader(entry.getKey(), entities) &&
+ func.apply(entry.getKey()) &&
((!hideHomeScreenNotebookFromList) ||
((hideHomeScreenNotebookFromList) && !entry.getKey().equals(homescreenNoteId))))
.map(entry -> new NoteInfo(entry.getKey(), entry.getValue()))
@@ -698,10 +686,6 @@ public class Notebook {
return interpreterSettingManager;
}
- public NotebookAuthorization getNotebookAuthorization() {
- return notebookAuthorization;
- }
-
public ZeppelinConfiguration getConf() {
return conf;
}
diff --git a/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/repo/NotebookRepoSync.java b/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/repo/NotebookRepoSync.java
index bfaa28b..dd43d20 100644
--- a/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/repo/NotebookRepoSync.java
+++ b/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/repo/NotebookRepoSync.java
@@ -23,7 +23,6 @@ import org.apache.zeppelin.conf.ZeppelinConfiguration;
import org.apache.zeppelin.conf.ZeppelinConfiguration.ConfVars;
import org.apache.zeppelin.notebook.Note;
import org.apache.zeppelin.notebook.NoteInfo;
-import org.apache.zeppelin.notebook.NotebookAuthorization;
import org.apache.zeppelin.notebook.OldNoteInfo;
import org.apache.zeppelin.notebook.Paragraph;
import org.apache.zeppelin.plugin.PluginManager;
@@ -271,11 +270,9 @@ public class NotebookRepoSync implements NotebookRepoWithVersionControl {
*/
void sync(int sourceRepoIndex, int destRepoIndex, AuthenticationInfo subject) throws IOException {
LOGGER.info("Sync started");
- NotebookAuthorization auth = NotebookAuthorization.getInstance();
NotebookRepo srcRepo = getRepo(sourceRepoIndex);
NotebookRepo dstRepo = getRepo(destRepoIndex);
- List<NoteInfo> allSrcNotes = new ArrayList<>(srcRepo.list(subject).values());
- List<NoteInfo> srcNotes = auth.filterByUser(allSrcNotes, subject);
+ List<NoteInfo> srcNotes = new ArrayList<>(srcRepo.list(subject).values());
List<NoteInfo> dstNotes = new ArrayList<>(dstRepo.list(subject).values());
Map<String, List<NoteInfo>> noteIds = notesCheckDiff(srcNotes, srcRepo, dstNotes, dstRepo,
@@ -289,7 +286,7 @@ public class NotebookRepoSync implements NotebookRepoWithVersionControl {
for (NoteInfo noteInfo : pushNoteIds) {
LOGGER.info("Note : " + noteIds);
}
- pushNotes(subject, pushNoteIds, srcRepo, dstRepo, false);
+ pushNotes(subject, pushNoteIds, srcRepo, dstRepo);
} else {
LOGGER.info("Nothing to push");
}
@@ -299,7 +296,7 @@ public class NotebookRepoSync implements NotebookRepoWithVersionControl {
for (NoteInfo noteInfo : pullNoteIds) {
LOGGER.info("Note : " + noteInfo);
}
- pushNotes(subject, pullNoteIds, dstRepo, srcRepo, true);
+ pushNotes(subject, pullNoteIds, dstRepo, srcRepo);
} else {
LOGGER.info("Nothing to pull");
}
@@ -322,47 +319,16 @@ public class NotebookRepoSync implements NotebookRepoWithVersionControl {
}
private void pushNotes(AuthenticationInfo subject, List<NoteInfo> notesInfo, NotebookRepo localRepo,
- NotebookRepo remoteRepo, boolean setPermissions) {
+ NotebookRepo remoteRepo) {
for (NoteInfo noteInfo : notesInfo) {
try {
remoteRepo.save(localRepo.get(noteInfo.getId(), noteInfo.getPath(), subject), subject);
- if (setPermissions && emptyNoteAcl(noteInfo.getId())) {
- makePrivate(noteInfo.getId(), subject);
- }
} catch (IOException e) {
LOGGER.error("Failed to push note to storage, moving onto next one", e);
}
}
}
- private boolean emptyNoteAcl(String noteId) {
- NotebookAuthorization notebookAuthorization = NotebookAuthorization.getInstance();
- return notebookAuthorization.getOwners(noteId).isEmpty()
- && notebookAuthorization.getReaders(noteId).isEmpty()
- && notebookAuthorization.getRunners(noteId).isEmpty()
- && notebookAuthorization.getWriters(noteId).isEmpty();
- }
-
- private void makePrivate(String noteId, AuthenticationInfo subject) {
- if (AuthenticationInfo.isAnonymous(subject)) {
- LOGGER.info("User is anonymous, permissions are not set for pulled notes");
- return;
- }
- NotebookAuthorization notebookAuthorization = NotebookAuthorization.getInstance();
- Set<String> users = notebookAuthorization.getOwners(noteId);
- users.add(subject.getUser());
- notebookAuthorization.setOwners(noteId, users);
- users = notebookAuthorization.getReaders(noteId);
- users.add(subject.getUser());
