You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by jo...@apache.org on 2014/08/15 15:16:28 UTC
[02/12] git commit: AMBARI-6852. Views: views list from API is not
respecting privileges. Fix for Admin view.
AMBARI-6852. Views: views list from API is not respecting privileges. Fix for Admin view.
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/1e442401
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/1e442401
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/1e442401
Branch: refs/heads/branch-alerts-dev
Commit: 1e4424018686a2a86dadfad0a3e45fe3b1a1fedb
Parents: 6068006
Author: Siddharth Wagle <sw...@hortonworks.com>
Authored: Thu Aug 14 18:37:24 2014 -0700
Committer: Jonathan Hurley <jh...@hortonworks.com>
Committed: Fri Aug 15 09:15:57 2014 -0400
----------------------------------------------------------------------
.../internal/ViewResourceProvider.java | 25 +---
.../apache/ambari/server/view/ViewRegistry.java | 36 +++++
.../ambari/server/view/ViewRegistryTest.java | 137 +++++++++++++++----
3 files changed, 149 insertions(+), 49 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/1e442401/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ViewResourceProvider.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ViewResourceProvider.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ViewResourceProvider.java
index 6a83793..bc92a91 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ViewResourceProvider.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ViewResourceProvider.java
@@ -28,7 +28,6 @@ import org.apache.ambari.server.controller.spi.ResourceAlreadyExistsException;
import org.apache.ambari.server.controller.spi.SystemException;
import org.apache.ambari.server.controller.spi.UnsupportedPropertyException;
import org.apache.ambari.server.orm.entities.ViewEntity;
-import org.apache.ambari.server.orm.entities.ViewInstanceEntity;
import org.apache.ambari.server.view.ViewRegistry;
import java.util.Collections;
@@ -103,7 +102,7 @@ public class ViewResourceProvider extends AbstractResourceProvider {
for (ViewEntity viewDefinition : viewRegistry.getDefinitions()){
if (viewName == null || viewName.equals(viewDefinition.getCommonName())) {
- if (includeDefinition(viewDefinition, true)) {
+ if (viewRegistry.includeDefinition(viewDefinition)) {
Resource resource = new ResourceImpl(Resource.Type.View);
setResourceProperty(resource, VIEW_NAME_PROPERTY_ID, viewDefinition.getCommonName(), requestedIds);
@@ -133,28 +132,6 @@ public class ViewResourceProvider extends AbstractResourceProvider {
return keyPropertyIds;
}
- /**
- * Determine whether or not the given view definition resource should be included
- * based on the permissions granted to the current user.
- *
- * @param definitionEntity the view definition entity
- * @param readOnly indicate whether or not this is for a read only operation
- *
- * @return true if the view instance should be included based on the permissions of the current user
- */
- private boolean includeDefinition(ViewEntity definitionEntity, boolean readOnly) {
-
- ViewRegistry viewRegistry = ViewRegistry.getInstance();
-
- boolean allowed = false;
-
- for (ViewInstanceEntity instanceEntity: definitionEntity.getInstances()) {
- allowed |= viewRegistry.checkPermission(instanceEntity, readOnly);
- }
-
- return allowed;
- }
-
// ----- AbstractResourceProvider ------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/1e442401/ambari-server/src/main/java/org/apache/ambari/server/view/ViewRegistry.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/view/ViewRegistry.java b/ambari-server/src/main/java/org/apache/ambari/server/view/ViewRegistry.java
index 0acbb62..82d84f6 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/view/ViewRegistry.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/view/ViewRegistry.java
@@ -720,6 +720,42 @@ public class ViewRegistry {
return (resourceEntity == null && readOnly) || checkAuthorization(resourceEntity);
}
+ /**
+ * Determine whether or not the given view definition resource should be included
+ * based on the permissions granted to the current user.
