You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@kylin.apache.org by bi...@apache.org on 2018/03/06 17:53:23 UTC
[kylin] 04/07: minor, check user/group exists when grant access.
This is an automated email from the ASF dual-hosted git repository.
billyliu pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/kylin.git
commit 5807cdf70f8e8215566fcb20ae3b900f20f8ed27
Author: Jiatao Tao <24...@qq.com>
AuthorDate: Tue Feb 6 19:38:31 2018 +0800
minor, check user/group exists when grant access.
---
.../org/apache/kylin/rest/controller/AccessController.java | 14 +++++++++++---
.../main/java/org/apache/kylin/rest/util/ValidateUtil.java | 2 +-
.../apache/kylin/rest/controller/AccessControllerTest.java | 11 ++++++++---
.../test/java/org/apache/kylin/rest/util/AclUtilTest.java | 4 +++-
4 files changed, 23 insertions(+), 8 deletions(-)
diff --git a/server-base/src/main/java/org/apache/kylin/rest/controller/AccessController.java b/server-base/src/main/java/org/apache/kylin/rest/controller/AccessController.java
index 7935f77..56cae10 100644
--- a/server-base/src/main/java/org/apache/kylin/rest/controller/AccessController.java
+++ b/server-base/src/main/java/org/apache/kylin/rest/controller/AccessController.java
@@ -36,6 +36,7 @@ import org.apache.kylin.rest.service.ProjectService;
import org.apache.kylin.rest.service.TableACLService;
import org.apache.kylin.rest.service.UserService;
import org.apache.kylin.rest.util.AclPermissionUtil;
+import org.apache.kylin.rest.util.ValidateUtil;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
@@ -75,7 +76,10 @@ public class AccessController extends BasicController implements InitializingBea
@Qualifier("userService")
private UserService userService;
-
+ @Autowired
+ @Qualifier("validateUtil")
+ private ValidateUtil validateUtil;
+
@Override
public void afterPropertiesSet() throws Exception {
// init ExternalAclProvider
@@ -138,9 +142,13 @@ public class AccessController extends BasicController implements InitializingBea
*/
@RequestMapping(value = "/{type}/{uuid}", method = { RequestMethod.POST }, produces = { "application/json" })
@ResponseBody
- public List<AccessEntryResponse> grant(@PathVariable String type, @PathVariable String uuid, @RequestBody AccessRequest accessRequest) {
+ public List<AccessEntryResponse> grant(@PathVariable String type, @PathVariable String uuid, @RequestBody AccessRequest accessRequest) throws IOException {
+ boolean isPrincipal = accessRequest.isPrincipal();
+ String name = accessRequest.getSid();
+ validateUtil.checkIdentifiersExists(name, isPrincipal);
+
AclEntity ae = accessService.getAclEntity(type, uuid);
- Sid sid = accessService.getSid(accessRequest.getSid(), accessRequest.isPrincipal());
+ Sid sid = accessService.getSid(name, isPrincipal);
Permission permission = AclPermissionFactory.getPermission(accessRequest.getPermission());
Acl acl = accessService.grant(ae, permission, sid);
diff --git a/server-base/src/main/java/org/apache/kylin/rest/util/ValidateUtil.java b/server-base/src/main/java/org/apache/kylin/rest/util/ValidateUtil.java
index c250da7..1d56a71 100644
--- a/server-base/src/main/java/org/apache/kylin/rest/util/ValidateUtil.java
+++ b/server-base/src/main/java/org/apache/kylin/rest/util/ValidateUtil.java
@@ -89,7 +89,7 @@ public class ValidateUtil {
public void validateIdentifiers(String prj, String name, String type) throws IOException {
Set<String> allIdentifiers = getAllIdentifiersInPrj(prj, type);
if (!allIdentifiers.contains(name)) {
- throw new RuntimeException("Operation failed, identifiers:" + name + " not exists");
+ throw new RuntimeException("Operation failed, " + type + ":" + name + " not exists in project.");
}
}
diff --git a/server/src/test/java/org/apache/kylin/rest/controller/AccessControllerTest.java b/server/src/test/java/org/apache/kylin/rest/controller/AccessControllerTest.java
index 217b54c..dea37f5 100644
--- a/server/src/test/java/org/apache/kylin/rest/controller/AccessControllerTest.java
+++ b/server/src/test/java/org/apache/kylin/rest/controller/AccessControllerTest.java
@@ -34,6 +34,7 @@ import org.apache.kylin.rest.security.AclEntityType;
import org.apache.kylin.rest.security.AclPermissionType;
import org.apache.kylin.rest.security.ManagedUser;
import org.apache.kylin.rest.service.CubeService;
+import org.apache.kylin.rest.service.IUserGroupService;
import org.apache.kylin.rest.service.ProjectService;
import org.apache.kylin.rest.service.ServiceTestBase;
import org.apache.kylin.rest.service.UserService;
@@ -78,6 +79,10 @@ public class AccessControllerTest extends ServiceTestBase implements AclEntityTy
@Qualifier("userService")
UserService userService;
+ @Autowired
+ @Qualifier("userGroupService")
+ private IUserGroupService userGroupService;
+
@Before
public void setup() throws Exception {
super.setup();
@@ -88,11 +93,11 @@ public class AccessControllerTest extends ServiceTestBase implements AclEntityTy
}
@Test
- public void testGetUserPermissionInPrj() {
+ public void testGetUserPermissionInPrj() throws IOException {
List<ProjectInstance> projects = projectController.getProjects(10000, 0);
assertTrue(projects.size() > 0);
ProjectInstance project = projects.get(0);
- ManagedUser user = new ManagedUser("u", "kylin", false, "all_users");
+ ManagedUser user = new ManagedUser("u", "kylin", false, "all_users", "g1", "g2", "g3", "g4");
userService.createUser(user);
grantPermission("g1", READ, project.getUuid());
@@ -249,7 +254,7 @@ public class AccessControllerTest extends ServiceTestBase implements AclEntityTy
return accessRequest;
}
- private void grantPermission(String sid, String permission, String uuid) {
+ private void grantPermission(String sid, String permission, String uuid) throws IOException {
swichToAdmin();
AccessRequest groupAccessRequest = getAccessRequest(sid, permission, false);
accessController.grant(PROJECT_INSTANCE, uuid, groupAccessRequest);
diff --git a/server/src/test/java/org/apache/kylin/rest/util/AclUtilTest.java b/server/src/test/java/org/apache/kylin/rest/util/AclUtilTest.java
index b8fbe5f..18e5bf5 100644
--- a/server/src/test/java/org/apache/kylin/rest/util/AclUtilTest.java
+++ b/server/src/test/java/org/apache/kylin/rest/util/AclUtilTest.java
@@ -32,6 +32,8 @@ import org.springframework.security.authentication.TestingAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
+import java.io.IOException;
+
public class AclUtilTest extends ServiceTestBase {
@Autowired
AccessController accessController;
@@ -40,7 +42,7 @@ public class AclUtilTest extends ServiceTestBase {
AclUtil aclUtil;
@Test
- public void testBasic() {
+ public void testBasic() throws IOException {
final String PROJECT = "default";
final String ANALYST = "ANALYST";
final String ADMIN = "ADMIN";
--
To stop receiving notification emails like this one, please contact
billyliu@apache.org.