- notebookAuthorization.setReaders(noteId, users);
- users = notebookAuthorization.getRunners(noteId);
- users.add(subject.getUser());
- notebookAuthorization.setRunners(noteId, users);
- users = notebookAuthorization.getWriters(noteId);
- users.add(subject.getUser());
- notebookAuthorization.setWriters(noteId, users);
- }
-
private void deleteNotes(AuthenticationInfo subject, List<NoteInfo> noteInfos, NotebookRepo repo)
throws IOException {
for (NoteInfo noteInfo : noteInfos) {
diff --git a/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/repo/zeppelinhub/websocket/ZeppelinClient.java b/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/repo/zeppelinhub/websocket/ZeppelinClient.java
index 0257b8c..3031a59 100644
--- a/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/repo/zeppelinhub/websocket/ZeppelinClient.java
+++ b/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/repo/zeppelinhub/websocket/ZeppelinClient.java
@@ -30,7 +30,7 @@ import java.util.concurrent.Future;
import org.apache.commons.lang3.StringUtils;
import org.apache.zeppelin.conf.ZeppelinConfiguration;
-import org.apache.zeppelin.notebook.NotebookAuthorization;
+import org.apache.zeppelin.notebook.AuthorizationService;
import org.apache.zeppelin.notebook.repo.zeppelinhub.model.UserTokenContainer;
import org.apache.zeppelin.notebook.repo.zeppelinhub.security.Authentication;
import org.apache.zeppelin.notebook.repo.zeppelinhub.websocket.listener.WatcherWebsocket;
@@ -81,7 +81,7 @@ public class ZeppelinClient {
"RUN_PARAGRAPH",
"CANCEL_PARAGRAPH"));
- public static ZeppelinClient initialize(String zeppelinUrl, String token,
+ public static ZeppelinClient initialize(String zeppelinUrl, String token,
ZeppelinConfiguration conf) {
if (instance == null) {
instance = new ZeppelinClient(zeppelinUrl, token, conf);
@@ -192,7 +192,7 @@ public class ZeppelinClient {
return null;
}
}
-
+
private Session openWatcherSession() {
ClientUpgradeRequest request = new ClientUpgradeRequest();
request.setHeader(WatcherSecurityKey.HTTP_HEADER, WatcherSecurityKey.getKey());
@@ -218,7 +218,7 @@ public class ZeppelinClient {
}
noteSession.getRemote().sendStringByFuture(serialize(msg));
}
-
+
public Session getZeppelinConnection(String noteId, String principal, String ticket) {
if (StringUtils.isBlank(noteId)) {
LOG.warn("Cannot get Websocket session with blanck noteId");
@@ -226,7 +226,7 @@ public class ZeppelinClient {
}
return getNoteSession(noteId, principal, ticket);
}
-
+
/*
private Message zeppelinGetNoteMsg(String noteId) {
Message getNoteMsg = new Message(Message.OP.GET_NOTE);
@@ -247,7 +247,7 @@ public class ZeppelinClient {
}
return session;
}
-
+
private Session openNoteSession(String noteId, String principal, String ticket) {
ClientUpgradeRequest request = new ClientUpgradeRequest();
request.setHeader(ORIGIN, "*");
@@ -272,7 +272,7 @@ public class ZeppelinClient {
}
return session;
}
-
+
private boolean isSessionOpen(Session session) {
return (session != null) && (session.isOpen());
}
@@ -299,7 +299,7 @@ public class ZeppelinClient {
if (!isActionable(zeppelinMsg.op)) {
return;
}
-
+
token = UserTokenContainer.getInstance().getUserToken(zeppelinMsg.principal);
Client client = Client.getInstance();
if (client == null) {
@@ -319,7 +319,7 @@ public class ZeppelinClient {
if (StringUtils.isBlank(noteId)) {
return;
}
- NotebookAuthorization noteAuth = NotebookAuthorization.getInstance();
+ AuthorizationService noteAuth = null; // AuthorizationService.get();
Map<String, String> userTokens = UserTokenContainer.getInstance().getAllUserTokens();
Client client = Client.getInstance();
Set<String> userAndRoles;
@@ -341,7 +341,7 @@ public class ZeppelinClient {
}
return actionable.contains(action.name());
}
-
+
public void removeNoteConnection(String noteId) {
if (StringUtils.isBlank(noteId)) {
LOG.error("Cannot remove session for empty noteId");
@@ -356,7 +356,7 @@ public class ZeppelinClient {
}
LOG.info("Removed note websocket connection for note {}", noteId);
}
-
+
private void removeAllConnections() {
if (watcherSession != null && watcherSession.isOpen()) {
watcherSession.close();
@@ -379,7 +379,7 @@ public class ZeppelinClient {
}
watcherSession.getRemote().sendStringByFuture(serialize(new Message(OP.PING)));
}
-
+
/**
* Only used in test.