+ *
+ * @param definitionEntity the view definition entity
+ * @param readOnly indicate whether or not this is for a read only operation
+ *
+ * @return true if the view instance should be included based on the permissions of the current user
+ */
+ public boolean includeDefinition(ViewEntity definitionEntity) {
+
+ ViewRegistry viewRegistry = ViewRegistry.getInstance();
+
+ for (GrantedAuthority grantedAuthority : securityHelper.getCurrentAuthorities()) {
+ if (grantedAuthority instanceof AmbariGrantedAuthority) {
+
+ AmbariGrantedAuthority authority = (AmbariGrantedAuthority) grantedAuthority;
+ PrivilegeEntity privilegeEntity = authority.getPrivilegeEntity();
+ Integer permissionId = privilegeEntity.getPermission().getId();
+
+ // admin has full access
+ if (permissionId.equals(PermissionEntity.AMBARI_ADMIN_PERMISSION)) {
+ return true;
+ }
+ }
+ }
+
+ boolean allowed = false;
+
+ for (ViewInstanceEntity instanceEntity: definitionEntity.getInstances()) {
+ allowed |= viewRegistry.checkPermission(instanceEntity, true);
+ }
+
+ return allowed;
+ }
+
// ----- helper methods ----------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/1e442401/ambari-server/src/test/java/org/apache/ambari/server/view/ViewRegistryTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/view/ViewRegistryTest.java b/ambari-server/src/test/java/org/apache/ambari/server/view/ViewRegistryTest.java
index 5a95ee8..77990a7 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/view/ViewRegistryTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/view/ViewRegistryTest.java
@@ -18,6 +18,32 @@
package org.apache.ambari.server.view;
+import static org.easymock.EasyMock.createMock;
+import static org.easymock.EasyMock.createNiceMock;
+import static org.easymock.EasyMock.expect;
+import static org.easymock.EasyMock.replay;
+import static org.easymock.EasyMock.verify;
+
+import java.io.File;
+import java.io.FileNotFoundException;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.MalformedURLException;
+import java.net.URI;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Properties;
+import java.util.Set;
+import java.util.jar.JarEntry;
+import java.util.jar.JarFile;
+
+import javax.xml.bind.JAXBException;
+
import org.apache.ambari.server.api.resources.SubResourceDefinition;
import org.apache.ambari.server.configuration.Configuration;
import org.apache.ambari.server.controller.spi.Resource;
@@ -29,6 +55,8 @@ import org.apache.ambari.server.orm.dao.ResourceTypeDAO;
import org.apache.ambari.server.orm.dao.UserDAO;
import org.apache.ambari.server.orm.dao.ViewDAO;
import org.apache.ambari.server.orm.dao.ViewInstanceDAO;
+import org.apache.ambari.server.orm.entities.PermissionEntity;
+import org.apache.ambari.server.orm.entities.PrivilegeEntity;
import org.apache.ambari.server.orm.entities.ResourceEntity;
import org.apache.ambari.server.orm.entities.ResourceTypeEntity;
import org.apache.ambari.server.orm.entities.ViewEntity;
@@ -37,6 +65,7 @@ import org.apache.ambari.server.orm.entities.ViewInstanceDataEntity;
import org.apache.ambari.server.orm.entities.ViewInstanceEntity;
import org.apache.ambari.server.orm.entities.ViewInstanceEntityTest;
import org.apache.ambari.server.security.SecurityHelper;
+import org.apache.ambari.server.security.authorization.AmbariGrantedAuthority;
import org.apache.ambari.server.view.configuration.InstanceConfig;
import org.apache.ambari.server.view.configuration.InstanceConfigTest;
import org.apache.ambari.server.view.configuration.PropertyConfig;
@@ -53,31 +82,7 @@ import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
-
-import javax.xml.bind.JAXBException;
-
-import java.io.File;
-import java.io.FileNotFoundException;
-import java.io.FileOutputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.net.MalformedURLException;
-import java.net.URI;
-import java.util.Collection;
-import java.util.Collections;
-import java.util.Enumeration;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.Properties;
-import java.util.Set;
-import java.util.jar.JarEntry;
-import java.util.jar.JarFile;
-
-import static org.easymock.EasyMock.createMock;
-import static org.easymock.EasyMock.createNiceMock;
-import static org.easymock.EasyMock.expect;
-import static org.easymock.EasyMock.replay;
-import static org.easymock.EasyMock.verify;
+import org.springframework.security.core.GrantedAuthority;
/**
* ViewRegistry tests.
