You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@kyuubi.apache.org by ch...@apache.org on 2023/04/04 03:05:14 UTC

[kyuubi] branch master updated: [KYUUBI #4622][UI] Session api use admin api for security

This is an automated email from the ASF dual-hosted git repository.

chengpan pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/kyuubi.git


The following commit(s) were added to refs/heads/master by this push:
     new 0c6ba9493 [KYUUBI #4622][UI] Session api use admin api for security
0c6ba9493 is described below

commit 0c6ba949302161f74be69051ceef57add3fedca1
Author: zwangsheng <22...@qq.com>
AuthorDate: Tue Apr 4 11:05:06 2023 +0800

    [KYUUBI #4622][UI] Session api use admin api for security
    
    ### _Why are the changes needed?_
    
    Close #4622
    
    Currently, we don't have a login for the UI, so we can't differentiate between users.
    
    So, we currently maintain a cautious attitude towards the kyuubi ui open API(especially the ability to delete resources) and choose `AdminResource`, which helps us filter non-Admin requests (although the current strategy is not perfect, it is a safe and quick step).
    
    Change api `api/v1/XXX` => `api/v1/admin/XXX`
    
    ### _How was this patch tested?_
    - [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible
    
    - [ ] Add screenshots for manual tests if appropriate
    
    - [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request
    
    Closes #4631 from zwangsheng/KYUUBI_4622.
    
    Closes #4622
    
    3a611896f [zwangsheng] [KYUUBI #4622][UI] Session api use admin resource for security
    
    Authored-by: zwangsheng <22...@qq.com>
    Signed-off-by: Cheng Pan <ch...@apache.org>
---
 kyuubi-server/web-ui/src/api/session/index.ts | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/kyuubi-server/web-ui/src/api/session/index.ts b/kyuubi-server/web-ui/src/api/session/index.ts
index 6af5a817f..5f3c74fef 100644
--- a/kyuubi-server/web-ui/src/api/session/index.ts
+++ b/kyuubi-server/web-ui/src/api/session/index.ts
@@ -19,14 +19,14 @@ import request from '@/utils/request'
 
 export function getAllSessions() {
   return request({
-    url: 'api/v1/sessions',
+    url: 'api/v1/admin/sessions',
     method: 'get'
   })
 }
 
 export function deleteSession(sessionId: string) {
   return request({
-    url: `api/v1/sessions/${sessionId}`,
+    url: `api/v1/admin/sessions/${sessionId}`,
     method: 'delete'
   })
 }