*/
diff --git a/zeppelin-zengine/src/test/java/org/apache/zeppelin/helium/HeliumApplicationFactoryTest.java b/zeppelin-zengine/src/test/java/org/apache/zeppelin/helium/HeliumApplicationFactoryTest.java
index 763b5fa..bb009e6 100644
--- a/zeppelin-zengine/src/test/java/org/apache/zeppelin/helium/HeliumApplicationFactoryTest.java
+++ b/zeppelin-zengine/src/test/java/org/apache/zeppelin/helium/HeliumApplicationFactoryTest.java
@@ -29,7 +29,6 @@ import org.apache.zeppelin.interpreter.InterpreterSetting;
import org.apache.zeppelin.notebook.ApplicationState;
import org.apache.zeppelin.notebook.Note;
import org.apache.zeppelin.notebook.Notebook;
-import org.apache.zeppelin.notebook.NotebookAuthorization;
import org.apache.zeppelin.notebook.Paragraph;
import org.apache.zeppelin.notebook.repo.NotebookRepo;
import org.apache.zeppelin.search.SearchService;
@@ -57,16 +56,14 @@ public class HeliumApplicationFactoryTest extends AbstractInterpreterTest {
SearchService search = mock(SearchService.class);
notebookRepo = mock(NotebookRepo.class);
- NotebookAuthorization notebookAuthorization = NotebookAuthorization.init(conf);
- /*notebook =
+ notebook =
new Notebook(
conf,
notebookRepo,
interpreterFactory,
interpreterSettingManager,
search,
- notebookAuthorization,
- new Credentials(false, null, null));*/
+ new Credentials(false, null, null));
heliumAppFactory = new HeliumApplicationFactory(notebook, null);
diff --git a/zeppelin-zengine/src/test/java/org/apache/zeppelin/notebook/NotebookTest.java b/zeppelin-zengine/src/test/java/org/apache/zeppelin/notebook/NotebookTest.java
index e8cbf3c..cd2fbf3 100644
--- a/zeppelin-zengine/src/test/java/org/apache/zeppelin/notebook/NotebookTest.java
+++ b/zeppelin-zengine/src/test/java/org/apache/zeppelin/notebook/NotebookTest.java
@@ -23,7 +23,6 @@ import org.apache.zeppelin.conf.ZeppelinConfiguration.ConfVars;
import org.apache.zeppelin.display.AngularObjectRegistry;
import org.apache.zeppelin.interpreter.AbstractInterpreterTest;
import org.apache.zeppelin.interpreter.InterpreterException;
-import org.apache.zeppelin.interpreter.InterpreterFactory;
import org.apache.zeppelin.interpreter.InterpreterGroup;
import org.apache.zeppelin.interpreter.InterpreterNotFoundException;
import org.apache.zeppelin.interpreter.InterpreterOption;
@@ -79,7 +78,7 @@ public class NotebookTest extends AbstractInterpreterTest implements ParagraphJo
private Notebook notebook;
private NotebookRepo notebookRepo;
- private NotebookAuthorization notebookAuthorization;
+ private AuthorizationService authorizationService;
private Credentials credentials;
private AuthenticationInfo anonymous = AuthenticationInfo.ANONYMOUS;
private StatusChangedListener afterStatusChangedListener;
@@ -92,10 +91,11 @@ public class NotebookTest extends AbstractInterpreterTest implements ParagraphJo
SearchService search = mock(SearchService.class);
notebookRepo = new InMemoryNotebookRepo();
- notebookAuthorization = NotebookAuthorization.init(conf);
+
credentials = new Credentials(conf.credentialsPersist(), conf.getCredentialsPath(), null);
notebook = new Notebook(conf, notebookRepo, interpreterFactory, interpreterSettingManager, search,
- notebookAuthorization, credentials, null);
+ credentials, null);
+ authorizationService = new AuthorizationService(notebook, notebook.getConf());
notebook.setParagraphJobListener(this);
}
@@ -113,13 +113,13 @@ public class NotebookTest extends AbstractInterpreterTest implements ParagraphJo
notebookRepo = new DummyNotebookRepo();
notebook = new Notebook(conf, notebookRepo, interpreterFactory,
interpreterSettingManager, null,
- notebookAuthorization, credentials, null);
+ credentials, null);
assertFalse("Revision is not supported in DummyNotebookRepo", notebook.isRevisionSupported());
notebookRepo = new DummyNotebookRepoWithVersionControl();
notebook = new Notebook(conf, notebookRepo, interpreterFactory,
interpreterSettingManager, null,
- notebookAuthorization, credentials, null);
+ credentials, null);
assertTrue("Revision is supported in DummyNotebookRepoWithVersionControl",
notebook.isRevisionSupported());
}
@@ -387,11 +387,11 @@ public class NotebookTest extends AbstractInterpreterTest implements ParagraphJo
