[09/26] kylin git commit: #476 enable model read permission when grant cube permissions

[li...@apache.org]

#476 enable model read permission when grant cube permissions


Project: http://git-wip-us.apache.org/repos/asf/kylin/repo
Commit: http://git-wip-us.apache.org/repos/asf/kylin/commit/8ca0d321
Tree: http://git-wip-us.apache.org/repos/asf/kylin/tree/8ca0d321
Diff: http://git-wip-us.apache.org/repos/asf/kylin/diff/8ca0d321

Branch: refs/heads/kylin-2.1.x
Commit: 8ca0d3217453929d0ac0c3078d9e78e769f852b0
Parents: 7f79083
Author: Roger Shi <ro...@hotmail.com>
Authored: Thu Jun 29 17:23:13 2017 +0800
Committer: liyang-gmt8 <li...@apache.org>
Committed: Thu Jun 29 18:05:01 2017 +0800

----------------------------------------------------------------------
 .../kylin/rest/controller2/AccessControllerV2.java  | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/kylin/blob/8ca0d321/server-base/src/main/java/org/apache/kylin/rest/controller2/AccessControllerV2.java
----------------------------------------------------------------------
diff --git a/server-base/src/main/java/org/apache/kylin/rest/controller2/AccessControllerV2.java b/server-base/src/main/java/org/apache/kylin/rest/controller2/AccessControllerV2.java
index 1ca8652..bd7d897 100644
--- a/server-base/src/main/java/org/apache/kylin/rest/controller2/AccessControllerV2.java
+++ b/server-base/src/main/java/org/apache/kylin/rest/controller2/AccessControllerV2.java
@@ -21,12 +21,15 @@ package org.apache.kylin.rest.controller2;
 import java.io.IOException;
 
 import org.apache.kylin.common.persistence.AclEntity;
+import org.apache.kylin.cube.CubeInstance;
 import org.apache.kylin.rest.controller.BasicController;
 import org.apache.kylin.rest.request.AccessRequest;
 import org.apache.kylin.rest.response.EnvelopeResponse;
 import org.apache.kylin.rest.response.ResponseCode;
+import org.apache.kylin.rest.security.AclEntityType;
 import org.apache.kylin.rest.security.AclPermissionFactory;
 import org.apache.kylin.rest.service.AccessService;
+import org.apache.kylin.rest.service.CubeService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.security.acls.model.Acl;
@@ -51,6 +54,10 @@ public class AccessControllerV2 extends BasicController {
     @Qualifier("accessService")
     private AccessService accessService;
 
+    @Autowired
+    @Qualifier("cubeMgmtService")
+    private CubeService cubeService;
+
     /**
      * Get access entry list of a domain object
      * 
@@ -100,6 +107,15 @@ public class AccessControllerV2 extends BasicController {
         Permission permission = AclPermissionFactory.getPermission(accessRequest.getPermission());
         Acl acl = accessService.grant(ae, permission, sid);
 
+        if (AclEntityType.CUBE_INSTANCE.equals(type)) {
+            CubeInstance instance = cubeService.getCubeManager().getCubeByUuid(uuid);
+            if (instance != null) {
+                AclEntity model = accessService.getAclEntity(AclEntityType.DATA_MODEL_DESC, instance.getModel().getUuid());
+                // FIXME: should not always grant
+                accessService.grant(model, permission, sid);
+            }
+        }
+
         return new EnvelopeResponse(ResponseCode.CODE_SUCCESS, accessService.generateAceResponses(acl), "");
     }