@@ -745,6 +750,88 @@ public class ViewRegistryTest {
verify(viewDAO, viewInstanceDAO, securityHelper);
}
+ @Test
+ public void testIncludeDefinitionForAdmin() {
+ ViewRegistry viewRegistry = ViewRegistry.getInstance();
+ ViewEntity viewEntity = createNiceMock(ViewEntity.class);
+ SecurityHelper securityHelper = createNiceMock(SecurityHelper.class);
+ AmbariGrantedAuthority adminAuthority = createNiceMock(AmbariGrantedAuthority.class);
+ PrivilegeEntity privilegeEntity = createNiceMock(PrivilegeEntity.class);
+ PermissionEntity permissionEntity = createNiceMock(PermissionEntity.class);
+
+ viewRegistry.setSecurityHelper(securityHelper);
+
+ Collection<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
+ authorities.add(adminAuthority);
+
+ securityHelper.getCurrentAuthorities();
+ EasyMock.expectLastCall().andReturn(authorities);
+ expect(adminAuthority.getPrivilegeEntity()).andReturn(privilegeEntity);
+ expect(privilegeEntity.getPermission()).andReturn(permissionEntity);
+ expect(permissionEntity.getId()).andReturn(PermissionEntity.AMBARI_ADMIN_PERMISSION);
+ replay(securityHelper, adminAuthority, privilegeEntity, permissionEntity);
+
+ Assert.assertTrue(viewRegistry.includeDefinition(viewEntity));
+
+ verify(securityHelper, adminAuthority, privilegeEntity, permissionEntity);
+ }
+
+ @Test
+ public void testIncludeDefinitionForUserNoInstances() {
+ ViewRegistry viewRegistry = ViewRegistry.getInstance();
+ ViewEntity viewEntity = createNiceMock(ViewEntity.class);
+ SecurityHelper securityHelper = createNiceMock(SecurityHelper.class);
+
+ viewRegistry.setSecurityHelper(securityHelper);
+
+ Collection<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
+
+ Collection<ViewInstanceEntity> instances = new ArrayList<ViewInstanceEntity>();
+
+ securityHelper.getCurrentAuthorities();
+ EasyMock.expectLastCall().andReturn(authorities);
+ expect(viewEntity.getInstances()).andReturn(instances);
+ replay(securityHelper, viewEntity);
+
+ Assert.assertFalse(viewRegistry.includeDefinition(viewEntity));
+
+ verify(securityHelper, viewEntity);
+ }
+
+ @Test
+ public void testIncludeDefinitionForUserHasAccess() {
+ ViewRegistry viewRegistry = ViewRegistry.getInstance();
+ ViewEntity viewEntity = createNiceMock(ViewEntity.class);
+ SecurityHelper securityHelper = createNiceMock(SecurityHelper.class);
+ ViewInstanceEntity instanceEntity = createNiceMock(ViewInstanceEntity.class);
+ ResourceEntity resourceEntity = createNiceMock(ResourceEntity.class);
+ AmbariGrantedAuthority viewUseAuthority = createNiceMock(AmbariGrantedAuthority.class);
+ PrivilegeEntity privilegeEntity = createNiceMock(PrivilegeEntity.class);
+ PermissionEntity permissionEntity = createNiceMock(PermissionEntity.class);
+
+ viewRegistry.setSecurityHelper(securityHelper);
+
+ Collection<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
+ authorities.add(viewUseAuthority);
+
+ Collection<ViewInstanceEntity> instances = new ArrayList<ViewInstanceEntity>();
+ instances.add(instanceEntity);
+
+ expect(viewEntity.getInstances()).andReturn(instances);
+ expect(instanceEntity.getResource()).andReturn(resourceEntity);
+ expect(viewUseAuthority.getPrivilegeEntity()).andReturn(privilegeEntity).anyTimes();
+ expect(privilegeEntity.getPermission()).andReturn(permissionEntity).anyTimes();
+ expect(privilegeEntity.getResource()).andReturn(resourceEntity).anyTimes();
+ expect(permissionEntity.getId()).andReturn(PermissionEntity.VIEW_USE_PERMISSION).anyTimes();
+ securityHelper.getCurrentAuthorities();
+ EasyMock.expectLastCall().andReturn(authorities).anyTimes();
+ replay(securityHelper, viewEntity, instanceEntity, viewUseAuthority, privilegeEntity, permissionEntity);
+
+ Assert.assertTrue(viewRegistry.includeDefinition(viewEntity));
+
+ verify(securityHelper, viewEntity, instanceEntity, viewUseAuthority, privilegeEntity, permissionEntity);
+ }
+
@Before
public void before() throws Exception {
clear();