AuthenticationInfo subject = new AuthenticationInfo("user1");
Note note = notebook.createNote("note1", subject);
- assertNotNull(notebook.getNotebookAuthorization().getOwners(note.getId()));
- assertEquals(1, notebook.getNotebookAuthorization().getOwners(note.getId()).size());
+ assertNotNull(authorizationService.getOwners(note.getId()));
+ assertEquals(1, authorizationService.getOwners(note.getId()).size());
Set<String> owners = new HashSet<>();
owners.add("user1");
- assertEquals(owners, notebook.getNotebookAuthorization().getOwners(note.getId()));
+ assertEquals(owners, authorizationService.getOwners(note.getId()));
notebook.removeNote(note.getId(), anonymous);
}
@@ -783,7 +783,7 @@ public class NotebookTest extends AbstractInterpreterTest implements ParagraphJo
@Test
public void testCronNoteInTrash() throws InterruptedException, IOException, SchedulerException {
Note note = notebook.createNote("~Trash/NotCron", anonymous);
-
+
Map<String, Object> config = note.getConfig();
config.put("enabled", true);
config.put("cron", "* * * * * ?");
@@ -826,11 +826,11 @@ public class NotebookTest extends AbstractInterpreterTest implements ParagraphJo
// Verify import note with subject
AuthenticationInfo subject = new AuthenticationInfo("user1");
Note importedNote2 = notebook.importNote(exportedNoteJson, "Title2", subject);
- assertNotNull(notebook.getNotebookAuthorization().getOwners(importedNote2.getId()));
- assertEquals(1, notebook.getNotebookAuthorization().getOwners(importedNote2.getId()).size());
+ assertNotNull(authorizationService.getOwners(importedNote2.getId()));
+ assertEquals(1, authorizationService.getOwners(importedNote2.getId()).size());
Set<String> owners = new HashSet<>();
owners.add("user1");
- assertEquals(owners, notebook.getNotebookAuthorization().getOwners(importedNote2.getId()));
+ assertEquals(owners, authorizationService.getOwners(importedNote2.getId()));
notebook.removeNote(note.getId(), anonymous);
notebook.removeNote(importedNote.getId(), anonymous);
notebook.removeNote(importedNote2.getId(), anonymous);
@@ -857,11 +857,11 @@ public class NotebookTest extends AbstractInterpreterTest implements ParagraphJo
// Verify clone note with subject
AuthenticationInfo subject = new AuthenticationInfo("user1");
Note cloneNote2 = notebook.cloneNote(note.getId(), "clone note2", subject);
- assertNotNull(notebook.getNotebookAuthorization().getOwners(cloneNote2.getId()));
- assertEquals(1, notebook.getNotebookAuthorization().getOwners(cloneNote2.getId()).size());
+ assertNotNull(authorizationService.getOwners(cloneNote2.getId()));
+ assertEquals(1, authorizationService.getOwners(cloneNote2.getId()).size());
Set<String> owners = new HashSet<>();
owners.add("user1");
- assertEquals(owners, notebook.getNotebookAuthorization().getOwners(cloneNote2.getId()));
+ assertEquals(owners, authorizationService.getOwners(cloneNote2.getId()));
notebook.removeNote(note.getId(), anonymous);
notebook.removeNote(cloneNote.getId(), anonymous);
notebook.removeNote(cloneNote2.getId(), anonymous);
@@ -987,51 +987,50 @@ public class NotebookTest extends AbstractInterpreterTest implements ParagraphJo
public void testPermissions() throws IOException {
// create a note and a paragraph
Note note = notebook.createNote("note1", anonymous);
- NotebookAuthorization notebookAuthorization = notebook.getNotebookAuthorization();
// empty owners, readers or writers means note is public
- assertEquals(notebookAuthorization.isOwner(note.getId(),
+ assertEquals(authorizationService.isOwner(note.getId(),
new HashSet<>(Arrays.asList("user2"))), true);
- assertEquals(notebookAuthorization.isReader(note.getId(),
+ assertEquals(authorizationService.isReader(note.getId(),
new HashSet<>(Arrays.asList("user2"))), true);
- assertEquals(notebookAuthorization.isRunner(note.getId(),
+ assertEquals(authorizationService.isRunner(note.getId(),
new HashSet<>(Arrays.asList("user2"))), true);
- assertEquals(notebookAuthorization.isWriter(note.getId(),
+ assertEquals(authorizationService.isWriter(note.getId(),
new HashSet<>(Arrays.asList("user2"))), true);
- notebookAuthorization.setOwners(note.getId(),
+ authorizationService.setOwners(note.getId(),
new HashSet<>(Arrays.asList("user1")));
- notebookAuthorization.setReaders(note.getId(),
+ authorizationService.setReaders(note.getId(),
new HashSet<>(Arrays.asList("user1", "user2")));
- notebookAuthorization.setRunners(note.getId(),
+ authorizationService.setRunners(note.getId(),
new HashSet<>(Arrays.asList("user3")));
- notebookAuthorization.setWriters(note.getId(),
+ authorizationService.setWriters(note.getId(),
new HashSet<>(Arrays.asList("user1")));
- assertEquals(notebookAuthorization.isOwner(note.getId(),
+ assertEquals(authorizationService.isOwner(note.getId(),
new HashSet<>(Arrays.asList("user2"))), false);
- assertEquals(notebookAuthorization.isOwner(note.getId(),
+ assertEquals(authorizationService.isOwner(note.getId(),
new HashSet<>(Arrays.asList("user1"))), true);
- assertEquals(notebookAuthorization.isReader(note.getId(),
+ assertEquals(authorizationService.isReader(note.getId(),
new HashSet<>(Arrays.asList("user4"))), false);
- assertEquals(notebookAuthorization.isReader(note.getId(),
+ assertEquals(authorizationService.isReader(note.getId(),
new HashSet<>(Arrays.asList("user2"))), true);
- assertEquals(notebookAuthorization.isRunner(note.getId(),
+ assertEquals(authorizationService.isRunner(note.getId(),
new HashSet<>(Arrays.asList("user3"))), true);
- assertEquals(notebookAuthorization.isRunner(note.getId(),
+ assertEquals(authorizationService.isRunner(note.getId(),
new HashSet<>(Arrays.asList("user2"))), false);
- assertEquals(notebookAuthorization.isWriter(note.getId(),
+ assertEquals(authorizationService.isWriter(note.getId(),
new HashSet<>(Arrays.asList("user2"))), false);
- assertEquals(notebookAuthorization.isWriter(note.getId(),
+ assertEquals(authorizationService.isWriter(note.getId(),
new HashSet<>(Arrays.asList("user1"))), true);
// Test clearing of permissions
- notebookAuthorization.setReaders(note.getId(), Sets.<String>newHashSet());
- assertEquals(notebookAuthorization.isReader(note.getId(),
+ authorizationService.setReaders(note.getId(), Sets.<String>newHashSet());
+ assertEquals(authorizationService.isReader(note.getId(),
new HashSet<>(Arrays.asList("user2"))), true);
- assertEquals(notebookAuthorization.isReader(note.getId(),
+ assertEquals(authorizationService.isReader(note.getId(),
new HashSet<>(Arrays.asList("user4"))), true);
notebook.removeNote(note.getId(), anonymous);
@@ -1043,42 +1042,42 @@ public class NotebookTest extends AbstractInterpreterTest implements ParagraphJo
String user2 = "user2";
Set<String> roles = Sets.newHashSet("admin");
// set admin roles for both user1 and user2
- notebookAuthorization.setRoles(user1, roles);
- notebookAuthorization.setRoles(user2, roles);
+ authorizationService.setRoles(user1, roles);
+ authorizationService.setRoles(user2, roles);
Note note = notebook.createNote("note1", new AuthenticationInfo(user1));
// check that user1 is owner, reader, runner and writer
- assertEquals(notebookAuthorization.isOwner(note.getId(),
+ assertEquals(authorizationService.isOwner(note.getId(),
Sets.newHashSet(user1)), true);
- assertEquals(notebookAuthorization.isReader(note.getId(),
+ assertEquals(authorizationService.isReader(note.getId(),
Sets.newHashSet(user1)), true);
- assertEquals(notebookAuthorization.isRunner(note.getId(),
+ assertEquals(authorizationService.isRunner(note.getId(),
Sets.newHashSet(user2)), true);
- assertEquals(notebookAuthorization.isWriter(note.getId(),
+ assertEquals(authorizationService.isWriter(note.getId(),
Sets.newHashSet(user1)), true);
// since user1 and user2 both have admin role, user2 will be reader and writer as well
- assertEquals(notebookAuthorization.isOwner(note.getId(),
+ assertEquals(authorizationService.isOwner(note.getId(),
Sets.newHashSet(user2)), false);
- assertEquals(notebookAuthorization.isReader(note.getId(),
+ assertEquals(authorizationService.isReader(note.getId(),
Sets.newHashSet(user2)), true);
- assertEquals(notebookAuthorization.isRunner(note.getId(),
+ assertEquals(authorizationService.isRunner(note.getId(),
Sets.newHashSet(user2)), true);
- assertEquals(notebookAuthorization.isWriter(note.getId(),
+ assertEquals(authorizationService.isWriter(note.getId(),
Sets.newHashSet(user2)), true);
// check that user1 has note listed in his workbench
- Set<String> user1AndRoles = notebookAuthorization.getRoles(user1);
+ Set<String> user1AndRoles = authorizationService.getRoles(user1);
user1AndRoles.add(user1);
- List<Note> user1Notes = notebook.getAllNotes(user1AndRoles);
+ List<NoteInfo> user1Notes = notebook.getNotesInfo(noteId -> authorizationService.isReader(noteId, user1AndRoles));
assertEquals(user1Notes.size(), 1);
assertEquals(user1Notes.get(0).getId(), note.getId());
// check that user2 has note listed in his workbench because of admin role
- Set<String> user2AndRoles = notebookAuthorization.getRoles(user2);
+ Set<String> user2AndRoles = authorizationService.getRoles(user2);
user2AndRoles.add(user2);
- List<Note> user2Notes = notebook.getAllNotes(user2AndRoles);
+ List<NoteInfo> user2Notes = notebook.getNotesInfo(noteId -> authorizationService.isReader(noteId, user2AndRoles));
assertEquals(user2Notes.size(), 1);
assertEquals(user2Notes.get(0).getId(), note.getId());
}
@@ -1359,26 +1358,26 @@ public class NotebookTest extends AbstractInterpreterTest implements ParagraphJo
public void testGetAllNotes() throws Exception {
Note note1 = notebook.createNote("note1", anonymous);
Note note2 = notebook.createNote("note2", anonymous);
- assertEquals(2, notebook.getAllNotes(Sets.newHashSet("anonymous")).size());
-
- notebook.getNotebookAuthorization().setOwners(note1.getId(), Sets.newHashSet("user1"));
- notebook.getNotebookAuthorization().setWriters(note1.getId(), Sets.newHashSet("user1"));
- notebook.getNotebookAuthorization().setRunners(note1.getId(), Sets.newHashSet("user1"));
- notebook.getNotebookAuthorization().setReaders(note1.getId(), Sets.newHashSet("user1"));
- assertEquals(1, notebook.getAllNotes(Sets.newHashSet("anonymous")).size());
- assertEquals(2, notebook.getAllNotes(Sets.newHashSet("user1")).size());
-
- notebook.getNotebookAuthorization().setOwners(note2.getId(), Sets.newHashSet("user2"));
- notebook.getNotebookAuthorization().setWriters(note2.getId(), Sets.newHashSet("user2"));
- notebook.getNotebookAuthorization().setReaders(note2.getId(), Sets.newHashSet("user2"));
- notebook.getNotebookAuthorization().setRunners(note2.getId(), Sets.newHashSet("user2"));
- assertEquals(0, notebook.getAllNotes(Sets.newHashSet("anonymous")).size());
- assertEquals(1, notebook.getAllNotes(Sets.newHashSet("user1")).size());
- assertEquals(1, notebook.getAllNotes(Sets.newHashSet("user2")).size());
- notebook.removeNote(note1.getId(), anonymous);
- notebook.removeNote(note2.getId(), anonymous);
+ assertEquals(2, notebook.getAllNotes(note -> authorizationService.isReader(note.getId(), Sets.newHashSet("anonymous"))).size());
+
+ authorizationService.setOwners(note1.getId(), Sets.newHashSet("user1"));
+ authorizationService.setWriters(note1.getId(), Sets.newHashSet("user1"));
+ authorizationService.setRunners(note1.getId(), Sets.newHashSet("user1"));
+ authorizationService.setReaders(note1.getId(), Sets.newHashSet("user1"));
+ assertEquals(1, notebook.getAllNotes(note -> authorizationService.isReader(note.getId(), Sets.newHashSet("anonymous"))).size());
+ assertEquals(2, notebook.getAllNotes(note -> authorizationService.isReader(note.getId(), Sets.newHashSet("user1"))).size());
+
+ authorizationService.setOwners(note2.getId(), Sets.newHashSet("user2"));
+ authorizationService.setWriters(note2.getId(), Sets.newHashSet("user2"));
+ authorizationService.setReaders(note2.getId(), Sets.newHashSet("user2"));
+ authorizationService.setRunners(note2.getId(), Sets.newHashSet("user2"));
+ assertEquals(0, notebook.getAllNotes(note -> authorizationService.isReader(note.getId(), Sets.newHashSet("anonymous"))).size());
+ assertEquals(1, notebook.getAllNotes(note -> authorizationService.isReader(note.getId(), Sets.newHashSet("user1"))).size());
+ assertEquals(1, notebook.getAllNotes(note -> authorizationService.isReader(note.getId(), Sets.newHashSet("user2"))).size());
+ notebook.removeNote(note1.getId(), AuthenticationInfo.ANONYMOUS);
+ notebook.removeNote(note2.getId(), AuthenticationInfo.ANONYMOUS);
}
-
+
@Test
public void testCreateDuplicateNote() throws Exception {
Note note1 = notebook.createNote("note1", anonymous);
@@ -1394,53 +1393,48 @@ public class NotebookTest extends AbstractInterpreterTest implements ParagraphJo
@Test
public void testGetAllNotesWithDifferentPermissions() throws IOException {
- HashSet<String> user1 = Sets.newHashSet("user1");
- HashSet<String> user2 = Sets.newHashSet("user1");
- List<Note> notes1 = notebook.getAllNotes(user1);
- List<Note> notes2 = notebook.getAllNotes(user2);
+ List<Note> notes1 = notebook.getAllNotes(note -> authorizationService.isReader(note.getId(), Sets.newHashSet("user1")));
+ List<Note> notes2 = notebook.getAllNotes(note -> authorizationService.isReader(note.getId(), Sets.newHashSet("user2")));
assertEquals(notes1.size(), 0);
assertEquals(notes2.size(), 0);
//creates note and sets user1 owner
- Note note = notebook.createNote("note1", new AuthenticationInfo("user1"));
+ Note note1 = notebook.createNote("note1", new AuthenticationInfo("user1"));
// note is public since readers and writers empty
- notes1 = notebook.getAllNotes(user1);
- notes2 = notebook.getAllNotes(user2);
+ notes1 = notebook.getAllNotes(note -> authorizationService.isReader(note.getId(), Sets.newHashSet("user1")));
+ notes2 = notebook.getAllNotes(note -> authorizationService.isReader(note.getId(), Sets.newHashSet("user2")));
assertEquals(notes1.size(), 1);
assertEquals(notes2.size(), 1);
- notebook.getNotebookAuthorization().setReaders(note.getId(), Sets.newHashSet("user1"));
+ authorizationService.setReaders(note1.getId(), Sets.newHashSet("user1"));
//note is public since writers empty
- notes1 = notebook.getAllNotes(user1);
- notes2 = notebook.getAllNotes(user2);
+ notes1 = notebook.getAllNotes(note -> authorizationService.isReader(note.getId(), Sets.newHashSet("user1")));
+ notes2 = notebook.getAllNotes(note -> authorizationService.isReader(note.getId(), Sets.newHashSet("user2")));
assertEquals(notes1.size(), 1);
assertEquals(notes2.size(), 1);
- notebook.getNotebookAuthorization().setRunners(note.getId(), Sets.newHashSet("user1"));
- notes1 = notebook.getAllNotes(user1);
- notes2 = notebook.getAllNotes(user2);
+ authorizationService.setRunners(note1.getId(), Sets.newHashSet("user1"));
+ notes1 = notebook.getAllNotes(note -> authorizationService.isReader(note.getId(), Sets.newHashSet("user1")));
+ notes2 = notebook.getAllNotes(note -> authorizationService.isReader(note.getId(), Sets.newHashSet("user2")));
assertEquals(notes1.size(), 1);
assertEquals(notes2.size(), 1);
- notebook.getNotebookAuthorization().setWriters(note.getId(), Sets.newHashSet("user1"));
- notes1 = notebook.getAllNotes(user1);
- notes2 = notebook.getAllNotes(user2);
+ authorizationService.setWriters(note1.getId(), Sets.newHashSet("user1"));
+ notes1 = notebook.getAllNotes(note -> authorizationService.isReader(note.getId(), Sets.newHashSet("user1")));
+ notes2 = notebook.getAllNotes(note -> authorizationService.isReader(note.getId(), Sets.newHashSet("user2")));
assertEquals(notes1.size(), 1);
- assertEquals(notes2.size(), 1);
+ assertEquals(notes2.size(), 0);
}
@Test
- public void testPublicPrivateNewNote() throws IOException, SchedulerException {
- HashSet<String> user1 = Sets.newHashSet("user1");
- HashSet<String> user2 = Sets.newHashSet("user2");
-
+ public void testPublicPrivateNewNote() throws IOException {
// case of public note
assertTrue(conf.isNotebookPublic());
- assertTrue(notebookAuthorization.isPublic());
+ assertTrue(authorizationService.isPublic());
- List<Note> notes1 = notebook.getAllNotes(user1);
- List<Note> notes2 = notebook.getAllNotes(user2);
+ List<Note> notes1 = notebook.getAllNotes(note -> authorizationService.isReader(note.getId(), Sets.newHashSet("user1")));
+ List<Note> notes2 = notebook.getAllNotes(note -> authorizationService.isReader(note.getId(), Sets.newHashSet("user2")));
assertEquals(notes1.size(), 0);
assertEquals(notes2.size(), 0);
@@ -1448,29 +1442,29 @@ public class NotebookTest extends AbstractInterpreterTest implements ParagraphJo
Note notePublic = notebook.createNote("note1", new AuthenticationInfo("user1"));
// both users have note
- notes1 = notebook.getAllNotes(user1);
- notes2 = notebook.getAllNotes(user2);
+ notes1 = notebook.getAllNotes(note -> authorizationService.isReader(note.getId(), Sets.newHashSet("user1")));
+ notes2 = notebook.getAllNotes(note -> authorizationService.isReader(note.getId(), Sets.newHashSet("user2")));
assertEquals(notes1.size(), 1);
assertEquals(notes2.size(), 1);
assertEquals(notes1.get(0).getId(), notePublic.getId());
assertEquals(notes2.get(0).getId(), notePublic.getId());
// user1 is only owner
- assertEquals(notebookAuthorization.getOwners(notePublic.getId()).size(), 1);
- assertEquals(notebookAuthorization.getReaders(notePublic.getId()).size(), 0);
- assertEquals(notebookAuthorization.getRunners(notePublic.getId()).size(), 0);
- assertEquals(notebookAuthorization.getWriters(notePublic.getId()).size(), 0);
+ assertEquals(authorizationService.getOwners(notePublic.getId()).size(), 1);
+ assertEquals(authorizationService.getReaders(notePublic.getId()).size(), 0);
+ assertEquals(authorizationService.getRunners(notePublic.getId()).size(), 0);
+ assertEquals(authorizationService.getWriters(notePublic.getId()).size(), 0);
// case of private note
System.setProperty(ConfVars.ZEPPELIN_NOTEBOOK_PUBLIC.getVarName(), "false");
ZeppelinConfiguration conf2 = ZeppelinConfiguration.create();
assertFalse(conf2.isNotebookPublic());
// notebook authorization reads from conf, so no need to re-initilize
- assertFalse(notebookAuthorization.isPublic());
+ assertFalse(authorizationService.isPublic());
// check that still 1 note per user
- notes1 = notebook.getAllNotes(user1);
- notes2 = notebook.getAllNotes(user2);
+ notes1 = notebook.getAllNotes(note -> authorizationService.isReader(note.getId(), Sets.newHashSet("user1")));
+ notes2 = notebook.getAllNotes(note -> authorizationService.isReader(note.getId(), Sets.newHashSet("user2")));
assertEquals(notes1.size(), 1);
assertEquals(notes2.size(), 1);
@@ -1478,17 +1472,17 @@ public class NotebookTest extends AbstractInterpreterTest implements ParagraphJo
Note notePrivate = notebook.createNote("note2", new AuthenticationInfo("user1"));
// only user1 have notePrivate right after creation
- notes1 = notebook.getAllNotes(user1);
- notes2 = notebook.getAllNotes(user2);
+ notes1 = notebook.getAllNotes(note -> authorizationService.isReader(note.getId(), Sets.newHashSet("user1")));
+ notes2 = notebook.getAllNotes(note -> authorizationService.isReader(note.getId(), Sets.newHashSet("user2")));
assertEquals(notes1.size(), 2);
assertEquals(notes2.size(), 1);
assertEquals(true, notes1.contains(notePrivate));
// user1 have all rights
- assertEquals(notebookAuthorization.getOwners(notePrivate.getId()).size(), 1);
- assertEquals(notebookAuthorization.getReaders(notePrivate.getId()).size(), 1);
- assertEquals(notebookAuthorization.getRunners(notePrivate.getId()).size(), 1);
- assertEquals(notebookAuthorization.getWriters(notePrivate.getId()).size(), 1);
+ assertEquals(authorizationService.getOwners(notePrivate.getId()).size(), 1);
+ assertEquals(authorizationService.getReaders(notePrivate.getId()).size(), 1);
+ assertEquals(authorizationService.getRunners(notePrivate.getId()).size(), 1);
+ assertEquals(authorizationService.getWriters(notePrivate.getId()).size(), 1);
//set back public to true
System.setProperty(ConfVars.ZEPPELIN_NOTEBOOK_PUBLIC.getVarName(), "true");
diff --git a/zeppelin-zengine/src/test/java/org/apache/zeppelin/search/LuceneSearchTest.java b/zeppelin-zengine/src/test/java/org/apache/zeppelin/search/LuceneSearchTest.java
index 5ac09a6..52178dc 100644
--- a/zeppelin-zengine/src/test/java/org/apache/zeppelin/search/LuceneSearchTest.java
+++ b/zeppelin-zengine/src/test/java/org/apache/zeppelin/search/LuceneSearchTest.java
@@ -31,7 +31,6 @@ import org.apache.zeppelin.interpreter.InterpreterSetting;
import org.apache.zeppelin.interpreter.InterpreterSettingManager;
import org.apache.zeppelin.notebook.Note;
import org.apache.zeppelin.notebook.Notebook;
-import org.apache.zeppelin.notebook.NotebookAuthorization;
import org.apache.zeppelin.notebook.Paragraph;
import org.apache.zeppelin.notebook.repo.NotebookRepo;
import org.apache.zeppelin.user.AuthenticationInfo;
@@ -57,7 +56,7 @@ public class LuceneSearchTest {
when(interpreterSettingManager.getDefaultInterpreterSetting()).thenReturn(defaultInterpreterSetting);
notebook = new Notebook(ZeppelinConfiguration.create(), mock(NotebookRepo.class),
mock(InterpreterFactory.class), interpreterSettingManager,
- noteSearchService, mock(NotebookAuthorization.class),
+ noteSearchService,
mock(Credentials.class), null);
}